;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 64968EBEEA637FFFAD82F3B2876AFE73
; File Name : u:\work\64968ebeea637fffad82f3b2876afe73_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001C000 ( 114688.)
; Section size in file : 0001C000 ( 114688.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401141+79�p
; sub_4011D3+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403332
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40101C proc near ; CODE XREF: sub_4012AC+50�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F60
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_40101C endp
; ---------------------------------------------------------------------------
mov dword ptr [ecx], offset off_41D324
jmp sub_40308A
; ---------------------------------------------------------------------------
loc_401043: ; DATA XREF: c.7ld2ih:off_41D324�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D324
call sub_40308A
test byte ptr [esp+8], 1
jz short loc_40105F
push esi
call sub_40332D
pop ecx
loc_40105F: ; CODE XREF: .text:00401056�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_401065 proc near ; CODE XREF: sub_40121E+43�p
; sub_4016BA+43�p ...
push 4
mov eax, offset loc_41C8FC
call sub_40497C
mov esi, ecx
mov [ebp-10h], esi
call sub_402FBB
and dword ptr [ebp-4], 0
push dword ptr [ebp+8]
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D330
call sub_401111
mov eax, esi
call sub_404A1B
retn 4
sub_401065 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40109A proc near ; CODE XREF: .text:004010C8�p
; .text:004010E7�j ...
push esi
mov esi, ecx
push 0
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D330
call sub_4011D3
mov ecx, esi
pop esi
jmp sub_40308A
sub_40109A endp
; =============== S U B R O U T I N E =======================================
sub_4010B7 proc near ; DATA XREF: c.7ld2ih:0041D334�o
; c.7ld2ih:0041D340�o ...
cmp dword ptr [ecx+24h], 10h
jb short loc_4010C1
mov eax, [ecx+10h]
retn
; ---------------------------------------------------------------------------
loc_4010C1: ; CODE XREF: sub_4010B7+4�j
lea eax, [ecx+10h]
retn
sub_4010B7 endp
; ---------------------------------------------------------------------------
loc_4010C5: ; DATA XREF: c.7ld2ih:off_41D330�o
push esi
mov esi, ecx
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_4010DB
push esi
call sub_40332D
pop ecx
loc_4010DB: ; CODE XREF: .text:004010D2�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
mov dword ptr [ecx], offset off_41D33C
jmp sub_40109A
; ---------------------------------------------------------------------------
loc_4010EC: ; DATA XREF: c.7ld2ih:off_41D33C�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D33C
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_401108
push esi
call sub_40332D
pop ecx
loc_401108: ; CODE XREF: .text:004010FF�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
retn 1Ch
; =============== S U B R O U T I N E =======================================
sub_401111 proc near ; CODE XREF: sub_401065+26�p
; sub_4013E6+2B�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_401141
mov eax, esi
pop esi
retn 4
sub_401111 endp
; ---------------------------------------------------------------------------
loc_401137: ; CODE XREF: .text:0041C89E�j
; .text:0041C91A�j ...
push 0
push 1
call sub_4011D3
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401111+1B�p
; sub_401547+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_401159
call sub_402A79
loc_401159: ; CODE XREF: sub_401141+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_401169
mov esi, [ebp+arg_8]
loc_401169: ; CODE XREF: sub_401141+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_401187
push 0FFFFFFFFh
add esi, eax
push esi
call sub_4012AC
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_4012AC
jmp short loc_4011CA
; ---------------------------------------------------------------------------
loc_401187: ; CODE XREF: sub_401141+2C�j
push 0
push esi
call sub_401337
test al, al
jz short loc_4011CA
cmp dword ptr [edi+18h], 10h
jb short loc_40119E
mov edi, [edi+4]
jmp short loc_4011A1
; ---------------------------------------------------------------------------
loc_40119E: ; CODE XREF: sub_401141+56�j
add edi, 4
loc_4011A1: ; CODE XREF: sub_401141+5B�j
mov ecx, [ebx+18h]
cmp ecx, 10h
jb short loc_4011AE
mov eax, [ebx+4]
jmp short loc_4011B1
; ---------------------------------------------------------------------------
loc_4011AE: ; CODE XREF: sub_401141+66�j
lea eax, [ebx+4]
loc_4011B1: ; CODE XREF: sub_401141+6B�j
mov edx, [ebp+arg_4]
push esi
add edi, edx
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push esi
mov ecx, ebx
call sub_40131B
loc_4011CA: ; CODE XREF: sub_401141+44�j
; sub_401141+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_401141 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4011D3 proc near ; CODE XREF: sub_40109A+10�p
; .text:0040113B�p ...
arg_0 = byte ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_401208
cmp dword ptr [esi+18h], 10h
jb short loc_401208
cmp [esp+4+arg_4], 0
lea eax, [esi+4]
push edi
mov edi, [eax]
jbe short loc_401200
push [esp+8+arg_4]
push edi
push 10h
push eax
call sub_401000
add esp, 10h
loc_401200: ; CODE XREF: sub_4011D3+1B�j
push edi
call sub_40332D
pop ecx
pop edi
loc_401208: ; CODE XREF: sub_4011D3+8�j
; sub_4011D3+E�j
push [esp+4+arg_4]
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_40131B
pop esi
retn 8
sub_4011D3 endp
; =============== S U B R O U T I N E =======================================
sub_40121E proc near ; CODE XREF: sub_41C22E+4A�p
push 44h
mov eax, offset loc_41C9FC
call sub_40497C
push dword ptr [ebp+10h]
mov esi, [ebp+0Ch]
push dword ptr [esi+4]
push esi
call sub_401395
mov ecx, 0FC0FC0h
sub ecx, dword_435694
cmp ecx, 1
jnb short loc_40127B
push offset dword_420B0C
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_421C98
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D33C
call sub_40456B
loc_40127B: ; CODE XREF: sub_40121E+29�j
inc dword_435694
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_404A1B
retn 0Ch
sub_40121E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401291 proc near ; CODE XREF: .text:loc_41CAEB�p
push 10Ch
call sub_40340B
test eax, eax
pop ecx
jz short loc_4012A2
mov [eax], eax
loc_4012A2: ; CODE XREF: sub_401291+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_4012AB
mov [ecx], eax
locret_4012AB: ; CODE XREF: sub_401291+16�j
retn
sub_401291 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012AC proc near ; CODE XREF: sub_401141+33�p
; sub_401141+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
cmp [esi+14h], edi
jnb short loc_4012C0
call sub_402A79
loc_4012C0: ; CODE XREF: sub_4012AC+D�j
mov eax, [esi+14h]
sub eax, edi
cmp eax, [ebp+arg_4]
jnb short loc_4012CD
mov [ebp+arg_4], eax
loc_4012CD: ; CODE XREF: sub_4012AC+1C�j
cmp [ebp+arg_4], 0
jbe short loc_401313
mov ecx, [esi+18h]
cmp ecx, 10h
push ebx
lea edx, [esi+4]
jb short loc_4012E3
mov ebx, [edx]
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_4012E3: ; CODE XREF: sub_4012AC+31�j
mov ebx, edx
loc_4012E5: ; CODE XREF: sub_4012AC+35�j
cmp ecx, 10h
jb short loc_4012EC
mov edx, [edx]
loc_4012EC: ; CODE XREF: sub_4012AC+3C�j
sub eax, [ebp+arg_4]
add ebx, edi
add ebx, [ebp+arg_4]
push eax
push ebx
sub ecx, edi
push ecx
add edx, edi
push edx
call sub_40101C
mov eax, [esi+14h]
sub eax, [ebp+arg_4]
add esp, 10h
push eax
mov ecx, esi
call sub_40131B
pop ebx
loc_401313: ; CODE XREF: sub_4012AC+25�j
pop edi
mov eax, esi
pop esi
pop ebp
retn 8
sub_4012AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40131B proc near ; CODE XREF: sub_401111+C�p
; sub_401141+84�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_40132D
mov ecx, [ecx+4]
jmp short loc_401330
; ---------------------------------------------------------------------------
loc_40132D: ; CODE XREF: sub_40131B+B�j
add ecx, 4
loc_401330: ; CODE XREF: sub_40131B+10�j
mov byte ptr [ecx+eax], 0
retn 4
sub_40131B endp
; =============== S U B R O U T I N E =======================================
sub_401337 proc near ; CODE XREF: sub_401141+49�p
; sub_401547+39�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_401349
call sub_402A3A
loc_401349: ; CODE XREF: sub_401337+B�j
cmp [esi+18h], edi
jnb short loc_40135B
push dword ptr [esi+14h]
mov ecx, esi
push edi
call sub_401442
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_401337+15�j
cmp [esp+8+arg_4], 0
jz short loc_40137C
cmp edi, 10h
jnb short loc_40137C
mov eax, [esi+14h]
cmp edi, eax
jnb short loc_401370
mov eax, edi
loc_401370: ; CODE XREF: sub_401337+35�j
push eax
push 1
mov ecx, esi
call sub_4011D3
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40137C: ; CODE XREF: sub_401337+29�j
; sub_401337+2E�j
test edi, edi
jnz short loc_401388
push edi
mov ecx, esi
call sub_40131B
loc_401388: ; CODE XREF: sub_401337+22�j
; sub_401337+43�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_401337 endp
; =============== S U B R O U T I N E =======================================
sub_401395 proc near ; CODE XREF: sub_40121E+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 10Ch
call sub_40340B
test eax, eax
pop ecx
jz short loc_4013AA
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_4013AA: ; CODE XREF: sub_401395+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_4013B7
mov edx, [esp+arg_4]
mov [ecx], edx
loc_4013B7: ; CODE XREF: sub_401395+1A�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_4013CA
push esi
mov esi, [esp+8+arg_8]
push 41h
pop ecx
rep movsd
pop esi
loc_4013CA: ; CODE XREF: sub_401395+28�j
pop edi
retn 0Ch
sub_401395 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D33C
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4013E6 proc near ; CODE XREF: .text:004013D5�p
; sub_402A79+46�p
push 4
mov eax, offset loc_41C8FC
call sub_40497C
mov esi, ecx
mov [ebp-10h], esi
mov edi, [ebp+8]
push edi
call sub_403032
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D330
call sub_401111
mov eax, esi
call sub_404A1B
retn 4
sub_4013E6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401420 proc near ; CODE XREF: sub_40121E+33�p
; sub_4016BA+33�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push [esp+4+arg_0]
mov ecx, esi
call sub_401524
mov eax, esi
pop esi
retn 4
sub_401420 endp
; =============== S U B R O U T I N E =======================================
sub_401442 proc near ; CODE XREF: sub_401337+1D�p
push 0Ch
mov eax, offset sub_41C8D9
call sub_4049AF
mov edi, ecx
mov [ebp-18h], edi
mov esi, [ebp+8]
or esi, 0Fh
cmp esi, 0FFFFFFFEh
jbe short loc_401463
mov esi, [ebp+8]
jmp short loc_401488
; ---------------------------------------------------------------------------
loc_401463: ; CODE XREF: sub_401442+1A�j
xor edx, edx
push 3
mov eax, esi
pop ebx
div ebx
mov ecx, [edi+18h]
mov [ebp-14h], ecx
shr dword ptr [ebp-14h], 1
mov edx, [ebp-14h]
cmp eax, edx
jnb short loc_401488
push 0FFFFFFFEh
pop eax
sub eax, edx
cmp ecx, eax
ja short loc_401488
lea esi, [edx+ecx]
loc_401488: ; CODE XREF: sub_401442+1F�j
; sub_401442+38�j ...
and dword ptr [ebp-4], 0
lea eax, [esi+1]
push 0
push eax
call sub_4015ED
pop ecx
pop ecx
mov ebx, eax
jmp short loc_4014C7
; ---------------------------------------------------------------------------
mov eax, [ebp+8]
mov [ebp-10h], esp
mov [ebp+8], eax
inc eax
push 0
push eax
mov byte ptr [ebp-4], 2
call sub_4015ED
pop ecx
mov [ebp-14h], eax
pop ecx
mov eax, offset loc_4014BE
retn
; ---------------------------------------------------------------------------
loc_4014BE: ; DATA XREF: sub_401442+76�o
mov edi, [ebp-18h]
mov esi, [ebp+8]
mov ebx, [ebp-14h]
loc_4014C7: ; CODE XREF: sub_401442+59�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_4014EC
cmp dword ptr [edi+18h], 10h
jb short loc_4014D8
mov eax, [edi+4]
jmp short loc_4014DB
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_401442+8F�j
lea eax, [edi+4]
loc_4014DB: ; CODE XREF: sub_401442+94�j
push dword ptr [ebp+0Ch]
push eax
lea eax, [esi+1]
push eax
push ebx
call sub_401000
add esp, 10h
loc_4014EC: ; CODE XREF: sub_401442+89�j
push 0
push 1
mov ecx, edi
call sub_4011D3
push dword ptr [ebp+0Ch]
mov ecx, edi
mov [edi+4], ebx
mov [edi+18h], esi
call sub_40131B
call sub_404A1B
retn 8
sub_401442 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
xor esi, esi
push esi
push 1
call sub_4011D3
push esi
push esi
call sub_40456B
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
sub_401524 proc near ; CODE XREF: sub_401420+17�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
lea edx, [eax+1]
loc_40152E: ; CODE XREF: sub_401524+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40152E
sub eax, edx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_401547
pop esi
retn 4
sub_401524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401547 proc near ; CODE XREF: sub_401524+1A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_4015B9
test al, al
jz short loc_401579
cmp dword ptr [esi+18h], 10h
jb short loc_401566
mov eax, [esi+4]
jmp short loc_401569
; ---------------------------------------------------------------------------
loc_401566: ; CODE XREF: sub_401547+18�j
lea eax, [esi+4]
loc_401569: ; CODE XREF: sub_401547+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_401141
jmp short loc_4015B3
; ---------------------------------------------------------------------------
loc_401579: ; CODE XREF: sub_401547+12�j
push 0
push [ebp+arg_4]
mov ecx, esi
call sub_401337
test al, al
jz short loc_4015B1
mov ecx, [esi+18h]
cmp ecx, 10h
jb short loc_401596
mov eax, [esi+4]
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401596: ; CODE XREF: sub_401547+48�j
lea eax, [esi+4]
loc_401599: ; CODE XREF: sub_401547+4D�j
push [ebp+arg_4]
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push [ebp+arg_4]
mov ecx, esi
call sub_40131B
loc_4015B1: ; CODE XREF: sub_401547+40�j
mov eax, esi
loc_4015B3: ; CODE XREF: sub_401547+30�j
pop edi
pop esi
pop ebp
retn 8
sub_401547 endp
; =============== S U B R O U T I N E =======================================
sub_4015B9 proc near ; CODE XREF: sub_401547+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_4015C9
mov edx, [eax]
jmp short loc_4015CB
; ---------------------------------------------------------------------------
loc_4015C9: ; CODE XREF: sub_4015B9+A�j
mov edx, eax
loc_4015CB: ; CODE XREF: sub_4015B9+E�j
cmp [esp+4+arg_0], edx
jb short loc_4015E7
cmp esi, 10h
jb short loc_4015D8
mov eax, [eax]
loc_4015D8: ; CODE XREF: sub_4015B9+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp ecx, [esp+4+arg_0]
jbe short loc_4015E7
mov al, 1
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015E7: ; CODE XREF: sub_4015B9+16�j
; sub_4015B9+28�j
xor al, al
loc_4015E9: ; CODE XREF: sub_4015B9+2C�j
pop esi
retn 4
sub_4015B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015ED proc near ; CODE XREF: sub_401442+50�p
; sub_401442+6C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
sub esp, 0Ch
test ecx, ecx
ja short loc_401605
xor ecx, ecx
loc_4015FC: ; CODE XREF: sub_4015ED+22�j
push ecx
call sub_40340B
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_401605: ; CODE XREF: sub_4015ED+B�j
or eax, 0FFFFFFFFh
xor edx, edx
div ecx
cmp eax, 1
jnb short loc_4015FC
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
call sub_402FCC
push offset dword_421CD0
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D324
call sub_40456B
int 3 ; Trap to Debugger
push esi
push [esp+10h+var_8]
mov esi, ecx
call sub_403032
mov dword ptr [esi], offset off_41D324
mov eax, esi
pop esi
retn 4
sub_4015ED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40164F proc near ; CODE XREF: .text:00401F49�p
; .text:00402025�p ...
cmp dword ptr [esi], 0
jnz short loc_401659
call sub_40331D
loc_401659: ; CODE XREF: sub_40164F+3�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_401668
call sub_40331D
loc_401668: ; CODE XREF: sub_40164F+12�j
mov eax, [esi+4]
add eax, 8
retn
sub_40164F endp
; =============== S U B R O U T I N E =======================================
sub_40166F proc near ; CODE XREF: .text:00401F3B�p
; .text:00402017�p ...
mov eax, [esi]
test eax, eax
jz short loc_401679
cmp eax, [edi]
jz short loc_40167E
loc_401679: ; CODE XREF: sub_40166F+4�j
call sub_40331D
loc_40167E: ; CODE XREF: sub_40166F+8�j
mov eax, [esi+4]
xor ecx, ecx
cmp eax, [edi+4]
setnz cl
mov al, cl
retn
sub_40166F endp
; =============== S U B R O U T I N E =======================================
sub_40168C proc near ; CODE XREF: .text:00401F64�p
; .text:00402040�p ...
cmp dword ptr [esi], 0
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
jnz short loc_4016A0
call sub_40331D
loc_4016A0: ; CODE XREF: sub_40168C+D�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_4016AF
call sub_40331D
loc_4016AF: ; CODE XREF: sub_40168C+1C�j
mov eax, [esi+4]
mov eax, [eax]
mov [esi+4], eax
mov eax, edi
retn
sub_40168C endp
; =============== S U B R O U T I N E =======================================
sub_4016BA proc near ; CODE XREF: sub_414884+54�p
push 48h
mov eax, offset loc_41C91F
call sub_40497C
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_401745
mov ecx, 3C3C3C3h
sub ecx, dword_4356A0
cmp ecx, 1
jnb short loc_401717
push offset dword_420B0C
lea ecx, [ebp-2Ch]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_401065
push offset dword_421C98
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_41D33C
call sub_40456B
loc_401717: ; CODE XREF: sub_4016BA+29�j
inc dword_4356A0
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_404A1B
retn 0Ch
sub_4016BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40172D proc near ; CODE XREF: .text:0041CB08�p
push 4Ch
call sub_40340B
test eax, eax
pop ecx
jz short loc_40173B
mov [eax], eax
loc_40173B: ; CODE XREF: sub_40172D+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_401744
mov [ecx], eax
locret_401744: ; CODE XREF: sub_40172D+13�j
retn
sub_40172D endp
; =============== S U B R O U T I N E =======================================
sub_401745 proc near ; CODE XREF: sub_4016BA+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 4Ch
call sub_40340B
test eax, eax
pop ecx
jz short loc_401757
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_401757: ; CODE XREF: sub_401745+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_401764
mov edx, [esp+arg_4]
mov [ecx], edx
loc_401764: ; CODE XREF: sub_401745+17�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_401777
push esi
mov esi, [esp+8+arg_8]
push 11h
pop ecx
rep movsd
pop esi
loc_401777: ; CODE XREF: sub_401745+25�j
pop edi
retn 0Ch
sub_401745 endp
; ---------------------------------------------------------------------------
push 4B8h
mov eax, offset loc_41CAC3
call sub_4049E5
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4BCh], eax
mov [ebp-4C0h], edi
jl loc_4019D5
mov esi, 0BFh
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407F20
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407F20
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41BDAA
push 0C0h
lea esi, [ebp-0D0h]
mov ebx, offset dword_426C10
call sub_419EC1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401817
cmp byte_426C0A, 0
jz loc_4019EB
loc_401817: ; CODE XREF: .text:00401808�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401823: ; CODE XREF: .text:0040183B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401841
test dl, dl
jz short loc_40183D
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401841
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401823
loc_40183D: ; CODE XREF: .text:0040182B�j
xor eax, eax
jmp short loc_401846
; ---------------------------------------------------------------------------
loc_401841: ; CODE XREF: .text:00401827�j
; .text:00401833�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401846: ; CODE XREF: .text:0040183F�j
test eax, eax
jnz loc_4019C8
push 327h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407F20
push dword ptr [ebp-4BCh]
mov esi, offset dword_420B28
push esi
mov edi, 0FFh
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402EAE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_40188A: ; CODE XREF: .text:0040188F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40188A
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402EAE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_4018BB: ; CODE XREF: .text:004018C0�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018BB
mov ebx, [ebp-4C0h]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402EAE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_4018EE: ; CODE XREF: .text:004018F3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018EE
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402EAE
lea eax, [ebp-295h]
add esp, 10h
lea esi, [eax+1]
loc_40191B: ; CODE XREF: .text:00401920�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40191B
sub eax, esi
mov [ebp+eax-295h], cl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 4
mov [ebp-193h], al
pop eax
cmp [ebp+1Ch], eax
jl short loc_40198B
mov [ebp-4BCh], eax
loc_40194B: ; CODE XREF: .text:0040197E�j
mov eax, [ebx+eax*4]
push 3
mov edi, offset dword_420B2C
mov esi, eax
pop ecx
xor edx, edx
repe cmpsb
jz short loc_401982
mov esi, eax
push 2
mov edi, offset dword_420B30
pop ecx
xor eax, eax
repe cmpsb
jz short loc_401982
mov eax, [ebp-4BCh]
inc eax
cmp eax, [ebp+1Ch]
mov [ebp-4BCh], eax
jle short loc_40194B
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: .text:0040195C�j
; .text:0040196C�j
mov byte ptr [ebp-195h], 1
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: .text:00401943�j
mov byte ptr [ebp-195h], 0
loc_401992: ; CODE XREF: .text:00401980�j
; .text:00401989�j
push 8
mov byte ptr [ebp-194h], 0
call sub_40340B
pop ecx
mov [ebp-4C0h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_4019EB
push offset sub_41BED6
lea ecx, [ebp-4B8h]
mov edi, offset dword_420B34
mov esi, eax
call sub_414884
jmp short loc_4019EB
; ---------------------------------------------------------------------------
loc_4019C8: ; CODE XREF: .text:00401848�j
push offset dword_420B38
push dword ptr [ebp-4BCh]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: .text:004017A9�j
push offset dword_420B4C
push eax
loc_4019DB: ; CODE XREF: .text:004019D3�j
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 10h
loc_4019EB: ; CODE XREF: .text:00401811�j
; .text:004019AD�j ...
call sub_404A2F
retn 1Ch
; ---------------------------------------------------------------------------
push 4B8h
mov eax, offset loc_41CA8E
call sub_4049E5
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4C0h], eax
mov [ebp-4BCh], edi
jl loc_401BFF
mov esi, 0BFh
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407F20
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407F20
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41BDAA
push 0C0h
lea esi, [ebp-0D0h]
mov ebx, offset dword_426E50
call sub_419EC1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401A8F
cmp byte_426C0A, 0
jz loc_401C15
loc_401A8F: ; CODE XREF: .text:00401A80�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401A9B: ; CODE XREF: .text:00401AB3�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401AB9
test dl, dl
jz short loc_401AB5
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401AB9
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401A9B
loc_401AB5: ; CODE XREF: .text:00401AA3�j
xor eax, eax
jmp short loc_401ABE
; ---------------------------------------------------------------------------
loc_401AB9: ; CODE XREF: .text:00401A9F�j
; .text:00401AAB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401ABE: ; CODE XREF: .text:00401AB7�j
test eax, eax
jnz loc_401BF2
push 327h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407F20
push dword ptr [ebp-4C0h]
mov esi, offset dword_420B28
push esi
mov edi, 0FFh
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402EAE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_401B02: ; CODE XREF: .text:00401B07�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B02
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402EAE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_401B33: ; CODE XREF: .text:00401B38�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B33
mov ebx, [ebp-4BCh]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402EAE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_401B66: ; CODE XREF: .text:00401B6B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B66
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402EAE
lea eax, [ebp-295h]
add esp, 10h
lea ecx, [eax+1]
loc_401B93: ; CODE XREF: .text:00401B98�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B93
sub eax, ecx
mov [ebp+eax-295h], dl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 8
mov [ebp-193h], al
mov byte ptr [ebp-195h], 1
mov byte ptr [ebp-194h], 1
call sub_40340B
pop ecx
mov [ebp-4BCh], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_401C15
push offset sub_41BED6
lea ecx, [ebp-4B8h]
mov edi, offset dword_420B34
mov esi, eax
call sub_414884
jmp short loc_401C15
; ---------------------------------------------------------------------------
loc_401BF2: ; CODE XREF: .text:00401AC0�j
push offset dword_420B64
push dword ptr [ebp-4C0h]
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: .text:00401A21�j
push offset dword_420B78
push eax
loc_401C05: ; CODE XREF: .text:00401BFD�j
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 10h
loc_401C15: ; CODE XREF: .text:00401A89�j
; .text:00401BD7�j ...
call sub_404A2F
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
xor edi, edi
inc edi
cmp [ebp+1Ch], edi
jl loc_401CF7
push esi
push 1F8h
call sub_402A08
mov esi, eax
push esi
call sub_402E05
push eax
push 0
push esi
call sub_407F20
add esp, 14h
cmp [ebp+1Ch], edi
jnz short loc_401C81
mov eax, [ebp+20h]
push dword ptr [eax+4]
push offset dword_420B28
push esi
call sub_402E05
pop ecx
dec eax
push eax
push esi
call sub_402EAE
mov eax, esi
add esp, 10h
lea edx, [eax+1]
loc_401C73: ; CODE XREF: .text:00401C78�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_401C73
sub eax, edx
mov [eax+esi], cl
jmp short loc_401CDB
; ---------------------------------------------------------------------------
loc_401C81: ; CODE XREF: .text:00401C4F�j
jl short loc_401CDB
push ebx
mov ebx, [ebp+20h]
loc_401C87: ; CODE XREF: .text:00401CD8�j
cmp edi, 1
jnz short loc_401CA8
push dword ptr [ebx+4]
push offset dword_420B28
push esi
call sub_402E05
pop ecx
dec eax
push eax
push esi
call sub_402EAE
add esp, 10h
jmp short loc_401CC3
; ---------------------------------------------------------------------------
loc_401CA8: ; CODE XREF: .text:00401C8A�j
push dword ptr [ebx+edi*4]
push esi
push offset dword_420BA0
push esi
call sub_402E05
pop ecx
dec eax
push eax
push esi
call sub_402EAE
add esp, 14h
loc_401CC3: ; CODE XREF: .text:00401CA6�j
mov eax, esi
lea ecx, [eax+1]
loc_401CC8: ; CODE XREF: .text:00401CCD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401CC8
sub eax, ecx
inc edi
cmp edi, [ebp+1Ch]
mov [eax+esi], dl
jle short loc_401C87
pop ebx
loc_401CDB: ; CODE XREF: .text:00401C7F�j
; .text:loc_401C81�j
push esi
push offset dword_420BA8
mov edi, offset dword_4283FC
call sub_417ABC
push esi
call sub_402F5B
add esp, 0Ch
pop esi
jmp short loc_401D07
; ---------------------------------------------------------------------------
loc_401CF7: ; CODE XREF: .text:00401C27�j
push offset dword_420BB4
mov edi, offset dword_4283FC
call sub_417ABC
pop ecx
loc_401D07: ; CODE XREF: .text:00401CF5�j
pop edi
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
cmp dword ptr [ebp+1Ch], 1
push edi
jl short loc_401D4A
cmp dword ptr [ebp+1Ch], 2
mov eax, [ebp+20h]
mov edi, offset dword_4283FC
jl short loc_401D39
push dword ptr [eax+8]
push dword ptr [eax+4]
push offset dword_420BC8
call sub_417ABC
add esp, 0Ch
jmp short loc_401D62
; ---------------------------------------------------------------------------
loc_401D39: ; CODE XREF: .text:00401D22�j
push dword ptr [eax+4]
push offset dword_420BD8
call sub_417ABC
pop ecx
pop ecx
jmp short loc_401D62
; ---------------------------------------------------------------------------
loc_401D4A: ; CODE XREF: .text:00401D14�j
push offset dword_420BE4
push dword ptr [ebp+18h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 10h
loc_401D62: ; CODE XREF: .text:00401D37�j
; .text:00401D48�j
pop edi
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
cmp dword ptr [esp+18h], 1
jl short loc_401D8A
mov eax, [esp+1Ch]
push edi
push dword ptr [eax+4]
mov edi, offset dword_4283FC
push offset dword_420C00
call sub_417ABC
pop ecx
pop ecx
pop edi
jmp short locret_401DA4
; ---------------------------------------------------------------------------
loc_401D8A: ; CODE XREF: .text:00401D6C�j
push offset dword_420BE4
push dword ptr [esp+18h]
push dword ptr [esp+10h]
push offset dword_4283FC
call sub_417B51
add esp, 10h
locret_401DA4: ; CODE XREF: .text:00401D88�j
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
mov eax, dword_423064
xor eax, ebp
mov [ebp-4], eax
mov eax, [ebp+18h]
push ebx
mov [ebp-118h], eax
push esi
push edi
xor eax, eax
xor ecx, ecx
mov [ebp-14h], cl
lea edi, [ebp-13h]
stosd
stosd
stosd
stosw
push 0FFh
stosb
push ecx
lea eax, [ebp-113h]
push eax
mov [ebp-114h], cl
call sub_407F20
push dword_4283FC
lea esi, [ebp-14h]
call sub_4197B6
push 100h
lea esi, [ebp-114h]
mov ebx, offset byte_426A49
call sub_419EC1
mov eax, esi
push eax
push dword_427FD4
lea eax, [ebp-14h]
push eax
push offset dword_420C24
push dword ptr [ebp-118h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
mov ecx, [ebp-4]
add esp, 30h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push 0FFFFFFFFh
push offset loc_41CA53
mov eax, large fs:0
push eax
sub esp, 130h
mov eax, dword_423064
xor eax, esp
mov [esp+128h], eax
push ebx
push esi
push edi
mov eax, dword_423064
xor eax, esp
push eax
lea eax, [esp+140h]
mov large fs:0, eax
mov edi, [ebp+18h]
mov esi, [ebp+20h]
push 104h
lea eax, [esp+30h]
push 0
push eax
mov [esp+1Ch], edi
call sub_407F20
add esp, 0Ch
push edi
push offset dword_420B28
lea eax, [esp+34h]
push 0FFh
push eax
call sub_402EAE
lea eax, [esp+3Ch]
add esp, 10h
lea ecx, [eax+1]
loc_401EC7: ; CODE XREF: .text:00401ECC�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401EC7
mov ebx, [ebp+0Ch]
sub eax, ecx
cmp dword ptr [ebp+1Ch], 1
mov [esp+eax+2Ch], dl
mov [esp+12Eh], bl
jl short loc_401EFE
push dword ptr [esi+4]
call sub_40416B
pop ecx
push dword ptr [esi+4]
mov word_435398, ax
call sub_40416B
pop ecx
jmp short loc_401F0A
; ---------------------------------------------------------------------------
loc_401EFE: ; CODE XREF: .text:00401EE2�j
mov ax, word_426C08
mov word_435398, ax
loc_401F0A: ; CODE XREF: .text:00401EFC�j
mov [esp+12Ch], ax
mov eax, dword_43569C
mov eax, [eax]
mov [esp+18h], eax
mov eax, offset dword_435698
mov [esp+14h], eax
mov [esp+1Ch], eax
loc_401F2A: ; CODE XREF: .text:00401F69�j
mov eax, dword_43569C
lea edi, [esp+1Ch]
lea esi, [esp+14h]
mov [esp+20h], eax
call sub_40166F
test al, al
jz short loc_401F6B
mov edi, offset dword_420C3C
call sub_40164F
mov esi, eax
add esi, 5
push 4
pop ecx
xor eax, eax
repe cmpsb
jz short loc_401F9A
lea edi, [esp+24h]
lea esi, [esp+14h]
call sub_40168C
jmp short loc_401F2A
; ---------------------------------------------------------------------------
loc_401F6B: ; CODE XREF: .text:00401F42�j
push 8
call sub_40340B
pop ecx
mov [esp+10h], eax
and dword ptr [esp+148h], 0
test eax, eax
jz short loc_401FB1
push offset sub_4145BE
lea ecx, [esp+30h]
mov edi, offset dword_420C3C
mov esi, eax
call sub_414884
jmp short loc_401FB1
; ---------------------------------------------------------------------------
loc_401F9A: ; CODE XREF: .text:00401F5A�j
push offset dword_420C40
push dword ptr [esp+14h]
push ebx
push offset dword_4283FC
call sub_417B51
add esp, 10h
loc_401FB1: ; CODE XREF: .text:00401F81�j
; .text:00401F98�j
mov ecx, [esp+140h]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
pop ebx
mov ecx, [esp+128h]
xor ecx, esp
call sub_402AD0
mov esp, ebp
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 18h
push esi
push edi
push dword_428528
call ds:dword_41D280
mov eax, dword_43569C
mov eax, [eax]
mov [esp+0Ch], eax
mov eax, offset dword_435698
mov [esp+8], eax
mov [esp+10h], eax
loc_402006: ; CODE XREF: .text:00402045�j
mov eax, dword_43569C
lea edi, [esp+10h]
lea esi, [esp+8]
mov [esp+14h], eax
call sub_40166F
test al, al
jz short loc_40205A
mov edi, offset dword_420C3C
call sub_40164F
mov esi, eax
add esi, 5
push 4
pop ecx
xor eax, eax
repe cmpsb
lea esi, [esp+8]
jz short loc_402047
lea edi, [esp+18h]
call sub_40168C
jmp short loc_402006
; ---------------------------------------------------------------------------
loc_402047: ; CODE XREF: .text:0040203A�j
call sub_40164F
mov eax, [eax]
call sub_4147FC
push offset dword_420C54
jmp short loc_40205F
; ---------------------------------------------------------------------------
loc_40205A: ; CODE XREF: .text:0040201E�j
push offset dword_420C68
loc_40205F: ; CODE XREF: .text:00402058�j
push dword ptr [ebp+18h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 10h
pop edi
pop esi
mov esp, ebp
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 444h
mov eax, dword_423064
xor eax, esp
mov [esp+440h], eax
mov eax, [ebp+18h]
push ebx
push esi
push edi
mov esi, 0FFh
push esi
mov [esp+18h], eax
xor ebx, ebx
lea eax, [esp+34Dh]
push ebx
push eax
mov byte ptr [esp+354h], 0
call sub_407F20
add esp, 0Ch
push esi
lea eax, [esp+14Dh]
push ebx
push eax
mov [esp+154h], bl
call sub_407F20
xor eax, eax
mov [esp+44h], bl
lea edi, [esp+45h]
stosd
stosd
stosd
stosw
add esp, 0Ch
push esi
stosb
lea eax, [esp+4Dh]
push ebx
push eax
mov [esp+54h], bl
call sub_407F20
add esp, 0Ch
push esi
lea eax, [esp+24Dh]
push ebx
push eax
mov [esp+254h], bl
call sub_407F20
add esp, 0Ch
push 8
pop ecx
xor eax, eax
lea edi, [esp+18h]
rep stosd
lea eax, [esp+18h]
mov ebx, 100h
push eax
mov [esp+14h], ebx
call ds:off_41D098
mov edi, [esp+20h]
mov ecx, [esp+24h]
shr edi, 14h
shr ecx, 14h
mov eax, edi
sub eax, ecx
push 1
mov ecx, ebx
lea esi, [esp+34Ch]
mov [esp+10h], eax
call sub_419641
pop ecx
call sub_41AD77
push 1
push ebx
lea esi, [esp+150h]
call sub_41960F
push dword_4283FC
lea esi, [esp+44h]
call sub_4197B6
add esp, 0Ch
lea eax, [esp+10h]
push eax
lea eax, [esp+4Ch]
push eax
call ds:off_41D048
push ebx
lea eax, [esp+24Ch]
push eax
call ds:off_41D0F0
call sub_419590
push dword_427FEC
lea eax, [esp+24Ch]
push dword_427FE8
push dword_427FE4
push dword_427FE0
push dword_427FDC
push dword_427FD8
push eax
lea eax, [esp+64h]
push eax
mov eax, esi
push eax
lea eax, [esp+16Ch]
push eax
push edi
push dword ptr [esp+38h]
mov esi, offset byte_428530
push dword_428630
lea eax, [esp+37Ch]
push esi
push dword_428634
push eax
push offset dword_420C90
push dword ptr [esp+58h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
push 108h
push 0
push esi
call sub_407F20
mov ecx, [esp+4A8h]
add esp, 5Ch
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402AD0
mov esp, ebp
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp-4], eax
push ebx
mov ebx, [ebp+18h]
push esi
push edi
push dword_4283FC
mov byte ptr [ebp-14h], 0
xor eax, eax
lea edi, [ebp-13h]
stosd
stosd
stosd
stosw
lea esi, [ebp-14h]
stosb
call sub_4197B6
pop ecx
mov eax, esi
push eax
call ds:dword_41D264
push 2
mov [ebp-18h], eax
push 4
lea eax, [ebp-18h]
push eax
call ds:dword_41D224
test eax, eax
jnz short loc_4022A9
mov eax, esi
push eax
push offset dword_420D18
push ebx
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 14h
jmp short loc_4022C5
; ---------------------------------------------------------------------------
loc_4022A9: ; CODE XREF: .text:0040228C�j
push dword ptr [eax]
lea eax, [ebp-14h]
push eax
push offset dword_420D30
push ebx
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 18h
loc_4022C5: ; CODE XREF: .text:004022A7�j
mov ecx, [ebp-4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn 1Ch
; ---------------------------------------------------------------------------
push 60h
mov eax, offset loc_41CA21
call sub_4049E5
mov eax, [ebp+18h]
mov [ebp-68h], eax
xor eax, eax
mov byte ptr [ebp-30h], 0
lea edi, [ebp-2Fh]
stosd
stosd
stosd
mov ebx, [ebp+20h]
stosw
and dword ptr [ebp-58h], 0
and dword ptr [ebp-48h], 0
stosb
xor eax, eax
mov byte ptr [ebp-20h], 0
lea edi, [ebp-1Fh]
stosd
stosd
stosd
stosw
stosb
or edi, 0FFFFFFFFh
cmp byte_43538D, 0
mov [ebp-50h], ebx
mov byte ptr [ebp-41h], 0
mov [ebp-5Ch], edi
mov [ebp-60h], edi
mov [ebp-64h], edi
mov [ebp-6Ch], edi
jnz short loc_40233D
call sub_41BD26
test al, al
jz loc_4027EC
loc_40233D: ; CODE XREF: .text:0040232E�j
cmp byte_4282F4, 0
jnz short loc_402353
call sub_419507
test al, al
jz loc_4027EC
loc_402353: ; CODE XREF: .text:00402344�j
and dword ptr [ebp-54h], 0
mov ecx, offset dword_424528
mov eax, ecx
lea esi, [eax+1]
loc_402361: ; CODE XREF: .text:00402366�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402361
jmp short loc_4023B0
; ---------------------------------------------------------------------------
loc_40236A: ; CODE XREF: .text:004023B2�j
mov edx, [ebx+4]
mov eax, ecx
loc_40236F: ; CODE XREF: .text:00402387�j
mov cl, [eax]
cmp cl, [edx]
jnz short loc_40238D
test cl, cl
jz short loc_402389
mov cl, [eax+1]
cmp cl, [edx+1]
jnz short loc_40238D
inc eax
inc eax
inc edx
inc edx
test cl, cl
jnz short loc_40236F
loc_402389: ; CODE XREF: .text:00402377�j
xor eax, eax
jmp short loc_402391
; ---------------------------------------------------------------------------
loc_40238D: ; CODE XREF: .text:00402373�j
; .text:0040237F�j
sbb eax, eax
sbb eax, edi
loc_402391: ; CODE XREF: .text:0040238B�j
test eax, eax
jz short loc_4023B6
inc dword ptr [ebp-54h]
mov ecx, [ebp-54h]
imul ecx, 2Ch
lea ecx, dword_424528[ecx]
mov eax, ecx
lea esi, [eax+1]
loc_4023A9: ; CODE XREF: .text:004023AE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4023A9
loc_4023B0: ; CODE XREF: .text:00402368�j
sub eax, esi
jnz short loc_40236A
jmp short loc_4023BB
; ---------------------------------------------------------------------------
loc_4023B6: ; CODE XREF: .text:00402393�j
cmp [ebp-54h], edi
jnz short loc_4023D8
loc_4023BB: ; CODE XREF: .text:004023B4�j
push offset dword_420D58
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 10h
jmp loc_4027EC
; ---------------------------------------------------------------------------
loc_4023D8: ; CODE XREF: .text:004023B9�j
mov esi, [ebx+8]
mov eax, esi
mov ecx, offset dword_420D70
call sub_419834
test eax, eax
jz short loc_4023FD
push dword ptr [ebx+0Ch]
mov byte ptr [ebp-41h], 1
call sub_40416B
pop ecx
mov [ebp-4Ch], eax
jmp short loc_40245A
; ---------------------------------------------------------------------------
loc_4023FD: ; CODE XREF: .text:004023E9�j
push esi
call sub_40416B
pop ecx
push 3
pop edx
cmp [ebp+1Ch], edx
mov [ebp-4Ch], eax
mov [ebp-48h], edx
jl short loc_402453
mov eax, edx
loc_402414: ; CODE XREF: .text:00402451�j
mov ecx, [ebp-50h]
mov eax, [ecx+eax*4]
mov edi, eax
mov esi, offset dword_420D78
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_4024A1
mov edi, eax
mov esi, offset dword_420D7C
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_402453
mov edi, eax
mov esi, offset dword_420D80
mov ecx, edx
xor eax, eax
repe cmpsb
jz short loc_4024A7
inc dword ptr [ebp-48h]
movzx eax, word ptr [ebp-48h]
cmp eax, [ebp+1Ch]
jle short loc_402414
loc_402453: ; CODE XREF: .text:00402410�j
; .text:00402436�j
mov dword ptr [ebp-48h], 1
loc_40245A: ; CODE XREF: .text:004023FB�j
; .text:004024A5�j ...
xor eax, eax
loc_40245C: ; CODE XREF: .text:00402472�j
cmp byte_428749[eax], 0
jz short loc_402468
inc dword ptr [ebp-58h]
loc_402468: ; CODE XREF: .text:00402463�j
add eax, 124h
cmp eax, 0CD50h
jbe short loc_40245C
mov ecx, [ebp-58h]
mov eax, 0B4h
sub eax, ecx
cmp eax, [ebp-4Ch]
jnb short loc_4024B0
push eax
push offset dword_420D84
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 14h
jmp loc_4027EC
; ---------------------------------------------------------------------------
loc_4024A1: ; CODE XREF: .text:00402427�j
and dword ptr [ebp-48h], 0
jmp short loc_40245A
; ---------------------------------------------------------------------------
loc_4024A7: ; CODE XREF: .text:00402445�j
mov dword ptr [ebp-48h], 2
jmp short loc_40245A
; ---------------------------------------------------------------------------
loc_4024B0: ; CODE XREF: .text:00402481�j
add [ebp-4Ch], ecx
cmp byte ptr [ebp-41h], 0
jz loc_4025D7
mov eax, [ebp-50h]
push dword ptr [eax+8]
lea eax, [ebp-30h]
push offset dword_420B28
push 0Fh
pop ebx
push ebx
push eax
call sub_402EAE
lea eax, [ebp-30h]
add esp, 10h
lea ecx, [eax+1]
loc_4024DE: ; CODE XREF: .text:004024E3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4024DE
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push offset dword_420DAC
push eax
call sub_4039A4
add esp, 18h
cmp dword ptr [ebp-5Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_402526
push offset dword_420DB8
push ebx
push eax
call sub_402EAE
add esp, 0Ch
jmp short loc_402538
; ---------------------------------------------------------------------------
loc_402526: ; CODE XREF: .text:00402513�j
push dword ptr [ebp-5Ch]
push offset dword_420DBC
push ebx
push eax
call sub_402EAE
add esp, 10h
loc_402538: ; CODE XREF: .text:00402524�j
cmp dword ptr [ebp-60h], 0FFFFFFFFh
mov esi, offset dword_420DC8
mov edi, offset dword_420DC0
lea eax, [ebp-20h]
jnz short loc_402559
push eax
push edi
push ebx
push eax
call sub_402EAE
add esp, 10h
jmp short loc_40256B
; ---------------------------------------------------------------------------
loc_402559: ; CODE XREF: .text:00402549�j
push dword ptr [ebp-60h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402EAE
add esp, 14h
loc_40256B: ; CODE XREF: .text:00402557�j
cmp dword ptr [ebp-64h], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_402582
push eax
push edi
push ebx
push eax
call sub_402EAE
add esp, 10h
jmp short loc_402594
; ---------------------------------------------------------------------------
loc_402582: ; CODE XREF: .text:00402572�j
push dword ptr [ebp-64h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402EAE
add esp, 14h
loc_402594: ; CODE XREF: .text:00402580�j
cmp dword ptr [ebp-6Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4025AF
push eax
push offset dword_420DD0
push ebx
push eax
call sub_402EAE
add esp, 10h
jmp short loc_4025C5
; ---------------------------------------------------------------------------
loc_4025AF: ; CODE XREF: .text:0040259B�j
push dword ptr [ebp-6Ch]
push eax
push offset dword_420DD4
lea eax, [ebp-20h]
push ebx
push eax
call sub_402EAE
add esp, 14h
loc_4025C5: ; CODE XREF: .text:004025AD�j
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_4025CB: ; CODE XREF: .text:004025D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4025CB
jmp loc_4026B0
; ---------------------------------------------------------------------------
loc_4025D7: ; CODE XREF: .text:004024B7�j
push dword_4283FC
mov byte ptr [ebp-40h], 0
xor eax, eax
lea edi, [ebp-3Fh]
stosd
stosd
stosd
stosw
lea esi, [ebp-40h]
stosb
call sub_4197B6
xor eax, eax
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov eax, esi
push eax
push offset dword_420B28
push 0Fh
pop esi
lea eax, [ebp-30h]
push esi
push eax
call sub_402EAE
lea eax, [ebp-30h]
add esp, 14h
lea ecx, [eax+1]
loc_40261B: ; CODE XREF: .text:00402620�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40261B
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push offset dword_420DAC
push eax
call sub_4039A4
mov eax, [ebp-48h]
add esp, 18h
sub eax, 0
jz short loc_40268E
dec eax
jz short loc_402674
dec eax
jnz short loc_4026A3
push dword ptr [ebp-64h]
lea eax, [ebp-20h]
push dword ptr [ebp-60h]
push dword ptr [ebp-5Ch]
push offset dword_420DF4
push esi
push eax
call sub_402EAE
add esp, 18h
jmp short loc_4026A3
; ---------------------------------------------------------------------------
loc_402674: ; CODE XREF: .text:00402652�j
push dword ptr [ebp-60h]
lea eax, [ebp-20h]
push dword ptr [ebp-5Ch]
push offset dword_420DE8
push esi
push eax
call sub_402EAE
add esp, 14h
jmp short loc_4026A3
; ---------------------------------------------------------------------------
loc_40268E: ; CODE XREF: .text:0040264F�j
push dword ptr [ebp-5Ch]
lea eax, [ebp-20h]
push offset dword_420DDC
push esi
push eax
call sub_402EAE
add esp, 10h
loc_4026A3: ; CODE XREF: .text:00402655�j
; .text:00402672�j ...
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_4026A9: ; CODE XREF: .text:004026AE�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4026A9
loc_4026B0: ; CODE XREF: .text:004025D2�j
sub eax, edx
cmp byte ptr [ebp-41h], 0
mov byte ptr [ebp+eax-20h], 0
mov eax, [ebp-50h]
jz short loc_4026C5
push dword ptr [eax+0Ch]
jmp short loc_4026C8
; ---------------------------------------------------------------------------
loc_4026C5: ; CODE XREF: .text:004026BE�j
push dword ptr [eax+8]
loc_4026C8: ; CODE XREF: .text:004026C3�j
call sub_40416B
push eax
mov eax, [ebp-54h]
imul eax, 2Ch
push dword_424548[eax]
lea eax, [ebp-20h]
push eax
push offset dword_420E00
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 20h
call sub_419AEB
mov ecx, [ebp-4Ch]
cmp [ebp-58h], ecx
jnb loc_4027EC
mov eax, [ebp-58h]
imul eax, 124h
sub ecx, [ebp-58h]
mov [ebp-50h], eax
mov [ebp-4Ch], ecx
mov esi, eax
loc_40271B: ; CODE XREF: .text:004027E6�j
push 124h
lea ebx, dword_428738[esi]
lea edi, [ebx-100h]
push 0
push edi
call sub_407F20
lea eax, [ebp-30h]
push eax
push offset dword_420B28
push 0Fh
push ebx
call sub_402EAE
mov eax, ebx
add esp, 1Ch
lea ecx, [eax+1]
loc_40274D: ; CODE XREF: .text:00402752�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40274D
push dword ptr [ebp-68h]
sub eax, ecx
mov byte ptr dword_428738[esi+eax], dl
mov al, [ebp-41h]
push offset dword_420B28
mov [ebx+12h], al
mov eax, [ebp-48h]
push 0FFh
push edi
mov [ebx+18h], eax
call sub_402EAE
mov eax, edi
add esp, 10h
lea ecx, [eax+1]
loc_402784: ; CODE XREF: .text:00402789�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402784
sub eax, ecx
mov byte_428638[esi+eax], dl
mov al, [ebp+0Ch]
mov [ebx+10h], al
mov eax, [ebp-54h]
push 8
mov byte ptr [ebx+11h], 1
mov [ebx+14h], eax
call sub_40340B
pop ecx
mov [ebp-58h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_4027CF
mov ecx, edi
push offset sub_413DDD
mov edi, offset dword_420E20
mov esi, eax
call sub_414884
mov esi, [ebp-50h]
jmp short loc_4027D1
; ---------------------------------------------------------------------------
loc_4027CF: ; CODE XREF: .text:004027B5�j
xor eax, eax
loc_4027D1: ; CODE XREF: .text:004027CD�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [eax]
add esi, 124h
dec dword ptr [ebp-4Ch]
mov [ebx+20h], eax
mov [ebp-50h], esi
jnz loc_40271B
loc_4027EC: ; CODE XREF: .text:00402337�j
; .text:0040234D�j ...
call sub_404A2F
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
and dword ptr [esp], 0
push ebx
push esi
mov ebx, offset dword_435698
push edi
mov [esp+18h], ebx
loc_40280D: ; CODE XREF: .text:00402877�j
; .text:00402894�j ...
mov eax, dword_43569C
mov eax, [eax]
mov [esp+14h], eax
mov [esp+10h], ebx
loc_40281C: ; CODE XREF: .text:0040285B�j
mov eax, dword_43569C
lea edi, [esp+18h]
lea esi, [esp+10h]
mov [esp+1Ch], eax
call sub_40166F
test al, al
jz short loc_4028AF
mov edi, offset dword_420E20
call sub_40164F
mov esi, eax
add esi, 5
push 8
pop ecx
xor eax, eax
repe cmpsb
lea esi, [esp+10h]
jz short loc_40285D
lea edi, [esp+20h]
call sub_40168C
jmp short loc_40281C
; ---------------------------------------------------------------------------
loc_40285D: ; CODE XREF: .text:00402850�j
call sub_40164F
mov edi, [eax+40h]
lea esi, [esp+10h]
call sub_40164F
mov eax, [eax]
call sub_4147FC
test al, al
jz short loc_40280D
xor eax, eax
xor ecx, ecx
loc_40287D: ; CODE XREF: .text:00402892�j
cmp dword_428758[ecx], edi
jz short loc_402899
add ecx, 124h
inc eax
cmp ecx, 0CD50h
jbe short loc_40287D
jmp loc_40280D
; ---------------------------------------------------------------------------
loc_402899: ; CODE XREF: .text:00402883�j
inc dword ptr [esp+0Ch]
imul eax, 124h
mov byte_428749[eax], 0
jmp loc_40280D
; ---------------------------------------------------------------------------
loc_4028AF: ; CODE XREF: .text:00402834�j
push dword ptr [esp+0Ch]
push offset dword_420E28
push dword ptr [ebp+18h]
push dword ptr [ebp+0Ch]
push offset dword_4283FC
call sub_417B51
add esp, 14h
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-188h]
sub esp, 208h
mov eax, dword_423064
xor eax, ebp
mov [ebp+184h], eax
mov eax, [ebp+1A0h]
push esi
push edi
mov esi, 1FFh
push esi
mov [ebp-80h], eax
lea eax, [ebp-7Bh]
push 0
push eax
mov byte ptr [ebp-7Ch], 0
call sub_407F20
push offset dword_420E54
lea eax, [ebp-7Ch]
push esi
push eax
xor edi, edi
call sub_402EAE
add esp, 18h
xor eax, eax
loc_402925: ; CODE XREF: .text:00402952�j
push dword_42454C[eax]
lea eax, dword_424528[eax]
push eax
lea eax, [ebp-7Ch]
push eax
push offset dword_420E6C
push esi
push eax
call sub_402EAE
add esp, 18h
inc edi
mov eax, edi
imul eax, 2Ch
cmp dword_424548[eax], 0
jnz short loc_402925
lea eax, [ebp-7Ch]
push eax
push offset dword_420E78
push esi
push eax
call sub_402EAE
push dword_435394
lea eax, [ebp-7Ch]
push eax
push offset dword_420E88
push esi
push eax
call sub_402EAE
push dword_435388
lea eax, [ebp-7Ch]
push eax
push offset dword_420E94
push esi
push eax
call sub_402EAE
add esp, 38h
lea eax, [ebp-7Ch]
pop edi
lea edx, [eax+1]
pop esi
loc_40299B: ; CODE XREF: .text:004029A0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40299B
sub eax, edx
mov [ebp+eax-7Ch], cl
lea eax, [ebp-7Ch]
push eax
push offset dword_420B28
push dword ptr [ebp-80h]
push dword ptr [ebp+194h]
push offset dword_4283FC
call sub_417B51
mov ecx, [ebp+184h]
xor ecx, ebp
add esp, 14h
call sub_402AD0
add ebp, 188h
leave
retn 1Ch
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029DE proc near ; CODE XREF: .text:0041B7F7�p
jmp ds:dword_41D1D8
sub_4029DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029E4 proc near ; CODE XREF: .text:0041B89A�p
jmp ds:dword_41D1D4
sub_4029E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029EA proc near ; CODE XREF: .text:0041B7C7�p
; .text:0041B80A�p ...
jmp ds:dword_41D1D0
sub_4029EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029F0 proc near ; CODE XREF: .text:0041B819�p
; .text:0041B911�p ...
jmp ds:dword_41D1CC
sub_4029F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029F6 proc near ; CODE XREF: .text:0041B902�p
jmp ds:dword_41D1C8
sub_4029F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4029FC proc near ; CODE XREF: sub_414337+88�p
; sub_414337+C5�p
jmp ds:dword_41D260
sub_4029FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402A02 proc near ; CODE XREF: .text:0041B059�p
jmp ds:dword_41D1C0
sub_402A02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402A08 proc near ; CODE XREF: .text:00401C33�p
; sub_417776+24�p ...
jmp sub_40340B
sub_402A08 endp
; ---------------------------------------------------------------------------
mov dword ptr [ecx], offset off_41D348
jmp sub_40109A
; ---------------------------------------------------------------------------
loc_402A18: ; DATA XREF: c.7ld2ih:off_41D348�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D348
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_402A34
push esi
call sub_40332D
pop ecx
loc_402A34: ; CODE XREF: .text:00402A2B�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_402A3A proc near ; CODE XREF: sub_401337+D�p
push 44h
mov eax, offset loc_41C8A3
call sub_40497C
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_421C98
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D33C
call sub_40456B
int 3 ; Trap to Debugger
sub_402A3A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402A79 proc near ; CODE XREF: sub_401141+13�p
; sub_4012AC+F�p
push 44h
mov eax, offset loc_41C8A3
call sub_40497C
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_4215B0
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D348
call sub_40456B
int 3 ; Trap to Debugger
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D348
mov eax, esi
pop esi
retn 4
sub_402A79 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402AD0 proc near ; CODE XREF: .text:00401E41�p
; .text:00401FCC�p ...
cmp ecx, dword_423064
jnz short loc_402ADA
rep retn
; ---------------------------------------------------------------------------
loc_402ADA: ; CODE XREF: sub_402AD0+6�j
jmp sub_404A3E
sub_402AD0 endp
; =============== S U B R O U T I N E =======================================
sub_402ADF proc near ; CODE XREF: sub_402B96+D�p
; sub_402CB9+1A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 0
jnz short loc_402B51
call sub_40574D
mov [esi+8], eax
mov ecx, [eax+6Ch]
mov [esi], ecx
mov ecx, [eax+68h]
mov [esi+4], ecx
mov ecx, [esi]
cmp ecx, dword_423678
jz short loc_402B1D
mov ecx, dword_423594
test [eax+70h], ecx
jnz short loc_402B1D
call sub_405461
mov [esi], eax
loc_402B1D: ; CODE XREF: sub_402ADF+2A�j
; sub_402ADF+35�j
mov eax, [esi+4]
cmp eax, dword_423498
jz short loc_402B3E
mov eax, [esi+8]
mov ecx, dword_423594
test [eax+70h], ecx
jnz short loc_402B3E
call sub_404D50
mov [esi+4], eax
loc_402B3E: ; CODE XREF: sub_402ADF+47�j
; sub_402ADF+55�j
mov eax, [esi+8]
test byte ptr [eax+70h], 2
jnz short loc_402B5B
or dword ptr [eax+70h], 2
mov byte ptr [esi+0Ch], 1
jmp short loc_402B5B
; ---------------------------------------------------------------------------
loc_402B51: ; CODE XREF: sub_402ADF+D�j
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
loc_402B5B: ; CODE XREF: sub_402ADF+66�j
; sub_402ADF+70�j
mov eax, esi
pop esi
retn 4
sub_402ADF endp
; =============== S U B R O U T I N E =======================================
sub_402B61 proc near ; CODE XREF: sub_402B96+86�p
; sub_402C69+39�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_402B6B: ; CODE XREF: sub_402B61+2E�j
movzx eax, byte ptr [esi]
lea ecx, [eax-41h]
inc esi
cmp ecx, 19h
ja short loc_402B7A
add eax, 20h
loc_402B7A: ; CODE XREF: sub_402B61+14�j
movzx ecx, byte ptr [edx]
lea edi, [ecx-41h]
inc edx
cmp edi, 19h
ja short loc_402B89
add ecx, 20h
loc_402B89: ; CODE XREF: sub_402B61+23�j
test eax, eax
jz short loc_402B91
cmp eax, ecx
jz short loc_402B6B
loc_402B91: ; CODE XREF: sub_402B61+2A�j
pop edi
sub eax, ecx
pop esi
retn
sub_402B61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B96 proc near ; CODE XREF: sub_402C69+45�p
; sub_40EB4A+8F�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_10]
call sub_402ADF
xor ebx, ebx
cmp [ebp+arg_0], ebx
jnz short loc_402BDD
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402BD3
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402BD3: ; CODE XREF: sub_402B96+34�j
mov eax, 7FFFFFFFh
jmp loc_402C66
; ---------------------------------------------------------------------------
loc_402BDD: ; CODE XREF: sub_402B96+17�j
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
jnz short loc_402C10
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402C09
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402C09: ; CODE XREF: sub_402B96+6A�j
mov eax, 7FFFFFFFh
jmp short loc_402C65
; ---------------------------------------------------------------------------
loc_402C10: ; CODE XREF: sub_402B96+4D�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_402C25
push edi
push [ebp+arg_0]
call sub_402B61
pop ecx
pop ecx
jmp short loc_402C59
; ---------------------------------------------------------------------------
loc_402C25: ; CODE XREF: sub_402B96+80�j
push esi
loc_402C26: ; CODE XREF: sub_402B96+BC�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_405A0A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_405A0A
add esp, 10h
inc edi
cmp esi, ebx
jz short loc_402C54
cmp esi, eax
jz short loc_402C26
loc_402C54: ; CODE XREF: sub_402B96+B8�j
sub esi, eax
mov eax, esi
pop esi
loc_402C59: ; CODE XREF: sub_402B96+8D�j
cmp [ebp+var_4], bl
jz short loc_402C65
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_402C65: ; CODE XREF: sub_402B96+78�j
; sub_402B96+C6�j
pop edi
loc_402C66: ; CODE XREF: sub_402B96+42�j
pop ebx
leave
retn
sub_402B96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C69 proc near ; CODE XREF: sub_417E66+34�p
; sub_417E66+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_427820, esi
jnz short loc_402CA7
cmp [ebp+arg_0], esi
jnz short loc_402C9B
loc_402C7C: ; CODE XREF: sub_402C69+35�j
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_402CB6
; ---------------------------------------------------------------------------
loc_402C9B: ; CODE XREF: sub_402C69+11�j
cmp [ebp+arg_4], esi
jz short loc_402C7C
pop esi
pop ebp
jmp sub_402B61
; ---------------------------------------------------------------------------
loc_402CA7: ; CODE XREF: sub_402C69+C�j
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402B96
add esp, 0Ch
loc_402CB6: ; CODE XREF: sub_402C69+30�j
pop esi
pop ebp
retn
sub_402C69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CB9 proc near ; CODE XREF: sub_402DA9+51�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
jz loc_402DA2
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_402ADF
cmp [ebp+arg_0], ebx
jnz short loc_402D0B
loc_402CDD: ; CODE XREF: sub_402CB9+57�j
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402D01
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402D01: ; CODE XREF: sub_402CB9+3F�j
mov eax, 7FFFFFFFh
jmp loc_402DA4
; ---------------------------------------------------------------------------
loc_402D0B: ; CODE XREF: sub_402CB9+22�j
mov edi, [ebp+arg_4]
cmp edi, ebx
jz short loc_402CDD
mov esi, 7FFFFFFFh
cmp [ebp+arg_8], esi
jbe short loc_402D44
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402D40
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402D40: ; CODE XREF: sub_402CB9+7E�j
mov eax, esi
jmp short loc_402DA4
; ---------------------------------------------------------------------------
loc_402D44: ; CODE XREF: sub_402CB9+61�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_402D69
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_405BD0
add esp, 0Ch
loc_402D5B: ; CODE XREF: sub_402CB9+E7�j
cmp [ebp+var_4], bl
jz short loc_402DA4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_402DA4
; ---------------------------------------------------------------------------
loc_402D69: ; CODE XREF: sub_402CB9+91�j
; sub_402CB9+E1�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_405A0A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_405A0A
add esp, 10h
inc edi
dec [ebp+arg_8]
jz short loc_402D9C
cmp esi, ebx
jz short loc_402D9C
cmp esi, eax
jz short loc_402D69
loc_402D9C: ; CODE XREF: sub_402CB9+D9�j
; sub_402CB9+DD�j
sub esi, eax
mov eax, esi
jmp short loc_402D5B
; ---------------------------------------------------------------------------
loc_402DA2: ; CODE XREF: sub_402CB9+E�j
xor eax, eax
loc_402DA4: ; CODE XREF: sub_402CB9+4D�j
; sub_402CB9+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_402CB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DA9 proc near ; CODE XREF: sub_41A28F+D3�p
; sub_41A45D+176�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_427820, esi
jnz short loc_402DF0
cmp [ebp+arg_0], esi
jnz short loc_402DDB
loc_402DBC: ; CODE XREF: sub_402DA9+35�j
; sub_402DA9+3E�j
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_402E02
; ---------------------------------------------------------------------------
loc_402DDB: ; CODE XREF: sub_402DA9+11�j
cmp [ebp+arg_4], esi
jz short loc_402DBC
cmp [ebp+arg_8], 7FFFFFFFh
ja short loc_402DBC
pop esi
pop ebp
jmp sub_405BD0
; ---------------------------------------------------------------------------
loc_402DF0: ; CODE XREF: sub_402DA9+C�j
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402CB9
add esp, 10h
loc_402E02: ; CODE XREF: sub_402DA9+30�j
pop esi
pop ebp
retn
sub_402DA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E05 proc near ; CODE XREF: .text:00401C3B�p
; .text:00401C5D�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421618
call __SEH_prolog4
xor eax, eax
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
setnz al
cmp eax, edi
jnz short loc_402E3E
call sub_405B83
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402E91
; ---------------------------------------------------------------------------
loc_402E3E: ; CODE XREF: sub_402E05+1A�j
cmp dword_436854, 3
jnz short loc_402E7F
push 4
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405ED5
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_402E6B
mov esi, [ebx-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_402E6E
; ---------------------------------------------------------------------------
loc_402E6B: ; CODE XREF: sub_402E05+59�j
mov esi, [ebp+var_1C]
loc_402E6E: ; CODE XREF: sub_402E05+64�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402E9F
cmp [ebp+var_20], edi
jnz short loc_402E8F
loc_402E7F: ; CODE XREF: sub_402E05+40�j
push ebx
push edi
push dword_4279A8
call ds:off_41D190
mov esi, eax
loc_402E8F: ; CODE XREF: sub_402E05+78�j
mov eax, esi
loc_402E91: ; CODE XREF: sub_402E05+37�j
call __SEH_epilog4
retn
sub_402E05 endp
; ---------------------------------------------------------------------------
xor edi, edi
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
; =============== S U B R O U T I N E =======================================
sub_402E9F proc near ; CODE XREF: sub_402E05+70�p
push 4
call sub_405CCF
pop ecx
retn
sub_402E9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402EA8 proc near ; CODE XREF: sub_41A690+54�p
jmp ds:off_41D194
sub_402EA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EAE proc near ; CODE XREF: .text:00401879�p
; .text:004018AA�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_402ED9
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402F58
; ---------------------------------------------------------------------------
loc_402ED9: ; CODE XREF: sub_402EAE+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_402F05
cmp esi, ebx
jnz short loc_402F05
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402F57
; ---------------------------------------------------------------------------
loc_402F05: ; CODE XREF: sub_402EAE+34�j
; sub_402EAE+38�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_402F14
mov [ebp+var_1C], ecx
loc_402F14: ; CODE XREF: sub_402EAE+61�j
push edi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_406D87
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_402F56
dec [ebp+var_1C]
js short loc_402F48
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_402F54
; ---------------------------------------------------------------------------
loc_402F48: ; CODE XREF: sub_402EAE+91�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_406B86
pop ecx
pop ecx
loc_402F54: ; CODE XREF: sub_402EAE+98�j
mov eax, edi
loc_402F56: ; CODE XREF: sub_402EAE+8C�j
pop edi
loc_402F57: ; CODE XREF: sub_402EAE+55�j
pop esi
loc_402F58: ; CODE XREF: sub_402EAE+29�j
pop ebx
leave
retn
sub_402EAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402F5B proc near ; CODE XREF: .text:00401CEC�p
; sub_417776+15F�p ...
jmp sub_40332D
sub_402F5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F60 proc near ; CODE XREF: sub_40101C+F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push esi
push edi
xor edi, edi
cmp eax, edi
jz short loc_402FB5
cmp [ebp+arg_0], edi
jnz short loc_402F8E
loc_402F73: ; CODE XREF: sub_402F60+31�j
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_402F7D: ; CODE XREF: sub_402F60+44�j
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_402FB7
; ---------------------------------------------------------------------------
loc_402F8E: ; CODE XREF: sub_402F60+11�j
cmp [ebp+arg_8], edi
jz short loc_402F73
cmp [ebp+arg_4], eax
jnb short loc_402FA6
call sub_405B83
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402F7D
; ---------------------------------------------------------------------------
loc_402FA6: ; CODE XREF: sub_402F60+36�j
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407720
add esp, 0Ch
loc_402FB5: ; CODE XREF: sub_402F60+C�j
xor eax, eax
loc_402FB7: ; CODE XREF: sub_402F60+2C�j
pop edi
pop esi
pop ebp
retn
sub_402F60 endp
; =============== S U B R O U T I N E =======================================
sub_402FBB proc near ; CODE XREF: sub_401065+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_41D37C
retn
sub_402FBB endp
; =============== S U B R O U T I N E =======================================
sub_402FCC proc near ; CODE XREF: sub_4015ED+2F�p
; sub_40BDB6+15D�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, ecx
mov dword ptr [edi], offset off_41D37C
mov eax, [ebx]
test eax, eax
jz short loc_403007
push eax
call sub_4044E0
mov esi, eax
inc esi
push esi
call sub_403AA0
test eax, eax
pop ecx
pop ecx
mov [edi+4], eax
jz short loc_40300B
push dword ptr [ebx]
push esi
push eax
call sub_407A85
add esp, 0Ch
jmp short loc_40300B
; ---------------------------------------------------------------------------
loc_403007: ; CODE XREF: sub_402FCC+13�j
and dword ptr [edi+4], 0
loc_40300B: ; CODE XREF: sub_402FCC+2B�j
; sub_402FCC+39�j
mov dword ptr [edi+8], 1
mov eax, edi
pop edi
pop esi
pop ebx
retn 4
sub_402FCC endp
; =============== S U B R O U T I N E =======================================
sub_40301A proc near ; CODE XREF: sub_4033F2+A�p
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov dword ptr [eax], offset off_41D37C
mov ecx, [ecx]
and dword ptr [eax+8], 0
mov [eax+4], ecx
retn 8
sub_40301A endp
; =============== S U B R O U T I N E =======================================
sub_403032 proc near ; CODE XREF: sub_4013E6+15�p
; sub_4015ED+51�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D37C
mov eax, [ebx+8]
mov [esi+8], eax
test eax, eax
mov eax, [ebx+4]
push edi
jz short loc_40307F
test eax, eax
jz short loc_403079
push eax
call sub_4044E0
mov edi, eax
inc edi
push edi
call sub_403AA0
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_403082
push dword ptr [ebx+4]
push edi
push eax
call sub_407A85
add esp, 0Ch
jmp short loc_403082
; ---------------------------------------------------------------------------
loc_403079: ; CODE XREF: sub_403032+1E�j
and dword ptr [esi+4], 0
jmp short loc_403082
; ---------------------------------------------------------------------------
loc_40307F: ; CODE XREF: sub_403032+1A�j
mov [esi+4], eax
loc_403082: ; CODE XREF: sub_403032+36�j
; sub_403032+45�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn 4
sub_403032 endp
; =============== S U B R O U T I N E =======================================
sub_40308A proc near ; CODE XREF: .text:0040103E�j
; .text:0040104C�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41D37C
jz short locret_40309F
push dword ptr [ecx+4]
call sub_4039C3
pop ecx
locret_40309F: ; CODE XREF: sub_40308A+A�j
retn
sub_40308A endp
; =============== S U B R O U T I N E =======================================
sub_4030A0 proc near ; DATA XREF: c.7ld2ih:0041D328�o
; c.7ld2ih:0041D380�o ...
mov eax, [ecx+4]
test eax, eax
jnz short locret_4030AC
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_4030AC: ; CODE XREF: sub_4030A0+5�j
retn
sub_4030A0 endp
; ---------------------------------------------------------------------------
loc_4030AD: ; DATA XREF: c.7ld2ih:off_41D37C�o
push esi
mov esi, ecx
call sub_40308A
test byte ptr [esp+8], 1
jz short loc_4030C3
push esi
call sub_40332D
pop ecx
loc_4030C3: ; CODE XREF: .text:004030BA�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4030C9 proc near ; CODE XREF: sub_4031A5+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
push dword_436830
call sub_405543
push dword_43682C
mov esi, eax
mov [esp+1Ch+var_4], esi
call sub_405543
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jb short loc_40316E
mov ebx, edi
sub ebx, esi
lea ebp, [ebx+4]
cmp ebp, 4
jb short loc_40316E
push esi
call sub_402E05
mov esi, eax
cmp esi, ebp
pop ecx
jnb short loc_403155
mov eax, 800h
cmp esi, eax
jnb short loc_403116
mov eax, esi
loc_403116: ; CODE XREF: sub_4030C9+49�j
add eax, esi
cmp eax, esi
jb short loc_40312C
push eax
push [esp+18h+var_4]
call sub_407B72
test eax, eax
pop ecx
pop ecx
jnz short loc_403143
loc_40312C: ; CODE XREF: sub_4030C9+51�j
lea eax, [esi+10h]
cmp eax, esi
jb short loc_40316E
push eax
push [esp+18h+var_4]
call sub_407B72
test eax, eax
pop ecx
pop ecx
jz short loc_40316E
loc_403143: ; CODE XREF: sub_4030C9+61�j
sar ebx, 2
push eax
lea edi, [eax+ebx*4]
call sub_4054D7
pop ecx
mov dword_436830, eax
loc_403155: ; CODE XREF: sub_4030C9+40�j
mov esi, [esp+14h+arg_0]
mov [edi], esi
add edi, 4
push edi
call sub_4054D7
mov dword_43682C, eax
pop ecx
mov eax, esi
jmp short loc_403170
; ---------------------------------------------------------------------------
loc_40316E: ; CODE XREF: sub_4030C9+27�j
; sub_4030C9+33�j ...
xor eax, eax
loc_403170: ; CODE XREF: sub_4030C9+A3�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_4030C9 endp
; =============== S U B R O U T I N E =======================================
sub_403176 proc near ; DATA XREF: c.7ld2ih:0041D2D4�o
push esi
push 4
push 20h
call sub_407B2A
mov esi, eax
push esi
call sub_4054D7
add esp, 0Ch
test esi, esi
mov dword_436830, eax
mov dword_43682C, eax
jnz short loc_40319E
push 18h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40319E: ; CODE XREF: sub_403176+21�j
and dword ptr [esi], 0
xor eax, eax
pop esi
retn
sub_403176 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4031A5 proc near ; CODE XREF: sub_4031E1+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421638
call __SEH_prolog4
call sub_407C6C
and [ebp+ms_exc.disabled], 0
push [ebp+arg_0]
call sub_4030C9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4031DB
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_4031A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031DB proc near ; CODE XREF: sub_4031A5+28�p
call sub_407C75
retn
sub_4031DB endp
; =============== S U B R O U T I N E =======================================
sub_4031E1 proc near ; CODE XREF: sub_40340B+45�p
; sub_407D29+44�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4031A5
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_4031E1 endp
; =============== S U B R O U T I N E =======================================
sub_4031F3 proc near ; CODE XREF: sub_407EC9+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4274C0, eax
retn
sub_4031F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_4031FD proc near ; CODE XREF: sub_4032F9+1F�j
; sub_405DD8+21�p ...
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
push esi
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407F20
lea eax, [ebp+2A8h+var_328]
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
add esp, 0Ch
mov [ebp+2A8h+var_328], 0C000000Dh
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call ds:off_41D08C
push 0
mov esi, eax
call ds:off_41D19C
lea eax, [ebp+2A8h+var_2D8]
push eax
call ds:off_41D198
test eax, eax
jnz short loc_4032D1
test esi, esi
jnz short loc_4032D1
push 2
call sub_407F15
pop ecx
loc_4032D1: ; CODE XREF: sub_4031FD+C6�j
; sub_4031FD+CA�j
push 0C000000Dh
call ds:off_41D0C8
push eax
call ds:off_41D0F4
mov ecx, [ebp+2A8h+var_4]
xor ecx, ebp
pop esi
call sub_402AD0
add ebp, 2A8h
leave
retn
sub_4031FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032F9 proc near ; CODE XREF: sub_402B96+29�p
; sub_402B96+5F�p ...
push ebp
mov ebp, esp
push dword_4274C0
call sub_405543
test eax, eax
pop ecx
jz short loc_40330F
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_40330F: ; CODE XREF: sub_4032F9+11�j
push 2
call sub_407F15
pop ecx
pop ebp
jmp sub_4031FD
sub_4032F9 endp
; =============== S U B R O U T I N E =======================================
sub_40331D proc near ; CODE XREF: sub_40164F+5�p
; sub_40164F+14�p ...
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_4032F9
add esp, 14h
retn
sub_40331D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40332D proc near ; CODE XREF: .text:00401059�p
; .text:004010D5�p ...
jmp sub_4039C3
sub_40332D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403332 proc near ; CODE XREF: sub_401000+F�p
; sub_403EE2+84�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_C]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_403344
loc_403340: ; CODE XREF: sub_403332+4B�j
xor eax, eax
jmp short loc_4033A9
; ---------------------------------------------------------------------------
loc_403344: ; CODE XREF: sub_403332+C�j
cmp [ebp+arg_0], edi
jnz short loc_403364
loc_403349: ; CODE XREF: sub_403332+5F�j
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_403353: ; CODE XREF: sub_403332+72�j
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_4033A9
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_403332+15�j
cmp [ebp+arg_8], edi
jz short loc_40337F
cmp [ebp+arg_4], esi
jb short loc_40337F
push esi
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407FA0
add esp, 0Ch
jmp short loc_403340
; ---------------------------------------------------------------------------
loc_40337F: ; CODE XREF: sub_403332+35�j
; sub_403332+3A�j
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_407F20
add esp, 0Ch
cmp [ebp+arg_8], edi
jz short loc_403349
cmp [ebp+arg_4], esi
jnb short loc_4033A6
call sub_405B83
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_403353
; ---------------------------------------------------------------------------
loc_4033A6: ; CODE XREF: sub_403332+64�j
push 16h
pop eax
loc_4033A9: ; CODE XREF: sub_403332+10�j
; sub_403332+30�j
pop edi
pop esi
pop ebp
retn
sub_403332 endp
; =============== S U B R O U T I N E =======================================
sub_4033AD proc near ; CODE XREF: .text:004033BE�p
push ecx
mov dword ptr [ecx], offset off_41D39C
call sub_408305
pop ecx
retn
sub_4033AD endp
; ---------------------------------------------------------------------------
loc_4033BB: ; DATA XREF: c.7ld2ih:off_41D39C�o
push esi
mov esi, ecx
call sub_4033AD
test byte ptr [esp+8], 1
jz short loc_4033D1
push esi
call sub_40332D
pop ecx
loc_4033D1: ; CODE XREF: .text:004033C8�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4033D7 proc near ; CODE XREF: sub_40BDB6+12D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add ecx, 9
push ecx
add eax, 9
push eax
call sub_408380
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
retn 4
sub_4033D7 endp
; =============== S U B R O U T I N E =======================================
sub_4033F2 proc near ; CODE XREF: sub_40340B+3B�p
push esi
push 1
push offset dword_423048
mov esi, ecx
call sub_40301A
mov dword ptr [esi], offset off_41D324
mov eax, esi
pop esi
retn
sub_4033F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40340B proc near ; CODE XREF: sub_401291+5�p
; sub_401395+5�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
jmp short loc_403420
; ---------------------------------------------------------------------------
loc_403413: ; CODE XREF: sub_40340B+20�j
push [ebp+arg_0]
call sub_408412
test eax, eax
pop ecx
jz short loc_40342F
loc_403420: ; CODE XREF: sub_40340B+6�j
push [ebp+arg_0]
call sub_403AA0
test eax, eax
pop ecx
jz short loc_403413
leave
retn
; ---------------------------------------------------------------------------
loc_40342F: ; CODE XREF: sub_40340B+13�j
test byte ptr dword_4274D0, 1
mov esi, offset dword_4274C4
jnz short loc_403456
or dword_4274D0, 1
mov ecx, esi
call sub_4033F2
push offset loc_41CD31
call sub_4031E1
pop ecx
loc_403456: ; CODE XREF: sub_40340B+30�j
push esi
lea ecx, [ebp+var_C]
call sub_403032
push offset dword_421CD0
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D324
call sub_40456B
int 3 ; Trap to Debugger
sub_40340B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403475 proc near ; CODE XREF: sub_4198AD+84�p
; sub_4198AD+102�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
jnz short loc_4034A0
loc_403483: ; CODE XREF: sub_403475+30�j
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4034ED
; ---------------------------------------------------------------------------
loc_4034A0: ; CODE XREF: sub_403475+C�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_403483
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
call sub_406D87
add esp, 10h
dec [ebp+var_1C]
mov esi, eax
js short loc_4034DE
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_4034EA
; ---------------------------------------------------------------------------
loc_4034DE: ; CODE XREF: sub_403475+60�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_406B86
pop ecx
pop ecx
loc_4034EA: ; CODE XREF: sub_403475+67�j
mov eax, esi
pop esi
loc_4034ED: ; CODE XREF: sub_403475+29�j
pop ebx
leave
retn
sub_403475 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034F0 proc near ; CODE XREF: sub_4035B4+A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset dword_421658
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov edi, [ebp+arg_0]
cmp edi, ebx
setnz al
cmp eax, ebx
jnz short loc_40352B
loc_40350F: ; CODE XREF: sub_4034F0+47�j
; sub_4034F0+52�j
call sub_405B83
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
loc_403527: ; CODE XREF: sub_4034F0+6B�j
; sub_4034F0+92�j
xor eax, eax
jmp short loc_4035A4
; ---------------------------------------------------------------------------
loc_40352B: ; CODE XREF: sub_4034F0+1D�j
xor eax, eax
mov esi, [ebp+arg_4]
cmp esi, ebx
setnz al
cmp eax, ebx
jz short loc_40350F
xor eax, eax
cmp [esi], bl
setnz al
cmp eax, ebx
jz short loc_40350F
call sub_408851
mov [ebp+arg_0], eax
cmp eax, ebx
jnz short loc_40355D
call sub_405B83
mov dword ptr [eax], 18h
jmp short loc_403527
; ---------------------------------------------------------------------------
loc_40355D: ; CODE XREF: sub_4034F0+5E�j
mov [ebp+ms_exc.disabled], ebx
cmp [edi], bl
jnz short loc_403584
call sub_405B83
mov dword ptr [eax], 16h
push 0FFFFFFFEh
lea eax, [ebp+ms_exc.prev_er]
push eax
push offset dword_423064
call sub_408978
add esp, 0Ch
jmp short loc_403527
; ---------------------------------------------------------------------------
loc_403584: ; CODE XREF: sub_4034F0+72�j
push eax
push [ebp+arg_8]
push esi
push edi
call sub_4085AF
add esp, 10h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4035AA
mov eax, [ebp+var_1C]
loc_4035A4: ; CODE XREF: sub_4034F0+39�j
call __SEH_epilog4
retn
sub_4034F0 endp
; =============== S U B R O U T I N E =======================================
sub_4035AA proc near ; CODE XREF: sub_4034F0+AC�p
push dword ptr [ebp+8]
call sub_40855D
pop ecx
retn
sub_4035AA endp
; =============== S U B R O U T I N E =======================================
sub_4035B4 proc near ; CODE XREF: sub_4198AD+116�p
; sub_41B981+4E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4034F0
add esp, 0Ch
retn
sub_4035B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035C7 proc near ; CODE XREF: sub_4198AD+131�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 0Ch
push offset dword_421678
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov esi, [ebp+arg_0]
cmp esi, ebx
setnz al
cmp eax, ebx
jnz short loc_403606
loc_4035E6: ; CODE XREF: sub_4035C7+49�j
call sub_405B83
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403706
; ---------------------------------------------------------------------------
loc_403606: ; CODE XREF: sub_4035C7+1D�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
cmp eax, ebx
jz short loc_4035E6
mov [ebp+arg_0], esi
push esi
call sub_40850B
pop ecx
mov [ebp+ms_exc.disabled], ebx
test byte ptr [esi+0Ch], 40h
jnz loc_4036CF
push esi
call sub_408DD0
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_403663
push esi
call sub_408DD0
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_403663
push esi
call sub_408DD0
sar eax, 5
lea edi, ds:435700h[eax*4]
push esi
call sub_408DD0
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_403668
; ---------------------------------------------------------------------------
loc_403663: ; CODE XREF: sub_4035C7+6C�j
; sub_4035C7+78�j
mov eax, offset dword_423BD0
loc_403668: ; CODE XREF: sub_4035C7+9A�j
test byte ptr [eax+24h], 7Fh
jnz short loc_4036B3
push esi
call sub_408DD0
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4036A8
push esi
call sub_408DD0
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4036A8
push esi
call sub_408DD0
sar eax, 5
lea edi, ds:435700h[eax*4]
push esi
call sub_408DD0
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4036AD
; ---------------------------------------------------------------------------
loc_4036A8: ; CODE XREF: sub_4035C7+B1�j
; sub_4035C7+BD�j
mov eax, offset dword_423BD0
loc_4036AD: ; CODE XREF: sub_4035C7+DF�j
test byte ptr [eax+24h], 80h
jz short loc_4036CF
loc_4036B3: ; CODE XREF: sub_4035C7+A5�j
call sub_405B83
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
or [ebp+var_1C], 0FFFFFFFFh
loc_4036CF: ; CODE XREF: sub_4035C7+5C�j
; sub_4035C7+EA�j
cmp [ebp+var_1C], ebx
jnz short loc_4036F7
push esi
call sub_408ACB
mov edi, eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
push esi
call sub_406D87
mov [ebp+var_1C], eax
push esi
push edi
call sub_408B61
add esp, 1Ch
loc_4036F7: ; CODE XREF: sub_4035C7+10B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40370C
mov eax, [ebp+var_1C]
loc_403706: ; CODE XREF: sub_4035C7+3A�j
call __SEH_epilog4
retn
sub_4035C7 endp
; =============== S U B R O U T I N E =======================================
sub_40370C proc near ; CODE XREF: sub_4035C7+137�p
push dword ptr [ebp+8]
call sub_40855D
pop ecx
retn
sub_40370C endp
; =============== S U B R O U T I N E =======================================
sub_403716 proc near ; CODE XREF: sub_417C7B+4F�p
; .text:0041B1B6�p
arg_0 = dword ptr 4
call sub_40574D
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_403716 endp
; =============== S U B R O U T I N E =======================================
sub_403723 proc near ; CODE XREF: sub_417C7B:loc_417DF7�p
; sub_4198AD+A7�p ...
call sub_40574D
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_403723 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403745 proc near ; CODE XREF: sub_4037F6+12�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_403773
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_4037F3
; ---------------------------------------------------------------------------
loc_403773: ; CODE XREF: sub_403745+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_40379F
cmp esi, ebx
jnz short loc_40379F
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4037F2
; ---------------------------------------------------------------------------
loc_40379F: ; CODE XREF: sub_403745+37�j
; sub_403745+3B�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_4037AE
mov [ebp+var_1C], ecx
loc_4037AE: ; CODE XREF: sub_403745+64�j
push edi
push [ebp+arg_10]
lea eax, [ebp+var_20]
push [ebp+arg_C]
mov [ebp+var_14], 42h
push [ebp+arg_8]
mov [ebp+var_18], esi
push eax
mov [ebp+var_20], esi
call sub_406D87
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_4037F1
dec [ebp+var_1C]
js short loc_4037E3
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_4037EF
; ---------------------------------------------------------------------------
loc_4037E3: ; CODE XREF: sub_403745+95�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_406B86
pop ecx
pop ecx
loc_4037EF: ; CODE XREF: sub_403745+9C�j
mov eax, edi
loc_4037F1: ; CODE XREF: sub_403745+90�j
pop edi
loc_4037F2: ; CODE XREF: sub_403745+58�j
pop esi
loc_4037F3: ; CODE XREF: sub_403745+29�j
pop ebx
leave
retn
sub_403745 endp
; =============== S U B R O U T I N E =======================================
sub_4037F6 proc near ; CODE XREF: sub_417ABC+3E�p
; sub_417B51+7C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push 0
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_403745
add esp, 14h
retn
sub_4037F6 endp
; =============== S U B R O U T I N E =======================================
sub_403811 proc near ; CODE XREF: sub_403884+5A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
xor edi, edi
or ebx, 0FFFFFFFFh
cmp esi, edi
jnz short loc_40383E
call sub_405B83
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_403880
; ---------------------------------------------------------------------------
loc_40383E: ; CODE XREF: sub_403811+E�j
test byte ptr [esi+0Ch], 83h
jz short loc_40387B
push esi
call sub_408F8A
push esi
mov ebx, eax
call sub_408F5E
push esi
call sub_408DD0
push eax
call sub_408E91
add esp, 10h
test eax, eax
jge short loc_40386A
or ebx, 0FFFFFFFFh
jmp short loc_40387B
; ---------------------------------------------------------------------------
loc_40386A: ; CODE XREF: sub_403811+52�j
mov eax, [esi+1Ch]
cmp eax, edi
jz short loc_40387B
push eax
call sub_4039C3
pop ecx
mov [esi+1Ch], edi
loc_40387B: ; CODE XREF: sub_403811+31�j
; sub_403811+57�j ...
mov [esi+0Ch], edi
mov eax, ebx
loc_403880: ; CODE XREF: sub_403811+2B�j
pop edi
pop esi
pop ebx
retn
sub_403811 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403884 proc near ; CODE XREF: sub_40E383+43�p
; sub_4198AD+137�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421698
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor eax, eax
mov esi, [ebp+arg_0]
xor edi, edi
cmp esi, edi
setnz al
cmp eax, edi
jnz short loc_4038C1
call sub_405B83
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4038CD
; ---------------------------------------------------------------------------
loc_4038C1: ; CODE XREF: sub_403884+1E�j
test byte ptr [esi+0Ch], 40h
jz short loc_4038D3
mov [esi+0Ch], edi
loc_4038CA: ; CODE XREF: sub_403884+6F�j
mov eax, [ebp+var_1C]
loc_4038CD: ; CODE XREF: sub_403884+3B�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4038D3: ; CODE XREF: sub_403884+41�j
push esi
call sub_40850B
pop ecx
mov [ebp+ms_exc.disabled], edi
push esi
call sub_403811
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4038F8
jmp short loc_4038CA
sub_403884 endp
; ---------------------------------------------------------------------------
mov esi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_4038F8 proc near ; CODE XREF: sub_403884+6A�p
push esi
call sub_40855D
pop ecx
retn
sub_4038F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403900 proc near ; CODE XREF: .text:00419AB0�p
; sub_419AEB+13�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:off_41D1A0
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_409120
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_40393A
mov [ecx], eax
mov [ecx+4], edx
locret_40393A: ; CODE XREF: sub_403900+33�j
leave
retn
sub_403900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40393C proc near ; CODE XREF: sub_4039A4+15�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push esi
call sub_4044E0
xor edi, edi
cmp esi, edi
pop ecx
jnz short loc_40396D
loc_403950: ; CODE XREF: sub_40393C+34�j
call sub_405B83
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4039A1
; ---------------------------------------------------------------------------
loc_40396D: ; CODE XREF: sub_40393C+12�j
cmp [ebp+arg_4], edi
jz short loc_403950
mov ecx, 7FFFFFFFh
cmp eax, ecx
mov [ebp+var_14], 49h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
mov [ebp+var_1C], ecx
ja short loc_40398E
mov [ebp+var_1C], eax
loc_40398E: ; CODE XREF: sub_40393C+4D�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call [ebp+arg_0]
add esp, 10h
loc_4039A1: ; CODE XREF: sub_40393C+2F�j
pop edi
leave
retn
sub_40393C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4039A4 proc near ; CODE XREF: .text:00402504�p
; .text:00402641�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
lea eax, [esp+4+arg_8]
push eax
push 0
push [esp+0Ch+arg_4]
push offset sub_409217
call sub_40393C
add esp, 10h
pop esi
retn
sub_4039A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039C3 proc near ; CODE XREF: sub_40308A+F�p sub_40332D�j ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00403A22 SIZE 0000002F BYTES
push 0Ch
push offset dword_4216B8
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_403A4B
cmp dword_436854, 3
jnz short loc_403A22
push 4
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_405ED5
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_403A02
push esi
push eax
call sub_405F00
pop ecx
pop ecx
loc_403A02: ; CODE XREF: sub_4039C3+34�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403A19
cmp [ebp+var_1C], 0
jnz short loc_403A4B
push [ebp+arg_0]
jmp short loc_403A23
sub_4039C3 endp
; =============== S U B R O U T I N E =======================================
sub_403A19 proc near ; CODE XREF: sub_4039C3+46�p
push 4
call sub_405CCF
pop ecx
retn
sub_403A19 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4039C3
loc_403A22: ; CODE XREF: sub_4039C3+1A�j
push esi
loc_403A23: ; CODE XREF: sub_4039C3+54�j
push 0
push dword_4279A8
call ds:off_41D108
test eax, eax
jnz short loc_403A4B
call sub_405B83
mov esi, eax
call ds:off_41D0EC
push eax
call sub_405B48
mov [esi], eax
pop ecx
loc_403A4B: ; CODE XREF: sub_4039C3+11�j
; sub_4039C3+4F�j ...
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_4039C3
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A51 proc near ; CODE XREF: sub_403AA0+59�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_4216D8
call __SEH_prolog4
and [ebp+var_1C], 0
mov esi, [ebp+arg_0]
cmp esi, dword_436844
ja short loc_403A8E
push 4
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_4066A9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403A97
loc_403A8E: ; CODE XREF: sub_403A51+19�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_403A51 endp
; =============== S U B R O U T I N E =======================================
sub_403A97 proc near ; CODE XREF: sub_403A51+38�p
push 4
call sub_405CCF
pop ecx
retn
sub_403A97 endp
; =============== S U B R O U T I N E =======================================
sub_403AA0 proc near ; CODE XREF: sub_402FCC+1F�p
; sub_403032+2A�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
cmp ebp, 0FFFFFFE0h
ja loc_403B4D
push ebx
mov ebx, ds:off_41D110
push esi
push edi
loc_403AB7: ; CODE XREF: sub_403AA0+94�j
xor esi, esi
cmp dword_4279A8, esi
mov edi, ebp
jnz short loc_403ADB
call sub_40A004
push 1Eh
call sub_409E64
push 0FFh
call sub_407C57
pop ecx
pop ecx
loc_403ADB: ; CODE XREF: sub_403AA0+21�j
mov eax, dword_436854
cmp eax, 1
jnz short loc_403AF3
cmp ebp, esi
jz short loc_403AED
mov eax, ebp
jmp short loc_403AF0
; ---------------------------------------------------------------------------
loc_403AED: ; CODE XREF: sub_403AA0+47�j
xor eax, eax
inc eax
loc_403AF0: ; CODE XREF: sub_403AA0+4B�j
push eax
jmp short loc_403B11
; ---------------------------------------------------------------------------
loc_403AF3: ; CODE XREF: sub_403AA0+43�j
cmp eax, 3
jnz short loc_403B03
push ebp
call sub_403A51
cmp eax, esi
pop ecx
jnz short loc_403B1A
loc_403B03: ; CODE XREF: sub_403AA0+56�j
cmp ebp, esi
jnz short loc_403B0A
xor edi, edi
inc edi
loc_403B0A: ; CODE XREF: sub_403AA0+65�j
add edi, 0Fh
and edi, 0FFFFFFF0h
push edi
loc_403B11: ; CODE XREF: sub_403AA0+51�j
push esi
push dword_4279A8
call ebx ; byte_44A845
loc_403B1A: ; CODE XREF: sub_403AA0+61�j
mov esi, eax
test esi, esi
jnz short loc_403B46
cmp dword_427D2C, eax
push 0Ch
pop edi
jz short loc_403B38
push ebp
call sub_408412
test eax, eax
pop ecx
jnz short loc_403AB7
jmp short loc_403B3F
; ---------------------------------------------------------------------------
loc_403B38: ; CODE XREF: sub_403AA0+89�j
call sub_405B83
mov [eax], edi
loc_403B3F: ; CODE XREF: sub_403AA0+96�j
call sub_405B83
mov [eax], edi
loc_403B46: ; CODE XREF: sub_403AA0+7E�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_403B4D: ; CODE XREF: sub_403AA0+8�j
push ebp
call sub_408412
pop ecx
call sub_405B83
mov dword ptr [eax], 0Ch
xor eax, eax
pop ebp
retn
sub_403AA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403B70 proc near ; CODE XREF: sub_41802D+84�p
; sub_418CAF+1B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_403BF0
mov dh, [ecx+1]
test dh, dh
jz short loc_403BDD
loc_403B88: ; CODE XREF: sub_403B70+58�j
; sub_403B70+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_403BAE
test al, al
jz short loc_403BA8
loc_403B9B: ; CODE XREF: sub_403B70+36�j
mov al, [esi]
add esi, 1
loc_403BA0: ; CODE XREF: sub_403B70+45�j
cmp al, dl
jz short loc_403BAE
test al, al
jnz short loc_403B9B
loc_403BA8: ; CODE XREF: sub_403B70+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403BAE: ; CODE XREF: sub_403B70+25�j
; sub_403B70+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_403BA0
lea edi, [esi-1]
loc_403BBA: ; CODE XREF: sub_403B70+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_403BE9
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_403B88
mov al, [ecx+3]
test al, al
jz short loc_403BE9
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_403BBA
jmp short loc_403B88
; ---------------------------------------------------------------------------
loc_403BDD: ; CODE XREF: sub_403B70+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_403C16
; ---------------------------------------------------------------------------
loc_403BE9: ; CODE XREF: sub_403B70+4F�j
; sub_403B70+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_403BF0: ; CODE XREF: sub_403B70+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_403B70 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_403C10
loc_403C00: ; CODE XREF: sub_403C10+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_403C10
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C10 proc near ; CODE XREF: sub_418B6F+B�p
; sub_418B86+35�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00403C00 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_403C16: ; CODE XREF: sub_403B70+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_403C3D
loc_403C28: ; CODE XREF: sub_403C10+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_403C00
test cl, cl
jz short loc_403C86
test edx, 3
jnz short loc_403C28
loc_403C3D: ; CODE XREF: sub_403C10+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_403C48: ; CODE XREF: sub_403C10+63�j
; sub_403C10+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_403C8A
and eax, 81010100h
jz short loc_403C48
and eax, 1010100h
jnz short loc_403C84
and esi, 80000000h
jnz short loc_403C48
loc_403C84: ; CODE XREF: sub_403C10+6A�j
; sub_403C10+83�j ...
pop esi
pop edi
loc_403C86: ; CODE XREF: sub_403C10+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403C8A: ; CODE XREF: sub_403C10+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_403CC7
test al, al
jz short loc_403C84
cmp ah, bl
jz short loc_403CC0
test ah, ah
jz short loc_403C84
shr eax, 10h
cmp al, bl
jz short loc_403CB9
test al, al
jz short loc_403C84
cmp ah, bl
jz short loc_403CB2
test ah, ah
jz short loc_403C84
jmp short loc_403C48
; ---------------------------------------------------------------------------
loc_403CB2: ; CODE XREF: sub_403C10+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403CB9: ; CODE XREF: sub_403C10+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403CC0: ; CODE XREF: sub_403C10+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403CC7: ; CODE XREF: sub_403C10+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_403C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403CD0 proc near ; CODE XREF: sub_417E66+104�p
; sub_41802D+D9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_403D6F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_403CFC
shr ecx, 2
jnz loc_403D7F
jmp short loc_403D23
; ---------------------------------------------------------------------------
loc_403CFC: ; CODE XREF: sub_403CD0+1F�j
; sub_403CD0+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_403D36
test al, al
jz short loc_403D3E
test esi, 3
jnz short loc_403CFC
mov ebx, ecx
shr ecx, 2
jnz short loc_403D7F
loc_403D1E: ; CODE XREF: sub_403CD0+AD�j
and ebx, 3
jz short loc_403D36
loc_403D23: ; CODE XREF: sub_403CD0+2A�j
; sub_403CD0+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_403D68
sub ebx, 1
jnz short loc_403D23
loc_403D36: ; CODE XREF: sub_403CD0+39�j
; sub_403CD0+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_403D3E: ; CODE XREF: sub_403CD0+3D�j
test edi, 3
jz short loc_403D5C
loc_403D46: ; CODE XREF: sub_403CD0+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_403DEC
test edi, 3
jnz short loc_403D46
loc_403D5C: ; CODE XREF: sub_403CD0+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_403DD7
loc_403D63: ; CODE XREF: sub_403CD0+9B�j
; sub_403CD0+116�j
mov [edi], al
add edi, 1
loc_403D68: ; CODE XREF: sub_403CD0+5F�j
sub ebx, 1
jnz short loc_403D63
pop ebx
pop esi
loc_403D6F: ; CODE XREF: sub_403CD0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_403D75: ; CODE XREF: sub_403CD0+C7�j
; sub_403CD0+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_403D1E
loc_403D7F: ; CODE XREF: sub_403CD0+24�j
; sub_403CD0+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_403D75
test dl, dl
jz short loc_403DC9
test dh, dh
jz short loc_403DBF
test edx, 0FF0000h
jz short loc_403DB5
test edx, 0FF000000h
jnz short loc_403D75
mov [edi], edx
jmp short loc_403DCD
; ---------------------------------------------------------------------------
loc_403DB5: ; CODE XREF: sub_403CD0+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_403DCD
; ---------------------------------------------------------------------------
loc_403DBF: ; CODE XREF: sub_403CD0+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_403DCD
; ---------------------------------------------------------------------------
loc_403DC9: ; CODE XREF: sub_403CD0+CB�j
xor edx, edx
mov [edi], edx
loc_403DCD: ; CODE XREF: sub_403CD0+E3�j
; sub_403CD0+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_403DE3
loc_403DD7: ; CODE XREF: sub_403CD0+91�j
xor eax, eax
loc_403DD9: ; CODE XREF: sub_403CD0+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_403DD9
loc_403DE3: ; CODE XREF: sub_403CD0+105�j
and ebx, 3
jnz loc_403D63
loc_403DEC: ; CODE XREF: sub_403CD0+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_403CD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DF4 proc near ; CODE XREF: sub_417E66+1D�p
; sub_417E66+5A�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_2C], eax
call sub_40574D
push 8
pop ecx
mov [ebp+var_28], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_403E25: ; CODE XREF: sub_403DF4+4A�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_403E25
mov edx, [ebp+var_2C]
test edx, edx
jnz short loc_403E54
mov eax, [ebp+var_28]
mov edx, [eax+18h]
jmp short loc_403E54
; ---------------------------------------------------------------------------
loc_403E4F: ; CODE XREF: sub_403DF4+77�j
test al, al
jz short loc_403E6D
inc edx
loc_403E54: ; CODE XREF: sub_403DF4+51�j
; sub_403DF4+59�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_403E4F
loc_403E6D: ; CODE XREF: sub_403DF4+5D�j
mov ebx, edx
jmp short loc_403E89
; ---------------------------------------------------------------------------
loc_403E71: ; CODE XREF: sub_403DF4+98�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_403E90
inc edx
loc_403E89: ; CODE XREF: sub_403DF4+7B�j
cmp byte ptr [edx], 0
jnz short loc_403E71
jmp short loc_403E94
; ---------------------------------------------------------------------------
loc_403E90: ; CODE XREF: sub_403DF4+92�j
mov byte ptr [edx], 0
inc edx
loc_403E94: ; CODE XREF: sub_403DF4+9A�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
pop edi
and eax, ebx
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_403DF4 endp
; =============== S U B R O U T I N E =======================================
sub_403EB3 proc near ; CODE XREF: sub_41B981+70�p
; sub_41B981+160�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_403EDA
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_403EDA: ; CODE XREF: sub_403EB3+9�j
mov eax, [eax+0Ch]
and eax, 10h
pop esi
retn
sub_403EB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EE2 proc near ; CODE XREF: sub_404078+A1�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
test edi, edi
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
jz loc_404032
cmp [ebp+arg_C], 0
jz loc_404032
imul edi, [ebp+arg_C]
mov esi, [ebp+arg_10]
test word ptr [esi+0Ch], 10Ch
mov [ebp+var_10], edi
mov ebx, edi
jz short loc_403F28
mov eax, [esi+18h]
mov [ebp+var_C], eax
jmp short loc_403F2F
; ---------------------------------------------------------------------------
loc_403F28: ; CODE XREF: sub_403EE2+3C�j
mov [ebp+var_C], 1000h
loc_403F2F: ; CODE XREF: sub_403EE2+44�j
test edi, edi
jz loc_403FFE
loc_403F37: ; CODE XREF: sub_403EE2+116�j
test word ptr [esi+0Ch], 10Ch
jz short loc_403F80
mov eax, [esi+4]
test eax, eax
jz short loc_403F80
jl loc_404063
cmp ebx, eax
mov edi, ebx
jb short loc_403F54
mov edi, eax
loc_403F54: ; CODE XREF: sub_403EE2+6E�j
cmp edi, [ebp+var_4]
ja loc_404003
push edi
push dword ptr [esi]
push [ebp+var_4]
push [ebp+var_8]
call sub_403332
sub [esi+4], edi
add [esi], edi
add [ebp+var_8], edi
sub ebx, edi
add esp, 10h
sub [ebp+var_4], edi
mov edi, [ebp+var_10]
jmp short loc_403FF6
; ---------------------------------------------------------------------------
loc_403F80: ; CODE XREF: sub_403EE2+5B�j
; sub_403EE2+62�j
cmp ebx, [ebp+var_C]
jb short loc_403FCE
cmp [ebp+var_C], 0
mov eax, ebx
jz short loc_403F96
xor edx, edx
div [ebp+var_C]
mov eax, ebx
sub eax, edx
loc_403F96: ; CODE XREF: sub_403EE2+A9�j
cmp eax, [ebp+var_4]
ja loc_404039
push eax
push [ebp+var_8]
push esi
call sub_408DD0
pop ecx
push eax
call sub_40A6FF
add esp, 0Ch
test eax, eax
jz loc_404072
cmp eax, 0FFFFFFFFh
jz loc_404063
add [ebp+var_8], eax
sub ebx, eax
sub [ebp+var_4], eax
jmp short loc_403FF6
; ---------------------------------------------------------------------------
loc_403FCE: ; CODE XREF: sub_403EE2+A1�j
push esi
call sub_40A03D
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_404067
cmp [ebp+var_4], 0
jz short loc_404039
mov ecx, [ebp+var_8]
inc [ebp+var_8]
mov [ecx], al
mov eax, [esi+18h]
dec ebx
dec [ebp+var_4]
mov [ebp+var_C], eax
loc_403FF6: ; CODE XREF: sub_403EE2+9C�j
; sub_403EE2+EA�j
test ebx, ebx
jnz loc_403F37
loc_403FFE: ; CODE XREF: sub_403EE2+4F�j
mov eax, [ebp+arg_C]
jmp short loc_404034
; ---------------------------------------------------------------------------
loc_404003: ; CODE XREF: sub_403EE2+75�j
xor esi, esi
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_40401A
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407F20
add esp, 0Ch
loc_40401A: ; CODE XREF: sub_403EE2+127�j
call sub_405B83
push esi
push esi
push esi
push esi
mov dword ptr [eax], 22h
push esi
loc_40402A: ; CODE XREF: sub_403EE2+17F�j
call sub_4032F9
add esp, 14h
loc_404032: ; CODE XREF: sub_403EE2+1A�j
; sub_403EE2+24�j
xor eax, eax
loc_404034: ; CODE XREF: sub_403EE2+11F�j
; sub_403EE2+18E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404039: ; CODE XREF: sub_403EE2+B7�j
; sub_403EE2+100�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_40404F
push [ebp+arg_4]
push 0
push [ebp+arg_0]
call sub_407F20
add esp, 0Ch
loc_40404F: ; CODE XREF: sub_403EE2+15B�j
call sub_405B83
mov dword ptr [eax], 22h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp short loc_40402A
; ---------------------------------------------------------------------------
loc_404063: ; CODE XREF: sub_403EE2+64�j
; sub_403EE2+DC�j
or dword ptr [esi+0Ch], 20h
loc_404067: ; CODE XREF: sub_403EE2+F6�j
; sub_403EE2+194�j
mov eax, edi
sub eax, ebx
xor edx, edx
div [ebp+arg_8]
jmp short loc_404034
; ---------------------------------------------------------------------------
loc_404072: ; CODE XREF: sub_403EE2+D3�j
or dword ptr [esi+0Ch], 10h
jmp short loc_404067
sub_403EE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404078 proc near ; CODE XREF: sub_40413F+12�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push 0Ch
push offset dword_4216F8
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
mov ebx, [ebp+arg_8]
cmp ebx, esi
jz short loc_4040BB
mov edi, [ebp+arg_C]
cmp edi, esi
jz short loc_4040BB
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jnz short loc_4040C3
loc_4040A3: ; CODE XREF: sub_404078+7A�j
; sub_404078+88�j
call sub_405B83
mov dword ptr [eax], 16h
push esi
push esi
push esi
push esi
push esi
call sub_4032F9
add esp, 14h
loc_4040BB: ; CODE XREF: sub_404078+16�j
; sub_404078+1D�j
xor eax, eax
loc_4040BD: ; CODE XREF: sub_404078+BB�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4040C3: ; CODE XREF: sub_404078+29�j
cmp [ebp+arg_10], esi
jz short loc_4040D3
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp edi, eax
jbe short loc_404102
loc_4040D3: ; CODE XREF: sub_404078+4E�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_4040E8
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407F20
add esp, 0Ch
loc_4040E8: ; CODE XREF: sub_404078+5F�j
xor eax, eax
cmp [ebp+arg_10], esi
setnz al
cmp eax, esi
jz short loc_4040A3
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp eax, edi
sbb eax, eax
inc eax
jz short loc_4040A3
loc_404102: ; CODE XREF: sub_404078+59�j
push [ebp+arg_10]
call sub_40850B
pop ecx
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_10]
push edi
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403EE2
add esp, 14h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404135
mov eax, [ebp+var_1C]
jmp short loc_4040BD
sub_404078 endp
; =============== S U B R O U T I N E =======================================
sub_404135 proc near ; CODE XREF: sub_404078+B3�p
push dword ptr [ebp+18h]
call sub_40855D
pop ecx
retn
sub_404135 endp
; =============== S U B R O U T I N E =======================================
sub_40413F proc near ; CODE XREF: sub_41B981+D6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push [esp+4+arg_8]
push [esp+8+arg_4]
push 0FFFFFFFFh
push [esp+10h+arg_0]
call sub_404078
add esp, 14h
retn
sub_40413F endp
; =============== S U B R O U T I N E =======================================
sub_40415A proc near ; CODE XREF: sub_40416B�j
; sub_410661+35�p
arg_0 = dword ptr 4
push 0Ah
push 0
push [esp+8+arg_0]
call sub_40AA06
add esp, 0Ch
retn
sub_40415A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40416B proc near ; CODE XREF: .text:00401EE7�p
; .text:00401EF6�p ...
jmp sub_40415A
sub_40416B endp
; =============== S U B R O U T I N E =======================================
sub_404170 proc near ; CODE XREF: .text:0041B52D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp dword_4356DC, 0
jz sub_40ACF3
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_4041A4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_4041A4: ; CODE XREF: sub_404170+23�j
lea esp, [esp+8]
jnz sub_40ACF3
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_41D3B0
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_41D3D0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jz short loc_404232
cmp eax, 0BFFh
jl short loc_40426A
psllq xmm1, xmm2
cmp eax, 0C32h
jg short loc_404203
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_404203: ; CODE XREF: sub_404170+86�j
; sub_404170+E1�j
ucomisd xmm7, xmm7
jnp short loc_40422D
mov edx, 3ECh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_40AA2F
add esp, 10h
loc_40422D: ; CODE XREF: sub_404170+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_404232: ; CODE XREF: sub_404170+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 6
cmp eax, 3FFh
jl short loc_404271
cmp eax, 432h
jg short loc_404203
andpd xmm0, oword ptr ds:oword_41D3A0
addsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40426A: ; CODE XREF: sub_404170+7B�j
fld ds:dbl_41D3E0
retn
; ---------------------------------------------------------------------------
loc_404271: ; CODE XREF: sub_404170+DA�j
cmppd xmm3, oword ptr ds:oword_41D3C0, 6
andpd xmm3, oword ptr ds:oword_41D3A0
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_404170 endp
; =============== S U B R O U T I N E =======================================
sub_40428D proc near ; CODE XREF: .text:00404332�p
; .text:004043CF�p ...
arg_0 = dword ptr 4
cmp dword_4274DC, 1
jnz short loc_40429B
call sub_40A004
loc_40429B: ; CODE XREF: sub_40428D+7�j
push [esp+arg_0]
call sub_409E64
push 0FFh
call sub_407C57
pop ecx
pop ecx
retn
sub_40428D endp
; =============== S U B R O U T I N E =======================================
sub_4042B1 proc near ; CODE XREF: .text:004043B7�p
cmp word ptr ds:400000h, 5A4Dh
jnz short loc_4042EF
mov eax, ds:40003Ch
cmp dword ptr [eax+400000h], 4550h
jnz short loc_4042EF
cmp word ptr [eax+400018h], 10Bh
jnz short loc_4042EF
cmp dword ptr [eax+400074h], 0Eh
jbe short loc_4042EF
xor ecx, ecx
cmp [eax+4000E8h], ecx
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4042EF: ; CODE XREF: sub_4042B1+9�j
; sub_4042B1+1A�j ...
xor eax, eax
retn
sub_4042B1 endp
; ---------------------------------------------------------------------------
loc_4042F2: ; CODE XREF: .text:004044D7�j
push 60h
push offset dword_421718
call __SEH_prolog4
and dword ptr [ebp-4], 0
lea eax, [ebp-70h]
push eax
call ds:off_41D1A8
mov dword ptr [ebp-4], 0FFFFFFFEh
mov edi, 94h
push edi
push 0
mov ebx, ds:off_41D0FC
call ebx ; dword_45047C
push eax
call ds:off_41D110
mov esi, eax
test esi, esi
jnz short loc_40433D
push 12h
call sub_40428D
pop ecx
jmp loc_4044C7
; ---------------------------------------------------------------------------
loc_40433D: ; CODE XREF: .text:0040432E�j
mov [esi], edi
push esi
call ds:off_41D068
push esi
push 0
test eax, eax
jnz short loc_40435B
call ebx ; dword_45047C
push eax
call ds:off_41D108
jmp loc_4044C7
; ---------------------------------------------------------------------------
loc_40435B: ; CODE XREF: .text:0040434B�j
mov eax, [esi+10h]
mov [ebp-20h], eax
mov eax, [esi+4]
mov [ebp-24h], eax
mov eax, [esi+8]
mov [ebp-28h], eax
mov edi, [esi+0Ch]
and edi, 7FFFh
call ebx ; dword_45047C
push eax
call ds:off_41D108
mov esi, [ebp-20h]
cmp esi, 2
jz short loc_40438D
or edi, 8000h
loc_40438D: ; CODE XREF: .text:00404385�j
mov ecx, [ebp-24h]
mov eax, ecx
shl eax, 8
mov edx, [ebp-28h]
add eax, edx
mov dword_4279B8, esi
mov dword_4279C0, eax
mov dword_4279C4, ecx
mov dword_4279C8, edx
mov dword_4279BC, edi
call sub_4042B1
mov [ebp-20h], eax
xor ebx, ebx
inc ebx
push ebx
call sub_405E33
pop ecx
test eax, eax
jnz short loc_4043D5
push 1Ch
call sub_40428D
pop ecx
loc_4043D5: ; CODE XREF: .text:004043CB�j
call sub_405886
test eax, eax
jnz short loc_4043E6
push 10h
call sub_40428D
pop ecx
loc_4043E6: ; CODE XREF: .text:004043DC�j
call sub_40B3F1
mov [ebp-4], ebx
call sub_408B90
test eax, eax
jge short loc_4043FF
push 1Bh
call sub_407C0D
pop ecx
loc_4043FF: ; CODE XREF: .text:004043F5�j
call ds:off_41D1A4
mov dword_436858, eax
call sub_40B2BC
mov dword_4274D4, eax
call sub_40B203
test eax, eax
jge short loc_404425
push 8
call sub_407C0D
pop ecx
loc_404425: ; CODE XREF: .text:0040441B�j
call sub_40AF90
test eax, eax
jge short loc_404436
push 9
call sub_407C0D
pop ecx
loc_404436: ; CODE XREF: .text:0040442C�j
push ebx
call sub_407D29
pop ecx
test eax, eax
jz short loc_404448
push eax
call sub_407C0D
pop ecx
loc_404448: ; CODE XREF: .text:0040443F�j
call sub_40AF33
test [ebp-44h], bl
jz short loc_404458
movzx ecx, word ptr [ebp-40h]
jmp short loc_40445B
; ---------------------------------------------------------------------------
loc_404458: ; CODE XREF: .text:00404450�j
push 0Ah
pop ecx
loc_40445B: ; CODE XREF: .text:00404456�j
push ecx
push eax
push 0
push 400000h
call sub_41C28D
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_404478
push eax
call sub_407E89
loc_404478: ; CODE XREF: .text:00404470�j
call sub_407EAB
jmp short loc_4044AD
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-2Ch], ecx
push eax
push ecx
call sub_40ADC4
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-2Ch]
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4044A8
push eax
call sub_407E9A
loc_4044A8: ; CODE XREF: .text:004044A0�j
call sub_407EBA
loc_4044AD: ; CODE XREF: .text:0040447D�j
mov dword ptr [ebp-4], 0FFFFFFFEh
mov eax, [ebp-1Ch]
jmp short loc_4044CC
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
loc_4044C7: ; CODE XREF: .text:00404338�j
; .text:00404356�j
mov eax, 0FFh
loc_4044CC: ; CODE XREF: .text:004044B7�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
call sub_40B439
jmp loc_4042F2
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4044E0 proc near ; CODE XREF: sub_402FCC+16�p
; sub_403032+21�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_404510
loc_4044EC: ; CODE XREF: sub_4044E0+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_404543
test ecx, 3
jnz short loc_4044EC
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_404510: ; CODE XREF: sub_4044E0+A�j
; sub_4044E0+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_404510
mov eax, [ecx-4]
test al, al
jz short loc_404561
test ah, ah
jz short loc_404557
test eax, 0FF0000h
jz short loc_40454D
test eax, 0FF000000h
jz short loc_404543
jmp short loc_404510
; ---------------------------------------------------------------------------
loc_404543: ; CODE XREF: sub_4044E0+13�j
; sub_4044E0+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40454D: ; CODE XREF: sub_4044E0+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_404557: ; CODE XREF: sub_4044E0+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_404561: ; CODE XREF: sub_4044E0+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4044E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40456B proc near ; CODE XREF: sub_40121E+58�p
; .text:0040151E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41D3E8
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
test eax, eax
pop edi
mov [ebp+var_4], eax
pop esi
jz short loc_40459E
test byte ptr [eax], 8
jz short loc_40459E
mov [ebp+var_C], 1994000h
loc_40459E: ; CODE XREF: sub_40456B+25�j
; sub_40456B+2A�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:off_41D1AC
leave
retn 8
sub_40456B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045B5 proc near ; CODE XREF: sub_40BC58+65�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov ebp, [ebp+var_4]
mov esp, [ebx-4]
jmp eax
sub_4045B5 endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4045E5 proc near ; CODE XREF: sub_40B771+31�p
; sub_40BBC7+59�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4045E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045EC proc near ; CODE XREF: sub_404779+69�p
; sub_40BC58:loc_40BC80�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_404615
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_413D26
loc_404615: ; DATA XREF: sub_4045EC+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4045EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40463E proc near ; CODE XREF: .text:0041C8B9�j
; .text:0041C8D4�j ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cld
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push [ebp+var_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C124
add esp, 20h
mov [ebp+var_8], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_40463E endp
; ---------------------------------------------------------------------------
loc_404674: ; DATA XREF: sub_40491E+24�o
push esi
cld
mov esi, [esp+0Ch]
mov ecx, [esi+8]
xor ecx, esi
call sub_402AD0
push 0
push esi
push dword ptr [esi+14h]
push dword ptr [esi+0Ch]
push 0
push dword ptr [esp+24h]
push dword ptr [esi+10h]
push dword ptr [esp+24h]
call sub_40C124
add esp, 20h
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046A4 proc near ; CODE XREF: sub_404779+81�p
; sub_40BCC4+53�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_4046C6
mov eax, offset loc_40474D
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_404776
; ---------------------------------------------------------------------------
loc_4046C6: ; CODE XREF: sub_4046A4+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_404779
mov eax, dword_423064
lea ecx, [ebp+var_28]
xor eax, ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_38], 1
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov eax, [ebp+arg_8]
mov [ebp+var_30], eax
call sub_40574D
mov eax, [eax+80h]
mov [ebp+var_2C], eax
lea eax, [ebp+var_34]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call [ebp+var_2C]
pop ecx
pop ecx
and [ebp+var_38], 0
loc_40474D: ; DATA XREF: sub_4046A4+10�o
cmp [ebp+var_4], 0
jz short loc_40476A
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_404773
; ---------------------------------------------------------------------------
loc_40476A: ; CODE XREF: sub_4046A4+AD�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_404773: ; CODE XREF: sub_4046A4+C4�j
mov eax, [ebp+var_38]
loc_404776: ; CODE XREF: sub_4046A4+1D�j
pop ebx
leave
retn
sub_4046A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404779 proc near ; DATA XREF: sub_4046A4+26�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
xor ecx, [ebp+arg_4]
call sub_402AD0
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_4047A9
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_404813
; ---------------------------------------------------------------------------
jmp short loc_404813
; ---------------------------------------------------------------------------
loc_4047A9: ; CODE XREF: sub_404779+1D�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_40C124
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4047E7
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4045EC
loc_4047E7: ; CODE XREF: sub_404779+61�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_4046A4
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_404813: ; CODE XREF: sub_404779+2C�j
; sub_404779+2E�j
pop ebx
leave
retn
sub_404779 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404816 proc near ; CODE XREF: sub_40BCC4+81�p
; sub_40BDB6+1C6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, [edi+10h]
mov esi, [edi+0Ch]
mov [ebp+var_4], eax
mov ebx, esi
jmp short loc_40485A
; ---------------------------------------------------------------------------
loc_40482D: ; CODE XREF: sub_404816+4B�j
cmp esi, 0FFFFFFFFh
jnz short loc_404837
call sub_40C254
loc_404837: ; CODE XREF: sub_404816+1A�j
mov ecx, [ebp+var_4]
dec esi
mov eax, esi
imul eax, 14h
add eax, ecx
mov ecx, [ebp+arg_8]
cmp [eax+4], ecx
jge short loc_40484F
cmp ecx, [eax+8]
jle short loc_404854
loc_40484F: ; CODE XREF: sub_404816+32�j
cmp esi, 0FFFFFFFFh
jnz short loc_40485D
loc_404854: ; CODE XREF: sub_404816+37�j
dec [ebp+arg_4]
mov ebx, [ebp+arg_0]
loc_40485A: ; CODE XREF: sub_404816+15�j
mov [ebp+arg_0], esi
loc_40485D: ; CODE XREF: sub_404816+3C�j
cmp [ebp+arg_4], 0
jge short loc_40482D
mov eax, [ebp+arg_C]
inc esi
mov [eax], esi
mov eax, [ebp+arg_10]
mov [eax], ebx
cmp ebx, [edi+0Ch]
ja short loc_404877
cmp esi, ebx
jbe short loc_40487C
loc_404877: ; CODE XREF: sub_404816+5B�j
call sub_40C254
loc_40487C: ; CODE XREF: sub_404816+5F�j
mov eax, esi
imul eax, 14h
add eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_404816 endp
; =============== S U B R O U T I N E =======================================
sub_404889 proc near ; CODE XREF: sub_40B8AC+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_40574D
mov eax, [eax+98h]
mov [esi+4], eax
call sub_40574D
mov [eax+98h], esi
mov eax, esi
pop esi
retn
sub_404889 endp
; =============== S U B R O U T I N E =======================================
sub_4048B1 proc near ; CODE XREF: sub_40B9D2+60�p
arg_0 = dword ptr 4
call sub_40574D
mov eax, [eax+98h]
jmp short loc_4048C9
; ---------------------------------------------------------------------------
loc_4048BE: ; CODE XREF: sub_4048B1+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_4048CF
mov eax, [eax+4]
loc_4048C9: ; CODE XREF: sub_4048B1+B�j
test eax, eax
jnz short loc_4048BE
inc eax
retn
; ---------------------------------------------------------------------------
loc_4048CF: ; CODE XREF: sub_4048B1+13�j
xor eax, eax
retn
sub_4048B1 endp
; =============== S U B R O U T I N E =======================================
sub_4048D2 proc near ; CODE XREF: sub_40B9D2+9�p
arg_0 = dword ptr 4
push esi
call sub_40574D
mov esi, [esp+4+arg_0]
cmp esi, [eax+98h]
jnz short loc_4048F4
call sub_40574D
mov ecx, [esi+4]
mov [eax+98h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4048F4: ; CODE XREF: sub_4048D2+10�j
call sub_40574D
mov eax, [eax+98h]
jmp short loc_40490A
; ---------------------------------------------------------------------------
loc_404901: ; CODE XREF: sub_4048D2+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_404916
mov eax, ecx
loc_40490A: ; CODE XREF: sub_4048D2+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_404901
pop esi
jmp sub_40C254
; ---------------------------------------------------------------------------
loc_404916: ; CODE XREF: sub_4048D2+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_4048D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40491E proc near ; CODE XREF: sub_40B8AC+7F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
and [ebp+var_18], 0
lea ecx, [ebp+var_18]
xor eax, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset loc_404674
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_40C2A0
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_40491E endp
; =============== S U B R O U T I N E =======================================
sub_40497C proc near ; CODE XREF: sub_401065+7�p
; sub_40121E+7�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, dword_423064
xor eax, ebp
push eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_40497C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4049AF proc near ; CODE XREF: sub_401442+7�p
; sub_40B863+7�p
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, dword_423064
xor eax, ebp
push eax
mov [ebp-10h], esp
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4049AF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4049E5 proc near ; CODE XREF: .text:00401785�p
; .text:004019FD�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, dword_423064
xor eax, ebp
push eax
mov [ebp-10h], eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4049E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A1B proc near ; CODE XREF: sub_401065+2D�p
; sub_40121E+6B�p ...
