;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 4F647892E8E2242B7A77D59A9D310BF5
; File Name : u:\work\4f647892e8e2242b7a77d59a9d310bf5_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007CAC ( 31916.)
; Section size in file : 00007CAC ( 31916.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_4059CE+12B�o
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 5Ch
cmp [ebp+arg_4], 0Fh
jz short loc_401037
cmp [ebp+arg_4], 46h
mov eax, [ebp+arg_C]
jnz short loc_401022
or dword ptr [eax+18h], 10h
mov ecx, dword_434180
mov [eax+4], ecx
loc_401022: ; CODE XREF: sub_401000+13�j
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_409270 ; DefWindowProcA
jmp locret_401179
; ---------------------------------------------------------------------------
loc_401037: ; CODE XREF: sub_401000+A�j
push ebx
push esi
mov esi, dword_434188
push edi
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_0]
call ds:dword_409284 ; BeginPaint
and [ebp+var_C], 0
mov [ebp+arg_4], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call ds:dword_409274 ; GetClientRect
mov edi, [ebp+var_10]
and [ebp+var_10], 0
mov ebx, ds:dword_409040
jmp loc_4010F3
; ---------------------------------------------------------------------------
loc_401073: ; CODE XREF: sub_401000+F6�j
movzx eax, byte ptr [esi+52h]
movzx edx, byte ptr [esi+56h]
imul edx, [ebp+var_18]
mov ecx, edi
sub ecx, [ebp+var_18]
imul eax, ecx
add eax, edx
cdq
idiv edi
xor edx, edx
mov [ebp+arg_8], ecx
mov dh, al
movzx eax, byte ptr [esi+51h]
imul eax, ecx
movzx ecx, byte ptr [esi+55h]
imul ecx, [ebp+var_18]
add eax, ecx
mov ecx, edx
cdq
idiv edi
movzx edx, byte ptr [esi+54h]
imul edx, [ebp+var_18]
mov cl, al
movzx eax, byte ptr [esi+50h]
imul eax, [ebp+arg_8]
add eax, edx
cdq
idiv edi
shl ecx, 8
movzx eax, al
or ecx, eax
lea eax, [ebp+var_C]
push eax
mov [ebp+var_8], ecx
call ds:dword_409044 ; CreateBrushIndirect
add [ebp+var_10], 4
push eax
mov [ebp+arg_C], eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call ds:dword_409278 ; FillRect
push [ebp+arg_C]
call ebx ; DeleteObject
add [ebp+var_18], 4
loc_4010F3: ; CODE XREF: sub_401000+6E�j
cmp [ebp+var_18], edi
jl loc_401073
cmp dword ptr [esi+58h], 0FFFFFFFFh
jz short loc_401167
push dword ptr [esi+34h]
call ds:dword_409048 ; CreateFontIndirectA
test eax, eax
mov [ebp+arg_C], eax
jz short loc_401167
mov edi, [ebp+arg_4]
push 1
push edi
mov [ebp+var_1C], 10h
mov [ebp+var_18], 8
call ds:dword_40904C ; SetBkMode
push dword ptr [esi+58h]
push edi
call ds:dword_409050 ; SetTextColor
push [ebp+arg_C]
mov esi, ds:dword_409058
push edi
call esi ; SelectObject
push 820h
mov [ebp+arg_4], eax
lea eax, [ebp+var_1C]
push eax
push 0FFFFFFFFh
push offset aNsisError ; "NSIS Error"
push edi
call ds:dword_40927C ; DrawTextA
push [ebp+arg_4]
push edi
call esi ; SelectObject
push [ebp+arg_C]
call ebx ; DeleteObject
loc_401167: ; CODE XREF: sub_401000+100�j
; sub_401000+110�j
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_0]
call ds:dword_409280 ; EndPaint
pop edi
pop esi
xor eax, eax
pop ebx
locret_401179: ; CODE XREF: sub_401000+32�j
leave
retn 10h
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40117D proc near ; CODE XREF: sub_40161F+1B27�p
; sub_404A08+33D�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_4341A8
mov edx, ecx
imul edx, 418h
mov edx, [edx+eax+8]
test dl, 2
jz short locret_4011EC
push esi
push edi
lea esi, [ecx+1]
xor edi, edi
cmp esi, dword_4341AC
jnb short loc_4011EA
mov ecx, esi
imul ecx, 418h
lea eax, [ecx+eax+8]
push ebx
loc_4011B3: ; CODE XREF: sub_40117D+6A�j
mov ecx, [eax]
test cl, 2
jz short loc_4011BD
inc edi
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_40117D+3B�j
test cl, 4
jz short loc_4011CB
mov ecx, edi
dec edi
test ecx, ecx
jz short loc_4011E9
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011CB: ; CODE XREF: sub_40117D+43�j
test cl, 10h
jnz short loc_4011DB
mov ebx, ecx
xor ebx, edx
and ebx, 1
xor ebx, ecx
mov [eax], ebx
loc_4011DB: ; CODE XREF: sub_40117D+3E�j
; sub_40117D+4C�j ...
inc esi
add eax, 418h
cmp esi, dword_4341AC
jb short loc_4011B3
loc_4011E9: ; CODE XREF: sub_40117D+4A�j
pop ebx
loc_4011EA: ; CODE XREF: sub_40117D+27�j
pop edi
pop esi
locret_4011EC: ; CODE XREF: sub_40117D+18�j
retn 4
sub_40117D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011EF proc near ; CODE XREF: sub_4011EF+57�p
; sub_40129E+4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push ebx
push esi
mov esi, edx
imul esi, 418h
push edi
mov edi, dword_4341A8
mov eax, [esi+edi+8]
xor ecx, ecx
test al, 2
mov [ebp+var_4], ecx
mov [ebp+var_8], ecx
jz short loc_401225
cmp [ebp+arg_4], ecx
jnz short loc_401225
and eax, 0FFFFFFBEh
mov [esi+edi+8], eax
inc edx
loc_401225: ; CODE XREF: sub_4011EF+27�j
; sub_4011EF+2C�j
cmp edx, dword_4341AC
jnb short loc_401271
loc_40122D: ; CODE XREF: sub_4011EF+80�j
mov eax, edx
imul eax, 418h
lea ebx, [eax+edi+8]
mov ecx, [ebx]
test cl, 2
lea eax, [edx+1]
jz short loc_40124D
push 0
push edx
call sub_4011EF
mov ecx, [ebx]
loc_40124D: ; CODE XREF: sub_4011EF+52�j
test cl, 4
jnz short loc_40127A
test cl, 40h
jz short loc_40125A
inc [ebp+var_4]
loc_40125A: ; CODE XREF: sub_4011EF+66�j
test cl, 1
jz short loc_401264
inc [ebp+var_4]
jmp short loc_401267
; ---------------------------------------------------------------------------
loc_401264: ; CODE XREF: sub_4011EF+6E�j
inc [ebp+var_8]
loc_401267: ; CODE XREF: sub_4011EF+73�j
cmp eax, dword_4341AC
mov edx, eax
jb short loc_40122D
loc_401271: ; CODE XREF: sub_4011EF+3C�j
xor eax, eax
loc_401273: ; CODE XREF: sub_4011EF+8F�j
; sub_4011EF+9E�j ...
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_40127A: ; CODE XREF: sub_4011EF+61�j
cmp [ebp+var_4], 0
jz short loc_401273
cmp [ebp+var_8], 0
lea ecx, [esi+edi+8]
jz short loc_40128F
or dword ptr [ecx], 40h
jmp short loc_401273
; ---------------------------------------------------------------------------
loc_40128F: ; CODE XREF: sub_4011EF+99�j
mov edx, [ecx]
and edx, 0FFFFFF7Fh
or edx, 1
mov [ecx], edx
jmp short loc_401273
sub_4011EF endp
; =============== S U B R O U T I N E =======================================
sub_40129E proc near ; CODE XREF: sub_40161F+1B53�p
; sub_404A08+478�p ...
push 1
push 0
call sub_4011EF
retn
sub_40129E endp
; =============== S U B R O U T I N E =======================================
sub_4012A8 proc near ; CODE XREF: sub_40161F+1B4E�p
; sub_404A08+3F9�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_4341A8
push esi
xor esi, esi
cmp ecx, 20h
jnb short loc_4012EF
cmp dword_4341AC, esi
jbe short loc_4012EF
lea edx, [eax+8]
push edi
loc_4012C5: ; CODE XREF: sub_4012A8+44�j
mov eax, [edx]
test al, 6
jnz short loc_4012DF
xor edi, edi
inc edi
shl edi, cl
test [edx-4], edi
jz short loc_4012DA
or eax, 1
jmp short loc_4012DD
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012A8+2B�j
and eax, 0FFFFFFFEh
loc_4012DD: ; CODE XREF: sub_4012A8+30�j
mov [edx], eax
loc_4012DF: ; CODE XREF: sub_4012A8+21�j
inc esi
add edx, 418h
cmp esi, dword_4341AC
jb short loc_4012C5
pop edi
loc_4012EF: ; CODE XREF: sub_4012A8+F�j
; sub_4012A8+17�j
pop esi
retn 4
sub_4012A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012F3 proc near ; CODE XREF: sub_40161F+1B5B�p
; sub_404A08+494�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_434188
and [ebp+var_4], 0
push ebx
push esi
add eax, 94h
push edi
mov edi, dword_4341AC
mov [ebp+var_8], eax
loc_401313: ; CODE XREF: sub_4012F3+7F�j
mov eax, [ebp+var_8]
xor ebx, ebx
cmp [eax], ebx
jz short loc_401367
cmp ebx, edi
jnb short loc_401365
mov esi, dword_4341A8
add esi, 8
loc_401329: ; CODE XREF: sub_4012F3+6E�j
mov edx, [esi]
test dl, 6
jnz short loc_401358
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_40133D
cmp dword ptr [eax+ebx*4], 0
jz short loc_401358
loc_40133D: ; CODE XREF: sub_4012F3+42�j
mov ecx, [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi-4]
and edx, 1
and ecx, eax
mov eax, ecx
mov ecx, [ebp+var_4]
shl edx, cl
cmp eax, edx
jnz short loc_401363
loc_401358: ; CODE XREF: sub_4012F3+3B�j
; sub_4012F3+48�j
inc ebx
add esi, 418h
cmp ebx, edi
jb short loc_401329
loc_401363: ; CODE XREF: sub_4012F3+63�j
cmp ebx, edi
loc_401365: ; CODE XREF: sub_4012F3+2B�j
jz short loc_401374
loc_401367: ; CODE XREF: sub_4012F3+27�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 20h
jb short loc_401313
loc_401374: ; CODE XREF: sub_4012F3:loc_401365�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn 4
sub_4012F3 endp
; =============== S U B R O U T I N E =======================================
sub_40137E proc near ; CODE XREF: sub_403646+178�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp dword_40D0A4, 0
push esi
jnz short loc_4013B5
xor ecx, ecx
loc_40138A: ; CODE XREF: sub_40137E+35�j
push 8
mov eax, ecx
pop esi
loc_40138F: ; CODE XREF: sub_40137E+25�j
mov edx, eax
and dl, 1
neg dl
sbb edx, edx
and edx, 0EDB88320h
shr eax, 1
xor eax, edx
dec esi
jnz short loc_40138F
mov dword_40D0A0[ecx*4], eax
inc ecx
cmp ecx, 100h
jl short loc_40138A
loc_4013B5: ; CODE XREF: sub_40137E+8�j
mov esi, [esp+4+arg_8]
test esi, esi
mov eax, [esp+4+arg_0]
not eax
jbe short loc_4013E1
mov ecx, [esp+4+arg_4]
loc_4013C7: ; CODE XREF: sub_40137E+61�j
xor edx, edx
mov dl, [ecx]
xor edx, eax
and edx, 0FFh
shr eax, 8
xor eax, dword_40D0A0[edx*4]
inc ecx
dec esi
jnz short loc_4013C7
loc_4013E1: ; CODE XREF: sub_40137E+43�j
not eax
pop esi
retn 0Ch
sub_40137E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013E7 proc near ; CODE XREF: sub_4014C9+10�p
; sub_40161F+E4�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
test edi, edi
jl loc_4014B9
mov esi, [ebp+arg_4]
mov ebx, 400h
loc_401400: ; CODE XREF: sub_4013E7+CC�j
mov ecx, dword_4341B0
mov eax, edi
shl eax, 5
add eax, ecx
mov ecx, [eax]
cmp ecx, 1
jz loc_4014B9
test dword_4341E4, ebx
jz short loc_40142A
cmp ecx, 14h
jz short loc_40142A
cmp ecx, 3Eh
jnz short loc_40145D
loc_40142A: ; CODE XREF: sub_4013E7+37�j
; sub_4013E7+3C�j
push eax
call sub_40161F
mov esi, eax
cmp esi, 7FFFFFFFh
jz loc_4014C2
test dword_4341E4, ebx
jnz short loc_40145D
test esi, esi
jge short loc_40145F
inc esi
shl esi, 0Ah
mov eax, offset dword_435000
sub eax, esi
push eax
call sub_405F99
mov esi, eax
loc_40145D: ; CODE XREF: sub_4013E7+41�j
; sub_4013E7+5D�j
test esi, esi
loc_40145F: ; CODE XREF: sub_4013E7+61�j
jz short loc_401472
test dword_4341E4, ebx
jnz short loc_401472
dec esi
mov eax, edi
mov edi, esi
sub esi, eax
jmp short loc_401474
; ---------------------------------------------------------------------------
loc_401472: ; CODE XREF: sub_4013E7:loc_40145F�j
; sub_4013E7+80�j
inc esi
inc edi
loc_401474: ; CODE XREF: sub_4013E7+89�j
cmp [ebp+arg_4], 0
jz short loc_4014B1
mov eax, dword_433964
add dword_43396C, esi
xor ecx, ecx
test eax, eax
setz cl
push 0
add ecx, eax
push ecx
push 7530h
push dword_43396C
call ds:dword_409130 ; MulDiv
push eax
push 402h
push [ebp+arg_4]
call ds:dword_40926C ; SendMessageA
loc_4014B1: ; CODE XREF: sub_4013E7+91�j
test edi, edi
jge loc_401400
loc_4014B9: ; CODE XREF: sub_4013E7+B�j
; sub_4013E7+2B�j
xor eax, eax
loc_4014BB: ; CODE XREF: sub_4013E7+E0�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_4014C2: ; CODE XREF: sub_4013E7+51�j
mov eax, 7FFFFFFFh
jmp short loc_4014BB
sub_4013E7 endp
; =============== S U B R O U T I N E =======================================
sub_4014C9 proc near ; CODE XREF: start+490�p sub_404093+44�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_434188
push 0
push dword ptr [ecx+eax*4+6Ch]
call sub_4013E7
retn 4
sub_4014C9 endp
; =============== S U B R O U T I N E =======================================
sub_4014E1 proc near ; CODE XREF: sub_40161F+26B�p
; sub_40161F+368�p ...
arg_0 = dword ptr 4
push offset byte_40D8A8
push [esp+4+arg_0]
call sub_405013
retn 4
sub_4014E1 endp
; =============== S U B R O U T I N E =======================================
sub_4014F2 proc near ; CODE XREF: sub_40161F+13F�p
; sub_40161F+183�p ...
mov eax, dword_40F0E4
push dword ptr [eax+ecx*4]
push 0
call sub_4066B7
push eax
call sub_405F99
retn
sub_4014F2 endp
; =============== S U B R O U T I N E =======================================
sub_401508 proc near ; CODE XREF: sub_4015D6+2D�p
; sub_40161F+79�p ...
test esi, esi
mov eax, esi
jge short loc_401510
neg eax
loc_401510: ; CODE XREF: sub_401508+4�j
mov edx, dword_40F0E4
mov ecx, eax
sar eax, 4
push edi
and ecx, 0Fh
push dword ptr [edx+ecx*4]
shl eax, 0Ah
add eax, offset dword_40D4A8
push eax
call sub_4066B7
test esi, esi
mov edi, eax
jge short loc_40153C
push edi
call sub_40602E
loc_40153C: ; CODE XREF: sub_401508+2C�j
mov eax, edi
pop edi
retn
sub_401508 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401540 proc near ; CODE XREF: sub_401540+42�p
; sub_40161F+1386�p
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
lea eax, [ebp+var_4]
push eax
push 8
xor ebx, ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_409008 ; RegOpenKeyExA
cmp eax, ebx
jnz short loc_4015B2
mov esi, ds:dword_409004
mov edi, 105h
jmp short loc_40158B
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_401540+5B�j
cmp [ebp+arg_8], ebx
jnz short loc_4015B9
push ebx
lea eax, [ebp+var_10C]
push eax
push [ebp+var_4]
call sub_401540
test eax, eax
jnz short loc_40159D
loc_40158B: ; CODE XREF: sub_401540+30�j
push edi
lea eax, [ebp+var_10C]
push eax
push ebx
push [ebp+var_4]
call esi ; RegEnumKeyA
test eax, eax
jz short loc_401572
loc_40159D: ; CODE XREF: sub_401540+49�j
push [ebp+var_4]
call ds:dword_409020 ; RegCloseKey
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_409000 ; RegDeleteKeyA
loc_4015B2: ; CODE XREF: sub_401540+23�j
; sub_401540+85�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_4015B9: ; CODE XREF: sub_401540+35�j
push [ebp+var_4]
call ds:dword_409020 ; RegCloseKey
xor eax, eax
inc eax
jmp short loc_4015B2
sub_401540 endp
; ---------------------------------------------------------------------------
test eax, eax
jnz short locret_4015D5
mov eax, dword_434204
add eax, 80000001h
locret_4015D5: ; CODE XREF: .text:004015C9�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015D6 proc near ; CODE XREF: sub_40161F+130F�p
; sub_40161F+14C6�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, dword_40F0E4
mov eax, [eax+4]
test eax, eax
push esi
push edi
jz short loc_4015EB
mov edi, eax
jmp short loc_4015F7
; ---------------------------------------------------------------------------
loc_4015EB: ; CODE XREF: sub_4015D6+F�j
mov edi, dword_434204
add edi, 80000001h
loc_4015F7: ; CODE XREF: sub_4015D6+13�j
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_0]
push 0
push 22h
pop esi
call sub_401508
push eax
push edi
call ds:dword_409008 ; RegOpenKeyExA
neg eax
sbb eax, eax
not eax
and eax, [ebp+arg_0]
pop edi
pop esi
pop ebp
retn 4
sub_4015D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40161F proc near ; CODE XREF: sub_4013E7+44�p
var_1A4 = byte ptr -1A4h
var_178 = byte ptr -178h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = word ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov eax, dword_434180
and [ebp+var_C], 0
and [ebp+var_4], 0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 8
pop ecx
lea edi, [ebp+var_3C]
rep movsd
mov edx, [ebp+var_34]
mov esi, [ebp+var_38]
lea ecx, [ebp+var_38]
mov dword_40F0E4, ecx
mov ecx, [ebp+var_3C]
mov [ebp+var_10], eax
mov ebx, edx
shl ebx, 0Ah
mov eax, esi
shl eax, 0Ah
add ecx, 0FFFFFFFEh
add ebx, offset dword_435000
cmp ecx, 42h ; switch 67 cases
lea edi, dword_435000[eax]
ja loc_4031EB ; default
; jumptable 0040167A cases 64,65
jmp ds:off_4031FD[ecx*4] ; switch jump
loc_401681: ; DATA XREF: .text:off_4031FD�o
push esi ; jumptable 0040167A case 0
push offset aJumpD ; "Jump: %d"
call sub_406171
mov eax, [ebp+var_38]
pop ecx
pop ecx
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401696: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 1
call sub_401508
push eax
push offset aAbortingS ; "Aborting: \"%s\""
call sub_406171
pop ecx
pop ecx
push esi
push [ebp+var_38]
loc_4016AE: ; CODE XREF: sub_40161F+646�j
call sub_405013
jmp loc_402E66
; ---------------------------------------------------------------------------
loc_4016B8: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
inc dword_433954 ; jumptable 0040167A case 2
cmp [ebp+var_10], 0
jz loc_402E66
push 0
call ds:dword_40918C ; PostQuitMessage
jmp loc_402E66
; ---------------------------------------------------------------------------
loc_4016D5: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
test esi, esi ; jumptable 0040167A case 3
jge short loc_4016EE
mov ecx, offset dword_435000
sub ecx, eax
sub ecx, 400h
push ecx
call sub_405F99
jmp short loc_4016F0
; ---------------------------------------------------------------------------
loc_4016EE: ; CODE XREF: sub_40161F+B8�j
mov eax, esi
loc_4016F0: ; CODE XREF: sub_40161F+CD�j
lea esi, [eax-1]
push esi
push offset aCallD ; "Call: %d"
call sub_406171
pop ecx
pop ecx
push 0
push esi
call sub_4013E7
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_40170D: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
test edx, edx ; jumptable 0040167A case 4
jz short loc_40173A
test dl, 8
jz short loc_401725
mov eax, dword_40D008
mov dword_40D03C, eax
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401725: ; CODE XREF: sub_40161F+F5�j
mov eax, dword_40D03C
mov dword_40D008, eax
mov dword_40D03C, edx
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40173A: ; CODE XREF: sub_40161F+F0�j
xor esi, esi
call sub_401508
push eax
push offset aDetailprintS ; "detailprint: %s"
call sub_406171
pop ecx
pop ecx
push esi
push [ebp+var_38]
call sub_405013
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40175C: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 5
call sub_4014F2
mov esi, eax
push esi
push offset aSleepD ; "Sleep(%d)"
call sub_406171
cmp esi, 1
pop ecx
pop ecx
jg short loc_40177A
xor esi, esi
inc esi
loc_40177A: ; CODE XREF: sub_40161F+156�j
push esi
call ds:dword_4090B0 ; Sleep
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401786: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push offset aBringtofront ; jumptable 0040167A case 6
call sub_406171
pop ecx
push [ebp+var_10]
call ds:dword_409230 ; SetForegroundWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40179F: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 11
inc ecx
call sub_4014F2
mov ecx, [ebp+var_38]
mov dword_434200[ecx*4], eax
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4017B6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov ecx, [ebp+var_30] ; jumptable 0040167A case 12
mov edx, [ebp+var_2C]
xor eax, eax
lea ecx, ds:434200h[ecx*4]
cmp [ecx], eax
setz al
and [ecx], edx
mov eax, [ebp+eax*4+var_38]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_4017D5: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push dword_434200[edx*4] ; jumptable 0040167A case 13
loc_4017DC: ; CODE XREF: sub_40161F+7B8�j
; sub_40161F+962�j ...
push edi
jmp loc_403181
; ---------------------------------------------------------------------------
loc_4017E2: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, dword_433960 ; jumptable 0040167A case 7
test eax, eax
mov edi, ds:dword_409234
jz short loc_4017F8
push edx
push eax
call edi ; ShowWindow
mov esi, [ebp+var_38]
loc_4017F8: ; CODE XREF: sub_40161F+1D0�j
mov eax, dword_43394C
test eax, eax
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push esi
push eax
call edi ; ShowWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40180E: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 8
pop esi
call sub_401508
push [ebp+var_34]
mov esi, eax
push esi
push offset aSetfileattribu ; "SetFileAttributes: \"%s\":%08X"
call sub_406171
add esp, 0Ch
push [ebp+var_34]
push esi
call ds:dword_4090AC ; SetFileAttributesA
test eax, eax
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push offset aSetfileattri_0 ; "SetFileAttributes failed."
mov [ebp+var_4], 1
call sub_406171
jmp loc_4030C4
; ---------------------------------------------------------------------------
loc_401851: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 9
pop esi
call sub_401508
push [ebp+var_34]
mov esi, eax
push esi
push offset aCreatedirector ; "CreateDirectory: \"%s\" (%d)"
call sub_406171
add esp, 0Ch
cmp byte ptr [esi], 0
jz short loc_401882
push esi
call sub_4062D0
test eax, eax
jnz short loc_401882
mov [ebp+var_4], 1
loc_401882: ; CODE XREF: sub_40161F+250�j
; sub_40161F+25A�j
cmp [ebp+var_34], 0
jz short loc_4018A6
push 0FFFFFFE6h
call sub_4014E1
push esi
push offset dword_43A800
call sub_406022 ; lstrcpyA
push esi
call ds:dword_4090A8 ; SetCurrentDirectoryA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4018A6: ; CODE XREF: sub_40161F+267�j
push 0FFFFFFF5h
jmp loc_402795
; ---------------------------------------------------------------------------
loc_4018AD: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 10
call sub_401508
push 10h
pop esi
mov edi, eax
call sub_401508
push edi
mov esi, eax
call sub_40618D
test eax, eax
jz short loc_4018E0
push [ebp+var_34]
push esi
push offset aIffileexistsFi ; "IfFileExists: file \"%s\" exists, jumping"...
call sub_406171
add esp, 0Ch
jmp loc_40213D
; ---------------------------------------------------------------------------
loc_4018E0: ; CODE XREF: sub_40161F+2A9�j
push [ebp+var_30]
push esi
push offset aIffileexists_0 ; "IfFileExists: file \"%s\" does not exist,"...
call sub_406171
add esp, 0Ch
loc_4018F1: ; CODE XREF: sub_40161F+861�j
; sub_40161F+8B9�j ...
mov eax, [ebp+var_30]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_4018F9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFD0h ; jumptable 0040167A case 14
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+arg_0], eax
call sub_401508
push [ebp+arg_0]
mov ebx, offset byte_40D8A8
push ebx
mov edi, eax
call sub_406022 ; lstrcpyA
push edi
call sub_406028 ; lstrlenA
push [ebp+arg_0]
mov esi, eax
call sub_406028 ; lstrlenA
add esi, eax
cmp esi, 3FDh
jge short loc_401948
mov esi, ds:dword_4090A4
push offset asc_4097D8 ; "->"
push ebx
call esi ; lstrcatA
push edi
push ebx
call esi ; lstrcatA
loc_401948: ; CODE XREF: sub_40161F+315�j
push ebx
push offset aRenameS ; "Rename: %s"
call sub_406171
pop ecx
pop ecx
push edi
push [ebp+arg_0]
call ds:dword_4090A0 ; MoveFileA
test eax, eax
jz short loc_40196A
push 0FFFFFFE3h
jmp loc_402795
; ---------------------------------------------------------------------------
loc_40196A: ; CODE XREF: sub_40161F+342�j
cmp [ebp+var_30], 0
jz short loc_401997
push [ebp+arg_0]
call sub_40618D
test eax, eax
jz short loc_401997
push edi
push [ebp+arg_0]
call sub_406326
push 0FFFFFFE4h
call sub_4014E1
push ebx
push offset aRenameOnReboot ; "Rename on reboot: %s"
jmp loc_4030BE
; ---------------------------------------------------------------------------
loc_401997: ; CODE XREF: sub_40161F+34F�j
; sub_40161F+35B�j
push ebx
mov [ebp+var_4], 1
push offset aRenameFailedS ; "Rename failed: %s"
jmp loc_4030BE
; ---------------------------------------------------------------------------
loc_4019A9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 15
call sub_401508
mov esi, eax
lea eax, [ebp+arg_0]
push eax
push ebx
mov edi, 400h
push edi
push esi
call ds:dword_40909C ; GetFullPathNameA
test eax, eax
jz short loc_4019EC
mov eax, [ebp+arg_0]
cmp eax, esi
jbe short loc_4019F6
cmp byte ptr [eax], 0
jz short loc_4019F6
push esi
call sub_40618D
test eax, eax
jz short loc_4019EC
add eax, 2Ch
push eax
push [ebp+arg_0]
call sub_406022 ; lstrcpyA
jmp short loc_4019F6
; ---------------------------------------------------------------------------
loc_4019EC: ; CODE XREF: sub_40161F+3A7�j
; sub_40161F+3BD�j
mov [ebp+var_4], 1
mov byte ptr [ebx], 0
loc_4019F6: ; CODE XREF: sub_40161F+3AE�j
; sub_40161F+3B3�j ...
cmp [ebp+var_30], 0
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
push ebx
push ebx
call ds:dword_409098 ; GetShortPathNameA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401A0E: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
or esi, 0FFFFFFFFh ; jumptable 0040167A case 16
call sub_401508
lea ecx, [ebp+arg_0]
push ecx
push edi
push 400h
push 0
push eax
push 0
call ds:dword_409094 ; SearchPathA
test eax, eax
loc_401A2D: ; CODE XREF: sub_40161F+1302�j
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401A33: ; CODE XREF: sub_40161F+1734�j
; sub_40161F+1750�j
mov [ebp+var_4], 1
mov byte ptr [edi], 0
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401A42: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFEFh ; jumptable 0040167A case 17
pop esi
call sub_401508
push eax
push edi
call sub_405E73
loc_401A51: ; CODE XREF: sub_40161F+12BF�j
; sub_40161F+161F�j
test eax, eax
loc_401A53: ; CODE XREF: sub_40161F+16DE�j
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401A59: ; CODE XREF: sub_40161F+764�j
; sub_40161F+9F7�j ...
mov [ebp+var_4], 1
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401A65: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
and esi, 7 ; jumptable 0040167A case 18
test byte ptr dword_4341E4+1, 4
mov [ebp+arg_0], esi
jnz short loc_401A8C
push 31h
pop esi
call sub_401508
mov ebx, eax
push ebx
mov [ebp+var_10], ebx
call sub_406028 ; lstrlenA
jmp loc_401B29
; ---------------------------------------------------------------------------
loc_401A8C: ; CODE XREF: sub_40161F+453�j
push 36h
pop esi
call sub_401508
mov ebx, eax
push ebx
mov [ebp+var_10], ebx
call sub_406028 ; lstrlenA
push dword_42CCF4
mov esi, eax
call sub_406028 ; lstrlenA
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_401AC8
push dword_42CCF4
call sub_406028 ; lstrlenA
lea eax, [eax+esi+1]
loc_401AC8: ; CODE XREF: sub_40161F+498�j
push eax
call sub_405D2F
mov edi, eax
test edi, edi
mov [ebp+var_C], edi
jz loc_402E66
push dword_42CCF4
push edi
call sub_406022 ; lstrcpyA
push ebx
push edi
call ds:dword_4090A4 ; lstrcatA
push edi
call sub_406028 ; lstrlenA
lea esi, [eax+edi-1]
jmp short loc_401B0A
; ---------------------------------------------------------------------------
loc_401AFB: ; CODE XREF: sub_40161F+4ED�j
cmp byte ptr [esi], 5Ch
jz short loc_401B0E
push esi
push edi
call ds:dword_409238 ; CharPrevA
mov esi, eax
loc_401B0A: ; CODE XREF: sub_40161F+4DA�j
cmp esi, edi
ja short loc_401AFB
loc_401B0E: ; CODE XREF: sub_40161F+4DF�j
push edi
mov byte ptr [esi], 0
call sub_4062D0
test eax, eax
jz loc_402E66
push edi
push ebx
mov byte ptr [esi], 5Ch
call sub_406022 ; lstrcpyA
loc_401B29: ; CODE XREF: sub_40161F+468�j
mov eax, [ebp+var_38]
sar eax, 3
push ebx
and eax, 2
push eax
push [ebp+arg_0]
push offset aFileOverwritef ; "File: overwriteflag=%d, allowskipfilesf"...
call sub_406171
add esp, 10h
push ebx
call sub_405D5A
test eax, eax
mov esi, offset dword_40D4A8
push ebx
jz short loc_401B5C
push esi
call sub_406022 ; lstrcpyA
jmp short loc_401B74
; ---------------------------------------------------------------------------
loc_401B5C: ; CODE XREF: sub_40161F+533�j
push offset dword_43A800
push esi
call sub_406022 ; lstrcpyA
push eax
call sub_4061CB
push eax
call ds:dword_4090A4 ; lstrcatA
loc_401B74: ; CODE XREF: sub_40161F+53B�j
push esi
call sub_40602E
mov ebx, offset byte_40D8A8
mov edi, offset dword_40DCA8
loc_401B84: ; CODE XREF: sub_40161F+630�j
cmp [ebp+arg_0], 3
jl short loc_401BBB
push esi
call sub_40618D
xor ecx, ecx
test eax, eax
jz short loc_401BA6
lea ecx, [ebp+var_2C]
push ecx
add eax, 14h
push eax
call ds:dword_409090 ; CompareFileTime
mov ecx, eax
loc_401BA6: ; CODE XREF: sub_40161F+575�j
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFDh
or eax, 80000000h
and eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+arg_0], eax
loc_401BBB: ; CODE XREF: sub_40161F+569�j
cmp [ebp+arg_0], 0
jnz short loc_401BD3
push esi
call ds:dword_40908C ; GetFileAttributesA
and eax, 0FFFFFFFEh
push eax
push esi
call ds:dword_4090AC ; SetFileAttributesA
loc_401BD3: ; CODE XREF: sub_40161F+5A0�j
xor eax, eax
cmp [ebp+arg_0], 1
setnz al
inc eax
push eax
push 40000000h
push esi
call sub_405E44
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_401CAC
cmp [ebp+arg_0], 0
jnz short loc_401C6A
push esi
push offset aFileErrorCreat ; "File: error creating \"%s\""
call sub_406171
pop ecx
pop ecx
push offset dword_435000
push edi
call sub_406022 ; lstrcpyA
push esi
push offset dword_435000
call sub_406022 ; lstrcpyA
push [ebp+var_24]
push ebx
call sub_4066B7
push edi
push offset dword_435000
call sub_406022 ; lstrcpyA
mov eax, [ebp+var_38]
sar eax, 3
push eax
push ebx
call sub_405CED
sub eax, 4
jnz short loc_401C54
push offset aFileErrorUserR ; "File: error, user retry"
call sub_406171
pop ecx
jmp loc_401B84
; ---------------------------------------------------------------------------
loc_401C54: ; CODE XREF: sub_40161F+623�j
dec eax
jz short loc_401C96
push offset aFileErrorUserA ; "File: error, user abort"
call sub_406171
pop ecx
push esi
push 0FFFFFFFAh
jmp loc_4016AE
; ---------------------------------------------------------------------------
loc_401C6A: ; CODE XREF: sub_40161F+5DA�j
push [ebp+var_10]
push 0FFFFFFE2h
call sub_405013
cmp [ebp+arg_0], 2
jnz short loc_401C80
inc dword_434208
loc_401C80: ; CODE XREF: sub_40161F+659�j
push [ebp+arg_0]
push esi
push offset aFileSkippedSOv ; "File: skipped: \"%s\" (overwriteflag=%d)"
call sub_406171
add esp, 0Ch
jmp loc_4031DC
; ---------------------------------------------------------------------------
loc_401C96: ; CODE XREF: sub_40161F+636�j
push offset aFileErrorUserC ; "File: error, user cancel"
call sub_406171
inc dword_434208
pop ecx
jmp loc_4031F4
; ---------------------------------------------------------------------------
loc_401CAC: ; CODE XREF: sub_40161F+5D0�j
push [ebp+var_10]
push 0FFFFFFEAh
call sub_405013
inc dword_40D03C
xor ebx, ebx
push ebx
push ebx
push [ebp+var_8]
push [ebp+var_30]
call sub_403412
dec dword_40D03C
mov edi, eax
push esi
push edi
push offset aFileWroteDToS ; "File: wrote %d to \"%s\""
call sub_406171
add esp, 0Ch
cmp [ebp+var_2C], 0FFFFFFFFh
jnz short loc_401CEE
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_401CFD
loc_401CEE: ; CODE XREF: sub_40161F+6C7�j
lea eax, [ebp+var_2C]
push eax
push ebx
push eax
push [ebp+var_8]
call ds:dword_409088 ; SetFileTime
loc_401CFD: ; CODE XREF: sub_40161F+6CD�j
push [ebp+var_8]
call ds:dword_409084 ; CloseHandle
cmp edi, ebx
jge loc_4031DC
cmp edi, 0FFFFFFFEh
jnz short loc_401D27
push 0FFFFFFE9h
push esi
call sub_4066B7
push [ebp+var_10]
push esi
call ds:dword_4090A4 ; lstrcatA
jmp short loc_401D2F
; ---------------------------------------------------------------------------
loc_401D27: ; CODE XREF: sub_40161F+6F2�j
push 0FFFFFFEEh
push esi
call sub_4066B7
loc_401D2F: ; CODE XREF: sub_40161F+706�j
push esi
push offset aS ; "%s"
call sub_406171
pop ecx
pop ecx
push 200010h
push esi
loc_401D42: ; CODE XREF: sub_40161F+122A�j
call sub_405CED
jmp loc_402E66
; ---------------------------------------------------------------------------
loc_401D4C: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 19
call sub_401508
mov esi, eax
push esi
push offset aDeleteS ; "Delete: \"%s\""
jmp short loc_401DB3
; ---------------------------------------------------------------------------
loc_401D5D: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 31h ; jumptable 0040167A case 20
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+var_38]
push offset aMessageboxDS ; "MessageBox: %d,\"%s\""
call sub_406171
add esp, 0Ch
push [ebp+var_38]
push esi
call sub_405CED
test eax, eax
jz loc_401A59
cmp eax, [ebp+var_30]
jz loc_401EE4
cmp eax, [ebp+var_28]
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
mov eax, [ebp+var_24]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401DA3: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 21
pop esi
call sub_401508
mov esi, eax
push esi
push offset aRmdirS ; "RMDir: \"%s\""
loc_401DB3: ; CODE XREF: sub_40161F+73C�j
call sub_406171
pop ecx
pop ecx
push [ebp+var_34]
push esi
call sub_4068E6
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401DC8: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 22
inc esi
call sub_401508
push eax
call sub_406028 ; lstrlenA
loc_401DD6: ; CODE XREF: sub_40161F+B3E�j
; sub_40161F+C34�j ...
push eax
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 23
pop ecx
call sub_4014F2
push 3
pop ecx
mov [ebp+arg_0], eax
call sub_4014F2
xor esi, esi
inc esi
mov ebx, eax
call sub_401508
cmp [ebp+var_30], 0
mov esi, eax
mov byte ptr [edi], 0
jz short loc_401E0E
cmp [ebp+arg_0], 0
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401E0E: ; CODE XREF: sub_40161F+7E3�j
push esi
call sub_406028 ; lstrlenA
test ebx, ebx
jge short loc_401E20
add ebx, eax
js loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401E20: ; CODE XREF: sub_40161F+7F7�j
cmp ebx, eax
jle short loc_401E26
mov ebx, eax
loc_401E26: ; CODE XREF: sub_40161F+803�j
add esi, ebx
push esi
push edi
call sub_406022 ; lstrcpyA
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
jge short loc_401E4D
push edi
call sub_406028 ; lstrlenA
add esi, eax
jns short loc_401E4D
and [ebp+arg_0], 0
mov esi, [ebp+arg_0]
loc_401E4D: ; CODE XREF: sub_40161F+81B�j
; sub_40161F+825�j
cmp esi, 400h
jge loc_4031EB ; default
; jumptable 0040167A cases 64,65
mov byte ptr [esi+edi], 0
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401E62: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 20h ; jumptable 0040167A case 24
pop esi
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push eax
push edi
call ds:dword_409080 ; lstrcmpiA
test eax, eax
jnz short loc_401EE4
jmp loc_4018F1
; ---------------------------------------------------------------------------
loc_401E85: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 25
inc esi
call sub_401508
cmp [ebp+var_30], 0
push 400h
push edi
push eax
jz short loc_401EAB
call ds:dword_40907C ; GetEnvironmentVariableA
test eax, eax
jnz short loc_401EB1
mov [ebp+var_4], esi
mov [edi], al
jmp short loc_401EB1
; ---------------------------------------------------------------------------
loc_401EAB: ; CODE XREF: sub_40161F+879�j
call ds:dword_409078 ; ExpandEnvironmentStringsA
loc_401EB1: ; CODE XREF: sub_40161F+883�j
; sub_40161F+88A�j
mov byte ptr [edi+3FFh], 0
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401EBD: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 26
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+var_24], 0
jnz short loc_401EE0
cmp esi, eax
jl short loc_401EE4
jle loc_4018F1
jmp short loc_401EF2
; ---------------------------------------------------------------------------
loc_401EE0: ; CODE XREF: sub_40161F+8B3�j
cmp esi, eax
jnb short loc_401EEC
loc_401EE4: ; CODE XREF: sub_40161F+76D�j
; sub_40161F+85F�j ...
mov eax, [ebp+var_2C]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401EEC: ; CODE XREF: sub_40161F+8C3�j
jbe loc_4018F1
loc_401EF2: ; CODE XREF: sub_40161F+8BF�j
mov eax, [ebp+var_28]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401EFA: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ebx, ebx ; jumptable 0040167A case 27
inc ebx
mov ecx, ebx
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, eax
mov eax, [ebp+var_2C]
cmp eax, 0Ch ; switch 13 cases
ja short loc_401F80 ; default
jmp ds:off_403309[eax*4] ; switch jump
loc_401F1F: ; DATA XREF: .text:off_403309�o
add esi, ecx ; jumptable 00401F18 case 0
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F23: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
sub esi, ecx ; jumptable 00401F18 case 1
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F27: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
imul ecx, esi ; jumptable 00401F18 case 2
mov esi, ecx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F2E: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test ecx, ecx ; jumptable 00401F18 case 3
jz short loc_401F73
mov eax, esi
cdq
idiv ecx
loc_401F37: ; CODE XREF: sub_40161F+92F�j
mov esi, eax
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F3B: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
or esi, ecx ; jumptable 00401F18 case 4
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F3F: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
and esi, ecx ; jumptable 00401F18 case 5
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F43: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
xor esi, ecx ; jumptable 00401F18 case 6
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F47: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
xor eax, eax ; jumptable 00401F18 case 7
test esi, esi
setz al
jmp short loc_401F37
; ---------------------------------------------------------------------------
loc_401F50: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test esi, esi ; jumptable 00401F18 case 8
jnz short loc_401F62
jmp short loc_401F5E
; ---------------------------------------------------------------------------
loc_401F56: ; CODE XREF: sub_40161F+93D�j
; sub_40161F+941�j
xor esi, esi
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test esi, esi ; jumptable 00401F18 case 9
jz short loc_401F56
loc_401F5E: ; CODE XREF: sub_40161F+935�j
test ecx, ecx
jz short loc_401F56
loc_401F62: ; CODE XREF: sub_40161F+933�j
mov esi, ebx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F66: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test ecx, ecx ; jumptable 00401F18 case 10
jz short loc_401F73
mov eax, esi
cdq
idiv ecx
mov esi, edx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F73: ; CODE XREF: sub_40161F+911�j
; sub_40161F+949�j
xor esi, esi
mov [ebp+var_4], ebx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F7A: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
shl esi, cl ; jumptable 00401F18 case 11
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F7E: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
sar esi, cl ; jumptable 00401F18 case 12
loc_401F80: ; CODE XREF: sub_40161F+8F7�j
; sub_40161F+902�j ...
push esi ; default
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_401F86: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 28
inc esi
call sub_401508
push 2
pop ecx
mov esi, eax
call sub_4014F2
push eax
push esi
push edi
call ds:dword_40923C ; wsprintfA
jmp loc_402AD8
; ---------------------------------------------------------------------------
loc_401FA6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, [ebp+var_30] ; jumptable 0040167A case 29
test eax, eax
mov esi, dword_40D4A0
jz short loc_402003
loc_401FB3: ; CODE XREF: sub_40161F+99D�j
dec eax
test esi, esi
jz short loc_401FC2
test eax, eax
mov esi, [esi]
jnz short loc_401FB3
test esi, esi
jnz short loc_401FD6
loc_401FC2: ; CODE XREF: sub_40161F+997�j
push [ebp+var_30]
push offset aExchStackDElem ; "Exch: stack < %d elements"
call sub_406171
pop ecx
pop ecx
jmp loc_40283A
; ---------------------------------------------------------------------------
loc_401FD6: ; CODE XREF: sub_40161F+9A1�j
lea edi, [esi+4]
push edi
mov esi, offset dword_40D4A8
push esi
call sub_406022 ; lstrcpyA
mov eax, dword_40D4A0
add eax, 4
push eax
push edi
call sub_406022 ; lstrcpyA
mov eax, dword_40D4A0
push esi
add eax, 4
push eax
jmp loc_4030FE
; ---------------------------------------------------------------------------
loc_402003: ; CODE XREF: sub_40161F+992�j
test edx, edx
jz short loc_402032
test esi, esi
jnz short loc_40201B
push offset aPopStackEmpty ; "Pop: stack empty"
call sub_406171
pop ecx
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_40201B: ; CODE XREF: sub_40161F+9EA�j
lea eax, [esi+4]
push eax
push edi
call sub_406022 ; lstrcpyA
mov eax, [esi]
mov dword_40D4A0, eax
push esi
jmp loc_4031E5
; ---------------------------------------------------------------------------
loc_402032: ; CODE XREF: sub_40161F+9E6�j
push 404h
call sub_405D2F
push [ebp+var_38]
mov esi, eax
lea eax, [esi+4]
push eax
call sub_4066B7
mov eax, dword_40D4A0
mov [esi], eax
mov dword_40D4A0, esi
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40205C: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 33h ; jumptable 0040167A cases 30,31
pop esi
call sub_401508
push 44h
pop esi
mov [ebp+var_C], eax
call sub_401508
xor esi, esi
inc esi
test byte ptr [ebp+var_24], 1
mov [ebp+arg_0], eax
jnz short loc_402086
push [ebp+var_C]
call sub_405F99
mov [ebp+var_C], eax
loc_402086: ; CODE XREF: sub_40161F+A5A�j
test byte ptr [ebp+var_24], 2
jnz short loc_402097
push [ebp+arg_0]
call sub_405F99
mov [ebp+arg_0], eax
loc_402097: ; CODE XREF: sub_40161F+A6B�j
cmp [ebp+var_3C], 21h
jnz short loc_4020E5
mov ecx, esi
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, [ebp+var_24]
sar ecx, 2
jz short loc_4020D5
lea edx, [ebp+var_8]
push edx
push ecx
push 0
push [ebp+arg_0]
push [ebp+var_C]
push eax
push esi
call ds:dword_409240 ; SendMessageTimeoutA
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
jmp short loc_402115
; ---------------------------------------------------------------------------
loc_4020D5: ; CODE XREF: sub_40161F+A95�j
push [ebp+arg_0]
push [ebp+var_C]
push eax
push esi
call ds:dword_40926C ; SendMessageA
jmp short loc_402112
; ---------------------------------------------------------------------------
loc_4020E5: ; CODE XREF: sub_40161F+A7C�j
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
mov cl, [eax]
neg cl
sbb ecx, ecx
and ecx, eax
mov al, [ebx]
neg al
push ecx
sbb eax, eax
and eax, ebx
push eax
push [ebp+arg_0]
push [ebp+var_C]
call ds:dword_409244 ; FindWindowExA
loc_402112: ; CODE XREF: sub_40161F+AC4�j
mov [ebp+var_8], eax
loc_402115: ; CODE XREF: sub_40161F+AB4�j
cmp [ebp+var_38], 0
jl loc_4031EB ; default
; jumptable 0040167A cases 64,65
push [ebp+var_8]
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_402127: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 32
call sub_4014F2
push eax
call ds:dword_409248 ; IsWindow
test eax, eax
jz loc_4018F1
loc_40213D: ; CODE XREF: sub_40161F+2BC�j
mov eax, [ebp+var_34]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_402145: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 33
pop ecx
call sub_4014F2
xor ecx, ecx
push eax
inc ecx
call sub_4014F2
push eax
call ds:dword_40924C ; GetDlgItem
jmp loc_401DD6
; ---------------------------------------------------------------------------
loc_402162: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, dword_4341C8 ; jumptable 0040167A case 34
add eax, edx
push eax
push 0FFFFFFEBh
xor ecx, ecx
call sub_4014F2
push eax
call ds:dword_409250 ; SetWindowLongA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40217F: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push edx ; jumptable 0040167A case 35
push [ebp+var_10]
call ds:dword_40924C ; GetDlgItem
mov edi, eax
lea eax, [ebp+var_54]
push eax
push edi
call ds:dword_409274 ; GetClientRect
mov eax, [ebp+var_48]
imul eax, [ebp+var_30]
push 10h
push eax
mov eax, [ebp+var_4C]
imul eax, [ebp+var_30]
push eax
xor ebx, ebx
push ebx
xor esi, esi
call sub_401508
push eax
push ebx
call ds:dword_409254 ; LoadImageA
push eax
push ebx
push 172h
push edi
call ds:dword_40926C ; SendMessageA
cmp eax, ebx
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push eax
call ds:dword_409040 ; DeleteObject
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4021DC: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 48h ; jumptable 0040167A case 36
push 5Ah
push [ebp+var_10]
call ds:dword_409258 ; GetDC
push eax
call ds:dword_40903C ; GetDeviceCaps
push eax
push 2
pop ecx
call sub_4014F2
push eax
call ds:dword_409130 ; MulDiv
push 3
neg eax
pop ecx
mov dword_40F0A8, eax
call sub_4014F2
push [ebp+var_34]
mov dword_40F0B8, eax
mov al, byte ptr [ebp+var_28]
mov cl, al
and cl, 1
mov byte_40F0BC, cl
mov cl, al
and cl, 2
and al, 4
push offset dword_40F0C4
mov byte_40F0BD, cl
mov byte_40F0BE, al
mov byte_40F0BF, 1
call sub_4066B7
push offset dword_40F0A8
call ds:dword_409048 ; CreateFontIndirectA
jmp loc_401DD6
; ---------------------------------------------------------------------------
loc_402258: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 37
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+var_30], 0
mov edi, eax
jz short loc_40227C
push offset aHidewindow ; "HideWindow"
call sub_406171
pop ecx
loc_40227C: ; CODE XREF: sub_40161F+C50�j
cmp [ebp+var_2C], 0
push edi
push esi
jnz short loc_40228F
call ds:dword_409234 ; ShowWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40228F: ; CODE XREF: sub_40161F+C63�j
call ds:dword_40925C ; EnableWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40229A: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 38
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push 22h
pop esi
mov ebx, eax
call sub_401508
push ebx
push edi
push offset aSS ; "%s %s"
push offset byte_40D8A8
mov esi, eax
call ds:dword_40923C ; wsprintfA
add esp, 10h
push 0FFFFFFECh
call sub_4014E1
mov al, [esi]
push [ebp+var_2C]
neg al
push offset dword_43A800
sbb eax, eax
and eax, esi
push eax
mov al, [edi]
neg al
push ebx
sbb eax, eax
and eax, edi
push eax
push [ebp+var_10]
call ds:dword_409170 ; ShellExecuteA
cmp eax, 21h
jge short loc_402312
push eax
push esi
push ebx
push edi
push offset aExecshellWarni ; "ExecShell: warning: error (\"%s\": file:\""...
call sub_406171
add esp, 14h
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402312: ; CODE XREF: sub_40161F+CDB�j
push esi
push ebx
push edi
push offset aExecshellSucce ; "ExecShell: success (\"%s\": file:\"%s\" par"...
call sub_406171
add esp, 10h
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402327: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 39
call sub_401508
mov esi, eax
push esi
push offset aExecCommandS ; "Exec: command=\"%s\""
call sub_406171
pop ecx
pop ecx
push esi
push 0FFFFFFEBh
call sub_405013
push offset dword_43A800
push esi
call sub_405C75
test eax, eax
mov [ebp+arg_0], eax
push esi
jz loc_4023E8
push offset aExecSuccessS ; "Exec: success (\"%s\")"
call sub_406171
cmp [ebp+var_30], 0
pop ecx
pop ecx
jz short loc_4023E0
push 64h
push [ebp+arg_0]
call ds:dword_409074 ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_4023B5
mov edi, ds:dword_409260
jmp short loc_402394
; ---------------------------------------------------------------------------
loc_40238A: ; CODE XREF: sub_40161F+D85�j
lea eax, [ebp+var_60]
push eax
call ds:dword_409264 ; DispatchMessageA
loc_402394: ; CODE XREF: sub_40161F+D69�j
; sub_40161F+D94�j
push 1
push 0Fh
push 0Fh
lea eax, [ebp+var_60]
push 0
push eax
call edi ; PeekMessageA
test eax, eax
jnz short loc_40238A
push 64h
push [ebp+arg_0]
call ds:dword_409074 ; WaitForSingleObject
cmp eax, esi
jz short loc_402394
loc_4023B5: ; CODE XREF: sub_40161F+D61�j
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call ds:dword_409070 ; GetExitCodeProcess
cmp [ebp+var_34], 0
jl short loc_4023D3
push [ebp+var_18]
push ebx
call sub_405F80
jmp short loc_4023E0
; ---------------------------------------------------------------------------
loc_4023D3: ; CODE XREF: sub_40161F+DA7�j
cmp [ebp+var_18], 0
jz short loc_4023E0
mov [ebp+var_4], 1
loc_4023E0: ; CODE XREF: sub_40161F+D4D�j
; sub_40161F+DB2�j ...