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
retn
sub_404A1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A2F proc near ; CODE XREF: .text:loc_4019EB�p
; .text:loc_401C15�p ...
mov ecx, [ebp-10h]
xor ecx, ebp
call sub_402AD0
jmp sub_404A1B
sub_404A2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A3E proc near ; CODE XREF: sub_402AD0:loc_402ADA�j
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 328h
mov dword_4275E8, eax
mov dword_4275E4, ecx
mov dword_4275E0, edx
mov dword_4275DC, ebx
mov dword_4275D8, esi
mov dword_4275D4, edi
mov word_427600, ss
mov word_4275F4, cs
mov word_4275D0, ds
mov word_4275CC, es
mov word_4275C8, fs
mov word_4275C4, gs
pushf
pop dword_4275F8
mov eax, [ebp+0]
mov dword_4275EC, eax
mov eax, [ebp+4]
mov dword_4275F0, eax
lea eax, [ebp+arg_0]
mov dword_4275FC, eax
mov eax, [ebp+var_320]
mov dword_427538, 10001h
mov eax, dword_4275F0
mov dword_4274EC, eax
mov dword_4274E0, 0C0000409h
mov dword_4274E4, 1
mov eax, dword_423064
mov [ebp+var_328], eax
mov eax, dword_423068
mov [ebp+var_324], eax
call ds:off_41D08C
mov dword_427530, eax
push 1
call sub_407F15
pop ecx
push 0
call ds:off_41D19C
push offset off_41D408
call ds:off_41D198
cmp dword_427530, 0
jnz short loc_404B2E
push 1
call sub_407F15
pop ecx
loc_404B2E: ; CODE XREF: sub_404A3E+E6�j
push 0C0000409h
call ds:off_41D0C8
push eax
call ds:off_41D0F4
leave
retn
sub_404A3E endp
; =============== S U B R O U T I N E =======================================
sub_404B42 proc near ; CODE XREF: sub_404E6E+11E�p
; sub_404E6E+173�p
sub eax, 3A4h
jz short loc_404B6B
sub eax, 4
jz short loc_404B65
sub eax, 0Dh
jz short loc_404B5F
dec eax
jz short loc_404B59
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_404B59: ; CODE XREF: sub_404B42+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_404B5F: ; CODE XREF: sub_404B42+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_404B65: ; CODE XREF: sub_404B42+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_404B6B: ; CODE XREF: sub_404B42+5�j
mov eax, 411h
retn
sub_404B42 endp
; =============== S U B R O U T I N E =======================================
sub_404B71 proc near ; CODE XREF: sub_404E6E+2B�p
push ebx
push ebp
push esi
push edi
mov ebp, 101h
mov esi, eax
push ebp
xor edi, edi
lea ebx, [esi+1Ch]
push edi
push ebx
call sub_407F20
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
xor eax, eax
lea edi, [esi+10h]
stosd
stosd
stosd
mov eax, offset dword_423070
add esp, 0Ch
sub eax, esi
loc_404BA4: ; CODE XREF: sub_404B71+3A�j
mov cl, [eax+ebx]
mov [ebx], cl
inc ebx
dec ebp
jnz short loc_404BA4
lea ecx, [esi+11Dh]
mov esi, 100h
loc_404BB8: ; CODE XREF: sub_404B71+4E�j
mov dl, [ecx+eax]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_404BB8
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404B71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=49Ch
sub_404BC6 proc near ; CODE XREF: sub_404E6E+141�p
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_512 = byte ptr -512h
var_511 = byte ptr -511h
var_504 = word ptr -504h
var_304 = byte ptr -304h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-49Ch]
sub esp, 51Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+49Ch+var_4], eax
push ebx
push edi
lea eax, [ebp+49Ch+var_518]
push eax
push dword ptr [esi+4]
call ds:off_41D1B4
test eax, eax
mov edi, 100h
jz loc_404CEC
xor eax, eax
loc_404BFF: ; CODE XREF: sub_404BC6+43�j
mov [ebp+eax+49Ch+var_104], al
inc eax
cmp eax, edi
jb short loc_404BFF
mov al, [ebp+49Ch+var_512]
test al, al
mov [ebp+49Ch+var_104], 20h
jz short loc_404C44
lea ebx, [ebp+49Ch+var_511]
loc_404C1C: ; CODE XREF: sub_404BC6+7C�j
movzx ecx, al
movzx eax, byte ptr [ebx]
cmp ecx, eax
ja short loc_404C3C
sub eax, ecx
inc eax
push eax
lea edx, [ebp+ecx+49Ch+var_104]
push 20h
push edx
call sub_407F20
add esp, 0Ch
loc_404C3C: ; CODE XREF: sub_404BC6+5E�j
inc ebx
mov al, [ebx]
inc ebx
test al, al
jnz short loc_404C1C
loc_404C44: ; CODE XREF: sub_404BC6+51�j
push 0
push dword ptr [esi+0Ch]
lea eax, [ebp+49Ch+var_504]
push dword ptr [esi+4]
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 1
push 0
call sub_40C8A4
xor ebx, ebx
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_204]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push edi
push dword ptr [esi+0Ch]
push ebx
call sub_40C6A9
add esp, 44h
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_304]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 200h
push dword ptr [esi+0Ch]
push ebx
call sub_40C6A9
add esp, 24h
xor eax, eax
loc_404CAB: ; CODE XREF: sub_404BC6+122�j
movzx ecx, [ebp+eax*2+49Ch+var_504]
test cl, 1
jz short loc_404CC3
or byte ptr [esi+eax+1Dh], 10h
mov cl, [ebp+eax+49Ch+var_204]
jmp short loc_404CD4
; ---------------------------------------------------------------------------
loc_404CC3: ; CODE XREF: sub_404BC6+ED�j
test cl, 2
jz short loc_404CDD
or byte ptr [esi+eax+1Dh], 20h
mov cl, [ebp+eax+49Ch+var_304]
loc_404CD4: ; CODE XREF: sub_404BC6+FB�j
mov [esi+eax+11Dh], cl
jmp short loc_404CE5
; ---------------------------------------------------------------------------
loc_404CDD: ; CODE XREF: sub_404BC6+100�j
mov byte ptr [esi+eax+11Dh], 0
loc_404CE5: ; CODE XREF: sub_404BC6+115�j
inc eax
cmp eax, edi
jb short loc_404CAB
jmp short loc_404D39
; ---------------------------------------------------------------------------
loc_404CEC: ; CODE XREF: sub_404BC6+31�j
lea eax, [esi+11Dh]
mov [ebp+49Ch+var_51C], 0FFFFFF9Fh
xor ecx, ecx
sub [ebp+49Ch+var_51C], eax
loc_404CFE: ; CODE XREF: sub_404BC6+171�j
mov edx, [ebp+49Ch+var_51C]
lea eax, [esi+ecx+11Dh]
add edx, eax
lea ebx, [edx+20h]
cmp ebx, 19h
ja short loc_404D1E
or byte ptr [esi+ecx+1Dh], 10h
mov dl, cl
add dl, 20h
jmp short loc_404D2D
; ---------------------------------------------------------------------------
loc_404D1E: ; CODE XREF: sub_404BC6+14A�j
cmp edx, 19h
ja short loc_404D31
or byte ptr [esi+ecx+1Dh], 20h
mov dl, cl
sub dl, 20h
loc_404D2D: ; CODE XREF: sub_404BC6+156�j
mov [eax], dl
jmp short loc_404D34
; ---------------------------------------------------------------------------
loc_404D31: ; CODE XREF: sub_404BC6+15B�j
mov byte ptr [eax], 0
loc_404D34: ; CODE XREF: sub_404BC6+169�j
inc ecx
cmp ecx, edi
jb short loc_404CFE
loc_404D39: ; CODE XREF: sub_404BC6+124�j
mov ecx, [ebp+49Ch+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 49Ch
leave
retn
sub_404BC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D50 proc near ; CODE XREF: sub_402ADF+57�p
; sub_405019+1A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421740
call __SEH_prolog4
call sub_40574D
mov edi, eax
mov eax, dword_423594
test [edi+70h], eax
jz short loc_404D8A
cmp dword ptr [edi+6Ch], 0
jz short loc_404D8A
mov esi, [edi+68h]
loc_404D76: ; CODE XREF: sub_404D50+96�j
test esi, esi
jnz short loc_404D82
push 20h
call sub_407C0D
pop ecx
loc_404D82: ; CODE XREF: sub_404D50+28�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_404D8A: ; CODE XREF: sub_404D50+1B�j
; sub_404D50+21�j
push 0Dh
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [edi+68h]
mov [ebp+var_1C], esi
cmp esi, dword_423498
jz short loc_404DDA
test esi, esi
jz short loc_404DC2
push esi
call ds:off_41D18C
test eax, eax
jnz short loc_404DC2
cmp esi, offset dword_423070
jz short loc_404DC2
push esi
call sub_4039C3
pop ecx
loc_404DC2: ; CODE XREF: sub_404D50+56�j
; sub_404D50+61�j ...
mov eax, dword_423498
mov [edi+68h], eax
mov esi, dword_423498
mov [ebp+var_1C], esi
push esi
call ds:off_41D1B8
loc_404DDA: ; CODE XREF: sub_404D50+52�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404DEB
jmp short loc_404D76
sub_404D50 endp
; ---------------------------------------------------------------------------
mov esi, [ebp-1Ch]
; =============== S U B R O U T I N E =======================================
sub_404DEB proc near ; CODE XREF: sub_404D50+91�p
push 0Dh
call sub_405CCF
pop ecx
retn
sub_404DEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DF4 proc near ; CODE XREF: sub_404E6E+19�p
; sub_405019+25�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
lea ecx, [ebp+var_10]
call sub_402ADF
cmp esi, 0FFFFFFFEh
mov dword_427804, ebx
jnz short loc_404E2F
mov dword_427804, 1
call ds:off_41D184
loc_404E21: ; CODE XREF: sub_404DF4+50�j
; sub_404DF4+67�j
cmp [ebp+var_4], bl
jz short loc_404E6B
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_404E6B
; ---------------------------------------------------------------------------
loc_404E2F: ; CODE XREF: sub_404DF4+1B�j
cmp esi, 0FFFFFFFDh
jnz short loc_404E46
mov dword_427804, 1
call ds:off_41D188
jmp short loc_404E21
; ---------------------------------------------------------------------------
loc_404E46: ; CODE XREF: sub_404DF4+3E�j
cmp esi, 0FFFFFFFCh
jnz short loc_404E5D
mov eax, [ebp+var_10]
mov eax, [eax+4]
mov dword_427804, 1
jmp short loc_404E21
; ---------------------------------------------------------------------------
loc_404E5D: ; CODE XREF: sub_404DF4+55�j
cmp [ebp+var_4], bl
jz short loc_404E69
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_404E69: ; CODE XREF: sub_404DF4+6C�j
mov eax, esi
loc_404E6B: ; CODE XREF: sub_404DF4+30�j
; sub_404DF4+39�j
pop ebx
leave
retn
sub_404DF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E6E proc near ; CODE XREF: sub_405019+5E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
call sub_404DF4
mov edi, eax
xor esi, esi
cmp edi, esi
mov [ebp+arg_0], edi
jnz short loc_404EA5
loc_404E97: ; CODE XREF: sub_404E6E+193�j
mov eax, ebx
call sub_404B71
loc_404E9E: ; CODE XREF: sub_404E6E+146�j
xor eax, eax
jmp loc_40500A
; ---------------------------------------------------------------------------
loc_404EA5: ; CODE XREF: sub_404E6E+27�j
mov [ebp+var_1C], esi
xor eax, eax
loc_404EAA: ; CODE XREF: sub_404E6E+4F�j
cmp dword_4234A0[eax], edi
jz short loc_404F19
inc [ebp+var_1C]
add eax, 30h
cmp eax, 0F0h
jb short loc_404EAA
lea eax, [ebp+var_18]
push eax
push edi
call ds:off_41D1B4
test eax, eax
jz loc_404FFB
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407F20
xor edx, edx
inc edx
add esp, 0Ch
cmp [ebp+var_18], edx
mov [ebx+4], edi
mov [ebx+0Ch], esi
jbe loc_404FEE
cmp [ebp+var_12], 0
jz loc_404FCF
lea esi, [ebp+var_11]
loc_404F03: ; CODE XREF: sub_404E6E+15B�j
mov cl, [esi]
test cl, cl
jz loc_404FCF
movzx eax, byte ptr [esi-1]
movzx ecx, cl
jmp loc_404FBF
; ---------------------------------------------------------------------------
loc_404F19: ; CODE XREF: sub_404E6E+42�j
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407F20
mov ecx, [ebp+var_1C]
add esp, 0Ch
imul ecx, 30h
mov [ebp+var_20], esi
lea esi, dword_4234B0[ecx]
mov [ebp+var_1C], esi
jmp short loc_404F69
; ---------------------------------------------------------------------------
loc_404F3F: ; CODE XREF: sub_404E6E+FE�j
mov al, [esi+1]
test al, al
jz short loc_404F6E
movzx edi, byte ptr [esi]
movzx eax, al
jmp short loc_404F60
; ---------------------------------------------------------------------------
loc_404F4E: ; CODE XREF: sub_404E6E+F4�j
mov eax, [ebp+var_20]
mov al, byte_42349C[eax]
or [ebx+edi+1Dh], al
movzx eax, byte ptr [esi+1]
inc edi
loc_404F60: ; CODE XREF: sub_404E6E+DE�j
cmp edi, eax
jbe short loc_404F4E
mov edi, [ebp+arg_0]
inc esi
inc esi
loc_404F69: ; CODE XREF: sub_404E6E+CF�j
; sub_404E6E+110�j
cmp byte ptr [esi], 0
jnz short loc_404F3F
loc_404F6E: ; CODE XREF: sub_404E6E+D6�j
mov esi, [ebp+var_1C]
inc [ebp+var_20]
add esi, 8
cmp [ebp+var_20], 4
mov [ebp+var_1C], esi
jb short loc_404F69
mov eax, edi
mov [ebx+4], edi
mov dword ptr [ebx+8], 1
call sub_404B42
push 6
mov [ebx+0Ch], eax
lea eax, [ebx+10h]
lea ecx, dword_4234A4[ecx]
pop edx
loc_404FA0: ; CODE XREF: sub_404E6E+13D�j
mov si, [ecx]
inc ecx
mov [eax], si
inc ecx
inc eax
inc eax
dec edx
jnz short loc_404FA0
loc_404FAD: ; CODE XREF: sub_404E6E+18B�j
mov esi, ebx
call sub_404BC6
jmp loc_404E9E
; ---------------------------------------------------------------------------
loc_404FB9: ; CODE XREF: sub_404E6E+153�j
or byte ptr [ebx+eax+1Dh], 4
inc eax
loc_404FBF: ; CODE XREF: sub_404E6E+A6�j
cmp eax, ecx
jbe short loc_404FB9
inc esi
inc esi
cmp byte ptr [esi-1], 0
jnz loc_404F03
loc_404FCF: ; CODE XREF: sub_404E6E+8C�j
; sub_404E6E+99�j
lea eax, [ebx+1Eh]
mov ecx, 0FEh
loc_404FD7: ; CODE XREF: sub_404E6E+16E�j
or byte ptr [eax], 8
inc eax
dec ecx
jnz short loc_404FD7
mov eax, [ebx+4]
call sub_404B42
mov [ebx+0Ch], eax
mov [ebx+8], edx
jmp short loc_404FF1
; ---------------------------------------------------------------------------
loc_404FEE: ; CODE XREF: sub_404E6E+82�j
mov [ebx+8], esi
loc_404FF1: ; CODE XREF: sub_404E6E+17E�j
xor eax, eax
lea edi, [ebx+10h]
stosd
stosd
stosd
jmp short loc_404FAD
; ---------------------------------------------------------------------------
loc_404FFB: ; CODE XREF: sub_404E6E+5E�j
cmp dword_427804, esi
jnz loc_404E97
or eax, 0FFFFFFFFh
loc_40500A: ; CODE XREF: sub_404E6E+32�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_404E6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405019 proc near ; CODE XREF: sub_4051B3+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00405185 SIZE 0000002E BYTES
push 14h
push offset dword_421760
call __SEH_prolog4
or [ebp+var_20], 0FFFFFFFFh
call sub_40574D
mov edi, eax
mov [ebp+var_24], edi
call sub_404D50
mov ebx, [edi+68h]
mov esi, [ebp+arg_0]
call sub_404DF4
mov [ebp+arg_0], eax
cmp eax, [ebx+4]
jz loc_4051A6
push 220h
call sub_407AEA
pop ecx
mov ebx, eax
test ebx, ebx
jz loc_4051AA
mov ecx, 88h
mov esi, [edi+68h]
mov edi, ebx
rep movsd
and dword ptr [ebx], 0
push ebx
push [ebp+arg_0]
call sub_404E6E
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz loc_405185
mov esi, [ebp+var_24]
push dword ptr [esi+68h]
call ds:off_41D18C
test eax, eax
jnz short loc_4050AA
mov eax, [esi+68h]
cmp eax, offset dword_423070
jz short loc_4050AA
push eax
call sub_4039C3
pop ecx
loc_4050AA: ; CODE XREF: sub_405019+7E�j
; sub_405019+88�j
mov [esi+68h], ebx
push ebx
mov edi, ds:off_41D1B8
call edi ; byte_43D2CF
test byte ptr [esi+70h], 2
jnz loc_4051AA
test byte ptr dword_423594, 1
jnz loc_4051AA
push 0Dh
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebx+4]
mov dword_427814, eax
mov eax, [ebx+8]
mov dword_427818, eax
mov eax, [ebx+0Ch]
mov dword_42781C, eax
xor eax, eax
loc_4050F3: ; CODE XREF: sub_405019+F0�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_40510B
mov cx, [ebx+eax*2+10h]
mov word_427808[eax*2], cx
inc eax
jmp short loc_4050F3
; ---------------------------------------------------------------------------
loc_40510B: ; CODE XREF: sub_405019+E0�j
xor eax, eax
loc_40510D: ; CODE XREF: sub_405019+109�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_405124
mov cl, [eax+ebx+1Ch]
mov byte_423290[eax], cl
inc eax
jmp short loc_40510D
; ---------------------------------------------------------------------------
loc_405124: ; CODE XREF: sub_405019+FC�j
xor eax, eax
loc_405126: ; CODE XREF: sub_405019+125�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_405140
mov cl, [eax+ebx+11Dh]
mov byte_423398[eax], cl
inc eax
jmp short loc_405126
; ---------------------------------------------------------------------------
loc_405140: ; CODE XREF: sub_405019+115�j
push dword_423498
call ds:off_41D18C
test eax, eax
jnz short loc_405163
mov eax, dword_423498
cmp eax, offset dword_423070
jz short loc_405163
push eax
call sub_4039C3
pop ecx
loc_405163: ; CODE XREF: sub_405019+135�j
; sub_405019+141�j
mov dword_423498, ebx
push ebx
call edi ; byte_43D2CF
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40517A
jmp short loc_4051AA
sub_405019 endp
; =============== S U B R O U T I N E =======================================
sub_40517A proc near ; CODE XREF: sub_405019+15A�p
push 0Dh
call sub_405CCF
pop ecx
retn
sub_40517A endp
; ---------------------------------------------------------------------------
jmp short loc_4051AA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_405019
loc_405185: ; CODE XREF: sub_405019+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_4051AA
cmp ebx, offset dword_423070
jz short loc_405199
push ebx
call sub_4039C3
pop ecx
loc_405199: ; CODE XREF: sub_405019+177�j
call sub_405B83
mov dword ptr [eax], 16h
jmp short loc_4051AA
; ---------------------------------------------------------------------------
loc_4051A6: ; CODE XREF: sub_405019+30�j
and [ebp+var_20], 0
loc_4051AA: ; CODE XREF: sub_405019+45�j
; sub_405019+A1�j ...
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_405019
; =============== S U B R O U T I N E =======================================
sub_4051B3 proc near ; CODE XREF: sub_40AF33+C�p
; sub_40AF90+D�p ...
cmp dword_436834, 0
jnz short loc_4051CE
push 0FFFFFFFDh
call sub_405019
pop ecx
mov dword_436834, 1
loc_4051CE: ; CODE XREF: sub_4051B3+7�j
xor eax, eax
retn
sub_4051B3 endp
; =============== S U B R O U T I N E =======================================
sub_4051D1 proc near ; CODE XREF: sub_405423+31�p
; sub_405765+E8�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+0BCh]
xor ebp, ebp
cmp eax, ebp
push edi
jz short loc_405254
cmp eax, offset dword_423F38
jz short loc_405254
mov eax, [esi+0B0h]
cmp eax, ebp
jz short loc_405254
cmp [eax], ebp
jnz short loc_405254
mov eax, [esi+0B8h]
cmp eax, ebp
jz short loc_40521B
cmp [eax], ebp
jnz short loc_40521B
push eax
call sub_4039C3
push dword ptr [esi+0BCh]
call sub_40CAB4
pop ecx
pop ecx
loc_40521B: ; CODE XREF: sub_4051D1+31�j
; sub_4051D1+35�j
mov eax, [esi+0B4h]
cmp eax, ebp
jz short loc_40523C
cmp [eax], ebp
jnz short loc_40523C
push eax
call sub_4039C3
push dword ptr [esi+0BCh]
call sub_40CA74
pop ecx
pop ecx
loc_40523C: ; CODE XREF: sub_4051D1+52�j
; sub_4051D1+56�j
push dword ptr [esi+0B0h]
call sub_4039C3
push dword ptr [esi+0BCh]
call sub_4039C3
pop ecx
pop ecx
loc_405254: ; CODE XREF: sub_4051D1+12�j
; sub_4051D1+19�j ...
mov eax, [esi+0C0h]
cmp eax, ebp
jz short loc_4052A2
cmp [eax], ebp
jnz short loc_4052A2
mov eax, [esi+0C4h]
sub eax, 0FEh
push eax
call sub_4039C3
mov eax, [esi+0CCh]
mov edi, 80h
sub eax, edi
push eax
call sub_4039C3
mov eax, [esi+0D0h]
sub eax, edi
push eax
call sub_4039C3
push dword ptr [esi+0C0h]
call sub_4039C3
add esp, 10h
loc_4052A2: ; CODE XREF: sub_4051D1+8B�j
; sub_4051D1+8F�j
lea edi, [esi+0D4h]
mov eax, [edi]
cmp eax, offset dword_423E78
jz short loc_4052C8
cmp [eax+0B4h], ebp
jnz short loc_4052C8
push eax
call sub_40C8E4
push dword ptr [edi]
call sub_4039C3
pop ecx
pop ecx
loc_4052C8: ; CODE XREF: sub_4051D1+DE�j
; sub_4051D1+E6�j
push 6
lea edi, [esi+50h]
pop ebx
loc_4052CE: ; CODE XREF: sub_4051D1+132�j
cmp dword ptr [edi-8], offset dword_423598
jz short loc_4052E8
mov eax, [edi]
cmp eax, ebp
jz short loc_4052E8
cmp [eax], ebp
jnz short loc_4052E8
push eax
call sub_4039C3
pop ecx
loc_4052E8: ; CODE XREF: sub_4051D1+104�j
; sub_4051D1+10A�j ...
cmp [edi-4], ebp
jz short loc_4052FF
mov eax, [edi+4]
cmp eax, ebp
jz short loc_4052FF
cmp [eax], ebp
jnz short loc_4052FF
push eax
call sub_4039C3
pop ecx
loc_4052FF: ; CODE XREF: sub_4051D1+11A�j
; sub_4051D1+121�j ...
add edi, 10h
dec ebx
jnz short loc_4052CE
push esi
call sub_4039C3
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4051D1 endp
; =============== S U B R O U T I N E =======================================
sub_405311 proc near ; CODE XREF: sub_405423+12�p
; sub_405616+93�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, ds:off_41D1B8
push esi
call edi ; byte_43D2CF
mov eax, [esi+0B0h]
test eax, eax
jz short loc_40532F
push eax
call edi ; byte_43D2CF
loc_40532F: ; CODE XREF: sub_405311+19�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_40533C
push eax
call edi ; byte_43D2CF
loc_40533C: ; CODE XREF: sub_405311+26�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_405349
push eax
call edi ; byte_43D2CF
loc_405349: ; CODE XREF: sub_405311+33�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_405356
push eax
call edi ; byte_43D2CF
loc_405356: ; CODE XREF: sub_405311+40�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_40535C: ; CODE XREF: sub_405311+71�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_40536E
mov eax, [ebx]
test eax, eax
jz short loc_40536E
push eax
call edi ; byte_43D2CF
loc_40536E: ; CODE XREF: sub_405311+52�j
; sub_405311+58�j
cmp dword ptr [ebx-4], 0
jz short loc_40537E
mov eax, [ebx+4]
test eax, eax
jz short loc_40537E
push eax
call edi ; byte_43D2CF
loc_40537E: ; CODE XREF: sub_405311+61�j
; sub_405311+68�j
add ebx, 10h
dec ebp
jnz short loc_40535C
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; byte_43D2CF
pop edi
pop esi
pop ebp
pop ebx
retn
sub_405311 endp
; =============== S U B R O U T I N E =======================================
sub_405397 proc near ; CODE XREF: sub_405423+1D�p
; sub_405765+CC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40541F
push ebx
push ebp
push edi
mov edi, ds:off_41D18C
push esi
call edi ; byte_456FCF
mov eax, [esi+0B0h]
test eax, eax
jz short loc_4053B9
push eax
call edi ; byte_456FCF
loc_4053B9: ; CODE XREF: sub_405397+1D�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_4053C6
push eax
call edi ; byte_456FCF
loc_4053C6: ; CODE XREF: sub_405397+2A�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_4053D3
push eax
call edi ; byte_456FCF
loc_4053D3: ; CODE XREF: sub_405397+37�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_4053E0
push eax
call edi ; byte_456FCF
loc_4053E0: ; CODE XREF: sub_405397+44�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_4053E6: ; CODE XREF: sub_405397+75�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_4053F8
mov eax, [ebx]
test eax, eax
jz short loc_4053F8
push eax
call edi ; byte_456FCF
loc_4053F8: ; CODE XREF: sub_405397+56�j
; sub_405397+5C�j
cmp dword ptr [ebx-4], 0
jz short loc_405408
mov eax, [ebx+4]
test eax, eax
jz short loc_405408
push eax
call edi ; byte_456FCF
loc_405408: ; CODE XREF: sub_405397+65�j
; sub_405397+6C�j
add ebx, 10h
dec ebp
jnz short loc_4053E6
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; byte_456FCF
pop edi
pop ebp
pop ebx
loc_40541F: ; CODE XREF: sub_405397+7�j
mov eax, esi
pop esi
retn
sub_405397 endp
; =============== S U B R O U T I N E =======================================
sub_405423 proc near ; CODE XREF: sub_405461+54�p
test edi, edi
jz short loc_40545E
test eax, eax
jz short loc_40545E
push esi
mov esi, [eax]
cmp esi, edi
jz short loc_40545A
push edi
mov [eax], edi
call sub_405311
test esi, esi
pop ecx
jz short loc_40545A
push esi
call sub_405397
cmp dword ptr [esi], 0
pop ecx
jnz short loc_40545A
cmp esi, offset dword_4235A0
jz short loc_40545A
push esi
call sub_4051D1
pop ecx
loc_40545A: ; CODE XREF: sub_405423+D�j
; sub_405423+1A�j ...
mov eax, edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40545E: ; CODE XREF: sub_405423+2�j
; sub_405423+6�j
xor eax, eax
retn
sub_405423 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405461 proc near ; CODE XREF: sub_402ADF+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421780
call __SEH_prolog4
call sub_40574D
mov esi, eax
mov eax, dword_423594
test [esi+70h], eax
jz short loc_4054A0
cmp dword ptr [esi+6Ch], 0
jz short loc_4054A0
call sub_40574D
mov esi, [eax+6Ch]
loc_40548C: ; CODE XREF: sub_405461+68�j
test esi, esi
jnz short loc_405498
push 20h
call sub_407C0D
pop ecx
loc_405498: ; CODE XREF: sub_405461+2D�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4054A0: ; CODE XREF: sub_405461+1B�j
; sub_405461+21�j
push 0Ch
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
lea eax, [esi+6Ch]
mov edi, dword_423678
call sub_405423
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054CB
jmp short loc_40548C
sub_405461 endp
; =============== S U B R O U T I N E =======================================
sub_4054CB proc near ; CODE XREF: sub_405461+63�p
push 0Ch
call sub_405CCF
pop ecx
mov esi, [ebp-1Ch]
retn
sub_4054CB endp
; =============== S U B R O U T I N E =======================================
sub_4054D7 proc near ; CODE XREF: sub_4030C9+81�p
; sub_4030C9+96�p ...
arg_0 = dword ptr 4
push esi
push dword_42368C
mov esi, ds:off_41D180
call esi ; byte_44BC27
test eax, eax
jz short loc_40550B
mov eax, dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_40550B
push eax
push dword_42368C
call esi ; byte_44BC27
call eax
test eax, eax
jz short loc_40550B
mov eax, [eax+1F8h]
jmp short loc_405526
; ---------------------------------------------------------------------------
loc_40550B: ; CODE XREF: sub_4054D7+11�j
; sub_4054D7+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:off_41D0E0
test eax, eax
jz short loc_405534
push offset aEncodepointer ; "EncodePointer"
push eax
call ds:off_41D0E8
loc_405526: ; CODE XREF: sub_4054D7+32�j
test eax, eax
jz short loc_405534
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_405534: ; CODE XREF: sub_4054D7+41�j
; sub_4054D7+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_4054D7 endp
; =============== S U B R O U T I N E =======================================
sub_40553A proc near ; CODE XREF: sub_407EC9+1�p
; sub_40BCC4+2F�p ...
push 0
call sub_4054D7
pop ecx
retn
sub_40553A endp
; =============== S U B R O U T I N E =======================================
sub_405543 proc near ; CODE XREF: sub_4030C9+B�p
; sub_4030C9+1C�p ...
arg_0 = dword ptr 4
push esi
push dword_42368C
mov esi, ds:off_41D180
call esi ; byte_44BC27
test eax, eax
jz short loc_405577
mov eax, dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_405577
push eax
push dword_42368C
call esi ; byte_44BC27
call eax
test eax, eax
jz short loc_405577
mov eax, [eax+1FCh]
jmp short loc_405592
; ---------------------------------------------------------------------------
loc_405577: ; CODE XREF: sub_405543+11�j
; sub_405543+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:off_41D0E0
test eax, eax
jz short loc_4055A0
push offset aDecodepointer ; "DecodePointer"
push eax
call ds:off_41D0E8
loc_405592: ; CODE XREF: sub_405543+32�j
test eax, eax
jz short loc_4055A0
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_4055A0: ; CODE XREF: sub_405543+41�j
; sub_405543+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405543 endp
; =============== S U B R O U T I N E =======================================
sub_4055A6 proc near ; DATA XREF: sub_405886+8A�o
call ds:off_41D17C
retn 4
sub_4055A6 endp
; =============== S U B R O U T I N E =======================================
sub_4055AF proc near ; CODE XREF: sub_4056CA+A�p
push dword_42368C
call ds:off_41D180
test eax, eax
jnz short locret_4055D8
push dword_427848
call sub_405543
pop ecx
push eax
push dword_42368C
call ds:off_41D178
locret_4055D8: ; CODE XREF: sub_4055AF+E�j
retn
sub_4055AF endp
; =============== S U B R O U T I N E =======================================
sub_4055D9 proc near ; CODE XREF: sub_405886+12�p
; sub_405886:loc_405A00�p
mov eax, dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_4055F9
push eax
push dword_427850
call sub_405543
pop ecx
call eax
or dword_423688, 0FFFFFFFFh
loc_4055F9: ; CODE XREF: sub_4055D9+8�j
mov eax, dword_42368C
cmp eax, 0FFFFFFFFh
jz short loc_405611
push eax
call ds:off_41D174
or dword_42368C, 0FFFFFFFFh
loc_405611: ; CODE XREF: sub_4055D9+28�j
jmp sub_405C7A
sub_4055D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405616 proc near ; CODE XREF: sub_4056CA+59�p
; sub_405886+162�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset dword_4217A0
call __SEH_prolog4
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:off_41D0E0
mov [ebp+var_1C], eax
mov esi, [ebp+arg_0]
mov dword ptr [esi+5Ch], offset dword_423DC0
xor edi, edi
inc edi
mov [esi+14h], edi
test eax, eax
jz short loc_405668
push offset aEncodepointer ; "EncodePointer"
push eax
mov ebx, ds:off_41D0E8
call ebx ; byte_443AC1
mov [esi+1F8h], eax
push offset aDecodepointer ; "DecodePointer"
push [ebp+var_1C]
call ebx ; byte_443AC1
mov [esi+1FCh], eax
loc_405668: ; CODE XREF: sub_405616+2C�j
mov [esi+70h], edi
mov byte ptr [esi+0C8h], 43h
mov byte ptr [esi+14Bh], 43h
mov eax, offset dword_423070
mov [esi+68h], eax
push eax
call ds:off_41D1B8
push 0Ch
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+arg_4]
mov [esi+6Ch], eax
test eax, eax
jnz short loc_4056A6
mov eax, dword_423678
mov [esi+6Ch], eax
loc_4056A6: ; CODE XREF: sub_405616+86�j
push dword ptr [esi+6Ch]
call sub_405311
pop ecx
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4056C1
call __SEH_epilog4
retn
sub_405616 endp
; =============== S U B R O U T I N E =======================================
sub_4056C1 proc near ; CODE XREF: sub_405616+A0�p
push 0Ch
call sub_405CCF
pop ecx
retn
sub_4056C1 endp
; =============== S U B R O U T I N E =======================================
sub_4056CA proc near ; CODE XREF: sub_40574D+1�p sub_405B83�p ...
push esi
push edi
call ds:off_41D0EC
mov edi, eax
call sub_4055AF
push dword_423688
push dword_42368C
call ds:off_41D180
call eax
mov esi, eax
test esi, esi
jnz short loc_405741
push 214h
push 1
call sub_407B2A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405741
push esi
push dword_423688
push dword_42784C
call sub_405543
pop ecx
call eax
test eax, eax
jz short loc_405738
push 0
push esi
call sub_405616
pop ecx
pop ecx
call ds:off_41D0DC
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_405741
; ---------------------------------------------------------------------------
loc_405738: ; CODE XREF: sub_4056CA+54�j
push esi
call sub_4039C3
pop ecx
xor esi, esi
loc_405741: ; CODE XREF: sub_4056CA+27�j
; sub_4056CA+3B�j ...
push edi
call ds:off_41D170
pop edi
mov eax, esi
pop esi
retn
sub_4056CA endp
; =============== S U B R O U T I N E =======================================
sub_40574D proc near ; CODE XREF: sub_402ADF+F�p sub_403716�p ...
push esi
call sub_4056CA
mov esi, eax
test esi, esi
jnz short loc_405761
push 10h
call sub_407C0D
pop ecx
loc_405761: ; CODE XREF: sub_40574D+A�j
mov eax, esi
pop esi
retn
sub_40574D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405765 proc near ; DATA XREF: sub_405886+115�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_4217C0
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz loc_405866
mov eax, [esi+24h]
test eax, eax
jz short loc_40578A
push eax
call sub_4039C3
pop ecx
loc_40578A: ; CODE XREF: sub_405765+1C�j
mov eax, [esi+2Ch]
test eax, eax
jz short loc_405798
push eax
call sub_4039C3
pop ecx
loc_405798: ; CODE XREF: sub_405765+2A�j
mov eax, [esi+34h]
test eax, eax
jz short loc_4057A6
push eax
call sub_4039C3
pop ecx
loc_4057A6: ; CODE XREF: sub_405765+38�j
mov eax, [esi+3Ch]
test eax, eax
jz short loc_4057B4
push eax
call sub_4039C3
pop ecx
loc_4057B4: ; CODE XREF: sub_405765+46�j
mov eax, [esi+44h]
test eax, eax
jz short loc_4057C2
push eax
call sub_4039C3
pop ecx
loc_4057C2: ; CODE XREF: sub_405765+54�j
mov eax, [esi+48h]
test eax, eax
jz short loc_4057D0
push eax
call sub_4039C3
pop ecx
loc_4057D0: ; CODE XREF: sub_405765+62�j
mov eax, [esi+5Ch]
cmp eax, offset dword_423DC0
jz short loc_4057E1
push eax
call sub_4039C3
pop ecx
loc_4057E1: ; CODE XREF: sub_405765+73�j
push 0Dh
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
mov edi, [esi+68h]
test edi, edi
jz short loc_40580E
push edi
call ds:off_41D18C
test eax, eax
jnz short loc_40580E
cmp edi, offset dword_423070
jz short loc_40580E
push edi
call sub_4039C3
pop ecx
loc_40580E: ; CODE XREF: sub_405765+8D�j
; sub_405765+98�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405871
push 0Ch
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], 1
mov edi, [esi+6Ch]
test edi, edi
jz short loc_405853
push edi
call sub_405397
pop ecx
cmp edi, dword_423678
jz short loc_405853
cmp edi, offset dword_4235A0
jz short loc_405853
cmp dword ptr [edi], 0
jnz short loc_405853
push edi
call sub_4051D1
pop ecx
loc_405853: ; CODE XREF: sub_405765+C9�j
; sub_405765+D8�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40587D
push esi
call sub_4039C3
pop ecx
loc_405866: ; CODE XREF: sub_405765+11�j
call __SEH_epilog4
retn 4
sub_405765 endp
; ---------------------------------------------------------------------------
mov esi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_405871 proc near ; CODE XREF: sub_405765+B0�p
push 0Dh
call sub_405CCF
pop ecx
retn
sub_405871 endp
; ---------------------------------------------------------------------------
mov esi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_40587D proc near ; CODE XREF: sub_405765+F5�p
push 0Ch
call sub_405CCF
pop ecx
retn
sub_40587D endp
; =============== S U B R O U T I N E =======================================
sub_405886 proc near ; CODE XREF: .text:loc_4043D5�p
push edi
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:off_41D0E0
mov edi, eax
test edi, edi
jnz short loc_4058A1
call sub_4055D9
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4058A1: ; CODE XREF: sub_405886+10�j
push esi
mov esi, ds:off_41D0E8
push offset dword_41D4E4
push edi
call esi ; byte_443AC1
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov dword_427844, eax
call esi ; byte_443AC1
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov dword_427848, eax
call esi ; byte_443AC1
push offset aFlsfree ; "FlsFree"
push edi
mov dword_42784C, eax
call esi ; byte_443AC1
cmp dword_427844, 0
mov esi, ds:off_41D178
mov dword_427850, eax
jz short loc_405901
cmp dword_427848, 0
jz short loc_405901
cmp dword_42784C, 0
jz short loc_405901
test eax, eax
jnz short loc_405925
loc_405901: ; CODE XREF: sub_405886+63�j
; sub_405886+6C�j ...
mov eax, ds:off_41D180
mov dword_427848, eax
mov eax, ds:off_41D174
mov dword_427844, offset sub_4055A6
mov dword_42784C, esi
mov dword_427850, eax
loc_405925: ; CODE XREF: sub_405886+79�j
call ds:off_41D17C
cmp eax, 0FFFFFFFFh
mov dword_42368C, eax
jz loc_405A05
push dword_427848
push eax
call esi ; word_43C5AE
test eax, eax
jz loc_405A05
call sub_407EC9
push dword_427844
call sub_4054D7
push dword_427848
mov dword_427844, eax
call sub_4054D7
push dword_42784C
mov dword_427848, eax
call sub_4054D7
push dword_427850
mov dword_42784C, eax
call sub_4054D7
add esp, 10h
mov dword_427850, eax
call sub_405C31
test eax, eax
jz short loc_405A00
push offset sub_405765
push dword_427844
call sub_405543
pop ecx
call eax
cmp eax, 0FFFFFFFFh
mov dword_423688, eax
jz short loc_405A00
push 214h
push 1
call sub_407B2A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405A00
push esi
push dword_423688
push dword_42784C
call sub_405543
pop ecx
call eax
test eax, eax
jz short loc_405A00
push 0
push esi
call sub_405616
pop ecx
pop ecx
call ds:off_41D0DC
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
jmp short loc_405A07
; ---------------------------------------------------------------------------
loc_405A00: ; CODE XREF: sub_405886+113�j
; sub_405886+130�j ...
call sub_4055D9
loc_405A05: ; CODE XREF: sub_405886+AD�j
; sub_405886+BE�j
xor eax, eax
loc_405A07: ; CODE XREF: sub_405886+178�j
pop esi
pop edi
retn
sub_405886 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A0A proc near ; CODE XREF: sub_402B96+9B�p
; sub_402B96+AD�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_18]
call sub_402ADF
mov ebx, [ebp+arg_0]
mov esi, 100h
cmp ebx, esi
jnb short loc_405A7D
mov ecx, [ebp+var_18]
cmp dword ptr [ecx+0ACh], 1
jle short loc_405A49
lea eax, [ebp+var_18]
push eax
push 1
push ebx
call sub_40CDF4
mov ecx, [ebp+var_18]
add esp, 0Ch
jmp short loc_405A56
; ---------------------------------------------------------------------------
loc_405A49: ; CODE XREF: sub_405A0A+29�j
mov eax, [ecx+0C8h]
movzx eax, byte ptr [eax+ebx*2]
and eax, 1
loc_405A56: ; CODE XREF: sub_405A0A+3D�j
test eax, eax
jz short loc_405A69
mov eax, [ecx+0CCh]
movzx eax, byte ptr [eax+ebx]
jmp loc_405B10
; ---------------------------------------------------------------------------
loc_405A69: ; CODE XREF: sub_405A0A+4E�j
; sub_405A0A+EA�j
cmp [ebp+var_C], 0
jz short loc_405A76
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_405A76: ; CODE XREF: sub_405A0A+63�j
mov eax, ebx
jmp loc_405B1D
; ---------------------------------------------------------------------------
loc_405A7D: ; CODE XREF: sub_405A0A+1D�j
mov eax, [ebp+var_18]
cmp dword ptr [eax+0ACh], 1
jle short loc_405ABA
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CDB0
test eax, eax
pop ecx
pop ecx
jz short loc_405ABA
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
mov [ebp+var_2], 0
pop ecx
jmp short loc_405ACF
; ---------------------------------------------------------------------------
loc_405ABA: ; CODE XREF: sub_405A0A+7D�j
; sub_405A0A+9C�j
call sub_405B83
mov dword ptr [eax], 2Ah
xor ecx, ecx
mov [ebp+var_4], bl
mov [ebp+var_3], 0
inc ecx
loc_405ACF: ; CODE XREF: sub_405A0A+AE�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+4]
lea edx, [ebp+var_8]
push 3
push edx
push ecx
lea ecx, [ebp+var_4]
push ecx
push esi
push dword ptr [eax+14h]
lea eax, [ebp+var_18]
push eax
call sub_40C6A9
add esp, 24h
test eax, eax
jz loc_405A69
cmp eax, 1
jnz short loc_405B05
movzx eax, [ebp+var_8]
jmp short loc_405B10
; ---------------------------------------------------------------------------
loc_405B05: ; CODE XREF: sub_405A0A+F3�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
loc_405B10: ; CODE XREF: sub_405A0A+5A�j
; sub_405A0A+F9�j
cmp [ebp+var_C], 0
jz short loc_405B1D
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_405B1D: ; CODE XREF: sub_405A0A+6E�j
; sub_405A0A+10A�j
pop esi
pop ebx
leave
retn
sub_405A0A endp
; =============== S U B R O U T I N E =======================================
sub_405B21 proc near ; CODE XREF: sub_410C6D+19�p
; sub_410C6D+36�p
arg_0 = dword ptr 4
cmp dword_427820, 0
jnz short loc_405B3A
mov eax, [esp+arg_0]
lea ecx, [eax-41h]
cmp ecx, 19h
ja short locret_405B47
add eax, 20h
retn
; ---------------------------------------------------------------------------
loc_405B3A: ; CODE XREF: sub_405B21+7�j
push 0
push [esp+4+arg_0]
call sub_405A0A
pop ecx
pop ecx
locret_405B47: ; CODE XREF: sub_405B21+13�j
retn
sub_405B21 endp
; =============== S U B R O U T I N E =======================================
sub_405B48 proc near ; CODE XREF: sub_4039C3+80�p
; sub_405BA9+D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_405B4E: ; CODE XREF: sub_405B48+13�j
cmp eax, dword_423690[ecx*8]
jz short loc_405B69
inc ecx
cmp ecx, 2Dh
jl short loc_405B4E
lea ecx, [eax-13h]
cmp ecx, 11h
ja short loc_405B71
push 0Dh
pop eax
retn
; ---------------------------------------------------------------------------
loc_405B69: ; CODE XREF: sub_405B48+D�j
mov eax, dword_423694[ecx*8]
retn
; ---------------------------------------------------------------------------
loc_405B71: ; CODE XREF: sub_405B48+1B�j
add eax, 0FFFFFF44h
push 0Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 8
retn
sub_405B48 endp
; =============== S U B R O U T I N E =======================================
sub_405B83 proc near ; CODE XREF: sub_402B96+19�p
; sub_402B96+4F�p ...
call sub_4056CA
test eax, eax
jnz short loc_405B92
mov eax, offset dword_4237F8
retn
; ---------------------------------------------------------------------------
loc_405B92: ; CODE XREF: sub_405B83+7�j
add eax, 8
retn
sub_405B83 endp
; =============== S U B R O U T I N E =======================================
sub_405B96 proc near ; CODE XREF: sub_405BA9+1�p
; sub_408E91+14�p ...
call sub_4056CA
test eax, eax
jnz short loc_405BA5
mov eax, offset dword_4237FC
retn
; ---------------------------------------------------------------------------
loc_405BA5: ; CODE XREF: sub_405B96+7�j
add eax, 0Ch
retn
sub_405B96 endp
; =============== S U B R O U T I N E =======================================
sub_405BA9 proc near ; CODE XREF: sub_408DFD+84�p
; sub_40A15D+3FB�p ...
arg_0 = dword ptr 4
push esi
call sub_405B96
mov ecx, [esp+4+arg_0]
push ecx
mov [eax], ecx
call sub_405B48
pop ecx
mov esi, eax
call sub_405B83
mov [eax], esi
pop esi
retn
sub_405BA9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BD0 proc near ; CODE XREF: sub_402CB9+9A�p
; sub_402DA9+42�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
or ecx, ecx
jz short loc_405C2A
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_405BEC: ; CODE XREF: sub_405BD0+49�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_405C1B
or al, al
jz short loc_405C1B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_405C08
cmp ah, bl
ja short loc_405C08
add ah, dh
loc_405C08: ; CODE XREF: sub_405BD0+30�j
; sub_405BD0+34�j
cmp al, bh
jb short loc_405C12
cmp al, bl
ja short loc_405C12
add al, dh
loc_405C12: ; CODE XREF: sub_405BD0+3A�j
; sub_405BD0+3E�j
cmp ah, al
jnz short loc_405C21
sub ecx, 1
jnz short loc_405BEC
loc_405C1B: ; CODE XREF: sub_405BD0+22�j
; sub_405BD0+26�j
xor ecx, ecx
cmp ah, al
jz short loc_405C2A
loc_405C21: ; CODE XREF: sub_405BD0+44�j
mov ecx, 0FFFFFFFFh
jb short loc_405C2A
neg ecx
loc_405C2A: ; CODE XREF: sub_405BD0+B�j
; sub_405BD0+4F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_405BD0 endp
; =============== S U B R O U T I N E =======================================
sub_405C31 proc near ; CODE XREF: sub_405886+10C�p
push esi
push edi
xor esi, esi
mov edi, offset dword_427858
loc_405C3A: ; CODE XREF: sub_405C31+35�j
cmp dword_423804[esi*8], 1
jnz short loc_405C62
lea eax, ds:423800h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_40CEC4
test eax, eax
pop ecx
pop ecx
jz short loc_405C6E
loc_405C62: ; CODE XREF: sub_405C31+11�j
inc esi
cmp esi, 24h
jl short loc_405C3A
xor eax, eax
inc eax
loc_405C6B: ; CODE XREF: sub_405C31+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_405C6E: ; CODE XREF: sub_405C31+2F�j
and dword_423800[esi*8], 0
xor eax, eax
jmp short loc_405C6B
sub_405C31 endp
; =============== S U B R O U T I N E =======================================
sub_405C7A proc near ; CODE XREF: sub_4055D9:loc_405611�j
push ebx
mov ebx, ds:off_41D16C
push esi
mov esi, offset dword_423800
push edi
loc_405C88: ; CODE XREF: sub_405C7A+30�j
mov edi, [esi]
test edi, edi
jz short loc_405CA1
cmp dword ptr [esi+4], 1
jz short loc_405CA1
push edi
call ebx ; byte_4462E1
push edi
call sub_4039C3
and dword ptr [esi], 0
pop ecx
loc_405CA1: ; CODE XREF: sub_405C7A+12�j
; sub_405C7A+18�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_405C88
mov esi, offset dword_423800
pop edi
loc_405CB2: ; CODE XREF: sub_405C7A+50�j
mov eax, [esi]
test eax, eax
jz short loc_405CC1
cmp dword ptr [esi+4], 1
jnz short loc_405CC1
push eax
call ebx ; byte_4462E1
loc_405CC1: ; CODE XREF: sub_405C7A+3C�j
; sub_405C7A+42�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_405CB2
pop esi
pop ebx
retn
sub_405C7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CCF proc near ; CODE XREF: sub_402E9F+2�p
; sub_403A19+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_423800[eax*8]
call ds:off_41D168
pop ebp
retn
sub_405CCF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CE4 proc near ; CODE XREF: sub_405DA7+14�p
; sub_408851+4F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_4217E8
call __SEH_prolog4
xor edi, edi
inc edi
mov [ebp+var_1C], edi
xor ebx, ebx
cmp dword_4279A8, ebx
jnz short loc_405D18
call sub_40A004
push 1Eh
call sub_409E64
push 0FFh
call sub_407C57
pop ecx
pop ecx
loc_405D18: ; CODE XREF: sub_405CE4+1A�j
mov esi, [ebp+arg_0]
lea esi, ds:423800h[esi*8]
cmp [esi], ebx
jz short loc_405D2A
mov eax, edi
jmp short loc_405D98
; ---------------------------------------------------------------------------
loc_405D2A: ; CODE XREF: sub_405CE4+40�j
push 18h
call sub_407AEA
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_405D47
call sub_405B83
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_405D98
; ---------------------------------------------------------------------------
loc_405D47: ; CODE XREF: sub_405CE4+52�j
push 0Ah
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_405D82
push 0FA0h
push edi
call sub_40CEC4
pop ecx
pop ecx
test eax, eax
jnz short loc_405D7E
push edi
call sub_4039C3
pop ecx
call sub_405B83
mov dword ptr [eax], 0Ch
mov [ebp+var_1C], ebx
jmp short loc_405D89
; ---------------------------------------------------------------------------
loc_405D7E: ; CODE XREF: sub_405CE4+81�j
mov [esi], edi
jmp short loc_405D89
; ---------------------------------------------------------------------------
loc_405D82: ; CODE XREF: sub_405CE4+70�j
push edi
call sub_4039C3
pop ecx
loc_405D89: ; CODE XREF: sub_405CE4+98�j
; sub_405CE4+9C�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405D9E
mov eax, [ebp+var_1C]
loc_405D98: ; CODE XREF: sub_405CE4+44�j
; sub_405CE4+61�j
call __SEH_epilog4
retn
sub_405CE4 endp
; =============== S U B R O U T I N E =======================================
sub_405D9E proc near ; CODE XREF: sub_405CE4+AC�p
push 0Ah
call sub_405CCF
pop ecx
retn
sub_405D9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DA7 proc near ; CODE XREF: sub_402E05+44�p
; sub_4039C3+1E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:423800h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_405DCD
push eax
call sub_405CE4
test eax, eax
pop ecx
jnz short loc_405DCD
push 11h
call sub_407C0D
pop ecx
loc_405DCD: ; CODE XREF: sub_405DA7+11�j
; sub_405DA7+1C�j
push dword ptr [esi]
call ds:off_41D164
pop esi
pop ebp
retn
sub_405DA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DD8 proc near ; CODE XREF: sub_405E33:loc_405E56�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
lea eax, [ebp+var_4]
xor esi, esi
push eax
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_407CB6
test eax, eax
pop ecx
jz short loc_405E01
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_405E01: ; CODE XREF: sub_405DD8+1A�j
lea eax, [ebp+var_8]
push eax
call sub_407CED
test eax, eax
pop ecx
jz short loc_405E1C
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_405E1C: ; CODE XREF: sub_405DD8+35�j
cmp [ebp+var_4], 2
pop esi
jnz short loc_405E2E
cmp [ebp+var_8], 5
jb short loc_405E2E
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_405E2E: ; CODE XREF: sub_405DD8+49�j
; sub_405DD8+4F�j
push 3
pop eax
leave
retn
sub_405DD8 endp
; =============== S U B R O U T I N E =======================================
sub_405E33 proc near ; CODE XREF: .text:004043C3�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:off_41D15C
test eax, eax
mov dword_4279A8, eax
jnz short loc_405E56
loc_405E53: ; CODE XREF: sub_405E33+54�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405E56: ; CODE XREF: sub_405E33+1E�j
call sub_405DD8
cmp eax, 3
mov dword_436854, eax
jnz short loc_405E89
push 3F8h
call sub_405E8D
test eax, eax
pop ecx
jnz short loc_405E89
push dword_4279A8
call ds:off_41D160
and dword_4279A8, 0
jmp short loc_405E53
; ---------------------------------------------------------------------------
loc_405E89: ; CODE XREF: sub_405E33+30�j
; sub_405E33+3F�j
xor eax, eax
inc eax
retn
sub_405E33 endp
; =============== S U B R O U T I N E =======================================
sub_405E8D proc near ; CODE XREF: sub_405E33+37�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_4279A8
call ds:off_41D110
test eax, eax
mov dword_436840, eax
jnz short loc_405EAA
retn
; ---------------------------------------------------------------------------
loc_405EAA: ; CODE XREF: sub_405E8D+1A�j
mov ecx, [esp+arg_0]
and dword_4279AC, 0
and dword_43683C, 0
mov dword_436848, eax
xor eax, eax
mov dword_436844, ecx
mov dword_43684C, 10h
inc eax
retn
sub_405E8D endp
; =============== S U B R O U T I N E =======================================
sub_405ED5 proc near ; CODE XREF: sub_402E05+4E�p
; sub_4039C3+29�p ...
arg_0 = dword ptr 4
mov ecx, dword_43683C
mov eax, dword_436840
imul ecx, 14h
add ecx, eax
jmp short loc_405EF9
; ---------------------------------------------------------------------------
loc_405EE7: ; CODE XREF: sub_405ED5+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_405EFF
add eax, 14h
loc_405EF9: ; CODE XREF: sub_405ED5+10�j
cmp eax, ecx
jb short loc_405EE7
xor eax, eax
locret_405EFF: ; CODE XREF: sub_405ED5+1F�j
retn
sub_405ED5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F00 proc near ; CODE XREF: sub_4039C3+38�p
; sub_40DE1D+B5�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_406210
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_405FCB
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405F63
push 3Fh
pop edx
loc_405F63: ; CODE XREF: sub_405F00+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_405FAD
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_405F8E
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_405FAA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_405FAA
; ---------------------------------------------------------------------------
loc_405F8E: ; CODE XREF: sub_405F00+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_405FAA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_405FAA: ; CODE XREF: sub_405F00+85�j
; sub_405F00+8C�j ...
mov ebx, [ebp+arg_4]
loc_405FAD: ; CODE XREF: sub_405F00+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_405FCB: ; CODE XREF: sub_405F00+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405FD9
push 3Fh
pop edx
loc_405FD9: ; CODE XREF: sub_405F00+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_406077
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_405FFE
mov ebx, esi
loc_405FFE: ; CODE XREF: sub_405F00+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_406010
mov edx, esi
loc_406010: ; CODE XREF: sub_405F00+10C�j
cmp ebx, edx
jz short loc_406072
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_40605A
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_406040
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_40605A
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_40605A
; ---------------------------------------------------------------------------
loc_406040: ; CODE XREF: sub_405F00+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_40605A
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_40605A: ; CODE XREF: sub_405F00+11D�j
; sub_405F00+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_406072: ; CODE XREF: sub_405F00+112�j
mov esi, [ebp+arg_4]
jmp short loc_40607A
; ---------------------------------------------------------------------------
loc_406077: ; CODE XREF: sub_405F00+E2�j
mov ebx, [ebp+arg_0]
loc_40607A: ; CODE XREF: sub_405F00+175�j
cmp [ebp+var_C], 0
jnz short loc_406088
cmp ebx, edx
jz loc_406108
loc_406088: ; CODE XREF: sub_405F00+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_406108
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_4060DF
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4060CE
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4060CE: ; CODE XREF: sub_405F00+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_406108
; ---------------------------------------------------------------------------
loc_4060DF: ; CODE XREF: sub_405F00+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4060F5
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4060F5: ; CODE XREF: sub_405F00+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_406108: ; CODE XREF: sub_405F00+182�j
; sub_405F00+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_40620F
mov eax, dword_4279AC
test eax, eax
jz loc_406201
mov ecx, dword_436850
mov esi, ds:off_41D158
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; byte_43D531
mov ecx, dword_436850
mov eax, dword_4279AC
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_4279AC
mov eax, [eax+10h]
mov ecx, dword_436850
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_4279AC
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_4279AC
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_406196
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_4279AC
loc_406196: ; CODE XREF: sub_405F00+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_406201
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; byte_43D531
mov eax, dword_4279AC
push dword ptr [eax+10h]
push 0
push dword_4279A8
call ds:off_41D108
mov ecx, dword_43683C
mov eax, dword_4279AC
imul ecx, 14h
mov edx, dword_436840
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_407720
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_43683C
cmp eax, dword_4279AC
jbe short loc_4061F7
sub [ebp+arg_0], 14h
loc_4061F7: ; CODE XREF: sub_405F00+2F1�j
mov eax, dword_436840
mov dword_436848, eax
loc_406201: ; CODE XREF: sub_405F00+223�j
; sub_405F00+29A�j
mov eax, [ebp+arg_0]
mov dword_4279AC, eax
mov dword_436850, edi
loc_40620F: ; CODE XREF: sub_405F00+216�j
pop ebx
loc_406210: ; CODE XREF: sub_405F00+37�j
pop edi
pop esi
leave
retn
sub_405F00 endp
; =============== S U B R O U T I N E =======================================
sub_406214 proc near ; CODE XREF: sub_4066A9+C0�p
mov eax, dword_43684C
push esi
mov esi, dword_43683C
push edi
xor edi, edi
cmp esi, eax
jnz short loc_40625B
add eax, 10h
imul eax, 14h
push eax
push dword_436840
push edi
push dword_4279A8
call ds:off_41D150
cmp eax, edi
jnz short loc_406249
loc_406245: ; CODE XREF: sub_406214+68�j
; sub_406214+94�j
xor eax, eax
jmp short loc_4062C1
; ---------------------------------------------------------------------------
loc_406249: ; CODE XREF: sub_406214+2F�j
add dword_43684C, 10h
mov esi, dword_43683C
mov dword_436840, eax
loc_40625B: ; CODE XREF: sub_406214+11�j
imul esi, 14h
add esi, dword_436840
push 41C4h
push 8
push dword_4279A8
call ds:off_41D110
cmp eax, edi
mov [esi+10h], eax
jz short loc_406245
push 4
push 2000h
push 100000h
push edi
call ds:off_41D154
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4062AA
push dword ptr [esi+10h]
push edi
push dword_4279A8
call ds:off_41D108
jmp short loc_406245
; ---------------------------------------------------------------------------
loc_4062AA: ; CODE XREF: sub_406214+82�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_43683C
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_4062C1: ; CODE XREF: sub_406214+33�j
pop edi
pop esi
retn
sub_406214 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062C4 proc near ; CODE XREF: sub_4066A9+D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_4062DC
; ---------------------------------------------------------------------------
loc_4062D9: ; CODE XREF: sub_4062C4+1A�j
add eax, eax
inc ebx
loc_4062DC: ; CODE XREF: sub_4062C4+13�j
test eax, eax
jge short loc_4062D9
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_4062F5: ; CODE XREF: sub_4062C4+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4062F5
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:off_41D154
test eax, eax
jnz short loc_406328
or eax, 0FFFFFFFFh
jmp loc_4063C5
; ---------------------------------------------------------------------------
loc_406328: ; CODE XREF: sub_4062C4+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_406378
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_406340: ; CODE XREF: sub_4062C4+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_406340
mov edx, [ebp+var_4]
loc_406378: ; CODE XREF: sub_4062C4+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4063B5
or [eax+4], edi
loc_4063B5: ; CODE XREF: sub_4062C4+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_4063C5: ; CODE XREF: sub_4062C4+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063CA proc near ; CODE XREF: sub_40DE1D+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_40656C
test bl, 1
jnz loc_406565
add ebx, ecx
cmp esi, ebx
jg loc_406565
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_40643F
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_40643F: ; CODE XREF: sub_4063CA+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_40648A
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_40646B
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_40648A
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_40648A
; ---------------------------------------------------------------------------
loc_40646B: ; CODE XREF: sub_4063CA+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_40648A
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_40648A: ; CODE XREF: sub_4063CA+7B�j
; sub_4063CA+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_406553
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_4064C4
push 3Fh
pop edi
loc_4064C4: ; CODE XREF: sub_4063CA+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_406541
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_406518
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_406510
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_406510: ; CODE XREF: sub_4063CA+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_406538
; ---------------------------------------------------------------------------
loc_406518: ; CODE XREF: sub_4063CA+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_40652E
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_40652E: ; CODE XREF: sub_4063CA+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_406538: ; CODE XREF: sub_4063CA+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_406541: ; CODE XREF: sub_4063CA+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_406556
; ---------------------------------------------------------------------------
loc_406553: ; CODE XREF: sub_4063CA+DE�j
mov edx, [ebp+arg_4]
loc_406556: ; CODE XREF: sub_4063CA+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_4066A1
; ---------------------------------------------------------------------------
loc_406565: ; CODE XREF: sub_4063CA+50�j
; sub_4063CA+5A�j
xor eax, eax
jmp loc_4066A4
; ---------------------------------------------------------------------------
loc_40656C: ; CODE XREF: sub_4063CA+47�j
jge loc_4066A1
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_406597
push 3Fh
pop esi
loc_406597: ; CODE XREF: sub_4063CA+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_406621
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4065B0
push 3Fh
pop esi
loc_4065B0: ; CODE XREF: sub_4063CA+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4065FA
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_4065DB
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4065F7
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4065F7
; ---------------------------------------------------------------------------
loc_4065DB: ; CODE XREF: sub_4063CA+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4065F7
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4065F7: ; CODE XREF: sub_4063CA+208�j
; sub_4063CA+20F�j ...
mov ebx, [ebp+arg_4]
loc_4065FA: ; CODE XREF: sub_4063CA+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406621
push 3Fh
pop esi
loc_406621: ; CODE XREF: sub_4063CA+1D1�j
; sub_4063CA+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_406698
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_40666F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_406667
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_406667: ; CODE XREF: sub_4063CA+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_40668F
; ---------------------------------------------------------------------------
loc_40666F: ; CODE XREF: sub_4063CA+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_406685
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_406685: ; CODE XREF: sub_4063CA+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_40668F: ; CODE XREF: sub_4063CA+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_406698: ; CODE XREF: sub_4063CA+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_4066A1: ; CODE XREF: sub_4063CA+196�j
; sub_4063CA:loc_40656C�j
xor eax, eax
inc eax
loc_4066A4: ; CODE XREF: sub_4063CA+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_4063CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4066A9 proc near ; CODE XREF: sub_403A51+28�p
; sub_40DCFF+88�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_43683C
mov ecx, [ebp+arg_0]
imul eax, 14h
add eax, dword_436840
add ecx, 17h
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
push ebx
dec ecx
cmp ecx, 20h
push esi
push edi
jge short loc_4066E0
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_4066ED
; ---------------------------------------------------------------------------
loc_4066E0: ; CODE XREF: sub_4066A9+2A�j
add ecx, 0FFFFFFE0h
or edx, 0FFFFFFFFh
xor esi, esi
shr edx, cl
mov [ebp+var_8], edx
loc_4066ED: ; CODE XREF: sub_4066A9+35�j
mov ecx, dword_436848
mov ebx, ecx
jmp short loc_406708
; ---------------------------------------------------------------------------
loc_4066F7: ; CODE XREF: sub_4066A9+64�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40670F
add ebx, 14h
loc_406708: ; CODE XREF: sub_4066A9+4C�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_4066F7
loc_40670F: ; CODE XREF: sub_4066A9+5A�j
cmp ebx, eax
jnz short loc_406792
mov ebx, dword_436840
jmp short loc_40672C
; ---------------------------------------------------------------------------
loc_40671B: ; CODE XREF: sub_4066A9+88�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_406733
add ebx, 14h
loc_40672C: ; CODE XREF: sub_4066A9+70�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_40671B
loc_406733: ; CODE XREF: sub_4066A9+7E�j
cmp ebx, ecx
jnz short loc_406792
jmp short loc_406745
; ---------------------------------------------------------------------------
loc_406739: ; CODE XREF: sub_4066A9+9E�j
cmp dword ptr [ebx+8], 0
jnz short loc_406749
add ebx, 14h
mov [ebp+arg_0], ebx
loc_406745: ; CODE XREF: sub_4066A9+8E�j
cmp ebx, eax
jb short loc_406739
loc_406749: ; CODE XREF: sub_4066A9+94�j
cmp ebx, eax
jnz short loc_40677E
mov ebx, dword_436840
jmp short loc_40675E
; ---------------------------------------------------------------------------
loc_406755: ; CODE XREF: sub_4066A9+BA�j
cmp dword ptr [ebx+8], 0
jnz short loc_406765
add ebx, 14h
loc_40675E: ; CODE XREF: sub_4066A9+AA�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_406755
loc_406765: ; CODE XREF: sub_4066A9+B0�j
cmp ebx, ecx
jnz short loc_40677E
call sub_406214
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jnz short loc_40677E
loc_406777: ; CODE XREF: sub_4066A9+E7�j
xor eax, eax
jmp loc_406987
; ---------------------------------------------------------------------------
loc_40677E: ; CODE XREF: sub_4066A9+A2�j
; sub_4066A9+BE�j ...
push ebx
call sub_4062C4
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_406777
loc_406792: ; CODE XREF: sub_4066A9+68�j
; sub_4066A9+8C�j
mov dword_436848, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4067B9
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4067E2
loc_4067B9: ; CODE XREF: sub_4066A9+FA�j
and [ebp+var_4], 0
mov edx, [eax+0C4h]
lea ecx, [eax+44h]
loc_4067C6: ; CODE XREF: sub_4066A9+134�j
mov edi, [ecx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_4067DF
inc [ebp+var_4]
mov edx, [ecx+84h]
add ecx, 4
jmp short loc_4067C6
; ---------------------------------------------------------------------------
loc_4067DF: ; CODE XREF: sub_4066A9+126�j
mov edx, [ebp+var_4]
loc_4067E2: ; CODE XREF: sub_4066A9+10E�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_406810
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_406810
; ---------------------------------------------------------------------------
loc_40680D: ; CODE XREF: sub_4066A9+169�j
add ecx, ecx
inc edi
loc_406810: ; CODE XREF: sub_4066A9+153�j
; sub_4066A9+162�j
test ecx, ecx
jge short loc_40680D
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_406831
push 3Fh
pop esi
loc_406831: ; CODE XREF: sub_4066A9+183�j
cmp esi, edi
jz loc_40693A
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40689D
cmp edi, 20h
mov ebx, 80000000h
jge short loc_406871
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_40689A
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_40689D
; ---------------------------------------------------------------------------
loc_406871: ; CODE XREF: sub_4066A9+1A0�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_40689A
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_40689D
; ---------------------------------------------------------------------------
loc_40689A: ; CODE XREF: sub_4066A9+1BC�j
; sub_4066A9+1E4�j
mov ebx, [ebp+arg_0]
loc_40689D: ; CODE XREF: sub_4066A9+196�j
; sub_4066A9+1C6�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_406946
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_406937
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_40690E
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4068FC
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4068FC: ; CODE XREF: sub_4066A9+246�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_406937
; ---------------------------------------------------------------------------
loc_40690E: ; CODE XREF: sub_4066A9+240�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_406921
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_406921: ; CODE XREF: sub_4066A9+269�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_406937: ; CODE XREF: sub_4066A9+22E�j
; sub_4066A9+263�j
mov ecx, [ebp+var_8]
loc_40693A: ; CODE XREF: sub_4066A9+18A�j
test ecx, ecx
jz short loc_406949
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_406949
; ---------------------------------------------------------------------------
loc_406946: ; CODE XREF: sub_4066A9+20A�j
mov ecx, [ebp+var_8]
loc_406949: ; CODE XREF: sub_4066A9+293�j
; sub_4066A9+29B�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_40697F
cmp ebx, dword_4279AC
jnz short loc_40697F
mov ecx, [ebp+var_4]
cmp ecx, dword_436850
jnz short loc_40697F
and dword_4279AC, 0
loc_40697F: ; CODE XREF: sub_4066A9+2BA�j
; sub_4066A9+2C2�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_406987: ; CODE XREF: sub_4066A9+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4066A9 endp
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_4069F0 proc near ; DATA XREF: __SEH_prolog4�o
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 00408A81 SIZE 00000019 BYTES
sub esp, 14h
push ebx
mov ebx, [esp+18h+arg_4]
push ebp
push esi
mov esi, [ebx+8]
xor esi, dword_423064
push edi
mov eax, [esi]
cmp eax, 0FFFFFFFEh
mov [esp+24h+var_11], 0
mov [esp+24h+var_C], 1
lea edi, [ebx+10h]
jz short loc_406A28
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402AD0
loc_406A28: ; CODE XREF: sub_4069F0+29�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402AD0
mov eax, [esp+24h+arg_0]
test byte ptr [eax+4], 66h
jnz loc_406B65
mov ebp, [ebx+0Ch]
cmp ebp, 0FFFFFFFEh
mov ecx, [esp+24h+arg_8]
lea edx, [esp+24h+var_8]
mov [esp+24h+var_8], eax
mov [esp+24h+var_4], ecx
mov [ebx-4], edx
jz short loc_406ABF
loc_406A61: ; CODE XREF: sub_4069F0+A2�j
lea eax, [ebp+ebp*2+0]
mov ecx, [esi+eax*4+14h]
test ecx, ecx
lea ebx, [esi+eax*4+10h]
mov eax, [ebx]
mov [esp+24h+var_10], eax
jz short loc_406A8D
mov edx, edi
call sub_408A6A
test eax, eax
mov [esp+24h+var_11], 1
jl short loc_406ACB
jg short loc_406AD5
mov eax, [esp+24h+var_10]
loc_406A8D: ; CODE XREF: sub_4069F0+85�j
cmp eax, 0FFFFFFFEh
mov ebp, eax
jnz short loc_406A61
cmp [esp+24h+var_11], 0
jz short loc_406ABF
loc_406A9B: ; CODE XREF: sub_4069F0+E3�j
; sub_4069F0+191�j
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_406AAF
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402AD0
loc_406AAF: ; CODE XREF: sub_4069F0+B0�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402AD0
loc_406ABF: ; CODE XREF: sub_4069F0+6F�j
; sub_4069F0+A9�j ...
mov eax, [esp+24h+var_C]
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_406ACB: ; CODE XREF: sub_4069F0+95�j
mov [esp+24h+var_C], 0
jmp short loc_406A9B
; ---------------------------------------------------------------------------
loc_406AD5: ; CODE XREF: sub_4069F0+97�j
mov ecx, [esp+24h+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_406B0B
cmp ds:off_41DC2C, 0
jz short loc_406B0B
push offset off_41DC2C
call sub_40D002
add esp, 4
test eax, eax
jz short loc_406B0B
mov edx, [esp+24h+arg_0]
push 1
push edx
call ds:off_41DC2C
add esp, 8
loc_406B0B: ; CODE XREF: sub_4069F0+EF�j
; sub_4069F0+F8�j ...
mov ecx, [esp+24h+arg_4]
call sub_408A9A
mov eax, [esp+24h+arg_4]
cmp [eax+0Ch], ebp
jz short loc_406B30
push offset dword_423064
push edi
mov edx, ebp
mov ecx, eax
call sub_408AB4
mov eax, [esp+24h+arg_4]
loc_406B30: ; CODE XREF: sub_4069F0+12B�j
mov ecx, [esp+24h+var_10]
mov [eax+0Ch], ecx
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_406B4B
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402AD0
loc_406B4B: ; CODE XREF: sub_4069F0+14C�j
mov ecx, [esi+0Ch]
mov edx, [esi+8]
add ecx, edi
xor ecx, [edx+edi]
call sub_402AD0
mov ecx, [ebx+8]
mov edx, edi
jmp loc_408A81
; ---------------------------------------------------------------------------
loc_406B65: ; CODE XREF: sub_4069F0+50�j
cmp dword ptr [ebx+0Ch], 0FFFFFFFEh
jz loc_406ABF
push offset dword_423064
push edi
mov ecx, ebx
mov edx, 0FFFFFFFEh
call sub_408AB4
jmp loc_406A9B
sub_4069F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B86 proc near ; CODE XREF: sub_402EAE+9F�p
; sub_403475+6E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
push esi
call sub_408DD0
mov [ebp+arg_4], eax
mov eax, [esi+0Ch]
test al, 82h
pop ecx
jnz short loc_406BB6
call sub_405B83
mov dword ptr [eax], 9
loc_406BAA: ; CODE XREF: sub_406B86+3F�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp loc_406CE3
; ---------------------------------------------------------------------------
loc_406BB6: ; CODE XREF: sub_406B86+17�j
test al, 40h
jz short loc_406BC7
call sub_405B83
mov dword ptr [eax], 22h
jmp short loc_406BAA
; ---------------------------------------------------------------------------
loc_406BC7: ; CODE XREF: sub_406B86+32�j
push ebx
xor ebx, ebx
test al, 1
jz short loc_406BE4
test al, 10h
mov [esi+4], ebx
jz loc_406C5E
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_406BE4: ; CODE XREF: sub_406B86+46�j
mov eax, [esi+0Ch]
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
mov [esi+4], ebx
mov [ebp+var_4], ebx
jnz short loc_406C28
call sub_408434
add eax, 20h
cmp esi, eax
jz short loc_406C14
call sub_408434
add eax, 40h
cmp esi, eax
jnz short loc_406C21
loc_406C14: ; CODE XREF: sub_406B86+80�j
push [ebp+arg_4]
call sub_40D8F0
test eax, eax
pop ecx
jnz short loc_406C28
loc_406C21: ; CODE XREF: sub_406B86+8C�j
push esi
call sub_40D8AC
pop ecx
loc_406C28: ; CODE XREF: sub_406B86+74�j
; sub_406B86+99�j
test word ptr [esi+0Ch], 108h
push edi
jz loc_406CB5
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
cmp edi, ebx
mov [esi+4], ecx
jle short loc_406C69
push edi
push eax
push [ebp+arg_4]
call sub_40D7D0
add esp, 0Ch
mov [ebp+var_4], eax
jmp short loc_406CAB
; ---------------------------------------------------------------------------
loc_406C5E: ; CODE XREF: sub_406B86+4D�j
or eax, 20h
mov [esi+0Ch], eax
or eax, 0FFFFFFFFh
jmp short loc_406CE2
; ---------------------------------------------------------------------------
loc_406C69: ; CODE XREF: sub_406B86+C4�j
mov ecx, [ebp+arg_4]
cmp ecx, 0FFFFFFFFh
jz short loc_406C8C
cmp ecx, 0FFFFFFFEh
jz short loc_406C8C
mov eax, ecx
and eax, 1Fh
imul eax, 28h
mov edx, ecx
sar edx, 5
add eax, dword_435700[edx*4]
jmp short loc_406C91
; ---------------------------------------------------------------------------
loc_406C8C: ; CODE XREF: sub_406B86+E9�j
; sub_406B86+EE�j
mov eax, offset dword_423BD0
loc_406C91: ; CODE XREF: sub_406B86+104�j
test byte ptr [eax+4], 20h
jz short loc_406CAB
push 2
push ebx
push ebx
push ecx
call sub_40D0F1
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_406CD0
loc_406CAB: ; CODE XREF: sub_406B86+D6�j
; sub_406B86+10F�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_406CCB
; ---------------------------------------------------------------------------
loc_406CB5: ; CODE XREF: sub_406B86+A9�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
call sub_40D7D0
add esp, 0Ch
mov [ebp+var_4], eax
loc_406CCB: ; CODE XREF: sub_406B86+12D�j
cmp [ebp+var_4], edi
jz short loc_406CD9
loc_406CD0: ; CODE XREF: sub_406B86+123�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp short loc_406CE1
; ---------------------------------------------------------------------------
loc_406CD9: ; CODE XREF: sub_406B86+148�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_406CE1: ; CODE XREF: sub_406B86+151�j
pop edi
loc_406CE2: ; CODE XREF: sub_406B86+E1�j
pop ebx
loc_406CE3: ; CODE XREF: sub_406B86+2B�j
pop esi
leave
retn
sub_406B86 endp
; =============== S U B R O U T I N E =======================================
sub_406CE6 proc near ; CODE XREF: sub_406D19+11�p
; sub_406D3D+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_406CF2
cmp dword ptr [ecx+8], 0
jz short loc_406D16
loc_406CF2: ; CODE XREF: sub_406CE6+4�j
dec dword ptr [ecx+4]
js short loc_406D02
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_406D0E
; ---------------------------------------------------------------------------
loc_406D02: ; CODE XREF: sub_406CE6+F�j
movsx eax, al
push ecx
push eax
call sub_406B86
pop ecx
pop ecx
loc_406D0E: ; CODE XREF: sub_406CE6+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_406D16
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_406D16: ; CODE XREF: sub_406CE6+A�j
; sub_406CE6+2B�j
inc dword ptr [esi]
retn
sub_406CE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D19 proc near ; CODE XREF: sub_406D87+853�p
; sub_406D87+880�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_406D34
; ---------------------------------------------------------------------------
loc_406D21: ; CODE XREF: sub_406D19+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_406CE6
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_406D3A
loc_406D34: ; CODE XREF: sub_406D19+6�j
cmp [ebp+arg_4], 0
jg short loc_406D21
loc_406D3A: ; CODE XREF: sub_406D19+19�j
pop esi
pop ebp
retn
sub_406D19 endp
; =============== S U B R O U T I N E =======================================
sub_406D3D proc near ; CODE XREF: sub_406D87+867�p
; sub_406D87+8CE�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_406D7D
cmp dword ptr [edi+8], 0
jnz short loc_406D7D
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_406D84
; ---------------------------------------------------------------------------
loc_406D57: ; CODE XREF: sub_406D3D+45�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_406CE6
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_406D7D
call sub_405B83
cmp dword ptr [eax], 2Ah
jnz short loc_406D84
mov ecx, edi
mov al, 3Fh
call sub_406CE6
loc_406D7D: ; CODE XREF: sub_406D3D+A�j
; sub_406D3D+10�j ...
cmp [esp+8+arg_0], 0
jg short loc_406D57
loc_406D84: ; CODE XREF: sub_406D3D+18�j
; sub_406D3D+35�j
pop esi
pop ebx
retn
sub_406D3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1F8h
sub_406D87 proc near ; CODE XREF: sub_402EAE+80�p
; sub_403475+53�p ...
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = byte ptr -25Ch
var_254 = dword ptr -254h
var_250 = byte ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_211 = byte ptr -211h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-1F8h]
sub esp, 278h
mov eax, dword_423064
xor eax, ebp
mov [ebp+1F8h+var_4], eax
mov eax, [ebp+1F8h+arg_0]
push ebx
mov ebx, [ebp+1F8h+arg_4]
push esi
xor esi, esi
push edi
mov edi, [ebp+1F8h+arg_C]
push [ebp+1F8h+arg_8]
lea ecx, [ebp+1F8h+var_25C]
mov [ebp+1F8h+var_228], eax
mov [ebp+1F8h+var_224], edi
mov [ebp+1F8h+var_244], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_218], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_23C], esi
call sub_402ADF
cmp [ebp+1F8h+var_228], esi
jnz short loc_406E14
loc_406DE7: ; CODE XREF: sub_406D87+E5�j
; sub_406D87+138�j ...
call sub_405B83
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
push esi
loc_406DF7: ; CODE XREF: sub_406D87+948�j
call sub_4032F9
add esp, 14h
cmp [ebp+1F8h+var_250], 0
jz short loc_406E0C
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_406E0C: ; CODE XREF: sub_406D87+7C�j
or eax, 0FFFFFFFFh
jmp loc_4076E4
; ---------------------------------------------------------------------------
loc_406E14: ; CODE XREF: sub_406D87+5E�j
mov eax, [ebp+1F8h+var_228]
test byte ptr [eax+0Ch], 40h
jnz loc_406EC5
push eax
call sub_408DD0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406E63
push [ebp+1F8h+var_228]
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406E63
push [ebp+1F8h+var_228]
call sub_408DD0
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406E68
; ---------------------------------------------------------------------------
loc_406E63: ; CODE XREF: sub_406D87+A4�j
; sub_406D87+B2�j
mov eax, offset dword_423BD0
loc_406E68: ; CODE XREF: sub_406D87+DA�j
test byte ptr [eax+24h], 7Fh
jnz loc_406DE7
push [ebp+1F8h+var_228]
call sub_408DD0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406EB6
push [ebp+1F8h+var_228]
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406EB6
push [ebp+1F8h+var_228]
call sub_408DD0
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406EBB
; ---------------------------------------------------------------------------
loc_406EB6: ; CODE XREF: sub_406D87+F7�j
; sub_406D87+105�j
mov eax, offset dword_423BD0
loc_406EBB: ; CODE XREF: sub_406D87+12D�j
test byte ptr [eax+24h], 80h
jnz loc_406DE7
loc_406EC5: ; CODE XREF: sub_406D87+94�j
cmp ebx, esi
jz loc_406DE7
mov dl, [ebx]
xor ecx, ecx
test dl, dl
mov [ebp+1F8h+var_22C], esi
mov [ebp+1F8h+var_220], esi
mov [ebp+1F8h+var_24C], esi
mov [ebp+1F8h+var_211], dl
jz loc_4076D4
loc_406EE5: ; CODE XREF: sub_406D87+931�j
inc ebx
cmp [ebp+1F8h+var_22C], 0
mov [ebp+1F8h+var_240], ebx
jl loc_4076D4
mov al, dl
sub al, 20h
cmp al, 58h
ja short loc_406F0C
movsx eax, dl
movzx eax, ds:byte_41D4E8[eax]
and eax, 0Fh
xor esi, esi
jmp short loc_406F10
; ---------------------------------------------------------------------------
loc_406F0C: ; CODE XREF: sub_406D87+172�j
xor esi, esi
xor eax, eax
loc_406F10: ; CODE XREF: sub_406D87+183�j
movsx eax, ds:byte_41D508[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1F8h+var_26C], eax
ja loc_4076A4 ; default
jmp ds:off_4076FF[eax*4] ; switch jump
loc_406F30: ; DATA XREF: .text:off_4076FF�o
or [ebp+1F8h+var_218], 0FFFFFFFFh ; jumptable 00406F29 case 1
mov [ebp+1F8h+var_270], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_23C], esi
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406F4B: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
movsx eax, dl ; jumptable 00406F29 case 2
sub eax, 20h
jz short loc_406F91
sub eax, 3
jz short loc_406F85
sub eax, 8
jz short loc_406F7C
dec eax
dec eax
jz short loc_406F73
sub eax, 3
jnz loc_4076A4 ; default
or [ebp+1F8h+var_210], 8
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406F73: ; CODE XREF: sub_406D87+1D8�j
or [ebp+1F8h+var_210], 4
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406F7C: ; CODE XREF: sub_406D87+1D4�j
or [ebp+1F8h+var_210], 1
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406F85: ; CODE XREF: sub_406D87+1CF�j
or [ebp+1F8h+var_210], 80h
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406F91: ; CODE XREF: sub_406D87+1CA�j
or [ebp+1F8h+var_210], 2
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406F9A: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
cmp dl, 2Ah ; jumptable 00406F29 case 3
jnz short loc_406FBF
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_238], edi
jge loc_4076A4 ; default
or [ebp+1F8h+var_210], 4
neg [ebp+1F8h+var_238]
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406FBF: ; CODE XREF: sub_406D87+216�j
mov eax, [ebp+1F8h+var_238]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_238], eax
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406FD4: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
mov [ebp+1F8h+var_218], esi ; jumptable 00406F29 case 4
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406FDC: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
cmp dl, 2Ah ; jumptable 00406F29 case 5
jnz short loc_406FFE
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_218], edi
jge loc_4076A4 ; default
or [ebp+1F8h+var_218], 0FFFFFFFFh
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_406FFE: ; CODE XREF: sub_406D87+258�j
mov eax, [ebp+1F8h+var_218]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_218], eax
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_407013: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
cmp dl, 49h ; jumptable 00406F29 case 6
jz short loc_40705E
cmp dl, 68h
jz short loc_407055
cmp dl, 6Ch
jz short loc_407037
cmp dl, 77h
jnz loc_4076A4 ; default
or [ebp+1F8h+var_210], 800h
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_407037: ; CODE XREF: sub_406D87+299�j
cmp byte ptr [ebx], 6Ch
jnz short loc_40704C
inc ebx
or [ebp+1F8h+var_210], 1000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_40704C: ; CODE XREF: sub_406D87+2B3�j
or [ebp+1F8h+var_210], 10h
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_407055: ; CODE XREF: sub_406D87+294�j
or [ebp+1F8h+var_210], 20h
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_40705E: ; CODE XREF: sub_406D87+28F�j
mov al, [ebx]
cmp al, 36h
jnz short loc_40707B
cmp byte ptr [ebx+1], 34h
jnz short loc_40707B
inc ebx
inc ebx
or [ebp+1F8h+var_210], 8000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_40707B: ; CODE XREF: sub_406D87+2DB�j
; sub_406D87+2E1�j
cmp al, 33h
jnz short loc_407096
cmp byte ptr [ebx+1], 32h
jnz short loc_407096
inc ebx
inc ebx
and [ebp+1F8h+var_210], 0FFFF7FFFh
mov [ebp+1F8h+var_240], ebx
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_407096: ; CODE XREF: sub_406D87+2F6�j
; sub_406D87+2FC�j
cmp al, 64h
jz loc_4076A4 ; default
cmp al, 69h
jz loc_4076A4 ; default
cmp al, 6Fh
jz loc_4076A4 ; default
cmp al, 75h
jz loc_4076A4 ; default
cmp al, 78h
jz loc_4076A4 ; default
cmp al, 58h
jz loc_4076A4 ; default
mov [ebp+1F8h+var_26C], esi
loc_4070C9: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
lea eax, [ebp+1F8h+var_25C] ; jumptable 00406F29 case 0
push eax
movzx eax, dl
push eax
mov [ebp+1F8h+var_23C], esi
call sub_40CDB0
pop ecx
test eax, eax
mov al, [ebp+1F8h+var_211]
pop ecx
jz short loc_4070FB
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406CE6
mov al, [ebx]
inc ebx
test al, al
mov [ebp+1F8h+var_240], ebx
jz loc_4076BD
loc_4070FB: ; CODE XREF: sub_406D87+359�j
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406CE6
jmp loc_4076A4 ; default
; ---------------------------------------------------------------------------
loc_40710B: ; CODE XREF: sub_406D87+1A2�j
; DATA XREF: .text:off_4076FF�o
movsx eax, dl ; jumptable 00406F29 case 7
cmp eax, 64h
jg loc_407289
jz loc_407308
cmp eax, 53h
jg loc_4071D1
jz short loc_407182
sub eax, 41h
jz short loc_40713D
dec eax
dec eax
jz short loc_407171
dec eax
dec eax
jz short loc_40713D
dec eax
dec eax
jnz loc_40758C
loc_40713D: ; CODE XREF: sub_406D87+3A4�j
; sub_406D87+3AC�j
add dl, 20h
mov [ebp+1F8h+var_270], 1
mov [ebp+1F8h+var_211], dl
loc_40714A: ; CODE XREF: sub_406D87+459�j
; sub_406D87+51D�j
or [ebp+1F8h+var_210], 40h
cmp [ebp+1F8h+var_218], esi
lea ebx, [ebp+1F8h+var_20C]
mov eax, 200h
mov [ebp+1F8h+var_21C], ebx
mov [ebp+1F8h+var_260], eax
jge loc_40732C
mov [ebp+1F8h+var_218], 6
jmp loc_40737A
; ---------------------------------------------------------------------------
loc_407171: ; CODE XREF: sub_406D87+3A8�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_4071EE
or [ebp+1F8h+var_210], 800h
jmp short loc_4071EE
; ---------------------------------------------------------------------------
loc_407182: ; CODE XREF: sub_406D87+39F�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_407191
or [ebp+1F8h+var_210], 800h
loc_407191: ; CODE XREF: sub_406D87+401�j
; sub_406D87+694�j
mov ecx, [ebp+1F8h+var_218]
cmp ecx, 0FFFFFFFFh
jnz short loc_40719E
mov ecx, 7FFFFFFFh
loc_40719E: ; CODE XREF: sub_406D87+410�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
mov [ebp+1F8h+var_21C], edi
jz loc_40756A
cmp edi, esi
jnz short loc_4071C2
mov eax, dword_423928
mov [ebp+1F8h+var_21C], eax
loc_4071C2: ; CODE XREF: sub_406D87+431�j
mov eax, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_23C], 1
jmp loc_40755F
; ---------------------------------------------------------------------------
loc_4071D1: ; CODE XREF: sub_406D87+399�j
sub eax, 58h
jz loc_407413
dec eax
dec eax
jz short loc_40723B
sub eax, ecx
jz loc_40714A
dec eax
dec eax
jnz loc_40758C
loc_4071EE: ; CODE XREF: sub_406D87+3F0�j
; sub_406D87+3F9�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
jz short loc_407223
movzx eax, word ptr [edi-4]
push eax
push 200h
lea eax, [ebp+1F8h+var_20C]
push eax
lea eax, [ebp+1F8h+var_220]
push eax
call sub_40DAE2
add esp, 10h
test eax, eax
jz short loc_407230
mov [ebp+1F8h+var_248], 1
jmp short loc_407230
; ---------------------------------------------------------------------------
loc_407223: ; CODE XREF: sub_406D87+473�j
mov al, [edi-4]
mov [ebp+1F8h+var_20C], al
mov [ebp+1F8h+var_220], 1
loc_407230: ; CODE XREF: sub_406D87+491�j
; sub_406D87+49A�j
lea eax, [ebp+1F8h+var_20C]
mov [ebp+1F8h+var_21C], eax
jmp loc_40758C
; ---------------------------------------------------------------------------
loc_40723B: ; CODE XREF: sub_406D87+455�j
mov eax, [edi]
add edi, 4
cmp eax, esi
mov [ebp+1F8h+var_224], edi
jz short loc_407275
mov ecx, [eax+4]
cmp ecx, esi
jz short loc_407275
test word ptr [ebp+1F8h+var_210], 800h
movsx eax, word ptr [eax]
mov [ebp+1F8h+var_21C], ecx
jz short loc_40726D
cdq
sub eax, edx
sar eax, 1
mov [ebp+1F8h+var_23C], 1
jmp loc_407589
; ---------------------------------------------------------------------------
loc_40726D: ; CODE XREF: sub_406D87+4D3�j
mov [ebp+1F8h+var_23C], esi
jmp loc_407589
; ---------------------------------------------------------------------------
loc_407275: ; CODE XREF: sub_406D87+4BE�j
; sub_406D87+4C5�j
mov eax, dword_423924
mov [ebp+1F8h+var_21C], eax
push eax
loc_40727E: ; CODE XREF: sub_406D87+680�j
call sub_4044E0
pop ecx
jmp loc_407589
; ---------------------------------------------------------------------------
loc_407289: ; CODE XREF: sub_406D87+38A�j
cmp eax, 70h
jg loc_407418
jz loc_40740C
cmp eax, 65h
jl loc_40758C
cmp eax, 67h
jle loc_40714A
cmp eax, 69h
jz short loc_407308
cmp eax, 6Eh
jz short loc_4072D3
cmp eax, 6Fh
jnz loc_40758C
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 8
jz short loc_407313
or [ebp+1F8h+var_210], 200h
jmp short loc_407313
; ---------------------------------------------------------------------------
loc_4072D3: ; CODE XREF: sub_406D87+52B�j
mov esi, [edi]
add edi, 4
mov [ebp+1F8h+var_224], edi
call sub_40D96D
test eax, eax
jz loc_4076BD
test byte ptr [ebp+1F8h+var_210], 20h
jz short loc_4072F7
mov ax, word ptr [ebp+1F8h+var_22C]
mov [esi], ax
jmp short loc_4072FC
; ---------------------------------------------------------------------------
loc_4072F7: ; CODE XREF: sub_406D87+565�j
mov eax, [ebp+1F8h+var_22C]
mov [esi], eax
loc_4072FC: ; CODE XREF: sub_406D87+56E�j
mov [ebp+1F8h+var_248], 1
jmp loc_407691
; ---------------------------------------------------------------------------
loc_407308: ; CODE XREF: sub_406D87+390�j
; sub_406D87+526�j
or [ebp+1F8h+var_210], 40h
loc_40730C: ; CODE XREF: sub_406D87+69C�j
mov [ebp+1F8h+var_220], 0Ah
loc_407313: ; CODE XREF: sub_406D87+541�j
; sub_406D87+54A�j ...
mov ecx, [ebp+1F8h+var_210]
test cx, cx
jns loc_407462
loc_40731F: ; CODE XREF: sub_406D87+6E0�j
mov eax, [edi]
mov edx, [edi+4]
add edi, 8
jmp loc_407497
; ---------------------------------------------------------------------------
loc_40732C: ; CODE XREF: sub_406D87+3D8�j
jnz short loc_40733C
cmp dl, 67h
jnz short loc_40737A
mov [ebp+1F8h+var_218], 1
jmp short loc_40737A
; ---------------------------------------------------------------------------
loc_40733C: ; CODE XREF: sub_406D87:loc_40732C�j
cmp [ebp+1F8h+var_218], eax
jle short loc_407344
mov [ebp+1F8h+var_218], eax
loc_407344: ; CODE XREF: sub_406D87+5B8�j
cmp [ebp+1F8h+var_218], 0A3h
jle short loc_40737A
mov esi, [ebp+1F8h+var_218]
add esi, 15Dh
push esi
call sub_407AEA
test eax, eax
mov dl, [ebp+1F8h+var_211]
pop ecx
mov [ebp+1F8h+var_24C], eax
jz short loc_407371
mov [ebp+1F8h+var_21C], eax
mov [ebp+1F8h+var_260], esi
mov ebx, eax
jmp short loc_407378
; ---------------------------------------------------------------------------
loc_407371: ; CODE XREF: sub_406D87+5DE�j
mov [ebp+1F8h+var_218], 0A3h
loc_407378: ; CODE XREF: sub_406D87+5E8�j
xor esi, esi
loc_40737A: ; CODE XREF: sub_406D87+3E5�j
; sub_406D87+5AA�j ...
mov eax, [edi]
add edi, 8
mov [ebp+1F8h+var_278], eax
mov eax, [edi-4]
mov [ebp+1F8h+var_274], eax
lea eax, [ebp+1F8h+var_25C]
push eax
push [ebp+1F8h+var_270]
movsx eax, dl
push [ebp+1F8h+var_218]
mov [ebp+1F8h+var_224], edi
push eax
push [ebp+1F8h+var_260]
lea eax, [ebp+1F8h+var_278]
push ebx
push eax
push dword_423F98
call sub_405543
pop ecx
call eax
mov edi, [ebp+1F8h+var_210]
add esp, 1Ch
and edi, 80h
jz short loc_4073D7
cmp [ebp+1F8h+var_218], esi
jnz short loc_4073D7
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push dword_423FA4
call sub_405543
pop ecx
call eax
pop ecx
pop ecx
loc_4073D7: ; CODE XREF: sub_406D87+634�j
; sub_406D87+639�j
cmp [ebp+1F8h+var_211], 67h
jnz short loc_4073F6
cmp edi, esi
jnz short loc_4073F6
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push dword_423FA0
call sub_405543
pop ecx
call eax
pop ecx
pop ecx
loc_4073F6: ; CODE XREF: sub_406D87+654�j
; sub_406D87+658�j
cmp byte ptr [ebx], 2Dh
jnz short loc_407406
or [ebp+1F8h+var_210], 100h
inc ebx
mov [ebp+1F8h+var_21C], ebx
loc_407406: ; CODE XREF: sub_406D87+672�j
push ebx
jmp loc_40727E
; ---------------------------------------------------------------------------
loc_40740C: ; CODE XREF: sub_406D87+50B�j
mov [ebp+1F8h+var_218], 8
loc_407413: ; CODE XREF: sub_406D87+44D�j
mov [ebp+1F8h+var_244], ecx
jmp short loc_407439
; ---------------------------------------------------------------------------
loc_407418: ; CODE XREF: sub_406D87+505�j
sub eax, 73h
jz loc_407191
dec eax
dec eax
jz loc_40730C
sub eax, 3
jnz loc_40758C
mov [ebp+1F8h+var_244], 27h
loc_407439: ; CODE XREF: sub_406D87+68F�j
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 10h
jz loc_407313
mov al, byte ptr [ebp+1F8h+var_244]
add al, 51h
mov [ebp+1F8h+var_230], 30h
mov [ebp+1F8h+var_22F], al
mov [ebp+1F8h+var_234], 2
jmp loc_407313
; ---------------------------------------------------------------------------
loc_407462: ; CODE XREF: sub_406D87+592�j
test cx, 1000h
jnz loc_40731F
add edi, 4
test cl, 20h
jz short loc_40748A
test cl, 40h
mov [ebp+1F8h+var_224], edi
jz short loc_407483
movsx eax, word ptr [edi-4]
jmp short loc_407487
; ---------------------------------------------------------------------------
loc_407483: ; CODE XREF: sub_406D87+6F4�j
movzx eax, word ptr [edi-4]
loc_407487: ; CODE XREF: sub_406D87+6FA�j
cdq
jmp short loc_40749A
; ---------------------------------------------------------------------------
loc_40748A: ; CODE XREF: sub_406D87+6EC�j
test cl, 40h
mov eax, [edi-4]
jz short loc_407495
cdq
jmp short loc_407497
; ---------------------------------------------------------------------------
loc_407495: ; CODE XREF: sub_406D87+709�j
xor edx, edx
loc_407497: ; CODE XREF: sub_406D87+5A0�j
; sub_406D87+70C�j
mov [ebp+1F8h+var_224], edi
loc_40749A: ; CODE XREF: sub_406D87+701�j
test cl, 40h
jz short loc_4074B7
cmp edx, esi
jg short loc_4074B7
jl short loc_4074A9
cmp eax, esi
jnb short loc_4074B7
loc_4074A9: ; CODE XREF: sub_406D87+71C�j
neg eax
adc edx, 0
neg edx
or [ebp+1F8h+var_210], 100h
loc_4074B7: ; CODE XREF: sub_406D87+716�j
; sub_406D87+71A�j ...
test word ptr [ebp+1F8h+var_210], 9000h
mov ebx, edx
mov edi, eax
jnz short loc_4074C5
xor ebx, ebx
loc_4074C5: ; CODE XREF: sub_406D87+73A�j
cmp [ebp+1F8h+var_218], 0
jge short loc_4074D4
mov [ebp+1F8h+var_218], 1
jmp short loc_4074E5
; ---------------------------------------------------------------------------
loc_4074D4: ; CODE XREF: sub_406D87+742�j
and [ebp+1F8h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1F8h+var_218], eax
jle short loc_4074E5
mov [ebp+1F8h+var_218], eax
loc_4074E5: ; CODE XREF: sub_406D87+74B�j
; sub_406D87+759�j
mov eax, edi
or eax, ebx
jnz short loc_4074EF
and [ebp+1F8h+var_234], 0
loc_4074EF: ; CODE XREF: sub_406D87+762�j
lea esi, [ebp+1F8h+var_D]
loc_4074F5: ; CODE XREF: sub_406D87+7A0�j
mov eax, [ebp+1F8h+var_218]
dec [ebp+1F8h+var_218]
test eax, eax
jg short loc_407505
mov eax, edi
or eax, ebx
jz short loc_407529
loc_407505: ; CODE XREF: sub_406D87+776�j
mov eax, [ebp+1F8h+var_220]
cdq
push edx
push eax
push ebx
push edi
call sub_40DB00
add ecx, 30h
cmp ecx, 39h
mov [ebp+1F8h+var_260], ebx
mov edi, eax
mov ebx, edx
jle short loc_407524
add ecx, [ebp+1F8h+var_244]
loc_407524: ; CODE XREF: sub_406D87+798�j
mov [esi], cl
dec esi
jmp short loc_4074F5
; ---------------------------------------------------------------------------
loc_407529: ; CODE XREF: sub_406D87+77C�j
lea eax, [ebp+1F8h+var_D]
sub eax, esi
inc esi
test word ptr [ebp+1F8h+var_210], 200h
mov [ebp+1F8h+var_220], eax
mov [ebp+1F8h+var_21C], esi
jz short loc_40758C
test eax, eax
jz short loc_40754B
mov ecx, esi
cmp byte ptr [ecx], 30h
jz short loc_40758C
loc_40754B: ; CODE XREF: sub_406D87+7BB�j
dec [ebp+1F8h+var_21C]
mov ecx, [ebp+1F8h+var_21C]
mov byte ptr [ecx], 30h
inc eax
jmp short loc_407589
; ---------------------------------------------------------------------------
loc_407557: ; CODE XREF: sub_406D87+7DA�j
dec ecx
cmp [eax], si
jz short loc_407563
inc eax
inc eax
loc_40755F: ; CODE XREF: sub_406D87+445�j
cmp ecx, esi
jnz short loc_407557
loc_407563: ; CODE XREF: sub_406D87+7D4�j
sub eax, [ebp+1F8h+var_21C]
sar eax, 1
jmp short loc_407589
; ---------------------------------------------------------------------------
loc_40756A: ; CODE XREF: sub_406D87+429�j
cmp edi, esi
jnz short loc_407576
mov eax, dword_423924
mov [ebp+1F8h+var_21C], eax
loc_407576: ; CODE XREF: sub_406D87+7E5�j
mov eax, [ebp+1F8h+var_21C]
jmp short loc_407582
; ---------------------------------------------------------------------------
loc_40757B: ; CODE XREF: sub_406D87+7FD�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_407586
inc eax
loc_407582: ; CODE XREF: sub_406D87+7F2�j
cmp ecx, esi
jnz short loc_40757B
loc_407586: ; CODE XREF: sub_406D87+7F8�j
sub eax, [ebp+1F8h+var_21C]
loc_407589: ; CODE XREF: sub_406D87+4E1�j
; sub_406D87+4E9�j ...
mov [ebp+1F8h+var_220], eax
loc_40758C: ; CODE XREF: sub_406D87+3B0�j
; sub_406D87+461�j ...
cmp [ebp+1F8h+var_248], 0
jnz loc_407691
mov eax, [ebp+1F8h+var_210]
test al, 40h
jz short loc_4075C2
test ax, 100h
jz short loc_4075A9
mov [ebp+1F8h+var_230], 2Dh
jmp short loc_4075BB
; ---------------------------------------------------------------------------
loc_4075A9: ; CODE XREF: sub_406D87+81A�j
test al, 1
jz short loc_4075B3
mov [ebp+1F8h+var_230], 2Bh
jmp short loc_4075BB
; ---------------------------------------------------------------------------
loc_4075B3: ; CODE XREF: sub_406D87+824�j
test al, 2
jz short loc_4075C2
mov [ebp+1F8h+var_230], 20h
loc_4075BB: ; CODE XREF: sub_406D87+820�j
; sub_406D87+82A�j
mov [ebp+1F8h+var_234], 1
loc_4075C2: ; CODE XREF: sub_406D87+814�j
; sub_406D87+82E�j
mov ebx, [ebp+1F8h+var_238]
sub ebx, [ebp+1F8h+var_220]
sub ebx, [ebp+1F8h+var_234]
test byte ptr [ebp+1F8h+var_210], 0Ch
jnz short loc_4075E2
push [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
push ebx
push 20h
call sub_406D19
add esp, 0Ch
loc_4075E2: ; CODE XREF: sub_406D87+848�j
push [ebp+1F8h+var_234]
mov edi, [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_230]
call sub_406D3D
test byte ptr [ebp+1F8h+var_210], 8
pop ecx
jz short loc_40760F
test byte ptr [ebp+1F8h+var_210], 4
jnz short loc_40760F
push edi
push ebx
push 30h
lea eax, [ebp+1F8h+var_22C]
call sub_406D19
add esp, 0Ch
loc_40760F: ; CODE XREF: sub_406D87+871�j
; sub_406D87+877�j
cmp [ebp+1F8h+var_23C], 0
mov eax, [ebp+1F8h+var_220]
jz short loc_407669
test eax, eax
jle short loc_407669
mov esi, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_260], eax
loc_407622: ; CODE XREF: sub_406D87+8D8�j
movzx eax, word ptr [esi]
dec [ebp+1F8h+var_260]
push eax
push 6
lea eax, [ebp+1F8h+var_C]
push eax
lea eax, [ebp+1F8h+var_268]
inc esi
push eax
inc esi
call sub_40DAE2
add esp, 10h
test eax, eax
jnz short loc_407663
cmp [ebp+1F8h+var_268], eax
jz short loc_407663
push [ebp+1F8h+var_268]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_C]
call sub_406D3D
cmp [ebp+1F8h+var_260], 0
pop ecx
jnz short loc_407622
jmp short loc_407676
; ---------------------------------------------------------------------------
loc_407663: ; CODE XREF: sub_406D87+8BB�j
; sub_406D87+8C0�j
or [ebp+1F8h+var_22C], 0FFFFFFFFh
jmp short loc_407676
; ---------------------------------------------------------------------------
loc_407669: ; CODE XREF: sub_406D87+88F�j
; sub_406D87+893�j
mov ecx, [ebp+1F8h+var_21C]
push eax
lea eax, [ebp+1F8h+var_22C]
call sub_406D3D
pop ecx
loc_407676: ; CODE XREF: sub_406D87+8DA�j
; sub_406D87+8E0�j
cmp [ebp+1F8h+var_22C], 0
jl short loc_407691
test byte ptr [ebp+1F8h+var_210], 4
jz short loc_407691
push edi
push ebx
push 20h
lea eax, [ebp+1F8h+var_22C]
call sub_406D19
add esp, 0Ch
loc_407691: ; CODE XREF: sub_406D87+57C�j
; sub_406D87+809�j ...
cmp [ebp+1F8h+var_24C], 0
jz short loc_4076A4 ; default
push [ebp+1F8h+var_24C]
call sub_4039C3
and [ebp+1F8h+var_24C], 0
pop ecx
loc_4076A4: ; CODE XREF: sub_406D87+19C�j
; sub_406D87+1BF�j ...
mov ebx, [ebp+1F8h+var_240] ; default
mov al, [ebx]
test al, al
mov [ebp+1F8h+var_211], al
jz short loc_4076D4
mov ecx, [ebp+1F8h+var_26C]
mov edi, [ebp+1F8h+var_224]
mov dl, al
jmp loc_406EE5
; ---------------------------------------------------------------------------
loc_4076BD: ; CODE XREF: sub_406D87+36E�j
; sub_406D87+55B�j
call sub_405B83
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp loc_406DF7
; ---------------------------------------------------------------------------
loc_4076D4: ; CODE XREF: sub_406D87+158�j
; sub_406D87+166�j ...
cmp [ebp+1F8h+var_250], 0
jz short loc_4076E1
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4076E1: ; CODE XREF: sub_406D87+951�j
mov eax, [ebp+1F8h+var_22C]
loc_4076E4: ; CODE XREF: sub_406D87+88�j
mov ecx, [ebp+1F8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 1F8h
leave
retn
sub_406D87 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_4076FF dd offset loc_4070C9 ; DATA XREF: sub_406D87+1A2�r
dd offset loc_406F30 ; jump table for switch statement
dd offset loc_406F4B
dd offset loc_406F9A
dd offset loc_406FD4
dd offset loc_406FDC
dd offset loc_407013
dd offset loc_40710B
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407720 proc near ; CODE XREF: sub_402F60+4D�p
; sub_405F00+2DA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407740
cmp edi, eax
jb loc_4078E4
loc_407740: ; CODE XREF: sub_407720+16�j
cmp ecx, 100h
jb short loc_407767
cmp dword_4356E0, 0
jz short loc_407767
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_407767
pop esi
pop edi
pop ebp
jmp sub_40DC1C
; ---------------------------------------------------------------------------
loc_407767: ; CODE XREF: sub_407720+26�j
; sub_407720+2F�j ...
test edi, 3
jnz short loc_407784
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4077A4
rep movsd
jmp ds:off_407894[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407784: ; CODE XREF: sub_407720+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_40779C
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4077A4+4[eax*4]
; ---------------------------------------------------------------------------
loc_40779C: ; CODE XREF: sub_407720+6E�j
jmp dword ptr ds:loc_4078A4[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4077A4: ; CODE XREF: sub_407720+58�j
; sub_407720+B6�j ...
jmp ds:off_407828[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4077B8
dd offset loc_4077E4
dd offset loc_407808
; ---------------------------------------------------------------------------
loc_4077B8: ; DATA XREF: sub_407720+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4077A4
rep movsd
jmp ds:off_407894[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4077E4: ; DATA XREF: sub_407720+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4077A4
rep movsd
jmp ds:off_407894[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407808: ; DATA XREF: sub_407720+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_4077A4
rep movsd
jmp ds:off_407894[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407828 dd offset loc_40788B ; DATA XREF: sub_407720:loc_4077A4�r
dd offset loc_407878
dd offset loc_407870
dd offset loc_407868
dd offset loc_407860
dd offset loc_407858
dd offset loc_407850
dd offset loc_407848
; ---------------------------------------------------------------------------
loc_407848: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_407850: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_407858: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_407860: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_407868: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_407870: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_407878: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40788B: ; CODE XREF: sub_407720:loc_4077A4�j
; DATA XREF: sub_407720:off_407828�o
jmp ds:off_407894[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407894 dd offset loc_4078A4 ; DATA XREF: sub_407720+5C�r
; sub_407720+BA�r ...
dd offset loc_4078AC
dd offset loc_4078B8
dd offset loc_4078CC
; ---------------------------------------------------------------------------
loc_4078A4: ; CODE XREF: sub_407720+5C�j
; sub_407720+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4078AC: ; CODE XREF: sub_407720+5C�j
; sub_407720+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4078B8: ; CODE XREF: sub_407720+5C�j
; sub_407720+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4078CC: ; CODE XREF: sub_407720+5C�j
; sub_407720+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4078E4: ; CODE XREF: sub_407720+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407918
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40790C
std
rep movsd
cld
jmp ds:off_407A30[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40790C: ; CODE XREF: sub_407720+1DD�j
; sub_407720+238�j ...
neg ecx
jmp ds:off_4079E0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407918: ; CODE XREF: sub_407720+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407930
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_407930+4[eax*4]
; ---------------------------------------------------------------------------
loc_407930: ; CODE XREF: sub_407720+202�j
; DATA XREF: sub_407720+209�r
jmp ds:off_407A30[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407943+1
; ---------------------------------------------------------------------------
push 90004079h
jns short loc_407983
loc_407943: ; DATA XREF: sub_407720+218�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40790C
std
rep movsd
cld
jmp ds:off_407A30[edx*4]
; ---------------------------------------------------------------------------
align 4
dd 2303468Ah, 34788D1h, 0C102468Ah, 478802E9h, 2EE8302h
dd 8302EF83h
db 0F9h, 8, 72h
; ---------------------------------------------------------------------------
loc_407983: ; CODE XREF: sub_407720+221�j
mov ch, bh
rep movsd
cld
jmp ds:off_407A30[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40790C
std
rep movsd
cld
jmp ds:off_407A30[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4079E4
dd offset loc_4079EC
dd offset loc_4079F4
dd offset loc_4079FC
dd offset loc_407A04
dd offset loc_407A0C
dd offset loc_407A14
off_4079E0 dd offset loc_407A27 ; DATA XREF: sub_407720+1EE�r
; ---------------------------------------------------------------------------
loc_4079E4: ; DATA XREF: sub_407720+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4079EC: ; DATA XREF: sub_407720+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4079F4: ; DATA XREF: sub_407720+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4079FC: ; DATA XREF: sub_407720+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407A04: ; DATA XREF: sub_407720+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_407A0C: ; DATA XREF: sub_407720+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407A14: ; DATA XREF: sub_407720+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407A27: ; CODE XREF: sub_407720+1EE�j
; DATA XREF: sub_407720:off_4079E0�o
jmp ds:off_407A30[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407A30 dd offset loc_407A40 ; DATA XREF: sub_407720+1E3�r
; sub_407720:loc_407930�r ...
dd offset loc_407A48
dd offset loc_407A58
dd offset loc_407A6C
; ---------------------------------------------------------------------------
loc_407A40: ; CODE XREF: sub_407720+1E3�j
; sub_407720:loc_407930�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407A48: ; CODE XREF: sub_407720+1E3�j
; sub_407720:loc_407930�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407A58: ; CODE XREF: sub_407720+1E3�j
; sub_407720:loc_407930�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407A6C: ; CODE XREF: sub_407720+1E3�j
; sub_407720:loc_407930�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407720 endp
; =============== S U B R O U T I N E =======================================
sub_407A85 proc near ; CODE XREF: sub_402FCC+31�p
; sub_403032+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jz short loc_407A9A
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_407AB5
loc_407A9A: ; CODE XREF: sub_407A85+B�j
; sub_407A85+3A�j
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_407AA4: ; CODE XREF: sub_407A85+5D�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_407AE6
; ---------------------------------------------------------------------------
loc_407AB5: ; CODE XREF: sub_407A85+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_407AC1
mov [ecx], bl
jmp short loc_407A9A
; ---------------------------------------------------------------------------
loc_407AC1: ; CODE XREF: sub_407A85+36�j
mov edx, ecx
loc_407AC3: ; CODE XREF: sub_407A85+49�j
mov al, [esi]
mov [edx], al
inc edx
inc esi
cmp al, bl
jz short loc_407AD0
dec edi
jnz short loc_407AC3
loc_407AD0: ; CODE XREF: sub_407A85+46�j
cmp edi, ebx
jnz short loc_407AE4
mov [ecx], bl
call sub_405B83
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_407AA4
; ---------------------------------------------------------------------------
loc_407AE4: ; CODE XREF: sub_407A85+4D�j
xor eax, eax
loc_407AE6: ; CODE XREF: sub_407A85+2E�j
pop edi
pop esi
pop ebx
retn
sub_407A85 endp
; =============== S U B R O U T I N E =======================================
sub_407AEA proc near ; CODE XREF: sub_405019+3B�p
; sub_405CE4+48�p ...
arg_0 = dword ptr 4
push esi
push edi
xor esi, esi
loc_407AEE: ; CODE XREF: sub_407AEA+39�j
push [esp+8+arg_0]
call sub_403AA0
mov edi, eax
test edi, edi
pop ecx
jnz short loc_407B25
cmp dword_4279B0, eax
jbe short loc_407B25
push esi
call ds:off_41D0F8
lea eax, [esi+3E8h]
cmp eax, dword_4279B0
jbe short loc_407B1E
or eax, 0FFFFFFFFh
loc_407B1E: ; CODE XREF: sub_407AEA+2F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407AEE
loc_407B25: ; CODE XREF: sub_407AEA+12�j
; sub_407AEA+1A�j
mov eax, edi
pop edi
pop esi
retn
sub_407AEA endp
; =============== S U B R O U T I N E =======================================
sub_407B2A proc near ; CODE XREF: sub_403176+5�p
; sub_4056CA+30�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_407B2E: ; CODE XREF: sub_407B2A+41�j
push 0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40DCFF
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_407B6D
cmp dword_4279B0, eax
jbe short loc_407B6D
push esi
call ds:off_41D0F8
lea eax, [esi+3E8h]
cmp eax, dword_4279B0
jbe short loc_407B66
or eax, 0FFFFFFFFh
loc_407B66: ; CODE XREF: sub_407B2A+37�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407B2E
loc_407B6D: ; CODE XREF: sub_407B2A+1A�j
; sub_407B2A+22�j
mov eax, edi
pop edi
pop esi
retn
sub_407B2A endp
; =============== S U B R O U T I N E =======================================
sub_407B72 proc near ; CODE XREF: sub_4030C9+58�p
; sub_4030C9+6F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_407B76: ; CODE XREF: sub_407B72+44�j
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40DE1D
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_407BB8
cmp [esp+8+arg_4], eax
jz short loc_407BB8
cmp dword_4279B0, eax
jbe short loc_407BB8
push esi
call ds:off_41D0F8
lea eax, [esi+3E8h]
cmp eax, dword_4279B0
jbe short loc_407BB1
or eax, 0FFFFFFFFh
loc_407BB1: ; CODE XREF: sub_407B72+3A�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407B76
loc_407BB8: ; CODE XREF: sub_407B72+17�j
; sub_407B72+1D�j ...
mov eax, edi
pop edi
pop esi
retn
sub_407B72 endp
; =============== S U B R O U T I N E =======================================
sub_407BBD proc near ; CODE XREF: sub_409188+40�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
xor esi, esi
loc_407BC1: ; CODE XREF: sub_407BBD+49�j
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40E038
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_407C08
cmp [esp+8+arg_8], eax
jz short loc_407C08
cmp dword_4279B0, eax
jbe short loc_407C08
push esi
call ds:off_41D0F8
lea eax, [esi+3E8h]
cmp eax, dword_4279B0
jbe short loc_407C01
or eax, 0FFFFFFFFh
loc_407C01: ; CODE XREF: sub_407BBD+3F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407BC1
loc_407C08: ; CODE XREF: sub_407BBD+1C�j
; sub_407BBD+22�j ...
mov eax, edi
pop edi
pop esi
retn
sub_407BBD endp
; =============== S U B R O U T I N E =======================================
sub_407C0D proc near ; CODE XREF: .text:004043F9�p
; .text:0040441F�p ...
arg_0 = dword ptr 4
call sub_40A004
push [esp+arg_0]
call sub_409E64
push dword_423930
call sub_405543
push 0FFh
call eax
add esp, 0Ch
retn
sub_407C0D endp
; =============== S U B R O U T I N E =======================================
sub_407C31 proc near ; CODE XREF: sub_407C57+4�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:off_41D0E0
test eax, eax
jz short locret_407C56
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:off_41D0E8
test eax, eax
jz short locret_407C56
push [esp+arg_0]
call eax
locret_407C56: ; CODE XREF: sub_407C31+D�j
; sub_407C31+1D�j
retn
sub_407C31 endp
; =============== S U B R O U T I N E =======================================
sub_407C57 proc near ; CODE XREF: sub_403AA0+34�p
; sub_40428D+1C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_407C31
pop ecx
push [esp+arg_0]
call ds:off_41D050
int 3 ; Trap to Debugger
sub_407C57 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407C6C proc near ; CODE XREF: sub_4031A5+C�p
push 8
call sub_405DA7
pop ecx
retn
sub_407C6C endp
; =============== S U B R O U T I N E =======================================
sub_407C75 proc near ; CODE XREF: sub_4031DB�p
push 8
call sub_405CCF
pop ecx
retn
sub_407C75 endp
; =============== S U B R O U T I N E =======================================
sub_407C7E proc near ; CODE XREF: sub_407DBB+78�p
; sub_407DBB+88�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_407C8E
; ---------------------------------------------------------------------------
loc_407C83: ; CODE XREF: sub_407C7E+14�j
mov eax, [esi]
test eax, eax
jz short loc_407C8B
call eax
loc_407C8B: ; CODE XREF: sub_407C7E+9�j
add esi, 4
loc_407C8E: ; CODE XREF: sub_407C7E+3�j
cmp esi, [esp+4+arg_0]
jb short loc_407C83
pop esi
retn
sub_407C7E endp
; =============== S U B R O U T I N E =======================================
sub_407C96 proc near ; CODE XREF: sub_407D29+32�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
jmp short loc_407CAE
; ---------------------------------------------------------------------------
loc_407C9F: ; CODE XREF: sub_407C96+1C�j
test eax, eax
jnz short loc_407CB4
mov ecx, [esi]
test ecx, ecx
jz short loc_407CAB
call ecx
loc_407CAB: ; CODE XREF: sub_407C96+11�j
add esi, 4
loc_407CAE: ; CODE XREF: sub_407C96+7�j
cmp esi, [esp+4+arg_4]
jb short loc_407C9F
loc_407CB4: ; CODE XREF: sub_407C96+B�j
pop esi
retn
sub_407C96 endp
; =============== S U B R O U T I N E =======================================
sub_407CB6 proc near ; CODE XREF: sub_405DD8+12�p
; sub_40CEC4+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_407CDE
loc_407CC1: ; CODE XREF: sub_407CB6+2F�j
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_407CDE: ; CODE XREF: sub_407CB6+9�j
mov eax, dword_4279B8
cmp eax, esi
jz short loc_407CC1
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_407CB6 endp
; =============== S U B R O U T I N E =======================================
sub_407CED proc near ; CODE XREF: sub_405DD8+2D�p
; sub_40F8D4+11F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_407D15
loc_407CF8: ; CODE XREF: sub_407CED+2E�j
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_407D15: ; CODE XREF: sub_407CED+9�j
cmp dword_4279B8, esi
jz short loc_407CF8
mov ecx, dword_4279C4
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_407CED endp
; =============== S U B R O U T I N E =======================================
sub_407D29 proc near ; CODE XREF: .text:00404437�p
arg_0 = dword ptr 4
cmp ds:dword_41EDA4, 0
jz short loc_407D4C
push offset dword_41EDA4
call sub_40D002
test eax, eax
pop ecx
jz short loc_407D4C
push [esp+arg_0]
call ds:dword_41EDA4
pop ecx
loc_407D4C: ; CODE XREF: sub_407D29+7�j
; sub_407D29+16�j
call sub_40D94E
push offset dword_41D2EC
push offset dword_41D2D0
call sub_407C96
test eax, eax
pop ecx
pop ecx
jnz short locret_407DBA
push esi
push edi
push offset sub_40B415
call sub_4031E1
mov esi, offset dword_41D288
mov eax, esi
mov edi, offset dword_41D2CC
cmp eax, edi
pop ecx
jnb short loc_407D92
loc_407D83: ; CODE XREF: sub_407D29+67�j
mov eax, [esi]
test eax, eax
jz short loc_407D8B
call eax
loc_407D8B: ; CODE XREF: sub_407D29+5E�j
add esi, 4
cmp esi, edi
jb short loc_407D83
loc_407D92: ; CODE XREF: sub_407D29+58�j
cmp dword_436838, 0
pop edi
pop esi
jz short loc_407DB8
push offset dword_436838
call sub_40D002
test eax, eax
pop ecx
jz short loc_407DB8
push 0
push 2
push 0
call dword_436838
loc_407DB8: ; CODE XREF: sub_407D29+72�j
; sub_407D29+81�j
xor eax, eax
locret_407DBA: ; CODE XREF: sub_407D29+3B�j
retn
sub_407D29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407DBB proc near ; CODE XREF: sub_407E89+8�p
; sub_407E9A+8�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00407E83 SIZE 00000006 BYTES
push 0Ch
push offset dword_421808
call __SEH_prolog4
push 8
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
xor esi, esi
inc esi
cmp dword_4279F8, esi
jz short loc_407E49
mov dword_4279F4, esi
mov al, byte ptr [ebp+arg_8]
mov byte_4279F0, al
cmp [ebp+arg_4], 0
jnz short loc_407E39
push dword_436830
call sub_405543
mov edi, eax
push dword_43682C
call sub_405543
pop ecx
pop ecx
mov [ebp+var_1C], eax
test edi, edi
jz short loc_407E29
loc_407E13: ; CODE XREF: sub_407DBB+68�j
; sub_407DBB+6C�j
sub [ebp+var_1C], 4
cmp [ebp+var_1C], edi
jb short loc_407E29
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_407E13
call eax
jmp short loc_407E13
; ---------------------------------------------------------------------------
loc_407E29: ; CODE XREF: sub_407DBB+56�j
; sub_407DBB+5F�j
push offset dword_41D2FC
mov eax, offset dword_41D2F0
call sub_407C7E
pop ecx
loc_407E39: ; CODE XREF: sub_407DBB+35�j
push offset dword_41D308
mov eax, offset dword_41D300
call sub_407C7E
pop ecx
loc_407E49: ; CODE XREF: sub_407DBB+21�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407E74
cmp [ebp+arg_8], 0
jnz short loc_407E83
mov dword_4279F8, esi
push 8
call sub_405CCF
pop ecx
push [ebp+arg_0]
call sub_407C57
xor esi, esi
inc esi
sub_407DBB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407E74 proc near ; CODE XREF: sub_407DBB+95�p
cmp dword ptr [ebp+10h], 0
jz short locret_407E82
push 8
call sub_405CCF
pop ecx
locret_407E82: ; CODE XREF: sub_407E74+4�j
retn
sub_407E74 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_407DBB
loc_407E83: ; CODE XREF: sub_407DBB+9E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_407DBB
; =============== S U B R O U T I N E =======================================
sub_407E89 proc near ; CODE XREF: .text:00404473�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_407DBB
add esp, 0Ch
retn
sub_407E89 endp
; =============== S U B R O U T I N E =======================================
sub_407E9A proc near ; CODE XREF: .text:004044A3�p
; sub_40E0D9+D9�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_407DBB
add esp, 0Ch
retn
sub_407E9A endp
; =============== S U B R O U T I N E =======================================
sub_407EAB proc near ; CODE XREF: .text:loc_404478�p
push 1
push 0
push 0
call sub_407DBB
add esp, 0Ch
retn
sub_407EAB endp
; =============== S U B R O U T I N E =======================================
sub_407EBA proc near ; CODE XREF: .text:loc_4044A8�p
push 1
push 1
push 0
call sub_407DBB
add esp, 0Ch
retn
sub_407EBA endp
; =============== S U B R O U T I N E =======================================
sub_407EC9 proc near ; CODE XREF: sub_405886+C4�p
push esi
call sub_40553A
mov esi, eax
push esi
call sub_408408
push esi
call sub_40CEAA
push esi
call sub_4031F3
push esi
call sub_40E293
push esi
call sub_40E289
push esi
call sub_40E07F
push esi
call nullsub_1
push esi
call sub_40C28B
push offset sub_407E9A
call sub_4054D7
add esp, 24h
mov dword_423930, eax
pop esi
retn
sub_407EC9 endp
; =============== S U B R O U T I N E =======================================
sub_407F15 proc near ; CODE XREF: sub_4031FD+CE�p
; sub_4032F9+18�p ...
and dword_436824, 0
retn
sub_407F15 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407F20 proc near ; CODE XREF: .text:004017C5�p
; .text:004017D9�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_407F95
xor eax, eax
mov al, [esp+arg_4]
test al, al
jnz short loc_407F4C
cmp edx, 100h
jb short loc_407F4C
cmp dword_4356E0, 0
jz short loc_407F4C
jmp sub_40E2F4
; ---------------------------------------------------------------------------
loc_407F4C: ; CODE XREF: sub_407F20+14�j
; sub_407F20+1C�j ...
push edi
mov edi, ecx
cmp edx, 4
jb short loc_407F85
neg ecx
and ecx, 3
jz short loc_407F67
sub edx, ecx
loc_407F5D: ; CODE XREF: sub_407F20+45�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_407F5D
loc_407F67: ; CODE XREF: sub_407F20+39�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_407F85
rep stosd
test edx, edx
jz short loc_407F8F
loc_407F85: ; CODE XREF: sub_407F20+32�j
; sub_407F20+5D�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_407F85
loc_407F8F: ; CODE XREF: sub_407F20+63�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_407F95: ; CODE XREF: sub_407F20+A�j
mov eax, [esp+arg_0]
retn
sub_407F20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FA0 proc near ; CODE XREF: sub_403332+43�p
; sub_409188+35�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407FC0
cmp edi, eax
jb loc_408164
loc_407FC0: ; CODE XREF: sub_407FA0+16�j
cmp ecx, 100h
jb short loc_407FE7
cmp dword_4356E0, 0
jz short loc_407FE7
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_407FE7
pop esi
pop edi
pop ebp
jmp sub_40DC1C
; ---------------------------------------------------------------------------
loc_407FE7: ; CODE XREF: sub_407FA0+26�j
; sub_407FA0+2F�j ...
test edi, 3
jnz short loc_408004
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_408024
rep movsd
jmp ds:off_408114[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_408004: ; CODE XREF: sub_407FA0+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_40801C
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_408024+4[eax*4]
; ---------------------------------------------------------------------------
loc_40801C: ; CODE XREF: sub_407FA0+6E�j
jmp dword ptr ds:loc_408124[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_408024: ; CODE XREF: sub_407FA0+58�j
; sub_407FA0+B6�j ...
jmp ds:off_4080A8[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_408038
dd offset loc_408064
dd offset loc_408088
; ---------------------------------------------------------------------------
loc_408038: ; DATA XREF: sub_407FA0+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_408024
rep movsd
jmp ds:off_408114[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_408064: ; DATA XREF: sub_407FA0+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_408024
rep movsd
jmp ds:off_408114[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_408088: ; DATA XREF: sub_407FA0+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_408024
rep movsd
jmp ds:off_408114[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4080A8 dd offset loc_40810B ; DATA XREF: sub_407FA0:loc_408024�r
dd offset loc_4080F8
dd offset loc_4080F0
dd offset loc_4080E8
dd offset loc_4080E0
dd offset loc_4080D8
dd offset loc_4080D0
dd offset loc_4080C8
; ---------------------------------------------------------------------------
loc_4080C8: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4080D0: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4080D8: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4080E0: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4080E8: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4080F0: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4080F8: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40810B: ; CODE XREF: sub_407FA0:loc_408024�j
; DATA XREF: sub_407FA0:off_4080A8�o
jmp ds:off_408114[edx*4]
; ---------------------------------------------------------------------------
align 4
off_408114 dd offset loc_408124 ; DATA XREF: sub_407FA0+5C�r
; sub_407FA0+BA�r ...
dd offset loc_40812C
dd offset loc_408138
dd offset loc_40814C
; ---------------------------------------------------------------------------
loc_408124: ; CODE XREF: sub_407FA0+5C�j
; sub_407FA0+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40812C: ; CODE XREF: sub_407FA0+5C�j
; sub_407FA0+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_408138: ; CODE XREF: sub_407FA0+5C�j
; sub_407FA0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40814C: ; CODE XREF: sub_407FA0+5C�j
; sub_407FA0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_408164: ; CODE XREF: sub_407FA0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_408198
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40818C
std
rep movsd
cld
jmp ds:off_4082B0[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40818C: ; CODE XREF: sub_407FA0+1DD�j
; sub_407FA0+238�j ...
neg ecx
jmp ds:off_408260[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_408198: ; CODE XREF: sub_407FA0+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4081B0
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_4081B0+4[eax*4]
; ---------------------------------------------------------------------------
loc_4081B0: ; CODE XREF: sub_407FA0+202�j
; DATA XREF: sub_407FA0+209�r
jmp ds:off_4082B0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4081C4
dd offset loc_4081E8
dd offset loc_408210
; ---------------------------------------------------------------------------
loc_4081C4: ; DATA XREF: sub_407FA0+218�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40818C
std
rep movsd
cld
jmp ds:off_4082B0[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4081E8: ; DATA XREF: sub_407FA0+21C�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_40818C
std
rep movsd
cld
jmp ds:off_4082B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_408210: ; DATA XREF: sub_407FA0+220�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40818C
std
rep movsd
cld
jmp ds:off_4082B0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_408264
dd offset loc_40826C
dd offset loc_408274
dd offset loc_40827C
dd offset loc_408284
dd offset loc_40828C
dd offset loc_408294
off_408260 dd offset loc_4082A7 ; DATA XREF: sub_407FA0+1EE�r
; ---------------------------------------------------------------------------
loc_408264: ; DATA XREF: sub_407FA0+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40826C: ; DATA XREF: sub_407FA0+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_408274: ; DATA XREF: sub_407FA0+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40827C: ; DATA XREF: sub_407FA0+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_408284: ; DATA XREF: sub_407FA0+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40828C: ; DATA XREF: sub_407FA0+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_408294: ; DATA XREF: sub_407FA0+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4082A7: ; CODE XREF: sub_407FA0+1EE�j
; DATA XREF: sub_407FA0:off_408260�o
jmp ds:off_4082B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4082B0 dd offset loc_4082C0 ; DATA XREF: sub_407FA0+1E3�r
; sub_407FA0:loc_4081B0�r ...
dd offset loc_4082C8
dd offset loc_4082D8
dd offset loc_4082EC
; ---------------------------------------------------------------------------
loc_4082C0: ; CODE XREF: sub_407FA0+1E3�j
; sub_407FA0:loc_4081B0�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4082C8: ; CODE XREF: sub_407FA0+1E3�j
; sub_407FA0:loc_4081B0�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4082D8: ; CODE XREF: sub_407FA0+1E3�j
; sub_407FA0:loc_4081B0�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4082EC: ; CODE XREF: sub_407FA0+1E3�j
; sub_407FA0:loc_4081B0�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407FA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408305 proc near ; CODE XREF: sub_4033AD+7�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421828
call __SEH_prolog4
push 0Eh
call sub_405DA7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_408356
mov eax, dword_427A00
mov edx, offset dword_4279FC
loc_408331: ; CODE XREF: sub_408305+65�j
mov [ebp+var_1C], eax
test eax, eax
jz short loc_408349
cmp [eax], ecx
jnz short loc_408368
mov ecx, [eax+4]
mov [edx+4], ecx
push eax
call sub_4039C3
pop ecx
loc_408349: ; CODE XREF: sub_408305+31�j
push dword ptr [esi+4]
call sub_4039C3
pop ecx
and dword ptr [esi+4], 0
loc_408356: ; CODE XREF: sub_408305+20�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40836C
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_408368: ; CODE XREF: sub_408305+35�j
mov edx, eax
jmp short loc_408331
sub_408305 endp
; =============== S U B R O U T I N E =======================================
sub_40836C proc near ; CODE XREF: sub_408305+58�p
push 0Eh
call sub_405CCF
pop ecx
retn
sub_40836C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408380 proc near ; CODE XREF: sub_4033D7+C�p
; sub_40B5AB+25�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_4083CC
loc_408390: ; CODE XREF: sub_408380+3C�j
; sub_408380+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_4083C4
or al, al
jz short loc_4083C0
cmp ah, [ecx+1]
jnz short loc_4083C4
or ah, ah
jz short loc_4083C0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_4083C4
or al, al
jz short loc_4083C0
cmp ah, [ecx+3]
jnz short loc_4083C4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_408390
mov edi, edi
loc_4083C0: ; CODE XREF: sub_408380+18�j
; sub_408380+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4083C4: ; CODE XREF: sub_408380+14�j
; sub_408380+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_4083CC: ; CODE XREF: sub_408380+E�j
test edx, 1
jz short loc_4083EC
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_4083C4
add ecx, 1
or al, al
jz short loc_4083C0
test edx, 2
jz short loc_408390
loc_4083EC: ; CODE XREF: sub_408380+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_4083C4
or al, al
jz short loc_4083C0
cmp ah, [ecx+1]
jnz short loc_4083C4
or ah, ah
jz short loc_4083C0
add ecx, 2
jmp short loc_408390
sub_408380 endp
; =============== S U B R O U T I N E =======================================
sub_408408 proc near ; CODE XREF: sub_407EC9+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_427A04, eax
retn
sub_408408 endp
; =============== S U B R O U T I N E =======================================
sub_408412 proc near ; CODE XREF: sub_40340B+B�p
; sub_403AA0+8C�p ...
arg_0 = dword ptr 4
push dword_427A04
call sub_405543
test eax, eax
pop ecx
jz short loc_408431
push [esp+arg_0]
call eax ; sub_41C8D9
test eax, eax
pop ecx
jz short loc_408431
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_408431: ; CODE XREF: sub_408412+E�j
; sub_408412+19�j
xor eax, eax
retn
sub_408412 endp
; =============== S U B R O U T I N E =======================================
sub_408434 proc near ; CODE XREF: sub_406B86+76�p
; sub_406B86+82�p ...
mov eax, offset dword_423950
retn
sub_408434 endp
; =============== S U B R O U T I N E =======================================
sub_40843A proc near ; DATA XREF: c.7ld2ih:0041D2DC�o
mov eax, dword_436820
test eax, eax
push esi
push 14h
pop esi
jnz short loc_40844E
mov eax, 200h
jmp short loc_408454
; ---------------------------------------------------------------------------
loc_40844E: ; CODE XREF: sub_40843A+B�j
cmp eax, esi
jge short loc_408459
mov eax, esi
loc_408454: ; CODE XREF: sub_40843A+12�j
mov dword_436820, eax
loc_408459: ; CODE XREF: sub_40843A+16�j
push 4
push eax
call sub_407B2A
test eax, eax
pop ecx
pop ecx
mov dword_435800, eax
jnz short loc_40848A
push 4
push esi
mov dword_436820, esi
call sub_407B2A
test eax, eax
pop ecx
pop ecx
mov dword_435800, eax
jnz short loc_40848A
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40848A: ; CODE XREF: sub_40843A+30�j
; sub_40843A+49�j
xor edx, edx
mov ecx, offset dword_423950
jmp short loc_408498
; ---------------------------------------------------------------------------
loc_408493: ; CODE XREF: sub_40843A+6D�j
mov eax, dword_435800
loc_408498: ; CODE XREF: sub_40843A+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_423BD0
jl short loc_408493
push 0FFFFFFFEh
pop esi
xor edx, edx
mov ecx, offset dword_423960
push edi
loc_4084B4: ; CODE XREF: sub_40843A+AA�j
mov edi, edx
and edi, 1Fh
imul edi, 28h
mov eax, edx
sar eax, 5
mov eax, dword_435700[eax*4]
mov eax, [edi+eax]
cmp eax, 0FFFFFFFFh
jz short loc_4084D8
cmp eax, esi
jz short loc_4084D8
test eax, eax
jnz short loc_4084DA
loc_4084D8: ; CODE XREF: sub_40843A+94�j
; sub_40843A+98�j
mov [ecx], esi
loc_4084DA: ; CODE XREF: sub_40843A+9C�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4239C0
jl short loc_4084B4
pop edi
xor eax, eax
pop esi
retn
sub_40843A endp
; =============== S U B R O U T I N E =======================================
sub_4084EB proc near ; DATA XREF: c.7ld2ih:0041D2F8�o
call sub_409108
cmp byte_4279F0, 0
jz short loc_4084FE
call sub_40E383
loc_4084FE: ; CODE XREF: sub_4084EB+C�j
push dword_435800
call sub_4039C3
pop ecx
retn
sub_4084EB endp
; =============== S U B R O U T I N E =======================================
sub_40850B proc near ; CODE XREF: sub_4035C7+4F�p
; sub_403884+50�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset dword_423950
cmp eax, ecx
jb short loc_40852F
cmp eax, offset dword_423BB0
ja short loc_40852F
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_405DA7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40852F: ; CODE XREF: sub_40850B+B�j
; sub_40850B+12�j
add eax, 20h
push eax
call ds:off_41D164
retn
sub_40850B endp
; =============== S U B R O U T I N E =======================================
sub_40853A proc near ; CODE XREF: sub_408851+66�p
; sub_40902E+46�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_40854E
add eax, 10h
push eax
call sub_405DA7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40854E: ; CODE XREF: sub_40853A+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:off_41D164
retn
sub_40853A endp
; =============== S U B R O U T I N E =======================================
sub_40855D proc near ; CODE XREF: sub_4035AA+3�p
; sub_40370C+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset dword_423950
cmp eax, ecx
jb short loc_408581
cmp eax, offset dword_423BB0
ja short loc_408581
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_405CCF
pop ecx
retn
; ---------------------------------------------------------------------------
loc_408581: ; CODE XREF: sub_40855D+B�j
; sub_40855D+12�j
add eax, 20h
push eax
call ds:off_41D168
retn
sub_40855D endp
; =============== S U B R O U T I N E =======================================
sub_40858C proc near ; CODE XREF: sub_408851+7D�p
; sub_4090D0+9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4085A0
add eax, 10h
push eax
call sub_405CCF
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4085A0: ; CODE XREF: sub_40858C+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:off_41D168
retn
sub_40858C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085AF proc near ; CODE XREF: sub_4034F0+9A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_427EC4
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_10], ebx
jmp short loc_4085D0
; ---------------------------------------------------------------------------
loc_4085CF: ; CODE XREF: sub_4085AF+24�j
inc esi
loc_4085D0: ; CODE XREF: sub_4085AF+1E�j
cmp byte ptr [esi], 20h
jz short loc_4085CF
mov al, [esi]
cmp al, 61h
jz short loc_408614
cmp al, 72h
jz short loc_40860B
cmp al, 77h
jz short loc_408602
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
xor eax, eax
jmp loc_40884D
; ---------------------------------------------------------------------------
loc_408602: ; CODE XREF: sub_4085AF+32�j
mov [ebp+arg_4], 301h
jmp short loc_40861B
; ---------------------------------------------------------------------------
loc_40860B: ; CODE XREF: sub_4085AF+2E�j
or [ebp+var_4], 1
mov [ebp+arg_4], ebx
jmp short loc_40861F
; ---------------------------------------------------------------------------
loc_408614: ; CODE XREF: sub_4085AF+2A�j
mov [ebp+arg_4], 109h
loc_40861B: ; CODE XREF: sub_4085AF+5A�j
or [ebp+var_4], 2
loc_40861F: ; CODE XREF: sub_4085AF+63�j
xor ecx, ecx
inc ecx
inc esi
mov al, [esi]
cmp al, bl
push edi
jz loc_4087E7
mov edx, 80h
mov edi, 4000h
loc_408638: ; CODE XREF: sub_4085AF+1B6�j
cmp ecx, ebx
jz loc_40876B
movsx eax, al
cmp eax, 53h
jg loc_4086EE
jz loc_4086DC
sub eax, 20h
jz loc_408760
sub eax, 0Bh
jz short loc_4086B6
dec eax
jz short loc_4086AA
sub eax, 18h
jz short loc_408697
sub eax, 0Ah
jz short loc_40868F
sub eax, 4
jnz loc_4087F0
cmp [ebp+var_8], ebx
jnz loc_408755
or [ebp+arg_4], 10h
mov [ebp+var_8], 1
jmp loc_408760
; ---------------------------------------------------------------------------
loc_40868F: ; CODE XREF: sub_4085AF+BC�j
or [ebp+arg_4], edx
jmp loc_408760
; ---------------------------------------------------------------------------
loc_408697: ; CODE XREF: sub_4085AF+B7�j
test byte ptr [ebp+arg_4], 40h
jnz loc_408755
or [ebp+arg_4], 40h
jmp loc_408760
; ---------------------------------------------------------------------------
loc_4086AA: ; CODE XREF: sub_4085AF+B2�j
mov [ebp+var_10], 1
jmp loc_408755
; ---------------------------------------------------------------------------
loc_4086B6: ; CODE XREF: sub_4085AF+AF�j
test byte ptr [ebp+arg_4], 2
jnz loc_408755
mov eax, [ebp+arg_4]
and eax, 0FFFFFFFEh
or eax, 2
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 0FFFFFFFCh
or eax, edx
mov [ebp+var_4], eax
jmp loc_408760
; ---------------------------------------------------------------------------
loc_4086DC: ; CODE XREF: sub_4085AF+9D�j
cmp [ebp+var_8], ebx
jnz short loc_408755
or [ebp+arg_4], 20h
mov [ebp+var_8], 1
jmp short loc_408760
; ---------------------------------------------------------------------------
loc_4086EE: ; CODE XREF: sub_4085AF+97�j
sub eax, 54h
jz short loc_40874D
sub eax, 0Eh
jz short loc_40873C
dec eax
jz short loc_40872B
sub eax, 0Bh
jz short loc_408716
sub eax, 6
jnz loc_4087F0
test word ptr [ebp+arg_4], 0C000h
jnz short loc_408755
or [ebp+arg_4], edi
jmp short loc_408760
; ---------------------------------------------------------------------------
loc_408716: ; CODE XREF: sub_4085AF+14F�j
cmp [ebp+var_C], ebx
jnz short loc_408755
and [ebp+var_4], 0FFFFBFFFh
mov [ebp+var_C], 1
jmp short loc_408760
; ---------------------------------------------------------------------------
loc_40872B: ; CODE XREF: sub_4085AF+14A�j
cmp [ebp+var_C], ebx
jnz short loc_408755
or [ebp+var_4], edi
mov [ebp+var_C], 1
jmp short loc_408760
; ---------------------------------------------------------------------------
loc_40873C: ; CODE XREF: sub_4085AF+147�j
test word ptr [ebp+arg_4], 0C000h
jnz short loc_408755
or [ebp+arg_4], 8000h
jmp short loc_408760
; ---------------------------------------------------------------------------
loc_40874D: ; CODE XREF: sub_4085AF+142�j
test word ptr [ebp+arg_4], 1000h
jz short loc_408759
loc_408755: ; CODE XREF: sub_4085AF+CA�j
; sub_4085AF+EC�j ...
xor ecx, ecx
jmp short loc_408760
; ---------------------------------------------------------------------------
loc_408759: ; CODE XREF: sub_4085AF+1A4�j
or [ebp+arg_4], 1000h
loc_408760: ; CODE XREF: sub_4085AF+A6�j
; sub_4085AF+DB�j ...
inc esi
mov al, [esi]
cmp al, bl
jnz loc_408638
loc_40876B: ; CODE XREF: sub_4085AF+8B�j
cmp [ebp+var_10], ebx
jz short loc_4087E7
jmp short loc_408773
; ---------------------------------------------------------------------------
loc_408772: ; CODE XREF: sub_4085AF+1C7�j
inc esi
loc_408773: ; CODE XREF: sub_4085AF+1C1�j
cmp byte ptr [esi], 20h
jz short loc_408772
push 4
push esi
push offset aCcs ; "ccs="
call sub_40EEE0
add esp, 0Ch
test eax, eax
jnz short loc_4087F0
add esi, 4
push offset aUtf8 ; "UTF-8"
push esi
call sub_40ED64
test eax, eax
pop ecx
pop ecx
jnz short loc_4087AC
add esi, 5
or [ebp+arg_4], 40000h
jmp short loc_4087E7
; ---------------------------------------------------------------------------
loc_4087AC: ; CODE XREF: sub_4085AF+1EF�j
push offset aUtf16le ; "UTF-16LE"
push esi
call sub_40ED64
test eax, eax
pop ecx
pop ecx
jnz short loc_4087C9
add esi, 8
or [ebp+arg_4], 20000h
jmp short loc_4087E7
; ---------------------------------------------------------------------------
loc_4087C9: ; CODE XREF: sub_4085AF+20C�j
push offset aUnicode ; "UNICODE"
push esi
call sub_40ED64
test eax, eax
pop ecx
pop ecx
jnz short loc_4087F0
add esi, 7
or [ebp+arg_4], 10000h
jmp short loc_4087E7
; ---------------------------------------------------------------------------
loc_4087E6: ; CODE XREF: sub_4085AF+23B�j
inc esi
loc_4087E7: ; CODE XREF: sub_4085AF+79�j
; sub_4085AF+1BF�j ...
cmp byte ptr [esi], 20h
jz short loc_4087E6
cmp [esi], bl
jz short loc_40880A
loc_4087F0: ; CODE XREF: sub_4085AF+C1�j
; sub_4085AF+154�j ...