push [ebp+arg_0]
jmp loc_402BC6
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_40161F+D37�j
mov [ebp+var_4], 1
push offset aExecFailedCrea ; "Exec: failed createprocess (\"%s\")"
jmp loc_4030BE
; ---------------------------------------------------------------------------
loc_4023F9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 40
pop esi
call sub_401508
push eax
call sub_40618D
mov esi, eax
test esi, esi
jz short loc_40241E
push dword ptr [esi+14h]
push ebx
call sub_405F80
push dword ptr [esi+18h]
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_40241E: ; CODE XREF: sub_40161F+DEC�j
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402429: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFEEh ; jumptable 0040167A case 41
lea eax, [ebp+var_54]
pop esi
mov [ebp+arg_0], eax
call sub_401508
lea ecx, [ebp+var_40]
push ecx
push eax
mov [ebp+var_14], eax
call sub_4079A4
mov esi, eax
test esi, esi
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
mov [ebp+var_4], 1
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push esi
call sub_405D2F
test eax, eax
mov [ebp+var_18], eax
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push eax
push esi
push 0
push [ebp+var_14]
call sub_40799E
test eax, eax
jz short loc_4024B1
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+arg_0]
push eax
push offset asc_409580 ; "\\"
push [ebp+var_18]
call sub_407998
test eax, eax
jz short loc_4024B1
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
push edi
call sub_405F80
mov eax, [ebp+arg_0]
push dword ptr [eax+0Ch]
push ebx
call sub_405F80
and [ebp+var_4], 0
loc_4024B1: ; CODE XREF: sub_40161F+E5B�j
; sub_40161F+E74�j
push [ebp+var_18]
jmp loc_4031E5
; ---------------------------------------------------------------------------
loc_4024B9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor edi, edi ; jumptable 0040167A case 42
inc edi
push 8001h
mov [ebp+var_4], edi
call ds:dword_40906C ; SetErrorMode
cmp dword_434230, 0
jl loc_402602
push 0FFFFFFF0h
pop esi
call sub_401508
mov esi, edi
mov [ebp+arg_0], eax
call sub_401508
cmp [ebp+var_28], 0
mov [ebp+var_8], eax
jz short loc_402502
push [ebp+arg_0]
call ds:dword_409068 ; GetModuleHandleA
test eax, eax
mov [ebp+var_C], eax
jnz short loc_402557
loc_402502: ; CODE XREF: sub_40161F+ED1�j
mov esi, ds:dword_409064
xor edi, edi
push edi
push edi
lea eax, [ebp+var_14]
push eax
push 400h
call esi ; RtlGetLastWin32Error
mov ebx, ds:dword_409060
push eax
push edi
mov edi, 1300h
push edi
call ebx ; FormatMessageA
push [ebp+arg_0]
push 0FFFFFFF6h
call sub_405013
push [ebp+var_14]
push [ebp+arg_0]
push offset aRegdllCouldNot ; "RegDLL: Could not load '%s' -> '%s'"
call sub_406171
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4090C4 ; LoadLibraryA
test eax, eax
mov [ebp+var_C], eax
jz short loc_4025D1
xor edi, edi
inc edi
loc_402557: ; CODE XREF: sub_40161F+EE1�j
push [ebp+var_8]
push [ebp+var_C]
call ds:dword_409138 ; GetProcAddress
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz short loc_4025A4
cmp [ebp+var_30], ebx
mov [ebp+var_4], ebx
jz short loc_402586
push [ebp+var_30]
call sub_4014E1
call esi ; RtlGetLastWin32Error
test eax, eax
jz short loc_4025C1
mov [ebp+var_4], edi
jmp short loc_4025C1
; ---------------------------------------------------------------------------
loc_402586: ; CODE XREF: sub_40161F+F52�j
push offset off_40D000
push offset dword_40D4A0
push offset dword_435000
push 400h
push [ebp+var_10]
call esi ; RtlGetLastWin32Error
add esp, 14h
jmp short loc_4025C1
; ---------------------------------------------------------------------------
loc_4025A4: ; CODE XREF: sub_40161F+F4A�j
push [ebp+var_8]
push 0FFFFFFF7h
call sub_405013
push [ebp+arg_0]
push [ebp+var_8]
push offset aErrorRegisteri ; "Error registering DLL: %s not found in "...
call sub_406171
add esp, 0Ch
loc_4025C1: ; CODE XREF: sub_40161F+F60�j
; sub_40161F+F65�j ...
cmp [ebp+var_2C], ebx
jnz short loc_402614
push [ebp+var_C]
call ds:dword_40913C ; FreeLibrary
jmp short loc_402614
; ---------------------------------------------------------------------------
loc_4025D1: ; CODE XREF: sub_40161F+F33�j
push 0
push 0
lea eax, [ebp+var_14]
push eax
push 400h
call esi ; RtlGetLastWin32Error
push eax
push 0
push edi
call ebx ; FormatMessageA
push 0FFFFFFF6h
call sub_4014E1
push [ebp+var_14]
push [ebp+arg_0]
push offset aErrorRegiste_0 ; "Error registering DLL: Could not load '"...
call sub_406171
add esp, 0Ch
jmp short loc_402614
; ---------------------------------------------------------------------------
loc_402602: ; CODE XREF: sub_40161F+EB2�j
push 0FFFFFFE7h
call sub_4014E1
push offset aErrorRegiste_1 ; "Error registering DLL: Could not initia"...
call sub_406171
pop ecx
loc_402614: ; CODE XREF: sub_40161F+FA5�j
; sub_40161F+FB0�j ...
push 0
call ds:dword_40906C ; SetErrorMode
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402621: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 43
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+var_8], eax
call sub_401508
push 2
pop esi
mov edi, eax
call sub_401508
push 0FFFFFFCDh
pop esi
mov [ebp+var_40], eax
call sub_401508
push 45h
pop esi
mov [ebp+var_18], eax
call sub_401508
push edi
mov [ebp+var_14], eax
call sub_405D5A
test eax, eax
jnz short loc_402669
push 21h
pop esi
call sub_401508
loc_402669: ; CODE XREF: sub_40161F+1040�j
mov eax, [ebp+var_28]
mov ecx, eax
sar ecx, 10h
push ecx
movzx ecx, ah
push ecx
mov esi, 0FFh
and eax, esi
push eax
push [ebp+var_18]
push [ebp+var_40]
push edi
push [ebp+var_8]
push offset aCreateshortcut ; "CreateShortCut: out: \"%s\", in: \"%s %s\","...
call sub_406171
add esp, 20h
lea eax, [ebp+arg_0]
push eax
push offset dword_40AD90
push 1
push 0
push offset dword_40AFC0
call ds:dword_4092A4
test eax, eax
jl loc_402788
mov eax, [ebp+arg_0]
mov ecx, [eax]
lea edx, [ebp+var_C]
push edx
push offset dword_40B3F0
push eax
call dword ptr [ecx]
mov ebx, eax
test ebx, ebx
jl loc_40277B
mov eax, [ebp+arg_0]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+50h]
mov ebx, eax
mov eax, [ebp+arg_0]
mov ecx, [eax]
push offset dword_43A800
push eax
call dword ptr [ecx+24h]
mov ecx, [ebp+var_28]
mov eax, ecx
sar eax, 8
and eax, esi
jz short loc_402703
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push eax
push ecx
call dword ptr [edx+3Ch]
mov ecx, [ebp+var_28]
loc_402703: ; CODE XREF: sub_40161F+10D5�j
mov eax, [ebp+arg_0]
mov edx, [eax]
sar ecx, 10h
push ecx
push eax
call dword ptr [edx+34h]
mov ecx, [ebp+var_18]
cmp byte ptr [ecx], 0
jz short loc_402728
mov edi, [ebp+var_28]
mov eax, [ebp+arg_0]
mov edx, [eax]
and edi, esi
push edi
push ecx
push eax
call dword ptr [edx+44h]
loc_402728: ; CODE XREF: sub_40161F+10F7�j
mov eax, [ebp+arg_0]
push [ebp+var_40]
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
mov eax, [ebp+arg_0]
push [ebp+var_14]
mov ecx, [eax]
push eax
call dword ptr [ecx+1Ch]
xor eax, eax
cmp ebx, eax
jl short loc_402772
push 400h
mov esi, offset word_40E8A8
push esi
push 0FFFFFFFFh
push [ebp+var_8]
mov word_40E8A8, ax
push eax
push eax
call ds:dword_409144 ; MultiByteToWideChar
mov eax, [ebp+var_C]
mov ecx, [eax]
push 1
push esi
push eax
call dword ptr [ecx+18h]
mov ebx, eax
loc_402772: ; CODE XREF: sub_40161F+1125�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40277B: ; CODE XREF: sub_40161F+10AB�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
test ebx, ebx
jge short loc_402793
loc_402788: ; CODE XREF: sub_40161F+1090�j
mov [ebp+var_4], 1
push 0FFFFFFF0h
jmp short loc_402795
; ---------------------------------------------------------------------------
loc_402793: ; CODE XREF: sub_40161F+1167�j
push 0FFFFFFF4h
loc_402795: ; CODE XREF: sub_40161F+289�j
; sub_40161F+346�j ...
call sub_4014E1
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40279F: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 44
call sub_401508
push 11h
pop esi
mov ebx, eax
call sub_401508
mov esi, eax
push esi
push ebx
push offset aCopyfilesSS ; "CopyFiles \"%s\"->\"%s\""
call sub_406171
mov eax, [ebp+var_10]
add esp, 0Ch
push ebx
mov [ebp+var_60], eax
mov [ebp+var_5C], 2
call sub_406028 ; lstrlenA
push esi
mov byte ptr [eax+ebx+1], 0
call sub_406028 ; lstrlenA
push 0FFFFFFF8h
mov edi, offset dword_40DCA8
push edi
mov byte ptr [eax+esi+1], 0
call sub_4066B7
push esi
push edi
call ds:dword_4090A4 ; lstrcatA
mov ax, word ptr [ebp+var_30]
push edi
push 0
mov [ebp+var_58], ebx
mov [ebp+var_54], esi
mov [ebp+var_48+2], edi
mov [ebp+var_50], ax
call sub_405013
lea eax, [ebp+var_60]
push eax
call ds:dword_409180 ; SHFileOperationA
test eax, eax
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push 0
push 0FFFFFFF9h
call sub_405013
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402832: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp esi, 0BADF00Dh ; jumptable 0040167A case 45
jz short loc_40284E
loc_40283A: ; CODE XREF: sub_40161F+9B2�j
push 200010h
push 0FFFFFFE8h
push 0
call sub_4066B7
push eax
jmp loc_401D42
; ---------------------------------------------------------------------------
loc_40284E: ; CODE XREF: sub_40161F+1219�j
inc dword_434214
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402859: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 46
push offset aRm ; "<RM>"
mov ebx, offset byte_40D8A8
push ebx
mov [ebp+var_40], esi
mov [ebp+var_18], esi
mov [ebp+arg_0], esi
call sub_406022 ; lstrcpyA
push ebx
mov edi, offset dword_40DCA8
push edi
call sub_406022 ; lstrcpyA
cmp [ebp+var_38], esi
jz short loc_40288D
call sub_401508
mov [ebp+var_40], eax
loc_40288D: ; CODE XREF: sub_40161F+1264�j
cmp [ebp+var_34], 0
jz short loc_40289E
push 11h
pop esi
call sub_401508
mov [ebp+var_18], eax
loc_40289E: ; CODE XREF: sub_40161F+1272�j
cmp [ebp+var_28], 0
jz short loc_4028AF
push 22h
pop esi
call sub_401508
mov [ebp+arg_0], eax
loc_4028AF: ; CODE XREF: sub_40161F+1283�j
push 0FFFFFFCDh
pop esi
call sub_401508
mov esi, eax
push esi
push edi
push ebx
push offset dword_40D4A8
push offset aWriteinistrWro ; "WriteINIStr: wrote [%s] %s=%s in %s"
call sub_406171
add esp, 14h
push esi
push [ebp+arg_0]
push [ebp+var_18]
push [ebp+var_40]
call ds:dword_409148 ; WritePrivateProfileStringA
jmp loc_401A51
; ---------------------------------------------------------------------------
loc_4028E3: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 47
inc esi
mov [ebp+arg_0], 7E4E21h
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
push 0FFFFFFDDh
pop esi
mov [ebp+var_14], eax
call sub_401508
push eax
push 3FFh
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+var_14]
push ebx
call ds:dword_40914C ; GetPrivateProfileStringA
mov eax, [edi]
cmp eax, [ebp+arg_0]
jmp loc_401A2D
; ---------------------------------------------------------------------------
loc_402926: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp [ebp+var_28], 0 ; jumptable 0040167A case 48
jnz short loc_402970
push 2
call sub_4015D6
mov edi, eax
test edi, edi
jz loc_401A59
push 33h
pop esi
call sub_401508
mov esi, eax
push esi
push edi
call ds:dword_409010 ; RegDeleteValueA
push esi
push offset dword_40DCA8
push [ebp+var_34]
mov ebx, eax
push offset aDeleteregvalue ; "DeleteRegValue: %d\\%s\\%s"
call sub_406171
add esp, 10h
push edi
call ds:dword_409020 ; RegCloseKey
jmp short loc_4029AC
; ---------------------------------------------------------------------------
loc_402970: ; CODE XREF: sub_40161F+130B�j
push 22h
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+var_34]
push offset aDeleteregkeyDS ; "DeleteRegKey: %d\\%s"
call sub_406171
mov eax, [ebp+var_34]
add esp, 0Ch
test eax, eax
jnz short loc_40299C
mov eax, dword_434204
add eax, 80000001h
loc_40299C: ; CODE XREF: sub_40161F+1371�j
mov ecx, [ebp+var_28]
and ecx, 2
push ecx
push esi
push eax
call sub_401540
mov ebx, eax
loc_4029AC: ; CODE XREF: sub_40161F+134F�j
test ebx, ebx
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_4029B9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ebx, ebx ; jumptable 0040167A case 49
cmp esi, ebx
jz short loc_4029C4
mov [ebp+arg_0], esi
jmp short loc_4029D1
; ---------------------------------------------------------------------------
loc_4029C4: ; CODE XREF: sub_40161F+139E�j
mov eax, dword_434204
add eax, 80000001h
mov [ebp+arg_0], eax
loc_4029D1: ; CODE XREF: sub_40161F+13A3�j
mov eax, [ebp+var_28]
mov [ebp+var_8], eax
mov eax, [ebp+var_24]
push 2
pop esi
mov [ebp+var_14], eax
call sub_401508
push 11h
pop esi
mov [ebp+var_C], eax
call sub_401508
push ebx
lea ecx, [ebp+var_18]
push ecx
push ebx
push 2
push ebx
push ebx
push ebx
push eax
push [ebp+arg_0]
mov [ebp+var_10], eax
mov [ebp+var_4], 1
call ds:dword_409014 ; RegCreateKeyExA
test eax, eax
jnz loc_402AC8
xor esi, esi
cmp [ebp+var_8], 1
mov edi, offset dword_40DCA8
jnz short loc_402A4C
push 23h
pop esi
call sub_401508
push edi
call sub_406028 ; lstrlenA
push edi
push [ebp+var_C]
mov esi, eax
push [ebp+var_10]
inc esi
push [ebp+arg_0]
push offset aWriteregstrSet ; "WriteRegStr: set %d\\%s\\%s to %s"
call sub_406171
add esp, 14h
loc_402A4C: ; CODE XREF: sub_40161F+1403�j
cmp [ebp+var_8], 4
jnz short loc_402A79
push 3
pop ecx
call sub_4014F2
push 4
pop esi
push eax
push [ebp+var_C]
mov dword_40DCA8, eax
push [ebp+var_10]
push [ebp+arg_0]
push offset aWriteregdwordS ; "WriteRegDWORD: set %d\\%s\\%s to %d"
call sub_406171
add esp, 14h
loc_402A79: ; CODE XREF: sub_40161F+1431�j
cmp [ebp+var_8], 3
jnz short loc_402AA7
push 0C00h
push edi
push ebx
push [ebp+var_2C]
call sub_403412
mov esi, eax
push esi
push [ebp+var_C]
push [ebp+var_10]
push [ebp+arg_0]
push offset aWriteregbinSet ; "WriteRegBin: set %d\\%s\\%s with %d bytes"...
call sub_406171
add esp, 14h
loc_402AA7: ; CODE XREF: sub_40161F+145E�j
push esi
push edi
push [ebp+var_14]
push ebx
push [ebp+var_C]
push [ebp+var_18]
call ds:dword_409018 ; RegSetValueExA
test eax, eax
jnz short loc_402AC0
mov [ebp+var_4], ebx
loc_402AC0: ; CODE XREF: sub_40161F+149C�j
push [ebp+var_18]
jmp loc_402BAB
; ---------------------------------------------------------------------------
loc_402AC8: ; CODE XREF: sub_40161F+13F2�j
push [ebp+var_10]
push [ebp+arg_0]
push offset aWriteregErrorC ; "WriteReg: error creating key %d\\%s"
call sub_406171
loc_402AD8: ; CODE XREF: sub_40161F+982�j
add esp, 0Ch
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402AE0: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 20019h ; jumptable 0040167A case 50
call sub_4015D6
push 33h
pop esi
mov ebx, eax
call sub_401508
xor esi, esi
cmp ebx, esi
mov byte ptr [edi], 0
jz loc_401A59
lea ecx, [ebp+var_14]
push ecx
push edi
lea ecx, [ebp+arg_0]
push ecx
push esi
push eax
push ebx
mov [ebp+var_14], 400h
call ds:dword_40901C ; RegQueryValueExA
xor ecx, ecx
inc ecx
test eax, eax
jnz short loc_402B4F
cmp [ebp+arg_0], 4
jz short loc_402B39
cmp [ebp+arg_0], ecx
jz short loc_402B32
cmp [ebp+arg_0], 2
jnz short loc_402B4F
loc_402B32: ; CODE XREF: sub_40161F+150B�j
cmp [ebp+var_28], esi
jz short loc_402B55
jmp short loc_402B52
; ---------------------------------------------------------------------------
loc_402B39: ; CODE XREF: sub_40161F+1506�j
cmp [ebp+var_28], esi
jnz short loc_402B45
mov [ebp+var_4], 1
loc_402B45: ; CODE XREF: sub_40161F+151D�j
push dword ptr [edi]
push edi
call sub_405F80
jmp short loc_402B55
; ---------------------------------------------------------------------------
loc_402B4F: ; CODE XREF: sub_40161F+1500�j
; sub_40161F+1511�j
mov byte ptr [edi], 0
loc_402B52: ; CODE XREF: sub_40161F+1518�j
mov [ebp+var_4], ecx
loc_402B55: ; CODE XREF: sub_40161F+1516�j
; sub_40161F+152E�j
push ebx
jmp short loc_402BAB
; ---------------------------------------------------------------------------
loc_402B58: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 20019h ; jumptable 0040167A case 51
call sub_4015D6
push 3
pop ecx
mov esi, eax
call sub_4014F2
xor edx, edx
cmp esi, edx
mov byte ptr [edi], 0
jz loc_401A59
cmp [ebp+var_28], edx
mov ecx, 3FFh
mov [ebp+arg_0], ecx
jz short loc_402B92
push ecx
push edi
push eax
push esi
call ds:dword_409004 ; RegEnumKeyA
jmp short loc_402BA3
; ---------------------------------------------------------------------------
loc_402B92: ; CODE XREF: sub_40161F+1565�j
push edx
push edx
push edx
push edx
lea ecx, [ebp+arg_0]
push ecx
push edi
push eax
push esi
call ds:dword_40900C ; RegEnumValueA
loc_402BA3: ; CODE XREF: sub_40161F+1571�j
mov byte ptr [edi+3FFh], 0
push esi
loc_402BAB: ; CODE XREF: sub_40161F+14A4�j
; sub_40161F+1537�j
call ds:dword_409020 ; RegCloseKey
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402BB6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [edi], 0 ; jumptable 0040167A case 52
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
call sub_405F99
push eax
loc_402BC6: ; CODE XREF: sub_40161F+DC4�j
call ds:dword_409084 ; CloseHandle
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402BD1: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFEDh ; jumptable 0040167A case 53
pop esi
call sub_401508
push [ebp+var_30]
push [ebp+var_34]
push eax
call sub_405E44
cmp eax, 0FFFFFFFFh
jnz loc_401DD6
loc_402BEE: ; CODE XREF: sub_40161F+1781�j
mov byte ptr [edi], 0
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402BF6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp [ebp+var_30], 0 ; jumptable 0040167A case 54
jz short loc_402C0E
xor ecx, ecx
inc ecx
call sub_4014F2
mov byte_40D8A8, al
xor eax, eax
inc eax
jmp short loc_402C1C
; ---------------------------------------------------------------------------
loc_402C0E: ; CODE XREF: sub_40161F+15DB�j
push 11h
pop esi
call sub_401508
push eax
call sub_406028 ; lstrlenA
loc_402C1C: ; CODE XREF: sub_40161F+15ED�j
cmp byte ptr [edi], 0
jz loc_401A59
push 0
lea ecx, [ebp+arg_0]
push ecx
push eax
push offset byte_40D8A8
push edi
call sub_405F99
push eax
call ds:dword_409150 ; WriteFile
jmp loc_401A51
; ---------------------------------------------------------------------------
loc_402C43: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 55
pop ecx
xor esi, esi
call sub_4014F2
cmp eax, 1
mov [ebp+var_8], eax
jl loc_4031EB ; default
; jumptable 0040167A cases 64,65
mov ecx, 3FFh
cmp eax, ecx
jle short loc_402C65
mov [ebp+var_8], ecx
loc_402C65: ; CODE XREF: sub_40161F+1641�j
cmp byte ptr [edi], 0
jz loc_402CF7
push edi
mov byte ptr [ebp+arg_0+3], 0
call sub_405F99
cmp [ebp+var_8], 0
mov edi, eax
jle short loc_402CF7
loc_402C80: ; CODE XREF: sub_40161F+16A1�j
push 0
lea eax, [ebp+var_14]
push eax
push 1
lea eax, [ebp+var_19]
push eax
push edi
call ds:dword_409154 ; ReadFile
test eax, eax
jz short loc_402CF7
cmp [ebp+var_14], 1
jnz short loc_402CF7
cmp [ebp+var_2C], 0
jnz short loc_402CC4
cmp byte ptr [ebp+arg_0+3], 0Dh
jz short loc_402CD4
cmp byte ptr [ebp+arg_0+3], 0Ah
jz short loc_402CD4
mov al, [ebp+var_19]
mov [esi+ebx], al
inc esi
test al, al
mov byte ptr [ebp+arg_0+3], al
jz short loc_402CF7
cmp esi, [ebp+var_8]
jl short loc_402C80
jmp short loc_402CF7
; ---------------------------------------------------------------------------
loc_402CC4: ; CODE XREF: sub_40161F+1682�j
movzx eax, [ebp+var_19]
push eax
push ebx
call sub_405F80
jmp loc_4031F4
; ---------------------------------------------------------------------------
loc_402CD4: ; CODE XREF: sub_40161F+1688�j
; sub_40161F+168E�j
mov al, [ebp+var_19]
cmp byte ptr [ebp+arg_0+3], al
jz short loc_402CEA
cmp al, 0Dh
jz short loc_402CE4
cmp al, 0Ah
jnz short loc_402CEA
loc_402CE4: ; CODE XREF: sub_40161F+16BF�j
mov [esi+ebx], al
inc esi
jmp short loc_402CF7
; ---------------------------------------------------------------------------
loc_402CEA: ; CODE XREF: sub_40161F+16BB�j
; sub_40161F+16C3�j
push 1
push 0
push 0FFFFFFFFh
push edi
call ds:dword_409158 ; SetFilePointer
loc_402CF7: ; CODE XREF: sub_40161F+1649�j
; sub_40161F+165F�j ...
mov byte ptr [esi+ebx], 0
test esi, esi
jmp loc_401A53
; ---------------------------------------------------------------------------
loc_402D02: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [edi], 0 ; jumptable 0040167A case 56
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push [ebp+var_2C]
push 0
push 2
pop ecx
call sub_4014F2
push eax
push edi
call sub_405F99
push eax
call ds:dword_409158 ; SetFilePointer
cmp [ebp+var_34], 0
jl loc_4031EB ; default
; jumptable 0040167A cases 64,65
jmp loc_40317F
; ---------------------------------------------------------------------------
loc_402D35: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [edi], 0 ; jumptable 0040167A case 57
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
call sub_405F99
push eax
call ds:dword_40915C ; FindClose
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402D50: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [ebx], 0 ; jumptable 0040167A case 58
jz loc_401A33
lea eax, [ebp+var_1A4]
push eax
push ebx
call sub_405F99
push eax
call ds:dword_409160 ; FindNextFileA
test eax, eax
jz loc_401A33
loc_402D75: ; CODE XREF: sub_40161F+178D�j
lea eax, [ebp+var_178]
push eax
push edi
jmp loc_4030FE
; ---------------------------------------------------------------------------
loc_402D82: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 59
pop esi
call sub_401508
lea ecx, [ebp+var_1A4]
push ecx
push eax
call ds:dword_409164 ; FindFirstFileA
cmp eax, 0FFFFFFFFh
jnz short loc_402DA5
mov byte ptr [ebx], 0
jmp loc_402BEE
; ---------------------------------------------------------------------------
loc_402DA5: ; CODE XREF: sub_40161F+177C�j
push eax
push ebx
call sub_405F80
jmp short loc_402D75
; ---------------------------------------------------------------------------
loc_402DAE: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 60
mov [ebp+var_40], 0FFFFFD66h
call sub_401508
and [ebp+var_18], esi
test byte ptr dword_4341E4+1, 4
mov edi, ds:dword_4090A4
mov [ebp+arg_0], eax
jz loc_402E7C
push eax
call sub_406028 ; lstrlenA
push dword_42CCF4
mov esi, eax
call sub_406028 ; lstrlenA
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_402E04
push dword_42CCF4
call sub_406028 ; lstrlenA
lea eax, [eax+esi+1]
loc_402E04: ; CODE XREF: sub_40161F+17D4�j
push eax
call sub_405D2F
mov ebx, eax
test ebx, ebx
mov [ebp+var_C], ebx
jz short loc_402E66
push dword_42CCF4
push ebx
call sub_406022 ; lstrcpyA
push 5Ch
push [ebp+arg_0]
call sub_4061F8
test eax, eax
jz short loc_402E31
inc eax
push eax
jmp short loc_402E34
; ---------------------------------------------------------------------------
loc_402E31: ; CODE XREF: sub_40161F+180C�j
push [ebp+arg_0]
loc_402E34: ; CODE XREF: sub_40161F+1810�j
push ebx
call edi ; lstrcatA
push ebx
call sub_406028 ; lstrlenA
lea esi, [eax+ebx-1]
jmp short loc_402E52
; ---------------------------------------------------------------------------
loc_402E43: ; CODE XREF: sub_40161F+1838�j
cmp byte ptr [esi], 5Ch
jz short loc_402E59
push esi
push ebx
call ds:dword_409238 ; CharPrevA
mov esi, eax
loc_402E52: ; CODE XREF: sub_40161F+1822�j
cmp esi, ebx
mov [ebp+var_18], esi
ja short loc_402E43
loc_402E59: ; CODE XREF: sub_40161F+1827�j
push ebx
mov byte ptr [esi], 0
call sub_4062D0
test eax, eax
jnz short loc_402E70
loc_402E66: ; CODE XREF: sub_40161F+94�j
; sub_40161F+A3�j ...
mov eax, 7FFFFFFFh
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_402E70: ; CODE XREF: sub_40161F+1845�j
push ebx
push [ebp+arg_0]
mov byte ptr [esi], 5Ch
call sub_406022 ; lstrcpyA
loc_402E7C: ; CODE XREF: sub_40161F+17B0�j
push [ebp+arg_0]
call sub_405D5A
test eax, eax
push [ebp+arg_0]
mov ebx, offset byte_40D8A8
jz short loc_402E98
push ebx
call sub_406022 ; lstrcpyA
jmp short loc_402EAC
; ---------------------------------------------------------------------------
loc_402E98: ; CODE XREF: sub_40161F+186F�j
push offset byte_43A400
push ebx
call sub_406022 ; lstrcpyA
push eax
call sub_4061CB
push eax
call edi ; lstrcatA
loc_402EAC: ; CODE XREF: sub_40161F+1877�j
push ebx
call sub_40602E
push 2
push 40000000h
push ebx
call sub_405E44
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz loc_402F77
mov eax, dword_4341E8
push eax
mov [ebp+var_14], eax
call sub_405D2F
test eax, eax
mov [ebp+var_10], eax
jz loc_402F6E
push 0
call sub_4033FB
push [ebp+var_14]
push [ebp+var_10]
call sub_4033C9
push [ebp+var_30]
call sub_405D2F
mov esi, eax
test esi, esi
mov [ebp+var_40], esi
jz short loc_402F40
push [ebp+var_30]
push esi
push 0
push [ebp+var_34]
call sub_403412
jmp short loc_402F32
; ---------------------------------------------------------------------------
loc_402F17: ; CODE XREF: sub_40161F+1916�j
mov ecx, [esi]
mov eax, [esi+4]
push ecx
mov [ebp+var_4C], ecx
mov ecx, [ebp+var_10]
add esi, 8
push esi
add eax, ecx
push eax
call sub_405E24
add esi, [ebp+var_4C]
loc_402F32: ; CODE XREF: sub_40161F+18F6�j
cmp byte ptr [esi], 0
jnz short loc_402F17
push [ebp+var_40]
call ds:dword_409140 ; GlobalFree
loc_402F40: ; CODE XREF: sub_40161F+18E6�j
xor esi, esi
push esi
lea eax, [ebp+var_64]
push eax
push [ebp+var_14]
push [ebp+var_10]
push [ebp+var_8]
call ds:dword_409150 ; WriteFile
push [ebp+var_10]
call ds:dword_409140 ; GlobalFree
push esi
push esi
push [ebp+var_8]
push 0FFFFFFFFh
call sub_403412
mov [ebp+var_40], eax
loc_402F6E: ; CODE XREF: sub_40161F+18BF�j
push [ebp+var_8]
call ds:dword_409084 ; CloseHandle
loc_402F77: ; CODE XREF: sub_40161F+18A6�j
push ebx
push [ebp+var_40]
push offset aCreatedUninsta ; "created uninstaller: %d, \"%s\""
call sub_406171
add esp, 0Ch
cmp [ebp+var_40], 0
push 0FFFFFFF3h
pop esi
jge short loc_402FA2
push 0FFFFFFEFh
pop esi
push ebx
call ds:dword_409134 ; DeleteFileA
mov [ebp+var_4], 1
loc_402FA2: ; CODE XREF: sub_40161F+1970�j
push esi
call sub_4014E1
test byte ptr dword_4341E4+1, 4
jz loc_4031DC
mov eax, [ebp+var_18]
mov esi, [ebp+arg_0]
push offset asc_40935C ; " /x \""
push esi
mov byte ptr [eax], 0
call edi ; lstrcatA
push dword_42CCF4
push esi
call edi ; lstrcatA
push offset a_? ; "\" _?="
push esi
call edi ; lstrcatA
push [ebp+var_C]
push esi
call edi ; lstrcatA
push [ebp+var_C]
push esi
call sub_405C75
test eax, eax
mov [ebp+arg_0], eax
push esi
jz short loc_403063
push offset aFileExtraction ; "File Extraction: success (\"%s\")"
call sub_406171
mov edi, ds:dword_409074
pop ecx
pop ecx
push 64h
push [ebp+arg_0]
call edi ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_40303F
mov ebx, ds:dword_409260
jmp short loc_403022
; ---------------------------------------------------------------------------
loc_403018: ; CODE XREF: sub_40161F+1A13�j
lea eax, [ebp+var_60]
push eax
call ds:dword_409264 ; DispatchMessageA
loc_403022: ; CODE XREF: sub_40161F+19F7�j
; sub_40161F+1A1E�j
push 1
push 0Fh
push 0Fh
lea eax, [ebp+var_60]
push 0
push eax
call ebx ; PeekMessageA
test eax, eax
jnz short loc_403018
push 64h
push [ebp+arg_0]
call edi ; WaitForSingleObject
cmp eax, esi
jz short loc_403022
loc_40303F: ; CODE XREF: sub_40161F+19EF�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_409070 ; GetExitCodeProcess
cmp [ebp+var_14], 0
jz short loc_403055
inc [ebp+var_4]
loc_403055: ; CODE XREF: sub_40161F+1A31�j
push [ebp+arg_0]
call ds:dword_409084 ; CloseHandle
jmp loc_4031DC
; ---------------------------------------------------------------------------
loc_403063: ; CODE XREF: sub_40161F+19CD�j
inc [ebp+var_4]
push offset aFileExtracti_0 ; "File Extraction: failed createprocess o"...
call sub_406171
pop ecx
pop ecx
jmp loc_4031DC
; ---------------------------------------------------------------------------
loc_403077: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
test esi, esi ; jumptable 0040167A case 61
jz short loc_4030B0
push edx
push offset aSettingsLoggin ; "settings logging to %d"
call sub_406171
mov eax, [ebp+var_34]
push eax
push offset aLoggingSetToD ; "logging set to %d"
mov dword_431D04, eax
call sub_406171
add esp, 10h
cmp [ebp+var_34], 0
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
call sub_403F6C
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4030B0: ; CODE XREF: sub_40161F+1A5A�j
xor esi, esi
inc esi
call sub_401508
push eax
push offset aS ; "%s"
loc_4030BE: ; CODE XREF: sub_40161F+373�j
; sub_40161F+385�j ...
call sub_406171
pop ecx
loc_4030C4: ; CODE XREF: sub_40161F+22D�j
pop ecx
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4030CA: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 62
call sub_4014F2
mov edi, eax
cmp edi, dword_4341AC
jnb loc_401A59
mov eax, [ebp+var_30]
mov esi, edi
imul esi, 418h
add esi, dword_4341A8
test eax, eax
jl short loc_40310B
mov ecx, [esi+eax*4]
jnz short loc_403108
add esi, 18h
push esi
push ebx
loc_4030FE: ; CODE XREF: sub_40161F+9DF�j
; sub_40161F+175E�j
call sub_406022 ; lstrcpyA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403108: ; CODE XREF: sub_40161F+1AD8�j
push ecx
jmp short loc_403180
; ---------------------------------------------------------------------------
loc_40310B: ; CODE XREF: sub_40161F+1AD3�j
or ecx, 0FFFFFFFFh
sub ecx, eax
mov [ebp+var_30], ecx
jz short loc_403122
xor ecx, ecx
inc ecx
call sub_4014F2
mov [ebp+var_34], eax
jmp short loc_403132
; ---------------------------------------------------------------------------
loc_403122: ; CODE XREF: sub_40161F+1AF4�j
push [ebp+var_28]
lea eax, [esi+18h]
push eax
call sub_4066B7
or byte ptr [esi+9], 1
loc_403132: ; CODE XREF: sub_40161F+1B01�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_34]
mov [esi+eax*4], ecx
cmp [ebp+var_2C], 0
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
call sub_40117D
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403150: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 63
call sub_4014F2
cmp eax, 20h
jnb loc_401A59
xor ecx, ecx
cmp [ebp+var_2C], ecx
jz short loc_403188
cmp [ebp+var_30], ecx
jz short loc_403179
push eax
call sub_4012A8
call sub_40129E
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403179: ; CODE XREF: sub_40161F+1B4B�j
push ecx
call sub_4012F3
loc_40317F: ; CODE XREF: sub_40161F+1711�j
push eax
loc_403180: ; CODE XREF: sub_40161F+1AEA�j
push ebx
loc_403181: ; CODE XREF: sub_40161F+1BE�j
call sub_405F80
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403188: ; CODE XREF: sub_40161F+1B46�j
cmp [ebp+var_30], ecx
jz short loc_40319F
mov ecx, [ebp+var_34]
mov edx, dword_434188
mov [edx+eax*4+94h], ecx
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40319F: ; CODE XREF: sub_40161F+1B6C�j
mov ecx, dword_434188
push dword ptr [ecx+eax*4+94h]
push ebx
call sub_4066B7
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4031B4: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, dword_42F528 ; jumptable 0040167A case 66
push 0
and eax, esi
push eax
push 0Bh
push [ebp+var_10]
call ds:dword_40926C ; SendMessageA
cmp [ebp+var_38], 0
jz short loc_4031EB ; default
; jumptable 0040167A cases 64,65
push 0
push 0
push [ebp+var_10]
call ds:dword_409268 ; InvalidateRect
loc_4031DC: ; CODE XREF: sub_40161F+672�j
; sub_40161F+6E9�j ...
cmp [ebp+var_C], 0
jz short loc_4031EB ; default
; jumptable 0040167A cases 64,65
push [ebp+var_C]
loc_4031E5: ; CODE XREF: sub_40161F+A0E�j
; sub_40161F+E95�j
call ds:dword_409140 ; GlobalFree
loc_4031EB: ; CODE XREF: sub_40161F+55�j
; sub_40161F+5B�j ...
mov eax, [ebp+var_4] ; default
; jumptable 0040167A cases 64,65
add dword_434208, eax
loc_4031F4: ; CODE XREF: sub_40161F+688�j
; sub_40161F+16B0�j
xor eax, eax
loc_4031F6: ; CODE XREF: sub_40161F+72�j
; sub_40161F+E9�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_40161F endp
; ---------------------------------------------------------------------------
off_4031FD dd offset loc_401681, offset loc_401696, offset loc_4016B8
; DATA XREF: sub_40161F+5B�r
dd offset loc_4016D5, offset loc_40170D, offset loc_40175C ; jump table for switch statement
dd offset loc_401786, offset loc_4017E2, offset loc_40180E
dd offset loc_401851, offset loc_4018AD, offset loc_40179F
dd offset loc_4017B6, offset loc_4017D5, offset loc_4018F9
dd offset loc_4019A9, offset loc_401A0E, offset loc_401A42
dd offset loc_401A65, offset loc_401D4C, offset loc_401D5D
dd offset loc_401DA3, offset loc_401DC8, offset loc_401DDC
dd offset loc_401E62, offset loc_401E85, offset loc_401EBD
dd offset loc_401EFA, offset loc_401F86, offset loc_401FA6
dd offset loc_40205C, offset loc_40205C, offset loc_402127
dd offset loc_402145, offset loc_402162, offset loc_40217F
dd offset loc_4021DC, offset loc_402258, offset loc_40229A
dd offset loc_402327, offset loc_4023F9, offset loc_402429
dd offset loc_4024B9, offset loc_402621, offset loc_40279F
dd offset loc_402832, offset loc_402859, offset loc_4028E3
dd offset loc_402926, offset loc_4029B9, offset loc_402AE0
dd offset loc_402B58, offset loc_402BB6, offset loc_402BD1
dd offset loc_402BF6, offset loc_402C43, offset loc_402D02
dd offset loc_402D35, offset loc_402D50, offset loc_402D82
dd offset loc_402DAE, offset loc_403077, offset loc_4030CA
dd offset loc_403150, offset loc_4031EB, offset loc_4031EB
dd offset loc_4031B4
off_403309 dd offset loc_401F1F ; DATA XREF: sub_40161F+8F9�r
dd offset loc_401F23 ; jump table for switch statement
dd offset loc_401F27
dd offset loc_401F2E
dd offset loc_401F3B
dd offset loc_401F3F
dd offset loc_401F43
dd offset loc_401F47
dd offset loc_401F50
dd offset loc_401F5A
dd offset loc_401F66
dd offset loc_401F7A
dd offset loc_401F7E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40333D proc near ; DATA XREF: sub_403646+14F�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, 113h
jnz short loc_40336E
push 0
push 0FAh
push 1
push edi
call ds:dword_409194 ; SetTimer
mov eax, [ebp+arg_C]
mov dword_42CCEC, eax
mov [ebp+arg_4], esi
loc_40336E: ; CODE XREF: sub_40333D+14�j
cmp [ebp+arg_4], esi
jnz short loc_4033C1
mov ecx, dword_42CCE8
mov eax, dword_42CCF0
cmp ecx, eax
jl short loc_403384
mov ecx, eax
loc_403384: ; CODE XREF: sub_40333D+43�j
push eax
push 64h
push ecx
call ds:dword_409130 ; MulDiv
push eax
push dword_42CCEC
mov esi, offset dword_41B0E8
push esi
call ds:dword_40923C ; wsprintfA
add esp, 0Ch
push esi
push edi
call ds:dword_409190 ; SetWindowTextA
push esi
push 406h
push edi
call sub_405CCB ; SetDlgItemTextA
push 5
push edi
call ds:dword_409234 ; ShowWindow
loc_4033C1: ; CODE XREF: sub_40333D+34�j
pop edi
xor eax, eax
pop esi
pop ebp
retn 10h
sub_40333D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C9 proc near ; CODE XREF: sub_40161F+18D2�p
; sub_403412+49�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
push 0
lea eax, [ebp+arg_4]
push eax
push esi
push [ebp+arg_0]
push dword_40D00C
call ds:dword_409154 ; ReadFile
test eax, eax
jz short loc_4033F4
cmp [ebp+arg_4], esi
jnz short loc_4033F4
xor eax, eax
inc eax
jmp short loc_4033F6
; ---------------------------------------------------------------------------
loc_4033F4: ; CODE XREF: sub_4033C9+1F�j
; sub_4033C9+24�j
xor eax, eax
loc_4033F6: ; CODE XREF: sub_4033C9+29�j
pop esi
pop ebp
retn 8
sub_4033C9 endp
; =============== S U B R O U T I N E =======================================
sub_4033FB proc near ; CODE XREF: sub_40161F+18C7�p
; sub_403412+3E�p ...
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
push dword_40D00C
call ds:dword_409158 ; SetFilePointer
retn 4
sub_4033FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403412 proc near ; CODE XREF: sub_40161F+6A7�p
; sub_40161F+146A�p ...
var_58 = byte ptr -58h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push esi
mov esi, [ebp+arg_C]
push edi
mov edi, [ebp+arg_8]
test edi, edi
mov [ebp+var_8], esi
jnz short loc_40342E
mov [ebp+var_8], 8000h
loc_40342E: ; CODE XREF: sub_403412+13�j
and [ebp+var_4], 0
test edi, edi
mov [ebp+var_C], edi
jnz short loc_403440
mov [ebp+var_C], offset dword_4130E8
loc_403440: ; CODE XREF: sub_403412+25�j
mov eax, [ebp+arg_0]
test eax, eax
jl short loc_403455
mov ecx, dword_4341D8
add ecx, eax
push ecx
call sub_4033FB
loc_403455: ; CODE XREF: sub_403412+33�j
push 4
lea eax, [ebp+arg_C]
push eax
call sub_4033C9
test eax, eax
jnz short loc_40346C
push 0FFFFFFFDh
pop eax
jmp loc_4035F9
; ---------------------------------------------------------------------------
loc_40346C: ; CODE XREF: sub_403412+50�j
test byte ptr [ebp+arg_C+3], 80h
push ebx
jz loc_4035DB
mov ebx, ds:dword_4090B4
call ebx ; GetTickCount
and dword_423654, 0
and dword_423650, 0
and [ebp+arg_C], 7FFFFFFFh
mov [ebp+var_10], eax
mov eax, offset dword_424CD8
mov dword_42CCE0, eax
mov dword_42CCDC, eax
mov eax, [ebp+arg_C]
mov dword_423138, 8
mov dword_42CCD8, offset dword_42CCD8
mov [ebp+arg_0], eax
jle loc_4035F5
loc_4034C6: ; CODE XREF: sub_403412+1B8�j
mov esi, 4000h
cmp [ebp+arg_C], esi
jge short loc_4034D3
mov esi, [ebp+arg_C]
loc_4034D3: ; CODE XREF: sub_403412+BC�j
push esi
mov edi, offset dword_40F0E8
push edi
call sub_4033C9
test eax, eax
jz loc_4035D2
sub [ebp+arg_C], esi
mov dword_423128, edi
mov dword_42312C, esi
loc_4034F6: ; CODE XREF: sub_403412+1AD�j
mov eax, [ebp+var_8]
mov edi, [ebp+var_C]
push offset dword_423128
mov dword_423130, edi
mov dword_423134, eax
call sub_406E81
test eax, eax
mov [ebp+var_18], eax
jl loc_4035D7
mov esi, dword_423130
sub esi, edi
call ebx ; GetTickCount
test byte ptr dword_40D03C, 1
mov edi, eax
jz short loc_403574
sub eax, [ebp+var_10]
cmp eax, 0C8h
ja short loc_403541
cmp [ebp+arg_C], 0
jnz short loc_403574
loc_403541: ; CODE XREF: sub_403412+127�j
push [ebp+arg_0]
mov eax, [ebp+arg_0]
sub eax, [ebp+arg_C]
push 64h
push eax
call ds:dword_409130 ; MulDiv
push eax
lea eax, [ebp+var_58]
push offset a___D ; "... %d%%"
push eax
call ds:dword_40923C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_58]
push eax
push 0
call sub_405013
mov [ebp+var_10], edi
loc_403574: ; CODE XREF: sub_403412+11D�j
; sub_403412+12D�j
xor eax, eax
cmp esi, eax
jz short loc_4035C7
cmp [ebp+arg_8], eax
jnz short loc_4035A7
push eax
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_C]
push [ebp+arg_4]
call ds:dword_409150 ; WriteFile
test eax, eax
jz loc_403642
cmp [ebp+var_14], esi
jnz loc_403642
add [ebp+var_4], esi
jmp short loc_4035BB
; ---------------------------------------------------------------------------
loc_4035A7: ; CODE XREF: sub_403412+16B�j
sub [ebp+var_8], esi
add [ebp+var_4], esi
cmp [ebp+var_8], 1
mov eax, dword_423130
mov [ebp+var_C], eax
jl short loc_4035F5
loc_4035BB: ; CODE XREF: sub_403412+193�j
cmp [ebp+var_18], 1
jnz loc_4034F6
jmp short loc_4035F5
; ---------------------------------------------------------------------------
loc_4035C7: ; CODE XREF: sub_403412+166�j
cmp [ebp+arg_C], eax
jg loc_4034C6
jmp short loc_4035F5
; ---------------------------------------------------------------------------
loc_4035D2: ; CODE XREF: sub_403412+CF�j
; sub_403412+1DE�j ...
push 0FFFFFFFDh
loc_4035D4: ; CODE XREF: sub_403412+1C7�j
; sub_403412+232�j
pop eax
jmp short loc_4035F8
; ---------------------------------------------------------------------------
loc_4035D7: ; CODE XREF: sub_403412+104�j
push 0FFFFFFFCh
jmp short loc_4035D4
; ---------------------------------------------------------------------------
loc_4035DB: ; CODE XREF: sub_403412+5F�j
test edi, edi
jz short loc_40363A
cmp [ebp+arg_C], esi
jge short loc_4035E7
mov esi, [ebp+arg_C]
loc_4035E7: ; CODE XREF: sub_403412+1D0�j
push esi
push edi
call sub_4033C9
test eax, eax
jz short loc_4035D2
mov [ebp+var_4], esi
loc_4035F5: ; CODE XREF: sub_403412+AE�j
; sub_403412+1A7�j ...
mov eax, [ebp+var_4]
loc_4035F8: ; CODE XREF: sub_403412+1C3�j
pop ebx
loc_4035F9: ; CODE XREF: sub_403412+55�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_4035FF: ; CODE XREF: sub_403412+22C�j
mov esi, [ebp+var_8]
cmp [ebp+arg_C], esi
jge short loc_40360A
mov esi, [ebp+arg_C]
loc_40360A: ; CODE XREF: sub_403412+1F3�j
push esi
mov edi, offset dword_40F0E8
push edi
call sub_4033C9
test eax, eax
jz short loc_4035D2
push 0
lea eax, [ebp+arg_8]
push eax
push esi
push edi
push [ebp+arg_4]
call ds:dword_409150 ; WriteFile
test eax, eax
jz short loc_403642
cmp esi, [ebp+arg_8]
jnz short loc_403642
add [ebp+var_4], esi
sub [ebp+arg_C], esi
loc_40363A: ; CODE XREF: sub_403412+1CB�j
cmp [ebp+arg_C], 0
jg short loc_4035FF
jmp short loc_4035F5
; ---------------------------------------------------------------------------
loc_403642: ; CODE XREF: sub_403412+181�j
; sub_403412+18A�j ...
push 0FFFFFFFEh
jmp short loc_4035D4
sub_403412 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403646 proc near ; CODE XREF: start+1F8�p
var_48 = byte ptr -48h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
call ds:dword_4090B4 ; GetTickCount
push 400h
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov esi, offset dword_43AC00
push esi
push dword_434184
mov edi, eax
add edi, 3E8h
call ds:dword_4090BC ; GetModuleFileNameA
push 3
push 80000000h
push esi
call sub_405E44
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_10], ebx
mov dword_40D00C, ebx
jnz short loc_4036A6
mov eax, offset aErrorLaunching ; "Error launching installer"
jmp loc_4038EB
; ---------------------------------------------------------------------------
loc_4036A6: ; CODE XREF: sub_403646+54�j
push esi
call sub_40622C
push 0
push ebx
call ds:dword_4090B8 ; GetFileSize
test eax, eax
mov dword_42CCF0, eax
mov esi, eax
jle loc_4037E5
loc_4036C4: ; CODE XREF: sub_403646+18A�j
mov eax, dword_4341E8
neg eax
sbb eax, eax
and eax, 7E00h
add eax, 200h
cmp esi, eax
mov ebx, esi
jl short loc_4036DF
mov ebx, eax
loc_4036DF: ; CODE XREF: sub_403646+95�j
push ebx
push offset dword_41B128
call sub_4033C9
test eax, eax
jz loc_403874
xor eax, eax
cmp dword_4341E8, eax
jnz short loc_403777
push 1Ch
push offset dword_41B128
lea eax, [ebp+var_2C]
push eax
call sub_405E24
mov ecx, [ebp+var_2C]
test ecx, 0FFFFFFE0h
jnz loc_4037AD
cmp [ebp+var_28], 0DEADBEEFh
jnz loc_4037AD
cmp [ebp+var_1C], 74736E49h
jnz short loc_4037AD
cmp [ebp+var_20], 74666F73h
jnz short loc_4037AD
cmp [ebp+var_24], 6C6C754Eh
jnz short loc_4037AD
mov eax, [ebp+var_14]
cmp eax, esi
jg loc_403846
or [ebp+arg_0], ecx
test byte ptr [ebp+arg_0], 8
mov edx, dword_42CCE8
mov dword_4341E8, edx
jnz short loc_403769
test byte ptr [ebp+arg_0], 4
jnz short loc_4037D6
loc_403769: ; CODE XREF: sub_403646+11B�j
inc [ebp+var_8]
lea esi, [eax-4]
cmp ebx, esi
jbe short loc_4037AD
mov ebx, esi
jmp short loc_4037AD
; ---------------------------------------------------------------------------
loc_403777: ; CODE XREF: sub_403646+B4�j
test byte ptr [ebp+arg_0], 2
jnz short loc_4037AD
cmp [ebp+var_4], eax
jnz loc_40385C
call ds:dword_4090B4 ; GetTickCount
cmp eax, edi
jbe short loc_4037AD
push offset aVerifyingInsta ; "verifying installer: %d%%"
push offset sub_40333D
push 0
push 6Fh
push dword_434184
call ds:dword_40919C ; CreateDialogParamA
mov [ebp+var_4], eax
loc_4037AD: ; CODE XREF: sub_403646+CF�j
; sub_403646+DC�j ...
cmp esi, dword_42CCF0
jge short loc_4037C6
push ebx
push offset dword_41B128
push [ebp+var_C]
call sub_40137E
mov [ebp+var_C], eax
loc_4037C6: ; CODE XREF: sub_403646+16D�j
add dword_42CCE8, ebx
sub esi, ebx
test esi, esi
jg loc_4036C4
loc_4037D6: ; CODE XREF: sub_403646+121�j
cmp [ebp+var_4], 0
jz short loc_4037E5
push [ebp+var_4]
call ds:dword_409198 ; DestroyWindow
loc_4037E5: ; CODE XREF: sub_403646+78�j
; sub_403646+194�j
xor edi, edi
cmp dword_4341E8, edi
jz short loc_403846
cmp [ebp+var_8], edi
jz short loc_403816
push dword_42CCE8
call sub_4033FB
push 4
lea eax, [ebp+var_8]
push eax
call sub_4033C9
test eax, eax
jz short loc_403846
mov eax, [ebp+var_C]
cmp eax, [ebp+var_8]
jnz short loc_403846
loc_403816: ; CODE XREF: sub_403646+1AC�j
push [ebp+var_18]
call sub_405D2F
mov esi, eax
mov eax, dword_4341E8
add eax, 1Ch
push eax
call sub_4033FB
push [ebp+var_18]
push esi
push edi
push 0FFFFFFFFh
call sub_403412
cmp eax, [ebp+var_18]
jz short loc_403885
push esi
call ds:dword_409140 ; GlobalFree
loc_403846: ; CODE XREF: sub_403646+102�j
; sub_403646+1A7�j ...
mov eax, offset aTheInstallerYo ; "The installer you are trying to use is "...
jmp loc_4038EB
; ---------------------------------------------------------------------------
loc_403850: ; CODE XREF: sub_403646+227�j
lea eax, [ebp+var_48]
push eax
call ds:dword_409264 ; DispatchMessageA
xor eax, eax
loc_40385C: ; CODE XREF: sub_403646+13A�j
push 1
push eax
push eax
push eax
lea eax, [ebp+var_48]
push eax
call ds:dword_409260 ; PeekMessageA
test eax, eax
jnz short loc_403850
jmp loc_4037AD
; ---------------------------------------------------------------------------
loc_403874: ; CODE XREF: sub_403646+A6�j
cmp [ebp+var_4], 0
jz short loc_403846
push [ebp+var_4]
call ds:dword_409198 ; DestroyWindow
jmp short loc_403846
; ---------------------------------------------------------------------------
loc_403885: ; CODE XREF: sub_403646+1F7�j
test byte ptr [ebp+arg_0], 2
mov dword_434188, esi
jz short loc_403894
or dword ptr [esi], 8
loc_403894: ; CODE XREF: sub_403646+249�j
mov eax, [esi]
and eax, 18h
test byte ptr [ebp+arg_0], 10h
mov dword_434220, eax
jz short loc_4038A8
or byte ptr [esi+1], 4
loc_4038A8: ; CODE XREF: sub_403646+25C�j
test byte ptr [ebp+var_2C], 1
mov eax, [esi]
mov dword_4341E4, eax
jz short loc_4038BB
inc dword_4341E0
loc_4038BB: ; CODE XREF: sub_403646+26D�j
push 8
lea eax, [esi+44h]
pop ecx
loc_4038C1: ; CODE XREF: sub_403646+281�j
sub eax, 8
add [eax], esi
dec ecx
jnz short loc_4038C1
push 1
push edi
push edi
push [ebp+var_10]
call ds:dword_409158 ; SetFilePointer
mov [esi+3Ch], eax
push 40h
add esi, 4
push esi
push offset dword_4341A0
call sub_405E24
xor eax, eax
loc_4038EB: ; CODE XREF: sub_403646+5B�j
; sub_403646+205�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_403646 endp
; =============== S U B R O U T I N E =======================================
sub_4038F2 proc near ; CODE XREF: start+55�p start+76�p
push esi
mov esi, offset aCDocume1Martim ; "C:\\DOCUME~1\\MARTIM~1\\LOCALS~1\\Temp\\"
push esi
call sub_40602E
push esi
call sub_405D5A
test eax, eax
jnz short loc_40390A
pop esi
retn
; ---------------------------------------------------------------------------
loc_40390A: ; CODE XREF: sub_4038F2+14�j
push esi
call sub_4061CB
push 0
push esi
call ds:dword_4090C0 ; CreateDirectoryA
push esi
push offset byte_43A000
call sub_405E73
pop esi
retn
sub_4038F2 endp
; =============== S U B R O U T I N E =======================================
sub_403926 proc near ; CODE XREF: start:loc_403C27�p
mov eax, dword_40D00C
cmp eax, 0FFFFFFFFh
jz short loc_40393E
push eax
call ds:dword_409084 ; CloseHandle
or dword_40D00C, 0FFFFFFFFh
loc_40393E: ; CODE XREF: sub_403926+8�j
push 7
push offset dword_43B800
call sub_4068E6
mov eax, dword_42CCF4
test eax, eax
jz short locret_403961
push eax
call ds:dword_409140 ; GlobalFree
and dword_42CCF4, 0
locret_403961: ; CODE XREF: sub_403926+2B�j
retn
sub_403926 endp
; =============== S U B R O U T I N E =======================================
public start
start proc near
var_BC = dword ptr -0BCh
var_B4 = dword ptr -0B4h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
sub esp, 20h
push ebx
push ebp
push esi
push edi
xor edi, edi
push offset aNsiszlib_bin ; "nsiszlib.bin"
mov [esp+34h+var_1C], edi
mov ebx, offset aErrorWritingTe ; "Error writing temporary file. Make sure"...
mov [esp+34h+var_20], 20h
call sub_4088D7
pop ecx
call ds:dword_409028
push edi
call ds:dword_4092A0
push offset aNsisError_0 ; "NSIS Error"
push offset aNsisError ; "NSIS Error"
mov dword_434230, eax
call sub_406022 ; lstrcpyA
mov esi, offset aCDocume1Martim ; "C:\\DOCUME~1\\MARTIM~1\\LOCALS~1\\Temp\\"
push esi
mov ebp, 400h
push ebp
call ds:dword_4090DC ; GetTempPathA
call sub_4038F2
test eax, eax
jnz short loc_4039E5
push 3FBh
push esi
call ds:dword_4090D8 ; GetWindowsDirectoryA
push offset aTemp ; "\\Temp"
push esi
call ds:dword_4090A4 ; lstrcatA
call sub_4038F2
test eax, eax
jz loc_403C27
loc_4039E5: ; CODE XREF: start+5C�j
mov esi, offset byte_43A000
push esi
call ds:dword_409134 ; DeleteFileA
push ebp
call ds:dword_4090D4 ; GetCommandLineA
mov ebx, ds:dword_4090D0
push eax
push esi
call ebx ; lstrcpynA
push 0
call ds:dword_409068 ; GetModuleHandleA
cmp ds:byte_43A000, 22h
mov dword_434184, eax
jnz short loc_403A22
mov byte ptr [esp+68h+var_58], 22h
mov esi, offset byte_43A001
loc_403A22: ; CODE XREF: start+B4�j
push [esp+68h+var_58]
push esi
call sub_405D3E
push eax
call ds:dword_4091A4 ; CharNextA
mov esi, eax
mov [esp+6Ch+var_54], esi
jmp loc_403B4F
; ---------------------------------------------------------------------------
loc_403A3E: ; CODE XREF: start+1F1�j
cmp al, 20h
jnz short loc_403A48
loc_403A42: ; CODE XREF: start+E4�j
inc esi
cmp byte ptr [esi], 20h
jz short loc_403A42
loc_403A48: ; CODE XREF: start+DE�j
cmp byte ptr [esi], 22h
mov byte ptr [esp+6Ch+var_5C], 20h
jnz short loc_403A58
inc esi
mov byte ptr [esp+6Ch+var_5C], 22h
loc_403A58: ; CODE XREF: start+EE�j
cmp byte ptr [esi], 2Fh
jnz loc_403B3D
inc esi
mov al, [esi]
cmp al, 53h
jnz short loc_403A76
mov cl, [esi+1]
or cl, 20h
cmp cl, 20h
jnz short loc_403A76
or edi, 2
loc_403A76: ; CODE XREF: start+104�j start+10F�j
cmp dword ptr [esi], 4352434Eh
jnz short loc_403A8C
mov cl, [esi+4]
or cl, 20h
cmp cl, 20h
jnz short loc_403A8C
or edi, 4
loc_403A8C: ; CODE XREF: start+11A�j start+125�j
cmp dword ptr [esi-2], 3D442F20h
jz loc_403BB0
cmp al, 58h
jz short loc_403AA5
cmp al, 78h
jnz loc_403B3D
loc_403AA5: ; CODE XREF: start+139�j
mov al, [esi+1]
or al, 20h
cmp al, 20h
jnz loc_403B3D
lea eax, [esi+2]
mov cl, [eax]
or edi, 12h
cmp cl, 22h
mov [esp+6Ch+var_50], edi
jnz short loc_403ACC
mov byte ptr [esp+6Ch+var_5C], cl
add esi, 3
jmp short loc_403AE4
; ---------------------------------------------------------------------------
loc_403ACC: ; CODE XREF: start+15F�j
cmp cl, 20h
jz loc_403B86
test cl, cl
jz loc_403B86
mov byte ptr [esp+6Ch+var_5C], 20h
mov esi, eax
loc_403AE4: ; CODE XREF: start+168�j
push [esp+6Ch+var_5C]
push esi
call sub_405D3E
test eax, eax
jz loc_403BC4
sub eax, esi
inc eax
inc eax
push ebp
mov edi, eax
call sub_405D2F
test eax, eax
mov dword_42CCF4, eax
jz loc_403BCB
cmp edi, ebp
jbe short loc_403B15
mov edi, ebp
loc_403B15: ; CODE XREF: start+1AF�j
dec edi
push edi
push esi
push eax
call ebx ; lstrcpynA
push dword_42CCF4
call sub_4061CB
push 0
push dword_42CCF4
call ds:dword_4090C0 ; CreateDirectoryA
mov edi, [esp+80h+var_64]
mov byte ptr [esp+80h+var_70], 2Fh
loc_403B3D: ; CODE XREF: start+F9�j start+13D�j ...
push [esp+80h+var_70]
push esi
call sub_405D3E
mov esi, eax
cmp byte ptr [esi], 22h
jnz short loc_403B4F
inc esi
loc_403B4F: ; CODE XREF: start+D7�j start+1EA�j ...
mov al, [esi]
test al, al
jnz loc_403A3E
loc_403B59: ; CODE XREF: start+260�j
push edi
call sub_403646
mov ebx, eax
xor ebp, ebp
cmp ebx, ebp
jnz loc_403C27
cmp dword_4341E0, ebp
jz loc_403C10
mov edi, [esp+80h+var_68]
push ebp
push edi
call sub_405D3E
mov esi, eax
jmp short loc_403BDB
; ---------------------------------------------------------------------------
loc_403B86: ; CODE XREF: start+16D�j start+175�j
push ebp
call sub_405D2F
test eax, eax
mov dword_42CCF4, eax
jz short loc_403BA5
push offset aCNsis_extractf ; "C:\\NSIS_ExtractFiles\\"
push eax
call sub_406022 ; lstrcpyA
mov eax, dword_42CCF4
loc_403BA5: ; CODE XREF: start+231�j
push 0
push eax
call ds:dword_4090C0 ; CreateDirectoryA
jmp short loc_403B4F
; ---------------------------------------------------------------------------
loc_403BB0: ; CODE XREF: start+131�j
mov byte ptr [esi-2], 0
add esi, 2
push esi
push offset byte_43A400
call sub_406022 ; lstrcpyA
jmp short loc_403B59
; ---------------------------------------------------------------------------
loc_403BC4: ; CODE XREF: start+18E�j
mov ebx, offset aExtractionPath ; "Extraction pathname not properly delimi"...
jmp short loc_403C27
; ---------------------------------------------------------------------------
loc_403BCB: ; CODE XREF: start+1A7�j
mov ebx, offset aOutOfMemory ; "Out of Memory"
jmp short loc_403C27
; ---------------------------------------------------------------------------
loc_403BD2: ; CODE XREF: start+27B�j
cmp dword ptr [esi], 3D3F5F20h
jz short loc_403BDF
dec esi
loc_403BDB: ; CODE XREF: start+222�j
cmp esi, edi
jnb short loc_403BD2
loc_403BDF: ; CODE XREF: start+276�j
cmp esi, edi
mov ebx, offset aErrorLaunching ; "Error launching installer"
jb short loc_403C4C
mov byte ptr [esi], 0
add esi, 4
push esi
call sub_406252
test eax, eax
jz short loc_403C27
push esi
push offset byte_43A400
call sub_406022 ; lstrcpyA
push esi
push offset dword_43A800
call sub_406022 ; lstrcpyA
xor ebx, ebx
loc_403C10: ; CODE XREF: start+20F�j
or dword_43422C, 0FFFFFFFFh
call sub_4059CE
push 1
mov [esp+80h+var_68], eax
call sub_4060D2
loc_403C27: ; CODE XREF: start+7D�j start+203�j ...
call sub_403926
call ds:dword_40929C
test ebx, ebx
jz loc_403D4D
push 200010h
push ebx
call sub_405CED
push 2
jmp loc_403E09
; ---------------------------------------------------------------------------
loc_403C4C: ; CODE XREF: start+284�j
mov [esp+6Ch+var_5C], ebp
mov edi, offset byte_42CCF9
mov esi, offset byte_42CCF8
mov ebp, offset dword_42D4F8
loc_403C5F: ; CODE XREF: start+3E0�j
push offset aCDocume1Martim ; "C:\\DOCUME~1\\MARTIM~1\\LOCALS~1\\Temp\\"
push edi
mov byte_42CCF8, 22h
call sub_406022 ; lstrcpyA
push offset aANsisu__exe ; "A~NSISu_.exe"
push esi
call ds:dword_4090A4 ; lstrcatA
push edi
call ds:dword_409134 ; DeleteFileA
test ebx, ebx
jz loc_403D33
push 400h
push ebp
push dword_434184
call ds:dword_4090BC ; GetModuleFileNameA
push 40D011h
lea eax, dword_42D4ED[eax]
push eax
call ds:dword_409080 ; lstrcmpiA
test eax, eax
jz loc_403C27
push 0
push edi
push ebp
call ds:dword_4090CC ; CopyFileA
test eax, eax
jz short loc_403D33
push 0
push edi
call sub_406326
cmp ds:byte_43A400, 0
jz short loc_403CE4
push offset byte_43A400
push ebp
call sub_406022 ; lstrcpyA
jmp short loc_403CEA
; ---------------------------------------------------------------------------
loc_403CE4: ; CODE XREF: start+373�j
push ebp
call sub_40622C
loc_403CEA: ; CODE XREF: start+380�j
push offset asc_409AD4 ; "\" "
push esi
call ds:dword_4090A4 ; lstrcatA
push [esp+0A8h+var_90]
push esi
call ds:dword_4090A4 ; lstrcatA
push offset a_?_0 ; " _?="
push esi
call ds:dword_4090A4 ; lstrcatA
push ebp
push esi
call ds:dword_4090A4 ; lstrcatA
push esi
call sub_4061CB
push offset aCDocume1Martim ; "C:\\DOCUME~1\\MARTIM~1\\LOCALS~1\\Temp\\"
push esi
call sub_405C75
test eax, eax
jz short loc_403D33
push eax
call ds:dword_409084 ; CloseHandle
xor ebx, ebx
loc_403D33: ; CODE XREF: start+324�j start+362�j ...
inc byte ptr aANsisu__exe ; "A~NSISu_.exe"
inc [esp+0C4h+var_B4]
cmp [esp+0C4h+var_B4], 1Ah
jl loc_403C5F
jmp loc_403C27
; ---------------------------------------------------------------------------
loc_403D4D: ; CODE XREF: start+2D2�j
cmp dword_434214, 0
jz loc_403DF7
push offset aAdvapi32_dll ; "ADVAPI32.dll"
call ds:dword_409068 ; GetModuleHandleA
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz short loc_403DE3
mov esi, ds:dword_409138
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov [esp+90h+var_70], eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ebp, eax
call esi ; GetProcAddress
cmp [esp+98h+var_80], ebx
mov esi, eax
jz short loc_403DE3
cmp ebp, ebx
jz short loc_403DE3
cmp esi, ebx
jz short loc_403DE3
lea eax, [esp+98h+var_7C]
push eax
push 28h
call ds:dword_4090C8 ; GetCurrentProcess
push eax
call [esp+0A4h+var_80]
test eax, eax
jz short loc_403DE3
lea eax, [esp+0A4h+var_80]
push eax
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push ebx
call ebp
push ebx
push ebx
push ebx
lea eax, [esp+0BCh+var_90]
push eax
push ebx
push [esp+0C4h+var_94]
mov [esp+0C8h+var_90], 1
mov [esp+0C8h+var_84], 2
call esi ; GetProcAddress
loc_403DE3: ; CODE XREF: start+409�j start+435�j ...
push ebx
push 2
call ds:dword_4091A0 ; ExitWindowsEx
test eax, eax
jnz short loc_403DF7
push 9
call sub_4014C9
loc_403DF7: ; CODE XREF: start+3F2�j start+48C�j
mov eax, dword_43422C
cmp eax, 0FFFFFFFFh
jz short loc_403E05
mov [esp+0D0h+var_BC], eax
loc_403E05: ; CODE XREF: start+49D�j
push [esp+0D0h+var_BC]
loc_403E09: ; CODE XREF: start+2E5�j
call ds:dword_409168 ; ExitProcess
int 3 ; Trap to Debugger
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403E10 proc near ; CODE XREF: sub_405176+234�p
; sub_405176+270�p ...
arg_0 = dword ptr 4
cmp [esp+arg_0], 78h
jnz short loc_403E1D
inc dword_433954
loc_403E1D: ; CODE XREF: sub_403E10+5�j
push 0
push [esp+4+arg_0]
push 408h
push dword_434180
call ds:dword_40926C ; SendMessageA
retn 4
sub_403E10 endp
; =============== S U B R O U T I N E =======================================
sub_403E37 proc near ; CODE XREF: sub_40412D+64�p
; sub_40412D+71�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
push 0
call sub_4066B7
push eax
mov eax, [esp+4+arg_4]
add eax, 3E8h
push eax
push [esp+8+arg_0]
call sub_405CCB ; SetDlgItemTextA
retn 0Ch
sub_403E37 endp
; =============== S U B R O U T I N E =======================================
sub_403E59 proc near ; CODE XREF: sub_40412D+18A�p
; sub_4044DD+305�p ...
cmp dword_43420C, 0
mov eax, dword_42DD08
jnz short loc_403E6C
mov eax, dword_42F518
loc_403E6C: ; CODE XREF: sub_403E59+C�j
push 1
push 1
push 0F4h
push eax
call ds:dword_40926C ; SendMessageA
retn
sub_403E59 endp
; =============== S U B R O U T I N E =======================================
sub_403E7D proc near ; CODE XREF: sub_40412D+8F�p
; sub_40412D+185�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword_42F518
call ds:dword_40925C ; EnableWindow
retn 4
sub_403E7D endp
; =============== S U B R O U T I N E =======================================
sub_403E90 proc near ; CODE XREF: sub_40412D+A5�p
; sub_4044DD+E4�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
push 28h
push dword_434180
call ds:dword_40926C ; SendMessageA
retn 4
sub_403E90 endp
; =============== S U B R O U T I N E =======================================
sub_403EA7 proc near ; CODE XREF: sub_404921+20�p
; sub_4050EB+76�p ...
arg_0 = dword ptr 4
mov eax, dword_433948
test eax, eax
jz short locret_403EBF
push 0
push 0
push [esp+8+arg_0]
push eax
call ds:dword_40926C ; SendMessageA
locret_403EBF: ; CODE XREF: sub_403EA7+7�j
retn 4
sub_403EA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EC2 proc near ; CODE XREF: sub_40412D+299�p
; sub_4043D2+3D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
add eax, 0FFFFFECDh
cmp eax, 5
push esi
ja loc_403F65
push 0FFFFFFEBh
push [ebp+arg_4]
call ds:dword_4091AC ; GetWindowLongA
mov esi, eax
test esi, esi
jz short loc_403F65
test byte ptr [esi+14h], 2
mov eax, [esi]
push edi
mov edi, ds:dword_4091A8
jz short loc_403EFA
push eax
call edi ; GetSysColor
loc_403EFA: ; CODE XREF: sub_403EC2+33�j
test byte ptr [esi+14h], 1
jz short loc_403F0A
push eax
push [ebp+arg_0]
call ds:dword_409050 ; SetTextColor
loc_403F0A: ; CODE XREF: sub_403EC2+3C�j
push dword ptr [esi+10h]
push [ebp+arg_0]
call ds:dword_40904C ; SetBkMode
test byte ptr [esi+14h], 8
mov eax, [esi+4]
mov [ebp+var_8], eax
jz short loc_403F28
push eax
call edi ; GetSysColor
mov [ebp+var_8], eax
loc_403F28: ; CODE XREF: sub_403EC2+5E�j
test byte ptr [esi+14h], 4
pop edi
jz short loc_403F39
push eax
push [ebp+arg_0]
call ds:dword_409054 ; SetBkColor
loc_403F39: ; CODE XREF: sub_403EC2+6B�j
test byte ptr [esi+14h], 10h
jz short loc_403F60
mov eax, [esi+8]
mov [ebp+var_C], eax
mov eax, [esi+0Ch]
test eax, eax
jz short loc_403F53
push eax
call ds:dword_409040 ; DeleteObject
loc_403F53: ; CODE XREF: sub_403EC2+88�j
lea eax, [ebp+var_C]
push eax
call ds:dword_409044 ; CreateBrushIndirect
mov [esi+0Ch], eax
loc_403F60: ; CODE XREF: sub_403EC2+7B�j
mov eax, [esi+0Ch]
jmp short loc_403F67
; ---------------------------------------------------------------------------
loc_403F65: ; CODE XREF: sub_403EC2+F�j
; sub_403EC2+24�j
xor eax, eax
loc_403F67: ; CODE XREF: sub_403EC2+A1�j
pop esi
leave
retn 8
sub_403EC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F6C proc near ; CODE XREF: sub_40161F+1A87�p
; sub_4044DD+3E�p ...
var_400 = byte ptr -400h
push ebp
mov ebp, esp
sub esp, 400h
push offset byte_43A400
lea eax, [ebp+var_400]
push eax
call ds:dword_4090E0 ; lstrcpyA
push offset aInstall_log ; "install.log"
lea eax, [ebp+var_400]
push eax
push offset byte_433520
call sub_406022 ; lstrcpyA
push eax
call sub_4061CB
push eax
call ds:dword_4090A4 ; lstrcatA
leave
retn
sub_403F6C endp
; =============== S U B R O U T I N E =======================================
sub_403FAC proc near ; CODE XREF: sub_4059CE+1A�p
; sub_4059CE:loc_405B7C�p
cmp ds:byte_43B000, 0
push ebx
push ebp
push esi
push edi
mov edi, 0FFFFh
mov ebx, offset byte_43B000
jz short loc_403FCB
push ebx
call sub_405F99
jmp short loc_403FD1
; ---------------------------------------------------------------------------
loc_403FCB: ; CODE XREF: sub_403FAC+15�j
call ds:dword_4090E4 ; GetUserDefaultLangID
loc_403FD1: ; CODE XREF: sub_403FAC+1D�j
xor ecx, ecx
loc_403FD3: ; CODE XREF: sub_403FAC+8F�j
; sub_403FAC+93�j
mov esi, dword_4341C4
test esi, esi
jz short loc_404026
mov ecx, dword_434188
mov ecx, [ecx+64h]
mov edx, ecx
imul ecx, esi
neg edx
add ecx, dword_4341C0
loc_403FF3: ; CODE XREF: sub_403FAC+5B�j
xor ebp, ebp
add ecx, edx
mov bp, [ecx]
xor bp, ax
dec esi
and ebp, edi
test bp, bp
jz short loc_40400B
test esi, esi
jnz short loc_403FF3
jmp short loc_404026
; ---------------------------------------------------------------------------
loc_40400B: ; CODE XREF: sub_403FAC+57�j
mov edx, [ecx+2]
mov dword_43395C, edx
mov edx, [ecx+6]
mov dword_434228, edx
lea edx, [ecx+0Ah]
mov dword_433968, edx
loc_404026: ; CODE XREF: sub_403FAC+2F�j
; sub_403FAC+5D�j
cmp dword_433968, 0
jnz short loc_404041
cmp di, 0FFFFh
jnz short loc_40403D
mov edi, 3FFh
jmp short loc_403FD3
; ---------------------------------------------------------------------------
loc_40403D: ; CODE XREF: sub_403FAC+88�j
xor edi, edi
jmp short loc_403FD3
; ---------------------------------------------------------------------------
loc_404041: ; CODE XREF: sub_403FAC+81�j
movzx eax, word ptr [ecx]
push eax
push ebx
call sub_405F80
push 0FFFFFFFEh
push offset aNsisError ; "NSIS Error"
call sub_4066B7
push eax
push dword_42DD14
call ds:dword_409190 ; SetWindowTextA
mov eax, dword_4341AC
test eax, eax
mov esi, dword_4341A8
jz short loc_40408E
mov edi, eax
loc_404075: ; CODE XREF: sub_403FAC+E0�j
mov eax, [esi]
test eax, eax
jz short loc_404085
push eax
lea eax, [esi+18h]
push eax
call sub_4066B7
loc_404085: ; CODE XREF: sub_403FAC+CD�j
add esi, 418h
dec edi
jnz short loc_404075
loc_40408E: ; CODE XREF: sub_403FAC+C5�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_403FAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404093 proc near ; DATA XREF: sub_4044DD+13E�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push esi
mov esi, ds:dword_40926C
jnz short loc_4040BF
push [ebp+arg_C]
push 3FBh
call sub_405CD1
push [ebp+arg_C]
push 1
push 466h
push [ebp+arg_0]
call esi ; SendMessageA
loc_4040BF: ; CODE XREF: sub_404093+E�j
cmp [ebp+arg_4], 2
jnz short loc_4040F2
push [ebp+arg_C]
push [ebp+arg_8]
call ds:dword_409184 ; SHGetPathFromIDListA
test eax, eax
jz short loc_4040E3
push 7
call sub_4014C9
test eax, eax
jnz short loc_4040E3
inc eax
jmp short loc_4040E5
; ---------------------------------------------------------------------------
loc_4040E3: ; CODE XREF: sub_404093+40�j
; sub_404093+4B�j
xor eax, eax
loc_4040E5: ; CODE XREF: sub_404093+4E�j
push eax
push 0
push 465h
push [ebp+arg_0]
call esi ; SendMessageA
loc_4040F2: ; CODE XREF: sub_404093+30�j
xor eax, eax
pop esi
pop ebp
retn 10h
sub_404093 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040F9 proc near ; DATA XREF: sub_40412D+5A�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_8]
mov eax, [ebp+arg_0]
mov ecx, dword_42D8F8
add ecx, eax
push ecx
push [ebp+arg_4]
call ds:dword_4090D0 ; lstrcpynA
push [ebp+arg_4]
call sub_406028 ; lstrlenA
mov ecx, [ebp+arg_C]
add dword_42D8F8, eax
mov [ecx], eax
xor eax, eax
pop ebp
retn 10h
sub_4040F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40412D proc near ; DATA XREF: .data:off_40D024�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 110h
push ebx
push esi
push edi
jnz loc_40424D
mov ebx, [ebp+arg_C]
mov edi, [ebx+30h]
test edi, edi
jge short loc_40415E
mov ecx, dword_433968
lea eax, ds:4[edi*4]
sub ecx, eax
mov edi, [ecx]
loc_40415E: ; CODE XREF: sub_40412D+1E�j
mov eax, dword_4341B8
push dword ptr [ebx+34h]
add edi, eax
movsx eax, byte ptr [edi]
and [ebp+var_8], 0
mov [ebp+arg_C], eax
mov eax, [ebx+14h]
mov esi, eax
shr esi, 5
not esi
push 22h
push [ebp+arg_0]
or esi, eax
inc edi
mov [ebp+var_C], edi
mov [ebp+var_4], offset sub_4040F9
and esi, 1
call sub_403E37
push dword ptr [ebx+38h]
push 23h
push [ebp+arg_0]
call sub_403E37
xor eax, eax
test esi, esi
setz al
push 1
add eax, 40Ah
push eax
push [ebp+arg_0]
call ds:dword_4091B8 ; CheckDlgButton
push esi
call sub_403E7D
push 3E8h
push [ebp+arg_0]
call ds:dword_40924C ; GetDlgItem
mov ebx, eax
push ebx
call sub_403E90
mov esi, ds:dword_40926C
push 0
push 1
push 45Bh
push ebx
call esi ; SendMessageA
mov eax, dword_434188
mov eax, [eax+68h]
test eax, eax
jge short loc_4041FE
neg eax
push eax
call ds:dword_4091A8 ; GetSysColor
loc_4041FE: ; CODE XREF: sub_40412D+C6�j
push eax
push 0
push 443h
push ebx
call esi ; SendMessageA
push 4010000h
push 0
push 445h
push ebx
call esi ; SendMessageA
and dword_42D8F8, 0
push edi
call sub_406028 ; lstrlenA
push eax
push 0
push 435h
push ebx
call esi ; SendMessageA
lea eax, [ebp+var_C]
push eax
push [ebp+arg_C]
push 449h
push ebx
call esi ; SendMessageA
and dword_42F524, 0
xor eax, eax
jmp loc_4043CB
; ---------------------------------------------------------------------------
loc_40424D: ; CODE XREF: sub_40412D+10�j
cmp [ebp+arg_4], 111h
mov edi, ds:dword_40924C
mov ebx, ds:dword_40926C
jnz short loc_4042BC
mov eax, [ebp+arg_8]
shr eax, 10h
test ax, ax
jnz loc_4043BC
xor eax, eax
cmp dword_42F524, eax
jnz loc_4043BC
mov esi, dword_42F51C
add esi, 14h
test byte ptr [esi], 20h
jz loc_4043BC
push eax
push eax
push 0F0h
push 40Ah
push [ebp+arg_0]
call edi ; GetDlgItem
push eax
call ebx ; SendMessageA
mov ecx, [esi]
and eax, 1
and ecx, 0FFFFFFFEh
or ecx, eax
push eax
mov [esi], ecx
call sub_403E7D
call sub_403E59
loc_4042BC: ; CODE XREF: sub_40412D+133�j
cmp [ebp+arg_4], 4Eh
jnz loc_4043AD
push 3E8h
push [ebp+arg_0]
call edi ; GetDlgItem
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+8], 70Bh
jnz loc_404368
cmp dword ptr [ecx+0Ch], 201h
mov esi, ds:dword_4091B4
mov edi, ds:dword_4091B0
jnz short loc_404353
mov edx, [ecx+18h]
mov [ebp+var_C], edx
mov edx, [ecx+1Ch]
mov [ebp+var_8], edx
sub edx, [ebp+var_C]
mov [ebp+var_4], offset byte_432D20
cmp edx, 800h
jnb short loc_404353
lea ecx, [ebp+var_C]
push ecx
push 0
push 44Bh
push eax
call ebx ; SendMessageA
push 7F02h
push 0
call edi ; LoadCursorA
push eax
call esi ; SetCursor
push 1
push 0
push 0
push [ebp+var_4]
push offset aOpen ; "open"
push [ebp+arg_0]
call ds:dword_409170 ; ShellExecuteA
push 7F00h
push 0
call edi ; LoadCursorA
push eax
call esi ; SetCursor
mov ecx, [ebp+arg_C]
loc_404353: ; CODE XREF: sub_40412D+1C6�j
; sub_40412D+1E4�j
cmp dword ptr [ecx+0Ch], 20h
jnz short loc_404368
push 7F89h
push 0
call edi ; LoadCursorA
push eax
call esi ; SetCursor
mov ecx, [ebp+arg_C]
loc_404368: ; CODE XREF: sub_40412D+1AD�j
; sub_40412D+22A�j
cmp dword ptr [ecx+8], 700h
jnz short loc_4043BF
cmp dword ptr [ecx+0Ch], 100h
jnz short loc_4043BF
cmp dword ptr [ecx+10h], 0Dh
jnz short loc_404394
push 0
push 1
push 111h
push dword_434180
call ebx ; SendMessageA
mov ecx, [ebp+arg_C]
loc_404394: ; CODE XREF: sub_40412D+251�j
cmp dword ptr [ecx+10h], 1Bh
jnz short loc_4043A8
push 0
push 0
push 10h
push dword_434180
call ebx ; SendMessageA
loc_4043A8: ; CODE XREF: sub_40412D+26B�j
xor eax, eax
inc eax
jmp short loc_4043CB
; ---------------------------------------------------------------------------
loc_4043AD: ; CODE XREF: sub_40412D+193�j
cmp [ebp+arg_4], 40Bh
jnz short loc_4043BC
inc dword_42F524
loc_4043BC: ; CODE XREF: sub_40412D+13E�j
; sub_40412D+14C�j ...
mov ecx, [ebp+arg_C]
loc_4043BF: ; CODE XREF: sub_40412D+242�j
; sub_40412D+24B�j
mov eax, [ebp+arg_4]
push ecx
push [ebp+arg_8]
call sub_403EC2
loc_4043CB: ; CODE XREF: sub_40412D+11B�j
; sub_40412D+27E�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40412D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043D2 proc near ; DATA XREF: .data:0040D034�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
mov esi, [ebp+arg_C]
jnz short loc_404408
push dword ptr [esi+30h]
push 1Dh
push [ebp+arg_0]
call sub_403E37
mov eax, [esi+3Ch]
shl eax, 0Ah
add eax, offset dword_435000
push eax
push 3E8h
push [ebp+arg_0]
call sub_405CCB ; SetDlgItemTextA
loc_404408: ; CODE XREF: sub_4043D2+E�j
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
call sub_403EC2
pop esi
pop ebp
retn 10h
sub_4043D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404419 proc near ; CODE XREF: sub_4044DD+2A5�p
; sub_4044DD+2B4�p ...
var_40 = byte ptr -40h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 14h
pop edi
mov esi, eax
cmp esi, 400h
push 0FFFFFFDCh
pop ebx
jnb short loc_404438
xor edi, edi
push 0FFFFFFDEh
jmp short loc_404445
; ---------------------------------------------------------------------------
loc_404438: ; CODE XREF: sub_404419+17�j
cmp esi, 100000h
jnb short loc_404446
push 0Ah
pop edi
push 0FFFFFFDDh
loc_404445: ; CODE XREF: sub_404419+1D�j
pop ebx
loc_404446: ; CODE XREF: sub_404419+25�j
push 0FFFFFFDFh
lea eax, [ebp+var_20]
push eax
call sub_4066B7
push eax
push ebx
lea eax, [ebp+var_40]
push eax
call sub_4066B7
push eax
lea eax, [esi+esi*4]
push 0Ah
shl eax, 1
mov ecx, edi
shr eax, cl
pop ecx
xor edx, edx
div ecx
mov ecx, edi
shr esi, cl
push edx
push esi
push offset aU_USS ; "%u.%u%s%s"
push [ebp+arg_4]
mov esi, offset dword_42E518
push esi
call sub_4066B7
push esi
mov edi, eax
call sub_406028 ; lstrlenA
add edi, eax
push edi
call ds:dword_40923C ; wsprintfA
add esp, 18h
push esi
push [ebp+arg_0]
push dword_433948
call sub_405CCB ; SetDlgItemTextA
pop edi
pop esi
pop ebx
leave
retn 8
sub_404419 endp
; =============== S U B R O U T I N E =======================================
sub_4044B0 proc near ; CODE XREF: sub_4044DD+281�p
; sub_404A08+5A7�p ...
arg_0 = dword ptr 4
mov edx, dword_4341AC
mov ecx, dword_4341A8
xor eax, eax
test edx, edx
jz short locret_4044DA
push esi
loc_4044C3: ; CODE XREF: sub_4044B0+27�j
test byte ptr [ecx+8], 1
jz short loc_4044D0
mov esi, [esp+4+arg_0]
add eax, [ecx+esi*4]
loc_4044D0: ; CODE XREF: sub_4044B0+17�j
add ecx, 418h
dec edx
jnz short loc_4044C3
pop esi
locret_4044DA: ; CODE XREF: sub_4044B0+10�j
retn 4
sub_4044B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044DD proc near ; DATA XREF: .data:0040D02C�o
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_42F51C
push ebx
push esi
mov esi, [eax+3Ch]
shl esi, 0Ah
mov [ebp+var_20], eax
mov eax, [eax+38h]
add esi, offset dword_435000
cmp [ebp+arg_4], 40Bh
push edi
mov [ebp+var_4], eax
mov ebx, 3FBh
jnz short loc_404533
push esi
push ebx
call sub_405CD1
push esi
call sub_40602E
call sub_403F6C
push 3F0h
push [ebp+arg_0]
call ds:dword_4091C0 ; IsDlgButtonChecked
mov dword_431D04, eax
loc_404533: ; CODE XREF: sub_4044DD+2F�j
cmp [ebp+arg_4], 110h
jnz loc_4045C6
push 10h
call ds:dword_4091BC ; GetAsyncKeyState
test ah, ah
mov edi, ds:dword_40924C
jns short loc_404576
push 3F0h
push [ebp+arg_0]
call edi ; GetDlgItem
push 0FFFFFFE0h
push 8
push [ebp+arg_0]
mov [ebp+var_8], eax
call sub_403E37
push 8
push [ebp+var_8]
call ds:dword_409234 ; ShowWindow
loc_404576: ; CODE XREF: sub_4044DD+73�j
push esi
call sub_405D5A
test eax, eax
jz short loc_404590
push esi
call sub_405D81
test eax, eax
jnz short loc_404590
push esi
call sub_4061CB
loc_404590: ; CODE XREF: sub_4044DD+A1�j
; sub_4044DD+AB�j
push esi
push ebx
push [ebp+arg_0]
call sub_405CCB ; SetDlgItemTextA
mov eax, [ebp+arg_C]
push dword ptr [eax+34h]
push 1
push [ebp+arg_0]
call sub_403E37
mov eax, [ebp+arg_C]
push dword ptr [eax+30h]
push 14h
push [ebp+arg_0]
call sub_403E37
push ebx
push [ebp+arg_0]
call edi ; GetDlgItem
push eax
call sub_403E90
loc_4045C6: ; CODE XREF: sub_4044DD+5D�j
cmp [ebp+arg_4], 111h
jnz loc_40468E
movzx eax, word ptr [ebp+arg_8]
cmp eax, ebx
jnz short loc_4045F3
mov ecx, [ebp+arg_8]
shr ecx, 10h
cmp cx, 300h
jnz loc_4047ED
mov [ebp+arg_4], 40Fh
loc_4045F3: ; CODE XREF: sub_4044DD+FC�j
cmp eax, 3E9h
jnz loc_40468E
push 7
pop ecx
push [ebp+var_4]
xor eax, eax
lea edi, [ebp+var_44]
rep stosd
mov eax, [ebp+arg_0]
mov edi, offset dword_42E518
push 0
mov [ebp+var_48], eax
mov [ebp+var_40], edi
mov [ebp+var_34], offset sub_404093
mov [ebp+var_30], esi
call sub_4066B7
mov [ebp+var_3C], eax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_38], 41h
call ds:dword_409174 ; SHBrowseForFolderA
test eax, eax
jz short loc_40468E
push eax
call sub_405C4A
mov eax, dword_434188
mov eax, [eax+11Ch]
test eax, eax
jz short loc_40467E
push eax
push 0
call sub_4066B7
push edi
mov edi, offset byte_432D20
push edi
call ds:dword_409080 ; lstrcmpiA
test eax, eax
jz short loc_40467E
push edi
push esi
call sub_4061CB
push eax
call ds:dword_4090A4 ; lstrcatA
loc_40467E: ; CODE XREF: sub_4044DD+178�j
; sub_4044DD+191�j
inc dword_42D904
push esi
push ebx
push [ebp+arg_0]
call sub_405CCB ; SetDlgItemTextA
loc_40468E: ; CODE XREF: sub_4044DD+F0�j
; sub_4044DD+11B�j ...
cmp [ebp+arg_4], 40Fh
jz short loc_4046A4
cmp [ebp+arg_4], 405h
jnz loc_4047ED
loc_4046A4: ; CODE XREF: sub_4044DD+1B8�j
and [ebp+var_4], 0
and [ebp+var_8], 0
push esi
push ebx
or edi, 0FFFFFFFFh
call sub_405CD1
push esi
call sub_406252
test eax, eax
jnz short loc_4046C7
mov [ebp+var_4], 1
loc_4046C7: ; CODE XREF: sub_4044DD+1E1�j
push esi
mov esi, offset dword_42D908
push esi
call sub_406022 ; lstrcpyA
push esi
call sub_405D81
test eax, eax
jz short loc_4046E0
mov byte ptr [eax], 0
loc_4046E0: ; CODE XREF: sub_4044DD+1FE�j
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:dword_409068 ; GetModuleHandleA
test eax, eax
mov ebx, 400h
jz short loc_404726
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push eax
call ds:dword_409138 ; GetProcAddress
test eax, eax
jz short loc_404726
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_28]
push ecx
push esi
call eax
test eax, eax
jz short loc_404726
mov edi, [ebp+var_28]
mov eax, [ebp+var_24]
shrd edi, eax, 0Ah
shr eax, 0Ah
jmp short loc_404755
; ---------------------------------------------------------------------------
loc_404726: ; CODE XREF: sub_4044DD+215�j
; sub_4044DD+225�j ...
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4090E8 ; GetDiskFreeSpaceA
test eax, eax
jz short loc_40475C
mov eax, [ebp+var_10]
imul eax, [ebp+var_18]
push ebx
push [ebp+var_C]
push eax
call ds:dword_409130 ; MulDiv
mov edi, eax
loc_404755: ; CODE XREF: sub_4044DD+247�j
mov [ebp+var_8], 1
loc_40475C: ; CODE XREF: sub_4044DD+262�j
push 5
call sub_4044B0
cmp edi, eax
jnb short loc_40476E
mov [ebp+var_4], 2
loc_40476E: ; CODE XREF: sub_4044DD+288�j
mov ecx, dword_433968
xor esi, esi
cmp [ecx+10h], esi
jz short loc_4047A6
push 0FFFFFFFBh
push 3FFh
call sub_404419
cmp [ebp+var_8], esi
jz short loc_404798
push 0FFFFFFFCh
push ebx
mov eax, edi
call sub_404419
jmp short loc_4047A6
; ---------------------------------------------------------------------------
loc_404798: ; CODE XREF: sub_4044DD+2AD�j
push offset word_409BDA
push ebx
push [ebp+arg_0]
call sub_405CCB ; SetDlgItemTextA
loc_4047A6: ; CODE XREF: sub_4044DD+29C�j
; sub_4044DD+2B9�j
mov eax, [ebp+var_4]
cmp eax, esi
mov dword_434224, eax
jnz short loc_4047BC
push 7
call sub_4014C9
mov [ebp+var_4], eax
loc_4047BC: ; CODE XREF: sub_4044DD+2D3�j
mov eax, [ebp+var_20]
test [eax+14h], ebx
jz short loc_4047C7
mov [ebp+var_4], esi
loc_4047C7: ; CODE XREF: sub_4044DD+2E5�j
xor eax, eax
cmp [ebp+var_4], esi
setz al
push eax
call sub_403E7D
cmp [ebp+var_4], esi
jnz short loc_4047E7
cmp dword_42D904, esi
jnz short loc_4047E7
call sub_403E59
loc_4047E7: ; CODE XREF: sub_4044DD+2FB�j
; sub_4044DD+303�j
mov dword_42D904, esi
loc_4047ED: ; CODE XREF: sub_4044DD+109�j
; sub_4044DD+1C1�j
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
call sub_403EC2
pop edi
pop esi
pop ebx
leave
retn 10h
sub_4044DD endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_4341A8
xor ecx, ecx
cmp dword_4341AC, ecx
mov dword ptr [ebp-20h], 0F030h
mov [ebp-4], ecx
jle locret_4048D1
push ebx
push esi
mov esi, ds:dword_40926C
push edi
lea edi, [eax+8]
loc_404831: ; CODE XREF: .text:004048C8�j
mov eax, [ebp+0Ch]
mov eax, [eax+ecx*4]
test eax, eax
jz short loc_4048B5
mov edx, [edi]
push 8
mov [ebp-28h], eax
pop eax
mov ecx, edx
and ecx, eax
mov ebx, edx
and ebx, 20h
shl ecx, 1
or ecx, ebx
test dh, 1
mov [ebp-2Ch], eax
mov [ebp-24h], ecx
jz short loc_40486F
lea eax, [edi+10h]
mov dword ptr [ebp-2Ch], 9
mov [ebp-1Ch], eax
and byte ptr [edi+1], 0FEh
mov ecx, [ebp-24h]
loc_40486F: ; CODE XREF: .text:00404859�j
test dl, 40h
jz short loc_404879
push 3
pop eax
jmp short loc_404887
; ---------------------------------------------------------------------------
loc_404879: ; CODE XREF: .text:00404872�j
mov eax, edx
and eax, 1
inc eax
test dl, 10h
jz short loc_404887
add eax, 3
loc_404887: ; CODE XREF: .text:00404877�j
; .text:00404882�j
push dword ptr [ebp-28h]
shl eax, 0Ch
or ecx, eax
xor eax, eax
test ebx, ebx
setnz al
mov [ebp-24h], ecx
inc eax
push eax
push 1102h
push dword ptr [ebp+8]
call esi ; SendMessageA
lea eax, [ebp-2Ch]
push eax
push 0
push 110Dh
push dword ptr [ebp+8]
call esi ; SendMessageA
loc_4048B5: ; CODE XREF: .text:00404839�j
mov ecx, [ebp-4]
inc ecx
add edi, 418h
cmp ecx, dword_4341AC
mov [ebp-4], ecx
jl loc_404831
pop edi
pop esi
pop ebx
locret_4048D1: ; CODE XREF: .text:0040481F�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048D5 proc near ; CODE XREF: sub_404921+59�p
; sub_404A08+2D3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call ds:dword_4091C8 ; GetMessagePos
movsx ecx, ax
shr eax, 10h
movsx eax, ax
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
mov [ebp+var_10], ecx
call ds:dword_4091C4 ; ScreenToClient
lea eax, [ebp+var_10]
push eax
push 0
push 1111h
push [ebp+arg_0]
call ds:dword_40926C ; SendMessageA
mov al, [ebp+var_8]
and al, 66h
neg al
sbb eax, eax
and eax, [ebp+var_4]
leave
retn 4
sub_4048D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404921 proc near ; DATA XREF: sub_404A08+89�o
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
cmp [ebp+arg_4], 102h
push esi
push edi
jnz short loc_40494D
cmp [ebp+arg_8], 20h
jnz loc_4049E9
push 413h
call sub_403EA7
xor eax, eax
jmp loc_404A02
; ---------------------------------------------------------------------------
loc_40494D: ; CODE XREF: sub_404921+F�j
or edi, 0FFFFFFFFh
cmp [ebp+arg_4], 2
jnz short loc_40495C
mov dword_40D038, edi
loc_40495C: ; CODE XREF: sub_404921+33�j
cmp [ebp+arg_4], 200h
mov esi, 419h
jnz short loc_4049A9
push [ebp+arg_0]
call ds:dword_4091D0 ; IsWindowVisible
test eax, eax
jz short loc_4049E9
push [ebp+arg_0]
call sub_4048D5
test eax, eax
mov [ebp+var_24], eax
jz short loc_4049A4
lea eax, [ebp+var_28]
push eax
push 0
push 110Ch
push [ebp+arg_0]
mov [ebp+var_28], 4
call ds:dword_40926C ; SendMessageA
mov edi, [ebp+var_4]
loc_4049A4: ; CODE XREF: sub_404921+63�j
mov [ebp+arg_4], esi
jmp short loc_4049AC
; ---------------------------------------------------------------------------
loc_4049A9: ; CODE XREF: sub_404921+47�j
mov edi, [ebp+arg_C]
loc_4049AC: ; CODE XREF: sub_404921+86�j
cmp [ebp+arg_4], esi
jnz short loc_4049EC
cmp dword_40D038, edi
jz short loc_4049EC
push ebx
mov esi, offset dword_435000
push esi
mov ebx, offset dword_42E518
push ebx
mov dword_40D038, edi
call sub_406022 ; lstrcpyA
push edi
push esi
call sub_405F80
push 6
call sub_4014C9
push ebx
push esi
call sub_406022 ; lstrcpyA
pop ebx
jmp short loc_4049EC
; ---------------------------------------------------------------------------
loc_4049E9: ; CODE XREF: sub_404921+15�j
; sub_404921+54�j
mov edi, [ebp+arg_C]
loc_4049EC: ; CODE XREF: sub_404921+8E�j
; sub_404921+96�j ...