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
jmp short loc_408828
; ---------------------------------------------------------------------------
loc_40880A: ; CODE XREF: sub_4085AF+23F�j
push 180h
push [ebp+arg_8]
lea eax, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call sub_40EB2C
add esp, 14h
test eax, eax
jz short loc_40882C
loc_408828: ; CODE XREF: sub_4085AF+259�j
xor eax, eax
jmp short loc_40884C
; ---------------------------------------------------------------------------
loc_40882C: ; CODE XREF: sub_4085AF+277�j
mov eax, [ebp+arg_C]
inc dword_427A08
mov ecx, [ebp+var_4]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_10]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_40884C: ; CODE XREF: sub_4085AF+27B�j
pop edi
loc_40884D: ; CODE XREF: sub_4085AF+4E�j
pop esi
pop ebx
leave
retn
sub_4085AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408851 proc near ; CODE XREF: sub_4034F0+54�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421848
call __SEH_prolog4
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_408871: ; CODE XREF: sub_408851+85�j
mov [ebp+var_20], esi
cmp esi, dword_436820
jge loc_408941
mov eax, dword_435800
lea eax, [eax+esi*4]
cmp [eax], ebx
jz short loc_4088DC
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jnz short loc_4088D5
lea eax, [esi-3]
cmp eax, 10h
ja short loc_4088AE
lea eax, [esi+10h]
push eax
call sub_405CE4
pop ecx
test eax, eax
jz loc_408941
loc_4088AE: ; CODE XREF: sub_408851+49�j
mov eax, dword_435800
push dword ptr [eax+esi*4]
push esi
call sub_40853A
pop ecx
pop ecx
mov eax, dword_435800
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_4088D8
push eax
push esi
call sub_40858C
pop ecx
pop ecx
loc_4088D5: ; CODE XREF: sub_408851+41�j
inc esi
jmp short loc_408871
; ---------------------------------------------------------------------------
loc_4088D8: ; CODE XREF: sub_408851+79�j
mov edi, eax
jmp short loc_40893E
; ---------------------------------------------------------------------------
loc_4088DC: ; CODE XREF: sub_408851+39�j
shl esi, 2
push 38h
call sub_407AEA
pop ecx
mov ecx, dword_435800
mov [esi+ecx], eax
mov eax, dword_435800
add eax, esi
cmp [eax], ebx
jz short loc_408941
push 0FA0h
mov eax, [eax]
add eax, 20h
push eax
call sub_40CEC4
pop ecx
pop ecx
test eax, eax
mov eax, dword_435800
jnz short loc_408929
push dword ptr [esi+eax]
call sub_4039C3
pop ecx
mov eax, dword_435800
mov [esi+eax], ebx
jmp short loc_408941
; ---------------------------------------------------------------------------
loc_408929: ; CODE XREF: sub_408851+C3�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:off_41D164
mov eax, dword_435800
mov edi, [esi+eax]
loc_40893E: ; CODE XREF: sub_408851+89�j
mov [ebp+var_1C], edi
loc_408941: ; CODE XREF: sub_408851+29�j
; sub_408851+57�j ...
cmp edi, ebx
jz short loc_408957
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_408957: ; CODE XREF: sub_408851+F2�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40896E
mov eax, edi
call __SEH_epilog4
retn
sub_408851 endp
; ---------------------------------------------------------------------------
mov edi, [ebp-1Ch]
; =============== S U B R O U T I N E =======================================
sub_40896E proc near ; CODE XREF: sub_408851+10D�p
push 1
call sub_405CCF
pop ecx
retn
sub_40896E endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_408978 proc near ; CODE XREF: sub_4034F0+8A�p
; sub_408978+BD�p ...
var_20 = dword ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
mov edx, [esp+0Ch+arg_0]
mov eax, [esp+0Ch+arg_4]
mov ecx, [esp+0Ch+arg_8]
push ebp
push edx
push eax
push ecx
push ecx
push offset loc_408A08
push large dword ptr fs:0
mov eax, dword_423064
xor eax, esp
mov [esp+28h+var_20], eax
mov large fs:0, esp
loc_4089AA: ; CODE XREF: sub_408978+64�j
; sub_408978+80�j
mov eax, [esp+28h+arg_4]
mov ebx, [eax+8]
mov ecx, [esp+28h+arg_0]
xor ebx, [ecx]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFEh
jz short loc_4089FA
mov edx, [esp+28h+arg_8]
cmp edx, 0FFFFFFFEh
jz short loc_4089CC
cmp esi, edx
jbe short loc_4089FA
loc_4089CC: ; CODE XREF: sub_408978+4E�j
lea esi, [esi+esi*2]
lea ebx, [ebx+esi*4+10h]
mov ecx, [ebx]
mov [eax+0Ch], ecx
cmp dword ptr [ebx+4], 0
jnz short loc_4089AA
push 101h
mov eax, [ebx+8]
call sub_40F00D
mov ecx, 1
mov eax, [ebx+8]
call sub_40F02C
jmp short loc_4089AA
; ---------------------------------------------------------------------------
loc_4089FA: ; CODE XREF: sub_408978+45�j
; sub_408978+52�j
pop large dword ptr fs:0
add esp, 18h
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408A08: ; DATA XREF: sub_408978+14�o
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_408A4D
mov eax, [esp+arg_4]
mov ecx, [eax+8]
xor ecx, eax
call sub_402AD0
push ebp
mov ebp, [eax+18h]
push dword ptr [eax+0Ch]
push dword ptr [eax+10h]
push dword ptr [eax+14h]
call sub_408978
add esp, 0Ch
pop ebp
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_408A4D: ; CODE XREF: sub_408978+A0�j
retn
sub_408978 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
push dword ptr [ecx+1Ch]
push dword ptr [ecx+18h]
push dword ptr [ecx+28h]
call sub_408978
add esp, 0Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_408A6A proc near ; CODE XREF: sub_4069F0+89�p
push ebp
push esi
push edi
push ebx
mov ebp, edx
xor eax, eax
xor ebx, ebx
xor edx, edx
xor esi, esi
xor edi, edi
call ecx
pop ebx
pop edi
pop esi
pop ebp
retn
sub_408A6A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4069F0
loc_408A81: ; CODE XREF: sub_4069F0+170�j
mov ebp, edx
mov esi, ecx
mov eax, ecx
push 1
call sub_40F00D
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
jmp esi
; END OF FUNCTION CHUNK FOR sub_4069F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A9A proc near ; CODE XREF: sub_4069F0+11F�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0
push 0
push offset loc_408AAF
push ecx
call sub_413D26
loc_408AAF: ; DATA XREF: sub_408A9A+A�o
pop edi
pop esi
pop ebx
pop ebp
retn
sub_408A9A endp
; =============== S U B R O U T I N E =======================================
sub_408AB4 proc near ; CODE XREF: sub_4069F0+137�p
; sub_4069F0+18C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_0]
push edx
push ecx
push [esp+0Ch+arg_4]
call sub_408978
add esp, 0Ch
pop ebp
retn 8
sub_408AB4 endp
; =============== S U B R O U T I N E =======================================
sub_408ACB proc near ; CODE XREF: sub_4035C7+10E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_408DD0
push eax
call sub_40D8F0
test eax, eax
pop ecx
pop ecx
jz short loc_408B5D
call sub_408434
add eax, 20h
cmp esi, eax
jnz short loc_408AF2
xor eax, eax
jmp short loc_408B01
; ---------------------------------------------------------------------------
loc_408AF2: ; CODE XREF: sub_408ACB+21�j
call sub_408434
add eax, 40h
cmp esi, eax
jnz short loc_408B5D
xor eax, eax
inc eax
loc_408B01: ; CODE XREF: sub_408ACB+25�j
inc dword_427A08
test word ptr [esi+0Ch], 10Ch
jnz short loc_408B5D
push ebx
push edi
lea edi, ds:427A0Ch[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_408B42
push ebx
call sub_407AEA
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_408B42
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_408B4F
; ---------------------------------------------------------------------------
loc_408B42: ; CODE XREF: sub_408ACB+55�j
; sub_408ACB+62�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_408B4F: ; CODE XREF: sub_408ACB+75�j
or dword ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_408B5D: ; CODE XREF: sub_408ACB+15�j
; sub_408ACB+31�j ...
xor eax, eax
pop esi
retn
sub_408ACB endp
; =============== S U B R O U T I N E =======================================
sub_408B61 proc near ; CODE XREF: sub_4035C7+128�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_408B8F
push esi
mov esi, [esp+4+arg_4]
test word ptr [esi+0Ch], 1000h
jz short loc_408B8E
push esi
call sub_408F8A
and dword ptr [esi+0Ch], 0FFFFEEFFh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_408B8E: ; CODE XREF: sub_408B61+12�j
pop esi
locret_408B8F: ; CODE XREF: sub_408B61+5�j
retn
sub_408B61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B90 proc near ; CODE XREF: .text:004043EE�p
var_64 = byte ptr -64h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 54h
push offset dword_421868
call __SEH_prolog4
xor edi, edi
mov [ebp+ms_exc.disabled], edi
lea eax, [ebp+var_64]
push eax
call ds:off_41D1A8
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
push 28h
push 20h
pop esi
push esi
call sub_407B2A
pop ecx
pop ecx
cmp eax, edi
jz loc_408DC7
mov dword_435700, eax
mov dword_4356E8, esi
lea ecx, [eax+500h]
jmp short loc_408C03
; ---------------------------------------------------------------------------
loc_408BDA: ; CODE XREF: sub_408B90+75�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov [eax+8], edi
mov byte ptr [eax+24h], 0
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov ecx, dword_435700
add ecx, 500h
loc_408C03: ; CODE XREF: sub_408B90+48�j
cmp eax, ecx
jb short loc_408BDA
cmp [ebp+var_32], di
jz loc_408D0E
mov eax, [ebp+var_30]
cmp eax, edi
jz loc_408D0E
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_1C], eax
mov eax, 800h
cmp edi, eax
jl short loc_408C32
mov edi, eax
loc_408C32: ; CODE XREF: sub_408B90+9E�j
xor esi, esi
inc esi
jmp short loc_408C89
; ---------------------------------------------------------------------------
loc_408C37: ; CODE XREF: sub_408B90+FF�j
push 28h
push 20h
call sub_407B2A
pop ecx
pop ecx
test eax, eax
jz short loc_408C93
lea ecx, ds:435700h[esi*4]
mov [ecx], eax
add dword_4356E8, 20h
lea edx, [eax+500h]
jmp short loc_408C84
; ---------------------------------------------------------------------------
loc_408C5E: ; CODE XREF: sub_408B90+F6�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
and byte ptr [eax+24h], 80h
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov edx, [ecx]
add edx, 500h
loc_408C84: ; CODE XREF: sub_408B90+CC�j
cmp eax, edx
jb short loc_408C5E
inc esi
loc_408C89: ; CODE XREF: sub_408B90+A5�j
cmp dword_4356E8, edi
jl short loc_408C37
jmp short loc_408C99
; ---------------------------------------------------------------------------
loc_408C93: ; CODE XREF: sub_408B90+B4�j
mov edi, dword_4356E8
loc_408C99: ; CODE XREF: sub_408B90+101�j
and [ebp+var_20], 0
test edi, edi
jle short loc_408D0E
loc_408CA1: ; CODE XREF: sub_408B90+17C�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_408D01
cmp ecx, 0FFFFFFFEh
jz short loc_408D01
mov al, [ebx]
test al, 1
jz short loc_408D01
test al, 8
jnz short loc_408CC5
push ecx
call ds:off_41D144
test eax, eax
jz short loc_408D01
loc_408CC5: ; CODE XREF: sub_408B90+128�j
mov esi, [ebp+var_20]
mov eax, esi
sar eax, 5
and esi, 1Fh
imul esi, 28h
add esi, dword_435700[eax*4]
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [esi], eax
mov al, [ebx]
mov [esi+4], al
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CEC4
pop ecx
pop ecx
test eax, eax
jz loc_408DC7
inc dword ptr [esi+8]
loc_408D01: ; CODE XREF: sub_408B90+119�j
; sub_408B90+11E�j ...
inc [ebp+var_20]
inc ebx
add [ebp+var_1C], 4
cmp [ebp+var_20], edi
jl short loc_408CA1
loc_408D0E: ; CODE XREF: sub_408B90+7B�j
; sub_408B90+86�j ...
xor ebx, ebx
loc_408D10: ; CODE XREF: sub_408B90+213�j
mov esi, ebx
imul esi, 28h
add esi, dword_435700
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_408D2D
cmp eax, 0FFFFFFFEh
jz short loc_408D2D
or byte ptr [esi+4], 80h
jmp short loc_408D9F
; ---------------------------------------------------------------------------
loc_408D2D: ; CODE XREF: sub_408B90+190�j
; sub_408B90+195�j
mov byte ptr [esi+4], 81h
test ebx, ebx
jnz short loc_408D3A
push 0FFFFFFF6h
pop eax
jmp short loc_408D44
; ---------------------------------------------------------------------------
loc_408D3A: ; CODE XREF: sub_408B90+1A3�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_408D44: ; CODE XREF: sub_408B90+1A8�j
push eax
call ds:off_41D148
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_408D95
test edi, edi
jz short loc_408D95
push edi
call ds:off_41D144
test eax, eax
jz short loc_408D95
mov [esi], edi
and eax, 0FFh
cmp eax, 2
jnz short loc_408D73
or byte ptr [esi+4], 40h
jmp short loc_408D7C
; ---------------------------------------------------------------------------
loc_408D73: ; CODE XREF: sub_408B90+1DB�j
cmp eax, 3
jnz short loc_408D7C
or byte ptr [esi+4], 8
loc_408D7C: ; CODE XREF: sub_408B90+1E1�j
; sub_408B90+1E6�j
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CEC4
pop ecx
pop ecx
test eax, eax
jz short loc_408DC7
inc dword ptr [esi+8]
jmp short loc_408D9F
; ---------------------------------------------------------------------------
loc_408D95: ; CODE XREF: sub_408B90+1C0�j
; sub_408B90+1C4�j ...
or byte ptr [esi+4], 40h
mov dword ptr [esi], 0FFFFFFFEh
loc_408D9F: ; CODE XREF: sub_408B90+19B�j
; sub_408B90+203�j
inc ebx
cmp ebx, 3
jl loc_408D10
push dword_4356E8
call ds:off_41D14C
xor eax, eax
jmp short loc_408DCA
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_408DC7: ; CODE XREF: sub_408B90+31�j
; sub_408B90+168�j ...
or eax, 0FFFFFFFFh
loc_408DCA: ; CODE XREF: sub_408B90+227�j
call __SEH_epilog4
retn
sub_408B90 endp
; =============== S U B R O U T I N E =======================================
sub_408DD0 proc near ; CODE XREF: sub_4035C7+63�p
; sub_4035C7+6F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_408DF8
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408DF8: ; CODE XREF: sub_408DD0+9�j
mov eax, [eax+10h]
pop esi
retn
sub_408DD0 endp
; =============== S U B R O U T I N E =======================================
sub_408DFD proc near ; CODE XREF: sub_408E91+94�p
; sub_40E422+340�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_40F12D
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408E5C
cmp esi, 1
mov eax, dword_435700
jnz short loc_408E1F
test byte ptr [eax+54h], 1
jnz short loc_408E2A
loc_408E1F: ; CODE XREF: sub_408DFD+1A�j
cmp esi, 2
jnz short loc_408E40
test byte ptr [eax+2Ch], 1
jz short loc_408E40
loc_408E2A: ; CODE XREF: sub_408DFD+20�j
push 2
call sub_40F12D
push 1
mov edi, eax
call sub_40F12D
cmp eax, edi
pop ecx
pop ecx
jz short loc_408E5C
loc_408E40: ; CODE XREF: sub_408DFD+25�j
; sub_408DFD+2B�j
push esi
call sub_40F12D
pop ecx
push eax
call ds:off_41D0D8
test eax, eax
jnz short loc_408E5C
call ds:off_41D0EC
mov edi, eax
jmp short loc_408E5E
; ---------------------------------------------------------------------------
loc_408E5C: ; CODE XREF: sub_408DFD+10�j
; sub_408DFD+41�j ...
xor edi, edi
loc_408E5E: ; CODE XREF: sub_408DFD+5D�j
push esi
call sub_40F0AC
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
test edi, edi
mov eax, dword_435700[eax*4]
pop ecx
mov byte ptr [eax+esi+4], 0
jz short loc_408E8C
push edi
call sub_405BA9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_408E8E
; ---------------------------------------------------------------------------
loc_408E8C: ; CODE XREF: sub_408DFD+81�j
xor eax, eax
loc_408E8E: ; CODE XREF: sub_408DFD+8D�j
pop edi
pop esi
retn
sub_408DFD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E91 proc near ; CODE XREF: sub_403811+48�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421888
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_408EC0
call sub_405B96
and dword ptr [eax], 0
call sub_405B83
mov dword ptr [eax], 9
loc_408EB8: ; CODE XREF: sub_408E91+5C�j
or eax, 0FFFFFFFFh
jmp loc_408F4E
; ---------------------------------------------------------------------------
loc_408EC0: ; CODE XREF: sub_408E91+12�j
xor edi, edi
cmp eax, edi
jl short loc_408ECE
cmp eax, dword_4356E8
jb short loc_408EEF
loc_408ECE: ; CODE XREF: sub_408E91+33�j
; sub_408E91+7C�j
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
jmp short loc_408EB8
; ---------------------------------------------------------------------------
loc_408EEF: ; CODE XREF: sub_408E91+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:435700h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_408ECE
push eax
call sub_40F19E
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_408F30
push [ebp+arg_0]
call sub_408DFD
pop ecx
mov [ebp+var_1C], eax
jmp short loc_408F3F
; ---------------------------------------------------------------------------
loc_408F30: ; CODE XREF: sub_408E91+8F�j
call sub_405B83
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_408F3F: ; CODE XREF: sub_408E91+9D�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408F54
mov eax, [ebp+var_1C]
loc_408F4E: ; CODE XREF: sub_408E91+2A�j
call __SEH_epilog4
retn
sub_408E91 endp
; =============== S U B R O U T I N E =======================================
sub_408F54 proc near ; CODE XREF: sub_408E91+B5�p
push dword ptr [ebp+8]
call sub_40F23E
pop ecx
retn
sub_408F54 endp
; =============== S U B R O U T I N E =======================================
sub_408F5E proc near ; CODE XREF: sub_403811+3C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_408F88
test al, 8
jz short loc_408F88
push dword ptr [esi+8]
call sub_4039C3
and dword ptr [esi+0Ch], 0FFFFFBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_408F88: ; CODE XREF: sub_408F5E+A�j
; sub_408F5E+E�j
pop esi
retn
sub_408F5E endp
; =============== S U B R O U T I N E =======================================
sub_408F8A proc near ; CODE XREF: sub_403811+34�p
; sub_408B61+15�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_408FDE
test ax, 108h
jz short loc_408FDE
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_408FDD
push edi
push eax
push esi
call sub_408DD0
pop ecx
push eax
call sub_40D7D0
add esp, 0Ch
cmp eax, edi
jnz short loc_408FD6
mov eax, [esi+0Ch]
test al, al
jns short loc_408FDD
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_408FDD
; ---------------------------------------------------------------------------
loc_408FD6: ; CODE XREF: sub_408F8A+3B�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_408FDD: ; CODE XREF: sub_408F8A+25�j
; sub_408F8A+42�j ...
pop edi
loc_408FDE: ; CODE XREF: sub_408F8A+13�j
; sub_408F8A+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_408F8A endp
; =============== S U B R O U T I N E =======================================
sub_408FEC proc near ; CODE XREF: sub_40902E+69�p
; sub_40902E+84�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_408FFE
push esi
call sub_40902E
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_408FFE: ; CODE XREF: sub_408FEC+7�j
push esi
call sub_408F8A
test eax, eax
pop ecx
jz short loc_40900E
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40900E: ; CODE XREF: sub_408FEC+1B�j
test word ptr [esi+0Ch], 4000h
jz short loc_40902A
push esi
call sub_408DD0
push eax
call sub_40F3FF
pop ecx
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40902A: ; CODE XREF: sub_408FEC+28�j
xor eax, eax
pop esi
retn
sub_408FEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40902E proc near ; CODE XREF: sub_408FEC+A�p
; sub_409108+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004090E1 SIZE 0000001E BYTES
push 14h
push offset dword_4218A8
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_24], edi
push 1
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_40904F: ; CODE XREF: sub_40902E+9B�j
mov [ebp+var_20], esi
cmp esi, dword_436820
jge loc_4090E1
mov eax, dword_435800
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_4090C8
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_4090C8
push eax
push esi
call sub_40853A
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_435800
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_4090C0
cmp [ebp+arg_0], edx
jnz short loc_4090A7
push eax
call sub_408FEC
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4090C0
inc [ebp+var_1C]
jmp short loc_4090C0
; ---------------------------------------------------------------------------
loc_4090A7: ; CODE XREF: sub_40902E+66�j
cmp [ebp+arg_0], edi
jnz short loc_4090C0
test cl, 2
jz short loc_4090C0
push eax
call sub_408FEC
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_4090C0
or [ebp+var_24], eax
loc_4090C0: ; CODE XREF: sub_40902E+61�j
; sub_40902E+72�j ...
mov [ebp+ms_exc.disabled], edi
call sub_4090D0
loc_4090C8: ; CODE XREF: sub_40902E+3A�j
; sub_40902E+42�j
inc esi
jmp short loc_40904F
sub_40902E endp
; ---------------------------------------------------------------------------
xor edi, edi
mov esi, [ebp-20h]
; =============== S U B R O U T I N E =======================================
sub_4090D0 proc near ; CODE XREF: sub_40902E+95�p
mov eax, dword_435800
push dword ptr [eax+esi*4]
push esi
call sub_40858C
pop ecx
pop ecx
retn
sub_4090D0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40902E
loc_4090E1: ; CODE XREF: sub_40902E+2A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4090FF
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_4090F9
mov eax, [ebp+var_24]
loc_4090F9: ; CODE XREF: sub_40902E+C6�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40902E
; =============== S U B R O U T I N E =======================================
sub_4090FF proc near ; CODE XREF: sub_40902E+BA�p
push 1
call sub_405CCF
pop ecx
retn
sub_4090FF endp
; =============== S U B R O U T I N E =======================================
sub_409108 proc near ; CODE XREF: sub_4084EB�p
push 1
call sub_40902E
pop ecx
retn
sub_409108 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_409120 proc near ; CODE XREF: sub_403900+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_409142
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_409183
; ---------------------------------------------------------------------------
loc_409142: ; CODE XREF: sub_409120+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_409150: ; CODE XREF: sub_409120+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_409150
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_40917E
cmp edx, [esp+8+arg_4]
ja short loc_40917E
jb short loc_40917F
cmp eax, [esp+8+arg_0]
jbe short loc_40917F
loc_40917E: ; CODE XREF: sub_409120+4E�j
; sub_409120+54�j
dec esi
loc_40917F: ; CODE XREF: sub_409120+56�j
; sub_409120+5C�j
xor edx, edx
mov eax, esi
loc_409183: ; CODE XREF: sub_409120+20�j
pop esi
pop ebx
retn 10h
sub_409120 endp
; =============== S U B R O U T I N E =======================================
sub_409188 proc near ; CODE XREF: sub_409217+3CD�p
; sub_409217+447�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esi]
cmp [esp+arg_0], eax
jnz short loc_4091D8
mov ecx, [edi]
cmp ecx, [esp+arg_4]
push 2
push eax
jnz short loc_4091C7
call sub_407B2A
test eax, eax
pop ecx
pop ecx
mov [edi], eax
jnz short loc_4091AB
loc_4091A8: ; CODE XREF: sub_409188+4A�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4091AB: ; CODE XREF: sub_409188+1E�j
mov eax, [esp+arg_8]
mov dword ptr [eax], 1
push dword ptr [esi]
push [esp+4+arg_4]
push dword ptr [edi]
call sub_407FA0
add esp, 0Ch
jmp short loc_4091D6
; ---------------------------------------------------------------------------
loc_4091C7: ; CODE XREF: sub_409188+11�j
push ecx
call sub_407BBD
add esp, 0Ch
test eax, eax
jz short loc_4091A8
mov [edi], eax
loc_4091D6: ; CODE XREF: sub_409188+3D�j
shl dword ptr [esi], 1
loc_4091D8: ; CODE XREF: sub_409188+6�j
xor eax, eax
inc eax
retn
sub_409188 endp
; =============== S U B R O U T I N E =======================================
sub_4091DC proc near ; CODE XREF: sub_4091F2+7�p
; sub_409217+2E1�p ...
dec dword ptr [edx+4]
js short loc_4091EA
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_4091EA: ; CODE XREF: sub_4091DC+3�j
push edx
call sub_40A03D
pop ecx
retn
sub_4091DC endp
; =============== S U B R O U T I N E =======================================
sub_4091F2 proc near ; CODE XREF: sub_409217+14F�p
; sub_409217+2D3�p
arg_0 = dword ptr 4
push ebx
loc_4091F3: ; CODE XREF: sub_4091F2+1F�j
mov edx, [esp+4+arg_0]
inc dword ptr [esi]
call sub_4091DC
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_409213
movzx eax, bl
push eax
call sub_40F626
test eax, eax
pop ecx
jnz short loc_4091F3
loc_409213: ; CODE XREF: sub_4091F2+11�j
mov eax, ebx
pop ebx
retn
sub_4091F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=18Ch
sub_409217 proc near ; DATA XREF: sub_4039A4+10�o
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1F0 = dword ptr -1F0h
var_1EC = byte ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = byte ptr -1DCh
var_1DB = byte ptr -1DBh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C9 = byte ptr -1C9h
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_1A3 = byte ptr -1A3h
var_1A2 = byte ptr -1A2h
var_1A1 = byte ptr -1A1h
var_1A0 = dword ptr -1A0h
var_19A = byte ptr -19Ah
var_199 = byte ptr -199h
var_198 = dword ptr -198h
var_191 = byte ptr -191h
var_190 = dword ptr -190h
var_189 = byte ptr -189h
var_188 = dword ptr -188h
var_184 = byte ptr -184h
var_24 = byte ptr -24h
var_19 = byte ptr -19h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-18Ch]
sub esp, 1FCh
mov eax, dword_423064
xor eax, ebp
mov [ebp+18Ch+var_4], eax
mov eax, [ebp+18Ch+arg_C]
push ebx
push esi
mov esi, [ebp+18Ch+arg_0]
xor ebx, ebx
push edi
mov edi, [ebp+18Ch+arg_4]
cmp edi, ebx
mov [ebp+18Ch+var_1E4], eax
lea eax, [ebp+18Ch+var_184]
mov [ebp+18Ch+var_1A0], esi
mov [ebp+18Ch+var_1B4], edi
mov [ebp+18Ch+var_1B0], eax
mov [ebp+18Ch+var_1D8], 15Eh
mov [ebp+18Ch+var_1D0], ebx
mov [ebp+18Ch+var_1E8], ebx
mov [ebp+18Ch+var_190], ebx
jnz short loc_40928C
loc_40926C: ; CODE XREF: sub_409217+77�j
; sub_409217+C6�j ...
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_409E4C
; ---------------------------------------------------------------------------
loc_40928C: ; CODE XREF: sub_409217+53�j
cmp esi, ebx
jz short loc_40926C
test byte ptr [esi+0Ch], 40h
jnz loc_40932B
push esi
call sub_408DD0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4092D4
push esi
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_4092D4
push esi
call sub_408DD0
sar eax, 5
push esi
lea edi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_4092D9
; ---------------------------------------------------------------------------
loc_4092D4: ; CODE XREF: sub_409217+8D�j
; sub_409217+99�j
mov eax, offset dword_423BD0
loc_4092D9: ; CODE XREF: sub_409217+BB�j
test byte ptr [eax+24h], 7Fh
jnz short loc_40926C
push esi
call sub_408DD0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_409319
push esi
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_409319
push esi
call sub_408DD0
sar eax, 5
push esi
lea edi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40931E
; ---------------------------------------------------------------------------
loc_409319: ; CODE XREF: sub_409217+D2�j
; sub_409217+DE�j
mov eax, offset dword_423BD0
loc_40931E: ; CODE XREF: sub_409217+100�j
test byte ptr [eax+24h], 80h
jnz loc_40926C
mov edi, [ebp+18Ch+var_1B4]
loc_40932B: ; CODE XREF: sub_409217+7D�j
push [ebp+18Ch+arg_8]
lea ecx, [ebp+18Ch+var_1F8]
call sub_402ADF
mov al, [edi]
test al, al
mov [ebp+18Ch+var_1A1], bl
mov [ebp+18Ch+var_188], ebx
mov [ebp+18Ch+var_1C8], ebx
jz loc_409E3C
mov edi, [ebp+18Ch+var_1B4]
loc_40934F: ; CODE XREF: sub_409217+BC2�j
movzx eax, al
push eax
call sub_40F626
test eax, eax
pop ecx
jz short loc_409390
push [ebp+18Ch+var_1A0]
dec [ebp+18Ch+var_188]
lea esi, [ebp+18Ch+var_188]
call sub_4091F2
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40937C
push [ebp+18Ch+var_1A0]
push eax
call sub_40F64F
pop ecx
pop ecx
loc_40937C: ; CODE XREF: sub_409217+158�j
; sub_409217+172�j
inc edi
movzx eax, byte ptr [edi]
push eax
call sub_40F626
test eax, eax
pop ecx
jnz short loc_40937C
jmp loc_409DD5
; ---------------------------------------------------------------------------
loc_409390: ; CODE XREF: sub_409217+144�j
cmp byte ptr [edi], 25h
jnz loc_409D7D
xor eax, eax
mov [ebp+18Ch+var_1E0], eax
mov [ebp+18Ch+var_1C9], al
mov [ebp+18Ch+var_1A8], eax
mov [ebp+18Ch+var_1B8], eax
mov [ebp+18Ch+var_198], eax
mov [ebp+18Ch+var_1A4], al
mov [ebp+18Ch+var_1A3], al
mov [ebp+18Ch+var_199], al
mov [ebp+18Ch+var_189], al
mov [ebp+18Ch+var_1A2], al
mov [ebp+18Ch+var_191], al
mov [ebp+18Ch+var_19A], 1
mov [ebp+18Ch+var_1D4], eax
xor esi, esi
loc_4093C5: ; CODE XREF: sub_409217+279�j
inc edi
movzx ebx, byte ptr [edi]
movzx eax, bl
push eax
call sub_40F52F
test eax, eax
pop ecx
jz short loc_4093EC
mov eax, [ebp+18Ch+var_198]
inc [ebp+18Ch+var_1B8]
imul eax, 0Ah
lea eax, [eax+ebx-30h]
mov [ebp+18Ch+var_198], eax
jmp loc_40948C
; ---------------------------------------------------------------------------
loc_4093EC: ; CODE XREF: sub_409217+1BE�j
cmp ebx, 4Eh
jg short loc_409462
jz loc_40948C
cmp ebx, 2Ah
jz short loc_40945D
cmp ebx, 46h
jz loc_40948C
cmp ebx, 49h
jz short loc_409414
cmp ebx, 4Ch
jnz short loc_409471
inc [ebp+18Ch+var_19A]
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_409414: ; CODE XREF: sub_409217+1F1�j
mov cl, [edi+1]
cmp cl, 36h
jnz short loc_409431
lea eax, [edi+2]
cmp byte ptr [eax], 34h
jnz short loc_409431
loc_409424: ; CODE XREF: sub_409217+265�j
inc [ebp+18Ch+var_1D4]
mov edi, eax
mov [ebp+18Ch+var_1C0], esi
mov [ebp+18Ch+var_1BC], esi
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_409431: ; CODE XREF: sub_409217+203�j
; sub_409217+20B�j
cmp cl, 33h
jnz short loc_409442
lea eax, [edi+2]
cmp byte ptr [eax], 32h
jnz short loc_409442
mov edi, eax
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_409442: ; CODE XREF: sub_409217+21D�j
; sub_409217+225�j
cmp cl, 64h
jz short loc_40948C
cmp cl, 69h
jz short loc_40948C
cmp cl, 6Fh
jz short loc_40948C
cmp cl, 78h
jz short loc_40948C
cmp cl, 58h
jnz short loc_409471
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_40945D: ; CODE XREF: sub_409217+1E3�j
inc [ebp+18Ch+var_199]
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_409462: ; CODE XREF: sub_409217+1D8�j
cmp ebx, 68h
jz short loc_409486
cmp ebx, 6Ch
jz short loc_409476
cmp ebx, 77h
jz short loc_409481
loc_409471: ; CODE XREF: sub_409217+1F6�j
; sub_409217+242�j
inc [ebp+18Ch+var_189]
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_409476: ; CODE XREF: sub_409217+253�j
lea eax, [edi+1]
cmp byte ptr [eax], 6Ch
jz short loc_409424
inc [ebp+18Ch+var_19A]
loc_409481: ; CODE XREF: sub_409217+258�j
inc [ebp+18Ch+var_191]
jmp short loc_40948C
; ---------------------------------------------------------------------------
loc_409486: ; CODE XREF: sub_409217+24E�j
dec [ebp+18Ch+var_19A]
dec [ebp+18Ch+var_191]
loc_40948C: ; CODE XREF: sub_409217+1D0�j
; sub_409217+1DA�j ...
cmp [ebp+18Ch+var_189], 0
jz loc_4093C5
cmp [ebp+18Ch+var_199], 0
mov [ebp+18Ch+var_1B4], edi
jnz short loc_4094AD
mov eax, [ebp+18Ch+var_1E4]
mov esi, [eax]
mov [ebp+18Ch+var_1FC], eax
add eax, 4
mov [ebp+18Ch+var_1E4], eax
loc_4094AD: ; CODE XREF: sub_409217+286�j
cmp [ebp+18Ch+var_191], 0
mov [ebp+18Ch+var_1C4], esi
mov [ebp+18Ch+var_189], 0
jnz short loc_4094CC
mov al, [edi]
cmp al, 53h
jz short loc_4094C8
cmp al, 43h
mov [ebp+18Ch+var_191], 0FFh
jnz short loc_4094CC
loc_4094C8: ; CODE XREF: sub_409217+2A7�j
mov [ebp+18Ch+var_191], 1
loc_4094CC: ; CODE XREF: sub_409217+2A1�j
; sub_409217+2AF�j
movzx ebx, byte ptr [edi]
or ebx, 20h
cmp ebx, 6Eh
mov [ebp+18Ch+var_1AC], ebx
jz short loc_40950F
cmp ebx, 63h
jz short loc_4094F2
cmp ebx, 7Bh
jz short loc_4094F2
push [ebp+18Ch+var_1A0]
lea esi, [ebp+18Ch+var_188]
call sub_4091F2
pop ecx
jmp short loc_4094FD
; ---------------------------------------------------------------------------
loc_4094F2: ; CODE XREF: sub_409217+2C6�j
; sub_409217+2CB�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
loc_4094FD: ; CODE XREF: sub_409217+2D9�j
cmp eax, 0FFFFFFFFh
mov [ebp+18Ch+var_190], eax
jz loc_409E09
mov esi, [ebp+18Ch+var_1C4]
mov edi, [ebp+18Ch+var_1B4]
loc_40950F: ; CODE XREF: sub_409217+2C1�j
mov ecx, [ebp+18Ch+var_1B8]
test ecx, ecx
jz short loc_409520
cmp [ebp+18Ch+var_198], 0
jz loc_409DE1
loc_409520: ; CODE XREF: sub_409217+2FD�j
cmp ebx, 6Fh
jg loc_40992C
jz loc_409B57
cmp ebx, 63h
jz loc_40981E
push 64h
pop eax
cmp ebx, eax
jz loc_409B57
jle loc_409956
cmp ebx, 67h
jle short loc_409586
cmp ebx, 69h
jz short loc_40956E
cmp ebx, 6Eh
jnz loc_409956
cmp [ebp+18Ch+var_199], 0
mov edi, [ebp+18Ch+var_188]
jz loc_409D51
jmp loc_409D71
; ---------------------------------------------------------------------------
loc_40956E: ; CODE XREF: sub_409217+33A�j
mov [ebp+18Ch+var_1AC], eax
loc_409571: ; CODE XREF: sub_409217+734�j
mov ebx, [ebp+18Ch+var_190]
cmp ebx, 2Dh
jnz loc_409A3F
mov [ebp+18Ch+var_1A3], 1
jmp loc_409A44
; ---------------------------------------------------------------------------
loc_409586: ; CODE XREF: sub_409217+335�j
xor ebx, ebx
cmp [ebp+18Ch+var_190], 2Dh
jnz short loc_409597
mov eax, [ebp+18Ch+var_1B0]
mov byte ptr [eax], 2Dh
inc ebx
jmp short loc_40959D
; ---------------------------------------------------------------------------
loc_409597: ; CODE XREF: sub_409217+375�j
cmp [ebp+18Ch+var_190], 2Bh
jnz short loc_4095AE
loc_40959D: ; CODE XREF: sub_409217+37E�j
dec [ebp+18Ch+var_198]
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov [ebp+18Ch+var_190], eax
loc_4095AE: ; CODE XREF: sub_409217+384�j
cmp [ebp+18Ch+var_1B8], 0
jnz short loc_4095B8
or [ebp+18Ch+var_198], 0FFFFFFFFh
loc_4095B8: ; CODE XREF: sub_409217+39B�j
movzx eax, byte ptr [ebp+18Ch+var_190]
jmp short loc_409605
; ---------------------------------------------------------------------------
loc_4095BE: ; CODE XREF: sub_409217+3F7�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz short loc_409610
mov al, byte ptr [ebp+18Ch+var_190]
mov ecx, [ebp+18Ch+var_1B0]
inc [ebp+18Ch+var_1A8]
mov [ebx+ecx], al
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_409188
add esp, 0Ch
test eax, eax
jz loc_409E09
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov [ebp+18Ch+var_190], eax
movzx eax, al
loc_409605: ; CODE XREF: sub_409217+3A5�j
push eax
call sub_40F52F
test eax, eax
pop ecx
jnz short loc_4095BE
loc_409610: ; CODE XREF: sub_409217+3AF�j
mov eax, [ebp+18Ch+var_1F8]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
cmp al, byte ptr [ebp+18Ch+var_190]
mov [ebp+18Ch+var_1A4], al
jnz loc_4096C6
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz loc_4096C6
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ecx, [ebp+18Ch+var_1B0]
mov [ebp+18Ch+var_190], eax
mov al, [ebp+18Ch+var_1A4]
mov [ebx+ecx], al
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_409188
add esp, 0Ch
test eax, eax
jz loc_409E09
movzx eax, byte ptr [ebp+18Ch+var_190]
jmp short loc_4096BB
; ---------------------------------------------------------------------------
loc_409674: ; CODE XREF: sub_409217+4AD�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz short loc_4096C6
mov eax, [ebp+18Ch+var_1B0]
mov cl, byte ptr [ebp+18Ch+var_190]
inc [ebp+18Ch+var_1A8]
mov [ebx+eax], cl
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_409188
add esp, 0Ch
test eax, eax
jz loc_409E09
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov [ebp+18Ch+var_190], eax
movzx eax, al
loc_4096BB: ; CODE XREF: sub_409217+45B�j
push eax
call sub_40F52F
test eax, eax
pop ecx
jnz short loc_409674
loc_4096C6: ; CODE XREF: sub_409217+40C�j
; sub_409217+41A�j ...
cmp [ebp+18Ch+var_1A8], 0
jz loc_4097C6
cmp [ebp+18Ch+var_190], 65h
jz short loc_4096E0
cmp [ebp+18Ch+var_190], 45h
jnz loc_4097C6
loc_4096E0: ; CODE XREF: sub_409217+4BD�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz loc_4097C6
mov eax, [ebp+18Ch+var_1B0]
mov byte ptr [ebx+eax], 65h
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_409188
add esp, 0Ch
test eax, eax
jz loc_409E09
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
cmp eax, 2Dh
mov [ebp+18Ch+var_190], eax
jnz short loc_40974B
mov eax, [ebp+18Ch+var_1B0]
mov byte ptr [ebx+eax], 2Dh
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
call sub_409188
add esp, 0Ch
test eax, eax
jz loc_409E09
jmp short loc_409751
; ---------------------------------------------------------------------------
loc_40974B: ; CODE XREF: sub_409217+50F�j
cmp [ebp+18Ch+var_190], 2Bh
jnz short loc_40976E
loc_409751: ; CODE XREF: sub_409217+532�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jnz short loc_409760
and [ebp+18Ch+var_198], eax
jmp short loc_40976E
; ---------------------------------------------------------------------------
loc_409760: ; CODE XREF: sub_409217+542�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov [ebp+18Ch+var_190], eax
loc_40976E: ; CODE XREF: sub_409217+538�j
; sub_409217+547�j
movzx eax, byte ptr [ebp+18Ch+var_190]
jmp short loc_4097BB
; ---------------------------------------------------------------------------
loc_409774: ; CODE XREF: sub_409217+5AD�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz short loc_4097C6
mov eax, [ebp+18Ch+var_1B0]
mov cl, byte ptr [ebp+18Ch+var_190]
inc [ebp+18Ch+var_1A8]
mov [ebx+eax], cl
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_409188
add esp, 0Ch
test eax, eax
jz loc_409E09
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov [ebp+18Ch+var_190], eax
movzx eax, al
loc_4097BB: ; CODE XREF: sub_409217+55B�j
push eax
call sub_40F52F
test eax, eax
pop ecx
jnz short loc_409774
loc_4097C6: ; CODE XREF: sub_409217+4B3�j
; sub_409217+4C3�j ...
dec [ebp+18Ch+var_188]
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jz short loc_4097DC
push [ebp+18Ch+var_1A0]
push [ebp+18Ch+var_190]
call sub_40F64F
pop ecx
pop ecx
loc_4097DC: ; CODE XREF: sub_409217+5B6�j
cmp [ebp+18Ch+var_1A8], 0
jz loc_409E09
cmp [ebp+18Ch+var_199], 0
jnz loc_409D71
mov eax, [ebp+18Ch+var_1B0]
inc [ebp+18Ch+var_1C8]
lea ecx, [ebp+18Ch+var_1F8]
push ecx
push eax
push [ebp+18Ch+var_1C4]
mov byte ptr [ebx+eax], 0
movsx eax, [ebp+18Ch+var_19A]
dec eax
push eax
push dword_423F9C
call sub_405543
pop ecx
call eax
add esp, 10h
jmp loc_409D71
; ---------------------------------------------------------------------------
loc_40981E: ; CODE XREF: sub_409217+31B�j
test ecx, ecx
jnz short loc_40982C
inc [ebp+18Ch+var_198]
mov [ebp+18Ch+var_1B8], 1
loc_40982C: ; CODE XREF: sub_409217+609�j
; sub_409217+723�j
cmp [ebp+18Ch+var_191], 0
jle short loc_409836
mov [ebp+18Ch+var_1A2], 1
loc_409836: ; CODE XREF: sub_409217+619�j
; sub_409217+823�j
dec [ebp+18Ch+var_188]
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
mov edi, esi
jz short loc_40984E
push [ebp+18Ch+var_1A0]
push [ebp+18Ch+var_190]
call sub_40F64F
pop ecx
pop ecx
loc_40984E: ; CODE XREF: sub_409217+628�j
; sub_409217+8E6�j ...
cmp [ebp+18Ch+var_1B8], 0
jz short loc_409862
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz loc_409B1B
loc_409862: ; CODE XREF: sub_409217+63B�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
cmp eax, 0FFFFFFFFh
mov [ebp+18Ch+var_190], eax
jz loc_409B08
cmp ebx, 63h
jz short loc_4098C7
cmp ebx, 73h
jnz short loc_409896
cmp eax, 9
jl short loc_409891
cmp eax, 0Dh
jle loc_409B08
loc_409891: ; CODE XREF: sub_409217+66F�j
cmp eax, 20h
jnz short loc_4098C7
loc_409896: ; CODE XREF: sub_409217+66A�j
cmp ebx, 7Bh
jnz loc_409B08
movsx ebx, [ebp+18Ch+var_1A4]
xor edx, edx
mov ecx, eax
and ecx, 7
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+18Ch+var_24]
xor ecx, ebx
test edx, ecx
mov ebx, [ebp+18Ch+var_1AC]
jz loc_409B08
loc_4098C7: ; CODE XREF: sub_409217+665�j
; sub_409217+67D�j
cmp [ebp+18Ch+var_199], 0
jnz loc_409B02
cmp [ebp+18Ch+var_1A2], 0
jz loc_409AF7
mov [ebp+18Ch+var_1DC], al
movzx eax, al
push eax
call sub_40CDE6
test eax, eax
pop ecx
jz short loc_4098FA
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov [ebp+18Ch+var_1DB], al
loc_4098FA: ; CODE XREF: sub_409217+6D3�j
lea eax, [ebp+18Ch+var_1F8]
push eax
mov eax, [ebp+18Ch+var_1F8]
mov [ebp+18Ch+var_1E8], 3Fh
push dword ptr [eax+0ACh]
lea eax, [ebp+18Ch+var_1DC]
push eax
lea eax, [ebp+18Ch+var_1E8]
push eax
call sub_40F76D
mov ax, word ptr [ebp+18Ch+var_1E8]
add esp, 10h
mov [esi], ax
inc esi
inc esi
jmp loc_409AFA
; ---------------------------------------------------------------------------
loc_40992C: ; CODE XREF: sub_409217+30C�j
mov eax, ebx
sub eax, 70h
jz loc_409B53
sub eax, 3
jz loc_40982C
dec eax
dec eax
jz loc_409B57
sub eax, 3
jz loc_409571
sub eax, 3
jz short loc_40997A
loc_409956: ; CODE XREF: sub_409217+32C�j
; sub_409217+33F�j
movzx eax, byte ptr [edi]
cmp eax, [ebp+18Ch+var_190]
jnz loc_409DE1
dec [ebp+18Ch+var_1A1]
cmp [ebp+18Ch+var_199], 0
jnz loc_409D71
mov eax, [ebp+18Ch+var_1FC]
mov [ebp+18Ch+var_1E4], eax
jmp loc_409D71
; ---------------------------------------------------------------------------
loc_40997A: ; CODE XREF: sub_409217+73D�j
cmp [ebp+18Ch+var_191], 0
jle short loc_409984
mov [ebp+18Ch+var_1A2], 1
loc_409984: ; CODE XREF: sub_409217+767�j
inc edi
cmp byte ptr [edi], 5Eh
mov esi, edi
jnz short loc_409993
lea esi, [edi+1]
mov [ebp+18Ch+var_1A4], 0FFh
loc_409993: ; CODE XREF: sub_409217+773�j
push 20h
lea eax, [ebp+18Ch+var_24]
push 0
push eax
call sub_407F20
add esp, 0Ch
cmp byte ptr [esi], 5Dh
jnz short loc_4099B7
mov dl, 5Dh
inc esi
mov [ebp+18Ch+var_19], 20h
jmp short loc_409A26
; ---------------------------------------------------------------------------
loc_4099B7: ; CODE XREF: sub_409217+792�j
mov dl, [ebp+18Ch+var_1C9]
jmp short loc_409A26
; ---------------------------------------------------------------------------
loc_4099BC: ; CODE XREF: sub_409217+813�j
inc esi
cmp al, 2Dh
jnz short loc_409A09
test dl, dl
jz short loc_409A09
mov cl, [esi]
cmp cl, 5Dh
jz short loc_409A09
inc esi
cmp dl, cl
jnb short loc_4099D5
mov al, cl
jmp short loc_4099D9
; ---------------------------------------------------------------------------
loc_4099D5: ; CODE XREF: sub_409217+7B8�j
mov al, dl
mov dl, cl
loc_4099D9: ; CODE XREF: sub_409217+7BC�j
cmp dl, al
ja short loc_409A05
sub al, dl
inc al
movzx edi, dl
movzx edx, al
loc_4099E7: ; CODE XREF: sub_409217+7E9�j
mov ecx, edi
and ecx, 7
mov eax, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+18Ch+var_24]
or [eax], bl
inc edi
dec edx
jnz short loc_4099E7
mov ebx, [ebp+18Ch+var_1AC]
loc_409A05: ; CODE XREF: sub_409217+7C4�j
xor dl, dl
jmp short loc_409A26
; ---------------------------------------------------------------------------
loc_409A09: ; CODE XREF: sub_409217+7A8�j
; sub_409217+7AC�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+18Ch+var_24]
or [eax], bl
mov ebx, [ebp+18Ch+var_1AC]
loc_409A26: ; CODE XREF: sub_409217+79E�j
; sub_409217+7A3�j ...
mov al, [esi]
cmp al, 5Dh
jnz short loc_4099BC
test al, al
jz loc_409E09
mov [ebp+18Ch+var_1B4], esi
mov esi, [ebp+18Ch+var_1C4]
jmp loc_409836
; ---------------------------------------------------------------------------
loc_409A3F: ; CODE XREF: sub_409217+360�j
cmp ebx, 2Bh
jnz short loc_409A63
loc_409A44: ; CODE XREF: sub_409217+36A�j
dec [ebp+18Ch+var_198]
jnz short loc_409A53
test ecx, ecx
jz short loc_409A53
mov [ebp+18Ch+var_189], 1
jmp short loc_409A63
; ---------------------------------------------------------------------------
loc_409A53: ; CODE XREF: sub_409217+830�j
; sub_409217+834�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
loc_409A63: ; CODE XREF: sub_409217+82B�j
; sub_409217+83A�j
cmp ebx, 30h
jnz loc_409B89
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ebx, eax
cmp bl, 78h
mov [ebp+18Ch+var_190], ebx
jz short loc_409AC8
cmp bl, 58h
jz short loc_409AC8
cmp [ebp+18Ch+var_1AC], 78h
mov [ebp+18Ch+var_1A8], 1
jz short loc_409AAD
cmp [ebp+18Ch+var_1B8], 0
jz short loc_409AA1
dec [ebp+18Ch+var_198]
jnz short loc_409AA1
inc [ebp+18Ch+var_189]
loc_409AA1: ; CODE XREF: sub_409217+880�j
; sub_409217+885�j
mov [ebp+18Ch+var_1AC], 6Fh
jmp loc_409B89
; ---------------------------------------------------------------------------
loc_409AAD: ; CODE XREF: sub_409217+87A�j
dec [ebp+18Ch+var_188]
cmp ebx, 0FFFFFFFFh
jz short loc_409AC0
push [ebp+18Ch+var_1A0]
push ebx
call sub_40F64F
pop ecx
pop ecx
loc_409AC0: ; CODE XREF: sub_409217+89C�j
push 30h
pop ebx
jmp loc_409B86
; ---------------------------------------------------------------------------
loc_409AC8: ; CODE XREF: sub_409217+868�j
; sub_409217+86D�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
cmp [ebp+18Ch+var_1B8], 0
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
jz short loc_409AEB
sub [ebp+18Ch+var_198], 2
cmp [ebp+18Ch+var_198], 1
jge short loc_409AEB
inc [ebp+18Ch+var_189]
loc_409AEB: ; CODE XREF: sub_409217+8C5�j
; sub_409217+8CF�j
mov [ebp+18Ch+var_1AC], 78h
jmp loc_409B89
; ---------------------------------------------------------------------------
loc_409AF7: ; CODE XREF: sub_409217+6BE�j
mov [esi], al
inc esi
loc_409AFA: ; CODE XREF: sub_409217+710�j
mov [ebp+18Ch+var_1C4], esi
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409B02: ; CODE XREF: sub_409217+6B4�j
inc edi
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409B08: ; CODE XREF: sub_409217+65C�j
; sub_409217+674�j ...
dec [ebp+18Ch+var_188]
cmp eax, 0FFFFFFFFh
jz short loc_409B1B
push [ebp+18Ch+var_1A0]
push eax
call sub_40F64F
pop ecx
pop ecx
loc_409B1B: ; CODE XREF: sub_409217+645�j
; sub_409217+8F7�j
cmp edi, esi
jz loc_409E09
cmp [ebp+18Ch+var_199], 0
jnz loc_409D71
inc [ebp+18Ch+var_1C8]
cmp ebx, 63h
jz loc_409D71
cmp [ebp+18Ch+var_1A2], 0
mov eax, [ebp+18Ch+var_1C4]
jz short loc_409B4B
and word ptr [eax], 0
jmp loc_409D71
; ---------------------------------------------------------------------------
loc_409B4B: ; CODE XREF: sub_409217+929�j
mov byte ptr [eax], 0
jmp loc_409D71
; ---------------------------------------------------------------------------
loc_409B53: ; CODE XREF: sub_409217+71A�j
mov [ebp+18Ch+var_19A], 1
loc_409B57: ; CODE XREF: sub_409217+312�j
; sub_409217+326�j ...
mov ebx, [ebp+18Ch+var_190]
cmp ebx, 2Dh
jnz short loc_409B65
mov [ebp+18Ch+var_1A3], 1
jmp short loc_409B6A
; ---------------------------------------------------------------------------
loc_409B65: ; CODE XREF: sub_409217+946�j
cmp ebx, 2Bh
jnz short loc_409B89
loc_409B6A: ; CODE XREF: sub_409217+94C�j
dec [ebp+18Ch+var_198]
jnz short loc_409B79
test ecx, ecx
jz short loc_409B79
mov [ebp+18Ch+var_189], 1
jmp short loc_409B89
; ---------------------------------------------------------------------------
loc_409B79: ; CODE XREF: sub_409217+956�j
; sub_409217+95A�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ebx, eax
loc_409B86: ; CODE XREF: sub_409217+8AC�j
mov [ebp+18Ch+var_190], ebx
loc_409B89: ; CODE XREF: sub_409217+84F�j
; sub_409217+891�j ...
cmp [ebp+18Ch+var_1D4], 0
jz loc_409C8E
cmp [ebp+18Ch+var_189], 0
jnz loc_409C69
loc_409B9D: ; CODE XREF: sub_409217+A3A�j
cmp [ebp+18Ch+var_1AC], 78h
jz short loc_409BF2
cmp [ebp+18Ch+var_1AC], 70h
jz short loc_409BF2
movzx eax, bl
push eax
call sub_40F52F
test eax, eax
pop ecx
jz loc_409C56
cmp [ebp+18Ch+var_1AC], 6Fh
jnz short loc_409BDC
cmp ebx, 38h
jge loc_409C56
mov eax, [ebp+18Ch+var_1BC]
mov esi, [ebp+18Ch+var_1C0]
shld eax, esi, 3
shl esi, 3
mov [ebp+18Ch+var_1BC], eax
jmp short loc_409C27
; ---------------------------------------------------------------------------
loc_409BDC: ; CODE XREF: sub_409217+9A8�j
push 0
push 0Ah
push [ebp+18Ch+var_1BC]
push [ebp+18Ch+var_1C0]
call sub_40F8A0
mov esi, eax
mov [ebp+18Ch+var_1BC], edx
jmp short loc_409C27
; ---------------------------------------------------------------------------
loc_409BF2: ; CODE XREF: sub_409217+98A�j
; sub_409217+990�j
movzx edi, bl
push edi
call sub_40F5AC
test eax, eax
pop ecx
jz short loc_409C56
mov eax, [ebp+18Ch+var_1BC]
mov esi, [ebp+18Ch+var_1C0]
shld eax, esi, 4
push edi
shl esi, 4
mov [ebp+18Ch+var_1BC], eax
call sub_40F52F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_409C24
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_409C24: ; CODE XREF: sub_409217+A05�j
mov [ebp+18Ch+var_190], ebx
loc_409C27: ; CODE XREF: sub_409217+9C3�j
; sub_409217+9D9�j
inc [ebp+18Ch+var_1A8]
lea eax, [ebx-30h]
cdq
add esi, eax
adc [ebp+18Ch+var_1BC], edx
cmp [ebp+18Ch+var_1B8], 0
mov [ebp+18Ch+var_1C0], esi
jz short loc_409C41
dec [ebp+18Ch+var_198]
jz short loc_409C69
loc_409C41: ; CODE XREF: sub_409217+A23�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
jmp loc_409B9D
; ---------------------------------------------------------------------------
loc_409C56: ; CODE XREF: sub_409217+99E�j
; sub_409217+9AD�j ...
dec [ebp+18Ch+var_188]
cmp ebx, 0FFFFFFFFh
jz short loc_409C69
push [ebp+18Ch+var_1A0]
push ebx
call sub_40F64F
pop ecx
pop ecx
loc_409C69: ; CODE XREF: sub_409217+980�j
; sub_409217+A28�j ...
cmp [ebp+18Ch+var_1A3], 0
mov edi, [ebp+18Ch+var_1E0]
jz loc_409D31
mov eax, [ebp+18Ch+var_1C0]
mov ecx, [ebp+18Ch+var_1BC]
neg eax
adc ecx, 0
neg ecx
mov [ebp+18Ch+var_1C0], eax
mov [ebp+18Ch+var_1BC], ecx
jmp loc_409D31
; ---------------------------------------------------------------------------
loc_409C8E: ; CODE XREF: sub_409217+976�j
cmp [ebp+18Ch+var_189], 0
mov edi, [ebp+18Ch+var_1E0]
jnz loc_409D29
loc_409C9B: ; CODE XREF: sub_409217+AFD�j
cmp [ebp+18Ch+var_1AC], 78h
jz short loc_409CCA
cmp [ebp+18Ch+var_1AC], 70h
jz short loc_409CCA
movzx eax, bl
push eax
call sub_40F52F
test eax, eax
pop ecx
jz short loc_409D16
cmp [ebp+18Ch+var_1AC], 6Fh
jnz short loc_409CC5
cmp ebx, 38h
jge short loc_409D16
shl edi, 3
jmp short loc_409CF2
; ---------------------------------------------------------------------------
loc_409CC5: ; CODE XREF: sub_409217+AA2�j
imul edi, 0Ah
jmp short loc_409CF2
; ---------------------------------------------------------------------------
loc_409CCA: ; CODE XREF: sub_409217+A88�j
; sub_409217+A8E�j
movzx esi, bl
push esi
call sub_40F5AC
test eax, eax
pop ecx
jz short loc_409D16
push esi
shl edi, 4
call sub_40F52F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_409CEF
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_409CEF: ; CODE XREF: sub_409217+AD0�j
mov [ebp+18Ch+var_190], ebx
loc_409CF2: ; CODE XREF: sub_409217+AAC�j
; sub_409217+AB1�j
inc [ebp+18Ch+var_1A8]
cmp [ebp+18Ch+var_1B8], 0
lea edi, [edi+ebx-30h]
jz short loc_409D04
dec [ebp+18Ch+var_198]
jz short loc_409D29
loc_409D04: ; CODE XREF: sub_409217+AE6�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
jmp short loc_409C9B
; ---------------------------------------------------------------------------
loc_409D16: ; CODE XREF: sub_409217+A9C�j
; sub_409217+AA7�j ...
dec [ebp+18Ch+var_188]
cmp ebx, 0FFFFFFFFh
jz short loc_409D29
push [ebp+18Ch+var_1A0]
push ebx
call sub_40F64F
pop ecx
pop ecx
loc_409D29: ; CODE XREF: sub_409217+A7E�j
; sub_409217+AEB�j ...
cmp [ebp+18Ch+var_1A3], 0
jz short loc_409D31
neg edi
loc_409D31: ; CODE XREF: sub_409217+A59�j
; sub_409217+A72�j ...
cmp [ebp+18Ch+var_1AC], 46h
jnz short loc_409D3B
and [ebp+18Ch+var_1A8], 0
loc_409D3B: ; CODE XREF: sub_409217+B1E�j
cmp [ebp+18Ch+var_1A8], 0
jz loc_409E09
cmp [ebp+18Ch+var_199], 0
jnz short loc_409D71
inc [ebp+18Ch+var_1C8]
mov esi, [ebp+18Ch+var_1C4]
loc_409D51: ; CODE XREF: sub_409217+34C�j
cmp [ebp+18Ch+var_1D4], 0
jz short loc_409D64
mov eax, [ebp+18Ch+var_1C0]
mov [esi], eax
mov eax, [ebp+18Ch+var_1BC]
mov [esi+4], eax
jmp short loc_409D71
; ---------------------------------------------------------------------------
loc_409D64: ; CODE XREF: sub_409217+B3E�j
cmp [ebp+18Ch+var_19A], 0
jz short loc_409D6E
mov [esi], edi
jmp short loc_409D71
; ---------------------------------------------------------------------------
loc_409D6E: ; CODE XREF: sub_409217+B51�j
mov [esi], di
loc_409D71: ; CODE XREF: sub_409217+352�j
; sub_409217+5D3�j ...
mov edi, [ebp+18Ch+var_1B4]
inc [ebp+18Ch+var_1A1]
inc edi
mov [ebp+18Ch+var_1B4], edi
jmp short loc_409DBF
; ---------------------------------------------------------------------------
loc_409D7D: ; CODE XREF: sub_409217+17C�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
mov ebx, eax
movzx eax, byte ptr [edi]
inc edi
cmp eax, ebx
mov [ebp+18Ch+var_190], ebx
mov [ebp+18Ch+var_1B4], edi
jnz short loc_409DF7
movzx eax, bl
push eax
call sub_40CDE6
test eax, eax
pop ecx
jz short loc_409DBF
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_4091DC
movzx ecx, byte ptr [edi]
inc edi
cmp ecx, eax
mov [ebp+18Ch+var_1B4], edi
jnz short loc_409DE7
dec [ebp+18Ch+var_188]
loc_409DBF: ; CODE XREF: sub_409217+B64�j
; sub_409217+B8D�j
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jnz short loc_409DD5
cmp byte ptr [edi], 25h
jnz short loc_409E09
mov eax, [ebp+18Ch+var_1B4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_409E09
mov edi, eax
loc_409DD5: ; CODE XREF: sub_409217+174�j
; sub_409217+BAC�j
mov al, [edi]
test al, al
jnz loc_40934F
jmp short loc_409E09
; ---------------------------------------------------------------------------
loc_409DE1: ; CODE XREF: sub_409217+303�j
; sub_409217+745�j
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jmp short loc_409DFA
; ---------------------------------------------------------------------------
loc_409DE7: ; CODE XREF: sub_409217+BA3�j
cmp eax, 0FFFFFFFFh
jz short loc_409DF7
push [ebp+18Ch+var_1A0]
push eax
call sub_40F64F
pop ecx
pop ecx
loc_409DF7: ; CODE XREF: sub_409217+B7F�j
; sub_409217+BD3�j
cmp ebx, 0FFFFFFFFh
loc_409DFA: ; CODE XREF: sub_409217+BCE�j
jz short loc_409E09
push [ebp+18Ch+var_1A0]
push [ebp+18Ch+var_190]
call sub_40F64F
pop ecx
pop ecx
loc_409E09: ; CODE XREF: sub_409217+2EC�j
; sub_409217+3D7�j ...
cmp [ebp+18Ch+var_1D0], 1
jnz short loc_409E18
push [ebp+18Ch+var_1B0]
call sub_4039C3
pop ecx
loc_409E18: ; CODE XREF: sub_409217+BF6�j
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jnz short loc_409E3C
mov eax, [ebp+18Ch+var_1C8]
test eax, eax
jnz short loc_409E2D
cmp [ebp+18Ch+var_1A1], al
jnz short loc_409E2D
or eax, 0FFFFFFFFh
loc_409E2D: ; CODE XREF: sub_409217+C0C�j
; sub_409217+C11�j
cmp [ebp+18Ch+var_1EC], 0
jz short loc_409E4C
mov ecx, [ebp+18Ch+var_1F0]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_409E4C
; ---------------------------------------------------------------------------
loc_409E3C: ; CODE XREF: sub_409217+12F�j
; sub_409217+C05�j
cmp [ebp+18Ch+var_1EC], 0
jz short loc_409E49
mov eax, [ebp+18Ch+var_1F0]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_409E49: ; CODE XREF: sub_409217+C29�j
mov eax, [ebp+18Ch+var_1C8]
loc_409E4C: ; CODE XREF: sub_409217+70�j
; sub_409217+C1A�j ...
mov ecx, [ebp+18Ch+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 18Ch
leave
retn
sub_409217 endp
; =============== S U B R O U T I N E =======================================
sub_409E64 proc near ; CODE XREF: sub_403AA0+2A�p
; sub_40428D+12�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
xor esi, esi
xor edi, edi
loc_409E70: ; CODE XREF: sub_409E64+19�j
cmp ebx, dword_423C00[edi*8]
jz short loc_409E7F
inc edi
cmp edi, 17h
jl short loc_409E70
loc_409E7F: ; CODE XREF: sub_409E64+13�j
cmp edi, 17h
jnb loc_409FFF
push ebp
push 3
call sub_40FA72
cmp eax, 1
pop ecx
jz loc_409FCB
push 3
call sub_40FA72
test eax, eax
pop ecx
jnz short loc_409EB3
cmp dword_423050, 1
jz loc_409FCB
loc_409EB3: ; CODE XREF: sub_409E64+40�j
cmp ebx, 0FCh
jz loc_409FFE
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
mov ebx, 314h
push ebx
mov ebp, offset dword_427A18
push ebp
call sub_407A85
add esp, 0Ch
test eax, eax
jz short loc_409EE9
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_409EE9: ; CODE XREF: sub_409E64+76�j
push 104h
mov esi, offset byte_427A31
push esi
push 0
mov byte_427B35, 0
call ds:off_41D060
test eax, eax
jnz short loc_409F2D
push offset aProgramNameUnk ; "<program name unknown>"
push 2FBh
push esi
call sub_407A85
add esp, 0Ch
test eax, eax
jz short loc_409F2D
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_4031FD
add esp, 14h
loc_409F2D: ; CODE XREF: sub_409E64+A1�j
; sub_409E64+B8�j
push esi
call sub_4044E0
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_409F72
push esi
call sub_4044E0
sub esi, 3Bh
add eax, esi
push 3
mov ecx, offset dword_427D2C
push offset a___ ; "..."
sub ecx, eax
push ecx
push eax
call sub_40CBF6
add esp, 14h
test eax, eax
jz short loc_409F72
xor esi, esi
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
jmp short loc_409F74
; ---------------------------------------------------------------------------
loc_409F72: ; CODE XREF: sub_409E64+D4�j
; sub_409E64+FB�j
xor esi, esi
loc_409F74: ; CODE XREF: sub_409E64+10C�j
push offset asc_41DB20 ; "\n\n"
push ebx
push ebp
call sub_40CB3D
add esp, 0Ch
test eax, eax
jz short loc_409F94
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_409F94: ; CODE XREF: sub_409E64+121�j
push dword_423C04[edi*8]
push ebx
push ebp
call sub_40CB3D
add esp, 0Ch
test eax, eax
jz short loc_409FB6
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_409FB6: ; CODE XREF: sub_409E64+143�j
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebp
call sub_40F8D4
add esp, 0Ch
jmp short loc_409FFE
; ---------------------------------------------------------------------------
loc_409FCB: ; CODE XREF: sub_409E64+30�j
; sub_409E64+49�j
push 0FFFFFFF4h
call ds:off_41D148
mov ebp, eax
cmp ebp, esi
jz short loc_409FFE
cmp ebp, 0FFFFFFFFh
jz short loc_409FFE
push 0
lea eax, [esp+18h+var_4]
push eax
lea esi, ds:423C04h[edi*8]
push dword ptr [esi]
call sub_4044E0
pop ecx
push eax
push dword ptr [esi]
push ebp
call ds:off_41D088
loc_409FFE: ; CODE XREF: sub_409E64+55�j
; sub_409E64+165�j ...
pop ebp
loc_409FFF: ; CODE XREF: sub_409E64+1E�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_409E64 endp
; =============== S U B R O U T I N E =======================================
sub_40A004 proc near ; CODE XREF: sub_403AA0+23�p
; sub_40428D+9�p ...
push 3
call sub_40FA72
cmp eax, 1
pop ecx
jz short loc_40A026
push 3
call sub_40FA72
test eax, eax
pop ecx
jnz short locret_40A03C
cmp dword_423050, 1
jnz short locret_40A03C
loc_40A026: ; CODE XREF: sub_40A004+B�j
push 0FCh
call sub_409E64
push 0FFh
call sub_409E64
pop ecx
pop ecx
locret_40A03C: ; CODE XREF: sub_40A004+17�j
; sub_40A004+20�j
retn
sub_40A004 endp
; =============== S U B R O U T I N E =======================================
sub_40A03D proc near ; CODE XREF: sub_403EE2+ED�p
; sub_4091DC+F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_40A066
call sub_405B83
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
jmp loc_40A157
; ---------------------------------------------------------------------------
loc_40A066: ; CODE XREF: sub_40A03D+A�j
mov eax, [esi+0Ch]
test al, 83h
jz loc_40A157
test al, 40h
jnz loc_40A157
test al, 2
jz short loc_40A088
or eax, 20h
mov [esi+0Ch], eax
jmp loc_40A157
; ---------------------------------------------------------------------------
loc_40A088: ; CODE XREF: sub_40A03D+3E�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_40A09D
push esi
call sub_40D8AC
pop ecx
jmp short loc_40A0A2
; ---------------------------------------------------------------------------
loc_40A09D: ; CODE XREF: sub_40A03D+55�j
mov eax, [esi+8]
mov [esi], eax
loc_40A0A2: ; CODE XREF: sub_40A03D+5E�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push esi
call sub_408DD0
pop ecx
push eax
call sub_40A6FF
add esp, 0Ch
cmp eax, edi
mov [esi+4], eax
jz loc_40A147
cmp eax, 0FFFFFFFFh
jz short loc_40A147
test byte ptr [esi+0Ch], 82h
jnz short loc_40A11D
push esi
call sub_408DD0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40A108
push esi
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40A108
push esi
call sub_408DD0
sar eax, 5
push esi
lea edi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40A10D
; ---------------------------------------------------------------------------
loc_40A108: ; CODE XREF: sub_40A03D+9B�j
; sub_40A03D+A7�j
mov eax, offset dword_423BD0
loc_40A10D: ; CODE XREF: sub_40A03D+C9�j
mov al, [eax+4]
and al, 82h
cmp al, 82h
jnz short loc_40A11D
or dword ptr [esi+0Ch], 2000h
loc_40A11D: ; CODE XREF: sub_40A03D+8F�j
; sub_40A03D+D7�j
cmp dword ptr [esi+18h], 200h
jnz short loc_40A13A
mov eax, [esi+0Ch]
test al, 8
jz short loc_40A13A
test ax, 400h
jnz short loc_40A13A
mov dword ptr [esi+18h], 1000h
loc_40A13A: ; CODE XREF: sub_40A03D+E7�j
; sub_40A03D+EE�j ...
mov ecx, [esi]
dec dword ptr [esi+4]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_40A15A
; ---------------------------------------------------------------------------
loc_40A147: ; CODE XREF: sub_40A03D+80�j
; sub_40A03D+89�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
mov [esi+4], edi
loc_40A157: ; CODE XREF: sub_40A03D+24�j
; sub_40A03D+2E�j ...
or eax, 0FFFFFFFFh
loc_40A15A: ; CODE XREF: sub_40A03D+108�j
pop edi
pop esi
retn
sub_40A03D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A15D proc near ; CODE XREF: sub_40A6FF+9A�p
; sub_40E422+355�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push 0FFFFFFFEh
pop eax
cmp esi, eax
mov [ebp+var_14], eax
mov [ebp+var_1C], edx
jnz short loc_40A192
call sub_405B96
and dword ptr [eax], 0
call sub_405B83
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_40A6FC
; ---------------------------------------------------------------------------
loc_40A192: ; CODE XREF: sub_40A15D+18�j
push edi
xor edi, edi
cmp esi, edi
jl short loc_40A1A1
cmp esi, dword_4356E8
jb short loc_40A1C8
loc_40A1A1: ; CODE XREF: sub_40A15D+3A�j
call sub_405B96
mov [eax], edi
call sub_405B83
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 9
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40A6FB
; ---------------------------------------------------------------------------
loc_40A1C8: ; CODE XREF: sub_40A15D+42�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
push ebx
lea ebx, ds:435700h[eax*4]
mov eax, [ebx]
add eax, esi
mov cl, [eax+4]
test cl, 1
jnz short loc_40A1FE
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 9
jmp loc_40A345
; ---------------------------------------------------------------------------
loc_40A1FE: ; CODE XREF: sub_40A15D+88�j
cmp edx, edi
mov [ebp+var_10], edi
jz loc_40A6F8
test cl, 2
jnz loc_40A6F8
mov ecx, [ebp+arg_4]
cmp ecx, edi
jz loc_40A333
mov al, [eax+24h]
add al, al
sar al, 1
mov [ebp+var_2], al
movsx eax, al
dec eax
jz loc_40A32B
dec eax
jnz short loc_40A246
mov eax, edx
not eax
test al, 1
jz loc_40A333
and edx, 0FFFFFFFEh
mov [ebp+arg_8], edx
loc_40A246: ; CODE XREF: sub_40A15D+D5�j
mov [ebp+var_C], ecx
loc_40A249: ; CODE XREF: sub_40A15D+216�j
mov ecx, [ebx]
mov eax, [ebp+var_C]
lea edi, [esi+ecx]
test byte ptr [edi+4], 48h
jz short loc_40A2CD
mov cl, [edi+5]
cmp cl, 0Ah
jz short loc_40A2CD
xor edx, edx
cmp [ebp+arg_8], edx
jz short loc_40A2CD
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], dl
mov [ebp+var_10], 1
mov byte ptr [esi+ecx+5], 0Ah
jz short loc_40A2CD
mov ecx, [ebx]
mov cl, [esi+ecx+25h]
cmp cl, 0Ah
jz short loc_40A2CD
cmp [ebp+arg_8], edx
jz short loc_40A2CD
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], 1
mov [ebp+var_10], 2
mov byte ptr [esi+ecx+25h], 0Ah
jnz short loc_40A2CD
mov ecx, [ebx]
mov cl, [esi+ecx+26h]
cmp cl, 0Ah
jz short loc_40A2CD
cmp [ebp+arg_8], edx
jz short loc_40A2CD
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
mov [ebp+var_10], 3
mov byte ptr [esi+ecx+26h], 0Ah
loc_40A2CD: ; CODE XREF: sub_40A15D+F8�j
; sub_40A15D+100�j ...
push 0
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:off_41D078
test eax, eax
jz loc_40A6C2
mov edi, [ebp+var_18]
test edi, edi
jl loc_40A6C2
cmp edi, [ebp+arg_8]
ja loc_40A6C2
mov eax, [ebx]
add [ebp+var_10], edi
lea eax, [esi+eax+4]
test byte ptr [eax], 80h
jz loc_40A562
cmp [ebp+var_2], 2
jz loc_40A58C
test edi, edi
jz short loc_40A397
mov ecx, [ebp+var_C]
cmp byte ptr [ecx], 0Ah
jnz short loc_40A397
or byte ptr [eax], 4
jmp short loc_40A39A
; ---------------------------------------------------------------------------
loc_40A32B: ; CODE XREF: sub_40A15D+CE�j
mov eax, edx
not eax
test al, 1
jnz short loc_40A354
loc_40A333: ; CODE XREF: sub_40A15D+BA�j
; sub_40A15D+DD�j
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 16h
loc_40A345: ; CODE XREF: sub_40A15D+9C�j
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
jmp short loc_40A38F
; ---------------------------------------------------------------------------
loc_40A354: ; CODE XREF: sub_40A15D+1D4�j
mov eax, edx
push 4
pop ecx
shr eax, 1
cmp eax, ecx
mov [ebp+arg_8], ecx
jb short loc_40A365
mov [ebp+arg_8], eax
loc_40A365: ; CODE XREF: sub_40A15D+203�j
push [ebp+arg_8]
call sub_407AEA
cmp eax, edi
pop ecx
mov [ebp+var_C], eax
jnz loc_40A249
call sub_405B83
mov dword ptr [eax], 0Ch
call sub_405B96
mov dword ptr [eax], 8
loc_40A38F: ; CODE XREF: sub_40A15D+1F5�j
or eax, 0FFFFFFFFh
jmp loc_40A6FA
; ---------------------------------------------------------------------------
loc_40A397: ; CODE XREF: sub_40A15D+1BF�j
; sub_40A15D+1C7�j
and byte ptr [eax], 0FBh
loc_40A39A: ; CODE XREF: sub_40A15D+1CC�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A480
loc_40A3B0: ; CODE XREF: sub_40A15D+306�j
mov ecx, [ebp+arg_8]
mov al, [ecx]
cmp al, 1Ah
jz loc_40A46B
cmp al, 0Dh
jz short loc_40A3CD
mov [edi], al
inc edi
inc ecx
mov [ebp+arg_8], ecx
jmp loc_40A45D
; ---------------------------------------------------------------------------
loc_40A3CD: ; CODE XREF: sub_40A15D+262�j
mov eax, [ebp+var_10]
dec eax
cmp ecx, eax
jnb short loc_40A3EC
lea eax, [ecx+1]
cmp byte ptr [eax], 0Ah
jnz short loc_40A3E7
inc ecx
inc ecx
mov [ebp+arg_8], ecx
loc_40A3E2: ; CODE XREF: sub_40A15D+2CA�j
; sub_40A15D+2E3�j
mov byte ptr [edi], 0Ah
jmp short loc_40A45C
; ---------------------------------------------------------------------------
loc_40A3E7: ; CODE XREF: sub_40A15D+27E�j
mov [ebp+arg_8], eax
jmp short loc_40A459
; ---------------------------------------------------------------------------
loc_40A3EC: ; CODE XREF: sub_40A15D+276�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_18]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:off_41D078
test eax, eax
jnz short loc_40A414
call ds:off_41D0EC
test eax, eax
jnz short loc_40A459
loc_40A414: ; CODE XREF: sub_40A15D+2AB�j
cmp [ebp+var_18], 0
jz short loc_40A459
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A437
cmp [ebp+var_1], 0Ah
jz short loc_40A3E2
mov byte ptr [edi], 0Dh
mov eax, [ebx]
mov cl, [ebp+var_1]
mov [esi+eax+5], cl
jmp short loc_40A45C
; ---------------------------------------------------------------------------
loc_40A437: ; CODE XREF: sub_40A15D+2C4�j
cmp edi, [ebp+var_C]
jnz short loc_40A442
cmp [ebp+var_1], 0Ah
jz short loc_40A3E2
loc_40A442: ; CODE XREF: sub_40A15D+2DD�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_40D06E
add esp, 10h
cmp [ebp+var_1], 0Ah
jz short loc_40A45D
loc_40A459: ; CODE XREF: sub_40A15D+28D�j
; sub_40A15D+2B5�j ...
mov byte ptr [edi], 0Dh
loc_40A45C: ; CODE XREF: sub_40A15D+288�j
; sub_40A15D+2D8�j
inc edi
loc_40A45D: ; CODE XREF: sub_40A15D+26B�j
; sub_40A15D+2FA�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A3B0
jmp short loc_40A480
; ---------------------------------------------------------------------------
loc_40A46B: ; CODE XREF: sub_40A15D+25A�j
mov eax, [ebx]
lea eax, [esi+eax+4]
test byte ptr [eax], 40h
jnz short loc_40A47B
or byte ptr [eax], 2
jmp short loc_40A480
; ---------------------------------------------------------------------------
loc_40A47B: ; CODE XREF: sub_40A15D+317�j
mov al, [ecx]
mov [edi], al
inc edi
loc_40A480: ; CODE XREF: sub_40A15D+24D�j
; sub_40A15D+30C�j ...
mov eax, edi
sub eax, [ebp+var_C]
cmp [ebp+var_2], 1
mov [ebp+var_10], eax
jnz loc_40A562
test eax, eax
jz loc_40A562
dec edi
mov cl, [edi]
test cl, cl
js short loc_40A4A7
inc edi
jmp loc_40A52D
; ---------------------------------------------------------------------------
loc_40A4A7: ; CODE XREF: sub_40A15D+342�j
xor eax, eax
inc eax
movzx ecx, cl
jmp short loc_40A4BE
; ---------------------------------------------------------------------------
loc_40A4AF: ; CODE XREF: sub_40A15D+368�j
cmp eax, 4
jg short loc_40A4C7
cmp edi, [ebp+var_C]
jb short loc_40A4C7
dec edi
movzx ecx, byte ptr [edi]
inc eax
loc_40A4BE: ; CODE XREF: sub_40A15D+350�j
cmp byte_423CB8[ecx], 0
jz short loc_40A4AF
loc_40A4C7: ; CODE XREF: sub_40A15D+355�j
; sub_40A15D+35A�j
mov dl, [edi]
movzx ecx, dl
movsx ecx, byte_423CB8[ecx]
test ecx, ecx
jnz short loc_40A4E4
call sub_405B83
mov dword ptr [eax], 2Ah
jmp short loc_40A55E
; ---------------------------------------------------------------------------
loc_40A4E4: ; CODE XREF: sub_40A15D+378�j
inc ecx
cmp ecx, eax
jnz short loc_40A4ED
add edi, eax
jmp short loc_40A52D
; ---------------------------------------------------------------------------
loc_40A4ED: ; CODE XREF: sub_40A15D+38A�j
mov ecx, [ebx]
add ecx, esi
test byte ptr [ecx+4], 48h
jz short loc_40A51B
inc edi
cmp eax, 2
mov [ecx+5], dl
jl short loc_40A509
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+25h], dl
inc edi
loc_40A509: ; CODE XREF: sub_40A15D+3A1�j
cmp eax, 3
jnz short loc_40A517
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+26h], dl
inc edi
loc_40A517: ; CODE XREF: sub_40A15D+3AF�j
sub edi, eax
jmp short loc_40A52D
; ---------------------------------------------------------------------------
loc_40A51B: ; CODE XREF: sub_40A15D+398�j
neg eax
cdq
push 1
push edx
push eax
push [ebp+arg_0]
call sub_40D06E
add esp, 10h
loc_40A52D: ; CODE XREF: sub_40A15D+345�j
; sub_40A15D+38E�j ...
mov eax, [ebp+var_1C]
sub edi, [ebp+var_C]
shr eax, 1
push eax
push [ebp+arg_4]
push edi
push [ebp+var_C]
push 0
push 0FDE9h
call ds:off_41D0A0
test eax, eax
mov [ebp+var_10], eax
jnz short loc_40A585
call ds:off_41D0EC
loc_40A557: ; CODE XREF: sub_40A15D+58C�j
push eax
call sub_405BA9
pop ecx
loc_40A55E: ; CODE XREF: sub_40A15D+385�j
; sub_40A15D+584�j
or [ebp+var_14], 0FFFFFFFFh
loc_40A562: ; CODE XREF: sub_40A15D+1AD�j
; sub_40A15D+32F�j ...
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jz short loc_40A571
push eax
call sub_4039C3
pop ecx
loc_40A571: ; CODE XREF: sub_40A15D+40B�j
mov eax, [ebp+var_14]
cmp eax, 0FFFFFFFEh
jnz loc_40A6FA
mov eax, [ebp+var_10]
jmp loc_40A6FA
; ---------------------------------------------------------------------------
loc_40A585: ; CODE XREF: sub_40A15D+3F2�j
add eax, eax
mov [ebp+var_10], eax
jmp short loc_40A562
; ---------------------------------------------------------------------------
loc_40A58C: ; CODE XREF: sub_40A15D+1B7�j
test edi, edi
jz short loc_40A59E
mov ecx, [ebp+var_C]
cmp word ptr [ecx], 0Ah
jnz short loc_40A59E
or byte ptr [eax], 4
jmp short loc_40A5A1
; ---------------------------------------------------------------------------
loc_40A59E: ; CODE XREF: sub_40A15D+431�j
; sub_40A15D+43A�j
and byte ptr [eax], 0FBh
loc_40A5A1: ; CODE XREF: sub_40A15D+43F�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A6B7
loc_40A5B7: ; CODE XREF: sub_40A15D+53A�j
mov eax, [ebp+arg_8]
movzx ecx, word ptr [eax]
cmp cx, 1Ah
jz loc_40A69F
cmp cx, 0Dh
jz short loc_40A5DC
mov [edi], cx
inc edi
inc edi
inc eax
inc eax
mov [ebp+arg_8], eax
jmp loc_40A691
; ---------------------------------------------------------------------------
loc_40A5DC: ; CODE XREF: sub_40A15D+46E�j
mov ecx, [ebp+var_10]
add ecx, 0FFFFFFFEh
cmp eax, ecx
jnb short loc_40A607
lea ecx, [eax+2]
cmp word ptr [ecx], 0Ah
jnz short loc_40A5FF
add eax, 4
mov [ebp+arg_8], eax
loc_40A5F5: ; CODE XREF: sub_40A15D+4E7�j
; sub_40A15D+513�j
mov word ptr [edi], 0Ah
jmp loc_40A68F
; ---------------------------------------------------------------------------
loc_40A5FF: ; CODE XREF: sub_40A15D+490�j
mov [ebp+arg_8], ecx
jmp loc_40A68A
; ---------------------------------------------------------------------------
loc_40A607: ; CODE XREF: sub_40A15D+487�j
add [ebp+arg_8], 2
push 0
lea eax, [ebp+var_18]
push eax
push 2
lea eax, [ebp+var_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:off_41D078
test eax, eax
jnz short loc_40A630
call ds:off_41D0EC
test eax, eax
jnz short loc_40A68A
loc_40A630: ; CODE XREF: sub_40A15D+4C7�j
cmp [ebp+var_18], 0
jz short loc_40A68A
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A666
cmp [ebp+var_8], 0Ah
jz short loc_40A5F5
mov word ptr [edi], 0Dh
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8]
mov [esi+eax+5], cl
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8+1]
mov [esi+eax+25h], cl
mov eax, [ebx]
mov byte ptr [esi+eax+26h], 0Ah
jmp short loc_40A68F
; ---------------------------------------------------------------------------
loc_40A666: ; CODE XREF: sub_40A15D+4E0�j
cmp edi, [ebp+var_C]
jnz short loc_40A672
cmp [ebp+var_8], 0Ah
jz short loc_40A5F5
loc_40A672: ; CODE XREF: sub_40A15D+50C�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFEh
push [ebp+arg_0]
call sub_40D06E
add esp, 10h
cmp [ebp+var_8], 0Ah
jz short loc_40A691
loc_40A68A: ; CODE XREF: sub_40A15D+4A5�j
; sub_40A15D+4D1�j ...
mov word ptr [edi], 0Dh
loc_40A68F: ; CODE XREF: sub_40A15D+49D�j
; sub_40A15D+507�j
inc edi
inc edi
loc_40A691: ; CODE XREF: sub_40A15D+47A�j
; sub_40A15D+52B�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A5B7
jmp short loc_40A6B7
; ---------------------------------------------------------------------------
loc_40A69F: ; CODE XREF: sub_40A15D+464�j
mov ecx, [ebx]
lea esi, [esi+ecx+4]
test byte ptr [esi], 40h
jnz short loc_40A6AF
or byte ptr [esi], 2
jmp short loc_40A6B7
; ---------------------------------------------------------------------------
loc_40A6AF: ; CODE XREF: sub_40A15D+54B�j
mov ax, [eax]
mov [edi], ax
inc edi
inc edi
loc_40A6B7: ; CODE XREF: sub_40A15D+454�j
; sub_40A15D+540�j ...
sub edi, [ebp+var_C]
mov [ebp+var_10], edi
jmp loc_40A562
; ---------------------------------------------------------------------------
loc_40A6C2: ; CODE XREF: sub_40A15D+187�j
; sub_40A15D+192�j ...
call ds:off_41D0EC
push 5
pop esi
cmp eax, esi
jnz short loc_40A6E6
call sub_405B83
mov dword ptr [eax], 9
call sub_405B96
mov [eax], esi
jmp loc_40A55E
; ---------------------------------------------------------------------------
loc_40A6E6: ; CODE XREF: sub_40A15D+570�j
cmp eax, 6Dh
jnz loc_40A557
and [ebp+var_14], 0
jmp loc_40A562
; ---------------------------------------------------------------------------
loc_40A6F8: ; CODE XREF: sub_40A15D+A6�j
; sub_40A15D+AF�j
xor eax, eax
loc_40A6FA: ; CODE XREF: sub_40A15D+235�j
; sub_40A15D+41A�j ...
pop ebx
loc_40A6FB: ; CODE XREF: sub_40A15D+66�j
pop edi
loc_40A6FC: ; CODE XREF: sub_40A15D+30�j
pop esi
leave
retn
sub_40A15D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6FF proc near ; CODE XREF: sub_403EE2+C9�p
; sub_40A03D+73�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4218D0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A72E
call sub_405B96
and dword ptr [eax], 0
call sub_405B83
mov dword ptr [eax], 9
loc_40A726: ; CODE XREF: sub_40A6FF+5C�j
or eax, 0FFFFFFFFh
jmp loc_40A7CB
; ---------------------------------------------------------------------------
loc_40A72E: ; CODE XREF: sub_40A6FF+12�j
xor edi, edi
cmp eax, edi
jl short loc_40A73C
cmp eax, dword_4356E8
jb short loc_40A75D
loc_40A73C: ; CODE XREF: sub_40A6FF+33�j
; sub_40A6FF+7C�j
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
jmp short loc_40A726
; ---------------------------------------------------------------------------
loc_40A75D: ; CODE XREF: sub_40A6FF+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:435700h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40A73C
push eax
call sub_40F19E
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40A7A6
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A15D
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A7A6: ; CODE XREF: sub_40A6FF+8F�j
call sub_405B83
mov dword ptr [eax], 9
call sub_405B96
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40A7BC: ; CODE XREF: sub_40A6FF+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A7D1
mov eax, [ebp+var_1C]
loc_40A7CB: ; CODE XREF: sub_40A6FF+2A�j
call __SEH_epilog4
retn
sub_40A6FF endp
; =============== S U B R O U T I N E =======================================
sub_40A7D1 proc near ; CODE XREF: sub_40A6FF+C4�p
push dword ptr [ebp+8]
call sub_40F23E
pop ecx
retn
sub_40A7D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7DB proc near ; CODE XREF: sub_40AA06:loc_40AA25�p
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
push [ebp+arg_0]
lea ecx, [ebp+var_14]
call sub_402ADF
mov eax, [ebp+arg_8]
mov esi, [ebp+arg_4]
xor edi, edi
cmp eax, edi
jz short loc_40A7FC
mov [eax], esi
loc_40A7FC: ; CODE XREF: sub_40A7DB+1D�j
cmp esi, edi
jnz short loc_40A82C
loc_40A800: ; CODE XREF: sub_40A7DB+5A�j
; sub_40A7DB+60�j
call sub_405B83
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40A825
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A825: ; CODE XREF: sub_40A7DB+41�j
xor eax, eax
jmp loc_40AA02
; ---------------------------------------------------------------------------
loc_40A82C: ; CODE XREF: sub_40A7DB+23�j
cmp [ebp+arg_C], edi
jz short loc_40A83D
cmp [ebp+arg_C], 2
jl short loc_40A800
cmp [ebp+arg_C], 24h
jg short loc_40A800
loc_40A83D: ; CODE XREF: sub_40A7DB+54�j
mov ecx, [ebp+var_14]
push ebx
mov bl, [esi]
mov [ebp+var_4], edi
lea edi, [esi+1]
loc_40A849: ; CODE XREF: sub_40A7DB+A5�j
cmp dword ptr [ecx+0ACh], 1
jle short loc_40A869
lea eax, [ebp+var_14]
push eax
movzx eax, bl
push 8
push eax
call sub_40CDF4
mov ecx, [ebp+var_14]
add esp, 0Ch
jmp short loc_40A879
; ---------------------------------------------------------------------------
loc_40A869: ; CODE XREF: sub_40A7DB+75�j
mov edx, [ecx+0C8h]
movzx eax, bl
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_40A879: ; CODE XREF: sub_40A7DB+8C�j
test eax, eax
jz short loc_40A882
mov bl, [edi]
inc edi
jmp short loc_40A849
; ---------------------------------------------------------------------------
loc_40A882: ; CODE XREF: sub_40A7DB+A0�j
cmp bl, 2Dh
jnz short loc_40A88D
or [ebp+arg_10], 2
jmp short loc_40A892
; ---------------------------------------------------------------------------
loc_40A88D: ; CODE XREF: sub_40A7DB+AA�j
cmp bl, 2Bh
jnz short loc_40A895
loc_40A892: ; CODE XREF: sub_40A7DB+B0�j
mov bl, [edi]
inc edi
loc_40A895: ; CODE XREF: sub_40A7DB+B5�j
mov eax, [ebp+arg_C]
test eax, eax
jl loc_40A9E9
cmp eax, 1
jz loc_40A9E9
cmp eax, 24h
jg loc_40A9E9
test eax, eax
jnz short loc_40A8E0
cmp bl, 30h
jz short loc_40A8C4
mov [ebp+arg_C], 0Ah
jmp short loc_40A8F8
; ---------------------------------------------------------------------------
loc_40A8C4: ; CODE XREF: sub_40A7DB+DE�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8D7
cmp al, 58h
jz short loc_40A8D7
mov [ebp+arg_C], 8
jmp short loc_40A8F8
; ---------------------------------------------------------------------------
loc_40A8D7: ; CODE XREF: sub_40A7DB+ED�j
; sub_40A7DB+F1�j
mov [ebp+arg_C], 10h
jmp short loc_40A8EA
; ---------------------------------------------------------------------------
loc_40A8E0: ; CODE XREF: sub_40A7DB+D9�j
cmp eax, 10h
jnz short loc_40A8F8
cmp bl, 30h
jnz short loc_40A8F8
loc_40A8EA: ; CODE XREF: sub_40A7DB+103�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8F4
cmp al, 58h
jnz short loc_40A8F8
loc_40A8F4: ; CODE XREF: sub_40A7DB+113�j
inc edi
mov bl, [edi]
inc edi
loc_40A8F8: ; CODE XREF: sub_40A7DB+E7�j
; sub_40A7DB+FA�j ...
mov esi, [ecx+0C8h]
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_C]
loc_40A906: ; CODE XREF: sub_40A7DB+19D�j
movzx ecx, bl
movzx ecx, word ptr [esi+ecx*2]
test cl, 4
jz short loc_40A91A
movsx ecx, bl
sub ecx, 30h
jmp short loc_40A934
; ---------------------------------------------------------------------------
loc_40A91A: ; CODE XREF: sub_40A7DB+135�j
test cx, 103h
jz short loc_40A952
mov cl, bl
sub cl, 61h
cmp cl, 19h
movsx ecx, bl
ja short loc_40A931
sub ecx, 20h
loc_40A931: ; CODE XREF: sub_40A7DB+151�j
add ecx, 0FFFFFFC9h
loc_40A934: ; CODE XREF: sub_40A7DB+13D�j
cmp ecx, [ebp+arg_C]
jnb short loc_40A952
or [ebp+arg_10], 8
cmp [ebp+var_4], eax
jb short loc_40A969
jnz short loc_40A948
cmp ecx, edx
jbe short loc_40A969
loc_40A948: ; CODE XREF: sub_40A7DB+167�j
or [ebp+arg_10], 4
cmp [ebp+arg_8], 0
jnz short loc_40A975
loc_40A952: ; CODE XREF: sub_40A7DB+144�j
; sub_40A7DB+15C�j
mov eax, [ebp+arg_10]
dec edi
test al, 8
jnz short loc_40A97A
cmp [ebp+arg_8], 0
jz short loc_40A963
mov edi, [ebp+arg_4]
loc_40A963: ; CODE XREF: sub_40A7DB+183�j
and [ebp+var_4], 0
jmp short loc_40A9C5
; ---------------------------------------------------------------------------
loc_40A969: ; CODE XREF: sub_40A7DB+165�j
; sub_40A7DB+16B�j
mov ebx, [ebp+var_4]
imul ebx, [ebp+arg_C]
add ebx, ecx
mov [ebp+var_4], ebx
loc_40A975: ; CODE XREF: sub_40A7DB+175�j
mov bl, [edi]
inc edi
jmp short loc_40A906
; ---------------------------------------------------------------------------
loc_40A97A: ; CODE XREF: sub_40A7DB+17D�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_40A99E
test al, 1
jnz short loc_40A9C5
and eax, 2
jz short loc_40A995
cmp [ebp+var_4], 80000000h
ja short loc_40A99E
loc_40A995: ; CODE XREF: sub_40A7DB+1AF�j
test eax, eax
jnz short loc_40A9C5
cmp [ebp+var_4], esi
jbe short loc_40A9C5
loc_40A99E: ; CODE XREF: sub_40A7DB+1A6�j
; sub_40A7DB+1B8�j
call sub_405B83
test byte ptr [ebp+arg_10], 1
mov dword ptr [eax], 22h
jz short loc_40A9B5
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40A9C5
; ---------------------------------------------------------------------------
loc_40A9B5: ; CODE XREF: sub_40A7DB+1D2�j
mov al, byte ptr [ebp+arg_10]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_40A9C5: ; CODE XREF: sub_40A7DB+18C�j
; sub_40A7DB+1AA�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9CE
mov [eax], edi
loc_40A9CE: ; CODE XREF: sub_40A7DB+1EF�j
test byte ptr [ebp+arg_10], 2
jz short loc_40A9D7
neg [ebp+var_4]
loc_40A9D7: ; CODE XREF: sub_40A7DB+1F7�j
cmp [ebp+var_8], 0
jz short loc_40A9E4
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9E4: ; CODE XREF: sub_40A7DB+200�j
mov eax, [ebp+var_4]
jmp short loc_40AA01
; ---------------------------------------------------------------------------
loc_40A9E9: ; CODE XREF: sub_40A7DB+BF�j
; sub_40A7DB+C8�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9F2
mov [eax], esi
loc_40A9F2: ; CODE XREF: sub_40A7DB+213�j
cmp [ebp+var_8], 0
jz short loc_40A9FF
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9FF: ; CODE XREF: sub_40A7DB+21B�j
xor eax, eax
loc_40AA01: ; CODE XREF: sub_40A7DB+20C�j
pop ebx
loc_40AA02: ; CODE XREF: sub_40A7DB+4C�j
pop edi
pop esi
leave
retn
sub_40A7DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA06 proc near ; CODE XREF: sub_40415A+8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
xor eax, eax
cmp dword_427820, eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40AA24
push offset dword_423680
jmp short loc_40AA25
; ---------------------------------------------------------------------------
loc_40AA24: ; CODE XREF: sub_40AA06+15�j
push eax
loc_40AA25: ; CODE XREF: sub_40AA06+1C�j
call sub_40A7DB
add esp, 14h
pop ebp
retn
sub_40AA06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA2F proc near ; CODE XREF: sub_404170+B5�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
xor eax, eax
cmp dword_427D30, eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_0]
mov byte ptr [ebp+var_8], al
mov byte ptr [ebp+var_8+1], al
mov byte ptr [ebp+var_8+2], al
mov byte ptr [ebp+var_8+3], al
mov byte ptr [ebp+var_8+4], al
mov byte ptr [ebp+var_8+5], al
mov byte ptr [ebp+var_8+6], al
mov byte ptr [ebp+var_8+7], al
jz short loc_40AA71
push dword_4356E4
call sub_405543
pop ecx
jmp short loc_40AA76
; ---------------------------------------------------------------------------
loc_40AA71: ; CODE XREF: sub_40AA2F+32�j
mov eax, offset sub_40FAB8
loc_40AA76: ; CODE XREF: sub_40AA2F+40�j
mov ecx, [ebp+arg_C]
mov edx, 0A6h
cmp ecx, edx
jg loc_40ABFA
jz loc_40ABE7
cmp ecx, 19h
jg loc_40AB8D
jz loc_40AB84
mov edx, ecx
push 2
pop ecx
sub edx, ecx
jz loc_40AB75
dec edx
jz loc_40AB6C
sub edx, 5
jz loc_40AB5D
dec edx
jz loc_40AB45
sub edx, 5
jz short loc_40AB35
dec edx
jz short loc_40AB0C
sub edx, 9
jnz loc_40ACA4 ; default
mov [ebp+var_28], 3
loc_40AAD7: ; CODE XREF: sub_40AA2F+1AC�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40AADE: ; CODE XREF: sub_40AA2F+114�j
; sub_40AA2F+138�j ...
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
test eax, eax
pop ecx
jnz loc_40AC9F
call sub_405B83
mov dword ptr [eax], 22h
jmp loc_40AC9F
; ---------------------------------------------------------------------------
loc_40AB0C: ; CODE XREF: sub_40AA2F+96�j
mov [ebp+var_24], offset aExp ; "exp"
loc_40AB13: ; CODE XREF: sub_40AA2F+15C�j
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
mov [ebp+var_28], 4
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
pop ecx
jmp loc_40AC9F
; ---------------------------------------------------------------------------
loc_40AB35: ; CODE XREF: sub_40AA2F+93�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp ; "exp"
jmp short loc_40AADE
; ---------------------------------------------------------------------------
loc_40AB45: ; CODE XREF: sub_40AA2F+8A�j
mov [ebp+var_24], offset aLog10 ; "log10"
loc_40AB4C: ; CODE XREF: sub_40AA2F+144�j
; sub_40AA2F+181�j ...
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
jmp loc_40AC7F
; ---------------------------------------------------------------------------
loc_40AB5D: ; CODE XREF: sub_40AA2F+83�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog10 ; "log10"
jmp loc_40AADE
; ---------------------------------------------------------------------------
loc_40AB6C: ; CODE XREF: sub_40AA2F+7A�j
mov [ebp+var_24], offset aLog ; "log"
jmp short loc_40AB4C
; ---------------------------------------------------------------------------
loc_40AB75: ; CODE XREF: sub_40AA2F+73�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog ; "log"
jmp loc_40AADE
; ---------------------------------------------------------------------------
loc_40AB84: ; CODE XREF: sub_40AA2F+66�j
mov [ebp+var_24], offset aPow ; "pow"
jmp short loc_40AB13
; ---------------------------------------------------------------------------
loc_40AB8D: ; CODE XREF: sub_40AA2F+60�j
sub ecx, 1Ah
jz short loc_40ABE0
dec ecx
jz short loc_40ABD4
dec ecx
jz short loc_40ABC8 ; jumptable 0040AC09 case 1006
dec ecx
jz short loc_40ABBB
sub ecx, 1Dh
jz short loc_40ABB2 ; jumptable 0040AC09 case 1008
sub ecx, 3
jnz loc_40ACA4 ; default
loc_40ABA9: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aAsin ; jumptable 0040AC09 case 1009
jmp short loc_40AB4C
; ---------------------------------------------------------------------------
loc_40ABB2: ; CODE XREF: sub_40AA2F+16F�j
; sub_40AA2F+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aAcos ; jumptable 0040AC09 case 1008
jmp short loc_40AB4C
; ---------------------------------------------------------------------------
loc_40ABBB: ; CODE XREF: sub_40AA2F+16A�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40ABC2: ; CODE XREF: sub_40AA2F+1E8�j
; sub_40AA2F+1F1�j ...
fld qword ptr [edi]
fstp qword ptr [esi]
jmp short loc_40AB4C
; ---------------------------------------------------------------------------
loc_40ABC8: ; CODE XREF: sub_40AA2F+167�j
; sub_40AA2F+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aPow ; jumptable 0040AC09 case 1006
jmp loc_40AB4C
; ---------------------------------------------------------------------------
loc_40ABD4: ; CODE XREF: sub_40AA2F+164�j
mov [ebp+var_28], 2
jmp loc_40AAD7
; ---------------------------------------------------------------------------
loc_40ABE0: ; CODE XREF: sub_40AA2F+161�j
fld1
jmp loc_40ACA2
; ---------------------------------------------------------------------------
loc_40ABE7: ; CODE XREF: sub_40AA2F+57�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp10 ; "exp10"
jmp loc_40AADE
; ---------------------------------------------------------------------------
loc_40ABFA: ; CODE XREF: sub_40AA2F+51�j
add ecx, 0FFFFFC18h ; switch 13 cases
cmp ecx, 0Ch
ja loc_40ACA4 ; default
jmp ds:off_40ACAB[ecx*4] ; switch jump
loc_40AC10: ; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aLog ; jumptable 0040AC09 case 1000
jmp short loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC19: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aLog10 ; jumptable 0040AC09 case 1001
jmp short loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC22: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aExp ; jumptable 0040AC09 case 1002
jmp short loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC2B: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aAtan ; jumptable 0040AC09 case 1003
jmp short loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC34: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aCeil ; jumptable 0040AC09 case 1004
jmp short loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC3D: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aFloor ; jumptable 0040AC09 case 1005
jmp loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC49: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset aModf ; jumptable 0040AC09 case 1007
jmp loc_40ABC2
; ---------------------------------------------------------------------------
loc_40AC55: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset dword_41DBD0 ; jumptable 0040AC09 case 1010
jmp short loc_40AC6E
; ---------------------------------------------------------------------------
loc_40AC5E: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset dword_41DBCC ; jumptable 0040AC09 case 1011
jmp short loc_40AC6E
; ---------------------------------------------------------------------------
loc_40AC67: ; CODE XREF: sub_40AA2F+1DA�j
; DATA XREF: .text:off_40ACAB�o
mov [ebp+var_24], offset dword_41DBC8 ; jumptable 0040AC09 case 1012
loc_40AC6E: ; CODE XREF: sub_40AA2F+22D�j
; sub_40AA2F+236�j
fld qword ptr [edi]
fmul [ebp+var_8]
fst qword ptr [esi]
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
loc_40AC7F: ; CODE XREF: sub_40AA2F+129�j
lea ecx, [ebp+var_28]
fstp [ebp+var_10]
push ecx
mov [ebp+var_28], 1
call eax
test eax, eax
pop ecx
jnz short loc_40AC9F
call sub_405B83
mov dword ptr [eax], 21h
loc_40AC9F: ; CODE XREF: sub_40AA2F+C7�j
; sub_40AA2F+D8�j ...
fld [ebp+var_10]
loc_40ACA2: ; CODE XREF: sub_40AA2F+1B3�j
fstp qword ptr [esi]
loc_40ACA4: ; CODE XREF: sub_40AA2F+9B�j
; sub_40AA2F+174�j ...
pop edi ; default
pop esi
pop ebx
leave
retn
sub_40AA2F endp
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
off_40ACAB dd offset loc_40AC10 ; DATA XREF: sub_40AA2F+1DA�r
dd offset loc_40AC19 ; jump table for switch statement
dd offset loc_40AC22
dd offset loc_40AC2B
dd offset loc_40AC34
dd offset loc_40AC3D
dd offset loc_40ABC8
dd offset loc_40AC49
dd offset loc_40ABB2
dd offset loc_40ABA9
dd offset loc_40AC55
dd offset loc_40AC5E
dd offset loc_40AC67
; =============== S U B R O U T I N E =======================================
sub_40ACDF proc near ; DATA XREF: c.7ld2ih:0041D2E0�o
and dword_4356DC, 0
call sub_40FB8A
mov dword_4356DC, eax
xor eax, eax
retn
sub_40ACDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40ACF3(double)
sub_40ACF3 proc near ; CODE XREF: sub_404170+7�j
; sub_404170+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_423DB8
call sub_41040E
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_40AD79
call sub_4102ED
test eax, eax
pop ecx
pop ecx
jle short loc_40AD5C
cmp eax, 2
jle short loc_40AD4E
cmp eax, 3
jnz short loc_40AD5C
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_4101A5
add esp, 10h
jmp short loc_40ADC0
; ---------------------------------------------------------------------------
loc_40AD4E: ; CODE XREF: sub_40ACF3+3F�j
push esi
push ebx
call sub_41040E
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_40ADC0
; ---------------------------------------------------------------------------
loc_40AD5C: ; CODE XREF: sub_40ACF3+3A�j
; sub_40ACF3+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_41DC00
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_40ADB8
; ---------------------------------------------------------------------------
loc_40AD79: ; CODE XREF: sub_40ACF3+2F�j
call sub_4102B2
fstp [ebp+var_8]
fld [ebp+arg_0]
pop ecx
fcomp [ebp+var_8]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_40AD9E
loc_40AD90: ; CODE XREF: sub_40ACF3+AE�j
push esi
push ebx
call sub_41040E
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_40ADC0
; ---------------------------------------------------------------------------
loc_40AD9E: ; CODE XREF: sub_40ACF3+9B�j
test bl, 20h
jnz short loc_40AD90
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_40ADB8: ; CODE XREF: sub_40ACF3+84�j
call sub_4101F8
add esp, 1Ch
loc_40ADC0: ; CODE XREF: sub_40ACF3+59�j
; sub_40ACF3+67�j ...
pop esi
pop ebx
leave
retn
sub_40ACF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ADC4 proc near ; CODE XREF: .text:0040448B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_4056CA
mov esi, eax
test esi, esi
jnz short loc_40ADE3
push [ebp+arg_4]
call ds:off_41D198
jmp loc_40AF30
; ---------------------------------------------------------------------------
loc_40ADE3: ; CODE XREF: sub_40ADC4+F�j
mov edx, [esi+5Ch]
mov eax, dword_423E44
push edi
mov edi, [ebp+arg_0]
mov ecx, edx
push ebx
loc_40ADF2: ; CODE XREF: sub_40ADC4+3E�j
cmp [ecx], edi
jz short loc_40AE04
mov ebx, eax
imul ebx, 0Ch
add ecx, 0Ch
add ebx, edx
cmp ecx, ebx
jb short loc_40ADF2
loc_40AE04: ; CODE XREF: sub_40ADC4+30�j
imul eax, 0Ch
add eax, edx
cmp ecx, eax
jnb short loc_40AE15
cmp [ecx], edi
jnz short loc_40AE15
mov eax, ecx
jmp short loc_40AE17
; ---------------------------------------------------------------------------
loc_40AE15: ; CODE XREF: sub_40ADC4+47�j
; sub_40ADC4+4B�j
xor eax, eax
loc_40AE17: ; CODE XREF: sub_40ADC4+4F�j
test eax, eax
jz short loc_40AE25
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+var_4], ebx
jnz short loc_40AE33
loc_40AE25: ; CODE XREF: sub_40ADC4+55�j
push [ebp+arg_4]
call ds:off_41D198
jmp loc_40AF2E
; ---------------------------------------------------------------------------
loc_40AE33: ; CODE XREF: sub_40ADC4+5F�j
cmp ebx, 5
jnz short loc_40AE44
and dword ptr [eax+8], 0
xor eax, eax
inc eax
jmp loc_40AF2E
; ---------------------------------------------------------------------------
loc_40AE44: ; CODE XREF: sub_40ADC4+72�j
cmp ebx, 1
jz loc_40AF2B
mov ecx, [esi+60h]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_4]
mov [esi+60h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_40AF1D
mov ecx, dword_423E38
mov edi, dword_423E3C
mov edx, ecx
add edi, ecx
cmp edx, edi
jge short loc_40AE9D
imul ecx, 0Ch
loc_40AE7C: ; CODE XREF: sub_40ADC4+D4�j
mov edi, [esi+5Ch]
and dword ptr [ecx+edi+8], 0
mov edi, dword_423E38
mov ebx, dword_423E3C
inc edx
add ebx, edi
add ecx, 0Ch
cmp edx, ebx
jl short loc_40AE7C
mov ebx, [ebp+var_4]
loc_40AE9D: ; CODE XREF: sub_40ADC4+B3�j
mov eax, [eax]
cmp eax, 0C000008Eh
mov edi, [esi+64h]
jnz short loc_40AEB2
mov dword ptr [esi+64h], 83h
jmp short loc_40AF10
; ---------------------------------------------------------------------------
loc_40AEB2: ; CODE XREF: sub_40ADC4+E3�j
cmp eax, 0C0000090h
jnz short loc_40AEC2
mov dword ptr [esi+64h], 81h
jmp short loc_40AF10
; ---------------------------------------------------------------------------
loc_40AEC2: ; CODE XREF: sub_40ADC4+F3�j
cmp eax, 0C0000091h
jnz short loc_40AED2
mov dword ptr [esi+64h], 84h
jmp short loc_40AF10
; ---------------------------------------------------------------------------
loc_40AED2: ; CODE XREF: sub_40ADC4+103�j
cmp eax, 0C0000093h
jnz short loc_40AEE2
mov dword ptr [esi+64h], 85h
jmp short loc_40AF10
; ---------------------------------------------------------------------------
loc_40AEE2: ; CODE XREF: sub_40ADC4+113�j
cmp eax, 0C000008Dh
jnz short loc_40AEF2
mov dword ptr [esi+64h], 82h
jmp short loc_40AF10
; ---------------------------------------------------------------------------
loc_40AEF2: ; CODE XREF: sub_40ADC4+123�j
cmp eax, 0C000008Fh
jnz short loc_40AF02
mov dword ptr [esi+64h], 86h
jmp short loc_40AF10
; ---------------------------------------------------------------------------
loc_40AF02: ; CODE XREF: sub_40ADC4+133�j
cmp eax, 0C0000092h
jnz short loc_40AF10
mov dword ptr [esi+64h], 8Ah
loc_40AF10: ; CODE XREF: sub_40ADC4+EC�j
; sub_40ADC4+FC�j ...
push dword ptr [esi+64h]
push 8
call ebx
pop ecx
mov [esi+64h], edi
jmp short loc_40AF24
; ---------------------------------------------------------------------------
loc_40AF1D: ; CODE XREF: sub_40ADC4+9B�j
and dword ptr [eax+8], 0
push ecx
call ebx
loc_40AF24: ; CODE XREF: sub_40ADC4+157�j
mov eax, [ebp+var_8]
pop ecx
mov [esi+60h], eax
loc_40AF2B: ; CODE XREF: sub_40ADC4+83�j
or eax, 0FFFFFFFFh
loc_40AF2E: ; CODE XREF: sub_40ADC4+6A�j
; sub_40ADC4+7B�j
pop ebx
pop edi
loc_40AF30: ; CODE XREF: sub_40ADC4+1A�j
pop esi
leave
retn
sub_40ADC4 endp
; =============== S U B R O U T I N E =======================================
sub_40AF33 proc near ; CODE XREF: .text:loc_404448�p
push esi
push edi
xor edi, edi
cmp dword_436834, edi
jnz short loc_40AF44
call sub_4051B3
loc_40AF44: ; CODE XREF: sub_40AF33+A�j
mov esi, dword_436858
test esi, esi
jnz short loc_40AF53
mov esi, offset word_41D492
loc_40AF53: ; CODE XREF: sub_40AF33+19�j
; sub_40AF33+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_40AF61
test al, al
jz short loc_40AF8B
test edi, edi
jz short loc_40AF85
loc_40AF61: ; CODE XREF: sub_40AF33+24�j
cmp al, 22h
jnz short loc_40AF6E
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_40AF6E: ; CODE XREF: sub_40AF33+30�j
movzx eax, al
push eax
call sub_41054E
test eax, eax
pop ecx
jz short loc_40AF7D
inc esi
loc_40AF7D: ; CODE XREF: sub_40AF33+47�j
inc esi
jmp short loc_40AF53
; ---------------------------------------------------------------------------
loc_40AF80: ; CODE XREF: sub_40AF33+56�j
cmp al, 20h
ja short loc_40AF8B
inc esi
loc_40AF85: ; CODE XREF: sub_40AF33+2C�j
mov al, [esi]
test al, al
jnz short loc_40AF80
loc_40AF8B: ; CODE XREF: sub_40AF33+28�j
; sub_40AF33+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_40AF33 endp
; =============== S U B R O U T I N E =======================================
sub_40AF90 proc near ; CODE XREF: .text:loc_404425�p
push ebx
xor ebx, ebx
cmp dword_436834, ebx
push esi
push edi
jnz short loc_40AFA2
call sub_4051B3
loc_40AFA2: ; CODE XREF: sub_40AF90+B�j
mov esi, dword_4274D4
xor edi, edi
cmp esi, ebx
jnz short loc_40AFC6
loc_40AFAE: ; CODE XREF: sub_40AF90+51�j
or eax, 0FFFFFFFFh
jmp loc_40B051
; ---------------------------------------------------------------------------
loc_40AFB6: ; CODE XREF: sub_40AF90+3A�j
cmp al, 3Dh
jz short loc_40AFBB
inc edi
loc_40AFBB: ; CODE XREF: sub_40AF90+28�j
push esi
call sub_4044E0
pop ecx
lea esi, [esi+eax+1]
loc_40AFC6: ; CODE XREF: sub_40AF90+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_40AFB6
push 4
inc edi
push edi
call sub_407B2A
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
mov dword_4279D8, edi
jz short loc_40AFAE
mov esi, dword_4274D4
push ebp
jmp short loc_40B02C
; ---------------------------------------------------------------------------
loc_40AFEC: ; CODE XREF: sub_40AF90+9E�j
push esi
call sub_4044E0
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_40B02A
push 1
push ebp
call sub_407B2A
cmp eax, ebx
pop ecx
pop ecx
mov [edi], eax
jz short loc_40B055
push esi
push ebp
push eax
call sub_407A85
add esp, 0Ch
test eax, eax
jz short loc_40B027
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4031FD
add esp, 14h
loc_40B027: ; CODE XREF: sub_40AF90+88�j
add edi, 4
loc_40B02A: ; CODE XREF: sub_40AF90+69�j
add esi, ebp
loc_40B02C: ; CODE XREF: sub_40AF90+5A�j
cmp [esi], bl
jnz short loc_40AFEC
push dword_4274D4
call sub_4039C3
mov dword_4274D4, ebx
mov [edi], ebx
mov dword_436828, 1
xor eax, eax
loc_40B04F: ; CODE XREF: sub_40AF90+D9�j
pop ecx
pop ebp
loc_40B051: ; CODE XREF: sub_40AF90+21�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40B055: ; CODE XREF: sub_40AF90+79�j
push dword_4279D8
call sub_4039C3
mov dword_4279D8, ebx
or eax, 0FFFFFFFFh
jmp short loc_40B04F
sub_40AF90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B06B proc near ; CODE XREF: sub_40B203+55�p
; sub_40B203+96�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_8]
push ebx
xor eax, eax
cmp [ebp+arg_0], eax
push esi
mov [edi], eax
mov esi, edx
mov edx, [ebp+arg_4]
mov dword ptr [ecx], 1
jz short loc_40B091
mov ebx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ebx], edx
loc_40B091: ; CODE XREF: sub_40B06B+1B�j
mov [ebp+var_4], eax
loc_40B094: ; CODE XREF: sub_40B06B+7E�j
; sub_40B06B+88�j
cmp byte ptr [esi], 22h
jnz short loc_40B0A9
xor eax, eax
cmp [ebp+var_4], eax
mov bl, 22h
setz al
inc esi
mov [ebp+var_4], eax
jmp short loc_40B0E5
; ---------------------------------------------------------------------------
loc_40B0A9: ; CODE XREF: sub_40B06B+2C�j
inc dword ptr [edi]
test edx, edx
jz short loc_40B0B7
mov al, [esi]
mov [edx], al
inc edx
mov [ebp+arg_4], edx
loc_40B0B7: ; CODE XREF: sub_40B06B+42�j
mov bl, [esi]
movzx eax, bl
push eax
inc esi
call sub_41054E
test eax, eax
pop ecx
jz short loc_40B0DB
inc dword ptr [edi]
cmp [ebp+arg_4], 0
jz short loc_40B0DA
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
loc_40B0DA: ; CODE XREF: sub_40B06B+63�j
inc esi
loc_40B0DB: ; CODE XREF: sub_40B06B+5B�j
test bl, bl
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
jz short loc_40B117
loc_40B0E5: ; CODE XREF: sub_40B06B+3C�j
cmp [ebp+var_4], 0
jnz short loc_40B094
cmp bl, 20h
jz short loc_40B0F5
cmp bl, 9
jnz short loc_40B094
loc_40B0F5: ; CODE XREF: sub_40B06B+83�j
test edx, edx
jz short loc_40B0FD
mov byte ptr [edx-1], 0
loc_40B0FD: ; CODE XREF: sub_40B06B+8C�j
; sub_40B06B+AD�j
and [ebp+var_4], 0
loc_40B101: ; CODE XREF: sub_40B06B+183�j
cmp byte ptr [esi], 0
jz loc_40B1F3
loc_40B10A: ; CODE XREF: sub_40B06B+AA�j
mov al, [esi]
cmp al, 20h
jz short loc_40B114
cmp al, 9
jnz short loc_40B11A
loc_40B114: ; CODE XREF: sub_40B06B+A3�j
inc esi
jmp short loc_40B10A
; ---------------------------------------------------------------------------
loc_40B117: ; CODE XREF: sub_40B06B+78�j
dec esi
jmp short loc_40B0FD
; ---------------------------------------------------------------------------
loc_40B11A: ; CODE XREF: sub_40B06B+A7�j
cmp byte ptr [esi], 0
jz loc_40B1F3
cmp [ebp+arg_0], 0
jz short loc_40B132
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov [eax], edx
loc_40B132: ; CODE XREF: sub_40B06B+BC�j
inc dword ptr [ecx]
loc_40B134: ; CODE XREF: sub_40B06B+16E�j
xor ebx, ebx
inc ebx
xor ecx, ecx
jmp short loc_40B13D
; ---------------------------------------------------------------------------
loc_40B13B: ; CODE XREF: sub_40B06B+D5�j
inc esi
inc ecx
loc_40B13D: ; CODE XREF: sub_40B06B+CE�j
cmp byte ptr [esi], 5Ch
jz short loc_40B13B
cmp byte ptr [esi], 22h
jnz short loc_40B16D
test cl, 1
jnz short loc_40B16B
cmp [ebp+var_4], 0
jz short loc_40B15E
lea eax, [esi+1]
cmp byte ptr [eax], 22h
jnz short loc_40B15E
mov esi, eax
jmp short loc_40B16B
; ---------------------------------------------------------------------------
loc_40B15E: ; CODE XREF: sub_40B06B+E5�j
; sub_40B06B+ED�j
xor eax, eax
xor ebx, ebx
cmp [ebp+var_4], eax
setz al
mov [ebp+var_4], eax
loc_40B16B: ; CODE XREF: sub_40B06B+DF�j
; sub_40B06B+F1�j
shr ecx, 1
loc_40B16D: ; CODE XREF: sub_40B06B+DA�j
test ecx, ecx
jz short loc_40B183
loc_40B171: ; CODE XREF: sub_40B06B+113�j
dec ecx
test edx, edx
jz short loc_40B17A
mov byte ptr [edx], 5Ch
inc edx
loc_40B17A: ; CODE XREF: sub_40B06B+109�j
inc dword ptr [edi]
test ecx, ecx
jnz short loc_40B171
mov [ebp+arg_4], edx
loc_40B183: ; CODE XREF: sub_40B06B+104�j
mov al, [esi]
test al, al
jz short loc_40B1DE
cmp [ebp+var_4], 0
jnz short loc_40B197
cmp al, 20h
jz short loc_40B1DE
cmp al, 9
jz short loc_40B1DE
loc_40B197: ; CODE XREF: sub_40B06B+122�j
test ebx, ebx
jz short loc_40B1D8
test edx, edx
movsx eax, al
push eax
jz short loc_40B1C6
call sub_41054E
test eax, eax
pop ecx
jz short loc_40B1BA
mov al, [esi]
mov ecx, [ebp+arg_4]
inc [ebp+arg_4]
mov [ecx], al
inc esi
inc dword ptr [edi]
loc_40B1BA: ; CODE XREF: sub_40B06B+140�j
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
jmp short loc_40B1D3
; ---------------------------------------------------------------------------
loc_40B1C6: ; CODE XREF: sub_40B06B+136�j
call sub_41054E
test eax, eax
pop ecx
jz short loc_40B1D3
inc esi
inc dword ptr [edi]
loc_40B1D3: ; CODE XREF: sub_40B06B+159�j
; sub_40B06B+163�j
inc dword ptr [edi]
mov edx, [ebp+arg_4]
loc_40B1D8: ; CODE XREF: sub_40B06B+12E�j
inc esi
jmp loc_40B134
; ---------------------------------------------------------------------------
loc_40B1DE: ; CODE XREF: sub_40B06B+11C�j
; sub_40B06B+126�j ...
test edx, edx
jz short loc_40B1E9
mov byte ptr [edx], 0
inc edx
mov [ebp+arg_4], edx
loc_40B1E9: ; CODE XREF: sub_40B06B+175�j
inc dword ptr [edi]
mov ecx, [ebp+arg_8]
jmp loc_40B101
; ---------------------------------------------------------------------------
loc_40B1F3: ; CODE XREF: sub_40B06B+99�j
; sub_40B06B+B2�j
mov eax, [ebp+arg_0]
test eax, eax
pop esi
pop ebx
jz short loc_40B1FF
and dword ptr [eax], 0
loc_40B1FF: ; CODE XREF: sub_40B06B+18F�j
inc dword ptr [ecx]
leave
retn
sub_40B06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B203 proc near ; CODE XREF: .text:00404414�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
cmp dword_436834, ebx
push esi
push edi
jnz short loc_40B21B
call sub_4051B3
loc_40B21B: ; CODE XREF: sub_40B203+11�j
push 104h
mov esi, offset dword_427D38
push esi
push ebx
mov byte_427E3C, bl
call ds:off_41D060
mov eax, dword_436858
cmp eax, ebx
mov dword_4279E8, esi
jz short loc_40B249
cmp [eax], bl
mov [ebp+var_4], eax
jnz short loc_40B24C
loc_40B249: ; CODE XREF: sub_40B203+3D�j
mov [ebp+var_4], esi
loc_40B24C: ; CODE XREF: sub_40B203+44�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
lea edi, [ebp+var_C]
call sub_40B06B
mov eax, [ebp+var_8]
add esp, 0Ch
cmp eax, 3FFFFFFFh
jnb short loc_40B2B4
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnb short loc_40B2B4
mov edi, eax
shl edi, 2
lea eax, [edi+ecx]
cmp eax, ecx
jb short loc_40B2B4
push eax
call sub_407AEA
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_40B2B4
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
add edi, esi
push edi
push esi
lea edi, [ebp+var_C]
call sub_40B06B
mov eax, [ebp+var_8]
add esp, 0Ch
dec eax
mov dword_4279CC, eax
mov dword_4279D0, esi
xor eax, eax
jmp short loc_40B2B7
; ---------------------------------------------------------------------------
loc_40B2B4: ; CODE XREF: sub_40B203+65�j
; sub_40B203+6D�j ...
or eax, 0FFFFFFFFh
loc_40B2B7: ; CODE XREF: sub_40B203+AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B203 endp
; =============== S U B R O U T I N E =======================================
sub_40B2BC proc near ; CODE XREF: .text:0040440A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_427E40
push ebx
push ebp
push esi
push edi
mov edi, ds:off_41D130
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_40B305
call edi ; dword_445DD4
mov esi, eax
cmp esi, ebx
jz short loc_40B2EC
mov dword_427E40, 1
jmp short loc_40B30E
; ---------------------------------------------------------------------------
loc_40B2EC: ; CODE XREF: sub_40B2BC+22�j
call ds:off_41D0EC
cmp eax, 78h
jnz short loc_40B300
mov eax, ebp
mov dword_427E40, eax
jmp short loc_40B305
; ---------------------------------------------------------------------------
loc_40B300: ; CODE XREF: sub_40B2BC+39�j
mov eax, dword_427E40
loc_40B305: ; CODE XREF: sub_40B2BC+1A�j
; sub_40B2BC+42�j
cmp eax, 1
jnz loc_40B392
loc_40B30E: ; CODE XREF: sub_40B2BC+2E�j
cmp esi, ebx
jnz short loc_40B321
call edi ; dword_445DD4
mov esi, eax
cmp esi, ebx
jnz short loc_40B321
loc_40B31A: ; CODE XREF: sub_40B2BC+DC�j
; sub_40B2BC+E8�j ...
xor eax, eax
jmp loc_40B3EA
; ---------------------------------------------------------------------------
loc_40B321: ; CODE XREF: sub_40B2BC+54�j
; sub_40B2BC+5C�j
cmp [esi], bx
mov eax, esi
jz short loc_40B336
loc_40B328: ; CODE XREF: sub_40B2BC+71�j
; sub_40B2BC+78�j
add eax, ebp
cmp [eax], bx
jnz short loc_40B328
add eax, ebp
cmp [eax], bx
jnz short loc_40B328
loc_40B336: ; CODE XREF: sub_40B2BC+6A�j
mov edi, ds:off_41D134
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_4482CC
mov ebp, eax
cmp ebp, ebx
jz short loc_40B387
push ebp
call sub_407AEA
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_40B387
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_4482CC
test eax, eax
jnz short loc_40B383
push [esp+18h+var_8]
call sub_4039C3
pop ecx
mov [esp+18h+var_8], ebx
loc_40B383: ; CODE XREF: sub_40B2BC+B7�j
mov ebx, [esp+18h+var_8]
loc_40B387: ; CODE XREF: sub_40B2BC+97�j
; sub_40B2BC+A6�j
push esi
call ds:off_41D138
mov eax, ebx
jmp short loc_40B3EA
; ---------------------------------------------------------------------------
loc_40B392: ; CODE XREF: sub_40B2BC+4C�j
cmp eax, ebp
jz short loc_40B39A
cmp eax, ebx
jnz short loc_40B31A
loc_40B39A: ; CODE XREF: sub_40B2BC+D8�j
call ds:off_41D13C
mov esi, eax
cmp esi, ebx
jz loc_40B31A
cmp [esi], bl
jz short loc_40B3B8
loc_40B3AE: ; CODE XREF: sub_40B2BC+F5�j
; sub_40B2BC+FA�j
inc eax
cmp [eax], bl
jnz short loc_40B3AE
inc eax
cmp [eax], bl
jnz short loc_40B3AE
loc_40B3B8: ; CODE XREF: sub_40B2BC+F0�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_407AEA
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_40B3D6
push esi
call ds:off_41D140
jmp loc_40B31A
; ---------------------------------------------------------------------------
loc_40B3D6: ; CODE XREF: sub_40B2BC+10C�j
push ebp
push esi
push edi
call sub_407FA0
add esp, 0Ch
push esi
call ds:off_41D140
mov eax, edi
loc_40B3EA: ; CODE XREF: sub_40B2BC+60�j
; sub_40B2BC+D4�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_40B2BC endp
; =============== S U B R O U T I N E =======================================
sub_40B3F1 proc near ; CODE XREF: .text:loc_4043E6�p
push esi
push edi
mov eax, offset dword_4215A0
mov edi, offset dword_4215A0
cmp eax, edi
mov esi, eax
jnb short loc_40B412
loc_40B403: ; CODE XREF: sub_40B3F1+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B40B
call eax
loc_40B40B: ; CODE XREF: sub_40B3F1+16�j
add esi, 4
cmp esi, edi
jb short loc_40B403
loc_40B412: ; CODE XREF: sub_40B3F1+10�j
pop edi
pop esi
retn
sub_40B3F1 endp
; =============== S U B R O U T I N E =======================================
sub_40B415 proc near ; DATA XREF: sub_407D29+3F�o
push esi
push edi
mov eax, offset dword_4215A8
mov edi, offset dword_4215A8
cmp eax, edi
mov esi, eax
jnb short loc_40B436
loc_40B427: ; CODE XREF: sub_40B415+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B42F
call eax
loc_40B42F: ; CODE XREF: sub_40B415+16�j
add esi, 4
cmp esi, edi
jb short loc_40B427
loc_40B436: ; CODE XREF: sub_40B415+10�j
pop edi
pop esi
retn
sub_40B415 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B439 proc near ; CODE XREF: .text:004044D2�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push edi
mov edi, 0BB40E64Eh
cmp eax, edi
mov ebx, 0FFFF0000h
jz short loc_40B469
test eax, ebx
jz short loc_40B469
not eax
mov dword_423068, eax
jmp short loc_40B4C9
; ---------------------------------------------------------------------------
loc_40B469: ; CODE XREF: sub_40B439+21�j
; sub_40B439+25�j
push esi
lea eax, [ebp+var_8]
push eax
call ds:off_41D1A0
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:off_41D194
xor esi, eax
call ds:off_41D0DC
xor esi, eax
call ds:off_41D104
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:off_41D058
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
cmp esi, edi
jnz short loc_40B4AF
mov esi, 0BB40E64Fh
jmp short loc_40B4BA
; ---------------------------------------------------------------------------
loc_40B4AF: ; CODE XREF: sub_40B439+6D�j
test esi, ebx
jnz short loc_40B4BA
mov eax, esi
shl eax, 10h
or esi, eax
loc_40B4BA: ; CODE XREF: sub_40B439+74�j
; sub_40B439+78�j
mov dword_423064, esi
not esi
mov dword_423068, esi
pop esi
loc_40B4C9: ; CODE XREF: sub_40B439+2E�j
pop edi
pop ebx
leave
retn
sub_40B439 endp
; =============== S U B R O U T I N E =======================================
sub_40B4CD proc near ; DATA XREF: sub_40B539�o
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
mov eax, [edi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B506
cmp dword ptr [eax+10h], 3
jnz short loc_40B506
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_40B501
cmp eax, 19930521h
jz short loc_40B501
cmp eax, 19930522h
jz short loc_40B501
cmp eax, 1994000h
jnz short loc_40B506
loc_40B501: ; CODE XREF: sub_40B4CD+1D�j
; sub_40B4CD+24�j ...
call sub_40C208
loc_40B506: ; CODE XREF: sub_40B4CD+D�j
; sub_40B4CD+13�j ...
cmp byte_427E48, 0
push esi
jz short loc_40B532
push dword_427E44
call sub_405543
mov esi, eax
test esi, esi
pop ecx
jz short loc_40B532
push esi
call sub_410561
test eax, eax
pop ecx
jz short loc_40B532
push edi
call esi
jmp short loc_40B534
; ---------------------------------------------------------------------------
loc_40B532: ; CODE XREF: sub_40B4CD+41�j
; sub_40B4CD+53�j ...
xor eax, eax
loc_40B534: ; CODE XREF: sub_40B4CD+63�j
pop esi
pop edi
retn 4
sub_40B4CD endp
; =============== S U B R O U T I N E =======================================
sub_40B539 proc near ; DATA XREF: c.7ld2ih:0041D2E8�o
push offset sub_40B4CD
call ds:off_41D19C
push eax
call sub_4054D7
mov dword_427E44, eax
pop ecx
mov byte_427E48, 1
xor eax, eax
retn
sub_40B539 endp
; =============== S U B R O U T I N E =======================================
sub_40B55A proc near ; DATA XREF: c.7ld2ih:0041D304�o
cmp byte_427E48, 0
jz short locret_40B57D
push dword_427E44
call sub_405543
pop ecx
push eax
call ds:off_41D19C
mov byte_427E48, 0
locret_40B57D: ; CODE XREF: sub_40B55A+7�j
retn
sub_40B55A endp
; ---------------------------------------------------------------------------
mov dword ptr [ecx], offset off_41DC34
jmp sub_40308A
; ---------------------------------------------------------------------------
loc_40B589: ; DATA XREF: c.7ld2ih:off_41DC34�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41DC34
call sub_40308A
test byte ptr [esp+8], 1
jz short loc_40B5A5
push esi
call sub_40332D
pop ecx
loc_40B5A5: ; CODE XREF: .text:0040B59C�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40B5AB proc near ; CODE XREF: sub_40B7EA+4E�p
; sub_40BDB6+21A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_40B601
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_40B601
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_40B5DF
add ecx, 8
push ecx
push edx
call sub_408380
test eax, eax
pop ecx
pop ecx
jz short loc_40B5DF
loc_40B5DB: ; CODE XREF: sub_40B5AB+3C�j
; sub_40B5AB+4B�j ...
xor eax, eax
jmp short loc_40B604
; ---------------------------------------------------------------------------
loc_40B5DF: ; CODE XREF: sub_40B5AB+1E�j
; sub_40B5AB+2E�j
test byte ptr [esi], 2
jz short loc_40B5E9
test byte ptr [edi], 8
jz short loc_40B5DB
loc_40B5E9: ; CODE XREF: sub_40B5AB+37�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_40B5F8
test byte ptr [edi], 1
jz short loc_40B5DB
loc_40B5F8: ; CODE XREF: sub_40B5AB+46�j
test al, 2
jz short loc_40B601
test byte ptr [edi], 2
jz short loc_40B5DB
loc_40B601: ; CODE XREF: sub_40B5AB+B�j
; sub_40B5AB+13�j ...
xor eax, eax
inc eax
loc_40B604: ; CODE XREF: sub_40B5AB+32�j
pop edi
pop esi
retn
sub_40B5AB endp
; =============== S U B R O U T I N E =======================================
sub_40B607 proc near ; CODE XREF: sub_40B64B+85�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0E0434F4Dh
jz short loc_40B62E
cmp eax, 0E06D7363h
jnz short loc_40B648
call sub_40574D
and dword ptr [eax+90h], 0
jmp sub_40C208
; ---------------------------------------------------------------------------
loc_40B62E: ; CODE XREF: sub_40B607+D�j
call sub_40574D
cmp dword ptr [eax+90h], 0
jle short loc_40B648
call sub_40574D
add eax, 90h
dec dword ptr [eax]
loc_40B648: ; CODE XREF: sub_40B607+14�j
; sub_40B607+33�j
xor eax, eax
retn
sub_40B607 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B64B proc near ; CODE XREF: sub_40B8AC+EC�p
; sub_40BC58+36�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset dword_4218F0
call __SEH_prolog4
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
cmp dword ptr [edi+4], 80h
jg short loc_40B66C
movsx esi, byte ptr [ebx+8]
jmp short loc_40B66F
; ---------------------------------------------------------------------------
loc_40B66C: ; CODE XREF: sub_40B64B+19�j
mov esi, [ebx+8]
loc_40B66F: ; CODE XREF: sub_40B64B+1F�j
mov [ebp+var_1C], esi
call sub_40574D
add eax, 90h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
loc_40B682: ; CODE XREF: sub_40B64B+9F�j
cmp esi, [ebp+arg_C]
jz short loc_40B6EC
cmp esi, 0FFFFFFFFh
jle short loc_40B691
cmp esi, [edi+4]
jl short loc_40B696
loc_40B691: ; CODE XREF: sub_40B64B+3F�j
call sub_40C254
loc_40B696: ; CODE XREF: sub_40B64B+44�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_40B6C7
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_40C2A0
loc_40B6C7: ; CODE XREF: sub_40B64B+65�j
and [ebp+ms_exc.disabled], 0
jmp short loc_40B6E7
; ---------------------------------------------------------------------------
push [ebp+ms_exc.exc_ptr]
call sub_40B607
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_40B6E7: ; CODE XREF: sub_40B64B+80�j
mov [ebp+var_1C], esi
jmp short loc_40B682
; ---------------------------------------------------------------------------
loc_40B6EC: ; CODE XREF: sub_40B64B+3A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40B711
cmp esi, [ebp+arg_C]
jz short loc_40B702
call sub_40C254
loc_40B702: ; CODE XREF: sub_40B64B+B0�j
mov [ebx+8], esi
call __SEH_epilog4
retn
sub_40B64B endp
; ---------------------------------------------------------------------------
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
; =============== S U B R O U T I N E =======================================
sub_40B711 proc near ; CODE XREF: sub_40B64B+A8�p
call sub_40574D
cmp dword ptr [eax+90h], 0
jle short locret_40B72B
call sub_40574D
add eax, 90h
dec dword ptr [eax]
locret_40B72B: ; CODE XREF: sub_40B711+C�j
retn
sub_40B711 endp
; =============== S U B R O U T I N E =======================================
sub_40B72C proc near ; CODE XREF: sub_40B8AC+93�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B76E
cmp dword ptr [eax+10h], 3
jnz short loc_40B76E
mov ecx, [eax+14h]
cmp ecx, 19930520h
jz short loc_40B757
cmp ecx, 19930521h
jz short loc_40B757
cmp ecx, 19930522h
jnz short loc_40B76E
loc_40B757: ; CODE XREF: sub_40B72C+19�j
; sub_40B72C+21�j
cmp dword ptr [eax+1Ch], 0
jnz short loc_40B76E
call sub_40574D
xor ecx, ecx
inc ecx
mov [eax+20Ch], ecx
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40B76E: ; CODE XREF: sub_40B72C+8�j
; sub_40B72C+E�j ...
xor eax, eax
retn
sub_40B72C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B771 proc near ; CODE XREF: sub_4069F0+112�p
; sub_40B9D2+6E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421918
call __SEH_prolog4
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short loc_40B7AE
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40B7AE
mov eax, [ecx+1Ch]
test eax, eax
jz short loc_40B7AE
mov eax, [eax+4]
test eax, eax
jz short loc_40B7AE
and [ebp+ms_exc.disabled], 0
push eax
push dword ptr [ecx+18h]
call sub_4045E5
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40B7AE: ; CODE XREF: sub_40B771+11�j
; sub_40B771+19�j ...
call __SEH_epilog4
retn
sub_40B771 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40C208
; =============== S U B R O U T I N E =======================================
sub_40B7C5 proc near ; CODE XREF: sub_40BA48+86�p
; sub_40BA48+113�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [ecx]
push esi
mov esi, [esp+4+arg_0]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_40B7E8
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_40B7E8: ; CODE XREF: sub_40B7C5+11�j
pop esi
retn
sub_40B7C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B7EA proc near ; CODE XREF: sub_40BDB6+111�p
; sub_40BDB6+2AE�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
test edi, edi
jnz short loc_40B7FE
call sub_40C254
jmp sub_40C208
; ---------------------------------------------------------------------------
loc_40B7FE: ; CODE XREF: sub_40B7EA+8�j
and [ebp+var_8], 0
cmp dword ptr [edi], 0
mov [ebp+var_1], 0
jle short loc_40B85E
push ebx
push esi
loc_40B80D: ; CODE XREF: sub_40B7EA+70�j
mov eax, [ebp+arg_0]
mov eax, [eax+1Ch]
mov eax, [eax+0Ch]
mov ebx, [eax]
test ebx, ebx
lea esi, [eax+4]
jle short loc_40B852
mov eax, [ebp+var_8]
shl eax, 4
mov [ebp+var_C], eax
loc_40B828: ; CODE XREF: sub_40B7EA+60�j
mov ecx, [ebp+arg_0]
push dword ptr [ecx+1Ch]
mov eax, [esi]
push eax
mov eax, [edi+4]
add eax, [ebp+var_C]
push eax
call sub_40B5AB
add esp, 0Ch
test eax, eax
jnz short loc_40B84E
dec ebx
add esi, 4
test ebx, ebx
jg short loc_40B828
jmp short loc_40B852
; ---------------------------------------------------------------------------
loc_40B84E: ; CODE XREF: sub_40B7EA+58�j
mov [ebp+var_1], 1
loc_40B852: ; CODE XREF: sub_40B7EA+33�j
; sub_40B7EA+62�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [edi]
jl short loc_40B80D
pop esi
pop ebx
loc_40B85E: ; CODE XREF: sub_40B7EA+1F�j
mov al, [ebp+var_1]
leave
retn
sub_40B7EA endp
; =============== S U B R O U T I N E =======================================
sub_40B863 proc near ; CODE XREF: sub_40BDB6+30A�p
push 4
mov eax, offset loc_41C8BE
call sub_4049AF
call sub_40574D
cmp dword ptr [eax+94h], 0
jz short loc_40B882
call sub_40C254
loc_40B882: ; CODE XREF: sub_40B863+18�j
and dword ptr [ebp-4], 0
call sub_40C241
or dword ptr [ebp-4], 0FFFFFFFFh
jmp sub_40C208
sub_40B863 endp
; ---------------------------------------------------------------------------
call sub_40574D
mov ecx, [ebp+8]
push 0
push 0
mov [eax+94h], ecx
call sub_40456B
int 3 ; Trap to Debugger
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8AC proc near ; CODE XREF: sub_40BC58+57�p
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0040B9C7 SIZE 00000005 BYTES
push 2Ch
push offset dword_421990
call __SEH_prolog4
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_34], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_3C]
push eax
call sub_404889
pop ecx
pop ecx
mov [ebp+var_28], eax
call sub_40574D
mov eax, [eax+88h]
mov [ebp+var_2C], eax
call sub_40574D
mov eax, [eax+8Ch]
mov [ebp+var_30], eax
call sub_40574D
mov [eax+88h], esi
call sub_40574D
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
and [ebp+ms_exc.disabled], 0
xor eax, eax
inc eax
mov [ebp+arg_8], eax
mov [ebp+ms_exc.disabled], eax
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_40491E
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp short loc_40B9AB
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
call sub_40B72C
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_40574D
and dword ptr [eax+20Ch], 0
mov esi, [ebp+arg_C]
mov edi, [ebp+arg_4]
cmp dword ptr [esi+4], 80h
jg short loc_40B969
movsx ecx, byte ptr [edi+8]
jmp short loc_40B96C
; ---------------------------------------------------------------------------
loc_40B969: ; CODE XREF: sub_40B8AC+B5�j
mov ecx, [edi+8]
loc_40B96C: ; CODE XREF: sub_40B8AC+BB�j
mov ebx, [esi+10h]
and [ebp+var_20], 0
loc_40B973: ; CODE XREF: sub_40B8AC+11E�j
mov eax, [ebp+var_20]
cmp eax, [esi+0Ch]
jnb short loc_40B993
imul eax, 14h
add eax, ebx
mov edx, [eax+4]
cmp ecx, edx
jle short loc_40B9C7
cmp ecx, [eax+8]
jg short loc_40B9C7
mov eax, [esi+8]
mov ecx, [eax+edx*8+8]
loc_40B993: ; CODE XREF: sub_40B8AC+CD�j
push ecx
push esi
push 0
push edi
call sub_40B64B
add esp, 10h
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
loc_40B9AB: ; CODE XREF: sub_40B8AC+8E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov [ebp+arg_8], 0
call sub_40B9D2
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40B8AC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B8AC
loc_40B9C7: ; CODE XREF: sub_40B8AC+D9�j
; sub_40B8AC+DE�j
inc [ebp+var_20]
jmp short loc_40B973
; END OF FUNCTION CHUNK FOR sub_40B8AC
; ---------------------------------------------------------------------------
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_40B9D2 proc near ; CODE XREF: sub_40B8AC+10D�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-28h]
call sub_4048D2
pop ecx
call sub_40574D
mov ecx, [ebp-2Ch]
mov [eax+88h], ecx
call sub_40574D
mov ecx, [ebp-30h]
mov [eax+8Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_40BA47
cmp dword ptr [esi+10h], 3
jnz short locret_40BA47
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_40BA23
cmp eax, 19930521h
jz short loc_40BA23
cmp eax, 19930522h
jnz short locret_40BA47
loc_40BA23: ; CODE XREF: sub_40B9D2+41�j
; sub_40B9D2+48�j
cmp dword ptr [ebp-34h], 0
jnz short locret_40BA47
cmp dword ptr [ebp-1Ch], 0
jz short locret_40BA47
push dword ptr [esi+18h]
call sub_4048B1
pop ecx
test eax, eax
jz short locret_40BA47
push dword ptr [ebp+10h]
push esi
call sub_40B771
pop ecx
pop ecx
locret_40BA47: ; CODE XREF: sub_40B9D2+31�j
; sub_40B9D2+37�j ...
retn
sub_40B9D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA48 proc near ; CODE XREF: sub_40BBC7+36�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset dword_4219B8
call __SEH_prolog4
xor edx, edx
mov [ebp+var_1C], edx
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
cmp ecx, edx
jz loc_40BBBF
cmp [ecx+8], dl
jz loc_40BBBF
mov ecx, [eax+8]
cmp ecx, edx
jnz short loc_40BA83
test dword ptr [eax], 80000000h
jz loc_40BBBF
loc_40BA83: ; CODE XREF: sub_40BA48+2D�j
mov eax, [eax]
mov esi, [ebp+arg_4]
test eax, eax
js short loc_40BA90
lea esi, [ecx+esi+0Ch]
loc_40BA90: ; CODE XREF: sub_40BA48+42�j
mov [ebp+ms_exc.disabled], edx
xor ebx, ebx
inc ebx
push ebx
test al, 8
jz short loc_40BADC
mov edi, [ebp+arg_0]
push dword ptr [edi+18h]
call sub_410561
pop ecx
pop ecx
test eax, eax
jz loc_40BBA2
push ebx
push esi
call sub_410561
pop ecx
pop ecx
test eax, eax
jz loc_40BBA2
mov eax, [edi+18h]
mov [esi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_40BACD: ; CODE XREF: sub_40BA48+E7�j
push eax
call sub_40B7C5
pop ecx
pop ecx
mov [esi], eax
jmp loc_40BBA7
; ---------------------------------------------------------------------------
loc_40BADC: ; CODE XREF: sub_40BA48+51�j
mov edi, [ebp+arg_C]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
test [edi], bl
jz short loc_40BB31
call sub_410561
pop ecx
pop ecx
test eax, eax
jz loc_40BBA2
push ebx
push esi
call sub_410561
pop ecx
pop ecx
test eax, eax
jz loc_40BBA2
push dword ptr [edi+14h]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push esi
call sub_407720
add esp, 0Ch
cmp dword ptr [edi+14h], 4
jnz loc_40BBA7
mov eax, [esi]
test eax, eax
jz short loc_40BBA7
add edi, 8
push edi
jmp short loc_40BACD
; ---------------------------------------------------------------------------
loc_40BB31: ; CODE XREF: sub_40BA48+9F�j
cmp [edi+18h], edx
jnz short loc_40BB6E
call sub_410561
pop ecx
pop ecx
test eax, eax
jz short loc_40BBA2
push ebx
push esi
call sub_410561
pop ecx
pop ecx
test eax, eax
jz short loc_40BBA2
push dword ptr [edi+14h]
add edi, 8
push edi
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
call sub_40B7C5
pop ecx
pop ecx
push eax
push esi
call sub_407720
add esp, 0Ch
jmp short loc_40BBA7
; ---------------------------------------------------------------------------
loc_40BB6E: ; CODE XREF: sub_40BA48+EC�j
call sub_410561
pop ecx
pop ecx
test eax, eax
jz short loc_40BBA2
push ebx
push esi
call sub_410561
pop ecx
pop ecx
test eax, eax
jz short loc_40BBA2
push dword ptr [edi+18h]
call sub_410561
pop ecx
test eax, eax
jz short loc_40BBA2
test byte ptr [edi], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_1C], eax
jmp short loc_40BBA7
; ---------------------------------------------------------------------------
loc_40BBA2: ; CODE XREF: sub_40BA48+62�j
; sub_40BA48+73�j ...
call sub_40C254
loc_40BBA7: ; CODE XREF: sub_40BA48+8F�j
; sub_40BA48+D7�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
jmp short loc_40BBC1
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
jmp sub_40C208
; ---------------------------------------------------------------------------
loc_40BBBF: ; CODE XREF: sub_40BA48+19�j
; sub_40BA48+22�j ...
xor eax, eax
loc_40BBC1: ; CODE XREF: sub_40BA48+169�j
call __SEH_epilog4
retn
sub_40BA48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BBC7 proc near ; CODE XREF: sub_40BC58+11�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 8
push offset dword_4219D8
call __SEH_prolog4
mov eax, [ebp+arg_8]
test dword ptr [eax], 80000000h
jz short loc_40BBE3
mov ebx, [ebp+arg_4]
jmp short loc_40BBED
; ---------------------------------------------------------------------------
loc_40BBE3: ; CODE XREF: sub_40BBC7+15�j
mov ecx, [eax+8]
mov edx, [ebp+arg_4]
lea ebx, [ecx+edx+0Ch]
loc_40BBED: ; CODE XREF: sub_40BBC7+1A�j
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_C]
push esi
push eax
push [ebp+arg_4]
mov edi, [ebp+arg_0]
push edi
call sub_40BA48
add esp, 10h
dec eax
jz short loc_40BC27
dec eax
jnz short loc_40BC3F
push 1
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B7C5
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_4045E5
jmp short loc_40BC3F
; ---------------------------------------------------------------------------
loc_40BC27: ; CODE XREF: sub_40BBC7+3F�j
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B7C5
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_4045E5
loc_40BC3F: ; CODE XREF: sub_40BBC7+42�j
; sub_40BBC7+5E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call __SEH_epilog4
retn
sub_40BBC7 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40C208
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC58 proc near ; CODE XREF: sub_40BCC4+D4�p
; sub_40BDB6+25D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
cmp [ebp+arg_10], 0
jz short loc_40BC71
push [ebp+arg_10]
push ebx
push esi
push [ebp+arg_0]
call sub_40BBC7
add esp, 10h
loc_40BC71: ; CODE XREF: sub_40BC58+7�j
cmp [ebp+arg_18], 0
push [ebp+arg_0]
jnz short loc_40BC7D
push esi
jmp short loc_40BC80
; ---------------------------------------------------------------------------
loc_40BC7D: ; CODE XREF: sub_40BC58+20�j
push [ebp+arg_18]
loc_40BC80: ; CODE XREF: sub_40BC58+23�j
call sub_4045EC
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_40B64B
mov eax, [edi+4]
push 100h
push [ebp+arg_14]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_40B8AC
add esp, 28h
test eax, eax
jz short loc_40BCC2
push esi
push eax
call sub_4045B5
loc_40BCC2: ; CODE XREF: sub_40BC58+61�j
pop ebp
retn
sub_40BC58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BCC4 proc near ; CODE XREF: sub_40BDB6+336�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_40BDB3
push edi
call sub_40574D
cmp dword ptr [eax+80h], 0
jz short loc_40BD27
call sub_40574D
lea edi, [eax+80h]
call sub_40553A
cmp [edi], eax
jz short loc_40BD27
cmp dword ptr [esi], 0E0434F4Dh
jz short loc_40BD27
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4046A4
add esp, 1Ch
test eax, eax
jnz loc_40BDB2
loc_40BD27: ; CODE XREF: sub_40BCC4+22�j
; sub_40BCC4+36�j ...
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jnz short loc_40BD35
call sub_40C254
loc_40BD35: ; CODE XREF: sub_40BCC4+6A�j
mov esi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push edi
call sub_404816
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_40BDB2
push ebx
loc_40BD58: ; CODE XREF: sub_40BCC4+EB�j
cmp esi, [edi]
jl short loc_40BDA3
cmp esi, [edi+4]
jg short loc_40BDA3
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_40BD79
cmp byte ptr [ecx+8], 0
jnz short loc_40BDA3
loc_40BD79: ; CODE XREF: sub_40BCC4+AD�j
lea ebx, [eax-10h]
test byte ptr [ebx], 40h
jnz short loc_40BDA3
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_40BC58
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_40BDA3: ; CODE XREF: sub_40BCC4+96�j
; sub_40BCC4+9B�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_40BD58
pop ebx
loc_40BDB2: ; CODE XREF: sub_40BCC4+5D�j
; sub_40BCC4+91�j
pop edi
loc_40BDB3: ; CODE XREF: sub_40BCC4+F�j
pop esi
leave
retn
sub_40BCC4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BDB6 proc near ; CODE XREF: sub_40C124+D4�p
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 2Ch
mov ecx, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_10]
mov eax, [ebx+4]
cmp eax, 80h
push esi
push edi
mov [ebp+var_1], 0
jg short loc_40BDD9
movsx ecx, byte ptr [ecx+8]
jmp short loc_40BDDC
; ---------------------------------------------------------------------------
loc_40BDD9: ; CODE XREF: sub_40BDB6+1B�j
mov ecx, [ecx+8]
loc_40BDDC: ; CODE XREF: sub_40BDB6+21�j
cmp ecx, 0FFFFFFFFh
mov [ebp+var_8], ecx
jl short loc_40BDE8
cmp ecx, eax
jl short loc_40BDED
loc_40BDE8: ; CODE XREF: sub_40BDB6+2C�j
call sub_40C254
loc_40BDED: ; CODE XREF: sub_40BDB6+30�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
cmp [esi], edi
jnz loc_40C0C8
cmp dword ptr [esi+10h], 3
mov ebx, 19930520h
jnz loc_40BF35
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BE25
cmp eax, 19930521h
jz short loc_40BE25
cmp eax, 19930522h
jnz loc_40BF35
loc_40BE25: ; CODE XREF: sub_40BDB6+5B�j
; sub_40BDB6+62�j
cmp dword ptr [esi+1Ch], 0
jnz loc_40BF35
call sub_40574D
cmp dword ptr [eax+88h], 0
jz loc_40C107
call sub_40574D
mov esi, [eax+88h]
mov [ebp+arg_0], esi
call sub_40574D
mov eax, [eax+8Ch]
push 1
push esi
mov [ebp+arg_8], eax
call sub_410561
test eax, eax
pop ecx
pop ecx
jnz short loc_40BE70
call sub_40C254
loc_40BE70: ; CODE XREF: sub_40BDB6+B3�j
cmp [esi], edi
jnz short loc_40BE9A
cmp dword ptr [esi+10h], 3
jnz short loc_40BE9A
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BE8F
cmp eax, 19930521h
jz short loc_40BE8F
cmp eax, 19930522h
jnz short loc_40BE9A
loc_40BE8F: ; CODE XREF: sub_40BDB6+C9�j
; sub_40BDB6+D0�j
cmp dword ptr [esi+1Ch], 0
jnz short loc_40BE9A
call sub_40C254
loc_40BE9A: ; CODE XREF: sub_40BDB6+BC�j
; sub_40BDB6+C2�j ...
call sub_40574D
cmp dword ptr [eax+94h], 0
jz loc_40BF35
call sub_40574D
mov edi, [eax+94h]
call sub_40574D
push [ebp+arg_0]
xor esi, esi
mov [eax+94h], esi
call sub_40B7EA
test al, al
pop ecx
jnz short loc_40BF2D
xor ebx, ebx
cmp [edi], ebx
jle short loc_40BEF4
loc_40BED7: ; CODE XREF: sub_40BDB6+13C�j
mov eax, [edi+4]
mov ecx, [ebx+eax+4]
push offset dword_423E50
call sub_4033D7
test al, al
jnz short loc_40BEF9
inc esi
add ebx, 10h
cmp esi, [edi]
jl short loc_40BED7
loc_40BEF4: ; CODE XREF: sub_40BDB6+11F�j
; sub_40BDB6+31C�j
jmp sub_40C208
; ---------------------------------------------------------------------------
loc_40BEF9: ; CODE XREF: sub_40BDB6+134�j
push 1
push [ebp+arg_0]
call sub_40B771
pop ecx
pop ecx
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_2C]
mov [ebp+arg_0], offset dword_41DC3C
call sub_402FCC
push offset dword_4219F4
lea eax, [ebp+var_2C]
push eax
mov [ebp+var_2C], offset off_41DC34
call sub_40456B
loc_40BF2D: ; CODE XREF: sub_40BDB6+119�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
loc_40BF35: ; CODE XREF: sub_40BDB6+50�j
; sub_40BDB6+69�j ...
cmp [esi], edi
jnz loc_40C0C5
cmp dword ptr [esi+10h], 3
jnz loc_40C0C5
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BF60
cmp eax, 19930521h
jz short loc_40BF60
cmp eax, 19930522h
jnz loc_40C0C5
loc_40BF60: ; CODE XREF: sub_40BDB6+196�j
; sub_40BDB6+19D�j
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jbe loc_40C02C
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+arg_18]
push edi
call sub_404816
add esp, 14h
mov edi, eax
loc_40BF86: ; CODE XREF: sub_40BDB6+26E�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_1C]
jnb loc_40C029
mov eax, [ebp+var_8]
cmp [edi], eax
jg loc_40C01E
cmp eax, [edi+4]
jg short loc_40C01E
mov eax, [edi+10h]
mov [ebp+var_C], eax
mov eax, [edi+0Ch]
test eax, eax
mov [ebp+var_18], eax
jle short loc_40C01E
loc_40BFB2: ; CODE XREF: sub_40BDB6+23C�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea ebx, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_14], eax
jle short loc_40BFE7
loc_40BFC4: ; CODE XREF: sub_40BDB6+22F�j
push dword ptr [esi+1Ch]
mov eax, [ebx]
push eax
push [ebp+var_C]
mov [ebp+var_20], eax
call sub_40B5AB
add esp, 0Ch
test eax, eax
jnz short loc_40BFF6
dec [ebp+var_14]
add ebx, 4
cmp [ebp+var_14], eax
jg short loc_40BFC4
loc_40BFE7: ; CODE XREF: sub_40BDB6+20C�j
dec [ebp+var_18]
add [ebp+var_C], 10h
cmp [ebp+var_18], 0
jg short loc_40BFB2
jmp short loc_40C01E
; ---------------------------------------------------------------------------
loc_40BFF6: ; CODE XREF: sub_40BDB6+224�j
push [ebp+arg_1C]
mov ebx, [ebp+var_C]
push [ebp+arg_18]
mov [ebp+var_1], 1
push [ebp+var_20]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
call sub_40BC58
mov esi, [ebp+arg_0]
add esp, 1Ch
loc_40C01E: ; CODE XREF: sub_40BDB6+1E1�j
; sub_40BDB6+1EA�j ...
inc [ebp+var_10]
add edi, 14h
jmp loc_40BF86
; ---------------------------------------------------------------------------
loc_40C029: ; CODE XREF: sub_40BDB6+1D6�j
mov edi, [ebp+arg_10]
loc_40C02C: ; CODE XREF: sub_40BDB6+1B1�j
cmp [ebp+arg_14], 0
jz short loc_40C03C
push 1
push esi
call sub_40B771
pop ecx
pop ecx
loc_40C03C: ; CODE XREF: sub_40BDB6+27A�j
cmp [ebp+var_1], 0
jnz loc_40C0F4
mov eax, [edi]
and eax, 1FFFFFFFh
cmp eax, 19930521h
jb loc_40C0F4
mov edi, [edi+1Ch]
test edi, edi
jz loc_40C0F4
push esi
call sub_40B7EA
test al, al
pop ecx
jnz loc_40C0F4
call sub_40574D
call sub_40574D
call sub_40574D
mov [eax+88h], esi
call sub_40574D
cmp [ebp+arg_1C], 0
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
push esi
jnz short loc_40C0A1
push [ebp+arg_4]
jmp short loc_40C0A4
; ---------------------------------------------------------------------------
loc_40C0A1: ; CODE XREF: sub_40BDB6+2E4�j
push [ebp+arg_1C]
loc_40C0A4: ; CODE XREF: sub_40BDB6+2E9�j
call sub_4045EC
mov esi, [ebp+arg_10]
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B64B
add esp, 10h
push dword ptr [esi+1Ch]
call sub_40B863
loc_40C0C5: ; CODE XREF: sub_40BDB6+181�j
; sub_40BDB6+18B�j ...
mov ebx, [ebp+arg_10]
loc_40C0C8: ; CODE XREF: sub_40BDB6+41�j
cmp dword ptr [ebx+0Ch], 0
jbe short loc_40C0F4
cmp [ebp+arg_14], 0
jnz loc_40BEF4
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_8]
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_40BCC4
add esp, 20h
loc_40C0F4: ; CODE XREF: sub_40BDB6+28A�j
; sub_40BDB6+29C�j ...
call sub_40574D
cmp dword ptr [eax+94h], 0
jz short loc_40C107
call sub_40C254
loc_40C107: ; CODE XREF: sub_40BDB6+85�j
; sub_40BDB6+34A�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BDB6 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_403032
mov dword ptr [esi], offset off_41DC34
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C124 proc near ; CODE XREF: sub_40463E+21�p
; .text:0040469A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_40574D
cmp dword ptr [eax+20Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_0]
mov edi, 0E06D7363h
mov esi, 1FFFFFFFh
mov ebx, 19930522h
jnz short loc_40C16D
mov edx, [ecx]
cmp edx, edi
jz short loc_40C16D
cmp edx, 80000026h
jz short loc_40C16D
mov edx, [eax]
and edx, esi
cmp edx, ebx
jb short loc_40C16D
test byte ptr [eax+20h], 1
jnz loc_40C200
loc_40C16D: ; CODE XREF: sub_40C124+27�j
; sub_40C124+2D�j ...
test byte ptr [ecx+4], 66h
jz short loc_40C196
cmp dword ptr [eax+4], 0
jz loc_40C200
cmp [ebp+arg_14], 0
jnz short loc_40C200
push 0FFFFFFFFh
push eax
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B64B
add esp, 10h
jmp short loc_40C200
; ---------------------------------------------------------------------------
loc_40C196: ; CODE XREF: sub_40C124+4D�j
cmp dword ptr [eax+0Ch], 0
jnz short loc_40C1AE
mov edx, [eax]
and edx, esi
cmp edx, 19930521h
jb short loc_40C200
cmp dword ptr [eax+1Ch], 0
jz short loc_40C200
loc_40C1AE: ; CODE XREF: sub_40C124+76�j
cmp [ecx], edi
jnz short loc_40C1E4
cmp dword ptr [ecx+10h], 3
jb short loc_40C1E4
cmp [ecx+14h], ebx
jbe short loc_40C1E4
mov edx, [ecx+1Ch]
mov edx, [edx+8]
test edx, edx
jz short loc_40C1E4
movzx esi, byte ptr [ebp+arg_1C]
push esi
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call edx
add esp, 20h
jmp short loc_40C203
; ---------------------------------------------------------------------------
loc_40C1E4: ; CODE XREF: sub_40C124+8C�j
; sub_40C124+92�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call sub_40BDB6
add esp, 20h
loc_40C200: ; CODE XREF: sub_40C124+43�j
; sub_40C124+53�j ...
xor eax, eax
inc eax
loc_40C203: ; CODE XREF: sub_40C124+BE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40C124 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C208 proc near ; CODE XREF: sub_40B4CD:loc_40B501�p
; sub_40B607+22�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040C22F SIZE 00000012 BYTES
push 8
push offset dword_421A30
call __SEH_prolog4
call sub_40574D
mov eax, [eax+78h]
test eax, eax
jz short loc_40C236
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40C22F
sub_40C208 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_40C208
loc_40C22F: ; CODE XREF: sub_40C208+1E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40C236: ; CODE XREF: sub_40C208+16�j
call sub_41056E
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40C208
; =============== S U B R O U T I N E =======================================
sub_40C241 proc near ; CODE XREF: sub_40B863+23�p
call sub_40574D
mov eax, [eax+7Ch]
test eax, eax
jz short loc_40C24F
call eax
loc_40C24F: ; CODE XREF: sub_40C241+A�j
jmp sub_40C208
sub_40C241 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C254 proc near ; CODE XREF: sub_404816+1C�p
; sub_404816:loc_404877�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset dword_421A50
call __SEH_prolog4
push dword_427E4C
call sub_405543
pop ecx
test eax, eax
jz short loc_40C286
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40C27F
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40C27F: ; CODE XREF: sub_40C254+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40C286: ; CODE XREF: sub_40C254+1A�j
jmp sub_40C208
sub_40C254 endp
; =============== S U B R O U T I N E =======================================
sub_40C28B proc near ; CODE XREF: sub_407EC9+33�p
push offset sub_40C208
call sub_4054D7
pop ecx
mov dword_427E4C, eax
retn
sub_40C28B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2A0 proc near ; CODE XREF: sub_40491E+4A�p
; sub_40B64B+77�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_40F004
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_40C2DF
mov ecx, 2
loc_40C2DF: ; CODE XREF: sub_40C2A0+38�j
push ecx
call sub_40F004
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_40C2A0 endp
; =============== S U B R O U T I N E =======================================
sub_40C2EC proc near ; CODE XREF: sub_40C307+220�p
; sub_40C307+229�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jz short locret_40C306
sub eax, 8
cmp dword ptr [eax], 0DDDDh
jnz short locret_40C306
push eax
call sub_4039C3
pop ecx
locret_40C306: ; CODE XREF: sub_40C2EC+6�j
; sub_40C2EC+11�j
retn
sub_40C2EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C307 proc near ; CODE XREF: sub_40C6A9+2C�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
cmp dword_427E50, ebx
push edi
mov esi, ecx
jnz short loc_40C35E
push ebx
push ebx
xor edi, edi
inc edi
push edi
push offset dword_41DC4C
push 100h
push ebx
call ds:off_41D128
test eax, eax
jz short loc_40C349
mov dword_427E50, edi
jmp short loc_40C35E
; ---------------------------------------------------------------------------
loc_40C349: ; CODE XREF: sub_40C307+38�j
call ds:off_41D0EC
cmp eax, 78h
jnz short loc_40C35E
mov dword_427E50, 2
loc_40C35E: ; CODE XREF: sub_40C307+1D�j
; sub_40C307+40�j ...
cmp [ebp+arg_C], ebx
jle short loc_40C385
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_40C369: ; CODE XREF: sub_40C307+6A�j
dec ecx
cmp [eax], bl
jz short loc_40C376
inc eax
cmp ecx, ebx
jnz short loc_40C369
or ecx, 0FFFFFFFFh
loc_40C376: ; CODE XREF: sub_40C307+65�j
mov eax, [ebp+arg_C]
sub eax, ecx
dec eax
cmp eax, [ebp+arg_C]
jge short loc_40C382
inc eax
loc_40C382: ; CODE XREF: sub_40C307+78�j
mov [ebp+arg_C], eax
loc_40C385: ; CODE XREF: sub_40C307+5A�j
mov eax, dword_427E50
cmp eax, 2
jz loc_40C53E
cmp eax, ebx
jz loc_40C53E
cmp eax, 1
jnz loc_40C56F
cmp [ebp+arg_18], ebx
mov [ebp+var_8], ebx
jnz short loc_40C3B4
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C3B4: ; CODE XREF: sub_40C307+A3�j
mov esi, ds:off_41D0A0
xor eax, eax
cmp [ebp+arg_1C], ebx
push ebx
push ebx
push [ebp+arg_C]
setnz al
push [ebp+arg_8]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call esi ; word_44BECA
mov edi, eax
cmp edi, ebx
jz loc_40C56F
jle short loc_40C426
push 0FFFFFFE0h
xor edx, edx
pop eax
div edi
cmp eax, 2
jb short loc_40C426
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C40D
call sub_410860
mov eax, esp
cmp eax, ebx
jz short loc_40C421
mov dword ptr [eax], 0CCCCh
jmp short loc_40C41E
; ---------------------------------------------------------------------------
loc_40C40D: ; CODE XREF: sub_40C307+F1�j
push eax
call sub_403AA0
cmp eax, ebx
pop ecx
jz short loc_40C421
mov dword ptr [eax], 0DDDDh
loc_40C41E: ; CODE XREF: sub_40C307+104�j
add eax, 8
loc_40C421: ; CODE XREF: sub_40C307+FC�j
; sub_40C307+10F�j
mov [ebp+var_C], eax
jmp short loc_40C429
; ---------------------------------------------------------------------------
loc_40C426: ; CODE XREF: sub_40C307+DA�j
; sub_40C307+E6�j
mov [ebp+var_C], ebx
loc_40C429: ; CODE XREF: sub_40C307+11D�j
cmp [ebp+var_C], ebx
jz loc_40C56F
push edi
push [ebp+var_C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call esi ; word_44BECA
test eax, eax
jz loc_40C52D
mov esi, ds:off_41D128
push ebx
push ebx
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; byte_45355F
mov ecx, eax
cmp ecx, ebx
mov [ebp+var_8], ecx
jz loc_40C52D
test word ptr [ebp+arg_4], 400h
jz short loc_40C49D
cmp [ebp+arg_14], ebx
jz loc_40C52D
cmp ecx, [ebp+arg_14]
jg loc_40C52D
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; byte_45355F
jmp loc_40C52D
; ---------------------------------------------------------------------------
loc_40C49D: ; CODE XREF: sub_40C307+16B�j
cmp ecx, ebx
jle short loc_40C4E6
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, 2
jb short loc_40C4E6
lea eax, [ecx+ecx+8]
cmp eax, 400h
ja short loc_40C4CE
call sub_410860
mov esi, esp
cmp esi, ebx
jz short loc_40C52D
mov dword ptr [esi], 0CCCCh
add esi, 8
jmp short loc_40C4E8
; ---------------------------------------------------------------------------
loc_40C4CE: ; CODE XREF: sub_40C307+1AF�j
push eax
call sub_403AA0
cmp eax, ebx
pop ecx
jz short loc_40C4E2
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C4E2: ; CODE XREF: sub_40C307+1D0�j
mov esi, eax
jmp short loc_40C4E8
; ---------------------------------------------------------------------------
loc_40C4E6: ; CODE XREF: sub_40C307+198�j
; sub_40C307+1A4�j
xor esi, esi
loc_40C4E8: ; CODE XREF: sub_40C307+1C5�j
; sub_40C307+1DD�j
cmp esi, ebx
jz short loc_40C52D
push [ebp+var_8]
push esi
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:off_41D128
test eax, eax
jz short loc_40C526
cmp [ebp+arg_14], ebx
push ebx
push ebx
jnz short loc_40C50F
push ebx
push ebx
jmp short loc_40C515
; ---------------------------------------------------------------------------
loc_40C50F: ; CODE XREF: sub_40C307+202�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_40C515: ; CODE XREF: sub_40C307+206�j
push [ebp+var_8]
push esi
push ebx
push [ebp+arg_18]
call ds:off_41D134
mov [ebp+var_8], eax
loc_40C526: ; CODE XREF: sub_40C307+1FB�j
push esi
call sub_40C2EC
pop ecx
loc_40C52D: ; CODE XREF: sub_40C307+13E�j
; sub_40C307+15F�j ...
push [ebp+var_C]
call sub_40C2EC
mov eax, [ebp+var_8]
pop ecx
jmp loc_40C697
; ---------------------------------------------------------------------------
loc_40C53E: ; CODE XREF: sub_40C307+86�j
; sub_40C307+8E�j
cmp [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_40C551
mov eax, [esi]
mov eax, [eax+14h]
mov [ebp+arg_0], eax
loc_40C551: ; CODE XREF: sub_40C307+240�j
cmp [ebp+arg_18], ebx
jnz short loc_40C55E
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C55E: ; CODE XREF: sub_40C307+24D�j
push [ebp+arg_0]
call sub_410661
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jnz short loc_40C576
loc_40C56F: ; CODE XREF: sub_40C307+97�j
; sub_40C307+D4�j ...
xor eax, eax
jmp loc_40C697
; ---------------------------------------------------------------------------
loc_40C576: ; CODE XREF: sub_40C307+266�j
cmp eax, [ebp+arg_18]
jz loc_40C65A
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_4106A8
add esp, 18h
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40C56F
mov esi, ds:off_41D12C
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; byte_446455
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C5BD
loc_40C5B6: ; CODE XREF: sub_40C307+2D0�j
; sub_40C307+2F9�j
xor esi, esi
jmp loc_40C674
; ---------------------------------------------------------------------------
loc_40C5BD: ; CODE XREF: sub_40C307+2AD�j
jle short loc_40C5FC
cmp eax, 0FFFFFFE0h
ja short loc_40C5FC
add eax, 8
cmp eax, 400h
ja short loc_40C5E4
call sub_410860
mov edi, esp
cmp edi, ebx
jz short loc_40C5B6
mov dword ptr [edi], 0CCCCh
add edi, 8
jmp short loc_40C5FE
; ---------------------------------------------------------------------------
loc_40C5E4: ; CODE XREF: sub_40C307+2C5�j
push eax
call sub_403AA0
cmp eax, ebx
pop ecx
jz short loc_40C5F8
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C5F8: ; CODE XREF: sub_40C307+2E6�j
mov edi, eax
jmp short loc_40C5FE
; ---------------------------------------------------------------------------
loc_40C5FC: ; CODE XREF: sub_40C307:loc_40C5BD�j
; sub_40C307+2BB�j
xor edi, edi
loc_40C5FE: ; CODE XREF: sub_40C307+2DB�j
; sub_40C307+2F3�j
cmp edi, ebx
jz short loc_40C5B6
push [ebp+var_8]
push ebx
push edi
call sub_407F20
add esp, 0Ch
push [ebp+var_8]
push edi
push [ebp+arg_C]
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; byte_446455
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C62C
xor esi, esi
jmp short loc_40C651
; ---------------------------------------------------------------------------
loc_40C62C: ; CODE XREF: sub_40C307+31F�j
push [ebp+arg_14]
lea eax, [ebp+var_8]
push [ebp+arg_10]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_14]
call sub_4106A8
mov esi, eax
mov [ebp+var_10], esi
add esp, 18h
neg esi
sbb esi, esi
and esi, [ebp+var_8]
loc_40C651: ; CODE XREF: sub_40C307+323�j
push edi
call sub_40C2EC
pop ecx
jmp short loc_40C674
; ---------------------------------------------------------------------------
loc_40C65A: ; CODE XREF: sub_40C307+272�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:off_41D12C
mov esi, eax
loc_40C674: ; CODE XREF: sub_40C307+2B1�j
; sub_40C307+351�j
cmp [ebp+var_C], ebx
jz short loc_40C682
push [ebp+var_C]
call sub_4039C3
pop ecx
loc_40C682: ; CODE XREF: sub_40C307+370�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_40C695
cmp [ebp+arg_10], eax
jz short loc_40C695
push eax
call sub_4039C3
pop ecx
loc_40C695: ; CODE XREF: sub_40C307+380�j
; sub_40C307+385�j
mov eax, esi
loc_40C697: ; CODE XREF: sub_40C307+232�j
; sub_40C307+26A�j
lea esp, [ebp-20h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402AD0
leave
retn
sub_40C307 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C6A9 proc near ; CODE XREF: sub_404BC6+B6�p
; sub_404BC6+DB�p ...
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_402ADF
push [ebp+arg_20]
lea ecx, [ebp+var_10]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40C307
add esp, 20h
cmp [ebp+var_4], 0
jz short locret_40C6EA
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C6EA: ; CODE XREF: sub_40C6A9+38�j
leave
retn
sub_40C6A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C6EC proc near ; CODE XREF: sub_40C8A4+29�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, dword_427E54
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov edi, ecx
jnz short loc_40C745
lea eax, [ebp+var_8]
push eax
xor esi, esi
inc esi
push esi
push offset dword_41DC4C
push esi
call ds:off_41D120
test eax, eax
jz short loc_40C72B
mov dword_427E54, esi
jmp short loc_40C75F
; ---------------------------------------------------------------------------
loc_40C72B: ; CODE XREF: sub_40C6EC+35�j
call ds:off_41D0EC
cmp eax, 78h
jnz short loc_40C740
push 2
pop eax
mov dword_427E54, eax
jmp short loc_40C745
; ---------------------------------------------------------------------------
loc_40C740: ; CODE XREF: sub_40C6EC+48�j
mov eax, dword_427E54
loc_40C745: ; CODE XREF: sub_40C6EC+1D�j
; sub_40C6EC+52�j
cmp eax, 2
jz loc_40C81D
cmp eax, ebx
jz loc_40C81D
cmp eax, 1
jnz loc_40C847
loc_40C75F: ; CODE XREF: sub_40C6EC+3D�j
cmp [ebp+arg_10], ebx
mov [ebp+var_8], ebx
jnz short loc_40C76F
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C76F: ; CODE XREF: sub_40C6EC+79�j
mov esi, ds:off_41D0A0
xor eax, eax
cmp [ebp+arg_18], ebx
push ebx
push ebx
push [ebp+arg_8]
setnz al
push [ebp+arg_4]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call esi ; word_44BECA
mov edi, eax
cmp edi, ebx
jz loc_40C847
jle short loc_40C7DA
cmp edi, 7FFFFFF0h
ja short loc_40C7DA
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C7C4
call sub_410860
mov eax, esp
cmp eax, ebx
jz short loc_40C7D8
mov dword ptr [eax], 0CCCCh
jmp short loc_40C7D5
; ---------------------------------------------------------------------------
loc_40C7C4: ; CODE XREF: sub_40C6EC+C3�j
push eax
call sub_403AA0
cmp eax, ebx
pop ecx
jz short loc_40C7D8
mov dword ptr [eax], 0DDDDh
loc_40C7D5: ; CODE XREF: sub_40C6EC+D6�j
add eax, 8
loc_40C7D8: ; CODE XREF: sub_40C6EC+CE�j
; sub_40C6EC+E1�j
mov ebx, eax
loc_40C7DA: ; CODE XREF: sub_40C6EC+B0�j
; sub_40C6EC+B8�j
test ebx, ebx
jz short loc_40C847
lea eax, [edi+edi]
push eax
push 0
push ebx
call sub_407F20
add esp, 0Ch
push edi
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call esi ; word_44BECA
test eax, eax
jz short loc_40C811
push [ebp+arg_C]
push eax
push ebx
push [ebp+arg_0]
call ds:off_41D120
mov [ebp+var_8], eax
loc_40C811: ; CODE XREF: sub_40C6EC+112�j
push ebx
call sub_40C2EC
mov eax, [ebp+var_8]
pop ecx
jmp short loc_40C892
; ---------------------------------------------------------------------------
loc_40C81D: ; CODE XREF: sub_40C6EC+5C�j
; sub_40C6EC+64�j
xor esi, esi
cmp [ebp+arg_14], ebx
jnz short loc_40C82C
mov eax, [edi]
mov eax, [eax+14h]
mov [ebp+arg_14], eax
loc_40C82C: ; CODE XREF: sub_40C6EC+136�j
cmp [ebp+arg_10], ebx
jnz short loc_40C839
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C839: ; CODE XREF: sub_40C6EC+143�j
push [ebp+arg_14]
call sub_410661
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C84B
loc_40C847: ; CODE XREF: sub_40C6EC+6D�j
; sub_40C6EC+AA�j ...
xor eax, eax
jmp short loc_40C892
; ---------------------------------------------------------------------------
loc_40C84B: ; CODE XREF: sub_40C6EC+159�j
cmp eax, [ebp+arg_10]
jz short loc_40C86E
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push [ebp+arg_10]
call sub_4106A8
mov esi, eax
add esp, 18h
cmp esi, ebx
jz short loc_40C847
mov [ebp+arg_4], esi
loc_40C86E: ; CODE XREF: sub_40C6EC+162�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+arg_14]
call ds:off_41D124
cmp esi, ebx
mov edi, eax
jz short loc_40C890
push esi
call sub_4039C3
pop ecx
loc_40C890: ; CODE XREF: sub_40C6EC+19B�j
mov eax, edi
loc_40C892: ; CODE XREF: sub_40C6EC+12F�j
; sub_40C6EC+15D�j
lea esp, [ebp-14h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402AD0
leave
retn
sub_40C6EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8A4 proc near ; CODE XREF: sub_404BC6+96�p
; sub_40CDF4+83�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_402ADF
push [ebp+arg_1C]
lea ecx, [ebp+var_10]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40C6EC
add esp, 1Ch
cmp [ebp+var_4], 0
jz short locret_40C8E2
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C8E2: ; CODE XREF: sub_40C8A4+35�j
leave
retn
sub_40C8A4 endp
; =============== S U B R O U T I N E =======================================
sub_40C8E4 proc near ; CODE XREF: sub_4051D1+E9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_40CA72
push dword ptr [esi+4]
call sub_4039C3
push dword ptr [esi+8]
call sub_4039C3
push dword ptr [esi+0Ch]
call sub_4039C3
push dword ptr [esi+10h]
call sub_4039C3
push dword ptr [esi+14h]
call sub_4039C3
push dword ptr [esi+18h]
call sub_4039C3
push dword ptr [esi]
call sub_4039C3
push dword ptr [esi+20h]
call sub_4039C3
push dword ptr [esi+24h]
call sub_4039C3
push dword ptr [esi+28h]
call sub_4039C3
push dword ptr [esi+2Ch]
call sub_4039C3
push dword ptr [esi+30h]
call sub_4039C3
push dword ptr [esi+34h]
call sub_4039C3
push dword ptr [esi+1Ch]
call sub_4039C3
push dword ptr [esi+38h]
call sub_4039C3
push dword ptr [esi+3Ch]
call sub_4039C3
add esp, 40h
push dword ptr [esi+40h]
call sub_4039C3
push dword ptr [esi+44h]
call sub_4039C3
push dword ptr [esi+48h]
call sub_4039C3
push dword ptr [esi+4Ch]
call sub_4039C3
push dword ptr [esi+50h]
call sub_4039C3
push dword ptr [esi+54h]
call sub_4039C3
push dword ptr [esi+58h]
call sub_4039C3
push dword ptr [esi+5Ch]
call sub_4039C3
push dword ptr [esi+60h]
call sub_4039C3
push dword ptr [esi+64h]
call sub_4039C3
push dword ptr [esi+68h]
call sub_4039C3
push dword ptr [esi+6Ch]
call sub_4039C3
push dword ptr [esi+70h]
call sub_4039C3
push dword ptr [esi+74h]
call sub_4039C3
push dword ptr [esi+78h]
call sub_4039C3
push dword ptr [esi+7Ch]
call sub_4039C3
add esp, 40h
push dword ptr [esi+80h]
call sub_4039C3
push dword ptr [esi+84h]
call sub_4039C3
push dword ptr [esi+88h]
call sub_4039C3
push dword ptr [esi+8Ch]
call sub_4039C3
push dword ptr [esi+90h]
call sub_4039C3
push dword ptr [esi+94h]
call sub_4039C3
push dword ptr [esi+98h]
call sub_4039C3
push dword ptr [esi+9Ch]
call sub_4039C3
push dword ptr [esi+0A0h]
call sub_4039C3
push dword ptr [esi+0A4h]
call sub_4039C3
push dword ptr [esi+0A8h]
call sub_4039C3
add esp, 2Ch
loc_40CA72: ; CODE XREF: sub_40C8E4+7�j
pop esi
retn
sub_40C8E4 endp
; =============== S U B R O U T I N E =======================================
sub_40CA74 proc near ; CODE XREF: sub_4051D1+64�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40CAB2
mov eax, [esi]
cmp eax, dword_423F38
jz short loc_40CA8E
push eax
call sub_4039C3
pop ecx
loc_40CA8E: ; CODE XREF: sub_40CA74+11�j
mov eax, [esi+4]
cmp eax, dword_423F3C
jz short loc_40CAA0
push eax
call sub_4039C3
pop ecx
loc_40CAA0: ; CODE XREF: sub_40CA74+23�j
mov esi, [esi+8]
cmp esi, dword_423F40
jz short loc_40CAB2
push esi
call sub_4039C3
pop ecx
loc_40CAB2: ; CODE XREF: sub_40CA74+7�j
; sub_40CA74+35�j
pop esi
retn
sub_40CA74 endp
; =============== S U B R O U T I N E =======================================
sub_40CAB4 proc near ; CODE XREF: sub_4051D1+43�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40CB3B
mov eax, [esi+0Ch]
cmp eax, dword_423F44
jz short loc_40CACF
push eax
call sub_4039C3
pop ecx
loc_40CACF: ; CODE XREF: sub_40CAB4+12�j
mov eax, [esi+10h]
cmp eax, dword_423F48
jz short loc_40CAE1
push eax
call sub_4039C3
pop ecx
loc_40CAE1: ; CODE XREF: sub_40CAB4+24�j
mov eax, [esi+14h]
cmp eax, dword_423F4C
jz short loc_40CAF3
push eax
call sub_4039C3
pop ecx
loc_40CAF3: ; CODE XREF: sub_40CAB4+36�j
mov eax, [esi+18h]
cmp eax, dword_423F50
jz short loc_40CB05
push eax
call sub_4039C3
pop ecx
loc_40CB05: ; CODE XREF: sub_40CAB4+48�j
mov eax, [esi+1Ch]
cmp eax, dword_423F54
jz short loc_40CB17
push eax
call sub_4039C3
pop ecx
loc_40CB17: ; CODE XREF: sub_40CAB4+5A�j
mov eax, [esi+20h]
cmp eax, dword_423F58
jz short loc_40CB29
push eax
call sub_4039C3
pop ecx
loc_40CB29: ; CODE XREF: sub_40CAB4+6C�j
mov esi, [esi+24h]
cmp esi, dword_423F5C
jz short loc_40CB3B
push esi
call sub_4039C3
pop ecx
loc_40CB3B: ; CODE XREF: sub_40CAB4+7�j
; sub_40CAB4+7E�j
pop esi
retn
sub_40CAB4 endp
; =============== S U B R O U T I N E =======================================
sub_40CB3D proc near ; CODE XREF: sub_409E64+117�p
; sub_409E64+139�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
push esi
push edi
jz short loc_40CB52
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_40CB6D
loc_40CB52: ; CODE XREF: sub_40CB3D+B�j
; sub_40CB3D+3A�j
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_40CB5C: ; CODE XREF: sub_40CB3D+69�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_40CBAA
; ---------------------------------------------------------------------------
loc_40CB6D: ; CODE XREF: sub_40CB3D+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_40CB79
loc_40CB75: ; CODE XREF: sub_40CB3D+48�j
mov [eax], bl
jmp short loc_40CB52
; ---------------------------------------------------------------------------
loc_40CB79: ; CODE XREF: sub_40CB3D+36�j
mov edx, eax
loc_40CB7B: ; CODE XREF: sub_40CB3D+44�j
cmp [edx], bl
jz short loc_40CB83
inc edx
dec edi
jnz short loc_40CB7B
loc_40CB83: ; CODE XREF: sub_40CB3D+40�j
cmp edi, ebx
jz short loc_40CB75
loc_40CB87: ; CODE XREF: sub_40CB3D+55�j
mov cl, [esi]
mov [edx], cl
inc edx
inc esi
cmp cl, bl
jz short loc_40CB94
dec edi
jnz short loc_40CB87
loc_40CB94: ; CODE XREF: sub_40CB3D+52�j
cmp edi, ebx
jnz short loc_40CBA8
mov [eax], bl
call sub_405B83
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40CB5C
; ---------------------------------------------------------------------------
loc_40CBA8: ; CODE XREF: sub_40CB3D+59�j
xor eax, eax
loc_40CBAA: ; CODE XREF: sub_40CB3D+2E�j
pop edi
pop esi
pop ebx
retn
sub_40CB3D endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40CBC4: ; CODE XREF: .text:0040CBD1�j
mov al, [edx]
or al, al
jz short loc_40CBD3
add edx, 1
bts [esp], eax
jmp short loc_40CBC4
; ---------------------------------------------------------------------------
loc_40CBD3: ; CODE XREF: .text:0040CBC8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_40CBDC: ; CODE XREF: .text:0040CBEC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_40CBEE
add esi, 1
bt [esp], eax
jnb short loc_40CBDC
loc_40CBEE: ; CODE XREF: .text:0040CBE3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CBF6 proc near ; CODE XREF: sub_409E64+F1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
jnz short loc_40CC16
cmp esi, ebx
jnz short loc_40CC1A
cmp [ebp+arg_4], ebx
jnz short loc_40CC21
loc_40CC0F: ; CODE XREF: sub_40CBF6+4D�j
; sub_40CBF6+8C�j
xor eax, eax
loc_40CC11: ; CODE XREF: sub_40CBF6+44�j
; sub_40CBF6+9E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40CC16: ; CODE XREF: sub_40CBF6+E�j
cmp esi, ebx
jz short loc_40CC21
loc_40CC1A: ; CODE XREF: sub_40CBF6+12�j
mov edi, [ebp+arg_4]
cmp edi, ebx
ja short loc_40CC3C
loc_40CC21: ; CODE XREF: sub_40CBF6+17�j
; sub_40CBF6+22�j ...
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_40CC2B: ; CODE XREF: sub_40CBF6+B1�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_40CC11
; ---------------------------------------------------------------------------
loc_40CC3C: ; CODE XREF: sub_40CBF6+29�j
cmp [ebp+arg_C], ebx
jnz short loc_40CC45
mov [esi], bl
jmp short loc_40CC0F
; ---------------------------------------------------------------------------
loc_40CC45: ; CODE XREF: sub_40CBF6+49�j
mov edx, [ebp+arg_8]
cmp edx, ebx
jnz short loc_40CC50
mov [esi], bl
jmp short loc_40CC21
; ---------------------------------------------------------------------------
loc_40CC50: ; CODE XREF: sub_40CBF6+54�j
cmp [ebp+arg_C], 0FFFFFFFFh
mov eax, esi
jnz short loc_40CC67
loc_40CC58: ; CODE XREF: sub_40CBF6+6D�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40CC80
dec edi
jnz short loc_40CC58
jmp short loc_40CC80
; ---------------------------------------------------------------------------
loc_40CC67: ; CODE XREF: sub_40CBF6+60�j
; sub_40CBF6+81�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40CC79
dec edi
jz short loc_40CC79
dec [ebp+arg_C]
jnz short loc_40CC67
loc_40CC79: ; CODE XREF: sub_40CBF6+79�j
; sub_40CBF6+7C�j
cmp [ebp+arg_C], ebx
jnz short loc_40CC80
mov [eax], bl
loc_40CC80: ; CODE XREF: sub_40CBF6+6A�j
; sub_40CBF6+6F�j ...
cmp edi, ebx
jnz short loc_40CC0F
cmp [ebp+arg_C], 0FFFFFFFFh
jnz short loc_40CC99
mov eax, [ebp+arg_4]
push 50h
mov [esi+eax-1], bl
pop eax
jmp loc_40CC11
; ---------------------------------------------------------------------------
loc_40CC99: ; CODE XREF: sub_40CBF6+92�j
mov [esi], bl
call sub_405B83
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40CC2B
sub_40CBF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCA9 proc near ; CODE XREF: sub_40ED77+32�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
jnz short loc_40CCC0
xor eax, eax
jmp loc_40CD5A
; ---------------------------------------------------------------------------
loc_40CCC0: ; CODE XREF: sub_40CCA9+E�j
cmp ebx, 4
push edi
jb short loc_40CD3B
lea edi, [ebx-4]
test edi, edi
jbe short loc_40CD3B
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
loc_40CCD3: ; CODE XREF: sub_40CCA9+66�j
mov dl, [eax]
add eax, 4
add ecx, 4
test dl, dl
jz short loc_40CD31
cmp dl, [ecx-4]
jnz short loc_40CD31
mov dl, [eax-3]
test dl, dl
jz short loc_40CD27
cmp dl, [ecx-3]
jnz short loc_40CD27
mov dl, [eax-2]
test dl, dl
jz short loc_40CD1D
cmp dl, [ecx-2]
jnz short loc_40CD1D
mov dl, [eax-1]
test dl, dl
jz short loc_40CD13
cmp dl, [ecx-1]
jnz short loc_40CD13
add [ebp+var_4], 4
cmp [ebp+var_4], edi
jb short loc_40CCD3
jmp short loc_40CD52
; ---------------------------------------------------------------------------
loc_40CD13: ; CODE XREF: sub_40CCA9+58�j
; sub_40CCA9+5D�j
movzx eax, byte ptr [eax-1]
movzx ecx, byte ptr [ecx-1]
jmp short loc_40CD63
; ---------------------------------------------------------------------------
loc_40CD1D: ; CODE XREF: sub_40CCA9+4C�j
; sub_40CCA9+51�j
movzx eax, byte ptr [eax-2]
movzx ecx, byte ptr [ecx-2]
jmp short loc_40CD63
; ---------------------------------------------------------------------------
loc_40CD27: ; CODE XREF: sub_40CCA9+40�j
; sub_40CCA9+45�j
movzx eax, byte ptr [eax-3]
movzx ecx, byte ptr [ecx-3]
jmp short loc_40CD63
; ---------------------------------------------------------------------------
loc_40CD31: ; CODE XREF: sub_40CCA9+34�j
; sub_40CCA9+39�j
movzx eax, byte ptr [eax-4]
movzx ecx, byte ptr [ecx-4]
jmp short loc_40CD63
; ---------------------------------------------------------------------------
loc_40CD3B: ; CODE XREF: sub_40CCA9+1B�j
; sub_40CCA9+22�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
jmp short loc_40CD52
; ---------------------------------------------------------------------------
loc_40CD43: ; CODE XREF: sub_40CCA9+AC�j
mov dl, [eax]
test dl, dl
jz short loc_40CD5D
cmp dl, [ecx]
jnz short loc_40CD5D
inc eax
inc ecx
inc [ebp+var_4]
loc_40CD52: ; CODE XREF: sub_40CCA9+68�j
; sub_40CCA9+98�j
cmp [ebp+var_4], ebx
jb short loc_40CD43
xor eax, eax
loc_40CD59: ; CODE XREF: sub_40CCA9+BC�j
pop edi
loc_40CD5A: ; CODE XREF: sub_40CCA9+12�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40CD5D: ; CODE XREF: sub_40CCA9+9E�j
; sub_40CCA9+A2�j
movzx eax, byte ptr [eax]
movzx ecx, byte ptr [ecx]
loc_40CD63: ; CODE XREF: sub_40CCA9+72�j
; sub_40CCA9+7C�j ...
sub eax, ecx
jmp short loc_40CD59
sub_40CCA9 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40CD84: ; CODE XREF: .text:0040CD91�j
mov al, [edx]
or al, al
jz short loc_40CD93
add edx, 1
bts [esp], eax
jmp short loc_40CD84
; ---------------------------------------------------------------------------
loc_40CD93: ; CODE XREF: .text:0040CD88�j
mov esi, [ebp+8]
mov edi, edi
loc_40CD98: ; CODE XREF: .text:0040CDA5�j
mov al, [esi]
or al, al
jz short loc_40CDAA
add esi, 1
bt [esp], eax
jnb short loc_40CD98
lea eax, [esi-1]
loc_40CDAA: ; CODE XREF: .text:0040CD9C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CDB0 proc near ; CODE XREF: sub_405A0A+93�p
; sub_406D87+34D�p ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_402ADF
movzx eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, 8000h
cmp [ebp+var_4], 0
jz short locret_40CDE4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40CDE4: ; CODE XREF: sub_40CDB0+2B�j
leave
retn
sub_40CDB0 endp
; =============== S U B R O U T I N E =======================================
sub_40CDE6 proc near ; CODE XREF: sub_409217+6CB�p
; sub_409217+B85�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40CDB0
pop ecx
pop ecx
retn
sub_40CDE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CDF4 proc near ; CODE XREF: sub_405A0A+32�p
; sub_40A7DB+81�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_18]
call sub_402ADF
mov ebx, [ebp+arg_0]
lea eax, [ebx+1]
cmp eax, 100h
ja short loc_40CE22
mov eax, [ebp+var_18]
mov eax, [eax+0C8h]
movzx eax, word ptr [eax+ebx*2]
jmp short loc_40CE97
; ---------------------------------------------------------------------------
loc_40CE22: ; CODE XREF: sub_40CDF4+1D�j
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CDB0
test eax, eax
pop ecx
pop ecx
jz short loc_40CE53
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_8], al
mov [ebp+var_7], bl
mov [ebp+var_6], 0
pop ecx
jmp short loc_40CE5D
; ---------------------------------------------------------------------------
loc_40CE53: ; CODE XREF: sub_40CDF4+4B�j
xor ecx, ecx
mov [ebp+var_8], bl
mov [ebp+var_7], 0
inc ecx
loc_40CE5D: ; CODE XREF: sub_40CDF4+5D�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push 1
push eax
call sub_40C8A4
add esp, 20h
test eax, eax
jnz short loc_40CE93
cmp [ebp+var_C], al
jz short loc_40CE8F
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40CE8F: ; CODE XREF: sub_40CDF4+92�j
xor eax, eax
jmp short loc_40CEA7
; ---------------------------------------------------------------------------
loc_40CE93: ; CODE XREF: sub_40CDF4+8D�j
movzx eax, [ebp+var_4]
loc_40CE97: ; CODE XREF: sub_40CDF4+2C�j
and eax, [ebp+arg_4]
cmp [ebp+var_C], 0
jz short loc_40CEA7
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40CEA7: ; CODE XREF: sub_40CDF4+9D�j
; sub_40CDF4+AA�j
pop ebx
leave
retn
sub_40CDF4 endp
; =============== S U B R O U T I N E =======================================
sub_40CEAA proc near ; CODE XREF: sub_407EC9+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_427E5C, eax
retn
sub_40CEAA endp
; ---------------------------------------------------------------------------
loc_40CEB4: ; DATA XREF: sub_40CEC4:loc_40CF29�o
push dword ptr [esp+4]
call ds:off_41D11C
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CEC4 proc near ; CODE XREF: sub_405C31+26�p
; sub_405CE4+78�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset dword_421A70
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
push dword_427E5C
call sub_405543
pop ecx
mov esi, eax
cmp esi, edi
jnz short loc_40CF3A
lea eax, [ebp+var_1C]
push eax
call sub_407CB6
pop ecx
cmp eax, edi
jz short loc_40CF02
push edi
push edi
push edi
push edi
push edi
call sub_4031FD
add esp, 14h
loc_40CF02: ; CODE XREF: sub_40CEC4+2F�j
cmp [ebp+var_1C], 1
jz short loc_40CF29
push offset dword_41E5AC
call ds:off_41D0E0
cmp eax, edi
jz short loc_40CF29
push offset dword_41E584
push eax
call ds:off_41D0E8
mov esi, eax
cmp esi, edi
jnz short loc_40CF2E
loc_40CF29: ; CODE XREF: sub_40CEC4+42�j
; sub_40CEC4+51�j
mov esi, offset loc_40CEB4
loc_40CF2E: ; CODE XREF: sub_40CEC4+63�j
push esi
call sub_4054D7
pop ecx
mov dword_427E5C, eax
loc_40CF3A: ; CODE XREF: sub_40CEC4+21�j
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_4]
push [ebp+arg_0]
call esi
mov [ebp+var_20], eax
jmp short loc_40CF79
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor ecx, ecx
cmp eax, 0C0000017h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_24], 0C0000017h
jnz short loc_40CF75
push 8
call ds:off_41D170
loc_40CF75: ; CODE XREF: sub_40CEC4+A7�j
and [ebp+var_20], 0
loc_40CF79: ; CODE XREF: sub_40CEC4+84�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
sub_40CEC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CF90 proc near ; CODE XREF: sub_40D002+16�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 5A4Dh
jz short loc_40CF9E
loc_40CF9B: ; CODE XREF: sub_40CF90+19�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40CF9E: ; CODE XREF: sub_40CF90+9�j
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz short loc_40CF9B
xor ecx, ecx
cmp word ptr [eax+18h], 10Bh
setz cl
mov eax, ecx
retn
sub_40CF90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CFC0 proc near ; CODE XREF: sub_40D002+27�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
push ebx
push esi
movzx esi, word ptr [ecx+6]
xor edx, edx
test esi, esi
push edi
lea eax, [eax+ecx+18h]
jbe short loc_40CFFC
mov edi, [esp+0Ch+arg_4]
loc_40CFE2: ; CODE XREF: sub_40CFC0+3A�j
mov ecx, [eax+0Ch]
cmp edi, ecx
jb short loc_40CFF2
mov ebx, [eax+8]
add ebx, ecx
cmp edi, ebx
jb short loc_40CFFE
loc_40CFF2: ; CODE XREF: sub_40CFC0+27�j
add edx, 1
add eax, 28h
cmp edx, esi
jb short loc_40CFE2
loc_40CFFC: ; CODE XREF: sub_40CFC0+1C�j
xor eax, eax
loc_40CFFE: ; CODE XREF: sub_40CFC0+30�j
pop edi
pop esi
pop ebx
retn
sub_40CFC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D002 proc near ; CODE XREF: sub_4069F0+FF�p
; sub_407D29+E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421A90
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
mov edx, 400000h
push edx
call sub_40CF90
pop ecx
test eax, eax
jz short loc_40D05F
mov eax, [ebp+arg_0]
sub eax, edx
push eax
push edx
call sub_40CFC0
pop ecx
pop ecx
test eax, eax
jz short loc_40D05F
mov eax, [eax+24h]
shr eax, 1Fh
not eax
and eax, 1
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_40D068
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
xor ecx, ecx
cmp eax, 0C0000005h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40D05F: ; CODE XREF: sub_40D002+1E�j
; sub_40D002+30�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
xor eax, eax
loc_40D068: ; CODE XREF: sub_40D002+44�j
call __SEH_epilog4
retn
sub_40D002 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D06E proc near ; CODE XREF: sub_40A15D+2EE�p
; sub_40A15D+3C8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_40F12D
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_40D0A3
call sub_405B83
mov dword ptr [eax], 9
loc_40D09D: ; CODE XREF: sub_40D06E+5E�j
mov eax, edi
mov edx, edi
jmp short loc_40D0ED
; ---------------------------------------------------------------------------
loc_40D0A3: ; CODE XREF: sub_40D06E+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:off_41D074
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40D0CE
call ds:off_41D0EC
test eax, eax
jz short loc_40D0CE
push eax
call sub_405BA9
pop ecx
jmp short loc_40D09D
; ---------------------------------------------------------------------------
loc_40D0CE: ; CODE XREF: sub_40D06E+4B�j
; sub_40D06E+55�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_435700[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_40D0ED: ; CODE XREF: sub_40D06E+33�j
pop edi
pop esi
leave
retn
sub_40D06E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D0F1 proc near ; CODE XREF: sub_406B86+116�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset dword_421AB0
call __SEH_prolog4
or esi, 0FFFFFFFFh
mov [ebp+var_24], esi
mov [ebp+var_20], esi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D12A
call sub_405B96
and dword ptr [eax], 0
call sub_405B83
mov dword ptr [eax], 9
loc_40D121: ; CODE XREF: sub_40D0F1+66�j
mov eax, esi
mov edx, esi
jmp loc_40D1FA
; ---------------------------------------------------------------------------
loc_40D12A: ; CODE XREF: sub_40D0F1+1B�j
xor edi, edi
cmp eax, edi
jl short loc_40D138
cmp eax, dword_4356E8
jb short loc_40D159
loc_40D138: ; CODE XREF: sub_40D0F1+3D�j
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
jmp short loc_40D121
; ---------------------------------------------------------------------------
loc_40D159: ; CODE XREF: sub_40D0F1+45�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:435700h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jnz short loc_40D19F
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
or edx, 0FFFFFFFFh
mov eax, edx
jmp short loc_40D1FA
; ---------------------------------------------------------------------------
loc_40D19F: ; CODE XREF: sub_40D0F1+86�j
push eax
call sub_40F19E
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40D1CE
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D06E
add esp, 10h
mov [ebp+var_24], eax
mov [ebp+var_20], edx
jmp short loc_40D1E8
; ---------------------------------------------------------------------------
loc_40D1CE: ; CODE XREF: sub_40D0F1+BF�j
call sub_405B83
mov dword ptr [eax], 9
call sub_405B96
mov [eax], edi
or [ebp+var_24], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
loc_40D1E8: ; CODE XREF: sub_40D0F1+DB�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40D200
mov eax, [ebp+var_24]
mov edx, [ebp+var_20]
loc_40D1FA: ; CODE XREF: sub_40D0F1+34�j
; sub_40D0F1+AC�j
call __SEH_epilog4
retn
sub_40D0F1 endp
; =============== S U B R O U T I N E =======================================
sub_40D200 proc near ; CODE XREF: sub_40D0F1+FE�p
push dword ptr [ebp+8]
call sub_40F23E
pop ecx
retn
sub_40D200 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=518h
sub_40D20A proc near ; CODE XREF: sub_40D7D0+9A�p
; sub_410957+BB�p
var_594 = dword ptr -594h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_56D = byte ptr -56Dh
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = byte ptr -564h
var_410 = byte ptr -410h
var_160 = byte ptr -160h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-518h]
sub esp, 594h
mov eax, dword_423064
xor eax, ebp
mov [ebp+518h+var_4], eax
mov eax, [ebp+518h+arg_4]
push esi
xor esi, esi
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_57C], eax
mov [ebp+518h+var_578], esi
mov [ebp+518h+var_580], esi
jnz short loc_40D246
xor eax, eax
jmp loc_40D7BA
; ---------------------------------------------------------------------------
loc_40D246: ; CODE XREF: sub_40D20A+33�j
cmp eax, esi
jnz short loc_40D271
call sub_405B96
mov [eax], esi
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40D7BA
; ---------------------------------------------------------------------------
loc_40D271: ; CODE XREF: sub_40D20A+3E�j
mov esi, [ebp+518h+arg_0]
push ebx
mov ebx, esi
and ebx, 1Fh
imul ebx, 28h
mov eax, esi
sar eax, 5
push edi
lea edi, ds:435700h[eax*4]
mov eax, [edi]
add eax, ebx
mov cl, [eax+24h]
add cl, cl
sar cl, 1
cmp cl, 2
mov [ebp+518h+var_588], edi
mov [ebp+518h+var_56D], cl
jz short loc_40D2A8
cmp cl, 1
jnz short loc_40D2DB
loc_40D2A8: ; CODE XREF: sub_40D20A+97�j
mov ecx, [ebp+518h+arg_8]
not ecx
test cl, 1
jnz short loc_40D2DB
call sub_405B96
xor esi, esi
mov [eax], esi
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
jmp loc_40D7B0
; ---------------------------------------------------------------------------
loc_40D2DB: ; CODE XREF: sub_40D20A+9C�j
; sub_40D20A+A9�j
test byte ptr [eax+4], 20h
jz short loc_40D2F0
push 2
push 0
push 0
push esi
call sub_40D06E
add esp, 10h
loc_40D2F0: ; CODE XREF: sub_40D20A+D5�j
push esi
call sub_40D8F0
test eax, eax
pop ecx
jz loc_40D4F5
mov eax, [edi]
test byte ptr [ebx+eax+4], 80h
jz loc_40D4F5
call sub_40574D
mov eax, [eax+6Ch]
xor ecx, ecx
cmp [eax+14h], ecx
lea eax, [ebp+518h+var_594]
setz cl
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
mov esi, ecx
call ds:off_41D114
test eax, eax
jz loc_40D4F5
test esi, esi
jz short loc_40D343
cmp [ebp+518h+var_56D], 0
jz loc_40D4F5
loc_40D343: ; CODE XREF: sub_40D20A+12D�j
call ds:off_41D118
and [ebp+518h+var_568], 0
cmp [ebp+518h+arg_8], 0
mov esi, [ebp+518h+var_57C]
mov [ebp+518h+var_594], eax
mov [ebp+518h+var_58C], esi
jbe loc_40D762
and [ebp+518h+var_574], 0
jmp short loc_40D36C
; ---------------------------------------------------------------------------
loc_40D369: ; CODE XREF: sub_40D20A+2E0�j
mov esi, [ebp+518h+var_58C]
loc_40D36C: ; CODE XREF: sub_40D20A+15D�j
mov al, [ebp+518h+var_56D]
test al, al
jnz loc_40D47D
mov al, [esi]
xor ecx, ecx
cmp al, 0Ah
setz cl
movsx eax, al
push eax
mov [ebp+518h+var_590], ecx
call sub_40CDE6
test eax, eax
pop ecx
jnz short loc_40D3AB
push 1
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F880
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D758
jmp short loc_40D3DB
; ---------------------------------------------------------------------------
loc_40D3AB: ; CODE XREF: sub_40D20A+185�j
mov eax, [ebp+518h+var_57C]
sub eax, esi
add eax, [ebp+518h+arg_8]
cmp eax, 1
jbe loc_40D758
push 2
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F880
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D758
inc esi
inc [ebp+518h+var_574]
loc_40D3DB: ; CODE XREF: sub_40D20A+19F�j
xor eax, eax
push eax
push eax
push 5
lea ecx, [ebp+518h+var_C]
push ecx
push 1
lea ecx, [ebp+518h+var_56C]
push ecx
push eax
push [ebp+518h+var_594]
inc esi
inc [ebp+518h+var_574]
mov [ebp+518h+var_58C], esi
call ds:off_41D134
mov esi, eax
test esi, esi
jz loc_40D758
push 0
lea eax, [ebp+518h+var_568]
push eax
push esi
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:off_41D088
test eax, eax
jz loc_40D74F
mov eax, [ebp+518h+var_568]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D758
cmp [ebp+518h+var_590], 0
jz loc_40D4E1
push 0
lea eax, [ebp+518h+var_568]
push eax
push 1
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
mov [ebp+518h+var_C], 0Dh
push dword ptr [ebx+eax]
call ds:off_41D088
test eax, eax
jz loc_40D74F
cmp [ebp+518h+var_568], 1
jl loc_40D758
inc [ebp+518h+var_580]
inc [ebp+518h+var_578]
jmp short loc_40D4E1
; ---------------------------------------------------------------------------
loc_40D47D: ; CODE XREF: sub_40D20A+167�j
cmp al, 1
jz short loc_40D485
cmp al, 2
jnz short loc_40D4A0
loc_40D485: ; CODE XREF: sub_40D20A+275�j
movzx ecx, word ptr [esi]
xor edx, edx
cmp cx, 0Ah
setz dl
inc esi
inc esi
add [ebp+518h+var_574], 2
mov [ebp+518h+var_56C], ecx
mov [ebp+518h+var_58C], esi
mov [ebp+518h+var_590], edx
loc_40D4A0: ; CODE XREF: sub_40D20A+279�j
cmp al, 1
jz short loc_40D4A8
cmp al, 2
jnz short loc_40D4E1
loc_40D4A8: ; CODE XREF: sub_40D20A+298�j
push [ebp+518h+var_56C]
call sub_41088C
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D74F
inc [ebp+518h+var_578]
cmp [ebp+518h+var_590], 0
jz short loc_40D4E1
push 0Dh
pop eax
push eax
mov [ebp+518h+var_56C], eax
call sub_41088C
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D74F
inc [ebp+518h+var_578]
inc [ebp+518h+var_580]
loc_40D4E1: ; CODE XREF: sub_40D20A+232�j
; sub_40D20A+271�j ...
mov eax, [ebp+518h+arg_8]
cmp [ebp+518h+var_574], eax
jb loc_40D369
jmp loc_40D758
; ---------------------------------------------------------------------------
loc_40D4F5: ; CODE XREF: sub_40D20A+EF�j
; sub_40D20A+FC�j ...
mov eax, [edi]
add eax, ebx
test byte ptr [eax+4], 80h
jz loc_40D728
mov eax, [ebp+518h+var_57C]
xor esi, esi
cmp [ebp+518h+var_56D], 0
mov [ebp+518h+var_56C], esi
jnz loc_40D5A6
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D789
loc_40D524: ; CODE XREF: sub_40D20A+395�j
mov ecx, [ebp+518h+var_568]
and [ebp+518h+var_574], 0
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D531: ; CODE XREF: sub_40D20A+354�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D560
mov edx, [ebp+518h+var_568]
inc [ebp+518h+var_568]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_40D551
inc [ebp+518h+var_580]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+518h+var_574]
loc_40D551: ; CODE XREF: sub_40D20A+33B�j
mov [eax], dl
inc eax
inc [ebp+518h+var_574]
cmp [ebp+518h+var_574], 400h
jb short loc_40D531
loc_40D560: ; CODE XREF: sub_40D20A+32D�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:off_41D088
test eax, eax
jz loc_40D74F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D758
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb short loc_40D524
jmp loc_40D758
; ---------------------------------------------------------------------------
loc_40D5A6: ; CODE XREF: sub_40D20A+305�j
cmp [ebp+518h+var_56D], 2
jnz loc_40D64D
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D789
loc_40D5BF: ; CODE XREF: sub_40D20A+438�j
mov ecx, [ebp+518h+var_568]
xor esi, esi
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D5CA: ; CODE XREF: sub_40D20A+3F7�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D603
mov edx, [ebp+518h+var_568]
add [ebp+518h+var_568], 2
movzx edx, word ptr [edx]
inc ecx
inc ecx
cmp dx, 0Ah
jnz short loc_40D5F1
add [ebp+518h+var_580], 2
mov word ptr [eax], 0Dh
inc eax
inc eax
inc esi
inc esi
loc_40D5F1: ; CODE XREF: sub_40D20A+3D8�j
mov edi, [ebp+518h+var_588]
mov [eax], dx
inc eax
inc eax
inc esi
inc esi
cmp esi, 3FFh
jb short loc_40D5CA
loc_40D603: ; CODE XREF: sub_40D20A+3C6�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:off_41D088
test eax, eax
jz loc_40D74F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D758
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb loc_40D5BF
jmp loc_40D758
; ---------------------------------------------------------------------------
loc_40D64D: ; CODE XREF: sub_40D20A+3A0�j
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_574], eax
jbe loc_40D789
loc_40D65C: ; CODE XREF: sub_40D20A+516�j
mov ecx, [ebp+518h+var_574]
and [ebp+518h+var_568], 0
sub ecx, [ebp+518h+var_57C]
push 2
lea eax, [ebp+518h+var_160]
pop esi
loc_40D66F: ; CODE XREF: sub_40D20A+497�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D6A3
mov edx, [ebp+518h+var_574]
movzx edx, word ptr [edx]
add [ebp+518h+var_574], esi
add ecx, esi
cmp dx, 0Ah
jnz short loc_40D692
mov word ptr [eax], 0Dh
add eax, esi
add [ebp+518h+var_568], esi
loc_40D692: ; CODE XREF: sub_40D20A+47C�j
add [ebp+518h+var_568], esi
mov [eax], dx
add eax, esi
cmp [ebp+518h+var_568], 152h
jb short loc_40D66F
loc_40D6A3: ; CODE XREF: sub_40D20A+46B�j
xor esi, esi
push esi
push esi
push 2ABh
lea ecx, [ebp+518h+var_410]
push ecx
lea ecx, [ebp+518h+var_160]
sub eax, ecx
cdq
sub eax, edx
sar eax, 1
push eax
mov eax, ecx
push eax
push esi
push 0FDE9h
call ds:off_41D134
mov edi, eax
cmp edi, esi
jz short loc_40D74F
loc_40D6D6: ; CODE XREF: sub_40D20A+4F6�j
push 0
lea eax, [ebp+518h+var_584]
push eax
mov eax, edi
sub eax, esi
push eax
lea eax, [ebp+esi+518h+var_410]
push eax
mov eax, [ebp+518h+var_588]
mov eax, [eax]
push dword ptr [ebx+eax]
call ds:off_41D088
test eax, eax
jz short loc_40D704
add esi, [ebp+518h+var_584]
cmp edi, esi
jg short loc_40D6D6
jmp short loc_40D70D
; ---------------------------------------------------------------------------
loc_40D704: ; CODE XREF: sub_40D20A+4EF�j
call ds:off_41D0EC
mov [ebp+518h+var_56C], eax
loc_40D70D: ; CODE XREF: sub_40D20A+4F8�j
cmp edi, esi
jg short loc_40D758
mov eax, [ebp+518h+var_574]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
mov [ebp+518h+var_578], eax
jb loc_40D65C
jmp short loc_40D758
; ---------------------------------------------------------------------------
loc_40D728: ; CODE XREF: sub_40D20A+2F3�j
push 0
lea ecx, [ebp+518h+var_584]
push ecx
push [ebp+518h+arg_8]
push [ebp+518h+var_57C]
push dword ptr [eax]
call ds:off_41D088
test eax, eax
jz short loc_40D74F
mov eax, [ebp+518h+var_584]
and [ebp+518h+var_56C], 0
mov [ebp+518h+var_578], eax
jmp short loc_40D758
; ---------------------------------------------------------------------------
loc_40D74F: ; CODE XREF: sub_40D20A+21A�j
; sub_40D20A+25B�j ...
call ds:off_41D0EC
mov [ebp+518h+var_56C], eax
loc_40D758: ; CODE XREF: sub_40D20A+199�j
; sub_40D20A+1AF�j ...
mov eax, [ebp+518h+var_578]
test eax, eax
jnz short loc_40D7B5
mov edi, [ebp+518h+var_588]
loc_40D762: ; CODE XREF: sub_40D20A+153�j
xor esi, esi
cmp [ebp+518h+var_56C], esi
jz short loc_40D789
push 5
pop esi
cmp [ebp+518h+var_56C], esi
jnz short loc_40D77E
call sub_405B83
mov dword ptr [eax], 9
jmp short loc_40D7A9
; ---------------------------------------------------------------------------
loc_40D77E: ; CODE XREF: sub_40D20A+565�j
push [ebp+518h+var_56C]
call sub_405BA9
pop ecx
jmp short loc_40D7B0
; ---------------------------------------------------------------------------
loc_40D789: ; CODE XREF: sub_40D20A+314�j
; sub_40D20A+3AF�j ...
mov eax, [edi]
test byte ptr [ebx+eax+4], 40h
jz short loc_40D79E
mov eax, [ebp+518h+var_57C]
cmp byte ptr [eax], 1Ah
jnz short loc_40D79E
xor eax, eax
jmp short loc_40D7B8
; ---------------------------------------------------------------------------
loc_40D79E: ; CODE XREF: sub_40D20A+586�j
; sub_40D20A+58E�j
call sub_405B83
mov dword ptr [eax], 1Ch
loc_40D7A9: ; CODE XREF: sub_40D20A+572�j
call sub_405B96
mov [eax], esi
loc_40D7B0: ; CODE XREF: sub_40D20A+CC�j
; sub_40D20A+57D�j
or eax, 0FFFFFFFFh
jmp short loc_40D7B8
; ---------------------------------------------------------------------------
loc_40D7B5: ; CODE XREF: sub_40D20A+553�j
sub eax, [ebp+518h+var_580]
loc_40D7B8: ; CODE XREF: sub_40D20A+592�j
; sub_40D20A+5A9�j
pop edi
pop ebx
loc_40D7BA: ; CODE XREF: sub_40D20A+37�j
; sub_40D20A+62�j
mov ecx, [ebp+518h+var_4]
xor ecx, ebp
pop esi
call sub_402AD0
add ebp, 518h
leave
retn
sub_40D20A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7D0 proc near ; CODE XREF: sub_406B86+CB�p
; sub_406B86+13A�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_421AD0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D7FF
call sub_405B96
and dword ptr [eax], 0
call sub_405B83
mov dword ptr [eax], 9
loc_40D7F7: ; CODE XREF: sub_40D7D0+5C�j
or eax, 0FFFFFFFFh
jmp loc_40D89C
; ---------------------------------------------------------------------------
loc_40D7FF: ; CODE XREF: sub_40D7D0+12�j
xor edi, edi
cmp eax, edi
jl short loc_40D80D
cmp eax, dword_4356E8
jb short loc_40D82E
loc_40D80D: ; CODE XREF: sub_40D7D0+33�j
; sub_40D7D0+7C�j
call sub_405B96
mov [eax], edi
call sub_405B83
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
jmp short loc_40D7F7
; ---------------------------------------------------------------------------
loc_40D82E: ; CODE XREF: sub_40D7D0+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:435700h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40D80D
push eax
call sub_40F19E
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40D877
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D20A
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40D88D
; ---------------------------------------------------------------------------
loc_40D877: ; CODE XREF: sub_40D7D0+8F�j
call sub_405B83
mov dword ptr [eax], 9
call sub_405B96
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40D88D: ; CODE XREF: sub_40D7D0+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40D8A2
mov eax, [ebp+var_1C]
loc_40D89C: ; CODE XREF: sub_40D7D0+2A�j
call __SEH_epilog4
retn
sub_40D7D0 endp
; =============== S U B R O U T I N E =======================================
sub_40D8A2 proc near ; CODE XREF: sub_40D7D0+C4�p
push dword ptr [ebp+8]
call sub_40F23E
pop ecx
retn
sub_40D8A2 endp
; =============== S U B R O U T I N E =======================================
sub_40D8AC proc near ; CODE XREF: sub_406B86+9C�p
; sub_40A03D+58�p ...
arg_0 = dword ptr 4
inc dword_427A08
push 1000h
call sub_407AEA
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_40D8D5
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_40D8E6
; ---------------------------------------------------------------------------
loc_40D8D5: ; CODE XREF: sub_40D8AC+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_40D8E6: ; CODE XREF: sub_40D8AC+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_40D8AC endp
; =============== S U B R O U T I N E =======================================
sub_40D8F0 proc near ; CODE XREF: sub_406B86+91�p
; sub_408ACB+C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D907
call sub_405B83
mov dword ptr [eax], 9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40D907: ; CODE XREF: sub_40D8F0+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40D916
cmp eax, dword_4356E8
jb short loc_40D932
loc_40D916: ; CODE XREF: sub_40D8F0+1C�j
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_4032F9
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40D932: ; CODE XREF: sub_40D8F0+24�j
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_435700[ecx*4]
movzx eax, byte ptr [ecx+eax+4]
and eax, 40h
pop esi
retn
sub_40D8F0 endp
; =============== S U B R O U T I N E =======================================
sub_40D94E proc near ; CODE XREF: sub_407D29:loc_407D4C�p
push esi
push edi
xor edi, edi
loc_40D952: ; CODE XREF: sub_40D94E+1A�j
lea esi, dword_423F80[edi]
push dword ptr [esi]
call sub_4054D7
add edi, 4
cmp edi, 28h
pop ecx
mov [esi], eax
jb short loc_40D952
pop edi
pop esi
retn
sub_40D94E endp
; =============== S U B R O U T I N E =======================================
sub_40D96D proc near ; CODE XREF: sub_406D87+554�p
mov eax, dword_423064
or eax, 1
xor ecx, ecx
cmp dword_427E60, eax
setz cl
mov eax, ecx
retn
sub_40D96D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D983 proc near ; CODE XREF: sub_40DAE2+12�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ebp+arg_8]
jnz short loc_40D9A9
cmp edi, ebx
jbe short loc_40D9A9
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D9A5
mov [eax], ebx
loc_40D9A5: ; CODE XREF: sub_40D983+1E�j
; sub_40D983+EC�j ...
xor eax, eax
jmp short loc_40DA28
; ---------------------------------------------------------------------------
loc_40D9A9: ; CODE XREF: sub_40D983+13�j
; sub_40D983+17�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D9B3
or dword ptr [eax], 0FFFFFFFFh
loc_40D9B3: ; CODE XREF: sub_40D983+2B�j
cmp edi, 7FFFFFFFh
jbe short loc_40D9D6
call sub_405B83
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_4032F9
add esp, 14h
loc_40D9D2: ; CODE XREF: sub_40D983+CC�j
; sub_40D983+D5�j
mov eax, esi
jmp short loc_40DA28
; ---------------------------------------------------------------------------
loc_40D9D6: ; CODE XREF: sub_40D983+36�j
push [ebp+arg_10]
lea ecx, [ebp+var_10]
call sub_402ADF
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz loc_40DA81
mov ax, [ebp+arg_C]
cmp ax, 0FFh
jbe short loc_40DA2D
cmp esi, ebx
jz short loc_40DA0A
cmp edi, ebx
jbe short loc_40DA0A
push edi
push ebx
push esi
call sub_407F20
add esp, 0Ch
loc_40DA0A: ; CODE XREF: sub_40D983+76�j
; sub_40D983+7A�j ...
call sub_405B83
mov dword ptr [eax], 2Ah
call sub_405B83
cmp [ebp+var_4], bl
mov eax, [eax]
jz short loc_40DA28
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40DA28: ; CODE XREF: sub_40D983+24�j
; sub_40D983+51�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40DA2D: ; CODE XREF: sub_40D983+72�j
cmp esi, ebx
jz short loc_40DA5F
cmp edi, ebx
ja short loc_40DA5D
loc_40DA35: ; CODE XREF: sub_40D983+141�j
; sub_40D983+149�j ...
call sub_405B83
push 22h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40D9D2
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D9D2
; ---------------------------------------------------------------------------
loc_40DA5D: ; CODE XREF: sub_40D983+B0�j
mov [esi], al
loc_40DA5F: ; CODE XREF: sub_40D983+AC�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40DA6C
mov dword ptr [eax], 1
loc_40DA6C: ; CODE XREF: sub_40D983+E1�j
; sub_40D983+12A�j ...
cmp [ebp+var_4], bl
jz loc_40D9A5
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D9A5
; ---------------------------------------------------------------------------
loc_40DA81: ; CODE XREF: sub_40D983+64�j
lea ecx, [ebp+arg_4]
push ecx
push ebx
push edi
push esi
push 1
lea ecx, [ebp+arg_C]
push ecx
push ebx
mov [ebp+arg_4], ebx
push dword ptr [eax+4]
call ds:off_41D134
cmp eax, ebx
jz short loc_40DAB3
cmp [ebp+arg_4], ebx
jnz loc_40DA0A
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_40DA6C
mov [ecx], eax
jmp short loc_40DA6C
; ---------------------------------------------------------------------------
loc_40DAB3: ; CODE XREF: sub_40D983+11A�j
call ds:off_41D0EC
cmp eax, 7Ah
jnz loc_40DA0A
cmp esi, ebx
jz loc_40DA35
cmp edi, ebx
jbe loc_40DA35
push edi
push ebx
push esi
call sub_407F20
add esp, 0Ch
jmp loc_40DA35
sub_40D983 endp
; =============== S U B R O U T I N E =======================================
sub_40DAE2 proc near ; CODE XREF: sub_406D87+487�p
; sub_406D87+8B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push 0
push [esp+4+arg_C]
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D983
add esp, 14h
retn
sub_40DAE2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40DB00 proc near ; CODE XREF: sub_406D87+786�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40DB31
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_40DB78
; ---------------------------------------------------------------------------
loc_40DB31: ; CODE XREF: sub_40DB00+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40DB3F: ; CODE XREF: sub_40DB00+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40DB3F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_40DB6D
cmp edx, [esp+4+arg_4]
ja short loc_40DB6D
jb short loc_40DB76
cmp eax, [esp+4+arg_0]
jbe short loc_40DB76
loc_40DB6D: ; CODE XREF: sub_40DB00+5D�j
; sub_40DB00+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40DB76: ; CODE XREF: sub_40DB00+65�j
; sub_40DB00+6B�j
xor ebx, ebx
loc_40DB78: ; CODE XREF: sub_40DB00+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_40DB00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DB95 proc near ; CODE XREF: sub_40DC1C+4D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], edi
mov [ebp+var_8], esi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
shr ecx, 7
jmp short loc_40DBB5
; ---------------------------------------------------------------------------
db 8Dh, 9Bh, 4 dup(0)
; ---------------------------------------------------------------------------
loc_40DBB5: ; CODE XREF: sub_40DB95+18�j
; sub_40DB95+7B�j
movdqa xmm0, oword ptr [esi]
movdqa xmm1, oword ptr [esi+10h]
movdqa xmm2, oword ptr [esi+20h]
movdqa xmm3, oword ptr [esi+30h]
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm1
movdqa oword ptr [edi+20h], xmm2
movdqa oword ptr [edi+30h], xmm3
movdqa xmm4, oword ptr [esi+40h]
movdqa xmm5, oword ptr [esi+50h]
movdqa xmm6, oword ptr [esi+60h]
movdqa xmm7, oword ptr [esi+70h]
movdqa oword ptr [edi+40h], xmm4
movdqa oword ptr [edi+50h], xmm5
movdqa oword ptr [edi+60h], xmm6
movdqa oword ptr [edi+70h], xmm7
lea esi, [esi+80h]
lea edi, [edi+80h]
dec ecx
jnz short loc_40DBB5
mov esi, [ebp+var_8]
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DB95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC1C proc near ; CODE XREF: sub_407720+42�j
; sub_407FA0+42�j ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], edi
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
mov ebx, [ebp+arg_4]
mov eax, ebx
cdq
mov ecx, eax
mov eax, [ebp+arg_0]
xor ecx, edx
sub ecx, edx
and ecx, 0Fh
xor ecx, edx
sub ecx, edx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
mov edx, ecx
or edx, edi
jnz short loc_40DC9F
mov esi, [ebp+arg_8]
mov ecx, esi
and ecx, 7Fh
mov [ebp+var_18], ecx
cmp esi, ecx
jz short loc_40DC77
sub esi, ecx
push esi
push ebx
push eax
call sub_40DB95
add esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
loc_40DC77: ; CODE XREF: sub_40DC1C+46�j
test ecx, ecx
jz short loc_40DCF2
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
add edx, ebx
sub edx, ecx
mov [ebp+var_14], edx
add ebx, eax
sub ebx, ecx
mov [ebp+var_10], ebx
mov esi, [ebp+var_14]
mov edi, [ebp+var_10]
mov ecx, [ebp+var_18]
rep movsb
mov eax, [ebp+arg_0]
jmp short loc_40DCF2
; ---------------------------------------------------------------------------
loc_40DC9F: ; CODE XREF: sub_40DC1C+37�j
cmp ecx, edi
jnz short loc_40DCD8
neg ecx
add ecx, 10h
mov [ebp+var_1C], ecx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_1C]
rep movsb
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
sub eax, [ebp+var_1C]
push eax
push edx
push ecx
call sub_40DC1C
add esp, 0Ch
mov eax, [ebp+arg_0]
jmp short loc_40DCF2
; ---------------------------------------------------------------------------
loc_40DCD8: ; CODE XREF: sub_40DC1C+85�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+arg_0]
loc_40DCF2: ; CODE XREF: sub_40DC1C+5D�j
; sub_40DC1C+81�j ...
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edi, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_40DC1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCFF proc near ; CODE XREF: sub_407B2A+E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0040DE04 SIZE 00000019 BYTES
push 0Ch
push offset dword_421AF0
call __SEH_prolog4
mov ecx, [ebp+arg_0]
xor edi, edi
cmp ecx, edi
jbe short loc_40DD42
push 0FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
sbb eax, eax
inc eax
jnz short loc_40DD42
call sub_405B83
mov dword ptr [eax], 0Ch
push edi
push edi
push edi
push edi
push edi
call sub_4032F9
add esp, 14h
loc_40DD3B: ; CODE XREF: sub_40DCFF+E6�j
; sub_40DCFF+F2�j
xor eax, eax
jmp loc_40DE17
; ---------------------------------------------------------------------------
loc_40DD42: ; CODE XREF: sub_40DCFF+13�j
; sub_40DCFF+22�j
imul ecx, [ebp+arg_4]
mov esi, ecx
mov [ebp+arg_0], esi
cmp esi, edi
jnz short loc_40DD52
xor esi, esi
inc esi
loc_40DD52: ; CODE XREF: sub_40DCFF+4E�j
; sub_40DCFF+DB�j
xor ebx, ebx
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja short loc_40DDC5
cmp dword_436854, 3
jnz short loc_40DDB0
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov eax, [ebp+arg_0]
cmp eax, dword_436844
ja short loc_40DDB0
push 4
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_0]
call sub_4066A9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DDFB
mov ebx, [ebp+var_1C]
cmp ebx, edi
jz short loc_40DDB4
push [ebp+arg_0]
push edi
push ebx
call sub_407F20
add esp, 0Ch
loc_40DDB0: ; CODE XREF: sub_40DCFF+64�j
; sub_40DCFF+78�j
cmp ebx, edi
jnz short loc_40DE15
loc_40DDB4: ; CODE XREF: sub_40DCFF+A2�j
push esi
push 8
push dword_4279A8
call ds:off_41D110
mov ebx, eax
loc_40DDC5: ; CODE XREF: sub_40DCFF+5B�j
cmp ebx, edi
jnz short loc_40DE15
cmp dword_427D2C, edi
jz short loc_40DE04
push esi
call sub_408412
pop ecx
test eax, eax
jnz loc_40DD52
mov eax, [ebp+arg_8]
cmp eax, edi
jz loc_40DD3B
mov dword ptr [eax], 0Ch
jmp loc_40DD3B
sub_40DCFF endp
; ---------------------------------------------------------------------------
xor edi, edi
mov esi, [ebp+0Ch]
; =============== S U B R O U T I N E =======================================
sub_40DDFB proc near ; CODE XREF: sub_40DCFF+98�p
push 4
call sub_405CCF
pop ecx
retn
sub_40DDFB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DCFF
loc_40DE04: ; CODE XREF: sub_40DCFF+D0�j
cmp ebx, edi
jnz short loc_40DE15
mov eax, [ebp+arg_8]
cmp eax, edi
jz short loc_40DE15
mov dword ptr [eax], 0Ch
loc_40DE15: ; CODE XREF: sub_40DCFF+B3�j
; sub_40DCFF+C8�j ...
mov eax, ebx
loc_40DE17: ; CODE XREF: sub_40DCFF+3E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40DCFF
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DE1D proc near ; CODE XREF: sub_407B72+C�p
; sub_40E038+3E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0040DF6A SIZE 000000CE BYTES
push 10h
push offset dword_421B10
call __SEH_prolog4
mov ebx, [ebp+arg_0]
test ebx, ebx
jnz short loc_40DE3E
push [ebp+arg_4]
call sub_403AA0
pop ecx
jmp loc_40E00A
; ---------------------------------------------------------------------------
loc_40DE3E: ; CODE XREF: sub_40DE1D+11�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_40DE51
push ebx
call sub_4039C3
pop ecx
jmp loc_40E008
; ---------------------------------------------------------------------------
loc_40DE51: ; CODE XREF: sub_40DE1D+26�j
cmp dword_436854, 3
jnz loc_40DFF1
loc_40DE5E: ; CODE XREF: sub_40DE1D+169�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja loc_40DFF6
push 4
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405ED5
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz loc_40DF27
cmp esi, dword_436844
ja short loc_40DEDA
push esi
push ebx
push eax
call sub_4063CA
add esp, 0Ch
test eax, eax
jz short loc_40DEA5
mov [ebp+var_1C], ebx
jmp short loc_40DEDA
; ---------------------------------------------------------------------------
loc_40DEA5: ; CODE XREF: sub_40DE1D+81�j
push esi
call sub_4066A9
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DEDA
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DEBD
mov eax, esi
loc_40DEBD: ; CODE XREF: sub_40DE1D+9C�j
push eax
push ebx
push [ebp+var_1C]
call sub_407FA0
push ebx
call sub_405ED5
mov [ebp+var_20], eax
push ebx
push eax
call sub_405F00
add esp, 18h
loc_40DEDA: ; CODE XREF: sub_40DE1D+72�j
; sub_40DE1D+86�j ...
cmp [ebp+var_1C], edi
jnz short loc_40DF27
cmp esi, edi
jnz short loc_40DEE9
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_40DEE9: ; CODE XREF: sub_40DE1D+C4�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push dword_4279A8
call ds:off_41D110
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DF27
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DF11
mov eax, esi
loc_40DF11: ; CODE XREF: sub_40DE1D+F0�j
push eax
push ebx
push [ebp+var_1C]
call sub_407FA0
push ebx
push [ebp+var_20]
call sub_405F00
add esp, 14h
loc_40DF27: ; CODE XREF: sub_40DE1D+66�j
; sub_40DE1D+C0�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DF61
cmp [ebp+var_20], 0
jnz short loc_40DF6A
test esi, esi
jnz short loc_40DF3E
inc esi
loc_40DF3E: ; CODE XREF: sub_40DE1D+11E�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push 0
push dword_4279A8
call ds:off_41D150
mov edi, eax
jmp short loc_40DF6D
sub_40DE1D endp
; ---------------------------------------------------------------------------
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_40DF61 proc near ; CODE XREF: sub_40DE1D+111�p
push 4
call sub_405CCF
pop ecx
retn
sub_40DF61 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DE1D
loc_40DF6A: ; CODE XREF: sub_40DE1D+11A�j
mov edi, [ebp+var_1C]
loc_40DF6D: ; CODE XREF: sub_40DE1D+13C�j
test edi, edi
jnz loc_40E034
cmp dword_427D2C, edi
jz short loc_40DFA9
push esi
call sub_408412
pop ecx
test eax, eax
jnz loc_40DE5E
call sub_405B83
cmp [ebp+var_20], edi
jnz short loc_40E002
loc_40DF96: ; CODE XREF: sub_40DE1D+1F8�j
mov esi, eax
call ds:off_41D0EC
push eax
call sub_405B48
pop ecx
mov [esi], eax
jmp short loc_40E008
; ---------------------------------------------------------------------------
loc_40DFA9: ; CODE XREF: sub_40DE1D+15E�j
test edi, edi
jnz loc_40E034
call sub_405B83
cmp [ebp+var_20], edi
jz short loc_40E023
mov dword ptr [eax], 0Ch
jmp short loc_40E034
; ---------------------------------------------------------------------------
loc_40DFC3: ; CODE XREF: sub_40DE1D+1D7�j
test esi, esi
jnz short loc_40DFC8
inc esi
loc_40DFC8: ; CODE XREF: sub_40DE1D+1A8�j
push esi
push ebx
push 0
push dword_4279A8
call ds:off_41D150
mov edi, eax
test edi, edi
jnz short loc_40E034
cmp dword_427D2C, eax
jz short loc_40E01A
push esi
call sub_408412
pop ecx
test eax, eax
jz short loc_40E010
loc_40DFF1: ; CODE XREF: sub_40DE1D+3B�j
cmp esi, 0FFFFFFE0h
jbe short loc_40DFC3
loc_40DFF6: ; CODE XREF: sub_40DE1D+49�j
push esi
call sub_408412
pop ecx
call sub_405B83
loc_40E002: ; CODE XREF: sub_40DE1D+177�j
mov dword ptr [eax], 0Ch
loc_40E008: ; CODE XREF: sub_40DE1D+2F�j
; sub_40DE1D+18A�j
xor eax, eax
loc_40E00A: ; CODE XREF: sub_40DE1D+1C�j
; sub_40DE1D+219�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40E010: ; CODE XREF: sub_40DE1D+1D2�j
call sub_405B83
jmp loc_40DF96
; ---------------------------------------------------------------------------
loc_40E01A: ; CODE XREF: sub_40DE1D+1C7�j
test edi, edi
jnz short loc_40E034
call sub_405B83
loc_40E023: ; CODE XREF: sub_40DE1D+19C�j
mov esi, eax
call ds:off_41D0EC
push eax
call sub_405B48
mov [esi], eax
pop ecx
loc_40E034: ; CODE XREF: sub_40DE1D+152�j
; sub_40DE1D+18E�j ...
mov eax, edi
jmp short loc_40E00A
; END OF FUNCTION CHUNK FOR sub_40DE1D
; =============== S U B R O U T I N E =======================================
sub_40E038 proc near ; CODE XREF: sub_407BBD+10�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jbe short loc_40E06C
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, [esp+4+arg_8]
jnb short loc_40E06C
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 0Ch
call sub_4032F9
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E06C: ; CODE XREF: sub_40E038+9�j
; sub_40E038+16�j
imul ecx, [esp+4+arg_8]
push ecx
push [esp+8+arg_0]
call sub_40DE1D
pop ecx
pop ecx
pop esi
retn
sub_40E038 endp
; =============== S U B R O U T I N E =======================================
sub_40E07F proc near ; CODE XREF: sub_407EC9+27�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_427E64, eax
mov dword_427E68, eax
mov dword_427E6C, eax
mov dword_427E70, eax
retn
sub_40E07F endp
; =============== S U B R O U T I N E =======================================
sub_40E098 proc near ; CODE XREF: sub_40E0D9+5A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_423E44
push esi
loc_40E0A3: ; CODE XREF: sub_40E098+1E�j
cmp [eax+4], edx
jz short loc_40E0B8
mov esi, ecx
imul esi, 0Ch
add esi, [esp+4+arg_0]
add eax, 0Ch
cmp eax, esi
jb short loc_40E0A3
loc_40E0B8: ; CODE XREF: sub_40E098+E�j
imul ecx, 0Ch
add ecx, [esp+4+arg_0]
pop esi
cmp eax, ecx
jnb short loc_40E0C9
cmp [eax+4], edx
jz short locret_40E0CB
loc_40E0C9: ; CODE XREF: sub_40E098+2A�j
xor eax, eax
locret_40E0CB: ; CODE XREF: sub_40E098+2F�j
retn
sub_40E098 endp
; =============== S U B R O U T I N E =======================================
sub_40E0CC proc near ; CODE XREF: sub_41056E:loc_41059B�p
push dword_427E6C
call sub_405543
pop ecx
retn
sub_40E0CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E0D9 proc near ; CODE XREF: sub_41056E+38�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0040E283 SIZE 00000006 BYTES
push 20h
push offset dword_421B30
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_28], edi
mov ebx, [ebp+arg_0]
cmp ebx, 0Bh
jg short loc_40E141
jz short loc_40E10C
mov eax, ebx
push 2
pop ecx
sub eax, ecx
jz short loc_40E122
sub eax, ecx
jz short loc_40E10C
sub eax, ecx
jz short loc_40E16C
sub eax, ecx
jnz short loc_40E150
loc_40E10C: ; CODE XREF: sub_40E0D9+1C�j
; sub_40E0D9+29�j
call sub_4056CA
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jnz short loc_40E12E
loc_40E11A: ; CODE XREF: sub_40E0D9+91�j
or eax, 0FFFFFFFFh
jmp loc_40E283
; ---------------------------------------------------------------------------
loc_40E122: ; CODE XREF: sub_40E0D9+25�j
mov esi, offset dword_427E64
mov eax, dword_427E64
jmp short loc_40E18E
; ---------------------------------------------------------------------------
loc_40E12E: ; CODE XREF: sub_40E0D9+3F�j
push dword ptr [edi+5Ch]
mov edx, ebx
call sub_40E098
mov esi, eax
add esi, 8
mov eax, [esi]
jmp short loc_40E19B
; ---------------------------------------------------------------------------
loc_40E141: ; CODE XREF: sub_40E0D9+1A�j
mov eax, ebx
sub eax, 0Fh
jz short loc_40E184
sub eax, 6
jz short loc_40E178
dec eax
jz short loc_40E16C
loc_40E150: ; CODE XREF: sub_40E0D9+31�j
call sub_405B83
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_4032F9
add esp, 14h
jmp short loc_40E11A
; ---------------------------------------------------------------------------
loc_40E16C: ; CODE XREF: sub_40E0D9+2D�j
; sub_40E0D9+75�j
mov esi, offset dword_427E6C
mov eax, dword_427E6C
jmp short loc_40E18E
; ---------------------------------------------------------------------------
loc_40E178: ; CODE XREF: sub_40E0D9+72�j
mov esi, offset dword_427E68
mov eax, dword_427E68
jmp short loc_40E18E
; ---------------------------------------------------------------------------
loc_40E184: ; CODE XREF: sub_40E0D9+6D�j
mov esi, offset dword_427E70
mov eax, dword_427E70
loc_40E18E: ; CODE XREF: sub_40E0D9+53�j
; sub_40E0D9+9D�j ...
mov [ebp+var_1C], 1
push eax
call sub_405543
loc_40E19B: ; CODE XREF: sub_40E0D9+66�j
mov [ebp+var_20], eax
pop ecx
xor eax, eax
cmp [ebp+var_20], 1
jz loc_40E283
cmp [ebp+var_20], eax
jnz short loc_40E1B7
push 3
call sub_407E9A
loc_40E1B7: ; CODE XREF: sub_40E0D9+D5�j
cmp [ebp+var_1C], eax
jz short loc_40E1C3
push eax
call sub_405DA7
pop ecx
loc_40E1C3: ; CODE XREF: sub_40E0D9+E1�j
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ebx, 8
jz short loc_40E1D7
cmp ebx, 0Bh
jz short loc_40E1D7
cmp ebx, 4
jnz short loc_40E1F2
loc_40E1D7: ; CODE XREF: sub_40E0D9+F2�j
; sub_40E0D9+F7�j
mov ecx, [edi+60h]
mov [ebp+var_2C], ecx
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40E225
mov ecx, [edi+64h]
mov [ebp+var_30], ecx
mov dword ptr [edi+64h], 8Ch
loc_40E1F2: ; CODE XREF: sub_40E0D9+FC�j
cmp ebx, 8
jnz short loc_40E225
mov ecx, dword_423E38
mov [ebp+var_24], ecx
loc_40E200: ; CODE XREF: sub_40E0D9+14A�j
mov ecx, dword_423E3C
mov edx, dword_423E38
add ecx, edx
cmp [ebp+var_24], ecx
jge short loc_40E22C
mov ecx, [ebp+var_24]
imul ecx, 0Ch
mov edx, [edi+5Ch]
mov [ecx+edx+8], eax
inc [ebp+var_24]
jmp short loc_40E200
; ---------------------------------------------------------------------------
loc_40E225: ; CODE XREF: sub_40E0D9+10A�j
; sub_40E0D9+11C�j
call sub_40553A
mov [esi], eax
loc_40E22C: ; CODE XREF: sub_40E0D9+138�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E24D
cmp ebx, 8
jnz short sub_40E25C
push dword ptr [edi+64h]
push ebx
call [ebp+var_20]
pop ecx
jmp short loc_40E260
sub_40E0D9 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov ebx, [ebp+8]
mov edi, [ebp-28h]
; =============== S U B R O U T I N E =======================================
sub_40E24D proc near ; CODE XREF: sub_40E0D9+15A�p
cmp dword ptr [ebp-1Ch], 0
jz short locret_40E25B
push 0
call sub_405CCF
pop ecx
locret_40E25B: ; CODE XREF: sub_40E24D+4�j
retn
sub_40E24D endp
; =============== S U B R O U T I N E =======================================
sub_40E25C proc near ; CODE XREF: sub_40E0D9+162�j
push ebx
call dword ptr [ebp-20h]
loc_40E260: ; CODE XREF: sub_40E0D9+16C�j
pop ecx
cmp ebx, 8
jz short loc_40E270
cmp ebx, 0Bh
jz short loc_40E270
cmp ebx, 4
jnz short loc_40E281
loc_40E270: ; CODE XREF: sub_40E25C+8�j
; sub_40E25C+D�j
mov eax, [ebp-2Ch]
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40E281
mov eax, [ebp-30h]
mov [edi+64h], eax
loc_40E281: ; CODE XREF: sub_40E25C+12�j
; sub_40E25C+1D�j
xor eax, eax
sub_40E25C endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_40E0D9
loc_40E283: ; CODE XREF: sub_40E0D9+44�j
; sub_40E0D9+CC�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40E0D9
; =============== S U B R O U T I N E =======================================
sub_40E289 proc near ; CODE XREF: sub_407EC9+21�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_427E78, eax
retn
sub_40E289 endp
; =============== S U B R O U T I N E =======================================
sub_40E293 proc near ; CODE XREF: sub_407EC9+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_427E84, eax
retn
sub_40E293 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E29D proc near ; CODE XREF: sub_40E2F4+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
shr ecx, 7
pxor xmm0, xmm0
jmp short loc_40E2BD
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
db 90h
; ---------------------------------------------------------------------------
loc_40E2BD: ; CODE XREF: sub_40E29D+16�j
; sub_40E29D+4E�j
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm0
movdqa oword ptr [edi+20h], xmm0
movdqa oword ptr [edi+30h], xmm0
movdqa oword ptr [edi+40h], xmm0
movdqa oword ptr [edi+50h], xmm0
movdqa oword ptr [edi+60h], xmm0
movdqa oword ptr [edi+70h], xmm0
lea edi, [edi+80h]
dec ecx
jnz short loc_40E2BD
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40E29D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E2F4 proc near ; CODE XREF: sub_407F20+27�j
; sub_40E2F4+7D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], edi
mov eax, [ebp+arg_0]
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
test edi, edi
jnz short loc_40E34E
mov ecx, [ebp+arg_8]
mov edx, ecx
and edx, 7Fh
mov [ebp+var_C], edx
cmp ecx, edx
jz short loc_40E333
sub ecx, edx
push ecx
push eax
call sub_40E29D
add esp, 8
mov eax, [ebp+arg_0]
mov edx, [ebp+var_C]
loc_40E333: ; CODE XREF: sub_40E2F4+2B�j
test edx, edx
jz short loc_40E37C
add eax, [ebp+arg_8]
sub eax, edx
mov [ebp+var_8], eax
xor eax, eax
mov edi, [ebp+var_8]
mov ecx, [ebp+var_C]
rep stosb
mov eax, [ebp+arg_0]
jmp short loc_40E37C
; ---------------------------------------------------------------------------
loc_40E34E: ; CODE XREF: sub_40E2F4+1C�j
neg edi
add edi, 10h
mov [ebp+var_10], edi
xor eax, eax
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_10]
rep stosb
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
add ecx, eax
sub edx, eax
push edx
push 0
push ecx
call sub_40E2F4
add esp, 0Ch
mov eax, [ebp+arg_0]
loc_40E37C: ; CODE XREF: sub_40E2F4+41�j
; sub_40E2F4+58�j
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40E2F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E383 proc near ; CODE XREF: sub_4084EB+E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421B50
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
push 1
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], ebx
push 3
pop edi
loc_40E3A2: ; CODE XREF: sub_40E383+7F�j
mov [ebp+var_20], edi
cmp edi, dword_436820
jge short loc_40E404
mov esi, edi
shl esi, 2
mov eax, dword_435800
add eax, esi
cmp [eax], ebx
jz short loc_40E401
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_40E3D4
push eax
call sub_403884
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_40E3D4
inc [ebp+var_1C]
loc_40E3D4: ; CODE XREF: sub_40E383+40�j
; sub_40E383+4C�j
cmp edi, 14h
jl short loc_40E401
mov eax, dword_435800
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:off_41D16C
mov eax, dword_435800
push dword ptr [esi+eax]
call sub_4039C3
pop ecx
mov eax, dword_435800
mov [esi+eax], ebx
loc_40E401: ; CODE XREF: sub_40E383+38�j
; sub_40E383+54�j
inc edi
jmp short loc_40E3A2
; ---------------------------------------------------------------------------
loc_40E404: ; CODE XREF: sub_40E383+28�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E419
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40E383 endp
; =============== S U B R O U T I N E =======================================
sub_40E419 proc near ; CODE XREF: sub_40E383+88�p
push 1
call sub_405CCF
pop ecx
retn
sub_40E419 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E422 proc near ; CODE XREF: sub_40EA60+72�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor ebx, ebx
test byte ptr [ebp+arg_8], 80h
push edi
push 10h
mov esi, eax
mov [ebp+var_14], ebx
mov [ebp+var_18], ebx
mov [ebp+var_2], bl
mov [ebp+var_28], 0Ch
mov [ebp+var_24], ebx
pop edi
jz short loc_40E454
mov [ebp+var_20], ebx
mov [ebp+var_1], 10h
jmp short loc_40E45E
; ---------------------------------------------------------------------------
loc_40E454: ; CODE XREF: sub_40E422+27�j
mov [ebp+var_20], 1
mov [ebp+var_1], bl
loc_40E45E: ; CODE XREF: sub_40E422+30�j
lea eax, [ebp+var_14]
push eax
call sub_410C39
test eax, eax
pop ecx
jz short loc_40E479
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4031FD
add esp, 14h
loc_40E479: ; CODE XREF: sub_40E422+48�j
lea eax, [ebp+var_18]
push eax
call sub_407CB6
test eax, eax
pop ecx
jz short loc_40E494
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4031FD
add esp, 14h
loc_40E494: ; CODE XREF: sub_40E422+63�j
mov eax, 8000h
test [ebp+arg_8], eax
jnz short loc_40E4B0
test [ebp+arg_8], 74000h
jnz short loc_40E4AC
cmp [ebp+var_14], eax
jz short loc_40E4B0
loc_40E4AC: ; CODE XREF: sub_40E422+83�j
or [ebp+var_1], 80h
loc_40E4B0: ; CODE XREF: sub_40E422+7A�j
; sub_40E422+88�j
mov eax, [ebp+arg_8]
push 3
pop edx
and eax, edx
sub eax, ebx
mov ecx, 80000000h
jz short loc_40E4FF
dec eax
jz short loc_40E4F6
dec eax
jz short loc_40E4ED
loc_40E4C7: ; CODE XREF: sub_40E422+F6�j
; sub_40E422+14F�j ...
call sub_405B96
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_405B83
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_4032F9
add esp, 14h
jmp loc_40E97C
; ---------------------------------------------------------------------------
loc_40E4ED: ; CODE XREF: sub_40E422+A3�j
mov [ebp+var_C], 0C0000000h
jmp short loc_40E502
; ---------------------------------------------------------------------------
loc_40E4F6: ; CODE XREF: sub_40E422+A0�j
mov [ebp+var_C], 40000000h
jmp short loc_40E502
; ---------------------------------------------------------------------------
loc_40E4FF: ; CODE XREF: sub_40E422+9D�j
mov [ebp+var_C], ecx
loc_40E502: ; CODE XREF: sub_40E422+D2�j
; sub_40E422+DB�j
mov eax, [ebp+arg_C]
sub eax, edi
jz short loc_40E53E
sub eax, edi
jz short loc_40E535
sub eax, edi
jz short loc_40E52C
sub eax, edi
jz short loc_40E527
sub eax, 40h
jnz short loc_40E4C7
xor eax, eax
cmp [ebp+var_C], ecx
setz al
mov [ebp+var_8], eax
jmp short loc_40E541
; ---------------------------------------------------------------------------
loc_40E527: ; CODE XREF: sub_40E422+F1�j
mov [ebp+var_8], edx
jmp short loc_40E541
; ---------------------------------------------------------------------------
loc_40E52C: ; CODE XREF: sub_40E422+ED�j
mov [ebp+var_8], 2
jmp short loc_40E541
; ---------------------------------------------------------------------------
loc_40E535: ; CODE XREF: sub_40E422+E9�j
mov [ebp+var_8], 1
jmp short loc_40E541
; ---------------------------------------------------------------------------
loc_40E53E: ; CODE XREF: sub_40E422+E5�j
mov [ebp+var_8], ebx
loc_40E541: ; CODE XREF: sub_40E422+103�j
; sub_40E422+108�j ...
mov eax, [ebp+arg_8]
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
jg short loc_40E592
jz short loc_40E589
cmp eax, ebx
jz short loc_40E589
cmp eax, 100h
jz short loc_40E580
cmp eax, 200h
jz loc_40E604
cmp eax, 300h
jnz loc_40E4C7
mov [ebp+var_10], 2
jmp short loc_40E5AF
; ---------------------------------------------------------------------------
loc_40E580: ; CODE XREF: sub_40E422+13D�j
mov [ebp+var_10], 4
jmp short loc_40E5AF
; ---------------------------------------------------------------------------
loc_40E589: ; CODE XREF: sub_40E422+132�j
; sub_40E422+136�j
mov [ebp+var_10], 3
jmp short loc_40E5AF
; ---------------------------------------------------------------------------
loc_40E592: ; CODE XREF: sub_40E422+130�j
cmp eax, 500h
jz short loc_40E5A8
cmp eax, 600h
jz short loc_40E604
cmp eax, edx
jnz loc_40E4C7
loc_40E5A8: ; CODE XREF: sub_40E422+175�j
mov [ebp+var_10], 1
loc_40E5AF: ; CODE XREF: sub_40E422+15C�j
; sub_40E422+165�j ...
mov ecx, [ebp+arg_8]
mov eax, 100h
test ecx, eax
mov edi, 80h
jz short loc_40E5D2
mov edx, dword_4279B4
not edx
and edx, [ebp+arg_10]
test dl, dl
js short loc_40E5D2
xor edi, edi
inc edi
loc_40E5D2: ; CODE XREF: sub_40E422+19C�j
; sub_40E422+1AB�j
test cl, 40h
jz short loc_40E5EE
or [ebp+var_C], 10000h
or edi, 4000000h
cmp [ebp+var_18], 2
jnz short loc_40E5EE
or [ebp+var_8], 4
loc_40E5EE: ; CODE XREF: sub_40E422+1B3�j
; sub_40E422+1C6�j
test cx, 1000h
jz short loc_40E5F7
or edi, eax
loc_40E5F7: ; CODE XREF: sub_40E422+1D1�j
test cl, 20h
jz short loc_40E60D
or edi, 8000000h
jmp short loc_40E618
; ---------------------------------------------------------------------------
loc_40E604: ; CODE XREF: sub_40E422+144�j
; sub_40E422+17C�j
mov [ebp+var_10], 5
jmp short loc_40E5AF
; ---------------------------------------------------------------------------
loc_40E60D: ; CODE XREF: sub_40E422+1D8�j
test cl, 10h
jz short loc_40E618
or edi, 10000000h
loc_40E618: ; CODE XREF: sub_40E422+1E0�j
; sub_40E422+1EE�j
call sub_40F260
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_40E63B
call sub_405B96
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_405B83
mov dword ptr [eax], 18h
jmp short loc_40E68B
; ---------------------------------------------------------------------------
loc_40E63B: ; CODE XREF: sub_40E422+200�j
mov eax, [ebp+arg_0]
push ebx
push edi
push [ebp+var_10]
mov dword ptr [eax], 1
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
push [ebp+var_C]
push [ebp+arg_4]
call ds:off_41D06C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_40E697
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_435700[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
loc_40E67E: ; CODE XREF: sub_40E422+2A2�j
call ds:off_41D0EC
push eax
call sub_405BA9
loc_40E68A: ; CODE XREF: sub_40E422+345�j
pop ecx
loc_40E68B: ; CODE XREF: sub_40E422+217�j
call sub_405B83
mov eax, [eax]
jmp loc_40EA5B
; ---------------------------------------------------------------------------
loc_40E697: ; CODE XREF: sub_40E422+23F�j
push edi
call ds:off_41D144
cmp eax, ebx
jnz short loc_40E6C6
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_435700[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
push edi
call ds:off_41D0D8
jmp short loc_40E67E
; ---------------------------------------------------------------------------
loc_40E6C6: ; CODE XREF: sub_40E422+27E�j
cmp eax, 2
jnz short loc_40E6D1
or [ebp+var_1], 40h
jmp short loc_40E6DA
; ---------------------------------------------------------------------------
loc_40E6D1: ; CODE XREF: sub_40E422+2A7�j
cmp eax, 3
jnz short loc_40E6DA
or [ebp+var_1], 8
loc_40E6DA: ; CODE XREF: sub_40E422+2AD�j
; sub_40E422+2B2�j
push edi
push dword ptr [esi]
call sub_40F02F
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, dword_435700[edx*4]
pop ecx
pop ecx
mov cl, [ebp+var_1]
or cl, 1
mov [edx+eax+4], cl
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, dword_435700[edx*4]
lea eax, [edx+eax+24h]
and byte ptr [eax], 80h
mov [ebp+var_3], cl
and [ebp+var_3], 48h
mov [ebp+var_1], cl
jnz loc_40E7AD
test cl, 80h
jz loc_40E9E7
test byte ptr [ebp+arg_8], 2
jz short loc_40E7AD
push 2
or edi, 0FFFFFFFFh
push edi
push dword ptr [esi]
call sub_410B0B
add esp, 0Ch
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40E76C
call sub_405B96
cmp dword ptr [eax], 83h
jz short loc_40E7AD
loc_40E760: ; CODE XREF: sub_40E422+379�j
; sub_40E422+389�j ...
push dword ptr [esi]
call sub_408DFD
jmp loc_40E68A
; ---------------------------------------------------------------------------
loc_40E76C: ; CODE XREF: sub_40E422+32F�j
push 1
lea eax, [ebp+var_4]
push eax
push dword ptr [esi]
mov [ebp+var_4], bl
call sub_40A15D
add esp, 0Ch
test eax, eax
jnz short loc_40E79D
cmp [ebp+var_4], 1Ah
jnz short loc_40E79D
mov eax, [ebp+var_8]
cdq
push edx
push eax
push dword ptr [esi]
call sub_410957
add esp, 0Ch
cmp eax, edi
jz short loc_40E760
loc_40E79D: ; CODE XREF: sub_40E422+35F�j
; sub_40E422+365�j
push ebx
push ebx
push dword ptr [esi]
call sub_410B0B
add esp, 0Ch
cmp eax, edi
jz short loc_40E760
loc_40E7AD: ; CODE XREF: sub_40E422+305�j
; sub_40E422+318�j ...
test [ebp+var_1], 80h
jz loc_40E9E7
mov ecx, 74000h
test [ebp+arg_8], ecx
mov edi, 4000h
jnz short loc_40E7D5
mov eax, [ebp+var_14]
and eax, ecx
jnz short loc_40E7D2
or [ebp+arg_8], edi
jmp short loc_40E7D5
; ---------------------------------------------------------------------------
loc_40E7D2: ; CODE XREF: sub_40E422+3A9�j
or [ebp+arg_8], eax
loc_40E7D5: ; CODE XREF: sub_40E422+3A2�j
; sub_40E422+3AE�j
mov eax, [ebp+arg_8]
and eax, ecx
cmp eax, edi
jz short loc_40E822
cmp eax, 10000h
jz short loc_40E80E
cmp eax, 14000h
jz short loc_40E80E
cmp eax, 20000h
jz short loc_40E81C
cmp eax, 24000h
jz short loc_40E81C
cmp eax, 40000h
jz short loc_40E808
cmp eax, 44000h
jnz short loc_40E825
loc_40E808: ; CODE XREF: sub_40E422+3DD�j
mov [ebp+var_2], 1
jmp short loc_40E825
; ---------------------------------------------------------------------------
loc_40E80E: ; CODE XREF: sub_40E422+3C1�j
; sub_40E422+3C8�j
mov ecx, [ebp+arg_8]
mov eax, 301h
and ecx, eax
cmp ecx, eax
jnz short loc_40E825
loc_40E81C: ; CODE XREF: sub_40E422+3CF�j
; sub_40E422+3D6�j
mov [ebp+var_2], 2
jmp short loc_40E825
; ---------------------------------------------------------------------------
loc_40E822: ; CODE XREF: sub_40E422+3BA�j
mov [ebp+var_2], bl
loc_40E825: ; CODE XREF: sub_40E422+3E4�j
; sub_40E422+3EA�j ...
test [ebp+arg_8], 70000h
jz loc_40E9E7
test [ebp+var_1], 40h
mov [ebp+var_8], ebx
jnz loc_40E9E7
mov eax, [ebp+var_C]
mov ecx, 0C0000000h
and eax, ecx
cmp eax, 40000000h
jz loc_40E90B
cmp eax, 80000000h
jz short loc_40E8D2
cmp eax, ecx
jnz loc_40E9E7
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E9E7
cmp eax, 2
jbe short loc_40E881
cmp eax, 4
jbe short loc_40E8A8
loc_40E878: ; CODE XREF: sub_40E422+500�j
cmp eax, 5
jnz loc_40E9E7
loc_40E881: ; CODE XREF: sub_40E422+44F�j
; sub_40E422+496�j ...
movsx eax, [ebp+var_2]
xor edi, edi
dec eax
jz loc_40E9B4
dec eax
jnz loc_40E9E7
mov [ebp+var_8], 0FEFFh
mov [ebp+var_10], 2
jmp loc_40E9C2
; ---------------------------------------------------------------------------
loc_40E8A8: ; CODE XREF: sub_40E422+454�j
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40D06E
add esp, 10h
or eax, edx
jz short loc_40E881
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40D06E
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_40E760
loc_40E8D2: ; CODE XREF: sub_40E422+437�j
push 3
lea eax, [ebp+var_8]
push eax
push dword ptr [esi]
call sub_40A15D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E760
cmp eax, 2
jz short loc_40E95B
cmp eax, 3
jnz loc_40E9A6
cmp [ebp+var_8], 0BFBBEFh
jnz short loc_40E95B
mov [ebp+var_2], 1
jmp loc_40E9E7
; ---------------------------------------------------------------------------
loc_40E90B: ; CODE XREF: sub_40E422+42C�j
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E9E7
cmp eax, 2
jbe loc_40E881
cmp eax, 4
ja loc_40E878
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40D06E
add esp, 10h
or eax, edx
jz loc_40E881
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40D06E
add esp, 10h
and eax, edx
loc_40E94D: ; CODE XREF: sub_40E422+590�j
cmp eax, 0FFFFFFFFh
jnz loc_40E9E7
jmp loc_40E760
; ---------------------------------------------------------------------------
loc_40E95B: ; CODE XREF: sub_40E422+4CC�j
; sub_40E422+4DE�j
mov eax, [ebp+var_8]
and eax, 0FFFFh
cmp eax, 0FFFEh
jnz short loc_40E983
push dword ptr [esi]
call sub_408DFD
pop ecx
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_40E97C: ; CODE XREF: sub_40E422+C6�j
mov eax, esi
jmp loc_40EA5B
; ---------------------------------------------------------------------------
loc_40E983: ; CODE XREF: sub_40E422+546�j
cmp eax, 0FEFFh
jnz short loc_40E9A6
push ebx
push 2
push dword ptr [esi]
call sub_410B0B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E760
mov [ebp+var_2], 2
jmp short loc_40E9E7
; ---------------------------------------------------------------------------
loc_40E9A6: ; CODE XREF: sub_40E422+4D1�j
; sub_40E422+566�j
push ebx
push ebx
push dword ptr [esi]
call sub_410B0B
add esp, 0Ch
jmp short loc_40E94D
; ---------------------------------------------------------------------------
loc_40E9B4: ; CODE XREF: sub_40E422+466�j
mov [ebp+var_8], 0BFBBEFh
mov [ebp+var_10], 3
loc_40E9C2: ; CODE XREF: sub_40E422+481�j
; sub_40E422+5C3�j
mov eax, [ebp+var_10]
sub eax, edi
push eax
lea eax, [ebp+edi+var_8]
push eax
push dword ptr [esi]
call sub_40D7D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E760
add edi, eax
cmp [ebp+var_10], edi
jg short loc_40E9C2
loc_40E9E7: ; CODE XREF: sub_40E422+30E�j
; sub_40E422+38F�j ...