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword_42D900
call ds:dword_4091CC ; CallWindowProcA
loc_404A02: ; CODE XREF: sub_404921+27�j
pop edi
pop esi
leave
retn 10h
sub_404921 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A08 proc near ; DATA XREF: .data:0040D028�o
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
mov esi, ds:dword_40924C
push edi
push 3F9h
push [ebp+arg_0]
call esi ; GetDlgItem
push 408h
push [ebp+arg_0]
mov [ebp+var_8], eax
call esi ; GetDlgItem
mov esi, ds:dword_40926C
mov [ebp+var_4], eax
mov eax, dword_4341A8
mov [ebp+var_18], eax
mov eax, dword_434188
add eax, 94h
xor ebx, ebx
cmp [ebp+arg_4], 110h
push 10h
mov [ebp+var_1C], eax
pop edi
jnz loc_404C78
mov eax, [ebp+arg_0]
mov dword_4341EC, eax
mov eax, dword_4341AC
shl eax, 2
push eax
mov [ebp+var_20], ebx
mov [ebp+var_14], 2
call sub_405D2F
push 6Eh
push dword_434184
mov dword_42DD10, eax
call ds:dword_4091D4 ; LoadBitmapA
push offset sub_404921
push 0FFFFFFFCh
push [ebp+var_4]
mov [ebp+var_10], eax
call ds:dword_409250 ; SetWindowLongA
push ebx
push 6
push 21h
push edi
push edi
mov dword_42D900, eax
call ds:dword_409034
push 0FF00FFh
push [ebp+var_10]
mov dword_42DD0C, eax
push eax
call ds:dword_40902C
push dword_42DD0C
push 2
push 1109h
push [ebp+var_4]
call esi ; SendMessageA
push ebx
push ebx
push 111Ch
push [ebp+var_4]
call esi ; SendMessageA
cmp eax, edi
jge short loc_404AF8
push ebx
push edi
push 111Bh
push [ebp+var_4]
call esi ; SendMessageA
loc_404AF8: ; CODE XREF: sub_404A08+E2�j
push [ebp+var_10]
call ds:dword_409040 ; DeleteObject
xor edi, edi
loc_404B03: ; CODE XREF: sub_404A08+130�j
mov eax, [ebp+var_1C]
mov eax, [eax+edi*4]
cmp eax, ebx
jz short loc_404B34
cmp edi, 20h
jz short loc_404B15
mov [ebp+var_14], ebx
loc_404B15: ; CODE XREF: sub_404A08+108�j
push eax
push ebx
call sub_4066B7
push eax
push ebx
push 143h
push [ebp+var_8]
call esi ; SendMessageA
push edi
push eax
push 151h
push [ebp+var_8]
call esi ; SendMessageA
loc_404B34: ; CODE XREF: sub_404A08+103�j
inc edi
cmp edi, 21h
jl short loc_404B03
mov eax, [ebp+var_14]
mov edi, [ebp+arg_C]
push dword ptr [edi+eax*4+30h]
push 15h
push [ebp+arg_0]
call sub_403E37
mov eax, [ebp+var_14]
push dword ptr [edi+eax*4+34h]
push 16h
push [ebp+arg_0]
call sub_403E37
xor edi, edi
cmp dword_4341AC, ebx
mov [ebp+var_C], ebx
jle loc_404C2C
mov eax, [ebp+var_18]
add eax, 8
mov [ebp+var_10], eax
mov ebx, 1100h
loc_404B7E: ; CODE XREF: sub_404A08+217�j
mov edx, [ebp+var_10]
lea eax, [edx+10h]
cmp byte ptr [eax], 0
jz loc_404C11
mov ecx, [ebp+var_C]
mov [ebp+var_3C], eax
mov eax, [edx]
push 20h
mov [ebp+var_54], ecx
pop ecx
mov edx, eax
and edx, ecx
test al, 2
mov [ebp+var_50], 0FFFF0002h
mov [ebp+var_4C], 0Dh
mov [ebp+var_40], ecx
mov [ebp+var_28], edi
mov [ebp+var_44], edx
jz short loc_404BE0
lea eax, [ebp+var_54]
push eax
push 0
push ebx
push [ebp+var_4]
mov [ebp+var_4C], 4Dh
mov [ebp+var_2C], 1
call esi ; SendMessageA
mov [ebp+var_C], eax
mov [ebp+var_20], 1
jmp short loc_404C08
; ---------------------------------------------------------------------------
loc_404BE0: ; CODE XREF: sub_404A08+1B0�j
mov eax, [ebp+var_10]
test byte ptr [eax], 4
jz short loc_404BFC
push [ebp+var_C]
push 3
push 110Ah
push [ebp+var_4]
call esi ; SendMessageA
mov [ebp+var_C], eax
jmp short loc_404C11
; ---------------------------------------------------------------------------
loc_404BFC: ; CODE XREF: sub_404A08+1DE�j
lea eax, [ebp+var_54]
push eax
push 0
push ebx
push [ebp+var_4]
call esi ; SendMessageA
loc_404C08: ; CODE XREF: sub_404A08+1D6�j
mov ecx, dword_42DD10
mov [ecx+edi*4], eax
loc_404C11: ; CODE XREF: sub_404A08+17F�j
; sub_404A08+1F2�j
add [ebp+var_10], 418h
inc edi
cmp edi, dword_4341AC
jl loc_404B7E
xor ebx, ebx
cmp [ebp+var_20], ebx
jnz short loc_404C46
loc_404C2C: ; CODE XREF: sub_404A08+162�j
push 0FFFFFFF0h
push [ebp+var_4]
call ds:dword_4091AC ; GetWindowLongA
and eax, 0FFFFFFFBh
push eax
push 0FFFFFFF0h
push [ebp+var_4]
call ds:dword_409250 ; SetWindowLongA
loc_404C46: ; CODE XREF: sub_404A08+222�j
push ebx
push 6
push 115h
push [ebp+var_4]
call esi ; SendMessageA
cmp [ebp+var_14], ebx
jnz short loc_404C70
push 5
push [ebp+var_8]
call ds:dword_409234 ; ShowWindow
push [ebp+var_8]
call sub_403E90
jmp loc_404FFE
; ---------------------------------------------------------------------------
loc_404C70: ; CODE XREF: sub_404A08+24E�j
push [ebp+var_4]
call sub_403E90
loc_404C78: ; CODE XREF: sub_404A08+50�j
cmp [ebp+arg_4], 405h
jnz short loc_404C93
xor edi, edi
inc edi
mov [ebp+arg_8], ebx
mov [ebp+arg_C], edi
mov [ebp+arg_4], 40Fh
jmp short loc_404C96
; ---------------------------------------------------------------------------
loc_404C93: ; CODE XREF: sub_404A08+277�j
mov edi, [ebp+arg_C]
loc_404C96: ; CODE XREF: sub_404A08+289�j
cmp [ebp+arg_4], 4Eh
mov eax, 413h
jz short loc_404CAA
cmp [ebp+arg_4], eax
jnz loc_404DA8
loc_404CAA: ; CODE XREF: sub_404A08+297�j
cmp [ebp+arg_4], eax
jz short loc_404CBC
cmp dword ptr [edi+4], 408h
jnz loc_404DA8
loc_404CBC: ; CODE XREF: sub_404A08+2A5�j
test byte ptr dword_4341E4+1, 2
jnz loc_404D66
cmp [ebp+arg_4], eax
jz short loc_404CE2
cmp dword ptr [edi+8], 0FFFFFFFEh
jnz loc_404D66
push [ebp+var_4]
call sub_4048D5
jmp short loc_404CEF
; ---------------------------------------------------------------------------
loc_404CE2: ; CODE XREF: sub_404A08+2C4�j
push ebx
push 9
push 110Ah
push [ebp+var_4]
call esi ; SendMessageA
loc_404CEF: ; CODE XREF: sub_404A08+2D8�j
cmp eax, ebx
mov [ebp+var_44], eax
jz short loc_404D66
lea eax, [ebp+var_48]
push eax
push ebx
push 110Ch
push [ebp+var_4]
mov [ebp+var_48], 4
call esi ; SendMessageA
test eax, eax
jz short loc_404D66
mov eax, [ebp+var_24]
mov ecx, [ebp+var_18]
imul eax, 418h
lea ecx, [eax+ecx+8]
mov eax, [ecx]
test al, 10h
jnz short loc_404D66
test al, 40h
jz short loc_404D3D
xor eax, 80h
test al, al
jns short loc_404D38
or eax, 1
jmp short loc_404D40
; ---------------------------------------------------------------------------
loc_404D38: ; CODE XREF: sub_404A08+329�j
and eax, 0FFFFFFFEh
jmp short loc_404D40
; ---------------------------------------------------------------------------
loc_404D3D: ; CODE XREF: sub_404A08+320�j
xor eax, 1
loc_404D40: ; CODE XREF: sub_404A08+32E�j
; sub_404A08+333�j
mov [ecx], eax
push [ebp+var_24]
call sub_40117D
mov eax, dword_4341E4
xor ecx, ecx
shr eax, 8
inc ecx
not eax
and eax, ecx
mov [ebp+arg_8], ecx
mov [ebp+arg_C], eax
mov [ebp+arg_4], 40Fh
loc_404D66: ; CODE XREF: sub_404A08+2BB�j
; sub_404A08+2CA�j ...
cmp edi, ebx
jz short loc_404DA8
cmp dword ptr [edi+8], 0FFFFFE6Eh
jnz short loc_404D81
push dword ptr [edi+5Ch]
push ebx
push 419h
push [ebp+var_4]
call esi ; SendMessageA
loc_404D81: ; CODE XREF: sub_404A08+369�j
cmp dword ptr [edi+8], 0FFFFFE6Ah
jnz short loc_404DA8
mov eax, [edi+5Ch]
mov ecx, [ebp+var_18]
imul eax, 418h
cmp dword ptr [edi+0Ch], 2
lea eax, [eax+ecx+8]
jnz short loc_404DA5
or dword ptr [eax], 20h
jmp short loc_404DA8
; ---------------------------------------------------------------------------
loc_404DA5: ; CODE XREF: sub_404A08+396�j
and dword ptr [eax], 0FFFFFFDFh
loc_404DA8: ; CODE XREF: sub_404A08+29C�j
; sub_404A08+2AE�j ...
cmp [ebp+arg_4], 111h
jnz short loc_404E23
cmp word ptr [ebp+arg_8], 3F9h
jnz loc_404FFE
mov eax, [ebp+arg_8]
shr eax, 10h
cmp ax, 1
jnz loc_404FFE
push ebx
push ebx
push 147h
push [ebp+var_8]
call esi ; SendMessageA
cmp eax, 0FFFFFFFFh
jz loc_404FFE
push ebx
push eax
push 150h
push [ebp+var_8]
call esi ; SendMessageA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_404DFD
mov eax, [ebp+var_1C]
cmp [eax+edi*4], ebx
jnz short loc_404E00
loc_404DFD: ; CODE XREF: sub_404A08+3EB�j
push 20h
pop edi
loc_404E00: ; CODE XREF: sub_404A08+3F3�j
push edi
call sub_4012A8
push edi
push ebx
push 420h
push [ebp+arg_0]
call esi ; SendMessageA
mov [ebp+arg_8], 1
mov [ebp+arg_C], ebx
mov [ebp+arg_4], 40Fh
loc_404E23: ; CODE XREF: sub_404A08+3A7�j
cmp [ebp+arg_4], 200h
jnz short loc_404E38
push ebx
push ebx
push 200h
push [ebp+var_4]
call esi ; SendMessageA
loc_404E38: ; CODE XREF: sub_404A08+422�j
cmp [ebp+arg_4], 40Bh
jnz short loc_404E73
mov eax, dword_42DD0C
cmp eax, ebx
jz short loc_404E51
push eax
call ds:dword_409030
loc_404E51: ; CODE XREF: sub_404A08+440�j
mov eax, dword_42DD10
cmp eax, ebx
jz short loc_404E61
push eax
call ds:dword_409140 ; GlobalFree
loc_404E61: ; CODE XREF: sub_404A08+450�j
mov dword_42DD0C, ebx
mov dword_42DD10, ebx
mov dword_4341EC, ebx
loc_404E73: ; CODE XREF: sub_404A08+437�j
cmp [ebp+arg_4], 40Fh
jnz loc_404FC0
call sub_40129E
cmp [ebp+arg_8], ebx
jz short loc_404E91
push 8
call sub_4014C9
loc_404E91: ; CODE XREF: sub_404A08+480�j
cmp [ebp+arg_C], ebx
jz short loc_404ED5
push dword_42DD10
call sub_4012F3
mov edi, eax
push edi
call sub_4012A8
xor eax, eax
xor ecx, ecx
cmp edi, ebx
jle short loc_404EBF
loc_404EB1: ; CODE XREF: sub_404A08+4B5�j
mov edx, [ebp+var_1C]
cmp [edx+eax*4], ebx
jz short loc_404EBA
inc ecx
loc_404EBA: ; CODE XREF: sub_404A08+4AF�j
inc eax
cmp eax, edi
jl short loc_404EB1
loc_404EBF: ; CODE XREF: sub_404A08+4A7�j
push ebx
push ecx
push 14Eh
push [ebp+var_8]
call esi ; SendMessageA
mov [ebp+arg_C], edi
mov [ebp+arg_4], 420h
loc_404ED5: ; CODE XREF: sub_404A08+48C�j
call sub_40129E
cmp dword_4341AC, ebx
mov eax, dword_42DD10
mov edi, dword_4341A8
mov [ebp+var_20], eax
mov [ebp+var_3C], 0F030h
mov [ebp+var_14], ebx
jle loc_404FA3
add edi, 8
loc_404F01: ; CODE XREF: sub_404A08+595�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_14]
mov eax, [eax+ecx*4]
cmp eax, ebx
jz short loc_404F8B
mov edx, [edi]
push 8
mov [ebp+var_44], eax
pop eax
mov ecx, edx
and ecx, eax
mov [ebp+var_18], edx
and [ebp+var_18], 20h
shl ecx, 1
or ecx, [ebp+var_18]
test dh, 1
mov [ebp+var_48], eax
mov [ebp+var_40], ecx
jz short loc_404F45
lea eax, [edi+10h]
mov [ebp+var_48], 9
mov [ebp+var_38], eax
and byte ptr [edi+1], 0FEh
mov ecx, [ebp+var_40]
loc_404F45: ; CODE XREF: sub_404A08+527�j
test dl, 40h
jz short loc_404F4F
push 3
pop eax
jmp short loc_404F5D
; ---------------------------------------------------------------------------
loc_404F4F: ; CODE XREF: sub_404A08+540�j
mov eax, edx
and eax, 1
inc eax
test dl, 10h
jz short loc_404F5D
add eax, 3
loc_404F5D: ; CODE XREF: sub_404A08+545�j
; sub_404A08+550�j
push [ebp+var_44]
shl eax, 0Ch
or ecx, eax
xor eax, eax
cmp [ebp+var_18], ebx
mov [ebp+var_40], ecx
setnz al
inc eax
push eax
push 1102h
push [ebp+var_4]
call esi ; SendMessageA
lea eax, [ebp+var_48]
push eax
push ebx
push 110Dh
push [ebp+var_4]
call esi ; SendMessageA
loc_404F8B: ; CODE XREF: sub_404A08+504�j
inc [ebp+var_14]
mov eax, [ebp+var_14]
add edi, 418h
cmp eax, dword_4341AC
jl loc_404F01
loc_404FA3: ; CODE XREF: sub_404A08+4F0�j
mov eax, dword_433968
cmp [eax+10h], ebx
jz short loc_404FC0
push 5
call sub_4044B0
push 0FFFFFFFBh
push 3FFh
call sub_404419
loc_404FC0: ; CODE XREF: sub_404A08+472�j
; sub_404A08+5A3�j
cmp [ebp+arg_4], 420h
jnz short loc_404FFE
test byte ptr dword_4341E4+1, 1
jz short loc_404FFE
mov esi, ds:dword_409234
xor eax, eax
cmp [ebp+arg_C], 20h
setz al
shl eax, 3
mov edi, eax
push edi
push [ebp+var_4]
call esi ; ShowWindow
push edi
push 3FEh
push [ebp+arg_0]
call ds:dword_40924C ; GetDlgItem
push eax
call esi ; ShowWindow
loc_404FFE: ; CODE XREF: sub_404A08+263�j
; sub_404A08+3AF�j ...
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
call sub_403EC2
pop edi
pop esi
pop ebx
leave
retn 10h
sub_404A08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405013 proc near ; CODE XREF: sub_4014E1+9�p
; sub_40161F:loc_4016AE�p ...
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_43394C
push edi
xor edi, edi
cmp eax, edi
mov [ebp+var_8], eax
jz loc_4050E6
push ebx
mov ebx, dword_40D03C
mov [ebp+var_4], ebx
and [ebp+var_4], 1
push esi
mov esi, offset byte_42DD18
jnz short loc_40504B
push [ebp+arg_0]
push esi
call sub_4066B7
loc_40504B: ; CODE XREF: sub_405013+2D�j
push esi
call sub_406028 ; lstrlenA
cmp [ebp+arg_4], edi
mov [ebp+arg_0], eax
jz short loc_405075
push [ebp+arg_4]
call sub_406028 ; lstrlenA
add eax, [ebp+arg_0]
cmp eax, 800h
jnb short loc_4050E4
push [ebp+arg_4]
push esi
call ds:dword_4090A4 ; lstrcatA
loc_405075: ; CODE XREF: sub_405013+44�j
test bl, 4
jz short loc_405087
push esi
push dword_433958
call ds:dword_409190 ; SetWindowTextA
loc_405087: ; CODE XREF: sub_405013+65�j
test bl, 2
jz short loc_4050D5
push edi
push edi
push 1004h
push [ebp+var_8]
mov [ebp+var_1C], esi
mov esi, ds:dword_40926C
mov [ebp+var_30], 1
call esi ; SendMessageA
sub eax, [ebp+var_4]
not ebx
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
push edi
and ebx, 1
or ebx, 1006h
push ebx
push [ebp+var_8]
mov [ebp+var_28], edi
call esi ; SendMessageA
push edi
push [ebp+var_2C]
push 1013h
push [ebp+var_8]
call esi ; SendMessageA
loc_4050D5: ; CODE XREF: sub_405013+77�j
cmp [ebp+var_4], edi
jz short loc_4050E4
mov eax, [ebp+arg_0]
mov byte_42DD18[eax], 0
loc_4050E4: ; CODE XREF: sub_405013+56�j
; sub_405013+C5�j
pop esi
pop ebx
loc_4050E6: ; CODE XREF: sub_405013+13�j
pop edi
leave
retn 8
sub_405013 endp
; =============== S U B R O U T I N E =======================================
sub_4050EB proc near ; CODE XREF: sub_4059CE+24B�p
; DATA XREF: sub_405176+1D9�o
arg_0 = dword ptr 4
push esi
mov esi, dword_4341A8
push edi
mov edi, dword_4341AC
push 0
call ds:dword_4092A0
or dword_434230, eax
test edi, edi
jz short loc_40515C
add esi, 18h
loc_40510E: ; CODE XREF: sub_4050EB+67�j
dec edi
test byte ptr [esi-10h], 1
jnz short loc_40512D
test byte ptr dword_4341E4+1, 4
jnz short loc_40512D
push esi
push offset aSkippingSectio ; "Skipping section: \"%s\""
call sub_406171
pop ecx
pop ecx
jmp short loc_40514A
; ---------------------------------------------------------------------------
loc_40512D: ; CODE XREF: sub_4050EB+28�j
; sub_4050EB+31�j
push esi
push offset aSectionS ; "Section: \"%s\""
call sub_406171
pop ecx
pop ecx
push [esp+8+arg_0]
push dword ptr [esi-0Ch]
call sub_4013E7
test eax, eax
jnz short loc_405156
loc_40514A: ; CODE XREF: sub_4050EB+40�j
add esi, 418h
test edi, edi
jnz short loc_40510E
jmp short loc_40515C
; ---------------------------------------------------------------------------
loc_405156: ; CODE XREF: sub_4050EB+5D�j
inc dword_43420C
loc_40515C: ; CODE XREF: sub_4050EB+1E�j
; sub_4050EB+69�j
push 404h
call sub_403EA7
call ds:dword_40929C
mov eax, dword_43420C
pop edi
pop esi
retn 4
sub_4050EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405176 proc near ; DATA XREF: .data:0040D030�o
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
mov esi, dword_43394C
xor ebx, ebx
cmp [ebp+arg_4], 110h
push edi
mov [ebp+var_4], esi
jnz loc_405332
or [ebp+var_2C], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
mov [ebp+var_34], 2
mov [ebp+var_30], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
mov eax, dword_434188
mov ecx, [eax+5Ch]
mov eax, [eax+60h]
mov edi, ds:dword_40924C
push 403h
push [ebp+arg_0]
mov [ebp+arg_4], ecx
mov [ebp+arg_8], eax
call edi ; GetDlgItem
push 3EEh
push [ebp+arg_0]
mov dword_433960, eax
call edi ; GetDlgItem
push 3F8h
push [ebp+arg_0]
mov dword_433958, eax
call edi ; GetDlgItem
push dword_433960
mov dword_43394C, eax
mov [ebp+var_4], eax
call sub_403E90
push 4
call sub_4044B0
push offset byte_43A400
push 0FFFFFFFDh
push ebx
mov dword_433964, eax
mov dword_43396C, ebx
call sub_4066B7
push eax
push offset aNewInstallOfST ; "New install of \"%s\" to \"%s\""
call sub_406171
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call ds:dword_409274 ; GetClientRect
push 15h
call ds:dword_4091F8 ; GetSystemMetrics
mov ecx, [ebp+var_C]
mov esi, ds:dword_40926C
sub ecx, eax
lea eax, [ebp+var_34]
push eax
push ebx
push 101Bh
push [ebp+var_4]
mov [ebp+var_2C], ecx
call esi ; SendMessageA
mov eax, 4000h
push eax
push eax
push 1036h
push [ebp+var_4]
call esi ; SendMessageA
cmp [ebp+arg_4], ebx
jl short loc_405299
push [ebp+arg_4]
push ebx
push 1001h
push [ebp+var_4]
call esi ; SendMessageA
push [ebp+arg_4]
push ebx
push 1026h
push [ebp+var_4]
call esi ; SendMessageA
loc_405299: ; CODE XREF: sub_405176+105�j
cmp [ebp+arg_8], ebx
jl short loc_4052AC
push [ebp+arg_8]
push ebx
push 1024h
push [ebp+var_4]
call esi ; SendMessageA
loc_4052AC: ; CODE XREF: sub_405176+126�j
mov eax, [ebp+arg_C]
push dword ptr [eax+30h]
push 1Bh
push [ebp+arg_0]
call sub_403E37
test byte ptr dword_4341E4, 3
jz short loc_4052EE
push ebx
push dword_433960
call ds:dword_409234 ; ShowWindow
test byte ptr dword_4341E4, 2
jnz short loc_4052E8
push 8
push [ebp+var_4]
call ds:dword_409234 ; ShowWindow
jmp short loc_4052EE
; ---------------------------------------------------------------------------
loc_4052E8: ; CODE XREF: sub_405176+163�j
mov dword_433960, ebx
loc_4052EE: ; CODE XREF: sub_405176+14D�j
; sub_405176+170�j
push 3ECh
push [ebp+arg_0]
call edi ; GetDlgItem
push 75300000h
push ebx
mov edi, eax
push 401h
push edi
call esi ; SendMessageA
test byte ptr dword_4341E4, 4
jz loc_405504
push [ebp+arg_8]
push ebx
push 409h
push edi
call esi ; SendMessageA
push [ebp+arg_4]
push ebx
push 2001h
push edi
call esi ; SendMessageA
jmp loc_405504
; ---------------------------------------------------------------------------
loc_405332: ; CODE XREF: sub_405176+1B�j
cmp [ebp+arg_4], 405h
jnz short loc_405363
lea eax, [ebp+arg_0]
push eax
push ebx
push 3ECh
push [ebp+arg_0]
call ds:dword_40924C ; GetDlgItem
push eax
push offset sub_4050EB
push ebx
push ebx
call ds:dword_4090F8 ; CreateThread
push eax
call ds:dword_409084 ; CloseHandle
loc_405363: ; CODE XREF: sub_405176+1C3�j
cmp [ebp+arg_4], 111h
mov edi, ds:dword_409234
jnz short loc_40538D
cmp word ptr [ebp+arg_8], 403h
jnz short loc_4053AF
push ebx
push dword_433960
call edi ; ShowWindow
push 8
push esi
call edi ; ShowWindow
call sub_403E59
loc_40538D: ; CODE XREF: sub_405176+1FA�j
cmp [ebp+arg_4], 404h
jnz short loc_4053EB
cmp dword_433954, ebx
jz short loc_4053C4
push 78h
mov dword_42F520, 2
call sub_403E10
loc_4053AF: ; CODE XREF: sub_405176+202�j
; sub_405176+279�j ...
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
call sub_403EC2
loc_4053BD: ; CODE XREF: sub_405176+390�j
pop edi
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
loc_4053C4: ; CODE XREF: sub_405176+226�j
push 8
push dword_434180
call edi ; ShowWindow
cmp dword_43420C, ebx
jnz short loc_4053E4
mov eax, dword_42F51C
push ebx
push dword ptr [eax+34h]
call sub_405013
loc_4053E4: ; CODE XREF: sub_405176+25E�j
push 1
call sub_403E10
loc_4053EB: ; CODE XREF: sub_405176+21E�j
cmp [ebp+arg_4], 7Bh
jnz short loc_4053AF
cmp [ebp+arg_8], esi
jnz short loc_4053AF
push ebx
push ebx
push 1004h
push esi
call ds:dword_40926C ; SendMessageA
cmp eax, ebx
mov [ebp+arg_0], eax
jle loc_405504
call ds:dword_4091F4 ; CreatePopupMenu
push 0FFFFFFE1h
push ebx
mov edi, eax
call sub_4066B7
push eax
push 1
push ebx
push edi
call ds:dword_4091F0 ; AppendMenuA
mov eax, [ebp+arg_C]
cmp eax, 0FFFFFFFFh
jnz short loc_405445
lea eax, [ebp+var_14]
push eax
push esi
call ds:dword_4091EC ; GetWindowRect
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
jmp short loc_40544E
; ---------------------------------------------------------------------------
loc_405445: ; CODE XREF: sub_405176+2BA�j
movsx ecx, ax
shr eax, 10h
movsx eax, ax
loc_40544E: ; CODE XREF: sub_405176+2CD�j
push ebx
push esi
push ebx
push eax
push ecx
push 180h
push edi
call ds:dword_4091E8 ; TrackPopupMenu
xor edi, edi
inc edi
cmp eax, edi
jnz loc_405504
mov esi, [ebp+arg_0]
mov [ebp+var_34], ebx
mov [ebp+var_28], offset dword_42E518
mov [ebp+var_24], 0FFFh
loc_40547E: ; CODE XREF: sub_405176+322�j
lea eax, [ebp+var_3C]
push eax
dec esi
push esi
push 102Dh
push [ebp+var_4]
call ds:dword_40926C ; SendMessageA
cmp esi, ebx
lea edi, [edi+eax+2]
jnz short loc_40547E
push ebx
call ds:dword_4091E4 ; OpenClipboard
call ds:dword_4091E0 ; EmptyClipboard
push edi
push 42h
call ds:dword_4090F4 ; GlobalAlloc
push eax
mov [ebp+arg_4], eax
call ds:dword_4090F0 ; GlobalLock
mov esi, eax
loc_4054BC: ; CODE XREF: sub_405176+372�j
lea eax, [ebp+var_3C]
push eax
push ebx
push 102Dh
push [ebp+var_4]
mov [ebp+var_28], esi
mov [ebp+var_24], edi
call ds:dword_40926C ; SendMessageA
push esi
call sub_406028 ; lstrlenA
add esi, eax
mov word ptr [esi], 0A0Dh
inc esi
inc esi
inc ebx
cmp ebx, [ebp+arg_0]
jl short loc_4054BC
push [ebp+arg_4]
call ds:dword_4090EC ; GlobalUnlock
push [ebp+arg_4]
push 1
call ds:dword_4091DC ; SetClipboardData
call ds:dword_4091D8 ; CloseClipboard
loc_405504: ; CODE XREF: sub_405176+199�j
; sub_405176+1B7�j ...
xor eax, eax
jmp loc_4053BD
sub_405176 endp
; =============== S U B R O U T I N E =======================================
sub_40550B proc near ; DATA XREF: sub_4059CE+224�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 10h
push ebx
push ebp
mov ebp, [esp+18h+arg_4]
mov ecx, 110h
cmp ebp, ecx
push esi
push edi
jz loc_405697
cmp ebp, 408h
jz loc_405697
cmp ebp, 47h
mov ebx, [esp+20h+arg_0]
jnz short loc_40554D
push 13h
xor eax, eax
push eax
push eax
push eax
push eax
push ebx
push dword_42DD14
call ds:dword_409208 ; SetWindowPos
loc_40554D: ; CODE XREF: sub_40550B+2B�j
cmp ebp, 5
jnz short loc_40556A
mov eax, [esp+20h+arg_8]
dec eax
neg eax
sbb eax, eax
and eax, ebp
push eax
push dword_42DD14
call ds:dword_409234 ; ShowWindow
loc_40556A: ; CODE XREF: sub_40550B+45�j
cmp ebp, 40Dh
jnz short loc_40558C
push dword_433948
call ds:dword_409198 ; DestroyWindow
mov eax, [esp+20h+arg_8]
mov dword_433948, eax
jmp loc_40599D
; ---------------------------------------------------------------------------
loc_40558C: ; CODE XREF: sub_40550B+65�j
cmp ebp, 11h
jnz short loc_4055A4
push 0
push 0
push ebx
call ds:dword_409250 ; SetWindowLongA
xor eax, eax
inc eax
jmp loc_4059C4
; ---------------------------------------------------------------------------
loc_4055A4: ; CODE XREF: sub_40550B+84�j
cmp ebp, 10h
jnz short loc_4055DC
mov eax, dword_4341A4
dec eax
cmp dword_40D020, eax
jnz loc_405683
push dword_42DD08
call ds:dword_409204 ; IsWindowEnabled
test eax, eax
jnz loc_405683
mov ebp, 111h
mov [esp+20h+arg_8], 1
loc_4055DC: ; CODE XREF: sub_40550B+9C�j
cmp ebp, 111h
jnz loc_405683
movzx esi, word ptr [esp+20h+arg_8]
push esi
push ebx
call ds:dword_40924C ; GetDlgItem
mov ebx, ds:dword_40926C
mov edi, eax
test edi, edi
jz short loc_40561C
push 0
push 0
push 0F3h
push edi
call ebx ; SendMessageA
push edi
call ds:dword_409204 ; IsWindowEnabled
test eax, eax
jz loc_4059C2
loc_40561C: ; CODE XREF: sub_40550B+F4�j
xor edi, edi
inc edi
cmp esi, edi
jnz short loc_405626
push edi
jmp short loc_405667
; ---------------------------------------------------------------------------
loc_405626: ; CODE XREF: sub_40550B+116�j
cmp esi, 3
jnz short loc_405638
cmp dword_40D020, 0
jle short loc_40566E
push 0FFFFFFFFh
jmp short loc_405667
; ---------------------------------------------------------------------------
loc_405638: ; CODE XREF: sub_40550B+11E�j
cmp esi, 2
jnz short loc_40566E
cmp dword_43420C, 0
jz short loc_405654
push esi
call sub_4014C9
mov dword_42F520, esi
jmp short loc_405665
; ---------------------------------------------------------------------------
loc_405654: ; CODE XREF: sub_40550B+139�j
push 3
call sub_4014C9
test eax, eax
jnz short loc_405683
mov dword_42F520, edi
loc_405665: ; CODE XREF: sub_40550B+147�j
push 78h
loc_405667: ; CODE XREF: sub_40550B+119�j
; sub_40550B+12B�j
call sub_403E10
jmp short loc_405683
; ---------------------------------------------------------------------------
loc_40566E: ; CODE XREF: sub_40550B+127�j
; sub_40550B+130�j
push [esp+20h+arg_C]
push [esp+24h+arg_8]
push 111h
push dword_433948
call ebx ; SendMessageA
loc_405683: ; CODE XREF: sub_40550B+AA�j
; sub_40550B+BE�j ...
push [esp+20h+arg_C]
mov eax, ebp
push [esp+24h+arg_8]
call sub_403EC2
jmp loc_4059C4
; ---------------------------------------------------------------------------
loc_405697: ; CODE XREF: sub_40550B+12�j
; sub_40550B+1E�j
cmp ebp, ecx
mov eax, [esp+20h+arg_8]
mov ebx, [esp+20h+arg_0]
mov dword_42D8FC, eax
jnz short loc_4056F5
mov esi, ds:dword_40924C
push 1
push ebx
mov dword_434180, ebx
call esi ; GetDlgItem
push 2
push ebx
mov dword_42F518, eax
call esi ; GetDlgItem
push 0FFFFFFFFh
push 1Ch
push ebx
mov dword_42DD08, eax
call sub_403E37
push dword_433950
push 0FFFFFFF2h
push ebx
call ds:dword_409200 ; SetClassLongA
push 4
call sub_4014C9
mov dword_433954, eax
xor eax, eax
inc eax
mov dword_42D8FC, eax
loc_4056F5: ; CODE XREF: sub_40550B+19B�j
mov ecx, dword_40D020
mov esi, ecx
shl esi, 6
add esi, dword_4341A0
xor edi, edi
cmp ecx, edi
jl short loc_40574A
cmp eax, 1
jnz short loc_405742
push edi
push dword ptr [esi+10h]
call sub_4013E7
test eax, eax
jz short loc_405742
push 1
push edi
push 40Fh
push dword_433948
call ds:dword_40926C ; SendMessageA
xor eax, eax
cmp dword_433954, edi
setz al
jmp loc_4059C4
; ---------------------------------------------------------------------------
loc_405742: ; CODE XREF: sub_40550B+204�j
; sub_40550B+211�j
cmp [esi], edi
jz loc_4059C2
loc_40574A: ; CODE XREF: sub_40550B+1FF�j
push 40Bh
call sub_403EA7
loc_405754: ; CODE XREF: sub_40550B+386�j
; sub_40550B+38E�j ...
mov eax, dword_42D8FC
add dword_40D020, eax
shl eax, 6
add esi, eax
mov eax, dword_40D020
cmp eax, dword_4341A4
jnz short loc_405778
push 1
call sub_4014C9
loc_405778: ; CODE XREF: sub_40550B+264�j
cmp dword_433954, 0
jnz loc_40597D
mov eax, dword_4341A4
cmp dword_40D020, eax
jnb loc_40597D
push dword ptr [esi+24h]
mov edi, [esi+14h]
push offset dword_43C000
call sub_4066B7
push dword ptr [esi+20h]
push 0FFFFFC19h
push ebx
call sub_403E37
push dword ptr [esi+1Ch]
push 0FFFFFC1Bh
push ebx
call sub_403E37
push dword ptr [esi+28h]
push 0FFFFFC1Ah
push ebx
call sub_403E37
push 3
push ebx
call ds:dword_40924C ; GetDlgItem
cmp dword_43420C, 0
mov ebp, eax
jz short loc_4057ED
and edi, 0FFFFFEFDh
or edi, 4
loc_4057ED: ; CODE XREF: sub_40550B+2D7�j
mov eax, edi
and eax, 8
push eax
push ebp
call ds:dword_409234 ; ShowWindow
mov eax, edi
and eax, 100h
push eax
push ebp
call ds:dword_40925C ; EnableWindow
mov eax, edi
and eax, 2
push eax
call sub_403E7D
and edi, 4
push edi
push dword_42DD08
call ds:dword_40925C ; EnableWindow
push 1
xor edi, edi
push edi
push 0F4h
push ebp
mov ebp, ds:dword_40926C
call ebp ; SendMessageA
cmp dword_43420C, edi
jz short loc_405852
push edi
push 2
push 401h
push ebx
call ebp ; SendMessageA
push dword_42DD08
jmp short loc_405858
; ---------------------------------------------------------------------------
loc_405852: ; CODE XREF: sub_40550B+332�j
push dword_42F518
loc_405858: ; CODE XREF: sub_40550B+345�j
call sub_403E90
push offset aNsisError ; "NSIS Error"
mov ebp, offset dword_42E518
push ebp
call sub_406022 ; lstrcpyA
push dword ptr [esi+18h]
push ebp
call sub_406028 ; lstrlenA
add eax, ebp
push eax
call sub_4066B7
push ebp
push ebx
call ds:dword_409190 ; SetWindowTextA
push edi
push dword ptr [esi+8]
call sub_4013E7
test eax, eax
jnz loc_405754
cmp [esi], eax
jz loc_405754
cmp dword ptr [esi+4], 5
jnz short loc_4058C2
cmp dword_43420C, eax
jnz loc_4059C2
cmp dword_434200, eax
jnz loc_405754
jmp loc_4059C2
; ---------------------------------------------------------------------------
loc_4058C2: ; CODE XREF: sub_40550B+398�j
push dword_433948
call ds:dword_409198 ; DestroyWindow
cmp dword ptr [esi], 0
mov dword_42F51C, esi
jle loc_40599D
mov eax, [esi+4]
push esi
push off_40D024[eax*4]
mov ax, [esi]
add ax, word ptr dword_43395C
push ebx
movzx eax, ax
push eax
push dword_434184
call ds:dword_40919C ; CreateDialogParamA
test eax, eax
mov dword_433948, eax
jz loc_40599D
push dword ptr [esi+2Ch]
push 6
push eax
call sub_403E37
lea eax, [esp+20h+var_10]
push eax
push 3FAh
push ebx
call ds:dword_40924C ; GetDlgItem
push eax
call ds:dword_4091EC ; GetWindowRect
lea eax, [esp+20h+var_10]
push eax
push ebx
call ds:dword_4091C4 ; ScreenToClient
push 15h
xor edi, edi
push edi
push edi
push [esp+2Ch+var_C]
push [esp+30h+var_10]
push edi
push dword_433948
call ds:dword_409208 ; SetWindowPos
push edi
push dword ptr [esi+0Ch]
call sub_4013E7
push 8
push dword_433948
call ds:dword_409234 ; ShowWindow
push 405h
call sub_403EA7
jmp short loc_40599D
; ---------------------------------------------------------------------------
loc_40597D: ; CODE XREF: sub_40550B+274�j
; sub_40550B+285�j
push dword_433948
call ds:dword_409198 ; DestroyWindow
push dword_42F520
and dword_434180, 0
push ebx
call ds:dword_4091FC ; EndDialog
loc_40599D: ; CODE XREF: sub_40550B+7C�j
; sub_40550B+3CC�j ...
cmp dword_42F528, 0
jnz short loc_4059C2
cmp dword_433948, 0
jz short loc_4059C2
push 0Ah
push ebx
call ds:dword_409234 ; ShowWindow
mov dword_42F528, 1
loc_4059C2: ; CODE XREF: sub_40550B+10B�j
; sub_40550B+239�j ...
xor eax, eax
loc_4059C4: ; CODE XREF: sub_40550B+94�j
; sub_40550B+187�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 10h
sub_40550B endp
; =============== S U B R O U T I N E =======================================
sub_4059CE proc near ; CODE XREF: start+2B5�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
mov eax, dword_4341E4
sub esp, 14h
push ebx
push ebp
push esi
mov esi, dword_434188
and eax, 20h
push edi
mov dword_434200, eax
call sub_403FAC
mov ebp, offset byte_43A400
push ebp
call sub_406252
xor ebx, ebx
test eax, eax
jnz loc_405A82
mov ecx, [esi+48h]
cmp ecx, ebx
jz short loc_405A82
mov eax, dword_4341B8
mov edx, [esi+4Ch]
mov edi, offset byte_432D20
push edi
add edx, eax
push edx
add ecx, eax
push ecx
push dword ptr [esi+44h]
call sub_405EBB
mov al, byte_432D20
cmp al, bl
jz short loc_405A82
cmp al, 22h
jnz short loc_405A41
push 22h
mov edi, offset byte_432D21
push edi
call sub_405D3E
mov [eax], bl
loc_405A41: ; CODE XREF: sub_4059CE+62�j
push edi
call sub_406028 ; lstrlenA
lea eax, [eax+edi-4]
cmp eax, edi
jbe short loc_405A75
push offset a_exe ; ".exe"
push eax
call ds:dword_409080 ; lstrcmpiA
test eax, eax
jnz short loc_405A75
push edi
call ds:dword_40908C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405A6F
test al, 10h
jnz short loc_405A75
loc_405A6F: ; CODE XREF: sub_4059CE+9B�j
push edi
call sub_40622C
loc_405A75: ; CODE XREF: sub_4059CE+7F�j
; sub_4059CE+8F�j ...
push edi
call sub_4061CB
push eax
push ebp
call sub_406022 ; lstrcpyA
loc_405A82: ; CODE XREF: sub_4059CE+2E�j
; sub_4059CE+39�j ...
push ebp
call sub_406252
test eax, eax
jnz short loc_405A98
push dword ptr [esi+118h]
push ebp
call sub_4066B7
loc_405A98: ; CODE XREF: sub_4059CE+BC�j
xor ebp, ebp
inc ebp
test byte ptr dword_4341E4, 10h
jz short loc_405AB7
cmp dword_4341E0, ebx
jnz short loc_405AB7
call sub_403F6C
mov dword_431D04, ebp
loc_405AB7: ; CODE XREF: sub_4059CE+D4�j
; sub_4059CE+DC�j
push 8040h
push ebx
push ebx
push ebp
push 67h
push dword_434184
call ds:dword_409254 ; LoadImageA
mov dword_433950, eax
cmp dword ptr [esi+50h], 0FFFFFFFFh
mov edi, offset dword_433920
jz loc_405B6A
mov ecx, dword_434184
mov dword_433934, eax
lea eax, [esp+24h+var_14]
push edi
mov [esp+28h+var_14], 624E5Fh
mov dword_433924, offset sub_401000
mov dword_433930, ecx
mov dword_433944, eax
call ds:dword_40921C ; RegisterClassA
test ax, ax
jz loc_405C40
push ebx
lea eax, [esp+28h+var_10]
push eax
push ebx
push 30h
call ds:dword_409218 ; SystemParametersInfoA
mov eax, [esp+24h+var_4]
sub eax, [esp+24h+var_C]
push ebx
push dword_434184
push ebx
push ebx
push eax
mov eax, [esp+38h+var_8]
sub eax, [esp+38h+var_10]
push eax
push [esp+3Ch+var_C]
lea eax, [esp+40h+var_14]
push [esp+40h+var_10]
push 80000000h
push ebx
push eax
push 80h
call ds:dword_409214 ; CreateWindowExA
mov dword_42DD14, eax
loc_405B6A: ; CODE XREF: sub_4059CE+10D�j
push ebx
call sub_4014C9
test eax, eax
jz short loc_405B7C
loc_405B74: ; CODE XREF: sub_4059CE+25A�j
; sub_4059CE+267�j
push 2
pop eax
jmp loc_405C42
; ---------------------------------------------------------------------------
loc_405B7C: ; CODE XREF: sub_4059CE+1A4�j
call sub_403FAC
cmp dword_434220, ebx
jnz loc_405C18
push 5
push dword_42DD14
call ds:dword_409234 ; ShowWindow
mov esi, ds:dword_4090C4
mov ebp, offset aRiched20_dll ; "RichEd20.dll"
push ebp
call esi ; LoadLibraryA
test eax, eax
jnz short loc_405BB9
push ebp
mov word ptr aRiched20_dll+6, 3233h
call esi ; LoadLibraryA
loc_405BB9: ; CODE XREF: sub_4059CE+1DD�j
mov ebp, ds:dword_409210
push edi
mov esi, offset aRichedit20a ; "RichEdit20A"
push esi
push ebx
call ebp ; GetClassInfoA
test eax, eax
jnz short loc_405BEC
push edi
push esi
push ebx
mov byte ptr aRichedit20a+8, bl
call ebp ; GetClassInfoA
push edi
mov dword_433944, esi
mov byte ptr aRichedit20a+8, 32h
call ds:dword_40921C ; RegisterClassA
loc_405BEC: ; CODE XREF: sub_4059CE+1FD�j
mov eax, dword_43395C
push ebx
push offset sub_40550B
add eax, 69h
movzx eax, ax
push ebx
push eax
push dword_434184
call ds:dword_40920C ; DialogBoxParamA
push 5
mov esi, eax
call sub_4014C9
mov eax, esi
jmp short loc_405C42
; ---------------------------------------------------------------------------
loc_405C18: ; CODE XREF: sub_4059CE+1B9�j
push ebx
call sub_4050EB
test eax, eax
jz short loc_405C3A
cmp dword_433954, ebx
jnz loc_405B74
push 2
call sub_4014C9
jmp loc_405B74
; ---------------------------------------------------------------------------
loc_405C3A: ; CODE XREF: sub_4059CE+252�j
push ebp
call sub_4014C9
loc_405C40: ; CODE XREF: sub_4059CE+149�j
xor eax, eax
loc_405C42: ; CODE XREF: sub_4059CE+1A9�j
; sub_4059CE+248�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_4059CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C4A proc near ; CODE XREF: sub_4044DD+166�p
; sub_4066B7+16C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
call ds:dword_409178 ; SHGetMalloc
mov eax, [ebp+var_4]
test eax, eax
jz short locret_405C71
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+14h]
mov eax, [ebp+var_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_405C71: ; CODE XREF: sub_405C4A+13�j
leave
retn 4
sub_405C4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C75 proc near ; CODE XREF: sub_40161F+D2C�p
; sub_40161F+19C2�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov dword_42F530, 44h
call ds:dword_40908C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
jz short loc_405C99
test al, 10h
jnz short loc_405C9C
loc_405C99: ; CODE XREF: sub_405C75+1E�j
mov [ebp+arg_4], ecx
loc_405C9C: ; CODE XREF: sub_405C75+22�j
lea eax, [ebp+var_10]
push eax
push offset dword_42F530
push [ebp+arg_4]
push ecx
push ecx
push ecx
push ecx
push ecx
push [ebp+arg_0]
push ecx
call ds:dword_4090FC ; CreateProcessA
test eax, eax
jz short locret_405CC7
push [ebp+var_C]
call ds:dword_409084 ; CloseHandle
mov eax, [ebp+var_10]
locret_405CC7: ; CODE XREF: sub_405C75+44�j
leave
retn 8
sub_405C75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405CCB proc near ; CODE XREF: sub_40333D+76�p
; sub_403E37+1A�p ...
jmp ds:dword_409220
sub_405CCB endp
; =============== S U B R O U T I N E =======================================
sub_405CD1 proc near ; CODE XREF: sub_404093+18�p
; sub_4044DD+33�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 400h
push [esp+4+arg_4]
push [esp+8+arg_0]
push dword_433948
call ds:dword_409224 ; GetDlgItemTextA
retn 8
sub_405CD1 endp
; =============== S U B R O U T I N E =======================================
sub_405CED proc near ; CODE XREF: sub_40161F+61B�p
; sub_40161F:loc_401D42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, eax
and ecx, 1FFFFFh
cmp dword_434220, 0
jz short loc_405D07
shr eax, 15h
jnz short locret_405D2C
loc_405D07: ; CODE XREF: sub_405CED+13�j
cmp dword_434228, 0
jz short loc_405D16
xor ecx, 180000h
loc_405D16: ; CODE XREF: sub_405CED+21�j
push ecx
push offset aNsisError ; "NSIS Error"
push [esp+8+arg_0]
push dword_434180
call ds:dword_409228 ; MessageBoxA
locret_405D2C: ; CODE XREF: sub_405CED+18�j
retn 8
sub_405CED endp
; =============== S U B R O U T I N E =======================================
sub_405D2F proc near ; CODE XREF: sub_40161F+4AA�p
; sub_40161F+A18�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 40h
call ds:dword_4090F4 ; GlobalAlloc
retn 4
sub_405D2F endp
; =============== S U B R O U T I N E =======================================
sub_405D3E proc near ; CODE XREF: start+C5�p start+187�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+arg_0]
jmp short loc_405D51
; ---------------------------------------------------------------------------
loc_405D44: ; CODE XREF: sub_405D3E+17�j
cmp cl, [esp+arg_4]
jz short locret_405D57
push eax
call ds:dword_4091A4 ; CharNextA
loc_405D51: ; CODE XREF: sub_405D3E+4�j
mov cl, [eax]
test cl, cl
jnz short loc_405D44
locret_405D57: ; CODE XREF: sub_405D3E+A�j
retn 8
sub_405D3E endp
; =============== S U B R O U T I N E =======================================
sub_405D5A proc near ; CODE XREF: sub_40161F+526�p
; sub_40161F+1039�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov al, [ecx]
or al, 20h
cmp word ptr [ecx], 5C5Ch
jz short loc_405D7B
cmp al, 61h
jl short loc_405D77
cmp al, 7Ah
jg short loc_405D77
cmp byte ptr [ecx+1], 3Ah
jz short loc_405D7B
loc_405D77: ; CODE XREF: sub_405D5A+11�j
; sub_405D5A+15�j
xor eax, eax
jmp short locret_405D7E
; ---------------------------------------------------------------------------
loc_405D7B: ; CODE XREF: sub_405D5A+D�j
; sub_405D5A+1B�j
xor eax, eax
inc eax
locret_405D7E: ; CODE XREF: sub_405D5A+1F�j
retn 4
sub_405D5A endp
; =============== S U B R O U T I N E =======================================
sub_405D81 proc near ; CODE XREF: sub_4044DD+A4�p
; sub_4044DD+1F7�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, ds:dword_4091A4
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call esi ; CharNextA
mov ebx, eax
push ebx
call esi ; CharNextA
cmp byte ptr [edi], 0
jz short loc_405DA7
cmp word ptr [ebx], 5C3Ah
jnz short loc_405DA7
push eax
call esi ; CharNextA
jmp short loc_405DC8
; ---------------------------------------------------------------------------
loc_405DA7: ; CODE XREF: sub_405D81+18�j
; sub_405D81+1F�j
cmp word ptr [edi], 5C5Ch
jnz short loc_405DC6
push 2
pop esi
loc_405DB1: ; CODE XREF: sub_405D81+41�j
push 5Ch
push eax
dec esi
call sub_405D3E
cmp byte ptr [eax], 0
jz short loc_405DC6
inc eax
test esi, esi
jnz short loc_405DB1
jmp short loc_405DC8
; ---------------------------------------------------------------------------
loc_405DC6: ; CODE XREF: sub_405D81+2B�j
; sub_405D81+3C�j
xor eax, eax
loc_405DC8: ; CODE XREF: sub_405D81+24�j
; sub_405D81+43�j
pop edi
pop esi
pop ebx
retn 4
sub_405D81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DCE proc near ; CODE XREF: sub_406326+289�p
; sub_406326+2C3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push [ebp+arg_4]
mov edi, ds:dword_409100
call edi ; lstrlenA
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_405E0F
; ---------------------------------------------------------------------------
loc_405DE8: ; CODE XREF: sub_405DCE+47�j
mov eax, [ebp+var_4]
push [ebp+arg_4]
mov bl, [eax+esi]
push esi
mov byte ptr [eax+esi], 0
call ds:dword_409080 ; lstrcmpiA
test eax, eax
mov eax, [ebp+var_4]
mov [eax+esi], bl
jz short loc_405E20
push esi
call ds:dword_4091A4 ; CharNextA
mov esi, eax
loc_405E0F: ; CODE XREF: sub_405DCE+18�j
push esi
call edi ; lstrlenA
cmp eax, [ebp+var_4]
jge short loc_405DE8
xor eax, eax
loc_405E19: ; CODE XREF: sub_405DCE+54�j
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_405E20: ; CODE XREF: sub_405DCE+36�j
mov eax, esi
jmp short loc_405E19
sub_405DCE endp
; =============== S U B R O U T I N E =======================================
sub_405E24 proc near ; CODE XREF: sub_40161F+190B�p
; sub_403646+C1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jle short loc_405E40
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_405E37: ; CODE XREF: sub_405E24+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_405E37
loc_405E40: ; CODE XREF: sub_405E24+B�j
pop esi
retn 0Ch
sub_405E24 endp
; =============== S U B R O U T I N E =======================================
sub_405E44 proc near ; CODE XREF: sub_40161F+5C5�p
; sub_40161F+15C1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
call ds:dword_40908C ; GetFileAttributesA
mov ecx, eax
inc ecx
push 0
neg ecx
sbb ecx, ecx
and ecx, eax
push ecx
push [esp+8+arg_8]
push 0
push 1
push [esp+14h+arg_4]
push [esp+18h+arg_0]
call ds:dword_409104 ; CreateFileA
retn 0Ch
sub_405E44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E73 proc near ; CODE XREF: sub_40161F+42D�p
; sub_4038F2+2D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
push 64h
pop edi
loc_405E7E: ; CODE XREF: sub_405E73+39�j
dec edi
mov [ebp+arg_0], 61736Eh
call ds:dword_4090B4 ; GetTickCount
push 1Ah
pop ecx
xor edx, edx
div ecx
push esi
push 0
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
add byte ptr [ebp+arg_0+2], dl
call ds:dword_409108 ; GetTempFileNameA
test eax, eax
jnz short loc_405EB7
test edi, edi
jnz short loc_405E7E
mov byte ptr [esi], 0
loc_405EB1: ; CODE XREF: sub_405E73+46�j
pop edi
pop esi
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_405EB7: ; CODE XREF: sub_405E73+35�j
mov eax, esi
jmp short loc_405EB1
sub_405E73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405EBB proc near ; CODE XREF: sub_4059CE+52�p
; sub_4066B7+D9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_C]
lea eax, [ebp+arg_4]
push eax
push 20019h
xor ebx, ebx
push ebx
push [ebp+arg_4]
mov [esi], bl
push [ebp+arg_0]
call ds:dword_409008 ; RegOpenKeyExA
test eax, eax
jnz short loc_405F1F
lea eax, [ebp+arg_0]
push eax
push esi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
mov [ebp+arg_0], 400h
push [ebp+arg_4]
call ds:dword_40901C ; RegQueryValueExA
test eax, eax
jnz short loc_405F0E
cmp [ebp+arg_C], 1
jz short loc_405F10
cmp [ebp+arg_C], 2
jz short loc_405F10
loc_405F0E: ; CODE XREF: sub_405EBB+45�j
mov [esi], bl
loc_405F10: ; CODE XREF: sub_405EBB+4B�j
; sub_405EBB+51�j
push [ebp+arg_4]
mov [esi+3FFh], bl
call ds:dword_409020 ; RegCloseKey
loc_405F1F: ; CODE XREF: sub_405EBB+24�j
pop esi
pop ebx
pop ebp
retn 10h
sub_405EBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F25 proc near ; CODE XREF: sub_406326+145�p
; sub_406326+1CF�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
lea eax, [ebp+var_8]
push eax
xor esi, esi
lea eax, [ebp+var_4]
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_8], esi
call ds:dword_409014 ; RegCreateKeyExA
mov edi, eax
cmp edi, esi
jnz short loc_405F78
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push esi
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_409018 ; RegSetValueExA
push [ebp+var_4]
mov edi, eax
call ds:dword_409020 ; RegCloseKey
loc_405F78: ; CODE XREF: sub_405F25+30�j
mov eax, edi
pop edi
pop esi
leave
retn 18h
sub_405F25 endp
; =============== S U B R O U T I N E =======================================
sub_405F80 proc near ; CODE XREF: sub_40161F+DAD�p
; sub_40161F+DF2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push offset dword_409C50
push [esp+8+arg_0]
call ds:dword_40923C ; wsprintfA
add esp, 0Ch
retn 8
sub_405F80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F99 proc near ; CODE XREF: sub_4013E7+6F�p
; sub_4014F2+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
xor edi, edi
cmp byte ptr [ecx], 2Dh
mov [ebp+var_4], 1
mov al, 0Ah
mov bl, 39h
jnz short loc_405FBA
inc ecx
or [ebp+var_4], 0FFFFFFFFh
loc_405FBA: ; CODE XREF: sub_405F99+1A�j
cmp byte ptr [ecx], 30h
jnz short loc_405FDB
inc ecx
mov dl, [ecx]
cmp dl, 30h
jl short loc_405FD0
cmp dl, 37h
jg short loc_405FD0
mov al, 8
mov bl, 37h
loc_405FD0: ; CODE XREF: sub_405F99+2C�j
; sub_405F99+31�j
and dl, 0DFh
cmp dl, 58h
jnz short loc_405FDB
mov al, 10h
inc ecx
loc_405FDB: ; CODE XREF: sub_405F99+24�j
; sub_405F99+3D�j ...
movsx edx, byte ptr [ecx]
inc ecx
cmp edx, 30h
jl short loc_405FF0
movsx esi, bl
cmp edx, esi
jg short loc_405FF0
sub edx, 30h
jmp short loc_406009
; ---------------------------------------------------------------------------
loc_405FF0: ; CODE XREF: sub_405F99+49�j
; sub_405F99+50�j
cmp al, 10h
jnz short loc_406015
mov esi, edx
and esi, 0FFFFFFDFh
cmp esi, 41h
jl short loc_406015
cmp esi, 46h
jg short loc_406015
and edx, 7
add edx, 9
loc_406009: ; CODE XREF: sub_405F99+55�j
movsx esi, al
imul esi, edi
add esi, edx
mov edi, esi
jmp short loc_405FDB
; ---------------------------------------------------------------------------
loc_406015: ; CODE XREF: sub_405F99+59�j
; sub_405F99+63�j ...
mov eax, [ebp+var_4]
imul eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
sub_405F99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406022 proc near ; CODE XREF: sub_40161F+276�p
; sub_40161F+2F8�p ...
jmp ds:dword_4090E0
sub_406022 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406028 proc near ; CODE XREF: sub_40161F+2FE�p
; sub_40161F+308�p ...
jmp ds:dword_409100
sub_406028 endp
; =============== S U B R O U T I N E =======================================
sub_40602E proc near ; CODE XREF: sub_401508+2F�p
; sub_40161F+556�p ...
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, ds:dword_4091A4
push esi
mov esi, [esp+0Ch+arg_0]
push edi
jmp short loc_406043
; ---------------------------------------------------------------------------
loc_40603E: ; CODE XREF: sub_40602E+18�j
push esi
call ebp ; CharNextA
mov esi, eax
loc_406043: ; CODE XREF: sub_40602E+E�j
cmp byte ptr [esi], 20h
jz short loc_40603E
cmp byte ptr [esi], 5Ch
jnz short loc_406062
cmp byte ptr [esi+1], 5Ch
jnz short loc_406062
cmp byte ptr [esi+2], 3Fh
jnz short loc_406062
cmp byte ptr [esi+3], 5Ch
jnz short loc_406062
add esi, 4
loc_406062: ; CODE XREF: sub_40602E+1D�j
; sub_40602E+23�j ...
cmp byte ptr [esi], 0
jz short loc_406073
push esi
call sub_405D5A
test eax, eax
jz short loc_406073
inc esi
inc esi
loc_406073: ; CODE XREF: sub_40602E+37�j
; sub_40602E+41�j
mov ebx, esi
mov edi, esi
xor eax, eax
jmp short loc_4060A6
; ---------------------------------------------------------------------------
loc_40607B: ; CODE XREF: sub_40602E+7C�j
cmp al, 1Fh
jbe short loc_4060A1
push eax
push offset a? ; "*?|<>/\":"
call sub_405D3E
cmp byte ptr [eax], 0
jnz short loc_4060A1
push esi
call ebp ; CharNextA
sub eax, esi
push eax
push esi
push edi
call sub_405E24
push edi
call ebp ; CharNextA
mov edi, eax
loc_4060A1: ; CODE XREF: sub_40602E+4F�j
; sub_40602E+5F�j
push esi
call ebp ; CharNextA
mov esi, eax
loc_4060A6: ; CODE XREF: sub_40602E+4B�j
mov al, [esi]
test al, al
jnz short loc_40607B
mov [edi], al
loc_4060AE: ; CODE XREF: sub_40602E+99�j
push edi
push ebx
call ds:dword_409238 ; CharPrevA
mov edi, eax
mov al, [edi]
cmp al, 20h
jz short loc_4060C2
cmp al, 5Ch
jnz short loc_4060C9
loc_4060C2: ; CODE XREF: sub_40602E+8E�j
cmp ebx, edi
mov byte ptr [edi], 0
jb short loc_4060AE
loc_4060C9: ; CODE XREF: sub_40602E+92�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn 4
sub_40602E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060D2 proc near ; CODE XREF: start+2C0�p sub_406171+16�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
jz short loc_4060F7
mov eax, dword_40D05C
cmp eax, 0FFFFFFFFh
jz short loc_4060EE
push eax
call ds:dword_409084 ; CloseHandle
loc_4060EE: ; CODE XREF: sub_4060D2+13�j
or dword_40D05C, 0FFFFFFFFh
jmp short loc_40616C
; ---------------------------------------------------------------------------
loc_4060F7: ; CODE XREF: sub_4060D2+9�j
cmp dword_431D04, ebx
jz short loc_40616C
cmp byte_433520, bl
jz short loc_406136
cmp dword_40D05C, 0FFFFFFFFh
jnz short loc_40613F
push 4
push 40000000h
push offset byte_433520
call sub_405E44
cmp eax, 0FFFFFFFFh
mov dword_40D05C, eax
jz short loc_40616C
push 2
push ebx
push ebx
push eax
call ds:dword_409158 ; SetFilePointer
loc_406136: ; CODE XREF: sub_4060D2+33�j
cmp dword_40D05C, 0FFFFFFFFh
jz short loc_40616C
loc_40613F: ; CODE XREF: sub_4060D2+3C�j
push esi
push offset asc_409C60 ; "\r\n"
mov esi, offset aDeleteErrorDoe ; "Delete: ERROR -- \"\" does not exist. Ski"...
push esi
call ds:dword_4090A4 ; lstrcatA
push ebx
lea eax, [ebp+arg_0]
push eax
push esi
call ds:dword_409100 ; lstrlenA
push eax
push esi
push dword_40D05C
call ds:dword_409150 ; WriteFile
pop esi
loc_40616C: ; CODE XREF: sub_4060D2+23�j
; sub_4060D2+2B�j ...
pop ebx
pop ebp
retn 4
sub_4060D2 endp
; =============== S U B R O U T I N E =======================================
sub_406171 proc near ; CODE XREF: sub_40161F+68�p
; sub_40161F+84�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
lea eax, [esp+arg_4]
push eax
push [esp+4+arg_0]
push offset aDeleteErrorDoe ; "Delete: ERROR -- \"\" does not exist. Ski"...
call ds:dword_40922C ; wvsprintfA
push 0
call sub_4060D2
retn
sub_406171 endp
; =============== S U B R O U T I N E =======================================
sub_40618D proc near ; CODE XREF: sub_40161F+2A2�p
; sub_40161F+354�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, ds:dword_40906C
push edi
push 8001h
call esi ; SetErrorMode
mov edi, offset dword_42FD78
push edi
push [esp+10h+arg_0]
call ds:dword_409164 ; FindFirstFileA
push 0
mov ebx, eax
call esi ; SetErrorMode
cmp ebx, 0FFFFFFFFh
jz short loc_4061C3
push ebx
call ds:dword_40915C ; FindClose
mov eax, edi
jmp short loc_4061C5
; ---------------------------------------------------------------------------
loc_4061C3: ; CODE XREF: sub_40618D+29�j
xor eax, eax
loc_4061C5: ; CODE XREF: sub_40618D+34�j
pop edi
pop esi
pop ebx
retn 4
sub_40618D endp
; =============== S U B R O U T I N E =======================================
sub_4061CB proc near ; CODE XREF: sub_40161F+549�p
; sub_40161F+1885�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call ds:dword_409100 ; lstrlenA
add eax, esi
push eax
push esi
call ds:dword_409238 ; CharPrevA
cmp byte ptr [eax], 5Ch
jz short loc_4061F2
push offset asc_409580 ; "\\"
push esi
call ds:dword_4090A4 ; lstrcatA
loc_4061F2: ; CODE XREF: sub_4061CB+19�j
mov eax, esi
pop esi
retn 4
sub_4061CB endp
; =============== S U B R O U T I N E =======================================
sub_4061F8 proc near ; CODE XREF: sub_40161F+1805�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_409100 ; lstrlenA
mov esi, ds:dword_409238
add eax, edi
push eax
push edi
call esi ; CharPrevA
test edi, edi
jz short loc_406227
loc_406215: ; CODE XREF: sub_4061F8+2D�j
cmp eax, edi
jbe short loc_406227
mov cl, [eax]
cmp cl, [esp+8+arg_4]
jz short loc_406227
push eax
push edi
call esi ; CharPrevA
jmp short loc_406215
; ---------------------------------------------------------------------------
loc_406227: ; CODE XREF: sub_4061F8+1B�j
; sub_4061F8+1F�j ...
pop edi
pop esi
retn 8
sub_4061F8 endp
; =============== S U B R O U T I N E =======================================
sub_40622C proc near ; CODE XREF: sub_403646+61�p start+383�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call ds:dword_409100 ; lstrlenA
add eax, esi
loc_40623A: ; CODE XREF: sub_40622C+1D�j
cmp byte ptr [eax], 5Ch
jz short loc_40624B
push eax
push esi
call ds:dword_409238 ; CharPrevA
cmp eax, esi
ja short loc_40623A
loc_40624B: ; CODE XREF: sub_40622C+11�j
mov byte ptr [eax], 0
pop esi
retn 4
sub_40622C endp
; =============== S U B R O U T I N E =======================================
sub_406252 proc near ; CODE XREF: start+28D�p
; sub_4044DD+1DA�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, offset dword_42F578
push esi
call ds:dword_4090E0 ; lstrcpyA
push esi
call sub_405D81
test eax, eax
jnz short loc_406271
loc_40626D: ; CODE XREF: sub_406252+2C�j
; sub_406252+31�j
xor eax, eax
jmp short loc_4062C8
; ---------------------------------------------------------------------------
loc_406271: ; CODE XREF: sub_406252+19�j
test byte ptr dword_4341E4, 80h
jz short loc_406285
mov cl, [eax]
test cl, cl
jz short loc_40626D
cmp cl, 5Ch
jz short loc_40626D
loc_406285: ; CODE XREF: sub_406252+26�j
push ebx
mov ebx, ds:dword_409100
push edi
mov edi, eax
sub edi, esi
jmp short loc_4062A8
; ---------------------------------------------------------------------------
loc_406293: ; CODE XREF: sub_406252+5B�j
push esi
call sub_40618D
test eax, eax
jz short loc_4062A2
test byte ptr [eax], 10h
jz short loc_4062CC
loc_4062A2: ; CODE XREF: sub_406252+49�j
push esi
call sub_40622C
loc_4062A8: ; CODE XREF: sub_406252+3F�j
push esi
call ebx ; lstrlenA
cmp eax, edi
jg short loc_406293
push esi
call sub_4061CB
push esi
call ds:dword_40908C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
loc_4062C6: ; CODE XREF: sub_406252+7C�j
pop edi
pop ebx
loc_4062C8: ; CODE XREF: sub_406252+1D�j
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4062CC: ; CODE XREF: sub_406252+4E�j
xor eax, eax
jmp short loc_4062C6
sub_406252 endp
; =============== S U B R O U T I N E =======================================
sub_4062D0 proc near ; CODE XREF: sub_40161F+253�p
; sub_40161F+4F3�p ...
arg_0 = dword ptr 4
push ebp
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call sub_405D81
mov esi, eax
xor ebp, ebp
test esi, esi
jz short loc_406319
push ebx
loc_4062E6: ; CODE XREF: sub_4062D0+46�j
push 5Ch
push esi
call sub_405D3E
mov esi, eax
mov bl, [esi]
push edi
mov byte ptr [esi], 0
call sub_40618D
test eax, eax
jnz short loc_40630B
push eax
push edi
call ds:dword_4090C0 ; CreateDirectoryA
test eax, eax
jmp short loc_40630E
; ---------------------------------------------------------------------------
loc_40630B: ; CODE XREF: sub_4062D0+2D�j
test byte ptr [eax], 10h
loc_40630E: ; CODE XREF: sub_4062D0+39�j
jnz short loc_406311
inc ebp
loc_406311: ; CODE XREF: sub_4062D0:loc_40630E�j
mov [esi], bl
inc esi
test bl, bl
jnz short loc_4062E6
pop ebx
loc_406319: ; CODE XREF: sub_4062D0+13�j
pop edi
xor eax, eax
test ebp, ebp
pop esi
setz al
pop ebp
retn 4
sub_4062D0 endp
; =============== S U B R O U T I N E =======================================
sub_406326 proc near ; CODE XREF: sub_40161F+361�p
; start+367�p ...
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = dword ptr -814h
var_810 = byte ptr -810h
var_800 = byte ptr -800h
var_7FC = byte ptr -7FCh
var_400 = byte ptr -400h
var_3FC = byte ptr -3FCh
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 828h
and [esp+828h+var_828], 0
push ebx
push ebp
push edi
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:dword_409068 ; GetModuleHandleA
mov ebp, [esp+834h+arg_4]
mov edi, [esp+834h+arg_0]
cmp ebp, edi
mov ebx, eax
jz loc_4066AB
push edi
push ebp
call ds:dword_409080 ; lstrcmpiA
test eax, eax
jz loc_4066AB
push esi
mov esi, ds:dword_409100
push edi
call esi ; lstrlenA
cmp byte ptr [eax+edi-1], 5Ch
jnz short loc_40637F
mov [esp+838h+var_828], 1
loc_40637F: ; CODE XREF: sub_406326+4F�j
test ebp, ebp
jz short loc_406395
push ebp
call esi ; lstrlenA
cmp byte ptr [eax+ebp-1], 5Ch
jnz short loc_406395
mov [esp+838h+var_828], 1
loc_406395: ; CODE XREF: sub_406326+5B�j
; sub_406326+65�j
test ebx, ebx
jz short loc_4063B7
push offset aMovefileexa ; "MoveFileExA"
push ebx
call ds:dword_409138 ; GetProcAddress
test eax, eax
jz short loc_4063B7
push 5
push ebp
push edi
call eax
test eax, eax
jnz loc_4066A4
loc_4063B7: ; CODE XREF: sub_406326+71�j
; sub_406326+81�j
mov ebx, 400h
push ebx
mov esi, offset dword_4306B8
push esi
push edi
mov dword_42F978, 4C554Eh
call ds:dword_409098 ; GetShortPathNameA
test eax, eax
jz loc_4066AA
cmp eax, ebx
jg loc_4066AA
mov edi, ds:dword_40923C
push esi
mov ebx, offset dword_42F978
push ebx
push offset aSS_0 ; "%s=%s\r\n"
push offset dword_42FEB8
call edi ; wsprintfA
add esp, 10h
test ebp, ebp
mov [esp+834h+var_820], eax
jz short loc_40643C
push 1
push 0
push ebp
call sub_405E44
push eax
call ds:dword_409084 ; CloseHandle
mov edi, 400h
push edi
push ebx
push ebp
call ds:dword_409098 ; GetShortPathNameA
test eax, eax
jz loc_4066AA
cmp eax, edi
jg loc_4066AA
jmp loc_40651F
; ---------------------------------------------------------------------------
loc_40643C: ; CODE XREF: sub_406326+E0�j
push offset aNul ; "NUL"
push ebx
call ds:dword_4090E0 ; lstrcpyA
cmp [esp+838h+var_828], 0
jz loc_40651F
push 4
push offset dword_409C4C
push 4
push offset aFlags ; "Flags"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_405F25
test eax, eax
jnz loc_40650C
push 104h
lea eax, [esp+83Ch+var_400]
push eax
push 0
call ds:dword_4090BC ; GetModuleFileNameA
mov ebp, ds:dword_409100
mov ebx, esi
push esi
dec ebx
call ebp ; lstrlenA
cmp byte ptr [eax+ebx], 5Ch
jnz short loc_4064A6
push esi
call ebp ; lstrlenA
mov byte ptr [eax+ebx], 0
loc_4064A6: ; CODE XREF: sub_406326+177�j
mov eax, dword_430AB8
inc dword_430AB8
push eax
lea eax, [esp+838h+var_3FC]
push eax
lea eax, [esp+83Ch+var_810]
push offset aS_08ld ; "%s_%08ld"
push eax
call edi ; wsprintfA
push esi
lea eax, [esp+848h+var_7FC]
push offset aCommandCRmdirS ; "command /c rmdir \"%s\""
push eax
call edi ; wsprintfA
add esp, 1Ch
lea eax, [esp+834h+var_7FC]
push eax
call ebp ; lstrlenA
inc eax
push eax
lea eax, [esp+83Ch+var_800]
push eax
push 1
lea eax, [esp+844h+var_814]
push eax
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_405F25
test eax, eax
jz short loc_40651F
push [esp+838h+arg_0]
push offset aErrorCouldNotC ; "ERROR: Could not create set up '%s' for"...
jmp short loc_406518
; ---------------------------------------------------------------------------
loc_40650C: ; CODE XREF: sub_406326+14C�j
push [esp+838h+arg_0]
push offset aErrorCouldNo_0 ; "ERROR: Could not create set up '%s' for"...
loc_406518: ; CODE XREF: sub_406326+1E4�j
call sub_406171
pop ecx
pop ecx
loc_40651F: ; CODE XREF: sub_406326+111�j
; sub_406326+127�j ...
push 3F0h
push esi
call ds:dword_4090D8 ; GetWindowsDirectoryA
push offset aWininit_ini ; "\\wininit.ini"
push esi
call ds:dword_4090A4 ; lstrcatA
xor ebx, ebx
push ebx
push 8000080h
push 4
push ebx
push ebx
push 0C0000000h
push esi
call ds:dword_409104 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [esp+838h+var_820], edi
jz loc_4066A4
push ebx
push edi
call ds:dword_4090B8 ; GetFileSize
mov ebp, [esp+834h+var_820]
mov esi, eax
xor ecx, ecx
push ecx
lea ebx, [esi+ebp]
lea eax, [ebx+0Ah]
push eax
push ecx
push 4
push ecx
push edi
mov [esp+84Ch+var_818], eax
call ds:dword_409118 ; CreateFileMappingA
xor ecx, ecx
cmp eax, ecx
mov [esp+834h+var_824], eax
jz loc_40668C
push ecx
push ecx
push ecx
push 2
push eax
call ds:dword_409114 ; MapViewOfFile
mov edi, eax
test edi, edi
jz loc_40667C
push offset aRename ; "[Rename]\r\n"
push edi
call sub_405DCE
test eax, eax
jnz short loc_4065E0
push offset aRename ; "[Rename]\r\n"
lea eax, [edi+esi]
push eax
call ds:dword_4090E0 ; lstrcpyA
push ebp
add esi, 0Ah
push offset dword_42FEB8
lea eax, [edi+esi]
push eax
call sub_405E24
add esi, ebp
jmp loc_406675
; ---------------------------------------------------------------------------
loc_4065E0: ; CODE XREF: sub_406326+290�j
push offset asc_409C64 ; "\n["
add eax, 0Ah
push eax
call sub_405DCE
test eax, eax
jz short loc_406664
push [esp+834h+var_818]
inc eax
push 40h
mov [esp+83Ch+var_814], eax
mov ebx, eax
call ds:dword_4090F4 ; GlobalAlloc
mov ebp, eax
test ebp, ebp
jz short loc_406649
push offset dword_42FEB8
push ebp
call ds:dword_4090E0 ; lstrcpyA
mov eax, [esp+834h+var_820]
add eax, ebp
add esi, edi
loc_40661F: ; CODE XREF: sub_406326+303�j
cmp ebx, esi
jnb short loc_40662B
mov cl, [ebx]
mov [eax], cl
inc eax
inc ebx
jmp short loc_40661F
; ---------------------------------------------------------------------------
loc_40662B: ; CODE XREF: sub_406326+2FB�j
sub eax, ebp
push eax
push ebp
push [esp+83Ch+var_814]
call sub_405E24
sub ebx, edi
add ebx, [esp+834h+var_820]
push ebp
mov esi, ebx
call ds:dword_409140 ; GlobalFree
jmp short loc_406675
; ---------------------------------------------------------------------------
loc_406649: ; CODE XREF: sub_406326+2E3�j
push edi
call ds:dword_409110 ; UnmapViewOfFile
push [esp+838h+var_828]
mov esi, ds:dword_409084
call esi ; CloseHandle
push [esp+838h+var_820]
call esi ; CloseHandle
jmp short loc_4066AA
; ---------------------------------------------------------------------------
loc_406664: ; CODE XREF: sub_406326+2CA�j
push ebp
push offset dword_42FEB8
lea eax, [edi+esi]
push eax
call sub_405E24
mov esi, ebx
loc_406675: ; CODE XREF: sub_406326+2B5�j
; sub_406326+321�j
push edi
call ds:dword_409110 ; UnmapViewOfFile
loc_40667C: ; CODE XREF: sub_406326+27D�j
push [esp+834h+var_824]
call ds:dword_409084 ; CloseHandle
mov edi, [esp+834h+var_81C]
xor ecx, ecx
loc_40668C: ; CODE XREF: sub_406326+267�j
push ecx
push ecx
push esi
push edi
call ds:dword_409158 ; SetFilePointer
push edi
call ds:dword_40910C ; SetEndOfFile
push edi
call ds:dword_409084 ; CloseHandle
loc_4066A4: ; CODE XREF: sub_406326+8B�j
; sub_406326+232�j
inc dword_434210
loc_4066AA: ; CODE XREF: sub_406326+B0�j
; sub_406326+B8�j ...
pop esi
loc_4066AB: ; CODE XREF: sub_406326+2A�j
; sub_406326+3A�j
pop edi
pop ebp
pop ebx
add esp, 828h
retn 8
sub_406326 endp
; =============== S U B R O U T I N E =======================================
sub_4066B7 proc near ; CODE XREF: sub_4014F2+A�p
; sub_401508+23�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
push ebp
mov ebp, [esp+18h+arg_4]
test ebp, ebp
push esi
jge short loc_4066D5
mov ecx, dword_433968
lea eax, ds:4[ebp*4]
sub ecx, eax
mov ebp, [ecx]
loc_4066D5: ; CODE XREF: sub_4066B7+B�j
mov eax, dword_4341B8
mov ecx, [esp+1Ch+arg_0]
add ebp, eax
mov eax, offset byte_432D20
sub ecx, eax
cmp ecx, 800h
mov esi, eax
jnb short loc_4066FA
mov esi, [esp+1Ch+arg_0]
and [esp+1Ch+arg_0], 0
loc_4066FA: ; CODE XREF: sub_4066B7+38�j
mov dl, [ebp+0]
test dl, dl
jz loc_4068C4
push ebx
push edi
loc_406707: ; CODE XREF: sub_4066B7+205�j
mov ecx, esi
sub ecx, eax
cmp ecx, 400h
jge loc_4068C2
inc ebp
cmp dl, 0FCh
jbe loc_4068A4
movsx eax, byte ptr [ebp+1]
movsx ecx, byte ptr [ebp+0]
mov edi, eax
and edi, 7Fh
mov ebx, ecx
and ebx, 7Fh
shl edi, 7
or edi, ebx
mov ebx, 8000h
mov [esp+24h+var_10], ecx
or ecx, ebx
mov [esp+24h+var_8], eax
or eax, ebx
inc ebp
inc ebp
cmp dl, 0FEh
mov [esp+24h+var_C], ecx
mov [esp+24h+var_4], eax
jnz loc_40684E
xor edi, edi
cmp [esp+24h+var_8], 4
mov [esp+24h+arg_4], edi
mov byte ptr [esi], 0
jnz short loc_406777
push 2
mov [esp+28h+arg_4], offset aMicrosoftInter ; "\\Microsoft\\Internet Explorer\\Quick Laun"...
pop edi
loc_406777: ; CODE XREF: sub_4066B7+B3�j
mov ebx, [esp+24h+var_10]
cmp ebx, 2Bh
jnz short loc_406795
push esi
push offset aCommonfilesdir ; "CommonFilesDir"
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_405EBB
loc_406795: ; CODE XREF: sub_4066B7+C7�j
cmp ebx, 26h
jnz short loc_4067C0
push esi
push offset aProgramfilesdi ; "ProgramFilesDir"
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_405EBB
cmp byte ptr [esi], 0
jnz short loc_406831
push offset aCProgramFiles ; "C:\\Program Files"
push esi
call ds:dword_4090E0 ; lstrcpyA
loc_4067C0: ; CODE XREF: sub_4066B7+E1�j
cmp ebx, 25h
jnz short loc_4067D1
push 400h
push esi
call ds:dword_40911C ; GetSystemDirectoryA
loc_4067D1: ; CODE XREF: sub_4066B7+10C�j
cmp ebx, 24h
jnz short loc_4067E2
push 400h
push esi
call ds:dword_4090D8 ; GetWindowsDirectoryA
loc_4067E2: ; CODE XREF: sub_4066B7+11D�j
cmp byte ptr [esi], 0
jnz short loc_406831
cmp dword_434204, 0
push 4
pop edi
jnz short loc_4067F8
push 2
pop edi
jmp short loc_406831
; ---------------------------------------------------------------------------
loc_4067F8: ; CODE XREF: sub_4066B7+13A�j
; sub_4066B7+17C�j
lea eax, [esp+24h+var_14]
push eax
push [esp+edi*4+28h+var_14]
dec edi
push dword_434180
call ds:dword_40917C ; SHGetSpecialFolderLocation
test eax, eax
jnz short loc_40682E
push esi
push [esp+28h+var_14]
call ds:dword_409184 ; SHGetPathFromIDListA
push [esp+24h+var_14]
mov ebx, eax
call sub_405C4A
test ebx, ebx
jnz short loc_406835
jmp short loc_406831
; ---------------------------------------------------------------------------
loc_40682E: ; CODE XREF: sub_4066B7+159�j
mov byte ptr [esi], 0
loc_406831: ; CODE XREF: sub_4066B7+FB�j
; sub_4066B7+12E�j ...
test edi, edi
jnz short loc_4067F8
loc_406835: ; CODE XREF: sub_4066B7+173�j
cmp byte ptr [esi], 0
jz short loc_406880
cmp [esp+24h+arg_4], 0
jz short loc_406880
push [esp+24h+arg_4]
push esi
call ds:dword_4090A4 ; lstrcatA
jmp short loc_406880
; ---------------------------------------------------------------------------
loc_40684E: ; CODE XREF: sub_4066B7+9F�j
cmp dl, 0FDh
jnz short loc_406891
cmp edi, 1Bh
jnz short loc_406866
push dword_434180
push esi
call sub_405F80
jmp short loc_406878
; ---------------------------------------------------------------------------
loc_406866: ; CODE XREF: sub_4066B7+19F�j
mov eax, edi
shl eax, 0Ah
add eax, offset dword_435000
push eax
push esi
call ds:dword_4090E0 ; lstrcpyA
loc_406878: ; CODE XREF: sub_4066B7+1AD�j
add edi, 0FFFFFFEBh
cmp edi, 6
jnb short loc_406886
loc_406880: ; CODE XREF: sub_4066B7+181�j
; sub_4066B7+188�j ...
push esi
call sub_40602E
loc_406886: ; CODE XREF: sub_4066B7+1C7�j
; sub_4066B7+1EB�j
push esi
call ds:dword_409100 ; lstrlenA
add esi, eax
jmp short loc_4068B2
; ---------------------------------------------------------------------------
loc_406891: ; CODE XREF: sub_4066B7+19A�j
cmp dl, 0FFh
jnz short loc_4068B2
or eax, 0FFFFFFFFh
sub eax, edi
push eax
push esi
call sub_4066B7
jmp short loc_406886
; ---------------------------------------------------------------------------
loc_4068A4: ; CODE XREF: sub_4066B7+64�j
jnz short loc_4068AF
mov al, [ebp+0]
mov [esi], al
inc esi
inc ebp
jmp short loc_4068B2
; ---------------------------------------------------------------------------
loc_4068AF: ; CODE XREF: sub_4066B7:loc_4068A4�j
mov [esi], dl
inc esi
loc_4068B2: ; CODE XREF: sub_4066B7+1D8�j
; sub_4066B7+1DD�j ...
mov dl, [ebp+0]
test dl, dl
mov eax, offset byte_432D20
jnz loc_406707
loc_4068C2: ; CODE XREF: sub_4066B7+5A�j
pop edi
pop ebx
loc_4068C4: ; CODE XREF: sub_4066B7+48�j
cmp [esp+1Ch+arg_0], 0
mov byte ptr [esi], 0
pop esi
pop ebp
jz short loc_4068E0
push 400h
push eax
push [esp+1Ch+arg_0]
call ds:dword_4090D0 ; lstrcpynA
loc_4068E0: ; CODE XREF: sub_4066B7+217�j
add esp, 14h
retn 8
sub_4066B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068E6 proc near ; CODE XREF: sub_40161F+79F�p
; sub_403926+1F�p ...
var_144 = dword ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 144h
push ebx
mov ebx, [ebp+arg_0]
push ebx
call sub_406252
push ebx
mov [ebp+var_4], eax
call sub_40618D
test eax, eax
jnz short loc_406918
push ebx
push offset aDeleteErrorSDo ; "Delete: ERROR -- \"%s\" does not exist. S"...
call sub_406171
pop ecx
pop ecx
jmp loc_406AF2
; ---------------------------------------------------------------------------
loc_406918: ; CODE XREF: sub_4068E6+1E�j
mov eax, [ebp+arg_4]
test al, 8
jz short loc_406936
push ebx
call ds:dword_409134 ; DeleteFileA
neg eax
sbb eax, eax
inc eax
add dword_434208, eax
jmp loc_406AF2
; ---------------------------------------------------------------------------
loc_406936: ; CODE XREF: sub_4068E6+37�j
mov [ebp+arg_0], eax
and [ebp+arg_0], 1
push esi
jz short loc_406952
cmp [ebp+var_4], 0
jz loc_406AF1
test al, 2
jz loc_406A88
loc_406952: ; CODE XREF: sub_4068E6+58�j
push edi
push ebx
mov esi, offset dword_4302B8
push esi
call ds:dword_4090E0 ; lstrcpyA
cmp [ebp+arg_0], 0
mov edi, ds:dword_4090A4
jz short loc_406976
push offset a_ ; "\\*.*"
push esi
call edi ; lstrcatA
jmp short loc_40697C
; ---------------------------------------------------------------------------
loc_406976: ; CODE XREF: sub_4068E6+84�j
push ebx
call sub_40622C
loc_40697C: ; CODE XREF: sub_4068E6+8E�j
push offset asc_409580 ; "\\"
push ebx
call edi ; lstrcatA
push ebx
call ds:dword_409100 ; lstrlenA
mov edi, eax
lea eax, [ebp+var_144]
push eax
push esi
add edi, ebx
call ds:dword_409164 ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_406A7D
loc_4069A8: ; CODE XREF: sub_4068E6+18A�j
cmp [ebp+var_118], 2Eh
jnz short loc_4069CB
cmp [ebp+var_117], 2Eh
jz loc_406A60
cmp [ebp+var_117], 0
jz loc_406A60
loc_4069CB: ; CODE XREF: sub_4068E6+C9�j
lea eax, [ebp+var_118]
push eax
push edi
call ds:dword_4090E0 ; lstrcpyA
test byte ptr [ebp+var_144], 10h
jz short loc_4069F7
mov eax, [ebp+arg_4]
and eax, 3
cmp al, 3
jnz short loc_406A60
push [ebp+arg_4]
push ebx
call sub_4068E6
jmp short loc_406A60
; ---------------------------------------------------------------------------
loc_4069F7: ; CODE XREF: sub_4068E6+FA�j
push ebx
push offset aDeleteDeletefi ; "Delete: DeleteFile(\"%s\")"
call sub_406171
mov eax, [ebp+var_144]
pop ecx
pop ecx
and eax, 0FFFFFFFEh
push eax
push ebx
call ds:dword_4090AC ; SetFileAttributesA
push ebx
call ds:dword_409134 ; DeleteFileA
test eax, eax
push ebx
jnz short loc_406A59
test byte ptr [ebp+arg_4], 4
jz short loc_406A45
push offset aDeleteDelete_0 ; "Delete: DeleteFile on Reboot(\"%s\")"
call sub_406171
pop ecx
pop ecx
push ebx
push 0FFFFFFF1h
call sub_405013
push 0
push ebx
call sub_406326
jmp short loc_406A60
; ---------------------------------------------------------------------------
loc_406A45: ; CODE XREF: sub_4068E6+13F�j
push offset aDeleteDelete_1 ; "Delete: DeleteFile failed(\"%s\")"
call sub_406171
inc dword_434208
pop ecx
pop ecx
jmp short loc_406A60
; ---------------------------------------------------------------------------
loc_406A59: ; CODE XREF: sub_4068E6+139�j
push 0FFFFFFF2h
call sub_405013
loc_406A60: ; CODE XREF: sub_4068E6+D2�j
; sub_4068E6+DF�j ...
lea eax, [ebp+var_144]
push eax
push esi
call ds:dword_409160 ; FindNextFileA
test eax, eax
jnz loc_4069A8
push esi
call ds:dword_40915C ; FindClose
loc_406A7D: ; CODE XREF: sub_4068E6+BC�j
cmp [ebp+arg_0], 0
jz short loc_406A87
mov byte ptr [edi-1], 0
loc_406A87: ; CODE XREF: sub_4068E6+19B�j
pop edi
loc_406A88: ; CODE XREF: sub_4068E6+66�j
xor esi, esi
cmp [ebp+var_4], esi
jz short loc_406AF1
cmp [ebp+arg_0], esi
jz short loc_406AF1
push ebx
call sub_4061CB
push ebx
push offset aRmdirRemovedir ; "RMDir: RemoveDirectory(\"%s\")"
call sub_406171
pop ecx
pop ecx
push ebx
call ds:dword_409120 ; RemoveDirectoryA
test eax, eax
push ebx
jnz short loc_406AEA
test byte ptr [ebp+arg_4], 4
jz short loc_406AD6
push offset aRmdirRemoved_0 ; "RMDir: RemoveDirectory on Reboot(\"%s\")"
call sub_406171
pop ecx
pop ecx
push ebx
push 0FFFFFFF1h
call sub_405013
push esi
push ebx
call sub_406326
jmp short loc_406AF1
; ---------------------------------------------------------------------------
loc_406AD6: ; CODE XREF: sub_4068E6+1D1�j
push offset aRmdirRemoved_1 ; "RMDir: RemoveDirectory failed(\"%s\")"
call sub_406171
inc dword_434208
pop ecx
pop ecx
jmp short loc_406AF1
; ---------------------------------------------------------------------------
loc_406AEA: ; CODE XREF: sub_4068E6+1CB�j
push 0FFFFFFE5h
call sub_405013
loc_406AF1: ; CODE XREF: sub_4068E6+5E�j
; sub_4068E6+1A7�j ...
pop esi
loc_406AF2: ; CODE XREF: sub_4068E6+2D�j
; sub_4068E6+4B�j
pop ebx
leave
retn 8
sub_4068E6 endp
; =============== S U B R O U T I N E =======================================
sub_406AF7 proc near ; CODE XREF: sub_406E81+F8�p
; sub_406E81+296�p ...
push ebx
push edi
mov edi, [esi+9BB4h]
loc_406AFF: ; CODE XREF: sub_406AF7+4D�j
; sub_406AF7+55�j
mov ebx, [esi+9BB8h]
cmp edi, ebx
jbe short loc_406B0F
mov ebx, [esi+9BB0h]
loc_406B0F: ; CODE XREF: sub_406AF7+10�j
mov eax, [esi+0Ch]
sub ebx, edi
cmp ebx, eax
jb short loc_406B1A
mov ebx, eax
loc_406B1A: ; CODE XREF: sub_406AF7+1F�j
push ebx
push edi
push dword ptr [esi+8]
sub eax, ebx
mov [esi+0Ch], eax
call sub_405E24
add [esi+8], ebx
mov eax, [esi+9BB0h]
add edi, ebx
cmp edi, eax
jnz short loc_406B4E
cmp [esi+9BB8h], eax
lea edi, [esi+1BB0h]
jnz short loc_406AFF
mov [esi+9BB8h], edi
jmp short loc_406AFF
; ---------------------------------------------------------------------------
loc_406B4E: ; CODE XREF: sub_406AF7+3F�j
mov [esi+9BB4h], edi
pop edi
pop ebx
retn
sub_406AF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_406B57 proc near ; CODE XREF: sub_406E81+17D�p
; sub_406E81+1AE�p ...
var_F0 = dword ptr -0F0h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
lea ebp, [esp-58h]
sub esp, 0F0h
push esi
push edi
push 10h
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+58h+var_74]
rep stosd
mov edi, [ebp+58h+arg_4]
mov ecx, [ebp+58h+arg_0]
mov edx, edi
loc_406B78: ; CODE XREF: sub_406B57+2D�j
mov eax, [ecx]
lea eax, [ebp+eax*4+58h+var_74]
inc dword ptr [eax]
add ecx, 4
dec edx
jnz short loc_406B78
cmp [ebp+58h+var_74], edi
jnz short loc_406B9B
mov eax, [ebp+58h+arg_14]
and dword ptr [eax], 0
and dword ptr [esi], 0
xor eax, eax
jmp loc_406E78
; ---------------------------------------------------------------------------
loc_406B9B: ; CODE XREF: sub_406B57+32�j
mov edx, [esi]
push 0Fh
xor edi, edi
inc edi
pop eax
mov [ebp+58h+var_4], edx
mov ecx, edi
push ebx
loc_406BA9: ; CODE XREF: sub_406B57+5D�j
xor ebx, ebx
cmp [ebp+ecx*4+58h+var_74], ebx
jnz short loc_406BB6
inc ecx
cmp ecx, eax
jbe short loc_406BA9
loc_406BB6: ; CODE XREF: sub_406B57+58�j
cmp edx, ecx
mov [ebp+58h+var_8], ecx
jnb short loc_406BC0
mov [ebp+58h+var_4], ecx
loc_406BC0: ; CODE XREF: sub_406B57+64�j
; sub_406B57+70�j
cmp [ebp+eax*4+58h+var_74], ebx
jnz short loc_406BC9
dec eax
jnz short loc_406BC0
loc_406BC9: ; CODE XREF: sub_406B57+6D�j
cmp [ebp+58h+var_4], eax
mov [ebp+58h+var_18], eax
jbe short loc_406BD4
mov [ebp+58h+var_4], eax
loc_406BD4: ; CODE XREF: sub_406B57+78�j
mov edx, [ebp+58h+var_4]
mov [esi], edx
shl edi, cl
jmp short loc_406BEA
; ---------------------------------------------------------------------------
loc_406BDD: ; CODE XREF: sub_406B57+95�j
sub edi, [ebp+ecx*4+58h+var_74]
js loc_406E70
inc ecx
shl edi, 1
loc_406BEA: ; CODE XREF: sub_406B57+84�j
cmp ecx, eax
jb short loc_406BDD
mov edx, eax
shl edx, 2
lea ecx, [ebp+edx+58h+var_74]
mov esi, [ecx]
sub edi, esi
mov [ebp+58h+var_34], edi
js loc_406E70
add esi, edi
mov [ecx], esi
xor ecx, ecx
dec eax
mov [ebp+58h+var_B0], ebx
jz short loc_406C20
xor esi, esi
loc_406C12: ; CODE XREF: sub_406B57+C7�j
add ecx, [ebp+esi+58h+var_70]
add esi, 4
dec eax
mov [ebp+esi+58h+var_B0], ecx
jnz short loc_406C12
loc_406C20: ; CODE XREF: sub_406B57+B7�j
mov ebx, [ebp+58h+arg_0]
xor esi, esi
loc_406C25: ; CODE XREF: sub_406B57+EB�j
mov eax, [ebx]
add ebx, 4
test eax, eax
jz short loc_406C3E
lea eax, [ebp+eax*4+58h+var_B4]
mov ecx, [eax]
mov dword_430AC8[ecx*4], esi
inc ecx
mov [eax], ecx
loc_406C3E: ; CODE XREF: sub_406B57+D5�j
inc esi
cmp esi, [ebp+58h+arg_4]
jb short loc_406C25
mov eax, [ebp+edx+58h+var_B4]
mov ecx, [ebp+58h+var_8]
or [ebp+58h+var_10], 0FFFFFFFFh
mov [ebp+58h+arg_4], eax
mov eax, [ebp+58h+var_4]
xor ebx, ebx
neg eax
cmp ecx, [ebp+58h+var_18]
mov [ebp+58h+var_C], ebx
mov [ebp+58h+var_B4], ebx
mov [ebp+58h+var_20], offset dword_430AC8
mov [ebp+58h+var_F0], ebx
mov [ebp+58h+var_30], ebx
jg loc_406E66
lea edx, [ecx-1]
lea ecx, [ebp+ecx*4+58h+var_74]
mov [ebp+58h+var_28], edx
mov [ebp+58h+var_24], ecx
loc_406C85: ; CODE XREF: sub_406B57+309�j
mov ecx, [ebp+58h+var_24]
mov esi, [ecx]
test esi, esi
jz loc_406E50
jmp short loc_406C97
; ---------------------------------------------------------------------------
loc_406C94: ; CODE XREF: sub_406B57+2F3�j
mov esi, [ebp+58h+var_2C]
loc_406C97: ; CODE XREF: sub_406B57+13B�j
mov ecx, [ebp+58h+var_4]
add ecx, eax
dec esi
cmp [ebp+58h+var_8], ecx
mov [ebp+58h+var_2C], esi
mov [ebp+58h+var_1C], ecx
jle loc_406D78
inc esi
mov [ebp+58h+var_14], esi
loc_406CB0: ; CODE XREF: sub_406B57+218�j
mov esi, [ebp+58h+var_18]
sub esi, [ebp+58h+var_1C]
inc [ebp+58h+var_10]
cmp esi, [ebp+58h+var_4]
jbe short loc_406CC1
mov esi, [ebp+58h+var_4]
loc_406CC1: ; CODE XREF: sub_406B57+165�j
mov ecx, [ebp+58h+var_8]
sub ecx, [ebp+58h+var_1C]
xor edx, edx
inc edx
shl edx, cl
cmp edx, [ebp+58h+var_14]
jbe short loc_406CF4
mov ebx, [ebp+58h+var_24]
or edi, 0FFFFFFFFh
sub edi, [ebp+58h+var_2C]
add edx, edi
cmp ecx, esi
jnb short loc_406CF4
jmp short loc_406CEF
; ---------------------------------------------------------------------------
loc_406CE2: ; CODE XREF: sub_406B57+19B�j
add ebx, 4
mov edi, [ebx]
shl edx, 1
cmp edx, edi
jbe short loc_406CF4
sub edx, edi
loc_406CEF: ; CODE XREF: sub_406B57+189�j
inc ecx
cmp ecx, esi
jb short loc_406CE2
loc_406CF4: ; CODE XREF: sub_406B57+178�j
; sub_406B57+187�j ...
mov edx, [ebp+58h+arg_1C]
mov edx, [edx]
xor esi, esi
inc esi
shl esi, cl
lea edi, [edx+esi]
cmp edi, 5A0h
mov [ebp+58h+var_30], esi
ja loc_406E70
mov esi, [ebp+58h+arg_18]
lea ebx, [esi+edx*4]
mov edx, [ebp+58h+arg_1C]
mov esi, [ebp+58h+var_10]
mov [edx], edi
mov edx, [ebp+58h+var_10]
test edx, edx
lea esi, [ebp+esi*4+58h+var_F0]
mov [esi], ebx
jz short loc_406D5C
mov edi, [ebp+58h+var_C]
mov esi, [esi-4]
mov [ebp+edx*4+58h+var_B4], edi
mov dl, byte ptr [ebp+58h+var_4]
mov byte ptr [ebp+58h+arg_0+1], dl
mov byte ptr [ebp+58h+arg_0], cl
mov ecx, eax
mov edx, edi
shr edx, cl
mov eax, ebx
sub eax, esi
sar eax, 2
sub eax, edx
mov word ptr [ebp+58h+arg_0+2], ax
mov eax, [ebp+58h+arg_0]
mov [esi+edx*4], eax
jmp short loc_406D61
; ---------------------------------------------------------------------------
loc_406D5C: ; CODE XREF: sub_406B57+1D5�j
mov eax, [ebp+58h+arg_14]
mov [eax], ebx
loc_406D61: ; CODE XREF: sub_406B57+203�j
mov ecx, [ebp+58h+var_1C]
mov eax, ecx
add ecx, [ebp+58h+var_4]
cmp [ebp+58h+var_8], ecx
mov [ebp+58h+var_1C], ecx
jg loc_406CB0
mov edi, [ebp+58h+var_34]
loc_406D78: ; CODE XREF: sub_406B57+14F�j
mov cl, byte ptr [ebp+58h+var_8]
mov esi, [ebp+58h+var_20]
sub cl, al
mov byte ptr [ebp+58h+arg_0+1], cl
mov ecx, [ebp+58h+arg_4]
lea ecx, ds:430AC8h[ecx*4]
cmp esi, ecx
jb short loc_406D97
mov byte ptr [ebp+58h+arg_0], 0C0h
jmp short loc_406DDD
; ---------------------------------------------------------------------------
loc_406D97: ; CODE XREF: sub_406B57+238�j
mov ecx, [esi]
cmp ecx, [ebp+58h+arg_8]
jnb short loc_406DBA
cmp ecx, 100h
setb cl
dec cl
and ecx, 60h
mov byte ptr [ebp+58h+arg_0], cl
mov cx, [esi]
add esi, 4
mov [ebp+58h+var_20], esi
jmp short loc_406DD9
; ---------------------------------------------------------------------------
loc_406DBA: ; CODE XREF: sub_406B57+245�j
sub ecx, [ebp+58h+arg_8]
mov edx, [ebp+58h+arg_10]
mov edi, [ebp+58h+var_34]
shl ecx, 1
mov dl, [ecx+edx]
add dl, 50h
add [ebp+58h+var_20], 4
mov byte ptr [ebp+58h+arg_0], dl
mov edx, [ebp+58h+arg_C]
mov cx, [ecx+edx]
loc_406DD9: ; CODE XREF: sub_406B57+261�j
mov word ptr [ebp+58h+arg_0+2], cx
loc_406DDD: ; CODE XREF: sub_406B57+23E�j
mov ecx, [ebp+58h+var_8]
mov edx, [ebp+58h+var_C]
xor esi, esi
sub ecx, eax
inc esi
shl esi, cl
mov ecx, eax
shr edx, cl
jmp short loc_406DF8
; ---------------------------------------------------------------------------
loc_406DF0: ; CODE XREF: sub_406B57+2A4�j
mov ecx, [ebp+58h+arg_0]
mov [ebx+edx*4], ecx
add edx, esi
loc_406DF8: ; CODE XREF: sub_406B57+297�j
cmp edx, [ebp+58h+var_30]
jb short loc_406DF0
mov ecx, [ebp+58h+var_28]
mov esi, [ebp+58h+var_C]
xor edx, edx
inc edx
shl edx, cl
jmp short loc_406E0E
; ---------------------------------------------------------------------------
loc_406E0A: ; CODE XREF: sub_406B57+2B9�j
xor esi, edx
shr edx, 1
loc_406E0E: ; CODE XREF: sub_406B57+2B1�j
test edx, esi
jnz short loc_406E0A
xor ecx, ecx
inc ecx
xor esi, edx
mov edx, ecx
mov ecx, eax
shl edx, cl
mov [ebp+58h+var_C], esi
dec edx
and edx, esi
mov ecx, edx
mov edx, [ebp+58h+var_10]
cmp ecx, [ebp+edx*4+58h+var_B4]
jz short loc_406E46
loc_406E2E: ; CODE XREF: sub_406B57+2EA�j
sub eax, [ebp+58h+var_4]
xor esi, esi
inc esi
mov ecx, eax
shl esi, cl
dec edx
dec esi
and esi, [ebp+58h+var_C]
cmp esi, [ebp+edx*4+58h+var_B4]
jnz short loc_406E2E
mov [ebp+58h+var_10], edx
loc_406E46: ; CODE XREF: sub_406B57+2D5�j
cmp [ebp+58h+var_2C], 0
jnz loc_406C94
loc_406E50: ; CODE XREF: sub_406B57+135�j
inc [ebp+58h+var_8]
add [ebp+58h+var_24], 4
mov ecx, [ebp+58h+var_8]
inc [ebp+58h+var_28]
cmp ecx, [ebp+58h+var_18]
jle loc_406C85
loc_406E66: ; CODE XREF: sub_406B57+11B�j
test edi, edi
jz short loc_406E75
cmp [ebp+58h+var_18], 1
jz short loc_406E75
loc_406E70: ; CODE XREF: sub_406B57+8A�j
; sub_406B57+A7�j ...
or eax, 0FFFFFFFFh
jmp short loc_406E77
; ---------------------------------------------------------------------------
loc_406E75: ; CODE XREF: sub_406B57+311�j
; sub_406B57+317�j
xor eax, eax
loc_406E77: ; CODE XREF: sub_406B57+31C�j
pop ebx
loc_406E78: ; CODE XREF: sub_406B57+3F�j
pop edi
pop esi
add ebp, 58h
leave
retn 20h
sub_406B57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E81 proc near ; CODE XREF: sub_403412+FA�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ebx
lea ebx, [eax+10h]
mov eax, [eax+4]
mov [ebp+var_30], eax
mov eax, [ebx+51Ch]
mov [ebp+var_3C], eax
mov eax, [ebx+518h]
mov [ebp+var_34], ecx
mov ecx, [ebx+9BA8h]
mov [ebp+var_38], eax
mov eax, [ebx+9BA4h]
cmp ecx, eax
push esi
push edi
mov [ebp+var_2C], ecx
jnb short loc_406EC5
sub eax, ecx
dec eax
jmp short loc_406ECD
; ---------------------------------------------------------------------------
loc_406EC5: ; CODE XREF: sub_406E81+3D�j
mov eax, [ebx+9BA0h]
sub eax, ecx
loc_406ECD: ; CODE XREF: sub_406E81+42�j
mov [ebp+var_28], eax
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_406ED5: ; CODE XREF: sub_406E81+A66�j
jmp ds:off_40793F[eax*4]
loc_406EDC: ; DATA XREF: .text:0040795F�o
mov esi, [ebp+var_38]
jmp short loc_406F02
; ---------------------------------------------------------------------------
loc_406EE1: ; CODE XREF: sub_406E81+84�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
mov ecx, esi
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add esi, 8
loc_406F02: ; CODE XREF: sub_406E81+5E�j
cmp esi, 3
jb short loc_406EE1
mov eax, [ebp+var_3C]
shr [ebp+var_3C], 3
and eax, 7
mov ecx, eax
and cl, 1
sub esi, 3
neg cl
mov [ebp+var_38], esi
sbb ecx, ecx
and ecx, 7
add ecx, 8
shr eax, 1
sub eax, 0
mov [ebx+514h], ecx
jz loc_407063
dec eax
jz short loc_406F92
dec eax
jz short loc_406F87
dec eax
jnz loc_4078E2
loc_406F44: ; CODE XREF: sub_406E81:loc_406ED5�j
; sub_406E81+374�j ...
or edi, 0FFFFFFFFh
mov dword ptr [ebx], 11h
loc_406F4D: ; CODE XREF: sub_406E81+AB1�j
; sub_406E81+AB9�j
mov eax, [ebp+var_3C]
mov ecx, [ebp+arg_0]
mov [ebx+51Ch], eax
mov eax, [ebp+var_38]
mov [ebx+518h], eax
mov eax, [ebp+var_30]
mov [ecx+4], eax
loc_406F68: ; CODE XREF: sub_406E81+AAA�j
mov eax, [ebp+var_34]
mov esi, [ebp+arg_0]
mov [esi], eax
mov eax, [ebp+var_2C]
mov [ebx+9BA8h], eax
call sub_406AF7
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_406F87: ; CODE XREF: sub_406E81+BA�j
mov dword ptr [ebx], 0Bh
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_406F92: ; CODE XREF: sub_406E81+B7�j
cmp byte_431C4C, 0
jnz loc_40703B
and [ebp+var_4], 0
mov esi, offset dword_430F48
mov eax, esi
loc_406FAA: ; CODE XREF: sub_406E81+153�j
cmp eax, offset dword_431184
mov cl, 8
jle short loc_406FC7
cmp eax, offset dword_431348
jge short loc_406FBE
inc cl
jmp short loc_406FC7
; ---------------------------------------------------------------------------
loc_406FBE: ; CODE XREF: sub_406E81+137�j
cmp eax, offset dword_4313A8
jge short loc_406FC7
mov cl, 7
loc_406FC7: ; CODE XREF: sub_406E81+130�j
; sub_406E81+13B�j ...
movsx ecx, cl
mov [eax], ecx
add eax, 4
cmp eax, offset dword_4313C8
jl short loc_406FAA
lea eax, [ebp+var_4]
push eax
push offset dword_4313C8
push offset dword_430AC0
push offset dword_409FA4
push offset dword_409F64
push 101h
push 120h
push esi
mov eax, offset byte_40D084
call sub_406B57
push 1Eh
pop ecx
push 5
pop eax
mov edi, esi
rep stosd
lea eax, [ebp+var_4]
push eax
push offset dword_4313C8
push offset dword_431C48
push offset dword_40A020
push offset dword_409FE4
push 0
push 1Eh
push esi
mov eax, offset byte_40D088
call sub_406B57
mov byte_431C4C, 1
loc_40703B: ; CODE XREF: sub_406E81+118�j
mov al, byte_40D084
mov [ebx+10h], al
mov al, byte_40D088
mov [ebx+11h], al
mov eax, dword_430AC0
mov [ebx+14h], eax
mov eax, dword_431C48
mov [ebx+18h], eax
loc_40705B: ; CODE XREF: sub_406E81+87E�j
; sub_406E81+950�j ...