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_435700[ecx*4]
lea eax, [ecx+eax+24h]
mov cl, [eax]
xor cl, [ebp+var_2]
and cl, 7Fh
xor [eax], cl
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_435700[ecx*4]
lea eax, [ecx+eax+24h]
mov ecx, [ebp+arg_8]
mov dl, [eax]
shr ecx, 10h
shl cl, 7
and dl, 7Fh
or cl, dl
cmp [ebp+var_3], bl
mov [eax], cl
jnz short loc_40EA59
test byte ptr [ebp+arg_8], 8
jz short loc_40EA59
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_435700[eax*4]
lea eax, [eax+esi+4]
or byte ptr [eax], 20h
loc_40EA59: ; CODE XREF: sub_40E422+614�j
; sub_40E422+61A�j
mov eax, ebx
loc_40EA5B: ; CODE XREF: sub_40E422+270�j
; sub_40E422+55C�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E422 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EA60 proc near ; CODE XREF: sub_40EB2C+14�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 14h
push offset dword_421B70
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
xor eax, eax
mov edi, [ebp+arg_10]
cmp edi, esi
setnz al
cmp eax, esi
jnz short loc_40EA9A
loc_40EA7F: ; CODE XREF: sub_40EA60+47�j
; sub_40EA60+5B�j
call sub_405B83
push 16h
pop edi
mov [eax], edi
push esi
push esi
push esi
push esi
push esi
call sub_4032F9
add esp, 14h
mov eax, edi
jmp short loc_40EAF3
; ---------------------------------------------------------------------------
loc_40EA9A: ; CODE XREF: sub_40EA60+1D�j
or dword ptr [edi], 0FFFFFFFFh
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jz short loc_40EA7F
cmp [ebp+arg_14], esi
jz short loc_40EABD
mov eax, [ebp+arg_C]
and eax, 0FFFFFE7Fh
neg eax
sbb eax, eax
inc eax
jz short loc_40EA7F
loc_40EABD: ; CODE XREF: sub_40EA60+4C�j
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
mov eax, edi
call sub_40E422
add esp, 14h
mov [ebp+var_20], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40EAFE
mov eax, [ebp+var_20]
cmp eax, esi
jz short loc_40EAF3
or dword ptr [edi], 0FFFFFFFFh
loc_40EAF3: ; CODE XREF: sub_40EA60+38�j
; sub_40EA60+8E�j
call __SEH_epilog4
retn
sub_40EA60 endp
; ---------------------------------------------------------------------------
xor esi, esi
mov edi, [ebp+18h]
; =============== S U B R O U T I N E =======================================
sub_40EAFE proc near ; CODE XREF: sub_40EA60+84�p
cmp [ebp-1Ch], esi
jz short locret_40EB2B
cmp [ebp-20h], esi
jz short loc_40EB23
mov eax, [edi]
mov ecx, eax
sar ecx, 5
and eax, 1Fh
imul eax, 28h
mov ecx, dword_435700[ecx*4]
lea eax, [ecx+eax+4]
and byte ptr [eax], 0FEh
loc_40EB23: ; CODE XREF: sub_40EAFE+8�j
push dword ptr [edi]
call sub_40F23E
pop ecx
locret_40EB2B: ; CODE XREF: sub_40EAFE+3�j
retn
sub_40EAFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB2C proc near ; CODE XREF: sub_4085AF+26D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 1
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40EA60
add esp, 18h
pop ebp
retn
sub_40EB2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB4A proc near ; CODE XREF: sub_40ED64+A�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push [ebp+arg_8]
lea ecx, [ebp+var_14]
call sub_402ADF
mov edx, [ebp+arg_0]
xor esi, esi
cmp edx, esi
jnz short loc_40EB94
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40EB8A
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EB8A: ; CODE XREF: sub_40EB4A+37�j
mov eax, 7FFFFFFFh
jmp loc_40ED61
; ---------------------------------------------------------------------------
loc_40EB94: ; CODE XREF: sub_40EB4A+19�j
push ebx
mov ebx, [ebp+arg_4]
cmp ebx, esi
jnz short loc_40EBCB
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40EBC1
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EBC1: ; CODE XREF: sub_40EB4A+6E�j
mov eax, 7FFFFFFFh
jmp loc_40ED60
; ---------------------------------------------------------------------------
loc_40EBCB: ; CODE XREF: sub_40EB4A+50�j
mov eax, [ebp+var_10]
cmp [eax+8], esi
jnz short loc_40EBF7
lea eax, [ebp+var_14]
push eax
push ebx
push edx
call sub_402B96
add esp, 0Ch
cmp [ebp+var_8], 0
jz loc_40ED60
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40ED60
; ---------------------------------------------------------------------------
loc_40EBF7: ; CODE XREF: sub_40EB4A+87�j
push edi
mov edi, 200h
loc_40EBFD: ; CODE XREF: sub_40EB4A+1CD�j
movzx cx, byte ptr [edx]
movzx ecx, cx
movzx esi, cl
inc edx
test byte ptr [esi+eax+1Dh], 4
mov [ebp+arg_0], edx
jz short loc_40EC6B
cmp byte ptr [edx], 0
jnz short loc_40EC1B
xor esi, esi
jmp short loc_40EC87
; ---------------------------------------------------------------------------
loc_40EC1B: ; CODE XREF: sub_40EB4A+CB�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
dec edx
push edx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C6A9
add esp, 24h
cmp eax, 1
jnz short loc_40EC46
movzx ax, [ebp+var_4]
jmp short loc_40EC60
; ---------------------------------------------------------------------------
loc_40EC46: ; CODE XREF: sub_40EB4A+F3�j
cmp eax, 2
jnz loc_40ED1C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40EC60: ; CODE XREF: sub_40EB4A+FA�j
inc [ebp+arg_0]
movzx esi, ax
mov eax, [ebp+var_10]
jmp short loc_40EC87
; ---------------------------------------------------------------------------
loc_40EC6B: ; CODE XREF: sub_40EB4A+C6�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40EC84
movzx cx, byte ptr [ecx+11Dh]
movzx esi, cx
jmp short loc_40EC87
; ---------------------------------------------------------------------------
loc_40EC84: ; CODE XREF: sub_40EB4A+12B�j
movzx esi, dx
loc_40EC87: ; CODE XREF: sub_40EB4A+CF�j
; sub_40EB4A+11F�j ...
movzx cx, byte ptr [ebx]
movzx ecx, cx
movzx edx, cl
inc ebx
test byte ptr [edx+eax+1Dh], 4
jz short loc_40ECEE
cmp byte ptr [ebx], 0
jnz short loc_40ECA2
xor ecx, ecx
jmp short loc_40ED0A
; ---------------------------------------------------------------------------
loc_40ECA2: ; CODE XREF: sub_40EB4A+152�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
lea ecx, [ebx-1]
push ecx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C6A9
add esp, 24h
cmp eax, 1
jnz short loc_40ECCF
movzx ax, [ebp+var_4]
jmp short loc_40ECE5
; ---------------------------------------------------------------------------
loc_40ECCF: ; CODE XREF: sub_40EB4A+17C�j
cmp eax, 2
jnz short loc_40ED1C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40ECE5: ; CODE XREF: sub_40EB4A+183�j
movzx ecx, ax
mov eax, [ebp+var_10]
inc ebx
jmp short loc_40ED0A
; ---------------------------------------------------------------------------
loc_40ECEE: ; CODE XREF: sub_40EB4A+14D�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40ED07
movzx cx, byte ptr [ecx+11Dh]
movzx ecx, cx
jmp short loc_40ED0A
; ---------------------------------------------------------------------------
loc_40ED07: ; CODE XREF: sub_40EB4A+1AE�j
movzx ecx, dx
loc_40ED0A: ; CODE XREF: sub_40EB4A+156�j
; sub_40EB4A+1A2�j ...
cmp cx, si
jnz short loc_40ED3B
test si, si
jz short loc_40ED50
mov edx, [ebp+arg_0]
jmp loc_40EBFD
; ---------------------------------------------------------------------------
loc_40ED1C: ; CODE XREF: sub_40EB4A+FF�j
; sub_40EB4A+188�j
call sub_405B83
mov dword ptr [eax], 16h
cmp [ebp+var_8], 0
jz short loc_40ED34
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40ED34: ; CODE XREF: sub_40EB4A+1E1�j
mov eax, 7FFFFFFFh
jmp short loc_40ED5F
; ---------------------------------------------------------------------------
loc_40ED3B: ; CODE XREF: sub_40EB4A+1C3�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_8], 0
jz short loc_40ED5F
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40ED5F
; ---------------------------------------------------------------------------
loc_40ED50: ; CODE XREF: sub_40EB4A+1C8�j
cmp [ebp+var_8], 0
jz short loc_40ED5D
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40ED5D: ; CODE XREF: sub_40EB4A+20A�j
xor eax, eax
loc_40ED5F: ; CODE XREF: sub_40EB4A+1EF�j
; sub_40EB4A+1FB�j ...
pop edi
loc_40ED60: ; CODE XREF: sub_40EB4A+7C�j
; sub_40EB4A+9B�j ...
pop ebx
loc_40ED61: ; CODE XREF: sub_40EB4A+45�j
pop esi
leave
retn
sub_40EB4A endp
; =============== S U B R O U T I N E =======================================
sub_40ED64 proc near ; CODE XREF: sub_4085AF+1E6�p
; sub_4085AF+203�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40EB4A
add esp, 0Ch
retn
sub_40ED64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED77 proc near ; CODE XREF: sub_40EEE0+E�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_40ED8C
xor eax, eax
jmp loc_40EEC9
; ---------------------------------------------------------------------------
loc_40ED8C: ; CODE XREF: sub_40ED77+C�j
push edi
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_402ADF
mov edi, [ebp+var_C]
cmp [edi+8], ebx
jnz short loc_40EDC6
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCA9
add esp, 0Ch
cmp [ebp+var_4], bl
jz loc_40EEC8
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40EEC8
; ---------------------------------------------------------------------------
loc_40EDC6: ; CODE XREF: sub_40ED77+27�j
cmp [ebp+arg_0], ebx
jnz short loc_40EDF9
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EDEF
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EDEF: ; CODE XREF: sub_40ED77+6F�j
mov eax, 7FFFFFFFh
jmp loc_40EEC8
; ---------------------------------------------------------------------------
loc_40EDF9: ; CODE XREF: sub_40ED77+52�j
push esi
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_40EE2F
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EE25
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EE25: ; CODE XREF: sub_40ED77+A5�j
mov eax, 7FFFFFFFh
jmp loc_40EEC7
; ---------------------------------------------------------------------------
loc_40EE2F: ; CODE XREF: sub_40ED77+88�j
; sub_40ED77+13C�j
mov eax, [ebp+arg_0]
movzx cx, byte ptr [eax]
dec [ebp+arg_8]
movzx ecx, cx
movzx edx, cl
inc eax
test byte ptr [edx+edi+1Dh], 4
mov [ebp+arg_0], eax
jz short loc_40EE76
cmp [ebp+arg_8], ebx
jnz short loc_40EE60
movzx eax, byte ptr [esi]
xor ecx, ecx
test byte ptr [eax+edi+1Dh], 4
jnz short loc_40EEB9
movzx eax, ax
jmp short loc_40EEA6
; ---------------------------------------------------------------------------
loc_40EE60: ; CODE XREF: sub_40ED77+D6�j
mov al, [eax]
cmp al, bl
jnz short loc_40EE6A
xor ecx, ecx
jmp short loc_40EE76
; ---------------------------------------------------------------------------
loc_40EE6A: ; CODE XREF: sub_40ED77+ED�j
xor edx, edx
inc [ebp+arg_0]
mov dh, cl
mov dl, al
movzx ecx, dx
loc_40EE76: ; CODE XREF: sub_40ED77+D1�j
; sub_40ED77+F1�j
movzx ax, byte ptr [esi]
movzx eax, ax
movzx edx, al
inc esi
test byte ptr [edx+edi+1Dh], 4
jz short loc_40EEA6
cmp [ebp+arg_8], ebx
jnz short loc_40EE91
loc_40EE8D: ; CODE XREF: sub_40ED77+121�j
xor eax, eax
jmp short loc_40EEA6
; ---------------------------------------------------------------------------
loc_40EE91: ; CODE XREF: sub_40ED77+114�j
mov dl, [esi]
dec [ebp+arg_8]
cmp dl, bl
jz short loc_40EE8D
xor ebx, ebx
mov bh, al
inc esi
mov bl, dl
movzx eax, bx
xor ebx, ebx
loc_40EEA6: ; CODE XREF: sub_40ED77+E7�j
; sub_40ED77+10F�j ...
cmp ax, cx
jnz short loc_40EECC
cmp cx, bx
jz short loc_40EEB9
cmp [ebp+arg_8], ebx
jnz loc_40EE2F
loc_40EEB9: ; CODE XREF: sub_40ED77+E2�j
; sub_40ED77+137�j
cmp [ebp+var_4], bl
jz short loc_40EEC5
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EEC5: ; CODE XREF: sub_40ED77+145�j
xor eax, eax
loc_40EEC7: ; CODE XREF: sub_40ED77+B3�j
; sub_40ED77+15E�j ...
pop esi
loc_40EEC8: ; CODE XREF: sub_40ED77+3D�j
; sub_40ED77+4A�j ...
pop edi
loc_40EEC9: ; CODE XREF: sub_40ED77+10�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EECC: ; CODE XREF: sub_40ED77+132�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_4], bl
jz short loc_40EEC7
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40EEC7
sub_40ED77 endp
; =============== S U B R O U T I N E =======================================
sub_40EEE0 proc near ; CODE XREF: sub_4085AF+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40ED77
add esp, 10h
retn
sub_40EEE0 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_40EF10
push dword ptr [ebp+8]
call sub_413D26
loc_40EF10: ; DATA XREF: .text:0040EF03�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40EF18: ; DATA XREF: sub_40EF5D+B�o
; .text:0040EFEA�o
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40EF5C
mov eax, [esp+14h]
mov ecx, [eax-4]
xor ecx, eax
call sub_402AD0
push ebp
mov ebp, [eax+10h]
mov edx, [eax+28h]
push edx
mov edx, [eax+24h]
push edx
call sub_40EF5D
add esp, 8
pop ebp
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40EF5C: ; CODE XREF: .text:0040EF28�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EF5D proc near ; CODE XREF: .text:0040EF44�p
var_20 = dword ptr -20h
var_18 = dword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push ebp
push eax
push 0FFFFFFFEh
push offset loc_40EF18
push large dword ptr fs:0
mov eax, dword_423064
xor eax, esp
push eax
lea eax, [esp+24h+var_20]
mov large fs:0, eax
loc_40EF86: ; CODE XREF: sub_40EF5D:loc_40EFCD�j
mov eax, [esp+24h+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40EFCF
cmp [esp+24h+arg_4], 0FFFFFFFFh
jz short loc_40EFA2
cmp esi, [esp+24h+arg_4]
jbe short loc_40EFCF
loc_40EFA2: ; CODE XREF: sub_40EF5D+3D�j
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+24h+var_18], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40EFCD
push 101h
mov eax, [ebx+esi*4+8]
call sub_40F00D
mov eax, [ebx+esi*4+8]
call sub_40F02C
loc_40EFCD: ; CODE XREF: sub_40EF5D+57�j
jmp short loc_40EF86
; ---------------------------------------------------------------------------
loc_40EFCF: ; CODE XREF: sub_40EF5D+36�j
; sub_40EF5D+43�j
mov ecx, [esp+24h+var_20]
mov large fs:0, ecx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40EF5D endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset loc_40EF18
jnz short locret_40F003
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40F003
mov eax, 1
locret_40F003: ; CODE XREF: .text:0040EFF1�j
; .text:0040EFFC�j
retn
; =============== S U B R O U T I N E =======================================
sub_40F004 proc near ; CODE XREF: sub_40C2A0+1E�p
; sub_40C2A0+40�p
push ebx
push ecx
mov ebx, offset dword_423FB0
jmp short loc_40F018
sub_40F004 endp
; =============== S U B R O U T I N E =======================================
sub_40F00D proc near ; CODE XREF: sub_408978+6E�p
; sub_4069F0+2099�p ...
arg_0 = dword ptr 4
push ebx
push ecx
mov ebx, offset dword_423FB0
mov ecx, [esp+8+arg_0]
loc_40F018: ; CODE XREF: sub_40F004+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
push ebp
push ecx
push eax
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
retn 4
sub_40F00D endp
; =============== S U B R O U T I N E =======================================
sub_40F02C proc near ; CODE XREF: sub_408978+7B�p
; sub_40EF5D+6B�p
call eax
retn
sub_40F02C endp
; =============== S U B R O U T I N E =======================================
sub_40F02F proc near ; CODE XREF: sub_40E422+2BB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
test eax, eax
push esi
push edi
jl short loc_40F093
cmp eax, dword_4356E8
jnb short loc_40F093
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, eax
sar ecx, 5
lea edi, ds:435700h[ecx*4]
mov ecx, [edi]
cmp dword ptr [esi+ecx], 0FFFFFFFFh
jnz short loc_40F093
cmp dword_423050, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_40F089
sub eax, 0
jz short loc_40F080
dec eax
jz short loc_40F07B
dec eax
jnz short loc_40F089
push ebx
push 0FFFFFFF4h
jmp short loc_40F083
; ---------------------------------------------------------------------------
loc_40F07B: ; CODE XREF: sub_40F02F+42�j
push ebx
push 0FFFFFFF5h
jmp short loc_40F083
; ---------------------------------------------------------------------------
loc_40F080: ; CODE XREF: sub_40F02F+3F�j
push ebx
push 0FFFFFFF6h
loc_40F083: ; CODE XREF: sub_40F02F+4A�j
; sub_40F02F+4F�j
call ds:off_41D0B8
loc_40F089: ; CODE XREF: sub_40F02F+3A�j
; sub_40F02F+45�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_40F0A9
; ---------------------------------------------------------------------------
loc_40F093: ; CODE XREF: sub_40F02F+8�j
; sub_40F02F+10�j ...
call sub_405B83
mov dword ptr [eax], 9
call sub_405B96
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_40F0A9: ; CODE XREF: sub_40F02F+62�j
pop edi
pop esi
retn
sub_40F02F endp
; =============== S U B R O U T I N E =======================================
sub_40F0AC proc near ; CODE XREF: sub_408DFD+62�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jl short loc_40F114
cmp ecx, dword_4356E8
jnb short loc_40F114
mov esi, ecx
and esi, 1Fh
imul esi, 28h
mov eax, ecx
sar eax, 5
lea edi, ds:435700h[eax*4]
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_40F114
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_40F114
cmp dword_423050, 1
jnz short loc_40F10A
sub ecx, ebx
jz short loc_40F101
dec ecx
jz short loc_40F0FC
dec ecx
jnz short loc_40F10A
push ebx
push 0FFFFFFF4h
jmp short loc_40F104
; ---------------------------------------------------------------------------
loc_40F0FC: ; CODE XREF: sub_40F0AC+46�j
push ebx
push 0FFFFFFF5h
jmp short loc_40F104
; ---------------------------------------------------------------------------
loc_40F101: ; CODE XREF: sub_40F0AC+43�j
push ebx
push 0FFFFFFF6h
loc_40F104: ; CODE XREF: sub_40F0AC+4E�j
; sub_40F0AC+53�j
call ds:off_41D0B8
loc_40F10A: ; CODE XREF: sub_40F0AC+3F�j
; sub_40F0AC+49�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_40F129
; ---------------------------------------------------------------------------
loc_40F114: ; CODE XREF: sub_40F0AC+B�j
; sub_40F0AC+13�j ...
call sub_405B83
mov dword ptr [eax], 9
call sub_405B96
mov [eax], ebx
or eax, 0FFFFFFFFh
loc_40F129: ; CODE XREF: sub_40F0AC+66�j
pop edi
pop esi
pop ebx
retn
sub_40F0AC endp
; =============== S U B R O U T I N E =======================================
sub_40F12D proc near ; CODE XREF: sub_408DFD+7�p
; sub_408DFD+2F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40F14D
call sub_405B96
and dword ptr [eax], 0
call sub_405B83
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40F14D: ; CODE XREF: sub_40F12D+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40F176
cmp eax, dword_4356E8
jnb short loc_40F176
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_435700[ecx*4]
add eax, ecx
test byte ptr [eax+4], 1
jnz short loc_40F19A
loc_40F176: ; CODE XREF: sub_40F12D+25�j
; sub_40F12D+2D�j
call sub_405B96
mov [eax], esi
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F19A: ; CODE XREF: sub_40F12D+47�j
mov eax, [eax]
pop esi
retn
sub_40F12D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F19E proc near ; CODE XREF: sub_408E91+7F�p
; sub_40A6FF+7F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421B90
call __SEH_prolog4
mov edi, [ebp+arg_0]
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
imul esi, 28h
add esi, dword_435700[eax*4]
mov [ebp+var_1C], 1
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_40F205
push 0Ah
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi+8], ebx
jnz short loc_40F1F9
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CEC4
pop ecx
pop ecx
test eax, eax
jnz short loc_40F1F6
mov [ebp+var_1C], ebx
loc_40F1F6: ; CODE XREF: sub_40F19E+53�j
inc dword ptr [esi+8]
loc_40F1F9: ; CODE XREF: sub_40F19E+3F�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F235
loc_40F205: ; CODE XREF: sub_40F19E+2F�j
cmp [ebp+var_1C], ebx
jz short loc_40F227
mov eax, edi
sar eax, 5
and edi, 1Fh
imul edi, 28h
mov eax, dword_435700[eax*4]
lea eax, [eax+edi+0Ch]
push eax
call ds:off_41D164
loc_40F227: ; CODE XREF: sub_40F19E+6A�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40F19E endp
; ---------------------------------------------------------------------------
xor ebx, ebx
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_40F235 proc near ; CODE XREF: sub_40F19E+62�p
push 0Ah
call sub_405CCF
pop ecx
retn
sub_40F235 endp
; =============== S U B R O U T I N E =======================================
sub_40F23E proc near ; CODE XREF: sub_408F54+3�p
; sub_40A7D1+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_435700[ecx*4]
lea eax, [ecx+eax+0Ch]
push eax
call ds:off_41D168
retn
sub_40F23E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F260 proc near ; CODE XREF: sub_40E422:loc_40E618�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040F33C SIZE 000000BA BYTES
push 18h
push offset dword_421BB0
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor edi, edi
mov [ebp+var_24], edi
push 0Bh
call sub_405CE4
pop ecx
test eax, eax
jnz short loc_40F289
or eax, 0FFFFFFFFh
jmp loc_40F3F0
; ---------------------------------------------------------------------------
loc_40F289: ; CODE XREF: sub_40F260+1F�j
push 0Bh
call sub_405DA7
pop ecx
mov [ebp+ms_exc.disabled], edi
loc_40F294: ; CODE XREF: sub_40F260+109�j
mov [ebp+var_28], edi
cmp edi, 40h
jge loc_40F3E1
mov esi, dword_435700[edi*4]
test esi, esi
jz loc_40F36E
loc_40F2AF: ; CODE XREF: sub_40F260+CB�j
mov [ebp+var_20], esi
mov eax, dword_435700[edi*4]
add eax, 500h
cmp esi, eax
jnb loc_40F362
test byte ptr [esi+4], 1
jnz short loc_40F328
cmp dword ptr [esi+8], 0
jnz short loc_40F30B
push 0Ah
call sub_405DA7
pop ecx
xor ebx, ebx
inc ebx
mov [ebp+ms_exc.disabled], ebx
cmp dword ptr [esi+8], 0
jnz short loc_40F302
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CEC4
pop ecx
pop ecx
test eax, eax
jnz short loc_40F2FF
mov [ebp+var_24], ebx
jmp short loc_40F302
; ---------------------------------------------------------------------------
loc_40F2FF: ; CODE XREF: sub_40F260+98�j
inc dword ptr [esi+8]
loc_40F302: ; CODE XREF: sub_40F260+84�j
; sub_40F260+9D�j
and [ebp+ms_exc.disabled], 0
call sub_40F333
loc_40F30B: ; CODE XREF: sub_40F260+70�j
cmp [ebp+var_24], 0
jnz short loc_40F328
lea ebx, [esi+0Ch]
push ebx
call ds:off_41D164
test byte ptr [esi+4], 1
jz short loc_40F33C
push ebx
call ds:off_41D168
loc_40F328: ; CODE XREF: sub_40F260+6A�j
; sub_40F260+AF�j ...
add esi, 28h
jmp short loc_40F2AF
sub_40F260 endp
; ---------------------------------------------------------------------------
mov edi, [ebp-28h]
mov esi, [ebp-20h]
; =============== S U B R O U T I N E =======================================
sub_40F333 proc near ; CODE XREF: sub_40F260+A6�p
push 0Ah
call sub_405CCF
pop ecx
retn
sub_40F333 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40F260
loc_40F33C: ; CODE XREF: sub_40F260+BF�j
cmp [ebp+var_24], 0
jnz short loc_40F328
mov byte ptr [esi+4], 1
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, dword_435700[edi*4]
cdq
push 28h
pop ecx
idiv ecx
mov ecx, edi
shl ecx, 5
add eax, ecx
mov [ebp+var_1C], eax
loc_40F362: ; CODE XREF: sub_40F260+60�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_40F3E1
inc edi
jmp loc_40F294
; ---------------------------------------------------------------------------
loc_40F36E: ; CODE XREF: sub_40F260+49�j
push 28h
push 20h
call sub_407B2A
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jz short loc_40F3E1
lea ecx, ds:435700h[edi*4]
mov [ecx], eax
add dword_4356E8, 20h
loc_40F390: ; CODE XREF: sub_40F260+151�j
mov edx, [ecx]
add edx, 500h
cmp eax, edx
jnb short loc_40F3B3
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
add eax, 28h
mov [ebp+var_20], eax
jmp short loc_40F390
; ---------------------------------------------------------------------------
loc_40F3B3: ; CODE XREF: sub_40F260+13A�j
shl edi, 5
mov [ebp+var_1C], edi
mov eax, edi
sar eax, 5
mov ecx, edi
and ecx, 1Fh
imul ecx, 28h
mov eax, dword_435700[eax*4]
mov byte ptr [eax+ecx+4], 1
push edi
call sub_40F19E
pop ecx
test eax, eax
jnz short loc_40F3E1
or [ebp+var_1C], 0FFFFFFFFh
loc_40F3E1: ; CODE XREF: sub_40F260+3A�j
; sub_40F260+106�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F3F6
mov eax, [ebp+var_1C]
loc_40F3F0: ; CODE XREF: sub_40F260+24�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40F260
; =============== S U B R O U T I N E =======================================
sub_40F3F6 proc near ; CODE XREF: sub_40F260+188�p
push 0Bh
call sub_405CCF
pop ecx
retn
sub_40F3F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3FF proc near ; CODE XREF: sub_408FEC+31�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421BD8
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40F426
call sub_405B83
mov dword ptr [eax], 9
loc_40F41E: ; CODE XREF: sub_40F3FF+4D�j
or eax, 0FFFFFFFFh
jmp loc_40F4D0
; ---------------------------------------------------------------------------
loc_40F426: ; CODE XREF: sub_40F3FF+12�j
xor ebx, ebx
cmp eax, ebx
jl short loc_40F434
cmp eax, dword_4356E8
jb short loc_40F44E
loc_40F434: ; CODE XREF: sub_40F3FF+2B�j
; sub_40F3FF+6D�j
call sub_405B83
mov dword ptr [eax], 9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
jmp short loc_40F41E
; ---------------------------------------------------------------------------
loc_40F44E: ; CODE XREF: sub_40F3FF+33�j
mov ecx, eax
sar ecx, 5
lea edi, ds:435700h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [edi]
movzx ecx, byte ptr [esi+ecx+4]
and ecx, 1
jz short loc_40F434
push eax
call sub_40F19E
pop ecx
mov [ebp+ms_exc.disabled], ebx
mov eax, [edi]
test byte ptr [esi+eax+4], 1
jz short loc_40F4B2
push [ebp+arg_0]
call sub_40F12D
pop ecx
push eax
call ds:off_41D0B4
test eax, eax
jnz short loc_40F4A0
call ds:off_41D0EC
mov [ebp+var_1C], eax
jmp short loc_40F4A3
; ---------------------------------------------------------------------------
loc_40F4A0: ; CODE XREF: sub_40F3FF+94�j
mov [ebp+var_1C], ebx
loc_40F4A3: ; CODE XREF: sub_40F3FF+9F�j
cmp [ebp+var_1C], ebx
jz short loc_40F4C1
call sub_405B96
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_40F4B2: ; CODE XREF: sub_40F3FF+80�j
call sub_405B83
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_40F4C1: ; CODE XREF: sub_40F3FF+A7�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F4D6
mov eax, [ebp+var_1C]
loc_40F4D0: ; CODE XREF: sub_40F3FF+22�j
call __SEH_epilog4
retn
sub_40F3FF endp
; =============== S U B R O U T I N E =======================================
sub_40F4D6 proc near ; CODE XREF: sub_40F3FF+C9�p
push dword ptr [ebp+8]
call sub_40F23E
pop ecx
retn
sub_40F4D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F4E0 proc near ; CODE XREF: sub_40F52F+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_402ADF
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F510
lea eax, [ebp+var_10]
push eax
push 4
push [ebp+arg_0]
call sub_40CDF4
add esp, 0Ch
jmp short loc_40F520
; ---------------------------------------------------------------------------
loc_40F510: ; CODE XREF: sub_40F4E0+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
loc_40F520: ; CODE XREF: sub_40F4E0+2E�j
cmp [ebp+var_4], 0
jz short locret_40F52D
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F52D: ; CODE XREF: sub_40F4E0+44�j
leave
retn
sub_40F4E0 endp
; =============== S U B R O U T I N E =======================================
sub_40F52F proc near ; CODE XREF: sub_409217+1B6�p
; sub_409217+3EF�p ...
arg_0 = dword ptr 4
cmp dword_427820, 0
jnz short loc_40F54A
mov eax, [esp+arg_0]
mov ecx, dword_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
retn
; ---------------------------------------------------------------------------
loc_40F54A: ; CODE XREF: sub_40F52F+7�j
push 0
push [esp+4+arg_0]
call sub_40F4E0
pop ecx
pop ecx
retn
sub_40F52F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F558 proc near ; CODE XREF: sub_40F5AC+23�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_402ADF
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F58B
lea eax, [ebp+var_10]
push eax
push 80h
push [ebp+arg_0]
call sub_40CDF4
add esp, 0Ch
jmp short loc_40F59D
; ---------------------------------------------------------------------------
loc_40F58B: ; CODE XREF: sub_40F558+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
loc_40F59D: ; CODE XREF: sub_40F558+31�j
cmp [ebp+var_4], 0
jz short locret_40F5AA
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F5AA: ; CODE XREF: sub_40F558+49�j
leave
retn
sub_40F558 endp
; =============== S U B R O U T I N E =======================================
sub_40F5AC proc near ; CODE XREF: sub_409217+9DF�p
; sub_409217+AB7�p
arg_0 = dword ptr 4
cmp dword_427820, 0
jnz short loc_40F5C9
mov eax, [esp+arg_0]
mov ecx, dword_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 80h
retn
; ---------------------------------------------------------------------------
loc_40F5C9: ; CODE XREF: sub_40F5AC+7�j
push 0
push [esp+4+arg_0]
call sub_40F558
pop ecx
pop ecx
retn
sub_40F5AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F5D7 proc near ; CODE XREF: sub_40F626+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_402ADF
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F607
lea eax, [ebp+var_10]
push eax
push 8
push [ebp+arg_0]
call sub_40CDF4
add esp, 0Ch
jmp short loc_40F617
; ---------------------------------------------------------------------------
loc_40F607: ; CODE XREF: sub_40F5D7+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
loc_40F617: ; CODE XREF: sub_40F5D7+2E�j
cmp [ebp+var_4], 0
jz short locret_40F624
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F624: ; CODE XREF: sub_40F5D7+44�j
leave
retn
sub_40F5D7 endp
; =============== S U B R O U T I N E =======================================
sub_40F626 proc near ; CODE XREF: sub_4091F2+17�p
; sub_409217+13C�p ...
arg_0 = dword ptr 4
cmp dword_427820, 0
jnz short loc_40F641
mov eax, [esp+arg_0]
mov ecx, dword_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
retn
; ---------------------------------------------------------------------------
loc_40F641: ; CODE XREF: sub_40F626+7�j
push 0
push [esp+4+arg_0]
call sub_40F5D7
pop ecx
pop ecx
retn
sub_40F626 endp
; =============== S U B R O U T I N E =======================================
sub_40F64F proc near ; CODE XREF: sub_409217+15E�p
; sub_409217+5BE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_4]
or ebp, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
push edi
jnz loc_40F70C
push esi
call sub_408DD0
cmp eax, ebp
pop ecx
mov ebx, offset dword_423BD0
jz short loc_40F6A2
push esi
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F6A2
push esi
call sub_408DD0
sar eax, 5
push esi
lea edi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F6A4
; ---------------------------------------------------------------------------
loc_40F6A2: ; CODE XREF: sub_40F64F+23�j
; sub_40F64F+2F�j
mov eax, ebx
loc_40F6A4: ; CODE XREF: sub_40F64F+51�j
test byte ptr [eax+24h], 7Fh
jnz short loc_40F6EB
push esi
call sub_408DD0
cmp eax, ebp
pop ecx
jz short loc_40F6E3
push esi
call sub_408DD0
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F6E3
push esi
call sub_408DD0
sar eax, 5
push esi
lea edi, ds:435700h[eax*4]
call sub_408DD0
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F6E5
; ---------------------------------------------------------------------------
loc_40F6E3: ; CODE XREF: sub_40F64F+64�j
; sub_40F64F+70�j
mov eax, ebx
loc_40F6E5: ; CODE XREF: sub_40F64F+92�j
test byte ptr [eax+24h], 80h
jz short loc_40F70C
loc_40F6EB: ; CODE XREF: sub_40F64F+59�j
call sub_405B83
xor edi, edi
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
loc_40F705: ; CODE XREF: sub_40F64F+C3�j
; sub_40F64F+CE�j ...
mov eax, ebp
loc_40F707: ; CODE XREF: sub_40F64F+11C�j
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40F70C: ; CODE XREF: sub_40F64F+F�j
; sub_40F64F+9A�j
mov ebx, [esp+10h+arg_0]
cmp ebx, ebp
jz short loc_40F705
mov eax, [esi+0Ch]
test al, 1
jnz short loc_40F723
test al, al
jns short loc_40F705
test al, 2
jnz short loc_40F705
loc_40F723: ; CODE XREF: sub_40F64F+CA�j
xor edi, edi
cmp [esi+8], edi
jnz short loc_40F731
push esi
call sub_40D8AC
pop ecx
loc_40F731: ; CODE XREF: sub_40F64F+D9�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_40F740
cmp [esi+4], edi
jnz short loc_40F705
inc eax
mov [esi], eax
loc_40F740: ; CODE XREF: sub_40F64F+E7�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_40F753
cmp [eax], bl
jz short loc_40F755
inc eax
mov [esi], eax
jmp short loc_40F705
; ---------------------------------------------------------------------------
loc_40F753: ; CODE XREF: sub_40F64F+F9�j
mov [eax], bl
loc_40F755: ; CODE XREF: sub_40F64F+FD�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_40F707
sub_40F64F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F76D proc near ; CODE XREF: sub_409217+6FF�p
; sub_40F880+E�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_40F791
cmp [ebp+arg_8], ebx
jz short loc_40F791
cmp [esi], bl
jnz short loc_40F797
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F791
mov [eax], bx
loc_40F791: ; CODE XREF: sub_40F76D+F�j
; sub_40F76D+14�j ...
xor eax, eax
loc_40F793: ; CODE XREF: sub_40F76D+5A�j
; sub_40F76D+BB�j ...
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40F797: ; CODE XREF: sub_40F76D+18�j
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_402ADF
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_40F7C9
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F7B8
movzx cx, byte ptr [esi]
mov [eax], cx
loc_40F7B8: ; CODE XREF: sub_40F76D+42�j
; sub_40F76D+10B�j
cmp [ebp+var_4], bl
jz short loc_40F7C4
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F7C4: ; CODE XREF: sub_40F76D+4E�j
xor eax, eax
inc eax
jmp short loc_40F793
; ---------------------------------------------------------------------------
loc_40F7C9: ; CODE XREF: sub_40F76D+3B�j
lea eax, [ebp+var_10]
push eax
movzx eax, byte ptr [esi]
push eax
call sub_40CDB0
test eax, eax
pop ecx
pop ecx
jz short loc_40F859
mov eax, [ebp+var_10]
mov ecx, [eax+0ACh]
cmp ecx, 1
jle short loc_40F80F
cmp [ebp+arg_8], ecx
jl short loc_40F80F
xor edx, edx
cmp [ebp+arg_0], ebx
setnz dl
push edx
push [ebp+arg_0]
push ecx
push esi
push 9
push dword ptr [eax+4]
call ds:off_41D0A0
test eax, eax
mov eax, [ebp+var_10]
jnz short loc_40F81F
loc_40F80F: ; CODE XREF: sub_40F76D+7B�j
; sub_40F76D+80�j
mov ecx, [ebp+arg_8]
cmp ecx, [eax+0ACh]
jb short loc_40F83A
cmp [esi+1], bl
jz short loc_40F83A
loc_40F81F: ; CODE XREF: sub_40F76D+A0�j
cmp [ebp+var_4], bl
mov eax, [eax+0ACh]
jz loc_40F793
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40F793
; ---------------------------------------------------------------------------
loc_40F83A: ; CODE XREF: sub_40F76D+AB�j
; sub_40F76D+B0�j ...
call sub_405B83
mov dword ptr [eax], 2Ah
cmp [ebp+var_4], bl
jz short loc_40F851
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F851: ; CODE XREF: sub_40F76D+DB�j
or eax, 0FFFFFFFFh
jmp loc_40F793
; ---------------------------------------------------------------------------
loc_40F859: ; CODE XREF: sub_40F76D+6D�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
mov eax, [ebp+var_10]
push 1
push esi
push 9
push dword ptr [eax+4]
call ds:off_41D0A0
test eax, eax
jnz loc_40F7B8
jmp short loc_40F83A
sub_40F76D endp
; =============== S U B R O U T I N E =======================================
sub_40F880 proc near ; CODE XREF: sub_40D20A+18E�p
; sub_40D20A+1BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40F76D
add esp, 10h
retn
sub_40F880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F8A0 proc near ; CODE XREF: sub_409217+9CF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_40F8B9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_40F8B9: ; CODE XREF: sub_40F8A0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_40F8A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F8D4 proc near ; CODE XREF: sub_409E64+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40553A
xor ebx, ebx
cmp dword_427EC8, ebx
mov [ebp+var_10], eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
jnz loc_40F9A9
push offset dword_41ED98
call ds:off_41D0E4
mov edi, eax
cmp edi, ebx
jnz short loc_40F914
loc_40F90D: ; CODE XREF: sub_40F8D4+50�j
xor eax, eax
jmp loc_40FA6D
; ---------------------------------------------------------------------------
loc_40F914: ; CODE XREF: sub_40F8D4+37�j
mov esi, ds:off_41D0E8
push offset dword_41ED8C
push edi
call esi ; byte_443AC1
cmp eax, ebx
jz short loc_40F90D
push eax
call sub_4054D7
mov [esp+30h+var_30], offset dword_41ED7C
push edi
mov dword_427EC8, eax
call esi ; byte_443AC1
push eax
call sub_4054D7
mov [esp+30h+var_30], offset dword_41ED68
push edi
mov dword_427ECC, eax
call esi ; byte_443AC1
push eax
call sub_4054D7
mov dword_427ED0, eax
lea eax, [ebp+var_8]
push eax
call sub_407CB6
test eax, eax
pop ecx
pop ecx
jz short loc_40F977
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4031FD
add esp, 14h
loc_40F977: ; CODE XREF: sub_40F8D4+94�j
cmp [ebp+var_8], 2
jnz short loc_40F9A9
push offset dword_41ED4C
push edi
call esi ; byte_443AC1
push eax
call sub_4054D7
cmp eax, ebx
pop ecx
mov dword_427ED8, eax
jz short loc_40F9A9
push offset dword_41ED34
push edi
call esi ; byte_443AC1
push eax
call sub_4054D7
pop ecx
mov dword_427ED4, eax
loc_40F9A9: ; CODE XREF: sub_40F8D4+22�j
; sub_40F8D4+A7�j ...
mov eax, dword_427ED4
mov esi, [ebp+var_10]
cmp eax, esi
jz short loc_40FA22
cmp dword_427ED8, esi
jz short loc_40FA22
push eax
call sub_405543
pop ecx
call eax
cmp eax, ebx
jz short loc_40F9EF
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
push dword_427ED8
call sub_405543
pop ecx
call eax
test eax, eax
jz short loc_40F9EF
test [ebp+var_18], 1
jnz short loc_40FA22
loc_40F9EF: ; CODE XREF: sub_40F8D4+F4�j
; sub_40F8D4+113�j
lea eax, [ebp+var_C]
push eax
call sub_407CED
test eax, eax
pop ecx
jz short loc_40FA0A
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4031FD
add esp, 14h
loc_40FA0A: ; CODE XREF: sub_40F8D4+127�j
cmp [ebp+var_C], 4
jb short loc_40FA19
or [ebp+arg_8], 200000h
jmp short loc_40FA53
; ---------------------------------------------------------------------------
loc_40FA19: ; CODE XREF: sub_40F8D4+13A�j
or [ebp+arg_8], 40000h
jmp short loc_40FA53
; ---------------------------------------------------------------------------
loc_40FA22: ; CODE XREF: sub_40F8D4+DF�j
; sub_40F8D4+E7�j ...
mov eax, dword_427ECC
cmp eax, esi
jz short loc_40FA53
push eax
call sub_405543
pop ecx
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40FA53
mov eax, dword_427ED0
cmp eax, esi
jz short loc_40FA53
push [ebp+var_4]
push eax
call sub_405543
pop ecx
call eax
mov [ebp+var_4], eax
loc_40FA53: ; CODE XREF: sub_40F8D4+143�j
; sub_40F8D4+14C�j ...
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
push dword_427EC8
call sub_405543
pop ecx
call eax
loc_40FA6D: ; CODE XREF: sub_40F8D4+3B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F8D4 endp
; =============== S U B R O U T I N E =======================================
sub_40FA72 proc near ; CODE XREF: sub_409E64+27�p
; sub_409E64+38�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jl short loc_40FA9B
cmp ecx, 2
jle short loc_40FA8E
cmp ecx, 3
jnz short loc_40FA9B
mov eax, dword_4274DC
pop esi
retn
; ---------------------------------------------------------------------------
loc_40FA8E: ; CODE XREF: sub_40FA72+E�j
mov eax, dword_4274DC
mov dword_4274DC, ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40FA9B: ; CODE XREF: sub_40FA72+9�j
; sub_40FA72+13�j
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
sub_40FA72 endp
; =============== S U B R O U T I N E =======================================
sub_40FAB8 proc near ; CODE XREF: sub_410107+5F�p
; DATA XREF: sub_40AA2F:loc_40AA71�o
xor eax, eax
retn
sub_40FAB8 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40FABC proc near ; CODE XREF: .text:0040FB1C�p
mov eax, offset sub_4116FA
mov dword_423F80, eax
mov dword_423F84, offset sub_410DF6
mov dword_423F88, offset sub_410DB4
mov dword_423F8C, offset sub_410DE8
mov dword_423F90, offset word_410D5E
mov dword_423F94, eax
mov dword_423F98, offset sub_411674
mov dword_423F9C, offset sub_410D74
mov dword_423FA0, offset sub_410CDE
mov dword_423FA4, offset sub_410C6D
retn
sub_40FABC endp
; ---------------------------------------------------------------------------
call sub_40FABC
call sub_411780
cmp dword ptr [esp+4], 0
mov dword_427EE0, eax
jz short loc_40FB37
call sub_41171B
loc_40FB37: ; CODE XREF: .text:0040FB30�j
fnclex
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB3A proc near ; CODE XREF: sub_40FB8A+4D�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421BF8
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_40FB7A
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_40FB6F
cmp eax, 0C000001Dh
jz short loc_40FB6F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40FB6F: ; CODE XREF: sub_40FB3A+29�j
; sub_40FB3A+30�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+var_1C], 0
loc_40FB7A: ; CODE XREF: sub_40FB3A+1B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40FB3A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB8A proc near ; CODE XREF: sub_40ACDF+7�p sub_40FBEA�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
xor eax, eax
push ebx
mov [ebp+var_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_40FBCD
push ecx
popf
xor eax, eax
cpuid
mov [ebp+var_C], eax
mov [ebp+var_18], ebx
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, 1
cpuid
mov [ebp+var_4], edx
mov [ebp+var_8], eax
loc_40FBCD: ; CODE XREF: sub_40FB8A+22�j
pop ebx
test [ebp+var_4], 4000000h
jz short loc_40FBE5
call sub_40FB3A
test eax, eax
jz short loc_40FBE5
xor eax, eax
inc eax
jmp short loc_40FBE7
; ---------------------------------------------------------------------------
loc_40FBE5: ; CODE XREF: sub_40FB8A+4B�j
; sub_40FB8A+54�j
xor eax, eax
loc_40FBE7: ; CODE XREF: sub_40FB8A+59�j
pop ebx
leave
retn
sub_40FB8A endp
; =============== S U B R O U T I N E =======================================
sub_40FBEA proc near ; DATA XREF: c.7ld2ih:0041D2E4�o
call sub_40FB8A
mov dword_4356E0, eax
xor eax, eax
retn
sub_40FBEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FBF7 proc near ; CODE XREF: sub_4101F8+4A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov cl, byte ptr [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
mov [eax+4], edi
mov eax, [ebp+arg_0]
xor ebx, ebx
mov [eax+8], edi
mov eax, [ebp+arg_0]
inc ebx
test cl, 10h
mov [eax+0Ch], edi
jz short loc_40FC29
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_40FC29: ; CODE XREF: sub_40FBF7+23�j
test cl, 2
jz short loc_40FC3C
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_40FC3C: ; CODE XREF: sub_40FBF7+35�j
test cl, bl
jz short loc_40FC4E
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_40FC4E: ; CODE XREF: sub_40FBF7+47�j
test cl, 4
jz short loc_40FC61
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_40FC61: ; CODE XREF: sub_40FBF7+5A�j
test cl, 8
jz short loc_40FC74
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_40FC74: ; CODE XREF: sub_40FBF7+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
add ecx, ecx
not ecx
xor ecx, [eax+8]
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, 2
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_4103F7
test al, bl
jz short loc_40FCE3
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_40FCE3: ; CODE XREF: sub_40FBF7+E3�j
test al, 4
jz short loc_40FCEE
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_40FCEE: ; CODE XREF: sub_40FBF7+EE�j
test al, 8
jz short loc_40FCF9
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_40FCF9: ; CODE XREF: sub_40FBF7+F9�j
test al, 10h
jz short loc_40FD04
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 2
loc_40FD04: ; CODE XREF: sub_40FBF7+104�j
test al, 20h
jz short loc_40FD0E
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_40FD0E: ; CODE XREF: sub_40FBF7+10F�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_40FD4E
cmp eax, 400h
jz short loc_40FD42
cmp eax, 800h
jz short loc_40FD33
cmp eax, ecx
jnz short loc_40FD54
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_40FD54
; ---------------------------------------------------------------------------
loc_40FD33: ; CODE XREF: sub_40FBF7+12E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, 2
loc_40FD3E: ; CODE XREF: sub_40FBF7+155�j
mov [eax], ecx
jmp short loc_40FD54
; ---------------------------------------------------------------------------
loc_40FD42: ; CODE XREF: sub_40FBF7+127�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
jmp short loc_40FD3E
; ---------------------------------------------------------------------------
loc_40FD4E: ; CODE XREF: sub_40FBF7+120�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_40FD54: ; CODE XREF: sub_40FBF7+132�j
; sub_40FBF7+13A�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_40FD7F
cmp eax, 200h
jz short loc_40FD72
cmp eax, ecx
jnz short loc_40FD8C
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_40FD8C
; ---------------------------------------------------------------------------
loc_40FD72: ; CODE XREF: sub_40FBF7+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_40FD8A
; ---------------------------------------------------------------------------
loc_40FD7F: ; CODE XREF: sub_40FBF7+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_40FD8A: ; CODE XREF: sub_40FBF7+186�j
mov [eax], ecx
loc_40FD8C: ; CODE XREF: sub_40FBF7+171�j
; sub_40FBF7+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
cmp [ebp+arg_18], edi
mov eax, [ebp+arg_0]
mov edi, [ebp+arg_14]
jz short loc_40FDD6
and dword ptr [eax+20h], 0FFFFFFE1h
mov eax, [ebp+arg_10]
fld dword ptr [eax]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
and dword ptr [eax+60h], 0FFFFFFE1h
fld dword ptr [edi]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+50h]
jmp short loc_40FE0A
; ---------------------------------------------------------------------------
loc_40FDD6: ; CODE XREF: sub_40FBF7+1B7�j
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
loc_40FE0A: ; CODE XREF: sub_40FBF7+1DD�j
call sub_410402
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:off_41D1AC
mov ecx, [ebp+arg_0]
test byte ptr [ecx+8], 10h
jz short loc_40FE2B
and dword ptr [esi], 0FFFFFFFEh
loc_40FE2B: ; CODE XREF: sub_40FBF7+22F�j
test byte ptr [ecx+8], 8
jz short loc_40FE34
and dword ptr [esi], 0FFFFFFFBh
loc_40FE34: ; CODE XREF: sub_40FBF7+238�j
test byte ptr [ecx+8], 4
jz short loc_40FE3D
and dword ptr [esi], 0FFFFFFF7h
loc_40FE3D: ; CODE XREF: sub_40FBF7+241�j
test byte ptr [ecx+8], 2
jz short loc_40FE46
and dword ptr [esi], 0FFFFFFEFh
loc_40FE46: ; CODE XREF: sub_40FBF7+24A�j
test [ecx+8], bl
jz short loc_40FE4E
and dword ptr [esi], 0FFFFFFDFh
loc_40FE4E: ; CODE XREF: sub_40FBF7+252�j
mov eax, [ecx]
and eax, 3
xor ebx, ebx
sub eax, ebx
mov edx, 0FFFFF3FFh
jz short loc_40FE8D
dec eax
jz short loc_40FE7F
dec eax
jz short loc_40FE6F
dec eax
jnz short loc_40FE8F
or dword ptr [esi], 0C00h
jmp short loc_40FE8F
; ---------------------------------------------------------------------------
loc_40FE6F: ; CODE XREF: sub_40FBF7+26B�j
mov eax, [esi]
and eax, 0FFFFFBFFh
or eax, 800h
loc_40FE7B: ; CODE XREF: sub_40FBF7+294�j
mov [esi], eax
jmp short loc_40FE8F
; ---------------------------------------------------------------------------
loc_40FE7F: ; CODE XREF: sub_40FBF7+268�j
mov eax, [esi]
and eax, 0FFFFF7FFh
or eax, 400h
jmp short loc_40FE7B
; ---------------------------------------------------------------------------
loc_40FE8D: ; CODE XREF: sub_40FBF7+265�j
and [esi], edx
loc_40FE8F: ; CODE XREF: sub_40FBF7+26E�j
; sub_40FBF7+276�j ...
mov eax, [ecx]
shr eax, 2
and eax, 7
sub eax, ebx
jz short loc_40FEB0
dec eax
jz short loc_40FEA5
dec eax
jnz short loc_40FEBB
and [esi], edx
jmp short loc_40FEBB
; ---------------------------------------------------------------------------
loc_40FEA5: ; CODE XREF: sub_40FBF7+2A5�j
mov eax, [esi]
and eax, edx
or eax, 200h
jmp short loc_40FEB9
; ---------------------------------------------------------------------------
loc_40FEB0: ; CODE XREF: sub_40FBF7+2A2�j
mov eax, [esi]
and eax, edx
or eax, 300h
loc_40FEB9: ; CODE XREF: sub_40FBF7+2B7�j
mov [esi], eax
loc_40FEBB: ; CODE XREF: sub_40FBF7+2A8�j
; sub_40FBF7+2AC�j
cmp [ebp+arg_18], ebx
jz short loc_40FEC7
fld dword ptr [ecx+50h]
fstp dword ptr [edi]
jmp short loc_40FECC
; ---------------------------------------------------------------------------
loc_40FEC7: ; CODE XREF: sub_40FBF7+2C7�j
fld qword ptr [ecx+50h]
fstp qword ptr [edi]
loc_40FECC: ; CODE XREF: sub_40FBF7+2CE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40FBF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FED1 proc near ; CODE XREF: sub_4101F8+21�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_40FEFF
test byte ptr [ebp+arg_8], bl
jz short loc_40FEFF
push ebx
call sub_410435
pop ecx
and esi, 0FFFFFFF7h
jmp loc_410090
; ---------------------------------------------------------------------------
loc_40FEFF: ; CODE XREF: sub_40FED1+18�j
; sub_40FED1+1D�j
test al, 4
jz short loc_40FF19
test byte ptr [ebp+arg_8], 4
jz short loc_40FF19
push 4
call sub_410435
pop ecx
and esi, 0FFFFFFFBh
jmp loc_410090
; ---------------------------------------------------------------------------
loc_40FF19: ; CODE XREF: sub_40FED1+30�j
; sub_40FED1+36�j
test al, bl
jz loc_40FFBB
test byte ptr [ebp+arg_8], 8
jz loc_40FFBB
push 8
call sub_410435
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz short loc_40FF93
cmp eax, 400h
jz short loc_40FF7D
cmp eax, 800h
jz short loc_40FF67
cmp eax, ecx
jnz short loc_40FFB3
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
fld dbl_4240C8
test ah, 5
jnp short loc_40FFB1
jmp short loc_40FFAF
; ---------------------------------------------------------------------------
loc_40FF67: ; CODE XREF: sub_40FED1+7A�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jnp short loc_40FFA1
fld dbl_4240C8
jmp short loc_40FFAF
; ---------------------------------------------------------------------------
loc_40FF7D: ; CODE XREF: sub_40FED1+73�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FFA9
fld dbl_4240C8
jmp short loc_40FFB1
; ---------------------------------------------------------------------------
loc_40FF93: ; CODE XREF: sub_40FED1+6C�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FFA9
loc_40FFA1: ; CODE XREF: sub_40FED1+A2�j
fld dbl_4240B8
jmp short loc_40FFB1
; ---------------------------------------------------------------------------
loc_40FFA9: ; CODE XREF: sub_40FED1+B8�j
; sub_40FED1+CE�j
fld dbl_4240B8
loc_40FFAF: ; CODE XREF: sub_40FED1+94�j
; sub_40FED1+AA�j
fchs
loc_40FFB1: ; CODE XREF: sub_40FED1+92�j
; sub_40FED1+C0�j ...
fstp qword ptr [ecx]
loc_40FFB3: ; CODE XREF: sub_40FED1+7E�j
and esi, 0FFFFFFFEh
jmp loc_410090
; ---------------------------------------------------------------------------
loc_40FFBB: ; CODE XREF: sub_40FED1+4A�j
; sub_40FED1+54�j
test al, 2
jz loc_410090
test byte ptr [ebp+arg_8], 10h
jz loc_410090
xor esi, esi
test al, 10h
jz short loc_40FFD5
mov esi, ebx
loc_40FFD5: ; CODE XREF: sub_40FED1+100�j
fldz
push edi
mov edi, [ebp+arg_4]
fcomp qword ptr [edi]
fnstsw ax
test ah, 44h
jnp loc_41007A
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_410348
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_41001C
fld [ebp+var_10]
mov esi, ebx
fmul ds:dbl_41EE28
jmp short loc_410070
; ---------------------------------------------------------------------------
loc_41001C: ; CODE XREF: sub_40FED1+13C�j
fldz
fcomp [ebp+var_10]
fnstsw ax
test ah, 41h
jnz short loc_41002C
mov edx, ebx
jmp short loc_41002E
; ---------------------------------------------------------------------------
loc_41002C: ; CODE XREF: sub_40FED1+155�j
xor edx, edx
loc_41002E: ; CODE XREF: sub_40FED1+159�j
movzx eax, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_410067
sub eax, ecx
loc_410047: ; CODE XREF: sub_40FED1+194�j
test byte ptr [ebp+var_10], bl
jz short loc_410052
test esi, esi
jnz short loc_410052
mov esi, ebx
loc_410052: ; CODE XREF: sub_40FED1+179�j
; sub_40FED1+17D�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_410061
or dword ptr [ebp+var_10], 80000000h
loc_410061: ; CODE XREF: sub_40FED1+187�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_410047
loc_410067: ; CODE XREF: sub_40FED1+172�j
test edx, edx
jz short loc_410073
fld [ebp+var_10]
fchs
loc_410070: ; CODE XREF: sub_40FED1+149�j
fstp [ebp+var_10]
loc_410073: ; CODE XREF: sub_40FED1+198�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_41007C
; ---------------------------------------------------------------------------
loc_41007A: ; CODE XREF: sub_40FED1+111�j
mov esi, ebx
loc_41007C: ; CODE XREF: sub_40FED1+1A7�j
test esi, esi
pop edi
jz short loc_410089
push 10h
call sub_410435
pop ecx
loc_410089: ; CODE XREF: sub_40FED1+1AE�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_410090: ; CODE XREF: sub_40FED1+29�j
; sub_40FED1+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_4100A7
test byte ptr [ebp+arg_8], 20h
jz short loc_4100A7
push 20h
call sub_410435
pop ecx
and esi, 0FFFFFFEFh
loc_4100A7: ; CODE XREF: sub_40FED1+1C3�j
; sub_40FED1+1C9�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_40FED1 endp
; =============== S U B R O U T I N E =======================================
sub_4100B2 proc near ; CODE XREF: sub_410107+6C�p
; sub_410107+91�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_4100CE
jle short locret_4100D9
cmp eax, 3
jg short locret_4100D9
call sub_405B83
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_4100CE: ; CODE XREF: sub_4100B2+7�j
call sub_405B83
mov dword ptr [eax], 21h
locret_4100D9: ; CODE XREF: sub_4100B2+9�j
; sub_4100B2+E�j
retn
sub_4100B2 endp
; =============== S U B R O U T I N E =======================================
sub_4100DA proc near ; CODE XREF: sub_4101F8+55�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_4100E6
push 5
jmp short loc_4100FC
; ---------------------------------------------------------------------------
loc_4100E6: ; CODE XREF: sub_4100DA+6�j
test al, 8
jz short loc_4100EE
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4100EE: ; CODE XREF: sub_4100DA+E�j
test al, 4
jz short loc_4100F6
push 2
jmp short loc_4100FC
; ---------------------------------------------------------------------------
loc_4100F6: ; CODE XREF: sub_4100DA+16�j
test al, 1
jz short loc_4100FE
push 3
loc_4100FC: ; CODE XREF: sub_4100DA+A�j
; sub_4100DA+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_4100FE: ; CODE XREF: sub_4100DA+1E�j
movzx eax, al
and eax, 2
add eax, eax
retn
sub_4100DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410107(int,int,int,int,int,int,double,int)
sub_410107 proc near ; CODE XREF: sub_4101A5+2A�p
; sub_4101F8+87�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_41010F: ; CODE XREF: sub_410107+18�j
mov ecx, dword_423FD0[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_41017F
inc eax
cmp eax, 1Dh
jl short loc_41010F
xor eax, eax
loc_410123: ; CODE XREF: sub_410107+7F�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_410188
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_41040E
lea eax, [ebp+var_20]
push eax
call sub_40FAB8
add esp, 0Ch
test eax, eax
jnz short loc_410179
push esi
call sub_4100B2
pop ecx
loc_410179: ; CODE XREF: sub_410107+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41017F: ; CODE XREF: sub_410107+12�j
mov eax, dword_423FD4[eax*8]
jmp short loc_410123
; ---------------------------------------------------------------------------
loc_410188: ; CODE XREF: sub_410107+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_41040E
push [ebp+arg_0]
call sub_4100B2
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_410107 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4101A5(int,double,int)
sub_4101A5 proc near ; CODE XREF: sub_40ACF3+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_423FC0, 0
jnz short loc_4101D9
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_410107
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4101D9: ; CODE XREF: sub_4101A5+A�j
call sub_405B83
push 0FFFFh
push [ebp+arg_C]
mov dword ptr [eax], 21h
call sub_41040E
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_4101A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4101F8(int,int,double,double,int)
sub_4101F8 proc near ; CODE XREF: sub_40ACF3:loc_40ADB8�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, dword_423064
xor eax, esp
mov [esp+80h+var_4], eax
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_40FED1
add esp, 0Ch
test eax, eax
jnz short loc_41024A
and [esp+80h+var_40], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+98h+var_80]
push eax
call sub_40FBF7
add esp, 1Ch
loc_41024A: ; CODE XREF: sub_4101F8+2B�j
push [ebp+arg_0]
call sub_4100DA
add esp, 4
cmp dword_423FC0, 0
jnz short loc_410289
test eax, eax
jz short loc_410289
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_410107
add esp, 24h
jmp short loc_4102A3
; ---------------------------------------------------------------------------
loc_410289: ; CODE XREF: sub_4101F8+64�j
; sub_4101F8+68�j
push eax
call sub_4100B2
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_41040E
fld [ebp+arg_10]
pop ecx
pop ecx
loc_4102A3: ; CODE XREF: sub_4101F8+8F�j
mov ecx, [esp+80h+var_4]
xor ecx, esp
call sub_402AD0
mov esp, ebp
pop ebp
retn
sub_4101F8 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4102B2(double)
sub_4102B2 proc near ; CODE XREF: sub_40ACF3:loc_40AD79�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_4102B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4102C3(double,int)
sub_4102C3 proc near ; CODE XREF: sub_410348+79�p
; sub_410348+8E�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_4102C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102ED proc near ; CODE XREF: sub_40ACF3+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_410305
cmp [ebp+arg_0], edx
jnz short loc_410318
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_410305: ; CODE XREF: sub_4102ED+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_410318
cmp [ebp+arg_0], edx
jnz short loc_410318
push 2
loc_410315: ; CODE XREF: sub_4102ED+3C�j
; sub_4102ED+55�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_410318: ; CODE XREF: sub_4102ED+11�j
; sub_4102ED+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41032B
push 3
jmp short loc_410315
; ---------------------------------------------------------------------------
loc_41032B: ; CODE XREF: sub_4102ED+38�j
cmp cx, 7FF0h
jnz short loc_410344
test [ebp+arg_4], 7FFFFh
jnz short loc_410340
cmp [ebp+arg_0], edx
jz short loc_410344
loc_410340: ; CODE XREF: sub_4102ED+4C�j
push 4
jmp short loc_410315
; ---------------------------------------------------------------------------
loc_410344: ; CODE XREF: sub_4102ED+43�j
; sub_4102ED+51�j
xor eax, eax
pop ebp
retn
sub_4102ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410348(double,int)
sub_410348 proc near ; CODE XREF: sub_40FED1+122�p
var_C = qword ptr -0Ch
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
fldz
fcom [ebp+arg_0]
fnstsw ax
test ah, 44h
jp short loc_41035E
xor edx, edx
jmp loc_4103F0
; ---------------------------------------------------------------------------
loc_41035E: ; CODE XREF: sub_410348+D�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_4103CB
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_410376
cmp dword ptr [ebp+arg_0], ecx
jz short loc_4103CB
loc_410376: ; CODE XREF: sub_410348+27�j
fcomp [ebp+arg_0]
mov edx, 0FFFFFC03h
fnstsw ax
test ah, 41h
jnz short loc_41038A
xor eax, eax
inc eax
jmp short loc_4103A2
; ---------------------------------------------------------------------------
loc_41038A: ; CODE XREF: sub_410348+3B�j
xor eax, eax
jmp short loc_4103A2
; ---------------------------------------------------------------------------
loc_41038E: ; CODE XREF: sub_410348+5E�j
shl dword ptr [ebp+arg_0+4], 1
test dword ptr [ebp+arg_0], 80000000h
jz short loc_41039E
or dword ptr [ebp+arg_0+4], 1
loc_41039E: ; CODE XREF: sub_410348+50�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_4103A2: ; CODE XREF: sub_410348+40�j
; sub_410348+44�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_41038E
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_4103B8
or word ptr [ebp+arg_0+6], 8000h
loc_4103B8: ; CODE XREF: sub_410348+68�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_4102C3
add esp, 0Ch
jmp short loc_4103F0
; ---------------------------------------------------------------------------
loc_4103CB: ; CODE XREF: sub_410348+1E�j
; sub_410348+2C�j
push ecx ; int
fstp st
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_4102C3
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_4103F0: ; CODE XREF: sub_410348+11�j
; sub_410348+81�j
mov eax, [ebp+arg_8]
mov [eax], edx
pop ebp
retn
sub_410348 endp
; =============== S U B R O U T I N E =======================================
sub_4103F7 proc near ; CODE XREF: sub_40FBF7+DC�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_4103F7 endp
; =============== S U B R O U T I N E =======================================
sub_410402 proc near ; CODE XREF: sub_40FBF7:loc_40FE0A�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41040E proc near ; CODE XREF: sub_40ACF3+13�p
; sub_40ACF3+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
movzx eax, ax
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41040E endp
; =============== S U B R O U T I N E =======================================
sub_410435 proc near ; CODE XREF: sub_40FED1+20�p
; sub_40FED1+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_41044B
fld tbyte_4240E0
fistp [esp+8+arg_0]
wait
loc_41044B: ; CODE XREF: sub_410435+9�j
test cl, 8
jz short loc_410460
fstsw ax
fld tbyte_4240E0
fstp [esp+8+var_8]
wait
fstsw ax
loc_410460: ; CODE XREF: sub_410435+19�j
test cl, 10h
jz short loc_41046F
fld tbyte_4240EC
fstp [esp+8+var_8]
wait
loc_41046F: ; CODE XREF: sub_410435+2E�j
test cl, 4
jz short loc_41047D
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_41047D: ; CODE XREF: sub_410435+3D�j
test cl, 20h
jz short loc_410488
fldpi
fstp [esp+8+var_8]
wait
loc_410488: ; CODE XREF: sub_410435+4B�j
pop ecx
pop ecx
retn
sub_410435 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41048B proc near ; CODE XREF: sub_413857+243�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421C18
call __SEH_prolog4
xor eax, eax
cmp dword_4356E0, eax
jz short loc_4104F7
test byte ptr [ebp+arg_0], 40h
jz short loc_4104EF
cmp dword_4240F8, eax
jz short loc_4104EF
mov [ebp+ms_exc.disabled], eax
ldmxcsr [ebp+arg_0]
jmp short loc_4104E6
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_4104D0
cmp eax, 0C000001Dh
jz short loc_4104D0
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4104D0: ; CODE XREF: sub_41048B+39�j
; sub_41048B+40�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and dword_4240F8, 0
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_4104E6: ; CODE XREF: sub_41048B+2B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_4104F7
; ---------------------------------------------------------------------------
loc_4104EF: ; CODE XREF: sub_41048B+1A�j
; sub_41048B+22�j
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_4104F7: ; CODE XREF: sub_41048B+14�j
; sub_41048B+62�j
call __SEH_epilog4
retn
sub_41048B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104FD proc near ; CODE XREF: sub_41054E+A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_402ADF
movzx eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov dl, [ebp+arg_C]
test [ecx+eax+1Dh], dl
jnz short loc_41053C
cmp [ebp+arg_8], 0
jz short loc_410536
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, [ebp+arg_8]
jmp short loc_410538
; ---------------------------------------------------------------------------
loc_410536: ; CODE XREF: sub_4104FD+25�j
xor eax, eax
loc_410538: ; CODE XREF: sub_4104FD+37�j
test eax, eax
jz short loc_41053F
loc_41053C: ; CODE XREF: sub_4104FD+1F�j
xor eax, eax
inc eax
loc_41053F: ; CODE XREF: sub_4104FD+3D�j
cmp [ebp+var_4], 0
jz short locret_41054C
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_41054C: ; CODE XREF: sub_4104FD+46�j
leave
retn
sub_4104FD endp
; =============== S U B R O U T I N E =======================================
sub_41054E proc near ; CODE XREF: sub_40AF33+3F�p
; sub_40B06B+53�p ...
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
push 0
call sub_4104FD
add esp, 10h
retn
sub_41054E endp
; =============== S U B R O U T I N E =======================================
sub_410561 proc near ; CODE XREF: sub_40B4CD+56�p
; sub_40BA48+59�p ...
arg_0 = dword ptr 4
xor eax, eax
inc eax
cmp [esp+arg_0], 0
jnz short locret_41056D
xor eax, eax
locret_41056D: ; CODE XREF: sub_410561+8�j
retn
sub_410561 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_41056E proc near ; CODE XREF: sub_40C208:loc_40C236�p
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
test byte_4240FC, 1
push esi
jz short loc_41059B
push 0Ah
call sub_409E64
pop ecx
loc_41059B: ; CODE XREF: sub_41056E+23�j
call sub_40E0CC
test eax, eax
jz short loc_4105AC
push 16h
call sub_40E0D9
pop ecx
loc_4105AC: ; CODE XREF: sub_41056E+34�j
test byte_4240FC, 2
jz loc_410659
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407F20
lea eax, [ebp+2A8h+var_328]
add esp, 0Ch
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
push 0
mov [ebp+2A8h+var_328], 40000015h
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call ds:off_41D19C
lea eax, [ebp+2A8h+var_2D8]
push eax
call ds:off_41D198
loc_410659: ; CODE XREF: sub_41056E+45�j
push 3
call sub_407E9A
int 3 ; Trap to Debugger
sub_41056E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410661 proc near ; CODE XREF: sub_40C307+25A�p
; sub_40C6EC+150�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push 6
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call ds:off_41D054
test eax, eax
jnz short loc_410692
or eax, 0FFFFFFFFh
jmp short loc_41069C
; ---------------------------------------------------------------------------
loc_410692: ; CODE XREF: sub_410661+2A�j
lea eax, [ebp+var_C]
push eax
call sub_40415A
pop ecx
loc_41069C: ; CODE XREF: sub_410661+2F�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402AD0
leave
retn
sub_410661 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4106A8 proc near ; CODE XREF: sub_40C307+285�p
; sub_40C307+336�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
mov [ebp+var_28], eax
mov eax, [ebp+arg_C]
push ebx
mov [ebp+var_30], eax
mov eax, [eax]
push esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
push edi
xor edi, edi
cmp eax, [ebp+arg_4]
mov [ebp+var_34], ecx
mov [ebp+var_20], edi
mov [ebp+var_2C], edi
jz loc_410845
mov esi, ds:off_41D1B4
lea ecx, [ebp+var_18]
push ecx
push eax
call esi ; byte_442D0B
test eax, eax
mov ebx, ds:off_41D0A0
jz short loc_41075B
cmp [ebp+var_18], 1
jnz short loc_41075B
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call esi ; byte_442D0B
test eax, eax
jz short loc_41075B
cmp [ebp+var_18], 1
jnz short loc_41075B
mov esi, [ebp+var_24]
cmp esi, 0FFFFFFFFh
mov [ebp+var_2C], 1
jnz short loc_410731
push [ebp+var_28]
call sub_4044E0
mov esi, eax
pop ecx
inc esi
loc_410731: ; CODE XREF: sub_4106A8+7B�j
cmp esi, edi
loc_410733: ; CODE XREF: sub_4106A8+C6�j
jle short loc_410790
cmp esi, 7FFFFFF0h
ja short loc_410790
lea eax, [esi+esi+8]
cmp eax, 400h
ja short loc_410777
call sub_410860
mov eax, esp
cmp eax, edi
jz short loc_41078B
mov dword ptr [eax], 0CCCCh
jmp short loc_410788
; ---------------------------------------------------------------------------
loc_41075B: ; CODE XREF: sub_4106A8+53�j
; sub_4106A8+59�j ...
push edi
push edi
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; word_44BECA
mov esi, eax
cmp esi, edi
jnz short loc_410733
loc_410770: ; CODE XREF: sub_4106A8+EE�j
xor eax, eax
jmp loc_410848
; ---------------------------------------------------------------------------
loc_410777: ; CODE XREF: sub_4106A8+9E�j
push eax
call sub_403AA0
cmp eax, edi
pop ecx
jz short loc_41078B
mov dword ptr [eax], 0DDDDh
loc_410788: ; CODE XREF: sub_4106A8+B1�j
add eax, 8
loc_41078B: ; CODE XREF: sub_4106A8+A9�j
; sub_4106A8+D8�j
mov [ebp+var_1C], eax
jmp short loc_410793
; ---------------------------------------------------------------------------
loc_410790: ; CODE XREF: sub_4106A8:loc_410733�j
; sub_4106A8+93�j
mov [ebp+var_1C], edi
loc_410793: ; CODE XREF: sub_4106A8+E6�j
cmp [ebp+var_1C], edi
jz short loc_410770
lea eax, [esi+esi]
push eax
push edi
push [ebp+var_1C]
call sub_407F20
add esp, 0Ch
push esi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; word_44BECA
test eax, eax
jz short loc_41083C
mov ebx, [ebp+var_34]
cmp ebx, edi
jz short loc_4107E1
push edi
push edi
push [ebp+arg_14]
push ebx
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ds:off_41D134
test eax, eax
jz short loc_41083C
mov [ebp+var_20], ebx
jmp short loc_41083C
; ---------------------------------------------------------------------------
loc_4107E1: ; CODE XREF: sub_4106A8+11A�j
cmp [ebp+var_2C], edi
mov ebx, ds:off_41D134
jnz short loc_410800
push edi
push edi
push edi
push edi
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; dword_4482CC
mov esi, eax
cmp esi, edi
jz short loc_41083C
loc_410800: ; CODE XREF: sub_4106A8+142�j
push esi
push 1
call sub_407B2A
cmp eax, edi
pop ecx
pop ecx
mov [ebp+var_20], eax
jz short loc_41083C
push edi
push edi
push esi
push eax
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; dword_4482CC
cmp eax, edi
jnz short loc_410831
push [ebp+var_20]
call sub_4039C3
pop ecx
mov [ebp+var_20], edi
jmp short loc_41083C
; ---------------------------------------------------------------------------
loc_410831: ; CODE XREF: sub_4106A8+179�j
cmp [ebp+var_24], 0FFFFFFFFh
jz short loc_41083C
mov ecx, [ebp+var_30]
mov [ecx], eax
loc_41083C: ; CODE XREF: sub_4106A8+113�j
; sub_4106A8+132�j ...
push [ebp+var_1C]
call sub_40C2EC
pop ecx
loc_410845: ; CODE XREF: sub_4106A8+38�j
mov eax, [ebp+var_20]
loc_410848: ; CODE XREF: sub_4106A8+CA�j
lea esp, [ebp-40h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402AD0
leave
retn
sub_4106A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410860 proc near ; CODE XREF: sub_40C307+F3�p
; sub_40C307+1B1�p ...
arg_0 = byte ptr 4
push ecx
lea ecx, [esp+4+arg_0]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_4117B0
sub_410860 endp
; ---------------------------------------------------------------------------
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_4117B0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41088C proc near ; CODE XREF: sub_40D20A+2A1�p
; sub_40D20A+2C1�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
xor esi, esi
cmp dword_424218, esi
jz short loc_4108F5
cmp dword_424224, 0FFFFFFFEh
jnz short loc_4108B5
call sub_4117DB
loc_4108B5: ; CODE XREF: sub_41088C+22�j
mov eax, dword_424224
cmp eax, 0FFFFFFFFh
jnz short loc_4108C5
loc_4108BF: ; CODE XREF: sub_41088C+56�j
; sub_41088C+61�j ...
or ax, 0FFFFh
jmp short loc_410935
; ---------------------------------------------------------------------------
loc_4108C5: ; CODE XREF: sub_41088C+31�j
push esi
lea ecx, [ebp+var_10]
push ecx
push 1
lea ecx, [ebp+arg_0]
push ecx
push eax
call ds:off_41D0A8
test eax, eax
jnz short loc_410942
cmp dword_424218, 2
jnz short loc_4108BF
call ds:off_41D0EC
cmp eax, 78h
jnz short loc_4108BF
mov dword_424218, esi
loc_4108F5: ; CODE XREF: sub_41088C+19�j
push esi
push esi
push 5
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push esi
call ds:off_41D0AC
push eax
call ds:off_41D134
mov ecx, dword_424224
cmp ecx, 0FFFFFFFFh
jz short loc_4108BF
push esi
lea edx, [ebp+var_10]
push edx
push eax
lea eax, [ebp+var_C]
push eax
push ecx
call ds:off_41D0B0
test eax, eax
jz short loc_4108BF
loc_410931: ; CODE XREF: sub_41088C+C0�j
mov ax, [ebp+arg_0]
loc_410935: ; CODE XREF: sub_41088C+37�j
mov ecx, [ebp+var_4]
xor ecx, ebp
pop esi
call sub_402AD0
leave
retn
; ---------------------------------------------------------------------------
loc_410942: ; CODE XREF: sub_41088C+4D�j
mov dword_424218, 1
jmp short loc_410931
sub_41088C endp
; ---------------------------------------------------------------------------
push 2
call sub_407C0D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410957 proc near ; CODE XREF: sub_40E422+36F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor ebx, ebx
push 1
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_40D06E
mov [ebp+var_18], eax
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_14], edx
jz short loc_4109DD
push 2
push ebx
push ebx
push [ebp+arg_0]
call sub_40D06E
mov ecx, eax
and ecx, edx
add esp, 10h
cmp ecx, 0FFFFFFFFh
jz short loc_4109DD
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
sub esi, eax
sbb edi, edx
js loc_410A72
jg short loc_4109B6
cmp esi, ebx
jbe loc_410A72
loc_4109B6: ; CODE XREF: sub_410957+55�j
mov ebx, 1000h
push ebx
push 8
call ds:off_41D0FC
push eax
call ds:off_41D110
test eax, eax
mov [ebp+var_4], eax
jnz short loc_4109E9
call sub_405B83
mov dword ptr [eax], 0Ch
loc_4109DD: ; CODE XREF: sub_410957+2B�j
; sub_410957+43�j ...
call sub_405B83
mov eax, [eax]
loc_4109E4: ; CODE XREF: sub_410957+1AF�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4109E9: ; CODE XREF: sub_410957+79�j
push 8000h
push [ebp+arg_0]
call sub_410B7D
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_4109FB: ; CODE XREF: sub_410957+CF�j
; sub_410957+D3�j
test edi, edi
jl short loc_410A09
jg short loc_410A05
cmp esi, ebx
jb short loc_410A09
loc_410A05: ; CODE XREF: sub_410957+A8�j
mov eax, ebx
jmp short loc_410A0B
; ---------------------------------------------------------------------------
loc_410A09: ; CODE XREF: sub_410957+A6�j
; sub_410957+AC�j
mov eax, esi
loc_410A0B: ; CODE XREF: sub_410957+B0�j
push eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40D20A
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_410A55
cdq
sub esi, eax
sbb edi, edx
js short loc_410A2C
jg short loc_4109FB
test esi, esi
ja short loc_4109FB
loc_410A2C: ; CODE XREF: sub_410957+CD�j
mov esi, [ebp+var_10]
loc_410A2F: ; CODE XREF: sub_410957+119�j
push [ebp+var_8]
push [ebp+arg_0]
call sub_410B7D
pop ecx
pop ecx
push [ebp+var_4]
push 0
call ds:off_41D0FC
push eax
call ds:off_41D108
xor ebx, ebx
jmp loc_410ADB
; ---------------------------------------------------------------------------
loc_410A55: ; CODE XREF: sub_410957+C6�j
call sub_405B96
cmp dword ptr [eax], 5
jnz short loc_410A6A
call sub_405B83
mov dword ptr [eax], 0Dh
loc_410A6A: ; CODE XREF: sub_410957+106�j
or esi, 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_410A2F
; ---------------------------------------------------------------------------
loc_410A72: ; CODE XREF: sub_410957+4F�j
; sub_410957+59�j
cmp edi, ebx
jg short loc_410AE7
jl short loc_410A7C
cmp esi, ebx
jnb short loc_410AE7
loc_410A7C: ; CODE XREF: sub_410957+11F�j
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D06E
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_4109DD
push [ebp+arg_0]
call sub_40F12D
pop ecx
push eax
call ds:off_41D0A4
neg eax
sbb eax, eax
neg eax
dec eax
cdq
mov [ebp+var_10], eax
and eax, edx
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], edx
jnz short loc_410AE7
call sub_405B83
mov dword ptr [eax], 0Dh
call sub_405B96
mov esi, eax
call ds:off_41D0EC
mov [esi], eax
mov esi, [ebp+var_10]
loc_410ADB: ; CODE XREF: sub_410957+F9�j
and esi, [ebp+var_C]
cmp esi, 0FFFFFFFFh
jz loc_4109DD
loc_410AE7: ; CODE XREF: sub_410957+11D�j
; sub_410957+123�j ...
push ebx
push [ebp+var_14]
push [ebp+var_18]
push [ebp+arg_0]
call sub_40D06E
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_4109DD
xor eax, eax
jmp loc_4109E4
sub_410957 endp
; =============== S U B R O U T I N E =======================================
sub_410B0B proc near ; CODE XREF: sub_40E422+322�p
; sub_40E422+37F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_40F12D
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_410B2C
call sub_405B83
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_410B2C: ; CODE XREF: sub_410B0B+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:off_41D074
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_410B4D
call ds:off_41D0EC
jmp short loc_410B4F
; ---------------------------------------------------------------------------
loc_410B4D: ; CODE XREF: sub_410B0B+38�j
xor eax, eax
loc_410B4F: ; CODE XREF: sub_410B0B+40�j
test eax, eax
jz short loc_410B5F
push eax
call sub_405BA9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_410B7A
; ---------------------------------------------------------------------------
loc_410B5F: ; CODE XREF: sub_410B0B+46�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_435700[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_410B7A: ; CODE XREF: sub_410B0B+52�j
pop edi
pop esi
retn
sub_410B0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B7D proc near ; CODE XREF: sub_410957+9A�p
; sub_410957+DE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
mov eax, edx
sar eax, 5
and edx, 1Fh
imul edx, 28h
push ebx
mov ebx, [ebp+arg_4]
push esi
lea esi, ds:435700h[eax*4]
mov eax, [esi]
lea ecx, [eax+edx]
movzx eax, byte ptr [ecx+4]
and eax, 80h
mov [ebp+arg_0], eax
mov al, [ecx+24h]
add al, al
movsx eax, al
push edi
mov edi, 4000h
sar eax, 1
cmp ebx, edi
jz short loc_410C0F
cmp ebx, 8000h
jz short loc_410C09
cmp ebx, 10000h
jz short loc_410BF5
cmp ebx, 20000h
jz short loc_410BF5
cmp ebx, 40000h
jnz short loc_410C1C
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 81h
or dl, 1
loc_410BF1: ; CODE XREF: sub_410B7D+8A�j
mov [ecx], dl
jmp short loc_410C1C
; ---------------------------------------------------------------------------
loc_410BF5: ; CODE XREF: sub_410B7D+50�j
; sub_410B7D+58�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 82h
or dl, 2
jmp short loc_410BF1
; ---------------------------------------------------------------------------
loc_410C09: ; CODE XREF: sub_410B7D+48�j
and byte ptr [ecx+4], 7Fh
jmp short loc_410C1C
; ---------------------------------------------------------------------------
loc_410C0F: ; CODE XREF: sub_410B7D+40�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
and byte ptr [ecx], 80h
loc_410C1C: ; CODE XREF: sub_410B7D+60�j
; sub_410B7D+76�j ...
cmp [ebp+arg_0], 0
jnz short loc_410C29
mov eax, 8000h
jmp short loc_410C34
; ---------------------------------------------------------------------------
loc_410C29: ; CODE XREF: sub_410B7D+A3�j
neg eax
sbb eax, eax
and eax, 0C000h
add eax, edi
loc_410C34: ; CODE XREF: sub_410B7D+AA�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_410B7D endp
; =============== S U B R O U T I N E =======================================
sub_410C39 proc near ; CODE XREF: sub_40E422+40�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_410C61
call sub_405B83
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_410C61: ; CODE XREF: sub_410C39+9�j
mov ecx, dword_427FA0
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_410C39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C6D proc near ; CODE XREF: sub_410DE8+6�p
; DATA XREF: sub_40FABC+55�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_402ADF
mov esi, [ebp+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_405B21
cmp eax, 65h
jmp short loc_410C9C
; ---------------------------------------------------------------------------
loc_410C90: ; CODE XREF: sub_410C6D+30�j
inc esi
movzx eax, byte ptr [esi]
push eax
call sub_40F52F
test eax, eax
loc_410C9C: ; CODE XREF: sub_410C6D+21�j
pop ecx
jnz short loc_410C90
movsx eax, byte ptr [esi]
push eax
call sub_405B21
cmp eax, 78h
pop ecx
jnz short loc_410CB0
inc esi
inc esi
loc_410CB0: ; CODE XREF: sub_410C6D+3F�j
mov ecx, [ebp+var_10]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov al, [esi]
mov cl, [ecx]
mov [esi], cl
inc esi
loc_410CC2: ; CODE XREF: sub_410C6D+60�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_410CC2
cmp [ebp+var_4], cl
pop esi
jz short locret_410CDC
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_410CDC: ; CODE XREF: sub_410C6D+66�j
leave
retn
sub_410C6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CDE proc near ; CODE XREF: sub_410DF6+6�p
; DATA XREF: sub_40FABC+4B�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_402ADF
mov eax, [ebp+arg_0]
mov cl, [eax]
test cl, cl
mov esi, [ebp+var_10]
jz short loc_410D11
mov edx, [esi+0BCh]
mov edx, [edx]
mov dl, [edx]
loc_410D06: ; CODE XREF: sub_410CDE+31�j
cmp cl, dl
jz short loc_410D11
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_410D06
loc_410D11: ; CODE XREF: sub_410CDE+1C�j
; sub_410CDE+2A�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_410D4E
jmp short loc_410D25
; ---------------------------------------------------------------------------
loc_410D1A: ; CODE XREF: sub_410CDE+4B�j
cmp cl, 65h
jz short loc_410D2B
cmp cl, 45h
jz short loc_410D2B
inc eax
loc_410D25: ; CODE XREF: sub_410CDE+3A�j
mov cl, [eax]
test cl, cl
jnz short loc_410D1A
loc_410D2B: ; CODE XREF: sub_410CDE+3F�j
; sub_410CDE+44�j
mov edx, eax
loc_410D2D: ; CODE XREF: sub_410CDE+53�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_410D2D
mov ecx, [esi+0BCh]
mov ecx, [ecx]
push ebx
mov bl, [eax]
cmp bl, [ecx]
pop ebx
jnz short loc_410D44
dec eax
loc_410D44: ; CODE XREF: sub_410CDE+63�j
; sub_410CDE+6E�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_410D44
loc_410D4E: ; CODE XREF: sub_410CDE+38�j
cmp [ebp+var_4], 0
pop esi
jz short locret_410D5C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_410D5C: ; CODE XREF: sub_410CDE+75�j
leave
retn
sub_410CDE endp
; ---------------------------------------------------------------------------
word_410D5E dw 0EED9h ; DATA XREF: sub_40FABC+28�o
dd 424448Bh, 0E0DF18DCh, 7A41C4F6h, 40C03304h, 0C3C033C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410D74 proc near ; CODE XREF: sub_410DB4+E�p
; DATA XREF: sub_40FABC+41�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_C]
push [ebp+arg_8]
jz short loc_410D9E
lea eax, [ebp+var_8]
push eax
call sub_41185D
mov ecx, [ebp+var_8]
mov eax, [ebp+arg_4]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
jmp short loc_410DAF
; ---------------------------------------------------------------------------
loc_410D9E: ; CODE XREF: sub_410D74+F�j
lea eax, [ebp+arg_0]
push eax
call sub_411903
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
loc_410DAF: ; CODE XREF: sub_410D74+28�j
add esp, 0Ch
leave
retn
sub_410D74 endp
; =============== S U B R O U T I N E =======================================
sub_410DB4 proc near ; DATA XREF: sub_40FABC+14�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_410D74
add esp, 10h
retn
sub_410DB4 endp
; =============== S U B R O U T I N E =======================================
sub_410DCB proc near ; CODE XREF: sub_410E04+88�p
; sub_4113CE+8A�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_410DE6
push esi
call sub_4044E0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_407720
add esp, 10h
loc_410DE6: ; CODE XREF: sub_410DCB+5�j
pop esi
retn
sub_410DCB endp
; =============== S U B R O U T I N E =======================================
sub_410DE8 proc near ; DATA XREF: sub_40FABC+1E�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_410C6D
pop ecx
pop ecx
retn
sub_410DE8 endp
; =============== S U B R O U T I N E =======================================
sub_410DF6 proc near ; DATA XREF: sub_40FABC+A�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_410CDE
pop ecx
pop ecx
retn
sub_410DF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410E04 proc near ; CODE XREF: sub_410F71+B7�p
; sub_41157C+E1�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_10]
mov ebx, eax
call sub_402ADF
xor esi, esi
cmp ebx, esi
jnz short loc_410E4B
loc_410E20: ; CODE XREF: sub_410E04+4A�j
call sub_405B83
push 16h
loc_410E27: ; CODE XREF: sub_410E04+67�j
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_410E44
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410E44: ; CODE XREF: sub_410E04+37�j
mov eax, edi
jmp loc_410F6C
; ---------------------------------------------------------------------------
loc_410E4B: ; CODE XREF: sub_410E04+1A�j
cmp [ebp+arg_0], esi
jbe short loc_410E20
cmp [ebp+arg_4], esi
jle short loc_410E5A
mov eax, [ebp+arg_4]
jmp short loc_410E5C
; ---------------------------------------------------------------------------
loc_410E5A: ; CODE XREF: sub_410E04+4F�j
xor eax, eax
loc_410E5C: ; CODE XREF: sub_410E04+54�j
add eax, 9
cmp [ebp+arg_0], eax
ja short loc_410E6D
call sub_405B83
push 22h
jmp short loc_410E27
; ---------------------------------------------------------------------------
loc_410E6D: ; CODE XREF: sub_410E04+5E�j
cmp [ebp+arg_10], 0
jz short loc_410E91
mov edx, [ebp+arg_C]
xor eax, eax
cmp [ebp+arg_4], esi
setnle al
xor ecx, ecx
cmp dword ptr [edx], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_410DCB
loc_410E91: ; CODE XREF: sub_410E04+6D�j
mov edi, [ebp+arg_C]
cmp dword ptr [edi], 2Dh
mov esi, ebx
jnz short loc_410EA1
mov byte ptr [ebx], 2Dh
lea esi, [ebx+1]
loc_410EA1: ; CODE XREF: sub_410E04+95�j
cmp [ebp+arg_4], 0
jle short loc_410EBF
lea eax, [esi+1]
mov cl, [eax]
mov [esi], cl
mov esi, eax
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
loc_410EBF: ; CODE XREF: sub_410E04+A1�j
xor eax, eax
cmp [ebp+arg_10], al
setz al
add eax, [ebp+arg_4]
add esi, eax
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_410ED7
or ebx, 0FFFFFFFFh
jmp short loc_410EDC
; ---------------------------------------------------------------------------
loc_410ED7: ; CODE XREF: sub_410E04+CC�j
sub ebx, esi
add ebx, [ebp+arg_0]
loc_410EDC: ; CODE XREF: sub_410E04+D1�j
push offset dword_41EE70
push ebx
push esi
call sub_407A85
add esp, 0Ch
xor ebx, ebx
test eax, eax
jz short loc_410EFE
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4031FD
add esp, 14h
loc_410EFE: ; CODE XREF: sub_410E04+EB�j
cmp [ebp+arg_8], ebx
lea ecx, [esi+2]
jz short loc_410F09
mov byte ptr [esi], 45h
loc_410F09: ; CODE XREF: sub_410E04+100�j
mov eax, [edi+0Ch]
inc esi
cmp byte ptr [eax], 30h
jz short loc_410F40
mov eax, [edi+4]
dec eax
jns short loc_410F1D
neg eax
mov byte ptr [esi], 2Dh
loc_410F1D: ; CODE XREF: sub_410E04+112�j
inc esi
cmp eax, 64h
jl short loc_410F2D
cdq
push 64h
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410F2D: ; CODE XREF: sub_410E04+11D�j
inc esi
cmp eax, 0Ah
jl short loc_410F3D
cdq
push 0Ah
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410F3D: ; CODE XREF: sub_410E04+12D�j
add [esi+1], al
loc_410F40: ; CODE XREF: sub_410E04+10C�j
test byte_427FA4, 1
jz short loc_410F5D
cmp byte ptr [ecx], 30h
jnz short loc_410F5D
push 3
lea eax, [ecx+1]
push eax
push ecx
call sub_407720
add esp, 0Ch
loc_410F5D: ; CODE XREF: sub_410E04+143�j
; sub_410E04+148�j
cmp [ebp+var_4], 0
jz short loc_410F6A
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410F6A: ; CODE XREF: sub_410E04+15D�j
xor eax, eax
loc_410F6C: ; CODE XREF: sub_410E04+42�j
pop edi
pop esi
pop ebx
leave
retn
sub_410E04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F71 proc near ; CODE XREF: sub_41103F+14�p
; sub_411674+7C�p
var_2C = dword ptr -2Ch
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411B21
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_410FC1
loc_410FA9: ; CODE XREF: sub_410F71+55�j
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_411030
; ---------------------------------------------------------------------------
loc_410FC1: ; CODE XREF: sub_410F71+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_410FA9
cmp eax, 0FFFFFFFFh
mov esi, [ebp+arg_C]
jnz short loc_410FD5
or eax, 0FFFFFFFFh
jmp short loc_410FE9
; ---------------------------------------------------------------------------
loc_410FD5: ; CODE XREF: sub_410F71+5D�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
xor ecx, ecx
cmp esi, ebx
setnle cl
sub eax, ecx
loc_410FE9: ; CODE XREF: sub_410F71+62�j
lea ecx, [ebp+var_2C]
push ecx
lea ecx, [esi+1]
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
xor ecx, ecx
cmp esi, ebx
setnle cl
add eax, edi
add ecx, eax
push ecx
call sub_4119A9
add esp, 10h
cmp eax, ebx
jz short loc_411017
mov [edi], bl
jmp short loc_411030
; ---------------------------------------------------------------------------
loc_411017: ; CODE XREF: sub_410F71+A0�j
push [ebp+arg_14]
lea eax, [ebp+var_2C]
push ebx
push eax
push [ebp+arg_10]
mov eax, edi
push esi
push [ebp+arg_8]
call sub_410E04
add esp, 18h
loc_411030: ; CODE XREF: sub_410F71+4E�j
; sub_410F71+A4�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_410F71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41103F proc near ; CODE XREF: sub_41105D+BD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410F71
add esp, 18h
pop ebp
retn
sub_41103F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41105D proc near ; CODE XREF: sub_411674+63�p
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_24]
mov [ebp+var_14], 3FFh
xor edi, edi
mov [ebp+var_4], 30h
call sub_402ADF
cmp [ebp+arg_C], edi
jge short loc_411088
mov [ebp+arg_C], edi
loc_411088: ; CODE XREF: sub_41105D+26�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_4110BA
loc_41108F: ; CODE XREF: sub_41105D+60�j
call sub_405B83
push 16h
loc_411096: ; CODE XREF: sub_41105D+77�j
pop esi
push edi
push edi
push edi
push edi
push edi
mov [eax], esi
call sub_4032F9
add esp, 14h
cmp [ebp+var_18], 0
jz short loc_4110B3
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4110B3: ; CODE XREF: sub_41105D+4D�j
mov eax, esi
jmp loc_4113CA
; ---------------------------------------------------------------------------
loc_4110BA: ; CODE XREF: sub_41105D+30�j
cmp [ebp+arg_8], edi
jbe short loc_41108F
mov eax, [ebp+arg_C]
add eax, 0Bh
cmp [ebp+arg_8], eax
mov byte ptr [esi], 0
ja short loc_4110D6
call sub_405B83
push 22h
jmp short loc_411096
; ---------------------------------------------------------------------------
loc_4110D6: ; CODE XREF: sub_41105D+6E�j
mov edi, [ebp+arg_0]
mov eax, [edi]
mov [ebp+var_C], eax
mov eax, [edi+4]
mov ecx, eax
shr ecx, 14h
mov edx, 7FFh
push ebx
and ecx, edx
xor ebx, ebx
cmp ecx, edx
jnz loc_411188
test ebx, ebx
jnz loc_411188
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jnz short loc_41110C
or eax, eax
jmp short loc_41110F
; ---------------------------------------------------------------------------
loc_41110C: ; CODE XREF: sub_41105D+A9�j
add eax, 0FFFFFFFEh
loc_41110F: ; CODE XREF: sub_41105D+AD�j
push 0
push [ebp+arg_C]
lea ebx, [esi+2]
push eax
push ebx
push edi
call sub_41103F
add esp, 14h
test eax, eax
jz short loc_41113F
cmp [ebp+var_18], 0
mov byte ptr [esi], 0
jz loc_4113C9
mov ecx, [ebp+var_1C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_4113C9
; ---------------------------------------------------------------------------
loc_41113F: ; CODE XREF: sub_41105D+C7�j
cmp byte ptr [ebx], 2Dh
jnz short loc_411148
mov byte ptr [esi], 2Dh
inc esi
loc_411148: ; CODE XREF: sub_41105D+E5�j
mov byte ptr [esi], 30h
inc esi
cmp [ebp+arg_10], 0
push 65h
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
inc esi
push esi
call sub_411830
test eax, eax
pop ecx
pop ecx
jz loc_4113BA
cmp [ebp+arg_10], 0
setz cl
dec cl
and cl, 0E0h
add cl, 70h
mov [eax], cl
mov byte ptr [eax+3], 0
jmp loc_4113BA
; ---------------------------------------------------------------------------
loc_411188: ; CODE XREF: sub_41105D+95�j
; sub_41105D+9D�j
and eax, 80000000h
xor ecx, ecx
or ecx, eax
jz short loc_411197
mov byte ptr [esi], 2Dh
inc esi
loc_411197: ; CODE XREF: sub_41105D+134�j
mov ebx, [ebp+arg_10]
mov byte ptr [esi], 30h
inc esi
test ebx, ebx
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
mov ecx, [edi+4]
inc esi
neg ebx
sbb ebx, ebx
and ebx, 0FFFFFFE0h
and ecx, 7FF00000h
xor eax, eax
add ebx, 27h
xor edx, edx
or eax, ecx
jnz short loc_4111E8
mov byte ptr [esi], 30h
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
inc esi
or eax, ecx
jnz short loc_4111DF
mov [ebp+var_14], edx
jmp short loc_4111EC
; ---------------------------------------------------------------------------
loc_4111DF: ; CODE XREF: sub_41105D+17B�j
mov [ebp+var_14], 3FEh
jmp short loc_4111EC
; ---------------------------------------------------------------------------
loc_4111E8: ; CODE XREF: sub_41105D+168�j
mov byte ptr [esi], 31h
inc esi
loc_4111EC: ; CODE XREF: sub_41105D+180�j
; sub_41105D+189�j
mov eax, esi
inc esi
cmp [ebp+arg_C], edx
mov [ebp+arg_4], eax
jnz short loc_4111FB
mov [eax], dl
jmp short loc_41120A
; ---------------------------------------------------------------------------
loc_4111FB: ; CODE XREF: sub_41105D+198�j
mov ecx, [ebp+var_24]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov cl, [ecx]
mov [eax], cl
loc_41120A: ; CODE XREF: sub_41105D+19C�j
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
mov [ebp+var_8], ecx
ja short loc_411222
cmp eax, edx
jbe loc_4112D7
loc_411222: ; CODE XREF: sub_41105D+1BB�j
mov [ebp+var_C], edx
mov [ebp+var_8], 0F0000h
loc_41122C: ; CODE XREF: sub_41105D+220�j
cmp [ebp+arg_C], 0
jle short loc_41127F
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_411C90
add ax, 30h
movzx eax, ax
cmp ax, 39h
jbe short loc_41125B
add eax, ebx
loc_41125B: ; CODE XREF: sub_41105D+1FA�j
mov ecx, [ebp+var_8]
sub [ebp+var_4], 4
mov [esi], al
mov eax, [ebp+var_C]
shrd eax, ecx, 4
shr ecx, 4
inc esi
dec [ebp+arg_C]
cmp word ptr [ebp+var_4], 0
mov [ebp+var_C], eax
mov [ebp+var_8], ecx
jge short loc_41122C
loc_41127F: ; CODE XREF: sub_41105D+1D3�j
cmp word ptr [ebp+var_4], 0
jl short loc_4112D7
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_411C90
cmp ax, 8
jbe short loc_4112D7
lea eax, [esi-1]
loc_4112A9: ; CODE XREF: sub_41105D+25C�j
mov cl, [eax]
cmp cl, 66h
jz short loc_4112B5
cmp cl, 46h
jnz short loc_4112BB
loc_4112B5: ; CODE XREF: sub_41105D+251�j
mov byte ptr [eax], 30h
dec eax
jmp short loc_4112A9
; ---------------------------------------------------------------------------
loc_4112BB: ; CODE XREF: sub_41105D+256�j
cmp eax, [ebp+arg_4]
jz short loc_4112D4
mov cl, [eax]
cmp cl, 39h
jnz short loc_4112CE
add bl, 3Ah
mov [eax], bl
jmp short loc_4112D7
; ---------------------------------------------------------------------------
loc_4112CE: ; CODE XREF: sub_41105D+268�j
inc cl
mov [eax], cl
jmp short loc_4112D7
; ---------------------------------------------------------------------------
loc_4112D4: ; CODE XREF: sub_41105D+261�j
inc byte ptr [eax-1]
loc_4112D7: ; CODE XREF: sub_41105D+1BF�j
; sub_41105D+227�j ...
cmp [ebp+arg_C], 0
jle short loc_4112EE
push [ebp+arg_C]
push 30h
push esi
call sub_407F20
add esp, 0Ch
add esi, [ebp+arg_C]
loc_4112EE: ; CODE XREF: sub_41105D+27E�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_4112F8
mov esi, eax
loc_4112F8: ; CODE XREF: sub_41105D+297�j
cmp [ebp+arg_10], 0
mov cl, 34h
setz al
dec al
and al, 0E0h
add al, 70h
mov [esi], al
mov eax, [edi]
mov edx, [edi+4]
inc esi
call sub_411C90
xor ebx, ebx
and eax, 7FFh
and edx, ebx
sub eax, [ebp+var_14]
push ebx
pop ecx
sbb edx, ecx
js short loc_411332
jg short loc_41132C
cmp eax, ebx
jb short loc_411332
loc_41132C: ; CODE XREF: sub_41105D+2C9�j
mov byte ptr [esi], 2Bh
inc esi
jmp short loc_41133C
; ---------------------------------------------------------------------------
loc_411332: ; CODE XREF: sub_41105D+2C7�j
; sub_41105D+2CD�j
mov byte ptr [esi], 2Dh
inc esi
neg eax
adc edx, ebx
neg edx
loc_41133C: ; CODE XREF: sub_41105D+2D3�j
cmp edx, ebx
mov edi, esi
mov byte ptr [esi], 30h
jl short loc_411369
mov ecx, 3E8h
jg short loc_411350
cmp eax, ecx
jb short loc_411369
loc_411350: ; CODE XREF: sub_41105D+2ED�j
push ebx
push ecx
push edx
push eax
call sub_411BB0
add al, 30h
mov [esi], al
inc esi
cmp esi, edi
mov [ebp+var_10], edx
mov eax, ecx
mov edx, ebx
jnz short loc_411374
loc_411369: ; CODE XREF: sub_41105D+2E6�j
; sub_41105D+2F1�j
test edx, edx
jl short loc_41138B
jg short loc_411374
cmp eax, 64h
jb short loc_41138B
loc_411374: ; CODE XREF: sub_41105D+30A�j
; sub_41105D+310�j
push 0
push 64h
push edx
push eax
call sub_411BB0
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov edx, ebx
loc_41138B: ; CODE XREF: sub_41105D+30E�j
; sub_41105D+315�j
cmp esi, edi
jnz short loc_41139A
test edx, edx
jl short loc_4113B2
jg short loc_41139A
cmp eax, 0Ah
jb short loc_4113B2
loc_41139A: ; CODE XREF: sub_41105D+330�j
; sub_41105D+336�j
push 0
push 0Ah
push edx
push eax
call sub_411BB0
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov [ebp+var_10], ebx
loc_4113B2: ; CODE XREF: sub_41105D+334�j
; sub_41105D+33B�j
add al, 30h
mov [esi], al
mov byte ptr [esi+1], 0
loc_4113BA: ; CODE XREF: sub_41105D+10B�j
; sub_41105D+126�j
cmp [ebp+var_18], 0
jz short loc_4113C7
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4113C7: ; CODE XREF: sub_41105D+361�j
xor eax, eax
loc_4113C9: ; CODE XREF: sub_41105D+D0�j
; sub_41105D+DD�j
pop ebx
loc_4113CA: ; CODE XREF: sub_41105D+58�j
pop edi
pop esi
leave
retn
sub_41105D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4113CE proc near ; CODE XREF: sub_4114C3+A2�p
; sub_41157C+C3�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_C]
mov ebx, eax
mov esi, [ebx+4]
mov edi, ecx
lea ecx, [ebp+var_10]
dec esi
call sub_402ADF
test edi, edi
jnz short loc_41141B
loc_4113EE: ; CODE XREF: sub_4113CE+51�j
call sub_405B83
push 16h
pop esi
mov [eax], esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_4032F9
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_411414
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411414: ; CODE XREF: sub_4113CE+3D�j
mov eax, esi
jmp loc_4114BE
; ---------------------------------------------------------------------------
loc_41141B: ; CODE XREF: sub_4113CE+1E�j
cmp [ebp+arg_0], 0
jbe short loc_4113EE
cmp [ebp+arg_8], 0
jz short loc_41143F
cmp esi, [ebp+arg_4]
jnz short loc_41143F
xor eax, eax
cmp dword ptr [ebx], 2Dh
setz al
add eax, esi
add eax, edi
mov byte ptr [eax], 30h
mov byte ptr [eax+1], 0
loc_41143F: ; CODE XREF: sub_4113CE+57�j
; sub_4113CE+5C�j
cmp dword ptr [ebx], 2Dh
mov esi, edi
jnz short loc_41144C
mov byte ptr [edi], 2Dh
lea esi, [edi+1]
loc_41144C: ; CODE XREF: sub_4113CE+76�j
mov eax, [ebx+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_411463
mov eax, esi
call sub_410DCB
mov byte ptr [esi], 30h
inc esi
jmp short loc_411465
; ---------------------------------------------------------------------------
loc_411463: ; CODE XREF: sub_4113CE+86�j
add esi, eax
loc_411465: ; CODE XREF: sub_4113CE+93�j
cmp [ebp+arg_4], 0
jle short loc_4114AF
mov eax, esi
call sub_410DCB
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
mov ebx, [ebx+4]
inc esi
test ebx, ebx
jge short loc_4114AF
neg ebx
cmp [ebp+arg_8], 0
jnz short loc_411496
cmp [ebp+arg_4], ebx
jl short loc_411499
loc_411496: ; CODE XREF: sub_4113CE+C1�j
mov [ebp+arg_4], ebx
loc_411499: ; CODE XREF: sub_4113CE+C6�j
mov edi, [ebp+arg_4]
mov eax, esi
call sub_410DCB
push edi
push 30h
push esi
call sub_407F20
add esp, 0Ch
loc_4114AF: ; CODE XREF: sub_4113CE+9B�j
; sub_4113CE+B9�j
cmp [ebp+var_4], 0
jz short loc_4114BC
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4114BC: ; CODE XREF: sub_4113CE+E5�j
xor eax, eax
loc_4114BE: ; CODE XREF: sub_4113CE+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_4113CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114C3 proc near ; CODE XREF: sub_411674+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411B21
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_411513
loc_4114FB: ; CODE XREF: sub_4114C3+55�j
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_4032F9
add esp, 14h
mov eax, esi
jmp short loc_41156D
; ---------------------------------------------------------------------------
loc_411513: ; CODE XREF: sub_4114C3+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_4114FB
cmp eax, 0FFFFFFFFh
jnz short loc_411523
or eax, eax
jmp short loc_41152E
; ---------------------------------------------------------------------------
loc_411523: ; CODE XREF: sub_4114C3+5A�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
loc_41152E: ; CODE XREF: sub_4114C3+5E�j
mov esi, [ebp+arg_C]
lea ecx, [ebp+var_2C]
push ecx
mov ecx, [ebp+var_28]
add ecx, esi
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
add eax, edi
push eax
call sub_4119A9
add esp, 10h
cmp eax, ebx
jz short loc_411558
mov [edi], bl
jmp short loc_41156D
; ---------------------------------------------------------------------------
loc_411558: ; CODE XREF: sub_4114C3+8F�j
push [ebp+arg_10]
lea eax, [ebp+var_2C]
push ebx
push esi
push [ebp+arg_8]
mov ecx, edi
call sub_4113CE
add esp, 10h
loc_41156D: ; CODE XREF: sub_4114C3+4E�j
; sub_4114C3+93�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_4114C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41157C proc near ; CODE XREF: sub_411674+4A�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 16h
pop edi
push edi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_30]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411B21
xor ebx, ebx
add esp, 14h
cmp esi, ebx
jnz short loc_4115CF
loc_4115B4: ; CODE XREF: sub_41157C+58�j
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], edi
call sub_4032F9
add esp, 14h
mov eax, edi
jmp loc_411665
; ---------------------------------------------------------------------------
loc_4115CF: ; CODE XREF: sub_41157C+36�j
mov ecx, [ebp+arg_8]
cmp ecx, ebx
jbe short loc_4115B4
mov eax, [ebp+var_2C]
dec eax
mov [ebp+var_20], eax
xor eax, eax
cmp [ebp+var_30], 2Dh
setz al
cmp ecx, 0FFFFFFFFh
lea edi, [eax+esi]
jnz short loc_4115F2
or ecx, ecx
jmp short loc_4115F4
; ---------------------------------------------------------------------------
loc_4115F2: ; CODE XREF: sub_41157C+70�j
sub ecx, eax
loc_4115F4: ; CODE XREF: sub_41157C+74�j
lea eax, [ebp+var_30]
push eax
push [ebp+arg_C]
push ecx
push edi
call sub_4119A9
add esp, 10h
cmp eax, ebx
jz short loc_41160D
mov [esi], bl
jmp short loc_411665
; ---------------------------------------------------------------------------
loc_41160D: ; CODE XREF: sub_41157C+8B�j
mov eax, [ebp+var_2C]
dec eax
cmp [ebp+var_20], eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_411649
cmp eax, [ebp+arg_C]
jge short loc_411649
cmp cl, bl
jz short loc_41162F
loc_411625: ; CODE XREF: sub_41157C+AE�j
mov al, [edi]
inc edi
test al, al
jnz short loc_411625
mov [edi-2], bl
loc_41162F: ; CODE XREF: sub_41157C+A7�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push [ebp+arg_C]
mov ecx, esi
push [ebp+arg_8]
call sub_4113CE
add esp, 10h
jmp short loc_411665
; ---------------------------------------------------------------------------
loc_411649: ; CODE XREF: sub_41157C+9E�j
; sub_41157C+A3�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push eax
push [ebp+arg_10]
mov eax, esi
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410E04
add esp, 18h
loc_411665: ; CODE XREF: sub_41157C+4E�j
; sub_41157C+8F�j ...
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_41157C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411674 proc near ; CODE XREF: sub_4116FA+17�p
; DATA XREF: sub_40FABC+37�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
cmp eax, 65h
jz short loc_4116DE
cmp eax, 45h
jz short loc_4116DE
cmp eax, 66h
jnz short loc_4116A2
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4114C3
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4116A2: ; CODE XREF: sub_411674+13�j
cmp eax, 61h
jz short loc_4116C5
cmp eax, 41h
jz short loc_4116C5
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41157C
jmp short loc_4116F5
; ---------------------------------------------------------------------------
loc_4116C5: ; CODE XREF: sub_411674+31�j
; sub_411674+36�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41105D
jmp short loc_4116F5
; ---------------------------------------------------------------------------
loc_4116DE: ; CODE XREF: sub_411674+9�j
; sub_411674+E�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410F71
loc_4116F5: ; CODE XREF: sub_411674+4F�j
; sub_411674+68�j
add esp, 18h
pop ebp
retn
sub_411674 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4116FA proc near ; DATA XREF: sub_40FABC�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411674
add esp, 1Ch
pop ebp
retn
sub_4116FA endp
; =============== S U B R O U T I N E =======================================
sub_41171B proc near ; CODE XREF: .text:0040FB32�p
push esi
push 30000h
push 10000h
xor esi, esi
push esi
call sub_411CAF
add esp, 0Ch
test eax, eax
jz short loc_411742
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_411742: ; CODE XREF: sub_41171B+18�j
pop esi
retn
sub_41171B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411744 proc near ; CODE XREF: sub_411780:loc_4117A4�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_41EE80
fstp [ebp+var_10]
fld ds:dbl_41EE78
fstp [ebp+var_18]
fld [ebp+var_18]
fdiv [ebp+var_10]
fmul [ebp+var_10]
fsubr [ebp+var_18]
fstp [ebp+var_8]
fld1
fcomp [ebp+var_8]
fnstsw ax
test ah, 5
jp short loc_41177C
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_41177C: ; CODE XREF: sub_411744+31�j
xor eax, eax
leave
retn
sub_411744 endp
; =============== S U B R O U T I N E =======================================
sub_411780 proc near ; CODE XREF: .text:0040FB21�p
push offset dword_41EEA4
call ds:off_41D0E0
test eax, eax
jz short loc_4117A4
push offset dword_41EE88
push eax
call ds:off_41D0E8
test eax, eax
jz short loc_4117A4
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_4117A4: ; CODE XREF: sub_411780+D�j
; sub_411780+1D�j
jmp sub_411744
sub_411780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4117B0 proc near ; CODE XREF: sub_410860+11�j
; .text:00410887�j ...
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_4117C4: ; CODE XREF: sub_4117B0+29�j
cmp ecx, eax
jb short loc_4117D2
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_4117D2: ; CODE XREF: sub_4117B0+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_4117C4
sub_4117B0 endp
; =============== S U B R O U T I N E =======================================
sub_4117DB proc near ; CODE XREF: sub_41088C+24�p
xor eax, eax
push eax
push eax
push 3
push eax
push 3
push 40000000h
push offset dword_41EEB0
call ds:off_41D06C
mov dword_424224, eax
retn
sub_4117DB endp
; =============== S U B R O U T I N E =======================================
sub_4117FA proc near ; DATA XREF: c.7ld2ih:0041D2F4�o
mov eax, dword_424224
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:off_41D0D8
jz short loc_411813
cmp eax, 0FFFFFFFEh
jz short loc_411813
push eax
call esi ; byte_451809
loc_411813: ; CODE XREF: sub_4117FA+F�j
; sub_4117FA+14�j
mov eax, dword_424220
cmp eax, 0FFFFFFFFh
jz short loc_411825
cmp eax, 0FFFFFFFEh
jz short loc_411825
push eax
call esi ; byte_451809
loc_411825: ; CODE XREF: sub_4117FA+21�j
; sub_4117FA+26�j
pop esi
retn
sub_4117FA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411830 proc near ; CODE XREF: sub_41105D+102�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_411857
xor eax, eax
jmp short loc_411859
; ---------------------------------------------------------------------------
loc_411857: ; CODE XREF: sub_411830+21�j
mov eax, edi
loc_411859: ; CODE XREF: sub_411830+25�j
cld
pop edi
leave
retn
sub_411830 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41185D proc near ; CODE XREF: sub_410D74+15�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_402ADF
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41279D
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411D19
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_4118DA
cmp eax, 1
jnz short loc_4118C5
loc_4118B4: ; CODE XREF: sub_41185D+87�j
cmp [ebp+var_18], bl
jz short loc_4118C0
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4118C0: ; CODE XREF: sub_41185D+5A�j
push 3
loc_4118C2: ; CODE XREF: sub_41185D+7B�j
pop eax
jmp short loc_4118F4
; ---------------------------------------------------------------------------
loc_4118C5: ; CODE XREF: sub_41185D+55�j
cmp eax, 2
jnz short loc_4118E6
loc_4118CA: ; CODE XREF: sub_41185D+81�j
cmp [ebp+var_18], bl
jz short loc_4118D6
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4118D6: ; CODE XREF: sub_41185D+70�j
push 4
jmp short loc_4118C2
; ---------------------------------------------------------------------------
loc_4118DA: ; CODE XREF: sub_41185D+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_4118CA
test byte ptr [ebp+var_14], 2
jnz short loc_4118B4
loc_4118E6: ; CODE XREF: sub_41185D+6B�j
cmp [ebp+var_18], bl
jz short loc_4118F2
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4118F2: ; CODE XREF: sub_41185D+8C�j
xor eax, eax
loc_4118F4: ; CODE XREF: sub_41185D+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_41185D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411903 proc near ; CODE XREF: sub_410D74+2E�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_402ADF
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41279D
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_41225B
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_411980
cmp eax, 1
jnz short loc_41196B
loc_41195A: ; CODE XREF: sub_411903+87�j
cmp [ebp+var_18], bl
jz short loc_411966
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411966: ; CODE XREF: sub_411903+5A�j
push 3
loc_411968: ; CODE XREF: sub_411903+7B�j
pop eax
jmp short loc_41199A
; ---------------------------------------------------------------------------
loc_41196B: ; CODE XREF: sub_411903+55�j
cmp eax, 2
jnz short loc_41198C
loc_411970: ; CODE XREF: sub_411903+81�j
cmp [ebp+var_18], bl
jz short loc_41197C
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_41197C: ; CODE XREF: sub_411903+70�j
push 4
jmp short loc_411968
; ---------------------------------------------------------------------------
loc_411980: ; CODE XREF: sub_411903+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_411970
test byte ptr [ebp+var_14], 2
jnz short loc_41195A
loc_41198C: ; CODE XREF: sub_411903+6B�j
cmp [ebp+var_18], bl
jz short loc_411998
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411998: ; CODE XREF: sub_411903+8C�j
xor eax, eax
loc_41199A: ; CODE XREF: sub_411903+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_411903 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4119A9 proc near ; CODE XREF: sub_410F71+96�p
; sub_4114C3+85�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_C]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ecx+0Ch]
jnz short loc_4119DC
loc_4119BE: ; CODE XREF: sub_4119A9+36�j
call sub_405B83
push 16h
pop esi
mov [eax], esi
loc_4119C8: ; CODE XREF: sub_4119A9+59�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_4032F9
add esp, 14h
mov eax, esi
jmp loc_411A61
; ---------------------------------------------------------------------------
loc_4119DC: ; CODE XREF: sub_4119A9+13�j
cmp [ebp+arg_4], ebx
jbe short loc_4119BE
mov edx, [ebp+arg_8]
cmp edx, ebx
mov [esi], bl
jle short loc_4119EE
mov eax, edx
jmp short loc_4119F0
; ---------------------------------------------------------------------------
loc_4119EE: ; CODE XREF: sub_4119A9+3F�j
xor eax, eax
loc_4119F0: ; CODE XREF: sub_4119A9+43�j
inc eax
cmp [ebp+arg_4], eax
ja short loc_411A04
call sub_405B83
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_4119C8
; ---------------------------------------------------------------------------
loc_411A04: ; CODE XREF: sub_4119A9+4B�j
cmp edx, ebx
mov byte ptr [esi], 30h
lea eax, [esi+1]
jle short loc_411A28
loc_411A0E: ; CODE XREF: sub_4119A9+7A�j
mov cl, [edi]
cmp cl, bl
jz short loc_411A1A
movsx ecx, cl
inc edi
jmp short loc_411A1D
; ---------------------------------------------------------------------------
loc_411A1A: ; CODE XREF: sub_4119A9+69�j
push 30h
pop ecx
loc_411A1D: ; CODE XREF: sub_4119A9+6F�j
mov [eax], cl
inc eax
dec edx
cmp edx, ebx
jg short loc_411A0E
mov ecx, [ebp+arg_C]
loc_411A28: ; CODE XREF: sub_4119A9+63�j
cmp edx, ebx
mov [eax], bl
jl short loc_411A40
cmp byte ptr [edi], 35h
jl short loc_411A40
jmp short loc_411A38
; ---------------------------------------------------------------------------
loc_411A35: ; CODE XREF: sub_4119A9+93�j
mov byte ptr [eax], 30h
loc_411A38: ; CODE XREF: sub_4119A9+8A�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_411A35
inc byte ptr [eax]
loc_411A40: ; CODE XREF: sub_4119A9+83�j
; sub_4119A9+88�j
cmp byte ptr [esi], 31h
jnz short loc_411A4A
inc dword ptr [ecx+4]
jmp short loc_411A5F
; ---------------------------------------------------------------------------
loc_411A4A: ; CODE XREF: sub_4119A9+9A�j
lea edi, [esi+1]
push edi
call sub_4044E0
inc eax
push eax
push edi
push esi
call sub_407720
add esp, 10h
loc_411A5F: ; CODE XREF: sub_4119A9+9F�j
xor eax, eax
loc_411A61: ; CODE XREF: sub_4119A9+2E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4119A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A66 proc near ; CODE XREF: sub_411B21+24�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
movzx eax, word ptr [edx+6]
push ebx
mov ecx, eax
push esi
push edi
shr ecx, 4
and eax, 8000h
mov edi, 7FFh
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_411AB4
cmp ebx, edi
jz short loc_411AAD
add ecx, 3C00h
jmp short loc_411AD5
; ---------------------------------------------------------------------------
loc_411AAD: ; CODE XREF: sub_411A66+3D�j
mov edi, 7FFFh
jmp short loc_411AD8
; ---------------------------------------------------------------------------
loc_411AB4: ; CODE XREF: sub_411A66+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_411ACC
cmp edx, ebx
jnz short loc_411ACC
mov eax, [ebp+arg_0]
mov cx, word ptr [ebp+arg_4]
mov [eax+4], ebx
mov [eax], ebx
jmp short loc_411B18
; ---------------------------------------------------------------------------
loc_411ACC: ; CODE XREF: sub_411A66+52�j
; sub_411A66+56�j
add ecx, 3C01h
mov [ebp+var_4], ebx
loc_411AD5: ; CODE XREF: sub_411A66+45�j
movzx edi, cx
loc_411AD8: ; CODE XREF: sub_411A66+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_411B13
loc_411AF4: ; CODE XREF: sub_411A66+AB�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
add edx, edx
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_411AF4
loc_411B13: ; CODE XREF: sub_411A66+8C�j
mov ecx, [ebp+arg_4]
or ecx, edi
loc_411B18: ; CODE XREF: sub_411A66+64�j
pop edi
pop esi
mov [eax+8], cx
pop ebx
leave
retn
sub_411A66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411B21 proc near ; CODE XREF: sub_410F71+2A�p
; sub_4114C3+2A�p ...
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
push ebx
mov ebx, [ebp+arg_8]
push esi
mov [ebp+var_30], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_411A66
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_412E61
mov esi, [ebp+var_30]
mov [ebx+8], eax
movsx eax, [ebp+var_2A]
mov [ebx], eax
movsx eax, [ebp+var_2C]
mov [ebx+4], eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_10]
push esi
call sub_407A85
add esp, 24h
test eax, eax
jz short loc_411B9B
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_4031FD
add esp, 14h
loc_411B9B: ; CODE XREF: sub_411B21+69�j
mov ecx, [ebp+var_4]
pop edi
mov [ebx+0Ch], esi
pop esi
mov eax, ebx
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_411B21 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411BB0 proc near ; CODE XREF: sub_41105D+2F7�p
; sub_41105D+31D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebp
xor edi, edi
xor ebp, ebp
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_411BD4
inc edi
inc ebp
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_411BD4: ; CODE XREF: sub_411BB0+D�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_411BF0
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_411BF0: ; CODE XREF: sub_411BB0+2A�j
or eax, eax
jnz short loc_411C1C
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+0Ch+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+0Ch+arg_8]
add edx, ecx
jmp short loc_411C63
; ---------------------------------------------------------------------------
loc_411C1C: ; CODE XREF: sub_411BB0+42�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_411C2A: ; CODE XREF: sub_411BB0+84�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_411C2A
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_411C58
cmp edx, [esp+0Ch+arg_4]
ja short loc_411C58
jb short loc_411C61
cmp eax, [esp+0Ch+arg_0]
jbe short loc_411C61
loc_411C58: ; CODE XREF: sub_411BB0+98�j
; sub_411BB0+9E�j
dec esi
sub eax, [esp+0Ch+arg_8]
sbb edx, [esp+0Ch+arg_C]
loc_411C61: ; CODE XREF: sub_411BB0+A0�j
; sub_411BB0+A6�j
xor ebx, ebx
loc_411C63: ; CODE XREF: sub_411BB0+6A�j
sub eax, [esp+0Ch+arg_0]
sbb edx, [esp+0Ch+arg_4]
dec ebp
jns short loc_411C75
neg edx
neg eax
sbb edx, 0
loc_411C75: ; CODE XREF: sub_411BB0+BC�j
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
dec edi
jnz short loc_411C89
neg edx
neg eax
sbb edx, 0
loc_411C89: ; CODE XREF: sub_411BB0+D0�j
pop ebp
pop esi
pop edi
retn 10h
sub_411BB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411C90 proc near ; CODE XREF: sub_41105D+1EA�p
; sub_41105D+23E�p ...
cmp cl, 40h
jnb short loc_411CAA
cmp cl, 20h
jnb short loc_411CA0
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
loc_411CA0: ; CODE XREF: sub_411C90+8�j
mov eax, edx
xor edx, edx
and cl, 1Fh
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_411CAA: ; CODE XREF: sub_411C90+3�j
xor eax, eax
xor edx, edx
retn
sub_411C90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411CAF proc near ; CODE XREF: sub_41171B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
and eax, 0FFF7FFFFh
and ecx, eax
test ecx, 0FCF0FCE0h
push esi
jz short loc_411CF9
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_411CDD
push esi
push esi
call sub_413857
pop ecx
pop ecx
mov [edi], eax
loc_411CDD: ; CODE XREF: sub_411CAF+21�j
call sub_405B83
push 16h
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_4032F9
add esp, 14h
mov eax, edi
pop edi
jmp short loc_411D16
; ---------------------------------------------------------------------------
loc_411CF9: ; CODE XREF: sub_411CAF+17�j
mov esi, [ebp+arg_0]
test esi, esi
push eax
push [ebp+arg_4]
jz short loc_411D0D
call sub_413857
mov [esi], eax
jmp short loc_411D12
; ---------------------------------------------------------------------------
loc_411D0D: ; CODE XREF: sub_411CAF+53�j
call sub_413857
loc_411D12: ; CODE XREF: sub_411CAF+5C�j
pop ecx
pop ecx
xor eax, eax
loc_411D16: ; CODE XREF: sub_411CAF+48�j
pop esi
pop ebp
retn
sub_411CAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411D19 proc near ; CODE XREF: sub_41185D+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_411D83
xor ebx, ebx
xor eax, eax
loc_411D60: ; CODE XREF: sub_411D19+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_411D73
inc eax
cmp eax, 3
jl short loc_411D60
xor eax, eax
jmp loc_412218
; ---------------------------------------------------------------------------
loc_411D73: ; CODE XREF: sub_411D19+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_412218
; ---------------------------------------------------------------------------
loc_411D83: ; CODE XREF: sub_411D19+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411DBB
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411DBB: ; CODE XREF: sub_411D19+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411E61
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411DE9
; ---------------------------------------------------------------------------
loc_411DE4: ; CODE XREF: sub_411D19+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411DE9: ; CODE XREF: sub_411D19+C9�j
jnz short loc_411DF3
inc eax
cmp eax, 3
jl short loc_411DE4
jmp short loc_411E61
; ---------------------------------------------------------------------------
loc_411DF3: ; CODE XREF: sub_411D19:loc_411DE9�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411E0D
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411E0D: ; CODE XREF: sub_411D19+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411E4C
cmp [ebp+arg_0], edx
jmp short loc_411E4A
; ---------------------------------------------------------------------------
loc_411E2F: ; CODE XREF: sub_411D19+143�j
test ecx, ecx
jz short loc_411E5E
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411E4C
cmp esi, 1
loc_411E4A: ; CODE XREF: sub_411D19+114�j
jnb short loc_411E53
loc_411E4C: ; CODE XREF: sub_411D19+10F�j
; sub_411D19+12C�j
mov [ebp+var_4], 1
loc_411E53: ; CODE XREF: sub_411D19:loc_411E4A�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411E2F
loc_411E5E: ; CODE XREF: sub_411D19+118�j
mov [ebp+arg_0], ecx
loc_411E61: ; CODE XREF: sub_411D19+B5�j
; sub_411D19+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411E81
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411E81: ; CODE XREF: sub_411D19+159�j
cmp [ebp+arg_0], 0
jz short loc_411E88
inc ebx
loc_411E88: ; CODE XREF: sub_411D19+16C�j
mov eax, dword_424234
mov ecx, eax
sub ecx, dword_424238
cmp ebx, ecx
jge short loc_411EA6
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_4120B3
; ---------------------------------------------------------------------------
loc_411EA6: ; CODE XREF: sub_411D19+17E�j
cmp ebx, eax
jg loc_4120BD
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_411ED4
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411ED4: ; CODE XREF: sub_411D19+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411EEF: ; CODE XREF: sub_411D19+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411EEF
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411F29: ; CODE XREF: sub_411D19+227�j
cmp edx, eax
jl short loc_411F35
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411F3A
; ---------------------------------------------------------------------------
loc_411F35: ; CODE XREF: sub_411D19+212�j
and [ebp+edx*4+var_20], 0
loc_411F3A: ; CODE XREF: sub_411D19+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411F29
mov esi, dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_411F69
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411F69: ; CODE XREF: sub_411D19+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_412004
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411F94
; ---------------------------------------------------------------------------
loc_411F8F: ; CODE XREF: sub_411D19+281�j
cmp [ebp+eax*4+var_20], 0
loc_411F94: ; CODE XREF: sub_411D19+274�j
jnz short loc_411F9E
inc eax
cmp eax, 3
jl short loc_411F8F
jmp short loc_412004
; ---------------------------------------------------------------------------
loc_411F9E: ; CODE XREF: sub_411D19:loc_411F94�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411FB8
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411FB8: ; CODE XREF: sub_411D19+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_411FD4
cmp edi, edx
jnb short loc_411FDB
loc_411FD4: ; CODE XREF: sub_411D19+2B5�j
mov [ebp+arg_0], 1
loc_411FDB: ; CODE XREF: sub_411D19+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_412001
; ---------------------------------------------------------------------------
loc_411FE2: ; CODE XREF: sub_411D19+2E9�j
test ecx, ecx
jz short loc_412004
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_411FFA
cmp esi, 1
jnb short loc_411FFD
loc_411FFA: ; CODE XREF: sub_411D19+2DA�j
xor edi, edi
inc edi
loc_411FFD: ; CODE XREF: sub_411D19+2DF�j
mov [ecx], esi
mov ecx, edi
loc_412001: ; CODE XREF: sub_411D19+2C7�j
dec eax
jns short loc_411FE2
loc_412004: ; CODE XREF: sub_411D19+263�j
; sub_411D19+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_412024
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_412024: ; CODE XREF: sub_411D19+2FC�j
mov ecx, dword_42423C
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_412045
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412045: ; CODE XREF: sub_411D19+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412060: ; CODE XREF: sub_411D19+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412060
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41209A: ; CODE XREF: sub_411D19+398�j
cmp edx, eax
jl short loc_4120A6
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4120AB
; ---------------------------------------------------------------------------
loc_4120A6: ; CODE XREF: sub_411D19+383�j
and [ebp+edx*4+var_20], 0
loc_4120AB: ; CODE XREF: sub_411D19+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41209A
loc_4120B3: ; CODE XREF: sub_411D19+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_412217
; ---------------------------------------------------------------------------
loc_4120BD: ; CODE XREF: sub_411D19+18F�j
cmp ebx, dword_424230
mov ecx, dword_42423C
jl loc_41217C
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4120F8
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4120F8: ; CODE XREF: sub_411D19+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412113: ; CODE XREF: sub_411D19+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412113
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41214D: ; CODE XREF: sub_411D19+44B�j
cmp edx, eax
jl short loc_412159
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41215E
; ---------------------------------------------------------------------------
loc_412159: ; CODE XREF: sub_411D19+436�j
and [ebp+edx*4+var_20], 0
loc_41215E: ; CODE XREF: sub_411D19+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41214D
mov eax, dword_424230
mov ecx, dword_424244
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_412217
; ---------------------------------------------------------------------------
loc_41217C: ; CODE XREF: sub_411D19+3B0�j
mov eax, dword_424244
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4121A4
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4121A4: ; CODE XREF: sub_411D19+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_4121BF: ; CODE XREF: sub_411D19+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_4121BF
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4121FC: ; CODE XREF: sub_411D19+4FA�j
cmp edx, eax
jl short loc_412208
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41220D
; ---------------------------------------------------------------------------
loc_412208: ; CODE XREF: sub_411D19+4E5�j
and [ebp+edx*4+var_20], 0
loc_41220D: ; CODE XREF: sub_411D19+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4121FC
xor eax, eax
loc_412217: ; CODE XREF: sub_411D19+39F�j
; sub_411D19+45E�j
pop esi
loc_412218: ; CODE XREF: sub_411D19+55�j
; sub_411D19+65�j
push 1Fh
pop ecx
sub ecx, dword_42423C
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, dword_424240
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_41224D
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_412257
; ---------------------------------------------------------------------------
loc_41224D: ; CODE XREF: sub_411D19+525�j
cmp ecx, 20h
jnz short loc_412257
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_412257: ; CODE XREF: sub_411D19+532�j
; sub_411D19+537�j
pop edi
pop ebx
leave
retn
sub_411D19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41225B proc near ; CODE XREF: sub_411903+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_4122C5
xor ebx, ebx
xor eax, eax
loc_4122A2: ; CODE XREF: sub_41225B+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_4122B5
inc eax
cmp eax, 3
jl short loc_4122A2
xor eax, eax
jmp loc_41275A
; ---------------------------------------------------------------------------
loc_4122B5: ; CODE XREF: sub_41225B+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_41275A
; ---------------------------------------------------------------------------
loc_4122C5: ; CODE XREF: sub_41225B+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_4122FD
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4122FD: ; CODE XREF: sub_41225B+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_4123A3
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_41232B
; ---------------------------------------------------------------------------
loc_412326: ; CODE XREF: sub_41225B+D6�j
cmp [ebp+eax*4+var_20], 0
loc_41232B: ; CODE XREF: sub_41225B+C9�j
jnz short loc_412335
inc eax
cmp eax, 3
jl short loc_412326
jmp short loc_4123A3
; ---------------------------------------------------------------------------
loc_412335: ; CODE XREF: sub_41225B:loc_41232B�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_41234F
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_41234F: ; CODE XREF: sub_41225B+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_41238E
cmp [ebp+arg_0], edx
jmp short loc_41238C
; ---------------------------------------------------------------------------
loc_412371: ; CODE XREF: sub_41225B+143�j
test ecx, ecx
jz short loc_4123A0
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_41238E
cmp esi, 1
loc_41238C: ; CODE XREF: sub_41225B+114�j
jnb short loc_412395
loc_41238E: ; CODE XREF: sub_41225B+10F�j
; sub_41225B+12C�j
mov [ebp+var_4], 1
loc_412395: ; CODE XREF: sub_41225B:loc_41238C�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_412371
loc_4123A0: ; CODE XREF: sub_41225B+118�j
mov [ebp+arg_0], ecx
loc_4123A3: ; CODE XREF: sub_41225B+B5�j
; sub_41225B+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_4123C3
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_4123C3: ; CODE XREF: sub_41225B+159�j
cmp [ebp+arg_0], 0
jz short loc_4123CA
inc ebx
loc_4123CA: ; CODE XREF: sub_41225B+16C�j
mov eax, dword_42424C
mov ecx, eax
sub ecx, dword_424250
cmp ebx, ecx
jge short loc_4123E8
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_4125F5
; ---------------------------------------------------------------------------
loc_4123E8: ; CODE XREF: sub_41225B+17E�j
cmp ebx, eax
jg loc_4125FF
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_412416
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412416: ; CODE XREF: sub_41225B+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412431: ; CODE XREF: sub_41225B+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412431
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41246B: ; CODE XREF: sub_41225B+227�j
cmp edx, eax
jl short loc_412477
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41247C
; ---------------------------------------------------------------------------
loc_412477: ; CODE XREF: sub_41225B+212�j
and [ebp+edx*4+var_20], 0
loc_41247C: ; CODE XREF: sub_41225B+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41246B
mov esi, dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_4124AB
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4124AB: ; CODE XREF: sub_41225B+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_412546
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_4124D6
; ---------------------------------------------------------------------------
loc_4124D1: ; CODE XREF: sub_41225B+281�j
cmp [ebp+eax*4+var_20], 0
loc_4124D6: ; CODE XREF: sub_41225B+274�j
jnz short loc_4124E0
inc eax
cmp eax, 3
jl short loc_4124D1
jmp short loc_412546
; ---------------------------------------------------------------------------
loc_4124E0: ; CODE XREF: sub_41225B:loc_4124D6�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_4124FA
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_4124FA: ; CODE XREF: sub_41225B+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_412516
cmp edi, edx
jnb short loc_41251D
loc_412516: ; CODE XREF: sub_41225B+2B5�j
mov [ebp+arg_0], 1
loc_41251D: ; CODE XREF: sub_41225B+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_412543
; ---------------------------------------------------------------------------
loc_412524: ; CODE XREF: sub_41225B+2E9�j
test ecx, ecx
jz short loc_412546
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_41253C
cmp esi, 1
jnb short loc_41253F
loc_41253C: ; CODE XREF: sub_41225B+2DA�j
xor edi, edi
inc edi
loc_41253F: ; CODE XREF: sub_41225B+2DF�j
mov [ecx], esi
mov ecx, edi
loc_412543: ; CODE XREF: sub_41225B+2C7�j
dec eax
jns short loc_412524
loc_412546: ; CODE XREF: sub_41225B+263�j
; sub_41225B+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_412566
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_412566: ; CODE XREF: sub_41225B+2FC�j
mov ecx, dword_424254
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_412587
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412587: ; CODE XREF: sub_41225B+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4125A2: ; CODE XREF: sub_41225B+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4125A2
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4125DC: ; CODE XREF: sub_41225B+398�j
cmp edx, eax
jl short loc_4125E8
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4125ED
; ---------------------------------------------------------------------------
loc_4125E8: ; CODE XREF: sub_41225B+383�j
and [ebp+edx*4+var_20], 0
loc_4125ED: ; CODE XREF: sub_41225B+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4125DC
loc_4125F5: ; CODE XREF: sub_41225B+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_412759
; ---------------------------------------------------------------------------
loc_4125FF: ; CODE XREF: sub_41225B+18F�j
cmp ebx, dword_424248
mov ecx, dword_424254
jl loc_4126BE
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_41263A
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_41263A: ; CODE XREF: sub_41225B+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412655: ; CODE XREF: sub_41225B+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412655
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41268F: ; CODE XREF: sub_41225B+44B�j
cmp edx, eax
jl short loc_41269B
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4126A0
; ---------------------------------------------------------------------------
loc_41269B: ; CODE XREF: sub_41225B+436�j
and [ebp+edx*4+var_20], 0
loc_4126A0: ; CODE XREF: sub_41225B+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41268F
mov eax, dword_424248
mov ecx, dword_42425C
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_412759
; ---------------------------------------------------------------------------
loc_4126BE: ; CODE XREF: sub_41225B+3B0�j
mov eax, dword_42425C
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4126E6
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4126E6: ; CODE XREF: sub_41225B+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_412701: ; CODE XREF: sub_41225B+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_412701
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41273E: ; CODE XREF: sub_41225B+4FA�j
cmp edx, eax
jl short loc_41274A
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41274F
; ---------------------------------------------------------------------------
loc_41274A: ; CODE XREF: sub_41225B+4E5�j
and [ebp+edx*4+var_20], 0
loc_41274F: ; CODE XREF: sub_41225B+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41273E
xor eax, eax
loc_412759: ; CODE XREF: sub_41225B+39F�j
; sub_41225B+45E�j
pop esi
loc_41275A: ; CODE XREF: sub_41225B+55�j
; sub_41225B+65�j
push 1Fh
pop ecx
sub ecx, dword_424254
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, dword_424258
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_41278F
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_412799
; ---------------------------------------------------------------------------
loc_41278F: ; CODE XREF: sub_41225B+525�j
cmp ecx, 20h
jnz short loc_412799
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_412799: ; CODE XREF: sub_41225B+532�j
; sub_41225B+537�j
pop edi
pop ebx
leave
retn
sub_41225B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41279D proc near ; CODE XREF: sub_41185D+37�p
; sub_411903+37�p
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_46 = dword ptr -46h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_9 = byte ptr -9
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
xor esi, esi
mov [ebp+var_7C], eax
mov eax, [ebp+arg_4]
inc esi
xor ecx, ecx
cmp [ebp+arg_1C], ebx
push edi
mov [ebp+var_70], eax
lea edi, [ebp+var_20]
mov [ebp+var_74], ebx
mov [ebp+var_68], esi
mov [ebp+var_4C], ebx
mov [ebp+var_58], ebx
mov [ebp+var_5C], ebx
mov [ebp+var_60], ebx
mov [ebp+var_64], ebx
mov [ebp+var_50], ebx
mov [ebp+var_6C], ebx
jnz short loc_412805
call sub_405B83
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_4032F9
add esp, 14h
xor eax, eax
jmp loc_412E1F
; ---------------------------------------------------------------------------
loc_412805: ; CODE XREF: sub_41279D+47�j
mov edx, [ebp+arg_8]
mov [ebp+var_54], edx
loc_41280B: ; CODE XREF: sub_41279D+81�j
mov al, [edx]
cmp al, 20h
jz short loc_41281D
cmp al, 9
jz short loc_41281D
cmp al, 0Ah
jz short loc_41281D
cmp al, 0Dh
jnz short loc_412820
loc_41281D: ; CODE XREF: sub_41279D+72�j
; sub_41279D+76�j ...
inc edx
jmp short loc_41280B
; ---------------------------------------------------------------------------
loc_412820: ; CODE XREF: sub_41279D+7E�j
mov bl, 30h
loc_412822: ; CODE XREF: sub_41279D+A6�j
; sub_41279D+BC�j ...
mov al, [edx]
inc edx
cmp ecx, 0Bh ; switch 12 cases
ja loc_412A5D ; default
; jumptable 0041282E case 10
jmp ds:off_412E31[ecx*4] ; switch jump
loc_412835: ; DATA XREF: .text:off_412E31�o
mov cl, al ; jumptable 0041282E case 0
sub cl, 31h
cmp cl, 8
ja short loc_412845
loc_41283F: ; CODE XREF: sub_41279D+F7�j
; sub_41279D+14A�j
push 3
loc_412841: ; CODE XREF: sub_41279D+201�j
; sub_41279D+218�j
pop ecx
dec edx
jmp short loc_412822
; ---------------------------------------------------------------------------
loc_412845: ; CODE XREF: sub_41279D+A0�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_41285B
loc_412856: ; CODE XREF: sub_41279D+15F�j
push 5
loc_412858: ; CODE XREF: sub_41279D+10C�j
; sub_41279D+138�j ...
pop ecx
jmp short loc_412822
; ---------------------------------------------------------------------------
loc_41285B: ; CODE XREF: sub_41279D+B7�j
movsx eax, al
sub eax, 2Bh
jz short loc_412880
dec eax
dec eax
jz short loc_412874
sub eax, 3
jnz loc_4129FB
loc_412870: ; CODE XREF: sub_41279D+118�j
; sub_41279D+167�j
mov ecx, esi
jmp short loc_412822
; ---------------------------------------------------------------------------
loc_412874: ; CODE XREF: sub_41279D+C8�j
push 2
pop ecx
mov [ebp+var_74], 8000h
jmp short loc_412822
; ---------------------------------------------------------------------------
loc_412880: ; CODE XREF: sub_41279D+C4�j
and [ebp+var_74], 0
push 2
pop ecx
jmp short loc_412822
; ---------------------------------------------------------------------------
loc_412889: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
mov cl, al ; jumptable 0041282E case 1
sub cl, 31h
cmp cl, 8
mov [ebp+var_58], esi
jbe short loc_41283F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4128AB
loc_4128A7: ; CODE XREF: sub_41279D+1A7�j
push 4
jmp short loc_412858
; ---------------------------------------------------------------------------
loc_4128AB: ; CODE XREF: sub_41279D+108�j
cmp al, 2Bh
jz short loc_4128D7
cmp al, 2Dh
jz short loc_4128D7
cmp al, bl
jz short loc_412870
loc_4128B7: ; CODE XREF: sub_41279D+1B5�j
cmp al, 43h
jle loc_4129FB
cmp al, 45h
jle short loc_4128D3
cmp al, 63h
jle loc_4129FB
cmp al, 65h
jg loc_4129FB
loc_4128D3: ; CODE XREF: sub_41279D+124�j
push 6
jmp short loc_412858
; ---------------------------------------------------------------------------
loc_4128D7: ; CODE XREF: sub_41279D+110�j
; sub_41279D+114�j ...
dec edx
push 0Bh
jmp loc_412858
; ---------------------------------------------------------------------------
loc_4128DF: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
mov cl, al ; jumptable 0041282E case 2
sub cl, 31h
cmp cl, 8
jbe loc_41283F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_412856
cmp al, bl
jz loc_412870
loc_41290A: ; CODE XREF: sub_41279D+1F9�j
; sub_41279D:loc_4129C9�j
mov edx, [ebp+var_54]
jmp loc_412A26
; ---------------------------------------------------------------------------
loc_412912: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
mov [ebp+var_58], esi ; jumptable 0041282E case 3
jmp short loc_412931
; ---------------------------------------------------------------------------
loc_412917: ; CODE XREF: sub_41279D+196�j
cmp al, 39h
jg short loc_412935
cmp [ebp+var_4C], 19h
jnb short loc_41292B
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
jmp short loc_41292E
; ---------------------------------------------------------------------------
loc_41292B: ; CODE XREF: sub_41279D+182�j
inc [ebp+var_50]
loc_41292E: ; CODE XREF: sub_41279D+18C�j
mov al, [edx]
inc edx
loc_412931: ; CODE XREF: sub_41279D+178�j
cmp al, bl
jge short loc_412917
loc_412935: ; CODE XREF: sub_41279D+17C�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4128A7
loc_41294A: ; CODE XREF: sub_41279D+1D6�j
; sub_41279D+1F0�j
cmp al, 2Bh
jz short loc_4128D7
cmp al, 2Dh
jz short loc_4128D7
jmp loc_4128B7
; ---------------------------------------------------------------------------
loc_412957: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
cmp [ebp+var_4C], 0 ; jumptable 0041282E case 4
mov [ebp+var_58], esi
mov [ebp+var_5C], esi
jnz short loc_412989
jmp short loc_41296B
; ---------------------------------------------------------------------------
loc_412965: ; CODE XREF: sub_41279D+1D0�j
dec [ebp+var_50]
mov al, [edx]
inc edx
loc_41296B: ; CODE XREF: sub_41279D+1C6�j
cmp al, bl
jz short loc_412965
jmp short loc_412989
; ---------------------------------------------------------------------------
loc_412971: ; CODE XREF: sub_41279D+1EE�j
cmp al, 39h
jg short loc_41294A
cmp [ebp+var_4C], 19h
jnb short loc_412986
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
dec [ebp+var_50]
loc_412986: ; CODE XREF: sub_41279D+1DC�j
mov al, [edx]
inc edx
loc_412989: ; CODE XREF: sub_41279D+1C4�j
; sub_41279D+1D2�j
cmp al, bl
jge short loc_412971
jmp short loc_41294A
; ---------------------------------------------------------------------------
loc_41298F: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
sub al, bl ; jumptable 0041282E case 5
cmp al, 9
mov [ebp+var_5C], esi
ja loc_41290A
push 4
jmp loc_412841
; ---------------------------------------------------------------------------
loc_4129A3: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
lea ecx, [edx-2] ; jumptable 0041282E case 6
mov [ebp+var_54], ecx
mov cl, al
sub cl, 31h
cmp cl, 8
ja short loc_4129BA
loc_4129B3: ; CODE XREF: sub_41279D+25C�j
; sub_41279D+269�j
push 9
jmp loc_412841
; ---------------------------------------------------------------------------
loc_4129BA: ; CODE XREF: sub_41279D+214�j
movsx eax, al
sub eax, 2Bh
jz short loc_4129E2
dec eax
dec eax
jz short loc_4129D6
sub eax, 3
loc_4129C9: ; CODE XREF: sub_41279D+26D�j
jnz loc_41290A
push 8
jmp loc_412858
; ---------------------------------------------------------------------------
loc_4129D6: ; CODE XREF: sub_41279D+227�j
; sub_41279D+285�j
or [ebp+var_68], 0FFFFFFFFh
push 7
pop ecx
jmp loc_412822
; ---------------------------------------------------------------------------
loc_4129E2: ; CODE XREF: sub_41279D+223�j
; sub_41279D+281�j
push 7
jmp loc_412858
; ---------------------------------------------------------------------------
loc_4129E9: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
mov [ebp+var_60], esi ; jumptable 0041282E case 8
jmp short loc_4129F1
; ---------------------------------------------------------------------------
loc_4129EE: ; CODE XREF: sub_41279D+256�j
mov al, [edx]
inc edx
loc_4129F1: ; CODE XREF: sub_41279D+24F�j
cmp al, bl
jz short loc_4129EE
sub al, 31h
cmp al, 8
jbe short loc_4129B3
loc_4129FB: ; CODE XREF: sub_41279D+CD�j
; sub_41279D+11C�j ...
dec edx
jmp short loc_412A26
; ---------------------------------------------------------------------------
loc_4129FE: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
mov cl, al ; jumptable 0041282E case 7
sub cl, 31h
cmp cl, 8
jbe short loc_4129B3
cmp al, bl
jmp short loc_4129C9
; ---------------------------------------------------------------------------
loc_412A0C: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
cmp [ebp+arg_18], 0 ; jumptable 0041282E case 11
jz short loc_412A59
movsx eax, al
sub eax, 2Bh
lea ecx, [edx-1]
mov [ebp+var_54], ecx
jz short loc_4129E2
dec eax
dec eax
jz short loc_4129D6
mov edx, ecx
loc_412A26: ; CODE XREF: sub_41279D+170�j
; sub_41279D+25F�j ...
cmp [ebp+var_58], 0
mov eax, [ebp+var_70]
mov [eax], edx
jz loc_412DDA
push 18h
pop eax
cmp [ebp+var_4C], eax
jbe short loc_412A4D
cmp [ebp+var_9], 5
jl short loc_412A46
inc [ebp+var_9]
loc_412A46: ; CODE XREF: sub_41279D+2A4�j
dec edi
inc [ebp+var_50]
mov [ebp+var_4C], eax
loc_412A4D: ; CODE XREF: sub_41279D+29E�j
cmp [ebp+var_4C], 0
jbe loc_412E01
jmp short loc_412AB2
; ---------------------------------------------------------------------------
loc_412A59: ; CODE XREF: sub_41279D+273�j
push 0Ah
pop ecx
dec edx
loc_412A5D: ; CODE XREF: sub_41279D+8B�j
; sub_41279D+91�j
; DATA XREF: ...
cmp ecx, 0Ah ; default
; jumptable 0041282E case 10
jnz loc_412822
jmp short loc_412A26
; ---------------------------------------------------------------------------
loc_412A68: ; CODE XREF: sub_41279D+91�j
; DATA XREF: .text:off_412E31�o
mov [ebp+var_60], esi ; jumptable 0041282E case 9
xor ecx, ecx
jmp short loc_412A88
; ---------------------------------------------------------------------------
loc_412A6F: ; CODE XREF: sub_41279D+2ED�j
cmp al, 39h
jg short loc_412A93
imul ecx, 0Ah
movsx esi, al
lea ecx, [ecx+esi-30h]
cmp ecx, 1450h
jg short loc_412A8E
mov al, [edx]
inc edx
loc_412A88: ; CODE XREF: sub_41279D+2D0�j
cmp al, bl
jge short loc_412A6F
jmp short loc_412A93
; ---------------------------------------------------------------------------
loc_412A8E: ; CODE XREF: sub_41279D+2E6�j
mov ecx, 1451h
loc_412A93: ; CODE XREF: sub_41279D+2D4�j
; sub_41279D+2EF�j
mov [ebp+var_64], ecx
jmp short loc_412AA3
; ---------------------------------------------------------------------------
loc_412A98: ; CODE XREF: sub_41279D+308�j
cmp al, 39h
jg loc_4129FB
mov al, [edx]
inc edx
loc_412AA3: ; CODE XREF: sub_41279D+2F9�j
cmp al, bl
jge short loc_412A98
jmp loc_4129FB
; ---------------------------------------------------------------------------
loc_412AAC: ; CODE XREF: sub_41279D+319�j
dec [ebp+var_4C]
inc [ebp+var_50]
loc_412AB2: ; CODE XREF: sub_41279D+2BA�j
dec edi
cmp byte ptr [edi], 0
jz short loc_412AAC
lea eax, [ebp+var_3C]
push eax
push [ebp+var_4C]
lea eax, [ebp+var_20]
push eax
call sub_413B5A
mov eax, [ebp+var_64]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_68], ecx
jge short loc_412AD7
neg eax
loc_412AD7: ; CODE XREF: sub_41279D+336�j
add eax, [ebp+var_50]
cmp [ebp+var_60], ecx
jnz short loc_412AE2
add eax, [ebp+arg_10]
loc_412AE2: ; CODE XREF: sub_41279D+340�j
cmp [ebp+var_5C], ecx
jnz short loc_412AEA
sub eax, [ebp+arg_14]
loc_412AEA: ; CODE XREF: sub_41279D+348�j
cmp eax, 1450h
jg loc_412DE3
cmp eax, 0FFFFEBB0h
jl loc_412DFA
mov esi, offset dword_424260
sub esi, 60h
cmp eax, ecx
mov [ebp+var_54], eax
jz loc_412DC8
jge short loc_412B22
neg eax
mov esi, offset dword_4243C0
mov [ebp+var_54], eax
sub esi, 60h
loc_412B22: ; CODE XREF: sub_41279D+376�j
cmp [ebp+arg_C], ecx
jnz short loc_412B2B
mov word ptr [ebp+var_3C], cx
loc_412B2B: ; CODE XREF: sub_41279D+388�j
cmp [ebp+var_54], ecx
jz loc_412DC8
loc_412B34: ; CODE XREF: sub_41279D+625�j
mov eax, [ebp+var_54]
sar [ebp+var_54], 3
add esi, 54h
and eax, 7
test eax, eax
mov [ebp+var_4C], esi
jz loc_412DBE
imul eax, 0Ch
add eax, esi
mov ebx, eax
cmp word ptr [ebx], 8000h
mov [ebp+var_70], ebx
jb short loc_412B71
mov esi, ebx
lea edi, [ebp+var_48]
movsd
movsd
movsd
dec [ebp+var_46]
mov esi, [ebp+var_4C]
lea ebx, [ebp+var_48]
mov [ebp+var_70], ebx
loc_412B71: ; CODE XREF: sub_41279D+3BE�j
movzx edx, word ptr [ebx+0Ah]
mov ecx, [ebp+var_32]
xor eax, eax
mov [ebp+var_50], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov eax, edx
mov edi, 7FFFh
xor eax, ecx
and ecx, edi
and edx, edi
and eax, 8000h
cmp cx, 7FFFh
lea edi, [edx+ecx]
movzx edi, di
jnb loc_412DA4
cmp dx, 7FFFh
jnb loc_412DA4
cmp di, 0BFFDh
ja loc_412DA4
cmp di, 3FBFh
ja short loc_412BD3
xor eax, eax
mov [ebp+var_38], eax
mov [ebp+var_3C], eax
jmp loc_412DBB
; ---------------------------------------------------------------------------
loc_412BD3: ; CODE XREF: sub_41279D+427�j
test cx, cx
jnz short loc_412BF7
inc edi
test dword ptr [ebp-34h], 7FFFFFFFh
jnz short loc_412BF7
cmp [ebp+var_38], 0
jnz short loc_412BF7
cmp [ebp+var_3C], 0
jnz short loc_412BF7
and word ptr [ebp+var_32], cx
jmp loc_412DBE
; ---------------------------------------------------------------------------
loc_412BF7: ; CODE XREF: sub_41279D+439�j
; sub_41279D+443�j ...
xor ecx, ecx
cmp dx, cx
jnz short loc_412C1F
inc edi
test dword ptr [ebx+8], 7FFFFFFFh
jnz short loc_412C1F
cmp [ebx+4], ecx
jnz short loc_412C1F
cmp [ebx], ecx
jnz short loc_412C1F
mov [ebp-34h], ecx
mov [ebp+var_38], ecx
mov [ebp+var_3C], ecx
jmp loc_412DBE
; ---------------------------------------------------------------------------
loc_412C1F: ; CODE XREF: sub_41279D+45F�j
; sub_41279D+469�j ...
and [ebp+var_68], ecx
lea esi, [ebp+var_28]
mov [ebp+var_58], 5
loc_412C2C: ; CODE XREF: sub_41279D+4FF�j
mov ecx, [ebp+var_68]
mov edx, [ebp+var_58]
add ecx, ecx
test edx, edx
mov [ebp+var_64], edx
jle short loc_412C90
lea ecx, [ebp+ecx+var_3C]
add ebx, 8
mov [ebp+var_5C], ecx
mov [ebp+var_60], ebx
loc_412C48: ; CODE XREF: sub_41279D+4EE�j
mov ecx, [ebp+var_60]
mov edx, [ebp+var_5C]
movzx edx, word ptr [edx]
movzx ecx, word ptr [ecx]
and [ebp+var_78], 0
imul ecx, edx
mov edx, [esi-4]
lea ebx, [edx+ecx]
cmp ebx, edx
jb short loc_412C69
cmp ebx, ecx
jnb short loc_412C70
loc_412C69: ; CODE XREF: sub_41279D+4C6�j
mov [ebp+var_78], 1
loc_412C70: ; CODE XREF: sub_41279D+4CA�j
cmp [ebp+var_78], 0
mov [esi-4], ebx
jz short loc_412C7C
inc word ptr [esi]
loc_412C7C: ; CODE XREF: sub_41279D+4DA�j
add [ebp+var_5C], 2
sub [ebp+var_60], 2
dec [ebp+var_64]
cmp [ebp+var_64], 0
jg short loc_412C48
mov ebx, [ebp+var_70]
loc_412C90: ; CODE XREF: sub_41279D+49C�j
inc esi
inc esi
inc [ebp+var_68]
dec [ebp+var_58]
cmp [ebp+var_58], 0
jg short loc_412C2C
add edi, 0C002h
test di, di
jle short loc_412CE4
loc_412CA9: ; CODE XREF: sub_41279D+540�j
test [ebp+var_24], 80000000h
jnz short loc_412CDF
mov esi, [ebp+var_28]
mov ecx, [ebp+var_2C]
shl [ebp+var_2C], 1
shr ecx, 1Fh
mov edx, esi
add esi, esi
or esi, ecx
mov ecx, [ebp+var_24]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
add edi, 0FFFFh
test di, di
mov [ebp+var_28], esi
mov [ebp+var_24], ecx
jg short loc_412CA9
loc_412CDF: ; CODE XREF: sub_41279D+513�j
test di, di
jg short loc_412D32
loc_412CE4: ; CODE XREF: sub_41279D+50A�j
add edi, 0FFFFh
test di, di
jge short loc_412D32
mov ecx, edi
neg ecx
movzx esi, cx
add edi, esi
loc_412CF8: ; CODE XREF: sub_41279D+588�j
test byte ptr [ebp+var_2C], 1
jz short loc_412D01
inc [ebp+var_50]
loc_412D01: ; CODE XREF: sub_41279D+55F�j
mov ecx, [ebp+var_24]
mov ebx, [ebp+var_28]
mov edx, [ebp+var_28]
shr [ebp+var_24], 1
shl ecx, 1Fh
shr ebx, 1
or ebx, ecx
mov ecx, [ebp+var_2C]
shl edx, 1Fh
shr ecx, 1
or ecx, edx
dec esi
mov [ebp+var_28], ebx
mov [ebp+var_2C], ecx
jnz short loc_412CF8
cmp [ebp+var_50], 0
jz short loc_412D32
or word ptr [ebp+var_2C], 1
loc_412D32: ; CODE XREF: sub_41279D+545�j
; sub_41279D+550�j ...
cmp word ptr [ebp+var_2C], 8000h
ja short loc_412D4B
mov ecx, [ebp+var_2C]
and ecx, 1FFFFh
cmp ecx, 18000h
jnz short loc_412D7E
loc_412D4B: ; CODE XREF: sub_41279D+59B�j
cmp [ebp+var_2C+2], 0FFFFFFFFh
jnz short loc_412D7B
and [ebp+var_2C+2], 0
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_412D76
and [ebp+var_28+2], 0
cmp word ptr [ebp+var_24+2], 0FFFFh
jnz short loc_412D70
mov word ptr [ebp+var_24+2], 8000h
inc edi
jmp short loc_412D7E
; ---------------------------------------------------------------------------
loc_412D70: ; CODE XREF: sub_41279D+5C8�j
inc word ptr [ebp+var_24+2]
jmp short loc_412D7E
; ---------------------------------------------------------------------------
loc_412D76: ; CODE XREF: sub_41279D+5BC�j
inc [ebp+var_28+2]
jmp short loc_412D7E
; ---------------------------------------------------------------------------
loc_412D7B: ; CODE XREF: sub_41279D+5B2�j
inc [ebp+var_2C+2]
loc_412D7E: ; CODE XREF: sub_41279D+5AC�j
; sub_41279D+5D1�j ...
cmp di, 7FFFh
mov esi, [ebp+var_4C]
jnb short loc_412DA4
mov cx, word ptr [ebp+var_2C+2]
mov word ptr [ebp+var_3C], cx
mov ecx, [ebp+var_28]
mov [ebp+var_3C+2], ecx
mov ecx, [ebp+var_24]
or edi, eax
mov [ebp+var_38+2], ecx
mov word ptr [ebp+var_32], di
jmp short loc_412DBE
; ---------------------------------------------------------------------------
loc_412DA4: ; CODE XREF: sub_41279D+406�j
; sub_41279D+411�j ...
neg ax
sbb eax, eax
and [ebp+var_38], 0
and eax, 80000000h
add eax, 7FFF8000h
and [ebp+var_3C], 0
loc_412DBB: ; CODE XREF: sub_41279D+431�j
mov [ebp-34h], eax
loc_412DBE: ; CODE XREF: sub_41279D+3A9�j
; sub_41279D+455�j ...
cmp [ebp+var_54], 0
jnz loc_412B34
loc_412DC8: ; CODE XREF: sub_41279D+370�j
; sub_41279D+391�j
mov eax, [ebp-34h]
movzx ecx, word ptr [ebp+var_3C]
mov esi, [ebp+var_3C+2]
mov edx, [ebp+var_38+2]
shr eax, 10h
jmp short loc_412E09
; ---------------------------------------------------------------------------
loc_412DDA: ; CODE XREF: sub_41279D+292�j
mov [ebp+var_6C], 4
jmp short loc_412E01
; ---------------------------------------------------------------------------
loc_412DE3: ; CODE XREF: sub_41279D+352�j
xor esi, esi
mov eax, 7FFFh
mov edx, 80000000h
xor ecx, ecx
mov [ebp+var_6C], 2
jmp short loc_412E09
; ---------------------------------------------------------------------------
loc_412DFA: ; CODE XREF: sub_41279D+35D�j
mov [ebp+var_6C], 1
loc_412E01: ; CODE XREF: sub_41279D+2B4�j
; sub_41279D+644�j
xor ecx, ecx
xor eax, eax
xor edx, edx
xor esi, esi
loc_412E09: ; CODE XREF: sub_41279D+63B�j
; sub_41279D+65B�j
mov edi, [ebp+var_7C]
or eax, [ebp+var_74]
mov [edi], cx
mov [edi+0Ah], ax
mov eax, [ebp+var_6C]
mov [edi+2], esi
mov [edi+6], edx
loc_412E1F: ; CODE XREF: sub_41279D+63�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_41279D endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_412E31 dd offset loc_412835 ; DATA XREF: sub_41279D+91�r
dd offset loc_412889 ; jump table for switch statement
dd offset loc_4128DF
dd offset loc_412912
dd offset loc_412957
dd offset loc_41298F
dd offset loc_4129A3
dd offset loc_4129FE
dd offset loc_4129E9
dd offset loc_412A68
dd offset loc_412A5D
dd offset loc_412A0C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E61 proc near ; CODE XREF: sub_411B21+3F�p
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1A = dword ptr -1Ah
var_16 = dword ptr -16h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 74h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
lea esi, [ebp+arg_0]
lea edi, [ebp+var_10]
movsd
movsd
movsw
mov edx, [ebp+var_8]
mov ecx, edx
mov eax, 8000h
and ecx, eax
and edx, 7FFFh
test cx, cx
mov [ebp+var_60], ebx
mov byte ptr [ebp+var_30], 0CCh
mov byte ptr [ebp+var_30+1], 0CCh
mov byte ptr [ebp+var_30+2], 0CCh
mov byte ptr [ebp+var_30+3], 0CCh
mov byte ptr [ebp+var_2C], 0CCh
mov byte ptr [ebp+var_2C+1], 0CCh
mov byte ptr [ebp+var_2C+2], 0CCh
mov byte ptr [ebp+var_2C+3], 0CCh
mov byte ptr [ebp+var_28], 0CCh
mov byte ptr [ebp+var_28+1], 0CCh
mov byte ptr [ebp+var_28+2], 0FBh
mov byte ptr [ebp+var_28+3], 3Fh
mov [ebp+var_74], 1
mov [ebp+var_6C], ecx
jz short loc_412EDB
mov byte ptr [ebx+2], 2Dh
jmp short loc_412EDF
; ---------------------------------------------------------------------------
loc_412EDB: ; CODE XREF: sub_412E61+72�j
mov byte ptr [ebx+2], 20h
loc_412EDF: ; CODE XREF: sub_412E61+78�j
test dx, dx
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jnz short loc_412F18
test esi, esi
jnz short loc_412F18
test edi, edi
jnz short loc_412F18
and [ebx], di
cmp cx, ax
setnz al
dec al
and al, 0Dh
add al, 20h
mov [ebx+2], al
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
mov byte ptr [ebx+5], 0
loc_412F10: ; CODE XREF: sub_412E61+6FB�j
; sub_412E61+8C3�j
xor eax, eax
inc eax
jmp loc_4136E1
; ---------------------------------------------------------------------------
loc_412F18: ; CODE XREF: sub_412E61+87�j
; sub_412E61+8B�j ...
cmp dx, 7FFFh
jnz loc_412FC1
mov eax, 80000000h
cmp esi, eax
mov word ptr [ebx], 1
jnz short loc_412F35
test edi, edi
jz short loc_412F44
loc_412F35: ; CODE XREF: sub_412E61+CE�j
test esi, 40000000h
jnz short loc_412F44
push offset dword_41EED0
jmp short loc_412F95
; ---------------------------------------------------------------------------
loc_412F44: ; CODE XREF: sub_412E61+D2�j
; sub_412E61+DA�j
test cx, cx
jz short loc_412F5C
cmp esi, 0C0000000h
jnz short loc_412F5C
test edi, edi
jnz short loc_412F90
push offset dword_41EEC8
jmp short loc_412F69
; ---------------------------------------------------------------------------
loc_412F5C: ; CODE XREF: sub_412E61+E6�j
; sub_412E61+EE�j
cmp esi, eax
jnz short loc_412F90
test edi, edi
jnz short loc_412F90
push offset dword_41EEC0
loc_412F69: ; CODE XREF: sub_412E61+F9�j
lea eax, [ebx+4]
push 16h
push eax
call sub_407A85
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412F8A
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_412F8A: ; CODE XREF: sub_412E61+11A�j
mov byte ptr [ebx+3], 5
jmp short loc_412FBA
; ---------------------------------------------------------------------------
loc_412F90: ; CODE XREF: sub_412E61+F2�j
; sub_412E61+FD�j ...
push offset dword_41EEB8
loc_412F95: ; CODE XREF: sub_412E61+E1�j
lea eax, [ebx+4]
push 16h
push eax
call sub_407A85
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412FB6
push esi
push esi
push esi
push esi
push esi
call sub_4031FD
add esp, 14h
loc_412FB6: ; CODE XREF: sub_412E61+146�j
mov byte ptr [ebx+3], 6
loc_412FBA: ; CODE XREF: sub_412E61+12D�j
xor eax, eax
jmp loc_4136E1
; ---------------------------------------------------------------------------
loc_412FC1: ; CODE XREF: sub_412E61+BC�j
movzx ecx, dx
mov ebx, ecx
imul ecx, 4D10h
shr ebx, 8
mov eax, esi
shr eax, 18h
lea eax, [ebx+eax*2]
imul eax, 4Dh
lea eax, [eax+ecx-134312F4h]
sar eax, 10h
movzx ecx, ax
movsx ebx, cx
mov [ebp+var_4C], ecx
xor eax, eax
mov ecx, offset dword_424260
neg ebx
sub ecx, 60h
cmp ebx, eax
mov word ptr [ebp+var_16], dx
mov [ebp+var_1A], esi
mov [ebp+var_20+2], edi
mov word ptr [ebp+var_20], ax
mov [ebp+var_68], ecx
jz loc_4132C0
jge short loc_413021
mov ecx, offset dword_4243C0
neg ebx
sub ecx, 60h
mov [ebp+var_68], ecx
loc_413021: ; CODE XREF: sub_412E61+1B1�j
cmp ebx, eax
jz loc_4132C0
loc_413029: ; CODE XREF: sub_412E61+457�j
add [ebp+var_68], 54h
mov ecx, ebx
and ecx, 7
sar ebx, 3
test ecx, ecx
jz loc_4132B6
imul ecx, 0Ch
add ecx, [ebp+var_68]
cmp word ptr [ecx], 8000h
mov [ebp+var_64], ecx
jb short loc_413060
mov esi, ecx
lea edi, [ebp+var_3C]
movsd
movsd
lea eax, [ebp+var_3C]
movsd
dec [ebp+var_3C+2]
mov [ebp+var_64], eax
mov ecx, eax
loc_413060: ; CODE XREF: sub_412E61+1EA�j
movzx edi, word ptr [ecx+0Ah]
mov edx, [ebp+var_16]
xor eax, eax
mov ecx, edi
mov esi, 7FFFh
xor ecx, edx
and edx, esi
and edi, esi
mov [ebp+var_48], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
and ecx, 8000h
cmp dx, si
lea eax, [edi+edx]
movzx eax, ax
jnb loc_41329A
cmp di, si
jnb loc_41329A
cmp ax, 0BFFDh
ja loc_41329A
cmp ax, 3FBFh
ja short loc_4130C0
xor eax, eax
mov [ebp+var_1A+2], eax
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
jmp loc_4132B6
; ---------------------------------------------------------------------------
loc_4130C0: ; CODE XREF: sub_412E61+24D�j
xor esi, esi
cmp dx, si
jnz short loc_4130E4
inc eax
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_4130E4
cmp [ebp-1Ch], esi
jnz short loc_4130E4
cmp [ebp+var_20], esi
jnz short loc_4130E4
mov word ptr [ebp+var_16], si
jmp loc_4132B6
; ---------------------------------------------------------------------------
loc_4130E4: ; CODE XREF: sub_412E61+264�j
; sub_412E61+26E�j ...
cmp di, si
jnz short loc_41310D
mov edx, [ebp+var_64]
inc eax
test dword ptr [edx+8], 7FFFFFFFh
jnz short loc_41310D
cmp [edx+4], esi
jnz short loc_41310D
cmp [edx], esi
jnz short loc_41310D
mov [ebp+var_1A+2], esi
mov [ebp-1Ch], esi
mov [ebp+var_20], esi
jmp loc_4132B6
; ---------------------------------------------------------------------------
loc_41310D: ; CODE XREF: sub_412E61+286�j
; sub_412E61+293�j ...
lea edi, [ebp+var_C]
mov [ebp+var_5C], esi
mov [ebp+var_44], edi
mov [ebp+var_40], 5
loc_41311D: ; CODE XREF: sub_412E61+332�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_413184
lea edx, [ebp+edx+var_20]
mov [ebp+var_58], edx
mov edx, [ebp+var_64]
add edx, 8
mov [ebp+var_54], edx
loc_41313C: ; CODE XREF: sub_412E61+321�j
mov edx, [ebp+var_58]
mov esi, [ebp+var_54]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
mov edi, [edi-4]
imul edx, esi
and [ebp+var_70], 0
lea esi, [edi+edx]
cmp esi, edi
jb short loc_41315D
cmp esi, edx
jnb short loc_413164
loc_41315D: ; CODE XREF: sub_412E61+2F6�j
mov [ebp+var_70], 1
loc_413164: ; CODE XREF: sub_412E61+2FA�j
cmp [ebp+var_70], 0
mov edi, [ebp+var_44]
mov [edi-4], esi
jz short loc_413173
inc word ptr [edi]
loc_413173: ; CODE XREF: sub_412E61+30D�j
add [ebp+var_58], 2
sub [ebp+var_54], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_41313C
loc_413184: ; CODE XREF: sub_412E61+2C9�j
inc edi
inc edi
inc [ebp+var_5C]
dec [ebp+var_40]
cmp [ebp+var_40], 0
mov [ebp+var_44], edi
jg short loc_41311D
add eax, 0C002h
test ax, ax
jle short loc_4131DA
loc_41319F: ; CODE XREF: sub_412E61+372�j
test [ebp+var_8], 80000000h
jnz short loc_4131D5
mov edx, [ebp+var_10]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add edi, edi
or edi, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add eax, 0FFFFh
test ax, ax
mov [ebp+var_C], edi
mov [ebp+var_8], edx
jg short loc_41319F
loc_4131D5: ; CODE XREF: sub_412E61+345�j
test ax, ax
jg short loc_41322C
loc_4131DA: ; CODE XREF: sub_412E61+33C�j
add eax, 0FFFFh
test ax, ax
jge short loc_41322C
mov edx, eax
neg edx
movzx edx, dx
mov [ebp+var_44], edx
add eax, edx
loc_4131F0: ; CODE XREF: sub_412E61+3BE�j
test byte ptr [ebp+var_10], 1
jz short loc_4131F9
inc [ebp+var_48]
loc_4131F9: ; CODE XREF: sub_412E61+393�j
mov edx, [ebp+var_8]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr edi, 1
or edi, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec [ebp+var_44]
mov [ebp+var_C], edi
mov [ebp+var_10], edx
jnz short loc_4131F0
cmp [ebp+var_48], 0
jz short loc_41322C
or word ptr [ebp+var_10], 1
loc_41322C: ; CODE XREF: sub_412E61+377�j
; sub_412E61+381�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_413245
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_413278
loc_413245: ; CODE XREF: sub_412E61+3D1�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_413275
and [ebp+var_10+2], 0
cmp [ebp+var_C+2], 0FFFFFFFFh
jnz short loc_413270
and [ebp+var_C+2], 0
cmp word ptr [ebp+var_8+2], 0FFFFh
jnz short loc_41326A
mov word ptr [ebp+var_8+2], 8000h
inc eax
jmp short loc_413278
; ---------------------------------------------------------------------------
loc_41326A: ; CODE XREF: sub_412E61+3FE�j
inc word ptr [ebp+var_8+2]
jmp short loc_413278
; ---------------------------------------------------------------------------
loc_413270: ; CODE XREF: sub_412E61+3F2�j
inc [ebp+var_C+2]
jmp short loc_413278
; ---------------------------------------------------------------------------
loc_413275: ; CODE XREF: sub_412E61+3E8�j
inc [ebp+var_10+2]
loc_413278: ; CODE XREF: sub_412E61+3E2�j
; sub_412E61+407�j ...
cmp ax, 7FFFh
jnb short loc_41329A
mov dx, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], dx
mov edx, [ebp+var_C]
mov [ebp+var_20+2], edx
mov edx, [ebp+var_8]
or eax, ecx
mov [ebp+var_1A], edx
mov word ptr [ebp+var_16], ax
jmp short loc_4132B6
; ---------------------------------------------------------------------------
loc_41329A: ; CODE XREF: sub_412E61+230�j
; sub_412E61+239�j ...
neg cx
sbb ecx, ecx
and dword ptr [ebp-1Ch], 0
and ecx, 80000000h
add ecx, 7FFF8000h
and [ebp+var_20], 0
mov [ebp+var_1A+2], ecx
loc_4132B6: ; CODE XREF: sub_412E61+1D6�j
; sub_412E61+25A�j ...
test ebx, ebx
jnz loc_413029
xor eax, eax
loc_4132C0: ; CODE XREF: sub_412E61+1AB�j
; sub_412E61+1C2�j
mov ecx, [ebp+var_1A+2]
shr ecx, 10h
cmp cx, 3FFFh
mov ebx, 7FFFh
jb loc_413520
mov esi, [ebp+var_28+2]
inc [ebp+var_4C]
movzx edx, cx
mov ecx, esi
xor ecx, edx
and edx, ebx
and esi, ebx
and ecx, 8000h
cmp dx, bx
lea edi, [esi+edx]
mov [ebp+var_58], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
movzx edi, di
jnb loc_413506
cmp si, bx
jnb loc_413506
cmp di, 0BFFDh
ja loc_413506
cmp di, 3FBFh
ja short loc_41332B
loc_413323: ; CODE XREF: sub_412E61+503�j
mov [ebp+var_1A+2], eax
jmp loc_41351A
; ---------------------------------------------------------------------------
loc_41332B: ; CODE XREF: sub_412E61+4C0�j
cmp dx, ax
jnz short loc_41334D
inc edi
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_41334D
cmp [ebp-1Ch], eax
jnz short loc_41334D
cmp [ebp+var_20], eax
jnz short loc_41334D
mov word ptr [ebp+var_16], ax
jmp loc_413520
; ---------------------------------------------------------------------------
loc_41334D: ; CODE XREF: sub_412E61+4CD�j
; sub_412E61+4D7�j ...
cmp si, ax
jnz short loc_413366
inc edi
test [ebp+var_28], 7FFFFFFFh
jnz short loc_413366
cmp [ebp+var_2C], eax
jnz short loc_413366
cmp [ebp+var_30], eax
jz short loc_413323
loc_413366: ; CODE XREF: sub_412E61+4EF�j
; sub_412E61+4F9�j ...
and [ebp+var_54], 0
lea eax, [ebp+var_C]
mov [ebp+var_40], 5
loc_413374: ; CODE XREF: sub_412E61+580�j
mov edx, [ebp+var_54]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_4133D5
lea esi, [ebp+var_28]
lea edx, [ebp+edx+var_20]
mov [ebp+var_5C], esi
mov [ebp+var_48], edx
loc_413390: ; CODE XREF: sub_412E61+572�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_48]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
and [ebp+var_44], 0
imul edx, esi
mov esi, [eax-4]
lea ebx, [esi+edx]
cmp ebx, esi
jb short loc_4133B1
cmp ebx, edx
jnb short loc_4133B8
loc_4133B1: ; CODE XREF: sub_412E61+54A�j
mov [ebp+var_44], 1
loc_4133B8: ; CODE XREF: sub_412E61+54E�j
cmp [ebp+var_44], 0
mov [eax-4], ebx
jz short loc_4133C4
inc word ptr [eax]
loc_4133C4: ; CODE XREF: sub_412E61+55E�j
add [ebp+var_48], 2
sub [ebp+var_5C], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_413390
loc_4133D5: ; CODE XREF: sub_412E61+520�j
inc eax
inc eax
inc [ebp+var_54]
dec [ebp+var_40]
cmp [ebp+var_40], 0
jg short loc_413374
add edi, 0C002h
xor eax, eax
cmp di, ax
jle short loc_41342C
loc_4133F0: ; CODE XREF: sub_412E61+5C4�j
test [ebp+var_8], 80000000h
jnz short loc_413427
mov edx, [ebp+var_10]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add ebx, ebx
or ebx, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add edi, 0FFFFh
cmp di, ax
mov [ebp+var_C], ebx
mov [ebp+var_8], edx
jg short loc_4133F0
loc_413427: ; CODE XREF: sub_412E61+596�j
cmp di, ax
jg short loc_41347B
loc_41342C: ; CODE XREF: sub_412E61+58D�j
add edi, 0FFFFh
cmp di, ax
jge short loc_41347B
mov eax, edi
neg eax
movzx eax, ax
add edi, eax
loc_413440: ; CODE XREF: sub_412E61+60C�j
test byte ptr [ebp+var_10], 1
jz short loc_413449
inc [ebp+var_58]
loc_413449: ; CODE XREF: sub_412E61+5E3�j
mov edx, [ebp+var_8]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr ebx, 1
or ebx, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec eax
mov [ebp+var_C], ebx
mov [ebp+var_10], edx
jnz short loc_413440
xor eax, eax
cmp [ebp+var_58], eax
jz short loc_41347B
or word ptr [ebp+var_10], 1
loc_41347B: ; CODE XREF: sub_412E61+5C9�j
; sub_412E61+5D4�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_413494
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_4134C5
loc_413494: ; CODE XREF: sub_412E61+620�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_4134C2
cmp [ebp+var_C+2], 0FFFFFFFFh
mov [ebp+var_10+2], eax
jnz short loc_4134BD
cmp word ptr [ebp+var_8+2], 0FFFFh
mov [ebp+var_C+2], eax
jnz short loc_4134B7
mov word ptr [ebp+var_8+2], 8000h
inc edi
jmp short loc_4134C5
; ---------------------------------------------------------------------------
loc_4134B7: ; CODE XREF: sub_412E61+64B�j
inc word ptr [ebp+var_8+2]
jmp short loc_4134C5
; ---------------------------------------------------------------------------
loc_4134BD: ; CODE XREF: sub_412E61+640�j
inc [ebp+var_C+2]
jmp short loc_4134C5
; ---------------------------------------------------------------------------
loc_4134C2: ; CODE XREF: sub_412E61+637�j
inc [ebp+var_10+2]
loc_4134C5: ; CODE XREF: sub_412E61+631�j
; sub_412E61+654�j ...
cmp di, 7FFFh
jb short loc_4134EA
neg cx
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_4134E6: ; CODE XREF: sub_412E61+6A3�j
xor eax, eax
jmp short loc_413520
; ---------------------------------------------------------------------------
loc_4134EA: ; CODE XREF: sub_412E61+669�j
mov ax, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], ax
mov eax, [ebp+var_C]
mov [ebp+var_20+2], eax
mov eax, [ebp+var_8]
or edi, ecx
mov [ebp+var_1A], eax
mov word ptr [ebp+var_16], di
jmp short loc_4134E6
; ---------------------------------------------------------------------------
loc_413506: ; CODE XREF: sub_412E61+4A1�j
; sub_412E61+4AA�j ...
neg cx
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_41351A: ; CODE XREF: sub_412E61+4C5�j
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
loc_413520: ; CODE XREF: sub_412E61+46F�j
; sub_412E61+4E7�j ...
test [ebp+arg_10], 1
mov edx, [ebp+var_60]
mov ecx, [ebp+var_4C]
mov [edx], cx
jz short loc_413561
movsx ecx, cx
add [ebp+arg_C], ecx
cmp [ebp+arg_C], eax
jg short loc_413561
and word ptr [edx], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [edx+3], 1
setnz al
dec al
and al, 0Dh
add al, 20h
mov [edx+2], al
mov byte ptr [edx+4], 30h
mov byte ptr [edx+5], 0
jmp loc_412F10
; ---------------------------------------------------------------------------
loc_413561: ; CODE XREF: sub_412E61+6CC�j
; sub_412E61+6D7�j
push 15h
pop ecx
cmp [ebp+arg_C], ecx
jle short loc_41356C
mov [ebp+arg_C], ecx
loc_41356C: ; CODE XREF: sub_412E61+706�j
mov esi, [ebp+var_1A+2]
shr esi, 10h
push 8
sub esi, 3FFEh
mov word ptr [ebp+var_16], ax
pop ebx
loc_41357F: ; CODE XREF: sub_412E61+742�j
mov eax, [ebp+var_20]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shl [ebp+var_20], 1
shr eax, 1Fh
add edi, edi
or edi, eax
mov eax, [ebp+var_1A+2]
shr ecx, 1Fh
add eax, eax
or eax, ecx
dec ebx
mov [ebp-1Ch], edi
mov [ebp+var_1A+2], eax
jnz short loc_41357F
test esi, esi
jge short loc_4135DB
neg esi
and esi, 0FFh
jle short loc_4135DB
loc_4135B3: ; CODE XREF: sub_412E61+778�j
mov eax, [ebp+var_1A+2]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shr [ebp+var_1A+2], 1
shl eax, 1Fh
shr edi, 1
or edi, eax
mov eax, [ebp+var_20]
shl ecx, 1Fh
shr eax, 1
or eax, ecx
dec esi
test esi, esi
mov [ebp-1Ch], edi
mov [ebp+var_20], eax
jg short loc_4135B3
loc_4135DB: ; CODE XREF: sub_412E61+746�j
; sub_412E61+750�j
mov eax, [ebp+arg_C]
inc eax
test eax, eax
lea ebx, [edx+4]
mov [ebp+var_40], ebx
mov [ebp+var_4C], eax
jle loc_4136A5
loc_4135F0: ; CODE XREF: sub_412E61+83E�j
mov edx, [ebp+var_20]
mov eax, [ebp-1Ch]
lea esi, [ebp+var_20]
lea edi, [ebp+var_3C]
movsd
movsd
movsd
shl [ebp+var_20], 1
mov edi, [ebp+var_20]
shl [ebp+var_20], 1
shr edx, 1Fh
lea ecx, [eax+eax]
or ecx, edx
mov edx, [ebp+var_1A+2]
mov esi, eax
shr esi, 1Fh
add edx, edx
or edx, esi
mov eax, ecx
lea esi, [ecx+ecx]
shr eax, 1Fh
lea ecx, [edx+edx]
mov edx, [ebp+var_3C]
shr edi, 1Fh
or ecx, eax
mov eax, [ebp+var_20]
or esi, edi
lea edi, [edx+eax]
cmp edi, eax
jb short loc_41363F
cmp edi, edx
jnb short loc_413657
loc_41363F: ; CODE XREF: sub_412E61+7D8�j
lea eax, [esi+1]
xor edx, edx
cmp eax, esi
jb short loc_41364D
cmp eax, 1
jnb short loc_413650
loc_41364D: ; CODE XREF: sub_412E61+7E5�j
xor edx, edx
inc edx
loc_413650: ; CODE XREF: sub_412E61+7EA�j
test edx, edx
mov esi, eax
jz short loc_413657
inc ecx
loc_413657: ; CODE XREF: sub_412E61+7DC�j
; sub_412E61+7F3�j
mov eax, [ebp+var_38]
lea edx, [eax+esi]
cmp edx, esi
mov [ebp+var_44], edx
jb short loc_413668
cmp edx, eax
jnb short loc_413669
loc_413668: ; CODE XREF: sub_412E61+801�j
inc ecx
loc_413669: ; CODE XREF: sub_412E61+805�j
add ecx, [ebp+var_34]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
lea esi, [edi+edi]
mov [ebp+var_20], esi
mov esi, [ebp+var_44]
mov [ebp+var_1A+2], ecx
shr ecx, 18h
add esi, esi
add cl, 30h
mov eax, edi
shr eax, 1Fh
or esi, eax
mov [ebx], cl
inc ebx
dec [ebp+var_4C]
cmp [ebp+var_4C], 0
mov [ebp-1Ch], esi
mov byte ptr [ebp+var_16+1], 0
jg loc_4135F0
loc_4136A5: ; CODE XREF: sub_412E61+789�j
dec ebx
mov al, [ebx]
dec ebx
cmp al, 35h
jge short loc_4136BB
mov ecx, [ebp+var_40]
jmp short loc_4136F6
; ---------------------------------------------------------------------------
loc_4136B2: ; CODE XREF: sub_412E61+85D�j
cmp byte ptr [ebx], 39h
jnz short loc_4136C0
mov byte ptr [ebx], 30h
dec ebx
loc_4136BB: ; CODE XREF: sub_412E61+84A�j
cmp ebx, [ebp+var_40]
jnb short loc_4136B2
loc_4136C0: ; CODE XREF: sub_412E61+854�j
cmp ebx, [ebp+var_40]
mov eax, [ebp+var_60]
jnb short loc_4136CC
inc ebx
inc word ptr [eax]
loc_4136CC: ; CODE XREF: sub_412E61+865�j
inc byte ptr [ebx]
loc_4136CE: ; CODE XREF: sub_412E61+89E�j
sub bl, al
sub bl, 3
movsx ecx, bl
mov [eax+3], bl
mov byte ptr [ecx+eax+4], 0
mov eax, [ebp+var_74]
loc_4136E1: ; CODE XREF: sub_412E61+B2�j
; sub_412E61+15B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
; ---------------------------------------------------------------------------
loc_4136F0: ; CODE XREF: sub_412E61+897�j
cmp byte ptr [ebx], 30h
jnz short loc_4136FA
dec ebx
loc_4136F6: ; CODE XREF: sub_412E61+84F�j
cmp ebx, ecx
jnb short loc_4136F0
loc_4136FA: ; CODE XREF: sub_412E61+892�j
cmp ebx, ecx
mov eax, [ebp+var_60]
jnb short loc_4136CE
and word ptr [eax], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [eax+3], 1
setnz dl
dec dl
and dl, 0Dh
add dl, 20h
mov [eax+2], dl
mov byte ptr [ecx], 30h
mov byte ptr [eax+5], 0
jmp loc_412F10
sub_412E61 endp
; =============== S U B R O U T I N E =======================================
sub_413729 proc near ; CODE XREF: sub_413857+C0�p
xor eax, eax
test bl, 10h
jz short loc_413731
inc eax
loc_413731: ; CODE XREF: sub_413729+5�j
test bl, 8
jz short loc_413739
or eax, 4
loc_413739: ; CODE XREF: sub_413729+B�j
test bl, 4
jz short loc_413741
or eax, 8
loc_413741: ; CODE XREF: sub_413729+13�j
test bl, 2
jz short loc_413749
or eax, 10h
loc_413749: ; CODE XREF: sub_413729+1B�j
test bl, 1
jz short loc_413751
or eax, 20h
loc_413751: ; CODE XREF: sub_413729+23�j
test ebx, 80000h
jz short loc_41375C
or eax, 2
loc_41375C: ; CODE XREF: sub_413729+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_413790
cmp ecx, 100h
jz short loc_41378B
cmp ecx, esi
jz short loc_413784
cmp ecx, edx
jnz short loc_413790
or eax, 0C00h
jmp short loc_413790
; ---------------------------------------------------------------------------
loc_413784: ; CODE XREF: sub_413729+4E�j
or eax, 800h
jmp short loc_413790
; ---------------------------------------------------------------------------
loc_41378B: ; CODE XREF: sub_413729+4A�j
or eax, 400h
loc_413790: ; CODE XREF: sub_413729+42�j
; sub_413729+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_4137A6
cmp ecx, 10000h
jnz short loc_4137A8
or eax, esi
jmp short loc_4137A8
; ---------------------------------------------------------------------------
loc_4137A6: ; CODE XREF: sub_413729+6F�j
or eax, edx
loc_4137A8: ; CODE XREF: sub_413729+77�j
; sub_413729+7B�j
test ebx, 40000h
pop esi
jz short locret_4137B6
or eax, 1000h
locret_4137B6: ; CODE XREF: sub_413729+86�j
retn
sub_413729 endp
; =============== S U B R O U T I N E =======================================
sub_4137B7 proc near ; CODE XREF: sub_413857:loc_413A90�p
xor eax, eax
test dl, 10h
jz short loc_4137C3
mov eax, 80h
loc_4137C3: ; CODE XREF: sub_4137B7+5�j
test dl, 8
push ebx
push esi
push edi
mov ebx, 200h
jz short loc_4137D2
or eax, ebx
loc_4137D2: ; CODE XREF: sub_4137B7+17�j
test dl, 4
jz short loc_4137DC
or eax, 400h
loc_4137DC: ; CODE XREF: sub_4137B7+1E�j
test dl, 2
jz short loc_4137E6
or eax, 800h
loc_4137E6: ; CODE XREF: sub_4137B7+28�j
test dl, 1
jz short loc_4137F0
or eax, 1000h
loc_4137F0: ; CODE XREF: sub_4137B7+32�j
test edx, 80000h
mov edi, 100h
jz short loc_4137FF
or eax, edi
loc_4137FF: ; CODE XREF: sub_4137B7+44�j
mov ecx, edx
mov esi, 300h
and ecx, esi
jz short loc_413829
cmp ecx, edi
jz short loc_413824
cmp ecx, ebx
jz short loc_41381D
cmp ecx, esi
jnz short loc_413829
or eax, 6000h
jmp short loc_413829
; ---------------------------------------------------------------------------
loc_41381D: ; CODE XREF: sub_4137B7+59�j
or eax, 4000h
jmp short loc_413829
; ---------------------------------------------------------------------------
loc_413824: ; CODE XREF: sub_4137B7+55�j
or eax, 2000h
loc_413829: ; CODE XREF: sub_4137B7+51�j
; sub_4137B7+5D�j ...
mov ecx, 3000000h
pop edi
and edx, ecx
cmp edx, 1000000h
pop esi
pop ebx
jz short loc_413851
cmp edx, 2000000h
jz short loc_41384D
cmp edx, ecx
jnz short locret_413856
or eax, 8000h
retn
; ---------------------------------------------------------------------------
loc_41384D: ; CODE XREF: sub_4137B7+8A�j
or eax, 40h
retn
; ---------------------------------------------------------------------------
loc_413851: ; CODE XREF: sub_4137B7+82�j
or eax, 8040h
locret_413856: ; CODE XREF: sub_4137B7+8E�j
retn
sub_4137B7 endp
; =============== S U B R O U T I N E =======================================
sub_413857 proc near ; CODE XREF: sub_411CAF+25�p
; sub_411CAF+55�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10h
push ebx
push ebp
push esi
push edi
fstcw word ptr [esp+20h+var_C]
mov ebx, [esp+20h+var_C]
xor edx, edx
test bl, 1
jz short loc_413871
push 10h
pop edx
loc_413871: ; CODE XREF: sub_413857+15�j
test bl, 4
jz short loc_413879
or edx, 8
loc_413879: ; CODE XREF: sub_413857+1D�j
test bl, 8
jz short loc_413881
or edx, 4
loc_413881: ; CODE XREF: sub_413857+25�j
test bl, 10h
jz short loc_413889
or edx, 2
loc_413889: ; CODE XREF: sub_413857+2D�j
test bl, 20h
jz short loc_413891
or edx, 1
loc_413891: ; CODE XREF: sub_413857+35�j
test bl, 2
jz short loc_41389C
or edx, 80000h
loc_41389C: ; CODE XREF: sub_413857+3D�j
movzx ecx, bx
mov eax, ecx
mov edi, 0C00h
and eax, edi
mov ebp, 300h
mov esi, 200h
jz short loc_4138D4
cmp eax, 400h
jz short loc_4138CE
cmp eax, 800h
jz short loc_4138CA
cmp eax, edi
jnz short loc_4138D4
or edx, ebp
jmp short loc_4138D4
; ---------------------------------------------------------------------------
loc_4138CA: ; CODE XREF: sub_413857+69�j
or edx, esi
jmp short loc_4138D4
; ---------------------------------------------------------------------------
loc_4138CE: ; CODE XREF: sub_413857+62�j
or edx, 100h
loc_4138D4: ; CODE XREF: sub_413857+5B�j
; sub_413857+6D�j ...
and ecx, ebp
jz short loc_4138E4
cmp ecx, esi
jnz short loc_4138EA
or edx, 10000h
jmp short loc_4138EA
; ---------------------------------------------------------------------------
loc_4138E4: ; CODE XREF: sub_413857+7F�j
or edx, 20000h
loc_4138EA: ; CODE XREF: sub_413857+83�j
; sub_413857+8B�j
test bx, 1000h
jz short loc_4138F7
or edx, 40000h
loc_4138F7: ; CODE XREF: sub_413857+98�j
mov esi, [esp+20h+arg_4]
mov ecx, [esp+20h+arg_0]
mov eax, esi
not eax
and eax, edx
and ecx, esi
or eax, ecx
cmp eax, edx
mov [esp+20h+var_4], eax
jz loc_4139BF
mov ebx, eax
call sub_413729
movzx eax, ax
mov [esp+20h+var_10], eax
fldcw word ptr [esp+20h+var_10]
fstcw word ptr [esp+20h+var_10]
mov ebx, [esp+20h+var_10]
xor edx, edx
test bl, 1
jz short loc_41393A
push 10h
pop edx
loc_41393A: ; CODE XREF: sub_413857+DE�j
test bl, 4
jz short loc_413942
or edx, 8
loc_413942: ; CODE XREF: sub_413857+E6�j
test bl, 8
jz short loc_41394A
or edx, 4
loc_41394A: ; CODE XREF: sub_413857+EE�j
test bl, 10h
jz short loc_413952
or edx, 2
loc_413952: ; CODE XREF: sub_413857+F6�j
test bl, 20h
jz short loc_41395A
or edx, 1
loc_41395A: ; CODE XREF: sub_413857+FE�j
test bl, 2
jz short loc_413965
or edx, 80000h
loc_413965: ; CODE XREF: sub_413857+106�j
movzx ecx, bx
mov eax, ecx
and eax, edi
jz short loc_413992
cmp eax, 400h
jz short loc_41398C
cmp eax, 800h
jz short loc_413984
cmp eax, edi
jnz short loc_413992
or edx, ebp
jmp short loc_413992
; ---------------------------------------------------------------------------
loc_413984: ; CODE XREF: sub_413857+123�j
or edx, 200h
jmp short loc_413992
; ---------------------------------------------------------------------------
loc_41398C: ; CODE XREF: sub_413857+11C�j
or edx, 100h
loc_413992: ; CODE XREF: sub_413857+115�j
; sub_413857+127�j ...
and ecx, ebp
jz short loc_4139A6
cmp ecx, 200h
jnz short loc_4139AC
or edx, 10000h
jmp short loc_4139AC
; ---------------------------------------------------------------------------
loc_4139A6: ; CODE XREF: sub_413857+13D�j
or edx, 20000h
loc_4139AC: ; CODE XREF: sub_413857+145�j
; sub_413857+14D�j
test bx, 1000h
jz short loc_4139B9
or edx, 40000h
loc_4139B9: ; CODE XREF: sub_413857+15A�j
mov eax, edx
mov [esp+20h+var_4], edx
loc_4139BF: ; CODE XREF: sub_413857+B8�j
cmp dword_4356E0, 0
jz loc_413B52
and esi, 308031Fh
mov edi, esi
stmxcsr [esp+20h+var_8]
mov eax, [esp+20h+var_8]
xor esi, esi
test al, al
jns short loc_4139E6
push 10h
pop esi
loc_4139E6: ; CODE XREF: sub_413857+18A�j
test ax, 200h
jz short loc_4139EF
or esi, 8
loc_4139EF: ; CODE XREF: sub_413857+193�j
test ax, 400h
jz short loc_4139F8
or esi, 4
loc_4139F8: ; CODE XREF: sub_413857+19C�j
test ax, 800h
jz short loc_413A01
or esi, 2
loc_413A01: ; CODE XREF: sub_413857+1A5�j
test ax, 1000h
jz short loc_413A0A
or esi, 1
loc_413A0A: ; CODE XREF: sub_413857+1AE�j
test ax, 100h
jz short loc_413A16
or esi, 80000h
loc_413A16: ; CODE XREF: sub_413857+1B7�j
mov ecx, eax
mov ebp, 6000h
and ecx, ebp
jz short loc_413A4B
cmp ecx, 2000h
jz short loc_413A45
cmp ecx, 4000h
jz short loc_413A3D
cmp ecx, ebp
jnz short loc_413A4B
or esi, 300h
jmp short loc_413A4B
; ---------------------------------------------------------------------------
loc_413A3D: ; CODE XREF: sub_413857+1D8�j
or esi, 200h
jmp short loc_413A4B
; ---------------------------------------------------------------------------
loc_413A45: ; CODE XREF: sub_413857+1D0�j
or esi, 100h
loc_413A4B: ; CODE XREF: sub_413857+1C8�j
; sub_413857+1DC�j ...
mov ebx, 8040h
and eax, ebx
sub eax, 40h
jz short loc_413A73
sub eax, 7FC0h
jz short loc_413A6B
sub eax, 40h
jnz short loc_413A79
or esi, 1000000h
jmp short loc_413A79
; ---------------------------------------------------------------------------
loc_413A6B: ; CODE XREF: sub_413857+205�j
or esi, 3000000h
jmp short loc_413A79
; ---------------------------------------------------------------------------
loc_413A73: ; CODE XREF: sub_413857+1FE�j
or esi, 2000000h
loc_413A79: ; CODE XREF: sub_413857+20A�j
; sub_413857+212�j ...
mov edx, edi
and edi, [esp+20h+arg_0]
not edx
and edx, esi
or edx, edi
cmp edx, esi
jnz short loc_413A90
mov eax, esi
jmp loc_413B3B
; ---------------------------------------------------------------------------
loc_413A90: ; CODE XREF: sub_413857+230�j
call sub_4137B7
push eax
mov [esp+24h+arg_4], eax
call sub_41048B
pop ecx
stmxcsr [esp+20h+arg_4]
mov eax, [esp+20h+arg_4]
xor edx, edx
test al, al
jns short loc_413AB2
push 10h
pop edx
loc_413AB2: ; CODE XREF: sub_413857+256�j
mov edi, 200h
test eax, edi
jz short loc_413ABE
or edx, 8
loc_413ABE: ; CODE XREF: sub_413857+262�j
test ax, 400h
jz short loc_413AC7
or edx, 4
loc_413AC7: ; CODE XREF: sub_413857+26B�j
test ax, 800h
jz short loc_413AD0
or edx, 2
loc_413AD0: ; CODE XREF: sub_413857+274�j
test ax, 1000h
jz short loc_413AD9
or edx, 1
loc_413AD9: ; CODE XREF: sub_413857+27D�j
mov esi, 100h
test eax, esi
jz short loc_413AE8
or edx, 80000h
loc_413AE8: ; CODE XREF: sub_413857+289�j
mov ecx, eax
and ecx, ebp
jz short loc_413B10
cmp ecx, 2000h
jz short loc_413B0E
cmp ecx, 4000h
jz short loc_413B0A
cmp ecx, ebp
jnz short loc_413B10
or edx, 300h
jmp short loc_413B10
; ---------------------------------------------------------------------------
loc_413B0A: ; CODE XREF: sub_413857+2A5�j
or edx, edi
jmp short loc_413B10
; ---------------------------------------------------------------------------
loc_413B0E: ; CODE XREF: sub_413857+29D�j
or edx, esi
loc_413B10: ; CODE XREF: sub_413857+295�j
; sub_413857+2A9�j ...
and eax, ebx
sub eax, 40h
jz short loc_413B33
sub eax, 7FC0h
jz short loc_413B2B
sub eax, 40h
jnz short loc_413B39
or edx, 1000000h
jmp short loc_413B39
; ---------------------------------------------------------------------------
loc_413B2B: ; CODE XREF: sub_413857+2C5�j
or edx, 3000000h
jmp short loc_413B39
; ---------------------------------------------------------------------------
loc_413B33: ; CODE XREF: sub_413857+2BE�j
or edx, 2000000h
loc_413B39: ; CODE XREF: sub_413857+2CA�j
; sub_413857+2D2�j ...
mov eax, edx
loc_413B3B: ; CODE XREF: sub_413857+234�j
mov ecx, [esp+20h+var_4]
mov edx, eax
xor edx, ecx
or eax, ecx
test edx, 8031Fh
jz short loc_413B52
or eax, 80000000h
loc_413B52: ; CODE XREF: sub_413857+16F�j
; sub_413857+2F4�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn
sub_413857 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B5A proc near ; CODE XREF: sub_41279D+326�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push ebx
push esi
xor esi, esi
cmp [ebp+arg_4], esi
push edi
mov [ebp+var_18], 404Eh
mov [eax], esi
mov [eax+4], esi
mov [eax+8], esi
jbe loc_413CD0
loc_413B8A: ; CODE XREF: sub_413B5A+146�j
mov edx, [eax]
mov ebx, [eax+4]
mov esi, eax
lea edi, [ebp+var_10]
movsd
movsd
movsd
mov ecx, edx
shr ecx, 1Fh
lea edi, [edx+edx]
lea edx, [ebx+ebx]
or edx, ecx
mov ecx, [eax+8]
mov esi, ebx
shr esi, 1Fh
add ecx, ecx
or ecx, esi
mov [ebp+var_14], edi
mov esi, edi
and [ebp+var_14], 0
mov ebx, edx
shr ebx, 1Fh
add ecx, ecx
shr edi, 1Fh
or ecx, ebx
mov ebx, [ebp+var_10]
add esi, esi
add edx, edx
or edx, edi
lea edi, [esi+ebx]
cmp edi, esi
mov [eax], esi
mov [eax+4], edx
mov [eax+8], ecx
jb short loc_413BE1
cmp edi, ebx
jnb short loc_413BE8
loc_413BE1: ; CODE XREF: sub_413B5A+81�j
mov [ebp+var_14], 1
loc_413BE8: ; CODE XREF: sub_413B5A+85�j
xor ebx, ebx
cmp [ebp+var_14], ebx
mov [eax], edi
jz short loc_413C0B
lea esi, [edx+1]
cmp esi, edx
jb short loc_413BFD
cmp esi, 1
jnb short loc_413C00
loc_413BFD: ; CODE XREF: sub_413B5A+9C�j
xor ebx, ebx
inc ebx
loc_413C00: ; CODE XREF: sub_413B5A+A1�j
test ebx, ebx
mov [eax+4], esi
jz short loc_413C0B
inc ecx
mov [eax+8], ecx
loc_413C0B: ; CODE XREF: sub_413B5A+95�j
; sub_413B5A+AB�j
mov ecx, [eax+4]
mov edx, [ebp+var_C]
lea ebx, [ecx+edx]
xor esi, esi
cmp ebx, ecx
jb short loc_413C1E
cmp ebx, edx
jnb short loc_413C21
loc_413C1E: ; CODE XREF: sub_413B5A+BE�j
xor esi, esi
inc esi
loc_413C21: ; CODE XREF: sub_413B5A+C2�j
test esi, esi
mov [eax+4], ebx
jz short loc_413C2B
inc dword ptr [eax+8]
loc_413C2B: ; CODE XREF: sub_413B5A+CC�j
mov ecx, [ebp+var_8]
add [eax+8], ecx
and [ebp+var_14], 0
lea ecx, [edi+edi]
mov edx, edi
shr edx, 1Fh
lea edi, [ebx+ebx]
or edi, edx
mov edx, [eax+8]
mov esi, ebx
shr esi, 1Fh
lea ebx, [edx+edx]
mov edx, [ebp+arg_0]
or ebx, esi
mov [eax], ecx
mov [eax+4], edi
mov [eax+8], ebx
movsx edx, byte ptr [edx]
lea esi, [ecx+edx]
cmp esi, ecx
mov [ebp+var_10], edx
jb short loc_413C6B
cmp esi, edx
jnb short loc_413C72
loc_413C6B: ; CODE XREF: sub_413B5A+10B�j
mov [ebp+var_14], 1
loc_413C72: ; CODE XREF: sub_413B5A+10F�j
cmp [ebp+var_14], 0
mov [eax], esi
jz short loc_413C96
lea ecx, [edi+1]
xor edx, edx
cmp ecx, edi
jb short loc_413C88
cmp ecx, 1
jnb short loc_413C8B
loc_413C88: ; CODE XREF: sub_413B5A+127�j
xor edx, edx
inc edx
loc_413C8B: ; CODE XREF: sub_413B5A+12C�j
test edx, edx
mov [eax+4], ecx
jz short loc_413C96
inc ebx
mov [eax+8], ebx
loc_413C96: ; CODE XREF: sub_413B5A+11E�j
; sub_413B5A+136�j
dec [ebp+arg_4]
inc [ebp+arg_0]
cmp [ebp+arg_4], 0
ja loc_413B8A
xor esi, esi
jmp short loc_413CD0
; ---------------------------------------------------------------------------
loc_413CAA: ; CODE XREF: sub_413B5A+179�j
mov ecx, [eax+4]
mov edx, ecx
shr edx, 10h
mov [eax+8], edx
mov edx, [eax]
mov edi, edx
shl ecx, 10h
shr edi, 10h
or ecx, edi
shl edx, 10h
add [ebp+var_18], 0FFF0h
mov [eax+4], ecx
mov [eax], edx
loc_413CD0: ; CODE XREF: sub_413B5A+2A�j
; sub_413B5A+14E�j
cmp [eax+8], esi
jz short loc_413CAA
mov ebx, 8000h
test [eax+8], ebx
jnz short loc_413D0F
loc_413CDF: ; CODE XREF: sub_413B5A+1B3�j
mov esi, [eax]
mov edi, [eax+4]
add [ebp+var_18], 0FFFFh
mov ecx, esi
add esi, esi
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
add ecx, ecx
or ecx, edx
test ecx, ebx
mov [eax+4], esi
mov [eax+8], ecx
jz short loc_413CDF
loc_413D0F: ; CODE XREF: sub_413B5A+183�j
mov cx, word ptr [ebp+var_18]
mov [eax+0Ah], cx
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_413B5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_413D26 proc near ; CODE XREF: sub_4045EC+24�p
; sub_408A9A+10�p ...
jmp ds:off_41D1B0
sub_413D26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D2C proc near ; CODE XREF: sub_413DDD+14B�p
; sub_413DDD+271�p ...
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 128h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor edi, edi
push 6
inc edi
push edi
push 2
mov [ebp+var_18], edi
call ds:dword_41D220
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_413D5D
xor al, al
jmp short loc_413DCF
; ---------------------------------------------------------------------------
loc_413D5D: ; CODE XREF: sub_413D2C+2B�j
push [ebp+arg_4]
call ds:dword_41D270
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
mov [ebp+var_14], 2
call ds:dword_41D268
and [ebp+var_1C], 0
push 10h
lea eax, [ebp+var_14]
push eax
push esi
mov [ebp+var_20], 5
mov [ebp+var_124], esi
mov [ebp+var_128], edi
call ds:dword_41D23C
lea eax, [ebp+var_20]
push eax
push 0
lea eax, [ebp+var_128]
push eax
push 0
push 0
call ds:dword_41D254
push esi
mov edi, eax
call ds:dword_41D280
test edi, edi
setnle al
loc_413DCF: ; CODE XREF: sub_413D2C+2F�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402AD0
leave
retn
sub_413D2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_413DDD proc near ; DATA XREF: .text:004027B9�o
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = byte ptr -240h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_130 = byte ptr -130h
var_30 = byte ptr -30h
var_20 = byte ptr -20h
var_1E = byte ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 25Ch
mov eax, dword_423064
xor eax, esp
mov [esp+25Ch+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 49h
pop ecx
lea edi, [esp+268h+var_130]
rep movsd
loc_413E09: ; CODE XREF: sub_413DDD+544�j
; sub_413DDD+555�j
lea eax, [esp+268h+var_250]
push eax
lea eax, [esp+26Ch+var_254]
push eax
lea eax, [esp+270h+var_258]
push eax
lea eax, [esp+274h+var_25C]
push eax
or edi, 0FFFFFFFFh
lea eax, [esp+278h+var_30]
push offset dword_41EF0C
push eax
mov [esp+280h+var_25C], edi
mov [esp+280h+var_258], edi
mov [esp+280h+var_254], edi
mov [esp+280h+var_250], edi
call sub_4039A4
add esp, 18h
cmp [esp+268h+var_1E], 0
jz short loc_413E97
cmp [esp+268h+var_25C], edi
mov esi, 0FEh
jnz short loc_413E67
mov eax, esi
xor ebx, ebx
call sub_419AB7
mov [esp+268h+var_25C], eax
loc_413E67: ; CODE XREF: sub_413DDD+7B�j
cmp [esp+268h+var_258], edi
jnz short loc_413E7A
mov eax, esi
xor ebx, ebx
call sub_419AB7
mov [esp+268h+var_258], eax
loc_413E7A: ; CODE XREF: sub_413DDD+8E�j
cmp [esp+268h+var_254], edi
jnz short loc_413E8D
mov eax, esi
xor ebx, ebx
call sub_419AB7
mov [esp+268h+var_254], eax
loc_413E8D: ; CODE XREF: sub_413DDD+A1�j
mov eax, [esp+268h+var_250]
cmp eax, edi
jnz short loc_413EE9
jmp short loc_413EC2
; ---------------------------------------------------------------------------
loc_413E97: ; CODE XREF: sub_413DDD+70�j
mov eax, [esp+268h+var_18]
sub eax, 0
jz short loc_413ED1
dec eax
jz short loc_413EB0
dec eax
jnz short loc_413EE5
mov eax, 0FEh
jmp short loc_413EC4
; ---------------------------------------------------------------------------
loc_413EB0: ; CODE XREF: sub_413DDD+C7�j
mov esi, 0FEh
loc_413EB5: ; CODE XREF: sub_413DDD+106�j
mov eax, esi
xor ebx, ebx
call sub_419AB7
mov [esp+268h+var_254], eax
loc_413EC2: ; CODE XREF: sub_413DDD+B8�j
mov eax, esi
loc_413EC4: ; CODE XREF: sub_413DDD+D1�j
xor ebx, ebx
call sub_419AB7
mov [esp+268h+var_250], eax
jmp short loc_413EE9
; ---------------------------------------------------------------------------
loc_413ED1: ; CODE XREF: sub_413DDD+C4�j
mov esi, 0FEh
mov eax, esi
xor ebx, ebx
call sub_419AB7
mov [esp+268h+var_258], eax
jmp short loc_413EB5
; ---------------------------------------------------------------------------
loc_413EE5: ; CODE XREF: sub_413DDD+CA�j
mov eax, [esp+268h+var_250]
loc_413EE9: ; CODE XREF: sub_413DDD+B6�j
; sub_413DDD+F2�j
shl eax, 8
add eax, [esp+268h+var_254]
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
mov [esp+268h+var_14], eax
mov eax, [esp+268h+var_1C]
cmp eax, edi
jnz loc_414128
xor ebx, ebx
mov [esp+268h+var_248], ebx
mov eax, offset dword_424548
loc_413F1F: ; CODE XREF: sub_413DDD+169�j
push dword ptr [eax]
push [esp+26Ch+var_14]
call sub_413D2C
test al, al
pop ecx
pop ecx
jnz short loc_413F4D
inc ebx
mov eax, ebx
imul eax, 2Ch
lea eax, dword_424548[eax]
cmp dword ptr [eax], 0
mov [esp+268h+var_248], ebx
jnz short loc_413F1F
jmp loc_414312
; ---------------------------------------------------------------------------
loc_413F4D: ; CODE XREF: sub_413DDD+154�j
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407F20
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset dword_41EF18
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402EAE
lea eax, [esp+278h+var_240]
add esp, 10h
lea esi, [eax+1]
loc_413F87: ; CODE XREF: sub_413DDD+1AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413F87
sub eax, esi
mov [esp+eax+268h+var_240], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_140], ebx
imul ebx, 2Ch
mov [esp+268h+var_13C], eax
mov eax, dword_424548[ebx]
mov [esp+268h+var_138], eax
mov al, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], al
mov al, [esp+378h+var_1E]
push 44h
pop ecx
mov [esp+378h+var_133], al
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call dword_424550[ebx]
mov esi, [esp+378h+var_250]
shl esi, 8
add esi, [esp+378h+var_254]
add esp, 110h
shl esi, 8
add esi, [esp+268h+var_258]
mov [esp+268h+var_24C], 100h
shl esi, 8
add esi, [esp+268h+var_25C]
mov [esp+268h+var_244], esi
loc_414020: ; CODE XREF: sub_413DDD+340�j
mov eax, [esp+268h+var_24C]
mov ecx, [esp+268h+var_254]
add eax, ecx
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
cmp eax, esi
mov [esp+268h+var_14], eax
jz loc_41410D
push dword_424548[ebx]
push eax
call sub_413D2C
test al, al
pop ecx
pop ecx
jz loc_41410D
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407F20
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset byte_41EF1C
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402EAE
lea eax, [esp+278h+var_240]
add esp, 10h
lea esi, [eax+1]
loc_414097: ; CODE XREF: sub_413DDD+2BF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414097
sub eax, esi
mov [esp+eax+268h+var_240], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_248]
mov [esp+268h+var_140], eax
mov eax, dword_424548[ebx]
mov [esp+268h+var_138], eax
mov al, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], al
mov al, [esp+378h+var_1E]
push 44h
pop ecx
mov [esp+378h+var_133], al
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call dword_424550[ebx]
mov esi, [esp+378h+var_244]
add esp, 110h
loc_41410D: ; CODE XREF: sub_413DDD+264�j
; sub_413DDD+27A�j
add [esp+268h+var_24C], 100h
cmp [esp+268h+var_24C], 0FE00h
jle loc_414020
jmp loc_41430D
; ---------------------------------------------------------------------------
loc_414128: ; CODE XREF: sub_413DDD+131�j
imul eax, 2Ch
push dword_424548[eax]
push [esp+26Ch+var_14]
call sub_413D2C
test al, al
pop ecx
pop ecx
jz loc_414312
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407F20
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset dword_41EF20
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402EAE
lea eax, [esp+278h+var_240]
add esp, 10h
lea ecx, [eax+1]
loc_414181: ; CODE XREF: sub_413DDD+3A9�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_414181
sub eax, ecx
mov [esp+eax+268h+var_240], dl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_1C]
mov [esp+268h+var_140], eax
imul eax, 2Ch
mov ecx, dword_424548[eax]
mov [esp+268h+var_138], ecx
mov cl, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], cl
push 44h
pop ecx
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call dword_424550[eax]
mov ebx, [esp+378h+var_250]
shl ebx, 8
add ebx, [esp+378h+var_254]
add esp, 110h
shl ebx, 8
add ebx, [esp+268h+var_258]
mov [esp+268h+var_24C], 100h
shl ebx, 8
add ebx, [esp+268h+var_25C]
loc_41420F: ; CODE XREF: sub_413DDD+52A�j
mov eax, [esp+268h+var_24C]
mov ecx, [esp+268h+var_254]
add eax, ecx
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
cmp eax, ebx
mov [esp+268h+var_14], eax
jz loc_4142F7
mov ecx, [esp+268h+var_1C]
imul ecx, 2Ch
push dword_424548[ecx]
push eax
call sub_413D2C
test al, al
pop ecx
pop ecx
jz loc_4142F7
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407F20
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset byte_41EF24
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402EAE
lea eax, [esp+278h+var_240]
add esp, 10h
lea esi, [eax+1]
loc_414290: ; CODE XREF: sub_413DDD+4B8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414290
sub eax, esi
mov [esp+eax+268h+var_240], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_1C]
mov [esp+268h+var_140], eax
imul eax, 2Ch
mov ecx, dword_424548[eax]
mov [esp+268h+var_138], ecx
mov cl, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], cl
push 44h
pop ecx
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call dword_424550[eax]
add esp, 110h
loc_4142F7: ; CODE XREF: sub_413DDD+453�j
; sub_413DDD+473�j
add [esp+268h+var_24C], 100h
cmp [esp+268h+var_24C], 0FE00h
jle loc_41420F
loc_41430D: ; CODE XREF: sub_413DDD+346�j
call sub_419AEB
loc_414312: ; CODE XREF: sub_413DDD+16B�j
; sub_413DDD+364�j
push 64h
call ds:off_41D0F8
cmp byte_428400, 0
jnz loc_413E09
push 2710h
call ds:off_41D0F8
jmp loc_413E09
sub_413DDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414337 proc near ; CODE XREF: sub_414446+144�p
var_508 = dword ptr -508h
var_504 = dword ptr -504h
var_500 = dword ptr -500h
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 508h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, ds:dword_41D26C
push esi
push edi
xor edi, edi
mov esi, 400h
loc_41435A: ; CODE XREF: sub_414337+CC�j
; sub_414337+FA�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_504], eax
mov [ebp+var_508], ecx
xor eax, eax
loc_41436E: ; CODE XREF: sub_414337+46�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_504], edx
jz short loc_41437F
inc eax
cmp eax, ecx
jb short loc_41436E
loc_41437F: ; CODE XREF: sub_414337+41�j
cmp eax, ecx
jnz short loc_414393
mov [ebp+var_500], edx
mov [ebp+var_508], 2
loc_414393: ; CODE XREF: sub_414337+4A�j
push esi
lea eax, [ebp+var_404]
push edi
push eax
call sub_407F20
add esp, 0Ch
push edi
push edi
push edi
lea eax, [ebp+var_508]
push eax
push edi
call ds:dword_41D254
lea eax, [ebp+var_508]
push eax
push [ebp+arg_4]
call sub_4029FC
test eax, eax
jz short loc_4143F2
push edi
push esi
lea eax, [ebp+var_404]
push eax
push [ebp+arg_4]
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_414437
push edi
push eax
lea eax, [ebp+var_404]
push eax
push [ebp+arg_0]
call ds:dword_41D228
cmp eax, 0FFFFFFFFh
jz short loc_414437
loc_4143F2: ; CODE XREF: sub_414337+8F�j
lea eax, [ebp+var_508]
push eax
push [ebp+arg_0]
call sub_4029FC
test eax, eax
jz loc_41435A
push edi
push esi
lea eax, [ebp+var_404]
push eax
push [ebp+arg_0]
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_414437
push edi
push eax
lea eax, [ebp+var_404]
push eax
push [ebp+arg_4]
call ds:dword_41D228
cmp eax, 0FFFFFFFFh
jnz loc_41435A
loc_414437: ; CODE XREF: sub_414337+A2�j
; sub_414337+B9�j ...
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_414337 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414446 proc near ; DATA XREF: sub_4145BE+189�o
var_530 = dword ptr -530h
var_52C = dword ptr -52Ch
var_528 = dword ptr -528h
var_524 = dword ptr -524h
var_420 = word ptr -420h
var_41E = word ptr -41Eh
var_41C = dword ptr -41Ch
var_414 = byte ptr -414h
var_410 = byte ptr -410h
var_40F = byte ptr -40Fh
var_40E = word ptr -40Eh
var_40C = dword ptr -40Ch
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_3FC = byte ptr -3FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 534h
mov eax, dword_423064
xor eax, esp
mov [esp+534h+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor ebx, ebx
lea eax, [esp+540h+var_530]
push eax
push ebx
push ebx
lea eax, [esp+54Ch+var_528]
push eax
push ebx
mov [esp+554h+var_530], 14h
mov [esp+554h+var_52C], ebx
mov [esp+554h+var_524], esi
mov [esp+554h+var_528], 1
call ds:dword_41D254
test eax, eax
jz loc_414591
push ebx
push 408h
lea eax, [esp+548h+var_410]
push eax
push esi
call ds:dword_41D26C
test eax, eax
jle loc_414591
cmp [esp+540h+var_410], 4
jnz loc_414591
cmp [esp+540h+var_40F], 1
jnz loc_414591
xor eax, eax
lea edi, [esp+540h+var_420]
stosd
stosd
stosd
stosd
mov ax, [esp+540h+var_40E]
push 6
mov [esp+544h+var_41E], ax
mov eax, [esp+544h+var_40C]
push 1
push 2
mov [esp+54Ch+var_420], 2
mov [esp+54Ch+var_41C], eax
call ds:dword_41D220
mov edi, eax
push 10h
lea eax, [esp+538h+var_414]
push eax
push edi
call ds:dword_41D23C
push 400h
cmp eax, 0FFFFFFFFh
push ebx
lea eax, [esp+53Ch+var_3FC]
mov [esp+53Ch+var_404], bl
push eax
jnz short loc_414566
mov [esp+540h+var_403], 5Bh
call sub_407F20
add esp, 0Ch
push ebx
push 8
lea eax, [esp+53Ch+var_404]
push eax
push esi
call ds:dword_41D228
jmp short loc_414591
; ---------------------------------------------------------------------------
loc_414566: ; CODE XREF: sub_414446+FA�j
mov [esp+540h+var_403], 5Ah
call sub_407F20
add esp, 0Ch
push ebx
push 8
lea eax, [esp+53Ch+var_404]
push eax
push esi
call ds:dword_41D228
push esi
push edi
call sub_414337
pop ecx
pop ecx
loc_414591: ; CODE XREF: sub_414446+4F�j
; sub_414446+6C�j ...
push esi
call ds:dword_41D280
call ds:off_41D0DC
push eax
call sub_41481B
pop ecx
mov ecx, [esp+540h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402AD0
mov esp, ebp
pop ebp
retn 4
sub_414446 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4145BE proc near ; DATA XREF: .text:00401F83�o
var_130 = byte ptr -130h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_14 = dword ptr -14h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_10 = byte ptr 18h
arg_20 = byte ptr 28h
arg_120 = dword ptr 128h
arg_12C = byte ptr 134h
arg_13C = dword ptr 144h
arg_144 = dword ptr 14Ch
arg_14C = dword ptr 154h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push 0FFFFFFFFh
push offset loc_41C991
mov eax, large fs:0
push eax
sub esp, 14Ch
mov eax, dword_423064
xor eax, esp
mov [esp+158h+var_14], eax
push esi
push edi
mov eax, dword_423064
xor eax, esp
push eax
lea eax, [esp+164h+var_C]
mov large fs:0, eax
mov esi, [ebp+arg_0]
mov [esp+164h+var_24], 0
xor eax, eax
lea edi, [esp+164h+var_23]
stosd
stosd
stosd
push 41h
pop ecx
stosw
push 6
stosb
push 1
lea edi, [esp+16Ch+var_130]
push 2
rep movsd
call ds:dword_41D220
push [esp+0Ch+arg_120]
mov dword_428528, eax
mov word ptr [esp+10h+arg_0], 2
call ds:dword_41D270
and [esp+0Ch+arg_4], 0
mov word ptr [esp+0Ch+arg_0+2], ax
push 10h
lea eax, [esp+10h+arg_0]
push eax
push dword_428528
call ds:dword_41D27C
test eax, eax
jge short loc_41466D
push offset dword_41F678
jmp short loc_414684
; ---------------------------------------------------------------------------
loc_41466D: ; CODE XREF: sub_4145BE+A6�j
push 0Ah
push dword_428528
call ds:dword_41D230
test eax, eax
jge short loc_4146D1
push offset dword_41F68C
loc_414684: ; CODE XREF: sub_4145BE+AD�j
lea eax, [esp+10h+arg_20]
push eax
push [esp+14h+arg_120+2]
push offset dword_4283FC
call sub_417B51
add esp, 10h
call ds:off_41D0DC
push eax
call sub_41481B
pop ecx
xor eax, eax
mov ecx, [esp+0Ch+arg_144]
mov large fs:0, ecx
pop ecx
pop edi
pop esi
mov ecx, [esp+arg_13C]
xor ecx, esp
call sub_402AD0
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_4146D1: ; CODE XREF: sub_4145BE+BF�j
push dword_4283FC
lea esi, [esp+10h+arg_12C]
call sub_4197B6
movsx eax, word ptr [esp+10h+arg_120]
pop ecx
push eax
mov eax, esi
push eax
push offset dword_41F6A0
lea eax, [esp+18h+arg_20]
push eax
push [esp+1Ch+arg_120+2]
push offset dword_4283FC
call sub_417B51
add esp, 18h
xor eax, eax
mov edi, esi
stosd
stosd
stosd
stosd
loc_414716: ; CODE XREF: sub_4145BE+1A0�j
push 0
lea eax, [esp+10h+arg_10]
push eax
push dword_428528
call ds:dword_41D234
push 8
mov edi, eax
call sub_40340B
mov esi, eax
pop ecx
mov [esp+10h], esi
and [esp+0Ch+arg_14C], 0
test esi, esi
jz short loc_414756
mov ecx, edi
push offset sub_414446
mov edi, offset dword_41F6AC
call sub_414884
loc_414756: ; CODE XREF: sub_4145BE+185�j
or [esp+0Ch+arg_14C], 0FFFFFFFFh
jmp short loc_414716
sub_4145BE endp
; ---------------------------------------------------------------------------
cmp dword ptr [eax+4], 0
setnz al
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414768 proc near ; CODE XREF: sub_4147FC+12�p
; sub_41481B+5D�p
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
and dword ptr [ebx+4], 0
mov eax, dword_43569C
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, offset dword_435698
push esi
push edi
mov [ebp+var_8], eax
mov [ebp+var_10], eax
loc_414789: ; CODE XREF: sub_414768+4C�j
mov eax, dword_43569C
lea edi, [ebp+var_10]
lea esi, [ebp+var_8]
mov [ebp+var_C], eax
call sub_40166F
test al, al
jz short loc_4147F1
call sub_40164F
mov ecx, [ebx]
cmp ecx, [eax+40h]
lea edi, [ebp+var_18]
jz short loc_4147B6
call sub_40168C
jmp short loc_414789
; ---------------------------------------------------------------------------
loc_4147B6: ; CODE XREF: sub_414768+45�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
lea esi, [ebp+var_10]
mov [ebp+var_C], eax
call sub_40168C
mov eax, [eax+4]
cmp eax, dword_43569C
jz short loc_4147F1
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
push eax
mov [ecx+4], edx
call sub_40332D
dec dword_4356A0
pop ecx
loc_4147F1: ; CODE XREF: sub_414768+36�j
; sub_414768+6B�j
push ebx
call sub_40332D
pop ecx
pop edi
pop esi
leave
retn
sub_414768 endp
; =============== S U B R O U T I N E =======================================
sub_4147FC proc near ; CODE XREF: .text:0040204E�p
; .text:00402870�p ...
push ebx
mov ebx, eax
push 0
push dword ptr [ebx+4]
call ds:off_41D094
test eax, eax
jz short loc_414817
call sub_414768
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_414817: ; CODE XREF: sub_4147FC+10�j
xor al, al
pop ebx
retn
sub_4147FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41481B proc near ; CODE XREF: sub_414446+159�p
; sub_4145BE+E6�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
mov eax, dword_43569C
mov eax, [eax]
push ebx
mov [esp+20h+var_14], eax
mov eax, offset dword_435698
push esi
push edi
mov [esp+28h+var_18], eax
mov [esp+28h+var_10], eax
loc_41483F: ; CODE XREF: sub_41481B+54�j
mov eax, dword_43569C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_41487D
call sub_40164F
mov ecx, [ebp+arg_0]
cmp ecx, [eax+40h]
jz short loc_414871
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_41483F
; ---------------------------------------------------------------------------
loc_414871: ; CODE XREF: sub_41481B+49�j
call sub_40164F
mov ebx, [eax]
call sub_414768
loc_41487D: ; CODE XREF: sub_41481B+3C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41481B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414884 proc near ; CODE XREF: .text:004019C1�p
; .text:00401BEB�p ...
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 54h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push esi
push 0
push ecx
push eax
push 0
push 0
call ds:off_41D090
test eax, eax
mov [esi+4], eax
jz short loc_4148DD
push edi
lea eax, [ebp+var_4B]
push 38h
push eax
call sub_402EAE
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_10], eax
mov eax, dword_43569C
push eax
mov ecx, offset dword_435698
push ecx
lea eax, [ebp+var_50]
push eax
mov [ebp+var_4C], 0
mov [ebp+var_50], esi
call sub_4016BA
loc_4148DD: ; CODE XREF: sub_414884+27�j
push 1
push dword ptr [esi+4]
call ds:off_41D07C
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402AD0
leave
retn 4
sub_414884 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4148F8 proc near ; CODE XREF: .text:0041B444�p
; .text:0041B452�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 1
push ebx
push esi
push edi
mov [ebp+var_2], 1
mov [ebp+var_1], 0
jnz loc_414A1E
mov eax, [ebp+arg_4]
lea ecx, [eax+18h]
and eax, 80000001h
mov [ebp+arg_0], ecx
jns short loc_414928
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_414928: ; CODE XREF: sub_4148F8+29�j
jz short loc_41492E
mov [ebp+var_1], 1
loc_41492E: ; CODE XREF: sub_4148F8:loc_414928�j
mov eax, 172h
cmp ecx, eax
jle short loc_414941
cmp [ebp+var_1], 1
jnz loc_414B12
loc_414941: ; CODE XREF: sub_4148F8+3D�j
inc ecx
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_414953
cmp [ebp+var_1], 1
jz loc_414B12
loc_414953: ; CODE XREF: sub_4148F8+4F�j
mov ebx, offset byte_435518
jmp short loc_41495F
; ---------------------------------------------------------------------------
loc_41495A: ; CODE XREF: sub_4148F8+F7�j
mov eax, 172h
loc_41495F: ; CODE XREF: sub_4148F8+60�j
inc [ebp+var_2]
and [ebp+var_8], 0
push eax
push 0
push ebx
call sub_407F20
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_425A7C
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_4], edi
mov byte_435526, cl
mov byte_43552A, cl
jle short loc_4149AE
loc_414994: ; CODE XREF: sub_4148F8+B4�j
mov esi, [ebp+var_8]
mov al, byte_4353A0[esi]
add al, cl
mov byte_435530[esi], al
inc esi
cmp esi, [ebp+arg_4]
mov [ebp+var_8], esi
jl short loc_414994
loc_4149AE: ; CODE XREF: sub_4148F8+9A�j
cmp [ebp+var_1], 1
jnz short loc_4149BD
mov eax, [ebp+var_8]
mov byte_435530[eax], cl
loc_4149BD: ; CODE XREF: sub_4148F8+BA�j
cmp [ebp+arg_0], edi
mov al, 1
jle short loc_4149FA
loc_4149C4: ; CODE XREF: sub_4148F8+EE�j
mov dl, byte_435518[edi]
xor esi, esi
loc_4149CC: ; CODE XREF: sub_4148F8+E0�j
cmp dl, byte_4257F4[esi]
jz short loc_4149DC
inc esi
cmp esi, 8
jl short loc_4149CC
jmp short loc_4149DE
; ---------------------------------------------------------------------------
loc_4149DC: ; CODE XREF: sub_4148F8+DA�j
xor al, al
loc_4149DE: ; CODE XREF: sub_4148F8+E2�j
test al, al
jz short loc_4149E8
inc edi
cmp edi, [ebp+arg_0]
jl short loc_4149C4
loc_4149E8: ; CODE XREF: sub_4148F8+E8�j
cmp al, 1
jz short loc_4149FA
cmp cl, 0FFh
jb loc_41495A
jmp loc_414B12
; ---------------------------------------------------------------------------
loc_4149FA: ; CODE XREF: sub_4148F8+CA�j
; sub_4148F8+F2�j ...
cmp [ebp+var_1], 1
jnz short loc_414A09
mov eax, [ebp+var_C]
inc [ebp+arg_4]
mov [ebp+arg_0], eax
loc_414A09: ; CODE XREF: sub_4148F8+106�j
mov eax, [ebp+arg_4]
cdq
sub eax, edx
sar eax, 1
mov byte_43551B, al
mov eax, [ebp+arg_0]
jmp loc_414B14
; ---------------------------------------------------------------------------
loc_414A1E: ; CODE XREF: sub_4148F8+15�j
cmp [ebp+arg_0], 2
jnz loc_414B12
mov eax, [ebp+arg_4]
lea ecx, [eax+18h]
and eax, 80000001h
mov [ebp+arg_0], ecx
jns short loc_414A3D
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_414A3D: ; CODE XREF: sub_4148F8+13E�j
jz short loc_414A43
mov [ebp+var_1], 1
loc_414A43: ; CODE XREF: sub_4148F8:loc_414A3D�j
mov eax, 172h
cmp ecx, eax
jle short loc_414A56
cmp [ebp+var_1], 1
jnz loc_414B12
loc_414A56: ; CODE XREF: sub_4148F8+152�j
inc ecx
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_414A68
cmp [ebp+var_1], 1
jz loc_414B12
loc_414A68: ; CODE XREF: sub_4148F8+164�j
mov ebx, offset byte_435518
jmp short loc_414A74
; ---------------------------------------------------------------------------
loc_414A6F: ; CODE XREF: sub_4148F8+214�j
mov eax, 172h
loc_414A74: ; CODE XREF: sub_4148F8+175�j
inc [ebp+var_2]
and [ebp+var_8], 0
push eax
push 0
push ebx
call sub_407F20
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_425A98
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_4], edi
mov byte_435526, cl
mov byte_43552A, cl
jle short loc_414AC3
loc_414AA9: ; CODE XREF: sub_4148F8+1C9�j
mov esi, [ebp+var_8]
mov al, byte_4353A0[esi]
xor al, cl
mov byte_435530[esi], al
inc esi
cmp esi, [ebp+arg_4]
mov [ebp+var_8], esi
jl short loc_414AA9
loc_414AC3: ; CODE XREF: sub_4148F8+1AF�j
cmp [ebp+var_1], 1
jnz short loc_414AD2
mov eax, [ebp+var_8]
mov byte_435530[eax], cl
loc_414AD2: ; CODE XREF: sub_4148F8+1CF�j
cmp [ebp+arg_0], edi
mov al, 1
jle loc_4149FA
loc_414ADD: ; CODE XREF: sub_4148F8+207�j
mov dl, byte_435518[edi]
xor esi, esi
loc_414AE5: ; CODE XREF: sub_4148F8+1F9�j
cmp dl, byte_4257F4[esi]
jz short loc_414AF5
inc esi
cmp esi, 8
jl short loc_414AE5
jmp short loc_414AF7
; ---------------------------------------------------------------------------
loc_414AF5: ; CODE XREF: sub_4148F8+1F3�j
xor al, al
loc_414AF7: ; CODE XREF: sub_4148F8+1FB�j
test al, al
jz short loc_414B01
inc edi
cmp edi, [ebp+arg_0]
jl short loc_414ADD
loc_414B01: ; CODE XREF: sub_4148F8+201�j
cmp al, 1
jz loc_4149FA
cmp cl, 0FFh
jb loc_414A6F
loc_414B12: ; CODE XREF: sub_4148F8+43�j
; sub_4148F8+55�j ...
xor eax, eax
loc_414B14: ; CODE XREF: sub_4148F8+121�j
pop edi
pop esi
pop ebx
leave
retn
sub_4148F8 endp
; =============== S U B R O U T I N E =======================================
sub_414B19 proc near ; CODE XREF: .text:0041B431�p
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, [esp+8+arg_0]
mov eax, ebp
lea edx, [eax+1]
loc_414B24: ; CODE XREF: sub_414B19+10�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414B24
sub eax, edx
lea ebx, [eax+0CCh]
cmp ebx, 172h
jg short loc_414B82
push esi
push edi
push ebx
push 0
push offset byte_4353A0
call sub_407F20
add esp, 0Ch
push 32h
pop ecx
mov esi, offset dword_425AB8
mov edi, offset byte_4353A0
rep movsd
movsw
mov eax, ebp
movsb
lea esi, [eax+1]
loc_414B64: ; CODE XREF: sub_414B19+50�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414B64
sub eax, esi
push eax
push ebp
push offset word_43546A
call sub_407FA0
add esp, 0Ch
pop edi
mov eax, ebx
pop esi
jmp short loc_414B84
; ---------------------------------------------------------------------------
loc_414B82: ; CODE XREF: sub_414B19+20�j
xor eax, eax
loc_414B84: ; CODE XREF: sub_414B19+67�j
pop ebp
pop ebx
retn
sub_414B19 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414B90 proc near ; CODE XREF: sub_41BDAA+64�p
xor ecx, ecx
push esi
push edi
mov [eax+8], ecx
mov [eax+0Ch], ecx
mov [eax], ecx
mov [eax+4], ecx
lea edi, [eax+10h]
mov ecx, 10h
mov esi, offset dword_41FEF8
rep movsd
pop edi
pop esi
retn
sub_414B90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414BC0 proc near ; CODE XREF: sub_4172D0+BE�p
; sub_4172D0+13B�p ...
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 160h
mov eax, [esp+160h+arg_0]
mov edx, [eax+54h]
push ebx
mov [esp+164h+var_FC], edx
mov edx, [eax+5Ch]
push ebp
push esi
mov [esp+16Ch+var_10C], edx
mov edx, [eax+64h]
push edi
lea esi, [eax+10h]
mov [esp+170h+var_4], esi
mov ecx, 10h
lea edi, [esp+170h+var_158]
rep movsd
mov ecx, [eax+50h]
mov [esp+170h+var_100], ecx
mov ecx, [eax+58h]
mov [esp+170h+var_110], ecx
mov ecx, [eax+60h]
mov [esp+170h+var_108], ecx
mov ecx, [eax+68h]
mov [esp+170h+var_104], edx
mov edx, [eax+6Ch]
mov [esp+170h+var_B8], ecx
mov ecx, [eax+70h]
mov [esp+170h+var_B4], edx
mov edx, [eax+74h]
mov [esp+170h+var_A8], ecx
mov ecx, [eax+78h]
mov [esp+170h+var_A4], edx
mov edx, [eax+7Ch]
mov [esp+170h+var_D0], ecx
mov ecx, [eax+80h]
mov [esp+170h+var_CC], edx
mov edx, [eax+84h]
mov esi, [eax+0C4h]
mov [esp+170h+var_D8], ecx
mov ecx, [eax+88h]
mov [esp+170h+var_D4], edx
mov edx, [eax+8Ch]
mov [esp+170h+var_118], ecx
mov ecx, [eax+90h]
mov [esp+170h+var_114], edx
mov edx, [eax+94h]
mov [esp+170h+var_C8], ecx
mov ecx, [eax+98h]
mov [esp+170h+var_C4], edx
mov edx, [eax+9Ch]
mov [esp+170h+var_F0], ecx
mov ecx, [eax+0A0h]
mov [esp+170h+var_EC], edx
mov edx, [eax+0A4h]
mov [esp+170h+var_E8], ecx
mov ecx, [eax+0A8h]
mov [esp+170h+var_E4], edx
mov edx, [eax+0ACh]
mov [esp+170h+var_F8], ecx
mov ecx, [eax+0B0h]
mov [esp+170h+var_F4], edx
mov edx, [eax+0B4h]
mov [esp+170h+var_B0], ecx
mov ecx, [eax+0B8h]
mov [esp+170h+var_AC], edx
mov edx, [eax+0BCh]
mov [esp+170h+var_C0], ecx
mov ecx, [eax+0C0h]
mov [esp+170h+var_BC], edx
mov edx, [eax+0C8h]
mov eax, [eax+0CCh]
xor edi, edi
mov [esp+170h+var_15C], edi
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_9C], esi
mov [esp+170h+var_E0], edx
mov [esp+170h+var_DC], eax
jmp short loc_414D5E
; ---------------------------------------------------------------------------
align 10h
loc_414D50: ; CODE XREF: sub_414BC0+2680�j
mov ecx, [esp+170h+var_A0]
mov esi, [esp+170h+var_9C]
loc_414D5E: ; CODE XREF: sub_414BC0+18A�j
test edi, edi
mov eax, [esp+170h+var_138]
mov edx, [esp+170h+var_134]
jz loc_414E48
mov edi, ecx
xor eax, eax
mov ebx, esi
shrd edi, ebx, 13h
or eax, edi
mov ebp, ecx
mov edx, ecx
mov edi, esi
shld esi, ebp, 3
shr ebx, 13h
shl edx, 0Dh
or edx, ebx
add ebp, ebp
xor ebx, ebx
or ebx, esi
mov esi, [esp+170h+var_9C]
shrd ecx, esi, 6
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor eax, edi
xor eax, ecx
mov ecx, [esp+170h+var_10C]
xor edx, ebx
mov [esp+170h+var_160], eax
mov eax, [esp+170h+var_110]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
shr esi, 6
xor edx, esi
xor edi, edi
or edi, ebx
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_10C]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_110]
shrd ecx, eax, 7
shr eax, 7
xor edi, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+arg_0]
xor edi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+50h], ecx
mov [eax+54h], edx
mov eax, edx
mov edx, [esp+170h+var_134]
mov [esp+170h+var_FC], eax
mov [esp+170h+var_54], eax
mov eax, [esp+170h+var_138]
mov [esp+170h+var_100], ecx
mov [esp+170h+var_58], ecx
jmp short loc_414E5E
; ---------------------------------------------------------------------------
loc_414E48: ; CODE XREF: sub_414BC0+1A8�j
mov ecx, [esp+170h+var_100]
mov [esp+170h+var_58], ecx
mov ecx, [esp+170h+var_FC]
mov [esp+170h+var_54], ecx
loc_414E5E: ; CODE XREF: sub_414BC0+286�j
mov ebx, edx
mov esi, edx
xor edi, edi
mov ecx, eax
shld ebx, ecx, 17h
or edi, ebx
shl ecx, 17h
xor ebx, ebx
shr esi, 9
or esi, ecx
mov ebp, eax
shrd ebp, edx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor esi, ebx
shr edx, 12h
mov ecx, eax
shl ecx, 0Eh
or ecx, edx
xor edi, ecx
xor ecx, ecx
mov ebx, eax
shrd ebx, ebp, 0Eh
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_134]
shr ebp, 0Eh
mov edx, eax
shl edx, 12h
or edx, ebp
mov ebp, [esp+170h+var_130]
xor edi, edx
and ebp, eax
mov edx, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not edx
and edx, [esp+170h+var_128]
not ebx
and ebx, [esp+170h+var_124]
xor edx, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add esi, edx
adc edi, ebx
add esi, ds:dword_41F9F8[eax*8]
adc edi, ds:dword_41F9FC[eax*8]
add esi, [esp+170h+var_58]
mov eax, [esp+170h+var_120]
adc edi, [esp+170h+var_54]
add eax, esi
adc ecx, edi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov eax, [esp+170h+var_154]
mov ecx, [esp+170h+var_158]
mov edx, ecx
mov esi, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
mov ecx, eax
xor edi, edx
xor esi, ebx
shr ecx, 7
mov ebx, [esp+170h+var_158]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
or ecx, ebx
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_14C]
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_158]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
and ecx, edx
mov edx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and edx, eax
xor ebx, ecx
xor ebp, edx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_415074
mov eax, [esp+170h+var_E0]
mov ecx, [esp+170h+var_DC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_108]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+58h], ecx
mov [eax+5Ch], edx
mov eax, edx
mov [esp+170h+var_110], ecx
mov [esp+170h+var_10C], eax
mov [esp+170h+var_28], ecx
jmp short loc_415083
; ---------------------------------------------------------------------------
loc_415074: ; CODE XREF: sub_414BC0+3D5�j
mov edx, [esp+170h+var_110]
mov eax, [esp+170h+var_10C]
mov [esp+170h+var_28], edx
loc_415083: ; CODE XREF: sub_414BC0+4B2�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_24], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA00[eax*8]
adc esi, ds:dword_41FA04[eax*8]
add edx, [esp+170h+var_28]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_24]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_41529E
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_100]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
mov [eax+60h], ecx
mov [eax+64h], edx
mov eax, edx
mov [esp+170h+var_108], ecx
mov [esp+170h+var_104], eax
mov [esp+170h+var_70], ecx
jmp short loc_4152AD
; ---------------------------------------------------------------------------
loc_41529E: ; CODE XREF: sub_414BC0+605�j
mov edx, [esp+170h+var_108]
mov eax, [esp+170h+var_104]
mov [esp+170h+var_70], edx
loc_4152AD: ; CODE XREF: sub_414BC0+6DC�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_6C], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA08[eax*8]
adc esi, ds:dword_41FA0C[eax*8]
add edx, [esp+170h+var_70]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_6C]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_4154DA
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_110]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_10C]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_110]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_10C]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
mov [eax+68h], ecx
mov [eax+6Ch], edx
mov eax, edx
mov [esp+170h+var_B8], ecx
mov [esp+170h+var_B4], eax
mov [esp+170h+var_38], ecx
jmp short loc_4154EF
; ---------------------------------------------------------------------------
loc_4154DA: ; CODE XREF: sub_414BC0+82F�j
mov edx, [esp+170h+var_B8]
mov eax, [esp+170h+var_B4]
mov [esp+170h+var_38], edx
loc_4154EF: ; CODE XREF: sub_414BC0+918�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_34], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA10[eax*8]
adc esi, ds:dword_41FA14[eax*8]
add edx, [esp+170h+var_38]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_34]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_415720
mov eax, [esp+170h+var_D0]
mov ecx, [esp+170h+var_CC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_108]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
mov [eax+70h], ecx
mov [eax+74h], edx
mov eax, edx
mov [esp+170h+var_A8], ecx
mov [esp+170h+var_A4], eax
mov [esp+170h+var_88], ecx
jmp short loc_415735
; ---------------------------------------------------------------------------
loc_415720: ; CODE XREF: sub_414BC0+A75�j
mov edx, [esp+170h+var_A8]
mov eax, [esp+170h+var_A4]
mov [esp+170h+var_88], edx
loc_415735: ; CODE XREF: sub_414BC0+B5E�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_84], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA18[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41FA1C[eax*8]
add edx, [esp+170h+var_88]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_84]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_4159A2
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_D8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_D4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_D8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+78h], ecx
mov [eax+7Ch], edx
mov eax, edx
mov [esp+170h+var_D0], ecx
mov [esp+170h+var_CC], eax
mov [esp+170h+var_60], ecx
jmp short loc_4159B7
; ---------------------------------------------------------------------------
loc_4159A2: ; CODE XREF: sub_414BC0+CEB�j
mov edx, [esp+170h+var_D0]
mov eax, [esp+170h+var_CC]
mov [esp+170h+var_60], edx
loc_4159B7: ; CODE XREF: sub_414BC0+DE0�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_5C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA20[eax*8]
adc esi, ds:dword_41FA24[eax*8]
add edx, [esp+170h+var_60]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_5C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_415BFD
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_118]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+80h], ecx
mov [eax+84h], edx
mov eax, edx
mov [esp+170h+var_D4], eax
mov [esp+170h+var_14], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_D8], ecx
mov [esp+170h+var_18], ecx
jmp short loc_415C19
; ---------------------------------------------------------------------------
loc_415BFD: ; CODE XREF: sub_414BC0+F41�j
mov edx, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov [esp+170h+var_18], edx
mov [esp+170h+var_14], ecx
loc_415C19: ; CODE XREF: sub_414BC0+103B�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA28[eax*8]
adc esi, ds:dword_41FA2C[eax*8]
add edx, [esp+170h+var_18]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_14]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_415E41
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_D0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_CC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_D0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
mov [eax+88h], ecx
mov [eax+8Ch], edx
mov eax, edx
mov [esp+170h+var_118], ecx
mov [esp+170h+var_114], eax
mov [esp+170h+var_48], ecx
jmp short loc_415E50
; ---------------------------------------------------------------------------
loc_415E41: ; CODE XREF: sub_414BC0+1196�j
mov edx, [esp+170h+var_118]
mov eax, [esp+170h+var_114]
mov [esp+170h+var_48], edx
loc_415E50: ; CODE XREF: sub_414BC0+127F�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_44], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA30[eax*8]
adc esi, ds:dword_41FA34[eax*8]
add edx, [esp+170h+var_48]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_44]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edx, edx
or edx, ebp
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
and eax, [esp+170h+var_13C]
and ebp, [esp+170h+var_144]
and ecx, edx
xor ebx, ecx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
adc [esp+170h+var_154], esi
cmp [esp+170h+var_15C], 0
jz loc_41608B
mov eax, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+90h], ecx
mov [eax+94h], edx
mov eax, edx
mov [esp+170h+var_C8], ecx
mov [esp+170h+var_C4], eax
mov [esp+170h+var_80], ecx
jmp short loc_4160A0
; ---------------------------------------------------------------------------
loc_41608B: ; CODE XREF: sub_414BC0+13D4�j
mov edx, [esp+170h+var_C8]
mov eax, [esp+170h+var_C4]
mov [esp+170h+var_80], edx
loc_4160A0: ; CODE XREF: sub_414BC0+14C9�j
mov ecx, [esp+170h+var_134]
mov ebx, ecx
mov [esp+170h+var_7C], eax
mov eax, [esp+170h+var_138]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_130]
xor esi, ecx
mov ecx, [esp+170h+var_134]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not ebx
and ebx, [esp+170h+var_124]
not edi
and edi, [esp+170h+var_128]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA38[eax*8]
adc esi, ds:dword_41FA3C[eax*8]
add edx, [esp+170h+var_80]
mov eax, [esp+170h+var_120]
adc esi, [esp+170h+var_7C]
add eax, edx
adc ecx, esi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_158]
mov eax, [esp+170h+var_154]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_158]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_14C]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_150]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_158]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
mov ecx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_4162D1
mov eax, [esp+170h+var_E8]
mov ecx, [esp+170h+var_E4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_118]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+98h], ecx
mov [eax+9Ch], edx
mov eax, edx
mov [esp+170h+var_F0], ecx
mov [esp+170h+var_EC], eax
mov [esp+170h+var_78], ecx
jmp short loc_4162E6
; ---------------------------------------------------------------------------
loc_4162D1: ; CODE XREF: sub_414BC0+1626�j
mov edx, [esp+170h+var_F0]
mov eax, [esp+170h+var_EC]
mov [esp+170h+var_78], edx
loc_4162E6: ; CODE XREF: sub_414BC0+170F�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_74], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA40[eax*8]
adc esi, ds:dword_41FA44[eax*8]
add edx, [esp+170h+var_78]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_74]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_416519
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
mov [eax+0A0h], ecx
mov [eax+0A4h], edx
mov eax, edx
mov [esp+170h+var_E8], ecx
mov [esp+170h+var_E4], eax
mov [esp+170h+var_68], ecx
jmp short loc_41652E
; ---------------------------------------------------------------------------
loc_416519: ; CODE XREF: sub_414BC0+1868�j
mov edx, [esp+170h+var_E8]
mov eax, [esp+170h+var_E4]
mov [esp+170h+var_68], edx
loc_41652E: ; CODE XREF: sub_414BC0+1957�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_64], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA48[eax*8]
adc esi, ds:dword_41FA4C[eax*8]
add edx, [esp+170h+var_68]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_64]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_416761
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
mov [eax+0A8h], ecx
mov [eax+0ACh], edx
mov eax, edx
mov [esp+170h+var_F8], ecx
mov [esp+170h+var_F4], eax
mov [esp+170h+var_50], ecx
jmp short loc_416770
; ---------------------------------------------------------------------------
loc_416761: ; CODE XREF: sub_414BC0+1AB0�j
mov edx, [esp+170h+var_F8]
mov eax, [esp+170h+var_F4]
mov [esp+170h+var_50], edx
loc_416770: ; CODE XREF: sub_414BC0+1B9F�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_4C], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA50[eax*8]
adc esi, ds:dword_41FA54[eax*8]
add edx, [esp+170h+var_50]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_4C]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_4169B3
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_E8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_E4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_E8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
mov [eax+0B0h], ecx
mov [eax+0B4h], edx
mov eax, edx
mov [esp+170h+var_B0], ecx
mov [esp+170h+var_AC], eax
mov [esp+170h+var_40], ecx
jmp short loc_4169C8
; ---------------------------------------------------------------------------
loc_4169B3: ; CODE XREF: sub_414BC0+1CF6�j
mov edx, [esp+170h+var_B0]
mov eax, [esp+170h+var_AC]
mov [esp+170h+var_40], edx
loc_4169C8: ; CODE XREF: sub_414BC0+1DF1�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_3C], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA58[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41FA5C[eax*8]
add edx, [esp+170h+var_40]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_3C]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_416C2F
mov eax, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_9C]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
mov [eax+0B8h], ecx
mov [eax+0BCh], edx
mov eax, edx
mov [esp+170h+var_C0], ecx
mov [esp+170h+var_BC], eax
mov [esp+170h+var_30], ecx
jmp short loc_416C44
; ---------------------------------------------------------------------------
loc_416C2F: ; CODE XREF: sub_414BC0+1F7E�j
mov edx, [esp+170h+var_C0]
mov eax, [esp+170h+var_BC]
mov [esp+170h+var_30], edx
loc_416C44: ; CODE XREF: sub_414BC0+206D�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_2C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA60[eax*8]
adc esi, ds:dword_41FA64[eax*8]
add edx, [esp+170h+var_30]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_2C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_416E90
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_E0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_DC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_E0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+0C0h], ecx
mov [eax+0C4h], edx
mov eax, edx
mov [esp+170h+var_9C], eax
mov [esp+170h+var_1C], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_20], ecx
jmp short loc_416EAC
; ---------------------------------------------------------------------------
loc_416E90: ; CODE XREF: sub_414BC0+21CE�j
mov edx, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov [esp+170h+var_20], edx
mov [esp+170h+var_1C], ecx
loc_416EAC: ; CODE XREF: sub_414BC0+22CE�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA68[eax*8]
adc esi, ds:dword_41FA6C[eax*8]
add edx, [esp+170h+var_20]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_1C]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_4170DA
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_100]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+0C8h], ecx
mov [eax+0CCh], edx
mov eax, edx
mov [esp+170h+var_E0], ecx
mov [esp+170h+var_DC], eax
mov [esp+170h+var_10], ecx
jmp short loc_4170EF
; ---------------------------------------------------------------------------
loc_4170DA: ; CODE XREF: sub_414BC0+2429�j
mov edx, [esp+170h+var_E0]
mov eax, [esp+170h+var_DC]
mov [esp+170h+var_10], edx
loc_4170EF: ; CODE XREF: sub_414BC0+2518�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_C], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41FA70[eax*8]
adc esi, ds:dword_41FA74[eax*8]
add edx, [esp+170h+var_10]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_C]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
xor edx, edx
or edx, ebp
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
and ecx, edx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
mov edx, ecx
and ebp, [esp+170h+var_144]
mov ecx, [esp+170h+var_13C]
and eax, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
mov edi, [esp+170h+var_15C]
adc [esp+170h+var_154], esi
add edi, 10h
cmp edi, 50h
mov [esp+170h+var_15C], edi
jb loc_414D50
mov eax, [esp+170h+var_4]
mov edx, [esp+170h+var_158]
add [eax], edx
mov edx, [esp+170h+var_154]
pop edi
adc [eax+4], edx
mov eax, [esp+16Ch+arg_0]
mov edx, [esp+16Ch+var_150]
add [eax+18h], edx
mov edx, [esp+16Ch+var_14C]
pop esi
adc [eax+1Ch], edx
mov edx, [esp+168h+var_148]
add [eax+20h], edx
mov edx, [esp+168h+var_144]
pop ebp
adc [eax+24h], edx
mov edx, [esp+164h+var_140]
add [eax+28h], edx
mov edx, [esp+164h+var_134]
pop ebx
adc [eax+2Ch], ecx
mov ecx, [esp+160h+var_138]
add [eax+30h], ecx
mov ecx, [esp+160h+var_130]
adc [eax+34h], edx
add [eax+38h], ecx
mov edx, [esp+160h+var_12C]
mov ecx, [esp+160h+var_128]
adc [eax+3Ch], edx
add [eax+40h], ecx
mov edx, [esp+160h+var_124]
mov ecx, [esp+160h+var_120]
adc [eax+44h], edx
add [eax+48h], ecx
mov edx, [esp+160h+var_11C]
adc [eax+4Ch], edx
add esp, 160h
retn
sub_414BC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4172D0 proc near ; CODE XREF: .text:00417552�p
; sub_41BDAA+CA�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov ecx, [ebx]
push ebp
and ecx, 7Fh
push esi
lea esi, [ecx+7]
shr esi, 3
push edi
mov [esp+10h+var_4], ecx
jz short loc_417335
lea edx, [ebx+esi*8+50h]
loc_4172E9: ; CODE XREF: sub_4172D0+5F�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov edi, eax
sub esi, 1
ror edi, 8
and edi, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or edi, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or edi, ecx
test esi, esi
mov [edx], eax
mov [edx+4], edi
jnz short loc_4172E9
mov ecx, [esp+10h+var_4]
loc_417335: ; CODE XREF: sub_4172D0+13�j
mov eax, ecx
and eax, 7
add eax, eax
add eax, eax
mov esi, dword_425BA8[eax+eax]
mov edi, dword_425BAC[eax+eax]
add eax, eax
mov edx, ecx
shr edx, 3
and esi, [ebx+edx*8+50h]
and edi, [ebx+edx*8+54h]
or esi, dword_425BE8[eax]
or edi, dword_425BEC[eax]
cmp ecx, 6Fh
mov [ebx+edx*8+50h], esi
mov [ebx+edx*8+54h], edi
jbe short loc_41739A
cmp ecx, 78h
jnb short loc_41738D
mov dword ptr [ebx+0C8h], 0
mov dword ptr [ebx+0CCh], 0
loc_41738D: ; CODE XREF: sub_4172D0+A7�j
push ebx
call sub_414BC0
add esp, 4
xor edx, edx
jmp short loc_4173A2
; ---------------------------------------------------------------------------
loc_41739A: ; CODE XREF: sub_4172D0+A2�j
add edx, 1
cmp edx, 0Eh
jnb short loc_4173C8
loc_4173A2: ; CODE XREF: sub_4172D0+C8�j
mov ecx, 0Dh
sub ecx, edx
add ecx, ecx
add ecx, ecx
lea esi, [ebx+edx*8+50h]
add ecx, ecx
shr ecx, 2
lea edi, [esi+8]
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
rep movsd
loc_4173C8: ; CODE XREF: sub_4172D0+D0�j
mov edx, [ebx+8]
mov esi, [ebx+0Ch]
mov ecx, [ebx+4]
mov eax, [ebx]
shld esi, edx, 3
add edx, edx
mov edi, ecx
shld ecx, eax, 3
add edx, edx
add eax, eax
add edx, edx
add eax, eax
shr edi, 1Dh
xor ebp, ebp
or edx, edi
add eax, eax
or esi, ebp
push ebx
mov [ebx+0C0h], edx
mov [ebx+0C4h], esi
mov [ebx+0C8h], eax
mov [ebx+0CCh], ecx
call sub_414BC0
add esp, 4
xor esi, esi
loc_417415: ; CODE XREF: sub_4172D0+171�j
mov ecx, esi
not ecx
and ecx, 7
mov edx, esi
shr edx, 3
mov eax, [ebx+edx*8+10h]
mov edx, [ebx+edx*8+14h]
add ecx, ecx
add ecx, ecx
add ecx, ecx
call sub_411C90
mov ecx, [esp+10h+arg_0]
mov [esi+ecx], al
add esi, 1
cmp esi, 40h
jb short loc_417415
pop edi
pop esi
pop ebp
pop ecx
retn
sub_4172D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417450 proc near ; CODE XREF: sub_41BDAA+A3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 0Ch
push ebx
mov ebx, [esp+10h+arg_4]
mov eax, [ebx]
push ebp
mov ebp, [esp+14h+arg_0]
push esi
push edi
and eax, 7Fh
mov edi, 80h
sub edi, eax
mov esi, ecx
xor ecx, ecx
add [ebx], ebp
adc [ebx+4], ecx
mov edx, [ebx+4]
cmp edx, ecx
ja short loc_41748B
jb short loc_417483
mov ecx, [ebx]
cmp ecx, ebp
jnb short loc_41748B
loc_417483: ; CODE XREF: sub_417450+2B�j
add dword ptr [ebx+8], 1
adc dword ptr [ebx+0Ch], 0
loc_41748B: ; CODE XREF: sub_417450+29�j
; sub_417450+31�j
cmp ebp, edi
jb loc_41752F
loc_417493: ; CODE XREF: sub_417450+D9�j
push edi
lea edx, [ebx+eax+50h]
push esi
push edx
call sub_407FA0
add esi, edi
add esp, 0Ch
sub ebp, edi
mov [esp+1Ch+var_4], esi
mov [esp+1Ch+arg_0], ebp
mov edi, 80h
mov [esp+1Ch+var_8], 0
mov esi, 10h
lea edx, [ebx+0D0h]
loc_4174C6: ; CODE XREF: sub_417450+BC�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov ebx, eax
sub esi, 1
ror ebx, 8
and ebx, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or ebx, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or ebx, ecx
test esi, esi
mov [edx], eax
mov [edx+4], ebx
jnz short loc_4174C6
mov ebx, [esp+1Ch+arg_4]
push ebx
call sub_414BC0
mov ebp, [esp+20h+arg_0]
mov eax, [esp+20h+var_8]
mov esi, [esp+20h+var_4]
add esp, 4
cmp ebp, edi
jnb loc_417493
loc_41752F: ; CODE XREF: sub_417450+3D�j
push ebp
lea edx, [eax+ebx+50h]
push esi
push edx
call sub_407FA0
add esp, 0Ch
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_417450 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push eax
call sub_4172D0
add esp, 4
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41755C proc near ; CODE XREF: sub_41755C+D5�p
; .text:0041B60E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_417575
mov ecx, [ebp+arg_4]
shr ecx, 18h
or cl, 1
jmp short loc_41757B
; ---------------------------------------------------------------------------
loc_417575: ; CODE XREF: sub_41755C+C�j
mov cl, byte ptr [ebp+arg_4+3]
and cl, 0FEh
loc_41757B: ; CODE XREF: sub_41755C+17�j
movzx eax, word ptr [ebp+arg_24]
mov ebx, [ebp+arg_20]
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_417598
lea edx, [ebx+18h]
mov [ebp+arg_14], ebx
or cl, 2
mov [ebp+arg_2B], 0
jmp short loc_4175A9
; ---------------------------------------------------------------------------
loc_417598: ; CODE XREF: sub_41755C+2B�j
mov dx, word ptr [ebp+arg_24]
add eax, 0FFFFFFE8h
mov [ebp+arg_14], eax
and cl, 0FDh
mov [ebp+arg_2B], 1
loc_4175A9: ; CODE XREF: sub_41755C+3A�j
movzx eax, dx
push eax
mov byte ptr [ebp+arg_4+3], cl
mov [ebp+arg_C], dx
mov [ebp+var_4], eax
call sub_403AA0
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_417648
push 6
pop ecx
mov edi, eax
lea esi, [ebp+arg_4]
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_407FA0
add esp, 0Ch
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:off_41D088
test eax, eax
jz short loc_41763F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_41763F
push [ebp+arg_20]
call sub_4039C3
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_41763B
push 0
push [ebp+arg_24]
sub ebx, edi
push ebx
add edi, esi
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
lea esi, [ebp+arg_4]
rep movsd
call sub_41755C
add esp, 2Ch
jmp short loc_41764A
; ---------------------------------------------------------------------------
loc_41763B: ; CODE XREF: sub_41755C+B8�j
mov al, 1
jmp short loc_41764A
; ---------------------------------------------------------------------------
loc_41763F: ; CODE XREF: sub_41755C+A1�j
; sub_41755C+A9�j
push [ebp+arg_20]
call sub_4039C3
pop ecx
loc_417648: ; CODE XREF: sub_41755C+66�j
xor al, al
loc_41764A: ; CODE XREF: sub_41755C+DD�j
; sub_41755C+E1�j
pop edi
pop esi
pop ebx
leave
retn
sub_41755C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41764F proc near ; CODE XREF: sub_417776+154�p
; sub_417909+152�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_0]
push 80000002h
call ds:off_41D004
test eax, eax
jz short loc_417684
push [ebp+var_4]
call ds:off_41D010
xor al, al
loc_417681: ; CODE XREF: sub_41764F+68�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_417684: ; CODE XREF: sub_41764F+25�j
mov eax, [ebp+arg_8]
push esi
lea esi, [eax+1]
loc_41768B: ; CODE XREF: sub_41764F+41�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41768B
sub eax, esi
push eax
push [ebp+arg_8]
push 1
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call ds:off_41D00C
test eax, eax
pop esi
jz short loc_4176B9
loc_4176AC: ; CODE XREF: sub_41764F+6C�j
push [ebp+var_4]
call ds:off_41D010
mov al, bl
jmp short loc_417681
; ---------------------------------------------------------------------------
loc_4176B9: ; CODE XREF: sub_41764F+5B�j
mov bl, 1
jmp short loc_4176AC
sub_41764F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4176BD proc near ; CODE XREF: sub_417776+113�p
; sub_417909+100�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 1
push 0
push [ebp+arg_4]
push 80000002h
call ds:off_41D02C
test eax, eax
jnz short loc_417705
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+arg_0]
push eax
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:off_41D008
test eax, eax
jnz short loc_417705
push [ebp+var_4]
call ds:off_41D010
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_417705: ; CODE XREF: sub_4176BD+1C�j
; sub_4176BD+39�j
push [ebp+var_4]
call ds:off_41D010
push [ebp+arg_10]
push 0
push [ebp+arg_C]
call sub_407F20
add esp, 0Ch
xor al, al
leave
retn
sub_4176BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417722 proc near ; CODE XREF: sub_419C67+134�p
; sub_41A28F+F2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:off_41D004
test eax, eax
jz short loc_417755
push [ebp+var_4]
call ds:off_41D010
xor al, al
loc_417752: ; CODE XREF: sub_417722+4E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_417755: ; CODE XREF: sub_417722+23�j
push [ebp+arg_8]
push [ebp+var_4]
call ds:off_41D000
test eax, eax
jz short loc_417772
loc_417765: ; CODE XREF: sub_417722+52�j
push [ebp+var_4]
call ds:off_41D010
mov al, bl
jmp short loc_417752
; ---------------------------------------------------------------------------
loc_417772: ; CODE XREF: sub_417722+41�j
mov bl, 1
jmp short loc_417765
sub_417722 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=94h
sub_417776 proc near ; CODE XREF: sub_41C28D:loc_41C5D3�p
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-94h]
sub esp, 114h
mov eax, dword_423064
xor eax, ebp
mov [ebp+94h+var_4], eax
push ebx
push esi
push edi
mov edi, 100h
push edi
call sub_402A08
mov esi, eax
push edi
mov [ebp+94h+var_110], esi
call sub_402A08
push edi
mov [ebp+94h+var_108], eax
call sub_402A08
push edi
mov [ebp+94h+var_114], eax
call sub_402A08
push [ebp+94h+var_114]
mov [ebp+94h+var_10C], eax
call sub_402E05
push eax
xor ebx, ebx
push ebx
push [ebp+94h+var_114]
call sub_407F20
push [ebp+94h+var_10C]
call sub_402E05
push eax
push ebx
push [ebp+94h+var_10C]
call sub_407F20
push edi
lea eax, [ebp+94h+var_104]
push ebx
push eax
call sub_407F20
push esi
call sub_402E05
add esp, 40h
push eax
push ebx
push esi
call sub_407F20
push [ebp+94h+var_108]
call sub_402E05
push eax
push ebx
push [ebp+94h+var_108]
call sub_407F20
push esi
call sub_402E05
push eax
mov ebx, offset byte_426B01
call sub_419EC1
mov esi, [ebp+94h+var_108]
push esi
call sub_402E05
push eax
mov ebx, offset byte_426A49
call sub_419EC1
mov ebx, [ebp+94h+var_114]
push ebx
call sub_402E05
add esp, 30h
dec eax
push eax
push ebx
call ds:off_41D0F0
push esi
mov esi, [ebp+94h+var_10C]
push ebx
push offset dword_420198
push esi
call sub_402E05
pop ecx
dec eax
push eax
push esi
call sub_402EAE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41786E: ; CODE XREF: sub_417776+FD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41786E
sub eax, ecx
push edi
mov [eax+esi], dl
lea eax, [ebp+94h+var_104]
push eax
push [ebp+94h+var_110]
push offset dword_4201A0
push 1
call sub_4176BD
add esp, 14h
test al, al
jz short loc_4178C1
lea eax, [ebp+94h+var_104]
mov ecx, esi
loc_41789A: ; CODE XREF: sub_417776+13C�j
mov dl, [ecx]
cmp dl, [eax]
jnz short loc_4178B8
test dl, dl
jz short loc_4178B4
mov dl, [ecx+1]
cmp dl, [eax+1]
jnz short loc_4178B8
inc ecx
inc ecx
inc eax
inc eax
test dl, dl
jnz short loc_41789A
loc_4178B4: ; CODE XREF: sub_417776+12C�j
xor eax, eax
jmp short loc_4178BD
; ---------------------------------------------------------------------------
loc_4178B8: ; CODE XREF: sub_417776+128�j
; sub_417776+134�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4178BD: ; CODE XREF: sub_417776+140�j
test eax, eax
jz short loc_4178D2
loc_4178C1: ; CODE XREF: sub_417776+11D�j
push esi
push [ebp+94h+var_110]
push offset dword_4201D0
call sub_41764F
add esp, 0Ch
loc_4178D2: ; CODE XREF: sub_417776+149�j
push [ebp+94h+var_110]
call sub_402F5B
push [ebp+94h+var_108]
call sub_402F5B
push ebx
call sub_402F5B
push esi
call sub_402F5B
mov ecx, [ebp+94h+var_4]
add esp, 10h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 94h
leave
retn
sub_417776 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_417909 proc near ; DATA XREF: sub_41C28D+357�o
var_504 = byte ptr -504h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_304 = byte ptr -304h
var_303 = byte ptr -303h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 504h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 0FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407F20
push esi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407F20
push esi
lea eax, [ebp+var_303]
push ebx
push eax
mov [ebp+var_304], bl
call sub_407F20
push esi
lea eax, [ebp+var_103]
push ebx
push eax
mov [ebp+var_104], bl
call sub_407F20
add esp, 30h
mov edi, 100h
loc_41797E: ; CODE XREF: sub_417909+1AE�j
push edi
lea esi, [ebp+var_204]
mov ebx, offset byte_426B01
call sub_419EC1
push edi
lea esi, [ebp+var_404]
mov ebx, offset byte_426A49
call sub_419EC1
pop ecx
pop ecx
mov esi, 0FFh
push esi
lea eax, [ebp+var_304]
push eax
call ds:off_41D0F0
lea eax, [ebp+var_404]
push eax
lea eax, [ebp+var_304]
push eax
push offset dword_420200
lea eax, [ebp+var_104]
push esi
push eax
call sub_402EAE
lea eax, [ebp+var_104]
add esp, 14h
lea ecx, [eax+1]
loc_4179E1: ; CODE XREF: sub_417909+DD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4179E1
sub eax, ecx
xor ebx, ebx
mov [ebp+eax+var_104], bl
push edi
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_204]
push eax
push offset dword_420208
push 1
call sub_4176BD
add esp, 14h
test al, al
jz short loc_417A48
lea ecx, [ebp+var_504]
lea eax, [ebp+var_104]
loc_417A21: ; CODE XREF: sub_417909+130�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417A3F
cmp dl, bl
jz short loc_417A3B
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417A3F
inc eax
inc eax
inc ecx
inc ecx
cmp dl, bl
jnz short loc_417A21
loc_417A3B: ; CODE XREF: sub_417909+120�j
xor eax, eax
jmp short loc_417A44
; ---------------------------------------------------------------------------
loc_417A3F: ; CODE XREF: sub_417909+11C�j
; sub_417909+128�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417A44: ; CODE XREF: sub_417909+134�j
cmp eax, ebx
jz short loc_417A63
loc_417A48: ; CODE XREF: sub_417909+10A�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_204]
push eax
push offset dword_420238
call sub_41764F
add esp, 0Ch
loc_417A63: ; CODE XREF: sub_417909+13D�j
push edi
lea eax, [ebp+var_304]
push ebx
push eax
call sub_407F20
push edi
lea eax, [ebp+var_104]
push ebx
push eax
call sub_407F20
push edi
lea eax, [ebp+var_504]
push ebx
push eax
call sub_407F20
push edi
lea eax, [ebp+var_204]
push ebx
push eax
call sub_407F20
push edi
lea eax, [ebp+var_404]
push ebx
push eax
call sub_407F20
add esp, 3Ch
push 3A98h
call ds:off_41D0F8
jmp loc_41797E
sub_417909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417ABC proc near ; CODE XREF: .text:00401CE6�p
; .text:00401D01�p ...