and dword ptr [ebx], 0
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407063: ; CODE XREF: sub_406E81+B0�j
mov ecx, esi
and ecx, 7
shr [ebp+var_3C], cl
sub esi, ecx
mov [ebp+var_38], esi
mov dword ptr [ebx], 9
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_40707B: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407963�o
mov ecx, [ebp+var_38]
xor edi, edi
loc_407080: ; CODE XREF: sub_406E81+221�j
cmp ecx, 10h
jnb short loc_4070A4
cmp [ebp+var_30], edi
jz loc_4078F2
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add ecx, 8
jmp short loc_407080
; ---------------------------------------------------------------------------
loc_4070A4: ; CODE XREF: sub_406E81+202�j
mov eax, [ebp+var_3C]
and eax, 0FFFFh
cmp eax, edi
mov [ebx+4], eax
mov [ebp+var_38], edi
mov [ebp+var_3C], edi
jz loc_4071A7
push 0Ah
pop eax
jmp loc_4071AD
; ---------------------------------------------------------------------------
loc_4070C5: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407967�o
xor edi, edi
cmp [ebp+var_30], edi
jz loc_4078FA
cmp [ebp+var_28], edi
jnz loc_407170
mov ecx, [ebx+9BA0h]
cmp [ebp+var_2C], ecx
jnz short loc_40710B
mov eax, [ebx+9BA4h]
lea edx, [ebx+1BA0h]
cmp edx, eax
jz short loc_40710B
mov [ebp+var_2C], edx
jnb short loc_407101
sub eax, edx
dec eax
mov [ebp+var_28], eax
jmp short loc_407106
; ---------------------------------------------------------------------------
loc_407101: ; CODE XREF: sub_406E81+276�j
sub ecx, edx
mov [ebp+var_28], ecx
loc_407106: ; CODE XREF: sub_406E81+27E�j
cmp [ebp+var_28], edi
jnz short loc_407170
loc_40710B: ; CODE XREF: sub_406E81+261�j
; sub_406E81+271�j
mov eax, [ebp+var_2C]
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov esi, [ebx+9BA8h]
mov ecx, [ebx+9BA4h]
cmp esi, ecx
mov [ebp+var_2C], esi
jnb short loc_407136
mov eax, ecx
sub eax, esi
dec eax
jmp short loc_40713E
; ---------------------------------------------------------------------------
loc_407136: ; CODE XREF: sub_406E81+2AC�j
mov eax, [ebx+9BA0h]
sub eax, esi
loc_40713E: ; CODE XREF: sub_406E81+2B3�j
mov edx, [ebx+9BA0h]
cmp esi, edx
mov [ebp+var_28], eax
jnz short loc_407168
lea esi, [ebx+1BA0h]
cmp esi, ecx
jz short loc_407168
mov [ebp+var_2C], esi
jnb short loc_407161
sub ecx, esi
dec ecx
mov eax, ecx
jmp short loc_407165
; ---------------------------------------------------------------------------
loc_407161: ; CODE XREF: sub_406E81+2D7�j
sub edx, esi
mov eax, edx
loc_407165: ; CODE XREF: sub_406E81+2DE�j
mov [ebp+var_28], eax
loc_407168: ; CODE XREF: sub_406E81+2C8�j
; sub_406E81+2D2�j
test eax, eax
jz loc_407930
loc_407170: ; CODE XREF: sub_406E81+252�j
; sub_406E81+288�j
mov eax, [ebp+var_28]
cmp eax, [ebp+var_30]
mov esi, eax
jb short loc_40717D
mov esi, [ebp+var_30]
loc_40717D: ; CODE XREF: sub_406E81+2F7�j
mov eax, [ebx+4]
cmp eax, esi
jnb short loc_407186
mov esi, eax
loc_407186: ; CODE XREF: sub_406E81+301�j
push esi
push [ebp+var_34]
push [ebp+var_2C]
call sub_405E24
add [ebp+var_34], esi
sub [ebp+var_30], esi
add [ebp+var_2C], esi
sub [ebp+var_28], esi
sub [ebx+4], esi
jnz loc_4078E2
loc_4071A7: ; CODE XREF: sub_406E81+236�j
mov eax, [ebx+514h]
loc_4071AD: ; CODE XREF: sub_406E81+23F�j
mov [ebx], eax
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_4071B4: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040796B�o
mov esi, [ebp+var_38]
jmp short loc_4071DD
; ---------------------------------------------------------------------------
loc_4071B9: ; CODE XREF: sub_406E81+35F�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
mov ecx, esi
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add esi, 8
mov [ebp+var_38], esi
loc_4071DD: ; CODE XREF: sub_406E81+336�j
cmp esi, 0Eh
jb short loc_4071B9
mov eax, [ebp+var_3C]
and eax, 3FFFh
mov ecx, eax
and ecx, 1Fh
cmp cl, 1Dh
mov [ebx+4], eax
ja loc_406F44
and eax, 3E0h
cmp eax, 3A0h
ja loc_406F44
shr [ebp+var_3C], 0Eh
sub esi, 0Eh
and dword ptr [ebx+8], 0
mov dword ptr [ebx], 0Ch
jmp short loc_407267
; ---------------------------------------------------------------------------
loc_40721E: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040796F�o
mov esi, [ebp+var_38]
jmp short loc_40726A
; ---------------------------------------------------------------------------
loc_407223: ; CODE XREF: sub_406E81+3C6�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
mov ecx, esi
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add esi, 8
loc_407244: ; CODE XREF: sub_406E81+3F5�j
cmp esi, 3
jb short loc_407223
mov ecx, [ebx+8]
mov eax, [ebp+var_3C]
movsx ecx, ds:byte_409F50[ecx]
shr [ebp+var_3C], 3
and eax, 7
mov [ebx+ecx*4+0Ch], eax
inc dword ptr [ebx+8]
sub esi, 3
loc_407267: ; CODE XREF: sub_406E81+39B�j
mov [ebp+var_38], esi
loc_40726A: ; CODE XREF: sub_406E81+3A0�j
mov eax, [ebx+4]
shr eax, 0Ah
add eax, 4
cmp [ebx+8], eax
jb short loc_407244
push 13h
pop ecx
jmp short loc_40728F
; ---------------------------------------------------------------------------
loc_40727D: ; CODE XREF: sub_406E81+411�j
mov eax, [ebx+8]
movsx eax, ds:byte_409F50[eax]
and dword ptr [ebx+eax*4+0Ch], 0
inc dword ptr [ebx+8]
loc_40728F: ; CODE XREF: sub_406E81+3FA�j
cmp [ebx+8], ecx
jb short loc_40727D
lea edx, [ebp+var_C]
push edx
lea edx, [ebx+520h]
push edx
xor eax, eax
lea edx, [ebx+510h]
push edx
push eax
push eax
push ecx
mov [ebp+var_C], eax
push ecx
lea eax, [ebx+0Ch]
lea edi, [ebx+50Ch]
push eax
mov eax, edi
mov dword ptr [edi], 7
call sub_406B57
test eax, eax
jnz short loc_4072DC
cmp [edi], eax
jz short loc_4072DC
and [ebx+8], eax
mov dword ptr [ebx], 0Dh
jmp loc_407409
; ---------------------------------------------------------------------------
loc_4072DC: ; CODE XREF: sub_406E81+447�j
; sub_406E81+44B�j
mov dword ptr [ebx], 11h
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_4072E7: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407973�o
mov esi, [ebp+var_38]
jmp loc_407409
; ---------------------------------------------------------------------------
loc_4072EF: ; CODE XREF: sub_406E81+5A0�j
mov eax, [ebx+50Ch]
jmp short loc_407318
; ---------------------------------------------------------------------------
loc_4072F7: ; CODE XREF: sub_406E81+499�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov ecx, [ebp+var_34]
movzx edx, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, esi
shl edx, cl
or [ebp+var_3C], edx
inc [ebp+var_34]
add esi, 8
loc_407318: ; CODE XREF: sub_406E81+474�j
cmp esi, eax
jb short loc_4072F7
movzx eax, word_40D060[eax*2]
and eax, [ebp+var_3C]
mov ecx, [ebx+510h]
lea eax, [ecx+eax*4]
movzx edx, byte ptr [eax+1]
movzx eax, word ptr [eax+2]
cmp eax, 10h
mov [ebp+var_C], eax
jnb short loc_407359
mov ecx, edx
shr [ebp+var_3C], cl
mov ecx, [ebx+8]
sub esi, edx
mov [ebx+ecx*4+0Ch], eax
inc dword ptr [ebx+8]
mov [ebp+var_38], esi
jmp loc_407409
; ---------------------------------------------------------------------------
loc_407359: ; CODE XREF: sub_406E81+4BD�j
cmp eax, 12h
jnz short loc_40736A
push 7
pop eax
mov [ebp+var_4], 0Bh
jmp short loc_407397
; ---------------------------------------------------------------------------
loc_40736A: ; CODE XREF: sub_406E81+4DB�j
add eax, 0FFFFFFF2h
mov [ebp+var_4], 3
jmp short loc_407397
; ---------------------------------------------------------------------------
loc_407376: ; CODE XREF: sub_406E81+51B�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov ecx, [ebp+var_34]
movzx edi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, esi
shl edi, cl
or [ebp+var_3C], edi
inc [ebp+var_34]
add esi, 8
loc_407397: ; CODE XREF: sub_406E81+4E7�j
; sub_406E81+4F3�j
lea ecx, [eax+edx]
cmp esi, ecx
jb short loc_407376
mov ecx, edx
shr [ebp+var_3C], cl
movzx ecx, word_40D060[eax*2]
and ecx, [ebp+var_3C]
sub esi, edx
mov edx, [ebp+var_4]
add edx, ecx
mov ecx, eax
shr [ebp+var_3C], cl
mov ecx, [ebx+8]
sub esi, eax
mov eax, [ebx+4]
mov edi, eax
shr edi, 5
and edi, 1Fh
and eax, 1Fh
lea eax, [edi+eax+102h]
lea edi, [edx+ecx]
cmp edi, eax
mov [ebp+var_38], esi
ja loc_406F44
cmp [ebp+var_C], 10h
jnz short loc_4073F7
cmp ecx, 1
jb loc_406F44
mov edi, [ebx+ecx*4+8]
jmp short loc_4073F9
; ---------------------------------------------------------------------------
loc_4073F7: ; CODE XREF: sub_406E81+565�j
xor edi, edi
loc_4073F9: ; CODE XREF: sub_406E81+574�j
lea eax, [ebx+ecx*4+0Ch]
loc_4073FD: ; CODE XREF: sub_406E81+583�j
mov [eax], edi
inc ecx
add eax, 4
dec edx
jnz short loc_4073FD
mov [ebx+8], ecx
loc_407409: ; CODE XREF: sub_406E81+456�j
; sub_406E81+469�j ...
mov eax, [ebx+4]
mov ecx, eax
shr ecx, 5
and ecx, 1Fh
and eax, 1Fh
lea eax, [ecx+eax+102h]
cmp [ebx+8], eax
jb loc_4072EF
mov eax, [ebx+4]
and dword ptr [ebx+510h], 0
and [ebp+var_8], 0
mov edi, eax
shr eax, 5
and eax, 1Fh
mov ecx, 101h
and edi, 1Fh
add edi, ecx
inc eax
mov [ebp+var_10], eax
lea edx, [ebp+var_8]
push edx
lea eax, [ebx+520h]
push eax
lea eax, [ebp+var_14]
push eax
push offset dword_409FA4
push offset dword_409F64
push ecx
push edi
lea eax, [ebx+0Ch]
push eax
lea eax, [ebp+var_4]
mov [ebp+var_4], 9
mov [ebp+var_C], 6
call sub_406B57
cmp [ebp+var_4], 0
jnz short loc_407489
or eax, 0FFFFFFFFh
loc_407489: ; CODE XREF: sub_406E81+603�j
test eax, eax
jnz loc_406F44
lea eax, [ebp+var_8]
push eax
lea eax, [ebx+520h]
push eax
lea eax, [ebp+var_18]
push eax
push offset dword_40A020
push offset dword_409FE4
push 0
push [ebp+var_10]
lea eax, [ebx+edi*4+0Ch]
push eax
lea eax, [ebp+var_C]
call sub_406B57
test eax, eax
jnz loc_406F44
mov eax, [ebp+var_C]
test eax, eax
jnz short loc_4074D7
cmp edi, 101h
jg loc_406F44
loc_4074D7: ; CODE XREF: sub_406E81+648�j
mov cl, byte ptr [ebp+var_4]
and dword ptr [ebx], 0
mov [ebx+11h], al
mov eax, [ebp+var_14]
mov [ebx+14h], eax
mov eax, [ebp+var_18]
mov [ebx+10h], cl
mov [ebx+18h], eax
jmp short loc_4074F4
; ---------------------------------------------------------------------------
loc_4074F1: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:off_40793F�o
mov esi, [ebp+var_38]
loc_4074F4: ; CODE XREF: sub_406E81+66E�j
movzx eax, byte ptr [ebx+10h]
mov [ebx+0Ch], eax
mov eax, [ebx+14h]
mov [ebx+8], eax
mov dword ptr [ebx], 1
jmp short loc_40750C
; ---------------------------------------------------------------------------
loc_407509: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407943�o
mov esi, [ebp+var_38]
loc_40750C: ; CODE XREF: sub_406E81+686�j
mov eax, [ebx+0Ch]
jmp short loc_407532
; ---------------------------------------------------------------------------
loc_407511: ; CODE XREF: sub_406E81+6B3�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov ecx, [ebp+var_34]
movzx edx, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, esi
shl edx, cl
or [ebp+var_3C], edx
inc [ebp+var_34]
add esi, 8
loc_407532: ; CODE XREF: sub_406E81+68E�j
cmp esi, eax
jb short loc_407511
movzx eax, word_40D060[eax*2]
and eax, [ebp+var_3C]
mov ecx, [ebx+8]
lea eax, [ecx+eax*4]
movzx ecx, byte ptr [eax+1]
shr [ebp+var_3C], cl
sub esi, ecx
movzx ecx, byte ptr [eax]
test ecx, ecx
mov [ebp+var_38], esi
jnz short loc_40756C
movzx eax, word ptr [eax+2]
mov [ebx+8], eax
mov dword ptr [ebx], 6
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_40756C: ; CODE XREF: sub_406E81+6D7�j
test cl, 10h
jz short loc_407589
and ecx, 0Fh
mov [ebx+8], ecx
movzx eax, word ptr [eax+2]
mov [ebx+4], eax
mov dword ptr [ebx], 2
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407589: ; CODE XREF: sub_406E81+6EE�j
test cl, 40h
jz loc_407670
test cl, 20h
jz loc_406F44
mov dword ptr [ebx], 7
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_4075A6: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407947�o
mov eax, [ebx+8]
mov edx, [ebp+var_38]
jmp short loc_4075CF
; ---------------------------------------------------------------------------
loc_4075AE: ; CODE XREF: sub_406E81+750�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_407916
mov ecx, [ebp+var_34]
movzx esi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, edx
shl esi, cl
or [ebp+var_3C], esi
inc [ebp+var_34]
add edx, 8
loc_4075CF: ; CODE XREF: sub_406E81+72B�j
cmp edx, eax
jb short loc_4075AE
movzx ecx, word_40D060[eax*2]
and ecx, [ebp+var_3C]
add [ebx+4], ecx
mov ecx, eax
shr [ebp+var_3C], cl
sub edx, eax
movzx eax, byte ptr [ebx+11h]
mov [ebx+0Ch], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
mov dword ptr [ebx], 3
jmp short loc_407600
; ---------------------------------------------------------------------------
loc_4075FD: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040794B�o
mov edx, [ebp+var_38]
loc_407600: ; CODE XREF: sub_406E81+77A�j
mov eax, [ebx+0Ch]
jmp short loc_407626
; ---------------------------------------------------------------------------
loc_407605: ; CODE XREF: sub_406E81+7A7�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_407916
mov ecx, [ebp+var_34]
movzx esi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, edx
shl esi, cl
or [ebp+var_3C], esi
inc [ebp+var_34]
add edx, 8
loc_407626: ; CODE XREF: sub_406E81+782�j
cmp edx, eax
jb short loc_407605
movzx eax, word_40D060[eax*2]
and eax, [ebp+var_3C]
mov ecx, [ebx+8]
lea eax, [ecx+eax*4]
movzx ecx, byte ptr [eax+1]
shr [ebp+var_3C], cl
sub edx, ecx
movzx ecx, byte ptr [eax]
test cl, 10h
mov [ebp+var_38], edx
jz short loc_407667
and ecx, 0Fh
mov [ebx+8], ecx
movzx eax, word ptr [eax+2]
mov [ebx+0Ch], eax
mov dword ptr [ebx], 4
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407667: ; CODE XREF: sub_406E81+7CC�j
test cl, 40h
jnz loc_406F44
loc_407670: ; CODE XREF: sub_406E81+70B�j
mov [ebx+0Ch], ecx
movzx ecx, word ptr [eax+2]
lea eax, [eax+ecx*4]
mov [ebx+8], eax
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407682: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040794F�o
mov eax, [ebx+8]
mov edx, [ebp+var_38]
jmp short loc_4076AB
; ---------------------------------------------------------------------------
loc_40768A: ; CODE XREF: sub_406E81+82C�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_407916
mov ecx, [ebp+var_34]
movzx esi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, edx
shl esi, cl
or [ebp+var_3C], esi
inc [ebp+var_34]
add edx, 8
loc_4076AB: ; CODE XREF: sub_406E81+807�j
cmp edx, eax
jb short loc_40768A
movzx ecx, word_40D060[eax*2]
and ecx, [ebp+var_3C]
add [ebx+0Ch], ecx
mov ecx, eax
shr [ebp+var_3C], cl
sub edx, eax
mov [ebp+var_38], edx
mov dword ptr [ebx], 5
loc_4076CD: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407953�o
mov ecx, [ebp+var_2C]
mov eax, [ebx+0Ch]
mov edx, ecx
sub edx, ebx
sub edx, 1BA0h
cmp edx, eax
jnb short loc_4076F4
mov edx, [ebx+9BA0h]
sub edx, eax
sub edx, ebx
lea edi, [edx+ecx-1BA0h]
jmp short loc_4076F8
; ---------------------------------------------------------------------------
loc_4076F4: ; CODE XREF: sub_406E81+85E�j
mov edi, ecx
sub edi, eax
loc_4076F8: ; CODE XREF: sub_406E81+871�j
cmp dword ptr [ebx+4], 0
mov [ebp+var_1C], edi
jz loc_40705B
mov esi, [ebp+var_28]
mov eax, [ebp+var_2C]
loc_40770B: ; CODE XREF: sub_406E81+94A�j
test esi, esi
jnz loc_4077A3
mov esi, [ebx+9BA0h]
cmp eax, esi
jnz short loc_407740
mov ecx, [ebx+9BA4h]
lea edx, [ebx+1BA0h]
cmp ecx, edx
jz short loc_407740
mov eax, edx
cmp eax, ecx
jnb short loc_40773A
sub ecx, eax
dec ecx
mov esi, ecx
jmp short loc_40773C
; ---------------------------------------------------------------------------
loc_40773A: ; CODE XREF: sub_406E81+8B0�j
sub esi, eax
loc_40773C: ; CODE XREF: sub_406E81+8B7�j
test esi, esi
jnz short loc_4077A3
loc_407740: ; CODE XREF: sub_406E81+89A�j
; sub_406E81+8AA�j
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov eax, [ebx+9BA8h]
mov ecx, [ebx+9BA4h]
cmp eax, ecx
mov [ebp+var_2C], eax
jnb short loc_407768
mov esi, ecx
sub esi, eax
dec esi
jmp short loc_407770
; ---------------------------------------------------------------------------
loc_407768: ; CODE XREF: sub_406E81+8DE�j
mov esi, [ebx+9BA0h]
sub esi, eax
loc_407770: ; CODE XREF: sub_406E81+8E5�j
mov edx, [ebx+9BA0h]
cmp eax, edx
jnz short loc_407798
lea edi, [ebx+1BA0h]
cmp ecx, edi
jz short loc_407798
mov eax, edi
cmp eax, ecx
mov [ebp+var_2C], eax
jnb short loc_407794
sub ecx, eax
dec ecx
mov esi, ecx
jmp short loc_407798
; ---------------------------------------------------------------------------
loc_407794: ; CODE XREF: sub_406E81+90A�j
sub edx, eax
mov esi, edx
loc_407798: ; CODE XREF: sub_406E81+8F7�j
; sub_406E81+901�j ...
test esi, esi
jz loc_407930
mov edi, [ebp+var_1C]
loc_4077A3: ; CODE XREF: sub_406E81+88C�j
; sub_406E81+8BD�j
mov cl, [edi]
mov [eax], cl
inc eax
inc edi
dec esi
cmp edi, [ebx+9BA0h]
mov [ebp+var_2C], eax
mov [ebp+var_1C], edi
mov [ebp+var_28], esi
jnz short loc_4077C4
lea edi, [ebx+1BA0h]
mov [ebp+var_1C], edi
loc_4077C4: ; CODE XREF: sub_406E81+938�j
dec dword ptr [ebx+4]
cmp dword ptr [ebx+4], 0
jnz loc_40770B
jmp loc_40705B
; ---------------------------------------------------------------------------
loc_4077D6: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407957�o
cmp [ebp+var_28], 0
jnz loc_407878
mov ecx, [ebx+9BA0h]
cmp [ebp+var_2C], ecx
jnz short loc_407813
mov eax, [ebx+9BA4h]
lea edx, [ebx+1BA0h]
cmp edx, eax
jz short loc_407813
mov [ebp+var_2C], edx
jnb short loc_407808
sub eax, edx
dec eax
mov [ebp+var_28], eax
jmp short loc_40780D
; ---------------------------------------------------------------------------
loc_407808: ; CODE XREF: sub_406E81+97D�j
sub ecx, edx
mov [ebp+var_28], ecx
loc_40780D: ; CODE XREF: sub_406E81+985�j
cmp [ebp+var_28], 0
jnz short loc_407878
loc_407813: ; CODE XREF: sub_406E81+968�j
; sub_406E81+978�j
mov eax, [ebp+var_2C]
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov esi, [ebx+9BA8h]
mov ecx, [ebx+9BA4h]
cmp esi, ecx
mov [ebp+var_2C], esi
jnb short loc_40783E
mov eax, ecx
sub eax, esi
dec eax
jmp short loc_407846
; ---------------------------------------------------------------------------
loc_40783E: ; CODE XREF: sub_406E81+9B4�j
mov eax, [ebx+9BA0h]
sub eax, esi
loc_407846: ; CODE XREF: sub_406E81+9BB�j
mov edx, [ebx+9BA0h]
cmp esi, edx
mov [ebp+var_28], eax
jnz short loc_407870
lea esi, [ebx+1BA0h]
cmp esi, ecx
jz short loc_407870
mov [ebp+var_2C], esi
jnb short loc_407869
sub ecx, esi
dec ecx
mov eax, ecx
jmp short loc_40786D
; ---------------------------------------------------------------------------
loc_407869: ; CODE XREF: sub_406E81+9DF�j
sub edx, esi
mov eax, edx
loc_40786D: ; CODE XREF: sub_406E81+9E6�j
mov [ebp+var_28], eax
loc_407870: ; CODE XREF: sub_406E81+9D0�j
; sub_406E81+9DA�j
test eax, eax
jz loc_407930
loc_407878: ; CODE XREF: sub_406E81+959�j
; sub_406E81+990�j
mov ecx, [ebp+var_2C]
mov al, [ebx+8]
inc [ebp+var_2C]
dec [ebp+var_28]
mov [ecx], al
jmp loc_40705B
; ---------------------------------------------------------------------------
loc_40788B: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040795B�o
cmp [ebp+var_38], 7
jbe short loc_40789B
sub [ebp+var_38], 8
inc [ebp+var_30]
dec [ebp+var_34]
loc_40789B: ; CODE XREF: sub_406E81:loc_406ED5�j
; sub_406E81+A0E�j
; DATA XREF: ...
mov eax, [ebp+var_2C]
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov ecx, [ebx+9BA8h]
mov edx, [ebx+9BA4h]
cmp ecx, edx
mov [ebp+var_2C], ecx
jnb short loc_4078C6
mov eax, edx
sub eax, ecx
dec eax
jmp short loc_4078CE
; ---------------------------------------------------------------------------
loc_4078C6: ; CODE XREF: sub_406E81+A3C�j
mov eax, [ebx+9BA0h]
sub eax, ecx
loc_4078CE: ; CODE XREF: sub_406E81+A43�j
cmp ecx, edx
mov [ebp+var_28], eax
jnz short loc_407930
mov eax, [ebx+514h]
cmp eax, 8
mov [ebx], eax
jnz short loc_407937
loc_4078E2: ; CODE XREF: sub_406E81+4F�j
; sub_406E81+BD�j ...
mov eax, [ebx]
cmp eax, 0Fh
jbe loc_406ED5
jmp loc_406F44
; ---------------------------------------------------------------------------
loc_4078F2: ; CODE XREF: sub_406E81+207�j
mov [ebx+518h], ecx
jmp short loc_40791C
; ---------------------------------------------------------------------------
loc_4078FA: ; CODE XREF: sub_406E81+249�j
mov eax, [ebp+var_3C]
mov [ebx+51Ch], eax
mov eax, [ebp+var_38]
mov [ebx+518h], eax
jmp short loc_407925
; ---------------------------------------------------------------------------
loc_40790E: ; CODE XREF: sub_406E81+65�j
; sub_406E81+33D�j ...
mov [ebx+518h], esi
jmp short loc_40791C
; ---------------------------------------------------------------------------
loc_407916: ; CODE XREF: sub_406E81+732�j
; sub_406E81+789�j ...
mov [ebx+518h], edx
loc_40791C: ; CODE XREF: sub_406E81+A77�j
; sub_406E81+A93�j
mov eax, [ebp+var_3C]
mov [ebx+51Ch], eax
loc_407925: ; CODE XREF: sub_406E81+A8B�j
mov eax, [ebp+arg_0]
mov [eax+4], edi
jmp loc_406F68
; ---------------------------------------------------------------------------
loc_407930: ; CODE XREF: sub_406E81+2E9�j
; sub_406E81+919�j ...
xor edi, edi
jmp loc_406F4D
; ---------------------------------------------------------------------------
loc_407937: ; CODE XREF: sub_406E81+A5F�j
xor edi, edi
inc edi
jmp loc_406F4D
sub_406E81 endp
; ---------------------------------------------------------------------------
off_40793F dd offset loc_4074F1 ; DATA XREF: sub_406E81:loc_406ED5�r
dd offset loc_407509
dd offset loc_4075A6
dd offset loc_4075FD
dd offset loc_407682
dd offset loc_4076CD
dd offset loc_4077D6
dd offset loc_40788B
dd offset loc_406EDC
dd offset loc_40707B
dd offset loc_4070C5
dd offset loc_4071B4
dd offset loc_40721E
dd offset loc_4072E7
dd offset loc_406F44
dd offset loc_40789B
align 10h
jmp ds:dword_409028
; ---------------------------------------------------------------------------
jmp ds:dword_409030
; ---------------------------------------------------------------------------
jmp ds:dword_40902C
; ---------------------------------------------------------------------------
jmp ds:dword_409034
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407998 proc near ; CODE XREF: sub_40161F+E6D�p
jmp ds:dword_409294
sub_407998 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40799E proc near ; CODE XREF: sub_40161F+E54�p
jmp ds:dword_409290
sub_40799E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079A4 proc near ; CODE XREF: sub_40161F+E20�p
jmp ds:dword_40928C
sub_4079A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079AA proc near ; CODE XREF: sub_4083A3+30�p
; DATA XREF: sub_4079AA+D�o
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push 1Ch
lea eax, [ebp+var_1C]
push eax
push offset sub_4079AA
xor esi, esi
call ds:dword_409124 ; VirtualQuery
test eax, eax
jz short loc_4079CB
mov esi, [ebp+var_18]
loc_4079CB: ; CODE XREF: sub_4079AA+1C�j
mov eax, esi
pop esi
leave
retn
sub_4079AA endp
; =============== S U B R O U T I N E =======================================
sub_4079D0 proc near ; CODE XREF: sub_4083A3+1B6�p
push esi
mov esi, ds:dword_409138
push offset aFccreatekey ; "FCCreateKey"
push edi
call esi ; GetProcAddress
push offset aFcsetkeyoption ; "FCSetKeyOptions"
push edi
mov dword_431C50, eax
call esi ; GetProcAddress
push offset aFccreatepersis ; "FCCreatePersistentKey"
push edi
mov dword_431C54, eax
call esi ; GetProcAddress
push offset aFccreatecounte ; "FCCreateCounter"
push edi
mov dword_431C58, eax
call esi ; GetProcAddress
push offset aFccreatepers_0 ; "FCCreatePersistentCounter"
push edi
mov dword_431C5C, eax
call esi ; GetProcAddress
push offset aFcflushnonshar ; "FCFlushNonSharedPersistentKeys"
push edi
mov dword_431C60, eax
call esi ; GetProcAddress
push offset aFcadddatatokey ; "FCAddDataToKey"
push edi
mov dword_431C64, eax
call esi ; GetProcAddress
push offset aFcdeletedatafr ; "FCDeleteDataFromKey"
push edi
mov dword_431C68, eax
call esi ; GetProcAddress
push offset aFcaddinttokey ; "FCAddIntToKey"
push edi
mov dword_431C6C, eax
call esi ; GetProcAddress
push offset aFcdeleteintfro ; "FCDeleteIntFromKey"
push edi
mov dword_431C70, eax
call esi ; GetProcAddress
push offset aFcaddstringtok ; "FCAddStringToKey"
push edi
mov dword_431C74, eax
call esi ; GetProcAddress
push offset aFcdeletestring ; "FCDeleteStringFromKey"
push edi
mov dword_431C78, eax
call esi ; GetProcAddress
push offset aFcadddatetokey ; "FCAddDateToKey"
push edi
mov dword_431C7C, eax
call esi ; GetProcAddress
push offset aFcdeletedatefr ; "FCDeleteDateFromKey"
push edi
mov dword_431C80, eax
call esi ; GetProcAddress
push offset aFcsetcounter ; "FCSetCounter"
push edi
mov dword_431C84, eax
call esi ; GetProcAddress
push offset aFcincrementcou ; "FCIncrementCounter"
push edi
mov dword_431C88, eax
call esi ; GetProcAddress
push offset aFcdecrementcou ; "FCDecrementCounter"
push edi
mov dword_431C8C, eax
call esi ; GetProcAddress
push offset aFcgetcounter ; "FCGetCounter"
push edi
mov dword_431C90, eax
call esi ; GetProcAddress
push offset aFcregistermemo ; "FCRegisterMemory"
push edi
mov dword_431C94, eax
call esi ; GetProcAddress
push offset aFcunregisterme ; "FCUnregisterMemory"
push edi
mov dword_431C98, eax
call esi ; GetProcAddress
push offset aFcexceptionhan ; "FCExceptionHandler"
push edi
mov dword_431C9C, eax
call esi ; GetProcAddress
push offset aFcsetminidump ; "FCSetMiniDump"
push edi
mov dword_431CA0, eax
call esi ; GetProcAddress
push offset aFctraceinterna ; "FCTraceInternal"
push edi
mov dword_431CF8, eax
call esi ; GetProcAddress
push offset aFcassertintern ; "FCAssertInternal1"
push edi
mov dword_431CD0, eax
call esi ; GetProcAddress
push offset aFccleanup ; "FCCleanup"
push edi
mov dword_431CD4, eax
call esi ; GetProcAddress
push offset aFcassertparami ; "FCAssertParamInternal1"
push edi
mov dword_431CD8, eax
call esi ; GetProcAddress
push offset aFctraceparamin ; "FCTraceParamInternal"
push edi
mov dword_431CDC, eax
call esi ; GetProcAddress
push offset aFclibraryversi ; "FCLibraryVersion"
push edi
mov dword_431CE0, eax
call esi ; GetProcAddress
push offset aFcinitializewi ; "FCInitializeWithManifestInternal"
push edi
mov dword_431CE4, eax
call esi ; GetProcAddress
push offset aFcinitialize_0 ; "FCInitializeWithManifestInternalEx"
push edi
mov dword_431CE8, eax
call esi ; GetProcAddress
push offset aFctriggerinter ; "FCTriggerInternal1"
push edi
mov dword_431CF4, eax
call esi ; GetProcAddress
push offset aFccreatesuppor ; "FCCreateSupportIncidentInternal"
push edi
mov dword_431CEC, eax
call esi ; GetProcAddress
push offset aFcsetuistate ; "FCSetUIState"
push edi
mov dword_431CF0, eax
call esi ; GetProcAddress
push offset aFcclearkeys ; "FCClearKeys"
push edi
mov dword_431CA4, eax
call esi ; GetProcAddress
push offset aFcclearcounter ; "FCClearCounters"
push edi
mov dword_431CA8, eax
call esi ; GetProcAddress
push offset aFcclearkey ; "FCClearKey"
push edi
mov dword_431CAC, eax
call esi ; GetProcAddress
push offset aFcdeletekey ; "FCDeleteKey"
push edi
mov dword_431CB0, eax
call esi ; GetProcAddress
push offset aFcstarttimer ; "FCStartTimer"
push edi
mov dword_431CB4, eax
call esi ; GetProcAddress
push offset aFcheartbeattim ; "FCHeartbeatTimer"
push edi
mov dword_431CB8, eax
call esi ; GetProcAddress
push offset aFcendtimer ; "FCEndTimer"
push edi
mov dword_431CBC, eax
call esi ; GetProcAddress
mov dword_431CC0, eax
push offset aFcgetsessionun ; "FCGetSessionUniqueID"
push edi
call esi ; GetProcAddress
push offset aFcsetlocale ; "FCSetLocale"
push edi
mov dword_431CC4, eax
call esi ; GetProcAddress
push offset aFcrunmemtest ; "FCRunMemTest"
push edi
mov dword_431CC8, eax
call esi ; GetProcAddress
mov dword_431CCC, eax
pop esi
retn
sub_4079D0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C50
test eax, eax
push esi
push 2
pop esi
jz short loc_407C3D
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407C3D
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C50
add esp, 14h
mov esi, eax
loc_407C3D: ; CODE XREF: .text:00407C16�j
; .text:00407C21�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C58
test eax, eax
push esi
push 2
pop esi
jz short loc_407C77
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407C77
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C58
add esp, 14h
mov esi, eax
loc_407C77: ; CODE XREF: .text:00407C50�j
; .text:00407C5B�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C5C
test eax, eax
push esi
push 2
pop esi
jz short loc_407CA3
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407CA3
push dword ptr [ebp+8]
call dword_431C5C
pop ecx
mov esi, eax
loc_407CA3: ; CODE XREF: .text:00407C8A�j
; .text:00407C95�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C60
test eax, eax
push esi
push 2
pop esi
jz short loc_407CCF
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407CCF
push dword ptr [ebp+8]
call dword_431C60
pop ecx
mov esi, eax
loc_407CCF: ; CODE XREF: .text:00407CB6�j
; .text:00407CC1�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
mov eax, dword_431CA8
test eax, eax
push esi
push 2
pop esi
jz short loc_407CF4
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407CF4
call dword_431CA8
mov esi, eax
loc_407CF4: ; CODE XREF: .text:00407CDF�j
; .text:00407CEA�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
mov eax, dword_431CAC
test eax, eax
push esi
push 2
pop esi
jz short loc_407D18
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407D18
call dword_431CAC
mov esi, eax
loc_407D18: ; CODE XREF: .text:00407D03�j
; .text:00407D0E�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CB0
test eax, eax
push esi
push 2
pop esi
jz short loc_407D43
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407D43
push dword ptr [ebp+8]
call dword_431CB0
pop ecx
mov esi, eax
loc_407D43: ; CODE XREF: .text:00407D2A�j
; .text:00407D35�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CB4
test eax, eax
push esi
push 2
pop esi
jz short loc_407D6F
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407D6F
push dword ptr [ebp+8]
call dword_431CB4
pop ecx
mov esi, eax
loc_407D6F: ; CODE XREF: .text:00407D56�j
; .text:00407D61�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C68
test eax, eax
push esi
push 2
pop esi
jz short loc_407DA3
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407DA3
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C68
add esp, 0Ch
mov esi, eax
loc_407DA3: ; CODE XREF: .text:00407D82�j
; .text:00407D8D�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C70
test eax, eax
push esi
push 2
pop esi
jz short loc_407DD3
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407DD3
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C70
pop ecx
pop ecx
mov esi, eax
loc_407DD3: ; CODE XREF: .text:00407DB6�j
; .text:00407DC1�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C78
test eax, eax
push esi
push 2
pop esi
jz short loc_407E03
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407E03
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C78
pop ecx
pop ecx
mov esi, eax
loc_407E03: ; CODE XREF: .text:00407DE6�j
; .text:00407DF1�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C98
test eax, eax
push esi
push 2
pop esi
jz short loc_407E40
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407E40
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C98
add esp, 18h
mov esi, eax
loc_407E40: ; CODE XREF: .text:00407E16�j
; .text:00407E21�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C9C
test eax, eax
push esi
push 2
pop esi
jz short loc_407E6C
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407E6C
push dword ptr [ebp+8]
call dword_431C9C
pop ecx
mov esi, eax
loc_407E6C: ; CODE XREF: .text:00407E53�j
; .text:00407E5E�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C80
test eax, eax
push esi
push 2
pop esi
jz short loc_407E9C
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407E9C
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C80
pop ecx
pop ecx
mov esi, eax
loc_407E9C: ; CODE XREF: .text:00407E7F�j
; .text:00407E8A�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C88
test eax, eax
push esi
push 2
pop esi
jz short loc_407ECC
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407ECC
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C88
pop ecx
pop ecx
mov esi, eax
loc_407ECC: ; CODE XREF: .text:00407EAF�j
; .text:00407EBA�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C8C
test eax, eax
push esi
push 2
pop esi
jz short loc_407EFC
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407EFC
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C8C
pop ecx
pop ecx
mov esi, eax
loc_407EFC: ; CODE XREF: .text:00407EDF�j
; .text:00407EEA�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C90
test eax, eax
push esi
push 2
pop esi
jz short loc_407F2C
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407F2C
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C90
pop ecx
pop ecx
mov esi, eax
loc_407F2C: ; CODE XREF: .text:00407F0F�j
; .text:00407F1A�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C94
push esi
xor esi, esi
test eax, eax
jz short loc_407F57
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407F57
push dword ptr [ebp+8]
call dword_431C94
pop ecx
mov esi, eax
loc_407F57: ; CODE XREF: .text:00407F3E�j
; .text:00407F49�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CD0
test eax, eax
jz short loc_407F82
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407F82
lea eax, [ebp+0Ch]
push eax
push dword ptr [ebp+8]
call dword_431CD0
pop ecx
pop ecx
loc_407F82: ; CODE XREF: .text:00407F66�j
; .text:00407F71�j
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CA0
test eax, eax
jz short loc_407FA2
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407FA2
pop ebp
jmp dword_431CA0
; ---------------------------------------------------------------------------
loc_407FA2: ; CODE XREF: .text:00407F8E�j
; .text:00407F99�j
pop ebp
retn
; ---------------------------------------------------------------------------
mov eax, dword_431CD8
test eax, eax
push esi
push 2
pop esi
jz short loc_407FC4
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_407FC4
call dword_431CD8
mov esi, eax
loc_407FC4: ; CODE XREF: .text:00407FAF�j
; .text:00407FBA�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-0Ch], ebp
mov eax, [ebp-0Ch]
add eax, 8
mov [ebp-0Ch], eax
cmp dword_431CD4, 0
jz short locret_408011
push dword_431CD4
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short locret_408011
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
call dword_431CD4
add esp, 0Ch
locret_408011: ; CODE XREF: .text:00407FED�j
; .text:00407FFD�j
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
cmp dword_431CDC, 0
jz short locret_408062
push dword_431CDC
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short locret_408062
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-0Ch], ebp
mov eax, [ebp-0Ch]
add eax, 8
mov [ebp-0Ch], eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
call dword_431CDC
add esp, 14h
locret_408062: ; CODE XREF: .text:00408020�j
; .text:00408030�j
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov dword ptr [ebp-10h], 2
pusha
mov [ebp-0Ch], esp
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-14h], ebp
mov eax, [ebp-14h]
add eax, 8
mov [ebp-14h], eax
cmp dword_431CEC, 0
jz short loc_4080C6
push dword_431CEC
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_4080C6
push 0
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call dword_431CEC
add esp, 18h
mov [ebp-10h], eax
loc_4080C6: ; CODE XREF: .text:00408097�j
; .text:004080A7�j
popa
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov dword ptr [ebp-10h], 2
pusha
mov [ebp-0Ch], esp
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-14h], ebp
mov eax, [ebp-14h]
add eax, 8
mov [ebp-14h], eax
cmp dword_431CA4, 0
jz short loc_40811D
push dword_431CA4
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_40811D
push 0
call dword_431CA4
pop ecx
loc_40811D: ; CODE XREF: .text:00408102�j
; .text:00408112�j
cmp dword_431CEC, 0
jz short loc_408153
push dword_431CEC
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408153
push 0
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call dword_431CEC
add esp, 18h
mov [ebp-10h], eax
loc_408153: ; CODE XREF: .text:00408124�j
; .text:00408134�j
cmp dword_431CA4, 0
jz short loc_408175
push dword_431CA4
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408175
push 1
call dword_431CA4
pop ecx
loc_408175: ; CODE XREF: .text:0040815A�j
; .text:0040816A�j
popa
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov dword ptr [ebp-10h], 2
pusha
mov [ebp-0Ch], esp
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-14h], ebp
mov eax, [ebp-14h]
add eax, 8
mov [ebp-14h], eax
cmp dword_431CF0, 0
jz short loc_4081DE
push dword_431CF0
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_4081DE
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call dword_431CF0
add esp, 14h
mov [ebp-10h], eax
loc_4081DE: ; CODE XREF: .text:004081B1�j
; .text:004081C1�j
popa
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-4], 0
cmp dword_431CB8, 0
jz short loc_408215
push dword_431CB8
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408215
push dword ptr [ebp+8]
call dword_431CB8
pop ecx
mov [ebp-4], eax
loc_408215: ; CODE XREF: .text:004081F6�j
; .text:00408206�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CBC, 0
jz short loc_40824B
push dword_431CBC
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_40824B
push dword ptr [ebp+8]
call dword_431CBC
pop ecx
mov [ebp-4], eax
loc_40824B: ; CODE XREF: .text:0040822C�j
; .text:0040823C�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CC0, 0
jz short loc_408281
push dword_431CC0
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408281
push dword ptr [ebp+8]
call dword_431CC0
pop ecx
mov [ebp-4], eax
loc_408281: ; CODE XREF: .text:00408262�j
; .text:00408272�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CC4, 0
jz short loc_4082B7
push dword_431CC4
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_4082B7
push dword ptr [ebp+8]
call dword_431CC4
pop ecx
mov [ebp-4], eax
loc_4082B7: ; CODE XREF: .text:00408298�j
; .text:004082A8�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CC8, 0
jz short loc_4082ED
push dword_431CC8
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_4082ED
push dword ptr [ebp+8]
call dword_431CC8
pop ecx
mov [ebp-4], eax
loc_4082ED: ; CODE XREF: .text:004082CE�j
; .text:004082DE�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CE0
test eax, eax
jz short loc_40831F
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_40831F
lea eax, [ebp+14h]
push eax
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431CE0
add esp, 10h
loc_40831F: ; CODE XREF: .text:004082FC�j
; .text:00408307�j
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CF8
test eax, eax
push esi
push 2
pop esi
jz short loc_40834C
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_40834C
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431CF8
pop ecx
pop ecx
mov esi, eax
loc_40834C: ; CODE XREF: .text:0040832F�j
; .text:0040833A�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CCC
test eax, eax
push esi
push 2
pop esi
jz short loc_408378
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408378
push dword ptr [ebp+8]
call dword_431CCC
pop ecx
mov esi, eax
loc_408378: ; CODE XREF: .text:0040835F�j
; .text:0040836A�j
mov eax, esi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40837D proc near ; CODE XREF: sub_4083A3+49�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push esi
call ds:dword_409100 ; lstrlenA
test eax, eax
jl short loc_40839A
loc_40838F: ; CODE XREF: sub_40837D+1B�j
mov cl, [eax+esi]
cmp cl, [ebp+arg_4]
jz short loc_40839F
dec eax
jns short loc_40838F
loc_40839A: ; CODE XREF: sub_40837D+10�j
xor eax, eax
loc_40839C: ; CODE XREF: sub_40837D+24�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40839F: ; CODE XREF: sub_40837D+18�j
add eax, esi
jmp short loc_40839C
sub_40837D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083A3 proc near ; CODE XREF: sub_40884C+6�p
var_118 = byte ptr -118h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
mov edi, offset aTbdiag_dll ; "tbdiag.dll"
push edi
call ds:dword_409068 ; GetModuleHandleA
test eax, eax
mov [ebp+var_8], eax
jnz loc_408547
mov ebx, 104h
lea eax, [ebp+var_118]
push ebx
push eax
call sub_4079AA
push eax
call ds:dword_4090BC ; GetModuleFileNameA
test eax, eax
jz short loc_40843D
lea eax, [ebp+var_118]
push 5Ch
push eax
call sub_40837D
test eax, eax
pop ecx
pop ecx
jz short loc_40843D
mov esi, ds:dword_4090E0
inc eax
push offset aTalkback_exe ; "talkback.exe"
push eax
mov [ebp+var_C], eax
call esi ; lstrcpyA
lea eax, [ebp+var_118]
push eax
call ds:dword_40908C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40843D
push edi
push [ebp+var_C]
call esi ; lstrcpyA
push 8
push 0
lea eax, [ebp+var_118]
push eax
call ds:dword_40912C ; LoadLibraryExA
test eax, eax
mov [ebp+var_8], eax
jnz loc_408547
loc_40843D: ; CODE XREF: sub_4083A3+3E�j
; sub_4083A3+52�j ...
mov esi, ds:dword_409008
and [ebp+var_C], 0
lea eax, [ebp+var_4]
push eax
push 1
push 0
mov [ebp+var_10], ebx
push offset aSoftwareAmeric ; "Software\\America Online\\Loader"
mov ebx, 80000002h
push ebx
call esi ; RegOpenKeyExA
test eax, eax
jnz loc_408569
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_14]
push eax
push 0
push offset aLoaderpath ; "LoaderPath"
push [ebp+var_4]
call ds:dword_40901C ; RegQueryValueExA
test eax, eax
jnz short loc_4084AE
cmp [ebp+var_10], eax
jz short loc_4084AE
cmp [ebp+var_14], 1
jnz short loc_4084AE
lea eax, [ebp+var_118]
push eax
call ds:dword_40908C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4084AE
mov [ebp+var_C], 1
loc_4084AE: ; CODE XREF: sub_4083A3+E5�j
; sub_4083A3+EA�j ...
push [ebp+var_4]
call ds:dword_409020 ; RegCloseKey
cmp [ebp+var_C], 0
jz loc_408569
lea eax, [ebp+var_4]
push eax
push 1
push 0
push offset aSoftwareAmer_0 ; "Software\\America Online\\AOL Diagnostics"...
push ebx
call esi ; RegOpenKeyExA
test eax, eax
jnz loc_408569
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_14]
push eax
xor ebx, ebx
push ebx
push offset aInstalldir ; "InstallDir"
push [ebp+var_4]
call ds:dword_40901C ; RegQueryValueExA
test eax, eax
jnz short loc_408539
cmp [ebp+var_10], ebx
jz short loc_408539
cmp [ebp+var_14], 1
jnz short loc_408539
mov esi, ds:dword_4090A4
push offset asc_409580 ; "\\"
lea eax, [ebp+var_118]
push eax
call esi ; lstrcatA
push edi
lea eax, [ebp+var_118]
push eax
call esi ; lstrcatA
push 8
push ebx
lea eax, [ebp+var_118]
push eax
call ds:dword_40912C ; LoadLibraryExA
mov [ebp+var_8], eax
loc_408539: ; CODE XREF: sub_4083A3+158�j
; sub_4083A3+15D�j ...
push [ebp+var_4]
call ds:dword_409020 ; RegCloseKey
cmp [ebp+var_8], ebx
jz short loc_408569
loc_408547: ; CODE XREF: sub_4083A3+1D�j
; sub_4083A3+94�j
cmp dword_431CFC, 0
jnz short loc_40855E
mov edi, [ebp+var_8]
mov dword_431CFC, edi
call sub_4079D0
loc_40855E: ; CODE XREF: sub_4083A3+1AB�j
inc word_431D00
xor eax, eax
jmp short loc_40856C
; ---------------------------------------------------------------------------
loc_408569: ; CODE XREF: sub_4083A3+BE�j
; sub_4083A3+118�j ...
xor eax, eax
inc eax
loc_40856C: ; CODE XREF: sub_4083A3+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_4083A3 endp
; =============== S U B R O U T I N E =======================================
sub_408571 proc near ; CODE XREF: .text:004085B4�p
; .text:004085FD�p ...
xor eax, eax
cmp dword_431CFC, eax
jz short locret_408585
cmp word_431D00, ax
jz short locret_408585
inc eax
locret_408585: ; CODE XREF: sub_408571+8�j
; sub_408571+11�j
retn
sub_408571 endp
; =============== S U B R O U T I N E =======================================
sub_408586 proc near ; CODE XREF: sub_40876F�p
mov eax, dword_431CFC
test eax, eax
jz short loc_4085AA
dec word_431D00
jnz short loc_4085AA
push eax
call ds:dword_40913C ; FreeLibrary
and dword_431CFC, 0
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4085AA: ; CODE XREF: sub_408586+7�j
; sub_408586+10�j
xor eax, eax
retn
sub_408586 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_4085CB
cmp dword_431C54, 0
jnz short loc_4085D4
push 7
pop eax
jmp short loc_4085F6
; ---------------------------------------------------------------------------
loc_4085CB: ; CODE XREF: .text:004085BB�j
cmp dword_431C54, 0
jz short loc_4085F4
loc_4085D4: ; CODE XREF: .text:004085C4�j
push dword_431C54
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_4085F4
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C54
pop ecx
pop ecx
mov esi, eax
loc_4085F4: ; CODE XREF: .text:004085D2�j
; .text:004085E2�j
mov eax, esi
loc_4085F6: ; CODE XREF: .text:004085C9�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_408614
cmp dword_431C64, 0
jnz short loc_40861D
push 7
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_408614: ; CODE XREF: .text:00408604�j
cmp dword_431C64, 0
jz short loc_408635
loc_40861D: ; CODE XREF: .text:0040860D�j
push dword_431C64
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408635
call dword_431C64
mov esi, eax
loc_408635: ; CODE XREF: .text:0040861B�j
; .text:0040862B�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_408657
cmp dword_431C6C, 0
jnz short loc_408660
push 7
pop eax
jmp short loc_408689
; ---------------------------------------------------------------------------
loc_408657: ; CODE XREF: .text:00408647�j
cmp dword_431C6C, 0
jz short loc_408687
loc_408660: ; CODE XREF: .text:00408650�j
push dword_431C6C
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408687
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C6C
add esp, 10h
mov esi, eax
loc_408687: ; CODE XREF: .text:0040865E�j
; .text:0040866E�j
mov eax, esi
loc_408689: ; CODE XREF: .text:00408655�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_4086AA
cmp dword_431C74, 0
jnz short loc_4086B3
push 7
pop eax
jmp short loc_4086D5
; ---------------------------------------------------------------------------
loc_4086AA: ; CODE XREF: .text:0040869A�j
cmp dword_431C74, 0
jz short loc_4086D3
loc_4086B3: ; CODE XREF: .text:004086A3�j
push dword_431C74
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_4086D3
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C74
pop ecx
pop ecx
mov esi, eax
loc_4086D3: ; CODE XREF: .text:004086B1�j
; .text:004086C1�j
mov eax, esi
loc_4086D5: ; CODE XREF: .text:004086A8�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_4086F6
cmp dword_431C7C, 0
jnz short loc_4086FF
push 7
pop eax
jmp short loc_408725
; ---------------------------------------------------------------------------
loc_4086F6: ; CODE XREF: .text:004086E6�j
cmp dword_431C7C, 0
jz short loc_408723
loc_4086FF: ; CODE XREF: .text:004086EF�j
push dword_431C7C
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_408723
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C7C
add esp, 0Ch
mov esi, eax
loc_408723: ; CODE XREF: .text:004086FD�j
; .text:0040870D�j
mov eax, esi
loc_408725: ; CODE XREF: .text:004086F4�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_408746
cmp dword_431C7C, 0
jnz short loc_408746
push 7
pop eax
jmp short loc_40876C
; ---------------------------------------------------------------------------
loc_408746: ; CODE XREF: .text:00408736�j
; .text:0040873F�j
mov eax, dword_431C84
test eax, eax
jz short loc_40876A
push eax
call ds:dword_409128 ; IsBadCodePtr
test eax, eax
jnz short loc_40876A
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C84
pop ecx
pop ecx
mov esi, eax
loc_40876A: ; CODE XREF: .text:0040874D�j
; .text:00408758�j
mov eax, esi
loc_40876C: ; CODE XREF: .text:00408744�j
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_40876F proc near ; CODE XREF: sub_40884C+14�p
; sub_40884C+22�p ...
call sub_408586
test eax, eax
jz locret_40884B
xor eax, eax
mov dword_431C50, eax
mov dword_431C58, eax
mov dword_431C5C, eax
mov dword_431C60, eax
mov dword_431C68, eax
mov dword_431C6C, eax
mov dword_431C70, eax
mov dword_431C74, eax
mov dword_431C78, eax
mov dword_431C7C, eax
mov dword_431C80, eax
mov dword_431C84, eax
mov dword_431C88, eax
mov dword_431C8C, eax
mov dword_431C90, eax
mov dword_431C94, eax
mov dword_431C98, eax
mov dword_431C9C, eax
mov dword_431CA0, eax
mov dword_431CD0, eax
mov dword_431CD4, eax
mov dword_431CD8, eax
mov dword_431CDC, eax
mov dword_431CE0, eax
mov dword_431CE4, eax
mov dword_431CE8, eax
mov dword_431CF4, eax
mov dword_431CF8, eax
mov dword_431CEC, eax
mov dword_431CF0, eax
mov dword_431CA4, eax
mov dword_431CA8, eax
mov dword_431CAC, eax
mov dword_431CB0, eax
mov dword_431CB4, eax
mov dword_431CB8, eax
mov dword_431CBC, eax
mov dword_431CC0, eax
mov dword_431CC4, eax
mov dword_431CC8, eax
mov dword_431CCC, eax
locret_40884B: ; CODE XREF: sub_40876F+7�j
retn
sub_40876F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40884C proc near ; CODE XREF: sub_4088D7+9�p
; .text:004088F2�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call sub_4083A3
test eax, eax
jz short loc_408865
cmp eax, 3
jz short loc_408865
call sub_40876F
loc_408865: ; CODE XREF: sub_40884C+D�j
; sub_40884C+12�j
mov eax, dword_431CE4
test eax, eax
jnz short loc_408878
call sub_40876F
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_408878: ; CODE XREF: sub_40884C+20�j
push esi
push 8
pop esi
push esi
call eax
cmp eax, 6
pop ecx
jnb short loc_40888F
loc_408885: ; CODE XREF: sub_40884C+6E�j
call sub_40876F
xor eax, eax
inc eax
jmp short loc_4088D4
; ---------------------------------------------------------------------------
loc_40888F: ; CODE XREF: sub_40884C+37�j
mov eax, dword_431CF4
test eax, eax
jz short loc_4088B3
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
lea ecx, [ebp+var_10]
push ecx
mov [ebp+var_10], 1
mov [ebp+var_C], esi
mov [ebp+var_8], edi
call eax
jmp short loc_4088C1
; ---------------------------------------------------------------------------
loc_4088B3: ; CODE XREF: sub_40884C+4A�j
mov eax, dword_431CE8
test eax, eax
jz short loc_408885
push edi
push esi
call eax
pop ecx
loc_4088C1: ; CODE XREF: sub_40884C+65�j
mov esi, eax
test esi, esi
pop ecx
jz short loc_4088D2
cmp esi, 3
jz short loc_4088D2
call sub_40876F
loc_4088D2: ; CODE XREF: sub_40884C+7A�j
; sub_40884C+7F�j
mov eax, esi
loc_4088D4: ; CODE XREF: sub_40884C+41�j
pop esi
leave
retn
sub_40884C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D7 proc near ; CODE XREF: start+1C�p .text:004088FD�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
push 0
call sub_40884C
pop ecx
pop edi
pop ebp
retn
sub_4088D7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+8]
push 1
call sub_40884C
pop ecx
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
push 0
call sub_4088D7
pop ecx
retn
; ---------------------------------------------------------------------------
jmp ds:dword_409130
; ---------------------------------------------------------------------------
jmp ds:dword_409134
; ---------------------------------------------------------------------------
jmp ds:dword_409140
; ---------------------------------------------------------------------------
jmp ds:dword_409164
; ---------------------------------------------------------------------------
jmp ds:dword_409160
; ---------------------------------------------------------------------------
jmp ds:dword_40915C
; ---------------------------------------------------------------------------
jmp ds:dword_409158
; ---------------------------------------------------------------------------
jmp ds:dword_409154
; ---------------------------------------------------------------------------
jmp ds:dword_409150
; ---------------------------------------------------------------------------
jmp ds:dword_40914C
; ---------------------------------------------------------------------------
jmp ds:dword_409148
; ---------------------------------------------------------------------------
jmp ds:dword_409144
; ---------------------------------------------------------------------------
jmp ds:dword_40913C
; ---------------------------------------------------------------------------
jmp ds:dword_409138
; ---------------------------------------------------------------------------
jmp ds:dword_4090C4
; ---------------------------------------------------------------------------
jmp ds:dword_409060
; ---------------------------------------------------------------------------
jmp ds:dword_409064
; ---------------------------------------------------------------------------
jmp ds:dword_409068
; ---------------------------------------------------------------------------
jmp ds:dword_40906C
; ---------------------------------------------------------------------------
jmp ds:dword_409070
; ---------------------------------------------------------------------------
jmp ds:dword_409074
; ---------------------------------------------------------------------------
jmp ds:dword_409078
; ---------------------------------------------------------------------------
jmp ds:dword_40907C
; ---------------------------------------------------------------------------
jmp ds:dword_409080
; ---------------------------------------------------------------------------
jmp ds:dword_409084
; ---------------------------------------------------------------------------
jmp ds:dword_409088
; ---------------------------------------------------------------------------
jmp ds:dword_40908C
; ---------------------------------------------------------------------------
jmp ds:dword_409090
; ---------------------------------------------------------------------------
jmp ds:dword_409094
; ---------------------------------------------------------------------------
jmp ds:dword_409098
; ---------------------------------------------------------------------------
jmp ds:dword_40909C
; ---------------------------------------------------------------------------
jmp ds:dword_4090A0
; ---------------------------------------------------------------------------
jmp ds:dword_4090A4
; ---------------------------------------------------------------------------
jmp ds:dword_4090A8
; ---------------------------------------------------------------------------
jmp ds:dword_4090AC
; ---------------------------------------------------------------------------
jmp ds:dword_4090B0
; ---------------------------------------------------------------------------
jmp ds:dword_4090B4
; ---------------------------------------------------------------------------
jmp ds:dword_4090B8
; ---------------------------------------------------------------------------
jmp ds:dword_4090BC
; ---------------------------------------------------------------------------
jmp ds:dword_4090C0
; ---------------------------------------------------------------------------
jmp ds:dword_409168
; ---------------------------------------------------------------------------
jmp ds:dword_4090C8
; ---------------------------------------------------------------------------
jmp ds:dword_4090CC
; ---------------------------------------------------------------------------
jmp ds:dword_4090D0
; ---------------------------------------------------------------------------
jmp ds:dword_4090D4
; ---------------------------------------------------------------------------
jmp ds:dword_4090D8
; ---------------------------------------------------------------------------
jmp ds:dword_4090DC
; ---------------------------------------------------------------------------
jmp ds:dword_4090E0
; ---------------------------------------------------------------------------
jmp ds:dword_4090E4
; ---------------------------------------------------------------------------
jmp ds:dword_4090E8
; ---------------------------------------------------------------------------
jmp ds:dword_4090EC
; ---------------------------------------------------------------------------
jmp ds:dword_4090F0
; ---------------------------------------------------------------------------
jmp ds:dword_4090F4
; ---------------------------------------------------------------------------
jmp ds:dword_4090F8
; ---------------------------------------------------------------------------
jmp ds:dword_4090FC
; ---------------------------------------------------------------------------
jmp ds:dword_409100
; ---------------------------------------------------------------------------
jmp ds:dword_409104
; ---------------------------------------------------------------------------
jmp ds:dword_409108
; ---------------------------------------------------------------------------
jmp ds:dword_40910C
; ---------------------------------------------------------------------------
jmp ds:dword_409110
; ---------------------------------------------------------------------------
jmp ds:dword_409114
; ---------------------------------------------------------------------------
jmp ds:dword_409118
; ---------------------------------------------------------------------------
jmp ds:dword_40911C
; ---------------------------------------------------------------------------
jmp ds:dword_409120
; ---------------------------------------------------------------------------
jmp ds:dword_409124
; ---------------------------------------------------------------------------
jmp ds:dword_409128
; ---------------------------------------------------------------------------
jmp ds:dword_40912C
; ---------------------------------------------------------------------------
jmp ds:dword_409280
; ---------------------------------------------------------------------------
jmp ds:dword_40927C
; ---------------------------------------------------------------------------
jmp ds:dword_409278
; ---------------------------------------------------------------------------
jmp ds:dword_409274
; ---------------------------------------------------------------------------
jmp ds:dword_409284
; ---------------------------------------------------------------------------
jmp ds:dword_409270
; ---------------------------------------------------------------------------
jmp ds:dword_40926C
; ---------------------------------------------------------------------------
jmp ds:dword_409268
; ---------------------------------------------------------------------------
jmp ds:dword_409264
; ---------------------------------------------------------------------------
jmp ds:dword_409260
; ---------------------------------------------------------------------------
jmp ds:dword_40925C
; ---------------------------------------------------------------------------
jmp ds:dword_409258
; ---------------------------------------------------------------------------
jmp ds:dword_409254
; ---------------------------------------------------------------------------
jmp ds:dword_409250
; ---------------------------------------------------------------------------
jmp ds:dword_40924C
; ---------------------------------------------------------------------------
jmp ds:dword_409248
; ---------------------------------------------------------------------------
jmp ds:dword_409244
; ---------------------------------------------------------------------------
jmp ds:dword_409240
; ---------------------------------------------------------------------------
jmp ds:dword_40923C
; ---------------------------------------------------------------------------
jmp ds:dword_409238
; ---------------------------------------------------------------------------
jmp ds:dword_409234
; ---------------------------------------------------------------------------
jmp ds:dword_409230
; ---------------------------------------------------------------------------
jmp ds:dword_40918C
; ---------------------------------------------------------------------------
jmp ds:dword_409190
; ---------------------------------------------------------------------------
jmp ds:dword_409194
; ---------------------------------------------------------------------------
jmp ds:dword_409198
; ---------------------------------------------------------------------------
jmp ds:dword_40919C
; ---------------------------------------------------------------------------
jmp ds:dword_4091A0
; ---------------------------------------------------------------------------
jmp ds:dword_4091A4
; ---------------------------------------------------------------------------
jmp ds:dword_4091A8
; ---------------------------------------------------------------------------
jmp ds:dword_4091AC
; ---------------------------------------------------------------------------
jmp ds:dword_4091B0
; ---------------------------------------------------------------------------
jmp ds:dword_4091B4
; ---------------------------------------------------------------------------
jmp ds:dword_4091B8
; ---------------------------------------------------------------------------
jmp ds:dword_4091BC
; ---------------------------------------------------------------------------
jmp ds:dword_4091C0
; ---------------------------------------------------------------------------
jmp ds:dword_4091C4
; ---------------------------------------------------------------------------
jmp ds:dword_4091C8
; ---------------------------------------------------------------------------
jmp ds:dword_4091CC
; ---------------------------------------------------------------------------
jmp ds:dword_4091D0
; ---------------------------------------------------------------------------
jmp ds:dword_4091D4
; ---------------------------------------------------------------------------
jmp ds:dword_4091D8
; ---------------------------------------------------------------------------
jmp ds:dword_4091DC
; ---------------------------------------------------------------------------
jmp ds:dword_4091E0
; ---------------------------------------------------------------------------
jmp ds:dword_4091E4
; ---------------------------------------------------------------------------
jmp ds:dword_4091E8
; ---------------------------------------------------------------------------
jmp ds:dword_4091EC
; ---------------------------------------------------------------------------
jmp ds:dword_4091F0
; ---------------------------------------------------------------------------
jmp ds:dword_4091F4
; ---------------------------------------------------------------------------
jmp ds:dword_4091F8
; ---------------------------------------------------------------------------
jmp ds:dword_4091FC
; ---------------------------------------------------------------------------
jmp ds:dword_409200
; ---------------------------------------------------------------------------
jmp ds:dword_409204
; ---------------------------------------------------------------------------
jmp ds:dword_409208
; ---------------------------------------------------------------------------
jmp ds:dword_40920C
; ---------------------------------------------------------------------------
jmp ds:dword_409210
; ---------------------------------------------------------------------------
jmp ds:dword_409214
; ---------------------------------------------------------------------------
jmp ds:dword_409218
; ---------------------------------------------------------------------------
jmp ds:dword_40921C
; ---------------------------------------------------------------------------
jmp ds:dword_409220
; ---------------------------------------------------------------------------
jmp ds:dword_409224
; ---------------------------------------------------------------------------
jmp ds:dword_409228
; ---------------------------------------------------------------------------
jmp ds:dword_40922C
; ---------------------------------------------------------------------------
jmp ds:dword_409058
; ---------------------------------------------------------------------------
jmp ds:dword_409050
; ---------------------------------------------------------------------------
jmp ds:dword_40904C
; ---------------------------------------------------------------------------
jmp ds:dword_409048
; ---------------------------------------------------------------------------
jmp ds:dword_409044
; ---------------------------------------------------------------------------
jmp ds:dword_409040
; ---------------------------------------------------------------------------
jmp ds:dword_40903C
; ---------------------------------------------------------------------------
jmp ds:dword_409054
; ---------------------------------------------------------------------------
jmp ds:dword_409000
; ---------------------------------------------------------------------------
jmp ds:dword_409020
; ---------------------------------------------------------------------------
jmp ds:dword_409004
; ---------------------------------------------------------------------------
jmp ds:dword_409008
; ---------------------------------------------------------------------------
jmp ds:dword_40900C
; ---------------------------------------------------------------------------
jmp ds:dword_40901C
; ---------------------------------------------------------------------------
jmp ds:dword_409018
; ---------------------------------------------------------------------------
jmp ds:dword_409014
; ---------------------------------------------------------------------------
jmp ds:dword_409010
; ---------------------------------------------------------------------------
jmp ds:dword_409180
; ---------------------------------------------------------------------------
jmp ds:dword_409170
; ---------------------------------------------------------------------------
jmp ds:dword_409184
; ---------------------------------------------------------------------------
jmp ds:dword_409174
; ---------------------------------------------------------------------------
jmp ds:dword_409178
; ---------------------------------------------------------------------------
jmp ds:dword_40917C
; ---------------------------------------------------------------------------
jmp ds:dword_4092A4
; ---------------------------------------------------------------------------
jmp ds:dword_40929C
; ---------------------------------------------------------------------------
jmp ds:dword_4092A0
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00003498 ( 13464.)
; Section size in file : 00003498 ( 13464.)
; Offset to raw data for section: 00009000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 409000h
dword_409000 dd 77DFC123h ; resolved to->ADVAPI32.RegDeleteKeyA ; .text:00408C40�r
dword_409004 dd 77DFCAC3h ; resolved to->ADVAPI32.RegEnumKeyA ; sub_40161F+156B�r ...
dword_409008 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_4015D6+34�r ...
dword_40900C dd 77DECF4Ah ; resolved to->ADVAPI32.RegEnumValueA ; .text:00408C58�r
dword_409010 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueA ; .text:00408C70�r
dword_409014 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_405F25+26�r ...
dword_409018 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_405F25+42�r ...
dword_40901C dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_405EBB+3D�r ...
dword_409020 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_401540+7C�r ...
align 8
dword_409028 dd 7744B5F9h dword_40902C dd 773E536Eh ; .text:0040798C�r
dword_409030 dd 773E5104h ; .text:00407986�r
dword_409034 dd 773E934Bh ; .text:00407992�r
dd 0
dword_40903C dd 77F15A7Ah ; resolved to->GDI32.GetDeviceCaps ; .text:00408C34�r
dword_409040 dd 77F16C0Ah ; resolved to->GDI32.DeleteObject ; sub_40161F+BB2�r ...
dword_409044 dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirect ; sub_403EC2+95�r ...
dword_409048 dd 77F1E2E3h ; resolved to->GDI32.CreateFontIndirectA ; sub_40161F+C2E�r ...
dword_40904C dd 77F15EEBh ; resolved to->GDI32.SetBkMode ; sub_403EC2+4E�r ...
dword_409050 dd 77F15D87h ; resolved to->GDI32.SetTextColor ; sub_403EC2+42�r ...
dword_409054 dd 77F15E39h ; resolved to->GDI32.SetBkColor ; .text:00408C3A�r
dword_409058 dd 77F15B80h ; resolved to->GDI32.SelectObject ; .text:00408C10�r
align 10h
dword_409060 dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageA ; .text:0040895E�r
dword_409064 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; .text:00408964�r
dword_409068 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_40906C dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorMode ; sub_40161F+FF7�r ...
dword_409070 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcess ; sub_40161F+1A27�r ...
dword_409074 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40161F+D8C�r ...
dword_409078 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsA ; .text:00408982�r
dword_40907C dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableA ; .text:00408988�r
dword_409080 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiA ; start+348�r ...
dword_409084 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_40161F:loc_402BC6�r ...
dword_409088 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTime ; .text:0040899A�r
dword_40908C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_4059CE+92�r ...
dword_409090 dd 7C810AD9h ; resolved to->KERNEL32.CompareFileTime ; .text:004089A6�r
dword_409094 dd 7C8217EAh ; resolved to->KERNEL32.SearchPathA ; .text:004089AC�r
dword_409098 dd 7C835BB0h ; resolved to->KERNEL32.GetShortPathNameA ; sub_406326+A8�r ...
dword_40909C dd 7C8138FCh ; resolved to->KERNEL32.GetFullPathNameA ; .text:004089B8�r
dword_4090A0 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileA ; .text:004089BE�r
dword_4090A4 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_40161F+4CA�r ...
dword_4090A8 dd 7C8360DDh ; resolved to->KERNEL32.SetCurrentDirectoryA ; .text:004089CA�r
dword_4090AC dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_40161F+5AE�r ...
dword_4090B0 dd 7C802442h ; resolved to->KERNEL32.Sleep ; .text:004089D6�r
dword_4090B4 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_403646+E�r ...
dword_4090B8 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_406326+23A�r ...
dword_4090BC dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4090C0 dd 7C8217ACh ; resolved to->KERNEL32.CreateDirectoryAdword_4090C4 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_4059CE+1CD�r ...
dword_4090C8 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; .text:004089FA�r
dword_4090CC dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; .text:00408A00�r
dword_4090D0 dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_4090D4 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4090D8 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4090DC dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_4090E0 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_406022�r ...
dword_4090E4 dd 7C80BF64h ; resolved to->KERNEL32.GetUserDefaultLangID ; .text:00408A24�r
dword_4090E8 dd 7C8302EDh ; resolved to->KERNEL32.GetDiskFreeSpaceA ; .text:00408A2A�r
dword_4090EC dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlock ; .text:00408A30�r
dword_4090F0 dd 7C80FF19h ; resolved to->KERNEL32.GlobalLock ; .text:00408A36�r
dword_4090F4 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAlloc ; sub_405D2F+6�r ...
dword_4090F8 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; .text:00408A42�r
dword_4090FC dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; .text:00408A48�r
dword_409100 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_409104 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_406326+223�r ...
dword_409108 dd 7C8608FFh ; resolved to->KERNEL32.GetTempFileNameA ; .text:00408A5A�r
dword_40910C dd 7C832044h ; resolved to->KERNEL32.SetEndOfFile ; .text:00408A60�r
dword_409110 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFile ; sub_406326+350�r ...
dword_409114 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFile ; .text:00408A6C�r
dword_409118 dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingA ; .text:00408A72�r
dword_40911C dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; .text:00408A78�r
dword_409120 dd 7C85B219h ; resolved to->KERNEL32.RemoveDirectoryA ; .text:00408A7E�r
dword_409124 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuery ; .text:00408A84�r
dword_409128 dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtr ; .text:00407C53�r ...
dword_40912C dd 7C801D4Fh ; resolved to->KERNEL32.LoadLibraryExA ; sub_4083A3+18D�r ...
dword_409130 dd 7C8097C6h ; resolved to->KERNEL32.MulDiv ; sub_40161F+BDB�r ...
dword_409134 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; start+89�r ...
dword_409138 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; start+40B�r ...
dword_40913C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_408586+13�r ...
dword_409140 dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFree ; sub_40161F+193A�r ...
dword_409144 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; .text:00408946�r
dword_409148 dd 7C835D54h ; resolved to->KERNEL32.WritePrivateProfileStringA ; .text:00408940�r
dword_40914C dd 7C832B56h ; resolved to->KERNEL32.GetPrivateProfileStringA ; .text:0040893A�r
dword_409150 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_40161F+1931�r ...
dword_409154 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_4033C9+17�r ...
dword_409158 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_40161F+1701�r ...
dword_40915C dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_40618D+2C�r ...
dword_409160 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_4068E6+182�r ...
dword_409164 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileA ; sub_40618D+1A�r ...
dword_409168 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; .text:004089F4�r
align 10h
dword_409170 dd 7CA41110h ; resolved to->SHELL32.ShellExecuteA ; sub_40412D+211�r ...
dword_409174 dd 7CAC6C1Fh ; resolved to->SHELL32.SHBrowseForFolderA ; .text:00408C88�r
dword_409178 dd 7CA2B359h ; resolved to->SHELL32.SHGetMalloc ; .text:00408C8E�r
dword_40917C dd 7C9EF5BFh ; resolved to->SHELL32.SHGetSpecialFolderLocation ; .text:00408C94�r
dword_409180 dd 7CA70964h ; resolved to->SHELL32.SHFileOperationA ; .text:00408C76�r
dword_409184 dd 7CA34BF1h ; resolved to->SHELL32.SHGetPathFromIDListA ; sub_4066B7+160�r ...
dd 0
dword_40918C dd 7E42E1D1h ; resolved to->USER32.PostQuitMessage ; .text:00408B1A�r
dword_409190 dd 7E42F52Bh ; resolved to->USER32.SetWindowTextA ; sub_403FAC+B2�r ...
dword_409194 dd 7E418C2Eh ; resolved to->USER32.SetTimer ; .text:00408B26�r
dword_409198 dd 7E41DAEAh ; resolved to->USER32.DestroyWindow ; sub_403646+237�r ...
dword_40919C dd 7E43C7A3h ; resolved to->USER32.CreateDialogParamA ; sub_40550B+3F2�r ...
dword_4091A0 dd 7E45A045h ; resolved to->USER32.ExitWindowsEx ; .text:00408B38�r
dword_4091A4 dd 7E42DF50h ; resolved to->USER32.CharNextAdword_4091A8 dd 7E418E78h ; resolved to->USER32.GetSysColor ; sub_40412D+CB�r ...
dword_4091AC dd 7E41945Dh ; resolved to->USER32.GetWindowLongA ; sub_404A08+229�r ...
dword_4091B0 dd 7E41EF69h ; resolved to->USER32.LoadCursorA ; .text:00408B50�r
dword_4091B4 dd 7E41BF58h ; resolved to->USER32.SetCursor ; .text:00408B56�r
dword_4091B8 dd 7E425D45h ; resolved to->USER32.CheckDlgButton ; .text:00408B5C�r
dword_4091BC dd 7E41F3B3h ; resolved to->USER32.GetAsyncKeyState ; .text:00408B62�r
dword_4091C0 dd 7E425D75h ; resolved to->USER32.IsDlgButtonChecked ; .text:00408B68�r
dword_4091C4 dd 7E41BDC8h ; resolved to->USER32.ScreenToClient ; sub_40550B+42E�r ...
dword_4091C8 dd 7E41BF94h ; resolved to->USER32.GetMessagePos ; .text:00408B74�r
dword_4091CC dd 7E41F642h ; resolved to->USER32.CallWindowProcA ; .text:00408B7A�r
dword_4091D0 dd 7E41C465h ; resolved to->USER32.IsWindowVisible ; .text:00408B80�r
dword_4091D4 dd 7E4254F0h ; resolved to->USER32.LoadBitmapA ; .text:00408B86�r
dword_4091D8 dd 7E430225h ; resolved to->USER32.CloseClipboard ; .text:00408B8C�r
dword_4091DC dd 7E430F5Eh ; resolved to->USER32.SetClipboardData ; .text:00408B92�r
dword_4091E0 dd 7E430D56h ; resolved to->USER32.EmptyClipboard ; .text:00408B98�r
dword_4091E4 dd 7E430237h ; resolved to->USER32.OpenClipboard ; .text:00408B9E�r
dword_4091E8 dd 7E4650EEh ; resolved to->USER32.TrackPopupMenu ; .text:00408BA4�r
dword_4091EC dd 7E41B6D4h ; resolved to->USER32.GetWindowRect ; sub_40550B+422�r ...
dword_4091F0 dd 7E431ACEh ; resolved to->USER32.AppendMenuA ; .text:00408BB0�r
dword_4091F4 dd 7E428C29h ; resolved to->USER32.CreatePopupMenu ; .text:00408BB6�r
dword_4091F8 dd 7E418F9Ch ; resolved to->USER32.GetSystemMetrics ; .text:00408BBC�r
dword_4091FC dd 7E4259C9h ; resolved to->USER32.EndDialog ; .text:00408BC2�r
dword_409200 dd 7E42FE31h ; resolved to->USER32.SetClassLongA ; .text:00408BC8�r
dword_409204 dd 7E41BDA2h ; resolved to->USER32.IsWindowEnabled ; sub_40550B+103�r ...
dword_409208 dd 7E41C01Bh ; resolved to->USER32.SetWindowPos ; sub_40550B+449�r ...
dword_40920C dd 7E43B10Ch ; resolved to->USER32.DialogBoxParamA ; .text:00408BDA�r
dword_409210 dd 7E43EBC7h ; resolved to->USER32.GetClassInfoA ; .text:00408BE0�r
dword_409214 dd 7E41FF33h ; resolved to->USER32.CreateWindowExA ; .text:00408BE6�r
dword_409218 dd 7E420762h ; resolved to->USER32.SystemParametersInfoA ; .text:00408BEC�r
dword_40921C dd 7E420A36h ; resolved to->USER32.RegisterClassA ; sub_4059CE+218�r ...
dword_409220 dd 7E43C93Ah ; resolved to->USER32.SetDlgItemTextA ; .text:00408BF8�r
dword_409224 dd 7E46AE36h ; resolved to->USER32.GetDlgItemTextA ; .text:00408BFE�r
dword_409228 dd 7E45058Ah ; resolved to->USER32.MessageBoxA ; .text:00408C04�r
dword_40922C dd 7E41A610h ; resolved to->USER32.wvsprintfA ; .text:00408C0A�r
dword_409230 dd 7E423D4Dh ; resolved to->USER32.SetForegroundWindow ; .text:00408B14�r
dword_409234 dd 7E41D8A4h ; resolved to->USER32.ShowWindow ; sub_40161F+C65�r ...
dword_409238 dd 7E42DF7Ah ; resolved to->USER32.CharPrevA ; sub_40161F+182B�r ...
dword_40923C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40161F+CA4�r ...
dword_409240 dd 7E42FB2Bh ; resolved to->USER32.SendMessageTimeoutA ; .text:00408AFC�r
dword_409244 dd 7E43210Ah ; resolved to->USER32.FindWindowExA ; .text:00408AF6�r
dword_409248 dd 7E41B933h ; resolved to->USER32.IsWindow ; .text:00408AF0�r
dword_40924C dd 7E423DCEh ; resolved to->USER32.GetDlgItem ; sub_40161F+B64�r ...
dword_409250 dd 7E41D60Dh ; resolved to->USER32.SetWindowLongA ; sub_404A08+96�r ...
dword_409254 dd 7E422D6Fh ; resolved to->USER32.LoadImageA ; sub_4059CE+F9�r ...
dword_409258 dd 7E4186C7h ; resolved to->USER32.GetDC ; .text:00408AD8�r
dword_40925C dd 7E41BE71h ; resolved to->USER32.EnableWindow ; sub_403E7D+A�r ...
dword_409260 dd 7E41C96Ch ; resolved to->USER32.PeekMessageA ; sub_40161F+19F1�r ...
dword_409264 dd 7E4196B8h ; resolved to->USER32.DispatchMessageA ; sub_40161F+19FD�r ...
dword_409268 dd 7E41B5F5h ; resolved to->USER32.InvalidateRect ; .text:00408AC0�r
dword_40926C dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_40161F+ABE�r ...
dword_409270 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcA ; .text:00408AB4�r
dword_409274 dd 7E41B6AEh ; resolved to->USER32.GetClientRect ; sub_40161F+B71�r ...
dword_409278 dd 7E41C257h ; resolved to->USER32.FillRect ; .text:00408AA2�r
dword_40927C dd 7E43C6CAh ; resolved to->USER32.DrawTextA ; .text:00408A9C�r
dword_409280 dd 7E41B61Dh ; resolved to->USER32.EndPaint ; .text:00408A96�r
dword_409284 dd 7E41B609h ; resolved to->USER32.BeginPaint ; .text:00408AAE�r
dd 0
dword_40928C dd 77C019FFh dword_409290 dd 77C01A50h dword_409294 dd 77C018BAh dd 0
dword_40929C dd 77533373h dword_4092A0 dd 774FF6DAh dword_4092A4 dd 774FFAC3h ; .text:00408C9A�r
dd 3 dup(0)
a2k6d db '26D',0
align 4
dd 2, 84h, 0C414h, 0B614h
aLoggingSetToD db 'logging set to %d',0 ; DATA XREF: sub_40161F+1A6B�o
align 10h
aSettingsLoggin db 'settings logging to %d',0 ; DATA XREF: sub_40161F+1A5D�o
align 4
aFileExtracti_0 db 'File Extraction: failed createprocess on uninstaller ("%s")',0
; DATA XREF: sub_40161F+1A47�o
aFileExtraction db 'File Extraction: success ("%s")',0 ; DATA XREF: sub_40161F+19CF�o
a_? db '" _?=',0 ; DATA XREF: sub_40161F+19B0�o
align 4
asc_40935C db ' /x "',0 ; DATA XREF: sub_40161F+199C�o
align 4
aCreatedUninsta db 'created uninstaller: %d, "%s"',0 ; DATA XREF: sub_40161F+195C�o
align 4
aWriteregErrorC db 'WriteReg: error creating key %d\%s',0 ; DATA XREF: sub_40161F+14AF�o
align 4
aWriteregbinSet db 'WriteRegBin: set %d\%s\%s with %d bytes',0 ; DATA XREF: sub_40161F+147B�o
aWriteregdwordS db 'WriteRegDWORD: set %d\%s\%s to %d',0 ; DATA XREF: sub_40161F+144D�o
align 4
aWriteregstrSet db 'WriteRegStr: set %d\%s\%s to %s',0 ; DATA XREF: sub_40161F+1420�o
aDeleteregkeyDS db 'DeleteRegKey: %d\%s',0 ; DATA XREF: sub_40161F+135F�o
aDeleteregvalue db 'DeleteRegValue: %d\%s\%s',0 ; DATA XREF: sub_40161F+133B�o
align 4
aWriteinistrWro db 'WriteINIStr: wrote [%s] %s=%s in %s',0 ; DATA XREF: sub_40161F+12A2�o
aRm db '<RM>',0 ; DATA XREF: sub_40161F+123C�o
align 10h
aCopyfilesSS db 'CopyFiles "%s"->"%s"',0 ; DATA XREF: sub_40161F+1195�o
align 4
aCreateshortcut db 'CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d'
; DATA XREF: sub_40161F+1069�o
db 0
align 4
aErrorRegiste_1 db 'Error registering DLL: Could not initialize OLE',0
; DATA XREF: sub_40161F+FEA�o
aErrorRegiste_0 db 'Error registering DLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_40161F+FD4�o
align 10h
aErrorRegisteri db 'Error registering DLL: %s not found in %s',0
; DATA XREF: sub_40161F+F95�o
align 4
aRegdllCouldNot db 'RegDLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_40161F+F18�o
asc_409580: ; DATA XREF: sub_40161F+E65�o
; sub_4061CB+1B�o ...
unicode 0, <\>,0
aExecFailedCrea db 'Exec: failed createprocess ("%s")',0 ; DATA XREF: sub_40161F+DD0�o
align 4
aExecSuccessS db 'Exec: success ("%s")',0 ; DATA XREF: sub_40161F+D3D�o
align 10h
aExecCommandS db 'Exec: command="%s"',0 ; DATA XREF: sub_40161F+D12�o
align 4
aExecshellSucce db 'ExecShell: success ("%s": file:"%s" params:"%s")',0
; DATA XREF: sub_40161F+CF6�o
align 4
aExecshellWarni db 'ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d',0
; DATA XREF: sub_40161F+CE1�o
align 4
aSS db '%s %s',0 ; DATA XREF: sub_40161F+C98�o
align 4
aHidewindow db 'HideWindow',0 ; DATA XREF: sub_40161F+C52�o
align 4
aPopStackEmpty db 'Pop: stack empty',0 ; DATA XREF: sub_40161F+9EC�o
align 4
aExchStackDElem db 'Exch: stack < %d elements',0 ; DATA XREF: sub_40161F+9A6�o
align 4
aRmdirS db 'RMDir: "%s"',0 ; DATA XREF: sub_40161F+78F�o
aMessageboxDS db 'MessageBox: %d,"%s"',0 ; DATA XREF: sub_40161F+74C�o
aDeleteS db 'Delete: "%s"',0 ; DATA XREF: sub_40161F+737�o
align 4
aS db '%s',0 ; DATA XREF: sub_40161F+711�o
; sub_40161F+1A9A�o
align 4
aFileWroteDToS db 'File: wrote %d to "%s"',0 ; DATA XREF: sub_40161F+6B6�o
align 4
aFileErrorUserC db 'File: error, user cancel',0 ; DATA XREF: sub_40161F:loc_401C96�o
align 10h
aFileSkippedSOv db 'File: skipped: "%s" (overwriteflag=%d)',0 ; DATA XREF: sub_40161F+665�o
align 4
aFileErrorUserA db 'File: error, user abort',0 ; DATA XREF: sub_40161F+638�o
aFileErrorUserR db 'File: error, user retry',0 ; DATA XREF: sub_40161F+625�o
aFileErrorCreat db 'File: error creating "%s"',0 ; DATA XREF: sub_40161F+5DD�o
align 4
aFileOverwritef db 'File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"',0
; DATA XREF: sub_40161F+518�o
align 10h
aRenameFailedS db 'Rename failed: %s',0 ; DATA XREF: sub_40161F+380�o
align 4
aRenameOnReboot db 'Rename on reboot: %s',0 ; DATA XREF: sub_40161F+36E�o
align 4
aRenameS db 'Rename: %s',0 ; DATA XREF: sub_40161F+32A�o
align 4
asc_4097D8 db '->',0 ; DATA XREF: sub_40161F+31D�o
align 4
aIffileexists_0 db 'IfFileExists: file "%s" does not exist, jumping %d',0
; DATA XREF: sub_40161F+2C5�o
align 10h
aIffileexistsFi db 'IfFileExists: file "%s" exists, jumping %d',0
; DATA XREF: sub_40161F+2AF�o
align 4
aCreatedirector db 'CreateDirectory: "%s" (%d)',0 ; DATA XREF: sub_40161F+240�o
align 4
aSetfileattri_0 db 'SetFileAttributes failed.',0 ; DATA XREF: sub_40161F+21C�o
align 4
aSetfileattribu db 'SetFileAttributes: "%s":%08X',0 ; DATA XREF: sub_40161F+1FD�o
align 4
aBringtofront db 'BringToFront',0 ; DATA XREF: sub_40161F:loc_401786�o
align 4
aSleepD db 'Sleep(%d)',0 ; DATA XREF: sub_40161F+147�o
align 10h
aDetailprintS db 'detailprint: %s',0 ; DATA XREF: sub_40161F+123�o
aCallD db 'Call: %d',0 ; DATA XREF: sub_40161F+D5�o
align 4
aAbortingS db 'Aborting: "%s"',0 ; DATA XREF: sub_40161F+7F�o
align 4
aJumpD db 'Jump: %d',0 ; DATA XREF: sub_40161F+63�o
align 4
a___D db '... %d%%',0 ; DATA XREF: sub_403412+145�o
align 8
aTheInstallerYo db 'The installer you are trying to use is corrupted or incomplete.',0Ah
; DATA XREF: sub_403646:loc_403846�o
db 'This could be the result of a damaged disk, a failed download or '
db 'a virus.',0Ah
db 0Ah
db 'You may want to contact the author of this installer to obtain a '
db 'new copy.',0Ah
db 0Ah
db 'It may be possible to skip this check using the /NCRC command lin'
db 'e switch',0Ah
db '(NOT RECOMMENDED).',0
aVerifyingInsta db 'verifying installer: %d%%',0 ; DATA XREF: sub_403646+14A�o
align 4
aErrorLaunching db 'Error launching installer',0 ; DATA XREF: sub_403646+56�o
; start+27F�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: start+45A�o
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: start+425�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: start+419�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: start+411�o
align 4
aAdvapi32_dll db 'ADVAPI32.dll',0 ; DATA XREF: start+3F8�o
align 4
a_?_0 db ' _?=',0 ; DATA XREF: start+39F�o
align 4
asc_409AD4 db '" ',0 ; DATA XREF: start:loc_403CEA�o
align 4
aOutOfMemory db 'Out of Memory',0 ; DATA XREF: start:loc_403BCB�o
align 4
aExtractionPath db 'Extraction pathname not properly delimited.',0Ah
; DATA XREF: start:loc_403BC4�o
db 0Ah
db 'Try using quotes or a shorter path.',0
align 4
aCNsis_extractf db 'C:\NSIS_ExtractFiles\',0 ; DATA XREF: start+233�o
align 4
aTemp db '\Temp',0 ; DATA XREF: start+6A�o
align 4
aNsisError_0 db 'NSIS Error',0 ; DATA XREF: start+2F�o
align 4
aErrorWritingTe db 'Error writing temporary file. Make sure your temp folder is valid'
; DATA XREF: start+12�o
db '.',0
align 4
aNsiszlib_bin db 'nsiszlib.bin',0 ; DATA XREF: start+9�o
align 4
aInstall_log db 'install.log',0 ; DATA XREF: sub_403F6C+1B�o
aOpen db 'open',0 ; DATA XREF: sub_40412D+209�o
align 10h
aU_USS db '%u.%u%s%s',0 ; DATA XREF: sub_404419+5A�o
word_409BDA dw 0 ; DATA XREF: sub_4044DD:loc_404798�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4044DD+217�o
aKernel32_dll db 'KERNEL32.dll',0 ; DATA XREF: sub_4044DD:loc_4046E0�o
; sub_406326+D�o
align 10h
aSectionS db 'Section: "%s"',0 ; DATA XREF: sub_4050EB+43�o
align 10h
aSkippingSectio db 'Skipping section: "%s"',0 ; DATA XREF: sub_4050EB+34�o
align 4
aNewInstallOfST db 'New install of "%s" to "%s"',0 ; DATA XREF: sub_405176+B2�o
a_exe db '.exe',0 ; DATA XREF: sub_4059CE+81�o
align 4
dword_409C4C dd 0FCh dword_409C50 dd 6425h a? db '*?|<>/":',0 ; DATA XREF: sub_40602E+52�o
align 10h
asc_409C60 db 0Dh,0Ah,0 ; DATA XREF: sub_4060D2+6E�o
align 4
asc_409C64 db 0Ah ; DATA XREF: sub_406326:loc_4065E0�o
db '[',0
align 4
aRename db '[Rename]',0Dh,0Ah,0 ; DATA XREF: sub_406326+283�o
; sub_406326+292�o
align 4
aWininit_ini db '\wininit.ini',0 ; DATA XREF: sub_406326+205�o
align 4
aErrorCouldNo_0 db 'ERROR: Could not create set up ',27h,'%s',27h,' for delete on reboot (2'
; DATA XREF: sub_406326+1ED�o
db ')',0
align 4
aErrorCouldNotC db 'ERROR: Could not create set up ',27h,'%s',27h,' for delete on reboot (1'
; DATA XREF: sub_406326+1DF�o
db ')',0
align 4
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\RunOnceEx\NSIS',0
; DATA XREF: sub_406326+1C5�o
align 10h
aCommandCRmdirS db 'command /c rmdir "%s"',0 ; DATA XREF: sub_406326+1A5�o
align 4
aS_08ld db '%s_%08ld',0 ; DATA XREF: sub_406326+198�o
align 4
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_406326+13B�o
aFlags db 'Flags',0 ; DATA XREF: sub_406326+136�o
align 10h
aNul db 'NUL',0 ; DATA XREF: sub_406326:loc_40643C�o
aSS_0 db '%s=%s',0Dh,0Ah,0 ; DATA XREF: sub_406326+CB�o
aMovefileexa db 'MoveFileExA',0 ; DATA XREF: sub_406326+73�o
aCProgramFiles db 'C:\Program Files',0 ; DATA XREF: sub_4066B7+FD�o
align 4
aProgramfilesdi db 'ProgramFilesDir',0 ; DATA XREF: sub_4066B7+E4�o
aSoftwareMicr_1 db 'Software\Microsoft\Windows\CurrentVersion',0 ; DATA XREF: sub_4066B7+CF�o
; sub_4066B7+E9�o
align 4
aCommonfilesdir db 'CommonFilesDir',0 ; DATA XREF: sub_4066B7+CA�o
align 4
aMicrosoftInter db '\Microsoft\Internet Explorer\Quick Launch',0 ; DATA XREF: sub_4066B7+B7�o
align 4
aRmdirRemoved_1 db 'RMDir: RemoveDirectory failed("%s")',0
; DATA XREF: sub_4068E6:loc_406AD6�o
aRmdirRemoved_0 db 'RMDir: RemoveDirectory on Reboot("%s")',0 ; DATA XREF: sub_4068E6+1D3�o
align 10h