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
mov esi, 1FFh
push esi
lea eax, [ebp+var_203]
push 0
push eax
mov [ebp+var_204], 0
call sub_407F20
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_204]
push esi
push eax
call sub_4037F6
lea eax, [ebp+var_204]
add esp, 1Ch
lea esi, [eax+1]
loc_417B0B: ; CODE XREF: sub_417ABC+54�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417B0B
sub eax, esi
mov [ebp+eax+var_204], cl
lea eax, [ebp+var_204]
lea esi, [eax+1]
loc_417B24: ; CODE XREF: sub_417ABC+6D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417B24
push 0
sub eax, esi
push eax
lea eax, [ebp+var_204]
push eax
push dword ptr [edi]
call ds:dword_41D228
mov ecx, [ebp+var_4]
test eax, eax
setnz al
xor ecx, ebp
pop esi
call sub_402AD0
leave
retn
sub_417ABC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B51 proc near ; CODE XREF: .text:004019E3�p
; .text:00401C0D�p ...
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 40Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_408], eax
mov eax, [ebp+arg_8]
mov edi, 1FFh
xor ebx, ebx
push edi
mov [ebp+var_40C], eax
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407F20
push edi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407F20
add esp, 18h
cmp [ebp+arg_4], 1
jz loc_417C6D
push esi
push 0Dh
call sub_402A08
mov esi, eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_404]
push edi
push eax
call sub_4037F6
lea eax, [ebp+var_404]
add esp, 14h
lea ecx, [eax+1]
loc_417BDE: ; CODE XREF: sub_417B51+92�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_417BDE
sub eax, ecx
push esi
mov [ebp+eax+var_404], bl
call sub_402E05
push eax
mov ebx, offset dword_426F58
call sub_419EC1
lea eax, [ebp+var_404]
push eax
push [ebp+var_40C]
lea eax, [ebp+var_204]
push esi
push offset dword_4202F0
push edi
push eax
call sub_402EAE
lea eax, [ebp+var_204]
add esp, 20h
lea ecx, [eax+1]
loc_417C2B: ; CODE XREF: sub_417B51+DF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_417C2B
sub eax, ecx
push esi
mov [ebp+eax+var_204], dl
call sub_402F5B
pop ecx
lea eax, [ebp+var_204]
lea ecx, [eax+1]
pop esi
loc_417C4C: ; CODE XREF: sub_417B51+100�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_417C4C
sub eax, ecx
push 0
push eax
lea eax, [ebp+var_204]
push eax
mov eax, [ebp+var_408]
push dword ptr [eax]
call ds:dword_41D228
loc_417C6D: ; CODE XREF: sub_417B51+5D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_417B51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C7B proc near ; CODE XREF: sub_41881F+23B�p
; sub_418A8C+39�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor eax, eax
mov [ebp+var_40], 0
lea edi, [ebp+var_3F]
stosw
stosb
push 0Dh
pop ecx
mov esi, offset dword_420384
lea edi, [ebp+var_3C]
rep movsd
lea eax, [ebp+var_48]
push eax
movsb
call ds:off_41D1E8
call ds:off_41D104
mov ecx, [ebp+var_48]
mov edx, [ebp+var_44]
add ecx, edx
cmp eax, ecx
jb short loc_417CC7
add ecx, eax
jmp short loc_417CC9
; ---------------------------------------------------------------------------
loc_417CC7: ; CODE XREF: sub_417C7B+46�j
sub ecx, eax
loc_417CC9: ; CODE XREF: sub_417C7B+4A�j
push ecx
call sub_403716
pop ecx
push 8
pop ecx
xor eax, eax
mov edi, ebx
rep stosd
push offset dword_4203BC
stosw
push 22h
push ebx
stosb
call sub_402EAE
mov eax, ebx
add esp, 0Ch
lea esi, [eax+1]
loc_417CF1: ; CODE XREF: sub_417C7B+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417CF1
xor edi, edi
sub eax, esi
push edi
mov [eax+ebx], cl
push 4
pop ecx
lea esi, [ebp+var_40]
call sub_419641
pop ecx
mov eax, esi
push eax
push ebx
push offset dword_4203C0
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 14h
lea esi, [eax+1]
loc_417D25: ; CODE XREF: sub_417C7B+AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D25
sub eax, esi
push edi
push 4
lea esi, [ebp+var_40]
mov [eax+ebx], cl
call sub_41960F
mov eax, esi
push eax
push ebx
push offset dword_4203C8
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 1Ch
lea esi, [eax+1]
loc_417D55: ; CODE XREF: sub_417C7B+DF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D55
sub eax, esi
mov [eax+ebx], cl
call sub_419B37
test al, al
jz short loc_417D8C
push ebx
push offset dword_4203D0
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_417D80: ; CODE XREF: sub_417C7B+10A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D80
sub eax, esi
mov [eax+ebx], cl
loc_417D8C: ; CODE XREF: sub_417C7B+ED�j
call sub_419590
mov eax, dword_427FDC
cmp eax, edi
mov ecx, dword_427FD8
jg short loc_417DC8
jl short loc_417DA7
cmp ecx, 0Ah
jnb short loc_417DC8
loc_417DA7: ; CODE XREF: sub_417C7B+125�j
push eax
push ecx
push ebx
push offset dword_4203D8
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_417DBF: ; CODE XREF: sub_417C7B+149�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417DBF
jmp short loc_417DE7
; ---------------------------------------------------------------------------
loc_417DC8: ; CODE XREF: sub_417C7B+123�j
; sub_417C7B+12A�j
push eax
push ecx
push ebx
push offset dword_4203E4
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_417DE0: ; CODE XREF: sub_417C7B+16A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417DE0
loc_417DE7: ; CODE XREF: sub_417C7B+14B�j
sub eax, esi
mov byte ptr [eax+ebx], 0
xor esi, esi
cmp dword_426C04, edi
jle short loc_417E34
loc_417DF7: ; CODE XREF: sub_417C7B+1B7�j
call sub_403723
push 31h
pop ecx
xor edx, edx
div ecx
movsx eax, [ebp+edx+var_3C]
push eax
push ebx
push offset dword_4203F0
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 14h
lea edi, [eax+1]
loc_417E1F: ; CODE XREF: sub_417C7B+1A9�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E1F
sub eax, edi
inc esi
mov [eax+ebx], cl
cmp esi, dword_426C04
jl short loc_417DF7
loc_417E34: ; CODE XREF: sub_417C7B+17A�j
push ebx
push offset dword_4203F8
push 22h
push ebx
call sub_402EAE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_417E4A: ; CODE XREF: sub_417C7B+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E4A
sub eax, esi
mov [eax+ebx], cl
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
mov eax, ebx
pop esi
call sub_402AD0
leave
retn
sub_417C7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417E66 proc near ; CODE XREF: sub_41802D+6A7�p
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 824h
push ebx
push esi
push edi
push offset dword_420374
push [ebp+arg_14]
xor ebx, ebx
mov byte ptr [ebp+var_8], 0
mov [ebp+var_4], ebx
call sub_403DF4
jmp short loc_417EC8
; ---------------------------------------------------------------------------
loc_417E8A: ; CODE XREF: sub_417E66+68�j
mov eax, [ebp+var_4]
push offset dword_420378
push esi
mov [ebp+eax*4+var_820], esi
call sub_402C69
test eax, eax
pop ecx
pop ecx
jz short loc_417EB6
push offset dword_42037C
push esi
call sub_402C69
test eax, eax
pop ecx
pop ecx
jnz short loc_417EBA
loc_417EB6: ; CODE XREF: sub_417E66+3D�j
mov byte ptr [ebp+var_8], 1
loc_417EBA: ; CODE XREF: sub_417E66+4E�j
push offset dword_420380
push ebx
call sub_403DF4
inc [ebp+var_4]
loc_417EC8: ; CODE XREF: sub_417E66+22�j
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_417E8A
mov edi, [ebp+arg_0]
mov esi, [ebp+var_820]
add edi, 5
mov edx, edi
mov ecx, esi
loc_417EE0: ; CODE XREF: sub_417E66+92�j
mov al, [ecx]
cmp al, [edx]
jnz short loc_417EFE
test al, al
jz short loc_417EFA
mov al, [ecx+1]
cmp al, [edx+1]
jnz short loc_417EFE
inc ecx
inc ecx
inc edx
inc edx
test al, al
jnz short loc_417EE0
loc_417EFA: ; CODE XREF: sub_417E66+82�j
xor eax, eax
jmp short loc_417F03
; ---------------------------------------------------------------------------
loc_417EFE: ; CODE XREF: sub_417E66+7E�j
; sub_417E66+8A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417F03: ; CODE XREF: sub_417E66+96�j
cmp eax, ebx
jz short loc_417F14
mov eax, edi
mov ecx, esi
call sub_419834
test eax, eax
jz short loc_417F40
loc_417F14: ; CODE XREF: sub_417E66+9F�j
xor eax, eax
cmp [ebp+var_4], ebx
jle short loc_417F3D
mov ecx, [ebp+var_4]
dec ecx
loc_417F1F: ; CODE XREF: sub_417E66+CF�j
cmp eax, ecx
jz short loc_417F31
mov edx, [ebp+eax*4+var_81C]
mov [ebp+eax*4+var_820], edx
loc_417F31: ; CODE XREF: sub_417E66+BB�j
inc eax
cmp eax, [ebp+var_4]
jl short loc_417F1F
mov esi, [ebp+var_820]
loc_417F3D: ; CODE XREF: sub_417E66+B3�j
dec [ebp+var_4]
loc_417F40: ; CODE XREF: sub_417E66+AC�j
cmp byte ptr [ebp+var_8], bl
jz short loc_417F48
dec [ebp+var_4]
loc_417F48: ; CODE XREF: sub_417E66+DD�j
mov al, [esi]
cmp al, byte_4269D0
jnz loc_418026
mov eax, esi
lea ecx, [eax+1]
loc_417F5B: ; CODE XREF: sub_417E66+FA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_417F5B
sub eax, ecx
push eax
lea eax, [esi+1]
push eax
push esi
call sub_403CD0
mov eax, dword_435690
mov esi, [eax]
mov ebx, offset dword_43568C
mov edi, ebx
add esp, 0Ch
mov [ebp+var_C], esi
mov [ebp+var_10], edi
loc_417F86: ; CODE XREF: sub_417E66+192�j
test edi, edi
mov eax, dword_435690
mov [ebp+var_14], eax
jz short loc_417F96
cmp edi, ebx
jz short loc_417F9B
loc_417F96: ; CODE XREF: sub_417E66+12A�j
call sub_40331D
loc_417F9B: ; CODE XREF: sub_417E66+12E�j
cmp esi, [ebp+var_14]
jz loc_418026
test edi, edi
jnz short loc_417FAD
call sub_40331D
loc_417FAD: ; CODE XREF: sub_417E66+140�j
cmp esi, [edi+4]
jnz short loc_417FB7
call sub_40331D
loc_417FB7: ; CODE XREF: sub_417E66+14A�j
mov ecx, [ebp+var_820]
lea eax, [esi+0Ch]
loc_417FC0: ; CODE XREF: sub_417E66+172�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417FDE
test dl, dl
jz short loc_417FDA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417FDE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417FC0
loc_417FDA: ; CODE XREF: sub_417E66+162�j
xor eax, eax
jmp short loc_417FE3
; ---------------------------------------------------------------------------
loc_417FDE: ; CODE XREF: sub_417E66+15E�j
; sub_417E66+16A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417FE3: ; CODE XREF: sub_417E66+176�j
test eax, eax
jz short loc_417FFA
lea edi, [ebp+var_20]
lea esi, [ebp+var_10]
call sub_40168C
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jmp short loc_417F86
; ---------------------------------------------------------------------------
loc_417FFA: ; CODE XREF: sub_417E66+17F�j
cmp esi, [edi+4]
jnz short loc_418004
call sub_40331D
loc_418004: ; CODE XREF: sub_417E66+197�j
mov ecx, [esi+8]
mov eax, [ecx]
lea edx, [ebp+var_820]
push edx
mov edx, [ebp+var_4]
dec edx
push edx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_4]
call dword ptr [eax]
loc_418026: ; CODE XREF: sub_417E66+EA�j
; sub_417E66+138�j
pop edi
pop esi
pop ebx
leave
retn 18h
sub_417E66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41802D proc near ; CODE XREF: sub_4186F1+107�p
var_10F34 = dword ptr -10F34h
var_10734 = dword ptr -10734h
var_10730 = dword ptr -10730h
var_1072C = byte ptr -1072Ch
var_1062C = byte ptr -1062Ch
var_1052C = byte ptr -1052Ch
var_1042C = byte ptr -1042Ch
var_72C = byte ptr -72Ch
var_72B = byte ptr -72Bh
var_62C = byte ptr -62Ch
var_62B = byte ptr -62Bh
var_52C = byte ptr -52Ch
var_52B = byte ptr -52Bh
var_52A = byte ptr -52Ah
var_32C = byte ptr -32Ch
var_32B = byte ptr -32Bh
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_1AC = byte ptr -1ACh
var_1AB = byte ptr -1ABh
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_78 = byte ptr -78h
var_77 = byte ptr -77h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10F38h
call sub_4117B0
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [ebp+var_10734], eax
lea eax, [ebp+var_52B]
mov edi, ecx
push ebx
push eax
mov [ebp+var_10730], edi
mov [ebp+var_52C], bl
call sub_407F20
add esp, 0Ch
push edi
push offset dword_4202FC
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402EAE
lea eax, [ebp+var_52C]
add esp, 10h
lea edi, [eax+1]
loc_418095: ; CODE XREF: sub_41802D+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418095
sub eax, edi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
push offset dword_420300
push eax
call sub_403B70
push eax
push offset dword_420304
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402EAE
lea eax, [ebp+var_52C]
add esp, 18h
lea esi, [eax+1]
loc_4180D5: ; CODE XREF: sub_41802D+AD�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4180D5
sub eax, esi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
lea esi, [eax+1]
loc_4180EE: ; CODE XREF: sub_41802D+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4180EE
sub eax, esi
push eax
lea eax, [ebp+var_52A]
push eax
lea eax, [ebp+var_52C]
push eax
call sub_403CD0
add esp, 0Ch
push offset dword_420308
push [ebp+var_10730]
call sub_403DF4
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41816F
xor esi, esi
loc_418126: ; CODE XREF: sub_41802D+140�j
push eax
push offset dword_42030C
lea edi, [ebp+esi+var_1072C]
push 0FFh
push edi
call sub_402EAE
mov eax, edi
add esp, 10h
lea edi, [eax+1]
loc_418146: ; CODE XREF: sub_41802D+11E�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418146
sub eax, edi
add eax, esi
push offset dword_420310
push ebx
mov [ebp+eax+var_1072C], bl
call sub_403DF4
pop ecx
add esi, 100h
cmp eax, ebx
pop ecx
jnz short loc_418126
loc_41816F: ; CODE XREF: sub_41802D+F5�j
xor eax, eax
mov [ebp+var_2C], bl
lea edi, [ebp+var_2B]
stosd
stosd
xor eax, eax
mov [ebp+var_38], bl
lea edi, [ebp+var_37]
stosd
stosd
xor eax, eax
mov [ebp+var_54], bl
lea edi, [ebp+var_53]
stosd
stosd
stosd
xor eax, eax
mov [ebp+var_20], bl
lea edi, [ebp+var_1F]
stosd
push 0FFh
stosd
lea eax, [ebp+var_32B]
push ebx
push eax
mov [ebp+var_32C], bl
call sub_407F20
add esp, 0Ch
push 2Fh
lea eax, [ebp+var_A7]
push ebx
push eax
mov [ebp+var_A8], bl
call sub_407F20
xor eax, eax
mov [ebp+var_14], bl
lea edi, [ebp+var_13]
stosd
stosd
xor eax, eax
mov [ebp+var_44], bl
lea edi, [ebp+var_43]
stosd
add esp, 0Ch
push 7Fh
stosd
lea eax, [ebp+var_22B]
push ebx
push eax
mov [ebp+var_22C], bl
call sub_407F20
add esp, 0Ch
push 9
lea esi, [ebp+var_2C]
mov ebx, offset byte_426F2B
call sub_419EC1
pop ecx
push 9
lea esi, [ebp+var_38]
mov ebx, offset byte_426F3D
call sub_419EC1
pop ecx
push 0Dh
lea esi, [ebp+var_54]
mov ebx, offset dword_426F58
call sub_419EC1
pop ecx
lea ecx, [ebp+var_2C]
lea eax, [ebp+var_1072C]
loc_418230: ; CODE XREF: sub_41802D+21B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_41824E
test dl, dl
jz short loc_41824A
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_41824E
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_418230
loc_41824A: ; CODE XREF: sub_41802D+20B�j
xor eax, eax
jmp short loc_418253
; ---------------------------------------------------------------------------
loc_41824E: ; CODE XREF: sub_41802D+207�j
; sub_41802D+213�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_418253: ; CODE XREF: sub_41802D+21F�j
test eax, eax
jnz short loc_418297
push 9
lea esi, [ebp+var_20]
mov ebx, offset dword_426F34
call sub_419EC1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_1062C]
push eax
mov eax, esi
push eax
push offset dword_420314
call sub_417ABC
add esp, 0Ch
test al, al
jnz short loc_41828F
loc_418288: ; CODE XREF: sub_41802D+333�j
xor al, al
jmp loc_4186E0
; ---------------------------------------------------------------------------
loc_41828F: ; CODE XREF: sub_41802D+259�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosb
loc_418297: ; CODE XREF: sub_41802D+228�j
lea ecx, [ebp+var_38]
lea eax, [ebp+var_1062C]
loc_4182A0: ; CODE XREF: sub_41802D+28B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_4182BE
test dl, dl
jz short loc_4182BA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_4182BE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_4182A0
loc_4182BA: ; CODE XREF: sub_41802D+27B�j
xor eax, eax
jmp short loc_4182C3
; ---------------------------------------------------------------------------
loc_4182BE: ; CODE XREF: sub_41802D+277�j
; sub_41802D+283�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4182C3: ; CODE XREF: sub_41802D+28F�j
test eax, eax
jnz loc_418365
push 100h
lea esi, [ebp+var_32C]
mov ebx, offset dword_4268B8
call sub_419EC1
pop ecx
mov ecx, esi
lea eax, [ebp+var_1052C]
loc_4182E9: ; CODE XREF: sub_41802D+2D4�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_418307
test dl, dl
jz short loc_418303
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_418307
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_4182E9
loc_418303: ; CODE XREF: sub_41802D+2C4�j
xor eax, eax
jmp short loc_41830C
; ---------------------------------------------------------------------------
loc_418307: ; CODE XREF: sub_41802D+2C0�j
; sub_41802D+2CC�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41830C: ; CODE XREF: sub_41802D+2D8�j
test eax, eax
jnz loc_4186DE
push 9
lea esi, [ebp+var_14]
mov ebx, offset word_426F46
call sub_419EC1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_4269B8
call sub_419EC1
mov edi, [ebp+var_10734]
pop ecx
mov eax, esi
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
push offset dword_42031C
call sub_417ABC
add esp, 10h
loc_418358: ; CODE XREF: sub_41802D+3E0�j
test al, al
jnz loc_4186DE
jmp loc_418288
; ---------------------------------------------------------------------------
loc_418365: ; CODE XREF: sub_41802D+298�j
push 4
mov edi, offset dword_420328
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_418412
push 9
lea esi, [ebp+var_14]
mov ebx, offset word_426F46
call sub_419EC1
pop ecx
push 9
lea esi, [ebp+var_44]
mov ebx, offset byte_426F4F
call sub_419EC1
lea esi, [ebp+var_32C]
mov ebx, offset dword_4268B8
mov [esp+10h+var_10], 100h
call sub_419EC1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_4269B8
call sub_419EC1
pop ecx
push 80h
lea esi, [ebp+var_22C]
mov ebx, offset byte_4269D1
call sub_419EC1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, esi
push eax
lea eax, [edi+5]
push eax
lea eax, [ebp+var_44]
push eax
push offset dword_42032C
call sub_417ABC
add esp, 1Ch
jmp loc_418358
; ---------------------------------------------------------------------------
loc_418412: ; CODE XREF: sub_41802D+34A�j
lea ecx, [ebp+var_54]
lea eax, [ebp+var_1062C]
loc_41841B: ; CODE XREF: sub_41802D+406�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_418439
test dl, dl
jz short loc_418435
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_418439
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_41841B
loc_418435: ; CODE XREF: sub_41802D+3F6�j
xor eax, eax
jmp short loc_41843E
; ---------------------------------------------------------------------------
loc_418439: ; CODE XREF: sub_41802D+3F2�j
; sub_41802D+3FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41843E: ; CODE XREF: sub_41802D+40A�j
test eax, eax
jz short loc_41845A
push 4
mov edi, offset dword_420344
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_4186DE
loc_41845A: ; CODE XREF: sub_41802D+413�j
push 8
pop ecx
xor eax, eax
mov [ebp+var_78], 0
lea edi, [ebp+var_77]
rep stosd
mov ebx, 0FFh
push ebx
stosw
xor esi, esi
lea eax, [ebp+var_1AB]
push esi
push eax
mov byte ptr [ebp+var_10730], 0
mov [ebp+var_1AC], 0
call sub_407F20
add esp, 0Ch
push ebx
lea eax, [ebp+var_62B]
push esi
push eax
mov [ebp+var_62C], 0
call sub_407F20
add esp, 0Ch
push ebx
lea eax, [ebp+var_72B]
push esi
push eax
mov [ebp+var_72C], 0
call sub_407F20
add esp, 0Ch
lea eax, [ebp+var_1072C]
push offset dword_420348
push eax
call sub_403DF4
push eax
push offset dword_42034C
lea eax, [ebp+var_62C]
push ebx
push eax
call sub_402EAE
lea eax, [ebp+var_62C]
add esp, 18h
lea esi, [eax+1]
loc_4184F0: ; CODE XREF: sub_41802D+4C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4184F0
sub eax, esi
mov [ebp+eax+var_62C], cl
lea eax, [ebp+var_1072C]
push offset dword_420350
push eax
call sub_403DF4
push eax
push offset dword_420354
lea eax, [ebp+var_78]
push 22h
push eax
call sub_402EAE
lea eax, [ebp+var_78]
add esp, 18h
lea esi, [eax+1]
loc_41852B: ; CODE XREF: sub_41802D+503�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41852B
sub eax, esi
mov [ebp+eax+var_78], cl
lea eax, [ebp+var_78]
lea esi, [eax+1]
loc_41853E: ; CODE XREF: sub_41802D+516�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41853E
sub eax, esi
push eax
lea eax, [ebp+var_77]
push eax
lea eax, [ebp+var_78]
push eax
call sub_403CD0
add esp, 0Ch
push 4
mov edi, offset dword_420358
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4185A4
lea eax, [ebp+var_1042C]
push eax
push offset dword_42035C
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402EAE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_418591: ; CODE XREF: sub_41802D+569�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418591
mov byte ptr [ebp+var_10730], 1
jmp loc_418631
; ---------------------------------------------------------------------------
loc_4185A4: ; CODE XREF: sub_41802D+53D�j
mov esi, [ebp+var_10734]
add esi, 5
lea eax, [ebp+var_1052C]
loc_4185B3: ; CODE XREF: sub_41802D+59E�j
mov cl, [eax]
cmp cl, [esi]
jnz short loc_4185D1
test cl, cl
jz short loc_4185CD
mov cl, [eax+1]
cmp cl, [esi+1]
jnz short loc_4185D1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_4185B3
loc_4185CD: ; CODE XREF: sub_41802D+58E�j
xor eax, eax
jmp short loc_4185D6
; ---------------------------------------------------------------------------
loc_4185D1: ; CODE XREF: sub_41802D+58A�j
; sub_41802D+596�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4185D6: ; CODE XREF: sub_41802D+5A2�j
test eax, eax
jnz short loc_418605
lea eax, [ebp+var_78]
push eax
push offset dword_420360
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402EAE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_4185FC: ; CODE XREF: sub_41802D+5D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4185FC
jmp short loc_418631
; ---------------------------------------------------------------------------
loc_418605: ; CODE XREF: sub_41802D+5AB�j
lea eax, [ebp+var_1052C]
push eax
push offset dword_420364
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402EAE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_41862A: ; CODE XREF: sub_41802D+602�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41862A
loc_418631: ; CODE XREF: sub_41802D+572�j
; sub_41802D+5D6�j
sub eax, edx
push 100h
lea esi, [ebp+var_72C]
mov ebx, offset byte_426A09
mov [ebp+eax+var_1AC], 0
call sub_419EC1
pop ecx
lea eax, [ebp+var_62C]
mov ecx, esi
call sub_419834
test eax, eax
jnz short loc_41866A
cmp byte ptr [ebp+var_10730], al
jz short loc_4186DE
loc_41866A: ; CODE XREF: sub_41802D+633�j
xor edi, edi
cmp byte ptr [ebp+var_10730], 0
lea eax, [ebp+var_52C]
jz short loc_418682
push offset dword_420368
jmp short loc_418687
; ---------------------------------------------------------------------------
loc_418682: ; CODE XREF: sub_41802D+64C�j
push offset dword_42036C
loc_418687: ; CODE XREF: sub_41802D+653�j
push eax
call sub_403DF4
jmp short loc_4186A3
; ---------------------------------------------------------------------------
loc_41868F: ; CODE XREF: sub_41802D+67A�j
push offset dword_420370
push 0
mov [ebp+edi*4+var_10F34], eax
call sub_403DF4
inc edi
loc_4186A3: ; CODE XREF: sub_41802D+660�j
test eax, eax
pop ecx
pop ecx
jnz short loc_41868F
xor esi, esi
test edi, edi
jle short loc_4186DE
loc_4186AF: ; CODE XREF: sub_41802D+6AF�j
push [ebp+esi*4+var_10F34]
lea eax, [ebp+var_1AC]
push eax
lea eax, [ebp+var_62C]
push eax
lea eax, [ebp+var_78]
push eax
push [ebp+var_10730]
push [ebp+var_10734]
call sub_417E66
inc esi
cmp esi, edi
jl short loc_4186AF
loc_4186DE: ; CODE XREF: sub_41802D+2E1�j
; sub_41802D+32D�j ...
mov al, 1
loc_4186E0: ; CODE XREF: sub_41802D+25D�j
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn 4
sub_41802D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4186F1 proc near ; CODE XREF: sub_41C28D+477�p
var_20414 = dword ptr -20414h
var_20410 = dword ptr -20410h
var_2040C = dword ptr -2040Ch
var_20408 = byte ptr -20408h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 20414h
call sub_4117B0
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_407]
mov edi, ecx
push ebx
push eax
mov [ebp+var_20414], edi
mov [ebp+var_408], bl
call sub_407F20
add esp, 0Ch
push ebx
push esi
lea eax, [ebp+var_408]
push eax
push dword ptr [edi]
mov [ebp+var_2040C], ebx
call ds:dword_41D26C
test eax, eax
jz loc_418806
lea eax, [ebp+var_408]
lea edx, [eax+1]
loc_418759: ; CODE XREF: sub_4186F1+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418759
sub eax, edx
mov [ebp+eax+var_408], bl
lea eax, [ebp+var_408]
push offset dword_4202E4
push eax
call sub_403DF4
push 20000h
mov edi, eax
lea eax, [ebp+var_20408]
push ebx
push eax
call sub_407F20
add esp, 14h
cmp edi, ebx
mov esi, 200h
jz short loc_4187DC
lea eax, [ebp+var_20408]
mov [ebp+var_20410], eax
loc_4187A6: ; CODE XREF: sub_4186F1+E9�j
push edi
push offset dword_4202E8
push 1FFh
push [ebp+var_20410]
call sub_402EAE
push offset dword_4202EC
push ebx
call sub_403DF4
add [ebp+var_20410], esi
add esp, 18h
inc [ebp+var_2040C]
mov edi, eax
cmp edi, ebx
jnz short loc_4187A6
loc_4187DC: ; CODE XREF: sub_4186F1+A7�j
cmp [ebp+var_2040C], ebx
jle short loc_418802
mov ebx, [ebp+var_2040C]
lea edi, [ebp+var_20408]
loc_4187F0: ; CODE XREF: sub_4186F1+10F�j
push [ebp+var_20414]
mov ecx, edi
call sub_41802D
add edi, esi
dec ebx
jnz short loc_4187F0
loc_418802: ; CODE XREF: sub_4186F1+F1�j
mov al, 1
jmp short loc_418810
; ---------------------------------------------------------------------------
loc_418806: ; CODE XREF: sub_4186F1+59�j
push dword ptr [edi]
call ds:dword_41D280
xor al, al
loc_418810: ; CODE XREF: sub_4186F1+113�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_4186F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41881F proc near ; CODE XREF: sub_41C28D+465�p
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = byte ptr -444h
var_443 = byte ptr -443h
var_440 = word ptr -440h
var_43E = word ptr -43Eh
var_43C = byte ptr -43Ch
var_430 = byte ptr -430h
var_42F = byte ptr -42Fh
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 454h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 0
push 1
mov edi, ecx
push 2
mov [ebp+var_450], edi
mov ebx, edx
mov [ebp+var_44C], eax
call ds:dword_41D220
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_418869
push eax
loc_41885C: ; CODE XREF: sub_41881F+8B�j
call ds:dword_41D280
xor al, al
jmp loc_418A7B
; ---------------------------------------------------------------------------
loc_418869: ; CODE XREF: sub_41881F+3A�j
push 1FFh
lea eax, [ebp+var_22F]
push 0
push eax
mov [ebp+var_230], 0
call sub_407F20
add esp, 0Ch
push 200h
lea esi, [ebp+var_230]
call sub_419EC1
pop ecx
mov eax, esi
push eax
call ds:dword_41D244
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jnz short loc_4188AC
loc_4188A8: ; CODE XREF: sub_41881F+E7�j
push dword ptr [edi]
jmp short loc_41885C
; ---------------------------------------------------------------------------
loc_4188AC: ; CODE XREF: sub_41881F+87�j
push 200h
lea eax, [ebp+var_230]
push ebx
push eax
call sub_407F20
movsx eax, word ptr [esi+0Ah]
add esp, 0Ch
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp+var_43C]
push eax
call sub_407FA0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_440], 2
call ds:dword_41D270
mov [ebp+var_43E], ax
push 10h
lea eax, [ebp+var_440]
push eax
push dword ptr [edi]
call ds:dword_41D23C
test eax, eax
jnz short loc_4188A8
mov eax, [ebp+var_44C]
lea edx, [eax+1]
loc_418911: ; CODE XREF: sub_41881F+F7�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418911
sub eax, edx
jz short loc_418987
xor eax, eax
mov [ebp+var_18], bl
lea edi, [ebp+var_17]
stosd
push 1FFh
stosd
lea eax, [ebp+var_42F]
push ebx
push eax
mov [ebp+var_430], bl
call sub_407F20
mov ebx, [ebp+var_44C]
add esp, 0Ch
push 200h
lea esi, [ebp+var_430]
call sub_419EC1
pop ecx
push 9
lea esi, [ebp+var_18]
mov ebx, offset byte_426F19
call sub_419EC1
mov edi, [ebp+var_450]
pop ecx
lea eax, [ebp+var_430]
push eax
mov eax, esi
push eax
push offset dword_4202BC
call sub_417ABC
add esp, 0Ch
xor ebx, ebx
loc_418987: ; CODE XREF: sub_41881F+FB�j
xor eax, eax
mov [ebp+var_24], bl
lea edi, [ebp+var_23]
stosd
stosd
xor eax, eax
mov [ebp+var_30], bl
lea edi, [ebp+var_2F]
stosd
stosd
xor eax, eax
mov [ebp+var_C], bl
lea edi, [ebp+var_B]
stosd
stosw
xor eax, eax
push ebx
mov [ebp+var_448], bl
lea edi, [ebp+var_447]
stosw
push 3
mov [ebp+var_444], bl
lea edi, [ebp+var_443]
pop ecx
lea esi, [ebp+var_448]
stosw
call sub_419641
pop ecx
push ebx
push 3
lea esi, [ebp+var_444]
call sub_41960F
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosw
stosb
mov eax, esi
push eax
lea eax, [ebp+var_448]
push eax
push offset dword_4202C4
lea eax, [ebp+var_C]
push 6
push eax
call sub_402EAE
lea eax, [ebp+var_C]
add esp, 1Ch
lea esi, [eax+1]
loc_418A0E: ; CODE XREF: sub_41881F+1F4�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418A0E
sub eax, esi
mov [ebp+eax+var_C], bl
xor eax, eax
lea edi, [ebp+var_448]
stosw
stosb
xor eax, eax
lea edi, [ebp+var_444]
stosw
push 9
lea esi, [ebp+var_24]
mov ebx, offset dword_426F10
stosb
call sub_419EC1
pop ecx
push 9
lea esi, [ebp+var_30]
mov ebx, offset word_426F22
call sub_419EC1
mov edi, [ebp+var_450]
pop ecx
lea ebx, [edi+5]
call sub_417C7B
push ebx
lea eax, [ebp+var_C]
push eax
mov eax, esi
push eax
push ebx
lea eax, [ebp+var_24]
push eax
push offset dword_4202CC
call sub_417ABC
add esp, 18h
mov al, 1
loc_418A7B: ; CODE XREF: sub_41881F+45�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn 8
sub_41881F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A8C proc near ; CODE XREF: sub_418AF1+3E�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_10], eax
xor eax, eax
mov [ebp+var_C], 0
lea edi, [ebp+var_B]
push 5
lea esi, [ebp+var_C]
mov ebx, offset dword_426F10
stosd
call sub_419EC1
mov ebx, [ebp+var_10]
pop ecx
add ebx, 5
call sub_417C7B
push ebx
mov eax, esi
push eax
push offset dword_4202B4
mov edi, offset dword_4283FC
call sub_417ABC
mov ecx, [ebp+var_4]
add esp, 0Ch
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn 4
sub_418A8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_418AF1 proc near ; DATA XREF: sub_41C28D+3B5�o
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push esi
push edi
call sub_419590
mov edi, dword_427FD8
mov esi, dword_427FDC
loc_418B0A: ; CODE XREF: sub_418AF1+5A�j
call sub_419590
cmp dword_427FDC, esi
jl short loc_418B34
jg short loc_418B21
cmp dword_427FD8, edi
jbe short loc_418B34
loc_418B21: ; CODE XREF: sub_418AF1+26�j
cmp byte_428400, 0
jz short loc_418B34
push offset dword_4283FC
call sub_418A8C
loc_418B34: ; CODE XREF: sub_418AF1+24�j
; sub_418AF1+2E�j ...
mov edi, dword_427FD8
mov esi, dword_427FDC
push 0C350h
call ds:off_41D0F8
jmp short loc_418B0A
sub_418AF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B4D proc near ; CODE XREF: sub_4192DB+1E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push offset word_4280D4
push dword_4281EC
mov [ebp+var_4], 10h
call ds:dword_41D234
leave
retn
sub_418B4D endp
; =============== S U B R O U T I N E =======================================
sub_418B6F proc near ; CODE XREF: sub_418D42+1D2�p
arg_0 = dword ptr 4
jmp short loc_418B74
; ---------------------------------------------------------------------------
loc_418B71: ; CODE XREF: sub_418B6F+14�j
mov byte ptr [eax], 5Ch
loc_418B74: ; CODE XREF: sub_418B6F�j
push 2Fh
push [esp+4+arg_0]
call sub_403C10
test eax, eax
pop ecx
pop ecx
jnz short loc_418B71
retn
sub_418B6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B86 proc near ; CODE XREF: sub_418D42+192�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_2 = byte ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
mov eax, esi
push edi
lea ecx, [eax+1]
loc_418B97: ; CODE XREF: sub_418B86+16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418B97
sub eax, ecx
inc eax
push eax
call sub_402A08
mov ebx, eax
push ebx
call sub_402E05
push eax
push 0
push ebx
call sub_407F20
push 25h
push esi
call sub_403C10
add esp, 1Ch
test eax, eax
jnz short loc_418C10
loc_418BC7: ; CODE XREF: sub_418B86+114�j
mov eax, esi
mov edx, esi
loc_418BCB: ; CODE XREF: sub_418B86+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418BCB
mov edi, ebx
sub eax, edx
dec edi
loc_418BD7: ; CODE XREF: sub_418B86+57�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_418BD7
mov ecx, eax
shr ecx, 2
mov esi, edx
mov edx, [ebp+arg_0]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, edx
stosd
mov eax, ebx
sub edx, ebx
loc_418BFB: ; CODE XREF: sub_418B86+7D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_418BFB
xor esi, esi
inc esi
jmp loc_418CA1
; ---------------------------------------------------------------------------
loc_418C0D: ; CODE XREF: sub_418B86+10E�j
mov eax, [ebp+var_8]
loc_418C10: ; CODE XREF: sub_418B86+3F�j
mov byte ptr [eax], 0
mov ecx, esi
loc_418C15: ; CODE XREF: sub_418B86+94�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_418C15
sub ecx, esi
mov edi, ebx
mov edx, ecx
dec edi
loc_418C23: ; CODE XREF: sub_418B86+A3�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_418C23
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
inc eax
push 2
push eax
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
rep movsb
call sub_403CD0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push offset dword_420564
push eax
mov [ebp+var_2], 0
call sub_4039A4
add esp, 18h
test eax, eax
jz short loc_418C9F
mov eax, ebx
lea esi, [eax+1]
loc_418C6B: ; CODE XREF: sub_418B86+EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418C6B
mov cl, [ebp+var_C]
sub eax, esi
mov esi, [ebp+var_8]
add esi, 2
push 25h
push esi
mov [eax+ebx], cl
mov byte ptr [eax+ebx+1], 0
call sub_403C10
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jnz loc_418C0D
jmp loc_418BC7
; ---------------------------------------------------------------------------
loc_418C9F: ; CODE XREF: sub_418B86+DE�j
xor esi, esi
loc_418CA1: ; CODE XREF: sub_418B86+82�j
push ebx
call sub_402F5B
pop ecx
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_418B86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418CAF proc near ; CODE XREF: sub_418D42+A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov [eax], esi
mov eax, [ebp+arg_4]
push edi
mov [eax], esi
mov eax, [ebp+arg_8]
push offset dword_42054C
push esi
mov [ebx], esi
mov [eax], esi
call sub_403B70
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_418CDB
loc_418CD7: ; CODE XREF: sub_418CAF+52�j
; sub_418CAF+69�j ...
xor eax, eax
jmp short loc_418D3F
; ---------------------------------------------------------------------------
loc_418CDB: ; CODE XREF: sub_418CAF+26�j
push offset dword_420550
push esi
mov byte ptr [edi], 0
call sub_403DF4
mov ecx, [ebp+arg_0]
push offset dword_420554
push 0
mov [ecx], eax
call sub_403DF4
add esp, 10h
test eax, eax
mov [ebx], eax
jz short loc_418CD7
push offset dword_420558
push 0
call sub_403DF4
test eax, eax
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jz short loc_418CD7
mov ecx, [ebp+arg_8]
lea eax, [edi+2]
cmp byte ptr [eax], 0
mov [ecx], eax
jz short loc_418D3C
push offset dword_42055C
push eax
call sub_403B70
test eax, eax
pop ecx
pop ecx
jz short loc_418CD7
mov byte ptr [eax+2], 0
loc_418D3C: ; CODE XREF: sub_418CAF+76�j
xor eax, eax
inc eax
loc_418D3F: ; CODE XREF: sub_418CAF+2A�j
pop edi
pop ebp
retn
sub_418CAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CA8h
sub_418D42 proc near ; CODE XREF: sub_4192DB+28�p
var_D28 = dword ptr -0D28h
var_D24 = dword ptr -0D24h
var_D20 = dword ptr -0D20h
var_D1C = dword ptr -0D1Ch
var_D18 = byte ptr -0D18h
var_D14 = byte ptr -0D14h
var_D13 = byte ptr -0D13h
var_D12 = byte ptr -0D12h
var_D11 = byte ptr -0D11h
var_D08 = byte ptr -0D08h
var_D07 = byte ptr -0D07h
var_908 = byte ptr -908h
var_907 = byte ptr -907h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-0CA8h]
sub esp, 0D28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+0CA8h+var_4], eax
push ebx
push esi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+0CA8h+var_907]
push ebx
push eax
mov [ebp+0CA8h+var_908], bl
call sub_407F20
push esi
lea eax, [ebp+0CA8h+var_507]
push ebx
push eax
mov [ebp+0CA8h+var_508], bl
call sub_407F20
push 103h
lea eax, [ebp+0CA8h+var_107]
push ebx
push eax
mov [ebp+0CA8h+var_108], bl
call sub_407F20
push esi
lea eax, [ebp+0CA8h+var_D07]
push ebx
push eax
mov [ebp+0CA8h+var_D08], bl
call sub_407F20
add esp, 30h
push ebx
push 400h
lea eax, [ebp+0CA8h+var_D08]
push eax
push [ebp+0CA8h+arg_0]
call ds:dword_41D26C
mov [ebp+eax+0CA8h+var_D08], bl
lea eax, [ebp+0CA8h+var_D1C]
push eax
lea eax, [ebp+0CA8h+var_D20]
push eax
lea eax, [ebp+0CA8h+var_D28]
push eax
lea ebx, [ebp+0CA8h+var_D24]
lea esi, [ebp+0CA8h+var_D08]
call sub_418CAF
add esp, 0Ch
test eax, eax
jz loc_4192C4
mov esi, [ebp+0CA8h+var_D28]
push edi
push 4
mov edi, offset dword_420420
pop ecx
xor eax, eax
repe cmpsb
jz loc_418ED0
push offset dword_420424
mov esi, 3FFh
lea eax, [ebp+0CA8h+var_908]
push esi
push eax
call sub_402EAE
lea eax, [ebp+0CA8h+var_908]
add esp, 0Ch
lea edx, [eax+1]
loc_418E2C: ; CODE XREF: sub_418D42+EF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418E2C
sub eax, edx
xor ebx, ebx
mov [ebp+eax+0CA8h+var_908], bl
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_418E47: ; CODE XREF: sub_418D42+10A�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418E47
sub eax, ecx
push eax
push offset dword_420430
lea eax, [ebp+0CA8h+var_508]
push esi
push eax
call sub_402EAE
lea eax, [ebp+0CA8h+var_508]
add esp, 10h
lea ecx, [eax+1]
loc_418E6F: ; CODE XREF: sub_418D42+132�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418E6F
sub eax, ecx
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea ecx, [eax+1]
loc_418E88: ; CODE XREF: sub_418D42+14B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418E88
mov esi, ds:dword_41D228
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_418EB1: ; CODE XREF: sub_418D42+174�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418EB1
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_908]
push eax
push [ebp+0CA8h+arg_0]
call esi
jmp loc_4192B7
; ---------------------------------------------------------------------------
loc_418ED0: ; CODE XREF: sub_418D42+C1�j
mov edi, [ebp+0CA8h+var_D24]
push edi
call sub_418B86
test eax, eax
pop ecx
jz loc_4192C3
mov eax, edi
lea edx, [eax+1]
loc_418EE7: ; CODE XREF: sub_418D42+1AA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418EE7
sub eax, edx
cmp eax, 1
jbe loc_419039
inc edi
push 2Fh
push edi
call sub_403C10
mov esi, eax
xor ebx, ebx
cmp esi, ebx
pop ecx
pop ecx
jz loc_418F96
mov [esi], bl
inc esi
push esi
call sub_418B6F
push ebx
push esi
call sub_403C10
add esp, 0Ch
cmp [esi], bl
jz short loc_418F5F
cmp byte ptr [eax-1], 5Ch
jz short loc_418F5F
push esi
push edi
push offset dword_4280E8
push offset dword_420484
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402EAE
lea eax, [ebp+0CA8h+var_108]
add esp, 18h
lea esi, [eax+1]
loc_418F56: ; CODE XREF: sub_418D42+219�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418F56
jmp short loc_418FC5
; ---------------------------------------------------------------------------
loc_418F5F: ; CODE XREF: sub_418D42+1E3�j
; sub_418D42+1E9�j
push offset dword_4282F8
push esi
push edi
push offset dword_4280E8
push offset dword_420478
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402EAE
lea eax, [ebp+0CA8h+var_108]
add esp, 1Ch
lea esi, [eax+1]
loc_418F8D: ; CODE XREF: sub_418D42+250�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418F8D
jmp short loc_418FC5
; ---------------------------------------------------------------------------
loc_418F96: ; CODE XREF: sub_418D42+1C8�j
push edi
push offset dword_4280E8
push offset dword_420490
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402EAE
lea eax, [ebp+0CA8h+var_108]
add esp, 14h
lea esi, [eax+1]
loc_418FBE: ; CODE XREF: sub_418D42+281�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418FBE
loc_418FC5: ; CODE XREF: sub_418D42+21B�j
; sub_418D42+252�j
sub eax, esi
mov [ebp+eax+0CA8h+var_108], bl
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4281F0
call sub_402C69
test eax, eax
pop ecx
pop ecx
jz short loc_41903B
mov esi, 200h
push esi
call sub_403AA0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407F20
add esp, 10h
push offset dword_4204A0
push edi
call sub_402E05
pop ecx
dec eax
push eax
push edi
call sub_402EAE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_41901C: ; CODE XREF: sub_418D42+2DF�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41901C
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_41902D: ; CODE XREF: sub_418D42+2F0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41902D
jmp loc_41911E
; ---------------------------------------------------------------------------
loc_419039: ; CODE XREF: sub_418D42+1B1�j
xor ebx, ebx
loc_41903B: ; CODE XREF: sub_418D42+2A1�j
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp+0CA8h+var_108]
push eax
call ds:off_41D06C
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+0CA8h+var_D24], esi
jz short loc_4190CF
push ebx
push esi
call ds:off_41D070
mov edi, eax
push edi
mov [ebp+0CA8h+var_D1C], edi
call sub_403AA0
push edi
push ebx
push eax
mov [ebp+0CA8h+var_D20], eax
call sub_407F20
add esp, 10h
push ebx
push ebx
push ebx
push esi
mov esi, ds:off_41D074
call esi ; byte_4566A9
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push edi
mov edi, ds:off_41D078
jmp short loc_4190C1
; ---------------------------------------------------------------------------
loc_419099: ; CODE XREF: sub_418D42+389�j
cmp [ebp+0CA8h+var_D28], ebx
jnz loc_419123
push [ebp+0CA8h+var_D1C]
push ebx
push [ebp+0CA8h+var_D20]
call sub_407F20
add esp, 0Ch
push ebx
push ebx
push ebx
push [ebp+0CA8h+var_D24]
call esi ; byte_4566A9
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push [ebp+0CA8h+var_D1C]
loc_4190C1: ; CODE XREF: sub_418D42+355�j
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+var_D24]
call edi ; byte_44623D
test eax, eax
jnz short loc_419099
jmp short loc_419123
; ---------------------------------------------------------------------------
loc_4190CF: ; CODE XREF: sub_418D42+31A�j
mov esi, 200h
push esi
call sub_403AA0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407F20
add esp, 10h
push offset dword_420498
push edi
call sub_402E05
pop ecx
dec eax
push eax
push edi
call sub_402EAE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_419106: ; CODE XREF: sub_418D42+3C9�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419106
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_419117: ; CODE XREF: sub_418D42+3DA�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419117
loc_41911E: ; CODE XREF: sub_418D42+2F2�j
sub eax, esi
mov [ebp+0CA8h+var_D1C], eax
loc_419123: ; CODE XREF: sub_418D42+35A�j
; sub_418D42+38B�j
push 400h
lea eax, [ebp+0CA8h+var_508]
push ebx
push eax
call sub_407F20
push [ebp+0CA8h+var_D1C]
lea eax, [ebp+0CA8h+var_508]
push offset dword_4204A8
push 3FFh
push eax
call sub_402EAE
lea eax, [ebp+0CA8h+var_508]
add esp, 1Ch
lea esi, [eax+1]
loc_41915A: ; CODE XREF: sub_418D42+41D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41915A
sub eax, esi
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea esi, [eax+1]
loc_419173: ; CODE XREF: sub_418D42+436�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419173
sub eax, esi
mov esi, ds:dword_41D228
push ebx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi
test eax, eax
jz loc_4192AE
push ebx
push [ebp+0CA8h+var_D1C]
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+arg_0]
call esi
test eax, eax
jz loc_4192AE
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4281F0
call sub_402C69
test eax, eax
pop ecx
pop ecx
jnz loc_4192AE
push 100h
call sub_402A08
mov esi, eax
push esi
call sub_402E05
push eax
mov ebx, offset dword_4268B8
call sub_419EC1
xor eax, eax
lea edi, [ebp+0CA8h+var_D18]
stosd
stosd
stosd
add esp, 0Ch
stosd
lea eax, [ebp+0CA8h+var_D24]
push eax
lea eax, [ebp+0CA8h+var_D18]
push eax
push [ebp+0CA8h+arg_0]
mov [ebp+0CA8h+var_D24], 10h
call ds:dword_41D278
movzx eax, [ebp+0CA8h+var_D11]
movzx ecx, [ebp+0CA8h+var_D12]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D13]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D14]
shl eax, 8
add eax, ecx
push 2
mov [ebp+0CA8h+var_D1C], eax
push 4
lea eax, [ebp+0CA8h+var_D1C]
push eax
call ds:dword_41D224
test eax, eax
push dword_435388
jnz short loc_419276
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset dword_4204E4
push esi
push 0
push offset dword_4283FC
call sub_417B51
add esp, 24h
jmp short loc_4192A1
; ---------------------------------------------------------------------------
loc_419276: ; CODE XREF: sub_418D42+507�j
push dword ptr [eax]
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset dword_420518
push esi
push 0
push offset dword_4283FC
call sub_417B51
add esp, 28h
loc_4192A1: ; CODE XREF: sub_418D42+532�j
inc dword_435388
push esi
call sub_402F5B
pop ecx
loc_4192AE: ; CODE XREF: sub_418D42+453�j
; sub_418D42+46A�j ...
push [ebp+0CA8h+var_D20]
call sub_4039C3
pop ecx
loc_4192B7: ; CODE XREF: sub_418D42+189�j
push [ebp+0CA8h+arg_0]
call ds:dword_41D280
loc_4192C3: ; CODE XREF: sub_418D42+19A�j
pop edi
loc_4192C4: ; CODE XREF: sub_418D42+AB�j
mov ecx, [ebp+0CA8h+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 0CA8h
leave
retn
sub_418D42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192DB proc near ; DATA XREF: sub_419430+27�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 401h
jz short loc_4192EE
pop ebp
jmp ds:off_41D1FC
; ---------------------------------------------------------------------------
loc_4192EE: ; CODE XREF: sub_4192DB+A�j
mov eax, [ebp+arg_C]
dec eax
jz short loc_419300
sub eax, 7
jnz short loc_419309
call sub_418B4D
jmp short loc_419309
; ---------------------------------------------------------------------------
loc_419300: ; CODE XREF: sub_4192DB+17�j
push [ebp+arg_8]
call sub_418D42
pop ecx
loc_419309: ; CODE XREF: sub_4192DB+1C�j
; sub_4192DB+23�j
xor eax, eax
pop ebp
retn 10h
sub_4192DB endp
; =============== S U B R O U T I N E =======================================
sub_41930F proc near ; CODE XREF: sub_419430+9B�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, 104h
push edi
xor ebp, ebp
push ebp
mov ebx, offset dword_4280E8
push ebx
call sub_407F20
push edi
push ebp
mov esi, offset dword_4282F8
push esi
call sub_407F20
push edi
push ebp
mov ebp, offset byte_4281F0
push ebp
call sub_407F20
add esp, 24h
push edi
push ebx
call ds:off_41D0F0
push edi
mov ebx, offset byte_426A49
call sub_419EC1
push esi
push offset dword_4280E8
push offset dword_420418
push 103h
push ebp
call sub_402EAE
mov eax, ebp
add esp, 18h
lea ecx, [eax+1]
loc_419375: ; CODE XREF: sub_41930F+6B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419375
push 0
push 1
sub eax, ecx
push 2
mov byte_4281F0[eax], dl
call ds:dword_41D220
cmp eax, 0FFFFFFFFh
mov dword_4281EC, eax
jnz short loc_4193A8
push eax
loc_41939B: ; CODE XREF: sub_41930F+E7�j
call ds:dword_41D280
xor eax, eax
jmp loc_41942B
; ---------------------------------------------------------------------------
loc_4193A8: ; CODE XREF: sub_41930F+89�j
mov eax, 0FFDCh
mov ebx, 3E8h
call sub_419AB7
push eax
mov dword_427FD4, eax
mov word_4280D4, 2
call ds:dword_41D270
and dword_4280D8, 0
push 10h
push offset word_4280D4
push dword_4281EC
mov word_4280D6, ax
call ds:dword_41D27C
test eax, eax
jz short loc_4193F8
loc_4193F0: ; CODE XREF: sub_41930F+102�j
; sub_41930F+114�j
push dword_4281EC
jmp short loc_41939B
; ---------------------------------------------------------------------------
loc_4193F8: ; CODE XREF: sub_41930F+DF�j
push 9
push 401h
push [esp+18h+arg_0]
push dword_4281EC
call ds:dword_41D22C
test eax, eax
jnz short loc_4193F0
push 4
push dword_4281EC
call ds:dword_41D230
test eax, eax
jnz short loc_4193F0
inc eax
mov byte_4282F4, al
loc_41942B: ; CODE XREF: sub_41930F+94�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41930F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419430 proc near ; DATA XREF: sub_419507+21�o
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 50h
mov eax, dword_4280E4
push ebx
mov ebx, ds:off_41D1F0
push esi
push edi
mov edi, 7F00h
push edi
xor esi, esi
push esi
mov [ebp+var_3C], eax
mov [ebp+var_28], offset dword_426F94
mov [ebp+var_48], offset sub_4192DB
mov [ebp+var_4C], 8
mov [ebp+var_50], 30h
call ebx ; word_459E36
push edi
push esi
mov [ebp+var_38], eax
call ebx ; word_459E36
push edi
push esi
mov [ebp+var_24], eax
call ds:off_41D208
mov [ebp+var_34], eax
lea eax, [ebp+var_50]
push eax
mov [ebp+var_2C], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_30], 1
call ds:off_41D1EC
test ax, ax
jz short loc_4194FE
push esi
push dword_4280E4
mov eax, 80000000h
push esi
push esi
push esi
push esi
push eax
push eax
push 0CF0000h
push offset dword_420410
push offset dword_426F94
push esi
call ds:off_41D1F8
push eax
call sub_41930F
test eax, eax
pop ecx
jz short loc_4194FE
mov edi, ds:off_41D204
jmp short loc_4194F1
; ---------------------------------------------------------------------------
loc_4194DD: ; CODE XREF: sub_419430+CC�j
lea eax, [ebp+var_20]
push eax
call ds:off_41D1F4
lea eax, [ebp+var_20]
push eax
call ds:off_41D200
loc_4194F1: ; CODE XREF: sub_419430+AB�j
push esi
push esi
push esi
lea eax, [ebp+var_20]
push eax
call edi ; byte_44D52F
test eax, eax
jnz short loc_4194DD
loc_4194FE: ; CODE XREF: sub_419430+70�j
; sub_419430+A3�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_419430 endp
; =============== S U B R O U T I N E =======================================
sub_419507 proc near ; CODE XREF: .text:00402346�p
; sub_41C28D+401�p
push 4
mov eax, offset loc_41C969
call sub_40497C
push 8
call sub_40340B
mov esi, eax
pop ecx
mov [ebp-10h], esi
and dword ptr [ebp-4], 0
test esi, esi
jz short loc_41953B
push offset sub_419430
xor ecx, ecx
mov edi, offset dword_42040C
call sub_414884
jmp short loc_41953D
; ---------------------------------------------------------------------------
loc_41953B: ; CODE XREF: sub_419507+1F�j
xor eax, eax
loc_41953D: ; CODE XREF: sub_419507+32�j
cmp dword ptr [eax+4], 0
setnz al
call sub_404A1B
retn
sub_419507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41954A proc near ; CODE XREF: sub_419AB7:loc_419ADB�p
mov eax, dword_427FF0
mov edx, dword_427FF4
lea ecx, ds:427FF8h[eax*4]
push esi
mov esi, eax
mov eax, dword_427FF8[edx*4]
add eax, [ecx]
and eax, 3FFFFFFFh
inc esi
cmp esi, 37h
mov [ecx], eax
jnz short loc_419577
xor esi, esi
loc_419577: ; CODE XREF: sub_41954A+29�j
inc edx
cmp edx, 37h
jnz short loc_41957F
xor edx, edx
loc_41957F: ; CODE XREF: sub_41954A+31�j
mov dword_427FF0, esi
mov dword_427FF4, edx
sar eax, 6
pop esi
retn
sub_41954A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419590 proc near ; CODE XREF: .text:0040219F�p
; sub_417C7B:loc_417D8C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_10]
push eax
call ds:off_41D058
test eax, eax
jz short loc_41960C
lea eax, [ebp+var_8]
push eax
call ds:off_41D064
test eax, eax
jz short loc_41960C
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_41C740
push 0
push 15180h
push edx
push eax
call sub_411BB0
push 0
push 0E10h
push ebx
push ecx
mov dword_427FD8, eax
mov dword_427FDC, edx
call sub_411BB0
push 0
push 3Ch
push ebx
push ecx
mov dword_427FE0, eax
mov dword_427FE4, edx
call sub_41C740
mov dword_427FE8, eax
mov dword_427FEC, edx
loc_41960C: ; CODE XREF: sub_419590+13�j
; sub_419590+21�j
pop ebx
leave
retn
sub_419590 endp
; =============== S U B R O U T I N E =======================================
sub_41960F proc near ; CODE XREF: .text:00402169�p
; sub_417C7B+BC�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
push 0
push esi
call sub_407F20
add esp, 0Ch
cmp [esp+arg_4], 0
push [esp+arg_0]
push esi
jz short loc_419631
push 1002h
jmp short loc_419633
; ---------------------------------------------------------------------------
loc_419631: ; CODE XREF: sub_41960F+19�j
push 7
loc_419633: ; CODE XREF: sub_41960F+20�j
push 800h
call ds:off_41D054
mov eax, esi
retn
sub_41960F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_419641 proc near ; CODE XREF: .text:00402154�p
; sub_417C7B+8B�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, dword_423064
xor eax, ebp
mov [ebp+74h+var_4], eax
push ebx
push edi
lea eax, [ebp+74h+var_98]
push eax
mov ebx, ecx
mov [ebp+74h+var_98], 94h
call ds:off_41D068
push ebx
xor edi, edi
push edi
push esi
call sub_407F20
add esp, 0Ch
cmp [ebp+74h+var_94], 6
jnz short loc_41968A
cmp [ebp+74h+var_90], edi
jnz short loc_4196F5
push offset dword_4206A8
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_41968A: ; CODE XREF: sub_419641+3B�j
cmp [ebp+74h+var_94], 5
jnz short loc_4196B6
cmp [ebp+74h+var_90], 2
jnz short loc_41969D
push offset dword_4206AC
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_41969D: ; CODE XREF: sub_419641+53�j
cmp [ebp+74h+var_90], 1
jnz short loc_4196AA
push offset dword_4206B0
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196AA: ; CODE XREF: sub_419641+60�j
cmp [ebp+74h+var_90], edi
jnz short loc_4196F5
push offset dword_4206B4
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196B6: ; CODE XREF: sub_419641+4D�j
cmp [ebp+74h+var_94], 4
jnz short loc_4196F5
cmp [ebp+74h+var_90], 5Ah
jnz short loc_4196C9
push offset dword_4206B8
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196C9: ; CODE XREF: sub_419641+7F�j
cmp [ebp+74h+var_90], 1
jnz short loc_4196D6
push offset dword_4206BC
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196D6: ; CODE XREF: sub_419641+8C�j
cmp [ebp+74h+var_90], edi
jnz short loc_4196F5
cmp [ebp+74h+var_88], 2
jnz short loc_4196E8
push offset dword_4206C0
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196E8: ; CODE XREF: sub_419641+9E�j
cmp [ebp+74h+var_88], 1
jnz short loc_419707
push offset dword_4206C4
jmp short loc_4196FA
; ---------------------------------------------------------------------------
loc_4196F5: ; CODE XREF: sub_419641+40�j
; sub_419641+6C�j ...
push offset dword_4206C8
loc_4196FA: ; CODE XREF: sub_419641+47�j
; sub_419641+5A�j ...
lea eax, [ebx-1]
push eax
push esi
call sub_402EAE
add esp, 0Ch
loc_419707: ; CODE XREF: sub_419641+AB�j
mov eax, esi
lea edx, [eax+1]
loc_41970C: ; CODE XREF: sub_419641+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41970C
sub eax, edx
cmp [ebp+74h+arg_0], cl
mov [eax+esi], cl
jz loc_4197A3
push ebx
call sub_402A08
mov edi, eax
push edi
call sub_402E05
push eax
push 0
push edi
call sub_407F20
add esp, 14h
push [ebp+74h+var_8C]
lea eax, [ebp+74h+var_84]
push [ebp+74h+var_90]
push [ebp+74h+var_94]
push eax
push esi
push offset dword_4206CC
push edi
call sub_402E05
pop ecx
dec eax
push eax
push edi
call sub_402EAE
mov eax, edi
add esp, 20h
lea ecx, [eax+1]
loc_419765: ; CODE XREF: sub_419641+129�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419765
push ebx
sub eax, ecx
push 0
push esi
mov [eax+edi], dl
call sub_407F20
push edi
push offset dword_4206FC
dec ebx
push ebx
push esi
call sub_402EAE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_419790: ; CODE XREF: sub_419641+154�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419790
sub eax, ecx
push edi
mov [eax+esi], dl
call sub_402F5B
pop ecx
loc_4197A3: ; CODE XREF: sub_419641+DA�j
mov ecx, [ebp+74h+var_4]
pop edi
xor ecx, ebp
mov eax, esi
pop ebx
call sub_402AD0
add ebp, 74h
leave
retn
sub_419641 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197B6 proc near ; CODE XREF: .text:00401DF7�p
; .text:00402178�p ...
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push edi
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
xor eax, eax
mov edi, esi
stosd
stosd
stosd
stosd
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+var_1C], 10h
call ds:dword_41D238
movzx eax, [ebp+var_11]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push offset dword_42069C
push 0Fh
push esi
call sub_402EAE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_419819: ; CODE XREF: sub_4197B6+68�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419819
sub eax, ecx
mov ecx, [ebp+var_8]
mov [eax+esi], dl
xor ecx, ebp
mov eax, esi
pop edi
call sub_402AD0
leave
retn
sub_4197B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419834 proc near ; CODE XREF: .text:004023E2�p
; sub_417E66+A5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
mov esi, ecx
mov cl, [eax]
test cl, cl
push edi
jz short loc_41989D
loc_419842: ; CODE XREF: sub_419834+24�j
mov dl, [esi]
cmp dl, 2Ah
jz short loc_41985A
cmp dl, cl
jz short loc_419852
cmp dl, 3Fh
jnz short loc_419878
loc_419852: ; CODE XREF: sub_419834+17�j
inc esi
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_419842
loc_41985A: ; CODE XREF: sub_419834+13�j
mov cl, [eax]
test cl, cl
jz short loc_41989D
mov edi, [ebp+var_4]
loc_419863: ; CODE XREF: sub_419834+5F�j
mov dl, [esi]
cmp dl, 2Ah
jnz short loc_41987C
inc esi
cmp byte ptr [esi], 0
jz short loc_419897
mov [ebp+var_4], esi
lea edi, [eax+1]
jmp short loc_41988F
; ---------------------------------------------------------------------------
loc_419878: ; CODE XREF: sub_419834+1C�j
xor eax, eax
jmp short loc_4198A9
; ---------------------------------------------------------------------------
loc_41987C: ; CODE XREF: sub_419834+34�j
cmp dl, cl
jz short loc_41988D
cmp dl, 3Fh
jz short loc_41988D
mov esi, [ebp+var_4]
mov eax, edi
inc edi
jmp short loc_41988F
; ---------------------------------------------------------------------------
loc_41988D: ; CODE XREF: sub_419834+4A�j
; sub_419834+4F�j
inc esi
inc eax
loc_41988F: ; CODE XREF: sub_419834+42�j
; sub_419834+57�j
mov cl, [eax]
test cl, cl
jnz short loc_419863
jmp short loc_41989D
; ---------------------------------------------------------------------------
loc_419897: ; CODE XREF: sub_419834+3A�j
xor eax, eax
inc eax
jmp short loc_4198A9
; ---------------------------------------------------------------------------
loc_41989C: ; CODE XREF: sub_419834+6C�j
inc esi
loc_41989D: ; CODE XREF: sub_419834+C�j
; sub_419834+2A�j ...
cmp byte ptr [esi], 2Ah
jz short loc_41989C
xor eax, eax
cmp [esi], al
setz al
loc_4198A9: ; CODE XREF: sub_419834+46�j
; sub_419834+66�j
pop edi
pop esi
leave
retn
sub_419834 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198AD proc near ; CODE XREF: sub_419C67+14A�p
var_23C = byte ptr -23Ch
var_23B = byte ptr -23Bh
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
push 37h
lea eax, [ebp+var_3B]
push ebx
push eax
mov [ebp+var_3C], bl
call sub_407F20
mov esi, 0FFh
push esi
lea eax, [ebp+var_23B]
push ebx
push eax
mov [ebp+var_23C], bl
call sub_407F20
push esi
lea eax, [ebp+var_13B]
push ebx
push eax
mov [ebp+var_13C], bl
call sub_407F20
add esp, 24h
push 100h
lea eax, [ebp+var_13C]
push eax
push ebx
call ds:off_41D0E0
push eax
call ds:off_41D060
lea eax, [ebp+var_13C]
push eax
push eax
lea eax, [ebp+var_23C]
push offset dword_420594
push eax
call sub_403475
push 104h
call sub_402A08
mov esi, eax
push esi
call sub_402E05
add esp, 18h
dec eax
push eax
push esi
call ds:off_41D0F0
call sub_403723
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403723
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403723
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403723
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403723
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403723
push 0Ah
pop ecx
cdq
idiv ecx
lea eax, [ebp+var_3C]
push edx
push esi
push offset dword_4205D0
push eax
call sub_403475
push esi
call sub_402F5B
lea eax, [ebp+var_3C]
push offset dword_4205EC
push eax
call sub_4035B4
mov esi, eax
add esp, 30h
cmp esi, ebx
jz short loc_4199FB
lea eax, [ebp+var_23C]
push eax
push offset dword_4205F0
push esi
call sub_4035C7
push esi
call sub_403884
add esp, 10h
push ebx
push ebx
push ebx
lea eax, [ebp+var_3C]
push eax
push ebx
push ebx
call ds:dword_41D1E0
loc_4199FB: ; CODE XREF: sub_4198AD+122�j
mov ecx, [ebp+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_4198AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A09 proc near ; CODE XREF: sub_41BED6+199�p
; sub_41C28D+1E2�p
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
push edi
xor ebx, ebx
push 40h
lea eax, [ebp+var_168]
push ebx
push eax
mov [ebp+var_16C], ebx
call sub_407F20
xor eax, eax
mov [ebp+var_124], ebx
lea edi, [ebp+var_120]
stosd
stosd
mov esi, 103h
push esi
stosd
lea eax, [ebp+var_113]
push ebx
push eax
mov [ebp+var_114], bl
call sub_407F20
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_114]
push esi
push eax
call sub_4037F6
add esp, 28h
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_16C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
push ebx
lea eax, [ebp+var_114]
push eax
push ebx
call ds:off_41D05C
mov ecx, [ebp+var_8]
test eax, eax
pop edi
setnz al
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_419A09 endp
; ---------------------------------------------------------------------------
push 0
call sub_403900
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_419AB7 proc near ; CODE XREF: sub_413DDD+81�p
; sub_413DDD+94�p ...
push esi
mov esi, eax
xor eax, eax
inc eax
sub eax, ebx
add esi, eax
cmp esi, 1
jg short loc_419ACA
mov eax, ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_419ACA: ; CODE XREF: sub_419AB7+D�j
push 2
pop eax
cmp esi, eax
jle short loc_419AD7
loc_419AD1: ; CODE XREF: sub_419AB7+1E�j
add eax, eax
cmp eax, esi
jl short loc_419AD1
loc_419AD7: ; CODE XREF: sub_419AB7+18�j
push edi
lea edi, [eax-1]
loc_419ADB: ; CODE XREF: sub_419AB7+2D�j
call sub_41954A
and eax, edi
cmp eax, esi
jge short loc_419ADB
pop edi
add eax, ebx
pop esi
retn
sub_419AB7 endp
; =============== S U B R O U T I N E =======================================
sub_419AEB proc near ; CODE XREF: .text:004026F6�p
; sub_413DDD:loc_41430D�p ...
and dword_427FF0, 0
push 0
mov dword_427FF4, 1Fh
call sub_403900
mov edx, 3FFFFFFFh
and eax, edx
pop ecx
mov dword_427FF8, eax
mov dword_427FFC, 1
mov eax, offset dword_427FF8
push esi
loc_419B20: ; CODE XREF: sub_419AEB+48�j
lea ecx, [eax+4]
mov esi, [ecx]
add esi, [eax]
and esi, edx
mov [eax+8], esi
mov eax, ecx
cmp eax, offset dword_4280CC
jl short loc_419B20
pop esi
retn
sub_419AEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B37 proc near ; CODE XREF: sub_417C7B+E6�p
; .text:0041B335�p
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push dword_4283FC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_4197B6
pop ecx
mov eax, esi
mov ecx, offset dword_420700
call sub_419834
test eax, eax
jnz loc_419C57
mov eax, esi
mov ecx, offset dword_42070C
call sub_419834
test eax, eax
jnz loc_419C57
mov eax, esi
mov ecx, offset dword_420718
call sub_419834
test eax, eax
jnz loc_419C57
mov eax, esi
mov ecx, offset dword_420724
call sub_419834
test eax, eax
jnz loc_419C57
mov eax, esi
mov ecx, offset dword_420730
call sub_419834
test eax, eax
jnz loc_419C57
mov eax, esi
mov ecx, offset dword_42073C
call sub_419834
test eax, eax
jnz short loc_419C57
mov eax, esi
mov ecx, offset dword_420748
call sub_419834
test eax, eax
jnz short loc_419C57
mov eax, esi
mov ecx, offset dword_420754
call sub_419834
test eax, eax
jnz short loc_419C57
mov eax, esi
mov ecx, offset dword_420760
call sub_419834
test eax, eax
jnz short loc_419C57
push 10h
pop esi
loc_419C0E: ; CODE XREF: sub_419B37+11A�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
push esi
push offset dword_42076C
stosd
lea eax, [ebp+var_24]
push 0Fh
push eax
call sub_402EAE
lea eax, [ebp+var_24]
add esp, 10h
lea edx, [eax+1]
loc_419C31: ; CODE XREF: sub_419B37+FF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419C31
sub eax, edx
mov [ebp+eax+var_24], cl
lea eax, [ebp+var_14]
lea ecx, [ebp+var_24]
call sub_419834
test eax, eax
jnz short loc_419C57
inc esi
cmp esi, 1Fh
jbe short loc_419C0E
xor al, al
jmp short loc_419C59
; ---------------------------------------------------------------------------
loc_419C57: ; CODE XREF: sub_419B37+3E�j
; sub_419B37+52�j ...
mov al, 1
loc_419C59: ; CODE XREF: sub_419B37+11E�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402AD0
leave
retn
sub_419B37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C67 proc near ; CODE XREF: sub_41BED6+1C5�p
; sub_41C28D+4AD�p
var_2A8 = byte ptr -2A8h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_28B = byte ptr -28Bh
var_1CC = byte ptr -1CCh
var_1CB = byte ptr -1CBh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2A8h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 0BFh
xor ebx, ebx
push esi
mov [ebp+var_298], eax
lea eax, [ebp+var_CB]
push ebx
push eax
mov [ebp+var_CC], bl
call sub_407F20
add esp, 0Ch
push esi
lea eax, [ebp+var_28B]
push ebx
push eax
mov [ebp+var_28C], bl
call sub_407F20
add esp, 0Ch
push ebx
lea edi, [ebp+var_CC]
call sub_41BDAA
pop ecx
inc esi
push esi
mov eax, edi
push ebx
push eax
call sub_407F20
add esp, 0Ch
push esi
lea eax, [ebp+var_28C]
push ebx
push eax
call sub_407F20
add esp, 0Ch
push 0FFh
lea eax, [ebp+var_1CB]
push ebx
push eax
mov [ebp+var_1CC], bl
call sub_407F20
mov eax, dword_43569C
mov eax, [eax]
mov [ebp+var_290], eax
mov eax, offset dword_435698
add esp, 0Ch
mov [ebp+var_294], eax
mov [ebp+var_2A0], eax
loc_419D20: ; CODE XREF: sub_419C67+102�j
mov eax, dword_43569C
lea edi, [ebp+var_2A0]
lea esi, [ebp+var_294]
mov [ebp+var_29C], eax
call sub_40166F
test al, al
jz short loc_419D77
mov edi, offset dword_4205F4
call sub_40164F
mov esi, eax
add esi, 5
push 11h
pop ecx
xor eax, eax
repe cmpsb
lea esi, [ebp+var_294]
jz short loc_419D6B
lea edi, [ebp+var_2A8]
call sub_40168C
jmp short loc_419D20
; ---------------------------------------------------------------------------
loc_419D6B: ; CODE XREF: sub_419C67+F5�j
call sub_40164F
mov eax, [eax]
call sub_4147FC
loc_419D77: ; CODE XREF: sub_419C67+D7�j
mov edi, 100h
push edi
lea esi, [ebp+var_1CC]
mov ebx, offset byte_426B01
call sub_419EC1
pop ecx
mov eax, esi
push eax
push offset dword_420608
push 80000002h
call sub_417722
add esp, 0Ch
push edi
mov eax, esi
push 0
push eax
call sub_407F20
add esp, 0Ch
call sub_4198AD
push [ebp+var_298]
mov edi, offset dword_4283FC
push offset dword_420654
call sub_417ABC
pop ecx
pop ecx
push 0
call ds:off_41D050
int 3 ; Trap to Debugger
jmp ds:off_41D08C
sub_419C67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419DDC proc near ; CODE XREF: sub_41C28D:loc_41C2D3�p
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
call ds:off_41D0C8
mov esi, offset dword_4207B0
lea edi, [ebp+var_10]
movsd
movsd
push 40h
push 3000h
movsb
push 6
mov ebx, eax
xor edi, edi
push edi
lea eax, [ebp+var_18]
push ebx
mov [ebp+var_10+3], eax
call ds:off_41D0BC
mov esi, eax
cmp esi, edi
jnz short loc_419E25
loc_419E21: ; CODE XREF: sub_419DDC+58�j
xor al, al
jmp short loc_419E58
; ---------------------------------------------------------------------------
loc_419E25: ; CODE XREF: sub_419DDC+43�j
push edi
push 40h
push 6
push esi
push ebx
call ds:off_41D0C0
test eax, eax
jnz short loc_419E21
mov eax, [ebp+var_10]
mov [esi], eax
mov eax, [ebp+var_C]
mov [esi+4], eax
call esi
push 8000h
push edi
push esi
push ebx
call ds:off_41D0C4
cmp [ebp+var_13], 0D0h
setnbe al
loc_419E58: ; CODE XREF: sub_419DDC+47�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
sub_419DDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E67 proc near ; CODE XREF: sub_41C28D+24�p
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push offset dword_420798
push offset dword_4207A4
mov [ebp+var_C], 55h
mov [ebp+var_B], 8Bh
mov [ebp+var_A], 0ECh
mov [ebp+var_9], 81h
mov [ebp+var_8], 0ECh
call ds:off_41D0E4
push eax
call ds:off_41D0E8
push 5
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+var_C]
repe cmpsb
mov ecx, [ebp+var_4]
setz al
pop edi
xor ecx, ebp
pop esi
call sub_402AD0
leave
retn
sub_419E67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EC1 proc near ; CODE XREF: .text:004017FC�p
; .text:00401A74�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push [ebp+arg_0]
xor edi, edi
push edi
push esi
call sub_407F20
mov eax, ebx
add esp, 0Ch
lea ecx, [eax+1]
loc_419EDA: ; CODE XREF: sub_419EC1+1E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419EDA
sub eax, ecx
jz short loc_419F4B
mov eax, [ebp+arg_0]
dec eax
mov [ebp+var_4], eax
loc_419EEC: ; CODE XREF: sub_419EC1+88�j
mov eax, offset byte_426838
lea edx, [eax+1]
loc_419EF4: ; CODE XREF: sub_419EC1+38�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419EF4
sub eax, edx
jz short loc_419F01
xor eax, eax
loc_419F01: ; CODE XREF: sub_419EC1+3C�j
movsx ecx, byte ptr [edi+ebx]
movsx eax, byte_426838[eax]
xor ecx, eax
xor ecx, 0EDh
push ecx
push esi
push offset dword_4207DC
push [ebp+var_4]
push esi
call sub_402EAE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_419F2C: ; CODE XREF: sub_419EC1+70�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419F2C
sub eax, ecx
mov [eax+esi], dl
mov eax, ebx
inc edi
lea ecx, [eax+1]
loc_419F3E: ; CODE XREF: sub_419EC1+82�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419F3E
sub eax, ecx
cmp edi, eax
jb short loc_419EEC
loc_419F4B: ; CODE XREF: sub_419EC1+22�j
mov eax, esi
pop edi
leave
retn
sub_419EC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419F50 proc near ; CODE XREF: sub_41A40D+28�p
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 2Ch
push offset dword_421CE0
call __SEH_prolog4
mov edi, ds:off_41D104
call edi ; word_4410E6
mov [ebp+var_20], eax
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
mov esi, ds:off_41D028
call esi ; dword_44BD00
test eax, eax
jnz short loc_419F8B
loc_419F80: ; CODE XREF: sub_419F50+61�j
; sub_419F50+8A�j ...
call ds:off_41D0EC
jmp loc_41A01F
; ---------------------------------------------------------------------------
loc_419F8B: ; CODE XREF: sub_419F50+2E�j
cmp [ebp+var_38], 1
jz loc_41A01D
jmp short loc_419FC5
; ---------------------------------------------------------------------------
loc_419F97: ; CODE XREF: sub_419F50+79�j
push [ebp+var_24]
call ds:off_41D0F8
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi ; dword_44BD00
test eax, eax
jz short loc_419F80
cmp [ebp+var_38], 1
jz short loc_41A01D
call edi ; word_4410E6
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_419FDE
loc_419FC5: ; CODE XREF: sub_419F50+45�j
cmp [ebp+var_38], 3
jz short loc_419F97
lea eax, [ebp+var_3C]
push eax
push 1
push ebx
call ds:off_41D01C
test eax, eax
jz short loc_419F80
jmp short loc_41A017
; ---------------------------------------------------------------------------
loc_419FDE: ; CODE XREF: sub_419F50+73�j
; sub_419F50+C5�j
mov eax, 5B4h
jmp short loc_41A01F
; ---------------------------------------------------------------------------
loc_419FE5: ; CODE XREF: sub_419F50+CB�j
push [ebp+var_24]
call ds:off_41D0F8
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi ; dword_44BD00
test eax, eax
jz loc_419F80
cmp [ebp+var_38], 1
jz short loc_41A01D
call edi ; word_4410E6
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_419FDE
loc_41A017: ; CODE XREF: sub_419F50+8C�j
cmp [ebp+var_38], 1
jnz short loc_419FE5
loc_41A01D: ; CODE XREF: sub_419F50+3F�j
; sub_419F50+67�j ...
xor eax, eax
loc_41A01F: ; CODE XREF: sub_419F50+36�j
; sub_419F50+93�j
call __SEH_epilog4
retn
sub_419F50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A025 proc near ; CODE XREF: sub_41A690+2C7�p
; sub_41A690+36E�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
push 10h
pop esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_4]
xor edi, edi
push edi
mov [ebp+var_8], esi
call ds:off_41D034
test eax, eax
jnz short loc_41A04C
loc_41A048: ; CODE XREF: sub_41A025+5F�j
xor al, al
jmp short loc_41A0BD
; ---------------------------------------------------------------------------
loc_41A04C: ; CODE XREF: sub_41A025+21�j
mov eax, [ebp+var_10]
mov [ebp+var_2C], eax
mov eax, [ebp+var_C]
mov [ebp+var_28], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_20]
push eax
push esi
mov esi, ds:off_41D014
lea eax, [ebp+var_30]
push eax
push edi
push [ebp+arg_0]
xor ebx, ebx
inc ebx
mov [ebp+var_30], ebx
mov [ebp+var_24], edi
call esi ; byte_457779
mov edi, ds:off_41D0EC
call edi ; byte_44FB05
test eax, eax
jnz short loc_41A048
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_20], ebx
jz short loc_41A0A2
or [ebp+var_14], 2
jmp short loc_41A0A6
; ---------------------------------------------------------------------------
loc_41A0A2: ; CODE XREF: sub_41A025+75�j
and [ebp+var_14], 0FFFFFFFDh
loc_41A0A6: ; CODE XREF: sub_41A025+7B�j
push eax
push eax
push [ebp+var_8]
lea ecx, [ebp+var_20]
push ecx
push eax
push [ebp+arg_0]
call esi ; byte_457779
call edi ; byte_44FB05
neg eax
sbb al, al
inc al
loc_41A0BD: ; CODE XREF: sub_41A025+25�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A025 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0C2 proc near ; CODE XREF: sub_41A690+400�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
xor ebx, ebx
push [ebp+arg_C]
mov [ebp+var_8], ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427FB0
test eax, eax
jnz short loc_41A0F9
loc_41A0E9: ; CODE XREF: sub_41A0C2+70�j
; sub_41A0C2+74�j
push [ebp+arg_C]
call sub_402F5B
pop ecx
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A0F9: ; CODE XREF: sub_41A0C2+25�j
xor eax, eax
loc_41A0FB: ; CODE XREF: sub_41A0C2+6C�j
and [ebp+var_4], 0
mov edx, offset dword_426FC0
loc_41A104: ; CODE XREF: sub_41A0C2+66�j
mov esi, [ebp+arg_C]
mov ecx, [edx+80h]
add esi, eax
mov edi, edx
xor ebx, ebx
repe cmpsb
jz short loc_41A134
mov ecx, 84h
add [ebp+var_4], ecx
add edx, ecx
cmp [ebp+var_4], 318h
jb short loc_41A104
inc eax
cmp eax, [ebp+var_8]
jbe short loc_41A0FB
xor bl, bl
jmp short loc_41A0E9
; ---------------------------------------------------------------------------
loc_41A134: ; CODE XREF: sub_41A0C2+53�j
mov bl, 1
jmp short loc_41A0E9
sub_41A0C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A138 proc near ; CODE XREF: sub_41A690+483�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call dword_427FAC
test eax, eax
jnz short loc_41A15A
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41A15A: ; CODE XREF: sub_41A138+1C�j
; sub_41A138+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_41A17E
push [ebp+var_14]
push 0
push 1F03FFh
call dword_427FC0
push eax
call ds:off_41D0D0
cmp eax, 0FFFFFFFFh
jz short loc_41A18F
loc_41A17E: ; CODE XREF: sub_41A138+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call dword_427FD0
test eax, eax
jnz short loc_41A15A
loc_41A18F: ; CODE XREF: sub_41A138+44�j
push [ebp+arg_4]
call ds:off_41D0D8
mov al, 1
leave
retn
sub_41A138 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A19C proc near ; CODE XREF: sub_41A690+3BD�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call dword_427FAC
test eax, eax
jnz short loc_41A1BE
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41A1BE: ; CODE XREF: sub_41A19C+1C�j
; sub_41A19C+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_41A1E2
push [ebp+var_14]
push 0
push 1F03FFh
call dword_427FC0
push eax
call ds:off_41D0D4
cmp eax, 0FFFFFFFFh
jz short loc_41A1F3
loc_41A1E2: ; CODE XREF: sub_41A19C+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call dword_427FD0
test eax, eax
jnz short loc_41A1BE
loc_41A1F3: ; CODE XREF: sub_41A19C+44�j
push [ebp+arg_4]
call ds:off_41D0D8
mov al, 1
leave
retn
sub_41A19C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A200 proc near ; CODE XREF: sub_41A690+3D4�p
var_228 = dword ptr -228h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push 8
call dword_427FB4
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41A239
loc_41A229: ; CODE XREF: sub_41A200+53�j
xor al, al
loc_41A22B: ; CODE XREF: sub_41A200+8D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
; ---------------------------------------------------------------------------
loc_41A239: ; CODE XREF: sub_41A200+27�j
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call dword_427FA8
test eax, eax
jz short loc_41A229
loc_41A255: ; CODE XREF: sub_41A200+6B�j
inc ebx
cmp ebx, 1
jz short loc_41A271
lea eax, [ebp+var_228]
push eax
push edi
call dword_427FC4
test eax, eax
jnz short loc_41A255
xor bl, bl
jmp short loc_41A284
; ---------------------------------------------------------------------------
loc_41A271: ; CODE XREF: sub_41A200+59�j
mov eax, [ebp+var_214]
mov [esi], eax
mov eax, [ebp+var_210]
mov [esi+4], eax
mov bl, 1
loc_41A284: ; CODE XREF: sub_41A200+6F�j
push edi
call ds:off_41D0D8
mov al, bl
jmp short loc_41A22B
sub_41A200 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1B4h
sub_41A28F proc near ; CODE XREF: sub_41A645+2D�p
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-1B4h]
sub esp, 234h
mov eax, dword_423064
xor eax, ebp
mov [ebp+1B4h+var_4], eax
mov eax, [ebp+1B4h+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push 0FFh
mov [ebp+1B4h+var_224], eax
lea eax, [ebp+1B4h+var_103]
push ebx
push eax
mov [ebp+1B4h+var_234], offset dword_4209D4
mov [ebp+1B4h+var_230], offset dword_420A04
mov [ebp+1B4h+var_22C], offset dword_420A38
mov [ebp+1B4h+var_228], offset dword_420A6C
mov [ebp+1B4h+var_104], bl
call sub_407F20
mov esi, 100h
add esp, 0Ch
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
mov [ebp+1B4h+var_20C], offset dword_426FB4
mov [ebp+1B4h+var_220], 2
loc_41A308: ; CODE XREF: sub_41A28F+160�j
mov [ebp+1B4h+var_208], ebx
loc_41A30B: ; CODE XREF: sub_41A28F+153�j
mov eax, [ebp+1B4h+var_208]
mov eax, [ebp+eax*4+1B4h+var_234]
lea ecx, [ebp+1B4h+var_210]
push ecx
push 1
push ebx
push eax
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call ds:off_41D02C
test eax, eax
jnz loc_41A3D2
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
mov [ebp+1B4h+var_218], ebx
push ebx
jmp short loc_41A3BE
; ---------------------------------------------------------------------------
loc_41A348: ; CODE XREF: sub_41A28F+13D�j
xor edi, edi
loc_41A34A: ; CODE XREF: sub_41A28F+10C�j
mov eax, [ebp+1B4h+var_224]
lea edx, [eax+1]
loc_41A350: ; CODE XREF: sub_41A28F+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41A350
sub eax, edx
push eax
push [ebp+1B4h+var_224]
lea eax, [ebp+edi+1B4h+var_204]
push eax
call sub_402DA9
add esp, 0Ch
test eax, eax
jnz short loc_41A389
lea eax, [ebp+1B4h+var_104]
push eax
mov eax, [ebp+1B4h+var_208]
push [ebp+eax*4+1B4h+var_234]
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call sub_417722
add esp, 0Ch
loc_41A389: ; CODE XREF: sub_41A28F+DD�j
lea eax, [ebp+1B4h+var_204]
inc edi
lea edx, [eax+1]
loc_41A390: ; CODE XREF: sub_41A28F+106�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41A390
sub eax, edx
cmp edi, eax
jbe short loc_41A34A
inc [ebp+1B4h+var_218]
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
push [ebp+1B4h+var_218]
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
loc_41A3BE: ; CODE XREF: sub_41A28F+B7�j
push [ebp+1B4h+var_210]
call ds:off_41D020
cmp eax, 103h
jnz loc_41A348
loc_41A3D2: ; CODE XREF: sub_41A28F+98�j
push [ebp+1B4h+var_210]
call ds:off_41D010
inc [ebp+1B4h+var_208]
cmp [ebp+1B4h+var_208], 4
jb loc_41A30B
add [ebp+1B4h+var_20C], 4
dec [ebp+1B4h+var_220]
jnz loc_41A308
mov ecx, [ebp+1B4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 1B4h
leave
retn
sub_41A28F endp
; =============== S U B R O U T I N E =======================================
sub_41A40D proc near ; CODE XREF: sub_41A45D+189�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 0F003Fh
push 0
push 0
call ds:off_41D024
push 0F01FFh
push [esp+10h+arg_0]
mov esi, eax
push esi
call ds:off_41D044
mov edi, eax
mov ebx, edi
call sub_419F50
push edi
call ds:off_41D03C
test eax, eax
jz short loc_41A459
mov bl, 1
loc_41A447: ; CODE XREF: sub_41A40D+4E�j
push esi
mov esi, ds:off_41D040
call esi ; word_44FC72
push edi
call esi ; word_44FC72
pop edi
pop esi
mov al, bl
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41A459: ; CODE XREF: sub_41A40D+36�j
xor bl, bl
jmp short loc_41A447
sub_41A40D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C0h
sub_41A45D proc near ; CODE XREF: sub_41A645+35�p
; sub_41A645:loc_41A682�p
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_233 = byte ptr -233h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-2C0h]
sub esp, 340h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2C0h+var_4], eax
push esi
mov eax, [ebp+2C0h+arg_0]
push edi
push 0Bh
pop ecx
mov esi, offset dword_420AA4
lea edi, [ebp+2C0h+var_34]
rep movsd
movsw
mov esi, 0FFh
push esi
mov [ebp+2C0h+var_340], eax
xor edi, edi
lea eax, [ebp+2C0h+var_233]
push edi
push eax
mov [ebp+2C0h+var_234], 0
call sub_407F20
push esi
lea eax, [ebp+2C0h+var_133]
push edi
push eax
mov [ebp+2C0h+var_134], 0
call sub_407F20
add esp, 18h
lea eax, [ebp+2C0h+var_33C]
push eax
push 0F003Fh
push edi
lea eax, [ebp+2C0h+var_34]
push eax
push 80000002h
call ds:off_41D02C
test eax, eax
jnz loc_41A625
push ebx
mov ebx, 100h
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push edi
push [ebp+2C0h+var_33C]
mov [ebp+2C0h+var_338], edi
call ds:off_41D018
cmp eax, 103h
jz loc_41A624
jmp short loc_41A51A
; ---------------------------------------------------------------------------
loc_41A515: ; CODE XREF: sub_41A45D+1C1�j
mov esi, 0FFh
loc_41A51A: ; CODE XREF: sub_41A45D+B6�j
push ebx
lea eax, [ebp+2C0h+var_334]
push edi
push eax
call sub_407F20
push ebx
lea eax, [ebp+2C0h+var_234]
push edi
push eax
call sub_407F20
lea eax, [ebp+2C0h+var_134]
push eax
lea eax, [ebp+2C0h+var_34]
push eax
push offset dword_420AD4
lea eax, [ebp+2C0h+var_234]
push esi
push eax
call sub_402EAE
lea eax, [ebp+2C0h+var_234]
add esp, 2Ch
lea esi, [eax+1]
loc_41A55F: ; CODE XREF: sub_41A45D+107�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A55F
sub eax, esi
mov [ebp+eax+2C0h+var_234], cl
lea eax, [ebp+2C0h+var_134]
push offset dword_420ADC
push eax
call sub_402C69
test eax, eax
pop ecx
pop ecx
jz short loc_41A602
push 7
mov edi, offset dword_420AE0
lea esi, [ebp+2C0h+var_134]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_41A600
push ebx
lea eax, [ebp+2C0h+var_334]
push eax
push offset dword_420AE8
lea eax, [ebp+2C0h+var_234]
push eax
push 1
call sub_4176BD
add esp, 14h
test al, al
jz short loc_41A600
xor esi, esi
loc_41A5BB: ; CODE XREF: sub_41A45D+1A1�j
mov eax, [ebp+2C0h+var_340]
lea edx, [eax+1]
loc_41A5C1: ; CODE XREF: sub_41A45D+169�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A5C1
sub eax, edx
push eax
push [ebp+2C0h+var_340]
lea eax, [ebp+esi+2C0h+var_334]
push eax
call sub_402DA9
add esp, 0Ch
test eax, eax
jnz short loc_41A5EC
lea eax, [ebp+2C0h+var_134]
push eax
call sub_41A40D
pop ecx
loc_41A5EC: ; CODE XREF: sub_41A45D+180�j
lea eax, [ebp+2C0h+var_334]
inc esi
lea edx, [eax+1]
loc_41A5F3: ; CODE XREF: sub_41A45D+19B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A5F3
sub eax, edx
cmp esi, eax
jbe short loc_41A5BB
loc_41A600: ; CODE XREF: sub_41A45D+13B�j
; sub_41A45D+15A�j
xor edi, edi
loc_41A602: ; CODE XREF: sub_41A45D+127�j
inc [ebp+2C0h+var_338]
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push [ebp+2C0h+var_338]
push [ebp+2C0h+var_33C]
call ds:off_41D018
cmp eax, 103h
jnz loc_41A515
loc_41A624: ; CODE XREF: sub_41A45D+B0�j
pop ebx
loc_41A625: ; CODE XREF: sub_41A45D+8A�j
push [ebp+2C0h+var_33C]
call ds:off_41D010
mov ecx, [ebp+2C0h+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402AD0
add ebp, 2C0h
leave
retn
sub_41A45D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A645 proc near ; CODE XREF: sub_41A690+42A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:off_41D0F4
test eax, eax
jz short loc_41A68C
push 7D0h
call ds:off_41D0F8
push [ebp+arg_4]
call ds:off_41D0CC
test eax, eax
push [ebp+arg_8]
jz short loc_41A682
call sub_41A28F
push [ebp+arg_8]
call sub_41A45D
pop ecx
jmp short loc_41A687
; ---------------------------------------------------------------------------
loc_41A682: ; CODE XREF: sub_41A645+2B�j
call sub_41A45D
loc_41A687: ; CODE XREF: sub_41A645+3B�j
pop ecx
mov al, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A68C: ; CODE XREF: sub_41A645+10�j
xor al, al
pop ebp
retn
sub_41A645 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A690 proc near ; DATA XREF: sub_41C28D+390�o
var_569 = byte ptr -569h
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = dword ptr -55Ch
var_558 = dword ptr -558h
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_540 = dword ptr -540h
var_524 = byte ptr -524h
var_420 = byte ptr -420h
var_318 = byte ptr -318h
var_317 = byte ptr -317h
var_210 = byte ptr -210h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 56Ch
mov eax, dword_423064
xor eax, esp
mov [esp+56Ch+var_4], eax
push ebx
push esi
push edi
xor ebx, ebx
push 103h
lea eax, [esp+57Ch+var_317]
push ebx
push eax
mov [esp+584h+var_318], bl
call sub_407F20
add esp, 0Ch
mov [esp+578h+var_558], offset dword_4207F4
mov [esp+578h+var_554], offset dword_420804
mov [esp+578h+var_550], offset dword_420810
call sub_402EA8
mov edi, ds:off_41D0E0
push offset dword_420820
push offset dword_42082C
mov [esp+580h+var_54C], eax
call edi ; dword_43F3E0
mov esi, ds:off_41D0E8
push eax
call esi ; byte_443AC1
push offset dword_42083C
push offset dword_420848
mov dword_427FC0, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_420858
push offset dword_420874
mov dword_427FCC, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_420884
push offset dword_420894
mov dword_427FB4, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_4208A4
push offset dword_4208B4
mov dword_427FB8, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_4208C4
push offset dword_4208D4
mov dword_427FBC, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_4208E4
push offset dword_4208F4
mov dword_427FA8, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_420904
push offset dword_420914
mov dword_427FC4, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_420924
push offset dword_420934
mov dword_427FAC, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_420944
push offset dword_420958
mov dword_427FD0, eax
call edi ; dword_43F3E0
push eax
call esi ; byte_443AC1
push offset dword_420968
push offset dword_420980
mov dword_427FB0, eax
call ds:off_41D0E4
push eax
call esi ; byte_443AC1
cmp dword_427FC0, ebx
mov dword_427FC8, eax
jz loc_41AB5B
cmp dword_427FCC, ebx
jz loc_41AB5B
cmp dword_427FB4, ebx
jz loc_41AB5B
cmp dword_427FB8, ebx
jz loc_41AB5B
cmp dword_427FBC, ebx
jz loc_41AB5B
cmp dword_427FA8, ebx
jz loc_41AB5B
cmp dword_427FC4, ebx
jz loc_41AB5B
cmp dword_427FAC, ebx
jz loc_41AB5B
cmp dword_427FD0, ebx
jz loc_41AB5B
cmp dword_427FB0, ebx
jz loc_41AB5B
cmp eax, ebx
jz loc_41AB5B
mov edi, 104h
push edi
lea eax, [esp+57Ch+var_318]
push eax
call ds:off_41D0F0
lea eax, [esp+578h+var_558]
xor esi, esi
mov [esp+578h+var_568], eax
loc_41A877: ; CODE XREF: sub_41A690+238�j
mov ecx, [esp+578h+var_568]
push dword ptr [ecx]
lea ecx, [esp+57Ch+var_318]
push ecx
push offset dword_42098C
lea eax, [esp+esi+584h+var_210]
push 103h
push eax
call sub_402EAE
lea eax, [esp+esi+58Ch+var_210]
add esp, 14h
lea ecx, [eax+1]
loc_41A8A9: ; CODE XREF: sub_41A690+21E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41A8A9
add [esp+578h+var_568], 4
sub eax, ecx
add eax, esi
add esi, edi
cmp esi, 30Ch
mov [esp+eax+578h+var_210], bl
jb short loc_41A877
loc_41A8CA: ; CODE XREF: sub_41A690+4C6�j
push ebx
push 0Fh
mov [esp+580h+var_548], 128h
call dword_427FB4
lea ecx, [esp+578h+var_548]
push ecx
push eax
mov [esp+580h+var_55C], eax
call dword_427FB8
test eax, eax
jz loc_41AB4B
jmp loc_41AB34
; ---------------------------------------------------------------------------
loc_41A8F8: ; CODE XREF: sub_41A690+4B5�j
mov edi, ds:off_41D100
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
mov [esp+584h+var_569], 1
call edi ; dword_445488
mov esi, ds:off_41D038
push eax
call esi ; dword_44F164
test eax, eax
jnz short loc_41A94C
call ds:off_41D0EC
cmp eax, 3F0h
jnz short loc_41A948
push 2
call ds:off_41D030
test eax, eax
jnz short loc_41A937
mov [esp+578h+var_569], bl
loc_41A937: ; CODE XREF: sub_41A690+2A1�j
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
call edi ; dword_445488
push eax
call esi ; dword_44F164
test eax, eax
jnz short loc_41A94C
loc_41A948: ; CODE XREF: sub_41A690+295�j
mov [esp+578h+var_569], bl
loc_41A94C: ; CODE XREF: sub_41A690+288�j
; sub_41A690+2B6�j
push 1
push offset dword_420994
push [esp+580h+var_564]
call sub_41A025
add esp, 0Ch
test al, al
jnz short loc_41A971
push [esp+578h+var_564]
call ds:off_41D0D8
mov [esp+578h+var_569], bl
loc_41A971: ; CODE XREF: sub_41A690+2D1�j
push [esp+578h+var_540]
push ebx
push 1F0FFFh
call dword_427FCC
cmp eax, ebx
mov [esp+578h+var_568], eax
jnz short loc_41A98D
mov [esp+578h+var_569], bl
loc_41A98D: ; CODE XREF: sub_41A690+2F7�j
mov esi, 104h
push esi
lea eax, [esp+57Ch+var_420]
push ebx
push eax
call sub_407F20
add esp, 0Ch
push esi
lea eax, [esp+57Ch+var_420]
push eax
push ebx
push [esp+584h+var_568]
call dword_427FC8
mov [esp+578h+var_560], ebx
lea edi, [esp+578h+var_210]
loc_41A9C3: ; CODE XREF: sub_41A690+352�j
lea eax, [esp+578h+var_420]
push eax
push edi
call sub_402C69
test eax, eax
pop ecx
pop ecx
jz short loc_41A9E6
inc [esp+578h+var_560]
add edi, esi
cmp [esp+578h+var_560], 3
jb short loc_41A9C3
jmp short loc_41A9EA
; ---------------------------------------------------------------------------
loc_41A9E6: ; CODE XREF: sub_41A690+345�j
mov [esp+578h+var_569], bl
loc_41A9EA: ; CODE XREF: sub_41A690+354�j
cmp [esp+578h+var_569], bl
jz loc_41AB1A
push ebx
push offset dword_4209A8
push [esp+580h+var_564]
call sub_41A025
xor eax, eax
lea edi, [esp+584h+var_558]
stosd
stosd
mov eax, [esp+584h+var_54C]
add esp, 0Ch
cmp [esp+578h+var_540], eax
jz loc_41AB1A
lea eax, [esp+578h+var_524]
push offset dword_4209BC
push eax
call sub_402C69
test eax, eax
pop ecx
pop ecx
jz loc_41AB1A
mov esi, [esp+578h+var_540]
push ebx
push 4
call dword_427FB4
cmp eax, 0FFFFFFFFh
jz loc_41AB1A
push eax
push esi
call sub_41A19C
cmp al, bl
pop ecx
pop ecx
jz loc_41AB1A
push [esp+578h+var_540]
lea esi, [esp+57Ch+var_558]
call sub_41A200
test al, al
pop ecx
jz loc_41AAFF
push [esp+578h+var_554]
call sub_402A08
cmp eax, ebx
pop ecx
jnz short loc_41AA83
push ebx
jmp short loc_41AAF9
; ---------------------------------------------------------------------------
loc_41AA83: ; CODE XREF: sub_41A690+3EE�j
push eax
push [esp+57Ch+var_554]
push [esp+580h+var_558]
push [esp+584h+var_568]
call sub_41A0C2
add esp, 10h
cmp al, bl
jz short loc_41AAFF
push 100h
call sub_402A08
pop ecx
mov esi, eax
lea eax, [esp+578h+var_524]
push eax
lea eax, [esp+57Ch+var_420]
push eax
push [esp+580h+var_568]
call sub_41A645
add esp, 0Ch
test al, al
jz short loc_41AAF8
push esi
call sub_402E05
pop ecx
push eax
mov ebx, offset dword_4268B8
call sub_419EC1
pop ecx
lea eax, [esp+578h+var_420]
push eax
push offset dword_4209C4
push esi
push 0
push offset dword_4283FC
call sub_417B51
add esp, 14h
xor ebx, ebx
loc_41AAF8: ; CODE XREF: sub_41A690+434�j
push esi
loc_41AAF9: ; CODE XREF: sub_41A690+3F1�j
call sub_402F5B
pop ecx
loc_41AAFF: ; CODE XREF: sub_41A690+3DC�j
; sub_41A690+40A�j
mov esi, [esp+578h+var_540]
push ebx
push 4
call dword_427FB4
cmp eax, 0FFFFFFFFh
jz short loc_41AB1A
push eax
push esi
call sub_41A138
pop ecx
pop ecx
loc_41AB1A: ; CODE XREF: sub_41A690+35E�j
; sub_41A690+386�j ...
push [esp+578h+var_564]
mov esi, ds:off_41D0D8
call esi ; byte_451809
push [esp+578h+var_568]
call esi ; byte_451809
push 1
call ds:off_41D0F8
loc_41AB34: ; CODE XREF: sub_41A690+263�j
lea eax, [esp+578h+var_548]
push eax
push [esp+57Ch+var_55C]
call dword_427FBC
test eax, eax
jnz loc_41A8F8
loc_41AB4B: ; CODE XREF: sub_41A690+25D�j
push 927C0h
call ds:off_41D0F8
jmp loc_41A8CA
; ---------------------------------------------------------------------------
loc_41AB5B: ; CODE XREF: sub_41A690+14F�j
; sub_41A690+15B�j ...
call ds:off_41D0DC
push eax
call sub_41481B
pop ecx
mov ecx, [esp+578h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402AD0
mov esp, ebp
pop ebp
retn 4
sub_41A690 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB81 proc near ; CODE XREF: .text:0041AD5B�p
var_5B4 = word ptr -5B4h
var_5B2 = word ptr -5B2h
var_5B0 = dword ptr -5B0h
var_5A4 = byte ptr -5A4h
var_5A3 = byte ptr -5A3h
var_1A4 = byte ptr -1A4h
var_1A3 = byte ptr -1A3h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5B4h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push edi
xor ebx, ebx
push 3FFh
lea eax, [ebp+var_5A3]
push ebx
push eax
mov [ebp+var_5A4], bl
call sub_407F20
push 18Fh
lea eax, [ebp+var_1A3]
push ebx
push eax
mov [ebp+var_1A4], bl
call sub_407F20
xor eax, eax
mov [ebp+var_14], bl
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
stosb
xor eax, eax
lea edi, [ebp+var_5B4]
stosd
stosd
stosd
stosd
mov eax, [ebp+arg_0]
add esp, 18h
push 216Bh
mov [ebp+var_5B4], 2
mov [ebp+var_5B0], eax
call ds:dword_41D270
push ebx
push 1
push 2
mov [ebp+var_5B2], ax
call ds:dword_41D220
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41AC32
push eax
loc_41AC1C: ; CODE XREF: sub_41AB81+C7�j
call ds:dword_41D280
xor al, al
loc_41AC24: ; CODE XREF: sub_41AB81+139�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402AD0
leave
retn
; ---------------------------------------------------------------------------
loc_41AC32: ; CODE XREF: sub_41AB81+98�j
push 10h
lea eax, [ebp+var_5B4]
push eax
push edi
call ds:dword_41D23C
cmp eax, 0FFFFFFFFh
jnz short loc_41AC4A
push edi
jmp short loc_41AC1C
; ---------------------------------------------------------------------------
loc_41AC4A: ; CODE XREF: sub_41AB81+C4�j
push esi
push ebx
push 400h
lea eax, [ebp+var_5A4]
push eax
push edi
call ds:dword_41D26C
push dword_4283FC
lea esi, [ebp+var_14]
call sub_4197B6
mov eax, esi
push eax
push offset dword_41EF38
lea eax, [ebp+var_1A4]
push 18Fh
push eax
call sub_402EAE
lea eax, [ebp+var_1A4]
add esp, 14h
lea esi, [eax+1]
loc_41AC92: ; CODE XREF: sub_41AB81+116�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41AC92
push ebx
sub eax, esi
push eax
lea eax, [ebp+var_1A4]
push eax
push edi
call ds:dword_41D228
cmp eax, 0FFFFFFFFh
pop esi
jnz short loc_41ACBF
loc_41ACB1: ; CODE XREF: sub_41AB81+140�j
push edi
call ds:dword_41D280
mov al, bl
jmp loc_41AC24
; ---------------------------------------------------------------------------
loc_41ACBF: ; CODE XREF: sub_41AB81+12E�j
mov bl, 1
jmp short loc_41ACB1
sub_41AB81 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 124h
mov eax, dword_423064
xor eax, ebp
mov [ebp-4], eax
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+8]
lea edi, [ebp-124h]
rep movsd
mov edi, [ebp-20h]
push dword ptr [ebp-1Ch]
mov word ptr [ebp-14h], 2
mov [ebp-10h], edi
call ds:dword_41D270
push 6
push 1
push 2
mov [ebp-12h], ax
call ds:dword_41D220
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_41AD2B
push 10h
lea eax, [ebp-14h]
push eax
push esi
call ds:dword_41D23C
cmp eax, 0FFFFFFFFh
jnz short loc_41AD3B
push esi
loc_41AD25: ; CODE XREF: .text:0041AD52�j
call ds:dword_41D280
loc_41AD2B: ; CODE XREF: .text:0041AD10�j
; .text:0041AD63�j
xor al, al
loc_41AD2D: ; CODE XREF: .text:0041AD75�j
mov ecx, [ebp-4]
pop edi
xor ecx, ebp
pop esi
call sub_402AD0
leave
retn
; ---------------------------------------------------------------------------
loc_41AD3B: ; CODE XREF: .text:0041AD22�j
push 0
push 1213h
push offset dword_4245E0
push esi
call ds:dword_41D228
cmp eax, 0FFFFFFFFh
push esi
jz short loc_41AD25
call ds:dword_41D280
push edi
call sub_41AB81
test al, al
pop ecx
jz short loc_41AD2B
mov eax, [ebp-24h]
imul eax, 2Ch
lea eax, dword_42454C[eax]
inc dword ptr [eax]
mov al, 1
jmp short loc_41AD2D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C4h
sub_41AD77 proc near ; CODE XREF: .text:0040215A�p
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_335 = byte ptr -335h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2C4h]
sub esp, 344h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2C4h+var_4], eax
push ebx
push esi
push edi
push 0Bh
pop ecx
mov esi, offset dword_41F5A8
lea edi, [ebp+2C4h+var_34]
rep movsd
movsw
mov ebx, 100h
movsb
push ebx
xor esi, esi
lea eax, [ebp+2C4h+var_334]
push esi
push eax
call sub_407F20
push 4
push offset dword_428630
push offset dword_41F5D8
lea eax, [ebp+2C4h+var_34]
push eax
push 4
call sub_4176BD
add esp, 20h
test al, al
jz loc_41AF8F
push ebx
lea eax, [ebp+2C4h+var_334]
push eax
push offset dword_41F5E0
lea eax, [ebp+2C4h+var_34]
push eax
push 1
call sub_4176BD
add esp, 14h
test al, al
jz loc_41AECF
mov edi, 0FFh
push edi
lea eax, [ebp+2C4h+var_133]
push esi
push eax
mov [ebp+2C4h+var_335], 0
mov [ebp+2C4h+var_134], 0
call sub_407F20
lea eax, [ebp+2C4h+var_334]
push eax
push offset dword_41F5F4
lea eax, [ebp+2C4h+var_134]
push edi
push eax
call sub_402EAE
lea eax, [ebp+2C4h+var_134]
add esp, 1Ch
lea esi, [eax+1]
loc_41AE42: ; CODE XREF: sub_41AD77+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41AE42
sub eax, esi
push ebx
push 0
mov esi, offset byte_428530
push esi
mov [ebp+eax+2C4h+var_134], cl
call sub_407F20
add esp, 0Ch
xor ecx, ecx
mov [ebp+2C4h+var_33C], ecx
loc_41AE68: ; CODE XREF: sub_41AD77+154�j
cmp [ebp+2C4h+var_335], 0
jnz short loc_41AE7F
cmp [ebp+ecx+2C4h+var_134], 20h
jz short loc_41AEAF
mov [ebp+2C4h+var_335], 1
dec ecx
jmp short loc_41AEAF
; ---------------------------------------------------------------------------
loc_41AE7F: ; CODE XREF: sub_41AD77+F5�j
movsx eax, [ebp+ecx+2C4h+var_134]
push eax
push esi
push offset dword_41F5F8
push edi
push esi
call sub_402EAE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41AE9D: ; CODE XREF: sub_41AD77+12B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41AE9D
sub eax, ecx
mov ecx, [ebp+2C4h+var_33C]
mov byte_428530[eax], dl
loc_41AEAF: ; CODE XREF: sub_41AD77+FF�j
; sub_41AD77+106�j
lea eax, [ebp+2C4h+var_134]
inc ecx
lea edx, [eax+1]
mov [ebp+2C4h+var_33C], ecx
mov [ebp+2C4h+var_344], edx
loc_41AEBF: ; CODE XREF: sub_41AD77+14D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41AEBF
sub eax, [ebp+2C4h+var_344]
cmp ecx, eax
jbe short loc_41AE68
jmp short loc_41AF02
; ---------------------------------------------------------------------------
loc_41AECF: ; CODE XREF: sub_41AD77+85�j
push ebx
push esi
mov esi, offset byte_428530
push esi
call sub_407F20
push offset dword_41F600
mov edi, 0FFh
push edi
push esi
call sub_402EAE
add esp, 18h
lea eax, [esi+1]
loc_41AEF3: ; CODE XREF: sub_41AD77+181�j
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41AEF3
sub esi, eax
mov byte_428530[esi], cl
loc_41AF02: ; CODE XREF: sub_41AD77+156�j
and dword_428634, 0
mov [ebp+2C4h+var_33C], 1
loc_41AF10: ; CODE XREF: sub_41AD77+20D�j
inc dword_428634
push ebx
lea eax, [ebp+2C4h+var_234]
push 0
push eax
call sub_407F20
push [ebp+2C4h+var_33C]
lea eax, [ebp+2C4h+var_234]
push offset dword_41F608
push edi
push eax
call sub_402EAE
lea eax, [ebp+2C4h+var_234]
add esp, 1Ch
lea esi, [eax+1]
loc_41AF46: ; CODE XREF: sub_41AD77+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41AF46
sub eax, esi
mov [ebp+eax+2C4h+var_234], cl
lea eax, [ebp+2C4h+var_340]
push eax
push 1
push 0
lea eax, [ebp+2C4h+var_234]
push eax
push 80000002h
call ds:off_41D02C
test eax, eax
jnz short loc_41AF86
push [ebp+2C4h+var_340]
call ds:off_41D010
inc [ebp+2C4h+var_33C]
cmp [ebp+2C4h+var_33C], 8
jb short loc_41AF10
loc_41AF86: ; CODE XREF: sub_41AD77+1FB�j
push [ebp+2C4h+var_340]
call ds:off_41D010
loc_41AF8F: ; CODE XREF: sub_41AD77+62�j
mov ecx, [ebp+2C4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 2C4h
leave
retn
sub_41AD77 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 641Ch
call sub_4117B0
mov eax, dword_423064
xor eax, esp
mov [esp+6418h], eax
push ebx
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+8]
lea edi, [esp+100h]
rep movsd
mov eax, [esp+204h]
push eax
mov [esp+38h], eax
call ds:dword_41D25C
xor ebx, ebx
mov [esp+28h], eax
mov [esp+1Ch], ebx
loc_41AFF3: ; CODE XREF: .text:0041B6B1�j
cmp dword ptr [esp+1Ch], 2
ja loc_41B6C0
push offset dword_41EFE8
push dword ptr [esp+2Ch]
call sub_402C69
test eax, eax
pop ecx
pop ecx
jz short loc_41B066
push dword ptr [esp+28h]
lea eax, [esp+424h]
push offset dword_41EFEC
push 2000h
push eax
call sub_402EAE
add esp, 10h
push 8
pop ecx
xor eax, eax
push ebx
lea edi, [esp+6Ch]
rep stosd
lea eax, [esp+424h]
push offset byte_41EEFE
mov [esp+84h], eax
push offset byte_41EEFF
lea eax, [esp+74h]
push eax
call sub_402A02
test eax, eax
jnz loc_41B6C0
loc_41B066: ; CODE XREF: .text:0041B010�j
push dword ptr [esp+28h]
lea eax, [esp+2424h]
push offset dword_41EFF8
push 2000h
push eax
call sub_402EAE
add esp, 10h
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
lea eax, [esp+2438h]
push eax
call ds:off_41D06C
cmp eax, 0FFFFFFFFh
mov [esp+14h], eax
jz loc_41B6C0
push 48h
lea eax, [esp+0BCh]
push ebx
push eax
call sub_407F20
mov byte ptr [esp+0C4h], 5
mov [esp+0C5h], bl
mov byte ptr [esp+0C6h], 0Bh
mov byte ptr [esp+0C7h], 3
mov dword ptr [esp+0C8h], 10h
mov word ptr [esp+0CCh], 48h
mov [esp+0CEh], bx
mov [esp+0D0h], ebx
mov word ptr [esp+0D4h], 10B8h
mov word ptr [esp+0D6h], 10B8h
mov [esp+0D8h], ebx
mov dword ptr [esp+0DCh], 1
mov [esp+0E0h], bx
mov byte ptr [esp+0E2h], 1
mov esi, offset dword_41F00C
lea edi, [esp+0E4h]
movsd
movsd
movsd
movsd
mov dword ptr [esp+0F4h], 3
mov esi, offset dword_41F020
lea edi, [esp+0F8h]
movsd
movsd
add esp, 0Ch
movsd
push 2
movsd
pop esi
push ebx
lea eax, [esp+68h]
push eax
push 48h
lea eax, [esp+0C4h]
push eax
push dword ptr [esp+24h]
mov [esp+110h], esi
call ds:off_41D088
test eax, eax
jz loc_41B6B6
push ebx
lea eax, [esp+34h]
push eax
push 2000h
lea eax, [esp+442Ch]
push eax
push dword ptr [esp+24h]
call ds:off_41D078
call ds:off_41D104
push eax
call sub_403716
mov edx, 41414141h
mov eax, edx
lea edi, [esp+0A8h]
stosd
stosd
stosd
stosd
pop ecx
stosd
push 7
pop ecx
mov eax, edx
lea edi, [esp+88h]
rep stosd
call sub_403723
mov [esp+0A4h], eax
xor eax, eax
inc eax
cmp [esp+1Ch], eax
mov [esp+0B0h], eax
mov [esp+0ACh], ebx
mov [esp+0A8h], eax
mov [esp+0B4h], bx
jnz short loc_41B226
mov [esp+94h], eax
mov [esp+8Ch], eax
mov [esp+98h], ebx
jmp short loc_41B245
; ---------------------------------------------------------------------------
loc_41B226: ; CODE XREF: .text:0041B20D�j
cmp [esp+1Ch], ebx
jnz short loc_41B24C
mov [esp+94h], esi
mov [esp+8Ch], esi
mov dword ptr [esp+98h], 2EBh
loc_41B245: ; CODE XREF: .text:0041B224�j
mov [esp+90h], ebx
loc_41B24C: ; CODE XREF: .text:0041B22A�j
call sub_403723
cdq
mov esi, 0FAh
mov ecx, esi
idiv ecx
inc edx
mov [esp+88h], edx
call sub_403723
cdq
idiv esi
mov eax, [esp+1Ch]
shl eax, 4
mov edi, dword_425808[eax]
push edi
mov [esp+0A4h], ebx
mov [esp+30h], eax
mov [esp+24h], edi
inc edx
mov [esp+0A0h], edx
call sub_403AA0
mov esi, eax
cmp esi, ebx
pop ecx
mov [esp+18h], esi
jz loc_41B6B6
lea eax, [edi-2]
push eax
push 90h
push esi
call sub_407F20
lea edi, [esi+edi-2]
xor eax, eax
stosw
mov eax, [esp+38h]
mov eax, dword_425810[eax]
lea edi, [eax+esi]
mov esi, offset dword_4257FC
movsd
movsw
add eax, 7
movsb
mov [esp+30h], eax
xor eax, eax
mov [esp+21Ch], bl
lea edi, [esp+21Dh]
stosd
stosd
stosd
stosw
stosb
add esp, 0Ch
mov edi, 0FFh
push edi
lea eax, [esp+325h]
push ebx
push eax
mov [esp+32Ch], bl
call sub_407F20
add esp, 0Ch
push edi
lea eax, [esp+225h]
push ebx
push eax
mov [esp+22Ch], bl
call sub_407F20
add esp, 0Ch
cmp [esp+20Dh], bl
jz loc_41B3BC
call sub_419B37
test al, al
jnz short loc_41B3A3
push dword_4283FC
lea esi, [esp+214h]
call sub_4197B6
lea esi, [esp+324h]
mov ebx, offset byte_426A49
mov dword ptr [esp], 100h
call sub_419EC1
pop ecx
mov eax, esi
push eax
push dword_427FD4
lea eax, [esp+218h]
push eax
push offset dword_41F044
lea eax, [esp+230h]
push edi
push eax
call sub_402EAE
lea eax, [esp+238h]
add esp, 18h
lea ecx, [eax+1]
loc_41B39A: ; CODE XREF: .text:0041B39F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41B39A
jmp short loc_41B41F
; ---------------------------------------------------------------------------
loc_41B3A3: ; CODE XREF: .text:0041B33C�j
push 100h
lea esi, [esp+224h]
mov ebx, offset dword_426F68
call sub_419EC1
pop ecx
jmp short loc_41B429
; ---------------------------------------------------------------------------
loc_41B3BC: ; CODE XREF: .text:0041B32F�j
push dword_4283FC
lea esi, [esp+214h]
call sub_4197B6
lea esi, [esp+324h]
mov ebx, offset byte_426A49
mov dword ptr [esp], 100h
call sub_419EC1
pop ecx
mov eax, esi
push eax
push dword_427FD4
lea eax, [esp+218h]
push eax
push offset dword_41F054
lea eax, [esp+230h]
push edi
push eax
call sub_402EAE
lea eax, [esp+238h]
add esp, 18h
lea ecx, [eax+1]
loc_41B418: ; CODE XREF: .text:0041B41D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41B418
loc_41B41F: ; CODE XREF: .text:0041B3A1�j
sub eax, ecx
mov byte ptr [esp+eax+220h], 0
loc_41B429: ; CODE XREF: .text:0041B3BA�j
lea eax, [esp+220h]
push eax
call sub_414B19
mov esi, eax
test esi, esi
pop ecx
jz loc_41B6D7
push esi
push 1
call sub_4148F8
test eax, eax
pop ecx
pop ecx
jnz short loc_41B461
push esi
push 2
call sub_4148F8
test eax, eax
pop ecx
pop ecx
jz loc_41B6D7
loc_41B461: ; CODE XREF: .text:0041B44D�j
mov esi, [esp+18h]
dec eax
push eax
mov eax, [esp+28h]
add eax, esi
push offset byte_435518
push eax
call sub_407FA0
mov eax, [esp+38h]
mov eax, dword_42580C[eax]
add esp, 0Ch
cmp dword ptr [esp+1Ch], 1
jnz short loc_41B4B8
mov ecx, dword_4356CC
mov [eax+esi], ecx
mov ecx, dword_425824
add eax, 0Ch
mov [eax+esi], ecx
mov ecx, dword_425824
lea eax, [eax+esi+24h]
mov [eax], ecx
mov ecx, dword_425824
mov [eax+0Ch], ecx
jmp short loc_41B4D2
; ---------------------------------------------------------------------------
loc_41B4B8: ; CODE XREF: .text:0041B48A�j
cmp dword ptr [esp+1Ch], 0
jnz short loc_41B4D2
push 10h
add eax, esi
pop ecx
loc_41B4C4: ; CODE XREF: .text:0041B4D0�j
mov edx, dword_425824
mov [eax], edx
add eax, 4
dec ecx
jnz short loc_41B4C4
loc_41B4D2: ; CODE XREF: .text:0041B4B6�j
; .text:0041B4BD�j
mov edi, [esp+20h]
add edi, 42h
push edi
call sub_403AA0
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_41B6ED
push edi
push 0
push ebx
call sub_407F20
push 5
pop ecx
lea esi, [esp+0B0h]
mov edi, ebx
rep movsd
mov esi, [esp+2Ch]
mov eax, esi
test eax, eax
mov [esp+2Ch], eax
fild dword ptr [esp+2Ch]
jge short loc_41B519
fadd ds:flt_420EC0
loc_41B519: ; CODE XREF: .text:0041B511�j
fmul ds:dbl_420EB8
add esp, 4
fstp dword ptr [esp+28h]
fld dword ptr [esp+28h]
fstp qword ptr [esp]
call sub_404170
fstp dword ptr [esp+28h]
fld dword ptr [esp+28h]
call sub_41C826
and dword ptr [ebx+18h], 0
push esi
push dword ptr [esp+24h]
mov [ebx+1Ch], eax
mov [ebx+14h], eax
lea eax, [ebx+20h]
push eax
call sub_407FA0
add esp, 14h
lea eax, [esi+20h]
jmp short loc_41B560
; ---------------------------------------------------------------------------
loc_41B55F: ; CODE XREF: .text:0041B562�j
inc eax
loc_41B560: ; CODE XREF: .text:0041B55D�j
test al, 3
jnz short loc_41B55F
push 7
lea edi, [ebx+eax]
pop ecx
push dword ptr [esp+18h]
add eax, 1Ch
lea esi, [esp+8Ch]
rep movsd
mov [esp+28h], eax
call sub_4039C3
pop ecx
push 6
xor eax, eax
pop ecx
lea edi, [esp+38h]
rep stosd
mov [esp+39h], al
mov [esp+3Ah], al
lea edi, [esp+50h]
stosd
xor esi, esi
stosd
stosd
push esi
push esi
stosd
push 1
push esi
mov byte ptr [esp+48h], 5
mov byte ptr [esp+4Bh], 3
mov dword ptr [esp+4Ch], 10h
mov [esp+52h], si
mov [esp+54h], esi
mov [esp+5Ch], si
mov word ptr [esp+5Eh], 1Fh
stosd
call ds:off_41D09C
mov [esp+60h], eax
mov byte ptr [esp+13h], 0
mov [esp+18h], esi
loc_41B5E1: ; CODE XREF: .text:0041B673�j
cmp dword ptr [esp+18h], 2
jge loc_41B679
inc dword ptr [esp+18h]
push 1
push 10B8h
push dword ptr [esp+2Ch]
lea esi, [esp+44h]
push ebx
sub esp, 18h
push 6
pop ecx
mov edi, esp
push dword ptr [esp+3Ch]
rep movsd
call sub_41755C
add esp, 2Ch
test al, al
jz short loc_41B679
cmp dword ptr [esp+60h], 0
jz short loc_41B66E
lea eax, [esp+50h]
push eax
lea eax, [esp+34h]
push eax
push 2000h
lea eax, [esp+442Ch]
push eax
push dword ptr [esp+24h]
call ds:off_41D078
test eax, eax
jnz short loc_41B653
call ds:off_41D0EC
cmp eax, 3E5h
jnz short loc_41B66E
loc_41B653: ; CODE XREF: .text:0041B644�j
push 3E8h
push dword ptr [esp+64h]
call ds:off_41D07C
cmp eax, 102h
jnz short loc_41B66E
mov byte ptr [esp+13h], 1
loc_41B66E: ; CODE XREF: .text:0041B61F�j
; .text:0041B651�j ...