aRmdirRemovedir db 'RMDir: RemoveDirectory("%s")',0 ; DATA XREF: sub_4068E6+1B5�o
align 10h
aDeleteDelete_1 db 'Delete: DeleteFile failed("%s")',0 ; DATA XREF: sub_4068E6:loc_406A45�o
aDeleteDelete_0 db 'Delete: DeleteFile on Reboot("%s")',0 ; DATA XREF: sub_4068E6+141�o
align 4
aDeleteDeletefi db 'Delete: DeleteFile("%s")',0 ; DATA XREF: sub_4068E6+112�o
align 10h
a_ db '\*.*',0 ; DATA XREF: sub_4068E6+86�o
align 4
aDeleteErrorSDo db 'Delete: ERROR -- "%s" does not exist. Skipping delete.',0
; DATA XREF: sub_4068E6+21�o
align 10h
byte_409F50 db 10h ; DATA XREF: sub_406E81+3CE�r
; sub_406E81+3FF�r
db 11h, 12h, 0
dd 6090708h, 40B050Ah, 20D030Ch, 0F010Eh
dword_409F64 dd 40003h, 60005h, 80007h, 0A0009h, 0D000Bh, 11000Fh, 170013h
; DATA XREF: sub_406E81+168�o
; sub_406E81+5DE�o
dd 1F001Bh, 2B0023h, 3B0033h, 530043h, 730063h, 0A30083h
dd 0E300C3h, 102h, 0
dword_409FA4 dd 4 dup(0) ; sub_406E81+5D9�o
dd 2 dup(10001h), 2 dup(20002h), 2 dup(30003h), 2 dup(40004h)
dd 2 dup(50005h), 700000h, 70h
dword_409FE4 dd 20001h, 40003h, 70005h, 0D0009h, 190011h, 310021h, 610041h
; DATA XREF: sub_406E81+19F�o
; sub_406E81+624�o
dd 0C10081h, 1810101h, 3010201h, 6010401h, 0C010801h, 18011001h
dd 30012001h, 60014001h
dword_40A020 dd 2 dup(0) ; sub_406E81+61F�o
dd 10001h, 20002h, 30003h, 40004h, 50005h, 60006h, 70007h
dd 80008h, 90009h, 0A000Ah, 0B000Bh, 0C000Ch, 0D000Dh
aFccreatekey db 'FCCreateKey',0 ; DATA XREF: sub_4079D0+7�o
aFcsetkeyoption db 'FCSetKeyOptions',0 ; DATA XREF: sub_4079D0+F�o
aFccreatepersis db 'FCCreatePersistentKey',0 ; DATA XREF: sub_4079D0+1C�o
align 10h
aFccreatecounte db 'FCCreateCounter',0 ; DATA XREF: sub_4079D0+29�o
aFccreatepers_0 db 'FCCreatePersistentCounter',0 ; DATA XREF: sub_4079D0+36�o
align 4
aFcflushnonshar db 'FCFlushNonSharedPersistentKeys',0 ; DATA XREF: sub_4079D0+43�o
align 4
aFcadddatatokey db 'FCAddDataToKey',0 ; DATA XREF: sub_4079D0+50�o
align 4
aFcdeletedatafr db 'FCDeleteDataFromKey',0 ; DATA XREF: sub_4079D0+5D�o
aFcaddinttokey db 'FCAddIntToKey',0 ; DATA XREF: sub_4079D0+6A�o
align 10h
aFcdeleteintfro db 'FCDeleteIntFromKey',0 ; DATA XREF: sub_4079D0+77�o
align 4
aFcaddstringtok db 'FCAddStringToKey',0 ; DATA XREF: sub_4079D0+84�o
align 4
aFcdeletestring db 'FCDeleteStringFromKey',0 ; DATA XREF: sub_4079D0+91�o
align 10h
aFcregistermemo db 'FCRegisterMemory',0 ; DATA XREF: sub_4079D0+EC�o
align 4
aFcunregisterme db 'FCUnregisterMemory',0 ; DATA XREF: sub_4079D0+F9�o
align 4
aFcadddatetokey db 'FCAddDateToKey',0 ; DATA XREF: sub_4079D0+9E�o
align 4
aFcdeletedatefr db 'FCDeleteDateFromKey',0 ; DATA XREF: sub_4079D0+AB�o
aFcsetcounter db 'FCSetCounter',0 ; DATA XREF: sub_4079D0+B8�o
align 4
aFcincrementcou db 'FCIncrementCounter',0 ; DATA XREF: sub_4079D0+C5�o
align 10h
aFcdecrementcou db 'FCDecrementCounter',0 ; DATA XREF: sub_4079D0+D2�o
align 4
aFcgetcounter db 'FCGetCounter',0 ; DATA XREF: sub_4079D0+DF�o
align 4
aFctriggerinter db 'FCTriggerInternal1',0 ; DATA XREF: sub_4079D0+188�o
align 4
aFccreatesuppor db 'FCCreateSupportIncidentInternal',0 ; DATA XREF: sub_4079D0+195�o
aFctraceinterna db 'FCTraceInternal',0 ; DATA XREF: sub_4079D0+120�o
aFcassertintern db 'FCAssertInternal1',0 ; DATA XREF: sub_4079D0+12D�o
align 4
aFccleanup db 'FCCleanup',0 ; DATA XREF: sub_4079D0+13A�o
align 4
aFcorphanloadco db 'FCOrphanLoadCount',0
align 4
aFcassertparami db 'FCAssertParamInternal1',0 ; DATA XREF: sub_4079D0+147�o
align 4
aFctraceparamin db 'FCTraceParamInternal',0 ; DATA XREF: sub_4079D0+154�o
align 4
aFclibraryversi db 'FCLibraryVersion',0 ; DATA XREF: sub_4079D0+161�o
align 10h
aFcinitializewi db 'FCInitializeWithManifestInternal',0 ; DATA XREF: sub_4079D0+16E�o
align 4
aFcinitialize_0 db 'FCInitializeWithManifestInternalEx',0 ; DATA XREF: sub_4079D0+17B�o
align 4
aFcsetminidump db 'FCSetMiniDump',0 ; DATA XREF: sub_4079D0+113�o
align 4
aFcexceptionhan db 'FCExceptionHandler',0 ; DATA XREF: sub_4079D0+106�o
align 4
aFcsetuistate db 'FCSetUIState',0 ; DATA XREF: sub_4079D0+1A2�o
align 4
aFcclearkeys db 'FCClearKeys',0 ; DATA XREF: sub_4079D0+1AF�o
aFcclearcounter db 'FCClearCounters',0 ; DATA XREF: sub_4079D0+1BC�o
aFcclearkey db 'FCClearKey',0 ; DATA XREF: sub_4079D0+1C9�o
align 4
aFcdeletekey db 'FCDeleteKey',0 ; DATA XREF: sub_4079D0+1D6�o
aFcstarttimer db 'FCStartTimer',0 ; DATA XREF: sub_4079D0+1E3�o
align 10h
aFcheartbeattim db 'FCHeartbeatTimer',0 ; DATA XREF: sub_4079D0+1F0�o
align 4
aFcendtimer db 'FCEndTimer',0 ; DATA XREF: sub_4079D0+1FD�o
align 10h
aFcgetsessionun db 'FCGetSessionUniqueID',0 ; DATA XREF: sub_4079D0+20F�o
align 4
aFcsetlocale db 'FCSetLocale',0 ; DATA XREF: sub_4079D0+217�o
aFcrunmemtest db 'FCRunMemTest',0 ; DATA XREF: sub_4079D0+224�o
align 4
aInstalldir db 'InstallDir',0 ; DATA XREF: sub_4083A3+148�o
align 10h
aSoftwareAmer_0 db 'Software\America Online\AOL Diagnostics',0 ; DATA XREF: sub_4083A3+126�o
aLoaderpath db 'LoaderPath',0 ; DATA XREF: sub_4083A3+D5�o
align 4
aSoftwareAmeric db 'Software\America Online\Loader',0 ; DATA XREF: sub_4083A3+AF�o
align 4
aTalkback_exe db 'talkback.exe',0 ; DATA XREF: sub_4083A3+5B�o
align 4
aTbdiag_dll db 'tbdiag.dll',0 ; DATA XREF: sub_4083A3+C�o
align 10h
dd 80F30233h, 11D2B7DFh, 60003BA3h, 0D45BDF97h, 0E13EF4E4h
dd 11D0D2F2h, 0C0001698h, 7219D94Fh, 596A9A94h, 11D1013Eh
dd 0A000348Dh, 19270FC9h, 40B96610h, 11D1B522h, 0AA00B4B3h
dd 0E7FD6E00h, 9493A810h, 11D0EC38h, 0AA0046BCh, 0F5E26C00h
dd 5C9F0A12h, 11D0959Eh, 0A000A4A3h, 362608C9h, 0A6C17EB4h
dd 11D22D65h, 0C0008F83h, 0D018D94Fh, 743CA664h, 11D10DEBh
dd 0C0002598h, 7219D94Fh, 165EBAF4h, 11D26D51h, 0C000AD83h
dd 0D018D94Fh, 0D1E7AFEBh, 11D06A2Eh, 0C000788Ch, 0B418D94Fh
dd 8C278EECh, 11D13EABh, 0C000B08Ch, 0D018D94Fh, 0ED9CC020h
dd 11D108B9h, 0C0002398h, 7219D94Fh, 6D5313C0h, 11D18C62h
dd 6000CDB2h, 118CDF97h, 4434FF80h, 11CEEF4Ch, 865AEh
dd 62122E2Bh, 0D82BE2B0h, 11D05764h, 0C0006EA9h, 0A205D74Fh
dd 0E5CBF21h, 11D0D15Fh, 0AA000183h, 83435B00h, 87D605E0h
dd 11CFC511h, 0A000A989h, 294105C9h, 0FAADFC40h, 4B69B777h
dd 37781AAh, 0E8E6F05Eh, 4621A4E3h, 4773F0D6h, 0E7469C8Ah
dd 4048177Bh, 3981E228h, 11D3F559h, 0C0003A8Eh, 0D537684Fh
dd 1CEBB3ABh, 499A7C10h, 0CA9217A4h, 83CBC416h, 3981E227h
dd 11D3F559h, 0C0003A8Eh, 0D537684Fh, 3981E226h, 11D3F559h
dd 0C0003A8Eh, 0D537684Fh, 3981E225h, 11D3F559h, 0C0003A8Eh
dd 0D537684Fh, 3981E224h, 11D3F559h, 0C0003A8Eh, 0D537684Fh
dd 0D969A300h, 11D0E7FFh, 0A0003BA9h, 19270FC9h, 53C74826h
dd 4D33AB99h, 1731A4ACh, 88371DF5h, 0FEF10FA2h, 4E06355Eh
dd 249B8193h, 88CCF7D7h, 889A935Dh, 4B12971Eh, 0DF240CB9h
dd 0E8E5E1C9h, 49E1B500h, 11D34636h, 0C000F797h, 0B3D0454Fh
dd 1E18D10h, 11D24D8Bh, 60005D85h, 67930508h, 3050F3B4h
dd 11CF98B5h, 0AA0082BBh, 0BCEBD00h, 3050F3B3h, 11CF98B5h
dd 0AA0082BBh, 0BCEBD00h, 3050F3BBh, 11CF98B5h, 0AA0082BBh
dd 0BCEBD00h, 0DE5BF786h, 11D2477Ah, 0C0009D83h, 0D018D94Fh
dd 4657278Bh, 11D2411Bh, 0C0009A83h, 0D018D94Fh, 4657278Ah
dd 11D2411Bh, 0C0009A83h, 0D018D94Fh, 12518492h, 11D200B2h
dd 349EA59Fh, 53415220h, 0FFB8655Fh, 4FCE81B9h, 6B9A9CB8h
dd 0E7136DA7h, 12518493h, 11D200B2h, 349EA59Fh, 53415220h
dd 0E700BE1h, 11D19DB6h, 0C000CEA1h, 135DD74Fh, 49691C90h
dd 101A7E17h, 81CA9h, 0A9CD2E2Bh, 9B174B35h, 11D240FFh
dd 0C0007EA2h, 7108C34Fh, 0AEAC19E4h, 450889AEh, 86BBB7B9h
dd 0EDE2BE7Ah, 56A3372Eh, 11D2CE9Ch, 60000E9Fh, 0F686C697h
dd 0F2275480h, 4291F782h, 36F194BDh, 0EC3A5193h, 9B174B34h
dd 11D240FFh, 0C0007EA2h, 7108C34Fh, 328D8B21h, 4BFC7729h
dd 2B904C95h, 0B0569D32h, 9B174B33h, 11D240FFh, 0C0007EA2h
dd 7108C34Fh, 14B81DA1h, 4D310135h, 0BF6CD996h, 991A67C9h
dd 0B725F130h, 101A47EFh, 6002F1A5h, 0ACEB9E8Ch, 28636AA6h
dd 11D2953Dh, 0C000D6B5h, 0D018D94Fh, 93F2F68Ch, 11D31D1Bh
dd 0C0000EA3h, 0D1AB794Fh, 7057E952h, 11D1BD1Bh, 0C0001989h
dd 36C8C24Fh, 0CFCCC7A0h, 11D1A282h, 60008290h, 82930508h
dd 2CE4B5D8h, 11D2A28Fh, 0C000C586h, 99EA8E4Fh, 178F34B8h
dd 11D2A282h, 0C000C586h, 99EA8E4Fh, 1E796980h, 11D19CC5h
dd 0C0003FA8h, 619DC94Fh, 0FB700430h, 11D1952Ch, 6F94h
dd 0
dd 93A68750h, 11D1951Ah, 6F94h, 0
dd 0D2E74C4h, 11D23C34h, 0C0007EA2h, 7108C34Fh, 24F14F02h
dd 11D17B1Ch, 8F83h, 0CF6104F8h, 24F14F01h, 11D17B1Ch
dd 8F83h, 0CF6104F8h, 0E8025004h, 11D21C42h, 0A0002CBEh
dd 0A13DA8C9h, 0A07034FDh, 49546CAAh, 0A2973FACh, 8AF91672h
dd 0C46CA590h, 11D23C3Fh, 0E6BEh, 57CA05F8h, 0D2A105C0h
dd 11D187D5h, 9183h, 0CF6104F8h, 74C26041h, 11D170D1h
dd 0A0005AB7h, 0FE6405C9h, 0B22754E2h, 11D14574h, 60008898h
dd 0F9ACDE97h, 52502EE0h, 11D0EC80h, 0C000AB89h, 2D97C24Fh
dd 0F490EB00h, 11D11240h, 60008898h, 0F9ACDE97h, 75048700h
dd 11D0EF1Fh, 60008898h, 0F9ACDE97h, 0B091E540h, 11CF83E3h
dd 200013A7h, 6297D7AFh, 4C96BE40h, 11CF915Ch, 0AA00D399h
dd 37E84A00h, 0EBBC7C04h, 11D2315Eh, 60002FB6h, 0D45BDF97h
dd 0F8383852h, 11D1FCD3h, 6000B9A6h, 0D45BDF97h, 6935DB93h
dd 4CCC21E8h, 0E39FB9BEh, 7A297AC7h, 0BB2765h, 11D06A77h
dd 0C00035A5h, 62D0D74Fh, 6756A641h, 11D0DE71h, 0AA001B83h
dd 83435B00h, 3C036F1h, 11D0A186h, 0AA004A82h, 83435B00h
dd 0BB2764h, 11D06A77h, 0C00035A5h, 62D0D74Fh, 0BB2763h
dd 11D06A77h, 0C00035A5h, 62D0D74Fh, 91956D21h, 11D19276h
dd 60001A92h, 0D45BDF97h, 470141A0h, 11D25186h, 6000B6BBh
dd 4C467B97h, 77A130B0h, 11D094FDh, 0C00044A5h, 62D0D74Fh
dd 0BB2761h, 11D06A77h, 0C00035A5h, 62D0D74Fh, 0BB2760h
dd 11D06A77h, 0C00035A5h, 62D0D74Fh, 0CFBFAE00h, 11D017A6h
dd 0C000CB99h, 9744D64Fh, 3C374A40h, 11CFBAE4h, 0AA007DBFh
dd 0EE466900h, 0CABB0DA0h, 11CFDA57h, 20007499h, 6297D7AFh
dd 0FBF23B80h, 101BE3F0h, 0AA008884h, 0F8563E00h, 0FBF23B40h
dd 101BE3F0h, 0AA008884h, 0F8563E00h, 0D82BE2B1h, 11D05764h
dd 0C0006EA9h, 0A205D74Fh, 49C3DE7Ch, 11D0D329h, 0C00073ABh
dd 803EC34Fh, 8EEFA624h, 445BD1E9h, 0FB74B794h, 1AA12ECEh
dd 8BEBB290h, 11D052D0h, 0C000F4B7h, 0EC06D74Fh, 65F125E5h
dd 48107BE1h, 71D29DBAh, 0E32C43C8h, 137E7700h, 11CF3573h
dd 869AEh, 62122E2Bh, 0E1FA5E0h, 11CF3573h, 869AEh, 62122E2Bh
dd 89000C0h, 11CF3573h, 869AEh, 62122E2Bh, 57D0E0h, 11CF3573h
dd 869AEh, 62122E2Bh, 710EB7A0h, 11D045EDh, 20004A92h
dd 4DACC7AFh, 7FE80CC8h, 11D0C247h, 0A0003AB9h, 0E11203C9h
dd 5B4DAE26h, 11D0B807h, 0C0001598h, 7219D94Fh, 4AF07F10h
dd 11D0D231h, 0A00042B9h, 0E11203C9h, 6D12FE80h, 11CF7911h
dd 3495h, 0BAE5BC0h, 0BCFCE0A0h, 11D0EC17h, 0A000108Dh
dd 19270FC9h, 1EBDCF80h, 11D0A200h, 0C000A4A3h, 0EC06D74Fh
dd 6DFD582Bh, 11D192E3h, 0C000A398h, 0DA87B64Fh, 48C8118Ch
dd 11D1B924h, 0C000D598h, 0DA87B64Fh, 4EA39266h, 409F7211h
dd 3DF622B6h, 33C516BDh, 85788D00h, 11D06807h, 0C00010B8h
dd 0EC06D74Fh, 0F10B5E34h, 42A7DD3Bh, 4E2F7DAAh, 9BB04BC5h
dd 63B51F81h, 11D0C868h, 0C0009C99h, 0E155D64Fh, 0CEF04FDFh
dd 11D2FE72h, 0C000A587h, 0CF37684Fh, 2047E320h, 11CEF2A9h
dd 865AEh, 62122E2Bh, 10339516h, 11D22894h, 0C0003990h
dd 3EEB8E4Fh, 0C6C4200h, 11D0C589h, 0C0009A99h, 0E155D64Fh
dd 7D688A70h, 11D0C613h, 0C0009B99h, 0E155D64Fh, 47D2657Ah
dd 11D07B27h, 0A000A98Ch, 0E8BF2DC9h, 2A342FC2h, 11D07B26h
dd 0A000A98Ch, 0E8BF2DC9h, 0F1DB8392h, 11D07331h, 0A000998Ch
dd 0E8BF2DC9h, 68284FAAh, 11D06A48h, 0C000788Ch, 0B418D94Fh
dd 0E773F1AFh, 48663A65h, 6F847D85h, 8A59C4C9h, 0AFACED1h
dd 11D1E828h, 32B58791h, 5D57E9F1h, 985F64F0h, 4E02D410h
dd 7DA22BEh, 0E1C5B5F2h, 0ADD8BA80h, 11D0002Bh, 0C0000F8Fh
dd 62D0D74Fh, 5EE44DA4h, 46E36D32h, 5407BC86h, 0E0D0ED0Dh
dd 9F656A2h, 480C41AFh, 0CC16F788h, 1546160Dh, 0AC60F6A0h
dd 11D00FD9h, 0C000CB99h, 9744D64Fh, 5CD52983h, 11D29449h
dd 0C0003A96h, 0F0AD794Fh, 45E2B4AEh, 11D0B1C3h, 0A0002FB9h
dd 0E11203C9h, 88E39E80h, 11CF3578h, 869AEh, 62122E2Bh
dd 8BCE1FA1h, 101B0921h, 0DD00FFB1h, 48CC0C01h, 21500h
dd 0
dd 0C0h, 46000000h, 214FEh, 0
dd 0C0h, 46000000h, 214FCh, 0
dd 0C0h, 46000000h, 214FBh, 0
dd 0C0h, 46000000h, 214FAh, 0
dd 0C0h, 46000000h, 214F9h, 0
dd 0C0h, 46000000h, 214F8h, 0
dd 0C0h, 46000000h, 214F7h, 0
dd 0C0h, 46000000h, 214F6h, 0
dd 0C0h, 46000000h, 214F5h, 0
dd 0C0h, 46000000h, 214F4h, 0
dd 0C0h, 46000000h, 214F3h, 0
dd 0C0h, 46000000h, 214F2h, 0
dd 0C0h, 46000000h, 214F1h, 0
dd 0C0h, 46000000h, 214F0h, 0
dd 0C0h, 46000000h, 214EFh, 0
dd 0C0h, 46000000h
dword_40AD90 dd 214EEh, 0 dd 0C0h, 46000000h, 214EDh, 0
dd 0C0h, 46000000h, 214ECh, 0
dd 0C0h, 46000000h, 214EBh, 0
dd 0C0h, 46000000h, 214EAh, 0
dd 0C0h, 46000000h, 214E9h, 0
dd 0C0h, 46000000h, 214E8h, 0
dd 0C0h, 46000000h, 214E6h, 0
dd 0C0h, 46000000h, 214E5h, 0
dd 0C0h, 46000000h, 214E4h, 0
dd 0C0h, 46000000h, 214E3h, 0
dd 0C0h, 46000000h, 214E2h, 0
dd 0C0h, 46000000h, 214E1h, 0
dd 0C0h, 46000000h, 214D3h, 0
dd 0C0h, 46000000h, 214D2h, 0
dd 0C0h, 46000000h, 214D1h, 0
dd 0C0h, 46000000h, 214D0h, 0
dd 0C0h, 46000000h, 214A1h, 0
dd 0C0h, 46000000h, 214A0h, 0
dd 0C0h, 46000000h, 21494h, 0
dd 0C0h, 46000000h, 21493h, 0
dd 0C0h, 46000000h, 21492h, 0
dd 0C0h, 46000000h, 21491h, 0
dd 0C0h, 46000000h, 21490h, 0
dd 0C0h, 46000000h, 450D8FBAh, 11D0AD25h, 8A898h, 3111B36h
dd 2227A280h, 10693AEAh, 8DEA2h, 9D30302Bh, 21EC2020h
dd 10693AEAh, 8DDA2h, 9D30302Bh, 645FF040h, 101B5081h
dd 0AA00089Fh, 4E952F00h, 0F3364BA0h, 11CE65B9h, 0AA00BAA9h
dd 37E84A00h, 871C5380h, 106942A0h, 8EAA2h, 9D30302Bh
dd 20D04FE0h, 10693AEAh, 8D8A2h, 9D30302Bh, 54A754C0h
dd 11D14BF0h, 0A000EE83h, 49C80DC9h, 0C0542A90h, 11D14BF0h
dd 0A000EE83h, 49C80DC9h, 46E06680h, 11D14BF0h, 0A000EE83h
dd 49C80DC9h, 208D2C60h, 10693AEAh, 8D7A2h, 9D30302Bh
dword_40AFC0 dd 21401h, 0 dd 0C0h, 46000000h, 21400h, 0
dd 0C0h, 46000000h, 34h, 0
dd 0C0h, 46000000h, 72380D55h, 43A38D2Bh, 6E2B1385h, 0E93414F3h
dd 1CEh, 0
dd 0C0h, 46000000h, 1D4h, 0
dd 0C0h, 46000000h, 1D5h, 0
dd 0C0h, 46000000h, 1C6h, 0
dd 0C0h, 46000000h, 1C0h, 0
dd 0C0h, 46000000h, 1C1h, 0
dd 0C0h, 46000000h, 947990DEh, 11D2CC28h, 8000F7A0h, 0B18F855Fh
dd 969DC708h, 11D15C76h, 868Dh, 57B004F8h, 0DB2F3ACFh
dd 11D12F86h, 0C000048Eh, 9A98B94Fh, 0DB2F3ACEh, 11D12F86h
dd 0C000048Eh, 9A98B94Fh, 0DB2F3ACDh, 11D12F86h, 0C000048Eh
dd 9A98B94Fh, 0DB2F3ACCh, 11D12F86h, 0C000048Eh, 9A98B94Fh
dd 0DB2F3ACBh, 11D12F86h, 0C000048Eh, 9A98B94Fh, 0DB2F3ACAh
dd 11D12F86h, 0C000048Eh, 9A98B94Fh, 148h, 0
dd 0C0h, 46000000h, 147h, 0
dd 0C0h, 46000000h, 145h, 0
dd 0C0h, 46000000h, 26h, 0
dd 0C0h, 46000000h, 2Bh, 0
dd 0C0h, 46000000h, 0EB0CB9E8h, 11D27996h, 2E87h, 590808F8h
dd 149h, 0
dd 0C0h, 46000000h, 1C733A30h, 11CE2A1Ch, 0AA00E5ADh, 3D774400h
dd 2Ah, 0
dd 0C0h, 46000000h, 29h, 0
dd 0C0h, 46000000h, 25h, 0
dd 0C0h, 46000000h, 33h, 0
dd 0C0h, 46000000h, 32h, 0
dd 0C0h, 46000000h, 31h, 0
dd 0C0h, 46000000h, 30h, 0
dd 0C0h, 46000000h, 0E6D4D92h, 11CF6738h, 0AA000896h, 0B40D6800h
dd 146h, 0
dd 0C0h, 46000000h, 22h, 0
dd 0C0h, 46000000h, 8D19C834h, 11D18879h, 0C000E983h, 0D4C6C24Fh
dd 0BC0BF6AEh, 11D18878h, 0C000E983h, 0D4C6C24Fh, 30F3D47Ah
dd 11D16447h, 0C0003C8Eh, 6D38B94Fh, 0E6D4D90h, 11CF6738h
dd 0AA000896h, 0B40D6800h, 0A9D758A0h, 11CF4617h, 0AA00FC95h
dd 0B40D6800h, 99CAF010h, 11CF415Eh, 0AA001488h, 0F569B500h
dd 144h, 0
dd 0C0h, 46000000h, 140h, 0
dd 0C0h, 46000000h, 13Eh, 0
dd 0C0h, 46000000h, 13Dh, 0
dd 0C0h, 46000000h, 1008C4A0h, 11CF7613h, 2000F19Ah, 0F4726EAFh
dd 0D5F569D0h, 101A593Bh, 869B5h, 7ABF2D2Bh, 0D5F56AFCh
dd 101A593Bh, 869B5h, 7ABF2D2Bh, 0D5F56A34h, 101A593Bh
dd 869B5h, 7ABF2D2Bh, 58A08519h, 493524C8h, 0D83F82B4h
dd 4F3A3323h, 25B15600h, 11D00115h, 0AA000DBFh, 0D2DFB800h
dd 0A5029FB6h, 11D13C34h, 0C000999Ch, 0AA98B94Fh, 594F31D0h
dd 11D07F19h, 0A00094B1h, 0BFC80DC9h, 0D5F56B60h, 101A593Bh
dd 869B5h, 7ABF2D2Bh, 16h, 0
dd 0C0h, 46000000h, 110h, 0
dd 0C0h, 46000000h, 10Eh, 0
dd 0C0h, 46000000h, 151h, 0
dd 0C0h, 46000000h, 125h, 0
dd 0C0h, 46000000h, 150h, 0
dd 0C0h, 46000000h, 10Fh, 0
dd 0C0h, 46000000h, 12h, 0
dd 0C0h, 46000000h, 105h, 0
dd 0C0h, 46000000h, 103h, 0
dd 0C0h, 46000000h, 0Ah, 0
dd 0C0h, 46000000h, 10Ah, 0
dd 0C0h, 46000000h
dword_40B3F0 dd 10Bh, 0 dd 0C0h, 46000000h, 0Bh, 0
dd 0C0h, 46000000h, 0Dh, 0
dd 0C0h, 46000000h, 0Ch, 0
dd 0C0h, 46000000h, 0C733A30h, 11CE2A1Ch, 0AA00E5ADh, 3D774400h
dd 101h, 0
dd 0C0h, 46000000h, 0F29F6BC0h, 11CE5021h, 15AAh, 3F290169h
dd 0Fh, 0
dd 0C0h, 46000000h, 109h, 0
dd 0C0h, 46000000h, 10Ch, 0
dd 0C0h, 46000000h, 10h, 0
dd 0C0h, 46000000h, 126h, 0
dd 0C0h, 46000000h, 102h, 0
dd 0C0h, 46000000h, 0Eh, 0
dd 0C0h, 46000000h, 100h, 0
dd 0C0h, 46000000h, 21h, 0
dd 0C0h, 46000000h, 0E0020h, 0
dd 0C0h, 46000000h, 20h, 0
dd 0C0h, 46000000h, 19h, 0
dd 0C0h, 46000000h, 18h, 0
dd 0C0h, 46000000h, 1Dh, 0
dd 0C0h, 46000000h, 2, 0
dd 0C0h, 46000000h, 1CFh, 0
dd 0C0h, 46000000h, 3, 0
dd 0C0h, 46000000h, 0B64Ch, 2 dup(0)
dd 0B90Eh, 9028h, 0B8B0h, 2 dup(0)
dd 0B95Eh, 928Ch, 0B684h, 2 dup(0)
dd 0BDF8h, 9060h, 0B7B0h, 2 dup(0)
dd 0C20Ah, 918Ch, 0B660h, 2 dup(0)
dd 0C29Ch, 903Ch, 0B624h, 2 dup(0)
dd 0C33Ch, 9000h, 0B794h, 2 dup(0)
dd 0C3C8h, 9170h, 0B8C0h, 2 dup(0)
dd 0C40Ah, 929Ch, 5 dup(0)
dd 0C2A6h, 0C2C4h, 0C2D2h, 0C2E2h, 0C32Ah, 0C318h, 0C306h
dd 0C2F2h, 0C2B6h, 0
dd 80000011h, 0B8E4h, 0B8D0h, 0B8FAh, 0
dd 0C27Eh, 0C26Eh, 0C258h, 0C242h, 0C236h, 0C226h, 0C28Eh
dd 0C216h, 0
dd 0BA68h, 0BA7Ah, 0BA8Ah, 0BA9Eh, 0BAAEh, 0BAC4h, 0BADAh
dd 0BAF6h, 0BB10h, 0BB1Ch, 0BB2Ah, 0BB38h, 0BB4Eh, 0BB60h
dd 0BB6Eh, 0BB82h, 0BB96h, 0BBA2h, 0BBAEh, 0BBC6h, 0BBDCh
dd 0BBE4h, 0BBF4h, 0BC02h, 0BC18h, 0BA58h, 0BC3Ah, 0BC4Eh
dd 0BC5Ah, 0BC66h, 0BC78h, 0BC90h, 0BCA0h, 0BCACh, 0BCC4h
dd 0BCD8h, 0BCE8h, 0BCF6h, 0BD04h, 0BD14h, 0BD26h, 0BD32h
dd 0BD40h, 0BD54h, 0BD64h, 0BD76h, 0BD86h, 0BD9Ch, 0BDB2h
dd 0BDC6h, 0BDD6h, 0BDE6h, 0B96Ah, 0B974h, 0BA46h, 0BA38h
dd 0B982h, 0BA22h, 0BA04h, 0B9E8h, 0B9DCh, 0B9D0h, 0B9BEh
dd 0B9B2h, 0B9A2h, 0B990h, 0BC2Ch, 0
dd 0C35Eh, 0C386h, 0C39Ch, 0C3AAh, 0C34Ah, 0C36Eh, 0
dd 0BF54h, 0BF66h, 0BF78h, 0BF84h, 0BF94h, 0BFAAh, 0BFBAh
dd 0BFC6h, 0BFD4h, 0BFE6h, 0BFF4h, 0C000h, 0C012h, 0C026h
dd 0C03Ch, 0C04Eh, 0C05Eh, 0C070h, 0C082h, 0C090h, 0C0A2h
dd 0C0B6h, 0C0C8h, 0C0D8h, 0C0EAh, 0C0FAh, 0C108h, 0C11Ah
dd 0C12Eh, 0C13Ah, 0C14Ah, 0C15Ch, 0C16Ch, 0C17Eh, 0C18Eh
dd 0C1A0h, 0C1B8h, 0C1CAh, 0C1DCh, 0C1EEh, 0C1FCh, 0BF3Eh
dd 0BF30h, 0BF24h, 0BF18h, 0BF02h, 0BEF2h, 0BEE6h, 0BED8h
dd 0BEC6h, 0BEB8h, 0BEB0h, 0BEA0h, 0BE90h, 0BE7Ch, 0BE6Ah
dd 0BE5Ah, 0BE48h, 0BE2Ah, 0BE1Eh, 0BE12h, 0BE06h, 0BE3Ah
dd 0
dd 0B944h, 0B92Eh, 0B91Ch, 0
dd 0C3E8h, 0C3FAh, 0C3D4h, 0
dd 6D490038h, 4C656761h, 5F747369h, 74736544h, 796F72h
dd 6D490034h, 4C656761h, 5F747369h, 4D646441h, 656B7361h
dd 370064h, 67616D49h, 73694C65h, 72435F74h, 65746165h
dd 4F430000h, 4C54434Dh, 642E3233h, 6C6Ch, 6556000Ah, 65755172h
dd 61567972h, 4165756Ch, 0
aGetfileversion db 'GetFileVersionInfoA',0
db 1
align 2
aGetfileversi_0 db 'GetFileVersionInfoSizeA',0
aVersion_dll db 'VERSION.dll',0
dw 26Ah
aMuldiv db 'MulDiv',0
align 4
db '|',0
aDeletefilea db 'DeleteFileA',0
dw 1F5h
aGlobalfree db 'GlobalFree',0
align 10h
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindclose db 'FindClose',0
dw 30Eh
aSetfilepointer db 'SetFilePointer',0
align 10h
db 0A9h ;
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 94h ;
db 3, 57h, 72h
aItefile db 'iteFile',0
db 94h ;
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileStringA',0
align 4
db 99h ;
db 3, 57h, 72h
aIteprivateprof db 'itePrivateProfileStringA',0
align 2
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
aQ db '',0
aFreelibrary db 'FreeLibrary',0
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 6F4600EAh, 74616D72h
dd 7373654Dh, 41656761h, 1690000h, 4C746547h, 45747361h
dd 726F7272h, 1770000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 3080000h, 45746553h, 726F7272h, 65646F4Dh
dd 1520000h
aGetexitcodepro db 'GetExitCodeProcess',0
align 4
db 83h ;
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 150h
aGetenvironment db 'GetEnvironmentVariableA',0
db 0B3h ;
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
a__0 db '.',0
aClosehandle db 'CloseHandle',0
dw 312h
aSetfiletime db 'SetFileTime',0
db 56h ; V
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
a3 db '3',0
aComparefiletim db 'CompareFileTime',0
dd 655302CEh, 68637261h, 68746150h, 1AD0041h
aGetshortpathna db 'GetShortPathNameA',0
dw 161h
aGetfullpathnam db 'GetFullPathNameA',0
align 2
dw 264h
aMovefilea db 'MoveFileA',0
dw 3ADh
aLstrcata db 'lstrcatA',0
align 2
dw 2FDh
aSetcurrentdire db 'SetCurrentDirectoryA',0
align 2
dw 30Ch
aSetfileattri_1 db 'SetFileAttributesA',0
align 4
dd 6C530347h, 706565h, 654701D5h, 63695474h, 756F436Bh
dd 746Eh, 6547015Bh, 6C694674h, 7A695365h, 1750065h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
aE db 'E',0
aCreatedirect_0 db 'CreateDirectoryA',0
align 4
aP db '',0
aExitprocess db 'ExitProcess',0
dw 13Ah
aGetcurrentproc db 'GetCurrentProcess',0
db '=',0
aCopyfilea db 'CopyFileA',0
dw 3B9h
aLstrcpyna db 'lstrcpynA',0
dw 108h
aGetcommandline db 'GetCommandLineA',0
db 0E9h ;
db 1, 47h, 65h
aTwindowsdirect db 'tWindowsDirectoryA',0
align 10h
db 0CBh ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 10h
db 0B6h ;
db 3, 6Ch, 73h
aTrcpya db 'trcpyA',0
align 4
db 0DAh ;
db 1, 47h, 65h
aTuserdefaultla db 'tUserDefaultLangID',0
align 4
db 45h ; E
db 1, 47h, 65h
aTdiskfreespace db 'tDiskFreeSpaceA',0
dd 6C470200h, 6C61626Fh, 6F6C6E55h, 6B63h, 6C4701F9h, 6C61626Fh
dd 6B636F4Ch, 1EE0000h, 626F6C47h, 6C416C61h, 636F6Ch
dd 72430069h, 65746165h, 65726854h, 6461h, 72430060h, 65746165h
dd 636F7250h, 41737365h, 3BC0000h, 7274736Ch, 416E656Ch
dd 4D0000h, 61657243h, 69466574h, 41656Ch, 654701C9h, 6D655474h
dd 6C694670h, 6D614E65h, 4165h, 65530303h, 646E4574h, 6946664Fh
dd 656Ch, 6E550363h, 5670616Dh, 4F776569h, 6C694666h, 25E0065h
dd 5670614Dh, 4F776569h, 6C694666h, 4E0065h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db 0B9h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 2B8h
aRemovedirector db 'RemoveDirectoryA',0
align 2
dw 37Bh
aVirtualquery db 'VirtualQuery',0
align 2
dw 226h
aIsbadcodeptr db 'IsBadCodePtr',0
align 2
dw 249h
aLoadlibraryexa db 'LoadLibraryExA',0
align 4
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
db '',0
aEndpaint db 'EndPaint',0
align 2
db '',0
aDrawtexta db 'DrawTextA',0
aT db '',0
aFillrect db 'FillRect',0
align 2
dw 0FFh
aGetclientrect db 'GetClientRect',0
db 0Dh,0
aBeginpaint db 'BeginPaint',0
align 4
aO db '',0
aDefwindowproca db 'DefWindowProcA',0
align 2
dw 23Bh
aSendmessagea db 'SendMessageA',0
align 2
dw 193h
aInvalidaterect db 'InvalidateRect',0
align 4
aB db '',0
aDispatchmessag db 'DispatchMessageA',0
align 10h
dd 655001FFh, 654D6B65h, 67617373h, 4165h, 6E4500C4h, 656C6261h
dd 646E6957h, 776Fh, 6547010Ch, 434474h, 6F4C01BFh, 6D496461h
dd 41656761h, 2800000h, 57746553h, 6F646E69h, 6E6F4C77h
dd 4167h, 65470111h, 676C4474h, 6D657449h, 1AD0000h, 69577349h
dd 776F646Eh, 0E40000h, 646E6946h, 646E6957h, 7845776Fh
dd 23E0041h
aSendmessagetim db 'SendMessageTimeoutA',0
dd 737702D6h, 6E697270h, 416674h, 6843002Dh, 72507261h
dd 417665h, 68530292h, 6957776Fh, 776F646Eh, 2570000h
aSetforegroundw db 'SetForegroundWindow',0
db 3
db 2, 50h, 6Fh
aStquitmessage db 'stQuitMessage',0
dw 286h
aSetwindowtexta db 'SetWindowTextA',0
align 4
db 7Ah ; z
db 2, 53h, 65h
aTtimer db 'tTimer',0
align 4
aS_0 db '',0
aDestroywindow db 'DestroyWindow',0
aU db 'U',0
aCreatedialogpa db 'CreateDialogParamA',0
align 2
aS_1 db '',0
aExitwindowsex db 'ExitWindowsEx',0
db '*',0
aCharnexta db 'CharNextA',0
dw 15Ah
aGetsyscolor db 'GetSysColor',0
dd 6547016Eh, 6E695774h, 4C776F64h, 41676E6Fh, 1B90000h
dd 64616F4Ch, 73727543h, 41726Fh, 6553024Dh, 72754374h
dd 726F73h, 68430038h, 446B6365h, 7542676Ch, 6E6F7474h
dd 0F20000h, 41746547h, 636E7973h, 5379654Bh, 65746174h
dd 1A30000h
aIsdlgbuttonche db 'IsDlgButtonChecked',0
align 4
db 31h ; 1
db 2, 53h, 63h
aReentoclient db 'reenToClient',0
align 2
dw 13Ch
aGetmessagepos db 'GetMessagePos',0
db 1Bh,0
aCallwindowproc db 'CallWindowProcA',0
db 0B1h ;
db 1, 49h, 73h
aWindowvisible db 'WindowVisible',0
dw 1B7h
aLoadbitmapa db 'LoadBitmapA',0
aB_0 db 'B',0
aCloseclipboard db 'CloseClipboard',0
align 2
dw 24Ah
aSetclipboardda db 'SetClipboardData',0
align 2
db '',0
aEmptyclipboard db 'EmptyClipboard',0
align 4
db 0F5h ;
db 1, 4Fh, 70h
aEnclipboard db 'enClipboard',0
db 0A4h ;
db 2, 54h, 72h
aAckpopupmenu db 'ackPopupMenu',0
align 2
dw 174h
aGetwindowrect db 'GetWindowRect',0
db 8,0
aAppendmenua db 'AppendMenuA',0
db '^',0
aCreatepopupmen db 'CreatePopupMenu',0
dw 15Dh
aGetsystemmetri db 'GetSystemMetrics',0
align 2
db '',0
aEnddialog db 'EndDialog',0
dw 247h
aSetclasslonga db 'SetClassLongA',0
dw 1AEh
aIswindowenable db 'IsWindowEnabled',0
db 83h ;
db 2, 53h, 65h
aTwindowpos db 'tWindowPos',0
align 4
aU_0 db '',0
aDialogboxparam db 'DialogBoxParamA',0
dw 0F6h
aGetclassinfoa db 'GetClassInfoA',0
db '`',0
aCreatewindowex db 'CreateWindowExA',0
db 99h ;
db 2, 53h, 79h
aStemparameters db 'stemParametersInfoA',0
dd 65520216h, 74736967h, 6C437265h, 41737361h, 2530000h
dd 44746553h, 7449676Ch, 65546D65h, 417478h, 65470113h
dd 676C4474h, 6D657449h, 74786554h, 1DE0041h, 7373654Dh
dd 42656761h, 41786Fh, 767702D8h, 69727073h, 4166746Eh
dd 53550000h, 32335245h, 6C6C642Eh, 20E0000h, 656C6553h
dd 624F7463h, 7463656Ah, 23C0000h, 54746553h, 43747865h
dd 726F6C6Fh, 2160000h, 42746553h, 646F4D6Bh, 3A0065h
aCreatefontindi db 'CreateFontIndirectA',0
db ')',0
aCreatebrushind db 'CreateBrushIndirect',0
aP_0 db '',0
aDeleteobject db 'DeleteObject',0
align 2
dw 16Bh
aGetdevicecaps db 'GetDeviceCaps',0
dw 215h
aSetbkcolor db 'SetBkColor',0
align 4
aGdi32_dll db 'GDI32.dll',0
dw 1D0h
aRegdeletekeya db 'RegDeleteKeyA',0
dw 1C9h
aRegclosekey db 'RegCloseKey',0
dd 655201D5h, 756E4567h, 79654B6Dh, 1E20041h, 4F676552h
dd 4B6E6570h, 78457965h, 1D90041h, 45676552h, 566D756Eh
dd 65756C61h, 1EC0041h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 1F90000h, 53676552h, 61567465h, 4565756Ch
dd 4178h, 655201CDh, 65724367h, 4B657461h, 78457965h, 1D20041h
dd 44676552h, 74656C65h, 6C615665h, 416575h, 41564441h
dd 32334950h, 6C6C642Eh, 9A0000h, 69464853h, 704F656Ch
dd 74617265h, 416E6F69h, 1060000h, 6C656853h, 6578456Ch
dd 65747563h, 0BB0041h
aShgetpathfromi db 'SHGetPathFromIDListA',0
align 2
aY db 'y',0
aShbrowseforfol db 'SHBrowseForFolderA',0
align 4
db '',0
aShgetmalloc db 'SHGetMalloc',0
db '',0
aShgetspecialfo db 'SHGetSpecialFolderLocation',0
align 4
aShell32_dll db 'SHELL32.dll',0
dd 6F430010h, 61657243h, 6E496574h, 6E617473h, 6563h, 6C4F0104h
dd 696E5565h, 6974696Eh, 7A696C61h, 0ED0065h, 49656C4Fh
dd 6974696Eh, 7A696C61h, 6C6F0065h, 2E323365h, 6C6C64h
dd 53445352h, 2F6D8C65h, 4C098DECh, 0D6580793h, 8AF538A6h
dd 1
aDCmBuildPublic db 'd:\cm\build\public\NSIS.9d_GM_TB.060407\sdks\nullsoft\nsis\src\So'
db 'urce\exehead\Release-zlib\exehead_zlib.pdb',0
_rdata ends
; Section 3. (virtual address 0000D000)
; Virtual size : 00027234 ( 160308.)
; Section size in file : 00027234 ( 160308.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 40D000h
off_40D000 dd offset dword_434200 ; DATA XREF: sub_40161F:loc_402586�o
dd offset sub_4013E7
dword_40D008 dd 6 ; sub_40161F+10B�w
dword_40D00C dd 0FFFFFFFFh ; sub_4033FB+8�r ...
aANsisu__exe db 'A~NSISu_.exe',0 ; DATA XREF: start+30F�o
; start:loc_403D33�w
align 10h
dword_40D020 dd 0FFFFFFFFh ; sub_40550B+120�r ...
off_40D024 dd offset sub_40412D ; DATA XREF: sub_40550B+3D6�r
dd offset sub_404A08
dd offset sub_4044DD
dd offset sub_405176
dd offset sub_4043D2
dword_40D038 dd 0FFFFFFFFh ; sub_404921+90�r ...
dword_40D03C dd 6 ; sub_40161F:loc_401725�r ...
aRichedit20a db 'RichEdit20A',0 ; DATA XREF: sub_4059CE+1F2�o
; sub_4059CE+202�w ...
aRiched20_dll db 'RichEd20.dll',0 ; DATA XREF: sub_4059CE+1D3�o
; sub_4059CE+1E0�w
align 4
dword_40D05C dd 0FFFFFFFFh ; sub_4060D2:loc_4060EE�w ...
word_40D060 dw 0 ; DATA XREF: sub_406E81+49B�r
; sub_406E81+522�r ...
dw 1
dd 70003h, 1F000Fh, 7F003Fh, 1FF00FFh, 7FF03FFh, 1FFF0FFFh
dd 7FFF3FFFh, 0FFFFh
byte_40D084 db 9 ; DATA XREF: sub_406E81+178�o
; sub_406E81:loc_40703B�r
align 4
byte_40D088 db 5 ; DATA XREF: sub_406E81+1A9�o
; sub_406E81+1C2�r
align 4
dd 5 dup(0)
dword_40D0A0 dd 0 ; sub_40137E+58�r
dword_40D0A4 dd 77073096h dd 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh, 0E963A535h
dd 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh, 97D2D988h
dd 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h, 1DB71064h
dd 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh, 6DDDE4EBh
dd 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h, 0FD62F97Ah
dd 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h, 8D080DF5h
dd 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h, 3C03E4D1h
dd 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh, 42B2986Ch
dd 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h, 0DCD60DCFh
dd 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h, 0BFD06116h
dd 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh, 2802B89Eh
dd 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h, 58684C11h
dd 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h, 98D220BCh
dd 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h, 0E8B8D433h
dd 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h, 7F6A0DBBh
dd 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h, 1C6C6162h
dd 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh, 8208F4C1h
dd 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh, 0FCB9887Ch
dd 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h, 4DB26158h
dd 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h, 3DD895D7h
dd 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh, 0AD678846h
dd 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh, 0DD0D7CC9h
dd 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h, 5768B525h
dd 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh, 29D9C998h
dd 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h, 0B7BD5C3Bh
dd 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch, 74B1D29Ah
dd 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h, 0E3630B12h
dd 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh, 9309FF9Dh
dd 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h, 1E01F268h
dd 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h, 6E6B06E7h
dd 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh, 0F9B9DF6Fh
dd 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h, 0A1D1937Eh
dd 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h, 3FB506DDh
dd 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h, 41047A60h
dd 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h, 0CB61B38Ch
dd 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h, 0BB0B4703h
dd 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h, 2BB45A92h
dd 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh, 5BDEAE1Dh
dd 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah, 9C0906A9h
dd 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h, 0E2B87A14h
dd 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh, 7CDCEFB7h
dd 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h, 1FDA836Eh
dd 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h, 88085AE6h
dd 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh, 0F862AE69h
dd 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh, 4E048354h
dd 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh, 3E6E77DBh
dd 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h, 0A9BCAE53h
dd 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch, 0CABAC28Ah
dd 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h, 54DE5729h
dd 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h, 2A6F2B94h
dd 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_40D4A0 dd 0 ; sub_40161F+9C6�r ...
align 8
dword_40D4A8 dd 100h dup(0) ; sub_40161F+52D�o ...
byte_40D8A8 db 0 ; DATA XREF: sub_4014E1�o
; sub_40161F+2F0�o ...
align 4
dd 0FFh dup(0)
dword_40DCA8 dd 0 ; sub_40161F+11C2�o ...
dd 2FFh dup(0)
word_40E8A8 dw 0 ; DATA XREF: sub_40161F+112C�o
; sub_40161F+1137�w
align 4
dd 1FFh dup(0)
dword_40F0A8 dd 0 ; sub_40161F+C29�o
dd 3 dup(0)
dword_40F0B8 dd 0 byte_40F0BC db 0 ; DATA XREF: sub_40161F+C00�w
byte_40F0BD db 0 ; DATA XREF: sub_40161F+C12�w
byte_40F0BE db 0 ; DATA XREF: sub_40161F+C18�w
byte_40F0BF db 0 ; DATA XREF: sub_40161F+C1D�w
dd 0
dword_40F0C4 dd 8 dup(0) dword_40F0E4 dd 0 ; sub_401508:loc_401510�r ...
dword_40F0E8 dd 1000h dup(0) ; sub_403412+1F9�o
dword_4130E8 dd 2000h dup(0) dword_41B0E8 dd 10h dup(0) dword_41B128 dd 0 ; sub_403646+B8�o ...
aQNNullsoftinst db 'ᆳNullsoftInst.',0
align 10h
dd 0D2F618h, 80000A0Ch, 707B9AEDh, 0C71D5715h, 9080684Fh
dd 9008F07h, 692CC466h, 57A46909h, 0A5240520h, 13A04848h
dd 28481009h, 0BD86D305h, 966E4F7Bh, 0D9BBBDECh, 40937BDDh
dd 968A172Dh, 41DAD141h, 6A45AA99h, 0B58A671Dh, 8A031F53h
dd 0CB4CE94h, 42148A45h, 1D6D3B79h, 4B454E2Ch, 0A3A748EDh
dd 0FB9EFC44h, 0EE1B3DD8h, 30E7464Dh, 0FC3B21FEh, 3F677F66h
dd 0DFBFBE7Bh, 9CF67B39h, 8C437B3h, 21165221h, 2EFCE077h
dd 3E47F8CEh, 1B484A19h, 242ABFCEh, 0F787E3F1h, 0F56FAE24h
dd 1B8F4191h, 40B891DCh, 0FE9C65C8h, 0CE1D7286h, 93DDFA8Bh
dd 0E3FF20EEh, 607202E3h, 903745EDh, 0BF486C20h, 7CA1879Ch
dd 2F67992Eh, 0E76127CEh, 67616761h, 6F61A760h, 0AF83C6C1h
dd 0E5BE8923h, 7CA0E7EBh, 0B053E702h, 0C963B0A3h, 4DEF4CFAh
dd 7D738F9Ch, 0DA1FEEC0h, 0CA2E7EAFh, 0D9F5706Fh, 0F433E77Dh
dd 0EEB2615Bh, 16B96498h, 0DC873456h, 0B71F6E3Eh, 0A3E3FF8Fh
dd 9D1E7920h, 26C1E781h, 9FBCC490h, 6C14F8EEh, 34EEEC22h
dd 0E377CD8Ch, 0A624F60h, 0ED7927BDh, 0EA6F9993h, 0C91E3627h
dd 68B988BAh, 0E2B7C70Eh, 0E456A7Ch, 0B2757219h, 0FC7077C3h
dd 7B17CE12h, 5F23C94Ah, 0F14E165Ah, 80DE398Fh, 252BDB04h
dd 0BD1BD8F2h, 0C9AF8A56h, 0E04FF972h, 44AAFEFFh, 3ABB7E2Ah
dd 38FBE294h, 0FB930C3Eh, 1127E7CEh, 3B51F0BBh, 0B8868BC5h
dd 0DF7F855Ch, 0F7644995h, 8A689295h, 0FC7277h, 6579D3FCh
dd 5F2FD764h, 11F8A48Dh, 33A3178Eh, 2773BEAEh, 51C5F3D9h
dd 0DD777E4Eh, 0FE1B72E1h, 0B264CA43h, 0A764F56Eh, 9F8E26FEh
dd 0E5BDFE64h, 52A5F9A4h, 8E45FE27h, 32136457h, 79397677h
dd 8748C6FBh, 0F976CCCFh, 1F80h dup(0)
dword_423128 dd 0 ; sub_403412+EA�o
dword_42312C dd 0 dword_423130 dd 0 ; sub_403412+10A�r ...
dword_423134 dd 0 dword_423138 dd 0 dd 145h dup(0)
dword_423650 dd 0 dword_423654 dd 0 dd 5A0h dup(0)
dword_424CD8 dd 2000h dup(0) dword_42CCD8 dd 0 dword_42CCDC dd 0 dword_42CCE0 dd 0 align 8
dword_42CCE8 dd 12800h ; sub_403646+10F�r ...
dword_42CCEC dd 0 ; sub_40333D+52�r
dword_42CCF0 dd 45DD0h ; sub_403646+71�w ...
dword_42CCF4 dd 0 ; sub_40161F+49A�r ...
byte_42CCF8 db 0 ; DATA XREF: start+2F3�o start+303�w
byte_42CCF9 db 3 dup(0) ; DATA XREF: start+2EE�o
dd 1FCh dup(0)
db 0
dword_42D4ED dd 0 align 8
dword_42D4F8 dd 100h dup(0) dword_42D8F8 dd 0 ; sub_4040F9+26�w ...
dword_42D8FC dd 0 ; sub_40550B+1E5�w ...
dword_42D900 dd 0 ; sub_404A08+A3�w
dword_42D904 dd 0 ; sub_4044DD+2FD�r ...
dword_42D908 dd 100h dup(0) dword_42DD08 dd 0 ; sub_40550B+B0�r ...
dword_42DD0C dd 0 ; sub_404A08+C2�r ...
dword_42DD10 dd 0 ; sub_404A08:loc_404C08�r ...
dword_42DD14 dd 0 ; sub_40550B+36�r ...
byte_42DD18 db 0 ; DATA XREF: sub_405013+28�o
; sub_405013+CA�w
align 4
dd 1FFh dup(0)
dword_42E518 dd 400h dup(0) ; sub_4044DD+131�o ...
dword_42F518 dd 0 ; sub_403E7D+4�r ...
dword_42F51C dd 0 ; sub_4044DD+6�r ...
dword_42F520 dd 0 ; sub_40550B+141�w ...
dword_42F524 dd 0 ; sub_40412D+146�r ...
dword_42F528 dd 0 ; sub_40550B:loc_40599D�r ...
align 10h
dword_42F530 dd 0 ; sub_405C75+2B�o
dd 11h dup(0)
dword_42F578 dd 100h dup(0) dword_42F978 dd 0 ; sub_406326+C5�o
dd 0FFh dup(0)
dword_42FD78 dd 50h dup(0) dword_42FEB8 dd 100h dup(0) ; sub_406326+2A5�o ...
dword_4302B8 dd 100h dup(0) dword_4306B8 dd 100h dup(0) dword_430AB8 dd 0 ; sub_406326+185�w
align 10h
dword_430AC0 dd 0 ; sub_406E81+1CA�r
align 8
dword_430AC8 dd 0 ; sub_406B57+10B�o
dd 11Fh dup(0)
dword_430F48 dd 8Fh dup(0) dword_431184 dd 71h dup(0) dword_431348 dd 18h dup(0) dword_4313A8 dd 8 dup(0) dword_4313C8 dd 220h dup(0) ; sub_406E81+159�o ...
dword_431C48 dd 0 ; sub_406E81+1D2�r
byte_431C4C db 0 ; DATA XREF: sub_406E81:loc_406F92�r
; sub_406E81+1B3�w
align 10h
dword_431C50 dd 0 ; .text:00407C0B�r ...
dword_431C54 dd 0 ; .text:004085BD�r ...
dword_431C58 dd 0 ; .text:00407C45�r ...
dword_431C5C dd 0 ; .text:00407C7F�r ...
dword_431C60 dd 0 ; .text:00407CAB�r ...
dword_431C64 dd 0 ; .text:00408606�r ...
dword_431C68 dd 0 ; .text:00407D77�r ...
dword_431C6C dd 0 ; .text:00408649�r ...
dword_431C70 dd 0 ; .text:00407DAB�r ...
dword_431C74 dd 0 ; .text:0040869C�r ...
dword_431C78 dd 0 ; .text:00407DDB�r ...
dword_431C7C dd 0 ; .text:004086E8�r ...
dword_431C80 dd 0 ; .text:00407E74�r ...
dword_431C84 dd 0 ; .text:loc_408746�r ...
dword_431C88 dd 0 ; .text:00407EA4�r ...
dword_431C8C dd 0 ; .text:00407ED4�r ...
dword_431C90 dd 0 ; .text:00407F04�r ...
dword_431C94 dd 0 ; .text:00407F34�r ...
dword_431C98 dd 0 ; .text:00407E0B�r ...
dword_431C9C dd 0 ; .text:00407E48�r ...
dword_431CA0 dd 0 ; .text:00407F87�r ...
dword_431CA4 dd 0 ; .text:004080FB�r ...
dword_431CA8 dd 0 ; .text:00407CD4�r ...
dword_431CAC dd 0 ; .text:00407CF8�r ...
dword_431CB0 dd 0 ; .text:00407D1F�r ...
dword_431CB4 dd 0 ; .text:00407D4B�r ...
dword_431CB8 dd 0 ; .text:004081EF�r ...
dword_431CBC dd 0 ; .text:00408225�r ...
dword_431CC0 dd 0 ; .text:0040825B�r ...
dword_431CC4 dd 0 ; .text:00408291�r ...
dword_431CC8 dd 0 ; .text:004082C7�r ...
dword_431CCC dd 0 ; .text:00408354�r ...
dword_431CD0 dd 0 ; .text:00407F5F�r ...
dword_431CD4 dd 0 ; .text:00407FE6�r ...
dword_431CD8 dd 0 ; .text:00407FA4�r ...
dword_431CDC dd 0 ; .text:00408019�r ...
dword_431CE0 dd 0 ; .text:004082F5�r ...
dword_431CE4 dd 0 ; sub_40876F+87�w ...
dword_431CE8 dd 0 ; sub_40876F+8C�w ...
dword_431CEC dd 0 ; .text:00408090�r ...
dword_431CF0 dd 0 ; .text:004081AA�r ...
dword_431CF4 dd 0 ; sub_40876F+91�w ...
dword_431CF8 dd 0 ; .text:00408324�r ...
dword_431CFC dd 0 ; sub_4083A3+1B0�w ...
word_431D00 dw 0 ; DATA XREF: sub_4083A3:loc_40855E�w
; sub_408571+A�r ...
align 4
dword_431D04 dd 0 ; sub_4044DD+51�w ...
dd 6 dup(0)
aDeleteErrorDoe db 'Delete: ERROR -- "" does not exist. Skipping delete.',0
; DATA XREF: sub_4060D2+73�o
; sub_406171+9�o
align 4
dd 3F2h dup(0)
byte_432D20 db 0 ; DATA XREF: sub_40412D+1D7�o
; sub_4044DD+183�o ...
byte_432D21 db 3 dup(0) ; DATA XREF: sub_4059CE+66�o
dd 1FFh dup(0)
byte_433520 db 0 ; DATA XREF: sub_403F6C+27�o
; sub_4060D2+2D�r ...
align 4
dd 0FFh dup(0)
dword_433920 dd 0 dword_433924 dd 0 align 10h
dword_433930 dd 0 dword_433934 dd 0 dd 3 dup(0)
dword_433944 dd 0 ; sub_4059CE+20B�w
dword_433948 dd 0 ; sub_404419+85�r ...
dword_43394C dd 0 ; sub_405013+6�r ...
dword_433950 dd 0 ; sub_4059CE+FF�w
dword_433954 dd 0 ; sub_403E10+7�w ...
dword_433958 dd 0 ; sub_405176+78�w
dword_43395C dd 0 ; sub_40550B+3E0�r ...
dword_433960 dd 0 ; sub_405176+69�w ...
dword_433964 dd 0 ; sub_405176+A1�w
dword_433968 dd 0 ; sub_403FAC:loc_404026�r ...
dword_43396C dd 0 ; sub_4013E7+AF�r ...
dd 4 dup(0)
aNsisError db 'NSIS Error',0 ; DATA XREF: sub_401000+150�o start+34�o ...
align 4
dd 1FDh dup(0)
dword_434180 dd 0 ; sub_40161F+9�r ...
dword_434184 dd 400000h ; sub_403646+158�r ...
dword_434188 dd 0 ; sub_4012F3+6�r ...
dd 5 dup(0)
dword_4341A0 dd 0 ; sub_40550B+1F5�r
dword_4341A4 dd 0 ; sub_40550B+25E�r ...
dword_4341A8 dd 0 ; sub_4011EF+13�r ...
dword_4341AC dd 0 ; sub_40117D+64�r ...
dword_4341B0 dd 0 align 8
dword_4341B8 dd 0 ; sub_4059CE+3B�r ...
align 10h
dword_4341C0 dd 0 dword_4341C4 dd 0 dword_4341C8 dd 0 dd 3 dup(0)
dword_4341D8 dd 0 align 10h
dword_4341E0 dd 0 ; start+209�r ...
dword_4341E4 dd 0 ; sub_4013E7+57�r ...
dword_4341E8 dd 0 ; sub_403646:loc_4036C4�r ...
dword_4341EC dd 0 ; sub_404A08+465�w
dd 4 dup(0)
dword_434200 dd 0 ; sub_40161F:loc_4017D5�r ...
dword_434204 dd 0 ; sub_4015D6:loc_4015EB�r ...
dword_434208 dd 0 ; sub_40161F+681�w ...
dword_43420C dd 0 ; sub_4050EB:loc_405156�w ...
dword_434210 dd 0 dword_434214 dd 0 ; start:loc_403D4D�r
align 10h
dword_434220 dd 0 ; sub_4059CE+1B3�r ...
dword_434224 dd 0 dword_434228 dd 0 ; sub_405CED:loc_405D07�r
dword_43422C dd 0 ; start:loc_403DF7�r
dword_434230 dd 0 _data ends
; Section 4. (virtual address 00035000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00035000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_ndata segment para public 'BSS' use32
assume cs:_ndata
;org 435000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_435000 dd 0 ; sub_40161F+46�o ...
dd 13FFh dup(0)
byte_43A000 db 70h ; DATA XREF: sub_4038F2+28�o
; start:loc_4039E5�o ...
byte_43A001 db 61h, 63h, 6Bh ; DATA XREF: start+BB�o
db 65h ; e
db 64h, 2Eh, 65h
db 78h ; x
db 65h, 0, 5Ch
aMartim1Locals1 db 'MARTIM~1\LOCALS~1\Temp\nse2.tmp',0
dd 0F5h dup(0)
byte_43A400 db 0 ; DATA XREF: sub_40161F:loc_402E98�o
; start+256�o ...
align 4
dd 0FFh dup(0)
dword_43A800 dd 100h dup(0) ; sub_40161F:loc_401B5C�o ...
dword_43AC00 dd 6D5C3A43h, 706E755Fh, 656B6361h, 61700072h, 64656B63h
; DATA XREF: sub_403646+1F�o
dd 6578652Eh, 0FAh dup(0)
byte_43B000 db 0 ; DATA XREF: sub_403FAC�r
; sub_403FAC+10�o
align 4
dd 0FFh dup(0)
aCDocume1Martim db 'C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\',0 ; DATA XREF: sub_4038F2+1�o
; start+43�o ...
dd 0F7h dup(0)
dword_43B800 dd 200h dup(0) dword_43C000 dd 400h dup(0) _ndata ends
; Section 6. (virtual address 00044000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00044000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 444000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start