cmp byte ptr [esp+13h], 0
jz loc_41B5E1
loc_41B679: ; CODE XREF: .text:0041B5E6�j
; .text:0041B618�j
push dword ptr [esp+14h]
mov esi, ds:off_41D0D8
call esi ; byte_451809
push ebx
call sub_4039C3
cmp dword ptr [esp+64h], 0
pop ecx
jz short loc_41B699
push dword ptr [esp+60h]
call esi ; byte_451809
loc_41B699: ; CODE XREF: .text:0041B691�j
cmp byte ptr [esp+13h], 0
jnz short loc_41B6FA
cmp dword ptr [esp+1Ch], 0
jnz short loc_41B6C0
mov dword ptr [esp+1Ch], 1
xor ebx, ebx
jmp loc_41AFF3
; ---------------------------------------------------------------------------
loc_41B6B6: ; CODE XREF: .text:0041B18C�j
; .text:0041B29E�j
push dword ptr [esp+14h]
call ds:off_41D0D8
loc_41B6C0: ; CODE XREF: .text:0041AFF8�j
; .text:0041B060�j ...
xor al, al
loc_41B6C2: ; CODE XREF: .text:0041B74C�j
mov ecx, [esp+6424h]
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402AD0
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B6D7: ; CODE XREF: .text:0041B43B�j
; .text:0041B45B�j
push dword ptr [esp+14h]
call ds:off_41D0D8
push dword ptr [esp+18h]
loc_41B6E5: ; CODE XREF: .text:0041B6F8�j
call sub_4039C3
pop ecx
jmp short loc_41B6C0
; ---------------------------------------------------------------------------
loc_41B6ED: ; CODE XREF: .text:0041B4E4�j
push dword ptr [esp+14h]
call ds:off_41D0D8
push esi
jmp short loc_41B6E5
; ---------------------------------------------------------------------------
loc_41B6FA: ; CODE XREF: .text:0041B69E�j
push dword ptr [esp+34h]
call ds:dword_41D25C
push eax
mov eax, [esp+204h]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset dword_41F064
lea eax, [esp+10Ch]
push eax
push dword ptr [esp+21Ch]
push offset dword_4283FC
call sub_417B51
mov eax, [esp+218h]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
mov al, [esp+13h]
jmp loc_41B6C2
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-0CD8h]
sub esp, 0D54h
mov eax, dword_423064
xor eax, ebp
mov [ebp+0CD4h], eax
push ebx
push esi
push edi
push 44h
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+0CC4h], bl
lea esi, [ebp+0CE0h]
lea edi, [ebp-4Ch]
rep movsd
lea edi, [ebp+0CC5h]
stosd
stosd
stosd
stosw
stosb
mov eax, [ebp+0B8h]
mov [ebp-68h], eax
lea eax, [ebp-5Ch]
push eax
push ebx
push 1
mov [ebp-4Eh], bl
mov dword ptr [ebp-7Ch], offset dword_41F088
mov dword ptr [ebp-78h], offset dword_41F08C
mov dword ptr [ebp-74h], offset dword_41F094
mov [ebp-70h], ebx
mov [ebp-4Dh], bl
mov [ebp-54h], ebx
mov [ebp-58h], ebx
call sub_4029EA
test ax, ax
jz short loc_41B7EB
loc_41B7D1: ; CODE XREF: .text:0041B7FF�j
xor al, al
loc_41B7D3: ; CODE XREF: .text:0041B820�j
mov ecx, [ebp+0CD4h]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402AD0
add ebp, 0CD8h
leave
retn
; ---------------------------------------------------------------------------
loc_41B7EB: ; CODE XREF: .text:0041B7CF�j
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-5Ch]
call sub_4029DE
test ax, ax
jnz short loc_41B7D1
lea eax, [ebp-54h]
push eax
push dword ptr [ebp-5Ch]
push 2
call sub_4029EA
test ax, ax
jz short loc_41B822
loc_41B814: ; CODE XREF: .text:0041B97C�j
push dword ptr [ebp-5Ch]
push 1
call sub_4029F0
mov al, bl
jmp short loc_41B7D3
; ---------------------------------------------------------------------------
loc_41B822: ; CODE XREF: .text:0041B812�j
mov edi, ds:dword_41D25C
lea ecx, [ebp-7Ch]
mov [ebp-64h], ecx
loc_41B82E: ; CODE XREF: .text:0041B921�j
cmp dword_425830, ebx
mov [ebp-60h], ebx
jz loc_41B916
mov esi, [ecx]
mov eax, offset dword_425830
loc_41B844: ; CODE XREF: .text:0041B8BC�j
lea ecx, [ebp-4Eh]
push ecx
push dword ptr [eax]
push esi
push dword ptr [ebp+0BCh]
push dword ptr [ebp-68h]
call edi
push eax
lea eax, [ebp+8C4h]
push offset dword_41F09C
push eax
call sub_403475
lea eax, [ebp+8C4h]
add esp, 1Ch
lea ecx, [eax+1]
loc_41B874: ; CODE XREF: .text:0041B879�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41B874
push ebx
sub eax, ecx
lea ecx, [ebp-6Ch]
push ecx
push 400h
lea ecx, [ebp+0C4h]
push ecx
push eax
lea eax, [ebp+8C4h]
push eax
push ebx
push dword ptr [ebp-54h]
call sub_4029E4
movzx eax, ax
cmp ax, bx
jz short loc_41B8C0
cmp ax, 1
jz short loc_41B8C0
inc dword ptr [ebp-60h]
mov eax, [ebp-60h]
lea eax, ds:425830h[eax*4]
cmp [eax], ebx
jnz short loc_41B844
jmp short loc_41B916
; ---------------------------------------------------------------------------
loc_41B8C0: ; CODE XREF: .text:0041B8A5�j
; .text:0041B8AB�j
lea eax, [ebp-58h]
push eax
push dword ptr [ebp-54h]
push 3
call sub_4029EA
push dword_4283FC
lea esi, [ebp+0CC4h]
call sub_4197B6
mov eax, esi
push eax
lea eax, [ebp+4C4h]
push offset dword_41F0D0
push eax
call sub_403475
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp+4C4h]
push eax
push dword ptr [ebp-58h]
call sub_4029F6
test ax, ax
jz short loc_41B929
push dword ptr [ebp-58h]
push 3
call sub_4029F0
loc_41B916: ; CODE XREF: .text:0041B837�j
; .text:0041B8BE�j
mov ecx, [ebp-64h]
add ecx, 4
cmp [ecx], ebx
mov [ebp-64h], ecx
jnz loc_41B82E
jmp short loc_41B96F
; ---------------------------------------------------------------------------
loc_41B929: ; CODE XREF: .text:0041B90A�j
push dword ptr [ebp-68h]
mov byte ptr [ebp-4Dh], 1
call edi
push eax
mov eax, [ebp+0B4h]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset dword_41F118
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp+0C0h]
push offset dword_4283FC
call sub_417B51
mov eax, [ebp+0B4h]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
loc_41B96F: ; CODE XREF: .text:0041B927�j
push dword ptr [ebp-54h]
push 2
call sub_4029F0
mov bl, [ebp-4Dh]
jmp loc_41B814
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B981 proc near ; DATA XREF: sub_41BB83+15A�o
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = word ptr -224h
var_222 = word ptr -222h
var_220 = byte ptr -220h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
jnz short loc_41B9A7
loc_41B9A0: ; CODE XREF: sub_41B981+42�j
; sub_41B981+5D�j ...
push ebx
call ds:off_41D10C
loc_41B9A7: ; CODE XREF: sub_41B981+1D�j
lea edi, [ebp+var_18]
movsd
movsd
push 11h
movsd
push 2
push 2
movsd
call ds:dword_41D220
cmp eax, 0FFFFFFFFh
mov [ebp+var_230], eax
jz short loc_41B9A0
push offset dword_41F894
push offset dword_428428
call sub_4035B4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_228], eax
jz short loc_41B9A0
push eax
mov [ebp+var_22C], ebx
mov [ebp+var_23C], 10h
call sub_403EB3
test eax, eax
pop ecx
jnz loc_41BAEF
mov esi, ds:dword_41D270
loc_41BA05: ; CODE XREF: sub_41B981+168�j
push 204h
lea eax, [ebp+var_224]
push ebx
push eax
call sub_407F20
add esp, 0Ch
xor eax, eax
inc [ebp+var_22C]
push [ebp+var_22C]
lea edi, [ebp+var_238]
stosd
call esi
push 3
mov [ebp+var_222], ax
call esi
push [ebp+var_228]
mov [ebp+var_224], ax
push 200h
lea eax, [ebp+var_220]
push 1
push eax
call sub_40413F
mov edi, [ebp+var_230]
add esp, 10h
push 10h
lea ecx, [ebp+var_18]
push ecx
push ebx
add eax, 4
push eax
lea eax, [ebp+var_224]
push eax
push edi
call ds:dword_41D248
cmp eax, 0FFFFFFFFh
jz loc_41BB6B
lea eax, [ebp+var_23C]
push eax
lea eax, [ebp+var_18]
push eax
push ebx
push 4
lea eax, [ebp+var_238]
push eax
push edi
call ds:dword_41D258
cmp eax, 0FFFFFFFFh
jz loc_41BB6B
push [ebp+var_238]
call ds:dword_41D250
cmp ax, 4
jnz loc_41BB6B
push [ebp+var_238+2]
call ds:dword_41D250
cmp ax, word ptr [ebp+var_22C]
jnz loc_41BB6B
push [ebp+var_228]
call sub_403EB3
test eax, eax
pop ecx
jz loc_41BA05
loc_41BAEF: ; CODE XREF: sub_41B981+78�j
inc dword_435394
push 100h
call sub_402A08
mov esi, eax
push esi
call sub_402E05
push eax
mov ebx, offset dword_4268B8
call sub_419EC1
add esp, 0Ch
push dword_435394
push [ebp+var_14]
call ds:dword_41D25C
push eax
push offset dword_41F898
push esi
push 0
push offset dword_4283FC
call sub_417B51
push esi
call sub_402F5B
add esp, 1Ch
push [ebp+var_230]
call ds:dword_41D280
push [ebp+var_228]
call sub_403884
pop ecx
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
xor eax, eax
pop ebx
call sub_402AD0
leave
retn 4
; ---------------------------------------------------------------------------
loc_41BB6B: ; CODE XREF: sub_41B981+100�j
; sub_41B981+125�j ...
push edi
call ds:dword_41D280
push [ebp+var_228]
call sub_403884
pop ecx
jmp loc_41B9A0
sub_41B981 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB83 proc near ; DATA XREF: sub_41BD26+53�o
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_134 = dword ptr -134h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 14Ch
mov eax, dword_423064
xor eax, esp
mov [esp+14Ch+var_4], eax
push ebx
push esi
push edi
push 11h
xor esi, esi
push 2
inc esi
push 2
mov [esp+164h+var_140], esi
call ds:dword_41D220
cmp eax, 0FFFFFFFFh
mov dword_428424, eax
jnz short loc_41BBCC
xor ebx, ebx
loc_41BBBF: ; CODE XREF: sub_41BB83+C1�j
mov byte_43538D, bl
loc_41BBC5: ; CODE XREF: sub_41BB83+BF�j
push ebx
call ds:off_41D10C
loc_41BBCC: ; CODE XREF: sub_41BB83+38�j
push 4
lea ecx, [esp+15Ch+var_140]
push ecx
push 4
push 0FFFFh
push eax
call ds:dword_41D24C
xor eax, eax
lea edi, [esp+158h+var_14]
stosd
stosd
stosd
stosd
push 45h
mov [esp+15Ch+var_14], 2
call ds:dword_41D270
mov [esp+158h+var_12], ax
push 10h
lea eax, [esp+15Ch+var_14]
push eax
push dword_428424
xor ebx, ebx
mov [esp+164h+var_10], ebx
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
jnz loc_41BCF5
push dword_428424
call ds:dword_41D280
cmp byte_43538D, bl
jz short loc_41BBC5
jmp loc_41BBBF
; ---------------------------------------------------------------------------
loc_41BC49: ; CODE XREF: sub_41BB83+178�j
mov eax, dword_428424
mov [esp+158h+var_11C], eax
xor eax, eax
lea edi, [esp+158h+var_148]
stosd
stosd
lea eax, [esp+158h+var_148]
push eax
push ebx
push ebx
lea eax, [esp+164h+var_120]
push eax
push ebx
mov [esp+16Ch+var_120], esi
mov [esp+16Ch+var_148], 5
mov [esp+16Ch+var_144], ebx
call ds:dword_41D254
test eax, eax
jle short loc_41BCF5
xor eax, eax
lea edi, [esp+158h+var_134]
stosd
stosd
stosd
stosd
stosd
lea eax, [esp+158h+var_13C]
push eax
lea eax, [esp+15Ch+var_14]
push eax
push ebx
push 14h
lea eax, [esp+168h+var_134]
push eax
push dword_428424
mov [esp+170h+var_13C], 10h
call ds:dword_41D258
cmp eax, 0FFFFFFFFh
jz short loc_41BCF5
push [esp+158h+var_134]
inc dword_435390
call ds:dword_41D250
cmp ax, si
jnz short loc_41BCF5
lea eax, [esp+158h+var_138]
push eax
push ebx
lea eax, [esp+160h+var_14]
push eax
push offset sub_41B981
push ebx
push ebx
call ds:off_41D090
push 3E8h
call ds:off_41D0F8
loc_41BCF5: ; CODE XREF: sub_41BB83+A7�j
; sub_41BB83+FC�j ...
cmp byte_43538D, bl
jnz loc_41BC49
push dword_428424
call ds:dword_41D280
mov ecx, [esp+158h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402AD0
mov esp, ebp
pop ebp
retn 4
sub_41BB83 endp
; =============== S U B R O U T I N E =======================================
sub_41BD26 proc near ; CODE XREF: .text:00402330�p
; sub_41C28D+3EE�p
push 4
mov eax, offset loc_41C944
call sub_40497C
xor ebx, ebx
cmp byte_43538D, bl
jz short loc_41BD40
loc_41BD3C: ; CODE XREF: sub_41BD26+74�j
mov al, 1
jmp short loc_41BDA4
; ---------------------------------------------------------------------------
loc_41BD40: ; CODE XREF: sub_41BD26+14�j
mov edi, 100h
push edi
push ebx
mov esi, offset dword_428428
push esi
call sub_407F20
add esp, 0Ch
push edi
push esi
push ebx
call ds:off_41D0E0
push eax
call ds:off_41D060
push 8
call sub_40340B
mov esi, eax
pop ecx
mov [ebp-10h], esi
cmp esi, ebx
mov [ebp-4], ebx
jz short loc_41BD8C
push offset sub_41BB83
xor ecx, ecx
mov edi, offset dword_41F888
call sub_414884
jmp short loc_41BD8E
; ---------------------------------------------------------------------------
loc_41BD8C: ; CODE XREF: sub_41BD26+51�j
xor eax, eax
loc_41BD8E: ; CODE XREF: sub_41BD26+64�j
cmp [eax+4], ebx
jz short loc_41BD9C
mov byte_43538D, 1
jmp short loc_41BD3C
; ---------------------------------------------------------------------------
loc_41BD9C: ; CODE XREF: sub_41BD26+6B�j
mov byte_43538D, bl
xor al, al
loc_41BDA4: ; CODE XREF: sub_41BD26+18�j
call sub_404A1B
retn
sub_41BD26 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BDAA proc near ; CODE XREF: .text:004017E7�p
; .text:00401A5F�p ...
var_3DC = dword ptr -3DCh
var_3D8 = byte ptr -3D8h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 3E0h
mov eax, dword_423064
xor eax, esp
mov [esp+3E0h+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [esp+3ECh+var_3DC], eax
lea eax, [esp+3ECh+var_207]
push ebx
push eax
mov [esp+3F4h+var_208], bl
call sub_407F20
add esp, 0Ch
push 0FFh
lea eax, [esp+3ECh+var_307]
push ebx
push eax
mov [esp+3F4h+var_308], bl
call sub_407F20
add esp, 0Ch
lea eax, [esp+3E8h+var_3D8]
call sub_414B90
push [esp+3E8h+var_3DC]
lea eax, [esp+3ECh+var_208]
push offset dword_420578
push esi
push eax
call sub_402EAE
lea eax, [esp+3F8h+var_208]
add esp, 10h
lea esi, [eax+1]
loc_41BE37: ; CODE XREF: sub_41BDAA+92�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BE37
lea ecx, [esp+3E8h+var_3D8]
push ecx
sub eax, esi
push eax
lea ecx, [esp+3F0h+var_208]
call sub_417450
push 200h
lea eax, [esp+3F4h+var_208]
push ebx
push eax
call sub_407F20
lea eax, [esp+3FCh+var_308]
add esp, 14h
push eax
lea ebx, [esp+3ECh+var_3D8]
call sub_4172D0
pop ecx
push 0C0h
push 0
push edi
call sub_407F20
add esp, 0Ch
xor esi, esi
loc_41BE8C: ; CODE XREF: sub_41BDAA+114�j
movzx eax, [esp+esi+3E8h+var_308]
push eax
push edi
push offset dword_42057C
push 0BFh
push edi
call sub_402EAE
mov eax, edi
add esp, 14h
lea ecx, [eax+1]
loc_41BEAE: ; CODE XREF: sub_41BDAA+109�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41BEAE
sub eax, ecx
inc esi
cmp esi, 40h
mov [eax+edi], dl
jl short loc_41BE8C
mov ecx, [esp+3E8h+var_4]
pop esi
pop ebx
xor ecx, esp
mov eax, edi
call sub_402AD0
mov esp, ebp
pop ebp
retn
sub_41BDAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BED6 proc near ; DATA XREF: .text:004019AF�o
; .text:00401BD9�o ...
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_73C = byte ptr -73Ch
var_738 = byte ptr -738h
var_638 = byte ptr -638h
var_615 = byte ptr -615h
var_515 = byte ptr -515h
var_415 = byte ptr -415h
var_414 = byte ptr -414h
var_413 = dword ptr -413h
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 754h
mov eax, dword_423064
xor eax, esp
mov [esp+754h+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov ecx, 0C9h
lea edi, [esp+760h+var_738]
rep movsd
xor ebx, ebx
push ebx
push ebx
push ebx
movsw
push ebx
push offset dword_41F750
movsb
call ds:dword_41D218
mov esi, eax
lea eax, [esp+760h+var_515]
push eax
lea eax, [esp+764h+var_615]
push eax
push offset dword_41F75C
lea eax, [esp+76Ch+var_738]
push eax
push [esp+770h+var_413]
mov edi, offset dword_4283FC
push edi
call sub_417B51
add esp, 18h
push ebx
push ebx
push ebx
push ebx
lea eax, [esp+770h+var_615]
push eax
push esi
call ds:dword_41D214
cmp esi, ebx
mov [esp+760h+var_744], eax
jz loc_41C0F5
cmp eax, ebx
jz loc_41C0EE
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [esp+778h+var_515]
push eax
call ds:off_41D06C
mov [esp+760h+var_748], eax
call ds:off_41D104
mov [esp+760h+var_740], eax
mov [esp+760h+var_750], ebx
mov esi, 400h
loc_41BF9D: ; CODE XREF: sub_41BED6+11F�j
push esi
lea eax, [esp+764h+var_408]
push ebx
push eax
call sub_407F20
add esp, 0Ch
lea eax, [esp+760h+var_74C]
push eax
push esi
lea eax, [esp+768h+var_408]
push eax
push [esp+76Ch+var_744]
call ds:dword_41D210
push ebx
lea eax, [esp+764h+var_73C]
push eax
push [esp+768h+var_74C]
lea eax, [esp+76Ch+var_408]
push eax
push [esp+770h+var_748]
call ds:off_41D088
test eax, eax
jz loc_41C0A0
mov eax, [esp+760h+var_74C]
add [esp+760h+var_750], eax
cmp eax, ebx
ja short loc_41BF9D
call ds:off_41D104
sub eax, [esp+760h+var_740]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ecx, eax
cmp ecx, ebx
jnz short loc_41C013
xor ecx, ecx
inc ecx
loc_41C013: ; CODE XREF: sub_41BED6+138�j
mov eax, [esp+760h+var_750]
xor edx, edx
div ecx
shr eax, 0Ah
push eax
push ecx
push [esp+768h+var_750]
lea eax, [esp+76Ch+var_515]
push eax
push offset dword_41F794
lea eax, [esp+774h+var_738]
push eax
push [esp+778h+var_413]
push edi
call sub_417B51
add esp, 20h
push [esp+760h+var_748]
call ds:off_41D0D8
cmp [esp+760h+var_415], 1
jnz loc_41C10F
cmp [esp+760h+var_414], bl
lea eax, [esp+760h+var_515]
jz short loc_41C0AE
push eax
call sub_419A09
test al, al
pop ecx
lea eax, [esp+760h+var_738]
jz short loc_41C0A7
push offset dword_41F7D0
push eax
push [esp+768h+var_413]
push edi
call sub_417B51
add esp, 10h
lea eax, [esp+760h+var_638]
push eax
call sub_419C67
loc_41C0A0: ; CODE XREF: sub_41BED6+10F�j
push offset dword_41F778
jmp short loc_41C0FA
; ---------------------------------------------------------------------------
loc_41C0A7: ; CODE XREF: sub_41BED6+1A5�j
push offset dword_41F7EC
jmp short loc_41C0FE
; ---------------------------------------------------------------------------
loc_41C0AE: ; CODE XREF: sub_41BED6+196�j
push 5
push ebx
push ebx
push eax
push offset byte_41EF1F
push ebx
call ds:dword_41D1E0
test eax, eax
jnz short loc_41C0CA
push offset dword_41F804
jmp short loc_41C0FA
; ---------------------------------------------------------------------------
loc_41C0CA: ; CODE XREF: sub_41BED6+1EB�j
lea eax, [esp+760h+var_515]
push eax
push offset dword_41F820
lea eax, [esp+768h+var_738]
push eax
push [esp+76Ch+var_413]
push edi
call sub_417B51
add esp, 14h
jmp short loc_41C10F
; ---------------------------------------------------------------------------
loc_41C0EE: ; CODE XREF: sub_41BED6+91�j
push offset dword_41F838
jmp short loc_41C0FA
; ---------------------------------------------------------------------------
loc_41C0F5: ; CODE XREF: sub_41BED6+89�j
push offset dword_41F84C
loc_41C0FA: ; CODE XREF: sub_41BED6+1CF�j
; sub_41BED6+1F2�j ...
lea eax, [esp+764h+var_738]
loc_41C0FE: ; CODE XREF: sub_41BED6+1D6�j
push eax
push [esp+768h+var_413]
push edi
call sub_417B51
add esp, 10h
loc_41C10F: ; CODE XREF: sub_41BED6+182�j
; sub_41BED6+216�j
call ds:off_41D0DC
push eax
call sub_41481B
pop ecx
mov ecx, [esp+760h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402AD0
mov esp, ebp
pop ebp
retn 4
sub_41BED6 endp
; =============== S U B R O U T I N E =======================================
sub_41C135 proc near ; CODE XREF: sub_41C28D+2C0�p
push 334h
mov eax, offset loc_41C9CC
call sub_4049E5
push 327h
xor ebx, ebx
lea eax, [ebp-338h]
push ebx
push eax
call sub_407F20
lea eax, [ebp-338h]
add esp, 0Ch
lea edx, [eax+1]
loc_41C164: ; CODE XREF: sub_41C135+34�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41C164
sub eax, edx
mov [ebp+eax-338h], bl
lea eax, [ebp-238h]
lea esi, [eax+1]
loc_41C17D: ; CODE XREF: sub_41C135+4D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41C17D
sub eax, esi
push offset dword_41F700
mov [ebp+eax-238h], bl
mov esi, 0FFh
lea eax, [ebp-215h]
push esi
push eax
call sub_402EAE
lea eax, [ebp-215h]
add esp, 0Ch
lea edi, [eax+1]
loc_41C1B0: ; CODE XREF: sub_41C135+80�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41C1B0
sub eax, edi
push offset dword_41F72C
mov [ebp+eax-215h], bl
lea eax, [ebp-115h]
push esi
push eax
call sub_402EAE
lea eax, [ebp-115h]
add esp, 0Ch
lea esi, [eax+1]
loc_41C1DE: ; CODE XREF: sub_41C135+AE�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41C1DE
sub eax, esi
mov [ebp+eax-115h], bl
push 8
mov byte ptr [ebp-12h], 1
mov [ebp-13h], bl
mov byte ptr [ebp-15h], 1
mov [ebp-14h], bl
call sub_40340B
mov esi, eax
pop ecx
mov [ebp-33Ch], esi
cmp esi, ebx
mov [ebp-4], ebx
jz short loc_41C228
push offset sub_41BED6
lea ecx, [ebp-338h]
mov edi, offset dword_41F738
call sub_414884
loc_41C228: ; CODE XREF: sub_41C135+DC�j
call sub_404A2F
retn
sub_41C135 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C22E proc near ; CODE XREF: .text:0041CB30�p
; .text:0041CB4C�p ...
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_104]
push 100h
push eax
mov dword ptr [esi], offset dword_420B24
mov [ebp+var_108], esi
call sub_402EAE
mov eax, dword_435690
add esp, 0Ch
lea edx, [ebp+var_108]
push edx
mov ecx, offset dword_43568C
push eax
push ecx
call sub_40121E
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402AD0
leave
retn 4
sub_41C22E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C28D proc near ; CODE XREF: .text:00404464�p
var_76C = dword ptr -76Ch
var_768 = dword ptr -768h
var_764 = byte ptr -764h
var_750 = dword ptr -750h
var_740 = dword ptr -740h
var_728 = dword ptr -728h
var_6BC = byte ptr -6BCh
var_510 = byte ptr -510h
var_50C = byte ptr -50Ch
var_504 = byte ptr -504h
var_500 = byte ptr -500h
var_4FF = byte ptr -4FFh
var_4EC = byte ptr -4ECh
var_4C8 = byte ptr -4C8h
var_4B0 = byte ptr -4B0h
var_4A8 = byte ptr -4A8h
var_4A7 = byte ptr -4A7h
var_44C = byte ptr -44Ch
var_440 = byte ptr -440h
var_430 = byte ptr -430h
var_428 = byte ptr -428h
var_427 = byte ptr -427h
var_344 = byte ptr -344h
var_338 = byte ptr -338h
var_328 = byte ptr -328h
var_320 = byte ptr -320h
var_31F = byte ptr -31Fh
var_238 = byte ptr -238h
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_118 = byte ptr -118h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 72Ch
mov eax, dword_423064
xor eax, esp
mov [esp+72Ch+var_4], eax
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov [esp+738h+var_728], eax
call sub_419E67
test al, al
jz short loc_41C2D3
loc_41C2BA: ; CODE XREF: sub_41C28D+1BF�j
; sub_41C28D+1EA�j ...
mov ecx, [esp+738h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402AD0
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_41C2D3: ; CODE XREF: sub_41C28D+2B�j
call sub_419DDC
test al, al
jnz loc_41C735
call ds:off_41D08C
test eax, eax
jnz loc_41C735
mov esi, offset dword_420278
lea edi, [esp+738h+var_4EC]
movsd
movsd
movsw
movsb
mov edi, 103h
xor ebx, ebx
push edi
lea eax, [esp+73Ch+var_10F]
push ebx
push eax
mov [esp+744h+var_110], bl
call sub_407F20
add esp, 0Ch
push edi
lea eax, [esp+73Ch+var_31F]
push ebx
push eax
mov [esp+744h+var_320], bl
call sub_407F20
add esp, 0Ch
push edi
lea eax, [esp+73Ch+var_427]
push ebx
push eax
mov [esp+744h+var_428], bl
call sub_407F20
add esp, 0Ch
push 7Fh
lea eax, [esp+73Ch+var_4A7]
push ebx
push eax
mov [esp+744h+var_4A8], bl
call sub_407F20
add esp, 0Ch
push edi
lea eax, [esp+73Ch+var_110]
push eax
call ds:off_41D0F0
push 80h
lea esi, [esp+744h+var_4B0]
mov ebx, offset byte_426A49
call sub_419EC1
pop ecx
mov eax, esi
push eax
lea eax, [esp+744h+var_118]
push eax
push offset dword_420284
lea eax, [esp+74Ch+var_430]
push edi
push eax
call sub_402EAE
lea eax, [esp+754h+var_430]
add esp, 14h
lea ecx, [eax+1]
loc_41C3BC: ; CODE XREF: sub_41C28D+134�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41C3BC
sub eax, ecx
xor ebx, ebx
mov [esp+eax+740h+var_430], bl
mov esi, 104h
push esi
lea eax, [esp+744h+var_328]
push eax
push ebx
call ds:off_41D0E0
push eax
call ds:off_41D060
lea eax, [esp+750h+var_504]
lea ecx, [eax+1]
loc_41C3F4: ; CODE XREF: sub_41C28D+16C�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41C3F4
sub eax, ecx
push eax
lea eax, [esp+754h+var_504]
push eax
push [esp+758h+var_740]
call sub_402DA9
add esp, 0Ch
test eax, eax
jz short loc_41C47C
push esi
lea eax, [esp+754h+var_440]
push eax
lea eax, [esp+758h+var_338]
push eax
call sub_402DA9
add esp, 0Ch
test eax, eax
jz short loc_41C47C
push ebx
lea eax, [esp+754h+var_440]
push eax
lea eax, [esp+758h+var_338]
push eax
call ds:off_41D080
test eax, eax
jz loc_41C2BA
lea eax, [esp+75Ch+var_344]
push eax
lea eax, [esp+760h+var_510]
push eax
lea eax, [esp+764h+var_44C]
push eax
push offset dword_42028C
call sub_419A09
add esp, 10h
jmp loc_41C2BA
; ---------------------------------------------------------------------------
loc_41C47C: ; CODE XREF: sub_41C28D+187�j
; sub_41C28D+1A4�j
lea eax, [esp+750h+var_504]
lea edx, [eax+1]
loc_41C486: ; CODE XREF: sub_41C28D+1FE�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41C486
sub eax, edx
push eax
lea eax, [esp+754h+var_504]
push eax
push [esp+758h+var_740]
call sub_402DA9
add esp, 0Ch
test eax, eax
jnz loc_41C552
push esi
lea eax, [esp+754h+var_440]
push eax
lea eax, [esp+758h+var_338]
push eax
call sub_402DA9
add esp, 0Ch
test eax, eax
jnz loc_41C552
push edi
lea eax, [esp+754h+var_22F]
push ebx
push eax
mov [esp+75Ch+var_230], bl
call sub_407F20
lea eax, [esp+75Ch+var_504]
add esp, 0Ch
lea edi, [eax+1]
loc_41C4F0: ; CODE XREF: sub_41C28D+268�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41C4F0
mov ecx, [esp+750h+var_740]
sub eax, edi
add eax, ecx
push eax
push offset dword_420294
lea eax, [esp+758h+var_230]
push esi
push eax
call sub_402EAE
add esp, 10h
xor edi, edi
loc_41C518: ; CODE XREF: sub_41C28D+2AC�j
lea eax, [esp+750h+var_230]
push eax
call ds:off_41D0CC
test eax, eax
jnz short loc_41C53B
push 0C8h
call ds:off_41D0F8
inc edi
cmp edi, 3
jb short loc_41C518
loc_41C53B: ; CODE XREF: sub_41C28D+29B�j
push esi
lea eax, [esp+75Ch+var_238]
push ebx
push eax
call sub_407F20
add esp, 0Ch
call sub_41C135
loc_41C552: ; CODE XREF: sub_41C28D+219�j
; sub_41C28D+23A�j
push 80h
lea eax, [esp+75Ch+var_4C8]
push ebx
push eax
call sub_407F20
add esp, 0Ch
push 37h
lea eax, [esp+75Ch+var_4FF]
push ebx
push eax
mov [esp+764h+var_500], bl
call sub_407F20
add esp, 0Ch
push 38h
lea esi, [esp+75Ch+var_500]
mov ebx, offset byte_426AC9
call sub_419EC1
pop ecx
mov eax, esi
push eax
push 1
xor ebx, ebx
push ebx
call ds:off_41D084
push 38h
mov esi, eax
lea eax, [esp+768h+var_50C]
push ebx
push eax
call sub_407F20
add esp, 0Ch
push 1388h
push esi
call ds:off_41D07C
cmp eax, 102h
jnz short loc_41C5D3
push ebx
call ds:off_41D050
loc_41C5D3: ; CODE XREF: sub_41C28D+33D�j
call sub_417776
push 8
call sub_40340B
cmp eax, ebx
pop ecx
jz short loc_41C5F7
push offset sub_417909
xor ecx, ecx
mov edi, offset dword_420298
mov esi, eax
call sub_414884
loc_41C5F7: ; CODE XREF: sub_41C28D+355�j
lea eax, [esp+770h+var_750]
push eax
mov [esp+774h+var_750], 94h
call ds:off_41D068
cmp [esp+774h+var_750], 4
jz short loc_41C630
push 8
call sub_40340B
cmp eax, ebx
pop ecx
jz short loc_41C630
push offset sub_41A690
xor ecx, ecx
mov edi, offset dword_42029C
mov esi, eax
call sub_414884
loc_41C630: ; CODE XREF: sub_41C28D+382�j
; sub_41C28D+38E�j
push 8
mov byte_428400, bl
call sub_40340B
cmp eax, ebx
pop ecx
jz short loc_41C655
push offset sub_418AF1
xor ecx, ecx
mov edi, offset dword_4202A0
mov esi, eax
call sub_414884
loc_41C655: ; CODE XREF: sub_41C28D+3B3�j
lea eax, [esp+774h+var_6BC]
push eax
push 202h
call ds:dword_41D274
test eax, eax
jnz loc_41C72A
call sub_419AEB
mov byte_43538D, bl
call sub_41BD26
mov eax, [ebp+arg_0]
mov byte_4282F4, bl
mov dword_4280E4, eax
call sub_419507
mov eax, dword_435690
mov eax, [eax]
mov ebx, offset dword_43568C
mov [esp+77Ch+var_768], eax
mov [esp+77Ch+var_76C], ebx
loc_41C6A7: ; CODE XREF: sub_41C28D+445�j
cmp [esp+77Ch+var_76C], 0
mov esi, dword_435690
jz short loc_41C6BA
cmp [esp+77Ch+var_76C], ebx
jz short loc_41C6BF
loc_41C6BA: ; CODE XREF: sub_41C28D+425�j
call sub_40331D
loc_41C6BF: ; CODE XREF: sub_41C28D+42B�j
cmp [esp+77Ch+var_768], esi
jz short loc_41C6D4
lea edi, [esp+77Ch+var_764]
lea esi, [esp+77Ch+var_76C]
call sub_40168C
jmp short loc_41C6A7
; ---------------------------------------------------------------------------
loc_41C6D4: ; CODE XREF: sub_41C28D+436�j
mov edi, offset dword_4283FC
loc_41C6D9: ; CODE XREF: sub_41C28D+49B�j
push 3
mov esi, offset dword_425E30
pop ebx
loc_41C6E1: ; CODE XREF: sub_41C28D+499�j
movsx eax, word ptr [esi+200h]
push eax
push esi
lea edx, [esi-200h]
mov ecx, edi
call sub_41881F
test al, al
jz short loc_41C70D
mov byte_428400, 1
loc_41C702: ; CODE XREF: sub_41C28D+47E�j
mov ecx, edi
call sub_4186F1
test al, al
jnz short loc_41C702
loc_41C70D: ; CODE XREF: sub_41C28D+46C�j
push 3A98h
mov byte_428400, 0
call ds:off_41D0F8
add esi, 402h
dec ebx
jnz short loc_41C6E1
jmp short loc_41C6D9
; ---------------------------------------------------------------------------
loc_41C72A: ; CODE XREF: sub_41C28D+3DD�j
call ds:dword_41D240
jmp loc_41C2BA
; ---------------------------------------------------------------------------
loc_41C735: ; CODE XREF: sub_41C28D+4D�j
; sub_41C28D+5B�j
push offset byte_41EF27
call sub_419C67
int 3 ; Trap to Debugger
sub_41C28D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C740 proc near ; CODE XREF: sub_419590+2F�p
; sub_419590+6C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41C761
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41C761: ; CODE XREF: sub_41C740+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41C77D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41C77D: ; CODE XREF: sub_41C740+27�j
or eax, eax
jnz short loc_41C799
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41C7DA
; ---------------------------------------------------------------------------
loc_41C799: ; CODE XREF: sub_41C740+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41C7A7: ; CODE XREF: sub_41C740+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41C7A7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41C7D5
cmp edx, [esp+0Ch+arg_4]
ja short loc_41C7D5
jb short loc_41C7D6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41C7D6
loc_41C7D5: ; CODE XREF: sub_41C740+85�j
; sub_41C740+8B�j
dec esi
loc_41C7D6: ; CODE XREF: sub_41C740+8D�j
; sub_41C740+93�j
xor edx, edx
mov eax, esi
loc_41C7DA: ; CODE XREF: sub_41C740+57�j
dec edi
jnz short loc_41C7E4
neg edx
neg eax
sbb edx, 0
loc_41C7E4: ; CODE XREF: sub_41C740+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41C740 endp
; ---------------------------------------------------------------------------
align 10h
cmp dword_4356E0, 0
jz short sub_41C826
loc_41C7F9: ; CODE XREF: .text:0041C824�j
push ebp
mov ebp, esp
sub esp, 8
and esp, 0FFFFFFF8h
fstp qword ptr [esp]
cvttsd2si eax, qword ptr [esp]
leave
retn
; ---------------------------------------------------------------------------
cmp dword_4356E0, 0
jz short sub_41C826
sub esp, 4
fnstcw word ptr [esp]
pop eax
and ax, 7Fh
cmp ax, 7Fh
jz short loc_41C7F9
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C826 proc near ; CODE XREF: .text:0041B53A�p
; .text:0041C7F7�j ...
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_41C885
loc_41C849: ; CODE XREF: sub_41C826+69�j
fsubp st(1), st
test edx, edx
jns short loc_41C86D
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_41C899
; ---------------------------------------------------------------------------
loc_41C86D: ; CODE XREF: sub_41C826+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_41C899
; ---------------------------------------------------------------------------
loc_41C885: ; CODE XREF: sub_41C826+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_41C849
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_41C899: ; CODE XREF: sub_41C826+45�j
; sub_41C826+5D�j
leave
retn
sub_41C826 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C8A3: ; DATA XREF: sub_402A3A+2�o
; sub_402A79+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_4215C8
jmp sub_40463E
; ---------------------------------------------------------------------------
loc_41C8BE: ; DATA XREF: sub_40B863+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421968
jmp sub_40463E
; =============== S U B R O U T I N E =======================================
sub_41C8D9 proc near ; CODE XREF: sub_408412+14�p
; DATA XREF: sub_401442+2�o
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
lea eax, [edx+0Ch]
mov ecx, [edx-1Ch]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421E20
jmp sub_40463E
sub_41C8D9 endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_40308A
; ---------------------------------------------------------------------------
loc_41C8FC: ; DATA XREF: sub_401065+2�o
; sub_4013E6+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421E50
jmp sub_40463E
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C91F: ; DATA XREF: sub_4016BA+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-58h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421E80
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C944: ; DATA XREF: sub_41BD26+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421D10
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C969: ; DATA XREF: sub_419507+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421D3C
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-154h]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C991: ; DATA XREF: sub_4145BE+8�o
mov edx, [esp+8]
lea eax, [edx-154h]
mov ecx, [edx-158h]
xor ecx, eax
call sub_402AD0
add eax, 8
mov ecx, [edx-8]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421D68
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-33Ch]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C9CC: ; DATA XREF: sub_41C135+5�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-344h]
xor ecx, eax
call sub_402AD0
mov ecx, [edx-4]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421D94
jmp sub_40463E
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C9FC: ; DATA XREF: sub_40121E+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421EB0
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-58h]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41CA21: ; DATA XREF: .text:004022D8�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-70h]
xor ecx, eax
call sub_402AD0
mov ecx, [edx-4]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421EE0
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-13Ch]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41CA53: ; DATA XREF: .text:00401E52�o
mov edx, [esp+8]
lea eax, [edx-13Ch]
mov ecx, [edx-140h]
xor ecx, eax
call sub_402AD0
add eax, 0Ch
mov ecx, [edx-8]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421F10
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4BCh]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41CA8E: ; DATA XREF: .text:004019F8�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402AD0
mov ecx, [edx-4]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421F40
jmp sub_40463E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4C0h]
call sub_40332D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41CAC3: ; DATA XREF: .text:00401780�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402AD0
mov ecx, [edx-4]
xor ecx, eax
call sub_402AD0
mov eax, offset dword_421F70
jmp sub_40463E
; ---------------------------------------------------------------------------
loc_41CAEB: ; DATA XREF: c.7ld2ih:0041D28C�o
call sub_401291
and dword_435694, 0
push offset loc_41CC9F
mov dword_435690, eax
call sub_4031E1
pop ecx
retn
; ---------------------------------------------------------------------------
call sub_40172D
and dword_4356A0, 0
push offset loc_41CCE8
mov dword_43569C, eax
call sub_4031E1
pop ecx
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F73C
mov esi, offset dword_4356A8
call sub_41C22E
mov dword_4356A8, offset dword_420B94
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F748
mov esi, offset dword_4356A4
call sub_41C22E
mov dword_4356A4, offset dword_420B9C
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F6D8
mov esi, offset dword_4356B4
call sub_41C22E
mov dword_4356B4, offset dword_420C10
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F6E0
mov esi, offset dword_4356AC
call sub_41C22E
mov dword_4356AC, offset dword_420C18
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F6E8
mov esi, offset dword_4356B0
call sub_41C22E
mov dword_4356B0, offset dword_420C20
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F6C0
mov esi, offset dword_4356B8
call sub_41C22E
mov dword_4356B8, offset dword_420C38
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F658
mov esi, offset dword_4356C0
call sub_41C22E
mov dword_4356C0, offset dword_420C84
pop esi
retn
; ---------------------------------------------------------------------------
push esi
push offset dword_41F65C
mov esi, offset dword_4356BC
call sub_41C22E
mov dword_4356BC, offset dword_420C8C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CC05: ; DATA XREF: c.7ld2ih:0041D2B4�o
push esi
push offset dword_41F638
mov esi, offset dword_4356C4
call sub_41C22E
mov dword_4356C4, offset dword_420D4C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CC21: ; DATA XREF: c.7ld2ih:0041D2B8�o
push esi
push offset dword_41F640
mov esi, offset dword_4356C8
call sub_41C22E
mov dword_4356C8, offset dword_420D54
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CC3D: ; DATA XREF: c.7ld2ih:0041D2BC�o
mov eax, dword_425824
add eax, 6
mov dword_4356CC, eax
retn
; ---------------------------------------------------------------------------
loc_41CC4B: ; DATA XREF: c.7ld2ih:0041D2C0�o
push esi
push offset dword_41EEE8
mov esi, offset dword_4356D8
call sub_41C22E
mov dword_4356D8, offset dword_420EA4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CC67: ; DATA XREF: c.7ld2ih:0041D2C4�o
push esi
push offset dword_41EEF4
mov esi, offset dword_4356D0
call sub_41C22E
mov dword_4356D0, offset dword_420EAC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CC83: ; DATA XREF: c.7ld2ih:0041D2C8�o
push esi
push offset dword_41EF00
mov esi, offset dword_4356D4
call sub_41C22E
mov dword_4356D4, offset dword_420EB4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CC9F: ; DATA XREF: .text:0041CAF7�o
mov eax, dword_435690
mov ecx, [eax]
mov [eax], eax
mov eax, dword_435690
mov [eax+4], eax
and dword_435694, 0
cmp ecx, dword_435690
jz short loc_41CCD4
push esi
loc_41CCC0: ; CODE XREF: .text:0041CCD1�j
mov esi, [ecx]
push ecx
call sub_40332D
cmp esi, dword_435690
pop ecx
mov ecx, esi
jnz short loc_41CCC0
pop esi
loc_41CCD4: ; CODE XREF: .text:0041CCBD�j
push dword_435690
call sub_40332D
and dword_435690, 0
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41CCE8: ; DATA XREF: .text:0041CB14�o
mov eax, dword_43569C
mov ecx, [eax]
mov [eax], eax
mov eax, dword_43569C
mov [eax+4], eax
and dword_4356A0, 0
cmp ecx, dword_43569C
jz short loc_41CD1D
push esi
loc_41CD09: ; CODE XREF: .text:0041CD1A�j
mov esi, [ecx]
push ecx
call sub_40332D
cmp esi, dword_43569C
pop ecx
mov ecx, esi
jnz short loc_41CD09
pop esi
loc_41CD1D: ; CODE XREF: .text:0041CD06�j
push dword_43569C
call sub_40332D
and dword_43569C, 0
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41CD31: ; DATA XREF: sub_40340B+40�o
mov dword_4274C4, offset off_41D324
mov ecx, offset dword_4274C4
jmp sub_40308A
; ---------------------------------------------------------------------------
align 400h
_text ends
; Section 2. (virtual address 0001D000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 0001D000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
c_7ld2ih segment para public 'CODE' use32
assume cs:c_7ld2ih
;org 41D000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
off_41D000 dd offset word_459C2E ; DATA XREF: sub_417722+39�r
off_41D004 dd offset byte_45584B ; DATA XREF: sub_41764F+1D�r
; sub_417722+1B�r
off_41D008 dd offset word_449222 ; DATA XREF: sub_4176BD+31�r
off_41D00C dd offset byte_439C09 ; DATA XREF: sub_41764F+52�r
off_41D010 dd offset byte_447BDD ; DATA XREF: sub_41764F+2A�r
; sub_41764F+60�r ...
off_41D014 dd offset byte_457779 ; DATA XREF: sub_41A025+3C�r
off_41D018 dd offset byte_439013 ; DATA XREF: sub_41A45D+A5�r
; sub_41A45D+1B6�r
off_41D01C dd offset byte_4450FB ; DATA XREF: sub_419F50+82�r
off_41D020 dd offset byte_443951 ; DATA XREF: sub_41A28F+132�r
off_41D024 dd offset word_44DA96 ; DATA XREF: sub_41A40D+C�r
off_41D028 dd offset dword_44BD00 ; DATA XREF: sub_419F50+24�r
off_41D02C dd offset word_44C2F6 ; DATA XREF: sub_4176BD+14�r
; sub_41A28F+90�r ...
off_41D030 dd offset dword_450504 ; DATA XREF: sub_41A690+299�r
off_41D034 dd offset word_44E74E ; DATA XREF: sub_41A025+19�r
off_41D038 dd offset dword_44F164 ; DATA XREF: sub_41A690+27D�r
off_41D03C dd offset dword_441AC0 ; DATA XREF: sub_41A40D+2E�r
off_41D040 dd offset word_44FC72 ; DATA XREF: sub_41A40D+3B�r
off_41D044 dd offset word_45943A ; DATA XREF: sub_41A40D+1E�r
off_41D048 dd offset word_459D7E ; DATA XREF: .text:0040218A�r
align 10h
off_41D050 dd offset word_443ECE ; DATA XREF: sub_407C57+E�r
; sub_419C67+168�r ...
off_41D054 dd offset byte_440D91 ; DATA XREF: sub_410661+22�r
; sub_41960F+29�r
off_41D058 dd offset dword_4397BC ; DATA XREF: sub_40B439+5D�r
; sub_419590+B�r
off_41D05C dd offset dword_45A6BC ; DATA XREF: sub_419A09+8B�r
off_41D060 dd offset dword_443738 ; DATA XREF: sub_409E64+99�r
; sub_40B203+2A�r ...
off_41D064 dd offset dword_451220 ; DATA XREF: sub_419590+19�r
off_41D068 dd offset dword_44E17C ; DATA XREF: .text:00404340�r
; sub_419641+24�r ...
off_41D06C dd offset word_44457A ; DATA XREF: sub_40E422+234�r
; sub_4117DB+13�r ...
off_41D070 dd offset dword_4429A0 ; DATA XREF: sub_418D42+31E�r
off_41D074 dd offset byte_4566A9 ; DATA XREF: sub_40D06E+40�r
; sub_410B0B+2D�r ...
off_41D078 dd offset byte_44623D ; DATA XREF: sub_40A15D+17F�r
; sub_40A15D+2A3�r ...
off_41D07C dd offset byte_452465 ; DATA XREF: sub_414884+5E�r
; .text:0041B65C�r ...
off_41D080 dd offset dword_458F10 ; DATA XREF: sub_41C28D+1B7�r
off_41D084 dd offset dword_43F534 ; DATA XREF: sub_41C28D+311�r
off_41D088 dd offset byte_455C7F ; DATA XREF: sub_409E64+194�r
; sub_40D20A+212�r ...
off_41D08C dd offset word_450102 ; DATA XREF: sub_4031FD+AA�r
; sub_404A3E+B9�r ...
off_41D090 dd offset word_44D736 ; DATA XREF: sub_414884+1C�r
; sub_41BB83+161�r
off_41D094 dd offset byte_440E99 ; DATA XREF: sub_4147FC+8�r
off_41D098 dd offset word_440E1A ; DATA XREF: .text:0040212D�r
off_41D09C dd offset word_44F0B6 ; DATA XREF: .text:0041B5CE�r
off_41D0A0 dd offset word_44BECA ; DATA XREF: sub_40A15D+3E7�r
; sub_40C307:loc_40C3B4�r ...
off_41D0A4 dd offset byte_43FBDF ; DATA XREF: sub_410957+14C�r
off_41D0A8 dd offset dword_44C070 ; DATA XREF: sub_41088C+45�r
off_41D0AC dd offset byte_443A55 ; DATA XREF: sub_41088C+78�r
off_41D0B0 dd offset word_44A246 ; DATA XREF: sub_41088C+9B�r
off_41D0B4 dd offset dword_43B1C4 ; DATA XREF: sub_40F3FF+8C�r
off_41D0B8 dd offset word_442772 ; DATA XREF: sub_40F02F:loc_40F083�r
; sub_40F0AC:loc_40F104�r
off_41D0BC dd offset byte_43EB5D ; DATA XREF: sub_419DDC+39�r
off_41D0C0 dd offset byte_458915 ; DATA XREF: sub_419DDC+50�r
off_41D0C4 dd offset byte_445E49 ; DATA XREF: sub_419DDC+6F�r
off_41D0C8 dd offset byte_455A8F ; DATA XREF: sub_4031FD+D9�r
; sub_404A3E+F5�r ...
off_41D0CC dd offset word_4592C2 ; DATA XREF: sub_41A645+20�r
; sub_41C28D+293�r
off_41D0D0 dd offset dword_43DB58 ; DATA XREF: sub_41A138+3B�r
off_41D0D4 dd offset byte_439CB7 ; DATA XREF: sub_41A19C+3B�r
off_41D0D8 dd offset byte_451809 ; DATA XREF: sub_408DFD+4B�r
; sub_40E422+29C�r ...
off_41D0DC dd offset word_442652 ; DATA XREF: sub_4056CA+60�r
; sub_405886+169�r ...
off_41D0E0 dd offset dword_43F3E0 ; DATA XREF: sub_4054D7+39�r
; sub_405543+39�r ...
off_41D0E4 dd offset dword_451EEC ; DATA XREF: sub_40F8D4+2D�r
; sub_419E67+30�r ...
off_41D0E8 dd offset byte_443AC1 ; DATA XREF: sub_4054D7+49�r
; sub_405543+49�r ...
off_41D0EC dd offset byte_44FB05 ; DATA XREF: sub_4039C3+79�r
; sub_4056CA+2�r ...
off_41D0F0 dd offset byte_450B5B ; DATA XREF: .text:00402199�r
; sub_417776+D1�r ...
off_41D0F4 dd offset word_44A15A ; DATA XREF: sub_4031FD+E0�r
; sub_404A3E+FC�r ...
off_41D0F8 dd offset word_45450A ; DATA XREF: sub_407AEA+1D�r
; sub_407B2A+25�r ...
off_41D0FC dd offset dword_45047C ; DATA XREF: .text:0040431B�r
; sub_410957+67�r ...
off_41D100 dd offset dword_445488 ; DATA XREF: sub_41A690:loc_41A8F8�r
off_41D104 dd offset word_4410E6 ; DATA XREF: sub_40B439+51�r
; sub_417C7B+36�r ...
off_41D108 dd offset dword_43D1CC ; DATA XREF: sub_4039C3+68�r
; .text:00404350�r ...
off_41D10C dd offset byte_43EFA5 ; DATA XREF: sub_41B981+20�r
; sub_41BB83+43�r
off_41D110 dd offset byte_44A845 ; DATA XREF: sub_403AA0+F�r
; .text:00404324�r ...
off_41D114 dd offset byte_44D93D ; DATA XREF: sub_40D20A+11D�r
off_41D118 dd offset dword_459D98 ; DATA XREF: sub_40D20A:loc_40D343�r
off_41D11C dd offset word_43BA0E ; DATA XREF: .text:0040CEB8�r
off_41D120 dd offset dword_439184 ; DATA XREF: sub_40C6EC+2D�r
; sub_40C6EC+11C�r
off_41D124 dd offset word_450362 ; DATA XREF: sub_40C6EC+191�r
off_41D128 dd offset byte_45355F ; DATA XREF: sub_40C307+30�r
; sub_40C307+144�r ...
off_41D12C dd offset byte_446455 ; DATA XREF: sub_40C307+294�r
; sub_40C307+365�r
off_41D130 dd offset dword_445DD4 ; DATA XREF: sub_40B2BC+B�r
off_41D134 dd offset dword_4482CC ; DATA XREF: sub_40B2BC:loc_40B336�r
; sub_40C307+216�r ...
off_41D138 dd offset byte_44BEEB ; DATA XREF: sub_40B2BC+CC�r
off_41D13C dd offset byte_43C6FB ; DATA XREF: sub_40B2BC:loc_40B39A�r
off_41D140 dd offset word_43E816 ; DATA XREF: sub_40B2BC+10F�r
; sub_40B2BC+126�r
off_41D144 dd offset byte_4586BB ; DATA XREF: sub_408B90+12B�r
; sub_408B90+1C7�r ...
off_41D148 dd offset byte_448EE3 ; DATA XREF: sub_408B90+1B5�r
; sub_409E64+169�r
off_41D14C dd offset byte_454F31 ; DATA XREF: sub_408B90+21F�r
off_41D150 dd offset byte_44CB39 ; DATA XREF: sub_406214+27�r
; sub_40DE1D+134�r ...
off_41D154 dd offset word_44297E ; DATA XREF: sub_406214+77�r
; sub_4062C4+52�r
off_41D158 dd offset byte_43D531 ; DATA XREF: sub_405F00+22F�r
off_41D15C dd offset word_44785E ; DATA XREF: sub_405E33+11�r
off_41D160 dd offset byte_4410A1 ; DATA XREF: sub_405E33+47�r
off_41D164 dd offset dword_458C58 ; DATA XREF: sub_405DA7+28�r
; sub_40850B+28�r ...
off_41D168 dd offset byte_450BE3 ; DATA XREF: sub_405CCF+D�r
; sub_40855D+28�r ...
off_41D16C dd offset byte_4462E1 ; DATA XREF: sub_405C7A+1�r
; sub_40E383+62�r
off_41D170 dd offset dword_444194 ; DATA XREF: sub_4056CA+78�r
; sub_40CEC4+AB�r
off_41D174 dd offset dword_453548 ; DATA XREF: sub_4055D9+2B�r
; sub_405886+85�r
off_41D178 dd offset word_43C5AE ; DATA XREF: sub_4055AF+23�r
; sub_405886+58�r
off_41D17C dd offset byte_449C65 ; DATA XREF: sub_4055A6�r
; sub_405886:loc_405925�r
off_41D180 dd offset byte_44BC27 ; DATA XREF: sub_4054D7+7�r
; sub_405543+7�r ...
off_41D184 dd offset dword_43B650 ; DATA XREF: sub_404DF4+27�r
off_41D188 dd offset byte_4447F5 ; DATA XREF: sub_404DF4+4A�r
off_41D18C dd offset byte_456FCF ; DATA XREF: sub_404D50+59�r
; sub_405019+76�r ...
off_41D190 dd offset word_43CA1A ; DATA XREF: sub_402E05+82�r
off_41D194 dd offset byte_43B153 ; DATA XREF: sub_402EA8�r
; sub_40B439+41�r
off_41D198 dd offset word_4545EE ; DATA XREF: sub_4031FD+BE�r
; sub_404A3E+D9�r ...
off_41D19C dd offset byte_459555 ; DATA XREF: sub_4031FD+B4�r
; sub_404A3E+CE�r ...
off_41D1A0 dd offset byte_456253 ; DATA XREF: sub_403900+9�r
; sub_40B439+35�r
off_41D1A4 dd offset dword_43AE68 ; DATA XREF: .text:loc_4043FF�r
off_41D1A8 dd offset byte_439259 ; DATA XREF: .text:00404306�r
; sub_408B90+15�r
off_41D1AC dd offset dword_43F820 ; DATA XREF: sub_40456B+40�r
; sub_40FBF7+222�r
off_41D1B0 dd offset dword_455508 ; DATA XREF: sub_413D26�r
off_41D1B4 dd offset byte_442D0B ; DATA XREF: sub_404BC6+24�r
; sub_404E6E+56�r ...
off_41D1B8 dd offset byte_43D2CF ; DATA XREF: sub_404D50+84�r
; sub_405019+95�r ...
align 10h
dword_41D1C0 dd 22h align 8
dword_41D1C8 dd 1 dword_41D1CC dd 2 dword_41D1D0 dd 3 dword_41D1D4 dd 4 dword_41D1D8 dd 5 align 10h
dword_41D1E0 dd 0 ; sub_41BED6+1E3�r
align 8
off_41D1E8 dd offset dword_446DD8 ; DATA XREF: sub_417C7B+30�r
off_41D1EC dd offset byte_43D7FD ; DATA XREF: sub_419430+67�r
off_41D1F0 dd offset word_459E36 ; DATA XREF: sub_419430+C�r
off_41D1F4 dd offset word_44C1FA ; DATA XREF: sub_419430+B1�r
off_41D1F8 dd offset byte_44BAF7 ; DATA XREF: sub_419430+94�r
off_41D1FC dd offset byte_44A81F ; DATA XREF: sub_4192DB+D�r
off_41D200 dd offset byte_443659 ; DATA XREF: sub_419430+BB�r
off_41D204 dd offset byte_44D52F ; DATA XREF: sub_419430+A5�r
off_41D208 dd offset dword_4592A8 ; DATA XREF: sub_419430+4A�r
align 10h
dword_41D210 dd 1Fh dword_41D214 dd 20h dword_41D218 dd 21h align 10h
dword_41D220 dd 6 ; sub_414446+C9�r ...
dword_41D224 dd 7 ; sub_418D42+4F9�r
dword_41D228 dd 8 ; sub_414337+F1�r ...
dword_41D22C dd 9 dword_41D230 dd 0Ah ; sub_41930F+10C�r
dword_41D234 dd 0Bh ; sub_418B4D+1A�r
dword_41D238 dd 0Ch dword_41D23C dd 0Dh ; sub_414446+DC�r ...
dword_41D240 dd 0Eh dword_41D244 dd 0Fh dword_41D248 dd 10h dword_41D24C dd 11h dword_41D250 dd 12h ; sub_41B981+147�r ...
dword_41D254 dd 13h ; sub_414337+78�r ...
dword_41D258 dd 14h ; sub_41BB83+12C�r
dword_41D25C dd 15h ; .text:0041B6FE�r ...
dword_41D260 dd 16h dword_41D264 dd 17h dword_41D268 dd 18h dword_41D26C dd 19h ; sub_414446+64�r ...
dword_41D270 dd 1Ah ; sub_4145BE+81�r ...
dword_41D274 dd 1Bh dword_41D278 dd 1Ch dword_41D27C dd 1Dh ; sub_41930F+D7�r ...
dword_41D280 dd 1Eh ; sub_413D2C+98�r ...
align 8
dword_41D288 dd 0 dd offset loc_41CAEB
; ---------------------------------------------------------------------------
or bl, cl
inc ecx
add ds:410041CBh, ah
retf
; ---------------------------------------------------------------------------
inc ecx
add [ebp-35h], bl
inc ecx
add [ecx-35h], bh
inc ecx
add [ebp-4EFFBE35h], dl
retf
; ---------------------------------------------------------------------------
inc ecx
add ch, cl
retf
; ---------------------------------------------------------------------------
inc ecx
add cl, ch
retf
; ---------------------------------------------------------------------------
dw 41h
dd offset loc_41CC05
dd offset loc_41CC21
dd offset loc_41CC3D
dd offset loc_41CC4B
dd offset loc_41CC67
dd offset loc_41CC83
dword_41D2CC dd 0 dword_41D2D0 dd 0 dd offset sub_403176
dd offset sub_4051B3
dd offset sub_40843A
dd offset sub_40ACDF
dd offset sub_40FBEA
dd offset sub_40B539
dword_41D2EC dd 0 dword_41D2F0 dd 0 dd offset sub_4117FA
dd offset sub_4084EB
dword_41D2FC dd 0 dword_41D300 dd 0 dd offset sub_40B55A
dword_41D308 dd 2 dup(0) dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 4210ECh
off_41D324 dd offset loc_401043 ; DATA XREF: .text:00401038�o
; .text:00401046�o ...
dd offset sub_4030A0
dd offset dword_4210A0
off_41D330 dd offset loc_4010C5 ; DATA XREF: sub_401065+20�o
; sub_40109A+A�o ...
dd offset sub_4010B7
dd offset dword_421050
off_41D33C dd offset loc_4010EC ; DATA XREF: .text:004010E1�o
; .text:004010EF�o ...
dd offset sub_4010B7
dd offset dword_420F10
off_41D348 dd offset loc_402A18 ; DATA XREF: .text:00402A0D�o
; .text:00402A1B�o ...
dd offset sub_4010B7
aStringTooLong db 'string too long',0 ; DATA XREF: sub_402A3A+C�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_402A79+C�o
dd offset dword_420F60
off_41D37C dd offset loc_4030AD ; DATA XREF: sub_402FBB+A�o
; sub_402FCC+9�o ...
dd offset sub_4030A0
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_4030A0+7�o
align 4
dd offset dword_420F74
off_41D39C dd offset loc_4033BB ; DATA XREF: sub_4033AD+1�o
oword_41D3A0 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_404170+E3�r
; sub_404170+10A�r
oword_41D3B0 xmmword 4330000000000000433h ; DATA XREF: sub_404170+46�r
oword_41D3C0 xmmword 0 ; DATA XREF: sub_404170:loc_404271�r
oword_41D3D0 xmmword 7FFh ; DATA XREF: sub_404170+5F�r
dbl_41D3E0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: sub_404170:loc_40426A�r
dword_41D3E8 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
off_41D408 dd offset dword_4274E0 ; DATA XREF: sub_404A3E+D4�o
dd offset dword_427538
dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
db 3Dh, 0
word_41D492 dw 0 ; DATA XREF: sub_40AF33+1B�o
aEncodepointer db 'EncodePointer',0 ; DATA XREF: sub_4054D7+43�o
; sub_405616+2E�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_4054D7:loc_40550B�o
; sub_405543:loc_405577�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: sub_405543+43�o
; sub_405616+42�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_405886+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_405886+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_405886+2A�o
dword_41D4E4 dd 41736C46h byte_41D4E8 db 6Ch ; DATA XREF: sub_406D87+177�r
db 6Ch, 6Fh, 63h
align 10h
aNull:
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0
align 4
byte_41D508 db 6 ; DATA XREF: sub_406D87:loc_406F10�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38202800h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707800h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_407C31+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_407C31�o
aCcs db 'ccs=',0 ; DATA XREF: sub_4085AF+1CC�o
align 4
aUtf8 db 'UTF-8',0 ; DATA XREF: sub_4085AF+1E0�o
align 10h
aUtf16le db 'UTF-16LE',0 ; DATA XREF: sub_4085AF:loc_4087AC�o
align 4
aUnicode db 'UNICODE',0 ; DATA XREF: sub_4085AF:loc_4087C9�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 8
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 10h
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 8
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_409E64+157�o
align 10h
asc_41DB20 db 0Ah ; DATA XREF: sub_409E64:loc_409F74�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: sub_409E64+E8�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_409E64+A3�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_409E64+5B�o
db 0Ah
db 'Program: ',0
align 4
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
dword_41DBC8 dd 6E6174h dword_41DBCC dd 736F63h dword_41DBD0 dd 6E6973h aModf db 'modf',0 ; DATA XREF: sub_40AA2F:loc_40AC49�o
align 4
aFloor db 'floor',0 ; DATA XREF: sub_40AA2F:loc_40AC3D�o
align 4
aCeil db 'ceil',0 ; DATA XREF: sub_40AA2F:loc_40AC34�o
align 4
aAtan db 'atan',0 ; DATA XREF: sub_40AA2F:loc_40AC2B�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: sub_40AA2F+1BF�o
align 10h
dbl_41DC00 dq 1.0 ; DATA XREF: sub_40ACF3+6D�r
aAcos db 'acos',0 ; DATA XREF: sub_40AA2F:loc_40ABB2�o
align 10h
aAsin db 'asin',0 ; DATA XREF: sub_40AA2F:loc_40ABA9�o
align 4
aLog db 'log',0 ; DATA XREF: sub_40AA2F:loc_40AB6C�o
; sub_40AA2F+149�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_40AA2F:loc_40AB45�o
; sub_40AA2F+131�o ...
align 4
aExp db 'exp',0 ; DATA XREF: sub_40AA2F:loc_40AB0C�o
; sub_40AA2F+10D�o ...
aPow db 'pow',0 ; DATA XREF: sub_40AA2F:loc_40AAD7�o
; sub_40AA2F:loc_40AB84�o ...
off_41DC2C dd offset sub_40B771 ; DATA XREF: sub_4069F0+F1�r
; sub_4069F0+FA�o ...
dd offset dword_420FBC
off_41DC34 dd offset loc_40B589 ; DATA XREF: .text:0040B57E�o
; .text:0040B58C�o ...
dd offset sub_4030A0
dword_41DC3C dd 20646162h, 65637865h, 6F697470h, 6Ehdword_41DC4C dd 41h dup(0) ; sub_40C6EC+27�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 8 dup(1010101h)
dd 161h dup(0)
dword_41E584 dd 0Ah dup(0) dword_41E5AC dd 1E2h dup(0) dword_41ED34 dd 6 dup(0) dword_41ED4C dd 7 dup(0) dword_41ED68 dd 5 dup(0) dword_41ED7C dd 4 dup(0) dword_41ED8C dd 3 dup(0) dword_41ED98 dd 3 dup(0) dword_41EDA4 dd 0 dd 20h dup(0)
dbl_41EE28 dq 0.0 ; DATA XREF: sub_40FED1+143�r
dd 10h dup(0)
dword_41EE70 dd 2 dup(0) dbl_41EE78 dq 0.0 ; DATA XREF: sub_411744+F�r
dbl_41EE80 dq 0.0 ; DATA XREF: sub_411744+6�r
dword_41EE88 dd 7 dup(0) dword_41EEA4 dd 3 dup(0) dword_41EEB0 dd 2 dup(0) dword_41EEB8 dd 2 dup(0) dword_41EEC0 dd 2 dup(0) dword_41EEC8 dd 2 dup(0) dword_41EED0 dd 6 dup(0) dword_41EEE8 dd 3 dup(0) dword_41EEF4 dd 2 dup(0) db 2 dup(0)
byte_41EEFE db 0 ; DATA XREF: .text:0041B043�o
byte_41EEFF db 0 ; DATA XREF: .text:0041B04F�o
dword_41EF00 dd 3 dup(0) dword_41EF0C dd 3 dup(0) dword_41EF18 dd 0 byte_41EF1C db 3 dup(0) ; DATA XREF: sub_413DDD+29C�o
byte_41EF1F db 0 ; DATA XREF: sub_41BED6+1DD�o
dword_41EF20 dd 0 byte_41EF24 db 3 dup(0) ; DATA XREF: sub_413DDD+495�o
byte_41EF27 db 0 ; DATA XREF: sub_41C28D:loc_41C735�o
dd 4 dup(0)
dword_41EF38 dd 2Ch dup(0) dword_41EFE8 dd 0 dword_41EFEC dd 3 dup(0) dword_41EFF8 dd 5 dup(0) dword_41F00C dd 5 dup(0) dword_41F020 dd 9 dup(0) dword_41F044 dd 4 dup(0) dword_41F054 dd 4 dup(0) dword_41F064 dd 9 dup(0) dword_41F088 dd 0 dword_41F08C dd 2 dup(0) dword_41F094 dd 2 dup(0) dword_41F09C dd 0Dh dup(0) dword_41F0D0 dd 12h dup(0) dword_41F118 dd 124h dup(0) dword_41F5A8 dd 0Ch dup(0) dword_41F5D8 dd 2 dup(0) dword_41F5E0 dd 5 dup(0) dword_41F5F4 dd 0 dword_41F5F8 dd 2 dup(0) dword_41F600 dd 2 dup(0) dword_41F608 dd 0Ch dup(0) dword_41F638 dd 2 dup(0) dword_41F640 dd 6 dup(0) dword_41F658 dd 0 dword_41F65C dd 7 dup(0) dword_41F678 dd 5 dup(0) dword_41F68C dd 5 dup(0) dword_41F6A0 dd 3 dup(0) dword_41F6AC dd 5 dup(0) dword_41F6C0 dd 6 dup(0) dword_41F6D8 dd 2 dup(0) dword_41F6E0 dd 2 dup(0) dword_41F6E8 dd 6 dup(0) dword_41F700 dd 0Bh dup(0) dword_41F72C dd 3 dup(0) dword_41F738 dd 0 dword_41F73C dd 3 dup(0) dword_41F748 dd 2 dup(0) dword_41F750 dd 3 dup(0) dword_41F75C dd 7 dup(0) dword_41F778 dd 7 dup(0) dword_41F794 dd 0Fh dup(0) dword_41F7D0 dd 7 dup(0) dword_41F7EC dd 6 dup(0) dword_41F804 dd 7 dup(0) dword_41F820 dd 6 dup(0) dword_41F838 dd 5 dup(0) dword_41F84C dd 0Fh dup(0) dword_41F888 dd 3 dup(0) dword_41F894 dd 0 dword_41F898 dd 58h dup(0) dword_41F9F8 dd 0 dword_41F9FC dd 0 dword_41FA00 dd 0 dword_41FA04 dd 0 dword_41FA08 dd 0 dword_41FA0C dd 0 dword_41FA10 dd 0 dword_41FA14 dd 0 dword_41FA18 dd 0 dword_41FA1C dd 0 dword_41FA20 dd 0 dword_41FA24 dd 0 dword_41FA28 dd 0 dword_41FA2C dd 0 dword_41FA30 dd 0 dword_41FA34 dd 0 dword_41FA38 dd 0 dword_41FA3C dd 0 dword_41FA40 dd 0 dword_41FA44 dd 0 dword_41FA48 dd 0 dword_41FA4C dd 0 dword_41FA50 dd 0 dword_41FA54 dd 0 dword_41FA58 dd 0 dword_41FA5C dd 0 dword_41FA60 dd 0 dword_41FA64 dd 0 dword_41FA68 dd 0 dword_41FA6C dd 0 dword_41FA70 dd 0 dword_41FA74 dd 0 dd 120h dup(0)
dword_41FEF8 dd 0A8h dup(0) dword_420198 dd 2 dup(0) dword_4201A0 dd 0Ch dup(0) dword_4201D0 dd 0Ch dup(0) dword_420200 dd 2 dup(0) dword_420208 dd 0Ch dup(0) dword_420238 dd 10h dup(0) dword_420278 dd 3 dup(0) dword_420284 dd 2 dup(0) dword_42028C dd 2 dup(0) dword_420294 dd 0 dword_420298 dd 0 dword_42029C dd 0 dword_4202A0 dd 5 dup(0) dword_4202B4 dd 2 dup(0) dword_4202BC dd 2 dup(0) dword_4202C4 dd 2 dup(0) dword_4202CC dd 6 dup(0) dword_4202E4 dd 0 dword_4202E8 dd 0 dword_4202EC dd 0 dword_4202F0 dd 3 dup(0) dword_4202FC dd 0 dword_420300 dd 0 dword_420304 dd 0 dword_420308 dd 0 dword_42030C dd 0 dword_420310 dd 0 dword_420314 dd 2 dup(0) dword_42031C dd 3 dup(0) dword_420328 dd 0 dword_42032C dd 6 dup(0) dword_420344 dd 0 dword_420348 dd 0 dword_42034C dd 0 dword_420350 dd 0 dword_420354 dd 0 dword_420358 dd 0 dword_42035C dd 0 dword_420360 dd 0 dword_420364 dd 0 dword_420368 dd 0 dword_42036C dd 0 dword_420370 dd 0 dword_420374 dd 0 dword_420378 dd 0 dword_42037C dd 0 dword_420380 dd 0 dword_420384 dd 0Eh dup(0) dword_4203BC dd 0 dword_4203C0 dd 2 dup(0) dword_4203C8 dd 2 dup(0) dword_4203D0 dd 2 dup(0) dword_4203D8 dd 3 dup(0) dword_4203E4 dd 3 dup(0) dword_4203F0 dd 2 dup(0) dword_4203F8 dd 5 dup(0) dword_42040C dd 0 dword_420410 dd 2 dup(0) dword_420418 dd 2 dup(0) dword_420420 dd 0 dword_420424 dd 3 dup(0) dword_420430 dd 12h dup(0) dword_420478 dd 3 dup(0) dword_420484 dd 3 dup(0) dword_420490 dd 2 dup(0) dword_420498 dd 2 dup(0) dword_4204A0 dd 2 dup(0) dword_4204A8 dd 0Fh dup(0) dword_4204E4 dd 0Dh dup(0) dword_420518 dd 0Dh dup(0) dword_42054C dd 0 dword_420550 dd 0 dword_420554 dd 0 dword_420558 dd 0 dword_42055C dd 2 dup(0) dword_420564 dd 5 dup(0) dword_420578 dd 0 dword_42057C dd 6 dup(0) dword_420594 dd 0Fh dup(0) dword_4205D0 dd 7 dup(0) dword_4205EC dd 0 dword_4205F0 dd 0 dword_4205F4 dd 5 dup(0) dword_420608 dd 13h dup(0) dword_420654 dd 12h dup(0) dword_42069C dd 3 dup(0) dword_4206A8 dd 0 dword_4206AC dd 0 dword_4206B0 dd 0 dword_4206B4 dd 0 dword_4206B8 dd 0 dword_4206BC dd 0 dword_4206C0 dd 0 dword_4206C4 dd 0 dword_4206C8 dd 0 dword_4206CC dd 0Ch dup(0) dword_4206FC dd 0 dword_420700 dd 3 dup(0) dword_42070C dd 3 dup(0) dword_420718 dd 3 dup(0) dword_420724 dd 3 dup(0) dword_420730 dd 3 dup(0) dword_42073C dd 3 dup(0) dword_420748 dd 3 dup(0) dword_420754 dd 3 dup(0) dword_420760 dd 3 dup(0) dword_42076C dd 0Bh dup(0) dword_420798 dd 3 dup(0) dword_4207A4 dd 3 dup(0) dword_4207B0 dd 0Bh dup(0) dword_4207DC dd 6 dup(0) dword_4207F4 dd 4 dup(0) dword_420804 dd 3 dup(0) dword_420810 dd 4 dup(0) dword_420820 dd 3 dup(0) dword_42082C dd 4 dup(0) dword_42083C dd 3 dup(0) dword_420848 dd 4 dup(0) dword_420858 dd 7 dup(0) dword_420874 dd 4 dup(0) dword_420884 dd 4 dup(0) dword_420894 dd 4 dup(0) dword_4208A4 dd 4 dup(0) dword_4208B4 dd 4 dup(0) dword_4208C4 dd 4 dup(0) dword_4208D4 dd 4 dup(0) dword_4208E4 dd 4 dup(0) dword_4208F4 dd 4 dup(0) dword_420904 dd 4 dup(0) dword_420914 dd 4 dup(0) dword_420924 dd 4 dup(0) dword_420934 dd 4 dup(0) dword_420944 dd 5 dup(0) dword_420958 dd 4 dup(0) dword_420968 dd 6 dup(0) dword_420980 dd 3 dup(0) dword_42098C dd 2 dup(0) dword_420994 dd 5 dup(0) dword_4209A8 dd 5 dup(0) dword_4209BC dd 2 dup(0) dword_4209C4 dd 4 dup(0) dword_4209D4 dd 0Ch dup(0) dword_420A04 dd 0Dh dup(0) dword_420A38 dd 0Dh dup(0) dword_420A6C dd 0Eh dup(0) dword_420AA4 dd 0Ch dup(0) dword_420AD4 dd 2 dup(0) dword_420ADC dd 0 dword_420AE0 dd 2 dup(0) dword_420AE8 dd 9 dup(0) dword_420B0C dd 6 dup(0) ; sub_4016BA+2B�o
dword_420B24 dd 0 dword_420B28 dd 0 ; .text:00401ADE�o ...
dword_420B2C dd 0 dword_420B30 dd 0 dword_420B34 dd 0 ; .text:00401BE4�o
dword_420B38 dd 5 dup(0) dword_420B4C dd 6 dup(0) dword_420B64 dd 5 dup(0) dword_420B78 dd 7 dup(0) dword_420B94 dd 2 dup(0) dword_420B9C dd 0 dword_420BA0 dd 2 dup(0) dword_420BA8 dd 3 dup(0) dword_420BB4 dd 5 dup(0) dword_420BC8 dd 4 dup(0) dword_420BD8 dd 3 dup(0) dword_420BE4 dd 7 dup(0) ; .text:loc_401D8A�o
dword_420C00 dd 4 dup(0) dword_420C10 dd 2 dup(0) dword_420C18 dd 2 dup(0) dword_420C20 dd 0 dword_420C24 dd 5 dup(0) dword_420C38 dd 0 dword_420C3C dd 0 ; .text:00401F8C�o ...
dword_420C40 dd 5 dup(0) dword_420C54 dd 5 dup(0) dword_420C68 dd 7 dup(0) dword_420C84 dd 2 dup(0) dword_420C8C dd 0 dword_420C90 dd 22h dup(0) dword_420D18 dd 6 dup(0) dword_420D30 dd 7 dup(0) dword_420D4C dd 2 dup(0) dword_420D54 dd 0 dword_420D58 dd 6 dup(0) dword_420D70 dd 2 dup(0) dword_420D78 dd 0 dword_420D7C dd 0 dword_420D80 dd 0 dword_420D84 dd 0Ah dup(0) dword_420DAC dd 3 dup(0) ; .text:0040263B�o
dword_420DB8 dd 0 dword_420DBC dd 0 dword_420DC0 dd 2 dup(0) dword_420DC8 dd 2 dup(0) dword_420DD0 dd 0 dword_420DD4 dd 2 dup(0) dword_420DDC dd 3 dup(0) dword_420DE8 dd 3 dup(0) dword_420DF4 dd 3 dup(0) dword_420E00 dd 8 dup(0) dword_420E20 dd 2 dup(0) ; .text:00402836�o
dword_420E28 dd 0Bh dup(0) dword_420E54 dd 6 dup(0) dword_420E6C dd 3 dup(0) dword_420E78 dd 4 dup(0) dword_420E88 dd 3 dup(0) dword_420E94 dd 4 dup(0) dword_420EA4 dd 2 dup(0) dword_420EAC dd 2 dup(0) dword_420EB4 dd 0 dbl_420EB8 dq 0.0 ; DATA XREF: .text:loc_41B519�r
flt_420EC0 dd 0.0 ; DATA XREF: .text:0041B513�r
dd 13h dup(0)
dword_420F10 dd 14h dup(0) dword_420F60 dd 5 dup(0) dword_420F74 dd 12h dup(0) dword_420FBC dd 25h dup(0) dword_421050 dd 14h dup(0) dword_4210A0 dd 140h dup(0) dword_4215A0 dd 2 dup(0) ; sub_40B3F1+7�o
dword_4215A8 dd 2 dup(0) ; sub_40B415+7�o
dword_4215B0 dd 6 dup(0) dword_4215C8 dd 14h dup(0) dword_421618 dd 8 dup(0) dword_421638 dd 8 dup(0) dword_421658 dd 8 dup(0) dword_421678 dd 8 dup(0) dword_421698 dd 8 dup(0) dword_4216B8 dd 8 dup(0) dword_4216D8 dd 8 dup(0) dword_4216F8 dd 8 dup(0) dword_421718 dd 0Ah dup(0) dword_421740 dd 8 dup(0) dword_421760 dd 8 dup(0) dword_421780 dd 8 dup(0) dword_4217A0 dd 8 dup(0) dword_4217C0 dd 0Ah dup(0) dword_4217E8 dd 8 dup(0) dword_421808 dd 8 dup(0) dword_421828 dd 8 dup(0) dword_421848 dd 8 dup(0) dword_421868 dd 8 dup(0) dword_421888 dd 8 dup(0) dword_4218A8 dd 0Ah dup(0) dword_4218D0 dd 8 dup(0) dword_4218F0 dd 0Ah dup(0) dword_421918 dd 14h dup(0) dword_421968 dd 0Ah dup(0) dword_421990 dd 0Ah dup(0) dword_4219B8 dd 8 dup(0) dword_4219D8 dd 7 dup(0) dword_4219F4 dd 0Fh dup(0) dword_421A30 dd 8 dup(0) dword_421A50 dd 8 dup(0) dword_421A70 dd 8 dup(0) dword_421A90 dd 8 dup(0) dword_421AB0 dd 8 dup(0) dword_421AD0 dd 8 dup(0) dword_421AF0 dd 8 dup(0) dword_421B10 dd 8 dup(0) dword_421B30 dd 8 dup(0) dword_421B50 dd 8 dup(0) dword_421B70 dd 8 dup(0) dword_421B90 dd 8 dup(0) dword_421BB0 dd 0Ah dup(0) dword_421BD8 dd 8 dup(0) dword_421BF8 dd 8 dup(0) dword_421C18 dd 20h dup(0) dword_421C98 dd 0Eh dup(0) ; sub_4016BA+48�o ...
dword_421CD0 dd 4 dup(0) ; sub_40340B+54�o
dword_421CE0 dd 0Ch dup(0) dword_421D10 dd 0Bh dup(0) dword_421D3C dd 0Bh dup(0) dword_421D68 dd 0Bh dup(0) dword_421D94 dd 23h dup(0) dword_421E20 dd 0Ch dup(0) dword_421E50 dd 0Ch dup(0) dword_421E80 dd 0Ch dup(0) dword_421EB0 dd 0Ch dup(0) dword_421EE0 dd 0Ch dup(0) dword_421F10 dd 0Ch dup(0) dword_421F40 dd 0Ch dup(0) dword_421F70 dd 424h dup(0) c_7ld2ih ends
; Section 3. (virtual address 00023000)
; Virtual size : 00014000 ( 81920.)
; Section size in file : 00014000 ( 81920.)
; Offset to raw data for section: 00023000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 423000h
dd 12h dup(0)
dword_423048 dd 2 dup(0) dword_423050 dd 0 ; sub_40A004+19�r ...
dd 4 dup(0)
dword_423064 dd 0 ; .text:00401E64�r ...
dword_423068 dd 0 ; sub_40B439+29�w ...
align 10h
dword_423070 dd 88h dup(0) ; sub_404D50+63�o ...
byte_423290 db 0 ; DATA XREF: sub_405019+102�w
align 4
dd 41h dup(0)
byte_423398 db 0 ; DATA XREF: sub_405019+11E�w
align 4
dd 3Fh dup(0)
dword_423498 dd 0 ; sub_404D50+4C�r ...
byte_42349C db 0 ; DATA XREF: sub_404E6E+E3�r
align 10h
dword_4234A0 dd 0 dword_4234A4 dd 0 align 10h
dword_4234B0 dd 0 dd 38h dup(0)
dword_423594 dd 0 ; sub_402ADF+4C�r ...
dword_423598 dd 2 dup(0) ; sub_405311:loc_40535C�o ...
dword_4235A0 dd 32h dup(0) ; sub_405765+DA�o
dword_423668 dd 0 ; sub_40F5AC+D�r ...
dd 3 dup(0)
dword_423678 dd 0 ; sub_405461+4E�r ...
align 10h
dword_423680 dd 2 dup(0) dword_423688 dd 0 ; sub_405543+13�r ...
dword_42368C dd 0 ; sub_4054D7+1E�r ...
dword_423690 dd 0 dword_423694 dd 0 dd 58h dup(0)
dword_4237F8 dd 0 dword_4237FC dd 0 dword_423800 dd 0 ; sub_405C7A+8�o ...
dword_423804 dd 0 dd 46h dup(0)
dword_423920 dd 0 ; sub_405C7A+4A�o
dword_423924 dd 0 ; sub_406D87+7E7�r
dword_423928 dd 0 align 10h
dword_423930 dd 0 ; sub_407EC9+45�w
dd 7 dup(0)
dword_423950 dd 4 dup(0) ; sub_40843A+52�o ...
dword_423960 dd 18h dup(0) dword_4239C0 dd 7Ch dup(0) dword_423BB0 dd 8 dup(0) ; sub_40855D+D�o
dword_423BD0 dd 0Ch dup(0) ; sub_4035C7:loc_4036A8�o ...
dword_423C00 dd 0 dword_423C04 dd 0 dd 2Ch dup(0)
byte_423CB8 db 0 ; DATA XREF: sub_40A15D:loc_40A4BE�r
; sub_40A15D+36F�r
align 4
dd 3Fh dup(0)
dword_423DB8 dd 0 align 10h
dword_423DC0 dd 1Eh dup(0) ; sub_405765+6E�o
dword_423E38 dd 0 ; sub_40ADC4+C0�r ...
dword_423E3C dd 0 ; sub_40ADC4+C6�r ...
dd 0
dword_423E44 dd 0 ; sub_40E098+4�r
align 10h
dword_423E50 dd 0Ah dup(0) dword_423E78 dd 30h dup(0) dword_423F38 dd 0 ; sub_40CA74+B�r
dword_423F3C dd 0 dword_423F40 dd 0 dword_423F44 dd 0 dword_423F48 dd 0 dword_423F4C dd 0 dword_423F50 dd 0 dword_423F54 dd 0 dword_423F58 dd 0 dword_423F5C dd 0 dd 8 dup(0)
dword_423F80 dd 0 ; sub_40FABC+5�w
dword_423F84 dd 0 dword_423F88 dd 0 dword_423F8C dd 0 dword_423F90 dd 0 dword_423F94 dd 0 dword_423F98 dd 0 ; sub_40FABC+37�w
dword_423F9C dd 0 ; sub_40FABC+41�w
dword_423FA0 dd 0 ; sub_40FABC+4B�w
dword_423FA4 dd 0 ; sub_40FABC+55�w
align 10h
dword_423FB0 dd 4 dup(0) ; sub_40F00D+2�o
dword_423FC0 dd 0 ; sub_4101F8+5D�r
align 10h
dword_423FD0 dd 0 dword_423FD4 dd 0 dd 38h dup(0)
dbl_4240B8 dq 0.0 ; DATA XREF: sub_40FED1:loc_40FFA1�r
; sub_40FED1:loc_40FFA9�r
dd 2 dup(0)
dbl_4240C8 dq 0.0 ; DATA XREF: sub_40FED1+89�r
; sub_40FED1+A4�r ...
dd 4 dup(0)
tbyte_4240E0 dt 0.0 ; DATA XREF: sub_410435+B�r
; sub_410435+1E�r
align 4
tbyte_4240EC dt 0.0 ; DATA XREF: sub_410435+30�r
align 4
dword_4240F8 dd 0 ; sub_41048B+4C�w
byte_4240FC db 0 ; DATA XREF: sub_41056E+1B�r
; sub_41056E:loc_4105AC�r
align 10h
dd 46h dup(0)
dword_424218 dd 0 ; sub_41088C+4F�r ...
align 10h
dword_424220 dd 0 dword_424224 dd 0 ; sub_41088C:loc_4108B5�r ...
align 10h
dword_424230 dd 0 ; sub_411D19+44D�r
dword_424234 dd 0 dword_424238 dd 0 ; sub_411D19+176�r ...
dword_42423C dd 0 ; sub_411D19+3AA�r ...
dword_424240 dd 0 dword_424244 dd 0 ; sub_411D19:loc_41217C�r
dword_424248 dd 0 ; sub_41225B+44D�r
dword_42424C dd 0 dword_424250 dd 0 ; sub_41225B+176�r ...
dword_424254 dd 0 ; sub_41225B+3AA�r ...
dword_424258 dd 0 dword_42425C dd 0 ; sub_41225B:loc_4126BE�r
dword_424260 dd 58h dup(0) ; sub_412E61+18E�o
dword_4243C0 dd 5Ah dup(0) ; sub_412E61+1B3�o
dword_424528 dd 0 ; .text:0040239E�r ...
dd 7 dup(0)
dword_424548 dd 0 ; .text:0040294B�r ...
dword_42454C dd 0 ; .text:0041AD6B�r ...
dword_424550 dd 0 ; sub_413DDD+31D�r ...
dd 23h dup(0)
dword_4245E0 dd 485h dup(0) byte_4257F4 db 0 ; DATA XREF: sub_4148F8:loc_4149CC�r
; sub_4148F8:loc_414AE5�r
align 4
dd 0
dword_4257FC dd 3 dup(0) dword_425808 dd 0 dword_42580C dd 0 dword_425810 dd 0 dd 4 dup(0)
dword_425824 dd 0 ; .text:0041B4A1�r ...
align 10h
dword_425830 dd 0 ; .text:0041B83F�o
dd 92h dup(0)
dword_425A7C dd 7 dup(0) dword_425A98 dd 8 dup(0) dword_425AB8 dd 3Ch dup(0) dword_425BA8 dd 0 dword_425BAC dd 0 dd 0Eh dup(0)
dword_425BE8 dd 0 dword_425BEC dd 0 dd 90h dup(0)
dword_425E30 dd 282h dup(0) byte_426838 db 0 ; DATA XREF: sub_419EC1:loc_419EEC�o
; sub_419EC1+44�r
align 4
dd 1Fh dup(0)
dword_4268B8 dd 40h dup(0) ; sub_41802D+375�o ...
dword_4269B8 dd 6 dup(0) ; sub_41802D+38F�o
byte_4269D0 db 0 ; DATA XREF: sub_417E66+E4�r
byte_4269D1 db 3 dup(0) ; DATA XREF: sub_41802D+3A5�o
dd 0Dh dup(0)
db 0
byte_426A09 db 3 dup(0) ; DATA XREF: sub_41802D+611�o
dd 0Fh dup(0)
db 0
byte_426A49 db 3 dup(0) ; DATA XREF: .text:00401E07�o
; sub_417776+B8�o ...
dd 1Fh dup(0)
db 0
byte_426AC9 db 3 dup(0) ; DATA XREF: sub_41C28D+2FE�o
dd 0Dh dup(0)
db 0
byte_426B01 db 3 dup(0) ; DATA XREF: sub_417776+A4�o
; sub_417909+7C�o ...
dd 40h dup(0)
dword_426C04 dd 0 ; sub_417C7B+1B1�r
word_426C08 dw 0 ; DATA XREF: .text:loc_401EFE�r
byte_426C0A db 0 ; DATA XREF: .text:0040180A�r
; .text:00401A82�r
align 10h
dword_426C10 dd 90h dup(0) dword_426E50 dd 30h dup(0) dword_426F10 dd 2 dup(0) ; sub_418A8C+27�o
db 0
byte_426F19 db 3 dup(0) ; DATA XREF: sub_41881F+13E�o
dd 0
db 2 dup(0)
word_426F22 dw 0 ; DATA XREF: sub_41881F+227�o
dd 0
db 3 dup(0)
byte_426F2B db 0 ; DATA XREF: sub_41802D+1CF�o
dd 2 dup(0)
dword_426F34 dd 2 dup(0) db 0
byte_426F3D db 3 dup(0) ; DATA XREF: sub_41802D+1DF�o
dd 0
db 2 dup(0)
word_426F46 dw 0 ; DATA XREF: sub_41802D+2EC�o
; sub_41802D+355�o
dd 0
db 3 dup(0)
byte_426F4F db 0 ; DATA XREF: sub_41802D+365�o
dd 2 dup(0)
dword_426F58 dd 4 dup(0) ; sub_41802D+1EF�o
dword_426F68 dd 0Bh dup(0) dword_426F94 dd 8 dup(0) ; sub_419430+8E�o
dword_426FB4 dd 3 dup(0) dword_426FC0 dd 140h dup(0) dword_4274C0 dd 0 ; sub_4032F9+3�r
dword_4274C4 dd 0 ; .text:loc_41CD31�w ...
align 10h
dword_4274D0 dd 0 ; sub_40340B+32�w
dword_4274D4 dd 0 ; sub_40AF90:loc_40AFA2�r ...
dd 0
dword_4274DC dd 0 ; sub_40FA72+15�r ...
dword_4274E0 dd 0 ; c.7ld2ih:off_41D408�o
dword_4274E4 dd 0 dd 0
dword_4274EC dd 0 dd 10h dup(0)
dword_427530 dd 0 ; sub_404A3E+DF�r
align 8
dword_427538 dd 0 ; c.7ld2ih:0041D40C�o
dd 22h dup(0)
word_4275C4 dw 0 ; DATA XREF: sub_404A3E+4F�w
align 4
word_4275C8 dw 0 ; DATA XREF: sub_404A3E+48�w
align 4
word_4275CC dw 0 ; DATA XREF: sub_404A3E+41�w
align 10h
word_4275D0 dw 0 ; DATA XREF: sub_404A3E+3A�w
align 4
dword_4275D4 dd 0 dword_4275D8 dd 0 dword_4275DC dd 0 dword_4275E0 dd 0 dword_4275E4 dd 0 dword_4275E8 dd 0 dword_4275EC dd 0 dword_4275F0 dd 0 ; sub_404A3E+85�r
word_4275F4 dw 0 ; DATA XREF: sub_404A3E+33�w
align 4
dword_4275F8 dd 0 dword_4275FC dd 0 word_427600 dw 0 ; DATA XREF: sub_404A3E+2C�w
align 4
dd 80h dup(0)
dword_427804 dd 0 ; sub_404DF4+1D�w ...
word_427808 dw 0 ; DATA XREF: sub_405019+E7�w
align 4
dd 2 dup(0)
dword_427814 dd 0 dword_427818 dd 0 dword_42781C dd 0 dword_427820 dd 0 ; sub_402DA9+6�r ...
dd 8 dup(0)
dword_427844 dd 0 ; sub_405886+51�r ...
dword_427848 dd 0 ; sub_405886+3D�w ...
dword_42784C dd 0 ; sub_405886+4A�w ...
dword_427850 dd 0 ; sub_405886+5E�w ...
align 8
dword_427858 dd 54h dup(0) dword_4279A8 dd 0 ; sub_4039C3+62�r ...
dword_4279AC dd 0 ; sub_405F00+21C�r ...
dword_4279B0 dd 0 ; sub_407AEA+29�r ...
dword_4279B4 dd 0 dword_4279B8 dd 0 ; sub_407CB6:loc_407CDE�r ...
dword_4279BC dd 0 dword_4279C0 dd 0 dword_4279C4 dd 0 ; sub_407CED+30�r
dword_4279C8 dd 0 dword_4279CC dd 0 dword_4279D0 dd 0 align 8
dword_4279D8 dd 0 ; sub_40AF90:loc_40B055�r ...
dd 3 dup(0)
dword_4279E8 dd 0 align 10h
byte_4279F0 db 0 ; DATA XREF: sub_407DBB+2C�w
; sub_4084EB+5�r
align 4
dword_4279F4 dd 0 dword_4279F8 dd 0 ; sub_407DBB+A0�w
dword_4279FC dd 0 dword_427A00 dd 0 dword_427A04 dd 0 dword_427A08 dd 0 ; sub_408ACB:loc_408B01�w ...
dd 3 dup(0)
dword_427A18 dd 6 dup(0) db 0
byte_427A31 db 3 dup(0) ; DATA XREF: sub_409E64+8A�o
dd 40h dup(0)
db 0
byte_427B35 db 0 ; DATA XREF: sub_409E64+92�w
align 4
dd 7Dh dup(0)
dword_427D2C dd 0 ; sub_409E64+E3�o ...
dword_427D30 dd 0 align 8
dword_427D38 dd 41h dup(0) byte_427E3C db 0 ; DATA XREF: sub_40B203+24�w
align 10h
dword_427E40 dd 0 ; sub_40B2BC+24�w ...
dword_427E44 dd 0 ; sub_40B539+11�w ...
byte_427E48 db 0 ; DATA XREF: sub_40B4CD:loc_40B506�r
; sub_40B539+17�w ...
align 4
dword_427E4C dd 0 ; sub_40C28B+B�w
dword_427E50 dd 0 ; sub_40C307+3A�w ...
dword_427E54 dd 0 ; sub_40C6EC+37�w ...
dd 0
dword_427E5C dd 0 ; sub_40CEC4+11�r ...
dword_427E60 dd 0 dword_427E64 dd 0 ; sub_40E0D9:loc_40E122�o ...
dword_427E68 dd 0 ; sub_40E0D9:loc_40E178�o ...
dword_427E6C dd 0 dword_427E70 dd 0 ; sub_40E0D9:loc_40E184�o ...
align 8
dword_427E78 dd 0 dd 2 dup(0)
dword_427E84 dd 0 dd 0Fh dup(0)
dword_427EC4 dd 0 dword_427EC8 dd 0 ; sub_40F8D4+60�w ...
dword_427ECC dd 0 ; sub_40F8D4:loc_40FA22�r
dword_427ED0 dd 0 ; sub_40F8D4+167�r
dword_427ED4 dd 0 ; sub_40F8D4:loc_40F9A9�r
dword_427ED8 dd 0 ; sub_40F8D4+E1�r ...
align 10h
dword_427EE0 dd 0 dd 2Fh dup(0)
dword_427FA0 dd 0 byte_427FA4 db 0 ; DATA XREF: sub_410E04:loc_410F40�r
align 4
dword_427FA8 dd 0 ; sub_41A690+E6�w ...
dword_427FAC dd 0 ; sub_41A19C+14�r ...
dword_427FB0 dd 0 ; sub_41A690+136�w ...
dword_427FB4 dd 0 ; sub_41A690+AA�w ...
dword_427FB8 dd 0 ; sub_41A690+16D�r ...
dword_427FBC dd 0 ; sub_41A690+179�r ...
dword_427FC0 dd 0 ; sub_41A19C+34�r ...
dword_427FC4 dd 0 ; sub_41A690+FA�w ...
dword_427FC8 dd 0 ; sub_41A690+322�r
dword_427FCC dd 0 ; sub_41A690+155�r ...
dword_427FD0 dd 0 ; sub_41A19C+4D�r ...
dword_427FD4 dd 0 ; sub_41930F+A9�w ...
dword_427FD8 dd 0 ; sub_417C7B+11D�r ...
dword_427FDC dd 0 ; sub_417C7B+116�r ...
dword_427FE0 dd 0 ; sub_419590+61�w
dword_427FE4 dd 0 ; sub_419590+66�w
dword_427FE8 dd 0 ; sub_419590+71�w
dword_427FEC dd 0 ; sub_419590+76�w
dword_427FF0 dd 0 ; sub_41954A:loc_41957F�w ...
dword_427FF4 dd 0 ; sub_41954A+3B�w ...
dword_427FF8 dd 0 ; sub_419AEB+20�w ...
dword_427FFC dd 0 dd 33h dup(0)
dword_4280CC dd 2 dup(0) word_4280D4 dw 0 ; DATA XREF: sub_418B4D+8�o
; sub_41930F+AE�w ...
word_4280D6 dw 0 ; DATA XREF: sub_41930F+D1�w
dword_4280D8 dd 0 dd 2 dup(0)
dword_4280E4 dd 0 ; sub_419430+73�r ...
dword_4280E8 dd 41h dup(0) ; sub_418D42+224�o ...
dword_4281EC dd 0 ; sub_41930F+84�w ...
byte_4281F0 db 0 ; DATA XREF: sub_418D42+293�o
; sub_418D42+477�o ...
align 4
dd 40h dup(0)
byte_4282F4 db 0 ; DATA XREF: .text:loc_40233D�r
; sub_41930F+117�w ...
align 4
dword_4282F8 dd 41h dup(0) ; sub_41930F+1A�o
dword_4283FC dd 0 ; .text:00401C08�o ...
byte_428400 db 0 ; DATA XREF: sub_413DDD+53D�r
; sub_418AF1:loc_418B21�r ...
align 4
dd 8 dup(0)
dword_428424 dd 0 ; sub_41BB83+8F�r ...
dword_428428 dd 40h dup(0) ; sub_41BD26+21�o
dword_428528 dd 0 ; sub_4145BE+75�w ...
align 10h
byte_428530 db 0 ; DATA XREF: .text:004021E5�o
; sub_41AD77+D7�o ...
align 4
dd 3Fh dup(0)
dword_428630 dd 0 ; sub_41AD77+45�o
dword_428634 dd 0 ; sub_41AD77:loc_41AF02�w ...
byte_428638 db 0 ; DATA XREF: .text:0040278D�w
align 4
dd 3Fh dup(0)
dword_428738 dd 0 ; .text:00402759�w
dd 3 dup(0)
db 0
byte_428749 db 0 ; DATA XREF: .text:loc_40245C�r
; .text:004028A3�w
align 4
dd 3 dup(0)
dword_428758 dd 0 dd 330Bh dup(0)
dword_435388 dd 0 ; sub_418D42+501�r ...
db 0
byte_43538D db 0 ; DATA XREF: .text:00402314�r
; sub_41BB83:loc_41BBBF�w ...
align 10h
dword_435390 dd 0 dword_435394 dd 0 ; sub_41B981:loc_41BAEF�w ...
word_435398 dw 0 ; DATA XREF: .text:00401EF0�w
; .text:00401F04�w
align 10h
byte_4353A0 db 0 ; DATA XREF: sub_4148F8+9F�r
; sub_4148F8+1B4�r ...
align 4
dd 31h dup(0)
db 2 dup(0)
word_43546A dw 0 ; DATA XREF: sub_414B19+56�o
dd 2Bh dup(0)
byte_435518 db 0 ; DATA XREF: sub_4148F8:loc_414953�o
; sub_4148F8:loc_4149C4�r ...
db 2 dup(0)
byte_43551B db 0 ; DATA XREF: sub_4148F8+119�w
dd 2 dup(0)
db 2 dup(0)
byte_435526 db 0 ; DATA XREF: sub_4148F8+8E�w
; sub_4148F8+1A3�w
align 4
db 2 dup(0)
byte_43552A db 0 ; DATA XREF: sub_4148F8+94�w
; sub_4148F8+1A9�w
align 10h
byte_435530 db 0 ; DATA XREF: sub_4148F8+A7�w
; sub_4148F8+BF�w ...
align 4
dd 56h dup(0)
dword_43568C dd 0 ; sub_41C22E+43�o ...
dword_435690 dd 0 ; sub_417E66+122�r ...
dword_435694 dd 0 ; sub_40121E:loc_40127B�w ...
dword_435698 dd 0 ; .text:00401FF9�o ...
dword_43569C dd 0 ; .text:loc_401F2A�r ...
dword_4356A0 dd 0 ; sub_4016BA:loc_401717�w ...
dword_4356A4 dd 0 ; .text:0041CB51�w
dword_4356A8 dd 0 ; .text:0041CB35�w
dword_4356AC dd 0 ; .text:0041CB89�w
dword_4356B0 dd 0 ; .text:0041CBA5�w
dword_4356B4 dd 0 ; .text:0041CB6D�w
dword_4356B8 dd 0 ; .text:0041CBC1�w
dword_4356BC dd 0 ; .text:0041CBF9�w
dword_4356C0 dd 0 ; .text:0041CBDD�w
dword_4356C4 dd 0 ; .text:0041CC15�w
dword_4356C8 dd 0 ; .text:0041CC31�w
dword_4356CC dd 0 ; .text:0041CC45�w
dword_4356D0 dd 0 ; .text:0041CC77�w
dword_4356D4 dd 0 ; .text:0041CC93�w
dword_4356D8 dd 0 ; .text:0041CC5B�w
dword_4356DC dd 0 dword_4356E0 dd 0 ; sub_407F20+1E�r ...
dword_4356E4 dd 0 dword_4356E8 dd 0 ; sub_408B90+BF�w ...
dd 5 dup(0)
dword_435700 dd 0 ; sub_40843A+87�r ...
dd 3Fh dup(0)
dword_435800 dd 0 ; sub_40843A+44�w ...
dd 407h dup(0)
dword_436820 dd 0 ; sub_40843A:loc_408454�w ...
dword_436824 dd 0 dword_436828 dd 0 dword_43682C dd 0 ; sub_4030C9+9B�w ...
dword_436830 dd 0 ; sub_4030C9+87�w ...
dword_436834 dd 0 ; sub_4051B3+11�w ...
dword_436838 dd 0 ; sub_407D29+74�o ...
dword_43683C dd 0 ; sub_405ED5�r ...
dword_436840 dd 0 ; sub_405ED5+6�r ...
dword_436844 dd 0 ; sub_405E8D+36�w ...
dword_436848 dd 0 ; sub_405F00+2FC�w ...
dword_43684C dd 0 ; sub_406214�r ...
dword_436850 dd 0 ; sub_405F00+249�r ...
dword_436854 dd 0 ; sub_4039C3+13�r ...
dword_436858 dd 0 ; sub_40AF33:loc_40AF44�r ...
align 800h
_data ends
; Section 5. (virtual address 00038000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00038000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
hce8ut1g segment para public 'DATA' use32
assume cs:hce8ut1g
;org 438000h
dd 400h dup(0)
hce8ut1g ends
; Section 6. (virtual address 00039000)
; Virtual size : 00022000 ( 139264.)
; Section size in file : 00022000 ( 139264.)
; Offset to raw data for section: 00039000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
dviuq5id segment para public 'CODE' use32
assume cs:dviuq5id
;org 439000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 4 dup(0)
db 3 dup(0)
byte_439013 db 0 ; CODE XREF: sub_41A45D+A5�p
; sub_41A45D+1B6�p
; DATA XREF: ...
dd 5Ch dup(0)
dword_439184 dd 35h dup(0) ; sub_40C6EC+11C�p
; DATA XREF: ...
db 0
byte_439259 db 3 dup(0) ; CODE XREF: .text:00404306�p
; sub_408B90+15�p
; DATA XREF: ...
dd 158h dup(0)
dword_4397BC dd 113h dup(0) ; sub_419590+B�p
; DATA XREF: ...
db 0
byte_439C09 db 3 dup(0) ; CODE XREF: sub_41764F+52�p
; DATA XREF: c.7ld2ih:off_41D00C�o
dd 2Ah dup(0)
db 3 dup(0)
byte_439CB7 db 0 ; CODE XREF: sub_41A19C+3B�p
; DATA XREF: c.7ld2ih:off_41D0D4�o
dd 46Ch dup(0)
dword_43AE68 dd 0BAh dup(0) ; DATA XREF: c.7ld2ih:off_41D1A4�o
db 3 dup(0)
byte_43B153 db 0 ; CODE XREF: sub_40B439+41�p
; DATA XREF: c.7ld2ih:off_41D194�o
dd 1Ch dup(0)
dword_43B1C4 dd 123h dup(0) ; DATA XREF: c.7ld2ih:off_41D0B4�o
dword_43B650 dd 0EFh dup(0) ; DATA XREF: c.7ld2ih:off_41D184�o
db 2 dup(0)
word_43BA0E dw 0 ; CODE XREF: .text:0040CEB8�p
; DATA XREF: c.7ld2ih:off_41D11C�o
dd 2E7h dup(0)
db 2 dup(0)
word_43C5AE dw 0 ; CODE XREF: sub_4055AF+23�p
; sub_405886+BA�p
; DATA XREF: ...
dd 52h dup(0)
db 3 dup(0)
byte_43C6FB db 0 ; CODE XREF: sub_40B2BC:loc_40B39A�p
; DATA XREF: c.7ld2ih:off_41D13C�o
dd 0C7h dup(0)
db 2 dup(0)
word_43CA1A dw 0 ; CODE XREF: sub_402E05+82�p
; DATA XREF: c.7ld2ih:off_41D190�o
dd 1ECh dup(0)
dword_43D1CC dd 40h dup(0) ; .text:00404350�p ...
db 3 dup(0)
byte_43D2CF db 0 ; CODE XREF: sub_404D50+84�p
; sub_405019+9B�p ...
dd 98h dup(0)
db 0
byte_43D531 db 3 dup(0) ; CODE XREF: sub_405F00+247�p
; sub_405F00+2A2�p
; DATA XREF: ...
dd 0B2h dup(0)
db 0
byte_43D7FD db 3 dup(0) ; CODE XREF: sub_419430+67�p
; DATA XREF: c.7ld2ih:off_41D1EC�o
dd 0D6h dup(0)
dword_43DB58 dd 32Fh dup(0) ; DATA XREF: c.7ld2ih:off_41D0D0�o
db 2 dup(0)
word_43E816 dw 0 ; CODE XREF: sub_40B2BC+10F�p
; sub_40B2BC+126�p
; DATA XREF: ...
dd 0D1h dup(0)
db 0
byte_43EB5D db 3 dup(0) ; CODE XREF: sub_419DDC+39�p
; DATA XREF: c.7ld2ih:off_41D0BC�o
dd 111h dup(0)
db 0
byte_43EFA5 db 3 dup(0) ; CODE XREF: sub_41B981+20�p
; sub_41BB83+43�p
; DATA XREF: ...
dd 10Eh dup(0)
dword_43F3E0 dd 55h dup(0) ; sub_405543+39�p ...
dword_43F534 dd 0BBh dup(0) ; DATA XREF: c.7ld2ih:off_41D084�o
dword_43F820 dd 0EFh dup(0) ; sub_40FBF7+222�p
; DATA XREF: ...
db 3 dup(0)
byte_43FBDF db 0 ; CODE XREF: sub_410957+14C�p
; DATA XREF: c.7ld2ih:off_41D0A4�o
dd 46Ch dup(0)
db 0
byte_440D91 db 3 dup(0) ; CODE XREF: sub_410661+22�p
; sub_41960F+29�p
; DATA XREF: ...
dd 21h dup(0)
db 2 dup(0)
word_440E1A dw 0 ; CODE XREF: .text:0040212D�p
; DATA XREF: c.7ld2ih:off_41D098�o
dd 1Fh dup(0)
db 0
byte_440E99 db 3 dup(0) ; CODE XREF: sub_4147FC+8�p
; DATA XREF: c.7ld2ih:off_41D094�o
dd 81h dup(0)
db 0
byte_4410A1 db 3 dup(0) ; CODE XREF: sub_405E33+47�p
; DATA XREF: c.7ld2ih:off_41D160�o
dd 10h dup(0)
db 2 dup(0)
word_4410E6 dw 0 ; CODE XREF: sub_40B439+51�p
; sub_417C7B+36�p ...
dd 276h dup(0)
dword_441AC0 dd 2E4h dup(0) ; DATA XREF: c.7ld2ih:off_41D03C�o
db 2 dup(0)
word_442652 dw 0 ; CODE XREF: sub_4056CA+60�p
; sub_405886+169�p ...
dd 47h dup(0)
db 2 dup(0)
word_442772 dw 0 ; CODE XREF: sub_40F02F:loc_40F083�p
; sub_40F0AC:loc_40F104�p
; DATA XREF: ...
dd 82h dup(0)
db 2 dup(0)
word_44297E dw 0 ; CODE XREF: sub_406214+77�p
; sub_4062C4+52�p
; DATA XREF: ...
dd 8 dup(0)
dword_4429A0 dd 0DAh dup(0) ; DATA XREF: c.7ld2ih:off_41D070�o
db 3 dup(0)
byte_442D0B db 0 ; CODE XREF: sub_404BC6+24�p
; sub_404E6E+56�p ...
dd 253h dup(0)
db 0
byte_443659 db 3 dup(0) ; CODE XREF: sub_419430+BB�p
; DATA XREF: c.7ld2ih:off_41D200�o
dd 37h dup(0)
dword_443738 dd 86h dup(0) ; sub_40B203+2A�p ...
db 0
byte_443951 db 3 dup(0) ; CODE XREF: sub_41A28F+132�p
; DATA XREF: c.7ld2ih:off_41D020�o
dd 40h dup(0)
db 0
byte_443A55 db 3 dup(0) ; CODE XREF: sub_41088C+78�p
; DATA XREF: c.7ld2ih:off_41D0AC�o
dd 1Ah dup(0)
db 0
byte_443AC1 db 3 dup(0) ; CODE XREF: sub_4054D7+49�p
; sub_405543+49�p ...
dd 102h dup(0)
db 2 dup(0)
word_443ECE dw 0 ; CODE XREF: sub_407C57+E�p
; sub_419C67+168�p ...
dd 0B1h dup(0)
dword_444194 dd 0F9h dup(0) ; sub_40CEC4+AB�p
; DATA XREF: ...
db 2 dup(0)
word_44457A dw 0 ; CODE XREF: sub_40E422+234�p
; sub_4117DB+13�p ...
dd 9Eh dup(0)
db 0
byte_4447F5 db 3 dup(0) ; CODE XREF: sub_404DF4+4A�p
; DATA XREF: c.7ld2ih:off_41D188�o
dd 240h dup(0)
db 3 dup(0)
byte_4450FB db 0 ; CODE XREF: sub_419F50+82�p
; DATA XREF: c.7ld2ih:off_41D01C�o
dd 0E3h dup(0)
dword_445488 dd 253h dup(0) ; sub_41A690+2AF�p
; DATA XREF: ...
dword_445DD4 dd 1Dh dup(0) ; sub_40B2BC+56�p
; DATA XREF: ...
db 0
byte_445E49 db 3 dup(0) ; CODE XREF: sub_419DDC+6F�p
; DATA XREF: c.7ld2ih:off_41D0C4�o
dd 0FCh dup(0)
db 0
byte_44623D db 3 dup(0) ; CODE XREF: sub_40A15D+17F�p
; sub_40A15D+2A3�p ...
dd 28h dup(0)
db 0
byte_4462E1 db 3 dup(0) ; CODE XREF: sub_405C7A+1B�p
; sub_405C7A+45�p ...
dd 5Ch dup(0)
db 0
byte_446455 db 3 dup(0) ; CODE XREF: sub_40C307+2A6�p
; sub_40C307+318�p ...
dd 260h dup(0)
dword_446DD8 dd 2A1h dup(0) ; DATA XREF: c.7ld2ih:off_41D1E8�o
db 2 dup(0)
word_44785E dw 0 ; CODE XREF: sub_405E33+11�p
; DATA XREF: c.7ld2ih:off_41D15C�o
dd 0DFh dup(0)
db 0
byte_447BDD db 3 dup(0) ; CODE XREF: sub_41764F+2A�p
; sub_41764F+60�p ...
dd 1BBh dup(0)
dword_4482CC dd 305h dup(0) ; sub_40B2BC+B3�p ...
db 3 dup(0)
byte_448EE3 db 0 ; CODE XREF: sub_408B90+1B5�p
; sub_409E64+169�p
; DATA XREF: ...
dd 0CFh dup(0)
db 2 dup(0)
word_449222 dw 0 ; CODE XREF: sub_4176BD+31�p
; DATA XREF: c.7ld2ih:off_41D008�o
dd 290h dup(0)
db 0
byte_449C65 db 3 dup(0) ; CODE XREF: sub_4055A6�p
; sub_405886:loc_405925�p
; DATA XREF: ...
dd 13Ch dup(0)
db 2 dup(0)
word_44A15A dw 0 ; CODE XREF: sub_4031FD+E0�p
; sub_404A3E+FC�p ...
dd 3Ah dup(0)
db 2 dup(0)
word_44A246 dw 0 ; CODE XREF: sub_41088C+9B�p
; DATA XREF: c.7ld2ih:off_41D0B0�o
dd 175h dup(0)
db 3 dup(0)
byte_44A81F db 0 ; DATA XREF: c.7ld2ih:off_41D1FC�o
dd 9 dup(0)
db 0
byte_44A845 db 3 dup(0) ; CODE XREF: sub_403AA0+78�p
; .text:00404324�p ...
dd 4ABh dup(0)
db 3 dup(0)
byte_44BAF7 db 0 ; CODE XREF: sub_419430+94�p
; DATA XREF: c.7ld2ih:off_41D1F8�o
dd 4Bh dup(0)
db 3 dup(0)
byte_44BC27 db 0 ; CODE XREF: sub_4054D7+D�p
; sub_4054D7+24�p ...
dd 36h dup(0)
dword_44BD00 dd 72h dup(0) ; sub_419F50+5D�p ...
db 2 dup(0)
word_44BECA dw 0 ; CODE XREF: sub_40A15D+3E7�p
; sub_40C307+CE�p ...
dd 7 dup(0)
db 3 dup(0)
byte_44BEEB db 0 ; CODE XREF: sub_40B2BC+CC�p
; DATA XREF: c.7ld2ih:off_41D138�o
dd 61h dup(0)
dword_44C070 dd 62h dup(0) ; DATA XREF: c.7ld2ih:off_41D0A8�o
db 2 dup(0)
word_44C1FA dw 0 ; CODE XREF: sub_419430+B1�p
; DATA XREF: c.7ld2ih:off_41D1F4�o
dd 3Eh dup(0)
db 2 dup(0)
word_44C2F6 dw 0 ; CODE XREF: sub_4176BD+14�p
; sub_41A28F+90�p ...
dd 210h dup(0)
db 0
byte_44CB39 db 3 dup(0) ; CODE XREF: sub_406214+27�p
; sub_40DE1D+134�p ...
dd 27Ch dup(0)
db 3 dup(0)
byte_44D52F db 0 ; CODE XREF: sub_419430+C8�p
; DATA XREF: c.7ld2ih:off_41D204�o
dd 81h dup(0)
db 2 dup(0)
word_44D736 dw 0 ; CODE XREF: sub_414884+1C�p
; sub_41BB83+161�p
; DATA XREF: ...
dd 81h dup(0)
db 0
byte_44D93D db 3 dup(0) ; CODE XREF: sub_40D20A+11D�p
; DATA XREF: c.7ld2ih:off_41D114�o
dd 55h dup(0)
db 2 dup(0)
word_44DA96 dw 0 ; CODE XREF: sub_41A40D+C�p
; DATA XREF: c.7ld2ih:off_41D024�o
dd 1B9h dup(0)
dword_44E17C dd 174h dup(0) ; sub_419641+24�p ...
db 2 dup(0)
word_44E74E dw 0 ; CODE XREF: sub_41A025+19�p
; DATA XREF: c.7ld2ih:off_41D034�o
dd 259h dup(0)
db 2 dup(0)
word_44F0B6 dw 0 ; CODE XREF: .text:0041B5CE�p
; DATA XREF: c.7ld2ih:off_41D09C�o
dd 2Bh dup(0)
dword_44F164 dd 268h dup(0) ; sub_41A690+2B2�p
; DATA XREF: ...
db 0
byte_44FB05 db 3 dup(0) ; CODE XREF: sub_4039C3+79�p
; sub_4056CA+2�p ...
dd 5Ah dup(0)
db 2 dup(0)
word_44FC72 dw 0 ; CODE XREF: sub_41A40D+41�p
; sub_41A40D+44�p
; DATA XREF: ...
dd 123h dup(0)
db 2 dup(0)
word_450102 dw 0 ; CODE XREF: sub_4031FD+AA�p
; sub_404A3E+B9�p ...
dd 97h dup(0)
db 2 dup(0)
word_450362 dw 0 ; CODE XREF: sub_40C6EC+191�p
; DATA XREF: c.7ld2ih:off_41D124�o
dd 46h dup(0)
dword_45047C dd 22h dup(0) ; .text:0040434D�p ...
dword_450504 dd 195h dup(0) ; DATA XREF: c.7ld2ih:off_41D030�o
db 3 dup(0)
byte_450B5B db 0 ; CODE XREF: .text:00402199�p
; sub_417776+D1�p ...
dd 21h dup(0)
db 3 dup(0)
byte_450BE3 db 0 ; CODE XREF: sub_405CCF+D�p
; sub_40855D+28�p ...
dd 18Fh dup(0)
dword_451220 dd 17Ah dup(0) ; DATA XREF: c.7ld2ih:off_41D064�o
db 0
byte_451809 db 3 dup(0) ; CODE XREF: sub_408DFD+4B�p
; sub_40E422+29C�p ...
dd 1B8h dup(0)
dword_451EEC dd 15Eh dup(0) ; sub_419E67+30�p ...
db 0
byte_452465 db 3 dup(0) ; CODE XREF: sub_414884+5E�p
; .text:0041B65C�p ...
dd 438h dup(0)
dword_453548 dd 5 dup(0) ; DATA XREF: c.7ld2ih:off_41D174�o
db 3 dup(0)
byte_45355F db 0 ; CODE XREF: sub_40C307+30�p
; sub_40C307+156�p ...
dd 3EAh dup(0)
db 2 dup(0)
word_45450A dw 0 ; CODE XREF: sub_407AEA+1D�p
; sub_407B2A+25�p ...
dd 38h dup(0)
db 2 dup(0)
word_4545EE dw 0 ; CODE XREF: sub_4031FD+BE�p
; sub_404A3E+D9�p ...
dd 250h dup(0)
db 0
byte_454F31 db 3 dup(0) ; CODE XREF: sub_408B90+21F�p
; DATA XREF: c.7ld2ih:off_41D14C�o
dd 175h dup(0)
dword_455508 dd 0D0h dup(0) db 3 dup(0)
byte_45584B db 0 ; CODE XREF: sub_41764F+1D�p
; sub_417722+1B�p
; DATA XREF: ...
dd 90h dup(0)
db 3 dup(0)
byte_455A8F db 0 ; CODE XREF: sub_4031FD+D9�p
; sub_404A3E+F5�p ...
dd 7Bh dup(0)
db 3 dup(0)
byte_455C7F db 0 ; CODE XREF: sub_409E64+194�p
; sub_40D20A+212�p ...
dd 174h dup(0)
db 3 dup(0)
byte_456253 db 0 ; CODE XREF: sub_403900+9�p
; sub_40B439+35�p
; DATA XREF: ...
dd 115h dup(0)
db 0
byte_4566A9 db 3 dup(0) ; CODE XREF: sub_40D06E+40�p
; sub_410B0B+2D�p ...
dd 248h dup(0)
db 3 dup(0)
byte_456FCF db 0 ; CODE XREF: sub_404D50+59�p
; sub_405019+76�p ...
dd 1EAh dup(0)
db 0
byte_457779 db 3 dup(0) ; CODE XREF: sub_41A025+53�p
; sub_41A025+8E�p
; DATA XREF: ...
dd 3CFh dup(0)
db 3 dup(0)
byte_4586BB db 0 ; CODE XREF: sub_408B90+12B�p
; sub_408B90+1C7�p ...
dd 96h dup(0)
db 0
byte_458915 db 3 dup(0) ; CODE XREF: sub_419DDC+50�p
; DATA XREF: c.7ld2ih:off_41D0C0�o
dd 0D0h dup(0)
dword_458C58 dd 0AEh dup(0) ; sub_40850B+28�p ...
dword_458F10 dd 0E6h dup(0) ; DATA XREF: c.7ld2ih:off_41D080�o
dword_4592A8 dd 6 dup(0) ; DATA XREF: c.7ld2ih:off_41D208�o
db 2 dup(0)
word_4592C2 dw 0 ; CODE XREF: sub_41A645+20�p
; sub_41C28D+293�p
; DATA XREF: ...
dd 5Dh dup(0)
db 2 dup(0)
word_45943A dw 0 ; CODE XREF: sub_41A40D+1E�p
; DATA XREF: c.7ld2ih:off_41D044�o
dd 46h dup(0)
db 0
byte_459555 db 3 dup(0) ; CODE XREF: sub_4031FD+B4�p
; sub_404A3E+CE�p ...
dd 1B5h dup(0)
db 2 dup(0)
word_459C2E dw 0 ; CODE XREF: sub_417722+39�p
; DATA XREF: c.7ld2ih:off_41D000�o
dd 53h dup(0)
db 2 dup(0)
word_459D7E dw 0 ; CODE XREF: .text:0040218A�p
; DATA XREF: c.7ld2ih:off_41D048�o
dd 6 dup(0)
dword_459D98 dd 27h dup(0) ; DATA XREF: c.7ld2ih:off_41D118�o
db 2 dup(0)
word_459E36 dw 0 ; CODE XREF: sub_419430+3C�p
; sub_419430+43�p
; DATA XREF: ...
dd 221h dup(0)
dword_45A6BC dd 251h dup(0) ; DATA XREF: c.7ld2ih:off_41D05C�o
dviuq5id ends
; Section 7. (virtual address 0005B000)
; Virtual size : 00032000 ( 204800.)
; Section size in file : 00032000 ( 204800.)
; Offset to raw data for section: 0005B000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
dy9cvewz segment para public 'CODE' use32
assume cs:dy9cvewz
;org 45B000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 44h dup(0)
TlsDirectory dd 0
TlsEnd_ptr dd 0
TlsIndex_ptr dd 0
TlsCallbacks_ptr dd 0
TlsSizeOfZeroFill dd 0
TlsCharacteristics dd 0
dd 0C7B6h dup(0)
dy9cvewz ends
; Section 8. (virtual address 0008D000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 0008D000
; Flags E00000E0: Text Data Bss Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
uyr766ie segment para public 'CODE' use32
assume cs:uyr766ie
;org 48D000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 400h dup(0)
public start
start dd 1C00h dup(0)
uyr766ie ends
; Section 9. (virtual address 00095000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00095000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 495000h
align 2000h
_idata2 ends
end start